diff --git a/.sops.yaml b/.sops.yaml index 84c46fb..1a3e319 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,7 +3,7 @@ keys: - &nathan age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 - &levitation age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw - &oracles age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn - - &perception age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd + - &perception age1rztv2778cf2dcpzcpth888cq7u3rdsl7tfuhv4sddysdnqjxaevqg72t5l - &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - &tounge age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6 @@ -40,6 +40,11 @@ creation_rules: - age: - *nathan - *matrix + - path_regex: secrets/perception + key_groups: + - age: + - *nathan + - *perception - path_regex: secrets/tounge key_groups: - age: diff --git a/flake.nix b/flake.nix index f78cec1..881fa07 100644 --- a/flake.nix +++ b/flake.nix @@ -145,6 +145,15 @@ extraModules = [ ./machines/tounge/configuration.nix ]; }; + perception = makeNixosSystem { + system = "x86_4-linux"; + hostName = "perception"; + extraModules = [ + ./machines/perception/configuration.nix + ./hardware/perception.nix + ]; + }; + fusion = makeNixosSystem { system = "aarch64-linux"; hostName = "fusion"; diff --git a/hardware/perception.nix b/hardware/perception.nix index 8557c46..cabda81 100644 --- a/hardware/perception.nix +++ b/hardware/perception.nix @@ -7,49 +7,54 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = - [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = { - device = "/dev/disk/by-uuid/49959c20-a0d0-4b9b-b5bc-f7601640d252"; - fsType = "btrfs"; - options = [ "subvol=root" ]; + device = "/dev/disk/by-uuid/94a2074d-be66-41f4-b92b-cb3226ab83a0"; + fsType = "ext4"; }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/68FE-F04C"; + fileSystems."/boot/efi" = { + device = "/dev/disk/by-uuid/6787-5C66"; fsType = "vfat"; }; - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/49959c20-a0d0-4b9b-b5bc-f7601640d252"; - fsType = "btrfs"; - options = [ "subvol=nix" ]; + fileSystems."/mnt/plex" = { + device = "10.0.0.139:/mnt/tank/root/data/plex"; + fsType = "nfs"; }; - fileSystems."/var" = { - device = "/dev/disk/by-uuid/49959c20-a0d0-4b9b-b5bc-f7601640d252"; - fsType = "btrfs"; - options = [ "subvol=var" ]; + fileSystems."/mnt/scratch" = { + device = "10.0.0.139:/mnt/tank/root/scratch"; + fsType = "nfs"; }; - fileSystems."/home" = { - device = "/dev/disk/by-uuid/49959c20-a0d0-4b9b-b5bc-f7601640d252"; - fsType = "btrfs"; - options = [ "subvol=home" ]; + fileSystems."/mnt/things" = { + device = "10.0.0.139:/mnt/tank/root/nathan/things"; + fsType = "nfs"; }; - fileSystems."/etc" = { - device = "/dev/disk/by-uuid/49959c20-a0d0-4b9b-b5bc-f7601640d252"; - fsType = "btrfs"; - options = [ "subvol=etc" ]; + fileSystems."/mnt/music" = { + device = "10.0.0.139:/mnt/tank/root/nathan/music"; + fsType = "nfs"; }; swapDevices = - [{ device = "/dev/disk/by-uuid/522c68bd-b23b-487d-80e3-fc41e2be130f"; }]; + [{ device = "/dev/disk/by-uuid/06554e1d-4e6f-4693-88cb-ababf5e98d3d"; }]; - # high-resolution display - hardware.video.hidpi.enable = lib.mkDefault true; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp100s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/machines/perception/configuration.nix b/machines/perception/configuration.nix new file mode 100644 index 0000000..16df9b5 --- /dev/null +++ b/machines/perception/configuration.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + # Sops setup for this machine + sops.secrets = { + "borg-ssh-key" = { + sopsFile = ../../secrets/perception/borg.yaml; + format = "yaml"; + }; + "borg-password" = { + sopsFile = ../../secrets/perception/borg.yaml; + format = "yaml"; + }; + }; + # Setup system configuration + nathan = { + services = { + borg = { + enable = true; + extraExcludes = [ "/var/log" ]; + passwordFile = config.sops.secrets."borg-password".path; + sshKey = config.sops.secrets."borg-ssh-key".path; + }; + }; + config = { + nix = { + autoUpdate = true; + autoGC = true; + }; + harden = false; + }; + }; + # Configure bootloader + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelParams = [ "net.ifnames=0" ]; + # Configure networking + networking = { + domain = "mccarty.io"; + useDHCP = true; + # Open ports in firewall + firewall = { + allowedTCPPorts = [ ]; + allowedUDPPorts = [ ]; + }; + }; + + # Setup home manager + home-manager.users.nathan = import ./home.nix; +} diff --git a/machines/perception/home.nix b/machines/perception/home.nix new file mode 100644 index 0000000..88d8a3b --- /dev/null +++ b/machines/perception/home.nix @@ -0,0 +1,3 @@ +{ config, lib, pkgs, ... }: + +{ } diff --git a/secrets/all/backblaze.yaml b/secrets/all/backblaze.yaml index 053ce77..16b31eb 100644 --- a/secrets/all/backblaze.yaml +++ b/secrets/all/backblaze.yaml @@ -1,4 +1,4 @@ -friendpack-backblaze: ENC[AES256_GCM,data:m1QFetDGUMQabN5waGU7tSaxLQm42n3HViPVATiICg==,iv:VpDfdQ8MqqRje6DlZOJ01b7ZHmrD0g+ADtj/KQY+LR0=,tag:EwlRWLqtuldTSdFsaetisQ==,type:str] +friendpack-backblaze: ENC[AES256_GCM,data:yafGzeKPXujuTW8ur57WNTQLiwrMeffz2+Mj3+Iuhw==,iv:VpDfdQ8MqqRje6DlZOJ01b7ZHmrD0g+ADtj/KQY+LR0=,tag:u7wTFO+bIUZSiWUbm4epVg==,type:str] sops: kms: [] gcp_kms: [] @@ -8,77 +8,77 @@ sops: - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqU3NiYlRINjZlN2ZkeTZY - Q0RnUG9yN3RyWUt1ZTlSUkh5RS96MUc3aWpVCmloTm5IcmI2Qmk5Q1RsWWdzT1Rn - c2dQdTUvK3Uza0NWZHc5dnhwT2hLQWcKLS0tIEtlbHBuOCtOSDhseVlTUS85b0o2 - aXFOeGU5SlpXS2RuYkFjQlhoS0JFYTAKb6qDVqy9IfSdIKP/L28Z62jVJpZyVHja - Yqmfv/Nk2lFu0OGK9uoeJyYXOuwreG8rbAcET8CsW+QJ1xEozj6T7g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcjlrMVVCdE0wdTFESHgx + OXVRMHBtTXhIbmZVc1BNYUNDTVk1b1U2NlFrCkhQVmN4QnllSm5SazNFRzhiZ1N5 + MmpxejRqSkRPUFo3TkpDM25hdUtpL28KLS0tIEkvRjN6Z2hIYThKZ1JSODJUOCtN + bXJWb3kvNHVaMUlkMzBDMVVFakhYM0EKskwmt2p8XNCndfStD4n/xz0hpWAYAI73 + dfseGvD+bOXPa0HpmzufTFs1VPn10AvVxXJ1XBMxrwKIYhiCTEqUEw== -----END AGE ENCRYPTED FILE----- - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZkFxY0Z2TjFoWnYvbkUv - ekN3RklZTGF3QU94K2xkaDU1SC9XNHRLN1FBCkpoeDI4emVYc0RXVUZYalhrbXhj - RUhUUkZFRi9CMmVMQ202ZElZRk1TUGMKLS0tIGVSWVZ6TzJqdmIxUVdESlcxK1lS - bDJvWFF3M1JGQ1oxZ0RhSi9hSEdQVGMKyCkiRJT0RZLDBg5VMWB7hVoQ2TWLlW7k - 5cYUhvEVJZADCV6VD6RmEwfJuuk4QsIxHg4kzACDc357mh8BeidgSw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVnRzMVRPQmw0Yk5VbTA4 + Wm9BaXM0aUdaOEVmYS85L0JIdzlQNzlUYWx3ClBaeVB3L0YzbVJtYW9iNi9ydU01 + allTVjVQUDJFTWZvKy9rOCtoeENBS3cKLS0tIGhFaU1Qd2FwWFBqV0lLSkJnc21W + RWovODNVaTJ3QzZMcmNPL2FmS2dFYkUKgFviRkY8PyGtFHYBbVc3rfHDnSjz0Njp + PI9TH0FEcxIup4BNHA7sH7rEGDfo0InjyGCM8vNhTqf6e8+ilky2oA== -----END AGE ENCRYPTED FILE----- - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SjdkZmdpVGk2bmxnSE9H - MVV4Y3VCazcwRnc2NTRXVXBJcE9hT05laVJRClA1dVFiSVROWHBNLzh2U3NKeDQ0 - NWozWDhhQVhScGdiNlR2WWh1RVgrOGcKLS0tIHh5ZGliL3J5S09ac0dQODhCQWdG - NDFSaWo3czAvMlRlOXpnZE9LSVZqaU0Ko4ZNMoBczWeDhA2BlDAmbB/oOzpxHq7r - Ubme3sRNOrNKJiaHntgoIZMWOukAVKBOmboAYjtvU7mlAk/zX4jVyA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUUc4aUgzaTRGZUU3eEVP + QVM4aDJhdzFsNys0bmI3UlYrbS9HcitGcmtnCi8zcFRxbDk4MjltM0FScm9LRk9S + UVhrdjhTUEt5REFmcmdsOHFlRXMxQUEKLS0tIFdOdUNQSTFHdkcrQ2tQdlJQS29L + NGJOc0xMQlVUUG5Xak16bjBxcmx3MWsKALxXIrQiCAX2b1os0irVN0exmE/HGzac + uAKlnrIqsH3PJO8d1K2fJFSX0Pf1nX+AB4b3F7vj6TEcAwvmJkrjig== -----END AGE ENCRYPTED FILE----- - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZWZ3VFhjcjUxa0Q4b2lM - c0ZLY3Nka3pXOGJqcE9xVFJOdUZwMDA0c2lrCjdLaWFqWC85Q0E5U3VOcWZhY3JT - eTN0SkszWk9YN0JBOHZ5Z1hoc0hNV28KLS0tIFBiN0lZbk5hdEd6bXNIblZQT0h2 - YnB2L3J5cDIzYXFscVd1QUVwZ1RraTgKv+/It3YGBzwtuKIuXCaG/QguSl6xTbIp - ZN2PUuVxrMkfy6wBph5WF7Za4hR1uIDfVf1HEgOo75Cry62VOr1RBA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UVVLSklFRG5UOGVRdjBu + TlFuZ203SS9VL2RJOHQ3S1NaUC9DK1ZhMUJRCkFUa0xNMnlRTlMwRnRHQ0FVQW5M + VTFjeFBaaGU4ZlJ2aUlxdUtQNGJQYzgKLS0tIHloL3U1a1RwTVJjc1BDcG9UZWk5 + aTdzZmJ6THhRSUxSQmRmZnR2N1k1aGcKBq5D7KM7lgHAPSkEbbvV5HIQBGba4r0Y + ynm16OZxpfWIzdi9uUnY2HivddIk3Ryjzf37qQ7u8qzI1rxByWRbCg== -----END AGE ENCRYPTED FILE----- - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1akRwaFc0TW11Nlh1Vjdw - ZXY5YTNMaFluMFlnZzFBdFprNGdFVjRaTTBzCnpzM2Z2R01nVDY1NVplMGt2Wk5P - V1JTekJyR1R3RlNKZkdlTVJuMHdGMEUKLS0tIDhHNkIwT3ZlNkh0NDVQakh1Qith - QkpKakptbGtsUDhISFN0K0FwWXAxT28KA2F8oCyPpuzxEoh9Gp7YceLmsOApU85o - zX9OqFoiLDI4oqR7io1LdpQZYgsslNRIDLAtN+7+0gyKeCeBC29LdA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnN2hzWHFVMzEwYi8yWlpa + RmdzTEVOdmVYaUZocWxaeHhXN0hrYzRSSkdzCk9WVFhDYjVqUEFmZU5HWnlERjFw + SUxmZ2RMR29pMkNUbkxnU1pSbkhRV1EKLS0tIFJlOXZoK29LQkg5bVNwelgvbW1K + QW9Ibm1mdlFzZUNITDcwQUdIL2RoQ1EKFs/uuO0Rgv7cjy2zSDaikNubtsJGcCxr + FUdNRJzQbEhUYexSJRbkfpigXGhpII8adFN56lqfHVKg9jJSPHlsgg== -----END AGE ENCRYPTED FILE----- - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bS9FRCt6Ujd1NFJ5QmM1 - MXcxQ2RvTlJ2cUdIYlhXenRGQWxQbjhSYlU0CklDaXZKc1QvMEpHNHl4MEE2Zlln - YlBzTEc0Z2xlbWZPNUpGc3UzL1RoS1kKLS0tIEtnc3Z4aldYaG5BVHRmamlLOTgw - Q2VzOUJvUDFPQVBjOU5VeSs1THRia0kKwRyeae3D/xC0NpR2ZCj9X95RmsHJ31vg - vPg9f5tUr0Z/6vmIDCIKiTe5ZrbKhrzGXz/i/wvRJNwvlD0stY3yiQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTml3aHUxMUg5N3kya2JJ + UnFEa1ZiS3Y3bVhycGVMU0xjNUFSVURXUEdnCklFUW9yVnhoMG5ldUY4aG5SRW50 + SlNpelIvR3hmdXRENURBcS9zS0pKbzgKLS0tIEJwdnBUV3hpZmNjMGRuWUMvT1J4 + SDZmY0JEaFpzVlFoeFplYzhmNU9ISFkKPcXjvRAqufMMPRafwjcEX8TfpQnukI88 + flVPDqE27tyPsB52ozOWbuGBGSdcsiQXOk+qJL82pak8XZVqI06R5A== -----END AGE ENCRYPTED FILE----- - recipient: age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuZFRCVkp4SlNiWFZOQ2F0 - UUMxeG11bjZRNDBFL05jRmozZit6U0hJSjBzCkdCcmdTblVEbGhybVFXOXBmbkpx - Zk1SSFNhdW0vTDlZK3BRNnhHMEZyY1UKLS0tIHdSUWVOWWk2OGZ6b2NJSnRjUms1 - ZkNwVkI4UGdvaVE0QVF4RkM0KzRldjAKN5bVMzi1N83Mt0G+qBEq6AuajSulep7H - NUDlYjdZPREcoeUR78Ywni1AmXfnsazt91jaJN2n+IKnsoqcH+Aa4A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkU3hYZE1SR1RNRm9teEdh + SXZvRUhiY2NoUGxZQ2lRS2VPSFE0T0pTTFgwCjRJenYrM05PL3BFZnhWeHFzK3E0 + eGoyMzd0R2paSnVFQ0xHL0VlcXcvcVUKLS0tIHdBMXRQMlQwQmJQTmQxNW5GL1lr + VmpFQ3dUWTA1UzBnKzFpMkZTSUxudUEKm/BslZ37XDD/ljIpHQelgpd/fFrpOqV5 + 9Fd4bAPsRFLakvRb9xaqBGLxzjGH5+3mi1gPLYWTbU8nWkkH073SSg== -----END AGE ENCRYPTED FILE----- - recipient: age1fe57fel46lk5n9t34lh5nl909gk88trwy9ttgxqk3up9d83wxsnsdmuu3a enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTE1lUWhra1pOcUF3WVRP - MVFjamxnbnBZcmdwMUFXaDA0aWVHb1lrblhrCkdOZXN5ZXRQUVN4R0NVN1p4YTlQ - VzlydGsybjVocXFUWFVCZVVtNUFhT28KLS0tIGkwZkI4MjNFWUM1c1hJZWNKdVZo - THJCcitiVmZlUlNJMGFHcEVFNkQzMEEK/d1EwRaD7lAJtmyIK6DtaQs6NIQCirlo - plFpHYkxxnfXRUtDSyK/hhnZiyAsXBhxo/yr5Q1v4mnMK7xG67aubw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOK0ZCWVhoZmtQZGw3Tm9s + b2F5YXpXQWhxWDZxOHZrUm9JeWFhajQyaWljCm1CalMwQTIrTE5hMjl0WjRpNEt2 + dXFLQlVvZ3ordFNvUXhmem8wWjEyV0UKLS0tIHRqVzByaWZad29ZcDFndWdRRkZE + ckJBYmovZ2JNMnY3dGxMeEk5MjljeTgKg/guYf2aL2iwHs/nSLkgTrIf+IukKRQl + SCCVgllLkno87MJYOLCJxLfo96i9cixXdDuP+qt34dnRvglZsUkXeg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-29T08:33:24Z" - mac: ENC[AES256_GCM,data:532kHcb/qLZSePtoxTwk7497UShNpmklNnMCU4WVWBAkyT5XRvIpKHJRWl1A/Ll0/w9Y9fjVxD97PjxE18LLsP7x8t6dj54Z9k2PVEd7U+GP3iy6QhJYJCwehYLiMmqf9T8wsiLyEVyXDn04pN62NQNw/F5n9kBbeWxSk3wuDtA=,iv:OaWeCvIr2mSUzVgytKcueeFN3tzfBoydyXgMxLSE/pY=,tag:bDkmi+W9cd9avpIVEJTEHw==,type:str] + lastmodified: "2023-04-09T03:07:03Z" + mac: ENC[AES256_GCM,data:nnGvDO7znv2oxWYZqwct8WmGIibsYWAAJlAI6vkLqcodqv+ifsPjTOEj5uZPNP5/uI/DpBxj6en/OwQT/hONEy1qIqza9bXJzz8uE2LY+Gp76pWY9RG4RD7/XYlHPrCRlnlXQ4OuCtr9mUkxCjr2iM6475abe3dZ3XnciZwJ7IM=,iv:m/L2QE9/B+lWvzDvBOJwAt67Tg/OkT2kKoSifAdXM6A=,tag:neDhfjzomskfxmRhEhiDGQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/secrets/all/tailscale.yaml b/secrets/all/tailscale.yaml index 70097b6..b24cca0 100644 --- a/secrets/all/tailscale.yaml +++ b/secrets/all/tailscale.yaml @@ -1,4 +1,4 @@ -tailscale-auth: ENC[AES256_GCM,data:gIlUyatbZxVrPAm0JS89OZiym07U6YHePSQcC0QlImSY3yfPFRO2izi8IcXFlqMcdUz1MOiOAIw=,iv:xTEvf1VSkoS73ulmFb/yJ37vVm8Kt3klzixgFR8w8Oo=,tag:xAj9JmUc3waoLsZ0bkZciw==,type:str] +tailscale-auth: ENC[AES256_GCM,data:eQaM1qg8PRYVBLAPwjOJhq5DO+MC+8fhZ68XDhDx1xv2i5G+wHhnC/cdF2N9v+ow6CaBMEa2eQAN,iv:gQNKvAugadsW65XsD0dLpCyT4CI1Is9QTrwC6hk1pLo=,tag:tSRK2brWv0ZP4gXcokok2w==,type:str] sops: kms: [] gcp_kms: [] @@ -8,77 +8,77 @@ sops: - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrRDExTkNUdmIwK3d5NFR2 - V25tTCtpT3M3bmdHWkkzcko0bGJKZUNCZjI4CkttQmR4Vmw1aVlpdXB0d2hkM0NU - Ujg1RWQ4MzdweHlTSzViUE5sRFA3Z0EKLS0tIEZZN3Y0R1ZWekdIRjFjUG9obFN3 - ZXFPOUhnTmRhdmtwMHVTYWNJUVpRTnMKIVKqX9q848MlBrRxjZ0sVqXI1WPhNGQn - IeuJy/GjqCi9/WSKy4+gyHIPRnu30xylH/5pLpmKHBtHA5hYcsx7FQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlT2RCenNWSDJQdEptMnBK + dDV0SDN1ejZoRlVDWXZ2RUhyREtRZkU2SERRCjRBYUcyQm9IRy9QU2wydHl5WW5L + NFJnNk14VWV6VzBWVVpoOTg5WEVTK0EKLS0tIG4yVGxNWUI4Qzl2UTRXQ0VGV0kr + YVczM29EM3NpWHRmZEdRY2cvRmN4T3cKus4LvS4V4yGv0WAnFmJS5A2SxeVccW06 + lSHOwVJmxinEHJo/2PEm2b/BDOtqF0xV9Oj6qZurhAOHchYarHmEvA== -----END AGE ENCRYPTED FILE----- - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMeDRGS01ycS96MG1CQlJW - dzlCTWd0Zyt0NDlvVFlMMkY2RlJlcnJkTW1RCkxLRWpQOXAyRno1M2l3R2lUOWk5 - UmlzWVJtaE1KdW14ZEN3dmp4bkwzbU0KLS0tIEhOU1FvS1BYdFVrb1puNWo5YlNP - UFUwSWJBV0VaQUI5a2VyWExLREZPZU0KfC2WeexDykrdoO1isYDr9+Xjt981+vzK - lBaNzKfOcHO1XyfJFpFff1thcMg8RkyMyUMYL6sYSkpcn9HO5mvy2A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZFVEY0ZUbW9ENmliMEJm + WHI4em0zM29jc1JXWDVsZi9zK3lmRTlFS0EwCmhhY0ZXbFpVd0J0T01jQlhXSUxO + ZlhPcTQ1NHA4MHhMWm5QektUb1FQZVEKLS0tIG5zK2Ira3VRNk1IREdLMnRaU09v + dm1ITjc5TGxpT0pqeG45dlZGZUlUUkUKNeOKy39YKawnH93mOq6EI6RkpHuasrYR + pyJx05yMP7y+c2cb5kUrr9R0aiYjTDQk0WiUikAhj+UGINQBmS/sSA== -----END AGE ENCRYPTED FILE----- - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxbSt6dFB5WmRtcUpOa2ZD - SlBZMS9UNTd2SFRHRm1NUGEwL1kxc1FSNVhrCnp4ZUlOcGhPM0NsbHhueVRhdE5l - cmhHZnErdzlTRXdqZEVlY2xvK2x4bmsKLS0tIFBBNU8yNTFiK2ZnbUZtODNaT2sw - aEdzV3NkeVdleWIvaG9KcHJwL3FFVmMKUW9HS+8Hz1AyA3gOWmBeva8jvQHK45e+ - YfmRXwUsNE1bTnayf0ecf55kBxlJPVFWjo3ray3dp34V1gW8BEMq6A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxak5teVE5VzlqQkN0bnVC + b3BpNGpDRmE2ejkzM1BxeXUvZWJrdytSelJrCm9EVnllYm0vMGpscHlsZWVBbzN4 + Yk1FL2tyb3lVL2d1T1U0OVE2TFBhZjAKLS0tIDlxbjZCbjQ5V3lCdmlzeW9CSTNq + dVZwSVJKUndSUkdtUy92bEZaanhDMEEKJtxus+E5IaCYzeWyZNRxzkGmzxpNskEu + 0uYyT+56dvf2oHqrrNOguS965lDXOepBjE+eU+g2iqtsKt64vy4tig== -----END AGE ENCRYPTED FILE----- - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNQUVHVVI5a29JaWVPSVUx - TUt5UWFqL0lrL25PUElma044UW93a0pXOGpnClFIeFBtVWRTN3orOXlFOWdWREVt - RXZxSEEyM2Y3VmdqUXRXUEwxV1I1QnMKLS0tIGc1RzdaM2pBUnZYTFlMYmZJU01l - UU5NTFVCcE9OMm1BMUFaZWZta01NU2cKUT6Ba6FOWPWrCHf4eMrtDm3eWdT0QX1/ - MzjwX1vJ0KyKwvZrOshEfoEdBl49u46hZLyMApH1i1Q5udMptAmUng== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMaFdJY2NLcFQ0d29RYXRp + RGsrenkzSlV3SHdpYit1ZTFxS1Btb01ycVhJCnJwT2ZaN29lWVZCWUhzdzBjY0Nk + ejEyZ0hNY2MwbERZTnQwZkFHcEpZdnMKLS0tIDY1b29vN2RCWXI2Q0MwbnFicm5U + ekFuMzBMckNJT0dLeXViUEsvRXVpOW8KgIM9qt1hnPG/MEcK8Jyw1qaV2/Gq6H3q + AmVMUGe9gp0WyscIA0izJEYS7RTZXU7kIiY8uAKrmPfqNy28nTRssQ== -----END AGE ENCRYPTED FILE----- - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGcWlEbG9UVS9RSmhZNkpV - dVkxalE3T2xGSGR5RkhxUlFqMjBKaS9aeUF3CjRjNmZ1NmlPcHpudXh3Vi9jYm1L - YnpLU1lLSzZkVkJ5eVNycFlZMFBpWEkKLS0tIGk4TTU3SjNTUWltem5BUXM1NFla - aktzT2FJYTJZbTlCVTd2bHE4eVQwSVEKcWRoSEMoH4b9v5z9CaO54F6CYxABZwyh - Xnx+go/wgosgt37XyaieldnfoWsXnXOJ60vFKVzKVP5lD1Do/2e4vQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0M244UDc5SEVNalhMdzda + aHdtOCtUUXNZeW00TGpnSUdNOUM3bFgzY3dBClNiTndyYVhqcEJ3bm9ZakxBQzgv + VUVyVHRqeCtxUjM1UVlXcWNBWHcydkUKLS0tIGpkQitoWEpFN0pQVXo2YUdyeTky + dE9GTDQrTWRPZGluNFo4UkhxTTVmcUUKUqaeUW239hp3qFPJHECA5j4LmfV10CQF + vOgnIMQvZU+SoUvICwgItJYLMlTeCkwrNXJY1zR+RFbpWue+wSoDBg== -----END AGE ENCRYPTED FILE----- - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFY1dVT3hUTjdxM1RCbE0v - WWppZlRlcm4xT2l6cTNVNGhJWlhLZUNvQURZCkx4QzkwWlBYUFZ3Y01raWduOEtu - WEw3eEJqeEdtOTgvN1ZERjhIUGw3Z00KLS0tIEJEYlZ6aXEwcnY0Ly9nU2NlWGEr - d0tkVjJBYzd6Q2p1cmU5SzRYK1B5ODAK2YPxyLWmTh+HkHHXXL5v0thHyHwCmsus - lwJ2iDFUKKyzTGgY0WJskTiLVgD/P18FpQTRlHtUttAVME/iRZCSLg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YzkrQU5MNllUL05Gc1Iv + YjhPQUhsR3hlYnB0N2FhVlZhT21pLzBnZVhJCngvMkFhQnJybkVyZXFaU1E0Z0M1 + ZmIrWmlmd3pPLzY0ZS9yeHhTVWJEUFUKLS0tIE1JRGE5Ny8ybDlLNDhGamx4cWlJ + QmhWVnA3d2oyaVhNUm1TUGFHOHk1UGcKGhsdX7+Ai0DtuBFrhGHlfnUtC0NKiZ2f + eMSuZs+allpnPNx5F4lmHvFUCU5/6LrPSxwGzQcpJXDL4rYarVpUaQ== -----END AGE ENCRYPTED FILE----- - recipient: age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4M1BxTEZxRVJpZmw3OXF3 - THhzeGNvRTgrbllsVU1aYTY2eHV4QjBpZEVFCmRXeXE3bUtuUFFZRStTbUQ2UWVh - VFJDMndzQit2ZWlrL0ZJZ0VWM01YWHcKLS0tICtIRVNhWGI0K0xpUmNRMWVRNUNp - MWw4Nm4zWTVtaTlUQmdTSGhGbGdHSFEKIUpFBnJ2X9VeBNEV6Ww+xsZIBsBojlJX - 4eavwJ94yzJBwWDsFPZu7UberGy+N5+MnyuYhnfIEQAfRson6DP39Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjdlRPUjByakFZSE1tdnd0 + dFFlVUd3TjJNaW9sbStlZE55SVlxNmtrU0NzCkNXSG95MzcwNlBTdlZxdVh4bTkv + NTZ1b3BTOHRwb0kwOENQMkRVMTlFRVkKLS0tIDdiSWpFMjZTUi9HL0pqdWhHT1pv + Zm10OWwwTjRmeXlEZTJTdnpHaDZUWlkKkR+Ri5M/+gC6KN4oBUMuLMyvHnTgM6Ew + csFSHZ/6p4vLPwqwICX8vUmGvZVZHSF8d2OW+rbnbjbstiH6LFvEOg== -----END AGE ENCRYPTED FILE----- - recipient: age1fe57fel46lk5n9t34lh5nl909gk88trwy9ttgxqk3up9d83wxsnsdmuu3a enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRlhyU1FGWWRLQlp6TU5p - UGUzS1ZoaENPN3Rkc1dVQnliTEhDM2xmanc4CnZXdU5NRjFPeklDdXkxQWpmVThs - N3pCdEo0NVpMQ3FsM0ljL1lMdE9ieTAKLS0tIHltck9Fdk4wa3hXMTQ3UEpiYXVh - cE10ZjhzQ1lrNVRMc0lVNU9vTi9RYU0KGvngbl9KxKxnyFTzOaxERZOi3lWeS8F+ - kRm7vkdY1Lk5jnX9RIau31jgJsQzJSdxgMUD4rtx4UFpeuxHicmuWA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOb0p3WFJmV01VQkNsdjFQ + dkZmREM1MW80dGIzS1oyVmh0VUJxclVRcTBvCjlMNGVoRm1SR1FlcXZKc0NMakh0 + dFpTcUNFUzZkUm9UeXd3c0JVK0RER3MKLS0tIGVNdit0NTlRYkttYWhTY2VMS1hP + Y25xOU5wY3FRbmg4Q3RtVWxJU0tPMDQKasUmTfJz39Yw1w3RcqNTkHH5s27XeOlJ + sUGrZ9SDlFsCTtCS2srSuZQoITF3JwuXOsjq7GrpU4KM40rRBSM15w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-11-24T01:56:30Z" - mac: ENC[AES256_GCM,data:AG0NvPmjpFAMGVjVw5aZRWrlmnRhGTtUQQiqc++7uhkD4BLxwCdBye9D2E+BWwelul1g8+WvjtTETOdxy9gZcMLlYnEQfAlLSXBMV3tAuMAsX+tVgaeaiChadAoUV6ybVo8CqjyisxXGoDD5csY4BwvqPvHZnOmsM6/M1rbRSEM=,iv:MTHdjmUmfmYLm2/ZsSxIAvu7z3ng0O8kTD14G5gi7kw=,tag:SCTVw57hf70ULmLPPctS0w==,type:str] + lastmodified: "2023-04-09T03:11:28Z" + mac: ENC[AES256_GCM,data:SpZeHtv9fc0vhJpgRe7lV/BXjZV/5R07cRODvEuaPa2fhQzxio2hTUuKVmT1KqorMqple5XQuQgfzivkj2Pq/UNvxVDj+yo+o7p6yBBRcG4TOZBliVNksFrpfEbycfQY/8qKicL9CpBs0mnRnQKHC7jatVSW0VYbmmUXw7yNRYc=,iv:gXSe+6CFOc/n5/1aDhS9QIe1hM1pahcYKriykW/XLSk=,tag:h/1dicnfxU0lcD6JeEFWFg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/secrets/perception/borg.yaml b/secrets/perception/borg.yaml new file mode 100644 index 0000000..7aecc23 --- /dev/null +++ b/secrets/perception/borg.yaml @@ -0,0 +1,31 @@ +borg-ssh-key: ENC[AES256_GCM,data:R4+0XdxgBuxcP9x5lcdnyuupR1DfI4CDv8CUHu752FgMsIjrBd5wiDKVPveizXGeoLQploMmvvSuBw6LAqmo1Jg3taWmTJrl58a03Bd4AiyYEqjMv5J4toNh4L02gsMt74eN1bdg7oqADjUTRcuzyQB2w5DqZxgQTHDW8vCMLW3d/4zWGSmaNZGuAilVHy3SyfRaCEs/q4WeSQZd4RgVHGCtdXPmhFk59aC8+mYvH44DsnYmwilvkboKudsSYj0fz9ZzevNnNmwuP/TG4fMKjbnlCJJ5v8x8UDmmcCpb2pmcipSW7v9QkIia0gf8SqmaItLQrjO/GXs4S7zHsz4VLF9hpIeOp2EOPNBgJ/rOMU9AZJB2ulBINzCfYQt/ivgYlQvppQtPP/ybKwCDD4Q+rp/y/pMG47jMjAsrUQH0kbkOKEjsW2a1OqIZiSW8xZep34+adTxADPKXxnUc+DlpwS6RVdNJVyH86OoO87p9s9fuKcnhML/xBljK8A72grkU5eZon+UEbZGeE5s1sGdLfwKJGuZc7elKqvP0,iv:tMHZzbOZZ4erq7kJF7yXamdzQ2h7SAsWWx/AxeGwZvE=,tag:vhpN/2fmsDipoI5D6a2piA==,type:str] +borg-password: ENC[AES256_GCM,data:WbYuJDQ6EIUmA8qM7cRFAqCPv1VJZMX/zlnAVRkFxWvs2JW9uL0If4zkZz9YXrE=,iv:Wy5CkS8x1Gpspr1FbcUij+dSkIBhlmr5ZwmUaICeVDI=,tag:ZfdVAUWcOjw9OKPYXb0vhg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVV2R5Q1VaSjFyL3JQTFVZ + SWpvQWVmTkYvZzdUVGd2Z0FPdUdwZG9VcVJNCkNPRzQvR0xCVE9BZlhRRWk1TnZk + c2FXVkJiU3dUZzB6b0E2czc5akRJTWcKLS0tIHZubURnbE1uVDlzM013TmtmQ2pi + anNVWXR4NFpLTGpyaHpSd3dkZWNydWMK7VlEJeLqm0h+uCostW/NqTzqE6a1BG0n + tgceY4yIRBcG1IxKBCRmzEbmoZFGJm6PucvZgd45oBk17Q1O03hGDQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1rztv2778cf2dcpzcpth888cq7u3rdsl7tfuhv4sddysdnqjxaevqg72t5l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwK2FSbWVvS1ZrbnJzUHFy + RUtBN3IzaEFBalRnNm1SdTdDY3VrQ0NLejMwCjQ1bWhNWHpyL2ZTaUJRU1N2ajRh + cFN6clJRMFZUcENjTUtWTklabUlnZ2sKLS0tIHVLU09yL0FEUlJZdHhFQ2VnUmJs + cVJRN0tLZEtSQk11Q2s5dWhTdjR6N0UKx9+pZQCQP5FQATcNYLksLGuMJR2m8AR3 + Iw0Ty8crcp9Kttx7Bh+RJJLlh9TTtB3mgeZO7fWA2H7xu+fOm32IAA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-04-09T03:05:47Z" + mac: ENC[AES256_GCM,data:AiocyLeU9bFvfv09IV35fWCWmQID2bjwWOyqbPOL0H7oZRq2ovzARcJOxyROWpQVgnUJ3mnl1IlDu/PlXXZ3Ll+o5otxjUjzTb7Ygn/2mNqXCl1O70LdP/UyCWNP3cAK8psoFKsFVN7N7+3/Em9Xf4xfLLUa5RM7llvLohNnTSc=,iv:UAa5/oM5agDra6xsGalnjECxkBU4/Piynmpjvys6hHY=,tag:feYWOa8GEpV8Tg7lSHFjbw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3