From 84c79ad5a262728f4cbae83f51b7764b5fe850d3 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 5 May 2022 14:12:31 +0200
Subject: surtr: email
---
hosts/surtr/default.nix | 2 +-
hosts/surtr/dns/default.nix | 2 +
hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml | 26 +++
hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml | 26 +++
.../surtr/dns/keys/mailsub.bouncy.email_acme.yaml | 26 +++
hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml | 26 +++
hosts/surtr/dns/zones/email.bouncy.soa | 9 +-
hosts/surtr/dns/zones/li.yggdrasil.soa | 8 +-
hosts/surtr/email/ca/.gitignore | 3 +
hosts/surtr/email/ca/ca.crt | 11 +
hosts/surtr/email/default.nix | 230 +++++++++++++++++++++
hosts/surtr/tls/tsig_keys/imap.bouncy.email | 26 +++
hosts/surtr/tls/tsig_keys/mailin.bouncy.email | 26 +++
hosts/surtr/tls/tsig_keys/mailsub.bouncy.email | 26 +++
hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li | 26 +++
15 files changed, 466 insertions(+), 7 deletions(-)
create mode 100644 hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml
create mode 100644 hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml
create mode 100644 hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml
create mode 100644 hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml
create mode 100644 hosts/surtr/email/ca/.gitignore
create mode 100644 hosts/surtr/email/ca/ca.crt
create mode 100644 hosts/surtr/email/default.nix
create mode 100644 hosts/surtr/tls/tsig_keys/imap.bouncy.email
create mode 100644 hosts/surtr/tls/tsig_keys/mailin.bouncy.email
create mode 100644 hosts/surtr/tls/tsig_keys/mailsub.bouncy.email
create mode 100644 hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li
(limited to 'hosts')
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
index ca51d4fb..cb452df3 100644
--- a/hosts/surtr/default.nix
+++ b/hosts/surtr/default.nix
@@ -2,7 +2,7 @@
{
imports = with flake.nixosModules.systemProfiles; [
qemu-guest openssh rebuild-machines zfs
- ./zfs.nix ./dns ./tls ./http.nix ./bifrost ./matrix ./postgresql.nix ./prometheus
+ ./zfs.nix ./dns ./tls ./http.nix ./bifrost ./matrix ./postgresql.nix ./prometheus ./email
];
config = {
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index aff6e6f3..d665714d 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -156,6 +156,7 @@ in {
${concatMapStringsSep "\n" mkZone [
{ domain = "yggdrasil.li";
addACLs = { "yggdrasil.li" = ["ymir_acme_acl"]; };
+ acmeDomains = ["surtr.yggdrasil.li" "yggdrasil.li"];
}
{ domain = "nights.email";
addACLs = { "nights.email" = ["ymir_acme_acl"]; };
@@ -183,6 +184,7 @@ in {
addACLs = { "rheperire.org" = ["ymir_acme_acl"]; };
}
{ domain = "bouncy.email";
+ acmeDomains = ["mailin.bouncy.email" "mailsub.bouncy.email" "imap.bouncy.email" "bouncy.email"];
}
]}
'';
diff --git a/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml
new file mode 100644
index 00000000..f57a5b9f
--- /dev/null
+++ b/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
+{
+ "data": "ENC[AES256_GCM,data:xcDcVLIIZXus19oDIoFvZsyy0XUN26/B2yFQpt/apVBmhxC4qmHf+5SuzXx6KnL+LRCFnh0kxw5NUnLFaADUesUAWSBTCMLyirIT37NMUNAnGcP8ikqmOk2HUHE8/3BSER9Sr/9bXhA4ikzJnWVOWGJ9lT6qkw+DUHihundf+tHKnutxP/CoXM84T0YU4U6Jzw55BhyavaT7hSjm5Pa/CmvzUfu57GK8LBQchULqPXL1/GkcZbm/BJwI2RrYkhZG8CieRiey0WaD16qxsJ4lnhSb,iv:Spb+VtjR0XEj0HldOFNORYFbPDPeS7XgTdqZPi45wuw=,tag:QRQfOTwuh6lWJNrXZkNl0w==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": null,
+ "lastmodified": "2022-05-05T11:44:35Z",
+ "mac": "ENC[AES256_GCM,data:fQmb4Az33ypsJowyPrwBlkDYDNNtJWev5RzOQdvk3FOXINfeVXqBqRmK/FqYTwonWg+oQ1j7HptvEHXnNBXyHSjLs0eBNUwQAGDVYCQO2zGwmvwnRoyvSfgqESAeSWKMhzHvEA67dAm8l1HZuAXOKpnfMF2y2Z2bD4t6Ipz1FOU=,iv:UzpWjwBiC7te1IxneH/rueVKyRQ8IulRQYAQ9AybueI=,tag:s+FpPWQ0qu187LRcFb+7eg==,type:str]",
+ "pgp": [
+ {
+ "created_at": "2022-05-05T11:44:34Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAl2GftHJU72CZwTRupXE9S1Z/w7vwrRQlFrme9woZ2QUw\nvan+u4DvpbWsv8jH4rPERxz7aIHcIUMnnDHMls7Ma8rqwE4GzjBnqJ4afYEgbUyc\n0l4B9IVHcML8hwLMRnox+/+DqMw9QJALjiLshid+6lxQOjiKj7AvLCsMA3llsT7H\ncyGwyhm99BaLO48zsXlSmGgg2/YSTPuiJtddwp9CWv0oeOrySnw5Rk0VqdVTzreK\n=EV9D\n-----END PGP MESSAGE-----\n",
+ "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+ },
+ {
+ "created_at": "2022-05-05T11:44:34Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAHdryYLAJhmbfQOq+tXxuuOYuB2stUUnq8/lRg6/nDyMw\nMeq1lqDPZmqcMGPuz1gaopZ+I30FBdASTaLMt2jPhd09mVccpY0nFuyvjJHHV32R\n0l4B2kHMD+NWtWCxPWGAUYBHI73xggVNMkDbr2FhwJgruN/4WRNGlgEszl6MQ43v\nI98doI69oLocwl7ZmXurspzyJA4btFIayAUgKc0uF28k4ulniTPlB75QxLAvXHNy\n=AQHH\n-----END PGP MESSAGE-----\n",
+ "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+ }
+ ],
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.2"
+ }
+}
\ No newline at end of file
diff --git a/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml
new file mode 100644
index 00000000..495af908
--- /dev/null
+++ b/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
+{
+ "data": "ENC[AES256_GCM,data:aRpq+iUmoEQoy7wlDjTorLK0hUQdUE0RrlFAPYzoInAxrtm58xWLWYBb6FSm7oPv+B+uM04hXbTyH9xh4ZIogiV95qva1FaK+OSO9zkhP2i4SyroRyT4IKhs8ajCAj2wRSXCcUgK13UotF45y+2yJyPEOAsIossOaAJceQdi+fbW7L5z93copWyPa5XG3/KUZBNAoGFprTzB0c9luGWp8GmJ0zFZhbI+ZnKFgL9ZDTfh2e8N0VUih748AZw7YzL3uEu68BWPdXhgDo+f/DJARizmH/NyMQ==,iv:AomUPijrVdXiYI3fl8PAbJEjWZIeh7tuIZaDzJOieDk=,tag:AWkWJ+I9m7TrKKBL5cYWVw==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": null,
+ "lastmodified": "2022-05-05T11:44:33Z",
+ "mac": "ENC[AES256_GCM,data:o2QxYW9SPIbOWP/iQ2Mk1imSUWBwPOkPUTIVub/Y4Yse0RkR6qp1LlRdhB5aOKirInKNulA0iCm5uiDyGS02N52wrmQpnWjeMcFysZ9rzzRPIaEUa31GIWRQAt11amO56hM9JTBZGmq5bhPVRxRBfMT4PSgUT/KrRJSQCVXGyAs=,iv:OWk/08GxYylbjqcOjJnC81L4P+QyUkyxYaJ+qReGzIo=,tag:4r4eVCB5s462uMbb8lrnXg==,type:str]",
+ "pgp": [
+ {
+ "created_at": "2022-05-05T11:44:33Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAymwXeFtQyiAgb+/Rm5jxPCnKWG3n7libf3zmYbQw7B0w\ndAmL/pukd3B8n3+lcdHDZodtr3W4LyatgdSXOUG51hRoqEq16b2MmCM43jTUnYQd\n0l4BWTk98DfAZ/6z7ulexqbCmfJSfJzUJGBnLqTBq2dnxeHHWpY/tpGp6BAi2n+p\nxtooPP9PUC2wbXFyf0FB5nGg+JvsNi4FspDwFYljnDKmXBnn1H3IfCmUhy1chWty\n=a8nm\n-----END PGP MESSAGE-----\n",
+ "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+ },
+ {
+ "created_at": "2022-05-05T11:44:33Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA0t4v/UKyR3uWG2NpFqxZRG7Hj05+akMq5ZnU7B/VrgQw\n4WIpnT+nqxM7c+vFNe/AVyO+R82qQrMbTL0QHpD5rUDdszFVw1UH/ELMH3rrcRlz\n0l4Bf8bWylnKOvPqeyklEktiSUXoMWqs0AbD+LuTUgqz/JvuO6AqvgbfPUvm5eOM\npI2DEW11SZeqiUai3N/H34myzQ7kSoVSfJobUfmBazIq69DBSSWz0sksMw98+yWK\n=q0Ui\n-----END PGP MESSAGE-----\n",
+ "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+ }
+ ],
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.2"
+ }
+}
\ No newline at end of file
diff --git a/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml
new file mode 100644
index 00000000..63d18e50
--- /dev/null
+++ b/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
+{
+ "data": "ENC[AES256_GCM,data:wjU+ojwNIfiQamoOpB2MVyOB6WCCjpt1xwWO/LYD2YJqXkjl8ko4hf/wC+Q1SPkvvHPFtxxiQh1dzcl+8Wh6Xicb5HNMxiAXUQAr7gMG25nfyv3m0vB9msPDeEcbrE4t7bXOuZUBuOx9iU5UmA5kN9oTOcCT5i/db9ILEjcSvkvysk10WytyXK5CEHu5Y+gwlIJ+tP/eG/zEcXGHbDb/feQSn+Xwt3Jrdef9cau+pZB7zexIpMkvwryG9cpZCJUUDBYOhaHO+iLiO3+IEoDpr5Dabsuk9Nez,iv:ogd5X7Ss0Izl7AuJ0NvO4zKsMDDjsew3JLb0wElFhHE=,tag:f2IWgpCELipQdM+4IrtIVg==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": null,
+ "lastmodified": "2022-05-05T11:44:34Z",
+ "mac": "ENC[AES256_GCM,data:cCqLh/qhAiicPFl1p16icG8JacpQTYjnRByjRVkD1wZ2i+M/4/LXL1O46GZJvNMNlOTN6Be6IIeazGnO7MP6oxo6He2hovD0Ej5WbSruiwL2cuVvZ3vSpFI8psWS22NBgnNXCcxA+giS5b/jlRI7pcTQ2Knwwzh7Y4Xdp/UBAi8=,iv:6wC4JpdL90zwezMsoLeE5XGwxMvUdHGaVnZqfLcd//M=,tag:7peBKCXYlivsVY9hgNojyA==,type:str]",
+ "pgp": [
+ {
+ "created_at": "2022-05-05T11:44:34Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAJ2Nl+Jhuqa6LwqsC/EPuYPU9YzPaD11JMhPxyMnk2CMw\nIJWVCeIbXlUWulQF497/yvCX+gpODsk//xTc9J1Uv02uH0HZPYQaVMVs9sqg1NW/\n0l4BpYd98/J0fFwvjhlu/6AB8zrQ2OEegjlOSGDhrAObOBx5xly3IJOF0dObl3fO\nKuauEC3fXJ/s6dugdGDklNhrdRSlfgmigSErUyB0kjo9mF/mAQ8lbzw6b5OXXBwE\n=U3Fx\n-----END PGP MESSAGE-----\n",
+ "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+ },
+ {
+ "created_at": "2022-05-05T11:44:34Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAuAXp4XtRgiQe/Nhs1oBhZxxre6e6R8uBXCUuLgp5IxIw\nUZNOL8NJB94jyqC1yxOr9mILMJw0+cQYFq8CuwSea7Cuz3WOgtVRl1ezKQlpusu5\n0l4BK5ByaesUw7P+wYuXC9VDFnKUCkSn+AA76zikuHHFu9KMd/4p6FcHboQyFz54\nguRNReB6U3y2g9KIwKo/hAk+8NHnuqH9w9Cfb2IIsU5a663AhLv/GKKkCbo0s7Ur\n=jNYe\n-----END PGP MESSAGE-----\n",
+ "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+ }
+ ],
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.2"
+ }
+}
\ No newline at end of file
diff --git a/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml
new file mode 100644
index 00000000..4523b3ba
--- /dev/null
+++ b/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml
@@ -0,0 +1,26 @@
+{
+ "data": "ENC[AES256_GCM,data:4+Pvq42ibLYLxaBBf0Q8gVYglcCdABu8R3M5haawnPSadC53u1+2vx5cujznaUE0vpNJKRDhrHKmctbY6azhgWWvd+PIJ7QtbIEn+9ZhFPsaufrVxXCF/2/wPR505cJiIx0ydeE5G8a8AwsSexLPNg8cBENjkPlImd9LnxIVM3xwpjnNasV7B+OkOnK9twAh51waJLsVYrlS1VOJRh3Q7tuJWlBtQu0YWdImmxvtrz30h2MHg8g03bkL91z5NSf6mbMkLwj6dRZYlXpPMKMi4ZjsXFk=,iv:7bXn7FQwQbLF8gp115OAO+r1eqjlQklar/ADrVJaJOw=,tag:R2NmSMATA1rRQazoV6WfMw==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": null,
+ "lastmodified": "2022-05-05T11:44:30Z",
+ "mac": "ENC[AES256_GCM,data:fLYGT6nZqQEE71WV6lhmXcX2HpQBwqRqd4j9D7YwXXCQolK2v4vqND8cjn2Ni71eWxoJRqHSVWOcvK39EM+kphcmH/wqLMYhdfjkP+DisYecO8LSF8MC1mhADz/YAQQfSs1Fp73JBEOruWqeyXsCB0uSfuIk5w6P0oihzZEddys=,iv:kdLy5pPPfOhyT4E0PV+cbb/007A5maBtQ90ZaCvUHGM=,tag:QJrlCAoFTosBYTgqfca/SA==,type:str]",
+ "pgp": [
+ {
+ "created_at": "2022-05-05T11:44:30Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAO6YzCUEucOdXkrSHAVb7Evv2ouIgsI44bvG39sM9mTcw\nExiQR9nGBTrVUIRX7Gcb6GbDOHfYiSXhIi6CVzF7gRwe1iJGM1T6fheA30VuJ4uk\n0l4B3F4m/Pqvgp9NaBGQQDQOaCTD5NjwK/2lZtuMckQMUi9df4nEA9khJHsw8nx5\nSGU8QZquE4Kyi//pEFycoQ2q0QvKqg8JoT2m7TG5EBFXea1xfbZOZNIANUB8LnOW\n=vaJN\n-----END PGP MESSAGE-----\n",
+ "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+ },
+ {
+ "created_at": "2022-05-05T11:44:30Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAgqn8CAAZu2yB5YUfmQtMxMNJr3D40jzBH1oVmV862lYw\nlEAvxqlzV7xj/pLLfcQm/fxVu6c1tQlD4nA00VceQVZN8bm0kOzwbl+MnCYBiHps\n0l4Bcus9lKpaEpz/SB2no38/VCeM2mFnWPkUuyaLN0+xlosq4/laLhLe4NzXW8BX\nQKv8FLX0GxywRzonaLBf4p9Za8EXKXv9xMf5iYst4vG0epj4MCCxp6IH/uNDJwFt\n=yguK\n-----END PGP MESSAGE-----\n",
+ "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+ }
+ ],
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.2"
+ }
+}
\ No newline at end of file
diff --git a/hosts/surtr/dns/zones/email.bouncy.soa b/hosts/surtr/dns/zones/email.bouncy.soa
index d6fdab9b..2123c0bf 100644
--- a/hosts/surtr/dns/zones/email.bouncy.soa
+++ b/hosts/surtr/dns/zones/email.bouncy.soa
@@ -1,7 +1,7 @@
$ORIGIN bouncy.email.
$TTL 3600
@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
- 2022050501 ; serial
+ 2022050503 ; serial
10800 ; refresh
3600 ; retry
604800 ; expire
@@ -20,6 +20,8 @@ $TTL 3600
@ IN MX 0 mailin.bouncy.email.
@ IN TXT "v=spf1 a:mailout.bouncy.email -all"
+_acme-challenge IN NS ns.yggdrasil.li.
+
* IN A 202.61.241.61
* IN AAAA 2a03:4000:52:ada::
* IN MX 0 mailin.bouncy.email.
@@ -34,11 +36,13 @@ mailin IN A 202.61.241.61
mailin IN AAAA 2a03:4000:52:ada::
mailin IN MX 0 mailin.bouncy.email.
mailin IN TXT "v=spf1 redirect=bouncy.email"
+_acme-challenge.mailin IN NS ns.yggdrasil.li.
mailsub IN A 202.61.241.61
mailsub IN AAAA 2a03:4000:52:ada::
mailsub IN MX 0 mailin.bouncy.email.
mailsub IN TXT "v=spf1 redirect=bouncy.email"
+_acme-challenge.mailsub IN NS ns.yggdrasil.li.
_submissions._tcp IN SRV 5 0 465 mailsub.bouncy.email.
@@ -46,7 +50,6 @@ imap IN A 202.61.241.61
imap IN AAAA 2a03:4000:52:ada::
imap IN MX 0 mailin.bouncy.email.
imap IN TXT "v=spf1 redirect=bouncy.email"
+_acme-challenge.imap IN NS ns.yggdrasil.li.
_imaps._tcp IN SRV 5 0 993 imap.bouncy.email.
-
-_acme-challenge IN NS ns.yggdrasil.li.
diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa
index 74b7170e..c43f7b0d 100644
--- a/hosts/surtr/dns/zones/li.yggdrasil.soa
+++ b/hosts/surtr/dns/zones/li.yggdrasil.soa
@@ -1,7 +1,7 @@
$ORIGIN yggdrasil.li.
$TTL 3600
@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
- 2022040800 ; serial
+ 2022050501 ; serial
10800 ; refresh
3600 ; retry
604800 ; expire
@@ -37,8 +37,10 @@ ymir IN TXT "v=spf1 redirect=yggdrasil.li"
surtr IN A 202.61.241.61
surtr IN AAAA 2a03:4000:52:ada::
-surtr IN MX 0 ymir.yggdrasil.li
-surtr IN TXT "v=spf1 redirect=yggdrasil.li"
+surtr IN MX 0 surtr.yggdrasil.li
+surtr IN TXT "v=spf1 a:surtr.yggdrasil.li -all"
+
+_acme-challenge.surtr IN NS ns.yggdrasil.li.
prometheus.surtr IN CNAME surtr.yggdrasil.li.
diff --git a/hosts/surtr/email/ca/.gitignore b/hosts/surtr/email/ca/.gitignore
new file mode 100644
index 00000000..7c894574
--- /dev/null
+++ b/hosts/surtr/email/ca/.gitignore
@@ -0,0 +1,3 @@
+ca.key
+ca.cnf
+*.old
\ No newline at end of file
diff --git a/hosts/surtr/email/ca/ca.crt b/hosts/surtr/email/ca/ca.crt
new file mode 100644
index 00000000..a4a46000
--- /dev/null
+++ b/hosts/surtr/email/ca/ca.crt
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBmjCCAUygAwIBAgIUb0fWK0YOiuanuqOsKemfDMb+LlUwBQYDK2VwMBcxFTAT
+BgNVBAMMDHlnZ2RyYXNpbC5saTAgFw0yMjA1MDUxMTMxMzZaGA8yMDkwMDUyMzEx
+MzEzNlowFzEVMBMGA1UEAwwMeWdnZHJhc2lsLmxpMCowBQYDK2VwAyEAuven1BCF
+gNJtOa5Uga4opO6CD6anTdLHMYEgax6bFbejgacwgaQwHQYDVR0OBBYEFO+nGZ+J
+ea3aQyWPNG53isOP91OVMFIGA1UdIwRLMEmAFO+nGZ+Jea3aQyWPNG53isOP91OV
+oRukGTAXMRUwEwYDVQQDDAx5Z2dkcmFzaWwubGmCFG9H1itGDormp7qjrCnpnwzG
+/i5VMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE
+AwICBDAFBgMrZXADQQD9C+L1EUIARdzeEvzGkBhcgggQQC4DKlLt0mpuUuGLxdfS
+xwAHTGd6PLER3DMTMob4olsGkl09g6fqj9iJRrkM
+-----END CERTIFICATE-----
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
new file mode 100644
index 00000000..49f156eb
--- /dev/null
+++ b/hosts/surtr/email/default.nix
@@ -0,0 +1,230 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+ postfix_map = tableType: tableName: "${tableType}:/run/postfix/maps/${tableName}";
+ postfix_hash = postfix_map "hash";
+in {
+ options = {
+ services.postfix.mapFilesRun = mkOption {
+ type = types.attrsOf (types.either types.path (types.submodule {
+ options = {
+ type = mkOption {
+ type = types.str;
+ default = "hash";
+ };
+
+ path = mkOption {
+ type = types.nullOr types.path;
+ default = null;
+ };
+
+ text = mkOption {
+ type = types.nullOr types.lines;
+ default = null;
+ };
+ };
+ }));
+ default = {};
+ };
+ };
+
+ config = {
+ services.postfix = {
+ enable = true;
+ hostname = "surtr.yggdrasil.li";
+ recipientDelimiter = "+";
+ setSendmail = true;
+ postmasterAlias = ""; rootAlias = ""; extraAliases = "";
+ destination = [];
+ sslCert = "/run/credentials/postfix.service/surtr.yggdrasil.li.pem";
+ sslKey = "/run/credentials/postfix.service/surtr.yggdrasil.li.key.pem";
+ networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"];
+ mapFilesRun = {
+ "relay_ccert" = { text = ""; };
+ "sni" = { text = ''
+ bouncy.email /run/credentials/postfix.service/bouncy.email.sni.pem
+ mailin.bouncy.email /run/credentials/postfix.service/mailin.bouncy.email.sni.pem
+ mailsub.bouncy.email /run/credentials/postfix.service/mailsub.bouncy.email.sni.pem
+ .bouncy.email /run/credentials/postfix.service/bouncy.email.sni.pem
+ '';};
+ "esmtp_access" = { type = "cidr"; text = ''
+ # Allow DSN requests from local subnet only
+ 192.168.0.0/16 silent-discard
+ 172.16.0.0/12 silent-discard
+ 10.0.0.0/8 silent-discard
+ 0.0.0.0/0 silent-discard, dsn
+ fd00::/8 silent-discard
+ ::/0 silent-discard, dsn
+ '';};
+ };
+ config = {
+ #the dh params
+ smtpd_tls_dh1024_param_file = toString config.security.dhparams.params."postfix-1024".path;
+ smtpd_tls_dh512_param_file = toString config.security.dhparams.params."postfix-512".path;
+ #enable ECDH
+ smtpd_tls_eecdh_grade = "strong";
+ #enabled SSL protocols, don't allow SSLv2 and SSLv3
+ smtpd_tls_protocols = ["!SSLv2" "!SSLv3" "!TLSv1" "!TLSv1.1" "!TLSv1.2"];
+ smtpd_tls_mandatory_protocols = ["!SSLv2" "!SSLv3" "!TLSv1" "!TLSv1.1" "!TLSv1.2"];
+ #allowed ciphers for smtpd_tls_security_level=encrypt
+ smtpd_tls_mandatory_ciphers = "high";
+ #allowed ciphers for smtpd_tls_security_level=may
+ #smtpd_tls_ciphers = high
+ #enforce the server cipher preference
+ tls_preempt_cipherlist = true;
+ #disable following ciphers for smtpd_tls_security_level=encrypt
+ smtpd_tls_mandatory_exclude_ciphers = ["aNULL" "MD5" "DES" "ADH" "RC4" "PSD" "SRP" "3DES" "eNULL"];
+ #disable following ciphers for smtpd_tls_security_level=may
+ smtpd_tls_exclude_ciphers = ["aNULL" "MD5" "DES" "ADH" "RC4" "PSD" "SRP" "3DES" "eNULL"];
+ #enable TLS logging to see the ciphers for inbound connections
+ smtpd_tls_loglevel = "1";
+ #enable TLS logging to see the ciphers for outbound connections
+ smtp_tls_loglevel = "1";
+
+ smtpd_tls_ask_ccert = true;
+ smtpd_tls_CAfile = toString ./ca/ca.crt;
+
+ smtp_tls_security_level = "dane";
+ smtp_dns_support_level = "dnssec";
+
+ tls_server_sni_maps = postfix_hash "sni";
+
+ local_recipient_maps = "";
+
+ # 10 GiB
+ message_size_limit = "10737418240";
+ # 10 GiB
+ mailbox_size_limit = "10737418240";
+
+ smtpd_delay_reject = true;
+ smtpd_helo_required = true;
+ smtpd_helo_restrictions = "permit";
+
+ smtpd_recipient_restrictions = [
+ "reject_unauth_pipelining"
+ "reject_non_fqdn_recipient"
+ "reject_unknown_recipient_domain"
+ "permit_mynetworks"
+ "check_ccert_access ${postfix_hash "relay_ccert"}"
+ "reject_non_fqdn_helo_hostname"
+ "reject_invalid_helo_hostname"
+ "reject_unauth_destination"
+ "reject_unknown_recipient_domain"
+ "reject_unverified_recipient"
+ ];
+
+ smtpd_relay_restrictions = [
+ "permit_mynetworks"
+ "check_ccert_access ${postfix_hash "relay_ccert"}"
+ "reject_unauth_destination"
+ ];
+
+ propagate_unmatched_extensions = ["canonical" "virtual" "alias"];
+ smtpd_authorized_verp_clients = "$authorized_verp_clients";
+ authorized_verp_clients = "$mynetworks";
+
+ milter_default_action = "accept";
+ smtpd_milters = [config.services.opendkim.socket];
+ non_smtpd_milters = [config.services.opendkim.socket];
+
+ alias_maps = "";
+
+ queue_run_delay = "10s";
+ minimal_backoff_time = "1m";
+ maximal_backoff_time = "10m";
+ maximal_queue_lifetime = "100m";
+ bounce_queue_lifetime = "20m";
+
+ smtpd_discard_ehlo_keyword_address_maps = postfix_map "cidr" "esmtp_access";
+
+ sender_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.forwardPort}";
+ sender_canonical_classes = "envelope_sender";
+ recipient_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.reversePort}";
+ recipient_canonical_classes = ["envelope_recipient" "header_recipient"];
+ };
+ masterConfig = {
+ smtps = {
+ type = "inet";
+ command = "smtpd";
+ args = [
+ "-o" "smtpd_tls_wrappermode=yes"
+ "-o" "smtpd_tls_req_ccert=yes"
+ "-o" "smtpd_client_restrictions=permit_tls_all_clientcerts,reject"
+ "-o" "smtpd_recipient_restrictions=reject_unauth_pipelining,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_tls_all_clientcerts,reject"
+ ];
+ };
+ };
+ };
+
+ services.postsrsd = {
+ enable = true;
+ domain = "srs.surtr.yggdrasil.li";
+ separator = "+";
+ excludeDomains = [ "surtr.yggdrasil.li"
+ ".bouncy.email" "bouncy.email"
+ ];
+ };
+
+ services.opendkim = {
+ enable = true;
+ # user = "postfix"; group = "postfix";
+ # socket = "local:/run/opendkim/opendkim.sock";
+ domains = ''csl:${concatStringsSep "," ["surtr.yggdrasil.li" "bouncy.email"]}'';
+ selector = "surtr";
+ configFile = builtins.toFile "opendkim.conf" ''
+ Syslog true
+ MTACommand ${config.security.wrapperDir}/sendmail
+ LogResults true
+ '';
+ };
+
+ security.dhparams = {
+ params = {
+ "postfix-512".bits = 512;
+ "postfix-1024".bits = 2048;
+ };
+ };
+
+ security.acme.domains = let
+ mkSNI = ''
+ cat key.pem full.pem > sni.pem
+ '';
+ in {
+ "bouncy.email" = {
+ certCfg.postRun = mkSNI;
+ };
+ "mailin.bouncy.email" = {
+ certCfg.postRun = mkSNI;
+ };
+ "mailsub.bouncy.email" = {
+ certCfg.postRun = mkSNI;
+ };
+ "surtr.yggdrasil.li" = {};
+ };
+
+ systemd.services.postfix = {
+ preStart = concatStringsSep "\n" (mapAttrsToList (to: from: let
+ cont = {type, path, text}: assert !(isNull path && isNull text); let
+ path' = if isNull path then pkgs.writeText to text else path;
+ in ''
+ ln -sf ${path'} /run/postfix/maps/${to}
+ postmap ${type}:/run/postfix/maps/${to}
+ '';
+ in if builtins.isPath from then cont { path = from; } else cont from
+ ) config.services.postfix.mapFilesRun);
+
+ serviceConfig = {
+ RuntimeDirectory = ["postfix/maps"];
+ LoadCredential = [
+ "surtr.yggdrasil.li.key.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/key.pem"
+ "surtr.yggdrasil.li.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/fullchain.pem"
+ "bouncy.email.sni.pem:${config.security.acme.certs."bouncy.email".directory}/sni.pem"
+ "mailin.bouncy.email.sni.pem:${config.security.acme.certs."mailin.bouncy.email".directory}/sni.pem"
+ "mailsub.bouncy.email.sni.pem:${config.security.acme.certs."mailsub.bouncy.email".directory}/sni.pem"
+ ];
+ };
+ };
+ };
+}
diff --git a/hosts/surtr/tls/tsig_keys/imap.bouncy.email b/hosts/surtr/tls/tsig_keys/imap.bouncy.email
new file mode 100644
index 00000000..d3f86b23
--- /dev/null
+++ b/hosts/surtr/tls/tsig_keys/imap.bouncy.email
@@ -0,0 +1,26 @@
+{
+ "data": "ENC[AES256_GCM,data:V3upBG5uxBdr9mfEyRqJMhcPJ/zjLXACJObpjAm/zl8hPQMnLBID74+e6kap,iv:1qnlvtXKbSUGiMR5wE2XWM5L+COTzzaMlu0w8gPaiGA=,tag:xpMWaiuFAeKfhyYKdW+tmQ==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": null,
+ "lastmodified": "2022-05-05T11:44:35Z",
+ "mac": "ENC[AES256_GCM,data:C8C327hR+CdEZjqkQUoPNCXXmUbNSl2oHChLQuz0MOSvU0laN7rLcdJ2Mb/WodVgHdVNXtzAzLdOluXi5ikW6pZH4ZAkV1Dsr5E/WLR3TuSr0ULJx3+ZQnT6XJkzKn0MSS5/u/ctUpGoFki+xG2S4yQiGqArqXUktEF2XAROBSw=,iv:Sp22bqbXBBWX3wLWBqHuZaQ4ki3PNx7BFKb16uHHU7U=,tag:OxVOI2K0Tliven8sPXnzlw==,type:str]",
+ "pgp": [
+ {
+ "created_at": "2022-05-05T11:44:35Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAg+bD8OFCZiufY4QRUyLA3K0UMJS9rEbyE7vCExAazhUw\nYLPtQLtH3MFfS+HoDqrOtTy/1FadBbSBO8YC6bEeBpTksLpH5o3dqYCOPEzYWTKN\n0l4B66Bq+BgNuR+Ld4A+TdzNOfsmjIsEtVh2AKyfKFsg4+29MH5ImX11Wd4ek/5R\n1qD8evoz8DT+1sE2mX7gpGZj24x4A8CzhOPU/zQBaD7tf8omw6okERIi03jCpfml\n=C4Vt\n-----END PGP MESSAGE-----\n",
+ "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+ },
+ {
+ "created_at": "2022-05-05T11:44:35Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA2g2y4txmaQ1pjMKcRqwjqCSzdOeyxqgaO7hNzVzRvwgw\nXggd7yj7dSW+JZ1/SOmeMDR2aL28B6lB89q2IdGDORBaa8/m6mSSnP/aNiMtj71M\n0l4BgV6lelcYvGJfqb9TDZFZVsCYAiONBzhOjJ4y31H09BTFrFEnTOK+iipiqjti\nlM4ejpSuKPrSwx16+7B/Pa/OEMWfRWn7tIIoRC8rEdWKCm1utKLlOoqpR4OA+5mT\n=VcqH\n-----END PGP MESSAGE-----\n",
+ "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+ }
+ ],
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.2"
+ }
+}
\ No newline at end of file
diff --git a/hosts/surtr/tls/tsig_keys/mailin.bouncy.email b/hosts/surtr/tls/tsig_keys/mailin.bouncy.email
new file mode 100644
index 00000000..b7dbe8b9
--- /dev/null
+++ b/hosts/surtr/tls/tsig_keys/mailin.bouncy.email
@@ -0,0 +1,26 @@
+{
+ "data": "ENC[AES256_GCM,data:nvMkj1Mqz8/QCN2n1m4hMGDCMIM7OcX81yS4N3+ZsGWc/p6RtwogKp53ypd5,iv:UB70UEDF0znqZpA3Ov+EGQkH/ix0A6I6JwpHAFEcNqU=,tag:lJJ7AtVa35TJVdNIEPXu3Q==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": null,
+ "lastmodified": "2022-05-05T11:44:34Z",
+ "mac": "ENC[AES256_GCM,data:bIjM+KaKivOu3xy4+p+zXaQtzRGO5wQ/tZXCgEBA9TEjkTli+ypzUlaf8gtjPOED2nCie9+GX+6kKhopP+P28/PoIGVmTpMLtRgInpNh8/APlTN2TQoVyCld2zEJDi+Cqa+nMBispyQF06bB3UGeOdGnlZwgW2IlYH5wUcgGBng=,iv:SMJMogMoLmCFaBqMjgB2P+pVhC8JVZS3BzZyEjqhDM8=,tag:07SSpA0HP3oIpTzyUExr+Q==,type:str]",
+ "pgp": [
+ {
+ "created_at": "2022-05-05T11:44:33Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAfNwDDkgU3oYgQQzWu808G0xd8wwbDdRPzAvZpSW4ZUAw\nGKXrug34UAsJoCezXIArCbAXq8DGnsejkca90qS8JQAw94QxW/EVwjXXG1aUs2+2\n0l4B1WxA5Lt2/nQyeJjTOBcbTz07SPBlkdG5tZQEmJvoP33CTUUHNMQ9D1n3BFwZ\nOuWzFDBTXLqOzseL6PYCdjHMaU5fIll+GCIBufG9lZuqfP1YTyqLhgPLNpaO5kCX\n=4dC9\n-----END PGP MESSAGE-----\n",
+ "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+ },
+ {
+ "created_at": "2022-05-05T11:44:33Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdActPNakdiaMdVMhHlp0L77VgtR6x7NZmJ2RU1pKcqCnsw\n4hJbSauDdaUXirG6ircfJeKfwSOobdDjFmrVfkhpV2JKRc8XQyKm9nx8B3nHLPRb\n0l4BY8LfKmiH4lSocO/3thKurtZKOCmk5kfvCTVC96aWOFab6+YapJvRIqvgupap\nM+bRH+xEqS5rmooQBwsFFya5kykVVODiwAkh9dIV0EdGhqJgChjd+LHetch08iyw\n=KnpG\n-----END PGP MESSAGE-----\n",
+ "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+ }
+ ],
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.2"
+ }
+}
\ No newline at end of file
diff --git a/hosts/surtr/tls/tsig_keys/mailsub.bouncy.email b/hosts/surtr/tls/tsig_keys/mailsub.bouncy.email
new file mode 100644
index 00000000..ec2fa339
--- /dev/null
+++ b/hosts/surtr/tls/tsig_keys/mailsub.bouncy.email
@@ -0,0 +1,26 @@
+{
+ "data": "ENC[AES256_GCM,data:tJbGR8t8/CWyY8TnOtY+5Na+RuphkrMqm1qYnuF40AH84mjyVELH2Jskx5Cx,iv:i8uEr7cltXRubU7vXr+NSL4qnCbN/foyjobM9XyhiN8=,tag:zDpagteTiEpq29pN9byWOg==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": null,
+ "lastmodified": "2022-05-05T11:44:34Z",
+ "mac": "ENC[AES256_GCM,data:4RGSNI/aLfDMTH2r95uo+5bYNj1oIaKTSIuLu+a9jnihnoJgh1BIpi6q7ayTV25J31WvpqUdYtHmAqp0cgsgPnxleCA0rmL4KupMPPTx4RNmMDzPfHb+mez6iFwepkLpPSqLMs2hPvc9PuSJDY7r7gkGvRfxqT5U+1+d2m/31LM=,iv:5fEkvnz9HzUAV/Nxd0Y0OYUdNiqEkMwPkgQ+wA5u6nE=,tag:/LyrsMWedbpLOifj0/k9Ug==,type:str]",
+ "pgp": [
+ {
+ "created_at": "2022-05-05T11:44:34Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAwar8wbCJkkIsCWa4ADR82XxMQ9uywWi+1kOv0Hz3cSAw\nk4KuWWFjXhuRPGN+ueRrWaZbL2035RL9qjz6AzTf7dYd06q9uY/StQ4iwFGTrSWk\n0l4BSx9tzJ17BfrmDc8gHi7iJJzVWrSQS2BEkjQBvOqOz1RUFnyboe/whdBe3GLD\nTKN0tMUts9wliS2w1qtMrZJhHS4vNRICKlNcmVlShH42En4T9hlcIjwcdeX3Abjb\n=0DrA\n-----END PGP MESSAGE-----\n",
+ "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+ },
+ {
+ "created_at": "2022-05-05T11:44:34Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAkd4osWJcn0o+iwi+92bCRf5PvZ++tKLOgUmzZ6AUIQ8w\nRRLkK9U03T6UFMeWvBv5oHLJIgtaseqQJ7P8YG3fhFFdKYkjpoFSvz0ofcdPpORE\n0l4BqBwoLFoVNF9vmjdm7Ggb3JeSRlp5dvn4ihppN5sMOVNMP9iVjFGZr4lHO6m3\n0sInfK2Gz1HZ+u74RaR+urMzr5kfD5ZAFymE93Ae9QASBBj98qM462w6vT2izVgV\n=ZDDP\n-----END PGP MESSAGE-----\n",
+ "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+ }
+ ],
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.2"
+ }
+}
\ No newline at end of file
diff --git a/hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li b/hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li
new file mode 100644
index 00000000..6b3648e0
--- /dev/null
+++ b/hosts/surtr/tls/tsig_keys/surtr.yggdrasil.li
@@ -0,0 +1,26 @@
+{
+ "data": "ENC[AES256_GCM,data:OJbgB/u+4bo4mKVUGuULGeObTMsd83l1Q6nFiWAT5CN+jrX78g+iVR5QotOt,iv:Zoyn2dGBrXrAnKtGGW/r8WJDfbILOczQGQLgRlc0Xts=,tag:x5wrx92umguadfj6ARfsGg==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": null,
+ "lastmodified": "2022-05-05T11:44:33Z",
+ "mac": "ENC[AES256_GCM,data:LffMGjgzNp1gQQPBF+hUDh1YvgZqRYnS5521s0P1I0/1QlXj/iLYhNwIaTdBxYWFoeBcmvdkOXJV4YcTNqCmw8XaV9bNfezQTRlbskvAKZ1NPU6RRx6horWpguSWONnCMoFk5eaqeQA2Nr5rJ4kn8MSo46TMmHfR9Aj0fctuY1Q=,iv:E6Hu/jyY8WV+lm1AzRHVhI2Mdj2vDDwZcdR+KhM6gkc=,tag:I3F4gAQ3Eo86KL3fdeBz3g==,type:str]",
+ "pgp": [
+ {
+ "created_at": "2022-05-05T11:44:33Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA37udf4bGP58tefZPCe6GXJMyu+cCzmVwUh0Y78MZ4BEw\nC0kHrjRb/2EZHrWPiFrEuTipIw3GVe5THmQfQwA6AJnmYtIZywCB07SFF+myS1Qz\n0l4BY2H6MsZEhPUxEK/ek83XMzLdcm0uLbIoEZFjL6lM47v3C8/MipxE2+zqzzUr\n7KWtpZekshX3kc5Qgj+Brs+X+Vz35PheGgHs6mX1rOFbHGxcOcNlu1UK3n8p3W9i\n=B4Qz\n-----END PGP MESSAGE-----\n",
+ "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+ },
+ {
+ "created_at": "2022-05-05T11:44:33Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdALq2tsHKjoVkxuF2LubirDKj1mXBL8D9gEtBAgUL+e1Ew\nCircY5+tjUj067L94tbr59tyqVdbXhEXZWfk+yqarIErIlwW7VKYM4RMc+0ePUjA\n0l4BYQIILqERGv4uJG7nZhDVu4YMatMR9ALgED47OhXwjnVG40Ncwt669YpRqmcF\nlxCgqbcBcCc1MfRn+C7Q7hYmruqc9cIBRYlssZmMC10CCETRASxTgeNcDve24AVo\n=z5ML\n-----END PGP MESSAGE-----\n",
+ "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+ }
+ ],
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.2"
+ }
+}
\ No newline at end of file
--
cgit v1.2.3