Lock file maintenance

update podman dns setting for telperion
update jahanson.tech zone file
2024-05-29 00:08:53 +00:00 · 2024-05-28 18:01:08 -05:00 · 2024-05-28 18:00:52 -05:00 · 2024-05-28 17:35:12 -05:00 · 2024-05-28 17:20:37 -05:00 · 2024-05-28 16:42:34 -05:00
11 changed files with 135 additions and 52 deletions
--- a/.envrc
+++ b/.envrc
@ -0,0 +1 @@
+export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,4 @@
 result
 result-*
 .decrypted~secrets.yaml
+age.key
--- a/.sops.yaml
+++ b/.sops.yaml
@ -3,10 +3,12 @@ keys:
    - &jahanson age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
  - hosts:
    - &telperion age1z3vjvkead2h934n3w4m5m7tg4tj5qlzagsq6ly84h3tcu7x4ldsqd3s5fg
+    - &gandalf age1nuj9sk2k8ede06f8gk5twdlc593uuc7lll2dvuy20nxw9zn97u5swrcjpj

 creation_rules:
-  - path_regex: secrets.yaml$
+  - path_regex: secrets.sops.yaml$
    key_groups:
      - age:
        - *jahanson
        - *telperion
+        - *gandalf
--- a/.taskfiles/sops/Taskfile.yaml
+++ b/.taskfiles/sops/Taskfile.yaml
@ -0,0 +1,18 @@
+---
+# yaml-language-server: $schema=https://taskfile.dev/schema.json
+version: "3"
+
+tasks:
+  re-encrypt:
+    desc: Decrypt and re-encrypt all sops secrets
+    silent: true
+    dir: "{{.USER_WORKING_DIR}}"
+    vars:
+      SECRET_FILES:
+        sh: find . -type f -name '*.sops.yaml' ! -name ".sops.yaml"
+    cmds:
+      - for: { var: SECRET_FILES }
+        cmd: |
+          echo "Re-encrypting {{ .ITEM }}"
+          sops --decrypt --in-place "{{ .ITEM }}"
+          sops --encrypt --in-place "{{ .ITEM }}"
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@ -0,0 +1,15 @@
+---
+# yaml-language-server: $schema=https://taskfile.dev/schema.json
+# go-task runner file - rest of config in .taskfiles/**.*.yaml
+version: "3"
+
+includes:
+  sops:
+    taskfile: ".taskfiles/sops"
+    dir: .taskfiles/sops
+
+tasks:
+  default:
+    silent: true
+    cmds:
+      - task -l
--- a/flake.lock
+++ b/flake.lock
@ -9,11 +9,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716638635,
-        "narHash": "sha256-exRwSztMwH4IZ//3+Xq9hnyONVOnQ2Yo41gJRJWA78E=",
+        "lastModified": 1716910705,
+        "narHash": "sha256-5ar5rx5yWYGo3P6PUUGjOvdePfmvMCsuXrnjpHVPq0Y=",
        "owner": "atuinsh",
        "repo": "atuin",
-        "rev": "2e88321aecfd1c4a7fa69a1794ecdf34a401c358",
+        "rev": "bf2788259cb6ee187231a55263fdc1ca935e4272",
        "type": "github"
      },
      "original": {
@ -117,11 +117,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1716736760,
-        "narHash": "sha256-h3RmnNknKYtVA+EvUSra6QAwfZjC2q1G8YA7W0gat8Y=",
+        "lastModified": 1716930911,
+        "narHash": "sha256-t4HT5j3Jy7skRB5PINnxcEBCkgE89rGBpwTI7YS4Ffo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "5d151429e1e79107acf6d06dcc5ace4e642ec239",
+        "rev": "a9b36cbe9292a649222b89fdb9ae9907e9c74086",
        "type": "github"
      },
      "original": {
@ -372,11 +372,11 @@
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1716476603,
-        "narHash": "sha256-lrUPjM0dO0APoO/5Pz8XHWlUcD54dZnBAsi2v69d/3I=",
+        "lastModified": 1716896735,
+        "narHash": "sha256-id351iMgA7aOla2BD6C/BTXMJTGigRQA64kCt8vM+cs=",
        "owner": "nix-community",
        "repo": "nixd",
-        "rev": "b05abf36de17cf3c12f48f40ede67b9112833483",
+        "rev": "fe202307eaf7e89c4366ed927af761482a6065c8",
        "type": "github"
      },
      "original": {
--- a/nixos/common.nix
+++ b/nixos/common.nix
@ -7,7 +7,7 @@
  ];

  sops = {
-    defaultSopsFile = ../secrets.yaml;
+    defaultSopsFile = ../secrets.sops.yaml;
    validateSopsFiles = false;

    age = {
@ -60,13 +60,14 @@
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAanHn3AWxWfHv51wgDmJwhQrJgsGd+LomJJZ5kXFTP3 jahanson@durincore"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIATyScd8ZRhV7uZmrQNSAbRTs9N/Dbx+Y8tGEDny30sA jahanson@Anduril"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/W445gX2IINRbE6crIMwgN6Ks8LTzAXR86pS9xp335 Sting"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd Gollum"
  ];

  # Set up users
  users.users.jahanson = {
    isNormalUser = true;
    description = "Joseph Hanson";
-    extraGroups = [ "networkmanager" "wheel" ];
+    extraGroups = [ "networkmanager" "wheel" "kah" ];
    shell = pkgs.fish;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w"
@ -78,6 +79,13 @@
    ];
  }; 

+  # extra user for containers
+  users.users.kah = {
+    uid = 568;
+    group = "kah";
+  };
+  users.groups.kah = {};
+
  # Default editor
  environment.variables.EDITOR = "vim";
  # Time zone.
--- a/nixos/gandalf/configuration.nix
+++ b/nixos/gandalf/configuration.nix
@ -2,7 +2,7 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

-{ pkgs, inputs, ... }:
+{ pkgs, inputs, config, ... }:
 let
  upsPassword = "illgettoiteventually";
  vendorid = "0764";
@ -15,6 +15,15 @@ in
      ./hardware-configuration.nix
      inputs.nixvirt-git.nixosModules.default
    ];
+  sops = {
+    # Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
+    secrets = {
+      "lego/dnsimple/token" = {
+        owner = config.users.users.kah.name;
+        inherit (config.users.users.kah) group;
+      };
+    };
+  };

  # Use the systemd-boot EFI boot loader.
  boot = {
@ -261,6 +270,23 @@ in
          PUID = "999";
        };
      };
+      lego-auto = {
+        image = "ghcr.io/bjw-s/lego-auto:v0.3.0";
+        autoStart = true;
+        volumes = [ 
+          "/eru/containers/volumes/unifi/cert:/certs"
+        ];
+        user = "102:999";
+        environment = {
+          TZ = "America/Chicago";
+          LA_DATADIR="/certs";
+          LA_CACHEDIR="/certs/.cache";
+          LA_EMAIL = "joe@veri.dev";
+          LA_DOMAINS = "gandalf.jahanson.tech";
+          LA_PROVIDER = "dnsimple";
+          DNSIMPLE_OAUTH_TOKEN_FILE = "${config.sops.secrets."lego/dnsimple/token".path}";
+        };
+      };
      # # Xen-orchestra container
      # xen-orchestra = {
      #   image = "docker.io/ronivay/xen-orchestra:5.140.1";
--- a/nixos/telperion/configuration.nix
+++ b/nixos/telperion/configuration.nix
@ -197,7 +197,7 @@
    dockerCompat = true;

    # Required for podman-compose so pods can talk to each other.
-    defaultNetwork.settings.dns_enabled = true;
+    defaultNetwork.settings.dns_enabled = false;

  };

--- a/secrets.sops.yaml
+++ b/secrets.sops.yaml
@ -0,0 +1,48 @@
+lego:
+    dnsimple:
+        token: ENC[AES256_GCM,data:yWXPbSwj3Y1gAuUCF1eK9q2WSPJmv1ZtRB/2gfvH3V58lc67MfDdN960wg==,iv:h/0Yv1oqeFVwRfi40hG3/twYNPO/MLshhgrJCPWMUMA=,tag:M5W1csc+Rsuor8lp1P4+7Q==,type:str]
+1password-credentials.json: ENC[AES256_GCM,data:WBFSyiq30df5D2A3jAvYHLHz1b7nnk4MR0W4E8qDblIo2gug3uBbugR0Dcg2XQRSKfTDpk1kc9KPMrqYPsPtAgKjqQzL1XzuAL9i0C/xBO4+VzFoG8Puwm43791bVjFcG4hxdoMiKY28Pi2MnKlQZEivZUatSNHJqouYfTM/pIuLhRkng6YmUIzT2w47bl0K3Sdu+lh+aGxFsL+k1zepMALq+GZO7IHC9xBq32HwhpWd8UDpgCNqdICaJJ6G8iJxjSqUHjoijkU9QUS+WwWFpVGJ8f1WkmQZ6/gcKudMNg8msMrcyobPw/JgeigxDzF3SpujShRJN6O8QdtE8TBnxb2RZSxC5uNojvqgJVcR4ZvQH5wEZZ9PmNbhpS2vo5nb2/b5fmSFvkIsugOveZ/92O6ffA3rSqT7Eb+nPIH9H1BAu7cUxu0RPXBmM72ohMtFoMpPNXJBkJHODcYNxCYrzWaMfa3673jS5QElzJYeKn0Ir45MFIwWArttq2EVW38Vuwx2YA6qqTrpIiNmhOvKalnVW5f678lwIIzpHDP+1XfiK2MhIXTXst3nV3t/7z4wop4mRLAclS6nmnHMEZ8QrbvK4vVQLUgLDw8r2wRcYa8v8BcdqXdLbkrrHVoPUTn4XHZ0tgO+dfAR5KwkESI/l4B0gxNAlIbYs7edfapphZdbWsyUSbURxt+u70fXovXvgISf9EPT/FcUribInzf4V2PM++x7R72VRARilSXysEouNdeAqreFER/fuMKnXO+7+ywSMwMPLPk2q/J3/u1F+MXTVq4wWJD4UKHek+csAE3qk847/u/XTCJmtVzRLEjJMG5ShNxLI1HuH4Pvf5ebB4MQIeO2gZhiXP2fWNtWt1w+A47FL1GcdXx+Oyl3Mjhze+/762vwVODu9fsY5ySqa86TT96xH67RiVfDp+iTRQYKirwui69LsRACpB6LnKt4yNX3QlS0mawFZhWSuzy6EUqhufQI0I/Pzf2DatyYXtLwHrw/8AYf+J2ouDpew6tghsdSy4s0BnypSL6UmP8OitpDmD+IHSom/eeOCG/vXtUD2KOzzmCR7FFRXrqyYtyQ10djq4jUKO43bzKkWINm/NDVzfQf8NQdXTAR6eneyXJ6Zt+FzMtmbHVjfdrCfLNdXROSfhRFX/YZHVwF+HwtK33RK0DOwpFZGOnW1bceQ2BhgEQbv06IPK6mS9WGx6ymDJ6C/nldTBXLbc5LV/S5sKnnIi8stkd47e3olJSp3xs9ri/ZSFrT3JxVIU2mUL8PGjuOuHDknv8VTZlx1WFp1xqj0l3kgz40SzpWcvSyavHFnPs/+W5UN0N4xBZo7Wuf21u1gqAagypDzoUCnWakjHXQK2LsREFcN72FXHRihpcJLQOjWnZEuQDpH+1Dk5RpUjIZl3M0VQFb0XPwHlnK0pBaBn9eiKZU17gyElXKAz8=,iv:YqHHD0nHnil9s2rG7nmaTjCSvH1TtiiOEi6uqcZKdMM=,tag:/bRmXUnt25SJBJMu6IywTA==,type:str]
+bind:
+    rndc-keys:
+        main: ENC[AES256_GCM,data:NemSD9HDjU9nj4D7zo5X+xKM2KqnjwKhef7UX8w4k1wWY0BKEa7DHniHynYTs3JIoJ5rP+sU+8xXSpiZlC6dM+BzdUESBNnEKyON6EObxz9opo4UgC6fnjuO1Cu6/iCAgqUdZGx8,iv:Rl5S0neTGSJ+OVobY/kAxOkW/7yEg5AVKwicJOdMFyk=,tag:3HCcyA75Bk5q2ZB2Jjozng==,type:str]
+        externaldns: ENC[AES256_GCM,data:rOc4mcKV13ljFdQKD6XLW5YHIa1vZ3iVq8dBBgiAmZ2b8Ygzx/j7dZLo0Fa+twbE55CcwEc218PsviiTbs5erO1lAC2g8NhRbXeN1Kblnk/duYscv5U8eM3vRAvBIMoX+1gByYQoaClu,iv:egLkYDIyLggpQQ78lypgzsKAO0H7bxWtzJ/hOeirLqY=,tag:lCMfoMcYCYkMmm0/6hgkkg==,type:str]
+    zones:
+        jahanson.tech: ENC[AES256_GCM,data:7TKeTxqdy28mzmDSSxqJF16rbtCZ00tnL+ZjfdvUG/+p8zdtLOtD7u7PXMmdI7wkB0hTA1gU4Zgr/YBVWb+i6sC5pBPLKk6o1nTZsCBCqzLZhWsvrMGQJaZ2ojNBSIUEIA51jlMe06BDzCuDKShwQ2Au/cMrGfYQqqs9tRGln2siB1m+UKk9g4EZQU/wbPGt16Dq0mBYJzpT3KnBY6jKDHQh5CrfRBvY+KzkrSYRYYbchcxeTYm0+RFeHbDUiluhlTxVhnLXn/Im0wih4wmgKL5LgR93BhCqhIJhNc+NiRurxj3AGFT7zY/dryKe8qiLMDgakGnBRyjlwxqxoe16wLIXyLT21Jtpgcn9J62hKcneK79OnKra1tr8SuO/rt0/IcWrAYhlps+CTBsu7pEbde4rNiF1NOTBSMDqeDpkhV8krBLQLkUY4HX301JEVqkE67y40GWSod46nlVrfJOjuR11oGIo9Oqdgb6KVlNyPXlm/CMrBqvNEIYbMASKn2QEXsxFEGN/Yy9lIp+JJkPHsOI50ArVfEn5ygbZgX4qhnYp3wUBjTqCS3gZrzErhSxYWxOIxTjcY2/BMcjhrSQAjtXUgY0tKwZ9Gy8zyxpPcVlxgmOSi56bwrOjYY1DpJ73wWjDdwzRFmWP4M4Plt8uacJWC9fq0V1FJU5z9SmiZPe/53cBnAHEFAqBEGyxZQErufM6fSkBBE5mNG7hu6E6a61lzAfalL8S5hQiW/CIWWV1fIwkqpVO9KLBqRUqtaHchaF80R69CDRUhv2OK1Fe7m33ez69Yd+Pen+GuCKhBeBPimuqizZM2bA+cS+20qefFdqnBG9V0UpVNT0ohIsYDRs2se5e9MueqSRUDzdvDoUksBwCancc4z5kXklv43YtOtoB8X5qo9+kOt7Mn4KJF6iKwWGZkQX/SfoCDiHJ8d6s2L2FdbkqLCnGRhGlM9P8xaPHP4pLzE9A3iZU9Ea+lfb+q7M1AAGhWZ8MzW6xJAmiXvmRi/qRVJhOn/XYvSnVJiS/hHwsSXiDK39dmbidKzo/MagvcK90gE3uR4fQ2pqx6HWXpnjBKr/SmazXcWlkOPdNFSmjsdzc/bfwuLR/rNk0GBtYlXyZG9OU3qyLNbRBA0w1u1dyA4CYEWhtWloGWddXOeyFYoI4JyFBSRyqdcg=,iv:rvHEHqgShmcKKakSohT4M7TEHhPcLMYVcFNxBso7ubw=,tag:9KaBsejtb3M86pmR0Y2RAA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOU45eFJjUHVzVFcwblVy
+            TC8zSk5XR2dXcnozNVpaaElJa1BteVpTaDN3ClN0L0JrOCtvRkE3RWU4eTh4dXdG
+            TUZBNnhKSlBRNUw4KzQwVER2QTBNWkUKLS0tIFgxY29mTnFyMlc0Yk9CVFg1aE9J
+            U0MzK2NXNzBYR3RHOE9qRjhVZzZpWmsKFz7SPBk//ZCcpLAVwhV6dlLR/8airRNy
+            tTznN6y9kksWFQg4NR+v/hOl9ZAKVhck9KiVyg7SHnwRj80+meEm3w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1z3vjvkead2h934n3w4m5m7tg4tj5qlzagsq6ly84h3tcu7x4ldsqd3s5fg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSUE1TVg1dGRDM0VNNWVl
+            S1ZaZjhEZ1BWdmhDelNWNWVyTVBWTTk1eXdrCmR0TEMwdE5LVERjblE5bythMXdZ
+            TlJCRk95WkVXMzZmaXBlNTF1YU4zR1kKLS0tIFVPOE9icktXZmdjcXAvZHV3ZUQ1
+            YjZmTWUwRVdyUEdWaUppKzI1ZkV2NTAKQh3RAJo+yavr5RTPJcW77AvdCTX5KtW2
+            TYmNPz1GCI5QN3yqAjcuuzn6IYMRxWR+Kbd6G0jO45PkO7NuEoSeTg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1nuj9sk2k8ede06f8gk5twdlc593uuc7lll2dvuy20nxw9zn97u5swrcjpj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdFZlNkRSMmFLM3FVQVdC
+            QW4reVhuMm9JNjY1OHNFU29YTkNsUEo5VmkwCkFCWVFXdFZBcnNvRFVMbTJ1a1Iy
+            NnVBOW9vWm1nV2labEhQVWR1VGFvbG8KLS0tIC9OTGVlUEhrK1dQSi9icVZyRk9I
+            L3I3c1VHZTNUQUNjVjFYaXZXMHlsUTgKplXR6ZN5+Z25n5IlC7jGDHYLH/6g8dWI
+            MtkYR0606ZC+b4w8PmsHyf6SBfocb8kP9uZKhJAHCtgzn1IQakPN+A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-05-28T22:57:48Z"
+    mac: ENC[AES256_GCM,data:5PpFEhLZoM9l4Fb9ytN508xuu8voL40hvk00OlktMSWQ9WkhPc0jRwnrjeBgx8A9NUMUMg3zPatyKTcj4cb1QVwL0QKNwm1z4Nqit+T+KIIXYWl3baeJE2vFrt6z48V+xj9rap/O6z/lxHRI658cR+5y3C0rYaeuagYe2lJkqrY=,iv:GD6hDvvfkQy2su0qtgv6DfJroxKSfzOQg+NCEUypz4c=,tag:vzT7+5DSPvG1w0NrNu87zQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/secrets.yaml
+++ b/secrets.yaml
@ -1,36 +0,0 @@
-1password-credentials.json: ENC[AES256_GCM,data:lVFciFilowAdIpLHheFffOA631Qqerwat5pvj6Yn+b2kJvnNd7rNgMWPbp3cElY2pnKOXI6jDeLiWSw6VyNmXzxkJuQRN1rRRdP5F1kwoF2ZSMllxCTs+uXh+LVmV0WR5cO1U6IVLkBBFY35n46U4rmGeuEWQWI8XOoUo/MpfNVjITFOBTfFw9jTWLDuLnDM13BAbKx3km4RiOJMiTzKsoIOhHZg+QhuCB0y34V0K20Rw1cdj4JfWFyIWBe9/HSUYPbl3yPzxHGSgmV+rQlEJ6EvAkvN54/JYsiicoTPFses5dtRzgP5Sfe7QQhE/di11g6sSg8PJdndXv8jdVS7wnA8HLv+VyOcesIlau9JqXWZ9esQZQ4UrXof31R4j8zNinci/hErLx5yDY/cei0A0hFmYr0RmgY+J1JSgkqWw5h+Df3SK4QGfZ78lAUPlQ7iozITEZMU1JL7pVbmuVDDQCTNmjsogCUrEhxE4aWN8k57kBcuEHqpxaIA4XOxYZ6Pid6pbxOfS6IjzwMU6hiIu5hbQTauCnEUba5l54ZAbe5Y71XZNYT23QwbbbIdYByJ9+stSCRHhrJyzElyeIgT1KJFPsIIadrrC2HuS+1pEIOPGhvwkJNLJAJiSZiTtU45d14YCIfr9sfzPLnfyi7ke8ca/qG6WDwTSWVqfuK0HeSt30ZeOksHZ6hSMjGAWYLZE+LbbVJ3KAJzIemwiCry0uM6DnJOFMzsJbV+1Src9Iixmaz/piCZvuGCvPp9iHezTqvRzs7hps1I4ngWMPPKWLkho+yRrRxUsMS0mxgB0UDhJg2Iwn95HfGyApYMtBHBlOu6KVGc8/24f1UXqLOf1MsGkeKNsy09OkvGcGH8B58w2eHLfWjHlA595wnp9Jwiu1NirN0CjZtlNC1Q6Atuvf+42C+h5fWnZaq/ou7IQyYMcS/XqlcxRVXZr9diahowLHOq3WdBJgl2gCJQOpE+5VyrzwtTpaFeEvVx1hSe4ksFx4KvCUwPksb0/jpt+nV1T7ks9PJ0tfdE+0Rg3PT+cElAHecJL57YZnUp1dUtLhPhmE0aFJOHzqJUZ1VcANkR+4Eoeqv2PoDOOwB/oViacERDnJilTKmjPN7AJcsB6f+o+xI2eDOei4EWsTCkWu7zpJLk1mHu1ZeYAUmPiEFdzw2SsXbG/VJD3Rnu3mw+2drSWbA6YHNfw02UcLoVoDVBf6UI/mt3rA38ccsNM2JypJR5qRrluodOYjqNcThOJwm9h0zOPOl/B0JFMdPGRS66WCpwQYvVr5cJob0z+rTGW215KLeeq0xCVPhpMv1AvC4GTP8FcCX2+MCjT1MtRgGc1IScjzgSf85ER+/YHB/u+0yIqbc8QZlDLVQuNIY4hBSW4uw9wLgkcIToBy8vVSkPE153ruxKUK+VBcRH5sgC0r7oj0f6FL4sBYP7FnbBXOM=,iv:jW0DRHr9Q0DzsAq0V5sZlnpCI3hjfE377SzlU7Xew00=,tag:q/hfk04RQMDSUT6F62LTDw==,type:str]
-bind:
-    rndc-keys:
-        main: ENC[AES256_GCM,data:kHDSEJ9bX8vugV923GXRIibrnx3vRjdvzv5VtDaam3GSI8CSjJd9aIT5K70sJXRRkh+en5dLJlUO/LHPjwIybwQgZpj5DgOcyE0ks3FEyJsgpxYRXrQtGtUb83c5CaY07f4vL9oy,iv:rENbmwqpsos6lBIo8B6gp8XE+dYA/eWWH+4dv6tK/Rc=,tag:Jgr12K+nIPzc2P+RtBRlRA==,type:str]
-        externaldns: ENC[AES256_GCM,data:spx/NK8VszoN7P9AkbZBxbjU0cV9ddo2G91tMe74b0L6DoID/ZSPef7J+NwDl6g+3M6WcQVyXHjhHU/j0NsTj284WnByHfJrKIHJJe1lJQld6aw+/Ax7IDP94kPVYfVEHR9SF0G7odPV,iv:fxqj2BF1F/WgYKb6rWYkggWh/0ngvYd8pN/d4Zw2YWM=,tag:FbG/96/10gmc132J+SXOMA==,type:str]
-    zones:
-        jahanson.tech: ENC[AES256_GCM,data:c3Dd7WxDZiRWPwwnOzZzhHCU70dSrDpJtIxkzGi0BBfiVoggO3UD3wDIUUnjkDpt4d/+7Y0W4fwLvEV57DRWJ4YE0fBYF2seHWj15gIRfAReGb+A4EEHJOJsRHMaVf8G7sciDAs4x09JWEKYdKAKOa4ML/N0VX+p/uQgq5O/fp2Hx8P3Qh/JDO6XwCZvl8vqJVzrq1QF1hkU9TBgebAG05KBlfONNhrdlPFy1sFlu/C3jChP6dgWCEV+rOkSQMHI3UCv+xSv91MIbjhst8ouX6ZoMaFMtb7M3WlWRCkhDuYePn/8M1Tk+DZSZAUIRcXCthi7Lsimr8hKz4PKmoDQ9Z8OHOCo7z7W7ksM6+QhvMflOfbS9qjIru0mnidqCJKyxTlGoFVvLLRZQOcAd6yDfq/+0nezxuG3F8fgvCikBDjJmf8y7PZ8egZvspNrXCGFbe/9Hrsz7qmWDlz6FJb37XfE8FNMY6NaAg2nKNIvxQoxYRjspPwPPfr2OZVVFDIvyN/OhjggUAWfy4bd9bPUCKZhGnWbpY7UmjleRKsVAqB3L6wZkhKOD0PSuE7bu5nXwwJqsrFyZii+4oEKMeSdoIbz9vDcN393z4MyGx4ddJH1jYwlPpPm96lvyc5CjrmmCLeZZZ9pUhkDf7pjjPFTuH0l9Xa25tpu/wIVyH1oYebL0i8HSz8Ar+ouGowEh6Wx14xg8MGFbLPVBrFpKTewc7AuTboNlbhFaykJetEUhcjiDqC8ejonXYov9sSq2AzAl7Blh4y40SRKbVQhYecyHxeKJID3ApDJtMRUp2W9c0JpRKQAdspB0eMC9xMzYKa5LJfKGD9k8nGuaDAcFRBFzNURC57R6aLvMIXm95u4bdaz/wGswxbVciYCRPsHr3o0N2ZqBnfHuPsoTyl6YZWREtyjTMdW5ANKZUo1LDSZdq76Al0HgelgZVVH5BTGMkFdIiL2rZhX9K/QjQeq1fU4kxfRicXjT1mTgOdukWg2zybTfuHUkQBW3ueIprNcMD+sqVdNi9wn7z0JwWG6Zyd4qIeZDNbmeuF+SA==,iv:m4/6Nm1hkHOulULTupYwTJtKLAloySxrXwWHu7CN1cM=,tag:uKy851IaKDSkQxzXBEiniQ==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNzRsKytjQ25NN2xsU0hI
-            MWZuRTZjRWNibnhnWkJsYklScmt5UFl2T2pBCnU4L2ZWVnRMclJaN2QyWHQwMVF2
-            Z1hTZUEwMXAwamxRWXgyQ0VQMUY3UVkKLS0tIHVVUXljMzh1MEExTURPSkFoV09u
-            MFB0VDhVUmxCc2JBaTlLV1BVTGJhVkEK2DtRNL6KBkBS23ywub66hpUcRn/Jea6k
-            +oXXU8kcQ30WqSupI6kUUK0Dd+at0vrV1tV/IkvfW0Qs5OzjgtPo5w==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1z3vjvkead2h934n3w4m5m7tg4tj5qlzagsq6ly84h3tcu7x4ldsqd3s5fg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoT3RINjA2SUVsT21EWFpm
-            a2V2YytIMktRbSsrNkhlOGI4c2dRS2ZpakFZCmFTNGs5aXA4SW1PQnhSSHlQM0hL
-            cFZvZzlXdGtXbjg2WDNDYytqQkpwYmsKLS0tIFAyUEkrVXJEYkhSNktQR2pQOWFz
-            SHZmN3JDL1ExVHZ5K2txM2h6MzRKWE0KbS3kO9teIcRDY4hnb54LgWzcRQu7aGGf
-            TjnTJzqKqmRRMLOs5be6wbrxBiRe9p5nCN/WJ9nqhr7rfNNMUiZePw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-30T23:29:09Z"
-    mac: ENC[AES256_GCM,data:x4ElnDRzdwcSf1qNZ6MNPzqDJwtAvQyc/ugrfxpdGyS/PxfhZPcTKshdl1xS6dhAfARVa2Wo343vKJ5fOA/9XNPqa4JL2i9bv1qmd23hgPkz4fFtZ1y5eWUKf2/yaRJrssi1CBQqZWMPPLgggokE80cGOMvD/F5KtcdIhnZjBQI=,iv:VrOtAFB8+Jm7H0JBlo6FsWKXmBZSOkGKuAfIZPbfDy4=,tag:qYJenhFym4iCeXLJqATu0Q==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
Author	SHA1	Message	Date
Renovate Bot	8c5cd868eb	Lock file maintenance	2024-05-29 00:08:53 +00:00
Joseph Hanson	bc5994ae0c	update podman dns setting for telperion	2024-05-28 18:01:08 -05:00
Joseph Hanson	9da689b4ca	update jahanson.tech zone file	2024-05-28 18:00:52 -05:00
Joseph Hanson	48ca3b1a2f	string not object	2024-05-28 17:35:12 -05:00
Joseph Hanson	ac37c82298	added lego-auto	2024-05-28 17:20:37 -05:00
Joseph Hanson	ec567d2c03	All about sops	2024-05-28 16:42:34 -05:00
Joseph Hanson	bd610e1759	Add Gollum.	2024-05-28 16:08:12 -05:00
Renovate Bot	f1d2a4268b	Lock file maintenance	2024-05-28 00:04:56 +00:00
				`@ -0,0 +1 @@`
				`export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"`