lander/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add heimdall

Browse source 
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
This commit is contained in:
Lander Van den Bulcke 2025-09-18 13:40:53 +02:00
parent 1a53b3e5c8
commit f0b06f9250
Signed by: lander
GPG key ID: 0142722B4B0C536F
6 changed files with 569 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

73
flake.lock generated
View file

@ -108,6 +108,22 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -367,6 +383,26 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"nixos-wsl": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1758123407,
"narHash": "sha256-4qwMlR0Q4Zr2rjUFauYIldfjzffYt3G5tZ1uPFPPYGU=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "ba2b3b6c0bc42442559a3b090f032bc8d501f5e3",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "main",
"repo": "NixOS-WSL",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1756266583, "lastModified": 1756266583,
@ -431,6 +467,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1757745802,
"narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1757810152, "lastModified": 1757810152,
"narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=",
@ -446,7 +498,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1741246872, "lastModified": 1741246872,
"narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=", "narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=",
@ -462,7 +514,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1738797219, "lastModified": 1738797219,
"narHash": "sha256-KRwX9Z1XavpgeSDVM/THdFd6uH8rNm/6R+7kIbGa+2s=", "narHash": "sha256-KRwX9Z1XavpgeSDVM/THdFd6uH8rNm/6R+7kIbGa+2s=",
@ -478,7 +530,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1730768919, "lastModified": 1730768919,
"narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=",
@ -494,7 +546,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1722813957, "lastModified": 1722813957,
"narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
@ -513,7 +565,7 @@
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nixvim": "nixvim_2", "nixvim": "nixvim_2",
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
@ -534,7 +586,7 @@
"nixvim_2": { "nixvim_2": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_5",
"nuschtosSearch": "nuschtosSearch" "nuschtosSearch": "nuschtosSearch"
}, },
"locked": { "locked": {
@ -577,9 +629,9 @@
}, },
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"gitignore": "gitignore_2", "gitignore": "gitignore_2",
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1741350116, "lastModified": 1741350116,
@ -602,7 +654,8 @@
"headplane": "headplane", "headplane": "headplane",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixos-mailserver": "nixos-mailserver", "nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs_2", "nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim", "nixvim": "nixvim",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
@ -695,7 +748,7 @@
"tidalcycles": { "tidalcycles": {
"inputs": { "inputs": {
"dirt-samples-src": "dirt-samples-src", "dirt-samples-src": "dirt-samples-src",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_7",
"superdirt-src": "superdirt-src", "superdirt-src": "superdirt-src",
"tidal-src": "tidal-src", "tidal-src": "tidal-src",
"vim-tidal-src": "vim-tidal-src", "vim-tidal-src": "vim-tidal-src",

10
flake.nix
View file

@ -23,6 +23,9 @@
home-manager.url = "github:nix-community/home-manager/release-25.05"; home-manager.url = "github:nix-community/home-manager/release-25.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
# nixos-wsl
nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
# neovim # neovim
nixvim.url = "git+https://git.escapeangle.com/lander/nixvim.git"; nixvim.url = "git+https://git.escapeangle.com/lander/nixvim.git";
@ -106,6 +109,13 @@
./hosts/widar ./hosts/widar
]; ];
}; };
heimdall = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs outputs; };
modules = [
./hosts/heimdall
];
};
# servers # servers
db-01 = nixpkgs.lib.nixosSystem { db-01 = nixpkgs.lib.nixosSystem {

10
home/lander/heimdall.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
imports = [
./global
./features/workstation
];
home.packages = with pkgs; [
];
}

17
hosts/common/optional/yubikey-gpg.nix
View file

@ -1,8 +1,18 @@
{ config, lib, pkgs, ... }: { lib, pkgs, ... }:
{ {
hardware.gpgSmartcards.enable = true;
programs.ssh.startAgent = false; programs.ssh.startAgent = false;
services.udev = {
enable = true;
packages = [ pkgs.yubikey-personalization ];
extraRules = ''
SUBSYSTEM=="usb", MODE="0666"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", TAG+="uaccess", MODE="0666"
'';
};
services.pcscd.enable = true; services.pcscd.enable = true;
programs.gnupg.agent = { programs.gnupg.agent = {
@ -15,5 +25,8 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
yubikey-personalization yubikey-personalization
yubioath-flutter yubioath-flutter
opensc
pcsclite
libfido2
]; ];
} }

432
hosts/heimdall/BASF_all.pem Executable file
View file

@ -0,0 +1,432 @@
-----BEGIN CERTIFICATE-----
MIIGTzCCBDegAwIBAgIQZ9JTwDZHdGv1S3/2jQl3mTANBgkqhkiG9w0BAQsFADBD
MQswCQYDVQQGEwJERTENMAsGA1UEChMEQkFTRjElMCMGA1UEAxMcQkFTRiBSU0Eg
Um9vdCBBdXRob3JpdHkgLSBHMTAeFw0yMTEwMTIxNTI1MzNaFw0zNzEwMTIxNTI1
MzNaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKEwRCQVNGMSIwIAYDVQQDExlCQVNG
IFJTQSBQb2xpY3lDQSBMQSAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAv5kRAtBGmbXAz6KnYIUvDrdP4IRmoOnw+6QTPjijOR4fXr5/o9MqosSa
CRlQWPIzNecptSQ6s2BHspWUN/IRdNEYZBszeEJp+7djHuES8VKu9r33UVxzb4P6
wyYR2hxdw1kLKbmn4c4Hs9NnBKuduH1QupzPRkm1uYGnFlFrLo/0nbuaMmhBJX9N
sGEfyT/aj+c3aR6FIu3Xgrv+wias6BLmqLKzWKC+IYnkOERW70QRvnT21/fl5REZ
M7mbCD9/MTDlzx/5XAOXWatFEAUZoBdS0aoLNgAvs+G7XcCfz8vBZiLFr4AOa0V6
2oZfOnNZSjjA4k6mxN1Tcx3fTOGpljDI90rT49+CXSO1/w3Ilcz6JffeWYhwZibG
IHgxarGjyap39hOdFlo2AU5QfOXcPuUCHOgKcpuUFaeR45zb+6RnmWTd7N0513cU
EMf7xYpwoL2rBP3rY2TtNRMIRxmVzc1yFjnp2CV1lyrRRKjgkUvx8viH7PIlnGgE
1xe0C4LKWfNxZ6QjraElyqGIg7TGO5FEyKUoiQGBjHRpNhHUL6hhx9R0GdfpuGyn
cCyxggQZ0bHJuuw7uTVFVx/QvNJIE039n+lXzE6vmFg7FQ1JkAFW1S2vF+JrE6Dh
vv6biOFIzeYKcbuFaV+5U6fOV2RQbm00/VPtSBQI/iwN1g10oH0CAwEAAaOCAUAw
ggE8MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEIeIBTaSLUcMBEGA1UdIAQK
MAgwBgYEVR0gADATBgNVHSMEDDAKgAhNHOn/PQqTbTBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRGh0dHA6Ly9wa2l3ZWIuYmFzZi5jb20vRzEvQkFTRiUyMFJT
QSUyMFJvb3QlMjBBdXRob3JpdHklMjAtJTIwRzEuY2VyMA4GA1UdDwEB/wQEAwIB
BjB8BgNVHR8EdTBzMHGgb6BthjFodHRwOi8vcGtpLWNybC5iYXNmLmNvbS9HMS9C
QVNGLVJTQS1Sb290Q0EtRzEuY3JshjhodHRwOi8vcGtpLWNybC1iYWNrdXAuYmFz
Zi5jb20vRzEvQkFTRi1SU0EtUm9vdENBLUcxLmNybDANBgkqhkiG9w0BAQsFAAOC
AgEAdHX+kn8K6kcjFucv1BN1jftybTw6ZbhYbWBAJiM2mdTJrAVa1FCCVRj99lMR
+ypvrBFu5ZqREqpSWVb8Tml1/MHDfLWPniMYSMhcEwspzJ8vJVjU4bW1JnB0dCpg
mPiMexVZshNLtlIEvu/2PXVlTHxgpyP2hYohEuaegMh23dTh+z81unZcgt8nzl+J
ykHorAHr3MTyJjk+P9jX+aBlrblfJCAjrkHcyf1AW3T0m8Xpm/DQQ1wreEJHUWWc
DiRr86rnYlBOwrC8L1sIEfna02lz1prHTnDnW5lI4lytdAGUqlepyk7mzQ9mJrzv
lq39L5lxC6+LzWITTQLD2QURzMsZpBB+RlzY9aUlbp9e3j/sR8nrnpkBjErXrVmN
978CenIF97o6Qs9pMGCH6e3aPjtMA+h4OfvnAGJcBaUohX1juF7F8Lb+lnDiP90l
DLK8JiDhKTOiI8XEp5G1sRq/I7griPYcd5HXW41Eub0OtrhRZVcDxWjKik5a24x0
JLPj0wmsU1VYSiaL2AA93PAmq2yIG3j7+YnCkXPKoCBgyP3MBurc3GckcAvw260F
ZkbswJPFvQoLYQiTqttkND+g3ZxbnfCykkx2PTfKj3Rsz8JDXuDnbVBR3gOSMTlO
wl7YQ0JajtGVJsYtnPXPTLL8KUjenDOekEdlmoGTz071whg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFRjCCAy6gAwIBAgIQdGvbkRWOFbatDydZ7o74zjANBgkqhkiG9w0BAQsFADBD
MQswCQYDVQQGEwJERTENMAsGA1UEChMEQkFTRjElMCMGA1UEAxMcQkFTRiBSU0Eg
Um9vdCBBdXRob3JpdHkgLSBHMTAeFw0yMTA5MTcxODA2MjBaFw00MTA5MTcxODA2
MjBaMEMxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKEwRCQVNGMSUwIwYDVQQDExxCQVNG
IFJTQSBSb290IEF1dGhvcml0eSAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAm39lGE+EoSVMG5TKsAUqIJfvgP4R2qGTR4TQy0xojVoJ9BP8HdAJ
tpRQ4IeaybOiXszeZ1o7HKuIgIVoQwJYDm3JJ0hefWPHYCPGtXqneeBJKmbjpaPo
5tPthLPnz5xRVMgaPYBrpeG/QihAu1JZdWua42YTz5R0e9oZ+/ejyltJGUEbrmXz
afw6Q0TojPSSEskncK0rSy0Jm6JvfbE4AI6aA7V/PqNZaCumEae/9CAL/pfAPQ6u
TxPQNly7pb7AJGC6pzlCrKhcFl4c6dgGq4GV+QYg3GJdXL1qxsLxnDRZHGZVSmfc
LJaaZQm5ykMY6yV+Ki/6tZlAuB5SIIKmA5ZAwyTBVfrGSQKSBmmhP6BdzueVsAly
iefjx5vtmKuS6HKy5SItedN1S7lWqZ0CIWsLmZ9swR40ghqIR6WeRcs/72e9PRtb
YzqN2ntDwq2FaUqISy8jsRWbSbMv01WA5PK6qA83m6jmtdOInrQk5C83Qg52XSeC
8eCJ2DoVw8gNtW+7awYFOeQo3/bMqqxYft1nmz7VJujk3577yxYrLoQjPX3V/R5Y
PI1fLHK9rv0w1/XGXyRPYZQkkewrKs0yk9/F8hG6s8gnggO12iqQiBUxXbZvwujK
cQWP7TLVyJnAm85QNXcDBwmbXLNF7c+QWKek4jvNNDYr+wxqCy9k7psCAwEAAaM2
MDQwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQITRzp/z0Kk20wDgYDVR0PAQH/
BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAJGCouQPAUKj4+zZj1QxBkze/2ZRbg
ds8HFaQAF0jCweFkoUxE9Ec7Zv7rA0wYrK9ZwIhocnJf5WrUGJdqrVtdrNbrMkMN
V1odZdz9hpu8oEvlegEdFL/AhIFszzZfnVE9BhfLnF6+XHvPSIPBaw/wOeSxnjOi
aX45m2exQmGrNlYew/xQrNibxrVfrqhfQ9wJHnOgtOlH1Dbo4G+JHXE64MFe3S0j
QAoE58Qzszvq/fEL1HDA2zOP0wb2nkSXcj6FnuwpoUCeV8mjVsfGsGD+Jtae+0pl
tFjHkteEkLD4EbPho3V27TSx5xxFRnzlZLxgfrlROSsWP7TZ0dC3oB38+qj6dOmp
xZLZmqlbyP4Abt0nYpznpBodbRvkHIA1D3HlU0H2lPKzXATMZN1G1i5jxZ+PU54T
Nw5jUW0fRx1Q4sjQ4Dxxvd2wJObr0MTp5qIpdMKIFlb/DfVAq5FyohQbZoqpLCnB
vmCaJi96iFeQ6sj+QZnSfDM232NORAjYydNpobAp3FkDrPD2LdsgnL434eyF0P1R
wVKsalpmwAe1eiUoq3M8b5CDTkjeUb5az5A/OkZ6UfdyBBS6rWpVrTO/V8jH9JNN
L421QEfm58XStVxEa52wTEWcvRmvV5IxPvfpmv/TH/dmtemJtm1xKatI8QxS8WL8
vjH4eQUCK387qg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFSDCCAzCgAwIBAgIQd4KeHh6WMYtAso49QFpDhDANBgkqhkiG9w0BAQUFADA1
MQswCQYDVQQGEwJERTENMAsGA1UEChMEQkFTRjEXMBUGA1UEAxMOQkFTRiBSb290
IENBIDIwHhcNMTEwMTEzMDEwNzU0WhcNMzEwMTEzMDExNzUzWjA1MQswCQYDVQQG
EwJERTENMAsGA1UEChMEQkFTRjEXMBUGA1UEAxMOQkFTRiBSb290IENBIDIwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxevqwbQIRpGAAfrx7Geev2NqW
EluQNcJV90jXyECdmn5Pe3NE9+KOhMmrFVzIems8b5/PPczY03xMl7k8LyxOna2j
Cdrk8RrRfG5z+iKXbI61m00YK2rXjz26wZTq+QNHBTFUdKUDok/Av3IJgyxvIKav
zIYYGsaH10S9v0oyEU82kQ6Q75m9lZwz3NfX4nCStKcOmg9YHTU3gMAsIdSJ2NAI
MPwMZhdgoTDoNQxE1wsyXFM9bjXE70HPkb5txk5HzV9USd42TxihyRlsqtkav7A0
ouOaiaPkpMfjcCKc7IbAgzduuho+QISVE4eQ6N57E88mo3EGaikuOyaID9y9K3nn
eJWbEeubTcGypvdHVocMk0Lz59yJdKDK/zghY3bHYjOXTI62Po1HccZzamQ08ltC
WKXL9LPMFvf5Fhg7D1YFJ6nQyZD6FABy/FXGXVTq0DQZxwotxzlzp0mz8jrzhq33
ptZwUG5HpNzk+a6a++L79QZ20ISBkC/EEkXOKwOP6X+Y79ltCeQ33ZQbnAa8DHUI
hyikdCgljpWOzf/oZACHOxt9oO7fnLY9yTp+EV6GPrn7V8zii2zUK5BQun2oz02y
JQiV0Hr4Zny93H5tSNpQyvrZrktkMpew1nqYNIysj0xoWdA/VJiJnT7HcQ3PWMbl
AIE+GVmwY1u0cZGDWwIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
BAUwAwEB/zAdBgNVHQ4EFgQUVvu60DgM3J65BJF7M3bgGc++miQwEAYJKwYBBAGC
NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggIBADw2mFlBOasVCl3/cEgxfZp2gz1P
UbzEn7tpEbFaBnxvObMVpvWakK1gK0176AA2DAohh+uuW3/Km/O0VPkefLafygQJ
TRgMaqJFKrLjZqd0qzM1km2cJelUKtsQQsswALwL/+oyIwyv8uak7ZscBVJr6CF8
TT8nPDO7jMzmG00BvNuX2zjLjs/wZOqRQshdXAzXJCvLTdDgnzXD9u6NmiRORADi
QYPh1XHV8z8Aq9nbJ3wyKD8vt7JfdS2fMLChhkyeGK5PRab0uaY2+fqRAv5THGMj
1MU/pgNsoirYt8EAREVrGUC1H9LPHHPRIb7wfuY5Ykwwbh5L8kd6iEu6nWpg25qn
2YZBvGYgp1G7ANxBr7LJ10X8XGiv1iPWhm0//J+HJIC5tIDkQrKXtSpt57VxRozG
rrLDkoTt24V+vzvAMR9ps+JAANvtpxbPyI51Cm0SYWOzaTCvCjXXxlO5rpC91IsS
/352Cz6pE+3g/B4KpAa4OIxwlEMS45RrC3+s4h6EjLNvzm6sKxGcFt0iV0DtnWa0
GFXgoC9AKtSwNcjJElsNajIV3wdxtVBYb/xoVfOIimdtWfyovOtsGBT/Av0pwG7w
x7WbRjljx00OfkwaDR5ME2JmaQqvLlDfbL9totzffdEaOYQ8bb4jpwfeQr7YXw44
YSpOCRJ8GqDb6sQK
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFSjCCAzKgAwIBAgIQE0/NSu/bBa9Ikm1A6u0EJzANBgkqhkiG9w0BAQsFADA2
MQswCQYDVQQGEwJERTENMAsGA1UEChMEQkFTRjEYMBYGA1UEAxMPQkFTRiBSb290
IENBIDIxMB4XDTE2MDcyODExNTM1MVoXDTM1MDcyODEyMDM1MFowNjELMAkGA1UE
BhMCREUxDTALBgNVBAoTBEJBU0YxGDAWBgNVBAMTD0JBU0YgUm9vdCBDQSAyMTCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL303XTnwU7QWyiGrYWnARCE
6F2Alp3yzHpxG3ehNu1JzhBxJILnJ4G3bDbKz/mmdKIiVWoHpwm6CQqZHhoRXxkC
GDXnDjzGXTTf8KGLvmoNOLag1+Wwfu/I7CmXyXdrHcstBB+zAFryema7uTrd5mue
dMir2jEG/hOGslo9nzfLrOBdJiTkNeO2Av30Jb1abHzbZ5WTNkLmPaFpwX1Nomec
jlgyOR5zU4zvXJOa5oZ0Yj8mMk9JnRuZj8rFUE6FVSuhV25b2FXAcsOI7lnSqi1G
qFaY2nD2tv2lcWuMGuKPya6wkNVI2wuWsxkt2DF+cturFl2vKFRjVH//ZbupugOI
o55FZ9hlNu5GSeM8RU+RCxq8GV3tz9uaBxSYXZgZ4Kp4pmm1w6HqeIC2ZUzhMspq
VEn9QIokUYWWhGJllPL1PxqGkUOR2FyDKfjdT+7x+zaNg+6WdxBnMF1qRghvdkCc
NzlWujw84S+zVEQ/kxf0s/YA4nfUQrLom8isJfxfwVbkRC6fT3ck17HgMRZ84DFD
mpxiw+Q20uXLMsiIHPPjt2oczvhMKP5pt/bnLSY4LfwfyOhTUkEhHTXMxVJbnfCx
656aEBJghsqGOv9BoshDJ1+50sma1mCsy2KOv3wchjckOIyN1OfeGdoIQB8615I1
KqwWgRnPtt9oaJvmPGnNAgMBAAGjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMB
Af8EBTADAQH/MB0GA1UdDgQWBBSS9auUcX38rmNVmQsv6DKAMZcmXDAQBgkrBgEE
AYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEANq0CR8/xOYMmy7vtd5hD8k1G
8JFcaf3om85crKABBUQyXuAw0SuLdPOH8QevYR/FKhFcgTfkH5u+7i71C411+sPW
BBwIknHRxHJL9JAj8c98WtFyrJwbS/GUxSM2TurWTucl5n0MtDnkHXbbu1Eaq2vA
0W6bYdOfVy/ePNj03SsBPaAGgi+5sV0Qh3+jymNnKMKBtGDQWHpZNyn9UWJL1EnF
MEHd1Ilp7+C68HdIJRkD72V+TmcMulH4U48+FPpzEY7+77NK9MShE9l6g6yW2sJn
+mUTNO0gHpUQ9DCBHnasOCkTvnRGj2X5a4dwgTtx3uXPA5lD13OF2DxzDx9LuIzv
sD48xgbYNXux0QF7WVfXr4mi3CPPbuV8umPiyzdV1JKZVpvgg7rbInk/N3okdbd+
k//1wQfABBMOIf5C2uxWi6sVqizzSE0vAyB9wm151DC+suUUUB1d0PYMvAU8WeKf
21Nwf7qxSLMRwfZsXdRkF4/jeyrANFp034btZTPdv6KoXMZOopbfGFXkBIwJO5Yu
Z0T8cjX5655DVuic2+zinFvOnUGKPRa6vCotGhHowHblXy+FT8x7KhJHJms8YI/m
Wh8WNNl/Cfjn+8amCdxuh7reYgFOgqN+eWBDvnc8KXQkn5GB67bnTsc02ftJRu8c
gLvaqjR/83e/bu1qFxA=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIIPzCCBiegAwIBAgITfgAAAASHCoXJivwKLQAAAAAABDANBgkqhkiG9w0BAQsF
ADA2MQswCQYDVQQGEwJERTENMAsGA1UEChMEQkFTRjEYMBYGA1UEAxMPQkFTRiBS
b290IENBIDIxMB4XDTE3MDgxMDEyNDAwOFoXDTI4MDgxMDEyNTAwOFowXDETMBEG
CgmSJomT8ixkARkWA05FVDEUMBIGCgmSJomT8ixkARkWBEJBU0YxFjAUBgoJkiaJ
k/IsZAEZFgZCQVNGQUQxFzAVBgNVBAMTDkJBU0YgU1VCIENBIDIzMIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqrfoKxrCPCw/u2PBEaAwW/VHLxBw6JNi
42F3EhXmligGb/Uu4kcWO016IGFatVrPhdAtShAqmTXis0w57hWjn1Iptvo7rROY
GPmH7aSW/fYM/x2Lln7NlltayXspWawqBzWzYGADodyjn/Z5TaLYaG8lajiabCM5
UJDhlZ/SUR3xylqIIFaQK3k2twjeGoxobhbr9hJcQZfXF0V5FCSCzJExDYma6bs1
ZtyqP/yHaiOeWXGdnqM9EPfT8kmIC42ZXq7s2JZI5OUflJBbaebYEbuDad6Rh19E
RchXABLe68+TF/4AZCw16iRwRgq/2Re2WWPMtVomyZ2txvn51iizqBkdVGzIRklC
3yIv5MRzDFTfG940/tSAomHsz+RdGbL+NCBeWSY+rnJQdExJ7bLXFLVsTNGL68lP
MuYrkxYQKWRtVhvQCHsdd5E0t9QR4iY1JLWQxq3GHy98tBbCGiKMpBbuj/9I/E6c
Grikouv2QyNnCN34PXpUxTQmDj5LZGV9w2faqpwUBD2ZWsbyVSgvD8TcjdxzcMcj
LBnYUaZ8wHFqUj2DBahctfKQxA8Ptrzt1mDIGOQliZGDwrTVMECd+noQhTlF1eS+
vNraV3dYRMymVxh58MPEaDJgwIRcBWAAOeBbZlyx76oskXdmjOiz5jqyoR5eweCE
tS4jfMEW6UECAwEAAaOCAx4wggMaMAsGA1UdDwQEAwIBhjAQBgkrBgEEAYI3FQEE
AwIBADAdBgNVHQ4EFgQUdn7nwFGpb8uzpFVs5QWQcsA0Q6IwQwYDVR0gBDwwOjA4
BgwrBgEEAYGlZAMCAgEwKDAmBggrBgEFBQcCARYaaHR0cDovL3BraXdlYi5iYXNm
LmNvbS9jcAAwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwEgYDVR0TAQH/BAgw
BgEB/wIBADAfBgNVHSMEGDAWgBSS9auUcX38rmNVmQsv6DKAMZcmXDCCAQkGA1Ud
HwSCAQAwgf0wgfqggfeggfSGgbZsZGFwOi8vL0NOPUJBU0YlMjBSb290JTIwQ0El
MjAyMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2Vydmlj
ZXMsQ049Q29uZmlndXJhdGlvbixEQz1yb290LERDPWJhc2YsREM9Y29tP2NlcnRp
ZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmli
dXRpb25Qb2ludIY5aHR0cDovL3BraXdlYi5iYXNmLmNvbS9yb290Y2EyMS9CQVNG
JTIwUm9vdCUyMENBJTIwMjEuY3JsMIIBNgYIKwYBBQUHAQEEggEoMIIBJDCBuQYI
KwYBBQUHMAKGgaxsZGFwOi8vL0NOPUJBU0YlMjBSb290JTIwQ0ElMjAyMSxDTj1B
SUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u
ZmlndXJhdGlvbixEQz1yb290LERDPWJhc2YsREM9Y29tP2NBQ2VydGlmaWNhdGU/
YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MGYGCCsGAQUF
BzAChlpodHRwOi8vcGtpd2ViLmJhc2YuY29tL3Jvb3RjYTIxL1JPT1RDQTIxLnJ6
LWMwMDctajY1MC5iYXNmLWFnLmRlX0JBU0YlMjBSb290JTIwQ0ElMjAyMS5jcnQw
DQYJKoZIhvcNAQELBQADggIBAClCvn9sKo/gbrEygtUPsVy9cj9UOQ2/CciCdzpz
XhuXfoCIICgc0YFzCajoXBLj4V6zcYKjz8RndaLabDaaSQgjphXFiZSBH8OII+cp
TCWW1x+JElJXo9HB7Ziva2PeuU5ajXtvql5PegFYWdmgK2Q1QH0J2f1rr7B4nNGu
oyBi1TOSll+0yJApjx213lM9obt6hkXkjeisjcqauMVh+8KloM0LQOTAD1bDAvpa
VVN9wlbytvf4tLxHpvrxEQEmVtSAdVchuQV1QCeIbqIxW41l6nhE2TlPwEmTr+Cv
ajMID/ebnc9WzeweyTddb6DSmn4mScokGpj8j8Z7cw173Yomhg1tEEfEzip+/Jx6
d2qblZ9BUih9sHE8rtUBEPLvBZwr2frkXzL3f8D6w36LxuhcqJOmDaIPDpJMH/65
AbYnJyhwJeGUbrRm3zVtA5QHIiSHi2gTdEw+9EfyIhuNKS4FO/uonjJJcKBtaufl
GFL6y0WegbS5xlMV9RwkM22R7sQkBbDTr+79MqJXYCGtbyX0JxIgOGbE4mxvdDVh
muPo9IpRc5JlpSWUa7HvZUEuLnUicRbfrs1PK/FBF7aSrJLoYprHPgP6421pl08H
hhJXE9XA2aIfEkJ4BcKw0BqOP/PEScyptTSAaGjS4JuxsNoL6URXYHxJsR0bPlet
Sct3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIH6DCCBdCgAwIBAgIKYQahkgAAAAAACDANBgkqhkiG9w0BAQUFADA1MQswCQYD
VQQGEwJERTENMAsGA1UEChMEQkFTRjEXMBUGA1UEAxMOQkFTRiBSb290IENBIDIw
HhcNMTcwMTE5MTM0NTM0WhcNMzEwMTEzMDExNzUzWjBbMRMwEQYKCZImiZPyLGQB
GRYDTkVUMRQwEgYKCZImiZPyLGQBGRYEQkFTRjEWMBQGCgmSJomT8ixkARkWBkJB
U0ZBRDEWMBQGA1UEAxMNQkFTRiBTdWIgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAOg01JfJV8ESwWu26KCRzEIapFpQF54U8BUmiu704/EXFt0h
+HgFkehmc74YPlhVsm+HxpURSyyZiQ7Mjc32+/6qHXHmdmDnVM8jBOCulNrDp3du
49f2PS4iSvhj+XgUOKOwcisRP44kbKP+gbNiOVblmVAadF25hZdd4q5vjKDLU/6D
ZaVJyKtTfGKAMyVpiyT9YNtIQcfne6aXPHjmLgX8e5qXLZei+SSS59dQ+I0+fBgz
2izh26Q5SuE0S0NYpMOqt/1pjA8xuQos25ubGtfZWxEprlLqtuBNSh+baN8lpJO4
/LLhBHTQIMfUS+2OPAGAT2k9nD5aC/MvsFiBPOa7UtW0VV15ExOhCKOKbbO4xmra
4JKqJQTJqej0Pr1LPEBKoqu+D5V+/t/GIc2YMUPUZTrXp6gJxEIstoYLzXVLVJmE
TRj/0eNN0kp6ZYaiTfS6oZRJhIh3ydS9H9h2flFqrkEdodLHJkOoyZhiiISCqiw+
4wgErcuWFsEtLBFLlx8wCb1/SCN+azCQlMSTYYqRKPz7T+Zy6RBzl7cw2HTh8dTd
n+/4LtjS9BaYYtl0m0RZoZrIcKIZhJfeUjAbxmoB5PToJwUWspbAWKzkRfv00TL2
6CaAEF8Br1M9dgoJdcp7CeEEtgaCLT5pPSZIMvOTEdaGzkVH/SSzo3OJB6JbAgMB
AAGjggLSMIICzjALBgNVHQ8EBAMCAYYwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0O
BBYEFBllF9SPX5mR+EonDSF4q62rZV2bMBEGA1UdIAQKMAgwBgYEVR0gADAZBgkr
BgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
MBaAFFb7utA4DNyeuQSRezN24BnPvpokMIIBBgYDVR0fBIH+MIH7MIH4oIH1oIHy
hoG1bGRhcDovLy9DTj1CQVNGJTIwUm9vdCUyMENBJTIwMixDTj1DRFAsQ049UHVi
bGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlv
bixEQz1yb290LERDPWJhc2YsREM9Y29tP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp
c3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY4aHR0cDov
L3BraXdlYi5iYXNmLmNvbS9wa2lmaWxlcy9CQVNGJTIwUm9vdCUyMENBJTIwMi5j
cmwwggEiBggrBgEFBQcBAQSCARQwggEQMIG4BggrBgEFBQcwAoaBq2xkYXA6Ly8v
Q049QkFTRiUyMFJvb3QlMjBDQSUyMDIsQ049QUlBLENOPVB1YmxpYyUyMEtleSUy
MFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9cm9vdCxE
Qz1iYXNmLERDPWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2Vy
dGlmaWNhdGlvbkF1dGhvcml0eTBTBggrBgEFBQcwAoZHaHR0cDovL3BraXdlYi5i
YXNmLmNvbS9jZXJ0ZGF0YS9CQVNGUk9PVENBUFJPRF9CQVNGJTIwUm9vdCUyMENB
JTIwMi5jcnQwDQYJKoZIhvcNAQEFBQADggIBAKDOz/LrB4gutzepAO81ctvZdbNX
6F4Eyr/siH2BVjc6iipAp8RH2oX2lHsRTSaXt1Cf7AJne99YRzE55uIuLeqq5zac
aHBssdVKRuJkUQKBcqKLsuN8ZwTGrQ+tmuSdRNpcCT5dOkPcc+H+CIPJqujk2UaO
U5CVwn8q/Ic+PSQDzd0bxqDJ9eYhVPzMXb/7k+epSzYQilSjvZdU3Ek7S0dOdS66
Pu+3zfsnHC2E8FXe1FyopEw+3XT/u9ByT7CjEzUEepXGdD+pEwwAgjgpN6FWPxJj
UbWZoZNfAMPaazKKEIiccgZMvfFew0As+saPzE48YtOHlXsPdtHuxbSJcn0rAKWX
Bg7PB+bQu1GgT5DEPgydmgpItYhFTBD3UY98NY62ib7QOlWDVT8dJSAVnQFerjhX
grYwG57rDxaEWM4ZOQDcYfjyYuFVXIkPOkU8oPen/dHmSYFlVXFEhkuIgKgEn+os
jwKugWA+QZbDpwxzXb3c+SykKqluCB456WpESEhsB3lTtjWz2iIfPfFldt1eNpb4
e+VMhO1gLuj9tggynN+UAYrlmRj+ecpyHsZtWooiGIDzgdNtXs9dNY6XbSqe1/fo
p5l5rZ9W/N58ZPhesz/qadzP/CqEH37vBKx/WHNwcr6d/oj+JqbDQvpxmudJKX8F
BM7a0yFNCepVQdgo
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGxDCCBKygAwIBAgIQYsMnc5jV69S1ko7pZPWycjANBgkqhkiG9w0BAQsFADBA
MQswCQYDVQQGEwJERTENMAsGA1UEChMEQkFTRjEiMCAGA1UEAxMZQkFTRiBSU0Eg
UG9saWN5Q0EgTEEgLSBHMTAeFw0yMjA0MTkxMDA0MjZaFw0zMDA0MTkxMDA0MjZa
MEMxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKEwRCQVNGMSUwIwYDVQQDExxCQVNGIFJT
QSBTZWN1cmVXZWJDQSBMQSAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAniMj1KYv0563U3OW43miARd1KX4/+Df6WQhDI5vPA9xY9oSTjO6rAW70
LiV1ouMPuZ44P4ckmrMaoBWLXRFn5EfvrjXLTb9HcfxicwqQZu0fbS0wIX+Y0YJS
u43q/5LtDKW7OujKgEGyFWbfy4HXWHlXQ9MGtgoBLS96lNMxxJ774ut1azUS9osl
FBoc9UGL+SaxxZBA5QdMxj53QcrSmk8CzCKryWYKxt0ISXbl99gXZC8jG1uRJSbZ
QJfZkHU6rsPVGcNgnc0F8wrEml+qd2Wq2nTOELjYXMuVjGsie+Hp+Z4ZD1p4rKi5
rsaiz4obRlzMvnIc+K/kFlYmD5gcByj9OuOHTqDXpG3G6QRSh1tCrXIzS+gnoEo8
A1lHmv2ognLZ9PpJUxxnhsJwVXMSkno8XCCjFYtmMXmhjfXyHvDIc8ZUqeisRhjO
o7GH5yUNdIsLNOUX4zMg7h5WBT7eyCaF7905YOrFy4ia/+Nc1sVmIJF8Ea7+Ajcn
bwaJWW3ich1wfzaqtxsPTBZopC34U64MFeibqciuCy40Qa+ZDnQdSrYzmB3IQC2K
F1laM2o/4DWnPttiMG5Rp7IrFoVGnHSCAFL7BEhOMEnvWI/3iGJ9M4brpn7IMzlm
BwuXi9ePs4a9ADGnk+SufnTnRIDIleGS7ulQMyYNqFW42BrpuXECAwEAAaOCAbUw
ggGxMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMB0GA1UdDgQWBBRfC7MKIWmxZXnjWadKTWc7lOybeDBQBgNVHSAESTBH
MAYGBFUdIAAwPQYMKwYBBAGBpWQDAwQBMC0wKwYIKwYBBQUHAgEWH2h0dHA6Ly9w
a2l3ZWItcXVhbC5iYXNmLmNvbS9jcHMwEwYDVR0jBAwwCoAIQh4gFNpItRwwXQYI
KwYBBQUHAQEEUTBPME0GCCsGAQUFBzAChkFodHRwOi8vcGtpd2ViLmJhc2YuY29t
L0cxL0JBU0YlMjBSU0ElMjBQb2xpY3lDQSUyMExBJTIwLSUyMEcxLmNlcjAOBgNV
HQ8BAf8EBAMCAYYwgYYGA1UdHwR/MH0we6B5oHeGNmh0dHA6Ly9wa2ktY3JsLmJh
c2YuY29tL0cxL0JBU0YtUlNBLVBvbGljeUNBLUxBLUcxLmNybIY9aHR0cDovL3Br
aS1jcmwtYmFja3VwLmJhc2YuY29tL0cxL0JBU0YtUlNBLVBvbGljeUNBLUxBLUcx
LmNybDANBgkqhkiG9w0BAQsFAAOCAgEANhHIJ+gd0FYywnO3sbwv2tER1ERvSLuf
WugFC1mPkLO9EfB22VBOwPNVuCWegqdvSRPKWys3IXxr5ZAjobffFpdi0HOriOna
Ir8Brr3LSES5DK72ym8yv2p0/8EdfrVDHECpbsen68fYOpRZSf4Goy2tM8LnckU+
ti1tgKiLajHqmUPInaegboKK0ng4EEj9sw6ocJ3sjL+yx7waW+80M5eI3q59lE5r
AAFbHbj8vxlbAjtr7FuVGisKaKf0wfHblFZ2ynXbRlUH5Ov0tC0hb/7LdU7McntX
ChEHuu0hizvAi8RO9ZSbWVEtbQFs2iun5N23wV1RPgwpXI74a1uRHnVZ9nIL58ym
5/uUTGV6D5J2exASbFRvB67E3PmvCBHeapBfEshJx93t4ba9bU35QOsareyyyY08
v6zbPdl5Mo2LE8xPnLYwMrx2xpzY7azyPEUyM0jloEgaPve4L9dBRRdZ83gEC42D
lcYNgOuK9S6MoH+znXn6K3E8jLq1DS4dZX9fjTCJOcJtR9G0JlB1qd/XwxQdUCv8
9PF3R9IPxkzZFaIxjKpiHQTayQQrdFJlfTHWXlhLtI7TrHfAPZmDIJ2AS924n24V
OpaIIrfkX4jJwD/YUgPnzXQX4CF1lLCr6tT3PKLxbtyfRe8KaLFIl1VZ83T1cESd
TaTqWx2saLs=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEWTCCA0GgAwIBAgITLAAAAAVK5f1XUcNBQwAAAAAABTANBgkqhkiG9w0BAQUF
ADAYMRYwFAYDVQQDEw1BRFBBMy1Sb290LUNBMB4XDTE3MTAxMDE0MTczNFoXDTI3
MTAxMDE0MjczNFowSTEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRUwEwYKCZImiZPy
LGQBGRYFYWRwYTMxGTAXBgNVBAMTEEFEUEEzLUlzc3VpbmctQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbTwJxN8zqHPSIgxhjSelB5tKb/v7pS51o
7xonI6JDAb7+cRLcESH6M3fFWXRQVREDe0+XOnCny7V1urluNwrnnj7J6CzUIJXS
nj8RwiYmNBZGDl7eQzddg8qHmgFQtC3FGO2Oc9AYw4nlci+F5ivtoKnQUFXVQ0XO
GJNKdCaj5fT6YYeVsCr7qP3oWup/ToRNBoY/QgDdigFhh/UCRK1EKuWBeJTDN0sH
mUke7+S6RYYycWvAH/i9Q/BMtvxSqjn/i0M74cMojkG649T3TT+6JsECPsgYD5v0
ZoBEM4G52AzshA8zz2pNIe1pBjcNJWx16L1xfvEYSD1Rb34sgAh9AgMBAAGjggFp
MIIBZTASBgkrBgEEAYI3FQEEBQIDAgACMCMGCSsGAQQBgjcVAgQWBBS7Z/XxrLqS
SQ3FCaLnaOQJAAFJ1jAdBgNVHQ4EFgQUxCNozHZbwbiWUlrSTVGBhV2NnE8wGQYJ
KwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHwYDVR0jBBgwFoAUhoWWqTIinlAP77tGWuSkt0ztRIwwTQYDVR0fBEYw
RDBCoECgPoY8aHR0cDovL3BraS5zZWVkcy1leGNlbGxlbmNlLmNvbS9jZXJ0ZW5y
b2xsL0FEUEEzLVJvb3QtQ0EuY3JsMGIGCCsGAQUFBwEBBFYwVDBSBggrBgEFBQcw
AoZGaHR0cDovL3BraS5zZWVkcy1leGNlbGxlbmNlLmNvbS9jZXJ0ZW5yb2xsL1VT
M0NSQ0EwMV9BRFBBMy1Sb290LUNBLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAKpbs
M0Oh+9UlVMao+3oe5Kboysz03WsqIw4ZvD/e5CVupVMPk46nNlvCTnc34y0b/LD9
f0x6Rr2zOqun5zIgTD5umUmkEoc5bQxIL0kdn27DORR7r8KrjFaFbtUGgRY3Y9Vo
vYolDEfVjSbj+L+3V6195NUSGe2cy+97kgwtEVdkDnhyQ+qJ8IGF8y/rDJkt+YSS
1WrFfMyLdAtpORQrvmcvNiyUA4PS5dGdT/4KVfa9WJvwdNnLBawRmYMcJ3Z8ZLSL
feHaYQR/ETmcZGa/QXNu7h+byLRWhO6zFH/v24moHy8Omt1W+8xvY8cBsvdutxwu
MBRzP4jW6w1QnmG2gg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDpjCCAo6gAwIBAgIQet0dK6DlG5VEP+t0RAMbYTANBgkqhkiG9w0BAQUFADAY
MRYwFAYDVQQDEw1BRFBBMy1Sb290LUNBMB4XDTE3MDUyMjExMzY1OVoXDTM3MDUy
MjExNDY1OFowGDEWMBQGA1UEAxMNQURQQTMtUm9vdC1DQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBANVuTo/hl46CplAKpqNl6pdetibFD6P44MVkfAov
fvsawS4zcLi0Kee0MUBjGL24s7WdIZNY8Kz06gC7rEpgOB6x+fZJ3uuv+FDFWBHG
trYNZ1N/yDEk7DyxBlHTM2ZVn5E7aW/iXmyNCicmVD+UvoSbznWjNhhOwg/csasb
tyPdRnpth6nFGJ8zfyE3FsjZea6ptITwCz+WaI5J5jULTN9Ed4x/pnEtf0hpE6ps
aIqWzxzxl6AneqNxcJogKNH01JK5mxDNbDmKQPIfV7j0Bs4bWwohNFq0o3+yVKma
4cBn8Blr4Bk4X7JjvrS2A7uoQSz8xIHW5hVX54iXulVfqfkCAwEAAaOB6zCB6DAL
BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUhoWWqTIinlAP
77tGWuSkt0ztRIwwEAYJKwYBBAGCNxUBBAMCAQAwgZYGA1UdIASBjjCBizCBiAYI
KgMEiy9DWQUwfDA+BggrBgEFBQcCAjAyHjAgHQBMAGUAZwBhAGwAIABQAG8AbABp
AGMAeQAgAFMAdABhAHQAZQBtAGUAbgB0IB0wOgYIKwYBBQUHAgEWLmh0dHA6Ly9w
a2kuYWRwYTMubG9jYWwvQ2VydEVucm9sbC9wb2xpY3kuaHRtbAAwDQYJKoZIhvcN
AQEFBQADggEBAIxPHJEKlq64/2nJIpit9XSHc2UFAWBTXPB5jWFa/bheOfN/SKlF
m1AxPr1WHRAcAsljIlQWx4sHL3CRlOll13IZ0f8eYb8dQmL4EVeHsQNJSc4lXu7k
e/wN0zuhKagBsUi1Y5tKJJQtEATzv2WPRp6Jnp+Ag1xrvgrOn+ul7b26765PElYJ
u+RxNq6QQaxqEuzYLBUOQR30MDTQ/egdVTUzzKGMB9T20T3vIYFneZbSU66gifH2
SwGvc+2rddMpdRTeOEYzrF5qc7+zCUusLkxJhzCDdBqhwSJjQ4jLcEI9d7wIhpBk
9ru9iX548P0CdbsaJm/t7OjPYa/l5VjGOfw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEIzCCAwugAwIBAgITSwAAAANiXsUL7Q8T8gAAAAAAAzANBgkqhkiG9w0BAQUF
ADAYMRYwFAYDVQQDEw1BRFBBNi1ST09ULUNBMB4XDTE4MDIxOTE2NDk0NloXDTI4
MDIxOTE2NTk0NlowSTEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRUwEwYKCZImiZPy
LGQBGRYFYWRwYTYxGTAXBgNVBAMTEGFkcGE2LUlzc3VpbmctQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDstINmFrputEfV9nc4xgt9jVdsK70nA7Kt
LhuoEaBghVcDr1JyYteRBwWVbaUl1PxxSnrC4XP4MwlN7fka63S6/LaPHV0W2EGY
DVvDFAqZ5BQhhFwp90i6AqTxgufN2NECLvJXzru9RJPe78Eq6TTQh/FnaNg5ncYz
1BnRkgzFSS6GxsDb7ZjmOVU8S2mIP45szXiTWcoBx1E9lsv8Cdys9Zo2J2mrMYMt
AdzrBKzLM7E9E/uncS3P3Rol6TfNY4J/FUA2g7N+H8tNmhhIWfkWavFNP/0qcXqB
3KiR3n8hwffXiKMIGyghVxPNEHCibnvUqXEv98KULzWFyqBxVMHVAgMBAAGjggEz
MIIBLzAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQUdlWttZC6rwfyhq+5oWYw
FJuWTvYwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8G
A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU0Zt9g/C6tfVjWZJ7oWSHhCtz8/8w
RAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL3BraS5udW5oZW1zLmNvbS9DZXJ0RW5y
b2xsL0FEUEE2LVJPT1QtQ0EuY3JsMFwGCCsGAQUFBwEBBFAwTjBMBggrBgEFBQcw
AoZAaHR0cDovL3BraS5udW5oZW1zLmNvbS9DZXJ0RW5yb2xsL1VBWlBJTlJDQTAw
MV9BRFBBNi1ST09ULUNBLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAio6z9hY29Ew8
WA5t/oLuDlZEKFcpVvPQBVBiNOp9zfIPIJWnrr/8mxMOXgAp0TszVQ+DALhm9VyV
nTX90LU0M5RARiIpDzfW3x1RBS+54+Vys5pqOG5Ajjx1IM+Fle36X/UCoaIg0WiG
1q0SA1GR8sbXkbr3ikTUnKz95zxu0IEkZ2AiQM0saWsuj06nLa88wEq72hyoF2+v
v7vPzHmdR4iCpBUwWobqQisAAg141u9+TCJiLXh1yLq13tKiaEMvtPHms/EJ5QK4
c15u6dDixZkDvsFQMK7FSCM/Ze8+XcHyjPRAEOmgZZFJxVJHFZTgqvMhXQxg1Hbf
bapINgfakQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDpjCCAo6gAwIBAgIQTxpxDCsNFI9CEEc3sIyxSjANBgkqhkiG9w0BAQUFADAY
MRYwFAYDVQQDEw1BRFBBNi1ST09ULUNBMB4XDTE4MDIxOTEwMzgwNFoXDTM4MDIx
OTEwNDgwM1owGDEWMBQGA1UEAxMNQURQQTYtUk9PVC1DQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALjQCUHTqjo4xnypGr+a+5qC8lPAH/CiIQoLNA7U
5qvovnKsAkXQjifdPRvgy+DEfOx8b/HWoFHJsNMACpCpu9LYZcj7gdbbEJJniwAN
Y/Z4e4PAcRdwNstnZXH17f8BRYyoAglOwrRzLA8X72nwjkvowyN2H7PWj43Esd2I
96yteJaExuMM5G798avglUKK4HzfkF7DdlKEsRPL50dVt8BuF5fFKp0PIDkxipid
ykMz+unR9PamBWZNPRawxTCZ+tD/UlkIDl8HHHtp7bFmJPDKC4V5yRlGz383LIet
zNKTt4B/YavAgUrwqwgLdX+b/WTMjPbAO1lrNo92vFPoe9MCAwEAAaOB6zCB6DAL
BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU0Zt9g/C6tfVj
WZJ7oWSHhCtz8/8wEAYJKwYBBAGCNxUBBAMCAQAwgZYGA1UdIASBjjCBizCBiAYI
KgMEiy9DWQUwfDA+BggrBgEFBQcCAjAyHjAgHQBMAGUAZwBhAGwAIABQAG8AbABp
AGMAeQAgAFMAdABhAHQAZQBtAGUAbgB0IB0wOgYIKwYBBQUHAgEWLmh0dHA6Ly9w
a2kuYWRwYTYubG9jYWwvQ2VydEVucm9sbC9wb2xpY3kuaHRtbAAwDQYJKoZIhvcN
AQEFBQADggEBAFFt7WP6YW1H5CiooFUIhULugoRLocr/maxBnFnYk5+uNyRIxaaK
4KdnpST8Tx4jZPAf5wWe5wVdLzBG93z5DOs28dJtwULGnU9E6SIk+w1unH3Uhxvq
3VqUZFk6zaSlhv0u/+Apna3EkI25IUeKzbuZYRbNlP2GfjJSyMTAF/cv83ocq1iY
D0pZtelrhbLTWsPassXsR1k8vlRrAlxRtt6cO+QpINb+orI+0l4nqO2aaLcKBmqk
f+XbBJlf5ZYGzBXoJJt0JT22dTnquZ/fzn/yL3m4qeXIOo1ncDQ+eS+4DDhE3U2o
B1zLHeHgSo1DNq5INoBMuqN/AcFTFUIMtOE=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFHTCCAwWgAwIBAgIQMueuV5fEfLhKwD56RmHWVDANBgkqhkiG9w0BAQsFADAh
MR8wHQYDVQQDExZWZWdldGFibGVTZWVkcyBSb290IENBMB4XDTIwMDYwNjA5NTMx
NVoXDTQwMDYwNjEwMDMxNFowITEfMB0GA1UEAxMWVmVnZXRhYmxlU2VlZHMgUm9v
dCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAI9J8RRjS+c3Ux1g
Wagb7Bwu3M0Emg2iLMhseOuIT4BdyMZWKpFgxbCjdplUDlV9rJVfATUwcEmAfZP8
Xna+YrxQQifcorm/z2f38S53l9C7bXrDEGnVRj9jem4vjzVlnfj1nQKsTR4Ls7P1
1S43NA2fLIIfRla6DqiT6dCYMG4SUxJ/i+u+lqHNjMSt8C229rUZlY659ltKB9Sd
4w0gPcyBRoZWDTm8fsKRl3y7ssiQviMiRD/rvAy4HV92PY2Yj9Ugyqwquk3+42J8
qzjt3yJefOBynhVI0T4kGUO/flqIl9HQ5WO80Qftz3hH4uap/qIoZVXbwnd2wskV
2ZCjCg2jgxcNvK8OEQy8hLKYrGSvVE3eD57duhHMBnGdR6zOORXL1vZTESf1rFR1
qKjmtYK4WzGwG4o5tjEgVIJSlyix8GDm8m9VvutOSAhwYR21QnBBiSdgeUI+IFLG
TtKIRBI/2pe8zZ+bLilU7TlAkdxy7eDu8ZOKAKXCIR9GJNvfJVwdKEcf+gNZ+SiK
RksYWR6Rp46YKnnsrrdQ0Latq/8fQeDUrc0epnQmuJlqTx2DpY6Izc5BhdK6C8vc
Sn+U1Qgh4Tce/vE4JpQgtLB9QPSVDsXkBoVW7do0Z1Nv78nml6BfFm4JeFkh2AeP
T//BRCV7KDF/7X6g2xMTpyiSVX/DAgMBAAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTHWowMSqQoOn5WWtg1SSm9aTTcIDAQBgkr
BgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAe7xumagg2ctLSwirbqqm
X0xPx85afcppZi+XgrkPCP0MRI7uQz6AgzufXVfdzAZddJG80UHdbtmMghnGXKcp
sA7m9RiOqpuhWb7NkPPE7qCCN2iaBktDPiQqdAwOFuDYTVtDLlAng1Tx6PG89RUP
6XmHNv0FQ5aRO700p7NcTx4O8H9LhIIyi9OSYx0wwHYeTUU6++hHJjDlf2FcP0Jc
e1zVLbSqCyZwsCa50alP8qK1m/OxWMaSR6s0lgMATQaw2B6dl47PK6O6u1n67ajl
x6Fg4ZCd/XforYMYNLGT+DjYPZvP+xOEv/V7HhWhZUA6Il2j+FKPPooMIO2gidse
FeQ8diFTKAFB21KroFR0XuQU+Re8+J/YAdpCzZR5qaH/yM91xkML4k5WUx2f05Rq
hr1WVOPhY9Nm5DnrUnqKsa03cOGiOcshpuAbvNgKt+Z95GMHrRH6cdtH/TBjPZ/G
sr6qOrgStGBeoLJbxRH14z9ebzkrgxq+ASjAx3QEa1gpJyn8VoTX2+mBUnlV+uxW
heogL/+t2/Sviboq7uMg/SNOY9qq/1YEO0NHeaQxvhbXiHU4pMPAp5xwiTUDv7Om
BE9U3Wbb0Bu9QdLUP/IS5ATiN1U23fprf+vGAnPw4j8408iT79CO7faNpqWlgayM
XOMTPfFUtsq+LRtAVZEARWI=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIIVjCCBj6gAwIBAgITfgAAAAPgRtxGG2dLZAAAAAAAAzANBgkqhkiG9w0BAQsF
ADAhMR8wHQYDVQQDExZWZWdldGFibGVTZWVkcyBSb290IENBMB4XDTIwMDYwNjEz
MjEwOFoXDTMwMDYwNjEzMzEwOFowUjEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRUw
EwYKCZImiZPyLGQBGRYFYWRwYTYxIjAgBgNVBAMTGVZlZ2V0YWJsZXNlZWRzIElz
c3VpbmcgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDLiNxutHVF
hx0HyE5iCCDeUrk9CSIteOFw4LRQzjDih0TuwR4BbWEh/mqIa9Kq7TpYz/Txn8DT
zVGnLUMxdRnubfGpS1+diE2UmOeKyyAhtX1IrI30K/joXpxGtx2P4XFHwfWGKbeW
EkgOaBXsf/XznLfK6Quaf4sYsV9ybFoTuv//2gjLx8gc5uUxIMKYpkE3l4+53urD
Jg7egxJ7m424vSCj9w59s07RfD31CqczemM3LcqH5L3DqnxfypAsKe8EpGzvzya2
eZoi9Znx6k+wsF08PM249GMPsdTp2aZbWjVz9/Aj1H5BGPepf5KfFvLM2vbsil+O
DQdazbsauSXeAsqxBiiT/NIPDnqacA2Rw395w0LlSfT/pRH7nrf0vLqvxEY+gpFA
WCYHlcE5XKA/d+4wwhbmAN8M6zsHmDKWg5bfZ+1QnNPFYEgq7DoWVWkw1YdZt7YI
4Ch83BnpkP7Lf2RKmPyGmRkS/4pOjnaVbEr6U3na9iDxE3LyByU1YuTCfYnKYpBz
Ku+FRCRGnzr/EH13lDgSo3d1PCODJ2nvk4yHmaXgA3h+K5swKMRiEsX9PqZrRGHH
t0OevlgtdZzbvIlOA5k7Shj9O/C9O5nj09l0smIFegoY4i8H8L3xalSuzTfib21N
kDSypXMfkrNDsd0NCQK+Yp/Cxb0vuV6DkwIDAQABo4IDVDCCA1AwEAYJKwYBBAGC
NxUBBAMCAQAwHQYDVR0OBBYEFBjBM1odWB/0c2hQX19EiW6lVRwFMFIGA1UdIARL
MEkwRwYIKgMEiy9DWQUwOzA5BggrBgEFBQcCARYtaHR0cDovL3BraS1zZXJ2aWNl
cy5udW5oZW1zc2VlZHMuY29tL2Nwcy50eHQAMBkGCSsGAQQBgjcUAgQMHgoAUwB1
AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaA
FMdajAxKpCg6flZa2DVJKb1pNNwgMIIBMgYDVR0fBIIBKTCCASUwggEhoIIBHaCC
ARmGgcZsZGFwOi8vL0NOPVZlZ2V0YWJsZVNlZWRzJTIwUm9vdCUyMENBLENOPVVB
WlBJTklDQTAwMixDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1hZHBhNixEQz1sb2NhbD9jZXJ0
aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJp
YnV0aW9uUG9pbnSGTmh0dHA6Ly9wa2ktc2VydmljZXMubnVuaGVtc3NlZWRzLmNv
bS9DZXJ0RW5yb2xsL1ZlZ2V0YWJsZVNlZWRzJTIwUm9vdCUyMENBLmNybDCCATcG
CCsGAQUFBwEBBIIBKTCCASUwgbkGCCsGAQUFBzAChoGsbGRhcDovLy9DTj1WZWdl
dGFibGVTZWVkcyUyMFJvb3QlMjBDQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIw
U2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1hZHBhNixE
Qz1sb2NhbD9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNh
dGlvbkF1dGhvcml0eTBnBggrBgEFBQcwAoZbaHR0cDovL3BraS1zZXJ2aWNlcy5u
dW5oZW1zc2VlZHMuY29tL0NlcnRFbnJvbGwvVUFaUElOSUNBMDAyX1ZlZ2V0YWJs
ZVNlZWRzJTIwUm9vdCUyMENBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAD9PznNtD
P9t8uB3lV4G995TGDrq5eRjjsLqwDRppp5kqoqsEa0OTiMFCmGk8dJkRkjewvl62
6H3rwaWVmNMT4IBf+OtDgIM7KJqmN6Yl0d11JJRtIzIMe60CWSpxxpVNYKczHwND
SJq8/J6UxH5qc10RAbh6MpE4fxlE7yBJg/JmoVLmQwwwZ2D9O/DGyCAUztftqdsq
21UrWRucPuEvpyu4vyvyN+wfxo9U1Iir1vL11Rv7+j36T8b5AnIBY00hihoF66nA
kwQrGvcNeuor9kXXM5bBokfKafV9SwUCX6eXaGxplgnJ4bPDzk3IC/EliMMRiWhn
rpJoBMAJBioxQw5zXOpCeJZcEODELMY95AYOB6g1zChxoJzva2uJj/CB64RM6n2V
ukbZvrRjVTKXzqxuuWOWZtzfJSKHTQnSMwhzCeGhupDOIRVcnhU9DqEpFVNJCV1x
7mDB6DqK4NPCqM6QeX8MsfqDbw+uUdje3YWSHj53r0hnGCCsdTp5F3uQ0XZ8QrMF
gGFdv/JPb7Cn837bST/o5kSbhxrl9r9tT6m6R5bpraKe5EHcWsTv2lS0AIA6ta2/
SHMR2jYd0uIL8R3fsuY9Mo27HJap9yxE6d5xHVHBRYW0DwzoDKfBc2doQNAYQO8+
1A3PMr4SHRYAUQBzy6xQUJK+oMnpGmHWIqw=
-----END CERTIFICATE-----

39
hosts/heimdall/default.nix Normal file
View file

@ -0,0 +1,39 @@
{ pkgs, ... }:
{
imports = [
<nixos-wsl/modules>
../common/global
../common/optional/yubikey-gpg.nix
../common/users/lander
];
wsl = {
enable = true;
defaultUser = "lander";
usbip = {
enable = true;
autoAttach = [ "1-2" ];
snippetIpAddress = "127.0.0.1"; # using mirrored networking
};
};
networking.hostName = "heimdall";
security.pki.certificateFiles = [
./BASF_all.pem
];
environment.systemPackages = with pkgs; [
vim
wget
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
system.stateVersion = "24.11";
}