From 9838069c4cf13b1e499060b31e9d77e544d9afd6 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 9 Feb 2025 00:23:12 +0100 Subject: [PATCH] Enable Authelia auth for Hedgedoc --- modules/authelia.nix | 18 +++++++++++++++++- modules/freshrss.nix | 4 ++-- modules/hedgedoc.nix | 13 +++++++++++++ modules/traefik.nix | 1 + secrets.yml | 17 ++++++++++++----- 5 files changed, 45 insertions(+), 8 deletions(-) diff --git a/modules/authelia.nix b/modules/authelia.nix index ae51e5d..f092bf8 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -63,6 +63,10 @@ key = "freshrss_client_secret"; path = "freshrss_client_secret"; } + { + key = "hedgedoc_client_secret"; + path = "hedgedoc_client_secret"; + } ]; configMap = { @@ -94,6 +98,17 @@ token_endpoint_auth_method = "client_secret_basic"; consent_mode = "implicit"; } + { + client_id = "ZZI33JnLIuGk58HPkN_YEfETxNTz-1Mq--YPu9Sa6Y39BwykY0GDmxBVn1w9X70fIHT09xHq"; + client_name = "HedgeDoc"; + client_secret.path = "/secrets/authelia/hedgedoc_client_secret"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = ["https://md.kun.is/auth/oauth2/callback"]; + scopes = ["openid" "profile" "email" "groups"]; + userinfo_signed_response_alg = "none"; + token_endpoint_auth_method = "client_secret_post"; + } ]; }; @@ -186,7 +201,8 @@ oidc_hmac_secret = "ref+sops://secrets.yml#/authelia/oidc/hmac_secret"; oidc_jwk_rs256_private = "ref+sops://secrets.yml#/authelia/oidc/jwk_rs256/private"; oidc_jwk_rs256_public = "ref+sops://secrets.yml#/authelia/oidc/jwk_rs256/public"; - freshrss_client_secret = "ref+sops://secrets.yml#/authelia/oidc/freshrss_client_secret"; + freshrss_client_secret = "ref+sops://secrets.yml#/freshrss/oidc/client_secret/digest"; + hedgedoc_client_secret = "ref+sops://secrets.yml#/hedgedoc/oidc/client_secret/digest"; }; }; }; diff --git a/modules/freshrss.nix b/modules/freshrss.nix index 849f438..347bb9e 100644 --- a/modules/freshrss.nix +++ b/modules/freshrss.nix @@ -39,8 +39,8 @@ OIDC_ENABLED.value = "1"; OIDC_PROVIDER_METADATA_URL.value = "https://auth.kun.is/.well-known/openid-configuration"; OIDC_CLIENT_ID.value = "HDp48U5TaX-3gWKNEfHx5ea2C7gfaQm-OsSWREq4WTzln56IBGy.rT61lq9rF-LTZFlWOd44"; - OIDC_CLIENT_SECRET.value = "ref+sops://secrets.yml#/authelia/oidc/freshrss_client_secret"; - OIDC_CLIENT_CRYPTO_KEY.value = "ref+sops://secrets.yml#/freshrss/oidc_crypto_key"; + OIDC_CLIENT_SECRET.value = "ref+sops://secrets.yml#/freshrss/oidc/client_secret/password"; + OIDC_CLIENT_CRYPTO_KEY.value = "ref+sops://secrets.yml#/freshrss/oidc/crypto_key"; OIDC_REMOTE_USER_CLAIM.value = "preferred_username"; OIDC_SCOPES.value = "openid groups email profile"; OIDC_X_FORWARDED_HEADERS.value = "X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto"; diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix index d41b200..868c684 100644 --- a/modules/hedgedoc.nix +++ b/modules/hedgedoc.nix @@ -54,6 +54,19 @@ CMD_PROTOCOL_USESSL.value = "true"; CMD_CSP_ENABLE.value = "false"; + CMD_OAUTH2_PROVIDERNAME.value = "Authelia"; + CMD_OAUTH2_AUTHORIZATION_URL.value = "https://auth.kun.is/api/oidc/authorization"; + CMD_OAUTH2_TOKEN_URL.value = "https://auth.kun.is/api/oidc/token"; + CMD_OAUTH2_USER_PROFILE_URL.value = "https://auth.kun.is/api/oidc/userinfo"; + CMD_OAUTH2_CLIENT_ID.value = "ZZI33JnLIuGk58HPkN_YEfETxNTz-1Mq--YPu9Sa6Y39BwykY0GDmxBVn1w9X70fIHT09xHq"; + CMD_OAUTH2_CLIENT_SECRET.value = "ref+sops://secrets.yml#/hedgedoc/oidc/client_secret/password"; + CMD_OAUTH2_SCOPE.value = "openid email profile groups"; + CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR.value = "preferred_username"; + CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR.value = "name"; + CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR.value = "email"; + CMD_OAUTH2_ROLES_CLAIM.value = "groups"; + CMD_OAUTH2_ACCESS_ROLE.value = "hedgedoc"; + CMD_DB_URL.valueFrom.secretKeyRef = { name = "hedgedoc"; key = "databaseURL"; diff --git a/modules/traefik.nix b/modules/traefik.nix index e4e1c09..48a8899 100644 --- a/modules/traefik.nix +++ b/modules/traefik.nix @@ -70,6 +70,7 @@ spec.forwardAuth = { address = "http://authelia.authelia.svc.cluster.local/api/authz/forward-auth"; + authResponseHeaders = [ "Remote-User" "Remote-Groups" diff --git a/secrets.yml b/secrets.yml index b3830ac..02f9c79 100644 --- a/secrets.yml +++ b/secrets.yml @@ -1,12 +1,20 @@ freshrss: password: ENC[AES256_GCM,data:ECDPrW+VgO8PY9p2fLIreRETNiRL5ZGnu/PMC7aNj8KaWfyNYL+l3w==,iv:srR/r1EtOpC/CKKrCDKcTLVdMFPAYIJIB1CCg8mS0UU=,tag:YN4PqR5uvPkVskpJWD+91g==,type:str] - oidc_crypto_key: ENC[AES256_GCM,data:+RX1P6PmMuyBeSFlwAChM9tX/JMda4DrQ7JH7Z+tbzXRuRb4nTMR6G7cINeQFah4W30VwdxBqbpRsCdfjR1FrkcwsG1ioDRpuma5VTaHp3TyLZvBWZ/BCi7G+d89qJmymaPGclES2j9YHWRobr7jcFIuiJD/t3jQ/T8iwt72jiY=,iv:lawZnDO7JH2P3jViaFzVzJZFp0e/Ym4/169AsvHg2+0=,tag:SO33RifFpLRXqXFpLQczjw==,type:str] + oidc: + client_secret: + password: ENC[AES256_GCM,data:wlMJwiqCxUFqSVRGZvVkMtcRHW+r74EwpMtIAD499qnmJADsK1jPFsLuAODZ4QsklxWdWDqfNsk7T5FMZ+e61947fEp+QzGC,iv:qDEjlk5sywrMEIXQr8daVntYdTQ5M3KrtCpIHIgLy4U=,tag:QWGI0zISqE6kDR5n3IxQDg==,type:str] + digest: ENC[AES256_GCM,data:8uw5mg6VIERkb96FiJ7CuutUqWfcFk9qDA8w+8e8DBWRlegrfmvHKyg6tfUP6JKc6I1OkzuPMiSHweNJghMY5oH0eJWxU9F9YCtxjW3iJINUYF3tq2phO1kk3LEbjdnmglFMajHz2c8d4NkQ6iAfWziOaTieCN88yvnAACYnBBiU/yA=,iv:rQMDRDavPSHA8rcfJ/iijsMhGFYfcrQfOv6JF4iPbMA=,tag:tDM3+NquRN0Y6Kq9yyTSYA==,type:str] + crypto_key: ENC[AES256_GCM,data:AKEX6F1rAwapjvzz5JSyBbvDxSl4vjeOIKzH13/CMK1QGT5AzhEawpYb1j95/QVREt1M8bKulFpHHZIn8WuFZbdChgA/PMXssd5yznEMVY/qmymGqDOLe0CFv75zRG4c6RTuc0/U33Ez2tSi+DgKtLHpU9MZlgLFXIS4aCb0p0A=,iv:VhWgEzq8gqNDJPP/akmv6c/kuKHH4cv6yT9Mz47bTf4=,tag:b8DviZh9I5ZOFXpEFCU6GQ==,type:str] pihole: password: ENC[AES256_GCM,data:MA60825Tl6aYEFVoPgo8k5Vjb9zmIxtPLJriQV1B3P1bOKu1KK7vxQ==,iv:RGZHox8CbJiEEEjMo2k/tNbtjCPy/QY7vOuMN/YNZcg=,tag:yphrq03IKpXM/tSDBLeSgA==,type:str] hedgedoc: databaseURL: ENC[AES256_GCM,data:6+IV4TaClIGE1XVkUf7JwXzqx3EvWiIKFx9X5x7QKvQKC7bIieD1ADVeAMQmiQfibnH/YV5TgjNY8Ft+3eX881c3yD+2j7mM+O1fX6taK/BCokDnqhIwTN2qxHsu+mrPcM/Pgg5Zqy8HvUgX8jM=,iv:bCwuNk5CVgK2T5IgLebcKwxwloi6FkWMWhnxwJek1GM=,tag:UDQ0KmRDVlDh35Fjm6eaAA==,type:str] sessionSecret: ENC[AES256_GCM,data:7FdRjAShjjue1fFwizCgK+94mkbT4ohAPxdyn/8Z8/f2nvGWPZHO/hGexOixbRGLPewJSaMunTMeJL+IzFlGlg==,iv:iz7640b8Mlb6mNps20b+TbphWDEFUbKwKNUXc0kR5NY=,tag:fdEr1tbes1h8VCA/q+0sOw==,type:str] databasePassword: ENC[AES256_GCM,data:wdRhCluNx2IzgDqouAoIcG6yOWwNLOaEkpqgYEeFvJDZsMC8OUuV7Q==,iv:Csut0c+LRKWD2b4uVuQpGnwwVqnGT6Sk6T/ODlH57Bk=,tag:7bS6a18GyRifq2D6cIheaw==,type:str] + oidc: + client_secret: + password: ENC[AES256_GCM,data:rLkMFkEzCF3+ejGAUliaBMpfOrxL5b3pJVvkblEFIvHupmr9DTS71L4T6/oo616E4IoCuZxqKh0FxhdWZRM4KrEk5YZMbgp9,iv:TbySrCTY+Kps4v/q5maQglm4aOzuUPch2ECBHPp4FYc=,tag:mz71m6JqIemVCypf93hkBQ==,type:str] + digest: ENC[AES256_GCM,data:m+abt7SEXZoeOA+ioB3BmiWN09CDpCWdZ5eNRhShvuUJW7rjbSJAQ2NTZkMTnFoNv6PO6rSUD6lmStFfO/mqVUFvWXBBDMK3xK+ILcgDoZZ1Pnmr19noqTL5OxyYLAtUHRNOohsUBYlZKyv2lFNQlqxk6kOi+fUPitmmsO6BO1nrq2s=,iv:CmC0JLXuT9O29Rtu7Pp8i0h/SyaEAT0bsXQb2LRFAkk=,tag:/IL39BCMuw+bqxv2OaNwhw==,type:str] nextcloud: databasePassword: ENC[AES256_GCM,data:jRLgW96FnMEpU0T5z/iQOX/CgjpH2ZykZGd1qGFHK8o=,iv:YrY9IsrlCaiQ8BFYqu+UnOxnvvB/JN4iYfy3vMa3wcw=,tag:41iWc4iVqjdUr02O5CLu7g==,type:str] paperless: @@ -37,11 +45,10 @@ authelia: smtpPassword: ENC[AES256_GCM,data:Zd2F237gWaL555lf022zjr7VHVcAFUyFxg==,iv:ka8YuGFclNrWV1U0g2ERypiKy6rN5ppPIVlsjBqkFrI=,tag:e+5fO6VR1z1cqYTXJ6Yo+Q==,type:str] oidc: hmac_secret: ENC[AES256_GCM,data:4SDX5lopMeomhkMpkei6Qu6S+BBhFGCZswBfOtfWNSzv3qAEme9h3wQeIQ2W18J84RwprTpDZdkk++bbAYoch2iZF1yEV+8XBcmVcg4q+s5isn0lAaTDhHHCZ6Cci8KuyYy5/tcMDgF61oM5H0g7nGv7rhPD8clDubZwAvEDf7g=,iv:S7cCKyWbB4QaqGYsrp9JavKBAMxnfzhnl5bMRyq4TT4=,tag:S2+NglxgDsi4ivvR2FYjsQ==,type:str] - freshrss_client_secret: ENC[AES256_GCM,data:TLCQaJ8FZX9fVErXE84akyRE0ZWPJBiAxKjdpr4eXClxECGUQZO0Vu07dwj0mzRUiMMpNthBibxNeOGnE147Fht1tET3EuEe,iv:F0iZpzJyZvYjNlxMFeVzLlquWqsV3J0M1eTr0oNn+QQ=,tag:6eD4AUc7VK6aBGUr/Oe0lQ==,type:str] jwk_rs256: private: ENC[AES256_GCM,data:WaTdMntWZF40pBOsHpKlQAcsVoceQDKkPlNbkwlPjY231cZSgHYw2u3V89BHx1p3LT4OUAEQvBcQ3c8sJbRYHTo7wXVYTwMrWL+KIu5AOp1pqHWESJrxO/12tgITcM5xJx+zwAoc/85l0LK3EIXYayEYe6ISNjx13K3YaSuD74iEXrNtWuvqwvbT9zNtYg8gb+l1FEW+TwS6wdzWyglfZl4erOQXb1a373qRdTz5m71MEPY8nJPS948nxO5M1DgJ8eqyztVdHY+z3X40vsDv3anSApeBNe/jexUVGBmuRtOhoAbirbNo7F8tjbI1qVy1lw0YNiaXAyH/BY2EtcSb9bU/VqCRdLteZnSed4LFrCIFt9mYoAWPX4GjXanfshNUaqM0IEFVjH7cXzf4rKql9VnxvCufupIGKhcOkAuxFtuOPL9q3RVT4CkarhmgDpKKjUlyAHRAvLH2F2l+K6zwEengiYDXkyBzd393Gsee6ML30X/MRSwd1TBqKZ1VInpk3bn/GwVMipywiYsviLE6JW+IcRJiHCI3bbch2aRsq9MP8AE9qornqC9nt6DQKnOr2HvEAjTHGvmiJN2nKaRU/B6T5xmH9nsdZ3CTsmTIkWBi/Fa8th9DvT8UrQe4LiQ8t6/6TrhgZ+QCjgwp59B2dwrPnT7oY8B0o5O0k/06HnsaG0YxyEM2JgVBer0K4BzUAoap4S8YGj88oPVlSHV3ks7qjx8J+pytNmyND3O1CzKUuluTjCLoowyDx9OA8AcfxVCva6BI6EqJEVU0eqlo146kdgERPR4U6TgCAU6uk4rb+SQgwN6brd15AezRKUW9iDbr4hoxCA0XNTzcDLJKKFFU2ZlHdvs9WTif7gmVwAsogy31xWyKdTdSCoUME4mAKeHM2o763UICjL4HO6drMn16G5yA0anxkctVJqWKcpLrD9rVCC30bbFy8u3H1Icfzf2dZxbTLCbJVn5i39I9AqehIOapD7SwN3pyXwicfnr6h1prGKdHQ0cXjlwCiiP7lSBLP+Q4DwjoSVF/Iei4DcFQoHqSpGreGeP5yRNiRe8HEp63yQXFM/l6PMIVZw+0q/VDb5sEUZ6XItAi/UL3CqY1WI5SVvbeuxbKivuxRcspiFRHB9aXS2eG8hx/Oq9OFvPq3eAQ7xtZLw5oMAFgED4epZl3mAaYz8n5m2i2J8QujxP1POqotkeA1uQFelQL1xMUdpIg41mRNch0M3H50fcgR5dJ3k41NAJTCi5B+X9lFVoo/ByLvX4hkmx4YeZ5VPW6hVLiZMcdA+RluBWVAShYXBBg5rV3ak/G8Lj9P/cc1Tg32Qr1m9h3Tl4Q8AEmWBABRXYcZ526fMFdTQa0SkdvO3jp6Zt/6TObygSyOrOjBIgXye4BAT3zuyNK07Z1gOP1X0rE23T50S5A4KCI59QCs+szugk9umUbqeZF3DKj1oiVq1f5I1m2zbBuWq6vi6kH7eD7eSnTqpIuYeOsuWlREvsNHfXOA7lrURy+yLheKYuIRqx+5TKJaapgMkagw5nQ74RAvEJgAPHJaKYt5YJklMSxTkUR6FlvZNq2salMpM+mGrtH9l1tEVUbKh6QAyG4EkUbnFmT3orCgBJJFh+HXMpb6pwVL06+/0sSvgBI1ZBfbGYWk//RKSHbVzOi1UXyW1izeLgSwKNc/ZUCDnZ0hrBafQn3S8Ap+5j9h++fdH9NwfQyGV7GuTMYBkCtG3+l9+iitFWPUnZ2PvNypi4kJX31XlSyR/JoQfvFNm3nWw1pdLJRF7shqYxbSuGx/Fz02zocEvNNu5NBp5+0nPXIWp5PoRHqWHXI6TvNduji0/ycKjLhtpnFV3NhhWq0no5fKo+t4seoQ88oFzbH0wVXnLRALPq6yZ1kzbWhGp5RLmtixEMXcAwuw2Ewol2BhIf2+5o7d7ndgmZ6lOM4LzApumzS0m3z91XQ1keqHZUWA0XdCekIucNrhw4uVIWg228G5IWjI1QuL6c9zeIHl8NvSCzC7lJLXR6NiCzFvVH92krQ91yiEsSvg3+8MkU+6mlLiCvbl98WVMcQ6Ig9Hh+p1ALSuUDDqOK8k4ja3sblwjDE1vQhacm9gaCjYfID+UFpbJ1FLwdOiBrcUu3jSnN2zBViWjH48xnM7kvxliDRbAElyMPylD2wE6Gce/nyueSAktsfPzt3GnHzspfuoDokJ2pss+8u/x/5whe+xkMMEhExWJWTe4WiwYxyM7dIX8JLJBqQ+T3pUQLMYwECHvPstLiQjpWy,iv:cZQEw3E1Kq+Qg1ZB0gwMW87NG1z/tGDnQOpRiCsdpUs=,tag:N/JqLdXIwCerHynMhmvhug==,type:str] public: ENC[AES256_GCM,data:TivRCWgU3skYJbDopZAdSAZBi7OhgzLjOLi0f8bUN3hEfDS9Bqbo3ZirepWkxDZcEBJH9ut/rAwumWGedU6C71eFtOpC/++c/++VILmWGM2BDUvlUaksaWZE0sNQRZxXmHFd5Fnxq13vVhs0i5Grdu6WG6wdq9dD9iFooLqee5KT6z33lD9THitecYiGf4hccVfJXKriNmNfmFkyv2KMaDNBwgSHtAsXSbYoHOpIz68SzS3KrngSIAvavfSSsW1RXDXvf/3aB94lPtizCZVtKZ+JcHYg3xPesXdwwA6h7A5W7rfJoAQdiDGQJMb4hFhtjhaBGmiUAv5JwRvvEAhQIrVtPmkO9ibir3yDDrcwNXuJDgHrcd0rpSjYWyAM1pgzXiWAiLzhh/AcL+l2xV286XRDwm1xxoPNdGdmOYkiN2AZre8CoR1aFkIP+T479rkOylJq14RzSQAbJ8AaZ6dK2mFxKYFyVpW0aMjEoo9Yqd4IFZpMWIlVALeh3+bpqgtCCkBYq3MX3J0FJ6vL4LUV5855GUrP4CJhSSCAnKaiXKnps2TrHN8Kp1dqtnv1ihq8fwVoSgqiISN4xY8VXsW/IjJYcQ==,iv:o8F7qgHLWhWXEOOSzum+Qore2tGSraqmC1VMWtpaj0I=,tag:Kn5myis0OwoCMa+8yhssPg==,type:str] - users: ENC[AES256_GCM,data:Az1vmno1PPpFAqIpZKiMtdAP5TqgoCSzu+x2P3eI2h4C+FPbdRjQrnybpLdKRmaQaVvfGS8p4+RbM8jF1H4sSgAZRcBQIzanWtW4fl+KK4aHxPmRIbH75bGUGnSK8u94jCYMotll5tpMbkR+st6xEkh+IkPz+CSIopZ1o6VeFu9od7qJ2LBwnl+FzZp3XFoLXHLNFf4J01gUwtlxvbLHOD5tFxOFHXDi/CKsYJOBr3m9wUoHKGwaeuYpNfy+3C5dcwf0eiXOkxYyjwjlxQ0MumcyzSdVBCTWJRRTwFa1akw6P/sl0Cdw/9GL83zBGLSfFK+DaIaHzG+h51KcELj9lVbNHPbC1UwRnwy0SdxYXiPz7Y8R9J/u5wI5eyyimDtJp83+c4eqOO7+animxUJ8EIuKEiUPMr5mQg0KtK5P3jTu/wZuGgxdqi1nR44+UHKmWrD62qDwjcjv60RDlQxcm4dBOL3wCaV7V8K5UBF0UhiyA2/N0XFHLnibQ1LS/vRfgXjrsjZ6JYzVeY7mDCGa0Kb4NkJJLeMvEEmwsw9sGst9um1w7AQevQPowBST4nkRVdb12JGWrq4S77gDa19Qbm2a0z5XvwvEq1C/47OOEDoSFh/uY2Ycn8tOIZw7S53h5z++cAVKBgYAFVI0fw==,iv:9hm49dFfD6O0YV5YdyXqyiU1vjSHNuH4/+JcXiN+PWI=,tag:jM6atf1M0cgDcAiFOd626Q==,type:str] + users: ENC[AES256_GCM,data:XPnB3wFj8rDPaq8bfgsnDiNmaA+GE6tguPqtnPxfHhM2gVUatnyP5RLIrBxQTUja8w70NBHPQMPEFh3TydBDlWI8tvV8mid1iu7/pRgb6u+LtVSPtrqkSkQBponsxTsila1uvyYLITaB6pI2w0ijcWx3enu1W/a5ssgBQUNVqKfftAF9tB/W0Jhn6m4U9KfB1NbR708eO1LcGHVlqgCs4u9FwR9FEWHDDGgwDjeDQ5w+w9NMAbg7YfwmPgMv3VwRqpie0AE5jj+qtpnAZCpKJK/AzWN7T++TXg6IywPSk/4thFDtLsgke0gtNOMS2DlCRZ7LqdyzwuhQMVX5YbmmQdk5+z4fYKYgWGT8L9ABA6fl/LeMygJVM9cNOl1VGT7SsTBj5WdrU3gR6n0UCybLIyOIA7q+0mT1RR7sKJ1OFKz6bappzIn2Y1UREGTvz63Quw1Kgbciq5WRag4WFVRuq89JKYD8Y9bkWfHgF5L1kCzep79CvB9uxnO+wXwbtxsSEyxllQIDuVMejdVV/l9FPjhgWPe3ho1Eh78nTibNo0cEijvf5ub6MKPelpMvEhEU4J2OH5AJjixqM3RyxO6IKAKx4gg6bm0nUgKPa+7jZ+mZ4xj7AyDh3v8t8C0GOJZSbdtD54YzBjkWLu9I+OhErQQUfgKB5DTDUF+RogkH9LAWn9C2,iv:3lY+ghmpQrKME8xa264RqFR4BzhY4MvcbTwwXmsaf0k=,tag:EmrYcmWBH1zrLDBFgTp25g==,type:str] sops: kms: [] gcp_kms: [] @@ -66,8 +73,8 @@ sops: azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68 UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-08T11:58:45Z" - mac: ENC[AES256_GCM,data:ZHE9vdafH6oQnwHJb1p9FRBKB3Q5V6UK+6kiRt96p82aWG/PYtlxxt/Fc9pdgItSN4iVma8sDSs+IRpS5qUvRE5H71fqNDpGE7gfKn3QbK/GRN1WJv4P0Dg3tghFw+oqQ8hqPffGM2UurYlax9T2TnUEyZw8VdDMaTrGbQrjjQ8=,iv:iErbT0QSfgGFVNbz/QBqqZQbEJcfPn3t5QIGEWQgRx8=,tag:xJsYBMoGmxF26c7Rewtvlg==,type:str] + lastmodified: "2025-02-08T22:34:17Z" + mac: ENC[AES256_GCM,data:i9suj/TCZdqZW3KxU8Ye3qZnGwIlHFJ4FvsuEhNlq5llC7H/eRnYW8bkZkg2848CRasaco+0eimMcJc2vD7YFO8AuVxIEFr2U2MXP+9tRKPrWd5bae7X2wJo+C1AYCpjpllFlS/T50wSKM7y4ugJtKIibJs/Q3YB3D8D6hfB884=,iv:wdqVREuVVEUBwEKNQBAl0kHUhF+KNDzOPVbo9xfDHDU=,tag:++8BJRRk0xCGezS+RTPc3g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2