Merge pull request #99 from DarkKirb/instance-20221213-1915-initial-config

Further instance-20221213-1915 additions
2022-12-14 15:52:19 +01:00 · 2022-12-14 15:52:19 +01:00 · 849e7d819e
commit 849e7d819e
parent b0d292351f 9939c60263
11 changed files with 186 additions and 74 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -6,6 +6,16 @@ keys:
  - &nas age1c7y687sxh428wk34s8ws6kemu62mggafpt40rmanevgkuj5xa59q6f7tlc
  - &instance-20221213-1915 age1s7xxqxk6t6rw3zvfylgpwp5362v5guqsf8vjcvjjdj7wcnnxncvqc62frn
 creation_rules:
+  - path_regex: secrets/shared\.yaml$
+    key_groups:
+      - age:
+          - *nixos-8gb-fsn1-1
+          - *nutty-noon
+          - *thinkrac
+          - *nas
+          - *instance-20221213-1915
+        pgp:
+          - *lotte
  - path_regex: secrets/nixos-8gb-fsn1-1\.yaml$
    key_groups:
      - age:
--- a/config/default.nix
+++ b/config/default.nix
@ -9,7 +9,7 @@
    ./users/root.nix
    ./nix.nix
    ./sops.nix
-    ./wireguard.nix
+    ./wireguard
    ./home.nix
    ./services/restic.nix
    ./specialization.nix
@ -66,4 +66,11 @@
  };
  users.mutableUsers = false;
  boot.kernelParams = ["nohibernate"];
+
+  sops.secrets."root/aws/credentials" = {
+    sopsFile = ../secrets/shared.yaml;
+    owner = "root";
+    key = "aws/credentials";
+    path = "/root/.aws/credentials";
+  };
 }
--- a/config/instance-20221213-1915.nix
+++ b/config/instance-20221213-1915.nix
@ -12,6 +12,7 @@
    (modulesPath + "/profiles/qemu-guest.nix")
    ./systemd-boot.nix
    ./server.nix
+    ./wireguard/public-server.nix
  ];

  boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid"];
@ -83,4 +84,11 @@
  nix.settings.max-jobs = 2;
  nix.daemonCPUSchedPolicy = "idle";
  nix.daemonIOSchedClass = "idle";
+
+  system.stateVersion = "22.11";
+
+  sops.secrets."root/.ssh/id_ed25519" = {
+    owner = "root";
+    path = "/root/.ssh/id_ed25519";
+  };
 }
--- a/config/nas.nix
+++ b/config/nas.nix
@ -304,4 +304,11 @@
    max_parallel_workers = 12;
    max_parallel_maintenance_workers = 4;
  };
+
+  users.users.darkkirb.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpO0Lh7eOE/EBttb/XWZ6ISiJ0RkmBYfruq3U6linEz root@nixos-8gb-fsn1-1"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKB8oH1XbuGrKn/SeguXz96sw4AjJQQvZyAdpptotzOr root@thinkrac"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN/rVZJuwiO44LwOqimpH4zyGehYUMF2ZhYFXUCkupP hydra-queue-runner@nas"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLEmOYG4xipOh2YsWGbQtvoJXQzToQDotyCRFnHpVP5 root@instance-20221213-1915"
+  ];
 }
--- a/config/nixos-8gb-fsn1-1.nix
+++ b/config/nixos-8gb-fsn1-1.nix
@ -29,6 +29,7 @@
    ./services/akkoma
    ./services/peertube
    ./services/rspamd.nix
+    ./wireguard/public-server.nix
  ];

  boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod"];
@ -171,77 +172,6 @@
  nix.daemonCPUSchedPolicy = "idle";
  nix.daemonIOSchedClass = "idle";

-  networking.wireguard.interfaces.wg0 = {
-    postSetup = ''
-      ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
-      ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o ens3 -j MASQUERADE
-      ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
-      ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fc00::/7 -o ens3 -j MASQUERADE
-    '';
-
-    postShutdown = ''
-      ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
-      ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/8 -o ens3 -j MASQUERADE
-      ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
-      ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fc00::/7 -o ens3 -j MASQUERADE
-    '';
-
-    peers = [
-      {
-        publicKey = "/pQ86rAyPpM2tqzvk7NcKfEm72ENTVCSTTiHf6OrzDw=";
-        allowedIPs = [
-          "fd0d:a262:1fa6:e621:539c:94d8:30e1:fb8b/128"
-          "10.0.0.1/32"
-        ];
-      }
-      {
-        publicKey = "YDh67pqmhWMPNWf1BYXeH4/GTScCWqoWuyIao3ZUcz4=";
-        allowedIPs = [
-          "fd0d:a262:1fa6:e621:480:b859:2a43:7101/128"
-          "10.0.0.2/32"
-        ];
-      }
-      {
-        publicKey = "JZi7Lw8G5W2pnoqJWW6YfJm4OAaxhaneY8i3V9EO8X4=";
-        allowedIPs = [
-          "10.0.0.3/32"
-          "fd0d:a262:1fa6:e621:66b6:3f04:5583:db63/128"
-        ];
-      }
-      # nutty-noon
-      {
-        publicKey = "YYQmSJwipRkZJUsPV5DxhfyRBMdj/O1XzN+cGYtUi1s=";
-        allowedIPs = [
-          "fd0d:a262:1fa6:e621:47e6:24d4:2acb:9437/128"
-        ];
-      }
-      # thinkrac
-      {
-        publicKey = "iKW9nomLyLY2f90UY66POzY8CfDhQrqOLqchERlR3TY=";
-        allowedIPs = [
-          "fd0d:a262:1fa6:e621:f45a:db9f:eb7c:1a3f/128"
-        ];
-      }
-      # nas
-      {
-        publicKey = "RuQImASPojufJMoJ+zZ4FceC+mMN5vhxNR+i+m7g9Bc=";
-        allowedIPs = [
-          "fd0d:a262:1fa6:e621:bc9b:6a33:86e4:873b/128"
-        ];
-      }
-      # instance-20221213-1915
-      {
-        publicKey = "GHsVg8seCVIMYOidH5+/3EnoXRmi98NXtNTVu+nFcnw=";
-        allowedIPs = [
-          "fd0d:a262:1fa6:e621:746d:4523:5c04:1453/128"
-        ];
-      }
-    ];
-  };
-  boot.kernel.sysctl = {
-    "net.ipv4.conf.all.forwarding" = true;
-    "net.ipv6.conf.all.forwarding" = true;
-  };
  nix.settings.system-features = [
    "kvm"
    "nixos-test"
--- a/config/nutty-noon.nix
+++ b/config/nutty-noon.nix
@ -203,6 +203,7 @@
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpO0Lh7eOE/EBttb/XWZ6ISiJ0RkmBYfruq3U6linEz root@nixos-8gb-fsn1-1"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKB8oH1XbuGrKn/SeguXz96sw4AjJQQvZyAdpptotzOr root@thinkrac"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN/rVZJuwiO44LwOqimpH4zyGehYUMF2ZhYFXUCkupP hydra-queue-runner@nas"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLEmOYG4xipOh2YsWGbQtvoJXQzToQDotyCRFnHpVP5 root@instance-20221213-1915"
  ];
  nix.settings.system-features = [
    "kvm"
--- a/config/services/prometheus.nix
+++ b/config/services/prometheus.nix
@ -16,6 +16,7 @@
              "nutty-noon.int.chir.rs:${toString config.services.prometheus.exporters.node.port}"
              "nas.int.chir.rs:${toString config.services.prometheus.exporters.node.port}"
              "thinkrac.int.chir.rs:${toString config.services.prometheus.exporters.node.port}"
+              "instance-20221213-1915.int.chir.rs:${toString config.services.prometheus.exporters.node.port}"
            ];
          }
        ];
--- a/config/wireguard/default.nix
+++ b/config/wireguard/default.nix
@ -9,11 +9,21 @@
        {
          publicKey = "zQY9cAzbRO/FgV92pda7yk0NJFSXzHfi6+tgRq3g/SY=";
          allowedIPs = [
+            "fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49/128"
            "fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49/7"
          ];
          endpoint = "138.201.155.128:51820";
          persistentKeepalive = 25;
        }
+        {
+          publicKey = "GHsVg8seCVIMYOidH5+/3EnoXRmi98NXtNTVu+nFcnw=";
+          allowedIPs = [
+            "fd0d:a262:1fa6:e621:746d:4523:5c04:1453/128"
+            "fd0d:a262:1fa6:e621:746d:4523:5c04:1453/7"
+          ];
+          endpoint = "130.162.60.127:51820";
+          persistentKeepalive = 25;
+        }
      ];
    };
  };
--- a/config/wireguard/public-server.nix
+++ b/config/wireguard/public-server.nix
@ -0,0 +1,66 @@
+{pkgs, ...}: {
+  networking.wireguard.interfaces.wg0 = {
+    postSetup = ''
+      ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
+      ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o ens3 -j MASQUERADE
+      ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
+      ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fc00::/7 -o ens3 -j MASQUERADE
+    '';
+
+    postShutdown = ''
+      ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
+      ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/8 -o ens3 -j MASQUERADE
+      ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
+      ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fc00::/7 -o ens3 -j MASQUERADE
+    '';
+
+    peers = [
+      {
+        publicKey = "/pQ86rAyPpM2tqzvk7NcKfEm72ENTVCSTTiHf6OrzDw=";
+        allowedIPs = [
+          "fd0d:a262:1fa6:e621:539c:94d8:30e1:fb8b/128"
+          "10.0.0.1/32"
+        ];
+      }
+      {
+        publicKey = "YDh67pqmhWMPNWf1BYXeH4/GTScCWqoWuyIao3ZUcz4=";
+        allowedIPs = [
+          "fd0d:a262:1fa6:e621:480:b859:2a43:7101/128"
+          "10.0.0.2/32"
+        ];
+      }
+      {
+        publicKey = "JZi7Lw8G5W2pnoqJWW6YfJm4OAaxhaneY8i3V9EO8X4=";
+        allowedIPs = [
+          "10.0.0.3/32"
+          "fd0d:a262:1fa6:e621:66b6:3f04:5583:db63/128"
+        ];
+      }
+      # nutty-noon
+      {
+        publicKey = "YYQmSJwipRkZJUsPV5DxhfyRBMdj/O1XzN+cGYtUi1s=";
+        allowedIPs = [
+          "fd0d:a262:1fa6:e621:47e6:24d4:2acb:9437/128"
+        ];
+      }
+      # thinkrac
+      {
+        publicKey = "iKW9nomLyLY2f90UY66POzY8CfDhQrqOLqchERlR3TY=";
+        allowedIPs = [
+          "fd0d:a262:1fa6:e621:f45a:db9f:eb7c:1a3f/128"
+        ];
+      }
+      # nas
+      {
+        publicKey = "RuQImASPojufJMoJ+zZ4FceC+mMN5vhxNR+i+m7g9Bc=";
+        allowedIPs = [
+          "fd0d:a262:1fa6:e621:bc9b:6a33:86e4:873b/128"
+        ];
+      }
+    ];
+  };
+  boot.kernel.sysctl = {
+    "net.ipv4.conf.all.forwarding" = true;
+    "net.ipv6.conf.all.forwarding" = true;
+  };
+}
--- a/secrets/instance-20221213-1915.yaml
+++ b/secrets/instance-20221213-1915.yaml
@ -13,6 +13,9 @@ services:
 email:
    lotte@chir.rs: ENC[AES256_GCM,data:vCgsNVurVhcEBquF50bontjucQ==,iv:ITfgM4f7sMEhSUXYSVIwhTZ08ZTut9rp43ef6apPQhk=,tag:qJuwTl+Qw8be7frqGsb0Dw==,type:str]
    mdelenk@hs-mittweida.de: ENC[AES256_GCM,data:ykQYOSu3+KG8mfJBF7fEJwk2i8i972ERJs/oLLdY2mnQcPCV+9+0YtWwz7HDiLLrUlUV7yDdyjgqVKzdONOnsA==,iv:1Eetui7FvsrXIUSo1vccjA1k+/Bp9OAwI3ZoVYuQVDY=,tag:R27LHK9hpzVolt5+DKLHgg==,type:str]
+root:
+    .ssh:
+        id_ed25519: ENC[AES256_GCM,data:w0JBHJ1otF8ZbESGhS9ASFHcKo24CZumbvtNNPjueN7tR4ICVUs/SIqosKyfKcY3bPwnu5LJtyimBCz2F8+kdPmZMMGst1GWnXpNMNgyQrn0hTTdF4wKUY8yT5dfOJXWHumj6uDh8XgRB3KU1q5kXpADvoD86eWYrBlydS/Wdp2SsXGZ4FN2iYAFNhzw9UkezApn3/e7IEwshB7yhaWMtS9sIshfrPgDe9twYM5NsGqDqCHDXJMdgUWBJpPFzw7myGsGtyMJ+EPXFR0lhv9ZNExXeeZU73oJOXM2xLUKhJU7adMMFMcaNrW3Ku4tuSjEqECwWwMEcimLsYdgSsTCh9Bv7m78mBzXkGAq2R1X/SwXAR1eCwqVoTn/2ZCN4yd8ebNKKrJWUdTLY1XKTo8TejqgnGyDTd7Jlu/Q/u5q2+Z5zPQvjKETZbuT9/WnudtHCYndWGGIu7lChHxQ8kCh8jW8h1Xx3+kZdDwfKYcPH0kDYgesw77UCdm1hJjkRyriYIF0pFaE2nuovc5eTr6yUYUZyhwuLx1g9xWT,iv:r622tLxm8qCzFOtx/9NIdIa3bie0PbbAA0lrjAUk6PE=,tag:/zOd2czwh+B61rKVtdVxcw==,type:str]
 password:
    root: ENC[AES256_GCM,data:06rdfv4dBZC+2OUcyNsOpp+7nQLqFVhy3NWekckbG2wem0lbtPn8eAYMRREhQjhX/JC+0aRMqUaK9VK2YDuqp4SHONAw+ahEEDqoOacKngA34cxq++zfnWPXOCSAMN9nIgLe+77AHYq7qw==,iv:W19HnljIvvkwap0xOF1X7lit7Evm2cQgqLK/pAjo5dI=,tag:A6wzK2pUbvFLWgHJ1X9mSQ==,type:str]
    darkkirb: ENC[AES256_GCM,data:cmNsv680uqjPZJ40jU6z3JSUc6a76TbMVpF+EhBzz4wWr5rngDBTDoxjLnOYzuSOlonyJO9IXNygjCq0a7bNu4SYho8nCLeFV0Dvq6xDMCh2ZQ+CjHgP/R7dsaRqmjcujthmB0u0beJGqg==,iv:6Sz3b3S/76B3DGYdLfYQuOACx7SSJNy/pkRAbDmkBOM=,tag:bc6+sqj0+Ky5lhhgkMIXJQ==,type:str]
@ -31,8 +34,8 @@ sops:
            QThFZnBQRjh1ZVNoNmU3WkdVbVJVKzAKmEeggdchZmc9kajfpRZfRAR2Tzov4jQK
            NprycjlrOuozMCTv75+gbNHTRp4pxQq1JE5NejvyDWkzhL+s8Ikfng==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-12-14T08:55:10Z"
-    mac: ENC[AES256_GCM,data:W/B21vSPg9kJX13VHn8wCqK/NxdSaMJ0y+noXypFyI1yNlA5BTMIAwgR6ZRkCMdD9U+bz34Ujp8LENw9+AaRJ2pHA2/m4Jg+rdsA0T6K7E3k6qkMKyjH5Ovctx1Onu4PXKsRfS+Z4hz2qlkmCGyxBk1AHMjo8MxSQd9VtFZKP10=,iv:4S7a/kIpOucN/fp2Wo2aIodV1Yk3CX+vBUHUWzZEM84=,tag:m2vWnkzvZ9UdPSTGR/kbVg==,type:str]
+    lastmodified: "2022-12-14T09:48:21Z"
+    mac: ENC[AES256_GCM,data:4y4PsZInWRXUS4gVEDMMTo672sKbSCUP8bmoZZD1HwT5Qy4kPFZRWzmxVQgVJGlmXqOD4J1fgp5hSQosfBV+Wj8hS59fkvhFj2/XyiQC93wqmOqYSFahj+pLxR5khjWaVwMDZm7eUs9reh9GXiDYBmSVGGiwZAPxLvTKKvNrYTs=,iv:1YSyGiwJU+aAuLdqKjs8q0lQCsVnBh7nDzdRy3EJ0Qc=,tag:ipbetJAPM78V8fWd73/qsA==,type:str]
    pgp:
        - created_at: "2022-12-13T20:09:13Z"
          enc: |
--- a/secrets/shared.yaml
+++ b/secrets/shared.yaml
@ -0,0 +1,69 @@
+aws:
+    credentials: ENC[AES256_GCM,data:FJH+8to7i/5gNLWJNMr3iQDSOoufshcRADTZB8FSvCWbvp0j+OiDZmI2xjYLr2w29S1AW8A270l1QdqKxQuOsJM5NHpsT1GxeVfK4UyAfDU27F3LQ5gaeUN4U+vQVqUxgtmSwutDTYL736Xo4hO92w==,iv:GPFzsVrku3p5dnj/oxBKV/0A2gwEJd7H9Wmg6eggZos=,tag:FJdSbdBjjp8hi7/vgbtXEg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1273ps5thcy70ckdt0270s2nysqgu48t38pq3wq975v3y7mf4eavsw38wsl
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZGs0TndublFyQi9yM0R4
+            NmdoYTZtZUtEU05pa25rL0hWMjVTZGc1WHpNCmwvNHJpTzg3ZDlkR2hEbzJDSmw0
+            SjI5bWJ4Q1lGZDJvS2trdkFSdVZ6dlkKLS0tIFhhaFhHOFZ4MUhIYVpsQ2NqTGxn
+            WFBaSGdXRTIzZUVmQTZVc1V1cWJETUkKyoqWYVV07acsjWOX+7B1LO2QZwCUhFTT
+            tncKrSCRKOryRi/sCBI8wTuJ5h4ZOnFGuYcWe7rX61zv6MJmB7PeZg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1wfftrnyngg7nxcwvt7m590fwx3w7p4kkrjn9uprjq0u3k3ym4s3qqzkmzm
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcU5GeGRXcllRMFdYclFu
+            OUtNaFVWS2xFRFY1Tkt5V2pBYzQ5UkhMSVdVCkF4VXloNVFEMGp3MmFVTXRZby9T
+            eldEQXNQK0UwUk9pRXNKeDNNdjJiZWMKLS0tIGxITmhSalZabSt3M3Y1MWV2WFg3
+            Um41TWc1Zk15WVZleWw3YjBtdjJrK3MKChfeKSRpvkMVc9XWas94cXOeftKEMD8v
+            Tbs80DBDsCRcA5FXyA8OglYMsszgKbBwO402ziy8XsZ2ndsKbzmyCA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15c2dquc22epmmndpmd8pa3077fdl8nyr5qehr7y0c9uvavrledsq326ak9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtY09EWEI5YkI4OUNHTlVj
+            Mnp0V2hCM2wrK0JCQVY3RmlxeGRFODl3ZFNjCnp0RGgreElHMWRNZXo1dk93RG1w
+            Q0t3eXo1NW02M3VSS2NGOURpQlpxRm8KLS0tIHJlMExYUnE4L3M0T0NRVEZ5SFd5
+            RkFzemNNeUwvcjZsUzRvWmI3SVVzMDQKwG0YSsitrfuCKcPo9jEwIkTx+Amu9oWv
+            9gWMndg0mH2V+3gLfnOeWgLO7q00wil10/QPYtBv1eKHWbeflXhTcw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1c7y687sxh428wk34s8ws6kemu62mggafpt40rmanevgkuj5xa59q6f7tlc
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxK1p3QzdJUzFKVGJHRzBV
+            VFkvUFVob3p0WE1RZGxWaDBVUTl6Q3VlS0JNCm53alJXUlhkWnR0OGVOZTdVbTA3
+            RWl3dDQvTEpGa0FMZFRac0VxZkFNYUkKLS0tIFdZUGNVejlkNzNkUnd6Y1RwZ3VG
+            ck54anBlVFZwSHhLNytYUDdqaFU3QUEK2EEhYevcyM2Z9Yzg1yll8VvtrOJ6rRts
+            2UUjeIefQcSdOPQ+sAWC5U4nWlPodjbb8vrX9rAakVPeJsVDR216kQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1s7xxqxk6t6rw3zvfylgpwp5362v5guqsf8vjcvjjdj7wcnnxncvqc62frn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4V0ZVTmxScWhOWVkwTnps
+            d1VZRUdXRGNYemNuTFJWWkZlUGM4cnUrNUhjCnE2cVJ2THdJQnF1dk9FY1M0SnBM
+            UGNJWmVTSlRIbDhOVG45Y1RVM0UrVXcKLS0tIGFJTkdwS25MS2k2Q0hwbVlvU0Rv
+            SEFmTkdnWkw2YTVXOVNIcXp2MXhZczgK1i8ibaQLEVdXcmdmeSQBNwt/glN6pd9Z
+            8xLX40YKUnGUBlLHkQJPEOsZvhTDq+4PLd41S93Y2kv8p1y+IKnQ+Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-12-14T09:44:37Z"
+    mac: ENC[AES256_GCM,data:T1dbLpD1LU9JsMafgzA/nBzM/hcqhZtir9RMrARaEwqDnA2kGra0TWIG0SIt2adi6mym5OJXqowswE2kkBqqybV1nG/spZBaHYM4FkRV4mec0mkFGxCSG3CqiBF43dZfM1d90sUf+QC+j5hnvL75y0AkjH8qDjmMp5zLkpzKj5Y=,iv:r3yFan7qIunwSIMJQuJ6byk6IAGyUhIu42UTnVkjcpg=,tag:e/PiaaMzZEG3OyV8bPAaYA==,type:str]
+    pgp:
+        - created_at: "2022-12-14T09:44:12Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DAAAAAAAAAAASAQdABfkbgMrxNMpI/9PEceVXQqEyHF+JLOqPdbldJKvITBgw
+            AV8pN2F2pEFwIHoARpi42LZQpqMlbNIgRR7x+dPmv4UIY0BwqcDoiX6D8WHQIW3I
+            0l4Bvej8D2IMF/8sA7JytITOBa5PZwuz/doyM10jisMeE/gRSA42GrtLtE7+YxL6
+            Tj1UAwMmU70xKFBntkvQwheRxkKY4JqXHKmVtGwPJAPVYKRIIBy5L+fdF9MQYPty
+            =q380
+            -----END PGP MESSAGE-----
+          fp: 46C6A7E14BC7812E86C2700737FE303AAC2D06CD
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3