diff --git a/config/portunus_seeds.json b/config/portunus_seeds.json index b73bf07..a5908ae 100644 --- a/config/portunus_seeds.json +++ b/config/portunus_seeds.json @@ -42,13 +42,13 @@ "login_name": "admin", "given_name": "admin", "family_name": "admin", - "password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus_admin"] } + "password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/admin-password"] } }, { "login_name": "search", "given_name": "search", "family_name": "search", - "password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus_search"] } + "password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/search-password"] } } ] } diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix index debcdca..c29b36b 100644 --- a/modules/hedgedoc.nix +++ b/modules/hedgedoc.nix @@ -79,7 +79,7 @@ in postgres_hedgedoc.owner = user; hedgedoc_session_secret.owner = user; hedgedoc_ldap_search = { - key = "portunus_search"; + key = "portunus/search-password"; owner = user; }; }; diff --git a/modules/ldap/default.nix b/modules/ldap/default.nix index d62c963..2f7ee21 100644 --- a/modules/ldap/default.nix +++ b/modules/ldap/default.nix @@ -1,48 +1,15 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: let domain = "auth.${config.fsr.domain}"; - - portunusUser = "portunus"; - portunusGroup = "portunus"; - - ldapUser = "openldap"; - ldapGroup = "openldap"; in { - sops.secrets.unix_ldap_search = { - key = "portunus_search"; - owner = config.systemd.services.nslcd.serviceConfig.User; - }; - - - users.users."${portunusUser}" = { - isSystemUser = true; - group = "${portunusGroup}"; - }; - - users.groups."${portunusGroup}" = { - name = "${portunusGroup}"; - members = [ "${portunusUser}" ]; - }; - - users.users."${ldapUser}" = { - isSystemUser = true; - group = "${ldapGroup}"; - }; - - users.groups."${ldapGroup}" = { - name = "${ldapGroup}"; - members = [ "${ldapUser}" ]; - }; - sops.secrets = { - "portunus_admin" = { - owner = "${portunusUser}"; - group = "${portunusGroup}"; - }; - "portunus_search" = { - owner = "${portunusUser}"; - group = "${portunusGroup}"; + "portunus/admin-password".owner = config.services.portunus.user; + "portunus/search-password".owner = config.services.portunus.user; + "dex/environment".owner = config.systemd.services.dex.serviceConfig.User; + nslcd_ldap_search = { + key = "portunus/search-password"; + owner = config.systemd.services.nslcd.serviceConfig.User; }; }; @@ -51,15 +18,13 @@ in package = pkgs.portunus.overrideAttrs (old: { patches = [ ./0001-update-user-validation-regex.patch ]; }); - user = "${portunusUser}"; - group = "${portunusGroup}"; - domain = "${domain}"; - port = 8081; + + inherit domain; + port = 8681; + dex.enable = true; + seedPath = ../config/portunus_seeds.json; ldap = { - user = "${ldapUser}"; - group = "${ldapGroup}"; - suffix = "dc=ifsr,dc=de"; searchUserName = "search"; @@ -67,30 +32,37 @@ in # `portunus.domain` resolves to localhost #tls = true; }; - - seedPath = ../../config/portunus_seeds.json; }; - #users.ldap = { - #enable = true; - #server = "ldap://localhost"; - #base = "${config.services.portunus.ldap.suffix}"; - #}; - users.ldap = - let - portunus = config.services.portunus; - base = "ou=users,${portunus.ldap.suffix}"; - in - { - enable = true; - server = "ldap://localhost"; - base = base; - bind = { - distinguishedName = "uid=${portunus.ldap.searchUserName},${base}"; - passwordFile = config.sops.secrets.unix_ldap_search.path; - }; - daemon.enable = true; + services.dex.settings.oauth2.skipApprovalScreen = true; + + systemd.services.dex.serviceConfig = { + DynamicUser = lib.mkForce false; + EnvironmentFile = config.sops.secrets."dex/environment".path; + StateDirectory = "dex"; + User = "dex"; + }; + + users = { + users.dex = { + group = "dex"; + isSystemUser = true; }; + groups.dex = { }; + + ldap = + let portunus = config.services.portunus; + in rec { + enable = true; + server = "ldap://localhost"; + base = "ou=users,${portunus.ldap.suffix}"; + bind = { + distinguishedName = "uid=${portunus.ldap.searchUserName},${base}"; + passwordFile = config.sops.secrets.nslcd_ldap_search.path; + }; + daemon.enable = true; + }; + }; security.pam.services.sshd.text = '' # Account management. @@ -113,7 +85,6 @@ in session optional pam_mkhomedir.so session optional ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so session optional ${pkgs.systemd}/lib/security/pam_systemd.so - ''; services.nginx = { @@ -123,6 +94,7 @@ in enableACME = true; locations = { "/".proxyPass = "http://localhost:${toString config.services.portunus.port}"; + "/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}"; }; }; }; diff --git a/modules/mailman.nix b/modules/mailman.nix index 8e111e3..b744879 100644 --- a/modules/mailman.nix +++ b/modules/mailman.nix @@ -1,7 +1,7 @@ { config, ... }: { sops.secrets.mailman_ldap_search = { - key = "portunus_search"; + key = "portunus/search-password"; owner = config.services.mailman.webUser; }; services.mailman = { diff --git a/modules/matrix.nix b/modules/matrix.nix index a09ba6c..5823705 100644 --- a/modules/matrix.nix +++ b/modules/matrix.nix @@ -25,7 +25,7 @@ let in { sops.secrets.matrix_ldap_search = { - key = "portunus_search"; + key = "portunus/search-password"; owner = config.systemd.services.matrix-synapse.serviceConfig.User; }; diff --git a/modules/sogo.nix b/modules/sogo.nix index 9eeefb9..4747628 100644 --- a/modules/sogo.nix +++ b/modules/sogo.nix @@ -5,11 +5,14 @@ let pg-port = toString config.services.postgresql.port; in { - sops.secrets.ldap_search = { - owner = config.systemd.services.sogo.serviceConfig.User; - }; - sops.secrets.postgres_sogo = { - owner = config.systemd.services.sogo.serviceConfig.User; + sops.secrets = { + postgres_sogo = { + owner = config.systemd.services.sogo.serviceConfig.User; + }; + sogo_ldap_search = { + key = "portunus/search-password"; + owner = config.systemd.services.sogo.serviceConfig.User; + }; }; services = { @@ -41,7 +44,7 @@ in SOGoVacationEnabled = YES; ''; configReplaces = { - "LDAP_SEARCH" = config.sops.secrets.ldap_search.path; + "LDAP_SEARCH" = config.sops.secrets.sogo_ldap_search.path; "POSTGRES_PASSWORD" = config.sops.secrets.postgres_sogo.path; }; vhostName = "${sogo-hostname}"; diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml index 02adff1..f1c2a11 100644 --- a/secrets/quitte.yaml +++ b/secrets/quitte.yaml @@ -6,17 +6,19 @@ nextcloud_adminpass: ENC[AES256_GCM,data:EMvcFOGJz45P4nvJ5Yy4SziWa2pUWBqt4ZZdde6 hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str] wg-fsr: ENC[AES256_GCM,data:0WViJp9fNKVxq8LsK5R0Ihn3r+S7CLBk5voKn55dABidlFSLpsA0q+KTxoY=,iv:rc4B8N2otqolSRLfpeRkIn7iNlED7XUjY//OCI2oQ5c=,tag:eWO6LniGnTd8KZ4pSyrR5A==,type:str] wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str] -portunus_admin: ENC[AES256_GCM,data:bPuYdfpWJtYib9lUcXHVZeGerskd5vs5IOe+DE9Q7OOPkAwp,iv:6ZjjfQ3E1xxYjmEg7o849RZzUt8dyXjI84DSfPYGUWQ=,tag:JJpOLjPs8YdEBl3xGGAzbg==,type:str] -portunus_search: ENC[AES256_GCM,data:J1GRvVOCcOcAz4qZypa/XbcMCGQSFS6yyg1eGfNIBA4=,iv:zFf90vpMW3aqpstZVEno5TDCVwV2vi3SyA7BrX2R3/A=,tag:HJauUh36/5qmr8sGmgH1dw==,type:str] -ldap_search: ENC[AES256_GCM,data:Cac6zyp294qOoXdLdy42OnotMnG779Lhz05lvJaSEok=,iv:otxPTEL5ZKOiqIU16jxn1wmKmadc1Ni8TcZLxa/TrzM=,tag:YoaIngjZEUTdGjIDA1gq6g==,type:str] +dex: + environment: ENC[AES256_GCM,data:iEl2l8t4Yq4RZ2b7Xfv5S9T8EudG10+A7dgzj7nrYp7yTcoRAKQPw4jpwIYVL3Gh289KqsdGr3QqW+qcoy12BRq63L7ebYfLpQpRKFYjWgkBPaIdpr7AQpochsCbmCjPOAriHHqqV2C1mBmhtGjgLgZBq2DEaYYlJc7tQ6phWElF/4bMT4lTq0DxgzsEMVPdGq2iXdBoWeyph+JtyxGC0t1Lj3r94VQwUsTzX3/GW6J/lmrqSuoRPaC1Tl3jORI+JVtCu+KekghcmtP4BAWmTKHFIvFM,iv:TU4uafG1oD23MdggEf/e3XSygxflypAKQWx6KAGXs+Q=,tag:d5SnyoCsAwQx11wMmpfYnw==,type:str] +portunus: + admin-password: ENC[AES256_GCM,data:92mg1yROJ5rtcyUBjQLgx4mpoOKSfG9zBikqSjO2SAr1ZJ/G,iv:siEI52lzcoTEv9s+mc46hOLMNcJLbBNZQ072JLezAj4=,tag:LnqT+WTPxjexyDBi/k5kmw==,type:str] + search-password: ENC[AES256_GCM,data:yGgBeMCfU4/T5iY56Y0i2X4QQ+8ssJfUJfevxZ300g0=,iv:mB76Bx459YRof7Zf8ioH33KdF92oIPd9SlJ44xbqW3M=,tag:Y+KAbZ3+Abj1eaZGmfWeDA==,type:str] dovecot_ldap_search: ENC[AES256_GCM,data:zDdvK6BwebnTVSGO3Y0nVEWmbIbh/mRlrtpNFrPx4jJdc/cR3r3clu7qxhI=,iv:onCaQC145MKNRbA9ocKQ9tX7MKuisEs+KERHroeqPEQ=,tag:dVYaFMIsAg0JVRftlKftGg==,type:str] rspamd-password: ENC[AES256_GCM,data:bOW6eAwr18Guq+BQt68It6O6i3aAthDv1ANZ02Q8zAZgV+UlfsJk9IELIA==,iv:7O48+wB7zJUIp3lQDTC7tkP1UFvmDfjs50x1Zo3hOhw=,tag:MNdiDF22a3n1ZrE6qTDVLA==,type:str] mediawiki: postgres: ENC[AES256_GCM,data:XRfUc2PRMJcoILAnm5MWr2Cg5u4e/IhGMUnz/oIQSzY=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:2spNMj9dY2wWilOusq24yQ==,type:str] initial_admin: ENC[AES256_GCM,data:iET5rz9rygx49NDBjKwqAlRgpeS+jq5iM5zmjnoKcyk=,iv:11iDbCrpzjCdyAB22R8NknJ6vzcpVZXCXB3iWsGWXw0=,tag:1RCyg1ysOWaXKdqqdHqRrw==,type:str] ldapprovider: ENC[AES256_GCM,data:ant/hUgh5hZLC/tNidAGfszlQz6CNlFwAG2JdsGG+2yW99MAd2vGiim4ApFZ0Ios42jXjzFYO1/xepCu67gFCIX7qvhRiBTFCPNe7j3SrnWa4x8KPLNBmz72A7Slk4pKBRSTyQJGm/8S6cLqlU3ieUB7gBUiDGFKpgLk+j0WV4PSie6TFy/9G1S6hs6PI5ZUnbogtj+9x03Anv/7Nc68EUtrAVAtZ4V9QYJjoNV88LRZhAe3Pe9pLEBKUsv6ve9CH1EtYBRY3e2ptWhBxaO7a/JN6WBlWTfRAe5xT7u+f8JHQz3Th7HSnOuTyJbGJmdVqRK6ajFsNl8NN26x5SfU33cS97FuAdpy6PXATC5z8w+sBIyF4qLeW+pJ/vG9RE5aRXmiy/iI5AYw2kA2o/fqq0cVT6LJR2Oa+yeLiXxA5S2LHVrA3F9UXXgI3udROGGyl/17FKJTuwlPc4Rw61ByUS1FBoP8pL0HuXN4se0bwK4Sj/LNHKVserwCE+dzv3Sir2zFzCoY0TmaVVu606BB5FVmvnpizzD87DRR8leEz/fl55IHfcAKQ9llnjbE+PDNCIlT2MSbQGhqUTtoylPZP5GchgaAsrimigNLPb5nHaLeKNuo9hcQGsMzNZSTzrS5R10Ra+xgef5SjY3xkHZiMO4meEuVytLiJAVxwSVvOxgR9HEkZpWvyI6tmObuQRIvEzM8hCTVlVC/C4x/q/k/I8Hx3SUI+M/O7kjrVJunuXsa5z4cdoshpHyEA1dJosjDvQh3i8rcXzn3fIWuxwM0Xx8=,iv:n2XOs6F7kuMmjPCc14s2MQl37vjVTtmAVkYQp7kqjgc=,tag:vBOfDoOjnoBzzSdwC7yDDA==,type:str] -postfix_ldap_aliases: ENC[AES256_GCM,data:kpffdciWI08Of2fm2B1lZ4rOYIhWtoBTnpU1N0iwiStA81Yl/NMDgHDCVv79XY6SuFTCBd6npKNz/0ibBy1WDSrDQymV5MIUmWVPwLcBSNMjD0d69PJYdUDVLmyhNkjB2hEL9JaH1PiO4iBM5y9yZx1LT+zlauAZEJPFgO/MvjkMknHZPKnRpBtT8wKTWTYUtBvzQtlACLKdIF0t37Q2DZAMtWrAgsrH811zUbsxJbYDInvNDPDHZHS+ZfF0Q1vXDLWUm+zZij6KRAJdOuEU9dyzhU/t93+LO9zKADwyF1Xk+2Uh,iv:cEui6fcDDINpUUcLZxGwPBMP1PjQVNMdScgaWdnIJ80=,tag:/7/mZckPJ7YLuJMp/BqbOQ==,type:str] mautrix-telegram_env: ENC[AES256_GCM,data:2p5vYV+/vEDrrZItTcT1vxddv2tM7dLGBUmG+OXHccTzJ2UhyYpDGgUMr5KgObxvyssYBZTsvbV7QFN3sjcU/jVPx1qEUn6zyKO0HBQjrviVU3urx5zNOnCEHwDKyDrZ1Hu/CE6lpGNrtGlpewgOs/+84JZIZhC9qSuzDhN38sr4OGfMr29fMzafYC+TGHoZyA64GI9xz0KvXhwg6ci1hLtVWYEOFW2Nf8uLY8qkNLuDzA6bYx8rn3CEXoxiv0n4,iv:jmcWTyVkqu9nDc1ws2NxkMKrHPZ13i3jqDkk4Y0kejw=,tag:BjhmPc4lSbsZBmZ/q2CqGg==,type:str] +postfix_ldap_aliases: ENC[AES256_GCM,data:2Ix+7+mvUp3bVZ3HzPkOonCkvuWROuKTIL3CxzNal51YU0W+BNYPqqs1nbdReK+iKptwu58pmeKBUtjYMy9R+nibSmhPVlWIJHKrRG54bsnz05dFLPogVbwqIZQAyI8r02cSF55ePEL//okAhqF/Kua+EHKWElCjJ2K6BzESfJ5hiLYTFAYgfKIFZwL42bgy/gMDZr7terR0tWlkSyH/dsgwHDkZ0yLo8Y5xN+BE2HNLqMYuDe5UxA+B98U/KoZjDD3eXTwBbfMgUIvGQ2D2JDj4Ucbt8541Nnu+d4BmYh72vp7IDnkLZwuOGVVM810UQ7miDy8dtX/D,iv:qF13MTx+2WZjfD62WJU8Qg7sTT04PQIGqCz0FukLC1s=,tag:FMzLVViau92RjT42XgzXdQ==,type:str] vaultwarden_env: ENC[AES256_GCM,data:X8wdQSieXfgNUqtoFRgz43jsWyrUQ1wxsM9L5iHoE8YFR5O6SzfAcjMsr4I0r2t5by/C4YorVsN5GQKyyVWS4SwelTT3UmFX89/pAUnAsUqeBZENOPEWiLNJnC3R3Xic6B1tu0OsX1X9RxR/X9EQJf/MIEdiNfhXKBxy7gZ0tDsDyze5/ZGVJX8=,iv:foByTYQw1KnB1MmwSQqmwza9PJJmdYdZbIHKrZ9vog4=,tag:8VTcOSefWmyd8ozGXHbklw==,type:str] course-management: secret-key: ENC[AES256_GCM,data:3WwhgZ+ElLOdEgdy/EoOL1vqkcXfnOnUZMKUsD9rd7I=,iv:eMo7HeOkSPGpCbLMi/6XoD4MXd27OageRsz70lyXNf0=,tag:u3H9BSv+7lasnBl29l8o3Q==,type:str] @@ -36,8 +38,8 @@ sops: NEJBTHE2end1RDlHRTNFYlZjTjhib2cKmQRHpBKZ2DbQ5CfOwcSPfZAm9fnnpxUk +LcR8haK//O3N2uNf9etDW3VsT5ipPucCdFU1m/v9L5tcN6ZP8WP+w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-12T13:54:25Z" - mac: ENC[AES256_GCM,data:RM7WaIdA96ou62K5/oCqa74+F6PmYqRfOgNwdH5oDULwCj8ZLkn9VUVKuLWLbxbg5BqDJLDqquzelHJfftekSfwIqbpKSFrXpUKmic108OxE311t52Wu4wE4ieFii5c32A+E5Iu8/EbW95xQBZwKG24aZEJz9GvIdRShzF478h0=,iv:zHx2CL5Malq5cWPEqy2PZA9pkOWPBpRPAVnldlAzN60=,tag:RQo0BD/0vHnS2tH+ODIUZw==,type:str] + lastmodified: "2023-07-19T12:23:17Z" + mac: ENC[AES256_GCM,data:QLrZopVD2iL8J4KH4HTM1tkEWmPqY0U6g2bKmhb7R1ZzbopqJfQezv4zqcp/2H8Zz17X4clZ/TidetmBm7avjfj9znegTL4MsZQYqCe+qG6qlXF8GcGjJ/Wja8k4ofCyvsXHarLEulPZKxSELGrU0B6FBUmvnWrV8k4IRGad8pk=,iv:mbv+8AsSOmDasOXOc4r2mx1GCmnRozwgzSDh2U44afk=,tag:cKuWuB1dVJfU3Wq7wB+tBQ==,type:str] pgp: - created_at: "2023-04-23T17:48:54Z" enc: | diff --git a/secrets/test.yaml b/secrets/test.yaml index 4da7f02..de38bfd 100644 --- a/secrets/test.yaml +++ b/secrets/test.yaml @@ -6,9 +6,11 @@ postgres_sogo: ENC[AES256_GCM,data:L2n5FxSQ6PPaLecmcg==,iv:9aykDfFp5Ysqpi14J7Aj0 nextcloud_adminpass: ENC[AES256_GCM,data:G3FcJIAl0HmpCu4JAXQOZPmWCg==,iv:Bgk7j3EfD9a73hDe93hpzH2uZUcssgVPMxr3nEWvUvQ=,tag:ngBZEBSQHBlWr62dcQdvHA==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str] wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str] -portunus_admin: ENC[AES256_GCM,data:2X7cz7nRN2lvubR0e+8=,iv:NRXWAbK6DouyGzW6yiJ8tNYKcXNWbt7uy3eTMmybrRk=,tag:7itZnw28EQCmGBBF9Ctb3A==,type:str] -portunus_search: ENC[AES256_GCM,data:nqCvit2p8YE8XJ3Z+PEP,iv:k2dC6TTI70M8raOTNnp1TsPiDmF3ssPPhIe6cjMevBA=,tag:CG1uvLQSxSQzVsGYxG7YUw==,type:str] -ldap_search: ENC[AES256_GCM,data:HJvh/fKhMK4C2Xs=,iv:nCqgJ6XPwLdbhGe0uJRksQS6G07bDO+x+R/XKtURf3Y=,tag:0Y3Dblfu2Tv2MtTytXLubw==,type:str] +dex: + environment: ENC[AES256_GCM,data:81BPvoR7lfGRN/sj54gjnCsocQqbCDSjsjduiW+iFXBBV99yIW1G4lnq5J4rbmOi38u399Zg34r1utifESb/6fQ9TS34zmSXRUwWuyuedwzmiuDdbS9hNTLrKphIYOlvlaCzI/hhs46ZHPh0SZnc9l1gSc0VR010DAlufM/aBMNm/erbGTdR9Y+UId0Y2WyC6Cx48OMHCMIJ7Cy5D0oYwRefCGEvV1T6/Q==,iv:t6knQ+twxp4XslJkyFheVc29QD+dc6X3K1RMhnSzKHY=,tag:Pl+qX4wOuc+sfx5tkxd/Nw==,type:str] +portunus: + admin-password: ENC[AES256_GCM,data:+5XtK0Uo8l+/gfdmfAk=,iv:tVDgfn4b7I8sX20jVBy9Ezr0TTfmbV/KEEu/aHp/f8E=,tag:1EtG/TIl8AseqQxNxoYbSw==,type:str] + search-password: ENC[AES256_GCM,data:ugWsWw1yv/U3UK5yO/rC,iv:76nRC0EmALIx8nWX7AAMyRQh8RzVcMXtnpM9HThF3FQ=,tag:gHAqtOqMXYM6GJyIsrhvaQ==,type:str] dovecot_ldap_search: ENC[AES256_GCM,data:ROoz+hiVWhGT3wYqp2Bg94AwlwyWLMVcrJkk,iv:PiUAqXAh58qIcF/ZWH8UdS68gxQtq28+lWXcLJ1mK9Y=,tag:gXeKisqVhJyx1xJ6x4hSyA==,type:str] rspamd-password: ENC[AES256_GCM,data:PG3qO7lDXjd/kw3Bp65k5KPWKU16yBmRXQeYeuo=,iv:pmDqdeyziD1ZUif0LABiN2BTqGw0VkvlrtwSSjo3lk8=,tag:QwnycEj+Nab0bCDeemUX0Q==,type:str] mediawiki: @@ -16,7 +18,8 @@ mediawiki: initial_admin: ENC[AES256_GCM,data:YRd3O5774NTmshxbQPbFjg==,iv:/Ra3WbZKcnUMf99ujN9qd/+DkOkFKv4cIEfUdmxpqMw=,tag:gj7ZbwIB1HLuPpGTgiz7Vg==,type:str] ldapprovider: ENC[AES256_GCM,data:dVrCFVgm4BDtUhcj9rSKXwnaIKsC5GGsDUoPJH1q5F4inskuSbFigcLM/UJFNOcr5R1dL+mYUOvnmIcoWA5AsuFKs3NzSYJVtVAm0x7vYSkHnfXu93V2F8Lc1xX/kZrFfnmNUXwhv2I+hknPUApY7wpmZOdk9NLKv4tbsgVTbfmR/WM6soOurh3b6b4cknfxqSeLZLeOIKL5WL8842t5SethyCfPsCm74JCpwHmflkCyT/lzIP1Kghab+xGWWyN9OAENlDZrJE6VAdctR+MKYZnhA7dXKeQPjKii9MZsDYFYTL5YDRysam4r7Jog/fozgWkXNrCUan29efnnBwpLz5hgV1MguIpvU8ccDQLNvgJCOdp6FgH45ZRlCxx29EWzh9iTDGPqmNsctUknFdfUVfIg9ziz/97i/kGcwy5N1oOsoUf7iRj5zLyLP6OlXGNThowF4jlNdI2b+caQGz7H6ZkJfUPWULotBUrjxrZo3pSYRkpJ77xbGUZf35ysxTHpfsmhyyO9HRhhgNkilEHlcsi8u+AC0su+Htg/Io332tSX+W6Gj6R6Q23hQ0gf8on5Y2xx34ysobEh8cMS4+Kj0nwasMHjW70g3qWpKkG1LSOIgXiA7hcusGCo8xPZ1y3gIyRiTxVTPJHh63Ecd0O37P4NWVSKEpsIM5pkngMN5L5K/ymtZ0kjREX2q4qpXf2xJiTTdAkeTMcmDs9HHjOzIIynYouY7P6qdXUpXjyGwqfovmnIv5icQ6sqFA==,iv:sPRnnIEif6W1SPy5SKiUuY681HeLPcR19U4p1mdUGdc=,tag:zeMdtTRk8ULP4GYDQLIU7A==,type:str] mautrix-telegram_env: ENC[AES256_GCM,data:vqHmM3mRrIYMT4760sglAlBZoOb7siqx3alvQE5rpq8z6FgOqJxHqGaN1quhpAVVe9ugtlvezVh8eSFX+45Y5rtqJ7iylxmC+y8JGsyLIflf674Si7h07bedCcT0wBg1ioI/JILDwICiAf0=,iv:BAPKiVt2l3E7z1Wk9ky6WFYr6hn62d+X5r0NMdUYwJQ=,tag:CRddpVMHQLwhwUF1hn0JKA==,type:str] -postfix_ldap_aliases: ENC[AES256_GCM,data:L77Si6Try9Jf+Bk6cg3kAafk1PcFN2WmfMaXFZ9fOgXVMjHDfRhFcFvOnrutY6K1vg1cChwIT7qW7FAxvfxL+0wkWRi8uZbHkaHpa4OXXWCiLch1aZFDArLm08NZgj6Wxtl3J7bF8KCy4ZP3fKCxWYL+uzBWCJiIgJP4AK+7cg11CqwJrooPDV11ESIdFX5jxpC1YB1k9gu7t1WB1mdbtypPWX1PRB+Y1k+E7YeNA4x6CFNhAlsy7C8eoX7PVYGy8yFmY86E4smo7qk+KEZj/JBL4o96MhwIIgEnpQE0NPtX1/lHCRo/jn4=,iv:l74DznC3qOINA9/qVKpU+67XYVFNBhtLnPfp4YeeDLM=,tag:0j0Xj5lmKKCt2s+3Uj+Y2g==,type:str] +postfix_ldap_aliases: ENC[AES256_GCM,data:DuEJdUT8mMTupjSpVx/TlnclhNXdqGgEAhVJjairZgpbU2U8qdqONkcKBau0iQKL3EwNx7/2fTgM9n9f+/28veY4lzRGffbKny+YRdnx1mGYdb8SKM5zXd/7ch3d+W2GmBYxBP6IRyGmWOv33gV+CaGyANgd/Byj/4BMMpOXJYr04qYOSbYqx+iK8Kp4ephdpSO7BLPB3Jq/BX91LYnCfwEzhG+YfGzyymxNDVSC2+RtNz1yWz8N+Ao5d1ZAvXRS3TSLtiQx43oEx9aAyt/HqiFsJ1fkTG4fZd/QIy7QvqhMufcsAXlm/g==,iv:WKH2e5885XdDcXSufRyMjUfgyfawF98rL+HW6m1SsN8=,tag:npMkjaZv4bQfLrqUZHqZLg==,type:str] +vaultwarden_env: ENC[AES256_GCM,data:QXUugQ/Eezrtlzz6j1Gg4ylZ4u3FmgD/A+k0N330Q+5AH00RGrD7wW0xbMRfn3+D0/T4wZ3OnPBbWByaGT9mcMBRGYZ7nPG+s/FiPleWsd/KdiojbT4nOgKJt7BgwfReTYddcWNWAiX72QTxBn29ZDaILVOPlQLE+u4Ak7gpaApTBnkSSFSZiOg=,iv:ZwBZNdaGQCBwHoihsvmm7W3V8R2rTuIDP+zU8g9V6lw=,tag:pwNspX5MqIO2lFSTTCxehA==,type:str] course-management: secret-key: ENC[AES256_GCM,data:L0VppGYIv39coA==,iv:sR/bQ/z7idP0co1JmGs2S8MJZJaVUvfAYWE0yFuowKM=,tag:7ilRRmnD2gfsv6bYGiw2zA==,type:str] adminpass: ENC[AES256_GCM,data:uFphxfMJvxo0,iv:6k/XroVJ8v04gJM+Lo5mY/mV41Cf4vjBFVmXCbfzqQ8=,tag:x0MWUb3RWZt5nh717trwkw==,type:str] @@ -35,8 +38,8 @@ sops: MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-11T22:22:26Z" - mac: ENC[AES256_GCM,data:IeaIejtLIrrvlOTKJhRs59WCcRfgd+GNATToi9EdzZLz+Fde1sWwOFHCJiq1/telws38bGjN9LmaSy/JucQS8tGMe4Hh5baz/bW0gGP4s1Q96wytwou4fWBHc7mtlDko+F2lygHJ/JAy4ZA8Cev/d7KhPo1EV48x/WI1Mg5rDeI=,iv:GXXcZT0m2qo3tBUknBbJKDLuu+qdllNG8mFfyVX/wmY=,tag:z3Z40dfFI4TfdMQIM78p1g==,type:str] + lastmodified: "2023-07-19T12:30:33Z" + mac: ENC[AES256_GCM,data:71QbN9JLvAYuzXtHu8ps3P4gt7YlB/W2wqPHYl4kO2WsAYPbLL+DAbgqru7dUS8osOybXRYwg/ikiFEk76q64YLuLvqk/ZBoJWv+7J/e5Ppi8ebMJi1iwjLgJUuU0oGDgMa/xISgnCxpv0qJdbIlX8DxlMoNZtACquzvUzJyiYI=,iv:DNF7BtVCwCn8AiABFtq0UVwx0JPSFNRCMSeeHfANwE4=,tag:fRNpF8YK1KY52okkuLlGjw==,type:str] pgp: - created_at: "2022-11-18T16:37:58Z" enc: |