From 13714539c9e001e5aa1fda879f2e3924be30179a Mon Sep 17 00:00:00 2001 From: Alexander Szczepanski Date: Mon, 6 Jan 2025 10:40:25 +0100 Subject: [PATCH] thinkpad-2025-01-06-10-40-25 --- .sops.yaml | 2 + README.md | 2 +- configs/common-linux.nix | 68 ++++++++-------- flake.lock | 6 +- flake.nix | 12 +++ machine/desktop/configuration.nix | 8 +- machine/nixos-virtualbox/configuration.nix | 6 -- machine/thinkpad/configuration.nix | 87 +++++++++++++++++++++ machine/thinkpad/hardware-configuration.nix | 72 +++++++++++++++++ secrets/secrets.yaml | 79 ++++++++++--------- 10 files changed, 259 insertions(+), 83 deletions(-) create mode 100644 machine/thinkpad/configuration.nix create mode 100644 machine/thinkpad/hardware-configuration.nix diff --git a/.sops.yaml b/.sops.yaml index b363b75..9c73342 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -8,6 +8,7 @@ keys: - &mini age1hdv2nz7r5fv6glq7jac27uf864t2668a97ptx52q57yfg4jd7ypqkag7wd - &nixos-virtualbox age1zs6k39g6kz740z3p9f0r2tc8dwn677zn3v5963g42p6lsljh7y0qzfn9ql - &nixos-vm age120fg86wv7vrcw6aeuunkzr7nerpwg8w0vu08xp8v8feqawtzqquq4763cw + - &thinkpad age1dmkhlzvxemlufsydaed7vajm4cdpjwmqj3pmpvlljkjzlck8t4rswwph4j creation_rules: - path_regex: secrets.yaml$ key_groups: @@ -19,6 +20,7 @@ creation_rules: - *mini - *nixos-virtualbox - *nixos-vm + - *thinkpad - path_regex: secrets-desktop.y`aml$ key_groups: - age: diff --git a/README.md b/README.md index 47cec9b..dfab6bd 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ ``` -nix flake update . +nix flake update sudo mergerfs -o cache.files=partial,dropcacheonclose=true,category.create=mfs /run/media/alex/disk1:/run/media/alex/disk2:/run/media/alex/disk3 /home/alex/shared/raid diff --git a/configs/common-linux.nix b/configs/common-linux.nix index 04df321..572a829 100644 --- a/configs/common-linux.nix +++ b/configs/common-linux.nix @@ -31,44 +31,44 @@ supportedFilesystems = ["ntfs" "btrfs"]; initrd = { - # postDeviceCommands = pkgs.lib.mkBefore '' - # mkdir -p /mnt + postDeviceCommands = pkgs.lib.mkBefore '' + mkdir -p /mnt - # # We first mount the btrfs root to /mnt - # # so we can manipulate btrfs subvolumes. - # mount -o subvol=/ /dev/mapper/lvm-root /mnt + # We first mount the btrfs root to /mnt + # so we can manipulate btrfs subvolumes. + mount -o subvol=/ /dev/mapper/lvm-root /mnt - # # While we're tempted to just delete /root and create - # # a new snapshot from /root-blank, /root is already - # # populated at this point with a number of subvolumes, - # # which makes `btrfs subvolume delete` fail. - # # So, we remove them first. - # # - # # /root contains subvolumes: - # # - /root/var/lib/portables - # # - /root/var/lib/machines - # # - # # I suspect these are related to systemd-nspawn, but - # # since I don't use it I'm not 100% sure. - # # Anyhow, deleting these subvolumes hasn't resulted - # # in any issues so far, except for fairly - # # benign-looking errors from systemd-tmpfiles. - # btrfs subvolume list -o /mnt/root | - # cut -f9 -d' ' | - # while read subvolume; do - # echo "deleting /$subvolume subvolume..." - # btrfs subvolume delete "/mnt/$subvolume" - # done && - # echo "deleting /root subvolume..." && - # btrfs subvolume delete /mnt/root + # While we're tempted to just delete /root and create + # a new snapshot from /root-blank, /root is already + # populated at this point with a number of subvolumes, + # which makes `btrfs subvolume delete` fail. + # So, we remove them first. + # + # /root contains subvolumes: + # - /root/var/lib/portables + # - /root/var/lib/machines + # + # I suspect these are related to systemd-nspawn, but + # since I don't use it I'm not 100% sure. + # Anyhow, deleting these subvolumes hasn't resulted + # in any issues so far, except for fairly + # benign-looking errors from systemd-tmpfiles. + btrfs subvolume list -o /mnt/root | + cut -f9 -d' ' | + while read subvolume; do + echo "deleting /$subvolume subvolume..." + btrfs subvolume delete "/mnt/$subvolume" + done && + echo "deleting /root subvolume..." && + btrfs subvolume delete /mnt/root - # echo "restoring blank /root subvolume..." - # btrfs subvolume snapshot /mnt/root-blank /mnt/root + echo "restoring blank /root subvolume..." + btrfs subvolume snapshot /mnt/root-blank /mnt/root - # # Once we're done rolling back to a blank snapshot, - # # we can unmount /mnt and continue on the boot process. - # umount /mnt - # ''; + # Once we're done rolling back to a blank snapshot, + # we can unmount /mnt and continue on the boot process. + umount /mnt + ''; }; }; diff --git a/flake.lock b/flake.lock index c5aedb6..c751ce7 100644 --- a/flake.lock +++ b/flake.lock @@ -251,11 +251,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1735834308, - "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", + "lastModified": 1736012469, + "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6df24922a1400241dae323af55f30e4318a6ca65", + "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 4268789..855d139 100644 --- a/flake.nix +++ b/flake.nix @@ -105,6 +105,18 @@ ]; }; + thinkpad = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs outputs;}; + modules = [ + impermanence.nixosModules.impermanence + chaotic.nixosModules.default + inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-extreme + inputs.sops-nix.nixosModules.sops + ./machine/thinkpad/configuration.nix + ]; + }; + mini = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs outputs;}; diff --git a/machine/desktop/configuration.nix b/machine/desktop/configuration.nix index 7b1d90b..d962e2f 100644 --- a/machine/desktop/configuration.nix +++ b/machine/desktop/configuration.nix @@ -36,10 +36,6 @@ in { owner = config.users.users.alex.name; group = config.users.users.alex.group; }; - - hashedPassword = { - neededForUsers = true; - }; }; }; @@ -69,6 +65,10 @@ in { kernelPackages = pkgs.linuxPackages_cachyos; kernelParams = ["clearcpuid=514" "ip=dhcp"]; kernelModules = ["nct6775"]; + kernel.sysctl = { + "vm.max_map_count" = 262144; + "vm.nr_hugepages" = 1280; + }; extraModulePackages = with pkgs.linuxPackages_cachyos; [ryzen-smu]; initrd = { availableKernelModules = ["r8169"]; diff --git a/machine/nixos-virtualbox/configuration.nix b/machine/nixos-virtualbox/configuration.nix index 6b19016..ad2f1d0 100644 --- a/machine/nixos-virtualbox/configuration.nix +++ b/machine/nixos-virtualbox/configuration.nix @@ -20,12 +20,6 @@ keyFile = "/var/lib/sops-nix/key.txt"; generateKey = true; }; - - secrets = { - hashedPassword = { - neededForUsers = true; - }; - }; }; time.timeZone = "Europe/Berlin"; diff --git a/machine/thinkpad/configuration.nix b/machine/thinkpad/configuration.nix new file mode 100644 index 0000000..e9c67f1 --- /dev/null +++ b/machine/thinkpad/configuration.nix @@ -0,0 +1,87 @@ +{ + config, + pkgs, + inputs, + outputs, + ... +}: { + imports = [ + ./hardware-configuration.nix + # ../../configs/borg.nix + ../../configs/common-linux.nix + ../../configs/docker.nix + ../../configs/libvirtd.nix + ../../configs/user.nix + ]; + + sops = { + defaultSopsFile = ../../secrets/secrets-mini.yaml; + }; + + boot = { + initrd = { + luks.devices = { + root = { + device = "/dev/disk/by-uuid/7f2eb00d-49d8-416f-a742-5af5ce871483"; + preLVM = true; + }; + }; + }; + kernelPackages = pkgs.linuxPackages_latest; + # extraModulePackages = with pkgs.linuxPackages_latest; [rtl88x2bu]; + }; + + time.timeZone = "Europe/Berlin"; + networking = { + hostName = "thinkpad"; + useDHCP = true; + firewall = {enable = false;}; + # interfaces = { + # br0 = { + # useDHCP = true; + # }; + # }; + + # bridges.br0.interfaces = ["enp3s0"]; + + nftables.enable = true; + + wireless = { + enable = true; + networks.Skynet-mobil.psk = "***"; + interfaces = [ "wlp0s20f3" ]; + }; + }; + + environment = { + # systemPackages = with pkgs; [ + # nyx + # snapraid + # mergerfs + # ]; + # persistence."/persist" = { + # directories = [ + # # "/var/lib/docker" + # "/var/lib/tor" + # ]; + # }; + }; + + hardware = { + enableAllFirmware = true; + }; + + services = { + locate = { + prunePaths = ["/mnt" "/nix"]; + }; + }; + + powerManagement = { + enable = true; + powertop.enable = true; + # cpuFreqGovernor = "powersave"; + }; + + system.stateVersion = "24.11"; +} diff --git a/machine/thinkpad/hardware-configuration.nix b/machine/thinkpad/hardware-configuration.nix new file mode 100644 index 0000000..9b596df --- /dev/null +++ b/machine/thinkpad/hardware-configuration.nix @@ -0,0 +1,72 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = ["dm-snapshot"]; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/6de51510-623b-4ae4-b0ba-a319057eb6ea"; + fsType = "btrfs"; + options = ["subvol=root"]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/6de51510-623b-4ae4-b0ba-a319057eb6ea"; + fsType = "btrfs"; + options = ["subvol=home"]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/6de51510-623b-4ae4-b0ba-a319057eb6ea"; + fsType = "btrfs"; + options = ["subvol=nix"]; + }; + + fileSystems."/persist" = { + device = "/dev/disk/by-uuid/6de51510-623b-4ae4-b0ba-a319057eb6ea"; + fsType = "btrfs"; + options = ["subvol=persist"]; + neededForBoot = true; + }; + + fileSystems."/var/log" = { + device = "/dev/disk/by-uuid/6de51510-623b-4ae4-b0ba-a319057eb6ea"; + fsType = "btrfs"; + options = ["subvol=log"]; + neededForBoot = true; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/7785-083C"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/ded22b9d-440d-46d8-8246-b52deca7a49c";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 67babd9..7d1582e 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -8,65 +8,74 @@ sops: - recipient: age1gjhlw6vkfers3f76yug3alwupe4jckjhg8ncr8kll5gj5g6wlqtqacqa73 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxaVdQQXdOV1ZVSDVUdDBy - ODAzN3RYRi9Sd0pHUlh6bVVwclkwM0daQzNrClZEdU1CYktMQVZ2enBMbFdsTmZ2 - SHVRekpwWjlJdm9XNnVrUWZGdncxK2cKLS0tIFhRalByNG1GUy9kTVRqaHBpSUJu - N3hmdFhLU1V1UUJ2SzBYOGk2LzVwb3MKBDHXy9Y5sSlDhmHUoiDdWhStxCiNq0fX - ef6GNTfFWWMT1eigq2av8u/xzUJ0kkUARkcWe14O7EGDga0Lij0ixg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ek9ZNkl2cHlsWDJkbkdE + Q2d6a1diWnBHZlNPcmsyYnhnWkhPczJDMDNZCktFclNCVm42MjJDTWE0enI2UzUv + Mi9LYTFqVmhqQ2Vmc1BPRGZMMm9wQ0kKLS0tIHlnSGtNbGxhL1pDK0U2YnNWSWJp + aFUwWDRTS3U1TnU0TVpJaExQNmM1ZlUKDF3TuqTmdWJvlnElL0nHu4/cRx4LAqRA + 0/VuwZHdSW1P/Pm06K+OE3Q2hzVYEux/NNduI4gxJLXtL7s3Ux0IsA== -----END AGE ENCRYPTED FILE----- - recipient: age1m873zl0umr6huvs7ft98t7dg3wqx7skzgdrd6vjzeh8h6kkgdghsy5atvx enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZitER241elRYZHZnRmhY - WUZYN3VCSmlUbHgvMzFXYXpJTCtJOEg3Nm5VCktXOGVsSitsUktkSmZaOWxHcWdx - NEV0dndsRmIxUVZFTUEwS1RIWXdMMmsKLS0tIEo1WnhrR0dCRVVWc3VTVndueEFY - eUFPbEdZa0tnYnYra3dUdE14SHZLdGsKny/grhc64lPMDdJLvHPCHn7ZMPtNksI7 - dvRALhDGEgbTfJR4wEZJumx56wZbak+vI3sNYo/RXDggRrKmJCUrDA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzUjhuWXk1aTZMdW5rQUVh + aFFsZFJNRFZKcnh6L2pVUjZ4Zy95bGlvdWc4Cng3bmNYbmkzTzc3QlJYRjAwT3Bl + MXV6NjkvY3BteXdacHl6SDIvSU40OTgKLS0tIGp6MGFnNHd1VXdVVDJnVlJnVzZx + b1VpWWd3NlFUR0dLVTVBa3VQaXJXT0EKLjEPsu9vYGEzKq0A9zD4WfMUUFXJ5a2G + KmTdOMS+mE3QMbUSWOujBMw7dmfevfhNtknjfKHJzOBfzRIlmGXqBA== -----END AGE ENCRYPTED FILE----- - recipient: age1hcnyvwydfrhl9sz0dv4j5dsv2jzwmxvvhq6w7ejy0y5yxuj034es08gz9s enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUUROaDkwTVdhellISUQ4 - OVNpNUtKUm9OMk1HVVp3TmZlYVRtYTZoQUJJCnhuMG12djd1OXF2RzZjaDFCM1R2 - TDNTQU11OFRjdXl5eTlKc1FmUUpJeDAKLS0tIGxQQVlKRTQ4c0xkOTlaUXVIT2Va - bGkrS0lQWE1FdEhnc0x0K0lKKzAzbjgKkOcHJJBS1XfoL2TzseFZTmeJXYXeSK7r - LiBegZy714nyf/AS+b2sNC9uu3oLsjF/Ro4uyLP3Ti81E+pJeU/ImA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKM0d4bktNdTYzRkxscTQ5 + RGtHZzN6Vmg2ditjQzU5ZkJIbnl4aGFkZXhzClF4SlRCcTk2a0szblBoMVJMS0tU + bmJPa0ppUUVmTW54NVpob3hMbzA4dDQKLS0tIGY3YzRkcVEwcXFYbEFRNGdoaHdi + Yjl5d0hFcmVaaStIbFRGeHRld09WcU0KdbvLVxfhkcIDpiAz2rnmmEYOTUzeKV0R + VyOfNBDXAQ6xfay6MOBTgCPOz7cbElL2MFDOv/JdTEqqu3vfHTP/XA== -----END AGE ENCRYPTED FILE----- - recipient: age1w3nq2g9ctm43f43lyzfrznywqpqlrk6x9de2qy3sr05mm4yk4u3s05slw4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5Y2RqVmZUcUhkUTRKaDZw - RUhBR2dSdVZjdW9MdGNPSXFFclV0UlVzMFUwClpqZzd5Ymh3eVRFcUVBYlVDR2Nu - ZTNsWHBmZTZlekdweVFGdmJjMXJwVWsKLS0tIDBkWDBuZG9vUkhxNlVRYlk3Y3cy - eG9wTHduTFlLQ3ZqK0tSbGtNQ25BVFkKjGrZjEfaViijBm6AQVPOv/fz7cJBxO0J - J5G83XNFeU0zn78iuc9K/EwuSBbTPhjczOu1s7HNJOm26DrP/NrbXg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFMVhTaXVCb3dqNTVsTUhJ + dlhMbUlZbXYwcVBiczJaQXRqOEI4UDJqc3hNCk5CWWRIcWg5dmE3QjB4aitHc3pQ + NDJVdmhvTU0vc2dnWmFmU1Rob3J1alUKLS0tIFlmOUhDVUJjbmw5dUFKZ3NTVTJX + a09yd2JQR3ZiM1dreVZJbmpwVlJrcjAKbW4JCzpNg+jhlMAYoldv0l0oJtR+EyI5 + RzAc73V9zcyKIqUHOXKW0oUzoly2EEOUUiSAgOZ1jzglyxGfL2zWjw== -----END AGE ENCRYPTED FILE----- - recipient: age1hdv2nz7r5fv6glq7jac27uf864t2668a97ptx52q57yfg4jd7ypqkag7wd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPcSthSmxOTjREWEZ5QzYy - N0ZZTVlvTjZqamZIb21Rbk05SEIwU0E4MnpvCkRDVXg0clBEWTQ3TXJOSnpZYVM1 - R3dwc3J4SmJBenNiT2dIK1J2WTY3eWcKLS0tIFVNQm5zYjB4dFIxMG8wKzlOaStG - MS9Pc2JmUHVFRU1hVjkvM0lZeEU3ajQKhNRTwMgTg3clHKxDQswcpkkkcGNMe3fD - W+Qvp+x9rOSUPgMdB2o5+8rsnzN1u+Pl+SYQ+UiMgKzSPCqJbsKqGg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZ2VScHUzVDFYYlhKWVlj + RFc1WGJiKzhUK0x6QW51Yko0QVh0cVBWbTM4Cjdyam0yRG01OTREYlVMVTdTRjZh + RzMxaG9EdVFCUjFRdXM3VE5Qa0d4RWcKLS0tIDFzUzRya21naUhVcklmak0vanBV + bmcvbnpHLzloR0I0Z01jcFpTaVRNWncK0LQfKxfltvCpGWvmPMtmqu+wid30qfL4 + NqZhAMNHmCmnzSX0ViQQU0e4Hrd8/2FhJNap5k88ZenyzLWd7ToBuA== -----END AGE ENCRYPTED FILE----- - recipient: age1zs6k39g6kz740z3p9f0r2tc8dwn677zn3v5963g42p6lsljh7y0qzfn9ql enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0aFVKenl6YnFqVmpuQ0hs - SHlEYUVFSm5xTUNxNjhhV3d0NnBrMTB6OEhNCmtZa3o5dzluNTNQL1lXdVlIREJJ - b3FCMGE2NnJMcThzREVkYUVQVnVBWlEKLS0tIDBzemwxdWJwSFhwcUg1YmtCT0Z3 - aVlHRXQ4Z3RFd2dUUFNMeUdwV3FFOE0K9HrCceBsDw4KhG9yL2rT/nX6Lyb2Th1K - CUUUF0GGxMNMfwPatooEaM2Nx9izmo7jFDbKgDfWlrp8CLH6W+nlyQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0czcrYWFiRklXTFA1aXQ3 + WE9BejdSeEdLYXZESXloZWw2ZzV6cDZUNmljCk94eS9TYVB4RlFPTi96eG95bWVL + L21jcGxJUDN1RUMzTVo5RTMvV0NkYWcKLS0tIHRlRkt1bjBGMmo5azFzNk41REZm + MlQzZlNPUitVVG5hb3FBMGdZcHFSVE0K4fcnPvCWFrl6QilgK6dtoeDhznRguoUk + cZbIbDJ3d1WE6ITl7MRCNuixtNTd+UCnCkamF1FKtboP5EvniQ7/zw== -----END AGE ENCRYPTED FILE----- - recipient: age120fg86wv7vrcw6aeuunkzr7nerpwg8w0vu08xp8v8feqawtzqquq4763cw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbFIzaWdPZmd5eTdDN1hG - YXBnakprdGU2WlBrY21Rd0NOb3UyQjArcWc4CjhFRUxueWppRkRacmUvbERlbzkz - dDZSSmFFOU9KUmVTQmU2c2J3dnBET2sKLS0tIDNOTmZ0bjNGc1VoNTd0OGFvZU5O - bTA1M3RzclpGOFZHNEJtUmx1NE9ockkK0MnfyVCDLUl7LkgWM1qxbtrl+LL9PuD3 - 2h5w1gLAKJumHJFbqYcxIo2haTQMgYb6APek0OvEkNlqp+piBo/tGQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSMXcvL2swcFcwZDRxRmtx + SzV4TjhyZ05UWmRaZG1QZm9WY2ZHODdVT2c4CkdxT2ltZnl3Ujk4M3Y2eHJ5VTVz + c1U3QmptTERxQ1pBY1RLL1NRWjhlOFkKLS0tIG5RbTZCL0JrN1dKekFFeXJBN1RR + b2t4V2FuL1lBM3k3Q1Z0M08rTkk1dlEKnm6tg/qKVjzHCQJCcJFuOqKqWYnk78WD + 1H2FYyCR4AB/H9W+qgPYsND5sGj3rmqXXaWPWKxO/DeT+i8Ur2btdQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dmkhlzvxemlufsydaed7vajm4cdpjwmqj3pmpvlljkjzlck8t4rswwph4j + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTM2lnTEFUaFZBczJWOTAx + QlNReGFkWWpKT0Q1Q2R4MG8vVkU0OFBCUEdNCkRmNVhyVmtWOVBCdkU2WVVpRkhF + NmZTVHhieVBIYTRVUUZkM2lYeWx1ME0KLS0tIFJiNzR2QVF4ek9lU0hWWnJyRHF5 + Z01OdDdUelFLeUNTSVZ4bUNQNDNIZHcKCBRiWCxASpO7tgCIBYOU7DqOxpT6krH7 + u66QWXJ2gT0MeVloBv/qrqHv0p2JmECpG393XnHHBC83yNg3SawriA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-08-31T15:55:06Z" mac: ENC[AES256_GCM,data:KQraWMxoXkcrEHCG6R+M31qRCGMwXekA9hIgyULXLaCjkHHJ1JRovgMD0ujTgZVseLipXBCXzH2RJvErNDhozXyrSEpzU0hBb50c0BCD3yaSPojTFCHDGIt/9qi4YHVnOHBP7jVxrFSGk84TNgMqO16dUNsMu6faEYX8CpkHoZM=,iv:ci/kWQCWuV98YdCtgKqQCOgsfAup/pG4smoWvFXRWX4=,tag:2ivvnVo0+ft3BIts3axMGw==,type:str]