Origami404/flake
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Origami404/flake:153bd77227079284fbd98bc60f3aea3837e7919e
Branches Tags
Origami404/flake:main
..
compare: Origami404/flake:main
Branches Tags
Origami404/flake:main

35 Commits
153bd77227 .. main

Author SHA1 Message Date
Origami404 dbf11c8336 chore: update flake.lock 2026-05-18 00:04:38 +08:00
Origami404 e484bb4f4f chore: update flake.lock 2026-05-17 23:10:21 +08:00
Origami404 31e5d8a830 chore: update flake.lock 2026-05-17 22:49:36 +08:00
Origami404 4287cbf56a chore: update flake.lock 2026-05-17 22:45:09 +08:00
Origami404 5e7d5ca941 chore: update flake.lock 2026-05-17 22:38:12 +08:00
Origami404 f4dd4e3896 chore: update flake.lock 2026-05-17 21:57:26 +08:00
Origami404 7879a36b28 chore: update flake.lock 2026-05-17 21:20:07 +08:00
Origami404 750c571ca7 chore: update flake.lock 2026-05-17 21:15:38 +08:00
Origami404 ee1dbf7d82 chore: update lock 2026-05-17 21:03:28 +08:00
Origami404 ddf1e4dc40 chore: add sops creation rule for o4dev container secrets 2026-05-17 20:24:37 +08:00
Origami404 464a9fad42 host/oparic: change caddy url 2026-05-17 20:12:17 +08:00
Origami404 f9ae3c5c38 ssh: update ssh-config 2026-05-17 20:02:59 +08:00
Origami404 b869120287 host/oparic: switch to oparic-flakes lib.mkOparicContainer 
Replace container-flake (feat/o4dev branch) dependency with
oparic-flakes (main) + direct o4dev service inputs. Container
is now built via mkOparicContainer with local config and secrets.
 2026-05-17 20:00:07 +08:00
Origami404 ae0fc05e6d host/oparic: update container-flake, mount sops age key into container 2026-05-17 19:34:07 +08:00
Origami404 8aac9b5cbc chore: update container-flake lock 2026-05-17 18:45:19 +08:00
Origami404 9f6a98728c host/oparic: caddy also match bare testing.oparic.luo.ee 2026-05-17 18:30:58 +08:00
Origami404 03c9699d97 host/oparic: caddy reverse_proxy via external IP to hit DNAT 2026-05-17 17:31:38 +08:00
Origami404 e03073122b host/oparic: caddy reverse_proxy directly to container IP 2026-05-17 17:30:09 +08:00
Origami404 20064ae546 host/oparic: add NAT DNAT rule for container port 40000→80 2026-05-17 17:29:09 +08:00
Origami404 0b5a454ae0 host/oparic: enable NAT for container port forwarding 2026-05-17 17:27:43 +08:00
Origami404 09b0f9c68e chore: update lock 2026-05-17 17:00:54 +08:00
Origami404 9789d546f6 chore: update lock 2026-05-17 16:28:51 +08:00
Origami404 b0235e5e5a host/oparic: add oparic container 2026-05-17 15:26:19 +08:00
Origami404 0fac7610c7 home/oparic: remove ssh key config 2026-05-17 14:29:28 +08:00
Origami404 66d49f160a hosts/oparic: caddy delay propagation 2026-05-17 14:18:24 +08:00
Origami404 bed4cac7d5 hosts/oparic: caddy don't check propagation 2026-05-17 14:15:07 +08:00
Origami404 85ba75bd63 hosts/oparic: caddy use cloudflare dns 2026-05-17 14:04:53 +08:00
Origami404 ea4ed1c6bc sops: fix wrong path 2026-05-17 13:56:42 +08:00
Origami404 969f477e19 sops: fix wrong path 2026-05-17 13:54:34 +08:00
Origami404 5a8ee4faa4 hosts/oparic-dev: caddy 2026-05-17 13:53:00 +08:00
Origami404 aee7fca84a hosts/oparic: CN network 2026-05-17 13:31:42 +08:00
Origami404 ce477f9503 hosts/oparic: CN network 2026-05-17 13:27:35 +08:00
Origami404 ebc0a38d2b hosts/oparic: CN network 2026-05-17 13:12:17 +08:00
Origami404 be467e6c4e hosts/hypnos: 配置 x86_64-linux remote builder 2026-05-17 13:09:22 +08:00
Origami404 df2bce8913 sops: 配置多机器标准密钥流程 2026-05-17 12:22:50 +08:00
10 changed files with 772 additions and 28 deletions
Expand all files Collapse all files
.sops.yaml
+17 -5
View File
@@ -1,11 +1,23 @@
keys: keys:
- &primary age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy - &user age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy
- &oparic-local-dev age1mgxmpfpy6qg374kyq66cc5yw68qfw0mlk89rcdy3lkzw9q93jvwqg73395
- &o4dev age1e80f6ea37ha7udmcctaggak9l44khtcn6e966fhcldrzjjxwzals65yasf
# 按 GPT 的说法, 要想不踩坑, 就绝对不要用宽泛的匹配规则
creation_rules: creation_rules:
- path_regex: secrets/ssh-config.yaml$ - path_regex: ^secrets/ssh-config\.yaml$
key_groups: key_groups:
- age: - age:
- *primary - *user
- path_regex: secrets/ssh-private.yaml$ - path_regex: ^secrets/ssh-private\.yaml$
key_groups: key_groups:
- age: - age:
- *primary - *user
- path_regex: ^secrets/hosts/oparic-local-dev\.yaml$
key_groups:
- age:
- *user
- *oparic-local-dev
- path_regex: ^hosts/oparic-local-dev/containers/o4dev/secrets\.yaml$
key_groups:
- age:
- *o4dev
flake.lock
Generated
+576 -6
View File
@@ -21,6 +21,168 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_7": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_8": {
"inputs": {
"systems": "systems_8"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_9": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -65,16 +227,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1775888245, "lastModified": 1778443072,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=", "narHash": "sha256-zi7/fsqM/kFdNuED//4WOCUtezGtKKqRNORjMvfwjnA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "13043924aaa7375ce482ebe2494338e058282925", "rev": "da5ad661ba4e5ef59ba743f0d112cbc30e474f32",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixpkgs-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -111,6 +273,185 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1775888245,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13043924aaa7375ce482ebe2494338e058282925",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"o4dev-admin": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"oparic-flakes",
"nixpkgs"
]
},
"locked": {
"lastModified": 1779025142,
"narHash": "sha256-K1BJ3qlxfYQUrGgn965NAo1w0ltl/OXNQnxUNE3c3O8=",
"ref": "refs/heads/main",
"rev": "8794956f942027ae9c70d7a83312cf7f64eb24c7",
"revCount": 10,
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/admin"
},
"original": {
"ref": "refs/heads/main",
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/admin"
}
},
"o4dev-backend": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"oparic-flakes",
"nixpkgs"
]
},
"locked": {
"lastModified": 1779021375,
"narHash": "sha256-CXMq9jzeAWeTWkQ+zY01GZeSQ1kjl/LuiQvxz4Sfdvo=",
"ref": "refs/heads/main",
"rev": "d71b82129ecf9dd73743d22e89cb4b5a48bc1bd8",
"revCount": 220,
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/backend"
},
"original": {
"ref": "refs/heads/main",
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/backend"
}
},
"o4dev-workflows": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"oparic-flakes",
"nixpkgs"
]
},
"locked": {
"lastModified": 1778945408,
"narHash": "sha256-9yx4Ya7X/MOeHSIeUKHe1p08RmGuekHN/m9SQIjHS8c=",
"ref": "refs/heads/main",
"rev": "7458a1db6621fe4cc1df57e8841975dff2aad866",
"revCount": 114,
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/workflows"
},
"original": {
"ref": "refs/heads/main",
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/workflows"
}
},
"oparic-flakes": {
"inputs": {
"nixpkgs": "nixpkgs",
"production-admin": "production-admin",
"production-backend": "production-backend",
"production-workflows": "production-workflows",
"sops-nix": "sops-nix",
"staging-admin": "staging-admin",
"staging-backend": "staging-backend",
"staging-workflows": "staging-workflows"
},
"locked": {
"lastModified": 1779032883,
"narHash": "sha256-gMtQWHa7FQl/r592oPMxT1welkrtNa3xxSBvlpdV1RQ=",
"ref": "refs/heads/main",
"rev": "b0a076dd4b6085210bbda35b223d69273ec6ebab",
"revCount": 34,
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/container-flake"
},
"original": {
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/container-flake"
}
},
"production-admin": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": [
"oparic-flakes",
"nixpkgs"
]
},
"locked": {
"lastModified": 1779025142,
"narHash": "sha256-K1BJ3qlxfYQUrGgn965NAo1w0ltl/OXNQnxUNE3c3O8=",
"ref": "refs/heads/main",
"rev": "8794956f942027ae9c70d7a83312cf7f64eb24c7",
"revCount": 10,
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/admin"
},
"original": {
"ref": "refs/heads/main",
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/admin"
}
},
"production-backend": {
"inputs": {
"flake-utils": "flake-utils_5",
"nixpkgs": [
"oparic-flakes",
"nixpkgs"
]
},
"locked": {
"lastModified": 1779021375,
"narHash": "sha256-CXMq9jzeAWeTWkQ+zY01GZeSQ1kjl/LuiQvxz4Sfdvo=",
"ref": "refs/heads/main",
"rev": "d71b82129ecf9dd73743d22e89cb4b5a48bc1bd8",
"revCount": 220,
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/backend"
},
"original": {
"ref": "refs/heads/main",
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/backend"
}
},
"production-workflows": {
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs": [
"oparic-flakes",
"nixpkgs"
]
},
"locked": {
"lastModified": 1778945408,
"narHash": "sha256-9yx4Ya7X/MOeHSIeUKHe1p08RmGuekHN/m9SQIjHS8c=",
"ref": "refs/heads/main",
"rev": "7458a1db6621fe4cc1df57e8841975dff2aad866",
"revCount": 114,
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/workflows"
},
"original": {
"ref": "refs/heads/main",
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/workflows"
}
},
"root": { "root": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
@@ -118,12 +459,19 @@
"home-manager-darwin": "home-manager-darwin", "home-manager-darwin": "home-manager-darwin",
"nixpkgs-darwin": "nixpkgs-darwin", "nixpkgs-darwin": "nixpkgs-darwin",
"nixpkgs-linux": "nixpkgs-linux", "nixpkgs-linux": "nixpkgs-linux",
"sops-nix": "sops-nix" "o4dev-admin": "o4dev-admin",
"o4dev-backend": "o4dev-backend",
"o4dev-workflows": "o4dev-workflows",
"oparic-flakes": "oparic-flakes",
"sops-nix": "sops-nix_2"
} }
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": [
"oparic-flakes",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1777944972, "lastModified": 1777944972,
@@ -138,6 +486,228 @@
"repo": "sops-nix", "repo": "sops-nix",
"type": "github" "type": "github"
} }
},
"sops-nix_2": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1777944972,
"narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"staging-admin": {
"inputs": {
"flake-utils": "flake-utils_7",
"nixpkgs": [
"oparic-flakes",
"nixpkgs"
]
},
"locked": {
"lastModified": 1779025142,
"narHash": "sha256-K1BJ3qlxfYQUrGgn965NAo1w0ltl/OXNQnxUNE3c3O8=",
"ref": "refs/heads/main",
"rev": "8794956f942027ae9c70d7a83312cf7f64eb24c7",
"revCount": 10,
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/admin"
},
"original": {
"ref": "refs/heads/main",
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/admin"
}
},
"staging-backend": {
"inputs": {
"flake-utils": "flake-utils_8",
"nixpkgs": [
"oparic-flakes",
"nixpkgs"
]
},
"locked": {
"lastModified": 1779021375,
"narHash": "sha256-CXMq9jzeAWeTWkQ+zY01GZeSQ1kjl/LuiQvxz4Sfdvo=",
"ref": "refs/heads/main",
"rev": "d71b82129ecf9dd73743d22e89cb4b5a48bc1bd8",
"revCount": 220,
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/backend"
},
"original": {
"ref": "refs/heads/main",
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/backend"
}
},
"staging-workflows": {
"inputs": {
"flake-utils": "flake-utils_9",
"nixpkgs": [
"oparic-flakes",
"nixpkgs"
]
},
"locked": {
"lastModified": 1778945408,
"narHash": "sha256-9yx4Ya7X/MOeHSIeUKHe1p08RmGuekHN/m9SQIjHS8c=",
"ref": "refs/heads/main",
"rev": "7458a1db6621fe4cc1df57e8841975dff2aad866",
"revCount": 114,
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/workflows"
},
"original": {
"ref": "refs/heads/main",
"type": "git",
"url": "ssh://gitea@git.inclyc.cn:20122/oparic/workflows"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_9": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",
flake.nix
+25 -2
View File
@@ -17,9 +17,32 @@
inputs.nixpkgs.follows = "nixpkgs-darwin"; inputs.nixpkgs.follows = "nixpkgs-darwin";
}; };
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
oparic-flakes.url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/container-flake";
o4dev-backend = {
url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/backend?ref=refs/heads/main";
inputs.nixpkgs.follows = "oparic-flakes/nixpkgs";
};
o4dev-admin = {
url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/admin?ref=refs/heads/main";
inputs.nixpkgs.follows = "oparic-flakes/nixpkgs";
};
o4dev-workflows = {
url = "git+ssh://gitea@git.inclyc.cn:20122/oparic/workflows?ref=refs/heads/main";
inputs.nixpkgs.follows = "oparic-flakes/nixpkgs";
};
}; };
outputs = { nixpkgs-linux, nixpkgs-darwin, home-manager, home-manager-darwin, ... }@inputs: { outputs = { nixpkgs-linux, nixpkgs-darwin, home-manager, home-manager-darwin, ... }@inputs:
let
o4devContainer = inputs.oparic-flakes.lib.mkOparicContainer {
name = "o4dev";
containerConfig = import ./hosts/oparic-local-dev/containers/o4dev/config.nix;
secretsFile = ./hosts/oparic-local-dev/containers/o4dev/secrets.yaml;
backendInput = inputs.o4dev-backend;
adminInput = inputs.o4dev-admin;
workflowsInput = inputs.o4dev-workflows;
};
in {
nixosConfigurations = { nixosConfigurations = {
"eris" = nixpkgs-linux.lib.nixosSystem { "eris" = nixpkgs-linux.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
@@ -30,7 +53,7 @@
}; };
"oparic-local-dev" = nixpkgs-linux.lib.nixosSystem { "oparic-local-dev" = nixpkgs-linux.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs o4devContainer; };
modules = [ modules = [
./hosts/oparic-local-dev/configuration.nix ./hosts/oparic-local-dev/configuration.nix
]; ];
home/hosts/oparic-local-dev.nix
-1
View File
@@ -8,7 +8,6 @@
../modules/shell.nix ../modules/shell.nix
../modules/zsh.nix ../modules/zsh.nix
../modules/shell-develop.nix ../modules/shell-develop.nix
../modules/ssh.nix
]; ];
programs.zsh.initContent = '' programs.zsh.initContent = ''
hosts/hypnos/configuration.nix
+11
View File
@@ -7,6 +7,17 @@
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.buildMachines = [{
hostName = "192.168.2.22";
systems = [ "x86_64-linux" ];
sshUser = "origami";
sshKey = "/Users/origami/.config/sops-nix/secrets/ssh-private";
protocol = "ssh-ng";
maxJobs = 4;
supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ];
}];
nix.distributedBuilds = true;
networking.hostName = "hypnos"; networking.hostName = "hypnos";
time.timeZone = "Asia/Shanghai"; time.timeZone = "Asia/Shanghai";
hosts/oparic-local-dev/configuration.nix
+66 -3
View File
@@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, inputs, o4devContainer, ... }:
{ {
imports = imports =
@@ -24,7 +24,7 @@
prefixLength = 24; prefixLength = 24;
}]; }];
networking.defaultGateway = "192.168.2.1"; networking.defaultGateway = "192.168.2.1";
networking.nameservers = [ "119.29.29.29" ]; networking.nameservers = [ "119.29.29.29" "223.5.5.5" "114.114.114.114" ];
time.timeZone = "Asia/Shanghai"; time.timeZone = "Asia/Shanghai";
@@ -85,9 +85,72 @@
services.openssh.enable = true; services.openssh.enable = true;
# Mihomo 代理
services.mihomo = {
enable = true;
configFile = "/etc/mihomo/config.yaml";
tunMode = true;
};
# 密钥管理: 这是对外机器 # 密钥管理: 这是对外机器
sops.defaultSopsFile = ../../secrets/hosts/oparic-local-dev.yaml; sops.defaultSopsFile = ../../secrets/hosts/oparic-local-dev.yaml;
sops.age.keyFile = "/var/lib/sops/age/keys.txt"; sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.secrets.caddy_cloudflare_api_key = {
owner = "caddy";
};
# Caddy 反向代理 + Cloudflare DNS challenge 通配符证书
services.caddy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@v0.2.4" ];
hash = "sha256-VHm9POg2KixGsMsAcfFFDMK9x6niRJ1iJV9kkSwkSjc=";
};
virtualHosts."oparic.luo.ee, *.oparic.luo.ee" = {
extraConfig = ''
tls {
dns cloudflare {file.${config.sops.secrets.caddy_cloudflare_api_key.path}}
propagation_timeout -1
propagation_delay 30s
}
reverse_proxy 192.168.2.22:40000
'';
};
};
networking.firewall.allowedTCPPorts = [ 80 443 40000 ];
networking.nat = {
enable = true;
internalInterfaces = [ "ve-o4dev" ];
externalInterface = "ens18";
forwardPorts = [{
sourcePort = 40000;
destination = "10.233.1.2:80";
proto = "tcp";
}];
};
# NixOS container: o4dev
containers.o4dev = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.233.1.1";
localAddress = "10.233.1.2";
bindMounts."/data" = {
hostPath = "/home/origami/data";
isReadOnly = false;
};
bindMounts."/var/lib/sops-nix/key.txt" = {
hostPath = "/home/origami/data/sops-age-key.txt";
isReadOnly = true;
};
forwardPorts = [{
containerPort = 80;
hostPort = 40000;
protocol = "tcp";
}];
path = o4devContainer.config.system.build.toplevel;
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }
hosts/oparic-local-dev/containers/o4dev/config.nix
+24
View File
@@ -0,0 +1,24 @@
{
domainSuffix = "oparic.luo.ee";
dataDir = "/data";
backend = {
port = 54289;
chatApiBaseUrl = "https://api.deepseek.com/v1";
suggestTitleModel = "deepseek-chat";
};
applogGateway = {
port = 9100;
};
clickhouse = {
httpPort = 8123;
database = "oparic_applog";
};
admin = {
basicauthUser = "admin";
basicauthHash = "$2a$14$oeoymHjMd5cPY3jWtbLax.Uyo4nvNLf/CbnbbjwclfYDhEzfBmc1C";
};
}
hosts/oparic-local-dev/containers/o4dev/secrets.yaml
+17
View File
@@ -0,0 +1,17 @@
oparic:
backend: ENC[AES256_GCM,data:GSyPaHF56jqubIDxhbhJJuFfoFuWWudWQqJHFZtftHnG1gC02kBurGTMdS+zLKhRueWWwPYp9RjWoP1I+nzUjrtGzy9muAm4cECwpMup/7w14wRy+7SpfmqmcMY2n5zljV/Cg856RTHauQUyGYLChlLG3PtXwgxr6eDn5q7yO46qv43uPdkzr8QO5U/Q0V2lNsW4r00n4rpaB/oIgoWIx8SVLL9tCOlOGzpudlmIHqj0Sotqc/na+OSFkLLQvsg4O4jd+Leuze65B7RvtwesYcxje+uiGoYrn2YJWPyfA8fdIQwSLBjEz1fQUNPhIY/fpDt2+3/VxV/K1UmS2loYpTYjOsCT6UYJWLXNzeNp/KLu5oGMvt846U5oGIBETgzPm7ExgiVtWvG5Kp444JgT+DhGaiCzxV3fFgoSDALP7FguKWNKd0MuTYJbmFyunM4g+Y3vo5NrF/zVJmMnXlJ7KBQrJw==,iv:M/ORauW8DWc5/c+3pLyeOXdT+i7jpLcyrathDKS1V2o=,tag:wGqKUkxOLOC5ttcJcyBuRw==,type:str]
sops:
age:
- enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOEw2TiswN25nWEZaSEFo
czFUWmV0dVJKQ3JIRnF3TzV2YXZ5L0ROQ1ZnCnYwZUFmMzIwWWJEUWlkTVpOa3A2
cHA4UWg3SGdHNkFPOHIxMks4OWV0TUEKLS0tIEF4OUt4NHk1QThnM0dwL3RtMitj
UkxzbDhJejA4a0V1Lzd6d0JQSzAyUWMKqhUWjNPpsBrrALq7un53Qxhbp/RfKx67
tp3NWjMly9FI3RR+clQ82ZYaIK0Bm3YAlRI+wdzM7OiAbhNZdwh3Hw==
-----END AGE ENCRYPTED FILE-----
recipient: age1e80f6ea37ha7udmcctaggak9l44khtcn6e966fhcldrzjjxwzals65yasf
lastmodified: "2026-05-17T11:17:24Z"
mac: ENC[AES256_GCM,data:DGTgnEl+ehkA3zLDueXdcfaTgCzAsa1fp7ZAuUl8DOsltF0rCSf4Nc5mGqSsaIyZphkzibU1e/ZD259s3Uw12ZojBG/AWPhVMgr6SxpKpKjQSl+a1dg+8nZuAR7OXoLZUSMWO3H8xkyusA2UrQXMKEmDruZTdhB7abP6vwySUS0=,iv:JBMiqCayLCSVMcbPWWJUsVCNjrXTvKmf8nTAipib+3Y=,tag:aPD0ddGNONtrW7kbzj/vkw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.13.0
secrets/hosts/oparic-local-dev.yaml
+25
View File
@@ -0,0 +1,25 @@
caddy_cloudflare_api_key: ENC[AES256_GCM,data:AXil/BHboMREDOXfgV/F0BIWYE9+Rq/kdpQhtOkh+yTOLsF9mmP89HQV7VFiOWjXGMvvAlU=,iv:CmqMVBLv55lwt371FJ/1qXY2On1Ilhdm3mzM6cKCw/o=,tag:36poStmxIS9cXk5a7tsNSw==,type:str]
sops:
age:
- enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSjk0cDFsY1JFRFR5WE1Q
ZXlJRTJCNjIyT29XYXkranJqbjAySVA0aEE0CmVEWGo5bVhvd1c5MEVDTjZ2NWpp
VEtTd2Z4bGZLd3R4YnhVKzZLS3pnckkKLS0tIEorcW5aejFtMnlEZjhTNmhZWXdt
RFM1MEFjT29BOUptT0lNazdQK1BNeUEK29JlPkRvbz7HRyB0s+0JHv7fd3i9uMKF
SBEoPrIXWuoNUKmCuZlqJVNIWPEV2v3/tpFWbL9sXN/6qoGpt30csw==
-----END AGE ENCRYPTED FILE-----
recipient: age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy
- enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVmhxemI1S05zTW9sMzFB
WHVsaEpuNFU5cFZuWWI0Vnd2NFFQb1pvWWwwCmtHU2Y2ZFY2TTVIL1oxckVHbWxt
aVFTVW4wa3JWa2hNcjVmYm51VGZYNlkKLS0tIG44OGJWL0tab2diWkt4M1hEUmFS
ZXlBbjUramhvMXYxQlVSMEh4OEh5eDgKTJMgvoo2Wgn/FsoXsA0mCweUhmqhAGp/
nIvGJsDz88QS+nVGybLkekl6LM+UR+sRy7fttDzX49Oxre7ovkSVyw==
-----END AGE ENCRYPTED FILE-----
recipient: age1mgxmpfpy6qg374kyq66cc5yw68qfw0mlk89rcdy3lkzw9q93jvwqg73395
lastmodified: "2026-05-17T04:26:09Z"
mac: ENC[AES256_GCM,data:XVocfoUXqh7ntKfM64sveo36xHgIX/4zM1dN1ML7Iu4qEsOB1YvHfS80z8KtJxY6ZTWl/XjqeT8YzQ2TSgpPAnND6DQ5dUiXz3G5jqZ8Foa6SQGdfqD5Yk6yBW+GRPHQUIhxBbJLeNtacRQRAC3vBuMdTqX7W/C9leLEt73B1WQ=,iv:XhwXnIXLqBfGRk9lymCGGby+SzYY0dDByPZL8AWk+xg=,tag:ryfQteA2Ul2rP8Y1NgdaOQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.13.0
secrets/ssh-config.yaml
+11 -11
View File
@@ -1,16 +1,16 @@
ssh-config: ENC[AES256_GCM,data:j5mr3R29SKjra7TMgm0O2sR1RzSeSiFZurDTfoXMu3rJropGPiIS958Jh1+fyMTmCL9y81iCESYpxQH4Ssv2vcKQ6ppy/agjL77YVply8uGwPmZ6F9x3WA37j98UuEsYfCkVPTbDafK8bnMiCwDF6Mkr64HmxKXlN36W5lL9GXVjFiWwb0mz6QFl0JtL+FhyzNa2BrZ/xNtAFu0T36pTh/fS7gS4oi4ubegsxUMO82wnpJTaxSqTCLM3LCoaC+tlW+Zm//rUnKufbCx6bDfJAZ7eym5AhHXUF//fgNq8qYAA84oF5GZueIPTEbCKd6QEBbwh7ADf7ku+ibxJWrQS4IMhyj0EQxI2BtAYN1GVPhKxVTYAYJKM1UufRBYPANQgVn8dr++QxhnHUYeIt5DXhI2FKya66F9yqHroiRTZNEF29l/kykhCmJeTFxSzzpX1NOoaw/i01Q71wK75jmNDOvXTHmfmvcTEt7zm+XMTDsnFUDhJgKNK4x3CpBydQ9IB/zMvATP540FBI3QxW33jYgxs5Ln+f7ZGwGCrJ3dwwf8Ji7bdPJN3SFJiu4hY7MNLdi8AdXoFb/8pRvCJs1d9Ao/rrev4va8CDeyyt2fVMDtmTcJcBkU6RALvv3GlSwBfyH/4sd62Uvn6dsu9PmhsEOxxmOua8qt5ghnklKURHC/+nGou7QnH8o5z+XvsXV7hW7vKQLbptkSZQNGOqpJRTtCR5YWpoJUYY8gx1VAv3A6+AgPA8YWK3oWJ9B038kk5xJDDOOM5l/a1A5SsK63PksXpL9+SBzPnTxfJ8DMoHy0wf36oLF8m6oI2e4t6JGEDwJJVeMKvM406EkXNNjCHlTmVjlW+TQurTZEh6yZxwYlPcYj+RBxHKyImJM9dzs4O1nr1OYwBmZkGzc+FpqE1E6JS2xQ8LnvB+ZFXjhHtSrO6Xtkfm7oA0d8f1JD+JktQjVCsy6cjy4WEHKXwELFXBJeWysxdtF2B15o0cmv+rfkmGJ73yoRX4c+JSHHpNav13A8Ls+Lpy3MOw+axItq9OaxOAvyql5abaslsS03wSUymMYGZQRVM8mpqHz7uZ1eiwv6FkQmYwmSp5JBfGRP8i346km6R21B/SHyWXOGaLlyM5ecmE6nLexgVTCRvyR7hu+lO2knV/F+vKzt/bHzGE4pf/aA9Sm180g8dejMMNvsr8ZJalfr8DODZZhT89pcpiA30aYm3waEDa22cWc6dOHE6U+4gu57Hor69+O+nW4EvVDrW4xRy2a3OzTYOnQr/xI+QDr8O42CWsv2GY2/XD8qseUiAD+d0DMNNdv5jWiFrazzdPnItVjb/XutqCmxAPmNmDAs/3zE2vUTbl0pgHjK8cwPb+glpM+fi4maf6ybm4QN6A4XpKL4YB1/wFVasdflYMv+LACG18BLuBPvVMbZZSdrDmfHeJNFwb0pdn1Ef34gPspO1JlMEdTEEsVmvxPFIalx4xsXoQ60iUolIfHBDxNl7gF9VD4b/Dn98i5Po7mJUW+T40Gw9Li5Li+NGWcOt4WF+F7JATcDCM9lfEHMTUAhnzSpFTwcFefGVJLVgNXTM3F/xr3Um8ClP4nkgzaNPjK82LoY8Q+H5AI1cFTUE9gx7+ZcjjIRE8Yh0FIdg9/PGDfowwzxt3GzW+ZBrnf+P4mLQgCovCUBCb4Kb5YBdMpUziw9KopOM/3BE6d51Z3LSKGNTw0Ibf1nytaCVnP3rwAQMs8EDIx1N3cTbwyExXP20caOkaamoTBP7r5kcxU4Ahg1MADDmyPkYQNPCBZOnFlGHQ9qzyaQpwUb9xckupl05CqNyzc6AokjDOu+I8q+Gv68kxYczJDhF70ANKSzzlpRNICm9xOtfyRUYYJTOBWSW/e70yrNWKK1sqmaZxAqiPNF8fBXzjD8X74SDl6GW6Rfn93OGjwEwGk2jTSU4Gux5KEOmYvlckwWFL4L/NzavShp9nKtTaHP1JBxP6vf015eiyLpFzhO6Jdmh2iCGz/vxfYSE4Nglp2hc7vhAfDECJP4Hd1kjRR4bjLMBKQZBk279UcG0JkxO+YfJoyZ0YkYlkMHYt9ee1v/gqztdVeRg5Ae/B5CVkL0fqotfqvhI4pJkAqUEUZWQtx756+vwDJ0WDlmoJT/K2UqakSXNF692Q1kz+Y67rwHRupqxdDEsM027VolUanSM28omcIstSGXGNDs4Uc8U/zxUkZ1GA88Ql7IOKtoAVRtywv1HpEC+E7SVE2o9yf7kNoyl0TeS6z0ndUW3HCkrGAJfPUb52CRmHPe2gmvk4y/eIa7vt16hKEml8GY8JzUZXOztQXVWoxsad2ZNaeYQT6dzKmZoYqQgDAr0hIO7GlP16y1tLUUhWBI+iE8WClJqHfAPelYy9EhzK+2gfUCOSOS+6c7496uQk4fdbdrM51aIbGtdDDQpvJj9i8zrLISPoxZe5MiyIv4GjpDr9doMKchBX2epXN+Dz0yoDf44736LvjZ8916epjUdN/4+lUXiEKEXkebwRyhiwzbBuK0GfxM2agab2wrdqx3ylp3zcBtHLvGE5z1DbibmJFSB+1oCzga/SJAKXUelHhhVqDJYy2U+YQGtlxuzKIM/UqXgb0zPyiQ8gWUZakuAOIvDN1WWTZhj2RnXCML4ouYSYxmcorxuD2K7U9VfFujcy9Xm6wyO6rCMU/ZlLKMOTwXAivaYynUoxaGu5aQyLRu/eei36yqrMGQ9wbTNtNfJG4T3eP3ZlI5IbCtdRT1n7bbmxbmnaJ0nY7Y5vJeVTrIDhTLHZ8k173X9FHftpvSrvUB/uk06n6fwxjG1jSykw+dQsfZagFG4Ko5caRsd9NJCqUmN0ebfkX72fMapbQRKNgD/hIpGLL7RutxegumlQOfe9ej5GfeM3uqekNC8L37w0YkRWO4IsU3YfcemRXJlDkpy3fwrldt63KbblcoIqGIfgXuCOy7mYmtbC38RWlONV6XrgKwbIckoOlYgzisAU9XN7/mnwqhrFO/KMhrfilAO3TKcAcHTjZ5MDLKiXVzrVbYX+Wbp8pkVtl08Xmh4AX7bhF1sOCfFmn6svBnOJoRg0leXswbBZBclEZhjAFN7kMVpzUw+7WHitqodsIINXtwrK9PiBV+839Nrju49kOoTSJEL55E0agrB496cFWn7GP1HqtzRbctjz9EgI8SnBV/cObxv3SIddrFpPIZAVjdYBCcGSU85Yif78d8bY2TEHzmt8UBFD1oXJB9+pROQtcpyGDSfC7wftQZIselaRy9RBab6u76uGKeHTUzFfjGaFohmSKaGZhV+9Ww0I7d5Wjl3MkOYN9g151e+BrRMq+HCOkKI+r/0paLJ3lNZNkIqwMnOXWQn42cRMJSxoliwzz4DlFd5DyrwcvxpbUiFPku2oMnoWt16C+8PEMrwAlqSY3QplosgsSxS5apKtf5Cqev39euA9900zwYOHuijJorWM8infc9fyaw+NTci2zb+j4QNgj+r1g6/F8++Zbks2rhUgb4YaZDdXJxXxd6cLHf8St4u9g==,iv:fEmaF1T7BxT+wDYfZR+u1+0Oh4dR02ITExpHjWdiah4=,tag:EzJl8epBZyPc58Bi6PR1mw==,type:str] ssh-config: ENC[AES256_GCM,data:yMZ3/cU1QrOucfL1nSVWpGOpXenKTd7eDLwGOfiC6Z3Le6uv5yin9Ovvf8oPY3vge63U2c+1G7X8+rNx/gkB37rBZrkkxb7MVPPxupmgbNxTTnIZm7+cfTZscEsXrxjCD9EribJVmY+BY5oSTy8QN6b7n8WH9xJTzgQvSAoRsZtedP6LoN8EaTP3+asbkdf0SwqgQhLHM3oWE5JL5Lb916rtD7JuQ30FRcNypUhkbzKWRSAmssTsT8i2DQToyskTD5OzujwWxlSH0SGaB1GFsmipPPqeZVyrQ61jRgdurwMfYfhaskzKJd1m0fpD8rD0YMYNT4E16boci7pVRqDolrgVLAF4P4I3AoW9eVHPmyEtmd0o84r+tXpz3DmGsmFbxHhY7YJxo8ysVXCk7DGKiaiGF6/qwftzQ3BxpZovylXh9nZj0WoY5LefXLGq0+fTEVk6gRQNM9qeRQuss+Uds/j1QYZjC7WAfJovh03k00Y9jBqA0FXvdCd8by1GX9j9md7HdugV57/erSs03QEaZ/RdyInWWjf/FuEbZYl3YvPWFNtpBBGJPN/qZ4gO4Vc3OAGdrAxg67sqmwPKslwleiDOslJs3BAr/gAwUDPeQCoL3yWQM9fTktu6LgP8gMau5xTascmvgvKg1QVsTn8l7BqNGY9aMhQouv5vQthgdiiQURzXi4GJe1nDb6+50JoG76Q2M4VJoWJjoV6lV0Hy5+02476UeaitrRJOealUIqD+e7B6BIC1IWYaCC6FNq8OZo4W7Zc0vQRwTHqWZ0lC6ApgkrUrCft2jgeFue9Zfrcpv4ZdCQXBpZf4SysqY6WXq+sMHIrYypbfBLdSnoOCA4ArS+k6tQCm8WeJS02dLmXm6gL3OPoAfoTljvt9GfZrOTbBjiJ1P0A47kI3ycavH8T7v1KLDyba9OWJBTXA9tCyAh3IHXR3gnH5DJWeqql5W8basH9rUDYAZnr/9MiNudWFlHJrDkVyg4WRhTqDXbd8mkg3uvd0KPaLf4WfeV0hDN0fUwiWAaM/SUKYRu+8Dd/d+O6My1yEdGuEpBJ6yRifu8NNtKqD9NWw6fJR+n/pmT/kY6O65kMQQ4AtnEiRqXazSD0sz/F7XJp3UBGRD542MTv0xKOKHPrITelk/IBT/77uDNNEfnae+wU32fsGfcaMkv6fO4A2KRv0rxPSX61zP0tEZGt+DWFZXq3ItwRQIxjJJFuoERWWHWB+UbLCFSFv0XDVI3t90PtKbTr0oLzHEF6z4ZAAcpHLte/aXD1d3FWjI2quCQ4rKD5Hh2Thz1cecn+bmu5SmJMoHjbDDRWQyaL3nswIAr5dgaGPhMipWqxn2oRbf34VltYAdF1UED8VXDWbkMuEOZ9ISw2gQOQuulDP2KYfDHgZspDt9T7/0Vf5XLT0ofKhmkMUqEhZ9nb+u6R+UC6YOnOVHcLocSzUQSu068sfPY6H1QU2wFi+F4ytEfEGVRA9CXIgzMBERkd2VrdzMv6bFxSimfzqLCpVLsdnn6dISSrA0uXN02s7VoAanzrim2+MiYtyVQ0/5P0IQYZNjT5zKcHqgjUOcqd1+oWCmdUT5TXWQKpKYoD4h6FAsOSf6DE1RSlbMvZ90n+LuurQnuP8gzITCA99FrDerw6g1b5h0oOHqS5hk23eIZeujQZnpWQheV9YkPlpggpSBIgmmn7A8gr0WE51s5lgvUSEhUX+PFZudeHXJYQRh5kq9rg0Icsc97FrREbsGLFKspQUysrlxCRJbq6CYwiszZqVpD3Yp2gJrHBsUhLeBydnyBF0RAaVYXgXGgr8ZoXVX2Mm/bA7hVzuXlI/01S6cfF4QSfHk+eCymhbvYbowE5EBgp7uIPaQt0bHNOcnOABe5u8OWcOvnEgA5wE3ZLlmJDEHn2a09UDUaqJs1ZGcIxosAUQqJb1oRZY8iOxKF4x/Z/ogUrac/vAzkeX+P+NE0sISacNxhdDfjUBLUDXIPFYBJGKe2oK14DrdTDcHsUhFgHGq0iFpRtjdjcs3qJI5dOsIi8NlnuhdSQ4xgg94M74AL+etUwYNqG52V8Mm+AZjjbT4+uCjs21DiB5rFZDTrkraWUBORE3+WLsLyDGvpsWPxDSGAICzfNnxDjrlYAO2Fxc15sPiOJwlmBakciEiF83QQG2fu6y86+dzpJTpzes5jADHTdHpJpbYG5Glo1bLoBMwyjT8fnAr9pOONUnjOkpBq0HSWR8k70THFV9p3igHaUSirFsSfF+8men1d6xhu5z8zTkQbMUl/SfjxpHKlIHu35iPD8n2UGk+6uGQDXPsWeGf0pYLaw7TBvd2SPef/Yso2SCXbZ6XT1UVLNrp/CciNa/RN8RgSe/DtbQFsQP5bUrd5npjERd3xMk7/0uYT7OBIqDv3LGlaqyVzyv6Jp+IgUzntwjl/9C5Cw5iQYwV/qXiwYksFkKMSWzsJbCyEd+tWrDNHDDHvo0MxlKKoDoh48a/8ulUOVZ2/ddms+Dgte5JCVcPbl+u2mspngm4YCaL0UEDYj9VjL7MkynlGANfx/e/oTplTZUxRcV50Cky2WGO9uvugWZYoeKsSuyG29RRRMJPud+27JU53aPGrwXHc/BvENXA/0At8wSjtqKTyM1LPHCI/5PJ26yaeSEo1Z219UcN1jrix4mICK3K5y/lym57kWPJgtag5Dhc/dePkHEzj2jjYxyNowp7pdxJa4q4bEpssJdzIjjLzyMYb+qzYFLU6cQ6A4msm2uBPvKojc3d1WHVwqvaqMbjxb7QPRWS1wIR1BSiK9HK6tgfywhZ8mOHIg1P7eFk4zoCmiYq6iSRTbyMDWMxaCvHR/L4RmG10BeXl1vb8faZi8sBmWE41bC5Gpz8eGluTYTxTa8rJpe+DIKogyOCe8Tfa+9GypIPkAhG57sNHJVkdp3dp5C4kd96IU8+f8SkOsZXlDZwBJN9rmLFHxS3ceFinNEpg6H41x6EW2GiouAduYZnshj61tQrAQtkX9xyQJU3orDw/f2Nq1fPIRfEtOLEz77K/gfQoyuaEXq6v1sFbplsYqbsZFtI2E0IS64C6pkgrfYTORFHh6hE1mBbaYmwphgYlUdQEmrBO/Z9bf8PPtoVpYlisPbscR7SuTYXEELpSimBKi6plgkZI7hcgcJjbxpZI+y7C6pdXunjPoMJhGkMHQvr7tta5SWBqYIzzI7kZeMBfBBPiuYKy5Ov2t9MWfV0DbXadzEqM+bvBhQAF62Xtk5CHj7kQF8/2npCGSXzJ6oq2Fo+vmKuaxTx5JvQ7DrUqHFAcLgWYCmHHX/TJPflzq8HYeZgkzOHR7/u4Cn5uzkGVqgsFcO31y+OsPKBLsySOsT2yx0+qV/dhYdHAeJQ5yutNsdmbo4Xn9D3AJFUUAa2/JUCJdXlkH48bNsRvgVgiv+zsaSLs/lTxrMHHJy+UZECTU5ZIfzt5GnvgGvM6SE7fhLEADtrMhwBW2JCwZSYhF6+BH97pYFb4MwcxqXRS4KGVzay0osnvbP+DE7FKviaByvIxa8mIYfrNCn/r/pa5ysjOBjstkqNtpaEP5KhmwUSjmFxnKB0lsXCSWOZL8KjGeycRyK7IopwBxfw6FA/Conx3ehKFr+wOsmJ2XbPTYOcg==,iv:KlRODFs7u3WGzHKQJpMkjiNf+rqBBW1oMx02APGcuyg=,tag:472ZgRVE6dkHBnvEcMOWHQ==,type:str]
sops: sops:
age: age:
- recipient: age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy - enc: |
enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TVNCWjduWXVGU2EwWFlu YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2U0daVmk4YXoxMUtxNkhL
b2pKN29BbE1xcmNKc3R6WVJ3SG45OEM5T1FvCnZXQWJrdnNwZ1NyU0w4K1BDQXp3 ODc5a2p4aGcwbjZha3BsM3MwZmdLZTFaZXdzCkM2cE90QlpJNmQrTzlFbnA2dzdw
bS80NllZODhBcDVnUXYwRUtJUWhTaE0KLS0tIElCaE16c0J6dW1WaTJrUzZpczFT MkJhM2JqNUlpcW5VTklMeFVDSGVwTTAKLS0tIDN3MFFBcGNlLzUxd01tK0V5YzVP
MFJINjBUMTBQVklkTG9KYVVvZXczZG8KH56Vo0jc8nLp+nAnVKSPfDSFb+Mw/L0k VzFxL1hkdklLWUV5TFFrekt6dXBHa28K00ChSpcAKizcqoORF4rYQUvmblgIQ2sB
O1/X5MeF4Z2O80noGH2LaP5WKvy+h/kMW9c0hjBnayJBunf3VbhH3A== NzkzR86t2mEKdI2NU4CmYayOZrNN9sjd+mMaJmFwaTAeERaw0UuM8w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-16T17:02:16Z" recipient: age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy
mac: ENC[AES256_GCM,data:6QDpFeS+42KTeklQZ+lt7fpGTIQmVU/NjlmX6SUxQEgNkJ4c5lMEP49SIR7MxnYo3zm6X6v2OM8O5kj3fFiOA49GdK5Bnuy/+Y2146rb0fa5aNNhVJwLs/L9CFVXzCVlCLqjsEPQkzq0EluwMAvW7HzkhvHb/IpeJkEct8NgqRU=,iv:URy/A9NkO/xTWGbToIhN61gC1FaexNO5RMRE00Y1VGA=,tag:jr634ex3sxg8khfWWYVCxw==,type:str] lastmodified: "2026-05-17T11:25:42Z"
mac: ENC[AES256_GCM,data:bqNgucTbqPlbDgkrPjagVlXpeTIOev43gKAhkborN7HGi72aAoXpUirGIBOsZTvCnu4IrhkH9Kj5GRppjMmcaJ+b5FzpzLXEjJjbQU7PeKeuPFOdy8GsY6RafKLFosUwyDw0ZGBOosNzcc3Srd6af67Dutd2Kr0ke8pEVX4tKV8=,iv:jBGiuotm4wHUA/cQxY9MEgzHVn2giwQvP0aWvSbJl3w=,tag:P/cAyeowoexR0r2Lepp6hA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.13.0