完成分割（home manager 除外）

flake.nix

@@ -80,26 +80,34 @@
 						nix-vscode-extensions = inputs.nix-vscode-extensions.extensions."${prev.system}";
 					} )];
 				})
-				( import ./modules/basic/basic.nix { hostname = "chn-PC"; })
+
+				( import ./modules/basic.nix { hostName = "chn-PC"; })
+				./modules/fonts.nix
+				( import ./modules/i18n.nix { fcitx = true; } )
+				./modules/kde.nix
+				./modules/sops.nix
 				( import ./modules/boot/basic.nix { efi = true; })
 				./modules/boot/chn-PC.nix
-				./modules/display/basic.nix
-				./modules/display/chn-PC.nix
 				./modules/filesystem/chn-PC.nix
-				./modules/fonts/basic.nix
-				./modules/fonts/basic.nix
-				( import ./modules/i18n/basic.nix { fcitx = true; } )
-				./modules/kvm/guest.nix
+				./modules/hardware/bluetooth.nix
+				./modules/hardware/joystick.nix
+				( import ./modules/hardware/nvidia-prime.nix { intelBusId = "PCI:0:2:0"; nvidiaBusId = "PCI:1:0:0"; } )
+				./modules/hardware/printer.nix
+				./modules/hardware/sound.nix
 				./modules/networking/basic.nix
-				./modules/packages/basic.nix
-				./modules/printer/basic.nix
-				./modules/sops/basic.nix
-				./modules/sound/basic.nix
-				./modules/ssh/basic.nix
-				./modules/user/basic.nix
-				./modules/waydroid/basic.nix
-				./modules/zsh/basic.nix
-				./home/basic.nix
+				./modules/networking/ssh.nix
+				./modules/networking/wall_client.nix
+				./modules/networking/xmunet.nix
+				./modules/networking/chn-PC.nix
+				./modules/packages/terminal.nix
+				./modules/packages/gui.nix
+				./modules/packages/gaming.nix
+				./modules/packages/hpc.nix
+				./modules/users/root.nix
+				./modules/users/chn.nix
+				./modules/virtualisation/kvm_guest.nix
+				./modules/virtualisation/kvm_host.nix
+				./modules/virtualisation/waydroid.nix
 			];
 		};
 	};

modules/basic.nix

@@ -0,0 +1,12 @@
+{ hostName }: { pkgs, ... }@inputs:
+{
+	config =
+	{
+		nixpkgs.hostPlatform = "x86_64-linux";
+		nix.settings.experimental-features = [ "nix-command" "flakes" ];
+		networking.hostName = hostName;
+		time.timeZone = "Asia/Shanghai";
+		system.stateVersion = "22.11";
+		nixpkgs.config.allowUnfree = true;
+	};
+}

modules/basic/basic.nix

@@ -1,37 +0,0 @@
-{ hostname }: { pkgs, ... }@inputs:
-{
-	config =
-	{
-		nixpkgs.hostPlatform = "x86_64-linux";
-		nix.settings.experimental-features = [ "nix-command" "flakes" ];
-		networking.hostName = hostname;
-		time.timeZone = "Asia/Shanghai";
-		system.stateVersion = "22.11";
-		nixpkgs.config.allowUnfree = true;
-
-
-		programs.firejail.enable = true;
-		hardware.xone.enable = true;
-		hardware.xpadneo.enable = true;
-		hardware.bluetooth.enable = true;
-		services.xserver.synaptics.enable = false;
-		services.xserver.libinput.enable = true;
-		virtualisation.libvirtd.enable = true;
-
-		nixpkgs.config.packageOverrides = pkgs: rec {
-			wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs (attrs: {
-				patches = attrs.patches ++ [ ../../patches/xmunet.patch ];
-			});
-		};
-
-		environment.sessionVariables."GTK_USE_PORTAL" = "1";
-		xdg.portal.extraPortals = with inputs.pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
-		virtualisation.spiceUSBRedirection.enable = true;
-		networking.resolvconf.enable = false;
-		environment.etc."resolv.conf".text =
-		''
-			nameserver 127.0.0.1
-		'';
-		programs.xwayland.enable = true;
-	};
-}

modules/boot/chn-PC.nix

@@ -7,7 +7,7 @@ inputs:
 			initrd.availableKernelModules
 				= [ "ahci" "nvme" "sr_mod" "usb_storage" "virtio_blk" "virtio_pci" "xhci_pci" ];
 			kernelModules = [ "kvm-intel" ];
-			extraModulePackages = with inputs.config.boot.kernelPackages; [ cpupower xone xpadneo ];
+			extraModulePackages = with inputs.config.boot.kernelPackages; [ cpupower ];
 			extraModprobeConfig = "options kvm_intel nested=1";
 		};
 		hardware.cpu.intel.updateMicrocode = true;

modules/display/basic.nix

@@ -1,8 +0,0 @@
-{
-	config.services.xserver =
-	{
-		enable = true;
-		displayManager.sddm.enable = true;
-		desktopManager.plasma5.enable = true;
-	};
-}

modules/display/chn-PC.nix

@@ -1,12 +0,0 @@
-{
-	config =
-	{
-		services.xserver.videoDrivers = [ "nvidia" "intel" "qxl" ];
-		hardware.nvidia.prime =
-		{
-			offload.enable = true;
-			intelBusId = "PCI:0:2:0";
-			nvidiaBusId = "PCI:1:0:0";
-		};
-	};
-}

modules/hardware/bluetooth.nix

@@ -0,0 +1 @@
+{ config.hardware.bluetooth.enable = true; }

modules/hardware/joystick.nix

@@ -0,0 +1 @@
+{ config.hardware = { xone.enable = true; xpadneo.enable = true; }; }

modules/hardware/nvidia-prime.nix

@@ -0,0 +1,24 @@
+{ intelBusId, nvidiaBusId }: { pkgs, ... }@inputs:
+{
+	config =
+	{
+		services.xserver.videoDrivers = [ "nvidia" "intel" ];
+		hardware.nvidia.prime =
+		{
+			offload.enable = true;
+			intelBusId = intelBusId;
+			nvidiaBusId = nvidiaBusId;
+		};
+		environment.systemPackages =
+		[(
+			inputs.pkgs.writeShellScriptBin "nvidia-offload"
+			''
+				export __NV_PRIME_RENDER_OFFLOAD=1
+				export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
+				export __GLX_VENDOR_LIBRARY_NAME=nvidia
+				export __VK_LAYER_NV_optimus=NVIDIA_only
+				exec "$@"
+			''
+		)];
+	};
+}

modules/hardware/printer.nix

@@ -0,0 +1 @@
+{ config.services.printing.enable = true; }

modules/hardware/sound.nix

@@ -7,8 +7,7 @@
 		services.pipewire =
 		{
 			enable = true;
-			alsa.enable = true;
-			alsa.support32Bit = true;
+			alsa = { enable = true; support32Bit = true; };
 			pulse.enable = true;
 		};
 	};

modules/i18n.nix

@@ -12,7 +12,7 @@
 			inputMethod =
 			{
 				enabled = "fcitx5";
-				fcitx5.addons = with inputs.pkgs; [fcitx5-rime fcitx5-chinese-addons fcitx5-mozc];
+				fcitx5.addons = with inputs.pkgs; [ fcitx5-rime fcitx5-chinese-addons fcitx5-mozc ];
 			};
 		}
 		else {}

modules/kde.nix

@@ -0,0 +1,19 @@
+{ pkgs, ... }@inputs:
+{
+	config =
+	{
+		services.xserver =
+		{
+			enable = true;
+			displayManager.sddm.enable = true;
+			desktopManager.plasma5.enable = true;
+		};
+		environment =
+		{
+			sessionVariables."GTK_USE_PORTAL" = "1";
+			systemPackages = [ inputs.pkgs.libsForQt5.qtstyleplugin-kvantum ];
+		};
+		xdg.portal.extraPortals = with inputs.pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
+		programs.xwayland.enable = true;
+	};
+}

modules/kvm/guest.nix

@@ -1,7 +0,0 @@
-{
-	config.services =
-	{
-		qemuGuest.enable = true;
-		spice-vdagentd.enable = true;
-	};
-}

modules/networking/basic.nix

@@ -1,48 +1 @@
-inputs:
-{
-	config.networking.networkmanager.enable = true;
-	config.services.dnsmasq =
-	{
-		enable = true;
-		settings = {
-			no-poll = true;
-			server = [ "127.0.0.1#10853" ];
-			listen-address = "127.0.0.1";
-			bind-interfaces = true;
-			address = [
-				"/mirism.one/216.24.188.24"
-				"/beta.mirism.one/216.24.188.24"
-				"/ng01.mirism.one/216.24.188.24"
-				"/debug.mirism.one/127.0.0.1"
-			];
-			ipset = [
-				"/developer.download.nvidia.com/noproxy_net"
-				"/yuanshen.com/noproxy_net"
-				"/zoom.us/noproxy_net"
-			];	
-		};
-	};
-	config.services.xray = { enable = true; settingsFile = inputs.config.sops.secrets."xray.json".path; };
-	config.sops.secrets."xray.json" =
-		{ mode = "0440"; owner = "v2ray"; group = "v2ray"; restartUnits = [ "xray.service" ]; };
-	config.systemd.services.xray.serviceConfig =
-	{
-		DynamicUser = inputs.lib.mkForce false;
-		User = "v2ray";
-		Group = "v2ray";
-		CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
-		AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
-	};
-	config.users.users.v2ray = { isSystemUser = true; group = "v2ray"; };
-	config.users.groups.v2ray = {};
-	config.services.v2ray-forwarder = { enable = true; proxyPort = 10880; xmuPort = 10881; };
-	config.boot.kernel.sysctl =
-	{
-		"net.ipv4.conf.all.route_localnet" = true;
-		"net.ipv4.conf.default.route_localnet" = true;
-		"net.ipv4.conf.all.accept_local" = true;
-		"net.ipv4.conf.default.accept_local" = true;
-		"net.ipv4.ip_forward" = true;
-		"net.ipv4.ip_nonlocal_bind" = true;
-	};
-}
+{ config.networking.networkmanager.enable = true; }

modules/networking/chn-PC.nix

@@ -0,0 +1,9 @@
+{
+	config.services.dnsmasq.settings.address =
+	[
+		"/mirism.one/216.24.188.24"
+		"/beta.mirism.one/216.24.188.24"
+		"/ng01.mirism.one/216.24.188.24"
+		"/debug.mirism.one/127.0.0.1"
+	];
+}

modules/networking/ssh.nix

@@ -0,0 +1 @@
+{ config.services.openssh.enable = true; }

modules/networking/wall_client.nix

@@ -0,0 +1,49 @@
+inputs:
+{
+	config =
+	{
+		services =
+		{
+			dnsmasq =
+			{
+				enable = true;
+				settings =
+				{
+					no-poll = true;
+					server = [ "127.0.0.1#10853" ];
+					listen-address = "127.0.0.1";
+					bind-interfaces = true;
+					ipset =
+					[
+						"/developer.download.nvidia.com/noproxy_net"
+						"/yuanshen.com/noproxy_net"
+						"/zoom.us/noproxy_net"
+					];	
+				};
+			};
+			xray = { enable = true; settingsFile = inputs.config.sops.secrets."xray.json".path; };
+			v2ray-forwarder = { enable = true; proxyPort = 10880; xmuPort = 10881; };
+		};
+		sops.secrets."xray.json" =
+			{ mode = "0440"; owner = "v2ray"; group = "v2ray"; restartUnits = [ "xray.service" ]; };
+		systemd.services.xray.serviceConfig =
+		{
+			DynamicUser = inputs.lib.mkForce false;
+			User = "v2ray";
+			Group = "v2ray";
+			CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
+			AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
+		};
+		users = { users.v2ray = { isSystemUser = true; group = "v2ray"; }; groups.v2ray = {}; };
+		boot.kernel.sysctl =
+		{
+			"net.ipv4.conf.all.route_localnet" = true;
+			"net.ipv4.conf.default.route_localnet" = true;
+			"net.ipv4.conf.all.accept_local" = true;
+			"net.ipv4.conf.default.accept_local" = true;
+			"net.ipv4.ip_forward" = true;
+			"net.ipv4.ip_nonlocal_bind" = true;
+		};
+		environment.etc."resolv.conf".text = "nameserver 127.0.0.1";
+	};
+}

modules/networking/xmunet.nix

@@ -0,0 +1,7 @@
+{
+	config.nixpkgs.config.packageOverrides = pkgs: 
+	{
+		wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs ( attrs:
+			{ patches = attrs.patches ++ [ ./xmunet.patch ]; });
+	};
+}

modules/packages/basic.nix

@@ -1,84 +0,0 @@
-{ pkgs, ... }@inputs:
-{
-	config.environment.systemPackages = with inputs.pkgs;
-	[
-		beep neofetch screen dos2unix tldr gnugrep
-		pciutils usbutils lshw powertop
-		zsh ksh zsh-powerlevel10k zsh-autosuggestions zsh-syntax-highlighting 
-		vim nano
-		(
-			vscode-with-extensions.override
-			{
-				vscodeExtensions = (with vscode-extensions;
-				[
-					ms-vscode.cpptools
-					llvm-vs-code-extensions.vscode-clangd
-					ms-vscode.cmake-tools
-					ms-ceintl.vscode-language-pack-zh-hans
-					github.copilot
-					github.github-vscode-theme
-					ms-vscode.hexeditor
-					oderwat.indent-rainbow
-					james-yu.latex-workshop
-					pkief.material-icon-theme
-					ms-vscode-remote.remote-ssh
-				])
-				++ (with nix-vscode-extensions.vscode-marketplace;
-				[
-					twxs.cmake
-					ms-vscode.cpptools-themes
-					guyutongxue.cpp-reference
-				]);
-			}
-		)
-		(
-			pkgs.writeShellScriptBin "nvidia-offload"
-			''
-				export __NV_PRIME_RENDER_OFFLOAD=1
-				export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
-				export __GLX_VENDOR_LIBRARY_NAME=nvidia
-				export __VK_LAYER_NV_optimus=NVIDIA_only
-				exec "$@"
-			''
-		)
-		wget aria2 curl yt-dlp qbittorrent
-		tree git autojump exa
-		nix-output-monitor comma
-		docker docker-compose
-		apacheHttpd certbot-full
-		pigz rar unrar upx unzip zip
-		util-linux snapper gparted snapper-gui
-		firefox google-chrome
-		qemu_full virt-manager
-		zotero ocrmypdf pdfgrep texlive.combined.scheme-full libreoffice-qt
-		ovito paraview gimp # vsim vesta
-		(python3.withPackages (ps: with ps; [ phonopy ]))
-		element-desktop tdesktop discord qq inputs.config.nur.repos.xddxdd.wechat-uos inputs.config.nur.repos.linyinfeng.wemeet
-		remmina
-		bitwarden openssl ssh-to-age gnupg age sops
-		spotify yesplaymusic # netease-cloud-music-gtk inputs.config.nur.repos.eh5.netease-cloud-music
-		crow-translate
-		scrcpy
-		ipset iptables iproute2 wireshark dig nettools
-		touchix.v2ray-forwarder
-		mathematica
-		gcc cudaPackages.cudatoolkit clang-tools
-		inputs.config.nur.repos.ataraxiasjel.proton-ge
-		octave root
-		libsForQt5.qtstyleplugin-kvantum
-	]
-	++ (with inputs.lib; filter isDerivation (attrValues pkgs.plasma5Packages.kdeGear));
-	config.programs =
-	{
-		wireshark.enable = true;
-		anime-game-launcher.enable = true;
-		honkers-railway-launcher.enable = true;
-		nix-index-database.comma.enable = true;
-		nix-index.enable = true;
-		command-not-found.enable = false;
-		steam.enable = true;
-	};
-	config.nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1u" "electron-19.0.7" ];
-	config.nix.settings.substituters = [ "https://xddxdd.cachix.org" ];
-	config.nix.settings.trusted-public-keys = [ "xddxdd.cachix.org-1:ay1HJyNDYmlSwj5NXQG065C8LfoqqKaTNCyzeixGjf8=" ];
-}

modules/packages/gaming.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }@inputs:
+{
+	config =
+	{
+		environment.systemPackages = [ inputs.config.nur.repos.ataraxiasjel.proton-ge ];
+		programs =
+		{
+			anime-game-launcher.enable = true;
+			honkers-railway-launcher.enable = true;
+			steam.enable = true;
+		};
+	};
+}

modules/packages/gui.nix

@@ -0,0 +1,44 @@
+{ pkgs, ... }@inputs:
+{
+	config.environment.systemPackages = with inputs.pkgs;
+	[
+		( vscode-with-extensions.override
+		{
+			vscodeExtensions = (with vscode-extensions;
+			[
+				ms-vscode.cpptools
+				llvm-vs-code-extensions.vscode-clangd
+				ms-vscode.cmake-tools
+				ms-ceintl.vscode-language-pack-zh-hans
+				github.copilot
+				github.github-vscode-theme
+				ms-vscode.hexeditor
+				oderwat.indent-rainbow
+				james-yu.latex-workshop
+				pkief.material-icon-theme
+				ms-vscode-remote.remote-ssh
+			])
+			++ (with nix-vscode-extensions.vscode-marketplace;
+			[
+				twxs.cmake
+				ms-vscode.cpptools-themes
+				guyutongxue.cpp-reference
+			]);
+		} )
+		qbittorrent # tunder
+		gparted snapper-gui
+		firefox google-chrome
+		zotero texlive.combined.scheme-full libreoffice-qt
+		element-desktop tdesktop discord
+		# jail
+		qq inputs.config.nur.repos.xddxdd.wechat-uos inputs.config.nur.repos.linyinfeng.wemeet
+		remmina
+		bitwarden
+		spotify yesplaymusic
+		crow-translate
+		scrcpy
+	]
+	++ (with inputs.lib; filter isDerivation (attrValues pkgs.plasma5Packages.kdeGear));
+	config.programs.wireshark.enable = true;
+	config.nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1u" "electron-19.0.7" ];
+}

modules/packages/hpc.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }@inputs:
+{
+	config.environment.systemPackages = with inputs.pkgs;
+	[
+		ovito paraview # vsim vesta
+		(python3.withPackages (ps: with ps; [ phonopy ]))
+		mathematica octave root
+	];
+}

modules/packages/terminal.nix

@@ -0,0 +1,41 @@
+{ pkgs, ... }@inputs:
+{
+	config =
+	{
+		environment.systemPackages = with inputs.pkgs;
+		[
+			beep neofetch screen dos2unix tldr gnugrep
+			pciutils usbutils lshw powertop
+			ksh
+			vim nano
+			wget aria2 curl yt-dlp
+			tree git autojump exa
+			nix-output-monitor comma
+			apacheHttpd certbot-full
+			pigz rar unrar upx unzip zip
+			util-linux snapper
+			ocrmypdf pdfgrep
+			openssl ssh-to-age gnupg age sops
+			ipset iptables iproute2 dig nettools
+			gcc clang-tools
+		];
+		programs =
+		{
+			nix-index-database.comma.enable = true;
+			nix-index.enable = true;
+			command-not-found.enable = false;
+			zsh =
+			{
+				enable = true;
+				syntaxHighlighting.enable = true;
+				autosuggestions.enable = true;
+				enableCompletion = true;
+				ohMyZsh =
+				{
+					enable = true;
+					plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
+				};
+			};
+		};
+	};
+}

modules/printer/basic.nix

@@ -1,3 +0,0 @@
-{
-	config.services.printing.enable = true;
-}

modules/sops.nix

@@ -1,7 +1,8 @@
+inputs:
 {
 	config.sops =
 	{
-		defaultSopsFile = ../../secrets/chn-PC.yaml;
+		defaultSopsFile = ../secrets/${inputs.config.networking.hostName}.yaml;
 		age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 	};
 }

modules/ssh/basic.nix

@@ -1,3 +0,0 @@
-{
-	config.services.openssh.enable = true;
-}

modules/user/basic.nix

@@ -1,20 +0,0 @@
-{ pkgs, ... }@inputs:
-{
-	config =
-	{
-		users =
-		{
-			users.chn =
-			{
-				isNormalUser = true;
-				extraGroups = inputs.lib.intersectLists
-					[ "networkmanager" "wheel" "wireshark" "libvirtd" ]
-					(builtins.attrNames inputs.config.users.groups);
-				passwordFile = inputs.config.sops.secrets."password/chn".path;
-				shell = inputs.pkgs.zsh;
-			};
-			mutableUsers = false;
-		};
-		sops.secrets."password/chn".neededForUsers = true;
-	};
-}

modules/users/chn.nix

@@ -0,0 +1,16 @@
+{ pkgs, ... }@inputs:
+{
+	config =
+	{
+		users.users.chn =
+		{
+			isNormalUser = true;
+			extraGroups = inputs.lib.intersectLists
+				[ "networkmanager" "wheel" "wireshark" "libvirtd" ]
+				(builtins.attrNames inputs.config.users.groups);
+			passwordFile = inputs.config.sops.secrets."password/chn".path;
+			shell = inputs.pkgs.zsh;
+		};
+		sops.secrets."password/chn".neededForUsers = true;
+	};
+}

modules/users/root.nix

@@ -0,0 +1,16 @@
+{ pkgs, ... }@inputs:
+{
+	config =
+	{
+		users =
+		{
+			users.root =
+			{
+				passwordFile = inputs.config.sops.secrets."password/root".path;
+				shell = inputs.pkgs.zsh;
+			};
+			mutableUsers = false;
+		};
+		sops.secrets."password/root".neededForUsers = true;
+	};
+}

modules/virtualisation/kvm_guest.nix

@@ -0,0 +1 @@
+{ config.services = { qemuGuest.enable = true; spice-vdagentd.enable = true; xserver.videoDrivers = [ "qxl" ]; }; }

modules/virtualisation/kvm_host.nix

@@ -0,0 +1,2 @@
+# TODO: disable auto usb redirection
+{ config.virtualisation = { libvirtd.enable = true; spiceUSBRedirection.enable = true; }; }

modules/virtualisation/waydroid.nix

@@ -0,0 +1 @@
+{ config.virtualisation = { waydroid.enable = true; lxd.enable = true; }; }

modules/waydroid/basic.nix

@@ -1,7 +0,0 @@
-{
-	config.virtualisation =
-	{
-		waydroid.enable = true;
-		lxd.enable = true;
-	};
-}

modules/zsh/basic.nix

@@ -1,14 +0,0 @@
-{
-	config.programs.zsh =
-	{
-		enable = true;
-		syntaxHighlighting.enable = true;
-		autosuggestions.enable = true;
-		enableCompletion = true;
-		ohMyZsh =
-		{
-			enable = true;
-			plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
-		};
-	};
-}

secrets/chn-PC.yaml

@@ -1,4 +1,5 @@
 password:
+    root: ENC[AES256_GCM,data:WlD/i0GDlzeVsc4uJXVK+cRLvjATZGSbVCRedenTBayPeMebC6jrGPhsK4SSZIv3uw9RKztGGkziBTe61CCKwg/Rm0oFuF661A==,iv:YBPmukuz2tiVmIEBMClYjgzPf33NjmdqihcydD1gdhg=,tag:uURlnbNmEgo1qfoU0gPwEg==,type:str]
     chn: ENC[AES256_GCM,data:NMTdEfxBMqJP5bnLqinzQ1NP/4eCM3zzH5aR2HOoeu/p8BNp3JDspyuE+DkjVlb/uuVugnFPTOSASRZeEliG0B6NvpZ8gP1O/g==,iv:SNVxJ/xfdfAiVljlRMd5maIhxH0RBs90bqrypBubM6w=,tag:A7Wemy4eLcIUfV/sZ6//VA==,type:str]
 xray.json: ENC[AES256_GCM,data:eog9U3zt+Lx4QOlr0F4PGP73uUXrZcxa8NDVq13hmVpfu2T/CoF+Lwf8saJN9IdAOcECfgkrI2DiUZdAUO5LGQDDEyJywiJ/CnL6u+kwmkO9doidvG9ctB1VR2CG4M5wqXnybJp8b6osG6iL83q4prjo3YjFfGQFA/X05ssuzLneugK1pQrr9yaF7PvXvFBRwOKDbsmqDqSurTkU3QZMx3is2f0OeLYZEYk9XVNE7xeL1/33gObsP4KF5O2h466+7ezI7kP2vC2rl1VPQFtYAssoxK6qxWKErPhMCu+cDDYDMxqkeYmkgGBJEefpuk6IMNXctuwWwjojX5SEMN73kOHzJxykE/NhCbRDeNQjWz9qTpDaMZ36IFTc+U7nThYD85h9ppaedsXsQtLxhG29KM45h0CByBwJPY8Q1TNkV+jYsJWk6+DqSnWwMPsAKXnj/bhtpbslWlqk7uHn/6jzexu95y89ObjNtiR6YViufCAHlAGovijXv9lEjsZk+1xMNnD418a58jrUXoBGQjr+FT+i01zDnJga61KqAkhjgblG6j5pNVzsopITs1f90cxJjoNFvqh01EgPma3OlD6x5RmY3g/Mzc4yXreWS0KhICSvZwNT27DKCTVpSWRwz20yNU0OYy4MIo1CbZtvv9uQ6pO9m681IjHLZSP5pX19rqG0hfTkP3Wvya/G8hkHhmRDHUeptzKuZII1GVU3g9JfL4KbEeLZXeZRqKJ5N5kFwyUXytWEZpmj4XYdZF65BsGnC251EI0+LJdJy6vDcGTelbMHoyW8tZ50pQysy5gukf+hERuzgw0l81P5iRZoz9Mt/dNy2sA/EFxElZayDrIRlBilKvlTUr8qgswjj2kdR0sPgfM0aaD1mZFQ65MHVcJSua2gO/B5yXNmoLtZxFSYOuqHqHXN84T1rj8DxU5XXlatvK00U6nb73Xkwdjfe14bUTR05E3DvXwYLJ/LZL+nRgHgASnS2ECDn/DAw7UigwmXSaEPz6eQbOucNvtoq6xceJgeWuNM7ZSIq5JRufL6QnLXjoHmd8OgSG6xaR7wvQkg+YwnbhhpDbi+3AB+RlJkYSVoUUdPTi8sSxYZi4x+gRys20tRCWxUuvrIKhoimFi/lNDZn4fW93EEZT1KpoHxOzD424hdVWZ/9dV2O57ZArOVvnG8WQPGsFqVQ55dzpA4QI34GNDHkeQGNJb6JF1f+8x5AJGJPbRWqDBNRmjewr8xKZwRSpYl+OH9ijU4qk9dxpiynFXY6t2cJIzhMIgRBnvgD+zFAgbOX0t1jvguLeTDxq+5ZJLc9g15gKtQKOLyBx0XAV8xtpmqQX8KuPj+CKmKUJQ1WNWUkd9THXwsYjskb3L6frOubYo0M0pnXaF+hlyHpsJoz4pdUmsFRnByAr+QQAYUUnx2oxZ3gybpIkFHUOekuXVwx4ox87buJA3YsgDYUE6QP7AUgUdpUo4pssZw4Ym8IpqCuam6F04uC9RMdTfeJ0URTaP/fY91zlvU7zJjeG97N30uLiVx60rGeJXfwK5PxcjUH6DNSZL9utX9F25+D2tbHXgP+zYPQFRThIfF5FZtcMaEA1jBFByc5YifrD+UveMwcZhJvoLy+LG635GrhuJodX0f+UB5FqxiW5+jxseXxVXhnN76UvTa1gc2sUC0/wKHeNEkO0HSoTsI5vFDldD+Vl8NFCEe90hlmBDDS89C4RBYB38tSnGicngiki089N1D8jVl5zF+Ssek6pLk/IjIhPC3F7TEshnkJpakHa009B5b50HizuJofbe5+c37BSgiCSzo3iGXQDVC/0dB8uEzKXFbeo9sGT1ESUFSwFGHLeNNC1UkMRfam6KyRqC5/PtRA+kQzk2+vJ0gk4ghGzgzFAXMgH1FovYBIc0JnwxmTyZssXdYkv8kn1fM7I+VcdEAqMMwuzZk1Q1cV2lcAFH3agodLKkMNrur0r14kdLYhoOghcedJtzQVm288exYoMxyXNm70VKcA3IiMW9GXoGY4BAFCWLKbrTQWqGzr5+MY7lyQOK6umcDeH0+R1yDmuNIrv7oog0KYQeHl++upEAyDzbjxtvlsWlB0fXRM0chvh0NZ0dPHK+qPaYlCXXucTSnNu9QKnMr34xOGY1CazPAXV4Bvyf9BxLKVxnNd9E/NPA43XCrJhKwspM4GzAGss5k1icb4za7GocMIqFfMO4y93Ug8nbZkHKJ1kzbqnx0JjfQfEH2QBznRAkhCQN0crs1Zvewcx46oOPZNzoFZLpKrP2yVnQTl93gcsmS1iw/F62BscRtW7kwSvQ+GInUoF2PWlicX90ZvkoImtzcyNLmUJ219cBxdghng12vKwgj2qMXilGWfIdHSh6UF96DjGlhWbURXUlGT2aQL7qQtC6M/sLewjs3SVT1g2xj/5SrsxCs3Id6mIcKRZTX+OiKKTY1xAvL/Ga7I/M+nN+BBSqurWMHIDbnA4jJEQcWZKPcskVve4WHJlo9qUbHznWJQl1aA6ypUJQNk2+ztLbn2TJlXPj8MN5ET2ZAtzZ1E7BUKFfxQafB0MqRygpK8d+Vtz3AP1eyn8/J6lQ9iS5JSWZ7kokFZ2362klit+ogiDGfLAAgVd4vSSDyObEZLGA+bMAxDqEb0Uc9q69I7Phf3IZN9TD9uZFJjr/H6QdS8UEF5510GilqQAanzBRLGCKO74t+Dv7qLrk3wqXZihAYevalJ5BVak8dxXQd3xDLGst+qSUiyFWxIgIBA5GX1YdPXQN4R+WhARV9v1VFaOIUtLMJfRJHni3ZjVX0yjN8R3xFSKmKgKaOc+LuO8mY3gdXBkEc0dzfhhRFMaaLb8rLNwPnp/7pL6fkltxY7e7GxwCOXQXERDQqb0e8ocYb+Mfv/ua/xc7fkxYt9bksrhqmPUxz+XdfLb86QzSs/X2rrxkZWCiFdnRHOkrgRiymbJTPAeQX+ERA39YTZJkiRlEROK3kDm15oAT4iJ+WQQpExthNtUAbPtkptQt+iG1IK6cEFiNI/RQuaqRhSjViZ0RkFraZYCBxBfQZG5WAecItvuS4awGbTM/cd1N5aNU43DbuMNlkoaX81K7w6WKkaTOcQkGtwdEBsXKbeO9KRZmO8QauUjV+g5jH2ctz+PgYUg9gGIcHsdnA0dyp6ie4HNxqa2vLMln4nj7aJzyzE0lYDB6FHrC18TOZ3UNl6Pk5u0vJB+BZdp7MMCScLo/boxloKY0IRspCsRPDmJg0W/JlQ4ezmYHUYq/wplw8V6bI07bIr4TgTFXIWK61mH1Lz/fflu4/6hj3aCklY7KKESU7uf0JGrAmGTa8y3WHtlc9/ETXq1hJv0ulUzNcBe2fxn9FiNKOMRWtfhatMuWrtaSQIk0tYWW1xJ0ZvsJeGOfM1Edf56QhSW37SJin1gvbZE6mW1IjGW1tSUn1K6vebsKpLNXYDIZ4Pbi0ZZ4njhY90GgSiw2hSvUsdrklIabRP0/s4aVdPXSHmPVNGnxQHfjiMUDaXqqGJDRS7kLgOFq5ipmNQ3bP1J2U+PYgkAxL4TA5fXu9q1H5OTgrMzemAlvp5jI7MXOPlUaD+PBn0oBVM+l7KfqEOWFyX5XIZyrJCg1+PtIMy1/V3B45PVC4yuzkWNU3m+wzaYn/UDX7XpvgxywXXSq5AO63/nn7lnbl21e48BReXlDJ7aDjAPR97qOUEEvJoVuiWk4JONEdJVt9j5ad/Z1n,iv:KROMY3fOYmtbYVdtVnN1SJyRZEhU2tzJXxFvt3yitn4=,tag:7fAjJ3ARKZpOh2InLZihBg==,type:str]
 sops:
@@ -25,8 +26,8 @@ sops:
             OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
             +K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-05-27T12:56:16Z"
-    mac: ENC[AES256_GCM,data:MLRCHM7bPTOXzejkGAh2YcHxvxtAWfRop0sj7zHV5fIxBN7GP4H9JgKIFZAXRQJgP7UCRY7dGAVb9QM7kRUvOFxm4hSeFRRwfvt4er4a5x+SQocU+z6+50Q5qtOnkP7++SnJMfT0zfnmWe6MSCsebIOGAOVqMd06aVbSgO1mnD4=,iv:WZuETYLp4MISSsAGqjweK3+iWKHrf9CYJ5mkahM9LJw=,tag:6o9FB5zqD1ASMkQOVMkmkQ==,type:str]
+    lastmodified: "2023-06-09T12:41:46Z"
+    mac: ENC[AES256_GCM,data:EjQwSxxxCaFAngTnwDWM+VpR/nhNYrw1nQb6oEWckzic5ItTQ2+jFLwCjU6kGHCKH+jojxl6XhC6duLmYSn4fqPwxm/8ZjS9gMRuhG/P59exHlT8bUOq4Y3wqufm0DmNE5NEzgKD9f6A2oC7Ze20QHt+1z15dzBEaE9mt/kjytI=,iv:XbWY0/jFNy/VYYI/C2eYtTeWQmSDLw9dCYNqTN/GroI=,tag:NmQQzT/uezkb0cN/7upe6w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3