From f0c524a6ac40e153117caf11431d5c7a2edcd3f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 10 Jun 2023 20:53:47 +0200 Subject: init secrets --- .sops.yaml | 17 +++ 1systems/flake-x/config.nix | 41 ++++---- 1systems/flake-x/result | 1 + 1systems/flake-x/x13/default.nix | 21 ++-- 1systems/flake-x/x13/disk.nix | 5 +- 2configs/default.nix | 23 ++--- 2configs/gui/gnome.nix | 1 + 2configs/minimal.nix | 3 +- 2configs/secrets/user-passwords.nix | 14 +++ 3modules/krebs.nix | 25 ++--- flake.lock | 200 ++++++++++++++++++++++++++++++++++++ flake.nix | 75 ++++++++++++++ secrets/common.yaml | 34 ++++++ 13 files changed, 399 insertions(+), 61 deletions(-) create mode 100644 .sops.yaml create mode 120000 1systems/flake-x/result create mode 100644 2configs/secrets/user-passwords.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 secrets/common.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 000000000..b7a8aa566 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,17 @@ +keys: + - &makefu F7B8DCE46BC6B0A8F95477C8563B8DFE2A0E2029 + - &x_host age1hqe5hs2jz2fk5zvw346ajhwlagkheunacahpu42uruxu0nlnwy7qn9q5k6 +creation_rules: + - path_regex: secrets/common.yaml$ + key_groups: + - pgp: + - *makefu + - age: + - *x_host + # host secrets + - path_regex: 1systems/x/[^/]+\.yaml$ + key_groups: + - pgp: + - *makefu + - age: + - *x_host diff --git a/1systems/flake-x/config.nix b/1systems/flake-x/config.nix index 5b7535b75..f8059cc2b 100644 --- a/1systems/flake-x/config.nix +++ b/1systems/flake-x/config.nix @@ -1,13 +1,14 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, self, ... }: { imports = [ - # ./x13 # ./x230 + ./x13 + + (self + "/2configs/default.nix") ## Common Hardware Components - # ## ## # @@ -222,34 +223,32 @@ nixpkgs.config.allowUnfree = true; nixpkgs.config.oraclejdk.accept_license = true; - environment.systemPackages = [ xxx ]; - # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; networking.firewall.allowedUDPPorts = [ 665 26061 1514 ]; networking.firewall.trustedInterfaces = [ "vboxnet0" "enp0s25" ]; - # krebs.build.host = config.krebs.hosts.x; + krebs.build.host = config.krebs.hosts.x; #krebs.tinc.retiolum.connectTo = lib.mkForce [ "gum" ]; #krebs.tinc.retiolum.extraConfig = "AutoConnect = no"; # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; }; - #state = [ - # "/home/makefu/stockholm" - # "/home/makefu/.ssh/" - # "/home/makefu/.zsh_history" - # "/home/makefu/.bash_history" - # "/home/makefu/bin" - # "/home/makefu/.gnupg" - # "/home/makefu/.imapfilter" - # "/home/makefu/.mutt" - # "/home/makefu/docs" - # "/home/makefu/notes" - # "/home/makefu/.password-store" - # "/home/makefu/.secrets-pass" - # "/home/makefu/.config/syncthing" - #]; + state = [ + "/home/makefu/stockholm" + "/home/makefu/.ssh/" + "/home/makefu/.zsh_history" + "/home/makefu/.bash_history" + "/home/makefu/bin" + "/home/makefu/.gnupg" + "/home/makefu/.imapfilter" + "/home/makefu/.mutt" + "/home/makefu/docs" + "/home/makefu/notes" + "/home/makefu/.password-store" + "/home/makefu/.secrets-pass" + "/home/makefu/.config/syncthing" + ]; # services.syncthing.user = lib.mkForce "makefu"; # services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; diff --git a/1systems/flake-x/result b/1systems/flake-x/result new file mode 120000 index 000000000..f1d172d8c --- /dev/null +++ b/1systems/flake-x/result @@ -0,0 +1 @@ +/nix/store/svjw1v86maxhw6l7wy6s1p7rsxm7582i-nixos-vm \ No newline at end of file diff --git a/1systems/flake-x/x13/default.nix b/1systems/flake-x/x13/default.nix index 27ea0c99c..32d15df1a 100644 --- a/1systems/flake-x/x13/default.nix +++ b/1systems/flake-x/x13/default.nix @@ -1,15 +1,18 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, nixos-hardware, self, ... }: # new zfs deployment { imports = [ - ./zfs.nix ./input.nix + ./disk.nix ./battery.nix - - # close enough - # - - # + + (self + "/2configs/hw/bluetooth.nix") + (self + "/2configs/hw/tpm.nix") + (self + "/2configs/hw/ssd.nix") + # (self + "/2configs/hw/xmm7360.nix") + + nixos-hardware.nixosModules.lenovo-thinkpad-l14-amd + ]; boot.zfs.requestEncryptionCredentials = true; networking.hostId = "f8b8e0a2"; @@ -24,9 +27,7 @@ hardware.opengl.extraPackages = [ pkgs.amdvlk pkgs.rocm-opencl-icd pkgs.rocm-opencl-runtime ]; # For 32 bit applications hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages32 = with pkgs; [ - driversi686Linux.amdvlk - ]; + hardware.opengl.extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ]; # is required for amd graphics support ( xorg wont boot otherwise ) #boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkForce pkgs.linuxPackages; diff --git a/1systems/flake-x/x13/disk.nix b/1systems/flake-x/x13/disk.nix index 7ce77bdf5..3fae8d410 100644 --- a/1systems/flake-x/x13/disk.nix +++ b/1systems/flake-x/x13/disk.nix @@ -1,4 +1,7 @@ -{ disk ? "/dev/sda", ... }: { +{ ... }: +let + disk = "/dev/nvme0n1"; +in { disko.devices = { disk = { nvme = { diff --git a/2configs/default.nix b/2configs/default.nix index b54e32a82..e2e10aad2 100644 --- a/2configs/default.nix +++ b/2configs/default.nix @@ -1,13 +1,9 @@ { config, lib, pkgs, ... }: -with import ; +with lib; { imports = [ - { - users.users = - mapAttrs (_: h: { hashedPassword = h; }) - (import ); - } + ./secrets/user-passwords.nix ./editor/vim.nix ./binary-cache/nixos.nix ./minimal.nix @@ -16,9 +12,7 @@ with import ; # users are super important users.users = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; + root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; makefu = { uid = 9001; group = "users"; @@ -27,10 +21,10 @@ with import ; isNormalUser = true; useDefaultShell = true; extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; }; - nix.settings.trusted-users = [ config.krebs.build.user.name ]; + # nix.settings.trusted-users = [ config.krebs.build.user.name ]; nix.settings.experimental-features = [ "flakes" "nix-command" ]; boot.kernelPackages = lib.mkDefault pkgs.linuxPackages; @@ -39,13 +33,12 @@ with import ; krebs = { enable = true; - - dns.providers.lan = "hosts"; + # dns.providers.lan = "hosts"; build.user = config.krebs.users.makefu; }; - boot.tmpOnTmpfs = true; + boot.tmp.useTmpfs = true; environment.systemPackages = with pkgs; [ jq @@ -91,6 +84,6 @@ with import ; defaults.email = "letsencrypt@syntax-fehler.de"; acceptTerms = true; }; - system.stateVersion = lib.mkDefault "20.03"; + system.stateVersion = lib.mkDefault "23.05"; services.postgresql.package = pkgs.postgresql_14; } diff --git a/2configs/gui/gnome.nix b/2configs/gui/gnome.nix index 44ba2dd67..aa71c72ac 100644 --- a/2configs/gui/gnome.nix +++ b/2configs/gui/gnome.nix @@ -14,6 +14,7 @@ in #}; }; programs.dconf.enable = true; + home-manager.users.${mainUser}.dconf = { enable = true; settings = { diff --git a/2configs/minimal.nix b/2configs/minimal.nix index 0334422c8..04c997b54 100644 --- a/2configs/minimal.nix +++ b/2configs/minimal.nix @@ -7,14 +7,13 @@ # the only true timezone (even after the the removal of DST) time.timeZone = "Europe/Berlin"; - networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name; + # networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name; # we use gpg if necessary (or nothing at all) programs.ssh.startAgent = false; # all boxes look the same nix.settings.sandbox = true; - nix.settings.cores = 0; # until https://github.com/NixOS/nixpkgs/pull/50440 is in stable # we configure users via nix users.mutableUsers = false; diff --git a/2configs/secrets/user-passwords.nix b/2configs/secrets/user-passwords.nix new file mode 100644 index 000000000..68d94e9fa --- /dev/null +++ b/2configs/secrets/user-passwords.nix @@ -0,0 +1,14 @@ +{ config, ... }: +{ + sops.defaultSopsFile = ../../secrets/common.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + sops.secrets = { + "passwd/makefu".neededForUsers = true; + "passwd/root".neededForUsers = true; + }; + users.users = { + makefu.passwordFile = config.sops.secrets."passwd/makefu".path; + root.passwordFile = config.sops.secrets."passwd/root".path; + }; +} diff --git a/3modules/krebs.nix b/3modules/krebs.nix index bdddcf1a4..ea961015e 100644 --- a/3modules/krebs.nix +++ b/3modules/krebs.nix @@ -1,25 +1,26 @@ -{ lib }: +{ lib, ... }: # krebs emulation layer { - options = with lib.types;{ - krebs.hosts = mkOption { - default = {}; - type = attrsOf anything; - }; + options = with lib; with types;{ + #krebs.enable = mkEnableOption "krebs"; + #krebs.hosts = mkOption { + # default = {}; + # type = attrsOf anything; + #}; krebs.build = mkOption { default = {}; type = attrsOf anything; }; - krebs.users = mkOption { - default = {}; - type = attrsOf anything; - }; + #krebs.users = mkOption { + # default = {}; + # type = attrsOf anything; + #}; }; config = { - users.makefu = { + krebs.users.makefu = { name = "makefu"; mail = "makefu@x.r"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x"; }; - } + }; } diff --git a/flake.lock b/flake.lock new file mode 100644 index 000000000..de9b56e81 --- /dev/null +++ b/flake.lock @@ -0,0 +1,200 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1686222354, + "narHash": "sha256-dtqnAwzucKZv54dTrLetIXhOavUrCsdqOe+JtFH9riE=", + "owner": "nix-community", + "repo": "disko", + "rev": "5d9f362aecd7a4c2e8a3bf2afddb49051988cab9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1685662779, + "narHash": "sha256-cKDDciXGpMEjP1n6HlzKinN0H+oLmNpgeCTzYnsA2po=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "71fb97f0d875fd4de4994dfb849f2c75e17eb6c3", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1686391840, + "narHash": "sha256-5S0APl6Mfm6a37taHwvuf11UHnAX0+PnoWQbsYbMUnc=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "0144ac418ef633bfc9dbd89b8c199ad3a617c59f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nix-ld": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1682533818, + "narHash": "sha256-2Fzjk3jL7rlyLjPKWy05zU8SGm04M3mbzohk51vkw3Y=", + "owner": "Mic92", + "repo": "nix-ld", + "rev": "29f15b1f7e37810689974ef169496c51f6403a1b", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "nix-ld", + "type": "github" + } + }, + "nix-writers": { + "flake": false, + "locked": { + "lastModified": 1677612737, + "narHash": "sha256-UaCKZ4PbMZU6UZH7XNFcjRtd5jheswl66rjZDBfQgp8=", + "ref": "refs/heads/master", + "rev": "66a1f6833464bbb121b6d94247ad769f277351f8", + "revCount": 39, + "type": "git", + "url": "https://cgit.krebsco.de/nix-writers" + }, + "original": { + "type": "git", + "url": "https://cgit.krebsco.de/nix-writers" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1686217350, + "narHash": "sha256-Nb9b3m/GEK8jyFsYfUkXGsqj6rH05GgJ2QWcNNbK7dw=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "e4b34b90f27696ec3965fa15dcbacc351293dc67", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1686331006, + "narHash": "sha256-hElRDWUNG655aqF0awu+h5cmDN+I/dQcChRt2tGuGGU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "85bcb95aa83be667e562e781e9d186c57a07d757", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "flake-parts": "flake-parts", + "home-manager": "home-manager", + "nix-ld": "nix-ld", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix", + "stockholm": "stockholm" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": [] + }, + "locked": { + "lastModified": 1685848844, + "narHash": "sha256-Iury+/SVbAwLES76QJSiKFiQDzmf/8Hsq8j54WF2qyw=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "a522e12ee35e50fa7d902a164a9796e420e6e75b", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "stockholm": { + "inputs": { + "nix-writers": "nix-writers", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1686400260, + "narHash": "sha256-nW2GqH3yYZl5XRYHN4MpaaO4r01GNEMSPjklJmdIUic=", + "path": "/home/makefu/stockholm-flakes", + "type": "path" + }, + "original": { + "path": "/home/makefu/stockholm-flakes", + "type": "path" + } + }, + "utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 000000000..455bffd31 --- /dev/null +++ b/flake.nix @@ -0,0 +1,75 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; + + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + sops-nix.inputs.nixpkgs-stable.follows = ""; + + nixos-hardware.url = "github:NixOS/nixos-hardware"; + + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + + flake-parts.url = "github:hercules-ci/flake-parts"; + flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; + + nix-ld.url = "github:Mic92/nix-ld"; + nix-ld.inputs.nixpkgs.follows = "nixpkgs"; + + # stockholm.url = "git+https://cgit.lassul.us/stockholm?ref=flakeify"; + stockholm.url = "path:///home/makefu/stockholm-flakes"; + stockholm.inputs.nixpkgs.follows = "nixpkgs"; + + }; + description = "Flakes of makefu"; + + outputs = { self, nixpkgs, disko, nixos-hardware, nix-ld, sops-nix, stockholm, ...}@inputs: let + + + in { + nixosModules = + let + inherit (nixpkgs) lib; + in builtins.listToAttrs + (map + (name: {name = lib.removeSuffix ".nix" name; value = import (./3modules + "/${name}");}) + (lib.filter + (name: name != "default.nix" && !lib.hasPrefix "." name) + (lib.attrNames (builtins.readDir ./3modules)))); + + nixosConfigurations.x = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + specialArgs = { + inherit (inputs) nixos-hardware self stockholm; + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + overlays = [(self: super: { stockholm.lib = stockholm.lib; })] ; + }; + }; + modules = [ + disko.nixosModules.disko + nix-ld.nixosModules.nix-ld + sops-nix.nixosModules.sops + + stockholm.nixosModules.krebs + stockholm.nixosModules.hosts + stockholm.nixosModules.users + stockholm.nixosModules.build + stockholm.nixosModules.dns + stockholm.nixosModules.kartei + stockholm.nixosModules.sitemap + + self.nixosModules.state + #self.nixosModules.krebs + ./1systems/flake-x/config.nix + ]; + + }; + }; + +} diff --git a/secrets/common.yaml b/secrets/common.yaml new file mode 100644 index 000000000..cb5bf74d2 --- /dev/null +++ b/secrets/common.yaml @@ -0,0 +1,34 @@ +passwd: + makefu: ENC[AES256_GCM,data:Z3b+aYQtENF0g/iSpQRSy2lxh2qToT7YfHDVDOPfpVaiSPdoFA0jEyWQ0Vk70AVNMQa7wPrXjbMLKdfTmnS7mKzc9Ivjr8gA9lSfcs3L8MY+Y0fSAtuoPJncIcvt1uL+pLUvSow7hHWg8A==,iv:H9RS2U6WjCIJ2GySw2QdXm4538wvTgVYVU3/hNEUCME=,tag:RT3OK41TZgmOtNEFz19Eug==,type:str] + root: ENC[AES256_GCM,data:nxxIQPFgZu8YyI8HASuO0Tj7ABWxnqcPOztSGEk0R6YZCYMeOeoTgyH2/Wa325ul3iry8vnDsbBa+2S2Y0b+oV/wnPgIoa7LKjHYlIseCArB/LD9+oi8XRkJbsQSISEmoMyobmYc5SysNg==,iv:wkMyMkeL8hrTIG9PUrqwBnrUY92U9OotkP9rz9zKs5A=,tag:xiazIbBkR8505qrOsWn26Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-06-10T17:34:46Z" + mac: ENC[AES256_GCM,data:0Fyw+XASLLE2MhvJJ0mR0zvdu2YiGv2Ud4Fq34/RdRCx0+S+9qhwQbe93M6F7ZN4udeHQj4Nory3dg3nJlABQY2DDS3BXhA9OX7SR8p5SJ9uKWNwhpavBXPBgzU381NJNB+2KX/KByszkGRJ4DS8QQ5ELWn+9guLdvPPitAjbs8=,iv:wTzFPC+I4g3CDU6lqS9GBHHdYmAAqUCf2nTjJDAdSO4=,tag:OnByw19WU0cOx6lHvJcq6Q==,type:str] + pgp: + - created_at: "2023-06-10T17:32:09Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA9JutVRDNegnARAAm0iApGGZ3oT5K1WbIgbTSglPpyOl92GYojEh+0w0AU/1 + 6+s2uSBO/7/fIRFOObLeK0TojHX2rJhwD6Q6+M7A2Lei3RYURZvwjL0A5IhTCBUd + pYIsGrEURshz7yOVKiqrTnjIWxfmkBjCIeukLbhKyW+mMD2O1WhDloUnCHtviXNa + W8S8TTnRg9r36hUYjnP7tp9PWAmJZpcP8QpGoeYJwxQN9/Yp9czg70X5pcTz9IXO + MIgXMKFgj/ShfMgKdUjI8N80IG+b8DOQWpkVJGduUJd2JT5TpFKIuqLpbMbnKGhz + Jso4s6cV9ZX+ZC/NId46idAlhODBiiEd8lKydq8uYh/W4UcRqz4q7nYtyb541cWz + hNVO4DRDWGW2U7dabhmtHHaNB1OxzbeRh3+xto7pMkxCGXZ9NX5D+ARgDagTEW+6 + D7aqqxH6gykoZdDKd8u22iJVEoHdqRcoFUXNtr4ETIpjzzMWvOqhwe8CcdA6ySjF + Pm27TpCKVEJOWTWEz0/AaQhdBz6WLI7W5ldaFDOt3f7/OTxzg8GApGwDyXydWKHl + 2/kn9pbGhgvYjTSfK17NwhSQicQznRjXR7XMv1Vh6vs7IeMEZ/eUFJkGSLyxquza + Fa7+2gJL/cA1x2Vh81h3bb0QxELM/RnV+mpdpNAIlxlQxU4uq+lw5iJTJrr58mHS + UQHaIaiBd21CACz79Yb0TgJTSSjoYVgv7bbYk1KMfk6hlegF2FN7txe4RHVs7yVi + Myv/27m1bKuwlrXqbxbzvy8hF845y7WUd6T0UEBkBTxKFw== + =i/3A + -----END PGP MESSAGE----- + fp: F7B8DCE46BC6B0A8F95477C8563B8DFE2A0E2029 + unencrypted_suffix: _unencrypted + version: 3.7.3 -- cgit v1.2.3