diff --git a/.sops.yaml b/.sops.yaml index 6d61d0b..981f6c0 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,15 +1,18 @@ keys: - &min age1yubikey1qg5k0y844v5e79uwax3r00u7zdljwnjlrmwvdr3st9m5a3ra5098qy0sjdj + - &min-two age1yjqjfdpajzg8a2cj4e5ax6wcg5rq3337rm9jwsfzug2tr7yj8yfq27vteh - &eidola age1uqxzduupzes3tgfrrlret0n6thyldmlef60nqfzk689lmg6yayvsqpwxj6 - &silver age19yhycdgqczrvttszq97ccljh684x3r7f5dj4p0wdwqsrusqlcayse0vsh3 creation_rules: - - path_regex: secrets/eidola\.yaml$ + - path_regex: secrets/eidola/[^/]+$ key_groups: - age: - *min + - *min-two - *eidola - - path_regex: secrets/silver\.yaml$ + - path_regex: secrets/silver/[^/]+$ key_groups: - age: - *min + - *min-two - *silver diff --git a/nixos/hosts/default.nix b/nixos/hosts/default.nix index 99e523d..fd0ff34 100644 --- a/nixos/hosts/default.nix +++ b/nixos/hosts/default.nix @@ -19,9 +19,11 @@ system.modules ++ [ { - _module.args = { - inherit inputs; - }; + _module.args = + { + inherit inputs; + } + // system.extraArgs; } ../modules diff --git a/nixos/hosts/eidola/default.nix b/nixos/hosts/eidola/default.nix index 63d401d..5dd4153 100644 --- a/nixos/hosts/eidola/default.nix +++ b/nixos/hosts/eidola/default.nix @@ -1,9 +1,7 @@ -{inputs, ...}: rec { +{inputs, ...}: { system = "x86_64-linux"; - pkgs = import inputs.nixpkgs { - inherit system; - }; + extraArgs = {}; deployment = { host = "eidola.int.min.rip"; diff --git a/nixos/hosts/eidola/hardware.nix b/nixos/hosts/eidola/hardware.nix index 686c5de..2b051bd 100644 --- a/nixos/hosts/eidola/hardware.nix +++ b/nixos/hosts/eidola/hardware.nix @@ -32,11 +32,14 @@ hardware.enableAllFirmware = true; + # Enable hardware acceleration (for jellyfin, immich, etc) + hardware.graphics.enable = true; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - # networking.useDHCP = lib.mkDefault false; + networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/nixos/hosts/eidola/secrets.nix b/nixos/hosts/eidola/secrets.nix index cef65a7..75960cf 100644 --- a/nixos/hosts/eidola/secrets.nix +++ b/nixos/hosts/eidola/secrets.nix @@ -1,6 +1,6 @@ _: { sops = { - defaultSopsFile = ../../../secrets/eidola.yaml; + defaultSopsFile = ../../../secrets/eidola/default.yaml; age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; secrets."root-pw" = {neededForUsers = true;}; diff --git a/nixos/hosts/eidola/services/jellyfin.nix b/nixos/hosts/eidola/services/jellyfin.nix index 7f1fe92..a7d0adb 100644 --- a/nixos/hosts/eidola/services/jellyfin.nix +++ b/nixos/hosts/eidola/services/jellyfin.nix @@ -1,6 +1,4 @@ _: { - hardware.graphics.enable = true; - services.jellyfin = { enable = true; diff --git a/nixos/hosts/silver/default.nix b/nixos/hosts/silver/default.nix index 9b0c7d6..0527198 100644 --- a/nixos/hosts/silver/default.nix +++ b/nixos/hosts/silver/default.nix @@ -1,9 +1,7 @@ {inputs, ...}: rec { system = "x86_64-linux"; - pkgs = import inputs.nixpkgs { - inherit system; - }; + extraArgs = {}; deployment = { host = "silver.int.min.rip"; diff --git a/nixos/hosts/silver/secrets.nix b/nixos/hosts/silver/secrets.nix index a249628..41e396c 100644 --- a/nixos/hosts/silver/secrets.nix +++ b/nixos/hosts/silver/secrets.nix @@ -1,6 +1,6 @@ _: { sops = { - defaultSopsFile = ../../../secrets/silver.yaml; + defaultSopsFile = ../../../secrets/silver/default.yaml; age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; secrets."root-pw" = {neededForUsers = true;}; diff --git a/nixos/hosts/silver/services/breeze.nix b/nixos/hosts/silver/services/breeze.nix index 841c053..dc54184 100644 --- a/nixos/hosts/silver/services/breeze.nix +++ b/nixos/hosts/silver/services/breeze.nix @@ -15,6 +15,10 @@ in { locations."/" = { proxyPass = "http://127.0.0.1:${toString httpIntPort}"; + extraConfig = '' + # advertise http3 + add_header Alt-Svc 'h3=":$server_port"; ma=86400'; + ''; }; }; diff --git a/nixos/hosts/silver/services/grafana.nix b/nixos/hosts/silver/services/grafana.nix index 5a207c8..26adf7c 100644 --- a/nixos/hosts/silver/services/grafana.nix +++ b/nixos/hosts/silver/services/grafana.nix @@ -19,8 +19,6 @@ in { http_addr = "127.0.0.1"; http_port = httpIntPort; - enable_gzip = true; - enforce_domain = true; domain = dom; }; diff --git a/nixos/hosts/silver/services/min-rip.nix b/nixos/hosts/silver/services/min-rip.nix index c41bc37..314df51 100644 --- a/nixos/hosts/silver/services/min-rip.nix +++ b/nixos/hosts/silver/services/min-rip.nix @@ -12,6 +12,9 @@ in { extraConfig = '' add_header Cache-Control "max-age=15552000, must-revalidate"; add_header Content-type text/plain; + + # advertise http3 + add_header Alt-Svc 'h3=":$server_port"; ma=86400'; ''; }; diff --git a/nixos/hosts/silver/services/sim-breeze.nix b/nixos/hosts/silver/services/sim-breeze.nix index 8c1cb63..d93f7c3 100644 --- a/nixos/hosts/silver/services/sim-breeze.nix +++ b/nixos/hosts/silver/services/sim-breeze.nix @@ -2,6 +2,11 @@ httpIntPort = 14012; dom = "simul.lol"; in { + # xray depends on nginx config in this file + imports = [ + ./xray.nix + ]; + sops.secrets."svc-sim-breeze-upload_key" = { owner = "sim-breeze"; group = "sim-breeze"; @@ -15,6 +20,12 @@ in { locations."/" = { proxyPass = "http://127.0.0.1:${toString httpIntPort}"; + extraConfig = '' + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + + # advertise http3 + add_header Alt-Svc 'h3=":$server_port"; ma=86400'; + ''; }; extraConfig = let diff --git a/nixos/hosts/silver/services/xray.nix b/nixos/hosts/silver/services/xray.nix new file mode 100644 index 0000000..e63b6b8 --- /dev/null +++ b/nixos/hosts/silver/services/xray.nix @@ -0,0 +1,48 @@ +{ + config, + lib, + ... +}: let + httpIntPort = 14060; + dom = "simul.lol"; + user = "xray"; + group = "xray"; +in { + # depends upon sim-breeze.nix + services.nginx.virtualHosts.${dom} = { + locations."/streaming" = { + proxyPass = "http://127.0.0.1:${toString httpIntPort}"; + proxyWebsockets = true; + }; + }; + + sops.secrets."svc-xray-settings" = { + sopsFile = ../../../../secrets/silver/xray.json; + format = "json"; + name = "svc-xray-settings.json"; # xray needs .json extension + key = ""; # extract whole file. not nonexistent key `svc-xray-settings` + + owner = user; + inherit group; + }; + + services.xray = { + enable = true; + settingsFile = config.sops.secrets."svc-xray-settings".path; + }; + + # assign user/group to xray + + users.users.${user} = { + isSystemUser = true; + inherit group; + }; + + users.groups.${group} = {}; + + systemd.services.xray.serviceConfig = { + User = user; + Group = group; + DynamicUser = lib.mkForce false; + }; +} diff --git a/scripts/rekey.sh b/scripts/rekey.sh index aa86732..26d2b04 100755 --- a/scripts/rekey.sh +++ b/scripts/rekey.sh @@ -8,7 +8,7 @@ ROOT_DIR="$(realpath "$SCRIPT_DIR/..")" pushd "$ROOT_DIR" > /dev/null rekey_dir() { - find $1 | xargs -i sops updatekeys -y {} + find $1 -type f | xargs -i sops updatekeys -y {} } rekey_dir "secrets/*" diff --git a/secrets/eidola.yaml b/secrets/eidola/default.yaml similarity index 63% rename from secrets/eidola.yaml rename to secrets/eidola/default.yaml index 35fd100..0ef8f4d 100644 --- a/secrets/eidola.yaml +++ b/secrets/eidola/default.yaml @@ -9,21 +9,30 @@ sops: - recipient: age1yubikey1qg5k0y844v5e79uwax3r00u7zdljwnjlrmwvdr3st9m5a3ra5098qy0sjdj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IGpBdE54USBBb2FySEVQ - MlJXcHhrRGdaUWdqMVlhOVU2TFZDWVFaYURNK2JFMTI3eFZRRgo5ZmltTHRDSStB - MjhvSFM1bnViUllYQXcxT2ZUc3hUWnFhRmtDUFNxbWhJCi0tLSBXRlBOQ0FjWTFF - SHcvWFlHdnczbzlZeFdLaWFtaURzSENHZWJ6eGdUVEtJChc+IZb49DXtLhh+xutX - va765WabBmojoMKI6tIZGUqwwBCMZXd9tWAmyNOu3vxQ43KCpWXP/NkYxGgd0+Ot - 7eY= + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IGpBdE54USBBL3lkOE1Y + VDFoZjJic1ArNVNaSGo1NmJHV3lYSHY2REMxb0JyY2RUcHdwVQp3WDRNVldMcDNV + TTZRV1FaZHE4YzRNam1PNjNhNDRrNFFsZDBLeWpZeitVCi0tLSBtRG0xc2FDazJM + YVB4N2tCSDFLbnZoYWRYU0Y0ZmREdk8zQ1JSU3loOFBrCq3tOwFRmsroKOiN96Iq + VybSNCFyTMSf9bq42EK0BS6AbOQmaEiKwJTNMhjUZldkYJqKNVfj3T2tqMNiFs0P + mv8= + -----END AGE ENCRYPTED FILE----- + - recipient: age1yjqjfdpajzg8a2cj4e5ax6wcg5rq3337rm9jwsfzug2tr7yj8yfq27vteh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtaGJ5bW1uSHpEZEg3TXlJ + bm5YQjFhTUVEZ2JTTGVZVE5HKy93T2pzSXlZCmxGS3JkMlNVV1FGNUFtWXM2QjJQ + NUMxRytuOTVkK0xlTjIzck1IZFRvU3cKLS0tIERPM21OZ0RXOUl5SWoyc1EwS1gv + RkNod3ZqRkdIbnlrcXhFK2pEMmRERk0K9985Wrlc/JBWmJsVHoyH9CcEr5cX8bgx + C3cg1V/0+GYP0b3ovnYsssftMprYYEDmRYlJHheQFcCkRou/umBycw== -----END AGE ENCRYPTED FILE----- - recipient: age1uqxzduupzes3tgfrrlret0n6thyldmlef60nqfzk689lmg6yayvsqpwxj6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHdkJmdTJ2ZXl6ZEtjbVh1 - amVVREtNQURUVUpDdHp6OFV4eFpaaTVVaGs4CmZ3d3pCVlFpOUR0aFN6dlpPbjJs - eE5VRFBGOCtHbDZhbzgxYyt3anNGOTQKLS0tIGpoWkNHNTNoUTFUYWRTMFl1Mzh3 - VTJvaGtSZGpQMSs5N05pblQ4aEIzbkkKQiM+335AZC2+UmotonvM1nsyA/l9F5gr - da9+ltLr5U88pXfcdpiXTmxrSnMzDgLuZLRKZ0S/ZllGDhlnwxsuOQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWW9Gc3NPZzcrVTVneFc2 + NnpJQzNvbXhMaVR5bHllYnhBZE1JRnNmemgwCnp3bXpGWDRkbCsyU3lLMVF6T0Nv + NlkwZHZUQzBCL1BwOUFzWTFsTFZJajQKLS0tIER1dWhsaU1mbW4zSEhCbmVib1cy + eWRoSXlMamNjTHVaenpMR3dEOXNuWDAKSmbC+fGeKYcKy0eQdWPVVMpyBVYtogur + A0fYIBLXi+HMN+/7LXFb80vSnXN3v42KGQ/tzsWJo0ed3Q16wJ4eUA== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-05-09T23:52:41Z" mac: ENC[AES256_GCM,data:38RF2ZBEN8bnldWusQNhpju9zPd/sWRG8LgNesarcuqyqHVJCbjOo3Wm2arXCmnQAFlcmrLCbyheD/bpNhgbVEP2JscrqsH1PFTAAi+iLUK6AT4VZ1q/cdhRVVnHlR+wtehxufJ1sEAp3LNBbDKeSKTk8jorEfEz8NdE0uPvvjg=,iv:u9F0nEKYO/0E51f4z46GNvgK8E7QwoVI+xn7do5sGRc=,tag:Ovv85eGJi037y9hh1KqzEg==,type:str] diff --git a/secrets/silver.yaml b/secrets/silver/default.yaml similarity index 75% rename from secrets/silver.yaml rename to secrets/silver/default.yaml index c223374..35ea4d3 100644 --- a/secrets/silver.yaml +++ b/secrets/silver/default.yaml @@ -17,21 +17,30 @@ sops: - recipient: age1yubikey1qg5k0y844v5e79uwax3r00u7zdljwnjlrmwvdr3st9m5a3ra5098qy0sjdj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IGpBdE54USBBaksyYUQy - UlhXUDJlRE9SY2NUUE9OSWJjcFVPRkNJaUdWUktMT3NVU3pveApRU2NGSWVlZXAz - ODB0b1Y4Ry9iWVoxMFpxOU9HR0ppZ1A0MUFCSFEzRWJvCi0tLSBRVHdMUU5SR2d4 - ZlMzTkhDUDZJYXRlWTJ0NkpMaXZaUFprVzZKdElyZ3RjCo6/6NJZpJxTW8I4WsN+ - aGOyPa0xeiGs9kCkkYykoD6tQsf4FVovT+YOvvAlRrch4yKDo7oAVNF+hfw4vLeP - 24s= + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IGpBdE54USBBcThHdTl3 + NHNSNEw1VVVTNnlyM2FzZHFlcFVnWTRLNzRsSDhhQ0R5WlZ5Uwp2S1NtS2RKd0t2 + Wlc0dmcvWGJGclZrWDNEaTRvOEo0UlpyaG1pemZLTjY4Ci0tLSA0UE9uQzA5bUlo + N3pYM25yU09ZaFNzb3F6bFJCR0lzRDlNZ1IyMWZ6SDlvCscwVPwWt83Lr8L4G72L + vi98Md6DBrNc0xNCnR2fUHaCSeTST/c1VeEHpsqgeQ43wnWnYWG3LRS7aX1tVvvo + UrQ= + -----END AGE ENCRYPTED FILE----- + - recipient: age1yjqjfdpajzg8a2cj4e5ax6wcg5rq3337rm9jwsfzug2tr7yj8yfq27vteh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNdm9HZTBsVngwcG54RS9W + WElrYzJ3TUM2WkRCYThJcS9XTThQb0NnUXhvCnN3Z0ZlNkE5cHFVa2tDM01MaUJZ + NWJyL2crUDRVZkhIMkxQbFkvTmpGZzgKLS0tIDdsSklTVDQ1SE80WlkwVFZ5UVlX + Z2FrNldQeXFjMzRWTVN5Ykh4K3RMTWMK/7venyyXy0fJsWi1hqEdw3DUl7xFbj0z + kiiLLQt035RH/UiKyOlEVPC5xDAOEE00n0wSaYC9//vI/LXAxDgx3A== -----END AGE ENCRYPTED FILE----- - recipient: age19yhycdgqczrvttszq97ccljh684x3r7f5dj4p0wdwqsrusqlcayse0vsh3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3a0Z3TVBYSkV5YU0zeERa - T3NXUGxlMGp6UEFrdXJ2YmdjRE5YQ0t4eEVnClZ5eEgza3UzaGhIY3ExTjdZRVpO - eXFRMFU2NEFZRXZlRUlGUlF4V2tzUXMKLS0tIGF0RjR6aFFDMVZ0SWhJNDNTdkNp - MXdERWkyRitkbWtHMnpQaGxhbTRma2cK75S4x9TdquXAV00m9EQ1vJno14YTmPD4 - K8ne37brRWWi3gW6JsaOQOshNE19u4uwkAXZ2IQ+NdAq7Kt/qrcU8w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ3Z1czI5UGNXcDAyT3FN + cVV4YTJZNnNqa2dIMDVqVnB4Q0lxTUp3YWc0Ckt3MzNZUzdOSjBWQkIzTzRwbEhE + Rjl3NUFVclJ6VVM4Q0IyUDNJT1ZDckUKLS0tIHYyVTNaY28zekhXWUtVUThqUjdF + NVREcHJGWWIvY0Z1OGt4cGN6am1RaXMKAnlb8FOJ1wO5qtcmej57s7rhWjv5wqIn + nCUJX0R7s0/KH3aj98bX/4hQg2ZAw1l+xViOOIfwfRnzLWeyaAnk5A== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-05-11T01:03:55Z" mac: ENC[AES256_GCM,data:QiKJfX/odDwZLH8Ds6pTBrQ5FplSMGLzDwk9jhXu8y5B6SAnahuf4X9Nj9V6rNHvYMN7MBnVQKcb5lD/nofNPOLvck9CTP6yWJ3WTK4Nd79Ffx0kRK3QY8Q1WlzjE0fDel5pJaytivf/l+BZwrWKIR20h0HmT2ETSb+lzMdYFSs=,iv:rrT6VJkf/D3tzbuysu77eUiwUmHKZCwdrbcx3oTyBUI=,tag:zsBE/r7WGQ0PIo/ZQHS4/w==,type:str] diff --git a/secrets/silver/xray.json b/secrets/silver/xray.json new file mode 100644 index 0000000..4b7efc3 --- /dev/null +++ b/secrets/silver/xray.json @@ -0,0 +1,53 @@ +{ + "log": { + "loglevel": "ENC[AES256_GCM,data:mbQi7zKBog==,iv:1Xxb95L7iloljmHdBsYY50rCoQyrRu7AeU1sCN/tyzw=,tag:62F9cRuxJTyrTJ4OG09aUQ==,type:str]" + }, + "inbounds": [ + { + "listen": "ENC[AES256_GCM,data:HtY8ByxZ3vkM,iv:ZXYZ0es7pFOA/RGQQvCNRU23i7n7AGza1pqP4KvAoS0=,tag:GScJnzymZJ6uUlhwmppfaQ==,type:str]", + "port": "ENC[AES256_GCM,data:+qHgc8o=,iv:Ya3KrZzLjcb7uVAXFhscjFMD6yJXnyt/AakRk2SS6eA=,tag:DA+69lIbzm+z6ev7kfpSVA==,type:float]", + "protocol": "ENC[AES256_GCM,data:R6dhbB0=,iv:TwVobIOIZG3qXM3UylX2yAc04U77rh+XROwqH0fcXTw=,tag:xktgDmPYjxA1TP27w4dFyg==,type:str]", + "settings": { + "clients": [ + { + "id": "ENC[AES256_GCM,data:sW/OrfmvvIoUCesh6o6i13ii42ppMlULMCHm7dGNR60THrL+,iv:5o1ebsFvFz7FV/7bfEZWpjoTGpCGWpvS6c7JPlpCJuU=,tag:hTXbENZLcD4pUNfvPe9axA==,type:str]", + "email": "ENC[AES256_GCM,data:5ecahRH9zjXwQ3UshHJciCs=,iv:wt9ikuL6g2Pqrew0S9zs8z4Sn6TjIxuCIW7NNAZ6R/g=,tag:pcSreGlfKzsMJmFX1k8DdQ==,type:str]" + } + ], + "decryption": "ENC[AES256_GCM,data:THm0tQ==,iv:fcCansdqlMqfyaa4qoLeXVyV+QGEm7hfPr6L84VL0wc=,tag:TnO5Wu7KlwK+qB77xOGSjQ==,type:str]" + }, + "streamSettings": { + "network": "ENC[AES256_GCM,data:bU4N8q8sCJc67uo=,iv:S4nLjgnVn18Lw3vTqZewu2H735WCKB6HXpuySWHax/U=,tag:zwLcQYneVvZYaim381H1CA==,type:str]", + "httpupgradeSettings": { + "path": "ENC[AES256_GCM,data:/r2IHJSgagkshA==,iv:eb+CVVjsE1bWzhxd4a0u6lM3J65AqZ3wOeHdm7AQrgU=,tag:hblCpH7Vnqir6uZHO7AdYA==,type:str]" + } + } + } + ], + "outbounds": [ + { + "protocol": "ENC[AES256_GCM,data:+5U3oYGUBA==,iv:Z35TWquRT5f51jQoAEROACUtyI7fPFyGxa/gXumSEq4=,tag:Ui3YF9lTxP1T5D4Xq+I13Q==,type:str]", + "settings": {} + } + ], + "sops": { + "age": [ + { + "recipient": "age1yubikey1qg5k0y844v5e79uwax3r00u7zdljwnjlrmwvdr3st9m5a3ra5098qy0sjdj", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IGpBdE54USBBM2pNeE1B\nYVVZUGc5ellpSk5RS1pJNURFTkYvUzNmRS96cTZaM1VOSEhVWgpOeU5VQUY3R3Zn\naHpsdGluRnJjZnV1bzNDS3A5WXVYQWpaaFpob3RaTWpZCi0tLSA0aHRiV0tuZFda\nVGI3Z0F4b0U5b1ZKMGlKNDRMeERBbVB1VmpkK3lFaTkwCh4I81eVgiv2kf0WBo84\n9gn/BOeFlAORXh0GJt4g496lwkIFWb/NSTG9Vl2hdGx8OCw/3vUhcbWL8Ndtx34c\n0Ls=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1yjqjfdpajzg8a2cj4e5ax6wcg5rq3337rm9jwsfzug2tr7yj8yfq27vteh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVFJlVzNtSmFzTkZ4SW5s\nb2U0Szc0SytGZjRUVEFCbzBKd2lQOG96amhFCkRtMXQ0UG1qcm9lbjBDRnBiQ21Q\nZ3h1RDZtN0VONTdvWk1RWTE1WEwxd0kKLS0tIGNGSHl3NWE2SjFMd29CcDJ3Znlx\nQUNkNkhLTXpoWk1WVndUbGRRbnBNOG8K2sDAgRPo/4qlc/NQBV5fmDEX21Ri/qr8\np1ttuUxo141ZuTnJ/czKdMMiJScaIghUMZW4oFyxLwqQZfTSdyy4mw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age19yhycdgqczrvttszq97ccljh684x3r7f5dj4p0wdwqsrusqlcayse0vsh3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SjVJS2NRS1VwSm42bWRP\nVXFqT2wvWUVqS2RiZGVZTWEvTDNqbGExWFhRCkY5N213WEp1RWp6bkZEdkcyNUhO\nclVCTjI4enpBOHNUMEJTMzZoTzdlWjgKLS0tIDRpaU9NZitxY3lzL3Q4MGtXM3lN\nZWpRT3hhZ1hTeVhnMFRVZlAvOUIyYWcKeamBTHEl7QVFxFevy5ZiDQFgEFIAM+1u\n8bvwoMfrq95DKIqxC1cQ1ndTzALdok7kWfPjKG3nDxgFS1y84Fh04Q==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-05-13T20:34:00Z", + "mac": "ENC[AES256_GCM,data:JqBN/0K0BT3cZ+CNaRMMM5zTA26QvAPQcKuPmZda1DTWmu7uCzpvGhZb58VFDFDG5Pj7hqFy9ba++cu8GcBuAqbu/wlW9ogkgWtBdDi92wZyqU7KYO0cFVYuz8MVJBmI/tr1ikdsRypjdgGYKNLXhr9h3lQiQGGkB2uIe3SiKpA=,iv:LBB0T+Zdgt0ZK3cs8/ewpYJPetqol963DKVTfWutglY=,tag:Gp9sZRk1nrLAGqU0mlKfpQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +}