diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..49bd543 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,181 @@ +keys: + - &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70 + - &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505 + - &admin_gpg_june 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - &admin_gpg_max 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB + - &admin_gpg_lilly D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - &admin_gpg_langoor 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 +creation_rules: + - path_regex: resources/chaosknoten/cloud/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor + - path_regex: resources/chaosknoten/keycloak/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor + - path_regex: resources/chaosknoten/grafana/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor + - path_regex: resources/chaosknoten/pad/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor + - path_regex: resources/chaosknoten/ccchoir/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor + - path_regex: resources/chaosknoten/pretalx/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor + - path_regex: resources/chaosknoten/netbox/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor + - path_regex: resources/chaosknoten/tickets/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor + - path_regex: resources/chaosknoten/onlyoffice/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor + - path_regex: resources/chaosknoten/zammad/.* + key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor + - key_groups: + - pgp: + - *admin_gpg_djerun + - *admin_gpg_stb + - *admin_gpg_jtbx + - *admin_gpg_yuri + - *admin_gpg_june + - *admin_gpg_haegar + - *admin_gpg_dario + - *admin_gpg_echtnurich + - *admin_gpg_max + - *admin_gpg_c6ristian + - *admin_gpg_lilly + - *admin_gpg_langoor +stores: + yaml: + indent: 2 diff --git a/README.md b/README.md index 6906a7f..f97683d 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,10 @@ ansible-galaxy install -r requirements.yml Grundsätzlich sollten Secrets vermieden werden. (Also z.B.: Nutze SSH Keys statt Passwort.) -Da Secrets aber durchaus doch gebraucht werden, werden diese dann in diesem Repo direkt aus dem [password-store](https://git.hamburg.ccc.de/CCCHH/password-store) (meist aus einem Sub-Eintrag des `noc/` Ordners) geladen. -Dies geschieht mit Hilfe des `community.general.passwordstore` lookup Plugins. +Da Secrets aber durchaus doch gebraucht werden, verwenden wir [SOPS](https://github.com/getsops/sops), um Secrets verschlüsselt in diesem Repo zu speichern. +SOPS verschlüsselt hier die Secrets nach den "creation rules", welche in der `sops.yaml` festgelegt sind. +Grundsätzlich werden hier alle Secrets für alle GPG-Keys aller Mitglieder des Infra-Teams verschlüsselt. +Das eigentliche Laden der Secrets durch Ansible geschieht mit Hilfe des `community.sops.sops` lookup Plugins, welches entsprechend den lokalen GPG-Key benutzt, um die Secrets zu entschlüsseln. ## Playbook nur für einzelne Hosts ausführen diff --git a/ansible.cfg b/ansible.cfg index ca06548..fed728f 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,6 +1,3 @@ [defaults] inventory = ./inventories/z9/hosts.yaml pipelining = True - -[passwordstore_lookup] -backend = pass diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index 7212842..8dd46a2 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -2,10 +2,10 @@ nextcloud__version: 30 nextcloud__postgres_version: 15.9 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud -nextcloud__admin_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/admin', create=false, missing='error') }}" +nextcloud__admin_password: "{{ lookup('community.sops.sops', 'resources/chaosknoten/cloud/secrets.yaml', extract='[\"admin\"]') }}" nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" nextcloud__use_custom_new_user_skeleton: true nextcloud__custom_new_user_skeleton_directory: "resources/chaosknoten/cloud/nextcloud/new_user_skeleton_directory/" -nextcloud__postgres_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/DB_PASSWORD', create=false, missing='error') }}" +nextcloud__postgres_password: "{{ lookup('community.sops.sops', 'resources/chaosknoten/cloud/secrets.yaml', extract='[\"DB_PASSWORD\"]') }}" nextcloud__proxy_protocol_reverse_proxy_ip: 172.31.17.140 nextcloud__certbot_acme_account_email_address: le-admin@hamburg.ccc.de diff --git a/inventories/chaosknoten/host_vars/eh22-netbox.yaml b/inventories/chaosknoten/host_vars/eh22-netbox.yaml deleted file mode 100644 index 56ba344..0000000 --- a/inventories/chaosknoten/host_vars/eh22-netbox.yaml +++ /dev/null @@ -1,16 +0,0 @@ -netbox__version: "v4.1.7" -netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}" -netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2') }}" -netbox__custom_pipeline_oidc_group_and_role_mapping: true - -nginx__version_spec: "" -nginx__configurations: - - name: netbox.eh22.easterhegg.eu - content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf') }}" - -certbot__version_spec: "" -certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz -certbot__certificate_domains: - - "netbox.eh22.easterhegg.eu" -certbot__new_cert_commands: - - "systemctl reload nginx.service" diff --git a/inventories/chaosknoten/host_vars/grafana.yaml b/inventories/chaosknoten/host_vars/grafana.yaml index 50a1290..00b877f 100644 --- a/inventories/chaosknoten/host_vars/grafana.yaml +++ b/inventories/chaosknoten/host_vars/grafana.yaml @@ -50,7 +50,7 @@ alloy_config: | url = "https://metrics.hamburg.ccc.de/api/v1/write" basic_auth { username = "chaos" - password = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/grafana/metrics_chaos', create=false, missing='error') }}" + password = "{{ lookup('community.sops.sops', 'resources/chaosknoten/grafana/secrets.yaml', extract='['metrics_chaos"]') }}" } } } @@ -59,7 +59,7 @@ alloy_config: | url = "https://loki.hamburg.ccc.de/loki/api/v1/push" basic_auth { username = "chaos" - password = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/grafana/loki_chaos', create=false, missing='error') }}" + password = "{{ lookup('community.sops.sops', 'resources/chaosknoten/grafana/secrets.yaml', extract='["loki_chaos"]') }}" } } } diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml index 2304112..7fcadaf 100644 --- a/inventories/chaosknoten/host_vars/netbox.yaml +++ b/inventories/chaosknoten/host_vars/netbox.yaml @@ -1,5 +1,5 @@ netbox__version: "v4.1.7" -netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}" +netbox__db_password: "{{ lookup('community.sops.sops', 'resources/chaosknoten/netbox/secrets.yaml', extract='[\"DATABASE_PASSWORD\"]') }}" netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}" netbox__custom_pipeline_oidc_group_and_role_mapping: true diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml index ed0d042..2450ca8 100644 --- a/inventories/chaosknoten/hosts.yaml +++ b/inventories/chaosknoten/hosts.yaml @@ -10,10 +10,6 @@ all: ansible_host: cloud-intern.hamburg.ccc.de ansible_user: chaos ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de - eh22-netbox: - ansible_host: eh22-netbox-intern.hamburg.ccc.de - ansible_user: chaos - ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de eh22-wiki: ansible_host: eh22-wiki-intern.hamburg.ccc.de ansible_user: chaos @@ -70,7 +66,6 @@ base_config_hosts: hosts: ccchoir: cloud: - eh22-netbox: eh22-wiki: grafana: keycloak: @@ -101,7 +96,6 @@ nextcloud_hosts: nginx_hosts: hosts: ccchoir: - eh22-netbox: eh22-wiki: grafana: tickets: @@ -121,7 +115,6 @@ public_reverse_proxy_hosts: certbot_hosts: hosts: ccchoir: - eh22-netbox: eh22-wiki: grafana: tickets: @@ -137,7 +130,6 @@ certbot_hosts: prometheus_node_exporter_hosts: hosts: ccchoir: - eh22-netbox: eh22-wiki: tickets: keycloak: @@ -150,7 +142,6 @@ prometheus_node_exporter_hosts: infrastructure_authorized_keys_hosts: hosts: ccchoir: - eh22-netbox: eh22-wiki: grafana: tickets: @@ -169,7 +160,6 @@ wiki_hosts: wiki: netbox_hosts: hosts: - eh22-netbox: netbox: proxmox_vm_template_hosts: hosts: diff --git a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 index e4ab5b6..01226e6 100644 --- a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 @@ -6,8 +6,8 @@ services: image: docker.io/library/mariadb:11 environment: - "MARIADB_DATABASE=wordpress" - - "MARIADB_ROOT_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_ROOT_PASSWORD", create=false, missing="error") }}" - - "MARIADB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}" + - "MARIADB_ROOT_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/ccchoir/secrets.yaml", extract="['DB_ROOT_PASSWORD']") }}" + - "MARIADB_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/ccchoir/secrets.yaml", extract="['DB_PASSWORD']") }}" - "MARIADB_USER=wordpress" - "MARIADB_AUTO_UPGRADE=yes" volumes: @@ -23,7 +23,7 @@ services: - "WORDPRESS_DB_NAME=wordpress" - "WORDPRESS_DB_USER=wordpress" - "WORDPRESS_TABLE_PREFIX=wp_" - - "WORDPRESS_DB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}" + - "WORDPRESS_DB_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/ccchoir/secrets.yaml", extract="['DB_PASSWORD']") }}" volumes: - wordpress:/var/www/html/wp-content ports: diff --git a/resources/chaosknoten/ccchoir/secrets.yaml b/resources/chaosknoten/ccchoir/secrets.yaml new file mode 100644 index 0000000..854f831 --- /dev/null +++ b/resources/chaosknoten/ccchoir/secrets.yaml @@ -0,0 +1,237 @@ +DB_ROOT_PASSWORD: ENC[AES256_GCM,data:zfK7WXggayIeROoPhCWiU9V0dNpKDei3vg==,iv:XChG6XtDfdHDycZZmIgUtUrqr0YtiVIt2BRZdo5E50M=,tag:x7UeKZDQVQu9ybJx8Xz4ZA==,type:str] +DB_PASSWORD: ENC[AES256_GCM,data:7ld13nerRTQXJsI8/0n/3IMmbT2FVhAhRg==,iv:Fs+Vv9fDBYMHaWBvcLAh6dtLt1lTNkR//Xr8E4KFylo=,tag:RyDrZcexek3eO6Justga2w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-05-03T20:48:33Z" + mac: ENC[AES256_GCM,data:1R4V8XkoIz+ySSdwj9kBKbi0LhOqZtjuEIgV6heuDDXXJ5gKTQKcgkvtTQCAvSoC4VGdYSwedfm94tOJa6blILJ+WA5i/mIxYkuypnqXct1qeqwl0CIOxRs/7qRqQaQjmBmlp4JBRDW5usy/DSZB6383azgNF/5o+eqbErMm0sM=,iv:bYipcv9OSnFakbfKFzc78x2icJ4ByN4lMRnSwqA73yM=,tag:0TfCZmr482EEey/tkcxg9A==,type:str] + pgp: + - created_at: "2025-05-03T20:45:39Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ/+JPuBs9V5yTmx11uwmqRVvtUH1Qxap+cx4X/KTNjUxHtd + BPA9PKUeIu7Cj0bjIHizlJT/R7xaVHar6sPCYvviiQ6koHPrI6NlKtgLXvqkjRFb + kdCgMeJYDUtdKJ4QYnLWdrSb5MoZ/Q3eb4DtZDV+N88i65cEg1fLHduAr+5y+YWG + oxlhPFgFA0YlMntLM55Ug4Hs6zBWYzLcFeUjGH2xJ5KDUyIbo/V00X+DPVSLVoRI + TT/ikxTqXsA5DIBtuKZvmbHjqcxMBvgCyO78WCTWMfE0FUz+/iqZSvORWiGHFJOB + t4Bw3s1TXGM9aruj6iiOy+SQQHAf84SyYUAQ/MziPRYrKQrMrGaJZ0NtyrdnfmVk + rWWVKHgmlGhEYnWYaxEODxLCm3Qo7jS4KWZ+jDNyEMAGDkXSCYzcuJ2Fjs3r1Z2z + 11dqXMb+S+wicBUrVkockagGOm2LpS6QS4jxl0ReDlka07V65I8+X2QnV5j/JeLq + C+q0wchfACJX/t8z2ckUElBXld126k7RiNCY2vMG5EHLMZAeVchJAB2M6+eYNWlo + j0VuBBjJ7ALTog2FRWeLNhhDKowHImEgO5IJYcHrGYXnqrRFDcJ3z8eAUTrWistt + UcVS+2qfWCmuv2A02zOAunt7352/CuZTwWz3OxrrGDgxnnYTbsDQNjN6gk/1HdDU + aAEJAhAkex9LqxYMmNmfJEFtR1pqPeMwTnUb4HEWD1wW3GnLXGLyRZAs5oLzN8i+ + GwcPJnSXBchoTSSqbuSXmxEz7OOA7YqXa1ZlnRku4LZx/4unVYd2SX1QhI7eVh0T + 02j5wqhnf8Nh + =esBT + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-05-03T20:45:39Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//fQv9HgUvIg/GX9SXAzPsap+rEg4hVQstjVh0bX1RK6lQ + +IDB9KjaeiXdx/MQUwVlql+35WtH4AaMQ223fRSuZ59TGz3b88nk87o0xZ5KxGvw + /MRrWEt8032Hay6Gg39tF/kyNZtJiUHZRw2cjt9Ny0u6d2z/HYDdRewst8Fc4wRz + NKWFLHf+im4AYoa9V42TbR0VJbxwMKJ579zB96aipQsuRf+v3gg/cZuJ3s68KQXv + hhudNRIFh+vlBcwOyZNRRsVxquGn+x0KJlqjsNH6TPXgiiixwspY76n0zI7fzTU3 + ukV0nS3FqpwM4V/ioZTXJr9NJ5hxMXa5ogNeD0WF3kp+ukPsfy0wbC5DbRcdg8E8 + /o+aND1HjXg0SI2jjEJdCyhpR008kzM8J1vYukBMpPaOX+twyfJJrugcyJCU5q5s + KlnMHssl7cVrtRXy2exdK1g0J5xIwRAcfQ9fF7UItOtFaqbuoCrmVTT7X3wiZxYN + ogVHxA2eOdTzo1APCwdlJMKTRc3RdzYxmfyBVcNj7EGq1ekWataIU2w4t+h1AV+K + ikCWl+T60U462I2wGN9W8DnBV3XRvIOxAoU56wiPEP13ejOPLT2jVxcDCz4YbqMB + tbZCTMjvUGm0gWINniobhBSSqql685Yl/4ZIkUnpS24BShshz3LcxSqmO7SGR17S + XgGQMLUfg9lupxR1LdlqLdw3IBIPtapKcF2VSYYuwL+yRMzRKelisQpIFeocr4Yt + 6ep2mu9JoLhWmGsowIhsd1JyKBq2o+V9rO68TD+xWtltpyPA81sbhccowE16EUk= + =5jJA + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-05-03T20:45:39Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ//TlEKkG6EDgsc2ZI1BVETcVX+Z7fsGanpRu3U46XvAHF1 + Xazjl+KQbZDwnC5Xnppd2gn7WgJV8Bs7aHI6219iXZdOJ4GdO4xkYFz1LKVdnF6W + QAZWrAWJSrTv6dpN8L5Pm/fikxIxO21Hjy/EumKt5jQqxevu8pwaa+vHN2BdDRKf + glOsz+d6pyVvlAgyuewhRXrXwB7A9abMaaNLmWVedV5A9j96oQ2A3nQ2RNsZUIwP + kpNhjOQgsjO4qnb/81EeIMPgnKM4SZCmXlGsj6M4pLp7VdaJbrfJ8+XW/Mxi+8mq + VLcanBfA0fcPpHF9uXZty74Rg0Gc+zzqSo4VV7yqKJ5DBmlJTojYGfBY28DQe9FE + sJxi05paeF+WuSDqxM5uSoVHNya1MyFXk5MgxrUHicny7sjTeUeFQlbonNW1I5PZ + rzgVlon++e7CIvlRJyzw2Zt9HX9OYJh0GkqhEowQ2z3GG69ytQtTBv5W5xsn6iRw + a9PghfQWnHisIXTnEFRfyTQtUQytEvwU7YOy8bUpQ2VojnEe+MYFavUu6OQPJTuE + TMUYl/Q5/8fa1H4m4jObH4SuP2iqb8vzr2cycbytxbfDRzzgDLm9J+cvihSnuKEv + e5FpYJ6qGBuUgAf4eXeBhAf7m7lxOvLvpG7F+UlhBHry1D+ZJQqo7lWDsDIsg2/S + XgElbZ3RWUpulpfETZXBNjDXl6OBEcFFhwv8NQXAj9M97ord9+nO3zNJbv2OUAP2 + AZJh5Siuxoz1tYJfoxN04lNjEKvDNKJOmu8No/Nl3pItl2LsbGv/tzdOaBqz7KA= + =2tvG + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-05-03T20:45:39Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/+LEFVA/4g2+AH67eMQ35Kbv4N+vwxKn3d7b7wWglSYqG/ + yk8TaoX4axXNojlAKR7u3TPIr5PnNRA/DzzNVZToZ5E3RSFrDyS0ql6LMLOF2kRa + IMZnY6l7zMfIjX5SobiBlwHn1b8B+9drHOiQY08OvnB+RePrbT1sGTC7iGjYFcgR + RSOHCppZMmywfk7OpmyN1pUiOa75hFeyhUdfl2e0dhW9WeEK8SuQdP0qFgTK9WuI + +/udqqAsJtei/gJ1N5QbQtY/bG48AmeS9DdDxQMqNH1p01JLQgdqHNFl4ysADdMb + s+sj2JNT9pwZyCi0+8zCdrUeddyr4c78J7nga/O6I/+3R+E+Pu1zg57YJNa2aWsn + z0AE4Z/qtjJMViHStD9Ddc/1+CHrnBCLwxEN6MflpRpiFSSJtdxnMZ2zd5Ay/YLO + W52nRGlG+szOzPqI8V3M3enXrhsU+zRZKdMuoyI9/uRaJIxyN0HCrQZxJo7P2Rjr + savyiQrLVNeufl4x7cALadqwxSKn85JLnWQcPrlzqtmBPTuWt+LUkUiYJEG1Yguk + WisoYKfP/vM213afonBUfhAwqwAcf7svytBXGmxFv/W1YZ2eqNgUhM5qvftEb7/k + xG51fToNtgBDMJ0s+5AQqBq44wOJmR/WkMcePyzC2wHRgqEw9EMd/gbpjVOkwDTS + XgGNIE2nglqnYrCX7dc5shy4rQM0xsDGaY/91dHlp+WAm48O9Q28+i7rLLHa7wkM + uM1e0p0DLNRFZkVyJfY4HbVSTozphNw4fIlI/jKgHb6g+o8VTYAW8WMqln6Z0Rw= + =wOsy + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-05-03T20:45:39Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVAQ//afGJ8tZq7sTHTusi1Effj47UFgMqfE4beFPy955qzHYI + 7Be2xMXMIq77ajGxakQAhV7AD6VKLzFlJWkSWcCZZ4hhLT1J/EMSgQlNdplQTunH + mGaj9qAJnUh3JXRMaSSfme9ZYEMBX3Tzm8snywnmbNiMHvyyAe21ZU+sntoIcshB + Wy1ZVSc1Vgagb9Q3MCoURHpaNfYO/sFLSSGs/Hbftd9Pu+/6mZRunqtl4U8YwQjn + TWsceeVLvb3+RcTZA2tsQfMe2TbYm+Tor2lPUvMDEkyApacgOjhTFHCZsRNfdDmE + i4HOMETa9J2s4VSUVj88asiEHyZRruisYj5U+gpNPX6xc3M9Bjk20basXmLTmgS7 + J151/fY5a51vgGvNYlzkKo9J1yn0iGsGNYUBtxidfndjzKbLB+Kqhte51W9TOlhE + 5hg9pyvnT6c83RvnEeiyrb86GXXQXiSermrmjid2zbocSm2N/nl22Z0TVIiW7Kx2 + y6JUdY6r06xawZV84FEi4ZXTQyvPUWCm3J/uQSBi7Q9zkxvEycm9/qLiyyWRH4UJ + 0XBfi3uCzSZ3wRgZvXmhNJL4VFzFZDTAseuGH8bLzhvgzVUIFGRXQnD9Le2lfgGY + mK2dOeqCW1gJ+lrtuc/UwoeVipxSlDgseT92861JM1g2rTgnElWCrEouqrLXParS + XgEUeq2hn25vwGt5tot7P47gXjcUU8w9opLp+pPJHP+L4Q2CTfPq/kMKgVlXAZVw + OzWTuP16fX6akp3jmfk/hYXLcH6otG+Wfffh0dnWdECxOZxNsGhoKpeLQ6/zdWY= + =20lV + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2025-05-03T20:45:39Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fARAApaL3AwoqzKVDuP05nEFbz9HtOIflOCWWAxY4PqevkVgf + RyhBjohxF0eun2rWVqMoLFKB+iKiQA/y3ttN5t+VzbZEu716GLR6aQbMkBwcTZ2k + iMztZzsP/7ssjn6zOVaLMamfChAVUkprXruVUf2zDKJXVsS6EemMmZyzdBlgLGfN + 5tcJWShEd2xOorLYCOpcFdtuyzuHj/igh934bmGkRq/5Q9+SX1A/pr60G3Bye4nN + ZptAtLDwvA60Jm6XWqZsWw9X5/QTws3q5wlMZZgI+CNlAfoFMZzQ01kLOVBBZ4D3 + sS2Yicxbc9o4HU4UY7mNqQfxKhKJ+7MWPvSC4ZgsEHPg1HKwJ3zFBpJI9d+Kc4kc + N2E7xLfeAYz9coDA+LBSGJy70kYwM87ywfnBvBlHeLyQwW+X03ZQkGRCut2FWERQ + Yt/ciSugCPtYvsoZdnrzlV3MoLJH/xUkXmAk8SEXgcosBMwKIyX4AqVXrytIWFy5 + a6VKAg482xWcQg5QKtqKXTS3qfWEyI78TG4TZo6O3FyCZn+/L5oU5UNSxJcLYyh8 + xFUVD+9tf8dfprba+HZBB2g9KGBLvoMpEDTpsb6tvrPhV416dyAP0qmAIVLXZ08t + n0VHo7mdpfRkMzzeb6ARnBm0jIUkvjHMUhAOjjb77FG6NnRlgk445FmkvGxkLUjS + XgEhPKCni8oHCY2ZtvLeKvl/XdlGH0OfDEraSyRDRJ17mg2XYy1muKVfVh4wA09x + O67A23mAIXPhQgXWFaml9wv7iEDHPTThJH5mvufd0+AIqfOEa91qboVMZ6ilnUY= + =hRXB + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-05-03T20:45:39Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//Vx3UeZhZhEXV0fyGN4gIguntRwqmqP7sDHwR7Qjd993/ + iwh9ZoFv1I+/q45oKXyM+kv3DZqcDLchYHDj5N7gvL4/M7uOPpmOTo31aYHqfZLk + FPx4ZmwcN+20U18kPUDcBERsn+1NqGdBEW8FqxVMDVbdTYAajsrsfPm3FEU8gNSH + CUgUxVYymU8IPOzZKwd+TDwmIcUkPZmw6srM6tpxwz//s+1l21NAOrSwR0fYrE5z + iyd8GUu2GYjJIdscCybXxMUV/IJHaa422OGmhWvtKoJLX6e7sK/ev8o0ZDWvhPUd + HBtzyCEaygUfax1+QLZAraeJAYbjpAHeuy37UB0jgaUQXFrFkZKOjRMcPcIc9G3z + be6zcrEAdF8gQzeoTpzGAboCo5lLBLgQXPG+XMOjcfmpgJnjvHjaTK6wOZgZwJis + KxkXq0cX95Il+vBrt/k3rI2dsS2Jtb7k0pd33VApluJrS9BSeQCXdonoD1SrY+Wo + eXziX/di18RY0JShc2hjY24e4yXNUs8TsFXuw2c/v+Qk0qNBgF4/qahNZWjMGRZ+ + D0P5B1sv0Uebq+xzkDv0OqCQqJ4NnozJ70wgQTt42xya8ZkjO2DuQDUkSQ1rTnu1 + dqS6q5VAG8vfoITaRfvV19YkUCWEg8iWkdEZ7F8iinE9IkoA/Fa2x5LnW48Z3nfS + XgHxSgKKGO9N1kg8Fjo8fgc7bE4TrNEr7DzdinfTy0LkM7v5EEydxLOMzUyysWqp + gOXUFPXXaFgxfNXRu/0cdHKpDB4Y3vqSPUSTzhnfco9IFt4LAyHTohoRlx7V/1I= + =nL5O + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-05-03T20:45:39Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//Qa2Mq5vcOMfLgF3lV6f0RK+IQdFoGIetj0dbIESkl9Q3 + 2mYnXqn+OIwRg1V0nz4Wpwj3vahpWhSAWIlmBLTxjEM7pP1MinM/ohuiT8/d6PEy + NEeut07slQuSeaD2WR9CBI17VNOQgvNKx6eB6zLH5+RlvXcSAR+5+0A2YxvMg2Qq + rOMi9eWZPqiRw8j3pFMxl8bBCgQybP355SLIQoL1PTMRBCIeKovaXHICjAvEDfm8 + xzy2hvzrQDYlSV81wdb6nBh9CGGmhOrRleE7icKqAzcwEHxo/FsHAyJsis6AhgO+ + aMF+PaHk3WLYg8T6+M40YMe7lML93mXT7Xmbax+igaf7ZASgyj8ZZnao3hr9ZZq2 + ST3cy+neZkr9vJbp/ZLPunKSxOTa7MzoMvIZFAKWy4nx3d7xagoNd+2BITBJNNlk + BYOP39v6LPh1tsMVrUQcC7Mrawq1xpn5C938rfcCHOsYxn9bU7b+aScFVqITh9uF + 5qHlfBn4/5vCc0bTc4Y3QyavxaWiP+SE8O8cO6QlqL+AYtZCfqdup2WH1wTOWrnd + G6UldxQpcpxyPK/4LGu5DcWWGAbbHa76k9LJZN3YrdSft5J26YLsyRUseGSmZ4/Z + fYG9AoqLOH2kKnCoj7kESmiz3lt7DCtvE1nrKUNJZTrcku+nLWjebHDGWjOH5HXS + XgH3vcgt2kbkogmgxt24pSLQeNK6SjI4fBiJutlw8VCyrqxDATR8yQlhAIGPLGbw + X5h4RgJGvSFMrrr8BPW7L/294eqPm2bbq/MRC2O/9ezO3O4453N01fePapEqqGQ= + =FkUA + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-05-03T20:45:39Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pAQ/+Og4gwY9vzUgLOPWYGVrcSIRSSgK3LngQLTD+aKDBybLQ + 0Q0ln9kpfz09Gq1fkwI8LuoeQ701qlVa+0WMv864tHJR2YmO4S8+IMu7qvX5W3pN + CEzgDfZL+ovOMSB71ZK9YHlliqauy8cnrYk/ucwQO1yukDqzutlPeK1CpE/f0wBm + A8patwmFGCSPYvmIBe48qsvYKP0JNVIFmhG48TaHQqc95YbhTYXHs9qz4WcFbMEr + T31+fv/jBgmIU+nzQcIhNfHJ2sdmMXF6rRt8v3mGQrOUcU5es6E9a3i0dVZFZMc5 + 9akn2ELqbZgu+wIH+sgpuB/Hw3AA9SBhaeRHKjEK6e2l06OCRF14EdB3WJLC9fFI + 0IqEuEK6dM2lkSCsEVTZsz/zj5Gf6kmXLu3mT/PKcui2Op4SIpjtv/CtlxS5kxxx + dDJd5aEKYnTjVIXrgUer7KD2Ld7oxWr0TMxGd9dlWHViiBWCIh2jrbwh/MYcXA3n + nMj3dUjdpTO7AZe3rBAzkfoMtx5a67HX4lo8WUJKzFgQ2jxvhyw+2mPdjfy1KErT + Fa/T/nnfIBAN+i2zLBTQEdCDEdrbSKTZD2/ulKSlEii1wK2ATQHISRzAORUNo60n + Dp9cFjITOoKeGdtrgfs+rptQ5mSuNNjJC5kUo86b/0IjJX8wjHKl7dtlkebhej7S + XgFcJ5WY/8eeXZpXT1ooY6OggJf7Kso2YYR8oZW7Z55zjyVfXKsJS3ytPNB/KAbd + u1G4BybrslSPyXQU9vuX4OSstiqNcqVOhNvMBa4gLnE5k7sumHI8dMbHcW+nBY8= + =AwqY + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2025-05-03T20:45:39Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAlB/i5V7bWDewYv3RqyZMsZoxmskBKPe9cmvdoKc85zIw + 7NnX/YFhUHerQkrdEkilB6i0Hd7aiUQ8R276cLXh9v5EtzeBZiRrfe+2wPc47Q52 + 0l4ByI0bDgXa+Fw0AgTp/OEGDOXEUaSEafGEBv0YrysD6f/9WnKYTt5QjBF2Spij + f0pqADF8QdDW20fPZDOtt/gUezsA0AiV5HiShS7XsheBIDjL7cY15ST25GhXmmnR + =qZnD + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-05-03T20:45:39Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAPbYdliNriasz0tjbTIqqg51QWyNtsXN2PvIlxeMiCiIw + GbN1PKHxkcCwJX5K1zn84qRyL4t2ZNYHZo1Eq1XarRN4o9Ss5koJNH6KjnDePlPX + 0lgBBqapYcOipdOqSiXdRSvHe3muvvYPV2kH/OEsTySkPcaNPhg6e2lLkshHhVKQ + 4PleX0qXAwnZnXlY6QtALs1LZODye517DZKLZ+T/jT+u34kB92pcqtAH + =ZsVt + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-05-03T20:45:39Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAsW0YJG6AeX1hGHUJ/Nx8XgJ+tmdoyrSeSV2x+hoqsNJH + UNpByaOak57WuGor60zKTILJc2rDfaPF2ZzCEJJVmtfbAvbdAYfyA6RyHZJkOFsu + hacNVLIwYzbaRQhS/7IcmAifJIDJhEcjzkwD6LK7TnEhM13Y4DECk2vykZ1ex7hm + TNy8YKoLH614SthQgv+Zbnuqd3CP0Gj4N69+rGVMbJYIBwm5+kgucva3fYfEM3Sj + 9nDh+0XAWJ+Cid+ID2/IpDTpj262hlo+yISTsQIHfqdZ2y+HHb5NQexKV9G9eQJ5 + tdcw6//ttwLO6Aq+N5+DyaIZyge1xUGy64JBsn7ErWqKwbPYrVApFPXgzR3azzDB + v93BNLkt7O15xgMQryS+ADjgE/XJxrl+4yevMKn7RJp33zfFmoNQVn2OuDzNiw4X + +pxqC8f77sdlsz0sghvdhQVDGEVFx5QOoHihfeGEQ4is47oq2wmZM9uWEH3jFolp + cfZS5wTbAOjJjAn4ZcnSuNccKQfdPGKeitNYcCORBpgU8t5JfWIIVHNDTVM581CY + jPX+3Azr/K8hUWHxvNZIObObsW1l8VOiBsQExWVZ7jgwgayieDpQcm2JSAfnTcE8 + 18uhcR04g4i3BBlD98cyM7hBye+KzRpJ5PRCGvlp4V49PQKlGixCHA/1AVEHTbfU + aAEJAhApJpmpjyUSzNCpOfterz6jbX+WdFpvWiQwvyQ37R7xRb5JZgNlDQ5T/lFf + Pb2b5i0R3ZpGUB7si0PyiTMCqM3Cas734Sy/0Nw0nW7TqjprsTSOhSyTFfKJoFq9 + tuTBFmrwoASt + =MLHr + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/resources/chaosknoten/cloud/nextcloud/config.php.j2 b/resources/chaosknoten/cloud/nextcloud/config.php.j2 deleted file mode 100644 index 718bcb8..0000000 --- a/resources/chaosknoten/cloud/nextcloud/config.php.j2 +++ /dev/null @@ -1,98 +0,0 @@ - '\\OC\\Memcache\\APCu', - 'apps_paths' => - array ( - 0 => - array ( - 'path' => '/var/www/html/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => - array ( - 'path' => '/var/www/html/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), - 'instanceid' => 'oc9uqhr7buka', - 'passwordsalt' => 'SK2vmQeTEHrkkwx9K+hC1WX33lPJDs', - 'secret' => '3dBt5THD2ehg0yWdVDAvMmsY8yLtrfk/gE560lkMqYqgh6lu', - 'trusted_domains' => - array ( - 0 => 'cloud.hamburg.ccc.de', - ), - 'datadirectory' => '/var/www/html/data', - 'dbtype' => 'mysql', - 'version' => '25.0.9.2', - 'overwrite.cli.url' => 'https://cloud.hamburg.ccc.de', - 'dbname' => 'nextcloud', - 'dbhost' => 'database', - 'dbport' => '', - 'dbtableprefix' => 'oc_', - 'mysql.utf8mb4' => true, - 'dbuser' => 'nextcloud', - 'dbpassword' => 'TdBLMQQeKbz1zab3sySUsGxo3', - 'installed' => true, - // Some Nextcloud options that might make sense here - 'allow_user_to_change_display_name' => false, - 'lost_password_link' => 'disabled', - // URL of provider. All other URLs are auto-discovered from .well-known - 'oidc_login_provider_url' => 'https://id.ccchh.net/realms/ccchh', - // Client ID and secret registered with the provider - 'oidc_login_client_id' => 'cloud', - 'oidc_login_client_secret' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/kc-client-secret", create=false, missing="error") }}', - // Automatically redirect the login page to the provider - 'oidc_login_auto_redirect' => true, - // Redirect to this page after logging out the user - //'oidc_login_logout_url' => 'https://openid.example.com/thankyou', - // If set to true the user will be redirected to the - // logout endpoint of the OIDC provider after logout - // in Nextcloud. After successfull logout the OIDC - // provider will redirect back to 'oidc_login_logout_url' (MUST be set). - 'oidc_login_end_session_redirect' => true, - // Quota to assign if no quota is specified in the OIDC response (bytes) - // - // NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to - // zero or -1 or ''. - 'oidc_login_default_quota' => '1000000000', - // Login button text - 'oidc_login_button_text' => 'Log in via id.ccchh.net', - // Hide the NextCloud password change form. - 'oidc_login_hide_password_form' => false, - // Use ID Token instead of UserInfo - 'oidc_login_use_id_token' => false, - 'oidc_login_attributes' => array ( - 'id' => 'preferred_username', - 'name' => 'name', - 'mail' => 'email', - 'quota' => 'ownCloudQuota', - 'home' => 'homeDirectory', - 'ldap_uid' => 'uid', - 'groups' => 'ownCloudGroups', - 'login_filter' => 'realm_access_roles', - 'photoURL' => 'picture', - 'is_admin' => 'ownCloudAdmin', - ), - // Default group to add users to (optional, defaults to nothing) - //'oidc_login_default_group' => 'oidc', - 'oidc_login_filter_allowed_values' => null, - // Set OpenID Connect scope - 'oidc_login_scope' => 'openid profile', - // The `id` attribute in `oidc_login_attributes` must return the - // "Internal Username" (see expert settings in LDAP integration) - 'oidc_login_proxy_ldap' => false, - // Fallback to direct login if login from OIDC fails - // Note that no error message will be displayed if enabled - 'oidc_login_disable_registration' => false, - //'oidc_login_redir_fallback' => false, - // If you get your groups from the oidc_login_attributes, you might want - // to create them if they are not already existing, Default is `false`. - 'oidc_create_groups' => true, - // Enable use of WebDAV via OIDC bearer token. - 'oidc_login_webdav_enabled' => true, - // Enable authentication with user/password for DAV clients that do not - // support token authentication (e.g. DAVx⁵) - 'oidc_login_password_authentication' => false, -); \ No newline at end of file diff --git a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 index 7e6ad56..6ed0beb 100644 --- a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 +++ b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 @@ -11,7 +11,7 @@ $CONFIG = array ( 'mail_smtpname' => 'no-reply@cloud.hamburg.ccc.de', 'mail_from_address' => 'no-reply', 'mail_domain' => 'cloud.hamburg.ccc.de', - 'mail_smtppassword' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/smtp_password", create=false, missing="error") }}', + 'mail_smtppassword' => '{{ lookup("community.sops.sops", "resources/chaosknoten/cloud/secrets.yaml", extract="[\'smtp_password\']") }}', 'mail_smtpdebug' => true, 'maintenance_window_start' => 1, ); diff --git a/resources/chaosknoten/cloud/secrets.yaml b/resources/chaosknoten/cloud/secrets.yaml new file mode 100644 index 0000000..53b7522 --- /dev/null +++ b/resources/chaosknoten/cloud/secrets.yaml @@ -0,0 +1,238 @@ +admin: ENC[AES256_GCM,data:zIcGTqSicvQXJE6FAk/HLQbIMzAHWdTfLDb0AGEu9bN2+V3Rb8ujjGpiDhIbPtsc/z1Z9i6Mk7I4tQUl7ErF+w==,iv:tRKbXdpLKfT6N+8QNY4N3nennRBtVjUTtC+BCoPOXxE=,tag:vCZZaISD7hFmQnn9FJ8LXQ==,type:str] +DB_PASSWORD: ENC[AES256_GCM,data:j07CqdB9vEPY/7mSIIxfRLKA1YOSoqgbt3pw2EgwyO1oua3r40NvRLY6VI0CXmcOXOedm7/lX5mwA3cZ15pBhw==,iv:+llV+OR4leYx6KyIRIadhbcypibfYKFFEmlftAl4MlM=,tag:6cd+8/IR16ypE09UDvI9/w==,type:str] +smtp_password: ENC[AES256_GCM,data:VFhGRV5Jg19UTgm5mzzF1gcw2yyeS28BPuIQZaH2nYbyQGbxcOJ/YIaYbCXufoLOFLgUGJP+lHjZEs4fWuj2SA==,iv:SiUpLXthEF0UlJGCK+Q9cVH1BXnDtN9l8ZY7SeGU9KE=,tag:OmO7BcMH/eGrCOx0z4lQzA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-05-03T19:16:51Z" + mac: ENC[AES256_GCM,data:j1QfgIDBR4seyC988SkCODR21AhqtBQaLLD9RV10hnqclgaByeoVJ7zdDUR4G41lhL9tbOKUy4FpOIQQp+kYBztu158cO1DtEU5WNUSV5GlRjuFRgVTCYZwJLq2uDpINMhfiC62MqxEjk4i8MI4szNK1P5rCqBvnz8f5gaUrTtY=,iv:EDtJbXOsXE/Z6DYi6dQXzZSflQUJN+TaqKiAXFXz6Qo=,tag:2Uu57dsB6+vVSZBZwB2lIA==,type:str] + pgp: + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//TYjfG4qAhFwZwvWrQiIiNc+Qk7WqZ6I9fsvzhnRPMsqd + CO2y99ht1mXF0fGs5MuBtcml0OHr9kbfKWmf+1JwNEkzFdYeK6YvppI5fpIVgah6 + DxUAGQ+cquTtUM3E8XKIsXIVRMkrkJdzVYB5hxwV8qjBUAh5tuXg6Fwizpj4UGuX + hF9TMYobvt4EanLDiAvMpo3oe2vjGBpkns3BpXX9oSq5hExlqLivifRHpJvp1j5U + fTwrYqYPXY6mM1RBP0nBSyJb8sQlg/7qrOPQb8Y5/ryWs75JA6zVTpd3fe+t8pmV + Uncwewh8fujrhPkLdvjSRc0/9uWf8YcohL6Oy4lgGffwPIMyhlAaXi4ym/dtM9td + 8Z/sI7LQ3iIIPOAY++MOQvhmtD4AQkNJM9WUcA0n3fHvVVnNhVWHFO6J8FzH6q/u + pDWhCK/WH5pTyreI0ngyeSXC3Mwq8yAMbjlhvZktZwmYCKrp3CWgqanZVPKHx4aK + wO+JPMkcr86mj6/sWbRq3pqJCMZw5NBPxrdym3n1suthmMUOvnZulQt4RgWLoOrx + 6wDVdH3Wv0j1yjuY3QdMZqOKECFhHDRuI162PV+kzGYwrcbzQlmNQgqK2ZhR1B7k + wJziWgwynZ36AoPi6Fi+rA5CIPtVSlK6yr/1We4yciFic/RfmAVwWpMkORwOCBPU + ZgEJAhBpgdpYmO2MdE3vLc7S1Ft9YhAOCzgGHYcjULa0lrA7K1xpDNkxEzotkiu1 + +/uFrHU7bS22bcOFD/l6dO1TzA1ViPLo1BZ2xmKToTq8cIzLjDrqo2sYHOqYtaSC + Gees+Y4xng== + =VeG9 + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//e05aLr6OZAOyi1MM/lGZ19QCBztJiaMWVL/BY7r3/d9f + m1BTAgUZNgSROHDgkH8uuXqWHIadfIao6gUFKIzLsrwPfuUC+DyNxyE/NQYvv0R2 + k/IgXAuop1P2+thm13rVmI7G3yjGD2NOkQzp6LlMECfImts0QZqrfEUXd/P+WyCE + 2ooCyeDstd+SgjBTHd+o0sGtc084XtpnfX4Qw7KGwuaT+cUkKXbdPqzxug+JpJcc + BFK5F0MbrEa/wA1vAfyIDuZw0Zy3fGGO9wASJoc2ChFb/BphOIVsqbM2zNB63XDS + ImnwyCpDmyxcBon8lDTlkd941V+YXzSf2cnyV//o7oLjFVQltrvu7pGhUrQ99lAU + 0Ayn8jiAtyUenHOH2gsXdfGgg45lGf4Eusn4XaCxwSKoG1BCQZwR/tVnFBeSKkbJ + 75tOl7UIs+bkLx5LWB1ozbTrhuOymR4h1BUbx3VL7Th5K+ChHs1w90xJWDP1dmEr + +euiIaNY7OPfzNFZpNHJb4SQdtXzeK9fSV8N1c5G+BxBIpAqsVUWkXqVXiVwKjS2 + BJ99QhpmDFoCy2d3O57mYM09HgWXbekFR0VckL/8RVVpHfdnQcauXEMrpl3AHCfe + DK3fDucO/+MUQ+lnyDaoRjJfjsM7PQc16JnzolEeOLMbKit+KAjMC9EfvM8GobHS + XAGQHdTiHz1ppYhBZM/RlFG25W09yKA3m2pcYkbjcB4d1fu4lR8s/PhFT+5HVZa+ + UcnKDr3Kx517Pgg6Snq/7zdMqnIe3q0l/0Fs0oLjL57JoxSTELp6jqORXs7M + =vOAi + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/9GWEYkbX/xjrCqZfmxA+V0LjdDevDXKaII0j9vga28WIU + Qg9AeLpvvgQRwJvZXZuCFI9ujmvpFePP4OgLkmh+6hx3dHY3COzT4i4iEH1GbxEy + grGXSJaynPB2ONvaZbIt+FwNig0alCiMPQhzLnIS+hmnSYbHFPqKGdqfqryj1xjI + JhirzLV/SYIAo4Tqgr/uyq7Ef4JAtydh7TWrqbdNQKeoB5Zu1uU+gVHagsF9mGCV + 49x8K8EiyMcgXtYk0UTN4Q0iWArDtnM2x2/b2PJ6H3yw7pmdE+MPzGdtRr4t2zAI + dF+h6PdprcHKrQa8moy0KSCm+zcSkL0vxUP8+X3WUTS1VUCsn6l/kk+4rM49izqP + dvmQldGSHOdPG+P2dAS68p/Sq9PhsYZEGKub+nREyQI0AW3yVpWVCbWIiwEWnQOP + NGKIRGBdY192oNvb/3ul3uNi/qcKFgrP4+ue5KAmJgkObFTss8OGYfEMQ0dncGV4 + UW9Iw7Xo8e10NPm8PpLySY68pGMpgFrWM/Ns+ifCfEaTVSezXYRLHy5XfBBoQFN8 + RJ/S0+8P3/HRyH6q/vbFkWrHhb95KwxRLXz5qb2yoy2/5z6+dgSKY51972Zujxjb + GklVDqPrcgCLqlApfw2yJwSe60pMbE2CxEFzAmWLfGpuvyOhpWOT5jcG8F2HipnS + XAFUK/+WAcOdJhmSRZt5aX33jJ1uJXQoxcbAvxdR+4TZxmbPjSLMnZGs9qfMhtvF + EU9WjE3elMQ60mKBEoBFPudSNsfGblS3YT6K8b4Wij/CTb0ROGXH51ZCTa4k + =PW2U + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ//e6SuBK20zjqoSGLhf5JzocXFYD2TxIDyCAOmoK8kM/SR + MPaDWdITHXWZS6o32KExCBYUeOIzUZDcgW/BqNZLsyDfFzgtdYY7j5Yy2+/ezakW + 1PCY5MoqjZq0x4MMKD3TqQqHHsLLS3lPYeRWgFbFTZVMriixO9GqlM7D0MAmSEL5 + WbDdR4wzQNhsVuMZlF/1Rq/fQH0UCjJZ43VnlOi/2MSA+RE5pqSA4BE5IPUBgVx8 + n9b5asY5bG9N9RmpaOveF9AXh6x8QiPC2br14b642Ccj6GVGBgBtIyx60KdSALfH + 8twZlau8Z+vAFnGQ09K3fL9AapE1RVRSzu2ndZ8fskAWxzP+N3+oj97JYbaXYvb3 + IAHfQkB/N2EV1b2bGv3j8O6gMKjJG24QCJgmd8/AIVbWzBOzfF6SK3KC0hI31VmS + RrmZBZlYX/cnLGYK40myYAMU93/9R0DyhWSC2N9SVS7Jy6GW1u/aHyd4OdRXtaqi + ORhgiQ05gTS1oF3zLB8/7Y/bo1mpTOUPpGQ7mQPaToV/aAI6UYJGhR4EFZBHqz4v + dHO6Sq/yDvYSYasmP3a/TysEohkwnKe3/TSnGrMYVdWNX/tAGWqZSUrsWaTDtTT9 + 2QiTZftGTkRFH7SF5DkrbRMmSz8rQHrR8mtoEMtUbMAX9yRDSCHw9CRcfh49dL/S + XAFK9g7uSY/HllvPHu9V6uvQfbKNqoYmpbdw4egKsYXKVsSecL5V2mvvgNABbbA+ + 7Ma79aZ5KRPtmUONfpkeIjyzhnZXNpSn+nnpZBIMXGbwiaiq5Z8WFBBaaF4i + =ZmSP + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVARAAr/V8Ox5vGayrWZmtSIpz0yzv8BudAQDZscQGUr/PD6d+ + TFA5aNPyPgCbVepLLWNkE+4YmmkBlxfAKS1b9wIhI3MvtFIKysTHxjqJde2QAntZ + LdC2Nv2O1xVqQ1x22iQkNVoipLwc6OSbwLs1EC7Od6yCX4Mxk9wDjhixXnjeFkb2 + BTqUsT0toRu6ZtIpjELHMtPCj73pHa2ILIRuWM3H3V3KkUr/InYx3ewCihv4AqC4 + CmkH9CO1abdskPF298f6dlTG6DCnV9jVO+AuuiiT1yXE9zCrVlX+ACTugL+vpG/k + utFq2gSbgIj/vnw1T5yE8RDRrDJGwWGr5lfoXJfhr1owEt7ddRV1mS9EQBzCpvcs + YTM9an9nxIv5ffktu7qW8st+qVoqWKANxJZeXkidZxhLGchSgeMtRmnz5tFfVwws + Og47L48Z+26aBVOLWy2AIzZHakdbyBY4JoXNAtUQrtRPicx0uUJbSGEXCqjcOFUr + kW4f1iYQAuJwazxrEhKhviO2vV8uGDxzyBzFrij0nd+WAJTjQrpvjWaxzs/IToeA + nQvMerKx3L9QyQ0FQQFqJuWgcYpjeCFsqija5WxVUlgDk1iDDZudZUbJ0PbeemsV + TJ4adxzdhQb6YVRRWVdTDld7ZPyPMULYmjyR8oeaswE1X8JtyuNssO1WlYvz2r3S + XAGhFT8CeuR5FJHYmHwptfKFmRahkLQRKzl8HCly0onUIO5dSXtO1sqUy/KCq629 + b58PjTcdwv9Nc/VyoTbH17NEicwkH+r6j+lztBDPvbJsKnxG2G+en57xZPWQ + =iLLW + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//TiP3FUYVgg4Z2gQ90Oq+lXTvfAytKlPioLCqTJNmj0FS + SxQ4WIl1xgOTy5DdorbwnFYlZRwFedcfeQGIJ6c/lz8Od7ab5goH4NP18OZi1tkP + 9VdqlZL/7rnAT/OBeygiO95WlrWs7KCvmdIMrB3eQQY9EJP3ZXTbkJyM2vQSuJFC + y7noAb7BxApAjcmWW98ua8l5oyKh1O/DBnbsQ2lQwWtvxVW507gp8oqJgnD9xrCR + jV5Uc7ZYxaXKNk4WEDvESVb9n5FTwL+yhW4yGLeEracONI0SSI2lcsdSbWkM7GGr + 6S51YkObJX7GH4BTPGpy9+A7VOeeKi83XZFgaaiiUA4NcDOg4270znHaF40C8cP4 + GIMu+WbNjl2ABbudGw7BlYb9dposlEkVY0Ce2ZDAQd3w5toGnkVGi5jIG2xNoFf+ + yNG4fNo2H6giDLuw3ucauB+qNgS2CWbUeTXIbt6g9PmILY2s6OuBq9m2o6GmAPPQ + PRLtiMnFCdivzQCkqRdNDSRAsNR5QI95NFC+258hTEmk2sUk89TqXgFccobX9IYp + BMaIVnVtI+iCa3RQgKM0OUUDwnA1W9XVEaQ5zFjjfg0RY8JT1xSgTnTc4OiFODC5 + rz3C6CKyh6B4SxNjVod6Nb3jNPDT68lfkf9ua+mB+TknuK3Ov16FWmCCsTGNiXHS + XAFAZjJvHeHoZ5yjhBVpQJ5bdOOj1kuqtZzKzVWMnLQiXB+XKfxVG+d2kmmCCyeT + clK0T7IL5NgJ0b/d0+1w7G++k4xSyy9Cg8jev60HJtny1LDB7AqU78+6mWAo + =1sdi + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//XkFf/JdcWreU54lrAcgJIpA/DPuflYX0bzPTgGish6aE + cOdKTppl1o0yOgsxZ/0C7tjWMevM8F8gHqqfDD1YrLerrkDtvCKw+s/UgpqGIS7D + SzalYJ3l2Sppmbum2VDqIZvhxF2U6DKB475ZMsNqangCjzcjOf4PBrxSIw51s4uE + nFDYWfaAh1VYyRB681+VUHSdCITCIfXXq+8jdJAagrA707Eix+9WM60oqv6jI+d/ + TCCHufafonXnR728LxdSwBELZF9jb9NGgeG/7DlWxmV1gcqy9o1Rzv9cICtcDxKv + t1fORQ6tztNVrSUGRXAiGa3AexJYeNnIaK8q3kzUaNqY68TOu6wyNdOEEpeyynJU + dNytPUzZ4e5vhP4SxBsenMhekLcLt98eDGQP/iLRbfDhiBjF4PawqOIeCQbJ6OgF + KXJle5gVuhakTaIuTp9QZb8rlWiffv/cOKlqGydUjeM6fq8Zgm6e1vjcbwQNj1mX + 8T+KhgyUtaUUQPC1qm3LRom4SIM4mjgzH4SQCI9M0At7X12OjId/o6GsE62DU7C3 + ZWywYXH3JIGDCmgG0CQEZrh2Mv+1M8Mp1rZkDahj39ls9gp3reXI2W1+bxdgBTqy + 4qxZGZNW0XgyaSwTbPR+z85ac/RE+oYKSmbpi8jstdLndIXtL2ipr4G8w9kzGjvS + XAEE5Ml/lMJDHAJhMTtZgGoh10j/gS8EexwQobzZqiMeboNpt0r+B4OJSbs0WXJV + oq5c/B2PMghcN4cnFIlesJl2AGry7mI8lq6bnhzRZjIN5KH54e2xBCVdhAs4 + =2EQ3 + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//RTa3TiqaH6qkdZDuplbP8l7OsNSmvuk3R/vgiGq0Jp2y + V3GT+1DuwpauG2IXDL9b36DiZLKX7+ugHnQ1DuSYsq78m4XCVBeIJkaN+2A9K+gi + LwjRAxidQ5wONKqG6L4ZLConW8fnvuyAi2KDK76B7TcH/Ir+QTX9xg2Tm+vJT9Vv + o0ZDrNnaY5LMvFFIzN+9wqiBnekw2EHFOYBJTpeqT8zkkvLb3Daoplpr4Uz/fdbR + hlPP9JyI8TFB3PpMEF84+2lys2ob4halzGW41A9+9zFiPcz1mzL+ftRKFqU8Sd3x + EBbiu/6xVycWnySAMiX0p/A+p+3pzMJ40/OJHC9P/HxdbFFTvpGzL95qHHu1aDTW + vlQza3qQTk7konQiPAqZpv2fAteXCZeqhKgm8aowevbzCeGZwNYaN0yQqyROEE7V + z702pOsize5aRsGWlxhtzrfpHVlJ/yxbg3J4vv2WAycGYmvH3Z0AJxClML/KmuO3 + W4umyrMQrmMMOhSByp3EkrPH2SXs6EObRoUwCaA82oJCcvNnEayRBf5KkX+FWqMY + ssVECN1VX6sZFYH05ZGZ+RSpzNJrIFZPx+DrbmcUQBgvOBqIsWiaM4dNpCwRVuKo + GhwuxdEKipcyPlsp274qwXCoKPGyjZxfcTg37naq0LlU+4VCYNGzuEijegH0e+HS + XAFxXl4qoEaPAHYqMADJXOOkYGcnNUET8CwmIzuqLWrE5uHgKoX9cBrCN91jEFxb + KH5dT4ysfagFkEWf5sNjBYcuxiYIP3e8BbKk2lG8DvZJgWox7qyvKIo5oKcD + =gXdn + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pAQ/+LiEI5eSEGrABofjDaIKiROJrC7XKLzVWPJ33mxxVwGsC + 5mtjnZNQDHa2RiN775zLKOZmLvrKGCNHnfCHtcax0uaYTNeUVn0Mnq+UxYwTPXUb + 1VIX6ivCI5HNd2voqM965riflOBOZbRsDK2dGodl4tMdO4zKwxJ3wDMhVJ3Po0rg + UseEnsgXKP1CA+lGoYfNqoL2rstr6CNLcb6dZ9kekX1jm5ZegH7Xsevf3ZbVDDMS + C+l4UijpngfsgyZ04cj8DEQuCZy90GQxkJAl5NWqcJ+recZkYlL+B5eLA4eIPt6u + cPSdjPnzylT81b/cUsV1NUX8vNU5W/i2Nk4eTy1U5ErsDEmp1q1c3XioHO5h0fbZ + k1F10gRjtljnlDyUv4U/5JdLz4h9/B2SvbWZT977RUpNDcLtuL1ePTs0jrOcTJsq + tVlbAYJ4iUtMdUhVyftCQUo70Lx5VNufg/TbKTC/TWSSRl0DIdDa9adfedlv7+7o + r5nXitAIMcT+2nkPeW9060G9Vr0ht/7tHcMNBrLuXLNzIaQSwl3+cmC9CsTtthdB + 0+tcuZJ/w2WZJWX9U6ubJ1vWYdlS8PAEGt0XuiBnYO/CnyT8PrGMtJfDqzt7A1yt + jADGGXq9QF96xki2jPo35TommATNAJsFi7d6NjGOKcFhwPiDxiZ7G0V0BiD0WILS + XAF0B0GQDPebknXCpeqs3aDSBtg2bvCLiK7l28xs1hWZddt5hCTpzEP3zL4lDrGE + 9+SSHG8sJ03iG/zGuo1OsDOPeLwHbdKoY7PJKgVOg+R3+OaWhIzx2cbW2qeV + =v5rS + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAAAWAZzuozJo/9XnH+sEbE8ebyKgBi5ohKDVZOlMtCTQw + oeNOyUBour0BEfJTd1MdrUOBOP8aEL/RpNxNXLJnuo/ZW9Cm/sYr5EtxH1OEuZeA + 0lwBeaaV1bGtTACOlttrysmmNGWu05AEigvWSjW4X0oerU/3C8B1f/6HNcCeE4FV + Xn4MKaTZfqGrS+r3PrtyY5i0odIpMQ9BrlUhld4zZQteiCb0FYIU9p9T3trrtw== + =37ry + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAwqo3P8q8n8cVeO8pN3QiqJCHK0R2cR7F6g4CBoXL+HIw + pat6LL4iuoKRlKzGNFhhfcJ8ZGu7b2kXLNzMcN8YU/8Bbw3uym14x6o4M3MOUnpz + 0lYBGEn/qi8JfNT9anDVH2NoJGD4sVgThagLjOM/lgXAGupXQeL8N2VH7q7aXBVB + amtNYqrr4FKYSTOTOF46BXVwNVQkNxeL6I7FuaRu5/B3MG3xZmHb3Q== + =KxpX + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-05-03T19:03:55Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ/+OW6ZL2OKIFgYinYC8LFwR1S01FTlssJSNAmbA1AWS97a + eZnf6H7JQMvz1YfLeX4bS57Gip21OCdX+sTVsj9+8bKyBEXI8lqDS+W0QtWhZy7F + xHLiEcMuv17w0Yg30UszMNaO3MCtfYrJpOiPQ5jYnfraigr7TmCja7i3ySUak8jh + 16RVF4mcDJKaDb4elCqQgAU3BLaQbIBAV9l0NcdkIN5HgwZCCfAVFXI6KfkIQ2/4 + kow5wg8TO+5OMb3gVE6YO1ntFoV13qkAUvldH2pR8yjnOgZUgMkOpX3JdG95S5y/ + +ItZQ4B2skUPu8dp4xLHoy5eiFgOiI4lKoFNknB0Mh4f1Wuhn+KHnWnnWuEdYBWe + OQxyvGbZTz2axeuN7zonS6GADzd+/jNFiaWYdaQ7htMiaD2cE1zH8MJMJRHTzZmU + 0ifH0Y+9+lKsqVwvoRDrd2pQnsjnA+saRAfXqluos2fGCMOVwIXju6rsu4lkUlsD + RuFQ6fEq1SyuyeoKMeMtahAJO0NW0DSpxMm2DCrX/HaO4adIegosVznvpqFKUbBX + e9jAp9B8xeWbTt8c6TT9U5XW+GXcPx0RG/lxRKjXQRhwd2UrvUW731scODnFLSqu + BFgqUByk2iSEoonZAoAS6gjvC9NAMEuLwWvdUejFbAx1ddknNI2YuoRcHrHnWjvU + ZgEJAhCkTMPYO7Q0V9nRMne6vajbSvXDfR/GwRLez3qRPoTnMpgZO0hpclqerJ5T + Qel10f8aMLupwPp4n+0khXyIZ+XYxTRdeR/zhvklYe0f2XljXndMFlEFA05vJ8ce + 2theaH7hmA== + =IwH6 + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 b/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 deleted file mode 100644 index 56995ca..0000000 --- a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 +++ /dev/null @@ -1,60 +0,0 @@ -ALLOWED_HOSTS = [ "netbox.eh22.easterhegg.eu" ] -DATABASE = { - "HOST": "localhost", - "NAME": "netbox", - "USER": "netbox", - "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}", -} -REDIS = { - "tasks": { - "HOST": "localhost", - "PORT": 6379, - "USERNAME": "", - "PASSWORD": "", - "DATABASE": 0, - "SSL": False, - }, - "caching": { - "HOST": "localhost", - "PORT": 6379, - "USERNAME": "", - "PASSWORD": "", - "DATABASE": 1, - "SSL": False, - }, -} -SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SECRET_KEY', create=false, missing='error') }}" -SESSION_COOKIE_SECURE = True - -# CCCHH ID (Keycloak) integration. -# https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7 -# https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html -REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2" -SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = ( - "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token" -) -SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = ( - "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth" -) -SOCIAL_AUTH_KEYCLOAK_KEY = "eh22-netbox" -SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB" -SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}" -# Use custom OIDC group and role mapping pipeline functions added in via -# netbox__custom_pipeline_oidc_group_and_role_mapping. -# The default pipeline this is based on can be found here: -# https://github.com/netbox-community/netbox/blob/main/netbox/netbox/settings.py -SOCIAL_AUTH_PIPELINE = [ - "social_core.pipeline.social_auth.social_details", - "social_core.pipeline.social_auth.social_uid", - "social_core.pipeline.social_auth.social_user", - "social_core.pipeline.user.get_username", - "social_core.pipeline.user.create_user", - "social_core.pipeline.social_auth.associate_user", - "netbox.authentication.user_default_groups_handler", - "social_core.pipeline.social_auth.load_extra_data", - "social_core.pipeline.user.user_details", - # Custom OIDC group and role mapping functions. - "netbox.custom_pipeline_oidc_mapping.add_groups", - "netbox.custom_pipeline_oidc_mapping.remove_groups", - "netbox.custom_pipeline_oidc_mapping.set_roles", -] diff --git a/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf b/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf deleted file mode 100644 index 6c9d458..0000000 --- a/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf +++ /dev/null @@ -1,48 +0,0 @@ -# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration -# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 -server { - # Listen on a custom port for the proxy protocol. - listen 8443 ssl http2 proxy_protocol; - # Make use of the ngx_http_realip_module to set the $remote_addr and - # $remote_port to the client address and client port, when using proxy - # protocol. - # First set our proxy protocol proxy as trusted. - set_real_ip_from 172.31.17.140; - # Then tell the realip_module to get the addreses from the proxy protocol - # header. - real_ip_header proxy_protocol; - - server_name netbox.eh22.easterhegg.eu; - - ssl_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/privkey.pem; - # verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/chain.pem; - - # HSTS (ngx_http_headers_module is required) (63072000 seconds) - add_header Strict-Transport-Security "max-age=63072000" always; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Port 443; - # This is https in any case. - proxy_set_header X-Forwarded-Proto https; - # Hide the X-Forwarded header. - proxy_hide_header X-Forwarded; - # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that - # is transparent). - # Also provide "_hidden" for by, since it's not relevant. - proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden"; - - client_max_body_size 25m; - - location /static/ { - alias /opt/netbox/netbox/static/; - } - - location / { - proxy_pass http://127.0.0.1:8001; - } -} diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 index 83aeaad..ad10a96 100644 --- a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 @@ -34,7 +34,7 @@ receivers: - name: "ccchh-infrastructure-alerts" telegram_configs: - send_resolved: true - bot_token: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/alertmanager_telegram_bot_token", create=false, missing="error") }} + bot_token: {{ lookup("community.sops.sops", "resources/chaosknoten/grafana/secrets.yaml", extract="['alertmanager_telegram_bot_token']") }} chat_id: -1002434372415 parse_mode: HTML message: {{ "'{{ template \"alert-message.telegram.ccchh\" . }}'" }} diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 index 3ef0a0c..f5af854 100644 --- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 @@ -36,7 +36,7 @@ services: restart: unless-stopped environment: - GF_SECURITY_ADMIN_USER=admin - - "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/GF_SECURITY_ADMIN_PASSWORD", create=false, missing="error") }}" + - "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/grafana/secrets.yaml", extract="['GF_SECURITY_ADMIN_PASSWORD']") }}" volumes: - ./configs/grafana.ini:/etc/grafana/grafana.ini - ./configs/grafana-datasource.yml:/etc/grafana/provisioning/datasources/datasource.yml @@ -50,7 +50,7 @@ services: restart: unless-stopped environment: - PVE_USER=grafana@pve - - "PVE_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/prometheus-exporter", create=false, missing="error") }}" + - "PVE_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/grafana/secrets.yaml", extract="['prometheus-exporter']") }}" - PVE_VERIFY_SSL=false volumes: - /dev/null:/etc/prometheus/pve.yml diff --git a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2 b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2 index 65f7bed..96c445d 100644 --- a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2 +++ b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2 @@ -11,7 +11,7 @@ auto_login = true name = id.hamburg.ccc.de allow_sign_up = true client_id = grafana -client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }} +client_secret = {{ lookup("community.sops.sops", "resources/chaosknoten/grafana/secrets.yaml", extract="['KEYCLOAK_SECRET']") }} scopes = openid email profile offline_access roles email_attribute_path = email login_attribute_path = username diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus.yml b/resources/chaosknoten/grafana/docker_compose/prometheus.yml index 5f6232f..cf7f594 100644 --- a/resources/chaosknoten/grafana/docker_compose/prometheus.yml +++ b/resources/chaosknoten/grafana/docker_compose/prometheus.yml @@ -83,7 +83,6 @@ scrape_configs: - public-web-static-intern.hamburg.ccc.de:9100 - git-intern.hamburg.ccc.de:9100 - forgejo-actions-runner-intern.hamburg.ccc.de:9100 - - eh22-netbox-intern.hamburg.ccc.de:9100 - eh22-wiki-intern.hamburg.ccc.de:9100 - mjolnir-intern.hamburg.ccc.de:9100 - woodpecker-intern.hamburg.ccc.de:9100 diff --git a/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2 b/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2 index 0c2f8b7..0b887fa 100644 --- a/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2 +++ b/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2 @@ -1 +1 @@ -chaos:{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/loki_chaos_basic_auth", create=false, missing="error") }} +chaos:{{ lookup("community.sops.sops", "resources/chaosknoten/grafana/secrets.yaml", extract="['loki_chaos_basic_auth']") }} diff --git a/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2 b/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2 index 6ccb7d7..4a1f150 100644 --- a/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2 +++ b/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2 @@ -1,2 +1,2 @@ -chaos:{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/metrics_chaos_basic_auth", create=false, missing="error") }} -fux:{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/metrics_fux_basic_auth", create=false, missing="error") }} +chaos:{{ lookup("community.sops.sops", "resources/chaosknoten/grafana/secrets.yaml", extract="['metrics_chaos_basic_auth']") }} +fux:{{ lookup("community.sops.sops", "resources/chaosknoten/grafana/secrets.yaml", extract="['metrics_fux_basic_auth']") }} diff --git a/resources/chaosknoten/grafana/secrets.yaml b/resources/chaosknoten/grafana/secrets.yaml new file mode 100644 index 0000000..4c8b251 --- /dev/null +++ b/resources/chaosknoten/grafana/secrets.yaml @@ -0,0 +1,245 @@ +KEYCLOAK_SECRET: ENC[AES256_GCM,data:NIj8QlKUAQRR2/d261B/Dw0kUBRhK02Yu+exEK6Wa2Q=,iv:yku1vV7OMZM+Nu+p0ARLhBJaONmar/bMLPJ4B5M0ZyE=,tag:J86R36s3oNjPJmDSAU5i0A==,type:str] +GF_SECURITY_ADMIN_PASSWORD: ENC[AES256_GCM,data:xua/P7Bf/KWaZA8WPz/nZra+L5nGdlnS,iv:QLvhdFqCirvilYk3MLJWThZ1R29HBoMirjxJGQj2UU8=,tag:vOFCPn25/4cAT2p1GLnJ+A==,type:str] +prometheus-exporter: ENC[AES256_GCM,data:zQfc9NwHSLnJCDjnS+gGTjxXkEUaim2Pusv48QydYe6sErjRrw35bEfZyNlP+SyffPNY1gD90riuuM/QjIUIsw==,iv:TG41lDK0evzMU66A/rhXLCjSysbTpP4NrzEvKGznQzE=,tag:pIGNSG/ZbTFgdgb5YATwqw==,type:str] +alertmanager_telegram_bot_token: ENC[AES256_GCM,data:MzTEoeTyd6lCw9oFgje6CWnSk9G9LNJ5CE81VxvflAVQgqsDAGT6VFJxDKa2Ew==,iv:VbP3xie4MF80Hq1C3RadRAmmamtHewhKUwT7uHTPtKk=,tag:usAfPWVU/OCz+eEUOezWyg==,type:str] +loki_chaos: ENC[AES256_GCM,data:kZP2qoY6u1VpVgXejCOksxJwbcCl71Ou7LzRR//n,iv:TPHrRnUemVWkuijsKzI68hnV9j9YuoalBZ0s+2g4LW8=,tag:7XvjRfpWiBptx5ZIOEblEg==,type:str] +loki_chaos_basic_auth: ENC[AES256_GCM,data:O81XiVhZUFw5MelQYeU2DGmYW5h4kK05ZzqM1l8OVQhMSuX3Xw==,iv:blfCQcFNl70SxdgR7QWKp2kGls2tZlrq1BPmwu81cXM=,tag:ytQVh3yicsPlEHgmCKwqvA==,type:str] +metrics_chaos: ENC[AES256_GCM,data:B+T5cql7i4vrXzn0pWzExTZcXTGewGDGap17c6so,iv:0QVxT82KKBZ6rV7PbiH+umAA7fWSHfWlN7aMCGbljOg=,tag:joJagfmPa4rePrtm7DWwTw==,type:str] +metrics_chaos_basic_auth: ENC[AES256_GCM,data:p7B1UsHexLQwI3QDNOHXthhkioahtbtHbhb22yz9zo4aCTp1BQ==,iv:uwvHdzZGifVj/WHFNAvR2uEvYpX1T6joIMVMqzW0Vzk=,tag:6PB0n/Lu529hkOuJtfms4g==,type:str] +metrics_fux: ENC[AES256_GCM,data:/bpIyeW1zCMOXHSbS7cFllrZbHh+3+QSp/oU79kn,iv:ylcXL3Rq+oATWlspfj25qhRA1HHmjXGYwBaQAcBMeR4=,tag:og8Yqp5ylgvoEpvACLOF7w==,type:str] +metrics_fux_basic_auth: ENC[AES256_GCM,data:YqIxyr1TPWiwV7R5q/9o4hJliePmU/+OZpKD47SzjpOltdTC7Q==,iv:BVjXxEAfkJHM1JvP78rN/PUeLRUyDMR6zVmsqDhmi2A=,tag:4+LGGeJ3oDuUhA9lNFZ3yQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-05-03T20:17:48Z" + mac: ENC[AES256_GCM,data:h2+Y5NjBoscFdp4rcSSkm0s2UMsDnjr5P9kPXcLgaGa8BG+7uEILZuCl3Tb60CnqmWeXXT6OxJsouMIN6JkoOUieZRkqXe5+6PHZ0HthO99JZtz1cyb5ERhB2Sco5gv7ik+Q8i9qRX+YWh2zIpMq68lmKxJUuc0p++n6DAAHRps=,iv:SQS8szYbDwMTxltfhS9zkHnA0rXOtgcsst1sPEMFxGA=,tag:fLRLTOvkBFbmTlR7o0wBAw==,type:str] + pgp: + - created_at: "2025-05-03T20:00:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ/+NUs4UDPZQjMo1H936WFcQnvwwvzL6+DHzkh/K2p880VT + 7Crk0krfa6raPhWqLAwLxzscnTOd5U5TR50aCK9weRdHwkr8eNcfnFx5GvnRXzun + i/IL+/7QErhSRDJTIuZ/dR2/vRqvaxysybDOI7TQkQCuJjOtti6X0oY7wyT2k67z + opmt5CKkL7f0GRDWrv6Ej8LOB66EG2L4IvzwCegg2ASHSYVkZUSDKa81DXptdOGT + 9c5ekOMBRYK/YSq3N1XLW8bqMg6/4de0es75oqtlTItVzd1muni6DmGnBxL94kM4 + KnCLrlWE5/zA3MAG6Lgrcypf/7/5VB3fcs+0cEj9/0Is+hlr7gUIoNM7BHy42D8Q + Z+Cg4LJIyD5p+no+wPI0EO5ROEJh7FkhxrDrwqvyJy2R6MB9qy7DtR1zze9fuy2N + FvWL/nk2gjyLYNc0Q9qt/FBPOJY53e2CwsL6zS42TZScBPC6klQlaQ0BbcrID/Ng + YxG+LquoWdOerMTZdm6Npkhw9hh8HMhIb8MRq0k5TrRlm6MXexfZaaMA3WAvbJJP + E5T6N+1cvEqaGOpjDG0+OXqaZbGXqLFYTHQnyl7Roq1CITr1yuZzU6vo35cTepeI + saBIkHb64QhzBjYNYV8+aUZMEjc4HD2ey4xQRFoJoW7diT4ZamlgbV145CYTBJHU + ZgEJAhCWWrfjM8xeLQQu+6h3UYAlDmMwMky7Ri1twkhenm/Ck/M9Jpcp79Jjb1MW + TYnVVV9yoN7C/WFuXfYHMd6QwOvH1xX/98vRn+77XxlGfson4dzLC8ydqzKqoqzZ + PvIYE0B48g== + =s8Mq + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-05-03T20:00:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ/8ChGGTFU4krb99SLaEVmQ5cFb0GA+YzDuN/+c0vsobq+g + LfyU/XiUHpJFdc/bBVzipjLQPPlEw42kd0kswOMb9zTbG6ytJzPGMMqEzIy1ID6y + lC/q3DHgjWQtYFndjs13rQxRkbN3xKPP+07VzZGXt2896j/xL3XSm5TXujpqIIJy + erS0BsbYFlAT/qdJdFkoqJa7c6j4/kGMMgl6rUpHovIOzBLWE+exnef+eOdzJdS1 + Kk/3wdzx7mItjQ/eGgs7HnyD/hfPCRzyRnoOEvKLS2MTLL5hhtVEWI6E47HxsdKF + z/IHE9JAYtfXB9WlAU1+v6qVRTY2YbKqhJvoMEWUQyjWlPV5zQC4H4fyeYCpEL7/ + 98UEY2lkCXfkxQNFRy6gTnuVZXfiu9V3ba4rdN13F2RZ2f/051jzo4HASWIHGQGU + zxp0T2x/7g9bradsnAiZSAa2iS7T9F5qtKHwxgfQLnhZ7/w33tZxmnGhG3M4O21A + wQgm1DZprEK92jMxMkjmY+cPad8Kp9ptuFp9sX5sGwwTaYcCWAkycphKwHuT7HYY + K2HvzAKEc1Ga/vLpb5HGVNuB7yntVFWAoN41A+zIhn9z6/qiPZms8oXw948CD8xT + RIb8Mkwtx3tQdNozkmT5NMM1NwsnndF5GmbKWgcc0pchQ/CGHqPLaiigWf+4qnTS + XAF9EMkanZWyLb3+NyQAZed04fi8GOqpaPRdPCHwxNG+LGdLqtfMYpk9rdkqMtVP + Z9oSJ5txuFXFRPhqpQBgQLC/DPOXT3Lz87FWoGjqL4OZEPqsHsFGfBt01PCy + =FnWf + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-05-03T20:00:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/+PPlENzEAwKPC+u7UaUgRDnPRoOK21hcS/LVEsO7MqWus + b0d7qVT1hoCmsHRI3kQu9B5p9obZ3Ci/gsaocZXNIoXNadTmKlTlEWjXdK84e2SE + /kLTfpJMdb7H+h0TjsE/trnzZhUCyBt5mRYNCYmhxRfoLtjyw58YA5aRXsGkaJJ/ + FbZPiSxIYlCdC/Ptih50ONYtmt5YXkILGF2Zc1bAPVkToB3XvLP110eeTYqDahLk + 1iAGCYJ938O53PACbU8wkocxHvYgkPkY7wN5WM6LgUTqHTgmCTrnTm6tnfLi7dMB + UxZPrVW84t8afdipC1xsHlZXr+XeUG2ogHs5OLDscZCNE2YLTtacuW7Xain54A5r + E8F5FVqmv8o5huyqiff6SFxqqXCPdQSI3aDwBtRJh8MwGzNBKTd/KQQVThNT3PDX + km2V9Fq2MoIoKYqJkX/Qy3e8weqY+mBNXFEDlDr3lyRSFT+R5WSXH5WPr3hYcGHW + OtRgJTTrlrFfRA8RVlkk5oPg7ZjtQg+Xw4zGC9kxTXk2uEvMxEZke+wtHWUYIHlT + mxtWLGjQIh4OPOwqlz9eM+4DiSrru26OUiXZu/KzMXpGyfYqhqPqRKrpfQyVzc2N + AYv0deluEZY5FiqaCd+Xn5ywC16SNxDG0uIjsWJlUNzuYVMlVW2F+bQJR2I7tZ/S + XAG9XxQXz5+sy089kn9m15woYfvSCvf+GAJl5df5FTnenjZyS/cuC9L71eTtPRpQ + EWdwJWVk24uZ7ZXhimnexkTQ+p1HNLCNJ45orLd0kHYYi3aCmQKOINOIFqga + =mRPc + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-05-03T20:00:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/+KFwDbiXnhzYszP8By69MKyfWqmLbLW5V2yNxY1Lb7wVp + kzRXZmrRmQ5cTmo8UcPn7+V0EWTv10RvrBc1wEsSNDRhszAvPBdhiGH9QeqI+R1M + t7ohFuTKtNEgg1fEJv0mHF2Dl7pg/nDEs2xYhGFLa6gHQH+rNKDEAX2Wr/JlFPIf + Zn+uOx2GtkfZHQs3vQ088mhfvMaIrSMozEDnFHKSuc4ZDh7Uo8+tfeSyG6HFa/oT + t4k6xt/0MpHEvyEStdlR8lcF69o82DHEBI1IFSR1tu+80X10LT6cptI37H7Jo3vp + eLU7I+BDHKX1T/LEF702wabm0H7A3eaE3RLn8LIM3TF7KAW/286TQ6aSA4KHRMpO + Y4cGLkLuQsg/HQaeAYLepJS9qOS68xLyHFSUxKK9oLgr77WvTWt8kJC2TwRKTSeA + hrBDuPeymU/0ljub96YXBvA27QgeGQxyAII2rBDxlrlvoiLgbEdF9LzzN3/l2oXS + +GTOv/odiMshSXZtjZLC1bSjRlhepmXOX/rc6sIBfbFU+4s+sQvQiIrugqo/bZZS + cmHT5SbRLlknTLTMibu3iJYVLgyK1148PeFimheS/xYIiMJ8a0zXMAVVJa7Iw7je + sj8Jglvj4Jyerx0EHXIBbXaZ0tmIM0colGDt3WyMhZ786Wsaf8Tm2vg4+vXofdzS + XAHAUO60LHQdnyFNMMICfhSZBCewnzGsaf4XDtbhoC4MH4KMboRfr3Lj6yPHSxAL + htSlOKwHJ1mtKV/j3aXFr2ckSIjBk0O7qe+NhjgWyn/ei2auMzUAYh/gpMKg + =cR1r + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-05-03T20:00:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVAQ/8DJhCD5zkRdM4yyl5uIZV2k7WdA+aTCtGR4+lR6aKKib1 + jNnzIT4C1tBevolfv1Qm9h0/dTvre9DmhuQzKv0/T83h4NzWVQj+U/0xDuGuydJ2 + NGKwWP2svKf0pF6LcCfsmCIjfENgjpMvp65wDfQlHYCP1VcyRcKINRTVYHSX8bGH + LUkMiW7zy5gnV1PWl9oRsIG/lVGvVB5uKxv6LAPj4wFAEN+fIr2x8uBH1DY2UFyI + A3gfuSvKFmcV3c6nfmhQh5ywxIU0oguuwZOs8zK9nx81RmmiJvf8VXusGtZH4Hfq + Gx0GbpzoMZBmKxgiOQ+0HwV0UT2upEIYPnKb5sZyaLwmxnKW7FPxTwo6vN8QzJjy + Ep61YFv3Sy09RccmGHJsr/FcDdfP4W7S1gIJqO9RgFcC3pJh1CZvoc3+NigsoyeB + MjRBQLA8eoO9AEvH5RMtiGyJPl/vPrc2WlVBy3TaRznJIdUo+WuoUvaW+QvWdulW + F4XXosgoaeyw+AYSA0nEV0qR3YZXNkJY/+r/mZGfi0SIEccztlq/BPtpMDgzxYjG + mj5GvT6Xg4q0F8RRfZLCqQ7yRhFBIsR6+BIJulZj35FELF5oFAvB7fxdZ2gHChWs + fg6kTRI4QcTBLLkoWHUCgrpEw2+O2UXQRSZZaiYmhCb3eynShBPGbWPpbXAPKmXS + XAGFafpworKosNggfs3piWGs2b7MV83tz5uf7e9QPGs+c43JXICuQS00I8Hgnwzj + ybdbM1m9bHvKucH2eWU9Ks9yPreeIbCsQ8MlSX4RyIDcECW9eFl8rtfqC6LF + =h99J + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2025-05-03T20:00:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ/9EkRT4O3pmCq11RH/doz7eqabPGWwSY9mpwNZJVjdP4Op + +3zzTeNAu7+Yr62g5LhkC/uTu5y4BCFHHuuRdevLtwFJ7H7avACQF3hK/bM5rjN1 + MsdnkhtNpyvBKV+RaE78Ji3/AuguEBenwLhwadwFWuUItSfmAuaLKTQsotDZFzh/ + VroiTqtoLV5AxYTluNoWK3+N0TG/z5nMg1Ui5DiWlwJ3Tgg36SxqogF3LKXAqZVJ + 5X7TLSivxptgmugZjua93iqyBCyNlktj/dNrqd0/YIg6xsznNcKsN23jQgQw2Ku0 + BcdO/WgV42hntzEo99iPn67B3S0O82H2MKno7AsQ9fZ9UjznQ712S547656PHYAq + gSCSolaI5piDDPLPrp78jm4MTIsnfngaslyPK4WzOIkq0d0kPA8LGwhtuIM4mEgs + Wu33Ir9N2yeDAE2MnJ7ySv9fSs1SJenw9jijRywCgy/vDvQaMa2czp/kqflhW43u + HcVrW0Tc3FHz8nIkDya0QXrSt1fj3eLREhNinbr+G63uBl5UCLcvh9e3sxtAgSZu + XtHi/krLkAS0r0rv29y6ap6adtY0VloBgOxZhTYPu66Pha5werFAeOGdXX/ONdTC + ql5KDMMEa218/ORRDLeexmR2PrrLgsDp4NTtiUw3GnYDN2iDO5e9xEBtRiWAgiHS + XAFuGmfCQyTR5qXCFT+ZCa6eKL9XoOlSa4cbef4HrHCyLV86BSS2eLQ3/kr09RGw + 6AwV0PJAKhtCSk1F4OywOnJJXyrk3uM3hcFKs/+ciwuK4qVi1YdKocuzwbXN + =cvH2 + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-05-03T20:00:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ/+KXpJutmLY2Kkf2DhxAaq+/vuIhlT/pNAb4xbzzhcOvqF + Kv6r/y4qj/I7Q3QTbSX9cnvYoRDnnBA6WTAKCs0Q2SWOK//zT3IZ7cl+hHaVcIK1 + SFcog5hwPOyOe1RJaP4tQzj3Ja8G/UxA0DbtSIAkZ0srDcv1nm8+JXMiw5iJkQ+0 + AZvmTIwDsGqmWWAN5Q3sl5eJE5qwFqRUrRVc4xCNwYLUYG+8iinFvBI+0Bn2+yNs + JnMeFDJaatmSZUv5qVUpYZ8dX3OhPhSYzRbmiDKr3vGsKtl3l2BGE1CUoXQvctDr + YKWvl2aI9gP1u6T04yAuZBnaX2UwWq/pMvlVghQOfBvJv2R7ScN8fAn8RM6PYaGz + HSAP5Iit+45/i7GtPpBAB0Oqd+6gtfF67ujMWDB73AFRt0uKpLnwQnYbs5m9YJQT + Pgq1YWeH3hA0amlseuf8AZjkZJr/IqBhGvYD6zm90nWTbZHMrcKDSlL2D0QwOuas + u4SEwpDPzanXyGF2wRAm134ClYljFwLAjoVuk2v8BEtlXNCz7bcRuFVkHLHsFGGF + kczStk9y5BUn3Gwl9IvypO0dfsRYBYWdiu/GnZptiFyJ+m64mFb2cUdu+FoiQcyj + fgz4eWg6FxPWdwc737IisbFCfo5qdR1tfiusPuiMMFgpuV0rlAkIme9QqtYhZSfS + XAGLUKC0wQ3nwlXoV5P4ixjH5wFwkUnUJjnYMA3y+CxWks83LkXW0SqDPTTIuUcs + GYaC2uxr60JFJqeGz0PG6Ul4AJX0iXCrzRaA5tLRFH++esQr1SUYuExSOuvl + =jQg1 + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-05-03T20:00:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//fVJ+MdZXrxj9XTS0zIjnms1IjdrvQSe1KDQPAM+4v8Ef + d+8oE9uKBOiPvkfLK9X/soM2LVi5knOcjFIVe60/Gy+/RBLGeemga9lJ8YP3O2h5 + bKlErkYTufXW4V8ieXciAcbK9D4Eh1UOt/MnAMy3YgQwh5x6uNTvHjhNPk5JJt+R + gsL8pZ86bbSfyXLnR/j3eO5m/vUfE9j21rHrsB0Krj1McWjCzuvNg5zsmyzs807j + ysqyj2XLBiK2T3+86OV0fCjcZ/padeNE8y4nVgpIqTu+nPk+qwsUYRwBdPtNgxmx + ApRPiw+6VdOIWasd/OVG8aPnQPgFfOyqfzof1RsTiYmixR6hnGZj0skCCkrcl85k + vPZECREW/X70Q4jCJd65Ca2vfHwukVgsqRjkwfIatvE+qOv408NJFIFArwwdWPa8 + SQmia0U+/ESbQOGY5jvGOLWrYaGwPm/t/LPDaJbEp23DmYtAiK9hGG7IQIpG9+cO + l3Edtxki1mE/wAnhQcZC6aSYHPrT2v52kACiV5V4CB3kZR/anqho1Diaj874N/IT + g5w/CiFysOAb9RKydWTSPCSPjDJRGtvhjeZAyee7ejl7ArJbsoZ1t4+gDaijIOGF + v59+SJ96DccwjWjAHL1M6jxwn69+clcfRNnBTdTJIHqllppa63YYiVxjCp8yflPS + XAEbxPZ7/dxDXMmq0StTPn1hxeZgLcipx1NoPLzRSniZp8/WzeG13lOb7RzRZOyo + sWU4rT7OZuhvT4dxDsOcnMdfZLp552ipWUXjXfBYQrW/0ct3fGoQfixuepiR + =kUQT + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-05-03T20:00:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pAQ//Rods7PGeRCDf4YLwRBNPQFfz67K8es53RmWZ9oCKiLyA + gt9cHF4JeMgKMX20LtF6VUFtJjT1SjkVpw9z6ZDkVMj0BjZ3OPH43mQDkeWxHuwD + /CIkvStntx3Yn7vruz/PT8H7Jhfj9oOnaS5pgHCbqmadq/k6qE886DXOXAeq3R7e + MO7/3VjsSbdldfJHXVvmsfeJUdwGkXjJUCiKjnpY7ZmQeSqmDjKHOKYlhseowCNl + AOK7Nfq6MhyQBlN9FQh0JAkG0cBYW4sR3zvoZCbxMY7siHH8UkLPzltSTFYUW90P + YWdyjr1hPJkxUTWvq62EwM8vDuUFKwaJaGAEk91IgqIu0d1d30cR5UxJB0DOoQVb + sHUD84+zTrQuEwDixgK3XZYBW78WFM1vUCHNcA942E/hEQkjTz4zaLB8sPh5wAV9 + RME8CNcqXAecjCtQu1SHWUY0V2jYfeDkxvvfjuscvFpyobwiKb6cFKDshygHYa83 + 5lwJNmwaLfkZbyN0yOh+sHl/RotpVgP9UcP2/+zLW1wGb+EP91VUe+cxo+nrtNaA + xjS8u7yjx5jTdxb5k1vPfaWLAGQwjowhN2z2ht741pYJHp8yGGaQNblyTOm0YAi3 + 6Qznaog128dupKKfl33aPttfCATcS6EZGSwFogS70GFWXTPKu+I2EleUjgi9AQfS + XAF+kDjRMiR1IiKQkcVichkKo09P+2rBD0puo17nE4v1DPeu67f0UgElY/dcmHuD + anxTlCt1Lspqf0G1EjypDIlHtVgUjPpsudFOSSd8QqUjHGUMwEW4CXaD2d2B + =EZSN + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2025-05-03T20:00:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAzl/SXf4vnc/vpZMYZVjV9EkRUIs4G+11iAUGFgTMoG8w + Xnq/dLi59VpKcXwBp6+NQy+OchDRNfVwxcRDUBpetOwidt1D4K9CDrEt9vFDyCJx + 0lwB/fJHu88keeS7s9jD2nNwGeCuZvdlnIvgag82BnGkd5zYPYnjA0lbeUXywuaa + R17Y5caW+N4lslwxnp6UDLzQWJGl9HcRwK5kbxRH6HaYkU6CyFL5EOKs7w88dw== + =HvK0 + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-05-03T20:00:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdA4zyupzL6dLotZwQQC/AZ2vklAGwbpaVu9XgH9H4WH3gw + SG74mn/Ze5YJYR1dOfEKmk2/mFZD354v38nf1N9NdeTpRT+3NVXy8EYHu7pGNHy+ + 0lYBT0Bm2ZFxURsAbGtduD7SUR/Z7cbq4ZouG3Q3ZOvOLoIHDcsAohfr45vvqa+l + Yf2JvBgpgietM7OP6KBJIrAmfZnMlHKKcMDvvGO87BcOQl6qgjiqkQ== + =tZvL + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-05-03T20:00:01Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ//eNA2kWh8DCMa4Eed7zagOMM1MSmCbX11NYtqOWEaN1mL + dDSNwONujGgLDJWJIWOvD38iJ13ZOr/R469n+Q0yFlSj5M9ARfXtaXgSB4vNkOWK + OpPZZJUo0rC0LA6qLke9ZV9McbaGGgfUrAtDd9CwO95h9LGD/i4GoHiwSbOz9PZr + V6jZU0AWr0vVL8jjdRWoZ4U/C0NqngxBPqaZPcmwdRQoP2P2gP+yt5cbULYrk64+ + R9WL+m0zZaIp+fhZjZBDzgBb0//FxdMA5KyhX5sMn8gkxwjV5+at2roqwFkawnjV + lRgVrKWr/wo6L2rnqp2X2VuuU84EnxSw+jOWpc8Q1HNIlwKte1dfp7QigtEjqEI6 + z120khHBydlyqel5kOwFqr/Mrem87IUjzqAJdxn/UHolEMoLpVXQofqNYIwXUAWd + iEuAcGIXXVwtK9GMBhDbM1RbGc1ELvwjllg3Cs2cFzKHhAcFV8wuNufwZqBd8eo7 + B5kY0DkdJseV81BauaqecRnTPQok8ELXZLQ0+YkDfrTWUu26oPz7kSNXOeYby6m9 + qkczZg/qiyxi0BnO/QLasUPfG9N83zessGfwPw+t5AsIhHbHSM4JdfzQObHDgSBf + QGiso8QjBmcLVnToBIIZriYqM7svtoykY3Zrh58MAl4/Yb/fNNHvB8TyBmP5PCbU + ZgEJAhD0xdSQDsPzXxaIeFEiHOey3p9eP78OwwgQxo/RzAHw+4FsT0w8ncQc34M0 + xaJTV3Fl6rfqCjEghRPT93AhLR8EU8gsPGf24qFImOBtYJoDmixMkjaR+jC+pE1C + Icw7BRUf2g== + =v352 + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index 231f581..366e94e 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -32,11 +32,11 @@ services: - keycloak environment: KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }} + KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['KEYCLOAK_ADMIN_PASSWORD']") }} KC_DB: postgres KC_DB_URL_HOST: db KC_DB_USERNAME: keycloak - KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }} + KC_DB_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['KC_DB_PASSWORD']") }} KC_HOSTNAME: https://id.hamburg.ccc.de KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de @@ -54,7 +54,7 @@ services: - "./database:/var/lib/postgresql/data" environment: POSTGRES_USER: keycloak - POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }} + POSTGRES_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['POSTGRES_PASSWORD']") }} POSTGRES_DB: keycloak id-invite-web: @@ -76,10 +76,10 @@ services: - "IDINVITE_URL=https://invite.hamburg.ccc.de" - "IDINVITE_KEYCLOAK_NAME=CCCHH ID" - "IDINVITE_VALID_HOURS=50" - - "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}" + - "IDINVITE_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_TOKEN_SECRET']") }}" - "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration" - "IDINVITE_CLIENT_ID=id-invite" - - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}" + - "IDINVITE_CLIENT_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_CLIENT_SECRET']") }}" - "MAIL_FROM=no-reply@hamburg.ccc.de" - "BOTTLE_HOST=0.0.0.0" @@ -96,7 +96,7 @@ services: - "MAIL_FROM=no-reply@id.hamburg.ccc.de" - "SMTP_HOSTNAME=cow.hamburg.ccc.de" - "SMTP_USERNAME=no-reply@id.hamburg.ccc.de" - - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}" + - "SMTP_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['NO_REPLY_SMTP']") }}" id-invite-keycloak: image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest @@ -107,10 +107,10 @@ services: environment: - "BOTTLE_HOST=0.0.0.0" - "IDINVITE_CLIENT_ID=id-invite" - - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}" + - "IDINVITE_CLIENT_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_CLIENT_SECRET']") }}" - "KEYCLOAK_API_URL=http://keycloak:8080" - "KEYCLOAK_API_USERNAME=id-invite" - - "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}" + - "KEYCLOAK_API_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_ADMIN_PASSWORD']") }}" - "KEYCLOAK_API_REALM=ccchh" - 'KEYCLOAK_GROUPS=["user"]' diff --git a/resources/chaosknoten/keycloak/secrets.yaml b/resources/chaosknoten/keycloak/secrets.yaml new file mode 100644 index 0000000..8125ef1 --- /dev/null +++ b/resources/chaosknoten/keycloak/secrets.yaml @@ -0,0 +1,242 @@ +KEYCLOAK_ADMIN_PASSWORD: ENC[AES256_GCM,data:ifiyV0ywHLiYIZfgo3LBsDu//d5B2ZKyysnUtXCXR6hGWJxQwM4ly/XglERsRNRwZtzWkndpLfXWxlMheZJoMA==,iv:YEjrBPoeqQayEd4rNSNpD6Yw0jgQsOQyRpDkv8RKiEk=,tag:KHf6eaeGZSuBipAPKBkB8Q==,type:str] +KC_DB_PASSWORD: ENC[AES256_GCM,data:h4v+6xLolQN2xWEKTZvrucvqFCUtqnDoSaoNfsXnktyXR5/vjjvqshpsyu6xGA9V2V3RX7BGk1nX9eooo4362A==,iv:Gvvz+r/gNEMAD0xJdXzNQpkhmwOY/70NQXYtJX8CkJA=,tag:0cj4qsTlYsZn7bz4NZDp4w==,type:str] +POSTGRES_PASSWORD: ENC[AES256_GCM,data:ihYTt9hd6RJNtWEtav5Cbzz8m/qUIw8WGTwMcU98f5wkYrMTd5HUjRjiWqcx8OaamiCnL6p8u9BBEerCeqeq2g==,iv:4F/sKKzaRiIN47M1a+gGhGMiexNp5x5l7UtPasbWmCg=,tag:3QsaYllKdkPyjiX37yICUQ==,type:str] +IDINVITE_TOKEN_SECRET: ENC[AES256_GCM,data:ZtUiwOAUST+QmR6I6ZSJ4GoV5qWvcIwZ7w==,iv:1XMYhMInEA5pn6PajQ1GToS4kCUAH6PGZOAA0AZAQEo=,tag:xBbGgvJZzSaNjJI/QKhUig==,type:str] +IDINVITE_CLIENT_SECRET: ENC[AES256_GCM,data:/3U7brcOL162xh9vXPW45Me7+yun9oHVCI3LLbbq8cw=,iv:+SyhYlGiFro75N9LuoGff5QLDG84GeczeYWQYJ07Li8=,tag:9QlbjBJgyt/+VbzLLWWJWg==,type:str] +IDINVITE_ADMIN_PASSWORD: ENC[AES256_GCM,data:xIxVMTN5rNZ9LuxqLMF9veLbpjqdSAHDRg==,iv:FctE+EIvL0c0RjANRDYk+6gZ/igxkEmLJ+Y371gMXOU=,tag:txlgkIVVFeJ6pXFG/+Z2TQ==,type:str] +NO_REPLY_SMTP: ENC[AES256_GCM,data:2XVjIt0tYZnjMSKP7rj+Gg==,iv:d/OFKnCwElUD05cv1XeQyrCQuhtf1JD2rRe5QI7T1P4=,tag:LQAhTYwIdoR+sCNfVh+08w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-05-03T19:52:12Z" + mac: ENC[AES256_GCM,data:t7Tp8G+2lEIyqy9SYo1cWFpXNJO0ekNsYRtlhizHAJ8VUTjJgQbVoArQygc2XQJWgbploJCTDxOOFh9aphV333OUj376ZQZjwg2msIhNSF/wp8gKw6GFIrqNZWLYR3zcvFdiARKJo3T5vIYmPRLVl0GwqVlIvBRuHOSjHmOeFDM=,iv:IXoOVkjWiHTzWTrWy8QH6WfO9bT6aIIrd5KU8pIeZW8=,tag:me7pC6Zu1TNqVlgyEwrhwg==,type:str] + pgp: + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtARAAlsCecsUz8CnpckiAsOZUe9MAFRZiSLeErMmZ6Bh4OzYa + PGeYuz4lSVq3RBkd3n7s8At0c96KE5Q9hgqXlBhaZVO5OXZm/pdSo/jykxDOqGgp + IGyEwJ9cvH5M7XfZidLMbj54+1BzA9/AW3iFSeQK5bbAi9KYmIzBE5VoVWXXixpG + czWV35x/6/rOhCWYZfr5JUM8PSSW8lhwlcA5ytoHAo0sKnbmOracK2apSJ/w4SBu + VtkpwzJ33TUdMqgFXkXIoGqHYE2ovH6GUktQzTY2AchVcwkOqoksD+mHnvy3GlY6 + 7Kw5ymKnOuOSiJXWt7dG9fVLKT+32m5NeiVf8FEx9vvz3hfTsTwXD2uet1BFYHC2 + rXVDf2reKojL4EulBN/2r/sL54tPn/YfkdQPaQVIo4giq6NZ7wR52I4bLys5jOc1 + l5wmKQqZcTVcIML0V6qTJcP6DyhspSpysoGOdr4j4rlzSctJPs5HGu5WGywL+fDj + 9+KKSYEotGMrOzknwFXCbAER1GFKOVmxyLEgPYxWJa0z0sgsyBU0FtU2j6l057S0 + VdVYEtzsamVUztxaJmKu4ei2hUBXO+PGYCdQH7ZX+uuBkHWWAVzUSspoe/3ncvt3 + 2HAX/+dZzGw4HE6pGChPABSI+txjwbeuyi3iPsBrby3GKv4yafSWxKg1RskDxRHU + aAEJAhDOhd391/ZDtMkT1Cwhf8H+U/aJDoeezvmHL8BMSIKDKOLhngr79bt0iY1p + 5uCIIMKO28SZUAgRPkGZVwTlLEuEgXPOeG+AFzkGUOuBMkPAIAJucXTS1Q1VyUaO + YP2rUyEAMxCo + =G/5o + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//bMTtv14q8MsLrIkyOW9XQroCFQUAnokoi6sv3d/rgWzF + ViQ4WHIsFYZ2HrFd2yPLweE4I4gbuyEEJAw7DvQiNSkME7zO2V2tovX1IXbzu7ua + 9sfykiT3vImd4LozPWDHR8FRdF/3HfuTQgYd5Qi7LrAj4UX0zUaMOE0tW4WJw6+J + kvgqErRgU5LYHD+l3b+CkR5tGJqsNESRGxbcRfMg/AFdeR3J2dwUV8wNI83WSGRI + xRU2SL46HLtx/RZ1Zq1/Q9Aufc+4UqtE+6PK4N2BuerzzXumqjO2vEda5Dc9yfww + 7e8l680TQLXtWwZozbIn37XOvDlYaQBO9GeDyZknNNPiIy3jqqZHvfomSRka2QOq + 7xitPGCgW54XxZRO39aKFCOryqzHfTPbHRTQvPfM8OYo4JaAmOn4hIWqIKy0pD9d + gsZLJ/YyPx4ZONgwcz2Cz2dLB6wC3pEagNKBrvgREmjaxTDEB8IStbL1AasEdJ7j + nSxJamZU0MK55IjdU+loPsHIK4U9dGr3MFHxpiLV73APcYprgwRwjmBU7MJ467Zf + kZFwmHDCFpZ7u2mWzxL4eE568a9hb1yiI2nNrsy7aGC50TTPPa9ErXOFd6Kbutlu + kUzFCZb6xd+SakuL6joTo4Et7DJNZ4nrJZwN/OSuE8ZTiGdH7onUM0UOlMNoBgLS + XgEytV1eo08+agpBece03q82iGIZ4fN5t3eYEVqbnr9+i5I45txR5B6lHyz3frfN + IpImr3kIDC0NQslUO0P1aBYeTeRc/9TWhPhtZS1wtIlURdFyLjUQIbnqNkRzDME= + =RY3P + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAAsfjYIn5vhU5mjI/IkfYl5sdVquNI/f3boIA3hMKZdwqu + UrzVysIfqZLBACms27s9LPQNpeccQHNWQFdWzmNWtx8bwGQRFWjPgERJ0Uin/M5/ + 6ICE+a149oe61pE/5ixQ9AvZcMIUF7iXYqUT6yODxgKKnvprbSNNr5kC8RwACHq/ + KRqpZ3eZR9Trz8teOBCxwh7tJx5PzTPT5QbGeuLKlSd38RHgo8fe21ffVTYtDL7o + t+uglJV33H4diQRvciH5hO/mpVRw2EBnmITn5dWSunSx1mfMVrOr/lHsfiyoEEBs + 8xmmNd0oaN0M4XYx7PNh7YMGaR0SgDcEVI5KmU9hNwDG70o2RIT7OrI5W2ccJLGS + TyYiPWAWgfVfniXA1Ydjkwkd8x6AspBZQMJTsNiaBs5dk47e4txKQshSOpReZHNz + Xv7fHBocsSlFZRl0ydB279L3Z4q8aOFKYMIw1N6T+jwhns0zBnMRj705A/z/lXqI + 22x5gOY4uFcFUm8/GtWrh7bmN1X5R3fIehP3qposIpeBvrCi4MFoIpcltbiiPkHF + ToYUFtO5/QAdhn/RosJRljTA/DFzOnlzuGuvov9XbeuJewtR+ZJmpEeBe+Z6tN5C + dCIMrjFYNndHbYHF4ztAu6PT8Hzq1nw4sTFM0Fyur3LIQHd7F9aXI7+oQugczfLS + XgE0L0AnLJRABd2Pz1IibBO9Y+la2xaCpqhxw4C2ohdusIGSfcz8aqvC6PYviovA + jZ185Bxs2TyPwqPxXve2h0zvqbpaOTmc/0PVoRQEVXkrkL8FfxLxPsJss18hdos= + =mqr8 + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ//erl8qaY9wijgSKKu2xGikhQQz7DkYq0lCZ8KrKyakgLA + 2vyuFg0+b73/jUd81Xy7j168SRW6GS6Ms/9v6lgGjSt+e51b1nv6G4ob1+KEqu19 + EbTRNeMmTcFoXVMuXL3C2PWVUAE5Gs4POZai18eegQtm3dgOax5/25FvNZXmsoYh + NYr6+vdZw3Au8KZdFov7iMK0/GX/6GR6XJj5Vlv3SMF8GTCxOyeZwmkk0ud6/5Gp + amnz327woNAs0oPnoJ6cWO/zlAYb7EkmMfbKG0/9EFErXYkC6Y8N8LrGtOpZXHJG + doFot4TOPIJGiDbTL6D4+QnIqVchym7JiGmYUGxdzmEXiwe8AO6sKJOR8kZKU+1G + aSHjpq96IvPewBOJA9NghAI9JoCsWXtqYlpTjeiTXciHqB5NZSgU133R/dqZ01r0 + k4iP1I84hbx6XSdxejySFX9Vscf38WhEfV+KgM7xOJhDTJ8HozQQGj4OpD1WOL0Y + rP3y58uLF1I3qy9V1csoJtq/+no+cXx3mohc+iiwXQyhYAJML9pLBbnmWJo+O1Gx + hHYbRDmBM2Qn5TYq3fPOPKNFuKr4pLqz4jy4JC338hTamGQNjbNP/BCCQQJOGdRr + P2klOkSiZepkLSUSbLVlpZWT/wAqgz2JSxsCENoMUuwPvbK6m2cMs/9A/7JMWZbS + XgHCqYLJ30G9mtGc/+dpFk6xzpKg9SHHaos2JV/TuqU3O1KetAB4TUEAwLOj1c0Z + Kf0HlK6l1J4ya2RQqiK6Inek9/D2+KKcvmcMD7ZYQlyeNkLIzKkQIztHS73AuUs= + =14aT + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVARAAnMF45HC4rYs6NFlsOestm2UrYTMRTkaQh3Sg55c3E1wL + gaBBuzfgZt8Kwv27d3Prbu8joawbHuFVEtT8n9qW7EYRlkmwX+HptrvBLWHvCGfR + L/rqCN+6HUJlA+L2RVpcl3dWcI7g1n2/P0+h+3V8z0AlDIWXO71vzX40EsNt5oKW + FHxEw+0bPEHhrFPJzf0HQgp6XBh60T98JZKi5zq/MgbLreLkEswL23XdiR1diFN4 + 0TCPivcJ78bBpONRvd6mlD2gFc0YDACHCsFPZRL1pq0gxvE1ZNydGkTkjgiKY6B3 + 3VMjWz2wTgiXqArJR84O6qfjZYX1eP8Qd/+jjvxuUGhax8LRu4J/Ccfqp3uZD3oR + N5ITo7kjWGmdrXCATGLhAD9aneWuBlyHNJfwHZxsf7NeL98d2tuYGF/kpBTy/5zu + F9MlJyTS3OWkSInWrB7XaRB5slSOCi1JM5GvlEooklVl64t6+yIxQf1UA8LBaMOV + vZ4Zngcr1FF3CJ4m3yU/WhL8GSuySSlGlWvgfZNYsmJ20Q2AqGyVID9IKXlFNvWf + 04nnxuQUOmdwQ4OifgCMfvzcyt1eo7yXJ7pgMVT2Xmy6bTLZIrPHw33fP/C8cKCd + oiUjn962vNI2E96MDlTZxOrQhOOmSQbu4xbqiSSqEZ70xEckmjE0xxR1JwI3rSDS + XgGuitcNHdV1u00dPzY49PIQWk8wNjqKdHeZ8a5tAjdmps8ACHhL2dTd4j2pTgff + XfvVU4iwMajbU3p3HjiB7chmYQ+U7iC+CiFuAQbjklPwNorqAIcN5zP0pOJ6O+0= + =xD2W + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fARAAgaSoB6hSUrpjgo/QOMIQmgjPtF/KtHASST7+/liqcIem + iQeT5xwACl898ez2a1elKtgFYUVTOopuc108HyCGmFut2/T9u6uGipOfE8WGROu9 + 72mx4hq5IGB6mVz3YIucH6NGCpH8lGnQvkeGydpYUUJPzbv9AWewn0IySJVnC1uw + UZy4h+mTSFH5Z4XW4JDnPXamfEwKTSHsbM6KHPvql+CLnJgwTOqln3vZeF0YumSk + iH1xO7OslluJ77jiZlcCfk1uJ2vMCDJGmp7DziMeyf+wTFckvjDnXG79AtQzQ+HB + 3fcymp+DMIJbMocGiwtXgpEv/4TGTrbhpZWE260ddmOlrzCakahjA6AjGubu6oeO + m6G8ZTnm0RCNvjmldykW4MZCIbsChZwKAQEOUymiX5JFa0ayZQq1CR1GCGwsU20a + odNI3z3hpJCwI2Vo21nlNc9hiUp+zA1fJteBDnCS8j8QuinFi9G6x0dT9P6i2+ED + yV7ULKsAemCzwQhhudYondo78E5lABgGxVKI/+2gkwZTIc4VU9/aRNftZLszlc+8 + nRIs77btYflj9NiK2JCoxr57UpNq19JLs6Otc0vTOjtieG5uDl6RmYOvD9+A731i + rAAMbgtGzM/1dNnls4VpVko7b8elm+kywijXwSXUzGYXfFojIYcfrCOxmLgGBKrS + XgEyMad9QOGTFJZDtcBghfodvs6xfLSYwwT2tDWgSzW4GRmJfvb6b+AR3+4JZ+OL + QQhUFVWM+rVHmAfbnLSfPbLVJFrOPjsTiCOk2onJjiRv8MHWL0QoobZvG/1/zhQ= + =87lW + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ/7BqkS+RsQa7o8pEN3v1OHEMgSJvwmoP/yoOuXycv8tAQz + VWxrmh4oYlrOc0xHKTotGT5IY9uJi062sVLbnqVwa9EQ96bNM/r0LleBOkO2LsqF + t4aXYKV2njzCb63QpjkeguHQtGi0szKWX+cny+AK2CuY3fpG4i/Pbn14fTE1kDlj + EZD5eXgPSeAG8lQkQazG9yzXOOGJ72mWn3819T3VAFYs7/cXBPYIwB5BD7EYAbg+ + dG7ihiMbcz5b94EdkOTqauJKCTjGE3hsjjE7cKRt+BR2fHXkflrRW/ALBJSA2m4u + aDvjAPyvg5MIuJljQ0imXsUUY+aga9oWqfRFR9RsBZqXJD193HXzzZg+WrfCvI8L + fmnRDzEjJ7LYiFJ0Qs7SEuFmlTAa0bk5FWMtVmCjcTrc2Si8o7+yuhysPTIUKogE + QG65iUk7UozuGJapZYI4J46E1586R+LNi3MmKiYwvD06wprRKdJ3vUqTHzaqwqTp + S+RbUi55WciSaWs7EQrO042U1mgsyphG5cGpmXT6AvDwNYDrTBbBM1E8QKkZVp9Y + lKF5ywatwrpWyaxb7OMB8cWaK1RXjB3eDOSYNTUggCx0l/IMAKSoKuK5Qr3Tlcyb + zBENWNuO6WawhJMac7ZlB6s4SpiZxFMKVVBx1BdsNb/OY3L0BZmnZgWDwvggqTnS + XgFcVQFmgq+K2CcXsyiMD303sQmW5MHLrLzjUfvH4QRQ7mhDxLqeKQ3HTTB1IeKY + u0RE/XKAN68fVSeIBcgaXTNITI8TIyGCpXO+BWv9x3k/f8jwMuZjUUD7ikJbzi4= + =EwRO + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//eJiqttBEkbKmuK4eov9Lo5ZyO2gOfnwJMXm/uFjaMzrq + VNsjy2PuYZ8TncBTqwDYhTJ4PsMpu7xm9fTBx+JjIhnZHTznQ6lkE/hEfFdeVPtj + Pg3cTO9SuK+DDYqxPcDux3ZBAt/VheApCLFQbj9wXQZTRo3rWUzgdeElTRzJUSKr + Z7yDahdie3roxRTn/yM20d5DuPmAP/ae9XxY9KnBC+utaBsWX0lv7kZDPaJQ5XBc + lZxk/cGn2AAXaWWzDbx5hYvoDQRq1ifaoCE2TMitXwnVtiTvZAxZS7LHtm5rx+gF + zVP/ZcoRMEFBS2CPunE3uEnYF0vux9PkvsOmE9Z3BbjpY5juOOlf+R0pcn1Yw6oH + Sge6DzcJScZ4p1LCr5/pv8WlE6roIpA/YswYKY96+GSmfHbLi4YvlBxrVYJv7hNP + Y2Ce8hcmbiPkiJ83h2RAW9kyX406NipiWy2WJA6hEKNAkS67lhw8gn30/UpkyHNB + QBPQSiO+EvHlOE02UhYiRSyYa7sGypkNicEvX18U1VXLei7CN7Wq/Y0sm33Ebnx6 + jh48vOdwKjc5dVTwBAmX6GtNkpXY/xuNipwtcwJKerP2Neh4nk25tKTjmTXP1e7c + 3Ka1Uur8st7UYHspeHSHJjnGgaSMqY7V2WsRzjOV8d32WxzH9NTCm0XgaxXkj5rS + XgFzvL4Oi6AwE7pU0OwHCYHCYhgI55jX/gBCp8eOWl/vzbAllXFZkTE+1K7zCghu + bmvxhcdGIHO1Hhossy3KD92njLvhGjcjtcCdaZJnDTKmYBzVZZ2ZiHX6vXYl7gs= + =inE/ + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pAQ/+MF6PrPLjAS+QnXkKQMVTSxo95MCPkQmXCPfGpxiEUFP7 + cFCsynGmqpYvhPLJqxlF2FwC34T/1MGv9ejYECfsFHhTiUqr4u+OGEG+Y3HnOG6E + OUHa533f8uUFqhoinC2l6v7Ka0XZUN8U91NRqDlclzAa8bCVSYBr2xtqkpe/idIz + lVsnhnTtG0O05voztB2qd2Nhq/Kyavb8w4dunweXVpp5wTuVsvdppPfdK0/2kLp6 + CO+2MeBgLHeb3cRcqgsVFs1j/iJyCSPDgvZK5hPm7K+gxL/KoBV3SQUM6JibFWt/ + CxGVHCAdavBmvQUQpcJ/GcXO2z4LfRcsZlGbZY5hfQ8omb7QF5EYCtwtfEOGpPVc + ne187Mlq5PgqK7D6rG2EHke5TraIGtkzJxyM50v2EGNrANh787YOfPDWgwgw/OWM + 6SpfIS/wIGwvHMAZKPP0Bky5tmSePvk7xVVEq4TY7UBB/ndOCzz/GEyWjs2oifE1 + o56dqsUgBiX++SrXxHldU8WqN7LHwBi+8HSFa5hi27gIMcGsXp8FSdnZb0u5CA3W + hvCswjwv8SHt6g/tpAkEUYair4ZELhJooPy6SemV1DLLyJmJmdObHeiE7pvqkh83 + GMH7G5iwcHWcOWn08iFsubz6nf8XsJ43M5X0NO4XRF8W3HhIAqDGNmZU3C8RbMLS + XgG1DJ71CT8bACyUGxuDBsW9P0JJn3wPlcVzi4i3aSxY9mcPc6io8TzedOf/bElm + g9iFKEXxWGk5GgUmVWNGaQIwqNwG/OM3t19Tba+VOdWbVdBN84r7DcXGY52K5Kc= + =xcRA + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAcZM9nigmcaFdRVOWjgBMqN3VF0atnfy5Zw9cowdtnUUw + dROW3r6ukUzpSu6AU9H0jYVB0i2p0DSlToK3fR6JcESjoq4AnPFSZ9UwaSTzfnkq + 0l4BFK57V9AgtPnYWw2GdwyDCwkWGrraqV9LHFCgvkaY1qkioY12KgpnMjmvBOxn + HBWYuiOzE/P5iGgyZA10TKN5NVFY8V/99djYSMA2PgqdJ1VFS/CXVbeuUGWqt0pe + =Fdf0 + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdA9NXYBmSAcUPEkOo9bl3uya15K/V1euv2kb7hI0nAt3Yw + pJ2VN3shYfG6InaiGuE0fSZJ3kgxrjC6lRmoRzmw/Y6T4ijBpUT0YGnBw4Avbxdf + 0lgBEeBV6SFy6kQPJAfZ+6jJTc69bMku1RtJcBbM67tubn4IcFlgWd4heijxIW2Z + dWwIxaNxUlQ2I4EU3ElZ2Y8j7wUgl6DEdhHcD8Ts20w0VMmjrEgQviLH + =M4OW + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-05-03T19:48:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAxyj8/2Ogapa8QAUjDkdnexURS9wnP3JGa4JKvdi07BaF + uJOzOdboBhrMwZug4uZsbgBou02jbNIyP2QpxarVcmhtC1eij4JqVsa81OE+hKES + fwl752MiQD0QblKwEng+816iazBA1oUdYyqW0OsZXK3xydjfyRSiY1skbmz9iZfM + d3pp19xlf/fisDeCCZX/ylLOUn9Rbn7QCdIvVuv6yjwC0tutjDaU8BwFYqgaRXds + 6Q4TEQCPBJBEycmXZrXtBQ2mKtLnxUlcXd+G1x7J9UBPrBPe8cn8vi2U4hzBaPf5 + N/mz/3r1S5WDG48eDShgMkrtyn1nG+mCLvPxgIHbCVNiufmEKeQKAFQkqZEmeFre + jb6Rh0F72lABJ0pnpWo+1rRuDJPgTe6IfpWtCmar/YAPHKrjGw5JcXuobYRadQXS + FHyTuXXW/20bWoDrGEnFX4nA0eHVTwoBpxiFrRUnjwlTOnJ6ntYKPDVzU59MPY5d + i388xEwdtOzv//e6kRhI517RVMoavRQ0ldBlxwRbTM17zetilb0c4CITyyTJ3pBr + sUv+XwtLhy7xiq7LlliCUc9QUcXRRFttAJfNyKMDqZ9JbwB5f37GmZIMqiJnd9Tv + ur8zPGp3gGLJ20S4/Bj69te95pBP4myweugr7mj+A1lgrrtsReHcJ2D04hwT+aXU + aAEJAhDXuvIXoDHr6c1CwUBiRNQfISQmOohiEWG/Arq/ISt6a8NI3pQbKN3f0k3q + xygtB3ZTfvS821h8VrqvCcI/tGTWJ3TymaXAR+mGLeW5QPtQP7M13buYh9aoLsa0 + DK5E8OARtCaR + =FH+h + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/resources/chaosknoten/netbox/netbox/configuration.py.j2 b/resources/chaosknoten/netbox/netbox/configuration.py.j2 index 789a539..287786c 100644 --- a/resources/chaosknoten/netbox/netbox/configuration.py.j2 +++ b/resources/chaosknoten/netbox/netbox/configuration.py.j2 @@ -3,7 +3,7 @@ DATABASE = { "HOST": "localhost", "NAME": "netbox", "USER": "netbox", - "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}", + "PASSWORD": "{{ lookup('community.sops.sops', 'resources/chaosknoten/netbox/secrets.yaml', extract='[\"DATABASE_PASSWORD\"]') }}", } REDIS = { "tasks": { @@ -23,7 +23,7 @@ REDIS = { "SSL": False, }, } -SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SECRET_KEY', create=false, missing='error') }}" +SECRET_KEY = "{{ lookup('community.sops.sops', 'resources/chaosknoten/netbox/secrets.yaml', extract='[\"SECRET_KEY\"]') }}" SESSION_COOKIE_SECURE = True # CCCHH ID (Keycloak) integration. @@ -38,7 +38,7 @@ SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = ( ) SOCIAL_AUTH_KEYCLOAK_KEY = "netbox" SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB" -SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}" +SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.sops.sops', 'resources/chaosknoten/netbox/secrets.yaml', extract='[\"SOCIAL_AUTH_KEYCLOAK_SECRET\"]') }}" # Use custom OIDC group and role mapping pipeline functions added in via # netbox__custom_pipeline_oidc_group_and_role_mapping. # The default pipeline this is based on can be found here: diff --git a/resources/chaosknoten/netbox/secrets.yaml b/resources/chaosknoten/netbox/secrets.yaml new file mode 100644 index 0000000..7673b44 --- /dev/null +++ b/resources/chaosknoten/netbox/secrets.yaml @@ -0,0 +1,238 @@ +DATABASE_PASSWORD: ENC[AES256_GCM,data:PL+VW8UlAdZbL5CxneydeW7FiDWv0s76rRkdjRT6RfSjN6bHyL7wJfv20cc8QtE/7ACdVFoYe6uXnfygRRUCgQ==,iv:wQP9VzAH0eTDyDPQpYmsKeVThQCzdaHDvcX6eFgjUho=,tag:4jc7Wx4gY5r2XpEHhHSZ6Q==,type:str] +SECRET_KEY: ENC[AES256_GCM,data:5jtW/ymn/k20bTvdx+fUMJZZBwxclqyZwpRF3+DRJiABZehUYByjwuLe+GXiCaKNjI8=,iv:fz85tWdSaEnmx67NUqoekcVB8meZnMahmeqw5bNRp/4=,tag:veo3Qc3dwGeSj4YTDDL/vg==,type:str] +SOCIAL_AUTH_KEYCLOAK_SECRET: ENC[AES256_GCM,data:sUEvuYWlx4B/vjYdm8hZym/R3D4BIKVMTZuLZTsnL88=,iv:bbXbHY010ASasJE7oz1q585yg8KRTDcE1rFVk1lzfRs=,tag:7e7PWvwVtng1Azy5C9C3Gg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-05-03T21:07:10Z" + mac: ENC[AES256_GCM,data:PKLClihEdwtcTb20/b6ChsiqKDUesOevL5+5IEKi7D+KfCOVP7tNnjwxtsMrAUO8+ng2Vh560640pZLVMeLsO5CS2+5b6NkIJeFYyBQeOxCJ0ykuTI9d+pJ+X2EXVUAXLCpiEAywiJeWHunh3JsLAryObxn/eljDqvE5tPX0Yd4=,iv:X4FMyelmNAf37eozHjx1sO/hi6aqrcWjqGpM7kIoKL8=,tag:pMkCNAsMq0F3RPdOaZDjJw==,type:str] + pgp: + - created_at: "2025-05-03T21:06:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//e1l1vASGqewH6svL6zyKdVbar9z/r8lpSSVyWifmYD8P + zNTBR/sYUt3OyaoUry9oFl9XyfCKTlypLi+zTWlurMDgjres0gcCmHCTKermU1sU + U+dRFyZcRH5+4+GCKEM1Yr5SY5OZEwRwgJBI4vd8m4b3POa9ivsykCiIJVtPvNFf + Nd4ngfgIAkL6j4QXypFfDqbsKSrE4luPL7MVuw/FEdvO20PubKTLGyAo2TxLcq0e + A9n9S4rY0Ke4meLUrZsb3lq3SnBN9rOvIN3XbcmtmvO6jCmenLArzQaL8cjx2EKy + DmqhPqTrkbJgy0utMGvosyaRTGsjvvxk0fU1Olpl7MzhagX2U6nKP5s+Qk7PaBsK + TEH5CSrr8YbptDUIbJqao1A0z1hkv6kODITdlxxdK+iXsi6VKcvEzFs2PTDTqPIT + lnhlzlZLypdQhx/0/DMKsIOHrvT3BgQgMDj9Vt8cA/UXjnGK6rmX1VyXRC5MyBqE + NsytdKl2JUAFUJ1+PVcDefQYgo2ceQK86ZQ0Ol1yf9sOY/GW8fCIRw1TPy30U5sr + SOVGtBIj8Hj/Xwx2Sw0DzeBwyPNa2bth26+Sc5nWWXbMnBLaa79dOOVWs9A4kSEw + qT84xg5fLH+lgQkuKHZ6YJcXA5V0a8A9fI+9xnLK2totJxtMI34VdHEozTYmrL/U + aAEJAhDnZD6rDx2Wm3S2agGmCYVQBRYluLZCGVGPFIWRgooUZh8T+PJmDWKGfVN1 + nSwyhGJptFrGP0d3nbnJ/ayK1f3HcqGuqG2WbQZAg0dR8oEFUwgHX/72sKK3mGq1 + Gzq1z7TMgU90 + =ZDXX + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-05-03T21:06:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ/+Lv5wak+JKDhr5XCCnc04KBPNFw0sb0NFfdLzwHXayHGY + chMo56UeX5UsmOCtlFqcEC+2QpXnvqNKhI+kjMa7ARcvs3ecDL0Z1cvhSn9nMKJK + Xi/IxJaGAEEDii/AL00G8M9LBXEg2eRXeuWvoxU1Lt8Id6oSmSgL1BbBPLWPLlQf + ddCCAzBajvnZ8tYDIHV3eY1iWKH2MbCqV9eH3hP48l+maR27DaT+z10s2AvtOucE + P1n3Q0QsfUrfM9XLldak4fhWq1ykmj1NyHrcLmV3ySdufkJ7amThlPiYl/2g2QNY + 0TSs2/R/VvzpveTFGXxcVveS/1KuLNzOTEwSoRnkoAqxbXb2aFV/7H5SWUDQADvB + qAHTLlN9lH0fd4adN8Liq7SgWd29pGnHaGCmZBEPExrRnKLv3mjsb4Me9B6xzHiA + f6/4cI97mCHiin2T9gxcDBvOnO3rcjWalTlsA24aO+Z0nXorBcJzoWITH4ZsluNj + Zau73K3qe2GBPtYsRyHR7nUgxpTAOXeXeO64+DepYCC4czZ2iEmtlf+xWJ3Gy8FU + nlU5ysoVVvkAtX6LZCbelecyX853f8F1B5kjkycqERgIKEFAxSo3OJTCzDe/PbCc + Pk/Zs+5enAtN8+dD+jTrHLHX9gSOZPdT32/WlOua38ELsfoSCNqsj0HTLuM/ORjS + XgEEitd3eb9U1YcGYJ258/x2v+ELhTiEVY1hYqD0j1dabZiNEpd2+BJ8tJY44A1a + 0ZOrevMWFLiu6aE5Th+xw1DgXpmrMuxtxSHBJPzs3kZaxWQ0hiTJEGs/RKjzZ8A= + =vc52 + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-05-03T21:06:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ//TPfUT/jQX6rf3QiAyQPq4tHghd4QUx6o3giRAANW4/Qw + EKB7/kTwPjfwXbsoLLcFf38kf6Nr7a+NkkgU6BUbRouTW+SFFKTQSVfslQfF2hyu + YlN7sQHL51e6s/geuKU9/4X9+wGECLXJ+bEBD8z2O57vvI3nHHx607EnTW7ZU6G4 + H9QR8CfQvXdOreuxJHuSxReWgivbH+4JIZSQROUqeHbAsbdrtQkpFM2njPvknO8g + a8uklHLVyFlbJuCHVeGDSgqKIRg/wGHOBsPUR8BCow16TwfgEzFDE2EkqPkb9h03 + DfpbMgYycgAp8MVCQfC1vvxG5ysQTbQ5fGTCJ48bMB78j8VxtvkfyczBmG7gw22t + gwg+t7eBhOuuVHkBBjuAd2Vzt7x3n+FrPIst3NO7UiGG3Ctf2tnSa69ZqTy3dVhh + j4USGTNetXzIdAb5ExiqLir1M1hFq/vSE+yg7q+ktt9afXrFLVgZ98zemDsVqhsj + vwsPTGBk+8gavChulmxnUCQgunpaQ8nokHVC/dbhtLM7ZIyV1QLMj40Fsg6J6X93 + q5DWPX2DPi4zqCWvZCJF18YSWR45XcsOtqkzCJbAdJKs029Y6oP92Nq8k/gRf18g + j1EeYHm5nJLySsdTB+aQ2cKmA7eIQ6gadfGs4o/Ge4Sd2RwcX0ch+dzHvB6YK2HS + XgFpVWTm/z/XCK0nxo9eMPltPL0jEM0qMpk8flVcqQMVzba0hVq5MCzkQycFsfg/ + xCzi40J2e/Feh02TPA2picple/C20CcB81Ib3m7CyKCnUf+evEmKr5scwdsdB0s= + =laDO + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-05-03T21:06:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/+N9agBO50stdifyK81Gs/u9haLtSJvt+qVv6uMaP7i/yT + /p2KmJ40SdpmN890Wvqgz5SigWeyEnhzoJuymuTwRLzYcZiEl4pQpKF/FFBokO8i + 6gDxMgXM75UkDQ0C1xv3US7zw4ePSshSaKC6t0q8gF16WIbVLGM8a9zWutTbbuYD + fMVfCLx/n+z1xGw40qGLI0NKvV/jMNRhcXc8bOmyi2A4CkTnBLwyrfOzkMQSC7Fn + yS3n4XCe/S1LAHNkN8us9iPlFzwjG3nwBeyS/vnPnF7Cy/1DvysZCmoCMAm+DN9g + jYdjO2kd8MxnYpueYzJ8+Hwka5q3yZjBAYXeaY1VIiI4AaQSo9W3qc9BPda/lunW + bW5hvVAGZ3NmjkrMSDoyUVjBJFan042jQhZjB0vU52TMv+MWpUbwqEHu+caO7N6e + 5M9nyZ39Sauvk3mD/f3OtSgRZRWwQ1dgER34kMmvVCDBDECfwNBfk44jLzzUvkpp + oFjz5PaBzdmUW9qKhCGu+2v90C+EHje5yf9N71kgVj3x/MHPooeNzhfy8X9cZ0hf + TB/wa6AGwHGGQYZcO4qLWtFJV0XkSJ2tim6qR3q21mBkqtJqnjATiOEcYgDXXN8u + pv2B+DxK5fZIZH8X457HFmVzjLqsrLJtuLvVh07Qum2fLhqWbUb3oZM0I/S5333S + XgF+YaV/cViGp3a2lGd9Khh0yJmKaDgPX83sEpBmS32kXegvBaHeLSm4CcTwmrFZ + q82qJdZzGh9w+/Ah1C7dUp8tv4oiQmtnHQ4a86Ir30BFQdgVmcvDXTWN28k28Ss= + =D/lR + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-05-03T21:06:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVAQ/+JMHWk7uwJBuVpOTjD4YtwRAV/tKYBzBGJ+UqCcG/r9XK + VprIs0mXljcjdvbc9udV9tXSXI4JsrBEDpUs2yW3OVVpH6d1lPo05Rj4c8b/PIlU + 8KoSvZldR679g9qocUHpCBRRNQEZJ2iZm5ISVJVCti2G8C2zrE1jin+GWlmJ2vjK + Nk0CHKb/c0GSBraAyh2JzInd6C4UJFW/ZaAhrbwYUhTo6wpJiEGTIIiV3hwEQ7Ao + Y1JVxlqIGdL9kJ0l7haLKqHLFgXQ4iItCsw5hRqeBLLzAN/NwAMQu0lqFe44v13G + RfcoO89XMn08QVAHkTT25TzT8viiKtaOS7fZhO3eAJkxWligHhpTosy0dBofqUqY + HGJh5dG7Hlm+MWUAWVQBJz8/UhkJ+CQcYWShVXFx8RqCTtxiFpLw/kTt45s7DPv6 + kzkIFsRHXK302HlaEv8f/UvRuYNFRmrGrFpXOdF9ODCaeaxm5E6A/FeJXW4KonOn + /butppRe94MaFf/aYfZL+g3VeHo9eT9HXLcRcekm+oIeWEv5t15oZ+w54aqjYOno + 8rIxC4a8eWjWdU9c6LjaHWRa5tEvGP+vlfsV4yH6wGiOK6xPlME+ikYrka5PDSOG + xEvcCIG+KrugQZYgfvH/6fUKsPRitDQHQjG6HNTSVfIHnHoqntlbtuvA3ptSnKzS + XgH5E6gSyOaJH4asmXKT98HX87iBTa4SmEYuwZqjRKipUPHu7ZBO8rHrCv3VEaM6 + btDgJG9rePCSwg+WP5TaAhFvw/5QAekmydSz9SKgS3PenzeFa0tei9ylwGAaib4= + =Mbmt + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2025-05-03T21:06:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ/8DCABJ4gv/PzVBW51rq41776U4UxAkt0u+VEZNlRsuQRk + Zl3osLjxVagOiTL0hjpsqUq+2DPwLmpSGK4Xm+u0lvXViZR5TNe9u7YHZ8oPCmUJ + 6hCvMyeX9UwprQBAHh9TqeNu/ZxWaVJjYhDOWQOeRCNbQpav6JmUAw30BsFDpg5z + /HhSEPxOxfPsjwFmNJ0/eHFj5PtKuRP4Fq5459EaeqUokHiTNR6+1sWjOYjXydEq + /m9XKugXxrjDJ6LrockjFXldZqfgzIUfN5Y+mEo7z0aqg6IupDg4y23p1BSxF4zN + 1wb7y2vAhAu3QZXRjF/QIjJXSgTwAsZ0d446sHGdXY+/RppQDU5eH+fmVlh4LZAf + BZnV/oFpaXuU7bxyUpyjvZuZpkq8pjtAj4sWfMGSte81KdJ2fIQwjUXJL0/2B+z9 + phl8ZZ5ceVDgfzSf8RdJC0HFf/2oy6fEMRWG0B/8BONKBZIGtSoEJFrXChadZNlq + u9yTNm+HjXPjrq6jKTgxkYd0XLv3KWuzk0RIPKsnHaX2bVpJ7zu6KMna8tAJ5UZ+ + Y04AJyCrILpGFWUrNYLNDqTxgY0wo3iPq3UJIiL3x2chKVr1kE//HtsqGq2Ebi8h + 4O5GyaH+/CO+KI1PX11HrJYBDWcKblbu50/DgJ0ADNtJYvIpv/66MKRfvAhUf43S + XgGewkjx2jTiy9u77ywc9mzZNGgvvbAlHH+HjePNm1pNklHqY6AEeufadwuc9A4Q + lfj15OcLdrsno1Kx+JXY12X2UHeyY6fpLFaJDqmOCkDULhN5EmQT66eKw+Xuqh0= + =YHP1 + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-05-03T21:06:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoARAAjQyI/TkO4z3Jrbcwl2YBm4OqeM8dVaBrhIwfkkKBodiz + uN98KGinIMs78a7SL1/7G5G2/xs9zG6kRJnhEdnsjbtQrg4Z3aifojiOvXItgf7L + JeBSh9D63UPiY7PcM1nL/7KDeq0CsA/DDQQKckpG9f55SsXhrwWjyprPlQDE8oqS + 4QOJ4I5obLDfN/3MZtjde8t4ReLQ70QQDaHG7jPTiAwJJMkFosulFMrGCnW6sF7p + uj+505uFLmsW28lK+qqf8D1qh2RlbO0tTyjNdEl63eUqQ9a6MymVeEY+SpvgEXkg + bJyqqCC4iZfO8nATxWlx8lXhcPHFL/B3uuENM7+79z2draaCgvzGE/zIY4ebp+2S + fHt9g6t+kxY+W32+tj00nTE+L3k2OOp/lEEXiJXfdf7rrJb7Mc3u80Evlw1d49aX + MXWw0nk/yUpwnAD0Tq6zXBO+lst+CIqLGlrxPbWXb+iAovSHrSj2WbmCTH2P4KsA + lC1V0rwUddP9rmdIJjbjEChCQcYOAAIGJcPGVuMeTGm5B8fXl0SwnCeSZ36RWl58 + QybH9ZUobIl0n1OnuiUncB0/bQG5wGLFj7Ett5dWBNW0er5x2eBTlQ+lEEPNVzxc + 491jO+YNqWHwL8/wqZzoid5PVRfR9f+bEjIbcFfdd5Oq8Ocq4o/heemMNu9oNzTS + XgFicp6aTdkEbaHhi+Jw01DWEIltO2o5mlZcvXRTaZjwKRL4BMmwKxfGJAYUkF4K + /OlYm+rWtv/q4qHXsejLx4Wn+pzcZJxQcIlo1c/iup+m/tOmvWhWdWuI1G9+oa0= + =J/ki + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-05-03T21:06:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//WVexFLcpNsUwSQAq7lN0M3aBVi2+V7kUcPF565ltzjNL + Q9QnEM9a8HtUkkxca6IlTFPsigCxeBxEFAvXcUydubo9xplbmDoKXas+6rjF8shF + rlvMfqsvrmb2slPdnf+/PsehWld7rHq9YjeHb9Boz1pBK+MrsIUblzEd3dDvXRWZ + 7Qn658/pd1s7G8z4o13HhzhEHQlNSRhU7RJqjVLkJvnzLt/l1I135lw40upVQV/+ + h8UUbkLr8pkhRoEeyGfWuI3Ut0d3/xFgYV//3NyYWewvp7CvKl7ITnKJI0dO0RsQ + Ci+Dp540CD292hxHTmeEE6oscOF2/RspDnu8xvQl8JXCrBIYXSJXYAjIpmFTnOXd + FddG2PuecH6lQD/U2QZjQwkfhGD86rBw6G9vtVxQY2vKs5/+0liSwMOpueCRwlxE + 0uODApzFOHiK25jK0K7in2fYGDWjWK1YgPJX6zgXeIHIgbqjIju5d9XwPcjqOCqO + Yqr9JunLWRKjal2FJy0pOkQoJ/uu5czBic7k/fB1De3Rp84Lcf9iR3KNlTnXsHqP + XoPbGmtZycvXeovh4Gh8YVPMZir9vRwuAGmZJ6Ot85dqdgHxNhW3n2enrkrlX3c4 + m+Z2xQn8fFVNWHepuFuZ5w1BoVa3I6G6p7K0AyaaBDXcxGnOrif4WYz0MQ5f8onS + XgG1DJaoidGPwCNhPsctxazcjulTONAGoLCquEidMtDSrRxLqxXL/cWjhnYphaXL + Khnio5A5Cpm+Jq+Hp4pBdMmRmy5upD3I+Gav13uT5lBf/9P+FHoWT4lzRvSIDZM= + =u9KE + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-05-03T21:06:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pAQ/+NP27FFnjzBNDhobG9wRZ/LxqhtNicRuamag/+Vq50l/X + KqRHJgf6B4mpgK26m3OmehBat/HNYi/A0ZReV1GlB2eTen7Fm8YmA0QeNuwSW5TC + fjlccV5uAwlwcCrjXFm3fngYA2gR6B1s4qesMmIycXto3KAGytWSSv2Fosj1ciEW + xPV/iY0X1A3dBmocBig+WMiLKl/3/J2+0DoibbnJd2BsxgWSVynHwHvVeud9zb7s + NpImqGOjIPEbCb/g0JqHoLcY5Wud9GkpBnMPzKDT0hGyAD/uLzsPQYKnxocLV3GS + 8gIl2Mczz3DJ7/QpupEm/auP788q9802tvaeZL3J/zVYeUCI9AVjcirmO62lsWMa + dPCurVdSrGQtDjiMb0LEEXUJStMR4jg54iNjX3ZibiWwZCmcWSVb3rTdNQ3/ulf8 + /tl3zcmz231BpuSFEL/FMqmQRyTWnhcxKdjbFQkhn1wj/zDpoWWQrJOEZPznfDaw + qmGUJtqH79aW9B/UjBT3o2F+hYTJT0C4M3o/FzWoL5c9N+BV3pkChwcu5Hpzp7w4 + af6TA32+wOGN+clDCw1GdoY7nwnIuOXdr/RsJwaCEClfxxmv4jtaoeN/jw80ZkhG + EbEt6tmK52E5acaJ5+DkdQaCJgEqfuXEbDD3Ff18ogoCRPme97fA9bT6w4EsJL7S + XgGoza9GZ/6cY1qxbsDGLfSAsO1MZtF2Tdi6VYCQrmbPpu7xIoLkSpstUErefLPS + rlhIzHBJMuevAYE3nj64ZRZn0LJntYqUA6J9wqxjFKcRooeNG/ZzHWdrKoCdqfo= + =evpb + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2025-05-03T21:06:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAEnokPN5Twc4NuFqnxUUsz41bFJAvb6Yo35z0QSONZmUw + LrdW9IYb/VzENu2kyBZjus2WzVIPkZuPNTogekkvZEEbYEtgX8zhOzw8KJREWcru + 0l4BVwK2WHhmfeLSuFg3C6bB+b25bPzagvpW2sQjkrJUStDneKwOEywgz4J6SGLj + F6Lyi085evOtfmt/Bwb4HT4geUKN2iRevWHSXTmnXYbI9eKR3peWzDmt3v1pFccD + =1hh1 + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-05-03T21:06:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdATvO0hpZrB9DlwhBc9i7ewDgHxO7UZnerrmIMAtTcVwIw + VNtd22roiR/VPliu2owkEAirTkZ2SQdsWDm0+wfASiY7D9+ZT5D5etBOwqKriIHu + 0lgBsoDwILXs93TKTIqjd0klQCoKm3XYSZpSkfg80p0gJqIT02gH+ME1bcXaOdEv + wnZyOI8apbwiRj5tx+OfrPenTwn9zBcrN7wm43RHnZNwVRIeeXvJUlj2 + =eGBC + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-05-03T21:06:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ/7BS2IddYDV/BRy+uMqpKDYNVfygxrjNmbQkmhcmXa5s4I + b04niRWP4JD0J+bu/B2gxQqPQYJym/fTKnw3PYiPsk6RmCbs0vp4KOL9aMFrtP3V + lAWxSOkt63e1MgDtyqmmmbkb9ZJBBsiCbkrSCDn4UQsjhwiTIEqqJyk9maY19+cl + XgMfY4IrLHy4LpmvGnYBrhNqEL5btCxYyBXhihf1DVePYEnCJoAxY+U4ToshUzUu + 2HttOhoE8GrgN1wqsO0CEZwtS+PeBsI4Byk7TxFDRyNj9R2uUs/2312fVe2PD27Y + OrxpuvwbxkBH+RGYPpEHt9LvZOicaVOD9NJ/31kQO/I2MkRXrDan6mWMyl9vpdNF + zoVgm4kuqqe818GYKpQoU07fduOKmPK3LsKCPKvfUwHXDPyDJoTtiMhIna5ekTju + ceFi744cfQ1v7KJdXqUVEaNX5xfwFkFWonoyQ6Q/7qZjT5LAIIvAtEtDopdTVNdA + PIEh+XMxwLeXrBU0b/9dZL/s1Jz6RhAtjM2EsJX5ufpZ00SGwixv4sbVJgXvx2SU + oosDHcfVQ0gXwpPIekxQakAqfDJrrASasxA7DrHeU7ORGMBhTCDdVTmDXBOCGok9 + pWABWZLtn3P2ituPXagrvOJ2LT+BP8t1W7yI3ifoXintcnWJxrAmH4g0DnYsoJbU + aAEJAhAw121YavqAps9R2CMrWi6DxP6kFuWfdioUS/wEyEg7oXR5OeF4FcTFqPge + 4fT4um0hM4sXT24aNmRpjOmG4PFuXMegTC5YThjM6Qgd2MDzhqe3tXgaChKvMZQg + zOWvdN3wjYPb + =re5L + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 index 91c26a3..1228cf9 100644 --- a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 @@ -14,4 +14,4 @@ services: ports: - "8080:80" environment: - JWT_SECRET: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/onlyoffice/JWT_SECRET", create=false, missing="error") }} + JWT_SECRET: {{ lookup("community.sops.sops", "resources/chaosknoten/onlyoffice/secrets.yaml", extract="['JWT_SECRET']") }} diff --git a/resources/chaosknoten/onlyoffice/secrets.yaml b/resources/chaosknoten/onlyoffice/secrets.yaml new file mode 100644 index 0000000..62ac647 --- /dev/null +++ b/resources/chaosknoten/onlyoffice/secrets.yaml @@ -0,0 +1,236 @@ +JWT_SECRET: ENC[AES256_GCM,data:lRoljPoqlfIBbOTn5cBBvQ+g+w9xdwS2lEglfhZxhw/xwNaIBmAvXky3crhAhuLawv4HIC04qQZzMvCRhNzGSQ==,iv:FfcLBPp60u4Wc186EM1mbLMqErVB2ZGjXzBl+mcYQAc=,tag:Mgnt8DdG6sH+aaoBEzwbvg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-05-03T21:20:20Z" + mac: ENC[AES256_GCM,data:Pka+RO+h27XQfnSw97nBrKc7qQp4p7oCZuBqtfNxpWqBh2XHIWVSWBgVpBt0bz/7mlKlu6+tGKifIgEoCFf8AQbCrYgYYaDjHTXIkfRf8zB3M+IREYkRBCxDm6cChf3tsPMFhiQMIZJnq9LAudBWSwlZgQrn0Y50DYM7wsph9/c=,iv:jauLcEDlD6hcSfO6jeiXmtbeH5eIyGhlstshyEFZeZs=,tag:8lRYKjJ6F5vtBjjleRCOyA==,type:str] + pgp: + - created_at: "2025-05-03T21:19:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//aSuvMP1nG0fReLpbB+LQbzw3vtIaLazb7CQDsx9W0Ko3 + yltmiGhUM0GvIMNG1NJypvKFP5prl0/HyZvv+pQq3JuVozoe7KTSKWrCJhUnKkw5 + GSljS+kBEbq2q945FgXPVAv8QTti1CSjRwtTYjGZn269OHKKsEzNoMpoBFvXCbaz + IjXy19L/CmhwIHtcmp1WPKhWseWhK5tHKDP/jRqPyFGctcM9lCt6hjRCSzKuCYAV + qo1N5TqO3S4CEj1ZM7/ZUgHvg7/nikQrvJKN+/Em6M1cIy7JdNVx/jU7C8A/mFC5 + 3rFAVqrxRW7YmTizzj3NW5lsxB1DBrth/ajuSuQ9BuCA4XCDEV1b2UnCVPwZxP7y + +qMx5Gf26zKkOw4MQdgdhthSoXxbV3r5vA7zmS7N2HjBRsyt4khLy5pj0RXOJQ0d + TxEKUB11B6BskHXTy8+Z4q59PQamjsRZwYcxDNo2SoPvgE6nkY/1suT6FH+knYPG + QBPHRY34tKT+19w6nD1HSxTZt1Q/HCzugNT10Al5jrhy1VWX3/0tPMHeaW3Ov25S + h4/nH2QNEAB/vrAN3rVJjch1UdYrOhJ5dQqWdPqd/+2neDE+NJDvJ1yTciwFcEei + VBg0ra3wpVBc4n1vVo+kpKUvqUlbqPLMGMBURjyaOSVQL1GCub3bhMiAH7fjA8rU + ZgEJAhB2IaX8XJ5sOcX+KTqux6PK2ZnDezv7BbslDNVVrXjk+dNng7HC4tLf9cdX + ykA8nrjQgeDhiWhEGkcqz+3xGq/Y2ys+nqlxGWqG3q8ADD+07qzIztWQbcGxk8Ln + 17+XF9a69Q== + =GZUf + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-05-03T21:19:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2ARAAm8ohSKiHBbmHDzMys+E55+q9Jc8+zLmfXQw9QXG4xdFj + xKlQQVfW/O+UMNtzx8YNvRzDTiLa5P7e6c9yuJs739Ayt3RDwgs1dekPp3aEeg1j + jFF6klWl8wx+Nit3a3t+DkszyDqQP0utmGXPOAtYaePh393Iw/5QSQDFslACUaxk + Y7ALtL+0OZPohYAJPUp2NAvB1JWavW9Pik62eSVDIeVClerSp6RVhEtnnxbuQ4qi + +lPCwQEeI9Tg//d1gkydenmGn4Eya2C4/GL5vGC5Mp+d6TwVLFMIF+6NV3TbK/Fn + B+kxIG9VCkg3VUdL3J7UjDaw4VTLQh1vBxVosuxT5fBFImOOYm9RThd9ontB0gIt + djem8l4paubD1Kpk5yJ3wmur9Ze9mbEM89DpIuweHROcFDzEwyeV9cxJqtWQTsfz + VCgtbAuRRotXZrOi+N0Hlu5gevrGsXCyahj1gsMeWu4ur3D7L9uDAOyyNfAb+VYM + h+yxUjxz5N5CWAAGKWMWWt0fAYlzwZF8EaI0bC5j10m8yHL2U2kN1f53O+OlC4pO + ZUIceB+F/mQS+rmynL5KWtwnzo3dVEvxPL182TJoRccZNU3MaZ0H8U9qxKAG65MZ + SVusj/b8yqGZD0dWQ/8+kcp3MLIZj+CD3UKG92iGse9GbeC2bOUMiNYUtVby0APS + XAErckFw5+VHiVvQIareeIboHFC0Kc7UfsCSvRSYgakSyNGwoHKtKN3I1qjHw0yB + e+VaS27d15fnAKg8P2d5PoRsi/+iTlCkQP8CXbKXKhBCBNLpHi7EwWZ48hQ+ + =kxBp + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-05-03T21:19:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/+IfB2GS0U1XbH7yWFeMWV+wqBmAfT+8qbg7sacLGfoktm + co3tQ1Se8djV7QeIRjjtLGMkxmdleiNB2x4fkphcr8gbEPewxuop7sWhf6WbFJPY + tbAXucBpIC7nw2jX98XRMzJN5Gz+GsQBvv++EkBmUMCbu8UIRfvmLOGBHOplgGj3 + sEfujPsbeY1I7sgVmdaeRBCFnqLxPy/FsZ5X7cntTkQKfT5FpXX+GebGiH99Jf4Q + z91A0Iy/jHAROeBMm5U/pGdJS6HV4aLEf+TQkXuNmTvCoMJYZcAmE53dP6XohPl/ + KDN60EUolwHycUtzVzt56yz/fJLXJEJSUQxuP1HyabNb60f+2zT5wWz6duYwig/2 + Wx/kdSSBajcc4vLrAl6CTiKv/UYJ1/Fs0E/gNck5Cu779m26MVdoDT4DWaAHGdA1 + riYE6xvlCJc71YAFo0cztn6XHkKiSYCfJVWWVIIrXugBG+LhQivgvTK8muNrQEtv + bFpBLQH98iUDm10GMMHcLFh+shwAocpn//u0eFZJ3AMj7UysfYnkgCs1M5lqmJAc + GEPRzVZOX7JXw0/CHy13RkkIsShhD/gdhpLnZz9zSzkra65dfzTRPyjCJ3haKsiz + ja539RTkULk8LG43V6KT2tgnTJABTcE9mazW4BACrMm1+K+R4rtXNi8HhK4GUTzS + XAF3/Q+8a42TE6UV0p9MZzZ6e/zx1XwK7PrQjupcVA1enCvtRPpynYOtf9sd0ybM + kLBSKDz1Mlvc+03ICD5fi5BwvvUNS5uJFK9tixJtj4Pbe2OWTqBCW8F7MZt2 + =4m5L + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-05-03T21:19:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1ARAAlhO6HicbMqEht30n7UZTlwlhV1pGE7M74C9oLCSU+Sph + YsJXMqkMPVzbBvZU3txCh8XJqqrkp+Ub3V9Wjz4fvAYhGU9IRck55fsRBpcVFsOs + 8vZuS0fzbQREZbGCIJd7CRzmFs4G0/VtTL2b/7lOOxI+sLAReQhHRhzKtzeOwDK1 + rjxPnhwyKeZxZBRdG6PYagXa6vfrIqw9RfJadVtjaF03z/aIv9d91XcjftjnU36e + 0ByzDx9yPNcy5efLCKucgj3QTPmPS/xIEHopJ1OR+wPueBaJvzbcAJEEn3N0yF8y + foJkX+ipaZgwIOhj6WTLtYuJiwXUxcLFevBXcdVOCN0YTFwg8CXsuXiC6Si8ngDU + WGLzONnsH71V7ecPntRblxIOdHIuAjHXwGNFWXKLSo2TNPssNlcL/T7/oiauXCzk + SrsdhO15G4EZF6oXyN3FmyqgoObuZwwVK8O5UgDoeE4Z8YIU/7lTQNAd2V7nPI8L + WHuop4gjfZvvql2N8mtVv08chu/dNg0kpzA7iQiV02EG44IuyfGJ1/wR6AXEglnx + earG+KWFnXcuuVDhIrFxMvEIK9QieVOUc2tmwx4r+wK/FI7/7oYDOFAs/ijgCKyd + IkC89eewIrv70jrrd1cCcHdR//x3f5nLqX5+Mql8rB0WLGhICE4E4AbkJzjlcbXS + XAGVOaiXynxCDzk9Tx7dC8FwIayLy9mrmSIP9KK6vKsYjvKGMuxZJUQ/uW3LaTpx + 1BE3QLU1HY24Jdztto6e2ff93stjFIVU9ONDHwXW4YJ+Uw4oGCn7w1NDJQgV + =2cC7 + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-05-03T21:19:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVAQ/+IQ1yvts/ZJnw4GAn0AkDBNc9YfoJ2hBW9/iyKl+uJTJ8 + BOgu4tbbITKB1yLff/xeGRR66uMyU6XJ/KlyGXzQIJll8tlonUEjmX6i0Krtk4XS + HOKupWmRzdh1PTscB07ARuW+6B29dOdUVgo86uauOz50mnWHCCdC+YRPw1Sygxtk + 9jqgx3Go7z8Y+zkgGgOb8MFdh3gnXw2aEaiPgeCcb/c2VTY4SeJf/tBwk98pKtFG + 2TU7o5QJCbWp78VRJbKGlc2eKFsWd7HNJcRuW+YvPIwTwnHvcM0mdb5wWVd8g3vk + cN3yyFOnOXe7iMS0S/Ab0TVYtB2MsSWewMUfcEavMLG/+mAx18J2GnVq4PQKA2hW + ORLMHGqPlsZZfxiwhBXBrWvOvUgHYFxhDmfC0UOQXIybd9AJuNMHFNI6qNnjvf+b + zXVrqwrOI+A0y0MbRnIyD/rIC+ADiJfU4HfdOp7CC1+mxo/4Kyr5N6mEBFr+6yUE + dZr9J8EV6vzFQ01rg0GTloPF28RCjglEISvaO0kZ1R8bCQ8xfeA9I4LHwr0MOBhH + rCpmmpkfNZelC1ecyrI20D1E0fm0+JswfTFETaQCphFeap/ySBy1Yqe0ofMSrmOr + 3h8ldEFqQeC5UJWapwo+Gf5WYK3e5EGnL7IiEdObKH+pu3nRAO/8sP88Ic2pSGTS + XAFsn3ckkvwaUpY38KOqglKB8ex4Y7MOplkiqIPnN1IpmHfWoQAMUl2kVqZftzAc + GrUy0d82MP0b/xAOStVkrh1NClb3ghfWsjL2ZjTLGB7O2floAfpJaNSQzFh9 + =hVtc + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2025-05-03T21:19:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//YiQTFaNjAtC4+49X4xx5wTmhasIL1who6Da82i1Y17Hy + MhKj8h9ND9fLp2tFM5UscPZCSMfQj6Vl+7Zz02kbcu+CAOcl7BowHBKrTrfahtu5 + O2lUJiURZZXmjeQNm51yCUNl9Ohh5LkiEto50kAz4P7/TWEY102z2+SaScBYJHb6 + m8EnmWWCnmwomEFd/Te3F9uLCqcwyWMspDQyZ3jZh8bcI57K7P/QBv9kjKVU9ZbK + rHMfKxcbMmDhauxQnrxe+CAY0E+iN7+smRAqa8aDk6Qe8e00agE/PGHyTm25jAWE + Mdm50Ybbj8jC6r7udoTk2K+0Jv1N/xcSnwnJ36MWwJztZD8tjEjn/bugsgG8zuj8 + R8o33AadfYh7yYRAII5m+24pCWU5EVl77vYaD8OvXAxUBjx1tNZSRuOtCH6x0ssL + 1TDtscxOX4WPBnyVQ4p7tAkV3AIyj02gA7Ya5MKjJu73KQjn4qI0G0LD149m+9tB + kakRXMnqwM9cCQ8VVg3LSk5VYCD0LuZKlBd0OdwuhuSvnd2OMSGTPlSClaCEAQha + qPrfHYwOPh0p+HwZLq7gLGNH8X4IrMtv3vthO0ff2OR3ditChama4NWHSYZ30QSf + /3jRSzmH8fvtx/EzvK54Bl+7AChlsaPqTiNyAaC6LZ87gGtHqZan74DxJuHb19PS + XAHjYPTSestwXzNi+gFBajJEjT/vHekm8RrFrm+hJ/T1XRHZ64Qi1ZNOGs6wPe5U + GifWHk/sBFD14C2YDsIOGUtbZzhQgYes7pvTN4ONmCgwutjUC9xKNJo6wI44 + =/xJ8 + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-05-03T21:19:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//Sb401ad18muH2qvpoa8HFMv0hm7YPPISmgiNs7ESb6KD + qjLTtKxTa5SwtCbFh4kNVinqP0MCUgWh5spCzf2QO0+GUpjw0kbsUgMqcXrTBS5l + 9cj93bGDEOS1unzNtGNSv6RwukLtlTM+W3Q3azi7UAzs147ThVhkKL8b/NdzF0FB + GgV7p/8qCqRrBNrPocA7/YS4DVuVxNWZfSgR5kvbDPEJKCraY4gqTb2Fj3D+vvEb + aIOJ9uGvtaqWcSt15INamkrQJx1TAarVUV6/2FO5qmgz1StZoTecOXmS5bfTTJce + LCwqCw9aKjlHK0hIdLvIWG5JoqGTH2uhLZsznn3L5ywnLB9i/1IVYYKMzk+ENnRJ + jlfRNjqDdXKLmoe1Ob3q1fVpxwqrlbvHkhc2nrQ+4Or9lcFOoschZPQ+UiEA3GUD + mw5FZQPvmLWhe928MgNJN9PW+upYGILVlryg4Oatzi8bYeji70UpQRJm4kch66dE + IvXBoZ7fQSdAlEkcWcqPq/QHZ6BSbpYONaRjVYWtgpRMwh1JH9JdoO6joXqXW5gd + BroeA1h/oIP5RX1zQpWieRP1wGR899WCydhYOIq9HyuGFKbz+fwcVJ92om4kBqll + kq8aSt0oSzXmZxt+tiA90GREzc9dcrtwTzkqRHpjck+4GMNyl3cHt3Ce8ofu4JvS + XAHtcZ0B4SA0QHch0Fyo7vC7MGjZ7aQ+s0hMwL1LhSlChBrISLRkQrqlh8foZyNk + tZAcIqnpJbpR4qQGKdGIE4eDmk+AOxgRFiUO/nFS6ZfTEZqDmw3Q+a8TxihW + =wRRY + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-05-03T21:19:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ/8DyYywkYZgeDm8C7Q4Ee3bmYSOd0c/xx95um3o0yndQCs + 6KuQsWnx/sX0AeYeMBhed5P7X0IKigF7vxgHhLd+2o/jmG2gBw9qV8LKqWgTahJY + +jPsYqQHOLV5o5NBfhv8MyOeBEhOHRRWzZ2VaqO9C8+G8+SqkOogIyKzHYou5KV6 + sI2cZs+JIFFgwiPZ1S4zgbYSley+XfjgmwV1z85KYuuIw2GrxQWaPIp3ptalAQch + N/BrD1MPk2a1QfJnJpAAEXUVhNfDQoMWSxlAT0HliV5idYlQ32uQMYMyJCotNGHA + egB+bUp3qEQI+Y+jLB26uszMpKddL598gImTp6UT77Hrt5MxL/8jbhR15XsnMChE + CbVovpOHiujAkHEPQt94q6ch8tGvfrCdaGPuAamIQPRVEkorxolXJXv1MYpI+ycp + szK/W3Rt91iJS1fSez6j/MhAKCAExhgBcILT7fypog4IbstACLArhYzlB5mry2R4 + 9JNeCSFExAMW5IVkV3fUdWWKBdqZjZFW/MdfOhYs//AfnVDweJ1V4ZAUcIfkVewd + ORmUOfbH6UwvWpywx1fT7s7BZGcJHX4R/5ARZQj6GIadIevBKljlQhR6+WDlIDQH + i0W/dFOy2f2mRvamrUBdcbRY/HGqJRbZGEml2AAlZ1IgDIhVWxUy9w+A6c+EHbzS + XAFVoUrdKIhmHC7NEQFyD2A+iFDx1EXkpDNL6mpXUaxNDrwCNO47un5pUvnVVK/z + W7wBQtDD54iOJIMlgnNl7st+Jp00y88/IWD+KzSVpArU1Cp5ja7nU2MY1wji + =/Oy4 + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-05-03T21:19:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pARAAjzsQ0wk8ja7zsgYYZLhidtGRjxkiXTo+Wlb9ZDytFuAZ + 3VxBNRZn0IHLFTmY647p3MHcnu8XSbRAWI0n0cuJ0jAkp5k7Fjw+0ZfBy/Kia5wj + TbdHA8gdmTL6kIGVmTVZW8TiZJW+5/aPSadrBatZ6Kff4DZSncskqufVZIo4jjCl + 3BkgVthj1gmXyJS0EguCnBoGWGJ4xuY8cksq1qugjbmTOxxLbtNUcc1xVUluvwgI + AjSIYDO6/CBnkjk9Y74hrCyO4VtmCVpcDHhqf0GFFGzhUIJN6v1iM3f1PmmXbU1q + mpw/M4Nidog+aQ9jWCYsonjc4UMMUDf1gOIWyZ5tMdJFo/92KSyY0iUlzyOcE0sx + HloKyWss+Fw1A/7YcHFBCkR8VOWbshir46P9Rb+0fKFzsuIRiENmzQ80Nr5NCVFq + YeoVxqXmggd0XPZOvqIsD3Y7u3tp+tYgxjhwbYVWX9i3x/dviHsPmc1ZFFHaeXlC + 1R+Y3454akuAEucj/Ju+fZgWCipzPN0/5OY0GueJGOmozZEOKgcjx3bJZwipltm1 + caUyLuruFV8RXXrqY4AJ9Ovx4Qb5irsud+gN5tsDi6F0Anj0N9GaC4q8SwX/xl6c + w0DWOyLAn+5gRVKVVg2jX/Z/wUkBjJ5YHTyeVEqPvwtIUzc4vaXYHmgyrejHe2XS + XAEoKuA08Zmu592SqUEpcwfn4UkUC+HU+DWtcDwBhMraNFn2bQQmwzMT3GE/dkiT + 4FP5Xhm0UTbUbALPPqMEu41uGeUF79LG9EIJssU3r1oSzLRH86PdMYBE4MEl + =7gGA + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2025-05-03T21:19:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAhWNV26+MQYLWmFFUi8AZtNk8bw2CXuNoaRARTjekGB4w + FbNvRb4cxWgVTWvhb8A2O5WJdFiOyumxwY7hGgxwiKyU02D8xR93jbQPHKl1hPWz + 0lwBRjANXKsKrh0uIeynm8hKEtlfn1sfCgucb2qd+oTab1mgoUd9N1o9Q9T/vHJF + iMhkCXnn+uugN8aaiM6jW86qY2Y5elDPICwuF/pvm6bcByfmI6pF3yoY0MRtGw== + =bZKM + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-05-03T21:19:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdA9aXqXY3Szsy1SRsll8c1df4hXRugtfdvmNwr/j89W0Qw + WcvP13rPtg8mFCePBp9yuUo8tT4K9dSplJKOl5l1xZpT1KyhxNO/1OtHhWdK6UsY + 0lYB+Njc2aP4nRm0WVAjDkAI2C/fb2vIoC4IHC0SHcvrIKJhkUMaYH4j8fzr77Oi + deA9DLhIAAJcSOEdj+duuPeq4j/lPf2amOvjeePnwzM+ZsByWsf5vw== + =KKcE + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-05-03T21:19:31Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAzEzZZIM22D++beNd+noXbsm0dVWPUPZsolGraxxVZK8+ + 8qXCNMfxsids1yra5iFeHm07U+6SmtL9H/v+qkv2dcKOmjZSB+Af1iskoUv9mT9o + ln1lgdzhSyGhGl7yl/jsT0KWS6sIVqREfcZecYz6k8id4YhR8rttKnSX9Ltn1RTT + 0ujoATzD60JTtgV5jpVJvQxZG6tm1p+OY9lv/d5PjYD99iQXDMzp/tmaGkZhAQuS + sArD7IrHdf8cj5M52IFG+f7cIyYWUFp1xKGQKjPDKqlL2s1B6foT0UQWFFKHAqP0 + Yliuy2Pedb6JsIWwhoElY/nv7JUjyNgNUZtO80brOxTEhyRjUQJ+7ub/R4vO6Pml + mKSivjfAe7mU8jg5y3v3B6AoTu4mPkEYTKqKfR6ruwmA4rSRkuOkJsiOPFojTeEL + 856ZljSkq5PigeALCREu6LOtq2+IYNCeDi231nHe+YafseP7GaJkc0XMe96Q3Ndk + dB/kJWyuQbZoc/vjjlWPrGifemwwLGHwX57nsfiYVZmeGRtggKioSHYrqjTY55zF + c0wjeOy3cgf/lX9IRQx9Ev3nRZD/Dvb0fp43t2PXCZgukVgmsNMe+lF+G0Yxa+uv + dS/4CghcDQ7BolVOt6Fh8m4mgNU/ghM6L85An3Qo4FmXwMw0KMxw4BfhiYPgO4jU + ZgEJAhCPSY3mTIkX5b/Z9gMAx0pNO4UKkX7GUGq3xOnMWxjoxRDA0hhEddDLdHkY + SBAf/3XqrRF9o0gCU2MQon21v/LvHfn+r+3GZJY6vYOcJDnZxNxKytJXY3O6A8ac + wgVobOtSYQ== + =Q5Ft + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index 537cda0..9484c29 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -6,7 +6,7 @@ services: image: docker.io/library/postgres:15-alpine environment: - "POSTGRES_USER=hedgedoc" - - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}" + - "POSTGRES_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/pad/secrets.yaml", extract="['DB_PASSWORD']") }}" - "POSTGRES_DB=hedgedoc" volumes: - database:/var/lib/postgresql/data @@ -16,7 +16,7 @@ services: #image: quay.io/hedgedoc/hedgedoc:1.9.9 image: quay.io/hedgedoc/hedgedoc:latest environment: - - "CMD_DB_URL=postgres://hedgedoc:{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}@database:5432/hedgedoc" + - "CMD_DB_URL=postgres://hedgedoc:{{ lookup("community.sops.sops", "resources/chaosknoten/pad/secrets.yaml", extract="['DB_PASSWORD']") }}@database:5432/hedgedoc" - "CMD_DOMAIN=pad.hamburg.ccc.de" - "CMD_PROTOCOL_USESSL=true" - "CMD_HSTS_ENABLE=false" @@ -35,7 +35,7 @@ services: - "CMD_OAUTH2_TOKEN_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token" - "CMD_OAUTH2_AUTHORIZATION_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth" - "CMD_OAUTH2_CLIENT_ID=pad" - - "CMD_OAUTH2_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/KC_SECRET", create=false, missing="error") }}" + - "CMD_OAUTH2_CLIENT_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/pad/secrets.yaml", extract="['KC_SECRET']") }}" - "CMD_OAUTH2_PROVIDERNAME=Keycloak" - "CMD_OAUTH2_SCOPE=openid email profile" volumes: @@ -53,11 +53,11 @@ services: environment: - "POSTGRES_HOSTNAME=database" - "POSTGRES_USERNAME=hedgedoc" - - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}" + - "POSTGRES_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/pad/secrets.yaml", extract="['DB_PASSWORD']") }}" - "SMTP_FROM=pad@hamburg.ccc.de" - "SMTP_HOSTNAME=cow.hamburg.ccc.de" - "SMTP_USERNAME=pad@hamburg.ccc.de" - - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/smtp_password", create=false, missing="error") }}" + - "SMTP_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/pad/secrets.yaml", extract="['smtp_password']") }}" - "URL=https://pad.hamburg.ccc.de" depends_on: - database diff --git a/resources/chaosknoten/pad/secrets.yaml b/resources/chaosknoten/pad/secrets.yaml new file mode 100644 index 0000000..c04f9b4 --- /dev/null +++ b/resources/chaosknoten/pad/secrets.yaml @@ -0,0 +1,238 @@ +DB_PASSWORD: ENC[AES256_GCM,data:jV84d/y0sBF1SeaNB6zj4EvRHiKLks1T,iv:mPv5cuy/D1961ZAoAkp9445x5nov7mMfNJiikiwsNcg=,tag:vxW9JYm6FdCgKc4lTqTZXA==,type:str] +KC_SECRET: ENC[AES256_GCM,data:S0/V0RYvg0BsnZCZ0itZYirG9dHJTpTzYLzmw03bZzI=,iv:3bDIUZZy65hOnScIVO3opXz/V/0p0UFavu8XfFtNqjM=,tag:0aYfiIOBzUu2eQOb4tjA2A==,type:str] +smtp_password: ENC[AES256_GCM,data:IfDrD9C/64fya4iOZfzW4V1WFxgtNvW2Ww==,iv:hegTsoGewWm693G7Nt6dVsTEDEUwEWAd9zpiDa8mZJQ=,tag:3Jurd4DmpvIGL3g1VjXZTw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-05-03T20:39:05Z" + mac: ENC[AES256_GCM,data:JYRoxtmv+WidExD2CvR/6NGHcjTHHUMMslzZo3dB2tNiM9RiWJt+SW28erGt7rbqNYGfKc4jgQTVBtpqWksS0oF9hARAoBm3P1ggufTo6YhTGOi9j2bzcNlE66R3ak43Z9m9HkUzDsBdBU8cb6n5PTGTge4FUDAmJ4Ab6729JGk=,iv:uNuSWbXHBHYPdDsc4uSP46HS+hgUZReK7f1pLx/bBrM=,tag:IiYUq86/eShw+/E799gBcw==,type:str] + pgp: + - created_at: "2025-05-03T20:36:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//eXkOeME8b6j88gPFg9TKzqBlmf94xy5iArfAoul5ytNY + nqX81BIbYAvpI+WrHdDVswNivx1zl6tLmowUAzGbO7p3ANveGbF8TKVwTzTrol/8 + rXuzwzGnBV70UldTgXQIyHpEakonhun5RUenM9siU+W0SVSqUMZ1IIvEcK1aZoxy + rmHxRP/5iC1nW/yy6WLUBFvziDE0zpYSJgyZGcIUsUireLmHTOu7xyNm+aIXEJwE + 5+RxRDGuBAaKNjJ+hO0BCitGvlbgyGfjjaWOAc8PxrI5/qG51TwghJpzNixb6V/J + GWW9jR8K2yAWktVYQ/IDkZcTJST2/n/X6JRRvgGZinYFdIEuutoRtrugPeM6JHF4 + aFa2uPkL4YCTiteWWn5HeliqWZQEOgKi93AvKrihtcOjIKtpgGlugyhDZnWW5nP6 + KVkPJRHEdalpvGP4ULX9qeTl/u4D4LBTnkEkAaj6xfqo9KP6cqztaunCDeDW7Czf + cWquEFxuMAoZIWLKwvpC/n1VbPUgIuPt5qibdUoTvQONay4aXJJbXdndX5HzvDhP + TcJ02DgLdvD9JYQ2NPQyFZNib+MJzrZKoyqvnkPzrFAzBbVy0nDesfanUYjW8Ixj + yLHQgoanASwqUmEvY3x0QWSc4KpcV+6AuQCz7eoNbYvVA2oaKS6l+5dQ1pT/WAbU + ZgEJAhCX1ElhAmESO6+2UNYB0LXhrxH0W+xOikEuz1/yuDVImtAGN/gOnkTjtm4k + LoXvPoCYoRzqAzYoefzHpAuto+pSt1vD3mYJvCEW7hlHblJEYLzVp9UhyNHbYiz3 + SMnUcl9tRg== + =y51+ + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-05-03T20:36:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ/+MkzGc0xUFV4nVEQLCY+/lsW/UOJE2i7gHPVbq00XUBgJ + l9kgE56aGuCvz98HiG3E8R5J3BP3cbdXbr1PrWF5wjKsek1pzmTwTWpa5wZ89osN + CDn2dhZRW4ksqYvgUrKdx/tVfDR63aYdbvTU0w5pjjCRev5DG5FvfzvrkEZV7TYQ + 7nVO3nk2p6x7cCWhimKEDc77YNg6xs41APQQANzPdGByJYY971lGYCgbi13ZZhXe + o5NLBHCIWZb1n33wdX8UsafGlht35n8CJeedYa0fQtH7+extw8kPDq4LXB2LGT23 + x39u8+ZLqaGmQD9c5AhGmZvRxHCkm1SmgrP1jNKpp4qB2wOw0CMJ6fswz5uZYOBd + EwptUW7z+RMcwicNnZN7LCI1rMvqRfzoABfg6tCQBr6mcPTKjnhsGh4rKeMXXpz1 + e05v0VPuk1Y/+T9reZy2ydEmxWU4T6OGYFYCvTCpM1SV4ovicW8Tdn/qrLU9ZEGD + jaU1XouAIuzI4v+MFvu6qHCoE4Jg8uiSItoDPpNXaY7MehM+bJmItpViujQIvPRh + 4thDnYI+o39NNAzI/RpPGhBvsp4n87GPNbzBu3uk9iZiC++xq5w5ed/bId2+yCEq + 5snMq6gwZxnBBFC15enKy7Y74Wy84nywrsCWBwZuFiLNscubBetMggftwJ1Y3+3S + XAHq/rWA9IUNaFhOabMUezljD0f0eVuirA0kyIUdg6WBYzQXuN6Zexevi+CwtsCW + KQbAlcFilZnXBj+PNpUfkRKlpKeUmfs3qpaiPtPBBHvFfkOXk10QqnrbMmjG + =bKDT + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-05-03T20:36:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAAnZyTwARrT1U4Bi+EmQ9ILbL0auboxjkYTr5btaueFJEv + jBK4URpaUHlcnhT83Q6+ap04lqL+8oEJWWis83sQ0vu9PgdyNdLkFHKHnbTweSbK + V4rqqXld1xfj8vovluJZYdflADa981Bzenf6BNUUWv25p5Pek6M68j8UN3XVXIHx + 2GO6dCj7jRMh7+VMpsyXaXnwtt0JnPy29sKWDRQGjZTRG83DXXJNPWLLD70KS8Ib + uBTCbjOEhF5tkXxLo+3YR5LWit8NNqXtCQl7L6AgmQUz6zNzNnoTDph0T+F5FGDe + ek6qamKeK5f+GnZoXZqdnfFKEsleToo4r7RcYSif91ohdoQF6Wbal+mrxb6Xh5OQ + qsLgXcFiT4l6Y9AYtkjYj7jrl1W9FABpSBxzimkhuMOqR36Ah5SN8tgSUQF3cXoT + 9zi5F5kkvjotaGNEDfMiX4pZhM2jgT838JXJKvIyFuyGsPBNLt/ULX2r8zWD+Z0f + OL06XRKi6aH8zOKRNXGZPIFO5xbxDuShwWWxiymb0jDLPhH6GWLFvw6VYx00/pT+ + JDVbeiQR+sn8h4j8TChqlimheqgezcLp/DSEr05nnfmqwlKrPkSwPy8nffMnq456 + YtQQOyCnnCXRh3syI/kTVrRWlPIspHc2cJSfA2gOtsDFWRLhH40S0ut/3Y++YeDS + XAHEDLQk0U5pRJM7SEpcTNOzzgfFaDL9WwE042BGDgxCqwuwTeqRxhs1BmcP+SEI + QOT87j9bKOQEFt4cIUnQPjVVJnuJRBqx6g4Q3D2Vcs3SZ2vdCrj3mirIqGeZ + =p15o + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-05-03T20:36:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ//Z3mdByBfD+vcDC5F5a4IaxbwQwgBEez8OOMg09SgU/Da + yWKdhdFGwxYP3seW2wRTa2Z0f+isbEeK3KQby2uOOcaMUWVJuxteEXqC3BAz8WPx + ygrcdgGrgQLxWeR9gOsxmal+TCzMAgMxwBS1G3wN22KQZ8nZ3qHKwVe2W8bNjSgk + kw4tHRoeJ3PNArqQZcdyP8QIjfzmLK5Q3KQr1Qdh6lu+Ild7GlX2444BmZL/Ccz5 + WG0eS9TwqoOX4YrUgrY6ZNHhWe7lWW+0CZlNhiOG4UdjstFkmHOrb+kbsjMPKXac + qHOmIN+YnGQ2RYP80n4t27SOot+BuOUmfM3w3raqokqftwZri31RLEWm0aflX5DC + X76f6QIgcjk/0PmaevqO2rv5BdsLcoQzqcsGxglIO2owkypdQkzbM4kHZs5mHP3U + dzGpzX+nJGswgT4mDB01E0UPretR7ERRBLr+mJxJ4v/tjbNj8pcogTKKGQ90lxd5 + zDIAYMZtFPcsV4QkSqiodrE3nO4efnWCL9PVfmES+DmHbNalNHaN5Ir/cpC1t8qz + XpWMLoObralSAN4lgpT/vR2c0Rkl3LTNqZY3OHuOsMs8R7Lii6GkuiXAGX8jM29D + T7ANrajh5wMTYW+fkqgKUPO8m4PuJDoBxQfPLiBsnwYzw9GFeZepzcOX/5i423nS + XAEf6cMx5rkkwnkJXzD3KsbbCxFlyNzAiCbv85xrgwHk0qI6bHEq/zBmUKsUMYUZ + QnCgIuBHPQWG2HfdTJZU2Npm6R6DQYsDc8S7f7CgFgUOCk6Du8iG10kqiLin + =bbHQ + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-05-03T20:36:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVAQ//Ugz7BgmKUpXYDIgOdebqgR/UIuWY7k1ZtizYh6mZwPxX + BhSKDuriMftJ+P1+nKdyD4GryzA8jbHuRl321JHjo0R1VztybJmso5Hd9/TRJilo + TPENeH8q2NYH7ULpLNuLDXBDAsiCJ/b53fKnngen2rYJxnMaSxHHYuZ12L2vkZvx + W6aH7s9HxGFxo3k3iO13ve/oymoI4oMkheQ41bmmQTv1zZXcuxbFHzSIeaEeZWG8 + cCEeq0asvoLWdXdXLI9ISfGpuI6a0aBd6zLxfmS0tkQm6ziNC2ZCW96RdMGWgqLD + M6mnLp3C+bq1RL1q3RYJRGfTMZ6KvxSAhtegoe7Kd+ZfAvqkRejqV0RwpcLkm3oP + eLT0rFToDdlipoyND4pLzzjTgpBKfVdTjSStNqVjx4M0jq/X5bPAvjp8qpBqhPTo + DJbKjVJ6QnSMDQiwt+uKuG1nn/4ltYz8aTbDMYedFblzjmxldY5YqqqIVag0iWR+ + sRLpcWJRh9HRcSyF7hC4XiSWEo5ykjnHsiae7PIzfs7JlGqYzx1+mMjaFIrto333 + llS1u8rBktBuMpnj89cBKxr+GeHbdm6RCgZ1QFO8ldqDTNA3JfvqaJL1hZhU0Fkr + wDqhhzxR0DyrLxMu8CI+pnZkor+xoMi4aS0AsD3RVpvK6Xh/ontefmwDTGqTyevS + XAF/Lx9HuXWD4sWWmn0xdR/my8pD26qJZF/Q9Tn6cMTJGT4SzMeUMhV/hFxTMaOD + M6qUI+VZRntmO6COwUDzaIIe9Om/c0Zi7ciEiqLRtVYk8P2AVR0RQvMLl1pP + =VH8H + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2025-05-03T20:36:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//UxOCThA92qCY/zZUmiRlPIyKSWb5EgNzil30oaXFtVs0 + 15ALJPrB0vZj896/pHGF8m92ubmdbikaFYVeZRewLjR3PXzwYfuErbirWJt5v9c5 + tbedfTCQYv/nYUxCLuU1Cqd+7TzYsNm6ekBHeAsE5p3cVQtVWtJCp0OMIj5KBDx/ + MuP9+SdjQi0r3rtklqY1gV744uLBMWCHlqlCy/aKlF3+HhEDCrx0Ir8GMh/KxZIU + iwsD/gxKBQ9K9H2QVf7XltbBVuaYIv5af0VwFnnmmfE290ba3EKsMcrY5cPQvfWX + /oMF0Ox/34EGcAORJ54+IHer7nc4nXKt8IP+jvgrM7aTxxsh/KSCWPqWdE6KAbty + 97/L4ziVJoq8lKGW1pl/S1M6/GGfyC1T732kEF0Q3ewcTIpvAZGII4+2ae8cwrG4 + H9bHbfsMn+gOuXDfNmsaLYNnupLC3h1LGzmvQCDcWMmTvX6uJo0UsPD2TzPkGTVm + T+ipF5OTXn9lcRkfBID+psKynLOFAU5aZFnWeD+xMt4KF2uJzO9wREzkIjj0/H/M + GljnjX2ZrzyYu/W/xO/p9clefAFPlvxx2JM9FkbqcvlZQus6Av59h7lYCz7B9eeY + myDLlajpxcfzYW0Fc7PPION9LAwN7uQqgTOt/z+2CirMVNpH1DKu2EfdPbH3dQHS + XAFuIZ3myamt+tfhN8hqzf+ICQGQvMxRuCNH0Hxg16104VnJMX3DvaGo/3m+X2yj + T3h/6BlLkxtQ7qOYULHTYh0p7ZOvNu/H+I6lGsthWsHr2AnjP0ZiYrpK0gLi + =Zujj + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-05-03T20:36:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//aa4FwDb6leO7mNh9sOLIxtCrhaveW8LFu5deG8vD/2jl + iVaGjT7g81UlkMQoTNDUoIWrRYK62h3BTocmhCoVwRqQtG1gM+iL8x9PeAwXMwwg + YQcJrudy466elBqo8+iBAqhoVUu+40aW/f7sp9ZtNJciH5NFDZsMrViXtfIMSAeq + VC5+WgyfKLRho0kJQ27qtsohUb7DmxosmtDQz/Tl/TjSD7nOGsuFqti7Qu0f7ZVQ + KATNif4B5cDyNJEb3DCDlgBgZb7aPsFIeE63vZVywdaRum1+Uva+PvvNS9YhHxb+ + lIFmCbMm0V5cJ7Ug11J3ObbtkoNf937LViJkF+KeqMuoap7jB9UBMSdc+8GUlHUR + hdipoKVpjwDmeMpTOA7xTUsdO+9XCgkY4La9F4ToJE/n5X4xSSpdIZxSsH23VxW0 + BKuwWqDrTNGFzSWiAM5NLWco7fsCO8nHWTJG6jJIO/A9ZcUCjHaPadvaT0DwhPZT + Yj7dd8OBs6zBHO8b8x8a8nfplqcG55tVwHOeGrZe2PUlxruIOwIbT3cJOUE7ZUqT + A6InmeYRiL/ZPCpTwld4/8Dc+l+rHxgQI0L6X+uY7K0ioN2TaZkt5VsVhEHoNT5e + uEj6I6b3zEvpQ2JiNZI83nUaQXeZZB+RQ4Nu2hmomHzcxEziHxg6Rw5LNMw8x+fS + XAE8OHA5iDOYlIKO1aCuO9me1yQjZGK9HoVXbYX6rVcFqavePgczxDNHAtTJmK6e + cJGf9OX1sZ1xvJlRxYGsNdTfkQQk/agzSpy6DJn6rhD74beG/QMTB1yfiMYI + =dHLm + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-05-03T20:36:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//eqfwau6y/7BUV8jJWBc7a+2qqXFRD2EFTYEi6Aaxo0Yg + XLV9NLQKOK0jakV0dGnnkM25aSdsuvQcM3Mbj3hHA+9vqJipYVbWTxtn3JR2sOcl + FiTtbie6Q0axkcT4aVXdUvsNA03Mm5SSDE176ZXYdoB/EdbTAL5AlhCohkKRArW0 + V5CNzYj9c7WyNfpMgoyiKSGRcKqdKfYXRjN8a+6VX5tsclnE99NO2YTG9HQ7+9jY + 7OJ9+zCnPX0viR6F7bb0M1+wsP0S+5zwIsz8OGw3hfXvxvwoRNNR+Sf47Oy68Uq2 + aePW5H0eNBlEQ59ec2Z8PEEGHOD6L2qGlmZGQPNlHPgcsPLz0/f1W7+t4xrX7LbL + twsXulcdkGQKmi3Vayhsz5xLOAU/kZ1lVOBlHSq/XCbLFcrz8BjSTt/1uNF4Ltu4 + kXGkxme9Gig7Xp2VeaLcZxnHlfZAVQMOb+orI5obptVZKzMBAMDkh0v0YOt7GHdz + pqr6TB458Y598ES5PKrvhLvsrk6hy4ZbJE1txu3Dd5aEwa3ROoWBvdkhtUghfibS + byXZ2YeGeeH4OGzt9g/CS7zbrcIQhi2j44Sq5LB2jpgLqf4wvpBnCJjyM9kB2OyW + qIxK1J1wNdBkTjAl4okZxByyK4k6KfnVGnsK5OuhxRilm3/8mBolenzmvWxZGujS + XAFRolCuiN8U/UToZEgyMGyrSyEDuNwoVAp5G3slBe4SJhC23A6o8wZpziBGs+ot + mwoCgUgMeabC8DNMRGFpaUA/5k4zBIjHG61yj8rM57zRKa/F72Ma0UQquH/l + =ENwY + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-05-03T20:36:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pAQ//UVt7q8e23s3x1Sv+84yZtHPgWIupImeKABHkxI51ry9O + 80tL7+aC83MEr54BIou5ktHyBqqtoH7lRGD+z7eWX5F/YtECyAn8VFpZR6cVntrx + x1BYdRhggCOFD8otG8kWvAiL3Kd/sEISoF+rGIojUGO/qEk4RPfFQdAeSYR5xMBX + ne5zq6/SzqRM0KMWKm4fgj+0MiFBs0v5jLGNYflCTOhB4c+Cxeil9IjAiPFv0vhk + xZnTdQwc/jkDZgwduM8M8tGglA7iXUGQa/vee6YELRJzpOIHqcIHhg+0lZkrcDPR + tmPa+obM+FwTqEXs8TB3VXVzMobgmKHKQ8E/rebzfQXnBZH+I2DX6X7m0aRMJ6SF + fclMVbBx5+80dA5PDNSr3ADmo/i0qjrqwftIdf4YjWLrPDt4/sww896j2dOxnDaJ + aX0Y/xOR7s56+eWiy2EpPZSLm/GICQa9IS3AA7xEKc0bJXEVopY/7JTmeqXSyavH + WetWwyrpIeDLriaCJY87YzVYxv2T4K1kpNb12Cz7GZ0lA89nEU/TIVgoWeiTiefF + dReBGhVIG0nJ4EvzsH2MbANJx1ddwn4vU2jpyha/4UmysjA374RFkUtYzFE+E5IV + P8g0HAUNOgjmmB2u75buDMJ5A3LXzQHwnQKhSI6b81Pdf0zIbeSvQUZ/Qljwg/rS + XAGWI7LoPEKgXze5em41kkGxzZye/pOCpweTShWEUhARq5KOhNJmk58qzAyq3iXz + PyUhW3C0aBgheZcgTrSX0i7JdcKp+ucDb2iCXI6HD/4GvUr928FYaGVhl29O + =1k09 + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2025-05-03T20:36:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAZw0B9Iy2Rq5eCe0WJsOkTdH0tuHMoAs71F5ChQm/KQMw + YIEEXAmMI5Ma+m41DL7glPJ2wPn+jmhSf2B27ZT8tW/EJjeOsrx1wjKre9lSZxRK + 0lwBeOY1Btxg51qGU4ZBJFd5yxb6ql2THEmn6fzxk5zah6KI/0Z1bixhTzw5wp7e + uHu4gU46OlX6cC9RPXZ1QxwqS5tLHhdWhM0gySP6DI6m3us1mWXxDnUCBBEAdA== + =eyF4 + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-05-03T20:36:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdA1rqOtvRBSNHEq6Rp0hMGnsI00gFg6ybh/Ub2q+XpjF0w + zSCooBTjoJnYzeFia8iHGfRcMmJ82GoqKkwCwb9SBQkF1Kh4M6cWjboWhLQMJIEg + 0lYB8kp3sNzHdrbV4XVb8payG7mPljnRs6O8LKlOM11ibXSyy4upOY6/p9/Aqkmi + u70kq8RHtuBe6HKJTYMtWB4yNkm11+f9jq4qNYBi3vESvyKHKvI3ow== + =wIVr + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-05-03T20:36:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAtYkYbe3GejwxxFd/YxX/ioiQyBwNN1IMB998iEponrlY + AbX/gYiKl+7NHYfnmU19tUStxa9di2CIjBIhr7adU66Fi6pfcrab1lIUtvqnhZ+m + jqz6xxMmlMoot5ml+jJXyNL2IvlHrumgWg/FL08It5mGePuMJ3RcO1W9J7zPqgMi + w3YGTbtCBSM2xF3Tmvb8BxqCHsZW5RPZGhB1iwx5UHl8oGsJQII54qsPAqIjFkhJ + 8IoAGecePDtihHKZdtqGWspvvM4OkcVTtrfaWp2cQX3SvDY9Szsr8AjSpQxOFWmX + T7t+GKFf0Pr/IY4oF/9pXOqxvU97G9xhCpNVj9nGYFSGFmqsfpysnzlnVH8Kaf8Q + lhhMcX75VvHgDjqeWtBtZMKSIBf3upw8EnBnOKAh/YCqrcBfU3rQlzWVrl68iOof + BhEwER7vYt9WlHjAelAJ5F62jkUiEL7Vs7G2B83djujxQvfaBNN/LU9Ei4hmMY9O + iusAcLlt89ieM9l5kRIhqi06eB0+FH4mH9sbZAJH7nxBX4KUk9yQbBZlYPMINJRh + C0R2kcTUJf78YxrIg8SvfCVmCu+VWpswWixy9502QnJ5tQfriB9PnTjSlIgQS8Ap + Ewtx+tX9/bme0uGsNhxebdtD7YwW/8T4JtpAbNa+DfNpueHZ5zEKIzuPr9YG2r/U + ZgEJAhBtkp4BuFmu90jI1XlpWdnDzSjSqi324g9b+WCHQQ3iMSm4ExdpEePJO+zH + KGDm2seQqMLfNNgPbkPxZiqKg9CbAOeU5tc7nBoQPyy32gFXFYncR5TVlG/1/mcz + GFhe/lc3mA== + =SLez + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 20dbd9c..3707225 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -6,7 +6,7 @@ services: image: docker.io/library/postgres:15-alpine environment: - "POSTGRES_USER=pretalx" - - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}" + - "POSTGRES_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/pretalx/secrets.yaml", extract="['DB_PASSWORD']") }}" - "POSTGRES_DB=pretalx" volumes: - database:/var/lib/postgresql/data @@ -60,7 +60,7 @@ services: PRETALX_DB_TYPE: postgresql PRETALX_DB_NAME: pretalx PRETALX_DB_USER: pretalx - PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}" + PRETALX_DB_PASS: "{{ lookup("community.sops.sops", "resources/chaosknoten/pretalx/secrets.yaml", extract="['DB_PASSWORD']") }}" PRETALX_DB_HOST: database PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de" PRETALX_MAIL_HOST: "cow-intern.hamburg.ccc.de" @@ -90,13 +90,13 @@ services: PRETALX_DB_TYPE: postgresql PRETALX_DB_NAME: pretalx PRETALX_DB_USER: pretalx - PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}" + PRETALX_DB_PASS: "{{ lookup("community.sops.sops", "resources/chaosknoten/pretalx/secrets.yaml", extract="['DB_PASSWORD']") }}" PRETALX_DB_HOST: database PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de" PRETALX_MAIL_HOST: "cow.hamburg.ccc.de" PRETALX_MAIL_PORT: 587 PRETALX_MAIL_USER: pretalx@hamburg.ccc.de - PRETALX_MAIL_PASSWORD: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/PRETALX_MAIL_PASSWORD", create=false, missing="error") }}" + PRETALX_MAIL_PASSWORD: "{{ lookup("community.sops.sops", "resources/chaosknoten/pretalx/secrets.yaml", extract="['PRETALX_MAIL_PASSWORD']") }}" PRETALX_MAIL_TLS: "true" PRETALX_CELERY_BACKEND: redis://redis/1 PRETALX_CELERY_BROKER: redis://redis/2 diff --git a/resources/chaosknoten/pretalx/secrets.yaml b/resources/chaosknoten/pretalx/secrets.yaml new file mode 100644 index 0000000..8a9996b --- /dev/null +++ b/resources/chaosknoten/pretalx/secrets.yaml @@ -0,0 +1,237 @@ +DB_PASSWORD: ENC[AES256_GCM,data:JsoMNWdNAMTbiJWuaD3Voz7gJEUK4f7hrA==,iv:HRDsw/mIcCAMzpr02GUAFKby5w4r6zOPYqUYD8wDi2c=,tag:c6f4YjZxTORcDCkvztahRg==,type:str] +PRETALX_MAIL_PASSWORD: ENC[AES256_GCM,data:DTwMQu4VRWkr0o+7Tw9PFwpDXTnOj2k7Mg==,iv:c2iwnymiSKm079edPJw/TvUHV2mDWQFbRGBmibBBQtw=,tag:7VpRWhU1E3+m32KG+EDR7A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-05-03T20:58:14Z" + mac: ENC[AES256_GCM,data:67W/Ho+P2g04EmcVF78thDkibgeelSRI3WTyJu3mhhpl5EwXFiPcNjLe0ND3XQxWjn4F5+TLP2px8aY36upmXHIPys1ZLYL0jipF6FQI+0C2bFupOKll3/sFWWCp+51f59LDI1fiI4Q8nIMTASkieeL1yZmMHgrAV4JQyXjlCgU=,iv:cA30UqfF6rX1fxXiAx++kZwh8+EEPjB9+BGerCPdTx4=,tag:r5Yw3OFq3Z6KZJb76PwVcw==,type:str] + pgp: + - created_at: "2025-05-03T20:57:32Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//dOAMC1Doyk+FD0WTNYwmViJO53QQy69n6oYJ51+qE+zc + 6IHGmh8wAWKnmy5s0v5LJoewMf3XhGg5sIoXuBj5OBICKSRRGozzYNJ1No3py3PE + 2ml6FI5SAja8QBQzNoD+D1zP9ba6xYbwfkx2DA1lpBmXpVQsUot4A6P5WQHbH3uy + 6wpwTlvYNNm4SWuH7yH5f2NfYVhJqaKaI08N34mYQ/f1OuwjWZGpz8jjt0AH+aGV + AcMPEXQjHgq+Kd4EHXSj7YAR41tiPJhYzdpYOQ1XX04JaEVMCG0iYfrfbcFtbiWn + YZ3Ro0hpGpND2HJEB+M8NaOf41k9z75KTtGsoJJUIIWoCkdFxeMh7/UbxauVEV7M + ussl7Jq3jbwC4zvKzj8T/es5w4nPZ0AGzz6Wd2pmYuy0sdaOczEbVGlLtACTaHB6 + B/LXVdlRxCQxZ13ZQwMTDvdvz30sl1wFCh1MtVXQGNS4xEn8gufGgcgiN2H/OHRe + i5jK7ibeRU2aMPD75RXhSGNtN53FINAxkSa715inHFQVt6fXH39eJNLoyX7dZb+W + XsiBwjIhW5qd9rXEqy1W7QIZKA6GYuyPaBgpCaaqsTK+6kXinV4xYqkSghrodSkE + oMc394wMmL6CYiPDRr4IhjSjFTxj+5AKkJwnYY+rKFcPD8qyWYI18E9zvgYNsK7U + ZgEJAhCf1ciUAngZMQtVrIk2NqkzJlwPdw3OyisZxsWsZcSf9zmIHA6uETAkwHWB + IGh6dAB4TcQUjj7eTDVI8kYd3oaKwrQMGhQeBDfOA8Kl5d03+WwjMTozwMnk43oP + 915KaE3I7w== + =lM8/ + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-05-03T20:57:32Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ/9E/r31WwmWMkqOIvNHsCPZKYn9WaL0L7a4fbXQ4CdxKj9 + 0/0aIHz8B0G1BLXavdQnkFSu5BvLeaP858BXtP7R+IghzMuXz77i3tyszXU1MZYT + qQ1JQxj0e8LUw0E0FhrsopWWALZ51TruW63JQVyJNVhyRUFrJ3ejGuP3jCJUmNRS + NfdWoyHHOGtdXHk9j7Afwg2xn0ZABObCD5Epwlns71xPe/sTDzELRbY2S66yhd1N + fmOgw7FrwjrRrtiFarhFY0gUYEaMIZDndOQrjhBbR+G3OFMg4ia+t2xH7A2y7Pj0 + E1TcWoeZH2Pz3A6C596lmfXO19AsKy1flfMvugl1o33UsOYqSxu45JaFX7BEJBDW + wUh9lCkGwB7JM6XjWPcgrtLutOELZFxVrnzrNtJVSq2j6uhEB+Eh3C7c/iaJRn96 + 0x7yl0Va6X6/5NAtGpXpsJaQtz+TFe7X4hVcOEJX2l1qpPkjRcE1IczJFjyYV8TL + beq4qV81AL/RdR+HDQ1nGsmunBV/94UMG07GhTYjNm0QFWM2IhQkgs4oHeBeSqm+ + uXVpY+SFFoQto9+YHX7NnBkg4kiFy6A9tsYQrqffMPQZBn8V81KQkRnduNTspF/1 + 6E0ne/E8PXqmSGedCEyPLzLXIxrWC389cjcmF350wF7l9F620IBINIMtqgQMQz/S + XAHXATKrETDrw2YDgwLbB9oIptUKob6B/BB5P1uFhdaCarbq43RqYnWcLZxdO5WJ + 5d0lbZ82ykBAo9BUswnaY3XvwYPRk+bF79pQ15xljjksiFF0Gg+NzbilNkbS + =QV7i + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-05-03T20:57:32Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/9EF9rxFPcZShqJZn5hyUQ/Y7RO/htHo6jdqFu/DfpBcCZ + +pFuyR5Lq2etOvxbB9/HEqAKxbpeRzReu7c7D+WZz6CaS/PWj5TDxt03x6jNQQE2 + kCiZzTEB+VchmDnC4ifgX6rphvqd7GLjwXjXCUcGjMne9ANJJrEQstdZ7Q/GR6ra + Fp8I8hfrB0IpghL0gfVFw1HvKAaprKUOMBXfLqzPbZbYxdKMPC59ShrzgstHgF+x + q4uZgu+EOcpncTGvnReFbQjA0DgKyRGhATvAzASvqU3sBRAwm2hugVrcmWEpQRZP + QoLUchCLelcIf0eeolq5E2kxWxLTiyiGN7F8CoVfkwWmqyNlGweqUI0+eTPW9XsI + hEnpeNmFtZPTiTPxTYAb346m9lcslsJYccbFMZEIBwk3xB0ijDF//4Q+5CIgGHNq + Pxw+z/NTvH5zWhotA8/yiP8iAfa2MikUmhDr+stCmUSjnyWsgS6ncWwIP/H4MCEI + Lk4rA8mQ/gkS9UDh6g3ftuAYJIgPz7jVpQn5oA21VdwdeFO7YyJCXlhTL/oMeW7r + xuV+BTEobFv1wrGVtVEt2cjjbodoINFXhXiwonnXquhoxk/ONrQoB9I43j0+C65U + w5LRhMMR0ao3FKHxwI4ih9JZa+3yocbd/7E741WBqvB/DPzd1XRQzP+x+HIEccfS + XAF0UX8YPVCbuJs1nVVfyJSHuRQSplhuBvVfsIwJCDFroXYaB1JtkDhVVHCofnJ1 + MVhWIptfVbmY/C957CLNGHXZgE64cGvAXn1whzzGch/KlB7//DEW1iS1fbUO + =fypM + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-05-03T20:57:32Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1ARAApFA1MoRir94aqTlZF1cZOOdu8za6fOPxvcSICMV5RxFw + Mq/9xFVtfGJ9VfYxW/im7HG1r7EjIpmOwXlm4fLGEIpafBrcJrQi0bxlbCB3p6z9 + xuzCcmF5Tphuuh/LEBBhHnt3crJyGrWTZ2Dy7+wPSPEnN91bl3dGsHr2Kbis8rBa + QGiv5l0sqMJUWcZUmHTnvhb+KZU4dQUl+qTLM36X3ChSMFpuAO4w3YwWJ74F1Akz + b/6eIt3u87WD2r+ny6DXTNsDVIymGnsxIQLA+YSGhf4mwtl6HOZlBBxFKkxFp4HU + 3QA7zPwXY7g50pvlc3KJMNuZRTy0W9mpCnYKjHQzYkaD2JfVIrGmmQ47DEMnz0bs + 1pgLCbFE9TO1ur82QNntggSWQtOHr2ZFbF3BuFjIQ+V9rPHdCtGFFarZhwC2t9fu + KSE7vyYKO3o7g3BtOmqb6mqJswX1qTSyVOj4aqGSjG88lZq9WJPULe0w9rqhKwjP + OTrXm0xLSUk8QWx6V7d6kKiBH+QRJkr6gEdqovzFH1XNwtUnMIkCBudQgJAw432W + nOPfgXSifTT2hs/cWHo5ttoRiWOsvuqrCBmCETeE6L7uQoi6bhVVz2TBRVcc0rIR + 9AkuLc4mcQ3aby01+cK1ZVRybzTTVSmwGmssr2UwwxlhQUA+r5OjPugg1ynoIk7S + XAENR9L83Exjk8DsMKufYwRMMcZSyHzsH5p3ucewe+euYwCf3tB0iZPkHCdSKTST + o8lGtavDKNn564tKDeH1miuvas+e6FVLcdljTqZZoS9I1IX0LRnLLQbpFVzS + =kJu+ + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-05-03T20:57:32Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVAQ/+PKl8d6yCqlY2t4TS3MHHvxcPWrXM1+O2MKf78tH2OeiT + fBwxUChpNIvVX3aWSPheyFb/1PMJ/U828wPDMbBZrII2J0UXvCqnmuL08m5fT8VC + JjlkfnULNrDai/mPyxtpGJXnOm9JEmnUETl4xme8DbaWWg0QF73N4h+dB45olL2D + xYyeEZlnk9OX7fy68ADKxc9n7E17MjL6X4PV0BGx/15QhuPnwTFxCpe4F2dZqgAn + HtFunsjHwy9vptoGlh0KatCJLdaZaDEhmo5bQtxlpph2QJpstk4pGdLn5SJAUCYQ + bvfEeRFJl1yx0fLzYr6vQnqr79aFXVdV51ZDtAv0m2I83b34y4FDBvdoLrSUMGbv + ksmk7qxpknGoJqhMdORy+lBMGffG6EdcUaIdHqmLe7GmKrPh6CdNHzaKSPBIlZiA + 3YEVSEcDiVNuoQBAgJXUh29MqXIOPJoFw2hO2kwfYebYA/Z7ESisD6oCOiOIUspY + Gyn2T7TFHVqFfa30xA9eWYe4GkSVTGsg5/dCVpJxJI1L6dx0kQAIZVZ5vZzwticX + 2I+/2hVl2koCMqZJ8Ggx2VDLDUV1UMuolBeHXD4ci+3PcBtjHCVyXGGBls52jjO8 + ooUEkVWwg9PhQUy0royZ7E6GEfmQHtdvI3tONlcXa9J8OUY8sBT2G1uek5jQFN3S + XAEfIAmGnoJPreDGSqVu44YCjImBEwVrDYI+R+WvDbfr9OCaokQAtxTYg4C21OV/ + xaa6RmNG7Gjp8v60hj14k8Q8whvfBRvYLss5P4VhQAKquuEucblMwf9QYghk + =MMok + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2025-05-03T20:57:32Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fARAAiGtaAJAK6xOYlOoTMt0G9IrTGN7syKHld9x5sfFJxkdE + vDMWTmAbUEfteFfyB4YiZVvC+2PPEaXKAy73t5mZDzq53PKIdBUmiGseNZYlKm4P + 3KKIX+WdYBXjdqzG4TiQu/TibXoDNEJRxDw7LE0dzfPWtasbLREVRrrW1vaAq6Tx + hcs0eAmxpJ0Hmyz9R+sWTAAYaTxHTkbkCyCyqmAZF25lOlsbPFLsXXD/BT00CRB5 + RM5XwjrG+3AjbY5x3vVrxI6Ni2395C1cFnSew7ZITscC9//d7nTi4Tim3ll/de4j + 5IIKykMdzsAchQuYyr+fljoOs0qOAUW18eyOE6Quvh+Hg3gnvEma4HPo5LkM7RBA + Uf2ki4FY3OHWJb6KcQL5VKKMzlfp66zEAJoQTWkvMfas5c9injn4ZrEj//BljXmf + Es1DtC46ZMpflZ10qj03ND1zYMdJvATk+lRGD8KdRr5aO50orLsyO3irtfc/zMok + mhg++vw4cj/5AtlwqntXGpw4gE0/2QKdHS5LPC1ijx0aK6SFXv6jC8B1qNT0fF/m + wL6gz2Ty7aqSQzKrxVDFXzhfgYVRz48LzptHpFjTJjQGYxWxoCFMlYoejMTuA7ja + FNjvBayX2ZSMgVaqgk+wOeh8uSYfszu6VkH3kFCMqN7WvRbaxkIZUAbEF76Kj6zS + XAF2aE/v/i2VD21EhGX9koMJXv4tmCwcvUlbdukF/yJBstunXzTGO+X2ePJ8AkS2 + x0ZAlzof3Xdm2SbRGlCkFOMWr8u/K1je+MRN2igmZO2NglAwp9bGbSf+sHjA + =aXJg + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-05-03T20:57:32Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoARAAjz4TsJjNIvhb0+Jket7pqZTp68OGNaFuN8dc67HoqGLV + LBstxz0qkj8kr+UTi+QIagbKVTu/P5qFEJ0V4d12+QMbwR4yRBH4KYJNYzVgjXsb + oxkeHxo25/FmHDNz8z0D+CdCAOS4P24qSOKcYnk4vhZ9xI/3BmEH2pZKE6HUgulr + ZzqKkJuQyVwpzYgsA12ps7SycPLkAfF4TEBcE8luZlNDq/V8yxwEctpsmNlvvBoX + My9SycdGBTOTwbW33hx9lMyZL1b5Z/hlxduBKBmSHtf+o9KAWZpo8Hn7FtC6eFoW + j72T6OhkHIwme9p8CMUbg07w4jqtAU4qk0YHBZMJv4LmERnrOmG+24OYEFWX3bfU + n08HRy5sp64jH5FYUtcuEkex+jeA2yLxskXVhzhQk9Qrnw3MJtd7wnXK+fz2Dpki + 93KINel3Uw8DJJGui/lx1lerCyEU/fqVYtC5xYy0rzl0ZlBK7f9oSl9bxOo5vuHl + NT2Wb4r4v1xSewvPIxNeF4cLIC1wa9GkshmA50uOgVPptF/L1xMIwz/e86mBsLlG + byQNqbbezfK72cBERgw2tVlLrGXlPAQiGGocKNzIrythRrdzjOgw2Bmb2sfXw4J1 + vCF5nwN/joRngd0iepxYYKlx+zq8G0wRwd2RXFscDXxkH+ouRxVWFdX89GqcjOPS + XAFimzl4DsVpB+abVl/pGaNrQDrYnwbPvbh+qNwKeMO4B+3VDzP0GN6LdNxje5/1 + kJrmR2KqT6eDWq4R8El90RkZmr3Z6fc/SffCQoUGxGkEapWitJdkK0jV0Df0 + =nluu + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-05-03T20:57:32Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ/9EGmj5h30qhRClaFwStf3b63Couzf8h+7Dk2GUuCJoBq1 + +WDHDJW8zBSCBHhHlOmB2j4gUfrVHOHgbdEBQoMFatCpBWWVNOO/NwBCZwwL6Dp5 + dmBA94bW+jOk4is4ecQ10zPBg06GVzpDuefYKH4BS/JJ8ecQ0q8cWO/smzUcpsNd + dnN3J1Py5VZOz8CO0SO/WMOoV5NA/yPmc7LL/BiSRtDEfi05r4r4aDLK4mJ/s7Fe + /7vllPhC1ZxntQ//1z0cfX33nKEtyTkOh4L+BPnrqGCM83zruAfSV870Ws+iPbHK + +S1uCll2ArflkzF0YiaqZd93IH0KTDHUxOPwHjL4J+apBOCmKoyd1nYEl3mVNQhp + NArOEwK2ws6xA3eLGjI3pKtsyWKXfgblyyQcSJAZ1YHK3I3YPVcPBFE+zp5puEMS + L0g/d/uzUvAG8GyYItAj/xEgaCaslWZrLAroZ4X5XRrZNcNCsO54m0t3xxPKikZm + ZUFV79+iG+Wb/Ib2DkPOKmOV6WLa5PGtK4PUUGKcTp0FbWhtVeOZUOmP/LkmrxBr + mSfnmKdiOYlyVNpaagI+XlGNSWU+9Im7r3FO/IEv5wmt+k3dpM6dGzaty1Q6ffVB + 6OqTZ3KrKgOMj6WIC9K7INvfbGijBeONjvapvg7SjzoXeyGqwS99IJrvdxnnc+DS + XAEUUYcXKmS0saM0DumdcOlfTZnzcB+JOiBI6+wbh2xiRy77DCDy+xW4m3tKCCvg + vJdEJNsSA4fpzZbjd1a2NhEthJxDuuiKfMmnGOCX9DX+SprzWzjJJiew47s7 + =Zu7P + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-05-03T20:57:32Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pAQ/9GIgxeDdrdDRTroHNgkVYoHLS+jkPXIygUcO5OGsmz/JO + kYxdW11QH2xnOz45e6wM2W/6Vf1VPZCeqSKxEUXHQkXnqPnqD3zw+ukO4285gDb8 + 3reybhsXXR9L161H+7+sUyu0y3n5+wPTK0K5Y1UDxZ9r67cUfwvQu7EY4Fs2s4yG + g9d/thE6rR3lUIc7w2XC6veeVAjJrdvx6v04KaT+YQONfEu6GVNnA2vircH7JK6C + cqx4J4TGFS+XuSPm/07rtJLT/qD6Qao7JeOJFXhEwdTNu1p2ynmqUA0Pbh/Hdtgk + dv4kW6Zx1yoUuqPf5ehQIcFD3IHxlFAC/ZYOyxwfTgYbdfZC5iQSytapFDwjMgYG + Z3Mto5fwlhblagGQKZJ0TZZOZDOcJA5vS0IBQPYslZEVhRkAffJ7YHiNdnylCt0S + kLNIkq/wGZ6NTffonJRz60ADUw94jtS6pAjceIv3hlnn6MrkdoYAkilv+dS7qSj6 + fGlIQl0BnHUe5zaDAkQrXeasbTzOhOZTTb1LuKw/8c6CKt8qA/I+1ragD5VtOW90 + fc+o3Nu33MRirTyvtlltBnlu8u47wYU2dRPZz7rmpX2uBwKBi+qoNcWt806HgynB + HWqwrSNYv1y5pCaDQEsVX7vFQY17MN/4h2B9k0/KSlLWntpjo8wJ2yAVLUbOwgbS + XAHW8GLQha0t/NaDykltIdEWJijiX6faokYrd/hMf7MYKAU9M1t8C6LVJzM2k9D9 + eMdKf2b12CPZZfvbA4cVEvU6XoDWTo2RoDhzMQU7QugZ1vUt+lYTx6t7F0Us + =Y9rf + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2025-05-03T20:57:32Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdApm/pMPZEGvqpq62PDegCOFtAHb9gu2NbHanCGEaf7DIw + 0u75A6818/eKyi8ALEuydUDBNi2vwGSncUuZEacTlLZkLAW/XDi/wlXSkBv3OGbF + 0lwBWvKAZmPmQmU+aHQPH9RLNk0SAl0WdQtCveFzy/UfSkNX/QS93dbhczo6dyQX + ZK3lEsekBVR2FQhe7+bC8Ry+Dh04bsjnD4hCPI0lDM4loQoBg3xsw+41GIwOSw== + =yugu + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-05-03T20:57:32Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAaiybhXQcYfg5/0e5Zd5ctB1ncs4PIIdzDVzm3wJceF8w + 3rliNGXbcZB8THk5g49nvCHdkDNX98TF05DkaKTYjZmC4er8AqbRwamt/xkInuCR + 0lYBQsS9bNcZBar8dVL1OC2cu7F8KyT6rmz67Oxg/ACjo3o6Trq1/KVF38Zmqhov + YlaYXB476wDXA6aysvxcae2TKO4GhwNHQokyUJYsjT/0mOXG2hd2RQ== + =KJs0 + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-05-03T20:57:32Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAj+B42CzfPhIqhSKoLePF+uJBPZl9HCmETvznhutyfDPs + +jZT9QNTCMub3FdWU1joP9T/V0A+o0Q7BYa2O+q5/19F/w/+Yk2XSJNu3RfYSpq/ + KgLWGSj5Q6zVp0FfVCxoyEtCNy+458mNxn4HvHlPsJwnP+u8MZDd4Weswqx1L9qq + KWIiQ/V33P/miFD6pMHyoi5P0ue7mmuIDtH8D0pLhAVHAhM4s+YBF6OTpobYRTjr + rm1rNp5Rxu8hjOTpmylCtQJZeud/zLb61fUsAO9svq/Rf1RTGiGwOUv1l0v4mVto + Ib60J1dSdr6TBCmUthPlE7NskIS3B2wRL/GfsqZXazlLBsJf6GEWEFcMGi6bS/Sn + XSX5PvSp6SI/9UXPBVXlpDfwyvBulilSqRR3HC45XYj7Zqb2HWkEZF1w6+jYCuLw + z9uNFR7BX4AzrhEPZ2xYfzMIT4Cd0kQ6oFLfpvFKbLXBNLisqvGhzVBjHQHmK4ou + 5NgoTAVvhpuO/LZf88YZ7/u6jwo0r/pPCyyW6I+raJinUGfBmm0KP2Q6xTXRAMkv + OMCLEP+Hjm7xG8g+oJ/RsvQkvpQ4MHhx7cDQpqQFSV/5DhEMtANth1Lb4mSYlmPE + 2TseTrARXbq256F2clDnldlWnnkakzwyGlAPvJfweJ4o67Sr+e6vX0I7HxKjQ+HU + ZgEJAhDJfWWDsTZ2nsH+w4vS+JHZmdoelzKOE1wTioAEb3RZm2wEvw3gI6N/eOfG + u6n7GTEbjHZRcvysbtnXS2PRiW8iNMK8pxW7t/Pc0MfOnzaF2bQRoOels2ITqo7I + gQS/Rpv9Ag== + =6U7r + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf index e2b89d9..319347b 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf @@ -72,7 +72,6 @@ map $host $upstream_acme_challenge_host { cfp.eh22.easterhegg.eu 172.31.17.157:31820; hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820; hub-usercontent.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820; - netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:31820; default ""; } diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf index 6560b75..e732052 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf @@ -90,7 +90,6 @@ stream { cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443; hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443; hub-usercontent.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443; - netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:8443; } server { diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index 1f9d99d..690526f 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -4,7 +4,7 @@ services: image: docker.io/library/postgres:15-alpine environment: - "POSTGRES_USER=pretix" - - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}" + - "POSTGRES_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/tickets/secrets.yaml", extract="['DB_PASSWORD']") }}" - "POSTGRES_DB=pretix" volumes: - database:/var/lib/postgresql/data diff --git a/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2 b/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2 index 3f4af83..83cf327 100644 --- a/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2 +++ b/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2 @@ -10,7 +10,7 @@ trust_x_forwarded_proto=on backend=postgresql name=pretix user=pretix -password={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }} +password={{ lookup("community.sops.sops", "resources/chaosknoten/tickets/secrets.yaml", extract="['DB_PASSWORD']") }} host=database [mail] diff --git a/resources/chaosknoten/tickets/secrets.yaml b/resources/chaosknoten/tickets/secrets.yaml new file mode 100644 index 0000000..cf2c4ce --- /dev/null +++ b/resources/chaosknoten/tickets/secrets.yaml @@ -0,0 +1,236 @@ +DB_PASSWORD: ENC[AES256_GCM,data:2z91TJt2qWl+mZV2fGXgXT5YHwYbhwGH7g==,iv:6SHNeCtGqvsCWRJwA3lzrEbQYLk3W9IYBLfx4l/jkNA=,tag:z+xWip4xGFt6vMSoE9GPug==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-05-03T21:13:16Z" + mac: ENC[AES256_GCM,data:yIOTN939JOjV0aM+BUHRCnnGAuZIUGFvei5SknC/u8Kgoil+Z+5Mdb5R/VMgtriBSeD9z774W1ioH4D9ZaOgKwkLOFvDx5+Q1+bxj1mMMKV0mWZKttNOd+8GJ8t/Zmiu0hu0BvDMz9maNZVMsDlOPUuOMQ4RbSrkrJByHxyL9FA=,iv:/4hePEMzzTxwRyKVlUOYDgIHb2lDyg6Y0j9StR9qtZU=,tag:Ou7Q/dOmkzA2uuZ+tLsCbQ==,type:str] + pgp: + - created_at: "2025-05-03T21:12:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtARAAloGIx3GHxBD0iSxnM8/v3kl8HvW1r5WVL9Z5Xtu05m2M + 10oGBnZoRMhin+I6FoLPXlC/NoEgqL46lrX/D69H4tDiHE2xtN9vSOrpVE4SB8tc + MIPl9q1XjypCfMW7+HZpZg+hA8FEG8potL/3i/gESvIFvXz8MmAw9xZjscuXqZuC + oFHqCEIEPqUIt/cU5aIRRSmBgjA3Sw64Xi/PVpJ68HiWdzFHb4PkEL6ji11Ju8rw + RUyxlcJZZ1/R+RY9Z3chzC2g+ya3QZNFXuLP/FkORKIErt+R7s2IEl5vmvYsBmbD + LAv9RuP21KXzkp34ddZD7qN6+hS7oeC/H37+XYte6UWYs5oP3SyW6aP8EgRukyGj + Wj2cnoWfftSGVV6rJWJkM3Z+2EnLJcVeQp7w//eHrzVjpOFQuZjgdz3JLR7hHH/P + JQVmqBNHebpBwPrcsUXOdAOQ9jhaaUIDbThzD+WpCUNxX1R0H+6X/y8C+QH4+7NE + I3EtdCnXXm1i7S/YsvkJ79o0TcyPWln0zZiVH/9KSu4IDhtqFfzHH33eJY1hQV64 + SXMtSlOaGvqZjEpHApNlbLzO9gX+yynd8m/fACYUZw1H7WpQjBPX8ZK1MJGupC0V + QPz3ZjQv0Za25QCIV1JhnG8sw22NlA31T44qvpTgHQYYrLyiWPSc6GaaP4zRyDPU + aAEJAhDjdZQvLBUmStXYPv+iiBsbpBYJ1gSugO30hG29iAsT7ybx6Gz/Kuh3M3f8 + GqsVD32plCiMv6CYuohykIkIedGrniRj+xoJ6vR9zRU2MJrIaYwLcsk6Pr0sPrff + SDsJqxfz54ft + =gzr3 + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-05-03T21:12:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//ZQ0YAZGm2B3rWCtGUjuwpiaJ9oIXJLq8piH67b1Fyzm4 + pNw6g4F4RWKgI5Alwat2d1XKJA2zuCww3L76oBYtY2qXSdJoz0cYQzuM3KL2goyb + cnt2XtRoOfS+akYOxabz3CyigVQM+OfOT8SFN5XK4A/xavgKc6pso2WS/10CvfLs + cRH4cOzbOoaB0ZwJ+HKkayK0Y9XtMaDBdbmO8SHa8vzwsI2dTSV1SmR1+vRAUTag + xBhp5xoOfP8FP8M/bHre/ArwXku0EqwENEfNyS661iVrD0WQZDc7/Dg2NvwA1erq + Jnje1/5DCYhPO7Y8W+jP5OzxK0pZLaDxThEK0zIrCr3QbUJSoA8RkDEe35paWNC5 + 8F1eTDTunqrEqT02I4GEFN7XhwExWUIMTT6hQ1Gp3uXfwCAlXMCC5uoPE+tucTiH + LcKn185KIrH+Q7wssEUu1T/QTWh+Ff2cF5vPP+BLIkn707J/+UVIeipRreBISzLn + pGOpuhM+pxFokX5b4oMUHBJ4dOhQ1MclrxL9YZzbQtpEnCmOo6OIrCab3wHBO2Sr + Odo1qX137xV8gnPdGkrCTsV5XM/oErj9Dz0yA9pjEXxLlAhHdb4EO+XnnhZgpkbJ + tH0VwlD+bczMX9L0pq+wN/aLi1kEBDDl9lAHq1QHddjHc2jNWMAQGrcVgJQRw57S + XgHrTCfRh/WhKXpxqiluJLz+ukF5BvJnGTpQXGbJm5SsJgR8jEY5UBmIBuJxRcpc + 0j+UsSbKgPwhmEqbGkmOb25PX6nvdO1SCmGp7KUrLgD7kJafjApvUn8exdKzquY= + =ygn9 + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-05-03T21:12:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAAiFrzmBlFJ4gNJxIwCAbOY6lg+UccVJT2T7DkeVnA/7KV + NRqQTxtiYgMj0HY/5kPq6I8yC0FKUxGx5QsoP4lvUvmiv/kCXl3M3hYq2QrIN0Xz + xqxzLTyOENAwwfgvRS3RDNKWX37CM/eoVaozs1+f4+I4dGUhvWfoPIJcgCkORFc7 + BG0OwEKvyE82vBxer8Z7d5pm34BXL8Ptc89evI75iLw0wDq/JoGOQKYG2G8ko2Oh + p7c6VnoDFQ1PJFLm6wvVBjJwDznn8DvSYR1PepDkyOu+eT1oGmzGnQB5Gbnnajxa + +2Uw5S33kYDeSfHmgFfg0BA6dUVujVTHn9ZZIGXzIJDWg5wIMgOpHK3XGRgW3cKF + pC4qBndlaWYK36AZmOFsok7840N7LYR6jz0Az1wp4F1bxKHBjy4ou3cJjhNVU8yu + 13/YoKn0SZ0iYAQrlceybaVwdIUxnH85/qzQ8tnD6DG+9HiC98XjbEgs0pR7HJRP + Fp/zuYpNbMnYRbB9EQqfbzIU0msTyaUTWcQwX6fswGRYYq0tRd17n9LcfNREmpAi + ydb5x92STgSLE7sGAbsmPSMmOdl3BpUi9dPlx3ka3Y27uWI3VIWTTns5zmIBz+Ht + 79a7nYb544eDNax62Gf7nLPnLmZOOfELFcuuuB3QaQIge7NptFmJJE4eXhr6V8vS + XgGzxdvXBgu7kaZOgqTFoZndVLzuXaPoy43unU4aEY/ewW5U49ugodZLoW/GSfHQ + 14BNCVO3Z8A6XqWfjUsKruROLdx4b5XaJy2PRNz3vLfgTmVo2pZQszMuKjaWzXk= + =dvgO + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-05-03T21:12:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1ARAAvAE4F6dTkXICJ3AEgvjbwm9WY4zBH46CxTlxRw/ASC5u + SOEWZoVaWQTAVMmdiI34+bzs0m8dtK8zv2OseIVTepVJBN8EfPkd6V+fDZPX37MN + gMGjr2AkXAGby9oHL1s5Wo2YtzMi0sna0qqQstZkNTrq+LtEpGKOupEAmKdV6M5u + VtPv82YZqAxLk1h1/kpRUMQyd0Hf5YQunOnUXAvCQHue4GLBSPiz+JIplNXFn3Lo + g87T06pJDZDtxIKSruSbb9wuJJbz/L4qT8QGJj6CNDoWAKnZhYlVKnKQkRZevBxb + EsD6tupcvUokWW21iywlIxTgOWGklNpCnu/4IVa4jnQsvlV2saGM1EaTgsELPy4M + atQ6E11V2ZTs1Xqiww1fnXe6KIWKn/xQ3i0VPgif941DsBFtirnutqedU/S7iJWi + XsSZrDDsoqG0oX27WphK3MrXoVAkEOWG848mutPaLW4Us+BMnuRUbAi+sVPETvbN + hsvywnasgR68bCWispRomGXjUnphNQ8Ry2FXvFhYKXde8xdBroh7iBrn8mZXDn0r + DIuJh3yEgItGachvp0t+bElihTihUiNdCyuAv2de7nQn5F0wqG18hfxyy6yYlzUS + gMJZ7qzmTpUWGv8cPoSAIOp/ltDVS1g/muFwd6djEetFRQKm8IuhyGFYJB3f7XLS + XgGk51EjM2OGUX62galbP3Nrs2s7hPQBlo1cVZbQlB/eBLACQTtrKDyIC7+N9yNd + Erw51W1OG1nISvj4azF87U27M2HCOUoH5ecVxtxNo2Mg8dOysZn0HBis58hAViw= + =BgbL + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-05-03T21:12:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVAQ//Tha3qHvAchEyctVDmTc3WPLXy35hi/VBQIw4Ell10q5y + Jii6h5fTGBdk/u8uXJmkLqAYfZ8ytCMMWPXvP9tMxX1K8Xm97SFVcZJgdL6+lKKA + GPttR0kGo60OowCIWy1s8xl9qW6625L8W+NhIB4JSOHG5h2cpSx0WbrAEPCNTiOe + MGSU5l8jIzgFj5cAcSdwojuKQbtiO0TKSoVFqjLQq0l8U6qD3hTcFcT3ktOv4DoA + bqKyu17kzonS6tpCnIuuN9AEbOl3k9RPxpbO4c10l1zaNHEEDbXRYRp+MwcgwOK7 + qlmqf/QLVXWt9WeWvBSPRAbDDrfCaBaPAy7VIkgWdp/CAsdygQkvgh4uSzzZrjnU + xZiYVVInwJWSrDmrLXtFRhlxPeVXo/QDBOeb5egsjNQIs9Wys7Y+L5Rgz9g/W/Xh + D10LAAQqYcu3DlOhzsT6uuzb+sGVrwfQAQtg/ujaQOlIUC2/V3cmOMACWmoGigb8 + qlIXx4Ytd1GI2EX2LVEvMTKmIQHeEijmXSu/iu0D+S2mRp/hgSzwH6GbGb8MaRzJ + MKAzt3yGh1hck01HSmif3t6rhUS12mW+M4Xdck9d3MjiXrZVznOkMT9bhrvLiej1 + 85KRMC6x6qiMpp4BfqQ4WXSDUjhynzcoobZf6VWGeSHnaAeZYlnedOlb1fMoSRHS + XgGZ5a9J4ZQonAkIRcDn0xr3EYT8F61vVeVwqTQ3PDd/IoRztq32RkHng6dMBZKn + lRpC6PKHo08yUGH4R/ppfCpG9ApdvyoiDgGcSotXSk/AQfuOHlTVCA0fQrq1j5Q= + =8tP8 + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2025-05-03T21:12:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//YdAXWGS1//BK3tQne5qmvdI1uOY2HPYSd8vEc7+UBi0V + bBHsxlVMVdZSJQVX7WLxAqBvCyFbJP8lsoXlVPK6pq8tqBzagBXSemha7Z9SdeZ5 + 3QamddaiwoeBrli7hV+AXnLwmOn6f+5/KmAdzU2J7QET87Kd/rcNbGP1qtIaIet4 + dkxdDu1xDI5mrX286gg29lRfjuxsiQfzmU4+PlM4RnXVpl9QpBtvzuWQYDmMdoCG + xqmYVv5xZip9MLPv0iT/T4IMAdhI5TvTT1zBrRQW7tNRgRLyoSRQC6qb1C24sHcS + VBkALQI5vF6ghPQIC254LUquiTEazzr1TtvLKkdyK877E2E6o7k9dsdSPT+TemgJ + nO/lBhk2ZAHZRLb5jfguhzQ1G0WjfbYX1QAwCW3Li8EBmhHTIkStVp4TlDvPhgb3 + uLfGaasoYHO+oirpmORXd3Y6pJ1FvAk2uFLcqQa4A0lkblxzVAI+ZwVmw/RT+yb0 + DZlBKshUUYT4gHJOD/UrLlviX+qtVT57OFqhrLEZkt8L2realtpQd0efotK3q+cc + M9auKQ0dAy0ZYmBQD1DpDz8pg7pSXN3DpNbXKaWuz6B/84WU2aw64RV/ZaXEfBiw + TyrlsFMTAd7haoRYtYW4RxctrnLoBldGezxVIn01m51G7dRHL8/aDiZW2ffKOqPS + XgFV+BnacumDlBtMqS5yrLv44tDRXXuusVku3X0XQZquMc/zb1XwyK/DReDi5756 + 9pDVQQn0SxkZNo/z8ln4C8Q7IZUQWhJtWNwyl49HYlSZWEnJ5KK5uEs09GEhnbk= + =nz/W + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-05-03T21:12:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ/9EhTITrYK72Zpzr2/obOsRJkJcCxwEtHmUxme8oIw3mJA + 0CqrVxibxhQsDVY7Nl3K5MkNe25wQb+5s4UVO0ji2thXZaRDc9ut23qUIiILMv+c + KMu+KIvZaOBUIFaTnrbyE3XMoopk9cJsMC5MP9u8ilLMgc3Vu3R992O8lgwqQLG5 + xwSKMYy/9PjATR28fpz0iPfunvaJsnaeoJl+okSfVny0tvf40ECZF+ui76XJLL3D + M0p3LehaFc7+Laqb9nNwzbl8q6RL5PjzjTYk9VvPTJoqORUA9mYbbEcxrEPdBV8U + MVUTfTsvlcOPgB7nqxJXR8Xt5m4p/xS7pZX8ix6XkOLIzSCz3O0z9YRh9MXacE7B + Fn42DHjfi45qsIRpgUHmxI2kiT5xYJVmE3MYCxrlBdNwPPkWlvN/b8fgU5DnSPXd + SJdqMCL/M0lQhQbfWYWE9HWKuXqrHX+lkw+oEnSzj1fqcgKU6f1BapFY71N5zkFM + sgtD8Ff/obT2FhVeYdMIbGg2Jq7oSzfZiy9IqDTd28Nb1soX1sH0lFfFMfZQ10lD + d03YJtBJzJ4LFlWtSZoMgaw87K089tmOZ99q30TW/oR38GehZ66H9mdLWS0XqCyo + NPvyA2lesuO3IaKuqB+XdaLSwFq9TpmvhM0iJD1qLyHHZR69bdD9NhBF5jfaLCXS + XgHRsY8JboPGLAKH/fzo/o+gq8yTlCkjjXI5PEEy8MjBQKg9uDxxmcTtjhJcuy4E + JBcwtwi7h2CqaoXw8nYGc96YMvVrItARTJeXoQc9EWb9bktzLFH1mMYn6dWN9HI= + =LgrR + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-05-03T21:12:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//cRs0tUZD57N+1PeLV0IcvJVp2k1MZwTvuBLoUru+kbvT + dKG/9z/1OBI/q38s1zLVobXNM87JOX5d2kKU6SusjgZIfQfyBRf+ZUyLWY/7l7+x + T8+WCuB6jaRBhtp4TUG6AVWDC6kPmVZBcck2XWXx9J6PNR4rGSO2zeR9dPAUYH/o + Lfu8AvCWBGcsgPG2OOgWRYog9B3RLuFaSVEpmHZoponxhCuWnjqdimRZKQPkPEkx + 6ZI6q2jp5XzK3erEDtqdxzCwoaU125J7pmizsR6p4Q2Bp7Vew6M6SeOqTH386+8p + oS6oBsturH166CVGjSz2ksUsOPaIPRP6ZbdGf6W9Ht1wAV9+VG9AzvO9Oboi4A8+ + SAGoaO3MGCPNWHRzVpCMsXjJTmqNIl25LFVchGiUtxD/EsVXET/4Z0CHcV2Ulljd + lrvhEDvCkozUI9opndZ1qeTJG+JcGnXMCcKEF2iL2tqf6o1YdbYKaHH2SWt7f+t/ + FmZpwLFLcvO/yr7t9Nc8xOjRvuu0Klq+XHa89usD9D5ODeOuzQHgrLPbV1VFiiKy + 8+kvJHabnBpwyIcvziNDtgWwLI4dYQWmpmSWvJrhFJewI4yjTQvl/Hcq9Fcnxf4c + TRJvwa6rQWKrjyrhhslUM3Sh9jH30p0dc0nr6UEAeTiRRHIq51JaNZMMM8bu/uPS + XgGjA8XM8EMp0c6/YYVwwc5YOR8QZfH8+lW6pfXkWXReGG4dzdeGvR0W46facY1j + yQ4nFOCnSB0eEYnucAVxaOHUmEceVg83EECwbBZ/NgMhgojf+xjSpoNcidj0m4g= + =LQ1A + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-05-03T21:12:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pARAAjfwkWbKL9yD3Pc0nIw2PUbI7yZ+rHlYgbQf0fl5EuVcv + KNLnRk7Zvl3bLt9+Afq6iTXD3g+0YWDFS1Tqj/SLi3Vu37GxgbgemAuQ7ZS+wsNI + KXfPgBS1o/4XVFlZQ1mvZFpwVdnre34xwNbCLbm4u8xBjx13w4vq0TKWTsNP4+ug + XB+l9UA46xCJr7LPxUafKqWKEMkRjh033UXSB3e7Y02O6FOrj6p7kGnUdh+Ia4Bj + RjZbrVac9W98CkNyDGlH+Hyq0SHtPYvjvriqyOLnY29xm+rISa2UAc2tlb7UPXDo + g6vJYNEEOIAzJyYytOoxnq0dqtN3aB+BvxNRKorNHqpUo+AaDT7LuzGJ8LYacSkj + Sq3Q27dGrVnBDjTTansQK3vgIcS2Zfrj5apY0q9CgomJMN6b696FMVQOlWuiRMv+ + UfCS5zQGtB2a+10PasiHmGnGT+TJEZWhD3WVj59cUhlQvY1KDODv6FmsP8t+eU62 + 7R4Mo656+hB0IooE+kmJU//dijeXF/tczIgCNASwylofzi4qXbmk1zUII5zYgnUL + LFEyIENZ8WBIxUWwwDXtcpbxjbgqOws2aXhOtEXFvjd/L3qDx61AGBnquWPFcekU + uAx9yNkw7qbyp5gTbP0sRi5bqqOIYbL3RXM/pkArM6uQQxgfApCWjYLU2LBHwojS + XgFM9twt0Gi0tDL3W39LzXNPisBDkvp/E4HZIAeSZPMPo6iTJ2tOiVDB4GlTRNaF + oLVK1NWwCI46YnC++a5FpPvh3RHntXDpdaBcbj2dko9OZtRum6WbkrX0zZgZ0zc= + =zSCl + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2025-05-03T21:12:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAiMBI38DVqKUchVg9KNRFQ7i5y8PZB/tm7I9JT1gzExYw + PhV7QT1EqPuEkAI1OseqboFj0bCo1T72M8TqwMdHz9hYiOAh89Hqhc5nluetbCTK + 0l4ButC0VXzo+UjnmjDS2EhEqnIfzK+y/9pv8r+3FuhIpiWdSfEFCrbp3B3WX9+2 + hv8iJpCdAnInpBDB0uRTt635MBlf96LBowvMWxI43uIjPXXDCg50DQOrHw4Yruub + =Fc/i + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-05-03T21:12:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAfvbuQYZWYQVY0ut1Q7nIwx3eYajDZxkITih3R4Lhx3Mw + 5LToASYRMdv5fTxxDibNvEyEWFZHPB2ppB1ZOOFKRUA7+cam0YFV1+QtBQDDQnNu + 0lgBUR3uvS5IaOeEpg0E04byWimwsQP5roGCZDW4Sx9818HQSr/4HUx8GfQplT+/ + /DWZK77QB2rTtStWhOPrFkMzRWP+sqwtewnqyPRkl5lcO8+c1jyEhy4Z + =8Ilp + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-05-03T21:12:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ/+Mt3jDYdw9mWU6Wrsb5B7pf4IcsFCMilrobnDctSaGru0 + sem2dCrqwjHr/c9FEcfV1aTMx48XekDze/YMH2vXMaPK84hm12KxR+eZvsQWMx+i + MlN+4ANt/ZqItqtdJPgB2LtRgoVYI8/yB8q4wtwpt7o9uSSgF6w1hF1KMwL2dwyl + bacuXrEHpGh/z9XClnJ4nVGgzaeBvmPLKLcCQAmxu7f4lgjNM+cxQM5e6sYblM6Y + IVFMa4p7KmhWaGI4ppLXyFuvY9qzRQwXPk4vOqgCiIjrkr2LcTyDDt0FaL49pEsV + WMKTED85cOxL0R1jJ9a9HOzOYDu2AbDCGoKK6rFD/ZX1elJ4dB4rXLKqdkb+d3gP + ii15T3I4nrS5BWLrCVDhYh7KYhNAzgib3yRb9gRcuAODWj0JfNpmZJxNEO7enWaH + VCNxhp9IeW6AuQdid48m1QeFeIjVseGZKWLih14XJTJJK1oZ7uT827NpForHIMxF + ydwyswILsA5RLRpZ01MBf5LL2TjJRoZasIgEWEAKYJe/1/HSD8oZeFzK9THJLVUt + TrIRdZ+yaqcSbPBRrFWI6PknWzm3CxdqDeiVdZMOPaknXiQ2EoKeJ6zP54x6XTde + TD0g8XuRuIDe/TeSUPfuPT1n9oWXjsyxXSz5JYcsyaRSjkxqpG0uhL3pPyN/pY7U + aAEJAhC5mrp1jDSywgh9aTZTzwac/AV3IUE5LDhB9525b5OvSOJdoLNnJ0afch+2 + +SKfLGahelWSjO44hyDhvYA0dMKZZf1SIlGivNx8nTbK9OpVhadyMCZ96qwzWXTT + HrekrFf1PR4v + =zm8X + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 index 8d345de..8ea5265 100644 --- a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 @@ -11,7 +11,7 @@ see https://github.com/zammad/zammad-docker-compose/blob/master/.env {%- set POSTGRES_DB = "zammad_production" | quote -%} {%- set POSTGRES_HOST = "zammad-postgresql" | quote -%} {%- set POSTGRES_USER = "zammad" | quote -%} -{%- set POSTGRES_PASS = lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/zammad/DB_PASSWORD", create=false, missing="error") | quote -%} +{%- set POSTGRES_PASS = lookup("community.sops.sops", "resources/chaosknoten/zammad/secrets.yaml", extract="['DB_PASSWORD']") | quote -%} {%- set POSTGRES_PORT = "5432" | quote -%} {%- set POSTGRES_VERSION = "15-alpine" | quote -%} {%- set REDIS_URL = "redis://zammad-redis:6379" | quote -%} diff --git a/resources/chaosknoten/zammad/secrets.yaml b/resources/chaosknoten/zammad/secrets.yaml new file mode 100644 index 0000000..79b9dc7 --- /dev/null +++ b/resources/chaosknoten/zammad/secrets.yaml @@ -0,0 +1,236 @@ +DB_PASSWORD: ENC[AES256_GCM,data:ytb/AQ8UP47KTdUHI5RVZejZBW1vVI7v,iv:AIYEngDj4BHgXnz+pF45Z40EwJSsibVdCeF2IdVvmZE=,tag:dlBva94ytOeuzW71flhTaA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-05-03T21:25:46Z" + mac: ENC[AES256_GCM,data:SO6TcvQJNQ3cAAy3yr2S4/PkQm33jLie/MEiLVhWRajfVD0BTyEMG5RJT6eMN/2AW8HxMBs9Dgz2aOWosL3tXWsxp5PY9ZaCg1rlz7UPPp1lsoQLB03LYAl6Ez674WqTmUrb+SjNvbxi66diYBXZj0b1zawMD0J0EMifKqOzJiE=,iv:WTr2qtfazMonEG4hxcE1KNCdq/GtQinMVHXwT5A7yxQ=,tag:c1wBDOXeHwmHF+J5GXIlmA==,type:str] + pgp: + - created_at: "2025-05-03T21:25:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//SahMO2M35vCWkHxIHLDO0hiap+RBvab+H35B+6rHsBBA + q3hyXieM1uW1OFKNegRPifazytyUVYi7DP+t0vUqXo/CY8BqmjM19ChOvaAPlif2 + DApPJvV3sYLbUdkYBx0sdpTiWHXmRP0JXtcvQxRMgOuRt+EhWoEnSsf1joMVhR4x + aGRmOiZhw4ZMI0GhxlVmonb/B0Bo6/3GIScVY9AzJIcmDqDd8DP7SEsYUxFzBfST + KAW2cJBn6rT1OtB97odr5Ir2TkS4H36euSNew/8caHGlKgcnewgF+zpIvjeWUimk + cUybZ2UssmBtfWHsypAMg7pKFO/OmV57OWqi8zKYNeLwXeFQvHB1265oJN4szyFJ + raCAB02Y1r4E5S3wSeqhjE7lvj37/JTjr5VXmz0tASPpgdcLKyik/qTSMQVLs2gY + nUjVnPbpakQ/9cFCElWEhFDwALZjsAef/+mqmA8h9Z84X9gi+EAwee/9uT4Mu/0H + 1xKdlAjo0ubkhTbxDf/Zp4RGEQ3ERffj5mtL/DxuBp2jvQ/feljJtO3Lo93Skbti + 7s+kOblHH0bBS+/YNP8yQUFZ0V0Jpvn52RMOKiMlrnlbmI2u9x478uF7cT6iQ8xf + HlIIGZHJ+dGU10sxmflp3TiSRAOyy5YJOFiBYl08QHREqPoEfn20hWIaf8avJHLU + aAEJAhA3M6o9TmOuAV9+n8lrZr+WcRQDovlZmyGb8/mjqupcW7QTsmdjIGFi8ttT + VgwJVseKZsTC0dyYNRroBUMyxEhtvsMkoAf6i5t9hr0XcaWQkacd4oYpkFIS+cDk + GGZyXPivuky7 + =Tw63 + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-05-03T21:25:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//QEj1kGg89Sim6kcAyZR6qi7yU9NIsQUUgNxTD4Dn+AS7 + w5rKd3ympVFVO3oQTJNLmxssJGyC1mgB9dqBulAPjKepnyHa/EolpGq69mPlO8pH + CFxSSz/rxj5h5vojyWE8VhDQtMeKKGMYwwqREkHkOMIvgoXPvcwwiLVDkRMkf7ss + xewqL5dlBkmHCHYE3gIE6BrGNoQEZ6vO19P+13KDgHxZN7RfXrQDLYEb8Rse/X24 + lsQxlaJr1fNsHzEPHkfZzWx0IFLJIPCwLJa7iY96Ku2qZOo+WkGhUiDHo/m9Ru04 + iwEVzucWHCYt3kKKq3kEyR57jOwzONUAuWl4otO0U3a3+dbHAkEqzU7WcnS2UOy2 + ajYmAq/j6kn74zCw+FV9tT1S+6WDHW95jXIPr3zKqRSL8V4UK0jc87Nb06w3yRCz + f8C2lrzH7iQFajDDuJ/vUI5g2NR10FafOdI83XlWkpd8i33nF7eoMZTagAFLw0C8 + OPr32i0Ppdz/fAedkYqqRys1tryQGiq3PeumxQTQQj9OKlkYlPIWLsQkSgRNQrc7 + EuIkm0YT4zpGzcoiQT586GDVsOiEb5yMmOjLqB8BHrSEUQwHL1cZvbGUooFqWX7K + iljdQ9RneaZH7REdJcN9+y15vd17pz8y1e8rd3mh2PGGkoVHyspklYvykzCDoNrS + XgHjMWrj/QCDI+GB02fql1ZFHodIbFPseWNlf3XVW8/lu2m3FDNYEsJCsBeK5OLW + Oti/DyVz2cNdescNEfH0W8OJ2f3C+R07l9FU1x8hjifjd+xURu9z+xrGdHwCYVQ= + =v+tQ + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-05-03T21:25:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ//SwMT8P0+0S2zrf3/ActFB3m3BRUn93t2MdnAYQZRjil4 + nhcw7JpMjxD7Qe3klNHdeBK8DxXlr9ou9KvdnVWr4vdnzTdAiSiM9n5AHOCoRnT0 + rz4A4tTide2kGjmU4nWICAivr1YQqt9c/2D3BL4NAHTy0d4DK88jUe9wcoo8MnPW + nKk2LUr6DCR3+/3d9OJrWNlWrCmmSRfgpbmsGOV+TlKO7EaDTjc3Iz+T9zOaFXVj + /8VLyksQ6OtYnpOsniOsAb0GxiAGoeXayDvIijqesQ6AUf5HDGMcWCQcqMzITYWe + RNKceYd1MU5iSmqbCQ23WVCHMvgwqQJ1hRj9Rj3E4j5QVFzwniwmEK5XIOhvkL8Z + McrJ47zYi+QRx9xyhqczv0W2oX4aLZFW3dJtbpNzUMUmgDYZ+d16Iu3AxsMuOx4D + HovgP8+fy41+VgQvlGJE1pez/xo6muP6TMR8zD/s/eFnZop18bBK2OYW8yd/kp/B + AY9mpq6dDs4IuUBlo5c0YPIfWMWhh4GlaEsbggB/AUsrbJfYMX1MlLiHALAN0+xo + swRp0pPm+7mZmv7LnQCzNUM4rjGhJfzljjFmi+RwSS2h6bXbNqiedRbJbfrYWsCh + P9Ww4PhI9+kKb2PcNa7Ibzd5Ac3RpN1tMVsVzHOa0WhDCR+TkI9wnsGtHPi3CJbS + XgENsQcISscNzddDkTkI5fGogQohsQAQY4UfZDA5QuyFaNLihaWCr9OpUqFMXu+A + tSkVmHBVdYT8jIxO5YHYRieSxE0SEmYJf6+Ckxf2TWMJxWxsvwHgekI+kPR1Byc= + =VkXh + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-05-03T21:25:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ//Uxtqgh64BFkNnCxUvaU0dvhrwuhAfrI2QAgX7Gghky7M + QwY5/HGBs34wCHlIJqV6E8AdXN0VyzhBiKiryaqTSECDXZbFsb+q0VhxWTs4T/G5 + oCvlvOC6rM7XT6puTsIiqjb4YO/8aVbkQCcE3QlwWxQP9DAk6I/Xxc+hTKStiYeC + uqON51LEtE1/pqfmf/K4j5kPLBuRYf5IUaBp5WVs9MMbf/vyN235odT8Z29Nz5kq + DidBkSq7A9Y64rncvvZ4+U3L0HTFcfyiTNOYPL1W45OgPFN4hRU047u/JjP1/vU+ + dLwWNwyYqq7KmEsRu8vi1p636KDios6MDo4n0Ma74APpM/3c8GEVeuz+rY6RoHbK + FzZ9Eswe5otqmfhfLqBGNYW9+RNu3nUD6U45ES5YqNOH9yk4OqrObVMrUh97IpF8 + 876cL+RDqI+KhnW1sgpJ5x+v7XrS12/LnjArBUJtHEsTxDWoAFHuVKJdr895M8+U + 1rMKOzhREbklNNgF33T4ysk6IE7PhGAJn8Wta2B7GfpBGBnzGdi6fvbuf+RtlZi4 + 86LkFNI7iOvVV4uiG02yqxlLsCYt6ww6MZuGLREsNeHLuQkrVfF9aVw/+++3PJan + tIYl/WSLQ2sAjj6uxoXkBciidqFhtlD+4hvRky3enrYW09EeBOZY+4sE16ALCnHS + XgEz/69zcjJK5d3yEdcYeoHRMFVH6haEc48kg3WKlOKQ2HrPS9rKRGSwG8CC4a75 + iw1OBZGFeaacydhq5XzU7QFlRXx7n8oi9zBHKPb0ND8zm13LQF4oTHogkZInmm0= + =Ks/U + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-05-03T21:25:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4HMJd/cQYrVAQ/+MJYZ6RlUXXfn3JFBUMOFMOCR3QYKYyYxFi++34qdw6FP + 56KibbYsAs2yLksHy3XdgFgw9ki3AOFK7zb2Urs36/S/lofK592u+bKK+EYqVwIK + YdDynzaxA46WlRx8zMufEjyUBimAppOwePeaNPeI5+ElsYT+IBYB59xNEDHx0Gql + SzQVj326qkp3J3vYnoV8Srt7MvU+21ysT7eXSFrYP6d7imG4Mc9CuO9Rf4ZzovY3 + ZcIHGGg5B5/34eeVGfAFw+LfSTAcicidXDjSs9baG9jmoZYiJjF/qw4+mYRJ7Cox + CFQmeitar/tAAS8Q/wU9//a4dSupreAIRkA6V6/OsoWli2wY+1fL3TnHeTjskeh+ + BYCTuWqjAXqk/VEHkzgxqEbmJr9wHrUl5BWnaF+Ic1i3Udmm9UdFx6jgja3IbJpy + TlofZx7EhEd2VR29AF4HQV7vjeno+wp8mKJMtaG1gCpxAlaBvpJX8lsH/oDpuYMK + HhFNiI/ytFd5rGsthIImzUqe5eqAnl2+JNS5vxY26JU06uN1kPcPifeV9DqJ86OC + EfwFs3mHAIdiyn2LfA9ESCiqMEBv7NsyIFEve02y+hJZ+G/6x0Ob//AfrhgTOmSt + 2QRA0WMhavJpn3gcnO3OHoHqYzckI315ZLglgPYqP+8Uc8fx6RpA6vXaj7l9aaLS + XgGrtCK2C5MJQX8pMYhOhNWCDcXspLlAJMNFLnBh7ngujttyLCbufx3h37evh8DY + 4PZ70A4TjPbyiHvQWYhVGmYTdS3TmoE5eY0vlmIHABYvKflkdYp9JPLeqqPLxQE= + =Aw8A + -----END PGP MESSAGE----- + fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C + - created_at: "2025-05-03T21:25:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ/8DmSZ5hZ04QC8G4G2P2xsTg+hb6Cu+v2leOwhRNhYQtPa + 9fa8e5Hd7lhLfdDSfABmWZTW34lyzj2MEi4ZFMaNU7zk/iBTfFFWZkOuaSTLHD0J + D28PROIEOVZIjUSqQ1iGT/jRP2fCEsSWexkGJyOrXKUsVi5kSdK8XygG/Hx9uiS5 + JoyjKMgPRNCqjvZdF12Qr+0QrM57CPE8fTy9MauN6M7CTiktQw9bdVc5hjNf4AZt + 8OCwNJLrAiB85iPVrUYO3nxmRETH092N1aw2HPv7/cOCst9jyUAQq3AEFpiaK+PD + 4uM+A+bkX3fOaCpNe1ePAnG/hV/456ZkNW3cR1tkRXXcXROFg4hOdZ2b3Rn4X35Z + xAHahfyOor15vAbmeAUo0ebdaAICmSoYT+JuLEdaE9hRBOfQkehRMvp2qHhYSe7X + 8j/cQP6M9lSPKYy1wATj3ALmLMvab3CCv9Amu3F4JtJLH3bgyWtMhiPWwxgnFRTm + OQgf6mXzRgJnnBJwtwdauSIxD758NyvqJgRq87dsrnUi8rp3fRq34jMVAWnrKVBz + kL4DMfr06mCMFLEG8B4Im4jfy0W3oVCrRrFgfB3HoiTbrnKOdYJ5e+XvlFxgXQ52 + h0WaRnPDQK1kx75nJlF72vr0ZgTWogm0OQUadxU+LiaQkQrcBkTmpjyz16l46O/S + XgGXzsbwjXq3hMptCN2tD65Ryzra1BGLBPyF39UOj6xNaUcfB0Aht/huvTaWUE1x + up3gAnVub2M7PpamJMqAe4vucIuS11+VflWV/zlUFkaqhhlghTEeR7mEt3/1cCU= + =6lrH + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-05-03T21:25:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ/+PbfW/BhAzQ88YgicYVYeqw784T1C2EPbUeBRLJWbKyCL + LXm/coGFBpzebUk26spFK151jWOgUfyFeMqYTAKPntV2w+L/sBsuN+hJ12egIKGi + 5vdwosq+dgo4jPg86kohepmfh4obv3QQ1P9ESmu3UswTCsn7WnRKLscVcPAFd2Wl + m0EaonTQbpW6zPLUJXd+/UnTsj1PrYijazDjUEcfoj5UwQ7vXfzoeNqvkpMzQxFT + mCm4hL4iV0E5av/8eP3jYFxz7S13MPvyN9M5I0lCDAYENrQDvDbaKWCYGNRsG07E + TULw0TXwvP5KtEORR7OAPGlon+1JQ7AM4RpTvsql+dEYq8t6pFrMw12TAKsCR3e/ + vmx12aX6eiBxZfcV/l9ykl+ypNE/YcKMjJxrDo/jeypXrHhEieuT+Otxe5OMh6+o + D1tydz4GKNJVsL97hlAKizs+h7Kg1KLucXVpWWUyowldzHOWA8ffh7uoM5pDk4wO + cYY4ROhy92n9njAzuAJfotTT2Jo/3J9vizlwFEr7F/sHEACIMgU8yJ+yqBiZK+G+ + Dx735M17sWTbPaV7s+fKwGD213c9lNCqLCqMd0udB2cpItKH6leIQ3wkMOCs384a + qs5/zxVorCvMul2iB74mEw3KcbwEuQDS9sJ3G6zXTV05hgx19/qM4IJX0WxkhjPS + XgHiuGDuve1w8W3sfT51/I4YsGonYwQe4lfRgQie7efzySidP85lwcfYcjhhaeqy + /Ly0kISbmO/AkJ/94TRIw39TePjP34tcYJ7B51ZyIyyJqE9LD7U5Cg/zK5KVqSw= + =Pqms + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-05-03T21:25:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAAmHTz9QCo5nl2Mv5vK+yDYrbVgfgWXqD8s0sinylq4f4K + r4U1b8cxGfmsbm+Y3MgvOLja4mHrzAaHdGo4rZWrnGKuhgQ0DNzi3ScDZ3mkTSyS + Nn62K65zjG/JaqS9M2tXyjuSq648jy3o/PnZnMY24H4hpw73EvxLudYyz1DaXQoJ + lhi/k4Nv+cGyVxCXzBklMJ0KW+VPIKQqf6TxqBRrQzPG1BNIWul9S0YJ5hZKvxqj + eEHPetDiQNjAJ9tPsVqXMe+TH3otz0shks5j9PzRGklwcHQjIwZrSwd6Ajs4Y24N + DTqAWH6ZosGERCe7Qp9YInTQ67J3VubYqtzpqDPKsu59+c5CYrhZooPHFOSt4WmD + bfGVdyogsXAfRVq8eAa3ShRVTYN21eUH+qQfwmo8Vw6GKSeeXiBclP20gJvmasKS + ifCLzEV9rhnE4YB2z7wUwOfJL3CFcnd96UqpGvQH6cAJmrKPN9U9pEWRVueMYhnp + ZE2NGu3spAFdEcCtd2Yh+nrAMklLMClvqtyp/HA6jg5pVDNcckBUXs2a/9uc0MNJ + 3RfrWaTuBRa9iEFJ6LHrjdWkRCMg6b2VrjVdrC6OwaV4vUQhc+VFNJGvkZ684K8l + olNX1efLZuVLVCEt9s8CQWktZDkm8hXEc+JLgZa+y7/o+Q2L+ILz2uuFp8nET9LS + XgFJ6Ktg3HSq8d8OYDmmKViYvqc8sazpt9RZybbQWxofCPP9Jum2AtxXsV8EvpIJ + uGMaJTCrwcIzlGXi+kic5EJJ9mR0woJNTMFLJgmm7CnfCQP9OsPb8IYNzvWK9zg= + =jmjo + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-05-03T21:25:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4EEKdYEzV0pAQ/8D9QO1hysKECDBPWs+vuWeaYp6nJL3WyoehsD+5NcUgu5 + n7k6gWdb6qdnX22pG2Y1sXVUbLHpBwGPFmV8yYEz/Wvilu6XbagWOaidIJg4n//t + nIEUXun7592rod636coaLdHF2xrFsh3e1RaTmFI4loOhDKZiiQtnGkFKcaukBJrM + cZwmuJNCT34RAodzWQI1zYbMKz0RSgALVBTcr1uVcdNfU/QCaqt7zYw75NnaTV/i + n5EsKAFcva5H//9lYHSzh38zOpz7eika4q9pBR6AwQ+4qmQEJE2x6cqqKVBAxpJO + aKBvWxxD6xZ5euoKYVdNnESaSrDXbBwJjcaWELhf9zGjJ9lh02rrdNyeRYkoBIGm + Fgc35S7TG0jK0KnNO/Cx0lOSwKZVdS/wAn4G7UFBAi9wvN5dgW/4+5YJ3FvIP+JQ + +WtlhbVuRnytjBoMPXdmhtlMifPqcCCe9tfWzeDshRFkYZYj7fCYahb1RMayckSE + mzL09qD/1NWpvCxahd8klOom3i8UZUsF7/f+MvL/qDDrOQNYUkZZlyXMxK6PtHxD + 8EllsS7LSKEjyOVKUZARaAVa+4xNRPoekgPGb87c33KcaDTHpAdnR4+OAsdrZqdH + m7uDUmFwBl9oUuOSDH5/SzYDwCmzji4fF+RB3y2rN++iMHaoW0cdfrMFJLNh0p/S + XgHytHnTUNQHpcO9DvDOJ/k6CMKEy8pqHsJtA6w4qjDBvxp2+MZvLtaiu0+cdIdn + Pv4/vMcPQ487w1Bai/RSPpFT/mvul2cx+rvGAvSBOJdJ36IqS77XS7q98oqsLXg= + =iE5q + -----END PGP MESSAGE----- + fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA + - created_at: "2025-05-03T21:25:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAplgn1U9MWtBhmrJn4nWktxeHY59U0ksE1XliNX8mr0Mw + 3xD0QuwfaohrhdgX3La+4/OY582zxkSwEP8Jw/JoBOSuEx+HBUreKKPuxO9uHzig + 0l4BPz6xZxRAI202Qajo1H9z32HbS95b05bBUapW50sUAAmNUhXW79guW7PjPeE4 + 1baTqk/BaJEreZshjwlJ92GXqrdbWmsYPRKKMSa1NoZu/uVQYvGXPvtmtE387OAs + =gwSv + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-05-03T21:25:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdApLDqh0CvSd674B/iVxpxBih7clT+mIDyINRGECvxBBgw + Afw8LvDzNDt1SX/xWNqZTYiJOQMq4V5HfSkSMt9mPPbSP9sT0OAHNN2dW/wZh2ZQ + 0lgBl47uynaVtrGVFU6ztl1YspN5OirXNIV/QqQIui/iaeeEdY8M/O7Blw2riktx + swLDw0o3UQTa76cCcBY0bLv0Vv8zdjKTSP5nBhMDS0pNxkKCuTqXCYkr + =VCUK + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-05-03T21:25:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAiYsQ5CFabAY1WYopL7Q14NoAdQmo41mCMK7VwObHTwRP + 7fIc2ug1UvunZsHSnC+IX6L9FXR8SUqFg4P9sWRPnnId/lI23zkBDCYuwCy2F/qa + e/GEh4Eha3OSd/ljZADddAIn+mjb6nc2YU/DvLg60h3A317RZassGavSFxYdPmKi + mfGVdnM8d4fnBIVaaUBjMVgiiTZnp1JGsaSewGkAie5qbhsqM4DT/se2RoNHmRjk + hZw8UNi2gPm27er9q3iBvEe/TKr6diA/ELWzNBXZS9uhOqKAlUKsHMNx9t/aLGXV + zSuyM0KuIMX61isHPXvKv1majyjGJ52UIfoUJ29FL9XmRbW2AUjmJnJ0AF8tpUrC + 6mqrzKTouOdmAdLmlPnZKlzt32AzkAlg97u1tllWUJstYndl2IwJ69BMaDhQVVgp + 6LkxUw5gmgCyj6hjDNjX98IhacGMYBhjjJ39Z+3AGlhuAegN91MGaE3TIrPjmx/H + KAXEC5Wv/yp5ezz2FtY41e5selMKcMgn8OuOvdyQZ0wWfqebLd3LMRis3hV04a8u + FzfkGo1jG5FWJQj0Nlc9mdgh6mLO43LKdq3Y6P/2pJ/Xdh3/tm1vzY3VOxtuelBO + NcB3lYB8ukouKH8yx3LvnB0oD3EsQC0/Uq8HUx4B75Mi7xnG2uo0sR05ALTLMePU + aAEJAhCqABkvXA7TWGsj9ohR+1d+6A47/6drox/KI/axPWoSFb/9SfPoSQR8U1Rp + NNrUA9GRUEFAsAzU7PaUYL5ZjF7uHN0MbZL7XI1X7qWz8I6qVYtuJAjBTdaKen3N + pRg6v53Ytj/L + =yFV4 + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.9.4