From 12f53416b8591fd9ee9569b40796f355c83f3ce7 Mon Sep 17 00:00:00 2001 From: Dylan Date: Tue, 16 Sep 2025 22:10:50 +1200 Subject: feat: added wireguard to server and client --- computers/nixnode.nix | 171 ++++++++++++++++++++++++++++++++++++++++++++++++ computers/nixy.nix | 75 ++++++++++++++++----- computers/server.nix | 169 ----------------------------------------------- flake.nix | 6 +- hardware-setups/tuf.nix | 1 + secrets/general.yaml | 31 +++++++++ secrets/test.yaml | 35 ---------- 7 files changed, 265 insertions(+), 223 deletions(-) create mode 100644 computers/nixnode.nix delete mode 100644 computers/server.nix create mode 100644 secrets/general.yaml delete mode 100644 secrets/test.yaml diff --git a/computers/nixnode.nix b/computers/nixnode.nix new file mode 100644 index 0000000..baeadcb --- /dev/null +++ b/computers/nixnode.nix @@ -0,0 +1,171 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, inputs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../modules/nix.nix + inputs.STK.nixosModules.default + inputs.sops.nixosModules.sops + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + security.sudo.wheelNeedsPassword = false; + + sops.defaultSopsFile = ../secrets/general.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/boss/.config/sops/age/keys.txt"; + + sops.secrets = { + #"wg/nixy/pub" = { }; + "wg/nixnode/priv" = { }; + }; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 51820 ]; + }; + + # Wireguard + networking = { + nat = { + enable = true; + externalInterface = "eth0"; + internalInterfaces = [ "wg0" ]; + }; + + wireguard.interfaces.wg0 = { + ips = [ "10.100.0.1/24" ]; + listenPort = 51820; + + postSetup = '' +${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE +''; + postShutdown = '' +${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE +''; + + privateKeyFile = config.sops.secrets."wg/nixnode/priv".path; + + peers = [ + { + name = "nixy"; + publicKey = "FMkFU9k+YeCvj48+WDVglySgoncbITqkS//o2e+TClY="; + allowedIPs = [ "10.100.0.2/32" ]; + } + ]; + }; + }; + + services.httpd = { + enable = true; + virtualHosts."172.105.172.191" = { + documentRoot = "/srv/httpd"; + }; + }; + + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + settings.PasswordAuthentication = false; + }; + + services.superTuxKarts = { + enable = true; + port = 2757; + serverOptions = { + server-name = "LUG STK server"; + server-mode = 0; + server-difficulty = 3; + private-server-password = "lug@uoa"; + motd = "Server for LUG@UoA\nChampionship coming soon!"; + }; + }; + + users.users.boss = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user. + home = "/home/boss"; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOukEKExoF6vr3vciQN8pBdd4FtZtRzqIGFJrUvllOY boss@nixy" ]; + }; + + environment.systemPackages = with pkgs; [ + vim + emacs + inetutils + mtr + sysstat + git + ]; + + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + networking.usePredictableInterfaceNames = false; + networking.useDHCP = false; + networking.interfaces.eth0.useDHCP = true; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? + +} diff --git a/computers/nixy.nix b/computers/nixy.nix index e7b7fbe..fd79b47 100644 --- a/computers/nixy.nix +++ b/computers/nixy.nix @@ -5,11 +5,11 @@ { config, pkgs, inputs, ... }: { imports = - [ # Include the results of the hardware scan. - ../hardware-setups/tuf.nix + [ ../modules/nix.nix ../modules/nvidia.nix inputs.YATwm.nixosModules.default + inputs.sops.nixosModules.sops #inputs.spicetify-nix.nixosModules.default ]; @@ -31,29 +31,69 @@ # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + sops.defaultSopsFile = ../secrets/general.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/boss/.config/sops/age/keys.txt"; + + sops.secrets = { + #"wg/nixnode/pub" = { }; + "wg/nixy/priv" = { + restartUnits = [ "nm-file-secret-agent.service" ]; + group = "networkmanager"; + mode = "440"; + }; + }; + networking.firewall = { allowedUDPPorts = [ 51820 ]; }; - networking.wireguard.enable = false; - networking.wireguard.interfaces.wg0 = { - ips = [ "10.200.200.2/32" ]; - listenPort = 51820; - - privateKeyFile = "/home/boss/.wg/peer_A.key"; - - peers = [ + networking.networkmanager.ensureProfiles = { + profiles = { + wg-nixnode = { + connection = { + id = "wg-nixnode"; + autoconnect = "false"; + interface-name = "wg0"; + type = "wireguard"; + }; + ipv4 = { + address1 = "10.100.0.2/32"; + may-fail = "false"; + method = "manual"; + }; + ipv6 = { + method = "disabled"; + }; + wireguard = { + listen-port = "51820"; + private-key-flags = 1; + #private-key = "dummy"; + }; + proxy = { }; + "wireguard-peer./6bWy02DhOSjaeXk+ol5ATgEYDDJvL+mTO9SCNvfIUQ=" = { + allowed-ips = "0.0.0.0/0;"; + endpoint = "172.105.172.191:51820"; + persistent-keepalive = "25"; + }; + }; + }; + secrets.entries = [ { - publicKey = "wQSg97FyVqWqkwMbmq1SLolf/MWlt9tIJuE5vKyDiRI="; - - allowedIPs = [ "0.0.0.0/0" ]; - - endpoint = "139.144.99.248:51820"; - - persistentKeepalive = 25; + matchId = "wg-nixnode"; + matchType = "wireguard"; + matchSetting = "wireguard"; + key = "private-key"; + file = config.sops.secrets."wg/nixy/priv".path; } ]; }; + systemd.services."nm-file-secret-agent" = { + serviceConfig.User = "boss"; + }; + + # Set your time zone. time.timeZone = "NZ"; @@ -167,6 +207,7 @@ neofetch pinentry-gtk2 git + nm-file-secret-agent ]; documentation.dev.enable = true; diff --git a/computers/server.nix b/computers/server.nix deleted file mode 100644 index 4e66375..0000000 --- a/computers/server.nix +++ /dev/null @@ -1,169 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ config, lib, pkgs, inputs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ../hardware-setups/linode.nix - ../modules/nix.nix - inputs.STK.nixosModules.default - inputs.sops.nixosModules.sops - ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - # networking.hostName = "nixos"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - security.sudo.wheelNeedsPassword = false; - - sops.defaultSopsFile = ../secrets/test.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/boss/.config/sops/age/keys.txt"; - - sops.secrets = { - test-value = {}; - }; - - services.httpd = { - enable = false; - virtualHosts."172.105.172.191" = { - documentRoot = "/srv/httpd"; - }; - }; - - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # services.pulseaudio.enable = true; - # OR - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.boss = { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user. - home = "/home/boss"; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOukEKExoF6vr3vciQN8pBdd4FtZtRzqIGFJrUvllOY boss@nixy" ]; - }; - - # programs.firefox.enable = true; - - # List packages installed in system profile. - # You can use https://search.nixos.org/ to find more packages (and options). - environment.systemPackages = with pkgs; [ - vim - emacs - inetutils - mtr - sysstat - git - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - settings.PasswordAuthentication = false; - }; - - services.superTuxKarts = { - enable = true; - port = 2757; - serverOptions = { - server-name = "LUG STK server"; - server-mode = 0; - server-difficulty = 3; - private-server-password = "lug@uoa"; - motd = "Server for LUG@UoA\nChampionship coming soon!"; - }; - }; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - networking.usePredictableInterfaceNames = false; - networking.useDHCP = false; - networking.interfaces.eth0.useDHCP = true; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "25.05"; # Did you read the comment? - -} diff --git a/flake.nix b/flake.nix index 58b6397..6ec3d21 100644 --- a/flake.nix +++ b/flake.nix @@ -62,7 +62,8 @@ specialArgs = {inherit inputs;}; modules = [ (import ./my-pkgs) - + + ./hardware-setups/tuf.nix ./computers/nixy.nix inputs.home-manager.nixosModules.home-manager @@ -81,7 +82,8 @@ system = "x86_64-linux"; specialArgs = {inherit inputs;}; modules = [ - ./computers/server.nix + ./hardware-setups/linode.nix + ./computers/nixnode.nix ]; }; }; diff --git a/hardware-setups/tuf.nix b/hardware-setups/tuf.nix index a400a7d..0b0e135 100644 --- a/hardware-setups/tuf.nix +++ b/hardware-setups/tuf.nix @@ -25,6 +25,7 @@ fileSystems."/home" = { device = "/dev/disk/by-uuid/9ef8fad1-08cb-4c7a-9db1-3a37097544b0"; fsType = "ext4"; + neededForBoot = true; }; fileSystems."/boot" = diff --git a/secrets/general.yaml b/secrets/general.yaml new file mode 100644 index 0000000..d39a976 --- /dev/null +++ b/secrets/general.yaml @@ -0,0 +1,31 @@ +wg: + nixy: + pub: ENC[AES256_GCM,data:mducYruWaQvslfyQR9fsv1huaqJXLqqhreqwNHSGbfyjO/QnSvQSihY24SA=,iv:l1XqtCU1xZ2wjwcz7230BZz5Ik+3GUvIZ/pPgxs9UQ8=,tag:7BuMG3O3Xl3f0+XRX9lneA==,type:str] + priv: ENC[AES256_GCM,data:4GcN2WtwSRjur6NAwyQOdUUH+KEWH7w9zmmL2P7P+krC2aMIuMjkJYS4XEc=,iv:QbeD+hB7NK2yAKCNkV88KrRGocaPpZlkA0z/j/iDke8=,tag:zR3D/hmClAdDCMLocxsvLg==,type:str] + nixnode: + pub: ENC[AES256_GCM,data:BBc/KL60kv3uFDT3GwyxuRkvdAUA1tG+9XC0ib2loiaEtPeztob37JwZgTM=,iv:dBw+5jYZ7sGyoOlJtmiDBo+sZquasMq8+z6H9hQMHSA=,tag:qClUQ0CeTcJc+OJoxfe4tw==,type:str] + priv: ENC[AES256_GCM,data:ZvdDkGiMTVcQiP6sVbRu+tNL864zhsKsRFyCcFMo/pTM35us8gPm1j4T2Do=,iv:jtHCfnSuyH+srlNCTqyfM0Fc0HBt55Z1nO4yhqVKUzY=,tag:aQIq8iYjYq7HKKnk1YjSYQ==,type:str] +sops: + age: + - recipient: age1p3sw8q030a7zgawu4ccxm6sgsp88349nuxkd4kale0ruy9klypssdh7c9s + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RGYrTko0RFc1b0I4MXVB + TWs2OFlKN1lVSFpjSHJ5SXJpclg0ek5FeWpjCjliam5WdmhOWlIycHhzU0hIRTlR + R2JnOGdmNnAyWFNnVG9mYlhQM2NRcWMKLS0tIFYvbnZMWjRidnFsNU5wbUNzRzVL + MEJEY2RnT1l2YStqbUtoYWNqUEEzdzAKdVEYFyBIYx5cSdg23GS8uFDPpjn3CZSp + SRnXsAvHrtZUPB2rX3KRlB4gCup/RmyHaQQPj6uJ59WyU5R1ZAfCsQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1g7tzey3t2jmd79kaeukn89lgxg07tpq23w0u30lgq5z37xku0vwqcregzd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNjJVd2RYNi85UXRmWWt0 + NkNpbWZ2d1N3eStaelpVeWtEM29qVkdzcnlFCks4S04zMG5VS0ltbXA5WXR0Mklz + c1pPaDR5elhEaFYvV0k1L0w0d2JBMk0KLS0tIGsxSGx6dE9qaUoxZENPNnlXVGZj + RU9OZlIyTzRzSmVUVkhCQWpwUHFEekEKGv24Ilg2BYWTX9wAmXn8mA0E9CZP7xvf + FOnUh9TQH7evO9n76w/xG9y/vDYJ1i9ljEO7ljGtEtIlGgKRx4xLjA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-09-16T06:21:44Z" + mac: ENC[AES256_GCM,data:IdMkWzNzfj1osTGPP/keTGRX4ZmnLDL1xdnvlWV4IZNwaaWAp3ve7PdWX+ZP9B4kbiI3+3JRS/7OihhJDtwFWLeZf7E8Ps04gbCzNb5r861eDvpVJNWxgruE7SA5ZcT4t18nUz/PRjZTqZctB+0Vps8SLH2gKx0+VJQ8umtD9nQ=,iv:WEUyAmr30HRIW4mSK3yQqBLeJdQMgCS93IhFR/1wQ/k=,tag:TDtw/5kGve/5i/rZQOzMaw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/secrets/test.yaml b/secrets/test.yaml deleted file mode 100644 index 642eefb..0000000 --- a/secrets/test.yaml +++ /dev/null @@ -1,35 +0,0 @@ -hello: ENC[AES256_GCM,data:+/HfdCFoRsNydVWi5fGbtPShVi/XKnyx5LZiFkp7D6WGPkG4yEVpOiXsC2wAHQ==,iv:Y/vcsF+qFMvDfNA1vTymu3ToMVIYHP2OW22WKU6GOWM=,tag:0slxbzpbGac3uL0kqR5+lQ==,type:str] -example_key: ENC[AES256_GCM,data:EbXQZk7OkrK+83omfg==,iv:+Nn42ROgLy3LE0oEbx8QbuT7Hlujzu7Iz9Stu1pO+o4=,tag:Xek6+n2ZCs1uwVItvFdguQ==,type:str] -#ENC[AES256_GCM,data:T4zHJT8qQUWXnXbxULy97A==,iv:UOC0JThZIE5QaNBpuEd3AsZ8C/ztXN04aa42HuWA5MM=,tag:cWP9iincPkR/EaMrzH/IxQ==,type:comment] -example_array: - - ENC[AES256_GCM,data:bwA20gQpwNoLdN9q2eg=,iv:pkaMt+6AEKfZNRwIfaoRnrk6lqyYHVp9jq9nXgKnDdM=,tag:N4RLJ06fpvCJBZoowBMQQA==,type:str] - - ENC[AES256_GCM,data:a8etS77qQhrrpZuJzzQ=,iv:vHWFkqzJAdgRDCwrzDzNjU/UtM71QgFcsz9gVXoMP0k=,tag:tZZB3ieUXFP/WWegyXTQ1w==,type:str] -example_number: ENC[AES256_GCM,data:UE2bIlOI3WTZVg==,iv:j18MAwIC4Zf26HscNOoEbbc5IjhrsDx+hj7Re36JOrU=,tag:5s/918XsYuQJzqtP63/bvQ==,type:float] -example_booleans: - - ENC[AES256_GCM,data:oYjGew==,iv:3n5b4dxrYB5Oa5MTkUHQIDX+fFCI31c8RFFeWKcD+rE=,tag:VvfWpx7obTnR2bqlHNLKsg==,type:bool] - - ENC[AES256_GCM,data:CDBenE0=,iv:G5p3Q2Y7kcI27Oey3NUAd8hX7vomrZN+bJrr/IezuaQ=,tag:bQJEziJF/NrOerpdSQ3XcA==,type:bool] -test-value: ENC[AES256_GCM,data:hd+HuQ==,iv:OUo3H+2dcDYq2RNPVGRIOPW0oMSwCCEroFr/CR5oIao=,tag:HWW0+kIcujMyLrsy7K4l8Q==,type:str] -sops: - age: - - recipient: age1p3sw8q030a7zgawu4ccxm6sgsp88349nuxkd4kale0ruy9klypssdh7c9s - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjOGlrYjdvWSttMlRadThB - S0JvZXo5SStVMEtpMnl5SVo1cllHNlNqZWhJCi81eVk3Z1dINTJ1aWxkNHEzUzVX - aVVoOVQ1bVd6eEdqL2RKcXZ5MlJPdjQKLS0tIHkwZEZhRFBwS0pMNmVCdEZNcDhI - Skk1YlZpQUppN1FsbXVoc3BVUTFiSVEKyuw+u2ZkGb+4n0oLdn7IPwE8kXZmByEk - 1JPZOWtOeoHMDOlkKNw98JEW9TQAdlnO0riKHFNHpQ80mhzjeE7YXw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1g7tzey3t2jmd79kaeukn89lgxg07tpq23w0u30lgq5z37xku0vwqcregzd - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVE1MdUR2SkE1VHlkSDNW - VE5Nb1VVdkE3WTRBK29PeHN6UGJsWnFKVHpzCm1XVHZFM2V1WHJJNnRGRTBVbFFk - ZERCWmJYR0sreEpvelIzaHZqYktKbkkKLS0tIEpEN29jeVNBZXdzYUh3M1VwQkdK - ZFlBZllvWFhGdEtIVlNqZ3dnM0hkWTAKIniBn7mPe+rLJE5Pce6bIW2AjeDdVkPh - tMybfEWdIwkYdqJ3yTcW/WlxX5Vel702V8wD7vUr44BCPbCAPQyvgQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-16T04:34:31Z" - mac: ENC[AES256_GCM,data:qHK/wyZSzufZlBmhY7pGMfi8C1wyhBB0o3oVm22ouhDxIdC26Cbhy1mMgw+Uu3ej4eiyh/CihqMd6BAx/apgdmFZoc579/M0O/FoKoCQPr7KjaPD/z23Xclb9G82ep5U5tRcg9lKnRVugKhTZD2eK7Z4/vU25M8k8B53zkmKnz8=,iv:qZDsnbrY7purFEmfPtD8Bee6dA3FtO+hqfoYDBa3LFs=,tag:LXORKqvIayN7hAHVf8BYhg==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 -- cgit v1.2.3