From 2f6f1dd40542c2a274c4820123771e2e57a3f23f Mon Sep 17 00:00:00 2001 From: Superredstone Date: Sat, 23 May 2026 18:22:57 +0200 Subject: [PATCH] feat(bomba): move from docker to native services --- flake.lock | 113 +++++++++++++++------- flake.nix | 11 ++- lib/mksystem.nix | 3 +- machines/bomba/secrets.nix | 36 +++---- machines/bomba/services/caddy.nix | 41 ++++++++ machines/bomba/services/default.nix | 4 +- machines/bomba/services/nextcloud.nix | 3 +- machines/bomba/services/nginx.nix | 42 -------- machines/bomba/services/nixflix.nix | 121 ++++++++++++++++++++++++ machines/bomba/services/ntfy.nix | 16 ---- machines/bomba/services/vaultwarden.nix | 4 +- modules/nix-config/caches.nix | 2 - modules/packages.nix | 1 - secrets/bomba.sops.yaml | 21 ++-- 14 files changed, 288 insertions(+), 130 deletions(-) create mode 100644 machines/bomba/services/caddy.nix delete mode 100644 machines/bomba/services/nginx.nix create mode 100644 machines/bomba/services/nixflix.nix delete mode 100644 machines/bomba/services/ntfy.nix diff --git a/flake.lock b/flake.lock index 540b61d..13a1026 100644 --- a/flake.lock +++ b/flake.lock @@ -126,6 +126,22 @@ "type": "github" } }, + "mkdocs-catppuccin": { + "flake": false, + "locked": { + "lastModified": 1767028711, + "narHash": "sha256-YVIZAtQT2B4Xs2sBaszvyyukm+1klCJdRpsc/BYV1gw=", + "owner": "ruslanlap", + "repo": "mkdocs-catppuccin", + "rev": "fd8ac6106b5b6d32922cd80cbc3d221622a17408", + "type": "github" + }, + "original": { + "owner": "ruslanlap", + "repo": "mkdocs-catppuccin", + "type": "github" + } + }, "nix-cachyos-kernel": { "inputs": { "cachyos-kernel": "cachyos-kernel", @@ -149,6 +165,29 @@ "type": "github" } }, + "nixflix": { + "inputs": { + "mkdocs-catppuccin": "mkdocs-catppuccin", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix", + "vpn-confinement": "vpn-confinement" + }, + "locked": { + "lastModified": 1779483163, + "narHash": "sha256-rlTpDEuu9RjUus7Vl1jfREXj8jDfDjzatczPhKY2mZk=", + "owner": "kiriwalawren", + "repo": "nixflix", + "rev": "119e778540c94d3f035979af1ffdaa163b47c8ec", + "type": "github" + }, + "original": { + "owner": "kiriwalawren", + "repo": "nixflix", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1779436535, @@ -242,20 +281,6 @@ "type": "github" } }, - "nixpkgs_5": { - "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", - "revCount": 942779, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.942779%2Brev-d6c71932130818840fc8fe9509cf50be8c64634f/019c3fb4-003d-710c-9b72-1d2bb1b28de3/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1" - } - }, "nixvim": { "inputs": { "flake-utils": "flake-utils", @@ -324,7 +349,7 @@ "nixpkgs" ], "systems": "systems_3", - "treefmt-nix": "treefmt-nix" + "treefmt-nix": "treefmt-nix_2" }, "locked": { "lastModified": 1778983195, @@ -344,12 +369,12 @@ "inputs": { "home-manager": "home-manager", "nix-cachyos-kernel": "nix-cachyos-kernel", + "nixflix": "nixflix", "nixpkgs": "nixpkgs_2", "nixpkgs-25-11": "nixpkgs-25-11", "nixvim": "nixvim", "noctalia": "noctalia", - "sops-nix": "sops-nix", - "spotiflac-cli": "spotiflac-cli" + "sops-nix": "sops-nix" } }, "sops-nix": { @@ -372,24 +397,6 @@ "type": "github" } }, - "spotiflac-cli": { - "inputs": { - "nixpkgs": "nixpkgs_5" - }, - "locked": { - "lastModified": 1771096762, - "narHash": "sha256-c9Goe1e2XhaLFmzd6ktCXEPyTi4zflISTJV1FnS5rmo=", - "owner": "Superredstone", - "repo": "spotiflac-cli", - "rev": "63d9892e7220d2d6c305478f93cb9f79c5a206a3", - "type": "github" - }, - "original": { - "owner": "Superredstone", - "repo": "spotiflac-cli", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -436,6 +443,27 @@ } }, "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixflix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775636079, + "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "noctalia", @@ -456,6 +484,21 @@ "repo": "treefmt-nix", "type": "github" } + }, + "vpn-confinement": { + "locked": { + "lastModified": 1778182451, + "narHash": "sha256-Bz3n2THDGf90Z9gMqhH/J492prYH8B6RFRlxv/fPBwc=", + "owner": "Maroka-chan", + "repo": "VPN-Confinement", + "rev": "cf5bfc4c3559f2e783698b1aa23c165072039a7d", + "type": "github" + }, + "original": { + "owner": "Maroka-chan", + "repo": "VPN-Confinement", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 088fbd6..dc336e8 100644 --- a/flake.nix +++ b/flake.nix @@ -18,8 +18,11 @@ url = "github:noctalia-dev/noctalia-shell"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixflix = { + url = "github:kiriwalawren/nixflix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nix-cachyos-kernel.url = "github:xddxdd/nix-cachyos-kernel/release"; - spotiflac-cli.url = "github:Superredstone/spotiflac-cli"; }; outputs = @@ -28,10 +31,10 @@ nixpkgs-25-11, home-manager, nixvim, - spotiflac-cli, sops-nix, nix-cachyos-kernel, noctalia, + nixflix, ... }@inputs: let @@ -44,7 +47,6 @@ inherit overlays nixvim - spotiflac-cli sops-nix noctalia inputs @@ -80,6 +82,9 @@ user = username; desktopEnvironment = "none"; enableZram = true; + additionalModules = [ + nixflix.nixosModules.default + ]; }; }; } diff --git a/lib/mksystem.nix b/lib/mksystem.nix index 8cb4c3d..a6be7c6 100644 --- a/lib/mksystem.nix +++ b/lib/mksystem.nix @@ -2,7 +2,6 @@ { overlays, nixvim, - spotiflac-cli, sops-nix, noctalia, inputs, @@ -27,7 +26,7 @@ let HMConfig = ../home; systemPackages = ../modules/packages.nix; specialArgs = { - inherit gamingSystem workSystem enableZram nixvim spotiflac-cli sops-nix noctalia inputs additionalModules; + inherit gamingSystem workSystem enableZram nixvim sops-nix noctalia inputs additionalModules; pkgs-unstable = import nixpkgs { inherit system; config.allowUnfree = true; diff --git a/machines/bomba/secrets.nix b/machines/bomba/secrets.nix index 509cbc3..8dd11ab 100644 --- a/machines/bomba/secrets.nix +++ b/machines/bomba/secrets.nix @@ -1,23 +1,25 @@ -{ config, ... }: +{ ... }: { - sops = { - secrets = { - nextcloud_password = { - owner = "nextcloud"; + sops = + let + default = { sopsFile = ../../secrets/bomba.sops.yaml; }; - ntfy_users = { - # owner = "ntfy-sh"; - sopsFile = ../../secrets/bomba.sops.yaml; - }; - ntfy_access = { - # owner = "ntfy-sh"; - sopsFile = ../../secrets/bomba.sops.yaml; + in + { + secrets = { + nextcloud_password = default // { + owner = "nextcloud"; + }; + nixflix_password = default; + jellyfin_api_key = default; + qbittorrent_api_key = default; + qbittorrent_password = default; + radarr_api_key = default; + sonarr_api_key = default; + prowlarr_api_key = default; + seerr_api_key = default; + indexers_ilcorsaroblu_password = default; }; }; - templates."ntfy.env".content = '' - NTFY_AUTH_USERS='${config.sops.placeholder.ntfy_users}' - NTFY_AUTH_ACCESS='${config.sops.placeholder.ntfy_access}' - ''; - }; } diff --git a/machines/bomba/services/caddy.nix b/machines/bomba/services/caddy.nix new file mode 100644 index 0000000..f91d4b7 --- /dev/null +++ b/machines/bomba/services/caddy.nix @@ -0,0 +1,41 @@ +{ config, ... }: +{ + services.caddy = { + enable = true; + virtualHosts = { + "vaultwarden.patrickcanal.it".extraConfig = '' + encode zstd gzip + reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT} { + header_up X-Real-IP {remote_host} + } + ''; + "gitea.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT} + ''; + "nextcloud.patrickcanal.it".extraConfig = '' + reverse_proxy :8004 + ''; + "octoprint.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.services.octoprint.port} + ''; + "jellyfin.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.nixflix.jellyfin.network.internalHttpPort} + ''; + "qbittorrent.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.nixflix.downloadarr.qbittorrent.port} + ''; + "radarr.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.nixflix.radarr.settings.server.port} + ''; + "sonarr.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.nixflix.sonarr.settings.server.port} + ''; + "prowlarr.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.nixflix.prowlarr.settings.server.port} + ''; + "seerr.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.nixflix.seerr.port} + ''; + }; + }; +} diff --git a/machines/bomba/services/default.nix b/machines/bomba/services/default.nix index 2707175..2e78a7d 100644 --- a/machines/bomba/services/default.nix +++ b/machines/bomba/services/default.nix @@ -1,10 +1,10 @@ { ... }: { imports = [ + ./caddy.nix ./gitea.nix ./nextcloud.nix - ./nginx.nix - ./ntfy.nix + ./nixflix.nix ./octoprint.nix ./teamspeak.nix ./vaultwarden.nix diff --git a/machines/bomba/services/nextcloud.nix b/machines/bomba/services/nextcloud.nix index 3d08d38..0411893 100644 --- a/machines/bomba/services/nextcloud.nix +++ b/machines/bomba/services/nextcloud.nix @@ -29,9 +29,10 @@ ]; }; }; + # Required to change nextcloud port nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [ { - addr = "172.18.0.1"; + addr = "127.0.0.1"; port = 8004; } ]; diff --git a/machines/bomba/services/nginx.nix b/machines/bomba/services/nginx.nix deleted file mode 100644 index 202baa3..0000000 --- a/machines/bomba/services/nginx.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ currentSystemEmail, ... }: -{ - services.nginx = { - enable = false; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - virtualHosts = - let - base = locations: { - inherit locations; - - enableACME = true; - forceSSL = true; - }; - proxy = - ipPort: - base { - "/".proxyPass = "http://" + ipPort + "/"; - }; - in - { - "patrickcanal.it" = { - root = "/var/www/patrickcanal.it/public/"; - enableACME = true; - forceSSL = true; - }; - "gitea.patrickcanal.it" = proxy "127.0.0.1:8001" // { - default = true; - }; - "vaultwarden.patrickcanal.it" = proxy "172.18.0.2:8002" // { - default = true; - }; - }; - }; - - security.acme = { - acceptTerms = true; - defaults.email = currentSystemEmail; - }; -} diff --git a/machines/bomba/services/nixflix.nix b/machines/bomba/services/nixflix.nix new file mode 100644 index 0000000..1fb1415 --- /dev/null +++ b/machines/bomba/services/nixflix.nix @@ -0,0 +1,121 @@ +{ config, ... }: +let + user = "Patrick"; + baseDir = "/var/lib/nixflix"; + stateDir = "${baseDir}/state"; + downloadsDir = "${baseDir}/downloads"; + mediaDir = "${baseDir}/media"; + jellyfinPort = 8005; + qbittorrentPort = 8006; + radarrPort = 8007; + prowlarrPort = 8008; + seerrPort = 8009; + sonarrPort = 8010; + hostConfig = { + username = user; + password._secret = config.sops.secrets.nixflix_password.path; + }; +in +{ + nixflix = { + inherit mediaDir downloadsDir stateDir; + enable = true; + + caddy = { + enable = true; + domain = "patrickcanal.it"; + }; + + flaresolverr.enable = true; + + torrentClients.qbittorrent = { + enable = true; + webuiPort = qbittorrentPort; + password._secret = config.sops.secrets.nixflix_password.path; + serverConfig = { + LegalNotice.Accepted = true; + Preferences.WebUI = { + MaxAuthenticationFailCount = 0; + Username = user; + Password_PBKDF2 = "@ByteArray(8AhaCcVLo4H07+dv5uF7pQ==:m+wRuZuzus0N5mkOGXePQmDZfgTpRZiv2OSKbk1pnOA/QPa/JF4Ai1FwVbyZ1PF9odSOSI1UaRQwDMb3MxOKMg==)"; + }; + }; + }; + + radarr = { + enable = true; + settings.server.port = radarrPort; + config = { + apiKey._secret = config.sops.secrets.radarr_api_key.path; + hostConfig = hostConfig // { + port = radarrPort; + }; + }; + }; + + sonarr = { + enable = true; + settings.server.port = sonarrPort; + config = { + apiKey._secret = config.sops.secrets.sonarr_api_key.path; + hostConfig = hostConfig // { + port = sonarrPort; + }; + }; + }; + + prowlarr = { + enable = true; + settings.server.port = prowlarrPort; + config = { + apiKey._secret = config.sops.secrets.prowlarr_api_key.path; + hostConfig = hostConfig // { + port = prowlarrPort; + }; + indexers = [ + { + name = "Il Corsaro Blu"; + username = "Petrich"; + password._secret = config.sops.secrets.indexers_ilcorsaroblu_password.path; + } + ]; + }; + }; + + seerr = { + enable = true; + port = seerrPort; + apiKey._secret = config.sops.secrets.seerr_api_key.path; + }; + + jellyfin = { + enable = true; + apiKey._secret = config.sops.secrets.jellyfin_api_key.path; + network = { + knownProxies = [ "127.0.0.1" ]; + internalHttpPort = jellyfinPort; + }; + users."${user}" = { + mutable = false; + policy.isAdministrator = true; + password._secret = config.sops.secrets.nixflix_password.path; + }; + libraries = { + Movies = { + collectionType = "movies"; + paths = [ + "${mediaDir}/movies" + ]; + }; + + Shows = { + collectionType = "tvshows"; + seasonZeroDisplayName = "Specials"; + paths = [ + "${mediaDir}/tv" + ]; + }; + }; + }; + }; +} diff --git a/machines/bomba/services/ntfy.nix b/machines/bomba/services/ntfy.nix deleted file mode 100644 index cde5c9d..0000000 --- a/machines/bomba/services/ntfy.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, ... }: -{ - # services.ntfy-sh = { - # enable = false; - # environmentFile = config.sops.templates."ntfy.env".path; - # settings = { - # listen-http = ":8005"; - # base-url = "https://ntfy.patrickcanal.it"; - # smtp-server-listen = ":25"; - # smtp-server-domain = "patrickcanal.it"; - # behind-proxy = true; - # enable-login = true; - # require-login = true; - # }; - # }; -} diff --git a/machines/bomba/services/vaultwarden.nix b/machines/bomba/services/vaultwarden.nix index 322b3a5..83b52a4 100644 --- a/machines/bomba/services/vaultwarden.nix +++ b/machines/bomba/services/vaultwarden.nix @@ -2,9 +2,9 @@ { services.vaultwarden = { enable = true; - domain = "vaultwarden.patrickcanal.it"; config = { - ROCKET_ADDRESS = "0.0.0.0"; + DOMAIN = "https://vaultwarden.patrickcanal.it"; + ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8003; }; }; diff --git a/modules/nix-config/caches.nix b/modules/nix-config/caches.nix index 9bb3e10..44085ea 100644 --- a/modules/nix-config/caches.nix +++ b/modules/nix-config/caches.nix @@ -5,7 +5,6 @@ "https://cache.nixos.org" "https://cache.garnix.io" "https://nixvim-superredstone.cachix.org" - "https://spotiflac-cli.cachix.org" "https://attic.xuyh0120.win/lantian" "https://noctalia.cachix.org" ]; @@ -13,7 +12,6 @@ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "nixvim-superredstone.cachix.org-1:mEXHVxEv5dKka3FOxTMFDfdk/DJ0baydsahi+zZIcQE=" - "spotiflac-cli.cachix.org-1:UgpE8P0TO8NuF03vF117r/vgTkjq13Z3JqGzaQdC7xE=" "lantian:EeAUQ+W+6r7EtwnmYjeVwx5kOGEBpjlBfPlzGlTNvHc=" "noctalia.cachix.org-1:pCOR47nnMEo5thcxNDtzWpOxNFQsBRglJzxWPp3dkU4=" ]; diff --git a/modules/packages.nix b/modules/packages.nix index 5ca8242..648b361 100644 --- a/modules/packages.nix +++ b/modules/packages.nix @@ -67,7 +67,6 @@ vim # The only and one great editor inputs.nixvim.packages.${stdenv.hostPlatform.system}.default # The only and one great editor improved even further - inputs.spotiflac-cli.packages.${stdenv.hostPlatform.system}.default ]; guiPackages = lib.optionals (currentSystemDe != "none") [ diff --git a/secrets/bomba.sops.yaml b/secrets/bomba.sops.yaml index b9e7268..fae4222 100644 --- a/secrets/bomba.sops.yaml +++ b/secrets/bomba.sops.yaml @@ -1,10 +1,16 @@ nextcloud_password: ENC[AES256_GCM,data:lMavQvl4grki9c5AgaKE8Q==,iv:jJ0/Wka5/2TBD4C739HBeiVzxujWC4WL6FDLqov6FVA=,tag:1skCLwSr6VSzZWthtzaxwg==,type:str] -ntfy_users: ENC[AES256_GCM,data:jFN6axA2cyszWRWRcLMe0KRmLeqM8rPho7/k0tOZGajJ33CO7uAul9tQ9LjEl59lhgrX13fnH5ofBOoRZAC/Ck1wS/PcSbSO,iv:TlelbuZkIo8iI5njBEQQLK8FClbpDo/bFraLwoQ0Kkk=,tag:M9Uh5SHs77ONsnPIqZuO2g==,type:str] -ntfy_access: ENC[AES256_GCM,data:7bcKYCS8,iv:Wwm1g/+0SzgAYh2tjKvJQEL2RJDG2tKqI4OjNeJjvio=,tag:nJ304eakWx0Kvo8I8bXPJQ==,type:str] +nixflix_password: ENC[AES256_GCM,data:g8S6Z925bLWDFjFKL3TqDQ==,iv:sFg8bCBL71yVUUJ7ibD/IH2O47gsxbH8Zrgu67lH3+A=,tag:J3Y8KQw8bSYzBrOCN23q2w==,type:str] +jellyfin_api_key: ENC[AES256_GCM,data:Xhd3X3iy78kmPPmWQOngdF9jqPb6YBM9kgjhib6K1zw+wQ14VPJORqkVgKw/K0AwjF81zJXVGgkGHZbdjvKDPQ==,iv:2Y8c8iCcJ4MNlKZsDG/RyfQ4zO5686ExGQCCTkfcigw=,tag:/T/ms/SVL2EIyI+iMX7rVg==,type:str] +qbittorrent_api_key: ENC[AES256_GCM,data:EJmLZr15745Fcwu6zO1GJ68ptrZjS3NgG2BTNC0bgxEuGR8rjo3UrUj6zo3wkMUu9j3A9uZD1mNH5HLL/nGKrg==,iv:B5riJE+jMy3u+nBV7jhnYdpxw8cIMmPwdVm6XCTgxEA=,tag:1IofM5ieuyHL3l6fOsaV8Q==,type:str] +qbittorrent_password: ENC[AES256_GCM,data:qZNlHLMcihmfaP8t6Bd0vbt89A5nzgukJ0lO+n52R9lldNQiHKNCNI2LpitIsHGfjNMiluuo5r4fTwVjJsA1zA==,iv:InCWhFfWkmMo1R0wGNx7n09Wpq2RW1TYtuaQWJknkvM=,tag:Qp59jzDWEjD/s04DUV9u8A==,type:str] +radarr_api_key: ENC[AES256_GCM,data:NxYoYFffrPFmI3cmtgi+qRBzH15imO3knq00GWcY+uJSvBL0hOs1Zem+n7Ij7L5V7PbZfWVnnuRJvjy2BnRzYA==,iv:+b5jm/Z8wHf3CidKV1L5a3vlSJvsi+eWhBBO6J48/8o=,tag:RiA0/dbcftCp79YqEwu7yA==,type:str] +sonarr_api_key: ENC[AES256_GCM,data:nm9lcY9/3aMce7MIEK9E+su9o0f7RdOafx52a8vgG8hxiv4J6bktiK8EAfLIr0ae8Yi17gDiHtRgPw/9EUOdCw==,iv:elRPggP64PdaV1j6fCyZSilgwi41cmG9rDpXVKcX0PY=,tag:o0ZdHxh1NaJSfW7iNlV9eg==,type:str] +prowlarr_api_key: ENC[AES256_GCM,data:UDpnqIP64k8Qt9k/sjbESNostFiGHfLo3CEYfyWppHEwfkjVu1oirdtzDgAO056rxWaLwwcqJs0jDFau5VZi8Q==,iv:N9d9Sdbo/akFecQRYfbrkigq2Za3CXzsRJvNljm1MQM=,tag:Et1kIBHPX4bLlCgqpZf4CA==,type:str] +seerr_api_key: ENC[AES256_GCM,data:KDQxxo2W4tz9UokscAUSz7pf7wY2AfsEQpZh2aXGjsQOBgSLt1DEe5LUxealBZju8gabhp4sNGFvp0+ioZpfkg==,iv:V/rbR6bZtVnDhLLVmygGyTf5Ujm8sb2xHy4JuvLiiV8=,tag:MxGzXHbZWgu3H+ICS2tSNQ==,type:str] +indexers_ilcorsaroblu_password: ENC[AES256_GCM,data:w3CIGQqLxHEkUHvscZc=,iv:fjsB3zt4Z43MKRECjpa7+gNDzM8D+JK0sbKt2P+Hdiw=,tag:KvLawon+KfrhGmi1TWRHLw==,type:str] sops: age: - - recipient: age1ynu6zhhy84rr5xqce0flp25x5tnfgskesxfe39u7ewsk900fvagq9sq0lx - enc: | + - enc: | -----BEGIN AGE ENCRYPTED FILE----- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOC9xeExzN2VzT2NmZS9I TEVxamNYOWZDWUJvYnpjL2JpMHJRbTlOV1Y4CmFGaXhEd0pRWU1tRTBMdDVPU2Fr @@ -12,7 +18,8 @@ sops: YjVvSDV1TGExYUJGUk00MTF4bXNFVTQKG/GueSmnuA23L42X6AvAWZgBbJuCGLw1 ZQ17gIIOjhKHlGx8Lo5t/PekzFyQKCKdijS7caq74dVib1vO3tk+uQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-14T07:23:58Z" - mac: ENC[AES256_GCM,data:nCPTfEu1wGfUtnJzMQISmrd5DHSffMacwgVYurFE1sWzhDue2fXssUCTbqf/bnzak5kB2TFkpZGH+SywC8BrCh+pRyG+Ey2HMHDCkM8eXrfyFxzV8k3V0pa9Ek+Rs63vaX1lRFBFh4iQtdLThjs/mnw3nla/B8wO/ArZ3NhF95k=,iv:8160XN5N36HwgjDUWulvS6tBk80svOt7DtXNqNNv5zU=,tag:1nrrxUjKTV0pPUr8S6e9+g==,type:str] + recipient: age1ynu6zhhy84rr5xqce0flp25x5tnfgskesxfe39u7ewsk900fvagq9sq0lx + lastmodified: "2026-05-24T10:44:51Z" + mac: ENC[AES256_GCM,data:vKUOBMV/FHyWdfJhsGpFmyhyFIM9RjhucfHRCE+jT2orlWDyu215qSfiWlhHLtLSqdh7IIrv2QFDUDhz0JNa0nHe5aoePyg6dsuLeDLvBTlmidSpDITsCcp+yYWtUx1TegmOXXs4GV2mvOboIFo+Ks7mCVy7WOVzoVubhZmHTzo=,iv:FoQbhWk+JZTohbd2CaYLVVcIp792GCH/TtQE7jGQ9+o=,tag:jJrC5nFZODIr856rb+CEiQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.12.1 + version: 3.13.1