diff --git a/hosts/microwave/network.nix b/hosts/microwave/network.nix index bb1d0ff..4022a0c 100644 --- a/hosts/microwave/network.nix +++ b/hosts/microwave/network.nix @@ -62,211 +62,5 @@ IPv6AcceptRA = true; }; }; - - # Wireguard - # Dump-dvb - netdevs."30-wg-dumpdvb" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg-dumpdvb"; - Description = "dvb.solutions enterprise network"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."wg/wg-dvb-seckey".path; - }; - wireguardPeers = [ - { - wireguardPeerConfig = { - PublicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY="; - Endpoint = "academicstrokes.com:51820"; - AllowedIPs = [ "10.13.37.0/24" ]; - PersistentKeepalive = 25; - }; - } - ]; - }; - networks."30-wg-dumpdvb" = { - matchConfig.Name = "wg-dumpdvb"; - networkConfig = { - Address = "10.13.37.3/24"; - IPv6AcceptRA = true; - }; - routes = [ - { routeConfig = { Gateway = "10.13.37.1"; Destination = "10.13.37.0/24"; }; } - ]; - }; - - # oxalab - netdevs."10-wg-oxalab" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg-oxalab"; - Description = "lab of oxa"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."wg/oxalab-seckey".path; - }; - wireguardPeers = [ - { - wireguardPeerConfig = { - PublicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E="; - Endpoint = "95.216.166.21:51820"; - AllowedIPs = [ "10.66.66.0/24" ]; - PersistentKeepalive = 25; - }; - } - ]; - }; - networks."10-wg-oxalab" = { - matchConfig.Name = "wg-oxalab"; - networkConfig = { - Address = "10.66.66.10/24"; - IPv6AcceptRA = true; - }; - routes = [ - { routeConfig = { Gateway = "10.66.66.1"; Destination = "10.66.66.1/24"; }; } - ]; - }; - - - # zentralwerk - netdevs."10-wg-zentralwerk" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg-zentralwerk"; - Description = "Tunnel to the best basement in Dresden"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."wg/wg-zw-seckey".path; - RouteTable = "off"; - }; - wireguardPeers = [ - { - wireguardPeerConfig = { - PublicKey = "PG2VD0EB+Oi+U5/uVMUdO5MFzn59fAck6hz8GUyLMRo="; - Endpoint = "81.201.149.152:1337"; - AllowedIPs = [ "172.20.72.0/21" "172.22.90.0/24" "172.22.99.0/24" ]; - PersistentKeepalive = 25; - }; - } - ]; - }; - networks."10-wg-zentralwerk" = { - matchConfig.Name = "wg-zentralwerk"; - networkConfig = { - Address = "172.20.76.226/21"; - IPv6AcceptRA = true; - DNS = "172.20.73.8"; - Domains = [ - "~hq.c3d2.de" - "~serv.zentralwerk.org" - "~hq.zentralwerk.org" - "~cluster.zentralwerk.org" - ]; - }; - routes = [ - { - routeConfig = { - Gateway = "172.20.76.225"; - Destination = "172.20.72.0/21"; - Metric = 9999; - }; - } - { - routeConfig = { - Gateway = "172.20.76.225"; - Destination = "172.20.90.0/24"; - Metric = 9999; - }; - } - { - routeConfig = { - Gateway = "172.20.76.225"; - Destination = "172.22.99.0/24"; - Metric = 9999; - }; - } - - ]; - }; - - # VPN - netdevs."10-wg-mullvad" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg-mullvad"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."wg/mlwd-nl-seckey".path; - FirewallMark = 34952; # 0x8888 - RouteTable = "off"; - }; - wireguardPeers = [ - { - wireguardPeerConfig = { - PublicKey = "uUYbYGKoA6UBh1hfkAz5tAWFv4SmteYC9kWh7/K6Ah0="; - Endpoint = "92.60.40.209:51820"; - AllowedIPs = [ "0.0.0.0/0" "::0/0" ]; - }; - } - ]; - }; - networks."10-wg-mullvad" = { - matchConfig.Name = "wg-mullvad"; - address = [ "10.66.157.228/32" "fc00:bbbb:bbbb:bb01::3:9de3/128" ]; - networkConfig = { - DNS = "10.64.0.1"; - DNSDefaultRoute = true; - Domains = [ "~." ]; - }; - routes = map - (gate: { - routeConfig = { - Gateway = gate; - Table = 1000; - }; - }) [ - "0.0.0.0" - "::" - ]; - - routingPolicyRules = [ - { - routingPolicyRuleConfig = { - Family = "both"; - FirewallMark = 34952; # 0x8888 - InvertRule = true; - Table = "1000"; - Priority = 100; - }; - } - { - routingPolicyRuleConfig = { - Family = "both"; - SuppressPrefixLength = 0; - Table = "main"; - Priority = 90; - }; - } - ] ++ map - (net: { - # only route global addresses over VPN - routingPolicyRuleConfig = { - Priority = 80; - To = net; - }; - }) [ - # Public - "92.60.40.209/32" - # "10.0.0.0/8" - "10.13.37.0/24" - "10.66.66.0/24" - # "172.16.0.0/12" - "172.16.0.0/12" - # "182.168.0.0/16" - "182.168.0.0/16" - # "fc00::/7" - ]; - }; }; } diff --git a/hosts/microwave/secrets.nix b/hosts/microwave/secrets.nix index d5abb96..013e972 100644 --- a/hosts/microwave/secrets.nix +++ b/hosts/microwave/secrets.nix @@ -2,19 +2,4 @@ { sops.defaultSopsFile = ../../secrets/microwave/secrets.yaml; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - - sops.secrets = { - "wg/wg-zw-seckey" = { - owner = config.users.users.systemd-network.name; - }; - "wg/wg-dvb-seckey" = { - owner = config.users.users.systemd-network.name; - }; - "wg/mlwd-nl-seckey" = { - owner = config.users.users.systemd-network.name; - }; - "wg/oxalab-seckey" = { - owner = config.users.users.systemd-network.name; - }; - }; } diff --git a/hosts/toaster/default.nix b/hosts/toaster/default.nix index 50442f4..c2bb39e 100644 --- a/hosts/toaster/default.nix +++ b/hosts/toaster/default.nix @@ -1,8 +1,10 @@ { ... }: { imports = [ ./hardware-configuration.nix - ./zfs.nix + ./network-vpns.nix ./network.nix + ./secrets.nix + ./zfs.nix ]; nixpkgs.config.allowUnfree = true; @@ -10,6 +12,7 @@ # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + hardware.enableAllFirmware = true; # Set your time zone. time.timeZone = "Europe/Amsterdam"; diff --git a/hosts/toaster/network-vpns.nix b/hosts/toaster/network-vpns.nix new file mode 100644 index 0000000..b7b2849 --- /dev/null +++ b/hosts/toaster/network-vpns.nix @@ -0,0 +1,210 @@ +{ config, ... }: { + + systemd.network = { + # Wireguard + # Dump-dvb + netdevs."30-wg-dumpdvb" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg-dumpdvb"; + Description = "dvb.solutions enterprise network"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."wg/dvb".path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY="; + Endpoint = "academicstrokes.com:51820"; + AllowedIPs = [ "10.13.37.0/24" ]; + PersistentKeepalive = 25; + }; + } + ]; + }; + networks."30-wg-dumpdvb" = { + matchConfig.Name = "wg-dumpdvb"; + networkConfig = { + Address = "10.13.37.3/24"; + IPv6AcceptRA = true; + }; + routes = [ + { routeConfig = { Gateway = "10.13.37.1"; Destination = "10.13.37.0/24"; }; } + ]; + }; + + # oxalab + netdevs."10-wg-oxalab" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg-oxalab"; + Description = "lab of oxa"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."wg/oxalab".path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E="; + Endpoint = "95.216.166.21:51820"; + AllowedIPs = [ "10.66.66.0/24" ]; + PersistentKeepalive = 25; + }; + } + ]; + }; + networks."10-wg-oxalab" = { + matchConfig.Name = "wg-oxalab"; + networkConfig = { + Address = "10.66.66.10/24"; + IPv6AcceptRA = true; + }; + routes = [ + { routeConfig = { Gateway = "10.66.66.1"; Destination = "10.66.66.1/24"; }; } + ]; + }; + + + # zentralwerk + netdevs."10-wg-zentralwerk" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg-zentralwerk"; + Description = "Tunnel to the best basement in Dresden"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."wg/zw".path; + RouteTable = "off"; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "PG2VD0EB+Oi+U5/uVMUdO5MFzn59fAck6hz8GUyLMRo="; + Endpoint = "81.201.149.152:1337"; + AllowedIPs = [ "172.20.72.0/21" "172.22.90.0/24" "172.22.99.0/24" ]; + PersistentKeepalive = 25; + }; + } + ]; + }; + networks."10-wg-zentralwerk" = { + matchConfig.Name = "wg-zentralwerk"; + networkConfig = { + Address = "172.20.76.226/21"; + IPv6AcceptRA = true; + DNS = "172.20.73.8"; + Domains = [ + "~hq.c3d2.de" + "~serv.zentralwerk.org" + "~hq.zentralwerk.org" + "~cluster.zentralwerk.org" + ]; + }; + routes = [ + { + routeConfig = { + Gateway = "172.20.76.225"; + Destination = "172.20.72.0/21"; + Metric = 9999; + }; + } + { + routeConfig = { + Gateway = "172.20.76.225"; + Destination = "172.20.90.0/24"; + Metric = 9999; + }; + } + { + routeConfig = { + Gateway = "172.20.76.225"; + Destination = "172.22.99.0/24"; + Metric = 9999; + }; + } + + ]; + }; + + # VPN + netdevs."10-wg-mullvad" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg-mullvad"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."wg/mullvad".path; + FirewallMark = 34952; # 0x8888 + RouteTable = "off"; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "uUYbYGKoA6UBh1hfkAz5tAWFv4SmteYC9kWh7/K6Ah0="; + Endpoint = "92.60.40.209:51820"; + AllowedIPs = [ "0.0.0.0/0" "::0/0" ]; + }; + } + ]; + }; + networks."10-wg-mullvad" = { + matchConfig.Name = "wg-mullvad"; + address = [ "10.66.157.228/32" "fc00:bbbb:bbbb:bb01::3:9de3/128" ]; + networkConfig = { + DNS = "10.64.0.1"; + DNSDefaultRoute = true; + Domains = [ "~." ]; + }; + routes = map + (gate: { + routeConfig = { + Gateway = gate; + Table = 1000; + }; + }) [ + "0.0.0.0" + "::" + ]; + + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + Family = "both"; + FirewallMark = 34952; # 0x8888 + InvertRule = true; + Table = "1000"; + Priority = 100; + }; + } + { + routingPolicyRuleConfig = { + Family = "both"; + SuppressPrefixLength = 0; + Table = "main"; + Priority = 90; + }; + } + ] ++ map + (net: { + # only route global addresses over VPN + routingPolicyRuleConfig = { + Priority = 80; + To = net; + }; + }) [ + # Public + "92.60.40.209/32" + # "10.0.0.0/8" + "10.13.37.0/24" + "10.66.66.0/24" + # "172.16.0.0/12" + "172.16.0.0/12" + # "182.168.0.0/16" + "182.168.0.0/16" + # "fc00::/7" + ]; + }; + }; +} diff --git a/hosts/toaster/secrets.nix b/hosts/toaster/secrets.nix new file mode 100644 index 0000000..4cf23d7 --- /dev/null +++ b/hosts/toaster/secrets.nix @@ -0,0 +1,20 @@ +{ config, ... }: +{ + sops.defaultSopsFile = ../../secrets/toaster/secrets.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + sops.secrets = { + "wg/zw" = { + owner = config.users.users.systemd-network.name; + }; + "wg/dvb" = { + owner = config.users.users.systemd-network.name; + }; + "wg/mullvad" = { + owner = config.users.users.systemd-network.name; + }; + "wg/oxalab" = { + owner = config.users.users.systemd-network.name; + }; + }; +} diff --git a/secrets/microwave/secrets.yaml b/secrets/microwave/secrets.yaml index 01908b5..c2ba32c 100644 --- a/secrets/microwave/secrets.yaml +++ b/secrets/microwave/secrets.yaml @@ -1,8 +1,3 @@ -wg: - wg-zw-seckey: ENC[AES256_GCM,data:fkt4UEVgmmFw6UFUEs6T5/CePKo1Z/hc8pu+Bj6fWT/p/1eE14Y3TgxfMks=,iv:SN97FG5Lquhc7k9R1Aavu7hE1zoY4FAnacvapdLkBkk=,tag:l82y7vwieanfYRRjfqKJoA==,type:str] - wg-dvb-seckey: ENC[AES256_GCM,data:a1OuEOnSwCqwfL6+TYhyU1lkRcDeW2wAJetytc8ry8kJicPGMkqSHJvRdBs=,iv:oS1olgSuhR3J0LW8OSDSYMSHxxhBehdEP0VnQIKqOAM=,tag:CXkL5lOF91KluH3yGWwzTA==,type:str] - mlwd-nl-seckey: ENC[AES256_GCM,data:LfndvssZdlIerJQZRsLzlTdY9ThjmRcMvUKQgWu06vVEFZgI4KGi5b++9Jg=,iv:EoV7e0fE8RCw0K+nGx3dYGCZV0GSVtxPzi5vQ+5+Tuk=,tag:AZ78jsfL0OgUPYOiO6xn0Q==,type:str] - oxalab-seckey: ENC[AES256_GCM,data:eWdcDboE4L7/8k87kipaZXdFbo8tp+/RS5KCkfnE4OYCOtNg5WJlrJTsE3o=,iv:tjfVIiFbNa8p0NhL2No1UogHkppIdWNaXW5Qjny725s=,tag:em0g5BERF+lOR6VSW8Wh8A==,type:str] mail: oxapentane.com: ENC[AES256_GCM,data:9P7r1WGaGekZkCbI3iVK1cQiVXN46LilZaY=,iv:juCWeCTXjKuoC0y0l08d98i5rLlmOeRXL4H/GsouAWs=,tag:DflQZMy2WBqee/pM2njF2Q==,type:str] shipunov.xyz: ENC[AES256_GCM,data:Lr60OLtghGxyTxs9clz6ZY8RLno3dQGLHi5w3QYXFQ==,iv:Yr+soB0e8+MQQfCuznmJRaAn9SgoDkT9B8UdGzVOcMY=,tag:8yg3GQMnllgufilNyXrdUg==,type:str] @@ -23,8 +18,8 @@ sops: cHBBdERxM1MxaER5YWZqWTJTZnprVzgKT7C9aMo4BAS+Tewx5u+yEILRUna1P5Wu iRQeH/SqCigoA2d3ekl7/VWcmSJPtb7FMLwX+9LEgIILo8KBYhseGA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-08T01:17:14Z" - mac: ENC[AES256_GCM,data:Be9tCRDHKH2iUEyAGRP9+/UeYCgXSJYd/+tARYsLb6F+msNuwQ5l9vP7X+HkFXIhOCS+6Ko8emORHFfZ2k4rvO0jT9Zw4QkN3+uR3cfSwYlL52tWfRamOXeYv8QVwdBNokHVSr7AzEStePHF31Z3pHtM2cujYTkklOMda8+mXMU=,iv:WgtucIHCLM+hY8eKh02yqssmR2o8nbQ7nM1wDLKRQDk=,tag:d1OfmwQ9MbrlxstaQE7Knw==,type:str] + lastmodified: "2023-01-09T22:52:39Z" + mac: ENC[AES256_GCM,data:UdsQLNagpdJYzNzKRVCBXeiBQVUc+kMxwzyJExfQcPHM+jM/azUtSYnT7yk9RMMA2BOcpwx/pwv9D1eyd1xxMIFvJg7yuFL7iq4DOFcjwzUqgHIvSIBc0SARfLxFu5avRPs1S81jEvCfb44OqmHush97ZtzNpKqvNRQL3C7yj2k=,iv:0q75pCrhRauFR7cJ6vooRYlX+UCm8KVuPwAoNdKUNUQ=,tag:YqfszSJlsHg7XUXREOnmCg==,type:str] pgp: - created_at: "2022-07-15T02:04:05Z" enc: |- diff --git a/secrets/toaster/secrets.yaml b/secrets/toaster/secrets.yaml new file mode 100644 index 0000000..d7d195d --- /dev/null +++ b/secrets/toaster/secrets.yaml @@ -0,0 +1,50 @@ +wg: + mullvad: ENC[AES256_GCM,data:9wgZKgcVGBIkNrfeurwDOCWLE6t2z7bN5KaUAeiRAcGRKO5uAkVCp0kpWZc=,iv:c1XM8GXEeAuDM47pTA5Pa6lPCI0fwau1uZdSaDcBykI=,tag:pSjmhHw7mt7hGTLpXFPsHQ==,type:str] + zw: ENC[AES256_GCM,data:CXrLvV+b9DUfmr+CwH8dBTHvDHtgVmiF9g+QpzFqMcc91yQDzQqT1d4AQSk=,iv:Wdj11qlGWGm2XSieFZ4csqdIyR0epzPCkeWyUUmjJbk=,tag:UO07WUwr138B5TtMGujvew==,type:str] + oxalab: ENC[AES256_GCM,data:YRN3fSzukqgDK3Bf5O7I8U3QmJAINCsjSseOZfzM/4xGXfGbBNeH3UmD0PI=,iv:U3kXH1HdT4OWcFZ+40a5W+jQ1hdS4UYYXxxyy+SqHEU=,tag:w65VyfylSKnM7c50BRCVgQ==,type:str] + dvb: ENC[AES256_GCM,data:1+IM6ORPtlIroeekaJSkOwYArh0fN6ycJNaXo680pE2Xv4DUBrIlh8q3V2A=,iv:btf3IpM4Wntkf3RYPwUdhH+4WUUqZp0zYp0aj2sdGM0=,tag:MDvS4CWYQLdp2YGs3/5Htw==,type:str] +mail: + oxapentane.com: ENC[AES256_GCM,data:HW1xcclr5CiUFVF8As79ZZH1c14sl4T0l18=,iv:leAVYaQkMuJewkCZc3fTUUNzZ9BDjV5CuT84bzvhrrs=,tag:Mm8OB8gLbmUwKSLugTR6GA==,type:str] + shipunov.xyz: ENC[AES256_GCM,data:cg+P+FrZ2icjfhwDGKGyUH9DejSZHpNs2bcSBPyz8g==,iv:XZFaSXnGmTL9j2sEyt5Q7+pe6rr+WA/0UGq/2Gl5DTI=,tag:oq+5EuJWJKwK3h0/e6Uozw==,type:str] + dvb.solutions: ENC[AES256_GCM,data:GSjPIPA5TGMWfhdRzTsiHPfXFVGLVSpJvJG+I++i,iv:EBlk00wqADCuYTzuVcuX9kSn6TVBfN12UlcXyps6TtE=,tag:G7rKTngN4v2FtuhQEMdUQQ==,type:str] + tlm.solutions: ENC[AES256_GCM,data:ncTMh/jw+YmcmcVU/c1I36vV1CwtmtYwfyDUx9w9,iv:vPnmdvDnEJ9FF4rDkSfPnLWebleSgI/yG7qOgJfq5ic=,tag:z4w4LOGf2v0TBSxrHULBsw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1qyj95tsntreefqeetawqy5pf26456s9c0v3tzz8yzs706c0jsg6qv56jzk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmx5T0ROT1ZPZ2JmUHhn + bWZ3UlZvQTR1Y0VOSXJsSy9makswR1VTSDBZCjZmOVZQdkF3b0tkWmo2aGcrOWZs + ZDBwRVFSK3BTdVlpWUpNVW5qWWFVZjQKLS0tIFJOdWxOSGR2SXdlWXBDTkMvUDlG + T3F6NXpBbEFxemVzM0lxbEdKMlVzYlEK9YPSglPYmsk3fH7qduK/FVFIWnHaQ6O1 + ZJsgmz/5H7TPbSoy6mfyROQY+b7amJDSAAqhLazKYI22yP3Gnkmmbg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-01-09T22:57:18Z" + mac: ENC[AES256_GCM,data:KqIkYp/fAMxfISULoDfOsRH3eA9M4XcPwXW8HoMqlipLr0zWekpyp+AUekglQctF6brjr8yanAdrFEGBV930zAKehgDfu1w2O1uUE47cBHqdcaQNW180CaS21cSnPiOBEHeBqw1OCTGqdmT1mu+v6Ss13kgtdQJei0CuRw5Aw8w=,iv:iO0+xmFO4sBn63zFw+6NP22s8q00P2WjzPjr7yLcY20=,tag:THfICAIPGrZPIEYVAxvN8w==,type:str] + pgp: + - created_at: "2023-01-09T22:45:17Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7zUOKwzpAE7AQ//SREB1bVNjocJIdu1OsRi/98r/Sq66jvfvv9qN4iarhX6 + nULcylhQgxMAEaY2af1aWfzH8aVOQFfFWQaFLNCs44TkSa9MCPxPrqRI4qCPl9os + V6l9IVOhmv/HIDlHvTOfsFYZjE9LOtA5y3VrQqLBG4zjpTczcQxlrHgeSZyDrS9i + eqTiVVwdiZurFUMoety63S82u62YjtEwgHbFYdKnodEPygZvU5LFftmTRdDRNCII + i6tJRe70HTg2gNBxQEwh/DTcyQBaUkermhDaok0ABW6BFfrwzaxaUXexqFAqk7XK + fpWNGUX4w8ExtZ6XH/6vlu17yhej4VP9EuHzlZTPPjBPRcdPXETo3QShB+tH4hvw + aPgOfJaneVM+MpwgVW66qWmQt7NpaHLRo2tjvZnvuVXlg/AnuphaXpfafRja2DEj + hMH+FAIiQr5tFLf9ur8VltdeOsjWj7NbfWYEGm9UW0eHC5r/NuEZiQVt7BKWPU70 + DcZdN9f3Scs9mpNuD/CGhf4Oj4L0tkgt/x2mirkSQcB0lui8s1/joCCV/7cZ30jB + /FHATHlo6RW1S8uGVcb1dkfsv4ki+4bvh1ZxZRuQg9rNlPWyHEIG6VJSMmgC7e9Y + P1NS/WF35BybvXFR3UVJca9qciRvPzcRo/4sEJtuPbwXpAqHR4OavHJhmb4ZDYfS + UQE6svFmutqwRPC2WSk0Knxh5o/bUYrliT6FU01xwkkIo5SgahDe0XJeXS3poQEs + htM7FZ7w0PjcRa66cul5j5FjDI4R7ZcFupv6RF84ImP5hw== + =3z9H + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + unencrypted_suffix: _unencrypted + version: 3.7.3