modules/ldap/0002-both-ldap-and-ldaps.patch

@@ -0,0 +1,13 @@
+diff --git a/cmd/orchestrator/ldap.go b/cmd/orchestrator/ldap.go
+index ed0d466..a672046 100644
+--- a/cmd/orchestrator/ldap.go
++++ b/cmd/orchestrator/ldap.go
+@@ -130,7 +130,7 @@ func runLDAPServer(environment map[string]string) {
+ 
+ 	bindURL := "ldap:///"
+ 	if environment["PORTUNUS_SLAPD_TLS_CERTIFICATE"] != "" {
+-		bindURL = "ldaps:///"
++		bindURL = "ldap:/// ldaps:///"
+ 	}
+ 
+ 	logg.Info("starting LDAP server")

modules/ldap/default.nix

@@ -56,7 +56,10 @@ in
   services.portunus = {
     enable = true;
     package = pkgs.portunus.overrideAttrs (old: {
-      patches = [ ./0001-update-user-validation-regex.patch ];
+      patches = [
+        ./0001-update-user-validation-regex.patch
+        ./0002-both-ldap-and-ldaps.patch
+      ];
     });
 
     inherit domain;
@@ -68,9 +71,9 @@ in
       suffix = "dc=ifsr,dc=de";
       searchUserName = "search";
 
-      # disables port 389, use 636 with tls
+      # normally disables port 389 (but not with our patch), use 636 with tls
       # `portunus.domain` resolves to localhost
-      #tls = true;
+      tls = true;
     };
   };
 

modules/wiki.nix

@@ -1,207 +1,108 @@
 { config, pkgs, lib, ... }:
+let
+  domain = "wiki.${config.fsr.domain}";
+  listenPort = 8080;
+in
 {
   sops.secrets = {
-    "mediawiki/postgres".owner = config.users.users.mediawiki.name;
     "mediawiki/initial_admin".owner = config.users.users.mediawiki.name;
-    "mediawiki/ldapprovider".owner = config.users.users.mediawiki.name;
+    "mediawiki/oidc_secret".owner = config.users.users.mediawiki.name;
   };
 
-  #  users.users.mediawiki.extraGroups = [ "postgres" ];
+  systemd.services.mediawiki-init.after = [ "postgresql.service" ];
-  nixpkgs.overlays = [
-    (final: prev: {
-      final.config.systemd.services.mediawiki-init.script = ''
-        	
-        	'';
-    })
-  ];
   services = {
     mediawiki = {
       enable = true;
-      name = "FSR Wiki";
       passwordFile = config.sops.secrets."mediawiki/initial_admin".path;
-      database = {
+      database.type = "postgres";
-        type = "postgres";
+      url = "https://${domain}";
-        #        socket = "/run/postgresql";
-        user = "mediawiki";
-        name = "mediawiki";
-        host = "localhost";
-        port = 5432;
-        passwordFile = config.sops.secrets."mediawiki/postgres".path;
-        createLocally = false;
-      };
-
-      #      virtualHost = {
-      #        hostName = "wiki.quitte.tassilo-tanneberger.de";
-      #        adminAddr = "root@ifsr.de";
-      #        forceSSL = true;
-      #        enableACME = true;
-      #      };
 
       httpd.virtualHost = {
-        hostName = "wiki.${config.fsr.domain}";
         adminAddr = "root@ifsr.de";
-        #forceSSL = true;
+        listen = [{
-        #enableACME = true;
-      };
-
-      httpd.virtualHost.listen = [
-        {
           ip = "127.0.0.1";
-          port = 8080;
+          port = listenPort;
           ssl = false;
-        }
+        }];
-      ];
+        # Short url support (e.g. https://wiki.ifsr.de/Page instead of .../index.php?title=Page)
+        # Recommended config taken from https://www.mediawiki.org/wiki/Manual:Short_URL/Apache
+        # See paragraph "If you are using a root url ..."
+        extraConfig = ''
+          RewriteEngine On
+          RewriteCond %{REQUEST_URI} !^/rest\.php
+          RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
+          RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
+          RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/index.php [L]
+        '';
+      };
 
       extraConfig = ''
-        	$wgDBport = "5432";
+        $wgSitename = "FSR Wiki";
-        	$wgDBmwschema = "mediawiki";
+        $wgArticlePath = '/$1';
 
-        	$wgDBserver = "localhost";
+        // $wgLogo =  "https://www.c3d2.de/images/ck.png";
-        	$wgDBname = "mediawiki";
+        $wgLanguageCode = "de";
 
+        $wgGroupPermissions['*']['read'] = false;
+        $wgGroupPermissions['*']['edit'] = false;
+        $wgGroupPermissions['*']['createaccount'] = false;
+        $wgGroupPermissions['*']['autocreateaccount'] = true;
+        $wgGroupPermissions['sysop']['userrights'] = true;
+        $wgGroupPermissions['sysop']['deletelogentry'] = true;
+        $wgGroupPermissions['sysop']['deleterevision'] = true;
 
-                /////// $wgArticlePath = '/$1';
+        $wgEnableAPI = true;
+        $wgAllowUserCss = true;
+        $wgUseAjax = true;
+        $wgEnableMWSuggest = true;
 
-                // $wgLogo =  "https://www.c3d2.de/images/ck.png";
+        //TODO what about $wgUpgradeKey ?
-                $wgEmergencyContact = "root@ifsr.de";
-                $wgPasswordSender   = "root@ifsr.de";
-                $wgLanguageCode = "de";
 
-                $wgGroupPermissions['*']['edit'] = false;
+        # Auth
-                $wgGroupPermissions['user']['edit'] = true;
+        # https://www.mediawiki.org/wiki/Extension:PluggableAuth
-                $wgGroupPermissions['sysop']['interwiki'] = true;
+        # https://www.mediawiki.org/wiki/Extension:OpenID_Connect
-                $wgGroupPermissions['sysop']['userrights'] = true;
+        $wgPluggableAuth_EnableLocalLogin = true;
-
+        $wgPluggableAuth_Config["iFSR Login"] = [
-                define("NS_INTERN", 100);
+          "plugin" => "OpenIDConnect",
-                define("NS_INTERN_TALK", 101);
+          "data" => [
-
+            "providerURL" => "${config.services.portunus.domain}/dex",
-                $wgExtraNamespaces[NS_INTERN] = "Intern";
+            "clientID" => "wiki",
-                $wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion";
+            "clientsecret" => file_get_contents('${config.sops.secrets."mediawiki/oidc_secret".path}'),
-
+          ],
-                $wgGroupPermissions['intern']['move']             = true;
+        ];
-                $wgGroupPermissions['intern']['move-subpages']    = true;
-                $wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages
-                $wgGroupPermissions['intern']['read']             = true;
-                $wgGroupPermissions['intern']['edit']             = true;
-                $wgGroupPermissions['intern']['createpage']       = true;
-                $wgGroupPermissions['intern']['createtalk']       = true;
-                $wgGroupPermissions['intern']['writeapi']         = true;
-                $wgGroupPermissions['intern']['upload']           = true;
-                $wgGroupPermissions['intern']['reupload']         = true;
-                $wgGroupPermissions['intern']['reupload-shared']  = true;
-                $wgGroupPermissions['intern']['minoredit']        = true;
-                $wgGroupPermissions['intern']['purge']            = true; // can use ?action=purge without clicking "ok"
-                $wgGroupPermissions['intern']['sendemail']        = true;
-
-                $wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern');
-                $wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern');
-
-                $wgGroupPermissions['sysop']['deletelogentry'] = true;
-                $wgGroupPermissions['sysop']['deleterevision'] = true;
-
-                wfLoadExtension('ConfirmEdit/QuestyCaptcha');
-                $wgCaptchaClass = 'QuestyCaptcha';
-                $wgCaptchaQuestions[] = array( 'question' => 'How is C3D2 logo in ascii?', 'answer' => '<<</>>' );
-
-                $wgEnableAPI = true;
-                $wgAllowUserCss = true;
-                $wgUseAjax = true;
-                $wgEnableMWSuggest = true;
-
-                //TODO what about $wgUpgradeKey ?
-
-                $wgScribuntoDefaultEngine = 'luastandalone';
-
-                # LDAP
-                $LDAPProviderDomainConfigs = "${config.sops.secrets."mediawiki/ldapprovider".path}";
-                $wgPluggableAuth_EnableLocalLogin = true;
       '';
+
       extensions = {
-        CiteThisPage = pkgs.fetchzip {
-          url = "https://web.archive.org/web/20220627203556/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_38-bb4881c.tar.gz";
-          sha256 = "sha256-sTZMCLlOkQBEmLiFz2BQJpWRxSDbpS40EZQ+f/jFjxI=";
-        };
-        ConfirmEdit = pkgs.fetchzip {
-          url = "https://web.archive.org/web/20220627203619/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_38-50f4dfd.tar.gz";
-          sha256 = "sha256-babZDzcQDE446TBuGW/olbt2xRbPjk+5o3o9DUFlCxk=";
-        };
-        Lockdown = pkgs.fetchzip {
-          url = "https://web.archive.org/web/20220627203048/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_38-1915db4.tar.gz";
-          sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
-        };
-        intersection = pkgs.fetchzip {
-          url = "https://web.archive.org/web/20220627203336/https://extdist.wmflabs.org/dist/extensions/intersection-REL1_38-8525097.tar.gz";
-          sha256 = "sha256-shgA0XLG6pgikqldOfda40hV9zC1eBp+NalGhevFq2Q=";
-        };
-        Interwiki = pkgs.fetchzip {
-          url = "https://web.archive.org/web/20220617074130/https://extdist.wmflabs.org/dist/extensions/Interwiki-REL1_38-223bbf8.tar.gz";
-          sha256 = "sha256-A4tQuISJNzzXPXJXv9N1jMat1VuZ7khYzk2jxoUqzIk=";
-        };
-        # requires PluggableAuth
-        LDAPAuthentication2 = pkgs.fetchzip {
-          url = "https://web.archive.org/web/20220807184305/https://extdist.wmflabs.org/dist/extensions/LDAPAuthentication2-master-6bc5848.tar.gz";
-          sha256 = "sha256-32xUhahDObS1S9vYJn61HsbpqyFuL0UAsV5+rmH3iWo=";
-        };
-        LDAPProvider = pkgs.fetchzip {
-          url = "https://web.archive.org/web/20220806214957/https://extdist.wmflabs.org/dist/extensions/LDAPProvider-master-80f8cc8.tar.gz";
-          sha256 = "sha256-Y59otw6onknVsjRhyH7L7I0MwnBkvQtuzwpj7c0GZzc=";
-        };
-        ParserFunctions = pkgs.fetchzip {
-          url = "https://web.archive.org/web/20220627203519/https://extdist.wmflabs.org/dist/extensions/ParserFunctions-REL1_38-bc6a7c6.tar.gz";
-          sha256 = "sha256-iDv4VSSFnTKEhvlVQcHHVp2hSWwDbv6jNCq1kOGuswo=";
-        };
         PluggableAuth = pkgs.fetchzip {
-          url = "https://web.archive.org/web/20220807185047/https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_38-126bad8.tar.gz";
+          url = "https://web.archive.org/web/20230615112924/https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_39-068be5d.tar.gz";
-          sha256 = "sha256-cdJdhj7+qisVVePuyKDu6idoUy0+gYo3zMN0y6weH84=";
+          hash = "sha256-kmdSPMQNaO0qgEzb8j0+eLlsNQLmfJfo0Ls4yvYgOFI=";
         };
-        #Scribunto = pkgs.fetchzip {
+        OpenIDConnect = pkgs.fetchzip {
-        #  url = "https://web.archive.org/web/20220627202748/https://extdist.wmflabs.org/dist/extensions/Scribunto-REL1_38-9b9271a.tar.gz";
+          url = "https://web.archive.org/web/20230615113527/https://extdist.wmflabs.org/dist/extensions/OpenIDConnect-REL1_39-42e4d75.tar.gz";
-        #  sha256 = "sha256-4sy2ZCnDFzx43WzfS4Enh+I0o0+sFl1RnNV4xGiyU0k=";
+          hash = "sha256-VN0G0Crjlx0DTLeDvaSFtMmYsfB7VzgYkSNDS+nkIyQ=";
-        #};
+        };
-        SyntaxHightlight = pkgs.fetchzip {
+        VisualEditor = pkgs.fetchzip {
-          url = "https://web.archive.org/web/20220627203440/https://extdist.wmflabs.org/dist/extensions/SyntaxHighlight_GeSHi-REL1_38-79031cd.tar.gz";
+          url = "https://web.archive.org/web/20230723212424/https://extdist.wmflabs.org/dist/extensions/VisualEditor-REL1_39-b1204c9.tar.gz";
-          sha256 = "sha256-r1NgrhSratleQ356imxmF7KmAANvWvKpAgnLkm8IdKY=";
+          hash = "sha256-g/ATW3xkecHynwbwLbmYgawNW+LCVTth0ZlhY7A3N5U=";
         };
       };
     };
-    postgresql = {
+
-      enable = true;
+    portunus.dex.oidcClients = [{
-      ensureUsers = [
+      id = "wiki";
-        {
+      callbackURL = "https://${domain}/Spezial:PluggableAuthLogin";
-          name = "mediawiki";
+    }];
-          ensurePermissions = {
+
-            "DATABASE \"mediawiki\"" = "ALL PRIVILEGES";
-          };
-        }
-      ];
-      ensureDatabases = [
-        "mediawiki"
-      ];
-    };
     nginx = {
       recommendedProxySettings = true;
-      virtualHosts = {
+      virtualHosts.${domain} = {
-        "wiki.${config.fsr.domain}" = {
+        enableACME = true;
-          enableACME = true;
+        forceSSL = true;
-          forceSSL = true;
+        locations."/" = {
-          locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString listenPort}";
-            proxyPass = "http://127.0.0.1:8080";
+          proxyWebsockets = true;
-            proxyWebsockets = true;
-          };
         };
       };
     };
-
-  };
-  systemd.services.mediawiki-pgsetup = {
-    description = "Prepare Mediawiki postgres database";
-    wantedBy = [ "multi-user.target" ];
-    after = [ "networking.target" "postgresql.service" ];
-    serviceConfig.Type = "oneshot";
-
-    path = [ pkgs.sudo config.services.postgresql.package ];
-    script = ''
-      sudo -u ${config.services.postgresql.superUser} psql -c "ALTER ROLE mediawiki WITH PASSWORD '$(cat ${config.sops.secrets."mediawiki/postgres".path})'"
-    '';
   };
 }

secrets/quitte.yaml

@@ -2,16 +2,15 @@ nextcloud_adminpass: ENC[AES256_GCM,data:AJHISi8zIVXOMPZAghgBhEsIYS9NT4XogmyCC5T
 hedgedoc_session_secret: ENC[AES256_GCM,data:l5a9sd731MDjNRu85XNOWJcGmNkMLsyW1jHbucn9fGg=,iv:SZhcy7IWD0pwCnL03QH5VKHsIvvAL/Ex7zFiSp2JQ60=,tag:chWdf27vLwb4W4SQl/Y7Ug==,type:str]
 wg-fsr: ENC[AES256_GCM,data:g4h7yCox7rLhJOVkvEPJi0g8pVMf6OduI5LpcmXBOrQHEbnyj6OajD3nbO0=,iv:WWyvftIoWwUv7MmcnVobcyFYyLdpbK5zDhj17j30VQk=,tag:ZxSkrRGfSL119/E4eNcntA==,type:str]
 dex:
-    environment: ENC[AES256_GCM,data:fUrU7LODoV8OSQpONZO1+e2VloOg03w/ITr/8XKExBbrGRVRyNfcvUc9mX8xW+RD+1JbvDLKA4IP4qdP+ABTgNmNj0EIi+/A4TdH5zvPkVtDVDb8Vc7VIG2CadRhC4u3OQDm25Qnh5zenL5tKAMm76Yl/8KARb/JEMFglY+a2Xc3Tm25GJF1UwN97CqrqObEWV4UYBHjUe87ZA+x6lTJ0tTJa1mZsgLLB6535fEEw+WRGg/dVRAjSG9Ym0l76C0Ka3y2bYwTofJFqK80o3Xr/7E1JsmI,iv:W8hEPM1exRJzN85hdSYm2yFeJvy+XkalA5AREAVbXHs=,tag:cvPS/BgRExxE9nWiJd9hCw==,type:str]
+    environment: ENC[AES256_GCM,data:98xqoRjGZX40f2+gqTiLITuj3285sa359gapa2XurQQD6zg0mqmDTxgcU2dj0Q6k9GE0l5xF5bkguA1eVofylTY9mbidWy5BThisqb1Krv6/gdfybY8Vft/x/A8Y5S71iAzyQkSeLj9Dyoh2Jjro5eSpiA5GnAgTnFL3q3mhy8herANRNMSP6s2A5Exzsw0qzTC22KGlmAycGP2jlm3OU9cqwLYWR0WItJBE/2hYaRSaow/VVuQLTY2zdqrs6cp8SmOiMDdJ5teu910/FLi13jah9148jNKZqLtKx3gxiHweBKjjFglj+jZMTQu3O9aGF7CR3y/EuzAAnqMR5dahONURu06w/0KSXCHX14DxfFU=,iv:meB+u6JhU24aqOHJLmxH37k7DOuuDc61V7R3rMm/qic=,tag:eAzSueiRa3EfSnpZxxGiXw==,type:str]
 portunus:
     admin-password: ENC[AES256_GCM,data:9EglcINrzDw1d4VaZALOFy3KddlwAvaWRuUZvXXCmE8=,iv:Z33gf3BqmtvSTNadrAQl0LgU1fZ8fReyO4fFBvy+vlw=,tag:zPTvOeEsc+MvqigesaBMkw==,type:str]
     search-password: ENC[AES256_GCM,data:Rf69jCganUJJxyR44mbEgB475SitvvqGCmsMXHH5VAw=,iv:ilOVy1r+HAY3t26yJiO6jExtrl7kll8Mi6fqzBcjYRQ=,tag:KyZCbPhlLSkgkxGT2Du5AQ==,type:str]
 dovecot_ldap_search: ENC[AES256_GCM,data:e19xmqOra7xJPPVnW7FtCV6q1JfTDnzgtvEpAY3SFuxCJ8Ucnt/6c/ZlJEM=,iv:XlYw6XpvENraLCnoGpEnqa2pg7VIuU0WyFZJRqjusmc=,tag:UaPkh/Vtv61kRaW3s1dznw==,type:str]
 rspamd-password: ENC[AES256_GCM,data:mn8UWBlXKG1s7cP/sLW6DWiqbAydEbv8q1rJzX5zNaZEMjpYAxrGj54Md5XmwQ==,iv:C9vvICgL7GbsOsWx5FyFktospIomfZK4qPh8qMqCELo=,tag:stOGL8UmHocAGWjjjRNZVw==,type:str]
 mediawiki:
-    postgres: ENC[AES256_GCM,data:EplJskUzYHDT/qu6IG+XrOEZ5aW3J3XN9w35xGku6Fc=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:qVoagL+tYtvj2RHgVa5geA==,type:str]
+    initial_admin: ENC[AES256_GCM,data:osX7QwHPfmFAJHGuXHY/td7Z+JNzHicixZRvWNLfG+o=,iv:SuKTItyOipoVqx/39+UTDg8npsp0jDaK94k9rPfYdkA=,tag:emNMythpZGwm3Rp8Nx5xCw==,type:str]
-    initial_admin: ENC[AES256_GCM,data:VLOTTj4cl7sSh2k7AKNuOHsxeNaHU5pu/jNDWtEkOa8=,iv:11iDbCrpzjCdyAB22R8NknJ6vzcpVZXCXB3iWsGWXw0=,tag:osQCjkvWo4Yt53OszQWRMA==,type:str]
+    oidc_secret: ENC[AES256_GCM,data:2JRvHObJ5xB3A0XduUwdF9a7zzeEPz1nElLEzWC6Hz4=,iv:1tKMlme1bR5JcEk07Xpq99+OHxdtCxjc4xHNlBxq7X0=,tag:cyhstQYvEmjI5Zjj2GWtFQ==,type:str]
-    ldapprovider: ENC[AES256_GCM,data:gHoj3B0HV2cvd94VzCQS1RqvVp7E07UMjd+noNwgc3tOb6WoBr6Uc+r7NZcRmbdxLsdDjvdix0QqHZCCF1m8plJJgWisoDKjDnKVl89bWeEZ0liG78nZ8DGfqNdl3p5zwm7dh8Dtuf3nNkwdWv6LtciaqUpn9NhhccTWdlgiwmTZqv5ZxtfcCHAauFaBi+HLcxTzsXFx5DLyj8xHgzkw9N/rZ3RgL0CNbrwsy3JmDi/NbL91lY7i+Is0NylCbr5pL6QUSCfgjU1cscehEh87jNMhdPS/re4s9yQ1uVaa/X/j7fEkjCDGYuqHogR5B9EjdGO6k8cnf6kjvyVyk19fHDZgmkwR7AK2t7iMpagq7J4T+QqZf0Yvy+NKWGcH+X8f6gA2LOGHVWghU/FnsaefDadAiHoVZBrkze69L6luhORzeMu/JMC8BNJbP5TqUaKIyPG0cZSPLJCvqmc0frNv2bIM6+8z1FkUCBDzucNVzTt/Fhxto7Epb+TcAqrOgEC1/sqr7sANOT2in+KnmZE0JUIsF1JDgH1FuLxX2XQnglmcPmm84NA9erhf6IbY3jyFswPnb3yyG9nPf+bVgkBS3fYhl+psLIrjgGidtlyg/vRABK5VNURs1oojRHCjQmKB1F7+ovd8gR/UTdpRT9o9Px6Uue5RuNAf6O34FSBO4SiaBkMJnvbR9wv++JqXNjQh7wUSEfdkP/FiNq3C7kaMcVvdzIjnKMdyQRuBe+NbF9Ak8JtALHMuPRVm9cbRHCuWyf3sMPxk2Bl5EVXM1pPxfrI=,iv:n2XOs6F7kuMmjPCc14s2MQl37vjVTtmAVkYQp7kqjgc=,tag:qdrPN6BscKHLz/kMmB/3Bw==,type:str]
 mautrix-telegram_env: ENC[AES256_GCM,data:cuQLaLyZ/hSQsN0DnyuBSsIuoZGTUrDsV0lNq6Ky/1pgd5Ull9OYJu5bsgMWauki6lOprxqBE+32TSoWPb8WFUT9/NO7U9b+aoaCs/R8HeePxnaIyiBiGv881YY54Ze8jLXFU3XAxj4VHESSCNSEktApTvJvd1VXJjJGoV3iFWZhl1VbLsE+lQSHSiDLU6JqUyXa6k1BGUepGrkwObGoKyLVFODF3uahXsXtcfgbMQ4UfqZevh44dj+kDDtohXje,iv:jmcWTyVkqu9nDc1ws2NxkMKrHPZ13i3jqDkk4Y0kejw=,tag:h7llbDCz8PmvfxLzrQlrCA==,type:str]
 postfix_ldap_aliases: ENC[AES256_GCM,data:BVLLg5m20/tUNVQcefFJz8sKWNHaGve+FUoOaSuMNFjIzVjIbpyZPfRDk8Pr+h6Kz2Lt/gQYAynO9xgk5RvUvrPzdq5xnp+TU3eSPpteh4lg+ey83xesstB2BXVEDzAKMwsa5QGca7vdtOIIEhr0CYAWoGlzR6fKDuUxmpWZ7DYwkhPppfdEIyPnbwt0v7Ll2K9dRQ1ZicS9y+Mgfs7LgV830si+Fv52tv4jrLpzVPaY2IQfIO1u5wdx6YDnnnOC4Fv73hM6BjYD1r3sgbiUvh0IVEl/LKdTnlEfEdpTvtZHAdY=,iv:Itf6cCQtolbaAAd84ymT889poOB0xn4yO3QHK7tl/n0=,tag:0GslHkKaj9aNzvRukBU11A==,type:str]
 vaultwarden_env: ENC[AES256_GCM,data:lGDemdGgYemaaWhWBPEMuP4yie5Ceum5ZZ0hKRLz8TJENrBNuTGGnG9cQ+L5m0uC4c0+GmRYHZZFAbWxz2JAjx8rR3lGQkSzbynTWKPuVMMulsjMO1DLVcRv5MzLRNAKgZnqiNYGXOMVhGNyTq+qNgp02TEpDJytfP5U1ZzQcjaPKmCUkEUSH0I=,iv:foByTYQw1KnB1MmwSQqmwza9PJJmdYdZbIHKrZ9vog4=,tag:OoqJ5kIjNaJZYyno31x5rA==,type:str]
@@ -37,8 +36,8 @@ sops:
             dFpScGZzYlFQZWMyUEErOVhVVjc4SlkK3KUct/NJwDdeGeWrqbZ5eAIb/G8f/ZCI
             T4gO0Y/fznXkNf1fm5d3JHwTC8yAzxmSSGu2f/LLzKx1oNeAw0Ll4Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-08-14T09:31:12Z"
+    lastmodified: "2023-08-16T11:51:53Z"
-    mac: ENC[AES256_GCM,data:0/gNAktF8rg+C45Hl8KSTFZAlHtrkpr60xzrpQv0GlRjmiZnB5uRuVEd8NucAGVFRi84MlZIktbnhoiCjk5It6FfQaAPkWI8UN2BS+A8r+ke7nGLaxuhhjriCgV9tw66ypJ6qTrNG4P0rj1bgD4+tfaI5jM2qtwscfNbqiLFMCY=,iv:d+ZZoQdKDoyWM+Q3D+/hOZdxBXUxnKdKp1ExfYMqG/w=,tag:iaTDHOBirQO7o3y2wszIAQ==,type:str]
+    mac: ENC[AES256_GCM,data:aVF7WJ1MjgLPBN7qv8KO/HQbpyyCLQyW6U8rQCSN/VjSDW7vGf7hU0NtL51/L/daHcPWI5QJqpZtuYO1WZuwYyiDqBdtgQbhUIeIp8N9fIioxV7iW7PXSrwnLsnlIQl5HC3wxWGMsgQmYBz/CijJMRZkf06ITOuiS8llOphd+Ho=,iv:gmO9iGB4qfoeCPMmXBhz0jRymsuz2s2mBgHKrkm5gCc=,tag:kPu9MDFeju3T/OA720NQlg==,type:str]
     pgp:
         - created_at: "2023-08-14T09:07:55Z"
           enc: |