diff --git a/.sops.yaml b/.sops.yaml index a614f01..9dcc494 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,6 +3,7 @@ keys: - &system_mns age1s7xs405mkw2gagclktekz27lxhh38se7adrkdfc0x2l28j9xsvdqcdrsyr - &system_monitoring age1dpaezlv6va4a8pdqc9w8exuy54d8y2q20yu9zc98q326lusyfdpsf6ph93 - &system_sync age1ap6uwhhy4uvq72hwyts7gzl027mnypakvj6svphgw2fm8jk72v7qtccs76 + - &system_cache age1tst50yvdtvlggtjcpa47pvywcdaxfv00v04wfwf552wg4wraaexqsaqlke creation_rules: - path_regex: secrets/common.(yaml|json|env|ini)$ @@ -12,6 +13,7 @@ creation_rules: - *system_mns - *system_monitoring - *system_sync + - *system_cache - path_regex: secrets/[^/]+\.mns.(yaml|json|env|ini)$ key_groups: @@ -30,3 +32,9 @@ creation_rules: - age: - *peter - *system_monitoring + + - path_regex: secrets/cache.(yaml|json|env|ini)$ + key_groups: + - age: + - *peter + - *system_cache diff --git a/flake.lock b/flake.lock index 99d1531..449869d 100644 --- a/flake.lock +++ b/flake.lock @@ -1,9 +1,31 @@ { "nodes": { - "colmena": { + "attic": { "inputs": { + "crane": "crane", "flake-compat": "flake-compat", "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1707922053, + "narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "6eabc3f02fae3683bffab483e614bebfcd476b21", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, + "colmena": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], @@ -24,6 +46,27 @@ "type": "github" } }, + "crane": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702918879, + "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", + "owner": "ipetkov", + "repo": "crane", + "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -45,6 +88,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1650374568, @@ -61,6 +120,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -75,7 +149,7 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { "systems": "systems" }, @@ -95,21 +169,37 @@ }, "nixpkgs": { "locked": { - "lastModified": 1710631334, - "narHash": "sha256-rL5LSYd85kplL5othxK5lmAtjyMOBg390sGBTb3LRMM=", - "owner": "nixos", + "lastModified": 1702539185, + "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "c75037bbf9093a2acb617804ee46320d6d1fea5a", + "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1702780907, + "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1710628718, "narHash": "sha256-y+l3eH53UlENaYa1lmnCBHusZb1kxBEFd2/c7lDsGpw=", @@ -126,6 +216,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1710631334, + "narHash": "sha256-rL5LSYd85kplL5othxK5lmAtjyMOBg390sGBTb3LRMM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c75037bbf9093a2acb617804ee46320d6d1fea5a", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1710534455, "narHash": "sha256-huQT4Xs0y4EeFKn2BTBVYgEwJSv8SDlm82uWgMnCMmI=", @@ -143,17 +249,18 @@ }, "root": { "inputs": { + "attic": "attic", "colmena": "colmena", "disko": "disko", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs", + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_2", "sops-nix": "sops-nix" } }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_2", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": "nixpkgs_3", + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1710644594, diff --git a/flake.nix b/flake.nix index 2042dff..ef41a96 100644 --- a/flake.nix +++ b/flake.nix @@ -18,6 +18,9 @@ # Colmena colmena.url = "github:zhaofengli/colmena/main"; colmena.inputs.nixpkgs.follows = "nixpkgs"; + + # Attic + attic.url = "github:zhaofengli/attic"; }; outputs = @@ -27,6 +30,7 @@ , sops-nix , flake-utils , colmena + , attic , ... } @ inputs: let @@ -85,6 +89,15 @@ self.nixosModules.common ]; }; + cache = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + system = "x86_64-linux"; + extraModules = [ inputs.colmena.nixosModules.deploymentOptions ]; + modules = [ + ./nodes/cache + self.nixosModules.common + ]; + }; }; nixosModules = { diff --git a/nodes/cache/attic.nix b/nodes/cache/attic.nix new file mode 100644 index 0000000..3385031 --- /dev/null +++ b/nodes/cache/attic.nix @@ -0,0 +1,75 @@ +{ inputs +, config +, ... +}: +{ + imports = [ inputs.attic.nixosModules.atticd ]; + + + sops.secrets."atticd/env" = { + sopsFile = "${inputs.self}/secrets/cache.yaml"; + }; + + security.acme = { + defaults.email = "acme@xnee.net"; + acceptTerms = true; + certs."cache.xnee.net" = { }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services = { + atticd = { + enable = true; + credentialsFile = config.sops.secrets."atticd/env".path; + + settings = { + listen = "127.0.0.1:8080"; + + storage = { + type = "s3"; + endpoint = "https://s3.wasabisys.com"; + region = "eu-central-2"; + bucket = "cache-xnee-net"; + }; + + # Data chunking + # + # Warning: If you change any of the values here, it will be + # difficult to reuse existing chunks for newly-uploaded NARs + # since the cutpoints will be different. As a result, the + # deduplication ratio will suffer for a while after the change. + chunking = { + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 64 * 1024; # 64 KiB + + # The preferred minimum size of a chunk, in bytes + min-size = 16 * 1024; # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 64 * 1024; # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 256 * 1024; # 256 KiB + }; + }; + }; + + nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + virtualHosts."cache.xnee.net" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://${config.services.atticd.settings.listen}"; + }; + }; + }; + }; +} diff --git a/nodes/cache/default.nix b/nodes/cache/default.nix new file mode 100644 index 0000000..1829a1d --- /dev/null +++ b/nodes/cache/default.nix @@ -0,0 +1,10 @@ +{ + imports = [ + ./disko.nix + ./hardware-configuration.nix + ./networking.nix + ./attic.nix + ]; + + +} diff --git a/nodes/cache/disko.nix b/nodes/cache/disko.nix new file mode 100644 index 0000000..7f79e24 --- /dev/null +++ b/nodes/cache/disko.nix @@ -0,0 +1,34 @@ +{ + disko.devices = { + disk = { + sda = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "EFI"; + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + label = "NIXOS"; + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nodes/cache/hardware-configuration.nix b/nodes/cache/hardware-configuration.nix new file mode 100644 index 0000000..dbb76d4 --- /dev/null +++ b/nodes/cache/hardware-configuration.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, modulesPath, ... }: +{ + imports = + [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/nodes/cache/networking.nix b/nodes/cache/networking.nix new file mode 100644 index 0000000..1b663bd --- /dev/null +++ b/nodes/cache/networking.nix @@ -0,0 +1,40 @@ +{ lib +, ... +}: +{ + networking = { + useNetworkd = true; + useDHCP = false; + hostName = "cache"; + usePredictableInterfaceNames = lib.mkDefault false; + domain = "xnee.net"; + nameservers = [ + #HETZNER + "2a01:4ff:ff00::add:2" + "2a01:4ff:ff00::add:1" + ]; + dhcpcd.enable = false; + }; + systemd.network = { + enable = true; + networks."10-wan" = { + networkConfig.DHCP = "no"; + matchConfig.Name = "eth0"; + address = [ + "2a01:4f8:c2c:17c9::1/64" + "128.140.9.158/32" + ]; + routes = [ + { routeConfig.Gateway = "fe80::1"; } + { routeConfig = { Destination = "172.31.1.1"; }; } + { + routeConfig = { + Gateway = "172.31.1.1"; + GatewayOnLink = true; + }; + } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + }; +} diff --git a/secrets/cache.yaml b/secrets/cache.yaml new file mode 100644 index 0000000..5c26cb4 --- /dev/null +++ b/secrets/cache.yaml @@ -0,0 +1,31 @@ +atticd: + env: ENC[AES256_GCM,data:JKlsV1PdmCOaNNzOAVa0MfvGU7lDIIPCKk7Pr9VQdioYbjZnpjXk3pSbofxKDBlAiN5WJv28dfxsy48RmPALORbXF2/ZRPJpiO40TwEw9oBA0+AAOaMCcZ0sqgQB/G61wfbW7BkUylHb0jEPYZs0VzNWco7pLJb9P/s9FP0QrVivK4Vewn7JwZSDBTon8PyLCSYToFd/2Zr9skaseNsU9ruvWTQ7ACCdl6wv41cboRVyFlW0YDipD/caT0mgVl/xwkq/w5FmP7cjcxGxnWssoJ2gZKbL7axJJqCgbf+B/LY=,iv:4L/BdxCfdpXkoXexvtFq7WdQ6rJP4va0gOqdSVzKN0U=,tag:+5Y6/UtGSt2Hssalcxm2rA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1d085lpynkxxf0mfus0rd3qq0r38clwz9d5ddrl79x982z00j6qsqq8f54g + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtYTNPbzQ0TEdLR0wyS25C + YmZhU3ZGQlhWK0VuQXRnczAyb3A5K01lT1NnClpXaDRyeHFMbXloQVZRMUt5NFND + Y2dVbnRuNEdjU0hDaE82MnB6M3VLd0UKLS0tIFZnbVY1dHllV3Q3UzhONjkvQXFX + cVIveTN1N1Y1bnlpNDl5L2dTaXhLaGsKmUD572dD7uWe50w0iVU5PostduSG813I + udKeiUftcVB+4KZkFrYtgu9VKItrXpz47ZamYfH9YG2vD/xGXjXEdg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tst50yvdtvlggtjcpa47pvywcdaxfv00v04wfwf552wg4wraaexqsaqlke + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNmQyRVZlTXJQUlpwZ1l6 + WWtUNDZtM3B0WUhJcGtzbTZzU3hvM2h1alhvCnBXZ0FNenhNLzl3d2dYeEt4cTZR + NGxBYnJ3c21UbmRPTmQzQTc3eUozbXMKLS0tIEt1NUhIV3VzTDJtS2dnZFpLc2ZB + ZzhhVkh0QWRRenJCTStzaU9VMjR2bDQKVv2kitFMFHBYK2ePa0jqt+B3ZbcD7m6Y + BNcEldTOuj8Q3GbJKlxkE3rVQvg3BxqnATEuK6r4h8dBCTqd5zmZBA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-19T08:05:39Z" + mac: ENC[AES256_GCM,data:2KgyqCgP4vOmqu9jjVaovnfICY0kj5N1gJWmr22kBYIa2lUY5y7DMOTX8cpVV5BV8uQiZTs9c2CpfKp2Nwx8BhCkJ0mkpQ1W3wpJIvZPnuqXazTmKKQvcRxQcDHPtk3CBIVVd+6Qb9jfOQkXprO1xjm1+Q0L46wKdC9yBuxpBns=,iv:C8V2RT4AaVpzkqsEYkZUc2OwAG6GUwXHyTLGNz9w5B0=,tag:eIDUgV+KzxD1g0EQR1m5PA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/common.yaml b/secrets/common.yaml index a37ca43..fb22f55 100644 --- a/secrets/common.yaml +++ b/secrets/common.yaml @@ -16,38 +16,47 @@ sops: - recipient: age1d085lpynkxxf0mfus0rd3qq0r38clwz9d5ddrl79x982z00j6qsqq8f54g enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQUNVT09NdWRWQVoyTU8w - dGZxL3YwanNNT3ArUzZyZWtBckJ2YzR1bXdzCnErcHJCamNpRjRGc3JUdlBLWDVr - VWdSd1RMSzV6YjgyaVlnQkQ0bUs2Uk0KLS0tIDFlRFZWU0RRNCtkT0ZnZGtYelBl - STQxRXlwTnB6ZE5rZE9HRDhuakQzc0EKgc1qfjaxouMciqkqWCHOaJBTaRn95EVW - 8t0MF8ZL7aSTlYN/vCK6aac55psS/RAALy+OmScpbrwM+oUR4FGsjw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVENYNjNqeW9IMk1FSzJY + S0dHRXN5N1lvbkZiMkF2enB5MmRxeTJIWlNvCk5GRGpjZGM2YmVPOExRU3FnUU5Q + SEpINWlEaHJQeUJuSTVLY3U3enU4UzQKLS0tIEpMK0hZWlM5V0dWcldxL3BJNm9G + cUNIeHh5T0JIaVpJMW13dktyZEJCTFEKo/RLdVW2vXxDI0ODV37S76QVmbg0xSCJ + 9O0Ll1nN8BzBAogNECM7IO0N9BbUfWnePj6cmro4qPSjkaBwCf8+Eg== -----END AGE ENCRYPTED FILE----- - recipient: age1s7xs405mkw2gagclktekz27lxhh38se7adrkdfc0x2l28j9xsvdqcdrsyr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRThlenhremhTcXRTMXZP - K1ZLZWdrdHBlNnp3ejByMWJXY2xFbDlXWno0CklDS2pab2RKQmFwSUtzeVZoOWNk - eVM1STk0bXUya1MrY3BNaWhNWm1GNlUKLS0tIFJyZDB5SFBBVWhFVnRKanluYTRJ - VDl4d0UwcFJSaXdvbll3K2ZVek1lN3MKDBRmSkLKOq3l0dH6mitABmN4rCz5xLbc - zKxO08X3giRVJPXqrdNsBBKLXD8JWR+uAyS+RUKYTh3sE28rVYRG5Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVW53WS85WXJHa0hLUFA0 + czZ4RkwxaUpmRzcrVUFjOU40RzJ0a0pqdEcwCjNyUkZzZzR4dWIrUGZJQjc4dmtv + RndZaFJaRHhYOFBDaHFwSjI5SThrUHcKLS0tIDEvc203czVzdkpweUhGQUxpK0xO + UEYweHFWOC81UFp1Tk5BNUhDc2ZOY0UK5dUPwQXZ5QnNukf+L17cJ1Sr1NjAd9AO + j31rD5OEcXLs5bRVgeI0igB3rKACgmXYULliiK7Zy0l3KbDkl3yN2w== -----END AGE ENCRYPTED FILE----- - recipient: age1dpaezlv6va4a8pdqc9w8exuy54d8y2q20yu9zc98q326lusyfdpsf6ph93 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhaDZrdUhxblovRlE5QTVn - SGZrcitJMUQ5M1JzdGovZWpwUzhqVFZYUGpFCmd1TkgyY1h1Y1JZNktVSUxNUmU4 - TTBMMTIwU3d6aFB1STlBL2pqdGFSaUUKLS0tIHJuc0JaODlHeXkwclhGaXNqaGZv - ejF4bzVWZ094SnRPTktLZnI3NGNwSEEKG0WKubao81DXq97mjq2SEa4nk91FauJt - VHwHDTX6DAXkJRso/r4KN+dV5+vhTBqs2Yx9Lnh/KMZf85TPPlB5mQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzejVUUTRncG5YWGZ5TWVu + SFE4QnR2ZWxaS0YybVBBZmRvUUVXU3UxNVc4CkRlUjN5TFUvVTU0K3Z2TGh0ek5o + dnN0alhtQTVpMXhidWVnRTFPWlBESlkKLS0tIEJ3ckFMZ2dDTzdHdm00THN0d1pz + NEVmNCtqK0FvenZIUnRwdkdwdHZwZncKIBVGxauHBG8fvVjEdVyLNNo8oeQZ+PfZ + qTBrhXsQlTURtrgB0biMQKU06K53SjN45B8M4r2YdziK5KfqLQs1Kg== -----END AGE ENCRYPTED FILE----- - recipient: age1ap6uwhhy4uvq72hwyts7gzl027mnypakvj6svphgw2fm8jk72v7qtccs76 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoVDVzcXIwRnNFcTQ1TUlG - UFVsKzBhRHJBUWFPTUFCMlF4WFNzbEVEa0hnClRvT1Y1TVJqRjBVWnE0U1QxN0tB - MnRVVkNtL0NsS0FISEhKNFVrQW5OZzgKLS0tIERJM29vMDZrUEpkMi8yaFJjNE5G - YkZMcGFwVUxYeXZpQytaNnVZa1l3ZUkKhDWeUpZKFtTfo0lgpa+n5BbdIQuqA1jb - 0uB6xT+PVgIpgqHxBpvzc+NEFrc8iNPgP1gVF29G7ExXoEaq6aDLEQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqYzhEdmlNMzQ2TVNoVVVH + SWF0Tmw3Z1drOFBIelZPOTJaOVVJWXBLS1FzCmYxN0lNclY4eXhCejBMeDE1bzZH + ZFI0cW1kNFBMSit1RVVSZThORUZacG8KLS0tIDRIa25TVkNVZ0RUMUtaamFFeXU4 + ODltd2tWNHlVRlZwSWdLcGI5eTgvbzgKUYaIbXimoIqwxEcFIPHlgiPi6xwMZggx + M+npwdpp5TaHN+idIWz0wGAbU0HUd6NwC6k+8IYspi+ra+07esIZfg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tst50yvdtvlggtjcpa47pvywcdaxfv00v04wfwf552wg4wraaexqsaqlke + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxNENmdTJBUEl0OC9ZRk9a + aExXUHdiUVFjbWZ3a2NPV09SMjZhQ3pNaEdBClU1TnZsakM0UzlsZ3JaalErTEdt + YkVxb1pKU0RvVXhwNGhiNEhubHZLZFkKLS0tIG9iMDN6cE4wanZyeDFWdzhKd3Iy + eGM4YVJFTEZSdnMvejYxSHNKQXZyUTAK5qsjZmNSOqWbDlF5yf6GFv3VS2VQyh+Z + VNsr2QBQh5KxdEmA/nBY4DMBpeYarFw68AkbihwNDo82/cpRsDso4w== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-03-15T13:51:49Z" mac: ENC[AES256_GCM,data:r/HXiB4P2Q1dC+LvA4oJt+Eo7vsjEf6G561qTo6M8NqxV+LiiaYvO0pkv9HWzTaMtO5evE++jFeuy/daduZjMlrZe/vFZPj4ae14UG+2dA/A55wxmYAYUa98WG5fPfmUz6u9YPHFDFYEEvWTvzE20n8p7saJsH5cMfU/vRs3Jx4=,iv:lVP2I4GL/KhP2scunnRNDtm5KgRrKISnxAyft8pXjz4=,tag:yvBTGuv9jfmhBkwoT57ACg==,type:str]