From c9f77ead6184231fcf8ec27274f52ed22bd40ace Mon Sep 17 00:00:00 2001
From: korenstin <korenstin@crans.org>
Date: Wed, 4 Dec 2024 23:01:57 +0100
Subject: [PATCH 1/7] Ajout configuration apprentix
---
.sops.yaml | 2 +
flake.lock | 8 +-
flake.nix | 7 +-
hosts/vm/apprentix/default.nix | 16 +
hosts/vm/apprentix/hardware-configuration.nix | 32 ++
hosts/vm/apprentix/networking.nix | 53 +++
secrets/common.yaml | 335 +++++++++---------
7 files changed, 285 insertions(+), 168 deletions(-)
create mode 100644 hosts/vm/apprentix/default.nix
create mode 100644 hosts/vm/apprentix/hardware-configuration.nix
create mode 100644 hosts/vm/apprentix/networking.nix
diff --git a/.sops.yaml b/.sops.yaml
index 386c2fc..43cc4a3 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,5 +1,6 @@
keys:
# Hosts keys are age keys derived from the host ssh key.
+ - &apprentix age1lwk9sry7f5cum8dx202lpp23l2q8l3gaju8626p54wn7t0y2wfes8tljs8
- &neo age1ed9esfstrdhfl3650mv4j3mjyum70245f903ye6g0f5t2ept73nqyksh3g
- &redite age1utlywxylme0z3jenv4uz8ftcwteg9877y3zf46fu7zwjjwa05g7q88w8t0
- &thot age18rv8q7stsn2zv4gxuj4g4ktkeywkg2wngtdwza858jjme8wdvp8s9hkx00
@@ -37,6 +38,7 @@ creation_rules:
- *_shirenn
- *_vanille
age :
+ - *apprentix
- *neo
- *redite
- *thot
diff --git a/flake.lock b/flake.lock
index f569c24..6faa731 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,16 +20,16 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1706826059,
- "narHash": "sha256-N69Oab+cbt3flLvYv8fYnEHlBsWwdKciNZHUbynVEOA=",
+ "lastModified": 1733412085,
+ "narHash": "sha256-FillH0qdWDt/nlO6ED7h4cmN+G9uXwGjwmCnHs0QVYM=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "25e3d4c0d3591c99929b1ec07883177f6ea70c9d",
+ "rev": "4dc2fc4e62dbf62b84132fe526356fbac7b03541",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-23.11",
+ "ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
diff --git a/flake.nix b/flake.nix
index fe5739d..557f281 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,7 @@
description = "Configuration NixOS du Crans";
inputs = {
- nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+ nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
flake-parts.url = "github:hercules-ci/flake-parts";
# Formatter
@@ -34,6 +34,11 @@
flake = with nixpkgs.lib; {
nixosConfigurations = {
+ apprentix = nixosSystem {
+ specialArgs = inputs;
+ modules = [ ./hosts/vm/apprentix ];
+ };
+
neo = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/neo ];
diff --git a/hosts/vm/apprentix/default.nix b/hosts/vm/apprentix/default.nix
new file mode 100644
index 0000000..7fae1f3
--- /dev/null
+++ b/hosts/vm/apprentix/default.nix
@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+ imports = [
+ ./hardware-configuration.nix
+ ./networking.nix
+
+ ../../../modules
+ ];
+
+ boot.loader.grub.devices = [ "/dev/sda" ];
+
+ networking.hostName = "apprentix";
+
+ system.stateVersion = "24.11";
+}
diff --git a/hosts/vm/apprentix/hardware-configuration.nix b/hosts/vm/apprentix/hardware-configuration.nix
new file mode 100644
index 0000000..ed0de5a
--- /dev/null
+++ b/hosts/vm/apprentix/hardware-configuration.nix
@@ -0,0 +1,32 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/b8171fb6-3aba-489a-8c40-7765e910572b";
+ fsType = "ext4";
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+ # networking.interfaces.ens19.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/hosts/vm/apprentix/networking.nix b/hosts/vm/apprentix/networking.nix
new file mode 100644
index 0000000..1748e4e
--- /dev/null
+++ b/hosts/vm/apprentix/networking.nix
@@ -0,0 +1,53 @@
+{ ... }:
+
+{
+ networking = {
+ interfaces = {
+ ens18 = {
+
+ ipv4 = {
+ addresses = [{
+ address = "172.16.10.150";
+ prefixLength = 24;
+ }];
+ };
+
+ ipv6 = {
+ addresses = [{
+ address = "fd00::10:0:ff:fe01:5010";
+ prefixLength = 64;
+ }];
+ };
+
+ };
+
+ ens19 = {
+
+ ipv4 = {
+ addresses = [{
+ address = "172.16.3.150";
+ prefixLength = 24;
+ }];
+ routes = [{
+ address = "0.0.0.0";
+ via = "172.16.3.99";
+ prefixLength = 0;
+ }];
+ };
+
+ ipv6 = {
+ addresses = [{
+ address = "2a0c:700:3::ff:fe01:5003";
+ prefixLength = 64;
+ }];
+ routes = [{
+ address = "::";
+ via = "2a0c:700:3::ff:fe00:9903";
+ prefixLength = 0;
+ }];
+ };
+
+ };
+ };
+ };
+}
diff --git a/secrets/common.yaml b/secrets/common.yaml
index 93c5ee6..ac18123 100644
--- a/secrets/common.yaml
+++ b/secrets/common.yaml
@@ -1,247 +1,256 @@
-root-passwd-hash: ENC[AES256_GCM,data:TueFl3zXBTnpVtduQTLIzYCn2cNnxECiFEf7F+zBeq1A+lghV2ZUf82ZU+fajI/fcjMij9xMcLOZchksUkRRZ9SNHsoDTamiChC3ecOsxcndR/SElN8Wpr2yqsV3NNAt/4EF4leNyEdrJg==,iv:Lo6/odISnTOVd+dO3tRJZVYNzivyXuPowJWk+d8C+Ck=,tag:1zEh8Umy1tgM+SnqOLxvig==,type:str]
+root-passwd-hash: ENC[AES256_GCM,data:15MRq3U5SwtaP2jh16eTP741q7yyGDrnwKkAHBcTSMY=,iv:1VDonUqiCfwwY3qazYJJumbK25S/Kmpb5Rrw+/pMmtA=,tag:uQSo6Clneo5MtGT1wBzLFA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
+ - recipient: age1lwk9sry7f5cum8dx202lpp23l2q8l3gaju8626p54wn7t0y2wfes8tljs8
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZkg2RXpjRDRPaGtEcHR4
+ NlZvR05pb1cvMFBwMVFrWWtEcFVHSWU1NlUwCmxKYjNzVXdQZzJ5Z2RoZEZGWHgy
+ c0JwWllxNVBDdGpBRStvSUhRQ0FJd0EKLS0tIElTOUVTUks2RFR4SkVpbkd6SS9T
+ Um02aHAzODFBTi9ZeGFpVkdBZVRYNHMK6qfUB5LWLpkrmHH0Y+Fjb+GrPFRi/cL0
+ TCUthN101jat+Ne4lF6cU0U5JTQXaI8RI2cEJlafFI8rRyfooIXsMw==
+ -----END AGE ENCRYPTED FILE-----
- recipient: age1ed9esfstrdhfl3650mv4j3mjyum70245f903ye6g0f5t2ept73nqyksh3g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdDlWNUVoTURsbU0zT2oz
- MjdlQWNvY1lLK3FkbGFYQWdEQlM2U3o4WmowClZqQmlIcWFxT1E5SEFKTzhza0l2
- MFlCN1Y0NzJMTVRMbzdjOVRydmYvMjgKLS0tIFk0anJBNDR2S3g4TWhMS2x5ckx5
- dVpKSEtNYmtuM1lEcVR5NnJOYTBKSzQKY4nlRA2+JooKMd4nSK6qf7lFNUs7lkVa
- 6HL3ZjOTJvjdZyHpeqdpJDz5oitVWsUgQiP3GwsOcNPnV6+353vEuQ==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUHprWFBFNERlQ0NUVUhw
+ Vk85OXgvYXpmMHlqN3lMM0ZIVUp1b3BYMEJvCnMxZTJad0Y0QjNRaFJuZUdvQUdI
+ dzVySHh4MmRDNHltQ0xveWQ2NjN6ekkKLS0tIGl4Y2tPM0RTY1drWUF0OUtCV2Nz
+ ZkV6TE9LQnMwVVZjeDllZVh2N0s1WkEKQDkFzSVjiUg1Uawt0WgS0zuLpIrpwD5A
+ x4mq/dhAtmifTO3pxTG2oMsVtHTjvqfxKj3VR1BNXmI7GXhZaV6CXg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1utlywxylme0z3jenv4uz8ftcwteg9877y3zf46fu7zwjjwa05g7q88w8t0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJN0F1SllYUnQzUWF4QkRp
- ekU4Wkx6bjlvTllKUUFUbmNIdzZFdnVhS21BCkt0aUhpNng5WVFjYk9SLzRGUHRr
- b0lTcCtsMTVwUy9xL0tVaUYwb1pzMkEKLS0tIG1ldWVHcTNLa0JhSVpBdXJjcGU2
- NUQvMW8yWGxvRjBlbW1mRm4yblVzS0kKqlYeYHaaakfnX190V9dAxUipeyvwJK+2
- kVSw2cnQiF4/FtTBtCvMjpLKsdfGiPmpM9CDPULLOmm8BXrzKplg9Q==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVUluSnpSWE5JekVVc2xK
+ OHNEMUxWa1luMXdocENpa05kcXZGR3kvdGtFCnJ4VFZIalAyRFNNUS9UZEFpcUVx
+ TEdxYVZlaUV4Unl4am0wYXhVd1lVY3cKLS0tIHRoT2M4bkQxTU9NU09IZFRpYWQv
+ M0tZRHpoNjZ6bHFhQmlQb09qRFRDaUEKR2UTU9sLM9xRpDavtXYmgKpxZqKTJ0F9
+ mT618l6CG8ebZLN24O3cnuXrnlIubz1q10jUHVMjImEdE26UWXZxcQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age18rv8q7stsn2zv4gxuj4g4ktkeywkg2wngtdwza858jjme8wdvp8s9hkx00
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhc05wQmN0TlJSQS9QTCtu
- UjlCaEpxM1IwczFBTmpzTndoTkQyYlNZZVcwCndCUDFpcDFyZTRsWTBZcVM3T0hY
- ak9ubXVyZStoTnlGS2o2cDhPRW85UTgKLS0tIGVGeGdhUWtaNlV6NmRtZDhIeWRJ
- MjNSZmplcVhLQ3NnMHhSamUwSDRpUEUKmEN+XbjnAqPuZFGs5SVhQkTxFwyTtLzf
- 79Nf6py/4/eh3Bv7YYjuf2+y1/oUZ9VuLlP31phoi6AsoXHMjckrrA==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYm9pM21HZElDY1JCQmU4
+ Vjh4OVdEWmJDN0pnSmFyYTBBSURTY0hHQ0JRCnJBM29INlAxMnRQTW1Bdk5UcS8x
+ ckUxdHl4b0M0cTlxbFNLdm02YWxQN28KLS0tIDd2Y1M3SjBPaGRvOGdoZURJZ095
+ WElHM0NCNUVtcUYzb1d6ZDh1aXMxMVkKTaih7/wUafmSIIQLEUN2xpJX5uEQQVw0
+ ehB6gPs8NSihi9iboen7AcgNsT65Sfh0673nK0ckuchn5G4SY95N9Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zlpu6qum5xcl07hnsndp78tllqph5jz7q8fr5ntxr88202xq9u9s9r2y7x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVHFUNmZZMmN0VlFOSEZr
- YVcxNndZT2h1RExiL3JhL29hamRhSTRkekFBCituT3hJL2ZrYW00Vk9BMk1TUk83
- bXJQVkN0Y2JuL2NDbzJxZXZUcEY2MmMKLS0tIFZxRU5lSk93T0pOL2FJTWQvQTIr
- YVNhS25wRnJFamt5dG5aaU1SY3pXZVUKoxZtGM7bMjInzD/JGZ9gQg6u3ebcLgN6
- mphlhL9qfqR/3/qmU1q14h9CHHnGXv/9s1YGvdzG/TqdAx61LaRMoQ==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVUNTa0pPRmp1bk1VYjF4
+ aEdwUFU2MGJkWEJ0MVFTNko3RlNTdnFSWG1nCk5aMEJUVHJGM1RUT3VsQ3ozaTln
+ elBhNm9jM1ZBbTNoVHFmWXdEVzVBNkEKLS0tIFBpeUE3blJ2Y3h6MXRSTm1YWEVq
+ ME9XaEh2ZGgrVXJ1SVFhVWcvbG9TWnMKfx9IaqduI5MLGahbA0kpwRc88lm6/zhR
+ E5XztcQZqzHpBq4zdMhBvj05Qgd0ddYsNhgnQ+ResVWKag+U/ZPKhQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-02-05T21:38:50Z"
- mac: ENC[AES256_GCM,data:ZUA6Ij81846B2xumn9YjrlRufj9KfoItf2MCViVbIlQO97or1rJAz+iWxmf/I0YNzhOKzuchyG0X6669fUkePk0qNKrk9HBQLX7BM+O51qgEijrqq2SXlo8hyNTC7zUFL202yT1ATL8uD7lgBZpqgxBOcYp9D7+dkvotzFTOAco=,iv:2o7OGekocDF3Lj8OCnLOwGBBs/k13R1/a0CH+GTFsyQ=,tag:FqPF0Vvbuc5/D5tRLA+r9Q==,type:str]
+ lastmodified: "2024-12-07T17:36:06Z"
+ mac: ENC[AES256_GCM,data:5csPw1E1NPnSNexMm9qhmokR0vEF+/ZYkgiN0mVH31usEpmLtdnqveGYmmUrtKhNHu4sSGr/OYdNGAAY6Gc3X8l14K7TyCppqgUSHz1SyJnff5tgftmSlKhHB5UUF+FhJ1uIrCx9Kvh+2Zhx4BcxHXHSJbr9RlzI9H8jqTcSCr4=,iv:erEX1MtvIrPvNMyJhJ6um5yrar5wzrrf1kLVi9Y8knU=,tag:j9XmrqT7oO+mINg3CeMS8w==,type:str]
pgp:
- - created_at: "2024-11-03T18:25:13Z"
+ - created_at: "2024-12-07T17:35:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4DtMjybqIQmUESAQdAlGe2sCuQG+ByZu9jSDFxRXFT/RCq1sdNSz0eZ7mq5Skw
- lMEkYmvM5NO9zzLFzgDGvXQxW/qLEKdiKtWVP3SE+8RLbnDxfuk/TDBjvchT0Oxr
- 0l4BfCQfNobRCAjLnK8vPopeI6Q5LuAcespyaPplJG3nnXLz4dWEl8LWaG5gaKNM
- QU0CJePw7HhyMF5obDjevl6w0QJcoJ4iBm0qnHvbiIxFIoyLLFp+QHwOy6oQPtDI
- =pgGe
+ hF4DtMjybqIQmUESAQdA2lf1r3C/aKSR6HyxDT7i/X3TEcY4mzCtySmijCS/ezww
+ K5N3PUAzNdbTLejXrSp4kNsWnpCW4YQDRTkFWvlhfAZ/h60ge10SxlHIjfsDvued
+ 0l4B1bSqIpgNUXsLZD3HiXW/npVaFHO5AO/AS3YbTNeh4dNEgdOO5wVCROUI5yHM
+ SQ6Bm7A9l7vuvmnMNUQzIy4jfou65VdY58c0IfXmz3w4irlfXt+QWHpRPrPftWcK
+ =Z3kP
-----END PGP MESSAGE-----
fp: 0x40CB48A443B03B5DBA484D279A130774C458F4D4
- - created_at: "2024-11-03T18:25:13Z"
+ - created_at: "2024-12-07T17:35:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA8m7r5bNaN8eARAAiepjIpH+GVZi9CkbmXl62efi2Db9ve6ASM/Bg2JlZAYi
- r9bFbqshhgFzdbrxEcnItFF2YrhhfYYNdBO9zCgO+zf63OaPY7ABUmYeZaEQ+xrD
- TLL0auhRks+V2BLjRSSROPtOXVy/Y6F1R42EtOXMlJFncBU3LRlwgUN5YUX9YTOP
- RYVERu0UIu58JPTAQyFEuudKLTPzET7OiHdBdA5UmyVC0by9wR8CMAOVaNkKlaf1
- uRemosQx5cNDtLB90ydpY1KiibaLi1ifs+cgFMmhx5qmjU8VRzJ/gXSZgcbusxOY
- GMa7EfMtB3+pkQXSIaX9krUvaVKhYopg3/q7X1l2skO6CFwB9BI+46RNrKgvTnW9
- 9mkSrmwsJo2Wq2QLAT8CIquBJTQeti3ULBtvusvyUH5OuAZOp1wi7rb1L/7de8W+
- +w6WNXIqd9y9fFa4NNMsAmORwKrTE0UFRczajWaVQqqtKKvkc/nGZ84rVw4BbwIT
- +cWWAIU78T/S/AjZ6Uwe9KZ6K6JCORWCmeNDb2Av5IxerltwSJAV/uNv3Qiei9Fp
- opLop92m1XrcLQUQw31UAUGjYtt+tu3HymjBguLVPIhCIcS3YmULSmtNNURB39dv
- lVBDCo4Lfaq/aVqOfDzvWFB8rRWNEbKzFrxUhUd0rMQ3vGKx5fduHOlotG45Z6rS
- XgHXzGpzfbfVZpJFFGy1fTQszQ5uAHVYm4e8kPV1SmadYA+syL09iASn+Qm5/0xh
- c7vDQabYbkCjC6DZ7kHcC9NbTGYFM4NjJfeyr6gp7XXfNwb6ferMIMoQBPDUd/Q=
- =JE9j
+ hQIMA8m7r5bNaN8eAQ//doRSzSmAjRe/Jdu0BYhqidaz4AneDtV5g2LQAWlNK1EO
+ iftzUoysSue1MTkcDcKBfpgDwlyuUERjq0QH7J8JfMY75mIH7Yb4TjA5+GtfYGBn
+ 6obatVdQjeZoSVuPuAhLGJdu9WgWOgwfNhLbdkToGTw1L1Z+ycgdOhtsOVnoBijU
+ v5saPHrWOBPgvlr8ki587jTssAEYi7VHhjqBRXyCy04mtkw0C2VDozuYFL+ZErUb
+ wMOS5zx8TCH/YrVIw55mkGjpzCJM9SiaQ8Fy7MIpPJjy42bJ28IErADxZ5PiGFDK
+ A3Gpmgkt1ZsA307erTr0VLclswF1DDW9lhbLHBOy3Bt0HqurB7EYLCOOkRz0dy8z
+ exwF/rMEyBs4bttNbo3xwhhlRhFEl2B3pxa/GWLbs1Ab7Du/cSiJjCIDQW4kaNHu
+ nhpb5oGlSDakjUwaMZ5aAKl/Pu7aQJau7ftWYj5spQ+75WS8cdorvwVe6SciAJXC
+ +9vrj4Baza/hm8pp7YyML26rmGElWFExfkzEU2VOPOl4FG+K0qJ+HDvQVUO0eY9U
+ uQQNDWTwJJhF47sV1We1MFV81TLIBJOiYa4PzWQmCYh6NugtB1w7e3bdLRqanqck
+ wB6neOt/l0pLL4uISHa8LnJSFVP4ildldkmhwkfUKPeGeIr3R/U/c0pvcNGv6LDS
+ XgHaiy9I1yyJTKfUcbiRndBQCPhEud9AUmnqJ1MgG3ZxydN4l1JktB8qV7XxEtRp
+ k+U5wlwegl2y349OD+haZfNGYxCWz77Q3uw2NY2m/p9rJbxTBQNVghv4SYA+shw=
+ =/LyR
-----END PGP MESSAGE-----
fp: 0x9487E782E043EC0D9E0F6C27D46D7E3364433208
- - created_at: "2024-11-03T18:25:13Z"
+ - created_at: "2024-12-07T17:35:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA9A+dmzvmzOLAQ/9Hp65P2eu0WbuhPq9z2p99A+hV/OneVPYzJDhC6PL9YLV
- iaaED7hhiVCohLlphduvRqgQRCK5FL+5T4qWop8u2JATzV6L8aaducnB43ZiW00X
- emrYsF+8RkQumdFpKcjpSJaVf0tkRT7fVizna9ytsg8V9qakbugZC5TuyS4rD9Px
- nQayHjwgHPal3Fm6vlzIEdM7RcHKlMvCB1AK/ONK4VpoRMu7BNcQr3ZEP93LGboz
- oZ4XD5DxpQoAzhhR0ZN8Cx7ucDnvegJbKKumoXFUYL7/e0qFhNJInXBRC+EeHj4+
- IAg5bVIzcD8+F8Y3uI/FQ+4yzXH9XteCdHq4i8gel0kfsdWxRtqJRrvRjrYEPQ3Z
- QE5Yw8zv+mlO+Uay6GkzvXzDNMOIp6EkWcDCSklQy9LpNNCfCVl38Hi92pG2zUzC
- Gxj8uATTYvy/9kB3msqn4FUyIoG2nC83FK7wXgk9XZaRit2Iz29RSZJ7+BXxRTYc
- kDv96w0+CDBqAE3ovWaM/PmQ0quqVJK/DG6Zur8S0ZQUsVPQ/s37Ta6P/YHuZlcV
- dkOGlCGRnRkUhJTBBci6ENQat8H75Kvo0wZ0eb37uP1X6dftg4rEki7qg+qMZVo1
- IGL0zLDS7Zc5R9TlDuxk4tAMM4ySg61WheUd4r4tQnF+9TFwM0FSLQOXYYZgMpPS
- XgFh3kh3bwbdwjK2Xita/hWGiXIcoD1uPmHAWEGOnuKGEX+IWQovoE/cK4YWk0nQ
- UAP/ZgBoC1fB8xIdnT+yLVigZvSySA/2l+dQLP22dBG2/bQP8GtgRpDujwPaOMQ=
- =tU7N
+ hQIMA9A+dmzvmzOLARAAtfcIxOQ+tcDjG37sSFg/CpHjX7U0x18UlgkuWXd+KyqC
+ WCrT3QhfcK5gGvZ8JeU8y/4OkmToyBmZ6EfUAkcY50FhHzqdv+1j/rUsXPuN/tD+
+ EkcyW+KeObcZgbL77ieB/a3FYm88daNODyMEalk2By6dETx6A/+Hgij3EgisEN5k
+ mAzE1hQGvKTTUKDGtYfwCCwdd5zBxkjCB+E2ZMZxUiC19l4kaOp+B5yXe+l5Ok8h
+ cp0yQ8TFYwCeLGgqLVlJ4UNKT4w4vobKicuyUVlzn7ysmalPvqQ+ClENSSqj+FQp
+ hX9Cimb4McfrKnC+N9tVl1A7xE5MtsSIlnXnb0L9v8oqI4BM6YSYCJGPQWA5/vOV
+ T0dm05Tk4jxvQFWGBGh496AqUxhUSSkjh1BVsOI6VKEtHufT9pqa7GdAmD5blnW8
+ 2zdEBuzW05Rgggh0KnF4cQIEmpm224H0hek4l/qUQuZZtYPxs4Rcv8/EunQD356s
+ FJSdDT3OBZGA9VYZO7/u0hAqfdYYPPLq2TSMUlqya9bKbJH4Y8XGuw1+0KQEMF1m
+ BCOQ/NJosAgsAppEGfbQm4NBQdSwxQEO2g1jPJq1+YD3lqcaMRuTkazqTZZqgFg3
+ DkJ2E8yHGW/w2ta1UYj06b5pk3R22nP56B4XJZDlYViirhcuQekPqN3Z8xnfo9HS
+ XgE17SPAiCB8cvGn0pZNzkAlsDpbuoVHElqMB6H7bKDfTylgBc3gTiIPqKilNjT6
+ 2tAkyPubYkqMfjALPLkzMpIHOGLwv/smId7q/zrwjOpFFg0EcyoggD00CXRv9BM=
+ =llXn
-----END PGP MESSAGE-----
fp: 0xBC354C0D5CC674D11D3EF7AC2BD76BB280787FB9
- - created_at: "2024-11-03T18:25:13Z"
+ - created_at: "2024-12-07T17:35:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4DRBWo2b0h4f4SAQdAKviieJzklBzfd+kHIfMjznyaiY6AK3xm38hZoLFAmSYw
- pWpUuhPYBFoj24Z2nbra1oyh3t3+YCZX/Ow2LLtj9P7xvltgEtbI29/d52kEyIEI
- 0l4BopgpGlpzfP41dAeorexMnzkNFrR3q4TqxudQiZGeIwW1fywa+r0uCfmV/lXR
- VsRrhp/j0VczGGUdEOTma7xxMn0lDiTGcHECqlGvt903+rGvzR/6lKKPSl7NeUAL
- =TDbW
+ hF4DRBWo2b0h4f4SAQdAD7MycQg05dYdUTgU2anx3NXT42qwbKSF7Y0Ma4M5ixMw
+ dzrPQjPOke3P20eSprZgYu63m5Vd1YqUi+Fr0GGk8RzWNtn4jJHit9IiSqoCKxv2
+ 0l4Bayoa3awQdcP1rvJSeItYK6IhMjKE0X0AbktEWbG0iMR9qDT4ltJKlg+Rjycx
+ O8pJXPfirljISiFMZPqMUCGH7z9KE3+UdJpM2PRU9M86X7cs73sxUTpeItMXt7oz
+ =jfT3
-----END PGP MESSAGE-----
fp: 0x572D19D312825B1A504C9003531DDDB6EB559FBA
- - created_at: "2024-11-03T18:25:13Z"
+ - created_at: "2024-12-07T17:35:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA2iXGbkufjklAQ//WmeqJ4UZdlgr77Kb1NwujP6xidENU8qsTd8UxVRxVuMb
- 2dnYe48bFWNIMSJFBI434yKjSft1Mp0a1tP1k5PQa0oy94KauDqPbkhW25HcUogY
- nBiLMpHsbQvhkhx5YU66tl1EmrBf7dzqfJTA7gbNwCPFmBUxiEHo3zJc5A8bTQT3
- mrfQ2iuVJAbChDuB9ExX02C6x4FBot1M8nO018bprzxRq/Bb8YwKprTcbDFjZfNh
- Q/iubMG0JemMqVqBlsV48yNGwqB7bEDx0/NwrFKQOfZXGbaZ+PXVCdnoyP/fIn6+
- Im6BNpBlKyTIdXQ92BxjS+JHDMRAFrTwf9LHVQjeRE9NmzGIUjAJwcHyFjIh9TYT
- sAFvV6nI7mFreRmFNdYdV9KPY+MINlG5RY9cB2Yl7M6zOeed3fPjzErzmAyOWHaa
- qrz3PzxC7piZHWLsgtQl+830PgG1XCdqq6BcOVVjV2CTvnTIUlTa+anUm/WtjAlk
- qsdMnS3eAIc1OstUU56zQpemG+Q5/PGrWAp8GO52zjQ4ioUqrnfBzbfEej5pVwTt
- N/am0sGW4UOPxOcL0ovoFC7cqeUyNzTLFe1aTB/dHc54ljkI7czpojr4d62OE3BI
- ABsiGMWRmcLwr6wiJ1VOsN9Sx6kzVzXbuP39wx5FEEHDSqY4ZfNgGwN0NMmqTzLU
- aAEJAhDmGjkN2T1oatTGXSZUCqxypQlD+18PCABvr2yXJOrK0KMHptJYTeiuBP9Q
- T78PVVQZfmASAoKkT4sruO/JuhY9axUfD2SW8BJRL86cOWu6lvIGntmXyN1ySE8v
- 1mkEf2ereQn6
- =agjj
+ hQIMA2iXGbkufjklAQ//eU803TjvwfYtdSndiS0XsY3ONOndh/7C//mPz1kJtftH
+ r7ohrXahBTQnnKDbzOfJYcjpIlI9L40TA0kkYbktu30dO3Nn3ANr40j1zT74i3no
+ MOPE6IgU4ZA6jzZQ8fMIQErXbD1E7f5xkbmVDZ++xBOfapIdleLnlRRjTRqCZqSQ
+ L6v5aBviFyGvTBknTac7kitPa3ZYo5zJa7qfDvlEIgl3tQWQfzubDpeMAf22Y3eo
+ fYdXLFfK0fJ1phvU5QvoJjmUFTCi25m5uaReqtQAveghuvY4C3IDFRXkAMEU41u5
+ idjqYQf+dGlguww8UrwjSvsqUjWS7fkw9I6OwuSBoFnf5QxhbmgFPVm4BD5g6uBI
+ qlPJ4RV4TUhtDBAQYM5HRt1qJeQjSV/VpjOyVeZHTppSdPKtCSnnv0tZzmK+hTq0
+ mFKtIsPrepfloQNJi1BR/yrZ+AyZpE+JVF9fl+nwhCRgaumA0WIqZKmX2DF7UHmu
+ BlW97LesEVP6EntveHnoff+fAU4uxneK1iC9J/zWSjtLtEXI7P5fGDLv/pzTT5Wv
+ 3aJVloGyKXLdLP+MHObbu2fr5cPQDkFoCPFacdY9d4LIpB/Xn4b71qMx6HnlWcmt
+ CZpAhp+Mm7gmG8sdTJjUaW7weCsk6GHox+DXTxg0e/1CTIDxwPt57Gm6a9aQOaHU
+ aAEJAhAiSBUvoX1BMmT4rQMhYDSmGBLsGIoMll1T0eg/xnSP411KWoj+yk0OWsgk
+ Po2i23YdMzGL1cC8EClr8F7cdkdgDGT+HraYL29tvArh0kghWbtg4i5hFzTJKjwA
+ sZziNeNWImB1
+ =DlE1
-----END PGP MESSAGE-----
fp: 0x270A71E7908CA9D9252000B01EFEFDF3F7B80B01
- - created_at: "2024-11-03T18:25:13Z"
+ - created_at: "2024-12-07T17:35:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA4Uty74yOFxLAQ//R7MZs3l9zZi3DsBsH6E+fBa0pJ9amlNFZUZPP0/QHI/l
- ECAyUGxYCfJqeyNdCDmsPOi+Eo49K4+bP85wpkz1/kQysuW5Lj0k6/6t7NxVPz3G
- fhRD7gcg/O3U4dJOyThe4tSectsi2JjwVSXYUj8PXb8vmv9njdhOxq3XgtnRr111
- U0awUPsF13H3VD93ypIAuX2AHS2aRyxtWhO3mr2CNo58Z42e9cgzoIIbPrKkau9v
- ckeC0PWHFz40klAATrPwx6V33lxBv/vXVuWpq8shLNj8b5osh1r6JatG80mrZwZb
- AJcMcjSup5lIDXPO8OdygTwQYsHRjmITgmcJ6vPsE8NcVGiFZ3daD6I2Q6V7cNNP
- YaWKHcXHter9gy58somU5gMllKCQi/j8ZE1lX7Lwnbm+S4VjqlhefAx+8N9guRVL
- UzNcB5loQtdXHJMloM7cJ5PhqRwnTUS9o2UopbkF3SnNY4VKKzRdralB4rq1LWp5
- NZ0TkDRPG0ygjvPIV+UYQOccnmpXkwla26J6tuzV2lTFZrFhoveAbzscmMuQ1C5E
- u1epGo7OXRXyLEONU/QQ0Ex9fOe5wzKZ11RgINeAPDKOgFgGha0HM+Q/mMduB+Mx
- ah6H2Illw08uBvt4YP308nZJA1K3IM/IloOhiA2Y0rFddejuzjVE8ArPSQ7FXZXS
- XgHQagpognlPbn/n52oDHlVj0ZNtquA8fTjndShWL5ahE6fSM3R93jQd1BVL8fE2
- XicZuMZL3TubnCyxKgZrzkIKpO+3V/3gqiWz9xSdw1M8xWwFrqh1no6VRF+KIZg=
- =FVWu
+ hQIMA4Uty74yOFxLARAAkhc4p8XQ1SCVzJlIhFTR8TWfWI30gyigvUsJIoxAM9h+
+ WfpX9tBs6Gr/XCSu1W472hw84/Jo4p+SlJ8OR0oXy0oIZ2bbTFz8oTHmQOMQu729
+ Qz+GiLQfPFJCAfMSfaWELB42supp8azy81BcE/Xwkndba8mUcKX3ulXiKCy/EeIW
+ T+rkDtJ7G+fVa8RmiNW6QJVSx7krVAwxkd8Rcl620J8ZQNPJj4ArcFjlYw2UG5h9
+ RUiw7JOkjRt2cxdq7N6UWLE9OyukIsIF8IQ9PjEu7suDKPK/0eg9eyLdf2mfAyCc
+ sTUNNa3v/E8nVkffss/Os5ZmsvtmnK1NXwGMprddUJOttE6sw614WDwZphPgZANY
+ Cra7RWxXQ5j64XYNb30P8k7Ijn2DDJ/kwTRXIELVU9MDD/09I/vVs5gFCunOF419
+ rgZQ7TFGf4RLA35afjn0SJlS1y0Rxqdl5b0PVmKv0u+5X3YePbUA7DtwWDBdupOc
+ AQJQ1ikNK3CBTU1VhDdRga/+BuesiFY57TVx3y9X5cSPuNU64woA0F3fZUXLwf1j
+ zdWJVK4jJpPmsM74lwEc6yT5ZZAmszLaeypMMCJzrEAReHyYlFEO3FH5ytgBhSij
+ Zp/RE+3bYaNlHHquEC/gN3p3iRSDwc7U9vgG5beg04ZQ3Z+UI0HznCT7Kc+rDkLS
+ XgF8va29EunwcuNE+TPLBRW/EsYUcUwtwiav3ngNYAo1I/K903aXONP5xrxjDsu+
+ n7nckM4wrzWp1PYpzbaekkJhIHWeHhuyO7I439JVvVAu1qZOe/TkmGMKy7S9EN4=
+ =OXcW
-----END PGP MESSAGE-----
fp: 0xA534E46682DD8C35377352C88DD28608BE411065
- - created_at: "2024-11-03T18:25:13Z"
+ - created_at: "2024-12-07T17:35:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4DIBqTX2T418ESAQdAhWnCXjUIk+QjFWpoyhCOvxIQZ7+5aiqc+oYc6CbckCYw
- EuhuiveG6qxBF3Dji89uY9UVDGxIdJrToQkytrbQOTF76YIDAu2B34c87UaDeCtr
- 1GgBCQIQdvu9YIORk4wpBWJxpx+In+fbTKiXpDrUdTf7J5UrLKu+CdkyJWgvYlxo
- QjWngR9mnS6w5gE9NIGt0RQ3hFQfiayvKfiSTVKxbWN+/yjnkPNefDGig2M8nL7W
- 8mnmVJy6V/r+gQ==
- =8fhl
+ hF4DIBqTX2T418ESAQdAuDzW715IL8uhQYwFm8ZYbZtkj1ccicru/08NyefQgEUw
+ IeZRK3NcyuevbOUIAXAg512HBFMtwruXkBhXZPevjb2h4yiy3ssdvRK31vYAMQht
+ 1GgBCQIQYaONJhKUiG3vFXvb4fM7xZlfVE5iZyS0B1yyWU51sZzHVOq9X/pTHKc7
+ WoGc5PXdWC9vV0Pu/Q5thzON9OEoEWwa9E/IzYNjIWobuLbSQe9Vo5agRaCwyZAx
+ P/X8NRPa3eehRA==
+ =ftEX
-----END PGP MESSAGE-----
fp: 0xFF7D1156D33F4060A4B15BFBD6CDAB8050CBBE7D
- - created_at: "2024-11-03T18:25:13Z"
+ - created_at: "2024-12-07T17:35:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQEMA7auZh4eKOkIAQgAgjQMjCLiVJQos2FNv/JtGaVVoN9685faLx4Px+3IU9Yh
- S3uCZ6MAt/L7KHiMFNLts1ATC3ajbqLA/CQqOoTYpP/EUceCDhM20+M1MknqF9wf
- TmrcTOMyrrdDW9RxzUCnZB0yvKghWWNoqVmZnx9wjnZVmygAAp/nLzyrLRwjjsEx
- tRojki7ukN4xENkQNNcUybgx1HoIFLo4rRC8bHodDLa9lZKrNLx+LVrvbpfstzVt
- i05oq67HrUxfv1HcFwCMBXVcGQSWpuHSi6Y3ernFF8sUWQXxpgmriDMK6+Fc6ZSD
- IfL7eARQKeoyy9wXR5RZvVhZ1fR34koCHrg65mGhl9JeAXEw5vr224REgb7ROf3k
- YCptk88N771VkT7Ifqd8d/JlrTC8YRwzu0milDqYUN1mV1NLSjwce3W1YYViGThm
- eSW3p8p/HusQaiZqBbkVgQ+Q/dp86VLdMNLRoA2W+g==
- =0nhc
+ hQEMA7auZh4eKOkIAQgAiHGVv1qir4QsgLzOpe1dXCIBm/WajASlakzGoQICd85e
+ Nmzebu5nfuoCPKhq44sUUpNrk9iuOo9zBBFnWrLPSv9UkW5fOmN0nQNkicVmgefN
+ xHgoR9xWciDJqWua4epGC9OenSc5pVbtqUpXRTbztKerFn21q2DvSZroJBdny5Uq
+ MaSYnh9FqaZS+ZVjqHtdTZ5D8Iu+tz076SyLd0ZiwKGMHe8cZTioRZ7rbv2k5V+U
+ 1DjXfhh5vQNuKSgsTeNGj+dET59s0CzMhZFuIw8+LHWw0Z4PPlJIs8C5diRhb09F
+ wd3mnaABv3coT1rKib707vt5GkwTdm0L8hoENZC0H9JeAUCH5JZbNVw4sikneb67
+ 8h2sgbulHlalVxWEWoXdN+m62Vj6FOM9b1RKFlMXYFmPxK79DqORuhj57MFUz6AV
+ T5lpJBU1AKwzjoPElZfYiybPVuRsTKDzPGUvS1JEdQ==
+ =yt+V
-----END PGP MESSAGE-----
fp: 0x49BA444CDC680527B4835F7C3C1AC435CD1F217B
- - created_at: "2024-11-03T18:25:13Z"
+ - created_at: "2024-12-07T17:35:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA11f9zoCBF1cAQ/7Bjo2rDMAE+WFCbvuV0Y6mxxLU3ok+6FIKAOS5QnxpEpI
- mT0KYagRRRm4Cr4QwRaTKHNemJ1qh3/4JUNq0l/OlQTXxflmKkyoffszKuQ1+72y
- cVqyNZk7cvU4RoLg70y6rdIbFXVPWwKO7Y8QFLARtNT+NJGA9PKKYN8+jA0wTY58
- T7OHyjLrl38UcMIRfGGfQQBPUXpzwQ3klfh6GNO1FWp/lvbg0QpUhhqu42SLwGC9
- T/38hHIxETm60gizx1Vv2s+nUnznawatz/Fqb1RA6Cu9R4Mzc/7APOEl+h/wBlE/
- j8+Zxt3TmBPDfTnvKI2nLBnw2IMbru7BwPzy7wzwh5gF+vS+IdxqIzaIr3an2X27
- InF/TA+5/TRcHE7Pc/oQiC9BSyVSuXqxduwR529SHIIBkKrIRnePcsBFIUSyo3i9
- XnzVOmG4OmCBGqkaodxNfMuLZvtbFuabwkp2qGDC71OBeU7naHKgPMb/wfd3fj8h
- 5rxh23ipan2MlkpaXe3c+m42E9GY8IHgDKlm/h4xkpK/+OlxkmPv6xa049tjQcJJ
- b7HS3nLtYpnOQ9wPMdl82teeotEP0FOlrEOIG24BBhCQWsEtM7lrDar4kRzBL2om
- T4l9fbU3lZijLkl4MTWS79TIneFfM7ZItviiZvvXQb9VwJ9WbDBcHeB9fhiQPubS
- XgEBRP1W8fJL0K1zSpRdfJNUGhvPfxcBvvi3SlQPdukpAJyzRxbiLABQ+pnGWbJ4
- DB4cLAXYqLF9JB8WvR2OMzb7VG93TWnbGWph6a4VvYoULmbxMpR4hpwOvbkzWXI=
- =Gjsx
+ hQIMA11f9zoCBF1cARAAgKei0Yp+sLJQcRCUHVteJA6/kOqjC4xtj8nSj+sBJJ4V
+ NWc5NUeam6UbkbfM7c0owPSV96NGSJm3AHBnd8lyTaDUWkVGVOHnRbM8uZLZp2/O
+ 7+fxcuI/pkWnO/lFJTLKbiHNDNzsILgWdmKQGU2NwxejNsImJsQWltwp5xQnvEkT
+ Td9SEvrnWq8k1YUIdCD5PvcMteD2hPzjW89dXNgQhGRcrtHJdUYv3yw55ypcUJAb
+ wrEsGd1LF5o0vfHXu4vM/W83oyYoaUpG5YrcLBzFUGmE3ZQXrus6J8UofrD4tVb7
+ bBvip6nhAnPaOVvCyIeiviopHWRRrulEKSJ+BXz/U6m+7QSzIc34yTQaiJOM50J/
+ F4KJ7s0IJBikdAMUdoB0EAxJn/CCEuL6U87toot1o6/+7Xjho/dgXcbcKsL4/GJO
+ o70umZpdtu3/JB8Ue4c0X00KPwDo5G4HUYjyqO2vKToJRtLPrgHbpie/TVXEXWlX
+ pKP9AUiXjlUP+yzmxgKXKx4ksiO+PvG08GstteoTxh56onseNv64p8z9EkcG9fw8
+ C2KUEiZV3cwbwKpJjx357WOCLsMj0tFqVJuO2WPJOrIrbRCiJjaooX8JrgYAGlJV
+ A2Xidn4kWcliQOX2JzkykjuHMSWCOBuCAqlF9VijW3FWx3OtTzSvNpB0cCBnLR7S
+ XgFRrB2Bckge2q1I8MBw5UeG3Gu/Upgeq80ycNc8Wmp2BrCFtIZKenM7usHb7eIv
+ EmwbDRCJjKM+fb8Af9YBNmDHcOK5Rcp0YnHTLBIuakvtRu8105qFJUwtA/Jp+Jg=
+ =lvXh
-----END PGP MESSAGE-----
fp: 0x9AE04D986400E3B67528F4930D442664194974E2
- - created_at: "2024-11-03T18:25:13Z"
+ - created_at: "2024-12-07T17:35:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQILA/HTIsSK0VBlAQ/3VL2aVhysyeUJ6oJ/TJvrq8XflQE68w25G0/VlUZ1aNP7
- 16d0WL+UxOPf7rj9SYByJf7chkTzd+E05KGyywpT9DjPORBhvG9EdJe7akG8KHDt
- RdI9r8ljf+xKIWkGqwK6vdfzUywWoDTqfYQN0nlrn8jkUsHU9tGvJKotnhvwaDFj
- E2I0glFOrXJnjNRDmHhK7kUOtNhpFshssN8xp37KKOnbzXwWikUR+EhVpv8Hbm8B
- NzKdwkYNZy3W8wVs0fuV+vxreddAx3j6uqRLLiMhr58g3EnEpI/4OwSsWRMq28eg
- RpB8920Lghcx75ZMfQh/5GBx/9h1Hd5w6SUivtXmWOiw5dwmdeHU7TxVH3FjizF2
- AP6UTuUL1foY4843iYjPPOoB/ikxhrEpYdQ7OhsSV+p2kIW6cKLC1FbfkA2aXWFE
- NEypunCJ7klFzrpiuTIpqlE73sFX46hTy2TVJlVYLpu/uULSQ/+FWfaxB8mwml6K
- urfP70HlbziLTba9B55MqHtMKFeAuCbAMvltNYMEgX3wSFkM6otwLNcTBiGL6/Zq
- ZTZiS0clpUhB1CHMMdICPq3qOfPxauBZ7APWRlt8OdxCjWGB5PCSFo3GTZNymXBe
- GP1x07tmo1efNARIuk8ddtCvxplW16gzCNOabKA9Eg8qf2KlT/T604gtJsbwQ9Je
- Aabyre6rzDkhVFut06XUAXOLkIrfkRfatJJG/57sW3bA200qZtCrigehu6+yGFX0
- Due7ZVC6wJzUmxBAV3pX+9A++ZaivMWlRdr84y7CQ2/sjl+j6alcW0PNCSZR9A==
- =nenw
+ hQIMA/HTIsSK0VBlARAAu5i549BUzl0otwaIbYi8kRtpLGAPSF0IZ1g+z6gF9W+l
+ 7ABiDs9T+NsR0/M1h0O5p+/V3dlYYt+IylW3G3J0/ajkCMjnE0X/qPuduxQ9i/0q
+ EPaXm+taYaVJQHVTI1C4AhAE6Lft6IkBSNKvw4xNLZVInuEIcXfO1Tf1IFtw4L//
+ yut0g9GDmkEECev6TqB7rUXtC3Byv08C51wEee2LzA7HNT8zgbkM0zo8+7EpwJf2
+ TGoIIUh+KuoMwPpCivqB9F/RDSy7LVOQ42PLlnxUK2J+7V/p266QKZ+b4eYcSujm
+ zNbyjOoiPycWvzzBu5aDX2mstX31sFNjJDrl/75Z8W5Nr4GWZLbIUa9fSIx09pzI
+ 0M6QJenpwSEcd2Glr08K86qtucsTZuKWvSSTRRgZsZ/gZ2GlMByH2/Rz8HcdY1LE
+ 35mxS2LOuhYXgx7jtO4NT5xbHgzOZgYvbMZmsLSSGDclkc8IQKe3EHPBK1b9kadK
+ q+W1PuigiDIV4kwYv1PfJj0ExSgLe3STDj47p8CiDnbYURlzlNeAHztgV1/h4AiL
+ b1bS/MfBitlIxbDcCyGwa7u+/q6oRFjT39f99S8glxZY2el3pNNz/wOg9TrRAtzL
+ AXAib7wwuZIoaZbgIZSY0zyTBXSii2KfBSuz6SpQ2vtGMTV5Qelu+g941uDsj8TS
+ XgGqCrg19xDAA2HWxdglhl2ST92tyGgntImS0Vgf2liaIkkdikxaXnbEsWuqL88e
+ +yRdlsbReTAQZuiazzUesv8uCVqcJyU32mC5kX1U02dls3fjnPIdwgFbCVc+Vc4=
+ =n5vj
-----END PGP MESSAGE-----
fp: "0xFA47BDA260489ADA"
- - created_at: "2024-11-03T18:25:13Z"
+ - created_at: "2024-12-07T17:35:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4DYIEGJeT64uMSAQdAy283444+YgV8/DSadEMmRjpNICIG0yHyBkdGIDUSMHEw
- 8v9f28AnFwnnwXt8DN31cABaT4pEuNzS2qRkECZBtm1Ne98vW8P8BcTfsOU7j/1G
- 0l4BUvHHJCU6rZh0rExCXz0lytufZbhanlxGtdG8UQPKXUmB1xAUAqP+XZijo9+A
- Mg/MetJLDKvG8ceNY5fUvQTzZIqOCWOHepgPUXV7h54hOKRvaOGPdrdCpH2UxNJd
- =AZUq
+ hF4DYIEGJeT64uMSAQdA6+TgY3VlMHAOdRVlOIIUhi0RflLelJZCi1ouE0g+pAcw
+ JW8w6E6fnOMWGStg2tDmYh1jKOaCqG0AOcHRCh73T8n0iM4C1TWLsslXDxZO0IgD
+ 0l4B0YpSZFYtBZ1TZ2JkhZyZ9zjZommU1rir2FOEdLPznP5UnXHihE/DGL8uPSKT
+ wojUwh9vSfV2zJR1Tvc4wg6Br9B24FiltSaCJtJzIeozbZsA3nK06kEUVlrKLSLW
+ =NLVS
-----END PGP MESSAGE-----
fp: 0xE474A4AB587CD834813DF35D03FDB411169D6C8B
- - created_at: "2024-11-03T18:25:13Z"
+ - created_at: "2024-12-07T17:35:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQGMAxrcfL3KHjCOAQv8CaXDSPAMTBj8pm0UgHJcjyncmlTMJZXCRYExO7VAuL/t
- BFhDM7ZMYp+40b6OLfLGY1R3WkmWVr3G3RUz+V+ku8ipFLcHTicOAWz/roX6eoXs
- 9n9KV6sj8WBf5OFMnS++QYHL6YzNwKsLRx2SJiOfz7RABN5/IAXygslmETer81U7
- tWJSaRs6SkvwAOACiwPL2gUM0KcJyY2Us+c5yOe7c86XKraZGL7wct6vV5DHL/3e
- t5dcaBSD8wZmmy3jjAOtEBjZGFwcTcGmy5UK7VAhbVtP+OFDCYc7pz7D5m+7B3vv
- csdfgO4WfI5RgxYwdTz5DLs4fdxEm9gHBwmyvt4I1I2DCQv6obbNIHC8Ak8SE1t7
- Wi/IgGWi7/fkzYRNq6bM6H9UpfJzDvocIYvjzhqUcG84u1Sybj7+KCJXSKMnjOoY
- jyog2sxXVElanxBo7ahn+dx/AREqr+2ooJTBh1p7ntUpjzVgJR7bP49n+VjJ7dhw
- 2uqYXTswlyoaVavpZ/tU0l4Bupa+pieU4aHioNSTZlWa4G0p/o+JSeXbzYqYDxQE
- 5WnhHmYGsmufDhgA48doCHg6sAinG8jEmEOsbhZ0+/650fZr+Du9YiZi70+MPfTR
- RtH/aZCMjpQeGsDIFKrA
- =2GLd
+ hQGMAxrcfL3KHjCOAQwAsgc2mlXu8YW445U7Lmg2iJkU11UvwVZr9yhVtDV9ZVMg
+ UGzIDUL2CyYl7gT9ICnyYvgy7TM7f3nq5VcV7RHDU6lqX0IIjY4RNd841PY+01Ff
+ bGd5LDJ+Cr3YEhHcfW1uTppABdIzb1jbSYN6yqFCfpkFKFDSQt+lygf0d4XTK2+t
+ asQMlUtlGCsI9rJj2sGulSPr+NyFMPHJfoMt/73hK2JOxxoBCKtl4xNclfhIQPcI
+ W1EwQNn+PZqpkfrmpua4fXVZVdT+30e2RvOxw3IWvwXP/KbTZYqZKSv75t0Jq7QA
+ /Cmm9C0tt9WiLqK0Fy/uV+ozi8+zhTeRI4WhtKNU0QMzy/zePgd4PAp+I5ap1MSU
+ d2p7456N0xlhhdA6xiOtmkWNFoIcmDqsfa+575SL3pvxl8646GMfLa/Kyj+7zcKI
+ eu+n3hlEmIrN+rTe/IzdWrqZrpUzK+NMGyNne8RY5iKVY2yKaLG8S+aZV5x9kA1p
+ gF7PS6CJEBjJNfEG0CrI0l4BoB2uUmpXRk5r+yK0hP9RI4ciCfR46tkP2xeFAQCY
+ SgRvVxFhP+LzOJLyeoGRl50UCAgQUI+c/Cb+9aX9tt+ucfUHkLWDE683MXFGbCPX
+ gHW+WJtITsmLVYGsg4vU
+ =FuMb
-----END PGP MESSAGE-----
fp: 0xD5B872E407D438721E5887A000E765FA7F4F2EDE
unencrypted_suffix: _unencrypted
- version: 3.8.1
+ version: 3.9.1
From b3cc057f1287393da4dc13edd99e8f37b3558f24 Mon Sep 17 00:00:00 2001
From: korenstin <korenstin@crans.org>
Date: Thu, 5 Dec 2024 08:39:26 +0100
Subject: [PATCH 2/7] =?UTF-8?q?Compl=C3=A9ments=20de=20la=20doc=20d'instal?=
=?UTF-8?q?lation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
hosts/README.md | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/hosts/README.md b/hosts/README.md
index 749c47e..79ff9c7 100644
--- a/hosts/README.md
+++ b/hosts/README.md
@@ -19,12 +19,27 @@ Voici la liste des étapes à suivre pour ajouter une nouvelle machine virtuelle
/ $ loadkeys fr # ou ce que vous voulez
- / $ mount /dev/sdX /mnt # monter le disque dur sur /mnt, usuellement sda. Attention, ce disque doit correspondre à celui déclaré dans la variable `boot.loader.grub.devices` dans la configuration de la machine.
+
+ # Faire le partitionnement (pour MBR)
+
+ / $ parted /dev/sdX -- mklabel msdos # usuellement sda.
+
+ / $ parted /dev/sdX -- mkpart primary 1MB 100% # Si besoin de swap, mettez moins de 100%
+
+ / $ parted /dev/sdX -- set 1 boot on
+
+ / $ parted /dev/sdX -- mkpart primary linux-swap -8GB 100% # Si besoin de swap
+
+ / $ mkfs.ext4 -L nixos /dev/sdX1
+
+ / $ mkswap -L swap /dev/sdX2 # si besoin de SWAP
+
+ / $ mount /dev/sdX1 /mnt # monter le disque dur sur /mnt, usuellement sda. Attention, ce disque doit correspondre à celui déclaré dans la variable `boot.loader.grub.devices` dans la configuration de la machine.
# On configure maintenant la configuration réseau
# Vous n'avez besoin que de configurer le minimum nécessaire pour que la VM ait accès à internet
- / $ systemctl stop dhcpd.service
+ / $ systemctl stop dhcpcd.service
/ $ ip addr add 172.16.10.XXX/24 dev [interface] # Faites attention à ce que l'interface réseau soit la bonne
@@ -54,7 +69,7 @@ Voici la liste des étapes à suivre pour ajouter une nouvelle machine virtuelle
/mnt/etc $ nixos-install --flake "/mnt/etc/nixos#<VM>"
- # Mettez un mot de passe quelconque pour le super utilisateur, il sera remplacé dans tous les cas.
+ # Mettez un mot de passe quelconque pour le super utilisateur, il ne sera pas remplacé. Pensez donc à le changer après.
# Vous pouvez maintenant redémarrer la VM et vous ssh dessus en tant que votre _user.
```
From a2209693fa2f9b83e4dc4318ca3ba6c5caf41dbd Mon Sep 17 00:00:00 2001
From: korenstin <korenstin@crans.org>
Date: Thu, 5 Dec 2024 08:52:40 +0100
Subject: [PATCH 3/7] Ajout de programmes
---
modules/crans/default.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/modules/crans/default.nix b/modules/crans/default.nix
index 0beaa9a..a7a2aeb 100644
--- a/modules/crans/default.nix
+++ b/modules/crans/default.nix
@@ -21,8 +21,11 @@
# Enable some utility programs.
programs.git.enable = true;
+ programs.htop.enable = true;
programs.neovim.enable = true;
+ programs.screen.enable = true;
programs.tmux.enable = true;
+ programs.vim.enable = true;
environment.systemPackages = with pkgs; [
shelldap
From daab00a31fa5a925c24a22c5a591fce02582d9fd Mon Sep 17 00:00:00 2001
From: korenstin <korenstin@crans.org>
Date: Thu, 5 Dec 2024 12:28:14 +0100
Subject: [PATCH 4/7] Chiffrement pour apprentix
---
.sops.yaml | 2 +-
secrets/common.yaml | 336 ++++++++++++++++++++++----------------------
2 files changed, 169 insertions(+), 169 deletions(-)
diff --git a/.sops.yaml b/.sops.yaml
index 43cc4a3..3acddc8 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,6 +1,6 @@
keys:
# Hosts keys are age keys derived from the host ssh key.
- - &apprentix age1lwk9sry7f5cum8dx202lpp23l2q8l3gaju8626p54wn7t0y2wfes8tljs8
+ - &apprentix age1y3l4j0axyltq80d5stly43h42v0wfsc9mun0qcm92qjfc8tn85hsnmadgz
- &neo age1ed9esfstrdhfl3650mv4j3mjyum70245f903ye6g0f5t2ept73nqyksh3g
- &redite age1utlywxylme0z3jenv4uz8ftcwteg9877y3zf46fu7zwjjwa05g7q88w8t0
- &thot age18rv8q7stsn2zv4gxuj4g4ktkeywkg2wngtdwza858jjme8wdvp8s9hkx00
diff --git a/secrets/common.yaml b/secrets/common.yaml
index ac18123..b933c72 100644
--- a/secrets/common.yaml
+++ b/secrets/common.yaml
@@ -1,255 +1,255 @@
-root-passwd-hash: ENC[AES256_GCM,data:15MRq3U5SwtaP2jh16eTP741q7yyGDrnwKkAHBcTSMY=,iv:1VDonUqiCfwwY3qazYJJumbK25S/Kmpb5Rrw+/pMmtA=,tag:uQSo6Clneo5MtGT1wBzLFA==,type:str]
+root-passwd-hash: ENC[AES256_GCM,data:7/7AduuEfrhmwmAn6UVkc987nyFxsmTFbSBrD8c8t14=,iv:X5SK83w1VGrXPuUrt6Lt8Uu1JQW6GUWwCB7LmZzIdUs=,tag:pUKd2fdRGkDxVqS5io6phw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- - recipient: age1lwk9sry7f5cum8dx202lpp23l2q8l3gaju8626p54wn7t0y2wfes8tljs8
+ - recipient: age1y3l4j0axyltq80d5stly43h42v0wfsc9mun0qcm92qjfc8tn85hsnmadgz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZkg2RXpjRDRPaGtEcHR4
- NlZvR05pb1cvMFBwMVFrWWtEcFVHSWU1NlUwCmxKYjNzVXdQZzJ5Z2RoZEZGWHgy
- c0JwWllxNVBDdGpBRStvSUhRQ0FJd0EKLS0tIElTOUVTUks2RFR4SkVpbkd6SS9T
- Um02aHAzODFBTi9ZeGFpVkdBZVRYNHMK6qfUB5LWLpkrmHH0Y+Fjb+GrPFRi/cL0
- TCUthN101jat+Ne4lF6cU0U5JTQXaI8RI2cEJlafFI8rRyfooIXsMw==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyYzNocXZJTUhpU2tFRmRh
+ WEEyVlRYazVtYjFFQ0xQT2krVXpNSkNwM1RvCmtlQXZDZmlhL3hQdjlhZUlwNHpa
+ UXREMHJHNTNpUHZENCtCOVpaNDdYeE0KLS0tIGlFSkFheVY0bEhsTk15bExZN0J1
+ NFB6Z2lSSmtIUXdqZHZyT1hoZ29kOWsKOhm0E9PhbvbI3eWyBlHZ42/Pvur5leJ8
+ Pn4Pg9LYLKNotAjDYwA9lEPlp2pJiTKepGOyRgSIph49nYG1cfl5eg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ed9esfstrdhfl3650mv4j3mjyum70245f903ye6g0f5t2ept73nqyksh3g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUHprWFBFNERlQ0NUVUhw
- Vk85OXgvYXpmMHlqN3lMM0ZIVUp1b3BYMEJvCnMxZTJad0Y0QjNRaFJuZUdvQUdI
- dzVySHh4MmRDNHltQ0xveWQ2NjN6ekkKLS0tIGl4Y2tPM0RTY1drWUF0OUtCV2Nz
- ZkV6TE9LQnMwVVZjeDllZVh2N0s1WkEKQDkFzSVjiUg1Uawt0WgS0zuLpIrpwD5A
- x4mq/dhAtmifTO3pxTG2oMsVtHTjvqfxKj3VR1BNXmI7GXhZaV6CXg==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxejNGS0NUdmVGTXZYditw
+ QmdubDZmOEVvSmVwVytOZDNXOFhISG5PbFJrCnNPWmdoTjViSWVZQ0tuRlY3Vi9X
+ ZmhzL0c1ZUtyczdOb1RYU3lwbk9vT3MKLS0tIFhCR3pqSFpZNVRsOXhGWFhGNzI4
+ TStMU0xYbzdxR3JQUmdIVXk4T3pRVm8KPqy8m4GNd7g1TAwRFwNVw5N3WcXDKx3g
+ 6s/w/5HPTmWhsH4joPbCj9L10nZAU54Qe+ZY7weMVxXXgWLNUWOm8g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1utlywxylme0z3jenv4uz8ftcwteg9877y3zf46fu7zwjjwa05g7q88w8t0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVUluSnpSWE5JekVVc2xK
- OHNEMUxWa1luMXdocENpa05kcXZGR3kvdGtFCnJ4VFZIalAyRFNNUS9UZEFpcUVx
- TEdxYVZlaUV4Unl4am0wYXhVd1lVY3cKLS0tIHRoT2M4bkQxTU9NU09IZFRpYWQv
- M0tZRHpoNjZ6bHFhQmlQb09qRFRDaUEKR2UTU9sLM9xRpDavtXYmgKpxZqKTJ0F9
- mT618l6CG8ebZLN24O3cnuXrnlIubz1q10jUHVMjImEdE26UWXZxcQ==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZGNaS0xGdndzWGk2NFJI
+ Yk1zdk9oV2NSbTdqUHJzMkdjeUFacEdGK0NVCnVuY0ZpREJzelJPSGt0dGhHVVJX
+ S1d5SElTanAxanRiZTBta2JCNHJxMzgKLS0tIGdoQnZ5WkNqYkQ4YTF0eWhZY0g4
+ NUhkNHA0eXJobUpFWmVXWlJFeTczZkEKG+rObffEUxnC7QBr79Y4z1rxH6Xd6Zq9
+ b/k7FeqPm15feI7qYUfByrZJvkO34mjDYbigIzIULZ7CnnvNbCN8YQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age18rv8q7stsn2zv4gxuj4g4ktkeywkg2wngtdwza858jjme8wdvp8s9hkx00
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYm9pM21HZElDY1JCQmU4
- Vjh4OVdEWmJDN0pnSmFyYTBBSURTY0hHQ0JRCnJBM29INlAxMnRQTW1Bdk5UcS8x
- ckUxdHl4b0M0cTlxbFNLdm02YWxQN28KLS0tIDd2Y1M3SjBPaGRvOGdoZURJZ095
- WElHM0NCNUVtcUYzb1d6ZDh1aXMxMVkKTaih7/wUafmSIIQLEUN2xpJX5uEQQVw0
- ehB6gPs8NSihi9iboen7AcgNsT65Sfh0673nK0ckuchn5G4SY95N9Q==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOT21IdGFEUXlVKytkblZX
+ cVVhaXlKOFJyOFIvS2lIbzJYcVBHQjdpRGpJCnM5bmc3azZNQ0t6OXBMMHZvdkNF
+ Ny9CRU0zWkozTFJqTHY3ajFuWkRtUmcKLS0tIGVWVHBXNVg2ZGFKaWVDcDZaQlNU
+ cFBzaEVoUDRpNGNseHZzMUxUNGJRT1UKshSr1mxzr0cHKRwA8Nmyj02TOrbbdOM8
+ XFjeo/g6nQEC/mpC0E0DZwZNkdaq2OWY5e9kNRn/HlYBbQb9wRzDHQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zlpu6qum5xcl07hnsndp78tllqph5jz7q8fr5ntxr88202xq9u9s9r2y7x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVUNTa0pPRmp1bk1VYjF4
- aEdwUFU2MGJkWEJ0MVFTNko3RlNTdnFSWG1nCk5aMEJUVHJGM1RUT3VsQ3ozaTln
- elBhNm9jM1ZBbTNoVHFmWXdEVzVBNkEKLS0tIFBpeUE3blJ2Y3h6MXRSTm1YWEVq
- ME9XaEh2ZGgrVXJ1SVFhVWcvbG9TWnMKfx9IaqduI5MLGahbA0kpwRc88lm6/zhR
- E5XztcQZqzHpBq4zdMhBvj05Qgd0ddYsNhgnQ+ResVWKag+U/ZPKhQ==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4V2tOY0l6dSs3bEIyOWlC
+ ZkdxcEYrSVZWdEg2QlAvYXFxNDIxUzlKMWhvCjNtTGluV0Vhc2h2amwwUkdNd29B
+ Zk9wVnhwNG14N3Z3aEhnOWVoWTJTWHcKLS0tIDRjdlR2MmQ2U2FFTjFGbWpzOTVX
+ WnpsOFgwZ01jYjNBbXFvL3c4T2F0cmsK07tekO8aEc6LVNnNe8Uo59m5es4vr2X3
+ dH/YwqMW55+YyN6AkfzQd+7+VqlkE6YTXfbON6jSwOAhAKjapRC38g==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-12-07T17:36:06Z"
- mac: ENC[AES256_GCM,data:5csPw1E1NPnSNexMm9qhmokR0vEF+/ZYkgiN0mVH31usEpmLtdnqveGYmmUrtKhNHu4sSGr/OYdNGAAY6Gc3X8l14K7TyCppqgUSHz1SyJnff5tgftmSlKhHB5UUF+FhJ1uIrCx9Kvh+2Zhx4BcxHXHSJbr9RlzI9H8jqTcSCr4=,iv:erEX1MtvIrPvNMyJhJ6um5yrar5wzrrf1kLVi9Y8knU=,tag:j9XmrqT7oO+mINg3CeMS8w==,type:str]
+ lastmodified: "2024-12-07T17:37:07Z"
+ mac: ENC[AES256_GCM,data:D27C0Ymorhf35u82yZnAKhYe+7RJe30AxzfBWxeFd+ppN2UkLNHDAyAFdoNn+P658vUDrS+c7nvAyAoBjXKJBjbifJQw7fdHBjih2tqs+ODkP5Ln9tCnnR6JTlDYv4uik3RvtA6VXuNcO3vikJyrfU98rbV2V4h0/728Ys3TKZc=,iv:6k0gEL/PucUrEIJPKIpm9dL8sm3mmkzEGf7D+d6TJzw=,tag:rdBWjatmuA5jzabHXFTSXA==,type:str]
pgp:
- - created_at: "2024-12-07T17:35:52Z"
+ - created_at: "2024-12-07T17:36:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4DtMjybqIQmUESAQdA2lf1r3C/aKSR6HyxDT7i/X3TEcY4mzCtySmijCS/ezww
- K5N3PUAzNdbTLejXrSp4kNsWnpCW4YQDRTkFWvlhfAZ/h60ge10SxlHIjfsDvued
- 0l4B1bSqIpgNUXsLZD3HiXW/npVaFHO5AO/AS3YbTNeh4dNEgdOO5wVCROUI5yHM
- SQ6Bm7A9l7vuvmnMNUQzIy4jfou65VdY58c0IfXmz3w4irlfXt+QWHpRPrPftWcK
- =Z3kP
+ hF4DtMjybqIQmUESAQdA2msgdai5xT2XAga4nnhvEbu4BucrmyeL5EMf6cJa0gsw
+ 7+B1Mb/Z2fBhLV1uiSJIGyNU4pphzu45Difb9LFTJAtLWGgyIUcVPWZjW6ssgcuv
+ 0l4B8pAmvGrdAZYVzUrQDOiiE0QiMWetF4lROM0w7TcpV5qToTWnRFO32ZtDUW/V
+ vL6KfyacFKSQ+hD2xS3Wqi75hOzkLrBWE8EK/hxZwdurnV08MGWrNTj0wXrR0OFq
+ =hA6G
-----END PGP MESSAGE-----
fp: 0x40CB48A443B03B5DBA484D279A130774C458F4D4
- - created_at: "2024-12-07T17:35:52Z"
+ - created_at: "2024-12-07T17:36:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA8m7r5bNaN8eAQ//doRSzSmAjRe/Jdu0BYhqidaz4AneDtV5g2LQAWlNK1EO
- iftzUoysSue1MTkcDcKBfpgDwlyuUERjq0QH7J8JfMY75mIH7Yb4TjA5+GtfYGBn
- 6obatVdQjeZoSVuPuAhLGJdu9WgWOgwfNhLbdkToGTw1L1Z+ycgdOhtsOVnoBijU
- v5saPHrWOBPgvlr8ki587jTssAEYi7VHhjqBRXyCy04mtkw0C2VDozuYFL+ZErUb
- wMOS5zx8TCH/YrVIw55mkGjpzCJM9SiaQ8Fy7MIpPJjy42bJ28IErADxZ5PiGFDK
- A3Gpmgkt1ZsA307erTr0VLclswF1DDW9lhbLHBOy3Bt0HqurB7EYLCOOkRz0dy8z
- exwF/rMEyBs4bttNbo3xwhhlRhFEl2B3pxa/GWLbs1Ab7Du/cSiJjCIDQW4kaNHu
- nhpb5oGlSDakjUwaMZ5aAKl/Pu7aQJau7ftWYj5spQ+75WS8cdorvwVe6SciAJXC
- +9vrj4Baza/hm8pp7YyML26rmGElWFExfkzEU2VOPOl4FG+K0qJ+HDvQVUO0eY9U
- uQQNDWTwJJhF47sV1We1MFV81TLIBJOiYa4PzWQmCYh6NugtB1w7e3bdLRqanqck
- wB6neOt/l0pLL4uISHa8LnJSFVP4ildldkmhwkfUKPeGeIr3R/U/c0pvcNGv6LDS
- XgHaiy9I1yyJTKfUcbiRndBQCPhEud9AUmnqJ1MgG3ZxydN4l1JktB8qV7XxEtRp
- k+U5wlwegl2y349OD+haZfNGYxCWz77Q3uw2NY2m/p9rJbxTBQNVghv4SYA+shw=
- =/LyR
+ hQIMA8m7r5bNaN8eAQ/+OY6RAm3Z9QHDlR6YiS02VPz9NpNrTrysFvhSR9SOFpVR
+ k4dAY8/9wKm2nrOb2mo0xm6vG+0dAfNgS8gLl44LMobKmx5C+A7ybOpODffV7pnO
+ bIJZFc+UKQ7eGM9m5aFDNQ8dGx71RMQqNEy/Q3H7HFZngJFRKNtg/QxLs8VIYlp7
+ 9lYDg46TNKTWBZxN3Fzy5B8nUePReDnEaEBpF7+gCeOdq5/4VYMzllcL9UIPq9Do
+ H3471ulfVGItiYMgDyLKgUBpjbJn4+cG/f5DdJvoVuT2lOO05nnCu9AyCglSbkUR
+ B5dQDwONNL0/USo6bkuWiza9JQKSASN93h5JIw5e/5zjk4ZCG2ajX1DpaXL6bB+s
+ nse60rdKKB9jFqBhXFszHYJww4DOFVX374gCXp71Rr+Bx2fO/DGY1Z1mMz302Zbt
+ qNebLRKwzk6UsoNag7ab0/MWMZPCIKtf/Xcq2PUkEFOL9IIA4LixkV2puNJ4C1Wy
+ b8Q0uCm65dj9rzjKeX9H98SWEGStgo5gQhf8QHl9yyxj6oCZGUcIeBmTZCrVgAOw
+ 0I8vj7B6Lilj5pJBOD+9eEWUySRfF9kkVsgfVoXl4FnGWO8XytU7lwuh00kNmH79
+ Ua0gsXaUPb9KC2YzvmqbUtI+kanRM3Zthhho8D2R498dCh8NDPZl5DqTLUX9KB/S
+ XgGZ44Xm50sE+JVqzrZ5uA995FboS1+TgUpOwb4wuMRVmc5ExgorNDiLiDNmXOAl
+ rYBCV6/HYTTzwQD4eGVXdRjsUs4G3ObYz7/NIySDE3pTQxK23ZhAVPXcfH51Qx0=
+ =LNYN
-----END PGP MESSAGE-----
fp: 0x9487E782E043EC0D9E0F6C27D46D7E3364433208
- - created_at: "2024-12-07T17:35:52Z"
+ - created_at: "2024-12-07T17:36:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA9A+dmzvmzOLARAAtfcIxOQ+tcDjG37sSFg/CpHjX7U0x18UlgkuWXd+KyqC
- WCrT3QhfcK5gGvZ8JeU8y/4OkmToyBmZ6EfUAkcY50FhHzqdv+1j/rUsXPuN/tD+
- EkcyW+KeObcZgbL77ieB/a3FYm88daNODyMEalk2By6dETx6A/+Hgij3EgisEN5k
- mAzE1hQGvKTTUKDGtYfwCCwdd5zBxkjCB+E2ZMZxUiC19l4kaOp+B5yXe+l5Ok8h
- cp0yQ8TFYwCeLGgqLVlJ4UNKT4w4vobKicuyUVlzn7ysmalPvqQ+ClENSSqj+FQp
- hX9Cimb4McfrKnC+N9tVl1A7xE5MtsSIlnXnb0L9v8oqI4BM6YSYCJGPQWA5/vOV
- T0dm05Tk4jxvQFWGBGh496AqUxhUSSkjh1BVsOI6VKEtHufT9pqa7GdAmD5blnW8
- 2zdEBuzW05Rgggh0KnF4cQIEmpm224H0hek4l/qUQuZZtYPxs4Rcv8/EunQD356s
- FJSdDT3OBZGA9VYZO7/u0hAqfdYYPPLq2TSMUlqya9bKbJH4Y8XGuw1+0KQEMF1m
- BCOQ/NJosAgsAppEGfbQm4NBQdSwxQEO2g1jPJq1+YD3lqcaMRuTkazqTZZqgFg3
- DkJ2E8yHGW/w2ta1UYj06b5pk3R22nP56B4XJZDlYViirhcuQekPqN3Z8xnfo9HS
- XgE17SPAiCB8cvGn0pZNzkAlsDpbuoVHElqMB6H7bKDfTylgBc3gTiIPqKilNjT6
- 2tAkyPubYkqMfjALPLkzMpIHOGLwv/smId7q/zrwjOpFFg0EcyoggD00CXRv9BM=
- =llXn
+ hQIMA9A+dmzvmzOLAQ/9HRna/80D8+Uvh2WtsTXKAJUo4/tEwQONPm6ZGtel6BF4
+ 4oWxXcxW2VN7CaXmUDVP9Bp7Y/RuEpGeB/SxmKtdnOr6sxofMqqNJXlsbTBGissP
+ NuKJ8ERORhay/aY+eUo9BIYLO1Bisu75HRn4bHPTQSfYL4ZMN/Y5vunQdpecsHf/
+ ws6dBzoA4z2m+RtAhA9HxqzDtFLyMvgaD14Gimnw7kP20yL8gUyb/HliwJ4YqhGO
+ 8x43AKAt5M8pMmn6y1ADKKT4pXVLe+UNtXAoo88fl9CTjyPN3oyMLqADdAA+lEGj
+ 2+7BLxuIhSn0ANKADOQNTOfZVqcd+53/WkpVUc/sS10IDWnK9hcPSHqMZnyOmuif
+ WFdI5OTKKaEV7Fid6/z5dN11LZDpUXZ3AUFBDMdWsNX7PeLC3YXKyBL5NQ+BcYr8
+ L9YhbOWv3yWWtjltacB7wT1SApKs5F/H2QgGgEqbuJXUM+A2DjjnmiGuEZLxbIwq
+ J2PSrYQVzUdKcqY7KC8l6QJNZtMhnrehhZelmWPdOftsEAGvUhBSz1Z33H52R8KA
+ wctkFeD4W5ojlj3Vu1/y4JOsdGXK+5HvHHarvnLk0fU2HEjz9ZlRosw9iFPoNxAO
+ /31zt0Ndsmi10EWbMSJl9tek1qVSbbf3C+szCo+I3gVOMNXTClpfvGwyhVL2w8rS
+ XgEGXkUZFskXtjuR2fCuQJq9tyiTMAfidhixLgYXaZWEXRpbpznCvoaMONL2Pw+t
+ NUw8YfZu/Gn8SMK+DGZv2uA+EBPIIBmxX1pWqMpSoZFqljY2Z+h+WWtiHppm9dc=
+ =xqAR
-----END PGP MESSAGE-----
fp: 0xBC354C0D5CC674D11D3EF7AC2BD76BB280787FB9
- - created_at: "2024-12-07T17:35:52Z"
+ - created_at: "2024-12-07T17:36:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4DRBWo2b0h4f4SAQdAD7MycQg05dYdUTgU2anx3NXT42qwbKSF7Y0Ma4M5ixMw
- dzrPQjPOke3P20eSprZgYu63m5Vd1YqUi+Fr0GGk8RzWNtn4jJHit9IiSqoCKxv2
- 0l4Bayoa3awQdcP1rvJSeItYK6IhMjKE0X0AbktEWbG0iMR9qDT4ltJKlg+Rjycx
- O8pJXPfirljISiFMZPqMUCGH7z9KE3+UdJpM2PRU9M86X7cs73sxUTpeItMXt7oz
- =jfT3
+ hF4DRBWo2b0h4f4SAQdAAb0ghvdz3cxYFC0ad7l+nim9fSR35bLl7ZKMKkik8jow
+ mBpPv63L68zr4cvtPgbJfCcekgTPhQFSf8+4VrhYxrw4g+pGGyAi2P2eW4Lt3btw
+ 0l4BFzsf+E7YJ3NPLSFsBABrrW49m+00n0jNorbNeDgcmuB3nlq+7Sw3ndLICxfz
+ UmMGYr+dyEvYmPwIs0Ly/VovpZdNirI8u9H3wIQ19aUAZRdhQoQ0Ewjs9pxhkFXy
+ =/ivD
-----END PGP MESSAGE-----
fp: 0x572D19D312825B1A504C9003531DDDB6EB559FBA
- - created_at: "2024-12-07T17:35:52Z"
+ - created_at: "2024-12-07T17:36:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA2iXGbkufjklAQ//eU803TjvwfYtdSndiS0XsY3ONOndh/7C//mPz1kJtftH
- r7ohrXahBTQnnKDbzOfJYcjpIlI9L40TA0kkYbktu30dO3Nn3ANr40j1zT74i3no
- MOPE6IgU4ZA6jzZQ8fMIQErXbD1E7f5xkbmVDZ++xBOfapIdleLnlRRjTRqCZqSQ
- L6v5aBviFyGvTBknTac7kitPa3ZYo5zJa7qfDvlEIgl3tQWQfzubDpeMAf22Y3eo
- fYdXLFfK0fJ1phvU5QvoJjmUFTCi25m5uaReqtQAveghuvY4C3IDFRXkAMEU41u5
- idjqYQf+dGlguww8UrwjSvsqUjWS7fkw9I6OwuSBoFnf5QxhbmgFPVm4BD5g6uBI
- qlPJ4RV4TUhtDBAQYM5HRt1qJeQjSV/VpjOyVeZHTppSdPKtCSnnv0tZzmK+hTq0
- mFKtIsPrepfloQNJi1BR/yrZ+AyZpE+JVF9fl+nwhCRgaumA0WIqZKmX2DF7UHmu
- BlW97LesEVP6EntveHnoff+fAU4uxneK1iC9J/zWSjtLtEXI7P5fGDLv/pzTT5Wv
- 3aJVloGyKXLdLP+MHObbu2fr5cPQDkFoCPFacdY9d4LIpB/Xn4b71qMx6HnlWcmt
- CZpAhp+Mm7gmG8sdTJjUaW7weCsk6GHox+DXTxg0e/1CTIDxwPt57Gm6a9aQOaHU
- aAEJAhAiSBUvoX1BMmT4rQMhYDSmGBLsGIoMll1T0eg/xnSP411KWoj+yk0OWsgk
- Po2i23YdMzGL1cC8EClr8F7cdkdgDGT+HraYL29tvArh0kghWbtg4i5hFzTJKjwA
- sZziNeNWImB1
- =DlE1
+ hQIMA2iXGbkufjklAQ//Q5QxxFpdzA/VmHGfTmAYnp6Iy+fkeQDYKhKWbvrozpql
+ +e/nCsn/yZr4JRqhGsV7Rfct0pcldmsvwT7Rk3gItO99I9/FDE5AYgxs2UDRX4sa
+ UGqtvLC5EUVlZXnpOfmSSB2IE/u8s6kLeuKOnfKzmC+eCkkopWWOAMpkrXJQUXPu
+ hKV7x80MF7Z4yQxNGywHMMpPdIwl3WlYVkF3MZm/GqfIla80fioaet/VNNPkmzC1
+ JiowuuJWfupF4qEYJPoUBCdn6c3gOMJQ/jmXYjEaIekKOsCuVq2rVnjfUn4VcWxG
+ nuB7eHUHX4+mHvQeMNk6mpDWcG+BBTlt1TGUH8Pa++LmntbbzXnKhc4wtlWPWXYb
+ Yp60krOu/4DXwgmo2U1EBd0/GrxMHf5kqDwhAKLTkKLohv9zScN3oI60E3BAMC+Z
+ K3pABKZus9mYgFRWo09fQCBND85hOwqQnsfw2Jvg8vf4M4pWUV9aeNZo7IwjgJVO
+ UlfchpmrUPKOo6MAbLCY/nhWY8AuRH6mZ/zc7iIOpdZvdR3S3YDyxsX5vxM8d0nV
+ 7eoxPNAwG34nE0kOwgeTrjwle8cad/ih4jq7ByVyZQDvTGbZRWjQoTtt8AclOgQC
+ UVb1ByDtVwfptcDCic0yeg5lkHkPNNDpfCd906lcTyeF+Q8gKXAuORMOCt4JoIfU
+ aAEJAhCJ6hCJc8YHQP2Dpnd/ZgFwa4A7KZCmrQcVzC5dKiDbDg3WbbaTCjChoAfI
+ l08mRCGonClDkglCI025wmFU2HdSJiw+7VvpB0Xhfnag45tNMa7DOR5GscWfizAl
+ CDmT6Wmt8kkv
+ =snPs
-----END PGP MESSAGE-----
fp: 0x270A71E7908CA9D9252000B01EFEFDF3F7B80B01
- - created_at: "2024-12-07T17:35:52Z"
+ - created_at: "2024-12-07T17:36:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA4Uty74yOFxLARAAkhc4p8XQ1SCVzJlIhFTR8TWfWI30gyigvUsJIoxAM9h+
- WfpX9tBs6Gr/XCSu1W472hw84/Jo4p+SlJ8OR0oXy0oIZ2bbTFz8oTHmQOMQu729
- Qz+GiLQfPFJCAfMSfaWELB42supp8azy81BcE/Xwkndba8mUcKX3ulXiKCy/EeIW
- T+rkDtJ7G+fVa8RmiNW6QJVSx7krVAwxkd8Rcl620J8ZQNPJj4ArcFjlYw2UG5h9
- RUiw7JOkjRt2cxdq7N6UWLE9OyukIsIF8IQ9PjEu7suDKPK/0eg9eyLdf2mfAyCc
- sTUNNa3v/E8nVkffss/Os5ZmsvtmnK1NXwGMprddUJOttE6sw614WDwZphPgZANY
- Cra7RWxXQ5j64XYNb30P8k7Ijn2DDJ/kwTRXIELVU9MDD/09I/vVs5gFCunOF419
- rgZQ7TFGf4RLA35afjn0SJlS1y0Rxqdl5b0PVmKv0u+5X3YePbUA7DtwWDBdupOc
- AQJQ1ikNK3CBTU1VhDdRga/+BuesiFY57TVx3y9X5cSPuNU64woA0F3fZUXLwf1j
- zdWJVK4jJpPmsM74lwEc6yT5ZZAmszLaeypMMCJzrEAReHyYlFEO3FH5ytgBhSij
- Zp/RE+3bYaNlHHquEC/gN3p3iRSDwc7U9vgG5beg04ZQ3Z+UI0HznCT7Kc+rDkLS
- XgF8va29EunwcuNE+TPLBRW/EsYUcUwtwiav3ngNYAo1I/K903aXONP5xrxjDsu+
- n7nckM4wrzWp1PYpzbaekkJhIHWeHhuyO7I439JVvVAu1qZOe/TkmGMKy7S9EN4=
- =OXcW
+ hQIMA4Uty74yOFxLARAAyQNkJUZ4zA7TJFQOs/Ivrz5RiAkY66wmJ2IXpCnrEqe8
+ fKiKdRIdrVpg9rznmSQ+/uRm8DwQxX+L7RJr6sXlR+hSFCy79zzLs2F9aJ8t+X97
+ /JYYJKVcTQSfyH1whZ4yLtSj+sJBAe9dA5qTrz/T0x8Q2fVyBYWI/PYJ6/sB9X+1
+ ZETKuOdXvvtElgJyhmF0zaaIJmTB0W6JDowsBH8FqwG6n8Cq4KEwFWAwaRi1rZ3p
+ lhE5hivBr4F3CL+BJELFqRF55VxWTSNPJkXq1WL89jy5yJ2utRgFMocN8AAQ+RgY
+ I9sepoaC1YU+2kg7q3kKQ+y6DPqpnjDdWrY9Omqlftt4dCHPZZy7w53NcwAJLSxK
+ ocVwHNYtThpi9DbpCBYQhX+V6Y8bq9FqoQHFkkiIWF+xVyjojrQXbMBqdmkJzC8Z
+ VeZYkbyH5rNGOPluzOQfKHNT6molOY/eK88IWA+omEQPvmszpdSsX6Kr0v961p85
+ p+7ZphPfoRV4qrxhqjhnOyeRe66LTbBFl0E/VUzvre/tN5l1AAAnOTvHapLzJMje
+ YAInBFwXJm5viDmCIiX556UZLkdIagYmghzLvw/PKBH9uATitlDi6ustMnIPnvks
+ PS6xPC76BVG6yU0W5NQjGqm+4QTfwyaBq8Z9V/Pkr37grh+/zg9NJD8OK3+41UzS
+ XgG+zf4iBmwXPvjT2xFUAirYn/vdGS5c7YwUhqlB4tlWeyRPQqs7tLhUZwnlik/J
+ pnKP589XMAJG49NRHNO8WIuRF451//4vTF5q/kJ+4GVbH2RHWuYN2V4xvmeg/KU=
+ =VXai
-----END PGP MESSAGE-----
fp: 0xA534E46682DD8C35377352C88DD28608BE411065
- - created_at: "2024-12-07T17:35:52Z"
+ - created_at: "2024-12-07T17:36:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4DIBqTX2T418ESAQdAuDzW715IL8uhQYwFm8ZYbZtkj1ccicru/08NyefQgEUw
- IeZRK3NcyuevbOUIAXAg512HBFMtwruXkBhXZPevjb2h4yiy3ssdvRK31vYAMQht
- 1GgBCQIQYaONJhKUiG3vFXvb4fM7xZlfVE5iZyS0B1yyWU51sZzHVOq9X/pTHKc7
- WoGc5PXdWC9vV0Pu/Q5thzON9OEoEWwa9E/IzYNjIWobuLbSQe9Vo5agRaCwyZAx
- P/X8NRPa3eehRA==
- =ftEX
+ hF4DIBqTX2T418ESAQdA+mp0iY55CP3o0oJ6RK9xYCdqBva/4RO8Br6hSE9WHw8w
+ xrb5IEITYbuLFgyst0fMuC6TyAmsKqOTT02tuFwoFPmkIQ+Ggap2UTOrWUmNHNWo
+ 1GgBCQIQ5qq9Z+Zm7RdtQTP5dwv+ZI+Cs7VwwbqvNDwg3PjgYD+JCZTochOn803k
+ S7hd0KOR/O+cYpqyglu/Qh+wvf1qsDqCSgcKcVmgGC2X+AuZv6fkFgsiSuoWMHfe
+ t2TZQWEOjdvxEg==
+ =xp70
-----END PGP MESSAGE-----
fp: 0xFF7D1156D33F4060A4B15BFBD6CDAB8050CBBE7D
- - created_at: "2024-12-07T17:35:52Z"
+ - created_at: "2024-12-07T17:36:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQEMA7auZh4eKOkIAQgAiHGVv1qir4QsgLzOpe1dXCIBm/WajASlakzGoQICd85e
- Nmzebu5nfuoCPKhq44sUUpNrk9iuOo9zBBFnWrLPSv9UkW5fOmN0nQNkicVmgefN
- xHgoR9xWciDJqWua4epGC9OenSc5pVbtqUpXRTbztKerFn21q2DvSZroJBdny5Uq
- MaSYnh9FqaZS+ZVjqHtdTZ5D8Iu+tz076SyLd0ZiwKGMHe8cZTioRZ7rbv2k5V+U
- 1DjXfhh5vQNuKSgsTeNGj+dET59s0CzMhZFuIw8+LHWw0Z4PPlJIs8C5diRhb09F
- wd3mnaABv3coT1rKib707vt5GkwTdm0L8hoENZC0H9JeAUCH5JZbNVw4sikneb67
- 8h2sgbulHlalVxWEWoXdN+m62Vj6FOM9b1RKFlMXYFmPxK79DqORuhj57MFUz6AV
- T5lpJBU1AKwzjoPElZfYiybPVuRsTKDzPGUvS1JEdQ==
- =yt+V
+ hQEMA7auZh4eKOkIAQf7B9rJ1OoTg/nykZBFjKqSXVwdY/20KiqIWoBjn1WPF5sX
+ sLxJBYXGmCGNfLR383AI2g6KJXNvhOKUjVfWJCkrlzvXOcyCmGwvlBgCVcAoX7ha
+ DjT1wafjl6zpa/Lz2EZDrpabtCblfBpIS4pB3VRS7d2Cwv93CsthrWrXxyWGZhM3
+ G8sK2EFxYDDGo/fB/MzTz8TS8y7TS7hRLSG3xEJD+nCMb2zAv5TFuBhH7ltqYBcc
+ 7j1D7SrVS4eAw2Q1YkiBnG6u2tiEgElW01GCl7dRKQTbCmfpvmtfrg6WvrB686Tc
+ OSRGdAXiO8HHnTcKaWpX/uUTxlRkg/B0gIECwuprrdJeAVHkx7//EpusCU78L4CI
+ 9VkRSU+1veQrc6VAgD4E3mprfs68gzR6mfBf53gVnXXt2w0ps9n27Y3/+EbxIk6i
+ pzdX3CVZT0hyfQYv9B+aKMW/dI1bNaEiXONVzsxZ7A==
+ =PVq3
-----END PGP MESSAGE-----
fp: 0x49BA444CDC680527B4835F7C3C1AC435CD1F217B
- - created_at: "2024-12-07T17:35:52Z"
+ - created_at: "2024-12-07T17:36:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA11f9zoCBF1cARAAgKei0Yp+sLJQcRCUHVteJA6/kOqjC4xtj8nSj+sBJJ4V
- NWc5NUeam6UbkbfM7c0owPSV96NGSJm3AHBnd8lyTaDUWkVGVOHnRbM8uZLZp2/O
- 7+fxcuI/pkWnO/lFJTLKbiHNDNzsILgWdmKQGU2NwxejNsImJsQWltwp5xQnvEkT
- Td9SEvrnWq8k1YUIdCD5PvcMteD2hPzjW89dXNgQhGRcrtHJdUYv3yw55ypcUJAb
- wrEsGd1LF5o0vfHXu4vM/W83oyYoaUpG5YrcLBzFUGmE3ZQXrus6J8UofrD4tVb7
- bBvip6nhAnPaOVvCyIeiviopHWRRrulEKSJ+BXz/U6m+7QSzIc34yTQaiJOM50J/
- F4KJ7s0IJBikdAMUdoB0EAxJn/CCEuL6U87toot1o6/+7Xjho/dgXcbcKsL4/GJO
- o70umZpdtu3/JB8Ue4c0X00KPwDo5G4HUYjyqO2vKToJRtLPrgHbpie/TVXEXWlX
- pKP9AUiXjlUP+yzmxgKXKx4ksiO+PvG08GstteoTxh56onseNv64p8z9EkcG9fw8
- C2KUEiZV3cwbwKpJjx357WOCLsMj0tFqVJuO2WPJOrIrbRCiJjaooX8JrgYAGlJV
- A2Xidn4kWcliQOX2JzkykjuHMSWCOBuCAqlF9VijW3FWx3OtTzSvNpB0cCBnLR7S
- XgFRrB2Bckge2q1I8MBw5UeG3Gu/Upgeq80ycNc8Wmp2BrCFtIZKenM7usHb7eIv
- EmwbDRCJjKM+fb8Af9YBNmDHcOK5Rcp0YnHTLBIuakvtRu8105qFJUwtA/Jp+Jg=
- =lvXh
+ hQIMA11f9zoCBF1cAQ/8DGGOwf/htYHZup1pzf8Gt0O/MZBDX89nYqALwJWMBKg0
+ W9bwwpVNwuhQQGaq7yU11ccLms9J8mUEMxiGJI0817cK27Zn3Rh3sslxryDZ53wK
+ eH5OtRYAUC+Q6IWHc8xhuVYdBzMKKFeQadgdBo1hs7exy/FgevQSVaxb5xy/jKCs
+ bGYTe3O5hnQlpRlQmMmsidXqpxPhlmmGd+FRJpqUrW/O6amuwU/2CfONSu5COx+z
+ bfPP09EnXH4h9ZET6GtrIt/hXJyzUDhQLiMZ2rCgFT46RyOX/PEr9tg8ycbjMGXE
+ 5F5Cc0nWNqXnB4q67ox5FpTgo4ChuA7fodPuhyH9T/2YVGOBhiPohfrkuxHQ3f69
+ NOq0jO/mCZS3LyiZ4yIt0shdkIQZrHhq5wy7KZl/TjLsxUpg6QtG3g2MswbD7nUv
+ NfnA7146o4FsMW5ML/Cef/YmZdlRbHnAfUbs7+g2Gv4Bet/42EeTcEJhGhWfUWiS
+ T7F6HqoqiLYicrFv64YBN4m4tuV16CUpy9+ZJY8Vtrfv5008y1pMTf+tfSQz6NOF
+ 7IRlAFeOp1cDIaD7iKeyWI1iJbv+V/X0/WbaL4Lh3DuDu+APVJW8suYtn2cEe7Ay
+ XzoLojXv+Uk0qV9y2XPRRMmQi/a1t/5Guymz5Odz9MZKtiBlMA5UMz4ruPcPIszS
+ XgGXH0cv2m6T+lwdlVyCIqt324dMqc2nw2wLPsOdJ24sNpXwrHxjh3yg43w0edv/
+ jzlkx71DhbKsbjrQyRGRC44oFkTcHBzrlG33g1px+YGldtUaHZGcQExOlZKRvsw=
+ =P4ll
-----END PGP MESSAGE-----
fp: 0x9AE04D986400E3B67528F4930D442664194974E2
- - created_at: "2024-12-07T17:35:52Z"
+ - created_at: "2024-12-07T17:36:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQIMA/HTIsSK0VBlARAAu5i549BUzl0otwaIbYi8kRtpLGAPSF0IZ1g+z6gF9W+l
- 7ABiDs9T+NsR0/M1h0O5p+/V3dlYYt+IylW3G3J0/ajkCMjnE0X/qPuduxQ9i/0q
- EPaXm+taYaVJQHVTI1C4AhAE6Lft6IkBSNKvw4xNLZVInuEIcXfO1Tf1IFtw4L//
- yut0g9GDmkEECev6TqB7rUXtC3Byv08C51wEee2LzA7HNT8zgbkM0zo8+7EpwJf2
- TGoIIUh+KuoMwPpCivqB9F/RDSy7LVOQ42PLlnxUK2J+7V/p266QKZ+b4eYcSujm
- zNbyjOoiPycWvzzBu5aDX2mstX31sFNjJDrl/75Z8W5Nr4GWZLbIUa9fSIx09pzI
- 0M6QJenpwSEcd2Glr08K86qtucsTZuKWvSSTRRgZsZ/gZ2GlMByH2/Rz8HcdY1LE
- 35mxS2LOuhYXgx7jtO4NT5xbHgzOZgYvbMZmsLSSGDclkc8IQKe3EHPBK1b9kadK
- q+W1PuigiDIV4kwYv1PfJj0ExSgLe3STDj47p8CiDnbYURlzlNeAHztgV1/h4AiL
- b1bS/MfBitlIxbDcCyGwa7u+/q6oRFjT39f99S8glxZY2el3pNNz/wOg9TrRAtzL
- AXAib7wwuZIoaZbgIZSY0zyTBXSii2KfBSuz6SpQ2vtGMTV5Qelu+g941uDsj8TS
- XgGqCrg19xDAA2HWxdglhl2ST92tyGgntImS0Vgf2liaIkkdikxaXnbEsWuqL88e
- +yRdlsbReTAQZuiazzUesv8uCVqcJyU32mC5kX1U02dls3fjnPIdwgFbCVc+Vc4=
- =n5vj
+ hQIMA/HTIsSK0VBlAQ//ep9FOEokS5/i86xOsWIekOPYvi3UN6baZE9IoRlE49w2
+ 6O8kAoxLNqjxep7Y75a6S6qkIyCb3uSf2bf7Wc8WQgHSWVZY017G7O1i98wdbEi8
+ qry9ygekcJIPjTuHxE7RadNoABdUi7mfeS6Kv3qEyCbCpO9ZVweqCQ4KzLu3PWiE
+ TReHT5+ZeWUvZUjpB7ZzKchvh/34vYF28/8gTJZw11Lv9ehIF6tN/vQA5kNL9v9l
+ MWI2z6DusNOWI4gfIWajFwkLg8/7GmgQ+ThFET4RzulVA9ul7kmcVDSoMpSOJ/HW
+ CTYXdJZyNzwg70qbLMOMglfJTY7Fc2a0+ReN/M42bQdW/M5P7Hqay9DNagb7IqNy
+ E782iVdhS0gNsV2zFWlbhs6OLbOvYkqWduM5JII0P/eJEaSeChEtzwJQ5xzK+U9b
+ 15O/VSXgeWjmpxTS6gZLGBuSEsVbOfcbfCxECMl88pbkpy3Fz49o8OEiJ6/8Xtr7
+ Olo3+UYqDPUfZKBpITbqYwcufsVnd/4tFaTHKlgblR4wR02aTCxJm0iGnK0KubU5
+ TItsMFgqQujWf4IE10StZVUi1FgU+4zujUGep4AGFSzANNFaa2mJXTpPt09P/H8z
+ HBq90ZBaDF33T6U17Xkn1NR5ESp/iWnYLW9BSVV5avKti2pwsMuZBY6n4ye7TyvS
+ XgGdXytbbBLdp/xeXp80EkO1NJh0OpvjDUiFHudccVAP31dOUOCQAZQCDEX8f14J
+ iiHr+B72NrPR0/reLDyP7D/Su7isXn+V66GtpbOJW42nu2elKdCeO3cDlgJTCMs=
+ =HJlu
-----END PGP MESSAGE-----
fp: "0xFA47BDA260489ADA"
- - created_at: "2024-12-07T17:35:52Z"
+ - created_at: "2024-12-07T17:36:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hF4DYIEGJeT64uMSAQdA6+TgY3VlMHAOdRVlOIIUhi0RflLelJZCi1ouE0g+pAcw
- JW8w6E6fnOMWGStg2tDmYh1jKOaCqG0AOcHRCh73T8n0iM4C1TWLsslXDxZO0IgD
- 0l4B0YpSZFYtBZ1TZ2JkhZyZ9zjZommU1rir2FOEdLPznP5UnXHihE/DGL8uPSKT
- wojUwh9vSfV2zJR1Tvc4wg6Br9B24FiltSaCJtJzIeozbZsA3nK06kEUVlrKLSLW
- =NLVS
+ hF4DYIEGJeT64uMSAQdA50X4+sbx3oJ+ZyBVgnlVWEm647fMtmUOO0baw1RdSBUw
+ BOfInzsySFnQvc02duUigld2F3ACOlYwKVP8FRv+jfGi9Mxh44ljUVw+u7deo14Z
+ 0l4BGi/lF0cFFTK72V0ddZYq/Qm8bm+yubM8T1UfNnZhTfUfbue2cvZSkeVaROZd
+ rsIJY7GRl1eGHVR1jsEpLgTMPWMI2nTSUyAmxr8o7PXCoiKGA/liSHdCvKnvIPIK
+ =ML1v
-----END PGP MESSAGE-----
fp: 0xE474A4AB587CD834813DF35D03FDB411169D6C8B
- - created_at: "2024-12-07T17:35:52Z"
+ - created_at: "2024-12-07T17:36:46Z"
enc: |-
-----BEGIN PGP MESSAGE-----
- hQGMAxrcfL3KHjCOAQwAsgc2mlXu8YW445U7Lmg2iJkU11UvwVZr9yhVtDV9ZVMg
- UGzIDUL2CyYl7gT9ICnyYvgy7TM7f3nq5VcV7RHDU6lqX0IIjY4RNd841PY+01Ff
- bGd5LDJ+Cr3YEhHcfW1uTppABdIzb1jbSYN6yqFCfpkFKFDSQt+lygf0d4XTK2+t
- asQMlUtlGCsI9rJj2sGulSPr+NyFMPHJfoMt/73hK2JOxxoBCKtl4xNclfhIQPcI
- W1EwQNn+PZqpkfrmpua4fXVZVdT+30e2RvOxw3IWvwXP/KbTZYqZKSv75t0Jq7QA
- /Cmm9C0tt9WiLqK0Fy/uV+ozi8+zhTeRI4WhtKNU0QMzy/zePgd4PAp+I5ap1MSU
- d2p7456N0xlhhdA6xiOtmkWNFoIcmDqsfa+575SL3pvxl8646GMfLa/Kyj+7zcKI
- eu+n3hlEmIrN+rTe/IzdWrqZrpUzK+NMGyNne8RY5iKVY2yKaLG8S+aZV5x9kA1p
- gF7PS6CJEBjJNfEG0CrI0l4BoB2uUmpXRk5r+yK0hP9RI4ciCfR46tkP2xeFAQCY
- SgRvVxFhP+LzOJLyeoGRl50UCAgQUI+c/Cb+9aX9tt+ucfUHkLWDE683MXFGbCPX
- gHW+WJtITsmLVYGsg4vU
- =FuMb
+ hQGMAxrcfL3KHjCOAQv9G9aQDkBDtEDu5PotXxb7/uJ5qRvBFALfu8O22Bq0GMiC
+ 0edP7O9TwxVBt0kdVDMxgoldrPfVkpswA4P9qTfw/MdvrtZ9E/aaxpM3XbYzWMru
+ keJrW9r17J6Tk2i60D5Kut6Vl1sHVJd9NB2S8ERI+Rn6D3gwM2Kpm2PTh6lI+iWC
+ 1Uwt1M7eBe0wSPChpPGxt0Wlf+Ad+NqylH6SeAZMsXUlk2sjb9sX3NyiVLdZq9rr
+ JmkRWftIRdtyOO/Nib5E/0lN7kKy5OI6oXzmXnLExFnRIZhfyUOKR5qxM3KLoGIR
+ Xr89jFAu1j/2Gb5tnB8IJzq53ro2m3y1Fo+zYCJ5VqAnxFX7S5ItICAWxLSHkHFO
+ hUrM5QkMfQyLHHY4lSoXnS1rPKBV6QdrVEn/08nQihU0+jzSVRcS7aVCBk4mEbCN
+ RmRC/tOIW0fiihBDMF3ufYWxuNHqO3RKRNJ0fLSkJ4NTZYzGdZ9Kzp5UwUYFhDFZ
+ CWg2Q3/KpYQYYRVNsq490l4Bw7Xig9bUO3W3K66wSlsXcmmQL+nmqc34bal3BQRe
+ AQ7+0PQZObNI66MHgNoRqAe7/dtx0Ca+j+WV0rqP3AYNbaMkj5USb+3AmbbToWRY
+ FoX5+YCcFiI1YpBgP6Sc
+ =zwdT
-----END PGP MESSAGE-----
fp: 0xD5B872E407D438721E5887A000E765FA7F4F2EDE
unencrypted_suffix: _unencrypted
From c5de3676af53b25f27873999c081131fd128f606 Mon Sep 17 00:00:00 2001
From: pigeonmoelleux <pigeonmoelleux@crans.org>
Date: Sat, 7 Dec 2024 15:32:22 +0100
Subject: [PATCH 5/7] Configuration apprentix
---
.sops.yaml | 22 +-
devshells/default.nix | 1 +
hosts/vm/apprentix/default.nix | 17 +-
hosts/vm/apprentix/hardware-configuration.nix | 31 ++-
hosts/vm/apprentix/networking.nix | 64 ++---
hosts/vm/neo/hardware-configuration.nix | 33 ++-
hosts/vm/neo/networking.nix | 64 ++---
hosts/vm/redite/hardware-configuration.nix | 36 +--
hosts/vm/redite/networking.nix | 64 ++---
hosts/vm/two/hardware-configuration.nix | 36 +--
hosts/vm/two/networking.nix | 64 ++---
modules/crans/home.nix | 5 +-
modules/crans/users.nix | 6 +-
modules/default.nix | 5 +-
modules/services/libreddit.nix | 1 -
modules/services/matrix.nix | 28 ++-
secrets/apprentix.yaml | 220 ++++++++++++++++++
17 files changed, 529 insertions(+), 168 deletions(-)
create mode 100644 secrets/apprentix.yaml
diff --git a/.sops.yaml b/.sops.yaml
index 3acddc8..55cb31c 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,6 +1,6 @@
keys:
# Hosts keys are age keys derived from the host ssh key.
- - &apprentix age1y3l4j0axyltq80d5stly43h42v0wfsc9mun0qcm92qjfc8tn85hsnmadgz
+ - &apprentix age1yew8ls8j5pq45k5vxfhxh5xvlnesyfktd0mskxmwq4t53vmezdaqax3aqk
- &neo age1ed9esfstrdhfl3650mv4j3mjyum70245f903ye6g0f5t2ept73nqyksh3g
- &redite age1utlywxylme0z3jenv4uz8ftcwteg9877y3zf46fu7zwjjwa05g7q88w8t0
- &thot age18rv8q7stsn2zv4gxuj4g4ktkeywkg2wngtdwza858jjme8wdvp8s9hkx00
@@ -38,12 +38,30 @@ creation_rules:
- *_shirenn
- *_vanille
age :
- - *apprentix
- *neo
- *redite
- *thot
- *two
+ # Secrets for apprentix.
+ - path_regex: secrets/apprentix.yaml
+ key_groups:
+ - pgp :
+ - *_aeltheos
+ - *_bleizi
+ - *_ds-ac
+ - *_esum
+ - *_gabo
+ - *_korenstin
+ - *_lzebulon
+ - *_otthorn
+ - *_peb
+ - *_pigeonmoelleux
+ - *_shirenn
+ - *_vanille
+ age :
+ - *apprentix
+
# Secrets for neo.
- path_regex: secrets/neo.yaml
key_groups:
diff --git a/devshells/default.nix b/devshells/default.nix
index 19101ee..651a139 100644
--- a/devshells/default.nix
+++ b/devshells/default.nix
@@ -6,6 +6,7 @@ pkgs.mkShell {
packages = with pkgs; [
nil
nixpkgs-fmt
+ ssh-to-age
sops
];
}
diff --git a/hosts/vm/apprentix/default.nix b/hosts/vm/apprentix/default.nix
index 7fae1f3..8617d06 100644
--- a/hosts/vm/apprentix/default.nix
+++ b/hosts/vm/apprentix/default.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
{
imports = [
@@ -12,5 +12,20 @@
networking.hostName = "apprentix";
+ security.sudo.extraRules = [
+ {
+ groups = [ "_user" ];
+ commands = [ "ALL" ];
+ }
+ ];
+
+ sops.secrets.root-passwd-hash = {
+ sopsFile = ../../../secrets/apprentix.yaml;
+ };
+
+ users.users.root = {
+ hashedPasswordFile = config.sops.secrets.root-passwd-hash.path;
+ };
+
system.stateVersion = "24.11";
}
diff --git a/hosts/vm/apprentix/hardware-configuration.nix b/hosts/vm/apprentix/hardware-configuration.nix
index ed0de5a..db17483 100644
--- a/hosts/vm/apprentix/hardware-configuration.nix
+++ b/hosts/vm/apprentix/hardware-configuration.nix
@@ -1,22 +1,35 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}:
{
- imports =
- [ (modulesPath + "/profiles/qemu-guest.nix")
- ];
+ imports = [
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "uhci_hcd"
+ "virtio_pci"
+ "virtio_scsi"
+ "sd_mod"
+ "sr_mod"
+ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/b8171fb6-3aba-489a-8c40-7765e910572b";
- fsType = "ext4";
- };
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/9d40d40e-4b3a-4740-9773-6ac23df546ac";
+ fsType = "ext4";
+ };
swapDevices = [ ];
diff --git a/hosts/vm/apprentix/networking.nix b/hosts/vm/apprentix/networking.nix
index 1748e4e..548d59a 100644
--- a/hosts/vm/apprentix/networking.nix
+++ b/hosts/vm/apprentix/networking.nix
@@ -6,17 +6,21 @@
ens18 = {
ipv4 = {
- addresses = [{
- address = "172.16.10.150";
- prefixLength = 24;
- }];
+ addresses = [
+ {
+ address = "172.16.10.150";
+ prefixLength = 24;
+ }
+ ];
};
ipv6 = {
- addresses = [{
- address = "fd00::10:0:ff:fe01:5010";
- prefixLength = 64;
- }];
+ addresses = [
+ {
+ address = "fd00::10:0:ff:fe01:5010";
+ prefixLength = 64;
+ }
+ ];
};
};
@@ -24,27 +28,35 @@
ens19 = {
ipv4 = {
- addresses = [{
- address = "172.16.3.150";
- prefixLength = 24;
- }];
- routes = [{
- address = "0.0.0.0";
- via = "172.16.3.99";
- prefixLength = 0;
- }];
+ addresses = [
+ {
+ address = "172.16.3.150";
+ prefixLength = 24;
+ }
+ ];
+ routes = [
+ {
+ address = "0.0.0.0";
+ via = "172.16.3.99";
+ prefixLength = 0;
+ }
+ ];
};
ipv6 = {
- addresses = [{
- address = "2a0c:700:3::ff:fe01:5003";
- prefixLength = 64;
- }];
- routes = [{
- address = "::";
- via = "2a0c:700:3::ff:fe00:9903";
- prefixLength = 0;
- }];
+ addresses = [
+ {
+ address = "2a0c:700:3::ff:fe01:5003";
+ prefixLength = 64;
+ }
+ ];
+ routes = [
+ {
+ address = "::";
+ via = "2a0c:700:3::ff:fe00:9903";
+ prefixLength = 0;
+ }
+ ];
};
};
diff --git a/hosts/vm/neo/hardware-configuration.nix b/hosts/vm/neo/hardware-configuration.nix
index 5ac6215..be3f8eb 100644
--- a/hosts/vm/neo/hardware-configuration.nix
+++ b/hosts/vm/neo/hardware-configuration.nix
@@ -1,24 +1,35 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}:
{
- imports =
- [
- (modulesPath + "/profiles/qemu-guest.nix")
- ];
+ imports = [
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "uhci_hcd"
+ "virtio_pci"
+ "virtio_scsi"
+ "sd_mod"
+ "sr_mod"
+ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
- fileSystems."/" =
- {
- device = "/dev/disk/by-uuid/89589639-21f1-4899-97e9-d1de6eb16d45";
- fsType = "ext4";
- };
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/89589639-21f1-4899-97e9-d1de6eb16d45";
+ fsType = "ext4";
+ };
swapDevices = [ ];
diff --git a/hosts/vm/neo/networking.nix b/hosts/vm/neo/networking.nix
index c3d4dee..f9139aa 100644
--- a/hosts/vm/neo/networking.nix
+++ b/hosts/vm/neo/networking.nix
@@ -6,17 +6,21 @@
ens18 = {
ipv4 = {
- addresses = [{
- address = "172.16.10.137";
- prefixLength = 24;
- }];
+ addresses = [
+ {
+ address = "172.16.10.137";
+ prefixLength = 24;
+ }
+ ];
};
ipv6 = {
- addresses = [{
- address = "fd00::10:0:ff:fe01:3710";
- prefixLength = 64;
- }];
+ addresses = [
+ {
+ address = "fd00::10:0:ff:fe01:3710";
+ prefixLength = 64;
+ }
+ ];
};
};
@@ -24,27 +28,35 @@
ens19 = {
ipv4 = {
- addresses = [{
- address = "185.230.79.38";
- prefixLength = 26;
- }];
- routes = [{
- address = "0.0.0.0";
- via = "185.230.79.62";
- prefixLength = 0;
- }];
+ addresses = [
+ {
+ address = "185.230.79.38";
+ prefixLength = 26;
+ }
+ ];
+ routes = [
+ {
+ address = "0.0.0.0";
+ via = "185.230.79.62";
+ prefixLength = 0;
+ }
+ ];
};
ipv6 = {
- addresses = [{
- address = "2a0c:700:2::ff:fe01:3702";
- prefixLength = 64;
- }];
- routes = [{
- address = "::";
- via = "2a0c:700:2::ff:fe00:9902";
- prefixLength = 0;
- }];
+ addresses = [
+ {
+ address = "2a0c:700:2::ff:fe01:3702";
+ prefixLength = 64;
+ }
+ ];
+ routes = [
+ {
+ address = "::";
+ via = "2a0c:700:2::ff:fe00:9902";
+ prefixLength = 0;
+ }
+ ];
};
};
diff --git a/hosts/vm/redite/hardware-configuration.nix b/hosts/vm/redite/hardware-configuration.nix
index 9b5a7eb..c61d274 100644
--- a/hosts/vm/redite/hardware-configuration.nix
+++ b/hosts/vm/redite/hardware-configuration.nix
@@ -1,27 +1,37 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}:
{
- imports =
- [
- (modulesPath + "/profiles/qemu-guest.nix")
- ];
+ imports = [
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "uhci_hcd"
+ "virtio_pci"
+ "virtio_scsi"
+ "sd_mod"
+ "sr_mod"
+ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
- fileSystems."/" =
- {
- device = "/dev/disk/by-uuid/6aab06d9-2d09-4929-a680-719c6818a663";
- fsType = "ext4";
- };
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/6aab06d9-2d09-4929-a680-719c6818a663";
+ fsType = "ext4";
+ };
- swapDevices =
- [{ device = "/dev/disk/by-uuid/24f88af8-323d-48e3-8872-402b8bbbdc13"; }];
+ swapDevices = [ { device = "/dev/disk/by-uuid/24f88af8-323d-48e3-8872-402b8bbbdc13"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
diff --git a/hosts/vm/redite/networking.nix b/hosts/vm/redite/networking.nix
index 0b1e35b..8ec9ca3 100644
--- a/hosts/vm/redite/networking.nix
+++ b/hosts/vm/redite/networking.nix
@@ -6,17 +6,21 @@
ens18 = {
ipv4 = {
- addresses = [{
- address = "172.16.10.139";
- prefixLength = 24;
- }];
+ addresses = [
+ {
+ address = "172.16.10.139";
+ prefixLength = 24;
+ }
+ ];
};
ipv6 = {
- addresses = [{
- address = "fd00::10:0:ff:fe01:3910";
- prefixLength = 64;
- }];
+ addresses = [
+ {
+ address = "fd00::10:0:ff:fe01:3910";
+ prefixLength = 64;
+ }
+ ];
};
};
@@ -24,27 +28,35 @@
ens19 = {
ipv4 = {
- addresses = [{
- address = "172.16.3.139";
- prefixLength = 24;
- }];
- routes = [{
- address = "0.0.0.0";
- via = "172.16.3.99";
- prefixLength = 0;
- }];
+ addresses = [
+ {
+ address = "172.16.3.139";
+ prefixLength = 24;
+ }
+ ];
+ routes = [
+ {
+ address = "0.0.0.0";
+ via = "172.16.3.99";
+ prefixLength = 0;
+ }
+ ];
};
ipv6 = {
- addresses = [{
- address = "2a0c:700:3::ff:fe01:3903";
- prefixLength = 64;
- }];
- routes = [{
- address = "::";
- via = "2a0c:700:3::ff:fe00:9903";
- prefixLength = 0;
- }];
+ addresses = [
+ {
+ address = "2a0c:700:3::ff:fe01:3903";
+ prefixLength = 64;
+ }
+ ];
+ routes = [
+ {
+ address = "::";
+ via = "2a0c:700:3::ff:fe00:9903";
+ prefixLength = 0;
+ }
+ ];
};
};
diff --git a/hosts/vm/two/hardware-configuration.nix b/hosts/vm/two/hardware-configuration.nix
index 8e55b35..343fb21 100644
--- a/hosts/vm/two/hardware-configuration.nix
+++ b/hosts/vm/two/hardware-configuration.nix
@@ -1,27 +1,37 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}:
{
- imports =
- [
- (modulesPath + "/profiles/qemu-guest.nix")
- ];
+ imports = [
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "uhci_hcd"
+ "virtio_pci"
+ "virtio_scsi"
+ "sd_mod"
+ "sr_mod"
+ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
- fileSystems."/" =
- {
- device = "/dev/disk/by-uuid/49b72b3e-4c52-46db-8655-d7e3d93c1c56";
- fsType = "ext4";
- };
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/49b72b3e-4c52-46db-8655-d7e3d93c1c56";
+ fsType = "ext4";
+ };
- swapDevices =
- [{ device = "/dev/disk/by-uuid/98accdb0-7e99-4280-9fb2-43ccbbefaeb8"; }];
+ swapDevices = [ { device = "/dev/disk/by-uuid/98accdb0-7e99-4280-9fb2-43ccbbefaeb8"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
diff --git a/hosts/vm/two/networking.nix b/hosts/vm/two/networking.nix
index cf1a09e..1840458 100644
--- a/hosts/vm/two/networking.nix
+++ b/hosts/vm/two/networking.nix
@@ -6,17 +6,21 @@
ens18 = {
ipv4 = {
- addresses = [{
- address = "172.16.10.135";
- prefixLength = 24;
- }];
+ addresses = [
+ {
+ address = "172.16.10.135";
+ prefixLength = 24;
+ }
+ ];
};
ipv6 = {
- addresses = [{
- address = "fd00::10:0:ff:fe01:3510";
- prefixLength = 64;
- }];
+ addresses = [
+ {
+ address = "fd00::10:0:ff:fe01:3510";
+ prefixLength = 64;
+ }
+ ];
};
};
@@ -24,27 +28,35 @@
ens19 = {
ipv4 = {
- addresses = [{
- address = "172.16.3.135";
- prefixLength = 24;
- }];
- routes = [{
- address = "0.0.0.0";
- via = "172.16.3.99";
- prefixLength = 0;
- }];
+ addresses = [
+ {
+ address = "172.16.3.135";
+ prefixLength = 24;
+ }
+ ];
+ routes = [
+ {
+ address = "0.0.0.0";
+ via = "172.16.3.99";
+ prefixLength = 0;
+ }
+ ];
};
ipv6 = {
- addresses = [{
- address = "2a0c:700:3::ff:fe01:3503";
- prefixLength = 64;
- }];
- routes = [{
- address = "::";
- via = "2a0c:700:3::ff:fe00:9903";
- prefixLength = 0;
- }];
+ addresses = [
+ {
+ address = "2a0c:700:3::ff:fe01:3503";
+ prefixLength = 64;
+ }
+ ];
+ routes = [
+ {
+ address = "::";
+ via = "2a0c:700:3::ff:fe00:9903";
+ prefixLength = 0;
+ }
+ ];
};
};
diff --git a/modules/crans/home.nix b/modules/crans/home.nix
index 9839960..13bbe94 100644
--- a/modules/crans/home.nix
+++ b/modules/crans/home.nix
@@ -5,7 +5,10 @@
mountPoint = "/home_nounou";
device = "172.16.10.1:/pool/home";
fsType = "nfs";
- options = [ "rw" "nosuid" ];
+ options = [
+ "rw"
+ "nosuid"
+ ];
};
environment.systemPackages = with pkgs; [
diff --git a/modules/crans/users.nix b/modules/crans/users.nix
index 9a7352a..f04a6d6 100644
--- a/modules/crans/users.nix
+++ b/modules/crans/users.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, lib, ... }:
{
users.ldap = {
@@ -35,11 +35,11 @@
};
sops.secrets.root-passwd-hash = {
- sopsFile = ../../secrets/common.yaml;
+ sopsFile = lib.mkDefault ../../secrets/common.yaml;
};
users.users.root = {
- hashedPasswordFile = config.sops.secrets.root-passwd-hash.path;
+ hashedPasswordFile = lib.mkDefault config.sops.secrets.root-passwd-hash.path;
};
services.openssh.settings.PermitRootLogin = "yes";
diff --git a/modules/default.nix b/modules/default.nix
index bed0b34..1515e9b 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -5,5 +5,8 @@
./crans
];
- nix.settings.experimental-features = [ "flakes" "nix-command" ];
+ nix.settings.experimental-features = [
+ "flakes"
+ "nix-command"
+ ];
}
diff --git a/modules/services/libreddit.nix b/modules/services/libreddit.nix
index 1a6a568..35157b7 100644
--- a/modules/services/libreddit.nix
+++ b/modules/services/libreddit.nix
@@ -7,4 +7,3 @@
enable = true;
};
}
-
diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix
index 5323538..0277ca8 100644
--- a/modules/services/matrix.nix
+++ b/modules/services/matrix.nix
@@ -3,10 +3,12 @@
{
services.postgresql = {
enable = true;
- ensureUsers = [{
- name = "matrix-synapse";
- ensureDBOwnership = true;
- }];
+ ensureUsers = [
+ {
+ name = "matrix-synapse";
+ ensureDBOwnership = true;
+ }
+ ];
ensureDatabases = [ "matrix-synapse" ];
};
@@ -19,14 +21,22 @@
listeners = [
{
port = 8008;
- bind_addresses = [ "127.0.0.1" "::1" ];
+ bind_addresses = [
+ "127.0.0.1"
+ "::1"
+ ];
type = "http";
tls = false;
x_forwarded = true;
- resources = [{
- name = [ "client" "federation" ];
- compress = true;
- }];
+ resources = [
+ {
+ name = [
+ "client"
+ "federation"
+ ];
+ compress = true;
+ }
+ ];
}
];
};
diff --git a/secrets/apprentix.yaml b/secrets/apprentix.yaml
new file mode 100644
index 0000000..2f73660
--- /dev/null
+++ b/secrets/apprentix.yaml
@@ -0,0 +1,220 @@
+root-passwd-hash: ENC[AES256_GCM,data:wHR2Uk5qdfDE2MWs3rkkW72mpeDm1dz5Kg==,iv:SFw5rt4QiJOseWU+CMzbto6CAr6jjnXc8kwnSKByJyU=,tag:zNME8ZxbvWcaEe3WbAWWxA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1yew8ls8j5pq45k5vxfhxh5xvlnesyfktd0mskxmwq4t53vmezdaqax3aqk
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbUt2SE01clNUVldyMnIw
+ RXUwbDJCcTZwUWx3cHFLbDBqUit5M3FPVzBnCndkamt1Q2U4THQ4aHlmWEtoRHlD
+ emtVWVY1enl3ODBaTEdxUDJnRVkrVzAKLS0tIDZLWDE4eUFzOFhBV1pjMlJ1c1Zp
+ b0NObmpwMHpTU0YxYk1kN3pFdE5IWjQKQhFRtDHOK/sfV+pNhivQDX8aUf0IVaJy
+ JCT60MR/M0JD8+k2JrwkZxJy+wOqivBuQwdzL68OnslQtGR2E/Slog==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2024-12-07T14:51:53Z"
+ mac: ENC[AES256_GCM,data:zgvseloTGUaJje6emsM36vKzYp0flRlV3UIVRMs5PbhrsGNrQIGnL0FkBGBFN6Rjss0KxWeZby0cK7QKQuZvwfvGN+HZi7sYI0AEVjgNPO6355zKRSxx80/oAZYyNLvb61INwaMdee+PbbVF96qY+OcPMT59P6TcdbqV1LRogX4=,iv:TGHgxgoD6oBrKZh2pYJC7d/67skmfSSF4REF1I/Kh0k=,tag:wNk2W0NQgN4antRq0cyyzw==,type:str]
+ pgp:
+ - created_at: "2024-12-07T14:16:40Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DtMjybqIQmUESAQdA/ZBC+dXCHwm699TtX2UdrJ5MU6e4ogFQOTUvE/V0kR4w
+ rgqplX13xLq86pt3ujxMbsE9zs9zLLh7oeliktR29vP6KfsocPfWF2FfLKimRNYd
+ 0l4B4VmexVAn8APL4HlaPKJAQJz8CbWoesAD8IbnKTD351gxRUWgH6spEOMN2KLM
+ KIvyGV7SrLCSmPUgKTwDM50NQm4b+C7lv1nBreAydfgy4j6MoplDwuguZWmT7DqD
+ =P3Im
+ -----END PGP MESSAGE-----
+ fp: 0x40CB48A443B03B5DBA484D279A130774C458F4D4
+ - created_at: "2024-12-07T14:16:40Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA8m7r5bNaN8eAQ//Yx9rjU4bBAdMIS5fFIrCFnCvvvacZfSnhaPm7175L4eU
+ 8S3TrDX9cEIFxXuLgJEMKMxcouagtLPqahJEqe4eoVHi/vDhst0663+3/noNfdkB
+ 2IzHKaQxobXqD+9RblJf8Fcv0xQk8nLePoIExfmK2ikhaHzUmTqGk/FUgS9WjtbT
+ 2x3+i9oeNF9fpKFzloTfxQGoXVU0+4oB7Krwas7n3RmAzHpRxO8e6i+mZ54SL8B0
+ roKu3NUwsBVEppwA4BfJy+c8PFpf7Et10bBQ32ORMyeCP0XkX6WQ2wLC0X2aYjqL
+ nWWhUAS9WTE7r64P64smFFN2b+nqFnEEaVMhDx4cbIwZy8xw5nNSKY1ckSle8qkX
+ 0Vi7BXHMytxNPog2ra+PPs1l8Bi4wqRLCdRka4eNeZQQJ5jddn583MYbsK/AveNP
+ l1VSE7Qv2LhiPATqWiFRHMYri8L5paZF7l3g38LgtrhNOE2SKS95U87NJg/bUnWc
+ 9//piRa9jxuwA3RWaz3qCJXuDrTo13RtiKpGUF115CP7lTb29snTb7wUYTCKblv5
+ NwpjyAt3jgGEfYGWX7pTAFUV/ZPMTpF34ndN1WSBYjTGte24Yfu7dZrENIhak+n0
+ sipt3m7Cn/aB0Pv39VE4uMNEM7wmorkJmxYGY3AaU7+NW8RpHwIjDDudaruJSqTS
+ XgHgD075H9uS6+xO4uMNyWIymo0wbjb3gxYxqZFVQLJcfNp0jlL5TyfL0VFIniRt
+ nN/UDOqAdCQI9hLfGwGzFt/hyTL3Hn8ZJTGJcnzBXQCEUBp/0oYN1X7ZIa0CjSE=
+ =nzNo
+ -----END PGP MESSAGE-----
+ fp: 0x9487E782E043EC0D9E0F6C27D46D7E3364433208
+ - created_at: "2024-12-07T14:16:40Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA9A+dmzvmzOLAQ/+I+ROcX9MIvF/7vmXASAiYInPtLu9U8Ug19Pj+AXuVadX
+ 3R3op9PvwS1IbXTCN/nkAhEndOLFUbRR0SxCED14xolsJH+Lrnm0cuuqhVzCkg4/
+ g7wedh5GoJcX7AiZ8RnviVixIU+fVm41UPA2eLetHIgFfoLZafcHqQSOPC1+lUj5
+ jECr2cVoQsBKCxAYN9NwGar46q4QJiNFpeLrYo98Xb+8qUf7Czc64O7/X+gft3/q
+ bGAZmcGN8YvTSy9ELnDPRPbMksrcNZoNNDyJ0wRjoVCsErj/wG3IS+yBxSLtpxMB
+ n71mylqojtu9qSxvOU5XAbiO8RJvI2kt5sbCl3r6JAUgVZVqzHwvxsWQPrAmRaIU
+ J3DkQlem63pVLbFfhjaDIhLE5bS/ODy1YrSSPgvw8tDgqyv9jN4OdiRgTPgJXlSe
+ IVfbJubFgKCdHxZ3gIpGd8QX7BwlNPqVqZCEZdijo1tmF7EgPj04l111CCecQIyI
+ o0xYst4hcc1tfjicUjiiOmB1rK01Y4QWheR6c3k6tZa5+of3QjBtsdgMRGmai1lz
+ Hz6oH0wL672ti3Td+j1gLHupFYF2XBZrERKRtbJJkPiO7yIbu2Cu+4xdBrwu6khu
+ KN/I8IS3g2ZdigI9gtoArteB1qAVNZNdRWjUN7Av5JEsyCCpef2Exvi17ppHLbnS
+ XgHStUrR/Zmun/r3IZZG0rKioNBcRC4nuw6Ky+bv+qyseFiBWldSBnNfnrIER6jV
+ kiWIexVMekdlZ424ee/tmgKf+ROwvTJIR69H0lOcETujALXedWBrMoNaaK+3+CA=
+ =NpUl
+ -----END PGP MESSAGE-----
+ fp: 0xBC354C0D5CC674D11D3EF7AC2BD76BB280787FB9
+ - created_at: "2024-12-07T14:16:40Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DRBWo2b0h4f4SAQdAle9eSFMLrJXyleUg0J2h/xhkELTd8LKVbHKGetpDKkMw
+ alZE6czx6HLsTcKX67zUL6ugHePYHd+pboUkFogwJpgkIIyU2+ofNn1YqW1WzVBX
+ 0l4BY0J5TZly6XGyy75UiC01nZcuXbEqSnvflHG8dCPkrtapnYE+NbkMAWm1r+Re
+ xI1fZ9UlbzXFv/V/oEXIewtuSdB9s7vly7D/KvffKC3nOD9P6oVZyNJZuTNTEC63
+ =wOq8
+ -----END PGP MESSAGE-----
+ fp: 0x572D19D312825B1A504C9003531DDDB6EB559FBA
+ - created_at: "2024-12-07T14:16:40Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2iXGbkufjklARAAltyeYNFXHJotSZszOP3EwjcaQTGJ9PWkgSfBnZmm3kJd
+ 78DhtrQ4VPtj9U4ZfUuXl/ePK51VI4rixioo/7afKWWi34mEWZH8QvpZWNhD8s0D
+ GVds7dC1VjqOMdPX04rI8+8BUGzrhCRBT5bTbaN9D+R2Xe5jI1qEVzdtRHP75UOw
+ myCzqdG2Xy7CZTYyGKcBBJLQkxTsZadxeGDVT5QKUjYMSjLQ45rtreLlkN3esUoI
+ A2e+Gh3CeaEek784dU2nYmgzzOTI2QnozyEz13/Kvz2hvCY2BhlT3vGr+GLwxoun
+ Zwjqlv398SQyW6DMj9Oztxd3Pl87GxpwRWeVL9H0f0vfDSNFPAY51FRcKCJZ1wrU
+ 4XFvgrtSO1pIyoj8kisYC7STkB39RKsVJ1gyyTGgIHcBvwAIWDfBc47Ekwn90T9F
+ WJmv696cxTy4GtyjMd8FsuDvpMP0YPfi0ctbHRNPSNVngS5e8rTNzItZyKNFHFIW
+ uygQWBDZMI+ay0VkEoYl73oeqASBXDxlr7gmL7jKKN7wGupydggPaRNrQr/Wrmuk
+ 4hmMg9Mwh7FS8Ve5I6dTiucqZW+xEvwGpT6saz0yEUr7XE+zrrkTUMAb2CjpGZ+w
+ lEBUPyVSf73bATN/n4gi0SwFRog6O/S/6tkYWkIDzx5Vs43G04p2TxQCXc85In/U
+ aAEJAhAbEUFXGj7MVXN0mUM+RxiapyAU6S3Punfhrk3jsckZOPFhwc9c3RvGXzhq
+ QEpeHKIVm/oX0xCJ9YcEIFvdgyHaqm+Sd3L1dehYrhCzLLisV9/ivSXECdC6UsT3
+ Go0wZ/PGMlKx
+ =euxN
+ -----END PGP MESSAGE-----
+ fp: 0x270A71E7908CA9D9252000B01EFEFDF3F7B80B01
+ - created_at: "2024-12-07T14:16:40Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4Uty74yOFxLARAAloRgO344TAsArBC6zdjWz6T/Ea1W8irpNKY8vyBrHt5u
+ CeKlWy+7ufEH3cDI7vPeLvUY5v83jK30p2R0uNrctAxKWxA88FxKp8UC3dW0UpWG
+ J+fhmzNhID4/fw++NzEpcErisB8OONEtK1s70HFEJ+3ZLCB2FOL36brAD094Hj3U
+ RkmRZFexGuH32XLuI/tWfahpG21wNwOUl3UZc+UcgcYC0UuZ+JOkRB/NUn26+LfJ
+ szoivDUk71tC8M2DZTqKEfhLfn9dAo+oGhh+z889tvSyM+OhdmoCPoSbrHqa9vHV
+ vKWj5UCPkg8cUkVkACgGzE7/2CibD6D/MjrUIQI979dNZVOGerI6ltvU0NePC2WI
+ ppN2OZVTWSR80FnAG/qMMgoqVW+3RT2RKFaguMLfzIZ9mHJmWJP8JCCIGUjlf5Bp
+ uYQnE4scl9zq2RjVMIz8LZOrBUln/wu50NVswxEkIaVEZaCFvFOHcA5fy36mOUaN
+ aKGUd5XzrN5LJ/2Fh5X8fGsoYaanGX/XN22zKQ6QLBbEOAGpSf27dztYrXQAtUVe
+ gkkp6iL1e0CujViu9uXCgt+XyNg5ReJuRrKQHpnxIDlxI7irJOKdI40f7jcWR21Q
+ ybvjo81GBxpzjEgqRX2kqGXKzycdbuk+IbtnHJBSbITIKH8zFYxNaOQT6RXsUjDS
+ XgEVTM3sAR767EZgK6QFRNHGCjc+x/u0uItqaEO0wBTIhIMrdh1EOvRrVq768oNY
+ cxqMeYNMuqbP9/8LNMqzJSxBphGOkbwiaUijALY1syMDJbqZ1CgkPWH3RsNJJ54=
+ =hMqW
+ -----END PGP MESSAGE-----
+ fp: 0xA534E46682DD8C35377352C88DD28608BE411065
+ - created_at: "2024-12-07T14:16:40Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DIBqTX2T418ESAQdAp665HoLg7r76LztlYrQhbUIOys5R3jvOng2T76vC6Vcw
+ 05L3TI4c/h+rm6rHEOLwAXXNda/xtNKVWi/Pl0/Yuy4Ispz4VETSwIHYG4AehUOV
+ 1GgBCQIQ7ML7gSRf3HebptDFvEm4F1G/IIKs+GmSGvpBYaYGVoFh3roX6CMuRALd
+ wEF8YPGTJIBz0nE8CmUZyjSlk9c/XDEeJUnAMCDwHQCp8rd8DOYw8KB9gbuqWZcC
+ Tlt6fx7vTW75kQ==
+ =4wfP
+ -----END PGP MESSAGE-----
+ fp: 0xFF7D1156D33F4060A4B15BFBD6CDAB8050CBBE7D
+ - created_at: "2024-12-07T14:16:40Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQEMA7auZh4eKOkIAQf+I+Mwg7cnO+DGUvvMC/eR8TSIowoZwrUEFzo2gDxLKc4P
+ eAdB/cEbxzmVCyRmi95IE4v+c/5C+8FNjncD/RAyzMknXt2ychnE7r/V/I6jk204
+ UO/QCxA4qTOamcrS7DDeNXFa4jtJyA1ZsS/7XAw/h1EywRnJlJFVoPGiNaMfRdCI
+ j0qovqaAbGtdWten7YwuwnAX6dWPMz4ioKzmAbTA8vVqtz/O9Pn3wVRX8ScZy64U
+ wV74Wp2a6dmR6PFNIP1TyFA2xJ+c6mQnyp9IV7ggkIO5PClKaF7ec43OcD11ERiq
+ 4d/GGxpSh2Ot0fG3tNQOXp+HghS7u9Yky8Tf6Ia/3NJeAQMwZtlrUAxdxx0JrwZ2
+ TdMaD23pnY31QCIUi4UJ88f2DND6wN7j5zjqz2xlAxbgZiFEf/S0rKnp23RpZf7C
+ vEJrrJfBZAiMHIiTuOUNEX5bVStTqSB9mxnKsnJCxQ==
+ =aXeC
+ -----END PGP MESSAGE-----
+ fp: 0x49BA444CDC680527B4835F7C3C1AC435CD1F217B
+ - created_at: "2024-12-07T14:16:40Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA11f9zoCBF1cARAAgoJdyillpkxJ0j93cdT7PXe+AwjrEFXjcIYbUV1te25B
+ tSlD9ilhBjipaTKkatvPierMaqEOzmA33wkDw9N/gdSJSeAEJ0CVgCwFLWeV6apx
+ D+YucdrrO05r8lLbpANv4eVAboZU5AbLhPnHHPsxVlgckrNtydlnvJgLgp4qDh0w
+ yZhNmJWNPzk4NWz0JyMAmqS0SaWFQX5iMX18iN7ZEzvhW7OYAkU8ZkLh3nbDoPi6
+ mQG6acn7OxV6edj/Pbj6DEh696j0iwshwF7QWqYJI4v9CUYv1VKCa7bzNCrcFNOl
+ qrUz1Ig8otLv3VchH/b0dOeCaHbK08YCZCMKfhLMG2NkDav6dELfgVn+pfIyaRyA
+ pua1xgnfvhVKdv9ZiaTI5P2kG2ady2suyIQ9jeG/PYjEhAuiLCiU/PeXVnnJRgzJ
+ CwtGv5CIsGnsSIhGrwvpj5xqwmt9VyYcsfFlRbK4GIaC0Mk5AoIpYHrwbHzX7BTg
+ qgaQz73G1K2PDOEklSiA8jQzaE0AEjDX6wOvrElBpHrhMJ/CfbPDyAlp2E4gDU36
+ RJC8FVfL+q8uHLTzH11IshXGMkz/YLvkn65bGFJuZLmoGiJ/D8Ihg8yhGX88NW2D
+ sxEHmMBP7K9kfOkzm6J/YLzUshiEb0TZThUqKjEVx9+im8R29IpJatwKpNohhNDS
+ XgEaxyXzX66J1c3De2dmKpIR1iocYyfVYhula1CwPc75sqw9tRp+cVDL8i5Yn7nG
+ UG6bJcBth/MImg5ARYLGEUwQGWEqhHoSuQDRr1g/arSLrjbET+J6+7rwJmceySQ=
+ =SkJc
+ -----END PGP MESSAGE-----
+ fp: 0x9AE04D986400E3B67528F4930D442664194974E2
+ - created_at: "2024-12-07T14:16:40Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA/HTIsSK0VBlAQ/8CG6lZfxbXQz8I3c4qdRZ71CjGTZrfeQdhSEnSCvjYqWM
+ udsitJU4aw1+6DTfJr53S/Q7RYQcxpAWKJpfawL+N4nkw7Zdbb9YuXZN+sTeoAfw
+ XV2GsbkD9FOuoMiPUY9tfXeY6LrWFuf6FgCxF3ZVttYaBaSSzI5DOX+Nb/uWWsSP
+ wKk0lZvxQTbo2VRq3ETMadmobI7JjstV2X6WpLS7FGpHIB6BMypGonbB7uRkYH2z
+ +rw0KARfVW/V0CSEs0J7NtpyfQH+l5UvlFndKtAlUIvM0QUMg5yEOKgF8b9Jvrse
+ zDiEpeze2OZWQaHJSZkUF9ZDm+mNpF3GlcrRDhI01+ceVDMflOeg/7X9x1s//r1a
+ LnxEDqXSpiLwxqEi6lKKhXqhHg4VMGRtmnGkB6sHa4UBNMsRCuFMmlwNulQNqcqy
+ HXrQ/gLjY/cws80HT9f8xGXbUOuCPAFIdqE14Xmq4tlKcxIWoFUgUW2UF6ix14z2
+ NvgPG75sNarnU7bJ+LaU+/sX3NtVpQv+Li3IZ36NLb1K3kJs/qclZOR47k/mIxeY
+ MUWIt9TwOSV86jfVAfnsRX//N+K2h/xchqIrg2knqlueXxWPvlp/ilnOO948VmfZ
+ AgKhLHX5ItcOiP4r5gxShqijT8ka4wK9oB8YP3NWbHuO7AHkyTuDBOjhWOSY8QDS
+ XgHf6ZS6d0yvD5GDICw/D0PvxCsO2EsDGgbjKIUNt+Do23bgRUPDY6ASKC4NV0PP
+ LHsoHcKyAX7yIBMq2GddoHldtVBiCiJOZKraaJB1dCEdDS1KEMjb1wIfNlqBKp4=
+ =ljdD
+ -----END PGP MESSAGE-----
+ fp: "0xFA47BDA260489ADA"
+ - created_at: "2024-12-07T14:16:40Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DYIEGJeT64uMSAQdACF6vmNwDliN+1IkgTTO0SPuvpR0OLhxks+9oS+8d+y8w
+ JPxG9PPh+u91eFtanZWK0beCNPuG0AQrSDzL4E4Z58gP0VlJ/bTzjVdKG/umEaIq
+ 0l4BrDu6CHYDgq8eeUB0pGahxmr8Zk9ngUrfYEuRL54COkjCZQ1hcn54UiTkRBvU
+ HZ3M21q7OZdtpg2Ot7tAa5P+5dBGIoSjz4PyqR629pA4H30q1lU6Q/0jRHp0rc5G
+ =iCEK
+ -----END PGP MESSAGE-----
+ fp: 0xE474A4AB587CD834813DF35D03FDB411169D6C8B
+ - created_at: "2024-12-07T14:16:40Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQGMAxrcfL3KHjCOAQwAtJ1/AB1buFLWwJOpT77K8hU/TgXZZBUVIjHqgMvr17GJ
+ KXh2l+HN+EszzadTp1nz2Hmk7rmo8SF9K1Hx2+xQVkaYXpzJQpdr9U76ETKgiEDE
+ at8FnS8Qguva5RtemiB/5QEU89n52FqgkJrp6xO1pCgSKuMT+zKHzTA7R9ktHRVY
+ F1aadImQQcaSi+zPk5oJvXLFvQPSo9imK1+yiq3FNWpcHTZE12baK/zvdA3ufVmd
+ nu93AmFJQ3oRJpMfAw/Q6hvdLFB0Ueh0JJ2iviaQf5xavjffO8l4E9zSw0DHh2ac
+ MK8Lt6vb3vYa0xZxtECOwZoy+HFxSHRFxacQxQMvPjWlqyUxleUvZcJ7ilRQMV0f
+ VKLlgfXkxu8Qv1qx7HtgFYsXXeDodUnK4/3LdQNZnP2eZHdZ35+G8jzM8xZWZ7rF
+ QIiHKcf3BvHp0ExbeJWnKlkh9Rj9VlWp/CyChso8NR8grH4vEtSJ+P5C6tBxzwbm
+ IAbz3UTiytwysxbuph420l4BCz1fQ0lagS9BtlpYSTv67ZQmetHochI1a88OAK43
+ saz9yDwtwW1WuoDc2sLA7cQFxWPn2Uav3pE45IcnIua+DpD1l2Q4xfBNA7afF8fE
+ w3PZc2zuVfL7zpx5LpV7
+ =xrME
+ -----END PGP MESSAGE-----
+ fp: 0xD5B872E407D438721E5887A000E765FA7F4F2EDE
+ unencrypted_suffix: _unencrypted
+ version: 3.9.1
From 07a3891c6aecac6c74139b7888ffe9f9fbbb5657 Mon Sep 17 00:00:00 2001
From: pigeonmoelleux <pigeonmoelleux@crans.org>
Date: Sat, 7 Dec 2024 15:56:50 +0100
Subject: [PATCH 6/7] Mutable Users -> false
---
modules/crans/users.nix | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/modules/crans/users.nix b/modules/crans/users.nix
index f04a6d6..80d3ff6 100644
--- a/modules/crans/users.nix
+++ b/modules/crans/users.nix
@@ -1,17 +1,21 @@
{ config, lib, ... }:
{
- users.ldap = {
- enable = true;
- base = "dc=crans,dc=org";
- server = "ldaps://ldap-adm.adm.crans.org/";
- daemon = {
+ users = {
+ mutableUsers = false;
+
+ ldap = {
enable = true;
- extraConfig = ''
- ldap_version 3
- tls_reqcert allow
- map passwd loginShell /run/current-system/sw/bin/bash
- '';
+ base = "dc=crans,dc=org";
+ server = "ldaps://ldap-adm.adm.crans.org/";
+ daemon = {
+ enable = true;
+ extraConfig = ''
+ ldap_version 3
+ tls_reqcert allow
+ map passwd loginShell /run/current-system/sw/bin/bash
+ '';
+ };
};
};
From a7d298aaf7268cfd84b323e0e6ab5c63bba7e96b Mon Sep 17 00:00:00 2001
From: pigeonmoelleux <pigeonmoelleux@crans.org>
Date: Sat, 7 Dec 2024 16:17:38 +0100
Subject: [PATCH 7/7] Retrait home_nounou sur apprentix
---
hosts/vm/apprentix/default.nix | 4 +++-
modules/crans/default.nix | 1 +
modules/crans/home.nix | 39 +++++++++++++++++++++++-----------
3 files changed, 31 insertions(+), 13 deletions(-)
diff --git a/hosts/vm/apprentix/default.nix b/hosts/vm/apprentix/default.nix
index 8617d06..972dfe6 100644
--- a/hosts/vm/apprentix/default.nix
+++ b/hosts/vm/apprentix/default.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, lib, ... }:
{
imports = [
@@ -27,5 +27,7 @@
hashedPasswordFile = config.sops.secrets.root-passwd-hash.path;
};
+ crans.home_nounou.enable = false;
+
system.stateVersion = "24.11";
}
diff --git a/modules/crans/default.nix b/modules/crans/default.nix
index a7a2aeb..23f1492 100644
--- a/modules/crans/default.nix
+++ b/modules/crans/default.nix
@@ -28,6 +28,7 @@
programs.vim.enable = true;
environment.systemPackages = with pkgs; [
+ nfs-utils
shelldap
];
}
diff --git a/modules/crans/home.nix b/modules/crans/home.nix
index 13bbe94..0ae6c23 100644
--- a/modules/crans/home.nix
+++ b/modules/crans/home.nix
@@ -1,17 +1,32 @@
-{ pkgs, ... }:
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
+
+let
+ cfg = config.crans.home_nounou;
+in
{
- fileSystems.home_nounou = {
- mountPoint = "/home_nounou";
- device = "172.16.10.1:/pool/home";
- fsType = "nfs";
- options = [
- "rw"
- "nosuid"
- ];
+ options.crans.home_nounou = {
+ enable = lib.mkOption {
+ type = lib.types.bool;
+ default = true;
+ description = "Monter les home nounous";
+ };
};
- environment.systemPackages = with pkgs; [
- nfs-utils
- ];
+ config = lib.mkIf cfg.enable {
+ fileSystems.home_nounou = {
+ mountPoint = "/home_nounou";
+ device = "172.16.10.1:/pool/home";
+ fsType = "nfs";
+ options = [
+ "rw"
+ "nosuid"
+ ];
+ };
+ };
}