diff --git a/flake.lock b/flake.lock index 32c7656..c713645 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1626117186, - "narHash": "sha256-KSVWpb03y2QootRxAG4RwTI14RUn1vmz/yRgVlDJRpk=", + "lastModified": 1626395775, + "narHash": "sha256-7Uo+4PIQGirfd7WfFuRuspLCyDT7eUn6pnJx/CL9UC8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7512bb64b1dd693c97b1219c24032d28f20f9e8", + "rev": "a165aeceda9f9741d15bc2488425daeb06c0707e", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 17dbeab..7609a0a 100644 --- a/flake.nix +++ b/flake.nix @@ -43,8 +43,10 @@ backend1 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = common.modules ++ [ + ./modules/nginx.nix ./modules/murmur.nix ./modules/synapse.nix + ./modules/nextcloud.nix ./modules/custom-backup-job.nix ({ networking.hostName = "backend1"; diff --git a/hardware/hcloud.nix b/hardware/hcloud.nix index 1a8b0a2..2bc25c5 100644 --- a/hardware/hcloud.nix +++ b/hardware/hcloud.nix @@ -5,6 +5,8 @@ boot.loader.grub.device = "/dev/sda"; fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + time.timeZone = "Europe/Amsterdam"; + boot.cleanTmpDir = true; networking.firewall.allowPing = true; } diff --git a/instances.tf b/instances.tf index a9a67e4..075caff 100644 --- a/instances.tf +++ b/instances.tf @@ -22,6 +22,14 @@ resource "hcloud_network_subnet" "db_network_subnet" { ip_range = "10.0.1.0/24" } +resource "hcloud_network_subnet" "banditlair_vswitch_network_subnet" { + type = "vswitch" + network_id = hcloud_network.private_network.id + network_zone = "eu-central" + ip_range = "10.0.2.0/24" + vswitch_id = 22304 +} + resource "hcloud_server" "db1" { name = "db1" image = data.hcloud_image.nixos_stable.id @@ -47,7 +55,7 @@ resource "hcloud_server" "db1" { } module "deploy_nixos_db1" { - source = "github.com/phfroidmont/terraform-nixos//deploy_nixos?ref=a8d5d31e59f4ce2677272e4849b122b4afc5a8e4" + source = "github.com/phfroidmont/terraform-nixos//deploy_nixos?ref=5f6b38f7e1485d216c14c3cbd6692581e5eaa392" nixos_config = "db1" flake = true target_host = hcloud_server.db1.ipv4_address @@ -59,6 +67,8 @@ module "deploy_nixos_db1" { TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; + CREATE ROLE "nextcloud" WITH LOGIN PASSWORD '${data.sops_file.secrets.data["nextcloud.db_password"]}'; + CREATE DATABASE "nextcloud" WITH OWNER "nextcloud"; EOT borgbackup-passphrase = data.sops_file.secrets.data["borg.passphrase"] borgbackup-ssh-key = data.sops_file.secrets.data["borg.client_keys.db1.private"] @@ -95,7 +105,7 @@ resource "hcloud_floating_ip_assignment" "main" { } module "deploy_nixos_backend1" { - source = "github.com/phfroidmont/terraform-nixos//deploy_nixos?ref=a8d5d31e59f4ce2677272e4849b122b4afc5a8e4" + source = "github.com/phfroidmont/terraform-nixos//deploy_nixos?ref=5f6b38f7e1485d216c14c3cbd6692581e5eaa392" nixos_config = "backend1" flake = true target_host = hcloud_server.backend1.ipv4_address @@ -112,10 +122,13 @@ module "deploy_nixos_backend1" { password: "${data.sops_file.secrets.data["synapse.db_password"]}" macaroon_secret_key: "${data.sops_file.secrets.data["synapse.macaroon_secret_key"]}" EOT + nextcloud-db-pass = data.sops_file.secrets.data["nextcloud.db_password"] + nextcloud-admin-pass = data.sops_file.secrets.data["nextcloud.admin_password"] "murmur.env" = <<-EOT MURMURD_PASSWORD=${data.sops_file.secrets.data["murmur.password"]} EOT borgbackup-passphrase = data.sops_file.secrets.data["borg.passphrase"] borgbackup-ssh-key = data.sops_file.secrets.data["borg.client_keys.backend1.private"] + sshfs-ssh-key = data.sops_file.secrets.data["sshfs_keys.private"] } } \ No newline at end of file diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix new file mode 100644 index 0000000..eb50011 --- /dev/null +++ b/modules/nextcloud.nix @@ -0,0 +1,64 @@ +{ config, lib, pkgs, ... }: +let + uidFile = pkgs.writeText "uidfile" '' + nextcloud:33 + ''; + gidFile = pkgs.writeText "gidfile" '' + nextcloud:33 + ''; + sshfsOptions = [ + "nofail" + "identityfile=/var/keys/sshfs-ssh-key" + "ServerAliveInterval=15" + "idmap=file" + "uidfile=${uidFile}" + "gidfile=${gidFile}" + "allow_other" + "default_permissions" + "nomap=ignore" + ]; +in +{ + environment.systemPackages = with pkgs; [ + sshfs + ]; + + fileSystems."/var/lib/nextcloud/data" = + { + device = " www-data@10.0.2.2:/var/lib/nextcloud/data"; + fsType = "fuse.sshfs"; + options = sshfsOptions; + }; + + fileSystems."/run/mount/media" = + { + device = " www-data@10.0.2.2:/data"; + fsType = "fuse.sshfs"; + options = sshfsOptions; + }; + + services.nginx = { + virtualHosts = { + "${config.services.nextcloud.hostName}" = { + enableACME = true; + forceSSL = true; + }; + }; + }; + + services.nextcloud = { + enable = true; + package = pkgs.nextcloud21; + hostName = "cloud.${config.networking.domain}"; + config = { + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "10.0.1.11"; + dbname = "nextcloud"; + dbpassFile = "/var/keys/nextcloud-db-pass"; + adminpassFile = "/var/keys/nextcloud-admin-pass"; + adminuser = "root"; + }; + }; + users.users.nextcloud.extraGroups = [ "keys" ]; +} diff --git a/modules/nginx.nix b/modules/nginx.nix new file mode 100644 index 0000000..a486fcd --- /dev/null +++ b/modules/nginx.nix @@ -0,0 +1,14 @@ +{ pkgs, lib, config, ... }: +{ + security.acme.email = "letsencrypt.account@banditlair.com"; + security.acme.acceptTerms = true; + + services.nginx = { + enable = true; + + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + }; +} diff --git a/modules/postgresql.nix b/modules/postgresql.nix index 03daa9e..916f149 100644 --- a/modules/postgresql.nix +++ b/modules/postgresql.nix @@ -6,7 +6,9 @@ initialScript = "/var/keys/postgres-init.sql"; enableTCPIP = true; identMap = '' + root_as_others root postgres root_as_others root synapse + root_as_others root nextcloud ''; authentication = '' local all postgres peer diff --git a/modules/synapse.nix b/modules/synapse.nix index c325618..792a93f 100644 --- a/modules/synapse.nix +++ b/modules/synapse.nix @@ -11,14 +11,6 @@ in security.acme.acceptTerms = true; services.nginx = { - enable = true; - # only recommendedProxySettings and recommendedGzipSettings are strictly required, - # but the rest make sense as well - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts = { # This host section can be placed on a different host than the rest, # i.e. to delegate from the host being accessible as ${config.networking.domain} diff --git a/playbook.yml b/playbook.yml index 5b17a7a..673a5f7 100644 --- a/playbook.yml +++ b/playbook.yml @@ -26,8 +26,6 @@ tags: [ 'emby' ] - role: gitlab-docker tags: [ 'gitlab' ] - - role: nextcloud-docker - tags: [ 'nextcloud' ] - role: torrent-docker tags: [ 'torrent' ] - role: monit diff --git a/secrets.enc.yml b/secrets.enc.yml index e9c45f6..2a2f810 100644 --- a/secrets.enc.yml +++ b/secrets.enc.yml @@ -1,6 +1,9 @@ synapse: db_password: ENC[AES256_GCM,data:hy2BgTsRaZDQZULTW/csmnRy5ZjDEuPqxyuINv0ov5pFzDkozJVL1wut3HgBXjYZ8bqNjS5pCPQtkznw,iv:i41zKGwvPGIEZP0ZjhRaY4UMeOXBovQmLr1e1ewZhV4=,tag:3kKKYouH+lOrNxPJE5ul/Q==,type:str] macaroon_secret_key: ENC[AES256_GCM,data:6n1gCit2MC8l4VR9DSUR87BB+hY5Oza33423sbV8sNIXmZsPzhyvxaBalK/0TVjLH6Q=,iv:OgHxNG96ZW4+LPZhLAtOD01Wibad6vSX6s4BrPE67YE=,tag:OGIz/ufUwt8/pUMLvoaXtg==,type:str] +nextcloud: + db_password: ENC[AES256_GCM,data:48+DQ2TcAtq809r7DU3SZEKxy8iXrNLtAgOTH5GbZvEigu9ROtLTCG5hN1NguYkjln7ix63k1RqiwQnO,iv:0ZHDn0LWHzdep7DmmnfwhNUGJQ8mgy6S0aGhDVtWixE=,tag:JP7NyIaDHogzm8VYu+lDqw==,type:str] + admin_password: ENC[AES256_GCM,data:zTOHKYJmBbA6Tca2l+vO748dGzP2XkAvZHmJtrbftDI5Q/1mS3ZLw16g1DT+pKXF7VIUm2plR7ZRtxwq,iv:87lrQzhdyz1YiIO25fXwn0TvEASm/H8N5cZUckIm780=,tag:VXyNu8CnoY/ShK7dHnPTWA==,type:str] murmur.password: ENC[AES256_GCM,data:5Yu67/hMwdaIiDlU,iv:dAX6NCQTJtw3DZSzl3+zGTRAxCa93NxB0sAq0HegQbw=,tag:ibgGwH/fFMRuedv2zjsgnA==,type:str] borg: passphrase: ENC[AES256_GCM,data:RNUTb29sOdsg4KnB/0nIFGJFV/2nlMH4pxGFlgXdtTgDe2opT/moUg==,iv:6kdBeq+qFWnPB+N+zpKNdFkmkskOVMabdj8Uxk9QeQI=,tag:MxNqn5p9P0JpsjkNm9iYEQ==,type:str] @@ -11,14 +14,17 @@ borg: db1: public: ENC[AES256_GCM,data:VkmGQMaYUHcyOczlSJyv3HBFpUO9TzdE7snmMsW7i/nxfGf4Eap/ByYck5RqIoQOC40qxz2MPZvHBya0uAIrbzjXNe7XgTRgZljQN7bDRCBJ/j5wpxWbVLwLEzXciw1u/6wBRhQCbXwm21JgKhCwnRUs9qrK8b6wLPo5Kr9mBKBNBGaiL4Xaj35MUSQlQVwu38canrB5CxuripfN51fFK7Qi4+bmbnZBwvWqqc8oeljonjn9nGL/aireHNRRGA7gS6CRZ3m1oUA0gMkY3g29ezp8QVY0fFAGeJfT31x/MKDgnzMLBLiN8tfhW93TFmRgOVIQhSSLTehYKSUtgXcYq9/kTHHcCo5bIiTSEirLX5zUNcEXlgA8zW1Cp3c2CN+ppiNIN6xjUfxMswXkKVZihzqEizGkKh4Qn31W0js/3AYNJKCABBOEv7fnfioZEli0YIxE3c3t1hqgfW26lv5mQXURXWu7OHtPvJleWyFsCphn5ylStvNvADdT5SvBvEnlu+PErZYPvbldPMpLr+Dn3UaJap9EEEJeGRw9WESs6eBlRiLSLp1TzevYh/cpwAc99EmHaiz6HJhQvYUVfzUClzhm/35/azOSMrCYLRr3G68F4/8QJ/8eXqBLmJ6YWQC6eo5IsQkaag0qyix1puMk/giBM5u74Naxd5spOrpYk16mOLn/1nl9L7y2e61d3YkaFVjfHep0agRqSSFRxwHLqfw1hPyAbsfRvrcF4B+4g/x6SMuWUceFK56V/rPkCT1Ktcxu4qp89uBQHhqbfpyWKeoXzcxrLGHbaJDMbWXNMRpbBtzQhOj7qNvX3iNzlgHgAi8exyEH8WixQUgmpYSnXNGSWCi/OwlIuO4R9HLSQewPoKE5AzOSXLsArD7hsQrkD1P180Rgg7eA7ZwRN/Q5wVSFi2OAgelO1YN6LG9ZQgb531V5lbwbpYk5Bt3joNAgD0IvYVB8x6w58WdkEHljC96Qfw==,iv:Y72HavxPRzTMSX0MG1ugmWcIZ/F5GeZon1PT6wx6I84=,tag:IcYr10CewW8iVZJwswv5rA==,type:str] private: ENC[AES256_GCM,data:R1MHjNGfNTPqbvWSiB1BHI6OdwIzjTT0Ds0b0LKmagu0Oian9AV1Oj87V3xdfI6TSmOpaAHBgZZ5HGLX+zvIF9Ljo5e1QY6Yw9GH9SoqaNWxhGZRC5iQDiRCkEJT0/Z8wnr/IgSktrzNSZf6I0T/3jnj5n16/ZoKzHUM5aeNAkkMxF8rb98xIlQ9l4GNAhWizb4rIFl1fFT3jlCEwVuiDkA/jmOnWnc7hgGOhoLMXPFmewAfbqWGJzeb/majf0NlW7CgQQ11sz9t1xtaz7RVZTBWepMkwf7bcN0N3EdlnAZs/M8Lo6f7lzj4wZcMOYRwPfQ5In8G+48Uy+wz25K17quVpuq2UBP+Roo03rpTBxADNDDqzcfrMzxrZu4xiSEAxWnYRmHE7DycKOQPnWM/v4l9F+m2pB2QfkhBtzadZ3GgUeyrz9pkVDIhp6rLNGgjoS5i4p0qnFPdrqKNRYHJnqjtDNa1C3NLmCVSDtpKFbbU1QK86VZVN9xRVrm1/el1bTzmBztOiF/zCOyUnydTtRSd2hya7mErIqw+/Ddg76aRthwJXB3gpVCcEEHLpv2z2UGzrbkZEWJzlDl7uz4mXiQK6sI0QMI5CXzyLf+Z+7i3mBc+BEGA0tOfA0Rmd+LObt5peH3beItZKqylI8Md9sYu+U/zk6N2U1DrrzO3Dxp6KJHfbyk3NTiGU2pYoXljw2GrzJqepXJASM1m2w3i/JplRyFQbJcnJ+dZ7z3GA5RY0Aw0JCmZC2QUj2YDQYVBrBycSDuzY/7qDgi0AJth8ahmlU2qeccr89VGgJJYKCg1o1OXkIdi2SM3xcEM55nC8iSe86YpOzKpQzo1JT4sOUo6gUMNlJTYR1HlT4v92xtstQerMg8nUrfYxf0SXvUOQx0WIH/Xb+MfK7GVuNr1vTxCHEVIS8JrVL8qfFAdj++0/J0cdjnNsp/SPwD5b+BVDxlhyGWAd7MazlX7pXjjeML6/chZdYwAw2Nw6dKHxt/MT9WGxiSBEe6eUr0FG25lWiyhjKinhbTiR3eW++PlX/jsadSvQjr6/fRvtV9p3upHqAjDiZiGhje6Z1rGcxdZ0gcxgTNv1Y8+DrSsSmwF9kFEPUixlFTZF7udoWCCoywDwMeSlzN3foNFKo3V/8phLX++LTlqeMI52DUmt72KpPzLMTyuOQgDAx7Sk9o/ZKQBozQeK6QNlUyw3ynm4y/Mf+FUNy16ss6Y1Hxkk/D42jwgoDSBtRQG5j4H11ZQkVBBRTOpcNv3eoUMOygEq6y9dF1LjiPfRVrTNi004o/JLC2tEtx6+AAn8bIwfeH8qEW2OM72UvvCXb1JluF8qk2mHaEiWg2ODjAFQrpF0ZgFKqwsYs5Bsd9HQD5un0CCXdmwNKFj21BpPHnDEa3SCZSunaQSNyUJwlLUeTBOnAsULl3yVIjxiSXxn6kwKLu8K8bqrPBprDk24tpWcM5QQGS7o+9Zfs0EHsQILaGFvzQgajzL4GVNAKU/hmvkag6143Xf1eRJ/e1zHsmdMbBYOHt6KUcb0hWbY48Bgdf/O9tczeVx+RcwzpzObrtpMOvv/sRbVRYoPr3WFoL8lf7FqhRPIwccZIdxvgQQIVGhsr+qrkEjRCAgf/FJ0B0ZFZeePKC5s9ST2JxQsVfrLlQc36w3ls/lekWXdMZdz9dd9BtXssSsNOnmuL7tLExg8Qa1nHid4uZtMBc3B2SgCH2aSBj9+JqTFAXNH/Rvk7Wm8pP+00+NrPPhkm3qRtbcp4TDX8pkS3uvc/hw8Ybm6+F9IYgSPmRw2Wvt9xKPg1bgPVYpG3mkfq6KfTxO3fvO6WJu/InoGWJnJEfkQpvbqSHm1NP1C1bSH3DPUERIcz0hkDKDeGvBJxdRhtIPM3WfQiLkiOktbnEaGwAyNs3nNBexWDg2CLo1GIc8TuJUpZGLrl7gQunC210FoTPyK0C72h//NBpomaJr0F07Ct/+L220I6km5fLIyr69McVku/VXfiYZYcMcbbeYxf52LIQFeN7PQfrobXwSdB5pXYpvoaszyGJcY+iS1lqgKycvc/qWrjKtEUNn4u7nVHWTgDSVPdFqBVgZs2/msegiCbHQbWPovAwKODKgWCzmpjgVk16h1gy862h+R6n5mktVari3kzeXYKj1l0FHD7iuEu/Q0KUN9MzFYbO6+x3OqpAuUjJMYX7fdnSuZ1Tc1meRRqvxLmc4A0hPJg9nFvcFNucXzY4O54d/Q8FUXdnePLdozZKBVetqfrpnrQQcWdZTnHH3CCtZyxgrHCHFbYt1xdpA81Ql/CygL3Scf4gQcDQ+KkIfHPsLaBky8TeNjKAwP7PxrHqBgsCUhm1m4JbkGHdrXJNx3nVaS/HZPOtOzcURH4PA4Y7pQ81BYpJCW3ullaJagKSCFqGzgf6lrUkMGk8Agy91/7wes8gCEOJbCMjLEO8Ld0duaLwrU6nLZ164hiFexnBqpEKrz+GxVpUWKRfvZ/9shBvzTiqMtmq26UILoaUEr7iHoswgCkn/efTDtcgddW88TB8e8GeOitlGsIWRKwtxtwLCAu1vYo6A5C0HlpP3tgZSWmSQ2gkUvQZWbSgL7FFeHbDVEp+H0ZFw/ZM1rxljOq0vBVYNi19G1hGnqg0sRaWRgbTmzsd2WbjEEbksGQEVfr8qmv52SzUGdkOvxdKDeKY1zkZBUNp1E0gI8IdaLKLb5e2GbjefjrWeFfosJOQGJHiR/1dmRTyb0+LvztdjtTf0WEexai3vgTGIMJ7heMSeFF/7szBYL5XZWk6I6tv+MTh4Y8UDuEviDlmrWvFPQ5pTQrN0kGhVsenSOklOepE03ljfC7FZdb5TB2Ovm58OMOLjdV58Uo5rJ+z518MpmEAzu7zUFfXkTKb1/lq/otfxnRXt7/0TxuIxzXOerJ/bzP2BQDstxjQEvb3Jik+hk82ti80ECyca4ZwT0Tw0XBvkXTcDRMCAQFNcXqAigxU9vG5uzG/Ah2KYnysUMeMEfoxXDBmEbbEYAHlbrFW0/IofoEb48QAp4FJ0njpICVluuGtQw+nzq1T5foemU0uuf9bZz1DsTWY7WUY/zoveek476MRXkN12a83/R4XarRHnZRUxq7USSTv525sYhiU4gS17UZ2dOo0rpCh3r+6oPUmirtbsMHHMp7crsUr/TsGQVXnFsbSIbjqRm+lbb1qfA53p5aRIcmhN1qOuV54ByG9fLeGYKe8XwU87H2++UeIvhcbcNFEWDzT+mFxVo3NNH+rKmB0Pms9NkW+4eY7asRJgq9y4KHtBrGGtnsS3hOkCanHoRAT6iUPZsXL9yGqhYMf5a49fTKHyxgUb9M4rZ29wYAXBOKaQlsfkJkzjp+De9NTCIMMl13AgOQ0I76PK9Zlbigp0/wZZA/0FGbPRh1ESWctzUnjIuYRkh8lmyHRHNJI7gQsGqzBgsrzCPPFVDPupos/sGyhutMTPtucOXoQlWBJT+6yzTMTK73urZM5Q4pXw5RBZMa47WzjTl8Dr4tCeoOKUkOZG8QV1TTRa5ApCSSe6bd9qLAcedAQOKY2cBkOnAPeDmeB5xbtpt1badOz+DtsOJdfSX1NSCO6zotL1SfcCZUMmBA+5iLzIV6f86ckkLE7aQF82Mil8m2/xfdKzZ80pt4hjG1IMdmDpVmXHAiMUVXUVED0pKNpvYWm1endtkoWH9zL458Huj5gC8a11J2zidMBnoQ5/xMuphPiM49y+WHubtWJhw7J0hTg6w9WvPPSW+SSQlFFFVK8CcHkkVf9JD0DOJuPLXSBL0BaaROWp64S7gNqrBuLVTFDUH0U7IJ8COCv3klAdDxp4SI/N6tuwT1uEcNSokXE6n2a6MSx+AYvxvcumOj5KY1mH1gaGJUlDQqihdE2aR09JGUhcud7cK5z+CdKeAB49Ip5ZajUwDCoA/rNT/Lm9s0c4AF6OPRUbyO+oAwOKEYycFiXWkATwCF419yuosed7m7jfquyo1oYJfWMWGySSCAz43mO9Fh8Bu1TP2QbGPkHNkohUMWfs+3mkp004PHQymNQXJ4W4lR79Odk7g1YTp22PfFanaHqaoe8hSkVl6N0CKn80RNBExeG0JqhOfmTCNYtG0J9WJ9i2cG1qIM8j4JZShJQOeYZkqGSkjBcgnGoMCr5nnkI4Se2V73FbSZyL0SStLQ60+yjhg1x781AbnkWb2osQmzT9tEHgyjBh6z1EJufOpVHZ/6KPoVvY4LdQWePSwdEeS6fwg+BpnTiokuELWZ2SGYsOe7TkWRW9Zk3eCjIvGj6xHbwPXNAKOwWcFRrW56w2juRh1vroVwWCzdZ8dGSFvyzq7ZXLOFcZVrnBPMmYLumMI80CJUUjzCUJZOlFAQZaA5Gq4P+vYNWKTde3p3kYncwnFadujP/cyHOL8miaK/azXdrhr5qDMQYh/RCMvWRI0R8oqhBoCelX05lniybEvzt7WPbbRPW9SFFCDINqhM6mrgAfnpLOx+IfKHXfe4xevoPh,iv:lLpsQ4s8FC6yqO61lQ0sRPu8ZF9MwYiY9P2kKHfh5Ms=,tag:dfnYmBq6SsAZn8uqsMd0Ug==,type:str] +sshfs_keys: + public: ENC[AES256_GCM,data:/68JE+/xr4WhUNghjenqkqnB+keotQs+IVa4anFbe78AGrtWXWVndGN+GTDxh6oiETmndV2S83SnlCU6xnOTJwdctDISNlulPj8SH7gZ22vhOa01AbD9r635HFVc0sqJO4xhnQrymuMj/0yvnFb9i9+4iTqQpaY4sDfM0dDQ5Hj29FP6tRVSKE0+e9JS/e9BHnJdSHoL+IPD2YxQYDWKwWayeQwAPVfi0X0AjuZvhLq65HUP7EeqfExAJfMfGk8AB3tHEFR52aq/c9u2TfTxMAqPKMyWEjrcsTu3oQObOuj+nZEQOZuoJoyxpQlLqe3BkMXEGvL+jeehyMWA171RapstWkXEoFd6p043OlVOXw1w+Awz9VmI9Du7l3AWJUABhCCwyMPR/jwK3vRnNrxPxyS2ophFuboTuVCr9AXkTaEiGH7dALtIPHoP3xQD89yYkqL3BABMi7ymUEERecsfwgP66sk+7VXQri/1LosI+g3NsAtJP4kIyjXP9ZqJTv0VsGOxOGgbtVbrBsw7UWYPuuknGNTStmF54VBf77BEg6wVqOEM1WM9JhoZsbDvBvGIqV2PbSR4UBJg04sHtcRQoCp4h8B6b6djVoI5YZ5N7SLNAy8e6t08r6/7iwygrafMGLxXPaSw6bcBksXeT7BNRRsKFvSbiNPKax0yOpIJiJMgoM7Wo8wOgekBaG+s8+7DkI5MlXiyX/6XWUtBhJqBGUEUJTGufiIspD4RjKPsJeFTMXAUVOjzjZqg4jpv4pbhDtBgbF58zdoMpcqbWuvxfaur7gHOnCPpWMJN2VeWxLdk0Nr66yRvVzqCIVA2iFuZj0Mulmqmj0i0Vh/CHzesXZODi10wauewxv19Iie7Bjo0v3ahxjTSfvG3T8emZ7Us+Q06W8gLZ0IvHHXy0yKvsg9VgFTX51RaW1KHHBO4DehOvwLcJRcuADfHlZDhrwtUbQdA6cWAnZoezQy2np/Dp7hMC34m,iv:kUKBtPeLWola7isgEo+QDq1RZkbR26G0AoBzy7iubiE=,tag:/kUG0/G7U83dp8p9AgyJXg==,type:str] + private: ENC[AES256_GCM,data:NVKHVh5Ap1of3j3xAXbscIX3Psa6EolJ/wuhZu0ZkvcgLLS+Oi9NFqqiBdMQw6DrL5Os+GeA2rVSlCh5/mfntUMH5FTqnRRMeiQ0aaXPS93fxlD5jsrJH7BfTLkH7aijANiAf+Hy3pdfVELD5iiKYEGimRAU3UR3Yf0t/D9TbikO+alyZ6SpaDJMSpccYLD9riEqAUsWsWOc8Gd7K2vB7h0D5uePyFFcVw3pvYweRs5S4KlOisdz9eG6CNVaG/YjL6dlvILVxWwAx34AqY3Ul7FkpZ0tennba8Yz/i/fMp3mxZX7FcDmga2DekvybU4ff30SPv9xEtnFenI/ElKIH/duSjo3wBf8xJ0+EKHXulwhmR9lpvYCfjXYvjtJDhoof2Yw9Tc+dCUcTSdTex92NJBAXLEfL2BTRqszFwhJB3RQ5xNItLilSdmuDElPvhMpNfX1c1RsqjMmlxd4MJYDIo6TiBAQ1eEP5CQG8nWfZesmGCefSBmRlAAy+rWHT2gpGtVCUUwhcBlCHs9X5MmsBHDKrcmQIrMfoQHJ7etVRjhW3+s+np7ldjnTadVqo/or53wpHWg/SCMCaAdMKxPU+APEueaIPxKP3ce3WmMaH7qrgHUFo8EOx0FYaoqxuN2JAW/Ap00JOfN3fvwvjHZwvg47SO/F4hboRqsWaryHIFhlaCcBnMs0/hszbc/w9nkhJdirqCYss8URUvtoKYa1G6quCswd+BC+5aQyQP4SU+VMhw0ESWbZXzOzqypFvr+DH1BvOX3/aGZfN2aCJTbHqaoLaqwP0b5UTEdt/uW8vH9iApnQqsOiZhdB+RCLMkKNaFRR36k1bbI+RQibLOq9QL+bwoSQ9eA0bPpPBLPrL8I0zPBv506f72mqiH690gC/wtdRn6ujXV298nvMRQc1HbjCIexyALS9v/mvhUalxUmYlkf3eLribleQmbDtf5Ehg2oCcx93Zya+mSB9zgR2WRNq7AXO6tm2UO+3jr5xG6E6+J7lhUh0kmJBY7ScFU+LgogtwyJml4xAbNxCcmx+1WKUFCctlvOBZiVo8QB5vTMG6WYcOZZ8of3EeldiodCD14vQ+dNhmagiiQmFk0xBG2LjwTJvDkq3dRET7VZfRUnhrGdibLGykT9HvflVX+0kvBsYLvwKUvuy/HM2dvr+aNvhUm7H03tHygZK3cv0bq/v93jqo/5tvjNxDW4Fr0qHvRMsbwFXURmzuw5SMTx6dtPBKoE65oR0Ueo1yh+r2rKzFMKjfVFSq9HReD2V9iqUoTWduTMzsX0pCSiUvIPMNArt5szJtC3uzZRLOedz0bKR9lTfOG96M9iFpy9sLH0CNekvGy7az2sD++PVqzpsPVUlmp11+AQPFF/F9wPsjuoQiEOh3gIEuUsqyyuBqaFUmEBhWnOoNb8RGOIDF/TXzWvvrRaDw3E5RJ6ATS8SppPK2vYlzaS1Oj9+KX2JWCvuYgOv4NJkQ8R4fnKPKTmuU4D/BEaTfkbPvsYjocgfU6ENxtFHsCqc0Am/5NZOjwZVhcoIiEBbih3g8N2+Kqv8+1/HbaB4NGLwh4GLahYIzqRyWT8IoF5Qml160h2vKZCH7BK01bCSbXppWxs7Jbs0cOnb0cLsuMrHNnYlgGTQUA6A/zUq9pEipjT0Sheu6MQrbEzGCosvKHikJ6UoDN8SGgnVZ+w6l/TairatvG9guEyfM7uG6oF2ohLSEtqmzlyS6VsiiU3FIup4awh1g2fq//DKrttUX3dOHx2ByVR1xESBbQZaK5zdYlVxuBqZjWLBLi/c6eUkJobjrbcx8kvdCc4Yeh/tO5k+Ym+gdgO/V68M4cg5j8qlC8J/YsGtMgSlmE9FbScGT8VCfCfaZAC1gONls5asEMZHF5/HH2Q6nNwMtlvfIJ4RHwj/EyoE/gC9kr7Mv1OIMl14aBx1OFzGGUtlssdyQOhGfBJIthQIwq+kRqRDSSyvLGxlvidsUnmrs6XmJQiaIxflj1aCbhmN3QgsT6klXtnn+959x8TX+TvLW7DfS6PKJyeg5DQKuV1A2hnBdyDAAHJuur/k3YbJxvp0nMWQfGGo+nCvAfSpN6hvyUYbriD/pduk9qTcICZJFI3IDDQksF82HanaMWtQnoIUb+TKiDHi6tYr0r6JCtv9x/LLKFjJ0Cq/cjMOxv5a69XNRvbQq7mhwv9bLF2XS7g6CNFLYFxVymJx/OIEXtqmq0AV/C0CRXdW4BYctJCRU71W61VDc16Bb7lfG0deuU3ufdfDaT8MQE0R2/97nAF4sdurpqLLAeP5T/AzDTHk1dgL/cDuKrQ7RSX1SpPgKZPMzSQ/+LjRI0sqHff6nQpdothYLgC2IQZAwDWrI91Xg8OeqJcDQTDVUolMk/+qiGRmMT96dl03hUqyrPpWIdipYqAXKw58djQ2wvcVz0h6ksv03W33ZpwQEqsHBYlA1nCxoCxTR5VlO3uhRNXLPVOrP2BmnnfeknlNevTwRQWA1pQuvgB2JWdYbtnJvdLK+dSvemZhAqOqQSCM6zyh4tUaw5R/oHlBgTosaj28oEQQqQ737PsAcyhpjZUYJ4TWyOg8ng5DH2Js40jomml8VsWIS8V9Cw3vmwn4FUeeKCw8DqzH+LIX6omtzgAQHUVSuOah46u6Cuuw8+adoVy81vXW45uEIj9YpKjrmu5bplWJQrGJMuZAmHOm/F6BQphMVtOhncmpzhghtKjpJhMUlVGvk5WVQmX4YiihBg9el32bTqGEPrpuGZyfrYj6+gB73dP3Ey8JpHIxlp0QVpYUvGbxsgxYKCuETweJfh/q+hby90E7FaHkDkFPBKrWYHD+A4p/AVgmKiIt4rP3pb05EkMUv0ujz8Oro0BmidEKJS5N2diIr5tB6ao3y//FZ7beuLGp03P1Ann4YDxrRp+/75g/xY9zc1WTWe0ugA1Ine4kAH+1wE//NzLTIrrI0J0TJFzpta76jf/S7sWDYyXnUHl1OSBVVUeVpgQGJeaGMLPZrkUD3fNnAf4mntEy0WTLQcCuSPDIRLftMzTb+rATGGK9edwAbF/L4JwMt+n5v0nfcNLnJUwkSvFYTL0gHf3kDxisIblx/gdFT6BotJFz0uQNOoBUMdpXMtC5XcmbmqznKMSlBBkRrrftjqkWslUgYWfu1OB+Uo17yI3yPZpD/PVsK8Q/uKx2VW3sTA5+CilLc5+TVucYWu/hfArgqgNtI4Qo16Cyv+2gnQE13qHGfC2IAnrynnPcVqpG8KUaF3F8DkC9aAoOP0C+c1s6vk6e2iFU2bB5eUKsCmgu1jToVZEacXG4v/hjfx+XunMAELPp6CRV9MDp+7MoGPIIRHcDzlqL8uOKe84CM29qsGBShZXEc03ZyAf/45fVcppO0hZJbmQIHS7AOy56yW/TziH2IlGe+iAr76Z3/EZjxHDpBhcp3flg448Pg7Cwssq8Pd5UYQ276wgGeO05ZbdAPPdhvsEFuU8SXcVXakBO14qKBKu8GlFFqk4n9z69hMCsTw63MD+KDTQEMuJ6DAvW7RUKBKKrU+xWUvE+n+GAg8A+Ff01ttjf1xJNhNKiSrAxZAHnnzBHIR7Cj6aHmpZvgQSYdTfpX/nhZ5jMc8Jfkg5oA34APxmZBxHK5/E4wJecYMWlfcuLfNn7FyVCN7JRM0iNUS4trCdSX4OhbNIAfzXEbwuGNdBRiGqha5xYV4Z28KxzyqFtXupOHYiZNtZyYGL6f1m4ZTNbGweEk0632hpaJwc4I1AYaWHZ3o02/qzczr2hjfVGKVODp0r6gX64LfuoT/m4/123qj1maJ74zVaP/LnEZJXks3LWu5TlIIt3Cq80/73am9fsaoWNFnVVERfmG/vrBfVO40fJT89Bh5QKPAHCC4nbie/WDGshImVKFHoMT0KH5NFZdIdHSWGcvnc41dMNuwowd6Z/Aie3G2PDPrOr2n/Dv7DxYfB8HgP87l5mirhxlNS1mQOH4DkKkUFkBFNa2+0vIBJmdrf+0SBxev6yZgZbO6GKDR/Fkd99p5qaGd5bRjFg/7A3ZUFiYYnX40AoRR6bhkEyECEtW3B+jd7GOnF0jZFC9wUt3mgpi+v/EiLMoi887nQ/a2SotRd7+y3VKA7hUMAsbM4VfkzPz+LVhhrSU/LF3XkEMlWSpO2fBja8t3xZVtdVaZiFkVxfcla+TBcKr3Po0b7fmzbqVdLvgz/9Zle1s042m+5wKMotHyUMuG/N+78/CGpvqwdad3Cpz8g8C/fX7OVjoVTmhKYOr98Zms0Dr4xOD+Hnb7dNRfojGyuJ3x9UPOzu5zGxkv365iskiBJliALT,iv:BO+OifdPxtMUb83G9By19/O6DtF4D2jT1tmPjXdsNvA=,tag:DVj+JfIeBs3VFwhgZqzTeA==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2021-07-15T17:12:44Z" - mac: ENC[AES256_GCM,data:CKOCRqPsj2OA+oi+Pwj+ulfKUOz45/tR/K6Egk4ENryzn/c3sLi1/HJ4qyINgurIOWsv1C8Ig1tg80q/NkEb1GAK70zPGJIpKkK4HXTMHgMJa/LBB/GGu38qnQ2r+lBi6/85qeG2MXDt1obWe2UG5mosYPNbD3i0V14siH22GFY=,iv:cXUx8y/Dt5+CW2mfjRSRBfeAgHXKZe1f9IPWcq3w5xM=,tag:pu9XLVJwjgWoso4BxT60ZA==,type:str] + lastmodified: "2021-07-16T12:36:44Z" + mac: ENC[AES256_GCM,data:TfKYVlibtFY0YfpnmQO28v0YAQX6HQRJrf+qIj/3gKY4XEMUGzl0dGxTD5yKNmFORkPrbjrq2SjxUqjCGklvGohDroZxF/qMbdbaLqO8hQCtohs2T71+JX/yTYUwXuHAdOh+q3D0emlx6CY+jvNh1PGtUXcbpU4/oOYC6JEsmmU=,iv:+wIvq7vkbICrJocs+I8pzJzTqIzVWgtisg534An+ma8=,tag:kzk5+uxtIJbitKp/IW1Ozg==,type:str] pgp: - created_at: "2021-07-14T18:02:07Z" enc: |