From 00493bf30f227a4d8c61ba5fe4eb42a01dc22d75 Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Sun, 29 May 2022 03:30:40 +0100 Subject: [PATCH] nixos: Add working container VM (w/ vaultwarden) Also improve IPv6 addressing / routing --- flake.lock | 18 +-- lib.nix | 42 +++++-- nixos/boxes/colony/default.nix | 29 +++-- nixos/boxes/colony/vms/default.nix | 93 ++++++++++----- nixos/boxes/colony/vms/estuary/default.nix | 25 +++- nixos/boxes/colony/vms/estuary/dns.nix | 4 +- .../colony/vms/shill/containers/default.nix | 5 + .../vms/shill}/containers/vaultwarden.nix | 39 +++++-- nixos/boxes/colony/vms/shill/default.nix | 109 ++++++++++++++++++ nixos/default.nix | 1 + nixos/installer.nix | 7 +- nixos/modules/containers.nix | 44 +++++-- nixos/modules/vms.nix | 2 +- secrets/user-passwd.txt.age | 29 ++--- secrets/vaultwarden.env.age | 17 ++- 15 files changed, 351 insertions(+), 113 deletions(-) create mode 100644 nixos/boxes/colony/vms/shill/containers/default.nix rename nixos/{ => boxes/colony/vms/shill}/containers/vaultwarden.nix (54%) create mode 100644 nixos/boxes/colony/vms/shill/default.nix diff --git a/flake.lock b/flake.lock index 44cae71..8210a49 100644 --- a/flake.lock +++ b/flake.lock @@ -166,11 +166,11 @@ }, "nixpkgs-mine": { "locked": { - "lastModified": 1653750319, - "narHash": "sha256-V4rzHt2NxGPghmVBy3XA68f2Fisygcil8a/bf/xQ4J0=", + "lastModified": 1653784487, + "narHash": "sha256-retweVtK4ysHALFjTlbYUHgmkR9bw02AbG0t+i9eo2o=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "b29604b752136d79c27ba7d0849fe38469302102", + "rev": "1f7c3482f34ff13f2916d43bad928375b9fca268", "type": "github" }, "original": { @@ -182,11 +182,11 @@ }, "nixpkgs-mine-stable": { "locked": { - "lastModified": 1653750790, - "narHash": "sha256-3QxjU8oJyRDRCK6tHl7AeG4GDqWDJSuFL7hfaMojp04=", + "lastModified": 1653784518, + "narHash": "sha256-Rc9WxxdC58B37MS+1Qivh/5/lfoVDYXC3AEe71WpAbQ=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "edab7137ddaa8022f28ecd4a2b26f5515e7de67c", + "rev": "976da39305ddbae9a339d63de0dd0bdbc8671e27", "type": "github" }, "original": { @@ -198,11 +198,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1653504306, - "narHash": "sha256-bqjEskV+/tqOQqSEaCu4e6uWZ0F7ekBiMR16xpn4V0k=", + "lastModified": 1653733789, + "narHash": "sha256-VIYazYCWNvcFNns2XQkHx/mVmCZ3oebZv8W2LS1gLQE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6efc186e6079ff3f328a2497ff3d36741ac60f6e", + "rev": "d1086907f56c5a6c33c0c2e8dc9f42ef6988294f", "type": "github" }, "original": { diff --git a/lib.nix b/lib.nix index 13d5a44..d4deeea 100644 --- a/lib.nix +++ b/lib.nix @@ -3,7 +3,7 @@ let inherit (builtins) length match replaceStrings elemAt mapAttrs head split; inherit (lib) genAttrs mapAttrs' mapAttrsToList filterAttrsRecursive nameValuePair types - mkOption mkOverride mkForce mergeEqualOption optional; + mkOption mkOverride mkForce mkIf mergeEqualOption optional hasPrefix; inherit (lib.flake) defaultSystems; in rec { @@ -89,17 +89,20 @@ rec { networkdAssignment = iface: a: { matchConfig.Name = iface; - address = [ "${a.ipv4.address}/${toString a.ipv4.mask}" "${a.ipv6.address}/${toString a.ipv6.mask}" ]; + address = + [ "${a.ipv4.address}/${toString a.ipv4.mask}" ] ++ + (optional (a.ipv6.iid == null) "${a.ipv6.address}/${toString a.ipv6.mask}"); gateway = (optional (a.ipv4.gateway != null) a.ipv4.gateway) ++ (optional (a.ipv6.gateway != null) a.ipv6.gateway); networkConfig = { - IPv6AcceptRA = a.ipv6.gateway == null; + IPv6AcceptRA = a.ipv6.gateway == null || a.ipv6.iid != null; # NOTE: LLDP emission / reception is ignored on bridge interfaces LLDP = true; EmitLLDP = "customer-bridge"; }; ipv6AcceptRAConfig = { + Token = mkIf (a.ipv6.iid != null) "static:${a.ipv6.iid}"; UseDNS = true; UseDomains = true; }; @@ -153,14 +156,31 @@ rec { filterOpts = filterAttrsRecursive (_: v: v != null); }; - colonyDomain = "test.int.nul.ie"; - # Shouldn't need this hopefully (IPv6 RA) - colonyDNS = { - domains = [ colonyDomain ]; - dns = [ - "10.100.0.1" - "2a0e:97c0:4d1:0::1" - ]; + colony = rec { + domain = "test.int.nul.ie"; + # Shouldn't need this hopefully (IPv6 RA) + dns = { + domains = [ domain ]; + dns = [ + "10.100.0.1" + "2a0e:97c0:4d1:0::1" + ]; + }; + prefixes = { + all = { + v4 = "10.100.0.0/16"; + v6 = "2a0e:97c0:4d0:bbb0::/60"; + }; + base.v6 = "2a0e:97c0:4d0:bbb0::/64"; + vms = { + v4 = "10.100.1.0/24"; + v6 = "2a0e:97c0:4d0:bbb1::/64"; + }; + ctrs = { + v4 = "10.100.2.0/24"; + v6 = "2a0e:97c0:4d0:bbb2::/64"; + }; + }; }; sshKeyFiles = { me = .keys/me.pub; diff --git a/nixos/boxes/colony/default.nix b/nixos/boxes/colony/default.nix index c2ef006..8f79217 100644 --- a/nixos/boxes/colony/default.nix +++ b/nixos/boxes/colony/default.nix @@ -11,7 +11,10 @@ altNames = [ "vm" ]; ipv4.address = "10.100.0.2"; #ipv6.address = "2a0e:97c0:4d1:0::2"; - ipv6.address = "2a0e:97c0:4d0:bbb0::2"; + ipv6 = rec { + iid = "::2"; + address = "2a0e:97c0:4d0:bbb0${iid}"; + }; }; vms = { ipv4 = { @@ -31,7 +34,7 @@ { imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; - networking.domain = lib.my.colonyDomain; + networking.domain = lib.my.colony.domain; boot.kernelParams = [ "intel_iommu=on" ]; boot.loader.systemd-boot.configurationLimit = 20; @@ -88,7 +91,7 @@ }; "80-vms" = mkMerge [ - (networkdAssignment "base" assignments.vms) + (networkdAssignment "vms" assignments.vms) { networkConfig = { IPv6AcceptRA = mkForce false; @@ -101,7 +104,17 @@ ipv6Prefixes = [ { #ipv6PrefixConfig.Prefix = "2a0e:97c0:4d1:1::/64"; - ipv6PrefixConfig.Prefix = "2a0e:97c0:4d0:bbb1::/64"; + ipv6PrefixConfig.Prefix = lib.my.colony.prefixes.vms.v6; + } + ]; + routes = map (r: { routeConfig = r; }) [ + { + Gateway = allAssignments.shill.internal.ipv4.address; + Destination = lib.my.colony.prefixes.ctrs.v4; + } + { + Gateway = allAssignments.shill.internal.ipv6.address; + Destination = lib.my.colony.prefixes.ctrs.v6; } ]; } @@ -145,14 +158,8 @@ server.enable = true; firewall = { - trustedInterfaces = [ "base" ]; + trustedInterfaces = [ "base" "vms" ]; }; - - #containers = { - # instances.vaultwarden = { - # networking.bridge = "virtual"; - # }; - #}; }; }; }; diff --git a/nixos/boxes/colony/vms/default.nix b/nixos/boxes/colony/vms/default.nix index f5416d5..001787c 100644 --- a/nixos/boxes/colony/vms/default.nix +++ b/nixos/boxes/colony/vms/default.nix @@ -1,12 +1,31 @@ { imports = [ ./estuary + ./shill ]; nixos.systems.colony.configuration = { lib, pkgs, config, systems, ... }: let + inherit (lib) mkMerge; + wanBDF = if config.my.build.isDevVM then "00:02.0" else "01:00.0"; + + vmLVM = vm: lv: { + "${lv}" = { + backend = { + driver = "host_device"; + filename = "/dev/ssds/vm-${vm}-${lv}"; + # It appears this needs to be set on the backend _and_ the format + discard = "unmap"; + }; + format = { + driver = "raw"; + discard = "unmap"; + }; + frontend = "virtio-blk"; + }; + }; in { systemd = { @@ -28,40 +47,52 @@ my = { vms = { - instances.estuary = { - uuid = "59f51efb-7e6d-477b-a263-ed9620dbc87b"; - networks.base.mac = "52:54:00:ab:f1:52"; - drives = { - installer = { - backend = { - driver = "file"; - filename = "${systems.installer.configuration.config.my.buildAs.iso}/iso/nixos.iso"; - read-only = "on"; - }; - format.driver = "raw"; - frontend = "ide-cd"; - frontendOpts = { - bootindex = 1; - }; - }; - disk = { - backend = { - driver = "host_device"; - filename = "/dev/ssds/vm-estuary"; - # It appears this needs to be set on the backend _and_ the format - discard = "unmap"; - }; - format = { - driver = "raw"; - discard = "unmap"; - }; - frontend = "virtio-blk"; - frontendOpts = { - bootindex = 0; + instances = { + estuary = { + uuid = "59f51efb-7e6d-477b-a263-ed9620dbc87b"; + networks.base.mac = "52:54:00:ab:f1:52"; + drives = { + # TODO: Split into separate LVs + disk = { + backend = { + driver = "host_device"; + filename = "/dev/ssds/vm-estuary"; + # It appears this needs to be set on the backend _and_ the format + discard = "unmap"; + }; + format = { + driver = "raw"; + discard = "unmap"; + }; + frontend = "virtio-blk"; }; }; + hostDevices."${wanBDF}" = { }; + }; + shill = { + uuid = "e34569ec-d24e-446b-aca8-a3b27abc1f9b"; + networks.vms.mac = "52:54:00:85:b3:b1"; + drives = mkMerge [ + (vmLVM "shill" "esp") + (vmLVM "shill" "nix") + (vmLVM "shill" "persist") + { + installer = { + backend = { + driver = "file"; + filename = "${systems.installer.configuration.config.my.buildAs.iso}/iso/nixos.iso"; + read-only = "on"; + }; + format.driver = "raw"; + frontend = "ide-cd"; + frontendOpts = { + bootindex = 1; + }; + }; + esp.frontendOpts.bootindex = 0; + } + ]; }; - hostDevices."${wanBDF}" = { }; }; }; }; diff --git a/nixos/boxes/colony/vms/estuary/default.nix b/nixos/boxes/colony/vms/estuary/default.nix index 446e42f..e173174 100644 --- a/nixos/boxes/colony/vms/estuary/default.nix +++ b/nixos/boxes/colony/vms/estuary/default.nix @@ -25,7 +25,7 @@ config = mkMerge [ { - networking.domain = lib.my.colonyDomain; + networking.domain = lib.my.colony.domain; boot.kernelParams = [ "console=ttyS0,115200n8" ]; fileSystems = { @@ -94,7 +94,26 @@ ipv6Prefixes = [ { #ipv6PrefixConfig.Prefix = "2a0e:97c0:4d1:0::/64"; - ipv6PrefixConfig.Prefix = "2a0e:97c0:4d0:bbb0::/64"; + ipv6PrefixConfig.Prefix = lib.my.colony.prefixes.base.v6; + } + ]; + routes = map (r: { routeConfig = r; }) [ + { + Gateway = allAssignments.colony.internal.ipv4.address; + Destination = lib.my.colony.prefixes.vms.v4; + } + { + Gateway = allAssignments.colony.internal.ipv6.address; + Destination = lib.my.colony.prefixes.vms.v6; + } + + { + Gateway = allAssignments.colony.internal.ipv4.address; + Destination = lib.my.colony.prefixes.ctrs.v4; + } + { + Gateway = allAssignments.colony.internal.ipv6.address; + Destination = lib.my.colony.prefixes.ctrs.v6; } ]; } @@ -138,7 +157,7 @@ iifname wan meta l4proto { udp, tcp } th dport domain redirect to :5353 } chain postrouting { - ip saddr 10.100.0.0/16 masquerade + ip saddr ${lib.my.colony.prefixes.all.v4} masquerade } } ''; diff --git a/nixos/boxes/colony/vms/estuary/dns.nix b/nixos/boxes/colony/vms/estuary/dns.nix index cab7b0f..923c461 100644 --- a/nixos/boxes/colony/vms/estuary/dns.nix +++ b/nixos/boxes/colony/vms/estuary/dns.nix @@ -21,9 +21,7 @@ in ]; allowFrom = [ "127.0.0.0/8" "::1/128" - "10.100.0.0/16" "2a0e:97c0:4d1::/48" - # TODO: Remove when moving to proper net! - "2a0e:97c0:4d0::/48" + lib.my.colony.prefixes.all.v4 lib.my.colony.prefixes.all.v6 ]; }; forwardZones = genAttrs authZones (_: "127.0.0.1:5353"); diff --git a/nixos/boxes/colony/vms/shill/containers/default.nix b/nixos/boxes/colony/vms/shill/containers/default.nix new file mode 100644 index 0000000..67600d5 --- /dev/null +++ b/nixos/boxes/colony/vms/shill/containers/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./vaultwarden.nix + ]; +} diff --git a/nixos/containers/vaultwarden.nix b/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix similarity index 54% rename from nixos/containers/vaultwarden.nix rename to nixos/boxes/colony/vms/shill/containers/vaultwarden.nix index 2d91de1..6e66aff 100644 --- a/nixos/containers/vaultwarden.nix +++ b/nixos/boxes/colony/vms/shill/containers/vaultwarden.nix @@ -1,11 +1,23 @@ { nixos.systems.vaultwarden = { system = "x86_64-linux"; - nixpkgs = "unstable"; + nixpkgs = "mine"; - configuration = { lib, config, ... }: + assignments = { + internal = { + name = "vaultwarden-ctr"; + ipv4.address = "10.100.2.2"; + ipv6 = rec { + iid = "::2"; + address = "2a0e:97c0:4d0:bbb2${iid}"; + }; + }; + }; + + configuration = { lib, config, assignments, ... }: let inherit (lib) mkMerge mkIf mkForce; + inherit (lib.my) networkdAssignment; vwData = "/var/lib/vaultwarden"; vwSecrets = "vaultwarden.env"; @@ -17,16 +29,28 @@ server.enable = true; secrets = { - key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMHoWhafCkLVggsO24fFWm3nmkY5t23GHbBafBVGijbQ"; + key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILakffcjRp6h6lxSOADOsTK5h2MCkt8hKDv0cvchM7iw"; files."${vwSecrets}" = {}; }; firewall = { tcp.allowed = [ 80 3012 ]; }; + + tmproot.persistence.config.directories = [ + { + directory = vwData; + user = config.users.users.vaultwarden.name; + group = config.users.groups.vaultwarden.name; + } + ]; + }; + + systemd = { + services.vaultwarden.serviceConfig.StateDirectory = mkForce "vaultwarden"; + network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal; }; - systemd.services.vaultwarden.serviceConfig.StateDirectory = mkForce "vaultwarden"; services = { vaultwarden = { enable = true; @@ -43,13 +67,6 @@ }; } (mkIf config.my.build.isDevVM { - my.tmproot.persistence.config.directories = [ - { - directory = vwData; - user = config.users.users.vaultwarden.name; - group = config.users.groups.vaultwarden.name; - } - ]; virtualisation = { forwardPorts = [ { from = "host"; host.port = 8080; guest.port = 80; } diff --git a/nixos/boxes/colony/vms/shill/default.nix b/nixos/boxes/colony/vms/shill/default.nix new file mode 100644 index 0000000..348e4ab --- /dev/null +++ b/nixos/boxes/colony/vms/shill/default.nix @@ -0,0 +1,109 @@ +{ + imports = [ ./containers ]; + + nixos.systems.shill = { + system = "x86_64-linux"; + nixpkgs = "mine"; + + assignments = { + internal = { + name = "shill-vm"; + altNames = [ "ctr" ]; + ipv4.address = "10.100.1.2"; + ipv6 = rec { + iid = "::2"; + address = "2a0e:97c0:4d0:bbb1${iid}"; + }; + }; + ctrs = { + ipv4 = { + address = "10.100.2.1"; + gateway = null; + }; + ipv6.address = "2a0e:97c0:4d0:bbb2::1"; + }; + }; + + configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }: + let + inherit (lib) mkIf mkMerge mkForce; + inherit (lib.my) networkdAssignment; + in + { + imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; + + config = mkMerge [ + { + networking.domain = lib.my.colony.domain; + + boot.kernelParams = [ "console=ttyS0,115200n8" ]; + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/ESP"; + fsType = "vfat"; + }; + "/nix" = { + device = "/dev/vdb"; + fsType = "ext4"; + }; + "/persist" = { + device = "/dev/vdc"; + fsType = "ext4"; + neededForBoot = true; + }; + }; + + systemd.network = { + links = { + "10-vms" = { + matchConfig.MACAddress = "52:54:00:85:b3:b1"; + linkConfig.Name = "vms"; + }; + }; + netdevs."25-ctrs".netdevConfig = { + Name = "ctrs"; + Kind = "bridge"; + }; + + networks = { + "80-vms" = networkdAssignment "vms" assignments.internal; + "80-ctrs" = mkMerge [ + (networkdAssignment "ctrs" assignments.ctrs) + { + networkConfig = { + IPv6AcceptRA = mkForce false; + IPv6SendRA = true; + }; + ipv6SendRAConfig = { + DNS = [ allAssignments.estuary.internal.ipv6.address ]; + Domains = [ config.networking.domain ]; + }; + ipv6Prefixes = [ + { + ipv6PrefixConfig.Prefix = lib.my.colony.prefixes.ctrs.v6; + } + ]; + } + ]; + }; + }; + + my = { + secrets.key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWi6iEcpKdWPiHPgQEeVVKfB3yWNXQbXbr8IXYL+6Cw"; + server.enable = true; + + firewall = { + trustedInterfaces = [ "vms" "ctrs" ]; + }; + + containers = { + instances.vaultwarden = { + networking.bridge = "ctrs"; + }; + }; + }; + } + ]; + }; + }; +} diff --git a/nixos/default.nix b/nixos/default.nix index 964104f..e64372c 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -102,6 +102,7 @@ let ipv6 = { address = mkOpt' str null "IPv6 address."; mask = mkOpt' ints.u8 64 "Network mask."; + iid = mkOpt' (nullOr str) null "SLAAC static address."; gateway = mkOpt' (nullOr str) null "IPv6 gateway."; }; }; diff --git a/nixos/installer.nix b/nixos/installer.nix index bac27ae..a3f88bb 100644 --- a/nixos/installer.nix +++ b/nixos/installer.nix @@ -52,8 +52,11 @@ }; }; - # Will be set dynamically - networking.hostName = ""; + networking = { + # Will be set dynamically + hostName = ""; + useNetworkd = false; + }; # This should be overridden by whatever boot mechanism is used fileSystems."/" = mkDefault { diff --git a/nixos/modules/containers.nix b/nixos/modules/containers.nix index a3c0c1d..9455c36 100644 --- a/nixos/modules/containers.nix +++ b/nixos/modules/containers.nix @@ -10,6 +10,40 @@ let devVMKeyPath = "/run/dev.key"; ctrProfiles = n: "/nix/var/nix/profiles/per-container/${n}"; + dummyReady = pkgs.runCommandCC "dummy-sd-ready" { + buildInputs = [ pkgs.systemd ]; + passAsFile = [ "code" ]; + code = '' + #include + #include + #include + #include + + void handler(int signum) { + exit(0); + } + + int main() { + // systemd sends this to PID 1 for an "orderly shutdown" + signal(SIGRTMIN+3, handler); + + int ret = + sd_notifyf(0, "READY=1\n" + "STATUS=Dummy container, please deploy for real!\n" + "MAINPID=%lu", + (unsigned long)getpid()); + if (ret <= 0) { + fprintf(stderr, "sd_notify() returned %d\n", ret); + return ret == 0 ? -1 : ret; + } + + pause(); + return 0; + }; + ''; + } '' + $CC -o "$out" -x c -lsystemd "$codePath" + ''; dummyProfile = pkgs.writeTextFile { name = "dummy-init"; executable = true; @@ -19,10 +53,7 @@ let #!${pkgs.runtimeShell} ${pkgs.iproute2}/bin/ip link set dev host0 up - while true; do - echo "This is a dummy, please deploy the real container!" - ${pkgs.coreutils}/bin/sleep 5 - done + exec ${dummyReady} ''; }; @@ -185,6 +216,7 @@ in reload = # `switch-to-configuration test` switches config without trying to update bootloader '' + # TODO: This still breaks on first deploy over the dummy... [ -e "${system}"/bin/switch-to-configuration ] && \ systemd-run --pipe --machine ${n} -- "${containerSystem}"/bin/switch-to-configuration test ''; @@ -250,13 +282,9 @@ in Virtualization = "container"; }; networkConfig = { - DHCP = "yes"; LLDP = true; EmitLLDP = "customer-bridge"; }; - dhcpConfig = { - UseTimezone = true; - }; }; # If the host is a dev VM diff --git a/nixos/modules/vms.nix b/nixos/modules/vms.nix index 60129b6..9569b75 100644 --- a/nixos/modules/vms.nix +++ b/nixos/modules/vms.nix @@ -113,7 +113,7 @@ let threads = mkOpt' ints.unsigned 1 "Number of threads per core."; }; memory = mkOpt' ints.unsigned 1024 "Amount of RAM (mebibytes)."; - vga = mkOpt' str "qxl" "VGA card type."; + vga = mkOpt' str "virtio" "VGA card type."; spice.enable = mkBoolOpt' true "Whether to enable SPICE."; networks = mkOpt' (attrsOf (submodule netOpts)) { } "Networks to attach VM to."; drives = mkOpt' (attrsOf (submodule driveOpts)) { } "Drives to attach to VM."; diff --git a/secrets/user-passwd.txt.age b/secrets/user-passwd.txt.age index 8f1dfc7..c1d89ce 100644 --- a/secrets/user-passwd.txt.age +++ b/secrets/user-passwd.txt.age @@ -1,15 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 SKXJUw HNKr/VHMm2Tm3zXJy/hiWFT/HwMrs5dzi+JSdfe/3wE -NH/28Nkeij6o3h63Fu/h2dgI8b6spZ0dMKp/yUfTCq4 --> ssh-ed25519 B9K/XQ it45NurDEjYL5dAVJsJmi+MlIHKSpP2Lj7Fij5/ziUs -1vKMO+h6aMAWDQDWwKrT0PwDhw90mk7x7uf27CCz27s --> ssh-ed25519 LLxJog aAmssC1kqweHP1TEtkVurusq1AqIc8t7HZ7A7hjRtAw -lDbexbeib25DPuFiObs+1PQgu1WPG8a/P01QD6tO1f8 --> X25519 lcKREBQdELTzOpxRXMJa5J9stI9u3tZJdAHGW2LC8W4 -7c+kF11czGa7DEq3+ZJW+iSLcU/XKn+YJlciQzLwP64 --> y251}dI-grease -zIIT0zZ1oHhvxwQtUM6JsvhIqbQ0fRz5YFJMrxkwk8FDwgIyoKHQhVWNYmFDWhEs -K0QD0scV1HUGGAJdMoePqHw ---- a2PYkwWrS0NFhoL/0IgmuvKRjkORQrotG+RKXVtXeiI -t6!,ޟo.n7JK`ai.c>$W>"8 ssh-ed25519 SKXJUw WuE37itEkLwXXidFy5KSirx2nHJrMSv2s1QtdWX8SFQ ++hQkpae7pD8CddccW/EkXdM9PwLvR9ExhfiMSpDrmR4 +-> ssh-ed25519 B9K/XQ dcFFZZW7YmoIE9t4f5q75Fiydok4dlFvMhUe4AL0glo +VNmnLMMyPMmeaRS9TCve0jFLoOsMOjFinERzbCYb5VU +-> ssh-ed25519 b6YMqg rzXuWZ70pstFv91Pc9rEzX6zQoP7EzFbaVqLztzeDEg +FfdsqfWrWhVp69Y06kMdJLki4SZcsTfQgpGkOV8OEWY +-> ssh-ed25519 Lqn0Yw w34t0WrHrI0X9YPiKuqtA/g4nb5u+MUR5IMhxax94GA +om8lmlCa7b5dFTHgTWkfG0JQlo7SGuOsMKWV+ZyZODo +-> X25519 /D+YDNaHuzjd1qfUVGSzMv/Gme3c7EfnAReZwijNrHU +Mq8c561BFjPNpevYYxZoQlXyukWoJ/FqHMygRVIa8L4 +-> K#M-grease +cqBqOMKVvx0kDafiKK3izbQO2jJWDt0cw1z7iIlO2HQcDyrymtIkwiUcZ0DnjCO8 +0GP/yJXOxwzP/L7+ +--- 9euRtnfRLtKp2uI4YFGFJNNIvn8+YtQ8Ugoki23oSAQ + jR`衺XwD(>CsK`Gd9 ssh-ed25519 LLxJog eSRhmFeLs7fG7lPZ44XaMw1j98q/P9LQt/5Memro+EU -Z5TWxKcZVYJhM6K7cxJV+zUjkYiHb6l2pLx+yCYU2/8 --> X25519 YKwo3Qc5evINbdfZwikjAX0xX1tVmzdcHKD3S26u6WE -apofL5khdAzIXR/8EQhbOK8wyR/XC9xRjPb4D+yvNpU --> {|n)k`|=-grease -9UNdvH8XaUfMKexmVOSLAFqX3hrNvcn76wlY49E5RE247+gMRINSSt6iFqoCQLFi -utHb9c5Rkp813qlNmqJVCX2Ye9VLLMi4Zw ---- 4JWdZtLMWoV8ALYYT/WNBgZhjToxibIVWZhWDUn9Zjw -2ο(dWb*}ĐT6ךiWSRvbdLwh3ivV?صc# sbK(pR"IdE9M \ No newline at end of file +-> ssh-ed25519 Lqn0Yw VmwYgZn0wfCPNmwMot88E5HIt5KQDOQI6ylzQ5WJeg0 +qxaprd2nOEmNjq5uMfN/SG3VYOANsl1mgB0o/7T+2Ek +-> X25519 8JIr+LQxrTRS4E9EyLFKSB/0J207foeHRDhWjLVOZEw +evAK6VTgfMucDrQL2zRu4CI52gIK/TNXH2Tx0iYEMVM +-> <"8l}KO-grease +Rd7ooeg76wEs9x+a5HhTFlS5Y+RK7wZK1SUdI4SknztHMjMwO/FC/w +--- 7c/+kShXCtzYStmGvEF/XzrLiE/LpSHX4g1whtZEBYk + ~O,4H&b9]-SK-l^DJ6aÂ-ɠ) X:NԬ#~&i{pU+ϷUw>b:N/R \ No newline at end of file