From eac4b42dad00d44e47d22c54dd7b1f8554ab1c17 Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Fri, 15 Nov 2024 04:46:33 +0100 Subject: [PATCH] inner/outer tailscale --- .sops.yaml | 17 +++++ flake.nix | 21 +++--- profiles/tailscale-exit-node.nix | 3 +- .../{tailscale.nix => tailscale-inner.nix} | 4 +- profiles/tailscale-outer.nix | 13 ++++ secrets/common.yaml | 5 +- secrets/tailscale-inner.yaml | 57 ++++++++++++++++ secrets/tailscale-outer.yaml | 66 +++++++++++++++++++ 8 files changed, 170 insertions(+), 16 deletions(-) rename profiles/{tailscale.nix => tailscale-inner.nix} (74%) create mode 100644 profiles/tailscale-outer.nix create mode 100644 secrets/tailscale-inner.yaml create mode 100644 secrets/tailscale-outer.yaml diff --git a/.sops.yaml b/.sops.yaml index 3ce6a9b..6856bc4 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -46,6 +46,23 @@ creation_rules: - *host_garp - *host_eple - *host_brumle + - path_regex: secrets/tailscale-inner.yaml$ + key_groups: + - age: + - *user_pbsds_sopp + - *user_pbsds_nord + - *user_pbsds_bjarte + - *host_nox + - *host_eple + - path_regex: secrets/tailscale-outer.yaml$ + key_groups: + - age: + - *user_pbsds_sopp + - *user_pbsds_nord + - *user_pbsds_bjarte + - *host_brumle + - *host_bolle + - *host_garp # home-manager - path_regex: secrets/user-pbsds.yaml$ key_groups: diff --git a/flake.nix b/flake.nix index 35f72db..1a590e9 100644 --- a/flake.nix +++ b/flake.nix @@ -261,7 +261,8 @@ hidpi = ls [ hw.common-hidpi ./profiles/hidpi.nix ]; p1005 = ./hardware/printer/hp-laserjet-p1005.nix; au = ./profiles/auto-upgrade.nix; - ts = ./profiles/tailscale.nix; + tsi = ./profiles/tailscale-inner.nix; + tso = ./profiles/tailscale-outer.nix; tse = ./profiles/tailscale-exit-node.nix; #rb = ./profiles/known-hosts.nix; # TODO nixld = ./profiles/nix-ld.nix; @@ -274,15 +275,15 @@ in builtins.mapAttrs (hostname: curried: curried hostname) { #hostname "domain" "system" inputs "state" [ modules ... ] asgaut = mk "pbsds.net" "riscv64-linux" inputs-2405 "24.05" [ hw.starfive-visionfive-2 ]; - noximilien = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au tse intel ]; - brumlebasse = mk "pbsds.net" "x86_64-linux" inputs-2405 "24.05" [ au amd nspawn ]; - nord = mk "pbsds.net" "x86_64-linux" inputs-2405 "24.05" [ au ts intel-novga hw.common-gpu-intel-sandy-bridge rocm hidpi ]; - sopp = mk "pbsds.net" "x86_64-linux" inputs-2405 "24.05" [ au ts nixld intel cuda p1005 ]; - bjarte = mk "pbsds.net" "x86_64-linux" inputs-2405 "24.05" [ ts nixld intel hw.lenovo-thinkpad-x1-7th-gen ]; - bolle = mk "pbsds.net" "x86_64-linux" inputs-2405 "24.05" [ au dns64 intel ]; - eple = mk "pbsds.net" "x86_64-linux" inputs-2405 "24.05" [ au tse dns64 intel rocm ]; - garp = mk "pbsds.net" "x86_64-linux" inputs-edge "24.05" [ au dns64 intel-novga cuda ]; - hasselknippe= mk "pbsds.net" "aarch64-linux" inputs-2405 "24.05" [ ts hw.pine64-pinebook-pro ]; + noximilien = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au tsi tse intel ]; + brumlebasse = mk "pbsds.net" "x86_64-linux" inputs-2405 "24.05" [ au amd nspawn ]; + nord = mk "pbsds.net" "x86_64-linux" inputs-2405 "24.05" [ au tsi intel-novga hw.common-gpu-intel-sandy-bridge rocm hidpi ]; + sopp = mk "pbsds.net" "x86_64-linux" inputs-2405 "24.05" [ au tsi nixld intel cuda p1005 ]; + bjarte = mk "pbsds.net" "x86_64-linux" inputs-2405 "24.05" [ tsi nixld intel hw.lenovo-thinkpad-x1-7th-gen ]; + bolle = mk "pbsds.net" "x86_64-linux" inputs-2405 "24.05" [ au tso dns64 intel ]; + eple = mk "pbsds.net" "x86_64-linux" inputs-2405 "24.05" [ au tsi tse dns64 intel rocm ]; + garp = mk "pbsds.net" "x86_64-linux" inputs-edge "24.05" [ au tso dns64 intel-novga cuda ]; + hasselknippe= mk "pbsds.net" "aarch64-linux" inputs-2405 "24.05" [ tsi hw.pine64-pinebook-pro ]; #gomperud smattkuken skrytebiffen skalkesnerken balleby bingus skjrlaltatjlstad #bergjlot snortheimsmoen ditlefsen skrukkerud podebusk zmaragd makrell alfnes blix urke pytte uddu imdorf rosenqvist }; diff --git a/profiles/tailscale-exit-node.nix b/profiles/tailscale-exit-node.nix index 0a914c8..b63193c 100644 --- a/profiles/tailscale-exit-node.nix +++ b/profiles/tailscale-exit-node.nix @@ -3,7 +3,7 @@ { # exit nodes must be approved in admin interface # https://login.tailscale.com/admin/machines - imports = [ ./tailscale.nix ]; + /* imports = [ ./tailscale-inner.nix ]; */ # if host is _upgraded_ to exit node, reload with # sudo systemctl start tailscaled-autoconnect @@ -11,4 +11,5 @@ # sudo systemctl start tailscaled-set services.tailscale.useRoutingFeatures = "both"; services.tailscale.extraSetFlags = [ "--advertise-exit-node" ]; + services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; } diff --git a/profiles/tailscale.nix b/profiles/tailscale-inner.nix similarity index 74% rename from profiles/tailscale.nix rename to profiles/tailscale-inner.nix index 168a282..27b510a 100644 --- a/profiles/tailscale.nix +++ b/profiles/tailscale-inner.nix @@ -8,6 +8,6 @@ services.tailscale.enable = true; # https://tailscale.com/kb/1085/auth-keys - services.tailscale.authKeyFile = config.sops.secrets.tailscale-authkey.path; # also enables autoconnect - sops.secrets.tailscale-authkey = {}; + services.tailscale.authKeyFile = config.sops.secrets.tailscale-authkey-inner.path; # also enables autoconnect + sops.secrets.tailscale-authkey-inner.sopsFile = ../secrets/tailscale-inner.yaml; } diff --git a/profiles/tailscale-outer.nix b/profiles/tailscale-outer.nix new file mode 100644 index 0000000..5a2f37a --- /dev/null +++ b/profiles/tailscale-outer.nix @@ -0,0 +1,13 @@ +{ config, ... }: + +# DERP is a relay system that Tailscale uses when a direct connection cannot be established. +# https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp + +{ + # https://login.tailscale.com/admin/machines + + services.tailscale.enable = true; + # https://tailscale.com/kb/1085/auth-keys + services.tailscale.authKeyFile = config.sops.secrets.tailscale-authkey-outer.path; # also enables autoconnect + sops.secrets.tailscale-authkey-outer.sopsFile = ../secrets/tailscale-outer.yaml; +} diff --git a/secrets/common.yaml b/secrets/common.yaml index 2e03075..3e2d212 100644 --- a/secrets/common.yaml +++ b/secrets/common.yaml @@ -4,7 +4,6 @@ nix-community-builders-ssh-key: ENC[AES256_GCM,data:9QNhqQS/6Cu7VMUoWEWkpDCMPu7d pbsbot-gh-token: ENC[AES256_GCM,data:iPTIei8KLfHKeGey08CfSsyuTufvxO4WHG9qE1TqmWHv5/vqW8YyGQ==,iv:JOKI1aFsnqPFkkkZuCmcIFZAbXe7kANt3QEuD+3GyWs=,tag:quwvq3FBiXE1GrzzdWVQww==,type:str] nix-access-tokens: ENC[AES256_GCM,data:WAQNm+cUpH/SOg8xts6HPkEDL2dMbfqlVW9Le1vNqtzFTHDZHtq7obhBdHFGK5kSJBGVfmgf+UHj,iv:RSVCl+QCIpYpveexeOJehDP4nYpN5UK/y8YWEQ4LYUo=,tag:FMDjrXZFA1Z2z8G0Ca5wMw==,type:str] nix-access-tokens-all: ENC[AES256_GCM,data:/LahnHXSg5Le4OS6DKA/ep1yfj2nvo6Zof28LxlS1JUEBQprJ+buJ0HFh+gYOXJLcWvBTenrirG5FoMrVxH0iSaRvLvwcoSErrG2IUOdojJ0KqRFfiVAUL9ig2PnGyuPjGTMYIhQW3Uv5x46YvEAZF0G+TuNMOgAOttcUFcJycZTu9lga4SW0kWzMHakiA6lqANjEoZA+aIHUlygEBwP4han8FwKrgEG0d3CFYGv3SDxTBvSSGyVvg==,iv:+Q4KL3il21LfkDzOEo5+E4RUy+xOWe4dix4YN1Js6BM=,tag:rRONDVUjUoLP6FvzsvCDjA==,type:str] -tailscale-authkey: ENC[AES256_GCM,data:RieWRv30MUPSnHu2w8QCGgyaccmK/DAnGxLe+Y+F0fpTcnZowyGUFiJnWzlegyam237TOxlNCPiAwalaAgs=,iv:bPYYskc0fsQaPCNcNWwWzFMnGiU6oD58DDEex0wVdTA=,tag:kPqJGuv8uiazscfDQZoVJQ==,type:str] sops: kms: [] gcp_kms: [] @@ -110,8 +109,8 @@ sops: SklPV3NUSkxwSk1rWHg5N2tiN0xHeVkKhUqu6rVayVeGi00YMRXF1npO7j9oXySX rxVQgH6hYlLbeCIW4T6cP2eCbchWDi3Pear1DVknwEDa+DhHey7Bmg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-19T23:56:40Z" - mac: ENC[AES256_GCM,data:OGiBtwuQ278lID1Zn2jFwTHP8l4K1M/ig0ViAFMLKn0q3H6SilMfaVDwpKEwaNdIX7eg1EMcPUmjcKZ38+Vqz2dE7D6EzFq5AAcPEJ6xvlSv5NPgJ/wZezJep15hWfDS/kviC9+IVuXJYGxv76ZkULao9qePOTtNxX6JHbVxdC8=,iv:1aotwerQTCZA2L3t+Mc/TSDoChk1qAnFYnsBtDpiRVY=,tag:/9oAX6VaeEk5tY6UZrRaew==,type:str] + lastmodified: "2024-11-15T03:47:00Z" + mac: ENC[AES256_GCM,data:gPMSsxpXOryqdFM56+QW4SBy901AZyNGxuSxhPrtjVqodj/swtKjjcBJ92afwcf+pcgE3A3nS5pqNyHJNMFAhnXRBH3evBxgi2ZVVeMe2qoxSVvmlykxJCK+bahroOWuUwgqu1o47/7tTFJIUSPBb92B1S6qY1YoptMDwqgqZ5Y=,iv:WcEKsKK98vwtCVKebQQ9APjmaILzN5pE7oUHoTT0XD4=,tag:1YGbRM+XbHjLEA/mO5yEXw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/secrets/tailscale-inner.yaml b/secrets/tailscale-inner.yaml new file mode 100644 index 0000000..e196866 --- /dev/null +++ b/secrets/tailscale-inner.yaml @@ -0,0 +1,57 @@ +tailscale-authkey-inner: ENC[AES256_GCM,data:B3W8jw4Naeq3rFfcyvLTnlDS/rKv+gi0CxgSRTvxe+uAMPtsctDVQABb/f9jtkK6YSbt79oR3H7DcMArD+c=,iv:tBYdHAviG2qLlQr+C38eOw5gawt3TK7lAycuTqlfa3Y=,tag:7Y/JjX/BJAvPMvZL6GQyvg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmV2RkYVRnRVJuTjNsWk5x + ODkxYjI4ZnhkUDhhajUxZWpObEt4MElsOHo0ClA4VDRCa05uNzVaVGlpdUZBU2NS + amJBRjRCTDNKcC9BZU5DeHBxbjBLQU0KLS0tIDhiU3p3aE1nUHo5SG1FdnMyeHlx + UTdxMXgxdUFpM3FuZ2pXZys4aFVoYjQKfUAI3PUEx9mRoGRiCTk57Kf7wTVYFC2p + 1QfppwztKMOrISQiuExj/n369zoPrtOXjhbjWGoQ4xwUY05VVEnL0w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzZ0h1bG1xRWtpZVNYT25z + WW94TE5NcmlPL1ZQWldhbkJTcnpHc3Qvb0dVCkZrbTNHUDMwWW52M2lrQ3FoYjNR + K01nU3lyWExlV1N6cUIyR0ovNncybFkKLS0tIC9jd3pDUkoxeVIxR05JZUxoNUJQ + SHJnNmE2cGFZZHl3S3l2dGZDU2NQclkKqi5jR8zAMeTZ3F+ZxLplmrMcPF0naScf + JIVmjb7klyFzNk+1rwSZhzTC5IROhn9u+mt3hey1D+u5R2nWlQ+lug== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLV3NIYVprL2VJUWpEYnhx + L0VnbmszRjMxRy94MThZM2lrS2hCQyt1dEVVCm1lL0s4cUhWNDBNRllYdVRSUFJa + STdNM0oxNlUyMU51bVVHaUhBdWhXd1EKLS0tIElYemlkc290OTd0a0cwOWpXb3M4 + R3JYb2o5SVZuS1lFVlhyRW1GS1Y5ekUKZT1Eb4d7s/7ejbzpeA5DtYOsMaDwBkUp + zn09tcl8cy+KnHXN7ZBahVDnloxrH/WzQ2iQANMOwAGeTw9MkcUENw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zh3nmy2a7s2v7g9t7zg56p8sjqwmvqv5s7dn2v22x5nxyl5wfdcsaf5tw7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBacVExWE1lTklPd1ZGV3F2 + dkZsMStPSGNhUWhla1JjcXVOOHRzeWtSREhnClIyYmpZUmpCc3VHSUpYZE1zQmNL + U3RUZG50aEhHeWJQZEpHRWk0U0VQM1kKLS0tIEFNcmZmYlVIL25NbkF1UlJwNm9j + cS9rYWRucDZ0bGY3MjlvemRuSkZqdVkKY7OnDWZX0Upxnj7O0HZljNqDXkxypYrU + eY9GCsKei/QuceNuF757fCau+nJWZ/NLb8saxyLEP/A6CQ2ya9W6kg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1fha09v5edg88ys45a0u3tpjqfyl29fsy9xaz8xxfy60zjhmas5psfdxynp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIQ2FIWTlhZ3hIN091dzBF + UXRFWktic3NueU5wUlZLLzVoSVpvREowS0NrCkpFazN0NGR4a1NqUndTTHNNYnk3 + N0dwZXFkU25xTjRFb2tGamlZZEM5N3cKLS0tIEo0NkMwbGxORmw2TGhHTjUyckJ0 + cHd2U01wVnUyU1ZnbHkxS3I5OHJPMGMK21XgI6nYaEo0sONvbaZqiFiS5hufduGe + ThxL66GALQbiRLCm5OxowIWBmGdh+Rla4lZUrbmYdP0aqKkQppydIg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-15T03:32:22Z" + mac: ENC[AES256_GCM,data:HgVNUsuwZVmZDHF1ml+Js+zfvK/kNP+0n28otHwOJYbRkXeQ9JDZZtJpHnVfWrEv0ILT/S8NkIrxx+A5D/S/6m3yEv+/cW7+/azAGBGvA1vFVIVQdxYx8bi6QY/bPau5AI+VVnSV+kKvxYZFStO5sRK1a923PNzPuq25E8yMjf4=,iv:SMH8jGPYOQJGJ9bIokcmJDjiKO9+lPxkkQNlzu+qg2Q=,tag:6a2YDzSt5nkDd0IMyencXA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/secrets/tailscale-outer.yaml b/secrets/tailscale-outer.yaml new file mode 100644 index 0000000..0cad9c3 --- /dev/null +++ b/secrets/tailscale-outer.yaml @@ -0,0 +1,66 @@ +tailscale-authkey-outer: ENC[AES256_GCM,data:cnTDTT935/ZLo3E3xL4J+d27900W1WYfJObOtTaSuqRKBcdVied/QuD5NxUhcjtp2R1oK8WUyyCvdAiAa/I=,iv:+bTpR+mQJ3DUc9sNpIghzLjKnO83pZP/y1PiIMuSG88=,tag:TM/FwlYhZMsGk3wxRynUuA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTkd0QmJDOVlCaEdGVXFz + SlpwcEY3ZlVtczlJbXRTdktuK1hvNzR5Y1NzCndGMCs4ZU5KYkJzZitUTFd2MjE5 + Q0lLQ3pqOFdBSGF3aEwyZU1Ga3JHbVUKLS0tIENDYU9BM2s0N21rVGhJMGppSkU4 + b3FHN2diaXZzSFNxUVhHZUtiWEJtVW8KvsVSTClcOGqs0s2U5UbXa/Zg6QuYACDK + 46V+YW4R/Cr+t85/WJ0PXTmocmfryoZo9F5yJEtUGGBWgJ/KyX4+Eg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1SEI2OTlxWmx6cCtwS2RB + ek5oYXZWOGNVWTYwaEh1ai9sWUVYOG01SVVVCnZNT3lIdE5Md00wNkRkTUVhanYr + clF3THk0azFkZytRZFlxT3lINnNnbFEKLS0tIHp2ZFBiYnlDbGVUUXlkUFM4VWNL + MTBSQ28ydGRmUUVJdkJhK0g4aXlyRkEKnAqzD1HNNlHXirT6Wcr386ojWG8TwT4o + nZIW7dVLMa9iWreQ8ERbd2dr6fUG6KgJ4vH1Zr2996k1Je24FICJXg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1N29qMzZnODRIdzJ1eXc2 + MVlwVk5RbDNROTJYUGIrY1BqMjByNWpCTUY0ClV4eGhIbEFScHBoU2NOM2xGWlRx + SG9sWHN3eWMvWm5paU9LVjJGOWptdFkKLS0tIHE1SzR3T3YwOGFWMWVPV0x1bUU1 + WW9aeHpuVFA4TDJoOCtETHlNeXZIV0EKOBLaiKhivSXSjc0K1mb1gMwMUIwDwq+h + JSO5AU93yBOsQ9SGgTOTB2ihqAzRKqsCrkDuyoI9eiM8o0JbybEN/Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1czlqpfdvey2hzgr79skxvtg4stnfawq045l5sl59j0cd9hfuqvlq83v647 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSkhUaE9DNkxHeEpVNWJH + SXJXRjM3Mm9UejBpekJ4T1NvTDdVY0dLVlVRClRtRVJuU0YvUStVdUlzSTVkZHhp + aUVxN05TdGNXdFVKSVFwOTBwa2VzT0UKLS0tIFdVY3FRcHljMXlxYTI1SVJvTm9q + a3FRZlNFMU83b1FSdlc1bnl3eDM3OTgKbhwzCZ/m0ZuIOGKJGShT7KJiAFE0ToyV + 0EBrggjx2yXUybvDiFXNTGW8JBYp4ChC0xEMKoEtnUA8b2kHIonZpQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age14d0ahjjk02jyc25hhx9ws333r0yk5e06yf4ys8xhz2um7jp6qqaqfcdksg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbHNURkVKSWp0NVQvbkla + TUd3M1dWSFZicHpxS0N2VGQyTExqOUpKbmlZClRwVmkwR3A1TVRhWDV0MGYxbUVL + eVlvMEJLRlBzUXcwMmlRM2prTFBoQ1UKLS0tIEdoSmdTRzVBWjlvQ2RZTjgvcENY + RUFpcUw0R2FWWmxvYmkwOEpsYU5oYzQKTegEFviXk0QRG9YnOarRL22KPDBkmoJH + CnAKKS1FIVydBbsGKi90QI6/BMJj/ih2EYM8n0MA1sA28XcXPGERJw== + -----END AGE ENCRYPTED FILE----- + - recipient: age14qunhxz08gmw5r8ky0ez9rjf9dj3ue9hrzz580gwwj4cms46vd7ss4rutf + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJL3VRN0xySUhFek5ZK3hI + aXZoTjlMVWkrRmtBSVJ1Sm9hY3RjcWx0WHlBCkFKN3pQOTdGVS9hN0czNHdZbGZD + M2tqOHdQc2tzdS8vVDY1WmpKNTBFVlEKLS0tIEQwQW1KczBSQnI4clYxcW5vTE9m + WDJ6WndDMGxPTkZ0ajJKWm9vcFZ5YUkKQawuoXUSKGBfKoMmfY/FevNph2arr0k8 + dPXZq9iKEP5pxzt7CaqOI889YHBdxXkRv0+qwBUt7VBCC5+suunikw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-15T03:32:26Z" + mac: ENC[AES256_GCM,data:IYFXYOpANpQjqxlW07Fx+kMj0BQxdrbX0aJEXSFkz4uQGn+pRrwe7GHhThJc8Spo77i4KnIH3RDCW54YIXSGWriHaRe2mpdaBZsVJo+DKJ7BjTMKj8vZftk3iaUFWnbZiSFvVuOFJ5x4leCZ0rmixGnP0iHYqt7remD1m4GijSs=,iv:xWb4DLW26CpaYet1dbb/0oAv9oAMuQ5QVvXmhr8HsxQ=,tag:A2Wv0vTPLVzaiS9OIGudRQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1