diff --git a/flake.lock b/flake.lock index d218df5..325820d 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "nvfetcher": "nvfetcher" }, "locked": { - "lastModified": 1700669930, - "narHash": "sha256-2nERtfA6ZanlnhS68v+wxQovpfUR10F40bIq/qzcRMQ=", + "lastModified": 1705817649, + "narHash": "sha256-k3VTXoHtJ6HkznmcTd91db7GM1w4hGdsBHLPGl4MCSw=", "owner": "berberman", "repo": "flakes", - "rev": "769732590fe25bd5dccb2c619f8ac6bb77ae8f13", + "rev": "f10320b0dec6efb6965a0a89bca2aa317b607b77", "type": "github" }, "original": { @@ -61,11 +61,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -81,11 +81,11 @@ ] }, "locked": { - "lastModified": 1702203126, - "narHash": "sha256-4BhN2Vji19MzRC7SUfPZGmtZ2WZydQeUk/ogfRBIZMs=", + "lastModified": 1706001011, + "narHash": "sha256-J7Bs9LHdZubgNHZ6+eE/7C18lZ1P6S5/zdJSdXFItI4=", "owner": "nix-community", "repo": "home-manager", - "rev": "defbb9c5857e157703e8fc7cf3c2ceb01cb95883", + "rev": "3df2a80f3f85f91ea06e5e91071fa74ba92e5084", "type": "github" }, "original": { @@ -96,11 +96,11 @@ }, "jetbrains": { "locked": { - "lastModified": 1701268132, - "narHash": "sha256-7GtWwVrYZuYQGLrF3vudTtVF7LC6WIOc/+oLQUO0JA4=", + "lastModified": 1706000945, + "narHash": "sha256-hWS0bEdHURFgzSj50K75mdj5wQWIxHnvXUMvnI6RQS4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5b8406466337ba502dd255a502eb844303c57ae1", + "rev": "1f04b1ac8da085c6e81f42dcd245df8fdd2360fb", "type": "github" }, "original": { @@ -112,11 +112,11 @@ }, "master": { "locked": { - "lastModified": 1702402339, - "narHash": "sha256-zAQwhsF/TkblOHjTsYT7OeUjCLTQRrGzq2sf0Ax2Euo=", + "lastModified": 1706000945, + "narHash": "sha256-hWS0bEdHURFgzSj50K75mdj5wQWIxHnvXUMvnI6RQS4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "eab72db9b0cac0265d0dc4ac79f5511887ab1495", + "rev": "1f04b1ac8da085c6e81f42dcd245df8fdd2360fb", "type": "github" }, "original": { @@ -125,13 +125,33 @@ "type": "github" } }, + "nix-ld": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1701153607, + "narHash": "sha256-h+odOVyiGmEERMECoFOj5P7FPiMR8IPRzroFA4sKivg=", + "owner": "Mic92", + "repo": "nix-ld", + "rev": "bf5aa84a713c31d95b4307e442e966d6c7fd7ae7", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "nix-ld", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1702151865, - "narHash": "sha256-9VAt19t6yQa7pHZLDbil/QctAgVsA66DLnzdRGqDisg=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "666fc80e7b2afb570462423cb0e1cf1a3a34fedd", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -143,11 +163,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1702148972, - "narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=", + "lastModified": 1705033721, + "narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227", + "rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea", "type": "github" }, "original": { @@ -159,11 +179,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1702029940, - "narHash": "sha256-qM3Du0perpLesh5hr87mVPZ79McMUKIWUH7EQMh2kWo=", + "lastModified": 1705697961, + "narHash": "sha256-XepT3WS516evSFYkme3GrcI3+7uwXHqtHbip+t24J7E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e9ef8a102c555da4f8f417fe5cf5bd539d8a38b7", + "rev": "e5d1c87f5813afde2dda384ac807c57a105721cc", "type": "github" }, "original": { @@ -203,6 +223,7 @@ "home-manager": "home-manager", "jetbrains": "jetbrains", "master": "master", + "nix-ld": "nix-ld", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" } @@ -213,16 +234,15 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1702484480, - "narHash": "sha256-mUegjy5orwEimgAtZth27Y7K++umVCel0ASBxGayoQI=", - "owner": "iosmanthus", + "lastModified": 1705805983, + "narHash": "sha256-HluB9w7l75I4kK25uO4y6baY4fcDm2Rho0WI1DN2Hmc=", + "owner": "Mic92", "repo": "sops-nix", - "rev": "95f888cdc59ef11c89ec3b2f22e71a52765e5180", + "rev": "ae171b54e76ced88d506245249609f8c87305752", "type": "github" }, "original": { - "owner": "iosmanthus", - "ref": "nested-secrets", + "owner": "Mic92", "repo": "sops-nix", "type": "github" } diff --git a/flake.nix b/flake.nix index 5923eb7..f432eb4 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ master.url = "github:NixOS/nixpkgs"; - sops-nix.url = "github:iosmanthus/sops-nix/nested-secrets"; + sops-nix.url = "github:Mic92/sops-nix"; home-manager = { url = "github:nix-community/home-manager"; @@ -20,6 +20,11 @@ }; jetbrains.url = "github:NixOS/nixpkgs/master"; + + nix-ld = { + url = "github:Mic92/nix-ld"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self @@ -29,21 +34,23 @@ , home-manager , sops-nix , berberman + , nix-ld , ... - }: + }@inputs: let this = import ./packages; mkWorkstationModules = system: [ ./nixos/workstation - ./secrets/proxy + ./secrets/workstation self.nixosModules.system self.nixosModules.admin.iosmanthus sops-nix.nixosModules.sops home-manager.nixosModules.home-manager + nix-ld.nixosModules.nix-ld ({ config, ... }: { home-manager = { @@ -93,15 +100,14 @@ }; packages = [ "bat" + "brave" "discord" "docker" "eza" "fd" "feishu" - "firefox" "firmwareLinuxNonfree" "gh" - "google-chrome" "i3" "kitty" "lens" @@ -127,7 +133,7 @@ ]; }; jetbrains = this.branchOverlay { - branch = master; + branch = inputs.jetbrains; system = "x86_64-linux"; config = { allowUnfree = true; }; packages = [ "jetbrains" ]; @@ -203,6 +209,7 @@ yapf gotools go_1_20 + wgcf ]; }; }); diff --git a/modules/admin/default.nix b/modules/admin/default.nix index 5ca3358..0cbe525 100644 --- a/modules/admin/default.nix +++ b/modules/admin/default.nix @@ -1,18 +1,22 @@ { - iosmanthus = { pkgs, ... }: { - imports = [ - ./options.nix - ]; - admin = { - name = "iosmanthus"; - email = "myosmanthustree@gmail.com"; - shell = pkgs.zsh; - home = "/home/iosmanthus"; - hashedPassword = "$6$vKbKYA/EtYlE8cAB$hRfeaahQG8JOE8r4FPE.VDQp0/XCgb.VlX5oPAoQxwoanr2GspYU1yBNgjvWYaSv8OpGlVN9YWwuoiSypLZzI1"; - gpgPubKey = "0xDEE5BAABFE092169"; - sshPubKey = '' - ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAE0CpL+RLwnpBp1VzD3VUZpCEOIb1U+R6Jyu/SBq+Msg+CRlxfJThUJY4ZGwp6/d+VPWuQQHvvQ6OoLQdV5Pa9xZAFYOUEDWjAnD16gh29aoVDFzv+sDt2wyA4WZfqydrFSD9QhP88RpcGAcHZXCjzaGT1tEOw2wIOgGs6P53Mrti46Yw== - ''; + iosmanthus = + { pkgs + , config + , ... + }: { + imports = [ + ./options.nix + ]; + admin = rec { + name = "iosmanthus"; + email = "myosmanthustree@gmail.com"; + shell = pkgs.zsh; + home = "/home/iosmanthus"; + hashedPasswordFile = config.sops.secrets."${name}/hashed-password".path; + gpgPubKey = "0xDEE5BAABFE092169"; + sshPubKey = '' + ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAE0CpL+RLwnpBp1VzD3VUZpCEOIb1U+R6Jyu/SBq+Msg+CRlxfJThUJY4ZGwp6/d+VPWuQQHvvQ6OoLQdV5Pa9xZAFYOUEDWjAnD16gh29aoVDFzv+sDt2wyA4WZfqydrFSD9QhP88RpcGAcHZXCjzaGT1tEOw2wIOgGs6P53Mrti46Yw== + ''; + }; }; - }; } diff --git a/modules/admin/options.nix b/modules/admin/options.nix index 8a061d8..53f86e5 100644 --- a/modules/admin/options.nix +++ b/modules/admin/options.nix @@ -17,8 +17,8 @@ let shell = mkOption { type = types.package; }; - hashedPassword = mkOption { - type = types.str; + hashedPasswordFile = mkOption { + type = types.path; }; sshPubKey = mkOption { type = types.str; diff --git a/modules/default.nix b/modules/default.nix index b9aefd2..02dd100 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -26,7 +26,6 @@ ./sing-box ./caddy ./subgen - #./promtail ]; }; } diff --git a/nixos/aws-lightsail-0/caddy/default.nix b/nixos/aws-lightsail-0/caddy/default.nix index 3ab9705..2f65760 100644 --- a/nixos/aws-lightsail-0/caddy/default.nix +++ b/nixos/aws-lightsail-0/caddy/default.nix @@ -17,7 +17,7 @@ content = '' ${config.sops.placeholder."caddy/virtual-host-a"} { tls { - dns cloudflare ${config.sops.placeholder."cloudflare-api-token"} + dns cloudflare ${config.sops.placeholder."cloudflare/api-token"} } log { level INFO @@ -26,13 +26,44 @@ } ${config.sops.placeholder."caddy/virtual-host-b"} { tls { - dns cloudflare ${config.sops.placeholder."cloudflare-api-token"} + dns cloudflare ${config.sops.placeholder."cloudflare/api-token"} } log { level INFO } reverse_proxy 127.0.0.1:8080 } + ${config.sops.placeholder."caddy/virtual-host-c"} { + tls { + dns cloudflare ${config.sops.placeholder."cloudflare/api-token"} + } + log { + level INFO + } + # Uncomment to improve security (WARNING: only use if you understand the implications!) + # If you want to use FIDO2 WebAuthn, set X-Frame-Options to "SAMEORIGIN" or the Browser will block those requests + header / { + # Enable HTTP Strict Transport Security (HSTS) + Strict-Transport-Security "max-age=31536000;" + # Disable cross-site filter (XSS) + X-XSS-Protection "0" + # Disallow the site to be rendered within a frame (clickjacking protection) + X-Frame-Options "DENY" + # Prevent search engines from indexing (optional) + X-Robots-Tag "noindex, nofollow" + # Disallow sniffing of X-Content-Type-Options + X-Content-Type-Options "nosniff" + # Server name removing + -Server + # Remove X-Powered-By though this shouldn't be an issue, better opsec to remove + -X-Powered-By + # Remove Last-Modified because etag is the same and is as effective + -Last-Modified + } + reverse_proxy ${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT} { + header_up X-Real-IP {http.request.header.Cf-Connecting-Ip} + } + } :8080 { route /subgen/* { uri strip_prefix /subgen @@ -62,5 +93,4 @@ } ''; }; - } diff --git a/nixos/aws-lightsail-0/default.nix b/nixos/aws-lightsail-0/default.nix index fcc9668..65c7601 100644 --- a/nixos/aws-lightsail-0/default.nix +++ b/nixos/aws-lightsail-0/default.nix @@ -13,6 +13,7 @@ ./subgen ./promtail ./prometheus + ./vaultwarden ]; boot.loader.grub.device = lib.mkForce "/dev/nvme0n1"; @@ -71,13 +72,24 @@ services.openssh = { enable = true; + ports = [ + 6626 + ]; settings = { PermitRootLogin = "prohibit-password"; PasswordAuthentication = false; }; }; + services.journald = { + extraConfig = '' + SystemMaxUse=500M + MaxRetentionSec=7d + ''; + }; + networking.firewall = { enable = true; + checkReversePath = "loose"; }; } diff --git a/nixos/aws-lightsail-0/sing-box/default.nix b/nixos/aws-lightsail-0/sing-box/default.nix index eaef5d7..985fe2a 100644 --- a/nixos/aws-lightsail-0/sing-box/default.nix +++ b/nixos/aws-lightsail-0/sing-box/default.nix @@ -19,6 +19,33 @@ level = "debug"; timestamp = true; }; + dns = { + final = "cloudflare"; + servers = [ + { + tag = "cloudflare"; + address = "tls://1.1.1.1"; + detour = "direct"; + strategy = "prefer_ipv6"; + } + ]; + }; + route = { + final = "direct"; + rules = [ + { + inbound = [ + "shadowsocks-multi-user" + ]; + auth_user = [ + "iosmanthus" + "lego" + "lbwang" + ]; + outbound = "warp+"; + } + ]; + }; inbounds = [ { type = "shadowtls"; @@ -42,42 +69,44 @@ { type = "shadowsocks"; tag = "shadowsocks-multi-user"; - listen = "::"; + listen = "::1"; listen_port = 0; method = config.sops.placeholder."sing-box/shadowsocks/method"; password = config.sops.placeholder."sing-box/shadowsocks/password"; - users = [ - { - name = "iosmanthus"; - password = config.sops.placeholder."sing-box/shadowsocks/users/iosmanthus"; - } - { - name = "lego"; - password = config.sops.placeholder."sing-box/shadowsocks/users/lego"; - } - { - name = "lbwang"; - password = config.sops.placeholder."sing-box/shadowsocks/users/lbwang"; - } - { - name = "tover"; - password = config.sops.placeholder."sing-box/shadowsocks/users/tover"; - } - { - name = "alex"; - password = config.sops.placeholder."sing-box/shadowsocks/users/alex"; - } - { - name = "mgw"; - password = config.sops.placeholder."sing-box/shadowsocks/users/mgw"; - } + users = builtins.map + (user: { + name = user; + password = config.sops.placeholder."sing-box/shadowsocks/users/${user}"; + }) [ + "iosmanthus" + "lego" + "lbwang" + "tover" + "alex" + "mgw" ]; } ]; outbounds = [ { type = "direct"; - domain_strategy = "prefer_ipv6"; + tag = "direct"; + } + { + type = "wireguard"; + tag = "warp+"; + + server = "engage.cloudflareclient.com"; + mtu = 1280; + server_port = 2408; + system_interface = true; + interface_name = "wg0"; + peer_public_key = config.sops.placeholder."cloudflare/warp/peer_public_key"; + local_address = [ + config.sops.placeholder."cloudflare/warp/local_address_v4" + config.sops.placeholder."cloudflare/warp/local_address_v6" + ]; + private_key = config.sops.placeholder."cloudflare/warp/private_key"; } ]; }; diff --git a/nixos/aws-lightsail-0/subgen/default.jsonnet b/nixos/aws-lightsail-0/subgen/default.jsonnet index f38e617..7b13eb7 100644 --- a/nixos/aws-lightsail-0/subgen/default.jsonnet +++ b/nixos/aws-lightsail-0/subgen/default.jsonnet @@ -10,7 +10,7 @@ function( local shadowsocks = finalNode.shadowsocks; local template = import './template.jsonnet'; local relayNodes = std.filter( - function(out) std.get(out, 'server_port') == 8443, + function(out) std.get(out, 'server_port') == 158, subscription.outbounds ); local shadowtlsOutbounds = std.map( diff --git a/nixos/aws-lightsail-0/subgen/default.nix b/nixos/aws-lightsail-0/subgen/default.nix index 6b0d23e..21e2a6d 100644 --- a/nixos/aws-lightsail-0/subgen/default.nix +++ b/nixos/aws-lightsail-0/subgen/default.nix @@ -97,12 +97,12 @@ in }; { profiles: [ - mkProfile('iosmanthus', '$2y$10$W.rSv8wGsrNYMdHf5D41A.7LQQRLJeHWpHCZm8Pluqz8aZtd7bSi.'), - mkProfile('lego', '$2y$10$zWUDy54ZvvSv0HByXV3vsO.KsHDZ3zUXdd0k8Lxi3SqWKItLX7VBm'), - mkProfile('lbwang', '$2y$10$ApfNtxL44UZkeVLhCEKxfuzAYtEeO7naNHg9L/w4H3Ko.8aeAdUA.'), - mkProfile('tover', '$2y$10$ZN029oB16UgAk3maJE6Opeyb7L83Gw8VMP9TvEs0lSWOPBhKoW9Ay'), - mkProfile('alex', '$2y$10$j0tYQfI0KSvaMf7O.OW/DerDEeKyx3bRZgWyOSBISvV5HP3L/mZa.'), - mkProfile('mgw', '$2y$10$uqmtmsaBwAHmKwpHEpvCgekZ.iSVTJkA9CkyjdKDZA3RfqGxs0Wqy'), + mkProfile('iosmanthus', '$2y$12$I7BENGQd5h2UdSZ.2dI5tusnrz6pk2hmfsEPQOet9CVnUDeCPZReO'), + mkProfile('lego', '$2y$12$g7xzL7VwtSGSKxKXlIBcReXRj2Y4kW4h.ui.Z5Hh6E9efzGsB/bZi'), + mkProfile('lbwang', '$2y$12$ChjDDIC7qqyAwIOSa/mDBuGOjEfU3/COhUPbHgx/cv.76QEKjShEG'), + mkProfile('tover', '$2y$12$d23vJw8MI17H/jQIoqrSfu8YXQvKWMhp3SAub1cOBy.zpc5nP.K0W'), + mkProfile('alex', '$2y$12$qFMBz7CphHf4wQumwChBieQUYYkOHehgNbgWRJe8pMkjpvj2B/0TG'), + mkProfile('mgw', '$2y$12$GyJGCjJd/ugnml9UzsVcc.DjItPfmK.37xG3ivZkERk1hGOT9JNua'), ], } ''; diff --git a/nixos/aws-lightsail-0/subgen/template.jsonnet b/nixos/aws-lightsail-0/subgen/template.jsonnet index 0740fdb..1fccb37 100644 --- a/nixos/aws-lightsail-0/subgen/template.jsonnet +++ b/nixos/aws-lightsail-0/subgen/template.jsonnet @@ -1,16 +1,31 @@ { + log: { + level: 'debug', + timestamp: true, + }, dns: { + fakeip: { + enabled: true, + inet4_range: '198.18.0.0/15', + inet6_range: 'fc00::/18', + }, independent_cache: true, rules: [ { - geosite: [ - 'cn', - ], - server: 'dnspod', + clash_mode: 'Direct', + server: 'local', + }, + { + clash_mode: 'Global', + server: 'secure', + }, + { + rule_set: 'cn-site', + server: 'local', }, { outbound: 'any', - server: 'dnspod', + server: 'local', }, { domain_keyword: [ @@ -37,27 +52,75 @@ { address: '119.29.29.29', detour: 'direct', - tag: 'dnspod', + tag: 'local', }, { - tag: 'remote', address: 'fakeip', + tag: 'remote', + }, + ], + }, + route: { + auto_detect_interface: true, + final: 'final', + rule_set: [ + { + type: 'remote', + tag: 'cn-site', + format: 'binary', + url: 'https://raw.githubusercontent.com/lyc8503/sing-box-rules/rule-set-geosite/geosite-cn.srs', + download_detour: 'final', + }, + { + type: 'remote', + tag: 'cn-ip', + format: 'binary', + url: 'https://raw.githubusercontent.com/lyc8503/sing-box-rules/rule-set-geoip/geoip-cn.srs', + download_detour: 'final', + }, + ], + rules: [ + { + outbound: 'dns-out', + protocol: 'dns', + }, + { + clash_mode: 'Direct', + outbound: 'direct', + }, + { + clash_mode: 'Global', + outbound: 'final', + }, + { + rule_set: 'cn-site', + outbound: 'direct', + }, + { + domain_suffix: [ + 'pingcap.net', + ], + outbound: 'direct', + }, + { + ip_is_private: true, + outbound: 'direct', + }, + { + rule_set: 'cn-ip', + outbound: 'direct', }, ], - fakeip: { - enabled: true, - inet4_range: '198.18.0.0/15', - inet6_range: 'fc00::/18', - }, - strategy: 'prefer_ipv6', }, experimental: { + cache_file: { + enabled: true, + cache_id: '3109dc66-e71d-40d0-9e55-1b60244d0a90', + }, clash_api: { - cache_file: 'cache.db', external_controller: '127.0.0.1:7990', external_ui: './ui', external_ui_download_detour: 'final', - store_selected: true, }, }, inbounds: [ @@ -67,6 +130,7 @@ inet6_address: 'fdfe:dcba:9876::1/126', interface_name: 'utun3', sniff: true, + sniff_override_destination: true, stack: 'mixed', strict_route: true, tag: 'tun-in', @@ -83,46 +147,4 @@ type: 'direct', }, ], - log: { - level: 'debug', - timestamp: true, - }, - route: { - auto_detect_interface: true, - final: 'final', - geoip: { - download_detour: 'final', - download_url: 'https://github.com/iosmanthus/sing-box-geo/releases/latest/download/geoip.db', - }, - geosite: { - download_detour: 'final', - download_url: 'https://github.com/iosmanthus/sing-box-geo/releases/latest/download/geosite.db', - }, - rules: [ - { - outbound: 'dns-out', - protocol: 'dns', - }, - { - geosite: [ - 'cn', - ], - outbound: 'direct', - }, - { - geoip: [ - 'cn', - 'private', - ], - outbound: 'direct', - }, - { - domain_keyword: [ - 'ddrk', - 'ddys', - ], - outbound: 'final', - }, - ], - }, } diff --git a/nixos/aws-lightsail-0/users.nix b/nixos/aws-lightsail-0/users.nix index e2a0507..fecc9ed 100644 --- a/nixos/aws-lightsail-0/users.nix +++ b/nixos/aws-lightsail-0/users.nix @@ -4,7 +4,7 @@ users = { mutableUsers = false; users.${config.admin.name} = { - inherit (config.admin) hashedPassword shell; + inherit (config.admin) hashedPasswordFile shell; group = "users"; isNormalUser = true; inherit (config.admin) home; @@ -19,14 +19,4 @@ ]; }; }; - - security = { - sudo.extraRules = [{ - users = [ "${config.admin.name}" ]; - commands = [{ - command = "ALL"; - options = [ "NOPASSWD" ]; - }]; - }]; - }; } diff --git a/nixos/aws-lightsail-0/vaultwarden/default.nix b/nixos/aws-lightsail-0/vaultwarden/default.nix new file mode 100644 index 0000000..4f2a084 --- /dev/null +++ b/nixos/aws-lightsail-0/vaultwarden/default.nix @@ -0,0 +1,18 @@ +{ config +, ... +}: { + services.vaultwarden = { + enable = true; + dbBackend = "postgresql"; + config = { + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + SIGNUPS_ALLOWED = false; + INVITATIONS_ALLOWED = false; + WEB_VAULT_ENABLED = true; + WEBSOCKET_ENABLED = true; + PUSH_ENABLED = true; + }; + environmentFile = config.sops.secrets."vaultwarden/env".path; + }; +} diff --git a/nixos/workstation/default.nix b/nixos/workstation/default.nix index 0d24caf..1c7a031 100644 --- a/nixos/workstation/default.nix +++ b/nixos/workstation/default.nix @@ -21,11 +21,11 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). stateVersion = "20.09"; - activationScripts.ldso = lib.stringAfter [ "usrbinenv" ] '' - mkdir -m 0755 -p /lib64 - ln -sfn ${pkgs.glibc.out}/lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2.tmp - mv -f /lib64/ld-linux-x86-64.so.2.tmp /lib64/ld-linux-x86-64.so.2 # atomically replace - ''; + # activationScripts.ldso = lib.stringAfter [ "usrbinenv" ] '' + # mkdir -m 0755 -p /lib64 + # ln -sfn ${pkgs.glibc.out}/lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2.tmp + # mv -f /lib64/ld-linux-x86-64.so.2.tmp /lib64/ld-linux-x86-64.so.2 # atomically replace + # ''; }; nix = { @@ -67,12 +67,14 @@ environment.systemPackages = with pkgs; [ alsa-utils bind + fd file git killall lm_sensors lsof neovim + ripgrep wget docker-compose @@ -92,7 +94,7 @@ }; boot = { - kernelPackages = pkgs.linuxPackages_latest; + kernelPackages = pkgs.linuxKernel.packages.linux_zen; loader = { systemd-boot = { consoleMode = "max"; @@ -173,4 +175,18 @@ libvirtd = { enable = true; }; spiceUSBRedirection.enable = true; }; + + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ + curl + expat + fuse3 + icu + nss + openssl + stdenv.cc.cc + zlib + ]; + }; } diff --git a/nixos/workstation/desktop/fonts.nix b/nixos/workstation/desktop/fonts.nix index 117d56d..2629710 100644 --- a/nixos/workstation/desktop/fonts.nix +++ b/nixos/workstation/desktop/fonts.nix @@ -12,6 +12,7 @@ font-awesome hack-font hasklig + ibm-plex inconsolata inter iosevka diff --git a/nixos/workstation/home/default.nix b/nixos/workstation/home/default.nix index e53f23f..05b788a 100644 --- a/nixos/workstation/home/default.nix +++ b/nixos/workstation/home/default.nix @@ -4,10 +4,10 @@ , ... }: { imports = [ - ./firefox.nix ./gpg.nix ./media.nix ./tmux.nix + ./firefox.nix ./desktop ./fcitx5 @@ -26,10 +26,10 @@ apx ascii awscli2 + brave btop cloc delta - tor delve discord fast-cli @@ -40,18 +40,19 @@ fzf geoipWithDatabase gh - gnome.gedit + gedit gnome.gnome-clocks gnome.gnome-font-viewer gnome.seahorse + go-musicfox go-tools - google-chrome graphviz htop httpie imagemagick iperf3 jq + k9s kubectl kubectx kubernetes-helm @@ -76,6 +77,7 @@ tdesktop thunderbird tldr + tor tree unzip via @@ -108,7 +110,6 @@ home.sessionVariables = { "TERMINAL" = "${pkgs.kitty}/bin/kitty"; - "LD_LIBRARY_PATH" = "${pkgs.xorg.libXcursor}/lib"; }; home.activation = { @@ -215,4 +216,24 @@ enable = true; indicator = true; }; + + programs.neovim = { + enable = true; + coc = { + enable = true; + }; + plugins = [ + { + plugin = pkgs.fetchFromGitHub { + owner = "RRethy"; + repo = "nvim-base16"; + rev = "010bedf0b7c01ab4d4e4e896a8527d97c222351d"; + hash = "sha256-e1jf7HyP9nu/HQHZ0QK+o7Aljk7Hu2iK+LNw3166wn8="; + }; + config = '' + colorscheme base16-material-darker + ''; + } + ]; + }; } diff --git a/nixos/workstation/home/desktop/i3.nix b/nixos/workstation/home/desktop/i3.nix index 65b9205..c9ff794 100644 --- a/nixos/workstation/home/desktop/i3.nix +++ b/nixos/workstation/home/desktop/i3.nix @@ -100,7 +100,7 @@ let ''; "${modifier0}+c" = "exec env CM_LAUNCHER=rofi clipmenu"; "${modifier0}+m" = "exec autorandr --change"; - "${modifier0}+w" = "exec firefox"; + "${modifier0}+w" = "exec brave"; "${modifier0}+p" = "exec rofi -show combi"; "${modifier0}+d" = "exec Discord"; "${modifier0}+t" = "exec telegram-desktop"; @@ -153,9 +153,9 @@ let ]; assigns = { "1: main" = [ - { class = "^firefox$"; } - { class = "^google-chrome$"; } + { class = "^Brave-browser$"; } { class = "^logseq$"; } + { class = "^kitty$"; } ]; "2: chat" = [ { class = "^Discord$"; } @@ -190,16 +190,16 @@ let command = "i3-msg workspace 1: main"; } { - command = "firefox"; + command = "brave"; } { - command = "google-chrome-stable"; + command = "logseq"; } { - command = "thunderbird"; + command = "kitty tmux"; } { - command = "logseq"; + command = "thunderbird"; } ]; bars = lib.mkForce [ ]; diff --git a/nixos/workstation/home/fcitx5/cloudpinyin.conf b/nixos/workstation/home/fcitx5/cloudpinyin.conf index d518c10..98b266e 100644 --- a/nixos/workstation/home/fcitx5/cloudpinyin.conf +++ b/nixos/workstation/home/fcitx5/cloudpinyin.conf @@ -7,4 +7,3 @@ Proxy= [Toggle Key] 0=Control+Alt+Shift+C - diff --git a/nixos/workstation/home/polybar/default.nix b/nixos/workstation/home/polybar/default.nix index bf85aac..d609992 100644 --- a/nixos/workstation/home/polybar/default.nix +++ b/nixos/workstation/home/polybar/default.nix @@ -9,6 +9,7 @@ let in { services.polybar = { + enable = true; package = pkgs.polybar.override { mpdSupport = true; iwSupport = true; @@ -17,7 +18,6 @@ in pulseSupport = true; githubSupport = true; }; - enable = true; script = '' export COLOR_BASE00=#212121 export COLOR_BASE01=#303030 diff --git a/nixos/workstation/home/shell/alias.nix b/nixos/workstation/home/shell/alias.nix index 6e4a3cb..5898019 100644 --- a/nixos/workstation/home/shell/alias.nix +++ b/nixos/workstation/home/shell/alias.nix @@ -33,7 +33,7 @@ in ll = "ls -l"; l = "ls -F"; - cat = "bat"; + cat = "bat --theme base16"; vim = "nvim"; vi = "vim"; diff --git a/nixos/workstation/home/vscode/default.nix b/nixos/workstation/home/vscode/default.nix index 7cb4d49..aa92c51 100644 --- a/nixos/workstation/home/vscode/default.nix +++ b/nixos/workstation/home/vscode/default.nix @@ -179,6 +179,7 @@ in "workbench.colorTheme" = "Community Material Theme Darker High Contrast"; "workbench.iconTheme" = "eq-material-theme-icons-light"; + "remote.autoForwardPortsSource" = "hybrid"; "nix.enableLanguageServer" = true; "nix.serverSettings.nil.formatting.command" = [ "nixpkgs-fmt" ]; diff --git a/nixos/workstation/home/vscode/extensions.json b/nixos/workstation/home/vscode/extensions.json index e01269f..9b96c7d 100644 --- a/nixos/workstation/home/vscode/extensions.json +++ b/nixos/workstation/home/vscode/extensions.json @@ -33,8 +33,8 @@ { "publisher": "equinusocio", "name": "vsc-material-theme-icons", - "version": "3.1.4", - "sha256": "1qnjw5hr68kidqj50p2spmbpgz4hqb5v99cra1h18lav4mfjpr7p" + "version": "3.3.1", + "sha256": "1irnc0gvjlpigjzxci53af6n9b36dwq466h18cpv54ziw0gnn98j" }, { "publisher": "foxundermoon", @@ -45,20 +45,20 @@ { "publisher": "GitHub", "name": "copilot", - "version": "1.138.570", - "sha256": "1y0yz58mrnqcfl8jyrg3ccw1777k9k4v6bsx0lxyx5ld4lz99lpw" + "version": "1.143.601", + "sha256": "0c5zpns1agbvsb32w4d0fj2dmqyak6d1sjwip128x10zy3aymvqr" }, { "publisher": "golang", "name": "go", - "version": "0.40.0", - "sha256": "1k2zv49pam436cgvb970dc9n4xpdkd07lp8jllrsx5vnx7m2ml52" + "version": "0.40.1", + "sha256": "0844kxbi7qi79wal0cqcd4wiygc42fyhamn33lsx2ms4yj5jxri9" }, { "publisher": "haskell", "name": "haskell", - "version": "2.5.0", - "sha256": "1dnqw3mkzdfqaqy11ygl3cwnfjm30k5dazldl4pqgb7mw11n32as" + "version": "2.5.1", + "sha256": "1gy2s9pzwsiwjk2b3sqn9hp3zbcg1jxbf4zl9hcqan3q6v96m7dz" }, { "publisher": "jeff-hykin", @@ -93,8 +93,8 @@ { "publisher": "ms-vscode-remote", "name": "remote-containers", - "version": "0.325.0", - "sha256": "0dn8wxx9h48r71iy4ladhv26l52l6w9jm3ihc2hrcl6287hy8789" + "version": "0.329.0", + "sha256": "1y2r34dc48aj55b5nhdj58qkbvgipcdaiv00vp2q154rmlwx7lz9" }, { "publisher": "ms-vscode", @@ -111,8 +111,8 @@ { "publisher": "ms-vscode", "name": "makefile-tools", - "version": "0.8.16", - "sha256": "0skxki0cfqx31cdd0a9fbxx05zxzsdipylzygihnmkdlk047qkmf" + "version": "0.9.0", + "sha256": "1rp27pvgjcxm9fp9plssqflq5gw3v18rklzcgr4zyk493rkhmyj1" }, { "publisher": "naumovs", @@ -162,12 +162,6 @@ "version": "0.26.2", "sha256": "16kp1yxs798jp8ffqq3ixm3pyz4f3wgdkdyjpjy94ppqp4aklixh" }, - { - "publisher": "github", - "name": "copilot-labs", - "version": "0.17.1121", - "sha256": "00bvkgz4h6gkix7r7h0ikl8hc9bc2n7nrdqkl48sxnif1annv7d0" - }, { "publisher": "ms-kubernetes-tools", "name": "vscode-kubernetes-tools", diff --git a/nixos/workstation/users.nix b/nixos/workstation/users.nix index 346a78c..0ba9771 100644 --- a/nixos/workstation/users.nix +++ b/nixos/workstation/users.nix @@ -4,7 +4,7 @@ users = { mutableUsers = false; users.${config.admin.name} = { - inherit (config.admin) hashedPassword shell; + inherit (config.admin) hashedPasswordFile shell; group = "users"; isNormalUser = true; inherit (config.admin) home; diff --git a/packages/sing-box/default.nix b/packages/sing-box/default.nix index 06578f2..86090b0 100644 --- a/packages/sing-box/default.nix +++ b/packages/sing-box/default.nix @@ -9,18 +9,18 @@ buildGoModule rec { pname = "sing-box"; - version = "unstable-2023-12-15"; + version = "1.8.2"; src = fetchFromGitHub { owner = "SagerNet"; repo = pname; - rev = "v1.7.5"; - hash = "sha256-6SWcepENdbkwv4qq4nuxSINAxXWZmLcj5NwJ3nBnKu8="; + rev = "v${version}"; + hash = "sha256-+N+3RfWOIM6bZAxmmfG3jMWICWKvOC1CV4hBv8oZjIM="; }; proxyVendor = true; - vendorHash = "sha256-x2grJ45Wl3awvQAvo88TstDwNN/KpdvUT+wdyvB9sN8="; + vendorHash = "sha256-vzCXdiQHWwPRvX4Z4etUlBbsQmB1UuGw3ejf6PL66tY="; tags = [ "with_quic" diff --git a/secrets/aws-lightsail-0/default.nix b/secrets/aws-lightsail-0/default.nix index f16457c..00cadb5 100644 --- a/secrets/aws-lightsail-0/default.nix +++ b/secrets/aws-lightsail-0/default.nix @@ -1,12 +1,24 @@ -{ ... }: { +{ config +, ... +}: { sops = { defaultSopsFile = ./secrets.yaml; secrets = { - "cloudflare-api-token" = { }; + "${config.admin.name}/hashed-password" = { + neededForUsers = true; + }; + + "cloudflare/api-token" = { }; + "cloudflare/warp/private_key" = { }; + "cloudflare/warp/peer_public_key" = { }; + "cloudflare/warp/local_address_v4" = { }; + "cloudflare/warp/local_address_v6" = { }; + "aws-lightsail-0-ip" = { }; "caddy/virtual-host-a" = { }; "caddy/virtual-host-b" = { }; + "caddy/virtual-host-c" = { }; "grafana/promtail-basic-auth" = { }; "grafana/prometheus-basic-auth" = { }; @@ -25,6 +37,8 @@ "subgen/subscription-url" = { }; "subgen/personal-port" = { }; + + "vaultwarden/env" = { }; }; }; } diff --git a/secrets/aws-lightsail-0/secrets.yaml b/secrets/aws-lightsail-0/secrets.yaml index 37c74f0..3d2e17d 100644 --- a/secrets/aws-lightsail-0/secrets.yaml +++ b/secrets/aws-lightsail-0/secrets.yaml @@ -1,30 +1,44 @@ -aws-lightsail-0-ip: ENC[AES256_GCM,data:kCp7aC63RGDpMxMEo8I=,iv:4HSg0f7Qpnj/X9Kpi+Lwj8utR8S0ixMxM7ZOkhXREpI=,tag:qGINdFH19qNX6wZ2DVm6yw==,type:str] -cloudflare-api-token: ENC[AES256_GCM,data:bdnsZZv6RqUwqZhSjo2ArQ5ZEgwsXRwOzwIT0TUBJz6+8PQ5xkYmUQ==,iv:MkZt/qT2CD3aiptaYr/4Klov4i1RSzpeMU4mYcipV40=,tag:ROczVS9ddNsvmkvVsPNYfg==,type:str] -grafana: - promtail-basic-auth: ENC[AES256_GCM,data:8YQuavNLUWlhSyLgOpn/guyM995OCLkqZgLYaJlFavAXIYdEYOA41LI2r4j1MiDioCKy9azKX30vKhkxxzqo0ksRS5GyfQKPAg4gmU+QjwEU7t+icm+NxtW8X7ZibHgtztRZFlWeoq74GB7t1nAS3LG2+0xCX3hLhZJjJ6MRBRMFog7qtTaTMTreh2iCwFw7aCUCWwZ74cu9O0ZhwYqDFw9ir3DZlVK3y5uzqms3aeaAyGpx+1ln6cBDpUszG/1bRW20jMAYjM5xFM9SgrkVMV9RwptD0al9LFTWQZRaqPLXoW9xNB62xTdISLI=,iv:v6ny0nBEQqTUp869GKEuGIiSfoFmpkVAufr71sLPT20=,tag:0rX59qkyswBmgptAhgmfYQ==,type:str] - prometheus-basic-auth: ENC[AES256_GCM,data:DS4XYuFC0lrH5oSF72nrY3Qw7M7CgvGl9Q70LzgrKdBzMOR5O4FhBSY+dEcOaWZs0CcbCpgU3Br39X65TzG9eKUqqzUllHaRik1CYnezzl086hF16IbwvEOP+F2bfnX8Ae+HG03f4wfHjlrJkHnzc/VtG5r7kG7flHDE+wacqnLzJUzySOcF9kqqZEas4o4DNvXczkL+E4nTvYn5dthVl4WugZPeGgyUrlKQZiNf9fFHC+pvcOVzpTjfueRiujhaTw3K2DSbZcF9rF86xBntaO1DvR9i3bVOtmp7waPLKQSaNWKlQaeOgyf+Lkc=,iv:9PPUAd6jTb5aXbbxLVeqAxSVI64JYEyN5pw4Ed+Ctwk=,tag:LqYm0xACqgCQWzZ3hmjCpA==,type:str] +aws-lightsail-0-ip: ENC[AES256_GCM,data:lZAP0frgJVBUIupYfpU=,iv:m8dNYK+J9OETEHSRioFiWXV2vqQgvOoorTcRn1V3adk=,tag:GrZw462b7o8X4jaZ974WTA==,type:str] caddy: - virtual-host-a: ENC[AES256_GCM,data:cipdlwfrnu8EY/zLMPmX5/U2,iv:ucRRxxYUxBHbnE8hXCjAYszHMrwEqkJ2S5eCEJff42k=,tag:ispWPoclOhv/aNZ2qJpjgg==,type:str] - virtual-host-b: ENC[AES256_GCM,data:CKMzxOXNP0uxZlJqkI2R0g==,iv:wWaP7eE8dgCZzFb7lVWfgRmFrCsyw9cqLXoHP3qP3Ng=,tag:Cg+nBv+42eTYwNBS7tYyCQ==,type:str] + virtual-host-a: ENC[AES256_GCM,data:1tNJXUL7do1XgjrUifZnHetN,iv:GEBvBOOvyv0mwk0b247BgSmk3PcLcGMIJBS1Q25AZpQ=,tag:5u/jH5nb/J88HhWjJ5EyPA==,type:str] + virtual-host-b: ENC[AES256_GCM,data:EDUbiYqAOZw8MGGg6gnpag==,iv:l59X92AtYHCz5plRdO4uiOakfucwJvCnEhcI9QM3Cz0=,tag:Vm3dsjtl1/FAywG3kFB1yg==,type:str] + virtual-host-c: ENC[AES256_GCM,data:Fs1Xumg7dGk5ouECqGL7xFcakig=,iv:rYPNdHDbx3g6OdRIS0XOu5KTBRPK8d4aGNFJnpcBJO8=,tag:3qqASYwTc4J+Hat1yZuoHA==,type:str] +cloudflare: + api-token: ENC[AES256_GCM,data:E64/FiVpl4hAE2UGxEjY0/7Y5uNOtKIqZpUzBWaJL9iF0cyaO75YmQ==,iv:R73H2DseK6uJjrYs2Eb+ZGR9bNxiEQQ4tNDJVY8wmlI=,tag:hXD1JRGatZSgiooME+4p/g==,type:str] + warp: + access_token: ENC[AES256_GCM,data:zOSVQuSuN4TZR46AD9Fd2Xa+zUwN2ivU1TVxBLsiZO6scNJ3,iv:Fk6AqUxZ9hzpP5T4lB6Zah4f4dQiD1P07K4tusRFRaw=,tag:xhHaPe5IpeErWEYMFjRh3w==,type:str] + device_id: ENC[AES256_GCM,data:mIeyrAt/D3DZNR2yWkPEf+hH5EsmlCchgvHS8IFgHTc/fHOt,iv:kA2N96fRLvHz7dU7rGeTYMYf7bFgjQI+LM07sfF0lmg=,tag:fMII4rA2K7BzfsHzbj8ISw==,type:str] + license_key: ENC[AES256_GCM,data:UUdL8X/7+9IvONgbYPEeH39BeenstfHzoGk=,iv:/UIH/vdSma1d7sZ7Mp7f17qijtDpGxOPeqG05qZxjvc=,tag:47BJOLLh1NiQm8ymTf77QQ==,type:str] + private_key: ENC[AES256_GCM,data:I043PQ2dq52NhSl7AXZb5JdIIx3DBqEDEFrSl1vxR38pz+HznRY1gsHpSto=,iv:/Ag3VeiwSPAoz5/DqNp7bs4Ft+4vc8S0R8yIjnVLh+M=,tag:as0IBQeTt5seJShIYsa1+Q==,type:str] + peer_public_key: ENC[AES256_GCM,data:XYtJchudkMFLZ/wTaE1Pj66woFeBiFQQn+OcBlUZJq3O3PmfyjxKEYp37GI=,iv:MH/CijVEGwu1dss7P6pyATm5PwEIjrvTKPW8GmEfXs0=,tag:Klhcawop/79GPH3gXfsPRQ==,type:str] + local_address_v4: ENC[AES256_GCM,data:PrSyTteU7wkVWHIYBA==,iv:ek505/WVirIZgx8G+TdD0tcNFTwMvLI1I/svrxkIn8w=,tag:eCs7U8CN+KFm6roemwZYEQ==,type:str] + local_address_v6: ENC[AES256_GCM,data:GgrAhgPt4VR+UnM/qOirVaiXuaUUhGJ1XdmDoDBU+uLxaPPN3gplfB5R,iv:kseQ9NO7V8mwtMCvJIUNTiuQ1hfC3lFtwoVbl5a/n0Y=,tag:gUR/Go2CJ7M/oH6AUwptPg==,type:str] +grafana: + prometheus-basic-auth: ENC[AES256_GCM,data:39GRYun2EYfGuE9iccZxtgQ8bx0OYfIZID3NIl/KQkCnwxo28hfxUkKNUxjq93C6r36RJLB9avD/wCc9GbVBlBiIMVYJSM8K/zAJvmMZUKZh2G/F9z6HnGv2lHV8DbvJ0I4CJ5z+GETpbiSx1Sew8KVwd66bgOzLNZ2NoM/D74oQPbMGOCnl4EYEYHEnLfDf9IETxDth3uPXlZblKgAiNpw2gxAdruBJjD0nhAAb3xnyGZgAyJj10MNEUvdShs4Xp82ov5R35f3BKM8NEB/Bistr0X5RWeyGKSHDl+RT3zpH7PrnYaloy+13nQ8=,iv:rjeovRHU354hhTQhCFQ+Wzxiw/gBbJIx3RnAhZ8P0vY=,tag:YnLKKl6iWBGOoj0sPumSkw==,type:str] + promtail-basic-auth: ENC[AES256_GCM,data:ToZKtq6c6rfQZD1SKwMiQfVc6joBgI2+xYGQqRyD0tjo1FOr0bK1pydF7V04iHkDab9rP0dZLZJHN5G/3PHKpNF2+TpRI5CclsLfWnZUOZFRoSFo7xA6OUN3OWxQni6sj7WKwBVTdb+cJ8XE2Jo1ocKvsK4mokI4Bxb0NcFAIwr40izKS2Xxan7vWRYudi9fp6l6wFMZnEdh9HuSSbGebvHFRNqqxm5kPtH6A85m0PPzqmmqcgMOeyoE9bEpzjTKF/Z6IQTYqwKWpdNhBAZiGlljoheQ/hStMiy1xLtr43bGlEQOP8NdMtWC3JE=,iv:coKr5b+Go5hHn/oEOwFmb50UKjcXe7vua9Z5Q+IYAyg=,tag:ceNypMpLBYUtS//sdS6onA==,type:str] +iosmanthus: + hashed-password: ENC[AES256_GCM,data:9SSi1DFdndyuHBFYe0qx5BdJO+oMVARb41N+uCTdjBwwb9aFWxVs1kUYUxay+BbhPoRsyn3bOSwjam86wdbcuLX0hfmFpvMd/K2T4QvmGSolhtl9CPcM5X3OQlUyR1mtD0/5ZB6NPNJdl+wl4M+CqCnWw866Ag==,iv:DermstHyKkemjKf+C7mAEMJtwNg5BpY2q2wntPA6UqE=,tag:uIFZ35fpOgv9HFUvtBQHUA==,type:str] sing-box: shadowsocks: - method: ENC[AES256_GCM,data:HRYt8yusZLC7Z9xJ0MQrMO71QUIuKr0=,iv:rlnwZgJdvt6jHBhX+xY3UuqSjwy0vfyd/wG6+nmS9fM=,tag:fHbHrUpa+9ZGUNR88REHXw==,type:str] - password: ENC[AES256_GCM,data:aCdvXupehMbHtLO1ewOPpD/SMFKAyXTZ,iv:Ukq6S+N+9D37nEcIYL1yKIxkEugucMQExl0joAVDZR8=,tag:NvkU4cgJdNSJHyRNSKu78g==,type:str] + method: ENC[AES256_GCM,data:YWTAwXCcqdbPUHclBZAXQoeUzWuuS/c=,iv:tIpwatOFQZM051RqfCH5n4qBoJnC/2c7V/DGj2W6kHY=,tag:yErd6aYVHQ/4ffONRLCxGQ==,type:str] + password: ENC[AES256_GCM,data:WfcsQNs2d+S9jOjTZ41LHfB7EA1l/zHp,iv:HFw/9vD+LIGRQFyNg7jJSQmkxh3fgf/nsuWh7JU65eI=,tag:z9/IJ7/mEzXCohwa0fljvA==,type:str] users: - alex: ENC[AES256_GCM,data:FLoZvy7KPpzh4uFraSItwQXS/c0JsFmQ,iv:vII+bVK24ytcWWTPpo1r1ZVSwb8NIWieBHWCGTP54IM=,tag:FUjhC2BiS9uMShOpjW10Hw==,type:str] - iosmanthus: ENC[AES256_GCM,data:nAah84sF9vknG/KOSp+D3R/2fVhS2iyb,iv:3Zf3juYls7GzkOAQurTZ9Vxe6axltG6g2H+xHQs2IVo=,tag:nMPqI9jeQe4oQ2pbMsgRCw==,type:str] - lbwang: ENC[AES256_GCM,data:6Knpj6RC6FZ2CaMa6jtVcf1s6n+e41ah,iv:CKVoygFjLzPJp7uL56oMOptTBenltrR6BvTiOr1mzU8=,tag:FeA0i9mxJVKUJL03axoiIQ==,type:str] - lego: ENC[AES256_GCM,data:eI9sCXHuvbizTgmCHiU1Yv7SxUibs4yl,iv:jjUSNbLJhB7OJr/FrUqIikABQY+1+6+jVOHXIANd11s=,tag:Gt4pvlFVfOEqprc2Tt81IQ==,type:str] - mgw: ENC[AES256_GCM,data:2xofJ5735uSrhM0XoY+11CBgW2BE2HrT,iv:uDpT227uDw9quuqkkTNjLTZah7V1XWYsrXGduyxZZpo=,tag:ZvDCEFbTS8MwsTP5ZeypKA==,type:str] - tover: ENC[AES256_GCM,data:ORVC04wKRTps4HnGHJSEigkipvC62S4/,iv:jDbGzztLt4nFQQnoURF7n2Ge3fCnaF3T7mIocFVQMvI=,tag:LjOYw4XIh+dBExrRbuZm3A==,type:str] + alex: ENC[AES256_GCM,data:dv4vtuHCEew80lnzJbN4DSDr6DTGtzSh,iv:+zspAb40+1Lhydn5TFfaD9TmvXPI2urZJ6NVI/QLkEI=,tag:eCo9AmG9rxFbidGlFdEkcQ==,type:str] + iosmanthus: ENC[AES256_GCM,data:Q7vCCFJAs7X6G+kaQxKvElWjY/4capDd,iv:JJq/iSGrlvtaAbL5RL6vw6otniXCmf30SBPGN3iALv4=,tag:h+I7oIoBTtvgGapEqNTPyg==,type:str] + lbwang: ENC[AES256_GCM,data:VBfvitYeo3LiPTTSLv8X19KdTtQMTqlU,iv:geMtJGZHVLslaOb8r+TITydeqr6ZAYHAth/SOS+KTxw=,tag:nbUG8+sgCqmiTg8tzO1bjw==,type:str] + lego: ENC[AES256_GCM,data:WFV4dtz+/DCXnSQ1si5y95SvkCr7IKfD,iv:r90jJIUAUn11aJDouMok+8cq9LV5mjoorNdmwrNymK8=,tag:Vf9r0t9d6qdcO0Ha7JgYFQ==,type:str] + mgw: ENC[AES256_GCM,data:AiMKgjgNqwBrkaSdpADOatX9aZoqKmJ7,iv:nGsa8Euyt2+IuFYygeBi02oCiezWzgSZF2xfLGwwe2U=,tag:qfBJl+aaBMcOLQxz9E7Jvw==,type:str] + tover: ENC[AES256_GCM,data:TYWo7SeCwLwrd8PPQr0On0azqwwbrbxH,iv:6l6NwIrjji3kedO5WCLf7jCuiZS/YAEdH/wGAjbs13Q=,tag:Q49jUJqS9zw+V/gzau7K3w==,type:str] shadowtls: handshake: - server: ENC[AES256_GCM,data:Z+5k4ZD1iU15gHOVKE9E910=,iv:ogMsnx9Go8ATYFC9JrCiHf9/ZfiEJob7h08m1hMbc3s=,tag:MP572BGM/EAwWdpbu5Ty4w==,type:str] - password: ENC[AES256_GCM,data:JwDrE/HH+Mk1ANIdMK2fQuZwbHmRhB/J3iyZ5yUCSugrimJP,iv:ynAL1jALWbiATUHRpAKGLpwO5yyIsvMk++FdhBwBvZc=,tag:VK823y9QA12PdyPiefQ0gQ==,type:str] - username: ENC[AES256_GCM,data:O/qzbssXYQ==,iv:RbRcSXVfo5Iw/7DmLWR6GWgsPhWoFqUWVFbeAYZyz4k=,tag:HghUKb4Wln5VM84hPJwXvA==,type:str] + server: ENC[AES256_GCM,data:cnnqYB3ZafFmTr3T9zHmfsHV4Fb1RXcNetY=,iv:5jTCkyPBX5jc4vTch4qxHJJs6FidkIOjCe3mkk70y7w=,tag:ufdR3AHouk0bCrfWAOBrsA==,type:str] + password: ENC[AES256_GCM,data:3nW4Y3G3TOCcvczmFSDb+hIB8evCYVzmnDXxnb/Z4i8rX0zM,iv:ibL6vzlG35oU3K+tcC3uXTHSGLaNhfDUFCnZarp+otA=,tag:PCIhu7n/0l/lZBvAvhM2fQ==,type:str] + username: ENC[AES256_GCM,data:F/b4kFst3Q==,iv:zgxt2xCQTdg4zsTBMZfF6n8kbzqvi1R3t7iRrzghIJE=,tag:q1M8RWQVpFjY79aKkG4ruw==,type:str] subgen: - personal-port: ENC[AES256_GCM,data:VNYBP8A=,iv:6YP/17/ziHqFSHx3f7vwL+1bhyXS4xysN75ZBut24Bc=,tag:KuAL7I8J75IRqIXlhj2VmQ==,type:int] - subscription-url: ENC[AES256_GCM,data:RfRqyftoUhk6WXgQ1JHRI1Jx4jLpTxmi5BRCJ6b2X/GtF2U3OuGVH2Rr3b9Qh4iAfxMbh/6Eao3DgeiSfW4=,iv:S/asvhcy2Uv55dpvHdDWRolFzH3oEjwBRrQmohvVP5k=,tag:tU8ex6Vn0/79CfNYYDL3pw==,type:str] + personal-port: ENC[AES256_GCM,data:Jz/OwJ0=,iv:Wp9txGtG+6pOYFv5m32B7MQxpRIxTmbL0K1V6EkBHVQ=,tag:Li1ffHGC+A4dX3PvXEN1Mw==,type:str] + subscription-url: ENC[AES256_GCM,data:RedNHujdA3CdnVtsoZxmrYqQEy5TrWW/TbM6Darx4EhpV5m4DWtCFu0SdTzkVy7GN6nkN2nmOvuOdeEcd4Y=,iv:COfHSUt9FanC2JqZIDbfJrsQPPvAHO59wN6OwqILIx8=,tag:Q/5+TCG753Wz+FbxWKQh2g==,type:str] +vaultwarden: + env: ENC[AES256_GCM,data:fpZdmysNccnIvXrgm+S7msK4lvC2k8NcpM8JHamV2AAiyu69DzUDN4fQSCsTKkzEV0QUbsqQuXTqdLhbBUhGlo0t3u0b8qF248zWpOJizGc6iikZCxboq1KBBdhz6U1+SjVjCNNwzEg4eFhVjlMyNe4nBCKNCLKFdpqHxKk+/+t1N9KvipehFnmck51ecC5muPlA6uJ06wjo6GUqtEcN2xZIVHQ+RbX4azGrfZuiUP9PH8Criu64FV9Ydr9ktIgFAA8XBt2VIEBIYmzLsEjoTiovB0YMx10dbETUaASfBW84wsPSIT1Eoi+C6CstJS8SNOMdnfiaYDTk0G8mrg21vzuowt9lucy8bvT5nw4uO1wZyyRDo2squDae5p8bZA2DsEJvay5ZDkCd36deL4E2qRmKERsVgWPqCvzvnfJnYIvf8W7CozV+tM5Q7yDiFC41CczGQrlKXQVpuJ5EDvM8v4J3VVZt+/i3JWQARdbpEvI/tP6kpTCksK+gemO4lPMU6HTNFdpzea8FkzoWHI9P4ur7hr4PP4cZRpieq3W//HiyyLq4pwoH+IZQS3y527CRxnb7AxBEMIeJ/u+gnuFkUbo6tNaL2CzUxKwkxgDcbNce6QrSpHFM/HXkEhUU51/mtr0eWkAjrvXAIC2KNJW2P7xFUsp7d7vy9zcC0Idah80KKG7EiS1RFO2P+AWsitVhqfuE+JecaJA60obPnm7ncdN/DBldkvgORKJr1VmJs+XFcPuaETSUR4IldLclxfrGUCkodyz4ptfU2uO8VjYmNQ81XzwNI+FIgsA/ACFTE0ZTj51fkCa7hdkAGXfAnEDnYcOebUvylT3+slrsNGkiSzAAGPhLCyM70Oq+PSohVCUANyPCBgDl5+Q+ydSj6oTIMA==,iv:72L/zRH/f/Jlf/YtGOb8XQWkbPOm1RoKlXRb5qTl7Qg=,tag:ulDNZ7xvpD343VlHzHLztQ==,type:str] sops: kms: [] gcp_kms: [] @@ -34,23 +48,23 @@ sops: - recipient: age12409ktkdynl48p38wz45pu2s25kmffsw4p9d9vgt3xmmwl8f7q7sjlxyrs enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YzBBQnlUVW15OUJYczV2 - aWdjNnh3WUlRNzExMzcvTmtnZVdIRXRjOFJBCnp3SXdNRUprL0ZDakNmN1Nsais0 - a2lxZENiMGRhUmJsL29pa1N0QVNoZlUKLS0tIFNQRHdXeE9NU1RoWWQxdWJzN0R2 - cHJuWjhGVkdpTGthT1FZaEhEajJBeEEKSy3jnfdW8oBtVAQEXxmvKmzZrT0FQIb6 - sirjWbK6JoAfXLgHDFiwlBqlfn9kzsjeSFRhqdjshPSAu8aH07LAwA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQZE9obVZGQ1ZySlV4NVls + TFh6Y2Y1ZXZSWEdOcVJIYVZnOW1VcVZNWlFzCndhcUNIN3kzWWxKSjBQa0dVWDhk + QUFsd1g2TmwyR0ttSHFrZ3VWRTkxcTQKLS0tIEtJMit1SGs1QUpReDlnS25SdU5Q + RWhlL0I5S1h5d2xxY1VrR283cGVaWFEKbV1jfR/Z9dIMinpARNhsbCDJ7aC+nqt9 + yRXI0XVorUG3mrgwAy+Bxdw/wDztjHntVNuoevXmdrTVFBnC0CxWPw== -----END AGE ENCRYPTED FILE----- - recipient: age1hzjj23k8ckesm7aqvelndn2hkywts84892tp0xhl0vj7kz7kugcsr9fepp enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0c2NaVFVFWkhJbFQxTGp3 - ZjRXOFBQcjZydG01Uld6ODRoWjAzcVhuQkZnCk9rbXI1Y0IyWVN6M0V4Y2w3MGVl - bGQvWkczTStzTDRKbmJqazYxbzk0TmcKLS0tIEFqT0JXMWxmaDhQa3ovU2pFZ3NP - ZVViVzdER1o3RTRTRS8rVFF5dHhRODgKCEioFusJHY955hf27BcQ2ssCSpfWjIzk - aXq6IyqVvFs8S00uietRB/3JlNKy9iL9tZS95ispDlAC+8gliQWQqA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUVVNdk1QYTFQbzhUUm5I + NFlwSmNEbktua0VFZ05WTExsV1paRmFoUkVrCnFwTXIycFRjeCt4VFdSMXlsTWhi + T1R6WTJjVjRJU0VaaFp4N0xVOVZnUzAKLS0tIElmclQxeWp4RmV1cjk0NzZvd3FM + ZmhoMFNJM1MzeXFOeTlUeHhUUUJ3ZDAKf40MboVlGtDsskBAt54loRqOSqG+yVIe + vfdJCJxUaa1yyVRzB3j1SiIAuvwRAyYUlLeoYbtGwuz+nTY+u5WFAw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-17T18:32:01Z" - mac: ENC[AES256_GCM,data:VT3FCLWvdCyo1adUs+YySzfLyGQXxdrJCypDQK+uW7PXer3QAr17Tf6ztL4kCNuVx7lisQp38qkFfYD0ERhsUNOS3kphn80Lm5dGkg3hzYxGesNjZTPRXqbBEx7STTkrlO7vTPjgEWOKMQ49vdTfR2R0/mf8H+8ONauzuCuiobI=,iv:EloxQ2VVlrVb6UOW34UAMhFFYn+RI5qZAl4bZBsuEb4=,tag:GlMwd7IALrKqVDlnnv0JLg==,type:str] + lastmodified: "2024-01-22T09:09:46Z" + mac: ENC[AES256_GCM,data:s9UvK7FAFPavJH9P7UXYr0QNhlpbSifUduMs5PKgFeV5BPClBi7LE0BUEwVGv/wJZnNIKf+0dI6OAL0a6S2KpUF9xWTLKEK78Gt8/tluSgqYaNv6VyDNTLzkrOCu8JelvVJFzE6sNShLuNyjNbS0BCImqQWjUocB4iWQV5r/8Kk=,iv:LYCiGTBZeu0diD+sS9L9OnotBamSgUtSjeZagg9NKyw=,tag:dbXaHq8fzrCpTod7WcBKVQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/secrets/aws-lightsail-0/update-ip.py b/secrets/aws-lightsail-0/update-ip.py new file mode 100755 index 0000000..1709e34 --- /dev/null +++ b/secrets/aws-lightsail-0/update-ip.py @@ -0,0 +1,21 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i python3 --pure -p python3Packages.pyyaml sops terraform + +import subprocess +import sys +import yaml + +secret_file = sys.argv[1] +decrypted = subprocess.run(["sops", "-d", secret_file], + stdout=subprocess.PIPE).stdout.decode('utf-8') +obj = yaml.safe_load(decrypted) + +instance_ip = subprocess.run([ + "terraform", "-chdir=../../infra", "output", "-raw", "aws-lightsail-0-ip" +], + stdout=subprocess.PIPE).stdout.decode('utf-8') + +obj['aws-lightsail-0-ip'] = instance_ip + +yaml.dump(obj, open(secret_file, "w"), indent=4) +subprocess.run(["sops", "-e", "-i", secret_file]) diff --git a/secrets/iosmanthus/ssh_config b/secrets/iosmanthus/ssh_config index 7ebbed9..2b8ee89 100644 --- a/secrets/iosmanthus/ssh_config +++ b/secrets/iosmanthus/ssh_config @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:cVS97dAPTyM4JJ05cfhuuqyV/Wf5FBp4uVnAVNxwN/gmeoRqH+mOElPFj1WZQhHc4WY815NRx/g4pEvhJ2bsEU+R+mtiJ6BXnXCRErIOWx4EJ74+1aHDHJITzeGpa3zKZ94rptjglrkmYPgz3zSQPpiupeitVjrRFf6zimdsKZF3qkXyHF+eHqgXV6+K0KDMg3XFX7SUaNZRC+rxfTnvJB42Xx1BJdYjc6X/Rwu1bYy9sb9NVhmGU+pTwqvP2/RRUj2jW3WKFerUERYhHAhMHWkVZlIfqbn1P9i9XZ4DN1nv2n5G+a/gAYL+lp/CH88a9rkLue/6nYLhpHlw8XAUHR9chiMLu2Nl65bB6Ie8DcbHI0Q/xW1XaUR/CKHn1A4rLTIQ1dAuzaGAeWak4ePqqWE8LIwLxGI9dsZB5sbOjzfNuCms6AwQv9CrnkTV95UACOvw34qSDI4EHNMJC8bTVHHGAXhIZ8a1LNf0fye8AdpZGHr8XHY=,iv:yvN7SlCi7zZpWO6Y93JN7w1c/NF2eL0MrBClQhirAkY=,tag:nZY4SURVvzJIBwT1UD+vwQ==,type:str]", + "data": "ENC[AES256_GCM,data:vmDJFjpNUrqvkVyGhxSuEvhxYToKp4YUOJyptLfwpEnE7t93wxK9lNOkMtWCXZZcWHYEKlRgu33wynfrrOWfXOAabhHWICtzApE4AalVgvey94ggg23m+TLR98XdU1CZvyrZdOKwhZpdvKYEYISbuXEQ3BeQXPx5aGTpOmRDwTCOi8zCIOvwRn8yyzx//rOgeqlDvtv1XoVkeVBl5D92E2LvVP2qCesFtNpjty8hIhaf5wvdk9nLjdLm/jUNTPwlqEKG88TYcUGcg4FncrGH45zzpZj6dkT7JS/JDyh4zJaoOLiin/rL9PqP8l8SYUWsRQ0o/DOtcIvHvmowN3v1h3agEXxQgZTKRBGa5zNjWRpsopyntcJ8w2NYzecu+5FFFN00pcsJu11rpiYLiVtcPNY+DWsQDPeyIgZIqrsNe6AlmlZ5YD3VptSyDqn18eRm9saukt6M9slgTh6r7I502ice+hR8/kPLiZ3B33XoZ8e99+BeDq85oA==,iv:bZwuYHZ5Dvpwtzost9dGeymUaB6v8Z0cmVEqtg2AAVM=,tag:q7k42uyVyzzzrJWe2abH2Q==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6UlhrRmxXem5DWlJiVGNu\nejhTVGRKSGtScFpld1lJWGp4bGlkejhDYlRNCklHaXJkZ0x4Y2Zadi9Tc3hXNDFl\nTHd0Wm1qSzl4VUpwdFNGS0RjVnpYT00KLS0tIHBBSW9JTmE5NkIraFVtenFvUm8z\nRlZhUW80eUd5NndkSXYwc01teDFRVnMK7+D7ozUgmzx/PnPx5BkNYAt6ifj/m0bt\nGKdTZboCiGhGlkTZU9SDfthqegt4E+zXUGZN/AM7bl+trahopKsw0Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2023-12-15T18:49:00Z", - "mac": "ENC[AES256_GCM,data:7yYaTt1WwqSmBCfymw47gUIn+HGx93xbX7Bnm92Hq1dulvK3PWOrXx07xf0w7zm7ucv99HQwuCx6+GLf8gkiK8GBsbZcLShgN6WTjfJ9Ll6PSp0IqLmsp8IIh2i5Fc4GAUhC5D4pS0Y1PjPoXS33QjatsGHfP56SffZwGLRcziU=,iv:tjEDfQYzy3oUCY1FMryZelxICgtVXhMf6/XtweQYCsE=,tag:J51WDiZANtdKBmVxcUIg3A==,type:str]", + "lastmodified": "2024-01-13T10:50:33Z", + "mac": "ENC[AES256_GCM,data:5WshVjpQnvlR2HTiSnzYfhlPD3V/UTarHLAD9McCL7NbnA/wVYXqn69tpIhsaeck/KlAtfno9eEPHXLdBAgD5+GW6pHb/3MovCpFq83gU/0Dusy6CrqSw4LgsKKfT0nVZq4oF5oeVdWq53d/AGBuSFQNy2qCaesTG2IJe1vrhj4=,iv:LbGVb4S/Z3wGe/j9hhHN8QKSbBwoCWaPXfg+vr1ncTM=,tag:/oUUQl54S4Va7YJ3Pb1iug==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" diff --git a/secrets/proxy/default.nix b/secrets/proxy/default.nix deleted file mode 100644 index 964edc3..0000000 --- a/secrets/proxy/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - sops.secrets.sing-box = { - format = "binary"; - sopsFile = ./sing-box; - restartUnits = [ "iosmanthus-sing-box.service" ]; - }; -} diff --git a/secrets/proxy/sing-box b/secrets/proxy/sing-box deleted file mode 100644 index abe4e37..0000000 --- a/secrets/proxy/sing-box +++ /dev/null @@ -1,24 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:gPilWiZAYlSXFcTRNlNpZXDXFYxiUIe3d81m2ewFkH9yfuEqaqZPAmhBj7U9G8sbm0Wdhs7xnitjboXb5G0GEDMIB23nTaRoUowA5YQehICwEz8tExKvkGCuxrvRGr/LTs64jXnFA0LdKyK3zUVaHmm9XAfqylveuqd5FU1AoXqyGNOwVCwcZj8YfwQEV7ELI1a41BCnaktpk0tZkRwLcudmexb2Tpn41pe88AyvxmGi+2nbsSOH+jGOV5WZPwONPif5aErgzq8Ic5/eZFxHPsS79Qof1NxMXaBn7n4tQ1FiGrFLcxfeKR69eh3ppXOxcXWqNtRflQipIcOHTMFER0bjwdXR7cad2hJX8iMFpSGzaZQWr5ythGW9rYWKlba/mhTG0SmAu30tOD8KhaWi9omdYjezbSe1Vxc89T1Chq+S4RDL636eD5Kr0TWgNYMslvF1a1dkhOY6KWr/TUqc9IEZuvuK6kfm1Xj0RLS/RJAz2ohyqrcQF/hranLkL5/ZJxRQVZWiC8jI1T/DcwAvx2U2E/dxW4BqPyFCuk4NHC9nf/sJhihZyrIe9I46n8jMzzkdUz+OYfGklrOTn80IhQe3vKQmLCrhvCslEf9sVuuHcsSRGLhvy7HsPTsLGftNQ6Ig102Oes+yKpVE1x9bd5TCZ8XDQF5EQtoto9aTlh9KSHSxsSQiUoRdwtVGl+P8kGTuVc5nsb/eu6RCAz8Az4a1tnBloILDWgzCvD04mp3ujUgfYoz1/07QPxL5a41GmaxMK4PMlfF/TCzolLUexwckQ9n29BdpiAISLPRuEpeIGXIPgFBYW78IQ0WKWRHi+h+cfHwCWktkwu++iITgom50hA77SkhtTGRENr8beCzALu0xOMSySub1wsJuZTanT5c4lPHQJJ/Yq1u31PHRh6mhAPUsN2ik9+x1uimy8woqkBy5R4dD8aVJtZ2gp//lsvXyKHzuFpLU52Eo5G9/SiNKq2MTmKJVhUnBJP+hdbiTHagE9JbaGDWqHU9anSB7sZDsYiA1wHZvPOWuOIWcPOw9/foF4ghBoNFnp/3jfmoUVyArqCO+Ce6vYEm6U9ib5UVm8yFayZd8Kpha5qWydCW0GgZa6nIkqojoQmyvwS1fJQTuH9F5Gbs1ezgrZy+hnzFWVbAmpsoS5REefQMFiQR9iaJOubuoUYgA/aVT0NvdLoatBhQc35tHj2jgolyCKXQpU+54T5QN70K8tGIIKxy1YDKkwWL03Ju4JDItvZFNaAGZEYapF9PBVrLQW5RE1dkjIPLrGptPkAkxOXK056CchpExGWd+z7XoBi/1wcNM4WXq6FNm+7wirl316OGCF1NHE5ughPQFqCvto2bz8Uvrk6z8AzHedjdb2gNDACXhD58CqvCYxuaG6BcRT+LgJa5ng4PFsleQMQ/7YJyvMEWd5iLFU+HqldAFIxvU3AYU9yntqWvehTpNNfFdb+yJ8AVuzVWnn/TAUzZ/2oYKECd3iPJI95FRc9NB2avOCyjp6H8kDHevQYRzs/5EHG/n/+ETgjUSJm/Rzr+CsYwBVirHvR8mbUlr7qHVKMO4YhjnJGpn/y38kA1/kjg/cCXBvYczWTSCL7qfJvYGCS8l/I1qM3gbm49WKed6wyH9mRwYCUnAovnjrV8onUQO1rjSc6lFAOCWUZNaRQr65QP655M4QeJtgSd+SosRV1UJzSWS7Bklac6oyTvFAwvlXo26EgUToM5SqkIWnxqGsxcE4jSfUbGP1K6GKtGe5eRrpRHf6fgOYJep7q8UOTeKUMm9G2UFp08j2UdiC75LASwsZ9V5GrM/fs8WWSj182xYe00fo8R6RhK3dsS8NB5fwcE2HaeFWrh351B8kkxTBvg0+yb1BnNq4MUQ8y06Uyic/3uMId2tzsUHNlcdDKT7gbuCZ/7I6yIKtl4awhY6PLowY7fkxo8/bhPg/1vR/LSmzGi49JOMnSqGie/XVHe5P4I4QZvvawC1TXcF4nmX9gzfLr3GYSN7fk6e3epG7TEwTXutCNNGvUps2Y/lC2qQqsXQlDwAGCbRloaqxVlLFh8rfqmqg+yjoiRFVrtDxLH62WtrWIo82DN+LotMyJ1d4h3piKuRHmPtLPBnrZCx95T2KMm4VZN/Jd2ltr9WTN1GM07Qwribfk+1xiq5+dHeN6MGES+P9FqPdv7H7a3RPH81drkRBVFzax6uIlg0vZN6a58Q281hKvd4dhB6i2ekd4A2F2Qdtd0vk+xB/Jf8xJyTGvuFjiT8f+LE4wd5sUBCgMv3s5z4pgcbEFSC5rSdNpld/BP/5JxfV9rip8Z2KsbLuQ7ydjIiqxckTV5khXNGLYbB0276c7DORwgEq1oQJHD7feWpzYeFrKNCsOnKu2LkrLGm07iP5Yy6KBjUj/UeWLnzeicxzFcxRFs8sVrY9nQWA/vtZQ84b1X/pz12oXTHqZ6LCRGnJpGjpZmkBZgr7DWUqX6rPG7tOrjtXJDQ4IpkIQ3JT2YWiy1fTh2zK/g4gOdjZ9278ySbZO88Ggo1QGnGxZORS9K0p1KGFRtsSla/IRIiWW7low/tR7+cKf0hueVrAk33m3JVvJtTEc2naE16swNL0DjZzFpBDX5fvA53YDCezp5bc1j9+1uzvj5A/xr6mDrKcvFDdw90Sxv2ybxjEkV9K+dlJgAamutwadozAL5PwzHie7Qo2xdUM46RhNtBsFSqdkrjdm7x9coTZIgTmf+8AAUj+dkBsAAvvrCo5FhPexXhoMLx7oJr1UghDy5i12Ne+rIyq+K1OBAKc2UdW9hrW8LEPWoiKhevN26fQRIPWXbT+IeFzmfFtIdOkJB/qkijggws5bPBkYaTIp+Qa/r7FjWWTVmo0AIXRSWYuwX8ofjY6NDpoyiPqqmdM3b8KloOGKkHkE77a+kR7hHipClTvUggcYV8PMbDsi8MnSBeg90v4og34V9xiStIkhgXDDwJL8Mn345SUT0aIV+42a4f6TN5QWL2gF6QGBdywGMEDhLONZdeHQ1WareoEGJO8G1hHh55WTl2AEbA20r1fYIFagyCAsCD53mInQ0yoDCnXpIA3f5ccM+vKQ1Od+3/6MTOpZJYKfyQ7dp4O/TXI3DjQVasnNNet4GciEWyAbtFR8AWXADQaUNVW5L6lab0DJg1pbSs4YzqoltECZHXZFsXhuOoIrrHzhDX5x5+e3zYXvTCOSsKL3R5vdbw5C6ua7aS258XnyY64N1yh1ve9F7052vJk1jpD1Hdc5QISZiGb1v4gAtBgIxEIpQufy9+GKpExlZ1/t2GhBLnuBYmQ/8Dza8juFJCgfn3pJlfTPUwtkOR1rE7LuVhXMPjQt7nMpONAax/2hAQxaEJw8pNUSzrU5bQXruj6iweJAEKwbXWArRKn/3FeqK8Z08yBJFcYzjCGlY3nx7XwB7/t0IjOK5PBkl82N6MkCiP0P/K0R2UaMvbvZQksDACpF/mKWPSG+JdIK7ZpVnn196v8O4aMAvvst6EQfDSOSkKmeIa35FQavREB0Xo4gLHstLW/TlHgfNgnoKKVo44iEWpJdOFo9tWuxNnrDRSiCz2rFru23FI1fQsms0/i08jDENkJMalLB+rh6G3hQ5+ItaoN2QYRQzA15u7KsIAwoix2r/vf28XsrCredeaFVZfdn7aCdPo23YMBtGbM5reBwTYqQQ9p1LKSBtHE8lZfkwXFB0PlYUBZ/1463f/I7dR4TYFpzUu+VvoLyrX9pFWOdiaAC1u5fUxQ+IyChb1OdemHIl4vbSZUaXEITD4GSd/F3gmjAvWmfAIvNci7rga2NPnujnk5ntvsPUmOZqgS4Fk7jc4H1gZHHbAywY5+12y1W2OKAp5frFePhz8Hgm0Pwsxl6zYtBmoDASEZ4kkhdtjpjTPXmkWmzxBEyRe8GD9/Udkf2oOJhPOCRHOcC9pir55M+kOJC7wtk5UxLEqGUXHwd2u6JwduVb7bma4lsqXMb1lCNg++rt3THYs0SFfxTDEFJ/ZXa/mFiyJz8iwYJ2y99aRiQ8fvzn66ehs8RuwNCRZQIyvS+CvYUGKJUnvE7S3KFApXVvrD1LuA4TrIsG+okALJdeWsMjg9BVLXzWMpuEx7YMQydvd39LJkjt2kFOEgykivgLlB0mJYW9ClDr5JTwDyOgpywdITMM2jfY+rtxzQGdSL0e8RIXu+iRoUocec5brMiG4QHrOt6qYvQCHOoJARTjOtydvJI+N13T0CMZSZvl4vMzC2jOnmsA3fcs3RmsaDR+rc/hZPW0NW2+GNLqWR1cDdMkIR48oaPpkC55G9PGT9wgQ6tdY9Us3PcztVPjFLYeXTLuPalNg91w4TCQd/HX9GZ53L/X/RvVjKgD8hupMOlpis9yMgBqULXhzIQSzvv/JzD2fE7Gn3rihxAYpI97RHe6zoRhBjhQO2myGVESrjy0g+X8v+Z55Mk+sSFt6c9bbpqRNjDBTRquQdMx3+wRHmWARFrHJhoqbbfXucmkEBj5dHyN/VVZDiPMQAnvZYvAoh9F66hLzYTjO/3cG8puvtzAjpIUGpZzS7oLJYZoj+MxZZLBdfMB+nC0+0L7MB47BM+QD+HdVm+O/bRqpmtv6R8rZgiT8yT3Yd35POCDjZZnFhgK0KhFCE+CLNzaR3HUY+DdzHhjwOdl0Yt2LPyNlL66NSdswPB1EP9yJmybJ7CHw3T66tyHvYlGNgocIXULzZOopiNm+dIJbNqO5VVeLCkNw7ud2sSEvo0vV/T8xqnPTLjHKMWjYMHTqtI11cnFSyQDTEDH/XBtX5pOgGXbmPKAfVYy7kf1qeLsMy4gtogLofhSrJI/H5HzoX22j+8gn7Y2R7B8dGqplozgRNfKIGQgseMfOhMIRLDx5y/BGULoLy/9I6Q6RZsxKRxqlc6+MTYb6z84NPfSg0kFPvuLuhI7swXxgsjIy7lTMaLh0juyad0hvrha4PmoK2sTF03WtdNwc6XyrKZw5m1UXLW7cAJXSWcaw9yyvaWBCBukgD3dQ2VrvdP1UGJcHZVEGoOdA3kWkHz7E5ttxlxLHzxcJHyG+NeRsyByqfxu+Tjeg2EBRtOmbuR/r8Jh2Jdt+j0bTP35KYUTR+VK9p+xIVNbxUbHAkwypKomxqy1v6OJEosBuyQjpoYjE9K5TWE3LeskFhwdLrA5/O8nmCRLKuXnp69yx7cAlxe0qLJLMkAKdnQehXtIMwFU8Fv9nPMgxYGTZl1FrlKi1ZYNFF5+sC3mapQ7JR457H2UaGXBCl96LfsGBqFcU40bo6s0ji6wzbC1U/iClsJ8o5K2l4LTPv5WF47J93uvqhZS8p92t88iSBy2kv75Itc5AjC/BmmARNObRoR56CHtqFqqPAzdsV2ifPXPwmbLsN8f3T7D1/+z4MNbiwq1Nr1TwzcWDYud78P4VP8ObpL/7K6t+PJOU09Hyl5LT2SOMt0mvhUn4Mq+qPUzhgfKtuerF3L/5FsN3ykK/9wNL9oLPZvbNrJ/5EbGNEbXeo/ObKKuBafTsGzTgiaTmVpK7EK25S3GteUMQ4BiwAf4QUKfmgLSFkkt7C4DxxXv9/Ntc+Enxi6F6qiTfLmaMjnL1Wd7IRP2C/eRHuh2sq8VHwmU41s5UNTiR9kQY3SsZV9wsg+SeT23ochaW9s9/U3hlhEr5H1GhIMQkJCP+1maNwQpjEeIMrkg0ChK0/1aGBqT4INRzzLNpeSkQkS27+kHexRE+UHRqaeryRhYtV5NKcKSktgYRTJFGhHejNzaEoW4D26aR6z84QdKvYgwz+bjraba2bGNrc1pkFrK/ylEwd7hxzuQzw6HxfOPpEMYFHgTEJhs1Hpuu/dT6IJWz+66VEUV37obgERK0GeCc5E4fNffgh+P8wMOm/Kjh5GTjuehUe8UbElnW9qJ/Vv1BSRPOrwqM8vbFPYJRNZ3DAL5BTN/T4AG/sQfZCNm7p+AqcvGZS/GhwI+oKOu5JgKapPzkb7HWVmk5jCZ0bMof+rPmL1CS2uBehuE5ZlLiLm56dx/WbESs16CsQGXaokHy1951nzG8LQM5JVvEHVgVqZ3HziO+7DuiDwFNrKxXhbWzz1bx7Pp+K06KBezW0YOQ4r7msZDnPVZZKzzVej7k7MqBcWFDzTULPOR0E4YTiGPmubOp+3MPwrJYGMpRAgW/ukuXpEUYJOOP1BFFz8PZRard8nRCMNroElB5LmIbLEtXw3jbu3tUp/+laQx0HMILcIc7arrSG5jvRb1txTCSDq+gYDGQSUZfIWC1uZsw+mGMIycJqt6L86SoU8Ct2jBzfRAS3q1Wpi/tbEjc7XNsFHLn1g2WXCkNKmFkeP4uPsALv+9hPNGND3WoEoFwW+oLgpfnTY0crwEzBfdF5Rt14l5eH1/H5+Ct3mLRh2Bh+0U6B3hMfHwmhmYz6GbG+fb8vJkrIO40OQ06jmsiKBx7ji4iN5e89g3D/sdzYpBRzJpOs4cpTP7AM/k07PmTl+O+FMCItAhZjOoGl4x4oLD+ZLS8/z0gsls0oxGz0YoEXk4zo3EqZK4g2l9Fj7Fmm0/doOdTBiNyaNy1s5jgWdgN2O1N9xaTGRAW8sRkbOJMjVM8S8S0Kc4FjhjxBCrlteENLYnBycX/becomlS2NSiaWG7nLpN38bpgYpCXgNaLdpIu9KUTnQPEQa1Kn9lmGoyuzcDKyFAiqBjmcN80ArMGEnC+4c1HX6XiQKzMPfPYcos8W8LH69aeda1LJEbZAJH+wbjbTLPsywVotphIvAOjSd80aZKhn3ALQuUsapnBsEnQ20+0KsFpjjIwyOyQ58Vugb6x7fI921xzrZNryoz31SCZWWMnPqENqvTNG6UQKkjZGylGniecQyyPPJulk3JFqrQpjkx9C0ZpIxuSq9EFupi3wb3IDZJVITRblzAHOw8/MrtKgS0gwK75JnbjPBjxNm3R5Q1iiBYQOdirarWdOHRXqVrDAK0w4JH60GYK3Abo0jJ9qu9R02mVs3MPmyBazYnggTQDHWHdT3FY86v19zuSs5Jll6WdxMk8t4X8x5rJ1QCe541+TpzUMtgmu7xZCEQcbGnWa72veouiQWeqQQnPn9oLEAumB+N4Ig1iLD0WZrmRcz3cGl1QOszTqTVJjg7/52KSYzS5zY0pM4V7JJvjoMAUbjNCVN9/BuxmBRylxsnGYECDd7lje229686BZvQzsNrpiMouViZvXxk0qRvfhhhXO78LiR8OjXIIDxej2wkOZuP1LPVGfMEntyvfuBb+RpN4Euvi2fiSFRYytgAv+H1EhMWADoXOzBTTK700/oo6+0s9pkCVPpN9Wv8VmCypJY3M/FyqAmCRT6sEa+i1ZnFo+7lqbmOdWZK6lXlYd9H2mA527TkMuNZM7J6vVB+rlqIjVgxhI60f5i3U/ik3akzmhBuxH+lz4lxcs5FTnoyXdqKeN8+fHlb4X8J0NTNE2YWhwmXGpzG7C6No+D0AkxPjiCVe+qFAeUZi+Cr1n/Xrd1RFaYO2/Ycl05uu2hfQWPHq6c41cYXHnZfmJGhNaJdxgjFqqtgutPH87KAsB+Rk/8+seyL4uqzuxTSfe1HMKW7Frua1rFtYNYB1v3q9twu8juh/dI2gz9iIuo6amtC0H5TyZPGE6N+d6KM4r8G05eRUTf488zxzNcahSBqB85bRIXjgiVepmNaQTmYePZt9WLhZcdDdWMTHxwuqDXHCzNCM5iFVmO3LKaqvTZt3KYGnc9M2doEbv+Hu4G2zeywiRU1iRNSZgvEfF7JIHpxTsxQRyAE1lfz4SaPHq44WT4wz8rpiRM/ERMTka8k4Pxt0lKL8lRmXnb+Vlzrq10RRKlyTyzQ+zCiov+kJsLwfbyuLxs5iZ0TTn0XNSXP9fw+iYHGA2uQbyXZWVGnEjGUNlGgoHdP/ZSdkS5F9SPq/FxcaPnwSqJw6jLHg2hw5KhEKNl9yjAhklzVfVGeVHAc+899PyPle35BYr0P0Cte0wSblSjhIrk1we8q2wwvZSgVSDxXedoFM3kzU5uZ4qUnXgxrtF0orSSsOAFcd4KOB44vdwul/+pHpGCGxq8dUpubIYeChb3TlnqOXbbMzEtHQj8odT027hPtaGAcoBqyRC+r/nJvQZB7wE/IjgKKW+7XkzlYtD0DqCe1o87RAwbv4kQE60iaO4+UAuCXX0NKIhBqgf73zLrr5MEzxbC51mVKuFcAPbC+omCzewdvB4gjwSagw85EncWkXZyvb9eBItyk0lLyc5i6U8FoonclUNQjEnv8cJb4gMyNrZwvAlXV3NSpCAXFaOvcP9dqIcIrWiKWQJxPqQSyVss9idV6d4UFo6j80ReFDa6BgpDq/yeWLOloSZVsU/BH8DEnHyF1S4MAu5ZMxWluT8LSI9pIOGk1hM3B8G+TZjsx34NsN0XjsHxWuVrvvkqKw90oiWlveUP/SQuDKwR/MnVJNEWQOPx0i+StSZIi3cZtG8UfA5eN2k0ukG0hak0+2Aonx4JrCPoADqs3zRkBbTKC59LXT4BRduBT63BuO9SB+yE2QT8eF66vHS5hQZDYt+E5JVpi85Fm42zPZK4keeOUkdEfYIBwwRf01SLvfTOELsfRE4+9TbFcYEZCuXsCyUyqENl32z4/LqJuanAdvEGlPkxkUPLorLtt+hFAZGNVH56ACZSldRHrJIJMG1B0Ri2ml/6Qw0jdjr3JWvaGseHEOOvaouZ6rgbCyXbtNenUeCzXaXRFeZsSEFXclPusCBuj25KsXMWJJ8ZBcc1EFCDdhWB+EjtMC/GC2VS6dyv8tomCrbWiHe21HzQbtVucjrUKTIy4UNqF9MSh1I6RDpkIkWJLzEbRAGztOSG01Zmo96MPZY8cCqPZV3I/pwN3NX3Fda+n9rsZGKuMWfht59P+YX5fWxk6HSVR9e79V7MtptjNRMAIIwxrfhzIX98DI2cxtymSZWhOnoe19O+/hQjXB4nHBCeXiiL5XFypcN4KecXuRiC+Q+PcOe1K5Cr1cviqMW/02sKBPr1vXHdwniDuvA5duPPjxihibLGXd15ngLSeat0QauLuWjBDShk15AwN6HB1T+Z5YeUrjATHdq6o/aXPya5UqJFVYujvBICvGAltm3K2OXmFKM2W2rcesG60R1bs7xgZ91rgi98ZuCCpT+4O4VqCgLGb96yQLZft/buyWoW2df5P6y7nLailMcVEKKfV0YGTktmUtA9V48qDtoeSxLnttMpU8mqMyhdSrNtGxw7jYpZh+/kKBJHghldSsypQ2WxFRIy0lD0n2OXYJ2Xw+i3lVRsumVt37za10ZvEuBs8WKpdaV5Rafu5u3In3MNVHkDMwUw6S4Yrm1vBrvidXklIz36eKz9nTUHn8gbpkHLnbuBKpTfGbczZQVLjp5x7c/Sw49V4wqXl+Mw9jrBw9a4qu3ciZGMec+JLcs/AYSOTAkEyrxxf7YZkooqF6wmwzCZLOrq+Xo8b7RHcq4PCFZ104q+BRWPnLAXIXyouFy2xM7Y4AtEebLCstRzVP0jNeLtZi8eaz/t/kEecT2dau9n6wGXpULOB8Dolwx8YpWb28DnXwAlYaxIZvtrc7w+GbTqUA7g6z87hs87KrooyzQDTMJOMLjm92CiJzIh9XbplvW5VWdDEQHjNQkfOAe85168o5ysJABYcv8NT+HpgvRLWOeNbhtWnM5A3uAKcki4ZqO7wjzfK06M+I+BrigZ5hJc33g7RoHHt++4sVbLB639x35NGWTBt+KF36MITZPK05ddacRbfJ/ygAV7JkicgP7uY67dBtVQIxRDvB7b41Cdx/pZLO1DepwMqN1og9atYTiVRRyGdX/8FcrvCf9EhUFnrCWkwDMcwxNLwgZlkmk0zEUpI75PHlOMeweTLhp4vG8AsfzH7ldhu9Mj4N5hXZNzUsnAOmevNycSCzI2MzGUKPyTKILM0xs+V1W9Pqx1mWvUYNxCh5XUfK6H3uTOFRryx6cjkUBCoznG5Yehr66MGpMPm62MiyS5MfwzlEf093IpV+kOrFqJuVShN3pDih2bGHTGdSw1B8hdsuL2OT0fyjejJDoxZIYZuzPzMUctEp76fbwmoWj+mBX6V1kMx55hFyF95wKDdUkiG2hNWrcFICoB45QLOYBmBRczUkGQQGu65ZE1NGj/D55osniIUhbPyQ9EV3/Eb+yhqzWjO4/1mWNs9tcodh6JF6YacsvYzWkkb2D4AgJFG8fGsosFd20HQEb8eo5d9XAmlRaZRHHvArkDAWv2IlRxL0owWKvSX2lJT3RRQJyPP7X9Pq7UzPGFRr2+OO5u1qcQDhudZwrzYP/AwpZCIlFtIIfFxEl9SU+ivMkrb2AyLsR0R6uP1vvjxOF48NWCuZr8MuG7VsQrHgEMM0oJAUh82mE8OvrM/Yf2jjGVhq+NIf2SImtKkFj02wL74YnWCeS3c9ABGeP+Gjh6b3SYR4JEcNSu5hSRBW02G9YjNestndYsN7PxK/E85MUqriUj2KNVLqPmXL2gN5KfxeLD7+Ws60+ASM0K0EZ+05uHTzv1LCJVD5uf6q9jxLgVUlwr8Xgn98WVyqkFia7a6tDPYHarkOeAXr/ZqsF8EjvlnmYiPQ05712mOapbGHkSldwbsfCM6xqquc4JQ2ph/F3HPIr1UMloasE/zmM82y3vEQbIp7JHKnf8tIeJrcFv3ZruLBQ0j9R8TgVrkN3iy1DhePfEgbf2cPm4pDXWVxN9nb7lDY6SmCfQbumjtH+kZnNUUPLS/HjCPyHVNqj/cFR2ri/9VowSk3ZYHLmPk09A0NsM8j6/In9IhXNDa+g8mSoXdUXZGG1QFwhAPwm1bpc9JUtMjxBsXK1HkvmQXYxwcLWA3d5Xs7Nz7KDphxfGLRBU00DTXuzLVTtqcxom3g40LzIyXL7tzvVof4UDuf2seGJp60k3Rpw5lRhWmAfv64bgQUdwf4sFxj/a4Yju9l/nEW7xGDu+3Kf7h6a8tY0Zj3e1YmC3fYw1jPTiD/8beaIr3ww6nXyPSQCPFtrUhZ7YHufdsf75tI3b0nnZnbpSv2Nz2OtU2KQ8U02wocQQssdmToof1V3Bht8GATe2IF6nH10H3/1kll37jUf7roxkSYdheL5CFsl6yxZOZ4FSmnjsv+xoHM+R4EEFqzoByhoXHjBz8V0CAxC4jY9T/to6DXxX9ktGuUw+TGVVGJcgdoj28/CY7k7KD43gbocuIVJXXYHEbtsb2islFZsaAASt367Ma0Y+mNcRkBL7OEhKf4OFzdE+05g0H4C7BM3ozwvQljBSK6FXW5tOGfNr0AItKztpLHvGzf1Z1Qrd+kfb8vlr3vUFQy6EgSFUqs8+yCeDCVvnSvsr92KUysRSd5IEZ1k90OU7uSPfRhfa7K6wC0ayS9xQAYEp2SGYKl5LmHbsdPpCbXV0qD+ozvTrpIbx5FJ5EvMZULr+DaJGBy+6PkX0waCWABlIrBgMpAbFz/b+wHsddiftcwPovzRP6ILGYke8KdOPcazf7WKHbGV5FJPngVTsvmqMxMr9eg/lbgHieFa87nQDwWU/e9kwpWKJ84H0EINUxQedFmFp2bLE+/okkzdlXsPBmx+YioMc65ZVBMrcNiVmubMFDVWzjhGu2+nVb86A0tLiSXRruJ3y9iDbj1XXpZ1TYgg7ttOsYSW+ri0VDQYDr20OiCCCCbMt5kMDlGSJ7f5bpvPtBReAkEBZWiTx7EBRwXfvpy/IZp/auuXpSfDnH4ia/ATpRbap/93CNAqjB5FLBrsxGQZ1wygckVUngyU37DfC7MKCxXVdeFGIJYDEgAlzQWFINakX5biC27gYsDrOqUHgubbQEPSsahoLQXjDfA01H074oROmY8FWglcJIbjJCWBT4KOEPCtK0BCKf/duraYsaY+lyTFbz7AQ0z/SoSSoZFX9vQ0gD03ZF7mXKOsksqcIXTu2KkTqgZmyX0ikXlDsnkDnv79SqI3qUICWyea+mqn/Nw1mZwedEZUY74KMtXguVJb7RPSWJCEQSmmbtqTgHpMRB4jb4xOEFAKuzDCa06sFsCPUiIBXnBtLF33Tmzo4QbhJW7nuOz3jCAHF/ax7yme/HiF56zi4pd2NJ5u34jfPRmbcBKuOKUoJEPtlKuIr7wIZBeJpeKL60Ftz9wf9wW970noBaAA1aSl9IdFQzae0ukXTFzklSI4GXfabGeYOWt1tvoO7VVgNVHZTOxDwmMY5O+Pjy4ucXp7nGtplF5YHDFSBjwUi5yhxRBrtIy/AbGmIJdWUHSi71Ba8wMGgazvyd/CKfNRBDvdBqtAg6hFqVY7UXT4i+17U3RKHrxWlLL2nsLCS9uiofagVCbm+Q7AbSUHsxI4vAgaHvxmiGhvWeiaqbvN0oCTA9Vnmq7xv8o4+Oi3GklNNDdIwIahcmDl1VriMOhwlvdaaXHI//5ppgjH5pYQC4dLottaaoHL8QYZPjLb1++1B/02aGKcadQ8jmJjk1RBIIxHbxu6o0nkIIdYyegpN9DlXXKHlcewFe9nnqb8L1PdvjwTt6eegct/jY2fHPUDoCxBMQmDdS7GAtSebb20NM5sLaBpCm0/uNXaQ/XSebeu5NbzC7PwtT9UKfAx62K4470Y6ff2yhH8+aGdpnpNba9n8EDuBvoLY4sOepgdFft+RRuLbfzukM2WqStRZXtWQR/D4B2Wq3lCeZ3v5BDMmllPPTv6neoCenvRiuFZ90g6WR+bj9lD44U0cTjllL7qr2LjnFO60rxJ575lYd0fs1f09YWgmGN5h9BG/bL2/PVKW7KmCNkxGxCkkWQpsWxzOzGudiGNHI87tR4oIFurUBMbvOGbCGPrsPv46vr5QFs/V9TDdk82SFIoiwyypVNzmIojhE0+pQ7PofZuxUTelCJuF6PEM2MXUZubtPQ7DsnBPHdsEKclOG4+pr31vDQcjTZbYRgTcW+r0feuWzMtqCiHd7E1uG+PxQdhzj9QdGzgGV/qKILIHZUquA6/l1c1843+t5dQD/HRy0YxZkXwgkVlmQu9F+ugzpYUocRqeX/opJn2nPrIA+/PxBAjoPU6RNGPlCdHt9656LLv0rq+NBwQiPdQm3PkJKZLC67XDRfVVFge/UL2kPfOHO0DsiFhU4fBIVk4FS2acO2wQ+AAyDpoEljV05YseTjYskD1EHmkUIPIgNVyogLZp2CSh0Y/ylTkv05xKiMXTzfD4TcnigZ3sCmM3FTo8xUnKgekM/lS0QkuU135Cr2ohOSviqCVWr3ydWsHI2OyBDYYxJZ6YK0uJGYgNXv4vWxQ9vfX01P+HTORx1gaIztD0CnAGEm9a8kxL0/ywOgQnh+wcoN7k4HYxGoSy9alhioBxf4yn75jeldNIe9fmWQ+x6WQHab4EJv5x8btWTgttGNHJsjwKn70a0GDIre9x0j6VXT01eF8o7UZ1nxPytBrrhQACrkJXxC7MWoMpHxrV4aydGcQ8/ClFvy6363auAj4BO/GgtR/LZAWGZkh0fPHIqXijrDSIidETw+G7jX9o0+vj2YlLFWt75P1EmMEv8UPW35uxyMlOp0fF9CiewGEb24PWuaS2wvzKgaUCVsh4SMxOBs5Xd4SchAqJp6DcboYcEybCOU5ItwzDYA4rZunwvffUtVyJ85esImUzhYDajLi1AOh6eZII0wUJlWFq+D9wNQG+kYJAVG74ialqw1X43lzzZOjv89+tWqLfKcF5bnjLxScFpgT+Rye33Tyj9SAwE+JIvH2gVaU6TtA+hyZSDz2A8vziIOuwC/92NA3r45rTChQDnSvsRVti94am9HPwJ3KqvW4+TPSWU847Vvm4c0jcCgSrOrkEo7NV1ibtzIUvpQGe3dK6NvtzWRyLjdDsqfabEA4V+uiYVGnxujM++HHSQl1dWAurZWnRn1PbcJ9Pmr+GzLxd4LC1Z1g5c22STTF2WgbpwmweEb5tCb9OFxrmQ9jq63Wiq21iM5cTs1LO+3tN/QQoyWFWETnum0iawjyQtVVo+BFJf4qOrf4RsWz7cah3MOcMkgNnt6pYeNOZV6yEB9Tu8ckl6lr9riWXBHBGLFIHm0jQ050968l4kg8/0UybrQtIVe86njPdavudxym/qDOsl+XJKEPwpDSYgoPfcW7w8OHhsbGKdJrWCR6dS3TPXJqTj7G/Km/NAtjIBa93orBwb5RKs2sVRiBWFnfxwPj2joAXsKyUldhrzoiy5p1WTsPtrVtASvEYRRP5h2EA7uSKR7qgyTTSJ5r8U/Lw3TyZRnX7fpF+bM98I+rWX5eEYcps3a5OnG9TsoO0ovKn0I+YQETKpPY8fAxrxdMHampO5cWhqoUUvNFuhh46p2Bz2fpVXBhYiUMvrztL2bU7cB0Kq/nBfdCa2/n5PpdaIBb4g7mw5GhQy3Y/rYAliRPSUQ7hgobILj0HuIuANNv1sObrYFNiH9RVsPwyJoQvhXLXu/3mhaEQKG+7P4ZlNb5WLllIqnsOCUcVwDT2uiNBq7nzQlXOJGZzVDDT3CvWtvYQ7wS2FHx4fsgFWYpxp6wx39VnEfzcttqJVMJR4kOnViT3d5eNIAAtLJNlXUKBxN4oqFwvKfyxtvywTarpHB9/IHzqAscIAKj8pQzUqxikT+OH6igFqRskktbVdmpZMy463Adi6SyA7DeMq2GPXpJaKrA4kimVurybTPbwP8d6HagHfPt9IhcUM8B6jEUMBgNadXMGySCp4Fj5LJlUSgMRzPTpMIk4PM75ut/v0taDvkF4Lyuwh4juQdv+Qq/IDiq1sUh6+LItJmayuH3l+uUPHe4cm+/jDIiIwR2neJosXof917tTbkQBJ89WnpHlJt3gALGoY2HdIuVHLGcj2jkDl5Sdksdu5E9h3m5OTZkpw1YyuXKnSUGHg8/jKz4/LPIJjKB4ps5fkF9uYoxLmNAjIzQXtYqA==,iv:BpSYpL1fVrJ0YnaZjs3pJJ18z4RM9aV6AWB6wTB/x5k=,tag:GIOY28wiGbteS7CKtuk/KA==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age12409ktkdynl48p38wz45pu2s25kmffsw4p9d9vgt3xmmwl8f7q7sjlxyrs", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPV2pPNzkzazd0bGV6dkhs\ndWpiY254eXo2VGlGZS9vSmhqekhrU1c2Tmg0ClcyYUd1NUN6TmxuSGxWWHpZZS9Q\ndFQxQ0F1dGlPbk9nYlgzTExZcWttQjgKLS0tIHpZK1J6bHhzZktOWFpXMzgrZEp4\nQ3BwTXdNNUp2eHZ1a1lySDg2R1JZMlkK7J9icL/SJ4Ef4WSRNfKRLy0HG1XLdZ/s\nvIjtNt7FftG/Qec9/gq5YzVapECC1hoJ+9Xfdr4mX6/i7jhsypAGbA==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1ad7q0mhaks0r3rd2cpxf35t9al8up2e3fqkl2pyuf49ekyqnv4ssc8j6ak", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIQW04NkRmc2hoRVRMd3ln\nWDZEUWEzTTJuVEszUHlPMktIbis2bHlQUzBRCmVFSEVxK3pSQXByL20zb3V3bTUy\nMnlIQ2tDaW5YMmZ1NGdRMUJ4Z2xoMW8KLS0tIGJaS0V3MFJwNFRJNW5oZko0bmR4\ncXBIdE9BTTBvRDdDWlZkQVdNdFdUWmcKVzwEek135sDspn57UHW/ZYSQLmRYZK6H\nngEKk3shvPAffJqe+/VvTafkJJewtxEoxD7JPQ40ZKUuA56cQ+yftw==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2023-12-16T08:54:21Z", - "mac": "ENC[AES256_GCM,data:6yXpgUtUpcxmO8XcgIsgDDNXPY50riW5HlzoD1DF4uZfYfl6mdJFQ6DAp5afYMxsoZXbmptqLA3yB6a3mU2T6wgfa33ca7Uhx7HfSvpH771eCkf/nqIFyxDhYbWduNaEyw0yIl/AYkjaKTWlOocLij6s6pbDXp9vh8Mfpa6joDU=,iv:JjPLcJV5T928d/RUaUjVBskk84mMVoVliWGGkE75Sd0=,tag:3l3IezpfyM3beENSVEg8oA==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} \ No newline at end of file diff --git a/secrets/proxy/.sops.yaml b/secrets/workstation/.sops.yaml similarity index 100% rename from secrets/proxy/.sops.yaml rename to secrets/workstation/.sops.yaml diff --git a/secrets/workstation/default.nix b/secrets/workstation/default.nix new file mode 100644 index 0000000..6b84c5f --- /dev/null +++ b/secrets/workstation/default.nix @@ -0,0 +1,18 @@ +{ config +, ... +}: +{ + sops = { + defaultSopsFile = ./secrets.yaml; + secrets = { + "${config.admin.name}/hashed-password" = { + neededForUsers = true; + }; + sing-box = { + format = "binary"; + sopsFile = ./sing-box; + restartUnits = [ "sing-box.service" ]; + }; + }; + }; +} diff --git a/secrets/proxy/secrets.yaml b/secrets/workstation/secrets.yaml similarity index 60% rename from secrets/proxy/secrets.yaml rename to secrets/workstation/secrets.yaml index b3ab7e7..106b11b 100644 --- a/secrets/proxy/secrets.yaml +++ b/secrets/workstation/secrets.yaml @@ -1,4 +1,6 @@ -sing-box-url: ENC[AES256_GCM,data:U3UEzeA+hPg6Bd3FxTbPf6/lM8OQ6UvUVKaXm10wAaiQHGKzfCNPSfsDQo2IIHc1NzH5LImc8hndQVUPC4Yb,iv:5+vUSGU1HGUbnsQntliPJRzSwwD1kd2P/z0dGeQvqwk=,tag:yN3uSTeKD9vK7gMqpeb4AA==,type:str] +sing-box-url: ENC[AES256_GCM,data:I+xk2UgJe34/8zvyfORkT0R/Tl2xqkvuyVIdw0xM51CpxgiT+0JA3iBmZbZ+mxnUpVGU0U4Ui0gUrekT0bXyDpA=,iv:VPHWGAltmy+3S6oxfWm0frSEiMFSYI1WTWMegOqeAlw=,tag:8ipoiMP+Pz4DK3v9u4Y6Pw==,type:str] +iosmanthus: + hashed-password: ENC[AES256_GCM,data:2yH4RAp+yUerVBO9nqgrs6j0qHZIlU9zcOiwoom81GeAwP8qlaC+ukZC5GcExSnYsPt2YKu+DnyGPtAtQNsTGOmFOFj+QIVEKjFbyvZhg07D+v0iNHKCG9ZRNPbwq6qLacBTWLUnq1tfkS85tBbsHSoHX35e9w==,iv:JXxg9YPWj/I+oiDV3tzTjoKKKrQAFarj0thJrdTmhZU=,tag:RR2Nl4NzYuZv/Z1R4EzsqA==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +25,8 @@ sops: U1dvTXRCN1ZvNHZHMThWcEc1UGJVeGcKkd6/ifa7FJn3c5ceVSOeK5qMIrnO8aMT drN+Bw/hjt72ZKPuAEYsAs8pW8CuLaxqvV2KTrK+C61mmn0b7yppUA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-16T08:49:45Z" - mac: ENC[AES256_GCM,data:c35JBHAdrVYBpIsnIbDONjkWpHYmghgp9S3CM3fd0AqJySv69/etydGOdt0SwAqXpV/W4/i1WW9ExHYcfpMIdXc8N9Ry5ttC3mrrKx/yXI0sVTs4/rLmXH3qF/lOsG1uH6hAIFWs+k4H2gHZK81NOm6L0IT+9au2+FpC3vS3XXs=,iv:kvfWAAqo6zos4w9vEhAaTHZeSKcaebwop874vdbbQvM=,tag:Yyl5JsYkDX9o5Rt0en28qw==,type:str] + lastmodified: "2023-12-18T14:25:09Z" + mac: ENC[AES256_GCM,data:magKVnL4n882AXok/tpMwfh5iIDLg+9WZMpB4lg/be345vbtcjf/O38X+WXXbHeKmtQ84P3B99Ek9naO9OcZRj20dYFyKnQuTW5vS0oa4t4DXc+KRhrvlrXlRiYrzKv0vHoNouE8Tt9EkQFasI5hUzfnI6zGCETDfyQzh9kbKow=,iv:wYcH0u7ilLuLY3JFjSlNfE578QfG8nkp1f12oFNqI1M=,tag:jyshqbNjFXyi6bqcfoDuSA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/secrets/workstation/sing-box b/secrets/workstation/sing-box new file mode 100644 index 0000000..2cfa15e --- /dev/null +++ b/secrets/workstation/sing-box @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:jMHr/2my18T1JgYvlIxfBx6S38colGzkFEcllBRUiBrlXZ8cv99jOqPawit+hb50lng7j4O9rG0+sU/S9cXTYoEEQq/xBN7TRGaYy9ZkhZbnGPz10JwaBcosY4CDKsCuoqPfMWDuIbPrnjBzRDUxaiZ1xd0gpgrsegCgMWsaetBRqGmNy7Vw4AFHQvIcYYl1hbPxersS6brvgZShZ1KPEOowHYJPE0nPer9ptB/78GEDfCkNl3R/w75zuY/06c7kmGVMLeCLk+1DULuxhvGFdrufA+t/nXODpeizr7OA/iPpYhsEXFjlUwIzxHcaxFP6jrjmDk/EgoqYxK8d8Q2VGRIVwsjAXE6KSDAddpgFraRdpbXnwCppHOLg0RD0/VbD1IEr1KRyPfCbDeiXjr/QUTFArj1ARKO3I99PFaDfuKPL4PuGEEcHmFIt5+cxVXXLAUCfdgBLLFpsIphY7QMwrpYQUnIIJEwGcsc0TGlvGr3JvvM2Rr5qLlK3NjT956Q0M2avNRKb5heOArVWFo+o6Eub7LvzZvgt7mbbHvapgR1fzEGYd2hssa6X+eU0EKZ6mgd6ZPud3srWLi3AfwVlh3ZMI5SUyVoO+ltErb6BHLhxACP5/oNji2FFrr/QgI61lufXgnrYAr3CvIrzuOPSn4zHENVYjdHCp4pTkzGRC6f7m91Jq/O9edSsVZSNN2CfK2Ee+qvy95Hq5jyrDCb0Y0HZDFOKpUpQwzMNr2GP9p9mnUgJdivAGtyJR50Y+ijQidaStydYl0/wN5UK77hnD9DzNyK50fmGge1VikO8ggWJBM2SDvEsXqcdqBNsru1WRBDwShAEPx+Qu++ikfjTAD+LLJv6m95nxGpFeQ1YKFsRB2vIn86FkT5l4eQ7qpPFJutwnbK9LlB5/4JwS7S1TZkjEpA1/361qkTA8AQYia+d/vs908V9dwO2VL9l0qX0nZG59yE/jgI7r8/xbS6yUk823FsRhI4MpGEK//uOIx50JYIQ/LPABsYwgU2rZzAtD4wDGzrI48GHNKEFj/YKH7g5kdG0wBBpPG+b5Z7oSyWKxB+s+Gu+n/K20max0PovUZfd7ggrRFLI0ijmHXgJROlBI9kq7yK3AXQjVimz+uJaDYnr6tW50tN8n5VJxNpB78EqXtpTv8aJ8O1BCMLHsUk62EDGr5T0NUrFEjVhC7ohrVP6bZrTUUKAVYn6M80BkaNNFcsfhlkyZYA5cDlTxg9Vgx7RPdf467IfDWdx278cZIut2+Bmjf0WrbWmO2tuOQLcEH7Xv9B/6lEoNNRnkh/iCP1qpw24WrDHz7Ih4NZdJjQJgBcbktDQg7AYNpyH5+kat6revQ7E7S7qJFbwuzNl0V9d7GZfd1KZq7tsLmfbxg4Wbk8eZ/BrHpB83m1LQW2mqWjyofZ4jTLa42qCGYtTZF9KEZsLqLf+/v/I8jR4oBdS+qnlLv+F7baKu+SMCpkMrQgQLPSnOQn2y3ufjfUDMzsjvAukiWXlbUEz11YySyaLQSlLVaGsZ0FvpXvwH4uMPchiApdcWD4nrSbD+q3j7xLrJhzoBclqMa+gGQ7VFn5BwVlLQYRg9m5gKghNX0kvelG39uxJLAUvYtfA6bi5T5BbEyfeHTOypnBypVnp7VOlTzcjQ6JaUa8UxGF+W9WOhely2rTeDkzYjL95kBh1mXvl+fsdSUH/VRRTx027jHh9hDqiSXOf866NtLoJ8yzCWms+kGUwTQnGYVjDxZThA9/lw12MYECvOKCCcpu1/TzzzEOQlkjO7ikGXE3dR1C9lN5HhXsNW8ucwPdlB4sM0xCISxXegDPGFjjjTn7luJxIaCTKus6VhjgIjUVG4WnsSRycTKrkE3Z6d/FX24Khwm8D95IpjN5/C1anv0qYg9yQIHd0T5NYVjRYt6iBUYGByJY0+uGbuA2VgdTY2I3EW99a7zhkLm0zSsEJYtUxHZnkxReAuybzTA0Toi6SLbgUaiRPSU6sIjK9eoOqMEjVsSrnKqsqLviGDLCx1xIrwsmT6S2Qqy+oB3490EIWD30HDBsVD/MkCx2EUdS6iW57Db6pcOy9e175taxI3JmaFv2AIXnSoLwVmJXEecA4YhksRmPiVVfu4z4vrtDNzxdj7GnGu/tyEczA0Uy6x2x/GK51I6/iPWua37gdpu+GbfIxb0xBFgwTpW+wLrchiDUGbZZFjtEPo+faMoTrkwBA5sEFVh7zAbqK5tifHhCkvlnw096XPFSlm5u2m0byD+KKxdUXg9BPuxhAVez33MgVGMUf3QQBceL6on91g0lBlP4eS2ACpCPLO93G7lNJ0F83lyLequUfmlFNKDf+GXjuJW7+9W29kXo56mIjMQBWo47Cb/+mSQj24MSl+2iHe10uNJWjKIHNcI31QOqGxtWCvOKpGwBXgDYyEsjYcyhqeTiMeHuFjeOw1iGNV2is/FEpyM6xuXoTshzU3ayL2f5orliR8w5AZ228un/Tc7Yw6rGqagzOKbpoex8ABLtLV4RNR3FHm3lz6c0wok7xo7ErtdDzzVHHfNnK5XrOmluayj/Fcr5XifPFtArnHDyoHrS9WUu/beTU3EAyyXQbfrvlGvymAqYG4cT2Zp894GhqIUfLLKmTTPbsvYJ7Pbb0BPgQSrvMu1/y5yZkevCXqfiez2x47bBMftTF7dz/7vLg3A58FAKGjOGIsBT9CCUnrv/a6yAC/1O8t33fW1VeMZX0gyysiCMtzXkUTJmNN6YumD6S3iH5V0m6XlHxBKmfJbt0Kdj+JLsV7W+tEgIezz92UnLCLEkTiuaESsTyLXP0Rh8b2LNDNVhc/BmeP/ZKovBeT9j/9odF50jOHD9IiGdciGRwNGieFwRK2vBpf1qTbZe7Lq5ldTSVoAwXwoNIZvVnsZwl5AiabI64ZzLwGS48k0BoGkitsMLia+eZcy6YVeM3RCdUrrV4SY5gaW9VcbOpStAmvArnHLatwvkszuWisFiLgeuLIcAZ7oKV52PWlnFCKpTWRcwgv5fbwP8zjzePFzaLRzRbnkkYkvujz2ISAbicOe8X6qVWeazoS0dQD2vTscfOiDXj8hcBYx8y7qzbdWwQ0KXmGNGd8NvFkCB+znM9ibHXR5y+1rA8A3wPqrYJAuVDc1Yqas26i5x14PhLc7Cx9Lu4ZHZK+CytKohdv322Qi8oC5U9EsD55XCKcOEnCXH+BgcgaUYiddaAHgVG7HdY7+3k+8PeefeQetZ3UHRpq3NN60zePvqwaDKzX+h3yGaAx22GpJN2MkUh9xbPv2myN61A3QsqD5gAq/a9CTt4AezuT7Rlu7mqABz5s88ob/njcpxPdKOXH/s2alL+v0ZGq52YOMAMHAn68qt0uV1gIUexDIvNdXIda1O+C7XDAao4GvSlhyoRLLY5U3jQ28J2PTY4PnwD0FhVr78uVx8bdT3l+VkvrM8Ysg+fWESOTeFFcFVKhmQAvmf/nsxc7k6ST1jmfdKvBT7bNpqqN42aVY5BwJlBLBJmwT5WHZEiN0SAqoERnaBA4lEwlMkFVXQqIsPatOm1FWMLH9ICl2mcz0Am5rvf7JOrRtIj+CImeSSrw71GPzroL4JBNQtzJy0YWP/DiqFeJK7CpKj+2qMwq4lxdvMAr0T92H3ppeIr1ZOA0cyMD6TP2YIZKJGxH8onBEdYPs5alOaJvhv0ZP6qiAJtozKomk779CAPg91Nh2d1HOXYm6CrmruMsb3bMQRAf1IlKhmLApnVhb4PzTmfBaI+k2s0ADQMiJ95U8qsnahWJ9xDmEXd5a9Dc+eN+EDznqDEtQK2NAswDYezZHIMiTJ+1/AHHUK0ZJEhTibm2rywmzWmPy7cG0xN2pHq0E3P3KzOHTnyCaFeiSaWHSeG+HMBDou5wPljxVqMsoz6PZAEyCRx2bdMjuK2pELDDn5ZZU10619EX/+F7gv9/LOz4YsCQXYrgJYppl6Vx534Q+orM/n7aKpdhb4a9PkdiLjZzQl6OTGMiXcKkFyoJX0beEcd6/CECetqfY36JEzqKlFguSbzSpQadrkkf8UIBrT6mhIMC7n6RD7bsYIpKpaiyhbIhB24HYE+p++DTjn5Ny1SyA54IfQbAi6aiW/BUMDeHxsFtoBtmOgV0P758GGgpanG++77lkB8OUX01jJz+nFSf1hECnGWU/zpsU3OO0rQmgmHNZTzvp32rGVfDdo6rVQtxDYj0xTIEVRKzOos+cocZGT74X2Ysd9E6ubtRDnJpnBlM9MonINFbhmaqZrWpfVDNSCEWel3H357/TX/IMI5VO+V7rGfkkB1u6CWgNZt+xP38uUE5wce5z7MBO+Cr8/+v3k3Odoh2Ps4tGRoq3/UnE4O2B0xccJKJnSTroR6V/vS4RAuKefN00Vl8hiqUG49ljlldteFgILRRtmRMVlk/J7B+gw/pTJuW87DEQ9NsobqfMQ5PpHvO5Y9BwLzJAV4o8SKBw3trNCdJJv6/IdsLzBj7mcaSILe77SoPdXUiEUTunHebM3MMLicfVIgNOKTbK5WwirNuoRQGsRfnjBKphr78F9i2QfARnEZ0C1QppjPKPE/eOf9eAbZEu6GumZsBrUraKIYzQR3zT9Ug3MNisisj5Dd5Hfy2poLxojyGxXudtPn960SrqGHw4bJ4s2wzzcYaGQUVxJFZcV2qd6/IxJGvl51UZ5qklYb5GLvhrFX0EuIUbqaial7vv1PTE3aZTU6i6KBfNLlgFBMsQ4w8aVX1jSjxfyVTQjuKu93iY8bt7pzdKopAKDhxSba0YjoXIG4npPvh7+c0QOZXUBL1EGce/NygnpZ3M5Ym+ynj/afj+/tPpZzMOOAHxv8oEaske9FmIY3nG34LM7tKdgmtBBI7Wgn1UkJVKcALn00z5Mh6hWq2y/YsrW6MiaonwAIjMaJ8ZLcOahkGoH96ThzkGQeXocNKtWJ6Z3Ohmn8D3pMv4ldXg92SnVaHZ+SEKRk3cepJk86S+Vf5T8lT2bEdeAbN4uevcYQqyiVAg81gXKj7RfjKHZKUeOEAWg5NpOfVHFSZk1s/0fME7UcVcSpp8LNMdtXNPDq1Q5JAMMiRQTeyF2GFleQJRtHtr6BFxx/B8t9NbEvYarSdTI1HSnN4/7oOvIW0T3yI3Qw043EqbTJHimsazsOSYPsD8WU3W3KFXX8ci24BBAUHxPPU53XCQHj6/BlpDDwhEH8Tlw3gJAIDnx3XUMtYUc40G/bg9F/ClKOYyEtzVgTb2Nn0L/JAOt/hpW/FXZTPTnr7OMtYFHzGgzVUpt8NvcdtRLvzlAFhpN/5UpVGfGZlq0sjlpZlBlxzxK/dMJm8RYa+ywDCGwaNdg926ESdUwtnN8n8uTQm6O7HVSBAVqYh9NLmMB1CGSw0fq6TRuxcdIlWcjutjD6U2a1qWP6XxaleuYPxfN49UaKymSYomBASMpVv3frDrB7odzp2/rOzBCkhOH/2UBIhMS3gGz1CdkrGj0nl/nTkfiletYjZkdnRJVINK+Y0iZxsaaanAdNudUZp3ABFt0+USm7nrzZp8DD0gnn4GSGHsY+D/LQ2rM714OaPRhT2NT18KjT6Angd71sffHTEQQvcvkcIAZRv3b6nd+NQ37FWocQ3rvzfKE/i9h1MecsEnwtSxLLVl9bveUmQJC/8gvZ1inwJri5cyMosXOPmPvrlsHfi+fIrjmpBfSKM/wNj7es1UFB+P2XCqVCYYIcYhMDhx/r2h+F1PXXtMmmPgSMUQDEjQNWnuqjucOSs1SKpZ4MG4jxZS62IpGFnZI4cSVR31UeA8ieMBaV310M+BmjZKFo5Q4m0zTzQshPU4GU2oKzjqqEK7anIF2qF11wRXQsjiUS1aU/RyNtQ+ndom9P1lPB6Eh4NE5k2jEa1NHrwkkH22GauXSlvZFbqfyJKOn7uw8CwD26nWayR60uH81qEk96ZN/3ABhKUABCbGbf+HsRTMxP6BXTbvq3AB0XjbFsegsLV4HEhh6v3vNWT6lYzh5xPqnPOmKPpTIZOPEkhYsLJbdp1DNPim2+7kF4DI3T8FT2RormPcFyTWfvbfjy7lRoNQK9326z5uOeUNXn4+sHNa+zqT6Mk+43/QyDvUf2wc1iTeRl8T9hU4rnJtveTqHcZEb6eCBWZQM0AV06YHVW5wQakiuy5aSHg7tmOLCj8pddqS/V2ge3XQCw8fAMBOvbcLRykd48uczZ1pNHgbF1sNFnb41IJE/ioz2nBhmuSoi5ubFBGK1iCz7ESkq1IZgxWbZUxfsyuB7u2DmIKzzPezTR67v8OUxNZRy1UZxxK64I9ULuu1xU9VhWUHqn6BslPMblqHBEv7H/gHqdD4v7b0yDWSeS34wfaWK1O5kF7s7vIbql96aPjwl3/XAXgDL7gBBq1s5Xf6s4fxx3wddzgVRZ/RpiG2K5mDicLrqJ5GXG/0HckCQnN11MBaEBgos/GLKMeqc/3pWwYXyP8tNHe6okuqUtvxZvWckCSKQDFiR70e8ntLOWd/vCe1ORp0nwPhpx4tlVWgdgBSKdmuWckunpJ4hC7R4EfE/OfMG1jZBZgvZvGhV3xsiqGHx9a+5YzlCbxhTKIlBrWghDy8aJ5YJSqyQERAnJxj33GN1yYYdwxArEfcuKd8JukHTBy/9c0fkMvXHc6pd5i8xWYrBKC5IzoNKqJnxH96pWcVm9q0DcjfQeuCAFvSQ4fl4EeYiFQBWfacZMzBskcM1xgIOqGVLS3q4S/gor4jHLw/7x+3JSVJI9gFxyNFih7+Ev8ZSx4MfI2PLuaD8dFeAxEqPiojSaZ/IJ5/z0T2NUgadrZO5T2QzTjpMMvjj0wAJXS9D1XGmyMQ4JWZPvjJsS5COGfJ8bg9VdKoLxskaFeop2HahwVR2cOmcOoqBI6DAMczSs6phjHjnG3MFfYoW6jGl+7V+dmaNoUr8iSH4QKT0tWk/S2ZJeIWdNmK8+QQx7oEVxK+0+clQg+ZFmEcojAWLjIOTtknJ3veUAhRIgEnL7RJhAUIuBGfJpU6G1GULlNeTrHI+/aoJ1VPZOEQKUpH2LBHNriOaZrmLNHzapIecH/aH7c2NQmyzjHEpl7ceNAMI7puaSh6Pgn4RhI0ak1Lj9D0twMh+7pkTlJlfg/r04v6zOGaw8ZoQnU4QLq2x7fpX7SHjy58xKMPzuhJpxKgvVKBcDFVsg83cJ1TiBBnwQFrr6Rfir6t2eSuGnL4kvwPn6nrTv1+9TiWRfukBLR1KVAcgW7dZBvPHh1WNkcj9SRlMNrpwOXmIWrWMX8bXm98Tp7+kgHMDdQLIy7paq38MF4uKV7iik9tCzA8Ie12IPkIqEHVO6biibaCBPxnov3RGRIQ89DnQxhaAGszB826rsNWvWXFBsG/8gMnR5JUrXEWRPbhRg6JUqzgodzB46pkASSrhlMYsVaH7oK5JRNc8en8kglDztHJjXaglAjl71emXg9VMMwS+GsThtKdisNP/2FyB+V9TC9YFMsyERA7WVr63ASUBoUeeyRDD77WrdssSu027IsPJgfvkICW7S0VK84ziwRFQalzPN1FcOwe5LBl24x/Lr5hcKH4yj65HJkV56TvDrHqAYorMbURJ++NJVJXs+bJ9qHhamaV3eNT9L94Vo/8ce5UwsgcKcCJcXIzKXIU6kxXYbSIR+eESVoJXBSSI68ZYYgT/BI2KzOzwaMKG4PrC4ka0BRatlhmg+SDMr5jVXNZRkuZO+iSh6lMQu4n2gAitEjyjBQP1LcikUEhkLqM7WLcQGgyirOjWr4HWkg1Fv6uliEZratbdSahyiL3nWw/x+gitAV4ffU1uGYcCzUwt8ZmPzpDb8RUdW54qIEHtgW7d1px2JmvIQpjOEfwFtqWPNGCJ1LZGFoCfF6fv21hhjsoygbu1J79ouyNOJiqXjoznUVfh483n2FLce4caf5m4E1+LBi+ZK/X3srb5eV8xPsF3DJz+SlMd25I1imL2xOxC3dF9PR2OI/yF9obHq+/28qxATNKYSbx97nE27MD2++E5OU02NH+VZjOdymdHZg5oy1J7ZEzHCPAb5p0FT6FSFMMVsgmRSKpz74v4tnQhqHaZzrA7wE0pQcxa/cwLFKuD8edvHWHyk8XpfIsq1li6oQ2/jvKymAMMTWLBkDbtbpqARnVAwgM/HU9HQQpYUhVRgguHBdFC9zqD4CSv1VFJgKwJEihjx44FtFWPXGYcX3OXo3Z21szQ96vR3MR5zxTXuTDv4sbNS1s98Z8pyLaS6Ro24qffnRCyMc1z5ezqjpajcBi6hXNVjsDNnTB1Mq6sqlui4xmpwz/WFOzRP51SQocHDZ43oGZCZ9QAlOW9oVjHLWZk1Ptt7hfP5MInMuiKQfCVcjrihFK/WTZEeIJ5Cd7dQPmjfOoWBqKNgW1z8GwtqZsu6uC7Ar6o0omeIqacfHwTDPJK9R0cfz3ZPk2cG0Zm5QPBWfslRuRPZunOGMMZYTm1dY6I0/wMzQ2RuaCduCoM4a+vFLLInt/Eaejl8JKdwnmvTA9YE073tThMY4FWo2CPzFb4NvqFNUSyJ17OJa2jwvVWDjDN3SRy8l6Rwz2rihIFSBYAtaHCja29C8hZHuZ+AZ7VcPQJ2poe1oQspnO1aP2P8jr0LMThY3m4ZH2JCEhsGeqqlsW6vhZOBjwzBCr69Frm/mnmhWM6RU7RQhYbsN1RmCVzWBLJdVsIg4FVA8OIHssoWsu6oBoZt7cPKI7c97zlpCmxRhbTv/BqhgAGYtX46ZQdrtOob8LJz2SaqiFY74kpadvDwsezMYVRqlFwCmpX8vd9Ec1NRvmNJaXS/CjXIGIZnw77ZBbzO/E47T8RkkWoyLFXZblJDGG0Ts9LmYz8UcAoW71TJpYG/S6VwREdLr+Mti75mezCnWFNCqAS7HR+I3dyAGPfSNm+Qz0D5OwREETUPTJFnLvBSh4qW6nqv1NGHM64WkXDZNjCNxa3tGwst7canBKFJrMa/GFOLfRmE4ztBzaBAVCcvCJRfytW72wsUMpktaJQddX0hrjOt8E7psjYiGZhYo+VFx/NT6vU6n4fRqhKWYCNrZLP8Mh+6WlED8cuaOyaYXKJ1/PDExnoKSIZBdFi+5oDPIEyzP4W4uj5G54JLqJLKx4lXbUjoaro1zOMbCrvTqrhVBSqZX2EHKgaaV2J6rOQMmxCLuBFh5gDDNIgnAWcrSyiGd6/CmFHDaVY55v20Xls8Rz+Ei+ASxBMllsDUVizLS6+4Cc75mwS4KBA9H0JIpXWvcawa7+ZaiiqOM1x5h9W1askg9m1UY2LZLyDlVAe8wF0aIt95drpD25hNRr4U4R+763RMECVvPs8iJ07elCYtrobkHBX3X+n1b5RqjeZiyzs8kVw92C2UDesrQ1xD2mKlTi0VgpEof10Ew4typ3oPKEkSHUYo2J8ufffMWLF3JuKIDYjCwCC/bMdtR63QiaSzKB0tWVINUqXT2SRtbPaR0VcopmAOTVADmptPCsyt4ZaN/IX6mqli6HeRM5bLmKGdnZOLfxcHT0uXPpPzsCzTTRye2t6b033LumcKsIlk+yh6v6OLuhGNvv1PjQ1ThE4hSs3xEWFLcuVCUfUSk0yJN9S6NstnOcZ2aAhSaMh6fjfrNCJB42GMFbGE8MrB2gkne/JN+ZLzO/IqTSGBmhfL1my7Mmx7I66RBb4J73AnqhTmXUGzZxyrCGO3TlkupexwP5u7SK/oVDfpwv5rYuChED1QEvzGM5i1oRCnawYaZiBl3sJqXmJx/OnKpLq+ETEbKgVTfen4gXTdlCdMRDHoX4bi6Tbr3T02kufFOmDZ/hbsoTQ9PfaiVQnJUrEsLXOXXXvAGR/5QAcsr5/sEn+5IsSgTNEQKiHJuOVY/l1hxZEebPXYFCtc0TxcwujFcO5MqgClpOAGbe8/UaD9IhGU09cdFDnLF3o/Dvtd8zjE4iGBEFrns6gy+4spnllRPs0/l/VXs4Hn3Bn+9wU/e9fPTIKnN7HSI77NZBLo26kfxqTckTqsVwRmZ4ssrvsaLbcNY3O//T371BijL5HEaYnKivnBNLEaF/2Nn62BPripTlSv0rYVuLgg1Lgh5ntWOFJUNMCnycfG7EFnPzn9iJjxPO83QFp727VPuAbf6YHh/HBmEh8/0ZgfGUKQIyKN0ZoSH9hsYD8LuWsfquOpZdWWNVN/+czbKycuifmSGf048LT+dwtlTjAzYzwIfwk9BLLwEpR+McFQEKy6s+uePbMeMASevzSt7xK/49UxosTkCE9KaFKVzgIHIScxHwKejF/BU8Ml3hDL7cWx9Y7kXv7svpEmLHcNibspiwN2AwuRqXTSYSTOFrblS4BOTq2DEp9245bzow3vu9Hz+QD1BblVKMk5Yfjn0Xo6Vv4VWKk4oUGwaIkNrJSeFfPOF7ye62fteeDSDTx86iPie/oiwImcp7igSyjQzoufp+aW1gAbM2vqWKcwcNSF0KtkqdQuvs4GBn9d6xTpUeODBFZ71rk22tH9Xfu4k4R4FowwpLJegdCgo0civPjOxSddkCLN2015hPJTzi9pmUSR2+fZRohWiM9g+3Uj0IYR+cyBJRzi5z4ToGBH0a0104Al4Af3PNn7kaP/61WgHkJ9j/OS6iPKKHwifNK85NaoULG4E+K1TIunHS4rGQ1LbhSEVeoVCQhqtXaXpRKKKRocnE5vQMNvUkUZzqmJmZmZE3PBqmprcg8oazWcbv/p/MpG8KMV1yQkKgB3/HiVO50sgyX9HBMu6H2friK2+8S9ofIfYSo7JBI3QNPfRExVkR7eZr2g/Sd7VfmUxZ9fvLWtNLSluLTLisYKq9duKRgz+883iGLJyVLYZ75UEbg3c3YuwnWZIw795DKKfofa5V1RSt1XB5ROKeNi/oH10Bp2hdeAHZ1cWl2EurRPzI4LPHZRDz3LnJrU1CwaQqAeG/1mkWbkSz7G89pbRlaw+C0+cpJJS6zOCt14J+xkzKlVVAmX6dLsPBGVg4Xg2FgH/muLh9Cr0IHdIAbAEo1HiASjJpKBeCqlrcc5cQOKnMEMIj2kYrWHazH0NmXE3tkSY+gIdOiyiy9LZGcLdqs+vVqWwDejIv48GHAkICQ0O9+VCaXIom2pcO28yDYBChssN8psLQ+z+jfHN50WBX1Sw/GD9SI41rwwkGAhOWQH4KwLKqlNwaaNt3qb8PdFLO37g6UZMYaSBYlsmxd0GKRwfHUKdFU/PMefkqFl7t6T6dhqAq/dJk2ikR09OgVZHZFyIvB3Fy+Kq/riICzxtG7fYW1tbtCEnlMKPhl4cmWYpyBPLWuyfyRBMJRdSrFCc7D2/lG6zn6K2EHoxEU1RvsOwG+Xro6KTJTdwPrv7dEv1I2PgSSeUX75Mz3ocr6irzADrqAoiR8If/mW+qrM62ODzEH4T9adWhHN7tqbnXJFMxdS58NvGRrQ2HyeVy80nPJn0phSzUhPxmBwPDmV2B6hwpqt4VQeKocAbsSLCQHE4GKj0jHuhzCWIUksL1l81kohjXSfk46lhK3KWm6nLNO1XHgQonqRUWMF8qwVNJQ5r62mxcNUI5gU6jwlK1YHBa6cCrTHRGxGXRhI1urRwY8mX3rdRzDOWjhCchrTI2kmavm9RZQReDUzgb6Jaa0mi0TQYim86P6buSM1YVeqmp47GlAM9IIk9LB8nw5skQNbTnZqnfLkad0/I4tDJ/KJgEmcUgqqontHEKo4vvRdoX3YN7qiiQTPXDpoIsQWsAA6dvCL1iG5tGV9mFqfAmtQJr+MbFxi5myd3M9hoM5dyjVO5Cd0XbQ+vaJCEERe1Ls2s+fLWPsAy7jW6IQV21z+pNSkZkkgOTwruC9TrWYP+dj7WuOIyTp5lnmKnfBJhou2s7dsO4H5BX4B07+QZPeTTLMka7/S0YiDqauFwblUAF2MHiA3PWj0KbMK8wuklYaPRU6dT/DLxuz1Z1bg7fPAbXVn9YU7Td/WMDMDxTljhR1H4/o/atpPUZrQei3jntFUS+qDTTiRZxLOdcjdsHaqfS1SorRPjxfkJMjBaOAmUmNAXnrZtzrBa2BZYXGJyx8qe8dTTV3+1pvXcsgIS+KgCIVFeAiUwlV9NXTGsZcOFR5/nP6mWKL15dnZFXcMd9ZmNfYKJrQ5e/zryzYmNMAOH6uHh3nI0hnSDBOjgInzvGiQN8/wcX3y/K63v9f+Z2SGOUC4WqIJBnbCASmtjKmqo54CANRUojViJPtVmJe4NTpOEzgLWo6WCSCBP0xkjSvvgoWmVdevsqkC37mAhm2gvenVlAoEag2jUi4at0GKTsJ5nZlo34kBG4UVCljEC2iCTf1oQdVGWHwZzoYcnEzJSU2JypV/wktmVXujdGBvVBm0ytp5DExuMevDC6WGB4XS/XE2D8GGVX5jKCmQrXo+6cKVcwSZtyD8qhIyvmKR/VnXEbi0XmczuluRlsPIdxs+WBi2Y1q0Lo6XS/kdZrH3Bv0bt7B6BoABSWxKCrzG714Lf4766xbAtboV9U5tOI+X4DiZYeCgbX83DbxrQ4TPFAI6K0cBNyZlXEUxTqi/ZqbLvWe+9RPr14Bma+RVRCgrYnS59dEDnybLPM+R+DOymjwMfP/eHq/Z1xHRTY5hpGBhcvejCjsA26nTnyhebYQOKsRoOveptJ+ILg7mwVolT4D/4a/hyAqUGbqHEPglOoT4z4FYguGyZx+ztQgRGUpLduLM/wlJ6O//LwLfWAQboLLZB96Ch+8bP4hsTHVXgjQdOs7lN4t+fSRq8ECWzBB0cxcaUtGy/S8uC26WGzU23JON4FU7MHKdWHqlesrg9b7o88yflU0UoLFGvZO/uKBOY2dosaOV/J1GVLG0Q5g6oxVjwoKhl+BodPPFjIlu3S9fSSiDnZFMYX1D97pgpdDnNTSbo9pWhIVrYQQ/jsc0l0W6yo0RUZhoBHv0FkuvKzLzqquA+EClVQmPlTrLnAlXHeL6ot8Uxww3SBYuTe2pebAhpaCXQzDCeYvvZVBtM4i+VVJ6SeAdBwSEcqnxRVSrsQV+wGT74+tgg0d3JOW3f5MHJUAxuSG9KOiZ+ZsO+GFlbF2OBeb35Ia3E1F3IgPSpftYvl5EQgHqYSYSM/L6PEFMOZA5DxiBUwviESMtXhDBNhqDrwCvJ5YEqTsuMUS4l0nWxpdG7bUxXNDV/s375E41ZBW1knbty2SywwTCfZYecOYFkpYD76L330vWe4OFvKf7yxlaxsVkhkaoODxrsbIvybsMiAEcy/RRVOOW+88Z630mx3SsLmlr0mm5X0LAd5sYphMyhwYSKlubvHs1RG4GTiGgcrHNhCe8CyK9/OX+WIWxyrwICkHAIbgSxNMcst1IpKhMO1smzWkIzNWmP7VJ7+E3Wu3SOKUUwlXMpotioBqaYbQmoXL2f14rs+bsPK2+lWkGNhHMmmRhW1wOQ1u53lDiVKIkbV7VZV5766X5jR9tnHDCitDEWyqnEDWmTnvqYDlEHSR8aYPFw7sRksLuVXEPxq7aen+Xtsjcud5Juao/s0p/WZD9G1CKfSLFt4KCBKJRxeoP3Ng6Q4OMpBtEFvOkZD5NYiKSTWgtY0iMljoWbzS2IOSjMk+oedaYcHuvc8YHNx5369eK82eNbGEu5pvghXcJRJ7uZt4/36qwxw0neQ9VYC5Sed5c+G7cekVLZeraFNVqshllQWzS9SLVHurZBwENQETpK0F9BgPVkKwEpix1PvIp28jd9P5LoZ7QdQbkOvZG9M2KlWFn7Du3lApKil5Bsk9x7x0XgGyhMwu5jPXQ+6sb2P7iScuNuPR1KjXd4CijBaAjLmrvY8/3ODR7MWeHox8igD4eVdpjPDHwVuWGqHuRACg4iJa+OxG84JrhOy+/RvRMtHUz+dOZrPkSGqAMfOGcmTSEgMweIx0lXIxc0E3olqqmNmXXXoM3Kru6FBJeX/lzmguDHRKwOol2PA/zedIUfDrPdtfa7s/oNne1VBTVpptatQs/UXuRZKKnXSpS19e8NFD+iHvfQn83GTBuKwbbea+yb87w49rtO5SPqUrfl9v4gnZQqh9EbfEJwQgRWks0pOLoTYAWociE8ME/S8hSTnpPYGdGmen//46EnYDdsv/+9SJqDHPhfHLkpSAM1/SphQ5bxevP1Tqb8xWgPbdGU3KYc1nxJEVjLp0QcHHOvIp0yBqTee2e5tvOumF0KhVWKtS3i/EjWTuyUVsLa0yezbqDUEQOwu0uXRmATW8l/VX0bUWPpI8Pfshoc0dvmWfxz0WbqZYZsKlgO9AF6A1KRxYARYSLi3t+qn2vCZPxIZEoCAyY6dm0FJo9P5D/Jvmho48TVVplo9hLMQbIYcLSjrBqbF4kaLjqO9syqkXnvA/QT4z/pxnyjxga75i/Gy/11wcyGY8IyU1P54HM7Slws74EeBFDajVbptVFcgbm1isOrE7vm0Gx25wIAkJUjVk5yBWaTHFNrJZhWGjlBciMTH0JY6MAZ5HnnOlGZgC+WmUDRWtVhokni2KkmxTy/6DUrr8R0Yoq8l/jnznPmiEUzxmpu1eXCLxX0yDQxNDBgbxCZ0zNbr3J/z0N9+6cArZea8JHyQdE/jPqEfrr9gjbHUCY5p+JYEuCPcfViO3bb2019tfysuSXx51b4gq5DT3iknpo0sqjX8RrWkq8engh0pcvuPh/5KddOA6Za/x8mnfOSoEOp0prhKl4xyDHJtzRoqX1+c/IBblkWy0MldfVBzGs/5+aaT7qGzamcEcV+AcuphZ43FLXHU4vaYTSmpZKetVV2u03ef6WXQu+iM7dVtJrBcPQswHQ9vh+fWrp6JLADGmS7yBsmNhWFxr3lgeGdiggBa3OFPxUZXGQOVXbHEU36/ezUuMxDj+lx7Xj/2WulaszHpcjU0nJ6LbAYLLq2lTVaFa8C+YpmCO8P95W6brhzYpMD1L64CtHPg+raQHLF0UKuxbQiSBqAQ45ukZ4L98grdO8VLTPEU5eEWQ9XxAc6e58D0KcNJ+qIQG7nQWTJ6Veb1nRmfFmwc/mkoldZmUbINGMZ7B/5+kD2xbwuM6HF8g7B+Mzev3IMv2tGFXHUOSNfQyLrLhPzal6Ul90KWHHrc/+hT7TeagKIMKuOOO4KGWWeraxkDPmqDC32l9ls6oq4a5wrrJwFOP6lNOHBMYKjnHho91KE/I12I8wKyJGW+g3I35feKy5TrYzhksBtKqQVOqP3bd93SgNReERICmntFoiausXwJpqSqzJTlKnUwa5EPueWjF40KUfVXxiwSuhecquY7akRWGRB/7n5FxRuEXPI0Nyi0zQfJmrVAA1Do9oxcceCZqBBM2grzXYblYp3xjxy826cs52A3ZpHe2Ryw70qsj6iYPQChKqMANYUGdMACeAMVKuzzinOSjiIc9jc04ssTd4dwuV2rPHwMurP50bbEmCIwyF2BKhDBQdI+/AXbAQQ6Sxlme1PvCXjQeX3uFwQQSsRMaB85KupKh8sHFVBrNkfwK8oyIVYaip/xXXiNZ/mIP6TmI19ofeul99TVN+hanW822VtCAkT4UDF8Idp2PhBEuQ7q2H5EiO7fbW9QfDBfTL9PVGOdD0MUdnG7jqYm032vJEaDcX0qRyTDKBLmYUDFEwO5bhMNJGnEx9lGJh+HGCcSmYjjKgzfhZuZQnl+uuYTi6Xf5eqX0x+YH/WD+wef1v+Ou7RVSaaGAKhlyDl60bf/2feyyyXhfimZ/KUBdLLmgg1TZmU/D1ES0sgqXY6l8MAndQNuAhutVtgVRt8RtfNqogdGU5HrMvAxCfVbAtcmuKw3qmI8Wz0qgd+ux/3nXQ3954rHaou1PmySZZ6SdkJAu/dBmNV0phazn18Xns0eV8BMUG8FxCyQy6+/uugDH6/0pWEqcK0GU6ll4E2hOfQ1fxZJm7E2h6gHtGLhvYzIVTgURDRG8GSuRH0+YrqQkIW5gqZcetznLqU6srH9C9ds+//ydrozhiPKp5EjCoRwly7CWw9NXbQwSRjAU4XDI7fz3fTbgRIvzFQFm1aSzGhBglAxNtx/+PtdEZMsnhspA2Y73poBsixAx3ko7ugWFak8HseC05Kz/bbFlCiBVIayZsukSTlpqrtK4KQgJWKz83sRI11UnkGVgiBCEvovctv+9mVNIGU5eN/BuC0IGoalQTF2AKl9nnVDMEP0h6oYzfrU6L3tMeG3Kabh9w9CqIkPkT04Qx4jhtx51SEXyPsaYmYSG9rZWlz/x8jJY7w1x5i5Io16NQADYYepF7gxiqQiTBw6uAxetl2hJG2niKXC3VgfznEz+Y9GtYlKZIWy2iI5OU+LDVrS+DCEj4VB6002jWVLPjk2EeV+wY6uU6SaeRZhPTJkj9ivdKqScVaRe+Z3U12AURsjU7wEecVI+XzwI4ohHA96U9gBllkxxFiiEA2j7r6r8cmsx76O4eJucyDF2v5gCsduON/dOjvKBUrjEQWOJzlR4ASZmMUiMql2uwVW5E2E8Ww0dpqnE/vXPkmkR5sCROH0zotStb+tqhku7z/PPXwWP2z3aYjgy9ZDlpYlMkKwVMu8CYRJ5R5YsUj5/MF4BWGE5FOGqU9zQj8ja81Ce3ciiKURWQbCOzJwhKdzjsi+Q0+TQm2nYExCTErzTvUa8XtSgKx2lv2FM9lHehf7BC5MD4/IAfwfMXvR46cYvUlkpS0mAt/vHf7A1b1b37ZO3T0RF2ewJyxYAOofdCDRch4pCVo6x2iawE3Us1jcvJlL/G5W3ao9zjnS/NfyiCOrFHTq83AS5/105Yomgrnh6p2hMZpZIjiajIj4ccrGUQwU25KS8E/qhrop1w/saSJxXP0LdLUUiPW5cu5kIcN0UnT6VNUWCv2Ro/R+Jebx5Tu0hZ7T8v13xUCh4+Cjnl0Q0ustYZResgHQDM,iv:4YwCtLaQXoGmpC54WRvYH50AVdmlv5uGfVTPJGCjdeQ=,tag:FnZOffTapkx4yJ7IcJtUQQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age12409ktkdynl48p38wz45pu2s25kmffsw4p9d9vgt3xmmwl8f7q7sjlxyrs", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0SlVwdkNRb3ppT3FkMHBI\nRVhmU3lrK3RSMlJJRm1RcUdLNmlNQmhjbjJ3CmI3SnhjcDZzOTFpdGF3S242bDBG\nZ3dXQXV3QWNHZ1ByaGNuUU5rVnNoNHMKLS0tIFgvK2NRYzN4TDFuMG5YZlhiRS9R\nOU5CRXpEeW5yNEJBRUl6SGJ3dG56NG8Kbpz0Pi8ZesRfoAmrg1lwgw/R2+uRp/d+\nNy1a82/mJ5WMU3+RRYIb6b/8lK7criAY/EdGIghLVAsVrBLN/lNdTQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1ad7q0mhaks0r3rd2cpxf35t9al8up2e3fqkl2pyuf49ekyqnv4ssc8j6ak", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0b3JvdW5oeks1OE9VU2tt\nRDRTTVV6SGNaeFhIZnFpenJRRVliYjhTVER3ClpwNTQvNml0Nk14QTBVckNPcGN5\nVlk1QTJuQnQxckJkK2pKTk4vTnJ0STQKLS0tIGRHckxwckNDSHppZzcwQmZHQmM5\nMnh5M3N3enhKM0RaRUNacHUyQXBkZTAKRPhBUFXfrjg8+QQtqNFrNeo2b+9ZQ/Fm\nlOyK1yITbelyoLuUEo4W73TDeLERmwJd+7XxFUQG9pqLw7K8iAUYHQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-01-12T17:22:12Z", + "mac": "ENC[AES256_GCM,data:uA6oPfRqtKkHf42dcCDTSAhphUkVzBzmjQ5IEMUaevZp8E35H1f5EhUEpjA1RqczGayL1Fs2NDWy65EGU6FCC9tvJ2Ais9xCyn1W6CcqgzpgdIrvx2/8vfXrT2GWWmfDItjGifeP4+Z92MD3Xb4uI08jwD7DWMYKjHkcb1ROTWY=,iv:dphrXP5TDnCZxJZGEBP89Ao2Sjcldhz5Gw6hb/JQNig=,tag:4nx101F5nCEN933vscjurQ==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/secrets/proxy/update.py b/secrets/workstation/update.py similarity index 94% rename from secrets/proxy/update.py rename to secrets/workstation/update.py index 812497b..4a1d251 100755 --- a/secrets/proxy/update.py +++ b/secrets/workstation/update.py @@ -1,5 +1,5 @@ #! /usr/bin/env nix-shell -#! nix-shell -i python3 --pure -p python3Packages.pyyaml python3Packages.requests sops -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-22.11.tar.gz +#! nix-shell -i python3 --pure -p python3Packages.pyyaml python3Packages.requests sops -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-23.11.tar.gz import yaml import subprocess