commit bd132b5ffd71777894dc142ea62784e0356753b4
parent 465ce92c27883dee7904f82a3db531b0b2bdacbf
Author: Katja (zaphyra) <git@ctu.cx>
Date: Sat, 24 May 2025 13:29:57 +0200
parent 465ce92c27883dee7904f82a3db531b0b2bdacbf
Author: Katja (zaphyra) <git@ctu.cx>
Date: Sat, 24 May 2025 13:29:57 +0200
config/nixos/modules/presets/katja: add `mailServer` (and enable on host `morio`)
7 files changed, 371 insertions(+), 2 deletions(-)
A
|
206
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/.sops.yaml b/.sops.yaml @@ -33,3 +33,10 @@ creation_rules: - *novus pgp: - *katja + - path_regex: secrets/zaphyra/sieve\.yaml$ + key_groups: + - age: + - *morio + pgp: + - *katja + - *void
diff --git a/config/nixos/modules/presets/katja/mailServer.nix b/config/nixos/modules/presets/katja/mailServer.nix @@ -0,0 +1,206 @@ +{ + inputs, + povSelf, + hostConfig, + config, + lib, + dnsNix, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + hostName = { + type = types.str; + default = config.networking.fqdn; + }; + primaryDomain = { + type = types.str; + default = "zaphyra.eu"; + }; + primaryDomainDkimKey = { + type = types.str; + default = "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMuEtG24S6ksVx04avtjwIrfijZvQMxe44HrAXjW+Qe7ZbBHtS+q8alvL21zHbe4VgAOTNZ+fCnqSif4TFaOQnwuGwWke5SRBHV6RmWLaJUnN7krjFj+oNmKnl5M3GPI62shhk4OlMgAdDrH/JApd4XTqR3m0U/8rXqPumfbHhzwIDAQAB"; + }; + ip6Address = { + type = types.str; + default = hostConfig.networking.ip6Address; + }; + ip4Address = { + type = types.str; + default = hostConfig.networking.ip4Address; + }; + }; + + config = lib.mkIf cfg.enable ( + let + mailAutoConfig = '' + <?xml version="1.0" encoding="UTF-8"?> + <clientConfig version="1.1"> + <emailProvider id="${cfg.primaryDomain}"> + <domain>${cfg.primaryDomain}</domain> + <displayName>${cfg.hostName}</displayName> + <displayShortName>${cfg.hostName}</displayShortName> + <incomingServer type="imap"> + <hostname>${cfg.hostName}</hostname> + <port>993</port> + <socketType>SSL</socketType> + <authentication>password-cleartext</authentication> + <username>%EMAILADDRESS%</username> + </incomingServer> + <outgoingServer type="smtp"> + <hostname>${cfg.hostName}</hostname> + <port>465</port> + <socketType>SSL</socketType> + <authentication>password-cleartext</authentication> + <username>%EMAILADDRESS%</username> + </outgoingServer> + </emailProvider> + </clientConfig> + ''; + in + { + + dns.zones = + with dnsNix.combinators; + let + TXT = [ "v=spf1 a mx ip4:${cfg.ip4Address} +ip6:${cfg.ip6Address} ~all" ]; + DMARC = "v=DMARC1; p=none"; + MX = with mx; [ (mx 10 "${cfg.hostName}.") ]; + in + { + "${cfg.primaryDomain}" = { + inherit MX TXT; + + SRV = [ + { + proto = "tcp"; + service = "imaps"; + priority = 0; + weight = 1; + port = 993; + target = "${cfg.hostName}."; + } + { + proto = "tcp"; + service = "imap"; + priority = 0; + weight = 1; + port = 143; + target = "${cfg.hostName}."; + } + { + proto = "tcp"; + service = "submission"; + priority = 0; + weight = 1; + port = 587; + target = "${cfg.hostName}."; + } + ]; + + subdomains = { + autoconfig.CNAME = [ "${cfg.hostName}." ]; + _dmarc.TXT = [ DMARC ]; + "mail._domainkey".TXT = [ cfg.primaryDomainDkimKey ]; + }; + }; + }; + + sops.secrets = { + "mailPasswords/katja@zaphyra.eu" = { }; + "resticPasswords/mail" = { }; + "sieveScripts/katja@zaphyra.eu.sieve" = { + sopsFile = inputs.self.sopsSecrets.zaphyra.sieve; + key = "katja@zaphyra.eu"; + restartUnits = [ "dovecot2.service" ]; + owner = "dovecot2"; + path = "/etc/dovecot/sieve/katja@zaphyra.eu.sieve"; + }; + }; + + security.acme.certs."${cfg.hostName}".reloadServices = [ + "postfix.service" + "dovecot2.service" + ]; + + services = { + redis.servers.rspamd.bind = "::1"; + dovecot2.sieve.extensions = [ "editheader" ]; + nginx = { + enable = true; + virtualHosts = { + "autoconfig.${cfg.primaryDomain}" = { + useACMEHost = "${config.networking.fqdn}"; + forceSSL = true; + locations."= /mail/config-v1.1.xml".return = "200 '${mailAutoConfig}'"; + }; + }; + }; + }; + + mailserver = { + enable = true; + fqdn = cfg.hostName; + + openFirewall = true; + localDnsResolver = false; + virusScanning = false; + + redis.address = "[::1]"; + + certificateScheme = "manual"; + certificateFile = "${config.security.acme.certs.${cfg.hostName}.directory}/fullchain.pem"; + keyFile = "${config.security.acme.certs.${cfg.hostName}.directory}/key.pem"; + + enableManageSieve = true; + enableSubmission = true; + enableSubmissionSsl = true; + enableImap = true; + enableImapSsl = true; + enablePop3 = false; + enablePop3Ssl = false; + + mailDirectory = "/var/lib/mailboxes"; + sieveDirectory = "/var/lib/sieve"; + dkimKeyDirectory = "/var/lib/dkimKeys"; + + domains = [ + cfg.primaryDomain + ]; + + loginAccounts = { + "katja@zaphyra.eu" = { + hashedPasswordFile = config.sops.secrets."mailPasswords/katja@zaphyra.eu".path; + sieveScript = '' + require ["include"]; + include :global "katja@zaphyra.eu"; + ''; + aliases = [ + "@zaphyra.eu" + ]; + }; + }; + }; + + modules.services.resticBackup.paths.mail = { + passwordFile = config.sops.secrets."resticPasswords/mail".path; + paths = [ + "/var/lib/mailboxes" + "/var/lib/dkimKeys" + "/var/lib/sieve" + ]; + }; + } + ); + +}
diff --git a/flake.lock b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, "crane": { "inputs": { "nixpkgs": "nixpkgs" @@ -249,6 +265,32 @@ "url": "https://git.zaphyra.eu/flauschehorn.sexy" } }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "simpleNixosMailserver", + "flake-compat" + ], + "gitignore": "gitignore_2", + "nixpkgs": [ + "simpleNixosMailserver", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -271,6 +313,28 @@ "type": "github" } }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "simpleNixosMailserver", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "gpxMap": { "inputs": { "nixpkgs": [ @@ -569,6 +633,7 @@ "nixSystemsDefault": "nixSystemsDefault", "nixpkgs": "nixpkgs_2", "nixpkgsUnstable": "nixpkgsUnstable", + "simpleNixosMailserver": "simpleNixosMailserver", "sopsNix": "sopsNix", "stagit": "stagit" } @@ -595,6 +660,35 @@ "type": "github" } }, + "simpleNixosMailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": [ + "flakeCompat" + ], + "git-hooks": "git-hooks", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-25_05": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747965231, + "narHash": "sha256-BW3ktviEhfCN/z3+kEyzpDKAI8qFTwO7+S0NVA0C90o=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "53007af63fade28853408370c4c600a63dd97f41", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "ref": "nixos-25.05", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, "sopsNix": { "inputs": { "nixpkgs": [
diff --git a/flake.nix b/flake.nix @@ -101,6 +101,7 @@ inputs.lixModule.nixosModules.default inputs.lanzaboote.nixosModules.lanzaboote inputs.sopsNix.nixosModules.sops + inputs.simpleNixosMailserver.nixosModules.default inputs.self.nixosModules.default hostConfig.configuration @@ -157,6 +158,11 @@ diskoUnstable.url = "github:nix-community/disko"; diskoUnstable.inputs.nixpkgs.follows = "nixpkgsUnstable"; + simpleNixosMailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05"; + simpleNixosMailserver.inputs.nixpkgs.follows = "nixpkgs"; + simpleNixosMailserver.inputs.nixpkgs-25_05.follows = "nixpkgs"; + simpleNixosMailserver.inputs.flake-compat.follows = "flakeCompat"; + homeManager.url = "github:nix-community/home-manager/release-25.05"; homeManager.inputs.nixpkgs.follows = "nixpkgs";
diff --git a/hosts/morio/default.nix b/hosts/morio/default.nix @@ -61,6 +61,7 @@ enable = true; syncthing.enable = false; dnsServer.enable = true; + mailServer.enable = true; }; };
diff --git a/secrets/morio.yaml b/secrets/morio.yaml @@ -1,6 +1,9 @@ acmeTSIGKey: ENC[AES256_GCM,data:XbTSbHisL5ZszYY4hvKplyWG98eK4DUeiSpA24Am/QPjEw8ofHWzU2WmV9hzj8Jd29Z0Yf0u/m5T/FESS2Gt9w==,iv:liySg99CmJ9RePJ84pD2+2mNsvZ4SbEXt3d58kDsHgI=,tag:zNwYe1ZfhFGmfP2s+OLj3Q==,type:str] +mailPasswords: + katja@zaphyra.eu: ENC[AES256_GCM,data:BSNsU+TBqGcprevSiTRvtzCxi8FbsBrLItrgwwYZAvJ8HhDXW9xgL9AX9mDi59Z8gcPhSWGhdOOfYGfp,iv:nSDOguVcatHJzAFim+bpiy9SV024MuTYcUHqgSNdkhA=,tag:kJ622f4I5pGhBltj466qIw==,type:str] resticPasswords: gitolite: ENC[AES256_GCM,data:g28//NtKEYL+Dh0+Ws73ZKySl1L0avxqNXVn5lKaj1U=,iv:mGQ7pYjeMEGTCS1l6H/h043M2oAhgMOAlUHkgDir03E=,tag:E/ps0EZmlMEm+ziWzXzQPQ==,type:str] + mail: ENC[AES256_GCM,data:wag5v/l0kQrhStO9P3ibtRtkReslszu4IfTEL8Ls4Pc=,iv:QCSveMAylefSBeb8Eaw6Av+1cA6lAvhtv1jNT8QUvIM=,tag:Y+HKURnEXPxKUSvGwaJAjA==,type:str] knotKeys: ENC[AES256_GCM,data:rlTFDvonfEQFST1eSHHcaG3e1CSt5paDUTvfoYmInBV7mjqe7PwT5dtg01W2ANZJYl+SN/cdI3eEvAdJvwYR6FK+7g1LPwn6G1coE68a/XwzsWM5WpSemmDfTykoUiguEUfRCZ0Q3M7YqV0/jDWrKMaH0iKqKqvlv7nEy6VXB5SZBX+aN18KvPVygw5FixQ/kD3XFI2HTTST4vqlMma3CTsjnK6Uwf1421JOIe3JR32qd0V7IfhFvL0mErMIRhLnITO9uJ//t1HJoeaOV7FEY4K6Ohacng1c68fkUjVX5wYBTd6X657nFqevvLiMRDiQnASOJrAJUAeq4Kwf5R7C/I/MeVh+1Hq/U+z4ZQKh/DViEE8+TkJwDMBAWarzlyOz7xDF8O+fj4iH5jTX8H3FmJLU/TVU0QXqnwjcAAVs/YNARNVt0wGdWTb9iyvD7vEIZE57wIp+TIGE8XFjOO11/DRC/0kC8HFkvoXke9IRrTIj1pCP1VIrv31v7aIyphWa5hBuBHfVb0f8g5eaqyKumM03Rge+Fo+jtM/NP7H2gao6uaZM/K4a625nVx+M1lUpW+1c0sIAME2SlDjSyuhTkMknOPGAAYXMwVQGazoOJna6sEBl6jYcgn31w3dHtJXGKyAB0eqELxjt5b0tzcBfJ4pXi7HO7w2yhKrqyL7GuE5LtLp5mkguC5eZbiX+VlGTLX6V2z1kDRUdYDDZMMh3cYGBIrGVoJhWx8xLWrLGm7TrvifiwYJq5Mq13tt2hS7HpY8T8YGBD2x3IdPAHtikZUYgv5cQxs7drSJi8zFQAwDUKofxhJQUvqrnmvNf+eiGkfgI7lQ0//NLg9o4t+5g+T3mV8IUkW4nbJsP46k6azQGBt3udYAVhgrFy/jTE++KrA==,iv:+5NBUUC1QhPjN+6E8nWhzd2SNuH9mLbhsFwDTm8Hy+U=,tag:RtSO5Rmb0wNR9ovtpwJIIg==,type:str] sops: kms: [] @@ -17,8 +20,8 @@ sops: bDRhUEtDdmlZa0ZENFhSVnNqVjFCR1UKEIkSg3tKFkwlnNXFFqCBtdZBGz1bEmWl wghkTtqTl++759zZAAmjdnFFQWs/AoCZ5g/GUidz6HHcFdxMpGVmiA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-22T22:59:42Z" - mac: ENC[AES256_GCM,data:5XIqoKdnnoHhX3Kkkq83X9cFu6Mm5OMDE9ZsjPBQ73fwgfl++XARaUhVVqKllvaCw4AHFQakS6VLgMfJ9/NrHw46fFUnixl91Som51T3+73JDi6ebCi69txNe5EYWRR5i3kWylus8dnnIWzTOouguFE6VT/fHPVZgndaiNScLqM=,iv:+Er27YY1//YQhvqnxVqO5hhwyiMCNFgo7ZRjTOtQiPY=,tag:bIuKUKHpdnjdcGq2Fj2xFg==,type:str] + lastmodified: "2025-05-24T10:37:35Z" + mac: ENC[AES256_GCM,data:JFnHKkVxPLkouEQBOlzmSMj0plONSonX5QFflualxJbjusCW8AZmURz/hUZ+10qveTDoLhZ6iL05m0gRYsfrLITvQ1RJH+mGSIoQngiK41j4bTFo9lt2Ih3voQdK+UYYGz4BakbPiLWu4+tTuP/zwc3Enp6dZCuNcuAmKA1AYts=,iv:TnHe4f67zUBIbz81q7amyQ43tzYU91hMfvYHwzR0dn0=,tag:x+AzafjgKW+0CR+ub0BwOg==,type:str] pgp: - created_at: "2025-05-21T08:09:28Z" enc: |-
diff --git a/secrets/zaphyra/sieve.yaml b/secrets/zaphyra/sieve.yaml @@ -0,0 +1,52 @@ +katja@zaphyra.eu: ENC[AES256_GCM,data:O/lUI8xz1zTMGEt68XiL+vN7z8RGa+nvh/W/PyB5W3JfF+cXkLVA2U8+LJ3cNt2hK20+erBG7FdzHUCahkdnjp9ItP7DmQANrhGUoEbfNusEX5XuTiTzdePt/DZc8/rxnG/OFVYYhWN9SvKtv2Z5PF0KoRtqc+UhwvCmE0K7hk5jeTFV34ZsczPY6fk5G5wo9Bp2YJtVtWhxebXOrOPXn1Oc/A7O5mJzU/KKz/6g0/gfA8NorgakI8lHI/+zTyk4UwcdvFisFhMtvwE2DGhneindmu2U3AeyigRMopl/4sua+LMLuKfuFYp2AJLrMB0tCRktjB8vUhBeWjbAJgNd2eTahFSxFXuy7cxFIARpcOi5jVSaya8+hbjq/hrd6W8DiMly8wukJOd+6wJwvWAxCd8dOfvB247l5Go1ZYTfkKDq6wh5pnKSywkDreqodgTr6h5d+aMX9FiNdmyq5l4hq9HoqJOsdLFSj5DN8YgIO2nGqMIQGi4w5DJlheCP4xgvOVDROLsZdlS+GCv/LXuAG1uWh6rzFoucVZqVB64395/EJjuTDSlwC+4RMmdDOpjr+lUThrKwWagMyl00ZczasTUNDRC7N8kldnjan4jDyS+9wl+vCgE1SGsmyQZqpPJGdk0Wmgu46h1oDSDgejvEHn0/Ew/4BC0V698VQ6wciNPjBqMG75nhtuZDRcc9nbUSOxWd99cHzA0bYX3EZcuqvMY4yOmL/Hq+mlNu8Sp0F7kCdkUmlDKtcnOXaq9vUO9tOfkTJqyXeSsJpLS/Se5kG6ow+3QmxgHrhTlCV7jeBaqxBlGfLX5oGRGrru6rQoNIQ6CtU6NsbMRFYstLFISk/IgYrxALGAOkLU+GsPg//rq26DgY6pnAwVGm18Ebbom2W7NSP0vjD4VmEDYX/AukTV8bhVy6ejfGWgdGN1r4Br8zFlUTaJp9VKgnknOCUKcP+zXbxlj8r6yHAj6UidtwEdYlEv2sjYpAGPwNi57XF4ufWhUGTSfG+n0PYarJln+s3V3u6I8pCJU2+SOuydGqf1WyobBMoOmoUN8NUrqP9fsKSJBvmE+dpBB0meMUCwRHBtrH8qkAar5tdHxqyYetdnoeqFm15+YPlwIUAqQnLdEtqJfnIMtXlbBuNGBI9ZPgGUbsZMk7hCGOIvY2OhKeBKgILvZcDE7udjGvKBHkZYBRdv/jWldZuTjYIlvyV+X39Z9hhlPHapobaVoyIbS0CPvR+ZOqWKk5r50Cm6DxZnYlq186wHDZLXq75lf5eLyWj/N5yiesQdxfsOdtQ0OhzRbhdnPqoNYfxDPtdCAXzFpzlBB9HElNQOzzuuJ98vSQn64Ct1NerG/ZNuFnhH3QmcWOqaxLvCd/U+Imb5GSkbnsB6RJWXlGGJZ80O8zROgoHv7XyUIV2J+hIKI5n8pXKMyv8tfAkC7+Mrzj8K9RB+YWYpqgltwnetZ84iBmpPJbSTHy5JNf1awIydzGAReS3kggMl+dbVrQQdDfc5OBPCttqqSRzZ/1KCzNB0XUBZzRCogahrI+7di1or0PNhQTklsY5rDpn7PJAubIM4dagZ0ju0acBJ/CxAcRkmVlLO0f/9LIT/eH6+D0tIHonxB876k2pacsflXjNXUUiTx6q523DpXuTjMJJ100TP/akIbTtwQYNtuyI6MKqpL3/maY75K6eM8wh6jXjQYs5OF5Fk7fQ7KzJH3tWUoQtKvISOcRIxRblt+78vtc9SVQooH452hwLVCKtbhTGN/aZt1NsyvU3/AA9w6OOBJ1biTAeBMvPBrnbDO+/5n2Lrd6E17wq7jKk0Rrp8ro7hPeaN0TJPw4a/QhNk5+PXsPJK/XqKu2RLyOMV/w/tyUrh6NCdOtwWs8EpHgQEfXry4NwjxezxPcNVvJcesWl47d7kkX1sPfgVFvn9EsC+b2990zqY53o6GGAf46XtOozEAc6AKomzSO9Dln9xMb3ze7p2Nfff78U90rf49i8ujfxjkbthg24pYXrBg5J4yySbwXRL5RoyLnxCcWGpTkILcSBZsc9puq2IGQofLjLrQ/HgnG533seY3MGNy3+LsIcXaQ82TikjIBYGs7q2/YuDMIW9ZbeCxfWAWBk2onAGI+/hM3meb3jf1CUY+JbOHCM6sLB0Ge5z8l+/Naq833gPco7NJenzOxIrqbTiDXv3WInJ1n/cKc1j6ULB9gh8P4y8TnGagQyGX3yde0BnXQ9tI8Vb2W9coQWGBwGbw3rw8vD4s61tEQrUv1cd3NedHbfmqMEuP5OZ9Qu/xuAGR0zgITED79Ir1JXRH/Ih/okqCsnHSXeksGvy35metR8mlCOsN6GXHtsnHIdHmd4JrMEGnyh83iv6ocTSGoT/jFPr+Jgl1gEQ0/wbUn4mqLQ9UDOJFzfQsoVCMpQNfRRj8UoZLava+b8AnidV0q1rOS2eH/eVhm9EWFUDPUddvoNzAQVzP3f8rKReu7sf/dEsC+R+iph48jH5RF2ueBbOalLKze48ZKg1fRSQJxZ6wRrDtGtoPvDebPOEpzSwqzwxSpgVx1b217gBK/LTSl4fs63FB1ENJurFPO6RHTY674cPZFXLy6kXjKsCEH2wLDUx7yEe59B3NE5SJMAgRf26AeboUcGiSi0EVlVF1LBGX3buuiZ9cJjRtD3Gj0l49uc4vH5HZ6sAMjYZ5IXuOi/MUDvDh1qWvEnwuHUw15yFCnuecs1XwqYUcEOLgKX9BhpQvXJ0XvqNv3UIu6a2pqViWEF38eGz5AVBjUqkQihxtIAx7ZjthYZXrwaPNd2RhYYfxQ5CY2lzL3ZJkwYUvio9csPlloPFcynlmfpDd16fw56/hbTanhEHeegBUUmIFkcXSCSuPYJg8Q+vE6z/i+dX1MweHuIcDiDdX3te4YwUJ+KKJTc9yPw6GEBvxKZRikSE11OK6Ygw1pXc+19QgDaIr5aD4wEDbSYExW4Hb0QDZNhaXWmd4hr1L5OaoXkEpwo3g4+RkdmWqvOjNVZxQbPJMwrIHsWYfE655RC0HjZlE6VghaTsCoXXtOUzHD5VeRUCEpyPZtuamx82tPvida52bu/XooHNKunPkIjvF9Xbd+f4faglCczvlYVSj3qgvjNsyTwu6ukyQTcqPAAs9FEw1MRP1rF2NUOdqFV6dukOs7XIT9Bw+eXmkfqrpRPz7l7bzgTw8LGRdUBIirLIbM4FnUOnZHM4bTwSfTr5RiJ1ai9TzvpBgIZrq1BB4RiNgNmT0fbGJkq/kx6QqFqXtZDDpq6UopW0XU5Io8sbuqTjeeJ0rP4I8YHXoCOujjtKoVVCDlstnJgq696vzposhMS4GBPapguAY2fpTTbwLZQSZdzy0ioVJHYxfjL2fvthmmnFrawUT68/7Ti9KOGpAAf7V5LNP1sHv8a89smiK1pFro9/L8L2vvBd7FxgqpyBZ+/gktx5iaQrnYL5jaTgHeeJCiApwuDtZy+yx31dEFgc95Yqk093oJ4gfjpPco2QOAPM39n6hFbqij/FdOnyVREei56tDWxcPSa77RDfRWHItm0D+OcsGlt095LuPKRzXSxzJdOOgP8c4ZnBE=,iv:SrH38ELq66a7qDkFPx/FOxxoFcR5Ut4IegrhH6XEF5A=,tag:9QBX9xHFoOudPbMwclFApw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1wpffcr5p88a2x9dzx5v3sq4jqurvygu94fx773n229fqk4p95qzs840cmn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQnpLNCtsZXh5Vkc5TGNT + WFRXc1BYQzVxc210eEVEa00ya3dBVkQ3L1RvCjM4NjNJdDkzdW5RaDJ5S3JEQXh3 + Y3dFR0RCQUROaHluZkVMelFaSTk5R2cKLS0tIFBUeVdvZkJka2ExTDVJUEpxMnlC + SUsxc0lhZnYrOUxEaW1QZitZSVhTcEUKVUIS/BjUGSbq1YhX/B+DB9nPCtJCNReC + JTE1yA9ZaCDPOhtm0cB0rZkW/decAsuQUJVpNVUmyzKPS/CTzrbCow== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-05-24T11:26:16Z" + mac: ENC[AES256_GCM,data:KQP4IvHkCVWUYoWmvThQ6MageJzohS/O+039Kg6MvPeWiLbPdIEJH9GHG1bvXZ47Xl3cPVlQwJBQ24g2iqYFkGRnwVpnJ4mz2v2fp4JaTP8DJdAAJS4Xl4pseMsatvbFL8ZVNVBXvbbbYGvWzE/muMQv8xZ6em+AwwACNjtPWV4=,iv:CJIeT6eYh1Oku4N6lC/ESBiyPtE7m2ffka1S9x2YHzU=,tag:HKkRE5+VSgxrn+QsoKykKQ==,type:str] + pgp: + - created_at: "2025-05-24T11:27:17Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAzmqVs6bjEjqARAAtAeqEbQKxPM7wmu5G/l+iAryOj1wiH80VDpkB1k2Wn95 + HY/HN/q2lTs6OeSLQCez4DAVHQV5Xme36AJRky1U5EH5vD8mN/MPNjFeKhJm27pa + DuainqxQOU18F1v9j4523uZu2cqBoNG1B7ih/a6LshNHp7cplUph0jGjOM5fl4k+ + poIhbzyAVQuk4H1tbdJH3Nm86U5mv0E4W59a8uaTAXwFK5aZBEUqBFZ/6najMf/3 + cC+wxhlTDorxUBdDuanOkOj2ICZixSL3xEK8+31s6IrJJaKkc30jaQGGoo6dXtfK + miKoJETuIGJzSeGDlCfql/lShwjzGrk6LhAb79hG5BZPInScuvge2t9EQc758Jdi + izbjYswv7FI2mky4B+KZpZau2std1GSgfy9wfQgciZwI0TSEblTAoXl8+fy7CFZK + vcl7ySfrBirvCkRtb9CN914EwtU7874WXSk0s9QyEfhBH6EmpxzOpHAlYQbJuFuS + Ydr7VOWtk2ryACN8Y5caOZrv50cKXXpD3SCY8pF/mVl/pKVfyxj1Gz2GvU2oHJXq + 21EA42SZbmslsYGuwGgRAJpPsxtpmB47yH60x4dfFPFiD/aIwsRSc+WdjkqintpH + GZna+npcxnoIBheMfuExUGI+2G1gyFWwtqW/vgs1BJ0bmHx+seMdfQKE38B2LQHS + XgE/xy7RqlArKlZKeJ+yeaS0ZNcSyNwGYuR1zKCg7MguTrixvp2ZgezYVRDx5lJj + KpJ9hbdCBhMyMNq0Ly4ZzNm1/LaNgWaOMgl/uIHY9OIG9iS1MvSA5JBvhOP/FxI= + =d4UN + -----END PGP MESSAGE----- + fp: 9D7CACD7039E5AD616FD25879F935DB630A167E7 + - created_at: "2025-05-24T11:27:17Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DaBViTd9dOpwSAQdAr9t7RooePOpjLzBUgOv0PpfohqtQDleyrodcDNroTVQw + s0qn+jywiyqdGiBLntKqeJdvDmaGGQUAWIEAg+bcVWDhFnvV2RGukjsEFTM1Jjjl + 0l4BI2pwtvUMJi31CuI1QYaHaT2sm0PrYgd2KUONMXKLzzEZJ66hsCwFQDRIUh32 + Box7WEjMEQlmTFXl/GkBIRQqVvVIrolHTWFLdE1tDGeiFqzCcD9zzf0hkB+Pcf7y + =wYiU + -----END PGP MESSAGE----- + fp: 321EFA52CF155E9FD646279E0FB0CA11985EB5F6 + unencrypted_suffix: _unencrypted + version: 3.9.4