summaryrefslogtreecommitdiff
path: root/hosts/surtr
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-05-05 14:12:31 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2022-05-05 14:12:31 +0200
commit84c79ad5a262728f4cbae83f51b7764b5fe850d3 (patch)
tree44ab0f0dfd880aa8a91ab1b25c8bacc2b96200ce /hosts/surtr
parent910fd2059e7e95a12702695a4991ea133f7a37a7 (diff)
downloadnixos-84c79ad5a262728f4cbae83f51b7764b5fe850d3.tar
nixos-84c79ad5a262728f4cbae83f51b7764b5fe850d3.tar.gz
nixos-84c79ad5a262728f4cbae83f51b7764b5fe850d3.tar.bz2
nixos-84c79ad5a262728f4cbae83f51b7764b5fe850d3.tar.xz
nixos-84c79ad5a262728f4cbae83f51b7764b5fe850d3.zip
surtr: email
Diffstat (limited to 'hosts/surtr')
-rw-r--r--hosts/surtr/default.nix2
-rw-r--r--hosts/surtr/dns/default.nix2
-rw-r--r--hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml26
-rw-r--r--hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml26
-rw-r--r--hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml26
-rw-r--r--hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml26
-rw-r--r--hosts/surtr/dns/zones/email.bouncy.soa9
-rw-r--r--hosts/surtr/dns/zones/li.yggdrasil.soa8
-rw-r--r--hosts/surtr/email/ca/.gitignore3
-rw-r--r--hosts/surtr/email/ca/ca.crt11
-rw-r--r--hosts/surtr/email/default.nix230
-rw-r--r--hosts/surtr/tls/tsig_keys/imap.bouncy.email26
-rw-r--r--hosts/surtr/tls/tsig_keys/mailin.bouncy.email26
-rw-r--r--hosts/surtr/tls/tsig_keys/mailsub.bouncy.email26
-rw-r--r--hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li26
15 files changed, 466 insertions, 7 deletions
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
index ca51d4fb..cb452df3 100644
--- a/hosts/surtr/default.nix
+++ b/hosts/surtr/default.nix
@@ -2,7 +2,7 @@
2{ 2{
3 imports = with flake.nixosModules.systemProfiles; [ 3 imports = with flake.nixosModules.systemProfiles; [
4 qemu-guest openssh rebuild-machines zfs 4 qemu-guest openssh rebuild-machines zfs
5 ./zfs.nix ./dns ./tls ./http.nix ./bifrost ./matrix ./postgresql.nix ./prometheus 5 ./zfs.nix ./dns ./tls ./http.nix ./bifrost ./matrix ./postgresql.nix ./prometheus ./email
6 ]; 6 ];
7 7
8 config = { 8 config = {
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index aff6e6f3..d665714d 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -156,6 +156,7 @@ in {
156 ${concatMapStringsSep "\n" mkZone [ 156 ${concatMapStringsSep "\n" mkZone [
157 { domain = "yggdrasil.li"; 157 { domain = "yggdrasil.li";
158 addACLs = { "yggdrasil.li" = ["ymir_acme_acl"]; }; 158 addACLs = { "yggdrasil.li" = ["ymir_acme_acl"]; };
159 acmeDomains = ["surtr.yggdrasil.li" "yggdrasil.li"];
159 } 160 }
160 { domain = "nights.email"; 161 { domain = "nights.email";
161 addACLs = { "nights.email" = ["ymir_acme_acl"]; }; 162 addACLs = { "nights.email" = ["ymir_acme_acl"]; };
@@ -183,6 +184,7 @@ in {
183 addACLs = { "rheperire.org" = ["ymir_acme_acl"]; }; 184 addACLs = { "rheperire.org" = ["ymir_acme_acl"]; };
184 } 185 }
185 { domain = "bouncy.email"; 186 { domain = "bouncy.email";
187 acmeDomains = ["mailin.bouncy.email" "mailsub.bouncy.email" "imap.bouncy.email" "bouncy.email"];
186 } 188 }
187 ]} 189 ]}
188 ''; 190 '';
diff --git a/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml
new file mode 100644
index 00000000..f57a5b9f
--- /dev/null
+++ b/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:xcDcVLIIZXus19oDIoFvZsyy0XUN26/B2yFQpt/apVBmhxC4qmHf+5SuzXx6KnL+LRCFnh0kxw5NUnLFaADUesUAWSBTCMLyirIT37NMUNAnGcP8ikqmOk2HUHE8/3BSER9Sr/9bXhA4ikzJnWVOWGJ9lT6qkw+DUHihundf+tHKnutxP/CoXM84T0YU4U6Jzw55BhyavaT7hSjm5Pa/CmvzUfu57GK8LBQchULqPXL1/GkcZbm/BJwI2RrYkhZG8CieRiey0WaD16qxsJ4lnhSb,iv:Spb+VtjR0XEj0HldOFNORYFbPDPeS7XgTdqZPi45wuw=,tag:QRQfOTwuh6lWJNrXZkNl0w==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-05-05T11:44:35Z",
10 "mac": "ENC[AES256_GCM,data:fQmb4Az33ypsJowyPrwBlkDYDNNtJWev5RzOQdvk3FOXINfeVXqBqRmK/FqYTwonWg+oQ1j7HptvEHXnNBXyHSjLs0eBNUwQAGDVYCQO2zGwmvwnRoyvSfgqESAeSWKMhzHvEA67dAm8l1HZuAXOKpnfMF2y2Z2bD4t6Ipz1FOU=,iv:UzpWjwBiC7te1IxneH/rueVKyRQ8IulRQYAQ9AybueI=,tag:s+FpPWQ0qu187LRcFb+7eg==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-05-05T11:44:34Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAl2GftHJU72CZwTRupXE9S1Z/w7vwrRQlFrme9woZ2QUw\nvan+u4DvpbWsv8jH4rPERxz7aIHcIUMnnDHMls7Ma8rqwE4GzjBnqJ4afYEgbUyc\n0l4B9IVHcML8hwLMRnox+/+DqMw9QJALjiLshid+6lxQOjiKj7AvLCsMA3llsT7H\ncyGwyhm99BaLO48zsXlSmGgg2/YSTPuiJtddwp9CWv0oeOrySnw5Rk0VqdVTzreK\n=EV9D\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:34Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAHdryYLAJhmbfQOq+tXxuuOYuB2stUUnq8/lRg6/nDyMw\nMeq1lqDPZmqcMGPuz1gaopZ+I30FBdASTaLMt2jPhd09mVccpY0nFuyvjJHHV32R\n0l4B2kHMD+NWtWCxPWGAUYBHI73xggVNMkDbr2FhwJgruN/4WRNGlgEszl6MQ43v\nI98doI69oLocwl7ZmXurspzyJA4btFIayAUgKc0uF28k4ulniTPlB75QxLAvXHNy\n=AQHH\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.2"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml
new file mode 100644
index 00000000..495af908
--- /dev/null
+++ b/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:aRpq+iUmoEQoy7wlDjTorLK0hUQdUE0RrlFAPYzoInAxrtm58xWLWYBb6FSm7oPv+B+uM04hXbTyH9xh4ZIogiV95qva1FaK+OSO9zkhP2i4SyroRyT4IKhs8ajCAj2wRSXCcUgK13UotF45y+2yJyPEOAsIossOaAJceQdi+fbW7L5z93copWyPa5XG3/KUZBNAoGFprTzB0c9luGWp8GmJ0zFZhbI+ZnKFgL9ZDTfh2e8N0VUih748AZw7YzL3uEu68BWPdXhgDo+f/DJARizmH/NyMQ==,iv:AomUPijrVdXiYI3fl8PAbJEjWZIeh7tuIZaDzJOieDk=,tag:AWkWJ+I9m7TrKKBL5cYWVw==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-05-05T11:44:33Z",
10 "mac": "ENC[AES256_GCM,data:o2QxYW9SPIbOWP/iQ2Mk1imSUWBwPOkPUTIVub/Y4Yse0RkR6qp1LlRdhB5aOKirInKNulA0iCm5uiDyGS02N52wrmQpnWjeMcFysZ9rzzRPIaEUa31GIWRQAt11amO56hM9JTBZGmq5bhPVRxRBfMT4PSgUT/KrRJSQCVXGyAs=,iv:OWk/08GxYylbjqcOjJnC81L4P+QyUkyxYaJ+qReGzIo=,tag:4r4eVCB5s462uMbb8lrnXg==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-05-05T11:44:33Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAymwXeFtQyiAgb+/Rm5jxPCnKWG3n7libf3zmYbQw7B0w\ndAmL/pukd3B8n3+lcdHDZodtr3W4LyatgdSXOUG51hRoqEq16b2MmCM43jTUnYQd\n0l4BWTk98DfAZ/6z7ulexqbCmfJSfJzUJGBnLqTBq2dnxeHHWpY/tpGp6BAi2n+p\nxtooPP9PUC2wbXFyf0FB5nGg+JvsNi4FspDwFYljnDKmXBnn1H3IfCmUhy1chWty\n=a8nm\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:33Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA0t4v/UKyR3uWG2NpFqxZRG7Hj05+akMq5ZnU7B/VrgQw\n4WIpnT+nqxM7c+vFNe/AVyO+R82qQrMbTL0QHpD5rUDdszFVw1UH/ELMH3rrcRlz\n0l4Bf8bWylnKOvPqeyklEktiSUXoMWqs0AbD+LuTUgqz/JvuO6AqvgbfPUvm5eOM\npI2DEW11SZeqiUai3N/H34myzQ7kSoVSfJobUfmBazIq69DBSSWz0sksMw98+yWK\n=q0Ui\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.2"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml
new file mode 100644
index 00000000..63d18e50
--- /dev/null
+++ b/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:wjU+ojwNIfiQamoOpB2MVyOB6WCCjpt1xwWO/LYD2YJqXkjl8ko4hf/wC+Q1SPkvvHPFtxxiQh1dzcl+8Wh6Xicb5HNMxiAXUQAr7gMG25nfyv3m0vB9msPDeEcbrE4t7bXOuZUBuOx9iU5UmA5kN9oTOcCT5i/db9ILEjcSvkvysk10WytyXK5CEHu5Y+gwlIJ+tP/eG/zEcXGHbDb/feQSn+Xwt3Jrdef9cau+pZB7zexIpMkvwryG9cpZCJUUDBYOhaHO+iLiO3+IEoDpr5Dabsuk9Nez,iv:ogd5X7Ss0Izl7AuJ0NvO4zKsMDDjsew3JLb0wElFhHE=,tag:f2IWgpCELipQdM+4IrtIVg==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-05-05T11:44:34Z",
10 "mac": "ENC[AES256_GCM,data:cCqLh/qhAiicPFl1p16icG8JacpQTYjnRByjRVkD1wZ2i+M/4/LXL1O46GZJvNMNlOTN6Be6IIeazGnO7MP6oxo6He2hovD0Ej5WbSruiwL2cuVvZ3vSpFI8psWS22NBgnNXCcxA+giS5b/jlRI7pcTQ2Knwwzh7Y4Xdp/UBAi8=,iv:6wC4JpdL90zwezMsoLeE5XGwxMvUdHGaVnZqfLcd//M=,tag:7peBKCXYlivsVY9hgNojyA==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-05-05T11:44:34Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAJ2Nl+Jhuqa6LwqsC/EPuYPU9YzPaD11JMhPxyMnk2CMw\nIJWVCeIbXlUWulQF497/yvCX+gpODsk//xTc9J1Uv02uH0HZPYQaVMVs9sqg1NW/\n0l4BpYd98/J0fFwvjhlu/6AB8zrQ2OEegjlOSGDhrAObOBx5xly3IJOF0dObl3fO\nKuauEC3fXJ/s6dugdGDklNhrdRSlfgmigSErUyB0kjo9mF/mAQ8lbzw6b5OXXBwE\n=U3Fx\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:34Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAuAXp4XtRgiQe/Nhs1oBhZxxre6e6R8uBXCUuLgp5IxIw\nUZNOL8NJB94jyqC1yxOr9mILMJw0+cQYFq8CuwSea7Cuz3WOgtVRl1ezKQlpusu5\n0l4BK5ByaesUw7P+wYuXC9VDFnKUCkSn+AA76zikuHHFu9KMd/4p6FcHboQyFz54\nguRNReB6U3y2g9KIwKo/hAk+8NHnuqH9w9Cfb2IIsU5a663AhLv/GKKkCbo0s7Ur\n=jNYe\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.2"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml
new file mode 100644
index 00000000..4523b3ba
--- /dev/null
+++ b/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:4+Pvq42ibLYLxaBBf0Q8gVYglcCdABu8R3M5haawnPSadC53u1+2vx5cujznaUE0vpNJKRDhrHKmctbY6azhgWWvd+PIJ7QtbIEn+9ZhFPsaufrVxXCF/2/wPR505cJiIx0ydeE5G8a8AwsSexLPNg8cBENjkPlImd9LnxIVM3xwpjnNasV7B+OkOnK9twAh51waJLsVYrlS1VOJRh3Q7tuJWlBtQu0YWdImmxvtrz30h2MHg8g03bkL91z5NSf6mbMkLwj6dRZYlXpPMKMi4ZjsXFk=,iv:7bXn7FQwQbLF8gp115OAO+r1eqjlQklar/ADrVJaJOw=,tag:R2NmSMATA1rRQazoV6WfMw==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-05-05T11:44:30Z",
10 "mac": "ENC[AES256_GCM,data:fLYGT6nZqQEE71WV6lhmXcX2HpQBwqRqd4j9D7YwXXCQolK2v4vqND8cjn2Ni71eWxoJRqHSVWOcvK39EM+kphcmH/wqLMYhdfjkP+DisYecO8LSF8MC1mhADz/YAQQfSs1Fp73JBEOruWqeyXsCB0uSfuIk5w6P0oihzZEddys=,iv:kdLy5pPPfOhyT4E0PV+cbb/007A5maBtQ90ZaCvUHGM=,tag:QJrlCAoFTosBYTgqfca/SA==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-05-05T11:44:30Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAO6YzCUEucOdXkrSHAVb7Evv2ouIgsI44bvG39sM9mTcw\nExiQR9nGBTrVUIRX7Gcb6GbDOHfYiSXhIi6CVzF7gRwe1iJGM1T6fheA30VuJ4uk\n0l4B3F4m/Pqvgp9NaBGQQDQOaCTD5NjwK/2lZtuMckQMUi9df4nEA9khJHsw8nx5\nSGU8QZquE4Kyi//pEFycoQ2q0QvKqg8JoT2m7TG5EBFXea1xfbZOZNIANUB8LnOW\n=vaJN\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:30Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAgqn8CAAZu2yB5YUfmQtMxMNJr3D40jzBH1oVmV862lYw\nlEAvxqlzV7xj/pLLfcQm/fxVu6c1tQlD4nA00VceQVZN8bm0kOzwbl+MnCYBiHps\n0l4Bcus9lKpaEpz/SB2no38/VCeM2mFnWPkUuyaLN0+xlosq4/laLhLe4NzXW8BX\nQKv8FLX0GxywRzonaLBf4p9Za8EXKXv9xMf5iYst4vG0epj4MCCxp6IH/uNDJwFt\n=yguK\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.2"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/dns/zones/email.bouncy.soa b/hosts/surtr/dns/zones/email.bouncy.soa
index d6fdab9b..2123c0bf 100644
--- a/hosts/surtr/dns/zones/email.bouncy.soa
+++ b/hosts/surtr/dns/zones/email.bouncy.soa
@@ -1,7 +1,7 @@
1$ORIGIN bouncy.email. 1$ORIGIN bouncy.email.
2$TTL 3600 2$TTL 3600
3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( 3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4 2022050501 ; serial 4 2022050503 ; serial
5 10800 ; refresh 5 10800 ; refresh
6 3600 ; retry 6 3600 ; retry
7 604800 ; expire 7 604800 ; expire
@@ -20,6 +20,8 @@ $TTL 3600
20@ IN MX 0 mailin.bouncy.email. 20@ IN MX 0 mailin.bouncy.email.
21@ IN TXT "v=spf1 a:mailout.bouncy.email -all" 21@ IN TXT "v=spf1 a:mailout.bouncy.email -all"
22 22
23_acme-challenge IN NS ns.yggdrasil.li.
24
23* IN A 202.61.241.61 25* IN A 202.61.241.61
24* IN AAAA 2a03:4000:52:ada:: 26* IN AAAA 2a03:4000:52:ada::
25* IN MX 0 mailin.bouncy.email. 27* IN MX 0 mailin.bouncy.email.
@@ -34,11 +36,13 @@ mailin IN A 202.61.241.61
34mailin IN AAAA 2a03:4000:52:ada:: 36mailin IN AAAA 2a03:4000:52:ada::
35mailin IN MX 0 mailin.bouncy.email. 37mailin IN MX 0 mailin.bouncy.email.
36mailin IN TXT "v=spf1 redirect=bouncy.email" 38mailin IN TXT "v=spf1 redirect=bouncy.email"
39_acme-challenge.mailin IN NS ns.yggdrasil.li.
37 40
38mailsub IN A 202.61.241.61 41mailsub IN A 202.61.241.61
39mailsub IN AAAA 2a03:4000:52:ada:: 42mailsub IN AAAA 2a03:4000:52:ada::
40mailsub IN MX 0 mailin.bouncy.email. 43mailsub IN MX 0 mailin.bouncy.email.
41mailsub IN TXT "v=spf1 redirect=bouncy.email" 44mailsub IN TXT "v=spf1 redirect=bouncy.email"
45_acme-challenge.mailsub IN NS ns.yggdrasil.li.
42 46
43_submissions._tcp IN SRV 5 0 465 mailsub.bouncy.email. 47_submissions._tcp IN SRV 5 0 465 mailsub.bouncy.email.
44 48
@@ -46,7 +50,6 @@ imap IN A 202.61.241.61
46imap IN AAAA 2a03:4000:52:ada:: 50imap IN AAAA 2a03:4000:52:ada::
47imap IN MX 0 mailin.bouncy.email. 51imap IN MX 0 mailin.bouncy.email.
48imap IN TXT "v=spf1 redirect=bouncy.email" 52imap IN TXT "v=spf1 redirect=bouncy.email"
53_acme-challenge.imap IN NS ns.yggdrasil.li.
49 54
50_imaps._tcp IN SRV 5 0 993 imap.bouncy.email. 55_imaps._tcp IN SRV 5 0 993 imap.bouncy.email.
51
52_acme-challenge IN NS ns.yggdrasil.li.
diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa
index 74b7170e..c43f7b0d 100644
--- a/hosts/surtr/dns/zones/li.yggdrasil.soa
+++ b/hosts/surtr/dns/zones/li.yggdrasil.soa
@@ -1,7 +1,7 @@
1$ORIGIN yggdrasil.li. 1$ORIGIN yggdrasil.li.
2$TTL 3600 2$TTL 3600
3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( 3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4 2022040800 ; serial 4 2022050501 ; serial
5 10800 ; refresh 5 10800 ; refresh
6 3600 ; retry 6 3600 ; retry
7 604800 ; expire 7 604800 ; expire
@@ -37,8 +37,10 @@ ymir IN TXT "v=spf1 redirect=yggdrasil.li"
37 37
38surtr IN A 202.61.241.61 38surtr IN A 202.61.241.61
39surtr IN AAAA 2a03:4000:52:ada:: 39surtr IN AAAA 2a03:4000:52:ada::
40surtr IN MX 0 ymir.yggdrasil.li 40surtr IN MX 0 surtr.yggdrasil.li
41surtr IN TXT "v=spf1 redirect=yggdrasil.li" 41surtr IN TXT "v=spf1 a:surtr.yggdrasil.li -all"
42
43_acme-challenge.surtr IN NS ns.yggdrasil.li.
42 44
43prometheus.surtr IN CNAME surtr.yggdrasil.li. 45prometheus.surtr IN CNAME surtr.yggdrasil.li.
44 46
diff --git a/hosts/surtr/email/ca/.gitignore b/hosts/surtr/email/ca/.gitignore
new file mode 100644
index 00000000..7c894574
--- /dev/null
+++ b/hosts/surtr/email/ca/.gitignore
@@ -0,0 +1,3 @@
1ca.key
2ca.cnf
3*.old \ No newline at end of file
diff --git a/hosts/surtr/email/ca/ca.crt b/hosts/surtr/email/ca/ca.crt
new file mode 100644
index 00000000..a4a46000
--- /dev/null
+++ b/hosts/surtr/email/ca/ca.crt
@@ -0,0 +1,11 @@
1-----BEGIN CERTIFICATE-----
2MIIBmjCCAUygAwIBAgIUb0fWK0YOiuanuqOsKemfDMb+LlUwBQYDK2VwMBcxFTAT
3BgNVBAMMDHlnZ2RyYXNpbC5saTAgFw0yMjA1MDUxMTMxMzZaGA8yMDkwMDUyMzEx
4MzEzNlowFzEVMBMGA1UEAwwMeWdnZHJhc2lsLmxpMCowBQYDK2VwAyEAuven1BCF
5gNJtOa5Uga4opO6CD6anTdLHMYEgax6bFbejgacwgaQwHQYDVR0OBBYEFO+nGZ+J
6ea3aQyWPNG53isOP91OVMFIGA1UdIwRLMEmAFO+nGZ+Jea3aQyWPNG53isOP91OV
7oRukGTAXMRUwEwYDVQQDDAx5Z2dkcmFzaWwubGmCFG9H1itGDormp7qjrCnpnwzG
8/i5VMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE
9AwICBDAFBgMrZXADQQD9C+L1EUIARdzeEvzGkBhcgggQQC4DKlLt0mpuUuGLxdfS
10xwAHTGd6PLER3DMTMob4olsGkl09g6fqj9iJRrkM
11-----END CERTIFICATE-----
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
new file mode 100644
index 00000000..49f156eb
--- /dev/null
+++ b/hosts/surtr/email/default.nix
@@ -0,0 +1,230 @@
1{ config, pkgs, lib, ... }:
2
3with lib;
4
5let
6 postfix_map = tableType: tableName: "${tableType}:/run/postfix/maps/${tableName}";
7 postfix_hash = postfix_map "hash";
8in {
9 options = {
10 services.postfix.mapFilesRun = mkOption {
11 type = types.attrsOf (types.either types.path (types.submodule {
12 options = {
13 type = mkOption {
14 type = types.str;
15 default = "hash";
16 };
17
18 path = mkOption {
19 type = types.nullOr types.path;
20 default = null;
21 };
22
23 text = mkOption {
24 type = types.nullOr types.lines;
25 default = null;
26 };
27 };
28 }));
29 default = {};
30 };
31 };
32
33 config = {
34 services.postfix = {
35 enable = true;
36 hostname = "surtr.yggdrasil.li";
37 recipientDelimiter = "+";
38 setSendmail = true;
39 postmasterAlias = ""; rootAlias = ""; extraAliases = "";
40 destination = [];
41 sslCert = "/run/credentials/postfix.service/surtr.yggdrasil.li.pem";
42 sslKey = "/run/credentials/postfix.service/surtr.yggdrasil.li.key.pem";
43 networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"];
44 mapFilesRun = {
45 "relay_ccert" = { text = ""; };
46 "sni" = { text = ''
47 bouncy.email /run/credentials/postfix.service/bouncy.email.sni.pem
48 mailin.bouncy.email /run/credentials/postfix.service/mailin.bouncy.email.sni.pem
49 mailsub.bouncy.email /run/credentials/postfix.service/mailsub.bouncy.email.sni.pem
50 .bouncy.email /run/credentials/postfix.service/bouncy.email.sni.pem
51 '';};
52 "esmtp_access" = { type = "cidr"; text = ''
53 # Allow DSN requests from local subnet only
54 192.168.0.0/16 silent-discard
55 172.16.0.0/12 silent-discard
56 10.0.0.0/8 silent-discard
57 0.0.0.0/0 silent-discard, dsn
58 fd00::/8 silent-discard
59 ::/0 silent-discard, dsn
60 '';};
61 };
62 config = {
63 #the dh params
64 smtpd_tls_dh1024_param_file = toString config.security.dhparams.params."postfix-1024".path;
65 smtpd_tls_dh512_param_file = toString config.security.dhparams.params."postfix-512".path;
66 #enable ECDH
67 smtpd_tls_eecdh_grade = "strong";
68 #enabled SSL protocols, don't allow SSLv2 and SSLv3
69 smtpd_tls_protocols = ["!SSLv2" "!SSLv3" "!TLSv1" "!TLSv1.1" "!TLSv1.2"];
70 smtpd_tls_mandatory_protocols = ["!SSLv2" "!SSLv3" "!TLSv1" "!TLSv1.1" "!TLSv1.2"];
71 #allowed ciphers for smtpd_tls_security_level=encrypt
72 smtpd_tls_mandatory_ciphers = "high";
73 #allowed ciphers for smtpd_tls_security_level=may
74 #smtpd_tls_ciphers = high
75 #enforce the server cipher preference
76 tls_preempt_cipherlist = true;
77 #disable following ciphers for smtpd_tls_security_level=encrypt
78 smtpd_tls_mandatory_exclude_ciphers = ["aNULL" "MD5" "DES" "ADH" "RC4" "PSD" "SRP" "3DES" "eNULL"];
79 #disable following ciphers for smtpd_tls_security_level=may
80 smtpd_tls_exclude_ciphers = ["aNULL" "MD5" "DES" "ADH" "RC4" "PSD" "SRP" "3DES" "eNULL"];
81 #enable TLS logging to see the ciphers for inbound connections
82 smtpd_tls_loglevel = "1";
83 #enable TLS logging to see the ciphers for outbound connections
84 smtp_tls_loglevel = "1";
85
86 smtpd_tls_ask_ccert = true;
87 smtpd_tls_CAfile = toString ./ca/ca.crt;
88
89 smtp_tls_security_level = "dane";
90 smtp_dns_support_level = "dnssec";
91
92 tls_server_sni_maps = postfix_hash "sni";
93
94 local_recipient_maps = "";
95
96 # 10 GiB
97 message_size_limit = "10737418240";
98 # 10 GiB
99 mailbox_size_limit = "10737418240";
100
101 smtpd_delay_reject = true;
102 smtpd_helo_required = true;
103 smtpd_helo_restrictions = "permit";
104
105 smtpd_recipient_restrictions = [
106 "reject_unauth_pipelining"
107 "reject_non_fqdn_recipient"
108 "reject_unknown_recipient_domain"
109 "permit_mynetworks"
110 "check_ccert_access ${postfix_hash "relay_ccert"}"
111 "reject_non_fqdn_helo_hostname"
112 "reject_invalid_helo_hostname"
113 "reject_unauth_destination"
114 "reject_unknown_recipient_domain"
115 "reject_unverified_recipient"
116 ];
117
118 smtpd_relay_restrictions = [
119 "permit_mynetworks"
120 "check_ccert_access ${postfix_hash "relay_ccert"}"
121 "reject_unauth_destination"
122 ];
123
124 propagate_unmatched_extensions = ["canonical" "virtual" "alias"];
125 smtpd_authorized_verp_clients = "$authorized_verp_clients";
126 authorized_verp_clients = "$mynetworks";
127
128 milter_default_action = "accept";
129 smtpd_milters = [config.services.opendkim.socket];
130 non_smtpd_milters = [config.services.opendkim.socket];
131
132 alias_maps = "";
133
134 queue_run_delay = "10s";
135 minimal_backoff_time = "1m";
136 maximal_backoff_time = "10m";
137 maximal_queue_lifetime = "100m";
138 bounce_queue_lifetime = "20m";
139
140 smtpd_discard_ehlo_keyword_address_maps = postfix_map "cidr" "esmtp_access";
141
142 sender_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.forwardPort}";
143 sender_canonical_classes = "envelope_sender";
144 recipient_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.reversePort}";
145 recipient_canonical_classes = ["envelope_recipient" "header_recipient"];
146 };
147 masterConfig = {
148 smtps = {
149 type = "inet";
150 command = "smtpd";
151 args = [
152 "-o" "smtpd_tls_wrappermode=yes"
153 "-o" "smtpd_tls_req_ccert=yes"
154 "-o" "smtpd_client_restrictions=permit_tls_all_clientcerts,reject"
155 "-o" "smtpd_recipient_restrictions=reject_unauth_pipelining,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_tls_all_clientcerts,reject"
156 ];
157 };
158 };
159 };
160
161 services.postsrsd = {
162 enable = true;
163 domain = "srs.surtr.yggdrasil.li";
164 separator = "+";
165 excludeDomains = [ "surtr.yggdrasil.li"
166 ".bouncy.email" "bouncy.email"
167 ];
168 };
169
170 services.opendkim = {
171 enable = true;
172 # user = "postfix"; group = "postfix";
173 # socket = "local:/run/opendkim/opendkim.sock";
174 domains = ''csl:${concatStringsSep "," ["surtr.yggdrasil.li" "bouncy.email"]}'';
175 selector = "surtr";
176 configFile = builtins.toFile "opendkim.conf" ''
177 Syslog true
178 MTACommand ${config.security.wrapperDir}/sendmail
179 LogResults true
180 '';
181 };
182
183 security.dhparams = {
184 params = {
185 "postfix-512".bits = 512;
186 "postfix-1024".bits = 2048;
187 };
188 };
189
190 security.acme.domains = let
191 mkSNI = ''
192 cat key.pem full.pem > sni.pem
193 '';
194 in {
195 "bouncy.email" = {
196 certCfg.postRun = mkSNI;
197 };
198 "mailin.bouncy.email" = {
199 certCfg.postRun = mkSNI;
200 };
201 "mailsub.bouncy.email" = {
202 certCfg.postRun = mkSNI;
203 };
204 "surtr.yggdrasil.li" = {};
205 };
206
207 systemd.services.postfix = {
208 preStart = concatStringsSep "\n" (mapAttrsToList (to: from: let
209 cont = {type, path, text}: assert !(isNull path && isNull text); let
210 path' = if isNull path then pkgs.writeText to text else path;
211 in ''
212 ln -sf ${path'} /run/postfix/maps/${to}
213 postmap ${type}:/run/postfix/maps/${to}
214 '';
215 in if builtins.isPath from then cont { path = from; } else cont from
216 ) config.services.postfix.mapFilesRun);
217
218 serviceConfig = {
219 RuntimeDirectory = ["postfix/maps"];
220 LoadCredential = [
221 "surtr.yggdrasil.li.key.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/key.pem"
222 "surtr.yggdrasil.li.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/fullchain.pem"
223 "bouncy.email.sni.pem:${config.security.acme.certs."bouncy.email".directory}/sni.pem"
224 "mailin.bouncy.email.sni.pem:${config.security.acme.certs."mailin.bouncy.email".directory}/sni.pem"
225 "mailsub.bouncy.email.sni.pem:${config.security.acme.certs."mailsub.bouncy.email".directory}/sni.pem"
226 ];
227 };
228 };
229 };
230}
diff --git a/hosts/surtr/tls/tsig_keys/imap.bouncy.email b/hosts/surtr/tls/tsig_keys/imap.bouncy.email
new file mode 100644
index 00000000..d3f86b23
--- /dev/null
+++ b/hosts/surtr/tls/tsig_keys/imap.bouncy.email
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:V3upBG5uxBdr9mfEyRqJMhcPJ/zjLXACJObpjAm/zl8hPQMnLBID74+e6kap,iv:1qnlvtXKbSUGiMR5wE2XWM5L+COTzzaMlu0w8gPaiGA=,tag:xpMWaiuFAeKfhyYKdW+tmQ==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-05-05T11:44:35Z",
10 "mac": "ENC[AES256_GCM,data:C8C327hR+CdEZjqkQUoPNCXXmUbNSl2oHChLQuz0MOSvU0laN7rLcdJ2Mb/WodVgHdVNXtzAzLdOluXi5ikW6pZH4ZAkV1Dsr5E/WLR3TuSr0ULJx3+ZQnT6XJkzKn0MSS5/u/ctUpGoFki+xG2S4yQiGqArqXUktEF2XAROBSw=,iv:Sp22bqbXBBWX3wLWBqHuZaQ4ki3PNx7BFKb16uHHU7U=,tag:OxVOI2K0Tliven8sPXnzlw==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-05-05T11:44:35Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAg+bD8OFCZiufY4QRUyLA3K0UMJS9rEbyE7vCExAazhUw\nYLPtQLtH3MFfS+HoDqrOtTy/1FadBbSBO8YC6bEeBpTksLpH5o3dqYCOPEzYWTKN\n0l4B66Bq+BgNuR+Ld4A+TdzNOfsmjIsEtVh2AKyfKFsg4+29MH5ImX11Wd4ek/5R\n1qD8evoz8DT+1sE2mX7gpGZj24x4A8CzhOPU/zQBaD7tf8omw6okERIi03jCpfml\n=C4Vt\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:35Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA2g2y4txmaQ1pjMKcRqwjqCSzdOeyxqgaO7hNzVzRvwgw\nXggd7yj7dSW+JZ1/SOmeMDR2aL28B6lB89q2IdGDORBaa8/m6mSSnP/aNiMtj71M\n0l4BgV6lelcYvGJfqb9TDZFZVsCYAiONBzhOjJ4y31H09BTFrFEnTOK+iipiqjti\nlM4ejpSuKPrSwx16+7B/Pa/OEMWfRWn7tIIoRC8rEdWKCm1utKLlOoqpR4OA+5mT\n=VcqH\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.2"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/tls/tsig_keys/mailin.bouncy.email b/hosts/surtr/tls/tsig_keys/mailin.bouncy.email
new file mode 100644
index 00000000..b7dbe8b9
--- /dev/null
+++ b/hosts/surtr/tls/tsig_keys/mailin.bouncy.email
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:nvMkj1Mqz8/QCN2n1m4hMGDCMIM7OcX81yS4N3+ZsGWc/p6RtwogKp53ypd5,iv:UB70UEDF0znqZpA3Ov+EGQkH/ix0A6I6JwpHAFEcNqU=,tag:lJJ7AtVa35TJVdNIEPXu3Q==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-05-05T11:44:34Z",
10 "mac": "ENC[AES256_GCM,data:bIjM+KaKivOu3xy4+p+zXaQtzRGO5wQ/tZXCgEBA9TEjkTli+ypzUlaf8gtjPOED2nCie9+GX+6kKhopP+P28/PoIGVmTpMLtRgInpNh8/APlTN2TQoVyCld2zEJDi+Cqa+nMBispyQF06bB3UGeOdGnlZwgW2IlYH5wUcgGBng=,iv:SMJMogMoLmCFaBqMjgB2P+pVhC8JVZS3BzZyEjqhDM8=,tag:07SSpA0HP3oIpTzyUExr+Q==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-05-05T11:44:33Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAfNwDDkgU3oYgQQzWu808G0xd8wwbDdRPzAvZpSW4ZUAw\nGKXrug34UAsJoCezXIArCbAXq8DGnsejkca90qS8JQAw94QxW/EVwjXXG1aUs2+2\n0l4B1WxA5Lt2/nQyeJjTOBcbTz07SPBlkdG5tZQEmJvoP33CTUUHNMQ9D1n3BFwZ\nOuWzFDBTXLqOzseL6PYCdjHMaU5fIll+GCIBufG9lZuqfP1YTyqLhgPLNpaO5kCX\n=4dC9\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:33Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdActPNakdiaMdVMhHlp0L77VgtR6x7NZmJ2RU1pKcqCnsw\n4hJbSauDdaUXirG6ircfJeKfwSOobdDjFmrVfkhpV2JKRc8XQyKm9nx8B3nHLPRb\n0l4BY8LfKmiH4lSocO/3thKurtZKOCmk5kfvCTVC96aWOFab6+YapJvRIqvgupap\nM+bRH+xEqS5rmooQBwsFFya5kykVVODiwAkh9dIV0EdGhqJgChjd+LHetch08iyw\n=KnpG\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.2"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/tls/tsig_keys/mailsub.bouncy.email b/hosts/surtr/tls/tsig_keys/mailsub.bouncy.email
new file mode 100644
index 00000000..ec2fa339
--- /dev/null
+++ b/hosts/surtr/tls/tsig_keys/mailsub.bouncy.email
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:tJbGR8t8/CWyY8TnOtY+5Na+RuphkrMqm1qYnuF40AH84mjyVELH2Jskx5Cx,iv:i8uEr7cltXRubU7vXr+NSL4qnCbN/foyjobM9XyhiN8=,tag:zDpagteTiEpq29pN9byWOg==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-05-05T11:44:34Z",
10 "mac": "ENC[AES256_GCM,data:4RGSNI/aLfDMTH2r95uo+5bYNj1oIaKTSIuLu+a9jnihnoJgh1BIpi6q7ayTV25J31WvpqUdYtHmAqp0cgsgPnxleCA0rmL4KupMPPTx4RNmMDzPfHb+mez6iFwepkLpPSqLMs2hPvc9PuSJDY7r7gkGvRfxqT5U+1+d2m/31LM=,iv:5fEkvnz9HzUAV/Nxd0Y0OYUdNiqEkMwPkgQ+wA5u6nE=,tag:/LyrsMWedbpLOifj0/k9Ug==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-05-05T11:44:34Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAwar8wbCJkkIsCWa4ADR82XxMQ9uywWi+1kOv0Hz3cSAw\nk4KuWWFjXhuRPGN+ueRrWaZbL2035RL9qjz6AzTf7dYd06q9uY/StQ4iwFGTrSWk\n0l4BSx9tzJ17BfrmDc8gHi7iJJzVWrSQS2BEkjQBvOqOz1RUFnyboe/whdBe3GLD\nTKN0tMUts9wliS2w1qtMrZJhHS4vNRICKlNcmVlShH42En4T9hlcIjwcdeX3Abjb\n=0DrA\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:34Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAkd4osWJcn0o+iwi+92bCRf5PvZ++tKLOgUmzZ6AUIQ8w\nRRLkK9U03T6UFMeWvBv5oHLJIgtaseqQJ7P8YG3fhFFdKYkjpoFSvz0ofcdPpORE\n0l4BqBwoLFoVNF9vmjdm7Ggb3JeSRlp5dvn4ihppN5sMOVNMP9iVjFGZr4lHO6m3\n0sInfK2Gz1HZ+u74RaR+urMzr5kfD5ZAFymE93Ae9QASBBj98qM462w6vT2izVgV\n=ZDDP\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.2"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li b/hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li
new file mode 100644
index 00000000..6b3648e0
--- /dev/null
+++ b/hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:OJbgB/u+4bo4mKVUGuULGeObTMsd83l1Q6nFiWAT5CN+jrX78g+iVR5QotOt,iv:Zoyn2dGBrXrAnKtGGW/r8WJDfbILOczQGQLgRlc0Xts=,tag:x5wrx92umguadfj6ARfsGg==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-05-05T11:44:33Z",
10 "mac": "ENC[AES256_GCM,data:LffMGjgzNp1gQQPBF+hUDh1YvgZqRYnS5521s0P1I0/1QlXj/iLYhNwIaTdBxYWFoeBcmvdkOXJV4YcTNqCmw8XaV9bNfezQTRlbskvAKZ1NPU6RRx6horWpguSWONnCMoFk5eaqeQA2Nr5rJ4kn8MSo46TMmHfR9Aj0fctuY1Q=,iv:E6Hu/jyY8WV+lm1AzRHVhI2Mdj2vDDwZcdR+KhM6gkc=,tag:I3F4gAQ3Eo86KL3fdeBz3g==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-05-05T11:44:33Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA37udf4bGP58tefZPCe6GXJMyu+cCzmVwUh0Y78MZ4BEw\nC0kHrjRb/2EZHrWPiFrEuTipIw3GVe5THmQfQwA6AJnmYtIZywCB07SFF+myS1Qz\n0l4BY2H6MsZEhPUxEK/ek83XMzLdcm0uLbIoEZFjL6lM47v3C8/MipxE2+zqzzUr\n7KWtpZekshX3kc5Qgj+Brs+X+Vz35PheGgHs6mX1rOFbHGxcOcNlu1UK3n8p3W9i\n=B4Qz\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T11:44:33Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdALq2tsHKjoVkxuF2LubirDKj1mXBL8D9gEtBAgUL+e1Ew\nCircY5+tjUj067L94tbr59tyqVdbXhEXZWfk+yqarIErIlwW7VKYM4RMc+0ePUjA\n0l4BYQIILqERGv4uJG7nZhDVu4YMatMR9ALgED47OhXwjnVG40Ncwt669YpRqmcF\nlxCgqbcBcCc1MfRn+C7Q7hYmruqc9cIBRYlssZmMC10CCETRASxTgeNcDve24AVo\n=z5ML\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.2"
25 }
26} \ No newline at end of file