Price/NixOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Price:98a20e282945772b3facad23fac918ac71b6f9a3
Branches Tags
Price:Development
..
compare: Price:1a2dacd753af5d74fbc845916fac6f804154ec40
Branches Tags
Price:Development

No commits in common. "98a20e282945772b3facad23fac918ac71b6f9a3" and "1a2dacd753af5d74fbc845916fac6f804154ec40" have entirely different histories.
98a20e2829 ... 1a2dacd753

24 changed files with 309 additions and 524 deletions
Show Stats Expand all files Collapse all files

142
flake.lock
View File

@ -11,11 +11,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1707771926, "lastModified": 1682237245,
"narHash": "sha256-PhWWmby82jm1ddLnQoC4sPcRBnn9tMRmqiwbsYdO8Ec=", "narHash": "sha256-xbBR7LNK+d5Yi/D6FXQGc1R6u2VV2nwr/Df5iaEbOEQ=",
"owner": "yaxitech", "owner": "yaxitech",
"repo": "ragenix", "repo": "ragenix",
"rev": "2d9122fe28c15ca64770f192f7df97e13b1fb098", "rev": "281f68c3d477904f79ff1cd5807a8c226cd80a50",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -27,19 +27,17 @@
"agenix_2": { "agenix_2": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"agenix", "agenix",
"nixpkgs" "nixpkgs"
], ]
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1703433843, "lastModified": 1682101079,
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "417caa847f9383e111d1397039c9d4337d024bf0", "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -56,11 +54,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1708200003, "lastModified": 1706241694,
"narHash": "sha256-F35dKFLG1fs/B6+Zi081mi8x2x8CARgrU/xeWSmY4l4=", "narHash": "sha256-OzgzZTpzNOYJGV3FYE8IXxRIAp4ht1FKMX71JXX/CHg=",
"ref": "refs/heads/Development", "ref": "refs/heads/Development",
"rev": "acf0f3a8b17b8eb07166a17badde0d2a04cee778", "rev": "bbb3e7d8ff657ec61b7b1c5d745a0eba30d76f4e",
"revCount": 72, "revCount": 70,
"type": "git", "type": "git",
"url": "https://git.orion-technologies.io/blog/blog" "url": "https://git.orion-technologies.io/blog/blog"
}, },
@ -71,17 +69,26 @@
}, },
"crane": { "crane": {
"inputs": { "inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"agenix",
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"agenix", "agenix",
"nixpkgs" "nixpkgs"
],
"rust-overlay": [
"agenix",
"rust-overlay"
] ]
}, },
"locked": { "locked": {
"lastModified": 1707685877, "lastModified": 1681680516,
"narHash": "sha256-XoXRS+5whotelr1rHiZle5t5hDg9kpguS5yk8c8qzOc=", "narHash": "sha256-EB8Adaeg4zgcYDJn9sR6UMjN/OHdIiMMK19+3LmmXQY=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "2c653e4478476a52c6aa3ac0495e4dea7449ea0e", "rev": "54b63c8eae4c50172cb50b612946ff1d2bc1c75c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -99,11 +106,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1700795494, "lastModified": 1673295039,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -115,16 +122,16 @@
}, },
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1708091384, "lastModified": 1704875591,
"narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=", "narHash": "sha256-eWRLbqRcrILgztU/m/k7CYLzETKNbv0OsT2GjkaNm8A=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790", "rev": "1776009f1f3fb2b5d236b84d9815f2edee463a9b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -140,11 +147,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1708143835, "lastModified": 1706491084,
"narHash": "sha256-SRGi47kleiyNVQlR9mxp9Ux2t2SLy7Nm3L6b3UKjH2c=", "narHash": "sha256-eaEv+orTmr2arXpoE4aFZQMVPOYXCBEbLgK22kOtkhs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "4d81082b2c37a6e1e181cc9f589b5b657774bd63", "rev": "f67ba6552845ea5d7f596a24d57c33a8a9dc8de9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -154,6 +161,22 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -169,7 +192,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": { "flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1687265871, "lastModified": 1687265871,
@ -187,14 +210,14 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1705309234, "lastModified": 1681202837,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -205,7 +228,7 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1705309234, "lastModified": 1705309234,
@ -223,7 +246,7 @@
}, },
"flake-utils_3": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1705309234, "lastModified": 1705309234,
@ -239,28 +262,6 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1706639736, "lastModified": 1706639736,
@ -294,11 +295,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1708118438, "lastModified": 1706550542,
"narHash": "sha256-kk9/0nuVgA220FcqH/D2xaN6uGyHp/zoxPNUmPCMmEE=", "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5863c27340ba4de8f83e7e3c023b9599c3cb3c80", "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -314,7 +315,7 @@
"blog": "blog", "blog": "blog",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko", "disko": "disko",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"impermanence": "impermanence", "impermanence": "impermanence",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
@ -332,11 +333,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1707703915, "lastModified": 1682129965,
"narHash": "sha256-Vej69igzNr3eVDca6+32uO+TXjVWx6ZUwwy3iZuzhJ4=", "narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "e6679d2ff9136d00b3a7168d2bf1dff9e84c5758", "rev": "2c417c0460b788328220120c698630947547ee83",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -405,24 +406,9 @@
"type": "github" "type": "github"
} }
}, },
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1701680307,

159
flake.nix
View File

@ -5,7 +5,9 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
impermanence = { url = "github:nix-community/impermanence"; }; impermanence = {
url = "github:nix-community/impermanence";
};
agenix = { agenix = {
url = "github:yaxitech/ragenix"; url = "github:yaxitech/ragenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -25,15 +27,14 @@
}; };
}; };
outputs = inputs@{ self, nixpkgs, deploy-rs, impermanence, agenix, disko
, flake-utils, blog, ... }: outputs = inputs @ { self, nixpkgs, deploy-rs, impermanence, agenix, disko, flake-utils, blog, ... }:
let let
lib = (import ./lib { lib = nixpkgs.lib; }) // nixpkgs.lib; lib = (import ./lib { lib = nixpkgs.lib; }) // nixpkgs.lib;
persist-dir = "/persist"; persist-dir = "/persist";
defaults = { defaults = {
config = { config = {
environment.etc.machine-id.source = environment.etc.machine-id.source = "${persist-dir}/ephemeral/etc/machine-id";
"${persist-dir}/ephemeral/etc/machine-id";
environment.persistence.save = { environment.persistence.save = {
hideMounts = true; hideMounts = true;
persistentStoragePath = "${persist-dir}/save"; persistentStoragePath = "${persist-dir}/save";
@ -41,90 +42,59 @@
environment.persistence.ephemeral = { environment.persistence.ephemeral = {
persistentStoragePath = "${persist-dir}/ephemeral"; persistentStoragePath = "${persist-dir}/ephemeral";
hideMounts = true; hideMounts = true;
directories = [ "/var/lib" "/var/log" "/etc/nixos" ]; directories = [
"/var/lib"
"/var/log"
"/etc/nixos"
];
}; };
}; };
}; };
in { in
nixosConfigurations = { {
orion = let hostname = "orion"; nixosConfigurations.luna =
in nixpkgs.lib.nixosSystem { let
system = "x86_64-linux"; hostname = "luna";
specialArgs = { in
inherit self; nixpkgs.lib.nixosSystem
inherit inputs; {
inherit hostname; system = "x86_64-linux";
inherit lib; specialArgs = {
inherit persist-dir; inherit self;
root-disk = "/dev/vda"; inherit blog;
inherit flake-utils;
inherit inputs;
inherit hostname;
inherit nixpkgs;
inherit lib;
inherit persist-dir;
root-disk = "/dev/nvme0n1";
fqdn = "orion-technologies.io";
};
modules = [
defaults
impermanence.nixosModules.impermanence
agenix.nixosModules.default
disko.nixosModules.disko
{ config = (import "${self}/secrets" { agenix = false; inherit lib; }).${hostname}; }
./hosts/${hostname}
];
}; };
modules = [
defaults
impermanence.nixosModules.impermanence
agenix.nixosModules.default
disko.nixosModules.disko
{
config = (import "${self}/secrets" {
agenix = false;
inherit lib;
}).${hostname};
}
./hosts/${hostname}
];
};
luna = let hostname = "luna";
in nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit self;
inherit blog;
inherit flake-utils;
inherit inputs;
inherit hostname;
inherit nixpkgs;
inherit lib;
inherit persist-dir;
root-disk = "/dev/nvme0n1";
fqdn = "orion-technologies.io";
};
modules = [
defaults
impermanence.nixosModules.impermanence
agenix.nixosModules.default
disko.nixosModules.disko
{
config = (import "${self}/secrets" {
agenix = false;
inherit lib;
}).${hostname};
}
./hosts/${hostname}
];
};
};
deploy.nodes = { deploy.nodes = {
orion = { luna = {
hostname = "boot"; hostname = "luna.hosts.orion-technologies.io";
fastConnection = true; fastConnection = true;
profiles.system = { profiles = {
sshUser = "price"; system = {
user = "root"; sshUser = "price";
path = deploy-rs.lib.x86_64-linux.activate.nixos user = "root";
self.nixosConfigurations.orion; path =
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.luna;
};
};
}; };
}; };
luna = {
hostname = "luna.hosts.orion-technologies.io";
fastConnection = true;
profiles.system = {
sshUser = "price";
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.luna;
};
};
};
} // flake-utils.lib.eachDefaultSystem (system: } // flake-utils.lib.eachDefaultSystem (system:
let let
@ -132,19 +102,16 @@
inherit system; inherit system;
overlays = [ agenix.overlays.default ]; overlays = [ agenix.overlays.default ];
}; };
in { in
devShells.default = pkgs.mkShell { {
packages = with pkgs; [ devShells.default =
age pkgs.mkShell
age-plugin-yubikey {
pkgs.agenix packages = with pkgs; [ age age-plugin-yubikey pkgs.agenix nixos-rebuild pkgs.deploy-rs ];
nixos-rebuild shellHook = ''
pkgs.deploy-rs export RULES="$PWD/secrets/secrets.nix"
]; nix eval --json --file ./.nixd.nix > .nixd.json
shellHook = '' '';
export RULES="$PWD/secrets/secrets.nix" };
nix eval --json --file ./.nixd.nix > .nixd.json
'';
};
}); });
} }

2
hosts/luna/modules/users.nix
View File

@ -8,7 +8,7 @@
shell = pkgs.bash; shell = pkgs.bash;
hashedPasswordFile = config.age.secrets.users-price-pw.path; hashedPasswordFile = config.age.secrets.users-price-pw.path;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkWsSntg1ufF40cALcIBA7WZhiU/f0cncqq0pcp+DZY openpgp:0x15993C90" "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJ9ODXLAIfGH/7VNobQsp5nwBvNoh+pQMEH7s2jkHpkqAAAACHNzaDpsdW5h"
]; ];
}; };
}; };

2
hosts/luna/os/fs.nix
View File

@ -21,7 +21,7 @@
}; };
}; };
fileSystems."${persist-dir}".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
disko.devices = disko.devices =
{ {

10
hosts/orion/default.nix
View File

@ -1,5 +1,9 @@
{ config, lib, nixpkgs, ... }: { config, lib, nixpkgs, ... }:
{ {
imports = (lib.recurseFilesInDirs [ ./os ./modules ] ".nix"); imports = [
system.stateVersion = "24.05"; ./modules
} ./os/filesystem.nix
];
system.stateVersion = "23.11";
}

13
hosts/orion/modules/default.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
{
imports = [
./audio.nix
./bluetooth.nix
./hardware.nix
./networking.nix
./nix.nix
./power.nix
./user.nix
];
}

4
hosts/orion/modules/networking.nix
View File

@ -66,6 +66,7 @@ in
UseDNS = networks_dhcp_use_dns; UseDNS = networks_dhcp_use_dns;
}; };
}; };
}; };
}; };
@ -86,7 +87,6 @@ in
networking = { networking = {
hostName = "${hostname}"; hostName = "${hostname}";
wireless.iwd.enable = true; wireless.iwd.enable = true;
useNetworkd = true;
}; };
} }

62
hosts/orion/modules/services/openssh.nix
View File

@ -1,62 +0,0 @@
{ config, ... }:
{
services.openssh = {
enable = true;
startWhenNeeded = true;
# We set the hostkeys manually so they persist through reboots
hostKeys = [
{
path = (config.environment.persistence.ephemeral.persistentStoragePath + "/etc/ssh/ssh_host_ed25519_key");
type = "ed25519";
}
];
sftpFlags = [
"-f AUTHPRIV"
"-l INFO"
];
extraConfig = ''
AllowUsers price
'';
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
GatewayPorts = "yes";
LogLevel = "VERBOSE";
KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
Ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
};
ports = [
2200
];
banner = ''
Orion Technologies - Security Notice
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have written, explicit, authorized
permission to access or configure this device.
Unauthorized attempts and actions to access or use
this system may result in civil and/or criminal
penalties. All activities performed on this device
are logged and monitored.
'';
};
}

37
hosts/orion/modules/user.nix Normal file
View File

@ -0,0 +1,37 @@
{ pkgs, user, ... }:
let
user = "price";
in
{
programs = {
zsh.enable = true;
};
nixpkgs.config.allowUnfree = true;
users.users = {
root.initialPassword = "pass";
"${user}" = {
initialPassword = "pass";
shell = pkgs.zsh;
isNormalUser = true;
description = "${user}";
extraGroups = [
"wheel"
"docker"
"nix-users"
"libvirt"
"log"
];
};
};
environment.systemPackages = with pkgs; [
ungoogled-chromium
wezterm
yamllint
stylua
eza
];
}

19
hosts/orion/modules/users.nix
View File

@ -1,19 +0,0 @@
{ pkgs, user, config, ... }: {
security.sudo.wheelNeedsPassword = false;
users.users = {
root.hashedPasswordFile = config.age.secrets.users-root-pw.path;
price = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.bash;
hashedPasswordFile = config.age.secrets.users-price-pw.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkWsSntg1ufF40cALcIBA7WZhiU/f0cncqq0pcp+DZY openpgp:0x15993C90"
];
};
};
environment.persistence.ephemeral.users = {
price = { files = [ ".bash_history" ]; };
root = { home = "/root"; files = [ ".bash_history" ]; };
};
}

73
hosts/orion/os/boot.nix
View File

@ -1,73 +0,0 @@
{ modulesPath, pkgs, ... }: {
# imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelModules = [ "kvm-intel" ];
kernelParams = [ "audit=1" ];
extraModulePackages = [ ];
initrd = {
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
# availableKernelModules =
# [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usbhid" "rtsx_pci_sdmmc" ];
# kernelModules = [ ];
systemd = {
enable = true;
initrdBin = [ pkgs.libuuid pkgs.gawk ];
services.rollback = {
description = "Rollback btrfs root subvolume";
wantedBy = [ "initrd.target" ];
before = [ "sysroot.mount" ];
after = [ "initrd-root-device.target" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir -p /mnt
DISK_LABEL="NixOS-Primary"
FOUND_DISK=0
ATTEMPTS=50
printf "Attempting to find disk with label '%s'\n" "$DISK_LABEL"
while ((ATTEMPTS > 0)); do
if findfs LABEL="$DISK_LABEL"; then
FOUND_DISK=1
printf "Found disk!\n"
break;
fi
((ATTEMPTS--))
sleep .1
printf "Remaining disk discovery attempts: %s\n" "$ATTEMPTS"
done
if (( FOUND_DISK == 0 )); then
printf "Discovery of disk with label '%s' failed! Cannot rollback!\n" "$DISK_LABEL"
exit 1
fi
mount -t btrfs -o subvol=/ $(findfs LABEL="$DISK_LABEL") /mnt
btrfs subvolume list -to /mnt/root \
| awk 'NR>2 { printf $4"\n" }' \
| while read subvol; do
printf "Removing Subvolume: %s\n" "$subvol";
btrfs subvolume delete "/mnt/$subvol"
done
printf "Removing /root subvolume\n"
btrfs subvolume delete /mnt/root
printf "Restoring base /root subvolume\n"
btrfs subvolume snapshot /mnt/root-base /mnt/root
umount /mnt
'';
};
};
};
};
}

6
hosts/orion/os/default.nix
View File

@ -1,6 +0,0 @@
{ modulesPath, ... }:
{
zramSwap.enable = true;
}

78
hosts/orion/os/filesystem.nix Normal file
View File

@ -0,0 +1,78 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
initrd = {
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
kernelModules = [ ];
luks.devices = {
"luksroot" = {
device = "/dev/disk/by-label/NixOS-Crypt";
allowDiscards = true;
};
};
};
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
zramSwap.enable = true;
fileSystems = {
"/" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "noatime" "mode=755" ];
};
"/boot" = {
device = "/dev/disk/by-label/NixOS-Boot";
fsType = "vfat";
options = [ "defaults" "noatime" ];
depends = [ "/" ];
};
"/nix" = {
device = "/dev/disk/by-label/NixOS-Primary";
fsType = "btrfs";
options = [ "subvol=@nix" "compress=zstd" "noatime" ];
};
};
environment.persistence = {
"/nix/persist" = {
hideMounts = true;
directories = [
"/var/lib"
"/var/log"
"/etc/nixos"
];
files = [
"/etc/machine-id"
"/etc/nix/id_rsa"
];
users.price = {
directories = [
"Git"
"ISOs"
"Downloads"
"Keep"
"Notes"
".local/share"
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".ssh"; mode = "0700"; }
];
files = [
".zsh_history"
];
};
};
};
}

75
hosts/orion/os/fs.nix
View File

@ -1,75 +0,0 @@
{ modulesPath, config, lib, root-disk, persist-dir, ... }: {
services = {
fstrim.enable = true;
btrfs.autoScrub = {
enable = true;
fileSystems = [ "/" "/nix" "/persist" ];
};
snapper = {
# NOTE: According to `snapper-config(5)` the default timeline count for all timelines is 10
# (see TIMELINE_LIMIT_HOURLY, ...DAILY, etc.)
configs.persist = {
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
SUBVOLUME = "${persist-dir}";
};
};
};
fileSystems."${persist-dir}".neededForBoot = true;
disko.devices = {
disk.${lib.removePrefix "/dev/" root-disk} = {
type = "disk";
device = "${root-disk}";
content = {
type = "gpt";
partitions = {
esp = let label = "NixOS-Boot";
in {
priority = 1;
size = "512M";
type = "EF00";
content = {
extraArgs = [ "-n ${label}" "-F 32" ];
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" "defaults" ];
};
};
root = let label = "NixOS-Primary";
in {
size = "100%";
content = {
type = "luks";
name = "crypted";
settings = { allowDiscards = true; };
content = {
type = "btrfs";
extraArgs = [ "-f" "--label ${label}" ];
postCreateHook = ''
MOUNT="$(mktemp -d)"
mount "/dev/disk/by-label/${label}" "$MOUNT" -o subvol=/
trap 'umount $MOUNT; rm -rf $MOUNT' EXIT
btrfs subvolume snapshot -r "$MOUNT/root" "$MOUNT/root-base"
'';
subvolumes = {
"/root" = { mountpoint = "/"; };
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/persist" = {
mountpoint = "/persist";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
};
};
};
};
};
};
};
}

6
hosts/orion/os/hardware.nix
View File

@ -1,6 +0,0 @@
{ lib, config, ... }: {
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
services.fstrim.enable = true;
}

1
hosts/orion/pubkey.nix
View File

@ -1 +0,0 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuypHJpFMaElzWO2QrPNF5o97LGJK/LckHuWvfwIFWI orion"

8
secrets/default.nix
View File

@ -15,14 +15,6 @@ let
gitea-db-pass = "${secrets}/gitea-db-pass.age"; gitea-db-pass = "${secrets}/gitea-db-pass.age";
gitea-runner-token = "${secrets}/gitea-runner-token.age"; gitea-runner-token = "${secrets}/gitea-runner-token.age";
}; };
orion =
let
secrets = "orion";
in
{
users-root-pw = "${secrets}/users-root-pw.age";
users-price-pw = "${secrets}/users-price-pw.age";
};
}; };
in in
if agenix then if agenix then

23
secrets/luna/gitea-db-pass.age
View File

@ -1,15 +1,8 @@
-----BEGIN AGE ENCRYPTED FILE----- age-encryption.org/v1
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFmRzBvdyB5Sm54 -> ssh-ed25519 1fG0ow ItVCvyKKXcmZVvuomgGsRw91c1jQCLXGPkIh2VXvGFg
eEZVbVJZeENxVm5YWjBzNHlSRG1FTEJvRm5QU0pnU0RSSkVPMlFJCk1mTHQ2eUVs NjOqD/+g+6FvOqurcaKw5LrZpmc2Tlo277ZYkv3loWU
WUFTa3hwM0Ivc0JnWjJPdUJLWTJxUnIrcVkxV29jQmF1R0EKLT4gcGl2LXAyNTYg -> piv-p256 rJs1HA AuseeP2+foV1YzNuU85cqXN/t/MxL1CSMfev9EBnn547
ckpzMUhBIEF5T2FReDJ6akp1MjBCMWlKTnV0NnFyZVY3b1hnbVhwZmhVN3c5TDVP ErXvkp3KKibgLNbOQmE3iM1CjgooVs/Nsup84i4U8ds
YW9DCkxUNk1lR1N4TzFHSGdLNERaQ2wxdXd4bjVtUWFKT1h1QWYwUVpjazZPUlEK --- lWtn0ntT2K5N9LlQR69UYGyJvELufjKuEqnWceJWZdQ
LT4gJjVRQU8tZ3JlYXNlIDpICkxWSHdOT0EwSVpXdzJoQmVEeHdIdGlxVEdXUk1w ~eàt!ß„¦®…p`±8ÙîÓïó&nS ØW?§JåÎKY°U Ÿ”6?|I´Œ£MÇQ0ÿÛ¸ssêR,=¡??O²e{)^ŸiöœÇ÷
MkoraTB5anIrUStOMGpMbEdpYkhadUliZTA1R0N1d3h1Y1IKWkc2NzVRCi0tLSBR  åéAg</綵ñsºÝØ<1F>ÔêSjœŠýÁÐB—'áÕÙ§ <0B>¿~PTQ—¯Öy“ئkœ>ªnò4}(ˆóe£QHU"ð^ؘ?ไ}'*ò¼%†,Pˆ¤ªg½A Iêy9“15<35>ëU¿ôt
Y2cxTnB6bElHWHlMeXhxajhjeDF2TTJqMndJbjlNUWVUQ1c3QjhJTVdnChQsSDjC
IWGSOJD8wfLlou/BFvp7x/e/dobgW3FMazunhUqV5K09jp1Ak7nTeeyRDUz+Mpv5
HaZqL6aCWNn6ZhprF+ZBZfYVyw7EdaCWNAFrR25DP8/JQrQ3lrJIoJZ3VF1a4y+l
55rLJIfBkho6HHycZ6hde8fo4lGUMhsSC2cKviMwa4FvMH3QpodOuN0h5PAX20mg
19uVVQnw4AOUgzm7QZ32Gesj8vORnQHQbFhERlooDuxTSrvnkpBztaxSTVPcv5d+
wDf/rxP05UA=
-----END AGE ENCRYPTED FILE-----

22
secrets/luna/gitea-runner-token.age
View File

@ -1,13 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFmRzBvdyBYTndG YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFmRzBvdyBlUHdp
b3pCWDA0T3hnMC9mOXlEaWRLMVpSbzhmeWliMVc2MElsekJhc2dVCmFicFY1WXAv cVNLL1JFQklDckkzL0U3a0FDUVZOZWhwZG1naVJqNVpoRVd5cmpZCmwwQ2ZvaUNj
ZEZNaUNLcE11V3pqZHBBWHZXTzRXTnBHN2h3a1R5ZkhzaFEKLT4gcGl2LXAyNTYg Nlh1MFNGYU1JYlAxT0pUdkoxci9FTmJsZ1lSRDZkY3pPWjAKLT4gcGl2LXAyNTYg
ckpzMUhBIEE3V2dzUkhYYmFTSHAvdlNmeUgvRENzbmV1N05QQUNoMlRMMjZPVy9w ckpzMUhBIEFocExaRzlJRTBraGExcU1SeDlwc0doeFg0bVM2UTcyMmM5M0dCd0FW
WmV0CjJsZFowa3d5dEpZTXF2c05tSkJEalc5bFJUNmxGdUZwQTlTQjVEQXJxSkUK RWdhCnQxRkxTMGsrR3NCMXpUK1cwWnloL21qUHZqSFU3bWxFS0VkclpYWXBnbFEK
LT4gQUZ3c2BxRS1ncmVhc2UKa0dwbElwS2NYaU5ubzdUSHpQR1RTWmFXOUxweStD LT4gTShmXXkvUS1ncmVhc2UgNzVuKF4mMyArPCV3eUcgMmBERXtCKFIKSDF3bC9S
Y0Z4emdFNHpIb2ViQnZmWFdnUVB3YU9CL3I2Vk1Nc2Y1MgpGdTFLeHNwVlBzd2la ck12T2hJTVpoR0svcnlqVVBMYk1zc0tSdGlQL012T1hZYm1veGJSSVAveU15dFJH
NTdNT1c2T05uQkpUT0t4c2ZSeFNiZ3ZXSzhzUXNHOUtUMDRKQyttQVF5QXB3Ci0t V3FRK0NmZXF1UwpaR25sTUhEZUJRaFQxbTF2cGFCUUJIdEZ4a1l1NFlGRHlzQ0RO
LSBqYUdhdGdqckRRcE5IS0EwTlZ1dEZlRm90TStiYkxzdTZabGV0VjlSK0N3Cu+b NkFOcnhvVAotLS0geGp3WVlLUjg1RnB0cnB2MGJoRk9rRkFDcmFsUnpXRWhkekpP
4KRcjCda0CxdH4Z2pw3ndhUU596wdGT7Py92uIiV3kdPLFgaUXHL8qMiAoC74o9T cWRpLzZiQQrrB7VhL4u7FMMZeSI9ruONPo9wpa77+JH8y/g8Dm5ORaxp+OAOihAP
BzCx4IobN6ysTTSqT3awzFpJGt8Mqt4sjt1zEz4= D25jGbe5+KgTU/wQb5piJLAB2PyBl+2z57RXPXquZ9eJ85L+rb00
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

21
secrets/luna/gitlab-runner-reg-config.age
View File

@ -1,14 +1,7 @@
-----BEGIN AGE ENCRYPTED FILE----- age-encryption.org/v1
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFmRzBvdyBEUlZU -> ssh-ed25519 1fG0ow oP4nP83S4Hjf4MScoNCBbE3i4Vnzz5XiuJqaLXzRbw0
ckVzR0ZKTlBXREpNa050RWtXMUtPRkMxWmNTTWRDUGgwckdSZUFrCmUwMGIyZ0dn rNOkeT8FfDLCoUnghLs8/Fpzy4qINhhIhtgB3Ep3REc
a2k2UGszRkNScXFCTmJYbDBybHpyU3BVVUdCdFZtMU1sQUkKLT4gcGl2LXAyNTYg -> piv-p256 rJs1HA AiyT5IFnxwxoONmRezlvneUSYSEjglGeXYav8x7Xt+HB
ckpzMUhBIEEwbWdxYkhDaWdmcXV3QmwvSEV3WlR5Yy9manVkQllTVjhFcjdNcWRF JWAyCMNQNe0+LSRqdQV+f5PGixWMXFMf/wQmyoMEKNE
bldOCnFHbkdoZGZKMUQrMXNRSGMvalpMTHBkMm1kZTV1S1NmNndUVHVnUkhxVlUK --- ZnfbHqBM/51+BXYGhcSzBN6k1UtZpKJshgmxrr2eFGo
LT4gezRJVzwwVC1ncmVhc2UgNFhtO09BJG8KU0N0K2c0c1NUaHhFeTdQb1lnMlZL ô<EFBFBD>™?f èÇíÇ$®À<08>Æb t,ñ$åÌ<C3A5>á€o8R«¸ûò­;¾Øn!õchzg•ý‰—lÁ= 5îOcâÀ—¯BNJð½„ÉaH1Ïýuƒ?ÙQCþfºN{†$ûM¨wLbs¾€:+•Ãá?ZC0™òÚ
K0ppVkpEU3M2R3dGWUxIdkE4OFBhZ2pwRmF3d1NERVB1QUhrVk9yYVZxcQo1bEpP
OTBpdW9rc3RwWGpOV0NCakJiZGhEdXFvQUIzNVg0WlJkZysybGlNCi0tLSBjOEUz
ZUNxQXJ1WWk2R1BWQUpLemJkTXZkYmhLYkJpMitVbHJVUWl0SzEwCh1AImuieRv+
7+iqnBDVtJWT2qTv3X9wTRe0eyOWiYSpeXKiaIpUOf8K09n20dVHBFFSWZ5aRMhZ
pDqcj5ibodPGY7eJMgQhiAfzOVTxZo2oWyA4vmO9RRYbFKM6L6KHVP0vb+1n9cYp
GumKH5zthkXJmPNJECwTQ2Bf15ggbA+K
-----END AGE ENCRYPTED FILE-----

22
secrets/luna/users-price-pw.age
View File

@ -1,14 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFmRzBvdyA4VGhH YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFmRzBvdyBxWWpi
VVZrUUE3SUg3SGNMTWdYUDROZFRqRW13WHVjQmpmWHVOdHFtakE0CkRiQ0VnQ215 V2c2RkxLanlGYjZ6L2dPYmRHRWwxK0Q0aVNCakNzdFdtZ0k4dW1vCjcrQmptaGgz
bU9XZDlMYWVtcEd1c09BYlFkcVZnL0xYLzd3akREdkxoMTQKLT4gcGl2LXAyNTYg SmpOb2RFTUlYM1ZWc2U2RkF5eGJzWkI3ekk5RTJXLytHYmcKLT4gcGl2LXAyNTYg
ckpzMUhBIEEvSytKaU45NC9Pa3d2OWtFUWltdjdpM3cwRmhCOU5YRWlSNUFFZThP ckpzMUhBIEF4enp2K0FvSFlEWWowT3JSaGV0Rkd6WTlrMlRlZUlhK1B0bFRyWkhD
NWp3CjF5YzlYaU9jOFlsZ0xBWHdXS09TVHc4VVBxOGdoR3kxcjZnczY0cWhJRG8K dTJ1CklMcFlLYTMwQ2YyZUdEaHZ2ZW10VEN0NCsxWGJQL2JvZG40NGtobVE0TXcK
LT4gOXN0LWdyZWFzZSAnSnVjMGpPdyBWbXN8WEkgcX1eQmFpClY3NlhUMFRyMURJ LT4gZmtMNilcfS1ncmVhc2UgI3ZZX243IEkrUSRdblp6IC8KTC9FRERrUGNLTlJs
Wmw4d0plM3R4VzNCeXZnK29jbVl1NHc2ZjdCb1R5M2xEYlhXMFBTbVlHdngxb3hJ SEEKLS0tIFVHQlovUTVTMk9WY0NwN0cycjJEa0p1L0h0R1BpNFh4am5TVWp4WU5L
Y2lIdlAKVTF3Ci0tLSBZR216cXRYNmJ1ZHJ4RHlmaWdTcmpSR0cwMVpDVTh4QjBl eGcKXXflLkUPB2sSYVNl+4O1QsWXEKtBItZbM7RP+glsuWQfHJBY133UzVMgXTy0
Z013Uktsbjg4CnXf38il0oLVMjg7GwLmE6GCh4R3EJ7Bs6fPZLf7ktcCmy3FAiVQ 4yvEcD/ixQaKpSIkeOM+bz0IWjyU0y+zL8opR5xX0AMGJZfeNemIZAo8KpmQsoXC
nZ3nndURKmcvawZHCnnANYKxzILcwgF1eQrtV4Mf/giBJGQASu8zx/F7NIR1vXnt 7U0McvbgHkfakV1ONxYCgurPZPDW97Mk146oyU9bE/amgKh2MvNM14RmY4y2uw==
IOXiboxism7lhh2Za+qK0hdxaDsmXvB46kuxgtG0x2E3jC0NaANKFEmE+aS3iMTl
q1cdOuM=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

19
secrets/luna/users-root-pw.age
View File

@ -1,12 +1,7 @@
-----BEGIN AGE ENCRYPTED FILE----- age-encryption.org/v1
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFmRzBvdyBJbnRJ -> ssh-ed25519 1fG0ow +SBbIzQJWyDWdD0tj2OWJ3dRLL2gHQsIGiAInsPwyBQ
MTl2TGR4OTQyV0VVSm9CQ0F3K24yZmRpK0xrODdHWDZTTUtyRFFvCjB1dnAzdkxu GoWyi5Gnh19JavszjXPzAspL9aHzdoJSvYCIWMfaSEY
REREamdiZmRqdmxSQm1ONHZiKzVpZnZBczFrcklJRnZzSDQKLT4gcGl2LXAyNTYg -> piv-p256 rJs1HA A6Yi0bpMERl4TtMhIrJcqpr8Wp9kGwVcam4UFERNhWVz
ckpzMUhBIEFzMFRXOEJPUDIrb2N5MzdoQmZmR0VlQ285SnBxRk9heGh1SmxaYTJR PHzAZ115Ua58SKtTNIpVvNOwSJGvedwn7EozWCDnh7I
MmhECmhFV1BiL00xMFdpOHlublJHamhmOVVaODB5TE5uT2NCVE5Uc0l2SURWU1UK --- D0hr9/p2mwX7QizZ8UvEEttJZDwW9z4aTqrEOOc2m9s
LT4gWnxYO3RGLWdyZWFzZSBxVQoKLS0tIE13WGJqR0dpY0p3UlBkeWFVVm96M0Qw úJ‡x<Åc1À„ÐjÙÁ÷ëlˆ!qVŸ°øàªÍ¡t­ïð¿?ß<-÷hÉ"´êbÉbǨHƒaŒUÙ<55> ™Èô¢ó݆ ¤jÏS©çF`!Aªˆ¥gkz´•‰wWQÐ_°VU•íâˆÓâYm±>\]úÀ^ÍüMŒžÖîghk>­ñ8¤´b
Y0ttK0FGTHZDa1I2b0xCeE1aT1UK7DcEAWPiclnaKA9MZNtiIf89clLK3aADLgA1
Dj3VvSYQbC2/GlS8KKpnB5KrwuMHEiCFk8QNzP3u5kmxtoxR88mxGgOczNoQu8Fd
2rDXEQGmt+1xt8mO4nj0THABrxvQTr1lYappdvmuT1w8py1ip4qTZWw2hv9kiCQ1
Lu6rJssCAUEs/NWAWfD2Mg==
-----END AGE ENCRYPTED FILE-----

15
secrets/orion/users-price-pw.age
View File

@ -1,15 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGNmNCtpdyA3UHl3
QmhOR0tjcFErNVpJd1JNbzZoWmRmVEtiNFR3d0xia1dNOXd2WURVClc2S1laWDZ2
Q2E0dU56RUVoN1RmS2lpazlnVFhEUkJyUnE4WmZ5OGNnL00KLT4gcGl2LXAyNTYg
ckpzMUhBIEF0emdpQTkvaHoxakRIUHFNZnBKNzZoRkpmYzM3L09yeko5SW91ajRH
dy9iCklwTFB5Z01pc1A0ZnRKVEFoYlZsQjBiL0l0cVVwcm13cnNHTEN1ZDZnV0UK
LT4gfDZrMWtaPXEtZ3JlYXNlIHwrfV8geFY1Mz53Ogp3QTdqM0wyMGx4ZTNicEtP
UktIYkpMLzhSaC9JSG9FeWNvNGlvQUF6VDE0bW5HSEUvVCs3L01FU2lnNVNqNysy
Ckt0WFg5REJRdnZ0ZDF4T2I1eFRkb1ZLcjliWjNNNytxYk5RcWpKSDR6MUpsWURu
OWdDQWlBQU9rWTk5RU9sQ28KblEKLS0tIEF6Skh4N0NWMVlZOXcyWVhiMUtWRXcv
dUpNS2xnMHBRd1djbC92TUI5bFUK1ZM/H3yxgBVHspKrfNM6sag7ZiT+ZypSDouI
RoNZBcEjQUarcS2Dxn4G9amAUor0gZcl9hlx3OQnG8HLrFLhryu/550aKeVJZxtV
9AJdDMV2XuEqSEx+mjNeUwAc1nvO9nTC0YKwvFILtvJPPateLZhbGfOzba2UO4EM
aoX5QgifkfqJx7ZZ9Qmb3Q==
-----END AGE ENCRYPTED FILE-----

14
secrets/orion/users-root-pw.age
View File

@ -1,14 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGNmNCtpdyA0T2Y3
RjdlVHRGVzdTa2VmQ05tNFUvc2xVV1NxZ0xRV0JXOXRCa0V6ZHowCnVsaERWYjN5
c2J3V3A1LzRqZUNUQWU0Y0ZMSkQ2OHRkRzJIY045L2VjQW8KLT4gcGl2LXAyNTYg
ckpzMUhBIEFsMnJ3ZGhkNHRaTi9BNjk2MnBsMnprNE5CdEhTVGJJMHR4aG1CbVZJ
WnhYClVvNUh6L1AvaERGb0pZVU1kUzZLWGNLSVo3NWZSQ0dZSFI2WDlxcFlpNDAK
LT4gPmZIbidXYi4tZ3JlYXNlIEdLKDI4cmggSgpOWDVqak1iald1ZlRPcm05VVEv
ZXhzMHE3RGo3SEs3blRMSHpoRU9QeFVpdENERXFnNE04NDBuMzEzSUhhRUw5Cjh3
bUNYRkl4L1plQk5mRzZHSmtPUTZaMCswR052bndrbWpNL3lYRQotLS0gQ2pMTVBx
VlZyaUFvc0NJOTFkZGVsZnJUYUlnVmdlem5SdFV4OGMvYUhvQQocxqI0TBwKWsSJ
amGmeBJsUze1Rhlg9ErW7ei+dA//DuPIEK4nqCpwTNyhJGbBUBJKOW3plX2NyQwH
ReC0GvHQRSxQWUyzPdDRefAhJpbFX/TB/TlB5k/iq3/BgXacLOuUtbkUWtPu0X+R
jdYtCHiJGY5IuXrfhP4OZcPbVhVGEx67e5ca0RMbsAqJ
-----END AGE ENCRYPTED FILE-----