diff --git a/.sops.yaml b/.sops.yaml index 5321930..734ea38 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,10 +1,14 @@ keys: - - &snuff age1w4hw2ntxrtfqhht63s9lf7nhjxjmdcc927hndn5ygcqqj532qssq4m2m6p - - &yukkop age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h - - &bfs-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj - - &bfs-pol-server age1fpytf05sg9n6ywpwkmn09lhpfvgtud9h75h76jhxha475zpnasqq952rpu - - &neuro-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj - - &games-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj + - &snuff age1w4hw2ntxrtfqhht63s9lf7nhjxjmdcc927hndn5ygcqqj532qssq4m2m6p + - &yukkop age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h + - &yukkop-alt age1vv46vn4hsn2lg6jy834cpu40c3mvqklldcm3hjtynrhwtpmlpc8szruz4v + - &nrv age1x04u7ftjgx8de2gq596e7frauze764cmn7jjwqnx8szthvfft5qq0tezx6 + - &bfs-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj + - &bfs-pol-server age1fpytf05sg9n6ywpwkmn09lhpfvgtud9h75h76jhxha475zpnasqq952rpu + - &neuro-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj + - &games-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj + - &hectic-lab-server age13h8twnwvgxn04l5ywtru89a6psw5d0uckr2eghxsjp88a5augvsstq5ard + - &umbriel-bfs age1jxntjca8q2vxvf2jaal4xyvm2ae6sh62fhv897694kuzawfrk5asj00zdt creation_rules: - path_regex: sus/home.xray.yaml$ @@ -31,3 +35,12 @@ creation_rules: - age: - *yukkop - *games-server + + - path_regex: sus/hectic-lab.yaml$ + key_groups: + - age: + - *nrv + - *yukkop + - *yukkop-alt + - *hectic-lab-server + - *umbriel-bfs diff --git a/flake.nix b/flake.nix index f698c52..b5d03ba 100644 --- a/flake.nix +++ b/flake.nix @@ -84,10 +84,11 @@ nixosConfigurations = { # NOTE(yukkop): in bfs one of dependencies is shadow-4.17.4 that # unsupported on aarch64-darwin - "bfs|x86_64-linux" = import ./nixos/system/bfs { inherit flake self inputs; system = "x86_64-linux"; }; + "bfs|x86_64-linux" = import ./nixos/system/bfs { inherit flake self inputs; system = "x86_64-linux"; }; # FIXME(yukkop): some why I cannot merge nixosConfigurations from `forAllSystemsWithPkgs` with this - "neuro|x86_64-linux" = import ./nixos/system/neuro { inherit flake self inputs; system = "x86_64-linux"; }; - "games|x86_64-linux" = import ./nixos/system/games { inherit flake self inputs; system = "x86_64-linux"; }; + "neuro|x86_64-linux" = import ./nixos/system/neuro { inherit flake self inputs; system = "x86_64-linux"; }; + "games|x86_64-linux" = import ./nixos/system/games { inherit flake self inputs; system = "x86_64-linux"; }; + "hectic-lab|x86_64-linux" = import ./nixos/system/hectic-lab { inherit flake self inputs; system = "x86_64-linux"; }; }; }; } diff --git a/nixos/module/default.nix b/nixos/module/default.nix index bc9f8d7..b082c70 100644 --- a/nixos/module/default.nix +++ b/nixos/module/default.nix @@ -11,7 +11,7 @@ let hectic.imports = attrValues ( readModulesRecursive' ./hectic { inherit flake self inputs; } ); - # Read generic modules seperately + # Read generic modules separately generic = readModulesRecursive' ./generic { inherit flake self inputs; }; diff --git a/nixos/module/generic/shadowsocks-rust.nix b/nixos/module/generic/shadowsocks-rust.nix new file mode 100644 index 0000000..2803870 --- /dev/null +++ b/nixos/module/generic/shadowsocks-rust.nix @@ -0,0 +1,169 @@ +# INFO(nrv): This is standalone shadowsocks module. Instance-specific is at ./shadowsocks.nix +{ + ... +}: +{ + config, + lib, + pkgs, + ... +}: + +with lib; + +let + cfg = config.services.shadowsocks-rust; + + opts = { + server = cfg.localAddress; + server_port = cfg.port; + method = cfg.encryptionMethod; + mode = cfg.mode; + user = "nobody"; + fast_open = cfg.fastOpen; + } // optionalAttrs (cfg.plugin != null) { + plugin = cfg.plugin; + plugin_opts = cfg.pluginOpts; + } // optionalAttrs (cfg.password != null) { + password = cfg.password; + } // cfg.extraConfig; + + configFile = pkgs.writeText "shadowsocks.json" (builtins.toJSON opts); + +in + +{ + + ###### interface + + options = { + + services.shadowsocks-rust = { + + enable = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to run shadowsocks-rust shadowsocks server. + ''; + }; + + localAddress = mkOption { + type = types.str; + default = "0.0.0.0"; + description = lib.mdDoc '' + Local addresses to which the server binds. + ''; + }; + + port = mkOption { + type = types.port; + default = 8388; + description = lib.mdDoc '' + Port which the server uses. + ''; + }; + + password = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc '' + Password for connecting clients. + ''; + }; + + passwordFile = mkOption { + type = types.nullOr types.path; + default = null; + description = lib.mdDoc '' + Password file with a password for connecting clients. + ''; + }; + + mode = mkOption { + type = types.enum [ "tcp_only" "tcp_and_udp" "udp_only" ]; + default = "tcp_and_udp"; + description = lib.mdDoc '' + Relay protocols. + ''; + }; + + fastOpen = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + use TCP fast-open + ''; + }; + + encryptionMethod = mkOption { + type = types.str; + default = "chacha20-ietf-poly1305"; + description = lib.mdDoc '' + Encryption method. See . + ''; + }; + + plugin = mkOption { + type = types.nullOr types.str; + default = null; + example = literalExpression ''"''${pkgs.shadowsocks-v2ray-plugin}/bin/v2ray-plugin"''; + description = lib.mdDoc '' + SIP003 plugin for shadowsocks + ''; + }; + + pluginOpts = mkOption { + type = types.str; + default = ""; + example = "server;host=example.com"; + description = lib.mdDoc '' + Options to pass to the plugin if one was specified + ''; + }; + + extraConfig = mkOption { + type = types.attrs; + default = {}; + example = { + nameserver = "8.8.8.8"; + }; + description = lib.mdDoc '' + Additional configuration for shadowsocks that is not covered by the + provided options. The provided attrset will be serialized to JSON and + has to contain valid shadowsocks options. Unfortunately most + additional options are undocumented but it's easy to find out what is + available by looking into the source code of + + ''; + }; + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + assertions = singleton + { assertion = cfg.password == null || cfg.passwordFile == null; + message = "Cannot use both password and passwordFile for shadowsocks-rust"; + }; + + systemd.services.shadowsocks-rust = { + description = "shadowsocks-rust Daemon"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.shadowsocks-rust ] + ++ optional (cfg.plugin != null) cfg.plugin + ++ optional (cfg.passwordFile != null) pkgs.jq; + serviceConfig.PrivateTmp = true; + script = '' + ${optionalString (cfg.passwordFile != null) '' + cat ${configFile} | jq --arg password "$(cat "${cfg.passwordFile}")" '. + { password: $password }' > /run/shadowsocks.json + ''} + exec ssserver --config ${if cfg.passwordFile != null then "/run/shadowsocks.json" else configFile} + ''; + }; + }; +} diff --git a/nixos/module/generic/shadowsocks.nix b/nixos/module/generic/shadowsocks.nix new file mode 100644 index 0000000..14c2115 --- /dev/null +++ b/nixos/module/generic/shadowsocks.nix @@ -0,0 +1,28 @@ +{ + ... +}: +{ + pkgs, + config, + ... +}: +{ + sops.secrets."ss-bfs/password" = {}; + services.shadowsocks-rust = { + enable = true; + plugin = "${pkgs.shadowsocks-v2ray-plugin}/bin/v2ray-plugin"; + # TODO: setup dnscrypt or a private DNS server for this + # extraConfig = { + # nameserver = "185.12.64.1"; # FIXME: this can vary across instances. + # }; + port = 55228; + pluginOpts = "server"; + # TODO: setup a TLS certs for this (look: (README.md) https://github.com/shadowsocks/v2ray-plugin/) + #pluginOpts = "server;tls;host=ss.bfs.band"; + passwordFile = config.sops.secrets."ss-bfs/password".path; + mode = "tcp_and_udp"; # default + localAddress = "0.0.0.0"; + fastOpen = true; # default + encryptionMethod = "chacha20-ietf-poly1305"; # default + }; +} diff --git a/nixos/system/hectic-lab/containers.nix b/nixos/system/hectic-lab/containers.nix new file mode 100644 index 0000000..f324c22 --- /dev/null +++ b/nixos/system/hectic-lab/containers.nix @@ -0,0 +1,108 @@ +{ + inputs ? null, + flake ? null, + self ? null, + ... +}: +{ + config ? null, + pkgs ? null, + lib ? null, + modulesPath ? null, + ... +}: +with builtins; +with lib; +# with inputs.dream.lib; +let +in { + + # networking.nat = { + # enable = true; + # internalInterfaces = [ "ve-+" ]; + # externalInterface = "lo"; + # # Lazy IPv6 connectivity for the container + # enableIPv6 = true; + # }; + + # containers.webserver = { + # autoStart = true; + # privateNetwork = true; + # hostAddress = "192.168.115.10"; + # localAddress = "192.168.115.11"; + # hostAddress6 = "fc00::1"; + # localAddress6 = "fc00::2"; + # config = import "${inputs.quteproxy}/nixos/system/quteproxy-staging/quteproxy-staging.nix" { + # self = inputs.quteproxy; + # inputs = inputs.quteproxy.inputs; + # flake = inputs.quteproxy; + # }; + # }; + + # environment.etc.nixos.source = self; + # boot.kernelModules = [ "kvm" ]; + + # microvm.autostart = [ + # "myvm1" + # ]; + # microvm.vms = { + # myvm1 = { + # flake = self; + # updateFlake = "git+file:///etc/nixos"; + # }; + # }; + # microvm = { + # mem = 1024*3; + # vcpu = 4; + # storeOnDisk = false; + # shares = [ + # { + # proto = "9p"; + # # securityModel = "mapped"; + # tag = "ro-store"; + # source = "/nix/store"; + # mountPoint = "/nix/.ro-store"; + # } + # { + # proto = "9p"; + # securityModel = "mapped"; + # tag = "fsRoot"; + # source = "/media/pool/mythos/vm/work/vproxy/pr"; + # mountPoint = "/home/devbox-user/pr"; + # } + # ]; + # interfaces = [ + # { + # type = "user"; + # + # # interface name on the host + # id = "vm-seht"; + # + # # Ethernet address of the MicroVM's interface, not the host's + # # Locally administered have one of 2/6/A/E in the second nibble. + # mac = "02:00:00:00:00:01"; + # } + # ]; + # forwardPorts = [ + # { from = "host"; host.port = 40500; guest.port = 22; } + # ]; + # + # writableStoreOverlay = "/nix/.rw-store"; + # volumes = [ + # { + # autoCreate = true; + # size = 1024*32; + # + # image = "/media/pool/mythos/vm/work/vproxy/nix-store-overlay.img"; + # mountPoint = config.microvm.writableStoreOverlay; + # } + # { + # autoCreate = true; + # size = 1024*32; + # + # image = "/media/pool/mythos/vm/work/vproxy/root.img"; + # mountPoint = "/"; + # } + # ]; + # }; +} diff --git a/nixos/system/hectic-lab/default.nix b/nixos/system/hectic-lab/default.nix new file mode 100644 index 0000000..80f9f9e --- /dev/null +++ b/nixos/system/hectic-lab/default.nix @@ -0,0 +1,20 @@ +{ + flake, + self, + inputs, + system ? "x86_64-linux", + ... +}: let + # Use folder name as name of this system + name = builtins.baseNameOf ./.; + +in self.lib.nixpkgs-lib.nixosSystem { + pkgs = import inputs.nixpkgs { + inherit system; + overlays = [ self.overlays.default ]; + }; + modules = [ + { networking.hostName = name; } + (import ./${name}.nix { inherit flake self inputs; }) + ]; +} diff --git a/nixos/system/hectic-lab/hectic-lab.nix b/nixos/system/hectic-lab/hectic-lab.nix new file mode 100644 index 0000000..e2f6f77 --- /dev/null +++ b/nixos/system/hectic-lab/hectic-lab.nix @@ -0,0 +1,238 @@ +{ + inputs, + flake, + self, + ... +}: +{ + config, + pkgs, + lib, + modulesPath, + ... +}: +with builtins; +with lib; +let + domain = "hectic-lab.com"; + sslOpts = { + sslCertificate = config.sops.secrets."ssl/porkbun/${domain}/domain.cert.pem".path; + sslCertificateKey = config.sops.secrets."ssl/porkbun/${domain}/private.key.pem".path; + }; +in { + imports = [ + self.nixosModules.hectic + inputs.sops-nix.nixosModules.sops + + self.nixosModules."shadowsocks-rust" # NOTE(nrv): impl + self.nixosModules."shadowsocks" # NOTE(nrv): usage/instance + + (import ./containers.nix { inherit flake self inputs; }) + (import (./. + "/sentinèlla.nix") { inherit flake self inputs domain sslOpts; }) + ]; + + hectic = { + archetype.dev.enable = true; + hardware.hetzner-cloud = { + enable = true; + networkMatchConfigName = "enp1s0"; + ipv4 = "188.245.181.123"; + ipv6 = "2a01:4f8:c2c:d54a"; + }; + }; + + programs.zsh.enable = true; + programs.zsh.interactiveShellInit = '' + setopt vi + ''; + + environment.systemPackages = with pkgs; [ + git + rsync + python311 + kitty + ]; + + # Secrets config + sops = { + gnupg.sshKeyPaths = [ ]; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = "${flake}/sus/hectic-lab.yaml"; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + # yukkop + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuP5NSfEQmO6m77xBWZvZ3hk7cw1q2k2vbsFd37rybU u0_a327@localhost" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJBLxMo5icX2Xyng7mcWGnIi+c4ZbVygjPhuU8noCkfZ" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxgLlX/15Fk7PgIc9FSrA7oRtA8qK4GXfOhj7ZlNUaJ nix-on-droid@localhost" + # snuff + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFouceNUxI3bGC24/hfA8J3VuBpvTcZh3KhixgrMiLte" + # nrv + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/EhBI6sJb2yHbTkqhZiCzUrsLE6t+CZe7RhS22z7w5 nrv@adamantia" + # github workflow + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKPEUArBxu7NUULT7Pi8ArtVxY1uVbIBSaeRKtqz1sz1" + ]; + + users.users.ds4d = { # NOTE(nrv): artishoque + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINcjBc57N6MxtMYAHEB/nwZ+OGsG3P1KWO1ZXvzQyhKn ds4d@ds4d" + ]; + }; + + users.users.sshuttle = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd4iU2E5fiwPwBbeo1ZPo0YBFEj9qBPew/KitaO+OHU" + ]; + }; + + sops.secrets."mailserver/security/hashedPassword" = {}; + sops.secrets."mailserver/yukkop/hashedPassword" = {}; + sops.secrets."mailserver/snuff/hashedPassword" = {}; + sops.secrets."mailserver/antoshka/hashedPassword" = {}; + + # services.mailserver = { + # enable = false; + # domain = domain; + # loginAccounts = { + # "security" = { + # hashedPasswordFile = config.sops.secrets."mailserver/security/hashedPassword".path; + # }; + # "yukkop" = { + # hashedPasswordFile = config.sops.secrets."mailserver/yukkop/hashedPassword".path; + # }; + # "snuff" = { + # hashedPasswordFile = config.sops.secrets."mailserver/snuff/hashedPassword".path; + # }; + # "antoshka" = { + # hashedPasswordFile = config.sops.secrets."mailserver/antoshka/hashedPassword".path; + # }; + # }; + # }; + + services.redis.servers."vproxy-bot-test-state" = { + enable = true; + port = 6379; + }; + + services.mysql = { + enable = true; + package = pkgs.mariadb; + }; + + networking.firewall = { + allowedTCPPorts = [ + 443 + 3306 # mysql + 25565 + 55228 # ss-bfs + ]; + allowedUDPPorts = [ + 51820 # wg-bfs + 55228 # ss-bfs + ]; + }; + + virtualisation.docker.enable = true; + + systemd.tmpfiles.rules = [ + "d /var/www/store 0755 nginx nginx -" + ]; + + sops.secrets."ssl/porkbun/${domain}/domain.cert.pem" = { group = "nginx"; mode = "0440"; }; + sops.secrets."ssl/porkbun/${domain}/private.key.pem" = { group = "nginx"; mode = "0440"; }; + sops.secrets."ssl/porkbun/${domain}/public.key.pem" = { group = "nginx"; mode = "0440"; }; + + services.nginx = { + enable = true; + virtualHosts.${domain} = sslOpts // { + forceSSL = true; + locations."/" = { + extraConfig = '' + root ${"${flake}/nixos/system/hectic-lab/static"}; + try_files $uri $uri/ /index.html; + ''; + }; + }; + virtualHosts."umbriel.${domain}" = sslOpts // { + forceSSL = true; + locations."/" = { + extraConfig = '' + root ${"${flake}/nixos/system/hectic-lab/static"}; + try_files $uri $uri/ /index.html; + ''; + }; + }; + virtualHosts."store.${domain}" = sslOpts // { + forceSSL = true; + root = "/var/www/store"; + locations."/" = { + extraConfig = '' + autoindex on; + ''; + }; + }; + virtualHosts."snuff.${domain}" = sslOpts // { + forceSSL = true; + locations."/" = { + extraConfig = '' + proxy_pass http://188.32.215.29:3993/; + proxy_redirect off; + ''; + }; + }; + virtualHosts."nrv.${domain}" = sslOpts // { + forceSSL = true; + locations."/" = { + extraConfig = '' + proxy_pass http://127.0.0.1:22842/; + proxy_redirect off; + ''; + }; + }; + virtualHosts."yukkop.${domain}" = sslOpts // { + forceSSL = true; + locations."/" = { + extraConfig = '' + proxy_pass http://127.0.0.1:9855/; + proxy_redirect off; + ''; + }; + }; + }; + + # === WireGuard (disabled) === + + sops.secrets."wg-bfs/private-key" = {}; + + # networking.wireguard.interfaces = let + # subnet = "10.13.37"; + # externalInterface = "eth0"; + # in { + # wg-bfs = { + # ips = [ "${subnet}.1/24" ]; + # listenPort = 51820; + # postSetup = '' + # ${pkgs.iptables}/bin/iptables -t 'nat' -A 'POSTROUTING' -s '${subnet}.0/24' -o '${externalInterface}' -j 'MASQUERADE' + # ''; + # postShutdown = '' + # ${pkgs.iptables}/bin/iptables -t 'nat' -D 'POSTROUTING' -s '${subnet}.0/24' -o '${externalInterface}' -j 'MASQUERADE' + # ''; + # privateKeyFile = config.sops.secrets."wg-bfs/private-key".path; + # generatePrivateKeyFile = false; + # peers = with lib; with builtins; let + # pubkeys = [ + # "3dVzf1jxnVVTkLAyxedW+kRQBexZDzYDwpaLIcTrLjc=" # nrv (host: 2) + # "Kk2d0ncj24rO0qbuKh4V4t1OLnmVYbeaYvuEnL2OPFM=" # lysmi (host: 3) + # "BkM/NEDbR/XQ6WYQ0Yt+nJrc2HFCVsoW4QxBmkqxHn8=" # yukkop (host: 4) + # ]; + # hosts = lists.range 2 254; + # zipped = zipLists pubkeys hosts; + # in flip map zipped ({ fst, snd }: { + # publicKey = "${fst}"; + # allowedIPs = [ "${subnet}.${toString snd}/32" ]; + # }); + # }; + # }; +} diff --git a/nixos/system/hectic-lab/sentinèlla.nix b/nixos/system/hectic-lab/sentinèlla.nix new file mode 100644 index 0000000..fd20c22 --- /dev/null +++ b/nixos/system/hectic-lab/sentinèlla.nix @@ -0,0 +1,26 @@ +{ + inputs, + flake, + self, + domain, + sslOpts, + ... +}: let + port = 5869; +in { + hectic = { + services."sentinèlla".probe = { + enable = true; + inherit port; + }; + }; + + services.nginx = { + virtualHosts."probe.${domain}" = sslOpts // { + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString port}"; + }; + }; + }; +} diff --git a/nixos/system/hectic-lab/static/dice.html b/nixos/system/hectic-lab/static/dice.html new file mode 100644 index 0000000..6195834 --- /dev/null +++ b/nixos/system/hectic-lab/static/dice.html @@ -0,0 +1,204 @@ + + + + + + Counter App + + + + +
+ + + + +
+ +
+ + +
+ +
+
+
+ +
+ +
+ + + + diff --git a/nixos/system/hectic-lab/static/index.html b/nixos/system/hectic-lab/static/index.html new file mode 100644 index 0000000..4c38c3d --- /dev/null +++ b/nixos/system/hectic-lab/static/index.html @@ -0,0 +1,16 @@ + + + + tg test + + + + + +
+
+

TEST (again)

+
+
+ + diff --git a/nixos/system/hectic-lab/static/test.js b/nixos/system/hectic-lab/static/test.js new file mode 100644 index 0000000..43bf62a --- /dev/null +++ b/nixos/system/hectic-lab/static/test.js @@ -0,0 +1,41 @@ +function webappInit() { + console.log("Init start"); + window.Telegram.WebApp.BackButton.isVisible = true; + window.Telegram.WebApp.backgroundColor = "#E60C0C"; + let initData = window.Telegram.WebApp.initData; + if (initData) { + console.log("InitData", initData); + validate(initData); + } + console.log("Init end"); +} + +function validate(initData) { + const urlencodedData = initData; + + const decodedData = decodeURIComponent(urlencodedData); + + fetch( + "http://localhost:52022/rpc/webapp_auth", + { + method: "POST", + headers: { + "Content-Type": "application/json", + "Content-Profile": "qutegate", + }, + body: JSON.stringify({ raw_init_data: btoa(decodedData) }), + } + ) +} + +function waitForWebApp() { + if (window.Telegram && window.Telegram.WebApp) { + console.log("Telegram WebApp is available"); + webappInit(); + } else { + console.log("Telegram WebApp is not available yet"); + setTimeout(waitForWebApp, 100); + } +} + +waitForWebApp(); diff --git a/sus/hectic-lab.yaml b/sus/hectic-lab.yaml new file mode 100644 index 0000000..20ce63e --- /dev/null +++ b/sus/hectic-lab.yaml @@ -0,0 +1,74 @@ +mailserver: + security: + hashedPassword: ENC[AES256_GCM,data:Z03x7tWHIhlRPaRZSrukyYOKhs6LdasZhZdizHdhlaJp2bywQZXKBaDABj2ab4rhwAPCHWhSiBjz35zV,iv:Z3hLC/A4YLVQkflr4cg9/wkKzo/RUdnLTwYC7ZhS0Hk=,tag:mSF/mbzH7iG6PwzyEsmyGg==,type:str] + yukkop: + hashedPassword: ENC[AES256_GCM,data:kwEki7VMcqKGN7MHJ3Ktcky+9w51v7XHsDzB1WGYkg228tEjY5xECokl0kWM7q5+wNK+Tob4lbq3BNkv,iv:ULaAjXXSrXAuoYF6PMlRhkMmmP29ce9FAxzDvTg1X20=,tag:3fba4FQFRSo/k8Ekp5w5qw==,type:str] + snuff: + hashedPassword: ENC[AES256_GCM,data:Dv0vhe5LEFbAi/hadztQUTrRbPENSTxxOSTM7iwosH5kO28FCK56ZkKD8p/CLva6v97Cp2sWAXwd0fS6,iv:nUF4deb/8iF1mS5h+Z6oDE16YVQZ6ArfSnXG9DzqzLE=,tag:rKKlkYOl5oABbnzEjTOSVQ==,type:str] + antoshka: + hashedPassword: ENC[AES256_GCM,data:6Rgj4JIrEF9ZRRRwGpV4yCdS7cw81xKLfavuii1cHqZK3JDlD2HOAVYgrrl+fWD6rNxUPAXpVuAIgxCu,iv:Y67je0qtEpnbwhiYXL2FJUAedPlKdTTb6wGeSVVEaPQ=,tag:Thvt+gsebEjoIjwOmNgBGQ==,type:str] +wg-bfs: + private-key: ENC[AES256_GCM,data:/J02asiesrQcsO7Xbq66HQIQeSPmFEMkM2q/z+9Y42K8SYEQP0OYQz+8fXI=,iv:PdGhPWgGxhe0a7C6CaVM/ePKABT+y8HRFOAPzNwQk+c=,tag:9AI30JFh6uyaXXVjMBJ1zg==,type:str] +ss-bfs: + password: ENC[AES256_GCM,data:S8mqGWlNbB9WKgzZsRTmnb3AlpLfjYcmJiVUH/ZDgwIJwY/5COwtOhj5qTZpHIVwzlbYoSXLc2nkLledUrjouA==,iv:wGuQm/ExIS6llI0enxm6J0z2PdT0uSEsL4Ra7fxKK8E=,tag:SvDYcpzoD26FO4AIqHE3RQ==,type:str] +acme: + porkbun: + api_key: ENC[AES256_GCM,data:HPfPUNe2N+1xrJ6+s+MaQo20r/Mlb7+U7hRyd28s+PzVG+DBp7H/WQ54WkIRrwGOCMrb7gM0B3wBq2TbIQjHuQ0amwA=,iv:ITg2xcff+3jL5wAN4Ku0CYditv0PzytWyE/yWEzX5FM=,tag:wRo/8ThcETau+jw7sFXoIw==,type:str] + secret_api_key: ENC[AES256_GCM,data:Rl+SNkFgYdWC+Mhrcgaw5+eOvhFt9OU8QKlDyh3KDFM477a3dXQlhYZjQGFcR1T/1FIIT/6/XOqDO/1s/dd1yxuftlI=,iv:JT2rSayOGmSnN0pBhIkPCRY+zQhhM0JsF+SNmLn4OeM=,tag:WxC1EiJns3VXIDRT2R3QCQ==,type:str] +ssl: + porkbun: + hectic-lab.com: + domain.cert.pem: ENC[AES256_GCM,data:xwG0bHKicDr2yztWVeTf+wfH+U1aq+es/HYnCy9aR0Kn9LUyy+khUq/FQk2LX5TB6f1fsbVGi+N3lgDxkzUHlMD//wKgPhHvalTzRaFMmg3FnnPrLXSWNqhhRgQZ2mQMjOHoU9gZVAFYztUUCQw1BmiKzg/rgc/6y5Lo2PaMSa0nr7jqTDfKGJzGMJlgf/LOz2QwtirFG9MaYZcI9h9Z67FbdCBihCR68anP+Z//j5LUmS8NWmwyNsxjfBX+N3/nK7EFnD/4LesfweChz4/paPCNdnkdh9rTVZNvJLJ9/JH8Z/MppMb4+e+Rg9yedob+zUbVjAbwFVpsaT8w6CdQtAUrmmnn8KpG7Y8nXYPnhmP5j+TS35gaoK/rUAqsZqG9HoP+X1AS1ueXHuB1H0l8+vDhPvMWkHMic5Bm4ECui7seAYdsNLfXOIpaHJL8mLCWCxqhG9WKhZX0H7e8Z/d/mgbryCvUgojYKTmFcx5TBKTn5dXR05nyNOiPJGKMxlmkDyFYCAq0idk31dXT8VFUp4ub5fmxeMlZSO9K972rNJOdN8x/KsbwG5R46LTSOt0r7N3NS/EXg2zHq0SIz5sr76DYsyCJDGxkYYV3JChi51O8TS9vZanftdfUzccmvkaQVHJAxgpI7Z9AYf35sa3oUbZ4KH0FlRowQ6uOja4Mr0AHx8vb/4b/xahO58EZ0A0rDyEgeBbU/qfKXyVqFCtzhFfnqFEwbegD0W1yYSmXqfk50S77ahomtnGlz5Wr8HMaOz2BYfFv5EJyqOerxKLo6GUnp9W+sC0uFfbyG5A7Q2TUSnev8dB+iLb+7W6Brk+pJZgIROuwBNFtBT8lAYgl7E7yKJEbRiHUEkvsw0+7jnZibzkgSeLVMz7xZAQAATcerh321GicgKU7NeNavu08rwzlCe9D/wjn94dMqLl/U3C72yd+gp7ZZNyCXizaoqkhvYGfc5g9gczu70LBQ1fIAWQcIurqRA5frUVYAr6oJVAsa33+hlr52mKLE8Y3lv6r8y23hS6IKD+j9TvtH16HtowMHU4G//IENkBah5eeOxkbv5/RCC8y8OeEaSZDbFbib3pgrHVqbkR1k2CjQXOH840iso4q18z2zV086FfU7uh/2QNx8L1aZ6aRbQV255PzbKTYPF2kMX3NlEknCi4uzQKZtfY5p+KamaiTNzy+Q7TmZ+jEfpMNTysZffJzE/BM3OtnkB7BLVY0zZgxcma9F6aB/vu5c6L3IKKpsvOJ7UL7PY4sovcNY7uLlRRC+bNToAVLHNP48aiXiQ9pEO4kWkPlfiJJ6L67wfxEvoDj4PStNoYrV23m0vtGgUI1Fx4Mu/zlYzycK/nOCoiHGjwp7ncFFY7YxfFUConzMoTWMUS8upxZQxc/oCLBlDS65LteWlCa+AedCICCsLnyv+YkYWLogER+1mxwMfZmf50PdZThAzSphuBuCspyZnmmp/KzwFJl3lvNIpgb9WmgBPXkD/XpuQws/lFj571PCnjn3q00N+9yK/RwXGi6vD3ozTaw2/hSqRK5aGT3ZNtB2aGC0McM0NCwDBVBWxzQ0BMLEdZoDvYELb/egPBBGq2JH6qQwk4iI32KxU9VwYJ/buPKWRKN+ITx409CaFA5bmZpSD+DYuzS40TYqiQPvvQxVvb5PuczVLJe5fa/gST9xP2MPf3iOwPNptYMQP2hWnQVB6omdxFltj3ZLST8oQChjtgp9XOb3FsnDb/1qf+GoEl5ULbF9SVKJNWsl5mGnNu/IbY3pZ8ILvfJHDUB5pxEsTP66JHyX4zy4Eg3AjCOilTx4aGeyHSfjf/wB3vO2y0LzD2PzwYQzk5E7F4rCnkc8b1l8gxXgzie/AWDlQ4Je8S+XaOfK/8+aKzC0mZ7FOveoEC5hJXyOwWkRFFzscLei4vI3r3r3wPrZdcKlLxkmkzwgHdrqUHdpTDRspNbUNMJqlw7b6lL1TdK6QtBpSq0AsuSVYA2BGBKBOqtdcaIWjBiJiBwP7FV8LgnZHpIARe+OOl/ekGJJcyKsRSzAHYFWSLhhY1DJo11yz9gvObm3d7jl2M3PFzwNcKyb0+OkNZsLtcNwZadK3m8ZCmyrk3yGKcNcDQlAggqjzsIrcMsPkW/lav4s5PsCLjAQ0pfbrtzXseCJiAIO1ZHqXj9QXIgZJ5FGQz1q/B1dUCGB2TaYf66fpYCjBVBdtIxq1txix6Sj0KzlLPNvQNyon/SQCdF9womhgrQlpezoL+YjuMBLyK0Zxf38kdw9B6kXr6NrBv8Bg7wwVpXDo96YyVwqdXAuEbeLtCGd30buvx8u+7zow+ITg3YVklEShQzQjNBNo7N8cWiBzUuf/ErhnOTz9q9M1U2RbEXvR8VYvaiRJPYjzQF2USLUAV3GAKt9CaPecCe0w0Pg++0IkeMlgyZe07iEBNDltDMorlyK/DlBN9JMv1WXfvo7U4SCFtoBWKUVSEPSUXie8VMjEKxoRXeeut5ph3oOgfiHjFdjnNHkkgYM2UMlsR8LGF/pr3Zseigu2+FC3yUcQfTXXcNrLQGc7bfaSJ0O/RUJKvVFyC1RzCce5CbKP76CiNxSitYKPlJTRCvhtNLWYgQH26/KTryYAYYYAVylexEdoTneUawn1wRfzzUkWLt/+ANDu9pvBTWf4sxkxQbyupedcqloMh79fsdbr88x26vHMRbr0fRW45Ew9nG8szw5LssAHo49spncroCxyXXwFZmLmee7sAcBaseEF9c5+qHHbIHXJuNrmmTobdNkBlU6jcQnCsFANNXO+HWqMoFyGKee4gXRGfIabxeY3TImPBAeHaVORhhJdyDPVB+YNonWJIiOJY9MQuOwWkMNjO0uCKeTmkVvCbhKDBL45YUhkLJxEz68vahd4QRI9mG+Q3dQuIem3JyrRetMLCHhHnubmFQN5N63FRRe0OgNIqyLOKrLwPPuCA9RsyienTHtIYPcMj29xyJR4OI6ABuiTuoMYr0kyVQ6juZqS+OJfmGq7xKpM+ov7qAdCzj7QEYkUzAzz0/pdJ77MovVhKDfMSJwpNh7u3HgLIdbfQp2Hf/PbUbdrS8py8KKzkS7b+9pCASn/edgQYe1MfAGtWPsiePmK84KWT2vXiUg9HHRYVuYwX+2Fi44q+u4RTdMU2IrovZhppXEmxSOALBjd1YSlveV73x0PW2TP9RsZaEQfECjy075hrCB7Ug08JxQQAfb6R+NhMpt5AEzp/99nWwRU4IO+KaHaBWo7kJkK3XXzc9dqTkgRTexy5BzCP8UjdncOf8EMv9NBt/3lIpbZr1riQwdxCnI18joh5vbs0cLQbxm3OHzHTziIJVPzqcoaRkJjZo37jLjrG1YI3mutc65aUsT/rO/gaV9uuCZ3v9IquiDdS1gZ28vWd8Unwku2e6sXL/0adRnt5E5AtKzHfvYTdfXxWVb5IP7XDoX5M+yKJjCdTaiRxKAOGU2m5imGbStyMEgEl9nxEDWJTSAVmmHccPdzndDYEQin7lfeXNs8iULcO9pa6Nt83Vcay/R6ExFSm2hcLMhGlFrnmgqo221WJHvQXJIEEV6j5y5NCr0ULW03SF7Z3M09FiqVyA7KPeRI1bchw1SF8sZ1grH2b4e5Q5ZTQMsfghfVdEsQnodzzK+ZPLnl8rXSfeaEBsuSyk22iHlRG0PlPvmz/zNrzEhT0SAT/remD7klpHZKhD6VjcxPVfRiwGow+3IpY4hBJ7o6c22viMaZRMLiW77U6nBahJkejq4ypxOdeEHSwLaFudrunYHiFwcOIa0VKUjpLKP8l1gJdz5tuQbI9EcMXsHf6+3VRODGLyj5b4L1iubR9mZmYYnkoN4V2vZwSfwxtKnFUj50sF+UiJEPe09e26IT15enBAI/GCsmIDePt3r5B26bMTC+pzf5AReO2guL5rUNCEPVGdTjbk77o6OzWtdR1cp1IMmww+B/m3ifqvqaOQ+WvzKtBZkBhame5ZNu2TR0ZrHukT2V5hMluAZ7EHkqAqBt1z/5laPqrobs5iFsi5kJlGMR6Zke6SkeLYRfUEcvm00BblKsP3H5Oc6FDDmzedKZr4MiPdvj116BQ3sroe3h1rAc3OY3y2w8Aj1B7IupXzV0L8VMZKMf2WAk/TnoKetJbrv52Yq9W1J+ValOPHWV298Kr8kDe8nYjAHSa4/iaF/DHKlFAxVF/mV8bhVcOkTT6kkfUvMfN4D2kzd1Trv4bRvdg99H2oA0NX283aQR+ve932etiE0DN4jUWZn3qhDA3GD0DktxEuJH1O/3SZnUF0p0D9VPoEJz9ucWD0VA/GLM3G0G7kGeZQJAIoswQgf/iYrRJRN/YznekFCcGpSDp9ig4STks89JdruymOoVfAZCRCYicpb71toy+Gn2uhYZhmWHYXkUwzw5UCrv9rUIxpHi8+fN/qbjIx1GHFiNtN0G+No1h0Pr7N+pMxZgDmvkcroSN/ypBd+sk8GVrSkL0aqyrnyQ//QuharXV3lxsvTurkR7pjGsWNa8SFVP9ylTNhR0jHBWUATBIUAdv5KP0cQ7ih46Ev3VNahJs3Gv+9ir5JhoziPCAe9q4ow8WxCnvISa1IFEIP8ubTD0iyrbfscYsJIfFSlZ7bNywma8Hw5c6AsOzlzue2EWrMpkpsYSCZFfX11TB1OVzCvjUheeUVG1n8XpDmR4PM0tSA+RisySfxNAHzQ9VY4awTCuBaEIxozOMofksFknbzEqWf5DcO4L7Aun5hLKwVffcJQZ3EkP7rqHxmpALalvX/6U3Ulrmz5cPm9mF0klqcu2kuHbmVViwS9YSAw//44xgNYbBKsDWq31zMkkvsx6lyZm+FT0jfPghR59AfTj8JXhQvaBjg0oAqdN8tq0oJJCN08TlPr1UgZF5wQs4Vr0fF09wxj+CecigYsHnv5qQ1uPNrhIM1+I2XeUu4m9CD0pqO3hHWptDREhKFHTx5zqhN60n9erCK4FPR2oYd4DYn3JZQjm2/DRLObmsNIuerTmTcnBuCBXEuxyL3TFQb1gJo3tEkwVqf5SLQ6boff4ePOtcXIvfJ2h/ltJlHh0yB3G+26InQCh0laXhjoDQv+dwCYebAb/hyE1AYJdsE1/jhb1EeROkn9ZA1dzySk9IBL0qrtnVjXL68ZtqrBgyZt2uce6GNOd3l7v5JZQRDxGysAVRgtIT6Mt04EJr2gspeISV35nDCi3qDWUN0IqL/VmNCYEIpR9vF1Ghn/28obRIO2NJulEXbOWt3h3FCbB8zj0kl+3E0y9aX,iv:lddM9zRhM+rZJuk5/CWGF+4ix+dXBZUM7raVE6BDQz0=,tag:QVmDFtyy0kApflKYVMJyJg==,type:str] + private.key.pem: ENC[AES256_GCM,data:FaoB6gCs35MqlKh9pa2yhALInQ1rrPW+MxHKZASzTOYchM1aeNs8oO1Y9aArTTcxlYzvgfnnrWf5T/18f9TmKc6cHedyRVRUwB01q1C44ksB+7QLKVnTOrAyPt60jhHQ6q9STCJNbact5cYsoK8e4wHMbYdA54tv8LJRrfFXzBm+cyVRTNt7KTDb4tMYCcPt4cxQzqcO6QxX/xl0y4DhOsfq7JMhfYblM49xqsOVWUwZ1X+8vpwT8Lg+Q+oLV4oVoeDaigJqi15qMRTGN6cERBxjWLabjcjSUxAfPQftxsUx9Rc06Pa5rNniXL+jjGLRnuHI5YTsFc0ySeI2IbGZGsDte4nZjtSZZzYrref1RzLMcrugttqFJIWzeVaAEt9YdmD4KjDbcK98Dlj8av4BiGSXHyPP1S8379853ap/NLMMYVt6mERSIqV5RkSHT70rjnB+Y5xU5Bu3CYAeBfhdiKTdsJrWIA5snA8fGpxgxXPvGvHijCnosadEwJzNqqJwiEPuu+DQvrAoCkpNDGoRtJfGzAYBW037YUzN/B+IUW70/467tuxKAATU06AvkZuj9ods5FZdukBFgLM9HgpQqbCcUljpMvpI509TwQYdfk+6d6sQPSuqkMV+Ub/JiypJIjrp1tyLy1JjSSrwLJJQXLJMa6MFftxBB6Cl6Nu97+2gTaDLOfKLk6f4gVrw4en0o63NH6eZHVI+Chig0p6YmDVkd8R9X4geolUtbvvFfjm5jhCx0GfvAKgPYQeJ5mWcSTjyV0WakFgI3qHgTYC72+ijA34FN0f4SEPBcMRUTxJjKdJLhcC1rIe+S1diqX4jFFV66mTfEz15zoJhIhuhK7VzRTjD6wNZZadg2l81DFdpfi9gWbaY/58PGRa9R2PFtjZlIqQAIQOgb7+8e5eooMaqqzm0UAQPwQg5oW+n20+7Ke6ezcxJmEt4bZLc7wIMdjDwL1D7pmbJ+VkT2gzJ3PGPqUmX4Ao+bd7WfPSq2zYnMg8B/X5j8UTFjYLT6pZuqPmF43COfN46BKN4IPpBfsJoJtteG8Pm07z5kmLH7VtBFXgH11hvsyswLJV9ub9Nv5+xi3ngMfqnNAjvM4EBlILXVlrzZ+ayL9H28vhqghtl8OVLHAAvkWvPHyMkNTJvDfXhxahvedNN8gDEE3QhfwCxoCFPBeUagceJ0MCSpYPunKwM5rX7wFXf0pBKjXCBavdypCMl4eTMakUxJin5T3tYCXpTsKIJY0xndwCOsYxDF0XQRfPFufKPgt6myu9BJmOw20NmYHaTHf1KUn9mJ2To+8fifFVCbau/zPQ8qNDd9WHaNC+4teWkbnxd9XqXyfxBBFdhkhgGoBslXo7v5Q3Of9ogdipdyiKqPkDojgQ10gv72RdqjDU4GolTIwtXD+AYYX3USw8ikV5khPcKSVvA7jM26GkHxEzIIQr8hMmtTQTG+CKLqMyp9sNMRLmw6po7eg07ZT/dxSIUC1iJlfyVnvYsKSddDd5VNQphYnXTupF0/759Apgj4u9iiM7SQFnXzwIXBhhZO0iaoD/1WYv+e72K3ZgTvZbfP4jM6wVXuRaoDrBCRTGnAqR89tiuNuCfBOKQxeeq7YWHhoJanaD4b7jeYSXdjt/hjCDQE5Vl0T+Eld7tJP2IIrtWTlDavXF/V0PxTIR/xi4lu2hb/meNC6TH2uqaXKmJd+e9wg3R3QCWuZcYSdDsqw0HLKMLlT4X08wvqjp5F8oAA4LL6T5RJjs51TR6KeqDHSOUQn0S7mI+NXUzVvb24KiTSwWIOMrxnv0Vq2OFyuM68MukwvuxQbffqldMYUhJjta49X/WXT49vOkVe7bkQg4kYHYfkYV61e9hRX35q++dVB7bxTOsSpSliWaXesYwlN7rHm72KndyRzY0Dl5LDT17aa1F6hd4s2rIZvW56JCCtTuVe/Dy0HEUb5a1PwFaxnBtn/Yk6FwmgF8koyxckPk0Ey9tWTYnq85cd+MTagHrBfIXVbUo2UL7mpzjzcKndteMFqnCNAZrhgJGzsldEADbE9Gveqs/6SETkVz8tOJei11r+RxQsnvZhZpMv9VET7/mnX+8NDBbfoZ+l1fLyAnz8z/UCrTNhdkBvBJuX40nL8wGsDux4oZ6El6OX0a3VKLrA5k9WipYpYdvHkQKfZBRVH2mJjQu6g5UHOvy5K9uZ8dnFXfLmekMLt0Lx8R8B55aghWLJRUzk0U8+ddmYgHcaRa86s9yn4/hnJW1RGd+h+LXS6OuqHRN5eAMI2LDiH1KoikZYsfRZbWzSYbxEeulStGsK/fZDLkK430mM18ouWETaSKGCsfeCqwwH7DUfDie36qowGf4g05/SLY9vl6uxD9FQO6Ou0G6OaAa4HjHaVnl0u9NbOt5Ia4xq9LYU0Jr8WwAFMX8rT4dsvJAsW0r9R7++6l54IdbChHjxFEUG8nt383QHhzDtmleqgs7cvP0fe8yudFVIFDp3fbTf7RNjYQ4T//aWfb2c6ANgIRJmZWxw6sEQDYwKXq6B7LMt6AD3zK4z0xeXGTcfLID/ZOQDtPjkKv9zkeNtSrAh51rrrwUuv3+UfAYfrSPyOZk1x39K4IQbMkN2vvuSk16JDpgb3LbrF5EoHu7qAfAKdM+7wOGf3h8X0Vs9P1ykP0UL8eeOpdJK4BN/va7siIWrKyzl3CXWp7CaUNhJ6s9RAxdJAo1j45wtup+4fjrfImrFLyuhsaWgZUenK+aOv/y2mtwS0gDWUSUSnAy3BLW0ji4sfo02mZl8/Zuy4lw8T6H6QmxXch7x8d+/W2YolzeXbVfS1dFejZ+GkxA65ob1jKl19fcK+MLoV2YUp2OFXerwxjBizYrood5A9jF6M3ZKvoWyuT+mh7QwT9QsMkb2fgTtKQHinuy2tSQ+WJnzE+YdIdr8CbyVQStFcoB5kHRmZXLqXp7MwS3AEC/6pO2ilxyNwERI7RQSpi6Co84bukjD/ZspTF8LulXFkszJTVf+G+CECoFB0yJhY2ER9NZ87aIVWyGOfM1xXr3CVrqvVZDB7b11f80Z3MSiqPX1z0/ph2ySHROHPEzRAZgf/B3VvNQtwcYBKSI1XJERZmtg3XNWd0337AJEqclFrh6sHM97e0QHT926FgXT76r2RjF0/O6TUIJnMUH0tEUGqif2zCItYK4pe1mTP8NcSTTPr7QKx/CL76LCyQawl94zwQ90p+Pj264F58iSNtnKbwFGlW6CMevuITRPT5bZilax/t5LnDM/kIMt0hye8wIRWcuE4t/4Mia5l5rhoy1l1gcnKDDKazyiua+TyrTxtgBNYY5NwEMIfBu5EuRBpFX+d74i1vzMBG5cUpNX7wzyH2CcybJTjrD+0mDE71zq6GexE/AKhqyMmUPiKIiLD6fC0RA92pnoL+uX4XUVz9S3CnANyQJamcrLYjBSZErJAHa4X7Pa3sEOaEFZEfxh0HgXY4GOgkh6jjo/jI7jhW/DrY1P/EmjFYHjjWRg7gYt9dTg9Ml+d11EmbdyMskVljB7PJZR+BSOlpAqVkxT6TwSpvt40S0WBiyBWbw8WSIM4cJQKoI1uT/+auI+diEtfgk0m6IC+WQym0+hyCN1RDkRCVSA+dO51334rAYgKwNYyN5tO+yUxKCHmcZiIxiXCa9TNw8suttC9DMjFhy+aEL+3noq1KOiT0rt24Si7SQzaEzVjfyc6DuZPifmgBOYUqGAzwFp8W9uslKvjPu7Vx88j+bbAP0dTesPE1n6pNKyebl5/TFRmwM2imz28OzosyNnNsdD2eBnQU9/n+S7nmGzNf5/Lo9ABH2YGb4HeUMIk7Q0zR9PGcdqMa/y6osQLroxsJh8GL9jjKzNlWTcQvduMwYFFbnSa4x8iD8AcjcepJhxylVytOPWQHDFvLLZxul+neq0bo3iEHWxrgu/v0Ole5Z/lu91X0YcHgJZPLfEyvXehiVJ+RPM4oDAWlrEAdHdyZExcFynD4X0+G2QjA7uAxXK1B8CunAGY2G/gaz52wkU8uCarmzjvhESVS+vXI8l/zIx4vWlq/C4XxzBjhbkBAw/tv/ew6f5kNhVbUURQ1wIRYfF/VQvolyOE4d/ulM1cLtZJZoLLaE2wZACjJZ4rZgWYGyfeQLKSHYDpKoYFFO6+50lpiL5Wb5Y4ST09vZeXdWd8uiDlkfFr784mFA/P0Xn9ACyUYSrLUamP48kE8YnxZwrhmPzxZWOu6Rdw8jsdGhEUnbqNescaWv5WXlXrKbB65QgdD7qBws+DT58Mbko5/84gAqqhmNpuabxrWi5kgvBNZKOZrJ9D13GPc8TK7vH3uXoJ9er+paLev3qgrG9K6TvCiIOOjASKUL/pUbSNQ=,iv:Udx/UZ1HO/N59lsLNLXI6X8BPpVbdj7drnzJjo/3goQ=,tag:ev1/WNMaA7flDcn9TbbE9w==,type:str] + public.key.pem: ENC[AES256_GCM,data:OemSNFqtp38uKte/72LyrULzRhtv0pkSW57OfK58PIx3YXNt88VEbZBVH/7lAWZjgSorc+ulovzKUenvcYZuss1+owvYc7b+drmkQgK7F8LUvXNZkPh2IsDDiZlqWRNTsmLwGJx8nDvIJbWu7/uaMeBfwWTQ/uSEdrNzMtP7wTC5aJ0aOoWtxxZjOofow5mC4aD2p0mF+2mRuymptk9zRwXGrs3ycYwVP4sDCQ8JrJ08zi4iB29m92BBf86DLjl2aVHJEEG8FOXDJEFNlQ5HfmGZoq5q/xiqaMH7cwAWStJk1UhmAdoHj/Q9PgONfBvSkoUjDz93mxKKcCdG7pM39F9Rw9M9LmDYO5Y29m0G8ISQlvcGscNI/7fHXEsbcHO/qgRxqKdZgtrwYJ6yvhDm5JN1RtGL0lKRPE7nvNzEwivYd1IEwZ5KG0m8PRfraFD0Uz5jANH0AKyvavdSsNztHhUrD9E3cm2167avGkvPItBZPqSq9ALfxKenIViJp+iRUSDti+JD9jztUs7D0+cGmsEGNody0omz85QLj2RocQ3rxUM0u78B+JWdPXCDTvy8YKUuO8MFTnRxXvqkv+LLkYToIWHE+ORyWXse8iLu1ycDkfZyY9CmlnPretlgesGQCRHBz1C/DPYo2rSnDe4YU3HI9AK5eJYD7yRBLXK+Tccvk6Jl1Klw1NEKd47Dh1IiiT4fdsPGJV1WFEw1JbFYhlnUzyfTKeO8FJVj0CtZ/XsYT0/tPq2m31zTVoAHI/J0PB73NpMAZ3EhIOfKof/14TcGR4CmqwvzkNuZZKrBTcf+jouLbQV75h7aZLsOUC+EM7NslFx8Ewey5F8esuzUB84YYAwOOSDunQZemWLoZQ5aCh8UM0syyZ4Psi6aCTJmoFjWoxThiXMi6OXyI0gWag6SwwsiICicsg1NYyo11BUftj0i+9RLoizhmsGEPNVseui3vBPMRaRp9+hVwF5sz9MM/SlQbgaIbx+5AvDTTER1tXLuOXv/0PE1A1mYW37VOeeGyAKOa6uDRLAQ/Z8V1cG1wvEwJouST2Fa7K9vls8=,iv:9ZIA8xf0v4SiGMRImdHEJ6sCLPlBO0F1BWsbx/59aNw=,tag:/XG675Fzfg+4K4KPXXUo/Q==,type:str] +sops: + age: + - recipient: age1x04u7ftjgx8de2gq596e7frauze764cmn7jjwqnx8szthvfft5qq0tezx6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5NUpvb3d5d1JWZDdRaFZO + dFZjZ1o5SURlT3oyYXFTQ3pSd1dUbUJmYWtjCnVNeXNzMnpBeXZFUmNhUThieUF2 + NnhZczBaSzRNZVFPNDFVMjhCbndiZm8KLS0tIDhEVlQ4L2t4am1yaWthNmFMNFVL + VENhYXpHZ3NGbWJHV3l1bkV0aXNwL3cK+UuNkRIFgAofywj9yqanj4vAuOYKSaBp + Ia4lOEU5zePFS5qj83J/PGCPKLTHfyznmW6xv0nQVeOMm+cNNn6WHA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aWdMZFZSSWNsbkx4NlpZ + UU5QMEd3SnNISFgwcDgxNnJmOWdxVTh1YmxvCjBVZkN6S2dzQTdKSFc3RWwzWHM5 + bCs2SHB3TlhKN2RCSlVUWGtIbTAwTjAKLS0tIEI3R2lkbVNISnV5OCtDV2ZEYmx4 + N29sYUYrYnhxbUxzeFpZMWhBakhRQjQKbi30JzRSjEyBFvbW0vJScCo1yhJqfHF3 + 543KPl9UMF0ySv31hC75TZUD4FBiW4EnH87UJGS9hqHmJ353VHJgaA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1vv46vn4hsn2lg6jy834cpu40c3mvqklldcm3hjtynrhwtpmlpc8szruz4v + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWUG9KNlY1bjg4WFdYTXFC + VmtndGdadktFVGJXcmovOUJQZk5sdGkwcFNJCkw2aHlETGJaTW45eWRPSkVhVVNH + KzZrNS8rZzV6NGJtMlNNbUpPMXM2VWcKLS0tIHNJNXdDUldZTzZWMzhhczVSMyt1 + WmhwWnArQWQwMVBCRFJwUlR0WUY5RDgKhR2rxmwF627OMTlh2rvZaB1fh6nBiDeo + Cl97nlwmJxsgsquXRH4Cei92YFyKWRLexAYW4v8D8cpBpkA8o8PpiA== + -----END AGE ENCRYPTED FILE----- + - recipient: age13h8twnwvgxn04l5ywtru89a6psw5d0uckr2eghxsjp88a5augvsstq5ard + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYi9rSjl0OXltSE1yaGR1 + eGJ2RkZxQW83bkhLSXhjNzFUOXgyRWdLaFJZCnQwNHRudDhIQTEyeUt0bVZyZUlh + YkhEalpjQTVLMGU4cUxuOUQyd2RFQ28KLS0tIFd1QWtyUjFZN0tuOWZxK05XR1Za + THV6b1lWdHpIMUhEWWY1NmtQRTlzTnMK1E310L9+FiqbWXOKCS6uEkgYJjvkIY94 + ZJ+TWQYSRNzQGgqg0R2bJrJMFAmr7NKPemymC6WtVAdhf/gSuKq1bQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1jxntjca8q2vxvf2jaal4xyvm2ae6sh62fhv897694kuzawfrk5asj00zdt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlWExoUFcvYmh6WGxOajIr + MjB3TFJmN2VZMVRCSHBwS0VLa0lCYVFPWkZzClVHVlVoRnZ3Y2RmTENYMUVwWloy + L2h1aVY1bEg4MTVJNjZNTUlOOXo2UDgKLS0tIGdFUkVZRDJTLzU3Ti9XV2htWmE0 + Yk43ZmlTc09aNFV1VjdjN2RWQlFWTDQKcYSvA2lHP8GS0lkYY19Tm8RXmFHQX5Ck + qV2Fn22Fic4M5FVKDEMfaO6WmeXgki9a8dGeO9LlC+Phf16SOq7eLw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-12T11:42:59Z" + mac: ENC[AES256_GCM,data:gbZRWC1ruAJgynCbYknJCsuvrIiLQ/oq0wvbKTEU6PAii4ebUHhU4MzV7edu/YhHBM2Q4TGtRdbhk75k12cfdOoDmKigHgdZOq2ay1ZhN5lYK4DKyWmnJ8hy3d6SnXueceOexEgstohJjLO0fO59QCeh7RWSZPEbGzouxtKrtBg=,iv:SfjSG4id7+3D0CvWmMYZBxYGOFjJ3AsD5IBL/CSYMcU=,tag:A1nWtI0Ia9xRsPNps7h6Sg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.9.2