updating network to networkd #11

Merged
tanneberger merged 5 commits from network into main 2023-02-15 13:36:34 +01:00
20 changed files with 797 additions and 39 deletions
Showing only changes of commit e595429a02 - Show all commits

27
.github/workflows/fmt.yaml vendored Normal file
View file

@ -0,0 +1,27 @@
name: main
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
check-flake:
name: Nixpkgs Formatting
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Nix
uses: cachix/install-nix-action@v18
with:
extra_nix_config: |
experimental-features = nix-command flakes
- run: nix-channel --add https://nixos.org/channels/nixos-22.11 nixos
- run: nix-channel --update
- run: nix shell nixpkgs#nixpkgs-fmt -c nixpkgs-fmt . --check

33
.github/workflows/main.yml vendored Normal file
View file

@ -0,0 +1,33 @@
name: main
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
check-flake:
name: Check Flake
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Nix
uses: cachix/install-nix-action@v18
with:
extra_nix_config: |
experimental-features = nix-command flakes
- uses: cachix/cachix-action@v12
with:
name: fruitbasket
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
extraPullNames: nix-community
- run: nix build
- run: nix flake check

2
.gitignore vendored
View file

@ -1,2 +1,2 @@
.qcow2 *.qcow2
result result

View file

@ -44,3 +44,16 @@ creation_rules:
- *jonas - *jonas
age: age:
- *test - *test
- path_regex: secrets/admin\.yaml$
key_groups:
- pgp:
- *bennofs
- *revol-xut
- *felix
- *simon
- *rouven
- *helene
- *fugi
- *emmanuel
- *joachim
- *jonas

View file

@ -0,0 +1,54 @@
{
"groups": [
{
"name": "admins",
"long_name": "Portunus Admins",
"members": ["admin"],
"permissions": {
"portunus": { "is_admin": true },
"ldap": { "can_read": true }
}
},
{
"name": "ifsr",
"long_name": "Mitglieder des ifsr",
"members": [],
"permissions": {
"portunus": { "is_admin": false },
"ldap": { "can_read": false }
}
},
{
"name": "strukturer",
"long_name": "Strukturer des ifsr",
"members": [],
"permissions": {
"portunus": { "is_admin": false },
"ldap": { "can_read": false }
}
},
{
"name": "search",
"long_name": "LDAP search group",
"members": ["search"],
"permissions": {
"portunus": { "is_admin": false },
"ldap": { "can_read": true }
}
}
],
"users": [
{
"login_name": "admin",
"given_name": "admin",
"family_name": "admin",
"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus_admin"] }
},
{
"login_name": "search",
"given_name": "search",
"family_name": "search",
"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus_search"] }
}
]
}

View file

@ -71,11 +71,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1673740915, "lastModified": 1676162277,
"narHash": "sha256-MMH8zONfqahgHly3K8/A++X34800rajA/XgZ2DzNL/M=", "narHash": "sha256-GK3cnvKNo1l0skGYXXiLJ/TLqdKyIYXd7jOlo0gN+Qw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7c65528c3f8462b902e09d1ccca23bb9034665c2", "rev": "d863ca850a06d91365c01620dcac342574ecf46f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -87,16 +87,16 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1672580127, "lastModified": 1676375384,
"narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=", "narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0874168639713f547c05947c76124f78441ea46c", "rev": "c43f676c938662072772339be6269226c77b51b8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-22.05", "ref": "nixos-22.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -116,11 +116,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1673752321, "lastModified": 1676171095,
"narHash": "sha256-EFfXY1ZHJq4FNaNQA9x0djtu/jiOhBbT0Xi+BT06cJw=", "narHash": "sha256-2laeSjBAAJ9e/C3uTIPb287iX8qeVLtWiilw1uxqG+A=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "e18eefd2b133a58309475298052c341c08470717", "rev": "c5dab21d8706afc7ceb05c23d4244dcb48d6aade",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -1,6 +1,6 @@
{ {
inputs = { inputs = {
nixpkgs.url = github:nixos/nixpkgs/nixos-22.05; nixpkgs.url = github:nixos/nixpkgs/nixos-22.11;
sops-nix.url = github:Mic92/sops-nix; sops-nix.url = github:Mic92/sops-nix;
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
fsr-infoscreen.url = github:fsr/infoscreen; fsr-infoscreen.url = github:fsr/infoscreen;
@ -56,15 +56,21 @@
modules = [ modules = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./hosts/quitte/configuration.nix ./hosts/quitte/configuration.nix
./modules/options.nix
./modules/base.nix ./modules/base.nix
./modules/sops.nix ./modules/sops.nix
./modules/keycloak.nix ./modules/ldap.nix
# ./modules/keycloak.nix replaced by portunus
./modules/mail.nix
./modules/nginx.nix ./modules/nginx.nix
#./modules/hedgedoc.nix ./modules/hedgedoc.nix
./modules/wiki.nix ./modules/wiki.nix
./modules/stream.nix ./modules/stream.nix
./modules/nextcloud.nix ./modules/nextcloud.nix
./modules/matrix.nix
{ {
fsr.enable_office_bloat = false;
fsr.domain = "staging.ifsr.de";
sops.defaultSopsFile = ./secrets/quitte.yaml; sops.defaultSopsFile = ./secrets/quitte.yaml;
} }
]; ];
@ -74,10 +80,11 @@
modules = [ modules = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./hosts/quitte/configuration.nix ./hosts/quitte/configuration.nix
./modules/options.nix
./modules/base.nix ./modules/base.nix
./modules/keycloak.nix # ./modules/keycloak.nix replaced by portunus
./modules/nginx.nix ./modules/nginx.nix
#./modules/hedgedoc.nix ./modules/hedgedoc.nix
./modules/wiki.nix ./modules/wiki.nix
./modules/stream.nix ./modules/stream.nix
./modules/vm.nix ./modules/vm.nix

View file

@ -1 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9akyIw74vwJ+8NM7um8NhTcMO7okD46jYkodHTLYe6Oj7QR/kHZD3VEu5Wy7mN33av0Pr6gqeqzPBmn1kxa+J0FnD83rjm989Z9mKbpjt1EtAd9WSlx1MmixHCSgTvHezaiUHmikWdUK3XLITZeGOM3fyDDV5Nqm1rvg5PMV2mAMP9j8T2RsWweGUgcoE8RIfH4WA6t1ZhP4Px01UWozFadeQ6qRG8hMfq3gWKC9lGLAlgUHqpUuNVJ8I45znR/UhrR+h4VF0mkCYFM3JP0z+o/KwDTfcLlRCMxcY3rpRvbrhmgkqHuPTqwQfiBxTyZvWb2IeCkKVFAk0WmFb1M4Elnk+tJrF2G7yzpyRNilin8/P7pQk7M3BAY2m1iZA6u7cBUxWFbzRqRluRR8R+HAk9hqjtr0XmMifq0K7ZX31u48Ss/lgNXa2KHHYeI79++mfELhIhNXAznkhIAT1PhRKeL12RtDVjzfEd1JbHR8hE1L/n0K3Hyfzw/bJXBAwJJ8= joach@DESKTOP-FOASM6G ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0FSJ1IFmAMaeuO/OcY56koVTO68DZOJkUpZvHKkGttCtSmio2w3lXoJG+X+950DdwZcgF9vf4/h8VjsmQdNg/ACQQM6gNwVk8p2arIbYy9M3s0FfHKoMkfMDlZ91Md0/9BtogFRQWCP9Og3vV7q63cPJldqk+gljp10OruxawjAc+myz2xUppjk3BWzoHX86lAtF2ggqY1HW9rloMqj0j1zdqyMkHzy4akJbE2NAekNsdz0dWKC3tTGuEXlisZiC1Q51S5JrZIsr8hZXdL2u/nThsveSPC/jW3tfQxthu7TFyLr5n5ms9S3s47TGdtUTKmkTXWvspAHD4EP2nHTniqnesVO3TE9lHiI++TBQAtrTp+Ivb6Fwv55fUH1V36tkaFfAuTJq0zHv7tYedqMdzfH99jsHb4hej6LWMJPaH1R/UyNOzJr+ac50C7vFO+j4UKiu0vFRebnID7nLBY7vl3n5bmX1FjfD9axHncIranI4Lyt5RMxueR11IHIDqEEE= joachim@nixos

View file

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
domain = "pad.quitte.tassilo-tanneberger.de"; domain = "pad.${config.fsr.domain}";
in in
{ {
services = { services = {
@ -19,7 +19,7 @@ in
hedgedoc = { hedgedoc = {
enable = true; enable = true;
settings = { configuration = {
port = 3002; port = 3002;
domain = "${domain}"; domain = "${domain}";
protocolUseSSL = true; protocolUseSSL = true;
@ -44,7 +44,7 @@ in
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.settings.port}"; proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.configuration.port}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

103
modules/ldap.nix Normal file
View file

@ -0,0 +1,103 @@
{ config, ... }:
let
domain = "auth.${config.fsr.domain}";
portunusUser = "portunus";
portunusGroup = "portunus";
ldapUser = "openldap";
ldapGroup = "openldap";
in
{
sops.secrets.unix_ldap_search = {
key = "portunus_search";
owner = config.systemd.services.nslcd.serviceConfig.User;
};
users.users."${portunusUser}" = {
isSystemUser = true;
group = "${portunusGroup}";
};
users.groups."${portunusGroup}" = {
name = "${portunusGroup}";
members = [ "${portunusUser}" ];
};
users.users."${ldapUser}" = {
isSystemUser = true;
group = "${ldapGroup}";
};
users.groups."${ldapGroup}" = {
name = "${ldapGroup}";
members = [ "${ldapUser}" ];
};
sops.secrets = {
"portunus_admin" = {
owner = "${portunusUser}";
group = "${portunusGroup}";
};
"portunus_search" = {
owner = "${portunusUser}";
group = "${portunusGroup}";
};
};
services.portunus = {
enable = true;
user = "${portunusUser}";
group = "${portunusGroup}";
domain = "${domain}";
port = 8081;
ldap = {
user = "${ldapUser}";
group = "${ldapGroup}";
suffix = "dc=ifsr,dc=de";
searchUserName = "search";
# disables port 389, use 636 with tls
# `portunus.domain` resolves to localhost
#tls = true;
};
seedPath = ../config/portunus_seeds.json;
};
#users.ldap = {
#enable = true;
#server = "ldap://localhost";
#base = "${config.services.portunus.ldap.suffix}";
#};
users.ldap =
let
portunus = config.services.portunus;
base = "ou=users,${portunus.ldap.suffix}";
in
{
enable = true;
server = "ldap://localhost";
base = base;
bind = {
distinguishedName = "uid=${portunus.ldap.searchUserName},${base}";
passwordFile = config.sops.secrets.unix_ldap_search.path;
};
daemon.enable = true;
};
services.nginx = {
enable = true;
virtualHosts."${config.services.portunus.domain}" = {
forceSSL = true;
enableACME = true;
locations = {
"/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
};
};
};
}

165
modules/mail.nix Normal file
View file

@ -0,0 +1,165 @@
{ config, pkgs, ... }:
let
hostname = "mail.${config.fsr.domain}";
domain = config.fsr.domain;
rspamd-domain = "rspamd.${config.fsr.domain}";
# brauchen wir das überhaupt?
#ldap-aliases = pkgs.writeText "ldap-aliases.cf" ''
#server_host = ldap://localhost
#search_base = ou=mail, dc=ifsr, dc=de
#'';
dovecot-ldap-args = pkgs.writeText "ldap-args" ''
uris = ldap://localhost
dn = uid=search, ou=users, dc=ifsr, dc=de
auth_bind = yes
dnpass = $(${pkgs.coreutils}/bin/cat ${config.sops.secrets."portunus_search".path})
ldap_version = 3
scope = subtree
base = dc=ifsr, dc=de
user_filter = (&(ou=mail)(uid=%n))
pass_filter = (&(ou=mail)(uid=%n))
'';
in
{
sops.secrets."rspamd-password".owner = config.users.users.rspamd.name;
networking.firewall.allowedTCPPorts = [ 25 465 993 ];
services = {
postfix = {
enable = true;
hostname = "${hostname}";
domain = "${domain}";
relayHost = "";
origin = "${domain}";
destination = [ "${hostname}" "${domain}" "localhost" ];
sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
sslKey = "/var/lib/acme/${hostname}/key.pem";
config = {
smtpd_recipient_restrictions = [
"reject_unauth_destination"
"permit_sasl_authenticated"
"permit_mynetworks"
];
#alias_maps = [ "ldap:${ldap-aliases}" ];
smtpd_sasl_auth_enable = true;
smtpd_sasl_path = "/var/lib/postfix/auth";
virtual_mailbox_base = "/var/lib/mail";
};
};
dovecot2 = {
enable = true;
enableImap = true;
enableQuota = false;
sslServerCert = "/var/lib/acme/${hostname}/fullchain.pem";
sslServerKey = "/var/lib/acme/${hostname}/key.pem";
mailboxes = {
Spam = {
auto = "create";
specialUse = "Junk";
};
Sent = {
auto = "create";
specialUse = "Sent";
};
Drafts = {
auto = "create";
specialUse = "Drafts";
};
Trash = {
auto = "create";
specialUse = "Trash";
};
};
extraConfig = ''
mail_location = maildir:/var/lib/mail/%u
passdb {
driver = ldap
args = ${dovecot-ldap-args}
}
userdb {
driver = ldap
args = ${dovecot-ldap-args}
}
service auth {
unix_listener /var/lib/postfix/auth {
group = postfix
mode = 0660
user = postfix
}
}
'';
};
rspamd = {
enable = true;
postfix.enable = true;
locals = {
"worker-controller.inc".source = config.sops.secrets."rspamd-password".path;
"redis.conf".text = ''
read_servers = "127.0.0.1";
write_servers = "127.0.0.1";
'';
"dkim_signing.conf".text = ''
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
selector = "quitte";
sign_authenticated = true;
use_domain = "header";
'';
};
};
redis = {
vmOverCommit = true;
servers.rspamd = {
enable = true;
port = 6379;
};
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."${hostname}" = {
forceSSL = true;
enableACME = true;
};
virtualHosts."${rspamd-domain}" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:11334";
proxyWebsockets = true;
};
};
};
};
};
}

141
modules/matrix.nix Normal file
View file

@ -0,0 +1,141 @@
{ config, pkgs, lib, ... }:
let
domainServer = "matrix.${config.fsr.domain}";
domainClient = "chat.${config.fsr.domain}";
clientConfig = {
"m.homeserver" = {
base_url = "https://${domainServer}:443";
server_name = domainServer;
};
};
serverConfig = {
"m.server" = "${domainServer}:443";
};
mkWellKnown = data: ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
# build ldap3 plugin from git because it's very outdated in nixpkgs
matrix-synapse-ldap3 = pkgs.python3.pkgs.callPackage ../pkgs/matrix-synapse-ldap3.nix { };
# matrix-synapse-ldap3 = config.services.matrix-synapse.package.plugins.matrix-synapse-ldap3;
in
{
sops.secrets.matrix_ldap_search = {
key = "portunus_search";
owner = config.systemd.services.matrix-synapse.serviceConfig.User;
};
services = {
postgresql = {
enable = true;
ensureUsers = [{
name = "matrix-synapse";
}];
};
nginx = {
recommendedProxySettings = true;
virtualHosts = {
# synapse
"${domainServer}" = {
enableACME = true;
forceSSL = true;
# homeserver discovery
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
# 404 on /
locations."/".extraConfig = "return 404;";
# proxy to synapse
locations."/_matrix".proxyPass = "http://[::1]:8008";
locations."/_synapse/client".proxyPass = "http://[::1]:8008";
};
# element
"${domainClient}" = {
enableACME = true;
forceSSL = true;
root = pkgs.element-web.override {
conf = {
default_server_config = clientConfig;
disable_3pid_login = true;
};
};
};
};
};
matrix-synapse = {
enable = true;
plugins = [ matrix-synapse-ldap3 ];
settings = {
server_name = domainServer;
listeners = [{
port = 8008;
bind_addresses = [ "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [{
names = [ "client" "federation" ];
compress = false;
}];
}];
};
extraConfigFiles = [
(pkgs.writeTextFile {
name = "matrix-synapse-extra-config.yml";
text = let portunus = config.services.portunus; in ''
modules:
- module: ldap_auth_provider.LdapAuthProviderModule
config:
enabled: true
# have to use fqdn here for tls (still connects to localhost)
uri: ldaps://${portunus.domain}:636
base: ou=users,${portunus.ldap.suffix}
# taken from kaki config
attributes:
uid: uid
mail: uid
name: cn
bind_dn: uid=search,ou=users,${portunus.ldap.suffix}
bind_password_file: ${config.sops.secrets.matrix_ldap_search.path}
'';
})
];
};
};
systemd.services.matrix-synapse.after = [ "matrix-synapse-pgsetup.service" ];
systemd.services.matrix-synapse-pgsetup = {
description = "Prepare Synapse postgres database";
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" "postgresql.service" ];
serviceConfig.Type = "oneshot";
path = [ pkgs.sudo config.services.postgresql.package ];
# create database for synapse. will silently fail if it already exists
script = ''
sudo -u ${config.services.postgresql.superUser} psql <<SQL
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
ENCODING 'UTF8'
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
SQL
'';
};
}

View file

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
domain = "nc.quitte.fugi.dev"; domain = "nc.${config.fsr.domain}";
in in
{ {
sops.secrets = { sops.secrets = {

View file

@ -1,7 +1,14 @@
{ config, lib, ... }: with lib; { { config, lib, ... }: with lib; {
options.fsr.enable_office_bloat = mkOption { options.fsr = {
type = types.bool; enable_office_bloat = mkOption {
default = false; type = types.bool;
description = "install heavy office bloat like texlive, okular, ..."; default = false;
description = "install heavy office bloat like texlive, okular, ...";
};
domain = mkOption {
type = types.str;
default = "ifsr.de";
description = "under which top level domain the services should run";
};
}; };
} }

View file

@ -10,7 +10,7 @@ in
services = { services = {
nginx = { nginx = {
virtualHosts = { virtualHosts = {
"stream.ifsr.de" = { "stream.${config.fsr.domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = locations."/" =

View file

@ -116,10 +116,6 @@
$wgPluggableAuth_EnableLocalLogin = true; $wgPluggableAuth_EnableLocalLogin = true;
''; '';
extensions = { extensions = {
#Cite = pkgs.fetchzip {
# url = "https://web.archive.org/web/20220627203658/https://extdist.wmflabs.org/dist/extensions/Cite-REL1_38-d40993e.tar.gz";
# sha256 = "sha256-dziMo6sH4yMPjnDtt0TXiGBxE5uGRJM+scwdeuer5sM=";
#};
CiteThisPage = pkgs.fetchzip { CiteThisPage = pkgs.fetchzip {
url = "https://web.archive.org/web/20220627203556/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_38-bb4881c.tar.gz"; url = "https://web.archive.org/web/20220627203556/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_38-bb4881c.tar.gz";
sha256 = "sha256-sTZMCLlOkQBEmLiFz2BQJpWRxSDbpS40EZQ+f/jFjxI="; sha256 = "sha256-sTZMCLlOkQBEmLiFz2BQJpWRxSDbpS40EZQ+f/jFjxI=";
@ -128,10 +124,6 @@
url = "https://web.archive.org/web/20220627203619/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_38-50f4dfd.tar.gz"; url = "https://web.archive.org/web/20220627203619/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_38-50f4dfd.tar.gz";
sha256 = "sha256-babZDzcQDE446TBuGW/olbt2xRbPjk+5o3o9DUFlCxk="; sha256 = "sha256-babZDzcQDE446TBuGW/olbt2xRbPjk+5o3o9DUFlCxk=";
}; };
#DynamicPageList = pkgs.fetchzip {
# url = "https://web.archive.org/web/20220627203129/https://extdist.wmflabs.org/dist/extensions/DynamicPageList-REL1_38-3b7a26d.tar.gz";
# sha256 = "sha256-WjVLks0Q9hSN2poqbKzTJhvOXog7UHJqjY2WJ4Uc64o=";
#};
Lockdown = pkgs.fetchzip { Lockdown = pkgs.fetchzip {
url = "https://web.archive.org/web/20220627203048/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_38-1915db4.tar.gz"; url = "https://web.archive.org/web/20220627203048/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_38-1915db4.tar.gz";
sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA="; sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
@ -188,7 +180,7 @@
nginx = { nginx = {
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"wiki.quitte.tassilo-tanneberger.de" = { "wiki.${config.fsr.domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

View file

@ -0,0 +1,21 @@
{ isPy3k, buildPythonPackage, pkgs, service-identity, ldap3, twisted, ldaptor, mock }:
buildPythonPackage rec {
pname = "matrix-synapse-ldap3";
version = "0.2.2";
format = "pyproject";
src = pkgs.fetchFromGitHub {
owner = "matrix-org";
repo = "matrix-synapse-ldap3";
rev = "2584736204165f16c176567183f9c350ee253f74";
sha256 = "gMsC5FpC2zt5hypPdGgPbWT/Rwz38EoQz3tj5dQ9BQ8=";
};
propagatedBuildInputs = [ service-identity ldap3 twisted ];
# ldaptor is not ready for py3 yet
doCheck = !isPy3k;
checkInputs = [ ldaptor mock ];
}

188
secrets/admin.yaml Normal file
View file

@ -0,0 +1,188 @@
cachix_password: ENC[AES256_GCM,data:Cx8d4Sd3yTDMfxVEPHcI2d1EQXuXRwf7TRO3WmwotYc=,iv:mAr67t4jvLc7cUn7WQaY/oU3AN1w28tCBJBI1ZfeS3U=,tag:kC2VoEugIHxib5zK/em24w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-11-25T15:54:51Z"
mac: ENC[AES256_GCM,data:3r5MEGkl7heMrVP7adypwys1qUj0B8/rhWgoSp0g2U+qMnGfQqAbvuBOTkdmWpNhM1a+aKRD9ASmpoJ2S0QL5tMOFbNpE3exugzSCOlwO7+o/m8wU6uujOw7nxAAFlbDXNbv9s3tFod0gVe6Y14oxFTWI8F1PqS9eGy/y09a8U4=,iv:7IaM37M1hbfdJ1eDr5o3iekz3GQq8nb/59CDRPcSkE0=,tag:raNPUg7abddKyOvhYeL+nQ==,type:str]
pgp:
- created_at: "2022-11-25T15:54:04Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4DntlvaG5T7wcSAQdAM/BVbImmA9J2ns6PCIHhfb+LPQbKqotoD4Jb9XJNp1Qw
5qJuTv4gzgQ7sREvihZLtAyydAivVM8z39MjEutazzdUwzK/VO1Gm9zOI6BMbi2O
0l4BxxANLvRM2Ap0MHH5o5Rhlm8Y6RGc3mQA730ipfHaNYfUPx/BdhEkUtkWBVw0
8330JlhDjgzHldxg+8M+ZRTB5BQ7v8HmNTiDRRxgKxKoW720MYLLGyFKG0biw0oj
=/WEe
-----END PGP MESSAGE-----
fp: B8E1727497FC48AA14158BDF947F769D7B95EC2B
- created_at: "2022-11-25T15:54:04Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJAQ/7BTAoJD+khMXNIWJizL1BoXDXFXOwA3RCxdpQH0Fp1FSY
b4GKYK4YNf3mFxLvGf2Gz4hn0FPRLw2H2p8bTtRcnKmxpiDnIC9D7WEs4TlznFOz
/7DU/GG1T1qjgScyLQNP5xH+t9LnNIllR+BQKCuTLW/CoPTgfF/GjVR+3U5WqUB2
+oDrBWMtMkWqjAFFSv7Nx7JWNHUhJm2Deydmg1VCFheVMe6YogoqarsALRLNNvp9
6anrIpaneAlWvU15q/ax46qXSIiqbLdMEy/iLfZT6YIopowDb2SrAYCHR6VwXWiZ
qr8OFwhsK9gdBFsN42QlXsySvRlZOy5lWOdq1/fbUZwBbeEJAMUsa5wQjVp3cuYQ
XHHQk5s08eSakGc6U+ypizbrBe8d+RH8H0kWAQVrQ0E8xzB4hnWdps7XNIW/+eAe
dVVcmg4pRnqmvk/O+V+m8UK1TYe49hg8aGRgtX1bojSB09CQkZl3MdCpwGcw53b1
Udf16K9ggXScAeQYvrsXLJ39kxXNrTfFPTloAaq25kGriRzcPaaOBL8x+Q/sb44P
eibiRTC3jcOdo+9icSLPunaAw9oJGX7LhVv3gvK19EAJyaZFWBI72RKr/57UyYxZ
DQTxz8jGwdQeWuu4z9/M02EM3aWOEswkZBDFO72cfNAn8kOmuGq5ApNY6fOviAjS
XgF68qMCUUOpzuRxmz/g3fsg0oS4OhOCVUn/ntmB5kAtAKtxaKEXHtPqjsdf3iY3
qH08FulmrYsP0cU4cXM2u+RdqcBj4IeYE/zhmmIlw233XvB07Wjrc4pj9uUWWr4=
=zQ7p
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
- created_at: "2022-11-25T15:54:04Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA8uqUsBLHj6XARAAny5iqElv07bTRcGx9/ExcBHtcrFh7WE+r3xDGCuJFbhg
ULcE5IW4Lr4htW8gWcsU8uJSvk8epoB8XnRh3CqKzfa6hjGKaGFdvrqwQl4H5r/v
OOx68am7N6mUzzpbNp10Q8urCCLkCkUUZvh7/t9G5K+uosp1J4/FyqvbX3rDHcQY
hFFpJMISTUkpFVp7LWzzB3GmW2ivqgCKq7FWb8j4GWo5c0TMkEHoSP5KI5A8pLpy
cmlTIk8/wYRAkNaZkN7+H+NFPDvnJirnHab7272TD2CZV9WsaGpv+7R9B0RDGyI/
LSRHiz0HvTK9d4y/G9WCotqcYQ7qhRy7zT80oarmJ3lYJXWwZHSJDtuXUKUvjaIP
s8fW+8dLKR4yekSrC7SS2d5t+F7o8emAWUWWXnQnjfDGmL8Koj4kDRJscNfsyYsA
DMB5jSmlWzeLLuZBtvbEnrFBg+rvRBSAEo4NleMk52HCi4PAf7dn//P4jlAkpfzN
clCs4XHXY4O1ab5nE/LLHkB5y1m1PYkilP43hMkqXmhA/jrVFd5u+vQ05kNCzCuW
vHSuvQvhoPFvid/ikGEa+qEWIUXFhL7z9/As9/GeGNzlSL5FgmhFd3CwMdEj8bjR
cKGMR76n1I7ER4RMe1pq4nI5vFQ7teCuD1QHKLtLFVAIkQgIBibECdlOXOLIe93U
aAEJAhBrXKPr+8mhR/xRHVdagUUBqxQWicjMZ13d3vuPWb6QBKyKgoGlDixK4VkO
KDDjQY1evyHtmGXeiLXajY3fUwTggPtuKxab2YztmeiliKiG2sLay8PGke4dD8yk
3WRs2IRu0v4+
=rwIY
-----END PGP MESSAGE-----
fp: F8634A1CFF7D61608503A70B24363525EA0E8A99
- created_at: "2022-11-25T15:54:04Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAwDgSONkM+d4ARAAsPpfKaJ+/24rwoPWcjK7VN6vfK78XyOzWvpLFiDlpK2g
6NscC80PQ2820UFKjXMSG1ZfxPUxnYGqcrP3I75LVMN5ODYi+Tn/snoI3HFwiUhc
R42gvSx/MXcvz65Zf8h8nLOuinSngiMcH9J3fQkEFEmen0laEr0V9D536Zgq87S8
I13DHosLia/o7l7wL6xig6EjYg2fCK41wm0ZfFBY6m+82eqijOvOwPOdm+bWHwqa
EVOzsxJHAg8iYNQ/FEPRfz0W7K335Kzvcltq5/cp8AiKJQaVB25k1+kfJwyMUIrV
02UgETvZLqoMTXiwbbYgER8RfFo+pEAiG2Zs8VJcI8Lo4bc6q0jWHqcMIlHVNZyA
vM04p3/ezD4cM7IW/MuvhGuZEnuK3jUrmMOqQRlNYgfama2piqqMlX8W3ypBLOeL
RzuGrwZ9FaSra8XE3yLDmfvx9oazLfr++/Kg14Zm/gVd65dzS9NUvCqdvK7Ie4Cc
fPrRIHLN7gkynt1WrFyF2PcgJa8oepHid7hr8eEYA21d6RtnyvP+dLBnybE1q9Ks
ojKyL5WQtTWtMIOaJwAWI4PA1azFXxwlKjpnnKSNhoG8/71AvG8hugUCkyUwjOCu
ZlGiyUdc3WKD7UYmi2F76TLMnLlSmXBN8iiPGchSNJfdxT61VTz2sNsoVm3jJ9nS
UQHKKWNz9Z5oUTOXqREGVO+5je4c1dQBkRBIa0gVMkhXtvxsR38nc22gWEynO06H
oLefe5EI0xXsCY6pu76hYT4oYcR/xK2pcskPZdkn3/pxzA==
=FD5R
-----END PGP MESSAGE-----
fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
- created_at: "2022-11-25T15:54:04Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAzUXo8ZPJwGLARAAjeYrnUgB3trB84njBwD5onsJDnhxGRwzB3Gxosf3ocfB
ruW4cJ97XnXcOXtfIyayUJz/tnsaL8LZwTOGxzS7s43RBYC0fhNEkRGcLl2aHCzu
rTNoFqnYNk/C4xrfQPpk8lKlvgW9HYnky1Khv08YrvDlgajYEtkWFI/pbQKzASa2
arZiDo37NXIQUMWoF6tBgzKu7d7U9mK3DQQ17IX4LjDxmESKIGGJ9JiFc9q7B/sS
1k9Am13nojNpeCqwOTMSlZ/RrrglPEI5IxuXsfUD+NgDtVWgiBHHNa/SgtPEkmQB
d7PvFneaWcCDOCUhshydlX0dso28IIN5TYJpiG1iCfIy6/0h/fgPpEJb1MAqcAfo
VQCKW5Y5V9X/U/YrofXkueLq+CvdOVilVUWOqNdNqBEHYQg0PlDswSlEYeLqKkaV
EBV0WABZRHoYEkDGdW4R06gN8qdISoRytMV5jyus/kEJnnfRxGYDbsmexRHBZtIl
37cDbHRMQK0l18LPRFv/4RGVer+lt7/fLWUcJud2bC15Wl6dfabqzqU9GwXPAQdj
x+aP/GSEf7PgPnhOvxzKM6gjrMgb1TuKb5j197Plambh0IA34//34Gea5v+PUKAD
rum+KXvkFec/X+dQMboFfv07e2to1ci+Z0BqC6HUOTHCsmJpAZq3ezEimY610G7S
UQEOtZ/NH5Yjvkc5osaw/TegmJm7ZbSaCR6XaPhCiU95IpwpTxUYYI2QOiBBlRgf
UlunIR/sfNm0Pd5T/eB+RUJapHL3rkRpQquhxkln2kYy0w==
=rDY/
-----END PGP MESSAGE-----
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
- created_at: "2022-11-25T15:54:04Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4D9r3oXQWw/BASAQdAR6qHAUn8s50JRyEbkIL9Buy/tx5/N1SEeFty3wOCpnEw
+QLAbvme/NMB1uO2jwwY9nlfl7IpwaB7VflXkhN1hPGzU9fCMK5ndaNePOEDcQPe
1GgBCQIQ7ozw5I51cQOs+kg/9VOkh9zbOpNLUiyoxEqp7u4rswnsA1XrhSnlpX1Y
QtJoyY+0cif1Bz9T+0LM4t9OxCCF0UhVNcf8oYrP+GCHEjkcc7y5WAJuBkUhpeIt
lQPhlrni2TH1+w==
=M5Cq
-----END PGP MESSAGE-----
fp: B43C3A8A92CA28486AC6C4E2F115100C787C1C19
- created_at: "2022-11-25T15:54:04Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA30JDs8MiK29AQ//Ym8SiT1oqRvwEyIPPILK7DY3MnAIxw4ycJJ1nlC2ry2z
e/zzJj3GynYzXogfH6lqaFVtMMWsjAahsgw2CQjk15hPU6rnJKGj7O+vccgNGwfS
4fpXxgbhHj12wGd2nn+4zGZHNq+HGR1VclSnb1ZcqP0O06VWyhi/G9uDVoyuHcl7
XxmMJBPPws2DY8Il+DmCOU2DUBq/2p9Y5DOOJPdY16WWUGk49R0h9koTLpn2EQbD
WkQJnn4fUSAOLB8ozWTo0Yg6R1iWpGEgz2jbLC/b8ENuC70crDge0v6mA3r8m153
63awupZv0Rwqnq6+JaMmqq86IMOMiFWF8t5ZZ8i9u/d2F+3ok90EVwn/ea1kINn0
WAOTe1tj4SkX5x/lglucbaeB4hfdHJFrU28UYDC2e5gx+9mGpPjqDVcfvLkdVE/s
+Oa/3zm9IJDa03yxOSPTGOu6KYtXv9huTPKZO+rYCpUbvU8YSHf4EmbnfAMfhT9L
KhItQSLX8uAY2r9o4ycQ0CvYhbktxc0QYO45Cc37dewi+BrF8SUNFGuaLdBZSG7e
y8D5z+4KC76Ygw1K/apds7pnvH8Z/JXog7QAf5mi7Z+crCizFOz5Vrbxw5/1Qxq3
bhfd2KjUHyZHqOT7dImX0SLuJH0FkCfUnxFgQI4zo13/nwvJfH4dlutkvxT7SfrS
XgH5TJTMXG37k4NSQzW7O8atgT1C6jVyMvhN0HGbHAGPpcHQoE6U76p9v/Xq9nm5
qfYC4Wo8bvGtEJLYH2YwfzPNILdQj+7cArOTwNLy7Sq4gJlnIRbGGOE8lYrQ8jI=
=lKbJ
-----END PGP MESSAGE-----
fp: BF37903AE6FD294C4C674EE24472A20091BFA792
- created_at: "2022-11-25T15:54:04Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA0nQCLGHQlNzAQ/+PNzpv4IOkYpQHkE+5/o15Ob3miIH0d+iPoj74CbhJZpm
jcszEFZ7fMRkMU4O6PpG/+f0QNqhOivwTQOwfxVVhQR/Zyvpr48cuTrfHDgHUePU
U0BZFoQRCx+hWt05ziYjJkTd0x1iBrotlvNAlPwtjbxrjTsBFq1hXUjQsE+9n+Nv
7d9oBFG1r/3pp6ZCdncnERKWglvRnIjz0DWj6l2rXGeInzP8sbaPdblxKmm0LQBY
K1UQeMJiGmurOOlhIKBDOVsioVrT0nmdQGkJEmGqtJYQ+6cY9piEU4wREj3XKBQc
/JWD96TKZeCZvnEyz/abuXU7P4u9sUrvULCB7us3UreK4n8EPIJKjg9ofMDg89pn
eTTgK2E3Wg6FIfJd3RWLjvs34eCUT3giftoggBzmiKYMJ/ALC3FLuDHywAeDLUQf
FGVvciO7vqM4W31cMsTserxWnCEp+T1wCXwZWS0+Wh58U2X0RtRa+DYeEasU9W7v
3RJmbGgjCTnTrNNnS7NcgG3Cidg92bbzonXn6VB5eU/vbS0BcoTu/cfoHnyUQfMe
+n/XCwW00fds/jkLOll52x478C4NkeYkwoL1FzDZBgCNkidpPleDLivC7wj62E+w
rhwxNBGf4Qs2LHRWHgimd8l6z9+WG9g+5UgxUTp4WhJkuRSp8TmhbqfIWI0zCGfS
XgFoAIyQtXOKLnFFCEcwFUTh7mKw6bbk8u0pQUPLyQSBlVHZdhqtpkT+hq1+Y4Nm
tU8pb9G8BOryUvgOnEy8dPx9G64iwxYrYOu+cms6AigK8ZGHjSzOfqbJsgn7zgE=
=RDPX
-----END PGP MESSAGE-----
fp: E83F398E6423179FE4F63D4FF085CAD394DE329D
- created_at: "2022-11-25T15:54:04Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4DNffZWjBmO5ASAQdAsqGwMruz+NHQGNXhBlkFxzz49h/s+0rL8glEfh9avyww
WgBSk5HdE7O2/NNSBKSoNEjO8mHa0Z0yyQEi36ohY3KlwNPsP4ThiPOLl6z8xsK3
1GgBCQIQrNrzmh92ThNLfkhjNvfdFnPOK1LScYAVQQt+wYjWZJ7Cj6v3rxmiPWqj
DuJSJrbWRFVXEQWRT7hfTa8lhAymec9G65MYN+GUQy68Yb1dJckPmuj4ja6d0JMA
Mo5Sz7alehfJfw==
=kmse
-----END PGP MESSAGE-----
fp: B1A16011B86BACB56ADB713DB712039D23133661
- created_at: "2022-11-25T15:54:04Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA6MARpDCLIz2ARAAgWhMSYIrgIs5WEpkpKbMQ0Gs89BJVAk+e/aF6F5JFKFD
lXdhin+XOK+foCdba68d8iCj+G94vO2TjnC1clv6BSMtpCjFspLISK3993JahBCt
lVPDl6OPjjgETLa7v9JrkYadafzQasXSDtC0Nqfg3AAb/EfYAe2k/K79kAElHWIl
ALLm8i8kbiOfySnjwhl8cJdDS7ua8nfC+pTac6e2GML0bKGjA0WR+ccOTGpNsFAu
UPtw5onoSDmywqv88tlUdmdWAz1NsnQUhzvZ4j+YCLCltlU7bzDI9/ExhgQHxC4v
Fghfs9jLINQZ7aWdqdib7S3FmFRdN06lsGh4bQFG+NPtLcoFxLcWkiArRVPW2lZ5
YUZ1Brs+gvHNMvSVPXbe+1V9nwjvm1S76vUYwTm5mf8jm7wA1NqyoB3etPEaQzPA
FYAZqErNVgG7pfa0zpnNYHHBB8y/Z/pyJKqRvRMJFpRj91FFULRrVPFr2B4JARAu
6/Sonr20Q5UTIPpT2yhzDltL25Yfj6alCrsOTJ+XufGgw5m62UjKmarqCQJUwEk+
/Qx3z+j1NlMgeuYpr+bWnjLgtwXuR0Q0pFgBkpJdP3VrvmfM/79fOBvEAFRgkevL
tKPNfFrJv56ODfFmjMwmux2tHxROMAXWLUb5gFeAIoRRIk0ru0sEQVGwaj5Yo6bS
XgEaqKfvaVzc1TuY5YIuXuXP+YLOJKJvDLmSaowFnM+GS1HtW1yGrdtCajEls2tE
MJAnCZurAfwK48GfQx1qnzyd9QOi1KYRafXFXEu1AyU7BCgwZiMPp3Qdv09sAMg=
=Rs7Q
-----END PGP MESSAGE-----
fp: A4F92BC7B792108A463995827C1F2DA2BC929412
unencrypted_suffix: _unencrypted
version: 3.7.3

View file

@ -4,6 +4,10 @@ postgres_nextcloud: ENC[AES256_GCM,data:Lv0Ld3sf+hoUE2qrsf9qGSYf5aVLqm5GIbK2hEoR
nextcloud_adminpass: ENC[AES256_GCM,data:EMvcFOGJz45P4nvJ5Yy4SziWa2pUWBqt4ZZdde6wegk=,iv:tG9bhB7HPprZMnfV/uC/v7fqmjQd5d4Oj5avOtK2/0A=,tag:8jBDpnahwQsXsD2Ivf6jDw==,type:str] nextcloud_adminpass: ENC[AES256_GCM,data:EMvcFOGJz45P4nvJ5Yy4SziWa2pUWBqt4ZZdde6wegk=,iv:tG9bhB7HPprZMnfV/uC/v7fqmjQd5d4Oj5avOtK2/0A=,tag:8jBDpnahwQsXsD2Ivf6jDw==,type:str]
hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str]
wg-fsr: ENC[AES256_GCM,data:0WViJp9fNKVxq8LsK5R0Ihn3r+S7CLBk5voKn55dABidlFSLpsA0q+KTxoY=,iv:rc4B8N2otqolSRLfpeRkIn7iNlED7XUjY//OCI2oQ5c=,tag:eWO6LniGnTd8KZ4pSyrR5A==,type:str] wg-fsr: ENC[AES256_GCM,data:0WViJp9fNKVxq8LsK5R0Ihn3r+S7CLBk5voKn55dABidlFSLpsA0q+KTxoY=,iv:rc4B8N2otqolSRLfpeRkIn7iNlED7XUjY//OCI2oQ5c=,tag:eWO6LniGnTd8KZ4pSyrR5A==,type:str]
wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str]
portunus_admin: ENC[AES256_GCM,data:bPuYdfpWJtYib9lUcXHVZeGerskd5vs5IOe+DE9Q7OOPkAwp,iv:6ZjjfQ3E1xxYjmEg7o849RZzUt8dyXjI84DSfPYGUWQ=,tag:JJpOLjPs8YdEBl3xGGAzbg==,type:str]
portunus_search: ENC[AES256_GCM,data:J1GRvVOCcOcAz4qZypa/XbcMCGQSFS6yyg1eGfNIBA4=,iv:zFf90vpMW3aqpstZVEno5TDCVwV2vi3SyA7BrX2R3/A=,tag:HJauUh36/5qmr8sGmgH1dw==,type:str]
rspamd-password: ENC[AES256_GCM,data:bOW6eAwr18Guq+BQt68It6O6i3aAthDv1ANZ02Q8zAZgV+UlfsJk9IELIA==,iv:7O48+wB7zJUIp3lQDTC7tkP1UFvmDfjs50x1Zo3hOhw=,tag:MNdiDF22a3n1ZrE6qTDVLA==,type:str]
mediawiki: mediawiki:
postgres: ENC[AES256_GCM,data:XRfUc2PRMJcoILAnm5MWr2Cg5u4e/IhGMUnz/oIQSzY=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:2spNMj9dY2wWilOusq24yQ==,type:str] postgres: ENC[AES256_GCM,data:XRfUc2PRMJcoILAnm5MWr2Cg5u4e/IhGMUnz/oIQSzY=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:2spNMj9dY2wWilOusq24yQ==,type:str]
initial_admin: ENC[AES256_GCM,data:iET5rz9rygx49NDBjKwqAlRgpeS+jq5iM5zmjnoKcyk=,iv:11iDbCrpzjCdyAB22R8NknJ6vzcpVZXCXB3iWsGWXw0=,tag:1RCyg1ysOWaXKdqqdHqRrw==,type:str] initial_admin: ENC[AES256_GCM,data:iET5rz9rygx49NDBjKwqAlRgpeS+jq5iM5zmjnoKcyk=,iv:11iDbCrpzjCdyAB22R8NknJ6vzcpVZXCXB3iWsGWXw0=,tag:1RCyg1ysOWaXKdqqdHqRrw==,type:str]
@ -23,8 +27,8 @@ sops:
Z212K3JDWmRsZmVpdjBaUE1kL3phMm8K/x3Ssn0LEO7BfTUoOJQ6h88vlwA/AvQj Z212K3JDWmRsZmVpdjBaUE1kL3phMm8K/x3Ssn0LEO7BfTUoOJQ6h88vlwA/AvQj
KsosHSWO7vsgqKPPO+OPbHV1y8OTAKubcrk5szTUWBNOvggIw3nWDA== KsosHSWO7vsgqKPPO+OPbHV1y8OTAKubcrk5szTUWBNOvggIw3nWDA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-09T15:15:33Z" lastmodified: "2023-02-03T14:46:12Z"
mac: ENC[AES256_GCM,data:8G4Kohgr0lF8G135/MNzcSRIrtfX+QRCfMtLRK+fNbc/NHHozlLaI8XDpiURfvgaWR5fVim7DgT5r59aU+G+F8O45C83hJ5LLLmeisWL78Ktm9vOUhWgoClCZ8l/603uPpIG3WlenLF1D5DTO11U60wcGdWv1RMQ9ovxJCXtRfs=,iv:0L4KQR1LYUW52Upv5sZWKquuLNhdaRQ2yoV4y0rs+R0=,tag:uBEfNmk5hmRqSUGhF+V3SQ==,type:str] mac: ENC[AES256_GCM,data:Bg5S8lSYnCUhlYFObVpmPXsp2IVxm1vfDdyzEmGGoKNU9lit/0nxrmgv3ZvOfzrcilQQHLzAfPIM5HXTCVtoPPWmkicQ72SdNWLJbY9p1+MFQgiqFZcVAYb+FMm9s1IOxBgXx/OQWmQxDmTA6jZHqgYBZnrBMgjeo0ol1Zp60uY=,iv:FlCsVbOBQC43yrmAKv8j7b0DTuhZXmeURxWWkbIcRQQ=,tag:e9vubxFQOK6h1fHQ8GHLvQ==,type:str]
pgp: pgp:
- created_at: "2022-11-18T16:37:48Z" - created_at: "2022-11-18T16:37:48Z"
enc: | enc: |

View file

@ -5,6 +5,9 @@ postgres_nextcloud: ENC[AES256_GCM,data:ySjpkMh1/6JuU2JwjlJcXh0D,iv:7CWZPjX7NZt4
nextcloud_adminpass: ENC[AES256_GCM,data:G3FcJIAl0HmpCu4JAXQOZPmWCg==,iv:Bgk7j3EfD9a73hDe93hpzH2uZUcssgVPMxr3nEWvUvQ=,tag:ngBZEBSQHBlWr62dcQdvHA==,type:str] nextcloud_adminpass: ENC[AES256_GCM,data:G3FcJIAl0HmpCu4JAXQOZPmWCg==,iv:Bgk7j3EfD9a73hDe93hpzH2uZUcssgVPMxr3nEWvUvQ=,tag:ngBZEBSQHBlWr62dcQdvHA==,type:str]
hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str]
wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str] wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str]
portunus_admin: ENC[AES256_GCM,data:2X7cz7nRN2lvubR0e+8=,iv:NRXWAbK6DouyGzW6yiJ8tNYKcXNWbt7uy3eTMmybrRk=,tag:7itZnw28EQCmGBBF9Ctb3A==,type:str]
portunus_search: ENC[AES256_GCM,data:nqCvit2p8YE8XJ3Z+PEP,iv:k2dC6TTI70M8raOTNnp1TsPiDmF3ssPPhIe6cjMevBA=,tag:CG1uvLQSxSQzVsGYxG7YUw==,type:str]
rspamd-password: ENC[AES256_GCM,data:PG3qO7lDXjd/kw3Bp65k5KPWKU16yBmRXQeYeuo=,iv:pmDqdeyziD1ZUif0LABiN2BTqGw0VkvlrtwSSjo3lk8=,tag:QwnycEj+Nab0bCDeemUX0Q==,type:str]
mediawiki: mediawiki:
postgres: ENC[AES256_GCM,data:bna6ksGVOHWor7OqVL/jgeDIxA==,iv:bgkQh+NgPE/hr4N4YOCzSCfs7vaOx4pSWlc8WxI8qMc=,tag:WIjyu1i0M7flGFFovH5jWQ==,type:str] postgres: ENC[AES256_GCM,data:bna6ksGVOHWor7OqVL/jgeDIxA==,iv:bgkQh+NgPE/hr4N4YOCzSCfs7vaOx4pSWlc8WxI8qMc=,tag:WIjyu1i0M7flGFFovH5jWQ==,type:str]
initial_admin: ENC[AES256_GCM,data:YRd3O5774NTmshxbQPbFjg==,iv:/Ra3WbZKcnUMf99ujN9qd/+DkOkFKv4cIEfUdmxpqMw=,tag:gj7ZbwIB1HLuPpGTgiz7Vg==,type:str] initial_admin: ENC[AES256_GCM,data:YRd3O5774NTmshxbQPbFjg==,iv:/Ra3WbZKcnUMf99ujN9qd/+DkOkFKv4cIEfUdmxpqMw=,tag:gj7ZbwIB1HLuPpGTgiz7Vg==,type:str]
@ -24,8 +27,8 @@ sops:
MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk
ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ== ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-20T15:34:41Z" lastmodified: "2023-02-03T14:47:01Z"
mac: ENC[AES256_GCM,data:YjrmGxH7DCf4HP2GKMb+2XThSTnvcNgIaM4uvuEK/Nb4ZuVKvF4usKvsHXuy0lJEtghfw1wd9ao9pEKbcCMTkkhjXmXe8LuprT72CQl5+qVLfchfgmYdwkx2H3pN9rWXR0jQnF/d6djAwvm7c2bepioUa2IamJx+++CWjttB0Ds=,iv:Ds6KZzSppATyo/jsWxeiuVP2jXDGiTHEk3XaSy2xgLA=,tag:zaPwS8jfKrom3JAncg6UXQ==,type:str] mac: ENC[AES256_GCM,data:qSuGdUOgVDhZ25zYGfZ6+GC7XxsoGV9dUSKM0YstpSQgR7u9S8fQVkcbz5gNTVhG8bdGQVxmMPTW3QyMI6s76yngs6kBxwnBSycAFowJlO6P/cRPqRlAuVhJy82hq0lOJem93vOnRPBQsb6Da0OS/7+SKoRd/I66BtPNKMmxEdo=,iv:IXy3cuZfUK2k8TIA7LpIbPSzcxXtiW4pmdILO6441Is=,tag:PuACj+FwaTxoTCFLytXoiw==,type:str]
pgp: pgp:
- created_at: "2022-11-18T16:37:58Z" - created_at: "2022-11-18T16:37:58Z"
enc: | enc: |