refactor: add encrypted private.nix to hold private values

.gitattributes

@@ -0,0 +1 @@
+private.nix  filter=crypt diff=crypt merge=crypt

hosts/Yura-PC/default.nix

@@ -177,6 +177,7 @@
     fd
     helix
     micro
+    openssl
     ripgrep
     starship
     tealdeer

hosts/router/default.nix

@@ -72,10 +72,12 @@ in
     lsof
     micro
     mpv
+    openssl
     ripgrep
     rustscan
     starship
     tealdeer
+    transcrypt
     waypipe
     whois
   ];

hosts/router/private.nix

@@ -0,0 +1,2 @@
+U2FsdGVkX1/98w32OE1ppwT0I5A3UOTKCLJfvk+TQdrbf0TLfYNZ9TC9n8cH2hC9
+ObKVuFlOLwHlzeBy7MXaLg==

hosts/router/vars.nix

@@ -1,4 +1,6 @@
 let
+  private = import ./private.nix;
+
   mkIfConfig = {
     name_,
     domain_,
@@ -43,7 +45,7 @@ rec {
   };
 
   p4 = "10.17";                      # .0.0/16
-  pdFromWan = "";  # ::/60
+  pdFromWan = private.pdFromWan;  # ::/60
   ulaPrefix = "fdab:07d3:581d";      # ::/48
   ifs = rec {
     wan = rec {

hosts/vm/default.nix

@@ -95,9 +95,11 @@
     ldns
     micro
     mpv
+    openssl
     ripgrep
     starship
     tealdeer
+    transcrypt
     waypipe
     whois
     zfs