refactoring vpns

hosts/snowbelle/configuration.nix

@@ -20,6 +20,7 @@
       tailscale.enable = true;
       vpns.enable = true;
       vpns.openvpn_pia_mexico = true;
+      vpns.wg_pia_mexico = true;
       nvidia.enable = true;
     };
     homelab = {

modules/system/vpns.nix

@@ -13,6 +13,11 @@ in
       default = false;
       description = "enable pia vpn to mexico using openvpn";
     };
+     wg_pia_mexico = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "enable pia vpn to mexico using wireguard";
+    };
     
   };
 
@@ -22,101 +27,37 @@ in
     services.openvpn.servers = lib.mkIf cfg.openvpn_pia_mexico { 
       openvpn_pia_mexico = {
         config = ''
-          client
-          dev tun
-          proto udp
-          remote 77.81.142.240 1198
-          resolv-retry infinite
-          nobind
-          persist-key
-          persist-tun
-          cipher aes-128-cbc
-          auth sha1
-          tls-client
-          remote-cert-tls server
-
-          auth-user-pass /run/secrets/openvpn_pia_mexico_auth
-          compress
-          verb 1
-          reneg-sec 0
-          <crl-verify>
-          -----BEGIN X509 CRL-----
-          MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
-          EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
-          cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
-          HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
-          ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
-          aW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa
-          MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG
-          9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5
-          jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EW
-          B4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Re
-          ze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA
-          5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqy
-          MR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A==
-          -----END X509 CRL-----
-          </crl-verify>
-
-          <ca>
-          -----BEGIN CERTIFICATE-----
-          MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
-          VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
-          BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
-          dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
-          IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
-          FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1
-          MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
-          EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
-          QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
-          AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
-          ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
-          bmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXD
-          L1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzX
-          lH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWp
-          cdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/
-          8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB
-          /5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RC
-          OfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tL
-          y8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZO
-          sqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpM
-          b3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4G
-          A1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUg
-          SW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2Vz
-          czEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
-          b22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAn
-          a5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xU
-          ryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK3
-          7pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyC
-          GohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz
-          1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUt
-          YDQ8z9v+DMO6iwyIDRiU
-          -----END CERTIFICATE-----
-          </ca>
-          disable-occ
-                  '';
-#        config = ''
-#          config ${config.sops.secrets."openvpn_pia_mexico_config".path}
-#          auth-user-pass /run/secrets/openvpn_pia_mexico_auth
-#        '';
+          config ${config.sops.secrets."openvpn_pia_mexico_config".path}
+          auth-user-pass ${config.sops.secrets."_pia_auth".path}
+        '';
       };
     };
-    sops.secrets = {
-      "openvpn_pia_mexico_auth" = {
-        owner = "blake";
-        group = "blake";
-      };
-      "openvpn_pia_mexico_crl" = {
-        owner = "blake";
-        group = "blake";
-      };
-      "openvpn_pia_mexico_crt" = {
-        owner = "blake";
-        group = "blake";
-      };
-      "openvpn_pia_mexico_config" = {
-        owner = "blake";
-        group = "blake";
+    sops.secrets = lib.mkIf cfg.openvpn_pia_mexico {
+      "pia_auth" = { owner = "root"; group = "root"; };
+      "openvpn_pia_mexico_config" = {owner = "root"; group = "root"; };
+    };
+
+    # enable pia mexico w/ wireguard
+    networking.wireguard.interfaces = lib.mkIf cfg.wg_pia_mexico {
+      wg_piamex = {
+        privateKeyFile = config.sops.secrets."wg_pia_mexico_key".path;
+#        listenPort = 51820;
+        ips = [ "10.4.244.34/32" ];
+
+        peers = {
+          pia = {
+            publicKey = "avK/Bdg+hyLMqP2k/7eEBTkxwCSzyy8FymwO/vFjbQg=";
+            allowedIPs = [ "0.0.0.0/0" ];
+            endpoint = "77.81.142.245:1337";
+            persistentKeepalive = 25;
+          };
+        };
       };
     };
+
+    # secrets only if VPN is enabled
+    sops.secrets = lib.mkIf cfg.wireguard_pia_mexico {
+      "wg_pia_mexico_key" = { owner = "root"; group = "root"; };
+    };
   };
 }

secrets/secrets.yaml

@@ -8,13 +8,12 @@ borg_passwd: ENC[AES256_GCM,data:XOMJtr+DRs7xn5Iclc49iTzK9cFJyc/fSXJjhdKa9jdN,iv
 ssl_blakedheld_crt: ENC[AES256_GCM,data:EvImZ3y5lrmD2P2Cehd4yAyranHRBkejbnad1qmH9KbKeLNFsTcqW4L3NDYydbKurWCWYa/jJAL/BwT2xmUhwdFlarCiTFGnLXxMFhd6Tq+5if8r6BfSLCCS4IXcXnXP4k96ZR2fdD+lnDN1ljb7pI5hekz+HoVwBoLVVrfvQvqj72Kr5rfm5ttLN21yfi5DbgfX7n9AO6X32wzpIAXxQaYIFdPpm12WMpEX+zfxjjcpOR+Xv8npbs4AlopFaZ1N8d2AlM19ChwTZm/Zmq3BQt5Z2bhGsQD/s357F5ofmSfQ8BGXdeUguLj0BtZw6zrxQlySmJMNroBxrQresE7cdeoeEagZXXxJd0S64HcvonV3jjp4s5817YWLxGD8rws2fH9Ci91DEMlI+4/U9Jb/fWz7nxXSMekpNkGRrKPm6L+3/dxpvbkv9UyQi3OVTcx642WYyFaZnP6J6qcbH+itwfuPE1Fu+fe9IlIbAopDrvau0CGisU4FhX+NYMEmFu6N/+unFyMpj9qsqS8UFAXfgvSPRQTULqcaaOK7MRVh3JGOfR9qnbbPjt+aJRrkTW7q/8OWcqvxLgPnZlpPkvsg9PjcZmwxV4ooh3FC85vsrEc8tEqzzbrSWrJRXpL2ZJxsO2AfpHICexyjJium2Dm0hfR9EP5b4ltzeqg0rBeczec7/Tckafy3cGk1jCkPoDYN857Kl6oHi/9TduYvqReKJTV8dLB256M3TBeAYNQypCGceemPtcYrAgG+yMC8tnR57k5QjXsCmT69fAlPibvZdHUxh6Hqlx9sj5WU1NhGRCQsAj362UzGsEcVoF5/zcXVf4i2yCT+axNRyK/JU4JW6GaldJQ8PV+ay5RhNHtErgP18IaY7RjwTA0PVd5G839qbHZlJXiO/EvqrVpuy7UthQlvN+9Y+YM5jQMi64ahEcdWXYSjhqnbh6cZ3xfOXK0egTpy1/xG+FXpFMIvqK2gPZrB1B1Wc0XSvpOBFxTRaWlfDYeVwDtw9QCbM/7jhD9jaopdhMoPH5J/guLxMhRtRw0CJUemnTX1KJ8dGpvDfaCdj+I7ptb7vQ0wAfU/ferpfLX07j6g8MMa4p9jzI9BtXyd9OEOtyFfV5X5Mls9FfhmNi4+ES8LmawsLiyptKKUA7db4GZ4CLJqeR3khh/sej/ESgeXTfLXlOQbIALOdfrPo1t0fDRlW0H42FhmyHeily7KCBFS/pcziTVkM1YPrfyCXH6p8hVBNJ/JYWlEoS5qAxfcXP6cS+/3L16Y5XEP2Aea02qhim02C3qIX+6CQAc5QmuMfl+itnmWdTdwpPzEwVExoUQLCNTU610mkkKtSdMe3aLzmMrfQskEwjMhfXCwVsO+HWugi7im5GAezs+3wuK8j4GYai2sMerKesl4mJXIZWTLJqG8Vj7yKMHJ5mCiOPPYQ3AL++s916kRu3gO1evxfzul7ndh1GypVbX66QZotV9/MN4wSGxw/RCRscZrM+XzmlrhiKT3uezF9KKiw9J1F3zDrtcjmIqll2WVn+U5uzPYEj6TeC5ty/q3OdhYY58U7qe84Pj5zq72bLegBMMK8sG685ylPWD5l79+3D+JGCbjRTwu2oNaIdy9wem0rl56YX+kcGQC2IQcWXcIDASVhAQjguTU/mmMzLNZb3effZ4ZNAmnWgra4hnjEqChuxKlEM7blm057K2G7HP/j82Xy9VsBOTTc0Q2KJZpdb9t+vfDUNJtNdog5w5SnObRqIkUdDrFx04tGUDp/8eqqSHZWZOLq+G4jzarn6YhvNpEote89cARCqdZGhREJFi+zeFWhguasltfSjXhQrYc2p46GlV4USKuWiyIUny5I5/HR2/0Ci5vK2wh1jZ+JC53sKxA3MHg5Udyqkt8tLK+5X5NL6F9EBCRSzCqXDCds6mGu26X5Qt10UZdLTxJs3M0x3bSbN1qJUnv6K0iKgAVw09jeXzKcVXbmFQUDJoVEErIcg1Oed8EwfJu274rF8Nfxh+29LE0CO3q/pR0P91eiUKLKK6oy9tpGnGrnRViAZS3LvVsNVdlWBSEm6WSiwM97hDH3CFqwUHPYzM830DZS6bfIL0OfT9lH5a1f7+Uywi3O3EaJaR0lr5esGJImOQG02yjCvqmdS+igFMKzdAyxQO1WSXDwHXZGTYZbhqyGYK+zc89lKdBaXiC91POQIiz5/xciXqb77YnXKeg4g==,iv:VQIqXN3r7DOVREX4fP5/OR8xECXLjYKfhd6XP3ghMaY=,tag:eVdyxrw/w5zBGxV6Tai2Pg==,type:str]
 #ENC[AES256_GCM,data:3G8XqUKua1QgUxv2YJkW0fDnQPX7+v8GDC9BHg==,iv:BkESkMmMalgesy9why9eaKkOOvwSsN2EhNCRRRmZNtA=,tag:x95zt2B2M19BkzeMpAlXIg==,type:comment]
 ssl_blakedheld_key: ENC[AES256_GCM,data:Jhb2yiIYlfJ8mewzohseWQYZ2pEYy8x2c9B6OH/P46roY2cljRJ3xb3e59cEkAoTvpuv8BE+fN94Zr+1BFjzsDrpf9YsaIXkH1j3wiAEd06G//KduSrJkNz6v4IxGHfASRCUE45xASvGXBWk24lUlOcsPQY7olncjdpqNQ5gxKGv1fYHfeFVgQkSZbhY87uT5DvuN2G1st7LX6cU5Fvs8GlMAKa5RhCKH1rE88wA3uNfaW0ffobmfQoUMhNlXfuIeOMw9HdYfpVxYCu5qlCLsqV/Upux8QGpfSdUnPUnHUAjdHpsU859cQjFGKaw0fpkUhLxh06z0UDUQ9000DDVYBfzmGVasSjwCJO0J1MbaZZy7Wv+XSgozl9FWeYEO+R7YN6R4K/rE2/HzxVVTmufIcinOH3oMPKrmvKFSNNCEIsDWqcGLtj5QFYxuK12Ra+rudJYPg6JnN3MYQ4W/Tlyy41zlwnayAp2xGowUJvfbxWkdsKtnY33NqRhPpM3vNWTgT+4t4HgikX1vaN5Cefre14f4wgn7N+CGCdsxrXMIfj5KL9GmdrWDtWFlkWlJtKti4AvJi5ud7iLhj31BrDRnjlNtPKMtC/YgSvVg0QxinlBAxtrovcujkd+LjNs7TvM3skUnXzU902gv+mGBce1WnywUYcUj1SLEo6qiimgiHSrk9zjLxoREWXpYILGTDY39pFQ8XnSFGaxTqcp/KvMiYlJO67qiQcKJscWi40HIkxL/tRiYoUKhGUnE3CTbvhfbDfjJkXr4vu5a26eZxDqi6xnvwF20fq0LgR9TN9VRL6v1/B+AH0O9uFceJSnKamq+N3bRFllpqkbZr7csQLRqb2UTbb03JOm1+y0dz7nJR7N4f07YmLPob8yYHjMlL9ge1kP9RWCVl9hL8hrzSavb3igzP841ckTyGX5u6v3HLssnSZb1XkBiv787/j+X/FZq7ojZu3cNBWQ+YnyRKS3RXFLDvrjGjfHhlO2loU2t4hj4YE5JLqxACLwSMcZP7ReJTp+qURLP1N157GiMItJAbKUAI8txtBV0ROcnBh8JdyYXZa5qqcP3FQrfB0HRWSWC3DWXlal44kW2tMfQdz/+pZwYhHR7L+1JpuLgFJ0N1iU3NePZDdXBY/MffRkz8JhsDCSK0yLa8hkshdIvrXB/gxS4pKbwdLUUkks3RZsLB++KOFimbC0OSkVVtsTtvvpIs3rOMHq1NDiFQghCAgjkDTq/t5wl7WNyHq+F8TpeBfTqB+so1RVJ36Ibv6BWN7+owlrLuYg+SPjW7I1EMm1wECvb+Sj9Y9WP0suexD/uqZkT0ku4goAttF2b0AU1QRtyrEPdV4fD5OtNqoEDWV3auXov0g6uJkva4Lv6KlJy3EFjOy3AvTWR3WX5+8bMUcKxa4Ehp348pfiaOBF46lMMIcWZWl5IIMQfrY7IkMuDxsjrbJy2FxQ0cPNTfrGlz/7BnqosCF2BFmIv7QuRC1HNsQn5a80IoHhGjlXXsgs+NN3Q1blDvQJBSETuB+bStoBpv5A9Ly6LpcQthy7r68815824YxJ+IWTSi3iUHFLdT2d+3s2UnLdLXaqrMt6bgCWUL/4vooYIO/GHU8/kFIbCKZ9kxixYOeMrv9caC+5iIDg2SjcR6XhvK0ZiDE09bkTD0p0/IX+xbYX2h6uVIgEcAdkLDGCKOl5V9aMSke/dhYQkbjSLj0wyWaLkRevSzKhJ2AYVOAche0D4UDTUFHG9r/pS0N8CG52SbsgR1JZyIMl4ja5kNZQJBA17N/YaIBNHgJhI5x/z6tWOSsKqW1M/U0QLCBkTFfl6KUk/WsgKZXqL6fFiOd02dDfSSyRZSqhELMD2oIjlz9soSDDPFaSzGbQS9lAR43dBuSeQHswymvUEAouYaoqf0mBEQ+BCS1oiqHOZRycFubRu1O8gu6snTeXiDwtqu/nWkcQ/s9SFpYI96loQqsYeC6kle4aMlo9/+Pb97zUmSc6BpimzIdrIk6pS9H/QrE7GTrOAjDEtqhbvwhuWafKTfMXA8pfcWTP3SwiVZI5DLxzOQcObDkUtUFozJpa5Ln8U6GNxFxnDXiiGj1VV87zyu8M6g9Hj9yNrV8A4SW3FtfhIc7A39U6A5GLmYWN6EnaLDoLKyOgJqUJIqLtzcve+TuT1tTbvbsKAl43Tr3UkTpz8t4FIaBW5GcOVuZ33kZyzJ/SWH5/N+msmEIWOxGzISvFdhooZEd2z+PFMuRo547tyTBOww37HZkaDSCnHKpZ,iv:T1sDL6oXItF2spTr4cbAjJ8WFdSHVN8cInElC5ZC2NM=,tag:OVJiimHRgHi4lJTELjx0iA==,type:str]
+#ENC[AES256_GCM,data:A0ITyGOGMIoyVOcn5JOi1RAtqUM=,iv:+wWpmFbeLiX/Ae53pj0QmnYY3MEzOMib4cqbePUKtGI=,tag:JHXvrN4bOH+oD3Q70pUuew==,type:comment]
+pia_auth: ENC[AES256_GCM,data:rwAu4f5XVS4v4FCLj2zXAegIZeRPLIzUVv6TCrdfg9RGSDJYHgVAX0aFXCBQsDQju9RDycXmc9Id8IuyYN8=,iv:kEA4ADQyUI+zlQoZOKi81dw5BLE1oesqhVf6bfiLgB4=,tag:VHT2uPNW27F3KRM7ZhWdCw==,type:str]
 #ENC[AES256_GCM,data:7y1mtYNfbsagqtr66kOx2rinneEW3EZaCJIXzK0qjLX36g==,iv:8ozXuBYirLbKd8sCln2xv/WjhTojY85xU0cL5NVeMlQ=,tag:mclz0GfQ9j2EGWMiQ62QmA==,type:comment]
-openvpn_pia_mexico_auth: ENC[AES256_GCM,data:Qmvd6mODyK+IvFpbJJ4etWXxrh6gP0xvmlCeQr7pBmibg7WkbxuBs6w7E415zSw97Gl80H87yb8ddxy6Wds=,iv:FlGqNULNZjqFcB/p9NleOANkADwQpgZa1qY/6ywGGig=,tag:rB2YjKO5raZylkj+dTmjQw==,type:str]
 openvpn_pia_mexico_config: ENC[AES256_GCM,data:VsxrXpdrBpjP,iv:PIOTk/dADStM19EMwOsyoGBqy23eSoOCoiyUrd1obhQ=,tag:VP/gIg0by35glap3umK6uw==,type:str]
-#ENC[AES256_GCM,data:1FE9IUZ6eSEgE7n5ooQcSp3aICMj3UA=,iv:JrVWGiKBwgoEZ+FhcLXpaq9R2kNbfRLzm1RhnYGFqPc=,tag:odU7X4L+3blRdJnzGA/4Pg==,type:comment]
-openvpn_pia_mexico_crt: ""
-#ENC[AES256_GCM,data:J5hSg63gcIAm6zwkfF6Q9rfbuPRN5c8=,iv:fHteY1NVvGRqpJUZ1LVOSfRh44OQM2UvuzJXgV8zsIY=,tag:UO6MmQwDzA/wYDwh+um6bw==,type:comment]
-openvpn_pia_mexico_crl: ENC[AES256_GCM,data:zmamIuZLOknT0GaEOxiwLSTAVRICxELuSgyJRigw4F3K368pttp07Frrt78ifVNMwtlCZMcMf0vMnXzsoWRvZv4VykgURVzlp/l66uYKmXuLtk349sNe79M/msLkZZEIlMtG47YxYZ92TKZdo0/u42nN3TtRNk2qt9V26AfOdcUxbz48AjFGnrxCHnsNGFES2EE5+6XRLRogsM3mBiozGjGA6S3xtOYpfXlQyyeNcI0I8a6qUWKkdRCOjTt4RsZ+aRiAB8bAXh/5MrYlZAUGUmRfmhlCXOGNNPSBHsqyOanWsi6jZkGJ61Y2qZMLj8VginFDWGbruK/lE3i6h8vBb40NxeoDNUPkcMGWRbUcdnFMUDCPrMMu80eRT2qe41806Dtx9C9nnyyl7MSeQ59Pk/fxXUeDUEzAew6xlcGPX1CtQQgUCCvUTarkWUNzZZqoveurT5k1GuVInASwWEjb+rTIYzjNBuFs55lIQhA+RuyzrdzY3Xfss4O7agREQCY4OqECT2IdtRhQvWch02gmFhjlsy8qk20pfkRo/uZBHOPZa+I9MB9ciNEFNN3FSg3/eJ0lfwZ6ZzcfPgs8FEsQVQzayaNpg8foLV9Ea0MQ87asSG+8nw6nc5KcVbsvkOBbWm5dojZ0laGvcQuSOxT12DFeNEjwCy3zi7M7b3keJvbx74YljUWXBnAN6HzTtLiJ3yLwE4ry/sDown9sHqoTaLSEXysIh2gUdDCU0CU1NY8baSlmeiToUw1GKFZg6EwdknT17Qj3tqNIa75V/cc+lmH9Lj1eAVONZUoFVBk4I0dDyZzVdfyyl2KyvM3iA90LGX6D3/2KX+vx23J+Ev7pcU537bXBesuZxVDQgLsRwnZDAre2AVkSdD4N9GM+qX6TpMR7XuwJ3YD1z39Jlg6dg4XAnh/EIlX3uYe75hxCEzRJsu/6xeYRsav59VJ9Kx7sxtOSpWhXl2TVYnmFWRwxy9Q5wwZs83mrDATtuSh+9BlT/9Pf1oRL1CnnTrrZLHotkKyD7bs80y5UFV03kgGwUbSCuk7S0YJI/PxKW7Mr1OZeUxh9OhcAqNxHV0wipLWqcJwQJ0pDiHOcySWASf6YadhHWxnBwUH8cy1XJ8mIkVAmWcJivzo4Z8CVyojPmTJicF4fp3/9gLj4yyzC+l5zQhJ8eAeh61mJyp/2tgSSEwPiPwr+vTsF8laYw+5hGhywFeuAxxhZ+5pQS9240um6EQ/Vf1UI1TOyyzHAPAdTMZmxS7tBAqajZLsMHR103Z1Fp8S/JRmExR+45jhKq9zLq14ngVAeffhCJzaHstQmtqR6sh/t3lUapk3K6yvIL3TfERNNi4D6yNuFq3ZJBSVgjjF/aqz7qFDevOWhmNgPoex9nivktnMnyPny9yJiZ1Miau8Ig58d0ERT3dcr+CqwxeZ1VKDIX9BAFt/vXYYJjrD9BwGRs5/CWJflkekuRtFPrWHybvs/nzudJ8ttdkJkkf1LwDN/pIwgv/AOCb6Ssjz2yg+gQRgPZ4kcmraHfF9U8damDoGGSGk6OnkOIoVhm5ytiZdgPSbT2KxvdllskF0rfZQPwKfgBygNLKcGMxJJthlQSWNKYLIUsn4/hVu3kAJb,iv:3aP68RCGWePhZC60IL1J5/d8kSPGzktfaDCek0NliQo=,tag:THNqQ501I4ERq/C4vXjg4A==,type:str]
+#ENC[AES256_GCM,data:mbIgMJBhL8nWJzl8q2dFL8XtO1Xa1Q==,iv:caYHYp1boK9wRgCcQe40HTWT/HxAIvYe+HyaruI53Vc=,tag:S6wowhAHObEcs7z8FimZ1g==,type:comment]
+wg_pia_mexico_key: ENC[AES256_GCM,data:VwbVz/Y=,iv:kKs9FJ6qN8t2Bw+TurSW7fxCqDVgjc7R84gsO68kVKw=,tag:h/jfi8NKV06/N204IQDHyg==,type:str]
 #ENC[AES256_GCM,data:CO5nrcDbgymnEmCvuTexOBEMncuNM5lQ,iv:6HrxqSN6e7ODuz09MIFgPbIqDCKQySRDaKk5Wdu4HoQ=,tag:JBRjZeEdOg+trohfanO6Mg==,type:comment]
 vaultwarden_admin_token: ENC[AES256_GCM,data:G1v3N064ci0Fw5EtTzaryailWpsv6f4w6eoHp2vjXIBtIlScdQk1Q0W+eDNRk8Wr2C3ysTXQNbyYismNsls+jeS3W+YqkKL4fnh3a5UTzQrMqvaH11n3ak0X9R9vmt+ZJXBrUrAOKJ6RPHJJSWenhjDB77kwEdQ=,iv:f8X+x/AdmZ3b3dtcSFrxGgA2tCgDRpgddjlVu3mdCmM=,tag:c0MXljVvhwOdvrb/8hWlsQ==,type:str]
 #ENC[AES256_GCM,data:2ESzSsQZqKdjD7OXN8ZPThj6g9acJREe,iv:aDFPB0vs8NNo8ExLcJw7qtQvWbCb1XK6TJrHSK86qss=,tag:z+dypHAGUjEXP7Y9MHYWwg==,type:comment]
@@ -30,7 +29,7 @@ sops:
             U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg
             PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-08T03:59:21Z"
-    mac: ENC[AES256_GCM,data:X2XgLYfRL2uaHwRtG1dBeRK9/1n6eVt/1OYLpR62FgBpp4E83Qjd3kKXAF3GhFfp8EHk8mFfk27oNYA5QQU+zMIG+LIysp028X9ts8dyCEk33Nt98kk5OIF25JMvbD2qUziLh5x3zBU0mNkHd8kzjn8mF6eh0t3U2ZgS+3BVuVw=,iv:ZdWw5o9weYYBoqAQfYxwtVBmN8sfxxALGw9fhQJqBXk=,tag:rW6Un80hcTAlJQsc14vwCA==,type:str]
+    lastmodified: "2025-10-08T17:36:53Z"
+    mac: ENC[AES256_GCM,data:0SndmPM3z2VcUEzxuEtJ0lN94NqP+fQ45bAuQvNXgMRFHcvGaHm8hS/lpQE884EkyguSwcfLYGzILITB2p3znQlrRJ2JLHHE3IcYlhomjD2eIi76lUkdYNvZL8erUgsoeVqQz8/copCg8oP/lNf+uKGnFjJI0U3Gxqx1iff8tVI=,iv:J0U6lt+zQLiAhg9lLh2cMqbruPcN0nL6nRwRSIkyQTw=,tag:RuQZW6IiSrijgvp441yl3g==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2

users/blake/dotfiles/zsh/.zshrc

@@ -77,6 +77,7 @@ alias img='nsxiv'
 alias vid='mpv'
 alias pdf='zathura'
 alias fw='sudo ufw status verbose'
+alias sec='sops ~/.nix/secrets/secrets.yaml'
 
 # git
 alias status='git status'