commit f6047a34f5baccc6037d19b77cf8cb99082b28a0
parent bc1a77c769020e5563e7e804bf31d435f501722f
Author: Katja (zaphyra) <git@ctu.cx>
Date: Sun, 15 Jun 2025 13:39:28 +0200
parent bc1a77c769020e5563e7e804bf31d435f501722f
Author: Katja (zaphyra) <git@ctu.cx>
Date: Sun, 15 Jun 2025 13:39:28 +0200
config/nixos/modules/nixos/presets: add `networkManagerProfiles` (and enable them on host `huntii`) this allows declarative configuration of NetworkManagers connections, eg. Wifi-networks or wireguard-tunnels. secrets like ssid's or passwords are stored in the common sops file
10 files changed, 381 insertions(+), 68 deletions(-)
D
|
57
---------------------------------------------------------
A
|
57
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
60
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
59
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
61
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/config/nixos/modules/presets/cccdaWifi.nix b/config/nixos/modules/presets/cccdaWifi.nix @@ -1,57 +0,0 @@ -{ - povSelf, - pkgs, - lib, - config, - hostConfig, - ... -}: -let - inherit (lib) types; - cfg = lib.getAttrFromPath povSelf config; - -in -{ - - options = { - enable = { - type = types.bool; - default = false; - }; - username.type = types.str; - envFile.type = types.path; - }; - - config = lib.mkIf cfg.enable { - networking.networkmanager.ensureProfiles = { - environmentFiles = [ cfg.envFile ]; - profiles.ccc-da-wifi = { - connection = { - id = "darmstadt.ccc.de"; - type = "wifi"; - uuid = "945c40f1-a800-4619-8276-1002a718a9f2"; - autoconnect = "true"; - }; - "wifi" = { - ssid = "darmstadt.ccc.de"; - mode = "infrastructure"; - }; - "wifi-security" = { - "auth-alg" = "open"; - "key-mgmt" = "wpa-eap"; - }; - "802-1x" = { - "eap" = "ttls"; - "phase2-auth" = "pap"; - "ca-cert" = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - "altsubject-matches" = "DNS:radius.cccda.de"; - "identity" = cfg.username; - "password" = "$PASSWORD"; - }; - ipv4.method = "auto"; - ipv6.method = "auto"; - }; - }; - }; - -}
diff --git a/config/nixos/modules/presets/networkManagerProfiles/cccdaWifi.nix b/config/nixos/modules/presets/networkManagerProfiles/cccdaWifi.nix @@ -0,0 +1,57 @@ +{ + povSelf, + pkgs, + lib, + config, + hostConfig, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + username.type = types.str; + envFile.type = types.path; + }; + + config = lib.mkIf cfg.enable { + networking.networkmanager.ensureProfiles = { + environmentFiles = [ cfg.envFile ]; + profiles.ccc-da-wifi = { + connection = { + id = "darmstadt.ccc.de"; + type = "wifi"; + uuid = "945c40f1-a800-4619-8276-1002a718a9f2"; + autoconnect = "true"; + }; + "wifi" = { + ssid = "darmstadt.ccc.de"; + mode = "infrastructure"; + }; + "wifi-security" = { + "auth-alg" = "open"; + "key-mgmt" = "wpa-eap"; + }; + "802-1x" = { + "eap" = "ttls"; + "phase2-auth" = "pap"; + "ca-cert" = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + "altsubject-matches" = "DNS:radius.cccda.de"; + "identity" = cfg.username; + "password" = "$CCCDA_PASSWORD"; + }; + ipv4.method = "auto"; + ipv6.method = "auto"; + }; + }; + }; + +}
diff --git a/config/nixos/modules/presets/networkManagerProfiles/voidHomeWifi.nix b/config/nixos/modules/presets/networkManagerProfiles/voidHomeWifi.nix @@ -0,0 +1,60 @@ +{ + povSelf, + inputs, + pkgs, + lib, + config, + hostConfig, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + username.type = types.str; + envFile.type = types.path; + }; + + config = lib.mkIf cfg.enable { + sops.secrets."environments/networkManagerProfiles/voidHome" = { + sopsFile = inputs.self.sopsSecrets.common; + }; + + networking.networkmanager.ensureProfiles = { + environmentFiles = [ config.sops.secrets."environments/networkManagerProfiles/voidHome".path ]; + profiles."voidHome" = { + connection = { + id = "voidHome"; + type = "wifi"; + uuid = "42e9526b-f810-49f5-8438-0e14a72485dc"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "$VOID_HOME_PASS"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$VOID_HOME_PASS"; + }; + }; + }; + }; + +}
diff --git a/config/nixos/modules/presets/networkManagerProfiles/voidPhoneWifi.nix b/config/nixos/modules/presets/networkManagerProfiles/voidPhoneWifi.nix @@ -0,0 +1,56 @@ +{ + povSelf, + inputs, + pkgs, + lib, + config, + hostConfig, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + sops.secrets."environments/networkManagerProfiles/voidPhone" = { + sopsFile = inputs.self.sopsSecrets.common; + }; + + networking.networkmanager.ensureProfiles = { + environmentFiles = [ config.sops.secrets."environments/networkManagerProfiles/voidPhone".path ]; + profiles."voidPhone" = { + connection = { + id = "voidPhone"; + type = "wifi"; + uuid = "b89f4221-788f-4354-84be-f836e4cfb8f8"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "$VOID_PHONE_SSID"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$VOID_PHONE_PASS"; + }; + }; + }; + }; + +}
diff --git a/config/nixos/modules/presets/networkManagerProfiles/zaphyraHomeWifi.nix b/config/nixos/modules/presets/networkManagerProfiles/zaphyraHomeWifi.nix @@ -0,0 +1,59 @@ +{ + povSelf, + inputs, + pkgs, + lib, + config, + hostConfig, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + username.type = types.str; + envFile.type = types.path; + }; + + config = lib.mkIf cfg.enable { + sops.secrets."environments/networkManagerProfiles/zaphyraHome" = { + sopsFile = inputs.self.sopsSecrets.common; + }; + + networking.networkmanager.ensureProfiles = { + environmentFiles = [ config.sops.secrets."environments/networkManagerProfiles/zaphyraHome".path ]; + profiles."zaphyraHome" = { + connection = { + id = "zaphyraHome"; + type = "wifi"; + uuid = "2eb10476-ea80-4059-afdc-8d2ce844236b"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "$ZAPHYRA_HOME_SSID"; + }; + wifi-security = { + key-mgmt = "sae"; + psk = "$ZAPHYRA_HOME_PASS"; + }; + }; + }; + }; + +}
diff --git a/config/nixos/modules/presets/networkManagerProfiles/zaphyraPhoneWifi.nix b/config/nixos/modules/presets/networkManagerProfiles/zaphyraPhoneWifi.nix @@ -0,0 +1,56 @@ +{ + povSelf, + inputs, + pkgs, + lib, + config, + hostConfig, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + sops.secrets."environments/networkManagerProfiles/zaphyraPhone" = { + sopsFile = inputs.self.sopsSecrets.common; + }; + + networking.networkmanager.ensureProfiles = { + environmentFiles = [ config.sops.secrets."environments/networkManagerProfiles/zaphyraPhone".path ]; + profiles."zaphyraPhone" = { + connection = { + id = "zaphyraPhone"; + type = "wifi"; + uuid = "2dc7bb4a-e016-427d-aeb6-28e7a6b91f41"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "$ZAPHYRA_PHONE_SSID"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$ZAPHYRA_PHONE_PASS"; + }; + }; + }; + }; + +}
diff --git a/config/nixos/modules/presets/zaphyra/networkManagerProfiles/dn42.nix b/config/nixos/modules/presets/zaphyra/networkManagerProfiles/dn42.nix @@ -0,0 +1,61 @@ +{ + povSelf, + pkgs, + lib, + config, + hostConfig, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + }; + + config = lib.mkIf cfg.enable { + sops.secrets."environments/networkManagerProfiles/dn42" = {}; + + networking.networkmanager.ensureProfiles = { + environmentFiles = [ config.sops.secrets."environments/networkManagerProfiles/dn42".path ]; + profiles.dn42 = { + connection = { + id = "dn42"; + interface-name = "dn42"; + type = "wireguard"; + uuid = "b7df0547-e13b-4f28-86de-2b738a36d167"; + }; + ipv4 = { + method = "disabled"; + }; + ipv6 = { + addr-gen-mode = "default"; + address1 = "fd6b:6174:6a61::acab/128"; + dns = "fd42:d42:d42:54::1;fd42:d42:d42:53::1;"; + dns-search = "~;"; + method = "manual"; + }; + proxy = { }; + wireguard = { + fwmark = "1718"; + listen-port = "51820"; + mtu = "1280"; + private-key = "$DN42_WG_PRIVATE_KEY"; + }; + "wireguard-peer.MRXPP//j+BDCiUyrYHdXtdULAsCZyfgumas8pxp6oiE=" = { + allowed-ips = "fd00::/8;"; + endpoint = "router-a.dn42.zaphyra.eu:1718"; + persistent-keepalive = "10"; + }; + }; + }; + }; + +}
diff --git a/hosts/huntii/default.nix b/hosts/huntii/default.nix @@ -28,7 +28,7 @@ boot.initrd.systemd.emergencyAccess = true; - sops.secrets."environments/cccdaWifi" = { }; + sops.secrets."environments/networkManagerProfiles/cccdaWifi" = { }; modules = { filesystem = { @@ -58,15 +58,26 @@ presets = { base.enable = true; - zaphyra.enable = true; + zaphyra = { + enable = true; + networkManagerProfiles = { + dn42.enable = true; + }; + }; graphical.enable = true; graphical.type = "gnomeMinimal"; - cccdaWifi = { - enable = true; - username = "zaphyra"; - envFile = config.sops.secrets."environments/cccdaWifi".path; + networkManagerProfiles = { + voidPhoneWifi.enable = true; + voidHomeWifi.enable = true; + zaphyraPhoneWifi.enable = true; + zaphyraHomeWifi.enable = true; + cccdaWifi = { + enable = true; + username = "zaphyra"; + envFile = config.sops.secrets."environments/networkManagerProfiles/cccdaWifi".path; + }; }; };
diff --git a/secrets/common.yaml b/secrets/common.yaml @@ -1,6 +1,12 @@ zaphyraPassword: ENC[AES256_GCM,data:rW2g6n71PA6R5+KZ9i4EZ8doC9JGCLMGf+29r+8zvPMgz2ndJ0Hltkq0I12AQ5GILhS2x6lOLTpTjZ4SkG5PM1FRN/3Vi0wrdQ==,iv:weyksZS/MnkZLlM5nScUD4NvX17XnRG0dmut6Lyjqoo=,tag:scrtArW3n69CDaAPxwbQ8Q==,type:str] resticEnv: novus: ENC[AES256_GCM,data:KTTd0UMQiOHrrFIbY9pIJWO9MVIFWs2pvjm4Vo46CE/CrgGfxJur5uYtxHvR94bwaoLXd8RpdlONSRzbShQlH0xE86C/MyRNWiZR5QLyWj6YwzFd+DSdHQD0h0AlRviZY/vFze1EJRPZ0d6XCMJBX+aTizVSxw==,iv:pSfa9Kgpwq/wqn6nOKozgEy2h9C22oVWSCA7X07aW1w=,tag:+aD8wh33mA9hqQ1TKT1m8w==,type:str] +environments: + networkManagerProfiles: + voidPhone: ENC[AES256_GCM,data:E9FozLhSZnYNt/g4umEnFUWO3mIOmPWxP4DJ4vmyFUJz/QuzOZHPY+A+rX1IiH5WPaCJoGm9KQY=,iv:LJCS/DqAcAg4duvp8+1UT9hC6Gh0oPecoQSbNMELmm0=,tag:xjBZTQrzA1rjq6eBxQ5uug==,type:str] + voidHome: ENC[AES256_GCM,data:kxQ7Bn0dULnFQnSR5PozRUK4GUhw3y9ienTyFNwcW1rlZ0d4UpkRRvpG2XehMrEfRaxds0RVboQ8Li3z9Q==,iv:gbB6R0X8Xr+e9/dvSAXuQIIHX3mF9j3H63A+AXXq0hY=,tag:kY/Gs5VSWtwBH2VjDDNYwg==,type:str] + zaphyraPhone: ENC[AES256_GCM,data:mghBydVnJ8tuhXBMZKlQIXh06PCQsvcElHyWIya2hLbQlUYyAMD+l8J1Z1tU3RUrSYW3Gd32TdfQpQ==,iv:C9wTZF0HU0NeJcsNUwLpIX0ELUxjgtyDWpdbWiksDSw=,tag:w0alvDbx1cl1e7izVZV9HA==,type:str] + zaphyraHome: ENC[AES256_GCM,data:xMwLPSh78GIuiVh+4z84QgVQKOU7QW7VGjPJZpBwdZhvgXVQt5cMOmN4DD/Yev+Bme/2C7SigEY8bFJcgpHnbZ6Fp1E=,iv:fJtciKFZ2J3j32xF2L3XHS0cVBhPlOmpUzP4q0A3WHg=,tag:wd2XA4Q5p9TYjp9kfWDjAQ==,type:str] sops: age: - recipient: age1laajqafnm4ft2m73wq7yqug4ts04ddn59wlqs4t30upeqa35dpdqu8fu3n @@ -48,8 +54,8 @@ sops: NGJXZ3dnN0VvMkZ1YS9QcldRMFdTUW8KLyjsWVufSnhhNz/rzGRSU8ovJr/pQmMX Bh3EfJdvfw+ZhAY3KfMqzpiyf+En+uTP2dvctCbDfVmE/WZVaJ16Tg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-06T17:49:14Z" - mac: ENC[AES256_GCM,data:JEIPLK7altKMSGsRqb8YyL0OjvLKkHYAfBxqV46QHUJOgostIgelrdLostkKmZryqtS6i8GlyRbLT7yyOlKF/KhkgbHzL7fdoW/wL7UyVi3lTVPEo8VxNl3BBNb2LGqwRl+nA3vG5QIwtxFRqxo6OK//9lmraYmY/7WafRW9a6M=,iv:Gh8wQ2/N8dwxb7ZhbdRv0VJR61ynNR68ax9m/zhDF3M=,tag:yvWh4JakRh3/nMLBP8HXRg==,type:str] + lastmodified: "2025-06-15T11:22:22Z" + mac: ENC[AES256_GCM,data:T9sjJBNcMJePZt9xv5Yxa/mzuna4RHxN7saAKNa6Nobqzh2OrJnGNf3IVGNqOhBmZTjaK1pnqvzAg4CCPmnYNVxRcFMwJR2XWyGupkMi1P1UO8inTngiLNZChk+iyGJhIL1UXj8bwRWA5eioxjFowKr4/3iaQpXETmwpl59fbVY=,iv:KyLQCNBzubaHt/o1SdQvjExMxYCBtc4InoPTVmPgNxU=,tag:kAOFATBtJpnTaSziSYE3cw==,type:str] pgp: - created_at: "2025-06-04T20:02:58Z" enc: |-
diff --git a/secrets/huntii.yaml b/secrets/huntii.yaml @@ -4,7 +4,11 @@ syncthing: cert: ENC[AES256_GCM,data:nld1ZupR5i6UGZsyy+fuDOEjCV31BSTZiv8/GzEw9uaWqCztFL3wzwr4/x9OoPQGp90pK8ELA0KCr9UyqIBFkgjRcZFP2e2RlV9Ej4VrApC6pwAK4BNCxbGnaftsyXliW5Hk2mO+kFkj6CYgPwy+kq3ajoAzX2xaefemFns+sRZcofyTkKZ5MN3XRJ+z8wwHtqHZziDM2m9//D1yMWdjJZv2FDvCVS/fdhw0+Cgi1fB7eCkq1RLLElk/T610/DtC3tIHaivVjMPodvXT9wLL+ElPOxRSACcsN5TwMZDvqpOAOkrMipcYGN48lTtXExZskOga798cN1io4njEM+Vq8O6d2zHpVIzBd2YlCvdyH1aK0qYsR5+xjsmAyO7lMd1pK4UIuIlT5937fLRN8E5OO/TSOM1x44a9VUTEBvUcu0FZZn/UmX0ZdrmUPMhw+V7v9yLdFgMsI7I6V1FaO7yY4DUE4kx9cLKNjQPLtnZ9lc/WXiAIT8KG0ivPxUx4mc/u6EcFig2mMm7nIExUrg43wiusLAv6gZ4WnNmOO+WgbiDewHnXgGLUAN7w4Cmmlom5jsa/iEWaV4x9RXwa23567y08vB7S/RfdgjLaN5/6oKIumfzTk5dfMGh7VmpOuu8XIWSi+E1cCmDr8RUJDg/ea3Fsic/OYYrf4ZF54P55qkf+uDgHrQxDA6xzJIWkpIWCCIeLKcAD8jU/EHhEDzL3L7cAFalGLE0Gn8+Yo9SRWrVrjI7tRm0lG32uCP5BZ3pO8xGprhL+DJWZ36t/tCYMl7CwtRdgtJhzc+Y2CzK9OgGQAuhsRrCUZxXHtGyYtQtdFb5hzu1Vv7bm1tlPOx3KqVzzYO69qtRjFrcVt98VZNXkma92tOsEY+sygPdixWbRtRCKa5pOx+TB7X5CFbxXYU86BJDvbJnzK+DXQPSqKgD5pq+WC74Sxsa2VJ2h0xNfdptYHwN17SuVFw8+f21qwj+W1ZW+hufRpT9Sz+lMEACuxMRRC/9qtkh4s2ctefEL4leiR5pGEJCR+6RcwptnEm5i/lAy7EfhPAo=,iv:UCBmAyLR2fHub25o+u3jh2QDfiIdOGRnjVlk3bKGzKY=,tag:+8wZUgd0y3dRfrSjo2pESQ==,type:str] key: ENC[AES256_GCM,data:ogVa9Rd4nyhSSM0KPtXAtIdzObyCLWA4mEgdOtB4oOR32rgufdVmBPX593EAifvbgEhRTrcDFSyRDSphKifF0MH6QW+tP5zJyAOkqgvxlB0cB8KpcqrOU8t6ZgTO8Gj0+Wcwdly1WDEfFX3bK7/PZm6QPWDejyM9cfRAld2RESMoEDelEpaPW7xyff6BzlYyzUo9HuGSCYTmuIWdBSU/ER4o5RMDppJT2VWFYXQJgDAa7hFSA9/hrj9eOS28wr1qnCE83zpYCSjBHJ9hfK6d8jwpG6TWROLfdv0C2M53+jPZ0Aa3X+/9+k2RBNS4xU5ULNfEu1Ix+7HyNJ0mI3lujZVTd0LDbBvEebur8oJ3nrrBSszSd2iirUth4j/Nk/A1,iv:GlDGSbNGdUB2nmvIDFQyGZXSf/YacA7mhZkCT9WTZSw=,tag:/grVWjZnKYg/LPVPKmtKnw==,type:str] environments: - cccdaWifi: ENC[AES256_GCM,data:O6Id4IrlJLfVfbwZJ4oz9jelYtBXVSUY,iv:o9Rv20e3+bXGMDJQgVqW3gcJH1qqhx249xBKO3Hclvc=,tag:ybYRLE0pLnbv2tnxcZGGPA==,type:str] + networkManagerProfiles: + cccdaWifi: ENC[AES256_GCM,data:K2gwt00QDCLDAioAK8XPLiDq6B27/VAY,iv:NTDh0yDVILPpEMyaQ86al+yaFOryqVSTjyEKuwnwht0=,tag:+AIIXKhEqsSYOsdCvKNqlQ==,type:str] + dn42: ENC[AES256_GCM,data:oKC0Dw4lxGEssNjg3jTmO9+svT+sGs9a5zgl7AkfEAG7UduMwdC+jSkZoptd/VQnUGJ5zhKs5Us64OtZNG4=,iv:3zm/zVSVAzz0S2xkeRywWBQe1adwlrS+bor8B4fyH18=,tag:3wIzkM2jMykvn3KMGXz7iw==,type:str] +dn42: + wgPrivateKey: ENC[AES256_GCM,data:0Xvx7bg3CNrsoAwDSIHc+LHboVh8BzmKWzmNrwnU7O7ZVUHlaIM62NSkxXA=,iv:ui3L9s6FcBpQniRvxBig8K8/TP0hdftRGQ2w+LTiWJM=,tag:n3R5q7TfWtIcXHWdq1e/Vg==,type:str] sops: age: - recipient: age1laajqafnm4ft2m73wq7yqug4ts04ddn59wlqs4t30upeqa35dpdqu8fu3n @@ -16,8 +20,8 @@ sops: TUFjemN1cTNEZGlIcHF2L3hXZ3ZOeWMKK8AR4Ovh7LYwxEsV6uGyLM9WmAQlTeuL adoHhpotA0GfDTga0UsrBP44+6QU1V8+yX6XJPzZIltH1DIVcHV70w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-09T13:04:55Z" - mac: ENC[AES256_GCM,data:epBVHurTlDWi9gG1Ho2bGOgRTPwZbKlEz/uFSPb6rLui0Ldb9bZ88C9lkWFC4mViBrO5Cx38SwW9LZc0kYEe9Z7LUA0E//IxW+ny1CA+mTYsVge61SHWU0nH3DREK+wkgIPT9AOBJloo7P9Dn7Wrp5xMSFxSIzx6tsuiPrOeg28=,iv:RcrM/b8/mUOLlWZ0HgZfwl9G5giZlHhJQ0J87wFZKmg=,tag:FXu67/l1PuWWZTrnsHMmFw==,type:str] + lastmodified: "2025-06-15T10:52:07Z" + mac: ENC[AES256_GCM,data:Aemx8k9HDb3V6BNQlvMmxeZR2scuHFAEI/STaDPd64Nn9Y3CjbKDuernA6m/0ahc26qPn4CF3OkGQkvA6xT0WKEqTo5P/WPbgLMOz4fcJlNlIGk5cQtqEIGpZG/5tsSzCLqFQ0mSHZHtk4AFGwWl4RpTJXkon9KkgRSNZxxIXvY=,iv:XgFgGywWYiPWfMzArlN2kxM+Nc5cNRzVZe2SbAa5Upo=,tag:0/hkbFkoUmjxa7DTZdJ01g==,type:str] pgp: - created_at: "2025-06-04T20:02:52Z" enc: |-