From 4cfbee7326c7632d9ebab75dbbb0add50e695e8d Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Mon, 23 Sep 2024 19:13:29 +0800 Subject: [PATCH] hosts/plover: update secrets and service configs --- configs/nixos/plover/files/ssh-key.pub | 2 +- .../nixos/plover/modules/services/backup.nix | 17 +---- .../nixos/plover/modules/services/grafana.nix | 2 +- configs/nixos/plover/modules/services/idm.nix | 2 +- .../plover/modules/services/vouch-proxy.nix | 16 +++-- configs/nixos/plover/secrets/secrets.yaml | 63 ++++++------------- 6 files changed, 36 insertions(+), 66 deletions(-) diff --git a/configs/nixos/plover/files/ssh-key.pub b/configs/nixos/plover/files/ssh-key.pub index 79ffd5d7..fafcec5b 100644 --- a/configs/nixos/plover/files/ssh-key.pub +++ b/configs/nixos/plover/files/ssh-key.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPEv1ER/bAK0tTrlZUEMfV28pMTgi4n8zLUOECo3ltNR Plover server +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGo3tfNQjWZ5pxlqREfBgQJxdNzGHKJIy5hDS9Z+Hpth plover.foodogsquared.one diff --git a/configs/nixos/plover/modules/services/backup.nix b/configs/nixos/plover/modules/services/backup.nix index bcede8f0..2b5b5e88 100644 --- a/configs/nixos/plover/modules/services/backup.nix +++ b/configs/nixos/plover/modules/services/backup.nix @@ -41,7 +41,7 @@ let yearly = 6; }; startAt = "monthly"; - environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg/ssh-key".path}"; + environment.BORG_RSH = "ssh -i ${config.sops.secrets."ssh-key".path}"; }; in { @@ -50,23 +50,10 @@ in config = lib.mkIf cfg.enable { sops.secrets = foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml { - "borg/repos/host/patterns/keys" = { }; - "borg/repos/host/password" = { }; "borg/repos/services/password" = { }; - "borg/ssh-key" = { }; }; services.borgbackup.jobs = { - # Backup for host-specific files. They don't change much so it is - # acceptable for it to be backed up monthly. - host-backup = jobCommonSettings { - patternFiles = [ - config.sops.secrets."borg/repos/host/patterns/keys".path - ]; - repo = borgRepo "host"; - passCommand = "cat ${config.sops.secrets."borg/repos/host/password".path}"; - }; - # Backups for various services. services-backup = jobCommonSettings { @@ -81,7 +68,7 @@ in programs.ssh.extraConfig = '' Host ${hetzner-boxes-server} - IdentityFile ${config.sops.secrets."borg/ssh-key".path} + IdentityFile ${config.sops.secrets."ssh-key".path} ''; }; } diff --git a/configs/nixos/plover/modules/services/grafana.nix b/configs/nixos/plover/modules/services/grafana.nix index 284207d7..52617ab6 100644 --- a/configs/nixos/plover/modules/services/grafana.nix +++ b/configs/nixos/plover/modules/services/grafana.nix @@ -166,7 +166,7 @@ in services.grafana.settings."auth.generic_oauth" = { api_url = authSubpath "oauth2/authorise"; client_id = "grafana"; - client_secret = "$__file{${config.sops.secrets."vouch-proxy/client/secret".path}"; + client_secret = "$__file{${config.sops.secrets."vouch-proxy/domains/${config.networking.domain}/jwt-secret".path}"; enabled = true; name = "Kanidm"; oauth_url = authSubpath "ui/oauth2"; diff --git a/configs/nixos/plover/modules/services/idm.nix b/configs/nixos/plover/modules/services/idm.nix index e050f1cc..3e389c4d 100644 --- a/configs/nixos/plover/modules/services/idm.nix +++ b/configs/nixos/plover/modules/services/idm.nix @@ -23,7 +23,7 @@ in enableServer = true; serverSettings = { domain = authDomain; - origin = "https://${authDomain}:${builtins.toString port}"; + origin = "https://${authDomain}"; bindaddress = "127.0.0.1:${builtins.toString port}"; ldapbindaddress = "127.0.0.1:3636"; role = "WriteReplica"; diff --git a/configs/nixos/plover/modules/services/vouch-proxy.nix b/configs/nixos/plover/modules/services/vouch-proxy.nix index 3065a12c..fb3a7066 100644 --- a/configs/nixos/plover/modules/services/vouch-proxy.nix +++ b/configs/nixos/plover/modules/services/vouch-proxy.nix @@ -5,6 +5,7 @@ let cfg = hostCfg.services.vouch-proxy; inherit (config.services.vouch-proxy.instances."${vouchDomain}") settings; + inherit (config.networking) domain; vouchDomain = "vouch.${config.networking.domain}"; authDomain = config.services.kanidm.serverSettings.domain; in @@ -14,6 +15,10 @@ in config = lib.mkIf cfg.enable (lib.mkMerge [ { + state.ports = { + "vouch-proxy-${domain}".value = 19900; + }; + sops.secrets = let vouchPermissions = rec { @@ -23,8 +28,8 @@ in }; in foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml { - "vouch-proxy/jwt/secret" = vouchPermissions; - "vouch-proxy/client/secret" = vouchPermissions; + "vouch-proxy/domains/${domain}/jwt-secret" = vouchPermissions; + "vouch-proxy/domains/${domain}/client-secret" = vouchPermissions; }; services.vouch-proxy = { @@ -32,16 +37,17 @@ in instances."${vouchDomain}".settings = { vouch = { listen = "127.0.0.1"; - port = 19900; + port = config.state.ports."vouch-proxy-${domain}".value; domains = [ "foodogsquared.one" ]; - jwt.secret._secret = config.sops.secrets."vouch-proxy/jwt/secret".path; + jwt.secret._secret = config.sops.secrets."vouch-proxy/domains/${domain}/jwt-secret".path; + cookie.secure = true; }; oauth = rec { provider = "oidc"; client_id = "vouch"; - client_secret._secret = config.sops.secrets."vouch-proxy/client/secret".path; + client_secret._secret = config.sops.secrets."vouch-proxy/domains/${domain}/client-secret".path; code_challenge_method = "S256"; auth_url = "https://${authDomain}/ui/oauth2"; token_url = "https://${authDomain}/oauth2/token"; diff --git a/configs/nixos/plover/secrets/secrets.yaml b/configs/nixos/plover/secrets/secrets.yaml index 1ffab658..0ec1d516 100644 --- a/configs/nixos/plover/secrets/secrets.yaml +++ b/configs/nixos/plover/secrets/secrets.yaml @@ -1,61 +1,38 @@ -ssh-key: ENC[AES256_GCM,data:UgJB9WiLs1nt8e95sYeBr9XJRw16CldxBFYazppwHD0Tx0rkv9YDsqJMdrMFQJJ15UgOx61yQ2rg56KoaR4cJIqQM/7foKY3+LgdI4ePtfnbGRebIMyeqCiEVWq+a5ppwsG6B9w9liRqaOG7LpD90JpXcLKVG6Lo/YwTmwDbOBGJHhyJk2DindJ7qWly1gcys5Mm9GTZmtuz8lKG7hNVQar5lmuq1fhyOolnxlFKCLG3zfumttVnT3U1ELd3TzZIaWnNIL7SuhfZDBko3ZO4bbDj/JdX1uNKlEh2FeS7Mp/DvylFlVleoQOMI9FTes/tQHmztVaA7DllYP6gKHzvLsKX577fXeoZihrGvQiNj11qDXxcj3qhUx/8iXdyVzvy/UTGWW5/QeDGNDsrT7wlwuVmqVHb7s+9Ep6Oq9tFbDQHkRMRv/Nl3C/xxtH23RuShJ1IjxXTPu9t+AiD/qPvecXyD0iZ9OX1YJn5AM9WyPLisEFasaFbgfhF6uDS2l61oCS3LPwjdbXA8UyB7vUi,iv:1OGfGUojkL0/DS+HMbyAK0GeVKa6AuQkyRwO5txiD54=,tag:TmD3ljgWGv0SNPq8GxI/kw==,type:str] -lego: - env: ENC[AES256_GCM,data:gmzfAQOK94baSS0nOHEX33n61kLbGRHqoAa1W+KnLsfC3RLSbtgeRXgmKfsKFwfd1czQE5Yf/ZB/eTjDSUPLfXcnt4OoiNAyJNxAoc5cpeveYIlp9WaqdSkcD+zefLPmwYDTVPyrBKS1qE8GjYBxpfObnesbwq8hxx9Tm19Z+MTB+DznYqhSFt5Yx5+VnBaeQBMKnLd3XGazRv//QnpUFvgJba0SF4mhD3I40SHKMt3enmj1M+ITIn99ELf7HG0XSCH7aGmccXraQNUnAOwdJCNXyFY/ASxoK0DLv8Um5VX6O04GZVg2y3EoGsNZkyH9T8/3jTg=,iv:iYct97YZhUcoy/C5aVmSlsHLEyPVlRP2pGdwvwTIm9w=,tag:Hf3CMJwUXY5yf0CUxPNbtQ==,type:str] -gitea: - db: - password: ENC[AES256_GCM,data:IyE1O7xzZqdycEayUAKh1L7+9rrpiPLQ6GevpsxWoDI7xmgCqlDCnY72jh1kQEvpGZxK1gfdP/fEQKX85T3imjwkAqPp4v6hRw==,iv:zChXWYtY1BIwE0ROJYtVj3FNhJbSLh/mu7adbhliawU=,tag:wSSx5horaghOjuiV7V/80w==,type:str] - smtp: - password: ENC[AES256_GCM,data:XmpnfRtKJ/jA174CFKqCMWkbqbRZRPOq27RVKVZdc5sn5Q6xLg5mTWWN0cKwuy/o+Ikrrx4D4HOgQdyzubxl+n+P87LA,iv:Ou3TlnoiK/8kr4Kl/iNpvMWm7Wv5Y5NqLk4FkxhG3ag=,tag:xSDTgo9w3sZxF2WMM2+yjg==,type:str] -vaultwarden: - env: ENC[AES256_GCM,data:4konD7dDPZsaQepjej6UB1w2xxSHNSslB1ELW5kJkNB2esY88J17Bi+ykpZtLIUwzZGNuONhpxQORU2O9YsUA7iK3SzBBbx8+HCZ67euISOt1ANMQq/GkZZiIWQXgjMpPMmxWaryzIk0ApaR+j1OMmMqIniKqOyumVDUL7RX+IH/SBzhPkIjADZoLDjeW4ovKJHBqJUqbwD8xhbN8sClOsaNANP+evax0zRnh8fx3ojMASVYrDbpt6AUGGrJY32PVjd55NFQalK/D57pNKqIos8A0zqD6aQXoo/jziyFQCNs5QCr07bsHza+ghQN5A==,iv:8BAMrNWFiidQKJ7huyxG7FTvBt0seBIg3RhoRRkmCtQ=,tag:SpNRNZ1i5Fo8EUAivph98w==,type:str] borg: repos: - host: - password: ENC[AES256_GCM,data:EEHtGBASOY1t1hGmtNZ7/Edc01v4yNZgpcycT04=,iv:pgQ43gqx9iYk+SfGkPQfknTixn0MLkeTJzhUhOzjw6A=,tag:ihuKeJnY/L5iBfx/pvBRYw==,type:str] - patterns: - keys: ENC[AES256_GCM,data:u+oNQAUoPVIZHAtjNhjg+P/n2XGLpFZGPKxgxwbkaCGXvTg5femyjPTghFKypeANfK13AuPu7RjjG68S/5+HfiB3,iv:zlicZvzURkhY2XIYLO1QFavV4gikZWRyL5BXZ7Oax7E=,tag:QWhMGYgUKkoocAFJW0GICQ==,type:str] services: - password: ENC[AES256_GCM,data:FDzK9Iv1iAhbRoSOiW1c0G5lW39BcivDAp0QzaW/XT2y,iv:VD/coWjhdsYAi8R03AqSH2kcqHHdqiXuxGINuWAwVek=,tag:mBLwdJGdOEEHO82rsvCYiw==,type:str] - ssh-key: ENC[AES256_GCM,data:XiI8QkWMzAB0Vs7rASp8Y1l+rBRWDyNZG7tM8mpetfkcOfUK9mOwzSeAkaivY73P7h7wlvwyz7rTGDdyoLd5707udIG8UfWnaZ80MQHFiB7INBm5Jccw9F1tHJaiUOXd8xPlthiq+QpBvg292cXGUfjNubjzJhJqLMfJQGJcsaQ0f0khSShMwA2x2kV4dRzdscuzbDTzPuWBTMJuGwkYSrq67d8lyoOYmZ4LuymofDgBh5d4i0Tg9IQAWyT24nCbtVfN4DJW9bXQ5aNyPbqTiTOHdRjuvKnyLMhX536rrrMH575nIOHH167f57bEzqMu9jvcHGFL41lZrAuKKyj9PdUhGHsvHl/H3spqI67B6BA8MnBAQTez5DiekmKiq0mwUQ1HUFR7Kf+RonZbiHJhw35J82Njt+OxbMjHFg6Ag4tG+GBBBBO+eRb7EkFXmSawl4XxLCdiYsXGSTI1qj+ei0poREWVy+mJ25YX61H+6UZrIOwGQe+PrIkfwjLktWMxny4WvuHyGkmGV6yw/+/sIKDCzcAvcQ/plmW60DL7hrACJIOFSzEe2MUDJx7wAv2o,iv:bw/ut6GXEYwSCafnEgYC2narGRQmL2lotD6ezZGl7+A=,tag:dxjER1TDJwXWPtKJb+UK9Q==,type:str] -wireguard: - private-key: ENC[AES256_GCM,data:6mrCsG7CSK7vTuG6kctevPPpIUKDPrHHfZJEPBfVq9AbuDkghT0jOy0nx+E=,iv:fEYzTOYWYIpfRIEBd0rxDc8uUCb1d1IyByguDXk9sVg=,tag:79miZddF6Sr4CwW/980HOw==,type:str] - preshared-keys: - ni: ENC[AES256_GCM,data:NAgNnVtPKCaaSagWCIet5pd5ZehymJPmhQShoO/ktqa1pl6MtzJsygbTktk=,iv:2/sOdNN6QX1Rou5xnq87t/m/kguPTthOXD8oXJfvM90=,tag:F/I2CYR9O1LAlLs/9LaXGg==,type:str] - phone: ENC[AES256_GCM,data:3wIv8mE7eYhvSjwcE9fwsUZhh2Svmzg+RFjJzvjvMyB9V3uvBYG8vmB751w=,iv:iSm4dXNVqFa52eq0Hhct1MGSoq4x7FFzWdjXHlkGTW8=,tag:Lr463ee5r/ZhEC78uYyzfQ==,type:str] -dns: - foodogsquared.one: - mailbox-security-key: ENC[AES256_GCM,data:CmiAcewC47dTlKX+PmWJrnSM7dreMImEL3nw6+MnJ2MCwcnakT8zUw==,iv:tRh4d+QUUqxzz+c0r6NLnnPOgqtYZNdE3RgCa7MbvE4=,tag:RHkPwRVt8+YCw61RwBZZzg==,type:str] - mailbox-security-key-record: ENC[AES256_GCM,data:vXwTyZEsov20GDkg/X2P/MJFKWkrijnNNHrGRp0AMJORh0H5/mnshQ==,iv:7BKnkKj1vwLYCcm1uoHF+Ndunl2enSoXRpReW/uuaAo=,tag:KTzU1MMwXard4+Ar4WrJhA==,type:str] - keybase-verification-key: ENC[AES256_GCM,data:HyNegHeHJCl39MV6RRpz2MmFXGfyp/riNnwWXTXGJye2wULe+y19DGPVdBSm9IaJKwK2CYtGDAQhD9OUw0MheQ252Xe3,iv:Lt/nKV++KjHaXip3zy3bB5oNPzO3Z5mIdZZEtDBKwLY=,tag:OpNhjpsUbBnGSJNYwlqDbQ==,type:str] - rfc2136-key: ENC[AES256_GCM,data:K6CRj09oQA/po/IYfM/LH1y8Hjt/gXewUxfDcEzZVsFCYs4CEpysnhFlu6P9Srwy0lXapZI+4x4kB0mY5TarxZc5OFpx+6Xslw964x10Eot1sTFn8Y7Mrogh8VwHFXdtKuvHKkHcW2nZshBnKv0FPsy6Wvv79NUwEfc=,iv:TJiq+z552fT0vVT1WKJUUwB+oP/sUGIav1ab8G/1ENc=,tag:aqpBcdWh2i551p8aAzsUXA==,type:str] -vouch-proxy: - client: - secret: ENC[AES256_GCM,data:mrmoCG5BLwh6t64GdqQAk8l1FmbFkFjc+8bxWuw3gWsEtSqFhWh8kkqSkEqxNPZe,iv:PM0aypX0v0rGaCMSiCJByjmPeeItnf88Q9JJD2kH+b4=,tag:782GJQGbW1ix/JWkvVYelw==,type:str] - jwt: - secret: ENC[AES256_GCM,data:umnvHy65jaY2zO064MuV2Fdmgkk4L6UO3ZHq031Bc4SssAKyZxD/7WmECU6m6JxHTlZHaUUYWwANvpM8pdeDDjM=,iv:fy8FbeWNsYiCioatBV0iTWsJzu6zU6Y4wluYjO4fRvs=,tag:D9jWFwl0F8e6ou5ZEPfzyA==,type:str] + password: ENC[AES256_GCM,data:oc+KxvGhTRPC7SbTSw0yTXOwyoemgPk0O9a3qK17,iv:vTeP9cRyrQaPSv1SvKhJSjBPrbDP3hd0FNtkfMNhTiY=,tag:RhG+d2iZZKyHs0g35UYd3g==,type:str] grafana: database: - password: ENC[AES256_GCM,data:G4pInfXbNdQyXb5KelZUQbuPwmjcYenEajuwUlBkusqkAGN7vImvkTaJtA==,iv:VrAYl2TNMjsGXWj+MHxxqJeK6TO3fmVrvjdTDMpKrUI=,tag:a5oy3rJV7BX3UfsWFaH2lw==,type:str] + password: ENC[AES256_GCM,data:FMuKd7qN3swSgth2bQD8pBB9xz92No/EzxeM,iv:rU1u9IrI3hdX305NlZryr/5dlsSgHEpNFwwEzpmCjII=,tag:IMJ6lSVQVYZUn3b8Ld8F6g==,type:str] users: admin: - password: ENC[AES256_GCM,data:+YTRP/+zoCyU6RoRCLpEy1lgOPguBUmw8A==,iv:MBvjmtHZdWvEmUVe5X5UQE/uOwr7sOPlAgpEj9NLV9Y=,tag:i3Y0sSINf8u4v0M7j8NySQ==,type:str] + password: ENC[AES256_GCM,data:OaOZRG+RzyHS74mluFQdQ5sbAz1tLflBpR6NAQ==,iv:yPalKMaZBbmDn8IdazywdTtRuv0Ebn5UL+NaQb+vQx4=,tag:uNxU+mpgrXakZzCT0hNnGw==,type:str] +vouch-proxy: + domains: + foodogsquared.one: + jwt-secret: ENC[AES256_GCM,data:wbl9lLyv2fY5tNNUm6k2RcsOb/2Qklrlq0QyThoiBBXKHQWOVOzGJnWgf/fa+EmpBnGOaN+SW0ZJragNYqFZpw==,iv:7fUWHUF9gnXdBUw32cfXCTMGqv3q2gwA+r/ybi3W5ro=,tag:nROn69VULdWDt6jIa5W2YQ==,type:str] + client-secret: ENC[AES256_GCM,data:9MdP5wSTLI3MiwTkDOytj5jR1iM=,iv:pBwC+KElxqg+9rYfQ9gOHL/hs8dCoWmvnDonC6gOpxQ=,tag:krN4rGgkzfskdEn0v3Q2Zg==,type:str] +lego: + env: ENC[AES256_GCM,data:v2WzqI7gU9A7N0R+/j4O5tbVHqk3Kdfd3JMMUvg9bGFHC7XnqsRIsuDptkuwHuGdeB8n0es0YABfPC28qIMrySZlyK0jXGZPED9zJSSvyGGz5Am5dM8HpG4sa7stGp4KylHlydB9Dj+MWL7iUEurssBszUzws0hgyMivAPV8Ff0g8JE2I8lCg562hn9qEsfe0uvCLKe7D4QYAKxa0+QEE5XhqqcQ,iv:m/c/YUIWUEk7tSx0utixw6c/SolxHnZfSj8U/1NTLhI=,tag:QmAAohBmTQMysDx4kZO1lQ==,type:str] +ssh-key: ENC[AES256_GCM,data:1YT7wI4ykEi1dis8+MlkLStri2vuHJs9tHefMNEdc1hA7/1KeS5KE7QHyn5xOSvBd9kO/mUjVptxfGiooqRy6dMN4U0JG+Akr+Ybsr5F1+ZltDPKwOYcnBpK47S5wm70OM4f9oiki8hJ4i0LrtuQq1L2x0pCCLuH2kNxbMgOomaRl8zW9vgR2B1lisRMv4pugCrNRkhqT9K2WTO3wOCZu9wj/C0IQwg07G0fW7Vuvt/p0/+rktRKDtm5F0aR4h8A+fbU6BxCfaQjHvu+A5aVCb2nvPTPtX80pOTerrcSTZe6bG5biN0n1Rq6xm9TtHLXvqFDTc1ES6dlAs0P4IgipGOeaCEvhkp+zCBF7iBg9Xj0kIJlXU1v36W8Xu7az+8fgYZXmizwgkw2eVJYpAnPx6oRmXQYpvHgzZJuVdvH/33E7Lg7j067bKC73fbQwtV97vBHfF+rrtr7w6IYwmxpRavyuB5Ze7xx48oVvMCInIk09KV2W3+ad+dZxrtOyVJHXzvh+H1UJeuAHIbsoH1b2C1sqOuhgu2BtmKIrfW8hX8Tjfc=,iv:XZtcySi+/XwPstuNyGa/nubABg+SE1r6iIfM/4n1+8Q=,tag:19W88F4xAxujD7VYtuVjBg==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1sj497yr895335rk77qqnrqyx9f7462ma3lz0a0x3w5cnla5uqgpspgggtz + - recipient: age1yftkhugwrdnlpl45lthrhvvk720zza2nd085sxvjcxg2guavz3kquktplx enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwMWVHc0J6OUhUSXN1V0hy - YmQxZ0QvVVd4UjJ5bDYyWGN0U1cwM1ZVckZZCmdsK2hjTThPUVRqcjBJR291Rjgv - NkwreGV5UlFQRCsrMCtFdVlBK2R6ZlkKLS0tIDJXOTBzZVdEa3NJU0MvT3RYd3NM - ZCtNbnFqdzNkVlBtNjVCdE4yNHMrRjQKfFV4GaReO0UO81xsTB0EuN5ibVsafXJY - miBgZAZWbJjSBcM4X+Fym/DlxHRoB1a6iFEFN9yg+Z9WI8PfjKnbsA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBia2xBRHdNTDRwdWQxS1VS + WWlid21PQjhwSG9YN0ducEFSUFdENmFiNmhRCjduZm9wSHZmelNETlRncTB3RlNX + YzNnSWhvVkRIUE1QNmFJQ3hKMUJVOFUKLS0tIE1lbVg0cUNsWVE2NTRxUnVLU3lF + UDZXbzZzTUJKWHFBNGxjcy9UdGxMSzAKtMdXLsuvsmpjoDAK1GZSDHBWTLAl5iJY + NRGL2GSkh72m1tQ5AXma34DR7WBNgwSkedLP6p/TR/J1ABpMJa551Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-07T13:04:41Z" - mac: ENC[AES256_GCM,data:Xr2f4SvYYeofp5OtBwQSkDkhzRsnT8JyPBd64CtVmiY9jxLq9afZqtfYmXifsX4MUxe2ilXOau1Af/zZVi7B3hdF5fE44QLSZL5sOra0NMO5YdHANAAXPBQ/CWhpt53SOOqT/prDR48qSTIk/vzhcOIVfaz9ypfFu3h7PdnWI4w=,iv:oFAHucurSOABGa0LqeuUA1xvgL0uVl4791G+6PN1uaA=,tag:bHlaVuHggjLONVoYWYA8IA==,type:str] + lastmodified: "2024-09-23T11:21:52Z" + mac: ENC[AES256_GCM,data:D8UBtJUtHNUkTm8g/Or6ammv1ertDzgOCIZc4q0+BtACfi+snTKa2o1kaoC+ERVBSKPbeTIpWcoYaC3fk8TuFxEzKXMlK7FLswThoYv8Pphn8Yas4nb6181R0pZkczULn4U3wB40d4g/Q4bhoZwpc3outrULWQy+JDejxXBjyvI=,iv:OrK42DziAuioX6RpCfnrHoUXVSiUelraCuuU/FSl3u4=,tag:zmjhRvsuxizPIBg5KXibqQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0