move some config to modules

update dae config move dae config to module move openssh config to module change david config location move nh.nix to module move i18n config to module move steam config to module remove kvm config
2025-01-13 16:49:40 +08:00 · 2025-01-13 16:49:40 +08:00 · 85c42efac0
commit 85c42efac0
parent 47dac088a4
17 changed files with 285 additions and 261 deletions
--- a/nixos/configurations/Tytonidae/dae/default.nix
+++ b/nixos/configurations/Tytonidae/dae/default.nix
@ -1,119 +0,0 @@
-{
-  pkgs,
-  config,
-  rootPath,
-  ...
-}:
-{
-  services.dae = {
-    enable = true;
-    openFirewall = {
-      enable = true;
-      port = 12345;
-    };
-    disableTxChecksumIpGeneric = false;
-    config = builtins.readFile ./config.dae;
-  };
-  sops.secrets.url = {
-    mode = "0444";
-    sopsFile = rootPath + "/secrets/general.yaml";
-  };
-  systemd.services =
-    let
-      new_proxy = "/etc/dae/proxy.d.new";
-      head = "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36";
-      update = ''
-        num=0
-        check=1
-        urls="$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.url.path})"
-        mkdir -p ${new_proxy}
-        for url in "''${urls}"; do
-          txt=${new_proxy}/''${num}.txt
-          config="${new_proxy}/''${num}.dae"
-          ${pkgs.curl}/bin/curl -H "${head}" "''${url}" > "''${txt}"
-          ${pkgs.coreutils}/bin/echo "" > ''${config}
-          ${pkgs.coreutils}/bin/echo 'subscription {' >> ''${config}
-          ${pkgs.coreutils}/bin/echo \ \ wget:\ \"file\://proxy.d/''${num}.txt\" >> ''${config}
-          ${pkgs.coreutils}/bin/echo } >> ''${config}
-          if [[ ! -s ''${txt} ]]; then
-            check=0
-          fi
-          ${pkgs.coreutils}/bin/chmod 0640 ''${txt}
-          ${pkgs.coreutils}/bin/chmod 0640 ''${config}
-          link=$((link+1))
-
-          if [[ ''${check} -eq 0 ]]; then
-            exit -1
-          fi
-        done
-        ${pkgs.coreutils}/bin/rm -r /etc/dae/proxy.d
-        ${pkgs.coreutils}/bin/mv ${new_proxy} /etc/dae/proxy.d
-      '';
-    in
-    {
-      "update-dae-subscription-immediate" = {
-        after = [ "network-online.target" ];
-        wants = [ "network-online.target" ];
-        before = [ "dae.service" ];
-        serviceConfig = {
-          Type = "oneshot";
-          User = "root";
-          ExecStart =
-            let
-              script = pkgs.writeTextFile {
-                name = "update-dae-subscription-immediate";
-                executable = true;
-                destination = "/bin/script";
-                text = ''
-                  ${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d
-                  if [ -z "$(ls -A /etc/dae/proxy.d 2>/dev/null)" ]; then
-                    ${pkgs.coreutils}/bin/echo "No subscription file found in /etc/dae/proxy.d. Update now..."
-                    ${update}
-                  else
-                    ${pkgs.coreutils}/bin/echo "Found existing subscription files. Skipping immediate update."
-                  fi
-                '';
-              };
-            in
-            [
-              "${pkgs.bash}/bin/bash ${script}/bin/script"
-            ];
-        };
-        wantedBy = [ "multi-user.target" ];
-      };
-
-      # "update-dae-subscription-weekly" = {
-      #   after = [ "network-online.target" ];
-      #   wants = [ "network-online.target" ];
-      #   wantedBy = [ "multi-user.target" ];
-      #   serviceConfig = {
-      #     Type = "oneshot";
-      #     ExecStart =
-      #       let
-      #         script = pkgs.writeTextFile {
-      #           name = "update-dae-subscription-weekly";
-      #           executable = true;
-      #           destination = "/bin/script";
-      #           text = ''
-      #             ${pkgs.coreutils}/bin/echo "Force subscription update..."
-      #             ${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d
-      #             ${update}
-      #           '';
-      #         };
-      #       in
-      #       [
-      #         "${pkgs.bash}/bin/bash ${script}/bin/script"
-      #       ];
-      #   };
-      # };
-    };
-
-  # systemd.timers."dae-update" = {
-  #   wantedBy = [ "timers.target" ];
-  #   timerConfig = {
-  #     OnCalendar = "weekly";
-  #     Unit = "dae-update.service";
-  #     Persistent = true;
-  #   };
-  # };
-}
--- a/nixos/configurations/Tytonidae/default.nix
+++ b/nixos/configurations/Tytonidae/default.nix
@ -5,13 +5,8 @@
      nixos-hardware.nixosModules.asus-fx506hm
    ])
    ++ [
-      ./i18n.nix
      ./gui.nix
      ./users
-      ./openssh.nix
-      ./kvm.nix
-      ./dae
-      ./nh.nix
      ./steam.nix

      # Include the hardware related config
@ -19,10 +14,18 @@
      ./networking.nix
    ];

-  youthlic.home-manager = {
-    enable = true;
-    unixName = "david";
-    hostName = "Tytonidae";
+  youthlic = {
+    home-manager = {
+      enable = true;
+      unixName = "david";
+      hostName = "Tytonidae";
+    };
+    i18n.enable = true;
+    programs = {
+      dae.enable = true;
+      openssh.enable = true;
+      steam.enable = true;
+    };
  };

  programs.gnupg.agent = {
@ -46,7 +49,6 @@

    element-desktop
    discord-ptb
-    asusctl
    vlc
    btop
    handbrake
@ -57,12 +59,6 @@

  environment.variables.EDITOR = "hx";

-  nixpkgs = {
-    config = {
-      allowUnfree = true;
-    };
-  };
-
  boot = {
    kernelPackages = pkgs.linuxPackages_zen;
    loader.systemd-boot.enable = true;
--- a/nixos/configurations/Tytonidae/i18n.nix
+++ b/nixos/configurations/Tytonidae/i18n.nix
@ -1,43 +0,0 @@
-{
-  pkgs,
-  outputs,
-  ...
-}:
-{
-  i18n = {
-    defaultLocale = "C.UTF-8";
-    extraLocaleSettings = {
-      LC_ADDRESS = "zh_CN.UTF-8";
-      LC_IDENTIFICATION = "zh_CN.UTF-8";
-      LC_MEASUREMENT = "zh_CN.UTF-8";
-      LC_MONETARY = "zh_CN.UTF-8";
-      LC_NAME = "zh_CN.UTF-8";
-      LC_NUMERIC = "zh_CN.UTF-8";
-      LC_PAPER = "zh_CN.UTF-8";
-      LC_TELEPHONE = "zh_CN.UTF-8";
-      LC_TIME = "zh_CN.UTF-8";
-    };
-    inputMethod = {
-      enable = true;
-      type = "fcitx5";
-      fcitx5 = {
-        addons = with pkgs; [
-          libsForQt5.fcitx5-qt
-          fcitx5-gtk
-          fcitx5-configtool
-          fcitx5-chinese-addons
-          (fcitx5-rime.override {
-            rimeDataPkgs = (
-              with (outputs.packages."${pkgs.system}");
-              [
-                rime-ice
-              ]
-            );
-          })
-        ];
-        waylandFrontend = true;
-      };
-    };
-  };
-
-}
--- a/nixos/configurations/Tytonidae/kvm.nix
+++ b/nixos/configurations/Tytonidae/kvm.nix
@ -1,9 +0,0 @@
-{ ... }:
-{
-  programs.virt-manager.enable = true;
-  virtualisation = {
-    libvirtd.enable = true;
-    spiceUSBRedirection.enable = true;
-  };
-
-}
--- a/nixos/configurations/Tytonidae/nh.nix
+++ b/nixos/configurations/Tytonidae/nh.nix
@ -1,11 +0,0 @@
-{
-  ...
-}:
-{
-  programs.nh = {
-    enable = true;
-    clean.enable = true;
-    clean.extraArgs = "--keep-since 4d --keep 3";
-    flake = ./..;
-  };
-}
--- a/nixos/configurations/Tytonidae/openssh.nix
+++ b/nixos/configurations/Tytonidae/openssh.nix
@ -1,37 +0,0 @@
-{ ... }:
-{
-  services.openssh = {
-    enable = true;
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-      X11Forwarding = true;
-      PermitRootLogin = "no";
-      LogLevel = "VERBOSE";
-      Macs = [
-        "hmac-sha2-512-etm@openssh.com"
-        "hmac-sha2-256-etm@openssh.com"
-        "umac-128-etm@openssh.com"
-        "hmac-sha2-512"
-        "hmac-sha2-256"
-        "umac-128@openssh.com"
-      ];
-      Ciphers = [
-        "chacha20-poly1305@openssh.com"
-        "aes256-gcm@openssh.com"
-        "aes128-gcm@openssh.com"
-        "aes256-ctr"
-        "aes192-ctr"
-        "aes128-ctr"
-      ];
-      KexAlgorithms = [
-        "curve25519-sha256@libssh.org"
-        "ecdh-sha2-nistp521"
-        "ecdh-sha2-nistp384"
-        "ecdh-sha2-nistp256"
-        "diffie-hellman-group-exchange-sha256"
-      ];
-    };
-    ports = [ 3022 ];
-  };
-}
--- a/nixos/configurations/Tytonidae/users/david.nix
+++ b/nixos/configurations/Tytonidae/users/david.nix
@ -1,18 +0,0 @@
-{ pkgs, ... }:
-{
-  users.users.david = {
-    isNormalUser = true;
-    description = "david";
-    extraGroups = [
-      "networkmanager"
-      "libvirtd"
-      "wheel"
-    ];
-  };
-
-  programs.fish.enable = true;
-  users.users.david.shell = pkgs.fish;
-  users.users.david.openssh.authorizedKeys.keyFiles = [
-    ./tytonidae.pub
-  ];
-}
--- a/nixos/configurations/Tytonidae/users/default.nix
+++ b/nixos/configurations/Tytonidae/users/default.nix
@ -1,6 +1,17 @@
-{ ... }:
+{ pkgs, ... }:
 {
-  imports = [
-    ./david.nix
+  users.users.david = {
+    isNormalUser = true;
+    description = "david";
+    extraGroups = [
+      "networkmanager"
+      "libvirtd"
+      "wheel"
+    ];
+  };
+  programs.fish.enable = true;
+  users.users.david.shell = pkgs.fish;
+  users.users.david.openssh.authorizedKeys.keyFiles = [
+    ./tytonidae.pub
  ];
 }
--- a/nixos/configurations/Tytonidae/dae/config.dae
+++ b/nixos/configurations/Tytonidae/dae/config.dae
--- a/nixos/modules/dae/default.nix
+++ b/nixos/modules/dae/default.nix
@ -0,0 +1,127 @@
+{
+  config,
+  rootPath,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  cfg = config.youthlic.programs.dae;
+in
+{
+  options = {
+    youthlic.programs.dae = {
+      enable = lib.mkEnableOption "dae";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    services.dae = {
+      enable = true;
+      openFirewall = {
+        enable = true;
+        port = 12345;
+      };
+      disableTxChecksumIpGeneric = false;
+      config = builtins.readFile ./config.dae;
+    };
+    sops.secrets.url = {
+      mode = "0444";
+      sopsFile = rootPath + "/secrets/general.yaml";
+    };
+    systemd.services =
+      let
+        update = ''
+          head="user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"
+          new_proxy=/etc/dae/proxy.d.new
+          num=0
+          check=1
+          urls="$(cat ${config.sops.secrets.url.path})"
+          mkdir -p ''${new_proxy}
+          for url in ''${urls}; do
+            txt=''${new_proxy}/''${num}.txt
+            config="''${new_proxy}/''${num}.dae"
+            echo \'curl -LH \""''${head}"\" \""''${url}"\" -o \""''${txt}"\"\'
+            curl -LH "''${head}" "''${url}" -o "''${txt}"
+            echo End curl
+            echo "" > ''${config}
+            {
+              echo 'subscription {'
+              echo \ \ wget:\ \"file://proxy.d/''${num}.txt\"
+              echo "}"
+            } >> ''${config}
+            if [[ ! -s ''${txt} ]]; then
+              check=0
+            fi
+            chmod 0640 ''${txt}
+            chmod 0640 ''${config}
+            num=$((num+1))
+
+            if [[ ''${check} -eq 0 ]]; then
+              echo "''${txt}" is empty
+              exit 103
+            fi
+          done
+          if [[ -d /etc/dae/proxy.d ]]; then
+            mv /etc/dae/proxy.d /etc/dae/proxy.d.old
+          fi
+          mv ''${new_proxy} /etc/dae/proxy.d
+        '';
+        updateScript = pkgs.writeShellApplication {
+          name = "update.sh";
+          runtimeInputs = with pkgs; [
+            coreutils
+            curl
+          ];
+          text = ''
+            mkdir -p /etc/proxy.d
+            if [ -z "$(ls -A /etc/dae/proxy.d 2>/dev/null)" ]; then
+              echo "No subscription file found in /etc/dae/proxy.d. Update now..."
+              ${update}
+            else
+              echo "Found existing subscription files. Skipping immediate update."
+            fi
+          '';
+        };
+        updateForceScript = pkgs.writeShellApplication {
+          name = "update-force.sh";
+          runtimeInputs = with pkgs; [
+            coreutils
+            curl
+          ];
+          text = ''
+            ${update}
+          '';
+        };
+      in
+      {
+        "update-dae-subscription-immediate" = {
+          after = [ "network-online.target" ];
+          wants = [ "network-online.target" ];
+          before = [ "dae.service" ];
+          serviceConfig = {
+            Type = "oneshot";
+            User = "root";
+            ExecStart = [
+              "${updateScript}/bin/update.sh"
+            ];
+          };
+          wantedBy = [ "multi-user.target" ];
+        };
+        "update-dae-subscription-force" = {
+          serviceConfig = {
+            Type = "oneshot";
+            User = "root";
+            ExecStartPre = [
+              "-${pkgs.systemd}/bin/systemctl stop dae.service"
+            ];
+            ExecStartPost = [
+              "-${pkgs.systemd}/bin/systemctl start dae.service"
+            ];
+            ExecStart = [
+              "${updateForceScript}/bin/update-force.sh"
+            ];
+          };
+        };
+      };
+  };
+}
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@ -17,6 +17,9 @@
      ./nix.nix
      ./home.nix
      ./sops.nix
+      ./dae
+      ./openssh.nix
+      ./nh.nix
    ];

  config = {
--- a/nixos/modules/i18n.nix
+++ b/nixos/modules/i18n.nix
@ -0,0 +1,54 @@
+{
+  pkgs,
+  outputs,
+  lib,
+  config,
+  ...
+}:
+let
+  cfg = config.youthlic.i18n;
+in
+{
+  options = {
+    youthlic.i18n = {
+      enable = lib.mkEnableOption "zh env";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    i18n = {
+      defaultLocale = "C.UTF-8";
+      extraLocaleSettings = {
+        LC_ADDRESS = "zh_CN.UTF-8";
+        LC_IDENTIFICATION = "zh_CN.UTF-8";
+        LC_MEASUREMENT = "zh_CN.UTF-8";
+        LC_MONETARY = "zh_CN.UTF-8";
+        LC_NAME = "zh_CN.UTF-8";
+        LC_NUMERIC = "zh_CN.UTF-8";
+        LC_PAPER = "zh_CN.UTF-8";
+        LC_TELEPHONE = "zh_CN.UTF-8";
+        LC_TIME = "zh_CN.UTF-8";
+      };
+      inputMethod = {
+        enable = true;
+        type = "fcitx5";
+        fcitx5 = {
+          addons = with pkgs; [
+            libsForQt5.fcitx5-qt
+            fcitx5-gtk
+            fcitx5-configtool
+            fcitx5-chinese-addons
+            (fcitx5-rime.override {
+              rimeDataPkgs = (
+                with (outputs.packages."${pkgs.system}");
+                [
+                  rime-ice
+                ]
+              );
+            })
+          ];
+          waylandFrontend = true;
+        };
+      };
+    };
+  };
+}
--- a/nixos/modules/nh.nix
+++ b/nixos/modules/nh.nix
@ -0,0 +1,10 @@
+{ ... }:
+{
+  config = {
+    programs.nh = {
+      enable = true;
+      clean.enable = true;
+      clean.extraArgs = "--keep-since 4d --keep 3";
+    };
+  };
+}
--- a/nixos/modules/nix.nix
+++ b/nixos/modules/nix.nix
@ -7,6 +7,11 @@
 }:
 {
  config = {
+    nixpkgs = {
+      config = {
+        allowUnfree = true;
+      };
+    };
    nix = {
      nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
      settings = {
--- a/nixos/modules/openssh.nix
+++ b/nixos/modules/openssh.nix
@ -0,0 +1,47 @@
+{ config, lib, ... }:
+let
+  cfg = config.youthlic.programs.openssh;
+in
+{
+  options = {
+    youthlic.programs.openssh = {
+      enable = lib.mkEnableOption "openssh";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    services.openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        X11Forwarding = true;
+        PermitRootLogin = "no";
+        LogLevel = "VERBOSE";
+        Macs = [
+          "hmac-sha2-512-etm@openssh.com"
+          "hmac-sha2-256-etm@openssh.com"
+          "umac-128-etm@openssh.com"
+          "hmac-sha2-512"
+          "hmac-sha2-256"
+          "umac-128@openssh.com"
+        ];
+        Ciphers = [
+          "chacha20-poly1305@openssh.com"
+          "aes256-gcm@openssh.com"
+          "aes128-gcm@openssh.com"
+          "aes256-ctr"
+          "aes192-ctr"
+          "aes128-ctr"
+        ];
+        KexAlgorithms = [
+          "curve25519-sha256@libssh.org"
+          "ecdh-sha2-nistp521"
+          "ecdh-sha2-nistp384"
+          "ecdh-sha2-nistp256"
+          "diffie-hellman-group-exchange-sha256"
+        ];
+      };
+      ports = [ 3022 ];
+    };
+  };
+}
--- a/nixos/configurations/Tytonidae/steam.nix
+++ b/nixos/configurations/Tytonidae/steam.nix
@ -1,6 +1,14 @@
-{ ... }:
+{ lib, config, ... }:
+let
+  cfg = config.youthlic.programs.steam;
+in
 {
-  config = {
+  options = {
+    youthlic.programs.steam = {
+      enable = lib.mkEnableOption "steam";
+    };
+  };
+  config = lib.mkIf cfg.enable {
    hardware.graphics.enable32Bit = true;
    programs.steam = {
      enable = true;
--- a/secrets/general.yaml
+++ b/secrets/general.yaml
@ -1,6 +1,6 @@
 ssh-private-key: ENC[AES256_GCM,data:hT2/OaZBAXK8eQe0qAxHw8nO6Z9ErzUdGWUgN/0c04NKUz6dyynKXsSEE7sC/P/WfUCOTXVgf7u/SY2/hMBG2tpceEwx2FDVJnUDF6Wi/2U8C1z3TjBitjYY1apku3lMTNYF7GwflUA+lB3xcKJ9dKnJlU/5moPqCf58G5w9DFXM1YJcUfVQ1Cl5MKguJkxpSw4MMm7QxGhruX5C/a84TYIZC/IHll3f1e6qvM+5TEibXIa9LBMcT7pxw4SQ/vhPmAJO54/GHbktTHxkjPbo2keGr3J1Im+TlX9OB81cbNZMxIn++Igw9iffF0LZmudmndLhWFPUK0itpkP8pjMY3rIrI6KsPG/7w4zQMO0p6rNfeGjkLvKp3mj5mYRlBdMaqtiqngAxzelsKaVhXlO+JXR+qdpONico8mRP+f3KSJU6gmGCIw0RNFcBlV/NN2VNUTxBS7/cwYGKF1kkb4Or9h5l5N7Ta1U5m2PEYclrneuclx6fdKXfChLG65E0l86EgpMyC6hHSL1x51e8QJSnHBkbjAMI59Kj9sy4QE8J4/a3q1D/sr/bn2t2Y7W0CckK7iPqyeiA0RSXiIVZ,iv:QVQCQJyc2ZgSzBpJ2MIrjgxBKghpr48k9yGzBUIoffg=,tag:3zo3vzwqWhQkAWB4N4R0NQ==,type:str]
 git-credential: ENC[AES256_GCM,data:Rt6ccMJ+D/Jv1U7Ex51j4zIKp5KIyPFJdWZwJyW6liU5CHxBfrFWeNOJobhT5tFPrhzHRUI=,iv:f2SYFKpAcHoKG3dMsniKRi02EFDzwgzzli5Qzw8CWqo=,tag:hUi0FAZ7+2+mcqUsz5HtbQ==,type:str]
-url: ENC[AES256_GCM,data:n152X334cpUJXgm/0D+mbF2xDOSq/xT4xO3rBLjxEkcAexkn7lIm2mHKLaumBO0M7YC6gP/AVZlhOrpC7EtwwyzvxFgZIYBT0u3pKRpp2ifedMXd/7iKq45vu3xltX8blFF5TcMslO4UsXJEc+NxnCMS/PvO,iv:RWFUzHi2t06CqY1fHPTFUJevyW0bXc1xuhsjfZd3UAw=,tag:BWGxxAtfoJ8tbbbKbkzQRw==,type:str]
+url: ENC[AES256_GCM,data:ouWl1losoEBxgUYkZLGhcA7bmqJG0ivx8wNoYx64+lvOVNzg0Q0wp8GFK1ikRQAq2gljiYoLlbGAehePpadAIgePQKP03LC65EzME/gynjZpq2FC9shm75SnymH7imhYcvEVidpoDR/FDBmsTLqAvbV2nmF+,iv:KKr2S1faSHAuiLvGiKdgiJXXrBoXY7qDGfvPuHEi1C8=,tag:srSWuFwGVkLE2GB9yhzTXw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -16,8 +16,8 @@ sops:
            dTkwcThVQTNYZ0RKWnIwMEgzQ2lYMVEKWs0OsGlPCRfsjZwntyVa6RGhZLye35kX
            3PDxZ66jP63OGi5Hai17fp5IvT3/mIRWh6UMq44TFz9OQoUWCymakg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-12T08:58:47Z"
-    mac: ENC[AES256_GCM,data:XXdGGA/S6tg3xlsLwEtRjLHIVRRQHR2MBIeZv+9VtGYG1cBJD64RGZBCAJ5Jaw7WctcqZqj0Q1C9rIgNyv8ZYJTum3ok469WNFfcoDkPCr12nAO7vujvZp5xA5KfOdiP3wrHmorD4hl8qfv2oURm2RDcfzMIL2LWgNiwWndXs+I=,iv:RVHpsunJlOzN3QxxPfQdkUiC+Tf71j4L7SGEeTfDzYM=,tag:BgMqfCz1RG5Kl5PCIf/HdQ==,type:str]
+    lastmodified: "2025-01-13T08:37:59Z"
+    mac: ENC[AES256_GCM,data:7Y1fHRBvU1HqNeX8R0s/zduiH96z2xLR4Mf4X4v1UYG/uhMk2MJ42Q8dHyK6HCeR0m81WiPal5zZRSWQzwxCSC9GDZiUTJhacsTazqXbqZHGyKm3IW5lFP21dqNqZQ//cIM+VVg/KpqFRHOOqA0gSIjMJxgef7nC7jm8vWTbr9k=,iv:dJ31SWiGYdnoRaJwrex6UlarTofdr02zosMF63GDJQI=,tag:mdIqQqiUyPXbK5JCKZsXuw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.2