wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

Refactor ldap and enable dex

Browse source 
Co-authored-by: revol-xut <revol-xut@protonmail.com>
This commit is contained in:
Lyn Fugmann 2023-07-07 17:12:59 +02:00
parent 80d016ae8f
commit e8263b93dc
Signed by: fugi
GPG key ID: 4472A20091BFA792
8 changed files with 72 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config/portunus_seeds.json
View file

@ -42,13 +42,13 @@
"login_name": "admin", "login_name": "admin",
"given_name": "admin", "given_name": "admin",
"family_name": "admin", "family_name": "admin",
"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus_admin"] } "password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/admin-password"] }
}, },
{ {
"login_name": "search", "login_name": "search",
"given_name": "search", "given_name": "search",
"family_name": "search", "family_name": "search",
"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus_search"] } "password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/search-password"] }
} }
] ]
} }

2
modules/hedgedoc.nix
View file

@ -79,7 +79,7 @@ in
postgres_hedgedoc.owner = user; postgres_hedgedoc.owner = user;
hedgedoc_session_secret.owner = user; hedgedoc_session_secret.owner = user;
hedgedoc_ldap_search = { hedgedoc_ldap_search = {
key = "portunus_search"; key = "portunus/search-password";
owner = user; owner = user;
}; };
}; };

98
modules/ldap/default.nix
View file

@ -1,48 +1,15 @@
{ config, pkgs, ... }: { config, lib, pkgs, ... }:
let let
domain = "auth.${config.fsr.domain}"; domain = "auth.${config.fsr.domain}";
portunusUser = "portunus";
portunusGroup = "portunus";
ldapUser = "openldap";
ldapGroup = "openldap";
in in
{ {
sops.secrets.unix_ldap_search = {
key = "portunus_search";
owner = config.systemd.services.nslcd.serviceConfig.User;
};
users.users."${portunusUser}" = {
isSystemUser = true;
group = "${portunusGroup}";
};
users.groups."${portunusGroup}" = {
name = "${portunusGroup}";
members = [ "${portunusUser}" ];
};
users.users."${ldapUser}" = {
isSystemUser = true;
group = "${ldapGroup}";
};
users.groups."${ldapGroup}" = {
name = "${ldapGroup}";
members = [ "${ldapUser}" ];
};
sops.secrets = { sops.secrets = {
"portunus_admin" = { "portunus/admin-password".owner = config.services.portunus.user;
owner = "${portunusUser}"; "portunus/search-password".owner = config.services.portunus.user;
group = "${portunusGroup}"; "dex/environment".owner = config.systemd.services.dex.serviceConfig.User;
}; nslcd_ldap_search = {
"portunus_search" = { key = "portunus/search-password";
owner = "${portunusUser}"; owner = config.systemd.services.nslcd.serviceConfig.User;
group = "${portunusGroup}";
}; };
}; };
@ -51,15 +18,13 @@ in
package = pkgs.portunus.overrideAttrs (old: { package = pkgs.portunus.overrideAttrs (old: {
patches = [ ./0001-update-user-validation-regex.patch ]; patches = [ ./0001-update-user-validation-regex.patch ];
}); });
user = "${portunusUser}";
group = "${portunusGroup}"; inherit domain;
domain = "${domain}"; port = 8681;
port = 8081; dex.enable = true;
seedPath = ../config/portunus_seeds.json;
ldap = { ldap = {
user = "${ldapUser}";
group = "${ldapGroup}";
suffix = "dc=ifsr,dc=de"; suffix = "dc=ifsr,dc=de";
searchUserName = "search"; searchUserName = "search";
@ -67,30 +32,37 @@ in
# `portunus.domain` resolves to localhost # `portunus.domain` resolves to localhost
#tls = true; #tls = true;
}; };
seedPath = ../../config/portunus_seeds.json;
}; };
#users.ldap = { services.dex.settings.oauth2.skipApprovalScreen = true;
#enable = true;
#server = "ldap://localhost"; systemd.services.dex.serviceConfig = {
#base = "${config.services.portunus.ldap.suffix}"; DynamicUser = lib.mkForce false;
#}; EnvironmentFile = config.sops.secrets."dex/environment".path;
users.ldap = StateDirectory = "dex";
let User = "dex";
portunus = config.services.portunus; };
base = "ou=users,${portunus.ldap.suffix}";
in users = {
{ users.dex = {
group = "dex";
isSystemUser = true;
};
groups.dex = { };
ldap =
let portunus = config.services.portunus;
in rec {
enable = true; enable = true;
server = "ldap://localhost"; server = "ldap://localhost";
base = base; base = "ou=users,${portunus.ldap.suffix}";
bind = { bind = {
distinguishedName = "uid=${portunus.ldap.searchUserName},${base}"; distinguishedName = "uid=${portunus.ldap.searchUserName},${base}";
passwordFile = config.sops.secrets.unix_ldap_search.path; passwordFile = config.sops.secrets.nslcd_ldap_search.path;
}; };
daemon.enable = true; daemon.enable = true;
}; };
};
security.pam.services.sshd.text = '' security.pam.services.sshd.text = ''
# Account management. # Account management.
@ -113,7 +85,6 @@ in
session optional pam_mkhomedir.so session optional pam_mkhomedir.so
session optional ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so session optional ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so session optional ${pkgs.systemd}/lib/security/pam_systemd.so
''; '';
services.nginx = { services.nginx = {
@ -123,6 +94,7 @@ in
enableACME = true; enableACME = true;
locations = { locations = {
"/".proxyPass = "http://localhost:${toString config.services.portunus.port}"; "/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
"/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}";
}; };
}; };
}; };

2
modules/mailman.nix
View file

@ -1,7 +1,7 @@
{ config, ... }: { config, ... }:
{ {
sops.secrets.mailman_ldap_search = { sops.secrets.mailman_ldap_search = {
key = "portunus_search"; key = "portunus/search-password";
owner = config.services.mailman.webUser; owner = config.services.mailman.webUser;
}; };
services.mailman = { services.mailman = {

2
modules/matrix.nix
View file

@ -25,7 +25,7 @@ let
in in
{ {
sops.secrets.matrix_ldap_search = { sops.secrets.matrix_ldap_search = {
key = "portunus_search"; key = "portunus/search-password";
owner = config.systemd.services.matrix-synapse.serviceConfig.User; owner = config.systemd.services.matrix-synapse.serviceConfig.User;
}; };

9
modules/sogo.nix
View file

@ -5,12 +5,15 @@ let
pg-port = toString config.services.postgresql.port; pg-port = toString config.services.postgresql.port;
in in
{ {
sops.secrets.ldap_search = { sops.secrets = {
postgres_sogo = {
owner = config.systemd.services.sogo.serviceConfig.User; owner = config.systemd.services.sogo.serviceConfig.User;
}; };
sops.secrets.postgres_sogo = { sogo_ldap_search = {
key = "portunus/search-password";
owner = config.systemd.services.sogo.serviceConfig.User; owner = config.systemd.services.sogo.serviceConfig.User;
}; };
};
services = { services = {
memcached.enable = true; memcached.enable = true;
@ -41,7 +44,7 @@ in
SOGoVacationEnabled = YES; SOGoVacationEnabled = YES;
''; '';
configReplaces = { configReplaces = {
"LDAP_SEARCH" = config.sops.secrets.ldap_search.path; "LDAP_SEARCH" = config.sops.secrets.sogo_ldap_search.path;
"POSTGRES_PASSWORD" = config.sops.secrets.postgres_sogo.path; "POSTGRES_PASSWORD" = config.sops.secrets.postgres_sogo.path;
}; };
vhostName = "${sogo-hostname}"; vhostName = "${sogo-hostname}";

14
secrets/quitte.yaml
View file

@ -6,17 +6,19 @@ nextcloud_adminpass: ENC[AES256_GCM,data:EMvcFOGJz45P4nvJ5Yy4SziWa2pUWBqt4ZZdde6
hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str]
wg-fsr: ENC[AES256_GCM,data:0WViJp9fNKVxq8LsK5R0Ihn3r+S7CLBk5voKn55dABidlFSLpsA0q+KTxoY=,iv:rc4B8N2otqolSRLfpeRkIn7iNlED7XUjY//OCI2oQ5c=,tag:eWO6LniGnTd8KZ4pSyrR5A==,type:str] wg-fsr: ENC[AES256_GCM,data:0WViJp9fNKVxq8LsK5R0Ihn3r+S7CLBk5voKn55dABidlFSLpsA0q+KTxoY=,iv:rc4B8N2otqolSRLfpeRkIn7iNlED7XUjY//OCI2oQ5c=,tag:eWO6LniGnTd8KZ4pSyrR5A==,type:str]
wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str] wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str]
portunus_admin: ENC[AES256_GCM,data:bPuYdfpWJtYib9lUcXHVZeGerskd5vs5IOe+DE9Q7OOPkAwp,iv:6ZjjfQ3E1xxYjmEg7o849RZzUt8dyXjI84DSfPYGUWQ=,tag:JJpOLjPs8YdEBl3xGGAzbg==,type:str] dex:
portunus_search: ENC[AES256_GCM,data:J1GRvVOCcOcAz4qZypa/XbcMCGQSFS6yyg1eGfNIBA4=,iv:zFf90vpMW3aqpstZVEno5TDCVwV2vi3SyA7BrX2R3/A=,tag:HJauUh36/5qmr8sGmgH1dw==,type:str] environment: ENC[AES256_GCM,data:iEl2l8t4Yq4RZ2b7Xfv5S9T8EudG10+A7dgzj7nrYp7yTcoRAKQPw4jpwIYVL3Gh289KqsdGr3QqW+qcoy12BRq63L7ebYfLpQpRKFYjWgkBPaIdpr7AQpochsCbmCjPOAriHHqqV2C1mBmhtGjgLgZBq2DEaYYlJc7tQ6phWElF/4bMT4lTq0DxgzsEMVPdGq2iXdBoWeyph+JtyxGC0t1Lj3r94VQwUsTzX3/GW6J/lmrqSuoRPaC1Tl3jORI+JVtCu+KekghcmtP4BAWmTKHFIvFM,iv:TU4uafG1oD23MdggEf/e3XSygxflypAKQWx6KAGXs+Q=,tag:d5SnyoCsAwQx11wMmpfYnw==,type:str]
ldap_search: ENC[AES256_GCM,data:Cac6zyp294qOoXdLdy42OnotMnG779Lhz05lvJaSEok=,iv:otxPTEL5ZKOiqIU16jxn1wmKmadc1Ni8TcZLxa/TrzM=,tag:YoaIngjZEUTdGjIDA1gq6g==,type:str] portunus:
admin-password: ENC[AES256_GCM,data:92mg1yROJ5rtcyUBjQLgx4mpoOKSfG9zBikqSjO2SAr1ZJ/G,iv:siEI52lzcoTEv9s+mc46hOLMNcJLbBNZQ072JLezAj4=,tag:LnqT+WTPxjexyDBi/k5kmw==,type:str]
search-password: ENC[AES256_GCM,data:yGgBeMCfU4/T5iY56Y0i2X4QQ+8ssJfUJfevxZ300g0=,iv:mB76Bx459YRof7Zf8ioH33KdF92oIPd9SlJ44xbqW3M=,tag:Y+KAbZ3+Abj1eaZGmfWeDA==,type:str]
dovecot_ldap_search: ENC[AES256_GCM,data:zDdvK6BwebnTVSGO3Y0nVEWmbIbh/mRlrtpNFrPx4jJdc/cR3r3clu7qxhI=,iv:onCaQC145MKNRbA9ocKQ9tX7MKuisEs+KERHroeqPEQ=,tag:dVYaFMIsAg0JVRftlKftGg==,type:str] dovecot_ldap_search: ENC[AES256_GCM,data:zDdvK6BwebnTVSGO3Y0nVEWmbIbh/mRlrtpNFrPx4jJdc/cR3r3clu7qxhI=,iv:onCaQC145MKNRbA9ocKQ9tX7MKuisEs+KERHroeqPEQ=,tag:dVYaFMIsAg0JVRftlKftGg==,type:str]
rspamd-password: ENC[AES256_GCM,data:bOW6eAwr18Guq+BQt68It6O6i3aAthDv1ANZ02Q8zAZgV+UlfsJk9IELIA==,iv:7O48+wB7zJUIp3lQDTC7tkP1UFvmDfjs50x1Zo3hOhw=,tag:MNdiDF22a3n1ZrE6qTDVLA==,type:str] rspamd-password: ENC[AES256_GCM,data:bOW6eAwr18Guq+BQt68It6O6i3aAthDv1ANZ02Q8zAZgV+UlfsJk9IELIA==,iv:7O48+wB7zJUIp3lQDTC7tkP1UFvmDfjs50x1Zo3hOhw=,tag:MNdiDF22a3n1ZrE6qTDVLA==,type:str]
mediawiki: mediawiki:
postgres: ENC[AES256_GCM,data:XRfUc2PRMJcoILAnm5MWr2Cg5u4e/IhGMUnz/oIQSzY=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:2spNMj9dY2wWilOusq24yQ==,type:str] postgres: ENC[AES256_GCM,data:XRfUc2PRMJcoILAnm5MWr2Cg5u4e/IhGMUnz/oIQSzY=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:2spNMj9dY2wWilOusq24yQ==,type:str]
initial_admin: ENC[AES256_GCM,data:iET5rz9rygx49NDBjKwqAlRgpeS+jq5iM5zmjnoKcyk=,iv:11iDbCrpzjCdyAB22R8NknJ6vzcpVZXCXB3iWsGWXw0=,tag:1RCyg1ysOWaXKdqqdHqRrw==,type:str] initial_admin: ENC[AES256_GCM,data:iET5rz9rygx49NDBjKwqAlRgpeS+jq5iM5zmjnoKcyk=,iv:11iDbCrpzjCdyAB22R8NknJ6vzcpVZXCXB3iWsGWXw0=,tag:1RCyg1ysOWaXKdqqdHqRrw==,type:str]
ldapprovider: ENC[AES256_GCM,data:ant/hUgh5hZLC/tNidAGfszlQz6CNlFwAG2JdsGG+2yW99MAd2vGiim4ApFZ0Ios42jXjzFYO1/xepCu67gFCIX7qvhRiBTFCPNe7j3SrnWa4x8KPLNBmz72A7Slk4pKBRSTyQJGm/8S6cLqlU3ieUB7gBUiDGFKpgLk+j0WV4PSie6TFy/9G1S6hs6PI5ZUnbogtj+9x03Anv/7Nc68EUtrAVAtZ4V9QYJjoNV88LRZhAe3Pe9pLEBKUsv6ve9CH1EtYBRY3e2ptWhBxaO7a/JN6WBlWTfRAe5xT7u+f8JHQz3Th7HSnOuTyJbGJmdVqRK6ajFsNl8NN26x5SfU33cS97FuAdpy6PXATC5z8w+sBIyF4qLeW+pJ/vG9RE5aRXmiy/iI5AYw2kA2o/fqq0cVT6LJR2Oa+yeLiXxA5S2LHVrA3F9UXXgI3udROGGyl/17FKJTuwlPc4Rw61ByUS1FBoP8pL0HuXN4se0bwK4Sj/LNHKVserwCE+dzv3Sir2zFzCoY0TmaVVu606BB5FVmvnpizzD87DRR8leEz/fl55IHfcAKQ9llnjbE+PDNCIlT2MSbQGhqUTtoylPZP5GchgaAsrimigNLPb5nHaLeKNuo9hcQGsMzNZSTzrS5R10Ra+xgef5SjY3xkHZiMO4meEuVytLiJAVxwSVvOxgR9HEkZpWvyI6tmObuQRIvEzM8hCTVlVC/C4x/q/k/I8Hx3SUI+M/O7kjrVJunuXsa5z4cdoshpHyEA1dJosjDvQh3i8rcXzn3fIWuxwM0Xx8=,iv:n2XOs6F7kuMmjPCc14s2MQl37vjVTtmAVkYQp7kqjgc=,tag:vBOfDoOjnoBzzSdwC7yDDA==,type:str] ldapprovider: ENC[AES256_GCM,data:ant/hUgh5hZLC/tNidAGfszlQz6CNlFwAG2JdsGG+2yW99MAd2vGiim4ApFZ0Ios42jXjzFYO1/xepCu67gFCIX7qvhRiBTFCPNe7j3SrnWa4x8KPLNBmz72A7Slk4pKBRSTyQJGm/8S6cLqlU3ieUB7gBUiDGFKpgLk+j0WV4PSie6TFy/9G1S6hs6PI5ZUnbogtj+9x03Anv/7Nc68EUtrAVAtZ4V9QYJjoNV88LRZhAe3Pe9pLEBKUsv6ve9CH1EtYBRY3e2ptWhBxaO7a/JN6WBlWTfRAe5xT7u+f8JHQz3Th7HSnOuTyJbGJmdVqRK6ajFsNl8NN26x5SfU33cS97FuAdpy6PXATC5z8w+sBIyF4qLeW+pJ/vG9RE5aRXmiy/iI5AYw2kA2o/fqq0cVT6LJR2Oa+yeLiXxA5S2LHVrA3F9UXXgI3udROGGyl/17FKJTuwlPc4Rw61ByUS1FBoP8pL0HuXN4se0bwK4Sj/LNHKVserwCE+dzv3Sir2zFzCoY0TmaVVu606BB5FVmvnpizzD87DRR8leEz/fl55IHfcAKQ9llnjbE+PDNCIlT2MSbQGhqUTtoylPZP5GchgaAsrimigNLPb5nHaLeKNuo9hcQGsMzNZSTzrS5R10Ra+xgef5SjY3xkHZiMO4meEuVytLiJAVxwSVvOxgR9HEkZpWvyI6tmObuQRIvEzM8hCTVlVC/C4x/q/k/I8Hx3SUI+M/O7kjrVJunuXsa5z4cdoshpHyEA1dJosjDvQh3i8rcXzn3fIWuxwM0Xx8=,iv:n2XOs6F7kuMmjPCc14s2MQl37vjVTtmAVkYQp7kqjgc=,tag:vBOfDoOjnoBzzSdwC7yDDA==,type:str]
postfix_ldap_aliases: ENC[AES256_GCM,data:kpffdciWI08Of2fm2B1lZ4rOYIhWtoBTnpU1N0iwiStA81Yl/NMDgHDCVv79XY6SuFTCBd6npKNz/0ibBy1WDSrDQymV5MIUmWVPwLcBSNMjD0d69PJYdUDVLmyhNkjB2hEL9JaH1PiO4iBM5y9yZx1LT+zlauAZEJPFgO/MvjkMknHZPKnRpBtT8wKTWTYUtBvzQtlACLKdIF0t37Q2DZAMtWrAgsrH811zUbsxJbYDInvNDPDHZHS+ZfF0Q1vXDLWUm+zZij6KRAJdOuEU9dyzhU/t93+LO9zKADwyF1Xk+2Uh,iv:cEui6fcDDINpUUcLZxGwPBMP1PjQVNMdScgaWdnIJ80=,tag:/7/mZckPJ7YLuJMp/BqbOQ==,type:str]
mautrix-telegram_env: ENC[AES256_GCM,data:2p5vYV+/vEDrrZItTcT1vxddv2tM7dLGBUmG+OXHccTzJ2UhyYpDGgUMr5KgObxvyssYBZTsvbV7QFN3sjcU/jVPx1qEUn6zyKO0HBQjrviVU3urx5zNOnCEHwDKyDrZ1Hu/CE6lpGNrtGlpewgOs/+84JZIZhC9qSuzDhN38sr4OGfMr29fMzafYC+TGHoZyA64GI9xz0KvXhwg6ci1hLtVWYEOFW2Nf8uLY8qkNLuDzA6bYx8rn3CEXoxiv0n4,iv:jmcWTyVkqu9nDc1ws2NxkMKrHPZ13i3jqDkk4Y0kejw=,tag:BjhmPc4lSbsZBmZ/q2CqGg==,type:str] mautrix-telegram_env: ENC[AES256_GCM,data:2p5vYV+/vEDrrZItTcT1vxddv2tM7dLGBUmG+OXHccTzJ2UhyYpDGgUMr5KgObxvyssYBZTsvbV7QFN3sjcU/jVPx1qEUn6zyKO0HBQjrviVU3urx5zNOnCEHwDKyDrZ1Hu/CE6lpGNrtGlpewgOs/+84JZIZhC9qSuzDhN38sr4OGfMr29fMzafYC+TGHoZyA64GI9xz0KvXhwg6ci1hLtVWYEOFW2Nf8uLY8qkNLuDzA6bYx8rn3CEXoxiv0n4,iv:jmcWTyVkqu9nDc1ws2NxkMKrHPZ13i3jqDkk4Y0kejw=,tag:BjhmPc4lSbsZBmZ/q2CqGg==,type:str]
postfix_ldap_aliases: ENC[AES256_GCM,data:2Ix+7+mvUp3bVZ3HzPkOonCkvuWROuKTIL3CxzNal51YU0W+BNYPqqs1nbdReK+iKptwu58pmeKBUtjYMy9R+nibSmhPVlWIJHKrRG54bsnz05dFLPogVbwqIZQAyI8r02cSF55ePEL//okAhqF/Kua+EHKWElCjJ2K6BzESfJ5hiLYTFAYgfKIFZwL42bgy/gMDZr7terR0tWlkSyH/dsgwHDkZ0yLo8Y5xN+BE2HNLqMYuDe5UxA+B98U/KoZjDD3eXTwBbfMgUIvGQ2D2JDj4Ucbt8541Nnu+d4BmYh72vp7IDnkLZwuOGVVM810UQ7miDy8dtX/D,iv:qF13MTx+2WZjfD62WJU8Qg7sTT04PQIGqCz0FukLC1s=,tag:FMzLVViau92RjT42XgzXdQ==,type:str]
vaultwarden_env: ENC[AES256_GCM,data:X8wdQSieXfgNUqtoFRgz43jsWyrUQ1wxsM9L5iHoE8YFR5O6SzfAcjMsr4I0r2t5by/C4YorVsN5GQKyyVWS4SwelTT3UmFX89/pAUnAsUqeBZENOPEWiLNJnC3R3Xic6B1tu0OsX1X9RxR/X9EQJf/MIEdiNfhXKBxy7gZ0tDsDyze5/ZGVJX8=,iv:foByTYQw1KnB1MmwSQqmwza9PJJmdYdZbIHKrZ9vog4=,tag:8VTcOSefWmyd8ozGXHbklw==,type:str] vaultwarden_env: ENC[AES256_GCM,data:X8wdQSieXfgNUqtoFRgz43jsWyrUQ1wxsM9L5iHoE8YFR5O6SzfAcjMsr4I0r2t5by/C4YorVsN5GQKyyVWS4SwelTT3UmFX89/pAUnAsUqeBZENOPEWiLNJnC3R3Xic6B1tu0OsX1X9RxR/X9EQJf/MIEdiNfhXKBxy7gZ0tDsDyze5/ZGVJX8=,iv:foByTYQw1KnB1MmwSQqmwza9PJJmdYdZbIHKrZ9vog4=,tag:8VTcOSefWmyd8ozGXHbklw==,type:str]
course-management: course-management:
secret-key: ENC[AES256_GCM,data:3WwhgZ+ElLOdEgdy/EoOL1vqkcXfnOnUZMKUsD9rd7I=,iv:eMo7HeOkSPGpCbLMi/6XoD4MXd27OageRsz70lyXNf0=,tag:u3H9BSv+7lasnBl29l8o3Q==,type:str] secret-key: ENC[AES256_GCM,data:3WwhgZ+ElLOdEgdy/EoOL1vqkcXfnOnUZMKUsD9rd7I=,iv:eMo7HeOkSPGpCbLMi/6XoD4MXd27OageRsz70lyXNf0=,tag:u3H9BSv+7lasnBl29l8o3Q==,type:str]
@ -36,8 +38,8 @@ sops:
NEJBTHE2end1RDlHRTNFYlZjTjhib2cKmQRHpBKZ2DbQ5CfOwcSPfZAm9fnnpxUk NEJBTHE2end1RDlHRTNFYlZjTjhib2cKmQRHpBKZ2DbQ5CfOwcSPfZAm9fnnpxUk
+LcR8haK//O3N2uNf9etDW3VsT5ipPucCdFU1m/v9L5tcN6ZP8WP+w== +LcR8haK//O3N2uNf9etDW3VsT5ipPucCdFU1m/v9L5tcN6ZP8WP+w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-12T13:54:25Z" lastmodified: "2023-07-19T12:23:17Z"
mac: ENC[AES256_GCM,data:RM7WaIdA96ou62K5/oCqa74+F6PmYqRfOgNwdH5oDULwCj8ZLkn9VUVKuLWLbxbg5BqDJLDqquzelHJfftekSfwIqbpKSFrXpUKmic108OxE311t52Wu4wE4ieFii5c32A+E5Iu8/EbW95xQBZwKG24aZEJz9GvIdRShzF478h0=,iv:zHx2CL5Malq5cWPEqy2PZA9pkOWPBpRPAVnldlAzN60=,tag:RQo0BD/0vHnS2tH+ODIUZw==,type:str] mac: ENC[AES256_GCM,data:QLrZopVD2iL8J4KH4HTM1tkEWmPqY0U6g2bKmhb7R1ZzbopqJfQezv4zqcp/2H8Zz17X4clZ/TidetmBm7avjfj9znegTL4MsZQYqCe+qG6qlXF8GcGjJ/Wja8k4ofCyvsXHarLEulPZKxSELGrU0B6FBUmvnWrV8k4IRGad8pk=,iv:mbv+8AsSOmDasOXOc4r2mx1GCmnRozwgzSDh2U44afk=,tag:cKuWuB1dVJfU3Wq7wB+tBQ==,type:str]
pgp: pgp:
- created_at: "2023-04-23T17:48:54Z" - created_at: "2023-04-23T17:48:54Z"
enc: | enc: |

15
secrets/test.yaml
View file

@ -6,9 +6,11 @@ postgres_sogo: ENC[AES256_GCM,data:L2n5FxSQ6PPaLecmcg==,iv:9aykDfFp5Ysqpi14J7Aj0
nextcloud_adminpass: ENC[AES256_GCM,data:G3FcJIAl0HmpCu4JAXQOZPmWCg==,iv:Bgk7j3EfD9a73hDe93hpzH2uZUcssgVPMxr3nEWvUvQ=,tag:ngBZEBSQHBlWr62dcQdvHA==,type:str] nextcloud_adminpass: ENC[AES256_GCM,data:G3FcJIAl0HmpCu4JAXQOZPmWCg==,iv:Bgk7j3EfD9a73hDe93hpzH2uZUcssgVPMxr3nEWvUvQ=,tag:ngBZEBSQHBlWr62dcQdvHA==,type:str]
hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str]
wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str] wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str]
portunus_admin: ENC[AES256_GCM,data:2X7cz7nRN2lvubR0e+8=,iv:NRXWAbK6DouyGzW6yiJ8tNYKcXNWbt7uy3eTMmybrRk=,tag:7itZnw28EQCmGBBF9Ctb3A==,type:str] dex:
portunus_search: ENC[AES256_GCM,data:nqCvit2p8YE8XJ3Z+PEP,iv:k2dC6TTI70M8raOTNnp1TsPiDmF3ssPPhIe6cjMevBA=,tag:CG1uvLQSxSQzVsGYxG7YUw==,type:str] environment: ENC[AES256_GCM,data:81BPvoR7lfGRN/sj54gjnCsocQqbCDSjsjduiW+iFXBBV99yIW1G4lnq5J4rbmOi38u399Zg34r1utifESb/6fQ9TS34zmSXRUwWuyuedwzmiuDdbS9hNTLrKphIYOlvlaCzI/hhs46ZHPh0SZnc9l1gSc0VR010DAlufM/aBMNm/erbGTdR9Y+UId0Y2WyC6Cx48OMHCMIJ7Cy5D0oYwRefCGEvV1T6/Q==,iv:t6knQ+twxp4XslJkyFheVc29QD+dc6X3K1RMhnSzKHY=,tag:Pl+qX4wOuc+sfx5tkxd/Nw==,type:str]
ldap_search: ENC[AES256_GCM,data:HJvh/fKhMK4C2Xs=,iv:nCqgJ6XPwLdbhGe0uJRksQS6G07bDO+x+R/XKtURf3Y=,tag:0Y3Dblfu2Tv2MtTytXLubw==,type:str] portunus:
admin-password: ENC[AES256_GCM,data:+5XtK0Uo8l+/gfdmfAk=,iv:tVDgfn4b7I8sX20jVBy9Ezr0TTfmbV/KEEu/aHp/f8E=,tag:1EtG/TIl8AseqQxNxoYbSw==,type:str]
search-password: ENC[AES256_GCM,data:ugWsWw1yv/U3UK5yO/rC,iv:76nRC0EmALIx8nWX7AAMyRQh8RzVcMXtnpM9HThF3FQ=,tag:gHAqtOqMXYM6GJyIsrhvaQ==,type:str]
dovecot_ldap_search: ENC[AES256_GCM,data:ROoz+hiVWhGT3wYqp2Bg94AwlwyWLMVcrJkk,iv:PiUAqXAh58qIcF/ZWH8UdS68gxQtq28+lWXcLJ1mK9Y=,tag:gXeKisqVhJyx1xJ6x4hSyA==,type:str] dovecot_ldap_search: ENC[AES256_GCM,data:ROoz+hiVWhGT3wYqp2Bg94AwlwyWLMVcrJkk,iv:PiUAqXAh58qIcF/ZWH8UdS68gxQtq28+lWXcLJ1mK9Y=,tag:gXeKisqVhJyx1xJ6x4hSyA==,type:str]
rspamd-password: ENC[AES256_GCM,data:PG3qO7lDXjd/kw3Bp65k5KPWKU16yBmRXQeYeuo=,iv:pmDqdeyziD1ZUif0LABiN2BTqGw0VkvlrtwSSjo3lk8=,tag:QwnycEj+Nab0bCDeemUX0Q==,type:str] rspamd-password: ENC[AES256_GCM,data:PG3qO7lDXjd/kw3Bp65k5KPWKU16yBmRXQeYeuo=,iv:pmDqdeyziD1ZUif0LABiN2BTqGw0VkvlrtwSSjo3lk8=,tag:QwnycEj+Nab0bCDeemUX0Q==,type:str]
mediawiki: mediawiki:
@ -16,7 +18,8 @@ mediawiki:
initial_admin: ENC[AES256_GCM,data:YRd3O5774NTmshxbQPbFjg==,iv:/Ra3WbZKcnUMf99ujN9qd/+DkOkFKv4cIEfUdmxpqMw=,tag:gj7ZbwIB1HLuPpGTgiz7Vg==,type:str] initial_admin: ENC[AES256_GCM,data:YRd3O5774NTmshxbQPbFjg==,iv:/Ra3WbZKcnUMf99ujN9qd/+DkOkFKv4cIEfUdmxpqMw=,tag:gj7ZbwIB1HLuPpGTgiz7Vg==,type:str]
ldapprovider: ENC[AES256_GCM,data:dVrCFVgm4BDtUhcj9rSKXwnaIKsC5GGsDUoPJH1q5F4inskuSbFigcLM/UJFNOcr5R1dL+mYUOvnmIcoWA5AsuFKs3NzSYJVtVAm0x7vYSkHnfXu93V2F8Lc1xX/kZrFfnmNUXwhv2I+hknPUApY7wpmZOdk9NLKv4tbsgVTbfmR/WM6soOurh3b6b4cknfxqSeLZLeOIKL5WL8842t5SethyCfPsCm74JCpwHmflkCyT/lzIP1Kghab+xGWWyN9OAENlDZrJE6VAdctR+MKYZnhA7dXKeQPjKii9MZsDYFYTL5YDRysam4r7Jog/fozgWkXNrCUan29efnnBwpLz5hgV1MguIpvU8ccDQLNvgJCOdp6FgH45ZRlCxx29EWzh9iTDGPqmNsctUknFdfUVfIg9ziz/97i/kGcwy5N1oOsoUf7iRj5zLyLP6OlXGNThowF4jlNdI2b+caQGz7H6ZkJfUPWULotBUrjxrZo3pSYRkpJ77xbGUZf35ysxTHpfsmhyyO9HRhhgNkilEHlcsi8u+AC0su+Htg/Io332tSX+W6Gj6R6Q23hQ0gf8on5Y2xx34ysobEh8cMS4+Kj0nwasMHjW70g3qWpKkG1LSOIgXiA7hcusGCo8xPZ1y3gIyRiTxVTPJHh63Ecd0O37P4NWVSKEpsIM5pkngMN5L5K/ymtZ0kjREX2q4qpXf2xJiTTdAkeTMcmDs9HHjOzIIynYouY7P6qdXUpXjyGwqfovmnIv5icQ6sqFA==,iv:sPRnnIEif6W1SPy5SKiUuY681HeLPcR19U4p1mdUGdc=,tag:zeMdtTRk8ULP4GYDQLIU7A==,type:str] ldapprovider: ENC[AES256_GCM,data:dVrCFVgm4BDtUhcj9rSKXwnaIKsC5GGsDUoPJH1q5F4inskuSbFigcLM/UJFNOcr5R1dL+mYUOvnmIcoWA5AsuFKs3NzSYJVtVAm0x7vYSkHnfXu93V2F8Lc1xX/kZrFfnmNUXwhv2I+hknPUApY7wpmZOdk9NLKv4tbsgVTbfmR/WM6soOurh3b6b4cknfxqSeLZLeOIKL5WL8842t5SethyCfPsCm74JCpwHmflkCyT/lzIP1Kghab+xGWWyN9OAENlDZrJE6VAdctR+MKYZnhA7dXKeQPjKii9MZsDYFYTL5YDRysam4r7Jog/fozgWkXNrCUan29efnnBwpLz5hgV1MguIpvU8ccDQLNvgJCOdp6FgH45ZRlCxx29EWzh9iTDGPqmNsctUknFdfUVfIg9ziz/97i/kGcwy5N1oOsoUf7iRj5zLyLP6OlXGNThowF4jlNdI2b+caQGz7H6ZkJfUPWULotBUrjxrZo3pSYRkpJ77xbGUZf35ysxTHpfsmhyyO9HRhhgNkilEHlcsi8u+AC0su+Htg/Io332tSX+W6Gj6R6Q23hQ0gf8on5Y2xx34ysobEh8cMS4+Kj0nwasMHjW70g3qWpKkG1LSOIgXiA7hcusGCo8xPZ1y3gIyRiTxVTPJHh63Ecd0O37P4NWVSKEpsIM5pkngMN5L5K/ymtZ0kjREX2q4qpXf2xJiTTdAkeTMcmDs9HHjOzIIynYouY7P6qdXUpXjyGwqfovmnIv5icQ6sqFA==,iv:sPRnnIEif6W1SPy5SKiUuY681HeLPcR19U4p1mdUGdc=,tag:zeMdtTRk8ULP4GYDQLIU7A==,type:str]
mautrix-telegram_env: ENC[AES256_GCM,data:vqHmM3mRrIYMT4760sglAlBZoOb7siqx3alvQE5rpq8z6FgOqJxHqGaN1quhpAVVe9ugtlvezVh8eSFX+45Y5rtqJ7iylxmC+y8JGsyLIflf674Si7h07bedCcT0wBg1ioI/JILDwICiAf0=,iv:BAPKiVt2l3E7z1Wk9ky6WFYr6hn62d+X5r0NMdUYwJQ=,tag:CRddpVMHQLwhwUF1hn0JKA==,type:str] mautrix-telegram_env: ENC[AES256_GCM,data:vqHmM3mRrIYMT4760sglAlBZoOb7siqx3alvQE5rpq8z6FgOqJxHqGaN1quhpAVVe9ugtlvezVh8eSFX+45Y5rtqJ7iylxmC+y8JGsyLIflf674Si7h07bedCcT0wBg1ioI/JILDwICiAf0=,iv:BAPKiVt2l3E7z1Wk9ky6WFYr6hn62d+X5r0NMdUYwJQ=,tag:CRddpVMHQLwhwUF1hn0JKA==,type:str]
postfix_ldap_aliases: ENC[AES256_GCM,data:L77Si6Try9Jf+Bk6cg3kAafk1PcFN2WmfMaXFZ9fOgXVMjHDfRhFcFvOnrutY6K1vg1cChwIT7qW7FAxvfxL+0wkWRi8uZbHkaHpa4OXXWCiLch1aZFDArLm08NZgj6Wxtl3J7bF8KCy4ZP3fKCxWYL+uzBWCJiIgJP4AK+7cg11CqwJrooPDV11ESIdFX5jxpC1YB1k9gu7t1WB1mdbtypPWX1PRB+Y1k+E7YeNA4x6CFNhAlsy7C8eoX7PVYGy8yFmY86E4smo7qk+KEZj/JBL4o96MhwIIgEnpQE0NPtX1/lHCRo/jn4=,iv:l74DznC3qOINA9/qVKpU+67XYVFNBhtLnPfp4YeeDLM=,tag:0j0Xj5lmKKCt2s+3Uj+Y2g==,type:str] postfix_ldap_aliases: ENC[AES256_GCM,data:DuEJdUT8mMTupjSpVx/TlnclhNXdqGgEAhVJjairZgpbU2U8qdqONkcKBau0iQKL3EwNx7/2fTgM9n9f+/28veY4lzRGffbKny+YRdnx1mGYdb8SKM5zXd/7ch3d+W2GmBYxBP6IRyGmWOv33gV+CaGyANgd/Byj/4BMMpOXJYr04qYOSbYqx+iK8Kp4ephdpSO7BLPB3Jq/BX91LYnCfwEzhG+YfGzyymxNDVSC2+RtNz1yWz8N+Ao5d1ZAvXRS3TSLtiQx43oEx9aAyt/HqiFsJ1fkTG4fZd/QIy7QvqhMufcsAXlm/g==,iv:WKH2e5885XdDcXSufRyMjUfgyfawF98rL+HW6m1SsN8=,tag:npMkjaZv4bQfLrqUZHqZLg==,type:str]
vaultwarden_env: ENC[AES256_GCM,data:QXUugQ/Eezrtlzz6j1Gg4ylZ4u3FmgD/A+k0N330Q+5AH00RGrD7wW0xbMRfn3+D0/T4wZ3OnPBbWByaGT9mcMBRGYZ7nPG+s/FiPleWsd/KdiojbT4nOgKJt7BgwfReTYddcWNWAiX72QTxBn29ZDaILVOPlQLE+u4Ak7gpaApTBnkSSFSZiOg=,iv:ZwBZNdaGQCBwHoihsvmm7W3V8R2rTuIDP+zU8g9V6lw=,tag:pwNspX5MqIO2lFSTTCxehA==,type:str]
course-management: course-management:
secret-key: ENC[AES256_GCM,data:L0VppGYIv39coA==,iv:sR/bQ/z7idP0co1JmGs2S8MJZJaVUvfAYWE0yFuowKM=,tag:7ilRRmnD2gfsv6bYGiw2zA==,type:str] secret-key: ENC[AES256_GCM,data:L0VppGYIv39coA==,iv:sR/bQ/z7idP0co1JmGs2S8MJZJaVUvfAYWE0yFuowKM=,tag:7ilRRmnD2gfsv6bYGiw2zA==,type:str]
adminpass: ENC[AES256_GCM,data:uFphxfMJvxo0,iv:6k/XroVJ8v04gJM+Lo5mY/mV41Cf4vjBFVmXCbfzqQ8=,tag:x0MWUb3RWZt5nh717trwkw==,type:str] adminpass: ENC[AES256_GCM,data:uFphxfMJvxo0,iv:6k/XroVJ8v04gJM+Lo5mY/mV41Cf4vjBFVmXCbfzqQ8=,tag:x0MWUb3RWZt5nh717trwkw==,type:str]
@ -35,8 +38,8 @@ sops:
MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk
ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ== ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-11T22:22:26Z" lastmodified: "2023-07-19T12:30:33Z"
mac: ENC[AES256_GCM,data:IeaIejtLIrrvlOTKJhRs59WCcRfgd+GNATToi9EdzZLz+Fde1sWwOFHCJiq1/telws38bGjN9LmaSy/JucQS8tGMe4Hh5baz/bW0gGP4s1Q96wytwou4fWBHc7mtlDko+F2lygHJ/JAy4ZA8Cev/d7KhPo1EV48x/WI1Mg5rDeI=,iv:GXXcZT0m2qo3tBUknBbJKDLuu+qdllNG8mFfyVX/wmY=,tag:z3Z40dfFI4TfdMQIM78p1g==,type:str] mac: ENC[AES256_GCM,data:71QbN9JLvAYuzXtHu8ps3P4gt7YlB/W2wqPHYl4kO2WsAYPbLL+DAbgqru7dUS8osOybXRYwg/ikiFEk76q64YLuLvqk/ZBoJWv+7J/e5Ppi8ebMJi1iwjLgJUuU0oGDgMa/xISgnCxpv0qJdbIlX8DxlMoNZtACquzvUzJyiYI=,iv:DNF7BtVCwCn8AiABFtq0UVwx0JPSFNRCMSeeHfANwE4=,tag:fRNpF8YK1KY52okkuLlGjw==,type:str]
pgp: pgp:
- created_at: "2022-11-18T16:37:58Z" - created_at: "2022-11-18T16:37:58Z"
enc: | enc: |