diff --git a/disko/impermanence-btrfs-luks.nix b/disko/impermanence-btrfs-luks.nix index dd0fc39..74ce405 100644 --- a/disko/impermanence-btrfs-luks.nix +++ b/disko/impermanence-btrfs-luks.nix @@ -1,4 +1,8 @@ -{device ? throw "Set this to your disk device, e.g. /dev/sda", ...}: +{ + device ? throw "Set this to your disk device, e.g. /dev/sda", + lib, + ... +}: # IMPORTANT # Calculate offset using https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Acquire_swap_file_offset # AND create this config @@ -77,4 +81,28 @@ }; fileSystems."/persist".neededForBoot = true; + boot.initrd.postResumeCommands = lib.mkAfter '' + mkdir -p /btrfs_tmp + mount /dev/disk/by-label/nixos /btrfs_tmp + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; } diff --git a/disko/impermanence-btrfs.nix b/disko/impermanence-btrfs.nix index 097a1bd..a4a6883 100644 --- a/disko/impermanence-btrfs.nix +++ b/disko/impermanence-btrfs.nix @@ -70,4 +70,28 @@ }; }; }; + boot.initrd.postDeviceCommands = '' + mkdir -p /btrfs_tmp + mount /dev/root_vg/root /btrfs_tmp + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; } diff --git a/flake.nix b/flake.nix index 8681968..99e6002 100644 --- a/flake.nix +++ b/flake.nix @@ -263,7 +263,10 @@ system = x86; pkgs = kylekrein-framework12-pkgs nixpkgs; modules = [ - (import ./disko/impermanence-btrfs-luks.nix {device = "/dev/nvme0n1";}) + (import ./disko/impermanence-btrfs-luks.nix { + device = "/dev/nvme0n1"; + lib = (kylekrein-framework12-pkgs nixpkgs).lib; + }) ./nixos/configuration.nix ]; }; diff --git a/nixos/configuration.nix b/nixos/configuration.nix index d2ebadf..8380ea9 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -241,6 +241,9 @@ in { home-manager = { useGlobalPkgs = true; useUserPackages = true; + sharedModules = [ + inputs.sops-nix.homeManagerModules.sops + ]; }; programs.bash = { @@ -281,7 +284,6 @@ in { settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "no"; - extraConfig = "HostKey ${config.sops.secrets."ssh_keys/${hwconfig.hostname}".path}"; }; # Open ports in the firewall. diff --git a/nixos/homes/kylekrein/niri.nix b/nixos/homes/kylekrein/niri.nix index b4a1408..1e39674 100644 --- a/nixos/homes/kylekrein/niri.nix +++ b/nixos/homes/kylekrein/niri.nix @@ -9,12 +9,10 @@ hwconfig, username, ... -}: -let -lisgd-patched = pkgs.callPackage ./lisgd.nix {}; -wvkbd-patched = pkgs.callPackage ./wvkbd.nix {}; -in -{ +}: let + lisgd-patched = pkgs.callPackage ./lisgd.nix {}; + wvkbd-patched = pkgs.callPackage ./wvkbd.nix {}; +in { programs.fuzzel = { enable = true; settings.main.terminal = "kitty"; @@ -62,7 +60,11 @@ in command = [ "${lib.getExe pkgs.brightnessctl}" "set" - (if hwconfig.hostname == "kylekrein-framework12" then "20%" else "25%") + ( + if hwconfig.hostname == "kylekrein-framework12" + then "20%" + else "25%" + ) ]; }; touchscreen-gestures = lib.mkIf (hwconfig.hasTouchscreen) { @@ -70,16 +72,16 @@ in "while true; do ${lisgd-patched}/bin/lisgd; done" #https://git.sr.ht/~mil/lisgd ]; }; - touchscreen-keyboard = lib.mkIf(hwconfig.hasTouchscreen){ - command = [ - "${wvkbd-patched}/bin/wvkbd" - "--hidden" - ]; - }; + touchscreen-keyboard = lib.mkIf (hwconfig.hasTouchscreen) { + command = [ + "${wvkbd-patched}/bin/wvkbd" + "--hidden" + ]; + }; in [ set-low-brightness touchscreen-gestures - touchscreen-keyboard + touchscreen-keyboard { command = [ "${lib.getExe pkgs.networkmanagerapplet}" diff --git a/nixos/homes/kylekrein/wvkbd.nix b/nixos/homes/kylekrein/wvkbd.nix index 5ceede7..c882117 100644 --- a/nixos/homes/kylekrein/wvkbd.nix +++ b/nixos/homes/kylekrein/wvkbd.nix @@ -1,15 +1,18 @@ -{wvkbd, fetchFromGitHub, ...}: -let +{ + wvkbd, + fetchFromGitHub, + ... +}: let niri-patch = ./wvkbd-niri.patch; #https://github.com/jjsullivan5196/wvkbd/issues/70 in -wvkbd.overrideAttrs (final: prev: { - version = "0.17"; - src = fetchFromGitHub { - owner = "Paulicat"; - repo = "wvkbd"; - rev = "ac02545ab6f6ccfa5b6f132414021ba57ea73096"; - hash = "sha256-py/IqNEEaTOx/9W935Vc47WoNFz99+bNaYD0sL//JmY="; - }; - installFlags = prev.installFlags ++ ["LAYOUT=vistath"]; - patches = prev.patches or [] ++ [ niri-patch ]; -}) + wvkbd.overrideAttrs (final: prev: { + version = "0.17"; + src = fetchFromGitHub { + owner = "Paulicat"; + repo = "wvkbd"; + rev = "ac02545ab6f6ccfa5b6f132414021ba57ea73096"; + hash = "sha256-py/IqNEEaTOx/9W935Vc47WoNFz99+bNaYD0sL//JmY="; + }; + installFlags = prev.installFlags ++ ["LAYOUT=vistath"]; + patches = prev.patches or [] ++ [niri-patch]; + }) diff --git a/nixos/hosts/andrej-pc/configuration.nix b/nixos/hosts/andrej-pc/configuration.nix index 55e99b2..ad3a074 100644 --- a/nixos/hosts/andrej-pc/configuration.nix +++ b/nixos/hosts/andrej-pc/configuration.nix @@ -295,7 +295,6 @@ settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "no"; - #extraConfig = "HostKey ${config.sops.secrets."ssh_keys/${hwconfig.hostname}".path}"; }; # Open ports in the firewall. diff --git a/nixos/hosts/andrej-pc/default.nix b/nixos/hosts/andrej-pc/default.nix index 65abf24..8f3daeb 100644 --- a/nixos/hosts/andrej-pc/default.nix +++ b/nixos/hosts/andrej-pc/default.nix @@ -31,6 +31,5 @@ hardware.nvidia.open = lib.mkForce false; #hardware.nvidia.package = lib.mkForce config.boot.kernelPackages.nvidiaPackages.latest; - #sops.secrets."ssh_keys/${hwconfig.hostname}" = {}; systemd.network.wait-online.enable = lib.mkForce false; } diff --git a/nixos/hosts/kylekrein-framework12/default.nix b/nixos/hosts/kylekrein-framework12/default.nix index f88e1c3..12241aa 100644 --- a/nixos/hosts/kylekrein-framework12/default.nix +++ b/nixos/hosts/kylekrein-framework12/default.nix @@ -23,7 +23,9 @@ ./hibernation.nix ]; - sops.secrets."ssh_keys/${hwconfig.hostname}" = {}; + boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; + services.scx.enable = true; # by default uses scx_rustland scheduler + services.fwupd.enable = true; #fwupdmgr update nixpkgs.overlays = [ # Fixes java crash because of bind mount with impermanence when loading too many mods(ex. All The Mods 9) diff --git a/nixos/hosts/kylekrein-homepc/default.nix b/nixos/hosts/kylekrein-homepc/default.nix index e2ca1bf..c5a9afd 100644 --- a/nixos/hosts/kylekrein-homepc/default.nix +++ b/nixos/hosts/kylekrein-homepc/default.nix @@ -23,7 +23,6 @@ boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; services.scx.enable = true; # by default uses scx_rustland scheduler - sops.secrets."ssh_keys/${hwconfig.hostname}" = {}; nixpkgs.overlays = [ # Fixes java crash because of bind mount with impermanence when loading too many mods(ex. All The Mods 9) (self: super: { diff --git a/nixos/hosts/kylekrein-mac/default.nix b/nixos/hosts/kylekrein-mac/default.nix index 9024d9e..e905c6e 100644 --- a/nixos/hosts/kylekrein-mac/default.nix +++ b/nixos/hosts/kylekrein-mac/default.nix @@ -16,7 +16,6 @@ ../../users/kylekrein ]; - sops.secrets."ssh_keys/${hwconfig.hostname}" = {}; facter.reportPath = lib.mkForce null; #fails to generate boot.binfmt.emulatedSystems = ["x86_64-linux"]; nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems; diff --git a/nixos/hosts/kylekrein-server/default.nix b/nixos/hosts/kylekrein-server/default.nix index 665ef58..701494d 100644 --- a/nixos/hosts/kylekrein-server/default.nix +++ b/nixos/hosts/kylekrein-server/default.nix @@ -25,7 +25,6 @@ config = { home-manager.users = lib.mkForce {}; stylix.image = ../../modules/hyprland/wallpaper.jpg; - #sops.secrets."ssh_keys/${hwconfig.hostname}" = {}; boot.tmp.cleanOnBoot = true; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; @@ -56,7 +55,6 @@ settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "no"; - #extraConfig = "HostKey ${config.sops.secrets."ssh_keys/${hwconfig.hostname}".path}"; }; zramSwap = { diff --git a/nixos/modules/impermanence/default.nix b/nixos/modules/impermanence/default.nix index a0647c0..df2703f 100644 --- a/nixos/modules/impermanence/default.nix +++ b/nixos/modules/impermanence/default.nix @@ -4,7 +4,6 @@ inputs, ... }: let - isBtrfs = config.fileSystems."/".fsType == "btrfs"; in { imports = [ inputs.impermanence.nixosModules.impermanence @@ -48,32 +47,4 @@ in { ]; programs.fuse.userAllowOther = true; - boot.initrd.postDeviceCommands = lib.mkAfter ( - if isBtrfs - then '' - mkdir /btrfs_tmp - mount /dev/root_vg/root /btrfs_tmp - if [[ -e /btrfs_tmp/root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/root - umount /btrfs_tmp - '' - else '''' - ); } diff --git a/nixos/modules/sops/.sops.yaml b/nixos/modules/sops/.sops.yaml index 2c2fa2b..b304778 100644 --- a/nixos/modules/sops/.sops.yaml +++ b/nixos/modules/sops/.sops.yaml @@ -1,7 +1,9 @@ keys: - &primary age1l8euy4w4nccrpdmfdfct468parcrulkqcts2jcljajs2as0k7passdv2x4 + - &kylekrein-framework12 age10s6c9har9pg2a0md30fhpp2mfy89xxrrnu5dwrjtqzh3lktcdaysq7st65 creation_rules: - path_regex: secrets/secrets.yaml$ key_groups: - age: - *primary + - *kylekrein-framework12 diff --git a/nixos/modules/sops/default.nix b/nixos/modules/sops/default.nix index f5ebda2..50128c9 100644 --- a/nixos/modules/sops/default.nix +++ b/nixos/modules/sops/default.nix @@ -14,7 +14,8 @@ in { environment.systemPackages = with pkgs; [sops]; sops.defaultSopsFile = ./secrets/secrets.yaml; sops.defaultSopsFormat = "yaml"; - sops.age.keyFile = keyPath; + sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key" "/home/kylekrein/.ssh/id_ed25519"]; + #sops.age.keyFile = keyPath; # This will generate a new key if the key specified above does not exist sops.age.generateKey = true; } diff --git a/nixos/modules/sops/secrets/secrets.yaml b/nixos/modules/sops/secrets/secrets.yaml index b20cfdb..04830e9 100644 --- a/nixos/modules/sops/secrets/secrets.yaml +++ b/nixos/modules/sops/secrets/secrets.yaml @@ -2,10 +2,6 @@ users: kylekrein: ENC[AES256_GCM,data:DNLVQ4IPFhUG9MR9hk2BuElvfNZIky3nMGWgilutRwvT3wl25vOLEETrBFoWUO+2ZgLSnhtwWtIJhNlRlTK/rsrUNVTOdwq9AA==,iv:Z+dhr33Wotm064IcwtNfFpvQeL03T29Dn3Bl9VqPL1g=,tag:Qe3sOY0DegSKDptBjnbFrQ==,type:str] tania: ENC[AES256_GCM,data:veo/dKQpztSGLfCxpWqoTOlPqSaNeNW2pYrTU9z125hjBVt2LC8X+mDp8vA0r8QFKpkGr1BiwviUTuXsSO1IXn3nHfDGsHQqFQ==,iv:q3pCcil1wiKe5xC6QEn3Q4wV1icW+3CCUQw6QZIINWU=,tag:XvBfIEORfdTcUihtcJQZVg==,type:str] andrej: ENC[AES256_GCM,data:x/cWcswSDMFxXSLXe1JWGnQAuPYWM5AU4X3WxVAqUIifcYWxxynMfL9LXEgo3sP1IvRyp4FW+voWQrJM/KGdbYkkrAJNhbD7/Q==,iv:C51H9Zz4nxB+K1cohRq+1oPQ/ckDgVCMW4vB4+3wEt8=,tag:8ENLfMIoHbJGxceCKZulxg==,type:str] -ssh_keys: - kylekrein-mac: ENC[AES256_GCM,data:Gnh34OQWO6eQfNfyYZsVfvktknmZorQYF+lNMKYvV7XkKjZ3RQNHyJ3UWOX+sVwWdtF7EboXkBPdHvnyLvDVIyv7trxTU5IXQzOI+34AKfPHa828HuOLk0AclCmm6GcNq/X4dKTX5DADG4cE4/V+KtdjvSMtLX7I1cjlfsN7JzcsnjERbK8Q0pTMuA44IUdnh0odH9xFEP/f/hVZZZhc5vrMfAqSx3lQxCF62c0wJaorobsPSM7BTzorVgnMnc3zJRAlgQnCnAe306/6g4hurBteIVeGFhA8gSk1fjZh2fm0opo/lgvHRJOwfpvRWJGEedx7hEpjsDr8BRxeBc2OHaRO5UP+fYh8Qtki8ZeFUjr/psjRRz128Kr0C+NS0AByZtwg54d705uwsnf79jPdM1ewGryCcsxqYWCvT0174cIg3sLdQvPnESbV1zU+QsVskFZwYL+gLtzuAwExPW7cM12M/HS+Eb5xtWvRA46FZ/dnKFwQkUA/VgSi08eC5/EYg8dFBht9hDK+kiLPGHML8A6a3CoiMf0pd+DbdOxA21F0Tw==,iv:oEXxrvWosuiH2wSoSkP7YMwBQu3JKIhn/YeiaTL/UT4=,tag:XgBw2q/6LPWg2zuOC9Wb+w==,type:str] - kylekrein-homepc: ENC[AES256_GCM,data:/7b7wHk9jX+2Gel3157KO4YHia+IyEurUic0BX9flNKdsjIyG/3N8lORAkIjwnPlFaN2VqGu6o1pFgW2dzkSAyATQIUeWpqL5rjxsG3mJ9/9TLh58Y7MIpFKx2r8AeUY0xEAhT1A4BCbnDMsneQtM9gBkgPdhhv6vVpe4XJS3n+dGPER/bQxxRbEt260EjxvL1OPf5C7Z7qNVhOzxNdgdJMQvXxyhRGlXRrrHFRdbw0nChStevgBL4+FoMuBFkqF/aJSoapwe8PNxp8z+Hk5Em+BQv/ieFcscESssCK1gSbvfz6MQyX+5ig+Gy+t28yy56/ir44PHwX47IOILzg7lABSvN+Uyt+sRKyBfx124hJjqgXf65YQ/fgknQt0NDKwZyP/gPSLC9HiLKdva/P9nuenfSnlLrGtfugejBAVQBMOP2HTp/ZKtveeKLVIzM7NLeHAw8ul1OL8OlOgyO3vhEkEVagLwtQYHqwoF7+z30TzTtGyDzuhohbhUH36D8BD/LTaPHxnnVIzWq/IBOmAU06U/EvS5x/JJtqMm8aaDFFEYA==,iv:+4umMhsr8s0IuiYuEdhDAOfLjAELEHbFVvWqaVyF2yQ=,tag:eE9gCZ3pC4wDLeMs5cQGZg==,type:str] - kylekrein-framework12: ENC[AES256_GCM,data:mrdF0QNEgtuA+DfIsOFI63fTVwT8G8g7gH9aMRJ+8Z5b/BrlsaP2/ghFhRB2aFtLvs4FamNQIS88rnbdAd/3FyhS7rLnPfuMQIPwFQqHTfxKyx9BDnZsDIPbJUnBxm5mf635CQ0Oif4EqIJPCioAkZ4bTwiRTfB9tALJD0FkgOVTVpjmEB0caC7UZRYoxAixLYmo1uklK/ifhh+JMcF9T2f3yAEQG5qh+3uTQFP/bxOYkWkLv9cKZSXtStVu20Zwg2KvWuWhTWEYgOl8WTAjtUcyaN2Z/DxuHoKkUCce9e53o4kYJIKj6UENnpgUj0nqFUf1C+qRPvhM4TsCKvmbFFv08IwkszI5+FsmfVZCgaV6GEmGjyZjaN4w70mwtLEXjGAnZRSP0gMhlhJdEn1Suj3fQ2ki4B9LhkPGoSHE0pam53Cl1D3tSQnDqSIR6cKzEktwoDXak7VzwNFCOszLhi31TgbGbktrOMk/OS0lyDatmv5uqi52JjnCEFcIxIY9A5IzKobU5TYeqTZ622rQjiY7jscO5y2X8qSSCRLMX288qoVOXf/+E3tuglnxe3s=,iv:Cnt142OCG5uFDAzT51ztU4EF6cfzZ6Kr2iACA62lGFU=,tag:Agum3lmsVEGBpPm4HJcZfw==,type:str] services: conduwuit: ENC[AES256_GCM,data:1shEq67QJTkeqrfYSr/eYG7gYWH//5ey6XQ=,iv:hy5wQmue8qU4ALfn9BrNQLnsTk8BsVVXY/8bDj18mXk=,tag:h6+hL0HjgSzd15Kc7Zg4ng==,type:str] gitlab: @@ -23,13 +19,22 @@ sops: - recipient: age1l8euy4w4nccrpdmfdfct468parcrulkqcts2jcljajs2as0k7passdv2x4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpOEtvVCtWRzN6S1BBTkJR - aDM2T2x6MFo2aUFXOXVJNXJ2eWVucWltRjB3Cmc5SFJiOURLeWRDcGUvTzcyR2w2 - OXBlb1lRNi9vdHAyb2V6TUJRQ3M3TEUKLS0tIHpMdEtzUi9rTWFvUU9xQXptSmtu - M0hSNWNYbGM3a21McUVMaGNqWTdmNTQK3VRFV4EaC8K8AJi2PUt6TeBgueEmPLI8 - Vdwwbh89+xD5xf4Zm0LctPRlxxM6diubv0gIZZPy/ZXZfiU32ZnM0w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtM0tFMzYvZWFVd1VsQVpy + SHc2SFVBK0R4eWFCamx3Y2hzVFNHZ0Y1S2xjCjBSNDFzZ0M4Vk9NWmFYbmRmSmsx + ZktxYUFHV0FRaEZDMkFSZkU5bFFpWk0KLS0tIGlLRzhMangzNVhUYnJWVE5Qd1ds + OFd4WFZWSHNUNFFWb1lnTkJmS3YzWEEKbErGqqGHpExXTzujeuQA807Ll68UU66x + +JGGtXcpURyCgj2jaaVw5QX/ibS5VPXNUpRXgIXRyJiEp+YKsJkAFA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-30T13:54:40Z" - mac: ENC[AES256_GCM,data:wjsbivXkKBsNNAQNftB+g6ghT5bs7krDLm+6p3KwrOnLkxgWTXtzSGk86e0D3k9dr+Nqe8JhaQzAnu7IqUz4KUUI2/y76rOEhPYBJFjU4kWA9GdDTpQsRW0RXwmpf5u23sE/IKJQhKOPtaHvs/OwBIzmUldu81lxcxGwXpc0Jnw=,iv:QD14tHzlvPyUwj30G7Yw4CRqKyOcOJDXxZbJY5ggcYQ=,tag:8gEGhlXB6JkE2lKSwQTjLg==,type:str] + - recipient: age10s6c9har9pg2a0md30fhpp2mfy89xxrrnu5dwrjtqzh3lktcdaysq7st65 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzd0V6ZnVOKytyYWg4bkVt + cGlhK1p2UnU1T1dadFRwME1vOEQ0aENVSGhrClFUVmM1a1pQL0ZxWloyUVBGRFRJ + SE1RM01lN3VlZHRNTHU4SjZ1UWw4T1EKLS0tIDJsSlp4dTN6WVEwSkJtMS93NGNN + STVLZ0lYMnl6enV0TWdDU21TMDZ6blUKCF2gTYI/ipXa48a8S4TmOZzElNW1+XqS + hZSKpGhBxMuxLnBJj9iyQjcQmXG0M90AXVhJNyej96thDFxNByIMpA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-30T16:15:59Z" + mac: ENC[AES256_GCM,data:mmJH3BEqsrboGaQM7yWuHF1MWREC4bLc+RAZgsqlNvhgoWLoaVDLuBjEfuXCDPdnvDPesbUrI8HHA5gz523C0PoJdkoFcRoVOwhLqj6tJjT4JnlaTgpBMN5UqBqt9Gm68mqekE0bm7ihdc3lnn/OkRrxJI3Th5KzUC4zMmdjVsI=,iv:K0f75ft3PQdQ1AUFzrannvLv03fl6FS6se/muMcyQkY=,tag:y3FJQDthKoWvoMHdmcvRQA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2