diff --git a/flake.lock b/flake.lock index 37b4e24..7550cf5 100644 --- a/flake.lock +++ b/flake.lock @@ -9,11 +9,11 @@ "poetry2nix": "poetry2nix" }, "locked": { - "lastModified": 1714117615, + "lastModified": 1710843969, "narHash": "sha256-Ilu7j7tihFI0jtnsQS+7H0SZX4C61NZHaV/7fJ39t/E=", "owner": "fsr", "repo": "course-management", - "rev": "9e5ab11788b926a9a26d2aaa0e0958c3c5865cc9", + "rev": "07b173b4ea458e5a08b3aa9ec677153c08657c98", "type": "github" }, "original": { @@ -145,11 +145,11 @@ ] }, "locked": { - "lastModified": 1716170277, - "narHash": "sha256-fCAiox/TuzWGVaAz16PxrR4Jtf9lN5dwWL2W74DS0yI=", + "lastModified": 1711854532, + "narHash": "sha256-JPStavwlT7TfxxiXHk6Q7sbNxtnXAIjXQJMLO0KB6M0=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "e0638db3db43b582512a7de8c0f8363a162842b9", + "rev": "2844b5f3ad3b478468151bd101370b9d8ef8a3a7", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1716361217, - "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", + "lastModified": 1712168706, + "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", + "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb", "type": "github" }, "original": { @@ -176,11 +176,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1716061101, - "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=", + "lastModified": 1711819797, + "narHash": "sha256-tNeB6emxj74Y6ctwmsjtMlzUMn458sBmwnD35U5KIM4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2", + "rev": "2b4e3ca0091049c6fbb4908c66b05b77eaef9f0c", "type": "github" }, "original": { @@ -192,11 +192,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "lastModified": 1712163089, + "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", "type": "github" }, "original": { @@ -286,11 +286,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1716400300, - "narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=", + "lastModified": 1711855048, + "narHash": "sha256-HxegAPnQJSC4cbEbF4Iq3YTlFHZKLiNTk8147EbLdGg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b549832718b8946e875c016a4785d204fcfc2e53", + "rev": "99b1e37f9fc0960d064a7862eb7adfb92e64fa10", "type": "github" }, "original": { @@ -386,11 +386,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1713958148, - "narHash": "sha256-8PDNi/dgoI2kyM7uSiU4eoLBqUKoA+3TXuz+VWmuCOc=", + "lastModified": 1709622318, + "narHash": "sha256-bTscF0366xtoIXgH7Zq+Mn0mpX3w4h/2xKpHiYMyLNc=", "owner": "nix-community", "repo": "nixos-vscode-server", - "rev": "fc900c16efc6a5ed972fb6be87df018bcf3035bc", + "rev": "d0ed9b8cf1f0a71f110df9119489ab047e0726bd", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 422d82c..4624be8 100755 --- a/flake.nix +++ b/flake.nix @@ -83,14 +83,12 @@ ./modules/hedgedoc.nix ./modules/padlist.nix ./modules/nextcloud.nix - ./modules/keycloak.nix - ./modules/monitoring.nix ./modules/vaultwarden.nix ./modules/forgejo ./modules/kanboard.nix ./modules/zammad.nix ./modules/decisions.nix - # ./modules/struktur-bot.nix + ./modules/struktur-bot.nix { nixpkgs.overlays = [ self.overlays.default ]; sops.defaultSopsFile = ./secrets/quitte.yaml; @@ -108,6 +106,7 @@ ./hosts/tomate/configuration.nix ./modules/core/base.nix ./modules/core/zsh.nix + ./modules/core/fail2ban.nix ./modules/core/sssd.nix { sops.defaultSopsFile = ./secrets/tomate.yaml; diff --git a/hosts/quitte/configuration.nix b/hosts/quitte/configuration.nix index 6f18e21..f86ad6e 100644 --- a/hosts/quitte/configuration.nix +++ b/hosts/quitte/configuration.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, ... }: { imports = @@ -7,27 +7,11 @@ ./network.nix ]; - boot.loader.systemd-boot = { - enable = true; - extraInstallCommands = '' - ${pkgs.coreutils}/bin/cp -r /boot/* /boot2 - ''; - }; + boot.loader.systemd-boot.enable = true; # boot.kernelParams = [ "video=VGA-1:1024x768@30" ]; boot.loader.efi.canTouchEfiVariables = true; boot.supportedFilesystems = [ "zfs" ]; - # boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; - # Pin Kernel Version as 6.6.28 has a broken networking driver - boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_6.override { - argsOverride = rec { - src = pkgs.fetchurl { - url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz"; - sha256 = "sha256-Y55QBg48jyPtAXyxDP6sxrqI/1WDgSu3aFm0zGoSgpE="; - }; - version = "6.6.27"; - modDirVersion = "6.6.27"; - }; - }); + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; services.zfs = { trim.enable = true; @@ -53,6 +37,9 @@ value = "10000"; } ]; + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; systemd = { services.nix-daemon.serviceConfig = { diff --git a/hosts/quitte/hardware-configuration.nix b/hosts/quitte/hardware-configuration.nix index 5dad929..52d637e 100644 --- a/hosts/quitte/hardware-configuration.nix +++ b/hosts/quitte/hardware-configuration.nix @@ -10,41 +10,41 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "rpool/nixos/root"; - fsType = "zfs"; - }; + fileSystems."/" = + { + device = "rpool/nixos/root"; + fsType = "zfs"; + }; - fileSystems."/home" = { - device = "rpool/nixos/home"; - fsType = "zfs"; - }; + fileSystems."/home" = + { + device = "rpool/nixos/home"; + fsType = "zfs"; + }; - fileSystems."/nix" = { - device = "rpool/nixos/nixnew"; - fsType = "zfs"; - }; + fileSystems."/nix" = + { + device = "rpool/nixos/nixnew"; + fsType = "zfs"; + }; - fileSystems."/var/lib" = { - device = "rpool/nixos/var/lib"; - fsType = "zfs"; - }; + fileSystems."/var/lib" = + { + device = "rpool/nixos/var/lib"; + fsType = "zfs"; + }; - fileSystems."/var/log" = { - device = "rpool/nixos/var/log"; - fsType = "zfs"; - }; + fileSystems."/var/log" = + { + device = "rpool/nixos/var/log"; + fsType = "zfs"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/3278-8D00"; - fsType = "vfat"; - options = [ "nofail" ]; - }; - fileSystems."/boot2" = { - device = "/dev/disk/by-uuid/3366-F71E"; - fsType = "vfat"; - options = [ "nofail" ]; - }; + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/3278-8D00"; + fsType = "vfat"; + }; swapDevices = [ ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/hosts/tomate/configuration.nix b/hosts/tomate/configuration.nix index 7ac0b3a..f3f3ceb 100644 --- a/hosts/tomate/configuration.nix +++ b/hosts/tomate/configuration.nix @@ -8,7 +8,6 @@ imports = [ # Include the results of the hardware scan. - ./network.nix ./hardware-configuration.nix ]; @@ -16,6 +15,8 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "tomate"; # Define your hostname. + networking.nftables.enable = true; nix = { settings = { @@ -28,6 +29,9 @@ }; }; + # Enable networking + networking.networkmanager.enable = true; + # Set your time zone. time.timeZone = "Europe/Berlin"; diff --git a/hosts/tomate/network.nix b/hosts/tomate/network.nix deleted file mode 100644 index 32e98ca..0000000 --- a/hosts/tomate/network.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, ... }: -{ - sops.secrets.ifsr-apb-auth = { }; - networking = { - domain = "ifsr.de"; - hostName = "tomate"; - useNetworkd = true; - nftables.enable = true; - # Radius authentification - supplicant."enp3s0" = { - driver = "wired"; - configFile.path = config.sops.secrets.ifsr-apb-auth.path; - }; - }; - - services.resolved = { - enable = true; - fallbackDns = [ "9.9.9.9" ]; - }; - - systemd.network = { - enable = true; - - networks."10-wired-default" = { - matchConfig.Name = "enp3s0"; - - address = [ "141.30.86.196/26" ]; - routes = [ - { - routeConfig.Gateway = "141.30.86.193"; - } - ]; - networkConfig = { - DNS = "141.30.1.1"; - LLDP = true; - EmitLLDP = "nearest-bridge"; - }; - }; - }; -} diff --git a/modules/core/base.nix b/modules/core/base.nix index 5f4e7b7..53a5d38 100755 --- a/modules/core/base.nix +++ b/modules/core/base.nix @@ -29,13 +29,7 @@ }; # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "yes"; - PasswordAuthentication = false; - }; - }; + services.openssh.enable = true; programs.mosh.enable = true; # vs code server diff --git a/modules/core/default.nix b/modules/core/default.nix index de763c0..8fb9099 100755 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -7,7 +7,6 @@ ./initrd-ssh.nix ./mysql.nix ./nginx.nix - ./podman.nix ./postgres.nix ./sssd.nix ./zsh.nix diff --git a/modules/core/initrd-ssh.nix b/modules/core/initrd-ssh.nix index a244b21..6b7a1a9 100644 --- a/modules/core/initrd-ssh.nix +++ b/modules/core/initrd-ssh.nix @@ -6,14 +6,13 @@ { config, ... }: { boot.initrd = { - availableKernelModules = [ "mlx5_core" ]; systemd = { enable = true; network = { enable = true; networks."10-wired-default" = config.systemd.network.networks."10-wired-default"; }; - users.root.shell = "/bin/systemd-tty-ask-password-agent"; + users.root.shell = "/bin/zfs load-key rpool/nixos"; }; network = { enable = true; diff --git a/modules/core/nginx.nix b/modules/core/nginx.nix index 36e596e..477663c 100644 --- a/modules/core/nginx.nix +++ b/modules/core/nginx.nix @@ -7,14 +7,10 @@ ({ name, ... }: { enableACME = true; forceSSL = true; - # enable http3 for all hosts - quic = true; - http3 = true; # split up nginx access logs per vhost extraConfig = '' access_log /var/log/nginx/${name}_access.log; error_log /var/log/nginx/${name}_error.log; - add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }) ); @@ -26,7 +22,6 @@ networking.firewall.allowedUDPPorts = [ 443 ]; services.nginx = { enable = true; - package = pkgs.nginxQuic; additionalModules = [ pkgs.nginxModules.pam ]; recommendedProxySettings = true; recommendedGzipSettings = true; diff --git a/modules/core/podman.nix b/modules/core/podman.nix deleted file mode 100644 index ad47b5b..0000000 --- a/modules/core/podman.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, pkgs, ... }: -{ - # From: https://nixos.wiki/wiki/Podman - virtualisation.containers.enable = true; - virtualisation = { - podman = { - enable = true; - - # Create a `docker` alias for podman, to use it as a drop-in replacement - dockerCompat = true; - - # Required for containers under podman-compose to be able to talk to each other. - defaultNetwork.settings.dns_enabled = true; - }; - }; - virtualisation.oci-containers.backend = "podman"; - - - # Useful otherdevelopment tools - environment.systemPackages = with pkgs; [ - dive # look into docker image layers - podman-tui # status of containers in the terminal - #docker-compose # start group of containers for dev - #podman-compose # start group of containers for dev - ]; -} \ No newline at end of file diff --git a/modules/core/postgres.nix b/modules/core/postgres.nix index 2342765..297a1ea 100644 --- a/modules/core/postgres.nix +++ b/modules/core/postgres.nix @@ -8,9 +8,7 @@ "directus_ese" "course-management" "git" - "grafana" "hedgedoc" - "keycloak" "matrix-synapse" "mautrix-telegram" "mediawiki" diff --git a/modules/core/zsh.nix b/modules/core/zsh.nix index 349f3dd..2412e4a 100644 --- a/modules/core/zsh.nix +++ b/modules/core/zsh.nix @@ -1,6 +1,5 @@ { lib, pkgs, ... }: { - users.users.root.shell = pkgs.zsh; programs.command-not-found.enable = false; programs.nix-index-database.comma.enable = true; environment.systemPackages = with pkgs; [ diff --git a/modules/decisions.nix b/modules/decisions.nix index a95bd85..8427375 100644 --- a/modules/decisions.nix +++ b/modules/decisions.nix @@ -6,14 +6,14 @@ in sops.secrets."decisions_env" = { }; virtualisation.oci-containers = { containers.decisions = { - image = "ghcr.io/fsr/decisions"; + image = "decisions"; volumes = [ "/var/lib/nextcloud/data/root/files/FSR/protokolle:/protokolle:ro" ]; - extraOptions = [ "--network=host" ]; environmentFiles = [ config.sops.secrets."decisions_env".path ]; + extraOptions = [ "--network=host" ]; }; }; @@ -25,6 +25,11 @@ in }; }; + services.portunus.dex.oidcClients = [{ + id = "decisions"; + callbackURL = "https://decisions.ifsr.de/auth"; + }]; + systemd.timers."decisions-to-db" = { wantedBy = [ "timers.target" ]; timerConfig = { diff --git a/modules/kanboard.nix b/modules/kanboard.nix index 9edc86a..5eb155c 100644 --- a/modules/kanboard.nix +++ b/modules/kanboard.nix @@ -1,33 +1,65 @@ -{ config, pkgs, ... }: +{ pkgs, config, lib, ... }: let domain = "kanboard.${config.networking.domain}"; domain_short = "kb.${config.networking.domain}"; + user = "kanboard"; + group = "kanboard"; in { - sops.secrets."kanboard_env" = { }; - - virtualisation.oci-containers = { - containers.kanboard = { - image = "ghcr.io/kanboard/kanboard:v1.2.36"; - volumes = [ - "kanboard_data:/var/www/app/data" - "kanboard_plugins:/var/www/app/plugins" - ]; - ports = [ "127.0.0.1:8045:80" ]; - environmentFiles = [ - config.sops.secrets."kanboard_env".path - ]; + users.users.${user} = { + group = group; + isSystemUser = true; + }; + users.groups.${group} = { }; + + services.phpfpm.pools.kanboard = { + user = "kanboard"; + group = "kanboard"; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.max_requests" = 500; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 5; + "php_admin_value[error_log]" = "stderr"; + "php_admin_flag[log_errors]" = true; + "catch_workers_output" = true; }; + phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; }; + + + services.nginx.enable = true; services.nginx = { virtualHosts."${domain_short}" = { locations."/".return = "301 $scheme://${domain}$request_uri"; }; virtualHosts."${domain}" = { - locations."/" = { - proxyPass = "http://127.0.0.1:8045"; + root = "/srv/web/kanboard"; + extraConfig = '' + index index.html index.php; + ''; + + locations = { + "/" = { + tryFiles = "$uri $uri/ =404"; + }; + "~ \.php$" = { + extraConfig = '' + try_files $uri =404; + fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket}; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include ${pkgs.nginx}/conf/fastcgi_params; + include ${pkgs.nginx}/conf/fastcgi.conf; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + ''; + }; + "/data".return = "403"; }; }; }; diff --git a/modules/keycloak.nix b/modules/keycloak.nix deleted file mode 100644 index 08d5d2d..0000000 --- a/modules/keycloak.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, nixpkgs-unstable, ... }: -let - domain = "sso.${config.networking.domain}"; -in -{ - sops.secrets."keycloak/db" = { }; - services.keycloak = { - enable = true; - # we use unstable as the release in stable is insecure - package = nixpkgs-unstable.legacyPackages.x86_64-linux.keycloak; - settings = { - http-port = 8086; - https-port = 19000; - hostname = domain; - proxy = "edge"; - }; - # The module requires a password for the DB and works best with its own DB config - # Does an automatic Postgresql configuration - database = { - passwordFile = config.sops.secrets."keycloak/db".path; - }; - initialAdminPassword = "plschangeme"; - }; - services.nginx.virtualHosts."${domain}" = { - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}"; - extraConfig = '' - proxy_buffer_size 128k; - proxy_buffers 4 256k; - proxy_busy_buffers_size 256k; - ''; - }; - }; -} diff --git a/modules/ldap/default.nix b/modules/ldap/default.nix index b5d1cf7..bc400ad 100644 --- a/modules/ldap/default.nix +++ b/modules/ldap/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, nixpkgs-unstable, system, ... }: +{ config, lib, pkgs, nixpkgs-unstable, system, ... }: let domain = "auth.${config.networking.domain}"; seedSettings = { @@ -55,6 +55,7 @@ in sops.secrets = { "portunus/admin-password".owner = config.services.portunus.user; "portunus/search-password".owner = config.services.portunus.user; + "dex/environment".owner = config.systemd.services.dex.serviceConfig.User; }; services.portunus = { @@ -71,6 +72,8 @@ in inherit domain seedSettings; port = 8681; + dex.enable = true; + ldap = { suffix = "dc=ifsr,dc=de"; searchUserName = "search"; @@ -81,6 +84,30 @@ in }; }; + services.dex.settings = { + oauth2.skipApprovalScreen = true; + frontend = { + issuer = "iFSR Schliboleth"; + logoURL = "https://wiki.ifsr.de/images/3/3b/LogoiFSR.png"; + theme = "dark"; + }; + }; + + systemd.services.dex.serviceConfig = { + DynamicUser = lib.mkForce false; + EnvironmentFile = config.sops.secrets."dex/environment".path; + StateDirectory = "dex"; + User = "dex"; + }; + + users = { + users.dex = { + group = "dex"; + isSystemUser = true; + }; + groups.dex = { }; + }; + security.pam.services.sshd.makeHomeDir = true; services.nginx = { @@ -88,12 +115,13 @@ in virtualHosts."${config.services.portunus.domain}" = { locations = { "/".proxyPass = "http://localhost:${toString config.services.portunus.port}"; + "/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}"; }; }; }; networking.firewall = { extraInputRules = '' - ip saddr { 141.30.86.192/26, 141.76.100.128/25, 141.30.30.169, 10.88.0.1/16 } tcp dport 636 accept comment "Allow ldaps access from office nets and podman" + ip saddr { 141.30.86.192/26, 141.76.100.128/25 } tcp dport 636 accept comment "Allow ldaps access from office nets" ''; }; } diff --git a/modules/mail/mailman.nix b/modules/mail/mailman.nix index 23d36a9..f9a9354 100644 --- a/modules/mail/mailman.nix +++ b/modules/mail/mailman.nix @@ -66,14 +66,6 @@ ensureDatabases = [ "mailman" "mailman-web" ]; }; services.nginx.virtualHosts."lists.${config.networking.domain}" = { - locations."/accounts/signup" = { - extraConfig = '' - allow 141.30.0.0/16; - allow 141.76.0.0/16; - deny all; - uwsgi_pass unix:/run/mailman-web.socket; - ''; - }; locations."/robots.txt" = { extraConfig = '' add_header Content-Type text/plain; diff --git a/modules/monitoring.nix b/modules/monitoring.nix deleted file mode 100644 index e277876..0000000 --- a/modules/monitoring.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ config, ... }: -let - domain = "monitoring.${config.networking.domain}"; -in -{ - sops.secrets."grafana/oidc_secret" = { - owner = "grafana"; - }; - # grafana configuration - services.grafana = { - enable = true; - settings = { - server = { - inherit domain; - http_addr = "127.0.0.1"; - http_port = 2342; - root_url = "https://monitoring.ifsr.de"; - }; - database = { - type = "postgres"; - user = "grafana"; - host = "/run/postgresql"; - }; - "auth.generic_oauth" = { - enabled = true; - name = "iFSR"; - allow_sign_up = true; - client_id = "grafana"; - client_secret = "$__file{${config.sops.secrets."grafana/oidc_secret".path}}"; - scopes = "openid email profile offline_access roles"; - - email_attribute_path = "email"; - login_attribute_path = "username"; - name_attribute_path = "full_name"; - - auth_url = "https://sso.ifsr.de/realms/internal/protocol/openid-connect/auth"; - token_url = "https://sso.ifsr.de/realms/internal/protocol/openid-connect/token"; - api_url = "https://sso.ifsr.de/realms/internal/protocol/openid-connect/userinfo"; - role_attribute_path = "contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'"; - - }; - - }; - - - }; - - services.postgresql = { - enable = true; - ensureUsers = [ - { - name = "grafana"; - ensureDBOwnership = true; - } - ]; - ensureDatabases = [ "grafana" ]; - }; - - services.prometheus = { - enable = true; - port = 9001; - exporters = { - node = { - enable = true; - enabledCollectors = [ "systemd" ]; - port = 9002; - }; - postfix = { - enable = true; - port = 9003; - }; - }; - scrapeConfigs = [ - { - job_name = "node"; - static_configs = [{ - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; - }]; - scrape_interval = "15s"; - } - { - job_name = "postfix"; - static_configs = [{ - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.postfix.port}" ]; - }]; - # scrape_interval = "60s"; - } - ]; - }; - - # nginx reverse proxy - services.nginx.virtualHosts.${domain} = { - locations."/" = { - proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; - proxyWebsockets = true; - }; - }; -} diff --git a/modules/nix-serve.nix b/modules/nix-serve.nix index 643ceb0..3b10282 100644 --- a/modules/nix-serve.nix +++ b/modules/nix-serve.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, ... }: let domain = "cache.${config.networking.domain}"; in @@ -6,7 +6,6 @@ in sops.secrets."nix-serve/key" = { }; services.nix-serve = { enable = true; - package = pkgs.nix-serve-ng; secretKeyFile = config.sops.secrets."nix-serve/key".path; port = 5002; }; diff --git a/modules/padlist.nix b/modules/padlist.nix index 8a5f440..83900eb 100644 --- a/modules/padlist.nix +++ b/modules/padlist.nix @@ -46,4 +46,10 @@ in }; }; }; + + services.portunus.dex.oidcClients = [{ + id = "padlist"; + callbackURL = "https://list.pad.ifsr.de/callback.php"; + }]; + } diff --git a/modules/struktur-bot.nix b/modules/struktur-bot.nix index 9773474..4361dd4 100644 --- a/modules/struktur-bot.nix +++ b/modules/struktur-bot.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { sops.secrets."strukturbot_env" = { }; - # virtualisation.docker.daemon.settings.dns = [ "141.30.1.1" "141.76.14.1" ]; + virtualisation.docker.daemon.settings.dns = [ "141.30.1.1" "141.76.14.1" ]; virtualisation.oci-containers = { containers.struktur-bot = { image = "struktur-bot"; diff --git a/modules/web/crimecampus.nix b/modules/web/crimecampus.nix deleted file mode 100644 index 9f9e3ba..0000000 --- a/modules/web/crimecampus.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, pkgs, ... }: -let - domain = "cc.${config.networking.domain}"; -in -{ - services.nginx.virtualHosts."${domain}".root = "/srv/web/regex"; -} diff --git a/modules/web/default.nix b/modules/web/default.nix index c50add9..262ea0b 100644 --- a/modules/web/default.nix +++ b/modules/web/default.nix @@ -1,7 +1,6 @@ { ... }: { imports = [ - ./crimecampus.nix ./ifsrde.nix ./ese.nix ./infoscreen.nix diff --git a/modules/web/ese.nix b/modules/web/ese.nix index 780ad13..0f696de 100644 --- a/modules/web/ese.nix +++ b/modules/web/ese.nix @@ -7,12 +7,14 @@ in sops.secrets."directus_env" = { }; environment.systemPackages = [ pkgs.nodejs_21 ]; virtualisation.oci-containers = { + backend = "docker"; containers.directus-ese = { image = "directus/directus:latest"; volumes = [ "/srv/web/directus-ese/uploads:/directus/uploads" "/srv/web/directus-ese/database:/directus/database" ]; + ports = [ "127.0.0.1:8055:8055" ]; extraOptions = [ "--network=host" ]; environment = { "DB_CLIENT" = "pg"; @@ -20,14 +22,6 @@ in "DB_PORT" = "5432"; "DB_DATABASE" = "directus_ese"; "DB_USER" = "directus_ese"; - "PUBLIC_URL" = "https://directus-ese.ifsr.de"; - "AUTH_PROVIDERS"="keycloak"; - "AUTH_KEYCLOAK_DRIVER" = "openid"; - "AUTH_KEYCLOAK_CLIENT_ID" = "directus-ese"; - "AUTH_KEYCLOAK_ISSUER_URL" = "https://sso.ifsr.de/realms/internal/.well-known/openid-configuration"; - "AUTH_KEYCLOAK_IDENTIFIER_KEY" = "email"; - "AUTH_KEYCLOAK_ALLOW_PUBLIC_REGISTRATION"="true"; - "AUTH_KEYCLOAK_DEFAULT_ROLE_ID"="a6b7a1b6-a6fa-442c-87fd-e37c2a16424b"; }; environmentFiles = [ config.sops.secrets."directus_env".path diff --git a/modules/web/fsrewsp.nix b/modules/web/fsrewsp.nix index 5fe4cd3..57ad6bb 100644 --- a/modules/web/fsrewsp.nix +++ b/modules/web/fsrewsp.nix @@ -58,7 +58,6 @@ in include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; - fastcgi_param HTTP_HOST $host; ''; }; "~ \.log$".return = "403"; diff --git a/modules/web/ifsrde.nix b/modules/web/ifsrde.nix index 694abc7..7f5996f 100644 --- a/modules/web/ifsrde.nix +++ b/modules/web/ifsrde.nix @@ -60,7 +60,6 @@ in "~ ^/cmd(/?[^\\n|\\r]*)$".return = "301 https://pad.ifsr.de$1"; "/bbb".return = "301 https://bbb.tu-dresden.de/b/fsr-58o-tmf-yy6"; "/kpp".return = "301 https://kpp.ifsr.de"; - "/sso".return = "301 https://sso.ifsr.de/realms/internal/account"; # security "~* /(\.git|cache|bin|logs|backup|tests)/.*$".return = "403"; # deny running scripts inside core system folders @@ -73,4 +72,9 @@ in }; }; }; + + services.portunus.dex.oidcClients = [{ + id = "grav"; + callbackURL = "https://ifsr.de/admin/task:callback.oauth2"; + }]; } diff --git a/modules/web/nightline.nix b/modules/web/nightline.nix index 8abd76d..9cff390 100644 --- a/modules/web/nightline.nix +++ b/modules/web/nightline.nix @@ -55,7 +55,6 @@ in include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; - fastcgi_param HTTP_HOST $host; ''; }; "~ \.log$".return = "403"; diff --git a/modules/wiki/fsr.nix b/modules/wiki/fsr.nix index 9f82869..59c4da8 100644 --- a/modules/wiki/fsr.nix +++ b/modules/wiki/fsr.nix @@ -63,12 +63,11 @@ in # Auth # https://www.mediawiki.org/wiki/Extension:PluggableAuth # https://www.mediawiki.org/wiki/Extension:OpenID_Connect - $wgOpenIDConnect_MigrateUsersByEmail = true; $wgPluggableAuth_EnableLocalLogin = true; $wgPluggableAuth_Config["iFSR Login"] = [ "plugin" => "OpenIDConnect", "data" => [ - "providerURL" => "https://sso.ifsr.de/realms/internal", + "providerURL" => "${config.services.portunus.domain}/dex", "clientID" => "wiki", "clientsecret" => file_get_contents('${config.sops.secrets."mediawiki/oidc_secret".path}'), ], @@ -95,6 +94,11 @@ in }; }; + portunus.dex.oidcClients = [{ + id = "wiki"; + callbackURL = "https://${domain}/Spezial:PluggableAuthLogin"; + }]; + nginx = { recommendedProxySettings = true; virtualHosts.${domain} = { diff --git a/overlays/default.nix b/overlays/default.nix index 7240ef2..52de42e 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,7 +1,6 @@ _final: prev: let inherit (prev) fetchurl; - inherit (prev) fetchFromGitHub; in { # AGDSN is running an outdated version that we have to comply to @@ -12,17 +11,5 @@ in sha256 = "sha256-3w+FJezbo4DnS1N8pxrfO3WWWT8CGJtZqw6//IXMyN4="; }; })); - # (hopefully) fix systemd journal reading - prometheus-postfix-exporter = prev.prometheus-postfix-exporter.overrideAttrs (_old: { - patches = [ - ./prometheus-postfix-exporter/0001-cleanup-also-catch-milter-reject.patch - ]; - src = fetchFromGitHub { - owner = "adangel"; - repo = "postfix_exporter"; - rev = "414ac12ee63415eede46cb3084d755a6da6fba23"; - hash = "sha256-m1kVaO3N7XC1vtnxXX9kMiEFPmZuoopRUYgA7gQzP8w="; - }; - }); } diff --git a/overlays/prometheus-postfix-exporter/0001-cleanup-also-catch-milter-reject.patch b/overlays/prometheus-postfix-exporter/0001-cleanup-also-catch-milter-reject.patch deleted file mode 100644 index 2b60316..0000000 --- a/overlays/prometheus-postfix-exporter/0001-cleanup-also-catch-milter-reject.patch +++ /dev/null @@ -1,25 +0,0 @@ -From f4c5dd5628c873981b2d6d6b8f3bbf036b9fd724 Mon Sep 17 00:00:00 2001 -From: Rouven Seifert -Date: Thu, 2 May 2024 11:20:27 +0200 -Subject: [PATCH] cleanup: also catch milter-reject - ---- - postfix_exporter.go | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/postfix_exporter.go b/postfix_exporter.go -index f20d99c..676d767 100644 ---- a/postfix_exporter.go -+++ b/postfix_exporter.go -@@ -335,6 +335,8 @@ func (e *PostfixExporter) CollectFromLogLine(line string) { - e.cleanupProcesses.Inc() - } else if strings.Contains(remainder, ": reject: ") { - e.cleanupRejects.Inc() -+ } else if strings.Contains(remainder, ": milter-reject: ") { -+ e.cleanupRejects.Inc() - } else { - e.addToUnsupportedLine(line, subprocess, level) - } --- -2.44.0 - diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml index fe5cb67..a8aa30d 100644 --- a/secrets/quitte.yaml +++ b/secrets/quitte.yaml @@ -1,9 +1,9 @@ nextcloud_adminpass: ENC[AES256_GCM,data:v6FYsO/RklPSz5uf6aYQDhdudHb0962I1WxJM3VGc0af6s/fEz2j+UTu,iv:WzS+jU7qmNQbd1RWDempdu4nv0ytWeybF/PKoc4mvTc=,tag:1CF3ZnQNDLv11j7UoyYsjg==,type:str] -hedgedoc_session_secret: ENC[AES256_GCM,data:WO3j/Sp0LHyNC51jdzChKB46KLU7l57TBVNL3v92sjs=,iv:HVizKMCd+d9cTQEzRncRpv9scldg5Nn2fBRz0D58OOg=,tag:8HZttVgZs4Ah8JWTDaTySA==,type:str] +hedgedoc_session_secret: ENC[AES256_GCM,data:WFbqr6VX12rpiPuIPlQnwOMdHM1B0yk2PYuuanbqREE=,iv:Iih4/GNs9qN+AM6fdaTJLmmPQIzxIwXHUZttP1Up6qs=,tag:IVZQId4yxbePVQqJB9+3iw==,type:str] nix-serve: key: ENC[AES256_GCM,data:GptsUgeXOOrwJctoMZ+mWXcw9DwJ0f0LOlLyMlH/877N4uA5/NtNKIaFHl3z2GWPRBnDLBzDEO1Q6EDuWbakr+Uq4zTJm2MOV6Qf4kM0BlNpXGIdjvh7tD2La7GV4ID+CT8U6p0E,iv:3A/Yy4PHsq9VdhW4SKIYdpd1enQ5cDiKLk5S9VrH0b4=,tag:WZzbct7LZmOhEvx9KVQ8WA==,type:str] -keycloak: - db: ENC[AES256_GCM,data:DVf/pVCHHUed2cQleECk0paBTZ/6Q3NE,iv:j3sWWNL0dqPJBLUx10+jJ7QvdAHvGM55KKDwG2aQEs0=,tag:6VTeE+Prsm+LPemzbEtVYg==,type:str] +dex: + environment: ENC[AES256_GCM,data:XpwG/q68wEis4lfrO9wKmKhXDAqzUaMSQHc0lA+Q5TDOzCdseQms9Y51qHD/IxVIcpx14W/hJxuD9jXas8/arD3ZUJ/sUYWDBqAVJGclMz9UjlmJip8Auoro4KIHjOfbO5asGJvStQZ2/pEwcjwwXOp27pMIIrJY6FiKy8ak+QWCLgRYYcosbohUOk9B15i0GvBUbeOX3SypHdNGg59yRnDBl5n9Jf4R0pugaL27zVCCTtFQIv2gQekkGOy62sx5DEocHM/IAHpD36/UerfIeAMZXYqFwIVWlcW4E7NsU/+QTFhtGrK3SdgBdZwFTxBDErh7PfzRS+eRB9eePO5G+Ow27PBOH/JLdy+N6zVB4tOjiNcBCIIzifpWozcxiHHqATUzN6cA85Pnb6icaAXA+pUk5Y7KTRvDqtZnRGraXkvfy+3fNgWFsErphLNIrHrVfOKxZHnF1myDltlre6BPoKoTH0T43CUriv8u7Z3sw/HziU991u72ZxqwBzWNEc6cYsSidKgVMWYcGyXX9zOl+nsRnIuEX5sZFB2z/VXqiuJoP8+agaUgKIU4eLtltOk=,iv:/it0Kg0+2BpdiJFI2GBiC2VJgeHC/GbjniDKVqL1xSo=,tag:Y06ICn5wHGV3jUZTRt1k4w==,type:str] portunus: admin-password: ENC[AES256_GCM,data:fESE6vrKhtslQO6ZJGv0T9t+leOSrgkY291orkwY+HPnOh26g2PSMX3j,iv:qmbCmjg0WsbOzfv6LsKcY3S1ssVXmaRB3lE6ZWzKSww=,tag:t8cP8XRTtto3EnNLEdz0yw==,type:str] search-password: ENC[AES256_GCM,data:xtbWS98IkQbnBu67sN413VNHZLg6eedbStE2uZ2pljS30uoM3coO2d32,iv:lKMTNnQJJfjAG7aX+G0eNnL36Cxmn+cWMRAlTovMJ4Y=,tag:FQGRBqsmY2c9VVIdBvGwCw==,type:str] @@ -11,24 +11,23 @@ sssd: env: ENC[AES256_GCM,data:ng189+ulH79xCZKOn9N5kN3KqED9dWqLM8dErukJH3a3ivxhUjyy3Tpa+uSnJDh8tAyOesT1j71mlTgKQKb3phylVEdL,iv:i8NEGR+eQ42q5be4gJdNMf/9DCCcjr3gwkEW/+hrgxs=,tag:16EvtkTu+0M5bIlgxC2j9Q==,type:str] dovecot_ldap_search: ENC[AES256_GCM,data:xip5KREy8oqH+58DOtw9QLcVdDlO5Nr0IHki8X0i9J1rrI/BreH2tVPC8aRTDHFPRgpBxiL6,iv:98PSXajEis7sSJ4+IkPuBC05y8w7/XRYQVFH1cripEU=,tag:LcId5rlzz3JjjZIHwoh+AA==,type:str] rspamd-password: ENC[AES256_GCM,data:UEJEPSQDGa4lewyqQ4fZH//li6KMfE9Jb/BzbLUM9o02qZuuAUDw17gTTTTPdl8WoBS02nN9r0s=,iv:2TFoMv0LAFTQDEf6ekjzS1Q1P+Z47V8kUnluQpTHWug=,tag:QOKDbVDZLmBymplJPHfrfQ==,type:str] -grafana: - oidc_secret: ENC[AES256_GCM,data:oH+VCL4e4wve6RyVwlTXPSmirbf+STD5FxUj9OjGDLs=,iv:PhVVCy5JyRa+fOrYAsnjDL+97zYASmKcBzB8t9ZVWIU=,tag:JzGO/FeKem4vd7ApvZ2Zcg==,type:str] mediawiki: initial_admin: ENC[AES256_GCM,data:JzW2rgXQHXxj1e3vFhkXVkWSgrA3Y88KWlQ81hqUHw2UvnBH4GWtMXbZ,iv:zqKUyEaIOa/7hpwzjJPwk5gfqbEYJrE7Oc1Zqcqm3vo=,tag:T1gObIGtI4uVdpONvIXofA==,type:str] - oidc_secret: ENC[AES256_GCM,data:XNbpKd42PLV+orXY/HqnYKOpt+HD4EmVMtAR+lRw+x8=,iv:XtmVdArhYmp0E1xL5lD1LMjJt+vyQPv/lG3g6fnsD00=,tag:onxncWUsG3QuvUebgVpLnQ==,type:str] + oidc_secret: ENC[AES256_GCM,data:xK5XSAwa1NOLx+hQqcgrCdQZ/zXErkRL+UV7HCBqF/0=,iv:Vbdus4jzJPAyG4ymIPVjudeHofyqNpIStecVnbyYA6s=,tag:+8xYpJbWWAbswitDHMGCCA==,type:str] mautrix-telegram_env: ENC[AES256_GCM,data:FyMtJChtir8Ip8S7zlBSvKccjt+7Hl0StHzxmKO7VdwNNA650HHfni9o7akIY52+r86tvP3D/bqHaBZqkq61ZNICnFJuYIkROvt1035uej1cdjlHeCrZBttI2w3ZkkKT/RZq5BOLt52o/fnw5Jlt+3yr6Kzd5mvcz6a2e5V96kFjaib6mMdg/Y6axiXvOSeFOHCjs6Js+ab7MDe90KUM3aLtBezXx9YTeU7RiqEiZl21dxzPIwilj8bhEB0RRIb1,iv:1ojF2NyQfaZbKwlHQND7LEOLWT1SWCpGPQTm2+0Y+xo=,tag:RavBAv49Ldm4rH+2DDGstQ==,type:str] postfix_ldap_aliases: ENC[AES256_GCM,data:beJTXpJYlAz4vyv2rAyuMtU2gkwf4JNnsFAG0oKLWuKQZnX/EyqyGTFK7hOs12qye26H9Ysl5vP12iDyVXU4cyYmBOMSOiIS4opPVs7yjp/FH0u6DXHExzd8qs5vwa+D+c9j05kLVZ85EGneDma4ITNBjo/JMjyXCHB0e8EZTFyfR8+fq+qvuyOUmLBfJSO5BK96u370DJ7EmIPLDiCUSO2MCD86yfFEq5J++ljeuKLxUtisqFWDPNeNq3YGjz0EHUgcqqDwzLwEEXyvn5FEI00nR0qBgSBTSWRDrndo5O2k3JMfZWW9UhXXS4kPwCYEkQSM240cwLNV/Rb9XceH2wxzL8PcfTNiy2vd,iv:lb9u3ryu1+G95OIizX17ft+fGK2CA2xt9DhYhtKda1c=,tag:CsS2Q32AgAyS5eZ7Z/Kf8g==,type:str] vaultwarden_env: ENC[AES256_GCM,data:JFySiTHahlUFsM+FcuSJPnGYMijphrnZpFFdoNe7DYxWjIgPRWdfH9WC/a5GsK2xCJXllXAASHNxgkYRrdPw2KaCiUR/QhAjtUmyv2NsIBcMYStafDUEK9emddR+ACedScsgS0FtP8f3cz1enTBi+DkYgL8lMAoCw5p8vMRyE9mVOLpTUDOO7T4=,iv:992REuXzHAxxhy2BbeCGNhTZkn8eSi8N2RyBXqqy7U0=,tag:iP5AFQqzoR66AkTGfYAUZg==,type:str] -directus_env: ENC[AES256_GCM,data:Q8mQYpwsMbv8NHIzTjxlbS528uZoFkzB0WDZITiYdbq6Y5a+12IEuXXRU+/v7vonpSWFH0ROqfrGy5yd3VhTR2eFvg8OsnlanFnnF4DYIDVMWLEOf4XoOoh/9tYPqoPYFtvwYnlCZFaEky4BKdcIFuqSuqrV9GSabBRuNJ1RbPyRXA6Nwr25uWYr70/1iIEb1tfffqR1YfycZ1JW4kL7OcjxNb6CwoPQ00Z/0t3YYG5Rc9rj7qTc6qw=,iv:yswA2oUhllYoAflK4BbxUMlCWaEfrFi/6g1r6wWZxHA=,tag:36xbdXho+lqKQt9ZaqS/Mw==,type:str] +directus_env: ENC[AES256_GCM,data:TzZhYDS+ix2kY6gVZj98E2W7IbqWBpwUCz4n9UUyLI2jnySnjD+AJZ8WM/r6LEGFYAdBAsuynRqui2k5OuaZhDhjm9acaH7DdCiuslvL0V7vJS70GDjBFzAQglqM3w2uqsfqDSs89FpuuvkGRBLrLeXIg5wmkx21wQA=,iv:jcLNwjbgFbgAXBlnjoLV9EXFI+il/hRpd+Cc/D/wUMo=,tag:Vp5uEqnZC6L+CfNFbxNw/w==,type:str] strukturbot_env: ENC[AES256_GCM,data:klTFgdNvdMYA++GsmqEHdhklZ5JUreP2Lh+5E0mj5iH7F8Run6/gAdHBJpCWEe2Q3o6RdZduy+kCXzJWznkLbEASxgJNcAWdFq2CU4ov0Z6rGS6i/X376Yc6I7oYLfQSd58r8Q/rhFl2qXkCiSGJYNvo6vGh6+b/TdTABwAnvj/k81n2SsSpoMOu9/1Pyop7QNVMuAtXaE/sca1KPtU/Yg3DrKczxKzKppReafIs7ICI/760N/H0Wwh6rtw51mfQxxOW9UpPXmnEFI8b+07pVsgNoSbzPCMaAoxf6LFnTnqtFRNS0N7rX3DrP6GSv2A8Bwm5of0sLhIm3gAAQ2iXp2di+BOi7uRqFVtNZ18XGPil8FVEkeIFdmhjCJAOJRyuANl3JsaqRk4lT1qMglyjHtCodP5rvVe+pALzpihNPIQPy0Tes2GOM4Q6ww4UxZrgevNHz7CnEMSEPU8Hjb63UkZTZbj2HxF8,iv:a2NyivM34Z/V/ir+NzsXNm73sp6uASYDiqDOG2ix2JE=,tag:buP1Hcvt3dEW249BWNBKkw==,type:str] -decisions_env: ENC[AES256_GCM,data:fUoBTkceqbabZcR3Rmf2iSUd45T/oQ+6K4ReznhyJ/P3yzlgW17eG615o5v42PmLerpkABXZuVIkQSpkJsnn/Z2cSnv7vNvkeZcRambDWnEtz39Gu0uZR1um4Nl9hfJrp+otj3tTdzoh06MADQegWSbFLhJm6Qa71Fqh+dbGPZ8rbQAGDs0T6I2BFF1khND0COAQPO+5/gtRigngLaFgAJ/EClaRcUVF2BE7N7Za8ZMMDH7NOYSOSG/TTHZCownFeWbh3d7H89wG5Qw4jgXMz6Wd3y9QzEjjmhSubRi0hbSTZ+t4yiSjeODAVQLYlZ4DCjZECl+yvUndugdr1L1b5EpgjeFJTAsWjZtnu64=,iv:vcToub6JCQ9END3cuqCA7h0KC9drG0VIK52EyV8xQHM=,tag:PhzRofrNi67RFNP444GWBw==,type:str] -kanboard_env: ENC[AES256_GCM,data:AQ3jU78hi8YGzfWXTo2wnS9Q9hucgtKBrB/xiIyrZl/j6QpQmr/HS6gEizgY7Du8ZhkRmRTZ8ks99EOpPUdN0LXhegZB0loCWEozkPCn+N0UZXqKDVAz2UsyQu04Eu4FPRqw9VMIS30qJarqZGjvAJmBWNd8znW9ggtg8bMxqwWuErdyMhCCbXeAsw4O8XasGR27e4SGRJNWR5QH7VX7GqOb0Q2AFr9BQhNyO9MgczmqwldqirqaIACIaSVvOOByh56M+rbWyiaAL2O7BqcHS0dtV+XG2uVpxb02b456iArRyKco41bVC1sSRfi2ewCNLma+yNgR7t1WYZeA8537gMX9LaU5ORnn+L0toM8j2yUnfW9RYA3dqp50Yt2UKH/jjLwW5wKLrOF1G2Pb5TAl12ghPLfTfJiuv1SLgahLK5lP/I/x3dJ/n3gm7/lqu2EPDnaPtPDotV0VWfBLwQoXAjSFvSZVfxwYIon/ErxsACtxgT1Ss4L88Ggc33ae1BFyURX7p7738eizsqUV8WWqa74Jt+uT32nU45B2DyyzFQWfy4mGsgBssuZzgFbzLyYDiXfcq500K16950cWPH9s5Sx1XooCcHeTJYyVHklCJ/0r3Iz2g1TtKktpr5XW7EEcCLKQ86UqpKwg9PwEHVnYgFKe8IuSeAAGzZczeUFvERrRJs8qZqPE1IaufozSr5bGBh4eRdv/kVDFyh7wJ62xStVb7IV+sXogA13m/emfxdy1RBWftHcsgZ03r4pdp7mHzNqRvYYscx4UzB237GNzG82PJ/zLk73XGRCv4iE11KWZs9oyoOI4RFFvGwNS8jV3wWh4I7Is3SWO0cy+41qeuL0oNeRVseVENZ5zqxC1sPIP+z16XiTlGWUefTYinFjKmjojF2+uSS6bGZteB70iynB28FUUEqU4Wa0RwGDOck21cw8PnIMpiP+LWdnaH6sKS+EMl9IXcraH31wNK76dcUy3dPqU257bp1e1OJ0Y/fO/1ZTT4Usm7CrXCon0gcDWFAB+c57c+omfYW3kZ4F99Y2ht5QZEvjK20rEXLQb5e1SqIC0ssjP+7vpc+SfNQ6jQ6B6Vye9cyaNkgzGoWZFwHME7cgehs+2FkCOVgPlJ8hDupSTc1BgFzT3JJtejsflbMeoa13nvTYWZopW5M6Ym81TQGv/awPimMh17sDx9r38bU+kiVs5Y6MVuSQZIRICOtg6cxh5Q+fDzTyirsrctVGdcI96WyW90IwBL2wYI7ntWdNwaAPoTu8OFw0kKW2+JsaNHeXQfGmWZfUtKWIJetnUn22SLAe86J71hFBveVlokehQ7Fcg0MFt2r9mlR0/eP1aWyrN54tyEv5uOekmKE00FN/8PpzgH7qasvRPuuXkotj1gazJYk7Tz0oO9OTM4M/yplrL8fLOwP75Uc5PGGVu3pHmwkfrjhh72V993Su0V3us4p+whv2ItZ/A4O0np9CSvFEJXOS4esCmsXLqr4BbBy2veoxnIiF3MEmEqbkMtgkslnVwM1RVNPCKESxFzu0oU5phyWn0a4JW46g5lx1tm/GWXlHQWa4=,iv:x3+PuXdpZ+SEuqHo7icQVyzGEI3IdEyYjjOFkKbzq2o=,tag:pWoe2PC/tEODmz7o6wcVPQ==,type:str] +decisions_env: ENC[AES256_GCM,data:yuxfgdEGYGAqrKqQ6TIKcRXMBluOKeCz8hMXeLxFRXKx1cKn11fGvS7LCtRoFTeHUvBjzb5VLdQkjb6OFYT35Ck7GKk5ZceN,iv:B7brAFVed1Ck5jCqp0VvnYHD/rtDbyYv9/gWx8Kwfpw=,tag:ki/dhuiK4QWxfRqOQR7Otw==,type:str] course-management: secret-key: ENC[AES256_GCM,data:zMoIj8gjNmLdSbQmFo8n1pDIKaUUMzPfVoKkPlqNtm4=,iv:AM5wwvAFXKVss4N2/lK6bKYHV/4Bv5EOz2MVTxAPF1w=,tag:ARzQUVVjz+HhUT+JAISHkA==,type:str] adminpass: ENC[AES256_GCM,data:EariUHHtWirIXuRARj7lEneAOlKcjca9T+J0oH2xPv99w4ac1cRrvEVD,iv:cjC/+AnZdwWXkJOIAE36Hk/if4fqofVFf0H8WkHkRY8=,tag:M+s4hPzSp8eR76M/7TKXPg==,type:str] course-management-phil: secret-key: ENC[AES256_GCM,data:YxANlc3+BVkrDSRuaO1xtzJLnprK6vXpHD+o9dtTu4Q=,iv:FVnRAa7YEfHC7x4K4fkjIp4n4sCiI+OFwMIHu5KHRXQ=,tag:zneVoFMCK41ph1eRpWhdaQ==,type:str] adminpass: ENC[AES256_GCM,data:akLU2/5wBHgbhy83Agfe5SNFUpfgCB19DV3SMSj8wORgTgSEhlZnrWKt,iv:9BInYkjKIsi+nPaSoOEkcKcoK/9bxACYpaKcaEd5Fd0=,tag:UxBUMj1xIL6xlXQpGrjHVA==,type:str] +padlist: + oidc_secret: ENC[AES256_GCM,data:xExKbcpuHLcbs0RozjVRZYKJo/RensfguPzHysA/,iv:a4wWRUqPwxlytXPXeuVIzAWm7s6KH/eOxs5xCCRtmV8=,tag:BeYnUJzWhom6sbVf0BJeag==,type:str] bacula: password: ENC[AES256_GCM,data:MrmA++fEUNNJojl9xAHlaWjhMrpAWjqi2X+6x2dWd1NZU7gDpLR16hDwyj3cfTsK,iv:iVN0pOx4/VrlcUxeHtMuavM/Z0/iZSGE+oY3idCKjtU=,tag:QiWT1xT8ntcyAjOU5SQLGA==,type:str] keypair: ENC[AES256_GCM,data:d+ogqLfdUGiUnyL8nhlVO3JQUX065hx0Om8mSX2zE701MLPhM7riCkpW3DiKcKgiPSMWBWrEqYtMJzr3rJmwqOEp52M+Oj/meR9o4lepJ9tfYoXOft8TIz7lslBS/YCnIV/3PO9B6fjBPxoSEU8cWoq0KExU3UM8NdsRK07SdgzO6cOkVdkGGpplDCAzKX31tgDDcryjbvgaxbIKIL89OepdAcep9gOOEeJx4w4ACiwE+BP4e5ZzCfxiObx+D9SdzUl5dmyg5eTER/DstCpociEis/FQK6dlAk2+njnrDJKl1cis3rlH09w2GSCmfej9f2Ecm2zPfgKQLv8Rj6Yo95aCRisqoseJJo8L/hqbfrMOKMGuiynEh6lP4PMHGSrfqTTS4et7OeDit2mw9O+n5qbfFclB9BxVURcbrB/K1PZwFHmbBm4K3rSo7mKLnRssTno3lWLgL2txTcNnWn3s2r1pbaU57g4SubU75rgoUJVALL/EA9OaOqSLyvns8XEXZUPMzxSy9tUladnr7bqB6EDbZ3r7QflCWBQ79ZrDKCxax4v6je8wCvo16xjfHpqjEi5+kH+B0OsuQ/HwvIcKWImN69c9Y6Zjhr12tkhH9wM5W1BVb8qyRaxiR9xIlHSOKWqeojubu7TsF9oSCwMv5xutlYa6mnJ0Da5V7yPeW4L6VXdYLEwAgGucDDqIvkIVnn7CT/cJ9tcQ1EDk8Wbdi1D/iM3X01TQX7aX4516yAwQQWcDXVHENRNm4AAO1uxYzVGWO7HhgqZzCmKcX1kD1pC69o+d2obZhiymNFJfAyvoAuUh+pD11eGGbKqmXtiVXC5PxxKUfq+zwnYpe9FWFXlOoNaY/xq6PxHr+Xq/5PnZYjTKa2jEEFX851LMW+JIomVlctWsHqVYknnHiJVC/huIuyUgDKZwCWOrsQlD9+gMK7uwVV/g5lTG6NRLLGsFq22wKmJbdyXBj/sRKtAepuS6JWBm7OLOqWFHP9ggFIw0EWtL2UcSLTajGKXXx6nu9uuloiVuHGGwkBEwJwXWvFlSHbErBr9KEWMCmPYwthQfX7EhawqaUmtJ14442G/9zF79PV96SV55IlicMHa7Mj0P7q/WMtwSAZuZcAb09XFEwayWHLvc4m8LxV08cKkft8H27EJDbc9cqspunu0rtlKsPpFXXi3Nj2S6ytLWLK8OON4ZTuBxrE1Od78nMLkuqJboxTE40bM5PAJbHWD1cLALf7LOMOkPuhnEl9R5pbJoM+U/+PsArufHb3qHbDdCS49ythxdzRqLU7teX/9DGeIDknmzuqZx4KIt/F5hlfFRflS2GpJnc8a4s/6nGNFKAiOail9uI0LWLxYz1pjXNoL3z9YflBUrp5rkiqbsXhihA3RYfaqiQQbvkFYcsYfVpHFkI8fkhMQ/lCJG2OORZAoafE4GI+w3m6uFN58V0OIqgyaMYna11CZWzsx8zAurHH7TcRvXSV2/sdk5gRk/EyWzrClGbajMluBbedIEPkOyAb+y0jtMSGMV73hFspqvgzNKueikcQ9azZ0pl/D4JuIFXGVlwfXPjJJ9Y/Cdk3N4JIpvEMeLs39YARFW6v+TdrvRL/AzUcUiWQsjhvyUYkE1k02nXLLdv9vkMWh7pIO0t9meMucxVCJBE7OgSf5f224m2Wnwwfp+yxsTktQBobydtzlnphzxo/wcxRJ+nGBfSA1wJj90qc0uSUrmNZ1KG3QNpwiLmYdFElKZZByByc8oD/p1VEZZAxVGKFmORLEWDU6bLz32NNiQr/zJLbTCdp9+oFbbTbQnUnvLY/L6B4UkNfRwI8peNGS6cnzm5lPMph4p6tFjju1yNpVfcrkpDTMBZMW2HvR1TJgaEpj4mR2+wYMIEXE1lj6lh6YmJdVdat8w3TX+ZXbrs4TxFYkJ99stb1b1nyVDAVDmVHWdtlxUDnwplCpv1joxoCkEhZSoNG38JaYvqsr+eESgDXF4g+coZlkrO9Bbur94KE6jS820BzdmgE7AZCoIkPHKMRTid5gYY7tvrE1oq0SZIloijLiMH4XyhoM4nYHsp2QpHl3pvglV3n6cXDN2ewVHcuQee06U3GbvPSC4Jvao2nF5LWG23ILJ0PwB7r0lfszLGy9wnprgldCp/w05Se5kIB66jDnQv+mz5rVDXoEGyDxGs+XPyzTpp7KmhxU4z3mmTRFFQSOSVf1ygzqYNLLU5Apx3UNKSbVNwdiA0TzH5LzlBY5eukoPjjyzMVqhLyrstqTpjSgWEcw3is2Y2OG1V/zDr5X6oRNGmjbvGAt0x+ApWLW7ycGPX6yUYNyjN/J3zO32rmOl3Q/Y3SzM7jnnRaw3qy3HFrVg+FLwsvhnyVWKePlzmOBFeufAPNBvqe2X659cM1N+3xQVbg41+DDK7OqerU2k7jm7AX2w1cZsLp1wLxMrXoGqTNGvwrzX7IjHoyNAggCjLwTzCC7IfkJi9SfYV4YTku3HFQa47hxpQbK7DkZyFE7BAeoIbxUohDgPjf8zGrZIsGZ+2E1dFSK7P8gmv3gxBMDLWFM5ZgIOcpj/3vMgdcKbObAWQQyY8UQqSkMDwbVRBF3nj6gFz1zoC7ZVTITyAxfG/TZeK8mpnNW/dVaCC5Sg3JXsOGj90L53BdSRkz8k8ONZIjRv14zNPI74uadiyo2P56Cc8hAptoQZlETzd41xajHYYn/E3eXBSy1eh2w2bLsqCmsqd1PwEWgaiPKAO+Np7/gWPRh5qaJ67mUeuRs2B+XfEEw/FiYk2/2zt0kMlbA0Nc8iMRzoPsOK7fKVQ+mxV188nOOtkuujPMLFliSiCkMoMhxgzntaEmRZx8f206EG3QgicJf9Pbtk8elCzO038uxki559zZkSx5TLVUHiClSI6+mHHfvjpLxfnGITrorFCOOuSvg+eiM2sxmXrHRAFT/SYzdzskjTmqWSrMMAMUY/N9KPE5fYylwPQETruV6+VuB1I0x0qxLdFE8HZEWj5+JvjrHl1Si2MGLNCbdLtotsWqju6G1djoY4KAWLohxiuwd9776kJk0iv/QzN6mt9eh2WWkvk7KiW7YyUnyfIjhcZi6ZAkmdMynEj7dGlJRy2jZMdafaz10PPJYMNsKnUs6iHTJ9lE+fOnEhEPXj6LxDTrBerXv3pI8XH6A4gSTjuEi1S6gz9Tp2O/jFnAMoZV9audf8CKraYuTcttaM32X2JDsFmZ4+RJAC6n1glsdL4cGMeDWIk1uxb+mRlpuTxDm62ObmA2GzGrrXz+Zd6EuNgy2A3hQpyoUUMZhiUUGQG058XuHh4+YtP201MhvkRK5DsHV1ugbooIazy1ESAGgo37Gu4RbTkJ37XPSXdwx1i4igQLJcM5oRP9TuuBWv/gRIcmU8amJMAINTZ2SbTd4FsOxTFRk1cukv9L6vveh7DGM42tz8yclmlKwkqv4PdVN8pkhUiCCeoyP4Ti8Ao/Ox1fk+4T0/mXWMywDi1tb9fZ+P+Zdv9xRpa6SwwOyVMdxWl5OHmNLZWwnSU9aeafk1LPX+jgQnGZedZB/0Iwiken4jg/sSf2ucT3wp5IKwBPl1qnqbFXWsnMytsS+DtVXkCk/RhyFv02ucbn95oEIudDp4fZH108mFsMHPxBahJWqCmSwWS9yq3dM0Smce8MUxXbgLGM1vM2nIxFG84HU7RJEqnc4zQQMMuMNV0ehm+ffLiBuvxN0RzssNWhDRk9iMIrXX2taFofUdW5vqoLvSbyvovmbFN6sAwYh1q1IW8OKn1yQtLFm00+C6bjbrhTK7xLPQZ50lOs2QbbFtGRAj6Es9H+waHoUXExwA+KtTyOCJuBlox77VfJ6MEalQi/rmOPx0tkP1/zUHsZbF3RzlewuarHnHiXsTrMbl39vl3j7hN1weNsCfqIBD5gDWVwkWZhrphiT3YYU6JgOYF8/vzbN81f/CddYybW+A8vGUm+zTTyDqXMJRlH2T2oZUduaEeowTukduPmz0pvSeiRZbWjEvxAfO93QA9dEssR6kS4ZwxW+q5N3ECr7wbo3ttHDJqSrEg9jOuQTLFxsRvNWzFufR+H1/p324/RJEj6RLvlwWT0UcSZHVdyFRJlXMLp3rIeIVJIr/eAVNwqAMRs5Zw9J2nE2d5hgZvWLEPZnNrIbnAi5XDa2ia3s6Lkqrgdn6PvITyWVFk9ecxou/2SzWjKVQYTe9XZsocI4aME7wVHz3Z1/jnAOaV/xAxFkfs6YBe/GoyDctUNh9FQsrfmnn9vSpv88GKe5pzUgx1rOP8ujbN92E/VTqpUOYPBS+p8ARiO3VogXufZ+lro69g9YDHs9xQDqUtWOdKd3fb6oLdCdArFZa8/ke5aUyYFxORTbxUgCqgSbk7LhtvfCMustqpLLN3dU1nVIv0H6Xp01KqArJKwtOFnAt3xJ0Ir/XT/0XVd8fjZAkXc/Wb1Tj4UeS0Ae0aC5Xq7BKdxWy8PB/7NEHC+tzxuYbgcIATWkARnWDgwtnIaByItH/eJjO/1K1xozd+Hh/+7IfhLoJG5gru556s6O2mlQOYEHixGBmOaAkPCayfYxjI4hQv9xIVPg2RV/zDl1nK0ewohizPgEaaz5N3zUkvbPp7USufj9+xVhdSFqSqjms70qYoUYixaSN+CJRsb95UQjg7/aKLIE6XqPDEGZxAFEU/P1AJaWBF2NGMV9NCdTfZCrWqoNVvM7Vnt+qpiEcmUqtSqZjCdSNSl/C5MUm2Lp+5VNfJMv4tiZmOLh6iJ//ii6+cha5+r8em2RpIte9R0bZZXX0TshUVpHOxnuVcswrb8b37ijIxfn5ssRgU9yJptT1PZD/P/65UEVTVvgi9bv314wBRJtZDJJR1sYEEf+GGOIIprIpiOrwOE5ede/liUMJa/vwAwWEiIsAWvU8S4EEpVIbgoZOGQHKQpA1grcpgGj+p81UZY/GWkFvLK4D256a/5spUmr6fvpEStRDARmi2BGLuPviUiyNvXFYzOMqGfx8VxlpX9vQcvwTWAMwtgk4SS7S9Q711BLcCMpF230SZbiz+OD7eyfKOfa+JlxY6orPY1Xt46zmC8FyVV8Kq5cnlAMNGBmmdC9FS05LSO0ZWkna8eBM+ul4licjWFv10qq8nG3t8ghwsTTiFQ2Bpz9+3k74TKbcOcH1+qSknsN7gCA+XijCq5DraTrIJCCibvQGeNnf+CwGVadtCJKV+qUhB84clWwVKHd72pdrAw4IjdJQafocPd5PwQf27ZmdnmGFIOG7IRQCMNWu2c//wulypupM5e2ZnRrUTxr+Kg5p8Bm9qivVrUuJIFeK8lzN8E/YoCR1OGQ+cKOZRxfe8sEpwxtGJmi4htQINZ8KEtjZ9OkrqtetrWpUnSZ3nrirkvOOY9cDvZL9I4u4v4eYGKlD3ewbHwmoGKK/UPq5F5Mc9Wms71aGdk5Pqtrnunlw6eeeleHC7XScaUdt66fllfNg0uort6qE5Ern1x04v88l76dAHLAGH3ycHQUNuNo/keddkUcGA/mOiuNUlPg+loDezqo2BxIrsGD5lcFBcy7Fvq6KfcvWbMQiHWwOSgNk6W26M2FB55MtyP5HOsP8+2t/s5eHy0LW/eotsCNOSAvin6LVp+bUt4vub5JqGw5/zJ7imSERo8TbnkNBG5VJMN4yqVIMqdZ2xsRbiYNdKgj5QSUJ5rj1fw5JK/OBIecjMr4scSOXxNQKkMyb/7du3kjEa2l/slsqkLssqqXxQEkaaVvcqF9I9cj2Pf+/D7H8BwxrMjpDkbu2cB4Bde/bAgznJSW4IZebPbOd6QBR6TbNrf/iZva3a8zBNZ7nlVchqcexJtSS5M8NEPEvYSNMfhCXBgpqz8MRUvfGtO8BjVqC9zV6L2t1wInUsdr7UbImUfZpudyX3p9Nfe6bUI7m39pljg5mbhEtfhzgfwdkM/X1rd+ofQa15pg3HW38fwicIWpTk0iKuw0HIxlbz2PZfWjn4r/l9xlHoDfsC1kxkyaAKRJTh5R0MLYmpBHKT3ERE+gXmN4h+S74B0M9OeLu1lcAy57541ZOkfCTOWAIofYPhnVmnmYL3hE17mzFPkOr0u4ZVcdo9ZqGowowVVV5X8nQKJfrS+eWfwpq7m+MLszHvDy91DQaGmUfbgKynq8yceRLXfhqAEEtgLR3QUOXpJVXb/AVIf1M6kSMx3pMLMNZPQfgEYwi4/uZ+i9bb1OyrIjMs2cBv6w2K0NyRe6X2erVnRKdlhhYHM4Farj9Xz4dWoVujU1NofUexu5R3mryQBg4IW/ShDJ9DckMaFATI7/cMEy7ZCJyEsNTDVd7urGUG50+eU6NlyHylUNCU0t/B4DDK18ZAazsBHuWgrRCR14OMztaWsku6NankTU0CK1EXeo6zxLwg7OMV2UrRWXHSkDvdehF5Y3TyhtIIKW/49411lVFuxqITy9IlrwtwD0MAE6dr+URd9Tsmw18kHPUBVUaxnG74Bg97pIKLOkEgBez1Yr34wIvntgkxqu+9ZAaVJhLsx5eoZVpQoMIjN0VLnBTI1oFfK7ckFzRaiK//37eFvGIPKUOqgavZ/+SlCJmjrXx3kwZUMo4lzsu1TyLdGYDd2yKjLH1fyFvDAqABdRgDNjLuIqJFEITjfYXi0fMO5DLHvNyHcKBMDNY7j7ODkwRGVrVViC9j65GxC4wPZ/fWqEQ6MsOrsn3mLW602edd0bgrwuv6xOPcwCajRCkKNkXCkX+T/RZ+h7wneDZum7OJzUIWcb+R5kQvXcu+lJKnA7o1QRkPGb3wbfwiuZhIV0SNshtDRndcFVghcX+/CGD8nZzccts8MQ3/ximHecVvP2fs7p0QBuqhCsoUATwsZOlCZs0BhdRxQZQrEYf1BwNoYEuh0Us0EkjnhRmbI9NiPyI64e2qT7UYpCQW5JsUAI6av8+vAa/qlWf/V17epb/UAWh4EhwuFIdns6jCRqoaif8papTjtZrzBZVNNz+0FJsacAW6v03CQ+D3tWF7dH3VW8w2AZU1f5JKyzeHih6ytlv4iHos4fumoPSjE5Of2E9flKg/+ADQGSAS2JNPD11yZGdM+YO1+fW5iszD20NfPUBfpQt/ohwxNzdIgX/PZsfwf27Oam0qP9OBueLT8cKakY2ilSnzTLYzGqxJWhg6MJxA+pzqow4,iv:pxhCdbDA0jZLRFLg/2cXy9j18nvWOgIHMHrgkAfYSbo=,tag:4Z73qrehEkiLca2HO1MhKA==,type:str] @@ -49,8 +48,8 @@ sops: c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-19T09:13:57Z" - mac: ENC[AES256_GCM,data:LqmR0jd8pD+l45o7cdxnuoDZUSBfPqL6o7AFtEsWeqEYi/Lbv+LLIBXIlUgG2BnOk2d78kmCFGqAl0F8Hi8qohG8Zki4FsHFDnrfXDlRZX+7J3TCvk/TIQ7NHqA1DjPf37WFuJWxUaW7oeeZVyOQ9KFgaenQMBt/eehiHpgBfW0=,iv:z5nD7ntEF3+Op9Dvg2h4jf2MPtfXsgRoH6B8MMi8Ius=,tag:4BmArd9jw1v/6HU7tat4VA==,type:str] + lastmodified: "2024-03-21T14:49:39Z" + mac: ENC[AES256_GCM,data:UOSGdgzqdp8G9e0SfzUxUDWPfv5a6YXhPy2//4njeFQwBmBFs/2d1jtn7CWr7y/1WcbuCjr03SudfO/yquNiELZqfIi41b0Qu6PplQE5khQR4RT7jpJ8b7HGmAnvAxhM5X835cXntU7FXna+1QWwzIKpPGVtKQ7m36CbgSgY2Gw=,iv:sRCLtoxeYaNS0Ga+ncUWxPh0MsqJUfHpamHQpGrm7lY=,tag:vLsJYdmKCNqOr5y5ZYVaDg==,type:str] pgp: - created_at: "2024-02-29T15:23:23Z" enc: |- diff --git a/secrets/tomate.yaml b/secrets/tomate.yaml index 01caa04..ae1f78c 100644 --- a/secrets/tomate.yaml +++ b/secrets/tomate.yaml @@ -4,7 +4,6 @@ print: smtp-password: ENC[AES256_GCM,data:XoaLiEpqAdKapeS9YoBfh2w7HFuTCV9rHIciH+qUbhHcdsgVpnPMsSlC,iv:WxfP5d2K9soJPoRPuS6O6PbNvo4TBQjPGiV0e+a501Q=,tag:ZsTdR+b/oYFAYz/MN73PFg==,type:str] sssd: env: ENC[AES256_GCM,data:9IbU7uaElmemQHVUvsM88hcyNl3WFehgQeLZPtUxt2Sd0IECm8qNkQhWJ4kuvoBnQsdsUrFm/0QuW7AfDFOeE7FxMxg0,iv:dyzsYHlqClWbfzsoJ36iYjaXWpidB1ZqHXI7RP7js2Y=,tag:97FMOeVwAEy8Ka79uZKC8Q==,type:str] -ifsr-apb-auth: ENC[AES256_GCM,data:hxJOvRbgjB//YU3wy04P7yrQbV0Ggoi18wQxwy4hHgbXizTHbmlfiZ/MstITrZQ6qEPVBEW41/iGU3DO2Cg2ofpWvFU5Gr8FM1AC9DKq8SppLGqzel1mEejPfrh4RbQUMe0zZlc/YfhCah5sM0oPnBQNg8bPpveEO+5/bRq5S24jkkv7w6/AAS8tGvjALVf/g95jsCrQO2MYg9jCCEkdhORU0bowGD8cjTr6wnPkNhwzn5tiKoPn6eH6TFBkqNC+Q/5E+os10i9F1c3z/sv8Snrcl7V5higqrQekhEvGRDmax/4lE8Yb3AoxC/2M4/+9x+OPi0JUkkhC6rghETXpmYkuaD7E8+eEtLeSbiJPlPijq2HTtbtsHcSoMUdoGO8644TVe/jDxaEe54p9OWEFjRRpONijQKsfH3wENlUXmqDQDLfMSpoANxIHMh+RmRzktGIvTgvs6rlKXsWp7/gggFVxdM/5QPbE3pUvGr+JPWz4,iv:6c1HxYGrItPwKzAnQ0zUvO3TSejVZ/aWF9zs99ufzl4=,tag:fELOskceJWKmkm74MCsfoA==,type:str] sops: kms: [] gcp_kms: [] @@ -20,8 +19,8 @@ sops: TXVrMHZCNU5zOG5hVnNkdEoxcTZqWXMKA9eG1zM6HeLAAOpIo8Z5+5KD4Z5P3rdc kE8sUXHD3d8SMmSKcTYe6gGVzFuw0xxnMb/AmjAQosvDFTQsWy1sTw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-16T08:58:21Z" - mac: ENC[AES256_GCM,data:2aOOVZK7kshJFBWphvW/BqRUXht4p80Q15nGJNA1EbjT05f3tYdrr8QuM5Xd1vJO07rgmokWv4XwbzodRIwqidEXD5xuJ1v+kHC/jJnO3yrBKY7kVMHkia2Wq00bcN/iwdW6G6AP5D4HQbmFNo+rLHyjIVwPvtu9jutKpz12NH0=,iv:YCBX2gSEmiUa6HrHi0VEcRGWDJrXGajD8ZbOZcppFnM=,tag:FK2E4hukl8oL5aZNTCQESA==,type:str] + lastmodified: "2024-01-29T13:36:12Z" + mac: ENC[AES256_GCM,data:CnoH4KmYy72E0L+X7SHYXrFH6z0KhRhfYXmIO8HnPlkYnwKXDeAYezv4kL3ItZG+8pnmbFdoyHxxVMT6rWtV//x16YPMI0zhwIEBs67ZxM+gzeei4fniktolydKmlXUgbtWw3/y3OtxzAn9Dne2LPz7CwN/imGOTgrWFYGWRhtU=,iv:gcurHYWPSijYRlt9FoutrGInWDOfSkjrNqwU6jxiHDk=,tag:qWhpQ9vLuuihOzJeOGYEog==,type:str] pgp: - created_at: "2024-02-29T15:23:28Z" enc: |-