mirror of
https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git
synced 2024-11-21 18:57:58 +01:00
Local akkoma for testing
This commit is contained in:
parent
b317cd7865
commit
85654ce3a9
8 changed files with 361 additions and 17 deletions
|
@ -1,10 +1,12 @@
|
||||||
keys:
|
keys:
|
||||||
- &primary_gpg D3067BE844D3FC49535A47B29396B8BA6FBB14DE
|
- &primary_gpg D3067BE844D3FC49535A47B29396B8BA6FBB14DE
|
||||||
|
- &laptop_ssh_pubkey age1xrzl49tvnatuu55xu5av6xcxyhrakd7mkzl5kz30kqqaxvh2m3sqax8jeu
|
||||||
- &vps_ssh_pubkey age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
- &vps_ssh_pubkey age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/secrets.yaml$
|
- path_regex: secrets/.*\.(yaml|json)$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
- *primary_gpg
|
- *primary_gpg
|
||||||
age:
|
age:
|
||||||
- *vps_ssh_pubkey
|
- *vps_ssh_pubkey
|
||||||
|
- *laptop_ssh_pubkey
|
||||||
|
|
30
hosts/laptop/akkoma/akkoma-static.nix
Normal file
30
hosts/laptop/akkoma/akkoma-static.nix
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{ pkgs, config, lib, ... }:
|
||||||
|
let
|
||||||
|
imperativeStaticPath = "/data/akkoma/static_i";
|
||||||
|
declarativeStaticPath = "/data/akkoma/static_d";
|
||||||
|
mergedStaticPath = "/data/akkoma/static";
|
||||||
|
declarativeStaticFiles = let cfg = config.services.akkoma; in with lib; pkgs.runCommandLocal "declarative-akkoma-static" { } ''
|
||||||
|
${concatStringsSep "\n" (mapAttrsToList (key: val: ''
|
||||||
|
mkdir -p $out/frontends/${escapeShellArg val.name}/
|
||||||
|
ln -s ${escapeShellArg val.package} $out/frontends/${escapeShellArg val.name}/${escapeShellArg val.ref}
|
||||||
|
'') cfg.frontends)}
|
||||||
|
|
||||||
|
${optionalString (cfg.extraStatic != null)
|
||||||
|
(concatStringsSep "\n" (mapAttrsToList (key: val: ''
|
||||||
|
mkdir -p "$out/$(dirname ${escapeShellArg key})"
|
||||||
|
ln -s ${escapeShellArg val} $out/${escapeShellArg key}
|
||||||
|
'') cfg.extraStatic))}
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
environment.systemPackages = with pkgs; [ mergerfs ];
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${imperativeStaticPath} 700 akkoma akkoma -"
|
||||||
|
"L+ ${declarativeStaticPath} - - - - ${toString declarativeStaticFiles}"
|
||||||
|
];
|
||||||
|
fileSystems."${mergedStaticPath}" = {
|
||||||
|
fsType = "fuse.mergerfs";
|
||||||
|
device = "${imperativeStaticPath}:${declarativeStaticPath}";
|
||||||
|
options = [ "cache.files=off" "dropcacheonclose=true" "category.create=epff" ];
|
||||||
|
};
|
||||||
|
}
|
53
hosts/laptop/akkoma/akkoma.nix
Normal file
53
hosts/laptop/akkoma/akkoma.nix
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{ pkgs, lib, config, ... }:
|
||||||
|
let
|
||||||
|
inherit ((pkgs.formats.elixirConf {}).lib) mkMap mkAtom mkRaw mkTuple;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.akkoma = {
|
||||||
|
enable = true;
|
||||||
|
initSecrets = false;
|
||||||
|
patches.configurableFromDatabase = true;
|
||||||
|
# frontends.mastodon = {
|
||||||
|
# package = ;
|
||||||
|
# name = "mastodon-fe";
|
||||||
|
# ref = "stable";
|
||||||
|
# };
|
||||||
|
extraPackages = with pkgs; [ zip unzip exiftool ffmpeg_5-headless graphicsmagick-imagemagick-compat ];
|
||||||
|
config = {
|
||||||
|
":pleroma".":instance" = {
|
||||||
|
name = "My Akkoma instance";
|
||||||
|
description = "Akkoma instance description";
|
||||||
|
email = "user@localhost";
|
||||||
|
registration_open = false;
|
||||||
|
federating = false;
|
||||||
|
upload_dir = "/data/uploads";
|
||||||
|
static_dir = "/data/akkoma/static";
|
||||||
|
};
|
||||||
|
":pleroma"."Pleroma.Web.Endpoint" = {
|
||||||
|
url.host = config.myAkkomaContainerOptions.domain;
|
||||||
|
http.ip = config.myAkkomaContainerOptions.localAddress;
|
||||||
|
http.port = config.myAkkomaContainerOptions.localPort;
|
||||||
|
};
|
||||||
|
|
||||||
|
":pleroma"."Pleroma.Uploaders.Local".uploads = "/data/uploads";
|
||||||
|
|
||||||
|
":pleroma".":mrf".policies = map mkRaw [
|
||||||
|
"Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy"
|
||||||
|
"Pleroma.Web.ActivityPub.MRF.TagPolicy"
|
||||||
|
"Pleroma.Web.ActivityPub.MRF.SimplePolicy"
|
||||||
|
];
|
||||||
|
":pleroma".":mrf_simple".accept = [
|
||||||
|
(mkTuple ["good.instance" "good!"])
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
|
":pleroma"."Pleroma.Web.Endpoint".secret_key_base = { _secret = "/run/secrets/akkotest/key-base"; };
|
||||||
|
":pleroma"."Pleroma.Web.Endpoint".signing_salt = { _secret = "/run/secrets/akkotest/signing-salt"; };
|
||||||
|
":pleroma"."Pleroma.Web.Endpoint".live_view.signing_salt = { _secret = "/run/secrets/akkotest/liveview-salt"; };
|
||||||
|
":web_push_encryption".":vapid_details".private_key = { _secret = "/run/secrets/akkotest/vapid-private"; };
|
||||||
|
":web_push_encryption".":vapid_details".public_key = { _secret = "/run/secrets/akkotest/vapid-public"; };
|
||||||
|
":joken".":default_signer" = { _secret = "/run/secrets/akkotest/jwt-signer"; };
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
45
hosts/laptop/akkoma/akkontainer.nix
Normal file
45
hosts/laptop/akkoma/akkontainer.nix
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{ lib, config, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.myAkkomaContainerOptions;
|
||||||
|
in
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
options.myAkkomaContainerOptions = {
|
||||||
|
enable = mkEnableOption "akkoma container tweaks";
|
||||||
|
hostAddress = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
localAddress = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
localPort = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
};
|
||||||
|
domain = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
isContainer = mkOption {
|
||||||
|
type = types.uniq types.bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
containerName = mkOption {
|
||||||
|
type = types.uniq types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
config = mkIf (cfg.enable && (!cfg.isContainer)) {
|
||||||
|
containers.${cfg.containerName}.config =
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
myAkkomaContainerOptions = with cfg; {
|
||||||
|
isContainer = true;
|
||||||
|
inherit hostAddress;
|
||||||
|
inherit localAddress;
|
||||||
|
inherit localPort;
|
||||||
|
inherit domain;
|
||||||
|
# inherit containerName;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
141
hosts/laptop/akkotest.nix
Normal file
141
hosts/laptop/akkotest.nix
Normal file
|
@ -0,0 +1,141 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
hostAddress = "192.168.100.10";
|
||||||
|
localAddress = "192.168.100.11";
|
||||||
|
localPort = 4000;
|
||||||
|
domain = "akkotest.local";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./akkoma/akkontainer.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.extraHosts = ''
|
||||||
|
127.0.0.1 ${domain}
|
||||||
|
'';
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."${domain}" = {
|
||||||
|
serverName = "${domain}";
|
||||||
|
forceSSL = true;
|
||||||
|
sslCertificate = "/data/selfcerts/nginx-selfsigned.crt";
|
||||||
|
sslCertificateKey = "/data/selfcerts/nginx-selfsigned.key";
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://${localAddress}:${toString localPort}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
sops.secrets =
|
||||||
|
let
|
||||||
|
sopsFile = ../../secrets/akkotest.yaml;
|
||||||
|
format = "yaml";
|
||||||
|
sopsPrefix = "akkotest";
|
||||||
|
mkSopsSecret = secretList: builtins.listToAttrs(map
|
||||||
|
(name: {
|
||||||
|
name = "${sopsPrefix}/${name}";
|
||||||
|
value = {
|
||||||
|
inherit sopsFile;
|
||||||
|
inherit format;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
secretList);
|
||||||
|
in mkSopsSecret [
|
||||||
|
"vapid-private"
|
||||||
|
"vapid-public"
|
||||||
|
"liveview-salt"
|
||||||
|
"signing-salt"
|
||||||
|
"jwt-signer"
|
||||||
|
"key-base"
|
||||||
|
];
|
||||||
|
# sops.secrets."akkotest/vapid-private" = {
|
||||||
|
# sopsFile = ../../secrets/akkotest.yaml;
|
||||||
|
# format = "yaml";
|
||||||
|
# };
|
||||||
|
|
||||||
|
myAkkomaContainerOptions = {
|
||||||
|
enable = true;
|
||||||
|
hostAddress = "192.168.100.10";
|
||||||
|
localAddress = "192.168.100.11";
|
||||||
|
localPort = 4000;
|
||||||
|
domain = "akkotest.local";
|
||||||
|
containerName = "akkotest";
|
||||||
|
};
|
||||||
|
|
||||||
|
containers.akkotest =
|
||||||
|
let
|
||||||
|
outerConfig = config;
|
||||||
|
hostDataPrefix = "/data/akkotest";
|
||||||
|
containerDataPrefix = "/data/akkotest";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
ephemeral = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
inherit hostAddress;
|
||||||
|
inherit localAddress;
|
||||||
|
allowedDevices = [
|
||||||
|
{
|
||||||
|
modifier = "rwm";
|
||||||
|
node = "/dev/fuse";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
bindMounts."/dev/fuse" = {};
|
||||||
|
bindMounts.static = {
|
||||||
|
hostPath = "/data/static_i_akkotest";
|
||||||
|
mountPoint = "/data/akkoma/static_i";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
bindMounts.db = {
|
||||||
|
hostPath = "/data/postgresql_akkotest";
|
||||||
|
mountPoint = "/data/postgresql";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
bindMounts.uploads = {
|
||||||
|
hostPath = "/data/uploads_akkotest";
|
||||||
|
mountPoint = "/data/uploads";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
bindMounts.secrets = {
|
||||||
|
hostPath = "/data/secrets_akkotest";
|
||||||
|
mountPoint = "/var/akkosecrets";
|
||||||
|
isReadOnly = true;
|
||||||
|
};
|
||||||
|
bindMounts."/run/secrets/akkotest" = {
|
||||||
|
isReadOnly = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
config =
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./akkoma/akkontainer.nix
|
||||||
|
./akkoma/akkoma.nix
|
||||||
|
./akkoma/akkoma-static.nix
|
||||||
|
../../modules/akkoma-patches.nix
|
||||||
|
];
|
||||||
|
# myAkkomaContainerOptions = outerConfig.myAkkomaContainerOptions.mkInnerConfig;
|
||||||
|
# myAkkomaContainerOptions = {
|
||||||
|
# inherit hostAddress;
|
||||||
|
# inherit localAddress;
|
||||||
|
# inherit localPort;
|
||||||
|
# inherit domain;
|
||||||
|
# isContainer = true;
|
||||||
|
# };
|
||||||
|
environment.systemPackages = with pkgs; [ zip unzip ];
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /data/postgresql 700 postgres postgres -"
|
||||||
|
# "d /data/uploads 700 akkoma akkoma -"
|
||||||
|
"d /var/akkosecrets 500 akkoma akkoma -"
|
||||||
|
];
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.postgresql_15;
|
||||||
|
dataDir = "/data/postgresql";
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
localPort
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -9,6 +9,9 @@ let
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
imports = [
|
||||||
|
./akkotest.nix
|
||||||
|
];
|
||||||
# boot.kernelPackages = pkgs.linuxPackages_zen;
|
# boot.kernelPackages = pkgs.linuxPackages_zen;
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
@ -291,7 +294,6 @@ in
|
||||||
defaultSopsFile = ../../secrets/secrets.yaml;
|
defaultSopsFile = ../../secrets/secrets.yaml;
|
||||||
defaultSopsFormat = "yaml";
|
defaultSopsFormat = "yaml";
|
||||||
secrets.example_key = {};
|
secrets.example_key = {};
|
||||||
gnupg.home = "/home/lgm/.gnupg";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# OnlyKey
|
# OnlyKey
|
||||||
|
@ -360,13 +362,25 @@ in
|
||||||
# Enable the OpenSSH daemon.
|
# Enable the OpenSSH daemon.
|
||||||
# services.openssh.enable = true;
|
# services.openssh.enable = true;
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings.PermitRootLogin = "no";
|
||||||
|
};
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Open ports in the firewall.
|
||||||
networking.firewall.trustedInterfaces = [ "p2p-wl+" ];
|
networking.firewall.trustedInterfaces = [ "p2p-wl+" ];
|
||||||
networking.firewall.allowedTCPPorts = [ 5900 5905 7236 7250 ];
|
networking.firewall.allowedTCPPorts = [ 5900 5905 7236 7250 ];
|
||||||
networking.firewall.allowedUDPPorts = [ 5900 5905 7236 5353 ];
|
networking.firewall.allowedUDPPorts = [ 5900 5905 7236 5353 ];
|
||||||
|
|
||||||
# Or disable the firewall altogether.
|
# Or disable the firewall altogether.
|
||||||
# networking.firewall.enable = false;
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# enable NAT for the containers
|
||||||
|
networking.nat.enable = true;
|
||||||
|
networking.nat.internalInterfaces = ["ve-+"];
|
||||||
|
networking.nat.externalInterface = "wlp3s0";
|
||||||
|
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
|
||||||
|
|
||||||
# Copy the NixOS configuration file and link it from the resulting system
|
# Copy the NixOS configuration file and link it from the resulting system
|
||||||
# (/run/current-system/configuration.nix). This is useful in case you
|
# (/run/current-system/configuration.nix). This is useful in case you
|
||||||
# accidentally delete configuration.nix.
|
# accidentally delete configuration.nix.
|
||||||
|
|
48
secrets/akkotest.yaml
Normal file
48
secrets/akkotest.yaml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
akkotest:
|
||||||
|
vapid-private: ENC[AES256_GCM,data:Of0qz0YsKY0Q/TwaNIKdyc8aLNFqxWkgFjFpn5sKScJ2hecyV5xfU5s/Ng==,iv:S0vJxcxMndplwDTid9oGyrPBermHcQmUbu+a5Q/CvMQ=,tag:vnagolGScz+fiq9+nPyEvQ==,type:str]
|
||||||
|
vapid-public: ENC[AES256_GCM,data:l5w8ojDzVVJVyUswtfBzyzXfRB1KgmWUl9tBioCI8aC6l0cNEzcHZXhmMXyLhz8BH27TDpoCb44a/v0toLNs/jSPzWmoFsaDYZQSUZrnVSAZeydE/OC+,iv:J6Qd31qCr6Oz4+kXRlawDcBrb8rQlJMs0JbehwtBi4E=,tag:7iLoLx1SY2hUQCOA2ed2Og==,type:str]
|
||||||
|
liveview-salt: ENC[AES256_GCM,data:BflmnDSJhOs=,iv:VFfe37XjZ2oWO0QEj15l30wPdyjy2xKC9tmNWEaP6lo=,tag:JkfDKToZ+vm4KcSj/kHM9g==,type:str]
|
||||||
|
signing-salt: ENC[AES256_GCM,data:qxjCrBTh7x4=,iv:e4eHvm5LJG/5S4Xr4Nulp6lAG/1rcIMddMg/TTe1Cyk=,tag:w1Ue/NSWVAr4jEkIMzY2Hg==,type:str]
|
||||||
|
jwt-signer: ENC[AES256_GCM,data:OzbstTTfsNKBWWd9vVXSw9zF2TDd009uDujKU22Am6gmbWbVzGZQM8/OtqBZWxxTwaETFPBSYoaYJJ0ApsJC3A==,iv:ZPCAHddIY8t1TCnsSkRirRJae/RPjEcsB0XsQeyC8As=,tag:K5MTMTix2akG47bgRhrmeA==,type:str]
|
||||||
|
key-base: ENC[AES256_GCM,data:zCCK4Q48giugC+elH8P8XSvZ8wpzzCF7UhB8mhOeC7xg2sgjPYEmU+l33fh9zh1H5/g3XP0pnbNGIS9iqiDeqA==,iv:oZsZwvxczuqL4Dy0Z8BPazdJTCQmcSu1vq2c/DxuoFs=,tag:6x5vWgH+iQi5GFSU+P3FRA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSY09sNEw3WS9WV1VEZkFt
|
||||||
|
bkRjZ1ZDdE9DNjVVa0QzM0s0OUdwRjB2NndRCkRZSXZtakRaZ2pnM0hOSFhhVXBM
|
||||||
|
eUZ4U01YSjF4cnZnVG8rUHY0Z0Vra1UKLS0tIDkybmxnN3VWNnZDb3ZwaUVGN3lK
|
||||||
|
alcyWWJ5U1RROGxPWGhqRE5rcEpiM3MK0YKdW3lVHlxZ58clXOsnnwhRVpUZlFt9
|
||||||
|
aXbiXfaytXSwYxC3802GxBQ9rzcPTXjKtVRsNuuN8Hjb1tBVF1AprA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1xrzl49tvnatuu55xu5av6xcxyhrakd7mkzl5kz30kqqaxvh2m3sqax8jeu
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWUNoRzd5TTFCejBjeG93
|
||||||
|
b3ZMajI1QTgwMmU1WkgyWVl5WExYbU9CNW1JCmtwbDFKYlozeHFmbmFVd09TQVky
|
||||||
|
emJiamhPRXNSMnpHY1oxeGVBZ2hTNFkKLS0tIFdtNlovR3NrdFcyWFBPbGJMVU9U
|
||||||
|
RmtjUzFoR29sWkxSa0ROajVlMnZuY28KMXXUC35xOmLOUq5ig6MKO/5ru59IG51m
|
||||||
|
oO0u0GZKTwUuDnZZAZOWRv0EtYJeINg9OiRx26MtzEF2EOiEmoCijw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-02-02T19:42:16Z"
|
||||||
|
mac: ENC[AES256_GCM,data:qVTXB7Kc1FkZ8ROEdZtTHTPptlCE2ks+2ASHpQo5snSjAB0jSIB6XGJyWO3L309yoNwOws/Gizo/xgd5KRb8E9YSCDCLZmpcqzRPFtEQLXtL6LHvT5j5VM2nrBomux/UMepF0Mx5jrOpx9t+OpijbLklKgHdLb+5fJCkBYPo8gk=,iv:IX/rQA1QBfLSzmYDNGf/QMycyjeLnFrUb6hZ2KrksAk=,tag:MIksNpq0Mo6V46/saoi8jg==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-02-02T19:39:09Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DrTkQq20WUVESAQdAaBk1uZPkNd6VhFh7iVJIuimqtN1lMSUyYCQVbnpV0Fsw
|
||||||
|
w/SuftIivVW/yx02QCWjHB+/inM2+Dak6dKoEsHvrI8BICwJ2uCW20GoWYe3yxyD
|
||||||
|
1GgBCQIQfVa86L/5k3CB7HijrMN7PQ13of3loSDy6C0cGSwJa8RzQ1+9peK5oJB7
|
||||||
|
xe5Q88HX14opZ4feWOPxMj4cnp5HlnjMveiWNivs+jquzFvwdYZskp6w8CgiUVxw
|
||||||
|
FpTSRCEuVKb2tQ==
|
||||||
|
=Nxri
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: D3067BE844D3FC49535A47B29396B8BA6FBB14DE
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -1,5 +1,7 @@
|
||||||
example_key: ENC[AES256_GCM,data:r6+IirxYwXxv1IaYgw==,iv:ngakIM2iaUMBgug9+QqQ2h6uPM9Xze/3PM2GRm79JV8=,tag:TwmNkg0WqSMqgh8VU238Xg==,type:str]
|
example_key: ENC[AES256_GCM,data:r6+IirxYwXxv1IaYgw==,iv:ngakIM2iaUMBgug9+QqQ2h6uPM9Xze/3PM2GRm79JV8=,tag:TwmNkg0WqSMqgh8VU238Xg==,type:str]
|
||||||
foo: ENC[AES256_GCM,data:IlVV,iv:uK2Zkxo39WYw5Q9xnmVV/JhSRejQA9sGnYasX3CtSog=,tag:e1tYkCVVmyTpiCPAnQp6ng==,type:str]
|
foo: ENC[AES256_GCM,data:IlVV,iv:uK2Zkxo39WYw5Q9xnmVV/JhSRejQA9sGnYasX3CtSog=,tag:e1tYkCVVmyTpiCPAnQp6ng==,type:str]
|
||||||
|
akkotest:
|
||||||
|
vapid-private: ENC[AES256_GCM,data:3YpD,iv:AlFxKiU6v+ixU9eYBXcucBTnbpqfRN9dGiyoG8LWBDQ=,tag:FpzjnqbEbCoe9e27+AzZYw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -9,25 +11,34 @@ sops:
|
||||||
- recipient: age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
- recipient: age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQL1YyalhGRXJnc1cxU0tx
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBna0xHODNSb0JDSDZ3WDhs
|
||||||
NHRnWlBYYmZwV29aWUk1K0hhS3VRKzhEMTE4Ck9rTUQvQ0UvbllBMDEzenJEQURq
|
VTZpYUhhcG1tYlNMcWdMcG1mRDVob2t4V1RnCnZYQk9MTWlsWUh3VXBhUVJnK0dU
|
||||||
Sk9Lc1c5NHhYTG1LRGpZWVN3Qk16RGMKLS0tIFBhdEJUOEY4VVQ5UllGUXZWYVhy
|
c3MwUzVSNE5tMUxyRzdoYzF3WFhXYmsKLS0tIHU3NjZ2YWUyZWRaYjhnSmQrMWpw
|
||||||
OGJjR3NkQk1Ucyt5K3YraEZXdVFKODAK057dWbQGPrASAUqhaKmbsyt4DfjelZcI
|
WjhrK0FXQitRL0xoMnhrcjV1S1JCTm8KQdLRej29Cz0+khG4BH19aSAroUHssoog
|
||||||
27Y9PpknTb+2W0DshjGzpcM6qZVlys98JRfM/0Hc5ZmYdj1rhfFR0Q==
|
io99sSfbp4CyQDuS74f9wY2Lw6IkxAED7WJ3wic9+AiGje4lkYMSGg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-01-21T18:39:47Z"
|
- recipient: age1xrzl49tvnatuu55xu5av6xcxyhrakd7mkzl5kz30kqqaxvh2m3sqax8jeu
|
||||||
mac: ENC[AES256_GCM,data:7J5iBhY7b8nNrM4tviSk8+ur2ldAa8NNFU2ai7kjuU0puqq3oYX2l/pkjY7/rIue92HoQ8PVaLUnm2j73gCrCiZSJ5Cp4Tbue1mPfG7V+RA6OCOIS5MUsY5dBNtUSaDAoUohuwMTPAXwf7oE+OYENqTJGgWdFFR/IUgHF4uIPKY=,iv:f2uq6sLx7kW/EN2zZzl6RYUg8lQ4JNuhfQXsjTzDeCc=,tag:T2dn3EUISNZFaYm+eX6wDA==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2V3Q1Sks0dkd5UjJSdkEy
|
||||||
|
RVZBVjdwK2I2RmJLV0N5VUYvbXBiNURoNHo4CjdPaUVZVGRna3lHckNaeW0reGhH
|
||||||
|
TWFKV05BZG1uY3pYK0FVdnVmSC9sYmMKLS0tIHp6VnI0dzNmZFA5Z2ZUcVpOS3JE
|
||||||
|
akR2TDhuMlZpME5CdEtXU3pnMko3OWsKKAPBenvI1PncIn4xKsTCfUZqMqJW9FMC
|
||||||
|
Vjal1esPEepo3pNuhe66ek4qKJgOJC8DYeR2WU1RpdPQtDCv97kdFg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-02-02T18:40:22Z"
|
||||||
|
mac: ENC[AES256_GCM,data:JzAG3PuD3yWrYZLBtXoYXy0fwr0hiUWtwBlu1gbQz5zKstNOjymL661St/Yo+pXGK7MlpSMg4E9tParQS28vVc4xRLSvzv1JHzwfC21jCGSWKFRjMbJl/XGp63S6n2aYOw+uPeVd5HGsWcNWutiABlAUwneF5VNBmal+c3KLuzs=,iv:9Xaq9CmpBXyYlrE5wKB0gBmzG9q4zwsAqLoBy/t+q0c=,tag:eZtfvMbUveaMYln1PDdMug==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-01-21T18:06:27Z"
|
- created_at: "2024-02-02T18:51:08Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hF4DrTkQq20WUVESAQdACf7D7i9i3JL3mhfBBYfj5+YgqsabixPitpX3vU1lsDQw
|
hF4DrTkQq20WUVESAQdA/Hd4Aw+qyPYFMaBU5galOCTT+U6SWhVo5uSQ7ICWkkMw
|
||||||
VHzfVAwc/dZZpbKQtOQq3qCV1Cq8UqbHJ/PDXiqgTMWUA6OAw+v82BxTsMR/c0r1
|
ptkDbATrDtYEPW57RDdLGMzq1uvX3lYi2G4q8NM0LgUhin4gXwe1x2mvFHmx5ZZA
|
||||||
1GgBCQIQ3qRPn6jKLT9cCPiyayxqyv+r1meT9A4t1j8e5ul2P6tqUJALSeyvydHA
|
1GgBCQIQ6nLOvPLFNb+EUaonzHxfi/KfW2Lq2k1snphyz4DOvY18A3KvHtZe1FFk
|
||||||
iPKyS7DlVQ7uI4HTO9pd7Kj+JhwckFaxgZNVMqWicsTf0tCMd6+iJ3366bmetNYv
|
HnrOGHcbLEJiKdZ8MgppZjSI4Z7MLgBpPlqBqZLbpEP9kS7Jf57XfLCMUyYqeCL0
|
||||||
osKqKz9/c4ZF/A==
|
uWljeHo6znN7xQ==
|
||||||
=Hv+Y
|
=ycR6
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: D3067BE844D3FC49535A47B29396B8BA6FBB14DE
|
fp: D3067BE844D3FC49535A47B29396B8BA6FBB14DE
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
|
|
Loading…
Reference in a new issue