4 files changed, 170 insertions, 0 deletions
diff --git a/hosts/sif/email/default.nix b/hosts/sif/email/default.nix
new file mode 100644
index 00000000..4eda236e
--- /dev/null
+++ b/hosts/sif/email/default.nix
@@ -0,0 +1,110 @@
+{ config, lib, pkgs, ... }:
+{
+  services.postfix = {
+    enable = true;
+    enableSmtp = false;
+    enableSubmission = false;
+    setSendmail = true;
+    networksStyle = "host";
+    hostname = "sif.midgard.yggdrasil";
+    destination = [];
+    recipientDelimiter = "+";
+    config = {
+      mydomain = "yggdrasil.li";
+      local_transport = "error:5.1.1 No local delivery";
+      alias_database = [];
+      alias_maps = [];
+      local_recipient_maps = [];
+      inet_interfaces = "loopback-only";
+      message_size_limit = "0";
+      authorized_submit_users = "inline:{ gkleen= }";
+      authorized_flush_users = "inline:{ gkleen= }";
+      authorized_mailq_users = "inline:{ gkleen= }";
+      smtp_generic_maps = "inline:{ root=root+sif }";
+      mynetworks = ["127.0.0.0/8" "[::1]/128"];
+      smtpd_client_restrictions = ["permit_mynetworks" "reject"];
+      smtpd_relay_restrictions = ["permit_mynetworks" "reject"];
+      sender_dependent_default_transport_maps = ''regexp:${pkgs.writeText "sender_relay" ''
+        /@(cip|stud)\.ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtp.ifi.lmu.de
+        /@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587
+        /@math(ematik)?\.(lmu|uni-muenchen)\.de$/ smtps:smtp.math.lmu.de:465
+        /@(campus\.)?lmu\.de$/ smtp:postout.lrz.de
+      ''}'';
+      sender_bcc_maps = ''regexp:${pkgs.writeText "sender_bcc" ''
+        /^uni2work(-[^@]*)?@ifi\.lmu\.de$/ uni2work@ifi.lmu.de
+        /@ifi\.lmu\.de$/ gregor.kleen@ifi.lmu.de
+      ''}'';
+      relayhost = "[surtr.yggdrasil.li]:465";
+      default_transport = "relay";
+      smtp_sasl_auth_enable = true;
+      smtp_sender_dependent_authentication = true;
+      smtp_sasl_tls_security_options = "noanonymous";
+      smtp_sasl_mechanism_filter = ["plain"];
+      smtp_sasl_password_maps = "regexp:/run/credentials/postfix.service/sasl_passwd";
+      smtp_cname_overrides_servername = false;
+      smtp_always_send_ehlo = true;
+      smtp_tls_security_level = "dane";
+      smtp_tls_loglevel = "1";
+      smtp_dns_support_level = "dnssec";
+    };
+    masterConfig = {
+      submission = {
+        type = "inet";
+        private = false;
+        command = "smtpd";
+        args = [
+          "-o" "syslog_name=postfix/$service_name"
+        ];
+      };
+      smtp = { };
+      smtps = {
+        type = "unix";
+        private = true;
+        privileged = true;
+        chroot = false;
+        command = "smtp";
+        args = [
+          "-o" "smtp_tls_wrappermode=yes"
+          "-o" "smtp_tls_security_level=encrypt"
+        ];
+      };
+      relay = {
+        command = "smtp";
+        args = [
+          "-o" "smtp_fallback_relay="
+          "-o" "smtp_tls_security_level=verify"
+          "-o" "smtp_tls_wrappermode=yes"
+          "-o" "smtp_tls_cert_file=${./relay.crt}"
+          "-o" "smtp_tls_key_file=/run/credentials/postfix.service/relay.key"
+        ];
+      };
+    };
+  };
+  systemd.services.postfix = {
+    serviceConfig.LoadCredential = [
+      "sasl_passwd:${config.sops.secrets."postfix-sasl-passwd".path}"
+      "relay.key:${config.sops.secrets."relay-key".path}"
+    ];
+  };
+  sops.secrets = {
+    postfix-sasl-passwd = {
+      key = "sasl-passwd";
+      sopsFile = ./secrets.yaml;
+    };
+    relay-key = {
+      format = "binary";
+      sopsFile = ./relay.key;
+    };
+  };
+}
diff --git a/hosts/sif/email/relay.crt b/hosts/sif/email/relay.crt
new file mode 100644
index 00000000..ac13e7cb
--- /dev/null
+++ b/hosts/sif/email/relay.crt
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBjDCCAQygAwIBAgIPQAAAAGgLfNoL/PSMAsutMAUGAytlcTAXMRUwEwYDVQQD
+DAx5Z2dkcmFzaWwubGkwHhcNMjUwNDI1MTIwOTQ1WhcNMzUwNDI2MTIxNDQ1WjAR
+MQ8wDQYDVQQDDAZna2xlZW4wKjAFBgMrZXADIQB3outi3/3F4YO7Q97WAAaMHW0a
+m+Blldrgee+EZnWnD6N1MHMwHwYDVR0jBBgwFoAUTtn+VjMw6Ge1f68KD8dT1CWn
+l3YwHQYDVR0OBBYEFFOa4rYZYMbXUVdKv98NB504GUhjMA4GA1UdDwEB/wQEAwID
+6DAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAUGAytlcQNzABC0
+0UgIt7gLZrU1TmzGoqPBris8R1DbKOJacicF5CU0MIIjHcX7mPFW8KtB4qm6KcPq
+kF6IaEPmgKpX3Nubk8HJik9vhIy9ysfINcVTvzXx8pO1bxbvREJRyA/apj10nzav
+yauId0cXHvN6g5RLAMsMAA==
+-----END CERTIFICATE-----
diff --git a/hosts/sif/email/relay.key b/hosts/sif/email/relay.key
new file mode 100644
index 00000000..412a44e0
--- /dev/null
+++ b/hosts/sif/email/relay.key
@@ -0,0 +1,19 @@
+{
+        "data": "ENC[AES256_GCM,data:lBlTuzOS75pvRmcTKT4KhHMH44RlE2SvCFAUP+GfsXws1Uai7DZ1MmbhvxxCa+pcLW19+sQYxrXLRNZWby1yOeKBJ2UQeYV5LOk9LSL/WIE3FZkCo5Dv0O0gSFKjjb61WN22a4JnHbLWADf/mLT3GZv91XfvFDo=,iv:ho8wQH3UNzX9JPW5gVcUGtxZzdVwsMFus0Z4KYe5t48=,tag:dAgZyHOva2xVVhE1nTl+lg==,type:str]",
+        "sops": {
+                "age": [
+                        {
+                                "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866",
+                                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eTVRSUdFNUZGZmcxSUlT\nWmlsOGNyWXIzMGNTZjlKbXlhcEdZUXFRVkR3Cll0T0RMd0h2UW16QkR3SHlhYmNZ\nNDFrYXh3Rkp5NWsvcWc3UFJJaHVwT1UKLS0tIHhXVEI0VHBZVkpDQ1FzWENjMmJH\nb1FQWXVUUTBiZ1pKWG00MTNqVEo2SjAKK3VOU+QgRuxWYWEcrJiVMRFCprBICz4F\ngD+9zuPUzPezyJkYwTs+M+wX5GYkXppqm5W58yQLS2UDD38sr+SRjg==\n-----END AGE ENCRYPTED FILE-----\n"
+                        },
+                        {
+                                "recipient": "age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne",
+                                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWmJmZDVFazN2bDY1TkNG\nNXpJN2twMFFjZUxMTVdSNzJwQTFiYktrcGdrCjk4eFVHTko0bFVMSlFFWm9tbjMr\nbWNHMEQ1Rm1qUVhodlB1RGw2aDc4TUEKLS0tIERBK0J5NkN4OXJEZ1ZOZXhNc1Jm\naWNnUmZGbTIxdmNkYi9TZ2h2bGs3MVEKPQGaEf7M/5/xvSOfawpIp50fB3QfFSuz\nPgkrPMneaBeUx+uBYMyEFX4rpzLIBR3pnYMjAfoc+bjWaOtGQuEqyQ==\n-----END AGE ENCRYPTED FILE-----\n"
+                        }
+                ],
+                "lastmodified": "2025-04-25T12:14:44Z",
+                "mac": "ENC[AES256_GCM,data:pObl2bJA93az9E3Ya+hA3ekI8TKKZ9NNTi0KzmWZBOiQwi9FuQYtpnmmT80L1KXWyOKJV6wGdAri3mNe/ue2S0TziSbQ/4+Dj4ubFKgkH7thb5q2dFyxw5FzhYzRQiXFqD/pxcNN9uL0lQI2Al0Eci0zX8Kcd1rAQ6RzLEoSmco=,iv:zo/3QFKTUEDxLy1k5yyU7Z1JMZ7cKdYUc6GHjaTTZKQ=,tag:f63Eja3lBfwJCYAOyEt56g==,type:str]",
+                "unencrypted_suffix": "_unencrypted",
+                "version": "3.10.2"
+        }
+}
diff --git a/hosts/sif/email/secrets.yaml b/hosts/sif/email/secrets.yaml
new file mode 100644
index 00000000..3c74b710
--- /dev/null
+++ b/hosts/sif/email/secrets.yaml
@@ -0,0 +1,30 @@
+sasl-passwd: ENC[AES256_GCM,data:L5QOQTEOplm9rQ+PuyDUl492ZTgIgZdRXNCNRaPQ4FLU+ha0GO7rjYWAOtvW7/oVdALrkQveSpBolnLG0nayvkjLpPuA6o9brR6bky52QmhOd8cYN9LMOhJcLJTwpUuvDesXkJD1mWA+ifuPnK6elVEfPuOndzMyw8MEvbPl53yCKQ7HOJc2nGvneD5QFkiHB9W9MmrR1gjGqaCSjZ0ahCnxe/Z2SwqccmBR9l60vt683RXMYbKNLDuSgE7HcXbzF9NstfnoSq7b332y/NgYsXvY0w+f6yPhsDuPhUXU+7gIcPb4+1TFOtdZP8uIPm1aLqG2nNKNhMGt23X8dD5Myy0FF6XmbTj43mDzKJahNel7pT91d+Vac5s08UeyUpQSjtrVMYneVTYbHEwiFPAD7S57LF0kZuE1aXIRF35g6XV3GB4rQDsrBsrZzn9vsGS12L2pdtYFVCvt/dLFlmd/GjPpm4JWyNSg,iv:fUEBrr1iby7+hK8ZesW+77HLMW93c6LpCcoJy8pgXUE=,tag:cW8vKVAebnJqo1gNNwDohQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MVYrR1ZrUXVhYVIvdTdS
+            OUxoOGhRZ3p2dFhCYkxta1REYy9FWTFEZVNJCjhpQ0VMcWdkWWQ1blZyVVpGWk81
+            UVBTZzNKSis2ZVVNdFA4TldvL05oMWcKLS0tIEl0TU8xQUhkTk83dDhzYU5aeCtR
+            OVcrdFRaeGxZL2kxT3VzUnBtWEI1Y1UK8LwKTus25P/nQrMJG5MOuR/lD2PCgeLC
+            WYBIbFusX//mwr1nymyWnHXkfXf8uHzpc6rJGFoa+TuOVU3elYB/Pg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcUs2OGp6WWN5cm9IVDdx
+            TFRpZTJXQjBXeGp3RytPaFdjR3UyVURnYmhZCnh3SDNYR0J1US9vcEhTbmJCNm5r
+            emJReml2QTNkTC93M0lpYlpNbTc4TGsKLS0tIGZ4YkE4STQ2dmh4akJVcnZOUVhT
+            MTNrOGxqZmFWSnl0U3lVTnllbEFTN28KKv/W6tk2YlNQV8fotfjSLg1HOs6OdMj4
+            GkZ30jQYfwmFYEA8YPn9JXbVNpprXd0d6ufLl/tAQckT6lsqGhwzeg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-02-02T14:45:23Z"
+    mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1

diff --git a/hosts/sif/email/default.nix b/hosts/sif/email/default.nix new file mode 100644 index 00000000..4eda236e --- /dev/null +++ b/hosts/sif/email/default.nix
@@ -0,0 +1,110 @@
	1	{ config, lib, pkgs, ... }:
	2	{
	3	services.postfix = {
	4	enable = true;
	5	enableSmtp = false;
	6	enableSubmission = false;
	7	setSendmail = true;
	8	networksStyle = "host";
	9	hostname = "sif.midgard.yggdrasil";
	10	destination = [];
	11	recipientDelimiter = "+";
	12	config = {
	13	mydomain = "yggdrasil.li";
	14
	15	local_transport = "error:5.1.1 No local delivery";
	16	alias_database = [];
	17	alias_maps = [];
	18	local_recipient_maps = [];
	19
	20	inet_interfaces = "loopback-only";
	21
	22	message_size_limit = "0";
	23
	24	authorized_submit_users = "inline:{ gkleen= }";
	25	authorized_flush_users = "inline:{ gkleen= }";
	26	authorized_mailq_users = "inline:{ gkleen= }";
	27
	28	smtp_generic_maps = "inline:{ root=root+sif }";
	29
	30	mynetworks = ["127.0.0.0/8" "[::1]/128"];
	31	smtpd_client_restrictions = ["permit_mynetworks" "reject"];
	32	smtpd_relay_restrictions = ["permit_mynetworks" "reject"];
	33
	34	sender_dependent_default_transport_maps = ''regexp:${pkgs.writeText "sender_relay" ''
	35	/@(cip\|stud)\.ifi\.(lmu\|uni-muenchen)\.de$/ smtp:smtp.ifi.lmu.de
	36	/@ifi\.(lmu\|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587
	37	/@math(ematik)?\.(lmu\|uni-muenchen)\.de$/ smtps:smtp.math.lmu.de:465
	38	/@(campus\.)?lmu\.de$/ smtp:postout.lrz.de
	39	''}'';
	40	sender_bcc_maps = ''regexp:${pkgs.writeText "sender_bcc" ''
	41	/^uni2work(-[^@]*)?@ifi\.lmu\.de$/ uni2work@ifi.lmu.de
	42	/@ifi\.lmu\.de$/ gregor.kleen@ifi.lmu.de
	43	''}'';
	44	relayhost = "[surtr.yggdrasil.li]:465";
	45	default_transport = "relay";
	46
	47	smtp_sasl_auth_enable = true;
	48	smtp_sender_dependent_authentication = true;
	49	smtp_sasl_tls_security_options = "noanonymous";
	50	smtp_sasl_mechanism_filter = ["plain"];
	51	smtp_sasl_password_maps = "regexp:/run/credentials/postfix.service/sasl_passwd";
	52	smtp_cname_overrides_servername = false;
	53	smtp_always_send_ehlo = true;
	54	smtp_tls_security_level = "dane";
	55
	56	smtp_tls_loglevel = "1";
	57	smtp_dns_support_level = "dnssec";
	58	};
	59	masterConfig = {
	60	submission = {
	61	type = "inet";
	62	private = false;
	63	command = "smtpd";
	64	args = [
	65	"-o" "syslog_name=postfix/$service_name"
	66	];
	67	};
	68	smtp = { };
	69	smtps = {
	70	type = "unix";
	71	private = true;
	72	privileged = true;
	73	chroot = false;
	74	command = "smtp";
	75	args = [
	76	"-o" "smtp_tls_wrappermode=yes"
	77	"-o" "smtp_tls_security_level=encrypt"
	78	];
	79	};
	80	relay = {
	81	command = "smtp";
	82	args = [
	83	"-o" "smtp_fallback_relay="
	84	"-o" "smtp_tls_security_level=verify"
	85	"-o" "smtp_tls_wrappermode=yes"
	86	"-o" "smtp_tls_cert_file=${./relay.crt}"
	87	"-o" "smtp_tls_key_file=/run/credentials/postfix.service/relay.key"
	88	];
	89	};
	90	};
	91	};
	92
	93	systemd.services.postfix = {
	94	serviceConfig.LoadCredential = [
	95	"sasl_passwd:${config.sops.secrets."postfix-sasl-passwd".path}"
	96	"relay.key:${config.sops.secrets."relay-key".path}"
	97	];
	98	};
	99
	100	sops.secrets = {
	101	postfix-sasl-passwd = {
	102	key = "sasl-passwd";
	103	sopsFile = ./secrets.yaml;
	104	};
	105	relay-key = {
	106	format = "binary";
	107	sopsFile = ./relay.key;
	108	};
	109	};
	110	}


diff --git a/hosts/sif/email/relay.crt b/hosts/sif/email/relay.crt new file mode 100644 index 00000000..ac13e7cb --- /dev/null +++ b/hosts/sif/email/relay.crt
@@ -0,0 +1,11 @@
	1	-----BEGIN CERTIFICATE-----
	2	MIIBjDCCAQygAwIBAgIPQAAAAGgLfNoL/PSMAsutMAUGAytlcTAXMRUwEwYDVQQD
	3	DAx5Z2dkcmFzaWwubGkwHhcNMjUwNDI1MTIwOTQ1WhcNMzUwNDI2MTIxNDQ1WjAR
	4	MQ8wDQYDVQQDDAZna2xlZW4wKjAFBgMrZXADIQB3outi3/3F4YO7Q97WAAaMHW0a
	5	m+Blldrgee+EZnWnD6N1MHMwHwYDVR0jBBgwFoAUTtn+VjMw6Ge1f68KD8dT1CWn
	6	l3YwHQYDVR0OBBYEFFOa4rYZYMbXUVdKv98NB504GUhjMA4GA1UdDwEB/wQEAwID
	7	6DAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAUGAytlcQNzABC0
	8	0UgIt7gLZrU1TmzGoqPBris8R1DbKOJacicF5CU0MIIjHcX7mPFW8KtB4qm6KcPq
	9	kF6IaEPmgKpX3Nubk8HJik9vhIy9ysfINcVTvzXx8pO1bxbvREJRyA/apj10nzav
	10	yauId0cXHvN6g5RLAMsMAA==
	11	-----END CERTIFICATE-----


diff --git a/hosts/sif/email/relay.key b/hosts/sif/email/relay.key new file mode 100644 index 00000000..412a44e0 --- /dev/null +++ b/hosts/sif/email/relay.key
@@ -0,0 +1,19 @@
	1	{
	2	"data": "ENC[AES256_GCM,data:lBlTuzOS75pvRmcTKT4KhHMH44RlE2SvCFAUP+GfsXws1Uai7DZ1MmbhvxxCa+pcLW19+sQYxrXLRNZWby1yOeKBJ2UQeYV5LOk9LSL/WIE3FZkCo5Dv0O0gSFKjjb61WN22a4JnHbLWADf/mLT3GZv91XfvFDo=,iv:ho8wQH3UNzX9JPW5gVcUGtxZzdVwsMFus0Z4KYe5t48=,tag:dAgZyHOva2xVVhE1nTl+lg==,type:str]",
	3	"sops": {
	4	"age": [
	5	{
	6	"recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866",
	7	"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eTVRSUdFNUZGZmcxSUlT\nWmlsOGNyWXIzMGNTZjlKbXlhcEdZUXFRVkR3Cll0T0RMd0h2UW16QkR3SHlhYmNZ\nNDFrYXh3Rkp5NWsvcWc3UFJJaHVwT1UKLS0tIHhXVEI0VHBZVkpDQ1FzWENjMmJH\nb1FQWXVUUTBiZ1pKWG00MTNqVEo2SjAKK3VOU+QgRuxWYWEcrJiVMRFCprBICz4F\ngD+9zuPUzPezyJkYwTs+M+wX5GYkXppqm5W58yQLS2UDD38sr+SRjg==\n-----END AGE ENCRYPTED FILE-----\n"
	8	},
	9	{
	10	"recipient": "age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne",
	11	"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWmJmZDVFazN2bDY1TkNG\nNXpJN2twMFFjZUxMTVdSNzJwQTFiYktrcGdrCjk4eFVHTko0bFVMSlFFWm9tbjMr\nbWNHMEQ1Rm1qUVhodlB1RGw2aDc4TUEKLS0tIERBK0J5NkN4OXJEZ1ZOZXhNc1Jm\naWNnUmZGbTIxdmNkYi9TZ2h2bGs3MVEKPQGaEf7M/5/xvSOfawpIp50fB3QfFSuz\nPgkrPMneaBeUx+uBYMyEFX4rpzLIBR3pnYMjAfoc+bjWaOtGQuEqyQ==\n-----END AGE ENCRYPTED FILE-----\n"
	12	}
	13	],
	14	"lastmodified": "2025-04-25T12:14:44Z",
	15	"mac": "ENC[AES256_GCM,data:pObl2bJA93az9E3Ya+hA3ekI8TKKZ9NNTi0KzmWZBOiQwi9FuQYtpnmmT80L1KXWyOKJV6wGdAri3mNe/ue2S0TziSbQ/4+Dj4ubFKgkH7thb5q2dFyxw5FzhYzRQiXFqD/pxcNN9uL0lQI2Al0Eci0zX8Kcd1rAQ6RzLEoSmco=,iv:zo/3QFKTUEDxLy1k5yyU7Z1JMZ7cKdYUc6GHjaTTZKQ=,tag:f63Eja3lBfwJCYAOyEt56g==,type:str]",
	16	"unencrypted_suffix": "_unencrypted",
	17	"version": "3.10.2"
	18	}
	19	}


diff --git a/hosts/sif/email/secrets.yaml b/hosts/sif/email/secrets.yaml new file mode 100644 index 00000000..3c74b710 --- /dev/null +++ b/hosts/sif/email/secrets.yaml
@@ -0,0 +1,30 @@
	1	sasl-passwd: ENC[AES256_GCM,data:L5QOQTEOplm9rQ+PuyDUl492ZTgIgZdRXNCNRaPQ4FLU+ha0GO7rjYWAOtvW7/oVdALrkQveSpBolnLG0nayvkjLpPuA6o9brR6bky52QmhOd8cYN9LMOhJcLJTwpUuvDesXkJD1mWA+ifuPnK6elVEfPuOndzMyw8MEvbPl53yCKQ7HOJc2nGvneD5QFkiHB9W9MmrR1gjGqaCSjZ0ahCnxe/Z2SwqccmBR9l60vt683RXMYbKNLDuSgE7HcXbzF9NstfnoSq7b332y/NgYsXvY0w+f6yPhsDuPhUXU+7gIcPb4+1TFOtdZP8uIPm1aLqG2nNKNhMGt23X8dD5Myy0FF6XmbTj43mDzKJahNel7pT91d+Vac5s08UeyUpQSjtrVMYneVTYbHEwiFPAD7S57LF0kZuE1aXIRF35g6XV3GB4rQDsrBsrZzn9vsGS12L2pdtYFVCvt/dLFlmd/GjPpm4JWyNSg,iv:fUEBrr1iby7+hK8ZesW+77HLMW93c6LpCcoJy8pgXUE=,tag:cW8vKVAebnJqo1gNNwDohQ==,type:str]
	2	sops:
	3	kms: []
	4	gcp_kms: []
	5	azure_kv: []
	6	hc_vault: []
	7	age:
	8	- recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866
	9	enc: \|
	10	-----BEGIN AGE ENCRYPTED FILE-----
	11	YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MVYrR1ZrUXVhYVIvdTdS
	12	OUxoOGhRZ3p2dFhCYkxta1REYy9FWTFEZVNJCjhpQ0VMcWdkWWQ1blZyVVpGWk81
	13	UVBTZzNKSis2ZVVNdFA4TldvL05oMWcKLS0tIEl0TU8xQUhkTk83dDhzYU5aeCtR
	14	OVcrdFRaeGxZL2kxT3VzUnBtWEI1Y1UK8LwKTus25P/nQrMJG5MOuR/lD2PCgeLC
	15	WYBIbFusX//mwr1nymyWnHXkfXf8uHzpc6rJGFoa+TuOVU3elYB/Pg==
	16	-----END AGE ENCRYPTED FILE-----
	17	- recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne
	18	enc: \|
	19	-----BEGIN AGE ENCRYPTED FILE-----
	20	YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcUs2OGp6WWN5cm9IVDdx
	21	TFRpZTJXQjBXeGp3RytPaFdjR3UyVURnYmhZCnh3SDNYR0J1US9vcEhTbmJCNm5r
	22	emJReml2QTNkTC93M0lpYlpNbTc4TGsKLS0tIGZ4YkE4STQ2dmh4akJVcnZOUVhT
	23	MTNrOGxqZmFWSnl0U3lVTnllbEFTN28KKv/W6tk2YlNQV8fotfjSLg1HOs6OdMj4
	24	GkZ30jQYfwmFYEA8YPn9JXbVNpprXd0d6ufLl/tAQckT6lsqGhwzeg==
	25	-----END AGE ENCRYPTED FILE-----
	26	lastmodified: "2022-02-02T14:45:23Z"
	27	mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str]
	28	pgp: []
	29	unencrypted_suffix: _unencrypted
	30	version: 3.7.1