From d999d4d0e68b9d7cfa0f477cdbac8fe82850ae78 Mon Sep 17 00:00:00 2001 From: Freya Murphy Date: Fri, 24 Jan 2025 13:06:22 -0500 Subject: use sops-nix for secrets --- .gitignore | 1 - .sops.yaml | 16 ++++++++ files/keys/freya-gpg.pub | 23 ------------ files/keys/freya.asc | 23 ++++++++++++ files/keys/shinji.asc | 13 +++++++ flake.lock | 23 +++++++++++- flake.nix | 5 ++- hosts/shinji.nix | 77 -------------------------------------- hosts/shinji/default.nix | 74 ++++++++++++++++++++++++++++++++++++ hosts/shinji/secrets.yaml | 23 ++++++++++++ nix/default.nix | 16 ++++++-- nix/home/default.nix | 6 ++- nix/programs/default.nix | 1 + nix/programs/gpg/default.nix | 27 +++++++++---- nix/programs/sops/default.nix | 30 +++++++++++++++ nix/programs/wireguard/default.nix | 2 +- nix/system/default.nix | 4 +- secrets.yaml | 34 +++++++++++++++++ 18 files changed, 280 insertions(+), 118 deletions(-) delete mode 100644 .gitignore create mode 100644 .sops.yaml delete mode 100644 files/keys/freya-gpg.pub create mode 100644 files/keys/freya.asc create mode 100644 files/keys/shinji.asc delete mode 100644 hosts/shinji.nix create mode 100644 hosts/shinji/default.nix create mode 100644 hosts/shinji/secrets.yaml create mode 100644 nix/programs/sops/default.nix create mode 100644 secrets.yaml diff --git a/.gitignore b/.gitignore deleted file mode 100644 index db2fc0d..0000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -secrets diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..64573f3 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,16 @@ +keys: + # Users + - &users: + - &freya D9AF0A4209B7C2DE11A884BFACBC553660D9993D + # Hosts + - &hosts: + - &shinji 2A8A27879715447AEEC59D0C18DCCBE353963394 +creation_rules: + - path_regex: ^secrets.yaml$ + key_groups: + - pgp: + - *freya + - path_regex: hosts/shinji/secrets.yaml$ + key_groups: + - pgp: + - *shinji diff --git a/files/keys/freya-gpg.pub b/files/keys/freya-gpg.pub deleted file mode 100644 index b471408..0000000 --- a/files/keys/freya-gpg.pub +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mDMEZxpY/BYJKwYBBAHaRw8BAQdAqxOoScBHGwsgHibO5NYxkl5f8QeIXsIFAM20 -KVM/Uo+0IUZyZXlhIE11cnBoeSA8ZnJleWFAZnJleWFjYXQub3JnPoiQBBMWCAA4 -FiEE2a8KQgm3wt4RqIS/rLxVNmDZmT0FAmcaWPwCGwEFCwkIBwIGFQoJCAsCBBYC -AwECHgECF4AACgkQrLxVNmDZmT17+gEA2QbrA+SQmgAtEwgdlQSRsdK8tfboTBnj -eW9T2j3ArW4BAJetX+1Q6pPXP4FLfZOz0Vu46JCy4DDGS37B89bmgrMOuDMEZxpZ -zRYJKwYBBAHaRw8BAQdAWf1SdS6rK+hXbEcjb0jy+bO9cDhna1khYRbsKcSDqfiI -9QQYFggAJhYhBNmvCkIJt8LeEaiEv6y8VTZg2Zk9BQJnGlnNAhsCBQkFo5qAAIEJ -EKy8VTZg2Zk9diAEGRYIAB0WIQQ802XwNzzrE4U69WifvG/9bS2/FwUCZxpZzQAK -CRCfvG/9bS2/F2DHAQD11yHJC5VlyNtgPyA9SYI0M8clQjldB7O29v8gRGzbIgD/ -U4SmGnuRk2js5ITMmBdG1RGzEmmD1dVNIGGM4FiWdg/fSgEAy6dq/LVYeFRkMJ+V -bb0EgFD7SnB/PNfrgtR6VS2KWCYA/1v6bblMoT5rNjcSt0i88SPo9n8CXDui1TOo -PwLg21EEuDMEZxpZ5hYJKwYBBAHaRw8BAQdA9NmEhp63hLFv2ftb8sl7OpvleaAB -dbONL3TutR166SqIfgQYFggAJhYhBNmvCkIJt8LeEaiEv6y8VTZg2Zk9BQJnGlnm -AhsgBQkFo5qAAAoJEKy8VTZg2Zk9iQkA/iUIRSGElTdKPALKQ9Laf3xgsreEYE25 -zdAJVtvDXd/MAP4/vjrNyFw6k7EPrIx+i9Stw6hPxChH9SwgjcgZdCjWB7g4BGca -WhcSCisGAQQBl1UBBQEBB0B3JswDVPoc4B5BRt+XNZ4Y+2cT+mzJwBvEeqdkgrJH -TgMBCAeIfgQYFggAJhYhBNmvCkIJt8LeEaiEv6y8VTZg2Zk9BQJnGloXAhsMBQkF -o5qAAAoJEKy8VTZg2Zk9rCIBALM+gv1wcpOzK1AHj2Nx+40Yf3Y3en7Py93lDK/i -yWOoAQCP9rp0XHMqNjiPStbV+cX9dgJym0L6tpuw55sSpWyIDg== -=rhkZ ------END PGP PUBLIC KEY BLOCK----- diff --git a/files/keys/freya.asc b/files/keys/freya.asc new file mode 100644 index 0000000..b471408 --- /dev/null +++ b/files/keys/freya.asc @@ -0,0 +1,23 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZxpY/BYJKwYBBAHaRw8BAQdAqxOoScBHGwsgHibO5NYxkl5f8QeIXsIFAM20 +KVM/Uo+0IUZyZXlhIE11cnBoeSA8ZnJleWFAZnJleWFjYXQub3JnPoiQBBMWCAA4 +FiEE2a8KQgm3wt4RqIS/rLxVNmDZmT0FAmcaWPwCGwEFCwkIBwIGFQoJCAsCBBYC +AwECHgECF4AACgkQrLxVNmDZmT17+gEA2QbrA+SQmgAtEwgdlQSRsdK8tfboTBnj +eW9T2j3ArW4BAJetX+1Q6pPXP4FLfZOz0Vu46JCy4DDGS37B89bmgrMOuDMEZxpZ +zRYJKwYBBAHaRw8BAQdAWf1SdS6rK+hXbEcjb0jy+bO9cDhna1khYRbsKcSDqfiI +9QQYFggAJhYhBNmvCkIJt8LeEaiEv6y8VTZg2Zk9BQJnGlnNAhsCBQkFo5qAAIEJ +EKy8VTZg2Zk9diAEGRYIAB0WIQQ802XwNzzrE4U69WifvG/9bS2/FwUCZxpZzQAK +CRCfvG/9bS2/F2DHAQD11yHJC5VlyNtgPyA9SYI0M8clQjldB7O29v8gRGzbIgD/ +U4SmGnuRk2js5ITMmBdG1RGzEmmD1dVNIGGM4FiWdg/fSgEAy6dq/LVYeFRkMJ+V +bb0EgFD7SnB/PNfrgtR6VS2KWCYA/1v6bblMoT5rNjcSt0i88SPo9n8CXDui1TOo +PwLg21EEuDMEZxpZ5hYJKwYBBAHaRw8BAQdA9NmEhp63hLFv2ftb8sl7OpvleaAB +dbONL3TutR166SqIfgQYFggAJhYhBNmvCkIJt8LeEaiEv6y8VTZg2Zk9BQJnGlnm +AhsgBQkFo5qAAAoJEKy8VTZg2Zk9iQkA/iUIRSGElTdKPALKQ9Laf3xgsreEYE25 +zdAJVtvDXd/MAP4/vjrNyFw6k7EPrIx+i9Stw6hPxChH9SwgjcgZdCjWB7g4BGca +WhcSCisGAQQBl1UBBQEBB0B3JswDVPoc4B5BRt+XNZ4Y+2cT+mzJwBvEeqdkgrJH +TgMBCAeIfgQYFggAJhYhBNmvCkIJt8LeEaiEv6y8VTZg2Zk9BQJnGloXAhsMBQkF +o5qAAAoJEKy8VTZg2Zk9rCIBALM+gv1wcpOzK1AHj2Nx+40Yf3Y3en7Py93lDK/i +yWOoAQCP9rp0XHMqNjiPStbV+cX9dgJym0L6tpuw55sSpWyIDg== +=rhkZ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/files/keys/shinji.asc b/files/keys/shinji.asc new file mode 100644 index 0000000..a54127f --- /dev/null +++ b/files/keys/shinji.asc @@ -0,0 +1,13 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZ5PEshYJKwYBBAHaRw8BAQdA9+xyytloOTF23lyqyXuwQLxzEayOnMTg8/4Z +WkQZQva0M0ZyZXlhIE11cnBoeSAoU2hpbmppIGtleSBwYWlyKSA8ZnJleWFAZnJl +eWFjYXQub3JnPoiOBBMWCgA2FiEEKoonh5cVRHruxZ0MGNzL41OWM5QFAmeTxLIC +GwMECwkIBwQVCgkIBRYCAwEAAh4FAheAAAoJEBjcy+NTljOUONwBAJxKRllAFMp9 +gDxjNrYIChZdz4OssLuCTwRdJDaDPYkaAQD0QyWMTAOyEAmDOfAbVKEOvjBT1OKC +AuizXs8lxEdlBrg4BGeTxLISCisGAQQBl1UBBQEBB0AqLq6bMlO77JHu0pEluBHf +nURLnx2C1c2V+DEEbRyNVAMBCAeIeAQYFgoAIBYhBCqKJ4eXFUR67sWdDBjcy+NT +ljOUBQJnk8SyAhsMAAoJEBjcy+NTljOUU1gA+gOG/xzRisgItWABqBEfRk/v80cx +ztPaticmGWdSaBKIAQD1VI0iqy/BI0etk6xKPWfsLLsCOvy+4qfDliYL0oelBA== +=cXeC +-----END PGP PUBLIC KEY BLOCK----- diff --git a/flake.lock b/flake.lock index 5739a55..9b59e19 100644 --- a/flake.lock +++ b/flake.lock @@ -478,7 +478,28 @@ "hy3": "hy3", "hyprland": "hyprland", "hyprland-plugins": "hyprland-plugins", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_2", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737411508, + "narHash": "sha256-j9IdflJwRtqo9WpM0OfAZml47eBblUHGNQTe62OUqTw=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "015d461c16678fc02a2f405eb453abb509d4e1d4", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" } }, "systems": { diff --git a/flake.nix b/flake.nix index b24500b..58cdb6c 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,9 @@ # hyprland hy3 hy3.url = "github:outfoxxed/hy3"; hy3.inputs.hyprland.follows = "hyprland"; + # sops + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { nixpkgs, ... }@inputs: @@ -23,7 +26,7 @@ options = import ./options.nix; in rec { nixosConfigurations = { - shinji = import ./hosts/shinji.nix { inherit inputs options; }; + shinji = import ./hosts/shinji { inherit inputs options; }; }; homeConfigurations = { diff --git a/hosts/shinji.nix b/hosts/shinji.nix deleted file mode 100644 index 756cfe1..0000000 --- a/hosts/shinji.nix +++ /dev/null @@ -1,77 +0,0 @@ -# Shinji -# System configuration for my laptop - -{ - inputs, - options, - ... -}: - -inputs.nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - options - inputs.home-manager.nixosModules.home-manager - ../nix - { - # options - monitors = [{ - name = "eDP-1"; - scale = 1.25; - }]; - - # hardware - hardware.graphics.enable = true; - hardware.bluetooth.enable = true; - security.tpm2.enable = false; - - # bootloader - boot.loader.systemd-boot.enable = true; - boot.loader.efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot/efi"; - }; - - # hostname - networking.hostName = "shinji"; - - # kernel modules - boot.initrd.availableKernelModules = [ - "nvme" - "xhci_pci" - "thunderbolt" - "usb_storage" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - # firmware - hardware.enableRedistributableFirmware = true; - hardware.cpu.amd.updateMicrocode = true; - - # luks device - boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/ad489bfa-4280-44ea-8ad2-60347b516d60"; - - # root - fileSystems."/" = { - device = "/dev/disk/by-uuid/b43a7cf6-b9aa-44c2-ad29-da24ffa56901"; - fsType = "btrfs"; - }; - - # boot - fileSystems."/boot/efi" = { - device = "/dev/disk/by-uuid/6F93-6A0B"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - # swap - swapDevices = [ - { device = "/dev/disk/by-uuid/57caa02d-8569-43e3-8bf9-09dd6f02b191"; } - ]; - } - ]; -} diff --git a/hosts/shinji/default.nix b/hosts/shinji/default.nix new file mode 100644 index 0000000..d1a02a8 --- /dev/null +++ b/hosts/shinji/default.nix @@ -0,0 +1,74 @@ +# Shinji +# System configuration for my laptop + +{ + inputs, + options, + ... +}: + +inputs.nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + options + ../../nix + { + # options + hostName = "shinji"; + monitors = [{ + name = "eDP-1"; + scale = 1.25; + }]; + + # hardware + hardware.graphics.enable = true; + hardware.bluetooth.enable = true; + security.tpm2.enable = false; + + # bootloader + boot.loader.systemd-boot.enable = true; + boot.loader.efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + + # kernel modules + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # firmware + hardware.enableRedistributableFirmware = true; + hardware.cpu.amd.updateMicrocode = true; + + # luks device + boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/ad489bfa-4280-44ea-8ad2-60347b516d60"; + + # root + fileSystems."/" = { + device = "/dev/disk/by-uuid/b43a7cf6-b9aa-44c2-ad29-da24ffa56901"; + fsType = "btrfs"; + }; + + # boot + fileSystems."/boot/efi" = { + device = "/dev/disk/by-uuid/6F93-6A0B"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + # swap + swapDevices = [ + { device = "/dev/disk/by-uuid/57caa02d-8569-43e3-8bf9-09dd6f02b191"; } + ]; + } + ]; +} diff --git a/hosts/shinji/secrets.yaml b/hosts/shinji/secrets.yaml new file mode 100644 index 0000000..5bb89cf --- /dev/null +++ b/hosts/shinji/secrets.yaml @@ -0,0 +1,23 @@ +freyanetWg: ENC[AES256_GCM,data:TlaDyx3E6Gez8HHiihFGIGfVedLx9xXSzBNEPmZYC3rqWEHHTfsMh6xL5l8=,iv:qdygQeUQkpVCWOYJ9BLsBtN/F0sYU4fTKz+/Az1QyOg=,tag:88yeDqXtcHshVRiinn2Bsg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-01-24T17:54:22Z" + mac: ENC[AES256_GCM,data:IfPObEnZ46RUXjHwK4ibIlfwveqYaOHPtKgIhLjBuuElPHfvhSqgeN4KEwTDPnk38F39qRiyDA3TlEZjIvC856t+a5FG7UkdQRkOkotcqMPwtmEHz5YXw0gqMny7y4+iFMvog0NQL94ptodD0kD/OoJKt/2tGmm9Jv3yBO/qqwo=,iv:BGBONzCHiWLhS0AX9Xa3Rt8dZTzDEGWS0jr72GAx4bc=,tag:SIJyE/xWuxf2U2x2+1cX4w==,type:str] + pgp: + - created_at: "2025-01-24T17:54:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4D/YCJcy0T0DkSAQdAxr7yRTBbTqekdXYr4apLlMvUa00t07itX1tUfrQcQjsw + spxEodkxhj5ZiD/ohAQRBzhwMN+xhqo69b+yfRPYke1IXc8CqeQAJHGXZKxhlOPO + 0l4B7AD9YlNgegBsUhFm/7ll5t1oTy3xXzgVKpWhpqAnyMqzyKx7gZcZagjaRaDn + aMITJxTBRU8cmuZazUvu5O2lUKqFCj9Au/wP42eUWQphzsxKkGeYsnqr1z417N83 + =qn+4 + -----END PGP MESSAGE----- + fp: 2A8A27879715447AEEC59D0C18DCCBE353963394 + unencrypted_suffix: _unencrypted + version: 3.9.3 diff --git a/nix/default.nix b/nix/default.nix index 3cda7fe..d6e36ec 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -142,6 +142,14 @@ in options = { + # + # System information + # + hostName = mkOption { + type = types.str; + description = "Hostname of the system."; + }; + # # Primary user of the system # @@ -158,14 +166,14 @@ in description = "Primary email of the user"; }; homePath = mkOption { - type = types.str; + type = types.path; description = "Home directory path of the user"; - default = "/home/${config.user}"; + default = builtins.toPath "/home/${config.user}"; }; dotfilesPath = mkOption { - type = types.str; + type = types.path; description = "Dotfiles path inside the users home dir"; - default = "${config.homePath}/.config/nix"; + default = builtins.toPath "${config.homePath}/.config/nix"; }; # diff --git a/nix/home/default.nix b/nix/home/default.nix index 86cbfe6..66510fc 100644 --- a/nix/home/default.nix +++ b/nix/home/default.nix @@ -1,6 +1,10 @@ -{ config, pkgs, ... }: +{ config, pkgs, inputs, ... }: { + imports = [ + inputs.home-manager.nixosModules.home-manager + ]; + home-manager.users.${config.user} = { home.username = config.user; diff --git a/nix/programs/default.nix b/nix/programs/default.nix index c4a6f61..a6c2996 100644 --- a/nix/programs/default.nix +++ b/nix/programs/default.nix @@ -9,6 +9,7 @@ ./kitty ./mako ./neovim + ./sops ./ssh ./starship ./waybar diff --git a/nix/programs/gpg/default.nix b/nix/programs/gpg/default.nix index 92549ff..5629995 100644 --- a/nix/programs/gpg/default.nix +++ b/nix/programs/gpg/default.nix @@ -1,24 +1,35 @@ { config, lib, pkgs, ... }: +let + + keysDir = ../../../files/keys; + keys = lib.attrsets.mapAttrsToList (name: type: "${keysDir}/${name}") (builtins.readDir keysDir); + +in { home-manager.users.${config.user} = { + + # install keys into gpg keyring programs.gpg = { enable = true; - publicKeys = [ - { - source = ../../../files/keys/freya-gpg.pub; - trust = 5; - } - ]; + publicKeys = map (file: { source = file; trust = 5; }) keys; }; + # global gpg agent services.gpg-agent = { enable = true; enableExtraSocket = true; enableSshSupport = true; - #updateStartupTty = true; - pinentryPackage = pkgs.pinentry-curses; }; + + }; + + # yubikey support + services = { + pcscd.enable = true; + udev.packages = with pkgs; [ + yubikey-personalization + ]; }; } diff --git a/nix/programs/sops/default.nix b/nix/programs/sops/default.nix new file mode 100644 index 0000000..2447935 --- /dev/null +++ b/nix/programs/sops/default.nix @@ -0,0 +1,30 @@ +{ config, pkgs, inputs, ... }: + +let + + isEd25519 = k: k.type == "ed25519"; + getKeyPath = k: k.path; + keys = builtins.filter isEd25519 config.services.openssh.hostKeys; + +in +{ + imports = [ + inputs.sops-nix.nixosModules.sops + ]; + + environment.systemPackages = with pkgs; [ + sops + ]; + + sops = { + defaultSopsFile = config.dotfilesPath + "/hosts/${config.hostName}/secrets.yaml"; + validateSopsFiles = false; + + gnupg.home = config.homePath + "/.gnupg"; + gnupg.sshKeyPaths = []; + + secrets = { + freyanetWg = {}; + }; + }; +} diff --git a/nix/programs/wireguard/default.nix b/nix/programs/wireguard/default.nix index 83c2585..7e4ab7a 100644 --- a/nix/programs/wireguard/default.nix +++ b/nix/programs/wireguard/default.nix @@ -9,7 +9,7 @@ freyanet = { address = [ "10.2.0.2/32" "fd:cafe:dead:bee::2/128" "fe80::2/128" ]; dns = [ "10.2.2.2" ]; - privateKeyFile = "${config.dotfilesPath}/secrets/freyanet.key"; + privateKeyFile = config.sops.secrets.freyanetWg.path; peers = [{ publicKey = "x0ykwakpYCvI/pG+nR83lNUyeOE9m54thnX3bvZ+FUk="; diff --git a/nix/system/default.nix b/nix/system/default.nix index dbc34f5..65e6b73 100644 --- a/nix/system/default.nix +++ b/nix/system/default.nix @@ -4,6 +4,9 @@ # allow flakes nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # hostname + networking.hostName = config.hostName; + # common system packages environment.systemPackages = with pkgs; [ # editor @@ -42,7 +45,6 @@ networking.networkmanager.enable = true; services.fwupd.enable = true; services.libinput.enable = true; - services.pcscd.enable = true; services.printing.enable = true; services.pipewire = { enable = true; diff --git a/secrets.yaml b/secrets.yaml new file mode 100644 index 0000000..28ca3a6 --- /dev/null +++ b/secrets.yaml @@ -0,0 +1,34 @@ +freyanetWg: ENC[AES256_GCM,data:xRM6yS/p2PrntO33TCIUrv3giPAdtKapkK/cQoNmraAKQCNOkwccmn4kXY0=,iv:OHnIVZVDZ7mTHM9pNFPiEKLUl02C9I1yQtSp3JbSstk=,tag:LFlLKGYe0HcU/GvOVFrVbg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-01-24T17:44:07Z" + mac: ENC[AES256_GCM,data:KIRtBWMriL3LWC67RyJrKwcZtt5lYifHZJ3SgJf424CbRbTZtmPmQBCAiLy1Mctwjg8774by0e+mGMPRzI17GqIX26FSh8QWdTaW6o/p9YIIkjjQX8XDtASshZMYgqy/psEBA6NJ68vmAUFHaDpc7UYfy4nZ7jDu6NNVTXI9AsA=,iv:20n+SDE6EWaL+HKWSPY6a1NSa195gFIuMFiv6gccDRc=,tag:P/URXcSJcaogxmw+MXlh/Q==,type:str] + pgp: + - created_at: "2025-01-24T17:44:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4D0Q846mnV8HYSAQdAa2X6kxQtkBLjRtRbK26TGpr28mJWV8lTz6AxgYCsuQAw + 23kWYwg2wVdnTKCRcVcTYZcyqXx41Cl9tW/GAQRrUdZqDPKAqrNVI7W+/lNdgygz + 0l4B9zbWc86uX/2uTgTU08mNV5qedoSa0myxUhXDYcSaHT1UNWutIxcxyMjRimIR + pHmAnVaBmiDlCwq7TM4zSrg/N4mtbeRbWn0OVeaUPU8jZ6XmKaFFKLp262GC1Vn0 + =GiBI + -----END PGP MESSAGE----- + fp: D9AF0A4209B7C2DE11A884BFACBC553660D9993D + - created_at: "2025-01-24T17:44:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4D/YCJcy0T0DkSAQdAzsg6F1Y2KECBBychHLVefYwOOg3Lv7kgVK6rU4mH80sw + Cm4WOEkHJdloDSZRCXYs2maIYVDQoFM9pL4sLCr9Tpw050L9vSdI0IuWS7I8G9RR + 0l4B3mZM3R58dyyZw0p7br/oPXPavRguwFiTs5sa6EeDonclDvXjMhq2c1jVYWw8 + iC77SDpZ0X9wz/Mq4Fptd56ywFqg9Zx2Odu171eqH5W7majQyiBIaSJGBEnVX8LX + =OiC0 + -----END PGP MESSAGE----- + fp: 2A8A27879715447AEEC59D0C18DCCBE353963394 + unencrypted_suffix: _unencrypted + version: 3.9.3 -- cgit v1.2.3-freya