diff --git a/.sops.yaml b/.sops.yaml index b4d33598..c1530554 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,6 +6,16 @@ keys: - &nas age1c7y687sxh428wk34s8ws6kemu62mggafpt40rmanevgkuj5xa59q6f7tlc - &instance-20221213-1915 age1s7xxqxk6t6rw3zvfylgpwp5362v5guqsf8vjcvjjdj7wcnnxncvqc62frn creation_rules: + - path_regex: secrets/shared\.yaml$ + key_groups: + - age: + - *nixos-8gb-fsn1-1 + - *nutty-noon + - *thinkrac + - *nas + - *instance-20221213-1915 + pgp: + - *lotte - path_regex: secrets/nixos-8gb-fsn1-1\.yaml$ key_groups: - age: diff --git a/config/default.nix b/config/default.nix index 3b96d794..686bc0c6 100644 --- a/config/default.nix +++ b/config/default.nix @@ -9,7 +9,7 @@ ./users/root.nix ./nix.nix ./sops.nix - ./wireguard.nix + ./wireguard ./home.nix ./services/restic.nix ./specialization.nix @@ -66,4 +66,11 @@ }; users.mutableUsers = false; boot.kernelParams = ["nohibernate"]; + + sops.secrets."root/aws/credentials" = { + sopsFile = ../secrets/shared.yaml; + owner = "root"; + key = "aws/credentials"; + path = "/root/.aws/credentials"; + }; } diff --git a/config/instance-20221213-1915.nix b/config/instance-20221213-1915.nix index 90b4c412..fbb25acc 100644 --- a/config/instance-20221213-1915.nix +++ b/config/instance-20221213-1915.nix @@ -12,6 +12,7 @@ (modulesPath + "/profiles/qemu-guest.nix") ./systemd-boot.nix ./server.nix + ./wireguard/public-server.nix ]; boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid"]; @@ -83,4 +84,11 @@ nix.settings.max-jobs = 2; nix.daemonCPUSchedPolicy = "idle"; nix.daemonIOSchedClass = "idle"; + + system.stateVersion = "22.11"; + + sops.secrets."root/.ssh/id_ed25519" = { + owner = "root"; + path = "/root/.ssh/id_ed25519"; + }; } diff --git a/config/nas.nix b/config/nas.nix index 4bc31575..5cce7eb1 100644 --- a/config/nas.nix +++ b/config/nas.nix @@ -304,4 +304,11 @@ max_parallel_workers = 12; max_parallel_maintenance_workers = 4; }; + + users.users.darkkirb.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpO0Lh7eOE/EBttb/XWZ6ISiJ0RkmBYfruq3U6linEz root@nixos-8gb-fsn1-1" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKB8oH1XbuGrKn/SeguXz96sw4AjJQQvZyAdpptotzOr root@thinkrac" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN/rVZJuwiO44LwOqimpH4zyGehYUMF2ZhYFXUCkupP hydra-queue-runner@nas" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLEmOYG4xipOh2YsWGbQtvoJXQzToQDotyCRFnHpVP5 root@instance-20221213-1915" + ]; } diff --git a/config/nixos-8gb-fsn1-1.nix b/config/nixos-8gb-fsn1-1.nix index 04e89a82..6c9286e3 100644 --- a/config/nixos-8gb-fsn1-1.nix +++ b/config/nixos-8gb-fsn1-1.nix @@ -29,6 +29,7 @@ ./services/akkoma ./services/peertube ./services/rspamd.nix + ./wireguard/public-server.nix ]; boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod"]; @@ -171,77 +172,6 @@ nix.daemonCPUSchedPolicy = "idle"; nix.daemonIOSchedClass = "idle"; - networking.wireguard.interfaces.wg0 = { - postSetup = '' - ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o ens3 -j MASQUERADE - ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fc00::/7 -o ens3 -j MASQUERADE - ''; - - postShutdown = '' - ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/8 -o ens3 -j MASQUERADE - ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fc00::/7 -o ens3 -j MASQUERADE - ''; - - peers = [ - { - publicKey = "/pQ86rAyPpM2tqzvk7NcKfEm72ENTVCSTTiHf6OrzDw="; - allowedIPs = [ - "fd0d:a262:1fa6:e621:539c:94d8:30e1:fb8b/128" - "10.0.0.1/32" - ]; - } - { - publicKey = "YDh67pqmhWMPNWf1BYXeH4/GTScCWqoWuyIao3ZUcz4="; - allowedIPs = [ - "fd0d:a262:1fa6:e621:480:b859:2a43:7101/128" - "10.0.0.2/32" - ]; - } - { - publicKey = "JZi7Lw8G5W2pnoqJWW6YfJm4OAaxhaneY8i3V9EO8X4="; - allowedIPs = [ - "10.0.0.3/32" - "fd0d:a262:1fa6:e621:66b6:3f04:5583:db63/128" - ]; - } - # nutty-noon - { - publicKey = "YYQmSJwipRkZJUsPV5DxhfyRBMdj/O1XzN+cGYtUi1s="; - allowedIPs = [ - "fd0d:a262:1fa6:e621:47e6:24d4:2acb:9437/128" - ]; - } - # thinkrac - { - publicKey = "iKW9nomLyLY2f90UY66POzY8CfDhQrqOLqchERlR3TY="; - allowedIPs = [ - "fd0d:a262:1fa6:e621:f45a:db9f:eb7c:1a3f/128" - ]; - } - # nas - { - publicKey = "RuQImASPojufJMoJ+zZ4FceC+mMN5vhxNR+i+m7g9Bc="; - allowedIPs = [ - "fd0d:a262:1fa6:e621:bc9b:6a33:86e4:873b/128" - ]; - } - # instance-20221213-1915 - { - publicKey = "GHsVg8seCVIMYOidH5+/3EnoXRmi98NXtNTVu+nFcnw="; - allowedIPs = [ - "fd0d:a262:1fa6:e621:746d:4523:5c04:1453/128" - ]; - } - ]; - }; - boot.kernel.sysctl = { - "net.ipv4.conf.all.forwarding" = true; - "net.ipv6.conf.all.forwarding" = true; - }; nix.settings.system-features = [ "kvm" "nixos-test" diff --git a/config/nutty-noon.nix b/config/nutty-noon.nix index 622aedf5..db9ca337 100644 --- a/config/nutty-noon.nix +++ b/config/nutty-noon.nix @@ -203,6 +203,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpO0Lh7eOE/EBttb/XWZ6ISiJ0RkmBYfruq3U6linEz root@nixos-8gb-fsn1-1" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKB8oH1XbuGrKn/SeguXz96sw4AjJQQvZyAdpptotzOr root@thinkrac" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN/rVZJuwiO44LwOqimpH4zyGehYUMF2ZhYFXUCkupP hydra-queue-runner@nas" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLEmOYG4xipOh2YsWGbQtvoJXQzToQDotyCRFnHpVP5 root@instance-20221213-1915" ]; nix.settings.system-features = [ "kvm" diff --git a/config/services/prometheus.nix b/config/services/prometheus.nix index 5b3b3585..eece9e7d 100644 --- a/config/services/prometheus.nix +++ b/config/services/prometheus.nix @@ -16,6 +16,7 @@ "nutty-noon.int.chir.rs:${toString config.services.prometheus.exporters.node.port}" "nas.int.chir.rs:${toString config.services.prometheus.exporters.node.port}" "thinkrac.int.chir.rs:${toString config.services.prometheus.exporters.node.port}" + "instance-20221213-1915.int.chir.rs:${toString config.services.prometheus.exporters.node.port}" ]; } ]; diff --git a/config/wireguard.nix b/config/wireguard/default.nix similarity index 61% rename from config/wireguard.nix rename to config/wireguard/default.nix index 4334d82c..4054667a 100644 --- a/config/wireguard.nix +++ b/config/wireguard/default.nix @@ -9,11 +9,21 @@ { publicKey = "zQY9cAzbRO/FgV92pda7yk0NJFSXzHfi6+tgRq3g/SY="; allowedIPs = [ + "fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49/128" "fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49/7" ]; endpoint = "138.201.155.128:51820"; persistentKeepalive = 25; } + { + publicKey = "GHsVg8seCVIMYOidH5+/3EnoXRmi98NXtNTVu+nFcnw="; + allowedIPs = [ + "fd0d:a262:1fa6:e621:746d:4523:5c04:1453/128" + "fd0d:a262:1fa6:e621:746d:4523:5c04:1453/7" + ]; + endpoint = "130.162.60.127:51820"; + persistentKeepalive = 25; + } ]; }; }; diff --git a/config/wireguard/public-server.nix b/config/wireguard/public-server.nix new file mode 100644 index 00000000..84396c47 --- /dev/null +++ b/config/wireguard/public-server.nix @@ -0,0 +1,66 @@ +{pkgs, ...}: { + networking.wireguard.interfaces.wg0 = { + postSetup = '' + ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o ens3 -j MASQUERADE + ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT + ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fc00::/7 -o ens3 -j MASQUERADE + ''; + + postShutdown = '' + ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/8 -o ens3 -j MASQUERADE + ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT + ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fc00::/7 -o ens3 -j MASQUERADE + ''; + + peers = [ + { + publicKey = "/pQ86rAyPpM2tqzvk7NcKfEm72ENTVCSTTiHf6OrzDw="; + allowedIPs = [ + "fd0d:a262:1fa6:e621:539c:94d8:30e1:fb8b/128" + "10.0.0.1/32" + ]; + } + { + publicKey = "YDh67pqmhWMPNWf1BYXeH4/GTScCWqoWuyIao3ZUcz4="; + allowedIPs = [ + "fd0d:a262:1fa6:e621:480:b859:2a43:7101/128" + "10.0.0.2/32" + ]; + } + { + publicKey = "JZi7Lw8G5W2pnoqJWW6YfJm4OAaxhaneY8i3V9EO8X4="; + allowedIPs = [ + "10.0.0.3/32" + "fd0d:a262:1fa6:e621:66b6:3f04:5583:db63/128" + ]; + } + # nutty-noon + { + publicKey = "YYQmSJwipRkZJUsPV5DxhfyRBMdj/O1XzN+cGYtUi1s="; + allowedIPs = [ + "fd0d:a262:1fa6:e621:47e6:24d4:2acb:9437/128" + ]; + } + # thinkrac + { + publicKey = "iKW9nomLyLY2f90UY66POzY8CfDhQrqOLqchERlR3TY="; + allowedIPs = [ + "fd0d:a262:1fa6:e621:f45a:db9f:eb7c:1a3f/128" + ]; + } + # nas + { + publicKey = "RuQImASPojufJMoJ+zZ4FceC+mMN5vhxNR+i+m7g9Bc="; + allowedIPs = [ + "fd0d:a262:1fa6:e621:bc9b:6a33:86e4:873b/128" + ]; + } + ]; + }; + boot.kernel.sysctl = { + "net.ipv4.conf.all.forwarding" = true; + "net.ipv6.conf.all.forwarding" = true; + }; +} diff --git a/secrets/instance-20221213-1915.yaml b/secrets/instance-20221213-1915.yaml index d4e37190..2c55cb26 100644 --- a/secrets/instance-20221213-1915.yaml +++ b/secrets/instance-20221213-1915.yaml @@ -13,6 +13,9 @@ services: email: lotte@chir.rs: ENC[AES256_GCM,data:vCgsNVurVhcEBquF50bontjucQ==,iv:ITfgM4f7sMEhSUXYSVIwhTZ08ZTut9rp43ef6apPQhk=,tag:qJuwTl+Qw8be7frqGsb0Dw==,type:str] mdelenk@hs-mittweida.de: ENC[AES256_GCM,data:ykQYOSu3+KG8mfJBF7fEJwk2i8i972ERJs/oLLdY2mnQcPCV+9+0YtWwz7HDiLLrUlUV7yDdyjgqVKzdONOnsA==,iv:1Eetui7FvsrXIUSo1vccjA1k+/Bp9OAwI3ZoVYuQVDY=,tag:R27LHK9hpzVolt5+DKLHgg==,type:str] +root: + .ssh: + id_ed25519: ENC[AES256_GCM,data:w0JBHJ1otF8ZbESGhS9ASFHcKo24CZumbvtNNPjueN7tR4ICVUs/SIqosKyfKcY3bPwnu5LJtyimBCz2F8+kdPmZMMGst1GWnXpNMNgyQrn0hTTdF4wKUY8yT5dfOJXWHumj6uDh8XgRB3KU1q5kXpADvoD86eWYrBlydS/Wdp2SsXGZ4FN2iYAFNhzw9UkezApn3/e7IEwshB7yhaWMtS9sIshfrPgDe9twYM5NsGqDqCHDXJMdgUWBJpPFzw7myGsGtyMJ+EPXFR0lhv9ZNExXeeZU73oJOXM2xLUKhJU7adMMFMcaNrW3Ku4tuSjEqECwWwMEcimLsYdgSsTCh9Bv7m78mBzXkGAq2R1X/SwXAR1eCwqVoTn/2ZCN4yd8ebNKKrJWUdTLY1XKTo8TejqgnGyDTd7Jlu/Q/u5q2+Z5zPQvjKETZbuT9/WnudtHCYndWGGIu7lChHxQ8kCh8jW8h1Xx3+kZdDwfKYcPH0kDYgesw77UCdm1hJjkRyriYIF0pFaE2nuovc5eTr6yUYUZyhwuLx1g9xWT,iv:r622tLxm8qCzFOtx/9NIdIa3bie0PbbAA0lrjAUk6PE=,tag:/zOd2czwh+B61rKVtdVxcw==,type:str] password: root: ENC[AES256_GCM,data:06rdfv4dBZC+2OUcyNsOpp+7nQLqFVhy3NWekckbG2wem0lbtPn8eAYMRREhQjhX/JC+0aRMqUaK9VK2YDuqp4SHONAw+ahEEDqoOacKngA34cxq++zfnWPXOCSAMN9nIgLe+77AHYq7qw==,iv:W19HnljIvvkwap0xOF1X7lit7Evm2cQgqLK/pAjo5dI=,tag:A6wzK2pUbvFLWgHJ1X9mSQ==,type:str] darkkirb: ENC[AES256_GCM,data:cmNsv680uqjPZJ40jU6z3JSUc6a76TbMVpF+EhBzz4wWr5rngDBTDoxjLnOYzuSOlonyJO9IXNygjCq0a7bNu4SYho8nCLeFV0Dvq6xDMCh2ZQ+CjHgP/R7dsaRqmjcujthmB0u0beJGqg==,iv:6Sz3b3S/76B3DGYdLfYQuOACx7SSJNy/pkRAbDmkBOM=,tag:bc6+sqj0+Ky5lhhgkMIXJQ==,type:str] @@ -31,8 +34,8 @@ sops: QThFZnBQRjh1ZVNoNmU3WkdVbVJVKzAKmEeggdchZmc9kajfpRZfRAR2Tzov4jQK NprycjlrOuozMCTv75+gbNHTRp4pxQq1JE5NejvyDWkzhL+s8Ikfng== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-12-14T08:55:10Z" - mac: ENC[AES256_GCM,data:W/B21vSPg9kJX13VHn8wCqK/NxdSaMJ0y+noXypFyI1yNlA5BTMIAwgR6ZRkCMdD9U+bz34Ujp8LENw9+AaRJ2pHA2/m4Jg+rdsA0T6K7E3k6qkMKyjH5Ovctx1Onu4PXKsRfS+Z4hz2qlkmCGyxBk1AHMjo8MxSQd9VtFZKP10=,iv:4S7a/kIpOucN/fp2Wo2aIodV1Yk3CX+vBUHUWzZEM84=,tag:m2vWnkzvZ9UdPSTGR/kbVg==,type:str] + lastmodified: "2022-12-14T09:48:21Z" + mac: ENC[AES256_GCM,data:4y4PsZInWRXUS4gVEDMMTo672sKbSCUP8bmoZZD1HwT5Qy4kPFZRWzmxVQgVJGlmXqOD4J1fgp5hSQosfBV+Wj8hS59fkvhFj2/XyiQC93wqmOqYSFahj+pLxR5khjWaVwMDZm7eUs9reh9GXiDYBmSVGGiwZAPxLvTKKvNrYTs=,iv:1YSyGiwJU+aAuLdqKjs8q0lQCsVnBh7nDzdRy3EJ0Qc=,tag:ipbetJAPM78V8fWd73/qsA==,type:str] pgp: - created_at: "2022-12-13T20:09:13Z" enc: | diff --git a/secrets/shared.yaml b/secrets/shared.yaml new file mode 100644 index 00000000..8d58d0e0 --- /dev/null +++ b/secrets/shared.yaml @@ -0,0 +1,69 @@ +aws: + credentials: ENC[AES256_GCM,data:FJH+8to7i/5gNLWJNMr3iQDSOoufshcRADTZB8FSvCWbvp0j+OiDZmI2xjYLr2w29S1AW8A270l1QdqKxQuOsJM5NHpsT1GxeVfK4UyAfDU27F3LQ5gaeUN4U+vQVqUxgtmSwutDTYL736Xo4hO92w==,iv:GPFzsVrku3p5dnj/oxBKV/0A2gwEJd7H9Wmg6eggZos=,tag:FJdSbdBjjp8hi7/vgbtXEg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1273ps5thcy70ckdt0270s2nysqgu48t38pq3wq975v3y7mf4eavsw38wsl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZGs0TndublFyQi9yM0R4 + NmdoYTZtZUtEU05pa25rL0hWMjVTZGc1WHpNCmwvNHJpTzg3ZDlkR2hEbzJDSmw0 + SjI5bWJ4Q1lGZDJvS2trdkFSdVZ6dlkKLS0tIFhhaFhHOFZ4MUhIYVpsQ2NqTGxn + WFBaSGdXRTIzZUVmQTZVc1V1cWJETUkKyoqWYVV07acsjWOX+7B1LO2QZwCUhFTT + tncKrSCRKOryRi/sCBI8wTuJ5h4ZOnFGuYcWe7rX61zv6MJmB7PeZg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1wfftrnyngg7nxcwvt7m590fwx3w7p4kkrjn9uprjq0u3k3ym4s3qqzkmzm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcU5GeGRXcllRMFdYclFu + OUtNaFVWS2xFRFY1Tkt5V2pBYzQ5UkhMSVdVCkF4VXloNVFEMGp3MmFVTXRZby9T + eldEQXNQK0UwUk9pRXNKeDNNdjJiZWMKLS0tIGxITmhSalZabSt3M3Y1MWV2WFg3 + Um41TWc1Zk15WVZleWw3YjBtdjJrK3MKChfeKSRpvkMVc9XWas94cXOeftKEMD8v + Tbs80DBDsCRcA5FXyA8OglYMsszgKbBwO402ziy8XsZ2ndsKbzmyCA== + -----END AGE ENCRYPTED FILE----- + - recipient: age15c2dquc22epmmndpmd8pa3077fdl8nyr5qehr7y0c9uvavrledsq326ak9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtY09EWEI5YkI4OUNHTlVj + Mnp0V2hCM2wrK0JCQVY3RmlxeGRFODl3ZFNjCnp0RGgreElHMWRNZXo1dk93RG1w + Q0t3eXo1NW02M3VSS2NGOURpQlpxRm8KLS0tIHJlMExYUnE4L3M0T0NRVEZ5SFd5 + RkFzemNNeUwvcjZsUzRvWmI3SVVzMDQKwG0YSsitrfuCKcPo9jEwIkTx+Amu9oWv + 9gWMndg0mH2V+3gLfnOeWgLO7q00wil10/QPYtBv1eKHWbeflXhTcw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1c7y687sxh428wk34s8ws6kemu62mggafpt40rmanevgkuj5xa59q6f7tlc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxK1p3QzdJUzFKVGJHRzBV + VFkvUFVob3p0WE1RZGxWaDBVUTl6Q3VlS0JNCm53alJXUlhkWnR0OGVOZTdVbTA3 + RWl3dDQvTEpGa0FMZFRac0VxZkFNYUkKLS0tIFdZUGNVejlkNzNkUnd6Y1RwZ3VG + ck54anBlVFZwSHhLNytYUDdqaFU3QUEK2EEhYevcyM2Z9Yzg1yll8VvtrOJ6rRts + 2UUjeIefQcSdOPQ+sAWC5U4nWlPodjbb8vrX9rAakVPeJsVDR216kQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s7xxqxk6t6rw3zvfylgpwp5362v5guqsf8vjcvjjdj7wcnnxncvqc62frn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4V0ZVTmxScWhOWVkwTnps + d1VZRUdXRGNYemNuTFJWWkZlUGM4cnUrNUhjCnE2cVJ2THdJQnF1dk9FY1M0SnBM + UGNJWmVTSlRIbDhOVG45Y1RVM0UrVXcKLS0tIGFJTkdwS25MS2k2Q0hwbVlvU0Rv + SEFmTkdnWkw2YTVXOVNIcXp2MXhZczgK1i8ibaQLEVdXcmdmeSQBNwt/glN6pd9Z + 8xLX40YKUnGUBlLHkQJPEOsZvhTDq+4PLd41S93Y2kv8p1y+IKnQ+Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-12-14T09:44:37Z" + mac: ENC[AES256_GCM,data:T1dbLpD1LU9JsMafgzA/nBzM/hcqhZtir9RMrARaEwqDnA2kGra0TWIG0SIt2adi6mym5OJXqowswE2kkBqqybV1nG/spZBaHYM4FkRV4mec0mkFGxCSG3CqiBF43dZfM1d90sUf+QC+j5hnvL75y0AkjH8qDjmMp5zLkpzKj5Y=,iv:r3yFan7qIunwSIMJQuJ6byk6IAGyUhIu42UTnVkjcpg=,tag:e/PiaaMzZEG3OyV8bPAaYA==,type:str] + pgp: + - created_at: "2022-12-14T09:44:12Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hF4DAAAAAAAAAAASAQdABfkbgMrxNMpI/9PEceVXQqEyHF+JLOqPdbldJKvITBgw + AV8pN2F2pEFwIHoARpi42LZQpqMlbNIgRR7x+dPmv4UIY0BwqcDoiX6D8WHQIW3I + 0l4Bvej8D2IMF/8sA7JytITOBa5PZwuz/doyM10jisMeE/gRSA42GrtLtE7+YxL6 + Tj1UAwMmU70xKFBntkvQwheRxkKY4JqXHKmVtGwPJAPVYKRIIBy5L+fdF9MQYPty + =q380 + -----END PGP MESSAGE----- + fp: 46C6A7E14BC7812E86C2700737FE303AAC2D06CD + unencrypted_suffix: _unencrypted + version: 3.7.3