CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 1 Wiki Activity Actions

Compare commits

base: CCCHH:01c006ec22037bcb2ef94155bc8f62f960a05773
Branches Tags
CCCHH:main
CCCHH:feature/add-new-router
CCCHH:router-killing-turing
CCCHH:fux-alerts
CCCHH:ansible_pull
CCCHH:move_to_sops
...
compare: CCCHH:37e8782a0b52a0e28c65c28a26e755ffb6e091db
Branches Tags
CCCHH:feature/add-new-router
CCCHH:router-killing-turing
CCCHH:main
CCCHH:fux-alerts
CCCHH:ansible_pull
CCCHH:move_to_sops

3 commits
01c006ec22 ... 37e8782a0b

Author SHA1 Message Date
June
37e8782a0b
 		keycloak(host): move secrets to SOPS
Some checks failed
/ Ansible Lint (push) Failing after 1m53s
Details
2025-05-03 21:53:40 +02:00
June
d63092cfe8
 		cloud(host): remove unused config.php.j2 2025-05-03 21:32:22 +02:00
June
8de07c2688
 		cloud(host): move secrets to SOPS 2025-05-03 21:30:06 +02:00
7 changed files with 552 additions and 109 deletions
Download patch file Download diff file Expand all files Collapse all files

61
.sops.yaml Normal file
View file

@ -0,0 +1,61 @@
keys:
- &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70
- &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505
- &admin_gpg_june 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
- &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- &admin_gpg_max 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
- &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB
- &admin_gpg_lilly D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- &admin_gpg_langoor 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
creation_rules:
- path_regex: resources/chaosknoten/cloud/.*
key_groups:
- pgp:
- *admin_gpg_djerun
- *admin_gpg_stb
- *admin_gpg_jtbx
- *admin_gpg_yuri
- *admin_gpg_june
- *admin_gpg_haegar
- *admin_gpg_dario
- *admin_gpg_echtnurich
- *admin_gpg_max
- *admin_gpg_c6ristian
- *admin_gpg_lilly
- *admin_gpg_langoor
- path_regex: resources/chaosknoten/keycloak/.*
key_groups:
- pgp:
- *admin_gpg_djerun
- *admin_gpg_stb
- *admin_gpg_jtbx
- *admin_gpg_yuri
- *admin_gpg_june
- *admin_gpg_haegar
- *admin_gpg_dario
- *admin_gpg_echtnurich
- *admin_gpg_max
- *admin_gpg_c6ristian
- *admin_gpg_lilly
- *admin_gpg_langoor
- key_groups:
- pgp:
- *admin_gpg_djerun
- *admin_gpg_stb
- *admin_gpg_jtbx
- *admin_gpg_yuri
- *admin_gpg_june
- *admin_gpg_haegar
- *admin_gpg_dario
- *admin_gpg_echtnurich
- *admin_gpg_max
- *admin_gpg_c6ristian
- *admin_gpg_lilly
- *admin_gpg_langoor
stores:
yaml:
indent: 2

4
inventories/chaosknoten/host_vars/cloud.yaml
View file

@ -2,10 +2,10 @@ nextcloud__version: 30
nextcloud__postgres_version: 15.9
nextcloud__fqdn: cloud.hamburg.ccc.de
nextcloud__data_dir: /data/nextcloud
nextcloud__admin_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/admin', create=false, missing='error') }}"
nextcloud__admin_password: "{{ lookup('community.sops.sops', 'resources/chaosknoten/cloud/secrets.yaml', extract='[\"admin\"]') }}"
nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}"
nextcloud__use_custom_new_user_skeleton: true
nextcloud__custom_new_user_skeleton_directory: "resources/chaosknoten/cloud/nextcloud/new_user_skeleton_directory/"
nextcloud__postgres_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/DB_PASSWORD', create=false, missing='error') }}"
nextcloud__postgres_password: "{{ lookup('community.sops.sops', 'resources/chaosknoten/cloud/secrets.yaml', extract='[\"DB_PASSWORD\"]') }}"
nextcloud__proxy_protocol_reverse_proxy_ip: 172.31.17.140
nextcloud__certbot_acme_account_email_address: le-admin@hamburg.ccc.de

98
resources/chaosknoten/cloud/nextcloud/config.php.j2
View file

@ -1,98 +0,0 @@
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'instanceid' => 'oc9uqhr7buka',
'passwordsalt' => 'SK2vmQeTEHrkkwx9K+hC1WX33lPJDs',
'secret' => '3dBt5THD2ehg0yWdVDAvMmsY8yLtrfk/gE560lkMqYqgh6lu',
'trusted_domains' =>
array (
0 => 'cloud.hamburg.ccc.de',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '25.0.9.2',
'overwrite.cli.url' => 'https://cloud.hamburg.ccc.de',
'dbname' => 'nextcloud',
'dbhost' => 'database',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => 'TdBLMQQeKbz1zab3sySUsGxo3',
'installed' => true,
// Some Nextcloud options that might make sense here
'allow_user_to_change_display_name' => false,
'lost_password_link' => 'disabled',
// URL of provider. All other URLs are auto-discovered from .well-known
'oidc_login_provider_url' => 'https://id.ccchh.net/realms/ccchh',
// Client ID and secret registered with the provider
'oidc_login_client_id' => 'cloud',
'oidc_login_client_secret' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/kc-client-secret", create=false, missing="error") }}',
// Automatically redirect the login page to the provider
'oidc_login_auto_redirect' => true,
// Redirect to this page after logging out the user
//'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
// If set to true the user will be redirected to the
// logout endpoint of the OIDC provider after logout
// in Nextcloud. After successfull logout the OIDC
// provider will redirect back to 'oidc_login_logout_url' (MUST be set).
'oidc_login_end_session_redirect' => true,
// Quota to assign if no quota is specified in the OIDC response (bytes)
//
// NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to
// zero or -1 or ''.
'oidc_login_default_quota' => '1000000000',
// Login button text
'oidc_login_button_text' => 'Log in via id.ccchh.net',
// Hide the NextCloud password change form.
'oidc_login_hide_password_form' => false,
// Use ID Token instead of UserInfo
'oidc_login_use_id_token' => false,
'oidc_login_attributes' => array (
'id' => 'preferred_username',
'name' => 'name',
'mail' => 'email',
'quota' => 'ownCloudQuota',
'home' => 'homeDirectory',
'ldap_uid' => 'uid',
'groups' => 'ownCloudGroups',
'login_filter' => 'realm_access_roles',
'photoURL' => 'picture',
'is_admin' => 'ownCloudAdmin',
),
// Default group to add users to (optional, defaults to nothing)
//'oidc_login_default_group' => 'oidc',
'oidc_login_filter_allowed_values' => null,
// Set OpenID Connect scope
'oidc_login_scope' => 'openid profile',
// The `id` attribute in `oidc_login_attributes` must return the
// "Internal Username" (see expert settings in LDAP integration)
'oidc_login_proxy_ldap' => false,
// Fallback to direct login if login from OIDC fails
// Note that no error message will be displayed if enabled
'oidc_login_disable_registration' => false,
//'oidc_login_redir_fallback' => false,
// If you get your groups from the oidc_login_attributes, you might want
// to create them if they are not already existing, Default is `false`.
'oidc_create_groups' => true,
// Enable use of WebDAV via OIDC bearer token.
'oidc_login_webdav_enabled' => true,
// Enable authentication with user/password for DAV clients that do not
// support token authentication (e.g. DAVx⁵)
'oidc_login_password_authentication' => false,
);

2
resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
View file

@ -11,7 +11,7 @@ $CONFIG = array (
'mail_smtpname' => 'no-reply@cloud.hamburg.ccc.de',
'mail_from_address' => 'no-reply',
'mail_domain' => 'cloud.hamburg.ccc.de',
'mail_smtppassword' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/smtp_password", create=false, missing="error") }}',
'mail_smtppassword' => '{{ lookup("community.sops.sops", "resources/chaosknoten/cloud/secrets.yaml", extract="[\'smtp_password\']") }}',
'mail_smtpdebug' => true,
'maintenance_window_start' => 1,
);

238
resources/chaosknoten/cloud/secrets.yaml Normal file
View file

@ -0,0 +1,238 @@
admin: ENC[AES256_GCM,data:zIcGTqSicvQXJE6FAk/HLQbIMzAHWdTfLDb0AGEu9bN2+V3Rb8ujjGpiDhIbPtsc/z1Z9i6Mk7I4tQUl7ErF+w==,iv:tRKbXdpLKfT6N+8QNY4N3nennRBtVjUTtC+BCoPOXxE=,tag:vCZZaISD7hFmQnn9FJ8LXQ==,type:str]
DB_PASSWORD: ENC[AES256_GCM,data:j07CqdB9vEPY/7mSIIxfRLKA1YOSoqgbt3pw2EgwyO1oua3r40NvRLY6VI0CXmcOXOedm7/lX5mwA3cZ15pBhw==,iv:+llV+OR4leYx6KyIRIadhbcypibfYKFFEmlftAl4MlM=,tag:6cd+8/IR16ypE09UDvI9/w==,type:str]
smtp_password: ENC[AES256_GCM,data:VFhGRV5Jg19UTgm5mzzF1gcw2yyeS28BPuIQZaH2nYbyQGbxcOJ/YIaYbCXufoLOFLgUGJP+lHjZEs4fWuj2SA==,iv:SiUpLXthEF0UlJGCK+Q9cVH1BXnDtN9l8ZY7SeGU9KE=,tag:OmO7BcMH/eGrCOx0z4lQzA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2025-05-03T19:16:51Z"
mac: ENC[AES256_GCM,data:j1QfgIDBR4seyC988SkCODR21AhqtBQaLLD9RV10hnqclgaByeoVJ7zdDUR4G41lhL9tbOKUy4FpOIQQp+kYBztu158cO1DtEU5WNUSV5GlRjuFRgVTCYZwJLq2uDpINMhfiC62MqxEjk4i8MI4szNK1P5rCqBvnz8f5gaUrTtY=,iv:EDtJbXOsXE/Z6DYi6dQXzZSflQUJN+TaqKiAXFXz6Qo=,tag:2Uu57dsB6+vVSZBZwB2lIA==,type:str]
pgp:
- created_at: "2025-05-03T19:03:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtAQ//TYjfG4qAhFwZwvWrQiIiNc+Qk7WqZ6I9fsvzhnRPMsqd
CO2y99ht1mXF0fGs5MuBtcml0OHr9kbfKWmf+1JwNEkzFdYeK6YvppI5fpIVgah6
DxUAGQ+cquTtUM3E8XKIsXIVRMkrkJdzVYB5hxwV8qjBUAh5tuXg6Fwizpj4UGuX
hF9TMYobvt4EanLDiAvMpo3oe2vjGBpkns3BpXX9oSq5hExlqLivifRHpJvp1j5U
fTwrYqYPXY6mM1RBP0nBSyJb8sQlg/7qrOPQb8Y5/ryWs75JA6zVTpd3fe+t8pmV
Uncwewh8fujrhPkLdvjSRc0/9uWf8YcohL6Oy4lgGffwPIMyhlAaXi4ym/dtM9td
8Z/sI7LQ3iIIPOAY++MOQvhmtD4AQkNJM9WUcA0n3fHvVVnNhVWHFO6J8FzH6q/u
pDWhCK/WH5pTyreI0ngyeSXC3Mwq8yAMbjlhvZktZwmYCKrp3CWgqanZVPKHx4aK
wO+JPMkcr86mj6/sWbRq3pqJCMZw5NBPxrdym3n1suthmMUOvnZulQt4RgWLoOrx
6wDVdH3Wv0j1yjuY3QdMZqOKECFhHDRuI162PV+kzGYwrcbzQlmNQgqK2ZhR1B7k
wJziWgwynZ36AoPi6Fi+rA5CIPtVSlK6yr/1We4yciFic/RfmAVwWpMkORwOCBPU
ZgEJAhBpgdpYmO2MdE3vLc7S1Ft9YhAOCzgGHYcjULa0lrA7K1xpDNkxEzotkiu1
+/uFrHU7bS22bcOFD/l6dO1TzA1ViPLo1BZ2xmKToTq8cIzLjDrqo2sYHOqYtaSC
Gees+Y4xng==
=VeG9
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-05-03T19:03:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ//e05aLr6OZAOyi1MM/lGZ19QCBztJiaMWVL/BY7r3/d9f
m1BTAgUZNgSROHDgkH8uuXqWHIadfIao6gUFKIzLsrwPfuUC+DyNxyE/NQYvv0R2
k/IgXAuop1P2+thm13rVmI7G3yjGD2NOkQzp6LlMECfImts0QZqrfEUXd/P+WyCE
2ooCyeDstd+SgjBTHd+o0sGtc084XtpnfX4Qw7KGwuaT+cUkKXbdPqzxug+JpJcc
BFK5F0MbrEa/wA1vAfyIDuZw0Zy3fGGO9wASJoc2ChFb/BphOIVsqbM2zNB63XDS
ImnwyCpDmyxcBon8lDTlkd941V+YXzSf2cnyV//o7oLjFVQltrvu7pGhUrQ99lAU
0Ayn8jiAtyUenHOH2gsXdfGgg45lGf4Eusn4XaCxwSKoG1BCQZwR/tVnFBeSKkbJ
75tOl7UIs+bkLx5LWB1ozbTrhuOymR4h1BUbx3VL7Th5K+ChHs1w90xJWDP1dmEr
+euiIaNY7OPfzNFZpNHJb4SQdtXzeK9fSV8N1c5G+BxBIpAqsVUWkXqVXiVwKjS2
BJ99QhpmDFoCy2d3O57mYM09HgWXbekFR0VckL/8RVVpHfdnQcauXEMrpl3AHCfe
DK3fDucO/+MUQ+lnyDaoRjJfjsM7PQc16JnzolEeOLMbKit+KAjMC9EfvM8GobHS
XAGQHdTiHz1ppYhBZM/RlFG25W09yKA3m2pcYkbjcB4d1fu4lR8s/PhFT+5HVZa+
UcnKDr3Kx517Pgg6Snq/7zdMqnIe3q0l/0Fs0oLjL57JoxSTELp6jqORXs7M
=vOAi
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-05-03T19:03:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJAQ/9GWEYkbX/xjrCqZfmxA+V0LjdDevDXKaII0j9vga28WIU
Qg9AeLpvvgQRwJvZXZuCFI9ujmvpFePP4OgLkmh+6hx3dHY3COzT4i4iEH1GbxEy
grGXSJaynPB2ONvaZbIt+FwNig0alCiMPQhzLnIS+hmnSYbHFPqKGdqfqryj1xjI
JhirzLV/SYIAo4Tqgr/uyq7Ef4JAtydh7TWrqbdNQKeoB5Zu1uU+gVHagsF9mGCV
49x8K8EiyMcgXtYk0UTN4Q0iWArDtnM2x2/b2PJ6H3yw7pmdE+MPzGdtRr4t2zAI
dF+h6PdprcHKrQa8moy0KSCm+zcSkL0vxUP8+X3WUTS1VUCsn6l/kk+4rM49izqP
dvmQldGSHOdPG+P2dAS68p/Sq9PhsYZEGKub+nREyQI0AW3yVpWVCbWIiwEWnQOP
NGKIRGBdY192oNvb/3ul3uNi/qcKFgrP4+ue5KAmJgkObFTss8OGYfEMQ0dncGV4
UW9Iw7Xo8e10NPm8PpLySY68pGMpgFrWM/Ns+ifCfEaTVSezXYRLHy5XfBBoQFN8
RJ/S0+8P3/HRyH6q/vbFkWrHhb95KwxRLXz5qb2yoy2/5z6+dgSKY51972Zujxjb
GklVDqPrcgCLqlApfw2yJwSe60pMbE2CxEFzAmWLfGpuvyOhpWOT5jcG8F2HipnS
XAFUK/+WAcOdJhmSRZt5aX33jJ1uJXQoxcbAvxdR+4TZxmbPjSLMnZGs9qfMhtvF
EU9WjE3elMQ60mKBEoBFPudSNsfGblS3YT6K8b4Wij/CTb0ROGXH51ZCTa4k
=PW2U
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-05-03T19:03:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ//e6SuBK20zjqoSGLhf5JzocXFYD2TxIDyCAOmoK8kM/SR
MPaDWdITHXWZS6o32KExCBYUeOIzUZDcgW/BqNZLsyDfFzgtdYY7j5Yy2+/ezakW
1PCY5MoqjZq0x4MMKD3TqQqHHsLLS3lPYeRWgFbFTZVMriixO9GqlM7D0MAmSEL5
WbDdR4wzQNhsVuMZlF/1Rq/fQH0UCjJZ43VnlOi/2MSA+RE5pqSA4BE5IPUBgVx8
n9b5asY5bG9N9RmpaOveF9AXh6x8QiPC2br14b642Ccj6GVGBgBtIyx60KdSALfH
8twZlau8Z+vAFnGQ09K3fL9AapE1RVRSzu2ndZ8fskAWxzP+N3+oj97JYbaXYvb3
IAHfQkB/N2EV1b2bGv3j8O6gMKjJG24QCJgmd8/AIVbWzBOzfF6SK3KC0hI31VmS
RrmZBZlYX/cnLGYK40myYAMU93/9R0DyhWSC2N9SVS7Jy6GW1u/aHyd4OdRXtaqi
ORhgiQ05gTS1oF3zLB8/7Y/bo1mpTOUPpGQ7mQPaToV/aAI6UYJGhR4EFZBHqz4v
dHO6Sq/yDvYSYasmP3a/TysEohkwnKe3/TSnGrMYVdWNX/tAGWqZSUrsWaTDtTT9
2QiTZftGTkRFH7SF5DkrbRMmSz8rQHrR8mtoEMtUbMAX9yRDSCHw9CRcfh49dL/S
XAFK9g7uSY/HllvPHu9V6uvQfbKNqoYmpbdw4egKsYXKVsSecL5V2mvvgNABbbA+
7Ma79aZ5KRPtmUONfpkeIjyzhnZXNpSn+nnpZBIMXGbwiaiq5Z8WFBBaaF4i
=ZmSP
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-05-03T19:03:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA4HMJd/cQYrVARAAr/V8Ox5vGayrWZmtSIpz0yzv8BudAQDZscQGUr/PD6d+
TFA5aNPyPgCbVepLLWNkE+4YmmkBlxfAKS1b9wIhI3MvtFIKysTHxjqJde2QAntZ
LdC2Nv2O1xVqQ1x22iQkNVoipLwc6OSbwLs1EC7Od6yCX4Mxk9wDjhixXnjeFkb2
BTqUsT0toRu6ZtIpjELHMtPCj73pHa2ILIRuWM3H3V3KkUr/InYx3ewCihv4AqC4
CmkH9CO1abdskPF298f6dlTG6DCnV9jVO+AuuiiT1yXE9zCrVlX+ACTugL+vpG/k
utFq2gSbgIj/vnw1T5yE8RDRrDJGwWGr5lfoXJfhr1owEt7ddRV1mS9EQBzCpvcs
YTM9an9nxIv5ffktu7qW8st+qVoqWKANxJZeXkidZxhLGchSgeMtRmnz5tFfVwws
Og47L48Z+26aBVOLWy2AIzZHakdbyBY4JoXNAtUQrtRPicx0uUJbSGEXCqjcOFUr
kW4f1iYQAuJwazxrEhKhviO2vV8uGDxzyBzFrij0nd+WAJTjQrpvjWaxzs/IToeA
nQvMerKx3L9QyQ0FQQFqJuWgcYpjeCFsqija5WxVUlgDk1iDDZudZUbJ0PbeemsV
TJ4adxzdhQb6YVRRWVdTDld7ZPyPMULYmjyR8oeaswE1X8JtyuNssO1WlYvz2r3S
XAGhFT8CeuR5FJHYmHwptfKFmRahkLQRKzl8HCly0onUIO5dSXtO1sqUy/KCq629
b58PjTcdwv9Nc/VyoTbH17NEicwkH+r6j+lztBDPvbJsKnxG2G+en57xZPWQ
=iLLW
-----END PGP MESSAGE-----
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
- created_at: "2025-05-03T19:03:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fAQ//TiP3FUYVgg4Z2gQ90Oq+lXTvfAytKlPioLCqTJNmj0FS
SxQ4WIl1xgOTy5DdorbwnFYlZRwFedcfeQGIJ6c/lz8Od7ab5goH4NP18OZi1tkP
9VdqlZL/7rnAT/OBeygiO95WlrWs7KCvmdIMrB3eQQY9EJP3ZXTbkJyM2vQSuJFC
y7noAb7BxApAjcmWW98ua8l5oyKh1O/DBnbsQ2lQwWtvxVW507gp8oqJgnD9xrCR
jV5Uc7ZYxaXKNk4WEDvESVb9n5FTwL+yhW4yGLeEracONI0SSI2lcsdSbWkM7GGr
6S51YkObJX7GH4BTPGpy9+A7VOeeKi83XZFgaaiiUA4NcDOg4270znHaF40C8cP4
GIMu+WbNjl2ABbudGw7BlYb9dposlEkVY0Ce2ZDAQd3w5toGnkVGi5jIG2xNoFf+
yNG4fNo2H6giDLuw3ucauB+qNgS2CWbUeTXIbt6g9PmILY2s6OuBq9m2o6GmAPPQ
PRLtiMnFCdivzQCkqRdNDSRAsNR5QI95NFC+258hTEmk2sUk89TqXgFccobX9IYp
BMaIVnVtI+iCa3RQgKM0OUUDwnA1W9XVEaQ5zFjjfg0RY8JT1xSgTnTc4OiFODC5
rz3C6CKyh6B4SxNjVod6Nb3jNPDT68lfkf9ua+mB+TknuK3Ov16FWmCCsTGNiXHS
XAFAZjJvHeHoZ5yjhBVpQJ5bdOOj1kuqtZzKzVWMnLQiXB+XKfxVG+d2kmmCCyeT
clK0T7IL5NgJ0b/d0+1w7G++k4xSyy9Cg8jev60HJtny1LDB7AqU78+6mWAo
=1sdi
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-05-03T19:03:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ//XkFf/JdcWreU54lrAcgJIpA/DPuflYX0bzPTgGish6aE
cOdKTppl1o0yOgsxZ/0C7tjWMevM8F8gHqqfDD1YrLerrkDtvCKw+s/UgpqGIS7D
SzalYJ3l2Sppmbum2VDqIZvhxF2U6DKB475ZMsNqangCjzcjOf4PBrxSIw51s4uE
nFDYWfaAh1VYyRB681+VUHSdCITCIfXXq+8jdJAagrA707Eix+9WM60oqv6jI+d/
TCCHufafonXnR728LxdSwBELZF9jb9NGgeG/7DlWxmV1gcqy9o1Rzv9cICtcDxKv
t1fORQ6tztNVrSUGRXAiGa3AexJYeNnIaK8q3kzUaNqY68TOu6wyNdOEEpeyynJU
dNytPUzZ4e5vhP4SxBsenMhekLcLt98eDGQP/iLRbfDhiBjF4PawqOIeCQbJ6OgF
KXJle5gVuhakTaIuTp9QZb8rlWiffv/cOKlqGydUjeM6fq8Zgm6e1vjcbwQNj1mX
8T+KhgyUtaUUQPC1qm3LRom4SIM4mjgzH4SQCI9M0At7X12OjId/o6GsE62DU7C3
ZWywYXH3JIGDCmgG0CQEZrh2Mv+1M8Mp1rZkDahj39ls9gp3reXI2W1+bxdgBTqy
4qxZGZNW0XgyaSwTbPR+z85ac/RE+oYKSmbpi8jstdLndIXtL2ipr4G8w9kzGjvS
XAEE5Ml/lMJDHAJhMTtZgGoh10j/gS8EexwQobzZqiMeboNpt0r+B4OJSbs0WXJV
oq5c/B2PMghcN4cnFIlesJl2AGry7mI8lq6bnhzRZjIN5KH54e2xBCVdhAs4
=2EQ3
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-05-03T19:03:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ//RTa3TiqaH6qkdZDuplbP8l7OsNSmvuk3R/vgiGq0Jp2y
V3GT+1DuwpauG2IXDL9b36DiZLKX7+ugHnQ1DuSYsq78m4XCVBeIJkaN+2A9K+gi
LwjRAxidQ5wONKqG6L4ZLConW8fnvuyAi2KDK76B7TcH/Ir+QTX9xg2Tm+vJT9Vv
o0ZDrNnaY5LMvFFIzN+9wqiBnekw2EHFOYBJTpeqT8zkkvLb3Daoplpr4Uz/fdbR
hlPP9JyI8TFB3PpMEF84+2lys2ob4halzGW41A9+9zFiPcz1mzL+ftRKFqU8Sd3x
EBbiu/6xVycWnySAMiX0p/A+p+3pzMJ40/OJHC9P/HxdbFFTvpGzL95qHHu1aDTW
vlQza3qQTk7konQiPAqZpv2fAteXCZeqhKgm8aowevbzCeGZwNYaN0yQqyROEE7V
z702pOsize5aRsGWlxhtzrfpHVlJ/yxbg3J4vv2WAycGYmvH3Z0AJxClML/KmuO3
W4umyrMQrmMMOhSByp3EkrPH2SXs6EObRoUwCaA82oJCcvNnEayRBf5KkX+FWqMY
ssVECN1VX6sZFYH05ZGZ+RSpzNJrIFZPx+DrbmcUQBgvOBqIsWiaM4dNpCwRVuKo
GhwuxdEKipcyPlsp274qwXCoKPGyjZxfcTg37naq0LlU+4VCYNGzuEijegH0e+HS
XAFxXl4qoEaPAHYqMADJXOOkYGcnNUET8CwmIzuqLWrE5uHgKoX9cBrCN91jEFxb
KH5dT4ysfagFkEWf5sNjBYcuxiYIP3e8BbKk2lG8DvZJgWox7qyvKIo5oKcD
=gXdn
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-05-03T19:03:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA4EEKdYEzV0pAQ/+LiEI5eSEGrABofjDaIKiROJrC7XKLzVWPJ33mxxVwGsC
5mtjnZNQDHa2RiN775zLKOZmLvrKGCNHnfCHtcax0uaYTNeUVn0Mnq+UxYwTPXUb
1VIX6ivCI5HNd2voqM965riflOBOZbRsDK2dGodl4tMdO4zKwxJ3wDMhVJ3Po0rg
UseEnsgXKP1CA+lGoYfNqoL2rstr6CNLcb6dZ9kekX1jm5ZegH7Xsevf3ZbVDDMS
C+l4UijpngfsgyZ04cj8DEQuCZy90GQxkJAl5NWqcJ+recZkYlL+B5eLA4eIPt6u
cPSdjPnzylT81b/cUsV1NUX8vNU5W/i2Nk4eTy1U5ErsDEmp1q1c3XioHO5h0fbZ
k1F10gRjtljnlDyUv4U/5JdLz4h9/B2SvbWZT977RUpNDcLtuL1ePTs0jrOcTJsq
tVlbAYJ4iUtMdUhVyftCQUo70Lx5VNufg/TbKTC/TWSSRl0DIdDa9adfedlv7+7o
r5nXitAIMcT+2nkPeW9060G9Vr0ht/7tHcMNBrLuXLNzIaQSwl3+cmC9CsTtthdB
0+tcuZJ/w2WZJWX9U6ubJ1vWYdlS8PAEGt0XuiBnYO/CnyT8PrGMtJfDqzt7A1yt
jADGGXq9QF96xki2jPo35TommATNAJsFi7d6NjGOKcFhwPiDxiZ7G0V0BiD0WILS
XAF0B0GQDPebknXCpeqs3aDSBtg2bvCLiK7l28xs1hWZddt5hCTpzEP3zL4lDrGE
9+SSHG8sJ03iG/zGuo1OsDOPeLwHbdKoY7PJKgVOg+R3+OaWhIzx2cbW2qeV
=v5rS
-----END PGP MESSAGE-----
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
- created_at: "2025-05-03T19:03:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAAAWAZzuozJo/9XnH+sEbE8ebyKgBi5ohKDVZOlMtCTQw
oeNOyUBour0BEfJTd1MdrUOBOP8aEL/RpNxNXLJnuo/ZW9Cm/sYr5EtxH1OEuZeA
0lwBeaaV1bGtTACOlttrysmmNGWu05AEigvWSjW4X0oerU/3C8B1f/6HNcCeE4FV
Xn4MKaTZfqGrS+r3PrtyY5i0odIpMQ9BrlUhld4zZQteiCb0FYIU9p9T3trrtw==
=37ry
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-05-03T19:03:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAwqo3P8q8n8cVeO8pN3QiqJCHK0R2cR7F6g4CBoXL+HIw
pat6LL4iuoKRlKzGNFhhfcJ8ZGu7b2kXLNzMcN8YU/8Bbw3uym14x6o4M3MOUnpz
0lYBGEn/qi8JfNT9anDVH2NoJGD4sVgThagLjOM/lgXAGupXQeL8N2VH7q7aXBVB
amtNYqrr4FKYSTOTOF46BXVwNVQkNxeL6I7FuaRu5/B3MG3xZmHb3Q==
=KxpX
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-05-03T19:03:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+AQ/+OW6ZL2OKIFgYinYC8LFwR1S01FTlssJSNAmbA1AWS97a
eZnf6H7JQMvz1YfLeX4bS57Gip21OCdX+sTVsj9+8bKyBEXI8lqDS+W0QtWhZy7F
xHLiEcMuv17w0Yg30UszMNaO3MCtfYrJpOiPQ5jYnfraigr7TmCja7i3ySUak8jh
16RVF4mcDJKaDb4elCqQgAU3BLaQbIBAV9l0NcdkIN5HgwZCCfAVFXI6KfkIQ2/4
kow5wg8TO+5OMb3gVE6YO1ntFoV13qkAUvldH2pR8yjnOgZUgMkOpX3JdG95S5y/
+ItZQ4B2skUPu8dp4xLHoy5eiFgOiI4lKoFNknB0Mh4f1Wuhn+KHnWnnWuEdYBWe
OQxyvGbZTz2axeuN7zonS6GADzd+/jNFiaWYdaQ7htMiaD2cE1zH8MJMJRHTzZmU
0ifH0Y+9+lKsqVwvoRDrd2pQnsjnA+saRAfXqluos2fGCMOVwIXju6rsu4lkUlsD
RuFQ6fEq1SyuyeoKMeMtahAJO0NW0DSpxMm2DCrX/HaO4adIegosVznvpqFKUbBX
e9jAp9B8xeWbTt8c6TT9U5XW+GXcPx0RG/lxRKjXQRhwd2UrvUW731scODnFLSqu
BFgqUByk2iSEoonZAoAS6gjvC9NAMEuLwWvdUejFbAx1ddknNI2YuoRcHrHnWjvU
ZgEJAhCkTMPYO7Q0V9nRMne6vajbSvXDfR/GwRLez3qRPoTnMpgZO0hpclqerJ5T
Qel10f8aMLupwPp4n+0khXyIZ+XYxTRdeR/zhvklYe0f2XljXndMFlEFA05vJ8ce
2theaH7hmA==
=IwH6
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.9.4

16
resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
View file

@ -32,11 +32,11 @@ services:
- keycloak
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['KEYCLOAK_ADMIN_PASSWORD']") }}
KC_DB: postgres
KC_DB_URL_HOST: db
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
KC_DB_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['KC_DB_PASSWORD']") }}
KC_HOSTNAME: https://id.hamburg.ccc.de
KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
@ -54,7 +54,7 @@ services:
- "./database:/var/lib/postgresql/data"
environment:
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
POSTGRES_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['POSTGRES_PASSWORD']") }}
POSTGRES_DB: keycloak
id-invite-web:
@ -76,10 +76,10 @@ services:
- "IDINVITE_URL=https://invite.hamburg.ccc.de"
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
- "IDINVITE_VALID_HOURS=50"
- "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}"
- "IDINVITE_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_TOKEN_SECRET']") }}"
- "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
- "IDINVITE_CLIENT_ID=id-invite"
- "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
- "IDINVITE_CLIENT_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_CLIENT_SECRET']") }}"
- "MAIL_FROM=no-reply@hamburg.ccc.de"
- "BOTTLE_HOST=0.0.0.0"
@ -96,7 +96,7 @@ services:
- "MAIL_FROM=no-reply@id.hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
- "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}"
- "SMTP_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['NO_REPLY_SMTP']") }}"
id-invite-keycloak:
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
@ -107,10 +107,10 @@ services:
environment:
- "BOTTLE_HOST=0.0.0.0"
- "IDINVITE_CLIENT_ID=id-invite"
- "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
- "IDINVITE_CLIENT_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_CLIENT_SECRET']") }}"
- "KEYCLOAK_API_URL=http://keycloak:8080"
- "KEYCLOAK_API_USERNAME=id-invite"
- "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}"
- "KEYCLOAK_API_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_ADMIN_PASSWORD']") }}"
- "KEYCLOAK_API_REALM=ccchh"
- 'KEYCLOAK_GROUPS=["user"]'

242
resources/chaosknoten/keycloak/secrets.yaml Normal file
View file

@ -0,0 +1,242 @@
KEYCLOAK_ADMIN_PASSWORD: ENC[AES256_GCM,data:ifiyV0ywHLiYIZfgo3LBsDu//d5B2ZKyysnUtXCXR6hGWJxQwM4ly/XglERsRNRwZtzWkndpLfXWxlMheZJoMA==,iv:YEjrBPoeqQayEd4rNSNpD6Yw0jgQsOQyRpDkv8RKiEk=,tag:KHf6eaeGZSuBipAPKBkB8Q==,type:str]
KC_DB_PASSWORD: ENC[AES256_GCM,data:h4v+6xLolQN2xWEKTZvrucvqFCUtqnDoSaoNfsXnktyXR5/vjjvqshpsyu6xGA9V2V3RX7BGk1nX9eooo4362A==,iv:Gvvz+r/gNEMAD0xJdXzNQpkhmwOY/70NQXYtJX8CkJA=,tag:0cj4qsTlYsZn7bz4NZDp4w==,type:str]
POSTGRES_PASSWORD: ENC[AES256_GCM,data:ihYTt9hd6RJNtWEtav5Cbzz8m/qUIw8WGTwMcU98f5wkYrMTd5HUjRjiWqcx8OaamiCnL6p8u9BBEerCeqeq2g==,iv:4F/sKKzaRiIN47M1a+gGhGMiexNp5x5l7UtPasbWmCg=,tag:3QsaYllKdkPyjiX37yICUQ==,type:str]
IDINVITE_TOKEN_SECRET: ENC[AES256_GCM,data:ZtUiwOAUST+QmR6I6ZSJ4GoV5qWvcIwZ7w==,iv:1XMYhMInEA5pn6PajQ1GToS4kCUAH6PGZOAA0AZAQEo=,tag:xBbGgvJZzSaNjJI/QKhUig==,type:str]
IDINVITE_CLIENT_SECRET: ENC[AES256_GCM,data:/3U7brcOL162xh9vXPW45Me7+yun9oHVCI3LLbbq8cw=,iv:+SyhYlGiFro75N9LuoGff5QLDG84GeczeYWQYJ07Li8=,tag:9QlbjBJgyt/+VbzLLWWJWg==,type:str]
IDINVITE_ADMIN_PASSWORD: ENC[AES256_GCM,data:xIxVMTN5rNZ9LuxqLMF9veLbpjqdSAHDRg==,iv:FctE+EIvL0c0RjANRDYk+6gZ/igxkEmLJ+Y371gMXOU=,tag:txlgkIVVFeJ6pXFG/+Z2TQ==,type:str]
NO_REPLY_SMTP: ENC[AES256_GCM,data:2XVjIt0tYZnjMSKP7rj+Gg==,iv:d/OFKnCwElUD05cv1XeQyrCQuhtf1JD2rRe5QI7T1P4=,tag:LQAhTYwIdoR+sCNfVh+08w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2025-05-03T19:52:12Z"
mac: ENC[AES256_GCM,data:t7Tp8G+2lEIyqy9SYo1cWFpXNJO0ekNsYRtlhizHAJ8VUTjJgQbVoArQygc2XQJWgbploJCTDxOOFh9aphV333OUj376ZQZjwg2msIhNSF/wp8gKw6GFIrqNZWLYR3zcvFdiARKJo3T5vIYmPRLVl0GwqVlIvBRuHOSjHmOeFDM=,iv:IXoOVkjWiHTzWTrWy8QH6WfO9bT6aIIrd5KU8pIeZW8=,tag:me7pC6Zu1TNqVlgyEwrhwg==,type:str]
pgp:
- created_at: "2025-05-03T19:48:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtARAAlsCecsUz8CnpckiAsOZUe9MAFRZiSLeErMmZ6Bh4OzYa
PGeYuz4lSVq3RBkd3n7s8At0c96KE5Q9hgqXlBhaZVO5OXZm/pdSo/jykxDOqGgp
IGyEwJ9cvH5M7XfZidLMbj54+1BzA9/AW3iFSeQK5bbAi9KYmIzBE5VoVWXXixpG
czWV35x/6/rOhCWYZfr5JUM8PSSW8lhwlcA5ytoHAo0sKnbmOracK2apSJ/w4SBu
VtkpwzJ33TUdMqgFXkXIoGqHYE2ovH6GUktQzTY2AchVcwkOqoksD+mHnvy3GlY6
7Kw5ymKnOuOSiJXWt7dG9fVLKT+32m5NeiVf8FEx9vvz3hfTsTwXD2uet1BFYHC2
rXVDf2reKojL4EulBN/2r/sL54tPn/YfkdQPaQVIo4giq6NZ7wR52I4bLys5jOc1
l5wmKQqZcTVcIML0V6qTJcP6DyhspSpysoGOdr4j4rlzSctJPs5HGu5WGywL+fDj
9+KKSYEotGMrOzknwFXCbAER1GFKOVmxyLEgPYxWJa0z0sgsyBU0FtU2j6l057S0
VdVYEtzsamVUztxaJmKu4ei2hUBXO+PGYCdQH7ZX+uuBkHWWAVzUSspoe/3ncvt3
2HAX/+dZzGw4HE6pGChPABSI+txjwbeuyi3iPsBrby3GKv4yafSWxKg1RskDxRHU
aAEJAhDOhd391/ZDtMkT1Cwhf8H+U/aJDoeezvmHL8BMSIKDKOLhngr79bt0iY1p
5uCIIMKO28SZUAgRPkGZVwTlLEuEgXPOeG+AFzkGUOuBMkPAIAJucXTS1Q1VyUaO
YP2rUyEAMxCo
=G/5o
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-05-03T19:48:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ//bMTtv14q8MsLrIkyOW9XQroCFQUAnokoi6sv3d/rgWzF
ViQ4WHIsFYZ2HrFd2yPLweE4I4gbuyEEJAw7DvQiNSkME7zO2V2tovX1IXbzu7ua
9sfykiT3vImd4LozPWDHR8FRdF/3HfuTQgYd5Qi7LrAj4UX0zUaMOE0tW4WJw6+J
kvgqErRgU5LYHD+l3b+CkR5tGJqsNESRGxbcRfMg/AFdeR3J2dwUV8wNI83WSGRI
xRU2SL46HLtx/RZ1Zq1/Q9Aufc+4UqtE+6PK4N2BuerzzXumqjO2vEda5Dc9yfww
7e8l680TQLXtWwZozbIn37XOvDlYaQBO9GeDyZknNNPiIy3jqqZHvfomSRka2QOq
7xitPGCgW54XxZRO39aKFCOryqzHfTPbHRTQvPfM8OYo4JaAmOn4hIWqIKy0pD9d
gsZLJ/YyPx4ZONgwcz2Cz2dLB6wC3pEagNKBrvgREmjaxTDEB8IStbL1AasEdJ7j
nSxJamZU0MK55IjdU+loPsHIK4U9dGr3MFHxpiLV73APcYprgwRwjmBU7MJ467Zf
kZFwmHDCFpZ7u2mWzxL4eE568a9hb1yiI2nNrsy7aGC50TTPPa9ErXOFd6Kbutlu
kUzFCZb6xd+SakuL6joTo4Et7DJNZ4nrJZwN/OSuE8ZTiGdH7onUM0UOlMNoBgLS
XgEytV1eo08+agpBece03q82iGIZ4fN5t3eYEVqbnr9+i5I45txR5B6lHyz3frfN
IpImr3kIDC0NQslUO0P1aBYeTeRc/9TWhPhtZS1wtIlURdFyLjUQIbnqNkRzDME=
=RY3P
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-05-03T19:48:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJARAAsfjYIn5vhU5mjI/IkfYl5sdVquNI/f3boIA3hMKZdwqu
UrzVysIfqZLBACms27s9LPQNpeccQHNWQFdWzmNWtx8bwGQRFWjPgERJ0Uin/M5/
6ICE+a149oe61pE/5ixQ9AvZcMIUF7iXYqUT6yODxgKKnvprbSNNr5kC8RwACHq/
KRqpZ3eZR9Trz8teOBCxwh7tJx5PzTPT5QbGeuLKlSd38RHgo8fe21ffVTYtDL7o
t+uglJV33H4diQRvciH5hO/mpVRw2EBnmITn5dWSunSx1mfMVrOr/lHsfiyoEEBs
8xmmNd0oaN0M4XYx7PNh7YMGaR0SgDcEVI5KmU9hNwDG70o2RIT7OrI5W2ccJLGS
TyYiPWAWgfVfniXA1Ydjkwkd8x6AspBZQMJTsNiaBs5dk47e4txKQshSOpReZHNz
Xv7fHBocsSlFZRl0ydB279L3Z4q8aOFKYMIw1N6T+jwhns0zBnMRj705A/z/lXqI
22x5gOY4uFcFUm8/GtWrh7bmN1X5R3fIehP3qposIpeBvrCi4MFoIpcltbiiPkHF
ToYUFtO5/QAdhn/RosJRljTA/DFzOnlzuGuvov9XbeuJewtR+ZJmpEeBe+Z6tN5C
dCIMrjFYNndHbYHF4ztAu6PT8Hzq1nw4sTFM0Fyur3LIQHd7F9aXI7+oQugczfLS
XgE0L0AnLJRABd2Pz1IibBO9Y+la2xaCpqhxw4C2ohdusIGSfcz8aqvC6PYviovA
jZ185Bxs2TyPwqPxXve2h0zvqbpaOTmc/0PVoRQEVXkrkL8FfxLxPsJss18hdos=
=mqr8
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-05-03T19:48:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ//erl8qaY9wijgSKKu2xGikhQQz7DkYq0lCZ8KrKyakgLA
2vyuFg0+b73/jUd81Xy7j168SRW6GS6Ms/9v6lgGjSt+e51b1nv6G4ob1+KEqu19
EbTRNeMmTcFoXVMuXL3C2PWVUAE5Gs4POZai18eegQtm3dgOax5/25FvNZXmsoYh
NYr6+vdZw3Au8KZdFov7iMK0/GX/6GR6XJj5Vlv3SMF8GTCxOyeZwmkk0ud6/5Gp
amnz327woNAs0oPnoJ6cWO/zlAYb7EkmMfbKG0/9EFErXYkC6Y8N8LrGtOpZXHJG
doFot4TOPIJGiDbTL6D4+QnIqVchym7JiGmYUGxdzmEXiwe8AO6sKJOR8kZKU+1G
aSHjpq96IvPewBOJA9NghAI9JoCsWXtqYlpTjeiTXciHqB5NZSgU133R/dqZ01r0
k4iP1I84hbx6XSdxejySFX9Vscf38WhEfV+KgM7xOJhDTJ8HozQQGj4OpD1WOL0Y
rP3y58uLF1I3qy9V1csoJtq/+no+cXx3mohc+iiwXQyhYAJML9pLBbnmWJo+O1Gx
hHYbRDmBM2Qn5TYq3fPOPKNFuKr4pLqz4jy4JC338hTamGQNjbNP/BCCQQJOGdRr
P2klOkSiZepkLSUSbLVlpZWT/wAqgz2JSxsCENoMUuwPvbK6m2cMs/9A/7JMWZbS
XgHCqYLJ30G9mtGc/+dpFk6xzpKg9SHHaos2JV/TuqU3O1KetAB4TUEAwLOj1c0Z
Kf0HlK6l1J4ya2RQqiK6Inek9/D2+KKcvmcMD7ZYQlyeNkLIzKkQIztHS73AuUs=
=14aT
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-05-03T19:48:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA4HMJd/cQYrVARAAnMF45HC4rYs6NFlsOestm2UrYTMRTkaQh3Sg55c3E1wL
gaBBuzfgZt8Kwv27d3Prbu8joawbHuFVEtT8n9qW7EYRlkmwX+HptrvBLWHvCGfR
L/rqCN+6HUJlA+L2RVpcl3dWcI7g1n2/P0+h+3V8z0AlDIWXO71vzX40EsNt5oKW
FHxEw+0bPEHhrFPJzf0HQgp6XBh60T98JZKi5zq/MgbLreLkEswL23XdiR1diFN4
0TCPivcJ78bBpONRvd6mlD2gFc0YDACHCsFPZRL1pq0gxvE1ZNydGkTkjgiKY6B3
3VMjWz2wTgiXqArJR84O6qfjZYX1eP8Qd/+jjvxuUGhax8LRu4J/Ccfqp3uZD3oR
N5ITo7kjWGmdrXCATGLhAD9aneWuBlyHNJfwHZxsf7NeL98d2tuYGF/kpBTy/5zu
F9MlJyTS3OWkSInWrB7XaRB5slSOCi1JM5GvlEooklVl64t6+yIxQf1UA8LBaMOV
vZ4Zngcr1FF3CJ4m3yU/WhL8GSuySSlGlWvgfZNYsmJ20Q2AqGyVID9IKXlFNvWf
04nnxuQUOmdwQ4OifgCMfvzcyt1eo7yXJ7pgMVT2Xmy6bTLZIrPHw33fP/C8cKCd
oiUjn962vNI2E96MDlTZxOrQhOOmSQbu4xbqiSSqEZ70xEckmjE0xxR1JwI3rSDS
XgGuitcNHdV1u00dPzY49PIQWk8wNjqKdHeZ8a5tAjdmps8ACHhL2dTd4j2pTgff
XfvVU4iwMajbU3p3HjiB7chmYQ+U7iC+CiFuAQbjklPwNorqAIcN5zP0pOJ6O+0=
=xD2W
-----END PGP MESSAGE-----
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
- created_at: "2025-05-03T19:48:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fARAAgaSoB6hSUrpjgo/QOMIQmgjPtF/KtHASST7+/liqcIem
iQeT5xwACl898ez2a1elKtgFYUVTOopuc108HyCGmFut2/T9u6uGipOfE8WGROu9
72mx4hq5IGB6mVz3YIucH6NGCpH8lGnQvkeGydpYUUJPzbv9AWewn0IySJVnC1uw
UZy4h+mTSFH5Z4XW4JDnPXamfEwKTSHsbM6KHPvql+CLnJgwTOqln3vZeF0YumSk
iH1xO7OslluJ77jiZlcCfk1uJ2vMCDJGmp7DziMeyf+wTFckvjDnXG79AtQzQ+HB
3fcymp+DMIJbMocGiwtXgpEv/4TGTrbhpZWE260ddmOlrzCakahjA6AjGubu6oeO
m6G8ZTnm0RCNvjmldykW4MZCIbsChZwKAQEOUymiX5JFa0ayZQq1CR1GCGwsU20a
odNI3z3hpJCwI2Vo21nlNc9hiUp+zA1fJteBDnCS8j8QuinFi9G6x0dT9P6i2+ED
yV7ULKsAemCzwQhhudYondo78E5lABgGxVKI/+2gkwZTIc4VU9/aRNftZLszlc+8
nRIs77btYflj9NiK2JCoxr57UpNq19JLs6Otc0vTOjtieG5uDl6RmYOvD9+A731i
rAAMbgtGzM/1dNnls4VpVko7b8elm+kywijXwSXUzGYXfFojIYcfrCOxmLgGBKrS
XgEyMad9QOGTFJZDtcBghfodvs6xfLSYwwT2tDWgSzW4GRmJfvb6b+AR3+4JZ+OL
QQhUFVWM+rVHmAfbnLSfPbLVJFrOPjsTiCOk2onJjiRv8MHWL0QoobZvG/1/zhQ=
=87lW
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-05-03T19:48:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ/7BqkS+RsQa7o8pEN3v1OHEMgSJvwmoP/yoOuXycv8tAQz
VWxrmh4oYlrOc0xHKTotGT5IY9uJi062sVLbnqVwa9EQ96bNM/r0LleBOkO2LsqF
t4aXYKV2njzCb63QpjkeguHQtGi0szKWX+cny+AK2CuY3fpG4i/Pbn14fTE1kDlj
EZD5eXgPSeAG8lQkQazG9yzXOOGJ72mWn3819T3VAFYs7/cXBPYIwB5BD7EYAbg+
dG7ihiMbcz5b94EdkOTqauJKCTjGE3hsjjE7cKRt+BR2fHXkflrRW/ALBJSA2m4u
aDvjAPyvg5MIuJljQ0imXsUUY+aga9oWqfRFR9RsBZqXJD193HXzzZg+WrfCvI8L
fmnRDzEjJ7LYiFJ0Qs7SEuFmlTAa0bk5FWMtVmCjcTrc2Si8o7+yuhysPTIUKogE
QG65iUk7UozuGJapZYI4J46E1586R+LNi3MmKiYwvD06wprRKdJ3vUqTHzaqwqTp
S+RbUi55WciSaWs7EQrO042U1mgsyphG5cGpmXT6AvDwNYDrTBbBM1E8QKkZVp9Y
lKF5ywatwrpWyaxb7OMB8cWaK1RXjB3eDOSYNTUggCx0l/IMAKSoKuK5Qr3Tlcyb
zBENWNuO6WawhJMac7ZlB6s4SpiZxFMKVVBx1BdsNb/OY3L0BZmnZgWDwvggqTnS
XgFcVQFmgq+K2CcXsyiMD303sQmW5MHLrLzjUfvH4QRQ7mhDxLqeKQ3HTTB1IeKY
u0RE/XKAN68fVSeIBcgaXTNITI8TIyGCpXO+BWv9x3k/f8jwMuZjUUD7ikJbzi4=
=EwRO
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-05-03T19:48:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ//eJiqttBEkbKmuK4eov9Lo5ZyO2gOfnwJMXm/uFjaMzrq
VNsjy2PuYZ8TncBTqwDYhTJ4PsMpu7xm9fTBx+JjIhnZHTznQ6lkE/hEfFdeVPtj
Pg3cTO9SuK+DDYqxPcDux3ZBAt/VheApCLFQbj9wXQZTRo3rWUzgdeElTRzJUSKr
Z7yDahdie3roxRTn/yM20d5DuPmAP/ae9XxY9KnBC+utaBsWX0lv7kZDPaJQ5XBc
lZxk/cGn2AAXaWWzDbx5hYvoDQRq1ifaoCE2TMitXwnVtiTvZAxZS7LHtm5rx+gF
zVP/ZcoRMEFBS2CPunE3uEnYF0vux9PkvsOmE9Z3BbjpY5juOOlf+R0pcn1Yw6oH
Sge6DzcJScZ4p1LCr5/pv8WlE6roIpA/YswYKY96+GSmfHbLi4YvlBxrVYJv7hNP
Y2Ce8hcmbiPkiJ83h2RAW9kyX406NipiWy2WJA6hEKNAkS67lhw8gn30/UpkyHNB
QBPQSiO+EvHlOE02UhYiRSyYa7sGypkNicEvX18U1VXLei7CN7Wq/Y0sm33Ebnx6
jh48vOdwKjc5dVTwBAmX6GtNkpXY/xuNipwtcwJKerP2Neh4nk25tKTjmTXP1e7c
3Ka1Uur8st7UYHspeHSHJjnGgaSMqY7V2WsRzjOV8d32WxzH9NTCm0XgaxXkj5rS
XgFzvL4Oi6AwE7pU0OwHCYHCYhgI55jX/gBCp8eOWl/vzbAllXFZkTE+1K7zCghu
bmvxhcdGIHO1Hhossy3KD92njLvhGjcjtcCdaZJnDTKmYBzVZZ2ZiHX6vXYl7gs=
=inE/
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-05-03T19:48:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA4EEKdYEzV0pAQ/+MF6PrPLjAS+QnXkKQMVTSxo95MCPkQmXCPfGpxiEUFP7
cFCsynGmqpYvhPLJqxlF2FwC34T/1MGv9ejYECfsFHhTiUqr4u+OGEG+Y3HnOG6E
OUHa533f8uUFqhoinC2l6v7Ka0XZUN8U91NRqDlclzAa8bCVSYBr2xtqkpe/idIz
lVsnhnTtG0O05voztB2qd2Nhq/Kyavb8w4dunweXVpp5wTuVsvdppPfdK0/2kLp6
CO+2MeBgLHeb3cRcqgsVFs1j/iJyCSPDgvZK5hPm7K+gxL/KoBV3SQUM6JibFWt/
CxGVHCAdavBmvQUQpcJ/GcXO2z4LfRcsZlGbZY5hfQ8omb7QF5EYCtwtfEOGpPVc
ne187Mlq5PgqK7D6rG2EHke5TraIGtkzJxyM50v2EGNrANh787YOfPDWgwgw/OWM
6SpfIS/wIGwvHMAZKPP0Bky5tmSePvk7xVVEq4TY7UBB/ndOCzz/GEyWjs2oifE1
o56dqsUgBiX++SrXxHldU8WqN7LHwBi+8HSFa5hi27gIMcGsXp8FSdnZb0u5CA3W
hvCswjwv8SHt6g/tpAkEUYair4ZELhJooPy6SemV1DLLyJmJmdObHeiE7pvqkh83
GMH7G5iwcHWcOWn08iFsubz6nf8XsJ43M5X0NO4XRF8W3HhIAqDGNmZU3C8RbMLS
XgG1DJ71CT8bACyUGxuDBsW9P0JJn3wPlcVzi4i3aSxY9mcPc6io8TzedOf/bElm
g9iFKEXxWGk5GgUmVWNGaQIwqNwG/OM3t19Tba+VOdWbVdBN84r7DcXGY52K5Kc=
=xcRA
-----END PGP MESSAGE-----
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
- created_at: "2025-05-03T19:48:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAcZM9nigmcaFdRVOWjgBMqN3VF0atnfy5Zw9cowdtnUUw
dROW3r6ukUzpSu6AU9H0jYVB0i2p0DSlToK3fR6JcESjoq4AnPFSZ9UwaSTzfnkq
0l4BFK57V9AgtPnYWw2GdwyDCwkWGrraqV9LHFCgvkaY1qkioY12KgpnMjmvBOxn
HBWYuiOzE/P5iGgyZA10TKN5NVFY8V/99djYSMA2PgqdJ1VFS/CXVbeuUGWqt0pe
=Fdf0
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-05-03T19:48:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdA9NXYBmSAcUPEkOo9bl3uya15K/V1euv2kb7hI0nAt3Yw
pJ2VN3shYfG6InaiGuE0fSZJ3kgxrjC6lRmoRzmw/Y6T4ijBpUT0YGnBw4Avbxdf
0lgBEeBV6SFy6kQPJAfZ+6jJTc69bMku1RtJcBbM67tubn4IcFlgWd4heijxIW2Z
dWwIxaNxUlQ2I4EU3ElZ2Y8j7wUgl6DEdhHcD8Ts20w0VMmjrEgQviLH
=M4OW
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-05-03T19:48:44Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+ARAAxyj8/2Ogapa8QAUjDkdnexURS9wnP3JGa4JKvdi07BaF
uJOzOdboBhrMwZug4uZsbgBou02jbNIyP2QpxarVcmhtC1eij4JqVsa81OE+hKES
fwl752MiQD0QblKwEng+816iazBA1oUdYyqW0OsZXK3xydjfyRSiY1skbmz9iZfM
d3pp19xlf/fisDeCCZX/ylLOUn9Rbn7QCdIvVuv6yjwC0tutjDaU8BwFYqgaRXds
6Q4TEQCPBJBEycmXZrXtBQ2mKtLnxUlcXd+G1x7J9UBPrBPe8cn8vi2U4hzBaPf5
N/mz/3r1S5WDG48eDShgMkrtyn1nG+mCLvPxgIHbCVNiufmEKeQKAFQkqZEmeFre
jb6Rh0F72lABJ0pnpWo+1rRuDJPgTe6IfpWtCmar/YAPHKrjGw5JcXuobYRadQXS
FHyTuXXW/20bWoDrGEnFX4nA0eHVTwoBpxiFrRUnjwlTOnJ6ntYKPDVzU59MPY5d
i388xEwdtOzv//e6kRhI517RVMoavRQ0ldBlxwRbTM17zetilb0c4CITyyTJ3pBr
sUv+XwtLhy7xiq7LlliCUc9QUcXRRFttAJfNyKMDqZ9JbwB5f37GmZIMqiJnd9Tv
ur8zPGp3gGLJ20S4/Bj69te95pBP4myweugr7mj+A1lgrrtsReHcJ2D04hwT+aXU
aAEJAhDXuvIXoDHr6c1CwUBiRNQfISQmOohiEWG/Arq/ISt6a8NI3pQbKN3f0k3q
xygtB3ZTfvS821h8VrqvCcI/tGTWJ3TymaXAR+mGLeW5QPtQP7M13buYh9aoLsa0
DK5E8OARtCaR
=FH+h
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.9.4