diff --git a/modules/system/nvidia/default.nix b/modules/system/nvidia/default.nix index d331571..86b0bf8 100644 --- a/modules/system/nvidia/default.nix +++ b/modules/system/nvidia/default.nix @@ -1,18 +1,19 @@ -{ pkgs, config, lib, ... }: - -let - cfg = config.system.nvidia; -in { + pkgs, + config, + lib, + ... +}: let + cfg = config.system.nvidia; +in { options.system.nvidia = { enable = lib.mkEnableOption "enables nvidia"; }; config = lib.mkIf cfg.enable { - - services.xserver.videoDrivers = [ "nvidia" ]; - boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm" ]; -# boot.kernelModules = [ "nvidia" ]; + services.xserver.videoDrivers = ["nvidia"]; + boot.kernelModules = ["nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm"]; + # boot.kernelModules = [ "nvidia" ]; hardware.graphics = { enable = true; @@ -21,8 +22,8 @@ in # enable nvidia proprietary driver hardware.nvidia = { - modesetting.enable = true; # required - open = false; # use proprietary driver + modesetting.enable = true; # required + open = false; # use proprietary driver nvidiaSettings = true; # no shit powerManagement.enable = false; # can cause sleep issues package = config.boot.kernelPackages.nvidiaPackages.stable; @@ -32,6 +33,5 @@ in hardware.nvidia-container-toolkit.enable = true; virtualisation.docker.daemon.settings.features.cdi = true; virtualisation.docker.rootless.daemon.settings.features.cdi = true; - }; } diff --git a/modules/system/podman/default.nix b/modules/system/podman/default.nix index ace26fe..7d2bae7 100644 --- a/modules/system/podman/default.nix +++ b/modules/system/podman/default.nix @@ -1,17 +1,18 @@ -{ pkgs, config, lib, ... }: - -let - cfg = config.system.podman; -in { + pkgs, + config, + lib, + ... +}: let + cfg = config.system.podman; +in { options.system.podman = { enable = lib.mkEnableOption "enables podman"; }; config = lib.mkIf cfg.enable { - # install the binary for compose - environment.systemPackages = with pkgs; [ podman-compose ]; + environment.systemPackages = with pkgs; [podman-compose]; virtualisation = { oci-containers.backend = "podman"; diff --git a/modules/system/sops/default.nix b/modules/system/sops/default.nix index 658b9b8..29d3d79 100644 --- a/modules/system/sops/default.nix +++ b/modules/system/sops/default.nix @@ -1,10 +1,13 @@ -{ pkgs, config, lib, inputs, ... }: - -let - cfg = config.system.sops; -in { - imports = [ inputs.sops-nix.nixosModules.sops ]; + pkgs, + config, + lib, + inputs, + ... +}: let + cfg = config.system.sops; +in { + imports = [inputs.sops-nix.nixosModules.sops]; options.system.sops = { enable = lib.mkEnableOption "enables sops"; @@ -15,11 +18,10 @@ in sops = { defaultSopsFile = ../../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; -# age.keyFile = "/home/blake/.config/sops/age/keys.txt"; age.keyFile = "/etc/sops/keys.txt"; secrets = { - "blake_passwd" = { + "blake_passwd" = { owner = "root"; group = "root"; neededForUsers = true; diff --git a/modules/system/yubikey/default.nix b/modules/system/yubikey/default.nix index ef51f23..f67aa3c 100644 --- a/modules/system/yubikey/default.nix +++ b/modules/system/yubikey/default.nix @@ -4,40 +4,49 @@ lib, ... }: +/* +# to enroll a yubikey (works like .ssh/known_hosts) +nix-shell -p pam_u2f +mkdir -p ~/.config/Yubico +pamu2fcfg > ~/.config/Yubico/u2f_keys +pamu2fcfg -n >> ~/.config/Yubico/u2f_keys (to add additional yubikeys) +# to test auth with pam +nix-shell -p pamtester +pamtester login authenticate +pamtester sudo authenticate +*/ let service = "yubikey"; cfg = config.system.${service}; sec = config.sops.secrets; homelab = config.homelab; -in -{ +in { options.system.${service} = { enable = lib.mkEnableOption "enables ${service}"; mode = lib.mkOption { - type = lib.types.str; - default = "u2f"; - description = "weather to run pam in u2f or challenge-response)"; + type = lib.types.str; + default = "u2f"; + description = "weather to run pam in u2f or challenge-response)"; }; lock_on_remove = lib.mkOption { - type = lib.types.bool; - default = false; - description = "enable automatic locking of device upon removal of yubikey"; + type = lib.types.bool; + default = false; + description = "enable automatic locking of device upon removal of yubikey"; }; }; config = lib.mkIf cfg.enable { - security.pam.services = lib.mkIf (cfg.mode == "u2f") { login.u2fAuth = true; sudo.u2fAuth = true; }; security.pam.yubico = lib.mkIf (cfg.mode == "challenge-response") { - enable = true; - debug = true; - mode = "challenge-response"; - id = [ "" ]; + enable = true; + debug = true; + mode = "challenge-response"; + id = [""]; }; services.udev.extraRules = lib.mkIf (cfg.lock_on_remove == true) '' @@ -47,8 +56,6 @@ in ENV{ID_VENDOR_ID}=="1050",\ ENV{ID_VENDOR}=="Yubico",\ RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" - ''; - + ''; }; - } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index b4760b4..4ab6c34 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,5 +1,7 @@ #ENC[AES256_GCM,data:b7E2U/jRfXEKulR/Pba0L4Aucy3MSUPj2BU=,iv:+KC+vfB2z2AIiPr5uIC4Pbfgc44GOs6SVRZW1v80hUE=,tag:kkn3UfJwdgxYERmfiMUmjw==,type:comment] blake_passwd: ENC[AES256_GCM,data:AfFql6/ghGhCDLOb4+QuAsDznz4hC4ilxZYCIH2sgBWX9tWXsUOgFw1k7CIhDoXIehz6YlTy0czekXPCqHL5gmIKRQTowU4svocw/Bl/Qz5CQ58RASB6YpnzOKTrwX7HCnu/ghpdMrcy2A==,iv:hMAkLcHjP0hiyCY4rhMU0Ae7jdYPa6MffEd2WGolbEo=,tag:p/6xmD8Te1RnFkp0zWw+ew==,type:str] +#ENC[AES256_GCM,data:0HBVS2AYQ2VZXY4EbMLwiSjRNyWZ57bf,iv:20SLWXpbRTLk76g5mFrhg1Z9Qasv3NoSJbK/FOiIgtk=,tag:DbUffQwrDqzy2QO64uoUeg==,type:comment] +klefki_auth_mapping: ENC[AES256_GCM,data:pvQEdxtj,iv:7IyAbt6yXfp2UBrZooRAT/9/E8c4+HCm5t+F5U2Lqzk=,tag:RcS/aWHSheMvLz3QhhCPxw==,type:str] #ENC[AES256_GCM,data:ZxHtUSuOy19M0EKoT5xltFiqRg==,iv:72PJL2eG68VC4wiJFo6wL0l7AaDIsge8l/D/ZlLOWWA=,tag:Q16ztObK2AnbCCS5mRgjtA==,type:comment] tailscale_authkey: ENC[AES256_GCM,data:SU0k3asrJd+WZ86VbC4w8TDJp+MqsbyagrzCfDcgTzO5yvBjpWAKbJ7A+VxgQvdu4+S2jMYbdrONPp3YbQ==,iv:VMYmGVk5GpUQApKKQYhdOw/cYCXrXxEZJJwHfQL4MjQ=,tag:7ruaoCDxuFQ7tE/JLJ37Xw==,type:str] #ENC[AES256_GCM,data:bEbCic+ZDAA5ieNedCbiVbJrse17,iv:UwRYlis6NPB/RUcv+YnPxrGdbIcF4hrNiZt19YvWZNQ=,tag:m6PVlzPNnahX7X7KzMUj7A==,type:comment] @@ -45,7 +47,7 @@ sops: U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-16T05:02:49Z" - mac: ENC[AES256_GCM,data:IU3J61qH0zCeSSrCdIdhrZ0IVl4F6AdhQ6enJl652PBNauqyNb+6ph+RnKbTVa6f1yDI1v75YHQmGgeZjOW7OWLH91rOwP0CsH59j1xeoLA1vWsUFNbEHnYowdcBb+tz4i6FMR2u4Nb5dLlOqKm2Xi3IT8ZPo1JDb7KB868jQ+4=,iv:yWxX1zFXG/FwnRoe3+7z9bAUu8qnM4M6w7KNfKHS3DQ=,tag:gmpZK3azAopujGlaBwnYnQ==,type:str] + lastmodified: "2025-10-17T02:56:39Z" + mac: ENC[AES256_GCM,data:vs3SAec+USFLUkmsV3OBjVT5V5XwG/sqD2pMK5fDaUm0vTwk5nQsqNZz+uEG6DakG+xXJdyMfXTp2pBVPuuRkZhplIXtt1Pb2ExSqprmyN5O0jFGpNCMZq4pq6BqvM0fjdz6T3BXRhmJ3Z7e35/hn/8CJGYanNX5Ybb+0Ugx5Gg=,iv:PLw22dGgd3auwrSNvuD9Ur4+j9dNR1Of6w7dtQZLoYQ=,tag:u8OHCs6Xlrt+2sGK1NWQZA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/users/blake/default.nix b/users/blake/default.nix index 4be1296..07fda0f 100644 --- a/users/blake/default.nix +++ b/users/blake/default.nix @@ -37,4 +37,17 @@ nix.settings.trusted-users = ["blake"]; programs.zsh.enable = true; + + + sops.secrets = { + "blake_passwd" = { + owner = "root"; + group = "root"; + neededForUsers = true; + }; + "klefki_auth_map" = { + owner = "blake"; + group = "blake"; + }; + }; } diff --git a/users/blake/dots/kitty/default.nix b/users/blake/dots/kitty/default.nix new file mode 100644 index 0000000..50c36a2 --- /dev/null +++ b/users/blake/dots/kitty/default.nix @@ -0,0 +1,33 @@ +{ + pkgs, + lib, + config, + ... +}: { + programs.kitty = { + enable = true; + enableZshIntegration = true; + enableGitIntegration = true; + #darwinLaunchOptions = [""]; + settings = { + dynamic_background_opacity = "no"; + confirm_os_window_close = "0"; + shell_integration = "enabled"; + cursor = "#d0d0d0"; + cursor_shape = "beam"; + cursor_beam_thickness = 2.5; + foreground = "#dddddd"; + background = "#2F1730Q"; + background_opacity = 0.9; + selection_foreground = "none"; + selection_background = "none"; + term = "xterm-256color"; + }; + # font = { + # package = ; + # name = ; + # size = 12; + # }; + }; + +} diff --git a/users/blake/dots/neovim/default.nix b/users/blake/dots/neovim/default.nix index f987cf1..9717a03 100644 --- a/users/blake/dots/neovim/default.nix +++ b/users/blake/dots/neovim/default.nix @@ -4,183 +4,187 @@ lib, inputs, ... -}: -{ - imports = [ - inputs.nvf.homeManagerModules.default - ]; +}: let + cfg = config.blake.nvf; +in { + options.blake.nvf = { + enable = lib.mkEnableOption; + }; - programs.nvf = { - enable = true; - settings = { - vim = { - globals = { - mapleader = " "; - maplocalleader = " "; - }; + config = lib.mkIf cfg.enable { + imports = [inputs.nvf.homeManagerModules.default]; - vimAlias = true; - - lsp.enable = true; - statusline.lualine.enable = true; - telescope.enable = true; - autocomplete.nvim-cmp.enable = true; - autopairs.nvim-autopairs.enable = true; - - keymaps = [ - # visual line movement (insert mode) - { - key = ""; - mode = [ "i" ]; - action = "gk"; - desc = "Visual Line Up (Insert)"; - } - { - key = ""; - mode = [ "i" ]; - action = "gj"; - desc = "Visual Line Down (Insert)"; - } - - # visual line movement (normal/visual) - { - key = ""; - mode = [ - "n" - "v" - ]; - action = "g"; - desc = "Visual Line Up"; - } - { - key = ""; - mode = [ - "n" - "v" - ]; - action = "g"; - desc = "Visual Line Down"; - } - - # lsp - #{ key = "gd"; mode = [ "n" ]; action = "lua vim.lsp.buf.definition()"; desc = "Go to definition"; } - #{ key = "K"; mode = [ "n" ]; action = "lua vim.lsp.buf.hover()"; desc = "Hover info"; } - #{ key = "f"; mode = [ "n" ]; action = "lua vim.lsp.buf.format({ async = true })"; desc = "Format buffer"; } - - { - key = "gd"; - mode = [ "n" ]; - silent = true; - action = "lua vim.lsp.buf.definition()"; - desc = "Go to definition"; - } - # Hover info - { - key = "K"; - mode = [ "n" ]; - silent = true; - action = "lua vim.lsp.buf.hover()"; - desc = "Hover info"; - } - # Format buffer (Alejandra for Nix) - { - key = "F"; - mode = [ "n" ]; - silent = true; - action = "lua vim.lsp.buf.format({ async = true })"; - desc = "Format buffer"; - } - # Code actions / quickfix - { - key = "a"; - mode = [ "n" ]; - silent = true; - action = "lua vim.lsp.buf.code_action()"; - desc = "Code action"; - } - # Rename symbol - { - key = "r"; - mode = [ "n" ]; - silent = true; - action = "lua vim.lsp.buf.rename()"; - desc = "Rename symbol"; - } - # Diagnostics - { - key = "e"; - mode = [ "n" ]; - silent = true; - action = "lua vim.diagnostic.open_float()"; - desc = "Show diagnostic"; - } - { - key = "[d"; - mode = [ "n" ]; - silent = true; - action = "lua vim.diagnostic.goto_prev()"; - desc = "Previous diagnostic"; - } - { - key = "]d"; - mode = [ "n" ]; - silent = true; - action = "lua vim.diagnostic.goto_next()"; - desc = "Next diagnostic"; - } - ]; - - options = { - clipboard = "unnamedplus"; - - # line numbers - number = true; - numberwidth = 2; - relativenumber = true; - - # tabs and indentation - tabstop = 2; - shiftwidth = 2; - softtabstop = -1; - expandtab = true; - smarttab = true; - autoindent = true; - - # search - ignorecase = true; - smartcase = true; - - # files and backups - backup = false; - writebackup = false; - undofile = true; - swapfile = true; - - # wrapping - wrap = true; - linebreak = true; - breakindent = true; - - termguicolors = true; - autoread = true; - }; - - languages = { - enableTreesitter = true; - - nix = { - enable = true; - format = { - enable = true; - type = "alejandra"; - #type = "nixfmt"; - }; + programs.nvf = { + enable = true; + settings = { + vim = { + globals = { + mapleader = " "; + maplocalleader = " "; }; - markdown.enable = true; - rust.enable = true; - lua.enable = true; + vimAlias = true; + lsp.enable = true; + statusline.lualine.enable = true; + telescope.enable = true; + autocomplete.nvim-cmp.enable = true; + autopairs.nvim-autopairs.enable = true; + + keymaps = [ + # visual line movement (insert mode) + { + key = ""; + mode = ["i"]; + action = "gk"; + desc = "Visual Line Up (Insert)"; + } + { + key = ""; + mode = ["i"]; + action = "gj"; + desc = "Visual Line Down (Insert)"; + } + + # visual line movement (normal/visual) + { + key = ""; + mode = [ + "n" + "v" + ]; + action = "g"; + desc = "Visual Line Up"; + } + { + key = ""; + mode = [ + "n" + "v" + ]; + action = "g"; + desc = "Visual Line Down"; + } + + # lsp + #{ key = "gd"; mode = [ "n" ]; action = "lua vim.lsp.buf.definition()"; desc = "Go to definition"; } + #{ key = "K"; mode = [ "n" ]; action = "lua vim.lsp.buf.hover()"; desc = "Hover info"; } + #{ key = "f"; mode = [ "n" ]; action = "lua vim.lsp.buf.format({ async = true })"; desc = "Format buffer"; } + + { + key = "gd"; + mode = ["n"]; + silent = true; + action = "lua vim.lsp.buf.definition()"; + desc = "Go to definition"; + } + # Hover info + { + key = "K"; + mode = ["n"]; + silent = true; + action = "lua vim.lsp.buf.hover()"; + desc = "Hover info"; + } + # Format buffer (Alejandra for Nix) + { + key = "F"; + mode = ["n"]; + silent = true; + action = "lua vim.lsp.buf.format({ async = true })"; + desc = "Format buffer"; + } + # Code actions / quickfix + { + key = "a"; + mode = ["n"]; + silent = true; + action = "lua vim.lsp.buf.code_action()"; + desc = "Code action"; + } + # Rename symbol + { + key = "r"; + mode = ["n"]; + silent = true; + action = "lua vim.lsp.buf.rename()"; + desc = "Rename symbol"; + } + # Diagnostics + { + key = "e"; + mode = ["n"]; + silent = true; + action = "lua vim.diagnostic.open_float()"; + desc = "Show diagnostic"; + } + { + key = "[d"; + mode = ["n"]; + silent = true; + action = "lua vim.diagnostic.goto_prev()"; + desc = "Previous diagnostic"; + } + { + key = "]d"; + mode = ["n"]; + silent = true; + action = "lua vim.diagnostic.goto_next()"; + desc = "Next diagnostic"; + } + ]; + + options = { + clipboard = "unnamedplus"; + + # line numbers + number = true; + numberwidth = 2; + relativenumber = true; + + # tabs and indentation + tabstop = 2; + shiftwidth = 2; + softtabstop = -1; + expandtab = true; + smarttab = true; + autoindent = true; + + # search + ignorecase = true; + smartcase = true; + + # files and backups + backup = false; + writebackup = false; + undofile = true; + swapfile = true; + + # wrapping + wrap = true; + linebreak = true; + breakindent = true; + + termguicolors = true; + autoread = true; + }; + + languages = { + enableTreesitter = true; + + nix = { + enable = true; + format = { + enable = true; + type = "alejandra"; + #type = "nixfmt"; + }; + }; + + markdown.enable = true; + rust.enable = true; + lua.enable = true; + }; }; }; }; diff --git a/users/blake/home.nix b/users/blake/home.nix index 3ce582f..2bfea14 100644 --- a/users/blake/home.nix +++ b/users/blake/home.nix @@ -4,8 +4,14 @@ pkgs, inputs, ... -}: { - imports = [ +}: let + + # general config + linux_home = { + username = "blake"; + homeDirectory = "/home/blake"; + }; + linux_imports = [ inputs.sops-nix.homeManagerModules.sops ./dots/neovim ./dots/lf @@ -15,27 +21,43 @@ ./dots/git ./dots/xdg ]; + darwin_home = { + username = "blake"; + homeDirectory = "/home/blake"; + }; + darwin_imports = [ + inputs.sops-nix.homeManagerModules.sops + ./dots/neovim + ./dots/lf + ./dots/zsh + ./dots/ssh + ./dots/gpg + ./dots/git + ]; +in +{ + imports = if pkgs.system == "x86_64-darwin" then darwin_imports else linux_imports; # general config - home.username = "blake"; - home.homeDirectory = "/home/blake"; - home.stateVersion = "25.05"; + home = (if pkgs.system == "x86_64-darwin" then darwin_home else linux_home) // { + # cross party general packages here : ) + stateVersion = "25.05"; + packages = with pkgs; [ + ripgrep + btop + p7zip + imagemagick + sops + usbutils + ]; + }; - # general packages - home.packages = with pkgs; [ - ripgrep - btop - p7zip - imagemagick - sops - usbutils - ]; - - # for macos + # needed for macos, linux don't mind programs.home-manager.enable = true; + # set up seperate key file just for me sops = { - defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFile = ./secrets/secrets.yaml; defaultSopsFormat = "yaml"; age.keyFile = "/home/blake/.config/sops/age/keys.txt"; }; diff --git a/users/blake/secrets/secrets.yaml b/users/blake/secrets/secrets.yaml new file mode 100644 index 0000000..a583459 --- /dev/null +++ b/users/blake/secrets/secrets.yaml @@ -0,0 +1,27 @@ +#ENC[AES256_GCM,data:3JeFFtzO7nuVZmzPcLsP7h12BKbnyOb9/A==,iv:V6gzwAze1FVjmpf1dD8CqQpUpO9CqWfj+nHImXgz+Zw=,tag:iT6zE2X7DQmIT9d4Ds4XiA==,type:comment] +blake_passwd: ENC[AES256_GCM,data:AfFql6/ghGhCDLOb4+QuAsDznz4hC4ilxZYCIH2sgBWX9tWXsUOgFw1k7CIhDoXIehz6YlTy0czekXPCqHL5gmIKRQTowU4svocw/Bl/Qz5CQ58RASB6YpnzOKTrwX7HCnu/ghpdMrcy2A==,iv:hMAkLcHjP0hiyCY4rhMU0Ae7jdYPa6MffEd2WGolbEo=,tag:p/6xmD8Te1RnFkp0zWw+ew==,type:str] +#ENC[AES256_GCM,data:0HBVS2AYQ2VZXY4EbMLwiSjRNyWZ57bf,iv:20SLWXpbRTLk76g5mFrhg1Z9Qasv3NoSJbK/FOiIgtk=,tag:DbUffQwrDqzy2QO64uoUeg==,type:comment] +klefki_auth_map: ENC[AES256_GCM,data:eQ==,iv:DwWh1mhnM4EcYW3XtryDJSq1kIGwDKgekN8+FQqDhoE=,tag:oMCQkNDnIYJZeNZxrRGB5w==,type:str] +#ENC[AES256_GCM,data:bEbCic+ZDAA5ieNedCbiVbJrse17,iv:UwRYlis6NPB/RUcv+YnPxrGdbIcF4hrNiZt19YvWZNQ=,tag:m6PVlzPNnahX7X7KzMUj7A==,type:comment] +borg_passwd: ENC[AES256_GCM,data:XOMJtr+DRs7xn5Iclc49iTzK9cFJyc/fSXJjhdKa9jdN,iv:YB8z7zNYjh6NpSxQb1TfPxAYUdzThdVfNZIe6tO5grA=,tag:bO6kZ3cLJDL4IQoWmGvRdg==,type:str] +#ENC[AES256_GCM,data:ozhgyE+IyqR10KT8vI9x,iv:+ZOTucRlCZRQ9ZbxZgySPMOJ/qU4gXbhSyLAMgt4QMs=,tag:mQ3X+dqCet1Yk1gZ5pZ5gw==,type:comment] +id_snowbelle.pub: ENC[AES256_GCM,data:q4sOB8/SpcD36uE/+8OlE+vUZ1bO2RTDeVyyWK/PH89DTFBIfyAfyAzIJuw/Q9S8fNEGn4PqrNtP90wIPj85VQ7AlJzS2xSonp3D+ZHqUzLO1hN2ePnmme46KhVSJR3i,iv:T1CUXPUtwUqpivpitRSx4/lYoRleX65vrf6IOJQFXYg=,tag:eQP+jFWGZzambEwNvIx+HQ==,type:str] +#ENC[AES256_GCM,data:7V0L0832xewUXU8/Bq469w==,iv:9bCzEpUcNx6qnCMomFweXgYmWwSMzdffDikjA22xu6E=,tag:F4S80e/EPXA0tS20KFRbXw==,type:comment] +id_snowbelle: ENC[AES256_GCM,data:MAw5R2fqVIctN7fB/d3hfCU7W3sxvuy2O3w3n0vD8FxK1DAhqoROlVv04joV1a+U1hof57TYc1cN2ng9BRWxadc8ZIpWakokZYVI0dUG05/hPMyxctWPkOiDd5909aaNUFC2G+Y/VrgAemyrB+AlQgokV0U3fiz+qjg055fzO7ypaeM8okON6rBnigfwetmSm60MxpdYrVlxVaniDVvKKUYZjpHU8SZ+TYj6Jmm/bVuKWOJ2DXZbmM0CeKeIgnA9HML1wSXojMv2IMGulxq5mmdaiiJTPoL1q17OA5zZkkVW3Dx1y6SbEeBAQTPG32RHseAxXK6qdU6lftRQZKyivuyjdCVfBBw/VzqTxbWjSXXsjDdK/Ti09051w6znA1uvRX65XsOq6zPKt4BNwR+yMDF+xR9AElBTHES/TDf7TRc5YDyovlH2PhGNg12Coy3zfb6WESLyaz3/GYZxF0IjvBnDkN65CRjstut0CgKXcWY8x+CuKVysU+U4c0A2ucDnsf3HuITrdIufhAwRNNZMka7LWVsaaR/tnvcf,iv:agf/LEjohw1XAXsOJJ78kiBVJnTT95IUmWzYUujSlJI=,tag:a55o9L85a9Z7gG9s5BEfIw==,type:str] +#ENC[AES256_GCM,data:ep/Z5O6RNFwTd0I5hvtk5DP9,iv:M7sclKcTR+IfCEsvz0lZaoZBRZlQsN/FhwuzFNXgVew=,tag:Ddo3Qf8tMBX9Amt7C9m5FA==,type:comment] +klefki_pub.asc: ENC[AES256_GCM,data:lGfgwhgn2xCb1cNTo0nMP8R3KSDiEn0/k6neDE2dv1DynvXsHWmZSXED6VWBjY3uMU3YtcpXGCtxTU6EiaRKiGnhxslQlBiSypAnXHeh55DZJMJJ/JM7+BCtr33LY2lusF9/aAuKO9tbdpGmu63s5ItZ1/9zMoCJwBfpQZgY2HzZoBhjwqYu2wSkOOVAMjq+jXET7nASieOZXmpQq2uDepuEDa8MP7d6G6kV2KYJPdLYYaY4U2eppEr7ALhhJidYm3P38W47JuLyu/2raG0AY2uDtCQw9d16BcJO3au+T4B4mHzPg1/cPhQ2X4dHTTGHjRZ0sT95DrEYYmcwWVKHKyiuL8WPtQmF0QBfCOPczwJajJejB4DbxEW8U2kuhuoBWr7wZe4y/nbW2hB3pcMYYXc0EXen74IttiUrvksw+hbkLaZDCJgG91SOlWSwI12UlDrJJSzOYm+ODWqK+bKyqAafQTL9xh5heM3nQlR5G6/A/8UG+0q5ZDL+IxJwe+EffJNwrL1mn4Rc3qx068udMJC+qzmft7Ljey7mfoIiwepITpii1IA/CtuEqtpe4I5MUemQ60qAw/PoVbmD8zhOcnRHCBZtQ394I5vMo1qR2a4KeBICexx3IAjpeAQYI3+MAgo/bedqpklLYjbxpv37XwinoLj9ew4hKSjAB1wRRZlswmk+GD4XKlVo8eu88RCXYrsZ2oaOD4qxrtbc7+skGm+EqxL67nLW5n9bSC2u95bFJ1386teSFhsJL9w3EFiBlQRtm5tvee/ipmr6D2W7SyfCnSxImPC4TgTwkAXziQ3XtsUtGqj0Tv1HGayaAQpYzlJaPzf7h8oanH1VaA+AgRq+RY1OjLZGHEz37jSbqhWOiIWxwJ7qFaqGB90cHq3s07qcWrDl2wUawFLTXavZ0IF3gj9KnFSIzW3+ANvedUCXOjai+zOKmpxVFZ4Bi4W3Dcbl9B+qa0Ly0NIgldi7PmqEvL3V4FnJs6WnwdagyhXOzdlKVlrAgGluucgqBpBZZfpN6uB+tdkbrqzsdMbr+H9Hwk3RUxRzAK9k+J9WRgY7eMazH0najJ1PYh9/UZJf0DKWRi2vZTlWW+6ZruJWTohOKm+7MCgvMEttIpNQfvK6+cq7p3vwPe+pmq0DznNg4LO7Uu3cXKq3zHjl08KGE04KZyfoJuZPr+XrF91AywZ03HlT2SBBaZtFld1VapccgB5DqgE1JfFg+TS4is9a8G52Ad9yh/abUmLohsnUpGdYMaj/1FmhSLM7ldHeub8CmL2vKW4f/JTuqmOxq3X5RA+qw5f946ekUz9ZF8EyGvNwaRZ2p5m0MtXQG2IKp8Q61aBSpqbMwKzTW93VycEn7L5ZsoV5eYo0rC4PMawGkfgdNzBpq4NL5bNB82l6qHnWqU7jXh611/ZV4ueX2MLSB3cyhnaFxsH9bat1jGDtUl5umNWNtvN6rWBVsClmYfBLSUCEyftGPlxzAOy6vRHGxAdCNdoiTRGgZru3aYyW9l5XhYH1aZ+dOlTOwngaqqIb3kZoPzcc9xCeZ/I/N6iVuTUI69us8y3LVL6qKa6az5zTTgumoFB5kMugPtumS1U9hzhLtm9+hY6yZVgYredgAwVVIviMAqFFZztFkPiskcwIdrPhXzoXwfuBWDaq+dF9nykjw1F9U2gyDU0YhEOtSmdIWoIma3OmdOZ/h/JbWNrwUoAirmBmWIHQTmA5Ag==,iv:btQ5xmt/AA9vW1njJH4Inj6YmOBx6pGbHbsvCMbg7fI=,tag:DuQ4Wy9wX3mPQAVLLd6t1Q==,type:str] +sops: + age: + - recipient: age14gfh682a7m7jfp3qrulql03x5rs7yedwmxwksxrrmgjsunstyuksqx93pz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WkdJMnJ3Y3IvN3lkemJK + RjF0dmgzT2lDcENka3BlK1NQRTBuR1BtSmhnCmI2cnRWdVpIM2t5SWNMOWNWdG84 + SWRtMkNOYWZWbXFZYjJEWnVYazljcmMKLS0tIEF3eThDQTRKbEI0VWFLc3BSRVlF + U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg + PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-17T07:41:50Z" + mac: ENC[AES256_GCM,data:WHuD9FaBmAGWpCaL3LxE55Fb2BHXyGwrk7N1aKwL5oIwQYbJX+3VdhW3jkMvWqDGNzaPE0/eVmpqQgEujOaY3cj0tQDLmmJ8SR5MAn5IytVJiW/ppgqL+5Nyko9kxjtyMfHFmPNQj6ehRA/D5NS3cvqvCrV6ENDdIwI/LcuGP3A=,iv:WZo3bt0LoK/U6dx9e68+JprhrDT0+dsceDt5dcJhI5A=,tag:PJRS3aNCjsTgvDJtr0gj9A==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0