From 22808f39faccb861bce5ed50e222699583ae1ec1 Mon Sep 17 00:00:00 2001 From: DannyDannyDanny Date: Mon, 20 Apr 2026 19:58:16 +0200 Subject: [PATCH] =?UTF-8?q?feat(clan):=20re-enable=20dm-pull-deploy=20via?= =?UTF-8?q?=20forked=20clan-community=20=F0=9F=8C=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Stage 4e, take 2. Point the clan-community input at our fork's branch that sanitizes machine.name for data-mesher's file-name validator (upstream PR: clan/clan-community#25). Revisit this pin once merged. - flake.nix: clan-community.url → fork + fix branch - flake-modules/clan.nix: re-adds meta.domain = "clan", inventory.instances.data-mesher (sunken-ship bootstrap, both default), inventory.instances.dm-pull-deploy (sunken-ship push, both default action="switch"), and clanHostsModule that puts /etc/hosts entries for .clan → each machine's ZT IPv6 so libp2p multiaddr resolution works without a clan-domain DNS server. - Generator vars for data-mesher + dm-pull-deploy signing keys were regenerated on sunken-ship (data-mesher isn't packaged for aarch64-darwin, so clan vars generate runs on Linux). --- flake-modules/clan.nix | 50 +++++++ flake.lock | 125 +++++++++++++++--- flake.nix | 7 + .../identity.cert/machines/phantom-ship | 1 + .../identity.cert/secret | 18 +++ .../identity.cert/users/danny | 1 + .../identity.key/machines/phantom-ship | 1 + .../identity.key/secret | 18 +++ .../identity.key/users/danny | 1 + .../identity.pub/value | 3 + .../data-mesher-node-identity/peer.id/value | 1 + .../signing.key/machines/phantom-ship | 1 + .../signing.key/secret | 18 +++ .../signing.key/users/danny | 1 + .../signing.pub/value | 3 + .../identity.cert/machines/sunken-ship | 1 + .../identity.cert/secret | 18 +++ .../identity.cert/users/danny | 1 + .../identity.key/machines/sunken-ship | 1 + .../identity.key/secret | 18 +++ .../identity.key/users/danny | 1 + .../identity.pub/value | 3 + .../data-mesher-node-identity/peer.id/value | 1 + .../signing.key/machines/sunken-ship | 1 + .../signing.key/secret | 18 +++ .../signing.key/users/danny | 1 + .../signing.pub/value | 3 + .../data-mesher-network/network.key/secret | 14 ++ .../network.key/users/danny | 1 + .../data-mesher-network/network.pub/value | 3 + .../signing.key/machines/sunken-ship | 1 + .../signing.key/secret | 18 +++ .../signing.key/users/danny | 1 + .../signing.pub/value | 3 + 34 files changed, 337 insertions(+), 20 deletions(-) create mode 120000 vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/machines/phantom-ship create mode 100644 vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/secret create mode 120000 vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/users/danny create mode 120000 vars/per-machine/phantom-ship/data-mesher-node-identity/identity.key/machines/phantom-ship create mode 100644 vars/per-machine/phantom-ship/data-mesher-node-identity/identity.key/secret create mode 120000 vars/per-machine/phantom-ship/data-mesher-node-identity/identity.key/users/danny create mode 100644 vars/per-machine/phantom-ship/data-mesher-node-identity/identity.pub/value create mode 100644 vars/per-machine/phantom-ship/data-mesher-node-identity/peer.id/value create mode 120000 vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.key/machines/phantom-ship create mode 100644 vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.key/secret create mode 120000 vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.key/users/danny create mode 100644 vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.pub/value create mode 120000 vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/machines/sunken-ship create mode 100644 vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/secret create mode 120000 vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/users/danny create mode 120000 vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/machines/sunken-ship create mode 100644 vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/secret create mode 120000 vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/users/danny create mode 100644 vars/per-machine/sunken-ship/data-mesher-node-identity/identity.pub/value create mode 100644 vars/per-machine/sunken-ship/data-mesher-node-identity/peer.id/value create mode 120000 vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.key/machines/sunken-ship create mode 100644 vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.key/secret create mode 120000 vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.key/users/danny create mode 100644 vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.pub/value create mode 100644 vars/shared/data-mesher-network/network.key/secret create mode 120000 vars/shared/data-mesher-network/network.key/users/danny create mode 100644 vars/shared/data-mesher-network/network.pub/value create mode 120000 vars/shared/dm-pull-deploy-signing-key/signing.key/machines/sunken-ship create mode 100644 vars/shared/dm-pull-deploy-signing-key/signing.key/secret create mode 120000 vars/shared/dm-pull-deploy-signing-key/signing.key/users/danny create mode 100644 vars/shared/dm-pull-deploy-signing-key/signing.pub/value diff --git a/flake-modules/clan.nix b/flake-modules/clan.nix index 216f05b..3a1c1df 100644 --- a/flake-modules/clan.nix +++ b/flake-modules/clan.nix @@ -14,11 +14,30 @@ let import ../lib/home-manager-user.nix { inherit lib user homeDirectory stateVersion userImports; }; + + # ZT IPv6 addresses of the two clan machines. Clan publishes these as + # generated vars at vars/per-machine//zerotier/zerotier-ip/value; + # duplicated here so we can drop them into /etc/hosts at module-eval time. + sunkenShipZTv6 = "fdd5:53a2:de33:d269:6499:93d5:53a2:de33"; + phantomShipZTv6 = "fdd5:53a2:de33:d269:6499:936c:48a:bbdc"; + + # Shared across both servers: /etc/hosts entries so data-mesher's + # libp2p /dns/.clan/... bootstrap multiaddrs resolve over ZT. + clanHostsModule = { + networking.hosts = { + "${sunkenShipZTv6}" = [ "sunken-ship.clan" ]; + "${phantomShipZTv6}" = [ "phantom-ship.clan" ]; + }; + }; in { imports = [ inputs.clan-core.flakeModules.default ]; clan = { meta.name = "homelab"; + # data-mesher uses `.${domain}` as a libp2p /dns/ multiaddr. + # We don't run a DNS server for "clan" — per-machine networking.hosts + # entries (via clanHostsModule) resolve it to the host's ZT IPv6. + meta.domain = "clan"; # Inventory machines — required for `inventory.instances` role bindings # to resolve. Host-specific NixOS config lives under `machines.` @@ -37,6 +56,35 @@ in { roles.peer.machines.sunken-ship = { }; }; + # data-mesher — signed-file gossip protocol over libp2p (port 7946). + # Underpins dm-pull-deploy below. Files are registered + their allowed + # signers managed automatically via clan service exports. + # sunken-ship is the bootstrap node; phantom-ship joins via its + # /dns/sunken-ship.clan/... multiaddr (resolved via /etc/hosts). + inventory.instances.data-mesher = { + module.name = "data-mesher"; + module.input = "clan-core"; + roles.default.machines.sunken-ship = { }; + roles.default.machines.phantom-ship = { }; + roles.bootstrap.machines.sunken-ship = { }; + }; + + # dm-pull-deploy — pull-based NixOS deploy via data-mesher gossip. + # Our clan-community input is pinned to the branch that sanitizes + # machine.name for the status file name (upstream PR pending). + # sunken-ship is the push node; both servers run the default watcher + # with action="switch". + inventory.instances.dm-pull-deploy = { + module.name = "dm-pull-deploy"; + module.input = "clan-community"; + roles.push.machines.sunken-ship.settings = { + gitUrl = "https://github.com/DannyDannyDanny/dotfiles.git"; + branch = "main"; + }; + roles.default.machines.sunken-ship.settings.action = "switch"; + roles.default.machines.phantom-ship.settings.action = "switch"; + }; + # `clan machines update` connection target. Priority 2000 > ZT's 900 # and overrides the ZT service's root@ default. Using the ZT IPv6 as # the host makes updates work regardless of LAN DNS / mDNS state. @@ -63,6 +111,7 @@ in { clan.core.networking.targetHost = "danny@[fdd5:53a2:de33:d269:6499:93d5:53a2:de33]"; clan.core.networking.buildHost = "danny@[fdd5:53a2:de33:d269:6499:93d5:53a2:de33]"; } + clanHostsModule ../nixos/hosts/sunken-ship.nix config.flake.nixosModules.dotfiles-rebuild inputs.home-manager.nixosModules.home-manager @@ -81,6 +130,7 @@ in { clan.core.networking.targetHost = "danny@[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]"; clan.core.networking.buildHost = "danny@[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]"; } + clanHostsModule inputs.nix-openclaw.nixosModules.openclaw-gateway ../nixos/hosts/phantom-ship.nix config.flake.nixosModules.dotfiles-rebuild diff --git a/flake.lock b/flake.lock index 2de4459..0ad4b41 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,32 @@ { "nodes": { + "clan-community": { + "inputs": { + "clan-core": [ + "clan-core" + ], + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1776692203, + "narHash": "sha256-UtLlE2m4gaSjpN98/JjzPZqnSe0pTZvCXL1TsT0/Et4=", + "ref": "fix/dm-pull-deploy-hyphen-hostnames", + "rev": "ea5f670cb8690d5c209efd4777af4d391daa1ec2", + "revCount": 45, + "type": "git", + "url": "https://git.clan.lol/dannydannydanny/clan-community.git" + }, + "original": { + "ref": "fix/dm-pull-deploy-hyphen-hostnames", + "type": "git", + "url": "https://git.clan.lol/dannydannydanny/clan-community.git" + } + }, "clan-core": { "inputs": { "data-mesher": "data-mesher", @@ -13,8 +40,8 @@ "nixpkgs" ], "sops-nix": "sops-nix", - "systems": "systems", - "treefmt-nix": "treefmt-nix" + "systems": "systems_2", + "treefmt-nix": "treefmt-nix_2" }, "locked": { "lastModified": 1776557977, @@ -113,6 +140,27 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "clan-community", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775087534, + "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nixpkgs" @@ -134,7 +182,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -152,7 +200,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1681202837, @@ -425,9 +473,10 @@ }, "root": { "inputs": { + "clan-community": "clan-community", "clan-core": "clan-core", "disko": "disko_2", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "home-manager": "home-manager", "import-tree": "import-tree", "nix-darwin": "nix-darwin_2", @@ -460,6 +509,21 @@ } }, "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { "locked": { "lastModified": 1774449309, "narHash": "sha256-brhZ8DmuGtzkCYHJg4HEd602amKm89Y9ytsFZ5uWD1w=", @@ -475,21 +539,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "systems_3": { "locked": { "lastModified": 1681028828, @@ -505,7 +554,43 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "clan-community", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775125835, + "narHash": "sha256-2qYcPgzFhnQWchHo0SlqLHrXpux5i6ay6UHA+v2iH4U=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "75925962939880974e3ab417879daffcba36c4a3", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "clan-core", diff --git a/flake.nix b/flake.nix index 8b802e3..30e7d71 100644 --- a/flake.nix +++ b/flake.nix @@ -28,6 +28,13 @@ clan-core.url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; clan-core.inputs.nixpkgs.follows = "nixpkgs"; clan-core.inputs.flake-parts.follows = "flake-parts"; + + # clan-community: dm-pull-deploy etc. Pinned to our fork's fix branch + # until clan/clan-community#25 (machine.name hyphen sanitization) lands. + # Swap back to `archive/main.tar.gz` when merged. + clan-community.url = "git+https://git.clan.lol/dannydannydanny/clan-community.git?ref=fix/dm-pull-deploy-hyphen-hostnames"; + clan-community.inputs.nixpkgs.follows = "nixpkgs"; + clan-community.inputs.clan-core.follows = "clan-core"; }; outputs = inputs @ { flake-parts, import-tree, ... }: diff --git a/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/machines/phantom-ship b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/machines/phantom-ship new file mode 120000 index 0000000..18e1a3f --- /dev/null +++ b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/machines/phantom-ship @@ -0,0 +1 @@ +../../../../../../sops/machines/phantom-ship \ No newline at end of file diff --git a/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/secret b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/secret new file mode 100644 index 0000000..8dade2c --- /dev/null +++ b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:tWPgk97Zn1F81EuITs0GWe/hycZGreo0S1oYemuOXxpqdbq/kwKwdZydSxs4cZfXOVzf9nL8V8R01/prbfAMFBJl/OgWW5qFqv5Mj7mBDZWYOrDVW481hhkMuZGzlc+2f2Q6Enmugw1tKQa277KV6t9lZ1mrPYvzVqXh1ZJm4Ez8FJidwwmHkHxAeK8q1AkMXZKMNBBvt86VfTFmWlkhav53CUpGIvchdyAPw8c97sGTTd58L7r9xImR2ZtSgXl237q1NZC40+oUDMS6QB+l9JtAPus2BROQ84U0zImcLEuDh+cHGUnlowXPRvTL,iv:3E+iqOJy7mKBQE40doDEhlVS7yU6tsB2W99defE48gc=,tag:d0SnUTshXNewGECH2sTuJw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age18gtjh28qxeltg2r2tzxwl096crkqkqk8tjhersyf7mzdsddady7qs34x0m", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z21ES1dTMmZYN3pWTkpo\nY1dBVTY5K1UrT09xNnBWNWhTcWRQSHpyeDBzClBSRVJDeWxtM2ZjWHllWXV5ZHFM\nQ3BYbmhhUTF2dDlwYkRFbTBneGxoVFEKLS0tIHhvQWpTSGJvN2EvM29aenQxTG5L\nZUsvaUM0YWN6czUxM2FHWnhlL3pZREUKF3sKxQqPebE5DZQgYeChHlWcf89peqD1\nVTaZP8CDmLPxxXMOPt31PgOPwP36CHrYM12Fil3lXY31tM7fGw1hVA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUHBUQnZzc1ZXKzl5RlpG\ndWpKcEIrWE5RS01kOHZVWFNsNjFML3VwT21zCk1KV01JaWI4cHVVR1pOTCtPUU5n\nbVJPbWZmUzNTZ3dETWwwb3Nvb2t4MGsKLS0tIGFKRlB4ZzAvZEpWemZqYjJlT2pC\nOEhSYXRZOE9oUkRqVzUrWUxpK3dwb28KMrhCm/S1zF8ZqSkKE/dy2A/xiFwBOs0Y\nGtl9HJEAA/xx9gHAy7cuGe3sV8KLSySFUbdL3UE7OhqtuGJwt67hGg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-20T17:57:26Z", + "mac": "ENC[AES256_GCM,data:8W+KPrzQwbdXi+haUjvYjVjfN+/WmlQso4imTBI9RBYLJwX9e//sfvq4Jd2HOplb8lfIvPqbMUELKma95J3qbSmBTuU6JHP07D53KRz50ZfVH+f9U9yo35nmhLQzlSWAZY4mHF23eq8pyt2EJ5b0M1TLs5bG00FmjWG1ir8avLU=,iv:I6rMyCjLUCRwZOX2YiETgb73wlRhpkPA+8psgfWZnR0=,tag:0wieM5ylopWzr3g9QUfZzg==,type:str]", + "version": "3.12.2" + } +} diff --git a/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/users/danny b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/users/danny new file mode 120000 index 0000000..48e5c60 --- /dev/null +++ b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/users/danny @@ -0,0 +1 @@ +../../../../../../sops/users/danny \ No newline at end of file diff --git a/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.key/machines/phantom-ship b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.key/machines/phantom-ship new file mode 120000 index 0000000..18e1a3f --- /dev/null +++ b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.key/machines/phantom-ship @@ -0,0 +1 @@ +../../../../../../sops/machines/phantom-ship \ No newline at end of file diff --git a/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.key/secret b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.key/secret new file mode 100644 index 0000000..760b95d --- /dev/null +++ b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.key/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:vhKOKajk8ZG8Xjtj3dqgYETBjLIhvECvmVKP4LdrHa0sSK2IAm2dBO0vBaeHHst5pSzpRJuNJwwNhAZlO404puXSh2ul9/AopKSgGqr6DqDlgQDemSduCSmQRcQUfygQYB086mnACl+TUo4U0l7j/oDCVbIcvMM=,iv:RnjAM8KlFsdKvZ5h3l4PfXP3GzSun5cSQnfQL3KwOpw=,tag:7vp61F375LY4WOLHg9pTPg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age18gtjh28qxeltg2r2tzxwl096crkqkqk8tjhersyf7mzdsddady7qs34x0m", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5Y3JXOTAzQzlWdjE3b0oz\nUDBCb1dEY1BQUXltc0ZPUUttSDJmOStVRkFBCnliR0tPbEViTzZPZkt4ZGJoMGli\neWg4a3E5OE5taitsRzZQQkZ3dmJubW8KLS0tIDVGRW5TcStrVzY3ay91VGVGREFl\nMm5sWUpJY1JGOUtLSGxreHovN3RnWU0KqLtu8z+hm5S8M2U+ApZ5Wgw7HoiImamu\nVf9ARzgQ1G4kDKU7CW3nH7Oun876HoA1hcPnKgTlDSHMh95nMASC5A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBybHM4Mzh6UWFKU0JzdHdU\ncmpEM2VqRk9GRDRsL24wSmw1Y28vYStna3g4CjZhaEs2T3kzZTc1VmptWlBMVnpp\nTzJ3bnZtd2NSK2tiaDJHdUxFdWQ0ZzgKLS0tIHA0MFZPSjZYYUdUYmxLaGhsSVdn\nT20xVWczdWlPbFM3VXo2MkNJcTM1L2cKfOO02LLAxJPd1zsxj2fpntGRXSA3Lg3m\nW+1LoGFoFofZ0ds9MVls1ILZMdaBpHdQ4eF5B7IJt5B5Up9rk//p9g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-20T17:57:27Z", + "mac": "ENC[AES256_GCM,data:2qoVM/dTkE/qn2BPhDlUIFHg9nObArUh4yPVCzUng+wiLF9Umppl7DfzG0F+JNsKR087nMKYSEsN/yWeWdDaTfR6tOnTsxBj7ybNjUokNCTT5h4eN1RH1aAdOVXtFoF6EV1pkYN+uXuc0HhC04qVVgnFtLRO97oyI9CjgH7eSjI=,iv:MhW2NwpNlkahGw8V803NF9lEchQBue5BbDlJSv3HYTs=,tag:MyYA1QwKfxbwpyCsvXc76w==,type:str]", + "version": "3.12.2" + } +} diff --git a/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.key/users/danny b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.key/users/danny new file mode 120000 index 0000000..48e5c60 --- /dev/null +++ b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.key/users/danny @@ -0,0 +1 @@ +../../../../../../sops/users/danny \ No newline at end of file diff --git a/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.pub/value b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.pub/value new file mode 100644 index 0000000..7b15405 --- /dev/null +++ b/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.pub/value @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEACJQ3sNPsTp/ZnTQ3npwQKqYKH9Qw0Tqq+OYusLlGOyE= +-----END PUBLIC KEY----- diff --git a/vars/per-machine/phantom-ship/data-mesher-node-identity/peer.id/value b/vars/per-machine/phantom-ship/data-mesher-node-identity/peer.id/value new file mode 100644 index 0000000..84c7d2d --- /dev/null +++ b/vars/per-machine/phantom-ship/data-mesher-node-identity/peer.id/value @@ -0,0 +1 @@ +12D3KooWAPrWoqCMyrh4m1gYty5X9kANicXKnGwpiuLHEeeneKPe \ No newline at end of file diff --git a/vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.key/machines/phantom-ship b/vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.key/machines/phantom-ship new file mode 120000 index 0000000..18e1a3f --- /dev/null +++ b/vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.key/machines/phantom-ship @@ -0,0 +1 @@ +../../../../../../sops/machines/phantom-ship \ No newline at end of file diff --git a/vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.key/secret b/vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.key/secret new file mode 100644 index 0000000..ff816b6 --- /dev/null +++ b/vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.key/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:AabxVdVuPRrmARrCTedX0uwlVm1GVSCBJUo6fMCaHujCcPgx98lvj3o4RCBzfO/mFQ9W/cKbtisJjpoTBr4NRmldKCGQRmcKqeOfPIISjDLKe7nPxvQzmcZNySzkGMLlhgCPX9o0GZBWRKKPJdZaj8piXEFOijI=,iv:fyj9aqjf20QYFP/FBMWHe570lBaW+i33yKtnI3LIZ9c=,tag:iS6727dL1BK3DYGc3wYrKw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age18gtjh28qxeltg2r2tzxwl096crkqkqk8tjhersyf7mzdsddady7qs34x0m", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdnRRaVo4b2pLU3BSR212\nNVErNjVWUzZLQTVITVpYUXJKcWtjb3NEQ1FVCjRJUFBtS3NlUHlEUXViTkNaMmxy\nTTZyaWZWSlhZVG1zMjdCUnpYL3gyaVkKLS0tIGhkd01JQnpWeXdOSXBoeGJpVkgr\ndmh6RFJISnI3VUFpbXRPWnFicG8wTTQK1/1lyVDvmEmA/FaYb4Xh8u4ni/1bLszK\nVfyeFyJAIWlZmrvdDDovhdF1kRoywMd1e4yOsA3nzgRRSKmL8oLo/Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwVUFXUmlPbUdzam42Uzlp\nT0FBekRpS0djS1ArWGw1aFhrUDNDcGFZaTNRClZpTWY3SE1ld3JzZGdkODVnOStI\nVDRDODRBQ3Z3Q2wvVk1kVE94NmtjUVEKLS0tIGN2c29yR041bWJNOVlvYVVtTW12\nNnk2VjJkV0Vjb0UwSWorWVdRK21TZ3MKdLb8G7L0UG79OQ7RPooeXnRMV+cPA9Na\n/AeBv/dfrO1ScRxUb5px8EDtO2NAr32JdSNrgb98CQeveC2MuPSeXA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-20T17:57:26Z", + "mac": "ENC[AES256_GCM,data:UYlO50InICGG4KGIe+YB/Cu3d47u8hoby3mNZvwigkn86bfQImbAQdAlcyR3aGN6fzY41STDNEgZ+aP16gQzX8/MyIy17qHLOQs4SXcd9YW7uL8KmxkBcEAgEQ8XzH6eo8Y0I2nHxrhPATXVGfGV8qB2kky4PIMTl5pH4myZLgI=,iv:eF6ktICycC+IuYv6b1rTC7SsZkb96ev4zhmDbyU763w=,tag:w1ljE1/Iq/C+9bx+IyuAhw==,type:str]", + "version": "3.12.2" + } +} diff --git a/vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.key/users/danny b/vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.key/users/danny new file mode 120000 index 0000000..48e5c60 --- /dev/null +++ b/vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.key/users/danny @@ -0,0 +1 @@ +../../../../../../sops/users/danny \ No newline at end of file diff --git a/vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.pub/value b/vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.pub/value new file mode 100644 index 0000000..b2ecb64 --- /dev/null +++ b/vars/per-machine/phantom-ship/dm-pull-deploy-status-key/signing.pub/value @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAY4BNAbhjAHOXLg5kaHTxQ/fsYnwZaCGoaNT4MfwhIik= +-----END PUBLIC KEY----- diff --git a/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/machines/sunken-ship b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/machines/sunken-ship new file mode 120000 index 0000000..94c85c7 --- /dev/null +++ b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/machines/sunken-ship @@ -0,0 +1 @@ +../../../../../../sops/machines/sunken-ship \ No newline at end of file diff --git a/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/secret b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/secret new file mode 100644 index 0000000..8387bc5 --- /dev/null +++ b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:OmnzynETGrQK8os5sSZ2Uo6+Ssurkt8wqnJU3f5pNDNBwBPLlcYfDzslkHu4eDGLpiJnVwyFJPdzwSRuTqQOIRN3Z6stSf4ISVWQnwRDDAaYfm8tj9xL6vbjXugQW9F++weMhO9gvyraDmJP/wlaCAdfgiXo/LjVneRQDBozUfPxF7KKBb8GTjP4PGILep3/n8HyxEl3ibAvgUplsdh5ybW2IeZeHwI9fuRY1EE09vGgIi7TSyHD3bfkNwQTsotNsgO3Z5SBPWPDIN2n0NYtVcUfkpJJZbp3TjWUhZuciHtsXggw4/aeW4xQdpNV,iv:LxoBD3dV1JLGJt8f8O70heIg+oVuSKrdLAv2AxFgfc0=,tag:79cQmt6gGuMO5cfYfeZ4HQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGTkZMQnZmelNKanJ4cjhu\nbGNDOENpOGoydWFFM21VNytYYkFabkE0WmdFCkNPb2ZyZHRxd2l0WnN3c24yNlZH\nRFp4ZStaY1JCUmFxL0xxVERjTk5yWW8KLS0tIE1KQURtbkl1Q0RROGZTZ2xMK0tI\nWlFQd2VFcmU5dC9FRXZ0cW1adDFCa0kK8gko5J+LsnVTuSj8yS60L05bYruuno9d\nUYtAHcfbnZ9VfrAFH+uWfsPUoloqDOiRR0BQx6m6epWlAIRILni2kw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zy3q73pujauyajgfqwu0pnyy8732lzwvw87tu7p2xg3xuzaujc2qh6ql77", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEa2dHTWJ6RGVPTy9CRVdD\nN3dvcVd6RjRQdjJqdXlMdzNML25tYlpKTG1BCkR2ZUZqMHg2cG01UUNGOEttUTBM\nMVlpaUNTdEozd0MvN281QWczUEhLNHcKLS0tIFdGSG8vY3J1bktMM2tRekdmWFJJ\nNW5TaHNMVmc3Nm1OeE05Mk1xVVRxWFEKKpqi4WjKwb44Y3LrisJ0Nq5ftQljnrEN\nE/ardHaxYUCZaAuiBFSZeOG3+zrOc5+cNx74/ULAX4QaqHshJQpdKQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-20T17:57:27Z", + "mac": "ENC[AES256_GCM,data:Sc+5RNJuKJtsp9c22piVnUlUFvBeLGOKw1kwiyvUb48Hy9xVAP1YyzbopN7gVurdegoMvovz6iaM5pBC0xOlvGrHr6MvV5ET76N9hdacGCoFfSviKUQnDNQbic/yj9lJx5Nwpo05nf12R/NUCcXWCHkxv1jedpVRHclL8bEta5Y=,iv:WUVIqLnh81afVwdueOn59hK5+ijUI5iWrZKpqTLYSiM=,tag:I3uNmPwrnTbRWGDTBEjVRA==,type:str]", + "version": "3.12.2" + } +} diff --git a/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/users/danny b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/users/danny new file mode 120000 index 0000000..48e5c60 --- /dev/null +++ b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.cert/users/danny @@ -0,0 +1 @@ +../../../../../../sops/users/danny \ No newline at end of file diff --git a/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/machines/sunken-ship b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/machines/sunken-ship new file mode 120000 index 0000000..94c85c7 --- /dev/null +++ b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/machines/sunken-ship @@ -0,0 +1 @@ +../../../../../../sops/machines/sunken-ship \ No newline at end of file diff --git a/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/secret b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/secret new file mode 100644 index 0000000..6dc938c --- /dev/null +++ b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:UhTbEIclwoIKcQaAMS/ZNkGrgg3HqkA3SHVBSHJ+wBI6x4i3dnAfIi08NstykkaKfMSJX0ELADiXu9rAqC/XHLHChYJ9yp9bdV/FzhaHHiJ61uVPSpgeJf9lPmirG5cNx15my3vFu9iElNuVoj1SrQJCOHdtw98=,iv:dJV6lBytRAyVyuLIGu8I7rYYd4ybKea7/j9ZMMRB5ck=,tag:QgTQApvKJAsFN2Gpxyse0g==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybjQ2MDMwTUtOZDRsc1pV\nYnhTK1FMZkVZcElSVVQwNkc0V0w1aGY1VDE4ClUwMlA3VlBLTTF0bDRBWEZsTDZK\nNzlTcWtFU0w3dEdMcmVSVWJQSndNbXcKLS0tIEZEUXFwd2JaUDNDVDh5aFVWL20y\nSGFJUVUvMmZwOTFsZEhhZHFHRXJKODgKbySNJmTEDJ+0HxsmFuaIUWzLZ47HvATg\nxuYsiSXJGnermo4yxgRuisX68wLzaTVMRfdV7cK9Mqzq0gDOi6s/VQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zy3q73pujauyajgfqwu0pnyy8732lzwvw87tu7p2xg3xuzaujc2qh6ql77", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2Q3R6L2Q3ZFRKMmFqbkdT\nK1lTOGRtK2tvVk5yZXpsN1hvR0laWTZHQ1dFCkphNzB1dE5TbWJrQU8va202UXRT\nSkdZM3FpZ2VWOExhaVVNMHROd1drb2sKLS0tIGZtZHZ2VzZJMi9tcHFMSGpodFk4\nbjlnd3NvMHdXSEovQ0txT2J2N1lzeTAKxpCIqP3TNazm96Zxsk+rhwY9CVj9cIDl\nBelBCK7fOSodayheZkAIcnOWUDGOOMuFqXGDo/HC2HmzyJsco5KkMg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-20T17:57:27Z", + "mac": "ENC[AES256_GCM,data:uHHOi9nYi+6QKOxjmLeOUH+0oVWvSYLWc9Vkryx1ADo58GjS4BwgFcXJaw+bnGPy1lvZzA0MdqSFL5Fb/9mFVZpt0PMGD1YjGkr8dZN2eZOYbH7ysBjv91GIDewGOpKGJQKQhmMuwfE1MkaBk6WfRD5IAK6fged+0Jr+CGE81jc=,iv:Wu0aPXx41nIr4MQGAW/4rpSbHNtdlgu+IxEP6oISINg=,tag:qLRQhOma2ly3kkRHVMYgbA==,type:str]", + "version": "3.12.2" + } +} diff --git a/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/users/danny b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/users/danny new file mode 120000 index 0000000..48e5c60 --- /dev/null +++ b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.key/users/danny @@ -0,0 +1 @@ +../../../../../../sops/users/danny \ No newline at end of file diff --git a/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.pub/value b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.pub/value new file mode 100644 index 0000000..7451d16 --- /dev/null +++ b/vars/per-machine/sunken-ship/data-mesher-node-identity/identity.pub/value @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAs7iffRVJb66z4p0hBZkEFdYx/YG4V8QLrd1GfXx2gLA= +-----END PUBLIC KEY----- diff --git a/vars/per-machine/sunken-ship/data-mesher-node-identity/peer.id/value b/vars/per-machine/sunken-ship/data-mesher-node-identity/peer.id/value new file mode 100644 index 0000000..2934a53 --- /dev/null +++ b/vars/per-machine/sunken-ship/data-mesher-node-identity/peer.id/value @@ -0,0 +1 @@ +12D3KooWMuvRnpEv9XEqyYnFcqKZALBS3Vhqi3zHSn4t4vwedkF9 \ No newline at end of file diff --git a/vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.key/machines/sunken-ship b/vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.key/machines/sunken-ship new file mode 120000 index 0000000..94c85c7 --- /dev/null +++ b/vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.key/machines/sunken-ship @@ -0,0 +1 @@ +../../../../../../sops/machines/sunken-ship \ No newline at end of file diff --git a/vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.key/secret b/vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.key/secret new file mode 100644 index 0000000..59985c1 --- /dev/null +++ b/vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.key/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:C5ryB5qyQuwORAVwjQkPq/Lq6eGPWNVmVmI/ltsTDBEiNxb6MR1EUOykNeBdEv6P9CyLDp4J1c/5KzcBj/Ice1xu6qi7Bk2y2SyNLzCWscegNHDzDs59y2e9GuOHcIF3RTr/pPThe1nBIFulbmt49IEynjzqJlY=,iv:EtR0kaVQFMx7T9PqetFXnSrCr0O8SP2D2ZqXM+/rxcw=,tag:ITBNfT0DrkTGr/CcX9OHxA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQ21BS2xNSExrcXFWTWhl\nWkZ1OU9NUXRVSisyWFB4T2J1U0FaZ2lTZERVCllZNnVMdUdmcFNQVE5PVGpPb0tL\nbjBPaitlVUh5RkRPNWtVQ2FxQmdiRGsKLS0tIFNVUWxnNHBzNkVYanBIWHhnVGsv\nTzh0Z3hWUkRiNHlZc0ZibHNKRmNwK1UKsf3GK7garT04sC2U2xT3vvGrmKv8K9jv\nzEAVeJl6V2gDyz5oKEj9q8g/6tf+G4DUx9dOD6N/UbkRElKFSmbNnQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zy3q73pujauyajgfqwu0pnyy8732lzwvw87tu7p2xg3xuzaujc2qh6ql77", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArNndjQnNjSFl0cllRTHdH\nSGJlNE5lMlpwMkFDRmViZ0JQelpkdXZtMVZ3CnlyNytrSmlwQlgzZ2VuWUJjbEI1\nVzh5S0FsWE5kVE1TWWFrOHU5eHdDVkUKLS0tIFJwdmp5R1luVjVDMFNjTDBPNzln\nUTN0aVlPTXNCUzBMazltRGRDSVRaVVEKnm/nokIWdRz/niLzC4WKE1BWVuy+KtQ5\nXZl7/aFGywxI7ux8dA+REz6FI6ZZb8B/lJ6+SkWP4s4/Z5DQ+Vkq2w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-20T17:57:26Z", + "mac": "ENC[AES256_GCM,data:O+tJvNVJQ/+7zy5W5dxUVSKSUjiziKdqxv8Y/0GKoY8gJUzAOFD8UiUoFiQind+JOeH/jiSrLQPcq0jarWu1Cb7hGN+bwlySEhIyx4H9rYtZb99EueBCemQIQIsnoD8sSpif7CQdALedjPltJvs5ST4QqMvNPVVktExwATFdvYI=,iv:Y/NvE3i5guJoX8mA+mbAupo06OK2OiY+2YjgcLa/zcA=,tag:z+U7w2D9j6Fmn3UTevkLjg==,type:str]", + "version": "3.12.2" + } +} diff --git a/vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.key/users/danny b/vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.key/users/danny new file mode 120000 index 0000000..48e5c60 --- /dev/null +++ b/vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.key/users/danny @@ -0,0 +1 @@ +../../../../../../sops/users/danny \ No newline at end of file diff --git a/vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.pub/value b/vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.pub/value new file mode 100644 index 0000000..079ec76 --- /dev/null +++ b/vars/per-machine/sunken-ship/dm-pull-deploy-status-key/signing.pub/value @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAFXu2waW6Rrc2Ro8iIcx1PH1oS45zNbfHg+F49VPYkeg= +-----END PUBLIC KEY----- diff --git a/vars/shared/data-mesher-network/network.key/secret b/vars/shared/data-mesher-network/network.key/secret new file mode 100644 index 0000000..676be36 --- /dev/null +++ b/vars/shared/data-mesher-network/network.key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:N5diXVSyLS5354gi5UcSK7iWflVH549PGf4ugg/mIk0utPBscDV/9HaRCn5KWvprBeLmAgnSrFs9syU17Zwwf7FHPE1RfhalN+Pi0sesttMIBc9Bni7IcmVpFY+pXJxoqGdIkM7grEtWBquJWh1cSL1ICbG4Vz0=,iv:jdEXN0pyyYnsCtr0qEI5e3e8s1GS6Lk0HnZBI6q0Wb8=,tag:JPLfvnOFdfRtWREumJ3sow==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqaGt1dGY3RmZJaW9icGJw\nZ1RGQStFN3Z4R3BrcXVHRmZGOE1FcjFhRUM4Cmd5UnNmMFVpYU5CbFNicTBBS0tQ\nWUdOMnBMZk1Qc3NrY1NIMjJFc01PcU0KLS0tIG1sOFk1VEFyQmZuczZUeC9hSWZ3\nL0FXelZ2b3RrbVZMSGJOSDk2bDZkNU0KNVGQqSX5jSxLqAcvjyofkDP8rudeusEN\nrfrrqmvP6NUgiuQiBAWpXFS6Vt8aNIWwhpk/Ij3zw0rNWH4wdV5YSg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-20T17:57:25Z", + "mac": "ENC[AES256_GCM,data:LB+xpBT4SsjEZKMBE5JMATxOKGmLITAurL5ZAtCT1eVBJ+2kf7hp/EdmW29RrqeRZhQe3vVVo37qsud+jkACMYODmMBAzhwz7i2c2OQBFoz65MKth74B1BaV1AIfiCxghNbFExqfwV4SCnV4XntHxYelG97GfV9hWCLRdykaD10=,iv:fnkmHHJiwtfIC4F3FXXXH4vDmFls72F1UqhL45pvAsI=,tag:8fvUupt25Ta+CA9QExtpzg==,type:str]", + "version": "3.12.2" + } +} diff --git a/vars/shared/data-mesher-network/network.key/users/danny b/vars/shared/data-mesher-network/network.key/users/danny new file mode 120000 index 0000000..dcece98 --- /dev/null +++ b/vars/shared/data-mesher-network/network.key/users/danny @@ -0,0 +1 @@ +../../../../../sops/users/danny \ No newline at end of file diff --git a/vars/shared/data-mesher-network/network.pub/value b/vars/shared/data-mesher-network/network.pub/value new file mode 100644 index 0000000..9795e07 --- /dev/null +++ b/vars/shared/data-mesher-network/network.pub/value @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAdB1Fz8Y5HZxHcr+gvbpjG14MWVYZsHxDDRymsd0sQU8= +-----END PUBLIC KEY----- diff --git a/vars/shared/dm-pull-deploy-signing-key/signing.key/machines/sunken-ship b/vars/shared/dm-pull-deploy-signing-key/signing.key/machines/sunken-ship new file mode 120000 index 0000000..38ff05e --- /dev/null +++ b/vars/shared/dm-pull-deploy-signing-key/signing.key/machines/sunken-ship @@ -0,0 +1 @@ +../../../../../sops/machines/sunken-ship \ No newline at end of file diff --git a/vars/shared/dm-pull-deploy-signing-key/signing.key/secret b/vars/shared/dm-pull-deploy-signing-key/signing.key/secret new file mode 100644 index 0000000..ebac713 --- /dev/null +++ b/vars/shared/dm-pull-deploy-signing-key/signing.key/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:SFWdcWNOT/lPnlk/03UrsejGiUiSE4540V0UVmd/2KxOnPf2463wlbCnx1pg4Y3dOScohNyM6MIU60/E8AZrQWUSYPM6RPVvW9Bpgb8WByUUABlxH3CxZth3ygpJGez/fchWFjkFUyydhcVWpm6UxmNnjhTwvq8=,iv:/n1pHl1DHy4pCVn1QuEK/+ud14ZWd0E5JfiMe8tczy0=,tag:NG8sO8Y8dujHVSh5d/ugFw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjNmVGOUhDdHNlUm5GRjJo\nZFJJbUQyZys4ZjFiRUlyWUxuUnBuWmkyckVFCi8wZmdSeVBzbis4b1JZcU5QSDRp\nYXJBNzVIeXhSSnIyK1FTUDhUNFR2SVEKLS0tIFZtV0ZsRjdaaXMxbXF6S0VjV1J3\nelBUYWx0ZXpNMVZoK0dKdFdMYUpaMUEK1H4mOKs8CEtJ2P2aFkd9C2I7BRoqdZX9\nCowzfdUPQK3XwYxK0e+qM/eSPMsQr+IgPX4GtpIrkPUtkr9yNlXdTA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zy3q73pujauyajgfqwu0pnyy8732lzwvw87tu7p2xg3xuzaujc2qh6ql77", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeHB1d0hrenZxZVVaWDgr\nbjYzcEY5VjNqL3FIR2NyYkd3bzBXNmFnNFZnCkY5TlplcEhqd2JUOFdoZzdtTWJs\ncW5rbWNkUnZ6SXJzd3ltM0FDeGIyZzAKLS0tIDZKdjZuaGdLUFVrMUE4RG1SSi83\nTVM1b1dTeVppQ3ZmLzExOVFob3VxR0EKziFYIaTcseeGJgLzb4ZgTnAnwlPavqGZ\nQ2/zQjn3i1vu1Et/qlhxQGg4AxmP976b23iwm+JYn901i00VClOuJg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-20T17:57:26Z", + "mac": "ENC[AES256_GCM,data:Qb3eJPq4m95zvteRXmDqReXiNrGDIHsh4PLYC/BRVJKLH2NJcygFj7DRuMHsM8TITEewvee96wInBim8porAGnNPGVl9GZpKU8gVT1JPWbbWYa28AegFoTgLw7nsGfyGYtAso6NfN9uuBggFf6zHBeSbg1p87hUbyRhjnp7xnOg=,iv:ugJKegaaH/FKsGrvWXdwVojb/yAwKtREF3Ng/2qgsIY=,tag:jsZ2QnHuje683C/wM/OGHg==,type:str]", + "version": "3.12.2" + } +} diff --git a/vars/shared/dm-pull-deploy-signing-key/signing.key/users/danny b/vars/shared/dm-pull-deploy-signing-key/signing.key/users/danny new file mode 120000 index 0000000..dcece98 --- /dev/null +++ b/vars/shared/dm-pull-deploy-signing-key/signing.key/users/danny @@ -0,0 +1 @@ +../../../../../sops/users/danny \ No newline at end of file diff --git a/vars/shared/dm-pull-deploy-signing-key/signing.pub/value b/vars/shared/dm-pull-deploy-signing-key/signing.pub/value new file mode 100644 index 0000000..0f96494 --- /dev/null +++ b/vars/shared/dm-pull-deploy-signing-key/signing.pub/value @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEA2tgf1jPcQ0GEIsEU4/iVsrg4Wi9WSgCpbKarBKhpxPQ= +-----END PUBLIC KEY-----