diff --git a/.sops.yaml b/.sops.yaml index 5b6b5a8..f4d13f9 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,6 +5,7 @@ keys: - &host_t2mbp age1yr7vurfxc3w8ewfw9djfm54atw6ayze69qglamecuft5q0n9gu2sadsa2m - &host_ideapad age1hya7pgpe8zal52w3pjf036tpapmehedatfm4r84h30t4wuh079ssedfd37 - &host_nix-server age1p05z980kdtngk9mw67hfev72h7xhslplpxfk9yskgmf0hl4lu3ls04zht9 + - &host_r5500 age1pewusvlcgzcnk0kpskgc9qr6jlq8s2yzwnqrnh84p7v5z0kj3qhsya8h2x creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: @@ -15,6 +16,7 @@ creation_rules: - *host_t2mbp - *host_ideapad - *host_nix-server + - *host_r5500 # Host secrets at modules/hosts/nix-server/secrets.yaml (see configuration imports), # or optional extra files under _secrets/. - path_regex: modules/hosts/nix-server/(secrets\.(yaml|json|env|ini)|_secrets/.*\.(yaml|json|env|ini))$ diff --git a/flake.lock b/flake.lock index 77c6546..499326c 100644 --- a/flake.lock +++ b/flake.lock @@ -511,10 +511,13 @@ ] }, "locked": { - "lastModified": 1779905483, - "narHash": "sha256-+j7FvKPMIp5SFgZscLSXd33hiFJHbpLXH5ImXWq7RXc=", - "path": "/home/olivier/Projects/Personal-Website", - "type": "path" + "lastModified": 1779906441, + "narHash": "sha256-py8KJJMi4awjZHi5FWBPYfbRPvk3Rg9SeFkPJydsG2E=", + "ref": "refs/heads/main", + "rev": "339a9ba1ef79dc9976af77f1fea0302de8a696d0", + "revCount": 16, + "type": "git", + "url": "https://git.chiasson.cloud/Olivier/Personal-Website" }, "original": { "type": "git", diff --git a/modules/hosts/14900k/configuration.nix b/modules/hosts/14900k/configuration.nix index 86ea482..79ab926 100644 --- a/modules/hosts/14900k/configuration.nix +++ b/modules/hosts/14900k/configuration.nix @@ -96,6 +96,8 @@ services.cloudflare-warp.enable = true; gaming.launchers.enableBottles = false; gaming.gamescope.enable = true; gaming.steam.steamTinkerLaunch.enable = true; + gaming.sunshine.enable = true; + gaming.sunshine.cudaSupport = true; monitorInput.enable = true; diff --git a/modules/hosts/r5500/configuration.nix b/modules/hosts/r5500/configuration.nix new file mode 100644 index 0000000..fa5a162 --- /dev/null +++ b/modules/hosts/r5500/configuration.nix @@ -0,0 +1,69 @@ +{ self, inputs, ... }: { + flake.nixosModules.r5500Configuration = + { + self, + config, + lib, + pkgs, + ... + }: + { + imports = [ + self.nixosModules.r5500Hardware + inputs.sops-nix.nixosModules.sops + self.nixosModules.system + self.nixosModules.users + ]; + + boot.loader.grub = { + enable = true; + efiSupport = false; + device = "/dev/sda"; + }; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = true; + KbdInteractiveAuthentication = false; + PermitRootLogin = "no"; + UseDns = false; + }; + }; + + sops = { + defaultSopsFile = ../../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + }; + + sops.secrets."users/server/hashedPassword".neededForUsers = true; + + security.sudo.wheelNeedsPassword = true; + + nix.settings = { + experimental-features = [ "nix-command" "flakes" ]; + trusted-users = [ "root" "@wheel" ]; + allowed-users = [ "root" "@wheel" ]; + }; + + chiasson.system = { + networking = { + hostName = "r5500"; + networkManager.enable = true; + }; + extraPackages = with pkgs; [ btop git ]; + }; + + chiasson.users = { + enabled = [ "server" ]; + hostOverrides.server = { + hashedPasswordFile = config.sops.secrets."users/server/hashedPassword".path; + }; + }; + + services.xserver.enable = lib.mkDefault false; + + system.stateVersion = "25.11"; + }; +} diff --git a/modules/hosts/r5500/default.nix b/modules/hosts/r5500/default.nix new file mode 100644 index 0000000..795346a --- /dev/null +++ b/modules/hosts/r5500/default.nix @@ -0,0 +1,13 @@ +{ self, inputs, ... }: { + flake.nixosConfigurations.r5500 = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit self inputs; + host = "r5500"; + system = "x86_64-linux"; + }; + modules = [ + self.nixosModules.r5500Configuration + ]; + }; +} diff --git a/modules/hosts/r5500/hardware.nix b/modules/hosts/r5500/hardware.nix new file mode 100644 index 0000000..95574b8 --- /dev/null +++ b/modules/hosts/r5500/hardware.nix @@ -0,0 +1,51 @@ +{ ... }: { + flake.nixosModules.r5500Hardware = + { + config, + lib, + pkgs, + modulesPath, + ... + }: + { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "uhci_hcd" + "ehci_pci" + "ahci" + "usb_storage" + "usbhid" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/934a5ec3-4bab-49c3-96c9-c857c50076ba"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/934a5ec3-4bab-49c3-96c9-c857c50076ba"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/6399d086-687b-4ca9-ad34-da1dd85203d5"; + fsType = "ext4"; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/ddb9fea1-7c44-44bc-bc74-79a3adb6cc35"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; +} diff --git a/modules/lib/ssh-inventory.nix b/modules/lib/ssh-inventory.nix index cfa677e..0b25737 100644 --- a/modules/lib/ssh-inventory.nix +++ b/modules/lib/ssh-inventory.nix @@ -37,6 +37,12 @@ aliases = [ "nix-server" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3KDicMjtOFR6LfZrFzfAD1gdYUdwv6ZM4PSgtmIuzd nix-server"; }; + + r5500 = { + hostName = "192.168.2.100"; + aliases = [ "r5500" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7iWCEtkYDLZFRF3w1gzyAok5VCAGUOwu4iWZdMjf3D r5500"; + }; }; mkIdentityFileName = hostName: ".ssh/id_ed25519_${lib.strings.toLower hostName}.pub"; diff --git a/modules/system/gaming.nix b/modules/system/gaming.nix index 01017f7..0af3928 100644 --- a/modules/system/gaming.nix +++ b/modules/system/gaming.nix @@ -88,6 +88,39 @@ ''; }; + sunshine = { + enable = lib.mkEnableOption "Sunshine — self-hosted Moonlight streaming host"; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Open Sunshine/Moonlight ports via `services.sunshine.openFirewall`."; + }; + + capSysAdmin = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Grant CAP_SYS_ADMIN to Sunshine for DRM/KMS capture (`services.sunshine.capSysAdmin`). + ''; + }; + + autoStart = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Start Sunshine with the graphical session."; + }; + + cudaSupport = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Build Sunshine with CUDA/NVENC (`pkgs.sunshine.override { cudaSupport = true; }`). + Enable on NVIDIA hosts for hardware encoding. + ''; + }; + }; + launchers = { enableBottles = lib.mkOption { type = lib.types.bool; @@ -128,6 +161,17 @@ dedicatedServer.openFirewall = cfg.steam.dedicatedServer.openFirewall; }; + services.sunshine = lib.mkIf cfg.sunshine.enable { + enable = true; + openFirewall = cfg.sunshine.openFirewall; + capSysAdmin = cfg.sunshine.capSysAdmin; + autoStart = cfg.sunshine.autoStart; + package = pkgs.sunshine.override { + cudaSupport = cfg.sunshine.cudaSupport; + cudaPackages = pkgs.cudaPackages; + }; + }; + hardware.graphics = lib.mkIf cfg.graphics.enable { enable = true; enable32Bit = cfg.graphics.enable32Bit; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 6995e4c..aa9ebab 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -12,60 +12,69 @@ caching: token: ENC[AES256_GCM,data:8omssG3GwCFIegfz+8IAGGhFGj01RB3dqqHeFpmZOzMJUshIDvSRuTTpGFhUBC7Xue8h09hAhpirIHmqzyG3I+e2Se/VZZoByXmpyIKesl3+NqOXDkJvgImqhvFVkTiSe5p/vSN3slWDylfkThQ0hZYw5mB9J13M5965iUnWcRbg+1fYFdTuSgrHY8Rxt4da0287A0YGnsN63k7j32XOJndxsRoOLoo+IQ+X+hiPOJkfGYxY0MglnxaxhPwH8SP1V+p78N75Z2npOtMdEikdHmj/NmKbqUXN2P0+IXthxV17WePCulZVsKC1Jw+clgbyAvHcQeVG/yyrcb1CRRQpszHtq1Pz7DHvfAG+gxyPNyP7D6oQNT8foX4C6CwuHgYQtM1x0D6oAL+lppQWJ0kEV/GDlJSXQnp/aBbVAqDmqS0TCx40nVmQ0PvMcjtsiZJigkRJRNLCg6n+qmhc5Rh9RhslPN5JXU0orWs9QYAoLXzdDDGP/R9tlEhwQBxwGrFAp016iilqPavMdI8txrWWdvezQuAh//eeW5LQSa6t363VCjX8phnXeJltOgXYlyuKnCCmv0a6XwhmT0PA+32/F0BxTf9lcZConpurlvOHdznaVeUXcFOEwKouDC7smPIZZqcRU8OIbWs7YXqMgatgb/bJVtB0P0Avsj9t9Uz8Dv8xBV+90U5qwM7HV16FIERorDquzgKFcvtb8/QfjTINoswpHZKNCbmQPxfJYPheJFwMQGFn+b+ecv+Z7qng9JEujJSNtEPv2CIuVmSxZJaU5g2CMu3rFGIA3qF81Bf1Ri8n+KYWgOKpQt11nClouv2XePO8JKI6fslF411zJ8zD4E/6Qg95UWhLh0RG2cXzYSXXvrpXDlIe9spc4OLuj4tFtXkiZZvfM5MgRTtoh93soypUpEbswTji2UprC3OPikjIIW49YysGVsH2100/67HbtinRoazM1M+DjaD2pMryx7kW/oVpyaW61wiqtHk9nq8vqROLWBhQxzGSh9157z/46AT+8PN89gFh5uNdFuhFz8e8/HIV3HtIrzrtR+flJfHJ1ZT5dhTDicSMiC/DhG/hupX4GHGX6zlaMgBqB8bKxxvs+v0iHfSkDIkuenZ+nTD72DP5yuIQVIwGV16CZA6rusjb1zLn6QYpvQtCuqlih+epsGNEYP6B3rvNMc/N7JcwY4YMTK+C46EC9mXhpfPn0a5OdD4kQ6s=,iv:+g9W5MzgtLppD1K3dZ/tCuaMxaa194W3Lf23/jUmDvk=,tag:5uVwIOkB2+MRHPGlKGQtGg==,type:str] sops: age: - - recipient: age1yyzgmazjxkvwtfcv9re3lqmt2ru5dcrfu3sauysm0wzfwzvyap8qkjkq32 - enc: | + - enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtc25Wd0dlZldBVHZKTDRW - ZlVHamluT0hPbVArdWx0Qlk5czR6ZldIaEhRCnVkUVp6cHRwdnNsRDBhV285Q0tV - RitNWHNrUy9pN0dpanFSVHJjK0VuM1kKLS0tIHVLRWFRNmZyR2JOR3FwYjZsME9v - L2ZKbFIydkJ5L25GSWFBamhtbHZXV0UKAPIGMBbIdR7sCxsCYJa/9kajqmceOAJa - /jjxxcaWDkv5cmq0u8qFZEDkTjY3PKoJofBcx5q0npuJmrIA/oLeJA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBTmhhd2M0M1ZsdEtReUFM + MEs0SHZ4dUkxNWdUZjBoSFVQd0RvZTdWVndnCitxNGRGUWcwWWpZcytpUzhOcCtF + SHRoSzZkcWVnZzdrL0JoVkk0cTlSbWcKLS0tIGFCUFd6WXpxVWg2MVFCcnJ1Qklp + TDBBc21HWHJiZkZPZ3ZyWFhOeEFaT3cK5SFqqR2Fc6o/RTDPkly6xS+hEY331ws6 + 8KIGxGXC9iO7ExGOD5nzLzFJmjZzfp6IIvdQ0rzkJY4C1vKW1pPZMw== -----END AGE ENCRYPTED FILE----- - - recipient: age1elk6zwmcylwfk7gd4pjda7g29upftjvxys8py42s8d42jklnyv7s7dm9z2 - enc: | + recipient: age1yyzgmazjxkvwtfcv9re3lqmt2ru5dcrfu3sauysm0wzfwzvyap8qkjkq32 + - enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvcm5rZmtlUy9yQSs3Vnhh - eDVYaUxvcCtMYXhEa0ViTmFYK3JONnFsTWw0Cmdad2ZKdGcxeGQzeGVnTXRUeGJZ - R1kxQ1ZDK0FsQzc4S1EwMFN4VVZaTzAKLS0tIDJ5S3QycG5ZdThIVlZEVjBnMG9K - V1RSem1LdWpKT2o2aHh5dC9wVGJRakUK+5/eE+9WtSXmwoJ2Nqk4ni01GS4c3gLQ - p+wcpiOsxwnnisZTxag2yCn4hlv6FcOUWOcISq5H/sxwKgjBaeeuRQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeWEwQ0o4TDZkSFI4WGFZ + QXZIVGQ4ajI5SFpLczJpZHh3Tm9lMkZ6K1dBCjhWeDVWcVNWM01maXVDdTRYRzI4 + OUk0c0czSzNhVWxkUWdIU3JCaytZdkEKLS0tIHpBNzdpT0oxNkhBalVXYkpzRitn + dXRWUmxmTFNnYm5ZbzFYMjJ5THJlQ3cKn6AZhiS/eqvmsFbKkv79sE198ywNeNZf + BQJSQ353CmJQ7z7uL0m+/96aeaUu9Kjk37bPeMmxrXhhW7Kvwzwuiw== -----END AGE ENCRYPTED FILE----- - - recipient: age193gw802ytal7h5p5q37kpd9079k2vsflzmnvupcwfxh2kjdrwqtsk3g6rm - enc: | + recipient: age1elk6zwmcylwfk7gd4pjda7g29upftjvxys8py42s8d42jklnyv7s7dm9z2 + - enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TjZVN3dFbmg5MGhNVFdD - YTZ4WVdOUWRGTzkrUmRGVUpobmg0Y0ozaUFNClh6cXhKWVkxcTlRYmZ5NmNqeEJJ - YzdYR1FyRExabXBDSnVSbXNxZy91am8KLS0tIHZLa0dXWHZhMDU5Q3BNR2U3NG00 - eFp4Vmxha0xOVTVwd09PVzgrdzFNL2sKDEofAS4W4i8+VBU0wl1yTWmOogNbGHhY - azvb0QmxrYpurxjep3BYsc/5Co6U4mwowidoyzQLsiBJWDWy3wPdLQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbDY1WXl5Wk81Rk0zOXE4 + dGczVWZQZW9pMkxrZUdIWUg1V0EzQVdOb1Y0CmxYMnR1RDk4TUVCQm4xVWlnMHNB + eSs2QVZpQy83KzZMZDAzbGRkR2xmQ0UKLS0tIE5GNFRTWDhFQ1IrZUY0Si96UUhp + WXc4djdTVmp1bG5kN3ByTHViVy81R1kKGEgUjmwNtL7CFqILNWUEh2mHM4C3L9de + FBoqaUvE9Dc8lmxjicKKAlnf2ZbwTZ6+Iv2I+KLakjFMznSi4QFO0g== -----END AGE ENCRYPTED FILE----- - - recipient: age1yr7vurfxc3w8ewfw9djfm54atw6ayze69qglamecuft5q0n9gu2sadsa2m - enc: | + recipient: age193gw802ytal7h5p5q37kpd9079k2vsflzmnvupcwfxh2kjdrwqtsk3g6rm + - enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2d3dLVitDTVpyNllCTEJN - R1RLc2NkRnBrandDakhxeTJWeEdMVkZyS0JRCnl5Uk9FSk1iZmxCZUI1ZWdmYlJa - dEFlbjkxYjI4Y2FDZmswOGZqMUxGUXcKLS0tIGdqVWNaU1NWcGs4QXZyTkc5Z2VK - MGpaWmtHdzdpRDJxQXNveTd5WFkzTTgKxKuoC36uLqy+QoSGVcQekv5wn69yF0qH - 2qZPAm3wnf0KzZ8Wo/B8nXkjkq4llfKHbwfePiMRL4RObKXAejYhLA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZmxST1V3WXN1N01VaE16 + Njd3S2kzT1l1R2o5TXErYXIyTEo2ZWxNemxrCm5QZG92WDBjNzNLRUxqZ2txLzNz + dUU3cURjN1Y3d2ZBMHZuV0hOUWFsVzAKLS0tIG85TnBvL0F2dzBTdHQwdmZoOFhs + d2F5QWsxaUR0M2x1M1RVaHp0ZG1vVlkKtrMg6lwXFrXyZiweS6C1a46/Z5oDbHpm + FJ7xh8z3fPGRsoDWa/Qet8seNgIbLfAgyQvtIzKiKDTat4f73WIrsw== -----END AGE ENCRYPTED FILE----- - - recipient: age1hya7pgpe8zal52w3pjf036tpapmehedatfm4r84h30t4wuh079ssedfd37 - enc: | + recipient: age1yr7vurfxc3w8ewfw9djfm54atw6ayze69qglamecuft5q0n9gu2sadsa2m + - enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4am5wWWRkL3J0dlZVaWJR - eVdMNnhTdGJqeFlNdnppTHNLdjdjcVNYbUQ4CjcwdGM5Nmdvck1wb0RSRjMwL01D - STlFdkdDallLLzNnbGY4WndiLzdRMzAKLS0tIHRENzRFTVA2MWE5djVHUy9peVdG - dkZDTTJvWU1vZHN2ZUR1R1Z3UWpkSlEKjo621j7xjyyHcc/ij8/X0H5uNLD6SnZa - o+apPj44+fTJFL5+VjP/XOsx0rCKTQhnV0gGfZU2SPtfH2BUiDjV0g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TDhIdDRXVmgyVVZHQXp5 + N3dlTXBZb0E0bEtuZ2RFN3pQYkZWK25SbEg0CkFaMXRleFBISFAvSzNSSGpBbFVo + eTgxZitQNmZmYWx0a2dPcjRMdGpzNDQKLS0tIHpOTmtCM2lCS0NkZ2cvb0loK0pt + RTBMdHdnTnFBT2IzQ3JvWWpmZStFSTgK6CxSfV6tlejPie4xKiVUnEhpH7DYJ2lu + 9U9bw7i3qKvjSlFQBYghF0P4EK32k3x8lkAucK3m3ub8+wbunOJWTg== -----END AGE ENCRYPTED FILE----- - - recipient: age1p05z980kdtngk9mw67hfev72h7xhslplpxfk9yskgmf0hl4lu3ls04zht9 - enc: | + recipient: age1hya7pgpe8zal52w3pjf036tpapmehedatfm4r84h30t4wuh079ssedfd37 + - enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5YmF1K1ZtQmhoMGRVM0Fk - bW1PL0RPQ1ZUZEg4VU5VUi9BdlNhM2hPZkRNCnVIaUJJR1dFeXA1SWk2UFBkQW9a - cjc4bFRDb2p0eXJodG5IWk01ekdCdG8KLS0tIHFzU3l3WGcyTmZ0QjRyTmQwcDRZ - Mnp5K1VjcncrWWt4SEUrUVlCTTc3OVkKtRqPoatEp8NvZW4Z73nfCUshdz90SCad - VFgYF/2DYc7lSDP7otbsjBzGlauQQTWF1wfgEVOkw2EzOt2LCoflbg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbW1GSERmWGNvK2dCRjVC + M2U1SERPU3dGRnlwRmV4bHdNd3RxYzJ2YWk4Cm52bXZuYkt4dlEvbVA0cm51cmRX + MW1NYXllU1MwdE5jeEI4VmU5TytjcDAKLS0tIHNPOTIyN0ZlSHI3M0F3S01POGZF + RFM3NndnWSt4NnM5TkcyeXRmUFB1Q2MKDCuWlWqV/Dogr6wXDb02BGrsnpyGe22D + ivWjVoYx5ClxlKyt7Xuies9fLNjRTVfjJFD5DQTinSPjxrusJg0O5w== -----END AGE ENCRYPTED FILE----- + recipient: age1p05z980kdtngk9mw67hfev72h7xhslplpxfk9yskgmf0hl4lu3ls04zht9 + - enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5UkhFTld1T2x4bEZ0Mldy + dmZ4b3UzaHgxN2FUenBaVFRFY0puZlVVM2dRClVMK3VCM0w3cUM5Um90YmM1TUhu + Vk5wMm4vZXNsTnlQWFV0ZG1tS25UWkkKLS0tIDR3d2NmZjVzUEF2aHN3NW05bGVp + L0NHbUF3NzJ3NUtnZFVRMVdLa2ZtWWcKzuMx/jDuZ3z7IPPvAmcYyjLi4c3Toj7a + 6POXxpxjGhlWJaV47jqeN+7mQY2oTHE/x4raoX/KA2ouXL29K8QpmA== + -----END AGE ENCRYPTED FILE----- + recipient: age1pewusvlcgzcnk0kpskgc9qr6jlq8s2yzwnqrnh84p7v5z0kj3qhsya8h2x lastmodified: "2026-03-24T00:15:02Z" mac: ENC[AES256_GCM,data:dYTwO5DtkKinTKfBXGuvXRFxl8yavxXMKTw27M5/GcK/kkstHBG119IRk9B9KC6s6IHTY81U3MeUxE9XwdBiE7q4m15+ZO2vmdBVhN8wAh+82P9BP0HSaxLkjWLeKWBfULyLX/YXmQVsr09/NUEVSZcugJ6m40Ta+X9AQgO+cyA=,iv:FmsznsKTuIr61s3Zn0QZKSKvb/e2AljEB1ijKE52RKk=,tag:rHF2Xi4iP9VF33rxpBr5pg==,type:str] unencrypted_suffix: _unencrypted