From c365970cdfc540a933ae3a13fceec4d240b58e54 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 25 Dec 2023 00:03:23 +0100 Subject: [PATCH] WIP: router0-dmz0: snapshot with working VLAN assignment for WPA-PSK --- nix/os/devices/router0-dmz0/configuration.nix | 87 +++++++++++-------- secrets/router0-dmz0/secrets.yaml | 8 +- 2 files changed, 57 insertions(+), 38 deletions(-) diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 71d3873..b1d1fa0 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -30,17 +30,29 @@ name = "internal"; packet_priority = 0; }; + vlans = { - "1".name = "dmz.${defaultVlan.name}"; - "1".packet_priority = 0; - "2".name = "iot.${defaultVlan.name}"; - "2".packet_priority = -10; - "3".name = "office.${defaultVlan.name}"; - "3".packet_priority = -5; - "4".name = "guests.${defaultVlan.name}"; + "1".name = "dmz"; + "1".packet_priority = -5; + + "2".name = "iot"; + "2".packet_priority = -5; + + "3".name = "office"; + "3".packet_priority = -10; + + "4".name = "guests"; "4".packet_priority = 10; + + "5".name = "smarties"; }; - getVlanDomain = { vlanid }: vlans."${toString vlanid}".name or defaultVlan.name; + getVlanDomain = { vlanid }: + if vlanid == 0 + then + defaultVlan.name + else + vlans."${toString vlanid}".name + "." + defaultVlan.name + ; in { imports = [ repoFlake.inputs.sops-nix.nixosModules.sops @@ -147,7 +159,10 @@ in { vlan.interfaces = builtins.map (vlanid: "br-vlan.${toString vlanid}") vlanRange; # lan.ipv4Addresses = ["192.168.0.0/16"]; wan.interfaces = ["wan" "lan0"]; - }; + } // + # TODO: generate a zone for each vlan + {} + ; rules = let ipv6IcmpTypes = [ "destination-unreachable" "echo-reply" "echo-request" @@ -373,49 +388,53 @@ in { ssid = "mlsia"; bssid = mkBssid 0; - # manually configure something close to wpa3-sae-transition - authentication.mode = "none"; - # authentication.saePasswordsFile = config.sops.secrets.wlan0_saePasswordsFile.path; + # authentication.mode = "wpa3-sae"; + authentication.mode = "wpa3-sae-transition"; + + authentication.wpaPskFile = config.sops.secrets.wlan0_wpaPskFile.path; + authentication.saePasswordsFile = config.sops.secrets.wlan0_saePasswordsFile.path; settings = { # bridge = "br-lan"; - logger_stdout_level= lib.mkForce 1; - logger_syslog_level= lib.mkForce 1; + # wpa_psk_file = config.sops.secrets.wlan0_wpaPskFile.path; + # not yet supported on hostapd 2.10 + # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; + + logger_stdout_level= lib.mkForce 0; + logger_syslog_level= lib.mkForce 0; # resources on vlan tagging # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd#dynamic_vlan_tagging # https://forum.openwrt.org/t/individual-per-passphrase-wifi-vlans-using-wpa-psk-file-no-radius-required/161696/4 + vlan_tagged_interface = "br-lan"; vlan_naming = 1; vlan_bridge = "br-vlan."; dynamic_vlan = 1; vlan_file = toString (pkgs.writeText "hostapd.vlan" '' + # Optional wildcard entry matching all VLAN IDs. The first # in the interface + # name will be replaced with the VLAN ID. The network interfaces are created + # (and removed) dynamically based on the use. + # see https://w1.fi/cgit/hostap/tree/hostapd/hostapd.vlan * wlan0.# ''); - wpa_psk_file = config.sops.secrets.wlan0_wpaPskFile.path; - sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; + wpa_key_mgmt = lib.mkForce (builtins.concatStringsSep " " [ + "WPA-PSK" - ieee80211w=1; - auth_algs = 3; - sae_require_mfp = 0; - sae_groups = "19 20 21"; - wpa = 2; - wpa_key_mgmt = "WPA-PSK WPA-PSK-SHA256 SAE"; + # TODO: the printer can't connect when this is on + # "WPA-PSK-SHA256" - # worked above here - # testing below here - - # ieee80211w = 2; + # unfortunately SAE doesn't support VLAN passwords in the way i'd like to use them + # "SAE" + ]); # IEEE 802.11i (authentication) related configuration # Encrypt management frames to protect against deauthentication and similar attacks - # ieee80211w = mkDefault 1; - # sae_require_mfp = mkDefault 1; - - # sae_require_mfp = 1; - # sae_groups = "19 20 21"; + ieee80211w = 1; + sae_require_mfp = 1; + sae_groups = "19 20 21"; }; }; @@ -565,7 +584,7 @@ in { (vlanid: mkDhcpRange { tag = mkIfName {inherit vlanid;}; inherit vlanid; } ) - vlanRange + vlanRangeWith0 ; # interface = "br-lan"; @@ -585,7 +604,7 @@ in { # upstream DNS servers "9.9.9.9" "8.8.8.8" "1.1.1.1" ] ++ builtins.map - (vlanid: "/${nodeName}.${getVlanDomain {inherit vlanid;}}/") + (vlanid: "/${getVlanDomain {inherit vlanid;}}/") vlanRangeWith0 ; @@ -601,7 +620,7 @@ in { ; dhcp-option-force = builtins.map - (vlanid: "option:domain-search,${getVlanDomain{inherit vlanid;}}") + (vlanid: "${mkIfName {inherit vlanid;}},option:domain-search,${getVlanDomain{inherit vlanid;}}") vlanRangeWith0 ; diff --git a/secrets/router0-dmz0/secrets.yaml b/secrets/router0-dmz0/secrets.yaml index ade560c..911924f 100644 --- a/secrets/router0-dmz0/secrets.yaml +++ b/secrets/router0-dmz0/secrets.yaml @@ -4,8 +4,8 @@ ssh_host_ed25519_key: ENC[AES256_GCM,data:XQjTqNADLhisxPBIJ7x0bs3qgQk0u4q9HKSDuk ssh_host_ed25519_key_pub: ENC[AES256_GCM,data:MQ0q/I6clKNz6uzoztGA06vOjIbpK6Dsf3WbgddRA0B8nEJ4EUmRBT0KkX3o+LZmQPhmURHWWFtOSqvAzkyoxAoBZEh98H3IDsLE5PgcNbxK3dAh36+AAMPLzVFnHLyaWLQW,iv:9XIw29PkSHCeU7C2GuSJ+J+mBrwOrbSMmm7kOtCkiyI=,tag:x3JqFF08f2eVfOrrQ1gzYw==,type:str] ssh_host_rsa_key: ENC[AES256_GCM,data:tFGQ77X5Y1TRR2F0EJ4hmauE9ABILP6V0CSmzb1QLaH6VlhriXSE1UQcQ2Rc73CR7+JLjLbggL7RKpkA8gJQq/ubhiXHJokBEo6rfBXETVepv0HlyX5UvzWhi6iKBE5YsYyyBI1VWDcx+oTR8+daqnKwbbqPeDUpC2coT3S9svEsKXeb3YOMxJ9X/Rvh96UtMmlk7WeZa2JvOP3k62HROVo8QRYXeQWTO87TCzVdU7OWnbRIuC6bu+32Uy70AsIu39fazX7WqIUxaeO/oNHsay0/TBXKNu2El0JRG8tHCHdXe1tahniGbGH5xeEZmgLTOjHntw5UIdxZbgvcbxmt9seDXUxjhhEMS8eHWaxnRDSI7n2KOb/3UaBQ3BHnYpuRjW++uFBgRHxxANlYfpfEdz/LNexdPb9+QCw80r38uZxP8yD5/PxFV/Y+gSX+WnNE0YQnBDtHFjKhHpqpm2P4Ek3hLzjXh6CPzUZru6LAO/FklcLCGaq94fDC5wW3K0x1UvyfMjBwwyeSymcV95YcZu8Ty280jRhG8l719KkEJjnBdnB25PQ5gEwc34dG5xH5HwVUDPIM9v9m+cXtldUIk3BH4PiTEI1aZsZx50BtBhxybAxhTqNElrP+/2W73muTSQboDIB1Xb2NhArLB6XnnVhVUD/Pg/9wiDUY0mYyr0eIp9AmBfSmSIDjFyVUB9o+gv/B+LpxwxPKmsPt3MRKWoZw+bIGTI82UqBv0eX6Xqq71H4DYFnJ3J+n+Jzp5ww5mSPPHffZZFSBbZSpTk8El4L5II/hyyxk7yJopt19AAsw+UgLJDO31XnyiGAEbbDdwjuCWQMmuzKJ6H7c7UGDXLO92jAlXwEWT5fwzG6Wvu5+n/OToz3CN1Cv40uwVb/fOqmzep9hoOrXeuzmnGULfGmwItjuJoMkfmPUq8obAuj5ml0YduU2eLbe15OlD2Vg2I+BH0WuCPYnnCrLyX8ixhJEuGGDkhGhaKMHaMjNuMOGmDQ6oRCVU8BA/zDgnF/GrcHgIe742Yh68PyaH2j+iX6/5YvUB+R1sDnrgfXlgET1V+nny+fD4GBnP+RKYtdGG0P4y3AYlACQE9sJ6Nkb8CTVb2Va6L3rXzeyJG2FtYkUKxxwDUv/KyieclHiJpdawunOLVkmI6p/iaZIThrdGA5p7b01/WOyJFA9aI3oU2f2rMYBLGHYirrRs3WtS7ExhKriHpgax574UIcW0mecFto9dHkGlBOTQy+Zp1GARnePXKZcyKm2qhTIjw0ho/DUe3+t1knbR6WJCwl1LDtfpPD2KPDDH+HpHm3EoiA1mDSp6lYMVxwBr2eBmFPKuPkkAL/3Bf6SKlEp1UCDee7BPlzS9kwmIEt/EuIohbMDdyaHtulW31Hdrsai8fCxc7AAzgsmoMBp2Smwoe3C8K5K8RaNp6v4boY8WBH3rLjAFTmOPB7TiZfplQjV8triZS3JFopNjvCglfZSXxSs+RjZUgSgL/1fFLT2m0Mp1XPMvGZlD73TzJ5RH5WWlxliaau42Q4vXRFUK+ZFx0SvwOO5xZvRNtAOfipEoqscKOopV+HHl74DJEk/xLibWJmkEBqoVbf1BFDUAiRSSb/0RdfCAGaj1mqV68szVtLt3jB1AJm9iu9RNU047HHQeOi++8g6lOpHmhsksfQLAucLVtLTrXpHDEAugDbSXrwPkhWa2Ej+Iva1p2vteIExcT+8h3WiXkamDBZALpJcLkDSazgAmmrB+6u6odsyin9Z5zB55EN2iz24nGNgyylt9FehC4/2SNHMX42hZ/JPQw51+vZQLoLQv+oOJAVXGBHeDy3kDl60fL6Fr5jZ0YOfO+rFGk4bDpXYjq27ahLv763tVs8SrgMseNWNWTakZUAXuYPbP3GBFEjTPHM4216WABj2cC3zSmrnbEyNRMWTdsm46ASZvhZo4wO8eTrndvy44Q2UKOFOh1sYCY4jjCWCI74pEV3rRcBJASuUipep65ZwXOlFOXu7uiaG01/KWofn4JzzrlX3MfhKsUBaEDTUXwDGw0RAEHQXb3rvfiIjCQBcpy8kM1fBR97K5LFJzZ2/qf2bPGs0yxma1O0Z6TT/2Uk2n62jK2xIM7gvTjPOVDP2etHKVxMpMjhTAbRj4K3568HZM/POBC5AORLAtBAo14CNxRMN8f05Gs13wn9ZI+pqiaOpTTnfH1xL9fd/6I03utzMKnoR8IVhrQLDLT6OAIkdeJX8s99R/J/nTOApk3XACWqjmMTcWtwt6g3x2iTk/1jTTn70rYVr8JLHHCt+bd5H/eDUiq9HpG1oFEZPXuvgATOovru0YVtmVx+yea0jWpJOsK+/SZjYAfvAKh0ZNr8dKHug/gGEpp6SfFBI+c4ywR1kM83OUHLaI/dOU9rLeCKktB+UcvTPoLhHLbTAlTrizeRmYY16Z1a+47LvwX944js3TZZkxqylz73cekWidYiiLNbiHwACftOK/GwZCG0WrVfcSi6pJYDgPgbcqFohaKI7ltKZgTlHGT1mZr1IH1RnauZmN/MkBEKVHO3E/PFgKkWNcXQi4uV2P3j8aHHc0RJrxx7qAFFXCYEwu02pv9nmul/HClLMmDYHDY1lHZvIIyPcsmr1ZkCFRV4UtnZRtXhHNAZCGFRX+y5HQXnubjPmV5I2R/gcLLi//2vIE6V2i8SpEJZlVweLpjRYwb6H6xFTuvHN+9Y5pd3rFx2BapR0AzYdOXUVqKF5ewrfE/1iitsEeDJj8OqmNzpmLBrnROnPyPh/+KGWBG5Nm4QKVMhP7XN1F+Fr7sTxw1ignXsfSwH8v/ELMzxVLu3ijWxvmk3/eOsrKYB/x3h6I1SFWZUoTjVPAmlNAnYl90Xf+FMPiII11+zrYwsJbCh25gmSvtKR+hmoTxXbJ2w5E2cFoVHMBOmS8Uo8L0BDOUzUE64cPl/v119BafVUOohLF1l3Ob19td+sMvqX8OHLGgB+/r6jKmUPnNNEzbDAogMydcVVjtPRIoDScw4ExxuxILN4/V+VulyAgU29OvFWS6+r5Y+bjqgqMg55Of0le3HUqt65qMuqiaUR5P/9WP+H666GsYTSg5I5gPJv0FF6tqXCWE9mpQ4sk2/BiWWaNeojxyhyH/cv4fbUmcee6K3+P+liXyFGGAWdBP5uGb+BzIfSaXVN3xEBPWAAe+BMkJrxbc6FSS12Wkh+bLM+NJH7XaoDl6+8LtF3bstsCoXvQgNlXHlbt4/aIIFEBShlYSQwLMDcey1VB4pu4SBv2HXwaX9zXPd+MGH77DeQU4yBkrElly51/68yzdSGpe6mNFy57Hc3UJBW1pNbds5Gxu+jFbQ6Phxvn38u9V8cphjxzgig0uZjkKHYx0EwFjBqmfrP0hQDnpcyg5QCPhnXOthmVL4jkJs3OrRHhoYRgbXpaVRMpVMLFeeSqcQABaRK5ibpB81WP8yCJPIMsbWW7sDTCiIyLq6qW5pKNq8/l3sq042+6bJgJ3CfDYdNKJCTF/09F5JKkpXeIxL4MGqvg5nOoyiahDQsUzMT3dwGg7IWqxQidcJ576XSBkR2qNwUrl6qq87JP+Zo3RJbA5bpPubm6sUonWE3hRGg4LWceVBO34J/wutWVt4W7dXnK5WVhJv8UHJcbgWR9dMpWkbeMpakqlRRLOTibztMFkx3xyIMmZS+cNyhRyatw+DwX/opuY+bl8X4yKgNOuW/w6r06r4MrL78MTjqZDQ4xkCSL3x3KWr2Tf4lAX6sdwKTzdBdzvFuLeuijngrvRYRyk/3jk/o4ujfHMdrergMjlP5Js7ICZSLhXHHOc2Hc5oPaBIx59r6FynA+W6ROmk5kVF2BNkRlP6/oV5Apn3MMUnDc4YjHaowt8UVkIHZOEL8hxymYDR4g9y1wOoIwKCorBQa5jsXH+AEop3hlsv4uqzrrcGGQhfQEW0Vb1fG4N0VAyWEodaw7wOY3XCrW7yHjIgRM3Is+juT7jMeACW+OQuvQHTS/9bc9n9sXjjVwsvoHROLxsXMFO9HablXaEKzFL1oGXpnavYf/MuZMwALsPish2Mmj9fONNMBo1yYy/j+8GzHCqByDS1ZPnlzPQD0ztGNwNfOOhNOqamqaE9GNHv92yQIf/KKGhnjFH/I9IlzA28eaaSVql/1vdhRAI2G1WxpgyQ1ryRPLYHA/Qw9OYrb+jIxHj9uqfohShgIqnv6TCXRmByfyU6Te3oqKLyezKj7tPCqv1la1ostycmE4msAs4EI7pe1OZcRulPkUJrZCPkvo+EYTw8AfGmwHFb5foQ4wk8pkjTvo1zHmjy0GjMAZpcmDHfyHAyoaED6DUKAHRBbMdSqQJWmzhHkzn5oRCR6UlWSyxRZ1wBIKn+T+kcn28XiLlJrJVK3n2CQkE1c3EfFemnimo0Yc9yNQZygfZjr2W2TnmtAZ5jHiMmv7E8CPxBQBd/pf29z/uAEwQIqVFSHxkVaVjHW5wlhfWwOuj0xZFly,iv:mXE8xpXFBYSJce9pg+g3OedMS9+ZHOHHwydCY0NbGRQ=,tag:cEqbUu9Y1PFKXwaeqioXWA==,type:str] ssh_host_rsa_key_pub: ENC[AES256_GCM,data:N60bGf/6KNRhVUq1EIbPVo3aBDDKEpMBr5+Gt3+FMPt3uQEaKk8jBg5mOdxWMTPoLg1ZP/Pme8afoM+Skc0b50WnpErF3Ox1w+4eM0oMJYOhIvHLGURNM3Dba5MgA7YfhPdTsVdjD2yks2vYqhdtEvzTTgCJbFimVJlp+wDqE6czPgMjD03c7oJDtv38OBtc1vRMzVw3cIuyxz2yNnXQxiMgTR6pZN7+Brami2dfXOHEVgymmlU5PRE8Ykerq2fB36N5uqu4/xSPaHaM+/f2OA/TLlYYB+sGMDExZfbO/vsiRBLvTY/f4KG2mEkmH+IFH1bk6UF47xTFEe8tHN/TlLo+9OmjZTph221ZYnOsIqBY+F822ctZEe8Ikz9Ti4F1ApvxxRcWHajbgQnDJdDiHJvt3OHal4rNBtYwxxV/MDZtvKSVxmFwgx7nwNP0oKhAigQkU7Mvp1q5p3dZsdbGCUeFm2S5/qIxWPfr7wg4xocLNSsLW1EpGo6A2RUXWIV+lPuZd9dNEjGC5zKKAgMI94is6MtMXgqlFqTcZuQ9hvhoVDcFhVSJylu8pzk9d/tKviwcd98jHAhdfGpnc9eJbtyBU6/HvxLzQpsbFjwa3LGirEdtgxRZn2nJx++0U6XuLcbGwjOVAhkde6g2vFv5hsC6KaZQcp4AFvMvEdJyrnb0b2TOeOD8zEljb8u2q/eexCRSjGpobEINwu5qV+tF9eHIJ1YFzhCSmmLGKXjc7bC8uv5ffl39JmAbUrffd18zqae+Xpijd+QzwF425NG9+PksAt+PPzt4SDgGfKBIpMNFxIb18oo88z4YDLuNzRy/HVF90JV0LlAxES4ZOxoWUjJPrR6dGxNRANYOyFGmoN+yG3B9kd1NRGRNGh5P9EtZBxlPIi24djzF1n4GQSW1NFDgoGcxaXhk0PlpPxwuHK0X9FkFDDzQUYNBhx7py+hev5rBUCs7Yhj5xgcM88fdLRZi8MulNws=,iv:8c3hDcJ8wzTugmJ3Mhzx/qEXnnlpFefBmRTG/MqyeEg=,tag:uSz6+CYu9uQa0C2DXnHPUA==,type:str] -wlan0_saePasswordsFile: ENC[AES256_GCM,data:Lq81rCQNUmrZi047UxvFI+Sg6YfBzPaTkK23FTwyfEtMIgHlAtY7lrW7lqR1iDEafOlK0uX8dUkQXRZzjuIbhP3UP/WYUtZ/RxoQdoQI9HAFXBG8g3RgD3OsW/3RY6VLkNFD5p3PST8wGpO1iXZzjJC8UH9WeAg3CcKdtPK+,iv:5rcrcVsbYaDhUTseIIDIC6oFEonCFkx9kYsA5DhMu8I=,tag:QQ3jX6kPiAd9IJfS7TkuvA==,type:str] -wlan0_wpaPskFile: ENC[AES256_GCM,data:rgPROqPL6wd4RacWU1loCG6v0h4Rh30sWdVuDKu72byzh1wyufP5+hNdJkw4zb69IdVmQGRekt9HGX6sQ4DlZz2MrDTYPH1dj+IXpJEHxCPM07a2rwCm+X9mgEkOkr2NURXVVaf9H7EpVnyXYvcNYmAVn9ZwC7rbYS3Xg7Y5OzMOQ7zabtw/8C1EZiJ9hZAzN8jyE1Gu9bgWSaRqGjLI08zbh6UqiNiTTcZhH5Wr2Z3sIfqlr6QJoQp+rAD2yQm6qefOJZWM+1ZlPtv1VCW8AN6oGKiVVdlK,iv:jEnkYarguNECjO2cTjSSgshJMszCuRAjqLQpDzXyTxs=,tag:Rx1wR3L3LCErHMud9goY5g==,type:str] +wlan0_saePasswordsFile: ENC[AES256_GCM,data:p0M99C2Q6UrLzp5XZ/AvPpukzgaiZqFIWbIRGFFOOKygVt5r2zk4SZ6vCvoZQ0AfdlL+R6xsKZ4V6u9CZJsmHGgWewoTbszi4AGhWrwoFjhrWb+LWMBGZI7lOWjGclR0BoDgRYTtVDQDiLqUWjxQJBX7cgG2vf4V/ajnokRClNe1bRPN4fzaQskb,iv:g8m1SKRSAumXAQdFL6PlUeq2YWjl3LGDDv6nq9aA0yk=,tag:ODCqjfB2kEepcaJEzVEYFA==,type:str] +wlan0_wpaPskFile: ENC[AES256_GCM,data:TnQ794CQ8jEBT7BTynPpU0S1VpT2oS2rgKmaxfkW7v3mhV4ijgnsypixkCD6GmQdAL0vsKFq0tu76TqeqcpJ1tWTGdfg3UtTmZ/ARFu2y3jYVNhmFziBpYlOAd2e/oo0DpXhYUVZN3TvALF1dJ7aGt8XQewTaIYQBL04aietPXPHzPvecOLwNhnxMer6BAZG0HC/wpuwmmQ0CsR7Wbw/6Efn25oGXvITbndVbZoyC85bsckptYTSQmORKZH0Ew==,iv:UzOFbHZT37uDfaLVmOFGUG/Pv3kmq3pZLaZ0mkBCUQc=,tag:oq+dZefYEPneXiNeXVgHSw==,type:str] sops: kms: [] gcp_kms: [] @@ -21,8 +21,8 @@ sops: THRNR0tEUzhPdFFhWWxvZlpKYmZKM2MKxc5s1jsci8jPOrvZAoofVNvHT4o9P6yv J8rALQQXgql6obK51Q/Doyzvo1RJ0T7epiWEAZm5B3vDrf6KqbWBYw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-24T18:56:12Z" - mac: ENC[AES256_GCM,data:PF4gJL0u0vbU5o79IYWByWo4bZgZ7qWw/+mJN+YNzG4Jti+2D7gwKOs9edCHUuSti8iVov1RciretQHfkis5JDydykjb03uMaV8r6lVCmB8i/JARHEr5Amq0wld30qHaCtCayTTWQNA05jdzZB4a2dSIAqJh/R5YTaJ7HY+eZ38=,iv:3ZEFA4YR5BfcOlA+0Zevk7MaLJN0zPbfLOP2Ci/I3bg=,tag:vLhoKPTNIE7U2VcGiH964Q==,type:str] + lastmodified: "2023-12-24T22:39:23Z" + mac: ENC[AES256_GCM,data:eNbO9GqcrcKg3qAMZDkOOcihUhWeXWCUHrbdiIIKomdp8hZdou6He1Dd5hPZJMrwuTfiYx9NcuRph/XXXYEMLIfRhb2Kw2LoKW4e/gZDj6rFSnRx/kqg/+oZLnnsZWnNYEhQTOEknpYNsjoBd1YOHqj9EvdABLCELvB9KfL7DnQ=,iv:bXlTOq1qeFldVH9dBotUoxHDNh/pG6eJOzS2SBI2R8s=,tag:foDEWwGMiYXpS6LiRual5w==,type:str] pgp: - created_at: "2023-08-11T16:15:11Z" enc: |-