From c87584c294024301740dd8235378acd55f9f08d3 Mon Sep 17 00:00:00 2001 From: xunuwu Date: Sun, 1 Jun 2025 12:30:22 +0200 Subject: [PATCH] wireguard progress --- .sops.yaml | 6 + sys/machines/hopper/lab/slskd.nix | 2 +- sys/machines/hopper/lab/transmission.nix | 2 +- sys/machines/hopper/lab/vpn-namespace.nix | 6 +- sys/machines/nixdesk/wireguard.nix | 14 +- sys/machines/rackserv/default.nix | 4 + sys/machines/rackserv/wireguard-server.nix | 120 ++++++++++++++++++ sys/profiles/secrets/default.nix | 2 +- sys/profiles/secrets/hopper/wireguard | 8 +- sys/profiles/secrets/nixdesk/wireguard | 15 +-- sys/profiles/secrets/rackserv/default.nix | 9 ++ .../secrets/rackserv/wireguard-private | 19 +++ 12 files changed, 178 insertions(+), 29 deletions(-) create mode 100644 sys/machines/rackserv/wireguard-server.nix create mode 100644 sys/profiles/secrets/rackserv/default.nix create mode 100644 sys/profiles/secrets/rackserv/wireguard-private diff --git a/.sops.yaml b/.sops.yaml index f20bebb..056d8ec 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,6 +4,7 @@ keys: - &hosts: - &nixdesk age155sscpw0x36t6s9usdrz7relpxqrtqnk98mrc7s0qcv2n0v3zd7sfl2xn8 - &hopper age1e9nhfwfcg9krc03re4fwh0wu0cwf6jq4js5vfn26hcdqc2apgdes98fea7 + - &rackserv age1zutg3s4nth679a6av9xqw4km0ezmfkxlnusu78demf0rzazqn3pqk9exgj creation_rules: - path_regex: home/profiles/secrets @@ -26,3 +27,8 @@ creation_rules: - age: - *xun - *hopper + - path_regex: sys/profiles/secrets/rackserv + key_groups: + - age: + - *xun + - *rackserv diff --git a/sys/machines/hopper/lab/slskd.nix b/sys/machines/hopper/lab/slskd.nix index 8d3e747..e6692e9 100644 --- a/sys/machines/hopper/lab/slskd.nix +++ b/sys/machines/hopper/lab/slskd.nix @@ -22,7 +22,7 @@ remote_file_management = true; shares.directories = ["/media/library/music"]; soulseek = { - listen_port = 26449; + listen_port = 24001; picture = pkgs.fetchurl { url = "https://cdn.donmai.us/original/57/65/__kasane_teto_utau_drawn_by_nonounno__576558c9a54c63a268f9b584f1e84c9f.png"; hash = "sha256-7WOClBi4QgOfmcMaMorK/t8FGGO7dNUwxg3AVEjRemw="; diff --git a/sys/machines/hopper/lab/transmission.nix b/sys/machines/hopper/lab/transmission.nix index eae9d68..161a824 100644 --- a/sys/machines/hopper/lab/transmission.nix +++ b/sys/machines/hopper/lab/transmission.nix @@ -19,7 +19,7 @@ speed-limit-up = 50 * mbit; speed-limit-down-enabled = true; speed-limit-down = 150 * mbit; - peer-port = 11936; + peer-port = 24003; rpc-authentication-required = false; rpc-bind-address = "0.0.0.0"; rpc-host-whitelist = "transmission.hopper.xun.host"; diff --git a/sys/machines/hopper/lab/vpn-namespace.nix b/sys/machines/hopper/lab/vpn-namespace.nix index 06ca2eb..8060629 100644 --- a/sys/machines/hopper/lab/vpn-namespace.nix +++ b/sys/machines/hopper/lab/vpn-namespace.nix @@ -38,15 +38,15 @@ protocol = "tcp"; } { - port = config.services.slskd.settings.soulseek.listen_port; + port = 24001; # slskd protocol = "both"; } { - port = config.services.slskd.settings.soulseek.listen_port + 1; + port = 24002; # slskd protocol = "both"; } { - port = config.services.transmission.settings.peer-port; + port = 24003; # transmission protocol = "both"; } ]; diff --git a/sys/machines/nixdesk/wireguard.nix b/sys/machines/nixdesk/wireguard.nix index 4f286a0..ce57ddf 100644 --- a/sys/machines/nixdesk/wireguard.nix +++ b/sys/machines/nixdesk/wireguard.nix @@ -14,16 +14,12 @@ accessibleFrom = ["192.168.0.0/24"]; # Forwarded to my vpn, for making things accessible from outside - openVPNPorts = [ - { - port = 26449; + openVPNPorts = + lib.range 23000 23010 + |> map (num: { + port = num; protocol = "both"; - } - { - port = 26450; - protocol = "both"; - } - ]; + }); # From inside of the vpn namespace to outside of it, for making things inside accessible to LAN portMappings = []; diff --git a/sys/machines/rackserv/default.nix b/sys/machines/rackserv/default.nix index 7729507..895e4e9 100644 --- a/sys/machines/rackserv/default.nix +++ b/sys/machines/rackserv/default.nix @@ -10,8 +10,12 @@ inputs.disko.nixosModules.disko ./disk-config.nix ./fail2ban.nix + ./wireguard-server.nix ] ++ (map (x: systemProfiles + x) [ + /secrets/default.nix + /secrets/rackserv/default.nix + /core/security.nix /core/tools.nix /core/ssh.nix diff --git a/sys/machines/rackserv/wireguard-server.nix b/sys/machines/rackserv/wireguard-server.nix new file mode 100644 index 0000000..152442f --- /dev/null +++ b/sys/machines/rackserv/wireguard-server.nix @@ -0,0 +1,120 @@ +{ + pkgs, + config, + lib, + ... +}: { + networking.firewall = let + forwardPorts = { + "10.0.0.3" = + lib.range 23000 23010 + |> map (n: { + protocols = ["tcp" "udp"]; + port = n; + }); + "10.0.0.2" = + [24001 24002 24003] + |> map (n: { + protocols = ["tcp"]; + port = n; + }); + }; + + b = builtins; + portsList = b.attrValues forwardPorts |> b.concatLists; + portsAndIpsList = lib.mapAttrsToList (n: v: map (x: x // {destinationIp = n;}) v) forwardPorts |> b.concatLists; + in { + allowedTCPPorts = b.filter (x: b.elem "tcp" x.protocols) portsList |> map (x: x.port); + allowedUDPPorts = [51820] ++ (b.filter (x: b.elem "udp" x.protocols) portsList |> map (x: x.port)); + extraCommands = + portsAndIpsList + |> map (x: '' + ${x.protocols |> map (protocol: "iptables -t nat -A PREROUTING -p ${protocol} --dport ${toString x.port} -j DNAT --to-destination ${x.destinationIp}") |> b.concatStringsSep "\n"} + ${x.protocols |> map (protocol: "iptables -t nat -A POSTROUTING -p ${protocol} -d ${x.destinationIp} --dport ${toString x.port} -j SNAT --to-source 172.245.52.19") |> b.concatStringsSep "\n"} + '') + |> b.concatStringsSep "\n"; + + extraStopCommands = + portsAndIpsList + |> map (x: '' + ${x.protocols |> map (protocol: "iptables -t nat -D PREROUTING -t nat -p ${protocol} --dport ${toString x.port} -j DNAT --to-destination ${x.destinationIp}") |> b.concatStringsSep "\n"} + ${x.protocols |> map (protocol: "iptables -t nat -D POSTROUTING -t nat -p ${protocol} -d ${x.destinationIp} --dport ${toString x.port} -j SNAT --to-source 172.245.52.19") |> b.concatStringsSep "\n"} + '') + |> b.concatStringsSep "\n"; + + interfaces.wg0 = { + allowedUDPPorts = [53]; + allowedTCPPorts = [53]; + }; + }; + + systemd.network.netdevs = { + "50-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + MTUBytes = "1300"; + }; + wireguardConfig = { + ListenPort = 51820; + PrivateKeyFile = config.sops.secrets.wireguard-privatekey.path; + RouteTable = "main"; + }; + wireguardPeers = [ + { + # hopper + PublicKey = "P5W5/m9VnWcbdR6e3rs4Yars4Qb2rPjkRmCAbgja4Ug="; + AllowedIPs = ["10.0.0.2" "fd12:1e51:ca23::2"]; + } + { + # nixdesk + PublicKey = "DMauL/fv08yXvVtyStsUfg/OM+ZJwMNvguQ59X/KU2Q="; + AllowedIPs = ["10.0.0.3" "fd12:1e51:ca23::3"]; + } + ]; + }; + }; + + systemd.network.networks.wg0 = { + matchConfig.Name = "wg0"; + address = ["10.0.0.1/10" "fd12:1e51:ca23::1/64"]; + networkConfig = { + IPMasquerade = "ipv4"; + IPv4Forwarding = true; + }; + }; + + services.dnsmasq = { + enable = true; + resolveLocalQueries = false; + settings = { + server = ["1.1.1.1" "8.8.8.8"]; + interface = ["wg0"]; + bind-interfaces = true; + }; + }; + + # networking.wireguard = { + # enable = true; + # interfaces.wg0 = { + # ips = ["10.0.0.0/10"]; + # listenPort = 51820; + # postSetup = '' + # ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE + # ''; + # postShutdown = '' + # ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE + # ''; + # + # privateKeyFile = config.sops.secrets.wireguard-privatekey.path; + # + # peers = [ + # { + # # hopper + # publicKey = "P5W5/m9VnWcbdR6e3rs4Yars4Qb2rPjkRmCAbgja4Ug="; + # allowedIPs = ["10.0.0.1/32"]; + # } + # ]; + # }; + # }; +} diff --git a/sys/profiles/secrets/default.nix b/sys/profiles/secrets/default.nix index ab8fde3..271d286 100644 --- a/sys/profiles/secrets/default.nix +++ b/sys/profiles/secrets/default.nix @@ -1,6 +1,6 @@ {inputs, ...}: { imports = [ inputs.sops-nix.nixosModules.sops - ./global + # ./global ]; } diff --git a/sys/profiles/secrets/hopper/wireguard b/sys/profiles/secrets/hopper/wireguard index a3c9985..d234228 100644 --- a/sys/profiles/secrets/hopper/wireguard +++ b/sys/profiles/secrets/hopper/wireguard @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:BCUmakHRS/iF+TZQSKK26Nrfc+qxTzfgdoQAoKLp2dqJNqzFfZQBdoN46bdfbzn1Ujmpo9bGW04khDuB6tU0UAkUI2wc73NTybM578lPyfrsSddKPDO4W0cB+s1kk6bqCKexaYzIdeJYVfSPzExP1BCLmw6TjByMkAU/MGxFlY8ohfVr5YaANHX4nymYaiuF6ksVpWL2epmpKA+Ql07lTY8MM+JPTrJQDk4gak+dwVDUYXkaw2EkR/jI1XFT05MNWgqloPG7y2GWnS2rYPyp5ti3NHQxJk8IQx6QH9znwI2EdtDQv7zLRHLeFXeLsd4mFngas5729e8F69YOHWPx5vtICaKHLTAVHU6sXQMruQu42ucoZFGUfu886QfXZCxAhVj1RGhnV4AI5NPucm5ZWI5gdfkBZDIKHg1ziy8qzFBXqNnoiOI/Ar9r/obSqTbLPFba4gdMRgAW+EaJdBMSa8yd7OZr/IYROIM8vDd5MR7whYWBArUMqIzzCbQ/8dWwBiRd7OHAxX9QuXhdfLDr49hHXEqpydDBiVzPxGwQ,iv:1VRvpdmFgvdvGD6uujJZNNHr+rSI2HnGPMSO7CxFy/M=,tag:Gf/4Mk/LpUL1K3Oc+dVEhw==,type:str]", + "data": "ENC[AES256_GCM,data:6k4BXsLOomvMfgju1ePGhDlvk3V42PEp5I6qGKrtltgHr7Yq78xbONoiJ9CYCm3ONeu6pVv7UyzfVyeEFUEYL/eO8QT1Sx8xx19S2lydOtZBmxbZXEVWZlXGMnJmydXf+t0yLe0vFHohilyPy8oZiMtUUgrZOnbRvMXZ6cmvTDXS+AvnH7HAEmJDmH/BXp3c/CDqSwFKNuGvtf6s9SiXD1fd+RgiOdPnzposBFhhkGkF8EnEbxTzGjOWSsAK4xUDBqKXlpV+uz2qkRQsUohX9BwkRef5k730UfSZ93QZDDzrBYTXOQdY7qxfNTylt8aABUJKXoRK3u4FurQfDwUMJQm+ZRkdmsfZoC0JPxL9MlsusP+sPLX4UUn93o7PkHlC,iv:RpMQQf153CJzHKwJ5EbXNJibWT2Pz6qkWFjaHWgve9g=,tag:67v39Ay/snjFTCMHV7w/uQ==,type:str]", "sops": { "age": [ { @@ -11,9 +11,9 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VHhzRHJDNGE0SlRNaU9L\nT1cvY0tvdU10VWhQdWF5M0ZuNVlGd3JrQ2g0CldZNTQxRzlRVkd4QzFnMEFrcld5\nMEhhcm9CSUpjanQxZHF2Q3Mrc2xFQ1EKLS0tIDhJSDFKdDFYZ2YxNmdDdFNFN2l1\ncVFDVjR0d0xuaVZrYzlEN3pwRlFoUncKlYqIYtsAErGCj0HobiLTpawofl3yLlyT\nMpUD4xIJmICkHnXej70ZXcoSU+zqsGZ7nLvnAZScK2jeja2akWzJ/w==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-03-12T22:36:00Z", - "mac": "ENC[AES256_GCM,data:3KqGUlTodgABZJWlndINA7+aGuU9Z/VgZxPm1Ur4rRsL7QX5cq9AjoQRJsCn5pIUq5U1GGfQVgZ6bSCDzi7Oqua8aoUmf7Bw4Uhjq6kkize6lEYm1N8ULJ1+N3CyW9Uz/KThvUE31flkGN5N0LYOUJ87oTcqV8rPzi3AzlxPCD0=,iv:/qffqhGqGDrXiuW4QcXT6/fD8ve0v4S1xFa9uDIed14=,tag:HPw5eKySdLJlTMYvmScQ1w==,type:str]", + "lastmodified": "2025-06-01T14:42:04Z", + "mac": "ENC[AES256_GCM,data:cyMFaQwvS/CoCmDBjew4uWwL9Ia8UyNUdrlz0ILv8umE/IclWT4Xil6831JuAECtCEO2iqQQ/NqiWd8KPVZ1J5KWRcLIB2j6L2sMCGat0h41BZ5I3olVtVjGAAgoCwBmtRUjub9uHjr6NxfrjokGv0da/O0KSW+1XWbvy+V7st0=,iv:XbeO5FEpywxsYOtCS9k/UeAxv860ajii0chMja7zhBg=,tag:vFVsZ1niv7DOi0tiZcNF6A==,type:str]", "unencrypted_suffix": "_unencrypted", - "version": "3.9.4" + "version": "3.10.2" } } diff --git a/sys/profiles/secrets/nixdesk/wireguard b/sys/profiles/secrets/nixdesk/wireguard index b999439..fae18e0 100644 --- a/sys/profiles/secrets/nixdesk/wireguard +++ b/sys/profiles/secrets/nixdesk/wireguard @@ -1,10 +1,6 @@ { - "data": "ENC[AES256_GCM,data:yEocAYaKVl61oPTPivv8tKW+sMK/1A1rypm8e1JZ7crb+BHy91+tkufAP+p+SBOrzocj77b58sW4bcNhHSW+5OGA4sYihnt5LvbKEUUzNMEpd9n964ZwPij9NH4zQV1HdRaGKycwCzmX4bOB9WmCesCg+er3FYQMgXJSt8Wv7e8hA0fQ104q/X7Ugsg3k+DRBQhecwtGIv3taQ9LRhv/tV8yEzagn0l1/zonBXQnJsbFA0a8PPyO+dezvbFG7X9jBiur6btOHHxCX00J4bHJM0w7S+b9p6GdwJvXEF8HyCZED9Cm5b5COpUEDMsRSvLGsRjnFnRV6xCKO1t3CKR1YfQ2wvg/oq2dK3r89Q2rHeA3jgqXf/RqPzwrcUeW2Dk1Ea4wQhF2eQvzrZCmmjF2BGPC/wvScsT6j1azRcOZfmsMBjFQK7AmPr53tWVVSEV8LHRrwH3kSgHTQUIqIwEqAMK3NXcyuKI7wqAi6Y2ZOuxgrreqGeRymIvFcx8Y3MdK4EuY7KSIdPJ6voavo4jyp8fVtyBFqvA=,iv:9QSYjerDGwL+OdGnHHT5Kbbqr6psL/VATE93OjeyK0Q=,tag:Uh4bqsc+zjRikpxRiR+wyg==,type:str]", + "data": "ENC[AES256_GCM,data:s5KDNm+5Mq9/5rNqNjffo4bOl4V+LwGsCJNmaa2oW5MB4XSCF3+iJDNXQ/cFIuPNlEClWlrlPVUB5oOrcrgfj078m6HyKnAmngbQ+nFSCe/VDIUptZ1oblG+llq61faBSrXwDdcm11Y7Nd73sPyLst5V+FsVtSHyA3ktZ2qk1Q5RR/5uvaBCXn+fCiQgDzcOQErUEc6Ja6JWQIKb6fuWffgtCJRxWtDD2/OZSrKhkr7wjX34WLa4ZDYny8ZhmhzPuyW9B5uG4e58Lz8qQpC7FwEDd4InuwLOu/4o/ZTVzsXtl9OZdCTPeTpE9N25rR8w7pu3MDJiVNQd30VA/dq4SRoDykPovcNF6s/bZwg9lUMri2ZytDQJQEEMSGT7FHA4,iv:xb3bFMV1oBLcdFlG+IbZg90lBTSkQIra/nAtdtZRb9c=,tag:oBwCtbnKy74ejL00C8SgQg==,type:str]", "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, "age": [ { "recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8", @@ -15,10 +11,9 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjL2NSTnVYY05pcVNyT1g4\nT0hvanphU29Dd0dvMXZ4TjdVV2R4WnpxY1JVCmVQVlcwbE9EbmxPZWhTK3RudUJG\nQVhjZ2lzUmo1VjlNejlLejVkSXZhTFkKLS0tIFpaQ1JtTm9NOWIrWFdlZWlDTXBo\nRFVKNVVyRWlxZWtqUHVsVGFsRUtWeW8KHVaiwFMs7wTn7j/PZXqrpEtEJTTRaFi2\nK65QMNkbB8DCvmO950X+lpCkuCHXpTgI+yvzLgD2zvZurlu6h9zZDg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-03-10T17:36:26Z", - "mac": "ENC[AES256_GCM,data:YXAnkyEeiTuw3ljpo8+Fmb24EdeITSMvFfObVFlqEo8Sa2MJeFOagisYihhzySyRxET/otlBDxhkPiwyt50jy/fmZLBaJY6YO0RQFzGC2o/uZOZf8vVpNaWWaOTBNqMJS5+CmqiewJVGfOblGZhVkubs9I8cVI/3gFRuuldpBUU=,iv:K9EqI1nY8jH0oklro3NJduFmrLobUNOn/dqmLQCRF6c=,tag:P0J4ul2rAQHZJZYKjbOGYA==,type:str]", - "pgp": null, + "lastmodified": "2025-06-01T14:48:46Z", + "mac": "ENC[AES256_GCM,data:jMlNME3KjFi7GVkgWG90uk/54kExNv9XgT1GNjxrYzvGh4ltL65NRb7rPDKMQlmBIM2pjik+eBbtQB00tpNNXzrHCzPfNdjxAToMJ2P4Jza3yqB2/6qH2fur/PquOqyG8j00TSUxkUkMB695fJdyjibuHG9uZdTmXOYPVgn2LBk=,iv:wZlbCMsvhNgEGF14Z3bxsGEZs2RGWhM/ChmQ1i3BRZI=,tag:P4ATNOwxAm6+bApw1RakRQ==,type:str]", "unencrypted_suffix": "_unencrypted", - "version": "3.9.4" + "version": "3.10.2" } -} \ No newline at end of file +} diff --git a/sys/profiles/secrets/rackserv/default.nix b/sys/profiles/secrets/rackserv/default.nix new file mode 100644 index 0000000..6f36a5a --- /dev/null +++ b/sys/profiles/secrets/rackserv/default.nix @@ -0,0 +1,9 @@ +{ + sops.secrets = { + wireguard-privatekey = { + format = "binary"; + sopsFile = ./wireguard-private; + owner = "systemd-network"; + }; + }; +} diff --git a/sys/profiles/secrets/rackserv/wireguard-private b/sys/profiles/secrets/rackserv/wireguard-private new file mode 100644 index 0000000..15d8d1b --- /dev/null +++ b/sys/profiles/secrets/rackserv/wireguard-private @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:w0biYZaUzQ4eOTe3QbeMDViS2lAGcyPw/wy80JYJLeQ5kcXFSyymtHZTMo3A,iv:3nKM5rdvXCgNEmRUTiDeb7kp7MDwGfOjdS9RxVjxjvw=,tag:xY+VnYkzN5Md5VjCaTR2vQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsWUxNYVUyUmZtTkExRDd2\nOTZ5M3VYb2dKSE53QVBuZXlXY0xZMi9QMVZRCk9ocHNvdE8vRjlEU1pieXhHcnFJ\nUWJCQU50Y0xaRHp3ZUpXL1JVRnZRRkEKLS0tIG02eHBlOFA0YnMyRHdrVHdRNHhs\nV1NYMThJaUVNYTZtMzdjaFAvaDA2R0UKYAZQqQVNXl3UR3n+kZhb4ZTM3MEbjCHd\nTXkHgJ+CpNrFWbhN1Fv3y8yPhWJmYsODZy9fDqjQOp7QZEec77+BWQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zutg3s4nth679a6av9xqw4km0ezmfkxlnusu78demf0rzazqn3pqk9exgj", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFOXJTYzRzSHJmczgvdGt4\nQXR6R0tjQXhuMVJlRmVEZUMrOVVtWE8wQUhZCm1DbnNRUmlIOE14RVVxbTRtTld4\nSzRpOGpoWjBnaUxtOFFBVEhZejk2Y2sKLS0tIE1vNEFNcVJVVlVSQXdFVU9FWjV1\nNUZzQ0M1S2l6ampzWWJzMGhBai9pZjAKxperiWOJssvrFoqZUHxgZyCMvqD7C0px\nH/k/Zz0ESJuC75Eby8K3Ra/csN/nCD1PRMEoQWd00chvIip7V0i90Q==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-01T11:18:27Z", + "mac": "ENC[AES256_GCM,data:572HgDbua7UXv2YrVSbiC4tZrgt94ynO+lMXz45wFsii7vz8p50jzU77dKmQyuWyudHwZ10lre6WuqJlH9FT7aU81SF1HsjTvIT57nZ3KE1ANf/XgqMizsZcRaMRYNzM5vxRx8zweP1G7S4Ot7/v8GaJCCBWZjNblJQdq8THm5Y=,iv:yIy33dGGFEm/tLNe3p94aKn9kSMTFsCHGWjra8BexYY=,tag:sVidR+jn1bvDjexV0rkJcg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +}