resolved merge conflicts

2022-11-11 16:41:15 +01:00 · 2022-11-11 16:41:15 +01:00 · 3ac8ef4490
parent 31b584f054 7279ea13e9
commit 3ac8ef4490
11 changed files with 280 additions and 80 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 .qcow2
 result
--- a/.sops.yaml
+++ b/.sops.yaml
@ -7,7 +7,7 @@ keys:
   # private key stored in repo, used for test VM
  - &test age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh 
 creation_rules:
-  - path_regex: secrets/durian\.yaml$
+  - path_regex: secrets/quitte\.yaml$
    key_groups:
      - pgp:
        - *bennofs
@ -15,7 +15,7 @@ creation_rules:
        - *felix
        age:
        - *durian
-  - path_regex: secrets\.test\.yaml$
+  - path_regex: secrets/test\.yaml$
    key_groups:
      - pgp:
        - *bennofs
--- a/flake.nix
+++ b/flake.nix
@ -10,7 +10,8 @@
    let
    in {
      #packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
-      #packages."x86_64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
+      packages."x86_64-linux".quitte = self.nixosConfigurations.quitte-vm.config.system.build.vm;
      packages."x86_64-linux".default = self.packages."x86_64-linux".quitte;
      nixosConfigurations = {
        birne = nixpkgs.lib.nixosSystem {
@ -64,7 +65,26 @@
            ./modules/wiki.nix
            ./modules/stream.nix
            {
-              sops.defaultSopsFile = ./secrets/durian.yaml;
+              sops.defaultSopsFile = ./secrets/quitte.yaml;
            }
          ];
        };
        quitte-vm = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          modules = [
            inputs.sops-nix.nixosModules.sops
            ./hosts/quitte/configuration.nix
            ./modules/base.nix
            ./modules/keycloak.nix
            ./modules/nginx.nix
            ./modules/hedgedoc.nix
            ./modules/wiki.nix
            ./modules/stream.nix
            ./modules/vm.nix
            "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
            {
              _module.args.buildVM = true;
              sops.defaultSopsFile = ./secrets/test.yaml;
            }
          ];
        };
--- a/hosts/quitte-vm/configuration.nix
+++ b/hosts/quitte-vm/configuration.nix
@ -0,0 +1,71 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, inputs, ... }:
 {
  imports =
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
  # setup NIX_PATH for flakes
  nix.nixPath = [
    "nixpkgs=${inputs.nixpkgs}"
  ];
  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
  networking.hostName = "espresso"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  # Set your time zone.
  time.timeZone = "Europe/Berlin";
  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
  networking.useDHCP = false;
  networking.interfaces.ens3 = {
    useDHCP = false;
    ipv4.addresses = [
      {
        address = "141.30.30.150";
        prefixLength = 25;
      }
    ];
  };
  # enp65s0f0np0^C
  networking.defaultGateway = "141.30.30.129";
  networking.nameservers = [ "9.9.9.9" ];
  # allow building for aarch64 (pi) target
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?
 }
--- a/hosts/quitte-vm/hardware-configuration.nix
+++ b/hosts/quitte-vm/hardware-configuration.nix
@ -0,0 +1,31 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [
      (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    {
      device = "/dev/disk/by-uuid/6d8f4b96-4ccb-4a94-a9b1-bab4a28fc940";
      fsType = "ext4";
    };
  fileSystems."/boot" =
    {
      device = "/dev/disk/by-uuid/58C2-5A6A";
      fsType = "vfat";
    };
  swapDevices = [ ];
 }
--- a/hosts/quitte/configuration.nix
+++ b/hosts/quitte/configuration.nix
@ -1,13 +1,8 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 {
  imports =
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
@ -28,80 +23,23 @@
      }
    ];
  };
  networking.defaultGateway = "141.30.30.129";
  networking.nameservers = [ "141.30.1.1" ];
  networking.hostName = "quitte"; # Define your hostname.
  # Pick only one of the below networking options.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
  # Set your time zone.
  time.timeZone = "Europe/Berlin";
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  # Select internationalisation properties.
  # i18n.defaultLocale = "en_US.UTF-8";
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "us";
  #   useXkbConfig = true; # use xkbOptions in tty.
  # };
  # Enable the X11 windowing system.
  # services.xserver.enable = true;
  # Configure keymap in X11
  # services.xserver.layout = "us";
  # services.xserver.xkbOptions = {
  #   "eurosign:e";
  #   "caps:escape" # map caps to escape.
  # };
  # Enable CUPS to print documents.
  # services.printing.enable = true;
  # Enable sound.
  # sound.enable = true;
  # hardware.pulseaudio.enable = true;
  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  # users.users.jane = {
  #   isNormalUser = true;
  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
  #   packages = with pkgs; [
  #     firefox
  #     thunderbird
  #   ];
  # };
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
-    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    vim
    wget
    git
  ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  services.openssh.permitRootLogin = "yes";
--- a/keys/pgp/helene.asc
+++ b/keys/pgp/helene.asc
@ -0,0 +1,14 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mDMEY25hjRYJKwYBBAHaRw8BAQdAwXQGNdoOQ0KS7xoM3Io7RbXZS4ad07jJDNXG
 cogJkn20PkhlbGVuZSBIYXVzbWFubiA8aGVsZW5lX2VtaWxpYS5oYXVzbWFubkBt
 YWlsYm94LnR1LWRyZXNkZW4uZGU+iJkEExYKAEEWIQS0PDqKksooSGrGxOLxFRAM
 eHwcGQUCY25hjQIbAwUJA8JnAAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAK
 CRDxFRAMeHwcGd0nAP4q27usCc2D14xwY6q8FWCZZQ86qq8FbT1CeKUjdKbqIwEA
 jPf5j9mbwqk2jC1sn6HckN3IfMI/sEZY9j98oXEJSgG4OARjbmGNEgorBgEEAZdV
 AQUBAQdAYyk/n0waZXblLfuQcscC4qLeEzkG5/dSHbCP9vZ3K1QDAQgHiH4EGBYK
 ACYWIQS0PDqKksooSGrGxOLxFRAMeHwcGQUCY25hjQIbDAUJA8JnAAAKCRDxFRAM
 eHwcGSy8AP9ST71/7ksXmLTsjnNZ5YY6z+Za2xUqhZOEhbJqnYmgyAD/VqUcCyVA
 Y9g9vIUAtV0tCNEkC5MTO7Q++hgpqZvCWgU=
 =QBGo
 -----END PGP PUBLIC KEY BLOCK-----
--- a/modules/base.nix
+++ b/modules/base.nix
@ -29,6 +29,7 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmb1kv+7HU1QKE53+gNxUhrggbwomC40Xjxd9hACkoo bennofs@d-cube"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0X6L7NwTHiOmFzo8mJBCy6H+DKUePAAXU4amm32DAQ fugi@arch"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHD1ZkrAmC9g5eJPDgv4zuEM+UIIEWromDzM1ltHt4TM fugi@macbook"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBtP2ltExnQL5llOvfSKp6OCZKbPWsa2s6P0i00XyrH helene_emilia.hausmann@mailbox.tu-dresden.de"
    ];
    keyFiles = [
      ../keys/ssh/marcus-sapphire
@ -38,6 +39,7 @@
      ../keys/ssh/tassilo
      ../keys/ssh/jonasga
      ../keys/ssh/rouven
      ../keys/ssh/helene
    ];
  };
@ -66,18 +68,18 @@
 	dig
 	ethtool
 	iftop
-ipcalc
+    ipcalc
-iperf3
+    iperf3
-ipv6calc
+    ipv6calc
-lsof
+    lsof
-ltrace
+    ltrace
-strace
+    strace
-mtr
+    mtr
-traceroute
+    traceroute
-smartmontools
+    smartmontools
-sysstat
+    sysstat
-tree
+    tree
-whois
+    whois
 	exa
 	zsh	
  ];
--- a/modules/vm.nix
+++ b/modules/vm.nix
@ -0,0 +1,43 @@
 { config, lib, pkgs, buildVM, ... }:
 {
  assertions = [
    { assertion = buildVM; message = "this module may only be used when building a VM!"; }
  ];
  users.users.root.hashedPassword = "";
  users.users.root.initialPassword = "";
  users.mutableUsers = false;
  networking.useDHCP = lib.mkForce false;
  networking.interfaces = lib.mkForce {
    eth0.useDHCP = true;
  };
  networking.defaultGateway = lib.mkForce null;
  sops.defaultSopsFile = lib.mkForce ../secrets/test.yaml;
  sops.age.sshKeyPaths = lib.mkForce [ ];
  sops.gnupg.sshKeyPaths = lib.mkForce [ ];
  sops.age.keyFile = lib.mkForce "${../keys/test.age}";
  sops.age.generateKey = lib.mkForce false;
  # don't use production endpoint for test vm, to avoid rate limiting
  security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
  # Set VM disk size (in MB)
  virtualisation.diskSize = 2048;
  # Set VM ram amount (in MB)
  virtualisation.memorySize = 2048;
  virtualisation.forwardPorts = [
    { from = "host"; host.port = 2222; guest.port = 22; }
  ];
  virtualisation.graphics = false;
  # show systemd logs on console
  services.journald.extraConfig = ''
    ForwardToConsole=yes
  '';
 }
--- a/secrets/quitte.yaml
+++ b/secrets/quitte.yaml
--- a/secrets/test.yaml
+++ b/secrets/test.yaml
@ -0,0 +1,79 @@
 postgres_keycloak: ENC[AES256_GCM,data:dHuqrGcrJUE5GZhhWG5a4Ko=,iv:bvbyDXhkovtX5BQKw36WTGyUl3KR0Df2fB5qmMWbqqU=,tag:95XJCjKJjrITsHXK8ABF6A==,type:str]
 postgres_hedgedoc: ENC[AES256_GCM,data:XWbf3F1b00RBFS9NXytzVkQ=,iv:dTbRUncYKsqOh0y0MTEJCpPcwfvROkIiO8v9OxZiHPU=,tag:YUxAkmbYKbGdGbIMS/8mOw==,type:str]
 hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str]
 wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str]
 mediawiki:
    postgres: ENC[AES256_GCM,data:bna6ksGVOHWor7OqVL/jgeDIxA==,iv:bgkQh+NgPE/hr4N4YOCzSCfs7vaOx4pSWlc8WxI8qMc=,tag:WIjyu1i0M7flGFFovH5jWQ==,type:str]
    initial_admin: ENC[AES256_GCM,data:YRd3O5774NTmshxbQPbFjg==,iv:/Ra3WbZKcnUMf99ujN9qd/+DkOkFKv4cIEfUdmxpqMw=,tag:gj7ZbwIB1HLuPpGTgiz7Vg==,type:str]
    ldapprovider: ENC[AES256_GCM,data:dVrCFVgm4BDtUhcj9rSKXwnaIKsC5GGsDUoPJH1q5F4inskuSbFigcLM/UJFNOcr5R1dL+mYUOvnmIcoWA5AsuFKs3NzSYJVtVAm0x7vYSkHnfXu93V2F8Lc1xX/kZrFfnmNUXwhv2I+hknPUApY7wpmZOdk9NLKv4tbsgVTbfmR/WM6soOurh3b6b4cknfxqSeLZLeOIKL5WL8842t5SethyCfPsCm74JCpwHmflkCyT/lzIP1Kghab+xGWWyN9OAENlDZrJE6VAdctR+MKYZnhA7dXKeQPjKii9MZsDYFYTL5YDRysam4r7Jog/fozgWkXNrCUan29efnnBwpLz5hgV1MguIpvU8ccDQLNvgJCOdp6FgH45ZRlCxx29EWzh9iTDGPqmNsctUknFdfUVfIg9ziz/97i/kGcwy5N1oOsoUf7iRj5zLyLP6OlXGNThowF4jlNdI2b+caQGz7H6ZkJfUPWULotBUrjxrZo3pSYRkpJ77xbGUZf35ysxTHpfsmhyyO9HRhhgNkilEHlcsi8u+AC0su+Htg/Io332tSX+W6Gj6R6Q23hQ0gf8on5Y2xx34ysobEh8cMS4+Kj0nwasMHjW70g3qWpKkG1LSOIgXiA7hcusGCo8xPZ1y3gIyRiTxVTPJHh63Ecd0O37P4NWVSKEpsIM5pkngMN5L5K/ymtZ0kjREX2q4qpXf2xJiTTdAkeTMcmDs9HHjOzIIynYouY7P6qdXUpXjyGwqfovmnIv5icQ6sqFA==,iv:sPRnnIEif6W1SPy5SKiUuY681HeLPcR19U4p1mdUGdc=,tag:zeMdtTRk8ULP4GYDQLIU7A==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RWM5YXhXWkRCVEVFcERX
            L0JVa3YwSm9qdC9jUHhpMVliOERuTTc5aERvCnJVSGR1Wmg3aW1YaU5RUE5xYkJp
            aW1wY2w0ZUZYNm9zVEpjUHBkWDhlZGMKLS0tIEkxWi9rTmN4Q0NIYm0vMTdlNGFr
            bEs1QzV1VFpmWFVrQkYrYmhYNVBLT0kKYgJBI1umfryFsnCUQB4JQzO/Dky7gJW8
            cQVM4TbYuDKfhwAUq7Mik+bG4ZYNmfMBiJU56C6ZSRyEg7pgJ2U7Hw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2022-11-05T11:24:00Z"
    mac: ENC[AES256_GCM,data:IgW58nKqznUoWBhsI+HZD47HjJ7qF8/lS5nQ2Qg2VE7JkQgs/+AYVyMNAckjnpDtHEnK/YaFmnTfRpdQ7BMGaJtGu6TT0PR60jme82rg+iMwspSOVsAIDf9YyrjIv0rF7xwCF65p4/3TIc1OohV2GzLsAykKApMA5kqAo+UNSAs=,iv:sWURn1jmZ7myC2gEuo5BdcZn8JNSXQsopLWeOoLEpkc=,tag:E5kldjnyElfvJyilPiCYUg==,type:str]
    pgp:
        - created_at: "2022-11-05T11:21:20Z"
          enc: |
            -----BEGIN PGP MESSAGE-----
            hF4DntlvaG5T7wcSAQdAA4h5/uTB/NOngHrB0uN4oMLZ2XRtBXuXo1kT2vJ8I1sw
            bxWh7NFIcbzD7sjcse5lvuFjFZKkBb41CAwIqA9/SFlSufi0D5M3bt+Mk/Ffh2jw
            0lwBt1+dhvzzg2iKHR2mZAzGF0pEcbO25gAN67hLjI1rrOirLq6DMobehlyUOKRN
            tkuVB2MvXNHI/P/oRCq5rll7FTwswUkN2JYqk7gU4/HBdK78D41A1Qwj99ObcA==
            =N4aD
            -----END PGP MESSAGE-----
          fp: B8E1727497FC48AA14158BDF947F769D7B95EC2B
        - created_at: "2022-11-05T11:21:20Z"
          enc: |
            -----BEGIN PGP MESSAGE-----
            hQIMA/YLzOYaRIJJARAAvyI5eOmyH9t9k2kTb1Sq2GFiZixENx4jY3KIFo6285Ds
            +feNjJ1nJKrS9qgX/ne8ZmRAH2ZIkMhvAbzTwiV1TWyMPSrViVpo2ZL4C16A8quR
            x2AuHcPPf4Cl9Jo1dsVoxBmnSMJWWbTkZZKvhr2HuKErkHYquwOxmXvbtEr6J+aT
            pvc9X9Ea3wSGrBZC+m7sItJHLP5Qvkn+gHbUsRlwg5lQ6tz/U+nrxd0L+Q7gPOen
            y6NCyqcLgwrzdCmgEu4noip0JozWAYPEk3ZRCJ7iGdwshPq7KkB/t1ywzWbbsd81
            f5j/eExo8IXP4MQiNxKsKZRQj49zdLoFwXmLyTSoYzUtgnwlC4EcuH28YvNn9/xJ
            f2s/6brR6Y01oYfgBWBpu6VAt2MNEcjKRWC/s/78Fts5rB8RQ0E11daoBCCogypd
            QOy1ym9NpuUDKvfzS7xcdM1vs4JN6c+AtbrqRxpw6m/kU6P8yI3EAB9kaRMSAbdo
            vX3GKvraAdsGLz4ZiCdOS41W1KCbhc8zgSBSeR0/ik//z1C+0MNloUlgok/2dwPQ
            eRP9KKNVPAxj2OLZ8C0N5l4+p7EPRFmATvLjxNUMPkxfdt++ApmZZBhaCfh+USoL
            MYY+mhK4wLS+toeB6p44cqDBTZBNs+w/NHo1+esce/1RVlJAzp2qjzlgcAPe3mHS
            XAFWHGkOoADXJ6hg3cOkHIVkYXT0vou0IitugbHjHtzJaElNgrkF7Ch1mUZSd+N2
            RPG4+mDSsWdZQmqu8eSowmSwa8ZFhEUP5L9RAg+RvBGa0+C5OUHbvTrOjU1w
            =FHpt
            -----END PGP MESSAGE-----
          fp: 91EBE87016391323642A6803B966009D57E69CC6
        - created_at: "2022-11-05T11:21:20Z"
          enc: |
            -----BEGIN PGP MESSAGE-----
            hQIMA8uqUsBLHj6XAQ/+OwyrFFRyXuoCsmamBHyT1+EWQ2iaQk8+6ds+NcdKwmxX
            qL3JFwsHwgKWStNslmcoypvOmrsla+ucOe3UNo3HigoiQe89oWFexdLqedyqxDo5
            4N3Y6Pn0YTBNNgRi4Ep/Foswsv6l1sPpntCJxp7KXMD2iEkwUYNmhjfcu6qZTeMk
            SneXTK7DBVoflDHXqPUcxvHfVpMXfqDQuy7jK+8f1WPHt5+LSODMXU+co5jV+L2J
            1BFZIO8o+oUDkPViAOcLJlv+bQU2T2bMDA2i8H5wO6Fmvl2jlG5eiJa9EUCmta6T
            MNrGhhNbGuqm940kBb5n07wNE1d1bZDZ56BIPbd+/kRSiq0RPGaknb5sl8/sAWps
            7TMdb9+TwDAg/POHsvNYVqzCB36i4sZi9s48JvWdCUzzZukXhxqUN3DArIvI+Msc
            l0Tn2VVi7H6ZOC21EJRJAR1olD98kwytXjA4uKvfVZRhuiP4QjQRwSlN1jwYnTPM
            ojIWle5XRdsbdJhktosKPuKQda17VxpkPlqRgwbZH7UtO5t+3x8Q8/pa4J7ntSs8
            RiqqAkNzHPvCJ0ljU5QyDMupPY4IA4k1Yxt7bdtFVAus+WalZL/9Nec1yuxyStVh
            T00GmcVr7We/i59SuJ8WY0sAVXx5dZntn+FM9Ty1Q0/iHsHCMrQbrllGV7owk1PS
            XAFrQOzD0Imnsgttv/h8pvXa6PXrdN7lZGriyvtPcubcBqgbIrwfDMbpGt0fKItR
            GROiPg0CVO2cTsFM+MOHY832DZjdximf53BI/A1OLm8e2MUr21ODt4ux+J6G
            =0Kqy
            -----END PGP MESSAGE-----
          fp: F8634A1CFF7D61608503A70B24363525EA0E8A99
    unencrypted_suffix: _unencrypted
    version: 3.7.3