diff --git a/.sops.yaml b/.sops.yaml index b517a43..849749b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -39,6 +39,7 @@ keys: - &host_mjolnir_ansible_pull_age_key age1hv7m3xypesdfm0dfzwgctde8v307g9xaunnfu2687y0lagcs5q7s3eg0kj - &host_diday_staging_runner_ansible_pull_age_key age1522f3qzddm82w63j7ajdkr0khvced6ht7tzp3grvp0j3hewtvesssr5kpf - &host_auth_dns_ansible_pull_age_key age18zgt4y2sd75hxnpe333zz39048ctxpr0q8a3uqh3jajjkyawsdrq8yg5ve + - &host_forgejo_runner_ansible_pull_age_key age1az0k6cadssk6r8qcqxfr8cyu5mndy59pwt8yqq6w065ew6au4ezsmg2vkf external: age: &host_external_age_keys - &host_status_ansible_pull_age_key age1p546j6whqsyfkjuf674lawrnk2ex653fuvwhcwt46gkrspkq59sqzm5y87 @@ -209,6 +210,12 @@ creation_rules: *admin_gpg_keys age: - *host_auth_dns_ansible_pull_age_key + - path_regex: "inventories/chaosknoten/host_vars/forgejo-runner\\.sops\\..+" + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_forgejo_runner_ansible_pull_age_key # external hosts - path_regex: "inventories/external/host_vars/status\\.sops\\..+" key_groups: diff --git a/inventories/chaosknoten/group_vars/all.sops.yaml b/inventories/chaosknoten/group_vars/all.sops.yaml index 5b3f4dd..5b4b6c1 100644 --- a/inventories/chaosknoten/group_vars/all.sops.yaml +++ b/inventories/chaosknoten/group_vars/all.sops.yaml @@ -5,381 +5,390 @@ sops: - recipient: age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0SHFlOFVSbisycXk3em1N - V3RvaXNNOFIvdDJobk9kSVBmOG0ycCs1T1E0ClZ1NnVGK3VNNVplQkxjVUw2dUxu - SXU1RjNLTE5mZm5yUVBDa0NTTkVhck0KLS0tICtpTDNmeFhWazk1U0FQd21wM1FZ - RkdwVXBSK2xySW5qMDg3TzhVeG1Rd0UKXfj3aSYJWBn7EhsUgHnreeARsjWfjs6T - 79kvBkQ+Ovn9zvUZZ23I72rtEjab3Wt9gK2FdmEWVkHYS0ZvA8ymbw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvalUzeDFlWDJpaFdxYzZU + SzNLbFNiMTMreGhkaUZMN2hZS1dONFRzeEM4CmR5VjVKSWloQzc0NnM0bGRHR2RE + YkwvOWZZZXczcTR0cFZvb1hjMEVMZW8KLS0tIFVEVTd6UG53K1loNDdEeUhVTW5W + dFYveVdnZFptWi8wNEtIL2VEd1pPVVUK51kCjHeK/neGrtcsgvMsPifCKQflPn8S + +E3oHbvSvBWW5ACR+X0My3FF6F5qTyzeo8OqCdwHJJci8wD4lO0ykQ== -----END AGE ENCRYPTED FILE----- - recipient: age1gdfhx5hy829uqkw4nwjwlpvl7zqvljguzsnjv0dpwz5q5u7dtf6s90wndt enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5dTdXN0xPaWliOGVqS2NU - aCt3OWl3K2FXcTlYU3NDOXhGc2paRmZnMmtJClN3L0JJRXZDeWloaGJqRURWU3ZT - Sk54TGZHdFF6OUkrTVU4RDF5dXpIeTgKLS0tIGM1Z21TZW96TjA0Mm1WUGZoZnpF - WVBJaTUyQWpyY2ZZeHM2VXhMZ0VvSmMKTfmZnaNx7jz320cco7HThAsOPsnQOtCZ - MbVNfu7iltvgQDhoYwhSrnHlqFV4ogeacT2KXS5mO2M7xZK7N/IegA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSHp3cVdjbURhQWJRb3FN + ZmxSajRNSzFib2lRRmtVcmVzaWtjZmpibkhvCncrNkNmUmFKMkhLWG8zWjMwcUlI + dElPd29uaEFaeC83citIbC9sZjVhcEkKLS0tIEsycHZ3UnZ6YU5uSVZFUU1VeVQ5 + aUQwZUU4NFF3cHpoMTY2aUFMT3R3K1UKBMzOLiQreRutPycBG3ripOeKOlz02Hxu + nWkfVy4eJc+zRrwICmil/v3VcyKH72AvuUfnBgFkCTg+lGZY/GDfAg== -----END AGE ENCRYPTED FILE----- - recipient: age13nm6hfz66ce4wpn89fye05mag3l3h04etvz6wj7szm3vzrdlfupqhrp3fa enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAySnZSb1UvOFJGZzFCWmZl - MzgwWGxTOTlIM1lJVjBRRmpXc1YwUHQwcmtNCmRFSTVFUGFJQ2dSS29jNWJ5QWlP - RTIzcGpCWmEzVUc4dUZRVy9uSEtBQlUKLS0tIGUzQm5GZ2EwZDY0NEoxME1ZTTll - Nks2Mzk0M0pCZWZ6ME02dWovSktMMWcKgHTs5kzaIpuobI6KbjzWB9W2VOh50mB1 - Y+Z99tY96p47nRKOrYCNxkPMytxZEPZYg2hkz8gXH4UKC2eHJj6+Dw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0STVTd3pHV3BCTTkrOTdy + RXBweU5OM3RkWFA2T1M0RzJWNHVYdVZXWVVBCm00M2hQdlphRkxjU0VOUEladjl3 + a21QVEZmMHFoM1JxQlZXaXlVTjRHRmcKLS0tIHBwN3pkRGExV1d5M3J3NWo0cHNI + M2IxRjNHYmFPSDB1Ly9xSkRHMy9ldVUKdrGJ2HS5Kfyyw+0bCMlFs7DJ3+JWKLtq + 7YCoqWskZauUv+cH2VL/oghttdWQXonlVINkhKbeiQ49BbhPTompJA== -----END AGE ENCRYPTED FILE----- - recipient: age1jtusr294t8mzar2qy857v6s329ret9s353y4kuulxwnlyy4dvpjsvyl67m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRmpQTVVqTDNTYnZRYW0z - Q0VWcitOR2VYc3QzbUdvbVQvamptaDh4Q1dvCkhkMWNoL1JPcVozVWE3VTBtU0R1 - L1JwdTd5WXNEam1KeXFBSUVaeFUyTVEKLS0tIFNmWkx5ZWVtUGxMcGl2dWNWSnpy - WWhVSzIxblJsNHZRZ2JseFUvNmxLclUKh8akajMIkvAdYhwG9AAIB4br8EKJvVng - Nc4E/bUm5t6xxw7SVfxJ3HXWHYT6O5zC2sOspGi39oodgUKtQdwiGw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2Njd0ZDR3M3JuREJNTjdl + RDRDd1BXQ1F2Z3NZYVFlTGhsN0gxTTdOY3pBCmZReUF4SVRBcXpkQzk2d2xDRDBP + cXNNUGxXWkVFMTBNUkc1Q1ViaHpYZFEKLS0tIDFNVnlhQ294bHZhNTRUNUx4c2tT + MU1od1U3VG42cnBJSXlEQTl3MVhwMnMKFK43XRLZKQoouvCcGqHt/13LW+KMG4Gn + WvnkZz0m3WUM1iu3WLYqT+QOR8RnNPk669JE80rpxKZmbqRNsIdazw== -----END AGE ENCRYPTED FILE----- - recipient: age1a27euccw8j23wec76ls8vmzp7mntfcn4v8tkyegmg8alzfhk3suqwm6vgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTejVEYlEwZE10OGt2TTFn - cDdVV2VXeGpIclhCMCswTGY5UHlld09RSmdvCkYvdzJJTGVYYjZSS0xtWk05MWtr - ai9tQzhJTE92d1NzQ3hpZEY2Z0xzTUkKLS0tIDhSbnR5UzJjNjN2SXlWUlJubU9a - bEVNK3Y1c29DVXBCRGQ2Y1dOejZ1WUEKh9ehZCtmNeErAPbfFdjkE2Bs5Y+CuLtL - bgoUrGv8rBt+rmtgRLSBAj3frYRsR7kA5TsYtcVF3CBGqsZuCn/8/Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrd25sbHdPbkovMWJXaFdp + S0dYMmdoN1I2ZFA5SFk4VlBSelFWd056eXljCkdCdFlSMHdUdE1rd0MwSUdpTWNp + Ymk4Mk5kd1FZMElGTktiZ3djRXNENlEKLS0tIHJQWUtqTFZabjdidWlMbXVmeUlm + N1JBZm9jdWRtdXp0YWhTTVNGZnFQcUEKcrOCOyDG/dJocsR5ZLyv42PX5cTBdgvi + aNYAq+SnBEMQebUlPBfOapR3tsdjBRwMPvDN3cBtky77SGAg0hZ49A== -----END AGE ENCRYPTED FILE----- - recipient: age133wy6sxhgx3kkwxecra6xf9ey2uhnvtjpgwawwfmpvz0jpd0s5dqe385u3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2dytYNExPdFFVWmF6Y3RP - VnpySExpMURISnVhYWFtR3Y0bksxN0JLOTIwCm1JU3JiNldCZW40b3J6cGsxd2g0 - c1RMVG1Mb0FURlN5QXZzL3ZMK3JlVUUKLS0tIDVaV2IwcUQyTlBENnZWeC9BMkpH - eDZ5aFFHZWd6VnNGSkgrcjR6Q2hxTXcKush+dylamXtpu6XB3nLjXYW2KbOymCWj - C4uK7OTmOyNXobQh5k2S120J581BihmQpef5LMhxM835VNEFoQ0G2w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxM3V0RFd6Qk9JbzFGdi9q + ejZxMHBGdmhDNDloVVNpMkNrQStKUW5aNFRBClJtMGVJN1h0amJPV3RWY1lIQ2ow + LzYvR1dpSFpwa0c1Q05Bc3NXVWNrQjQKLS0tIEdNTXEraXk2N2Q5UWhjUUdvUXA0 + clhMUFZPT3JRZjFHeDBsd0YyVUVnZUkKYMO2fwqDXeuKVVgL2KKDWfTAa+5y0P0f + gFrlyEqbIrcr66fy66zHlVw3FjHoUfOsMDm4GRjWNn4KOTGSjIImjg== -----END AGE ENCRYPTED FILE----- - recipient: age1na0nh9ndnr9cxpnlvstrxskr4fxf4spnkw48ufl7m43f98y40y7shhnvgd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TWg5UHp2cHIzeDZtOE5j - bGg1MzFxQjhnTUdFc21kbVJxa2JYOTA3MUVNCndDUXM2NHRqOHFWN0VzdVdUYzhX - ZFZEelRVbm52UmZYa1BMeE1qU3RnL28KLS0tIHlNd0VNblFBQ0ZlbUtxM3dXbGJr - TUFTZ2hTbnU4RUlHU0Z6bzZqK3hIdlkKpxlcZipq7aBCHc9DDqCmOFlER+ed+LY5 - LBBSsL6ReDgJDFOVx2XGEuMO3mRP1vSOXnro/pa6oP+qodW8fJjCPg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZC96YVlTVm5xM3M4ckYr + MVNZZ1dISHNGcnNSOEVjUk1JZDdVcXdKeEhjCnhUa2dMOEdBenNxcWkrRnY5RFdD + bXpCQk9KZFZmVWN1Sm5FcnkvaXJ1clEKLS0tIGhsUTd4a0tnWHJZdTB2VktEbGxw + eVZVenJRQXNKY1FNVG5yZXdHTVUrc28KAeiaqGRCZ7tjMaxKrlDOTj96WcoxlkxX + 1P+DXm44FAlEU/o9YCun5CBDMrBI8qBt5VUxFaqyA94ixSKXZQeUAw== -----END AGE ENCRYPTED FILE----- - recipient: age1sqs05anv4acculyap35e6vehdxw3g6ycwnvh6hsuv8u33re984zsnqfvqv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eHNmWThRcFA2VE9qYnkr - YkdDU21palBseEZOUCtmNkZKZE1ncEdtc0FrCnBWMXBKRHhBUitMZGt3c3FIeWFS - ZVJMNXdpUTJsTG0wd09lLzJDV25pOGMKLS0tIHlib0YrU0xKRUJHN1dZRVJDN1Zk - QVhDS0ZrU1A4NUFIekphZjFvT21TNlUKviQt+DZlmp5ZFxdlkmdlfqW2+BTotYJU - j/St6J3Ibt0nnflz+oiRunndHsaeZG6xBY3ueRThcjlInF2ycYsJoQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTmtYKzA1d3Y4ZkRyNzg0 + RFk5SzQ2bGdDSG1LS2FkNkYwTUFXUjZqMngwCkhrLzEzUUhYQ2VkMEI1VmdidXA3 + RytrbXV4MUcwanNVaGc5NDBrSWxwRVkKLS0tIFBYSjc1Q2N1a1UzQTV2czdxaDNQ + ZmJGMFlNdUxrZHBtbWppcU9kelFTbE0KE90J1IodfxqYl3De2qUv8Eu3Uw5PKeQ9 + j5SPAw+1xvnB6q9iHAOhXwtER3bOsXOs8RnPTqKCV5RtEa6su79Kfw== -----END AGE ENCRYPTED FILE----- - recipient: age18qam683rva3ee3wgue7r0ey4ws4jttz4a4dpe3q8kq8lmrp97ezq2cns8d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRWlVS0o2ZC9sOGd3S1JI - RWdPZ21Hd016WlE1QjBONlVLTUMxWFA5dERNCjBtYXVMajBDSnhMbUlFY0ZQQ0dr - YitraTV5ZUlDbS9XMWxKSUQ5QXFpU1UKLS0tIEk1Z05NUDB3enVvNDdNRkpnU1Q3 - R1RnWWFaSmRtdDFVVW9jaGZUdUFQWFEKCE1osno869cTyuxQhQC3TjIfo5becoQk - ItN0+DrfbJtIs51+gu9sv92TFOWgdnvkCI0M6wzYnYCT6hH7ibwfrw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPbnJGdk40VVlQVGlhRVZy + M29YdWFxRnBRdlNsSVdTWnBWMGI1N3N5SjJjCkw3RzA5cHlBNVA2NlVlV2lJSThG + K2RXNm4rWkRtUmhHZUNBWUlUbTBIQ2sKLS0tIExyeFBpbnlRWittc09mVjkvY1ps + S0tjNUx3anVqL1RHVmVsR040S2VmdG8KEihK9BPXXLd0XQZB111NJuOdJGnCgBHP + KCuVczzyMx1lAyh0NlG0xgyIMKuWAXP0PBGgf24jerGbp/5mIx+sgw== -----END AGE ENCRYPTED FILE----- - recipient: age19rg2cuj9smv8nzxmr03azfqe69edhep53dep6kvh83paf08zv58sntm0fg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3OEtZYSthRmZVbFY1dGx1 - TFVTRGh4QTVUZU1VVWRpU0FXMlVyQUhTWlhNCmZRdjc0ZGRGdFJCYk9weXJjSU5P - WE1GbWprT3RHeE5KbzNMNk1lYVdaVEEKLS0tIHJ3ZWdzbEVrNWJFZUIwSUplQUFm - WmpuWC9QWjdmUkxzSmhMa2R0K3ZYZ00Kl25L6Ya5bV4mPgq/OPxYq/D2xqszFVr9 - FkdgDr1VfbvU5wdA0QjIo+gVaJI7EazUcy2UJerS+uvL0dIn+RwsWg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoVTU0eWFMaWhIK25ESUQ0 + ZklzVEhOeDBtSWpINDVVb2o3QjQ5VWZzSUg4CkRpMnVGU3ZOWVZCRnpHT0J4TGhY + ZHNDekxuRmZ6TlIrUmhkYzlFb2NFM2MKLS0tIGNveGhmY1FsRUE2c045U2NjTi9r + ZjN2TEc2TGtIV093N1lKRjNqa0NrZTAKv72ItPWyFHxKxT1xQIu2sA2SzR3/1/Hf + WiZjpE7QXJBxhFVeYEcZgPKOZ7HdubchjSTCGTuX9oyi4/GI7yRPUg== -----END AGE ENCRYPTED FILE----- - recipient: age16znyzvquuy8467gg27mdwdt8k6kcu3fjrvfm6gnl4nmqp8tuvqaspqgcet enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTlVXVlo2Ui9ISTY5dnNS - UFNzZGVueXA3dXkyb0NFNzlEVTcvM0Iwd2xzCkhsRGxRU3NBNURBR2FGay9wMlk3 - M3ZBTzlRNlRCVTFQNGZndEJFeDZzZUUKLS0tIDVGcWJWSUlnV3dSWkdzMjdZQkJs - dTNYQlJiNmwrbGdNNlRxZnBKcGNJV2sKBw6OlaoIcb9hoJQY6i5tI2ln9ug8KySE - 4jvaInODSz1eLaF/W+wxgiDxqgiB7cgeBxeCQiqNe8ZZz/7Mxhg6qQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTzhrMGRsTHhCc2hlTkhS + SGxENjN3R0lseHgvVGJBdEN5L2RqTWJsMm1nCkcyVHJoRTUwa0U4VFFINXNmcFow + djBVZ3RjMWRNMzNnVGQ2SVpnbkZyOUEKLS0tIG1sZTE5ajc2aU82Yi8wT3djTk90 + cFFnNU9ZT05VTVJyVEJIUzNpRjhRc1UKZuDdPv5Ii+1ErBYDGxkaF0U/T9jKRI1X + Ov56TSpl0nlUB89dLPg94bICrL6q/Gv1pFBGx03xe/bHyxaHTEvGoA== -----END AGE ENCRYPTED FILE----- - recipient: age1azkgwrcwqhc6flj7gturptpl2uvay6pd94cam4t6yuk2n4wlnsqsj38hca enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbXVyZjBsdlNOZS95ZkhN - VDZZQkxybTh5NGR2ZzI4VytMeTlseG5pdlhrCmdsdWY2cnZpa0xJaklvK3Z1bWRN - OWhCaHMyT1dLNmo0blBiU1g1Slpoa0EKLS0tIG42QUZuZFNVS1E2REV1UGVvRjI3 - WnplM2ZKVkVlZ1FIYStzYnl6T0xtcWcKiUfgJWlz6dwyFg0ln5a9MwZuQwwHv9f/ - AV4QcSWXR0rh8oV4PWw+EYYmtmX7GICNVjqruHmokU83xpcqu1g40Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLVWNnMjlsUFZNa1AvVXFu + OXZQQkozYWxkZ0wxSUxZZlM2WGtuYU05b0dFClloZkxTWld4cEI3TWhaTEpCdkJJ + T0VLTkpsRnluejg0YWNzTGMzUUtRTFkKLS0tIHZ0U1lDRUxpYkdXaEl3OXBmVDZ2 + SmxybFFncFpjL3FuZ2dFaWM4dnFOWkEK+EqXlNZkn+oe4YecCwqJ8fLvXSo81A7/ + hBRU6LQGrSwf7lWW1qXNi/wtlNJMKE0nWFsJozrPFwoEjjysFDZy3Q== -----END AGE ENCRYPTED FILE----- - recipient: age17x20h3m6wgfhereusc224u95ac8aj68fzlkkj5ptvs9c5vlz3usqdu7crq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VGFBSTk1blRwM0g0Vnhp - ZnNKOXJ4V2MzRllqL1NNV2VSK3JsZHFTMlhzClpHYXVqa0ZmSGFVWVpjSitmT0pn - K0txWHpPcDVKNGNTZjR6bEowSWo3Q1UKLS0tICs4dEZQeGhIUFYvRHZlU3pQTmdB - a05lTEZ6My9jM28xdUVTOTdqSkRHMEEKjdhHDpQl8hkRiHheD9sxDZHnIeJmCjXU - GBpbbTjAoVcJDyK9YH43/jNr5rT4mxTogArNtk+cvUlV1Ryy+PED4w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDejRnM05CR0ZHbUMya2ps + OFlBRnBueTdBc3k5VFhpelg3ems5NHZ3NjN3Cm9sRVJXQnZjdWJVNHdLSzFlZGly + VDNTUCtlV3dEK2lSRFhkNmQyUGpCcjgKLS0tIGdSd3dUb3B5Y1ZDSG9PODhNWGsw + RVJ3SW54T1VpNUlhUnhnamFRalpnTE0KL2JiKsiWp+06NN3paFVt5ZDfZBDP8i9u + 2vwztiFt8WdDKqJtaz2HxPutj+LtQIOOmZWatKTQRS8ALNtLZOeZgw== -----END AGE ENCRYPTED FILE----- - recipient: age1wnympe3x8ce8hk87cymmt6wvccs4aes5rhhs44hq0s529v5z4g5sfyphwx enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscjRHQ3lGaDJBOGxGTHIz - U2JmcjhyOVF3cEFCWXFFMU5Nc0hUU3pSWENRCm9vWXM4Rm9iSFZiTTNjeW1aNE5K - RjVoYUE2S3M3d0orVjFIcWhrVVgyUzgKLS0tIFpWeXNMWXg5Z2FTSkVDYytvdStU - MVNCQzVBSGIyUjAwL2NYK0ZSdE9kS0kK8Mo29wZlV/t1hixFL95NSyCvHfB1nUk3 - m/z5yh8CFwozb7ovd6MkAlqXB3bYAmMOiL+TPlvtqKkzcuQ6DRmjeg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEQ2Fld2ZjcjhoUVNmalpo + eFNZbFM2UzcrdHZTV011Ni9YeXhzUlRrcHhvCjV0cVMwenhOeDZweGo3YmsrcGRl + U3pBYjUvSTliT3JiK3dKWDdzYzlJUTQKLS0tIE1hb0RPbWoycjhTYjE3K01HdWY4 + cDBTVlVOZGFTWUkxM2pIWkhrK3ZWZmsKEk9Q/lXxWEkDt+xJyhmrnkqh8tarYY2D + UyJQofhowqP1gKLHlH0OVK2SGOXK1A762+aXDsSAb3cGvxQ+p06qkA== -----END AGE ENCRYPTED FILE----- - recipient: age172pk7lyc6p4ewy0f2h6pau5d5sz6z8cq66hm4u4tpzx3an496a2sljx7x5 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Q3pRZWVSZUF0cmJDUVJj - bmY5T3RhSmMvVGpoRlBOU21jWDZ5elI3ZVFNCkVUWXQ1b0dlT2JLK0diZUZpU2VJ - RExZQkpBa2t4aUxiMndpeStCUmlQalUKLS0tIGtEM25qenNSbmpGMlEzc0xvSW1t - ejh5dmtBZ0tsL0lIMzhmcjg4TmozL1EKRKzgHd2n9OqFd9AYsjvu4mk2IOOgFeF3 - x1toWH7frbK9/wyQ+jDJsWIthsvvGxOrU/bmiWYsFraEey3+8fJ3dA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuUTlRU3V3U1VmKy9hOEhr + SVlObkVjaERRcStDd0Jtd0tXbUhuVWx5em5BCmh0aVkwYlZ4OWRGMjVwV0M1RGhk + dFhqOVFadG53dnNvemc0UmpXQlRDZ1EKLS0tIDQ4TE5SU29zeXdUYVR3VzdicVRY + NTI0SnBYZGlRLzAwc0p1dExXVFdmVnMKEFkjz2qpMXRqwmZ4YCxs8iwZpHk/CSit + G4+EjH9oMEFBYqPkgdsYw2stIs7yPncKtKHPIHD93OlXCqKoqNWGag== -----END AGE ENCRYPTED FILE----- - recipient: age1p7pxgq5kwcpdkhkh3qq4pvnltrdk4gwf60hdhv8ka0mdxmgnjepqyleyen enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpM1lUbGhIWmRIRnlJbEJa - NDRpN0QrQ0IrYSs5RG4zWGMzZUhoSjFqRW1rCmtNS3Z6N1d0WmNKM3VvSms1Qk5M - cTRjTFJnREVzUSsyN0N2K3NpMWFTTEUKLS0tIEhBZGphNVhuTkZVenhZcm9kejU3 - bXdLWUV6elhUcWo1dTZOODB4Wm0yQ1kK0K3NSYoxjIdHt8mkfZ6/phTc+yDEbjOd - +23I/LtmUeGLDYbFMnUVrs6IHdt0Wf6XiHihFeAYBzJ+MZJiBGA/pg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTWY5eWkzS1FSNHlWL05l + SU00eUl6K1VYcDJoSFR0UEsyU1pHcE95K1FJCmEvdEVUb2xJdTRZTUY1bHI2YmRp + RUtrSGJsUFpRazZHVzdhQlZxbmxKMnMKLS0tIHhxVzFvVktXZ1lhazRyRXNLM1RQ + NmNLRnRDdkJiT3lXL2s2L0tNbTJLdUEKz1y8nEdzEmbqb8V9RoZWrKuLbz/as/4a + 8z/+fyoRWhuugN3bP1XIw7tyg7abW4/fMQaJi5iEcguKbDnfZ5G5uw== -----END AGE ENCRYPTED FILE----- - recipient: age1sv7uhpnk9d3u3je9zzvlux0kd83f627aclpamnz2h3ksg599838qjgrvqs enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHYVh0aXlGRzRzVUtpcktG - RlNtUC93VjFYbzFDTGh3WUF6eStVNGpzOGpVCjM2dGM3ZXlzeW1hQ01SQlhIOElw - V1RaRG5kTDNHUzdSVm1WTEFaNXROVEEKLS0tIDdRM3IwRURrMWpWNlhPNFRMNmlu - UG10azZmL2J6ZTI5WXFjaFlhUWdzT1kKDiBjafMxI4hH5vXwYU0oKXa6N3VwwSh3 - SYOWwZrrXzC2XEB2btqWxuPOu4gH9qVJXjIM4dS7AaHJM0DmrzBj1Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhdExDdGlMczA3cG1RQ2dj + cmlycUtFay9GSXZTY1ViR1lRMnZEenNXZEc4CkdhSUJRd3VmUzFGYXJJNStCMFFi + MGgrWkZOQUFqYURsUEVtblVnS0lHM3cKLS0tIE1YRjFuWU8yeWlJOHJJNDdBaDZP + VnpYR0RhS3ZLS2xlN21mNEdWQUxENE0KA/4UnoYY7p/6/KyK/OF0xkK/RNTtvb1A + uw+8pfLPlY4OKcq+yhCQEkIJOUzNvtoHWcvQf7HIzq/3pXc4b7zIkQ== -----END AGE ENCRYPTED FILE----- - recipient: age1dkecypmfuj0tcm2cz8vnvq5drpu2ddhgnfkzxvscs7m4e79gpseqyhr9pg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNjlSQTE2SFJVUE9pTXFy - NHo5czVPWjJYWFo4ckhDeTVQU1lFdDhQc0IwCnV3VWx4U3Z1cGFKdVl6ajJJRU5J - bWc3dkFiUlJoQVc0bnZvNitHV1g3ajAKLS0tIHEvNCtmRjRHRzE3Y2oxRnpLRHNQ - dEtZOGRkdTZIYVJrRE1Xaks0NjI0T28K9y8wk3WVv0SpnWj0FK8U4cRHYeuXIHw8 - tWL52iwJTf1Jm1uKw99S12ixhZIuNUM9J33EqH6PVQxDRCzM8/jW8A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZHZwK0wrdGpGMnJtSWVW + ckthVU5xa0syeU1EYWpGUnExSEdVNUQwTndFCk5hSkdDQVQ4ZU9ORXVUbWN5OEtX + Z1Bod3UwTGp6T01GN0JYY3NpUGRZUlkKLS0tIFBCOGFnbWRaZXVieDNYWFUzOHYr + L2J2UFZlUG1EK2E0MktDbGlOS1VmY28KA/Edhl661RwszbY6wdttE/5e91IYM2Z+ + NHPgNq9ePb0DqAtNozYk8lA9D4Y20cx+7gTPzSwYKVW1iITarI50NA== -----END AGE ENCRYPTED FILE----- - recipient: age1mdtnk78aeqnwqadjqje5pfha04wu92d3ecchyqajjmy434kwq98qksq2wa enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4UVRZNyt5QVdNMThiRlds - Z1ZjVWZlVlpMRzBrV1M1Y0k3M2xCRnVUVzNzCmZxVnlkMWNPNTlkOU1IVXVHTWJ2 - MjByM09LTjR0UHNrYkwrOS9Uck1EY0EKLS0tIG9PTndzTDFSY1JzWXA4Y0l0QWFr - enA3QVpDZGwzaHZ6ZGpmK2JmMm5nVVkKrjkYCDyXtf4QMmC4IWh3ealGGFE2qsT+ - 01mAXWHGETiuezKRxJahSqWBk9JL8EvAPNGhi3o7B++H40U4G3dgLA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzOS9kOVlMR2lXVDFWcUYv + cWtTZFdMMHdoQzdUbEZmRXlITHRrVFFKVlJRCjl1eEJmSUs5ejBYdGl1Y3Z1ZkNL + Ymc2Q2VVclRKdzRiQStBZGozRmlDM1UKLS0tIDRhTUN5aVhYTG9IZWdPY3hVQitq + ZHFGVzhBbVZwV2F0VkJzazIzRCs2TzQKK+j4kdCrNBQpEMIl/qBdrVem2880XnMd + /gHCkOmjcCJwbawN7ddB/+nxNp59M2MwednrXt+O5clTuAseUoa16Q== -----END AGE ENCRYPTED FILE----- - recipient: age16pxqxdj25xz6w200sf8duc62vyk0xkhzc7y63nyhg29sm077vp8qy4sywv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJU3AraDJyc1dPTlloN2M5 - UGp5a3Z2cFpYWWJLaXFMdVByY3ROQ3ZDY2lvCjN3SHR1MjRTdTNERU16aGFyT0VG - NXVpTk9KVHp5dDdwNkQ5RDVsMzRsQWcKLS0tIFBjaVVZUTNzVDZJVlBQdGxZbG1L - MFh3MFVSS3lKK3NWdThGMzIwdUNoSzQKSREBS5WSMieyjWjuBN/faxsdF0Gv29OA - s5MLSR4YXdoENtBYJLl2NMU8+Qz/F1UlnuUtCzcW686Dy11T/CDnRQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxbWgwQmZEcmw3emVJN294 + cERib0xuc3Y5UWJiRElRUnhjS3JScHc4aEU0Cm0zaDlzOU5sL0J0MGE3Ujg1T3ZS + cXljVFFVZDhxWEdkUjdndmNlNkxrQTAKLS0tIENwbDlKTVRLSVJ2elZCbnhtY0RH + Vkdhb1Vld2NvWlpNTFNyRFRQRFhsVlUKRihJgoaFsgfByXfoWA728AT+E9bQu1ju + tYpn7wL00VA/xwLyb7WVcrIJY2Q946UTUE4b9Isx6rv3NDKeWYUEPw== -----END AGE ENCRYPTED FILE----- - recipient: age1hv7m3xypesdfm0dfzwgctde8v307g9xaunnfu2687y0lagcs5q7s3eg0kj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjd0NpQjFVOHAyUkdYMzZs - VUplU3hpbzc1YVRzS2lMSExHb09uOFFRaFJ3CjBqZS9rYXl3aGZkdVVUM0FuU2Jv - cHRXdlNFRnYyK2dXaE9EbytOTXhxTDAKLS0tIGlEU1RpQWlkZGovR3JTOUNTck5N - RlJWZVJ0aWlHSngwUmRhUHpYNUNlNDQKX4jKugCpD5usjuQkSimKhEIPbvq6cTT+ - DcVYEw1hNRieZ3hrjMIqcoCjPOlXq0+hkQmAkZvrMvO2e1CAlm/DZQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpaFFlQWpoaUJFVEIvb3Vw + SzZyWmlMcU1RMXFnMmNHenJNTDJnN3dYbVhZCmNFRC9oRE1ENHZWc2ZYeUFMOEEr + ZjBUbjlaNlVvMkdaUkwwUmlWd3luQVEKLS0tIElEQnltd01ZU3YwNlFjc3RBcUNz + TVFtc2czRFdoMDhyVkgvVXduQTNHNU0Kiuni5O8zpUHcxSD/ifv26sgGa0CcztsT + jp/zmougfaFAy7UOLnkaCEu7gruoesZY3fxPhiCyy+jSCLe9mzxSbQ== -----END AGE ENCRYPTED FILE----- - recipient: age1522f3qzddm82w63j7ajdkr0khvced6ht7tzp3grvp0j3hewtvesssr5kpf enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTc2ptTGlGU0VaMnVCb2ly - dzNUUldEeVBIbnpEdlM0QkI1Zkhua1IzNmhFCjBUQk1lanFWVGNjeDVGdG55TTVE - Z2lIWXNqY0Y1YUEwQjI5dC9UY01jSE0KLS0tIFVlOXN2cThQdldjWEs3b2pDRHNB - cks5WjFuMTBCMVhMYnJjbkpFclgwNUkKPh/RpdUCKYn76fm5MG47ePBmNHLATnFp - rrN+PHxj85vL/3u00j2kNY28dM7IH3qymMYKu1Dm+BO2RFI/4hPFsA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvNFVuV04rTnpXRGthQjRY + ZmZ1Y0JQUG45dDhoYUVOeGF0YTJmamliT1FvCnFPS2NXbFliejg4Q3JpVmY5c2xm + U09HZ0I1dk10RGh4Ull0dTc4OEFGVHcKLS0tIDdSOGhySVQvUHlLNllnakc4RmhR + N3VKRzRvNW1WeVBhN0ZtUXF2UzZHVlkKl9roQWqZWohR8MnoMCXWNggWJZBHfZJp + 29pKxeqp4KV0c4oQMgFYcckrw13ynMQ1O9cgYVMPl/qtViun9jr6XA== -----END AGE ENCRYPTED FILE----- - recipient: age18zgt4y2sd75hxnpe333zz39048ctxpr0q8a3uqh3jajjkyawsdrq8yg5ve enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcHJaVExSbFl6anlLd2do - QlMyNU9zT1lJM3NTeThjYVlibTh6VVMweFQ4ClFrSDRXaTlDME50WlNJNG52SVoy - NEFvdko4QUdYRDNJSkIyTHo2aVlWTncKLS0tIHAvRlNISVd4WU1WMGZGcVk3aEhh - SUo2QWV6bEZGNFdaLy9BU3ZsQUY4eXMKaW/0KSpGic5BDOdmWmCHJ3NzBNC/+3/K - I9GEF07iK0tvIFupQToFuZ6uV0BdLmpHPfNBnSKY2+Q3r7siomPTIA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4c2VyQmxSWW1aMnRwMFpk + bEluV3IxWVloZjNiQ1hubGhldENWZG5kOFRnCjFZMUFGRWFiODBDaFNGK2pCRlJB + QzJCdisrd1IyY3B1dDFOWW9QeW5ReTAKLS0tIEFJODdCKyt1NERlbk1NNjUxWWU3 + NXNkQTZ4Tk4zanlRdHJJc2tJWmdNMzAKzifmbegg6BO7RBg+BEbdq+wqWHRIa9JT + RHUWaCkaX/uKndvNzjrDITLClAw6lycFFFWkCzFidT6nzz2omfJkPQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1az0k6cadssk6r8qcqxfr8cyu5mndy59pwt8yqq6w065ew6au4ezsmg2vkf + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxa3NmdnoyRXdkQUNBT2xv + ZmRkZk1kcFdoRER0ZG1NelN1TmpmWXlPWlEwCnQvSWtuY0NiT3dkN1g3SzhhTmVm + Wkd0KzJlcDh4aEtFMUhCaUJ4dlJYV0kKLS0tIFVnNzJXQVh5U3d1b2c0VVVkV0JC + SURxZWNTNDcxcEd0aHA4R0VRYjZhak0KNsB6lsd6OK9lCdzHJqih9uZ5xExf6z4J + IqH/PN+F84tTh29QxvZRd07qQwVBiXdwDcQjBzUM4S+a2c+TVxf/qw== -----END AGE ENCRYPTED FILE----- lastmodified: "2026-01-25T18:06:26Z" mac: ENC[AES256_GCM,data:plHNLOgGWwNWbakKG6X5EOxwERE3rvYO4EOAzY/sz+uM7cZBEnqU5LZwjlD8B75hgRHqpnDBF0JbHgsEwVxfJJRL1phkeMJFOapQMjZVWMz6j7eb1hOwpdktd+bpuimy4XCD1aOxOoInKpFSK33usxLfyqSxjFDM5+i6D22qBTs=,iv:/iOIfNuSIDsa/UKLP0d63tpOrYMFO3Bk1qPssY0AzuI=,tag:k+824MXD+r0lNUcuvisudw==,type:str] pgp: - - created_at: "2026-05-20T02:08:48Z" + - created_at: "2026-05-20T02:10:23Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAxK/JaB2/SdtARAAgG60jnqSqxqyG5tpmOyODv8QP5CQ+2bhDUg9gZtaAn6R - CLseD2MGUkOn0JzJfDbLFNr0yCkNCq8hiCQl/4IuX1eCV1Yskbo0N9VS6aLVeN2H - GLkOkVBnA0/ipckcnqBk2kvxJLy39N4k5n6PAopen8rQcIuEN9Ljso8ItB1BJhKu - 1AQqZLw41aCyXFnK5fvT0s6U77VOjwO5CA/c3Cgz4HzR1cmZSr65a6oBBIOBkQCH - J3SSSGCJ/SgAAduQy5eHMLtCm/J20NYzLDCadwHTgGJMHkTaL49E7/JbYG3t1aEO - Le4mG9hXz2vC5CbZSaXzmbwv1APQ9PWRzjqeBsJFZx3rkmj8xhRdZcU/nqCXTvls - l+yG0rbMz1vHPW65nzKw+6AU974Mt/55TRxpdCQGg7EqlzS+JnbEGxnqtSHd46Sq - a7apnd0rbaZpUD94tYcUkG3MePslarCcv5hBPUD4hGjC5yfkkCdcRES2JnNDcCQy - 40mknB95dXomQf7Rf3bOpbXp/zagaFaWw2X/n3eEQZwXl6UCQQf5n1VriKMbCTJo - vlJsDGSsaZgA4c3O9Fa64hECnp5Uj1jtBbC4xxjljZMUjDnAokzWbJPpWh2wS6rQ - EKndLx23h6gHEOS+Qa3EixF+yVRHCSZs1WTWPlOEsXWJf3gduvmXY6FzLN4MPWbS - XgG8DyR91pv5Uj3/2V3eDExA0m+HyXhZZEo3j+0Fda9HZkvQERsE2lvkTt1hyB+f - cBU+7eXEWzOrulWpFFtKetk3lNdGEhSWXomGZ8CRCHrmu37settg4QqWZlUwXWQ= - =4FYu + hQIMAxK/JaB2/SdtARAArIbXCPqNo+EajbWjsgzQAt4jtyUSh7zOy1URyt5XPEUj + zJUFkS8SUfL372esuA/KjiRhE0Ztq2T+zHF8sBT5E3GCTEiLnKvGNGik2w2OX5MG + CDmKZosfuhByOFFubsI76fbicb5euGq1QSlBony8fqPtvJ1LpY2GX7Ob58TXii9f + ESLesimUT0T1sxG22w7RFOFPHRgqD7q8Y9gAsJduj9QVIr6bBxehbu80/b00irk4 + SVFM7lkvEWij3LXHYBBx54lwT5vaM2lNzQzBRJDljzD5bJkqFFc5HZAtZXI+g7fP + UmKZQWD74Fi8boYE9VNKW5jtEHAIgWHAVNEZPb02zmNITH2BaWYQFRseYeILdjaE + zdnw087YhK88BHZYjgACY1+yMHaxrlwyj95D2m27zk37JBo5F52L9Lo7uKgF7rtS + sAw+VGqscEwyB0mmTeidcV1talvieHgdbJiCFH/hWcNksa/EZoMclp8HscKOjWjj + bq4qZSH0BPD740CLyIhh6LFLpi2wEdEY4MyMkjP1vM/F7yPondEB5vNjk7x5V1hD + bK/WthCeN2Q34uCBOnnqzFlbrFAmHXQvq8NgzEDvsJmfY1wUrNsdW9wy8fti+g2w + L+s5Eqr6BgvqCIPz7e6xtZwekvP1p8tHyUqPcdXLDfFoBayeMd1/So1mV6nXzs7S + XAG+LzP7X+B2u69GSkJZjgpmwgiOXXQDIlVE60O8bENLeMRbXLpkBwQ0n8XIs6pr + +FX4YxPsf7IWRpMjKNfLN07dSSkjhlVK6+qfyBAuucuikWsmqY6jgiS8daSe + =voHd -----END PGP MESSAGE----- fp: EF643F59E008414882232C78FFA8331EEB7D6B70 - - created_at: "2026-05-20T02:08:48Z" + - created_at: "2026-05-20T02:10:23Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA1QflAioE8i3AQf9GnjRfyFcHOBCSMvAQTzSH1u68A51lgK8wPyxHhEvwipc - 6ZwTJi/V8tLJQzsgYq642dCRwHwvz0c0s8xNv0EyTjxLL/ituxcsGf3UeoigaQGN - 053vxufwSCuglWCgSVGy2nBXMw/v4oj+3dAl83cmmZFDaiMfN3i+cs8un/fkHLCD - IPDhDgvkfYfHAkezQ0mwQbiTtZGLURFMefXxdXcDTmgRJ4TsKER16uLwA8wOVe46 - bV4QzGY3+s1VJGuIXmYpsb79u54vch6M6SDy9VT7k0T3KA+tHYxB2k1WbgvHRZ+r - KNyITbqa6Vvwbd8LW9TvAdkmye3p/StlOD4DJH0GJtJeAVDkJ6Balsd1JEsHQqzX - 8iYRNCueqLorWncsJerH95dBvV3DZ7Cba9askEaIxNjtFTBO47ZyK7C/MwaTNDAr - 3qEh+mGsMC7ONl8erx1MheDoN24A9qUPQc6eJE97gg== - =6ciM + hQEMA1QflAioE8i3AQf/XZSfNxfryND2BGfBPyJBkNySVUZpRPqWg9hi+7n6oCp0 + FZXUynfrtWLTdFF6A35OsnpdLEVwrQqfuqcrK6OkAYUkV9t50YVw6nAAmETc9faB + BV7RVGJf0OD79LHI/Fl8a+VkkMqG56BoBySQ+2Vb/eh8w0PKbB0oWN4yXBihkXAS + DKjEKf7x4OrTdHKa8GiKxsA9C+P0oo92Ygy98TOXQPb3MSQhWfnCFm+7beXIfInu + EpOtSFM+2X0y70Wz+X2/lw945qm+d+JXjvLpqpE+4U1b8LYuue5ddHzJjYIHK8Br + lQrdanIJw7CAeyKUtq5M63k5CZG2GHMxNGngWUGtm9JcAScF4QdywEzoq2NBf/lF + eP6/u7Kn8MTJ+gFOWxmlT8+VA+rhCp40EccQzbeftNI9ojI2YrYl4Qkb9CzlFXhN + uCtLLlRakB6CQWGaTxxlkN97h55s3A6l1hsF5qc= + =YG2f -----END PGP MESSAGE----- fp: 21C9579E6503CA815A68ABD8541F9408A813C8B7 - - created_at: "2026-05-20T02:08:48Z" + - created_at: "2026-05-20T02:10:23Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAz5uSgHG2iMJARAA0ojb8p8uQLivFc8DCYMeolgJa2APcE674herpCNDFHqF - bqwTiXFlfwtgHq8MEXW9ZzmLjGtv1xefNyV7FcsWIxLARTlm6vD7lXhbACVzDEt6 - NArvbZ7S9DNOqjmWMPZMBw+isSp49IWL6su4ayxDylX5T+lCtCt11xDVehkwThyn - espWaTTxePfEhvfa2qV/KlUNg0bUM/D2hGtccwoN9o6PKZ61XJXs22xRsAUAvIJQ - qVj5KzxtFuuMQoYpWKL/pbI5yTyyDxnv4hBiRm5c00Jh/pt+C56gOpHMFyoZz5Qm - Hs/Yx7IIExMJv64AcXxWSXVSUPwi6/5N4kuQNUyF+IGyP5ChiBANZG/1b77sSay0 - YXLp0s59NcgVk+qwokBnWjlM9SBvVSYe8UCKP2fmcGsX8z8BnRSLMgv7Vf7dp0Vz - 2Tn8KPORJOvl4AM5PrPLyGB22enBfNCwKNFnrc7vrxR6FRjY6ev3H3KfGpOFhFyW - niz419fK7suqzHealm0DW9bfW+/5DqQvhqhU6D+yaL3f258LGa+3xM3fKNxE6SKi - aoUo75/ejnVl0vdT53vS9WMERdCuuN2ye0EGsU/k+Ir92ZOV7wan8P62Sz5aE/sI - x9buFx1Mem7amIoAPLJ0iMjt8znoqguPMxI7nKp8PYJ+sv/z2oaBZf2ZpO6k64LS - XgE80imgQYw0LP02tolznROVwYUL4zKYUrRvU7DK/dj1ymXWePdfvBQ7QCJ8C2d+ - O1K1y1Ym0NusWbxz1sG85MTnANYwzHlmzFhJwsoJvdzs8c0SUxgsL7+m5/++qbc= - =HerR + hQIMAz5uSgHG2iMJARAAyLt6nBeCDKG9P76zUoweIw+m0aXbN1XFSIPbaq+ymq3n + /DDhqswh0xF2Ng4mD8uYrFI7CdEyVH2KCJAsa4QRKadryBxNtZqPOsHz5JcVgnlJ + yKnIYWbG7UZKfjAJy6TlpQR79hj7EvCNVQ7i4OYiOSJHxrqrRmAenyP0h6KfjIWA + Csx3y1O4SiE0llGYUO7K6t8p8mvx7nek2rXcL4KMo+4mKWSPaYP6XkBYteRTjfA8 + 07iU1TOmO5Fh5KgtWYkyAcQco71aefG6ub/NjJ9UYpSq6Q/I14DVpC5IrcgxbcRQ + SXAaK8L0iQPQ3mN4lxKokD5FKmr1et51GjRfvmiLCxY9rooB2/Xc2oiCHP8cB4xq + kxxoRUYRItBYzYbXqIYPJ0m8T5o6QQePbj1zfFLfpW33ZFdsRVyOdl5WSis5Y0Su + zA4A75KPlB6lK4qBa3tbWC9lOa35uAEk0NNOV2HNA7BAv5H5AQkoItaYMqElaoVG + PUrhuR7/eC5kRXoqothzv2H5BVGDqgqqj3ctv45hqrR3CylK5M5c8cS1Orfp9NGl + 8WWv55c7bWMW7dj4TOms+O58MwrOBla7C65U2krbsjm0piFoaEyRVgrypV/zR8tX + LIk1jJpNcLkMgVE+8593RlRlpCKbnk2qfqd4AuoDWdLh8Qq9H8lB4s2F4v8g6FbS + XAFw18E38CdoNdj/bjcM7uCOTGAfR+p24k7c4LPP6AcC/FV0QinPGwDiwEdd5a9N + rXyvsFxfSzrF+CJ+B2vefasL7SxDCVkM44dY2BUxOmYxNRmH5g2R73sLKJ7P + =wIGB -----END PGP MESSAGE----- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 - - created_at: "2026-05-20T02:08:48Z" + - created_at: "2026-05-20T02:10:23Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DsZXvxFXTXoQSAQdAozv/NDuwLWMHca7CXMS6eAyeIspdNr0G8Vrt1qUohlEw - O3zOGfc5EKGNAWremAO/cvqY1lBiftDKmn+nhP/+ODde0QyIMuZesTKW/RjqsHK5 - 0l4B51zXNybVL+WK0eHXdR9jBsJt2ml+B6Dm8Vrc09ivjy91rKh2fkE57LWpQYHN - Bzs/9tL3Go4cDKmm4ziiw6Gisw7dMJPI2Ys5goheG7KBoGtCzyX1qUZHElyiGHtK - =PEO7 + hF4DsZXvxFXTXoQSAQdAFCMxmEEeH1EbTjXUOYwa3eR8KnSPneB9kueCkfQrnyAw + 4gq47KXBaGPHp0Z8NYWmSFBeaYjCkwo2Ofb+j5/Va36ky+AnSysGIwcUrWMaVa9C + 0lwByKgj1RSU/BsybtP3tyPw1YRqadlp+nR/5agxBYhK7BC/jbhSN8rlkpfycuH5 + 39oQYmE/jRSAIgAfsj77Tfb2WRBAdv/F5u86fO/bgHd+MgPqPU4hCCJi5Q+iPQ== + =dW1/ -----END PGP MESSAGE----- fp: 9633412309CCB83BFA39BA5F2FEF746201D7FCFE - - created_at: "2026-05-20T02:08:48Z" + - created_at: "2026-05-20T02:10:23Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DerEtaFuTeewSAQdAh75Enh942cD3+HgiJEtjw//W7OV37U0rZvXi0y/Mxikw - 0XNYiOER3IIwoFS7a8eiBSZe1bbfnFD/0qOfbpD85orDiJzrnWAU5bq+NMHlBgzx - 0l4BXAmkkumjh0ZeaSRUayYmvaa/sKVnNFlbI8ieU7qb3zNUaC4mqU2MHQ0KHRJE - Aa4eqVFhsLEh+ULUmeXrbPYo8q3+IQZteQ4bpEv4c7vh92h2mw/bj8XphSxN5q8C - =Dvky + hF4DerEtaFuTeewSAQdAYdMU1XTUDpkZslHRIczB801Wxg4+i6AMXuV8ev4/mHcw + xyg+Sisom1gLL0VX8Gd8YYsRTZiDSSpurQNqwXy0Eyx7+WJ8txxo/GFw3ZLMRhI0 + 0lwBSwV8FeBs0tuvTFa4zqWZ9wklzk7lfiDdVV1wc/Q12SznvMes1KZtqUDEbkaG + lYg2b5Cl4xMd+QP9MVcQgibGYw5mx/xZ0oJpiVJ9JBw6MrGBJYChGOqf0eaD6A== + =h0ca -----END PGP MESSAGE----- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 - - created_at: "2026-05-20T02:08:48Z" + - created_at: "2026-05-20T02:10:23Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAxjNhCKPP69fAQ//ZHA6fVzyT2n4i4AHHMXii+pJPEJN/8QRdAnxZYNZ1n8k - G8T/0a0l5xb6o9WmsqE2OYU554uzoHkyMIlM1kZqKZBeBXle7r1De/T10fv2pwBr - 1wclXJjP8NwyTECASKR10+iGoc0d7R7RZ74dnu5cE8Loj48oZqbZjIedNrQk4YBY - PhTyeGsRLpxVSlL3T6aHmw1MfcIQ+P8NVLlSP/61IM4GF5/mY1zl3XAu/GUg7hBS - L0mpLwSNHJ0frMKQpTwSSfg9Pi++0NqTSBgUh/ZoikPGmGQl1eFxQ5tFD811mHMo - w4xFTzt89pD6Q2cv4KAH7qWdrWBdEvx6O4uTLdK9Pp9zKzB7CEujco8sZWrRmwEz - apWI1Mq238fCEtmOvWos0dKZie/dHgYEkPkECcUtDD6kAMP8Y/b1XQ3HZcwuDRi2 - 7LyplVyZ7Qu24vSqK3JuMUghoJL+fqsfKcNAmUBq0ELI1HY1P6ad3PvjrMkHPNpM - 5MhxpBk61YUc704GFEZK13KNbJLcygA/d8KUB/ouDR/uRjN0xw6cSN2VmTHpGA0A - 98+3hrzJ3ANmLFxX7eoGKrTltk1m7sIPACw9pkj41z1goPiK9sFawGUN2M6o/7W5 - UXPL0GfBMTI1Jbgxvbnq05lNDAM7DkahagcmR+Rr7CJdmmQw1ovjFnt4knnC0k/S - XgGQM9gT6th0CGAJ3DHJm2yoY2GikeoLhDTzaksgCZM4d00WC21yD8dNPv66KuUh - +4pxu8xvyQpPQ2Lr+H4yvEgf8s6CINgYntbmzZIyWTu9mOKJD0iHpBQM3I+3iYs= - =zdup + hQIMAxjNhCKPP69fAQ/9HuQg6KvEarCQfT/piWAuXtufmkCcj5dQK+U3j8ezmRYf + gvXqxd616jO72g94RlwO1MKwH8oukRTzvVe7TdPf0WtcuSVn3qeUY94mOwqscMSp + +GPSoPDqBZ4V4eg15vAAsTK5U2T/tx+5W3k/J0v6O2CM8b/ng8r0eP3MwlJiN02+ + ya7zS2A1OkxME6fa3758P6P7t0VdQRuhK7XA3F/Gv2dDqBEu0z+mFZDg007sR8bw + BNTZKMoamlDDkpv3HZ0qLy5FcocTL+/z/RK3GB4CB09gpznU7iGbM3QTkNVdNS7r + u7qaKuXKY61lIaho2SCgM6miA4h83DfHnxR0Vkcw8oPfENls5lPN8hku+swMFnYK + 9KR9ntk/Beo3RoqS/iIRgLlgHpP09tggdfUhi1gPdhdmTH5E2TIG9v7S4ltKen53 + aLqrNIiHy5S1Nr05Of0g4Ff/OxaI45lmzXAWQ7oVax8DSA+5ubUj1SHmo+zG5fyh + tTAdVh9oyBzX2GlpbWoKCXKPEhlu2pH75w/WfZLZYtjh927Mog+d+PAK24Kiz3N5 + cTd5EETuZC/nBku3WWN6y+gbfUpIJMFTtLKdNY++ebWaqfK9aZ1I0Q1g2pfZXDb2 + X1bzMdDdGAaCFNW9KWx4woB6FZEQvDLEKvxqZ0G+4DcfNj83sGOqE5oguLJhPyTS + XAH9x6T+VjGRFT0rN2MUMl4n+z5K9ZWA4OJcC2PGi5VGlVyK48hD0B+ygP6GBwKP + 2LJeG7ANB9eNeGsHmxEE804DdcuuEL8wtEomKU+14Qp4sFwXJEn0zqmgOPd+ + =DxEt -----END PGP MESSAGE----- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 - - created_at: "2026-05-20T02:08:48Z" + - created_at: "2026-05-20T02:10:23Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA46L6MuPqfJqAQ//ZRYrl3A0QNnXXnK9u1yOATNq5DlbIPpKNo7KeX8HL12k - km8LM4s2mLyruJkdoGfEWY0THpGhUGrnXMx2QDxVYf47BWxmBvGinQTw3FAHEpt1 - fl5PACh0g5tqGkwLHIowAPMjjmTNKn5pCgNC9NGfuco2yx8tZUfdUNWej+/ZFtu+ - Y14hn4nOSIvl565qT2T62uuPdaRa0pT3gu2Pr5Z1Tn9hGl47swnuq6b81IeqaPu5 - ukbT0S8UNcW1AxgN+pXfQiLg+Iro53DDxKyZ0usMKSi9eBl7uayf/063RIAZoYl7 - PkdjaUuhflsF6RFKof8qC2vDHRnQNtIW31u+gNxk8852uuJtYspDR6ke3LdZru7K - QpmendFKZUC+9EtUJwahLSeQQJ5Q/xgNuIxCCPIlDftfX6kY3Oi55rl1t7J1lu2N - D0cRIAszEC9thcyGlzg6g/C2LyqeHbHdPxpFePN4MOOA5FuATftxwxd248jnEJes - wuX6PdaZ0LrcLBdSMSmpgBoVgv8bcyxD3K0SmqfbpZbtFCkDiXIe00yy0KtStjx+ - b6YfVpojcnXuWEN+lZQDFU7bvMZnruo0L+Z8MFrUb+wLZ9Pini20M3QhH61VSQJP - O+s0gEKwaDYp8125iW+mV9o9nw3fMEE49BMjlOxTXCHZk7RVKADzbpmvZ8rWHnbS - XgG7HFzmVNeECKLtbVO4rgjLqDw+q9aJ/wFyXNjxuMJKa5FGgl8/g38KpfbDq7jV - ogBSYhLpr2cSsQ/sLoLJZZyfjYTmvmSLZpFPqzSRofUUTrBs8/jKtzSCCd36AfQ= - =Aa7t + hQIMA46L6MuPqfJqAQ//VgmB8grK7tmBerMubQu9x9/ig086RG5IjAq+NqDZlwVu + fnRRhTb97/js/JdIXn+to0/pGwk2vzI2rWhcX9cLbRXVWqiLlWdDkpQwh0hAkHPD + U9CBm03TBJbsf6t9rA4ec+UGuMHBwKymw19c3TQpUtwtMxQpwUWsQemoCrzyayfD + ZhzVBL9skq0rGk2WQ3Z+qolGcFPokwwmh4Lu7gDOJyHUJYQdDXlZfbeNMv1/Mq/6 + atWzd9WrEpO3un7yu5wNzcUYtrCJuMEqRpwxf3fz1jNim6fYkmj7EMZcvZAEOU0v + qn+wBLVe5y19/W1KxLQ2hkUMhxsPHztOnvsYUNAiVNTfmCRlQlBZ+HvayNzMd81L + YIULOV5p7UnhOlPQhjwuX2LCOzkDRl4MKrbC4XNLYFwphPAn0v8SJ5mcb6a3w/5N + Zn4pzJX0+lT3D6Hv6231TVx5/AvtGYPs4YToM7drjl8pK8e1UHSdWxpiSJ87REvh + XyeEhvUoJkVhMc4pKWIMvlk5MkW0jDVCIiY41qnPh3CIF7NOOZiN5YpkPtl6kFJA + GkxS2bcLmuX/OnYkF3nsC77toEp0ffb95AyfGkcHIypN/bEE9P4DXIo98TZJCIXN + nq4HeDZVV9WmRQfpwEbYuGqxfTpM6LGl3KhXj+LJnktpMyYoEyX1bc5fB8cYDzXS + XAHhVdt5/wjsKTv/W8Nv+taOK2R+AD1QY5h2Bl97e3UoR0Ug3VdjPoLwZ/gFV/dO + ac1FMQhoA7P3Nlza1t+cSY8LvbiU30zurJtl/46JGreFseVpe0zjOKPMFutE + =2UZs -----END PGP MESSAGE----- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A - - created_at: "2026-05-20T02:08:48Z" + - created_at: "2026-05-20T02:10:23Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DQrf1tCqiJxoSAQdAFAf/+8TjczYTVpr5nrNKG2VHhOGfhHtswIg3pBbEsTkw - 90waRIH7AQb7pYgaqkfHZc1pfuA2EunAvEL8VsRUxrpueiWH0Yb1AoosjWn7VRuJ - 0l4BqsK0RFro18Q0xtIh+AEEYkFVJxPS2yJMD9e8Oc9uiRe8JCrBOa/inDGWHHVN - o4SY8heM7eWYW4qw/RnTayq4jqsA6vXJhgZHCSTC056RzELa4+WrtF5IVpv0lARf - =iTIp + hF4DQrf1tCqiJxoSAQdAOVINvFeDv9ENq+KtuvoKb+CBxyMbcKUWlBtOZLV/Xx0w + GXeCnAwIAB99wxr4ewLrFq34yabVnNfJYB9uD4zcIgevZAnB1Tji3FGMll0gGryq + 0lwBa3Pm/dn0ypFFcNW9xksgwE2oCaGLZq/D+bJtW6UJC5tBZm3Y+MbqiwKljJk+ + lmzzX4rlSnx4jCma8peyAb8RNqpMO/ezo1jgNyGZpsjIGvQ2i1n4YHi0VqEUEA== + =JMjm -----END PGP MESSAGE----- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB - - created_at: "2026-05-20T02:08:48Z" + - created_at: "2026-05-20T02:10:23Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DzAGzViGx4qcSAQdAt08Be192JdaBTk1XW0dqa20rDfFtMJh7lJhFLMXW0mAw - ff13W+ZxJ2AJAVOnqiza2lHqE0nxTC/TZwvxXmmIbZKjxpzjoV2f5HcW9FBkrZZy - 0lgBlVtniohqUAz7vbbfyqi/t/6Un/8Z32Cvr060vIvBSANX+Dd4J6Gel4ZA7F6m - 5rSP4eipg5yhlGyeUhbXzT8l/NcGytbEAGjwMA4olC4dnsdRkrCiZY14 - =bhCX + hF4DzAGzViGx4qcSAQdAVm9Q6YBrTtT6g6yuAa06+nPtYICDNtrxUgjNCcOkJ2cw + Pi/c9CTwfEiU2iWzYygpCslJxs3UouBu5nxzCFTQRImltBjVQymDwaXvS99HU2sm + 0lYBG9hfZH8Icjo9n4MlbnbC5WBLRooyQJWDnFpZ85n9C7vLY2AH2a/IqnRiwB69 + ufWmB/r3Z2Brez/XvJdWJFCybuShL+Wyr+v5uelxI1u4ztNxmKeqXw== + =9vzq -----END PGP MESSAGE----- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD - - created_at: "2026-05-20T02:08:48Z" + - created_at: "2026-05-20T02:10:23Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA2pVdGTIrZI+AQ/8DjyU67Mch06O1rnBp5UpDTJYMsTL9hqfjQcxpsZG1gLJ - t5fCtwSgJaxVfx3BfegWuwpS2jNQvuH/oNs6T4yBeN6GpLOzwQGXUe+JBV+aXSEb - 5J6jyJ7UKwICyE2kN8iwsKMNy/NXa0hhkAt1GIYb0CgEJ6/FOAGxEh7D1lL4WpYx - iiNRtmWqJAiTKGE8jnMmFamddKc3wkh16Z7mu2tkdaODNwrzqXhlIrukUAnn/plc - NPTws9gsnnOw8pYydQcSDYkKnM3z20pUk6fAfIWZ6JSH7Bt3WJ/Ftrhwixr9Ld5a - TXgiyxzfJMo9eUb/GMh1NpRJjLMBflfA3DsoD6dlvUEQAhCpO58xz94dEMrzb1wI - mNPwFPMgtWesCzJqXZwVLrtFbU9+e+ZlJL4n/BtgPoe9qhPQpb+hjIJLL6P10vG4 - YTx0M0v03vHsNy57uBh+ukV0jkm6kcQR8cVm8i1HcX4T0b8UbGyh+FXuMbLPahMF - CAPexpw4Ai+lAQm9jpRdhxX4xkXleNfo5WKNjrM2VUxiayi4EElQ71y4MuYbLPgM - njYLEwwyRKUjMegOrTBnEsPwxDi0NpKrZ6Wjy/G4h2b7PZNWrOCKE/2MiCcVUm86 - V+9ZMhpMWfpnAV3cez5Xyj6juR4nL3bOTb4KH+R1hB5yCN9NSKxoZ5+iLBHKT/LS - XgFfJrAwCBbD4KBR1uzbo9qcu/VP2/dRTUODxZESpX6sdycg7mrPxhFDDULCR3cN - swfbQqfinaD8wI+dwaUOUwKnO2hiXj0wbnt1J7Bh2C9uiyPP7bVMSizO/rAJE/Q= - =xcBs + hQIMA2pVdGTIrZI+AQ/9FNudV+zztNHNUBER8At2+bo1n6W+fbF5bTSbudOXGbvV + rdSTWxFuslVh5kzXJYP2a+iYh/o815lzQuVtn+PmKuWCzLEYB0VmkbeM9YBEOxKu + R6uVUbI8xOLFLLErR5E1d1l4p2KRqEEfc9m3tzDa+i3PVOCYhD6qTuKhb6ImDIE8 + 3MqbXRnBBWgK14IivA5ouGJfeHbsYmeWjt9y5gy25T++Mdq9aPoHjjQ4P38eDT5W + 5lK0KcoAPAsrGkjzIgF6NBQr/Ut54RuHdjaBST2tyHP0db9fHwQZj7vfylHJfj6h + yi7rdjX9Ldppw2dnatVKlmpQATS8lLX1vAkipa2H/8kz3oYOJNPf23+8AfyhMs/X + XTXkC8Zw2Auz71TxFcdUXrO3Z9/BgsaS3Ec1TRqfzKbwficT8QP9est79XDxF7WM + 7WXTvCQJVofRquCWR+1h1EwSTiMRGRNV/Uag4hJI6OUwBN2fKbVS94S1jNkxCOX/ + DIHhijMVXvfNWPOkTjuaeXJPem/XwjjCVif2+gPbjYhuXySrlYJVQOrKzPROYIZ/ + uDKqhGZOE0Ng4xNyD/KZTBsoJVeY9xI1IBfMh1c4QA6vJNqU1vQW5pnyFr+N0srQ + kEGBc9dwNom2BjanosbnRORW6+r6BwwI1uPOQPlYUpumHM4o9jGu4bbBSPewOxLS + XAFBjjWtkZS+WP692phQxnXz8+gLc0RXD0UZ9+Gyho+X7/R8BV0x/zDoUgfVwOnY + OZeyd9YDL8JkL+K6EZgS9u+E1XCbRkbVVES06QNVxYHnEO5VbU9YuG29KZ14 + =nF2L -----END PGP MESSAGE----- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 - - created_at: "2026-05-20T02:08:48Z" + - created_at: "2026-05-20T02:10:23Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DKKbvh61jX5USAQdAWSpHk+R/CKDaO8c1UPr6fOMnivWMuIrBzZh2Q2JPPXww - C0C8VLfIorI6P3PbgbJi+BdKIPx4Vi8n/4t1y5fcPk/1NfALPaF2T0QuwhWiMpgT - 0l4BPZ5BAMvNLSuAiSIloGO59jHpsRNCxBcVQBPIYqMVCTZxwMy+gBki64+ypavz - UvHyj3/0Wpy1tHL/V9QSMhWW06S3jHMKS2040LYEY+WWW2+pmV+WJz94zL7+tw31 - =YBfK + hF4DKKbvh61jX5USAQdA4IyNdJ9IPWLBxwtMROgj+/ZlnMLCdnjXBMmtyrkRxFcw + JLp+UagV5UWX1KhddjhiAHbAa5OrIQsBZrJ75XIObCzlVMmj07CtUpYgLNsTiLVS + 0lwBrQz/Ogp01HETxMoMuGc6VdNvYBrRFZE94pK/KsMP3DAca2MXGokc0hOnk4WT + /mNoOxwCE8ph7H2T//TM0lS5DO1S6ytRxm6wrT7jLu1qkMm9EjW73Nr7Mb6HDg== + =9XH1 -----END PGP MESSAGE----- fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49 unencrypted_suffix: _unencrypted diff --git a/inventories/chaosknoten/host_vars/forgejo-runner.sops.yaml b/inventories/chaosknoten/host_vars/forgejo-runner.sops.yaml new file mode 100644 index 0000000..c0e1b76 --- /dev/null +++ b/inventories/chaosknoten/host_vars/forgejo-runner.sops.yaml @@ -0,0 +1,187 @@ +ansible_pull__age_private_key: ENC[AES256_GCM,data:fEly3EIovZ4n5xMnD5Aqtbn1+DUszR0MvBHcM383G40qfHxrbF/lqc8iftshInoHSU77Vugignyb0dTSCTS1cWmEg8I/+ZFjgwc=,iv:Y1XunCfdIUC5nTu+vkr0Q0LUBWeIwP/bGNkbnDb1cpA=,tag:6UrkMx6yEGB46VVvtAkDMQ==,type:str] +sops: + age: + - recipient: age1az0k6cadssk6r8qcqxfr8cyu5mndy59pwt8yqq6w065ew6au4ezsmg2vkf + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcFhwNmRXTnptOUMrN0dZ + UnN0bFdCVjJQamNvTzZmMkxRdk0zL0E4bm4wCmRIVmVrVW1Jb3BKOVNnNnM5MXJm + SXU4ODdwUTVaSE9oSU1tWm5ZZUpLNlEKLS0tIHVUY0pUUlg5SDhJZjd6ZFhsSnBQ + VVI1TnN3UkcxUzdOWjJQTzZLOHNlaDQKx/HqW9sEYmNYIMYvLVF/9eJfcgRH/cJv + YqcDNZc8L9Rap2TfwsiJZourqDTe/8sWgQ0yHC4mcKS1HJOTUMNwqQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-05-20T02:12:09Z" + mac: ENC[AES256_GCM,data:QgL5PSrG3yVeJQgDJ3/VQhGwF7WpDb0+w7oxeF0KeNt3m2YqUsS1qKwK4gJAbmyt/RPdRErTiPs6NdAouowjZg6zcd+Trags/GIBKcaIyJqQa4lw3J3Jod9GTkol70c0H/X76kQx+bWzuXnJy64Dm3t2h+/ytD45+yZJ/959FKI=,iv:JnR8ZRgCfsr7T7L0NLCncH/6q1EGErOCzYjZWrazDh8=,tag:HHH6MrP1bFU0j/Hb6crEZA==,type:str] + pgp: + - created_at: "2026-05-20T02:11:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtARAAjLRV2OOq9LMCn8jfeXXeQV14nliYJW51ry/lyAAT0mK/ + UrZFjXJon1HibzvpKVscCN+8i75RamsEp0/iKOoQKORUNZMWvaURPtzkzEFwZxja + tLKzraEl38y89UCP6XzM/D9gLxbGjioz8eSZ7InXowHFGS5HykeZQpPKN939l+lV + 0fxZH/yl0uDVOdjWb5NWVqK0xhVToi2u7uiwQiL/PdfvglCEsF+a7Q0bBRJIko+k + DN/rfq0xhb0bMo52lZvHrqOAod0Kj5ROebvwqOpXCSTFi0JcrVDiE+jq1wdqofni + VkL+V2Lu1Wi7zGQ/gjkLWWfd6IqKxcepsmtedy5Fs3ZcGKQ7jBw0fqvVRXE7FUFc + H74QWr5JSSjQxJFCugBTFgeOU3t4VcYeVt32FhlmfKsQ9I8B4xPuvTvmM4S5uELF + Sj2CHzR7D52mmWykUKx3h2f4AgQDv79IPLKOcRpLbJeOkI6kdDV/KfQeLcL3/RDA + FIHQDa27n62os11WmcKSqb7dI7W5SYKd0eGHfhynjQlV4LKRvrI//vYsIz1bY+Qm + 27eKe6KodvijhR/aok9fT9vhRpD8OyeLw/1f46azuxdxPUNEdQ6HYSu/w0sLhqte + OtM7q+NK7G5I19KP7+e9tJBxou7zpm+poseNQCl2j1nBGjahSYy4zhct5fQfKLHS + XgFZVUiV88yP42Jd+lxHZ/bs2RJ+RuQPvPj43c5jrBiRNEqKRcEXViHrJctwKHkZ + +6j+LuEKKszsWNGN9cOpdyVBcL5PUJ8mRribr3SnsEaFk+swutFm2sA5gLSYdB0= + =IxLP + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2026-05-20T02:11:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA1QflAioE8i3AQf/cKHMPmpFsvqyJJWZsgNB1tWeNh/aiKkCIS4Paf3hBeur + Ca4WElrH+M9feFH7qR3zXHviJXB0zt8oyUUNiR/xg1GNGw2wfVh3EGUWbZ7THog6 + sqN/2KxP7tIk74mjlaMBmIpyr7xd5OkjhQy4IkAFr0PBRGunVVa8d+73uUDsZBdI + XLpaDUZXpANOxZbXxBGzeYgG55yBs2LiXKLcjOkIi9G9w7Rtk2gdH4tI1miRstGS + jSB9xDCtszxm3kWmcDAG3nAORDCgYnlpeZrPGUhTqh7JzLhTZo46EHSKY1ThdVnM + cbbx0CNfcTCDWVxZEv6GHogAFSELn/gzFiWXjlcHoNJeAUNMxzW73TD7mB7he4EG + Phlz6+l5XbcSmC42QaLG7IIMNIpg1pai/fyBpKTYoHAGEGuDRcDgjKGOPTQH3N+0 + eIMu44nYPUh69kvzeMLCCbzFgDRyu5J4pbCDEiY/8g== + =VDJ1 + -----END PGP MESSAGE----- + fp: 21C9579E6503CA815A68ABD8541F9408A813C8B7 + - created_at: "2026-05-20T02:11:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ//cTX8KOVgAdIQNYMKP3pDK5tpjUV+idiMr4Y60ny0UNM9 + SlNHmG3RLkZwyBaHdeJ1eTQYSIaWasUUhCcI6sA5A7SYPhMDtYU5lsNgmiue9J0T + Z6SrCe9T15Z4bDCS8M/fli3NlkImkGUN36Ou6BXzAVKAKfglzVnPAT2+J6JGBHbs + z9ailkVGBonU2QQzJ262FZYY3a+Rpw8w4mDCoIsfbEwxHrB8lLyf7AX81qtlcaHp + ib90CCk2aqifudBfLKRIsmxBDkD+hffF6HSX6t3q1Tvw7Cg8Hpc+LWs+ZNPkmf/a + 0/SrMUTBey28gDoDloRfd8wdPzm3Adxsy/bTRkAX0Gzm5W+sZAjeUyqi5MfSefgR + yr0aff6D0oWRn1geLdcNJmWfvRM35K2b3KU5uxqshT7WjA0i/rJCHu5pjpsEVypA + itPmVt1BPDSHcaQddaXOSpSMqYUOltvHN8pV6zGBAAsUzSor7GugClnMHCdp251T + som8Nsb6IziKWs4dPPR8DHYMFVFrLrtfkBi3XO8fWVncwcEofmYsRQotsHLUAkjV + 5exEu0OwSKVzlbqmDuZ3z0RByrPpfZWsJWshBIug9Br6PL17RauFY0cuCF0FPA9J + FGlNHH/XG+YqFEj6kcVYzQFue1fL4gD7HP9u5yOQ/D8JoBgtei9r42xetlBCFyjS + XgEoIc4qDC3aPKBB7jhGV6Sc8x/4fdjpDWMA32pzKR8n/BlQzYv8+b5X1m3ngPhf + bhGiZMIv3HgEQm2M1PP/x3ViqkJAa1EphGG5yOlm9dGq1ynreGxWVdaqEWWHhrA= + =W9zk + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2026-05-20T02:11:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DsZXvxFXTXoQSAQdAR75j7EdRO8U91jSZn9RGZLZmVHQ2wt6dEWWE4lZU+Agw + GKy5yFdG4ZfWxZ3QQUllIqA5Mn1Tapbz7XigK9D5/hF/oF5gedq8EmzyX6FWZYCn + 0l4BBTyZdlsWswCeE9zCvKkfm+L08kmnNrm9I/F8cOXx1BrxS5zXdhtNTGvGZ3Ww + hJMt6Rw4rmX2Mwm6dbpcjpZPjRp19Fb2nwnTwQ8YTRCSNulDRtJj3FQ8P6IT9HKN + =/5xR + -----END PGP MESSAGE----- + fp: 9633412309CCB83BFA39BA5F2FEF746201D7FCFE + - created_at: "2026-05-20T02:11:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAQNCm56yr/4kGtjRJ0rM1tUnRTHXRPmGul39NNGiJdQcw + J3EOCTeg1HPR1CoC0FQ0qSAHQQymkcjttutY2D/oU2tLdqc1UsW01+ycscZ7XLwn + 0l4BQ8s8gN/6oIkFPvsN+oUP5Zs1izGsc0yozg42resT6qlsML/jFBvP9LLGBBlJ + 0VCK22OPMOXSHnCofSbYelhyahw7+xdr38juIxuQaYS4Lx5TPZ8HaKMkzXzduBt1 + =4xwZ + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2026-05-20T02:11:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//T8mW0sDkD6e2hWSxIkhVYRE7l8bsFbDcbHkz47ahUrfK + lUDnvzEnX/MEt+PZJxzuzfLrRDmm0VmOmskJrpguwpY27AWyq9zKqHgxLtB9EkJt + MP3I8oNL+scjhX3cr/HogtIdaCpb9+JSCxZ+idABYMjyDb7+csFpHzyK/G6rToMr + EpvWD3BduP/tr+frVmRH5zxUku6jt/GfkiIq/a8mEFyyLzqsxG5FofzDCx01MbYA + DU3try5vX8HYUeuYFHhU7qOHIk7G5xen/92m35P8LlllNTjTcgz9oqxGuHrfA2Rz + K/RS9FoI4v/NNKHqUjI6Rd530/zezfWCOi4QdEdXLwUs8YyTyEhS3jTwIops70bt + Diun8OQ+TIE+iQopjBCoX4IH5M05N9KE1dVURzWQAy/F9tZj9GEhRRYgo43k7Zd7 + BpiFFAoC3uVDYCCznjd9IuupO4WnKnLGEWenWvxcdXkTxXvzO6KfonWq4GUKmXja + n4qu6pYIAi9ZYhXqKhHAm4+kgbsvhAM09Es6LX5718rJrfkYiYM9aIxVFO3pz7CQ + PI2fknrnw4TXKrKEvej5q6XYlKu7nSuSoMSv8P+NNPEivpVVZ+KPU+pbsNKRqEI4 + vfUYuAdg3t1isEtV+kI5CS3aIg+uU9RGgSGfF4Di0WTog2MZ5tyelvtAa+e82i3S + XgHGXuiPatmZyu2mXJZv2kWxp9UjKkDaZttKNAbTGWEtWAE0uyjmfuvMLt7r61/a + yjWDzQCMST8+v3jjjzDV40B0kOJ9+6vzAQcmoPtnA5vf0dW803OifUB6nWcVKtA= + =lxsO + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2026-05-20T02:11:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//RXIqipr1bcZkBfjokXOnulmcTCZkhv28NuxQjwYHWa77 + WYZpBwVTN0SqtGArF+E6yFvOdzoDwNeA11nB/AguU1NugROg60nP/169gCb6ydE+ + mHtTmO3jU2GIj83i82GVDnGNji8/TIh6ccz1a3pQeaygFnFZnDLwx/DJSy0CTKTs + SjnU879teK3CiFCG4A8f3RvB2LxvXkYWYEQ9ky72zUxTFVij3GdbP+fXsrZQHQ/7 + WrbdROvoTdtd4nAsFQVtiRab1Y+TCcHQdxxjWFoY0pI4pOcjHtbVh/fTYCwxmLez + s0hm9aKI/xS6WNXna6CGOjN+oFO70EBNUZNZutmDUf7kBXPSlgINBy/HPXgspOAk + Ww9D7JwM1uMOFYdLclbP/DVkUk8X6nVYTnJR44SwlHoZEqYSs0qNVosjWQWVi/Dq + D5LO1Ynek+u4GSK6guiCdj/arUaiKjlTQOXgnk6P0Pu1Y1F2kgzR+Kv/AkRTokmM + xFXpHCXVMA0ZrQyZCX8Z7eNrV9vzEfNhwm7hNrASxEnORxHRZP4Kzc4SNqiWeikU + f/2giFZkTjQoKjGwvcRgtPRDRYuS0EVG34Ha5LOQ/ViAsvhu6eQD2EZhEYENhmIP + TO9jeZZY3GMwRp/lwHaKFfiLRfmed4kVG2I/YDnaGeQv6dU3RGx5XDBW/ifBBeHS + XgHyN3Ys9YNg2DB4RXwQfkTSTNwHO8EUwuhvnONlSUFlPBe5pDTiTqJChIFGRui4 + AE6m5x79h1L+s41eMJfXES9THlw0H1Ok5UbrRgdFeqDnFxrbPga7ZY3b2UlU5BM= + =je+P + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2026-05-20T02:11:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAFK4dMZNE3rBCTZx4vpomMP1tdAAdb9lBOcY2S9Tz3zww + 5c0ioplBR3Z+vIGfczw7RPCCqUwGU2VWdhCcagLXWa+YEQcTRN8h2jZRWg4p8hNW + 0l4ByPozkxL+sA6XX9YvGxFAt1TwCoceMlDgqP3gX/olL18Jj0EcIkGTnrzQYNBD + Hq0zbuJdJkQhWafgE4g/BL7v6ERsPQnMyt0xAv4o+MW5T2I+9zBhOKEeh59RWrsx + =cptl + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2026-05-20T02:11:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAkilW27qVaY9/x/Y1IAQbMtDpkSt71uM1N7WXEnX0oTcw + RK7MpWp9JsdqLhAr4kxFzjupxRuyrQzyBn/3Tczm6Rp46l0VIbkuWwcaDQbcjqSh + 0lgB4jPzEE8CvDBh10D09bkYyDjMi5SRj4NGZnULrXK+nOMRcvS3t+yDHYVf3VbI + fmqRKisWCVt0WB61n3VoSE3E6nKVi8crUu0PLbbPP1PdRWlihdKb2wWK + =yR2L + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2026-05-20T02:11:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ//cQEQIceF4S9yhIaAs5ZHR1sHAp5nN56yNuoWHU+BxfWd + IDk/0JS/2oyPIviCmN/BjzaBBz33mptIfUVrk4W7V7SWCjo1SOAbDLm3L4+xz9eF + pW0a90ZoCIr31ZzQWn+mV4c4+tpaz9pO119PZdAiWDbmv2aAG1Dc6vEP31V3gt8j + OFXVrRtNKar9j+8v1/ZjOwZYgH5r3JQRcjflD2gLEoDec6QXVzpkG3V/8F1SPOos + M+tHloplQMWkY5frhgv1qjPCYFf8pMAs1bwO0o3FubTgXWepbtJ3Y4SAiOuXgp5e + uZpo3M3pP+uqzUGak/G2c850bgDJFb8tTYYYoDQ+EmADfXYN2rts+vye0qNmkDit + +4hjiIpUnqI/2xR/V1dnInBysGRNgOyWLrRJ6qBTso+xxjF63DTraPxX4dTGQyhQ + uW0R+d57Uinc1C+lqNwbacptqQ+d0a5lKLkq1xJWsZyAM7xDwFECTZNlBCavwRlg + e1lCPBcj6oBwVyYLGatlx/lYpnYqoL8bOGa8YjHdfuUzDfZJoJMgnm+EaYfPXbsR + alUXvkuK5F5IXGkTBEwt+ilKFh+LMUREBvzsSsQMOM3eYd5leb+y5qYciejJtrUF + /cvDR1mu6Gv5eDBAIxgZqBAZsJTk4MCB9qChJijiLREoYOWccKIxkhYwx31KiyHS + XgHzZBEa37fzigfWlSCSjiW/Mb0BzMZknv7ecEMwV3WJYNH9ixmGzNiBp7QOA68P + 21DbV7Slj3zZrX7K4KWSU0mHcPmS1V7OkfGB1+yurnS40cJy7qv3TbuQYjQ/1OA= + =f07d + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + - created_at: "2026-05-20T02:11:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DKKbvh61jX5USAQdAsrS/gPOqsUf5SSdki8Tz4YB+EH1W9xDU5XZZrnWZZ2gw + E/ceAF8IlHAXh5QLAfbXiaCq1j11t3jHpkSdXO8JJtkeFuGLfMVNiMGf1j4doEhi + 0l4BAJGJ/3Y94vsOSiC9Sku9zjjaB86XFUxJChgdPzfbqhcKHtnBLMW9sm93qE6C + 0c5EoyKBvBoJPUYm9nv3AGHmCjhZ006Iybvm3xtrWcmFfQ1IUdm2qOVtoTn3xs2J + =tlQa + -----END PGP MESSAGE----- + fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49 + unencrypted_suffix: _unencrypted + version: 3.12.1 diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml index 4e968c2..0ec4875 100644 --- a/inventories/chaosknoten/hosts.yaml +++ b/inventories/chaosknoten/hosts.yaml @@ -93,6 +93,10 @@ all: auth-dns: ansible_host: auth-dns.hamburg.ccc.de ansible_user: chaos + forgejo-runner: + ansible_host: forgejo-runner.hosts.hamburg.ccc.de + ansible_user: chaos + ansible_ssh_common_args: -J ssh://chaos@router.hamburg.ccc.de hypervisors: hosts: chaosknoten: @@ -122,6 +126,7 @@ base_config_hosts: spaceapiccc: mjolnir: auth-dns: + forgejo-runner: systemd_networkd_hosts: hosts: router: @@ -234,6 +239,7 @@ infrastructure_authorized_keys_hosts: mjolnir: auth-dns: lists: + forgejo-runner: wiki_hosts: hosts: eh22-wiki: @@ -268,6 +274,7 @@ ansible_pull_hosts: spaceapiccc: mjolnir: auth-dns: + forgejo-runner: msmtp_hosts: hosts: renovate_hosts: diff --git a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone index 33f8a31..61efdb4 100644 --- a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone +++ b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone @@ -514,6 +514,7 @@ www3.hosts IN AAAA 2a00:14b0:42:102::15 diday-staging-runner.hosts IN AAAA 2a00:14b0:42:102::16 public-web-static.hosts IN AAAA 2a00:14b0:42:102::17 forgejo-actions-runner.hosts IN AAAA 2a00:14b0:42:102::18 +forgejo-runner.hosts IN AAAA 2a00:14b0:42:102::19 ; acme-challenges _acme-challenge.sunders CNAME a5ee8a99-3cdf-4212-972e-c0b6fda1242f.auth.acmedns diff --git a/roles/docker/README.md b/roles/docker/README.md index b7f38e1..0a28265 100644 --- a/roles/docker/README.md +++ b/roles/docker/README.md @@ -16,7 +16,10 @@ None. ## Optional Arguments -None. +- `docker__gvisor_setup`: Whether or not to set up [gVisor](https://gvisor.dev/) (`runsc` runtime). + > Note: gVisor doesn't work with the embedded DNS server Docker forces for user-defined bridges (see the [relevant GitHub issue](https://github.com/google/gvisor/issues/7469)). A workaround would be to bind mount a `resolv.conf` not relying on localhost DNS (note however that this still doesn't provide local container name resolution). When enabling this option such a helper `resolv.conf` pointing to Quad9 gets deployed to `/etc/gvisor-helper-resolv.conf` for bind-mounting. See the file for usage instructions. + + Defaults to `false`. ## Links & Resources diff --git a/roles/docker/defaults/main.yaml b/roles/docker/defaults/main.yaml new file mode 100644 index 0000000..351f397 --- /dev/null +++ b/roles/docker/defaults/main.yaml @@ -0,0 +1 @@ +docker__gvisor_setup: false diff --git a/roles/docker/files/gvisor-helper-resolv.conf b/roles/docker/files/gvisor-helper-resolv.conf new file mode 100644 index 0000000..f047a80 --- /dev/null +++ b/roles/docker/files/gvisor-helper-resolv.conf @@ -0,0 +1,9 @@ +# resolv.conf pointing to Quad9 for bind-mounting into containers on user-defined bridges and using the gVisor runsc runtime. +# Example: docker run --runtime runsc --mount type=bind,src=/etc/gvisor-helper-resolv.conf,dst=/etc/resolv.conf,ro=true --network your-user-defined-network -it --rm docker.io/library/debian /bin/bash + +nameserver 9.9.9.9 +nameserver 149.112.112.112 +nameserver 2620:fe::fe +nameserver 2620:fe::9 + +options edns0 diff --git a/roles/docker/handlers/main.yaml b/roles/docker/handlers/main.yaml index ada2426..6c37581 100644 --- a/roles/docker/handlers/main.yaml +++ b/roles/docker/handlers/main.yaml @@ -2,3 +2,9 @@ ansible.builtin.systemd_service: daemon_reload: true become: true + +- name: restart the docker service + ansible.builtin.systemd: + name: docker.service + state: restarted + become: true diff --git a/roles/docker/meta/argument_specs.yaml b/roles/docker/meta/argument_specs.yaml new file mode 100644 index 0000000..6549387 --- /dev/null +++ b/roles/docker/meta/argument_specs.yaml @@ -0,0 +1,6 @@ +argument_specs: + main: + options: + docker__gvisor_setup: + type: bool + required: false diff --git a/roles/docker/tasks/main/01_repo_setup.yaml b/roles/docker/tasks/main/01_repo_setup.yaml index 63bdb91..6105627 100644 --- a/roles/docker/tasks/main/01_repo_setup.yaml +++ b/roles/docker/tasks/main/01_repo_setup.yaml @@ -1,15 +1,36 @@ -- name: Ensure Dockers GPG key is added - ansible.builtin.get_url: - url: https://download.docker.com/linux/debian/gpg - dest: /etc/apt/trusted.gpg.d/docker.asc - mode: "0644" - owner: root - group: root - become: true +- name: ensure Docker repo + block: + - name: Ensure Dockers GPG key is added + ansible.builtin.get_url: + url: https://download.docker.com/linux/debian/gpg + dest: /etc/apt/trusted.gpg.d/docker.asc + mode: "0644" + owner: root + group: root + become: true -- name: Ensure Docker APT repository is added - ansible.builtin.apt_repository: - repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/docker.asc] https://download.docker.com/linux/debian {{ ansible_facts['distribution_release'] }} stable" - filename: docker - state: present - become: true + - name: Ensure Docker APT repository is added + ansible.builtin.apt_repository: + repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/docker.asc] https://download.docker.com/linux/debian {{ ansible_facts['distribution_release'] }} stable" + filename: docker + state: present + become: true + +- name: ensure gVisor repo + when: docker__gvisor_setup + block: + - name: Ensure gVisors GPG key is added + ansible.builtin.get_url: + url: https://gvisor.dev/archive.key + dest: /etc/apt/keyrings/gvisor.asc + mode: "0644" + owner: root + group: root + become: true + + - name: Ensure gVisors APT repository is added + ansible.builtin.apt_repository: + repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/gvisor.asc] https://storage.googleapis.com/gvisor/releases release main" + filename: gvisor + state: present + become: true diff --git a/roles/docker/tasks/main/02_docker_install.yaml b/roles/docker/tasks/main/02_docker_install.yaml index f2ae880..b7334e1 100644 --- a/roles/docker/tasks/main/02_docker_install.yaml +++ b/roles/docker/tasks/main/02_docker_install.yaml @@ -9,3 +9,12 @@ state: present update_cache: true become: true + +- name: Ensure gVisors packages are installed + when: docker__gvisor_setup + ansible.builtin.apt: + name: + - runsc + state: present + update_cache: true + become: true diff --git a/roles/docker/tasks/main/03_docker_config.yaml b/roles/docker/tasks/main/03_docker_config.yaml index 639e8fa..8c145b2 100644 --- a/roles/docker/tasks/main/03_docker_config.yaml +++ b/roles/docker/tasks/main/03_docker_config.yaml @@ -2,10 +2,21 @@ # - log to systemd journal # https://docs.docker.com/engine/logging/drivers/journald/ - name: Ensure Docker daemon configuration - ansible.builtin.copy: - src: daemon.json + ansible.builtin.template: + src: daemon.json.j2 dest: /etc/docker/daemon.json owner: root group: root mode: "0644" become: true + notify: restart the docker service + +- name: Ensure helper gVisor resolv.conf is deployed + when: docker__gvisor_setup + ansible.builtin.copy: + src: gvisor-helper-resolv.conf + dest: /etc/gvisor-helper-resolv.conf + owner: root + group: root + mode: "0644" + become: true diff --git a/roles/docker/files/daemon.json b/roles/docker/templates/daemon.json.j2 similarity index 59% rename from roles/docker/files/daemon.json rename to roles/docker/templates/daemon.json.j2 index d55e4cb..b6f6025 100644 --- a/roles/docker/files/daemon.json +++ b/roles/docker/templates/daemon.json.j2 @@ -1,7 +1,7 @@ { "log-driver": "journald", "log-opts": { - "tag": "{{.Name}}" + "tag": "{{ '{{.Name}}' }}" }, "ipv6": true, "ip6tables": true, @@ -10,5 +10,10 @@ "bridge": { "com.docker.network.enable_ipv6":"true" } - } + }{% if docker__gvisor_setup %}, + "runtimes": { + "runsc": { + "path": "/usr/bin/runsc" + } + }{% endif %} } diff --git a/roles/forgejo_runner/README.md b/roles/forgejo_runner/README.md new file mode 100644 index 0000000..ed53e8b --- /dev/null +++ b/roles/forgejo_runner/README.md @@ -0,0 +1,9 @@ +# `forgejo_runner` + +Ensures Forgejo Runner is installed and set up. +See: https://forgejo.org/docs/latest/admin/actions/ + +## Required Arguments + +- `forgejo_runner__config`: The configuration to run the Forgejo Runner with. + A configuration can be generated using `forgejo-runner generate-config`. Also see the [relevant docs](https://forgejo.org/docs/latest/admin/actions/configuration/). diff --git a/roles/forgejo_runner/files/EB114F5E6C0DC2BCDD183550A4B61A2DC5923710.asc b/roles/forgejo_runner/files/EB114F5E6C0DC2BCDD183550A4B61A2DC5923710.asc new file mode 100644 index 0000000..b18e74c --- /dev/null +++ b/roles/forgejo_runner/files/EB114F5E6C0DC2BCDD183550A4B61A2DC5923710.asc @@ -0,0 +1,71 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: EB11 4F5E 6C0D C2BC DD18 3550 A4B6 1A2D C592 3710 +Comment: Forgejo +Comment: Forgejo Releases + +xjMEY3T/yhYJKwYBBAHaRw8BAQdAVxqCQrSbpDNrx8CiTM8PUAVqdCyv2UmBDhpP +HZIpoIDNHUZvcmdlam8gPGNvbnRhY3RAZm9yZ2Vqby5vcmc+wsB+BBMWCgDmAhsD +BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAhkBFiEE6xFPXmwNwrzdGDVQpLYaLcWS +NxAFAmSc08VBFIAAAAAAEAAocHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vY29kZWJl +cmcub3JnL2Zvcmdlam8vZ2l0ZWFfcHJvb2Y2FIAAAAAAEAAdcHJvb2ZAYXJpYWRu +ZS5pZGh0dHBzOi8vZmxvc3Muc29jaWFsL0Bmb3JnZWpvMRSAAAAAABAAGHByb29m +QGFyaWFkbmUuaWRkbnM6Zm9yZ2Vqby5vcmc/dHlwZT1UWFQACgkQpLYaLcWSNxDM +2wEA6bOel3R25z3YUXL4hI2S8jRkJbOQawq0vgUnYNgS9hcBAK2zq4Zt4ctvSB+x +TqhR6Zi6aqSD3QrRnUVvV1xZhdkEwsCABBMWCgDoAhsDBQsJCAcDBRUKCQgLBRYC +AwEAAh4BAheAAhkBFiEE6xFPXmwNwrzdGDVQpLYaLcWSNxAFAmScz7JDFIAAAAAA +EAAqcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vY29kZWJlcmcub3JnL2Zvcmdlam8v +Zm9yZ2Vqb19wcm9vZjYUgAAAAAAQAB1wcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9m +bG9zcy5zb2NpYWwvQGZvcmdlam8xFIAAAAAAEAAYcHJvb2ZAYXJpYWRuZS5pZGRu +czpmb3JnZWpvLm9yZz90eXBlPVRYVAAKCRCkthotxZI3EBJ1AP9UeN1HFGz90r34 +PGrOj1225HfJzdWgamEUkEKEwShcIQD+K/o7sLJM+C/mJXaCixAZgvRd9/rYq27T +9Y2rTQybSwnCwH4EExYKAOYCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4ACGQEW +IQTrEU9ebA3CvN0YNVCkthotxZI3EAUCY3spkjYUgAAAAAAQAB1wcm9vZkBhcmlh +ZG5lLmlkaHR0cHM6Ly9mbG9zcy5zb2NpYWwvQGZvcmdlam8xFIAAAAAAEAAYcHJv +b2ZAYXJpYWRuZS5pZGRuczpmb3JnZWpvLm9yZz90eXBlPVRYVEEUgAAAAAAQAChw +cm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9naXRl +YV9wcm9vZgAKCRCkthotxZI3EC+hAQCxsUupyqMChFMqk/74PqzSlmCd6RXtbezP +W66YostSbgD9G+N+c9or1cBkcSejREOSy7TFrDrvek+ZhdZVhCp1UALCwEcEExYK +AK8CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4ACGQEWIQTrEU9ebA3CvN0YNVCk +thotxZI3EAUCY3inA0EUgAAAAAAQAChwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9j +b2RlYmVyZy5vcmcvZm9yZ2Vqby9naXRlYV9wcm9vZjEUgAAAAAAQABhwcm9vZkBh +cmlhZG5lLmlkZG5zOmZvcmdlam8ub3JnP3R5cGU9VFhUAAoJEKS2Gi3FkjcQNV8B +AJfcHBzskW78lJVJeQwCI70qorOhC/QUp80jjNzs5lO7AQCujYgrae3vZb/476sc +wM33ufSpBguNwTLbCI6C5g8+B80mRm9yZ2VqbyBSZWxlYXNlcyA8cmVsZWFzZUBm +b3JnZWpvLm9yZz7CkAQTFgoAOAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYh +BOsRT15sDcK83Rg1UKS2Gi3FkjcQBQJjeKH0AAoJEKS2Gi3FkjcQC5YBAKwCGFDD +SpX0JwBrzIP8W8ElwHvdBz2XDg8LwyQgr722AP9r01rbFwY4axDxpNj+BUFxwD5F +hza1cE3932eTsSOPDsKQBBMWCAA4FiEE6xFPXmwNwrzdGDVQpLYaLcWSNxAFAmN4 +k+kCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQpLYaLcWSNxBHrQD+PFo/ +ii8p72HP0KsJbHPGnS/Sk9pFGd16fs1Hd88JHj0A/10XNyGQgwbe+X+K/a97vWW8 +vAzA1EtFIMfCGhIO8EoIzjMEY3UANBYJKwYBBAHaRw8BAQdAKvAs2Ij2RamYUzz4 +sBgsc2J+4fEwvSMcTp6rPZizRhfCwDUEGBYIACYWIQTrEU9ebA3CvN0YNVCkthot +xZI3EAUCY3UANAIbAgUJAeEzgACBCRCkthotxZI3EHYgBBkWCAAdFiEE98vwIJTn +Zl4X7WxE44G/PlDVNwcFAmN1ADQACgkQ44G/PlDVNwdIlgD+K15nuEec+VTFdP7Y +Y3SxM8Rjg2EtXk007+LM7XQfN9sBAOLjBTzIdaaKOpoAkGQ9Th/IphSUOnPYZVO5 +a6cN+wAM458A/itf3urQehI5SbKtbRqIDhqQZQVAcEeG2eQFunuofjDWAQDt/gE5 +XgTiQgnkTcqAX7GQeE74O/Q5vDtX10NjbzV7D84zBGeOav0WCSsGAQQB2kcPAQEH +QI2JXHjIx25g9WZHNyjkdUiRBPl5Y1JjjJCPvXM0/9RjwsA1BBgWCAAmFiEE6xFP +XmwNwrzdGDVQpLYaLcWSNxAFAmeOav0CGwIFCQO1OAAAgQkQpLYaLcWSNxB2IAQZ +FggAHRYhBA9SfPk6PQ0JJdPFXtCoIAUOFgnlBQJnjmr9AAoJENCoIAUOFgnljUwA ++wSjU/mk4xGIlwzJdPnnNzIsiMeqtuYokbSrOIxXIhP1AP93qtVr+kOu3pDs9JC+ +8CYG0DK1QD1LmlGP59WRGevSCXChAQDy6SCfnfcr5P4fYaz04+Tl0CDUkFOGP+sV +S/isPTssbAD9H2hKJKEmwuAd2MeFA3Bo3z5rUVWkfAcnv7Oy7u+OWQfOMwRlfHnh +FgkrBgEEAdpHDwEBB0DGoKPPOOx7rnqT318eykUkMJbk83MhcBqrecOADO3i2sLA +NQQYFggAJhYhBOsRT15sDcK83Rg1UKS2Gi3FkjcQBQJlfHnhAhsCBQkCx+oAAIEJ +EKS2Gi3FkjcQdiAEGRYIAB0WIQTfMxnqNtWZwdSmg9SzsfYKxXfyogUCZXx54QAK +CRCzsfYKxXfyoocRAP48OQpiBTkwC7kLLyuqVlP1t0hBQddr4i4rIV8Ug5tHzwEA +pl8Q+S4k/ROQS5FOhy7GBC337SncJFJYDD0pTcSecw+J3AEAn4qax72Oyfb0vaPY +m+WdqsfVBd2Hd2vJIwCjglp55B0BALIJE6nvACcKzTRUj7AQSLGvELGfJfM320xX +E0ZVBZkKzjMEaUFtxRYJKwYBBAHaRw8BAQdA1AZR9j6PksmArHjaoqOHIOQ4H1iw +0KZyLKLgu1onR8fCwDUEGBYIACYWIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCaUFt +xQIbAgUJAsfqAACBCRCkthotxZI3EHYgBBkWCAAdFiEEO/ToE/hIEkEdoB5bxBht +9m9LZ1AFAmlBbcUACgkQxBht9m9LZ1DQHAD9EUEM23tJJUae0L1DbGnWEp3GnZOQ +G3Z34uWv16wRV3EA+gJuHa9Zr1TXAEXXBwQzZIrAFby+7I5smWPVM84c7xYA/qEA +/2dQMMZcRelFC0fIPvGQMGfYeBr8bkHKlJBQOTdukeSPAQCcd9rqJT7NNZlPtJ1T +wNAfAa3L23bdp/dEtKhE+d09CM44BGN0/8oSCisGAQQBl1UBBQEBB0CZnRfIHxTV +hOF8kdhbe4YJsePyVFi8USfuDXy4HgIHRgMBCAfCeAQYFggAIBYhBOsRT15sDcK8 +3Rg1UKS2Gi3FkjcQBQJjdP/KAhsMAAoJEKS2Gi3FkjcQdroA/jHFqt7y/r/5zdK4 +TYYp+5jlOgM5ZI7pNhWhtIFbqmx9AQCKSJf2YgPBLNJSL/86vpE9b6IvTE/8ENR/ +7xYaIA7oAg== +=D+4T +-----END PGP PUBLIC KEY BLOCK----- diff --git a/roles/forgejo_runner/files/forgejo-runner.service b/roles/forgejo_runner/files/forgejo-runner.service new file mode 100644 index 0000000..0e33bcd --- /dev/null +++ b/roles/forgejo_runner/files/forgejo-runner.service @@ -0,0 +1,19 @@ +# Source: https://code.forgejo.org/forgejo/runner/src/branch/main/contrib/forgejo-runner.service +[Unit] +Description=Forgejo Runner +Documentation=https://forgejo.org/docs/latest/admin/actions/ +After=docker.service +Requires=docker.service + +[Service] +ExecStart=/usr/local/bin/forgejo-runner daemon -c /etc/forgejo-runner-config.yaml +ExecReload=/bin/kill -s HUP $MAINPID + +User=runner +WorkingDirectory=/home/runner +Restart=on-failure +TimeoutSec=0 +RestartSec=10 + +[Install] +WantedBy=multi-user.target diff --git a/roles/forgejo_runner/handlers/main.yaml b/roles/forgejo_runner/handlers/main.yaml new file mode 100644 index 0000000..3234eb2 --- /dev/null +++ b/roles/forgejo_runner/handlers/main.yaml @@ -0,0 +1,10 @@ +- name: systemd daemon reload + ansible.builtin.systemd_service: + daemon_reload: true + become: true + +- name: restart the forgejo-runner service + ansible.builtin.systemd: + name: forgejo-runner.service + state: restarted + become: true diff --git a/roles/forgejo_runner/meta/argument_specs.yaml b/roles/forgejo_runner/meta/argument_specs.yaml new file mode 100644 index 0000000..5c7570e --- /dev/null +++ b/roles/forgejo_runner/meta/argument_specs.yaml @@ -0,0 +1,6 @@ +argument_specs: + main: + options: + forgejo_runner__config: + type: str + required: true diff --git a/roles/forgejo_runner/meta/main.yaml b/roles/forgejo_runner/meta/main.yaml new file mode 100644 index 0000000..cb7d8e0 --- /dev/null +++ b/roles/forgejo_runner/meta/main.yaml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: docker diff --git a/roles/forgejo_runner/tasks/main.yaml b/roles/forgejo_runner/tasks/main.yaml new file mode 100644 index 0000000..281f665 --- /dev/null +++ b/roles/forgejo_runner/tasks/main.yaml @@ -0,0 +1,7 @@ +- name: Ensure Forgejo Runner is installed + ansible.builtin.import_tasks: + file: main/01_install.yaml + +- name: Ensure Forgejo Runner is set up + ansible.builtin.import_tasks: + file: main/02_setup.yaml diff --git a/roles/forgejo_runner/tasks/main/01_install.yaml b/roles/forgejo_runner/tasks/main/01_install.yaml new file mode 100644 index 0000000..cb309a6 --- /dev/null +++ b/roles/forgejo_runner/tasks/main/01_install.yaml @@ -0,0 +1,96 @@ +- name: get latest release info + ansible.builtin.uri: + url: "https://data.forgejo.org/api/v1/repos/forgejo/runner/releases/latest" + return_content: true + register: forgejo_runner__latest_release_info + +- name: set latest version + ansible.builtin.set_fact: + forgejo_runner__latest_version: "{{ forgejo_runner__latest_release_info.json.name | replace('v', '') }}" + +- name: set latest version forgejo-runner binary path + ansible.builtin.set_fact: + forgejo_runner__latest_version_binary_path: "/usr/local/bin/forgejo-runner-{{ forgejo_runner__latest_version }}" + +- name: check if latest version forgejo-runner binary is installed already + ansible.builtin.stat: + path: "{{ forgejo_runner__latest_version_binary_path }}" + register: forgejo_runner_latest_version_binary_stat + +- name: download and install latest version, if not already present + when: not forgejo_runner_latest_version_binary_stat.stat.exists + block: + - name: set download url + ansible.builtin.set_fact: + forgejo_runner__download_url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ forgejo_runner__latest_version }}/forgejo-runner-{{ forgejo_runner__latest_version }}-linux-amd64" + + - name: temporary directory for download + ansible.builtin.tempfile: + state: directory + suffix: forgejo_runner_download + become: true + register: forgejo_runner__download_tempdir + + - name: download the forgejo-runner binary + ansible.builtin.get_url: + url: "{{ forgejo_runner__download_url }}" + dest: "{{ forgejo_runner__download_tempdir.path }}/forgejo-runner" + owner: root + group: root + mode: "0755" + become: true + + - name: download the signature + ansible.builtin.get_url: + url: "{{ forgejo_runner__download_url }}.asc" + dest: "{{ forgejo_runner__download_tempdir.path }}/forgejo-runner.asc" + owner: root + group: root + mode: "0644" + become: true + + - name: copy key for verification + ansible.builtin.copy: + src: "EB114F5E6C0DC2BCDD183550A4B61A2DC5923710.asc" + dest: "{{ forgejo_runner__download_tempdir.path }}/forgejo-runner-key.asc" + owner: root + group: root + mode: "0644" + become: true + + - name: ensure sq (Sequoia-PGP) is installed + ansible.builtin.apt: + name: sq + become: true + + - name: verify signature + ansible.builtin.command: + cmd: /usr/bin/sq verify --signer-file ./forgejo-runner-key.asc --signature-file forgejo-runner.asc --signatures 1 forgejo-runner + chdir: "{{ forgejo_runner__download_tempdir.path }}" + become: true + changed_when: false + + - name: install forgejo-runner binary of this latest version + ansible.builtin.copy: + remote_src: true + src: "{{ forgejo_runner__download_tempdir.path }}/forgejo-runner" + dest: "{{ forgejo_runner__latest_version_binary_path }}" + owner: root + group: root + mode: "0755" + become: true + + - name: ensure symlink points to binary of this latest version + ansible.builtin.file: + src: "{{ forgejo_runner__latest_version_binary_path }}" + dest: "/usr/local/bin/forgejo-runner" + state: link + owner: root + group: root + become: true + always: + - name: delete temporary download directory + ansible.builtin.file: + path: "{{ forgejo_runner__download_tempdir.path }}" + state: absent + become: true diff --git a/roles/forgejo_runner/tasks/main/02_setup.yaml b/roles/forgejo_runner/tasks/main/02_setup.yaml new file mode 100644 index 0000000..c83c057 --- /dev/null +++ b/roles/forgejo_runner/tasks/main/02_setup.yaml @@ -0,0 +1,46 @@ +- name: ensure runner group exists + ansible.builtin.group: + name: runner + system: true + become: true + +- name: ensure runner user exists + ansible.builtin.user: + name: runner + group: runner + password: '!' + system: true + create_home: true + groups: + - docker + become: true + +- name: ensure the configuration is deployed + ansible.builtin.copy: + content: "{{ forgejo_runner__config }}" + dest: /etc/forgejo-runner-config.yaml + owner: root + group: runner + mode: "0640" + become: true + notify: + - restart the forgejo-runner service + +- name: ensure systemd service exists + ansible.builtin.copy: + src: forgejo-runner.service + dest: /etc/systemd/system/forgejo-runner.service + owner: root + group: root + mode: "0644" + become: true + notify: + - systemd daemon reload + - restart the forgejo-runner service + +- name: ensure systemd service is started and enabled + ansible.builtin.systemd_service: + name: forgejo-runner.service + state: started + enabled: true + become: true