add SOPS, etc.

2024-04-07 17:54:27 -05:00 · 2024-04-07 17:54:27 -05:00 · 10c6af76f2
commit 10c6af76f2
parent e1f0194350
25 changed files with 435 additions and 413 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,11 @@
 keys:
  - &t14 age14e2d2y8e2avzfrsyxg9dudxd36svm24t7skw6e969n0c42znlp3shffdtg
  - &racknerd age19qx3e78c9f2l7ceccgjf7ksvc873ungjely3nyxyjts2xsz0ldjq6shksm
  - &ocx age1xwcz9qtaezjy4kl6xttea0u00j7j2n8xkd297vjz9xrnqx9fksjsg3nhu3
 creation_rules:
  - path_regex: secrets/[^/]+\.yaml$
    key_groups:
    - age:
        - *t14
        - *racknerd
        - *ocx
--- a/bin/bar.sh
+++ b/bin/bar.sh
@ -1,91 +0,0 @@
 #!/bin/bash
 trap \
    "{ pkill -P $$ ; exit 255; }" \
    SIGINT SIGTERM ERR EXIT
 bat() {
    battery=$(cat /sys/class/power_supply/BAT0/capacity)
    time=$(cat /tmp/.battime)
    drain=$(cat /sys/class/power_supply/BAT0/power_now)
    if [[ $(cat /sys/class/power_supply/BAT0/status) == "Charging" ]]; then
        echo "$battery%+"
    else
        echo "$time, $battery%$charge, $(echo "scale=1; $drain / 1000000" | bc)mW"
    fi
 }
 time_date() {
    FORMAT="%a %m.%d.%y %T"
    DATE=`date "+${FORMAT}"`
    echo "${DATE}"
 }
 mem() {
    echo "scale=2; $(free -m | sed -n 2p | awk '{print $3 + $5}') / 1000" | bc
 }
 vol() {
    MUTED=$(amixer get Master | grep off)
    amixer get Master | grep -m1 -Po "\d{1,3}%"
    [[ $MUTED != '' ]] && echo " M";
 }
 temp_update() {
    TEMP=$(cat /sys/class/thermal/thermal_zone0/temp)
    echo $((TEMP / 1000)) 
 }
 cpu_update() {
    read prevtotal previdle < /tmp/.cpulast
    read cpu a b c idle rest < /proc/stat
    total=$((a+b+c+idle))
    [[ $prevtotal == 0 ]] && prevtotal=1
    cpu=$((100*( (total-prevtotal) - (idle-previdle) ) / (total-prevtotal) ))
    echo $total $idle > /tmp/.cpulast
    echo "$cpu%" 
 }
 calc(){ awk "BEGIN { print "$*" }"; }
 mhz_update() {
    mhz=$(cat /proc/cpuinfo | grep 'cpu MHz' | awk '{print $4}' | head -n1 | cut -d "." -f 1)
    echo "$(calc $mhz/1000 | awk '{ printf "%1.2f\n", $0 }') GHz" 
 }
 update_3() {
    while true; do
        cpu_update > /tmp/.cpu
        temp_update > /tmp/.temp
        mhz_update > /tmp/.mhz
        sleep 3
    done
 }
 update_30() {
    while :; do
        awk 'NR==3 {printf("%.0ddB",$4) > "/tmp/.wifi"}' /proc/net/wireless
        acpi | awk '{print $5}' > /tmp/.battime
        if ping -W 1 -c 1 8.8.8.8 > /dev/null; then
            echo "@" > /tmp/.online
        else
            echo "?" > /tmp/.online
        fi
        sleep 30
    done
 }
 update_300() {
    while :; do
        curl -s wttr.in/madison?format=%t | head -c 7 > /tmp/.wttr
        sleep 300
    done
 }
 SLEEP_SEC=1
 PAD=" | "
 update_300 &
 update_30 &
 update_3 &
 while true; do
    xsetroot -name "$(mem)G$PAD$(cat /tmp/.cpu)$PAD$(cat /tmp/.mhz)$PAD$(cat /tmp/.temp)°C$PAD$(cat /tmp/.wifi), $(cat /tmp/.online)$PAD$(vol)$PAD$(bat)$PAD$(cat /tmp/.wttr), $(time_date)"
    sleep $SLEEP_SEC
 done
--- a/bin/colors.sh
+++ b/bin/colors.sh
@ -1,26 +0,0 @@
 #!/usr/bin/env bash
 #   This file echoes a bunch of color codes to the 
 #terminal to demonstrate what's available.  Each 
 #   line is the color code of one forground color,
 #   out of 17 (default + 16 escapes), followed by a 
 #   test use of that color on all nine background 
 #   colors (default + 8 escapes).
 #
 T='gYw'   # The test text
 echo -e "\n                 40m     41m     42m     43m\
    44m     45m     46m     47m";
 for FGs in '    m' '   1m' '  30m' '1;30m' '  31m' '1;31m' '  32m' \
    '1;32m' '  33m' '1;33m' '  34m' '1;34m' '  35m' '1;35m' \
    '  36m' '1;36m' '  37m' '1;37m';
 do FG=${FGs// /}
    echo -en " $FGs \033[$FG  $T  "
    for BG in 40m 41m 42m 43m 44m 45m 46m 47m;
    do echo -en "$EINS \033[$FG\033[$BG  $T  \033[0m";
    done
    echo;
 done
 echo
--- a/bin/ufetch
+++ b/bin/ufetch
@ -1,71 +0,0 @@
 #!/bin/sh
 ## INFO
 host="$(cat /etc/hostname)"
 os='Debian 11'
 kernel="$(uname -sr)"
 uptime="69 days, 4 hours, 20 minutes"
 packages="$(apt list --installed 2>/dev/null | wc -l)"
 shell="$(basename "$SHELL")"
 ## UI DETECTION
 if [ -n "${DE}" ]; then
 	ui="${DE}"
 	uitype='DE'
 elif [ -n "${WM}" ]; then
 	ui="${WM}"
 	uitype='WM'
 elif [ -n "${XDG_CURRENT_DESKTOP}" ]; then
 	ui="${XDG_CURRENT_DESKTOP}"
 	uitype='DE'
 elif [ -n "${DESKTOP_SESSION}" ]; then
 	ui="${DESKTOP_SESSION}"
 	uitype='DE'
 elif [ -f "${HOME}/.xinitrc" ]; then
 	ui="$(tail -n 1 "${HOME}/.xinitrc" | cut -d ' ' -f 2)"
 	uitype='WM'
 elif [ -f "${HOME}/.xsession" ]; then
 	ui="$(tail -n 1 "${HOME}/.xsession" | cut -d ' ' -f 2)"
 	uitype='WM'
 else
 	ui='unknown'
 	uitype='UI'
 fi
 ##hardcode because our .xinitrc doesn't end like exec wm
 ui="dwm"
 ## DEFINE COLORS
 # probably don't change these
 if [ -x "$(command -v tput)" ]; then
 	bold="$(tput bold)"
 	black="$(tput setaf 0)"
 	red="$(tput setaf 1)"
 	green="$(tput setaf 2)"
 	yellow="$(tput setaf 3)"
 	blue="$(tput setaf 4)"
 	magenta="$(tput setaf 5)"
 	cyan="$(tput setaf 6)"
 	white="$(tput setaf 7)"
 	reset="$(tput sgr0)"
 fi
 # you can change these
 lc="${reset}${bold}${white}"        # labels
 nc="${reset}${bold}${white}"        # user and hostname
 ic="${reset}"                       # info
 c0="${reset}${white}"               # first color
 ## OUTPUT
 clear
 cat <<EOF
 ${c0}${nc}${USER}${ic}@${nc}${host}${reset}
 ------
 ${c0}${lc}OS:        ${ic}${os}${reset}
 ${c0}${lc}KERNEL:    ${ic}${kernel}${reset}
 ${c0}${lc}UPTIME:    ${ic}${uptime}${reset}
 ${c0}${lc}PACKAGES:  ${ic}${packages}${reset}
 ${c0}${lc}SHELL:     ${ic}${shell}${reset}
 ${c0}${lc}${uitype}:        ${ic}${ui}${reset}
 EOF
--- a/flake.lock
+++ b/flake.lock
@ -9,11 +9,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1708091384,
+        "lastModified": 1711973905,
-        "narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=",
+        "narHash": "sha256-UFKME/N1pbUtn+2Aqnk+agUt8CekbpuqwzljivfIme8=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790",
+        "rev": "88b3059b020da69cbe16526b8d639bd5e0b51c8b",
        "type": "github"
      },
      "original": {
@ -25,11 +25,11 @@
    "devour-flake": {
      "flake": false,
      "locked": {
-        "lastModified": 1708783000,
+        "lastModified": 1709858306,
-        "narHash": "sha256-UYva75UjgL2izR5tVzgTBBvtYyCPiKTtn1UjCZyR3Zw=",
+        "narHash": "sha256-Vey9n9hIlWiSAZ6CCTpkrL6jt4r2JvT2ik9wa2bjeC0=",
        "owner": "srid",
        "repo": "devour-flake",
-        "rev": "bb0e0443291899a3f3fd85f87d2849f917692b1e",
+        "rev": "17b711b9deadbbc5629cb7d2b64cf86ae72af3fa",
        "type": "github"
      },
      "original": {
@ -50,11 +50,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1708939976,
+        "lastModified": 1710156081,
-        "narHash": "sha256-O5+nFozxz2Vubpdl1YZtPrilcIXPcRAjqNdNE8oCRoA=",
+        "narHash": "sha256-4PMY6aumJi5dLFjBzF5O4flKXmadMNq3AGUHKYfchh0=",
        "owner": "numtide",
        "repo": "devshell",
-        "rev": "5ddecd67edbd568ebe0a55905273e56cc82aabe3",
+        "rev": "bc68b058dc7e6d4d6befc4ec6c60082b6e844b7d",
        "type": "github"
      },
      "original": {
@ -79,17 +79,17 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1709710541,
+        "lastModified": 1713401263,
-        "narHash": "sha256-eu9m/5Le2VPWlySoLAFmPPuHV6xPCNu+N8VfWX412N8=",
+        "narHash": "sha256-m5TlpqjvLgiTCfHbtUhTggQVkPIJR9N3SgkWa71QzD8=",
-        "owner": "nix-community",
+        "ref": "refs/heads/main",
-        "repo": "ethereum.nix",
+        "rev": "446f86d861cb68b89ebd6a773a7056ead4b27c4f",
-        "rev": "c5dcc237b1aa46aa2ebdbb65c912bdc464cf89b5",
+        "revCount": 379,
-        "type": "github"
+        "type": "git",
        "url": "file:///home/e/dev/ethereum.nix/"
      },
      "original": {
-        "owner": "nix-community",
+        "type": "git",
-        "repo": "ethereum.nix",
+        "url": "file:///home/e/dev/ethereum.nix/"
        "type": "github"
      }
    },
    "flake-compat": {
@ -183,11 +183,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709126324,
+        "lastModified": 1710146030,
-        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
@ -219,11 +219,11 @@
        "systems": "systems_4"
      },
      "locked": {
-        "lastModified": 1705309234,
+        "lastModified": 1710146030,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
@ -237,11 +237,11 @@
        "systems": "systems_5"
      },
      "locked": {
-        "lastModified": 1701680307,
+        "lastModified": 1710146030,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
@ -284,11 +284,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1703887061,
+        "lastModified": 1709087332,
-        "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
-        "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
@ -304,15 +304,15 @@
        ]
      },
      "locked": {
-        "lastModified": 1706999133,
+        "lastModified": 1715380449,
-        "narHash": "sha256-SYAhYDqIWBDi1w66o8bY0FUWMPXAL0a1eFNXz+c+KQc=",
+        "narHash": "sha256-716+f9Rj3wjSyD1xitCv2FcYbgPz1WIVDj+ZBclH99Y=",
-        "owner": "iofq",
+        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "a0c9213aefd6bd117c5f51dcd772d96ac558e8d7",
+        "rev": "d7682620185f213df384c363288093b486b2883f",
        "type": "github"
      },
      "original": {
-        "owner": "iofq",
+        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
@ -361,11 +361,11 @@
        "spectrum": "spectrum"
      },
      "locked": {
-        "lastModified": 1709297667,
+        "lastModified": 1714764302,
-        "narHash": "sha256-5JUaHyRFKDPqyeTlbMFS6VixAWRkO5uCRTS8asEjiyo=",
+        "narHash": "sha256-MmIZR67wOP3Nr9b3XpsvHSZSTDcTmd9cQn2Z8pW1/Hw=",
        "owner": "astro",
        "repo": "microvm.nix",
-        "rev": "7f93206b22131aac8fa46d787696ea58460aecab",
+        "rev": "e9977efbe34b554c3e393dc9a18509905a4080e5",
        "type": "github"
      },
      "original": {
@ -396,13 +396,33 @@
        "type": "github"
      }
    },
    "nix-index-database": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1714878592,
        "narHash": "sha256-E68C03sYRsYFsK7wiGHUIJm8IsyPRALOrFoTL0glXnI=",
        "owner": "nix-community",
        "repo": "nix-index-database",
        "rev": "a362555e9dbd4ecff3bb98969bbdb8f79fe87f10",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nix-index-database",
        "type": "github"
      }
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1709410583,
+        "lastModified": 1715148395,
-        "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=",
+        "narHash": "sha256-lRxjTxY3103LGMjWdVqntKZHhlmMX12QUjeFrQMmGaE=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc",
+        "rev": "a4e2b7909fc1bdf30c30ef21d388fde0b5cdde4a",
        "type": "github"
      },
      "original": {
@ -430,11 +450,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1704874635,
+        "lastModified": 1710695816,
-        "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
+        "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356",
+        "rev": "614b4613980a522ba49f0d194531beddbb7220d3",
        "type": "github"
      },
      "original": {
@ -444,13 +464,29 @@
        "type": "github"
      }
    },
    "nixpkgs-stable_2": {
      "locked": {
        "lastModified": 1714858427,
        "narHash": "sha256-tCxeDP4C1pWe2rYY3IIhdA40Ujz32Ufd4tcrHPSKx2M=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "b980b91038fc4b09067ef97bbe5ad07eecca1e76",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "release-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1709386671,
+        "lastModified": 1710608262,
-        "narHash": "sha256-VPqfBnIJ+cfa78pd4Y5Cr6sOWVW8GYHRVucxJGmRf8Q=",
+        "narHash": "sha256-Tf2zqUWgU1iofcECQ+xj7HJVtoCz6yWG/oEIDmXxwXg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "fa9a51752f1b5de583ad5213eb621be071806663",
+        "rev": "d211b80d2944a41899a6ab24009d9729cca05e49",
        "type": "github"
      },
      "original": {
@ -462,11 +498,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1709237383,
+        "lastModified": 1715266358,
-        "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
+        "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
+        "rev": "f1010e0469db743d14519a1efd37e23f8513d714",
        "type": "github"
      },
      "original": {
@ -484,11 +520,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1708237054,
+        "lastModified": 1713121823,
-        "narHash": "sha256-9PVT/adNsZ9I2mrDkpt8KIAehMGgLBsq+x/6qYHKO9w=",
+        "narHash": "sha256-C/Fc+MLdXP7AYRjsLaCty9XQ8ozIbdH9SB+cRQZwokQ=",
        "owner": "iofq",
        "repo": "nvim.nix",
-        "rev": "e6cde16c4a1f458404901b3a7814ec88b800fb6c",
+        "rev": "50ac04fdb917dc701c8c23096560b217c75d49fa",
        "type": "github"
      },
      "original": {
@ -542,11 +578,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1708018599,
+        "lastModified": 1714478972,
-        "narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=",
+        "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431",
+        "rev": "2849da033884f54822af194400f8dff435ada242",
        "type": "github"
      },
      "original": {
@ -561,14 +597,36 @@
        "ethereum-nix": "ethereum-nix",
        "home-manager": "home-manager",
        "microvm": "microvm",
        "nix-index-database": "nix-index-database",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs_2",
        "nvim": "nvim",
        "pre-commit-hooks": "pre-commit-hooks",
        "sops-nix": "sops-nix",
        "systems": "systems_6",
        "tfa": "tfa",
-        "treefmt-nix": "treefmt-nix_2",
+        "treefmt-nix": "treefmt-nix_2"
-        "virt": "virt"
+      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
        "lastModified": 1715244550,
        "narHash": "sha256-ffOZL3eaZz5Y1nQ9muC36wBCWwS1hSRLhUzlA9hV2oI=",
        "owner": "Mic92",
        "repo": "sops-nix",
        "rev": "0dc50257c00ee3c65fef3a255f6564cfbfe6eb7f",
        "type": "github"
      },
      "original": {
        "owner": "Mic92",
        "repo": "sops-nix",
        "type": "github"
      }
    },
    "spectrum": {
@ -704,11 +762,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709373438,
+        "lastModified": 1710278050,
-        "narHash": "sha256-F/Vieen5x2nf05KJ5AitoE/GSB0FU2jMffSM8bHSuBs=",
+        "narHash": "sha256-Oc6BP7soXqb8itlHI8UKkdf3V9GeJpa1S39SR5+HJys=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "093f82e5707bb6f14ee38a742748f9fb4ab1488e",
+        "rev": "35791f76524086ab4b785a33e4abbedfda64bd22",
        "type": "github"
      },
      "original": {
@ -724,11 +782,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709373438,
+        "lastModified": 1714058656,
-        "narHash": "sha256-F/Vieen5x2nf05KJ5AitoE/GSB0FU2jMffSM8bHSuBs=",
+        "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "093f82e5707bb6f14ee38a742748f9fb4ab1488e",
+        "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
        "type": "github"
      },
      "original": {
@ -754,26 +812,6 @@
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "virt": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1707694046,
        "narHash": "sha256-WTXt7ko/Bnzb5rX3i9ccSiE5JaKfWUJsF0wJii68kmI=",
        "owner": "iofq",
        "repo": "virt",
        "rev": "5e158ba025f58f342ce013d6e5fe92de9dd4b3eb",
        "type": "github"
      },
      "original": {
        "owner": "iofq",
        "repo": "virt",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -13,7 +13,7 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
-      url = "github:iofq/home-manager";
+      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nvim = {
@ -24,13 +24,9 @@
      url = "github:iofq/2fa";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    virt = {
      url = "github:iofq/virt";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ethereum-nix = {
-      url = "github:nix-community/ethereum.nix";
+      #url = "github:nix-community/ethereum.nix";
-      # url = "git+file:///home/e/dev/ethereum.nix/";
+      url = "git+file:///home/e/dev/ethereum.nix/";
    };
    treefmt-nix = {
      url = "github:numtide/treefmt-nix";
@ -40,13 +36,18 @@
      url = "github:astro/microvm.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-index-database = {
      url = "github:nix-community/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = {
    self,
    nixpkgs,
    home-manager,
    nvim,
    deploy-rs,
    systems,
    ...
  } @ inputs: let
@ -58,7 +59,6 @@
      inherit system;
      config.allowUnfree = true;
      overlays = [
        inputs.virt.overlay
        (final: _prev:
          {
            inherit (inputs.nvim.packages.${final.system}) full;
@ -79,7 +79,7 @@
        remoteBuild = true;
        profiles.system = {
          user = "root";
-          path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.htz;
+          path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.htz;
        };
      };
      racknerd = {
@ -88,7 +88,7 @@
        remoteBuild = true;
        profiles.system = {
          user = "root";
-          path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.rknrd;
+          path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.rknrd;
        };
      };
    };
@ -108,7 +108,10 @@
        pkgs.nix
        pkgs.home-manager
        pkgs.git
-        deploy-rs.packages.${system}.deploy-rs
+        pkgs.ssh-to-age
        pkgs.sops
        pkgs.age
        inputs.deploy-rs.packages.${system}.deploy-rs
        treefmtEval.${system}.config.build.wrapper
      ];
    };
--- a/home-manager/shared/programs/2fa/default.nix
+++ b/home-manager/shared/programs/2fa/default.nix
@ -9,7 +9,6 @@
  services.gpg-agent = {
    enable = true;
    enableSshSupport = true;
    pinentryFlavor = "tty";
    extraConfig = ''
      allow-loopback-pinentry
    '';
--- a/home-manager/shared/programs/dev/default.nix
+++ b/home-manager/shared/programs/dev/default.nix
@ -10,7 +10,7 @@
    python3
    p7zip
    gnumake
    gcc
    go
    jq
  ];
 }
--- a/home-manager/shared/programs/shell/default.nix
+++ b/home-manager/shared/programs/shell/default.nix
@ -1,9 +1,17 @@
-{host, ...}: {
+{
  host,
  pkgs,
  ...
 }: {
  imports = [
    ./tmux.nix
    ./git.nix
    ./direnv.nix
  ];
  home = {
    packages = with pkgs; [
      tree
    ];
  };
  programs.bash = {
    enable = true;
    enableCompletion = true;
@ -72,4 +80,9 @@
    historyWidgetOptions = ["--height 60% --preview ''"];
    fileWidgetCommand = "command find -L . -mindepth 1 -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' -prune";
  };
  programs.direnv = {
    enable = true;
    enableBashIntegration = true;
    nix-direnv.enable = true;
  };
 }
--- a/home-manager/shared/programs/shell/direnv.nix
+++ b/home-manager/shared/programs/shell/direnv.nix
@ -1,7 +0,0 @@
 _: {
  programs.direnv = {
    enable = true;
    enableBashIntegration = true;
    nix-direnv.enable = true;
  };
 }
--- a/home-manager/shared/wayland/default.nix
+++ b/home-manager/shared/wayland/default.nix
@ -1,4 +1,4 @@
-{...}: {
+{pkgs, ...}: {
  imports = [
    ./librewolf
    ./alacritty
@ -8,6 +8,12 @@
    ./audio
  ];
  home.packages = with pkgs; [
    wdisplays
    wl-clipboard
    gammastep
    sway-contrib.grimshot
  ];
  programs.bemenu = {
    enable = true;
    settings = {
--- a/home-manager/shared/wayland/hyprland/default.nix
+++ b/home-manager/shared/wayland/hyprland/default.nix
@ -4,7 +4,7 @@
    package = pkgs.hyprland;
    systemd.enable = true;
    extraConfig = ''
-      monitor=,preferred,auto,1"
+      monitor=,preferred,auto,1
    '';
    settings = {
      "$mod" = "SUPER";
@ -86,6 +86,8 @@
          ## Movement
          "$mod, p, layoutmsg, swapwithmaster"
          "$mod, e, layoutmsg, orientationnext"
          "$mod, i, layoutmsg, addmaster"
          "$mod, d, layoutmsg, removemaster"
          "$mod, h, movefocus, l"
          "$mod, l, movefocus, r"
          "$mod, k, movefocus, u"
--- a/home-manager/shared/wayland/sway/default.nix
+++ b/home-manager/shared/wayland/sway/default.nix
@ -5,11 +5,7 @@
  ...
 }: {
  home.packages = with pkgs; [
    wl-clipboard
    autotiling-rs
    gammastep
    sway-contrib.grimshot
    jq
  ];
  home.sessionVariables = {
    # needed for Sway and Firefox to play nice
--- a/home-manager/t14/home.nix
+++ b/home-manager/t14/home.nix
@ -20,10 +20,15 @@
      # comms
      signal-desktop
-      # discord # using Webcord via flatpak
+      discord
      # apps
      chromium
      pcmanfm
      feh
      ffmpeg
      mpv
      wdisplays
      # font
      spleen
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@ -1,4 +1,8 @@
-{host, ...}: {
+{
  pkgs,
  host,
  ...
 }: {
  users.groups.plugdev = {}; # Create plugdev group
  networking.hostName = host.hostName;
  users.users.${host.username} = {
@ -9,11 +13,20 @@
      "video"
    ];
  };
  environment.systemPackages = with pkgs; [vim];
  programs.nix-index.enableBashIntegration = false;
  programs.nix-index.enableZshIntegration = false;
  programs.nix-index-database.comma.enable = true;
  time.timeZone = "America/Chicago";
  # Enable flakes and unfree packages
  nix.settings = {
    auto-optimise-store = true;
    substituters = ["https://nix-community.cachix.org"];
    trusted-public-keys = [
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
    ];
    trusted-users = [host.username];
    experimental-features = ["nix-command" "flakes"];
  };
  nix.gc = {
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -4,7 +4,12 @@
  attrs,
  system,
  ...
-}: {
+}: let
  defaultModules = [
    inputs.sops-nix.nixosModules.sops
    inputs.nix-index-database.nixosModules.nix-index
  ];
 in {
  t14 = inputs.nixpkgs.lib.nixosSystem {
    specialArgs = {
      inherit inputs system pkgs attrs;
@ -13,11 +18,13 @@
        inherit (attrs) username;
      };
    };
-    modules = [
+    modules =
-      ./configuration.nix
+      defaultModules
-      ./t14/configuration.nix
+      ++ [
-      inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
+        ./configuration.nix
-    ];
+        ./t14/configuration.nix
        inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
      ];
  };
  rknrd = inputs.nixpkgs.lib.nixosSystem {
    specialArgs = {
@ -27,21 +34,17 @@
        inherit (attrs) username;
      };
    };
-    modules = [
+    modules =
-      ./configuration.nix
+      defaultModules
-      ./racknerd/configuration.nix
+      ++ [
-    ];
+        ./configuration.nix
        ./racknerd/configuration.nix
      ];
  };
  htz = inputs.nixpkgs.lib.nixosSystem {
    specialArgs = {
      inherit inputs system pkgs;
      addressList = {
        vm-pool = {
          name = "vm-pool";
          ipv4 = "10.0.0.2";
          subnet = "/24";
          mac = "02:00:00:00:00:02";
        };
        vm-k3s = {
          name = "vm-k3s";
          ipv4 = "10.0.0.3";
@ -54,11 +57,13 @@
        inherit (attrs) username;
      };
    };
-    modules = [
+    modules =
-      ./configuration.nix
+      defaultModules
-      ./htz/configuration.nix
+      ++ [
-      inputs.ethereum-nix.nixosModules.default
+        ./configuration.nix
-      inputs.microvm.nixosModules.host
+        ./htz/configuration.nix
-    ];
+        inputs.ethereum-nix.nixosModules.default
        inputs.microvm.nixosModules.host
      ];
  };
 }
--- a/nixos/htz/configuration.nix
+++ b/nixos/htz/configuration.nix
@ -10,23 +10,14 @@
    ./eth.nix
  ];
  environment.systemPackages = with pkgs; [
    vim
    git
    bridge-utils
    comma
  ];
  virtualisation = {
    docker = {
      enable = true;
    };
  };
  networking = {
    hostName = "htz";
    domain = "";
    firewall = {
      enable = true;
-      allowedTCPPorts = [22 80 443];
+      allowedTCPPorts = [22];
      allowedUDPPorts = [];
      logRefusedConnections = true;
      trustedInterfaces = ["microvm"];
    };
@ -43,9 +34,8 @@
    device = "/eth1";
    options = ["bind"];
  };
-  services = let
+  services = {
-    domain = "ts.10110110.xyz";
+    tailscale.enable = true;
  in {
    openssh = {
      enable = true;
      settings = {
@ -53,30 +43,6 @@
        PermitRootLogin = "prohibit-password";
      };
    };
    tailscale.enable = true;
    headscale = {
      enable = true;
      address = "0.0.0.0";
      port = 8080;
      serverUrl = "https://${domain}";
      dns = {baseDomain = domain;};
      settings = {logtail.enabled = false;};
    };
    nginx = {
      enable = true;
      virtualHosts.${domain} = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://localhost:8080";
          proxyWebsockets = true;
        };
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "mail@10110110.xyz";
  };
  users.users = {
    root = {
--- a/nixos/htz/eth.nix
+++ b/nixos/htz/eth.nix
@ -9,8 +9,37 @@
      allowedUDPPorts = [9000 30303];
      logRefusedConnections = true;
      trustedInterfaces = ["microvm"];
      interfaces."tailscale0".allowedTCPPorts = [5052 8545];
    };
  };
  # virtualisation.oci-containers.containers = {
  # besu = {
  #   image = "hyperledger/besu:24.3-graalvm";
  #   ports = [
  #     "0.0.0.0:30303:30303"
  #     "0.0.0.0:30303:30303/udp"
  #     "100.79.221.28:8551:8551"
  #   ];
  #   volumes = [
  #     "/eth1/besu:/var/lib/besu"
  #     "/etc/nixos/eth_jwt:/var/lib/jwtsecret/jwt.hex"
  #   ];
  #   environment = {
  #     JAVA_OPTS = "\"-Xmx16192m\"";
  #   };
  #   cmd = [
  #     "--Xsnapsync-synchronizer-flat-db-healing-enabled=true"
  #     "--data-path=/var/lib/besu"
  #     "--data-storage-format=bonsai"
  #     "--engine-jwt-secret=/var/lib/jwtsecret/jwt.hex"
  #     "--engine-rpc-enabled"
  #     "--engine-rpc-port=8551"
  #     "--fast-sync-min-peers=3"
  #     "--nat-method=docker"
  #     "--network=mainnet"
  #     "--sync-mode=X_SNAP"
  #   ];
  # };
  services.ethereum.geth.mainnet = {
    enable = true;
    package = inputs.ethereum-nix.packages.${system}.geth;
@ -18,7 +47,8 @@
    args = {
      http = {
        enable = true;
-        addr = "10.0.0.1";
+        addr = "0.0.0.0";
        vhosts = ["htz.tailc353f.ts.net"];
      };
      authrpc.jwtsecret = "/etc/nixos/eth_jwt";
    };
@ -34,7 +64,7 @@
      enr-auto-update = true;
      rest = {
        enable = true;
-        address = "10.0.0.1";
+        address = "0.0.0.0";
      };
      light-client-data.max-periods = "3";
    };
--- a/nixos/htz/vms/default.nix
+++ b/nixos/htz/vms/default.nix
@ -1,8 +1,6 @@
 {
  inputs,
  lib,
  pkgs,
  system,
  addressList,
  ...
 }: let
@ -93,10 +91,6 @@
  };
 in {
  microvm.vms = {
    vm-pool = genVMConfig {
      name = "vm-pool";
      config = import ./pool.nix {inherit pkgs system inputs;};
    };
    vm-k3s = genVMConfig {
      name = "vm-k3s";
      config = import ./k3s.nix {inherit pkgs;};
--- a/nixos/htz/vms/k3s.nix
+++ b/nixos/htz/vms/k3s.nix
@ -7,6 +7,7 @@
    role = "server";
    extraFlags = toString [
      "--disable traefik"
      "--tls-san vm-k3s.tailc353f.ts.net"
    ];
  };
  networking.firewall = {
@ -21,7 +22,7 @@
        image = "/var/lib/microvms/vm-k3s/vm-k3s-root.img";
        label = "vm-pool-root";
        mountPoint = "/";
-        size = 10000;
+        size = 100000;
      }
    ];
  };
--- a/nixos/racknerd/configuration.nix
+++ b/nixos/racknerd/configuration.nix
@ -1,41 +1,83 @@
 {
  inputs,
  pkgs,
-  system,
+  config,
  ...
 }: {
  imports = [
    ./hardware-configuration.nix
    ./minecraft.nix
    inputs.ethereum-nix.nixosModules.default
  ];
  environment.systemPackages = with pkgs; [
    nfs-utils
    vim
    inputs.ethereum-nix.packages.${system}.rocketpool
    docker-compose
  ];
  environment.interactiveShellInit = ''
    alias rp='rocketpool --allow-root'
  '';
  virtualisation = {
    docker = {
      enable = true;
    };
  };
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = false;
-  networking.hostName = "rknrd";
+
-  networking.domain = "";
+  networking = {
-  networking.firewall = {
+    hostName = "rknrd";
-    enable = true;
+    nameservers = [
-    allowedTCPPorts = [22];
+      "1.1.1.1"
-    allowedUDPPorts = [];
+      "8.8.8.8"
-    logRefusedConnections = true;
+    ];
    firewall = {
      enable = true;
      allowedTCPPorts = [22];
      allowedUDPPorts = [];
      logRefusedConnections = true;
    };
  };
  services.openssh.enable = true;
  services.tailscale.enable = true;
  users.users = {
    root = {
      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''];
    };
    e = {
      isNormalUser = true;
-      extraGroups = ["wheel"];
+      extraGroups = ["wheel" "docker"];
      packages = with pkgs; [
        vim
        htop
        tree
      ];
      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''];
    };
  };
  virtualisation.oci-containers.containers = {
    signal-api = {
      image = "bbernhard/signal-cli-rest-api:latest";
      ports = ["100.73.10.99:8080:8080"];
      volumes = [
        "/root/signal-cli:/home/.local/share/signal-cli"
      ];
    };
  };
  systemd.timers."signal-upload" = {
    wantedBy = ["timers.target"];
    timerConfig = {
      OnCalendar = "*:0/5";
      Unit = "signal-upload.service";
    };
  };
  systemd.services."signal-upload" = {
    script = ''
      ${pkgs.curl}/bin/curl -X GET -H "Content-Type application/json" 'http://rknrd.tailc353f.ts.net:8080/v1/receive/+14145029897' && ${pkgs.docker}/bin/docker run --rm --env-file=${config.sops.secrets."b2-photos-s3/env".path} -v /root/signal-cli/attachments:/root/data public.ecr.aws/aws-cli/aws-cli s3 mv /root/data/ s3://iofq-photos/signal --endpoint-url=https://s3.us-west-004.backblazeb2.com --recursive
    '';
    serviceConfig = {
      Type = "oneshot";
      User = "root";
    };
  };
  security.sudo.wheelNeedsPassword = false;
  nix.settings.trusted-users = ["e"];
  system.stateVersion = "22.11";
--- a/nixos/racknerd/minecraft.nix
+++ b/nixos/racknerd/minecraft.nix
@ -1,4 +1,38 @@
-{pkgs, ...}: {
+{
  config,
  pkgs,
  ...
 }: {
  sops = {
    defaultSopsFile = ../../secrets/restic.yaml;
    age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
    secrets = {
      "b2-minecraft/env" = {};
      "b2-minecraft/repo" = {};
      "b2-minecraft/password" = {};
      "b2-photos-s3/env" = {};
    };
  };
  services.restic.backups = {
    b2-minecraft = {
      initialize = true;
      environmentFile = config.sops.secrets."b2-minecraft/env".path;
      repositoryFile = config.sops.secrets."b2-minecraft/repo".path;
      passwordFile = config.sops.secrets."b2-minecraft/password".path;
      paths = [
        "/var/lib/minecraft"
      ];
      timerConfig = {
        OnCalendar = "00:05";
      };
      pruneOpts = [
        "--keep-daily 3"
        "--keep-weekly 1"
        "--keep-monthly 1"
      ];
    };
  };
  services.minecraft-server = {
    enable = true;
    eula = true;
--- a/nixos/t14/backups.nix
+++ b/nixos/t14/backups.nix
@ -0,0 +1,32 @@
 {config, ...}: {
  sops = {
    defaultSopsFile = ../../secrets/restic.yaml;
    age.keyFile = "/home/e/.config/sops/age/keys.txt";
    secrets = {
      "b2-home/env" = {};
      "b2-home/repo" = {};
      "b2-home/password" = {};
    };
  };
  services.restic.backups = {
    b2-home = {
      initialize = true;
      environmentFile = config.sops.secrets."b2-home/env".path;
      repositoryFile = config.sops.secrets."b2-home/repo".path;
      passwordFile = config.sops.secrets."b2-home/password".path;
      paths = [
        "/home/e/backmeup"
        "/home/e/.ssh"
        "/home/e/.librewolf"
        "/home/e/.runelite"
      ];
      timerConfig = {
        OnCalendar = "01:00";
      };
      pruneOpts = [
        "--keep-last 14"
      ];
    };
  };
 }
--- a/nixos/t14/configuration.nix
+++ b/nixos/t14/configuration.nix
@ -9,6 +9,7 @@ in {
  imports = [
    ./hardware-configuration.nix
    ./nano.nix
    ./backups.nix
  ];
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
@ -16,7 +17,6 @@ in {
  environment.systemPackages = with pkgs; [
    cryptsetup
    nfs-utils
    comma
  ];
  environment.extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test";
@ -48,7 +48,6 @@ in {
  # Services
  virtualisation = {
    libvirtd.enable = true;
    podman = {
      enable = true;
      dockerCompat = true;
@ -77,29 +76,8 @@ in {
    enable = true;
    settings = {
      WIFI_PWR_ON_BAT = "off";
-      CPU_BOOST_ON_BAT = "0";
+      START_CHARGE_THRESH_BAT0 = 80;
-      CPU_BOOST_ON_AC = "1";
+      STOP_CHARGE_THRESH_BAT0 = 85;
      PLATFORM_PROFILE_ON_AC = "low-power";
      PLATFORM_PROFILE_ON_BAT = "low-power";
      CPU_SCALING_GOVERNOR_ON_AC = "powersave";
      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
      CPU_ENERGY_PERF_POLICY_ON_AC = "power";
      CPU_MIN_PERF_ON_AC = 0;
      CPU_MAX_PERF_ON_AC = 100;
      CPU_MIN_PERF_ON_BAT = 0;
      CPU_MAX_PERF_ON_BAT = 25;
      RADEON_DPM_STATE_ON_AC = "performance";
      RADEON_DPM_STATE_ON_BAT = "battery";
      RADEON_POWER_PROFILE_ON_AC = "high";
      RADEON_POWER_PROFILE_ON_BAT = "low";
      #Optional helps save long term battery health
      START_CHARGE_THRESH_BAT0 = 80; # bellow it starts to charge
      STOP_CHARGE_THRESH_BAT0 = 95; # above it stops charging
    };
  };
--- a/secrets/restic.yaml
+++ b/secrets/restic.yaml
@ -0,0 +1,49 @@
 restic-password: ENC[AES256_GCM,data:N2KPew==,iv:nw63djCF/TZg+efx9leZWXfELL6xy0V0F6ul2O1ED1U=,tag:tXqbtf88+uAmpgFlgpHTiA==,type:str]
 b2-minecraft:
    password: ENC[AES256_GCM,data:wuGy2MU8c5A2ozD2O4srZLWCyEGhkmXcfrcZ+3Oj+w5mWYPG5Jlx6nee2mOwvswv1A==,iv:wo2eDeXCMUWF21RC6kLSDHrXpQdeYkbjIfG32nc2MT4=,tag:r79moSMqFV4+xpL9/RgcRQ==,type:str]
    repo: ENC[AES256_GCM,data:ib+Div2lLjoBfkqH7RlYyhk=,iv:qtlXiDw7amSPM0bEkKh6wTmQF5l0QRVxVgjCp8Ax9Z4=,tag:tHELSQWtyE9GpHgSlEHWcQ==,type:str]
    env: ENC[AES256_GCM,data:9FUJaGL1B7AZ4jjbuoUVqR34lqhG9Jf7P2YcGRdozehPfY47NMG4rG/9XNmmt6NU1EysgEBb215vwm9p4+r7kZ+uAQRpUUQvYTC6mz/zj04qZ8lIYwIRLMSI,iv:RXYtRUJc8G9LXry7WzIAdEFJFz8W2j80S5J1KUT10HQ=,tag:AGc/SAYnocfgRwkFj5b3rg==,type:str]
 b2-home:
    password: ENC[AES256_GCM,data:5KnILerCPQ4h6PYDoyt7e/5maCAgLyPGvGuxZPJM5ceEM4dQecpvtAAyuZh/J+kftQ==,iv:VKqGp7WyNwbB4YIIwcmcHrxT66s8wymT2dMA76bcLAo=,tag:EL6wxlcAsrUEhRgRtkTuIQ==,type:str]
    repo: ENC[AES256_GCM,data:wH4UOgI2Qanfmwsz,iv:bxjkNwjbL0hZMH1CFxdrrnrvmadwQtF9rl9zh7zsxU4=,tag:jNbdE3Ble1Q3dhr1uhOMQQ==,type:str]
    env: ENC[AES256_GCM,data:ApCwXSQ1/pJ5C0La995jT50ZAvA0vgNrJ5R90b95IDt2CFSeKxFQiQs3hyrlI+Eor0igT0ZmaSjJ3w1GynNyT47wqjDxh6ZlzS0yhecyCckfUrn0mTK7Z/4k,iv:Bw2CzibZ+LxzkFIPJZH6JWRsd4F1f//C/6/TIsrMJOA=,tag:89jVSsy9JkurPiC3EKZfmA==,type:str]
 b2-photos-s3:
    env: ENC[AES256_GCM,data:m25/0USqeg+rmeD9pPQaR2nQGami50CDeQzySyxQeL5Eb+//KbfPdCyzvgOJBXBR7P7wKU4K+kuPqKfk0wrH71rgSzScg7KX0p1yNFqSs26tV+O9ctX9JeFmA9dRXrt/RA==,iv:0SKtOa/bg7Q/GRHPcoxxjdGY/+SITQmKqDG0r5JR4zM=,tag:3O2yikVOyU9OE+sPv9osSg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age14e2d2y8e2avzfrsyxg9dudxd36svm24t7skw6e969n0c42znlp3shffdtg
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5eWJxSjM2NTJ1YUNOdVhl
            YjZobWdiNFRLOGdpMTFPc2RXVkdDNEh3L1d3CnhHYVpZNlVSVEFoVlQ3Rnphcm1l
            MU9sQUY4Q296Wk1tanVjUXRYMjQyUGsKLS0tIEZrZTJzSVR4b0lncG53cEVpTXhC
            WHVYMWF1SWlNZE13aVIrVHJKK1NxSUEKRo0F8h/X3/mm/Dhi44wATtMh9j5f//mB
            YKmb4WnPl2suYBuQvMuFWtugHUqVBhcnVAmyFM2L2vddmtAuvtttYQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age19qx3e78c9f2l7ceccgjf7ksvc873ungjely3nyxyjts2xsz0ldjq6shksm
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VFNwYlQ3VmMyd3pJenB0
            bVlGSEZva1pVa1hnQVZ6Q1hhV1VHZ002dG1zCnBaT01MSWU3elZpZEhVZ0FyMVNF
            TllWOEZQakZ4MEZ1ZWlyS1hTTURFOWsKLS0tIDNpWkdMZ0I3LzViYjZsaWhNV1Vv
            NTEvUUlabzdqME1aVytlSkJ3WFJpT0kKYVL0sXLaq9bZ6xXqRKuT3GN1nuuXRiHR
            Psa1czMlGL40s6vNMndceLgHEKdWHXMu9WT+BRTeTiRKMrQ9CNS+CQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1xwcz9qtaezjy4kl6xttea0u00j7j2n8xkd297vjz9xrnqx9fksjsg3nhu3
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBic0JuMmZpUGZpNEhRdWVN
            a09hZG1mSEFxUUxWcXBWK0U0N3NueW4rdkgwCmRZaG5pWFNvZlBiS0ZOT1k3emFC
            akZYQnRFdmQrWU0zTksza3lCaWdUeFkKLS0tICtIanM2c1VvQ21LR0FUQmFQcHhH
            bTdSb0oxZVJvRGxTWTlpVlAyWEZGQkEKmLN2o4/NXmNUss9Z+j9Q9ywRBx6cx3ru
            /VqSfRMczno/I3mD6t9fuSQT42X2Dgdexvi4fm5Qr3+avXE/zlMx+Q==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-04-14T05:26:47Z"
    mac: ENC[AES256_GCM,data:gJ5kkzV0RWFEWJYXf5Rva6WLIRoJ3aWm4hNmJrJyanJeV4yMHDXwM3EyvJ60q1MtQVv790tPHC9NDGvVM+/WuwsBj2xiZUdHsYYv/Xio9iYD9tPXpS2bwjLOcn8K+wfOBKgnBi3rr9y00jlg+pmB/gQPPnTZXoFnxr44BROqjg8=,iv:iaQFyjrdK/zsZRYrghanNt8UQ4klu2i6wyLyOD3T3xY=,tag:MwxBUVDgl+L4WXASrC5bjg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1