summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2024-07-09 14:24:14 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2024-07-09 14:24:14 +0200
commit68f7b6dcf0d388ea14b0782fb62f6cb7b7ea941c (patch)
tree5835a31122b7f516f2c0f2064fb035d00c12076d
parente4e7651887bca1179348c4303a319f2f3e339942 (diff)
downloadnixos-68f7b6dcf0d388ea14b0782fb62f6cb7b7ea941c.tar
nixos-68f7b6dcf0d388ea14b0782fb62f6cb7b7ea941c.tar.gz
nixos-68f7b6dcf0d388ea14b0782fb62f6cb7b7ea941c.tar.bz2
nixos-68f7b6dcf0d388ea14b0782fb62f6cb7b7ea941c.tar.xz
nixos-68f7b6dcf0d388ea14b0782fb62f6cb7b7ea941c.zip
dsl -> gpon
-rw-r--r--flake.lock3
-rw-r--r--flake.nix1
-rw-r--r--hosts/vidhar/dns/zones/yggdrasil.soa3
-rw-r--r--hosts/vidhar/network/default.nix2
-rw-r--r--hosts/vidhar/network/gpon.nix (renamed from hosts/vidhar/network/dsl.nix)8
-rw-r--r--hosts/vidhar/network/ruleset.nft72
-rw-r--r--hosts/vidhar/prometheus/default.nix54
-rw-r--r--hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil26
8 files changed, 48 insertions, 121 deletions
diff --git a/flake.lock b/flake.lock
index 8a9b1d73..fe532cbc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -778,6 +778,9 @@
778 "nix-index-database": "nix-index-database", 778 "nix-index-database": "nix-index-database",
779 "nixpkgs": "nixpkgs_2", 779 "nixpkgs": "nixpkgs_2",
780 "nixpkgs-eostre": "nixpkgs-eostre", 780 "nixpkgs-eostre": "nixpkgs-eostre",
781 "nixpkgs-installer": [
782 "nixpkgs-stable"
783 ],
781 "nixpkgs-pgbackrest": "nixpkgs-pgbackrest", 784 "nixpkgs-pgbackrest": "nixpkgs-pgbackrest",
782 "nixpkgs-stable": "nixpkgs-stable_2", 785 "nixpkgs-stable": "nixpkgs-stable_2",
783 "nvfetcher": "nvfetcher", 786 "nvfetcher": "nvfetcher",
diff --git a/flake.nix b/flake.nix
index eaa93432..7d1872ec 100644
--- a/flake.nix
+++ b/flake.nix
@@ -37,6 +37,7 @@
37 repo = "nixpkgs"; 37 repo = "nixpkgs";
38 ref = "23.11"; 38 ref = "23.11";
39 }; 39 };
40 nixpkgs-installer.follows = "nixpkgs-stable";
40 home-manager = { 41 home-manager = {
41 type = "github"; 42 type = "github";
42 # owner = "nix-community"; 43 # owner = "nix-community";
diff --git a/hosts/vidhar/dns/zones/yggdrasil.soa b/hosts/vidhar/dns/zones/yggdrasil.soa
index f679b741..dede06ac 100644
--- a/hosts/vidhar/dns/zones/yggdrasil.soa
+++ b/hosts/vidhar/dns/zones/yggdrasil.soa
@@ -1,7 +1,7 @@
1$ORIGIN yggdrasil. 1$ORIGIN yggdrasil.
2$TTL 300 2$TTL 300
3@ IN SOA vidhar.yggdrasil. hostmaster.yggdrasil.li ( 3@ IN SOA vidhar.yggdrasil. hostmaster.yggdrasil.li (
4 2023030501 ; serial 4 2024070901 ; serial
5 300 ; refresh 5 300 ; refresh
6 300 ; retry 6 300 ; retry
7 300 ; expire 7 300 ; expire
@@ -27,4 +27,5 @@ vidhar.lan IN A 10.141.0.1
27vidhar.mgmt IN A 10.141.1.1 27vidhar.mgmt IN A 10.141.1.1
28switch01.mgmt IN A 10.141.1.2 28switch01.mgmt IN A 10.141.1.2
29dsl01.mgmt IN A 10.141.1.3 29dsl01.mgmt IN A 10.141.1.3
30gpon01.mgmt IN A 10.10.1.1
30ap01.mgmt IN A 10.141.1.4 31ap01.mgmt IN A 10.141.1.4
diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix
index e961c17e..cbfbb65a 100644
--- a/hosts/vidhar/network/default.nix
+++ b/hosts/vidhar/network/default.nix
@@ -3,7 +3,7 @@
3with lib; 3with lib;
4 4
5{ 5{
6 imports = [ ./dsl.nix ./bifrost ./dhcp ]; 6 imports = [ ./gpon.nix ./bifrost ./dhcp ];
7 7
8 config = { 8 config = {
9 networking = { 9 networking = {
diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/gpon.nix
index 1e8e9c73..c15a6e8d 100644
--- a/hosts/vidhar/network/dsl.nix
+++ b/hosts/vidhar/network/gpon.nix
@@ -8,7 +8,7 @@ in {
8 options = { 8 options = {
9 networking.pppInterface = mkOption { 9 networking.pppInterface = mkOption {
10 type = types.str; 10 type = types.str;
11 default = "dsl"; 11 default = "gpon";
12 }; 12 };
13 }; 13 };
14 14
@@ -34,7 +34,7 @@ in {
34 plugin pppoe.so 34 plugin pppoe.so
35 name telekom 35 name telekom
36 user 002576900250551137425220#0001@t-online.de 36 user 002576900250551137425220#0001@t-online.de
37 telekom 37 nic-telekom
38 debug 38 debug
39 +ipv6 39 +ipv6
40 ''; 40 '';
@@ -70,8 +70,8 @@ in {
70 70
71 tc qdisc add dev "${pppInterface}" handle ffff: ingress 71 tc qdisc add dev "${pppInterface}" handle ffff: ingress
72 tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}" 72 tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}"
73 tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 64Mb pppoe-ptm diffserv4 bandwidth 93mbit 73 tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 128Mb pppoe-ptm diffserv4 bandwidth 238mbit
74 tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit 74 tc qdisc replace dev "${pppInterface}" root cake memlimit 128Mb pppoe-ptm nat diffserv4 wash bandwidth 48mbit
75 ''; 75 '';
76 }; 76 };
77 in "${app}/bin/${app.meta.mainProgram}"; 77 in "${app}/bin/${app.meta.mainProgram}";
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 6eb97f85..9843b71a 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -4,15 +4,15 @@ table arp filter {
4 limit lim_arp_local { 4 limit lim_arp_local {
5 rate over 50 mbytes/second burst 50 mbytes 5 rate over 50 mbytes/second burst 50 mbytes
6 } 6 }
7 limit lim_arp_dsl { 7 limit lim_arp_gpon {
8 rate over 1400 kbytes/second burst 1400 kbytes 8 rate over 1750 kbytes/second burst 1750 kbytes
9 } 9 }
10 10
11 counter arp-rx {} 11 counter arp-rx {}
12 counter arp-tx {} 12 counter arp-tx {}
13 13
14 counter arp-ratelimit-dsl-rx {} 14 counter arp-ratelimit-gpon-rx {}
15 counter arp-ratelimit-dsl-tx {} 15 counter arp-ratelimit-gpon-tx {}
16 16
17 counter arp-ratelimit-local-rx {} 17 counter arp-ratelimit-local-rx {}
18 counter arp-ratelimit-local-tx {} 18 counter arp-ratelimit-local-tx {}
@@ -21,8 +21,8 @@ table arp filter {
21 type filter hook input priority filter 21 type filter hook input priority filter
22 policy accept 22 policy accept
23 23
24 iifname != dsl limit name lim_arp_local counter name arp-ratelimit-local-rx drop 24 iifname != gpon limit name lim_arp_local counter name arp-ratelimit-local-rx drop
25 iifname dsl limit name lim_arp_dsl counter name arp-ratelimit-dsl-rx drop 25 iifname gpon limit name lim_arp_gpon counter name arp-ratelimit-gpon-rx drop
26 26
27 counter name arp-rx 27 counter name arp-rx
28 } 28 }
@@ -31,8 +31,8 @@ table arp filter {
31 type filter hook output priority filter 31 type filter hook output priority filter
32 policy accept 32 policy accept
33 33
34 oifname != dsl limit name lim_arp_local counter name arp-ratelimit-local-tx drop 34 oifname != gpon limit name lim_arp_local counter name arp-ratelimit-local-tx drop
35 oifname dsl limit name lim_arp_dsl counter name arp-ratelimit-dsl-tx drop 35 oifname gpon limit name lim_arp_gpon counter name arp-ratelimit-gpon-tx drop
36 36
37 counter name arp-tx 37 counter name arp-tx
38 } 38 }
@@ -46,11 +46,11 @@ table inet filter {
46 limit lim_icmp_local { 46 limit lim_icmp_local {
47 rate over 50 mbytes/second burst 50 mbytes 47 rate over 50 mbytes/second burst 50 mbytes
48 } 48 }
49 limit lim_icmp_dsl { 49 limit lim_icmp_gpon {
50 rate over 1400 kbytes/second burst 1400 kbytes 50 rate over 1750 kbytes/second burst 1750 kbytes
51 } 51 }
52 52
53 counter icmp-ratelimit-dsl-fw {} 53 counter icmp-ratelimit-gpon-fw {}
54 counter icmp-ratelimit-local-fw {} 54 counter icmp-ratelimit-local-fw {}
55 55
56 counter icmp-fw {} 56 counter icmp-fw {}
@@ -58,7 +58,7 @@ table inet filter {
58 counter invalid-fw {} 58 counter invalid-fw {}
59 counter fw-lo {} 59 counter fw-lo {}
60 counter fw-lan {} 60 counter fw-lan {}
61 counter fw-dsl {} 61 counter fw-gpon {}
62 62
63 counter fw-cups {} 63 counter fw-cups {}
64 64
@@ -73,7 +73,7 @@ table inet filter {
73 counter invalid-local4-rx {} 73 counter invalid-local4-rx {}
74 counter invalid-local6-rx {} 74 counter invalid-local6-rx {}
75 75
76 counter icmp-ratelimit-dsl-rx {} 76 counter icmp-ratelimit-gpon-rx {}
77 counter icmp-ratelimit-local-rx {} 77 counter icmp-ratelimit-local-rx {}
78 counter icmp-rx {} 78 counter icmp-rx {}
79 79
@@ -101,7 +101,7 @@ table inet filter {
101 101
102 counter tx-lo {} 102 counter tx-lo {}
103 103
104 counter icmp-ratelimit-dsl-tx {} 104 counter icmp-ratelimit-gpon-tx {}
105 counter icmp-ratelimit-local-tx {} 105 counter icmp-ratelimit-local-tx {}
106 counter icmp-tx {} 106 counter icmp-tx {}
107 107
@@ -123,10 +123,10 @@ table inet filter {
123 123
124 124
125 chain forward_icmp_accept { 125 chain forward_icmp_accept {
126 oifname { dsl, bifrost } limit name lim_icmp_dsl counter name icmp-ratelimit-dsl-fw drop 126 oifname { gpon, bifrost } limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-fw drop
127 iifname { dsl, bifrost } limit name lim_icmp_dsl counter name icmp-ratelimit-dsl-fw drop 127 iifname { gpon, bifrost } limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-fw drop
128 oifname != { dsl, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop 128 oifname != { gpon, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
129 iifname != { dsl, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop 129 iifname != { gpon, bifrost } limit name lim_icmp_local counter name icmp-ratelimit-local-fw drop
130 counter name icmp-fw accept 130 counter name icmp-fw accept
131 } 131 }
132 chain forward { 132 chain forward {
@@ -139,10 +139,10 @@ table inet filter {
139 139
140 iifname lo counter name fw-lo accept 140 iifname lo counter name fw-lo accept
141 141
142 oifname { lan, dsl, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept 142 oifname { lan, gpon, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
143 iifname lan oifname { dsl, bifrost } counter name fw-lan accept 143 iifname lan oifname { gpon, bifrost } counter name fw-lan accept
144 144
145 iifname dsl oifname lan ct state { established, related } counter name fw-dsl accept 145 iifname gpon oifname lan ct state { established, related } counter name fw-gpon accept
146 146
147 147
148 limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop 148 limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop
@@ -163,22 +163,22 @@ table inet filter {
163 iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject 163 iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject
164 iif != lo ip6 daddr ::1/128 counter name invalid-local6-rx reject 164 iif != lo ip6 daddr ::1/128 counter name invalid-local6-rx reject
165 165
166 iifname { bifrost, dsl } meta l4proto $icmp_protos limit name lim_icmp_dsl counter name icmp-ratelimit-dsl-rx drop 166 iifname { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-rx drop
167 iifname != { bifrost, dsl } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop 167 iifname != { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-rx drop
168 meta l4proto $icmp_protos counter name icmp-rx accept 168 meta l4proto $icmp_protos counter name icmp-rx accept
169 169
170 iifname { lan, mgmt, dsl, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept 170 iifname { lan, mgmt, gpon, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
171 iifname { lan, mgmt, dsl, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept 171 iifname { lan, mgmt, gpon, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept
172 172
173 iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept 173 iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept
174 174
175 iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept 175 iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept
176 176
177 iifname { lan, mgmt, dsl } meta protocol ip udp dport 51820 counter name wg-rx accept 177 iifname { lan, mgmt, gpon } meta protocol ip udp dport 51820 counter name wg-rx accept
178 iifname { lan, mgmt, dsl } meta protocol ip6 udp dport 51821 counter name wg-rx accept 178 iifname { lan, mgmt, gpon } meta protocol ip6 udp dport 51821 counter name wg-rx accept
179 iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept 179 iifname "yggdrasil-wg-*" meta l4proto gre counter name yggdrasil-gre-rx accept
180 180
181 iifname dsl meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept 181 iifname gpon meta protocol ip6 udp dport 546 udp sport 547 counter name ipv6-pd-rx accept
182 182
183 iifname mgmt udp dport 123 counter name ntp-rx accept 183 iifname mgmt udp dport 123 counter name ntp-rx accept
184 184
@@ -209,8 +209,8 @@ table inet filter {
209 209
210 oifname lo counter name tx-lo accept 210 oifname lo counter name tx-lo accept
211 211
212 oifname { bifrost, dsl } meta l4proto $icmp_protos limit name lim_icmp_dsl counter name icmp-ratelimit-dsl-tx drop 212 oifname { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_gpon counter name icmp-ratelimit-gpon-tx drop
213 oifname != { bifrost, dsl } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-tx drop 213 oifname != { bifrost, gpon } meta l4proto $icmp_protos limit name lim_icmp_local counter name icmp-ratelimit-local-tx drop
214 meta l4proto $icmp_protos counter name icmp-tx accept 214 meta l4proto $icmp_protos counter name icmp-tx accept
215 215
216 216
@@ -246,7 +246,7 @@ table inet filter {
246} 246}
247 247
248table inet nat { 248table inet nat {
249 counter dsl-nat {} 249 counter gpon-nat {}
250 # counter container-nat {} 250 # counter container-nat {}
251 251
252 chain postrouting { 252 chain postrouting {
@@ -254,20 +254,20 @@ table inet nat {
254 policy accept 254 policy accept
255 255
256 256
257 meta nfproto ipv4 oifname dsl counter name dsl-nat masquerade 257 meta nfproto ipv4 oifname gpon counter name gpon-nat masquerade
258 # iifname ve-* oifname dsl counter name container-nat masquerade 258 # iifname ve-* oifname gpon counter name container-nat masquerade
259 } 259 }
260} 260}
261 261
262table inet mss_clamp { 262table inet mss_clamp {
263 counter dsl-mss-clamp {} 263 counter gpon-mss-clamp {}
264 264
265 chain postrouting { 265 chain postrouting {
266 type filter hook postrouting priority mangle 266 type filter hook postrouting priority mangle
267 policy accept 267 policy accept
268 268
269 269
270 oifname dsl tcp flags & (syn|rst) == syn counter name dsl-mss-clamp tcp option maxseg size set rt mtu 270 oifname gpon tcp flags & (syn|rst) == syn counter name gpon-mss-clamp tcp option maxseg size set rt mtu
271 } 271 }
272} 272}
273 273
@@ -402,7 +402,7 @@ table inet dscpclassify {
402 chain postrouting { 402 chain postrouting {
403 type filter hook postrouting priority filter + 1; policy accept 403 type filter hook postrouting priority filter + 1; policy accept
404 404
405 oifname != dsl return 405 oifname != gpon return
406 406
407 ip dscp cs0 goto ct_set_cs0 407 ip dscp cs0 goto ct_set_cs0
408 ip dscp lephb goto ct_set_lephb 408 ip dscp lephb goto ct_set_lephb
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index 1e649824..330026d7 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -63,7 +63,7 @@ in {
63 systemd = { 63 systemd = {
64 enable = true; 64 enable = true;
65 extraFlags = [ 65 extraFlags = [
66 "--systemd.collector.unit-include=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service" 66 "--systemd.collector.unit-include=(dhcpcd-.*|pppd-telekom|corerad|ndppd)\.service"
67 "--systemd.collector.enable-restart-count" 67 "--systemd.collector.enable-restart-count"
68 "--systemd.collector.enable-ip-accounting" 68 "--systemd.collector.enable-ip-accounting"
69 ]; 69 ];
@@ -144,17 +144,6 @@ in {
144 ]; 144 ];
145 scrape_interval = "15s"; 145 scrape_interval = "15s";
146 } 146 }
147 { job_name = "zte";
148 static_configs = [
149 { targets = ["localhost:9900"]; }
150 ];
151 relabel_configs = [
152 { replacement = "dsl01";
153 target_label = "instance";
154 }
155 ];
156 scrape_interval = "15s";
157 }
158 { job_name = "unbound"; 147 { job_name = "unbound";
159 static_configs = [ 148 static_configs = [
160 { targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; } 149 { targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; }
@@ -315,47 +304,6 @@ in {
315 }; 304 };
316 }; 305 };
317 306
318 systemd.services."prometheus-zte-exporter@dsl01.mgmt.yggdrasil" = {
319 wantedBy = [ "multi-user.target" ];
320 after = [ "network.target" ];
321 serviceConfig = {
322 Restart = "always";
323 PrivateTmp = true;
324 WorkingDirectory = "/tmp";
325 DynamicUser = true;
326 CapabilityBoundingSet = [""];
327 DeviceAllow = [""];
328 LockPersonality = true;
329 MemoryDenyWriteExecute = true;
330 NoNewPrivileges = true;
331 PrivateDevices = true;
332 ProtectClock = true;
333 ProtectControlGroups = true;
334 ProtectHome = true;
335 ProtectHostname = true;
336 ProtectKernelLogs = true;
337 ProtectKernelModules = true;
338 ProtectKernelTunables = true;
339 ProtectSystem = "strict";
340 RemoveIPC = true;
341 RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
342 RestrictNamespaces = true;
343 RestrictRealtime = true;
344 RestrictSUIDSGID = true;
345 SystemCallArchitectures = "native";
346 UMask = "0077";
347
348 Type = "simple";
349 ExecStart = "${pkgs.zte-prometheus-exporter}/bin/zte-prometheus-exporter";
350 Environment = "ZTE_BASEURL=http://%I ZTE_HOSTNAME=localhost ZTE_PORT=9900";
351 EnvironmentFile = config.sops.secrets."zte_dsl01.mgmt.yggdrasil".path;
352 };
353 };
354 sops.secrets."zte_dsl01.mgmt.yggdrasil" = {
355 format = "binary";
356 sopsFile = ./zte_dsl01.mgmt.yggdrasil;
357 };
358
359 systemd.services."prometheus-nftables-exporter" = { 307 systemd.services."prometheus-nftables-exporter" = {
360 wantedBy = [ "multi-user.target" ]; 308 wantedBy = [ "multi-user.target" ];
361 after = [ "network.target" ]; 309 after = [ "network.target" ];
diff --git a/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil b/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil
deleted file mode 100644
index 1c9c1fe0..00000000
--- a/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil
+++ /dev/null
@@ -1,26 +0,0 @@
1{
2 "data": "ENC[AES256_GCM,data:nAsn7dhfDr0+V1cJjpqWn/kJQt2zGjlfQKi3n5speroJkL3IvMG/9fsTaXJQZSi2gPlrN8GbxKQ=,iv:9g0V3xRBC+sa/JPP2bUZMfg//VuKT5qI7ua9iU4QRCg=,tag:fzwih9OHUBLmx8dxL4BjGg==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": [
9 {
10 "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaEE3bUFBY0xKSDUrVnc2\nbFpjSkNOSm56amJTNjdXcTljdDNRREhITm1NCjZrOUEwNFpxN2FmTVV5T2xCbENk\nMEFmVzlPZ29CTlJ4dVNCRUsyRFFseXcKLS0tIEhscVZ4VUVsaG9OUnBIRFE4WXA2\ncGFnbWpNMlNIQzFLc1Ryc1Z3NUl1bVUKi9zYBlF2vslGKu4GP368ApbvuxjZnQpF\nuOujXSNoEps21wY6xUENm+CbYbgaJjSgmb5c1IjAmnubVI4JVY9OyQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
14 "lastmodified": "2021-12-31T15:00:33Z",
15 "mac": "ENC[AES256_GCM,data:sw2NVXHLibbuOChgScLhSTjGZBjSoHpzIuRqfCW0eL3DwhL5CekG6T/oYu06KjNmxVjxwb3OmqECSU0TUvPn9ySOWwMSoBfyJpDoTHnZ+YOjOH351IOAMBNcBDJse7aLGRWW5YXKLDfmp8Dhg2hlMhCmkVwAquQjPhfmAdJfj64=,iv:wgM/BlRU2XJSGj7KvAo1WRamecffUDnFvv2+4twtsQY=,tag:0mXblJtTGMTvxndedws94A==,type:str]",
16 "pgp": [
17 {
18 "created_at": "2023-01-30T10:58:49Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAcwl1Blp3J5wgpRJKbYI1G1yEZrRYeYuoDtYUh3ToMAQw\nd92/bIJJR5Ml91eDym9uBN0fFRRy72r6FOx4qZT7S4DhmuA84qCbASjF8bKSclc0\n0l4BBXvDS5Dz1Q7iYc+LxZjHASV1v73A+MaeCFvG/pjmHzF0z0EzBiAJD4ZWGcP0\nX2dDbjl+n9VFrvmeLRxQNh4XZW43iTXdRjwHDgm16zhd9X6VOVhr5UkC4Nyjq2Ar\n=4ZEa\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.1"
25 }
26} \ No newline at end of file