jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: jawz:fd2962c306ee92e01cd8a2bf30045ffbf8d1515f
Branches Tags
jawz:main
jawz:clean
jawz:modules
jawz:weekly-2025-10-29
jawz:weekly-2025-10-11
jawz:weekly-2025-10-06
jawz:weekly-2025-10-04
jawz:weekly-2025-09-30
jawz:weekly-2025-09-29
...
compare: jawz:667b4c7a4614ea70c1b020df41bcc25437f51ded
Branches Tags
jawz:main
jawz:clean
jawz:modules
jawz:weekly-2025-10-29
jawz:weekly-2025-10-11
jawz:weekly-2025-10-06
jawz:weekly-2025-10-04
jawz:weekly-2025-09-30
jawz:weekly-2025-09-29

5 Commits
fd2962c306 ... 667b4c7a46

Author SHA1 Message Date
Danilo Reyes
667b4c7a46 Refactor WireGuard secret paths for Linode configuration 
- Updated secret paths in wireguard-linode.nix and configuration.nix to use 'linode' instead of 'wireguard' for clarity and consistency.
- Adjusted private key file references in wireguard.nix to align with the new secret path structure.
 2025-10-28 13:53:18 -06:00
Danilo Reyes
01284154f7 Update Linode configuration in jawz.nix and adjust SSH settings 
- Changed hostname reference from 'vps' to 'linode' in jawz.nix for improved clarity.
- Modified SSH service configuration in linode's configuration.nix to force start behavior.
 2025-10-28 13:45:11 -06:00
Danilo Reyes
f1d565225a Refactor Linode configuration and update WireGuard settings 
- Renamed SSH match block from 'vps' to 'linode' in jawz.nix for clarity.
- Updated IP addresses in toggles.nix and other configuration files to reflect the new Linode setup.
- Removed deprecated fail2ban configuration from linode's configuration.nix.
- Adjusted WireGuard interface settings to use the correct IP for linode.
- Cleaned up hardware configuration by removing unnecessary GRUB loader settings.
- Updated secrets management in wireguard.yaml to streamline key handling.
 2025-10-28 13:42:23 -06:00
Danilo Reyes
ac48e8c86b Update WireGuard configuration to disable secureHost and adjust private key handling 
- Changed secureHost setting from true to false in toggles.nix.
- Modified wireguard-linode.nix to use a default private key path when secureHost is false, enhancing flexibility in key management.
 2025-10-28 13:31:40 -06:00
Danilo Reyes
431e145992 Add Linode host configuration and WireGuard setup 
- Introduced new configuration files for Linode host, including hardware configuration, toggles, and WireGuard settings.
- Updated flake.nix to include the new images.nix file for Linode image generation.
- Adjusted SSH key paths and secrets management for WireGuard to ensure proper integration with the new host setup.
- Enhanced firewall rules and NAT configuration for WireGuard to improve security and connectivity.
 2025-10-28 13:30:35 -06:00
14 changed files with 217 additions and 33 deletions
Show Stats Expand all files Collapse all files

7
config/jawz.nix
View File

@ -31,9 +31,8 @@ in
programs.ssh = lib.mkIf config.my.secureHost { programs.ssh = lib.mkIf config.my.secureHost {
enable = true; enable = true;
matchBlocks = { matchBlocks = {
vps = { linode = {
hostname = config.my.ips.vps; hostname = config.my.ips.linode;
user = "fedora";
port = 3456; port = 3456;
identityFile = config.sops.secrets."private_keys/${hostName}".path; identityFile = config.sops.secrets."private_keys/${hostName}".path;
}; };
@ -75,7 +74,7 @@ in
"miniserver" "miniserver"
"galaxy" "galaxy"
"phone" "phone"
"vps" "linode"
]; ];
}; };
} }

1
flake.nix
View File

@ -67,6 +67,7 @@
./parts/hosts.nix ./parts/hosts.nix
./parts/packages.nix ./parts/packages.nix
./parts/devshells.nix ./parts/devshells.nix
./parts/images.nix
]; ];
}; };
} }

47
hosts/linode/configuration.nix Normal file
View File

@ -0,0 +1,47 @@
{
lib,
pkgs,
config,
inputs,
...
}:
{
imports = [
./hardware-configuration.nix
./wireguard-linode.nix
../../config/base.nix
inputs.nixos-generators.nixosModules.linode
];
my = import ./toggles.nix { inherit config inputs; } // {
nix.cores = 2;
users.nixremote.enable = false;
network.firewall = {
enabledServicePorts = true;
additionalPorts = [ ];
};
};
networking.hostName = "linode";
services.openssh = {
enable = true;
openFirewall = true;
startWhenNeeded = lib.mkForce false;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
KbdInteractiveAuthentication = false;
};
};
environment.systemPackages = builtins.attrValues {
inherit (pkgs)
htop
iotop
tcpdump
wireguard-tools
;
};
system.autoUpgrade = {
enable = true;
dates = "weekly";
allowReboot = true;
};
}

43
hosts/linode/hardware-configuration.nix Normal file
View File

@ -0,0 +1,43 @@
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
tmp.cleanOnBoot = true;
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.conf.all.rp_filter" = 1;
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.icmp_echo_ignore_broadcasts" = 1;
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.tcp_syncookies" = 1;
};
kernelModules = [
"virtio_pci"
"virtio_blk"
"virtio_net"
];
initrd = {
availableKernelModules = [
"virtio_pci"
"virtio_scsi"
"virtio_blk"
"virtio_net"
"9p"
"9pnet_virtio"
];
kernelModules = [ ];
};
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/sda";
fsType = "ext4";
};
swapDevices = [ { device = "/dev/sdb"; } ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.enableRedistributableFirmware = true;
}

16
hosts/linode/toggles.nix Normal file
View File

@ -0,0 +1,16 @@
_: {
timeZone = "America/Mexico_City";
services = {
network.enable = true;
wireguard.enable = true;
};
secureHost = false;
interfaces.linode = "eth0";
ips = {
linode = "51.222.141.104";
wg-linode = "10.77.0.1";
wg-server = "10.77.0.2";
wg-friend1 = "10.8.0.2";
wg-friends = "10.8.0.0";
};
}

76
hosts/linode/wireguard-linode.nix Normal file
View File

@ -0,0 +1,76 @@
{
config,
lib,
pkgs,
...
}:
{
config = lib.mkIf config.my.services.wireguard.enable {
sops.secrets."linode/linode/private" = lib.mkIf config.my.secureHost {
sopsFile = ../../secrets/wireguard.yaml;
};
networking = {
nat = {
enable = true;
externalInterface = config.my.interfaces.${config.networking.hostName};
internalInterfaces = [ "wg0" ];
};
firewall = {
allowedUDPPorts = [ 51820 ];
extraCommands = ''
iptables -I FORWARD 1 -s ${config.my.ips.wg-friend1} -d ${config.my.ips.wg-server} -p tcp --dport 22000 -j ACCEPT
iptables -I FORWARD 2 -s ${config.my.ips.wg-server} -d ${config.my.ips.wg-friend1} -p tcp --sport 22000 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 3 -s ${config.my.ips.wg-friends}/24 -d 10.77.0.0/24 -j DROP
iptables -I FORWARD 4 -s 10.77.0.0/24 -d ${config.my.ips.wg-friends}/24 -j DROP
iptables -A FORWARD -s ${config.my.ips.wg-friends}/24 -o ${
config.my.interfaces.${config.networking.hostName}
} -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
'';
extraStopCommands = ''
iptables -D FORWARD -s ${config.my.ips.wg-friend1} -d ${config.my.ips.wg-server} -p tcp --dport 22000 -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -s ${config.my.ips.wg-server} -d ${config.my.ips.wg-friend1} -p tcp --sport 22000 -m state --state ESTABLISHED,RELATED -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -s ${config.my.ips.wg-friends}/24 -d 10.77.0.0/24 -j DROP 2>/dev/null || true
iptables -D FORWARD -s 10.77.0.0/24 -d ${config.my.ips.wg-friends}/24 -j DROP 2>/dev/null || true
iptables -D FORWARD -s ${config.my.ips.wg-friends}/24 -o ${
config.my.interfaces.${config.networking.hostName}
} -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT 2>/dev/null || true
'';
};
wireguard.interfaces.wg0 = {
ips = [
"${config.my.ips.wg-linode}/24"
"${config.my.ips.wg-friends}/24"
];
listenPort = 51820;
privateKeyFile =
if config.my.secureHost then
config.sops.secrets."linode/linode/private".path
else
"/var/lib/wireguard/private.key";
postSetup = "${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${config.my.ips.wg-friends}/24 -o ${
config.my.interfaces.${config.networking.hostName}
} -j MASQUERADE";
postShutdown = "${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${config.my.ips.wg-friends}/24 -o ${
config.my.interfaces.${config.networking.hostName}
} -j MASQUERADE 2>/dev/null || true";
peers = [
{
publicKey = "OUiqluRaS4hmGvLJ3csQrnIM3Zzet50gsqtTABaUkH4=";
allowedIPs = [ "${config.my.ips.wg-server}/32" ];
}
{
publicKey = "rFgT6TXzRazK6GMazMNGjtOvzAAPST0LvCfN7QXsLho=";
allowedIPs = [ "${config.my.ips.wg-friend1}/32" ];
}
];
};
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
environment.systemPackages = [ pkgs.wireguard-tools ];
};
}

10
hosts/server/configuration.nix
View File

@ -37,7 +37,7 @@
supportedFeatures = config.my.nix.features; supportedFeatures = config.my.nix.features;
} }
]; ];
sops.secrets."vps/home/private" = lib.mkIf config.my.secureHost { sops.secrets."linode/server/private" = lib.mkIf config.my.secureHost {
sopsFile = ../../secrets/wireguard.yaml; sopsFile = ../../secrets/wireguard.yaml;
}; };
networking = { networking = {
@ -48,14 +48,14 @@
}; };
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost { wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-server}/32" ]; ips = [ "${config.my.ips.wg-server}/32" ];
privateKeyFile = config.sops.secrets."vps/home/private".path; privateKeyFile = config.sops.secrets."linode/server/private".path;
peers = [ peers = [
{ {
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY="; publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
endpoint = "${config.my.ips.vps}:51820"; endpoint = "${config.my.ips.linode}:51820";
allowedIPs = [ allowedIPs = [
"${config.my.ips.wg-vps}/32" "${config.my.ips.wg-linode}/32"
"${config.my.ips.wg-friends}/24" # all friends "${config.my.ips.wg-friends}/24"
]; ];
persistentKeepalive = 25; persistentKeepalive = 25;
} }

5
modules/modules.nix
View File

@ -49,8 +49,8 @@ in
server = "192.168.100.15"; server = "192.168.100.15";
miniserver = "192.168.1.100"; miniserver = "192.168.1.100";
workstation = "192.168.100.18"; workstation = "192.168.100.18";
vps = "51.222.141.104"; linode = "51.222.141.104";
wg-vps = "10.77.0.1"; wg-linode = "10.77.0.1";
wg-server = "10.77.0.2"; wg-server = "10.77.0.2";
wg-friend1 = "10.8.0.2"; wg-friend1 = "10.8.0.2";
wg-friends = "10.8.0.0"; wg-friends = "10.8.0.0";
@ -63,6 +63,7 @@ in
server = "enp0s31f6"; server = "enp0s31f6";
miniserver = "enp2s0"; miniserver = "enp2s0";
workstation = "enp5s0"; workstation = "enp5s0";
linode = "eth0";
}; };
description = "Set of network interface names for all my computers."; description = "Set of network interface names for all my computers.";
}; };

12
modules/services/wireguard.nix
View File

@ -11,7 +11,7 @@ in
{ {
options.my.services.wireguard.enable = lib.mkEnableOption "WireGuard VPN configuration"; options.my.services.wireguard.enable = lib.mkEnableOption "WireGuard VPN configuration";
config = lib.mkIf (config.my.services.wireguard.enable && config.my.secureHost) { config = lib.mkIf (config.my.services.wireguard.enable && config.my.secureHost) {
sops.secrets."wireguard/private".sopsFile = ../../secrets/wireguard.yaml; sops.secrets."server/private".sopsFile = ../../secrets/wireguard.yaml;
networking = { networking = {
firewall.allowedUDPPorts = [ port ]; firewall.allowedUDPPorts = [ port ];
nat = { nat = {
@ -22,13 +22,9 @@ in
wireguard.interfaces.wg0 = { wireguard.interfaces.wg0 = {
ips = [ "10.100.0.1/24" ]; ips = [ "10.100.0.1/24" ];
listenPort = port; listenPort = port;
postSetup = '' postSetup = "${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE";
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE postShutdown = "${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE";
''; privateKeyFile = config.sops.secrets."server/private".path;
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE
'';
privateKeyFile = config.sops.secrets."wireguard/private".path;
peers = [ peers = [
{ {
publicKey = "ciupBjCcIpd3K5vlzNMJC8iiyNqB9xXwkSC6UXPKP3g="; publicKey = "ciupBjCcIpd3K5vlzNMJC8iiyNqB9xXwkSC6UXPKP3g=";

5
parts/core.nix
View File

@ -141,7 +141,7 @@ in
ips: hostName: lib: ips: hostName: lib:
builtins.attrNames ips builtins.attrNames ips
|> builtins.filter ( |> builtins.filter (
name: !(lib.hasPrefix "wg-" name) && name != "vps" && name != "router" && name != hostName name: !(lib.hasPrefix "wg-" name) && name != "linode" && name != "router" && name != hostName
); );
shellConditional = shellConditional =
shellType: bashContent: zshContent: shellType: bashContent: zshContent:
@ -204,9 +204,8 @@ in
miniserver = ../secrets/ssh/ed25519_miniserver.pub; miniserver = ../secrets/ssh/ed25519_miniserver.pub;
galaxy = ../secrets/ssh/ed25519_galaxy.pub; galaxy = ../secrets/ssh/ed25519_galaxy.pub;
phone = ../secrets/ssh/ed25519_phone.pub; phone = ../secrets/ssh/ed25519_phone.pub;
vps = ../secrets/ssh/ed25519_vps.pub; linode = ../secrets/ssh/ed25519_linode.pub;
emacs = ../secrets/ssh/ed25519_emacs.pub; emacs = ../secrets/ssh/ed25519_emacs.pub;
# Build user keys (nixremote)
nixworkstation = ../secrets/ssh/ed25519_nixworkstation.pub; nixworkstation = ../secrets/ssh/ed25519_nixworkstation.pub;
nixserver = ../secrets/ssh/ed25519_nixserver.pub; nixserver = ../secrets/ssh/ed25519_nixserver.pub;
nixminiserver = ../secrets/ssh/ed25519_nixminiserver.pub; nixminiserver = ../secrets/ssh/ed25519_nixminiserver.pub;

1
parts/hosts.nix
View File

@ -6,5 +6,6 @@
server = inputs.self.lib.createConfig "server" inputs.nixpkgs-small; server = inputs.self.lib.createConfig "server" inputs.nixpkgs-small;
galaxy = inputs.self.lib.createConfig "galaxy" inputs.nixpkgs-small; galaxy = inputs.self.lib.createConfig "galaxy" inputs.nixpkgs-small;
emacs = inputs.self.lib.createConfig "emacs" inputs.nixpkgs; emacs = inputs.self.lib.createConfig "emacs" inputs.nixpkgs;
linode = inputs.self.lib.createConfig "linode" inputs.nixpkgs-small;
}; };
} }

5
parts/images.nix Normal file
View File

@ -0,0 +1,5 @@
{ inputs, ... }:
{
flake.packages.x86_64-linux.linode-image =
inputs.self.nixosConfigurations.linode.config.system.build.linodeImage;
}

0
secrets/ssh/ed25519_vps.pub → secrets/ssh/ed25519_linode.pub
View File

22
secrets/wireguard.yaml
View File

@ -1,13 +1,13 @@
wireguard: server:
private: ENC[AES256_GCM,data:wwggc9T88gK/EMmjPauf14DZGUnfipBpfN3FnlPhsO6FtVmK2aad/D0/Rqw=,iv:Q15iiEOFRa3bPf7NfZcEZOgEqnjIJPenYgE6c6HRYI8=,tag:x+auLhc/FDhxZxzWmcrX9Q==,type:str] private: ENC[AES256_GCM,data:8/wwIn29F5DxRIjFz51GgBUmAdaOeyS4cDN/vFzypagyNyOJ1VygiT1NXMA=,iv:uUk55wrayGJ6YRNC67z51T4DW6r/LVOol39/JJKYZxg=,tag:uuAuAqzTUOJjkLsDrZig2A==,type:str]
public: ENC[AES256_GCM,data:uelp1opnLR5EfvNBSA3Sk33ktMoG6+Pvj7oKYtdlCpXMZel9O8G7P4X5S2M=,iv:AQECJmnXSc2MM0pT8ZJtA51pn+tvhhyAxFDMBH/H6wA=,tag:yWsnQbHaeiXyPLbpxMZwsg==,type:str] public: ENC[AES256_GCM,data:J3j3AlG2liVRZERvlpClWekGa4AZWBfACe9J5YegzG1liU5/ZkPzMOzdf4I=,iv:8o9IpQWh0QtdwDj1knpsEOrPLorSZPQKiO8QJxBlPco=,tag:QDHai1bzFXS7vuTpIJqClA==,type:str]
vps: linode:
server: server:
private: ENC[AES256_GCM,data:wrP/069tuQs3ObYE8Q0MNVxe3+4vZ2HIImoIdZpj1uPgdBknboX1wmANv/k=,iv:FJL5KumHos8PoXra+BB2Uc6YedsF6MD3wWyuugXzJ+E=,tag:nVuTrW2P7JvnWnv6H1SmdQ==,type:str] private: ENC[AES256_GCM,data:ReI4nnGcR4GbLuQOkosYG9CtQWc/YSV/BVVwY2lfM9miskRIh+aw4kudSNM=,iv:B2JrRpD7tYF+PtdQddyzUl0kp36VVXSNFrHOAoUgwA4=,tag:GV3joCZbl85tvlMAq/Kqug==,type:str]
public: ENC[AES256_GCM,data:YnKOf9725v9FkzdNPDVf/iinMbY/YWn6ksqEz+mpB4KHVlOvpbV6vLSKRcs=,iv:aWQNy6mT4sxVbzaXKgRzZ9XVsiBCRsOlLORRqC+uiKE=,tag:mLWv6mr3VVfw0J5BrqByXg==,type:str] public: ENC[AES256_GCM,data:VKYak059lumcQy3QtCanYwBwmsKkkSVEQilOu+KUYmMykirV+DUpI23jloY=,iv:5NYbyrMQTlC8qp/fmGToK+ZpKhDcP8UWbmRNoWzn64k=,tag:fi46BRJAksrUuDYP+5Nvmw==,type:str]
home: home:
private: ENC[AES256_GCM,data:YZ0jvBzkMv8Bwc9u3LDJzwSqQvPj8wPUxTIeBFiLYVQQIBjm8aS1dTYuPvo=,iv:mXuW7TVERxOMmGIit3a7Spmbk/EgYuGkO66AWJUnMF0=,tag:xM7C3F3JCiud/A9yPD5ydQ==,type:str] private: ENC[AES256_GCM,data:Bo3Hzd9Xh4kufO8G4J6Gm2znsUcBc25OlB+ECI4u2roeo7QgQpRXxa8RamM=,iv:0D+FmQxqyZZeCA+iA/gMp0soZ2LtM9fNTP6hGIVrNaM=,tag:Bk18KYKZEDWBBEK5dHKO6w==,type:str]
public: ENC[AES256_GCM,data:DcwAHhHjIxFqRL5h7p/0nkFnWiI/iqR8Fws6AuFaxjgUHKYd/6l3D6q/O/0=,iv:bBJ0bsKRiGQUSlRmHqeLQWkOIUNfG5VVpuV6MOtKZO0=,tag:harMG6GDIfclmSq3D36bTw==,type:str] public: ENC[AES256_GCM,data:sHXh/i9nBHgpgsBVPgvpiEJIHIXzlCa3EhG/eFYL1tKz6Iabcr4bnAUbe08=,iv:V6eSlQRenSCz5VRJMQTXafIb2TTB33p7jzOkixSwIM0=,tag:tjutVj+K6CdtN/FOZqqaHw==,type:str]
sops: sops:
age: age:
- recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37 - recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
@ -46,7 +46,7 @@ sops:
KzZFSWprL0l0MDdVdEVKbEV5eklZdTAK/1ZyGvElfp+LVloSR6aJUtvrgU0CrzaJ KzZFSWprL0l0MDdVdEVKbEV5eklZdTAK/1ZyGvElfp+LVloSR6aJUtvrgU0CrzaJ
SQtO7vc4oDedkiTz6LKySta+uyn3e17Jzdyy9nU2D/Q5X+CpKGP3cg== SQtO7vc4oDedkiTz6LKySta+uyn3e17Jzdyy9nU2D/Q5X+CpKGP3cg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-08T00:14:52Z" lastmodified: "2025-10-28T19:42:02Z"
mac: ENC[AES256_GCM,data:O2herKRy4k9ZMuPzzPF5QlBC2isXdRoIsbYLJ/6X7esxtxxgNuAljx4SCR6UMT7pl3G2E33cnnBEkuAIy6SMXOaZNfOuAEJXaCwpRwCXu26lrcTf6n7UdP36GWfIRsR4utD5/vv66ch6MqmQWkW7E5zydy5dOv+BJ4XS/50OUQs=,iv:TscYNQaeI+mBxyobxI1O4wUzRtA27pvjXz27kqMJhA0=,tag:zx/xrYAWJCxYz5HRTKzYfQ==,type:str] mac: ENC[AES256_GCM,data:b6/AkxnYppuHIU2oOqOZFizfqhwGjHquzhaeKnBhinXUqmAwoYRgHH54w951HR0Qp9IXu4P7BmlmqET2IhtIXjTtfkDOz9LUUJT0kRmpW5uyXcgiaPQWFFT1r3FnUNPla1O3mBpaT8FD1LVZunEGJ7o3smHJ8aXStbV3RIwdUsQ=,iv:4yCLwkTxW9wMFyoUK9WvaRR+GI1r884uGRKLvmzVF2I=,tag:wLk0v/f06rLczCX+/UN4Ng==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.11.0