upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-08 05:49:25 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

test: setting up nas structure

Browse source
This commit is contained in:
Nick 2025-12-07 01:38:13 -06:00
parent b5614b006f
commit 2fdadf15f0
17 changed files with 662 additions and 94 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/nixos/nas/microvms/firefly-iii/default.nix
View file

@ -1,3 +0,0 @@
{
}

3
modules/nixos/nas/microvms/glance/default.nix
View file

@ -1,3 +0,0 @@
{
}

3
modules/nixos/nas/microvms/paperless/default.nix
View file

@ -1,3 +0,0 @@
{
}

3
modules/nixos/nas/microvms/photoprism/default.nix
View file

@ -1,3 +0,0 @@
{
}

3
modules/nixos/nas/microvms/syncthing/default.nix
View file

@ -1,3 +0,0 @@
{
}

3
modules/nixos/nas/microvms/vaultwarden/default.nix
View file

@ -1,3 +0,0 @@
{
}

0
modules/nixos/nas/default.nix → modules/nixos/nas/onlyoffice/default.nix
View file

187
modules/nixos/nas/opencloud/config/default.nix Normal file
View file

@ -0,0 +1,187 @@
{
flake,
pkgs,
...
}:
let
inherit (flake.config.people) user0;
serviceCfg = {
name = "opencloud";
};
in
{
opencloudVM =
{
user,
ip,
mac,
userMac,
ssh,
host,
}:
{
microvm.vms = {
"${serviceCfg.name}-${user}" = {
autostart = true;
restartIfChanged = true;
config = {
system.stateVersion = "24.05";
time.timeZone = "America/Winnipeg";
users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys;
services = {
opencloud = {
enable = true;
url = "https://${host}";
port = 9200;
address = "0.0.0.0";
stateDir = "/var/lib/${serviceCfg.name}";
environmentFile = "/run/secrets/${user}-env";
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
};
networking.firewall.allowedTCPPorts = [
22
587
9200
];
systemd = {
services = {
systemd-networkd.wantedBy = [ "multi-user.target" ];
opencloud = {
path = [ pkgs.inotify-tools ];
};
opencloud-fix-permissions = {
description = "Fix OpenCloud storage permissions";
after = [ "opencloud.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "fix-perms" ''
echo "Starting permission fix..."
OPENCLOUD_UID=$(id -u opencloud)
echo "OpenCloud UID: $OPENCLOUD_UID"
find /var/lib/opencloud/storage/users -type f ! -uid "$OPENCLOUD_UID" 2>/dev/null | while read -r file; do
echo "Fixing file: $file"
chown opencloud:opencloud "$file" 2>/dev/null || true
done
find /var/lib/opencloud/storage/users -type d ! -uid "$OPENCLOUD_UID" 2>/dev/null | while read -r dir; do
echo "Fixing dir: $dir"
chown opencloud:opencloud "$dir" 2>/dev/null || true
done
echo "Permission fix complete"
'';
User = "root";
};
};
};
timers.opencloud-fix-permissions = {
description = "Periodically fix OpenCloud storage permissions";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "30s";
OnUnitActiveSec = "2min";
Unit = "opencloud-fix-permissions.service";
};
};
network = {
enable = true;
networks."20-lan" = {
matchConfig.Name = "enp0s6";
addresses = [
{ Address = "${ip}/24"; }
];
routes = [
{
Destination = "0.0.0.0/0";
Gateway = "192.168.50.1";
}
];
dns = [
"1.1.1.1"
"8.8.8.8"
];
};
};
tmpfiles.rules = [
"d /var/lib/${serviceCfg.name} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
"z /etc/opencloud 0700 ${serviceCfg.name} ${serviceCfg.name} -"
];
};
microvm = {
vcpu = 1;
mem = 512;
hypervisor = "qemu";
interfaces = [
{
type = "tap";
id = "vm-oc-${user}";
mac = mac;
}
{
type = "user";
id = "vmuser-cloud";
mac = userMac;
}
];
forwardPorts = [
{
from = "host";
host.port = ssh;
guest.port = 22;
}
];
shares = [
{
mountPoint = "/nix/.ro-store";
proto = "virtiofs";
source = "/nix/store";
tag = "read_only_nix_store";
}
{
mountPoint = "/var/lib/${serviceCfg.name}";
proto = "virtiofs";
source = "/mnt/storage/users/${user}/guests/${serviceCfg.name}/data";
tag = "${serviceCfg.name}_${user}_data";
}
{
mountPoint = "/etc/${serviceCfg.name}";
proto = "virtiofs";
source = "/mnt/storage/users/${user}/guests/${serviceCfg.name}/config";
tag = "${serviceCfg.name}_${user}_config";
}
{
mountPoint = "/run/secrets";
proto = "virtiofs";
source = "/run/secrets/${serviceCfg.name}";
tag = "host_secrets";
}
];
};
environment.systemPackages = builtins.attrValues {
inherit (pkgs)
inotify-tools
opencloud
;
};
};
};
};
systemd.tmpfiles.rules = [
"d /mnt/storage/users/${user}/guests/${serviceCfg.name} 0751 microvm wheel - -"
"d /mnt/storage/users/${user}/guests/${serviceCfg.name}/config 0751 microvm wheel - -"
"d /mnt/storage/users/${user}/guests/${serviceCfg.name}/data 0751 microvm wheel - -"
];
sops.secrets = {
"${serviceCfg.name}/${user}-env" = {
owner = "root";
mode = "0600";
};
};
};
}

34
modules/nixos/nas/opencloud/default.nix Normal file
View file

@ -0,0 +1,34 @@
{ flake, ... }:
let
inherit (import ./config) opencloudVM;
inherit (flake.config.people) user0;
opencloudNick = opencloudVM {
user = user0;
ip = "192.168.50.67";
mac = "02:00:00:00:57:67";
userMac = "02:00:00:00:00:67";
ssh = 2507;
host = "";
};
opencloudStacie = opencloudVM {
user = "stacie";
ip = "192.168.50.68";
mac = "02:00:00:00:58:68";
userMac = "02:00:00:00:00:68";
ssh = 2508;
host = "";
};
opencloudGarnet = opencloudVM {
user = "garnet";
ip = "192.168.50.69";
mac = "02:00:00:00:59:69";
userMac = "02:00:00:00:00:69";
ssh = 2509;
host = "";
};
in
opencloudNick // opencloudStacie // opencloudGarnet

157
modules/nixos/nas/photoprism/config/default.nix Normal file
View file

@ -0,0 +1,157 @@
{
config,
flake,
...
}:
let
inherit (flake.config.people) user0;
serviceCfg = {
name = "photoprism";
};
in
{
photoprismVM =
{
user,
ip,
mac,
userMac,
ssh,
}:
{
microvm.vms = {
"${serviceCfg.name}-${user}" = {
autostart = true;
restartIfChanged = true;
config = {
system.stateVersion = "24.05";
time.timeZone = "America/Winnipeg";
users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys;
services = {
${serviceCfg.name} = {
enable = true;
settings = {
PHOTOPRISM_ADMIN_USER = user;
PHOTOPRISM_DEFAULT_LOCAL = "en";
};
passwordFile = "/run/secrets/${user}-pass";
originalsPath = "/var/lib/${serviceCfg.name}-media";
importPath = "photos";
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
};
networking.firewall.allowedTCPPorts = [
22
2342
];
systemd = {
services = {
systemd-networkd.wantedBy = [
"multi-user.target"
];
};
network = {
enable = true;
networks."20-lan" = {
matchConfig.Name = "enp0s5";
addresses = [
{ Address = "${ip}/24"; }
];
routes = [
{
Destination = "0.0.0.0/0";
Gateway = "192.168.50.1";
}
];
dns = [
"1.1.1.1"
"8.8.8.8"
];
};
};
tmpfiles.rules = [
"Z /var/lib/${serviceCfg.name} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
"d /var/lib/${serviceCfg.name}-media 0755 ${serviceCfg.name} ${serviceCfg.name} -"
"d /var/lib/${serviceCfg.name}-media/photos 0755 ${serviceCfg.name} ${serviceCfg.name} -"
];
};
microvm = {
vcpu = 1;
mem = 512;
hypervisor = "qemu";
interfaces = [
{
type = "tap";
id = "vm-pp-${user}";
mac = mac;
}
{
type = "user";
id = "vmuser-photo";
mac = userMac;
}
];
forwardPorts = [
{
from = "host";
host.port = ssh;
guest.port = 22;
}
];
shares = [
{
mountPoint = "/nix/.ro-store";
proto = "virtiofs";
source = "/nix/store";
tag = "read_only_nix_store";
}
{
mountPoint = "/var/lib/${serviceCfg.name}";
proto = "virtiofs";
source = "/mnt/storage/users/${user}/guests/${serviceCfg.name}";
tag = "${serviceCfg.name}_${user}_data";
}
{
mountPoint = "/var/lib/${serviceCfg.name}-media";
proto = "virtiofs";
source = "/mnt/storage/users/${user}/home/media";
tag = "${serviceCfg.name}_${user}_media";
}
{
mountPoint = "/run/secrets";
proto = "virtiofs";
source = "/run/secrets/${serviceCfg.name}";
tag = "host_secrets";
}
];
};
};
};
};
systemd.tmpfiles.rules = [
"d /mnt/storage/users/${user}/guests/${serviceCfg.name} 0751 microvm wheel - -"
"d /mnt/storage/users/${user}/home/media/photos 0751 microvm wheel - -"
];
sops.secrets = {
"${serviceCfg.name}/${user}-pass" = {
owner = "root";
mode = "0600";
};
};
};
}

31
modules/nixos/nas/photoprism/default.nix Normal file
View file

@ -0,0 +1,31 @@
{ flake, ... }:
let
inherit (import ./config) photoprismVM;
inherit (flake.config.people) user0;
photoprismNick = photoprismVM {
user = user0;
ip = "192.168.50.64";
mac = "02:00:00:00:54:64";
userMac = "02:00:00:00:00:64";
ssh = 2504;
};
photoprismStacie = photoprismVM {
user = "stacie";
ip = "192.168.50.65";
mac = "02:00:00:00:55:65";
userMac = "02:00:00:00:00:65";
ssh = 2505;
};
photoprismGarnet = photoprismVM {
user = "garnet";
ip = "192.168.50.66";
mac = "02:00:00:00:56:66";
userMac = "02:00:00:00:00:66";
ssh = 2506;
};
in
photoprismNick // photoprismStacie // photoprismGarnet

3
modules/nixos/nas/shared/frigate/default.nix
View file

@ -1,3 +0,0 @@
{
}

3
modules/nixos/nas/shared/homeAssistant/default.nix
View file

@ -1,3 +0,0 @@
{
}

206
modules/nixos/nas/syncthing/config/default.nix Normal file
View file

@ -0,0 +1,206 @@
{
flake,
...
}:
let
inherit (flake.config.people) user0;
inherit (flake.config.services) instances;
serviceCfg = instances.syncthing;
in
{
syncthingVM =
{
user,
ip,
mac,
userMac,
ssh,
syncID,
deviceIP,
}:
{
microvm.vms = {
"${serviceCfg.name}-${user}" = {
autostart = true;
restartIfChanged = true;
config = {
system.stateVersion = "24.05";
time.timeZone = "America/Winnipeg";
users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys;
services = {
syncthing = {
enable = true;
overrideDevices = false;
overrideFolders = false;
openDefaultPorts = true;
systemService = true;
guiAddress = "0.0.0.0:${toString serviceCfg.ports.port0}";
settings = {
folders = {
docs = {
enable = true;
id = "docs";
path = "/var/lib/${serviceCfg.name}/docs";
devices = [
"${user}Phone"
];
};
media = {
enable = true;
id = "media";
path = "/var/lib/${serviceCfg.name}/media";
devices = [
"${user}Phone"
];
};
misc = {
enable = true;
id = "misc";
path = "/var/lib/${serviceCfg.name}/misc";
devices = [
"${user}Phone"
];
};
};
devices = {
"${user}Phone" = {
autoAcceptFolders = true;
name = "${user}Phone";
addresses = [
"tcp://${deviceIP}:${toString serviceCfg.ports.port2}"
];
id = syncID;
};
};
};
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
};
networking.firewall.allowedTCPPorts = [
22
serviceCfg.ports.port0
serviceCfg.ports.port1
serviceCfg.ports.port2
];
systemd = {
services = {
systemd-networkd.wantedBy = [
"multi-user.target"
];
};
network = {
enable = true;
networks."20-lan" = {
matchConfig.Name = "enp0s5";
addresses = [
{ Address = "${ip}/24"; }
];
routes = [
{
Destination = "0.0.0.0/0";
Gateway = "192.168.50.1";
}
];
dns = [
"1.1.1.1"
"8.8.8.8"
];
};
};
tmpfiles.rules = [
"d /var/lib/${serviceCfg.name} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
"d /var/lib/${serviceCfg.name}/docs 0755 ${serviceCfg.name} ${serviceCfg.name} -"
"d /var/lib/${serviceCfg.name}/media 0755 ${serviceCfg.name} ${serviceCfg.name} -"
"d /var/lib/${serviceCfg.name}/misc 0755 ${serviceCfg.name} ${serviceCfg.name} -"
];
};
microvm = {
vcpu = 1;
mem = 512;
hypervisor = "qemu";
interfaces = [
{
type = "tap";
id = "vm-st-${user}";
mac = mac;
}
{
type = "user";
id = "vm-sync";
mac = userMac;
}
];
forwardPorts = [
{
from = "host";
host.port = ssh;
guest.port = 22;
}
];
shares = [
{
mountPoint = "/nix/.ro-store";
proto = "virtiofs";
source = "/nix/store";
tag = "read_only_nix_store";
}
{
mountPoint = "/var/lib/${serviceCfg.name}";
proto = "virtiofs";
source = "/mnt/storage/users/${user}/guests/${serviceCfg.name}";
tag = "${serviceCfg.name}_${user}_data";
}
{
mountPoint = "/var/lib/${serviceCfg.name}/docs";
proto = "virtiofs";
source = "/mnt/storage/users/${user}/home/docs";
tag = "${serviceCfg.name}_${user}_docs";
}
{
mountPoint = "/var/lib/${serviceCfg.name}/media";
proto = "virtiofs";
source = "/mnt/storage/users/${user}/home/media";
tag = "${serviceCfg.name}_${user}_media";
}
{
mountPoint = "/var/lib/${serviceCfg.name}/misc";
proto = "virtiofs";
source = "/mnt/storage/users/${user}/home/misc";
tag = "${serviceCfg.name}_${user}_misc";
}
{
mountPoint = "/run/secrets";
proto = "virtiofs";
source = "/run/secrets/${serviceCfg.name}";
tag = "host_secrets";
}
];
};
};
};
};
systemd.tmpfiles.rules = [
"d /mnt/storage/users/${user}/guests/${serviceCfg.name} 0751 microvm wheel - -"
];
sops.secrets = {
"${serviceCfg.name}/${user}-pass" = {
owner = "root";
mode = "0600";
};
};
};
}

38
modules/nixos/nas/syncthing/default.nix Executable file
View file

@ -0,0 +1,38 @@
{ flake, ... }:
let
inherit (import ./config) syncthingVM;
inherit (flake.config.people) user0;
syncthingNick = syncthingVM {
user = user0;
ip = "192.168.50.61";
mac = "02:00:00:00:51:61";
userMac = "02:00:00:00:00:61";
ssh = 2501;
syncID = "RMDKNJY-BTX6FYF-G6SR332-WS6HARI-PF74SC6-VPBSGRQ-MKVQZEQ-KSIB6QV";
deviceIP = "192.168.50.8";
};
syncthingStacie = syncthingVM {
user = "stacie";
ip = "192.168.50.62";
mac = "02:00:00:00:52:62";
userMac = "02:00:00:00:00:62";
ssh = 2502;
syncID = "";
deviceIP = "";
};
syncthingGarnet = syncthingVM {
user = "garnet";
ip = "192.168.50.63";
mac = "02:00:00:00:53:63";
userMac = "02:00:00:00:00:63";
ssh = 2503;
syncID = "";
deviceIP = "";
};
in
syncthingNick
# // syncthingStacie // syncthingGarnet

67
modules/nixos/services/syncthing/default.nix
View file

@ -1,67 +0,0 @@
{ flake, config, ... }:
let
inherit (flake.config.machines.devices)
phone
mars
ceres
;
inherit (flake.config.services)
instances
;
service = instances.syncthing;
hostname = config.networking.hostName;
localhost = instances.web.localhost.address1;
postgres = instances.postgresql;
forgejo = instances.forgejo;
vaultwarden = instances.vaultwarden;
backupPath = "${service.paths.path1}";
syncDevices = {
phoneSync = {
${phone.name} = {
autoAcceptFolders = true;
name = phone.name;
addresses = [
"tcp://${phone.ip.address0}:${toString service.ports.port2}"
];
id = phone.sync.address0;
};
};
};
in
{
services = {
syncthing = {
enable = true;
overrideDevices = false;
overrideFolders = false;
openDefaultPorts = true;
systemService = true;
guiAddress = "${localhost}:${toString service.ports.port0}";
settings = {
devices = if hostname == mars.name then syncDevices.phoneSync else { };
};
};
};
systemd.tmpfiles.rules = [
# Main syncthing directory - use Z to fix existing permissions
"z ${service.paths.path0} 0755 ${service.name} ${service.name} -"
# Backup directories
"d ${backupPath} 0755 ${service.name} ${service.name} -"
"d ${backupPath}/${postgres.name} 0750 ${postgres.name} ${service.name} -"
"d ${backupPath}/${forgejo.name} 0750 ${forgejo.name} ${service.name} -"
"d ${backupPath}/${vaultwarden.name} 0750 ${vaultwarden.name} ${service.name} -"
];
networking = {
firewall = {
allowedTCPPorts = [
service.ports.port0
service.ports.port1
service.ports.port2
];
};
};
}

12
secrets/secrets.yaml
View file

@ -47,7 +47,9 @@ wireguard:
glance:
jellyfin: ENC[AES256_GCM,data:Ddpv23kdMGTWvlemn7o5M2ARQ+NuzUfgO9eLuMnRh/kt,iv:RiMRQPoyHtQqqc3wx48g1+Ip3meuCKSOniLZq2iJ3i4=,tag:B2sZT8R4ZnLIKiUMaU3L+w==,type:str]
opencloud:
env: ENC[AES256_GCM,data:/bzPV7JRZncxMPOI7559IP5SZFBYA6n2WOZRPifBU/TRO67aM5N3cIwNfmpT3OEBs55RxujodAIDVGTQECnbWsh6RpbxfXb7DWnqQHiatBju70oeWZpa/cX1CiZsg9ma19O55PRmHD9kZYvIwPAnWo6FDRZJ/iwUz4qZpgPR1RuMBoxRZfZ9zDaf5yTwFbAuGEyY8cZghMC24uOXGTOoYsN2wGhog/EYFA2/Kw73xC6xMK+/GtwRJDJq7NEfWiwReM2Lxb/mc3EAtlzX9fWP/xE5o5FsnC7VZGc5HWV832wLpUjt+Fcw3d+Mb2aB2qRHTcXV891j8qnESnSYoZsTiJz1EPiIeebWFdNmfDqAAn5Kz/IVUaiPlDew26tq6aFr5JFVVxdmIgqtOgZyWmEPkr6K7joTl5kbEK1vT6ulaBA8UroY6tu529m9DXF2y6dWbNRqaQ18nq6GEZOL1WIAJ3PIGEh1x0f18jXTfPmEKMuUcWQ983B+sMyZFBU/Z5LDojsuwrEVvj/28MX7XM9TbvFmgW3J9x2LgN32B0Q01pZfvhHBh4VJc0E0hYX9b9r+MHTTxaH7/iyNWLAuwFkGL/+zcYyanwIOYmvO85r4affkWcvpltAIIJECrKJO8qf4uSw1K409QDKAtF0IVf5mjw8zddAThuo=,iv:xGkn4l8LxBZeAyLvOIgEMoxP91yzCvnGTHH7BfqW4ys=,tag:w7IlZdW5/BIAv9dbfqNfQg==,type:str]
nick-env: ENC[AES256_GCM,data:bgrc1zzU3ByzTt7oVZVOLgm7zBAwHHq+rZMJQTmDUeQoUbvdPi6Y3Q9dI+cyBdzgKEIQjsDAkLw298a57qUvfOHS/341Myqy4QVEjpTXvvHqBS3yG64oOqg76nwyTl5B76w45lat4FCTvQ2RnVKgKhsUEwWhe6Jaf9qTd8c+18do4PHmnBfUUfy05dpI/lPnHhIIhPbNWhPzGhyq3oMjYBpnMK7z+pw8mMGveEdo9o8Kc69XtYP+rrkX03hXntVnBz2qwH/lVibIZfD2E+IsQGvQO3u5SSDXpI0BLfi0Au7kSdTnGwO5b8138LIC054hQkW9MdCzo6qZW231+6yhrixsosgz0x4T3vp4+38MgodrZHnrXCqpRHPqR9Lwbt07P3CgyTC47DNWo4ykwyfx7P4FbGrZ0lXWX8CT5E1yDjwaT9n4+1Zwsg+W7S6HIctQPlDNVLWc9L64ekdiw5Z2n4bfFvsph+/JoUe/hFuKmUzuw/fvPgBDOpuTMqDlIa4/fhZNVQJChnd0j52/QQ+NqdWmd3c2kgEIa1vbNRNvwYDN3UQmBCUGvohv1YbAENyaFsoYGj7LAnRGfrWcevvZIn4XFXCiYBZPm1Jnf9KxALnw6utt6s8mckzUtD36o1VqCgPV06cHZs4X2nRKxY+b1pdSxy2m5vQ=,iv:MrYZkzv5Y8xzzkHiRL4oRHPZ0fr+16iRQhyEcrBLKTY=,tag:SbagQ7zR+C8heOqwsmrbUA==,type:str]
stacie-env: ENC[AES256_GCM,data:un2iedgo0Uy1MFMDefeM8qgsJV9PgYJH+n6iKtokp9uPzd30wFmfbRHar1wjqjG2QLZ60RYzWfeQwgs+XVVh7Jwqflyo60hpOrY71jn5C3QvAlMxD4bGW9tCiiq2+bMPBbPlxfTrpnvjGXxFD2g0Do71IFsfTNiMWa9ebSDooRUYOLpumPWz2OXFsPfJdr8KaH7hrCEWOXfXE4HUFdluyQoWPT/YqxCJmb8=,iv:26EoscOH/ZuiI3nEr+JlwHLVp2OqKA7yG1jFbdtQfOE=,tag:zYC1sW1C3muLQ/P4XQDIdA==,type:str]
garnet-env: ENC[AES256_GCM,data:Vnf3KU6jzSKtvel1rEi5MqC/hyBJ7OS95sVIlchm82dVFyNSaQcmd1qeCNjNktxwvX5PboLVXpvpV5pQFp0LJiMMVV+b27CDdEDNIPpf1QcHgcmMOMcaVijavywXe2t+Q4q1n8qw/NsC8qdvmVe3pHK3IMtvA3/Rez/nHaM1tvayzdJ35DGibr+tI9MlzVAIW1Iu8Wm4MxSQlEQh/yp6ZfgRqosiTxe8NGQ=,iv:rID8YKduNcUG15WN6nwIcAKRu5MbnI0be2oVPJxVXwE=,tag:tS3C6OZ4p2EPwALbDndusA==,type:str]
projectenv: ENC[AES256_GCM,data:NQuJeomWD+uaq+g5uGft/ecsWTNEpWkOi+vWQ9nXV3KRHDAeB9mCJuvxoj+642Q+hnq3zAH2fZ7KTa3W3UcizPbFIltoJMzh5E2vDteuEEYNXX2cJJLJir9b421Gsb9sB/5d8Mz+K0BhDPTG+fByR+O1XqoaSLbnqEGrdzje/6t/e2Eyse4+qE3oUvZkzJsGTHM+rkM+EE9NXXMd5dCvfZAzmnRnsLRWL/Axnv93s0lfTM2pDs0/+E4wAcRI2KLH08pQyRRAWJ7A0VB2d4hH6hYOerqAPVAtTBR5j7yDHeR3IyHMk4xzh35zz5MMfi2zSABBfzv6PXOaiYmuUPaZ7WH1ZJjfVdR+AIzMma3SFRn8n2fNdR11gX/ZBfaI0YLHg7rHZJ9JJM88poh1D3dByrkGVPRDRQMZpSUQPay8lymrjMAsjAlpWjUvVpELR99BTMpto3IB2D5aY7btHuUskBhIBl7nWTRKfGg8ScDaPgJeARNd78bfvXY5mtnUdT8m38m4AH7DTWpQ3rajHBJITbiLZaUDx7NxcYCVAJAjcQgJoV6fC/PCsMbUxwxlfjgnrirIRjGrA29+l784oMlNJuHQyAmFq9Ffe6GJUJP1WA5DIvxypBcGC3w4nUE6u/HyzFz7AcIpx2GCDIeC2UjsQgnr0ujzGb38/nM88+x8IWra,iv:YQR0CDFNDgeRwm+Q8xN7SYQ4Jo3PfneciGtIOhRDJOY=,tag:OArVLjnc3ZT2EAqP9QpzQQ==,type:str]
caddy:
share-auth: ENC[AES256_GCM,data:3jY2B2GOdz5EPJeAyVsk4XCs5NMft3VquIBep7SxYtEZ9H7IDroq1U1Sch6YVQ7VcL85L4Ix/OVPm4jVDEA0sZiGkltbYXRXZ8CR34ifsHtHR35lgjXyj8ZhJLydw7LgmZCEztWO8GjLdvSY,iv:MT5sA32Djx81HGc36rqV2xS5KUHLAeTyZiOdSu8oqQY=,tag:V1dv4yS2RXf4Xqrl5+tEuA==,type:str]
@ -68,6 +70,10 @@ restic:
pass: ENC[AES256_GCM,data:I5Bf7or9jNwtdK/r/DzUHw6FohzeMtWVrs5AG71geVr6,iv:WnHsFW6oJCBsm84y1rzQ6HbLG8ydPBPQQbHoXKGR7JM=,tag:HsoJxLv8FvrUNSwI0OFCbQ==,type:str]
passwords:
user0: ENC[AES256_GCM,data:72ABhoc8Hjdf56eHkxu82Ls1zTJwUJRkly9hqlHKhQ4INepT66LrUGRHUG1x+4FemNWvAirEXVHvPVtu+rArCrDpGP2ZIbP77f8=,iv:ukq8E7orUwFOUfoqPp9RMjZNm0MMobXcjbWLzx9z1+4=,tag:E9OTDzLkliDIlH5DrLqQVw==,type:str]
photoprism:
nick-pass: ENC[AES256_GCM,data:2anC3qkrE6Z3NwMWSi5dVQ7C5Q2ym6cYCL/yXQUPAYJ3,iv:7ZVwkhQZ5MjHeobp0ACvY29h5wXA4Cq6Bsf2jnx/ZEE=,tag:+234QVuKo7yfOh3jo8HImQ==,type:str]
stacie-pass: ENC[AES256_GCM,data:45nwjOXOI2wYPi7H2RtUVMESCxLTYQrF4600MQHoCDwm,iv:WgYqJjbIO8fzU/z19RsiUpIbWQmyT4iU4yAFIj1fcsU=,tag:jzsYNrerq6syemssOOOwTg==,type:str]
garnet-pass: ENC[AES256_GCM,data:ccb7NJxYZxXeuiHxn6ntssTmnN9AoaqoFe8pFkPLNgLm,iv:yeTPsn01pVuWp5qVaFl1dWCoMYX6koBKN5ehJgCSix4=,tag:Pd2erGL2hBQnN5JZNBPo5A==,type:str]
listenbrainz-token: ENC[AES256_GCM,data:rSLVOYj4PbWII+CQa3VzK36Tns5PTr6wwE9ARlGwt7h5HAf7,iv:GXpJlchq1B/jTjvn5EWrZ3pnCZgGcDNHEYA2+yESUsc=,tag:im6e/xqQMgbKPt9ey3l2TA==,type:str]
sops:
age:
@ -80,7 +86,7 @@ sops:
bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-06T03:43:57Z"
mac: ENC[AES256_GCM,data:/fio+AmzDXP1CSytMnfeew5ZoUfeSEQTVBBL7A0mgkKsSH/aJRTDyongVobwHIhdJWlPnfSD+JmCv2QNa2wdj6cZr8Ka/lJDCUVLnHRD/Q7StyWA6J1UzNXAzniSd7ppT3rnffifmVsp/wLk2gJaF9WvNWen4dv5ITEatIow9wk=,iv:/TSk6bYPQ/+0B5U8W4MzcxPbwwjhTtXe/kdJyg/UEuI=,tag:d6RHmPZNc4jOC2ue3VDK8g==,type:str]
lastmodified: "2025-12-07T07:33:25Z"
mac: ENC[AES256_GCM,data:iVMnQYSBHlTzERNWEIFt4Zhaz2i3CR3NFRacOXqoG6mBJS9OFQvJuDS+AyBDBjft8dTNehPKJ0C/npR7n1R1yhyjyHuCgGGX9mYzMIzNoo6zNoDoGiEdVMbHyRC2fWrSHodI/PWjDHvy0rr3nXh7qIduiFvcth5w+98QjJVQ+wI=,iv:uqjvU/LA6XEuYVC8/k3rWMliFTPyFTHn2dtje3wxThA=,tag:aNQYNRgLktBA6zdnizijJg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0