diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index dbbb834..429a454 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -13,6 +13,7 @@ env: extra-experimental-features = nix-command flakes accept-flake-config = true TERM: ansi + jobs: build-machines: strategy: @@ -36,12 +37,15 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: Install Nix uses: nixbuild/nix-quick-install-action@master + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false + - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -59,24 +63,32 @@ jobs: purge-primary-key: never # always save the cache save-always: true + - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build + + - name: build and cache run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix build -L "$package" - - name: cache - if: always() - run: | - package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - xargs attic push main <<< "$cache" + attic push main --stdin <<< "$cache" + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.machine }}-${{ matrix.os }} + path: result.tar + if-no-files-found: error + build-homes: strategy: - fail-fast: false matrix: home: - yt@ytnix @@ -97,11 +109,14 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - uses: nixbuild/nix-quick-install-action@master + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false + - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -119,18 +134,26 @@ jobs: purge-primary-key: never # always save the cache save-always: true + - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build + + - name: build and cache run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" - - name: cache - if: always() - run: | - package=".#homeConfigurations."${{ matrix.home }}".activationPackage" derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.home }}-${{ matrix.os }} + path: result.tar + if-no-files-found: error diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 872aa6d..5bb8b29 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -16,6 +16,7 @@ env: extra-experimental-features = nix-command flakes accept-flake-config = true TERM: ansi + jobs: build-packages: strategy: @@ -28,27 +29,33 @@ jobs: - ubuntu-24.04-arm - macos-latest - macos-13 + runs-on: ${{ matrix.os }} steps: - name: Install Nix uses: cachix/install-nix-action@v30 + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false + - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + - run: nix build -L ${{ matrix.package }} + - name: cache result - if: always() run: | derivation="$(nix path-info --derivation "${{ matrix.package }}")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - xargs attic push main <<< "$cache" + attic push main --stdin <<< "$cache" + - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + - name: upload result uses: actions/upload-artifact@v4 with: diff --git a/.sops.yaml b/.sops.yaml index cb7e65d..6276e76 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -118,8 +118,9 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/services/searx.yaml key_groups: - age: - *chunk - - *cy + - *cy \ No newline at end of file diff --git a/flake.nix b/flake.nix index 7746231..494ce4f 100644 --- a/flake.nix +++ b/flake.nix @@ -113,12 +113,17 @@ nixConfig = { extra-substituters = [ "https://nix-community.cachix.org" + "https://cache.garnix.io" + "https://cything.cachix.org" "https://cache.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; + builders-use-substitutes = true; }; outputs = diff --git a/home/codium.nix b/home/codium.nix index 935866b..2d7bb9d 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -10,7 +10,8 @@ extensions = # if unfree # with pkgs.vscode-marketplace; - with pkgs.open-vsx; [ + with pkgs.open-vsx; + [ vscodevim.vim jnoortheen.nix-ide github.github-vscode-theme @@ -20,8 +21,6 @@ tomrijndorp.find-it-faster streetsidesoftware.code-spell-checker emilast.logfilehighlighter - tamasfe.even-better-toml - golang.go ]; userSettings = let diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 3ec6aeb..9b20a66 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -102,7 +102,6 @@ pixelflasher element-desktop freetube - gopls ]; home.sessionVariables = { @@ -113,13 +112,13 @@ RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; SCCACHE_BUCKET = "sccache"; SCCACHE_REGION = "us-east-1"; - SCCACHE_ENDPOINT = "https://s3.cy7.sh"; + SCCACHE_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; SCCACHE_ALLOW_CORE_DUMPS = "true"; SCCACHE_S3_USE_SSL = "true"; SCCACHE_CACHE_MULTIARCH = "true"; SCCACHE_LOG = "warn"; AWS_DEFAULT_REGION = "us-east-1"; - AWS_ENDPOINT_URL = "https://s3.cy7.sh"; + AWS_ENDPOINT_URL = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 9a621c4..2fee98c 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -22,6 +22,7 @@ ./forgejo.nix ./garage.nix ./tailscale.nix + ./tor.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -100,18 +101,22 @@ ${tc} qdisc del dev ens18 root || true # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 10 + ${tc} qdisc add dev ens18 root handle 1: htb default 30 ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - # rest - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% + # tailscale + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% # caddy + ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% + # rest ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 ''; }; interfaces.ens18 = { diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 81b4af3..0dade9f 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -10,13 +10,15 @@ api_bind_addr = "[::]:3900"; root_domain = "s3.cy7.sh"; }; + s3_web = { + bind_addr = "[::]:3902"; + root_domain = ".web.s3.cy7.sh"; + index = "index.html"; + }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; replication_factor = 1; db_engine = "lmdb"; - disable_scrub = true; - block_size = "10M"; - compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; }; @@ -29,6 +31,10 @@ reverse_proxy localhost:3900 ''; }; + "*.web.s3.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3902 + ''; "admin.s3.cy7.sh".extraConfig = '' import common reverse_proxy localhost:3903 diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index f79a7ff..ee5a382 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -29,14 +29,6 @@ } ]; } - { - job_name = "garage"; - static_configs = [ - { - targets = [ "127.0.0.1:3903" ]; - } - ]; - } ]; }; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 60d4e0e..59a02e1 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -15,16 +15,9 @@ serviceConfig = { Type = "notify"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; - ExecStart = '' - ${lib.getExe pkgs.rclone} mount \ - --config ${config.sops.secrets."rclone/config".path} \ - --cache-dir /var/cache/rclone \ - --transfers=32 \ - --dir-cache-time 30d \ - --vfs-cache-mode writes \ - --vfs-cache-max-size 2G \ - photos: /mnt/photos - ''; + ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ + config.sops.secrets."rclone/config".path + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos "; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; }; }; @@ -39,22 +32,9 @@ serviceConfig = { Type = "notify"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; - ExecStart = '' - ${lib.getExe pkgs.rclone} mount \ - --config ${config.sops.secrets."rclone/config".path} \ - --allow-other \ - --cache-dir /var/cache/rclone \ - --transfers=32 \ - --vfs-cache-mode full \ - --vfs-cache-min-free-space 5G \ - --dir-cache-time 30d \ - --no-checksum \ - --no-modtime \ - --vfs-fast-fingerprint \ - --vfs-read-chunk-size 10M \ - --vfs-read-chunk-streams 32 \ - rsyncnet:garage /mnt/garage - ''; + ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ + config.sops.secrets."rclone/config".path + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage "; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; }; }; diff --git a/hosts/chunk/tor.nix b/hosts/chunk/tor.nix new file mode 100644 index 0000000..2ad4a89 --- /dev/null +++ b/hosts/chunk/tor.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + services.tor = { + enable = true; + openFirewall = true; + relay = { + enable = true; + role = "relay"; + }; + settings = { + ORPort = 9001; + Nickname = "chunk"; + # MaxAdvertisedBandwidth = "20MBytes"; + }; + }; +} diff --git a/hosts/common.nix b/hosts/common.nix index c7841c3..feafd17 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -10,12 +10,16 @@ "@wheel" ]; trusted-public-keys = [ + "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" ]; - trusted-substituters = [ + substituters = [ + "https://niri.cachix.org" "https://nix-community.cachix.org" - "https://cache.cy7.sh/main" + "https://cache.garnix.io" + "https://cything.cachix.org" ]; }; channel.enable = false; @@ -29,6 +33,9 @@ persistent = true; options = "--delete-older-than 14d"; }; + extraOptions = '' + builders-use-substitutes = true + ''; registry.nixpkgs.flake = inputs.nixpkgs; }; diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix index 4ef858c..a2aa405 100644 --- a/hosts/ytnix/containers.nix +++ b/hosts/ytnix/containers.nix @@ -1,4 +1,4 @@ -{ +{ config, pkgs, lib, @@ -6,22 +6,20 @@ }: { virtualisation.oci-containers.containers = { - immich-ml = - let - modelCache = "/opt/immich-ml"; - in - { - image = "ghcr.io/immich-app/immich-machine-learning:release"; - autoStart = true; - pull = "newer"; - ports = [ "3003:3003" ]; - environment = { - REDIS_HOSTNAME = "immich-redis"; - DB_HOSTNAME = "immich-db"; - }; - volumes = [ "${modelCache}:/cache" ]; - networks = [ "immich-net" ]; + immich-ml = let + modelCache = "/opt/immich-ml"; + in { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + pull = "newer"; + ports = [ "3003:3003" ]; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; }; + volumes = [ "${modelCache}:/cache" ]; + networks = [ "immich-net" ]; + }; }; systemd.services.create-immich-net = rec { @@ -35,4 +33,4 @@ ${lib.getExe pkgs.podman} network create immich-net ''; }; -} +} \ No newline at end of file diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index b57887e..c185991 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -144,52 +144,49 @@ "docker" "disk" "adbusers" - "podman" ]; - environment.systemPackages = - with pkgs; - lib.flatten [ - tmux - vim - wget - tree - kitty - borgbackup - htop - file - dnsutils - q - age - compsize - wireguard-tools - traceroute - sops - sbctl # secure boot - lm_sensors - sshfs - openssl - just - killall - lshw - bubblewrap - fuse-overlayfs - dwarfs - wineWowPackages.stagingFull - (with gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-plugins-base - ]) - vulkan-loader - (heroic.override { - extraPkgs = pkgs: [ - pkgs.gamescope - pkgs.gamemode - ]; - }) - ]; + environment.systemPackages = with pkgs; lib.flatten [ + tmux + vim + wget + tree + kitty + borgbackup + htop + file + dnsutils + q + age + compsize + wireguard-tools + traceroute + sops + sbctl # secure boot + lm_sensors + sshfs + openssl + just + killall + lshw + bubblewrap + fuse-overlayfs + dwarfs + wineWowPackages.stagingFull + (with gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-plugins-base + ]) + vulkan-loader + (heroic.override { + extraPkgs = pkgs: [ + pkgs.gamescope + pkgs.gamemode + ]; + }) + ]; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; @@ -387,5 +384,4 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; programs.fuse.userAllowOther = true; - nix.settings.sandbox = false; } diff --git a/modules/attic.nix b/modules/attic.nix index 5aa54c6..e7fbe8d 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -21,7 +21,7 @@ in allowed-hosts = [ "cache.cy7.sh" ]; require-proof-of-possession = false; compression = { - type = "none"; + type = "zstd"; level = 3; }; database.url = "postgresql:///atticd?host=/run/postgresql"; @@ -44,4 +44,4 @@ in reverse_proxy localhost:8091 ''; }; -} +} \ No newline at end of file diff --git a/modules/containerization.nix b/modules/containerization.nix index fd39da9..416d2bf 100644 --- a/modules/containerization.nix +++ b/modules/containerization.nix @@ -28,11 +28,8 @@ in dns_enabled = true; ipv6_enabled = true; }; - # answer on /var/run/docker.sock - dockerSocket.enable = true; }; - docker.enable = lib.mkIf (!cfg.usePodman) true; - oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker"; + oci-containers.backend = lib.mkIf cfg.usePodman "podman"; }; }; } diff --git a/modules/searx.nix b/modules/searx.nix index db22bed..9e23955 100644 --- a/modules/searx.nix +++ b/modules/searx.nix @@ -44,4 +44,4 @@ in reverse_proxy 127.0.0.1:8090 ''; }; -} +} \ No newline at end of file diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix index 443d886..8fda611 100644 --- a/modules/vaultwarden.nix +++ b/modules/vaultwarden.nix @@ -29,4 +29,4 @@ in }; }; }; -} +} \ No newline at end of file diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix deleted file mode 100644 index 14f5daf..0000000 --- a/overlay/attic/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -final: prev: { - attic-server = prev.attic-server.overrideAttrs { - patches = [ - ./prefetch-32-chunks.patch - ]; - }; -} diff --git a/overlay/attic/prefetch-32-chunks.patch b/overlay/attic/prefetch-32-chunks.patch deleted file mode 100644 index bbb801b..0000000 --- a/overlay/attic/prefetch-32-chunks.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs -index 02e4857..71eeee8 100644 ---- a/server/src/api/binary_cache.rs -+++ b/server/src/api/binary_cache.rs -@@ -262,7 +262,7 @@ async fn get_nar( - - // TODO: Make num_prefetch configurable - // The ideal size depends on the average chunk size -- let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| { -+ let merged = merge_chunks(chunks, streamer, storage, 32).map_err(|e| { - tracing::error!(%e, "Stream error"); - e - }); diff --git a/overlay/bitwarden/default.nix b/overlay/bitwarden/default.nix index e9ace96..bcbabea 100644 --- a/overlay/bitwarden/default.nix +++ b/overlay/bitwarden/default.nix @@ -1,9 +1,7 @@ final: prev: { - bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs ( - finalAttrs: prevAttrs: { - patches = prevAttrs.patches ++ [ - ./ssh-agent-no-confirm.patch - ]; - } - ); -} + bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs (finalAttrs: prevAttrs: { + patches = prevAttrs.patches ++ [ + ./ssh-agent-no-confirm.patch + ]; + }); +} \ No newline at end of file diff --git a/overlay/default.nix b/overlay/default.nix index 0eea626..1df98bd 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -3,7 +3,6 @@ let overlays = [ ./zipline ./bitwarden - ./attic ]; importedOverlays = map (m: import m) overlays; in @@ -15,15 +14,14 @@ in pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; in { - conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; + conduwuit = + pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; - garage = ( - (pkgFrom inputs.garage "default").overrideAttrs { + garage = ((pkgFrom inputs.garage "default").overrideAttrs { meta.mainProgram = "garage"; - } - ); + }); } ) ] diff --git a/secrets/yt/aws.yaml b/secrets/yt/aws.yaml index 0a48d33..40f828a 100644 --- a/secrets/yt/aws.yaml +++ b/secrets/yt/aws.yaml @@ -1,8 +1,6 @@ aws: - key_id: ENC[AES256_GCM,data:euyq+QtSXv1UR5eOJfvZARhm5L2AuzKIOk8=,iv:RseSyVArmrawNzlwjNh6FScJF2O+F4FBuIq47uMQQEA=,tag:bkZJeX3rUHb1yZu8dytgcg==,type:str] - key_secret: ENC[AES256_GCM,data:27BHAU5suCIiSKAf0+1yNa/VJ0umErb6Ry8HI+Zfv6LV+7eB+wk8H3kxdV4wmY2XayHsUrD4FZa30O0a9PdJgA==,iv:oI2X7PCXDZBkUOikHM8S7gHsnMtWp7jxBqdmfbUlrwU=,tag:9mZ3H2jobKqYmw6S4NNpjw==,type:str] - _r2_key_id: ENC[AES256_GCM,data:R0xwzUx+6l9SR3Fd93PfJw+WPV0ByzOKMxoJQtn4pEE=,iv:qHmr/HssM8U3znbGznSIOwkAhNaORkCkG9lqAmCKmfw=,tag:LhuiiKSq/VnNEulgrS71vg==,type:str] - _r2_key_secret: ENC[AES256_GCM,data:Dw5Gq1URjMpy9Bh1IBYf+/EnkvQA/4yAC4kdoACpCUuJQxdQphFKwWmxJX+Q/oztO1imWoGIxlZNNDr5QCqXaA==,iv:hGePo+Ffe48n1BXI1f2V12C9Gn1CC1nTwbSsfqUGQ3c=,tag:AIy/F3jPGz2WHge3Mk43Ag==,type:str] + key_id: ENC[AES256_GCM,data:9tWAMzUv4f6Ea27XsmYhO11NroYnLmED/FVrCCGO0Vc=,iv:YP1xRjVd1M1MB7IKVAw0Sdx0E4AokBrsaAcDLvTLHD4=,tag:SEmEr3NoZvch9LeaJHbCww==,type:str] + key_secret: ENC[AES256_GCM,data:AK+vER4T1p0AknKzsxZQJ0JTpfIstnnTWSAZ26zJSCwJYgRYwj8RF98CS7HM+KWvz5VNGENxhVdUnjlGkrTB4w==,iv:3o79gwp5b4KGsixW02qFWYFvpagY/hykbYJ/WNz6PB8=,tag:GW2T8ggKYHa1CQ6DRomJDQ==,type:str] _garage_key_id: ENC[AES256_GCM,data:2lLS1nBhrwBkJh/ei7FwBoR6jOI6KCJkvOs=,iv:jwB7ZEaKOPIwghcGRs3qaICypoHgSxkFBOyB6e5hpYI=,tag:Iqwv3j1R1uLLUDKLhN1Atg==,type:str] _garage_key_secret: ENC[AES256_GCM,data:5iwwMfojHrR79cOIY+9O2oVY8v1cbPcECMSOMhWuGAdc2lfCogKBwLM4TFwBH9X1Vx56QvUoxCQ2uSyfOMLR7A==,iv:Q523ttz6ijmv8/JlVZuldFR4IabEKiVN4sGmJ9xDJU0=,tag:ZZ4LRG4DXOC7LY8hEjXYHQ==,type:str] sops: @@ -29,8 +27,8 @@ sops: UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-16T16:45:13Z" - mac: ENC[AES256_GCM,data:DCx4uVuy53Gz9Ha2p/GjxTigKw/dJ0gvWIAII9AtKQCURu1OfiJ6Lp/ht6ndJwn25em11uppN371pQGxa8FRtLL+dX/YgoDmOw3Tgo3lc5VLBzalRqXHInOGHfgv9k1jHNq6zokKbBLDItBnUNOCvsLTXXenVRYdnkiuf3QPGhk=,iv:gBbbH/nJExK/dEXKHo+cCr+rxQ4uJQWweK0lYT7amsM=,tag:9GaCGFrcinqGfpibUNQ75w==,type:str] + lastmodified: "2025-02-27T02:50:27Z" + mac: ENC[AES256_GCM,data:FjlbCqqYHPn/FDPUR1flWgg6wwHhLJx1uKOedwkvsTxuPhlVJHghTHWYetdmplOQyEpOEbyv+iqKTGDYHzDdgU2jIZ0TKM66iHq+1yft4TatBu75/0N3I+SfZv97vKNehxN/zvIY3FQF4O8qVy9c1dZRmr7q27Wq2pdHSOe4Myg=,iv:YkUXcOwb6UZr0vXazbLrVeGTvBTtnwuEIY3O+GSrnNk=,tag:kQBh7urSnHoiV18TIGlPEg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4