From 36bd037a039a2b250292195bf3c9d85d0dfd1e04 Mon Sep 17 00:00:00 2001 From: Guanran Wang Date: Thu, 21 Sep 2023 05:23:10 +0800 Subject: [PATCH] nixos: minor adjustments to secrets, proxy, users --- flake.nix | 12 ++++++++++-- nixos/networking/proxy.nix | 18 ++++++++++++------ nixos/users/default.nix | 3 ++- nixos/users/{ => normal-users}/guanranwang.nix | 4 ++-- nixos/users/system-users.nix | 9 +++++++++ secrets/secrets.yaml | 8 ++++---- 6 files changed, 39 insertions(+), 15 deletions(-) rename nixos/users/{ => normal-users}/guanranwang.nix (74%) create mode 100644 nixos/users/system-users.nix diff --git a/flake.nix b/flake.nix index 11aea32..fb5d8ba 100755 --- a/flake.nix +++ b/flake.nix @@ -110,15 +110,23 @@ } sops-nix.nixosModules.sops + ({ config, ... }: { sops = { defaultSopsFile = ./secrets/secrets.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; secrets = { - "clash-config" = { mode = "0444"; }; # readable + "clash-config" = { + #mode = "0444"; # readable + owner = config.users.users."clash-meta".name; + group = config.users.users."clash-meta".group; + restartUnits = [ "clash-meta.service" ]; + path = "/etc/clash-meta/config.yaml"; + }; + "user-password-guanranwang".neededForUsers = true; }; }; - } + }) ]; }; diff --git a/nixos/networking/proxy.nix b/nixos/networking/proxy.nix index 610c7bb..2389270 100644 --- a/nixos/networking/proxy.nix +++ b/nixos/networking/proxy.nix @@ -16,15 +16,21 @@ serviceConfig = { Type = "simple"; WorkingDirectory = "/etc/clash-meta"; + User = [ config.users.users."clash-meta".name ]; ExecStart = "${pkgs.clash-meta}/bin/clash-meta -d /etc/clash-meta"; Restart = "on-failure"; + CapabilityBoundingSet = [ + "CAP_NET_RAW" + "CAP_NET_ADMIN" + "CAP_NET_BIND_SERVICE" + ]; + AmbientCapabilities = [ + "CAP_NET_RAW" + "CAP_NET_ADMIN" + "CAP_NET_BIND_SERVICE" + ]; }; }; - environment.etc = { - "clash-meta/config.yaml".source = config.sops.secrets."clash-config".path; - "clash-meta/metacubexd" = { - source = ../../flakes/home-manager/guanranwang/common/dotfiles/config/clash/metacubexd; - }; - }; + environment.etc."clash-meta/metacubexd".source = ../../flakes/home-manager/guanranwang/common/dotfiles/config/clash/metacubexd; } \ No newline at end of file diff --git a/nixos/users/default.nix b/nixos/users/default.nix index 5e87a2f..da2dad8 100644 --- a/nixos/users/default.nix +++ b/nixos/users/default.nix @@ -3,6 +3,7 @@ { imports = [ ./users.nix - ./guanranwang.nix + ./system-users.nix + ./normal-users/guanranwang.nix ]; } \ No newline at end of file diff --git a/nixos/users/guanranwang.nix b/nixos/users/normal-users/guanranwang.nix similarity index 74% rename from nixos/users/guanranwang.nix rename to nixos/users/normal-users/guanranwang.nix index 280ce05..ec6aebf 100644 --- a/nixos/users/guanranwang.nix +++ b/nixos/users/normal-users/guanranwang.nix @@ -1,11 +1,11 @@ { pkgs, ... }: { - users.users.guanranwang = { + users.users."guanranwang" = { isNormalUser = true; description = "Guanran Wang"; extraGroups = [ "wheel" "networkmanager" "tss" ]; # tss = access to tpm devices - #passwordFile = config.sops.secrets.password.path; + #passwordFile = config.sops.secrets."user-password-guanranwang".path; hashedPassword = "$y$j9T$D7kBBBGwxw1XmPApAHIsx/$hcB64v3/kvPB7nIM9wXFiaSSBfhSp9k/JQ4R9G3guk6"; shell = pkgs.fish; packages = []; diff --git a/nixos/users/system-users.nix b/nixos/users/system-users.nix new file mode 100644 index 0000000..87e96d5 --- /dev/null +++ b/nixos/users/system-users.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + users.users."clash-meta" = { + isSystemUser = true; + group = "clash-meta"; + }; + users.groups.clash-meta = {}; +} \ No newline at end of file diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 64fc389..a964138 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,5 +1,5 @@ -password: ENC[AES256_GCM,data:QA3uMbkbsW73lYBP,iv:U2rl6b8GAoZ4W859vSAPpOIQUFStg4xSd0nYPMS7qPk=,tag:3qz2HpmxSYiwyDNklREWxg==,type:str] -clash-config: ENC[AES256_GCM,data:SR9Kiv32lmTr/Wndq6L0j9pvWF/K3+NloaKyoV4irnfXBHqcYowZLCrwMcKRbiLpYMPlw9zUwK6LBvECqzLNsCA5oSMhFmtJhsGtXyJ7TjfwkO2gBDrbN2tX0cMC8v3G7zu8QeX2L0ADXX0Ni+szH35ClEXf6ay/1X5ZrV4LcPLDMqRt4b2n7BoaEH+Cof3hMHm67UMHsY+SLBsANnAjIcZrMZzM/3oaTUO7cLQ4ub3aH3CKSgPUiGg/PEitrWlq9MzvV1zfW/KT+72+wu7/bQSIGBLzHc6G35eFhhAvgPTkh3Ca9ppYbx7W4QbVrK3/uoCeTfGCB5uwrkqrpoWvXocXgNv1JRgpnc3iU8P1jresbpAVkA4e/3jQmdYVL4lB3nDzGrl4CHTHcnfnHPOn56XrcOlVX3qqrNt5OB0U+J4SnaXbYdBEQjIEUSnDs95M3NkTCLmu4XL3zyO/HkQCGSqf9qnsRJGa50zHQ9p3JTz5HnbCHLcLG5EyVBMnaLD2cARUZsvOCV172+FZraxASx+LvVXfaL3HcfgH10s06bm6/FUXjIvoRntVCp18bEgipg/VLgGJoPHH183mD/Mtx8X51/sN9AI0A7q89v1DGUQBO9NowqkO0vFekoLMYxkcPLStgK5HrYF2flb9FKKeJgSRDZDiF06T3MXtUjM9+vJXkRVkxsClDdnoOrhWA7IGIkRzrEcsd0X5z7f2eouxFDTEFsTg+TiPnu7YKXYYH/uLYcr0Ah7hVUSq4DCdMxVA4uUWZABdotTW1OT1ZIYvknUul4BRZb6V4GN7jxbIq1h8zjTwbOLMlj4ll6kbIK4rOTUm6RAO4/IVH189Nz9yhZ0wEeyJXbcOBWtEhIQzyVUT5yqtr1mosI07ie6AlR8p0aO7DpdHYrEb4Kwa8g2LNl1wcCM7LTcD/C6sZ0EZcydcrGafSWX5eCQ0sO9/85Z+PDQJdqPCtlO4ESnLv4yBogmmw0oMDEgVZfLpW/+R5q4vf3pVtHoutK7BBlVDlaKE7R2KZRY8+tAsfBYMKDsWRdXWbL/+hiXc4bAT8oZdRz/TlPHMP0q1XQP4MniYs4bVjmDt+f3U+yGh9HRzxzIUg0ewsuh/8+iuqY7ccRbSO77H5ufvp05NoqWtETZOv4ijmOHrWOqqpn8rHhthAxmVflCeE6AuZBPhVOAJheAlpcySMfLdsIiCFDuZGtOsPmcehypJx1f1lcFNZDmO2OmtG6s7q/4wgFwyNmHjIRPzSIDWJLpnN/IasizOaDLl2BvDX1e899sHIa5Gz3400hHF1L2sC5lfqrzqVQ4lpYVa5RBPaFrG6RDhTJ9X51tAFH4j5FcLz4zqWZ3YBqoWUSkIuv3sugDWECCHKBqCfnVx52Ce2GfLzG6fHnYhAmDfKW+hlKVJRXRNiVh+mnh660gQyHscKk2rDLTwMKsFRJs7w5EK/P4JZ0/GrDktHdWFE/WgugnTUq0hIjZVKCenRjlZKu2OS9+gxnYfyY1FU79tXfrl7Y7utFPMaSY9l5+VF6cSOdP7/4ndQCjlT3pl5eC/3DZ5f+BnXo63bkxiouE62cXZbo8TjDdvhXClYkqxY+mQiWj4foZEFgj6TQnR3fzdlmtVuCsauAx1bkEPfi0tiPx6S8F7rYr4yx+KDLWF1ZsMPKppkcCkHPbRBs7EWB5mplR8fWKUL9UjlDf7APa9YV5JYlrTb8tXDN4CmF8TYAUcg4oT04mcsyh4PEd1dXh4JLjl5BODAoSDgZC/Vxl3fLiLI5kYw15vrt/lgzLrq6YSbE1QPnYUAIoXtVY8pvMUfFUZr4pqAS6zAN/k1ZMxs3MyeRfuAQRQdDy3bLvSVukZ9G9jwxGturU5t6P/y08Y8YR6MbQZd6AGKH5/T+mWoVZhaQj9GF78W/jLwOJ+KVaT9zNckR7VDDBzsNOS05by5K7QyxvJ/1I03Zj3iqmTlv5GbEIGDwqAC4DHw3HWVn6a/dXntmY+RonQhH8cNJs4XvAZsr3o5gGrPWjQ3T0HDXyRHr/YzCX7yVECKWhp35tKMo0XImXToh5JPqTDy2RE0Ws3Du86asAlv2MLXxmdXe1X0W5OadMIrG2EdPKdKsOJqf6E+megsylfvuOQ62XBcSGIEEUvmvqP5bSJUgd4LiqqAF4qFb73GNRZhxRfz1Sbn8HjwL+DLWeZTpk1lvGf766gHwF0UPUmIQaP8vzsMc+IMfsepmWrBIvmCm42cpZ5lNO8yRGCAcikden26FrTgpkJEbJFNFU16igElIk98/JOCZMzLapWpB+IZ/y8R4zw01PT2R0JPtI0aDOARHzZdYzeICXJPIlrojBcSs9u8vGTWzzK7eLS/gymxICLjeFAC7iyT6tCymI7gbeT1BoM/t8Jb0Glv1VcsqyyMYSyTIGponBrcbA1e5DChV31c8OrAtDOeZ8n0r1bKY6jK2fEotpe+B/8R/mmnfO2ULB/Le1qR4WsSlovQl1yLQrO2HVo4JOqbJcaeIhNmfBlAAvlFN4UtS0PGScTFeVtBs72sGSmpZGmiXSZ9m15oR8kkV6YZdl7baeMQXZ6gnt6yJONXnPs1yIP9w9Y1pzDVYfkZ9yhlIfb2stMk0BqXZ8EhEsZg7fg025Mn4BVXOV0SyoFrLmKJI/D8QxmHu5ptryojEk2DSfbYYn6L/KAoH3AQ9h6ML48b+BVxSkkIAw3GoNVnWm0rCHX//kMwTkVH1mSUX2QEhIOdBQ1N1+yebc7zwH0+KoML0JwFqjFwF1V7keWkX905DpIi+HjFPWVgoZZigjMzq1+uobzCH1ZcLLwCpA7X6TayC/3snOn7fw8DIbSfrEtt7TSrZmSbZ6zA/z6wL9W/c8qj5ngEqb9Q5nQN8eB+vKcZJ0A3FRpPwb67LRZUs3KuWrv0rREXEdwznHhC4DWO+g+KZUR6iTWSd4y+b6jzCOukgMIHESKB3dzCGgg+ICCJ8lPKNj8HQjF9B9LLrn5Kou78YoLqoCxiIbfFsJowzNWZHA4VOWVkMQ2rKompjJL3m2mNFLycIHDsBJU1mQG6uLtTUo0o2X611nYzOeW+8K6m0gx7p7K3EbJJXQQa4aBnV83eQJkl8Vduby3nMz3l6ie0csm5yhXzDJcTG7QdUuSlzK87Cwv7AzYrf9kYFyUOs+pT79Y4lzvkIIrnbQ3RZfe6LB0sAi8KPE3VPgRr96H8OdtZO6NW84KSC+hJNNuLp0OCMFOwcGYxxNUUxALnYVXouZZWkARNVkKDFOfwy2eYRedGSQkr+CUdBhkAxzI3oCK0HJFLv5hc97ksg9KDdQrRgWX/88KsHKlJ3DSSezEUeXO8EZXNg1pJx+3EuGXDcsTbXLEI/CqYO/3y9m3DjMpyL7rdAola6tSncuUHyTR1coexYNVyl1cKO3G1Iu8aH5EHGO1xc0qkcIDeoHSGBCKepmvmEWihA+Bg+exA2d0E7ggVELuWJ6VKsreNqvbmblTLv435r3RtQ4lWxbXjDT1w1/ZZgD+WHrNhLmvmBIyzzRwiByC2En9CsTZ7207JYfovGmxu5Xo6lRIKgKiwFGXIORttJQ0lue1NOtl5nXYr2X/a14Z7XSa+26iCevDsVySp7EDqlD3gyhfJQ1YiWtk5zxoN4O3/IeRJ6APKNlSC3nXQ+Ogon5Q28lunp0W65R13IKoBmrDUCJZNVRYMpdAyvhEE/KuL2r2vq0A8yV95kARCYBpaQ23iN3E6+VGdLZivjfxvhrMhIm6ADib51PsAScoNQlkAlg6dQR2M4XGYMwRMDKdNI4dfIzMsNWTJ6TS9E2Z0lBKBqhx5nuod6FW0kwTVdOUBG0Y8pfXBHUe5lhF5QrCuvKFRqF7G/iB3jzMQWheNWvDUxsGAEthVWbskWdltdw4znV4Sj6rLTboeZiiMPPVUVm/ONXzCj/KFgWVTds7vUtlfGRbTzjaYc246MeNIJ8owC1SSPSS9ftdz6ydDO4ifpXA1khzdUPUDvmz5lF/Qm2cNUDfifUJKZ8HLZ5MdEroIcA5izu8rePx9/w5nrP+yKg4MpPWvvhcZQSJ4LN4IE56wrVOVLBHgiNH9SDlfO3BUqkdO24CDN8xzscZAQZrvMvqcUr6GcHLwT34HfF7HSzI4eR1yGdhmWT6yBP9fJ/2ivQXP4/Cvr2qvBNVEVdKroqrjNQKYmBXoTuPUzUNSH0q8mEToDCMWplHH0DDpehaMkIJcOTLo0VnJ4RLZAadnK4ICvv39VlFkoUhTUCieezyUuf8z5OEsUa39Fn4Ud/7q+RdG5kqL64N+r+JBWyL3kE7VO+xpCM4nVW784yAOmLgQygHYT1/E02XtTBm3QoRLNSM/qUPrbff3vIH4yR/rTBN0jUc63gkexfH7x2+zYUeXGZnVgrGFpEifn7olZRlmT8oICNxlIz51aRst1EG8ch7lL1VHRnJjmGJYH9fVXJfVwI+Gg6df6Cmi2CnfOUULlExT5y19awsEpli5nZRaMUbeUcgIWvPtY9LJWRT140ICR3wl061eLAUnVIFtRyGkNBGNiTu7cuCyH3qs7sgtqusaFMCdfRONaaikt/iAJ0C9ZwxRw/O8y3UGlqMWzQpL+WpCs7sGJGCR8wXGGCGPgHFesKCoPkII8zZPtbgdrNI1cXdhKDlVXiEY4frrFLKWhE1/9FM/rDZX0DP5DsXBwAlGj96VAc2QDlEPE8iR7V9q6lSU3N7YKrgg9ZQ9onA7XGcEnWn6Xv+Cq7By1rNth30BspdQimmHSlbkpmcsv8V2gQOYGHfQA/T++tefG57kRiQo/uumLr98FFUy9LSrlyhnL4D1vTMRJdJ1e2xsQ30O8yGk9Cx1AsmDO1ePgaDHrX0vz4TqEFLdUth0jBiPJc7ju9Seicf9/bpRQwaTSFeTBsJazsZP9HthbJq3xQlSVaOXHQusP2lJpOc3vvcsGQAHdepqCdYuC8/f6BnSNpAMroK8CsPkvz4hgJWpSHEPpvNVS1xgdWpFX5P1Ro1No4/PqoAy2xzK1/SU3MdOn/CU13qrBXsb6X6OvLZl5p2aJW3WDivA9Tke0W6bg72E1Gnfhax3Hgy0yHJ5apWQ1SLlJUogeDnrsI9tDEGLQtEdu1hPRP23GybxEGvLHTpvPwUluLlrWMzYO1Afp5pWKRNTH2wDLdkFF6FQ1sHTj0n9XD0ekwOT9FyY/7rb4BN0g402MGSSINHvdEkFfMarfeFeWrpGJggZcg18Bb1IpeL3TXyOHDzNUg3ON/xeNEkbhEu3v0Yrvj5GJQWsbCspMXybFyOjloYr9DTPZRGNre+H+H7zbcd6b4ptwCTr4uDWQSpbGNG41vwvC603YzpxfcUKVZ/+K6WvkNeChCWBC4AJ+m5Ng6FsYZhD2qnEZfgGAjovjBGuewxBAB2L7eV8+2HT7nXwhtIhhwO2as3hZULXWfErifdoNg94ErFIm5+bNlaOHcoR0j/XxnL+B2k5BTXVfCsqD4G89Otdtx5SFaQD/Vxtz/vzHbREcQDIGdYnP7JzO03+6/5L7AGv6rOiSdvBFRQYxmZYE9rLhywIi2LTRz/ieUO9MXQy+o1P7rReJX++wGV/8vZKlERAYyRoJPvf/L0jUiBJE7lqhr3D0XtKPujqb+OP0oqFWistZqI/B73r1aopK1XcYD0C+RNqKGDzc0sHxP2FxCQ8bTvxJpnt39Kw8JYW6ZE9oyPi7O7evDXnTUBwdjRrYuI+mX4MZ64iekR7O7aC47UpEEr24rOdU4b1qm1mAOOFzZ+LnRGCwhpV2O45/CE2EkeaHHyHqRvPQLKErS2XGRANyQB925TflEWhoJZe5xb7XnL74rH3jWmhmxByoOrJozTSVTe3Em/KKBfMAWKWxx4fD34twPrXIj0B3W9E71FT5/uEL7wxHTGBGvSA+3gxBUFteGhWFJZ1LBM20+TEcWUj33O0WJdDdhnlhEPIEjw1T0PS+j17BLy5iono8fVqllwAMuroHDZL/ChIJa+fRQwYWnNsfiQYFgfBjfEYlOWvo1osnoNi6KXOA6F2KjwEwlplqtX/CKwtvHgpkE3uwIfrx5bAnmarWbPp7ZjbSQfPWhqQ0LI8cewMVlbeXy40XK+BNFV/sh7QehHenqWHqb6lUvXfTIPDETfUkgtG1ho2BE3mkrIIfXNn6U8Zm4UN3dY9BW77cvQ1Yk671cfePrLI223a2zUQRR9N7HCsPRSoXGFAgqzDGwSoHW2PyHjDwFYnywTqNNWrKc6UESOmSS4JN7mbCvMS4TaUy2vqOBOiAu9fo0KEaa21ycD+mMTJdvrJQ2zrSY8YfaXhssDduxXSZgE/gRWERSxN7D2roRfFtnElQ0FE2apEOuIMwXv2tZv2n9sAP6IeF4FI57KGHYK5UxjaZ++ztNIHubUipjypzqGAACWCQT5Xg2Otv4IXW9205KMT530w06P4+dkhwC/hknq8rriys/sByaEx20GVjZlFos92nttj9QdQclJRQgVXG0nYjE8Hzxle2Jj8xUY47GDsiNyxjsSrhLubqPh/iZV7XtA4Lq+OThlX0U5ltKrvZzaXkqqH7coYoRKAZeakRsylbwk2HA5OOeuxNid3lok8hlX15YNOqLB7AJMhelhPged7j3jfKdhnGoxCder9j7rVRN5ZJAhdo1DIydj+Fm0s21s8hEo0Oe4OSRaZx6iIV+TcYMdtBC1kQFcy6TrsUgflkjt44b0bPWHIDomzcyKKSbxj6SU/HcO22ScRTT/8+CIBFzmG87QnE3CfD2QvbHP0dnGfeoxyWEPrQBFX/3thNQ0eenVd/R+KhJXfrMzy64meJ4Ar2iX4UEM263hz5V97VykmstuMGxCkJ5EPj8Fn/8kprGQKUa7aqlqgRqyxlmpSEdjrVlZCFGf5VVWhHF0DIL0ePErXw7atW9MW6i8UudbJW7unTgepw7zORzMA4vtdtOYm1vcfE3tjo8sd7BpwKH2G8y/4ETDxBF2m8XOYRLszfe+ZnI+o6VUQqP9q1qmXRtMLf4rnRySNjhz5Z+JVixt8W7EEpNWDIcXmxkpvSqTc8CGSqYEZhdowA+E+gupVk8rP8k3PivaLVn9QM17n4N+41RwqvKf7Nyzm8iCLLpeQRljlVYxda72jkdQbMhzrYKT5PGCYttQqsPSx8tXV9OCnJn37i05lBej5Gpw7qwyy0ja5mppdoClKnC2lSawCf2g+WVxzXrxYtkQyTMK87hKlF382TFUxtIYreZAoypcUt78Z3f6ddYpKGUHmIdE13kzHTmUhSto5Brew8jgsN+oM4afrzPiQshG1wAzXFS5a/cS2S7Ic0qc156E3m8OnBW7a6WftXuI29EG71RxgOU5HUxeLMVR5JuDTxCqBPk6C15QydraJM7q1p44Ao5MtBPw/qNh56GK5VXtSHQJflI8OHQNS9Yhdx2PbbqHwcXvM5lzsBjxdUU+aKAxaE6KdfgEY11xdyFtVmNe0XFaYz4u7mmMWSAe1RPX9h9eKvcyKppMOJSo6itDPLvj7Llp5cheGFZu3x3O27hoGvxWO2kHQQ==,iv:NxL5cRrQHg0ViGhZWd0aE0/3iL4iGspgbHxX3QJzCU4=,tag:blsRbJT4kzCWQyaY43fu4A==,type:str] +user-password-guanranwang: ENC[AES256_GCM,data:QcoWz1oD1ZKSQydD,iv:bHGiSm0EcZo+UB8JlNVUs0pRYCJS9817QFss9B4gW9w=,tag:Ug9Xdvx7LyVz44mM/zh95w==,type:str] +clash-config: ENC[AES256_GCM,data:naJN8z8yuht0bAZUkcYptePnQ62uDex2eMPSK9woJOpARPMZUW/h9210lYKizM5ALjHt20x6qvYnCochAE9lql9ViQDUB/2Cvr7LBrKrjNdJFnc1logHoeFIod3Tb1kdehhM1wnNw3jhYDGSNhL85RZbjGuJ4vFCELnbgReq/msnhEw45P2F/AuU299/ZoL48Q6ONZS/95XF+tn7tmpxlkK7QBL5lkyOAXiuvtHV6/mtVs7J+xphju12ZbI24xZldQv1tzc1hZOguKTvsHM+ljgsq361gQQz7ayon6IWMH8OysgC738/CmhLZSzcQQiuHP2zaintFYs3/pd9DjuN/UkTDg/6lickC5AXSYvXyV4M9piUVEyZL30owG1E5h7ctJApniFxGdfq87klKVooRil4TemSWZPAM9J0I9V3rXWDkzhhMBNWR6Rn4dC1203EkR1/L6x9NmenOyNhnVK2Jzk+8yZyYFC9MS4sXJL/ro9bPNIfF6VcQUxidT8ewpDQVzFNYyxVZL+4qaeq79ZOPi4INUf0CZUwHleLegw8OE9LUHC6f+BhehP4FVtNokpbsZ8RjKqAmqxl3ZZBscJ7LE41RHIRlFtgwBsDf/rxHW0kux2SwoE1hI+pz8TAk0omULM2FadxKhbIdGYSPBzQAoYcVZdzIY83ozfmeH76+afjJe2WsRGaVoAr3C7x/F2FvnbWeR3Ye4CduYxJ27z40jzRZLoV2yA9YtKSXr6eJURKpHD9ODPeTKa9TEi/wZb5BZ2Qh/9exLKLAB7yQHHzVe/qNBI1Tgb9e3SFJAooyyyR5vGBM7ARAvKgtDkykzP1L756/nl0sroU82O6y3oWkyyj2Pfh5JUqu2FQRC5wga9AE1zsSPlj2MUrl8X2ANUcueT/uZUx/OY94GB3CjSpWorzWigoVf36GzWrMluQIzgem9jXnxJAqW9J7kMyii+15nnbty8tvrX/nzBQ32wfE/v8+5VjhmzlZmYsTfrYo7npNTUp9JtvlctU7neghZpFe9KKCrhthYTmT7USJ7M9jo2Mk/zZnTcFLc7TR0rWUgBFTSuaP0VAUGz7xHzMRWir3nRm4pNwpUFWSkhohHd4taXcNnDIAUHKaJV0pLg1HdMNP4xK6AO2Bai6ko81ut6tY758OnJFSE3d+KAMyBDTcvOxKos3edzI6+f5P8aBgpI4NoNigALetbkoGohYFu5AqJuZJ4DHH2tjGZUkTDmywrVm4cYwNatujsyBr97t0bDTPFLnjdEdQIKYvRpxkQAq1WFUm+rUVGMK1fZMjQuJDFwOYWZ6TP/nvvZwS+Gm+PsxQtW4JfKQ1GntX1IRN67dikK+ZNedThla3RwH/w/0kd1tRiT3hZOqGwQnGrjJopJNUVgjpgkx5jyauUTeqT2No6MKXaQF2iSj2EBaWQTaukEtNOJBc5aIpECT7W+8UrjIGpWpr9KCnXnRoqAcdP93/N1G8p5z4f8SSPFOgWLRNY/nzir5dGcCknnTcSt80zAA4OpDZZ7j30Yhy4uBVCVEUYdGvJY81GqR6Q6DhIVQKeCuWqVjNEjFfyD3aGzkd3bDU7b3H4WkeviCUr3n/LSMBQgFzPJfYzwno36Mc4/1xH9eJxhB6XssgwC3CLNktM5sZ8MdUJYrES0dhziBnXrNbzY7Oihpm5TPv1KZW+jOk/Xg1fywXFj9VYdy5lY/yvrRVeKOyioRo5P1afQyTLMb0H4rRmU+JFwCdU5RCipvOlk5buqIZ/ydomaexUCJ4yQJYkjiSf/EIwSkYUCjBv7iYOMOzvIF531VTzO8101b54jo2BIQGL7saj9lNQUPDE7zxHvLcWSnfAnHM2mbnr3PfSMURgKNQVfdQJtovn15QZA2B2zYuUrS2/lcYr4W5tTabjGs4uUXCYqwzBP+Nqg/bjODEzDo0bklPLLUps+bg4VPGC06gJrqb3XS1IqGbuHPKlg86hl9mOhKPn1Yz4orEAwpXmHHPE3V0I/aE4zwMxcZQ1YnqZqb/+9G0AlmStbw4drti7opEBNWP4i3f4+ispUvfd8KwwsYhWsMXZ12IcIGBzAW9UpYfGcKUucBru4P9V4eudBfn6pK+PH1hq6PLh5VwVzOJlEcjSG82CwEGWKJYiuapLQ9FkWaYcW1jI1JfR57WYmcY4W7cGK+EI0/3Wd/FtRlmuHx2CY1ArBVMsoiJQttInaYVfsjmE5L+qlVwUBGeastkXFiDpl3Y9FrUm4NITTJIO5FGb/jFvoqT3JTF5r6/hOnGStzpsw2HdfyOmAmV147ffH7+oD7Vu1QUT6fonUl2u5gfh+Haa3ECcxsNI44hgMl+mlwqA3vmDEo6DooIB3s793d13PS27LhAThz1Q11DxdOy9uCEz+q0iK7oMciePLtvrLusCMM6a28mEka0rAhZKgApeKPM86rRgT8up6mJYiiJtJOHzFs073FwFNWCADc2ndGtQpDmjHAnLsDBNfA2Q3JAL08iSxcJ5bXW1vX7GM0C0prIS6JO8+Mr7U+ol0Ypuk5j2fTlmdcfYa0gOsnTZiKlg08vPXFQhZd/EORrsuaf8RHQiWqXZzwAQ2toiedoUA4LL9jR+Z/ay5yDJSzZC/ycdqMaEVAsTOk0BMKVeNSmZnolNtlOoDHVGYMIoTcCDMBO5ANZ28gdwT4kmB3AKMS4Gf9wlGS67aO70rhbIR1QiOFGRdkCMYOapOrXkcfg1SiiRiaF0NaRTKa+26LlGS4qvoj57DiDVi4C4NQeLQz7Z0Y3fU2o2up92YHTx/CzZ26ueuS6Ly7h9jUy1YqnifWCKGbFFMI6Jrkhlob1U3CCqvvUoydqo8G66R5Mx8xHg7mqzT4SiXiZeM3hetlvCTu59GFwaf6k1ABkyzJSjsTBQ1T7u9sLOmpTzcqP7wWqrh4lIQkJ57US+2J+zlVvEQ3btZaqKnITGtt9Bi9Vd6sA2tGJWT+vRL6je4FQ93Tc1R4ZCPoEgH9TLheNJCsnzfSNUALXAT32h5qb9thTkq7XeMOC+PV1N2n0oTamcejz9C4sCZzYLUBl3C85NbfEZJvnEhYHrnrVlCVAcvIAounlVPkHmiPUX2dUzzvh4mzCgUnR4xLf0NToRLaveLyhEfmVwvGdlxM2walBrwTCG29E2MNDMW3hk0LyR1aNtuwFGt5hz1ad6K24fAGxt+GeNsWFy+hBlXZ6IRc617N9Ylul3tphkJAu9nTWC/vO8lk51utrVBoL1rspT/4+Ibu4/bfoi+kJQBrywEYuHeggHbEDINcI5pHonK9Ewo9gnUjH/y0G4tuYOVxJIfRy1/9ewMuArX02yOd+JTrRMt3gOf1WeXkKrdbaJTe04fjW9CBzPGYNZXL/GONRvGiP+jo6YXj5yYge69urSk4NnROxlEm8r5sISRviOx3kuun4M/ZUL4XeASPfn4fkcJPZ8BTuz5CeCE284gsd4zdXyehef+Ww+4jmsPgUC/sSlymbZip9gc5cReMhtwzm3DrbLeRxEuhSPMjH+9VTkIymspEcCfzP+ppAhRH7ZjE0W6PVUzBeNF9Ddva1kV/4YOhIdFjyQ2q95yQK8aqsyIW8KnczY5G/e9sqc2JPmT7GVVv0oA99TMm+Ay4SFcGmi0niUuChhnuvtMKlaEtgLkLpmjzUKtvrtwD/DYLQCGm67v96+EyvaEC8b7boAyx/lf+1spz2emwzyWRufI0WrcV4ge1oOcTKkXbyrpPsL7LVjabkhjwkcEsoktRXmfvg2qidJ5u+QrY1LxXEdhT2Z4ymea4LzzTNWcg9hJow7zjia0ZdIrnoG1Cmo+IRD/D3YOcmUiX1zIcQKJjAwbipKFzmonOuOHn2D0jE6r4FZyYPoKDkcD0h6QR7Qb5aPmjcpD33s+HAvh0A/T5PNCtufhFuiDknguZ6K5lOyKrN/npNvtaGlAII3t9GdSFOzemdPu108CQEHVho3TT9PZ2rLnsyeKDv2gzL/wGrDm65GMoRCmjY5/ej590MEqyxxYonNESDgIQVnRthd2VTRWZbRmz6EMLgQvhouyJQLoSqo0llif3zF9UwBrTY2lzbeV/bZ0njrrAUM9NRWENC0sg3v33uJr52P0qXBwIcarwNxcrRGtZi++w6RWAjsrS/kxliZPCv2eT+MED/jbJ01wCIVOuxg3rfYEyNGSgQazmnP2B9074vzBF85+D9DOXBHwU705oDUaHMnfoDjg0Pt+sfk6mSOP2Y6v55gxqsXQ1l5nlQDEBJ5EXy50VAB18lZKlqGUVuIVddsunFqXEbqkkdCS74+SN0tjte8D+iWpRYSSz72KLZi44tnjy6KP88cDvsN4IlAGZZQISRPtQDAVFUSiZpau/W9L6MojpeECiaDIgjmEn2yvIGSbXonU3ohrirDATDJfNkdbXJnpE5ZF+nsBQFV7WBOiKIYnLioa5giuLO1uDuH1OFFHih/MvlfRK1cZxHlXxebqo7e1pTSULqx5muGfSOAAse0VZw877kDLgTcewlThTXVpGC5C1tSm8KeZvlFhdsvM+Fh/k+YyfaYzBsLz/foqZ2EcnZA/gNP5bFYMtHCgFzQ8ln47fe41wiT+H/98cELfrjlvp76rT6nGnBr9LEETTfrMJ5fSYXzmAunBhsioE3N5TxosEmYmBtrw0v3XAwdIkAoDdspX/3xgSlqcP5HlyXsF+D/l4oXnmmb3mpUqnqS+N7rWN2t3RJYKRjO8DNzOAVrZ6tLxTKDe4/GGURWBILJedL5dU5IuzYNYqF6hSVvk2ueD9rqI+8z8DVJFMiCN6/p2FW2zXvMoj1Yzymp8vqXLsWCe+NpthsdZVfZ12n5LY5CZ9ufNGQfUsiyarU1aOvyKZJh7zSQD4w1bhQPuTdCci6WcmpYG2A+HDDl1u7E1sB4W7OyewlwkGlef1ACJY7Ndw2jUxvCwFbia+bxPTuv7GGXyrQv5N6PFa5HyHkQGUB7DLyE10tzat6DD+BaX73Q56HN37ZLwPK6G7eKYDql5xaEmMvb07TA774uXZ4eiaQEbNo/8qcpeYzKoJS3WrjJaRDZe2/WMq056Hzi/monka3D5dsgjGMVUtjRpWD5gcDyUBiHZ7hbL83afqvf5i7Nyq11w/KVm+uJLFjrR9Upd4Z4SZYcQmg01Wg4cyBRaQ9e17y4Dsu/C65AhStnmbPsjyK3XttGFnLE4NX+v4XgjZtc+60t+TjIZTnpHnk2/hvVAcNl8TLmlrmOT3NcjcK5M8/E4DgyHcZik7sTb24CgvJ8FDRvGf2iGRCdH8KzXlmFbsa+sWrcmjSmJ7EaQMCo9XjF6illyIsglbeVH72bzKnnZ/z9C1vh6y0dw0a2tJlyGqnGI3bM7y6geCPkNXn0SGmnqVIem4hTjetV2+oOdffA+0MMzhmY/9GVf9wN+JKCebfQSDCU+MQ1d3u64AAsl+6NgwBHNj6xyTPfjRLypi6a6T1HBTruK9l9sp4dRm/iaXbqx+cuhcos9LhD8TPAk5CbG5x4eyVNgkAe+AuqSXbboCYgt9xz6VGzVn3Anc5xBfmsRRregP0M2ZNO5LpDX5zbzmaTNWWwWD4M2U8udj7ULzIw/a94ImDq3QGBuA98oe4ObXxpHZNw4/Snw4vAVR//GKDd+SPTFqRjlxRuRw7BZFikwYSmlIDlfw8784EV+++zMCPS68SY11GWbiGmq/Os+Q/I1erE7JLarjdnRoA0yUSI9i9xVjkObaRCNLs7nFCZAsOop6EiHyC3ID7TJ9FJBB4jwxgGL6XFVaNNf5HoZ/PnVILSWEibnTWbKUTnqXdUbwgcGGnK1+fCoElLWmd+70meg+sJpBnC65DXSqDewS6lv4yzRW9EZ64Hr9vkbDqO2PwLRlEg717J5EdeUn0TKXbs99PJGmPwB9tXr5DHvvSeChbUf6aDS1sd9tNRtdteyCFd01wVP2bqqKhAihv22N7VWPj0B8ii1F9TNbGiZQ/nloM/J6rO1PJ63uxDuLqbef/cm1DzXmGCvx+83/wZY950KUOMQD3+vQ6EPj+ra+wCbC4FVeVTnzUZysa6B8pRqjC2+JL9ApyehQJ9F/KsT1Z6wF4aMOT7aMUWKCJy1m/1fLmWntEjH9layX30fd3LvUa06Zyfe25FFDNpGze3QTwBJg04wGraZtGPn3QnVG05zb5gZ8Ja9/KX54jbiu2KLd3fZaIWXxrba2agPnsB3bSemKc+9aI22p0jsLlAUvEbrTFHawF8fFLATwQyxDZQ+K9SPDnXnAwq+R1HsK2gWm/00D5pVvPQsI3hdt/q/I1XO7qrz5Vj2pRx71FjGz7qLGZv5MpP6Dovr4w6Pzb77Hm8LWL8+XYcJNoPFLPz4AO8qiuNtwRLD7cAH4yDNaEM7exf0doUhSzyFbeVCs6s+Uye05Bay2gMdd3HoUHrSl0lPn7RH32hrd96Xn1Ov8ErGkNG3AYmFPRObLZ93JJRrXywYMgYEL/tNHroVCQZOhb5PySEJCWEfbwUPIwIRsA1u4hQ1T+Wu42qh/3ev+EkC6c4zSoLcXT0ePkh2M0ISQX1/NxfDitt3sTACGkHUuYkIdn1pM636duMAv+ugIxoOgWzxaoAyeBnCWkJxHBPbRo+sEuDbchfIBUm6iC7jojiSiE4pQIbUCk06RkgL9xBJFF1P0R3V8ABQcqAojZBU89F19It1EDDPPVWgggdmzcgmtNlxHpOhzflEyne7BPCN6up9ZW5pg+Y/0g1JNP22SwIe0gZsyyXmYxmxAEP+c6CsbHQwEU+hlL4X8jcvFegfwUr9a17cPxbpHEOfUpXNT1WCbaEKILrZ7zQd777l2O4/JByXMIMePwx2+PVuF0oYCgkeQwAaYO5qeQ9mk2JY/atvwIeN0g+CJNvQrcBE4xqZC5yaa2WV30gERHdxHcX/69OHGTs0GNmtGiXvWfD4FHAVsC0XbBcnFOwoqo6pNPOXY1VLiVLToDHRiILRWryYeAfiIFoCGjIKPd+RnbA+8kzLP9Lxilx3BT5H05unQKVZymqCnfPGzeaR/OfSzYJcG63hqk23FpGtx8XB2SeYeWeovEyrmshenq9vf27ivQLjHKoh8jlDSOmoraR5lg6GxatVh0Q0waDFbl5rI1S7qEgXY3X51B/o1rdOaKdMDaOSdGGnd3Pp/XL7gpdxlLWzgdsxni0Gukrkn/P3ZKs21/7oJ6VPPO9Iu8QwQ71e7LcBPCRr41QY+/3uShb3BcO/0d9eMhhpuLLeHQqvglJqoLAsQ1qtBnwwC2awOKbRz5etXBUftyf19H0wIsJ/kVaDfWPTW3rGKzKancL8Dn4fuaxbhZKVqE5DzflevHiliEI7QW1/Dfjs7oJUIWwSWOEYPw7scn/xFH5x5xiVRxvOJC9ZxVRXjqCWXxybkcc8Ee+AAiA4YFjddsEDrFEzFTEzI+yDfTX/eEA0WUnhA7MuW88u6AFwFGop3l383qav0M7/zbw4eMMr+AAK4j6Tk0FCW0Uy/sqIjr4AJJJjVoh74a+cK1+Ky64hX1W3jBm7Kl64m,iv:wQjd1aE5DXcEkd73MVD33eiJfa3BcTElKn71g+hdCec=,tag:z2dbxCvHuQAfAyorWgUiIg==,type:str] sops: kms: [] gcp_kms: [] @@ -24,8 +24,8 @@ sops: bEdVQ0dicTVaRkJUNFB0d3Y1S1hmL3MKFVPyIyjRkQcdimUE/tWxQzQU1cqkB5lN o+7a8JuA5gOxG7OInWbfkDe9/wSFCJW2S5z9jON/tLy6atPdmPYUdg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-13T13:13:03Z" - mac: ENC[AES256_GCM,data:pFz2HewxQ8hDL9Sy1gzkND+pDLCpqBPqid5X8+fNpEoETiaO12C6YaFu2zR2d9c7P3Nq+505Cr4gh/SrILtDliDnQcwnAPvkt7agfqIc6j88kg2xifjk5WSLDArB7NAPOUKBL7SS7YJorjKfHRW2nC/gpPC94Siaa0vNa/ZRfq8=,iv:8XlS0AIUGo19qJnDAKPEtUMDY1rxk2SOGmL+7jG3IiY=,tag:6WRru4UCDzvCWtaazbAdCA==,type:str] + lastmodified: "2023-09-20T20:55:18Z" + mac: ENC[AES256_GCM,data:wYff+kWkHdfYnEld2ix5DUpzr9lpuOz6hiXt2fUGZ7gqM7lngnZVyB6K0F1SlLZW0y4SSWR5I5h5q872a/0vnc4hnnKAvf7p2ZoHgsMN2GaDaykYKzTdKyDhrkdvIIvtOvJYUA6bj0m9gQBDL8r8pyT3ObrMRce7cU3iiPPTwKY=,iv:AsrGK9iv8YjcVv8m1j66M5yDgJ2dkIDkA3eJ0M0PjEo=,tag:B6hY20JB8CY/fUjtKVZsKg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3