From bd22e9990fc812842bcdbd7c71059db53935445b Mon Sep 17 00:00:00 2001 From: Alexander Szczepanski Date: Sat, 31 Aug 2024 19:00:36 +0200 Subject: [PATCH] desktop-2024-08-31-19-00-36 --- .sops.yaml | 16 +++++++ configs/borg-exclude.nix | 4 ++ configs/common.nix | 18 +++++--- configs/develop.nix | 14 ++++++ configs/user-gui.nix | 19 +------- configs/user.nix | 7 +-- flake.lock | 40 ++++++++++++++++- flake.nix | 15 +++++-- machine/desktop/configuration.nix | 64 +++++++++++++++------------ machine/vps2.nix | 70 ------------------------------ machine/vps3.nix | 72 ------------------------------- secrets-desktop.yaml | 31 +++++++++++++ secrets.yaml | 30 +++++++++++++ 13 files changed, 196 insertions(+), 204 deletions(-) create mode 100644 .sops.yaml create mode 100644 configs/develop.nix delete mode 100755 machine/vps2.nix delete mode 100755 machine/vps3.nix create mode 100644 secrets-desktop.yaml create mode 100644 secrets.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..96e5f8a --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,16 @@ +keys: + - &users + - &alex age1gjhlw6vkfers3f76yug3alwupe4jckjhg8ncr8kll5gj5g6wlqtqacqa73 + - &hosts: + - &desktop age1m873zl0umr6huvs7ft98t7dg3wqx7skzgdrd6vjzeh8h6kkgdghsy5atvx +creation_rules: + - path_regex: secrets.yaml$ + key_groups: + - age: + - *alex + - *desktop + - path_regex: secrets-desktop.yaml$ + key_groups: + - age: + - *alex + - *desktop diff --git a/configs/borg-exclude.nix b/configs/borg-exclude.nix index c52a316..ac930b9 100755 --- a/configs/borg-exclude.nix +++ b/configs/borg-exclude.nix @@ -3,13 +3,17 @@ ".cache" ".config/chromium/Default/Service Worker/CacheStorage" ".config/discord/Cache" + ".local/share/libvirt/images" ".local/share/Steam/config/htmlcache/Cache" ".local/share/Steam/steamapps" ".local/share/Trash" + "Games/guild-wars-second/drive_c/Program Files/Guild Wars/Gw.dat" "Games/guild-wars/drive_c/Program Files/Guild Wars/Gw.dat" + "shared" + "docker/jellyfin/data" ]; } diff --git a/configs/common.nix b/configs/common.nix index c7efda8..7b2eaf0 100755 --- a/configs/common.nix +++ b/configs/common.nix @@ -64,8 +64,8 @@ borgmatic btrfs-progs + exfatprogs - cargo # dog # cat replace doggo # DNS Resolver @@ -77,33 +77,37 @@ eza + # age key encryption + ssh-to-age + age + sops + + # monitoring btop htop glances + nethogs + iotop + nmap gnupg gocryptfs graphviz hdparm - home-manager inxi - iotop lm_sensors lsd lsof man-pages man-pages-posix - nethogs + nil nix-du nix-tree nixpkgs-fmt - nmap - nodejs parallel pciutils - ruby progress unixtools.xxd unzip diff --git a/configs/develop.nix b/configs/develop.nix new file mode 100644 index 0000000..5a33ccd --- /dev/null +++ b/configs/develop.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs.unstable; [ + insomnia + meld + virt-manager + + #rust + cargo + nodejs + + ruby + ]; +} diff --git a/configs/user-gui.nix b/configs/user-gui.nix index fbd17f3..1de488b 100755 --- a/configs/user-gui.nix +++ b/configs/user-gui.nix @@ -11,8 +11,7 @@ fontDir.enable = true; packages = with pkgs; [ - (nerdfonts.override { fonts = [ "Meslo" ]; }) - # nerdfonts + (nerdfonts.override { fonts = [ "Meslo" "RobotoMono"]; }) corefonts google-fonts liberation_ttf @@ -27,17 +26,6 @@ stix-two twemoji-color-font ]; - - # fontconfig = { - # enable = true; - # antialias = true; - # defaultFonts = { - # # monospace = [ "Fira Mono" ]; - # serif = [ "Linux Libertine" ]; - # sansSerif = [ "Open Sans" ]; - # emoji = [ "Twitter Color Emoji" ]; - # }; - # }; }; hardware = { @@ -62,19 +50,14 @@ }; environment.systemPackages = with pkgs.unstable; [ - alacritty czkawka # fslint before grsync handbrake - insomnia keepassxc - meld - exfatprogs nextcloud-client pinta rustdesk-flutter simple-scan - virt-manager ]; home-manager.users.alex = { pkgs, ... }: { diff --git a/configs/user.nix b/configs/user.nix index a98168b..2f22e15 100755 --- a/configs/user.nix +++ b/configs/user.nix @@ -1,7 +1,4 @@ { config, pkgs, lib, inputs, ... }: -let - secrets = import ./secrets.nix; -in { imports = [ inputs.home-manager.nixosModules.home-manager @@ -18,7 +15,8 @@ in users.alex = { isNormalUser = true; - hashedPassword = secrets.hashedPassword; + # hashedPassword = secrets.hashedPassword; + hashedPasswordFile = config.sops.secrets.hashedPassword.path; extraGroups = [ "wheel" "docker" @@ -34,7 +32,6 @@ in "davfs2" ]; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPSzeNjfkz7/B/18TcJxxmNFUhvTKoieBcexdzebWH7oncvyBXNRJp8vAqSIVFLzz5UUFQNFuilggs8/N48U84acmFOxlbUmxlkf8KZgeB/G6uQ8ncQh6M1HNNPH+9apTURgfctr7eEZe9seLIEBISQLXB2Sf3F1ogfDj25S8kH9RM4wM1/jDFK5IecWHScKxwQPmCoXeGE1LEJq6nkQLXMDsWhSihtWouaTxSR0p7/wp/Rqt/hzLEWj8e3+qLMc5JrrdaWksupUCysme7CnSfGSzNUv9RKiRCTFofYPT9tbRn5JzdpQ55v22S6OvmmXUHjST1MOzI8MpVPZCCqd/ZQ1E+gErFiMwjG4sn/xxdPK9/jbQaXMjLklbKtR+C5090Ew2u2kj78jqGk/8COhF1MXh/9qjcG+C51uD1AS9d410kfjPwkaUt4U2KktDMQ942nWywrvIWM0Gt2kgDLYotsy/70q/aTJ8bvaCoWoDOGmpWcyNNBalz4OYYGI2Z0WHrVTs0FpzSk/XeQz0OLkmueoh5GDGd8zrfO6Nf5LWI17aWGRePTpQP5mJIg6jC3j8/QVrthEP6QyIIkZsnfsmvSiMWVfXqEy1BxVlu3T6aLffaj679KCsxY+mx5mTH2hwd4ZdbSI4F0GCIt+WGaFhHs2V3ZQitoEZuraRPEc4HGw== alexander@szczepan.ski" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYEaT0gH9yJM2Al0B+VGXdZB/b2qjZK7n01Weq0TcmQ alex@framework" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN99h5reZdz9+DOyTRh8bPYWO+Dtv7TbkLbMdvi+Beio alex@desktop" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkURF5v9vRyEPhsK80kUgYh1vsS0APL4XyH4F3Fpyic alex@macbook" diff --git a/flake.lock b/flake.lock index 31f1370..57ac6db 100644 --- a/flake.lock +++ b/flake.lock @@ -91,6 +91,22 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1724819573, @@ -113,7 +129,29 @@ "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs-unstable": "nixpkgs-unstable", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1723501126, + "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "owner": "mic92", + "repo": "sops-nix", + "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "type": "github" + }, + "original": { + "owner": "mic92", + "repo": "sops-nix", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index f711f7f..97b49d5 100644 --- a/flake.nix +++ b/flake.nix @@ -5,8 +5,16 @@ # Nixpkgs nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + + #nixos-hardware nixos-hardware.url = "github:nixos/nixos-hardware/master"; + sops-nix = + { + url = "github:mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # Home manager home-manager = { url = "github:nix-community/home-manager/release-24.05"; @@ -21,11 +29,12 @@ outputs = { self - , nixpkgs - , nixpkgs-unstable + , fw-fanctrl , home-manager , nixos-hardware - , fw-fanctrl + , nixpkgs + , nixpkgs-unstable + , sops-nix , ... } @ inputs: let diff --git a/machine/desktop/configuration.nix b/machine/desktop/configuration.nix index 24bc040..ce51000 100755 --- a/machine/desktop/configuration.nix +++ b/machine/desktop/configuration.nix @@ -6,24 +6,11 @@ let in { nixpkgs = { - # You can add overlays here overlays = [ - # Add overlays your own flake exports (from overlays and pkgs dir): outputs.overlays.additions outputs.overlays.modifications outputs.overlays.unstable-packages - - # You can also add overlays exported from other flakes: - # neovim-nightly-overlay.overlays.default - - # Or define it inline, for example: - # (final: prev: { - # hi = final.hello.overrideAttrs (oldAttrs: { - # patches = [ ./change-hello-to-hi.patch ]; - # }); - # }) ]; - # Configure your nixpkgs instance config = { allowUnfree = true; }; @@ -35,16 +22,47 @@ in inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower inputs.nixos-hardware.nixosModules.common-pc-ssd + inputs.sops-nix.nixosModules.sops ../../configs/browser.nix ../../configs/common.nix ../../configs/docker.nix ../../configs/games.nix + ../../configs/develop.nix ../../configs/libvirt.nix ../../configs/plasma.nix ../../configs/user-gui.nix ../../configs/user.nix ]; + sops = { + defaultSopsFile = ../../secrets-desktop.yaml; + validateSopsFiles = true; + age = { + sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + keyFile = "/var/lib/sops-nix/key.txt"; + generateKey = true; + }; + + secrets = { + borg-key = { + sopsFile = ../../secrets-desktop.yaml; + owner = config.users.users.alex.name; + group = config.users.users.alex.group; + }; + + borg-repo = { + sopsFile = ../../secrets-desktop.yaml; + owner = config.users.users.alex.name; + group = config.users.users.alex.group; + }; + + hashedPassword = { + neededForUsers = true; + sopsFile = ../../secrets.yaml; + }; + }; + }; + nix.settings.system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-znver2" ]; boot = { @@ -71,19 +89,6 @@ in networking = { hostName = "desktop"; useDHCP = false; - # wireguard.interfaces = { - # wg0 = { - # ips = [ "10.100.0.2/24" ]; - # privateKey = secrets.wireguard-desktop-private; - # peers = [{ - # publicKey = wireguard.wireguard-vps-public; - # presharedKey = secrets.wireguard-preshared; - # allowedIPs = [ "10.100.0.0/24" ]; - # endpoint = "old.szczepan.ski:51820"; - # persistentKeepalive = 25; - # }]; - # }; - # }; }; time.timeZone = "Europe/Berlin"; @@ -194,12 +199,15 @@ in compression = "auto,zstd"; encryption = { mode = "repokey-blake2"; - passphrase = secrets.borg-key; + # passphrase = secrets.borg-key; + passCommand = "cat ${config.sops.secrets.borg-key.path}"; }; extraCreateArgs = "--checkpoint-interval 600 --exclude-caches"; environment.BORG_RSH = "ssh -i ~/.ssh/id_borg_ed25519"; paths = "/home/alex"; - repo = secrets.borg-repo; + repo = "ssh://u278697-sub2@u278697.your-storagebox.de:23/./borg"; + # repo = secrets.borg-repo; + # repo = (builtins.readFile config.sops.secrets.borg-repo.path); startAt = "daily"; user = "alex"; prune.keep = { diff --git a/machine/vps2.nix b/machine/vps2.nix deleted file mode 100755 index 422e69e..0000000 --- a/machine/vps2.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, lib, pkgs, ... }: -let - secrets = import ../configs/secrets.nix; - be = import ../configs/borg-exclude.nix; - unstable = import { config.allowUnfree = true; }; -in { - imports = - [ /etc/nixos/hardware-configuration.nix ../configs/common-server.nix ]; - - time.timeZone = "Europe/Berlin"; - - networking = { - hostName = "vps2"; # Define your hostname. - useDHCP = false; - interfaces.ens18 = { useDHCP = true; }; - wireguard.interfaces = { - wg0 = { - ips = [ "10.100.0.50/32" ]; - privateKey = secrets.wireguard-vps2-private; - peers = [{ - publicKey = secrets.wireguard-vps-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.0/24" ]; - endpoint = "szczepan.ski:51820"; - persistentKeepalive = 25; - }]; - }; - }; - firewall = { - allowPing = true; - allowedTCPPorts = [ - 80 # web - 443 # web - ]; - allowedUDPPorts = [ - 80 # web - 443 # web - ]; - }; - }; - - environment.systemPackages = with pkgs; [ ]; - - programs = { - mtr.enable = true; - fuse.userAllowOther = true; - }; - - services = { - fail2ban = { - enable = true; - - jails.DEFAULT = '' - bantime = 7d - ''; - - jails.sshd = '' - filter = sshd - maxretry = 4 - action = iptables[name=ssh, port=ssh, protocol=tcp] - enabled = true - ''; - }; - }; - - # Limit stack size to reduce memory usage - systemd.services.fail2ban.serviceConfig.LimitSTACK = 256 * 1024; - - system.stateVersion = "22.11"; -} diff --git a/machine/vps3.nix b/machine/vps3.nix deleted file mode 100755 index 6ada4a6..0000000 --- a/machine/vps3.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, lib, pkgs, ... }: -let - secrets = import ../configs/secrets.nix; - be = import ../configs/borg-exclude.nix; - unstable = import { config.allowUnfree = true; }; -in { - imports = - [ /etc/nixos/hardware-configuration.nix ../configs/common-server.nix ]; - - time.timeZone = "Europe/Berlin"; - - networking = { - hostName = "vps3"; # Define your hostname. - useDHCP = false; - interfaces.ens18 = { useDHCP = true; }; - wireguard.interfaces = { - wg0 = { - ips = [ "10.100.0.100/32" ]; - privateKey = secrets.wireguard-vps3-private; - peers = [ - { - publicKey = secrets.wireguard-vps-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.0/24" ]; - endpoint = "szczepan.ski:51820"; - persistentKeepalive = 25; - } - ]; - }; - }; - firewall = { - allowPing = true; - allowedTCPPorts = [ - 80 # web - 443 # web - ]; - allowedUDPPorts = [ - 80 # web - 443 # web - ]; - }; - }; - - environment.systemPackages = with pkgs; [ ]; - - programs = { - mtr.enable = true; - fuse.userAllowOther = true; - }; - - services = { - fail2ban = { - enable = true; - - jails.DEFAULT = '' - bantime = 7d - ''; - - jails.sshd = '' - filter = sshd - maxretry = 4 - action = iptables[name=ssh, port=ssh, protocol=tcp] - enabled = true - ''; - }; - }; - - # Limit stack size to reduce memory usage - systemd.services.fail2ban.serviceConfig.LimitSTACK = 256 * 1024; - - system.stateVersion = "22.11"; -} diff --git a/secrets-desktop.yaml b/secrets-desktop.yaml new file mode 100644 index 0000000..e27da34 --- /dev/null +++ b/secrets-desktop.yaml @@ -0,0 +1,31 @@ +borg-key: ENC[AES256_GCM,data:PL5Ct5JlVr+4r4u3w2wiO5A01YTFyzjRTVgOhUmOHOyGg/aQYlprW1vCDzszzS2RrDAvy7lzG/cShslxJ1o=,iv:hExGSqd+Il/faH3JJNHi1sY0aJkOQ6OWZrZAJEDH1MI=,tag:CeMtJ3XVH899Tkd7jfbl7A==,type:str] +borg-repo: ENC[AES256_GCM,data:OBt+ugmmAjw+PY6HzDV2wYvsv1gE88IrOodRO593exNdpe1L7zc83hiIFQ7MDjWQKprRbf0/PA==,iv:LTs5ZY/M3Y2wDt71hcCFYn0D8yJborzNHBWb8M7GPFU=,tag:CqhmL8L6ecmjNFI7l0uwXQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gjhlw6vkfers3f76yug3alwupe4jckjhg8ncr8kll5gj5g6wlqtqacqa73 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZUdna3ZSeVhqdmp1aDFK + MnpsZ0ZjWEJ6SHUrT2FYZGNXMEFRbTRHelRRCjZWazNYZ0h5VzlWcGROS09vL0dM + MlBpREZ1blY3Z1hjM09lOHNKRElmSTQKLS0tIG93R2Y1RzFYTkJLcGJXR0RvZFlh + a1ZWVnMxRUwxSTI3RVFmNEpOdUxwaWcKGU2wArag9gjd3AaPS3EXT2zIzRfhgPTS + wuSxnKTk0eb/e+rdHktzcFY5/M1RQuXRUA71HYLL7lYDqSpAGD0Hjg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1m873zl0umr6huvs7ft98t7dg3wqx7skzgdrd6vjzeh8h6kkgdghsy5atvx + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdmVRYUpIQ1ZYMUQzd1RO + cVBucFZ3UDI1Y2JWUW9oQ2g0YWM5RGxTT0JjCmwrTm9hZ3ZlM3NXeDQ5U2NaUC9q + cWMwZEF0MEJxLzhFS1ZaSGFYYno2K00KLS0tIFVqK3VwYzlsejdISzJDN3pjS2tH + S3l5ajdjZlZqeTAwSlFZdkZ4TEFobjgKZk9/EY5qipwthNm+Gt5N8hXHl3rPljfy + xIeKdrHX3DdyoVjLoL9jlhOxiw4NjWo8ljEYeF/gwDj/5tQ5wywP3Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-31T16:13:14Z" + mac: ENC[AES256_GCM,data:nU24oGZPvqD4vq9L4/1MPWGthDVOmZYaqHdvq31ibh2xrzkGPGPk1TYjC0/ir0EDuH3IRdak8VHavi3DOV92LytHP44OwBzwH4QxzmXxnMsHasXzoS+MUkdXqDXdelNtlkeKSYOdxLXgvfu6QsxsxSaEzxfEGwX0ILn2fyw4O5I=,iv:DrFvaEzh54H29fZzUsSwNOgBjJ/Fu3TGHdCx0OPVOTM=,tag:MkTopG5DqNbWE6PGuFaVuw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/secrets.yaml b/secrets.yaml new file mode 100644 index 0000000..2e86e3f --- /dev/null +++ b/secrets.yaml @@ -0,0 +1,30 @@ +hashedPassword: ENC[AES256_GCM,data:tmX8RzNMGF9IUSsFYsvy9REd0XtwQ4Xursl0OFijGuwY3X5iKlYGxLNXUF1l+n7NWeLmaOTOLE9YVofm07EHiJCTlMTCGLxpq8/o8b/y5Kq7k/fdMkdZK1mUX4xKWFYPpdP7K9Vua3STWQ==,iv:iVKiyKpGx7qfQ7KerfDXv+52XWI2jenbXuuebhNE+40=,tag:hkwP5TmVDHiqQoyR9qUxmg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gjhlw6vkfers3f76yug3alwupe4jckjhg8ncr8kll5gj5g6wlqtqacqa73 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTmFyZjFIbGdaeXdQanFH + SkpBQ1ZYQTBCUDZNdWM4OG16WjFkN3ZieDB3Cjl3WWo3d2p6TEVIdi8yMGg0dk82 + NHR2UzRnK2lBSUJrTnhyRHpoVDZNNDgKLS0tIDNWQThOeGdBM0VvbGc2N3A2RnZ1 + WVd3KzQvMExLeVhQZFd1RXBhTTYwQ1EKyvPeEUQ4ItxZ84/2cS2f4ZrZfpjgJL/M + 63y1PKvqK69WD3x6OnDEQ93sgAm7XPsZ2esWu0xMghWiSfB1yf0n1Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1m873zl0umr6huvs7ft98t7dg3wqx7skzgdrd6vjzeh8h6kkgdghsy5atvx + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuM012blVQTUNZY0t3dk9T + Y0d6OWpoRXNGdG93Z0dvK0NLVGhiMUVaMkNvCmRxeG9nUER1L29ueU1DY2d4cFk2 + Uk1UNEdGRlA0U1hrcmxDNFBWZTVWdGsKLS0tIEVFVWhBZHZlQWx2ak9iLy9FWEFV + NmVEbkNxZlVVUVprNVZrRjVQQXRPSHMKp6CrhQJJlw/pm+NfjlO+TFtGfgTEoyYu + VuxhS4xsyEtPqVbNjlEmu3qnvmefuoE9XAE5+HoJWngeKUWBc7i0Lg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-31T15:55:06Z" + mac: ENC[AES256_GCM,data:KQraWMxoXkcrEHCG6R+M31qRCGMwXekA9hIgyULXLaCjkHHJ1JRovgMD0ujTgZVseLipXBCXzH2RJvErNDhozXyrSEpzU0hBb50c0BCD3yaSPojTFCHDGIt/9qi4YHVnOHBP7jVxrFSGk84TNgMqO16dUNsMu6faEYX8CpkHoZM=,iv:ci/kWQCWuV98YdCtgKqQCOgsfAup/pG4smoWvFXRWX4=,tag:2ivvnVo0+ft3BIts3axMGw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0