From c5de3676af53b25f27873999c081131fd128f606 Mon Sep 17 00:00:00 2001 From: pigeonmoelleux Date: Sat, 7 Dec 2024 15:32:22 +0100 Subject: [PATCH] Configuration apprentix --- .sops.yaml | 22 +- devshells/default.nix | 1 + hosts/vm/apprentix/default.nix | 17 +- hosts/vm/apprentix/hardware-configuration.nix | 31 ++- hosts/vm/apprentix/networking.nix | 64 ++--- hosts/vm/neo/hardware-configuration.nix | 33 ++- hosts/vm/neo/networking.nix | 64 ++--- hosts/vm/redite/hardware-configuration.nix | 36 +-- hosts/vm/redite/networking.nix | 64 ++--- hosts/vm/two/hardware-configuration.nix | 36 +-- hosts/vm/two/networking.nix | 64 ++--- modules/crans/home.nix | 5 +- modules/crans/users.nix | 6 +- modules/default.nix | 5 +- modules/services/libreddit.nix | 1 - modules/services/matrix.nix | 28 ++- secrets/apprentix.yaml | 220 ++++++++++++++++++ 17 files changed, 529 insertions(+), 168 deletions(-) create mode 100644 secrets/apprentix.yaml diff --git a/.sops.yaml b/.sops.yaml index 3acddc8..55cb31c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ keys: # Hosts keys are age keys derived from the host ssh key. - - &apprentix age1y3l4j0axyltq80d5stly43h42v0wfsc9mun0qcm92qjfc8tn85hsnmadgz + - &apprentix age1yew8ls8j5pq45k5vxfhxh5xvlnesyfktd0mskxmwq4t53vmezdaqax3aqk - &neo age1ed9esfstrdhfl3650mv4j3mjyum70245f903ye6g0f5t2ept73nqyksh3g - &redite age1utlywxylme0z3jenv4uz8ftcwteg9877y3zf46fu7zwjjwa05g7q88w8t0 - &thot age18rv8q7stsn2zv4gxuj4g4ktkeywkg2wngtdwza858jjme8wdvp8s9hkx00 @@ -38,12 +38,30 @@ creation_rules: - *_shirenn - *_vanille age : - - *apprentix - *neo - *redite - *thot - *two + # Secrets for apprentix. + - path_regex: secrets/apprentix.yaml + key_groups: + - pgp : + - *_aeltheos + - *_bleizi + - *_ds-ac + - *_esum + - *_gabo + - *_korenstin + - *_lzebulon + - *_otthorn + - *_peb + - *_pigeonmoelleux + - *_shirenn + - *_vanille + age : + - *apprentix + # Secrets for neo. - path_regex: secrets/neo.yaml key_groups: diff --git a/devshells/default.nix b/devshells/default.nix index 19101ee..651a139 100644 --- a/devshells/default.nix +++ b/devshells/default.nix @@ -6,6 +6,7 @@ pkgs.mkShell { packages = with pkgs; [ nil nixpkgs-fmt + ssh-to-age sops ]; } diff --git a/hosts/vm/apprentix/default.nix b/hosts/vm/apprentix/default.nix index 7fae1f3..8617d06 100644 --- a/hosts/vm/apprentix/default.nix +++ b/hosts/vm/apprentix/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, ... }: { imports = [ @@ -12,5 +12,20 @@ networking.hostName = "apprentix"; + security.sudo.extraRules = [ + { + groups = [ "_user" ]; + commands = [ "ALL" ]; + } + ]; + + sops.secrets.root-passwd-hash = { + sopsFile = ../../../secrets/apprentix.yaml; + }; + + users.users.root = { + hashedPasswordFile = config.sops.secrets.root-passwd-hash.path; + }; + system.stateVersion = "24.11"; } diff --git a/hosts/vm/apprentix/hardware-configuration.nix b/hosts/vm/apprentix/hardware-configuration.nix index ed0de5a..db17483 100644 --- a/hosts/vm/apprentix/hardware-configuration.nix +++ b/hosts/vm/apprentix/hardware-configuration.nix @@ -1,22 +1,35 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/b8171fb6-3aba-489a-8c40-7765e910572b"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/9d40d40e-4b3a-4740-9773-6ac23df546ac"; + fsType = "ext4"; + }; swapDevices = [ ]; diff --git a/hosts/vm/apprentix/networking.nix b/hosts/vm/apprentix/networking.nix index 1748e4e..548d59a 100644 --- a/hosts/vm/apprentix/networking.nix +++ b/hosts/vm/apprentix/networking.nix @@ -6,17 +6,21 @@ ens18 = { ipv4 = { - addresses = [{ - address = "172.16.10.150"; - prefixLength = 24; - }]; + addresses = [ + { + address = "172.16.10.150"; + prefixLength = 24; + } + ]; }; ipv6 = { - addresses = [{ - address = "fd00::10:0:ff:fe01:5010"; - prefixLength = 64; - }]; + addresses = [ + { + address = "fd00::10:0:ff:fe01:5010"; + prefixLength = 64; + } + ]; }; }; @@ -24,27 +28,35 @@ ens19 = { ipv4 = { - addresses = [{ - address = "172.16.3.150"; - prefixLength = 24; - }]; - routes = [{ - address = "0.0.0.0"; - via = "172.16.3.99"; - prefixLength = 0; - }]; + addresses = [ + { + address = "172.16.3.150"; + prefixLength = 24; + } + ]; + routes = [ + { + address = "0.0.0.0"; + via = "172.16.3.99"; + prefixLength = 0; + } + ]; }; ipv6 = { - addresses = [{ - address = "2a0c:700:3::ff:fe01:5003"; - prefixLength = 64; - }]; - routes = [{ - address = "::"; - via = "2a0c:700:3::ff:fe00:9903"; - prefixLength = 0; - }]; + addresses = [ + { + address = "2a0c:700:3::ff:fe01:5003"; + prefixLength = 64; + } + ]; + routes = [ + { + address = "::"; + via = "2a0c:700:3::ff:fe00:9903"; + prefixLength = 0; + } + ]; }; }; diff --git a/hosts/vm/neo/hardware-configuration.nix b/hosts/vm/neo/hardware-configuration.nix index 5ac6215..be3f8eb 100644 --- a/hosts/vm/neo/hardware-configuration.nix +++ b/hosts/vm/neo/hardware-configuration.nix @@ -1,24 +1,35 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/89589639-21f1-4899-97e9-d1de6eb16d45"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/89589639-21f1-4899-97e9-d1de6eb16d45"; + fsType = "ext4"; + }; swapDevices = [ ]; diff --git a/hosts/vm/neo/networking.nix b/hosts/vm/neo/networking.nix index c3d4dee..f9139aa 100644 --- a/hosts/vm/neo/networking.nix +++ b/hosts/vm/neo/networking.nix @@ -6,17 +6,21 @@ ens18 = { ipv4 = { - addresses = [{ - address = "172.16.10.137"; - prefixLength = 24; - }]; + addresses = [ + { + address = "172.16.10.137"; + prefixLength = 24; + } + ]; }; ipv6 = { - addresses = [{ - address = "fd00::10:0:ff:fe01:3710"; - prefixLength = 64; - }]; + addresses = [ + { + address = "fd00::10:0:ff:fe01:3710"; + prefixLength = 64; + } + ]; }; }; @@ -24,27 +28,35 @@ ens19 = { ipv4 = { - addresses = [{ - address = "185.230.79.38"; - prefixLength = 26; - }]; - routes = [{ - address = "0.0.0.0"; - via = "185.230.79.62"; - prefixLength = 0; - }]; + addresses = [ + { + address = "185.230.79.38"; + prefixLength = 26; + } + ]; + routes = [ + { + address = "0.0.0.0"; + via = "185.230.79.62"; + prefixLength = 0; + } + ]; }; ipv6 = { - addresses = [{ - address = "2a0c:700:2::ff:fe01:3702"; - prefixLength = 64; - }]; - routes = [{ - address = "::"; - via = "2a0c:700:2::ff:fe00:9902"; - prefixLength = 0; - }]; + addresses = [ + { + address = "2a0c:700:2::ff:fe01:3702"; + prefixLength = 64; + } + ]; + routes = [ + { + address = "::"; + via = "2a0c:700:2::ff:fe00:9902"; + prefixLength = 0; + } + ]; }; }; diff --git a/hosts/vm/redite/hardware-configuration.nix b/hosts/vm/redite/hardware-configuration.nix index 9b5a7eb..c61d274 100644 --- a/hosts/vm/redite/hardware-configuration.nix +++ b/hosts/vm/redite/hardware-configuration.nix @@ -1,27 +1,37 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/6aab06d9-2d09-4929-a680-719c6818a663"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/6aab06d9-2d09-4929-a680-719c6818a663"; + fsType = "ext4"; + }; - swapDevices = - [{ device = "/dev/disk/by-uuid/24f88af8-323d-48e3-8872-402b8bbbdc13"; }]; + swapDevices = [ { device = "/dev/disk/by-uuid/24f88af8-323d-48e3-8872-402b8bbbdc13"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/vm/redite/networking.nix b/hosts/vm/redite/networking.nix index 0b1e35b..8ec9ca3 100644 --- a/hosts/vm/redite/networking.nix +++ b/hosts/vm/redite/networking.nix @@ -6,17 +6,21 @@ ens18 = { ipv4 = { - addresses = [{ - address = "172.16.10.139"; - prefixLength = 24; - }]; + addresses = [ + { + address = "172.16.10.139"; + prefixLength = 24; + } + ]; }; ipv6 = { - addresses = [{ - address = "fd00::10:0:ff:fe01:3910"; - prefixLength = 64; - }]; + addresses = [ + { + address = "fd00::10:0:ff:fe01:3910"; + prefixLength = 64; + } + ]; }; }; @@ -24,27 +28,35 @@ ens19 = { ipv4 = { - addresses = [{ - address = "172.16.3.139"; - prefixLength = 24; - }]; - routes = [{ - address = "0.0.0.0"; - via = "172.16.3.99"; - prefixLength = 0; - }]; + addresses = [ + { + address = "172.16.3.139"; + prefixLength = 24; + } + ]; + routes = [ + { + address = "0.0.0.0"; + via = "172.16.3.99"; + prefixLength = 0; + } + ]; }; ipv6 = { - addresses = [{ - address = "2a0c:700:3::ff:fe01:3903"; - prefixLength = 64; - }]; - routes = [{ - address = "::"; - via = "2a0c:700:3::ff:fe00:9903"; - prefixLength = 0; - }]; + addresses = [ + { + address = "2a0c:700:3::ff:fe01:3903"; + prefixLength = 64; + } + ]; + routes = [ + { + address = "::"; + via = "2a0c:700:3::ff:fe00:9903"; + prefixLength = 0; + } + ]; }; }; diff --git a/hosts/vm/two/hardware-configuration.nix b/hosts/vm/two/hardware-configuration.nix index 8e55b35..343fb21 100644 --- a/hosts/vm/two/hardware-configuration.nix +++ b/hosts/vm/two/hardware-configuration.nix @@ -1,27 +1,37 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/49b72b3e-4c52-46db-8655-d7e3d93c1c56"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/49b72b3e-4c52-46db-8655-d7e3d93c1c56"; + fsType = "ext4"; + }; - swapDevices = - [{ device = "/dev/disk/by-uuid/98accdb0-7e99-4280-9fb2-43ccbbefaeb8"; }]; + swapDevices = [ { device = "/dev/disk/by-uuid/98accdb0-7e99-4280-9fb2-43ccbbefaeb8"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/vm/two/networking.nix b/hosts/vm/two/networking.nix index cf1a09e..1840458 100644 --- a/hosts/vm/two/networking.nix +++ b/hosts/vm/two/networking.nix @@ -6,17 +6,21 @@ ens18 = { ipv4 = { - addresses = [{ - address = "172.16.10.135"; - prefixLength = 24; - }]; + addresses = [ + { + address = "172.16.10.135"; + prefixLength = 24; + } + ]; }; ipv6 = { - addresses = [{ - address = "fd00::10:0:ff:fe01:3510"; - prefixLength = 64; - }]; + addresses = [ + { + address = "fd00::10:0:ff:fe01:3510"; + prefixLength = 64; + } + ]; }; }; @@ -24,27 +28,35 @@ ens19 = { ipv4 = { - addresses = [{ - address = "172.16.3.135"; - prefixLength = 24; - }]; - routes = [{ - address = "0.0.0.0"; - via = "172.16.3.99"; - prefixLength = 0; - }]; + addresses = [ + { + address = "172.16.3.135"; + prefixLength = 24; + } + ]; + routes = [ + { + address = "0.0.0.0"; + via = "172.16.3.99"; + prefixLength = 0; + } + ]; }; ipv6 = { - addresses = [{ - address = "2a0c:700:3::ff:fe01:3503"; - prefixLength = 64; - }]; - routes = [{ - address = "::"; - via = "2a0c:700:3::ff:fe00:9903"; - prefixLength = 0; - }]; + addresses = [ + { + address = "2a0c:700:3::ff:fe01:3503"; + prefixLength = 64; + } + ]; + routes = [ + { + address = "::"; + via = "2a0c:700:3::ff:fe00:9903"; + prefixLength = 0; + } + ]; }; }; diff --git a/modules/crans/home.nix b/modules/crans/home.nix index 9839960..13bbe94 100644 --- a/modules/crans/home.nix +++ b/modules/crans/home.nix @@ -5,7 +5,10 @@ mountPoint = "/home_nounou"; device = "172.16.10.1:/pool/home"; fsType = "nfs"; - options = [ "rw" "nosuid" ]; + options = [ + "rw" + "nosuid" + ]; }; environment.systemPackages = with pkgs; [ diff --git a/modules/crans/users.nix b/modules/crans/users.nix index 9a7352a..f04a6d6 100644 --- a/modules/crans/users.nix +++ b/modules/crans/users.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: { users.ldap = { @@ -35,11 +35,11 @@ }; sops.secrets.root-passwd-hash = { - sopsFile = ../../secrets/common.yaml; + sopsFile = lib.mkDefault ../../secrets/common.yaml; }; users.users.root = { - hashedPasswordFile = config.sops.secrets.root-passwd-hash.path; + hashedPasswordFile = lib.mkDefault config.sops.secrets.root-passwd-hash.path; }; services.openssh.settings.PermitRootLogin = "yes"; diff --git a/modules/default.nix b/modules/default.nix index bed0b34..1515e9b 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -5,5 +5,8 @@ ./crans ]; - nix.settings.experimental-features = [ "flakes" "nix-command" ]; + nix.settings.experimental-features = [ + "flakes" + "nix-command" + ]; } diff --git a/modules/services/libreddit.nix b/modules/services/libreddit.nix index 1a6a568..35157b7 100644 --- a/modules/services/libreddit.nix +++ b/modules/services/libreddit.nix @@ -7,4 +7,3 @@ enable = true; }; } - diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix index 5323538..0277ca8 100644 --- a/modules/services/matrix.nix +++ b/modules/services/matrix.nix @@ -3,10 +3,12 @@ { services.postgresql = { enable = true; - ensureUsers = [{ - name = "matrix-synapse"; - ensureDBOwnership = true; - }]; + ensureUsers = [ + { + name = "matrix-synapse"; + ensureDBOwnership = true; + } + ]; ensureDatabases = [ "matrix-synapse" ]; }; @@ -19,14 +21,22 @@ listeners = [ { port = 8008; - bind_addresses = [ "127.0.0.1" "::1" ]; + bind_addresses = [ + "127.0.0.1" + "::1" + ]; type = "http"; tls = false; x_forwarded = true; - resources = [{ - name = [ "client" "federation" ]; - compress = true; - }]; + resources = [ + { + name = [ + "client" + "federation" + ]; + compress = true; + } + ]; } ]; }; diff --git a/secrets/apprentix.yaml b/secrets/apprentix.yaml new file mode 100644 index 0000000..2f73660 --- /dev/null +++ b/secrets/apprentix.yaml @@ -0,0 +1,220 @@ +root-passwd-hash: ENC[AES256_GCM,data:wHR2Uk5qdfDE2MWs3rkkW72mpeDm1dz5Kg==,iv:SFw5rt4QiJOseWU+CMzbto6CAr6jjnXc8kwnSKByJyU=,tag:zNME8ZxbvWcaEe3WbAWWxA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1yew8ls8j5pq45k5vxfhxh5xvlnesyfktd0mskxmwq4t53vmezdaqax3aqk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbUt2SE01clNUVldyMnIw + RXUwbDJCcTZwUWx3cHFLbDBqUit5M3FPVzBnCndkamt1Q2U4THQ4aHlmWEtoRHlD + emtVWVY1enl3ODBaTEdxUDJnRVkrVzAKLS0tIDZLWDE4eUFzOFhBV1pjMlJ1c1Zp + b0NObmpwMHpTU0YxYk1kN3pFdE5IWjQKQhFRtDHOK/sfV+pNhivQDX8aUf0IVaJy + JCT60MR/M0JD8+k2JrwkZxJy+wOqivBuQwdzL68OnslQtGR2E/Slog== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-07T14:51:53Z" + mac: ENC[AES256_GCM,data:zgvseloTGUaJje6emsM36vKzYp0flRlV3UIVRMs5PbhrsGNrQIGnL0FkBGBFN6Rjss0KxWeZby0cK7QKQuZvwfvGN+HZi7sYI0AEVjgNPO6355zKRSxx80/oAZYyNLvb61INwaMdee+PbbVF96qY+OcPMT59P6TcdbqV1LRogX4=,iv:TGHgxgoD6oBrKZh2pYJC7d/67skmfSSF4REF1I/Kh0k=,tag:wNk2W0NQgN4antRq0cyyzw==,type:str] + pgp: + - created_at: "2024-12-07T14:16:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DtMjybqIQmUESAQdA/ZBC+dXCHwm699TtX2UdrJ5MU6e4ogFQOTUvE/V0kR4w + rgqplX13xLq86pt3ujxMbsE9zs9zLLh7oeliktR29vP6KfsocPfWF2FfLKimRNYd + 0l4B4VmexVAn8APL4HlaPKJAQJz8CbWoesAD8IbnKTD351gxRUWgH6spEOMN2KLM + KIvyGV7SrLCSmPUgKTwDM50NQm4b+C7lv1nBreAydfgy4j6MoplDwuguZWmT7DqD + =P3Im + -----END PGP MESSAGE----- + fp: 0x40CB48A443B03B5DBA484D279A130774C458F4D4 + - created_at: "2024-12-07T14:16:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA8m7r5bNaN8eAQ//Yx9rjU4bBAdMIS5fFIrCFnCvvvacZfSnhaPm7175L4eU + 8S3TrDX9cEIFxXuLgJEMKMxcouagtLPqahJEqe4eoVHi/vDhst0663+3/noNfdkB + 2IzHKaQxobXqD+9RblJf8Fcv0xQk8nLePoIExfmK2ikhaHzUmTqGk/FUgS9WjtbT + 2x3+i9oeNF9fpKFzloTfxQGoXVU0+4oB7Krwas7n3RmAzHpRxO8e6i+mZ54SL8B0 + roKu3NUwsBVEppwA4BfJy+c8PFpf7Et10bBQ32ORMyeCP0XkX6WQ2wLC0X2aYjqL + nWWhUAS9WTE7r64P64smFFN2b+nqFnEEaVMhDx4cbIwZy8xw5nNSKY1ckSle8qkX + 0Vi7BXHMytxNPog2ra+PPs1l8Bi4wqRLCdRka4eNeZQQJ5jddn583MYbsK/AveNP + l1VSE7Qv2LhiPATqWiFRHMYri8L5paZF7l3g38LgtrhNOE2SKS95U87NJg/bUnWc + 9//piRa9jxuwA3RWaz3qCJXuDrTo13RtiKpGUF115CP7lTb29snTb7wUYTCKblv5 + NwpjyAt3jgGEfYGWX7pTAFUV/ZPMTpF34ndN1WSBYjTGte24Yfu7dZrENIhak+n0 + sipt3m7Cn/aB0Pv39VE4uMNEM7wmorkJmxYGY3AaU7+NW8RpHwIjDDudaruJSqTS + XgHgD075H9uS6+xO4uMNyWIymo0wbjb3gxYxqZFVQLJcfNp0jlL5TyfL0VFIniRt + nN/UDOqAdCQI9hLfGwGzFt/hyTL3Hn8ZJTGJcnzBXQCEUBp/0oYN1X7ZIa0CjSE= + =nzNo + -----END PGP MESSAGE----- + fp: 0x9487E782E043EC0D9E0F6C27D46D7E3364433208 + - created_at: "2024-12-07T14:16:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA9A+dmzvmzOLAQ/+I+ROcX9MIvF/7vmXASAiYInPtLu9U8Ug19Pj+AXuVadX + 3R3op9PvwS1IbXTCN/nkAhEndOLFUbRR0SxCED14xolsJH+Lrnm0cuuqhVzCkg4/ + g7wedh5GoJcX7AiZ8RnviVixIU+fVm41UPA2eLetHIgFfoLZafcHqQSOPC1+lUj5 + jECr2cVoQsBKCxAYN9NwGar46q4QJiNFpeLrYo98Xb+8qUf7Czc64O7/X+gft3/q + bGAZmcGN8YvTSy9ELnDPRPbMksrcNZoNNDyJ0wRjoVCsErj/wG3IS+yBxSLtpxMB + n71mylqojtu9qSxvOU5XAbiO8RJvI2kt5sbCl3r6JAUgVZVqzHwvxsWQPrAmRaIU + J3DkQlem63pVLbFfhjaDIhLE5bS/ODy1YrSSPgvw8tDgqyv9jN4OdiRgTPgJXlSe + IVfbJubFgKCdHxZ3gIpGd8QX7BwlNPqVqZCEZdijo1tmF7EgPj04l111CCecQIyI + o0xYst4hcc1tfjicUjiiOmB1rK01Y4QWheR6c3k6tZa5+of3QjBtsdgMRGmai1lz + Hz6oH0wL672ti3Td+j1gLHupFYF2XBZrERKRtbJJkPiO7yIbu2Cu+4xdBrwu6khu + KN/I8IS3g2ZdigI9gtoArteB1qAVNZNdRWjUN7Av5JEsyCCpef2Exvi17ppHLbnS + XgHStUrR/Zmun/r3IZZG0rKioNBcRC4nuw6Ky+bv+qyseFiBWldSBnNfnrIER6jV + kiWIexVMekdlZ424ee/tmgKf+ROwvTJIR69H0lOcETujALXedWBrMoNaaK+3+CA= + =NpUl + -----END PGP MESSAGE----- + fp: 0xBC354C0D5CC674D11D3EF7AC2BD76BB280787FB9 + - created_at: "2024-12-07T14:16:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DRBWo2b0h4f4SAQdAle9eSFMLrJXyleUg0J2h/xhkELTd8LKVbHKGetpDKkMw + alZE6czx6HLsTcKX67zUL6ugHePYHd+pboUkFogwJpgkIIyU2+ofNn1YqW1WzVBX + 0l4BY0J5TZly6XGyy75UiC01nZcuXbEqSnvflHG8dCPkrtapnYE+NbkMAWm1r+Re + xI1fZ9UlbzXFv/V/oEXIewtuSdB9s7vly7D/KvffKC3nOD9P6oVZyNJZuTNTEC63 + =wOq8 + -----END PGP MESSAGE----- + fp: 0x572D19D312825B1A504C9003531DDDB6EB559FBA + - created_at: "2024-12-07T14:16:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2iXGbkufjklARAAltyeYNFXHJotSZszOP3EwjcaQTGJ9PWkgSfBnZmm3kJd + 78DhtrQ4VPtj9U4ZfUuXl/ePK51VI4rixioo/7afKWWi34mEWZH8QvpZWNhD8s0D + GVds7dC1VjqOMdPX04rI8+8BUGzrhCRBT5bTbaN9D+R2Xe5jI1qEVzdtRHP75UOw + myCzqdG2Xy7CZTYyGKcBBJLQkxTsZadxeGDVT5QKUjYMSjLQ45rtreLlkN3esUoI + A2e+Gh3CeaEek784dU2nYmgzzOTI2QnozyEz13/Kvz2hvCY2BhlT3vGr+GLwxoun + Zwjqlv398SQyW6DMj9Oztxd3Pl87GxpwRWeVL9H0f0vfDSNFPAY51FRcKCJZ1wrU + 4XFvgrtSO1pIyoj8kisYC7STkB39RKsVJ1gyyTGgIHcBvwAIWDfBc47Ekwn90T9F + WJmv696cxTy4GtyjMd8FsuDvpMP0YPfi0ctbHRNPSNVngS5e8rTNzItZyKNFHFIW + uygQWBDZMI+ay0VkEoYl73oeqASBXDxlr7gmL7jKKN7wGupydggPaRNrQr/Wrmuk + 4hmMg9Mwh7FS8Ve5I6dTiucqZW+xEvwGpT6saz0yEUr7XE+zrrkTUMAb2CjpGZ+w + lEBUPyVSf73bATN/n4gi0SwFRog6O/S/6tkYWkIDzx5Vs43G04p2TxQCXc85In/U + aAEJAhAbEUFXGj7MVXN0mUM+RxiapyAU6S3Punfhrk3jsckZOPFhwc9c3RvGXzhq + QEpeHKIVm/oX0xCJ9YcEIFvdgyHaqm+Sd3L1dehYrhCzLLisV9/ivSXECdC6UsT3 + Go0wZ/PGMlKx + =euxN + -----END PGP MESSAGE----- + fp: 0x270A71E7908CA9D9252000B01EFEFDF3F7B80B01 + - created_at: "2024-12-07T14:16:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4Uty74yOFxLARAAloRgO344TAsArBC6zdjWz6T/Ea1W8irpNKY8vyBrHt5u + CeKlWy+7ufEH3cDI7vPeLvUY5v83jK30p2R0uNrctAxKWxA88FxKp8UC3dW0UpWG + J+fhmzNhID4/fw++NzEpcErisB8OONEtK1s70HFEJ+3ZLCB2FOL36brAD094Hj3U + RkmRZFexGuH32XLuI/tWfahpG21wNwOUl3UZc+UcgcYC0UuZ+JOkRB/NUn26+LfJ + szoivDUk71tC8M2DZTqKEfhLfn9dAo+oGhh+z889tvSyM+OhdmoCPoSbrHqa9vHV + vKWj5UCPkg8cUkVkACgGzE7/2CibD6D/MjrUIQI979dNZVOGerI6ltvU0NePC2WI + ppN2OZVTWSR80FnAG/qMMgoqVW+3RT2RKFaguMLfzIZ9mHJmWJP8JCCIGUjlf5Bp + uYQnE4scl9zq2RjVMIz8LZOrBUln/wu50NVswxEkIaVEZaCFvFOHcA5fy36mOUaN + aKGUd5XzrN5LJ/2Fh5X8fGsoYaanGX/XN22zKQ6QLBbEOAGpSf27dztYrXQAtUVe + gkkp6iL1e0CujViu9uXCgt+XyNg5ReJuRrKQHpnxIDlxI7irJOKdI40f7jcWR21Q + ybvjo81GBxpzjEgqRX2kqGXKzycdbuk+IbtnHJBSbITIKH8zFYxNaOQT6RXsUjDS + XgEVTM3sAR767EZgK6QFRNHGCjc+x/u0uItqaEO0wBTIhIMrdh1EOvRrVq768oNY + cxqMeYNMuqbP9/8LNMqzJSxBphGOkbwiaUijALY1syMDJbqZ1CgkPWH3RsNJJ54= + =hMqW + -----END PGP MESSAGE----- + fp: 0xA534E46682DD8C35377352C88DD28608BE411065 + - created_at: "2024-12-07T14:16:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DIBqTX2T418ESAQdAp665HoLg7r76LztlYrQhbUIOys5R3jvOng2T76vC6Vcw + 05L3TI4c/h+rm6rHEOLwAXXNda/xtNKVWi/Pl0/Yuy4Ispz4VETSwIHYG4AehUOV + 1GgBCQIQ7ML7gSRf3HebptDFvEm4F1G/IIKs+GmSGvpBYaYGVoFh3roX6CMuRALd + wEF8YPGTJIBz0nE8CmUZyjSlk9c/XDEeJUnAMCDwHQCp8rd8DOYw8KB9gbuqWZcC + Tlt6fx7vTW75kQ== + =4wfP + -----END PGP MESSAGE----- + fp: 0xFF7D1156D33F4060A4B15BFBD6CDAB8050CBBE7D + - created_at: "2024-12-07T14:16:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA7auZh4eKOkIAQf+I+Mwg7cnO+DGUvvMC/eR8TSIowoZwrUEFzo2gDxLKc4P + eAdB/cEbxzmVCyRmi95IE4v+c/5C+8FNjncD/RAyzMknXt2ychnE7r/V/I6jk204 + UO/QCxA4qTOamcrS7DDeNXFa4jtJyA1ZsS/7XAw/h1EywRnJlJFVoPGiNaMfRdCI + j0qovqaAbGtdWten7YwuwnAX6dWPMz4ioKzmAbTA8vVqtz/O9Pn3wVRX8ScZy64U + wV74Wp2a6dmR6PFNIP1TyFA2xJ+c6mQnyp9IV7ggkIO5PClKaF7ec43OcD11ERiq + 4d/GGxpSh2Ot0fG3tNQOXp+HghS7u9Yky8Tf6Ia/3NJeAQMwZtlrUAxdxx0JrwZ2 + TdMaD23pnY31QCIUi4UJ88f2DND6wN7j5zjqz2xlAxbgZiFEf/S0rKnp23RpZf7C + vEJrrJfBZAiMHIiTuOUNEX5bVStTqSB9mxnKsnJCxQ== + =aXeC + -----END PGP MESSAGE----- + fp: 0x49BA444CDC680527B4835F7C3C1AC435CD1F217B + - created_at: "2024-12-07T14:16:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA11f9zoCBF1cARAAgoJdyillpkxJ0j93cdT7PXe+AwjrEFXjcIYbUV1te25B + tSlD9ilhBjipaTKkatvPierMaqEOzmA33wkDw9N/gdSJSeAEJ0CVgCwFLWeV6apx + D+YucdrrO05r8lLbpANv4eVAboZU5AbLhPnHHPsxVlgckrNtydlnvJgLgp4qDh0w + yZhNmJWNPzk4NWz0JyMAmqS0SaWFQX5iMX18iN7ZEzvhW7OYAkU8ZkLh3nbDoPi6 + mQG6acn7OxV6edj/Pbj6DEh696j0iwshwF7QWqYJI4v9CUYv1VKCa7bzNCrcFNOl + qrUz1Ig8otLv3VchH/b0dOeCaHbK08YCZCMKfhLMG2NkDav6dELfgVn+pfIyaRyA + pua1xgnfvhVKdv9ZiaTI5P2kG2ady2suyIQ9jeG/PYjEhAuiLCiU/PeXVnnJRgzJ + CwtGv5CIsGnsSIhGrwvpj5xqwmt9VyYcsfFlRbK4GIaC0Mk5AoIpYHrwbHzX7BTg + qgaQz73G1K2PDOEklSiA8jQzaE0AEjDX6wOvrElBpHrhMJ/CfbPDyAlp2E4gDU36 + RJC8FVfL+q8uHLTzH11IshXGMkz/YLvkn65bGFJuZLmoGiJ/D8Ihg8yhGX88NW2D + sxEHmMBP7K9kfOkzm6J/YLzUshiEb0TZThUqKjEVx9+im8R29IpJatwKpNohhNDS + XgEaxyXzX66J1c3De2dmKpIR1iocYyfVYhula1CwPc75sqw9tRp+cVDL8i5Yn7nG + UG6bJcBth/MImg5ARYLGEUwQGWEqhHoSuQDRr1g/arSLrjbET+J6+7rwJmceySQ= + =SkJc + -----END PGP MESSAGE----- + fp: 0x9AE04D986400E3B67528F4930D442664194974E2 + - created_at: "2024-12-07T14:16:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA/HTIsSK0VBlAQ/8CG6lZfxbXQz8I3c4qdRZ71CjGTZrfeQdhSEnSCvjYqWM + udsitJU4aw1+6DTfJr53S/Q7RYQcxpAWKJpfawL+N4nkw7Zdbb9YuXZN+sTeoAfw + XV2GsbkD9FOuoMiPUY9tfXeY6LrWFuf6FgCxF3ZVttYaBaSSzI5DOX+Nb/uWWsSP + wKk0lZvxQTbo2VRq3ETMadmobI7JjstV2X6WpLS7FGpHIB6BMypGonbB7uRkYH2z + +rw0KARfVW/V0CSEs0J7NtpyfQH+l5UvlFndKtAlUIvM0QUMg5yEOKgF8b9Jvrse + zDiEpeze2OZWQaHJSZkUF9ZDm+mNpF3GlcrRDhI01+ceVDMflOeg/7X9x1s//r1a + LnxEDqXSpiLwxqEi6lKKhXqhHg4VMGRtmnGkB6sHa4UBNMsRCuFMmlwNulQNqcqy + HXrQ/gLjY/cws80HT9f8xGXbUOuCPAFIdqE14Xmq4tlKcxIWoFUgUW2UF6ix14z2 + NvgPG75sNarnU7bJ+LaU+/sX3NtVpQv+Li3IZ36NLb1K3kJs/qclZOR47k/mIxeY + MUWIt9TwOSV86jfVAfnsRX//N+K2h/xchqIrg2knqlueXxWPvlp/ilnOO948VmfZ + AgKhLHX5ItcOiP4r5gxShqijT8ka4wK9oB8YP3NWbHuO7AHkyTuDBOjhWOSY8QDS + XgHf6ZS6d0yvD5GDICw/D0PvxCsO2EsDGgbjKIUNt+Do23bgRUPDY6ASKC4NV0PP + LHsoHcKyAX7yIBMq2GddoHldtVBiCiJOZKraaJB1dCEdDS1KEMjb1wIfNlqBKp4= + =ljdD + -----END PGP MESSAGE----- + fp: "0xFA47BDA260489ADA" + - created_at: "2024-12-07T14:16:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DYIEGJeT64uMSAQdACF6vmNwDliN+1IkgTTO0SPuvpR0OLhxks+9oS+8d+y8w + JPxG9PPh+u91eFtanZWK0beCNPuG0AQrSDzL4E4Z58gP0VlJ/bTzjVdKG/umEaIq + 0l4BrDu6CHYDgq8eeUB0pGahxmr8Zk9ngUrfYEuRL54COkjCZQ1hcn54UiTkRBvU + HZ3M21q7OZdtpg2Ot7tAa5P+5dBGIoSjz4PyqR629pA4H30q1lU6Q/0jRHp0rc5G + =iCEK + -----END PGP MESSAGE----- + fp: 0xE474A4AB587CD834813DF35D03FDB411169D6C8B + - created_at: "2024-12-07T14:16:40Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQGMAxrcfL3KHjCOAQwAtJ1/AB1buFLWwJOpT77K8hU/TgXZZBUVIjHqgMvr17GJ + KXh2l+HN+EszzadTp1nz2Hmk7rmo8SF9K1Hx2+xQVkaYXpzJQpdr9U76ETKgiEDE + at8FnS8Qguva5RtemiB/5QEU89n52FqgkJrp6xO1pCgSKuMT+zKHzTA7R9ktHRVY + F1aadImQQcaSi+zPk5oJvXLFvQPSo9imK1+yiq3FNWpcHTZE12baK/zvdA3ufVmd + nu93AmFJQ3oRJpMfAw/Q6hvdLFB0Ueh0JJ2iviaQf5xavjffO8l4E9zSw0DHh2ac + MK8Lt6vb3vYa0xZxtECOwZoy+HFxSHRFxacQxQMvPjWlqyUxleUvZcJ7ilRQMV0f + VKLlgfXkxu8Qv1qx7HtgFYsXXeDodUnK4/3LdQNZnP2eZHdZ35+G8jzM8xZWZ7rF + QIiHKcf3BvHp0ExbeJWnKlkh9Rj9VlWp/CyChso8NR8grH4vEtSJ+P5C6tBxzwbm + IAbz3UTiytwysxbuph420l4BCz1fQ0lagS9BtlpYSTv67ZQmetHochI1a88OAK43 + saz9yDwtwW1WuoDc2sLA7cQFxWPn2Uav3pE45IcnIua+DpD1l2Q4xfBNA7afF8fE + w3PZc2zuVfL7zpx5LpV7 + =xrME + -----END PGP MESSAGE----- + fp: 0xD5B872E407D438721E5887A000E765FA7F4F2EDE + unencrypted_suffix: _unencrypted + version: 3.9.1