diff --git a/flake.lock b/flake.lock index 953f2cb..9a6f958 100644 --- a/flake.lock +++ b/flake.lock @@ -213,11 +213,11 @@ ] }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -373,11 +373,11 @@ ] }, "locked": { - "lastModified": 1729104314, - "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", + "lastModified": 1730814269, + "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", + "rev": "d70155fdc00df4628446352fc58adc640cd705c2", "type": "github" }, "original": { @@ -490,11 +490,11 @@ ] }, "locked": { - "lastModified": 1730016908, - "narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=", + "lastModified": 1730837930, + "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", "owner": "nix-community", "repo": "home-manager", - "rev": "e83414058edd339148dc142a8437edb9450574c8", + "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", "type": "github" }, "original": { @@ -540,16 +540,16 @@ ] }, "locked": { - "lastModified": 1729544999, - "narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=", + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", "owner": "NuschtOS", "repo": "ixx", - "rev": "65c207c92befec93e22086da9456d3906a4e999c", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", "type": "github" }, "original": { "owner": "NuschtOS", - "ref": "v0.0.5", + "ref": "v0.0.6", "repo": "ixx", "type": "github" } @@ -585,11 +585,11 @@ ] }, "locked": { - "lastModified": 1729982130, - "narHash": "sha256-HmLLQbX07rYD0RXPxbf3kJtUo66XvEIX9Y+N5QHQ9aY=", + "lastModified": 1730779758, + "narHash": "sha256-5WI9AnsBwhLzVRnQm3Qn9oAbROnuLDQTpaXeyZCK8qw=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "2eb472230a5400c81d9008014888b4bff23bcf44", + "rev": "0e3f3f017c14467085f15d42343a3aaaacd89bcb", "type": "github" }, "original": { @@ -761,11 +761,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1730214386, - "narHash": "sha256-FNXiFunXR2DnNrjmA0ofLznTTHcEDJjNWvCQtQExtL0=", + "lastModified": 1731098432, + "narHash": "sha256-hly/Auyv2WUW0k8ST3BnDMkqvMrCWzgR47Ggw6/Ofm8=", "owner": "nix-community", "repo": "nixvim", - "rev": "7d882356a486cf44b7fab842ac26885ecd985af3", + "rev": "93ffac6346eab42a6fac879d2559f7e2698e4e61", "type": "github" }, "original": { @@ -800,11 +800,11 @@ ] }, "locked": { - "lastModified": 1730044642, - "narHash": "sha256-DbyV9l3hkrSWcN34S6d9M4kAFss0gEHGtjqqMdG9eAs=", + "lastModified": 1730760712, + "narHash": "sha256-F4H98tjNgySlSLItuOqHYo9LF85rFoS/Vr0uOrq7BM4=", "owner": "NuschtOS", "repo": "search", - "rev": "e373332c1f8237fc1263901745b0fe747228c8ba", + "rev": "aa5214c81b904a19f7a54f7a8f288f7902586eee", "type": "github" }, "original": { @@ -843,11 +843,11 @@ "nixvim": "nixvim" }, "locked": { - "lastModified": 1730803590, - "narHash": "sha256-tonhq6oZealRJTG4GkNgH/1JgfaXA1pfdl3mMrGH4/o=", + "lastModified": 1731149699, + "narHash": "sha256-9D7kVUjRCqEwa5scX2U2BO+vUh0CgdO+3pEdHv/aFYE=", "owner": "xunuwu", "repo": "nvim-nix", - "rev": "94c4aa56022ee2a27d473549347eba18aa518f1b", + "rev": "d2abdf874b3e4b583d1d605e961eabfd96f8598f", "type": "github" }, "original": { @@ -1113,11 +1113,11 @@ ] }, "locked": { - "lastModified": 1730025913, - "narHash": "sha256-Y9NtFmP8ciLyRsopcCx1tyoaaStKeq+EndwtGCgww7I=", + "lastModified": 1730321837, + "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "bae131e525cc8718da22fbeb8d8c7c43c4ea502a", + "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", "type": "github" }, "original": { diff --git a/home/profiles/default.nix b/home/profiles/default.nix index 885a835..534cc0d 100644 --- a/home/profiles/default.nix +++ b/home/profiles/default.nix @@ -11,14 +11,7 @@ ../. ./kidney # inputs.nix-index-database.hmModules.nix-index - { - programs.nix-index = { - enableBashIntegration = false; - enableFishIntegration = false; - enableZshIntegration = false; - }; - home.stateVersion = "24.05"; - } + {home.stateVersion = "24.05";} ]; "xun@nixdesk" = [ ../. diff --git a/hosts/machines/default.nix b/hosts/machines/default.nix index 930f315..dc506a4 100644 --- a/hosts/machines/default.nix +++ b/hosts/machines/default.nix @@ -69,7 +69,12 @@ in { secrets.default secrets.nixdesk.default - core.default + core.security + core.users + core.ssh + core.locale + nix.default + programs.zsh core.tools core.compat core.boot @@ -142,14 +147,22 @@ in { secrets.default secrets.hopper.default - core.default + core.security + core.locale core.tools + core.ssh + nix.default # TODO slim this down + network.tailscale network.avahi network.networkd - network.tailscale - services.syncthing + + #network.avahi + #network.networkd + #network.tailscale + + #services.syncthing ]) ]; }; diff --git a/hosts/machines/hopper/default.nix b/hosts/machines/hopper/default.nix index 217c5b7..623c278 100644 --- a/hosts/machines/hopper/default.nix +++ b/hosts/machines/hopper/default.nix @@ -5,9 +5,10 @@ inputs.vpn-confinement.nixosModules.default ./hardware.nix - ./brawlstats.nix - ./lab.nix - ./hardening.nix + ./newlab.nix + # ./brawlstats.nix + # ./lab.nix + # ./hardening.nix ]; networking.hostName = "hopper"; diff --git a/hosts/machines/hopper/newlab.nix b/hosts/machines/hopper/newlab.nix new file mode 100644 index 0000000..3cfcbd6 --- /dev/null +++ b/hosts/machines/hopper/newlab.nix @@ -0,0 +1,457 @@ +## TODO look into sops-nix placeholders +## reference: https://github.com/javigomezo/nixos/blob/b3ebe8d570ea9b37aea8bb3a343f6e16e054e322/services/network/authelia/user_database.nix +{ + pkgs, + inputs, + config, + lib, + ... +}: let + l = lib // builtins; + domain = "xunuwu.xyz"; + caddyPort = 8336; + slskdUiPort = 23488; + caddyLocal = 8562; + ncPort = 46523; + # kanidmPort = 8300; +in { + ## TODO use impermanence + ## TODO setup fail2ban mayb + + security.acme = { + acceptTerms = true; + defaults.email = "xunuwu@gmail.com"; + certs = { + ${domain} = { + domain = "*.${domain}"; + dnsProvider = "cloudflare"; + reloadServices = ["caddy.service"]; + credentialFiles.CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path; + extraDomainNames = [domain]; + }; + }; + }; + + vpnNamespaces."wg" = { + enable = true; + wireguardConfigFile = config.sops.secrets.wireguard.path; + accessibleFrom = [ + "192.168.0.0/24" + ]; + + # Forwarded to my vpn, for making things accessible from outside + openVPNPorts = [ + { + port = caddyPort; + protocol = "tcp"; + } + { + port = config.services.slskd.settings.soulseek.listen_port; + protocol = "both"; # TODO figure out which one its actually using lol + } + { + port = config.services.transmission.settings.peer-port; + protocol = "both"; # TODO figure out which one its actually using lol + } + ]; + + # From inside of the vpn namespace to outside of it, for making things inside accessible to LAN + portMappings = let + passthrough = [ + caddyPort + slskdUiPort + 1900 # jellyfin discovery + 7359 # jellyfin discovery + config.services.transmission.settings.rpc-port + 80 # homepage + ]; + in + (l.map (x: { + from = x; + to = x; + }) + passthrough) + ++ [ + ]; + }; + + networking.firewall = { + allowedUDPPorts = [1900 7359]; # Jellyfin auto-discovery + allowedTCPPorts = [ + # caddy lan ports + 80 + 443 + 2345 + ]; + }; + + systemd.services.caddy.vpnConfinement = { + enable = true; + vpnNamespace = "wg"; + }; + + services.caddy = { + enable = true; + virtualHosts = builtins.mapAttrs (n: v: + { + useACMEHost = domain; + hostName = "${n}.${domain}:${toString caddyPort}"; + } + // v) { + jellyfin.extraConfig = "reverse_proxy localhost:8096"; # TODO setup proper auth + # kanidm.extraConfig = "reverse_proxy localhost:${toString kanidmPort}"; + slskd = { + useACMEHost = null; + hostName = ":${toString slskdUiPort}"; + extraConfig = '' + reverse_proxy localhost:${toString config.services.slskd.settings.web.port} + ''; + }; + dash = { + useACMEHost = null; + hostName = ":80"; + extraConfig = "reverse_proxy localhost:${toString config.services.homepage-dashboard.listenPort}"; + }; + # nextcloud.extraConfig = "reverse_proxy localhost:${toString ncPort}"; + other = { + hostName = ":${toString caddyPort}"; + extraConfig = '' + respond 404 { + body "uhh that doesnt exist, i hope this isnt my fault.." + } + ''; + }; + }; + }; + + # needed for deploying secrets + users.users.lldap = { + group = "lldap"; + isSystemUser = true; + }; + users.groups.lldap = {}; + + services.lldap = { + enable = true; + environment = { + LLDAP_JWT_SECRET_FILE = config.sops.secrets."lldap/jwt".path; + LLDAP_LDAP_USER_PASS_FILE = config.sops.secrets."lldap/password".path; + }; + settings = { + ldap_base_dn = "dc=xunuwu,dc=xyz"; + }; + }; + + # services.nextcloud = { + # enable = true; + # appstoreEnable = true; + # autoUpdateApps.enable = true; + # https = true; + # hostName = "localhost"; + # package = pkgs.nextcloud30; + # database.createLocally = true; + # configureRedis = true; + # extraAppsEnable = true; + # extraApps = { + # inherit (config.services.nextcloud.package.packages.apps) calendar; + # }; + # + # config = { + # adminuser = "admin"; + # adminpassFile = config.sops.secrets."nextcloud/admin_pass".path; + # dbtype = "pgsql"; + # # commented so we just use the default sqlite + # # dbhost = "/run/postgresql"; + # # dbtype = "pgsql"; + # }; + # settings = { + # default_phone_region = "SE"; + # trusted_domains = ["127.0.0.1" "nextcloud.${domain}"]; + # }; + # }; + + # systemd.services.nginx.vpnConfinement = { + # enable = true; + # vpnNamespace = "wg"; + # }; + # + # services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [ + # { + # addr = "127.0.0.1"; + # port = ncPort; # NOT an exposed port + # } + # ]; + + # systemd.services.phpfpm-nextcloud.vpnConfinement = { + # enable = true; + # vpnNamespace = "wg"; + # }; + # + # systemd.services.nextcloud-setup = { + # requires = ["postgresql.service"]; + # after = ["postgresql.service"]; + # }; + + systemd.services.homepage-dashboard.vpnConfinement = { + enable = true; + vpnNamespace = "wg"; + }; + + services.homepage-dashboard = { + enable = true; + widgets = [ + { + resources = { + cpu = true; + disk = "/"; + memory = true; + }; + } + ]; + services = [ + { + "Obtaining" = [ + { + "transmission" = { + href = "http://hopper:9091"; + icon = "transmission"; + }; + } + { + "slskd" = { + href = "http://hopper:23488"; + icon = "slskd"; + }; + } + ]; + } + { + "Services" = [ + { + "jellyfin" = { + href = "https://jellyfin.xunuwu.xyz"; + icon = "jellyfin"; + }; + } + # { + # "nextcloud" = { + # href = "https://nextcloud.xunuwu.xyz"; + # icon = "nextcloud"; + # }; + # } + ]; + } + ]; + }; + + systemd.services.jellyfin.vpnConfinement = { + enable = true; + vpnNamespace = "wg"; + }; + + services.jellyfin = { + enable = true; + }; + + services.prometheus = { + enable = true; + port = 9001; + extraFlags = ["--storage.tsdb.retention.time=30d"]; + scrapeConfigs = [ + { + job_name = config.networking.hostName; + static_configs = [ + { + targets = [ + "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" + # "127.0.0.1:${toString config.services.prometheus.exporters.nextcloud.port}" + ]; + } + ]; + } + ]; + }; + + services.prometheus.exporters = { + node = { + enable = true; + enabledCollectors = ["systemd"]; + }; + # nextcloud = { + # enable = true; + # tokenFile = config.sops.secrets."prometheus/nextcloud".path; + # url = "https://nextcloud.${domain}"; + # }; + }; + + systemd.services.slskd.vpnConfinement = { + enable = true; + vpnNamespace = "wg"; + }; + + services.slskd = { + enable = true; + environmentFile = config.sops.secrets.slskd.path; + domain = null; # why isnt this the default? + settings = { + shares.directories = ["/media/library/music"]; + soulseek = { + listen_port = 14794; + description = ""; + }; + global = { + upload = { + slots = 50; + speed_limit = 10000; + }; + download.speed_limit = 10000; + }; + }; + }; + + systemd.services.transmission.vpnConfinement = { + enable = true; + vpnNamespace = "wg"; + }; + + services.transmission = { + enable = true; + performanceNetParameters = true; + settings = let + mbit = 125; + in { + speed-limit-up-enabled = true; + speed-limit-up = 100 * mbit; + speed-limit-down-enabled = true; + speed-limit-down = 150 * mbit; + rpc-authentication-required = true; + peer-port = 11936; + rpc-bind-address = "0.0.0.0"; + rpc-whitelist = "127.0.0.1,192.168.\*.\*"; + }; + credentialsFile = config.sops.secrets.transmission.path; + }; + + # only used for samba + users.groups.xun = {}; + users.users.xun = { + isSystemUser = true; + group = "xun"; + extraGroups = ["transmission" "vault"]; + }; + + users.groups.vault = {}; + systemd.tmpfiles.rules = [ + "d /srv/vault 0770 root vault -" + ]; + services.samba = { + enable = true; + openFirewall = true; + settings = { + global = { + "log level" = 6; + "log file" = "/var/log/samba/samba.log"; + "server string" = config.networking.hostName; + "hosts allow" = "192.168.50.0/24"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + transmission = { + path = "/var/lib/transmission/Downloads"; + browseable = "yes"; + "read only" = "yes"; + "guest ok" = "no"; + "create mask" = "0664"; + "directory mask" = "0775"; + }; + vault = { + path = "/srv/vault"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0660"; + "directory mask" = "0770"; + }; + }; + }; + + # TODO use this for sso with some things maybe + # services.tailscaleAuth = { + # enable = true; + # user = config.services.caddy.user; + # group = config.services.caddy.group; + # }; + + # systemd.services.kanidm = { + # vpnConfinement = { + # enable = true; + # vpnNamespace = "wg"; + # }; + # serviceConfig = { + # RestartSec = "60"; + # SupplementaryGroups = [config.security.acme.certs.${domain}.group]; + # PrivateNetwork = l.mkOverride 40 false; + # ProtectControlGroups = l.mkForce false; + # RestrictNamespaces = l.mkForce false; + # LockPersonality = l.mkForce false; + # CapabilityBoundingSet = l.mkForce []; + # # TemporaryFileSystem = l.mkForce []; + # }; + # }; + # + # services.kanidm = { + # package = pkgs.kanidm.override {enableSecretProvisioning = true;}; + # + # enableServer = true; + # serverSettings = let + # subdomain = "kanidm"; + # kdomain = "${subdomain}.${domain}"; + # certDir = config.security.acme.certs.${domain}.directory; + # in { + # domain = kdomain; + # origin = "https://${kdomain}"; + # bindaddress = "0.0.0.0:${toString kanidmPort}"; + # # ldapbindaddress = "[::1]:636"; + # trust_x_forward_for = true; + # tls_chain = "${certDir}/fullchain.pem"; + # tls_key = "${certDir}/key.pem"; + # ## TODO online_backup mayb + # }; + # + # provision = { + # enable = true; + # + # adminPasswordFile = config.sops.secrets."kanidm/admin_pass".path; + # idmAdminPasswordFile = config.sops.secrets."kanidm/idm_admin_pass".path; + # + # persons = let + # mainUser = "xun"; + # mail = "xunuwu@gmail.com"; + # in { + # ${mainUser} = { + # displayName = mainUser; + # legalName = mainUser; + # mailAddresses = [mail]; + # groups = [ + # "slskd.access" + # "slskd.admins" + # ]; + # }; + # }; + # + # groups = { + # "slskd.access" = {}; + # "slskd.admins" = {}; + # }; + # + # # systems.oath2 = { + # # slskd = { + # # displayName = "slskd"; + # # originUrl = "https://"; + # # }; + # # }; + # }; + # }; + ## TODO: add forgejo +} diff --git a/systemProfiles/core/locale.nix b/systemProfiles/core/locale.nix index 694afed..4111e49 100644 --- a/systemProfiles/core/locale.nix +++ b/systemProfiles/core/locale.nix @@ -1,4 +1,4 @@ -{...}: {lib, ...}: { +_: {lib, ...}: { i18n = { defaultLocale = "en_US.UTF-8"; supportedLocales = [ diff --git a/systemProfiles/core/users.nix b/systemProfiles/core/users.nix index d4e87db..e481841 100644 --- a/systemProfiles/core/users.nix +++ b/systemProfiles/core/users.nix @@ -1,4 +1,4 @@ -{...}: {pkgs, ...}: { +_: {pkgs, ...}: { users.users.xun = { isNormalUser = true; initialPassword = "nixos"; diff --git a/systemProfiles/secrets/hopper/default.nix b/systemProfiles/secrets/hopper/default.nix index 03f5c50..928ecb1 100644 --- a/systemProfiles/secrets/hopper/default.nix +++ b/systemProfiles/secrets/hopper/default.nix @@ -1,6 +1,6 @@ ## TODO use defaultSopsFile mayb _: {config, ...}: let - autheliaUser = config.services.authelia.instances.main.user; + # autheliaUser = config.services.authelia.instances.main.user; in { sops.secrets = { wireguard = { @@ -19,7 +19,7 @@ in { slskd = { format = "binary"; sopsFile = ./slskd; - restartUnits = ["podman-slskd.service"]; + # restartUnits = ["podman-slskd.service"]; }; cloudflare = { format = "binary"; @@ -36,48 +36,51 @@ in { restartUnits = ["podman-betanin.service"]; }; - # lldap_jwt_secret = { - # sopsFile = ./lldap.yaml; - # key = "jwt_secret"; - # owner = "lldap"; - # }; - # - # lldap_user_password = { - # sopsFile = ./lldap.yaml; - # key = "user_password"; - # owner = "lldap"; - # }; + transmission = { + format = "binary"; + sopsFile = ./transmission; + }; + + "lldap/jwt" = { + sopsFile = ./lldap.yaml; + owner = "lldap"; + }; + + "lldap/password" = { + sopsFile = ./lldap.yaml; + owner = "lldap"; + }; # authelia authelia_lldap_password = { format = "yaml"; sopsFile = ./authelia.yaml; key = "lldap_password"; - owner = autheliaUser; + # owner = autheliaUser; }; authelia_jwt_secret = { format = "yaml"; sopsFile = ./authelia.yaml; key = "jwt_secret"; - owner = autheliaUser; + # owner = autheliaUser; }; authelia_session_secret = { format = "yaml"; sopsFile = ./authelia.yaml; key = "session_secret"; - owner = autheliaUser; + #owner = autheliaUser; }; authelia_encryption_key = { format = "yaml"; sopsFile = ./authelia.yaml; key = "encryption_key"; - owner = autheliaUser; + #owner = autheliaUser; }; authelia_storage_password = { format = "yaml"; sopsFile = ./authelia.yaml; key = "storage_password"; - owner = autheliaUser; + #owner = autheliaUser; }; brawlstars-api-key = { diff --git a/systemProfiles/secrets/hopper/lldap.yaml b/systemProfiles/secrets/hopper/lldap.yaml index 1290c9a..41adb8b 100644 --- a/systemProfiles/secrets/hopper/lldap.yaml +++ b/systemProfiles/secrets/hopper/lldap.yaml @@ -1,5 +1,6 @@ -jwt_secret: ENC[AES256_GCM,data:C5TnV7d/qdgiX+J/K7vsKXuZ6atsrEwwbr189c7kURHH5bK3xW0BBw3p+MGS6RAQBK9+SN7t5k4uWlEm9Ekm5wDbgt10/WXerC1ZNacxbcSlB7i+w/Fne+g2d6vg7SwC7wpgH0nBmWSAnCmOdDlXOO6NYQ1zL8apCN99Z2M4SVQ=,iv:DzkZjX8+stqZxzNjcgl+uWR142bAdfeQd3RyByHzOE4=,tag:7tbciVbRuLRt8/1q2NRlAw==,type:str] -user_password: ENC[AES256_GCM,data:IuBlcthybynSI4AJpJ7nZFOgzbH5v4ucKxEO7fe65M1hak33gX7uQSFMRcj9gJAh/E8h87VudQkpxWC6+RKW/w==,iv:WJrvL2RhmoWCaqAjK7nn98Js/TXOL/3oeVADoOt9Vr8=,tag:JcQeKs0O+exoWCG5m/EFtQ==,type:str] +lldap: + jwt: ENC[AES256_GCM,data:/s7dTCwufcURfCEm7dUyo8sstQjN/0592xkw4I/Qt35xYXPEWL6RSuYe2epJ8SRDTH6JZtak0YvSnsE02Edauy9dPmP8CA/Sl3YzQsoMe5LfGrpcP4a5CdlInXKuUUFmecaAO5vufCPaLliATsWDzPo6AY8D21leqdxY8QRa9oE=,iv:Tq9v4sQyzw3leMGD9syL9/Jdoxu/66c3SHRD583uqzc=,tag:miGWl1G57gWWjNRbEcVfAw==,type:str] + password: ENC[AES256_GCM,data:Y4TCgSOl+LiOHSzLseX8HeuyreOwGfa9LWrTcf3CGbr70RKgef5si+A3qi4vTJa9Ft/+smHoLd9eCH2Ti9kR1w==,iv:934juRr049XQEz4UG41ZNHyvq7qTyTzTiKRm+bbxkv0=,tag:NCnB0FMOOama8dm7wEv3AQ==,type:str] sops: kms: [] gcp_kms: [] @@ -24,8 +25,8 @@ sops: WFgzK1BpVks3YmcxT3gxYzl3eHpySFEKJwsayqczYl2bFViRTWlP1p2OomPA1NnE EKU51AINXIYfnNaXzMKWEj52yoVLvtKiA/rdJeVVOOopwD+qa/lRkw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-01T04:00:12Z" - mac: ENC[AES256_GCM,data:9mu/knvioQT4y7WGdRjDvfeZxYgNb3TnNnDWOIALN6sqNhs8cI8Q+ussNny9zTygRN/LsS4cvhGypqxZ48CT4YyIKxJ2Xuf32Ho+ojh65a4Kabe3CjklLaAnj//MXnvpUtEXFGKlTiyKi/JxHaQLOaeZBeMv1yfYKuo0hjdzlho=,iv:KR2UMbNmsyxa8TEv6lwTJlqc3Qe81DaTTVtzSZRZyik=,tag:B3Hvr1RRGDrxROylhUuFxg==,type:str] + lastmodified: "2024-11-08T18:13:26Z" + mac: ENC[AES256_GCM,data:XArGpA+g2rBudPew1FlVbe+u3hfrqfsTpCb+u6a5MDp3+ro6EUXytnuUJRS3PpsmfJ6PfzmM4q2QHa5qjTnqt3G4DXtenrb2zVixiSykE4qBwr2Jj07aDqG0/8fDQskAkP868EhTjJ+/3KQ3MyNLoaoWEISGN8ryLjM/ASHxD5s=,iv:LrqLod4yS3H1QYRozZv+sEKzigtaMGnLb1UfWdvoSEs=,tag:HoxUl6oOOjKRpyPt86CGxA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.9.1 diff --git a/systemProfiles/secrets/hopper/transmission b/systemProfiles/secrets/hopper/transmission new file mode 100644 index 0000000..d015b13 --- /dev/null +++ b/systemProfiles/secrets/hopper/transmission @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:r/cojq4Krb+3JeDL+5P5wUlpehJHCRYR2fUAnGJoGSFMi2jMxQ4/rasSqZJlNxisReusu2cECUZT3LpjzUFZONsHQtHs0iC+xWMVZasJwxnWu62vLxQoJhTb/2EvnTKpV47WhAJeiaeVbFURKVCST6Z6xET/0kFxFB92iVFLIFWMfByMBMq34+xW41+fboOLA5vsWyNTcIQC2fVKc7wyi8Iq0ge+yAONm3QA2Qd24psuC5Dv,iv:sLLbYhE6tshYZo2HWGzNNmcDxb0ziPsDg+lsX6G92Ds=,tag:VRslfMCy1/GNGJ3vG9d+aQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJNVpReEZBb0tsT0QyczBv\nTVVTcEdaN0hoTUY5ZWhEU2NWcjlEa0VsOUdVClFONjhncXduNEdaWlBFTUF4TUFU\nWVJmQTN5dmV2dGJkenZVaXMrbWxuZW8KLS0tIGEveFBPc0hrS3FvVFdTZGQ2TW1r\nS3NWNTBFbGtJYlpnTUNUN1IrMTZKd3MKBtEbUpRAfnbyyXXOLDIvEd7aQaKKWvqh\n8z/s5a/yWGdh4VB90FRZol8Te0Ahu3hYBWiaUWE8dELeAb0Joakm0A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5dGh1VmFjM0FqRlEzMUoy\nblVscWNHQWkzTmVDV2hEaU9NNGtIOE5CbkRJCjcvTXdIaElqMmNrY2Q0RThUNWZr\ndDJvZzVVU01mUGJoR004MnRmZ2ZHKzgKLS0tIHUxSHJLc3RBWXdBT2pXU0lNZjVS\nSDdMeVppSkR5UXYyY0pUMVFjbllvVncKAp62v5o/vMgrbygJ1+5QWriRNbrdel5x\nPJAikvtzttEotMSVBww1Qj9T9H+NxfywqMT3PleZLeixz0eSr8vBAw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-11-08T12:20:18Z", + "mac": "ENC[AES256_GCM,data:yjPmnEZOLT63kPaf8I634/QNHIoz76/KbrcbqlbxhageGf49vHSmoQabA+nZ+X0e4QKYJamP2w03SHaTkBiAWPibmy4DxIxaZONGDNZyB0kXwgQHVMJS4ioYitPlzkOxuuNA0YywJ0zfQr2UL7f8Pnjv5Ce9fJX1ywfNGZ2SJXg=,iv:Pew7Icme84LO5cwtVkUJ4wVF0mwJiNrlT6ulKHCb8/o=,tag:/98B67+gAEMM/BKWLULPfQ==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file