xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

port hopper back (partially)

Browse source
This commit is contained in:
xunuwu 2024-11-10 13:47:58 +01:00
parent 1352f012bb
commit 9e955a6386
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
10 changed files with 560 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

56
flake.lock generated
View file

@ -213,11 +213,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727826117, "lastModified": 1730504689,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -373,11 +373,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729104314, "lastModified": 1730814269,
"narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", "rev": "d70155fdc00df4628446352fc58adc640cd705c2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -490,11 +490,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730016908, "lastModified": 1730837930,
"narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=", "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e83414058edd339148dc142a8437edb9450574c8", "rev": "2f607e07f3ac7e53541120536708e824acccfaa8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -540,16 +540,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729544999, "lastModified": 1729958008,
"narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=", "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "ixx", "repo": "ixx",
"rev": "65c207c92befec93e22086da9456d3906a4e999c", "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NuschtOS", "owner": "NuschtOS",
"ref": "v0.0.5", "ref": "v0.0.6",
"repo": "ixx", "repo": "ixx",
"type": "github" "type": "github"
} }
@ -585,11 +585,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729982130, "lastModified": 1730779758,
"narHash": "sha256-HmLLQbX07rYD0RXPxbf3kJtUo66XvEIX9Y+N5QHQ9aY=", "narHash": "sha256-5WI9AnsBwhLzVRnQm3Qn9oAbROnuLDQTpaXeyZCK8qw=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "2eb472230a5400c81d9008014888b4bff23bcf44", "rev": "0e3f3f017c14467085f15d42343a3aaaacd89bcb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -761,11 +761,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1730214386, "lastModified": 1731098432,
"narHash": "sha256-FNXiFunXR2DnNrjmA0ofLznTTHcEDJjNWvCQtQExtL0=", "narHash": "sha256-hly/Auyv2WUW0k8ST3BnDMkqvMrCWzgR47Ggw6/Ofm8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "7d882356a486cf44b7fab842ac26885ecd985af3", "rev": "93ffac6346eab42a6fac879d2559f7e2698e4e61",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -800,11 +800,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730044642, "lastModified": 1730760712,
"narHash": "sha256-DbyV9l3hkrSWcN34S6d9M4kAFss0gEHGtjqqMdG9eAs=", "narHash": "sha256-F4H98tjNgySlSLItuOqHYo9LF85rFoS/Vr0uOrq7BM4=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "search", "repo": "search",
"rev": "e373332c1f8237fc1263901745b0fe747228c8ba", "rev": "aa5214c81b904a19f7a54f7a8f288f7902586eee",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -843,11 +843,11 @@
"nixvim": "nixvim" "nixvim": "nixvim"
}, },
"locked": { "locked": {
"lastModified": 1730803590, "lastModified": 1731149699,
"narHash": "sha256-tonhq6oZealRJTG4GkNgH/1JgfaXA1pfdl3mMrGH4/o=", "narHash": "sha256-9D7kVUjRCqEwa5scX2U2BO+vUh0CgdO+3pEdHv/aFYE=",
"owner": "xunuwu", "owner": "xunuwu",
"repo": "nvim-nix", "repo": "nvim-nix",
"rev": "94c4aa56022ee2a27d473549347eba18aa518f1b", "rev": "d2abdf874b3e4b583d1d605e961eabfd96f8598f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1113,11 +1113,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730025913, "lastModified": 1730321837,
"narHash": "sha256-Y9NtFmP8ciLyRsopcCx1tyoaaStKeq+EndwtGCgww7I=", "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "bae131e525cc8718da22fbeb8d8c7c43c4ea502a", "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc",
"type": "github" "type": "github"
}, },
"original": { "original": {

9
home/profiles/default.nix
View file

@ -11,14 +11,7 @@
../. ../.
./kidney ./kidney
# inputs.nix-index-database.hmModules.nix-index # inputs.nix-index-database.hmModules.nix-index
{ {home.stateVersion = "24.05";}
programs.nix-index = {
enableBashIntegration = false;
enableFishIntegration = false;
enableZshIntegration = false;
};
home.stateVersion = "24.05";
}
]; ];
"xun@nixdesk" = [ "xun@nixdesk" = [
../. ../.

21
hosts/machines/default.nix
View file

@ -69,7 +69,12 @@ in {
secrets.default secrets.default
secrets.nixdesk.default secrets.nixdesk.default
core.default core.security
core.users
core.ssh
core.locale
nix.default
programs.zsh
core.tools core.tools
core.compat core.compat
core.boot core.boot
@ -142,14 +147,22 @@ in {
secrets.default secrets.default
secrets.hopper.default secrets.hopper.default
core.default core.security
core.locale
core.tools core.tools
core.ssh
nix.default # TODO slim this down
network.tailscale
network.avahi network.avahi
network.networkd network.networkd
network.tailscale
services.syncthing services.syncthing
#network.avahi
#network.networkd
#network.tailscale
#services.syncthing
]) ])
]; ];
}; };

7
hosts/machines/hopper/default.nix
View file

@ -5,9 +5,10 @@
inputs.vpn-confinement.nixosModules.default inputs.vpn-confinement.nixosModules.default
./hardware.nix ./hardware.nix
./brawlstats.nix ./newlab.nix
./lab.nix # ./brawlstats.nix
./hardening.nix # ./lab.nix
# ./hardening.nix
]; ];
networking.hostName = "hopper"; networking.hostName = "hopper";

457
hosts/machines/hopper/newlab.nix Normal file
View file

@ -0,0 +1,457 @@
## TODO look into sops-nix placeholders
## reference: https://github.com/javigomezo/nixos/blob/b3ebe8d570ea9b37aea8bb3a343f6e16e054e322/services/network/authelia/user_database.nix
{
pkgs,
inputs,
config,
lib,
...
}: let
l = lib // builtins;
domain = "xunuwu.xyz";
caddyPort = 8336;
slskdUiPort = 23488;
caddyLocal = 8562;
ncPort = 46523;
# kanidmPort = 8300;
in {
## TODO use impermanence
## TODO setup fail2ban mayb
security.acme = {
acceptTerms = true;
defaults.email = "xunuwu@gmail.com";
certs = {
${domain} = {
domain = "*.${domain}";
dnsProvider = "cloudflare";
reloadServices = ["caddy.service"];
credentialFiles.CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path;
extraDomainNames = [domain];
};
};
};
vpnNamespaces."wg" = {
enable = true;
wireguardConfigFile = config.sops.secrets.wireguard.path;
accessibleFrom = [
"192.168.0.0/24"
];
# Forwarded to my vpn, for making things accessible from outside
openVPNPorts = [
{
port = caddyPort;
protocol = "tcp";
}
{
port = config.services.slskd.settings.soulseek.listen_port;
protocol = "both"; # TODO figure out which one its actually using lol
}
{
port = config.services.transmission.settings.peer-port;
protocol = "both"; # TODO figure out which one its actually using lol
}
];
# From inside of the vpn namespace to outside of it, for making things inside accessible to LAN
portMappings = let
passthrough = [
caddyPort
slskdUiPort
1900 # jellyfin discovery
7359 # jellyfin discovery
config.services.transmission.settings.rpc-port
80 # homepage
];
in
(l.map (x: {
from = x;
to = x;
})
passthrough)
++ [
];
};
networking.firewall = {
allowedUDPPorts = [1900 7359]; # Jellyfin auto-discovery
allowedTCPPorts = [
# caddy lan ports
80
443
2345
];
};
systemd.services.caddy.vpnConfinement = {
enable = true;
vpnNamespace = "wg";
};
services.caddy = {
enable = true;
virtualHosts = builtins.mapAttrs (n: v:
{
useACMEHost = domain;
hostName = "${n}.${domain}:${toString caddyPort}";
}
// v) {
jellyfin.extraConfig = "reverse_proxy localhost:8096"; # TODO setup proper auth
# kanidm.extraConfig = "reverse_proxy localhost:${toString kanidmPort}";
slskd = {
useACMEHost = null;
hostName = ":${toString slskdUiPort}";
extraConfig = ''
reverse_proxy localhost:${toString config.services.slskd.settings.web.port}
'';
};
dash = {
useACMEHost = null;
hostName = ":80";
extraConfig = "reverse_proxy localhost:${toString config.services.homepage-dashboard.listenPort}";
};
# nextcloud.extraConfig = "reverse_proxy localhost:${toString ncPort}";
other = {
hostName = ":${toString caddyPort}";
extraConfig = ''
respond 404 {
body "uhh that doesnt exist, i hope this isnt my fault.."
}
'';
};
};
};
# needed for deploying secrets
users.users.lldap = {
group = "lldap";
isSystemUser = true;
};
users.groups.lldap = {};
services.lldap = {
enable = true;
environment = {
LLDAP_JWT_SECRET_FILE = config.sops.secrets."lldap/jwt".path;
LLDAP_LDAP_USER_PASS_FILE = config.sops.secrets."lldap/password".path;
};
settings = {
ldap_base_dn = "dc=xunuwu,dc=xyz";
};
};
# services.nextcloud = {
# enable = true;
# appstoreEnable = true;
# autoUpdateApps.enable = true;
# https = true;
# hostName = "localhost";
# package = pkgs.nextcloud30;
# database.createLocally = true;
# configureRedis = true;
# extraAppsEnable = true;
# extraApps = {
# inherit (config.services.nextcloud.package.packages.apps) calendar;
# };
#
# config = {
# adminuser = "admin";
# adminpassFile = config.sops.secrets."nextcloud/admin_pass".path;
# dbtype = "pgsql";
# # commented so we just use the default sqlite
# # dbhost = "/run/postgresql";
# # dbtype = "pgsql";
# };
# settings = {
# default_phone_region = "SE";
# trusted_domains = ["127.0.0.1" "nextcloud.${domain}"];
# };
# };
# systemd.services.nginx.vpnConfinement = {
# enable = true;
# vpnNamespace = "wg";
# };
#
# services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [
# {
# addr = "127.0.0.1";
# port = ncPort; # NOT an exposed port
# }
# ];
# systemd.services.phpfpm-nextcloud.vpnConfinement = {
# enable = true;
# vpnNamespace = "wg";
# };
#
# systemd.services.nextcloud-setup = {
# requires = ["postgresql.service"];
# after = ["postgresql.service"];
# };
systemd.services.homepage-dashboard.vpnConfinement = {
enable = true;
vpnNamespace = "wg";
};
services.homepage-dashboard = {
enable = true;
widgets = [
{
resources = {
cpu = true;
disk = "/";
memory = true;
};
}
];
services = [
{
"Obtaining" = [
{
"transmission" = {
href = "http://hopper:9091";
icon = "transmission";
};
}
{
"slskd" = {
href = "http://hopper:23488";
icon = "slskd";
};
}
];
}
{
"Services" = [
{
"jellyfin" = {
href = "https://jellyfin.xunuwu.xyz";
icon = "jellyfin";
};
}
# {
# "nextcloud" = {
# href = "https://nextcloud.xunuwu.xyz";
# icon = "nextcloud";
# };
# }
];
}
];
};
systemd.services.jellyfin.vpnConfinement = {
enable = true;
vpnNamespace = "wg";
};
services.jellyfin = {
enable = true;
};
services.prometheus = {
enable = true;
port = 9001;
extraFlags = ["--storage.tsdb.retention.time=30d"];
scrapeConfigs = [
{
job_name = config.networking.hostName;
static_configs = [
{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
# "127.0.0.1:${toString config.services.prometheus.exporters.nextcloud.port}"
];
}
];
}
];
};
services.prometheus.exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
};
# nextcloud = {
# enable = true;
# tokenFile = config.sops.secrets."prometheus/nextcloud".path;
# url = "https://nextcloud.${domain}";
# };
};
systemd.services.slskd.vpnConfinement = {
enable = true;
vpnNamespace = "wg";
};
services.slskd = {
enable = true;
environmentFile = config.sops.secrets.slskd.path;
domain = null; # why isnt this the default?
settings = {
shares.directories = ["/media/library/music"];
soulseek = {
listen_port = 14794;
description = "";
};
global = {
upload = {
slots = 50;
speed_limit = 10000;
};
download.speed_limit = 10000;
};
};
};
systemd.services.transmission.vpnConfinement = {
enable = true;
vpnNamespace = "wg";
};
services.transmission = {
enable = true;
performanceNetParameters = true;
settings = let
mbit = 125;
in {
speed-limit-up-enabled = true;
speed-limit-up = 100 * mbit;
speed-limit-down-enabled = true;
speed-limit-down = 150 * mbit;
rpc-authentication-required = true;
peer-port = 11936;
rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,192.168.\*.\*";
};
credentialsFile = config.sops.secrets.transmission.path;
};
# only used for samba
users.groups.xun = {};
users.users.xun = {
isSystemUser = true;
group = "xun";
extraGroups = ["transmission" "vault"];
};
users.groups.vault = {};
systemd.tmpfiles.rules = [
"d /srv/vault 0770 root vault -"
];
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"log level" = 6;
"log file" = "/var/log/samba/samba.log";
"server string" = config.networking.hostName;
"hosts allow" = "192.168.50.0/24";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
};
transmission = {
path = "/var/lib/transmission/Downloads";
browseable = "yes";
"read only" = "yes";
"guest ok" = "no";
"create mask" = "0664";
"directory mask" = "0775";
};
vault = {
path = "/srv/vault";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0660";
"directory mask" = "0770";
};
};
};
# TODO use this for sso with some things maybe
# services.tailscaleAuth = {
# enable = true;
# user = config.services.caddy.user;
# group = config.services.caddy.group;
# };
# systemd.services.kanidm = {
# vpnConfinement = {
# enable = true;
# vpnNamespace = "wg";
# };
# serviceConfig = {
# RestartSec = "60";
# SupplementaryGroups = [config.security.acme.certs.${domain}.group];
# PrivateNetwork = l.mkOverride 40 false;
# ProtectControlGroups = l.mkForce false;
# RestrictNamespaces = l.mkForce false;
# LockPersonality = l.mkForce false;
# CapabilityBoundingSet = l.mkForce [];
# # TemporaryFileSystem = l.mkForce [];
# };
# };
#
# services.kanidm = {
# package = pkgs.kanidm.override {enableSecretProvisioning = true;};
#
# enableServer = true;
# serverSettings = let
# subdomain = "kanidm";
# kdomain = "${subdomain}.${domain}";
# certDir = config.security.acme.certs.${domain}.directory;
# in {
# domain = kdomain;
# origin = "https://${kdomain}";
# bindaddress = "0.0.0.0:${toString kanidmPort}";
# # ldapbindaddress = "[::1]:636";
# trust_x_forward_for = true;
# tls_chain = "${certDir}/fullchain.pem";
# tls_key = "${certDir}/key.pem";
# ## TODO online_backup mayb
# };
#
# provision = {
# enable = true;
#
# adminPasswordFile = config.sops.secrets."kanidm/admin_pass".path;
# idmAdminPasswordFile = config.sops.secrets."kanidm/idm_admin_pass".path;
#
# persons = let
# mainUser = "xun";
# mail = "xunuwu@gmail.com";
# in {
# ${mainUser} = {
# displayName = mainUser;
# legalName = mainUser;
# mailAddresses = [mail];
# groups = [
# "slskd.access"
# "slskd.admins"
# ];
# };
# };
#
# groups = {
# "slskd.access" = {};
# "slskd.admins" = {};
# };
#
# # systems.oath2 = {
# # slskd = {
# # displayName = "slskd";
# # originUrl = "https://";
# # };
# # };
# };
# };
## TODO: add forgejo
}

2
systemProfiles/core/locale.nix
View file

@ -1,4 +1,4 @@
{...}: {lib, ...}: { _: {lib, ...}: {
i18n = { i18n = {
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
supportedLocales = [ supportedLocales = [

2
systemProfiles/core/users.nix
View file

@ -1,4 +1,4 @@
{...}: {pkgs, ...}: { _: {pkgs, ...}: {
users.users.xun = { users.users.xun = {
isNormalUser = true; isNormalUser = true;
initialPassword = "nixos"; initialPassword = "nixos";

39
systemProfiles/secrets/hopper/default.nix
View file

@ -1,6 +1,6 @@
## TODO use defaultSopsFile mayb ## TODO use defaultSopsFile mayb
_: {config, ...}: let _: {config, ...}: let
autheliaUser = config.services.authelia.instances.main.user; # autheliaUser = config.services.authelia.instances.main.user;
in { in {
sops.secrets = { sops.secrets = {
wireguard = { wireguard = {
@ -19,7 +19,7 @@ in {
slskd = { slskd = {
format = "binary"; format = "binary";
sopsFile = ./slskd; sopsFile = ./slskd;
restartUnits = ["podman-slskd.service"]; # restartUnits = ["podman-slskd.service"];
}; };
cloudflare = { cloudflare = {
format = "binary"; format = "binary";
@ -36,48 +36,51 @@ in {
restartUnits = ["podman-betanin.service"]; restartUnits = ["podman-betanin.service"];
}; };
# lldap_jwt_secret = { transmission = {
# sopsFile = ./lldap.yaml; format = "binary";
# key = "jwt_secret"; sopsFile = ./transmission;
# owner = "lldap"; };
# };
# "lldap/jwt" = {
# lldap_user_password = { sopsFile = ./lldap.yaml;
# sopsFile = ./lldap.yaml; owner = "lldap";
# key = "user_password"; };
# owner = "lldap";
# }; "lldap/password" = {
sopsFile = ./lldap.yaml;
owner = "lldap";
};
# authelia # authelia
authelia_lldap_password = { authelia_lldap_password = {
format = "yaml"; format = "yaml";
sopsFile = ./authelia.yaml; sopsFile = ./authelia.yaml;
key = "lldap_password"; key = "lldap_password";
owner = autheliaUser; # owner = autheliaUser;
}; };
authelia_jwt_secret = { authelia_jwt_secret = {
format = "yaml"; format = "yaml";
sopsFile = ./authelia.yaml; sopsFile = ./authelia.yaml;
key = "jwt_secret"; key = "jwt_secret";
owner = autheliaUser; # owner = autheliaUser;
}; };
authelia_session_secret = { authelia_session_secret = {
format = "yaml"; format = "yaml";
sopsFile = ./authelia.yaml; sopsFile = ./authelia.yaml;
key = "session_secret"; key = "session_secret";
owner = autheliaUser; #owner = autheliaUser;
}; };
authelia_encryption_key = { authelia_encryption_key = {
format = "yaml"; format = "yaml";
sopsFile = ./authelia.yaml; sopsFile = ./authelia.yaml;
key = "encryption_key"; key = "encryption_key";
owner = autheliaUser; #owner = autheliaUser;
}; };
authelia_storage_password = { authelia_storage_password = {
format = "yaml"; format = "yaml";
sopsFile = ./authelia.yaml; sopsFile = ./authelia.yaml;
key = "storage_password"; key = "storage_password";
owner = autheliaUser; #owner = autheliaUser;
}; };
brawlstars-api-key = { brawlstars-api-key = {

11
systemProfiles/secrets/hopper/lldap.yaml
View file

@ -1,5 +1,6 @@
jwt_secret: ENC[AES256_GCM,data:C5TnV7d/qdgiX+J/K7vsKXuZ6atsrEwwbr189c7kURHH5bK3xW0BBw3p+MGS6RAQBK9+SN7t5k4uWlEm9Ekm5wDbgt10/WXerC1ZNacxbcSlB7i+w/Fne+g2d6vg7SwC7wpgH0nBmWSAnCmOdDlXOO6NYQ1zL8apCN99Z2M4SVQ=,iv:DzkZjX8+stqZxzNjcgl+uWR142bAdfeQd3RyByHzOE4=,tag:7tbciVbRuLRt8/1q2NRlAw==,type:str] lldap:
user_password: ENC[AES256_GCM,data:IuBlcthybynSI4AJpJ7nZFOgzbH5v4ucKxEO7fe65M1hak33gX7uQSFMRcj9gJAh/E8h87VudQkpxWC6+RKW/w==,iv:WJrvL2RhmoWCaqAjK7nn98Js/TXOL/3oeVADoOt9Vr8=,tag:JcQeKs0O+exoWCG5m/EFtQ==,type:str] jwt: ENC[AES256_GCM,data:/s7dTCwufcURfCEm7dUyo8sstQjN/0592xkw4I/Qt35xYXPEWL6RSuYe2epJ8SRDTH6JZtak0YvSnsE02Edauy9dPmP8CA/Sl3YzQsoMe5LfGrpcP4a5CdlInXKuUUFmecaAO5vufCPaLliATsWDzPo6AY8D21leqdxY8QRa9oE=,iv:Tq9v4sQyzw3leMGD9syL9/Jdoxu/66c3SHRD583uqzc=,tag:miGWl1G57gWWjNRbEcVfAw==,type:str]
password: ENC[AES256_GCM,data:Y4TCgSOl+LiOHSzLseX8HeuyreOwGfa9LWrTcf3CGbr70RKgef5si+A3qi4vTJa9Ft/+smHoLd9eCH2Ti9kR1w==,iv:934juRr049XQEz4UG41ZNHyvq7qTyTzTiKRm+bbxkv0=,tag:NCnB0FMOOama8dm7wEv3AQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -24,8 +25,8 @@ sops:
WFgzK1BpVks3YmcxT3gxYzl3eHpySFEKJwsayqczYl2bFViRTWlP1p2OomPA1NnE WFgzK1BpVks3YmcxT3gxYzl3eHpySFEKJwsayqczYl2bFViRTWlP1p2OomPA1NnE
EKU51AINXIYfnNaXzMKWEj52yoVLvtKiA/rdJeVVOOopwD+qa/lRkw== EKU51AINXIYfnNaXzMKWEj52yoVLvtKiA/rdJeVVOOopwD+qa/lRkw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-01T04:00:12Z" lastmodified: "2024-11-08T18:13:26Z"
mac: ENC[AES256_GCM,data:9mu/knvioQT4y7WGdRjDvfeZxYgNb3TnNnDWOIALN6sqNhs8cI8Q+ussNny9zTygRN/LsS4cvhGypqxZ48CT4YyIKxJ2Xuf32Ho+ojh65a4Kabe3CjklLaAnj//MXnvpUtEXFGKlTiyKi/JxHaQLOaeZBeMv1yfYKuo0hjdzlho=,iv:KR2UMbNmsyxa8TEv6lwTJlqc3Qe81DaTTVtzSZRZyik=,tag:B3Hvr1RRGDrxROylhUuFxg==,type:str] mac: ENC[AES256_GCM,data:XArGpA+g2rBudPew1FlVbe+u3hfrqfsTpCb+u6a5MDp3+ro6EUXytnuUJRS3PpsmfJ6PfzmM4q2QHa5qjTnqt3G4DXtenrb2zVixiSykE4qBwr2Jj07aDqG0/8fDQskAkP868EhTjJ+/3KQ3MyNLoaoWEISGN8ryLjM/ASHxD5s=,iv:LrqLod4yS3H1QYRozZv+sEKzigtaMGnLb1UfWdvoSEs=,tag:HoxUl6oOOjKRpyPt86CGxA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.1

24
systemProfiles/secrets/hopper/transmission Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:r/cojq4Krb+3JeDL+5P5wUlpehJHCRYR2fUAnGJoGSFMi2jMxQ4/rasSqZJlNxisReusu2cECUZT3LpjzUFZONsHQtHs0iC+xWMVZasJwxnWu62vLxQoJhTb/2EvnTKpV47WhAJeiaeVbFURKVCST6Z6xET/0kFxFB92iVFLIFWMfByMBMq34+xW41+fboOLA5vsWyNTcIQC2fVKc7wyi8Iq0ge+yAONm3QA2Qd24psuC5Dv,iv:sLLbYhE6tshYZo2HWGzNNmcDxb0ziPsDg+lsX6G92Ds=,tag:VRslfMCy1/GNGJ3vG9d+aQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJNVpReEZBb0tsT0QyczBv\nTVVTcEdaN0hoTUY5ZWhEU2NWcjlEa0VsOUdVClFONjhncXduNEdaWlBFTUF4TUFU\nWVJmQTN5dmV2dGJkenZVaXMrbWxuZW8KLS0tIGEveFBPc0hrS3FvVFdTZGQ2TW1r\nS3NWNTBFbGtJYlpnTUNUN1IrMTZKd3MKBtEbUpRAfnbyyXXOLDIvEd7aQaKKWvqh\n8z/s5a/yWGdh4VB90FRZol8Te0Ahu3hYBWiaUWE8dELeAb0Joakm0A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5dGh1VmFjM0FqRlEzMUoy\nblVscWNHQWkzTmVDV2hEaU9NNGtIOE5CbkRJCjcvTXdIaElqMmNrY2Q0RThUNWZr\ndDJvZzVVU01mUGJoR004MnRmZ2ZHKzgKLS0tIHUxSHJLc3RBWXdBT2pXU0lNZjVS\nSDdMeVppSkR5UXYyY0pUMVFjbllvVncKAp62v5o/vMgrbygJ1+5QWriRNbrdel5x\nPJAikvtzttEotMSVBww1Qj9T9H+NxfywqMT3PleZLeixz0eSr8vBAw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-08T12:20:18Z",
"mac": "ENC[AES256_GCM,data:yjPmnEZOLT63kPaf8I634/QNHIoz76/KbrcbqlbxhageGf49vHSmoQabA+nZ+X0e4QKYJamP2w03SHaTkBiAWPibmy4DxIxaZONGDNZyB0kXwgQHVMJS4ioYitPlzkOxuuNA0YywJ0zfQr2UL7f8Pnjv5Ce9fJX1ywfNGZ2SJXg=,iv:Pew7Icme84LO5cwtVkUJ4wVF0mwJiNrlT6ulKHCb8/o=,tag:/98B67+gAEMM/BKWLULPfQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}