diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..b170df0 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,61 @@ +keys: + - &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70 + - &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505 + - &admin_gpg_june 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - &admin_gpg_max 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB + - &admin_gpg_lilly D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - &admin_gpg_langoor 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 +creation_rules: + - path_regex: resources/chaosknoten/cloud/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor + - path_regex: resources/chaosknoten/keycloak/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor + - key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor +stores: + yaml: + indent: 2 diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index 7212842..8dd46a2 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -2,10 +2,10 @@ nextcloud__version: 30 nextcloud__postgres_version: 15.9 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud -nextcloud__admin_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/admin', create=false, missing='error') }}" +nextcloud__admin_password: "{{ lookup('community.sops.sops', 'resources/chaosknoten/cloud/secrets.yaml', extract='[\"admin\"]') }}" nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" nextcloud__use_custom_new_user_skeleton: true nextcloud__custom_new_user_skeleton_directory: "resources/chaosknoten/cloud/nextcloud/new_user_skeleton_directory/" -nextcloud__postgres_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/DB_PASSWORD', create=false, missing='error') }}" +nextcloud__postgres_password: "{{ lookup('community.sops.sops', 'resources/chaosknoten/cloud/secrets.yaml', extract='[\"DB_PASSWORD\"]') }}" nextcloud__proxy_protocol_reverse_proxy_ip: 172.31.17.140 nextcloud__certbot_acme_account_email_address: le-admin@hamburg.ccc.de diff --git a/resources/chaosknoten/cloud/nextcloud/config.php.j2 b/resources/chaosknoten/cloud/nextcloud/config.php.j2 deleted file mode 100644 index 718bcb8..0000000 --- a/resources/chaosknoten/cloud/nextcloud/config.php.j2 +++ /dev/null @@ -1,98 +0,0 @@ - '\\OC\\Memcache\\APCu', - 'apps_paths' => - array ( - 0 => - array ( - 'path' => '/var/www/html/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => - array ( - 'path' => '/var/www/html/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), - 'instanceid' => 'oc9uqhr7buka', - 'passwordsalt' => 'SK2vmQeTEHrkkwx9K+hC1WX33lPJDs', - 'secret' => '3dBt5THD2ehg0yWdVDAvMmsY8yLtrfk/gE560lkMqYqgh6lu', - 'trusted_domains' => - array ( - 0 => 'cloud.hamburg.ccc.de', - ), - 'datadirectory' => '/var/www/html/data', - 'dbtype' => 'mysql', - 'version' => '25.0.9.2', - 'overwrite.cli.url' => 'https://cloud.hamburg.ccc.de', - 'dbname' => 'nextcloud', - 'dbhost' => 'database', - 'dbport' => '', - 'dbtableprefix' => 'oc_', - 'mysql.utf8mb4' => true, - 'dbuser' => 'nextcloud', - 'dbpassword' => 'TdBLMQQeKbz1zab3sySUsGxo3', - 'installed' => true, - // Some Nextcloud options that might make sense here - 'allow_user_to_change_display_name' => false, - 'lost_password_link' => 'disabled', - // URL of provider. All other URLs are auto-discovered from .well-known - 'oidc_login_provider_url' => 'https://id.ccchh.net/realms/ccchh', - // Client ID and secret registered with the provider - 'oidc_login_client_id' => 'cloud', - 'oidc_login_client_secret' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/kc-client-secret", create=false, missing="error") }}', - // Automatically redirect the login page to the provider - 'oidc_login_auto_redirect' => true, - // Redirect to this page after logging out the user - //'oidc_login_logout_url' => 'https://openid.example.com/thankyou', - // If set to true the user will be redirected to the - // logout endpoint of the OIDC provider after logout - // in Nextcloud. After successfull logout the OIDC - // provider will redirect back to 'oidc_login_logout_url' (MUST be set). - 'oidc_login_end_session_redirect' => true, - // Quota to assign if no quota is specified in the OIDC response (bytes) - // - // NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to - // zero or -1 or ''. - 'oidc_login_default_quota' => '1000000000', - // Login button text - 'oidc_login_button_text' => 'Log in via id.ccchh.net', - // Hide the NextCloud password change form. - 'oidc_login_hide_password_form' => false, - // Use ID Token instead of UserInfo - 'oidc_login_use_id_token' => false, - 'oidc_login_attributes' => array ( - 'id' => 'preferred_username', - 'name' => 'name', - 'mail' => 'email', - 'quota' => 'ownCloudQuota', - 'home' => 'homeDirectory', - 'ldap_uid' => 'uid', - 'groups' => 'ownCloudGroups', - 'login_filter' => 'realm_access_roles', - 'photoURL' => 'picture', - 'is_admin' => 'ownCloudAdmin', - ), - // Default group to add users to (optional, defaults to nothing) - //'oidc_login_default_group' => 'oidc', - 'oidc_login_filter_allowed_values' => null, - // Set OpenID Connect scope - 'oidc_login_scope' => 'openid profile', - // The `id` attribute in `oidc_login_attributes` must return the - // "Internal Username" (see expert settings in LDAP integration) - 'oidc_login_proxy_ldap' => false, - // Fallback to direct login if login from OIDC fails - // Note that no error message will be displayed if enabled - 'oidc_login_disable_registration' => false, - //'oidc_login_redir_fallback' => false, - // If you get your groups from the oidc_login_attributes, you might want - // to create them if they are not already existing, Default is `false`. - 'oidc_create_groups' => true, - // Enable use of WebDAV via OIDC bearer token. - 'oidc_login_webdav_enabled' => true, - // Enable authentication with user/password for DAV clients that do not - // support token authentication (e.g. DAVx⁵) - 'oidc_login_password_authentication' => false, -); \ No newline at end of file diff --git a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 index 7e6ad56..6ed0beb 100644 --- a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 +++ b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 @@ -11,7 +11,7 @@ $CONFIG = array ( 'mail_smtpname' => 'no-reply@cloud.hamburg.ccc.de', 'mail_from_address' => 'no-reply', 'mail_domain' => 'cloud.hamburg.ccc.de', - 'mail_smtppassword' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/smtp_password", create=false, missing="error") }}', + 'mail_smtppassword' => '{{ lookup("community.sops.sops", "resources/chaosknoten/cloud/secrets.yaml", extract="[\'smtp_password\']") }}', 'mail_smtpdebug' => true, 'maintenance_window_start' => 1, ); diff --git a/resources/chaosknoten/cloud/secrets.yaml b/resources/chaosknoten/cloud/secrets.yaml new file mode 100644 index 0000000..53b7522 --- /dev/null +++ b/resources/chaosknoten/cloud/secrets.yaml @@ -0,0 +1,238 @@ +admin: ENC[AES256_GCM,data:zIcGTqSicvQXJE6FAk/HLQbIMzAHWdTfLDb0AGEu9bN2+V3Rb8ujjGpiDhIbPtsc/z1Z9i6Mk7I4tQUl7ErF+w==,iv:tRKbXdpLKfT6N+8QNY4N3nennRBtVjUTtC+BCoPOXxE=,tag:vCZZaISD7hFmQnn9FJ8LXQ==,type:str] +DB_PASSWORD: ENC[AES256_GCM,data:j07CqdB9vEPY/7mSIIxfRLKA1YOSoqgbt3pw2EgwyO1oua3r40NvRLY6VI0CXmcOXOedm7/lX5mwA3cZ15pBhw==,iv:+llV+OR4leYx6KyIRIadhbcypibfYKFFEmlftAl4MlM=,tag:6cd+8/IR16ypE09UDvI9/w==,type:str] +smtp_password: ENC[AES256_GCM,data:VFhGRV5Jg19UTgm5mzzF1gcw2yyeS28BPuIQZaH2nYbyQGbxcOJ/YIaYbCXufoLOFLgUGJP+lHjZEs4fWuj2SA==,iv:SiUpLXthEF0UlJGCK+Q9cVH1BXnDtN9l8ZY7SeGU9KE=,tag:OmO7BcMH/eGrCOx0z4lQzA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-05-03T19:16:51Z" + mac: ENC[AES256_GCM,data:j1QfgIDBR4seyC988SkCODR21AhqtBQaLLD9RV10hnqclgaByeoVJ7zdDUR4G41lhL9tbOKUy4FpOIQQp+kYBztu158cO1DtEU5WNUSV5GlRjuFRgVTCYZwJLq2uDpINMhfiC62MqxEjk4i8MI4szNK1P5rCqBvnz8f5gaUrTtY=,iv:EDtJbXOsXE/Z6DYi6dQXzZSflQUJN+TaqKiAXFXz6Qo=,tag:2Uu57dsB6+vVSZBZwB2lIA==,type:str] + pgp: + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//TYjfG4qAhFwZwvWrQiIiNc+Qk7WqZ6I9fsvzhnRPMsqd + CO2y99ht1mXF0fGs5MuBtcml0OHr9kbfKWmf+1JwNEkzFdYeK6YvppI5fpIVgah6 + DxUAGQ+cquTtUM3E8XKIsXIVRMkrkJdzVYB5hxwV8qjBUAh5tuXg6Fwizpj4UGuX + hF9TMYobvt4EanLDiAvMpo3oe2vjGBpkns3BpXX9oSq5hExlqLivifRHpJvp1j5U + fTwrYqYPXY6mM1RBP0nBSyJb8sQlg/7qrOPQb8Y5/ryWs75JA6zVTpd3fe+t8pmV + Uncwewh8fujrhPkLdvjSRc0/9uWf8YcohL6Oy4lgGffwPIMyhlAaXi4ym/dtM9td + 8Z/sI7LQ3iIIPOAY++MOQvhmtD4AQkNJM9WUcA0n3fHvVVnNhVWHFO6J8FzH6q/u + pDWhCK/WH5pTyreI0ngyeSXC3Mwq8yAMbjlhvZktZwmYCKrp3CWgqanZVPKHx4aK + wO+JPMkcr86mj6/sWbRq3pqJCMZw5NBPxrdym3n1suthmMUOvnZulQt4RgWLoOrx + 6wDVdH3Wv0j1yjuY3QdMZqOKECFhHDRuI162PV+kzGYwrcbzQlmNQgqK2ZhR1B7k + wJziWgwynZ36AoPi6Fi+rA5CIPtVSlK6yr/1We4yciFic/RfmAVwWpMkORwOCBPU + ZgEJAhBpgdpYmO2MdE3vLc7S1Ft9YhAOCzgGHYcjULa0lrA7K1xpDNkxEzotkiu1 + +/uFrHU7bS22bcOFD/l6dO1TzA1ViPLo1BZ2xmKToTq8cIzLjDrqo2sYHOqYtaSC + Gees+Y4xng== + =VeG9 + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//e05aLr6OZAOyi1MM/lGZ19QCBztJiaMWVL/BY7r3/d9f + m1BTAgUZNgSROHDgkH8uuXqWHIadfIao6gUFKIzLsrwPfuUC+DyNxyE/NQYvv0R2 + k/IgXAuop1P2+thm13rVmI7G3yjGD2NOkQzp6LlMECfImts0QZqrfEUXd/P+WyCE + 2ooCyeDstd+SgjBTHd+o0sGtc084XtpnfX4Qw7KGwuaT+cUkKXbdPqzxug+JpJcc + BFK5F0MbrEa/wA1vAfyIDuZw0Zy3fGGO9wASJoc2ChFb/BphOIVsqbM2zNB63XDS + ImnwyCpDmyxcBon8lDTlkd941V+YXzSf2cnyV//o7oLjFVQltrvu7pGhUrQ99lAU + 0Ayn8jiAtyUenHOH2gsXdfGgg45lGf4Eusn4XaCxwSKoG1BCQZwR/tVnFBeSKkbJ + 75tOl7UIs+bkLx5LWB1ozbTrhuOymR4h1BUbx3VL7Th5K+ChHs1w90xJWDP1dmEr + +euiIaNY7OPfzNFZpNHJb4SQdtXzeK9fSV8N1c5G+BxBIpAqsVUWkXqVXiVwKjS2 + BJ99QhpmDFoCy2d3O57mYM09HgWXbekFR0VckL/8RVVpHfdnQcauXEMrpl3AHCfe + DK3fDucO/+MUQ+lnyDaoRjJfjsM7PQc16JnzolEeOLMbKit+KAjMC9EfvM8GobHS + XAGQHdTiHz1ppYhBZM/RlFG25W09yKA3m2pcYkbjcB4d1fu4lR8s/PhFT+5HVZa+ + UcnKDr3Kx517Pgg6Snq/7zdMqnIe3q0l/0Fs0oLjL57JoxSTELp6jqORXs7M + =vOAi + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/9GWEYkbX/xjrCqZfmxA+V0LjdDevDXKaII0j9vga28WIU + Qg9AeLpvvgQRwJvZXZuCFI9ujmvpFePP4OgLkmh+6hx3dHY3COzT4i4iEH1GbxEy + grGXSJaynPB2ONvaZbIt+FwNig0alCiMPQhzLnIS+hmnSYbHFPqKGdqfqryj1xjI + JhirzLV/SYIAo4Tqgr/uyq7Ef4JAtydh7TWrqbdNQKeoB5Zu1uU+gVHagsF9mGCV + 49x8K8EiyMcgXtYk0UTN4Q0iWArDtnM2x2/b2PJ6H3yw7pmdE+MPzGdtRr4t2zAI + dF+h6PdprcHKrQa8moy0KSCm+zcSkL0vxUP8+X3WUTS1VUCsn6l/kk+4rM49izqP + dvmQldGSHOdPG+P2dAS68p/Sq9PhsYZEGKub+nREyQI0AW3yVpWVCbWIiwEWnQOP + NGKIRGBdY192oNvb/3ul3uNi/qcKFgrP4+ue5KAmJgkObFTss8OGYfEMQ0dncGV4 + UW9Iw7Xo8e10NPm8PpLySY68pGMpgFrWM/Ns+ifCfEaTVSezXYRLHy5XfBBoQFN8 + RJ/S0+8P3/HRyH6q/vbFkWrHhb95KwxRLXz5qb2yoy2/5z6+dgSKY51972Zujxjb + GklVDqPrcgCLqlApfw2yJwSe60pMbE2CxEFzAmWLfGpuvyOhpWOT5jcG8F2HipnS + XAFUK/+WAcOdJhmSRZt5aX33jJ1uJXQoxcbAvxdR+4TZxmbPjSLMnZGs9qfMhtvF + EU9WjE3elMQ60mKBEoBFPudSNsfGblS3YT6K8b4Wij/CTb0ROGXH51ZCTa4k + =PW2U + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ//e6SuBK20zjqoSGLhf5JzocXFYD2TxIDyCAOmoK8kM/SR + MPaDWdITHXWZS6o32KExCBYUeOIzUZDcgW/BqNZLsyDfFzgtdYY7j5Yy2+/ezakW + 1PCY5MoqjZq0x4MMKD3TqQqHHsLLS3lPYeRWgFbFTZVMriixO9GqlM7D0MAmSEL5 + WbDdR4wzQNhsVuMZlF/1Rq/fQH0UCjJZ43VnlOi/2MSA+RE5pqSA4BE5IPUBgVx8 + n9b5asY5bG9N9RmpaOveF9AXh6x8QiPC2br14b642Ccj6GVGBgBtIyx60KdSALfH + 8twZlau8Z+vAFnGQ09K3fL9AapE1RVRSzu2ndZ8fskAWxzP+N3+oj97JYbaXYvb3 + IAHfQkB/N2EV1b2bGv3j8O6gMKjJG24QCJgmd8/AIVbWzBOzfF6SK3KC0hI31VmS + RrmZBZlYX/cnLGYK40myYAMU93/9R0DyhWSC2N9SVS7Jy6GW1u/aHyd4OdRXtaqi + ORhgiQ05gTS1oF3zLB8/7Y/bo1mpTOUPpGQ7mQPaToV/aAI6UYJGhR4EFZBHqz4v + dHO6Sq/yDvYSYasmP3a/TysEohkwnKe3/TSnGrMYVdWNX/tAGWqZSUrsWaTDtTT9 + 2QiTZftGTkRFH7SF5DkrbRMmSz8rQHrR8mtoEMtUbMAX9yRDSCHw9CRcfh49dL/S + XAFK9g7uSY/HllvPHu9V6uvQfbKNqoYmpbdw4egKsYXKVsSecL5V2mvvgNABbbA+ + 7Ma79aZ5KRPtmUONfpkeIjyzhnZXNpSn+nnpZBIMXGbwiaiq5Z8WFBBaaF4i + =ZmSP + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVARAAr/V8Ox5vGayrWZmtSIpz0yzv8BudAQDZscQGUr/PD6d+ + TFA5aNPyPgCbVepLLWNkE+4YmmkBlxfAKS1b9wIhI3MvtFIKysTHxjqJde2QAntZ + LdC2Nv2O1xVqQ1x22iQkNVoipLwc6OSbwLs1EC7Od6yCX4Mxk9wDjhixXnjeFkb2 + BTqUsT0toRu6ZtIpjELHMtPCj73pHa2ILIRuWM3H3V3KkUr/InYx3ewCihv4AqC4 + CmkH9CO1abdskPF298f6dlTG6DCnV9jVO+AuuiiT1yXE9zCrVlX+ACTugL+vpG/k + utFq2gSbgIj/vnw1T5yE8RDRrDJGwWGr5lfoXJfhr1owEt7ddRV1mS9EQBzCpvcs + YTM9an9nxIv5ffktu7qW8st+qVoqWKANxJZeXkidZxhLGchSgeMtRmnz5tFfVwws + Og47L48Z+26aBVOLWy2AIzZHakdbyBY4JoXNAtUQrtRPicx0uUJbSGEXCqjcOFUr + kW4f1iYQAuJwazxrEhKhviO2vV8uGDxzyBzFrij0nd+WAJTjQrpvjWaxzs/IToeA + nQvMerKx3L9QyQ0FQQFqJuWgcYpjeCFsqija5WxVUlgDk1iDDZudZUbJ0PbeemsV + TJ4adxzdhQb6YVRRWVdTDld7ZPyPMULYmjyR8oeaswE1X8JtyuNssO1WlYvz2r3S + XAGhFT8CeuR5FJHYmHwptfKFmRahkLQRKzl8HCly0onUIO5dSXtO1sqUy/KCq629 + b58PjTcdwv9Nc/VyoTbH17NEicwkH+r6j+lztBDPvbJsKnxG2G+en57xZPWQ + =iLLW + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//TiP3FUYVgg4Z2gQ90Oq+lXTvfAytKlPioLCqTJNmj0FS + SxQ4WIl1xgOTy5DdorbwnFYlZRwFedcfeQGIJ6c/lz8Od7ab5goH4NP18OZi1tkP + 9VdqlZL/7rnAT/OBeygiO95WlrWs7KCvmdIMrB3eQQY9EJP3ZXTbkJyM2vQSuJFC + y7noAb7BxApAjcmWW98ua8l5oyKh1O/DBnbsQ2lQwWtvxVW507gp8oqJgnD9xrCR + jV5Uc7ZYxaXKNk4WEDvESVb9n5FTwL+yhW4yGLeEracONI0SSI2lcsdSbWkM7GGr + 6S51YkObJX7GH4BTPGpy9+A7VOeeKi83XZFgaaiiUA4NcDOg4270znHaF40C8cP4 + GIMu+WbNjl2ABbudGw7BlYb9dposlEkVY0Ce2ZDAQd3w5toGnkVGi5jIG2xNoFf+ + yNG4fNo2H6giDLuw3ucauB+qNgS2CWbUeTXIbt6g9PmILY2s6OuBq9m2o6GmAPPQ + PRLtiMnFCdivzQCkqRdNDSRAsNR5QI95NFC+258hTEmk2sUk89TqXgFccobX9IYp + BMaIVnVtI+iCa3RQgKM0OUUDwnA1W9XVEaQ5zFjjfg0RY8JT1xSgTnTc4OiFODC5 + rz3C6CKyh6B4SxNjVod6Nb3jNPDT68lfkf9ua+mB+TknuK3Ov16FWmCCsTGNiXHS + XAFAZjJvHeHoZ5yjhBVpQJ5bdOOj1kuqtZzKzVWMnLQiXB+XKfxVG+d2kmmCCyeT + clK0T7IL5NgJ0b/d0+1w7G++k4xSyy9Cg8jev60HJtny1LDB7AqU78+6mWAo + =1sdi + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//XkFf/JdcWreU54lrAcgJIpA/DPuflYX0bzPTgGish6aE + cOdKTppl1o0yOgsxZ/0C7tjWMevM8F8gHqqfDD1YrLerrkDtvCKw+s/UgpqGIS7D + SzalYJ3l2Sppmbum2VDqIZvhxF2U6DKB475ZMsNqangCjzcjOf4PBrxSIw51s4uE + nFDYWfaAh1VYyRB681+VUHSdCITCIfXXq+8jdJAagrA707Eix+9WM60oqv6jI+d/ + TCCHufafonXnR728LxdSwBELZF9jb9NGgeG/7DlWxmV1gcqy9o1Rzv9cICtcDxKv + t1fORQ6tztNVrSUGRXAiGa3AexJYeNnIaK8q3kzUaNqY68TOu6wyNdOEEpeyynJU + dNytPUzZ4e5vhP4SxBsenMhekLcLt98eDGQP/iLRbfDhiBjF4PawqOIeCQbJ6OgF + KXJle5gVuhakTaIuTp9QZb8rlWiffv/cOKlqGydUjeM6fq8Zgm6e1vjcbwQNj1mX + 8T+KhgyUtaUUQPC1qm3LRom4SIM4mjgzH4SQCI9M0At7X12OjId/o6GsE62DU7C3 + ZWywYXH3JIGDCmgG0CQEZrh2Mv+1M8Mp1rZkDahj39ls9gp3reXI2W1+bxdgBTqy + 4qxZGZNW0XgyaSwTbPR+z85ac/RE+oYKSmbpi8jstdLndIXtL2ipr4G8w9kzGjvS + XAEE5Ml/lMJDHAJhMTtZgGoh10j/gS8EexwQobzZqiMeboNpt0r+B4OJSbs0WXJV + oq5c/B2PMghcN4cnFIlesJl2AGry7mI8lq6bnhzRZjIN5KH54e2xBCVdhAs4 + =2EQ3 + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//RTa3TiqaH6qkdZDuplbP8l7OsNSmvuk3R/vgiGq0Jp2y + V3GT+1DuwpauG2IXDL9b36DiZLKX7+ugHnQ1DuSYsq78m4XCVBeIJkaN+2A9K+gi + LwjRAxidQ5wONKqG6L4ZLConW8fnvuyAi2KDK76B7TcH/Ir+QTX9xg2Tm+vJT9Vv + o0ZDrNnaY5LMvFFIzN+9wqiBnekw2EHFOYBJTpeqT8zkkvLb3Daoplpr4Uz/fdbR + hlPP9JyI8TFB3PpMEF84+2lys2ob4halzGW41A9+9zFiPcz1mzL+ftRKFqU8Sd3x + EBbiu/6xVycWnySAMiX0p/A+p+3pzMJ40/OJHC9P/HxdbFFTvpGzL95qHHu1aDTW + vlQza3qQTk7konQiPAqZpv2fAteXCZeqhKgm8aowevbzCeGZwNYaN0yQqyROEE7V + z702pOsize5aRsGWlxhtzrfpHVlJ/yxbg3J4vv2WAycGYmvH3Z0AJxClML/KmuO3 + W4umyrMQrmMMOhSByp3EkrPH2SXs6EObRoUwCaA82oJCcvNnEayRBf5KkX+FWqMY + ssVECN1VX6sZFYH05ZGZ+RSpzNJrIFZPx+DrbmcUQBgvOBqIsWiaM4dNpCwRVuKo + GhwuxdEKipcyPlsp274qwXCoKPGyjZxfcTg37naq0LlU+4VCYNGzuEijegH0e+HS + XAFxXl4qoEaPAHYqMADJXOOkYGcnNUET8CwmIzuqLWrE5uHgKoX9cBrCN91jEFxb + KH5dT4ysfagFkEWf5sNjBYcuxiYIP3e8BbKk2lG8DvZJgWox7qyvKIo5oKcD + =gXdn + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pAQ/+LiEI5eSEGrABofjDaIKiROJrC7XKLzVWPJ33mxxVwGsC + 5mtjnZNQDHa2RiN775zLKOZmLvrKGCNHnfCHtcax0uaYTNeUVn0Mnq+UxYwTPXUb + 1VIX6ivCI5HNd2voqM965riflOBOZbRsDK2dGodl4tMdO4zKwxJ3wDMhVJ3Po0rg + UseEnsgXKP1CA+lGoYfNqoL2rstr6CNLcb6dZ9kekX1jm5ZegH7Xsevf3ZbVDDMS + C+l4UijpngfsgyZ04cj8DEQuCZy90GQxkJAl5NWqcJ+recZkYlL+B5eLA4eIPt6u + cPSdjPnzylT81b/cUsV1NUX8vNU5W/i2Nk4eTy1U5ErsDEmp1q1c3XioHO5h0fbZ + k1F10gRjtljnlDyUv4U/5JdLz4h9/B2SvbWZT977RUpNDcLtuL1ePTs0jrOcTJsq + tVlbAYJ4iUtMdUhVyftCQUo70Lx5VNufg/TbKTC/TWSSRl0DIdDa9adfedlv7+7o + r5nXitAIMcT+2nkPeW9060G9Vr0ht/7tHcMNBrLuXLNzIaQSwl3+cmC9CsTtthdB + 0+tcuZJ/w2WZJWX9U6ubJ1vWYdlS8PAEGt0XuiBnYO/CnyT8PrGMtJfDqzt7A1yt + jADGGXq9QF96xki2jPo35TommATNAJsFi7d6NjGOKcFhwPiDxiZ7G0V0BiD0WILS + XAF0B0GQDPebknXCpeqs3aDSBtg2bvCLiK7l28xs1hWZddt5hCTpzEP3zL4lDrGE + 9+SSHG8sJ03iG/zGuo1OsDOPeLwHbdKoY7PJKgVOg+R3+OaWhIzx2cbW2qeV + =v5rS + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAAAWAZzuozJo/9XnH+sEbE8ebyKgBi5ohKDVZOlMtCTQw + oeNOyUBour0BEfJTd1MdrUOBOP8aEL/RpNxNXLJnuo/ZW9Cm/sYr5EtxH1OEuZeA + 0lwBeaaV1bGtTACOlttrysmmNGWu05AEigvWSjW4X0oerU/3C8B1f/6HNcCeE4FV + Xn4MKaTZfqGrS+r3PrtyY5i0odIpMQ9BrlUhld4zZQteiCb0FYIU9p9T3trrtw== + =37ry + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAwqo3P8q8n8cVeO8pN3QiqJCHK0R2cR7F6g4CBoXL+HIw + pat6LL4iuoKRlKzGNFhhfcJ8ZGu7b2kXLNzMcN8YU/8Bbw3uym14x6o4M3MOUnpz + 0lYBGEn/qi8JfNT9anDVH2NoJGD4sVgThagLjOM/lgXAGupXQeL8N2VH7q7aXBVB + amtNYqrr4FKYSTOTOF46BXVwNVQkNxeL6I7FuaRu5/B3MG3xZmHb3Q== + =KxpX + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ/+OW6ZL2OKIFgYinYC8LFwR1S01FTlssJSNAmbA1AWS97a + eZnf6H7JQMvz1YfLeX4bS57Gip21OCdX+sTVsj9+8bKyBEXI8lqDS+W0QtWhZy7F + xHLiEcMuv17w0Yg30UszMNaO3MCtfYrJpOiPQ5jYnfraigr7TmCja7i3ySUak8jh + 16RVF4mcDJKaDb4elCqQgAU3BLaQbIBAV9l0NcdkIN5HgwZCCfAVFXI6KfkIQ2/4 + kow5wg8TO+5OMb3gVE6YO1ntFoV13qkAUvldH2pR8yjnOgZUgMkOpX3JdG95S5y/ + +ItZQ4B2skUPu8dp4xLHoy5eiFgOiI4lKoFNknB0Mh4f1Wuhn+KHnWnnWuEdYBWe + OQxyvGbZTz2axeuN7zonS6GADzd+/jNFiaWYdaQ7htMiaD2cE1zH8MJMJRHTzZmU + 0ifH0Y+9+lKsqVwvoRDrd2pQnsjnA+saRAfXqluos2fGCMOVwIXju6rsu4lkUlsD + RuFQ6fEq1SyuyeoKMeMtahAJO0NW0DSpxMm2DCrX/HaO4adIegosVznvpqFKUbBX + e9jAp9B8xeWbTt8c6TT9U5XW+GXcPx0RG/lxRKjXQRhwd2UrvUW731scODnFLSqu + BFgqUByk2iSEoonZAoAS6gjvC9NAMEuLwWvdUejFbAx1ddknNI2YuoRcHrHnWjvU + ZgEJAhCkTMPYO7Q0V9nRMne6vajbSvXDfR/GwRLez3qRPoTnMpgZO0hpclqerJ5T + Qel10f8aMLupwPp4n+0khXyIZ+XYxTRdeR/zhvklYe0f2XljXndMFlEFA05vJ8ce + 2theaH7hmA== + =IwH6 + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index 231f581..366e94e 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -32,11 +32,11 @@ services: - keycloak environment: KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }} + KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['KEYCLOAK_ADMIN_PASSWORD']") }} KC_DB: postgres KC_DB_URL_HOST: db KC_DB_USERNAME: keycloak - KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }} + KC_DB_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['KC_DB_PASSWORD']") }} KC_HOSTNAME: https://id.hamburg.ccc.de KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de @@ -54,7 +54,7 @@ services: - "./database:/var/lib/postgresql/data" environment: POSTGRES_USER: keycloak - POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }} + POSTGRES_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['POSTGRES_PASSWORD']") }} POSTGRES_DB: keycloak id-invite-web: @@ -76,10 +76,10 @@ services: - "IDINVITE_URL=https://invite.hamburg.ccc.de" - "IDINVITE_KEYCLOAK_NAME=CCCHH ID" - "IDINVITE_VALID_HOURS=50" - - "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}" + - "IDINVITE_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_TOKEN_SECRET']") }}" - "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration" - "IDINVITE_CLIENT_ID=id-invite" - - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}" + - "IDINVITE_CLIENT_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_CLIENT_SECRET']") }}" - "MAIL_FROM=no-reply@hamburg.ccc.de" - "BOTTLE_HOST=0.0.0.0" @@ -96,7 +96,7 @@ services: - "MAIL_FROM=no-reply@id.hamburg.ccc.de" - "SMTP_HOSTNAME=cow.hamburg.ccc.de" - "SMTP_USERNAME=no-reply@id.hamburg.ccc.de" - - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}" + - "SMTP_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['NO_REPLY_SMTP']") }}" id-invite-keycloak: image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest @@ -107,10 +107,10 @@ services: environment: - "BOTTLE_HOST=0.0.0.0" - "IDINVITE_CLIENT_ID=id-invite" - - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}" + - "IDINVITE_CLIENT_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_CLIENT_SECRET']") }}" - "KEYCLOAK_API_URL=http://keycloak:8080" - "KEYCLOAK_API_USERNAME=id-invite" - - "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}" + - "KEYCLOAK_API_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_ADMIN_PASSWORD']") }}" - "KEYCLOAK_API_REALM=ccchh" - 'KEYCLOAK_GROUPS=["user"]' diff --git a/resources/chaosknoten/keycloak/secrets.yaml b/resources/chaosknoten/keycloak/secrets.yaml new file mode 100644 index 0000000..8125ef1 --- /dev/null +++ b/resources/chaosknoten/keycloak/secrets.yaml @@ -0,0 +1,242 @@ +KEYCLOAK_ADMIN_PASSWORD: ENC[AES256_GCM,data:ifiyV0ywHLiYIZfgo3LBsDu//d5B2ZKyysnUtXCXR6hGWJxQwM4ly/XglERsRNRwZtzWkndpLfXWxlMheZJoMA==,iv:YEjrBPoeqQayEd4rNSNpD6Yw0jgQsOQyRpDkv8RKiEk=,tag:KHf6eaeGZSuBipAPKBkB8Q==,type:str] +KC_DB_PASSWORD: ENC[AES256_GCM,data:h4v+6xLolQN2xWEKTZvrucvqFCUtqnDoSaoNfsXnktyXR5/vjjvqshpsyu6xGA9V2V3RX7BGk1nX9eooo4362A==,iv:Gvvz+r/gNEMAD0xJdXzNQpkhmwOY/70NQXYtJX8CkJA=,tag:0cj4qsTlYsZn7bz4NZDp4w==,type:str] +POSTGRES_PASSWORD: ENC[AES256_GCM,data:ihYTt9hd6RJNtWEtav5Cbzz8m/qUIw8WGTwMcU98f5wkYrMTd5HUjRjiWqcx8OaamiCnL6p8u9BBEerCeqeq2g==,iv:4F/sKKzaRiIN47M1a+gGhGMiexNp5x5l7UtPasbWmCg=,tag:3QsaYllKdkPyjiX37yICUQ==,type:str] +IDINVITE_TOKEN_SECRET: ENC[AES256_GCM,data:ZtUiwOAUST+QmR6I6ZSJ4GoV5qWvcIwZ7w==,iv:1XMYhMInEA5pn6PajQ1GToS4kCUAH6PGZOAA0AZAQEo=,tag:xBbGgvJZzSaNjJI/QKhUig==,type:str] +IDINVITE_CLIENT_SECRET: ENC[AES256_GCM,data:/3U7brcOL162xh9vXPW45Me7+yun9oHVCI3LLbbq8cw=,iv:+SyhYlGiFro75N9LuoGff5QLDG84GeczeYWQYJ07Li8=,tag:9QlbjBJgyt/+VbzLLWWJWg==,type:str] +IDINVITE_ADMIN_PASSWORD: ENC[AES256_GCM,data:xIxVMTN5rNZ9LuxqLMF9veLbpjqdSAHDRg==,iv:FctE+EIvL0c0RjANRDYk+6gZ/igxkEmLJ+Y371gMXOU=,tag:txlgkIVVFeJ6pXFG/+Z2TQ==,type:str] +NO_REPLY_SMTP: ENC[AES256_GCM,data:2XVjIt0tYZnjMSKP7rj+Gg==,iv:d/OFKnCwElUD05cv1XeQyrCQuhtf1JD2rRe5QI7T1P4=,tag:LQAhTYwIdoR+sCNfVh+08w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-05-03T19:52:12Z" + mac: ENC[AES256_GCM,data:t7Tp8G+2lEIyqy9SYo1cWFpXNJO0ekNsYRtlhizHAJ8VUTjJgQbVoArQygc2XQJWgbploJCTDxOOFh9aphV333OUj376ZQZjwg2msIhNSF/wp8gKw6GFIrqNZWLYR3zcvFdiARKJo3T5vIYmPRLVl0GwqVlIvBRuHOSjHmOeFDM=,iv:IXoOVkjWiHTzWTrWy8QH6WfO9bT6aIIrd5KU8pIeZW8=,tag:me7pC6Zu1TNqVlgyEwrhwg==,type:str] + pgp: + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtARAAlsCecsUz8CnpckiAsOZUe9MAFRZiSLeErMmZ6Bh4OzYa + PGeYuz4lSVq3RBkd3n7s8At0c96KE5Q9hgqXlBhaZVO5OXZm/pdSo/jykxDOqGgp + IGyEwJ9cvH5M7XfZidLMbj54+1BzA9/AW3iFSeQK5bbAi9KYmIzBE5VoVWXXixpG + czWV35x/6/rOhCWYZfr5JUM8PSSW8lhwlcA5ytoHAo0sKnbmOracK2apSJ/w4SBu + VtkpwzJ33TUdMqgFXkXIoGqHYE2ovH6GUktQzTY2AchVcwkOqoksD+mHnvy3GlY6 + 7Kw5ymKnOuOSiJXWt7dG9fVLKT+32m5NeiVf8FEx9vvz3hfTsTwXD2uet1BFYHC2 + rXVDf2reKojL4EulBN/2r/sL54tPn/YfkdQPaQVIo4giq6NZ7wR52I4bLys5jOc1 + l5wmKQqZcTVcIML0V6qTJcP6DyhspSpysoGOdr4j4rlzSctJPs5HGu5WGywL+fDj + 9+KKSYEotGMrOzknwFXCbAER1GFKOVmxyLEgPYxWJa0z0sgsyBU0FtU2j6l057S0 + VdVYEtzsamVUztxaJmKu4ei2hUBXO+PGYCdQH7ZX+uuBkHWWAVzUSspoe/3ncvt3 + 2HAX/+dZzGw4HE6pGChPABSI+txjwbeuyi3iPsBrby3GKv4yafSWxKg1RskDxRHU + aAEJAhDOhd391/ZDtMkT1Cwhf8H+U/aJDoeezvmHL8BMSIKDKOLhngr79bt0iY1p + 5uCIIMKO28SZUAgRPkGZVwTlLEuEgXPOeG+AFzkGUOuBMkPAIAJucXTS1Q1VyUaO + YP2rUyEAMxCo + =G/5o + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//bMTtv14q8MsLrIkyOW9XQroCFQUAnokoi6sv3d/rgWzF + ViQ4WHIsFYZ2HrFd2yPLweE4I4gbuyEEJAw7DvQiNSkME7zO2V2tovX1IXbzu7ua + 9sfykiT3vImd4LozPWDHR8FRdF/3HfuTQgYd5Qi7LrAj4UX0zUaMOE0tW4WJw6+J + kvgqErRgU5LYHD+l3b+CkR5tGJqsNESRGxbcRfMg/AFdeR3J2dwUV8wNI83WSGRI + xRU2SL46HLtx/RZ1Zq1/Q9Aufc+4UqtE+6PK4N2BuerzzXumqjO2vEda5Dc9yfww + 7e8l680TQLXtWwZozbIn37XOvDlYaQBO9GeDyZknNNPiIy3jqqZHvfomSRka2QOq + 7xitPGCgW54XxZRO39aKFCOryqzHfTPbHRTQvPfM8OYo4JaAmOn4hIWqIKy0pD9d + gsZLJ/YyPx4ZONgwcz2Cz2dLB6wC3pEagNKBrvgREmjaxTDEB8IStbL1AasEdJ7j + nSxJamZU0MK55IjdU+loPsHIK4U9dGr3MFHxpiLV73APcYprgwRwjmBU7MJ467Zf + kZFwmHDCFpZ7u2mWzxL4eE568a9hb1yiI2nNrsy7aGC50TTPPa9ErXOFd6Kbutlu + kUzFCZb6xd+SakuL6joTo4Et7DJNZ4nrJZwN/OSuE8ZTiGdH7onUM0UOlMNoBgLS + XgEytV1eo08+agpBece03q82iGIZ4fN5t3eYEVqbnr9+i5I45txR5B6lHyz3frfN + IpImr3kIDC0NQslUO0P1aBYeTeRc/9TWhPhtZS1wtIlURdFyLjUQIbnqNkRzDME= + =RY3P + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAAsfjYIn5vhU5mjI/IkfYl5sdVquNI/f3boIA3hMKZdwqu + UrzVysIfqZLBACms27s9LPQNpeccQHNWQFdWzmNWtx8bwGQRFWjPgERJ0Uin/M5/ + 6ICE+a149oe61pE/5ixQ9AvZcMIUF7iXYqUT6yODxgKKnvprbSNNr5kC8RwACHq/ + KRqpZ3eZR9Trz8teOBCxwh7tJx5PzTPT5QbGeuLKlSd38RHgo8fe21ffVTYtDL7o + t+uglJV33H4diQRvciH5hO/mpVRw2EBnmITn5dWSunSx1mfMVrOr/lHsfiyoEEBs + 8xmmNd0oaN0M4XYx7PNh7YMGaR0SgDcEVI5KmU9hNwDG70o2RIT7OrI5W2ccJLGS + TyYiPWAWgfVfniXA1Ydjkwkd8x6AspBZQMJTsNiaBs5dk47e4txKQshSOpReZHNz + Xv7fHBocsSlFZRl0ydB279L3Z4q8aOFKYMIw1N6T+jwhns0zBnMRj705A/z/lXqI + 22x5gOY4uFcFUm8/GtWrh7bmN1X5R3fIehP3qposIpeBvrCi4MFoIpcltbiiPkHF + ToYUFtO5/QAdhn/RosJRljTA/DFzOnlzuGuvov9XbeuJewtR+ZJmpEeBe+Z6tN5C + dCIMrjFYNndHbYHF4ztAu6PT8Hzq1nw4sTFM0Fyur3LIQHd7F9aXI7+oQugczfLS + XgE0L0AnLJRABd2Pz1IibBO9Y+la2xaCpqhxw4C2ohdusIGSfcz8aqvC6PYviovA + jZ185Bxs2TyPwqPxXve2h0zvqbpaOTmc/0PVoRQEVXkrkL8FfxLxPsJss18hdos= + =mqr8 + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ//erl8qaY9wijgSKKu2xGikhQQz7DkYq0lCZ8KrKyakgLA + 2vyuFg0+b73/jUd81Xy7j168SRW6GS6Ms/9v6lgGjSt+e51b1nv6G4ob1+KEqu19 + EbTRNeMmTcFoXVMuXL3C2PWVUAE5Gs4POZai18eegQtm3dgOax5/25FvNZXmsoYh + NYr6+vdZw3Au8KZdFov7iMK0/GX/6GR6XJj5Vlv3SMF8GTCxOyeZwmkk0ud6/5Gp + amnz327woNAs0oPnoJ6cWO/zlAYb7EkmMfbKG0/9EFErXYkC6Y8N8LrGtOpZXHJG + doFot4TOPIJGiDbTL6D4+QnIqVchym7JiGmYUGxdzmEXiwe8AO6sKJOR8kZKU+1G + aSHjpq96IvPewBOJA9NghAI9JoCsWXtqYlpTjeiTXciHqB5NZSgU133R/dqZ01r0 + k4iP1I84hbx6XSdxejySFX9Vscf38WhEfV+KgM7xOJhDTJ8HozQQGj4OpD1WOL0Y + rP3y58uLF1I3qy9V1csoJtq/+no+cXx3mohc+iiwXQyhYAJML9pLBbnmWJo+O1Gx + hHYbRDmBM2Qn5TYq3fPOPKNFuKr4pLqz4jy4JC338hTamGQNjbNP/BCCQQJOGdRr + P2klOkSiZepkLSUSbLVlpZWT/wAqgz2JSxsCENoMUuwPvbK6m2cMs/9A/7JMWZbS + XgHCqYLJ30G9mtGc/+dpFk6xzpKg9SHHaos2JV/TuqU3O1KetAB4TUEAwLOj1c0Z + Kf0HlK6l1J4ya2RQqiK6Inek9/D2+KKcvmcMD7ZYQlyeNkLIzKkQIztHS73AuUs= + =14aT + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVARAAnMF45HC4rYs6NFlsOestm2UrYTMRTkaQh3Sg55c3E1wL + gaBBuzfgZt8Kwv27d3Prbu8joawbHuFVEtT8n9qW7EYRlkmwX+HptrvBLWHvCGfR + L/rqCN+6HUJlA+L2RVpcl3dWcI7g1n2/P0+h+3V8z0AlDIWXO71vzX40EsNt5oKW + FHxEw+0bPEHhrFPJzf0HQgp6XBh60T98JZKi5zq/MgbLreLkEswL23XdiR1diFN4 + 0TCPivcJ78bBpONRvd6mlD2gFc0YDACHCsFPZRL1pq0gxvE1ZNydGkTkjgiKY6B3 + 3VMjWz2wTgiXqArJR84O6qfjZYX1eP8Qd/+jjvxuUGhax8LRu4J/Ccfqp3uZD3oR + N5ITo7kjWGmdrXCATGLhAD9aneWuBlyHNJfwHZxsf7NeL98d2tuYGF/kpBTy/5zu + F9MlJyTS3OWkSInWrB7XaRB5slSOCi1JM5GvlEooklVl64t6+yIxQf1UA8LBaMOV + vZ4Zngcr1FF3CJ4m3yU/WhL8GSuySSlGlWvgfZNYsmJ20Q2AqGyVID9IKXlFNvWf + 04nnxuQUOmdwQ4OifgCMfvzcyt1eo7yXJ7pgMVT2Xmy6bTLZIrPHw33fP/C8cKCd + oiUjn962vNI2E96MDlTZxOrQhOOmSQbu4xbqiSSqEZ70xEckmjE0xxR1JwI3rSDS + XgGuitcNHdV1u00dPzY49PIQWk8wNjqKdHeZ8a5tAjdmps8ACHhL2dTd4j2pTgff + XfvVU4iwMajbU3p3HjiB7chmYQ+U7iC+CiFuAQbjklPwNorqAIcN5zP0pOJ6O+0= + =xD2W + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fARAAgaSoB6hSUrpjgo/QOMIQmgjPtF/KtHASST7+/liqcIem + iQeT5xwACl898ez2a1elKtgFYUVTOopuc108HyCGmFut2/T9u6uGipOfE8WGROu9 + 72mx4hq5IGB6mVz3YIucH6NGCpH8lGnQvkeGydpYUUJPzbv9AWewn0IySJVnC1uw + UZy4h+mTSFH5Z4XW4JDnPXamfEwKTSHsbM6KHPvql+CLnJgwTOqln3vZeF0YumSk + iH1xO7OslluJ77jiZlcCfk1uJ2vMCDJGmp7DziMeyf+wTFckvjDnXG79AtQzQ+HB + 3fcymp+DMIJbMocGiwtXgpEv/4TGTrbhpZWE260ddmOlrzCakahjA6AjGubu6oeO + m6G8ZTnm0RCNvjmldykW4MZCIbsChZwKAQEOUymiX5JFa0ayZQq1CR1GCGwsU20a + odNI3z3hpJCwI2Vo21nlNc9hiUp+zA1fJteBDnCS8j8QuinFi9G6x0dT9P6i2+ED + yV7ULKsAemCzwQhhudYondo78E5lABgGxVKI/+2gkwZTIc4VU9/aRNftZLszlc+8 + nRIs77btYflj9NiK2JCoxr57UpNq19JLs6Otc0vTOjtieG5uDl6RmYOvD9+A731i + rAAMbgtGzM/1dNnls4VpVko7b8elm+kywijXwSXUzGYXfFojIYcfrCOxmLgGBKrS + XgEyMad9QOGTFJZDtcBghfodvs6xfLSYwwT2tDWgSzW4GRmJfvb6b+AR3+4JZ+OL + QQhUFVWM+rVHmAfbnLSfPbLVJFrOPjsTiCOk2onJjiRv8MHWL0QoobZvG/1/zhQ= + =87lW + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ/7BqkS+RsQa7o8pEN3v1OHEMgSJvwmoP/yoOuXycv8tAQz + VWxrmh4oYlrOc0xHKTotGT5IY9uJi062sVLbnqVwa9EQ96bNM/r0LleBOkO2LsqF + t4aXYKV2njzCb63QpjkeguHQtGi0szKWX+cny+AK2CuY3fpG4i/Pbn14fTE1kDlj + EZD5eXgPSeAG8lQkQazG9yzXOOGJ72mWn3819T3VAFYs7/cXBPYIwB5BD7EYAbg+ + dG7ihiMbcz5b94EdkOTqauJKCTjGE3hsjjE7cKRt+BR2fHXkflrRW/ALBJSA2m4u + aDvjAPyvg5MIuJljQ0imXsUUY+aga9oWqfRFR9RsBZqXJD193HXzzZg+WrfCvI8L + fmnRDzEjJ7LYiFJ0Qs7SEuFmlTAa0bk5FWMtVmCjcTrc2Si8o7+yuhysPTIUKogE + QG65iUk7UozuGJapZYI4J46E1586R+LNi3MmKiYwvD06wprRKdJ3vUqTHzaqwqTp + S+RbUi55WciSaWs7EQrO042U1mgsyphG5cGpmXT6AvDwNYDrTBbBM1E8QKkZVp9Y + lKF5ywatwrpWyaxb7OMB8cWaK1RXjB3eDOSYNTUggCx0l/IMAKSoKuK5Qr3Tlcyb + zBENWNuO6WawhJMac7ZlB6s4SpiZxFMKVVBx1BdsNb/OY3L0BZmnZgWDwvggqTnS + XgFcVQFmgq+K2CcXsyiMD303sQmW5MHLrLzjUfvH4QRQ7mhDxLqeKQ3HTTB1IeKY + u0RE/XKAN68fVSeIBcgaXTNITI8TIyGCpXO+BWv9x3k/f8jwMuZjUUD7ikJbzi4= + =EwRO + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//eJiqttBEkbKmuK4eov9Lo5ZyO2gOfnwJMXm/uFjaMzrq + VNsjy2PuYZ8TncBTqwDYhTJ4PsMpu7xm9fTBx+JjIhnZHTznQ6lkE/hEfFdeVPtj + Pg3cTO9SuK+DDYqxPcDux3ZBAt/VheApCLFQbj9wXQZTRo3rWUzgdeElTRzJUSKr + Z7yDahdie3roxRTn/yM20d5DuPmAP/ae9XxY9KnBC+utaBsWX0lv7kZDPaJQ5XBc + lZxk/cGn2AAXaWWzDbx5hYvoDQRq1ifaoCE2TMitXwnVtiTvZAxZS7LHtm5rx+gF + zVP/ZcoRMEFBS2CPunE3uEnYF0vux9PkvsOmE9Z3BbjpY5juOOlf+R0pcn1Yw6oH + Sge6DzcJScZ4p1LCr5/pv8WlE6roIpA/YswYKY96+GSmfHbLi4YvlBxrVYJv7hNP + Y2Ce8hcmbiPkiJ83h2RAW9kyX406NipiWy2WJA6hEKNAkS67lhw8gn30/UpkyHNB + QBPQSiO+EvHlOE02UhYiRSyYa7sGypkNicEvX18U1VXLei7CN7Wq/Y0sm33Ebnx6 + jh48vOdwKjc5dVTwBAmX6GtNkpXY/xuNipwtcwJKerP2Neh4nk25tKTjmTXP1e7c + 3Ka1Uur8st7UYHspeHSHJjnGgaSMqY7V2WsRzjOV8d32WxzH9NTCm0XgaxXkj5rS + XgFzvL4Oi6AwE7pU0OwHCYHCYhgI55jX/gBCp8eOWl/vzbAllXFZkTE+1K7zCghu + bmvxhcdGIHO1Hhossy3KD92njLvhGjcjtcCdaZJnDTKmYBzVZZ2ZiHX6vXYl7gs= + =inE/ + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pAQ/+MF6PrPLjAS+QnXkKQMVTSxo95MCPkQmXCPfGpxiEUFP7 + cFCsynGmqpYvhPLJqxlF2FwC34T/1MGv9ejYECfsFHhTiUqr4u+OGEG+Y3HnOG6E + OUHa533f8uUFqhoinC2l6v7Ka0XZUN8U91NRqDlclzAa8bCVSYBr2xtqkpe/idIz + lVsnhnTtG0O05voztB2qd2Nhq/Kyavb8w4dunweXVpp5wTuVsvdppPfdK0/2kLp6 + CO+2MeBgLHeb3cRcqgsVFs1j/iJyCSPDgvZK5hPm7K+gxL/KoBV3SQUM6JibFWt/ + CxGVHCAdavBmvQUQpcJ/GcXO2z4LfRcsZlGbZY5hfQ8omb7QF5EYCtwtfEOGpPVc + ne187Mlq5PgqK7D6rG2EHke5TraIGtkzJxyM50v2EGNrANh787YOfPDWgwgw/OWM + 6SpfIS/wIGwvHMAZKPP0Bky5tmSePvk7xVVEq4TY7UBB/ndOCzz/GEyWjs2oifE1 + o56dqsUgBiX++SrXxHldU8WqN7LHwBi+8HSFa5hi27gIMcGsXp8FSdnZb0u5CA3W + hvCswjwv8SHt6g/tpAkEUYair4ZELhJooPy6SemV1DLLyJmJmdObHeiE7pvqkh83 + GMH7G5iwcHWcOWn08iFsubz6nf8XsJ43M5X0NO4XRF8W3HhIAqDGNmZU3C8RbMLS + XgG1DJ71CT8bACyUGxuDBsW9P0JJn3wPlcVzi4i3aSxY9mcPc6io8TzedOf/bElm + g9iFKEXxWGk5GgUmVWNGaQIwqNwG/OM3t19Tba+VOdWbVdBN84r7DcXGY52K5Kc= + =xcRA + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAcZM9nigmcaFdRVOWjgBMqN3VF0atnfy5Zw9cowdtnUUw + dROW3r6ukUzpSu6AU9H0jYVB0i2p0DSlToK3fR6JcESjoq4AnPFSZ9UwaSTzfnkq + 0l4BFK57V9AgtPnYWw2GdwyDCwkWGrraqV9LHFCgvkaY1qkioY12KgpnMjmvBOxn + HBWYuiOzE/P5iGgyZA10TKN5NVFY8V/99djYSMA2PgqdJ1VFS/CXVbeuUGWqt0pe + =Fdf0 + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdA9NXYBmSAcUPEkOo9bl3uya15K/V1euv2kb7hI0nAt3Yw + pJ2VN3shYfG6InaiGuE0fSZJ3kgxrjC6lRmoRzmw/Y6T4ijBpUT0YGnBw4Avbxdf + 0lgBEeBV6SFy6kQPJAfZ+6jJTc69bMku1RtJcBbM67tubn4IcFlgWd4heijxIW2Z + dWwIxaNxUlQ2I4EU3ElZ2Y8j7wUgl6DEdhHcD8Ts20w0VMmjrEgQviLH + =M4OW + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAxyj8/2Ogapa8QAUjDkdnexURS9wnP3JGa4JKvdi07BaF + uJOzOdboBhrMwZug4uZsbgBou02jbNIyP2QpxarVcmhtC1eij4JqVsa81OE+hKES + fwl752MiQD0QblKwEng+816iazBA1oUdYyqW0OsZXK3xydjfyRSiY1skbmz9iZfM + d3pp19xlf/fisDeCCZX/ylLOUn9Rbn7QCdIvVuv6yjwC0tutjDaU8BwFYqgaRXds + 6Q4TEQCPBJBEycmXZrXtBQ2mKtLnxUlcXd+G1x7J9UBPrBPe8cn8vi2U4hzBaPf5 + N/mz/3r1S5WDG48eDShgMkrtyn1nG+mCLvPxgIHbCVNiufmEKeQKAFQkqZEmeFre + jb6Rh0F72lABJ0pnpWo+1rRuDJPgTe6IfpWtCmar/YAPHKrjGw5JcXuobYRadQXS + FHyTuXXW/20bWoDrGEnFX4nA0eHVTwoBpxiFrRUnjwlTOnJ6ntYKPDVzU59MPY5d + i388xEwdtOzv//e6kRhI517RVMoavRQ0ldBlxwRbTM17zetilb0c4CITyyTJ3pBr + sUv+XwtLhy7xiq7LlliCUc9QUcXRRFttAJfNyKMDqZ9JbwB5f37GmZIMqiJnd9Tv + ur8zPGp3gGLJ20S4/Bj69te95pBP4myweugr7mj+A1lgrrtsReHcJ2D04hwT+aXU + aAEJAhDXuvIXoDHr6c1CwUBiRNQfISQmOohiEWG/Arq/ISt6a8NI3pQbKN3f0k3q + xygtB3ZTfvS821h8VrqvCcI/tGTWJ3TymaXAR+mGLeW5QPtQP7M13buYh9aoLsa0 + DK5E8OARtCaR + =FH+h + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.9.4