feat: add additional security by migrating secrets from plaintext in nix-store
All checks were successful
ci / treefmt (push) Successful in 1m39s

This commit is contained in:
Ceferino Patino 2026-06-29 22:07:34 -05:00
commit 4e2ade01f0
Signed by: c4patino
SSH key fingerprint: SHA256:Wu+cU1t+7zVT9wzew/4meNmeulo66NzMqc22MdDBgXI
18 changed files with 122 additions and 61 deletions

View file

@ -62,3 +62,12 @@ creation_rules:
- age:
- *master
- *c4patino_mutualofomaha
- path_regex: secrets/sops/munge.key
key_groups:
- age:
- *master
- *c4patino_arisu
- *c4patino_kokoro
- *c4patino_chibi
- *c4patino_shiori
- *c4patino_tsuki

8
flake.lock generated
View file

@ -164,11 +164,11 @@
"dotfiles": {
"flake": false,
"locked": {
"lastModified": 1782616428,
"narHash": "sha256-acd7rCZC9pS7McFEUyY+BrqVBiEEEipP0OVT5Rr/ZqI=",
"lastModified": 1782787572,
"narHash": "sha256-xWbUZXNE2xg1Svi1AVKVn75tLU29d+1GUZF8hX0N1hg=",
"ref": "main",
"rev": "1a78b05e2a63b485aa04d609625fe4807ca562c8",
"revCount": 102,
"rev": "95ecb708933f49e539c43a71fcfcc5959f5739f2",
"revCount": 104,
"type": "git",
"url": "https://git.cpatino.com/c4patino/dotfiles"
},

@ -1 +1 @@
Subproject commit 1a78b05e2a63b485aa04d609625fe4807ca562c8
Subproject commit 95ecb708933f49e539c43a71fcfcc5959f5739f2

View file

@ -1,5 +1,6 @@
{
config,
inputs,
lib,
namespace,
pkgs,
@ -20,12 +21,10 @@ in {
asciinema
];
file = let
crypt = "${config.snowfallorg.user.home.directory}/dotfiles/secrets/crypt";
in {
".config/asciinema/config.toml".source =
"${crypt}/asciinema/config.toml"
|> config.lib.file.mkOutOfStoreSymlink;
file = {
".config/asciinema/config.toml" = {
source = inputs.dotfiles + "/.config/asciinema/config.toml";
};
};
};
};

View file

@ -1,5 +1,6 @@
{
config,
inputs,
lib,
namespace,
pkgs,
@ -20,12 +21,10 @@ in {
rustypaste-cli
];
file = let
crypt = "${config.snowfallorg.user.home.directory}/dotfiles/secrets/crypt";
in {
".config/rustypaste/config.toml".source =
"${crypt}/rustypaste/client.toml"
|> config.lib.file.mkOutOfStoreSymlink;
file = {
".config/rustypaste/config.toml" = {
source = inputs.dotfiles + "/.config/rustypaste/config.toml";
};
};
};

View file

@ -23,6 +23,8 @@ in {
enable = true;
openFirewall = true;
environmentFile = config.sops.secrets."environment-files/glance".path;
settings = {
server = {
host = "0.0.0.0";
@ -42,5 +44,7 @@ in {
source = inputs.dotfiles + "/.assets/icons/favicon.svg";
mode = "0755";
};
sops.secrets."environment-files/glance" = {};
};
}

View file

@ -1,12 +1,11 @@
{
config,
inputs,
lib,
namespace,
...
}: let
inherit (lib) mkIf;
inherit (lib.${namespace}) getAttrByNamespace getIn readJsonOrEmpty hostHasService;
inherit (lib.${namespace}) getAttrByNamespace hostHasService;
inherit (config.networking) hostName;
networkCfg = getAttrByNamespace config "${namespace}.services.networking";
@ -331,37 +330,33 @@ in {
{
type = "group";
collapse-after = 5;
widgets = let
secrets =
"${inputs.self}/secrets/crypt/secrets.json"
|> readJsonOrEmpty;
in [
widgets = [
{
type = "repository";
title = "yumeami";
repository = "c4patino/yumeami";
token = getIn "github.glance" secrets;
token = "\${readFileFromEnv:TOKEN_FILE}";
commits-limit = 8;
}
{
type = "repository";
title = "yumevim-nix";
repository = "c4patino/yumevim-nix";
token = getIn "github.glance" secrets;
token = "\${readFileFromEnv:TOKEN_FILE}";
commits-limit = 8;
}
{
type = "repository";
title = "dotfiles";
repository = "c4patino/dotfiles";
token = getIn "github.glance" secrets;
token = "\${readFileFromEnv:TOKEN_FILE}";
commits-limit = 8;
}
{
type = "repository";
title = "nixpkgs";
repository = "nixos/nixpkgs";
token = getIn "github.glance" secrets;
token = "\${readFileFromEnv:TOKEN_FILE}";
}
];
}

View file

@ -51,10 +51,7 @@ in {
};
environment.etc."rustypaste/rustypaste.toml" = {
source = let
crypt = "${inputs.self}/secrets/crypt/";
in "${crypt}/rustypaste/server.toml";
source = inputs.dotfiles + "/.config/rustypaste/server.toml";
mode = "0755";
};

View file

@ -5,22 +5,23 @@
pkgs,
...
}: let
inherit (lib) filter mkIf optional;
inherit (lib.${namespace}) getAttrByNamespace hostHasService mkOutOfStoreSymlink;
inherit (lib) filter mkIf optional mapAttrs' nameValuePair toUpper;
inherit (lib.${namespace}) getAttrByNamespace hostHasService;
inherit (config.users.users) unpackerr;
inherit (config.networking) hostName;
networkCfg = getAttrByNamespace config "${namespace}.services.networking";
starrServices = ["radarr" "sonarr" "lidarr"];
networkCfg = getAttrByNamespace config "${namespace}.services.networking";
enabledStarrServices = filter (service: hostHasService networkCfg.network-services hostName service) starrServices;
isEnabled = enabledStarrServices != [];
in {
config = mkIf isEnabled {
systemd.services.unpackerr = let
unpackerrUser = config.users.users.unpackerr;
systemdDependencies =
enabledStarrServices
|> map (service: "${service}.service");
mkUnEnv = mapAttrs' (name: value: nameValuePair "UN_${toUpper name}" value);
in {
description = "Extract downloads for Starr apps";
@ -28,21 +29,36 @@ in {
wants = ["network-online.target"] ++ systemdDependencies;
after = ["network-online.target"] ++ systemdDependencies;
serviceConfig = let
cfg =
"${config.users.users.c4patino.home}/dotfiles/secrets/crypt/unpackerr.toml"
|> mkOutOfStoreSymlink pkgs;
in {
environment = mkUnEnv {
debug = "false";
quiet = "false";
interval = "2m";
start_delay = "1m";
retry_delay = "5m";
max_retries = "10";
parallel = "1";
file_mode = "0644";
dir_mode = "0755";
log_files = "10";
log_file_mb = "10";
log_queues = "1m";
error_stderr = "false";
activity = "false";
};
serviceConfig = {
Type = "simple";
User = unpackerrUser.name;
Group = unpackerrUser.group;
User = unpackerr.name;
Group = unpackerr.group;
UMask = "0002";
StateDirectory = "unpackerr";
LoadCredential = ["unpackerr.toml:${cfg}"];
ExecStart = "${pkgs.unpackerr}/bin/unpackerr --config %d/unpackerr.toml";
EnvironmentFile = config.sops.secrets."environment-files/unpackerr".path;
ExecStart = "${pkgs.unpackerr}/bin/unpackerr";
Restart = "always";
RestartSec = 30;
};
@ -58,17 +74,17 @@ in {
groups.unpackerr = {};
};
${namespace}.services.storage.impermanence.folders = let
unpackerrUser = config.users.users.unpackerr;
in [
${namespace}.services.storage.impermanence.folders = [
{
directory = "/var/lib/unpackerr";
user = unpackerrUser.name;
group = unpackerrUser.group;
user = unpackerr.name;
group = unpackerr.group;
mode = "700";
}
];
sops.secrets."environment-files/unpackerr" = {};
systemd.services.radarr.upholds = optional (builtins.elem "radarr" enabledStarrServices) "unpackerr.service";
systemd.services.sonarr.upholds = optional (builtins.elem "sonarr" enabledStarrServices) "unpackerr.service";
systemd.services.lidarr.upholds = optional (builtins.elem "lidarr" enabledStarrServices) "unpackerr.service";

View file

@ -110,11 +110,15 @@ in {
];
};
environment.etc."munge/munge.key" = {
source = "${inputs.self}/secrets/crypt/munge.key";
user = "munge";
group = "munge";
mode = "0400";
sops.secrets = let
inherit (config.users.users) munge;
in {
"munge-key" = {
format = "binary";
owner = munge.name;
group = munge.group;
mode = "0400";
};
};
${namespace}.services.storage.impermanence.folders = [

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

34
secrets/sops/munge.key Normal file
View file

@ -0,0 +1,34 @@
{
"data": "ENC[AES256_GCM,data:VpttoYzmvsM3ffMoOmSZvmdrvRR3JvWDxnLmYFY76Tv8ffeh1yt6qrNmO8aHO9J0CfAxYsG/tGnpDJNIFSUtG/1rVcBZQ/mH8PVY+qp/2GTf9h42kZdie7Y+F69+1emj8NnYJv1/zruYo14u3N/B0axKMV1Hd/wFUcTrohAAcbmL,iv:mFOrPNGCM7THXA1UrpyIdneRmwMiXze/YNMu/BUH6zc=,tag:WWxPyE0hwB4/nF8LUImrMA==,type:str]",
"sops": {
"age": [
{
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRQ1A0TjdvQnlaUGw4Q2I2\nalpnbGJNcnIwWFZIb3U4bHVQVCtqL3FjazJJCm1GOUlYeXAzOGNRSllGNmhVd1RP\ncmtobHpMR1F1LzNhb2htRUp6V2pocTAKLS0tIGhGMUpWSGZ6YlRqNk8vbElwSDZh\nUFQxbFdaTTM5Mm1ZMjFaR0NnR2xRS0EKKd3RFNdEF2cRXWLtE3EdG2WXVGBf2RCx\n9x0kmTDWqPs9Xj0Cfb3St2Fdpu9Q7FTvogCxZoLZc8OPgSlqssUueA==\n-----END AGE ENCRYPTED FILE-----\n",
"recipient": "age1q4c2fy5hrjg5pww86k3wsamknc67vxtfc7k5he5exndwag5fjehqv4kymv"
},
{
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0REgrWVpJcVgvNEJMSGp1\nQlJMSjZQYmZLeERhRzQvSzdEUWRWSmQ5VmlvCngyV09veCsza24wVVk0UVRRVk9N\naC9zN0MrbmhYbW5VckxwaS9lWEQ5ZFEKLS0tIG13SXB6NnZxOXZ6dG15aWpwVWpK\nNFlNTDBiaVVLZTFYb05UYVRJdUc1N0kKB9+mOhrM56jJ+j+M+6vaWBmSsqMv1Yci\nRkA1K1l5nZNjOX60hmjHAtd83hTofyuQREgQkN6fCvCeJs0gvADqiA==\n-----END AGE ENCRYPTED FILE-----\n",
"recipient": "age1redpndk4tj0jy6d8cl98rkt5euxzpfzc8dvlhfan5a349tl7tg5s5j6zav"
},
{
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGN1NRaTVOQlN0eHZzUGQ4\nbStQTXZxcnRKSEZXTUhuOXdzQmdQWTUvaFFzCjJMZ08xMWlvemdNckw0S3R3ZWtl\nTHNwbndOQytxSWk2UG9xRDF4WmFOejgKLS0tIFVqbC9tQVFRYmd6bzEraC9SMmhR\nMWN0WDBUK3l5UHdGZm5zbkVrYnI4OGMKvdyANYaOz1NhuBwP2PV/bBUJtUe2eaD8\nSf5GcVdJO34G+nSO9T31bTwnCYB0IFCEJSV1BIPalPhyTFOHioTHAg==\n-----END AGE ENCRYPTED FILE-----\n",
"recipient": "age1u0jz3r6tz3a7rz64j02xpwuykslq9zruxasutvmum07ya7k3xduseme93n"
},
{
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWYnRyN3B1c2tYeU1HUnlr\nV3U1bE95UnNxc0xIam5hdmxiQkJIeEhmZ1VzClBMcmRPaENscmlVaE4xZjVZVXNm\neXBEdU41dnFrb0M0alR1RDhxaE5CM1kKLS0tIDZaR0xWOGFDaUppeWQ1OGIrVFlk\na2VNMXR2N0NDNUs2QUNZRVprQzRSa2sKgy02COgHNe59yTH2L/1Wse5TOAI+xXuO\n+DlMvxAEW5olNMNDhZEfSBJfjtFkMhIT/eKiGIuz1cdB7j+6RJuiIw==\n-----END AGE ENCRYPTED FILE-----\n",
"recipient": "age1r9285z8xmtj7g6alau7xp946p4fguvtd62dz05nvfgxyujhmfs7svp0uyw"
},
{
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEWVMveFRJSUJRQ1NVN0VR\nMnZXRW01SWdaMFptejBhS3NVRExKbzJWVlZRClJvRXp5bVpaRmIxdlh6dVVnVXlG\nOFp5RmZDU2h0bEQ1Unc0bmJmM1hsOEkKLS0tIFlhUVVlUWp5d2FkWUpUWWNJMVpR\neVBEcUNibVB5RldmeVdwdnVxRFd3WTgKePuyoy+7F85dbq3mmPSrU1gavbGFk+BX\nt4tmq6nbfCbsvjvVahv5EpKHYof0ceEp44T3D+wGLySW+MGQ5OUUfQ==\n-----END AGE ENCRYPTED FILE-----\n",
"recipient": "age185cchggrqp8v9wryj7npdvv3h2z735zamtqgchu5tltmjmpsaehsteyrpk"
},
{
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBId3lzeDhzMGJCWFZzTXBS\nSDhZTlcyQmMvM3R3YXoyK1huTUdxZm1qcVJRCk56ejRqbFAzc3l5Z0YrS3hoT0ky\neUxsaEJkSFpITEt0NzJMano0NnlDdW8KLS0tIExaOHVReDBlblZEZi9KS1RoQ21J\nMC9oaDZ4MHptL2hhcWl4YjA1T21iVU0KKPuxtcZZQJQQb4O+CNFq/AGwm45zoH2d\njzuXgXQIGmPAvzCvMjCVYqnFktgNW0dpk5ZmVp3nDzxrEy66vPqW9g==\n-----END AGE ENCRYPTED FILE-----\n",
"recipient": "age1uvdnhvu83fafnvvkfwx5e3jt7qfqppytqu0rnhwtc3ruyatrxsgqwzjvjz"
}
],
"lastmodified": "2026-06-30T03:02:07Z",
"mac": "ENC[AES256_GCM,data:2fnDqWgfY8/LYNI7vt3Y7Lqis/4DQOmGkbUhPvlxaZDnOaLOzkmy0yO3MFYTwqs1zL4aPSePtBtDlTra27B7hnvnWAY5b5NVnGh1MXJyBWXcPuYS6TYHX4F6ndQQ9Ye1WcweEneu/i31RBZDRoLEN/XWYh9Fh8BCkJ29TYX51N8=,iv:icaqhSAucN4CFyy7kV/pRaaW/L+NXU9pgJJDXIBXBsQ=,tag:+nOYO/HPMP4lxbaF31LY3w==,type:str]",
"version": "3.13.1"
}
}

View file

@ -9,6 +9,9 @@ cloudflare:
tunnel:
certificate: ENC[AES256_GCM,data:z+TulSaF38bztUk9GNW8s56e64siBOKsaDGV5YFX64eXiJ8qfiAR2uhFSchi0TFjKDs3Lrx68Lk8LI8n3Ta1AuZowpskMoC/vqyzK8nFlYp0KTDkKI0W2leoyJqxvlgqL8y+dPBjibq6WZvZfLCPEvwx6XggqKNSqc3dw8lVy0TEHnXdzbBQ6WarYlEb93rNu9UY5u5eRET01efpVKFXgwaMuBshYRVhEUci0ejO4LWahYXOd0taBWR5zfe9AmWATILq6fvdFVu5eRY2fzcMORvDAACr79E8cMyJdIhLmbSndQvMttAS/xOvRiiLJSf+0Dj3bEPTexfI8oSL688B15zwU+EYu+tpTV4=,iv:Fsdtl3TyDda+ewQW0VnVhScRAqeuH+ypAl/USMSGrt8=,tag:O72uBGHqZRN+byhDPCepCQ==,type:str]
credentials: ENC[AES256_GCM,data:X/GQzuIwpIWeAab4twWJd+RjgAzm/S6d+u6Rfnvk/Xwg7+DwNzDpNjm7H8xYeD6sNABIBkq51JFbfldzSYwM3IuoqD/C470Yu5IZrL1Vbv8oR9XWNh5MqLpuVJ30nTbUzG062T7xAZ/uFhLZIovgcAvyBhltlh1Fgq0PaZh9jCAJxGZwTtv/m2qXwntQiE7as2pyk4eTBeVC0V+2ud3aALhLZd5BWvL01INMx0O33NIQPgKO9JKLi1InuuE1bolK8Q==,iv:3bPfPvM+EGnlsllsshHqTv2Aaa3s4vP5Zlx0oYCgm3c=,tag:qLH9tgK/eGoOPuGAaPTU8A==,type:str]
environment-file:
glance: ENC[AES256_GCM,data:t4THXZoB3Pt6X+uaQSPpHnE1uqna44g00GwwHeOj2DCloDPnZpE4vsVFr6BcL9Fi4tQ23k6X5kr7i6ZKX8Wtn1/VcKInlWkSWSWY7JAF6EhVvEnu4ejhtoOfL+vNVyaBCc5l1j77wU0=,iv:+wpbSfF8NO3koT3oUPy1hBC0RxGzXq0z9fSPS3k9cdY=,tag:wZj945aFjlt95oVS9hsxoA==,type:str]
unpackerr: ENC[AES256_GCM,data:LJk5hDuiLmEOnExDCUNKEuHpFKaQIV4un0brZugmIjNPIYp5HNZYf2vcpwJSlR2lR1lc7BmJyKHizG81NUMkzFBe/cBEOtmHT1extN6r9dKUSHDJZUzi6H5ZFq0KdKGf2mo9fwpOl36OQZW1Y6aLDYzgQmcCBQYvX7FuTRKuUztRm+CzhCtcOCcTw/W31t0OMhuYe/zC7RIbvdC9j2oaY5ltUUGOp1QUtQ0+5n82OxD/2/KhwfsQXmaElfuxwaQqNfY+LZYepy8wbZyEDGKanpOAwJGJEIK57aEHna8pOCG/rh99VPAA3N5bMopsfrulBpRwoqp15XswXcilv1P3aycHIXtMX3kaeiz9IKVMCQAroCtXmu0qeMsxBVYKKVdP8juyap8h857iTPHt7swqY2aQy910xIB5jYpwpm3SWIXjZ5etE54SJy5/VKSoIbYl1uq6ofKoGn6HEPpGnhOhbvs9EpCWBIbS5rh/mMd8qkYJTQNhkrUpeTInPnSyUekevVUtKlZufmp61Kv9A4HVdGwhT+0qm1YTvE5LIjloHlLz,iv:Hyk27zl2caYwhJr8HgKhEN/mXGHDxEd+cRKZTvDGpWg=,tag:k41W9jUK6CmI3PyN6dmAug==,type:str]
forgejo:
token: ENC[AES256_GCM,data:+y5ZOxfLAV9cg2l6XAh6odPjLgiKiQ/VqnEkhSRhi5+hdgkUvhSQ/MVjWeCvJQ==,iv:SzTU8F3uo2HTI2viFrkdtDK80tvf8LsgN4iftGv7XME=,tag:z3dQH8lwAvzc75iNnmeC1A==,type:str]
gpg:
@ -44,6 +47,7 @@ postgresql:
openvpn: ENC[AES256_GCM,data:7c0oz6EiliNnGtV71CTYlTnbXk8PjgRaq2b07iqiBv5w9YT+66+x67IKXGyJNcjCEVY=,iv:j2oVv0qLzKdDZgLfXXps3wofSe+ofJMUEk73+I0eZJ8=,tag:h+CqC1qjlJUKYaO3SKwX4g==,type:str]
pypi: ENC[AES256_GCM,data:nfq3VL34oPQLCblDIZcYuSae9aeT918jDas3dexmR+VJOQLa4tN2x8HZTEw2mhz4Rh8MWTF4nmsii97rrngjz/C4d0Bz0b7hEKLIQIiAEs1rPJUKvbXDKZEUOz4/ujNBV/iwnwLq/P6Bj1hItK5GT1ofcydLXG7DF5CX2FFi5nohK8v1Uts1TVNH4XioZ9m6S42tsFnKYl1x3dcvliJl73nUghhitCtr0PcY66D4x0a9iaM=,iv:WCDrnLmjkKoiMcL9+vYEfeC5NA/IjTLjExvgKipOqZM=,tag:OoXoGEk4sQWfADc+07OiZg==,type:str]
qui: ENC[AES256_GCM,data:b4fhhwUmM/ZWDGOAKwd+Z/tf5dpTrbTaXIpbHAyqg2edGcL/XU3fKHAg6h4q4wkzBTRGRkaQUxScGRtCusPwSQ==,iv:P4nhMIwIsmzImcpVZnBC+zFVXvegIODdXZtiMDn+E5k=,tag:XCQWeEpbM1VIhwWVTieVyw==,type:str]
samba: ENC[AES256_GCM,data:ooBr/u/kYmwrIq2sE2b1nHuKUi/+f7hufNHXGeJ1+Gkxrf1bnnC44/Y4Qlwo,iv:2sz5oEZ65JvqYUMJuQqAA9BlqNpb+bj+dIgVYD2WUOk=,tag:X/0HLAWHI26Hd5BgHUjKLQ==,type:str]
rustypaste:
auth: ENC[AES256_GCM,data:fnBLzT/j2y3LnKLiOEB9nL7h+24Lhv58,iv:KiuNZFRDpD3LRD93kbi5Z7Y9xmFc4j6dCN1uYBo70dY=,tag:WArXhez94DTqi1nDptfhpQ==,type:str]
delete: ENC[AES256_GCM,data:9IoGDlnQUpyPPq7l1LqMEpuWc+pS+BtV,iv:GAYm0rQtv02cNcmfLxXM8TqFNGKOX/fwcqlHBc5wbOE=,tag:XRdUT9SLZq1NII/xvw6fcg==,type:str]
@ -151,7 +155,7 @@ sops:
yUtR1lCjpW5Hpi2vDoom4HDsodeXfazqS+RjpHuKOLeO39bb4KbAhg==
-----END AGE ENCRYPTED FILE-----
recipient: age1988jz0qfj6m9xfenhd292tkxwyxvzhv79gkgrhm0gep353kej3yqe6zp86
lastmodified: "2026-06-30T02:30:43Z"
mac: ENC[AES256_GCM,data:gVelQq9dD9WA2Bdf63VVvofsuS8p/r0Vknc0HbGUHxeHvDalZT6JG0eo5tYHpjTFynqdEr0nNt2P9FC7fLi3cG01l9kO/AEAQKJA4JajisJMaFvhxCZUQKT3Utjh+boHn99Ni41ocNV4+kt5ro1Wm0eZCStleem2C4J1AkoBorM=,iv:mpRvcmm7vCoDuRYolbSOtlyH+EjLdBLiYmDBUFWXgb4=,tag:61eemKlhp5G1vx36TGvAAQ==,type:str]
lastmodified: "2026-06-30T03:30:30Z"
mac: ENC[AES256_GCM,data:/9anYseM6EwU72jZJeQpQjMJNurfd7Q6VNnoGbvLses/oXQkl+IIoHB9WkFqprG/lbBzKwQzttPDRQCQXSTKTWgwtRsO8XjNtqFtXOMyQWfgKCx79Ox3frYAFzgbfWNKtoGqhn9n4xLdtZJiO42n1PCrMl7sUjDdc9uKQJpw/78=,iv:8PQFoE3G6hUmMuaU5ZOgeMWD79ktMLRz111fTJpY2QY=,tag:GKJAZP3SFtAvh+e7sqeG2w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.13.1