servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: Added ldap and authelia oidc

Browse Source
This commit is contained in:
uttarayan21
2025-07-29 04:26:12 +05:30
parent b05f18bac5
commit 26b5ab00d5
10 changed files with 179 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
home/apps/zed.nix
View File

@@ -7,9 +7,9 @@
pkgs.zed-editor pkgs.zed-editor
]; ];
zed-editor = { # zed-editor = {
enable = true; # enable = true;
}; # };
# xdg.configFile = { # xdg.configFile = {
# "zed/keymaps.json" = ''''; # "zed/keymaps.json" = '''';
# "zed/settings.json".source = ''''; # "zed/settings.json".source = '''';

1
home/services/hyprland.nix
View File

@@ -52,7 +52,6 @@
settings = { settings = {
source = "${pkgs.catppuccinThemes.hyprland}/themes/mocha.conf"; source = "${pkgs.catppuccinThemes.hyprland}/themes/mocha.conf";
"render:explicit_sync" = true;
"render:cm_fs_passthrough" = 1; "render:cm_fs_passthrough" = 1;
monitor = [ monitor = [
"${device.monitors.primary}, 2560x1440@360, 0x0, 1, transform, 0, bitdepth, 10, cm, hdr, sdrbrightness, 1.1, sdrsaturation, 1.2" "${device.monitors.primary}, 2560x1440@360, 0x0, 1, transform, 0, bitdepth, 10, cm, hdr, sdrbrightness, 1.1, sdrsaturation, 1.2"

16
home/services/swaync.nix
View File

@@ -3,14 +3,14 @@
enable = device.is "ryu"; enable = device.is "ryu";
settings = { settings = {
notification-inline-replies = true; notification-inline-replies = true;
cssPriority = "user"; # cssPriority = "user";
}; };
}; };
xdg.configFile = { # xdg.configFile = {
"swaync/style.css".text = '' # "swaync/style.css".text = ''
.floating-notifications { # .floating-notifications {
background: rgba(0, 0, 0, 0.0); # background: rgba(0, 0, 0, 0.0);
} # }
''; # '';
}; # };
} }

5
justfile
View File

@@ -25,3 +25,8 @@ home:
nvim: nvim:
nix run .#neovim nix run .#neovim
[linux]
rollback:
sudo nixos-rebuild switch --rollback --flake .

58
nixos/mirai/services/authelia.nix
View File

@@ -7,8 +7,9 @@
"authelia/servers/darksailor/storageEncryptionSecret".owner = user; "authelia/servers/darksailor/storageEncryptionSecret".owner = user;
"authelia/servers/darksailor/sessionSecret".owner = user; "authelia/servers/darksailor/sessionSecret".owner = user;
"authelia/users/servius".owner = user; "authelia/users/servius".owner = user;
"authelia/oidc/immich".owner = user; "lldap/users/authelia".owner = user;
users.owner = user; users.owner = user;
"authelia/oidc/jwks".owner = user;
}; };
}; };
services = { services = {
@@ -18,44 +19,22 @@
settings = { settings = {
authentication_backend = { authentication_backend = {
password_reset.disable = false; password_reset.disable = false;
file = { password_change.disable = false;
path = "/run/secrets/users"; # file = {
# path = "/run/secrets/users";
# };
ldap = {
address = "ldap://localhost:389";
timeout = "5s";
# start_tls = false;
base_dn = "dc=darksailor,dc=dev";
user = "cn=authelia,ou=people,dc=darksailor,dc=dev";
users_filter = "(&({username_attribute}={input})(objectClass=person))";
groups_filter = "(&(member={dn})(objectClass=groupOfNames))";
additional_users_dn = "OU=people";
additional_groups_dn = "OU=groups";
}; };
}; };
# identity_providers = {
# oidc = {
# clients = [
# {
# client_id = "immich";
# client_name = "immich";
# client_secret = ''{{ fileContent "${config.sops.secrets."authelia/oidc/immich".path}" }}'';
# public = false;
# authorization_policy = "two_factor";
# require_pkce = false;
# pkce_challenge_method = "";
# redirect_uris = [
# "https://photos.darksailor.dev/auth/login"
# "https://photos.darksailor.dev/user-settings"
# "app.immich:///oauth-callback"
# ];
# scopes = [
# "openid"
# "profile"
# "email"
# ];
# response_types = [
# "code"
# ];
# grant_types = [
# "authorization_code"
# ];
# access_token_signed_response_alg = "none";
# userinfo_signed_response_alg = "none";
# token_endpoint_auth_method = "client_secret_post";
# }
# ];
# };
# };
session = { session = {
cookies = [ cookies = [
{ {
@@ -91,6 +70,11 @@
jwtSecretFile = config.sops.secrets."authelia/servers/darksailor/jwtSecret".path; jwtSecretFile = config.sops.secrets."authelia/servers/darksailor/jwtSecret".path;
storageEncryptionKeyFile = config.sops.secrets."authelia/servers/darksailor/storageEncryptionSecret".path; storageEncryptionKeyFile = config.sops.secrets."authelia/servers/darksailor/storageEncryptionSecret".path;
sessionSecretFile = config.sops.secrets."authelia/servers/darksailor/sessionSecret".path; sessionSecretFile = config.sops.secrets."authelia/servers/darksailor/sessionSecret".path;
oidcHmacSecretFile = config.sops.secrets."authelia/servers/darksailor/sessionSecret".path;
oidcIssuerPrivateKeyFile = config.sops.secrets."authelia/oidc/jwks".path;
};
environmentVariables = {
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = config.sops.secrets."lldap/users/authelia".path;
}; };
}; };
}; };

25
nixos/mirai/services/homepage.nix
View File

@@ -1,4 +1,4 @@
{...}: { {config, ...}: {
services = { services = {
homepage-dashboard = { homepage-dashboard = {
enable = true; enable = true;
@@ -107,6 +107,13 @@
href = "https://llama.darksailor.dev"; href = "https://llama.darksailor.dev";
}; };
} }
{
"Immich" = {
icon = "immich.png";
description = "Immich: Self-hosted Photo and Video Backup";
href = "https://photos.darksailor.dev";
};
}
]; ];
} }
]; ];
@@ -163,8 +170,22 @@
uri /api/authz/forward-auth uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
} }
reverse_proxy localhost:8082 reverse_proxy localhost:${builtins.toString config.services.homepage-dashboard.listenPort}
''; '';
}; };
authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "dashboard.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
}; };
} }

77
nixos/mirai/services/immich.nix
View File

@@ -1,5 +1,78 @@
{...}: { {config, ...}: {
sops = {
secrets."authelia/oidc/immich/client_id" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
};
secrets."authelia/oidc/immich/client_secret" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
};
templates = {
"OAUTH_CLIENT.env" = {
content = ''
OAUTH_CLIENT_ID=${config.sops.placeholder."authelia/oidc/immich/client_id"}
OAUTH_CLIENT_SECRET=${config.sops.placeholder."authelia/oidc/immich/client_secret"}
'';
mode = "0400";
owner = config.services.immich.user;
};
};
};
users.users.immich.extraGroups = [config.systemd.services.authelia-darksailor.serviceConfig.Group];
services.immich = { services.immich = {
enable = false; enable = true;
mediaLocation = "/media/photos/immich";
settings = {
oauth = {
enabled = true;
autoLaunch = true;
autoRegister = true;
buttonText = "Login with Authelia";
clientId = "immich";
scope = "openid email profile";
issuerUrl = "https://auth.darksailor.dev/.well-known/openid-configuration";
};
passwordLogin = {
enabled = false;
};
};
secretsFile = config.sops.templates."OAUTH_CLIENT.env".path;
};
services.caddy = {
virtualHosts."photos.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${builtins.toString config.services.immich.port}
'';
};
services.authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
clients = [
{
client_name = "immich";
client_id = ''{{- fileContent "${config.sops.secrets."authelia/oidc/immich/client_id".path}" }}'';
client_secret = ''{{- fileContent "${config.sops.secrets."authelia/oidc/immich/client_secret".path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = false;
redirect_uris = [
"https://photos.darksailor.dev/auth/login"
"https://photos.darksailor.dev/user-settings"
"app.immich:///oauth-callback"
];
scopes = ["openid" "profile" "email"];
response_types = ["code"];
grant_types = ["authorization_code"];
access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
};
};
};
}; };
} }

30
nixos/mirai/services/llama.nix
View File

@@ -43,13 +43,13 @@
}; };
caddy = { caddy = {
# virtualHosts."llama.darksailor.dev".extraConfig = '' virtualHosts."llama.darksailor.dev".extraConfig = ''
# forward_auth localhost:5555 { forward_auth localhost:5555 {
# uri /api/authz/forward-auth uri /api/authz/forward-auth
# copy_headers Remote-User Remote-Groups Remote-Email Remote-Name copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
# } }
# reverse_proxy localhost:7070 reverse_proxy localhost:${builtins.toString config.services.open-webui.port}
# ''; '';
virtualHosts."ollama.darksailor.dev".extraConfig = '' virtualHosts."ollama.darksailor.dev".extraConfig = ''
@apikey { @apikey {
header Authorization "Bearer {env.LLAMA_API_KEY}" header Authorization "Bearer {env.LLAMA_API_KEY}"
@@ -61,12 +61,26 @@
Access-Control-Allow-Origin * Access-Control-Allow-Origin *
-Authorization "Bearer {env.LLAMA_API_KEY}" # Remove the header after validation -Authorization "Bearer {env.LLAMA_API_KEY}" # Remove the header after validation
} }
reverse_proxy localhost:11434 reverse_proxy localhost:${builtins.toString config.services.ollama.port}
} }
respond "Unauthorized" 403 respond "Unauthorized" 403
''; '';
}; };
authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "llama.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
}; };
systemd.services.caddy = { systemd.services.caddy = {
serviceConfig = { serviceConfig = {

30
nixos/mirai/services/lldap.nix
View File

@@ -6,23 +6,24 @@
services.lldap = { services.lldap = {
enable = true; enable = true;
settings = { settings = {
# ldap_user_dn = "admin"; ldap_user_dn = "admin";
ldap_base_dn = "dc=darksailor,dc=dev"; ldap_base_dn = "dc=darksailor,dc=dev";
# ldap_user_email = "admin@darksailor.dev"; ldap_user_email = "admin@darksailor.dev";
# http_host = "127.0.0.1"; http_host = "127.0.0.1";
http_port = 5090; http_port = 5090;
ldap_port = 389; ldap_port = 389;
# ldap_host = "::"; ldap_host = "::";
environment = { # environment = {
LLDAP_JWT_SECRET_FILE = config.sops.secrets."lldap/jwt".path; # };
LLDAP_KEY_SEED_FILE = config.sops.secrets."lldap/seed".path; environmentFile = ''
# LLDAP_LDAP_USER_PASS_FILE = config.sops.secrets."lldap/admin".path; LLDAP_LDAP_USER_PASS_FILE = ${config.sops.secrets."lldap/admin".path};
LLDAP_LDAP_USER_PASS = "foobar123"; LLDAP_JWT_SECRET_FILE = ${config.sops.secrets."lldap/jwt".path};
}; LLDAP_KEY_SEED_FILE = ${config.sops.secrets."lldap/seed".path};
'';
}; };
}; };
services.caddy = { services.caddy = {
virtualHosts."console.darksailor.dev".extraConfig = '' virtualHosts."ldap.darksailor.dev".extraConfig = ''
reverse_proxy localhost:5090 reverse_proxy localhost:5090
''; '';
}; };
@@ -34,15 +35,12 @@
}; };
users.groups.lldap = {}; users.groups.lldap = {};
# systemd.services.sops-install-secrets = {
# after = ["lldap.service"];
# };
systemd.services.lldap = { systemd.services.lldap = {
# wants = ["sops-install-secrets.service"];
serviceConfig = { serviceConfig = {
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";
DynamicUser = lib.mkForce false; DynamicUser = lib.mkForce false;
User = "lldap";
Group = "lldap";
}; };
}; };
sops = { sops = {

11
secrets/secrets.yaml
View File

@@ -26,11 +26,16 @@ authelia:
storageEncryptionSecret: ENC[AES256_GCM,data:cJx0HpsAXqqt4cSQduh4NUVb+czQCkMnSn35HNtLDzqoAMAZOxnNCNsd9Rpq0VySyZc4TzSiN+9tPLj1,iv:r1w4hYKWn/Guwuk13Fg831r5bUm02PJw/IoNDTMbdOg=,tag:5vMdpJ6fTT4YvT/5gGy94Q==,type:str] storageEncryptionSecret: ENC[AES256_GCM,data:cJx0HpsAXqqt4cSQduh4NUVb+czQCkMnSn35HNtLDzqoAMAZOxnNCNsd9Rpq0VySyZc4TzSiN+9tPLj1,iv:r1w4hYKWn/Guwuk13Fg831r5bUm02PJw/IoNDTMbdOg=,tag:5vMdpJ6fTT4YvT/5gGy94Q==,type:str]
sessionSecret: ENC[AES256_GCM,data:50h5JbQneCjEdTO34T6zDNzXSeeyV1MyuS034gZgwddg8Z/KAGMDWQ==,iv:SsD8YmzXzF2KhRg76tjNRyjpOZsD/jP6M8PgNCuSlcg=,tag:dfW1m6UUubD6Go1HS5yoLw==,type:str] sessionSecret: ENC[AES256_GCM,data:50h5JbQneCjEdTO34T6zDNzXSeeyV1MyuS034gZgwddg8Z/KAGMDWQ==,iv:SsD8YmzXzF2KhRg76tjNRyjpOZsD/jP6M8PgNCuSlcg=,tag:dfW1m6UUubD6Go1HS5yoLw==,type:str]
oidc: oidc:
immich: ENC[AES256_GCM,data:p11v+4I07FSW/pYk4l5fBlOQ2YczU0eoOvyLq/V62hY=,iv:NuHdsdLL+krQR2BZtMOcZL2zTHYjzoXbvKZLDWe36io=,tag:E8dkaQpSf+pzW18M+lqFGw==,type:str] immich:
client_id: ENC[AES256_GCM,data:LpB+nR7SGI2EV4YK0VptF5zJ6Ai/LDfikUpoAnFWnT8krMOQ/voqjS6jhqaFz9IKhtPQL9TNZOONr5JjkDZR7sI63Ohv4Lnx,iv:J96CL8EHHj88YbQW7rdQK9C6MxXaHnMt+mgL3iL5Heg=,tag:aXD/HdWXO/e6aKGnay0W+g==,type:str]
client_secret: ENC[AES256_GCM,data:mZ9bxeuKEYtZRRncsXBRgFeu0exO+VN9MRXFEF/KQxrDHnGkiFGQH8/wbeHnqIO8Xpmhd5PJEz5Q29rNKJE6hsomVFHASYe6w/JCaxP24Qu2nQH60YBYsk0vfVgB8QyfpbIN1lDeW+3F8YZLa1IJuxt1Cpg9cgMtaZ4AZh4cGgBxSDE=,iv:QErPIwOTBs3UJMRDTyLpNFc8unucQKzLl6WbSuJ97fY=,tag:NRQYmn6GfIMPAUKyI7QxMQ==,type:str]
jwks: ENC[AES256_GCM,data:1efhdlYmiD/y4kzK0hFfLAmY6rXK0hvZez/tu1cb2hfUhIM/DzNNthKQjH8Cu2TlZwDQpUIrCO7Tr0BbkiREC+VNK4vYgi+GWswnG7VCZS40xRAZhSArNO2uQ4dpf/KAHRSSJa3i7gGOqSG/Pnrl3TRhzkhkfWSRk+7koPWKpYJOKLem+ZLN75yssCsEbYIOHjcXyizNHt6SE2ylqqCjyWnlhlnRQStYaFPWAAABcm96MkSThSyRd6hTAifC/aZiM1IMlLw7wJJk01uwjJytlxBxDiFrdr4Grg0PzOsOAocex9Siw5fzcr7dFpVBoaS7e7nD/sccGSyEysw/t+wvkMou1Ewr5U2Pnew8lPjSrEiiGxuPwmK9kHxD3L6cADxF6xs4bn+Iqa/yy9FWbtGZfBYOxJiRvXgxBPiO7CH4tJyVIbnLfi8K/zCJC9u5vO+WFXiVIzXxAPVUL7VKQQZGxV7989LMdcjzck+B1zFHVQz25siwbpu0FxMxiJsVtBxu1U+QBRfQrwLacX2NAJvqYNZxr+9l43Fh0x8dS5CBheVEy39sXge9jLyS7kIW0FfvgJaHuLL2/GhDGsvfi7zFPOc8Thg+8LP58L8wzPT+LvVoidq/j3K2Ct6udn9JsOnbZT3Gs1RiY+E77H09GbdwIrP0sGVi4ZJe++w+sKNjyzLzceEYGkfa1EiMQhYPHzqUAwqtgmJZo9tY+2jOBJb9ZU+Kj0xtqZsjFpHaGWsRj8XGkPrAFEh6Z6/Ak9/BpYaapPeAO3Wa6tzNVlTCtaX786nSTjfGC7v9O4Uz8XQr0HV3A7wj36Fw3dqERZFKea7BJbiiAiEZtnOsbWVqQXpIUVfCvPhfwuFcOU/ClyM1fGyZXaCIeB62Tkqa+ZlqRQgzzf3bSFUK0PgxE3Ny5pIPzNEINqse+6DeFuF91uY1dLQB4Vizyzv1H+X/OecO9K8kECM1wUy3Fbbyh4tYYxt4VvqFQZ1o4A7Jd04WCIf3hdAHmwvOQW+/8dfnyLa8kqTcQYeI3jfjtRvD6TaZl21K9kFY2VJAexdno9bbozDOus1Ep92ublwonVjfvzbyDURHGF6Cw2OL7xcbHQIMz/ZmkVHMra49NHgWlI6X0slgYDxKKDszHhZ9SHkEXF8pJf+uogbwSwz1glRkEdn1oprbs8GsFoc7HGVvSHRgOWKHwvhZD2tMiSE4cEFZ9/2nSPISQMNGuS7wgnVkalKPW+gF1EWVXczanzKsrpcDtpMdFufMRVusaJBV5Jw62I++cx1AMW2dRTseQyWLchRWtOba6dd9gbNzGi39+njHClHIEUxaxXzxIQLhSgCA9loXRc26ZA6DpwHQR+gtH2OybeFEiH390YoSfFeZuU+f0E2awMdpiEsBL/AniUcboDaBEaDQYpwUawNL+II7rmSn4rTJM64n5z3B88U/vAQh9BQFhf7SDKb05n/ArCibkdy3gbo8rTVH1gGbmW53DTxzuW+AEpFcuueiP3yz1vGzEwKSX+LMkCwFwk6Y/VcqHXW+PdZ88SFUr5WELGPkZxT3AvmduBCifE0KDzKWrN3yy1xwEQDGrYiqeHqeqHpEuk/KpxeAwepqWayGMq6iT4BWUBojNo6quoXkPPodSsotbBFLjyRHoDGm0NZSbgluOUyERrN6M+ELdHqQjeNTS046KB6QnG5s+uTA+uxyonvmPCPBgFAd0q0qfq4T/SISHrPe13Y7nHnATxoMBszvIfKznqFthTBsc3V9C5+g/kcOzcEQpAC6baGe+eq23m/Go3uDa7O84Euxhj9C5NBcidvgmYmRZuY6l2ehnxf1oGoGwHBJEaYEuCk7sc3Wac6u2OvqCIKPxRdi2tUiZ9FwCGLqd8qcLEPtsSaBNk2CVlK9ZkgPzSYH794qpNQDWkyv5SJ4V9zy2LL+s9MHtHNQu6QxALZ8c0GfQetTI5ArkC3cBz/3mRdDMy9k7HpO7b6USoxqGAZ+H4kzJhus9QwjaqJnnB+fJI5O2ek5TVLY9RWXo+W2pCBDjt925BVoChkvkUEg4GtvR+8/yChgYEgYWUPqRV4vMEwQiRoaJamL/E+lRaUx+c0f9ga8+k0JdfxfzoIPUA3/rBGcfO8Y12RF8Ool4hreP409KjdPP0PeeOVKg58MPYNO5O0BdT62nyL+fSvJkw7uPGcOwtOtcxjcBsNhoFv0twrCp8S3cLX45GTNaTw+JHcxsTzG9ibL3bFtVkAAiZHZGMisEjTSGElSGIDk+MoPt68hq4BRioab,iv:gGKyTUigpnqg3Fgd76INrESRT27hJRzYQ3xk8heNkWk=,tag:fVc8rg1Or63X/14neG+8Cw==,type:str]
lldap: lldap:
jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str] jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str]
seed: ENC[AES256_GCM,data:zMBZP4GeGkQ4chC9eQ4tG8vTqbxZj4iQMKCj0WQd1qOWVTibpk6VylnFz5ugmeMR,iv:5ZFf/r683AHVlpp7iN9B6nY1b8tD/JSCxRN4vXT1cRM=,tag:MmeGpK9d2GFP3etr9Ouvkg==,type:str] seed: ENC[AES256_GCM,data:zMBZP4GeGkQ4chC9eQ4tG8vTqbxZj4iQMKCj0WQd1qOWVTibpk6VylnFz5ugmeMR,iv:5ZFf/r683AHVlpp7iN9B6nY1b8tD/JSCxRN4vXT1cRM=,tag:MmeGpK9d2GFP3etr9Ouvkg==,type:str]
admin: ENC[AES256_GCM,data:6eLFuyt9hBzoAGfaDLi9cwxFj/yq20BDCSzbHzakZLo=,iv:qjczQ/hswAzVVS7gCUapzqhRx1dAE7FhRUvtovlMuY0=,tag:aMBFJy+USOd5Vy2QKjoD6Q==,type:str] admin: ENC[AES256_GCM,data:6eLFuyt9hBzoAGfaDLi9cwxFj/yq20BDCSzbHzakZLo=,iv:qjczQ/hswAzVVS7gCUapzqhRx1dAE7FhRUvtovlMuY0=,tag:aMBFJy+USOd5Vy2QKjoD6Q==,type:str]
users:
authelia: ENC[AES256_GCM,data:6zddaWEBqJqfLaSzeANlSfldpw==,iv:jx3P9FThq7+LbwX0LpNK7qll3RJ5ibNfdDybS+KZG6U=,tag:RHNPLdbpkPy2aAcibljxAg==,type:str]
builder: builder:
mirai: mirai:
cache: cache:
@@ -55,7 +60,7 @@ sops:
VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q== ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-28T11:23:30Z" lastmodified: "2025-07-28T22:24:11Z"
mac: ENC[AES256_GCM,data:lAaVNBji1kslL5pCYBABP3X8n1AFQ1ocFgPCRmlipLPt9dVVwzKDokI75xWztOTVU/ydkz/AQjHkeunPc0bl3lhukrpLAulpQLFTV/+zy2ku3nStCrpx93bmjO0KWb9GvjidITVOvr4WzOZUSsq45Im4gJgpFXDyCXg/8HsY6K0=,iv:vh7GdrwU+T4AkZS7uWljagA11itG1QEs2JdwSqbqmtc=,tag:VpCVyr4TxWYCWfssXz4QyQ==,type:str] mac: ENC[AES256_GCM,data:k7nnnBg4/5i0JdRXIvQK/zM9Xm6Ex14UTu9ZjZntal6IJuccNvMvbNLIDa4+cnjVjwaOHAXCzmCP5xQZ2R5k7b8EJ853lahMYy4ORbg0Ve5nCIZOVc0A43CfErPz4SdK+NMALP7s7z5aeb1grJ6U3RBRBTrKib//1oo5u44ozNw=,iv:6UiMxysglG0CeSUWXAPlL7qjXR876JS4yUGwBqlwcyU=,tag:mCFw+UU+7SOjw1k+A6jAqQ==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2