my nixos configuration
wireguard key tooling rewrite
+102
-188
+7
flake/default.nix
+7
flake/default.nix
+3
-3
hosts/server2/wireguard.nix
+3
-3
hosts/server2/wireguard.nix
···
5
5
}: let
6
6
keys = import "${inputs.self.outPath}/sops/wireguard";
7
7
in {
8
-
imports = [keys.bighome];
8
+
imports = [keys.home2.module];
9
9
10
10
config = {
11
11
networking.wg-quick.interfaces.wg0 = {
···
15
15
peers = [
16
16
{
17
17
allowedIPs = ["10.100.0.1/32"];
18
-
publicKey = builtins.readFile keys.pubkeyVps;
19
-
presharedKeyFile = config.sops.secrets.wg_psk.path;
18
+
publicKey = keys.vps.pubkey;
19
+
presharedKeyFile = config.sops.secrets.wg_preshared.path;
20
20
persistentKeepalive = 25;
21
21
22
22
endpoint = "95.216.151.56:51820";
+3
-3
hosts/uwu/wireguard.nix
+3
-3
hosts/uwu/wireguard.nix
···
5
5
}: let
6
6
keys = import "${inputs.self.outPath}/sops/wireguard";
7
7
in {
8
-
imports = [keys.home];
8
+
imports = [keys.home.module];
9
9
10
10
config = {
11
11
networking.wg-quick.interfaces.wg0 = {
···
15
15
peers = [
16
16
{
17
17
allowedIPs = ["10.100.0.1/32"];
18
-
publicKey = builtins.readFile keys.pubkeyVps;
19
-
presharedKeyFile = config.sops.secrets.wg_psk.path;
18
+
publicKey = keys.vps.pubkey;
19
+
presharedKeyFile = config.sops.secrets.wg_preshared.path;
20
20
persistentKeepalive = 25;
21
21
22
22
endpoint = "95.216.151.56:51820";
+5
-5
hosts/vps/wireguard.nix
+5
-5
hosts/vps/wireguard.nix
···
7
7
root = inputs.self.outPath;
8
8
keys = import "${root}/sops/wireguard";
9
9
in {
10
-
imports = [keys.vps];
10
+
imports = [keys.vps.module];
11
11
12
12
config = {
13
13
networking.wg-quick.interfaces.wg0 = {
···
20
20
# Homeserver - port forward
21
21
{
22
22
allowedIPs = ["10.100.0.2/32"];
23
-
publicKey = builtins.readFile keys.pubkeyHome;
24
-
presharedKeyFile = config.sops.secrets.wg_psk.path;
23
+
publicKey = keys.home.pubkey;
24
+
presharedKeyFile = config.sops.secrets.wg_preshared.path;
25
25
}
26
26
# Homeserver 2 - port forward
27
27
{
28
28
allowedIPs = ["10.100.0.3/32"];
29
-
publicKey = builtins.readFile keys.pubkeyBigHome;
30
-
presharedKeyFile = config.sops.secrets.wg_psk.path;
29
+
publicKey = keys.home2.pubkey;
30
+
presharedKeyFile = config.sops.secrets.wg_preshared.path;
31
31
}
32
32
];
33
33
};
-4
justfile
-4
justfile
···
11
11
cached_hosts := "framework server2 vps"
12
12
cache:
13
13
#!/usr/bin/env bash
14
-
just prefetch
15
-
16
14
for h in {{cached_hosts}}; do
17
15
echo $h
18
16
just _build $h | cachix push meowos
···
29
27
30
28
yeet host target="":
31
29
#!/usr/bin/env bash
32
-
just prefetch
33
30
if [[ "{{target}}" = "" ]]; then
34
31
nh os switch -H {{host}} --target-host {{host}} . -- --accept-flake-config --show-trace
35
32
else
···
38
35
39
36
_nh command host:
40
37
#!/usr/bin/env bash
41
-
just prefetch
42
38
if [[ "{{host}}" = "" ]]; then
43
39
nh os {{command}} . -- --accept-flake-config --show-trace
44
40
else
+1
sops/wireguard/.envrc
+1
sops/wireguard/.envrc
···
1
+
use flake .#genkeys
-26
sops/wireguard/bighome-wg-privkey
-26
sops/wireguard/bighome-wg-privkey
···
1
-
{
2
-
"data": "ENC[AES256_GCM,data:7ve3ooHw5CxNCI72mQtGuRh9nxD0amSeWkP6lKtLu6/HaSQbxsPRpZ4M5hY=,iv:XZEDoPWnQAjg/QfPtxVFgeP7t6+CRH3EsmnkknpelbA=,tag:3q0bnZod4gUemeYPYqbIdQ==,type:str]",
3
-
"sops": {
4
-
"age": [
5
-
{
6
-
"recipient": "age1est4jdeu803qv6jng7vrj9x92l3xs0mr6qwv6fpt0p7tdd26xd6s84k2pq",
7
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBSGNxU20rSEpTblRvOVR0\nM2p3K0ZSaWp2TjRrcXdkRFNWeFlzMG85TGdFCmRVYm12SUo0eWtWT1Fab3NrT3BC\nTUgzOHJDNzV5NkJSTGw0U2NxZm5FbHcKLS0tIGFIZ0gwWkRldWNvZ3FrNVFCSEJK\neUdodGhadUpIV2dOcTBWSU51alAxc1UKz9ClssorE5KGJjy6bPw97K5D8eshFPAE\nYjEvrO9bu9Jt8MDZKIe8fQaiWK439HCv25n2z0ePhd50+o9FJvISYg==\n-----END AGE ENCRYPTED FILE-----\n"
8
-
},
9
-
{
10
-
"recipient": "age1ep20tc9awnthysnluf2gf8ydr3egt26yutw527qn3ld00eugg9wqaedx0c",
11
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6c3czRzdYZ1FLR3BxajRq\nQU1DNFNNeld4NU9qM2JjakVtRDNBUzJpbkFJCkZaM3lhQ01sS2h2R29PckEyT0pJ\nWDh2U29vRDVkdjVvTXZZOUliODZIakEKLS0tIHcvT2diam56dkNiV082TGxYbTJE\nYUFUS3N3MXRsUUROTHczRndkSUhYNTAKDXF7SSsPGwTKgx8H8rf9xkWgTQOh2qG1\nkIgrQiZZ43IUbl7XUlsOIZC4FmZGcWBSyzdS18JDSDeQcFhcjGhAFQ==\n-----END AGE ENCRYPTED FILE-----\n"
12
-
},
13
-
{
14
-
"recipient": "age1w785k56chrrsc29jgkjzyvxfj3lx5sx56cm5fg6ldvychdga9umspddsfg",
15
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZmpKdG1mV1ljSzlaZWFE\nclIrc2Q3S1NDN1hLcWNGNFI1amgzZkM2RlhBCnRjeDVmVVZ0VkUxa0FNelRxQXdj\nQ08xWTRBN3VlQlpBeXNXcmlKa3BRbGMKLS0tIDlSYWJCK0JWM2JOalV2aG1GZ3Ur\nNWNYOXQyUnBwVlp2Ym5mMGFkR2Z4Yk0K8m1Lh8YIKS8zcL3bJLq1eqU38lZ9lg1U\nAkXRqhCBIT8WPOv7fxtbeXjh5Qt/KiR6fF3Uccj/g/tXmIhQOTqEhA==\n-----END AGE ENCRYPTED FILE-----\n"
16
-
},
17
-
{
18
-
"recipient": "age1xaxgua4xzu7p9545hwnzpal8rlpza95wjyz2d4at8jajsx38w4tsp87z5d",
19
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoT1l2V1p4WEJYclhwRSt4\nYWJ4VUp0RWQzY2Z6SG01N2NJSXM0WC9sR25JCnphUktkV3NmMXhZNng2ZkJpMGdw\nSlNZTTRaMFE0WjJHTlI5R1Mvbm1RZVUKLS0tIG1Za0Z3MWNWeGlIazZ3Z21sWnhY\nTGhCZzVxMkx6UmFqZ09sSXFwcm9ZS0EKAsYvg6w06gpj0l4u4Vz2rgqCWi2Fap7x\nwhYjMxfRKIaFvvr2682dE2H5GIvmwS4lFObGT9AOXw51j/oiC+hUXw==\n-----END AGE ENCRYPTED FILE-----\n"
20
-
}
21
-
],
22
-
"lastmodified": "2026-01-04T11:06:07Z",
23
-
"mac": "ENC[AES256_GCM,data:PCeShCP3M31cJWsZ/Hf5ullzmFsYFQCAwigp22VY5dsoqATobnBfxIHkZUKG9mThJeSyQXzWkXQ/Vg4MrFzl8Nzq/eboW6tCghOiq+bSIPdFDV8/ejDRqVoeViT58Dzub2mFNapbA0WQg9QT9bZMIGX0jSFvOtMK1Ql9WyuMmV0=,iv:3jWQk9sUOKCjeqjbDkThoNGgVxlg36DSdjoWtCmgtQ4=,tag:MMDv757ZpyyGVnPpIvATpg==,type:str]",
24
-
"version": "3.11.0"
25
-
}
26
-
}
-1
sops/wireguard/bighome-wg-pubkey
-1
sops/wireguard/bighome-wg-pubkey
···
1
-
ulVwD0zZN831EhnpPbtDvFrMrWvloCEWslYHvlAA1X8=
+16
-37
sops/wireguard/default.nix
+16
-37
sops/wireguard/default.nix
···
1
1
let
2
-
shared = {
3
-
wg_psk = {
4
-
sopsFile = ./wg-pskey;
5
-
format = "binary";
6
-
};
7
-
};
8
-
in {
9
-
home = {
10
-
sops.secrets =
11
-
{
12
-
wg_private = {
13
-
sopsFile = ./home-wg-privkey;
14
-
format = "binary";
15
-
};
16
-
}
17
-
// shared;
18
-
};
2
+
inherit (builtins) fromJSON readFile mapAttrs;
3
+
4
+
publicKeys = fromJSON (readFile ./public-keys.json);
19
5
20
-
bighome = {
21
-
sops.secrets =
22
-
{
6
+
mkWg = name: pubkey: {
7
+
inherit pubkey;
8
+
module = {
9
+
sops.secrets = {
23
10
wg_private = {
24
-
sopsFile = ./bighome-wg-privkey;
25
-
format = "binary";
11
+
sopsFile = ./private-keys.json;
12
+
format = "json";
13
+
key = name;
26
14
};
27
-
}
28
-
// shared;
29
-
};
30
15
31
-
vps = {
32
-
sops.secrets =
33
-
{
34
-
wg_private = {
35
-
sopsFile = ./vps-wg-privkey;
16
+
wg_preshared = {
17
+
sopsFile = ./preshared-key;
36
18
format = "binary";
37
19
};
38
-
}
39
-
// shared;
20
+
};
21
+
};
40
22
};
41
-
42
-
pubkeyHome = ./home-wg-pubkey;
43
-
pubkeyBigHome = ./bighome-wg-pubkey;
44
-
pubkeyVps = ./vps-wg-pubkey;
45
-
}
23
+
in
24
+
mapAttrs mkWg publicKeys
-29
sops/wireguard/genkeys.hs
-29
sops/wireguard/genkeys.hs
···
1
-
import System.Process ( readProcess )
2
-
import System.IO ( writeFile )
3
-
import Data.Function ((&))
4
-
5
-
wg :: String -> String -> IO String
6
-
wg arg stdin =
7
-
init <$> readProcess "wg" [arg] stdin
8
-
9
-
genkey = wg "genkey" ""
10
-
genpsk = wg "genpsk" ""
11
-
pubkey = wg "pubkey"
12
-
13
-
encrypt :: String -> IO String
14
-
encrypt = readProcess "sops" ["encrypt", "--filename-override", "a.bin"]
15
-
16
-
makeKeys :: String -> IO ()
17
-
makeKeys name = do
18
-
key <- genkey
19
-
pubkey <- pubkey key
20
-
21
-
writeFile (name ++ "-wg-pubkey") pubkey
22
-
encrypt key >>= writeFile (name ++ "-wg-privkey")
23
-
return ()
24
-
25
-
main = do
26
-
pskey <- genpsk
27
-
encrypt pskey >>= writeFile "wg-pskey"
28
-
29
-
mapM_ makeKeys ["home", "bighome", "vps"]
+60
sops/wireguard/genkeys.lisp
+60
sops/wireguard/genkeys.lisp
···
1
+
#!/usr/bin/env -S sbcl --script
2
+
3
+
(require :asdf)
4
+
(asdf:load-system :shasht)
5
+
6
+
(defun wg (command &optional stdin)
7
+
(let ((stdin (if stdin
8
+
(make-string-input-stream stdin)
9
+
nil)))
10
+
(uiop:run-program
11
+
`("wg" ,command)
12
+
:input stdin
13
+
:output '(:string :stripped t))))
14
+
15
+
(defun make-keys (host)
16
+
(let* ((private-key (wg "genkey"))
17
+
(public-key (wg "pubkey" private-key)))
18
+
(list
19
+
(cons :name host)
20
+
(cons :private-key private-key)
21
+
(cons :public-key public-key))))
22
+
23
+
(defmacro write-var (name)
24
+
`(with-open-file (out (pathname ,(format nil "~A.json" (string-downcase (symbol-name name))))
25
+
:direction :output
26
+
:if-exists :supersede
27
+
:if-does-not-exist :create)
28
+
(shasht:write-json* ,name
29
+
:stream out
30
+
:alist-as-object t)))
31
+
32
+
(defun geta (key item)
33
+
(cdr (assoc key item)))
34
+
35
+
(defun format-for-json (key list)
36
+
(mapcar (lambda (host)
37
+
(cons (geta :name host) (geta key host)))
38
+
list))
39
+
40
+
(let* ((hosts (mapcar #'make-keys '("vps" "home" "home2" "framework" "desktop")))
41
+
(private-keys (format-for-json :private-key hosts))
42
+
(public-keys (format-for-json :public-key hosts)))
43
+
(write-var private-keys)
44
+
(write-var public-keys))
45
+
46
+
(uiop:run-program
47
+
`("sops" "--in-place" "--encrypt" "private-keys.json")
48
+
:output t
49
+
:error-output t)
50
+
51
+
(with-open-file (out #p"preshared-key"
52
+
:direction :output
53
+
:if-exists :supersede
54
+
:if-does-not-exist :create)
55
+
(format out (wg "genpsk")))
56
+
57
+
(uiop:run-program
58
+
`("sops" "--in-place" "--encrypt" "--output-type" "binary" "preshared-key")
59
+
:output t
60
+
:error-output t)
-26
sops/wireguard/home-wg-privkey
-26
sops/wireguard/home-wg-privkey
···
1
-
{
2
-
"data": "ENC[AES256_GCM,data:ZmM6pYxRfSwW5YPu2SnGv30Fn4YdQ4OL24+VUHRY47wuWeVhYV8u9SEMiqc=,iv:wiYfmKZnDjFBt0IWrkXvRTFQGbRNG0NecHUznPLohlM=,tag:2lMwWGhWJAMevBQa0JfllA==,type:str]",
3
-
"sops": {
4
-
"age": [
5
-
{
6
-
"recipient": "age1est4jdeu803qv6jng7vrj9x92l3xs0mr6qwv6fpt0p7tdd26xd6s84k2pq",
7
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3bWRDR0xpQVVURmNpRnh6\nNHByOXVYVG1LcUl6NU9ER2t1WGMrRUx5VHhRClNhVUpMUmtXc2xrdnVKbnNFcUVD\nb2ZpZHFscG1hMWJ2S3k3RERwQlkxTUkKLS0tIGdjS1c5WE5YcG9jL1QyRzMvQ3kx\nUXpuVjhSN3EvYTFic2RHV1RaN2wzbkEKXxLWdwlLnuJ0adNqdSqm2UZ4dGmVJxx/\n5KpyrqnP6g2SGNqLt1pDxDKJlcW92Kw+0mpbc2+JBBGLKcLJnFYr8w==\n-----END AGE ENCRYPTED FILE-----\n"
8
-
},
9
-
{
10
-
"recipient": "age1ep20tc9awnthysnluf2gf8ydr3egt26yutw527qn3ld00eugg9wqaedx0c",
11
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUWHlhKzRKTmNLcytOVkpl\nYUt4MGluZzVyOHlDU2tFM2svRXZrczEwK1NFCmtyNFZCOFZKSFNucGdZbFM1UTFm\nOE9GOEVFNUhNSTRBaHJTaklwRFVnTFkKLS0tIHI0TitmYmVuUDY1VWNsUHgveHpu\nbGdwMityZ0sxQU8zdDJZVVFxWVRGZnMKc4UE7A7eHmrQYAKCtkkZCpMo+IVOdfP6\nlw57/dLmsT/IV+bRoQAZq5r+Wq5bdEhJORbh3ygChsGM5VJgjoxPvA==\n-----END AGE ENCRYPTED FILE-----\n"
12
-
},
13
-
{
14
-
"recipient": "age1w785k56chrrsc29jgkjzyvxfj3lx5sx56cm5fg6ldvychdga9umspddsfg",
15
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRzk2VnhZUXJ2cGdLR0hC\ncmVSZjJpaGZkWWt2ZjZrKzNPR2ErUkJqTHpRCmU2OFFVN3NJSnQycGk2elAyY0lQ\nVjhWUU05RG0yZWoreDVVVmJDbWZDMDgKLS0tIHM3Wk56ekRIWkVKWnBNc1hRU2Ez\nYUorOXZGK2F5b3FXSjBpMHUwM21RZmsK/WXgbT9KaKRZ7F1zpamZ9DX3TD8WoIhx\n3LHz4RNRY3HdCdRRaL2i2aco8SQuD5fIVZS/Em8FevIFBMZRWVHQtg==\n-----END AGE ENCRYPTED FILE-----\n"
16
-
},
17
-
{
18
-
"recipient": "age1xaxgua4xzu7p9545hwnzpal8rlpza95wjyz2d4at8jajsx38w4tsp87z5d",
19
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT3YzVEZIWDZ1clNRVi96\nNVY2WmpsNkZKT1lLTk03ZDJEVHNCTlRXRlRFCjkrdll1Q2dvUU9UVGtSY1hNRUdN\nN0ZGajFhQWxjYk1PYmFnTW5aMExLNWMKLS0tIEcrZytaUGMxU3pXbytneFh5Qlow\nQlcwVzN0aWpscTZ3QmhqaktSWGE4dEUKRlilatwQ9o7kAeUiet16ykwlv/tANzb2\nrIuQL4uoFSl8W219Z2uNUdZH3yV/cFQdPKm9I7yfPO2lQPfODu5hmA==\n-----END AGE ENCRYPTED FILE-----\n"
20
-
}
21
-
],
22
-
"lastmodified": "2026-01-04T11:06:06Z",
23
-
"mac": "ENC[AES256_GCM,data:u6GTD8zVnyyvM9QK3j3TvAvqx7dK2C0nxzdIYz0qyt6gqtpeJefgnsHlfcA7T62C+sRghIfdmpCWEc3QReB2+cunR0TOBY0NYuaP6Gv46CoZGzuZRS5MbtyxrmSzhDppxWm8UfwsJi4yB3dwg4oIWObZZT1gT63tkfLGy1oFYX4=,iv:p7ch08oSq6x7pef1lvbGGo1QSTcXlwS13GFfW6+Dz0k=,tag:sjQTu8XCL3kKooqrp3o54A==,type:str]",
24
-
"version": "3.11.0"
25
-
}
26
-
}
-1
sops/wireguard/home-wg-pubkey
-1
sops/wireguard/home-wg-pubkey
···
1
-
wvEMjOsenRNANHiU7TibPs4F6qICzIAif5D7AL7P73I=
+7
sops/wireguard/public-keys.json
+7
sops/wireguard/public-keys.json
···
1
+
{
2
+
"vps": "UsucN1UqdJzYppy/5y72tVcuUCKilpNj4bpCKvhq5h8=",
3
+
"home": "kj30RM+4A51v9hgilleUdYeg9OXhviy4iowRF2R+x3U=",
4
+
"home2": "ZnVgUI/GPT5z/YQoHkEy7UwFXlccpjtQe6dcpKkfjgk=",
5
+
"framework": "leyZUsU30tfZpV2X55qYmbwGsDUfRoSzY1K/5SUIUTg=",
6
+
"desktop": "iZzTeyjqHh6NkkcVZmBTkrN6xb/Dkm929Kv6XJevNh0="
7
+
}
-26
sops/wireguard/vps-wg-privkey
-26
sops/wireguard/vps-wg-privkey
···
1
-
{
2
-
"data": "ENC[AES256_GCM,data:bHh3/o/pMaDWLVOj6j01tlrP0FYkb94QxQHulvAn5DtL/UTif4aGMGX0v5k=,iv:6KNyIq4kTwv5ngUYYk8Lo9cqiBgeI3dQCgljZseZZpw=,tag:qlcXorYkGgTvlbtL8m4vjQ==,type:str]",
3
-
"sops": {
4
-
"age": [
5
-
{
6
-
"recipient": "age1est4jdeu803qv6jng7vrj9x92l3xs0mr6qwv6fpt0p7tdd26xd6s84k2pq",
7
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsV3NGQ0UzRmZOaVRZWk1u\nYk5FVnpiVDVPVlE4RCtjRWlFTllPcUpZcmw0Cm5PeWExRzZUZjhuaDFvREg2YVFh\nY205T04zQytTOXdnUkkyems0cmphTFkKLS0tIEpsYk5kWlJCY3MycDlQMXV3OHpC\nOWUxckZMbDdybGx1WmxId3hMdWVtOUUKDyNrJ11L0saePZDfNm6S3hF/xPI4rJtH\nYHcjcDVXO1DQRAnoMomxlDA05rSIHjSIzr/Ek9bPVAA1sEI8sOHq0Q==\n-----END AGE ENCRYPTED FILE-----\n"
8
-
},
9
-
{
10
-
"recipient": "age1ep20tc9awnthysnluf2gf8ydr3egt26yutw527qn3ld00eugg9wqaedx0c",
11
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlMTBxbEVNVGZqdHpKaGlY\nNXRTRjRXMVc1YUxDSUhNZStIMVJ5aStUNjFVCkE3MHBHMDdiaUFpZ1VEanE4VC9X\nMFg2UGNXaS9jRlJFZVNvMkpBYVdMS0EKLS0tIFVaZUpNMWRDMG1TWk1PU1BtZkVL\nS0pNMXJzNkpWc3ovdGFKY0MxQVA4NW8KrlzdPG6qvty8VObaIZfpyOtfj98M4A7x\nSgAUNF7nBtFinVUj4AGZ45X1bN2Le8U1PG1pqHdqjgCcQNLlF66dFQ==\n-----END AGE ENCRYPTED FILE-----\n"
12
-
},
13
-
{
14
-
"recipient": "age1w785k56chrrsc29jgkjzyvxfj3lx5sx56cm5fg6ldvychdga9umspddsfg",
15
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRWZ5bW55bmx0OG1xN3RR\nQ1ZUNTFaYWt3TzZkb1NITDczYW9Ub05ObFZrCldBa21nbWtWODN0d3JjNHBWS1g5\ndVYyYTdtRng3SDRyM2llT0VBeGVNOVUKLS0tIGhXM1dKcWJVOEVtUWdSUS8xS2Vz\naTI5d2FsYWRKMTdRZStOZEN4cjU1QkEKxTIMTquCN6ZkKHKz2R11i86D8SGMJW2/\nFbhVzzsNv9rlIaOA3RlbQ6dAJoJVa67mk14I37Q6mHi8Uk1OO/jhZw==\n-----END AGE ENCRYPTED FILE-----\n"
16
-
},
17
-
{
18
-
"recipient": "age1xaxgua4xzu7p9545hwnzpal8rlpza95wjyz2d4at8jajsx38w4tsp87z5d",
19
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjREIvcFZ3MS83MjNld2k2\nb0tHWGRaWVZLdEhOajh6TEdWaXZ5czVIYUhRCjk0aWluWmdTck5jcDNJcmFWTGJo\nMm16RzhtTE5XZmtERDEvWVJPR1NuZ3cKLS0tIE4xdXNPamhiZjFpYUNNRmNxSHBx\ndFllbjZnU3U4VzIzT0pTRmF5REpIbGMKXBjWSScBKcHnSbOr1Fa2cs74Mj6pJCu+\nQzfORM8mjLpvrtXp2acKumcJmF5KjFx4Lm+w13O2iQvtZsfZrXw3Fw==\n-----END AGE ENCRYPTED FILE-----\n"
20
-
}
21
-
],
22
-
"lastmodified": "2026-01-04T11:06:07Z",
23
-
"mac": "ENC[AES256_GCM,data:3hKvWteqLJwQukDSgL4MjM/ea+XkXlBsDBeOk/LMP5DZ0WXtMmKzn59ZDFlXh/TemWTtnKN2SsPuE4aMcj0K67dmsduc5p0/rPQosg6Je69LT5TvsOAlC8Ih8Ja6+BgmKYZVyK5gpwgqcxqmmLQQnCjCQpoq828JeArulaK86vk=,iv:Sh+Y/rCqH/hx/WLhcDCoPLG1IWa+57jKhsw16tHe4ps=,tag:qGaK6GEHowBPUUtcU1ETng==,type:str]",
24
-
"version": "3.11.0"
25
-
}
26
-
}
-1
sops/wireguard/vps-wg-pubkey
-1
sops/wireguard/vps-wg-pubkey
···
1
-
XmsiJDtCYVBfuhq/0NELHf9XFYzuIkjmf+ahfMr9vVk=
-26
sops/wireguard/wg-pskey
-26
sops/wireguard/wg-pskey
···
1
-
{
2
-
"data": "ENC[AES256_GCM,data:ZbopfjTyE9dHFRLxJb3OA1xEIr6hvpCtxg0OM7uvuWVHD0G5nCPuOgHie/g=,iv:JPhfOfCaUHn7YeuonspnK8WW4s5mpXYDhNOm4o4vjJc=,tag:B1SNHSJtXQ1x+32k9rB/yA==,type:str]",
3
-
"sops": {
4
-
"age": [
5
-
{
6
-
"recipient": "age1est4jdeu803qv6jng7vrj9x92l3xs0mr6qwv6fpt0p7tdd26xd6s84k2pq",
7
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMkNXWFRYdE1xbDhuNUVU\nRHZxalpTY2JlUmoxU1hNYzVya0J5dFRMUTE4CkJMS0FFZDkxTlp4V3dPaTFrK056\nR3M1YlY1VTUvSk5HS0k0Sk9kbDlwWVkKLS0tIDM1MGdZQW83TGg2TVVZWkxXdGdR\nUTRNUGdLck00YVpBZWw2NXhQMXY4YTQK5umc9hIdPOU/7qKnIh1/E/Rwd9ax2Riw\negAnnHBSNnNPcCyi9Pob4s84nzscVIIBncA4ARILdUb9w9ZB71aJXg==\n-----END AGE ENCRYPTED FILE-----\n"
8
-
},
9
-
{
10
-
"recipient": "age1ep20tc9awnthysnluf2gf8ydr3egt26yutw527qn3ld00eugg9wqaedx0c",
11
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVjBubU1XbnhudFdrMXFM\nOWprTkpabkZpVS8wRENTeGJIWFp4RWhMSldvClpxTGdzOExkeUJOdzZrM0NCbCtR\ndlgyQ1RxaHo1Q2xJT21lYm9tNkZ5UDQKLS0tIHhrUTVYbGp2VzZiUUxOVDg3d0VO\nY1lHRHdiRVA5aE9qT0NLYjkrK1lrMmcKLZYmMNI/vFUf5eAZIQIfdk7Y+jS6K5Vw\nvUm6+L7XcQ6kdD+cauwEzGP1KtAD71FgalWABrxOnq3hqv7W4TKSTg==\n-----END AGE ENCRYPTED FILE-----\n"
12
-
},
13
-
{
14
-
"recipient": "age1w785k56chrrsc29jgkjzyvxfj3lx5sx56cm5fg6ldvychdga9umspddsfg",
15
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Qkw4R2VtZHc1cVBXMmhk\ndDB0K0NQNHhWNHVYZFFqQkhFWlJKb2JzREZ3CnAreVBzaUs2UTcxS1dTbVVNVmlG\nZEdyb05vaVBsc3J5RnhON1FkSWR2elUKLS0tIGtucjhKaXE1VWdWbGMxTzVwS0xR\nU3BZbXNYam0zM2E5Wjg5akdJdXA3NEEKXWU0dHaZYYNb+FszPoIaqB5+luNA/mtN\nJXqRzRSvJurtirvqt0wSq5rzOcIz0FKuscYQ3ADCthqRt3aix/k/qQ==\n-----END AGE ENCRYPTED FILE-----\n"
16
-
},
17
-
{
18
-
"recipient": "age1xaxgua4xzu7p9545hwnzpal8rlpza95wjyz2d4at8jajsx38w4tsp87z5d",
19
-
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyd3ZqYkRPdlNOejJlQy95\nekhJY2NVdExGOEhwdm9rY3p3bkZVbE5rZGcwCmI4ejFhREMzS2E1WW1aUzB3VFN0\ndjJMbjgzVmxHMzdqLzE0bjVHUmVZd2cKLS0tIFVwRGJHalF4T2FRV0w2TkVJbkFJ\nT1l2bG82OGp1anhGTTdIc3NpTWt3Q2MKlhHwkUgg4iy7UWXFH6d0hmZp6EU5CXw5\nJz0K/emJni76Ae7M+DxpsKRAzmtUYEknaRIYw06sMv13XnIivbfphg==\n-----END AGE ENCRYPTED FILE-----\n"
20
-
}
21
-
],
22
-
"lastmodified": "2026-01-04T11:06:06Z",
23
-
"mac": "ENC[AES256_GCM,data:XPnKWKenAXy4PNdaOUX5dsgxw7WGQ2grAXCn2DiaeVOLAJ34DESqtnGPE+VLc20va91jdWUtsloTcPfMtHNM7sXmVssHYKzO0+Fe8yko0p4MuMUb8kmj8h/o+ZWgHEs1ydUEtfQDIUPXt/AgJsU4guJkgql2fT2ULE/oD+307Bk=,iv:CO3xNGV/FrT2mhzyJ1gkfdHZ7D9OLB9ctndET8Wv5Po=,tag:lsOh5RENcUsoWxCGb2nRcg==,type:str]",
24
-
"version": "3.11.0"
25
-
}
26
-
}