From 6003922b4f0798dfc24b429e86457c5894c3fb45 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Sat, 30 Dec 2023 00:40:03 +0100
Subject: [PATCH] feat: add samba vm; use cloud-hypervisor while qemu is acting
 up (2G ram? DSDT table fucked.)

---
 hosts/ward/default.nix                        |   1 +
 hosts/ward/guests/samba.nix                   |  79 ++++++++++++++++++
 hosts/ward/secrets/samba/host.pub             |   1 +
 modules/config/boot.nix                       |   2 +-
 modules/guests/microvm.nix                    |  10 +--
 .../sentinel/loki-basic-auth-hashes.age       | Bin 1832 -> 1977 bytes
 .../promtail-loki-basic-auth-password.age     |   9 ++
 .../ward-samba/telegraf-influxdb-token.age    |  10 +++
 .../proxy-sentinel/keys/ward-samba.age        | Bin 0 -> 411 bytes
 .../proxy-sentinel/keys/ward-samba.pub        |   1 +
 .../psks/sentinel+ward-samba.age              |   9 ++
 11 files changed, 113 insertions(+), 9 deletions(-)
 create mode 100644 hosts/ward/guests/samba.nix
 create mode 100644 hosts/ward/secrets/samba/host.pub
 create mode 100644 secrets/generated/ward-samba/promtail-loki-basic-auth-password.age
 create mode 100644 secrets/generated/ward-samba/telegraf-influxdb-token.age
 create mode 100644 secrets/wireguard/proxy-sentinel/keys/ward-samba.age
 create mode 100644 secrets/wireguard/proxy-sentinel/keys/ward-samba.pub
 create mode 100644 secrets/wireguard/proxy-sentinel/psks/sentinel+ward-samba.age

diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix
index 343d9a9..f4fb8f8 100644
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@@ -88,6 +88,7 @@
     lib.mkIf (!minimal) (
       {}
       // mkMicrovm "adguardhome"
+      // mkMicrovm "samba"
       // mkContainer "forgejo"
       // mkContainer "grafana"
       // mkContainer "influxdb"
diff --git a/hosts/ward/guests/samba.nix b/hosts/ward/guests/samba.nix
new file mode 100644
index 0000000..58e44a2
--- /dev/null
+++ b/hosts/ward/guests/samba.nix
@@ -0,0 +1,79 @@
+{lib, ...}: {
+  services.samba = {
+    # Disable Samba's nmbd, because we don't want to reply to NetBIOS over IP
+    # requests, since all of our clients hardcode the server shares.
+    enableNmbd = false;
+    # Disable Samba's winbindd, which provides a number of services to the Name
+    # Service Switch capability found in most modern C libraries, to arbitrary
+    # applications via PAM and ntlm_auth and to Samba itself.
+    enableWinbindd = false;
+    extraConfig = lib.concatLines [
+      # Show the server host name in the printer comment box in print manager
+      # and next to the IPC connection in net view.
+      "server string = my-nas"
+      # Set the NetBIOS name by which the Samba server is known.
+      "netbios name = my-nas"
+      # Disable netbios support. We don't need to support browsing since all
+      # clients hardcode the host and share names.
+      "disable netbios = yes"
+      # Deny access to all hosts by default.
+      "hosts deny = 0.0.0.0/0"
+      # Allow access to local network and TODO: wireguard
+      "hosts allow = 192.168.1.0/22 192.168.100.0/24"
+
+      # TODO: allow based on wireguard ip without username and password
+      # Users always have to login with an account and are never mapped
+      # to a guest account.
+      "guest account = nobody"
+      "map to guest = never"
+
+      # Clients should only connect using the latest SMB3 protocol (e.g., on
+      # clients running Windows 8 and later).
+      "server min protocol = SMB3_11"
+      # Require native SMB transport encryption by default.
+      "server smb encrypt = required"
+
+      # Disable printer sharing. By default Samba shares printers configured
+      # using CUPS.
+      "load printers = no"
+      "printing = bsd"
+      "printcap name = /dev/null"
+      "disable spoolss = yes"
+      "show add printer wizard = no"
+
+      # Load in modules (order is critical!) and enable AAPL extensions.
+      "vfs objects = catia fruit streams_xattr"
+      # Enable Apple's SMB2+ extension.
+      "fruit:aapl = yes"
+      # Clean up unused or empty files created by the OS or Samba.
+      "fruit:wipe_intentionally_left_blank_rfork = yes"
+      "fruit:delete_empty_adfiles = yes"
+    ];
+    shares = let
+      mkShare = path: {
+        inherit path;
+        public = "no";
+        writable = "yes";
+        "create mask" = "0660";
+        "directory mask" = "0770";
+        "force create mode" = "0660";
+        "force directory mode" = "0770";
+        "acl allow execute always" = "yes";
+      };
+
+      mkGroupShare = group:
+        mkShare "/shares/groups/${group}" {
+          "valid users" = "@${group}";
+          "force group" = group;
+        };
+
+      mkUserShare = user:
+        mkShare "/shares/users/${user}" {
+          "valid users" = user;
+        };
+    in {
+      family = mkGroupShare "family";
+      myuser = mkUserShare "myuser";
+    };
+  };
+}
diff --git a/hosts/ward/secrets/samba/host.pub b/hosts/ward/secrets/samba/host.pub
new file mode 100644
index 0000000..8907406
--- /dev/null
+++ b/hosts/ward/secrets/samba/host.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA2o/BF7dSaGgbmgYwHlT+jKu2ojlhNs/fXjcBDTAtcN
diff --git a/modules/config/boot.nix b/modules/config/boot.nix
index 9c4fad1..9899bad 100644
--- a/modules/config/boot.nix
+++ b/modules/config/boot.nix
@@ -14,7 +14,7 @@
       };
 
       # NOTE: Add "rd.systemd.unit=rescue.target" to debug initrd
-      kernelParams = ["log_buf_len=10M"];
+      kernelParams = ["log_buf_len=16M"]; # must be {power of two}[KMG]
       tmp.useTmpfs = true;
 
       loader.timeout = lib.mkDefault 2;
diff --git a/modules/guests/microvm.nix b/modules/guests/microvm.nix
index b7b7d74..9f9bbeb 100644
--- a/modules/guests/microvm.nix
+++ b/modules/guests/microvm.nix
@@ -29,16 +29,10 @@ in {
     lib.microvm.mac = guestCfg.microvm.mac;
 
     microvm = {
-      hypervisor = mkDefault "qemu";
+      hypervisor = mkDefault "cloud-hypervisor";
 
       # Give them some juice by default
-      # TODO     aaaaaaaaaaaaaaaaaaaaaaaaaaa
-      # TODO     aaaaaaaaaaaaaaaaaaaaaaaaaaa
-      # TODO     aaaaaaaaaaaaaaaaaaaaaaaaaaa
-      # TODO     aaaaaaaaaaaaaaaaaaaaaaaaaaa
-      # TODO     aaaaaaaaaaaaaaaaaaaaaaaaaaa
-      # TODO     aaaaaaaaaaaaaaaaaaaaaaaaaaa
-      mem = mkDefault 1024;
+      mem = mkDefault 2048;
 
       # Add a writable store overlay, but since this is always ephemeral
       # disable any store optimization from nix.
diff --git a/secrets/generated/sentinel/loki-basic-auth-hashes.age b/secrets/generated/sentinel/loki-basic-auth-hashes.age
index ca74497c2650217733ce182434e9fc801c667fb1..2b478b7b2da6bcb7f6470b41d702936fd1f472ea 100644
GIT binary patch
delta 1967
zcmV;g2T=H^4!IAIAb)mvbvAS}craLYaCLNMMlw%yOJZ&-OHoibVp>T!WOsH!XhBI!
zQCUeya|$$YaAHVqFk(!4bu)EMFkxv>YH~(yD>hMiWmGm)Z%{&6V?;=DWNl_zGzu*~
zAaH4REpRe5HXwL$Q)M_&AVFw1WJPywV=F{sFj-18HfB&!cz<(IQ)EU)PhoCNR(MTO
zY;-nFZA@ovLNf|xIca!US5z=*LRdq1a8yuQIZ#Y9Rb_2fQF2x@cq?NyLU3bCW^zt-
zZAl6(J|KBXb8;zSEoX9NVRL05OiExNXft0x3RG!VS87r#PFXWIHBESIR!4JrFEL^?
zbT~6&HBE6jaDQw<WolYlK}2mYZZa`(HeqvOFKc;6Pi8P@bZt2+ad`?&OGsx>D@j&T
zVMb_FD`t2xHZN*(c5zijc2P}nPf|&9G<ZvCY(jWgM@4mEMPqR}b4gKpD^pcSa$|Ei
zcM2^nEg()gOi(X5Y*=hmHbihqQEyIiQ*lswc1Bq^Qhz}*SU4{)F>W?xaaKlTFmnnk
zzQ!@OpK7r+6KJwpOULB1m-a`KnUkCq$j0iG0QZMCEE#EC3yZNd#Yh)~s+{2)ih{tW
zRbC?><;^-KrvZq;jDMtoiQ|~aH}uV$hcY^<R%UnezP4mj7A!^@W(yNkzN$KWPwM%G
z3Eo<llYhZaNs1eBsb$+)xRW%WIyPKz3o2{&!cDhr@|SlWrAyffLSAE=0=$j{w=8MU
zVQ;KFX)G}BBUj$!`pwY>yFTU96hGGb?z!St@Jixy=qD6Z=&BsHlnG^`Jo@<R27MW0
z^%lKKQmzw#UuNM@NG;MQPK5R-%zjmo#G=9D_kU%sYZ6L<P4i+;+jvR=Ako%4^VI-l
zTnTsRZbZ{;|KdGi`{dpuPk5~#Z9miyGG|dX6#91;uuB1chl%qQ8ZhFdhhPUQ1Pz>H
zxl*BSxjiTC(1U5ng1^;6cGW4#dsiDXK@4;@%;(p#waykz<oRMCfbv|RDpNC!g2$p2
z-hXc_*{*dl`^L#=_Czf5^!MnNLbADdJ0Z*_p5|J)B5pxfn`s#973OF#)QgnQ+}CRj
zLs(UnvN<Fs-St<~M&q}J1<KVbh)+wa@R3kP_q4Kky+B8&uHYVTo8*q8i^kF{67d;6
z>*<;kiXO;kpRBWFRXgJz8wXG}p*RF0?0<q9ufrR-A*xG=mwn|_t>OJ13Ftu*RX_nz
zuE@W!Zx&w0pgd~b@(HCYb)k96VnmI$W2W&cYMd@>8?g^M{TnUmjpr<r^A<LI=@TiR
z<0TBDfuvVh4rPBVqDY_KJ0n6T5@%j39Ji}AVIq%y4^8v2E>F2-fQRx7gG{Csa(`JL
z-8py?)q%1&eg}`u=F~Pev6OjoTS-~y0RJoujQTkPKPph~3u5;P1F0Q%y=t~UPn>%?
z1S>L{q9XRp4F3!+^S3F-aOf7g32}t&7P-lg>jRC8;$uaPje2r{EHvINXh~c1DM_hI
zQ!%o8zX?ulEcA7T{fl1->6mylHGgN0#0<xucPMCWP!Txwj6X0YEzSnF3pZ#2$`!V{
z)O1Y}@G(<z+M5%AywQ03v4;f+R5tv41M{mLEj!M|mr;61Ep1CodR3@+F=HlKdnD<C
z{y6@1zBr+OW2%fc%7U^j&ARTg6D<n_vt*t;jsC*Tu!h}3LKE8WgzlgvD}QKuaH>36
z#WXizSHVD(d69_6<V<8k%>W`y+jdHgKBWw$g~nt#<ODmCR&=}Avr+k<>nE3tUqxJv
zBYuk4*$>qG#2|j@X)mO8GhCqT%mc~P4g3j3wYD;&zvIe)L`K%Eulcwc?!J~$kPyMg
zGtRM@>tT%Z*arVxD@Cyv?0;Ar{b*^PFt__3#BUw$yW&n%_@QBGs#0id$59JJw+xD~
zN~G<5V{G<eSCX!rBegr8!-sayUc~DPu(z;QD>I)M#!KTg>1O#6#iZ1q?nH58{|9PV
zTk6Qmv6nrOT7h--f#Wtb*L;(OVRY9fzdCG3W!=e>%;=%2x995W34hJcn$?ITH!>p4
z3}((GitQadaZy_p2GW-Yuu_}w`K07Y>Rj1RYCg;S?guhOi@E(KU%2$26*L+S&B{lW
zJaY|38dO^^mofcqt+GhJdGzN34E@+;)m94I5=ntFbH_=Zprl$8#6FN+mcVwd1O3cv
z+VYOo_)Rde41;?241X;|zw!{~mSFRT2&4r-3*%hHVWOKdGC`eT#bOY006XOrs2k{o
zz4AG)2@3+iiSlvUOnyF>P2VXjt8yQ9FKxG|!!)EuIC*QMghU55)lXOw&(qCULrwF~
z-y*lPg<1s2Cb{g4et>W5@(G-)EsdXwcFXN6k7xTzFi5+JhJW@a-6-T5#cbtg^)f{9
z$>vFC*#Xx2Uk^9TTErBOtB3_72h*g`GQI9^YP8meRYKR5nSL?X;Y5ZZW5`0)A5@i*
zG{g_`3hQwZ%U}}mIIG+M#Zq`GMC*+FZjpkrzfEzNcR5o1GjOf07hA*=SFX~^S{x^8
zVYB*h;<i8QB`DJRG>=`<<~Ryh!y3xrJt49lyIZKcDT$!)<zx`Yt+#908hvcZoXKEc
BgiQbd

delta 1821
zcmV+&2jcj-52y~1Ab)d3YH~?udQ~}hPh(;@GgogyM^!g6cSvqEaA;I?W;HWUdNyZI
zVK8<^V+w9<M{#p`HCHlhMOIUHR!=cPLQFR{NOMIqH%3=#NpW*IaWrgCWldFDI0`L3
zAaH4REpRe5HXwL$Q)M_&AVGO>SV${YYIR~(Om8-CNm)cWQ-4=AW<_T+Zb2_^NlbWf
zbZ$sdMN&0WQdSB@P){#ZN>gh!Xm5INc{X@bZ%a0JSw&`WG-FLKOK2}rLq=^>S8``z
zIb#YfJ|H1(WkYZ+XL4m>b7dfSa(X=?AaZ^nVn2O&AVW87C<;PZX=!COWHBpiK~;BX
zPkKjBSZh#nWPejnVJ}8@Y&Jr6cv^5YPkL=>b#Q5CN^&?WaCCTCO-*NFG;w8dYD!HC
zcU5XDc4AseOHnc_LR47_EiEk|SZPm6XIE80PIqN)F-B`vc62m(FLOp$VK{Sbc~V1q
zNK{TkS!+}{Ojub8S#G;pChUDhps6iQJRX-#T`{2;?|)HWC)iz1-uU5c;?);Tm>R8x
z04d;0$+2shE}(3BRkZ-rO+hzAZt(CHxTtu$MSQptQx;q1A|Ncn`n#R}4gKYn!o#UC
zYxCO62|6%Lsl~kdPAc>K?Ty<Mf7x`{_m$a!6xXZkt=NxYYYMV%Rll~ZV1Q9n<%CK8
zJjMTuGk-jCxNvEV;M^f8cPCN<%=%f{(tKgT#K@3Gt2$<|uF8`EWDM3xf4znEhItd~
z_uaj`91ujpA7ShvDS~_F^We^Yi#1Q|*RBiz%4tztM-fMGsOVG#3);>#66}tEhOw<*
zdX}lW!ZaW`qudxCTNbba`cVEP4UK8C`0)lTRDa;=ULufXSL-$gA+P{Rj$K8T<8@=D
zASFM7+!!+(Z*v7fal%UA>_6Gf|80<+kKAo|=dp5>`Lb;<H|>-3+K|xUe5)9URJFO(
zcc-?PB;?;Uv6Pm!YPa{HJ0;39yE1~GMQ3I(bzh3}47R&>`2p&{K7WZ%Ff+Vi$|B=g
zdw(Uer2YZ8i$qpg?luT{#rPL`zextjiQ4P(3E2|DPF(7^a>rt#;PyuS3!h7P1`vo4
zL1%LgIdLH|my@)6!sd_R0zH5I@XN7!DZ8gS4l%)PmTr|{tn9Ev*NKL>0J(OLPrI*$
z$U#&06;{&r3cqn#x##8}H!XUCUF)zOq<?;ejq|^*x=9_?BbCWas`dMv?2jQ5c?8&U
zPnKGV#sT?TmqFO1Q;g5=zq$79=3RG?x6g+T!`ccPzofGbAO+#QC;>njc5S_+aEoyY
z0YQAlck?v}zhOmZ20?ucG*UG94$eVAN-7ztAN$$VgDzXOWl(pn)smZ{t8ox0R)427
zn6c({XD($^X4D1eirw3*mV2a8lfEy8W!C)tWnIkD8x!y0EggKsm|mj0o013)KNhlo
z(V}HZQpY+GMsd-g-4mxkmS;IRF>Zbu>t~3}#4*Ow0feH`??5dEBXB-j56}W3<xu2b
z_NAc-PqgEf7)I_R3&i5IX|-lWw|^x1(L?RKGmAQxi4z;|FA+Ofp=76;O{ul*Dsy2E
z0K)L}fG198wSJ)ldAk@|OL39iRZd-lbpUUN|Mb2I9m{xSd_azlDgkwSAiBPVe3%sv
zD8LkfUDSk+_V@n-taXjbqdpx=Fb+nPXfjtNLa%B7(f>47Ic?m*O=76c3xC)S9w!}{
zep49Mo9Q<_=g$UsQ|qAV8HpZp6y0#Wy3nCbX|gR38F`Vb%yYPq^|G?5-JwTOB<UGw
zKRz5;Tyr)7-0WZvZ<v0H9&WP{N>m*?Ou2R{NV8MLT77>tB@I&EDZWO9{7*#wnE>@O
z;^uKUnlEjz&bgxW4<XWC_J7%7g`OxQ`l`c|BjIsU&W<9wA{<7?$#S=Uzn0kqO6&Zw
z&$phQ<E)cK3yJsfouXLtisv&ELIA>t4IUrM$ecxz&T6Zsg=6YM0*Vi+pCctSf0c(J
zOONq!<zWBmdluPoe(N3*$!h39#nv(23TO?7I8?ZVfN^lob+OMJfq##PTVd27nhr>@
zew)??dS&IhE5ZQbIKXymg;j{Esym>-@^3yu4SpDeaY18b>s+zYERoMQ`nqZvi2w7v
z^Yem?%};2?eQx*%w(@bPyThnh4#hAC)pFm;%FB}Z1IkU`B?;twK$OTzK3>(v3U0_*
zKPT>uN9PVV)`9xbBY*U3WDIB8N4pb)W1T8R4cZ-_^93?k*NmJ?@5H_*A{Y%I!ujn4
zFfDFOi>sN#g4jgm9GoV3CPT&q@n0@BRcRia@Mg<6sF(RhzMQ|6)3qCYgfE>-F&%+&
z|LunLuq&yKC?0Tx)7_WsJ@$KkigvZ{i06!+%@j9PP*R~5N*0YnnGqO5+_mPB%?3EN
Lbqq6yvSOVJO9M(T

diff --git a/secrets/generated/ward-samba/promtail-loki-basic-auth-password.age b/secrets/generated/ward-samba/promtail-loki-basic-auth-password.age
new file mode 100644
index 0000000..2427073
--- /dev/null
+++ b/secrets/generated/ward-samba/promtail-loki-basic-auth-password.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 VXnt/2EgidEeT+xP1NLiCISqVSxXxQIk6jyUYp2UvyY
+8+s2jh+w5jHilXrN0/jLk9qcNTrzbBH+8SruiVxKimM
+-> piv-p256 xqSe8Q A0c1eWdEhyDZBwW35WMeoEkL2UHZ48+T9U/5MJIFMT64
+UcSEjybPFh0SBuQeP7HPXBRyrAgpvHjNaUZAt/DQoY4
+-> |0zgU|-grease 63{Dc,7[
+Iwt2EGyPbA7zyjPoAMNcYwc8uOhtGnq5uJ5g33mB4632cKTwEUh3/sULcrg
+--- 5lYc3xSfV/0oiVJPUoI6NBTmlnILT4JIynUaDgSzn6E
+�
�%��A�Pչ�~����I��8ZF���vrBdn�����>X��V�J"MR�p�N�����I��@��Oci��F�Vf/���
\ No newline at end of file
diff --git a/secrets/generated/ward-samba/telegraf-influxdb-token.age b/secrets/generated/ward-samba/telegraf-influxdb-token.age
new file mode 100644
index 0000000..88f2d48
--- /dev/null
+++ b/secrets/generated/ward-samba/telegraf-influxdb-token.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 6UhPPx1l2ceeVs13Y5BSia3JQIi6f8OazknTMGENTi0
+NqiM2cikBRckHaPaMq0mabnK4dFHNnNjjtmkSqmSeog
+-> piv-p256 xqSe8Q Avc3Ub0saSzmzsvo9EH9KQde3hFIwTDgp1wWWFX++Mmf
+s9bGQC7JDix9yK8JJ0JnzMV6ELRYBXBMEcWcU4KKtv4
+-> ?-grease Fzc>D# %\]sGPqI
+FIDEJhsloQM+DdMbAT5D3W5/Qq9Au1W+s+zcZCC1T/YSqWwMgqiv0g4yZD0LJ2cq
+HzCQwsIMTulawmM
+--- fYkQkfbRMQIQwchhdTvB9+NCicxDA21tOVIDLfiFr6E
+��#4c�JG����G�cP\D�[��Z�h65�A����v����//ᶵ區dtÏk~��
�x��|w�)�-��>+
\ No newline at end of file
diff --git a/secrets/wireguard/proxy-sentinel/keys/ward-samba.age b/secrets/wireguard/proxy-sentinel/keys/ward-samba.age
new file mode 100644
index 0000000000000000000000000000000000000000..cd610b666af077e33b2f0809dc8bd45529f6e917
GIT binary patch
literal 411
zcmW;Fy^oVn003}}g9$Mgql1$MH5Uhh_@Ix{<q`_CXK8zFPf8&!P#&+8_LcGtiE(go
zc5pQgI+*h>xWvWTr0Z>`gCCQLn~O2}`v-mwMl2%pxQfzXL+)>4%;kV$59k>WA!yNS
zUsn|Yh<*o+%e-L9rk`rU#1ixo@E-|^Dn)#eGO|=9l&<kGNZi<OU|;Y^XOg905cb>_
zWBBVlAWjly3D9fLkpB%)kh2jFMY`M`BWX;_%_i)I;RCE|1}{|EvMHBfS(zlmoV)?S
zC=+sV2(8s<N~o^AP2@u|cl(RkQWyAygYp`OD@9cr9ndnY%Aa;03X9><{Qp%l6BftF
zNf5n%P#if5jr1uM;03b$j9VdMxP46))wnQi$*$UC4>m%IWm)>r?$xR}h}ELTM3ts+
z$n^Tw+8iaR8Ja0$*fSIjJml0G_4o#*e@@T#w2L?Ie7u$S_Rrdvj$gdGaP_Ts^6XUm
y{d5;UxxIJo%kcZ3E1%5tGI#px=j+}1yLSEN<@25R?Ze>fkL%~sy}Rzo`|V%N@s8sF

literal 0
HcmV?d00001

diff --git a/secrets/wireguard/proxy-sentinel/keys/ward-samba.pub b/secrets/wireguard/proxy-sentinel/keys/ward-samba.pub
new file mode 100644
index 0000000..f87ceba
--- /dev/null
+++ b/secrets/wireguard/proxy-sentinel/keys/ward-samba.pub
@@ -0,0 +1 @@
+asqe5nbJExWAkFYKMI5dU+kOHc8xjXVZhVHHA20vIhM=
diff --git a/secrets/wireguard/proxy-sentinel/psks/sentinel+ward-samba.age b/secrets/wireguard/proxy-sentinel/psks/sentinel+ward-samba.age
new file mode 100644
index 0000000..6e23897
--- /dev/null
+++ b/secrets/wireguard/proxy-sentinel/psks/sentinel+ward-samba.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 cQvEGnbo1Wo9FS4XUPCKHp0/pKHkvwg4urp1ZMORHmE
+CXuF3BABclq0QalxNKB5yinv/GOLMJnHSipUq7ACj20
+-> piv-p256 xqSe8Q ApAldhAhhZ1A6c22RQoHAjyIV0fhjHSrfOJoHLXJ3ADd
+iEZNUFnM8Dgdk1vzjRIcKSrAlqpUFfzpQ/6i4M81aj4
+-> Hc?]K-grease
+RQ2gyBQ
+--- EPuuqmyDIh8sGGCiXyHzSgFB8b7Gm8PK+HU3xOJQW/8
+s]@�C�w�9	�_pH00ƅ��~tHOոX'��a��R��Z�?�û|L04�[J�|t����[4r�o
\ No newline at end of file