diff --git a/.ansible-lint b/.ansible-lint
index 6b5f8aa..f68da38 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -4,4 +4,3 @@ skip_list:
exclude_paths:
- .forgejo/
- - "**/*.sops.yaml"
diff --git a/.gitignore b/.gitignore
index 424bd26..e69de29 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +0,0 @@
-.ansible/
diff --git a/.sops.yaml b/.sops.yaml
deleted file mode 100644
index 637cf45..0000000
--- a/.sops.yaml
+++ /dev/null
@@ -1,88 +0,0 @@
-keys:
- admins:
- gpg: &admin_gpg_keys
- - &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70
- - &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505
- - &admin_gpg_june 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB
- - &admin_gpg_lilly D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - &admin_gpg_langoor 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- hosts:
- chaosknoten:
- age: &host_chaosknoten_age_keys
- - &host_netbox_ansible_pull_age_key age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3
-creation_rules:
- # group vars
- - path_regex: inventories/chaosknoten/group_vars/all.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- age:
- *host_chaosknoten_age_keys
- # host vars
- - path_regex: inventories/chaosknoten/host_vars/cloud.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- - path_regex: inventories/chaosknoten/host_vars/keycloak.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- - path_regex: inventories/chaosknoten/host_vars/grafana.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- - path_regex: inventories/chaosknoten/host_vars/pad.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- - path_regex: inventories/chaosknoten/host_vars/ccchoir.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- - path_regex: inventories/chaosknoten/host_vars/pretalx.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- - path_regex: inventories/chaosknoten/host_vars/netbox.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- age:
- - *host_netbox_ansible_pull_age_key
- - path_regex: inventories/chaosknoten/host_vars/tickets.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- - path_regex: inventories/chaosknoten/host_vars/onlyoffice.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- - path_regex: inventories/chaosknoten/host_vars/zammad.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- - path_regex: inventories/chaosknoten/host_vars/ntfy.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- - path_regex: inventories/z9/host_vars/dooris.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- - path_regex: inventories/z9/host_vars/yate.*
- key_groups:
- - pgp:
- *admin_gpg_keys
- # general
- - key_groups:
- - pgp:
- *admin_gpg_keys
-stores:
- yaml:
- indent: 2
diff --git a/README.md b/README.md
index 5a3d90c..6906a7f 100644
--- a/README.md
+++ b/README.md
@@ -17,15 +17,10 @@ ansible-galaxy install -r requirements.yml
## Secrets
-Generally try to avoid secrets (e.g. use SSH keys instead of passwords).
+Grundsätzlich sollten Secrets vermieden werden. (Also z.B.: Nutze SSH Keys statt Passwort.)
-Because secrets are nonetheless needed sometimes, we use [SOPS](https://github.com/getsops/sops) to securely store secrets in this repository.
-SOPS encrypts secrets according to "creation rules" which are defined in the `.sops.yaml`.
-Generally all secrets get encrypted for all GPG-keys of all members of the infrastructure team.
-Ansible then has access to the secrets with the help of the [`community.sops.sops` vars plugin](https://docs.ansible.com/ansible/latest/collections/community/sops/docsite/guide.html#working-with-encrypted-variables), which is configured in this repository.
-A local Ansible run then uses the locally available GPG-key to decrypt the secrets.
-
-For a tutorial on how to set up secrets using SOPS for a new host, see [Setting Up Secrets Using SOPS for a New Host](./docs/setting_up_secrets_using_sops_for_a_new_host.md).
+Da Secrets aber durchaus doch gebraucht werden, werden diese dann in diesem Repo direkt aus dem [password-store](https://git.hamburg.ccc.de/CCCHH/password-store) (meist aus einem Sub-Eintrag des `noc/` Ordners) geladen.
+Dies geschieht mit Hilfe des `community.general.passwordstore` lookup Plugins.
## Playbook nur für einzelne Hosts ausführen
diff --git a/ansible.cfg b/ansible.cfg
index 654da28..ca06548 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,4 +1,6 @@
[defaults]
inventory = ./inventories/z9/hosts.yaml
pipelining = True
-vars_plugins_enabled = host_group_vars,community.sops.sops
+
+[passwordstore_lookup]
+backend = pass
diff --git a/collections/requirements.yaml b/collections/requirements.yaml
index cec061f..a24c121 100644
--- a/collections/requirements.yaml
+++ b/collections/requirements.yaml
@@ -1,4 +1,3 @@
---
collections:
- community.general
- - grafana.grafana.alloy
diff --git a/docs/setting_up_secrets_using_sops_for_a_new_host.md b/docs/setting_up_secrets_using_sops_for_a_new_host.md
deleted file mode 100644
index c88315f..0000000
--- a/docs/setting_up_secrets_using_sops_for_a_new_host.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# Setting Up Secrets Using SOPS for a New Host
-
-Because we're using the `community.sops.sops` vars plugin, the SOPS-encrypted secrets get stored in the inventory.
-
-1. Add a new creation rule for the hosts `host_vars` file in the sops config at `.sops.yaml`.
- It should probably hold all admin keys.
- You can use existing creation rules as a reference.
-2. Create a SOPS secrets file in the `host_vars` subdirectory of the relevant inventory.
- The name of the file should be in the format `[HOSTNAME].sops.yaml` to get picked up by the vars plugin and to match the previously created creation rule.
- This can be accomplished with a command similar to this:
- ```
- sops inventories/[chaosknoten|z9]/host_vars/[HOSTNAME].secrets.yaml
- ```
-3. With the editor now open, add the secrets you want to store.
- Because we're using the `community.sops.sops` vars plugin, the stored secrets will be exposed as Ansible variables.
- Also note that SOPS only encrypts the values, not the keys.
- When now creating entries, try to adhere to the following variable naming convention:
- - Prefix variable names with `secret__`, if they are intended to be used in a template file or similar. (e.g. `secret__netbox_secret_key: secret_value`)
- - Otherwise, if the variable is directly consumed by a role or similar, directly set the variable. (e.g. `netbox__db_password: secret_value`)
-4. Now that the secrets are stored, they are exposed as variables and can simply be used like any other variable.
diff --git a/inventories/chaosknoten/group_vars/all.sops.yaml b/inventories/chaosknoten/group_vars/all.sops.yaml
deleted file mode 100644
index 4cccea4..0000000
--- a/inventories/chaosknoten/group_vars/all.sops.yaml
+++ /dev/null
@@ -1,210 +0,0 @@
-msmtp__smtp_password: ENC[AES256_GCM,data:xcBVBTb6mfr5Ubyfga9ibKWKhrfrEEaDWD98vIbX8fl8lQ4YTovg8Ax1HTK4UQ6AkJGHq2A0D5B67KUTlp9eLw==,iv:TOp1G1LktRPj/KMCRU5CXBUsgKOqGssUvvk5oY0QnPM=,tag:SVBdDQy+fM0xeEToappP+A==,type:str]
-sops:
- age:
- - recipient: age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsemRxOVROLytjZ0NJazJB
- UnRWTmNvb0JxUnhWMGJTOTl2ZVpyYmxZbUdVCnorcTgyY1pNVzNnVWYwNkFITEZl
- RmxrZUN4V1BRenBISDVBZ0hVelVqU0kKLS0tIDQ4QlFMajNXQzRDVWd2Skl6QkdK
- dEZGZ21qR2ZWT21OYi8rR0svaWJkU2sKND8yz4CSMVjWtGHymzD26Nxlk6leEkCD
- XYpGJSyvhaw6Y/oExjzuXYMDXCr/EQFpM8wpU00YA62rZ34FBsyoUA==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-10-13T23:45:06Z"
- mac: ENC[AES256_GCM,data:QxH4lnNyCAAEJhzbgCrq7QeLs+OAtYgwQP4oFm93NE4Fbz7/Hz2dvL/2SopOdW7nYVeb1scuG1ra+yvgzuQDhg4lcgt9eBJoBiynM3qiHBs+FtcSJoKs16I/ACAadQwClALb4E0xxwKFJI8ewMZu5BAxi5EhYbgNfnKCIbhvgWo=,iv:LRa2vX0HUBugeEAVeOqXbPsMQrfrCpyzGUGjK6+VaQc=,tag:/sfhJM8V1IYBh94ZS/TDxQ==,type:str]
- pgp:
- - created_at: "2025-10-13T23:43:50Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtAQ/9Hx48AvlY9g+JVcwqC399JS62WOMmswvmqJIStHCVCEJN
- DPAkbabJ6MC9GiN2A65+VNQJ+X9sjbjKt1kjOEujS5xbA4yX2p3GzHBdgQxMEf6p
- mZSZtI37N0J8bCkHU9IPbIl7W3l8cKq1f+2ZCvtozveWelZDCvx1TN1HLrRO0a1Z
- BINbaSwDs+pQ/3Puu/R9G8Wxti8V5ECXMjB1Olf1Npg1QsyHYOTusketRKbCp1vh
- A78U30BUM+asmgg5MaF+9pxuNDnt/kBXf9VjiElU0XOoIoyTZuVSNtJKxcaTim+g
- yj0RisLPuH5TRo9ADks600WLwFshLJ8sUA3f1X/jI7gM77MUr3iTLxTdq2bKMXTs
- BHo0eiXSi5z5d7FZhWa8nlMDnN6hOiOpXCYG6+5yyt9w2iepAon0U4MBvqfEbe1z
- I4q3gYuHyTbTKuwDEQAiULfRQErBHL0jYb9VZmopSyXmdahHJ3weXmVxy6Y2YZat
- pzJyRpCA9368stdKQajI5qGhOPKVI94WLVsOfKPJH7YsZTa2sQgpLMU4wzqhkQMm
- TzZ0aifl+zB5RCkfdA4vtqnC3t1JuA1Mn05f5OIuGa2v8FIxG4uOtCAOTN7MLesk
- bNcxYIwPGukN/OoSyJE6TutAaUOIlsSwWysN8p5elE8jE5Q2f+IMLd0U25JfD3zS
- XgE6eJmQB90gSIRG6C2R26UY2onC5LqLDZ9zhOTiorHrzLXvtbYS90XMLtbzX8ft
- 7zTsME/nRZpnCSZb97nqGsb6tnhnQLnSCwagmVRtJVi3N60TnxAm6ulizbzTLt8=
- =d44L
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T23:43:50Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2ARAAs6qi0w48EL+4D3HVU7XaTpX7CdYTgYiDvUosVTWEcx2c
- pRSTkX2Ai1uIGPd3+zTrindOCJNTgdpAK5PAHPT8nzPJUT8o8xAsFTHfS7sphHVo
- RGx4CNHafMAXn734Rzzl6n+tAoW5Bw1Su19+dmeme0o6qrWU4JB9ZWIaZrtqPRP4
- QDWSO7yGLQ0IHyK81x3nCHS5J6VNUyKn7zEn7Ezw8m+G51MK46oymS+c7B5n2bLN
- MmmC5GKnmGE3AOnyRN+1O60ZRq8FHN8BM8aADZ+dUx8wPlS2tD2K9I6V/0gOSINH
- Yq0FIeh4Fbd3NS2PNZTgLjjiU+OSi4/q3uLTOBOAroPwhZ83I0UhlMfotE6/z++y
- mBo+SL2jBnG53J3iFqeXUfHOpEkrItviFyJp2MR+l6+hM9fzzIp+N1+2HB9oUuAA
- 8Sa9NeY6htVGH/W1T90LK3kwZNTt7REdbaYAgzBrqLemrGLAQSdOotnaohoCXgst
- uf2v7y+8351tPZ2o8cCv7LsuTARGhJWW4Fw2MVfM/hvYq6rBdelfv3GS3hLI5vyW
- f5BWWODgE/+DmT8+Flrg09JEvJJfMtPaNG82WLkPmFCNkZPgup5yyOp7sVHmRhZ1
- Yw6azYPiViDlAPItAUaLMHpcU0CIa0zIZ4ND8wk5IopFiXek330imyhB4qVqOv/S
- XgHcOQmSGWwvTrxs8/JEwaKlRBYDXVDw6NgO+cIoW7uv8raGHdb7cLZ60FfvtFP3
- i8h4hQcaDGoEGsoehOpIjRtOSgyqT96/UN/slauL8eF9Sjh7zrxS8b0McXvDxRk=
- =CEM8
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T23:43:50Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJAQ//fooeHFVDPbuEJ2I8fgbEDpNi+yASN3ERLu3b4SzD1ik0
- byKoqHY6E/+vjC79EPQE31qAapigO8oKz2n09+Qtn2H4oxigJvV9lA0SF+b5OAns
- UtuJIiGrTR/aLBcS2Vg368S13WYYdRxfF9nt+HEbjxb8JnwV9nkXx9GnuWYzCe/C
- 4dTZva32GKfLHthAb4FqFRgiDoDMg5rdKE4T7W0dllSJ5cHXnYSo3U0KkaOP6EMA
- yx9ztKDZUMskiks2xo9pw6bNC8txseuvwIImw1+ep2DzlrR62XpyMeQkfKWaFkEu
- ECJH+FZIsb+STE1GtjCfGGP+Aa2mOIXMmde3BZxZIBk1TY5t6ITs4AvAZKTcb3ZZ
- vHupolz3cEOcK0vJdiUfnFLAOkQWMKQu7ReZQXuAFpq5BJUF24UupD24P9VKjUSR
- 8LkZdD+knQXb5lO6LFybIiLTM+eVBjZ03/RpLF8QRfqKKlRFWawHJ+OJOYHEP9Tu
- HZDrhLrgTNyu+R350xlUoduYf8/H6bQ4IyCQdKvjLIvMlDKQ4iADY4Uc9vcqBQKL
- LadQ6F2EwaRVEL8+NoRbFeLfAKLCK7N5NzHXK4BX95NhEosXP2194vPRZUkFuE9C
- PjceuiG0Ad18X4doCSnRcr4gR8eDoRjar8dNmniVypWeJSwzGbnOc/uD0GPtoC3S
- XgGAP3CciOVyXtqwBqZF/jPyE7UI020gSda9qzCD/SZ8BrZwx1hFpqcjfAP3FHme
- Tjhv+cQnYKuBdjyLpwVKDfv2fq9lWRKAOBTztJ50Vg65imXFJcjZO4zYzpjBmGM=
- =2a4J
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T23:43:50Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1AQ//X92V3Tr6xeWIeF9QUi8xXzyF/jyvXvkRHnfI7YSUsFpW
- 0IOiSUVGM5+/kAKTvBfjyTbSTKiYMDgmtEak8Ya3frVAh+oR8IR2p1dKfh4efCP6
- UTUv5SGUnFS1otb8+/HSN2dI4s46djwNSVEellyRHoQOqotFGZa0V+4G56cNEyvy
- luk/HRoL8nUDy8pPw4Ea4HJ48snKYLHuzwV5rDQffyfp1ORB2ic5yz5Ooi/XyBV4
- rGLrQWzftMuha0WpUScgPdXmrRTYgE5ikSClgc5t/MBBo8Kn7bUiK5gug7/DHtgL
- XtbsMduE+8Ea8YOiu/MYkXX1K00cI7MO8iJCHoI4AcPMXAANmNw1qDtIeNJjrsIJ
- Szj9BoHYulmlKnW2/m+Y5OR/NxrwWoXP2lfTFHbqjkh/SwetybDfOrw91AcT0i/q
- aJ82RYadQiUBwICAykr5/lPdtgfj+H9WoMRXD854/DLBhJaDByLGu7QYyJSGdl8U
- 6RrYQLHlwpzLVApJl708Hu5kLK9hEWNXQnmLTl2KLYIXsrTXamzf+C3KTPpY6d6w
- HZ9GzlVCsqGlFdUAWCfuC1/bY4KJOSqORGoMq5Cl1Rg9nO9YlVMPYgfBvdECclT+
- mYuidzlKpWbkVp8iFas1M7yP3seMTJbG0+TIe90Anp2LCQGhRn2FnOzqogxT2GjS
- XgFHh1DBVxNeNsYdsycTv7DQFilW+cag0aXXIJbB6PG7YLc+A3fi5FlpvA9+5zOA
- g4jeKoltkAOLBs/IwUS9Irep/Qks1aEj8glOtznGWIUwHQIJBSo7pTYgSKHQULM=
- =5YCl
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T23:43:50Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdA2C4sNjhrk1FmX46I8/VI5YDqbWJcyUM+mgsbj0jqVjIw
- 5IIGIzKcXoLQbkDnVi74bGYa37EfpxX3Zo447B+i05iqG6Nn5nvBlUvEt4mtajfZ
- 0l4BFYglNIp9HDZAEzXEbn8v1xF7+f32AQiWVKtb1VJHTN+TWOtf7QMhha72y7Jc
- P3EKJEzADNW/FBXhk911Ezi/vora0CMuAGdj9LUwvjJKgWVc9FgTfs5Q4kp+rkue
- =eXCq
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T23:43:50Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fARAAiG57bEoJewA47OYe2GwraqV7ro2x8lzXAW/XSTDcDzyN
- LIFpNM30gzTbDKX0EyHAMuzgseNHlxb9SkMtginA0NrfbMIwo/vxQCjosUv2i1S0
- 3SxzTsPXaj4yBfRyOvRnKnQfiLkUevNlAQI+rnoJvdVDcpXM769otiQQaMaa8sBG
- +A+D3m74W6WHf2TIdpFZVVnp3sIJ1FFRO5Y1xsyjXSybYTzX8duofaquTN/ZNztB
- VBEtHLJtvVKaLmimo40ae+Frg/R8oi8I2owaO/S6V9n4pU27S9vC1IyuyuazMyTC
- 6d6rWtyA78sg8j1ru6tmuI04z14hx4UTg3sZFjXT7kM9Lv/57ZyU2ncPR7qokehT
- 5mQuTMlk58D+/svJK5aiAQbrP1xDarnCovtFelewOZWCjUF90PC1HuqKLuytr4HR
- YWqXPkENhfAaVDUsAkKnY51OcrsLvntxg67nQmmxL3NmaYaf9mXEwuxnCgF1IMvP
- Uvw9cQbdVkEdNxR8G/eN53898gcTXnFbaFGIZ1NKvPc1yBWai6Lpx+NQoJuyVE6V
- JrT8vzbIHFxEzB/+3zl0/xI59gIPYciswrKpqiMrtR+oAOPxooV196vAYOdJuEZm
- 2xSzBp0C2YdQKJnJUlzM9brD1rPp40GPionJZPiV2oNBYxL0Z1aZFiKw2gNgwz/S
- XgHdzUJ1PJam3o78wjrwl/zB0qwdkvOpSOrubvJFk83z2c6S6I7HWqHDsOUBjU22
- yf8jKG6Qt5d1I35kYckRyCj8/fnly+70UlN+OjSYAkrvsKpECMvjzSC3ZeyuhOU=
- =6R7D
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T23:43:50Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoAQ//Zo1bsLgKMrjB3/3VRXyXTo+plRyd5hYzmKc3ecC7XAYb
- coo+ct73coyF47hsnLUlyVucNRKdBql0V48mPqpWZAGZIVDVSVeX5laWeKmXeCdz
- RiFBTTwBv1jasDQA87rMRPc+XbX5Jb0GCmHLF6RdiCksYIC564BqLwgxCvGCResZ
- mHLek07gJpFiYa1Yvjds6kn3+s9jP6kTwbbCBziz8pmifuasqlYb/ZRZPTgO+yGh
- vuanXnhFiJZQoY7kCpwOEbjZYTtmt0buqyUsY9wWmwyM8T7tIdq0BsOCSGxr7nQP
- KLb0JJ15aQKLeZBQbuLOM6Z4fkcn5mdfsJ/UTackq50OSmUya6cYC3LergvLXf0n
- IiyS/+RUzVJ8qlhRBAMvy1Aifmbb60px32TXSD8T6tyed4KxeAuGblDyNVJm2Rdy
- Li8/VpX9ZnSxf9SQemw7mi7iyIXiCU0Vl/A2/LEIMN4Hb+0AFKEbN1zZRGSC4vFh
- 0JMaiGl4TSTV4NBHRhaKGZvWnWbtR754V6BzgHMdsL5NHo2pgMQ1cwyMPDBAECDw
- K+z0pNuIksZTlb08PHsQX/PXvO20QFR210Kd3ObMtBxcEOdi6Wk8g+udVzBCY1WK
- m10LA3ocg2VupzO7cAfO6/DfjXcs6QGD3gtJ8LRt+CFTLgi4m3M1KIZJF7FlTqPS
- XgEmne9JRZGPY+vblzx2RH8nEfLIsEBnZYMa8eUFC6dYZkK82i8xI9i4lBtyXUBN
- f6oQZ5dz69AvJRkdDu8/iVMHtwRXcGYuvn0v2+qJooHuDoAwujk+VFNtzRDJhkM=
- =sVQm
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T23:43:50Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqARAAgWks85bShgeHgNHxjIjRJ4/ytYdHjxj2haIjNABOHjsE
- 4HD1bxq2XcH492qsHzCjvGJn4x57H/CnUJOp5TacAt/CyR+rgr5ChuA8pecJaUju
- mUenre4zHhu3P8bS8q/Qs9J3WdyVdm0+wE9RTfq2ZoRCFA+d4M7VWg9Dw56UM3i6
- 27Xtkmog5olITjtzWtF/Uuf0dr9sTxSwHVqddUbzoQs/vtCKyUTUEtz46oBXQtC1
- +jKu1Xgj4rbaajEOviQf0DQ6zDkB7ETtuOCDhnQDFG+Yw27mBZ7jAT8l1ykEuMl7
- 897x9RNOOitTYkqKjylEeSMcUUyQrOuLLhuBSnC7/vroZEgNc2Wtj4M7Sq8tVMUm
- psSZ9lYVbKNH8JuAVZj3YHhexPVQLuHcnHgG2tdUZ97PB6+yI5pos36ItjkGtM3+
- 5jMCPLAKgrlpAMc4xZmktkXZV4BkrCvN2E5h7HXnsKjQaCsKsn7rD33LNIx/XB25
- 5vDZjxfGHwQrkuq/xTTwhRO1F/S2OK+JBygHcrcdZKMDhMDTYYxf2bwgW2BdLqxZ
- DoenMkq5fredvkB5qpoJEM3iXcy+49SNsBBTRWQXoWl0tFAfU5+y9ez8qBw9QY2r
- q22UFl3JAR6jEyLpH1pUL3LD3lCop8ZqZdo+7Id4gnNHDbt6njQwSAsSGGDbylXS
- XgGronOVF9eWA0dPz7CW1j55MrgbCXAvIPVSMJ2tgxN00u3TkYc1aHhXe644ZLF7
- guNFppFmxmJXVngfWoQhcXxLRJx/dXukIt5TvRCia9ngpNR6EIhL8y6ROlWHpf4=
- =aYRJ
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T23:43:50Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdAdw3qzfTgQK3KfmJ/Uatv1fbVqQvR4xTHLssc8Sg9N10w
- cDMYAvx9mKVWXwzT7NiZc66a6/juktGAIdbEwXCz2tVAp7rclaiNNUc7G/WXqUMx
- 0l4BWPcWxzXmDmZkZzaFRioScTXg/yE2ncbUuouKq3gKZrNErPCD/RG8MMkve9XI
- iBOtNwicXX7l3TH8m/7eOSa9sLJH8mUafvVGWG5Ri2HvbU/EpctFi9YrrQCR8mgj
- =z8g+
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T23:43:50Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdAKEVSFnlcT9WYIhkmOZkLkvwnJcCl4t70AHVvsDzZJ2Ew
- Zb1JCI2E5xyeUB61GyAdsTPBCF55bXr5SD2UojCw91QcJ5EgRdZM4lyRpbG4lGud
- 0lgBB0VHoP2DKeJI7TltIFsn/5A4vykzGFjM3aK7O4Hs631Mz0qCeEO0hL0psAnw
- 0HcmzOKWKTC00BkZIf4I4CovFte6t29Q8BGR1SlPIlf5rrRRl3UshEHo
- =6vZf
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T23:43:50Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+AQ//QZt4gKKhw1mV9eMCfD2jKSBsanAiAVObv4Qr+D0DyDe2
- lkVaZ9A6l2+jUmcFG7l0FumcsWqbz/GR63m9GbXAQHrIXkT1MtR4LwAK3DWrbuTj
- D2qWYwrKYs/Pu72aqqwacWRQxy80eY7tvtaFjXYNso/VIRRqwqKQWwTIYePce34I
- E/goG0Dr/bVqTNnPMVoeK2N/JL/n4sMR54tEYzkEhveFCO7SyHaGxpr98vJFioF2
- 9z+inw3lKY3B4QsKsQzKSmNfs2QB4mMqJ+TBDKG3VdwaudFROtJ79wO6+ahzDsoj
- 1ct3YbsS8wZUReGxHE6EYHqYg05djr+DjsOvNbX/J5RQK7iFLFfIxx+9ep8/W63C
- JNnnq4UmZuolPEDEJsQgv2NOppC++amAxHpSKl9s2s9jy3JrlNKWLov9WOHsihVn
- ZTs7Os/UKQ3r3cq94Xa3UJ7xNWI2qMwxw/pRD9Yy5IN8ZJjtcbtO6paaNWxJkNV0
- o3n8UM1Sf3ddauj5GG0BdPZR+NA82bSSjpm+Vnsd5QGwNdWa6NOMW4K5HKj56/xB
- 1kjta3TimXnGVGYzt8KTAmkdhChU0LeM3MBvF8/IVuHOyYkf4sN8Mfqoy7YFca4Z
- UVw/rvMYRgy4ORMsIDg/ucDoPsF/oPnionQIXmY5GMVsV0VzYuWVP9Mt48+W8InS
- XgH7xkrrQno8PqHaPc5C11eJFBxw/p92vp4Y0BwBQzcmt6sfO/kLFYO6FdQ9EQIX
- 7ncs9anVdF8Hcy44N+6u0eA1GY5IulkHbsulvW2xek7wT4IqWC6tMwVrWrpq35Q=
- =qx+H
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.10.2
diff --git a/inventories/chaosknoten/group_vars/all.yaml b/inventories/chaosknoten/group_vars/all.yaml
deleted file mode 100644
index 3612ebc..0000000
--- a/inventories/chaosknoten/group_vars/all.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# ansible_pull
-# ansible_pull__age_private_key needs to be defined per host (probably HOST.sops.yaml).
-ansible_pull__repo_url: https://git.hamburg.ccc.de/CCCHH/ansible-infra.git
-ansible_pull__inventory: inventories/chaosknoten
-ansible_pull__playbook: playbooks/maintenance.yaml
-ansible_pull__timer_on_calendar: "*-*-* 04:00:00 Europe/Berlin"
-ansible_pull__timer_randomized_delay_sec: 30min
-
-# msmtp
-# msmtp__smtp_password is defined in the all.sops.yaml.
-msmtp__smtp_host: cow.hamburg.ccc.de
-msmtp__smtp_port: 465
-msmtp__smtp_tls_method: smtps
-msmtp__smtp_user: any@hosts.hamburg.ccc.de
-msmtp__smtp_from: "{{ inventory_hostname }}@hosts.hamburg.ccc.de"
diff --git a/inventories/chaosknoten/host_vars/ccchoir.sops.yaml b/inventories/chaosknoten/host_vars/ccchoir.sops.yaml
deleted file mode 100644
index 23cc272..0000000
--- a/inventories/chaosknoten/host_vars/ccchoir.sops.yaml
+++ /dev/null
@@ -1,201 +0,0 @@
-secret__mariadb_root_password: ENC[AES256_GCM,data:bevk9PiMUAP0YBYqpVw9PLEz9ITKVRQ44Q==,iv:Qjr3pOWzcDWUpJAakrn31OCcvcaciJLgS1Zp+YZPWPA=,tag:DB1l6lsy+aHa+U+QLAM3tg==,type:str]
-secret__wordpress_db_password: ENC[AES256_GCM,data:QsvJ6NH4ySsfSsP3pWEx04vxjIph1Wk/jA==,iv:AnocV/jXawXPxQ0dLSw05b38ULQuU/RN2G21/1GpTmo=,tag:QlSCnuaQxCmJ3XO5jjX0zA==,type:str]
-sops:
- lastmodified: "2025-05-04T14:15:03Z"
- mac: ENC[AES256_GCM,data:Za+XnpDu+WTMEUgZ3jnG9/4FOd/emfdiaLSGX+hfkuBSurlqFzVHpXqs4kyl96goOASevkiqCSXwk+DGGNTvSRDCoAH2jMfwUHh5mGHFwXKZFjraVnLidxyOkEg+YJ+tzJ9EHJ7MpQLYlHgGi8Xrc27n3+gpjni6+VhVYiLj4eQ=,iv:fQuTnJbsyNyphHZF6T9UF62jtA2wDrOxlPzW6XwsdNk=,tag:T8P100qKnYhNqr7oJaY6yQ==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:35Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtAQ/+IosfvaYuM7bZdXUtdanSZDkss7wW0McZYkFUZOjeersP
- EFkcPo7fvcpQ40GHL2Q0hbPiSLFnoTIVXxZnYtP32OJaz59CCfGc8pm/UjP/mQ9k
- LqyfsmpSHtQA5as7EYpq5fMsQVDizW+8Ie/xEzbsrrlv83YeEqtcVIhMGcCcJi9R
- ZJB4UtiyPq47Zlo/5Jcaa+xyOJn/Uzqkpz2byKYWacGjsLuuC0Tjp5jAXh/KARcM
- lobUcm747MxXihHUnaFxLVE+8DSM49axILPZ6E5gPMDT3PLRKryxbLyCYQMQkEds
- AQNaXTPAJU3B6WnNP9/dOX2dsspgHvLpQVDCTTjI0jXXrJCcdbOTlG9UyyUZEDbx
- h2JqlecBQ06FSiA0ON+DJy2Xg1LwzcQXpf+nLpZqYi7wab/celcn1EpQXI2C87Hv
- rgWO1tnAAh152QYaX/sBKiC1QbomCViOwA3e8UGBC+WgBNCDWtpFce25kgRFOs6A
- zdiGO5NzJsmdVF3moW6f2v+nSZs31ziQeNDzIY3moJTbwebXZ5EMfK0g51nwAp4a
- fhiTTu7Bb85VJyGzpQcWvkauUOMlYMTFenLXj3jr6QzFGy+OuGcuJyE7MSIK4pdw
- hO69qGidvepjHI+nc+8+VV4t3xau8hsPM+6LFFd+X/ol1YBlcy0Cp2edmJveOX3S
- XgFFVnOdot7zxsYDAYQjRtrSVP6lvingK7cYnMnou/3d1csuj2KnUmg93IX5veRm
- ln56AwW2LE2L1DWBJblXX0FlA4j+s8Vz1mSaTRQAb2fH8miBjFXYhfo6Ts+GPuk=
- =kbe2
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:35Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2ARAAr5dNAp2mqlJHRBMy88OX5mAU9ZL48HaxwtAApGRcqzdP
- JL3MhhUMEsrk44o1ypQBEf1d+F6qqtEpbbdwYkonfIZsLtwQit3f+yhCI/o2GROi
- tP+0Nhj/4SJh1r4c6qcbAO1j1/E6wopK3TIPs81jvao3au1lTNgkw52Yhz/tF9Rs
- Gn2RWFW+ivpb2DJPL4KMw6HJC3CN5b2sP81vdxFxT/Wf+lx0JQWjSSot4wo5bgIC
- xMkwrNbN+agAm5mOv6ra3it9+CzhX/4XnAhSL56Irx6vjy6JudHPre5eUR3ZZ5Vw
- bbIwJBSUCk/rLzdJak2BpjOfqjIw4PcIdFD5aWH6KIE59pPEbJ31eZEqBiRX7rcY
- mH3guxkgvAV2nMpQa1UrMSNZa7Pu9fawEA6GMzqRhy8uL8EnCl63nOE83JVh/fgg
- 31zYRvrMfgbwNcr3bvOB7cCH95iEJV26B+2oBp8r733EPHc6ZA4/j5dvebXTwxwn
- /95D2XvRiOZPu0Et7I7GYOJobfL6tD43T+n4V1oFRqvjJUc99hNw+n3BpGiFR4/L
- qFi8jkasE8i6DgLqU0pHGnVZxEyZkSr/fqFBpOx3vW4U0J6qgjVHZvZq9+ChHWDM
- 2vHB6JQHOAZv7g1arlH+OZErE7GanTVZsiwB3rll4FFhR7HVIFtXknR5ie5qsDPS
- XgEkB65zknz+Ra5mTtvSN59epuPeJLpN6OHSSEfI5wJXfRzxgtVjgEIhF1UhDaEp
- Eai4vv/sD5dX++55/jUEOwKP1AslcrwxdPWQL3Mn0RDdpt1ZlbkdKfofrGuR++M=
- =SxKy
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:35Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJAQ//We4uBivofpNlzGUgviNEKCRaySb7BOyWauQ4ovSB9xBM
- 5k2G/7eC4JdZlmCWztDQAzsOwauzrusIz5ZvCSWuW38ydsOFp1iDQZylx5khDBh7
- gubv8lQcr1I3FC2SX5JOzhVRaVqLjh4/3k3OnpaIGm6KJHjLCd31X6Juas9xVWoH
- IHxhSVaoQK9GWXjESSNf9GDP9yh18GibVlQ02X8V9G7MkDz3ttGW3xXMXrGdkPOu
- uhYlr+GeoAbQ+fcBLk7Cre5my9VyUHhIz+WAxFkxEbab9wqUDUnXuFgcxHOynfoM
- TJa0PdlHeUy2Qh85TI1Fo0SxErHmNgDXQhLulLDSJbiXoUN9TuyAiQW8qnnQk6O7
- KH05ahvrK5vOXeBv/QIddbZ/TbB3tRIEVF+rDaJVZK6VuZwoSvOg7trO14Wjn4+y
- mAH/fBKSbDTO8cFfYVJn0ZubCIsealOGhCCaaS4z2/m1/kzqE50hCtcagESbJQYk
- v7zI1fM81CUUiQVZB8RKmwgQrs1IEk9Y9E2Bve3AuFAJQVx5u6teklgJXtr51Iw9
- 7H+y/t2R2J6Z/mQhZ7QcKdezkrqaWtWJox3ZMjKCjrzePXX394DXuvnz/6QAVue7
- 6ycKBQA7B1EH7GhUfBjtEncqxWmg+Hn+8mIAjDtk9HK5tIDAj+tnpgtdC9w38QjS
- XgHC+3QjA6QxE6k0Wm9Hg9NFUdXNUAJP4Ok8MqT7DdwkVFtXJExxgJUhpCHrRA5t
- ryeh6TU3lpxMsePFo/s9DZ2wJ+xrTKV0oiYL0D2oD9tJ0weF39feQDoDicqwVqY=
- =e4lK
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:35Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1AQ//UNWJ+gFT3vUo3uST5HzxBh2odFv89z39XG6BTjf5zSLs
- uUuwyjzwNniguaHff9vU0s5EXY55D6IA9Q34hNMPDG9TRettwDY+pNkvHF56zx1B
- pZkRKqEW2czwM2CYRufLjkaI8Z4dysMss0itLCgY3ip/fwZ/91qQmZ0UsNw/w8Y4
- C6V4cJD2o9PyaO60iEMB4QTvCRtyJjDe9pArWnGQyR6hbH7b6wI1voWP2IA1TGXZ
- GsWQR4+JGdew1o92NDLmbyOLcw1aUZ1WvtuVAljwHuSwm/Atl2uFVlntTJ6YI57K
- tgKi8afbXBiGG4Y5KjyoViJIkXQsGyqN9NBoRUEfUtf9+iFY0blTIeE+077WKhUY
- Ql83rMMMDy5NyU3H64WfkUMJbDk6FVhVHEsBrib0OhGGCacHgrB45raj69O4ixR8
- PBXEAPbE+8mchMYLsQEG7Zu/qLFiybPKF683WHsHQM3WGiC1YaIv37WmyHLEZEQe
- icJ75ZlsMWWvmF0BT+Fx+JoC80f8kh4EMTqiVFcqXMtvye5XS1/nwdb92k1QGnyw
- HhcmqnkmE/cso9le9Iqjqf9AOVkFN7Ul/P+husp7Kl3CXAsL4jy1yAPi6sOPlgGv
- yBYsOzYs7UAAfbydZV/mafx1/LGd5dt47HvQu3FOlAZ6AQQLqHmndJLLMD1AP6LS
- XgEDk5ll/yQTuHRd+4170gQb6gOORrCVCJW7aDQ8ShU/FdGsMgm23RlLO/85/yo2
- Qp7SqAtnUwZfFvDs+3gHpoGE94Rkp9N2D2eirn+yZ0uk7Ak76JafPNZ9QANQL7w=
- =LrpK
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:35Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdAe+GkmU8o7XoHMyntQtPEbV5zNqUgrcoWvcZ+MFuajQ8w
- 7lyJarLC/f2j/HZ3+lZlULrMjFjXgBf2bNXcOhF1nwO11R8+NfV0xwcpvRVSuo1m
- 0l4Bpti3RneLHjS9OcRdIz/TzcTq53L8JtD6F33f1NnrbE4Sxg6HvLbchuWCaXh2
- FNQ319tjWrfndWkLCFa/UlFhA/kv7H8JcISn48pmFv8WGGzlb0zr9LS3Gh3Rfk/G
- =c3IE
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:35Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fAQ/+JOKaKiQeu7RN+zUvKcsg6N+IIOnPM+5+5KUqum4bYHGX
- gGQK86Q997gUr8jj5RVd7Nx1iX+XZZwl9248Ou+mnGcl3C2lBK0figPftKrZBvAv
- AMdKxBWImfPoyggoLLcRdOQB1CXWohBkvIz5bwF+lBNTweR0FCa+sJXyp5Yhgdnz
- axgHkEP0QWIDK6w5T4ZFxwtuOMmL1T22MRvDllMuv7TMD1vXESOaMlKXbFUXrKC1
- +/+nVLNgwL4RmClGZJqMAyO1rzquui//EW4yiF2k9G/oI+2Ewa7/E3/Ln837rExE
- 520P6BNPD4oUZBOES50IQU2JvZuzWkBOuOAERt43PlpxT7psGEFnGnOyvBxL4BM4
- UVh2FKzo8oTrLsueLLe55VolmjecT3GGnJT5u3aK/MWjxEVrZaFz7aabC5mnVZlC
- EEDOl0RzSNsnhEW/QkPGmlEjkoufORoNFF0Ezsustc3HlymVh4Ar//QBYvQcigQe
- gjSb5gXhMiLVTZF50Z30Bss8uAr3zQVjoSQWMnoatt64/CDztKVN5dZwx7qMG4V0
- m3VDV2WqGotOiI3Uc82COQnRvUw9dTC7qf9/xvsm8I3EBUbMqVELScDA5C6hY4cz
- obzK4t6AbwOR8nFSdIWucbw8FT5/ENoZz+ZiqQCz7fPN7/PzUDJOt6IpgGNFp0bS
- XgF+XHxIfU03AbOwdEU9Tv/NOv/s9AE80fk1BBDNeFJr5ggnnDLq6p73zcJkMLxa
- BzXJrO+VUQ5NJ44mIvZGO7nnOd90pqSevBvpTiu+1W6867nMgdCVPjaC4qQ3L0A=
- =aofb
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:35Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoARAArCEwTYQAguomjEj8jk3byLQvcFbtnGHHVLGPXu+OGmfR
- roh8xGoOTurgb20uGVH0z1aYuROnTkZoBKuxKJvZl6r+2Dkk+HIVwtH/OpLgLNpl
- SF3FyygJInzZ7WjXAEltwCR5Eprp26k2VMDOXPQ4SxtcGEwwvYpZ9svB3tK88gnr
- veWjgsrSwDD2wrz+LNo4vWMal9GcoF8efarx41IapR1201ptvEjWWJL5NE9Ze22i
- 7wnxtVB/H6BP9f9P/yzfjW/KMyEAdkBbbpSWCzO8iVVv20j3Tq/stDb6gXDqC7w5
- ft1zxyxdWk7+eSC/n72zLYF94bO3WwMOr+2ofSs2i/m2yfxdmK7t6cm86D8auY9j
- 1CJn6lQcS8uy/HruWksc66xWUTMaF57DWOHB+qUK8MfEcLSJTfQdrpVHE5S0gD84
- pgJv7DxI/UY5M/GVf71ZdSu78Rkcq6l6cYzEdUqQ0/qk8x9llUZmxQz+KJOlntY3
- RTx8AvHT2Jc98eS0jxpVRzs7TrSjSZJ5ZBzCaE44TbW+YHsdyErvy0M5bOFFnnNo
- 8EopvHpGHKzcIWBPbBO1oWxEmDfTPlPQQAjTeK+y3ugQoqevmyHbBZRFL/22mhRE
- +wboV90XAgzMZUSh878AWvaUoT0g5hY0D7AjYOTkNVBHcTFzjdq8txcbXM8nCQvS
- XgEittw3PSSyvbygsPoogLaWkWJKeBPEFAFW2ZhjNrfXGKAi26PZzTtyM6ZIOKmK
- O4f1wgAET7As+EmU+1tcsRpJf0WCpc9MAZOqqwiQ94eAZikt2ARc9psv01mH/AM=
- =Lza0
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:35Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqAQ/9HdV9WgUpLimmc8bxANWzIWryCRxLRoyj3Mo61VX5bz00
- fHDltJBQDCfPqEL0sTLGXTFhVMEQOnxWX6EE5xiCD7+Ys5uTjbNQrNcG2b12Ja0v
- hPB3IoApcMAwffD8qF05VNOnMqB/yHdcqOHjL0xh/KtkfdcWjqhNqwLtQb+1Dtez
- mRjaC8EwnzDAEdIkDOAIX+hhYcGXXLMNY0fNlWhecztzJCejcCt8YqIaR/IlVNhh
- /nMpL5rWIWf6iR/+/5UHUqaSmFwKkPkvmzXaitIN5h9OuSIMDjnMpsHmU+IOR8HH
- Da82Z1O2hVE0fbVOMM34d3DproEtyFpkU207kqFVGudLX9Ok+r9gEsMJVAOi3+j5
- ysgke1xNAXLSO7tg7sGXpOLYb48/offwTBVrETKjlAr6nWtd0sxLJBGPiXBTofX7
- 15uwtT0zSt1uH3v93O6SeNLdGvxet2dHukgM8+h1SUxOmSpdKGScJhCd3X+mzloh
- JUlr4pBW2XV7ulH2WOv4izZEbRh+PGPvUbebYaCpVfEAxHbqISZUTO+yG2Z+4iMQ
- 2bE0I2ZOxsZt0UK5nFnq9YG4sAjPnroh2mXMRp35EUT0yo16i5h0ZkeWEUyuDfhh
- I0YK9rD7e9ZjA5No1MSjIAKWReR0VrLJSnGqorbjDmNW+D8KlIlXTKKN6/2hZSnS
- XgGQwg0XCTsS6QOHIL1e66zC9pZ0K9osxW5Rpqd76Foq08/xY0oZKpYPnH3caTdC
- j/ghGkzN12Z76L1OSDVWbgwImQgHaX4VsYiMG8NxB/6MzY/aVUAXgOsjm0htvxI=
- =pvas
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:35Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdAARpxP1zmv3LqcHwAQCW9vYNfk4DR8PLZb9TwTA7Vtw4w
- 7UpJLEhacSaDrgEhlNI3kTe0VgBGOX+7xp7JLwg+OGT/3O1nHo/cHLuXAZIBmMFa
- 0l4BLIf4+vmvYQvG3blC3F9aeL8SfZE0sWxA+V0GojQgV84LOxb0UnjUYEQWLXQ9
- eZ/nWgOPwsbcurnW/WtHpsrqrQQ7a24q+w+0kRS2LaJaNtJtT6lPWtl/WL2+AQc5
- =UyYR
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:35Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdA6CEqFJge03j/S1dkej8ji8uiiwYI8e2C3DNzSZ4lZkow
- 6xAbHyeLLU3MYwq0w8WIX3H6oPv53VFo8IF1dyh6LdcpZhrQmwxFgy6A/hs95WRJ
- 0lgB/NhT4QrJb1EOASmKjTbcaUgibCflVZwCjmLC7SH3cKPvNeVhStTm2WGOPHwR
- PWrv7UxFByIgB/itd49BLayex3V7kqYqZevKfbxgycFMA9O9fLHtVrJU
- =A1O+
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:35Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+ARAAxv8X+QbxGoOISPxHZFDJefo61SKQDXKSY8Mm7LlGG6b7
- +6d1hwEUdg6QshLPtLzKWzfnXQrcFFO9ri48/kwro4zlSAok4pXKB21OZwd8fKMu
- rSvroEibSul1wN++sya60sMJI3Ia7lXBEKGygjE+iNZ4oHXKSecpO59fEQvg2hv5
- WrNqn77Y7OSyIUhnaP0WETuhy/iGuXNGyHLCdimcIkhj3fi/rliycLIravBrQ7vy
- lI940fPkuv9iKOvoHah28geVdGIRAe9uHv1D3dygy6aGBZltP7ewuy5TKCoQ65CX
- h5GJqq02ACnOQhKm8vS4c6/7vDxCcZW+OBgb0w2a8bBvzm9OV8ISIxwApJBSW4Rn
- 86xCqKKygcZP35lwGGc7DQFFcZIhtHbSAOz8LLXbcNPxKsgMcWZwASobNgDPlSPW
- BHAr3ytdHcpHXh9oK3rlOzuPcr30LcEhDXY/5OwD3vhG7tvs2RBpxYzQD98p3lPR
- 3Y7AcyvUDY40B5nN6IFr28585M+9GH+IpklIvxE4FOVbTDLYcMD8tZVFMRqjt9DR
- s2JqacCkztxYjTkqgurbIppfv4hNz2JsBKk7RQf0UT+R3Mj/NaO6H0Zxw36+RI9C
- GA51Dcxvrzqt4gZhWwbcF4NCialAjx+ZVX5Gj/llP5He4Z6g6ovEXwVoZtf/yvPS
- XgG7JTpjoLM4pAIRakxhmzQJuxmyE2xU8MZXNL65NW5c0KNtoZGATw2q/9BxCUjl
- ef//IDnCsHgWYuPTmtte30BoxqJiR3wDQKRfl2jqR+pjN4JJeMOwH/t98XDhZvs=
- =Esah
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/chaosknoten.yaml b/inventories/chaosknoten/host_vars/chaosknoten.yaml
deleted file mode 100644
index 1c8fa93..0000000
--- a/inventories/chaosknoten/host_vars/chaosknoten.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-# Used in deploy_hypervisor playbook.
-hypervisor__template_vm_config:
- - name: STORAGE
- value: nvme0
- - name: BRIDGE
- value: vmbr4
diff --git a/inventories/chaosknoten/host_vars/cloud.sops.yaml b/inventories/chaosknoten/host_vars/cloud.sops.yaml
deleted file mode 100644
index a74d6f7..0000000
--- a/inventories/chaosknoten/host_vars/cloud.sops.yaml
+++ /dev/null
@@ -1,202 +0,0 @@
-nextcloud__admin_password: ENC[AES256_GCM,data:R+6uuaDeQWSgtV1Cp7YWZvF8LYOIhoz1K7WVKerm67NLbLRpD9191DyQH13v7ZQPvIce3JzyrWqoyQigJQIQqA==,iv:chVGvTY1Ge4OwrVbFkU5IMd0aac5HqslddQEdY8F4Es=,tag:slmFXStGVf6eJdPFplqKjg==,type:str]
-nextcloud__postgres_password: ENC[AES256_GCM,data:GIWhmhiDkOC6mQAqNe8aKQ2TpTTYQJ44jn+P1hnpAxstAWLUTJZdxE2DHdjhZ9tV6kyTb/GXANn1UtgFzxczbw==,iv:lhJAZF4mJ09jVa5DxtVTfMe5FqfjpQojrI15kYuXI6o=,tag:LvzpBXbBQtNvEnCDNphUqA==,type:str]
-secret__nextcloud_smtp_password: ENC[AES256_GCM,data:9UI+hMDQqM6Ui02fpdscXj5Q+XfN3t/g1MUX4blqd/egoLBtq8R6YpdK8wf6heqXUck6VVDgDLFnpfQzy0cqzg==,iv:dkTN/pj0YhLqEw6Sp252bKmnA1RaF9wfoDE7naGN8Ao=,tag:1Bg/ZoCITh7S9Ps617DKTg==,type:str]
-sops:
- lastmodified: "2025-05-04T14:15:59Z"
- mac: ENC[AES256_GCM,data:iJcBQZ2Mpa83/bR1BcTPh5PGrsjtyQjtAwr0y/bjOXrpMjoCiE8nHl2vdfZIxGYU+v40nkgYhXS6wCIlBZgO/QgvXwVT3Qm42i4GSx93N+jV8j+iB0a1kPJ/yHAPHD0zvWF6qlNSAeFWPbifLMXHLjijZDud5LxdW2KfJ00JCuA=,iv:BTUVSDYfKJI18GZhiUC/pJ+Gbuzfk3GrJadlOapw5qk=,tag:f15zFqye7O+L1lTp0Z/8jg==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:53Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtAQ/+PY8+7GETf0WcH1rsbXJ/IJWPCVTxGk8c+ivcgBm6hN7X
- ZwE0V+3smhB4kHC+EJ2R3rV3URB1LySrOt8NCVrcH77+GfWIorpcQ2cJpLHpVvd7
- krAyGaG/FpEcLUnLGM/qrfSiStrqaQwAIie+ogl3vls6ZPtDjgdvwclWjCfngesM
- nBZhimzXCF65NIqspw+WsfdPWVCoHdSGPFV0uXy3yOa3mE8QAchElnnwYDtjB6Vh
- YA0aX/MNDjq3vxrLnH//TSZXJobzgu9ecu6AaR4ZYDuuvIyXc0wajzYyH/js7sxC
- 2xjyBrKk+EeojpDH+jcZ+kMTYjJmoxmXUzznQKRW7zYN3pwhTy8bZu57EdKQyabr
- SMddY3+DRPEe9gMqbbbaNUn3XdbWCTHCaolmvp+n1g7+u2oIH/oRa0aIe46l5CJH
- qEYsPdP60XZ4KJZZMfSejnAwkksWnHJu748PF2IqikSHiHW23nrw2wiL475SAbCx
- t3kA9lqUwJHqxc5j8l9mbHF4TlvZV/nEnibQmBqto9IihMCLXwfXfgmRd6eIfJAL
- l0feN4c0xeVtl+ulCJoS/MtDbWK5zPnIg0Jtp/q5FPmEBs0T02tX/Hi/rtwH+70c
- N/wqCi6UI6HYfR4eZlzIrrnebK0EfZZhvglO8tuOzLFCyrrfIHMHFBlKrB1RiajS
- XgHSr48HW2688nsdoaOQ6h1nVAfCSs2dDzvkg6ODfRi8jOsCEYdFOI/4aY+ImKg3
- vBp7LaHOAPsmRHd2mpychyWnzbLakl2qoM2cwZR2hqbQyl68loRtOT+9qtK82vw=
- =S5Ao
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:53Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2ARAAt8BODeKoqbfIwq0XiauI06ez8SR+ycZVyscg8VQKs4Qj
- shCzJkhdA3wS/0JhqF2pAtPHDpkQzrJcZZcetv5h7qfL7QQi13rv+Uz+a5R+Me50
- 2u3HCNQRKF9P9my67gQI32t9Z5UGCE6v6xZHlbETPFXfBq+PJzVi01i9rM5ovfMx
- cWS01rn/2x91BW/q8LQ/LD+B7ygMcUsc3ot70gRQIF4AGhzYjOpWApg+2XhhSBr4
- rBA2fG1SqYWus1k/2iODDF0CtoeqHykVOeSfeO3Xb7qP3Sjc/Qz7HGvabBy+BOPz
- H1kDbQRFCILBYaeV5SrwkAiMZmrcUDJ5UnYQ6ZhzKro+YaS8d4M5psx8+1vbygsl
- xFBGljRKPAR8HkhG8KvLfXs1URQzBu2QgKsjtADsF0avvHKHzZ939pHhYFcPVGmB
- 33vf+rPMJwl2g2pDPfXgqevwNlfm7M8bsy5bT8Ugu33E2hCH4Lun4qnFVkqM5Ea3
- 4yk9WVMXxS5kyUflGhvV1Nz2bw0Oyquw1y++odvRfCEha85ksge0sgQ2FimDR04I
- ZAgyGdX0Q8gW9ufQLjGa7ewivoACsStf4Zo8/n5PpC7Nv7Z87ysLnZWkin46ey+F
- vruU4ewcbKV6JEgxgPgRDBLmzuXhI8qccWOdRz0gECk+/x8MXNKLRqO0XJAhyuDS
- XgGGoT0loFbWp85Pg6j6ahDDmfHEUzrA1hV42bicbE30eKinISX4Gzv6j6wCnEpb
- A3pe+pvnT3V0o8M0dX5CiIXrcIGjurE5+h+2JPreYiM6Rvv5HKi7Uhoq8ICFQ4o=
- =hSIx
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:53Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJAQ/6A+OOQLzV5xTWZMxPir0Ue04LG3mzhmHjVOmEoDA/NIx5
- 7Kc3InKN5a/S8HtjEHih5jFhXr3UPm2uik2PxGJp6FoleJrOEA43Rt80bL4kbS6K
- BhSijFHBlIOxbJTC3AEsrC5okQqAFo18bJVtcljWupUTGnys3e5UXses+8O0bkOz
- hKYH0Tfy+NpqoTMzV+V8O3GUNJ2dGVwdc996IMYwTcWpYchzXp+oAU3ScDmgYIeA
- tc3L60M/zgRnj5IE+cjXwDqwkyaq4izI6dsRrr4ciFzoHlTD7lg9jA56qhDGAebt
- cvj3ZlBnlSOimVG6PoOTZyjm9YGmm9eN+dm8iDVjigpcqo+KtL02MOSi/d9Gd+43
- 7P+hPALvnmvh6wcaSpUwWalUkFWF9iP5+OEpUfzTtm7rMUhqlVk+cUSBMhkbEzer
- wt3bPm+L4mqZaoBnY6jM3DDYgZYZuUg3+nh91II6weTZAvem9gD6AZs2ONQaTHx0
- 0jjvw4veUeahfaM+OPDN5Qx0jG4xJEXp8m9iMgO/djeyXB+jNatfKI8i1UfNZzJj
- 0KUHQtNTa6aeq6dQ/suTGj6jAqqMuBBj4eVrsVIXrgk07ae/1gcNTAjFgYRkKa+U
- qo2MCR82rPwAgdaKBNxubYHOZ5N2eCjXS5B+b0tPppOSYVsH4TSnZdbBFM6aiUHS
- XgEbekTD106zwR23pxF8NshsZQQLEG4voGOjPUxGCkXoQTr5ET3e70a0/WmepdDA
- 2zdqv8uh/d7auM3qFKhKGKQRk0Fl8dWCbzBkQdHhfBQkYce18pps99s9cdR6VaY=
- =JylG
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:53Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1AQ//YsTDRh92ztU8kyua+AcF3D5z4t9d+S3zqxTJQG0Xjjid
- z5VAHo9kUTQdKZ7CV01m+yslTRcHkOiKoUQm86Af2cDBT+YhJm/DxRVV/E/7kzPA
- rORX6uhKeZQQ/nXY6LXvaLIbCNCdC1OWwnd6O4EBOKfWXHziHQCXh4h3RZB748sa
- JylL++9mxSkXwsTrrDuWhMlH6dRDF6wAkU9c7B4QbBFnFBMOZjvCMKcC35yrEIXn
- 8/uU4bBDyj5PDa3JCfObbAZJgG1zdPBza+lcCz12L60b/5vdy1pGQ5Y7LnJlaWF2
- 4hBwKODwK/Ba4fXjNLrUJULexqg8iDT52ab1zEGii07REIiZJOmbBprGN1qW5BoG
- YvZ+rOTE+SG5VwJKHYzPd2n1b+awFcyIb3n2sRtF7TEqthTo+3RwK81I4D444akc
- da5NiS2y5BaH3UoRUpS2Rt2uMqbiyq/Ge7Fm3Gj2t3DcHdYjb8ry6HB4SYppRA5B
- gGE7EwO4g2mf1ee2D9nicPRaMnba+JeU+y74m2MtAGsxyHWRFX2PuRJcMlTRXULm
- nZTAcsr6w1MeMr31tOzOzNIFE+R5HbJ3iccvr1B8NRq//yOAerd8DSVpEQDtCEMZ
- dFad+s2x/AMH56eofe4WCchk+x6v2/xnmeq02XFWwVjSt9UFTKt2NDdeDx6vJDLS
- XgG8IPwF45ZHLsqrRzc/C9VDqv9h+s3oyPc/UsuSQYGZB3qw3qyXxGAzgIMI2ENO
- GHKEDAGYxW0gDW7sFDS9r5I7d3/ulSox6+YPWHtIEIaPnDArKz6ILLG3cAAQjQU=
- =/rbM
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:53Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdAuA368PGHvZRM8X86voY5pG2xxIMfR1RzhruWL0aa5wow
- VCI/bfIVsn+6jusdHZHGgpe97SxszO1sJ0WwNwHr7xm1v6LMGHAYW+VmlokVjGu8
- 0l4B0+KdFfsddFiGkMI1EWxM/9IZuQyo9JanzK4IxLD/VCw6QEihxnyzy8Z39TB0
- XYD3UrsNwBH07dNNiB3CHoZiI7TZZjV/9hTi/4hjh9tMbol58HbIydYe+/gsOEr5
- =fR/o
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:53Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fAQ/+KDS2/uNgGlSIysNLRBWuTkUrF6hN/hOOjQO9Aw+ZnjJj
- vEqG4eMaEB/KObRxA4h+ymYPXJcdybX44uI9/KH0AWqICT4XuekREyZX0rjvFirv
- v2snZF78JsV/oDh8zzQNhgVMtgfMlQSF/+5R9RUFhKsuafe+ht0QmXDicKIjH1nY
- MmrtXIHXsBWJfKj3Eijan1XCFa8FlApNTJsLIueUNd7rMwOht2Ugfldzfpjsr/qI
- lbybq6sTfpszRhYyYXOhD9oxx4hOtiAAlEitiupuoB5YZQV3ulh7UC5o2JOfwEk8
- qiEDiL5qnf/KgHXlnH8sQoM6ePI98VyBQ5uAliObHfYDNSrZO8XMgFezRc/Wqk1Z
- 2cCdk8mnEDra5HO6wZVWxGKpFC23tW5jVQC+Yv2mgDzkXKp6BHWjYuFOh3NJNEOX
- AMS1/K63MmVud0Eqg+VgYwyFV7AbNSIbfR3VITc3YiHewbzE82WPQW3DUaw6XEKV
- ezNI2cHf/m3HUvacTXrKpgKZk/g+6B3t1H3Hw9WhYyZLuyCSZ4kretn1knpf7m6X
- uuIsjegZ7o5bX14kjiQ5l/fSRfJEzrifioEFXCUTF3iShseFUnhLwD0bHZGBD2/2
- OPc9PUcV9OLeIdUZWo4/My8Vt+8Mz/n9kVwI1Q8s/dgoEDBaC4fXKhJVsCcGqmrS
- XgFh+/S/tJTtpJcsqTSE6CdR+r7ir7Rd1EmkqasWwttN1GENo2pjvU2Q7FLQsiR/
- vwUpEehtOwQY91SpUbQ+zr1gQhxxlLuf3ZarWKDGn0XFjSUh1p39dZx3n93s9vw=
- =u++D
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:53Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoARAArTbO3YHUA3a+++vC02evwcpJ5khFMzms4v38qqS3FYBP
- D3LKYpgDdccneirenmL5uXdDqw9A0GF/wqNXHg2dz5zz45fARbJVRJSwPwIwx60W
- U3rUt04Mpks2WWrithsrP9E7pIP4vJ6urvxFR7nkjm4UuCN9Q3QBvGvlrKolnPNw
- GyyOnxh77mkPNVeHdSsVXOFW096FUEWbmZ3VowKIuskb5PHZE18KwsT2fq4Ef6xD
- iEvlPafk2Vwtfjd/n7LfnCQfoCCxIJVAJ5zJbQCQhC3j5eRRE/Y8ncklvmFUusue
- 2dtmQnaqoOgtcJbRP/UKhu+IvAmC+V5Wl9ZZfyD16/jFrY/v6uw9AHM3LP8cx4fk
- 62mxZ9mF7GuGayGVy4tnEha/3+GzWUcANOQx0qy5jtDF7qdA73ElZII2U5XA+eiK
- t3iMRcMeKLETaukRlV4/8x48ebPxZT5jG4W5C2bON8zYZVD1ekJq4bW4ZTG1a3Qz
- VT/C1LAg2VGmESbkTl92kRafxyOuyS8cdNQaR3L8cljRrH2vts6eDqidxVHdkS37
- JLvqKe46UHLjNglZct0sMugoYk+7h5IwgZs1XJhFxbh33V3XghbmHTgx3i9tmIfw
- +S0oGH921n5xwkEguUUPprdMZJHs+D81ouQLmgU3BwkfxSXqk7vMq7YGuxEYR9PS
- XgEn2dMxdCwTOCdtWHySos2pgzMBlp4+N3DD2z96TMNhULawQMucCuhD4xMWEfzg
- 9OOTH31yuFEEKX+WNGiMcfyuKE5J//5lnaSVUePMazdyP34eIKlLuLR6Xfh6BTE=
- =cyds
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:53Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqAQ//Y1DAY406FGCJJUil2U0g/jFYKnKO6itcrZ8VtAW4N/ed
- O346a0Hm9UqEERbI31bkgJjT3AtgcpaUY55mWUJG8UUfHitHOhUflk6gmtUY6CrD
- KI1NpWyWnC2JzPy6f9Hz6RY/MpBCEECySLdIIrkucy9GHA+Wc+Z8AKsAUcqGfhEW
- OD71BH5MbA2JWSWteTnNZPngsRBYS2h8Mdfk86fHP0R2oRk2XppKV9BFSnH7JgFg
- yzSPQkFrnfUcrq1sMZCLZBZSLMoQP1NI6fXMSuF7uMlKEgrSY/ajB+9anjs68/7x
- q0WmxvlK/UFexZH5LumiXWnxtMsKxjNLVkud6Sq1CQy5xAHID7oQj4GP4m0fKcYx
- 5rZbnoOCiTD2QL41G+Yf1gpz6J5o0DspnHIUW7+IGttp7PqjrTfz8HEctWFtaCp3
- 2L1z962594DzZiOKWCzp1bQxZSjId5HA+60OZNAIaRe7/s3dSPNao/H2MUObLBcU
- zu6LekR2YdUrWamT0f+BqyFy44C5Phgiz70oNxqRXoeMOTxyV4IXO3o/G/hzlOMf
- 1+sIvqVJlut2niuckyUwlVRxi9VqLt/E5IIR00nGQS0KSo/U6zpYaof3obTo9+Xt
- ayBvmHHSMNN1W7IqG4VD8WedG8jbzVxMN2DLvK2E50GgwLefrjv1hgh793+1uxDS
- XgH5uOcFGcZYejliXBsGFpL7umCil5EPJM40LAmQovjxAfaYMnV8sqN91z/++G+4
- mqnsX/u6INgQ2f59kage22fbdwg4raJohuV65qi1BnImDmW7FJ7TXcbQMCfM7Hk=
- =Isfy
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:53Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdA/V+CVyLW0oVHmPyCi/rNqxWveQ4J+nhQ8WyMhSaIJGMw
- VQiJjRAhN5pI0TWZ4KN92KThvEFBWgelWWMYSnw+L9tnS96bHw0h591mSUqznR6F
- 0l4BszYkX9VJXkzbq+aPQ9Z2K0JK9sjmj9PwC28r8bXJPGPRF7+e+rzCPUwW7R71
- CS33s11YMkhLB3vFQF4I5t9UCYIHB0Ss1VzhjvQXe5tmPmh7ZFxXQD6vtIkLMjz3
- =Bdmm
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:53Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdAZyOE9ALOzrU7lxSS7IfFvRL8m0WS6wzIEM2vBS5nh2Iw
- vGJeTxv5ApScEZzSGFruuhKeZWmsa53feCDVaNxH5eumwTBeQrDRAXGZMuSI4Lv5
- 0lgBQ81YtDbZAH46HfG0AEGumO9V9hXwKu3XSW7MoqEqYmZwzB6qn2Y9yPQ/RNRv
- yrEFfFJC7Gm0nA42tGPctFJHBnHP1L/a4Sy0g1RZAA2mUiarpsddVEli
- =ey5I
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:53Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+AQ//ef30XL7zPLoHqwl9AHADBWi3cuWJCXzUazSnf5c7UxKO
- B+jlwNWhKfLHJsv8JiFdHJ0szBKxVXTZgIPpNIEhT1NwWqYF3aUoMjWYH1jlmbjv
- xB4OlGQeRUT+TQY6Ht7RZ0SLKlbN1N7MhzN4b9l0ZIdrXYhCYTHghieiHeSA616B
- m+Y2bPil8y7kj3c8qO1fO/hRmUXj8s6rqwN1Umo0JoZmEl5l+/+EOGdAeT8SQMHe
- JqbLHF1gQBPrrtsqy+mB/oY7QHm4axxsQtu26UXBcGFZI1Td8CNvdInAc/d5JBjV
- Xk6SP7vBZaYR3r3x7yPxo9a43IE1w28Uu/KWcas7NwtGA83QoEltdLIJCgm7SyZg
- 8RY6eYbX8vSWXOHqIBfdXtwpMng5c5Da28TpT4kqOXywTpFQ2Ku7034jwBZbwVAQ
- wqvCSdOy/SrMT95wF5R2lv7dGKCvR4DaO5GIuYxHN/7o3Ehm3vmlXhDkFnWdz8DV
- K8cBL+Y5aMYRaIWxuAbXD3y0v+bnMzqOO4XwVfo7yvuZ3wgjuI6sVpczI613c+FD
- nRjizbXpU7hSfDnP0+3I/UcWb9Q7l+zkZGbfB3NcEOzgvhSL84AI9dzMH2GDdoqI
- mcEfU2ljXlotkOqWfRRItDjOuOXHbvy6012kArnlY9QaoqaLNLWLB/QoerIB8h7S
- XgFhIXJuz3zeWvjVZ4dCGx7lZtc1pvzvlWojokR66qU5oHRJ8hSTItof/KrOJdBe
- u0M+fWCy/AN+3fWevbCl2RJuCS6033ZTpGVqShL3Zyd4wMgYVuRcg+s72gP5d9Y=
- =FS4s
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml
index 0aaf92e..7212842 100644
--- a/inventories/chaosknoten/host_vars/cloud.yaml
+++ b/inventories/chaosknoten/host_vars/cloud.yaml
@@ -1,9 +1,11 @@
-nextcloud__version: 31
-nextcloud__postgres_version: 15.13
+nextcloud__version: 30
+nextcloud__postgres_version: 15.9
nextcloud__fqdn: cloud.hamburg.ccc.de
nextcloud__data_dir: /data/nextcloud
+nextcloud__admin_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/admin', create=false, missing='error') }}"
nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}"
nextcloud__use_custom_new_user_skeleton: true
nextcloud__custom_new_user_skeleton_directory: "resources/chaosknoten/cloud/nextcloud/new_user_skeleton_directory/"
+nextcloud__postgres_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/DB_PASSWORD', create=false, missing='error') }}"
nextcloud__proxy_protocol_reverse_proxy_ip: 172.31.17.140
nextcloud__certbot_acme_account_email_address: le-admin@hamburg.ccc.de
diff --git a/inventories/chaosknoten/host_vars/eh22-netbox.yaml b/inventories/chaosknoten/host_vars/eh22-netbox.yaml
new file mode 100644
index 0000000..56ba344
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/eh22-netbox.yaml
@@ -0,0 +1,16 @@
+netbox__version: "v4.1.7"
+netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}"
+netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2') }}"
+netbox__custom_pipeline_oidc_group_and_role_mapping: true
+
+nginx__version_spec: ""
+nginx__configurations:
+ - name: netbox.eh22.easterhegg.eu
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf') }}"
+
+certbot__version_spec: ""
+certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
+certbot__certificate_domains:
+ - "netbox.eh22.easterhegg.eu"
+certbot__new_cert_commands:
+ - "systemctl reload nginx.service"
diff --git a/inventories/chaosknoten/host_vars/grafana.sops.yaml b/inventories/chaosknoten/host_vars/grafana.sops.yaml
deleted file mode 100644
index f01092c..0000000
--- a/inventories/chaosknoten/host_vars/grafana.sops.yaml
+++ /dev/null
@@ -1,211 +0,0 @@
-secret__grafana_keycloak_secret: ENC[AES256_GCM,data:85OEAwuWnYW4NgObAmYey+2kGRML2iH8FuDlIZsHyOQ=,iv:Akdk7Iopx6nIOAFXqa7ROnH25vhoe4uopzEcHjWKWo8=,tag:Lgm8H9fWA+/PCjp+SHoO7g==,type:str]
-secret__grafana_gf_security_admin_password: ENC[AES256_GCM,data:Ct3YH/5FqUA+a7Z7YlpZ8aMvUM43blRG,iv:ePwTeX+7H9p0isvi6Bu0VG5egIOqTopmIiUhYoGCmR4=,tag:SLy3totIMtbED7XxmblasQ==,type:str]
-secret__prometheus_pve_exporter_pve_password: ENC[AES256_GCM,data:dJanRGfkNwZw7oaxxwpjpbV7m3Zl/MzA91Y54WrLXxHWDRHBX5Fe1soWgysN3uI5s+rtIWWfpCux/rSggFh0gQ==,iv:6gFk3IHxGkWcoeZTpS+iReBR5uMModHp2qLZp7aG4Tk=,tag:V55iwRKmS50E2lNS7lmCoA==,type:str]
-secret__alertmanager_telegram_bot_token: ENC[AES256_GCM,data:DhMeo4UHoYu17aVx2sRtQ2v2MFuwD/vHB0xsOf7QWio35ZAcwzGHab+VOzREbg==,iv:DhrCAfMoUt2Zk8imaVA8xC0UAJhXpyqNNwqP5th5ldA=,tag:BbCDqenw+yT4ADpIgZ5row==,type:str]
-secret__loki_chaos: ENC[AES256_GCM,data:km9l2LYuyvitMQOSinAyUnnF2AePE3fcW1E1k5fF,iv:gu2FB+R3/UIsa8qivpQE6AVaOug7/Q4JO3S7nhubsww=,tag:4JaG9ZHPbyzFIdzCnYN+qQ==,type:str]
-secret__loki_chaos_basic_auth: ENC[AES256_GCM,data:9HS1Jq1LqTmshFKdUDk96Y0apSC3xhSqOAWv3G1E3djDvl3QPA==,iv:oYgoIDqV3lGsHDfivgMRh7HQ0tFZhRO9OZSOuD8Yoxo=,tag:wkFgxC9EFbm/wHIHqELv0w==,type:str]
-secret__metrics_chaos: ENC[AES256_GCM,data:GDLtKMuExpedDFWLew68JMbdaxy1aEep2j4/XkOD,iv:2sbdjEp1GY6rMq0BMw3Sfjyci3Zfm7fFkU8wUFy3IDQ=,tag:yEarnC4wJvFnB8i7tJ30kQ==,type:str]
-secret__metrics_chaos_basic_auth: ENC[AES256_GCM,data:eT39ijCsheJZP3D335EIRdeVR4nSX7APw9e4iQ40NtXz8EEfGg==,iv:+OxDeTOF8PLxSFT5ZKkUwWYZfuBgv5YUJSGWsURL2kk=,tag:0nIroxvAjTG0vB/lwq09LA==,type:str]
-secret__metrics_fux: ENC[AES256_GCM,data:aV6zeZ/XsVlA3QepSfVd/cOr+tqFVhlAxRO9SHx7,iv:fxo0o9amrh5ivPTxRVkvymB3fr5dLFVE7EqIpBlNZBk=,tag:41dm29mrV/jmqj5IkuNAaw==,type:str]
-secret__metrics_fux_basic_auth: ENC[AES256_GCM,data:YL+QLzZyyObzDcz+FcefViMrvdkVSwRhDsBx/AwoDX3RLHCDjg==,iv:GADdMa7FHMM1FnyPp8DUHElpXsJeqD+gN5Slw0R9bgs=,tag:KGCoEud2JLU5s1gurrbywg==,type:str]
-secret__ntfy_token: ENC[AES256_GCM,data:0tuPJVmxHcdDWOMIo0QQXgIEkJo+p9A5emH+kc+U5tw=,iv:NZcfiz3UFw2fMcMf+q1GRp4Fsxpxbptsx9n8wPR54z0=,tag:SJYFtXccCbPrXjECiKUOUA==,type:str]
-secret__alert_manager_email_password: ENC[AES256_GCM,data:AsBzn9KJEoMjcrUWiIhR7I/1jaaFEa+cl3gImOQVKrg=,iv:mtQnZqT0taap3+z/L/nMfUvQF3JlTKIdoljmzVr1R3c=,tag:mZrCB597p8LyB61I7ZvHNA==,type:str]
-sops:
- lastmodified: "2025-06-10T19:17:41Z"
- mac: ENC[AES256_GCM,data:8GGZFGSRXAaLoWUowbxd3RVv7NPMVsbkDttDxC1Aeuwjy6678ddioHTiOWn04noWSPXhVnnpaTHWNW9dT5EcbLHvTl9Vb/ydKq5EnjDi3vAI2hQZ5bJ29rwSIW2YBMwpceqh+2GqDuzebhOKxJ0ZFYsPzbfTGPt8blqOQ1abVR0=,iv:aDbIiH7H72jsBRe0rSDXHMQy6zc1QFrI6ZakJj8zxZ4=,tag:+ARO2ST+1I9gOB/f9V/OjQ==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:54Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtAQ/9EvoGHf93vGDL9jnSyPCy9J3cmSBCSHdb+Al2uCcMRJcy
- acu2RkssYhPC8h7cL0NqV3MdSVEGbyu695yJjSpO8HeM552q9yCB2VItW1DsuzAL
- k5GSoZTLLngQWsoApaVbhUP9/UsLSVTkdnGme7iQcB3zFut3Db4j2RSex0rTN7f+
- JnhZ+77AYxlexvtBEYWvS8COcZ2qYjPW+IUulIjsvEEegrYNOgYRx4SKI1qIkISj
- PRfQLMEMcGJvH2IeRQvpADy5v8KIl6jAakwH+C+XZAp/rnUlwRhJ/J7Eyx2JN0hY
- fVqhpsw4bD/0QgbiVK/dH7pdPgr7BBNnPGG/+2qlSQfxnCVWbuiptZy4yhhLn/mV
- S7+hOfymdl0XFn9bFhwctJd6b9Z2lNEB4VwXfOJwJeTKw7oPJwBhPg8LVfb5yEm4
- /J7IRjqo3THZM2cNMbb+IvhXCD+5rFTO7ichtc1zm3RERygyuk2vh3BGypOqS3Rt
- iUcS0WZz647hohCwiXEbHcb6TW6q7n485rwrPHFae/4dFdX9aNSDENO8hV1P1Lxv
- 0/FpCscH9OBYFXMIPdZvUmKf3FLcLND9iiC1aoh4PJdv7xbjf7TiJKVfG7yVMIbf
- YSbmPllQiCty8vnl9BhycSLWYBd/nKywFFc74yS87Ip5jIf7dUPQ748te/15lijS
- XgGgzs+7ZoAtUhcSmp+L03vKA3Lobh9fbnR72LLAA/FmCAUMKQTq12fPSZozCrPW
- DfAmS5gtxCCchAsNmFs3C8GWUWzOW8N/KuZsmTLyygcXes3C5MeeoTp+OWtnv08=
- =UY1h
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:54Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2AQ/+PD5ybX+ImMBoEYImXYvqRDPE8GlJhX3MOwufMCWGJgX4
- Y2ygtfSZbzeYadVDLz1CXHmjvcpG2T+xZ8rAI6C2S6X+MQefgiFG2al4/QM51qsX
- PIUQa6Q4Nqko1cVPX0TJGTaGwS1Svj2GiJNdpm9Y8lLSj1mfSgHSB2DnGUDtmZsl
- 6y9mUN4cgYjNNnwUClvMApj/JZhZoU3mmCA4NN9emMG09AkK/fO/sygkZ4FyFpeD
- oihvTw/0xPy9RnhZPFS9f0+4beiZszI1+8GRi/fBXDx2YsImeKSUhDEDipe0tYv2
- 24CqIa30LWyYt/hCzIFU9IOyRB/ZvOR7jB2815pk+MNZDcbaMta21HpvAls2InAH
- LS3UF44Xx/8LPAHOkqE6Gmea+nQx5grgQw0sbxBprKtsq4YhZyZ131ID8J/AWyvM
- xFnYzX092zceJfu4bS2TYdYMp9SV+7Uy9WYxKTUbyocgJMYVtCSC/kyBQfccT9Sf
- McyjHaqVnDb5nUgumS6A96av9SMp+R4CcoL7k8u2sc4PzPwk4QD9nP9/Zd+0iGSR
- AsnwJCKrEkEM7tjZgRYqT8jl1Nvkk99iKrq9bwKUaL+y1qTsecLn1egpuR/3qr42
- +PsfcOx1z9Zexp8H7RpcAHbUmq68Y4CRsyPOn/tuXsHKNbQ2dJJ8ifRoAoVpHszS
- XgEbvz2w6VoN+l911n0F5n7dBwsgUn0HNRJY90OwH2OI/tTNgeJEOVbNtfqzc/sy
- fFPaQrgls5wtO1FZ9Gfh1G6XYfATXisvJAmnpC1EtK3h/EdCy9Z3TQJNx1owBsw=
- =H9eT
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:54Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJARAAmldVuSQOWO3rkhOWNuVca1EGr0PKubWDQILdgEw4gAVO
- EXaWLoiGOwEkQ+wzkjaL/w4vjMW0cMagQ+QgMHz33KNE+xPGC82ZqydCJVm0YBrg
- 6sqzCxrOga03QIk+T2gUOSkocQQ5WeLvFXaGNMYSNmTV6fvECg+uyqTE+h/AjeR5
- 1hJOh6WnSC2pw9ph0WUsNAOhMlC27XJ6Vz6pyB0AQmUcp84vCuaG6Lb78sz1gla1
- pA9vJyIl/SPRR3++RTGI3mqWCEbCn0OQoZ3j+mIsjsVpbFE9JKML2MNx6iTikgiw
- uO+kpWXc6j2j+EB09bChwMI1ZJdXgaXsPV6kV1sxj00q6r8mzsnbxjx95UeVKM0p
- 63N1Tfy6R2SAWcMcZvCKbNMwok9NiOPkZdHFuH55iwNw8T+SNvq5lV22nyIcbc3Z
- +hzDB5aYz2FP+ENafkQGXSuLd5UTGy9+ZXehPi3qc50HvXE+PSCN65XFgxWp9QnP
- kumpgtkkjgBe0ESvwKvBDPjmd5OxSj2UOxDZosXBKthw7ugv/uLFrPpjcEgyJhYO
- tTJybMIULftgniQLDUs2F+ld8u5NaTyCA7ZZXay5EZBu55xTJ1bLLz2YXWH71DH2
- spHf2TRGoW5eqPw8KE4Jq359Z0WUvKLfNNY704l0pgTDH1Mw2oqWDUTTe+UrPr7S
- XgFCRUILWbQ53tzU9SRq5uAWEXxb6wBgYMAP+8K/OsOO8ttcmFbqSw9eLDRm9mh1
- /F31OMNqS4ao9kicW/nOLKdNSeJ1AuMHA7kYCWksOuOmW3KO/imBOo3JLMFkHDg=
- =xraW
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:54Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1ARAAo9HPxkonFM2NZ9XcVA6D1T5qnIEwGmC3F5z4qDNuOqs5
- r4cv6iilp1ev3331I61Qp+58/WAElbWBixgiXUOHh8ES77MrFyexp6TxW3LBN3I/
- RfNV//Ptz2hBLpt89mbSoe+BQOJU0utdO+IbgWsUSU+7/l5b7kOpPdNmFME0znc0
- AGms5UblXYwUY1yL5ALFM93/OtJJoJf4vmBRTEhIXciaQipBMk7a6MH1QjZ9hywK
- Oinoo+fmaXHGyaMxMvsnoohNMDluZqQoHgre3+dIyOM0Q1dTBb3zxzSFXJexB/fm
- f/1cTpTg1Hh4aXg7Q8K/hHI6mkZLEjS80BE5Wjwme7nJDpmypN4iwM/GwDjjXGE7
- 9zk1nSrThskw8tdHUhzXjEP9wCj1YFddsAELZXFPwBJJrcxKnO6+NvDe4/npt43l
- vD0BGxBDlDOufKIdQmuId3fxthPdI1QvlvnlGxq2b2F4l9t+ymlvB0hgmmsU3psE
- I8JPZvz8jgx1SSbaOksIePZ5qUTXp/7WRbJrhx2axWj6qAIZhzVCL+5Szuy7TT2j
- ZM2jHWXd3xRs5VAtvlDbY74JjOP0gv+ba85vFlYn2fcms1UFJF4DROLkS0qZYWaX
- 1l3vPRR/O1e/fTEShffHWAY3ld5sxLsa8OkK5Mxsz4Z8VX6tF55R7ri7xOvEPFXS
- XgEK3/eF9JCPunybZ9qWTNtkGOa90SO5YSed3hgIQw8AGF4M0wMHoPMfzfX/e3WF
- PvLce+GC+M4rygcfnQh7BuWYFijE2xLqQM06B8FtbQCit4yjmJnknfwoqp0QewE=
- =qMHJ
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:54Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdADqEQ9hxSntxmo/7fb+J59O3w1NpozEHh9egR67lbHBsw
- 83EGLOW0JW6Cp+k73zoiipeoS2nogHhQxG09yVqgQERDbcu8C6JlgM4adZ4+f/Eb
- 0l4BxTXJpJf+saBXXWUWRaTDQZpi/QkojF2ZgJnaA73RMdufBmGDlvbydebQ3mVe
- N1SOD+6ohNuRb2mT1NS4YzO2MHkYaNZG5L3sjhNhmSFxgd5mCiNQ6YsBElDTxk7B
- =2cmG
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:54Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fARAAppTC3WqFUiZIq1mX7JP7+ddll8G1nFnbduXfBE9eAOJr
- QRobQvwbl2krFAKlmzU1RKTLD8qObkHgzHy8d+Rk2kN00Bqk6hcQZCoeWyEy89nq
- FV7pvd4OAFQacWaTWaHGzBq+Qrpg3X5Ywo+sFrgJ1FpJg/0YkBDcEp9WBQF+z3vW
- hDzQCQCl9TzgTNMV9X5JkvbptxL+0mw4NiSZffGnrFOSGUnikS7bXGPU1atj+xfN
- bwdGsRLwHf92Yo9QbjcM2lws830Caf9uqjLXsK5Xvtp7NuPB+Xmvc0Qx/9aUi2Y9
- l/HgOtXaAgfTF+4DEJh7yn9/BAlDoqt7Hj9PWQlaAygnhEXFZ+1Qiui4qOuTx0k3
- T11faYDyLjgKeBZQvDhi8ZJoICEZn7ysgr6LsBORPSDEoL17Z7s+7hpzEk+3bosA
- fEYppu520zUHDGX0lzktK3yvfRzp/qlhf3aJev4Vgl92vQNKweN2KEgu4EutQc3c
- /EhINqfk/ibF205dSWudapoQvBu9s1ldalTmiIB93WkPi4jxGKQNYaJZgLIhD66K
- 8mmMJ1CCHIo97bFTeltuDaUdP3Js5dKCeiVrTSLuFiX9Jet7ZjCY68kuPqlc461Y
- osCN8xrripV+Vw0fBlg1AYq8G/Kffhlv5tnGT/2VEPGiUi6n8Q2eEAbrXu3sf6LS
- XgFctsUqefLAUU6eDM4epYn2OkyRZhLX4S374g6oMEyL/OCcMSWsH9OeprwpgXGU
- L/egGlhu8ZbmnRcDVAHcp6UulnIDGPVcUQO5jUNACcPIA6K6SMGF1rUz4eJeLj4=
- =EMp9
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:54Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoAQ/9FG+ZeWpP4WULWoCYTH86qEU8m9sp0JKwoKYdc0LRjNpi
- nWr2aiWhhcru6U1yulOF7fVL+M44RbaV6uiPGayWPE1tkZYdIUnzlfKWNOz/ibsQ
- euO9VhBicKl5x7eZaQkvrY9CchfqGPD0PQSbNBLFtPhI+sDWnb12sGfJpVejP1HN
- ILBRcsAkSFP9d0k4Bba9sT/HIBloHOzB3wWGDM0mUiSdXCU8tx3DQXcHHg+jn4Bs
- vCrKvtf9E4ivIPrnKdGeeqDuzvLjS8fvbRKZgHCjfjZaYHD/+ioo/GgVIXxsA4J8
- O/6lau/+MHh4lkEKeWtVaEpXqgrDiOre9YhP9kiegKBtnrGoT5M9Uv12D37VFlww
- eGFpVraCG2nbIeA8tKK9PMdKKF+0rGp2rTVecziq6xEs5DzUyYjU8hwxyQCcKZAz
- D4JLV3On1GS740sCmos6HXjAIzqoXbaOxgR3rc6EUxy3MA2qwhAfoF4iSR/yCYT0
- senokC+5D9bb/DTRGEfZ5G0KVK4WG6iNq0HOuoLafLvesK7ZRxNJ2xUFUqDMcXu/
- o3ooIawICKaeiU6DTrx4apXLgr9uz6Fyq46G3vB/W46iUY6Q7+9g5fJurcgsBnKi
- gHwe6e+TGS0v2T20j1oqkUIHXb7RJBG1hU5aLCdwMxfTKulpEDElb+xclLcol3fS
- XgF/CiUR2MXnX3meLzUQk2TdBo4Flxjd/uQLlZIxkWifGi+BLbVtYSm/Ls8kcsho
- 61BvrEtRQGe9SflOQpkNE1Bkd7wpx/CHnJVL2BveHEXzihAbgCwhM+mJ4oQIGV8=
- =79oA
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:54Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqAQ/+LMa0/m6NvgFCnQfckQw7HT2aTuwq1Rfmn0sbqzre5PA9
- IzY2v96pmutN53TcAdrlAWt1tAx2+OiAxEBbbes9kdiTCf4OUzsZfF1npnxnYztU
- bXBaANw6heAvvPaWJhh/l14ccbVf8S7WT45P1HulRfQQBqKDp3WpwTR0MxGjy88p
- cmYRWa6Zl0dvaEgEZ7Avwhvlbi/HNE2gEvPrFfxEsUrWfIKvGKDATPU8+vtxCmg8
- x/X1k0YMR5pWUwwLQkGxTDkR0jQZTeGxHFb5u4mCRO+X/ofxG8YnLrI3Emw8NMpV
- 4enSDg9cIITQgxnnArC1mSkGhdTabC7EKPfUjWuDUJTvC4HD2GnrRUbOwC+Dhwup
- cU8VdVxOauxe73fne/HqgTgUqiyiRqA8j2VCSyHJs07SSQUS9mfDH4pcXxH26t6q
- 505S7wljxaVJaxysiojcPvJjY98jRT31UibZzK2XgjvzjepjBf+brrkdpotV70on
- 3TNaT0ILhTj62s3RTlF63YIHkb5tRLndaIImwBFMs3Wg5CaOJuf7oKdAPj8QHy0d
- vgWaZcPCmzMPFaq3N23D3xEjJyKYXp0vkDAyNN26auzg1OF4XX/k3ZF+IbXX35R1
- sg9xLGA1PAS1Ug2icnXDR9LGWfKwGB5KBFFtob62ZFxC6vRvM1FQOkYp690ewWXS
- XgFHK1Tm2RQd9cN4OSn/NedFGVpWB8IjTp2015OiAcwkEQzbey9nmB2Pf17/6bT+
- SVNSrvAWfMljmpCj7vxOPgJt44GPCTNgRtEIFuOxGtaYU7KDybOrbbuRIKpnFsc=
- =ylUj
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:54Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdAs4mO7jTUP5LsFO0HMlubU53pFFq3jDR7SnhK32frfXIw
- m39xWAYu686yBAWKFVebPRh79nhbEzrBwBOXt3JasGPQULU6QcMmSd8NiAi2MPFb
- 0l4BySUuU6pOfYtts1VsCYaR4sa6ChJVBywiXO4TSu6wtQ6Hc8SmQKOPNYrytqae
- bGFLBZBnBrGXSEYrkYBpDewta3AU1JL3Q+L2x1OOA+jZfrQxlJ08TQs5B2IDizOB
- =GTv5
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:54Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdAlnwr4TqIpDBMWOtPYJVUcz/JGHSStXyYqM/YbNRd1zkw
- JD9NlCdchX7vKLfo3sgYIh0PhBZ05KuxJQdpKEZi+DmSdDvdE91mKx8kICnMxML4
- 0lgBv1+hkZn0rvxHq28bIKrv6Z6y91ilYos6f0elChyZi9Ah2qhZgoxo6lKr9r3s
- mTdMipim/zck5HDfD4Zc2AJP5OlelhozESXRH9aNti02Sxq+v+4GnyIs
- =oMbe
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:54Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+ARAAv/E5FKelurIm3WmYknhsdVbxiUWHCWyYeDC159yS+o0T
- c+zh44azcmX4gulynZg1LTRiyavc07HdV3cp1+ZbwVmmRnnT1OTNOU+C1RnDfZa9
- s/fCmMzootQlfsBgD21lxmAIzLQGuWVgpSWNZuSHz0W9gNwjNpIbNMu8amS7naMt
- k8LlRAQ56C0U9/SFYBUSL901hmO8Y+nlwWkjAc8KyyZoADfHPjm7TAbHpQLgpKiF
- Ciouyts04WJzdEjIab3a6cBO6dSskDcxarnTyCI1e04wllXRMXwM5xA47IPMRruc
- OK/GxG9YRxiWE5bEJnErdMx+uQapSWc/8f5KmWSUQeeBaXOKz3XMZnnSHyYaV6OU
- oV+UdhWoMMXFYF5CV7mtOWmdmI2WMUMs4sDYwpOgp7LrhI/DA5QVoFz23K318PjR
- 8oj9joUOPcWN0ExvAd4bQvVXLzflF7RSx119ezNR5HAKChJRoiqI8hoT4fcCHxGC
- LZQCWqW5pyi6MKg86TbO8Miy3YUcYzlQ6Uk72zkH3gCf6RLFcdR7YMbt86Kmpx0b
- 49qwRbaaWPOrKmeyHpZTnjRSKadk/pM+/T24Q/843mulr1zLiGU1eWdHFwx4+lAb
- T2I0Rtl1J6Ny5Cms6HSdHYXaHN4dn13oM09EpdF2J481LyfIFAQyuDwNK/aw0x7S
- XgGBZewEDElkJJhI+0OzAWJeV0RrCE1qehlzVwx4matuZTFjiZJFQhYYr/iwamng
- AslyRgMOoDxYhLlGc/7TePi22RXVQOj4KEFZrU7NjEbheBi9wodVNNrB4k4je+E=
- =XTdL
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.10.2
diff --git a/inventories/chaosknoten/host_vars/grafana.yaml b/inventories/chaosknoten/host_vars/grafana.yaml
index 2e3672e..87cd328 100644
--- a/inventories/chaosknoten/host_vars/grafana.yaml
+++ b/inventories/chaosknoten/host_vars/grafana.yaml
@@ -10,132 +10,17 @@ docker_compose__configuration_files:
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2') }}"
- name: prometheus_alerts.rules.yaml
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml') }}"
- - name: prometheus_alerts-fux.rules.yaml
- content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml') }}"
- name: alertmanager_alert_templates.tmpl
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl') }}"
- - name: loki.yaml
- content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/loki.yaml') }}"
- - name: ntfy-alertmanager-ccchh-critical
- content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2') }}"
- - name: ntfy-alertmanager-ccchh
- content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2') }}"
- - name: ntfy-alertmanager-fux-critical
- content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2') }}"
- - name: ntfy-alertmanager-fux
- content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2') }}"
certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains:
- "grafana.hamburg.ccc.de"
- - "loki.hamburg.ccc.de"
- - "metrics.hamburg.ccc.de"
-
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
-nginx__deploy_redirect_conf: false
-nginx__deploy_htpasswds: true
-nginx__htpasswds:
- - name: loki
- content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/nginx/loki.htpasswd.j2') }}"
- - name: metrics
- content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2') }}"
nginx__configurations:
- - name: redirectv6
- content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/redirect.conf') }}"
- name: grafana.hamburg.ccc.de
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf') }}"
- - name: loki.hamburg.ccc.de
- content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf') }}"
- - name: metrics.hamburg.ccc.de
- content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf') }}"
-
-
-alloy_config: |
- prometheus.remote_write "default" {
- endpoint {
- url = "https://metrics.hamburg.ccc.de/api/v1/write"
- basic_auth {
- username = "chaos"
- password = "{{ secret__metrics_chaos }}"
- }
- }
- }
- loki.write "default" {
- endpoint {
- url = "https://loki.hamburg.ccc.de/loki/api/v1/push"
- basic_auth {
- username = "chaos"
- password = "{{ secret__loki_chaos }}"
- }
- }
- }
-
- loki.relabel "journal" {
- forward_to = []
-
- rule {
- source_labels = ["__journal__systemd_unit"]
- target_label = "systemd_unit"
- }
- rule {
- source_labels = ["__journal__hostname"]
- target_label = "instance"
- }
- rule {
- source_labels = ["__journal__transport"]
- target_label = "systemd_transport"
- }
- rule {
- source_labels = ["__journal_syslog_identifier"]
- target_label = "syslog_identifier"
- }
- rule {
- source_labels = ["__journal_priority_keyword"]
- target_label = "level"
- }
- rule {
- source_labels = ["__journal__hostname"]
- target_label = "host"
- regex = "([^:]+)"
- replacement = "${1}.hamburg.ccc.de"
- action = "replace"
- }
- }
-
- loki.source.journal "read_journal" {
- forward_to = [loki.write.default.receiver]
- relabel_rules = loki.relabel.journal.rules
- format_as_json = true
- labels = {component = "loki.source.journal", org = "ccchh"}
- }
-
- logging {
- level = "info"
- }
- prometheus.exporter.unix "local_system" {
- enable_collectors = ["systemd"]
- }
-
- prometheus.relabel "default" {
- forward_to = [prometheus.remote_write.default.receiver]
- rule {
- target_label = "org"
- replacement = "ccchh"
- }
- rule {
- source_labels = ["instance"]
- target_label = "host"
- regex = "([^:]+)"
- replacement = "${1}.hamburg.ccc.de"
- action = "replace"
- }
- }
-
- prometheus.scrape "scrape_metrics" {
- targets = prometheus.exporter.unix.local_system.targets
- forward_to = [prometheus.relabel.default.receiver]
- }
diff --git a/inventories/chaosknoten/host_vars/keycloak.sops.yaml b/inventories/chaosknoten/host_vars/keycloak.sops.yaml
deleted file mode 100644
index af4dfce..0000000
--- a/inventories/chaosknoten/host_vars/keycloak.sops.yaml
+++ /dev/null
@@ -1,205 +0,0 @@
-secret__keycloak_admin_password: ENC[AES256_GCM,data:U6vt0UHHgz85sO+X1YucL9CIr00LtTaeyGUFZ4bVFarsg7y6gTtb+fCuYKCgsJmNDP9jek8Ny+A5WPkMkWR/pA==,iv:qq2H9nF6/1pUBhJG8dFmfRdxk9HSaIOoTdu3uu5xJDw=,tag:rpEuf7JSQ0092R1aPOojKw==,type:str]
-secret__keycloak_db_password: ENC[AES256_GCM,data:IDmQUjQh/QB1xdkwPKqv3ZAwdfy/lkSEdAJuF5MSPCNKfuANRmN+4rH570E3/ZApAJpLAkefh3pufiVbNF8Ssw==,iv:W3roegZU2KfeBDBBImQCCa6VqX+nUk2oh6jMhzbGcVM=,tag:0Qzu8gv5ThtAss4xJ4vf4A==,type:str]
-secret__idinvite_token_secret: ENC[AES256_GCM,data:FC9LqUf6wDijaH6JIde9u1Lc4qcqi/XZwQ==,iv:fSgbI4CXMeCKWSyVYyYT+3Af+OdhZ0wsFwNpZf3CA6s=,tag:tGe+xWyBH2VJr3yc3Vh0qw==,type:str]
-secret__idinvite_client_secret: ENC[AES256_GCM,data:ImweU1aPI0G9Lf5+TXvVmZwGhoigSJoHMLCuq6MxxP0=,iv:GSGqpMVHq31U+IYtnHnu9RuMt985y2N1PRvrlWFicg4=,tag:NKuqLcb3xPzna6t2VVuIog==,type:str]
-secret__idinvite_admin_password: ENC[AES256_GCM,data:fVb+vCHzPLvsQ44wWxfAwx5vRpoycJxBLA==,iv:Co53uRh5fG4pEVxnC6uWaXRrCLGH2Celg/XC+idiWSY=,tag:AWUn99jtuJCqXww/2dSS8g==,type:str]
-secret__id_no_reply_smtp: ENC[AES256_GCM,data:Sqc/UkQq/2F78G8LP92YrA==,iv:ObEdXhzHp5aDCWq3r7aUBhOEJ1sJ6lYiYC0pmWmwML8=,tag:1rtneYPlKS+uDzFWev6A4g==,type:str]
-sops:
- lastmodified: "2025-05-04T14:21:10Z"
- mac: ENC[AES256_GCM,data:EgeLza2JhJZmuNase/63KyoVwR33eFRqxHqSSaJDlr8YHQ0Vx6OTGQJTUGzgdQiC5y/AE24Mesbg1iT1+qufeOwv4V9spW3F0Ci3GOBcKrqBZxnnuHNn6tiRe3R0eeu6PLRcat/HSWY4NFz3RvUposC5YaATP78JXgDuJg/wRoM=,iv:FnxDapA+BUfSMVBrTYb9mcSYz5cZ5Qof/PZo44UTXrA=,tag:2FH63YT8Z54G/o/n8s57yA==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:52Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtAQ/9F+8yUqNVGb0IZSig9Vzwgk47vXOGpJ3A30JpHpJGXrpn
- 8dzPP+pCnCBpdfCep7LapfOUBJz0NY6J2QFe7R/R5h8shlirsO041i9gxqyXiIkR
- bqpD5+mGs8hmwiflPK5dVVG5eoDBorGPm98G+M1P0k7mBVwgzaTgjm3OjGeCt1ox
- v60zbnslzbQkX/pnKxKGrN7VKt0rxOv1LrQRFwC3y0ReZxu1c7/MHCkH4fdeD5SA
- xh1GucV/IHiq7XsAbIaD7wuS8GfuJlXblrstKiJJIUOnrwIDH09bAogk+pahYT7h
- zbczVhNjedd2fokX0UYtmpzorkSAgWFX7nSMZTgOtstW+nUNGSxePcif6KwPLwr3
- I9jnBxui/UF56u7+IkfbQ8jlKLf/nw14g8PzhR5OW0mj/dbJGXcOmqvtkd8Nr0I+
- yYLrkjrjbJq2UC8IjzmBT2/zPc8Vs+Y1LKVHCHAji9FiXCEjrQSl9L/svRRxcU/n
- bh5kwRC4k4cJ20B3ALYlUspAOake7oYKEmD+sa9IRi4H47ocU4PASnMWmA0AakRS
- rIn5/RgNaRMkZBQqUgagPkwGf5IqKpa2BrzY3dAGm6NGQrLDYRbO5BjFIOqfXhpE
- BPguAikJb43FX1FLQkgQo6rmDtzrgUVL5zETVvjbHJdPq+KIa5yPQNacaaUzoe/S
- XgHRkq4ZylSE5fA4R/aQkEV6ASkBm9Z0O8ggcbxIdr/sBy2U+fKTA1ixnVGjh08s
- OafN9s42/Ex4XN2dnQVQRrI49PU6okWEX8Lhc49fi0g6pJGAxyDiD5wafvVJNG8=
- =mSqm
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:52Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2AQ//fWg3KSKdi5HPiBed+BuYyyYYMNMnzlQdUSye4XgSUBZG
- bsjAMgUrBZ6hICfjKxcKMwF7BTYVv8GwOTvqQ/rNJ/URAwRsiOZ0M9LuP/zoOzW/
- 8asV7p145qfRoS6jf+O8a3iD1bwGWwrbd93MR3yFONRfTDF+YksMwK5yBOYruodg
- G3NTeKcYVgd3TA22wXer2U81VUdvxnyWYL+5/vczuCnGC1hBGf2Q9DfKtC0KAwxB
- DBKuYG4Gzx7yjN81tEk4AoAegN2nptUyKEYzGQrSfINtru0EurGqxCeCBS8MU5Kd
- hstcGcTZdtSjBMojCrq1pqhJYgzTEgbcbdPZf5hiczJU7rYnz6SfzmGrIcgJuS0+
- d/F1Ig7Yux6Wkf0UthMTw1eu1WDQc9DnozzAfhDBU1+V5P6sDmgQVmTJguk6qAry
- ii2fTIDuWRtfcsehFMi7SA5SdzXqupCkrbfmmpSXjSGUjZoHAsHySnCecayDMNhI
- +p9Me2xBOxaPPqWIu8tNHMkBaJKCAi1b241lN02K47y7HFk/zkatvs4173Ww+zQS
- rzgsKjDu0dQ/Rpn2nAHZ8O7Z8gw9vnpc4oWR6bbIXj4AU507nSnRnnzTC8IdCK6Z
- W+eHT4/cZ2bvCluaP9Rj0MkBBj4mThAbOVqNNVMijQG7Wt5N7+X9bcrs2mLLO8PS
- XgE9sqigZVvVh6KCDxFgTzSh6aHH6hjBF3D/ThjJnNmYYF58Q7LgsLyQtcr40g3u
- nb7BYVggETiQ3x7P/ZOfhrtuAoh67lfOI3T5wDt9+WcdcpXuD6+iuPspAiXoeGc=
- =Wrky
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:52Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJARAAmqWDD5gRqXIdYmUS3Nv2PQJf6g7gN+P7AFay2YQmDrxE
- K3Lef6fbA/wuHieq374guin/BhGvr47OC+yZh/R2UC3V1+tNfIe99uFr/T/fOyNz
- /FQSORhkoghhR75iggh4T2F3KvlopFOQLqW1Zb3Qwf7e9xwsCvl0MVhOtJyeA4yC
- KU6ros1fvDkrLo6N7DWdKGP9GpZwk2twWKAnnnm+gbZMFAKMOBavcJeoYe+hcVSg
- vs7SO0aU0YtHZ/O+js0DpIv07WznogCUm3GRS7RpOfV7jswsZYIVQD5vOcPPn56z
- 2oiPUnJsdM6RwxjXM7mbpxb6ttAqNP9pnbD4QcTTZTWDb/ylJVu9TDrg+dtTrGW2
- eqajsRXogpvS3wcDMVityT81NxvBHzhY4ymIKiCPaD7ANk4TFi6fDv7Qc7S8Z9eh
- qOWHFSsj2LSzsZZ6FF65kg+kAIpzClkSHjL8rNETQ+UKySNKvNjivOfCm7cgDwfX
- Ezeggm+kHTDaFnWjOnk53uoPhCEY3X7J+95lZHQabLMDumXUzabVXBZaTPGGZytk
- dr7oyHTPWUa4qOOEnBlwnee0pEAw620bJbkzOQsUPfT5KCRq4vxLWniIy4M1g0/E
- NA2JmvOIF1QgbEwLVkSLsGmoUoP+WbFgdKmSKkRIiKEEyUuEhlkG/1eQu9W6cE3S
- XgF83WWU8iR4wvXUz0CeGytv6MoF2r03BQE1lU6WpTFN4+7d6Xy+lZhRcoLIQfpb
- 6qNuHPwA5hWyRiV/j7Mard1pcfVEllZj2qd0JsSK5otTKN9xTQN2J9jDZKfJXtQ=
- =szy1
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:52Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1AQ/9GRDvEs6I4NwkGon7+N4kbi3l4qFxkRCrqN/EWANwI9EY
- af6kNt3Px2+30Y8UsnZjHFmW4S2u6YrpEANuD8pWszLbSuvCY5JINBdFmfu9T/n0
- LS22NK7hsMyW20Unj1Yl2DKQyTBvLsB/m129bx/RwuxLv8Zv+WGHUu/amF68+/Tb
- SuLLYfjsDYeyLVOVJVOPAcrXBQykf2dCgQwhBFpgmPkZzX5SPwfGEYY+Lm4f+aiD
- kobyhGmKCSYY4N2UzSNRvJpoiROjVfgm1ujtRctbw+8VdwKzIwiaA+ex1a/oxEcn
- PQPq1lzM/CpPCFxk4niNG9fG+NhFsSfxbo5K5squcLiYUsev5a3dhXUHt8OEFTzB
- Q/hlhw9V/aTzy7ILxEHndSKznjauknnshG14mvzv2CdJBFURE8KFL111meijDk2y
- M0b2pTO2ggu1GgZsY09mRZCYn4L+HTMq9eKT3LenqL6G/vgWrsnTZbZXuTmvNmWh
- jTkq5tCtUodwKY/vB6JCdk8HL4lzVsLExCViBeqZifUyrDAfaijJ5asNnyg+kRw7
- owm0H+LikhWiucQiI3wDFDaGCXLAfZC4k/Wpc5wOC4T0tCmHbv0yAwvoG48SG1eV
- M3VnbemkFwfjTYnOoRU0+JCvwWTqR8ICRWuEnMu/4aRkMGTli7qbJ8hodbzaZT/S
- XgHSasMVkmmD2DDOumcPj7FamYRyRMqEjKsvDki/EeHUvpOgyMhVQ/pRLl0v2fsg
- uIjAzSJgUsaGkSM9s18AArSDRUX+ueByp0p7jyOQeqY67p9ELRt4REk5M89DLks=
- =Ngwt
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:52Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdAtDsOQOeWE70hZw+0Du7uqAF+OHFLHDLZAuZrmr5ggSIw
- p8mUVqd5eqS69gKLgJQ80vPYD1laU8MAhdS8DzAqTsER/EKZtSMX4ANiruNve278
- 0l4ByfC7bS5/1DLWqYTQ0M3bsw7X5H1qR0hFJm14XjjgbBuObzz1V7IOO97ZAPZZ
- XT27F+lSE8pX99AkkjPtgYq0refbw6A/BIQXH6f8fPqgZh/OYAAIj6ynQf59pGgu
- =HKjV
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:52Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fAQ/+JLkWIztQmdTjmgpuXU+hJe6IEMzJXjdhGJWBGX1t/MKt
- oi2/Tk2HmEXdemtNdKpiphFHZfsfeqnQb0gzJUucTFPDScw+3D31xUX1ygczmxiM
- M/WyNsyUJFsQ/J5RnDyJvYvFXqEAboF/frk25c8gBoe5HLmfhi5YWje8n0oG1nZ/
- x2mAhuYYen7r5AT03ZaS7Ke2WPcKzfhs5uXx1gc1jm7SnTR+MKrf9S3pzH3rapPw
- UoJNHW6nkg0FOOOg7aczJbt17r3luup5pYzu2RoBlx18JzS6uCnen3yEjwuqKW+N
- jEDaMpD1HyPKYD7Af2yfUDtyGcB9TOdrLKbERoPU4ytL6megzopeIGdpP9cnY3Ak
- HF/94x4If/Q/zxbXZJGoFmbC0xzEwNdtD/sqw+oLTaApYYp0gJigkSbhj/5xzDZf
- duRIzkLvfbzrDRf7Y10OJuKblRmF9dDwn13SxpGA+/zgS+817wkkCKs58sNx5DPh
- zVjfnlMiKkzPRGQt43lbOUYbP5eD6nLqO3+P1YPE7TH60umkFYv6X35Z7nnHv+lm
- oseNCseb4xV8a9+QOwaTvlbQ3OblCYDyEm5RDmqc6fiMy1L1kq3DYDEsCToFAGWF
- JJ27BsfU9NTcUo4+rruIkb1NSHpkhbl2EYCzneKdKcQVLzrimwtWTrDtvahfT3nS
- XgFxSYX3q73DESUyay/AXzpOmebLXNPSLcB8ay0+yDcELs4E/JXQwCPn24egh9oj
- 3pmTa5DWMBFF6/hWEWjjPFYkQmBdIO/SsBPvrYjJVUJQzmbmsjOf6mKCQyr83+Y=
- =cA2w
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:52Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoAQ/6A0DvwSv1bLOcctpoPdHFtYADLNWtXMbFKakmaUuSoAxX
- 1Fr4BLOPJ9QvUoHoEfEDhtL6CJ1p5BLB0Isrnm9gvoNM0PfOlHSl7nbFZ1nngZL1
- y5c7hnI9GY2ZzBT638pba+G7CUPSalfyFG/OZRCeSf4Rdek52uNMiI99XKqPTefN
- Pm0hVsNY0DN5iyRUDka8eswRCQ4pwxZuxrGRPuNAnPMnZkj668H5wqgi76YceISl
- 53HMD+MQmYtdePupcFhqOvCd8sumpD3xkhzrcpqqyRVSQM48Z9kBVsqdljZN5G9Z
- 7VxabSfyZTG7igliAqvSJUk0Eei6OXjrqRMKT4JTHRVMteeI0pmmNPLiWm7YaSOP
- ZfsSNHfX/JR6PuAR936HazDJuS8xZWS3vT6uSksQmvkO6NzMhsUTv55z24ZQUO4X
- PBBo8jbjgu0ty0HdPVnvhGNtqSzDhgNqSBM4j7HerdRz1w/yUvwN37UKlz4tbnON
- oQr++nnK+M+u0JKrx+GUobbu7cGsqVsWGq4ZgkOrYYn/bTJvUUEvVgae5bGUdKnz
- CMOgJIn6PrsWN7SvcBUl9A02P8NrVRIur2sd/8rrWnan1k112HCnjMNtFhENIfX5
- vSeC8H+CSP7oUL5yWP2nymo4E9bCD6aVDG502umtAdsjmOJdTwWOE+pa6XMXs+3S
- XgHEGvwU3oommS9JvbLirC1ght4tyoTsEKR87aljqt8YxDdx3uzln/0zGmQOV5Wl
- RlUj6IvdcpOg4EEIV5j9lk1LThud5LzLOf7y5YMDWa6weokxPFyalBNBFCw8kmM=
- =LLyl
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:52Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqAQ//TIT5XZeSOpfXWv+C+9n/GnVRFI80u1AsaUb7u1ykzXeD
- 9Ca6o5g+MDXP1KfuaS0783vpN+DgxGbKl+yPTJ9y0gfTYXu+gppyNVJD5mGBMpMq
- BS6ueX64mQ3wVcpoM/TjRZhQ8ZfUkAh5QPBoGMpQZwqVMgurojt1Xb6VmdVHmaUj
- qJis6dzoO6vLwbBfjqmCyHN734UboWNZhmhq3Fz8G4U+3hoaLdhVZfj2hJQRQ7kl
- HVul5ZT1dmYP9ZzSCU9Tmz/ucjJsAO27vtXGCpBRLz8XYj5+ZEw2fDhzuHESGumj
- hZFgC/nJl8t4h7U4EHgysVOCVPWKFda/sfbNsArrAqBGq86Gens/UbS9upU1maVz
- qits/r0srrfI5kdK91gXgaYWOgjlfgZ0sahEHAofKlpcZ/eNCtPRZ6U9IBFJ+PFW
- fz0cceMw0JbuAR9ArxcR2ylTJOtMRAGKHvNFwxShaYegcMktI0KtMqZYO9yvms8x
- lmKwkB5swaAQhaIMm4/9XwQWE/talLTqFs0DePwUHekhgNZDSbyi/C8DP6BLnelj
- 1kSDa4HT8P0oXQ0Wom+1zIq8rZOs4418fri2X4YrexeKWDEc/rnXNoNacoL/NxKU
- 3hOrhfYz0hgQraC8+v64pe/W3P4sySKXPh0pm759PQtyBMP+FbsLg5BBaLGeYCXS
- XgG5u2M/sOoH2/2QkZjbzR29hZxTzOXEcLeJOPyhakNXQejrahM29QQWgtrA2768
- 5wFXbVKi82VJ8xeuCcU8PllgOY3Yyb2qehBM2cBFMcsmYk8D7iEzyc2GUtVqgK0=
- =GI1c
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:52Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdAjxxja4+aqH9LtBaFsqIC7xU/AWLx11pQeAfKeFtg/1cw
- BcwQZcjlmEPpO3KVvQJ9pF+SDB4mj7+MlzZZe332CRSDIRS+JruUB1fY3kzw2wrh
- 0l4BRIjIuU6eveaH5r3EoAieCO8Fie/v90HBnhqj5EHk9sb9RIrsQtcB1j0ISWx+
- N2vhfLt41VjDf0EA77XPWWA73ULadGjtaf5fY2T/CYdpZn+dXlp1LJ0rJsM8Yd/P
- =p8Kw
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:52Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdAUUdcZJnQn1EcfuAqp9BafmuUbOSq+Ppj51XcQnw/NB8w
- XajucpNlzRvDLqnOh0XyaHU2Tqe5DWMD7db0xzd9uax/PElp6u7yvgESdV3ZQCJy
- 0lgBtwU0dvgD901znlFhmNFwDjS5ViWqtDgDhJ2gRZD5ICJyiClB8T8DZgln5lun
- ETJp5OM+J38e7lGI1xWPDDzsI20/Ee2ELDytHlg4bPqdInkNoZ+vkQGl
- =F0pd
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:52Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+ARAAuWO/F0/utrDSBlt/zIz5EeQ+AD/t2LNIJXDemlwQBYW8
- 6c098Sb8rgi4wY07ZVdxCukv5ApcGqf1o++akMHyfd1z756HVjPTVmBGPPP1yPFF
- 6iPKkNwfDJVD3oHLqq3rczwYQbVUR1ri+CibuHfhdvMXI05MqL7VUNlhbt9R6IqY
- vZk+3X0ikllZf8AuSfWXXzRkuAkpg2fWF//trWkaKlZbl6reVZuHTGIWgtjk+VEP
- t1tV+0tYdP73dG/2u6/8EJQ+iZ3LrRJn+/1ALEOD6eFhHZS7Dzgz/I14qxyX/5Fn
- imxH3gV3BaNxPMUFw0D6V3jzfJB00wcuXQkm72Ef2mtemjhZudiOd5U2buIgtb/h
- wqySS1XNxT1IWikOdz3OVpmGW0kD82ResYO31qh43xsO35ZjCSzLjbkzXqeqImsn
- Qj2+xtbtc4Tu5u1r7CSeZzGdk0ZrneUuztSu2dBnEFukYmmHq78sj84GBBbpvkNG
- TWLnFB+VQO4o1EaNR5GrIlBo3zBMaftJj8EEGcoAuIgjc/b6iWrOlL5aQcEteqKP
- GPCEmtZN5ET9tW8qg6G8ue6W4+KVmG6V4WYh7ftN/YhqO35dXeviRLKst0Z0Rh5r
- 7UqaY4NYS7CmCDi09+b19C2X9R/Y8Z6dEex6gSzG4Ze2+NgpvdS0zPhNb1FTJJPS
- XgFc77guJSHqZ40hrh6NLafevW74kzGJSsyMm7U98gyVzt3daRK0Kb6OkAfDDnbE
- kVTVeunEDWDxLQUFldVZwjzruIGi7nkqQMDh1RfGqdN6XIBbL0kAdJBfwIfqv2I=
- =U36g
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/netbox.sops.yaml b/inventories/chaosknoten/host_vars/netbox.sops.yaml
deleted file mode 100644
index a9b5362..0000000
--- a/inventories/chaosknoten/host_vars/netbox.sops.yaml
+++ /dev/null
@@ -1,213 +0,0 @@
-netbox__db_password: ENC[AES256_GCM,data:4k0wmOe1c5AE298Juw5HMm5dttTKB1WsVxha4MwaIILpyIbJO0CfmzjYflfBTFPPGgVeuYdCobzchzqkP+8eAQ==,iv:25Cj2BLGJK9tMDr42AqV1IzJc5zG2dk1YH5vC0b1T3M=,tag:knyB+nALZwME8y7CAQ4BCg==,type:str]
-secret__netbox_secret_key: ENC[AES256_GCM,data:zPzoFK5Sx7gJ31/Apwex9ffFU/GY+HxIfwrItCW68MM4kVvS33e+LY4cI0vbPYEUF10=,iv:SjpKxyxSAVo+p9vvE/YAQFCzAEudcZ1lwnJ6scxeQD4=,tag:oA+lBep610IfelGwdTohvw==,type:str]
-secret__netbox_social_auth_keycloak_secret: ENC[AES256_GCM,data:HP753hmQ7ssbYSQRH0zcRC0vRN5bKptvMXo9jjzcuk4=,iv:GQUoojXLAJxqdB92kKLhavDaka0Rkkg2uocBLshdvTk=,tag:LVnL/JHMsAd5UmmpnUv7og==,type:str]
-ansible_pull__age_private_key: ENC[AES256_GCM,data:KgD61z3hYRPSoCXmJgOMmHFqXtqoKHRPUT/+ayEImPsbpk+6B1hVscQbmsKJFWNsyQlCAV2MqYlIrP68pP9ckfURIaN8g5n9X+Y=,iv:eTjmF0e4/5NSnORZVtZKTaL4r1RBg1ZbHZueOrnMVlY=,tag:v1ndJchirNLPvg8mWA1otA==,type:str]
-sops:
- age:
- - recipient: age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZUUrOW9jUXZDUE5oUk1o
- ZWxNdkVwZDJVVlEwSGUvaFJxdlFEUFpIODNnCkxtaHhHby9CUGVzMC9LUjZySlUv
- RjdveHNHWmFvelcvbmlCQUlyQWZ1QkkKLS0tIC9NbEE0L0lWcDJzR0o3UUgzR0JS
- eGthSkl1OWwwTjFiVFlCUnNkTDRYMUUKYfdYzrGyBzlm86EUHyN14cgIPgomgzG2
- Zt8nCvmd7/0wxHJ1WhrDWkQvx2ZXC6BeD9oShCVe5RcHqbFQumn5+g==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-07-21T18:08:40Z"
- mac: ENC[AES256_GCM,data:SvTSvRYd7ljYpQb72yRkQ+fDrDWRMQzFwTrI4RuLglBCzKNxu1g2JFAVFUSNRybWASCYhg0FqtHoC31HRHbs24g43fRFrXrvBB3sCwQ503y7A78/UfX55Bz3VBqYVJfh9w/Fm23Tak0ki1CQoAl53lz88eUHjCJjeyKtY81/PnI=,iv:y4C3RMWPsnTTgkscvfqVEzcgAg6L0QaKinzcBFLOfSg=,tag:kIcvmJXSNhpQDUHy+ZpPyQ==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtAQ//RZgO+bBNMO0ZfNf4hzPSoZrjGEWaw6eg7/60QSltdMYt
- pQuuecBYba1YsCWKOWQd95vFBGfZ04EBaEJuJhBKrwxxGl5Vurr2LJeTpfqpAR36
- rXwELGqVHr0HXyBwPzOPOzM21NlXnNMPrboVJR9+DryT0Jw1BbLXqs8PwO/vWH+G
- p8cqRvAnPglQXV70tQHCZSN6rDV0pLZiKnW1PPE8goSVkwInuAsZE5Nw1+fX4HBF
- 1j2gFxS9t8vFaz1nFTIZpI7ixvAvUiKtnTwforiNEuF3X7lAkyyHtmbxAYFB1OVB
- ieC7X8OCZFYYSjMPxerHGiyiJ7GPO6rTMrcqOixeB5m4x+z63w9Ev3aLuWxcPKFX
- tPNZ5t4lBO881KsPIm34cxKzUa11NKD+c4PQyMwXvZ55XeUq7SdO6wKTdGyCdjq8
- s7WegSpieAVtdlLrJIv9FENE4aFuBhQDXKaZtA8+WTC+DhcQZeras+WApcWa/ugU
- iUsHE446qlHs+yn5t5ygAGNX7u0j/kZggRnF87BKBsPVTmaClcC/tQM2su5W8Xuh
- ohlFAlgwdlPP2A4RBZXOAdAH3HJMHqxL3ZZvop6QAf6mRv5aioMdFttFFJY4V/SP
- cgCxsXcsz8JZtNU1GB0MqeMY7NQnWkxVafJMF6Qg750Gdd7TpjLfm+7PMSOpwdDS
- XgGxU8tDEkaZWE6IeUEwbXrGwdHQYutZuQpDmuld9kepTNbSdo36SYEgp8QGv1tK
- cN7UxJhSNj72pyBvXU8apmjurajdGLCs5TM9qpCPcZJIRku14CCEedM9bNXCkQA=
- =KfmX
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2AQ/9F6hLD/F/9/gSWxWqQm7yxPrQBFNkfs8Z5IsUE9YyJy7x
- 1Qqn2WjvjdMvzQRoNI9eqX5lXFOArXprIcV5i+DYNo/pkXXKHrEQgHtMamBsyTho
- 2jSYC7RKns9P6pT3PJsSn11K/uzhmtAO4zrHJXvo83g5I3KPA7VmTIqAMUywebvB
- et8jrRlxSj0eITZzCLGF8GcI2GQozLxsxbnBkMtzaEBAU5id1URlPL0ozJd4bcj0
- bKfKeT9ufcfq+9BEK+Y1n3amUK/ioSWrOzvLBVOba2MXC5VM1/u11DXjX3fymssM
- IpEBdsFsQk5YwbyfdTw10LM/LavS7SqwM0/b1UzRgifDs5EZUEVHsK3uUgrNErcv
- XGrSQUfq0zwvmGIOHANBwBDZ6tZx1AuOzpWQXTDME683F2HcauqDM1X4Rbp9QBZ8
- sFyJflTxbuJrR1OKE7Ro9SzsVhOj6Jdh5LnPJoUY209/Kspm2+6DKq4Y+y1Ibaq4
- VMviDt4WRF4yykjP3HvzW1hFpjbjjQpoevZHxWlD0VIssq/lX5YlPSrz8NmCeTPQ
- UUi3zQrmbyp3bS9yX4rHKMxxfkqFrzLplQbyVmZ+Q2phCTT1UcR/pdaZhAu1QVOR
- ueZNMba6YIi5mQhAklL7PfZmBTbmV1lsHbI1ZpHzqLxDRcWCirnOGf2PUj33JXTS
- XgGO0fiU6lVXiTXCvwaX2WV0aP6expw3cKQDVK4RSc3ngtrT6j44mxM+odkjY4bx
- /YZyNmaQcWIWod/p1sQTZ64ZtN2cOYn+jEwYSUjOgixMBSrAwym+JozjFhrs3WI=
- =5XOk
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJAQ//SucuDD2gHz2PWvMZ8dT2Iid8442i99ZF8Ud3Us4z207z
- BpZmo7bLiqqUs9OvMKszSijPpIRavpPcrpy2utuTLl0MiTITBkwRm7a/d1p6GBiz
- jDoqMuXpYtWlcELBUNlJncjd9FG2r9q7nOf8cQNkMJnKklkqr8Bb7vpkiHI5OihC
- DiOIdA3nz+0wapjoxxyM8Pdr6AUzUEuU9kz4Q3TYlDtbRo7HRViUj4V6bADQJsbn
- 71qzQ2C6eqmEHrkj6B1MTjjqf7XXYBx8vbdopoB+tqYc4EqJ2Hzd6fUbyNo1Cnpi
- ndXds30JayJkRy3h/qw+so9Zmoqq8vS7X5ZAVD0lHT0UDVTLMwA7JVlzOZ1UOQo2
- hW80AhwJIXkC5EMG/uF9HWlLTxM73CbGrFC5gk1YNKto5/waZ72QbsHAUqagCcPe
- Z9BwlCISDz72QANuLGkpcoznBRMw52Xa+R+uoPDv9f+UjOZyQxMkH+uaxutKnfuO
- HpYRf0FGSqpDs1Bz+G6obPZ2vQhkjK3C24BivJvVm5fyLv6GYZtQZr2JpgkjU7h5
- lzDXJ1wB7UueY8YjqB04FWSfaWW4S31PpWGdBIEN57sHbhlsxj3DpOZimjyjvJ8Y
- uavqVNJpaZWAQQAJkL9SF3rFBGdawuslPc7RsjRQ5sWxm1+HJiuAsAnLCsiFcjbS
- XgH6bvd6helroHo/RLMsgtilpkWmJUfMC7uoiHplkwY1GQdV0MwCuGTpiccE+FVt
- xwPrZyfeY2LITjRZa0oo6un+42ZNvVeJauEOR8VFv+G4R3gT32KuYbUtU2sUCho=
- =X11W
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1AQ//foFjUY/5G1Pxh1JnzfChYC1QsJYNWNWz6kANfXFcxQ8i
- nMFfPBePJoxD9g+A5y0Q5r5ypTmhNIzSdJAeRFGl2I9Vv4eDLnzjnCn2NxMZbS7h
- CcNx5bZeX679gi88I4xb2jdlAGr0UyirVvgCX6LkmbOuMXfftuPIqxJQFg3CKz/h
- Msoeex2XDNyW4pwf3/mbhLyd4f7kVBNYQTMKlTiz9OSUVnmuwXOVidNGB+PI6zvB
- IdGjZSZCu6NtTzFsx5lqCkRs9LQtSW3QZYqlMVt+hq8cd3DRKpzGO51ZNr+pgyga
- vtLiO5Rj3198FB/qC1+vn/fromqryBU7EJ/Bu8a3n0aJgIRHWg2JkkoUtFwDtg39
- JIN8r0/KOj7VwkgoiBPCMhQGumgOPIkvlQEcRWlpw4lQGxee2rHCy384zWNvOugY
- Y9UsoqHAUFBbfxJt8xwSwJ5EtXk8lNNHARMM4I0pCLTHQbmXILRk0VJ4Ycdi0LGH
- 8QBywXUIOvloeqKe091stfmfv9BY95Aap3ByG+KMy0sfcOpp6ECXGNfV6T4txl/v
- /HyUjdrOH5vN9zOBe0/Y2+Bu8lS95CGx6SuArK4Kn9We48gdVKJlPxJwHzwRwz4E
- jMBcepDLmhNyJAlLS3lLEkh2kPjXdXjWzgYNi3RIDZ7wCgqPq34WzrHwjXvR0VPS
- XgFiHx3g8CiWQLSXCmcOUgpQq3AzCipXNhGcv843GRvkK2MORk2wVMgKsIVXUpw3
- rVU3we7VrmgSxq+NvbHoNxWCdBCQQ+do/3gtBaeTuT55O2Sq9F8ilwPC+dj5+IU=
- =ld+h
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdAMPFQYlbeRj/MpVx7JfDp75l/NOiUN71OspQ7YL9iey0w
- CqwiSo+D/xRQamcxSHX6CK3fPTj2sneLztFo0i8RlQ1ElMm9BL4UpWXh3Y8X+6np
- 0l4B/NWek19NSsnockklHuZcrwRzbnutW3xtDKuLUUSMCuZ9mKD/RRe2lHyqcGdG
- TNRW2buI+jpGQNXDu5KbPicJP5LfSqMofWk5mRkmhpDy+va/0UAGnnaCulAQ8eNy
- =0rax
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fARAAnDRIiGY9lMbRJNEvz1hRl7KdwtWn/FEei8Qh2OK5UAnh
- 499nEOYjJI/fmWYhF589nR/YiZjTUaXHcYoJ6NgxHdxi6abwWypyNp2qcrYmL2jn
- NnZgZEZdV4nr7TMnNnxF7e9Yz5um4FSjZz5jbXuQm2/wJirEzHmd6ImiN49+fbLE
- CrwVxi04IrjAahggVHmcWtnavXvLjmUVd7d4s58TlUms3q9KFj6+xSFOjAOYFZy3
- Pkk/tGPV39aKQNZgx30KID2yGcyQT3r1KahQt6nG8dHaRNihnFlgP95goXG1j4JH
- NbrWv0siKdrYZ70xBCMrRBWGStFDIsGAnts7r0dMK21yrNsSpHaZW/blLUmKN/Zm
- MwiD4GFQUH7ierhpCt66xWyDeCZ8hzZ02Pu05EXStwi2RFtCXFC50m2zvkP3IKuP
- 9B9kJu2zpP8UfOkHMwdf2xsZQdqY73qXuyDewRt7Pe0gwlHjknpQiO64dvuSkX42
- ZQJA5stvYsM0t6lmvO8oRsvztOeOWjET3aHDGDjN6/CwmpBwd4qT8xZsW/QZYPAo
- uZl3rHJGi8ury+RSgRKk27safwgaRak8B1YBEJqgDxx5i2Zh1tYKSnMtWdomKmFM
- qFXCHqQcqDbFWCpDtpFRxBUKd2evcBVtZ36zPPpJPk10i6KH8OrQlpw9akstylTS
- XgFEk3dzaxW+wnvpF+swu//RNNiWxi3oxLFERyHF44nb2MOWN92nfmkh88sLPUVm
- 9OVrBfzvxDDECSLvHzAcB/Cyi17VHCP0PHJ1qMuqpSNeMifZNPS0m/21l0HO4d4=
- =UBLi
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoAQ//d5tVcTB+gGOQ/XoghkTLtrK/jcze4yPGsPlQC3IBbvqc
- CXDjIAnMj1vASB6znJXn0M9WmdUA4HmNl13vhJS0JF5X2pjhhsn8UIO36L2uLDAD
- o3FgNoDRJYe7ubhMPVZbBbCDwasRgnR0LzD8efYD0anBE3kpReHPVf5yP82mJjKs
- SG2c+QRI3ZOwFPHVGzRnqszqpb90uIhQAwy8Ta7MK08Jao9KVQbSe0YMam0s4GGZ
- 8F87rn1LV/oLW/uDP0DP4TSdDOP/ZnujM/iQcb0WNmOywrUxlySVGrtzTBwX65Iq
- Czz1HbfUPUU58xwmf7TTfEUahdIeSseMrrR/hTIWneP0mlF2YpOtS8OhI4/xqpL7
- D3sCRpCBgSl8dCJLQD3GyP7DTHI1Hm1TZIjwTIKf++IvMFKS2mYmVnVHevW1xO/T
- s03VRDIs2qsUqmF8hp60linbKKtZ9+dIYPa8q9SZn36ogoX3kQ0G69TGnpGMCTfC
- Xbq6nT2PemYUx4ASvUCR0TeAUApGFJOZkexx8pxd11puXlCOBteq4C9kZioC8ACK
- BRZrCJ2Zdw4yqW1tY+2Qbru4RGk1F0MRAyAy1U2v/tM1uLrNnDW7rOSzJOTvM23t
- KQSb+TCQ2/WCve8EkHYMW5M/UbAee6aZzUs40KHHwiiFiCdoPOIbk8zv5qBBHFDS
- XgHmk0spm/mTYFGyIVAszDgX5m8vfj4eFFtUnil2aJ4qBurQ1e3anp+k+okoDFzf
- 9txYitRzrfYV3HA9XRp2MpvxLCi73RoNp3ssyIldnJix/OmFFZLy28o3e1b2XOg=
- =K5wp
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqAQ//bgJFcgiF3gfShw4zUmTQoiUQsTnidPchdNkgU2bSeTBr
- 8VWX26kJGkYDUoPMwRK5jPQgehDeuJQMXqkkDVC4NbLVBsHzQX+cjHvm8uZAqqq0
- aXNrEqmiVNdpMxiETLCb+Ufu2Vc5oF4YyHWWke+090iMg8zOGhN0720uSYjXrc6w
- GUx/FbaHPaHqG9D0FRImkzz7NacsazHWOiu2MaTX/Gcfnx7QRsgZmusZZblmpvcE
- VuLi52RTgIJ1n3MHspywMqM3PgHi2zZ55kPAHCbgpzv3YIl6rKBN/Gf/5Df7cvVf
- Duh7Sj65SV/1IFXsF2V4fp9nPAfooLIUW4w9oi1F4zQ74vYbZB4r4aQ820pTb9ZO
- Dpct3ogTwk7vqrvXJ+hLkoJ/H1CYO6lnZ/T96y743DtXSZg+GbQf0CJ7ptsmsYnF
- pHWxG0J0wudThtr2/NPYlEkip39pjWXPwi7Pjhp9BQqfY1G57MUV9AncTOc1QUDB
- qFllE4PFS594quaAIlr4hk/+bnDM6peyRc3yDqFUWwY1n/znQSxc7S3VMUEVh5zy
- 0+EuvMLNG8RfUCCyXqi7DLe6EpCXJL2nl50e5oAD+KjKXjcAUPRTGT3tSq4xSctB
- 1hGrkTMO2+e3OoXToRGzGqPWTrjHIZlppIt+LXWKcvyjmvNGpH9XIWaxdKHBJSPS
- XgHTKw1srs4n+gpblT68cedpz7eC7+MsnkEJIAaOf5+4x2d97Ualb2RYmgWmjuCv
- 3TAKmmmU9QrdiPUXEM4OfnucbPX8hDZuq45AFP/wAGLVn482TW7kzGXpJoWzJSs=
- =qxx3
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdAF6ipxbyfHFiQdfLBZS+MG4OqjwSK7DuaoeajSKAG0V0w
- FDR1EWxsLF4XO8yKTjK0J+iQeJTiAaBxACpdB50H1XAsvSSZNSTF0yxa4VT1t4OG
- 0l4BgosZR77tSvEyxwA4JCq+PdLraCh6TEHP5jNCTDfjGRSKMQel0mDxxC3+wk6Y
- 09UP3kq9OLSzy3TJ68/Dzdalt7DLmUDymdw4Ge8RKMLOHWIkCXqjUr7Pj1aRi4+t
- =ItUL
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdAkadkEUquIY01vNygyOa2ScTMkvQ8tNWVrFrWoenNJGMw
- fszAyJblP70NGlNEX0zorSMxGbyMhYyHqTO9qM0+1+Tc6yJ5mqMUgt9kdvKJEGX1
- 0lgB0eihxUD8Jl9lxuD7dEX4i2AUppoTzVB68Y1ibeIzmjABoNuZQ9kpAAQS9UsL
- WF4T78p/mA75XSJPyp8lQNB5+hjWd5OM8bCZ4fG1ld+dtXhZ0C0WvIvB
- =DkSc
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+AQ//XGse9ZddCZYBfTyrIJ5PUZUv/pA58PiRPDDz4P9zUeC8
- nUqNRCAHUJGKEEzHaC+PNmd+bD6uJshZnVVCBn40iwFRmU9j59evzXmr/AtfmshN
- ujzTUVsweyxiCtG+h9fwjshmIXpkyyyF8MmE8b/45FlGjK6Pt33IYjthdl+NL4oF
- +sOGQ1e1K7q57tNXxW3Bww9aXnDiysCmLJhEDsAkHExedHX8bZw989mV3IxHnNDz
- F4hkdNquZczjvlKiXzO7XJmiGYXjCyw9umpQoL5jIyqklZKIu9XW6DMc4FDKkDMJ
- zr5HmYawg2W8NxHJLL81Led0/zSQKC2t6pKcjDcrcAr0qtyzEbrbMhOjkDW0TtbP
- SizD6mLpB7Al3+p9dy7UlzqojD9W0luZooXASb6mlo13rpPhyBVK+Z/Cw6bIJdpJ
- DuzprJSO6Iesgabbkx4PK/dh/Q0qlTH18FNoyGKzqph72HeQXIRB91bbp8WuRYDf
- a2diW/mVSDEfIAG1Of6/zqSJiHqoIk1A7nR7UkrVZhjadDkdqzKIjTiqP/oHnykF
- g9RR/7AGVfGS+m1ggOijl6d2jh7P3qyNBKN3GA3mCwwXWUy8+MVT6iOFaBKPmvH7
- ZxC/B9cwYexm45TV4IdqQhtvAH/CbbYUoDOwAmR8hKjvC3o7Dqf7goRlYGLzDGjS
- XgGZUdpsfDr6XnbPqUQxD8/NQNTUtHnsyypqm6Lz+6mU5NrmUs8YjO6ZlTNyE4Lm
- BGoiEi7tIxEA25rfTmhdTG3R0GZEwhYp/HDjtlXQZK2KjYMOORfkqw7f1vnY2vo=
- =Ypup
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.10.2
diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml
index 4726885..2304112 100644
--- a/inventories/chaosknoten/host_vars/netbox.yaml
+++ b/inventories/chaosknoten/host_vars/netbox.yaml
@@ -1,4 +1,5 @@
netbox__version: "v4.1.7"
+netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}"
netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}"
netbox__custom_pipeline_oidc_group_and_role_mapping: true
diff --git a/inventories/chaosknoten/host_vars/ntfy.sops.yaml b/inventories/chaosknoten/host_vars/ntfy.sops.yaml
deleted file mode 100644
index 8958585..0000000
--- a/inventories/chaosknoten/host_vars/ntfy.sops.yaml
+++ /dev/null
@@ -1,207 +0,0 @@
-secret__loki_chaos: ENC[AES256_GCM,data:LWFTOyER+m021ogmXYBrcr/2fUe3XuZhs5ho0KbM,iv:808LWnSUAPeclhsIgOyR6SutTvJGOu7mrGaVayo7v8M=,tag:f2WCPyUESfMiGDQ4Km5Dyw==,type:str]
-secret__metrics_chaos: ENC[AES256_GCM,data:lAepzCI4pwkF8KiGYzGnC4dPASdHDn+LfbJTFSvt,iv:EUW+CGeYUqhY4G1kb2bbU16j9iLwABHfRCdn2vac5gY=,tag:IcyscB9lZuZgC04XTxDb5w==,type:str]
-secret__ntfy_web_push_private_key: ENC[AES256_GCM,data:YqNEYa1Ln3NFpNoIuBUN1V/WRzod5HAtYueBJYHOwyM59cCaYhQR1S9aQg==,iv:t8bEs5ZAEe6pqbbOb0mpJdfgruX1P9Jd+sbNurGqkng=,tag:Cdy5HKkvb55V6AeRt+MVHg==,type:str]
-ntfy:
- user:
- admin: ENC[AES256_GCM,data:kwGLrQXBiqKRoHkStGzYiC0fbcGgQHdZrrk9NyZtcZcI4nrKTGx1sxrHOMI=,iv:ACrBFMOP6rkfshOgB+a32TFWH1OKhQaoHcYgwHx+tao=,tag:2QTWmH/vAzIWAjaOHOkrXg==,type:str]
- uwrite: ENC[AES256_GCM,data:Jijz+zCPpzSaIEo0xhicKlMhWSewJNJ9GXJGYuohq1E=,iv:gnjEX3N0txcBIkJm5bOs4JfKVsdi5URgoMAmquCMqKQ=,tag:Fip0hA52NeaMODb9XxjInQ==,type:str]
- uread: ENC[AES256_GCM,data:ZODLyYx15c/rPzKexoLURwA=,iv:WqUrXexY/RBAseUwiLPBVYpA5zqJeYBW8mmcvPvjtyI=,tag:SjB4OaTgIaVKHDe4JjDN3Q==,type:str]
-sops:
- lastmodified: "2025-06-12T17:19:27Z"
- mac: ENC[AES256_GCM,data:mlJuYT16bx9nEFw9IRm/Tf1y0HF1aVzx8BXhf0VKWkrBQCyzx/qbjIBXIXl22wzMrz/KCZ/diNRx0Wdq2J2u3n92NQtziiDZKwK+t/zz68+cCZAgktmO0vYc+BJ5GoJPuSmeMwHkaJqt3zYGQNzOJAYK9DPrK2AIbo+O21FgtvM=,iv:c5AmWi89ZLR00LqG+bKnbW3WfmIYsyz0X9A5r91Rar0=,tag:x3vf2WTu7naRdwQbKfrJCA==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:55Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtAQ/+OtDGnGLt6wALS/6XENEpmsRU1WRqgHfQFFuTTcejZ7IH
- EnN/t7vgI/Rh0f06ty6yZaklEdYhtgRtEBG/yXt5Cn02WgxH6FCUiDrTEgA+Ig0b
- O3xncqMei06ImmFW0kfuP3zAgrGSxmfR5JwLbsKXBdjClG7YSJBfeyn73w7JdQxQ
- mWuQCaDrc84mbQPeKUKnApkEOdUOKnoW54el4bgSc/e/eZqMfiRiAwkpDev6j8Gr
- WDQeHoXBnx9h/GdyD3rxzcoXVqzV02rB4uZS2lXJVRwh3bA1hO9oP5FsTLY4d4yE
- 0FcnbeTKDc/aJ+H48+Wq7KY0Zhs+mb1fhIuA5qjlW3rBcmKD2+X75YYXeCRMX7q/
- Hzc5ZNK35g5IV5WMzpXZaQunFHt36EXP4j+WqC/ZQQx3oSZ/2AQUiMlFcIwnmvVx
- m1c4TCF8EGzxoJBKtLpF/simuEf9XBYJeuZ+IQ5w2/dxb4c21whMAE0PRguzS/wB
- IzMIDv9ra/iVKRH9FikrzBk0b73CHohF2tBvGEH4R9NOaWjCYBC1+f6Wzs77uEs+
- SplLBLlEGne1x5aH8ZMcEElIxvNds38RzpBkEJkR+1TgEr9DLUocFeTKI1yVokAL
- 031NHMY7CYR8M7hJEaw3Q19FuxaKuCZ9KmlUnS4yGhpKpBALqQwPO88RW9I0nTvS
- XgHS1MKkbVRk6OFnke2wb6xyEEzYnOGVi1WclpEXRHPbTp34G8ELSfdcN0DnSUuw
- +2pVOBJZwx0YSYEuVHOEUDyP+TXHGBiv6Vg4HMlXccwekzPHAAoLJ8GAouThtys=
- =il1S
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:55Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2AQ/8CHF7Nw8PguNoqxb4CEuWOVyp0lQ65+LaUP0RO6seZ2ru
- YWcQDiVM94zXAbu4yhzFANnBboXXYEhXkkG6X7VRDuyPwyGC1ScDE495+3PUIo8w
- VPrBf1jpzla2qy6qYWuEbfBt8sjHWLS+Yc4Hw3xyYJeBXlOkPt5JDnMc5jNwGpj/
- 6BUvbNqWfqdPGa4iNeCNaKIntJOVvHAQtK0muu/GsDT058bxpnbLQ1FBcpRI5f4x
- HcibMmiswHcCLbqUei3KgtUXCriMUSP8Vcc3oH53tm+2g5imLDHz2ZDVjRoWHqJS
- Mn3dDLvb+s+WW3heh+6cN52tmw205doljPfAS/8XKak/6PyHlUiTk2BaYeBibURi
- qLt+hCFmlqvO0vMDsABY053m/9zgjP6sAYcum1pd8vxhSi+aZnC3TNJpGPWYLEdu
- nwDA98qag170emAgXQwwi5D2HA/Zay0MMU9Iqj/+FCN24iiJ4pv8fUsY0r5cXL7A
- 6EYN7u1cUwC5tsjF9H9RLo4NV3u+Nbwkvl3NLWH0Osj8WXCUqpG3Bags6eKkAJty
- hiSQGfWVYTu4PKV83+upgvfOTaI8mDY7Rh+iYdSeIxLBG2efNvKD6CAgRnWHZxMB
- 0C+mqmL/R2iZtUS+BftYFHPpStXmlHk4pNLJph70FpdRqo66YyqnRudtSC94XvXS
- XgFISA2DDfSnQdjPK07lvQeVfasYLtNcPyCUNYNftG0EOXo6gyu26JGtdlfr3aMj
- 6I0rSaUBtiDhW2DZuyqD1XApSi5WowoiU1CAeNI0+PgTSeUvoJnxfLSmkieakOw=
- =1sDn
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:55Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJAQ/9HMYrcviZAeuoNHBMEG3vmDe+auJaPZ2I28+CLzEMYrD+
- 0AIQJhkgdB4RdOesH66ymQlqm2IOOod3ukRfQlWHnm+xhuro+vZdBsdpZmZ5Gflz
- tUOOcCrQMC2+ZANwDsZGuwdES0Mv0bUPPWJ0ymA7dx2pMxcw0sZkyBTEgtLPjePG
- /SNkIEByOZQeuTcD1XCQAZwVxpr2X7F8DPUpiN2UI4FIHm6CXgSUIaAumEQ/iRmU
- JeYi+bPHgAGWTIpahRDUb55X14VCVByldaOOjis2xTlwFivscBNPQyGeD18w2XaA
- 68FL0Oz6RLyNxWyO1PSEoHf8bRJaOFWr0GdqriQ/DopFgpRDLA/Zhodg8uXylo+P
- 4j3SjX+B1sPTtDalHeE00PeBPphF6tFqCJem6jJyVfW2XojhA//GJvHA4U5kjC3K
- ZewlCKQFQeMiWe0roLidEom632Nwu4SSPGSoLjVwf7RCgwLEDECZefSa15liRCUL
- YfnG/2qNAovDePwiy3NH4K25iUEbd15Qt6GjlqwTPw0UKLcWFdwN7eYxeANONDYl
- eo3s65NjfxJPxhkENefVSQPGz5OOjR1hQd7bK0d2zdygT0fgYFp1AFGMGVzzE7Vf
- I0ZacKO+2qUwTsiRB3Q89Tj3q/h+1zPBx/5eCsFEmy9EC+o4+zIiw4rVLhFWe+LS
- XgEg5O7VX1jUhh8e1Sf+o+LvL959kG9JWCjkito+RWPk6ZJIMf+q//1SuDHq43ZC
- /NZ9yHUL1wMt+I8vW8aoWiumdMMAlExOWe0bPm5o2E+rFKGlfSrDkTewt9hdMgw=
- =eGdQ
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:55Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1AQ//Xgqm1urvBP6Ox1BH4tjNSXrU477byrpdMOPsUycbZVci
- bugfc/xl1AX2x6BSDuRYMwXNgn09w0i0NlppnU14Nk4zO6Bd6srTOntZ9VCupW6u
- X+CSHP6Q732aW81nQdsYgQ/43ma1sF9Mg/RHucDQhDW9NQyQVNfLyjLXIeM1eNg8
- UFf4RWDkku4AT8oA0vhNN0ICUp5lMY8YASSAF2qUj/6xmARgCW01m6YYi5xuRg+B
- u0KVn+59h/Dk+CpHrldnCdQ0jB9e9wsneaai/mGvQA0XeIKSXa4XPt4ke7/xjBbB
- OX72ElaQ9LjIaRbE8wyO2PR+ojP+Rotdg1upYa9Y+PXlfYq6iaZ9+Ngom8qMVJY8
- xJO/gJd6ofvdZ0eG4GQjAnZ3Tg241V+ZzZQ4ikG2d4ZA077Uut8etUMvc+A3SR03
- PQ68sBlVEwzix16h4igDSmDfrNOI33uFhvwICs1HZeFQU6yDPgfFUYVg5CParqTX
- e19fxExYJq+0GzVUSaFrA5N+k2mrNB3LRzHJhAFyQHm6CjzH2DUQWnGN+4dIjIWa
- L03RhgqtmRh+yU+FY8SDDopsUCbTqAB/ryiPeI6IoQJEHgi3Bjw6aVho6qFg86Zs
- 03qfgqo1HrwOvOXpGQab/I6KJm4Ch0BJLtBbr+UyJQVb1F4s38GpfFvTl4CqTsfS
- XgEc93bvGAb1H3O7sWJA6AgFatVRCO8uYc59P3JtrUprSqVLups8wO2qJN/5kpTY
- 5dbbLLoPhODa5S/KeuSLQE6m67d0wwhaOtB4DYFDstb8rR9OnEKzDqFf0QSYX3w=
- =nSRC
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:55Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdAzV1pxVVB++XYkZXR/VxbDn4KCGv2q0qwfvHq78tQelww
- ejgqEdFSd4lpD9rPPljp0ZRwD0C9ZZeJJaiNKO3PJNtfmYXbGZXng6SgB0sehs3Z
- 0l4BnePG0fCcb6YKlfoXcp4JUc/hlnok5Ftt6H6UapaSnghJvoaqz1x4uHFewTVk
- 4uLT5OGzx23xB+nQR9Zu//1MH8JdCiZ3DAOKyoXa52pMD1kt8T9a+26rdZgpfsXA
- =du9s
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:55Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fAQ/9Go4ytWtrKrWK5daXLBhqAEOinCKekQpjcW5CC2bhTR/r
- TZoJYphkGxHYzAy8DFE2EnM5mPLvLeJHh96+WbcDLB0VPHvQ2tLlOJgyANgGBcuE
- c5gHmHYbdN+TKkku/hCPXCui9S0xYvAEQUOw9tul4oZmy48CEf8f6okXTEiDZHwD
- VqfCAvrN264t4qB+IT7ZzkfcZzvkSVBblRwX3dmNEK+sYT2UdWojWlq1HS2aurd2
- Dp5WRkDu/eVUVv99f2E7aDFTy8wBT3c6O9I1Qr8ROMpwQs2+Urc3mEXc6pHQy0FT
- pSDhKsmjUuCNvbr07HxiYDiKYVXDoVh1koLWNlJy2zHl5SwiJ/vefXULGLcFDtiD
- VSaeok41RVfKCACZd06BtgbVtHBRX0UrYfek2ngNZFUqVv1596du6Q8DjM6+NZgj
- bisLPcPLvaY98mheUgpb/apX+FSnTysxlmJes3d8OHD2trG5tyDqp5uQHjmU1uCN
- jfLxuMlxTd9ogNBIfvwMJ+TfkDAL8MvRRHL9n7MbHgZ7PhAwvtaQgNxyRYPKUHrS
- MloWHrW8bWggW1KhR7e/AQmF/zWELM67rZ+mhATvh63aqGz7+AGD/XfJzXot2ApF
- xwSMrz1096yKau+zPv4i7bXk2xM1bPYL41V0wTk4JkHyPCNZwx9DRu3kDl1pDALS
- XgGl5/wueV/EjAYImOQ/QFT9LcQtPKrzHgWr3YT7sjUdgRxF8UZki/DY4nY/J44x
- pXXG8cgYG/AIWkQULbNYacG5Xe/ipcR4F/s56Xn+jmD9uvqxx5ZDSMUf1EGmSqs=
- =VnID
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:55Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoAQ//aeSxtONmkn37ZD4R85kwupF++d+F5OiRF4z2QvEeWGwS
- kOby+TqYXlDBZj/3/8K/mM0JKxWA8Nz+xXM+2yiqsHmZKJMXtXMo45jC6bJ5Q5a1
- 0mEAD6UPX8ORJkxDoxlzpZ+ghWQUGNwyTSeXFzhSW5ikN1KkFOhT+rZS4CBXvPEf
- YQVA5Yf3QIAuocw10mIiPso8SFWd35b78LdGQv6fUkxHcqwZj9sdNsVIC7UZCZXG
- G3KHV01KmWtgTk/8XjQT7SVWl1O3/48d8DW5KRFopLHyC6j6n2NdF8t+nNaR4d1z
- 1CIfjdnvPrd6F3WuKg94gXqgot6yhxv9hocDte2Mf8IR8SqTlXoXqVW654NClxHN
- vanZwwYY1gakQDoLzubJamC0hd11ilX8UeX1suF0gXy0TGjyT1VSzDfCF70J8I7q
- pj61aXjTt7nQJBVoebvXuW42ZI0NMvQZb7s611Ld3scpTe8Xkxb8bKxDTKpaoY6n
- Gs7UMhn5WHD9pCjkfknsa6C8H+NHY5Srt0JM6Ec/2FlD52ZK5AwQjM6VKZhyqQHh
- tXsZwHi+el3Hv9jayAF9+Qv14iPn5807vdCLR1ErnefsB5hZcM6rPfhI/BqPuJnn
- Rn7OaqzXuHaNi7TVE8RhruSr667AXdoH1dYd4JMsRYH268CPvmP8cmMufEfJ6/TS
- XgGB3+MkHwXhLzPDtobCE/ZqA5b2vIbxeMEUNH09FaJhQLejXc2XkNWlQIm1BO34
- aEmVHOwvOFZEND4cDkJKdoFKHx6W39jWwMJy7SvxCY6OZTGY1zTBHqwLHptZs8Q=
- =tRKC
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:55Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqARAAmgQWepRi9uxL1Bc67Bq12/fvQlk34xnZRgWUnrRNkHeC
- pmE81tXMZT7pUVCG7FRWnEkkdy/nbcR1z3ogv6MKc4M86Hw2CMGQFXGp5QNjHEm1
- uTtQ56tnrou3x714Zy1JaGbzt2og+tCH3JisgZSpGI8hZPqak8bGF35dHylw4iD3
- y77/8VyDAeB5BMqOgtQvhbhUe/k09KoNxG4N86bbuib1mPVe+GkwEaZs4SQAeige
- 9UQNOaogvZhf9QZQAvkB/9AKre8OEWAIFXZQWiuMK0qDm5T0l7QjjehsgXtiNNOq
- FoVn/KPhZ0W7VfWE80jFtCykxzC9tUiDQdeO+AX4KtMbWN72GtMvXLAzC3OZnFAb
- 1DRzcaOQMG9+I36JALTwSvKZfJu54mZlt9fdMIk1AwQ/BAXIKQdxBRGCQFeO18ac
- Nas93tSox0sm0W3MwmyhfqONJgEJpEu/cPqCdi5TDcaOXuyM1Rkd3DR97xieXdrG
- qNOLlm9cICeC3ZF+8TcxWqaSQoO0v08Ky2eL1W3g8z2llFZLsddlnB7iOx/gFRB+
- bbNdwZLvz637SZNlFOxf8F+Oii5wv2Dd5szTJ3WsNcaFiT8sCgiPpOeLbKtE+cG6
- 8ElwNICA9Wz36MK3nNesfI2Qo3X+GW9/NKNQT+tr0EYCOkVj7drPdf/0nWThLbnS
- XgGqDga/2tLpJWVxGlrrBebbd0egZgSQKrEAWIQf/CMqWVga6uEiNxnuR377KuLq
- pyyml1Fg0rLZEcyCOEEtqBuQSUqtetzF5HMPiWQbK8HAVAipn2Wglz37/9uw6eQ=
- =AYMr
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:55Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdA7ygaB17SxzcWIG3zaGElxBpYnlOVvQSH9NBHboF3sXow
- 7oLhRFY8fj4cw3+dSBmspZOVySRUZEtP0ttvTrQjcGny8yKi8rLQXuMu+YbbcwL+
- 0l4BKeJOzNVgtJCLDbkWIion6UwLLjDnxZyDbyyi1fV3CHnJsANaB87Puj49eJUd
- Dw38YkWGApDWqjUJYpABgYHuKeIhEzI1bxdrHdblTYQKtEsDmBaPdyuEyVXIQgLg
- =YgFd
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:55Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdAhbVz0+bmLjF+/I68+hr5U8Mv7PfCXoenoxzIElAoqCAw
- 3FbXM1hOlcDWlvpgB8gXag5qrJk26SlkWO7Zd9kxqSbYX7kFnnrpbkQUqo34cvDN
- 0lgBOF62rdXPHPX8FiTUKMmZRcE+OPgAEx0Ztm1kKJxM4AZsPeYumKFT4oAjuT1t
- taZe+BsC/LcH3bRthWFzY5WpNb04z/7iPsN0DGQmW2Uk3tO/zBtf9o42
- =T8Wd
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:55Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+ARAAmB/8gFVaILor5kyCXkvRgc3ZiFQ18aR6xHcfeWnJHfO/
- I75Havml75ArY3J2c+deEkyDKlJv0d6+u2i/xHOG+OQuy0CPKZyoztFdyXcA6lA7
- WURTkcDMrCZG9izvvxdXZs7blX7ViiSY6XCrBi+J2VePf9S8RG+CIuP3waUN3/Ma
- et02KZkwJGAWeHvwEgV0sX0iJLBROtjpBkC3XuvjY0pP715ci9dOs9mBh8ISR724
- X6luhbwIZ9xXXfdevaiWyNb3+Mv4W9n94A3CqQ06Zq0DFx/2/XQBIt8KRWBuMW1B
- b2356X+HUMEtzzsRN19eklZZ7eF0MPNJCHdmLq/l5KXUBThUiCb1X8zrc0y+Hrdf
- 3roJ0iuVLI0ZTWI6o7YXERFvtg42E+FjL+SPHBzzyPn/9m9uEggiGsn4ya2sZx+U
- OXZVqEuKHzaRfvhH6UzzN6SQPOm1T+zdqcVTX5aCUJzJhrUBXZewa3F1Hj+clOsC
- MGAeDofHr1j2Ww/zpQgq9FGHNa7EeJEQOWAJeH7YYg2oX/6kP1KAZQaF6aX/wtgq
- XN8n1wdlF7GPJYLY5bKpaPxm8Es7B6nhtdzpey/dakfEEGjDWkR4VP7rTwp1AWVf
- c1erNtkb2paFpuVqsu2yWTwEY2D8erCNVTJio32aAip4IqGoB6HfJBiA7Lkb1r/S
- XgGEOrYxOZ9zwdnek61HxklAjfORwOuS/0pzsUrYF5KvqzrYgOdn/Pp4Z2eSDsx7
- iWpzbFMXDcVUwjS6TuL3UCr10Nj7fn6STGxSULv/pYgO2lXAeRxsCO2jfKS63GI=
- =jH2X
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.10.2
diff --git a/inventories/chaosknoten/host_vars/ntfy.yaml b/inventories/chaosknoten/host_vars/ntfy.yaml
deleted file mode 100644
index cab4e76..0000000
--- a/inventories/chaosknoten/host_vars/ntfy.yaml
+++ /dev/null
@@ -1,104 +0,0 @@
-docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2') }}"
-docker_compose__configuration_files:
- - name: server.yml
- content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml.j2') }}"
-
-certbot__version_spec: ""
-certbot__acme_account_email_address: le-admin@hamburg.ccc.de
-certbot__certificate_domains:
- - "ntfy.hamburg.ccc.de"
-certbot__new_cert_commands:
- - "systemctl reload nginx.service"
-
-nginx__version_spec: ""
-nginx__configurations:
- - name: ntfy.hamburg.ccc.de
- content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf') }}"
-
-alloy_config: |
- prometheus.remote_write "default" {
- endpoint {
- url = "https://metrics.hamburg.ccc.de/api/v1/write"
- basic_auth {
- username = "chaos"
- password = "{{ secret__metrics_chaos }}"
- }
- }
- }
- loki.write "default" {
- endpoint {
- url = "https://loki.hamburg.ccc.de/loki/api/v1/push"
- basic_auth {
- username = "chaos"
- password = "{{ secret__loki_chaos }}"
- }
- }
- }
-
- loki.relabel "journal" {
- forward_to = []
-
- rule {
- source_labels = ["__journal__systemd_unit"]
- target_label = "systemd_unit"
- }
- rule {
- source_labels = ["__journal__hostname"]
- target_label = "instance"
- }
- rule {
- source_labels = ["__journal__transport"]
- target_label = "systemd_transport"
- }
- rule {
- source_labels = ["__journal_syslog_identifier"]
- target_label = "syslog_identifier"
- }
- rule {
- source_labels = ["__journal_priority_keyword"]
- target_label = "level"
- }
- rule {
- source_labels = ["__journal__hostname"]
- target_label = "host"
- regex = "([^:]+)"
- replacement = "${1}.hamburg.ccc.de"
- action = "replace"
- }
- }
-
- loki.source.journal "read_journal" {
- forward_to = [loki.write.default.receiver]
- relabel_rules = loki.relabel.journal.rules
- format_as_json = true
- labels = {component = "loki.source.journal", org = "ccchh"}
- }
-
- prometheus.exporter.unix "local_system" {
- enable_collectors = ["systemd"]
- }
-
- prometheus.relabel "default" {
- forward_to = [prometheus.remote_write.default.receiver]
- rule {
- target_label = "org"
- replacement = "ccchh"
- }
- rule {
- source_labels = ["instance"]
- target_label = "host"
- regex = "([^:]+)"
- replacement = "${1}.hamburg.ccc.de"
- action = "replace"
- }
- }
-
- prometheus.scrape "unix_metrics" {
- targets = prometheus.exporter.unix.local_system.targets
- forward_to = [prometheus.relabel.default.receiver]
- }
-
- prometheus.scrape "ntfy_metrics" {
- targets = [{"__address__" = "localhost:9586", job = "ntfy", instance = "ntfy", __scrape_interval__ = "120s"}]
- forward_to = [prometheus.relabel.default.receiver]
- }
diff --git a/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml b/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml
deleted file mode 100644
index 2c688db..0000000
--- a/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml
+++ /dev/null
@@ -1,200 +0,0 @@
-secret__onlyoffice_jwt_secret: ENC[AES256_GCM,data:x9eRTm9WrEFGdxDb8JfqLYu97NSBRvhknkEBx/zSEQlSfcah+CVNNM6JcS0Y6d9PARcGv2jGUyakuNN1wYmzYw==,iv:33lWNSnQkljr8S9uj+Eab/fItyKAH4/xAeckdpvzl1k=,tag:Ejxzaz9nkGLT/mqKF35M1w==,type:str]
-sops:
- lastmodified: "2025-05-04T13:57:24Z"
- mac: ENC[AES256_GCM,data:Av9x7PAOBhUoCOCF4al8/4BnpPHmUb1JvCv+PKrBmjPBVxW/sU0w6oYmUNjB4OKxI4615pWpfCsG+kVSEysbXtrRGp2RGqhnSKxS5l21W6Qy+IEkNA/jcA/teUGEOy5Qj1SvgNtWvXEBJgfm9eCQxC+w34JbzoTs2q+6nSxtwmM=,iv:HD3nBwmnOGP6MZdLiYv0hlNcvK5lSxJNaoIkr3Xadkg=,tag:uL01xCeeIbWhsdpyqmUyFg==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtARAAhcYelGfxO4U60gidWjgBoIAc7QK0/pavktBL4gHcq2UG
- 2wcNeMRpcwDTASn3r0GMw80a4xD1QXIjOI9knHypQ1Ie2IxM7p4tOEnj9cOaPb8q
- LVFb1WsmkDqxWL7PMd/Prg7OSctFhfhbKhUnxYMVWGMppZp0+NR+g6LjgCHDLWPc
- 65SbV9nYIOGJ6lZ4RcmC8iQN1vooVI8aunVDSnRGmPeECaO0AQI/idV0wsArbesT
- uZ9oLjPLGsr2edjTx/LwzEgZC86zYMvVYrgVpED5ZQz3Rwdp3Mn7k+5kanwvfaIx
- P+LJOi4RDBJe9W2K4VFaZ4mMn2qGbKiELoDEa6j8f1GYsQ/DeaTOrknXIYchsTuD
- sqa3lHq3pojh6cEId0D7/vRRmlie+2X3waOyV6E0qlnU0odRkCsuoyQizJqwzopT
- kHDb04kkj5I3jtOLs8c4xCazpG0uZTyNokwG0hIXzyoPMDHRKmal7LMFTMwcPw+6
- SYTQKyofM9W9G3t1I9Hlto0+RMlS2F9hxuIP6Pyk1gd78pC5RQlp426ZXbebiXHT
- TmRFZbVsK/im0htBUZPbR3/p6Sg/aaF6xy8I2kj/9Ef9ioxrTV3C33Yi6V38KOge
- NwyX8s2KBSksA6TMaipE2nb15QQ0JFGIsHdlGgzC4U2eVASf9VGNgNvwCTlVVn7S
- XgGTL5+U+WKfVQJZ9v2MVKS6K8dDIC2gJagWgkrbVHNxbLDdAJCF294FveXUGP+Q
- /JdVNL9CN1+ShaM9v65YOqr3ezZBqif/T5PsA9ldn80F9mNTmGEmnAbTIdobP0M=
- =Ui/S
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2AQ/5AZ8jtOFLBIT9kvnDqsoBEBgVZMa1NviPs33IgO3qLydT
- kxjZ9NG4H/3AuFxN0eI7BI8ppHJeSGsx3UuerVRYMVWt59UhpYUlkhFNMyvnsLGp
- LMg5p4XZY3Qrz5Y1zRHw8j/EgtpnH/ZZC2CSMB5Ab7bRMntW13lvEJ/Ku2fr6tTE
- XpZBrKv/ArzdOYY+Ydd5HfWBTBo+HlLiKtBUfegx8QrvODjNnqtVZ+B+nXLv/ZzS
- N+Krs+SBu9S2NNC+83r980wiP36ogZDYzbwmOgJXvH5XyvT1URq1axpEXK7Y1SUF
- cmeiYwJGNIjLogweDALQ1KoerJqhQP9toWt9kvK0a6534wSYJalmw1aav6Crjo9k
- sUzc2rFa6no3pMroSseIi2j/gio7Wnc2hRe4JRk5XYRarKWoLDV/1tdESDIBU2ys
- kM7E9rQPKd7QnYfZXkohaHtNoRPRc2iqtxv5opu+k6YW9/x1o/0a2GSy98eUG8k3
- kmLZXyoFTDrS1/k4lvF0o7Bj4ng9HMD2MKYSwvlapO7IWWdKjjnoht3UNRC+t2zh
- B/fKNUH4E2HjU/aHf6+OQde48pmjj3ZvNdc15TsKZnMXFOeiBgN1XQupkS9dWynv
- vvPiPBgb0fLuz12wwuyJX7HH7oJTF5QpDW5U6wdn+7vYmf0qPAJEHqG3uZuRcvrS
- XgF4toIKkiMrgC4f24NvfK+ZDPUVo+nVKClN7ezokutTiVo9tLuLgWLpPQn7SCpR
- 5SnFt1CN8f0s0y9UrNmxoUf6RVhkay6LP/QB6RVrp8DhxoFTEpHG2Qwg+vPJxVI=
- =0BcU
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJAQ/+MhE8xzGB1GQehGHkz3oosrA6WcrNXzI6ZovZrwmFc3Kg
- Guc4tDF1BN6Jxej9GU2zW6z/28I8vSeNgaKR4hJMAcMCYxNlCVOSa2kVETsFD0gs
- QzMa7gf2Vi05PxBUVlV3NhLaxiMydDJXgSncBb5qI5ye3niPlzjNnWl6dN4LxmGd
- JPaCXdIXXGrZo0gVfdz/ef9IbnGGXyUGDrF1ae1r47BGuXRr0c/ax6hcavzsK0tV
- ctjwaqOEwQJG0uTA3kyGH284BSRYSQuAIuDVG5GbnFTCNCnw4u4ujP5e1odmfNSq
- IOwK25/5/5jtM1Whdu5K5Ti9bhzc2wCwnkzfjzHawwDMkV5YCmz7jDTSAXGbdUK6
- J6ahJ66MaIOp8onFc2UlNuuK5a4O1M302KQLpXAvxFbwGZefG7zPdcURYppPuWD2
- KkTBGxfibM89PArAyp5G025HOubNExZoRQ2eccbo0i+p2hiDpRbGTOraGQPq8h76
- g/q21rYLG/rlkeffU0zh/0hKdOPLWY5GuIHyumFUBll0O1jK8mKi4B1zJrEypcrE
- VTUcw6torSPdA2L9rq6EwQA0+Bi9+nPO8+HycALTlN6RKel6ZcSTuYxQ2lx/TRI+
- tRQNRTrZ8ff6pJxtlaFi7yqfwpdsWLMIAv5qwaFXGs1TaONAH+eDZbq6AL5TwKDS
- XgEOrMHunsWF4pF7gRGkld7KTfE2X2WjwwlLvEmd54JxSwhUC9jgxsIgDIIklsya
- zlsRC5TbXM5FdwQb2Amm1dNvlQxrErSI6Vt2311IzTO09CMnc5TwqXCojGtAyb4=
- =rEj7
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1AQ/+OZwSba6kCCMRQ2I//QiqTmrAkX7at0oSta9WqDHuR0rZ
- 8KYkF2PfQo+hXfweKPQ5wl3225hwdc9rowW3XNZ8QX3oP3t4bXKciY+wxvMI42ZD
- uQHKqhlIsFvC9IhYdIUQaM8xxzCLH6vofjFWKeCTNBhtlR4TAZ9XsMYYqsRwxWJp
- VKskajQFDZnHg/qw18MkgQaC0Xbm0fAGMZa3/9ET0qnc/6yL8H8idnCZIRvrxfLP
- X7rXh+XXJYtv7uRhJLUYiOm76GrBhjFRA0kSnhFGv76dFftIMbt5UsGfBzde4fMC
- oRV2fA6irtv7LdA6hIRK+Wehpet9zkQFeQaXnGmtu5GQWyDGCo1o6PqtQH3+iRUs
- CiVJumE0qP+LGQ7SPUYjq+XCYohMak5DnWxgVZac3SaUeNY7Sl6rz538twxfh0OE
- k+1O3HkANwoow8mBvDig3UdkvSdmz7ilsc0u/8IcZjGieQ18dmuEjIAuyu8e23kx
- hSfQ/P8Ym07NtUmRpB83tM+2MgA6x0NvhVkfcR8MQUTsYLX6cr+llyfu3u9q/OCm
- uVMs6BdufsM60yshNP5umEUucS27UwfI2GqnIKzCUt4PG4YtZZs/zhljDKxq/B6Q
- udZktQE+X7CBRpBO08qAGi0LUk0ywANHXgJaQvAiotWsxNS35SAhmIrg0pU8DwLS
- XgEVbnsVLBPrZ+7g7eleQuCxyZ/hXoRkpC4ZA54R3UOVUuUJqXv5iYTOlz4ktEQm
- VmIBOXS83I0XXdtSwzXJLYZFjRhPElYqcQDHz/JPuMrJcfVJ/5XNgmb4rrNh0I4=
- =43Ft
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdAJcIypJ1e45UuZQhRrxTwOPWBbCBca46PMSe9m/jECmsw
- QbNtYY8BHMiA4xoWh7Mq+IAFSKpBnnC8G03rxWUE11zFAlZoGKhfLC1nlAPHKe1K
- 0l4BsNZr0utkNNSzIZVSEuXj4ZeiXlPH0W1ZN2zqzJM14iM+zcE7zoTji64RWpFP
- gJI0PnPAfTozJRR01kxkS835P83TA20g5qETCShhfZ2pdfk/NCXjbnWzyrPzRQp3
- =6NS2
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fAQ/+OfU/K3KOJETZY+6eok9W5mnSe+CfgY0YNl4U1wV3iWOp
- eN8r8oD+cj2L1c/cjB7/AbnYdakUj15JtOIK/sQHgqgMjrt0/Qn85696DV02vhjH
- LizofnsD/GdZp10Mr9hVqtldsxZ+2hpv/UVv3ijxCLkbBSeB/urhIspRDRLVclJ8
- FfGUFbXhPZvsf2boNMH3IAsXumUf6X0CXZorVPeUfGEtNp/upEmdJ7RVyKoaNbSh
- lDsqcnvez+6AAB8KzkBl3cIcl4RcnniyVjhwCSnrhwj4AFyadhFI367pt85eTnw5
- LzchFBBCu5ptNVaWea9MsSLUT13Mzas4TjzaEyG78oJVbRw7T57HSIJZoNtxVrG0
- hkNTLIvSAC9Hoo2CJYNVmVsmssfxjgmw16DdqMYd/WX4mTt7vfpFD1ESibRnkNGj
- hNqfZbQ+j0rhTFUtg4WvWGx5F6CgB8Ap6q12wibTilgT4iVEzJ7y6TfOAOTDZ6cK
- 8WImS0+5Sc753XlBi5e4Dhz/DtGNKg3kosACN21AsyJvMztPM+5BDfIj9xkdZ6bT
- zmvkYBYJSB0SGkj1DUXdO4tLgA27+X8c+G6pZ8ezSjg33NHR89wlgIeKzMM7Y7Du
- cTLfsfmsJRZ41dC4ShiUW7bD29UtBPt3G5xWAym4GyEbaUc+tdad7zonfANBS+zS
- XgESquN5xawvfQdXdeTvNlyoJdOrj4jnoQBQ4BFDJsFCPmGW1XJM9SYMy+n/oblQ
- 9FND78u1AyQNbYiZR8/XJSQojG3RarERmC95zYfE/v6J9ZePl3IcFrzSFkKMEbM=
- =wYBz
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoAQ//aUjp3+PSRB/eg9NPc4F0rylFKYrN5wNgBPGqMVIZisfs
- 5OsJZv+rp1sLNDoEFF9mShN6sjDgNlESCrC54v05y1YKDoc4v1ByBrmFsOe5SNmH
- 4a21LLAhf8AVUgYjsNEumllcKGSoN+a7qpXsXK8eFZaI0twLT875CTfgECKuUwMQ
- WckrimOCUEtELOnSXcbX20LK3/SeqFCQP8vmYweMco/bSgduSya8X/I2ccLxFdBn
- 3xJVJRfv/U+gHNX1aTS3W7T/hTWrYfdoYS02JcESgs8qwixmdeh9jOSRvyNghzlx
- e9FCeoCCl22/hdeAV6/FAGKZf/c1UdCw9iyQcZfss9jbfMHXwb7oUyrHFZWA7cox
- 4GE96EIWO13nRiNhuwuZtCvpQNObfNmBQTQCexDsCyWbqf7Ugo/rxK1qZy20GQ5T
- kkYXbiUfpw4Dd+tNdWBLuYcwPGzJT9u2UxAIdQ8LMC5q0gPa3BIHOEeQehsFu3/H
- WgL8hF0Nlzy2NtVDNBwWoCpC0bHP4eYHjZvHTSYvdm8fuhsYLczeUqozXPTaPVxy
- qTjVIe+Iub2GtNTIVbLImfz7suraeEu2EMFykSbABk3Ai7Pr+W9AbwYaSCKNgoBl
- UdSZVIVUmK60ir/wX9NFXdasKGcD+9QsNSGEyUrJQlprGa4qK9d+UR3dv/H0RvTS
- XgFjVJcrym9yFcMxJ1CyQkOsGeJV8GlxhRo2/sZ28oqmyNAWjCy0+ctuNAKMYzgs
- HtbCncFw/dkMT3taMWByxWPo4u3mMDkK9IP9ok60w7tf63xQYmYy90R6H/5js64=
- =bM86
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqAQ/9Fd95ys+j2usUMwvOtC5kOxEtEE5oBaQFJ3J3KdFEVhzj
- shBjHlWkMJQmbk9DhXPlcop8qQdp0rqF4RX2KbgH77Aulh6MBTQ6GUGWWW13sWW2
- Cv52adz9Yf6V96Waklgp+WtnyLQjGO46QH4vReCjzE/mjy2MTaVaoDEdN1+x+XUJ
- kze1DkVLjrOh0UYK1WFwmZdDA2ZbObyMCmgZOKMh+C59GKSe+Vzom3ulnmBpoIIk
- 63QdzX4X6C1HlE5l9JOW/09da37hQrCjGvvyq6SByOSsgjAEt7Ib9GTSspVmlcLz
- Zv+xTGiMMFMqmnhuBz/2BTFcSR3CXfa5J/bOHS0DJ53hJF4WSsz/1abOiW5VX8ou
- 4U/d0iCb3mjieJZS8NEYJBJGrvVm508PriRDm7SiC163ar8yuOewQtnbfXZY2hvv
- NnbBmjwHh9nxTVabo9eIoVR5/ZrQ381USPppGCDGtP7KewGsJeyXcOFKFploG0pp
- MrBanO/ad2QTvkAR/GmG/23KR9mxwa7GJEZDMsGo3kBWjgf0EMjf2rHm9ODxdvJP
- av8pCn0k0f0g3muC6Y4tSB+vnZ2teUi3RruYBCvFNFRLhaMmlSgjLVZsmoMJnAiC
- iDHqFWhRbB3ep0T0nyRChsosH4pRCBR/m/rh4JrOndxZrqActMzTd/V3d0UI2mfS
- XgFbi4mkURuALFlf+/bKnJnv51NHbG+EIynn4sFjJ2qVaGKThOdJbxOLqOiMN9z3
- TF9LJrPWahIWud6/M8vX9i7u7KfuaXdfp9taC2tw2DSm5WK9uA7+H0AtuY5Fv1g=
- =BaqN
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdAnCWM69qHNONCr9s8GS6BCXCtOLFpxeCZfzA7jOZVg1Qw
- /nNKYjCP6FbEyy0C1ho30O4zrq48Zto0/qGb3VLn2iXpanlHXN932C+I8rTs6HSW
- 0l4BPdB07w+0s3/y2yLFJQ+s8IeWY4y6WmLubNgdFfZizbp4UvfWfRIs0cMpOaCD
- UQzChZSP7SvM2laiD+025SQ5ryN3p1DxEmn6BURdg207MInBs4UyzZmAxfl7/8yY
- =uZOR
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdAudk8kyoAg1AzLdhTIjIPycUgF8I6yYJWs9ox/kLLLmYw
- gIVZS1m8gNCe18uoYnNYdLCr8s9HXvOj/c9hg+ZwUnd6pqCSn1nQ4Fc8evURoGYS
- 0lgBvVS2bVCTqST0qTrelYtPIfDbKeszGA0kNSVjIgiL8t8mJDg03ZJgm5cw4Lg2
- Zfxyg3699siroPSJ57cPOM3vLYIQQ8JmS832qj+WNRB2s8ggr36fPGXk
- =Lnsx
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:51Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+ARAAzDme1irtt/6nz5sxWuabWgo6EDqf3eI7bDY0Q3Xatb2g
- Pvg/CjB+dLJft56Kte/lnWjVkaaKTK7aIsQ0aI61CvWpmGanPe5U7Z4WTdz86TaZ
- aIuxWvS7io/oUILcKk8u76V9cvunfHPUHDdzvQUvoEeAyOl5r13eUxfHGNSXyGly
- SsFOkCkUaPCEKdZf6F2PXBdMT76jl7z4iiM0Sj4HnDb+Liw29WtJsVbX75TszF5d
- ngDjobt5odFSm3Ea4faZx9ONNHUS73QuDtidBcbA+79tUlHwLICpRZrwI8Ox3prs
- t7TKERP0h+lx0t+a5pqqxSNbkoZlDGsrrONaWeXBocrvYwVs58nMu7qrwJjd2rhn
- AeME5mY2MIez7R6NYlXdLAFmfFczOVHgVX9mtawNPlgZjhmQFgPiqJWWfIvL8d2v
- yAvuSd1SMT3CNYYIQvr7DLc2xqJb3VVrIpG1s8OW9OvtHRA2gFSYssNCmgIFUaxu
- nj7eL6wGsZ3BXLZeSmx/LEV4OhXER2YU3H8zljyk/OJ7a5p7fVa++tQXjdLcBh0l
- ssh52dML5270t1IgoM/vTZHe9OitqFj8cplSt5DZP6M/L1+/lPjSC32/WJ/aW0cf
- FGSHucAYp5Jb9mWIAczLJG04VXGmvgo2qk2UH+VFuHNYX6591oTOpcFXVYRWfTHS
- XgEZaJVKSZqJpmE3zCCUMRBLFF52YWSo4bDEiA/6THtTJkOgQ6GFUxrjolv+QFth
- c6hNvbX8jRISpXfKYiUavDyT8Rj83/5weEB8c2jTxI8mbx+QYSmG/FNh/upDtLc=
- =U5vk
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/pad.sops.yaml b/inventories/chaosknoten/host_vars/pad.sops.yaml
deleted file mode 100644
index cb6c88e..0000000
--- a/inventories/chaosknoten/host_vars/pad.sops.yaml
+++ /dev/null
@@ -1,202 +0,0 @@
-secret__hedgedoc_db_password: ENC[AES256_GCM,data:5Pw0orOTzb1xCefwx/n9h9m8gmEY6irE,iv:nZvnPSb6sXjS6k4wNUoo2PCJyOcwjm36gs9l0mxwAeo=,tag:0seJlVi9qTfBiol7mP6DQA==,type:str]
-secret__hedgedoc_kc_secret: ENC[AES256_GCM,data:7RyM9jfKnaaP7kJ1JwucPa/IAwaRc7Hhe9VYIKGEmlc=,iv:RvtaWLsf/X/y8s+DLANcyVgagJqGB7EkvQ2nYm2Xo24=,tag:amdgqknDGeZxUBmXsd1ksw==,type:str]
-secret__pad_smtp_password: ENC[AES256_GCM,data:msnYZYl8vP+OeISI5OOglQsCQ8vxMZ0gig==,iv:oqov/myWJNzUoAn4BSX6hN1fWyab5vud8NmT+z4ECqs=,tag:0T3Xm2zw5k5WmC9Ks03XhA==,type:str]
-sops:
- lastmodified: "2025-05-04T14:02:14Z"
- mac: ENC[AES256_GCM,data:h9E+eIum7jyIx78zJh65c/4QMZRq+stNklGuBGo8afYpicLPG/A9LZz1UeBSxyEoMOV/jHAIuoU5u1wmijcsZSBBjI0LZsBTnGLORWEZCoVTEVCUp9CJHZ8zQEVj4Gt+V/moR+pD4s3YLuywamjquvghwtOMYt1JzsePGcCkHUI=,iv:wxhwDM9hmALuX9Ko4izSQ270X1aaLH5Z1iu93/D/Kls=,tag:j0+XqgV43A6ry6hbHhGj2Q==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:43Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtARAAkolIEsdplQJcA8+qj1QblUlBFtNdBkAN/uR2DsJUeA1K
- u79l9bmOv2/gQNDU5VHNQvbklU4uqjZh3wEfTd4E1ywEjKNzA62njYAg+2/t2tM7
- +0a3I3SsnXI6+BVRiLOqclIZ0/D3h9y5vGrIyBMG4P1kaB7c+5aPR8d2lP58Dxkn
- wJA81U8JaAhjSYstzgSUUfsp9dNCQj6hax4YaHrXVq17ToJIftMa9TgAyUCZCqRW
- 7DAILy+D0J0h9mvZL8++Sl+mkQqF4FpOlN1kphEz5itmOJ3LrGPDa8HalJMaHaJH
- UZ4GPlZY5kAqmMffZPArQD1aMbgRiF9kN1FBfI2Xvkp7PRxuCzj/cxyiyPY2EsVV
- cfSSdBot60WS0GyH8pVPW2Yi1UWNjDEazq9Lrp80q1F4SA9NC56spfDgji3V5EMe
- D25LwSXB4zhgb4S9/iAYgJjz6dXvm9pVi1q1GBo5PrfBeX1cS47H9ULYtVTvYFSd
- CKTZlOvolBrdMwSUMCD2UEa8hO2cxlf/nD/E0PY4CWHVhXwzcxBWXE7MIiNwlnzg
- lJ2uBM05xEVzZq23Gc3wCMLA7042VDMKlq3jp0rrtMoCa4AzcHdmGB3vcR5WeeuW
- uWjgWTOjWdd8P1TDzkvrOOA64RAKI5kyOPehWreCuVefmhQjIUCKJdZ6/0X+48jS
- XgHBHrjRDE2GIJ4KmwmRH6A/npul74ABhFpZz+TioTOLABvGjN+vv/aSaKOf1yVM
- busIpxXSDX57Ku8i3zOMjGq0PNUM687h06ySTRx2GtCK9OxoyNJWpiPlpw6gnNc=
- =P+Ya
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:43Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2AQ//WoxZP4T54kwqz+0Z30UCYfdIYUjuL1g/D7fiuXbMSZHe
- cIY6hNfok4gAhfgarrEImIPo82gfTlDGj1m7TdciEMvPS4wOrcwO9PUMhlYPGePd
- nHZFlWe58p6H8uKY7TSb4oxklWQ6eDvROuTEFK2fjnKeFFatVjbVrbE12D4iXfSY
- L6Qtf+Vadh8GV8BiDWA/eHLLwlK/Z8/6sBXFrp/7iA/aavp2cEYm7YZHWwMXaErB
- UbEa5hzV97l9pYtepukE+PbnY9Z9n6uNOy/0+bdjy8aF2QKFMYwjfpyAlfJyz0qf
- MrdMnsaYWdYTI07q3FRHtrELSoOektTx9Ln+jELDHG0RWsIpVX+k0SBPaMFE8mMZ
- DgiAE+zfQ0qiY/LFuL0Lb9hC/ksdT7RIUbVD1PYyWvi4LriynUv9s+rRNoUNVscr
- JnZEeD/HCtH2GaJK/7TtpZGyobWSFr3Mr1d0GMQX2NmnNqCeRCOeLzKB5jaGx/gw
- OjMq2QrTGW61oa71l15MpWGNTfPNDAGF3KjZ8IBDUfadY1qjb0TzTGrXBx0SB/L+
- cxaMmCTQJ8ixqs2c4eAFJ9VFiLPN7ABYj84zEmeO6MhCTMrNOxEFco/go3+Iow5Z
- XgeyjiUK8MwI8i3OG49sNgtmAPLumris322InYzbSX1OSFVW0gfLadfhE6lXxRLS
- XgFMdQnnNa5fQOpPa7RfrVj/1u6G1kRq4vgvZqJUCEcZmKpXidl1vnYrwOBf/0MD
- xDO7LsKK5UvN3jHNAQJKMZXOBk076LcJPQQ3G9WsmtsZc6+1KsrHev0irXgokNQ=
- =f0+4
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:43Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJARAAuukdEMZwSNDit2YQMbyBCBGGTqQtcHndjKCfRKMMqDTA
- T+ANtxWuL1YB6kXaZpRurCYBKOMlFC7un8/GIDUiJNep4DOcSY8zBYIuPbjSpuQ7
- hCBziiCQhAZMBDB7piHxFTbn03BXFBeTXLR5oz7VPFQ69uJcOCytLYjLz5J483VH
- VvJfMKPhIA1i8teesgPcQlkgOlFWP5NxPAUMyNkOrz6G83snsSa1FYS5X1su5YKo
- vd3EqQVhv1FO+2s0X1S0am5BK0GWZDMOuzHbMVKTbY/Wizz9KhicXtsCDSq493VX
- bXziWQ80rYYOfVOEWHqsgfXWe1OuLzT4JMCp5nx50g7qmKFRw73kMJdyDfijgIjX
- NYqvRI+LD6D/sAXGrMvP/CPW0+HxXWfwja2LI4v1cKeI15qVOGvqkrT0X0J+L/xi
- ef68zqXQ62M9ICOVJzynV508ZZmrYxM1uLLQfgf2oYM5TlJP+uITPgwB9bELGuIa
- h1mGpquxUcbcwmtRKnhJhGmIoEf5t5jyX2wLbdPRGj9S5NzAL7fRGwypgprL5vGR
- 18jJY6x6yzyB30DZnxEJyjnwnq3fvbZOuONt55rIKD9v0m11ogYNSMU+X6TTfURz
- D7XYmqU2gbvP2g+pS6MmwFIjxwV2r30bmWyGtmOosmvBid9hSkXBNEE9jppN5azS
- XgGe4vpkmFNPySNTazuFYHXLFg/wWB8N6ZZIRPXFKtBLmSptJm22YWiiLqpcb/Am
- D0onXEHPu0gOBoYhh+dbz2u5ELqfnay/CVOc3WvqegSJvr85mHKX5sXlZGdHFSg=
- =A3kB
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:43Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1ARAAoN2q5jd5EXQCcZ5m9dS9iuoofusrHNBwx3rxC63AuE+I
- SEhOV7QRTzzzyTmmqb/OFmzKgJiy5epCFkT3nkS4lNAZdiw3qBNTS7L1xC6ireeo
- 1DMquTVOy/DQ11Zj77oKGRX5DWuXCLAq2mkB89pcglKK2vXGQs16eTuR9tRpNwAS
- L8qRBLN1zTJQUTUCyI7+CCBMFkQ3SUFFZG4nfrka08n4O59OubcmkkpYHa262s29
- u5wdgkxI+3GyXvMLku/hLr8kGK76YpvduEM6oMpYC+5k53RMBfekilfWFnyW8cpm
- 9CN6Z/BS+TNFH/xrC5MlsV9PwgDXAltXs2CpolpOx2WtZjspPzIrQWqw0I1unocQ
- GF4Vlu6S1f/sKKe3y7AMPNq/tZ77vakwELc7zpP2GOoJQTR9eSaK91s70BkO/2il
- 0DXc9sT7ecW574NyJ8Qiy9UYHrlmdHZZwtFypZIDRO6bGh8wzhr7mpug6NeQNJpk
- Y4zkpoLEdksJ0BeyeUbVS26HHEHe0tAXK04Q9euG6Rs21qJLEkPbpzx4P4oq6z7s
- Zj3IBPUn0155GwxrmDdA7l+bnet0XYJt3O+NIyKh3tZXZEBqxs6APhSZsyrbMfm2
- dkDGa1aYM9PICHfsu5gYGZSodAiuu1LDe9foZAWnX8Bqv2GdAg28Z7p84b3zO8zS
- XgG7R0YcKoe9Ene1lOe95QSqg1t8Mc4HkNDHd4lH8dVw4KckNKgPYsI8eOB2ilCS
- YhPxRLXhUSbb/D0dsbkvuTvNjuvUPyBWPRRoqcmE0A6An1XMCEuOpKwwyr3T1hk=
- =dGri
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:43Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdAMOYfq13YmUmzXgRSFo+/+vTTrQ6c7NFscvUXvyWeeDQw
- uBjdC2BK1e7ZXtzdLe+8lCMEL873lYUP85JZicE84J9DKD4KJ4JdyhobbAtKC5Q+
- 0l4BYTEO99Dt6fSWPpnh9FAWqM77RTgv/5+polMBNvAEJVgHaOl068BZJj9ZlILa
- ReLmOzff0TA773KOh9JlXHCTf/AtMdPSOIOK4AcfccOe5m3muRVkpTH/goENlvnP
- =Nnkb
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:43Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fARAApvCZ7Y4Eg6jo4I77/gR7o1cBNVk9y7SO8txYXFzzIUX/
- CYooi5WAne2a0PZAXbxwvoSv4hQ4vf59tCYJugu08IRnDWHwlHtQabX7Mg4pGYyC
- gJIl/P7XTb7/4C11wm8KH9BleQcbwVt247h9dAdW9nP29MUY707dqos8Snl+0AcA
- TnVfC4FJced3jbrgkrJrprYfj853xDdFhDQnoRA2ICRf6X7e2jkwwsPRYtyEphIr
- msHBfXtzVbNf+elYU8Elya1YekxUre9fKQDZIYr3Nr7DywEIVSu2oAu+m8M/kn/t
- 5tYAOw0uTQ8ToHFIyWGuiYxVDMtwcEFIXznGT4VFebgAqYWhc1U+rSV0oE3VW/rf
- GS/ehWoN07MwTWNYm4B04ChywR43czkKeutPqnRPO+LiaDFfEv5n6gwgS+aghBCf
- 82Npprkazjun8QkPh4rATOhmp96VPCQKlUIP2N0hYF5Tj30kiKioj9ei/0+K91c/
- +Rg9XUe7zj73qOFGKnu3/c+pWMvX2oTG6RtdkKG5Ah/3xD3PdmTRBA8Zy815cSCF
- IkdBbfCNiiNG0miXlij0o7t5/h1z5yBLr7WuhdM4g+l/ms35oWpV57StWbfZZh6p
- OP+0UFxm1XX7VkZKxZWOAj/paW2X0OBHS9QoPwSVP7k1Z0+5QkrNhwpIBPWpr13S
- XgF5h/yHujI71bqg+qsuaEutUicf72XhC4l7QzC8hngvn3yVwJdVeuMsTzpdf8FX
- pVG5TlVwyEiCCyELV23FgW0XCluX7NQaiRVI7A/p18AbSqkwMt9sYBNZlAVVDRo=
- =2yt1
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:43Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoAQ//Xon6qrBk1OukKuTGzyz0LrNGkJrBLZC5FpQ4KWVVuTGO
- UakD1V4tSliQ01PxjdwVluyCVvMA7Cs4XsrMQPEnJKXcJukl0tK6qNpQtGExU4Yt
- SUslVxSjdfcVa+zJYTSQcNivtJUnd05nX/CeRFkJbqGMLYWVI59GZ6R8gLD2J5iI
- plWnncxDaV9Wcnsos3DEiamA5qlGY4YUUUx+Cf1tPZtStkuueGq1Ir0uGxn101W2
- Rf3yC38bk3N93yNyka2Bm/KvPVE1fPZovpsyc+Y4gh5UzkI2VCBSnjiKgD4ZbFC4
- lLmobWJgKzIQmP1b8xfjsN83fEeX556J23IVV5H7Q9zCvBWCpXu43MtrbkHhZ53d
- oVevbq1lc+J8lMarQNM6UPGXecrlMGCG2wZncD+0SIeLFOJBogTNVxV4hk6f/llt
- f0pX/Kd5zZmEOhE3cBXrlDOHaaEMQVXwn2Hv+zpPvnhNZekH0CK0+Z83rC3Uer1G
- lLUJdzO3lIy58edAQPrwfeodo2eBxyqKRPoggaB30N659qOBiFWy+OCN9gkVhKYV
- sgEVXYdsw0/07OG8shEJz8h8PZIMRzYnxvUMae97UfV02TsyBtB0K0IS9n6uBWZB
- u3v8Gicm/n6fN4CTIinGNvRkTLuNTfHrDkxLuRNgvNyuy+09/7UjzleIwqhC+pPS
- XgGUVQy+K+OiGLkzjhmtvvKwpbngUXlkz4t4yn8Gf9AeZfiT4CMN5pj+A+C6Bwjx
- frjQ7d3eCgo7aOhjD1BU77HIBYELLXHnqBT3MGu5n7FAFFBT1Kfs+lODRszY2p0=
- =ZBB5
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:43Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqAQ/9F4N+HC55MyvYJEADJ7HoFyb1KqqKjq1ZRJkO8DEaA2+m
- x47pNAX1qBHSnR2vDHMtKI6c103MQ56gP8FjPe56yXIFSYipM2Z0vsID2jMjed85
- 7SpZ1hSmcyP8xYxjVQ83uvYKZ1DVNTn72u89FCEpLBSIXvWHoxXFZ9lANaDoyzGa
- jcpFdgVFo65R8offS36lSz19ErpEXzlhiyS0qwCZsT+BXctrybxo3HHgafjrvZqf
- oDwsN65a3skhFkph5kE3/3Y3sF5Q6t5maq3TGpenRtsS613avVkWwqw/X9/nmd1t
- jik7Rkccx507MZvj6TSny9nCIkEGmew/Vbj1JLA38DCkdRIUWjUhWZBE4QtwtqnA
- rGhAt7tr9B/SIeOyQy+TtdICRT398h3GpyrqwlOmheCyunk/ns6rnhvKc06yhs+S
- 5uMkuUhvTi7qUcGHjX3cj6N16BknUrSz5kGoiv3U0JM1gz0oP55iDWCfFw6K9TNZ
- ROObvZzzCcrwF4o0YxhaEJTf4jAH1O01dL7iRBYa8EVEv9DigmIJNSI1ZBZh31Jc
- Oa/D34UIw8TpAAbtNPXY6kovbcADZVbpaXEAa9NDfM94TfLX5tx0l4++W23ZB9GB
- aUGTn78SWlSNBLR83u4aJ/sHvIZ6gmCL3LeT0JfRZ8Ryt0H1mLpunJ4lDXNktuPS
- XgHxdfkx2FJMsiqK8ygfeeJUvSx8AVRDHycLPALyjIvOQW6E1kgpZf3fLGPcwoY2
- +EDYy3fG0wQ7O67pWL+hMxuYr4A1L9O4Xdb3dmFEYntmVEr1w3YNJRecRy5ihPw=
- =to6D
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:43Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdAgJIqr9tgiyPy0TLAOk0htl6gARxNr7ARDXllXNusblAw
- jzCtJ/u4EPAu+ZFPLe2KsdKgEAvhOsx9VH1wG8/bhd1aJd4SjPy2O1db/TuZ/v9c
- 0l4BmAINKLonChboizDJrQICD6axZ0kEVC9zZcvY1dXAgKlmTkDwgjkKmU6dFL9Y
- I7HBtKXGO3DXtc+QsjUpOCGVcst+Or7ME+iBDmz73yfWRTbBPmEUOGoWRFRrPERX
- =Ogqm
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:43Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdA4oOJ4bW4yP7Pk2AMH0CtRRVxqxUmT1571X7DiBhG/2Iw
- AIj8yxWAAIuoLifLPcbFNosVuhMqxAHU/sDoMQOJ6bWixYQnpVJXQmgmCiaF8sbS
- 0lgBwfQtjHG4BQ9gDXZ+9O0vEkmxAebt6C+Y4x+HvzQsXlGGdZRxrsWsiEFubHO7
- qghONWmqTh3mdt83OtD9l1lR5KpDTZG5D7z9Mxxbd+44s+cPORcJX4bd
- =bp0D
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:43Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+AQ//dUnHLEoYSvPewKYvDUZdW0djUpzaq3911lbn/5RJ4YyG
- tM7XhBVmgN9Vw3UArrKk9ZRFt4kwTKC5jLAp1c5HmecRBr+T8IP7z/yg6fO7CNP/
- jLO5l6tct2d9YAvNdzPKVM58B1pv6EgDDYV6kIlNIZ5MsZMcC/p1XfOALPIZl0Qk
- C/o0+QAco/qYv+cBx+8AkaCcAHSngpf0Y+lqpQkRUShIYGuhuCt88QX9sfAiopJc
- oyzNRZqvG2FQT0AXk5xQ1xhLECm5HFVnYiQetCJCieltXqByY8QrWjIKr70N1r0L
- Fmr4pvr/2tLGJoaWNqa/6/RdUSj+SkIUkqB0tZVTUyKquCVaSbVHhwnKNLIeg94n
- ulDPz4GaKj30Y2WmqZ0Z1+7TizsLFR6iO7PlZ1vsuVoswnbB98Y2e1fCsQsw2hSa
- qeP25kdhBA14R0na+4zmXdrmhxjdJ4gGF3iBGyTq5kTVVkfeRZ5mougLzJaATj5l
- 5XSgwDO0seix+0z6eALMcTVrO6mARoXjVCkzCslzjqyVKj2kTGxxl4Xktb4KH7tF
- Rdicrh6SOBMFOZpqZENM8Vl0nNNzbmA9dKmEyCilun2lit9lz9xYZp8esrkLCbh+
- Mz8bEEk8hCsHCCyfZ4Pfg9wscxruTX/p561SDUYFhAUXUVNUfQpdg3crcwHAs8/S
- XgEnr6ig77/vjVN6P1kMUN/XrAE8pbPlFRYX3kxqPB9xKzrNj/SHwjFstjKUcfhY
- wEgrFIMGwP/BsDfXnMvPoTHcl+GnOVGBQ2jGW05NG32IvXqU8gedG6Ajfxa1EzQ=
- =m5ke
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/pretalx.sops.yaml b/inventories/chaosknoten/host_vars/pretalx.sops.yaml
deleted file mode 100644
index b0a4262..0000000
--- a/inventories/chaosknoten/host_vars/pretalx.sops.yaml
+++ /dev/null
@@ -1,201 +0,0 @@
-secret__pretalx_db_password: ENC[AES256_GCM,data:T9qw46sR88tcj4NG1oK3AfjreU4N1cIN0w==,iv:g2rr7PbFN9bFDg/w7vZBiuMB4p2j2uu0eQAyiweuQ6Q=,tag:0coJNAbT5W9gxy2fVOhuoA==,type:str]
-secret__pretalx_mail_password: ENC[AES256_GCM,data:HJrrmdDKzity4Fzz+JEj/kvddzHpRbw1Yw==,iv:dW15nSyYjzlFdPkQoZmJ5k+poWyJZ7dW5Lo8IFjtfMc=,tag:AZZObQRDMMoQgnPmqo/+Tw==,type:str]
-sops:
- lastmodified: "2025-05-04T14:05:04Z"
- mac: ENC[AES256_GCM,data:sO7OHejtPDQNt3bfXl+W488vCqaIicE/iZgIw6dClwoHZUHDNlv/V4aubJk89vELCs7JeOYocqZhARrrHERUxLtQMf+YguA2fBYZOVZ37chtfIqYoceq9ygzzzI6/PQlO5oRoe6HkASJK5t9oVWdfWUmBfWWWjBGrsKbUGnlPOg=,iv:p9NZw6HA0oj0PWJYDIjUKzj3DAI4ymI2V7o9knsvjnE=,tag:AbMiE6WQSPkuY2AEIcHAYw==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:49Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtARAAm0F/Zw60hawLrD82SGr4spPY+fDKhyHBwenuFLaQsFme
- ahf4kedykaTlUbTWODAIcL7KkDhG6RzuUr57nVD8V3i+hO3UPW3Bv+rssrABTex/
- PzKhrfK+oFcE/abvzMfMIhjxpC0htWa3twipxmBANsYER08kftbZc+DS/pvWCYjC
- KlzCsaujQyWaWrA/0sUdSe71S0oNSDCUIYQQbuWG+h/FFqCAMJ1yXLbjfeQlwZba
- c8RYvh5Zr+fizHiSJsYDwjKYCNocaSygW5I/mpbpjGK7WhleGrcEkt3Ijvb1K1Dn
- J0ysspmPZmOhV+uuygcEQxCQHL+0oWp82qu7AwcnYrnYe9KoXFTmx5GBXtLDxOYG
- sxc9JQs2gI9cGSaQbVtE4BrNaKuCDFLIAy8RBXC6m126gjG2uIDv626ONx39HCd9
- UBeDXQHRoq8H73pncz0RPb5Q2yKPbnTUw/C3ORbfE4c70oioIvtA6ZRtnGA+bkl9
- x6YR+Vqc08qwe3/qyKEnHZXhY7KEw1L6qK6ox7iLFHmYylNccwZ7Y5qMd0b/QhGz
- 4uIIdJEI6TO6KAloSKrATlcqt/vnS/9DGeI6Ad2fwt0SpzHhW/r90cw7aOL0gGl3
- CCqiKOxj5pjIIvUoD4nVoSkvlzMn97TBlir7GQuKMHlhap415N4WNsuLrE06TOHS
- XgHUs3CX25PSJSuVk2wyblHrMqsNIdfGDQyxSsgS13huBksWsvlbgNixNSzkFzZS
- DDJAksal/P/a7IJWopnR22TonZxPV4bANPtxucBdjiKSmXCfkQuzTjm3QOzW0ek=
- =8BaF
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:49Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2AQ//YjtcACzner31t97RDu0LVzJkLfxyZbpAPNth8ZoIdpN/
- HzH3aM4aid4zYc6pE1P0syuvg1iVirTS1Vmh8rxfdelWxGOjuHuPp2ivDxSbf5Ed
- U0fgCIFFYPKbimP7Er0Mkcd6hv5hHIv2W1IuZXVgXM+8nvdAnKYeH8mUlqn4OLnf
- x6LSxmkKs9qjaliOeg11/wcJZLk1eF4VkjKDIwyxFwI85FnRVUhcZDIOnhp2THuX
- RBm9DgyRmd4kFw0OpdktAmfqG3fRlFzrHz84yYjhZ/BqDRA/GGk8Rd7E6Z4EaAHb
- mz/0CAYxm02Mh2+TM6OgAtJPImZ+GcHHapnPO0WkcfWSihEGi4MULxhV12pSaRYU
- 1hTycZcgVGOjFfahXTnl5ZNh4974vrLcP+8rRkSxZbKNM4P9UXGDgjcM1cTtOIGg
- K9X76gVNMdTRt1y6bHRVcovm62uzyHpy4k1prJq9LLMg0rkuDKimOztjplpNrW/I
- Dc4ntj7XJDXUBLduvagrxGxezOVwGnM+HNvTL/a13YQggPJaQyJaIxhtA4f48GoN
- iHSGS60Je8ycDv49BdwnNmwn/IiwhlyTSD6PJJh0irGsO1H4oho21hdapKdWQmKA
- /drz0nopl7afCAqWn+TTE2DXmaF/BbZmrE6Z9YDrtoxzP7E9PnytiL/Slrit2l3S
- XgGkI2AKwfuabADWIUt+FuqJp+bVeATW4/vT1TpdknjltE+euKF7T3g3gOxuku4/
- s7hGyK9LKIAwNm0j+urUz2BqyFIW76R4dC2RU5hogKZNtwZFiL4CXIr8qBJKjPo=
- =qs6f
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:49Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJAQ/+JG2zH0EB/fiLvKfC5ZpEhyG8u0Ri37TpNUfVejUAnDu7
- gK19ih7g+DgxRyIoIub5B0wQz1GGMEQ0fhx3yJdLXMhqtwjfRdJYcWV0PWGT09Rf
- 5fxcro3KPxyuHgWggsEPEQcrRUBFqHCiNasvsRREIwvk9O0au8WYzD/MW/pMCuJ/
- yHXsbYIYMVEVrRhwsaUhnWoK8pbyYnyKNNKWEf892MOwPpsJLZds/rsqwbTlAHK0
- wRZfSRE9m3IM7LPPih0RwFZv9Acgb6qzXXm5VWpAHpct4C8U0DCZzTF4/jecIRbt
- qHh3ZCWuPtQOjggdh+gWeHyxnNfKeT3f0YS6nwQcNXj2FU0bk0L/aiLua6C1ucqI
- NMwhGD4oTXCc4O9H5nb7UFfZbr5nYXBs4RWfM9yMEx/6osZjG6Cfskb0vxAn5pCh
- tq9zAEnNwBiGgf4toXzg185keD0QR19GwqhJAZfLI4aoX/mTk7siTCE6fqsvnptM
- +FG0hqb4hrhynTIYTiLEkJMvQyqVMkz+g5SUl/ARkk1JLw7lizOwq/8lKuASXvKX
- nHNwhc/9DOBfBkfjdIH8BsHTDtPL00Wfl5ZlKfTaFvWCtmkv0XCkbhZ4qzwAa69H
- QSfxDqjYUCh7O4TUwMZSin2LLpVgivTv9ased109T44eujS2mzLwYxTGlFyNXcnS
- XgH92E4iQj2Kkt2hJcRyZEQsvYLQYDjp4qGzim+CAagzAv4bkjXedGJs8VVcyXkL
- Q9SP78uiF3jQv40HPRv79aXj2oXtcpaqJln0UGGAZrVbonsbxvGaGPE5hFLzuwM=
- =UR6u
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:49Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1AQ/+N0njIeQTZmbbpRUIVcuFQrFS8h0e3Ov6rpI4lhYxGOcs
- cE/BGgVr3TpLI0gOoP5/vuYEPEDG7f8bjvUuJ39D8Ty1MNXbRWxONh/EVUZe3cSF
- fzYEVOcagCo4gX9VEV8EFrEnbmnQYXVxGRsvTxA+T6G4JSlOOjXdf/yQGKG7CsSJ
- sySr/IJPw75C5NWUbFQ2UvSbfG25Lrfx/SI77V6A0Chs2YkcfRjz6oSV/imb2fnC
- zu4NWLNLBCYN/N4XfzDxlzWrDNGV2e2bLa7OZckdofpEmbTlcovOhenJw4xgp3St
- sWnUbrXyXcc15Sa1/EyJAH+l6I2zFXEWeR2tmocF+nBqo5708lzpGke1cyTqqYcG
- qCUfKl6NJqRUyoNhXpiVK1YtEMbIKhynJVjsupkE6IH5UmXRoEEjTn1XPhLh6IEz
- FO9Hylb7uJM+a4WQeE7PpsrwjbR/B9WcYsLsa+byqYg6nIqznwhpzd99afOj11Wo
- TfcL2VWCP5jpJx6kAtuhbDlNBPdEwvUnx15dhFcLpM02HVJNnQd8zOjODa3ICY3j
- qwR5aCdbLXsxw3xsWWMYt5jYtZdVaytGbzGvuEujbeY/yK85tzg18nTxlVNLTJIb
- c2qRAW+SfneubJkXdiMxZYrzD1G/w/ZYljmd7FcPKv6IQBjDqxG93EY9T8GErA3S
- XgHQaMSRFV/8eiewoQxAuGkXQ4kphk1989wnCaUWPpZyAlOgSHuPJXkkps9rFZpc
- wLcocDXREBReUb4B8+d8K0L+A89XzcUt+offd+qB6S5XEG4XQn3TnS3f4Gstwgw=
- =DOdH
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:49Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdABetSMqsBG5cMDIKkpeHIckaUfL5ZkZRYK0bZ72nW/j4w
- mEI3voDWxlSEBbJPpqlgUzETLlr7np6xj0B5DRuqpEDNRQ/n7mQCiDLfo5nQzUt8
- 0l4B0bcur0dxaexJ6Yl1UInHVti2E1zKoRZpneKPhMttt/7qv/lRUdyn1rMV622R
- Z8ZQEc0E3L1+H86704A3dCXf1TbyBpEUfuN1Bs3Dlx4eyPB7oPxacLq5v8FqhJMz
- =eQ2K
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:49Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fAQ/+OxlfT+bq47MU/MhjByVcsCrIG+3uDoTBEjm7LkCXUzS5
- 6uOPpqDeTn9u6bkjKr+mpo12kmhGltOpftyskePOxz5qx/AGi1g32FPJafitK8xb
- NSM5qxaXB47QKT9MA/DlSn/tzZI0YbZCrv/04Y2r8zxFF5lHZF42NEBD5Q2le2+k
- IIC8/f7zYNni1aCPM1k1B9YyJLFgwJmX4CWyEFvdeHeK9NxrFD6z9t1UU0RP1B87
- qbteFxjaYB3KrkdrnDNMyVCVD2dSFzWHpO2uuYoX3RV9fLmvr2gn2jBM5jthkJNI
- wSUJveWe5WJi18mRG+L5ST4kHxK1EGi3S9OHeDgBW9tJsAplDyTngscbY0V3tF2/
- eGM7mm5NuxIO1yQoBhpJRZIMFVOMc3I10vZPN4dUNCRtJ7uxN3BVD0ozhuhRCz82
- c+VueWfqCXWj9s/XvrtQu5douMFGlFaK1itpU6wQiLuIbZR2ax+/xwrsDr9lvmNb
- CxvJdiLZOuO7SFVFyo18wg/OxGMXIXyxFwt4z1UmzV/fPw5SlFJFRH2pRrIYxdFc
- mw6NwFs4WI2h45YqaQDE8bNKIR4xohn+px2TQxEpb3LhuD9R6Ix+3uAaz65yt1P+
- szWbZoMp7rrhU8gWVBlFce9hiuV8mEOfFtcZPhN5LPfDSKwXdLL843Ak11DW4knS
- XgFpKd0vjhx61yjkjjpBzF+j7thXnzohmvcwW/HukW67JV6lpifbktgde0QPA1I8
- zIc7XUmJ5efjDh/F/sm1mr09/ofCXFRSnGPbj8joLKWaoeqfGy27M0fLCYKJLX8=
- =Bmty
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:49Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoAQ//TSyMcl09q3mBXtuzxo5BtABtz1LggXzQXiV2+/C5eetG
- MybvjjqZouHBWPFfzv+PFxbVkuOkmMj/OfFt0MiZPYnt19EOMW1FxpsNkgyJ7Z8I
- lnqtnlVqsO40Brso2FxqP/FgknxTaxMMu5j4pjIaHDSIA2aHZmcEOjPJFdfAZ3qw
- LzxM0PrjTxRvzE6rgMayljCegDsCjgse1Tdg4XtvIV5rKINGkfLiOLggMx9sDje6
- XOsQKTIN6P+ESFWOSFe9TytQgs4NQBGH94w7Nwhce3P/Y2CcUqR/Mo4ns1gvS6QU
- RA7kzIi35AUUy4r0hymGwaPOGdUF86ceXxHw7nPVrvPl1YL4WRWF6xeuz3UREL1q
- dlAJ+REWA1IMw+hEs5/n0kxa9RAl5oAtAGPV1urc3VerBX3MTww1dqEr4UAoggYJ
- UE7k4dDS8FQonXFNwKE7n7Y+5cDIgLXiTmwlgOqDO22irwHefuZg7p+LoQIY5mOB
- bFNf8s8HLTsZvJBMl7/Dlh1CiK4Y1afjtgQu2SiboxPVoiutV0RoLcfhhsE+brw/
- DndNquaDxG0CK6p1OZjN5CE5RhhgfDy11aAgYkfo4WB6Vsl/HFHJf2BC1GFa+MNy
- p2jPEWus2gujvfMa4SriZCTGgO4r2s1OWwiaTZi6X6pk/G4MW8hSaLaI85HAF2nS
- XgHab+EbQU5l+7jBFrB7ClLbHun5v8SkUT1E1ZyN3ET3fAsFeTASlqqq3iCBpOQb
- TeT6qjXi3IpEUSuZBeWVfM2zSbbaz3txcuwQwXotdI0sDyYzxXHyUp5+aPJoieo=
- =y5X8
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:49Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqAQ/+NNp8TawnZK+TXGCg9lzS+VbYFyLYHYqAxdMnvZwQk0kV
- gTh1vLRrtgm1WBSYtZLqAnKKMKyUwRzqMjHjhTiAyEL6pHaiRu9McX7N1cZ6zVr2
- tavNwU5GyflsqPFoxxvjKLDinWv23+LcO75HDAnZ7nQU9cV2M87byb+Yi0kPAorD
- vOv8kvxIfbLFh+TRsj/w+a+N1i/EJ1A3EII0aoq9GDPC/LqMjpFJmywqX3iDU2iB
- mcJcQAlD7TNiIRi+cEVVhY9AIDjB6VnU+ITzKf2ZRlVkYtSoNATzdEhhcnSR1Ddv
- cNoc6GxIN4a8YF5b72FYmDMJNZ0HB+Ttx8Wv1KYTaQZ+9bgmfXMx3ef/bTKxIWov
- NXA5bSDmG0jqOpV7E6f8i0OShrjO1SrdCCGjeQLVyuxzvt7PxBKiga7gU/ekznzC
- p9M7ixNL6jUURGHeU7VJDX5TTMXhaKCr8vkFGW0PAf0Q79WI5kZFZo6L0nxJB5KR
- J9bpCH/9qqmHIq7FmWBSf7URx2Qnq4mNABUkQu5gBCbb3BnA/6Inca6zBp2AddHG
- 4b26JOhxK6itCYxzdY8y9GlxgHbUwXts/e22e3C7HPU7D/7PkGXv+ElSM5/grJaJ
- ZMyCZGZoYk4xSVlT5Ca3ibxd5R0b11jBU98j4Y3Y1eIBvBp4CFRmuGHgTkrQ3KPS
- XgFRZ82TLSMA0AgEYhZx+CBl8C2j7F+LXTcQw7SjZ40CX0Md0Wmj2xQWNM7GxDaF
- UYFWpk+dgmTedZnwgHYwqSuO3GlSE5MaTDs90cqXC9qNib+KOxq9TjQQdulSNCs=
- =6ejM
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:49Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdA59wAmAWKpEi2e/6Daw4V96WPthNmQxIXw+H/+/G3LWQw
- Rr+WSsmwhzN1x58KolnrfRta55rxBzE8tGqs0LxrEiv51PkWmwQc885M5ViqWTbG
- 0l4BVbXKdsaEXjEhn9ccOs9J0WhQe7YdMN+NOwPzRGSV28zD9eDwxs9j1k4v4kX+
- RNgpfp9dgKlck1gYIlTZteiJTkb5fvfQYPZAfQB+L8MawTOtzdKEBUHsC8kWWC5u
- =jO4q
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:49Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdAa1I6oIHWuNa5p6nytd5KF6aXy+80v/F4hYyh9h9MWD8w
- D9mJKnKztFMkvu3e452vT8KhPXWOKbVVpU4BHW3lrNC0yQGaDIwIEpCsPFQ/W3iB
- 0lgBIbmEigpaEP8Edj7xzrs/79Da7Pjl7GtwAB/A+iM+tT3bnr9oG3kYYxhPJSKn
- 3VKDoNh565yMFp/8b5hYPA+HPT6hdjuLxfxRmil2eIegEox4i5dPjaWh
- =bo9+
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:49Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+ARAA1B8GehpJz0AOrWDaHLzXn8hjVMH6UKwUEwBGd6vaz4PO
- EHhkZAqbb4zkCxW/6XLBMf6p1JVf+llvBapB6wZGdqdThWOW/RS2i2sNbON4hAac
- nSVnPdiJdQWlN1QEMAZrbFqOrIoXlxVX+he8amQS2WNYPwRWEBdXuhJOe5S6OhRb
- lOFM+wGtc+PdBB/DxnOt87FhCF3g4jq2FA9HQXgDaFacA/K5DbZ+Azo0rOGsjRKi
- 2CMNAWNwMv1IL+EdqRVajRMPxHg9Krq2VuBric9EtQQhCC6EqyFd6E8LLjp7Mxtz
- cy6vhDscrfOL3Kr90o3zyhAJDuLFcz1KQRgYI+iuq8mZ5MGcr0Lb1qu+7JXtlpdR
- UtjRwXU9wT6ooSa2jv42z7CnPG2cPKkMpkiCvQNDw3hk5vyOdyNCh9C2KBomPDIM
- wtLooHrXgAG31ESMgPZxNvQHN5SQM16xLAj9b0zoIsMdWZNvmFXxtTJtk1GIbgGh
- K9bDUa/A9EdSQjZP3ojvsuGjHeyMNSvk2V/qf6xvj/Ud2HYAgzXqh2kEos6N2T9e
- xjizBkWGN15XAxjqlb7ffgr4tMymS6O3A1h8P1oq7vyU9SXhDH1jjciJWMXFcNv9
- d7W1XMgWwI1o0iYNBzBNnq73ovOeSPasIsbIwXw84Oe5OSTUed0OLVsRhDkx+kbS
- XgE0W8RWzrJywD+o8mEuUACWAxJB48HygYK/cDMM4zuCdF1IoNnmR4yYyffZ7V6w
- 6Kj+SibkwjfCuH50XSyLpLTilkFa43/EW0dn02aI988saNfKHZnTnlRX014t//0=
- =uo14
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/router.yaml b/inventories/chaosknoten/host_vars/router.yaml
new file mode 100644
index 0000000..134d29f
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/router.yaml
@@ -0,0 +1,2 @@
+systemd_networkd__config_dir: 'resources/chaosknoten/router/systemd_networkd/'
+nftables__config: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/router/nftables/nftables.conf') }}"
diff --git a/inventories/chaosknoten/host_vars/tickets.sops.yaml b/inventories/chaosknoten/host_vars/tickets.sops.yaml
deleted file mode 100644
index b7f8564..0000000
--- a/inventories/chaosknoten/host_vars/tickets.sops.yaml
+++ /dev/null
@@ -1,200 +0,0 @@
-secret__pretix_db_password: ENC[AES256_GCM,data:kAOUjT7gw0FDqO+xt8m3wAhOGuZTS6zEIQ==,iv:oPAxDzz4ellT5MxUqw8/iBYyiTMf1b/Lddj5E0iIhWE=,tag:r3OTmcSjNUETEmOzxsMhxQ==,type:str]
-sops:
- lastmodified: "2025-05-04T14:08:33Z"
- mac: ENC[AES256_GCM,data:gyf0gBed5K3sEk0bTBPbNa83QtWtoLx+NVp78KrxxfyiUuPu/5ziWPKHDd7o9TQvXZnQ8isVy2BaTTwR6tK4AG5+SO2ffV0a0/uNx3/jUvh56zQFwA6LTviEnR3vKvKPa1GH1khojaCkyMpYkb2KbMnbrGIt8qqqDcwc1dMVv4s=,iv:7oPpmfeAcWttEaCOiL2WocbhoBaIh0Y33OlCAYjq98w=,tag:KTN+7sxOYEfxGwB3OXvUIQ==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQILAxK/JaB2/SdtAQ/3YbYFufLkMmPxTkW55MUkNx5UzrCufB7vyf5KJAAPAgy/
- Uh9h2LtkBN+LL82amrCn8++Sv2/4eEY/NGEL2F3yrVtTtpag/ORTjxcRFFdNGWVz
- +YpreQ0lNXzMFEvrdg/oN7+9s6QfCUevWpuiWkIPPtROu3aU5VAITrVS09wd2prS
- VI/kYNBZ4FSbgGIfms6hPKZ6tsYveKAAYmLNZLGWuRHkKS/oHpKSlIDpKpMZc5Tz
- GbRYIukF70/jeo1gGqc6Ksh/nMglq8zxj2v0hQ8ye5RFuyfiKBgVd6uTdAOetUyJ
- K4XH7GFFMOEwdei/7ZDh4FtuDqCGguvLuQDomaNIhV+ybWJJfaseBno/p7GwobI6
- 0g9H2RS9GieNilA7yMRkLzqtOy4iwgldSwGbJpL+NzO/d0SpYgbLOYdkRvdaJvyz
- E5u7W2dPe3HOgNsaLy1Hb/EWMMBLHbzvysnhe4ynYMYDkKPmpX8W3zshlZ7pgIbi
- Z/XyKwPJtmwDboFuL65g+tDqn6nvvTjO0X8hAIa9DAjWenIskzQ/HHrMyVEWoQy5
- 4HEW6VAWSosYbewwt4fpnK8SiTZgWrkU0RDi1WH6DGaATamc9eXZmzxvLVtW8D9t
- PGozG0gAlOejuAU8pALoDBETH188Xb9yZEX7Pbj1qXe3t+ZQbS/n49PviIi5VtJe
- AWjRF1ng5WY5sjBoUozg0AOshAbDNkbdpqvvwNXtXp2tLCBvDKYBZ0KdeERrTF0u
- QYpvyVgg6tLPDEtL0AfcW3SpTrEu9hxQMt/grVJy9P9sCNkGCCNj+jZnCoUd5w==
- =9hD0
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2ARAAjMwcq9PqOz7fZ/eIFRE8ZqOTdK7xjQw6y80/M/UezCG8
- P9NbzDyXw1O6sTrTAnDmaBuZA/22w0w3pfwbIZ9eIbIKUYLR/79bJqEwFbNYo/gB
- Z5HrkdbP9ZtKdWt7rY/zt+gv29z9FlXKqS/G9rIpsXTFL+xJfaymhNVjgdKbebzu
- aD1dIC+6ehw8/zSTXJUMGIGlgipDz1ug6NEVAJ5S5hXNSUFenb8pK8tko82+PdFm
- X7E1HjBxWktBTjGMAUFweqdGUYskh1D9iZhYPDiaUWOHcnaml78TaD45x7CY4Vx3
- IdnV/48hRwTwaEh78xT/6RxKMJvWWnPBqUE25GjNSNAN1dUZGSSqmGxcDUM4u+tA
- YxzNJ5NdJhl5BQC+Dxj0wloaVbMCkCsWdkT9Ewn8s0XqxsNWXTD23SZHfKl6iO8Q
- 44YpLo4R4T5XJypuG4hCF3PEuIzL5L4NaPijOMiVrMQLuAbhdUkNWl9i5syjfzfZ
- nm+8Vm6NR6ntp9jm+9tIGjidi0dQcYnQvdg6ph2wivYduOxxQOriJNKVFjHGuvhy
- HjbOFcbsScj0tDO0jQYLUQVBbKSPEzTLqina6LF6E8aH9N+ZCRZ0kBAskH0OC12V
- lj14suIziyl/i0DGO+DDbVeyELPl51V5Cf840ZPnXHTsRf4pRn812i+mX1dKBWDS
- XgGy3G4A/yeXMkvZoge9qRvlK8qGysAZVTHd9PzLDOq8oDlaHfF7D8xZ00PtvUmv
- ZmpVQbUr6Ou50DqwjQ5y2Zsxtzn6ds9k9n664E5efFU7CtuGRU/sB7H9hr2BgS0=
- =QUNG
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJARAA23eiDKMKgFZsxbDfCbXHd70e35HPoJPEQdBlXDaFK719
- tfx4ZnZXC8ZFxXr+hNf9YSAb0GXoIOXBGw3w6OG7t9b6nE0wmM4McBFPmiJP8clY
- YFXWCEBoX/U7wKbOtO1YS9iPQZXvAwU6vjVGzUrNSJJgIYD64nwxaVmKvWitNt25
- dPzqqskE+JBX/MrzuF9qFu6e1bDR25c8Sz040HCdzoLjHePu9JFJ1jL7ayaT/odk
- goe4dY2Ax9cPZKRXAWuzaikLCVMTtchJlyR7BI+SRmEiQlNTYgF+eufVg7djn+kO
- 7BEQ5O9o9FvxNVWUXyvExiLcLSJEEGpfrusXwbUz1GMs9bsAVV8q7tlUvT5IW5Nn
- UOItNitarzVn501WkPFmyN04myRrPY+F20Vs+3CS7IqwiQe/iK8/51dGH22Hwu9S
- ksOSmcjVbBfxG05U0bLJgIr9g7PlG0fhFWjnUO6fQnTAHUljXljSqofcBLK115i/
- fHXc34C2zZ9tbNfeRnCLe448mqlNziH3TLIyQZe+gt4e80J5PZmipgSxHwO8MPiN
- iBxS3r6i0Jh6g7vmbCh+JUT9/G/OvOVpF2RB1q2OoavbDOuAW68ptPG0vU5VMKAr
- t3m8tBX4fL2h7EjWLewa0aIACK9a5s5UYV9mRW8TDntGyCbw11WTTEtAUUwhD3jS
- XgENM90AHk3JOzSvx0a5o5NNZ2zCOishcltheFKhT8hAbXNZ8Jmt98qlmBfqKNSe
- qKLUBH/F2J945CSjlFKA1n2BdXZ0NrPqGd5TsSeBAo2N6H3Uqvn16ZQadTbqsvw=
- =nOJ7
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1AQ//cCTlbsyrbw4RDZq33xVO51ouvfxvY3MSLb16J/orxqGi
- b1Du569Hc9da1AXeAgTzBGt3QERJ/rVEMPIrkRaH1dTlOjlpGHZIxsXyTM4Igo4s
- R4OjiP3nqh9eJNhcLjsA5tXCqvxTAnm00hMEehWIf7vaOQs3XbMQ6mq/e4RRRHBT
- LCGyI1BVb2H+IH3tMPclkn+SqyR2P7sCawS5tdpjxED6l43l2EHrdzb1/XZjXPJH
- R3fBzOoAqlvOy6baEsDSmD3CCfuU0POGe3M19krXE3OT+HgprjzK32wfDkKnLp6P
- rvNH0KWWMV85ZvLEQREASpbtv8xB1+oYiFQxDdD6b1yH/iPXxXD28kxI/8WDe7OZ
- f9pnMS/lQLSXEyQZZEax4d+7ayjBTOTdLcPXVtNY6uT0Ye7vHwwiWxEnCysaFwFk
- p0JglvRBW7SXHb5JhCho4B/uLb3jwIOELe/0fPhurd8Fwk4gH9kOA9dj3EbmYnZE
- bjEinHdig+P0eMO/GkDtPGcDYtscuxh7ObFuzeaIkD1g4ZaWA71cbPurZUQYOFyW
- 0Fp3CjKC2ZCh6nrHolE3L53oaEkydmAGJsbIu7Gtb85HgF/w/173bXzukInBohKR
- uFBL9UvzeuHvmCg1kdYR23QY47SbBogJweFezA795dB/X9zFu+ArEawv43GFnWHS
- XgEasTZX1nCs5IidUgCI8+gtH51qHjuW1hiayOJweFyl8aLwmCe69y8sEeZqOoVd
- BZPKsghNVH2SekJs+aRsuoQwRQJHmExcO6/FOPFiuwxrcramoVCMaexBkuc2ElI=
- =PW0k
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdAsmE/t3OobfHFHvL4bwMjRh/QXeE/NzcMG6iFT8h93h4w
- oEgzFoLiI0VJhSAwzOahL677vdb8q+CZTyIRK8ODCczPCCxgv1h15XrfYT5+0taG
- 0l4BID+1ry9B+PmcDy7p++552+XxRR1sEXjKmy6iprQgODM0/6hvqtal6lUvqNeL
- 4JCLFKMAr0TEiyVn9NoR/WPXOnHaPr4vos9XaS911lphttOde1OEiK4mJrtMhxFg
- =NnpF
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fAQ//c0hi4pLLXCKNkD8ue3lb5BKQ1z8FL96JksjSmPwjWDrC
- MfOgG9NiusE6dkUfS8pe1kV1ZIpuJ9VO6Hqt2eFzYK1gu92+cERNlgLWMYYzvaIG
- s1dwbo9cW4SnrDnplX/NenQ+N+IF/AC2lsj/V1fF3lARXHBi4h0ETzGhFMMybJHr
- BfYG4fvcXQ4gZnEDiN9kNM4Gv1tqCYL2His+Wfo3iuPpIg8xWveadpNYJl61d8Gf
- c85K8s0EvuTUmJydqB0D0HjUFGgcKKhYXNy+jwTtXiX/iMo4I0XEpQ367d70oCnn
- 2dW5OQ43Bt143PQcdXEtpXkwZjX7+azZMSH1InfQ5TQ02Wj5G0EkYKLZ4MInV7bH
- /nPUnpHqZSbYqj1ltoeDZylokk2a8zBwAoICLqDam9YgQGFKhNg6748cYhN6janA
- Z55Cdp7yLy+n8oMW5ZaXrxo6Rj/idJLSQRGFCRzZyMR5t+xbbmUbPLgKIDJ/VpD1
- inpMFCSfdFOwhZst4wWG9AR2foy5j41khYElcoqYr7UDdmFYb5Dkik0yTE4Q45bZ
- ah9eDMas9N2t/fZ7I0OnD4JN4EgayiS0Ga0sngYwhMfoQophTh+3ufzIozNvVBQ7
- rajYeG+cjMAPvE5acHM4WT8qCCG6gIyUOeE5//KE9T/F63lY/pqEzlvz/Lw42WnS
- XgFa9qofeWvl8LmkWPkcGCavL5Z7TSieGab9xnzfOX1knAIZZ9r235Klko7lqHyG
- 5nGadiOZ2v7NFqTeWSBWUDASj70NloMdbq1lcXlh4tJ8vYEbL15sthmA1Ln/5w4=
- =KH6H
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoAQ//fGWqV1GSmhKcyQZqZbkLQl1invlq9v/AZVSoeSrYtKH3
- HoqNl1jd8PqKzda4pD7qu6aGvXzHCuBnRzYh2NZLk6qyV2lzsmrwLY2kYykJyH0b
- UFTni2vMPmHAQ++nBawmK3yqmVVSXlA61gWRL5CgsU0DJRVO0PTb+DLBU9+uoYrn
- yxqDoaa54PQSfhMxhqsRrMY+GF3JyLOi1IYVIePeJ2D4jRyTuST+9lQ9ITKDGx+Z
- xIfu1vPzd/WtnS3O94ZlxfHgcPwnRGa+cvyCwb1TmfF0HeGo755CAZ6Ge4aDM1+V
- /gkv0SRt/gV6SEaxPsFIIcN9KDOoREjtJNvvWg0Y59tAUS0udsAcIaYD9XNoEVTg
- QTmFKfI416Vqiov9M+DNKds45TiQD1g8K7/dJODzNl4h4nUqdpYH7+/lP6BaojNd
- 1mnk4u6Au6uj6Jv/JT/pKsEwaWkZoG7zswpEBeuXfYkp8JfpGDs34P3cpV+4c+8g
- Tu3ERPdzM4GkzFs924AIIWvkh5fww1kWCmHiX2zUKhhm0xr9K87qb1/fwTXtPoCc
- 610HRvc7c11aCU3Vudk/PTQpPeLx+gvqacPTUxgzHpNl3ut3wj/3Ej8eOE1UL2xa
- 3DsMFgg+3XmyQ5LBNE2FECBrVE16n8+eFulMuT0M0ZI8lHW8eKYB03SwWxmFBfLS
- XgHbgnZ26IgjVGPzp0hF8Re8nk5Jcn6dXg3dUIiqJWBCvVaenhlFP8EEW8etF15C
- Z7OeiIkDlH9bQb0HdAZSdYfDuAMEgYW1DZeivnFdtPjc0hV5yvq/vtz2MvNrhqY=
- =kZhk
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqAQ//SfeMwFnW6CKSqFde8R5qc+wNvcrlcVD4rr+AB+9ewmPI
- luCNFCwAg046NfEYGwFP7n4Mv14Wjnv4+en+xmn9Bqjt1skRqthkE/lFjNThaLgU
- 75ZqSYRqcXakDyu5wBXQzn8LUuVIDci0w4a8xW/OI1myfk4gdZdw0Ju4uYUr9jjX
- ROUf0ccnmIkVLJmMwiYYDwnxKMPachmwIb+WqUksS8GrSsctdYbHzD+ElkzkArcg
- cix5M3a/DWS85C2W6yDu57wMEc25zugZqOOt2A1UYbMyOfQE8FPODEZUCth6F85+
- 511lKo1vY7op8lgC0pvUScSiHH5/sYTb2XsCIgQscwbz18PW23fu+FwwhxYCK+n3
- DcdknKw3lHjVKKjkWba3jBXe3ztMYMKs2VIhqymqOXO1O482quXvDkm3r/JdjiMv
- Rrh/xT4RtKlUMjULG/CIuufkSzdG890CRFL2lGMEg9a5Th1N+x7SRbD9cLT99JQu
- Hla3/nDKlCyVeTKP9mwSzQ3BfHFY+2yuxI5p/1ZLjUrWnz/mkiWnFn0ABjsHwNWR
- roOldCiGQt84sa4GfyuLnnA8siBSrL0zpPkpsi7A1Sxq5oNPJIiBxmO71FFESRK2
- MlU2AMccAAEJ4W03tL7DTeqOUMhDQIgYodA4p4P2LGyoIeqn+y8/vRghRMKEkHTS
- XgFrUvjyBLOQPgLPfcqceORp8HeviLnXBOn4vxOyJROQCvS2RR85c8zpWlWJzKU8
- UIvzVWlAHXkB27fu+OYD9Ab0Rfa+5JcWq+9reum8eav/zG3tz4RuxYQZ5lvdw0s=
- =bAYV
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdAMSMUC7luOQYfb/yF30H6IAfWSPcMVcDlCSbMBl1dEk8w
- Lma3+Py9wjoUTf4jyONh8PPJxP7Yo2PywQjCLFGuuMdWX47Y7UhBnWdbtaH/SiU5
- 0l4BVp2HXR6wvKNlPj+Jj3GKfL4+lG4/TLacLHA/fNk+ptKwTJaF/4OIePQkT1To
- j4mWQzjAUlmKDLc0FJlaolrxGhmXGOn+8N1oWen6JYa0dNuvWWZY17eSerDQJPGg
- =OukI
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdAsDSanBfgX/RFnK0ypieGYVXvGSww5Gvr6EsspePrb1sw
- pA7N/F8ExFyhP5iNdMCNx5EI4qGGh7aim5+6MyArP7v+yf91KgCn//LixlI5QAea
- 0lgBcUQyJ2iwJkko6rxUkCnyB3FfQXdgi9dte72sVLVpft9Nw8/TcRqoe9N1fwRI
- rxP76Sd2Fvr1FqfqZozesQvX1XqaW5XWt5fp9UH7ehBF99N4fSdJug+Z
- =AmkT
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+AQ/+PySQtMQUJ1Kir6YYRn/lW+CArNN8dmD0ryceVS8OOITO
- skIUqVkhuKPnKur/O6U1poyo0EFMOnMZjXEK87EZCTnGZL5sSu7VFGiwPf/h3z99
- ljli8/uidyhoYsQY3yAosCKO594PQA3RzHnNVKWsNwIe6Zo2J3qTwm3H+RK1supE
- HOkt4EgvIb2q8UaYD+lZVPGTj+pa0FthIeIixtjauvQJreRiS2b7OsyRL3bpAqc4
- f8Ov5JZP1Ou9V+QFn1buqt2eeUm2SWkwsmC+RD37sAXH2zuUvh5Q5R4iSnc/Ry48
- UJ9+80DBamauQP02vw6a7WccmSku1b0O3lheiiWkzKc1u7RhzVcQEy1SOBJso4xB
- g22Kn1E0RzUus4Eoj2M7MQ3Vzlg+hveNHfJJSIteKvAa7505x+y6sxZ1zNmjQSTx
- D1AqXIpr3oBkW0LO6tIYbjIKUE/2hSNEpuzJDpB+dsqZPS5p5aOc4y0rLbNlb9Ni
- M4w61kcXzxaJxL1pwb/eBetxzQL/3eA8omZR0pwbeqHTxGAGoTGUMDlqK0rq21S+
- hkjpL1VeduGVh+q7+c5yQ9XnS9xRNe7pMm+uKf9Z50OzSFQsQzamm1g5xTX6G4wF
- gyjypWKNiPk75vIw9j4zbDONnzvSYRIAKno88LLh7ycdl9SN2776NKLtcrpA+gjS
- XgGfFZRKkEM4wG5ShafYLGvesYaBWjoM5upFZklVcHtrSZbZ64PJjSSAQyX8d0k3
- JJ2K7fP5VY7TlZqYXujbNQh8410ARlDuoGVL0s9etx0bbbLHLG1r/kCdSnN26w0=
- =+CLr
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/zammad.sops.yaml b/inventories/chaosknoten/host_vars/zammad.sops.yaml
deleted file mode 100644
index 712730e..0000000
--- a/inventories/chaosknoten/host_vars/zammad.sops.yaml
+++ /dev/null
@@ -1,200 +0,0 @@
-secret__zammad_db_password: ENC[AES256_GCM,data:ThtJngNvMc817rvbjMjjbnp1tBlXPdAg,iv:GcQHc7p5jFcyxpTcYsUOA8PvD1Qy5HxVZXHcAuL19Uk=,tag:UjVxYkU26/zkBL1eKDfreQ==,type:str]
-sops:
- lastmodified: "2025-05-04T14:11:05Z"
- mac: ENC[AES256_GCM,data:GNOhRrJkLTjovRO2cZgeiRcqB3TE2sWxD220Z8GynoUV4pWS20vOKvaqwxU9seuD5Msxd05JzLRVTCtP4La6HVSgDekoVYKz3SLmdT2Hev+fscmfr0uojRi/5f+eCqGMBEy8Xs2Y7AzIC60iHqX4VBBn6FgkJuTyS50qn1akoGI=,iv:EIjJbb0adELCNBoRsdjsVvN19v4rKCiVmxcCAcnY7QY=,tag:GzqchqorbDN33+SfspGT4g==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtAQ/9G6kv/pu3reUUCTVQyPf+vZSEKl1W3plShn5zV1mexSsf
- g561L3tA/jKc9xdCFvrzkgq0P5dNHLUoT4GbbdCA7CM1274See2QE294tLrZ6Uww
- pkAd2swywKP3bn0j1zYmFxemGaGXPcukSpQ5X4ZhBvDKvM8dgWo6KRUPviQ89kOg
- v/9NWaOfbgGF7ZcZd90JAUBMD6X5xABKVIac6qKcBuvz4nm3KJRboFMxgtG3ja/t
- fz0LTqwGsqBRcRkZgLudnCCS9uWKee53CqWuStgHP7wfqLasqgNY0TacjyBg9WWg
- ZeapLkhv6d0tXsSGAMmiYdXEst2yK/usXbqo88sod40VUJhZG2NUrgWsuU4rijD8
- ukIoZYpie7UyKDf/tfMAvoyI05BS+HXvhgmH1rsUTLsLTe+JnPgC1fmLTLJuvA54
- WgAsrAt1m0FmoPsegcVpaSIBldR9JDMpbE+6OxLfnMthh4b40SEcymodSz5Gb6vl
- tLoYlx3+VJpp3+kK6NLxyP77Z8drpNVYdRMI/4XyQe0RCAvudV8nFCzDTjXPNoG4
- Xtd+xTO3So9xpql3hYm08IVxFa+hua7qgyeINt5W2WmZ+MJiGjX0GTTj8Mq++j+1
- 0EnugIqqaTQ4vrITP02ohUq60lmBr6zbH28hZBUHBgnVEut6nA6wDIVT6VTP7B/S
- XAHAzMdG+Nhw06jFiH+Lh6BRs76+AFt7O2pDWL8TzSiA60gqvXZiWO7rU7oDsCe3
- 2uC05B+ryAH8WIybxPBlB4eLoHJwQzCdxHsKwWYKtpvnSiuZNnkObuDJg0yG
- =b7mo
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2AQ//WL4ttnjERa6PUAoZYyuKnrnFkS6foR3adZhsOynGKVAC
- RP9cryOBrLZ4tWf00Nl+wh/hWswJuBWe81dQ0ZyRq0ao2FJAdm9WukNVKinRShbv
- bgsRdzjS7W/LYpapNvbJKmxQ+2acah/7VbKsh9S6kdymwJTShRcGjhwiJCXPtyDd
- rG3LQ+dguIY3kg2fL9LEtl5Q8xeAtA9RiSAxuu6y9BcUmiz8HJMkaDXFwrleds5L
- OFJ3A+DlIO/MgoHwS8T/pQj3L4d7Tr7SqkSPuWKvrX+Au8uLqRM8tVOK7YJiKP0z
- ZIayOg7ntTm/jCRSkMuX3oZ97Jbpp0VBX6im9Kgzjj4LPJxM8n7K7/wuZxm+akeL
- 7/V+cuySYVfL96hPUINjHe2zrUz6EZ3/oo1EkpWxPd57ksCfTVoy14w1+hF9v0fl
- O3sI8f92BvvIKDQHeI05EFweoWUkty34RrOT1zAUj5ir2F7K6Th4m8jWdA3gWevd
- oZsVOIOyzTyzHAyFL6XlRphrdRW91CpW6rRoSBgMxaCX4Cso6NWocgU7lSD8sIrD
- xTKAPqO9T9qMOKhUKIYnvt9s7FWpDa9xqvdWKX61KUGMfntk7rYEhp3125AW8hBx
- HBuZXgLiplOJZEs969JBL3X6vpcMpLJK9C5qHUAi0jW4OU39ktoO9u6elEO0VYDS
- XAGs8wOfvnkDlnzeN3E1+o5NjRruLKasBa+6KOnQG4/5XEW7b/LD8po4BuuMy0uG
- qLQyWVCDSu0FOYp4GFaGdqN7QZpiUbxnD307xd+MJmlPkP34MRW6Tdx0H9ry
- =xCEm
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJAQ//V5M/XCLawn6KtqJigp5GEr4j8c4FBgYN/7Vx2ExtvHZz
- 635xc/UE9WiMFQAtkiftm5g8cdz44Jx8rIjECsx07Nu2/mNsdzuNJ4JJS1cXSK/3
- o9Iq4wR7iGKAwEk5AazVe5raq/4rlqTvrzXZhiFTHLdKzEpSsvyeWVZb5rJUDgiN
- h76iZ7qlSfIeHPWSlfBT8BhFVI1luUhCJpP+UUPrl88ilrgY8NGTQiiYJZuLneED
- NdvRdzqOePrK41SlLq5QWqZbhracfDbg1WQZkLiJhJfYE05UuKP+YrRYqm9FeZaz
- AvFBB9NKk7zmG2XDjI87IO48vPBge3pujH4Qzh6NYisiPnWWrYUYKuOy1fmVfEjt
- /sM0btfqNfQx5P0yvn0E9UurJbhGsI4+mZsFRMWlgMI1yIxpo4DP+rK7l8YJstbZ
- OpHloRez3bwZdpAzL2tzJgfK+U7DqSaBWSezWKVTD6mUORNpZVhtMJt/mfktFtuJ
- hyLs9KVtCMhFfF0hO/AY8efm6DTJpbCuRAUSw1wPteQvzTxCVf4VE8Fkpm5Ij5bi
- TkWPVhfeLkQcQlRTIAq5K/CKn9ck+5apD2ew1kspPQQXVbF5DGtO2ekPGCVzw2mI
- kzxNH82ajjHOYQNJVe+L69A0yrJvf27BR+dVkvVnTwo25cKzRLKUTUkt3QQyDCfS
- XAFhNN0aRmQNxj1oAViXSp8CEQ/rPifUEdK760ukcwDNEM1y6D1ky3O+yR1TcTFe
- 40BoYos2qbEb8Wl6M7+mOem8O8e0/SvE9ktjSUaUEFAn4GaU5kg61Ek5ISwa
- =0Uat
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1ARAAtZ0xm/ZfBtEbJXB1DyykZmO8+q8+N0ZgKAh8g321nxcM
- Z9f1Dvpnq4RsVsqJkP8hibLnu+B44sKcAMN5j0i39k5LwJ3q/unoJZe0vcf0wbg0
- fid7Z9U+D8TJMenS0o1TfyB0bqRZ+INwZYo/q0lxGCyr84RWPqyGGTzgRZh9N33X
- EsdwaOhUAS9sFmkwciqFvuNW7Oz5zU0K1SQuK29GEtUoq4EyQJ7wWg/e4sxm8jmU
- /yTH+NlyLw8p08YbkrKgVdzgWQ+zzNfkSvadtRs8Xix9XV1GzD7tXIwZIXmWQD+M
- CA8gTTAmu7k3V82kN6BhnVYWFlazd5rHLfQCVXV9dlMWXUepnOoGFGq8Fsd9j3Kr
- 0OTnLZrZO1+2snMoXMUoqgJpCTrxgC5ix1zYpfCqd8WeAWh88ndxbsR3T9xhrVbz
- 3bxpgXa7BgIaL/hA3svTuk+/psJSQK8ZY1z2Ehj2Evg1KEOIz/g3CtIQY2T/8i6E
- GBkra0tVUqAbnxhGI+rSONijQbmyXFv6jHFoRkCt8h0e4CRuXxXyGYnegNA/u6PU
- ifck5iOy7mSbcLxjLvIKT3AgB7HAyhF9NMaTTruNw1gEaLscySRL5UstuT2bjVk4
- xu5PZUWTBMc4uAnFQdlJlUM7gaIHAreO3tt40B4mWT4em574YGuBkWqS1/vfsVLS
- XAFUjgAEUud/yBnM4kGZaEEXVoPTiHXMzzXvqazGXLWdy85yyH8Vc0/G55oIjmka
- gp/ae5/WPFQedYSVPmeOCzZYe76V/LdudID8ShbYqmPPyCZNHEwWSQTRYcl2
- =TSxz
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdAiWvVhgNgXZ1xEKTEvpC0EeSl6RmJ7NPJ2m2/TXwdPxAw
- GTWFhnCOpN9yOhnTx01pYBT+DliA8I1DQkzKWcZZLfAWRoNtZt/bY94XnwffJBG2
- 0lwBj/ewRld8z8+qKZRAwg2B6cJODdzp5UlqhM5B25ocH/YOfOFLOEdwj1mv44O8
- tAMopgKi/krCTrm28ceeYl7Y8+iA0EOP72BoS4IaEb1y6WhZT90rXq43J3JaDw==
- =UNES
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fARAAlJsKlKsKrONfko5V/yrsITbkZOsZQdwjPv2+BpmjRxI0
- UCN0vl0xhyxhKIVJkuL5nXOzmoW1Vux6cZ60OpdUxccvMaQ8+Y8CuY5jSTNKrA9n
- ag232Fm5P50PBbvH9LPtz8DzMaCNG8Xec/QegozAmTeFHdbPvloNpb6kwTYqR5uy
- vNRVnN9uX0LUPdR4gRqsQGD6aFJ1oXVAw5G+j30eD998NOrnBBq0zDarjG2ys2/Q
- EqYRvqW/wUpNozTdhlB4JUcuFBmNhWaEKriPCXDD+NgEJrapdEK8YFr6PsLkzQ22
- zkFxPItkXbuAoG9KPskMYygeChCQKWy4WfMbFK8t8wnywhXf1zl5yvSKubto8wtD
- 9x2LB5R+cW3rHIdd4jWZZuyv/VLbL3SEpVQitMXmz8Jj45yidCiL3xV/t6rNzWzh
- E9/PUYEVGKRZV9mte+hiniVYUMHQniAwomaTa7w1EHTE9sziGPrPTqb0xGADsVmd
- XBiKhyqwatTgnmsFNTw8gr80hI5CJpkMm8cpAKOXTHP5zzgpidfLTWAnGWPOu2cL
- fpTQZ6s6Plxv8341JL8+/FFl7wEeMrMDdDZePkEQXXhmbOlQBbhGCNE5WxZVrU7o
- ZYhQd5Gg/q65cTUJfcpmQZLYKy//MYVNsxEi8Gt3boinvq+opbOt3fGoU5b35S7S
- XAFVTsQgr6i2aPslkIfbZ7jCK8H1/t5CGckcj38ekkKnc+qFo04BHYpdzrLqjM0o
- e16w/tILSlWFz1aGzS88rkhUDjAXJvPVszZziqdoF1Yhui0eeqWX9lwg3AY8
- =VP6H
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoAQ/7B9zToh5Sjx08QIWHvCSU3p9gcs6TEzntEmomSC+f9D2m
- HByLrfkTiizvAnoa2m8x7W3hocFGuWiMO2Out2HTpr/wS36mRuTNmgfWb31avhyt
- dTKBiPJzL04LG6kT2sVMPlfbhJ8pZ0YEJz9Qwr/HTqYVuQNdnARXu9TMU7WTRlSK
- XcyfRU6ioDC4HAidTrq+D9udY9k+UyT/Xx+98azpOpa3bOeHqKmsMEevJ+lBs9BU
- bqWFEKxkSNPHnMMVc2Ii76ng1r8qDVWyLDQ8GL+0XmNeWtLA82D6OdASdiUT+Wia
- mo8ztvkOOQUNXaBPk7pH0vIVBEq1WrmpIbx7uVJF646DD+MUAPpxpQW4agrsWB47
- YnnAOIY6JRNhwSf7/o52fereFT+CIaHCBTk2tsXPznZt5Y4H6UEZJ77xW5clEiCA
- hsY+orVXGkyejpuXb/W3l/hl0vWxhpErDeEF6xa71rGeq4gdNdGVki2zdAWlB3UU
- sMNdBKvZcFWcvVQhKC73OUfsDieGS8CdWGn/BsjZQX8Jtz/9D8sTe+KwvIt88NRM
- muSrfHPEd6BfDmZcqlqWGXg2CoN1/g8pprYiFrKXuuPy4qA1K5ydarh/mFNyjX6p
- btOgsWDy7VdSOq3vv6dVhLaIB7mszVzLfdmkgOr+Hm5pTvHIqZhQznIofvgcoW3S
- XAGKeM5Fjrv6nXEW0Xj4zJ4eC11hDSyXeJ7P7+U5KwT0vixELGVpQv0axRNNaPNR
- jMku1rVHdYRGNNquiL2oJyY/V8jFJtt40rTEvoALy3pbnrEdE8RG7NxVpPes
- =ysNG
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqAQ//Rt/1s0yAosBekTFgIJhDggMHVy+4BSMcX1H6ouv6hYNG
- zEFd668fDcpBAq0hAXalxh8vCpZC9CeYzX5a3qlWvsk7sUHNsQALVZLjwN9HHfm5
- 4owzgHbmGd8BINtoirWa0GgqPOMX50uWZvPYXDAjdawywSYxLTj9CwPLw9LKo8GW
- b5SBuG0Bz4jWZ591r6g/pvC2Q2ozFUqcbvGylo82rAkgH9lEzepG21Vw7sMdEMwB
- 3l0QsAse6Oc9gKgDeqHutoO0vaASvljC6geHBZ39rNHuEjFi3e4OuKFz8RpWRps/
- 3sHwOydT9Ao0cgduUtbzLm/3NHvcH1Hn5zJvNkoEPIhnX0ynJ7GzM5n/A3MW8jRj
- I+PX2dcVHEzIhdTcbjB2Cmx2xYpY/CBp1Z5I+IhqnJ0Zo+nwDPldn5rvnO7hofvt
- C1adexgMKPGB8zkojRxQErkN95IFaiCbDiwcQWC7ZI7OzDGr12S37OTJrZf6Fqyg
- 639k034mFZUR6auDGLqAmzXYmD/VcReepsnl1Eqke7R3w+n7RgBhCAoQjy5mvys+
- Zbe7ooN2vAe8WcdqcCnwwYc1kFNebNQE9L0coLHsZwEZjhYNCPyGI+drGKigezhR
- abp2XoLItTiYqbSy3fD0K4Y0aV6kDwFJQiMedZGbqN4nTJcTY1t7V5GTx8pPfSfS
- XAGY0zsoT7EX3Cnt34J5YSNRt8hyf6YEpeQHDPyM9Qzlp1ppM8lvmkA2KhcJZzBL
- fMBA4S4zs3qi7prrgtNsAF5Smt69XzoyOuo9qofN+776LVWKSyjfQS6ZNe+R
- =nlmA
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdAyO0n+fU1kq4NR2/Zf8SHKx+6zegT/HCgDkpM9DGh/now
- db5MRmmINkcRSBE8583KwaSiInuYSqBaw3UxOv1VRZvHnsVVm2AWRtBaYdpnfRLC
- 0lwB8TVBhkjNuMRtIiLVdd0IzWaXPmNTW+MGHtjfFocnor+MMU0zIFucRMY8L9jt
- eLntMuWw8knwJ7l7kea8So8+bWLlCouxyEWk/+PuLhcWiGBh501yKhkREagRuQ==
- =Kos+
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdA+EeOaqri8YCU5eC4iwE66pHwS5bJa8UGO5CNi4t7JUcw
- 0ZGI75VZydgTRWSaCB1AGyix1oviS5ans6i0KeCtciYTuaFl+jPbnJL9EtnO1OV/
- 0lYB5t6/oT1J+mRr9mocrzaDJOZkv6xy+90QGA+NFF82bKWvQI63hV9bhuC26WKW
- CWEALAdCLDo76JrhcqaGjmZrKDWi2y7Ju6rXk8RT86W03y+eUHloYA==
- =AqlY
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:56Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+AQ//X6diZXCicV3lW5GSRRUG9aR+AmtuZtjDXvqatdVSzYR3
- NeGYYmWwHaPAfQrH2i07c1JeDt3RY/aKo17afSdm3jrnIvfAAFZbPQ6DTA6jvxlJ
- eDKJgExHGR2y84EWerQYgKYwQFROiOExNotRKoDP9WEvVO1fEP9JpkxeliRi5+hH
- 87uGbhEZGpn5QRF3kkBLvS6zx40wQtdXehXp95eD2LAbgUdlfZJsBsCQ7rvOss6l
- CxOceLJPZG2ccPgi9eu6/17+5GyX606/bkzOZefSKlv2ifkIaU900/1Zswn5GU1I
- D8xibc1gM6j7l+Tp8hevUiN+lhv8LWiyCk3ph7b9MrXLjcBpeGRZUq/sj+ffZdDH
- zxon4BAgYSVw3QvUbi8TrbGv8nH6uxWwd1WOeEf5pHpqSlWpIN+TTXgvroivO93n
- bTwkiUH7mmHdZihJUpE18Tp5dipvmKW0t8cz1ahsK4WF/mlIOMTg2xJ7gWMvQO6/
- 8ZpW9lIOzCirYn3L8kG4rtAdaOyk2yhQMBPJGas5udXqn8nfGrHG7wJoR+NgsOxj
- l/FkOfc2jYgrVSYxK5DiotWcxgg6lpV8b0YngJF+7+R6wC+E/h1ux+L3y/wH4lCd
- ioC0iGeJfHdo6C6dmlHNRzgJOKAQfQFATLvcrlIYm3ejrDYYqMwxxmTkHSuZBljS
- XAEaFIbQtogDamtHcrF32E+5GzNeHm5SCNhOZle5KXnHHj1s9+d6YVG8MNLr++N1
- Rjr/RLVjOZOcjzF4eOh3DCqbxaY8YaubH2zAIcBk7H1dhmaVR6tQ1cn8v8u3
- =PYNi
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.9.4
diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml
index 6ab1c53..1d033de 100644
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@@ -10,6 +10,10 @@ all:
ansible_host: cloud-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
+ eh22-netbox:
+ ansible_host: eh22-netbox-intern.hamburg.ccc.de
+ ansible_user: chaos
+ ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
eh22-wiki:
ansible_host: eh22-wiki-intern.hamburg.ccc.de
ansible_user: chaos
@@ -51,6 +55,9 @@ all:
public-reverse-proxy:
ansible_host: public-reverse-proxy.hamburg.ccc.de
ansible_user: chaos
+ router:
+ ansible_host: router.hamburg.ccc.de
+ ansible_user: chaos
wiki:
ansible_host: wiki-intern.hamburg.ccc.de
ansible_user: chaos
@@ -59,14 +66,6 @@ all:
ansible_host: zammad-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
- ntfy:
- ansible_host: ntfy-intern.hamburg.ccc.de
- ansible_user: chaos
- ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
- sunders:
- ansible_host: sunders-intern.hamburg.ccc.de
- ansible_user: chaos
- ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
hypervisors:
hosts:
chaosknoten:
@@ -74,6 +73,7 @@ base_config_hosts:
hosts:
ccchoir:
cloud:
+ eh22-netbox:
eh22-wiki:
grafana:
keycloak:
@@ -84,11 +84,16 @@ base_config_hosts:
pad:
pretalx:
public-reverse-proxy:
+ router:
tickets:
wiki:
zammad:
- ntfy:
- sunders:
+systemd_networkd_hosts:
+ hosts:
+ router:
+nftables_hosts:
+ hosts:
+ router:
docker_compose_hosts:
hosts:
ccchoir:
@@ -100,13 +105,13 @@ docker_compose_hosts:
pad:
pretalx:
zammad:
- ntfy:
nextcloud_hosts:
hosts:
cloud:
nginx_hosts:
hosts:
ccchoir:
+ eh22-netbox:
eh22-wiki:
grafana:
tickets:
@@ -120,13 +125,13 @@ nginx_hosts:
public-reverse-proxy:
wiki:
zammad:
- ntfy:
public_reverse_proxy_hosts:
hosts:
public-reverse-proxy:
certbot_hosts:
hosts:
ccchoir:
+ eh22-netbox:
eh22-wiki:
grafana:
tickets:
@@ -139,10 +144,10 @@ certbot_hosts:
pretalx:
wiki:
zammad:
- ntfy:
prometheus_node_exporter_hosts:
hosts:
ccchoir:
+ eh22-netbox:
eh22-wiki:
tickets:
keycloak:
@@ -155,6 +160,7 @@ prometheus_node_exporter_hosts:
infrastructure_authorized_keys_hosts:
hosts:
ccchoir:
+ eh22-netbox:
eh22-wiki:
grafana:
tickets:
@@ -165,26 +171,14 @@ infrastructure_authorized_keys_hosts:
pad:
pretalx:
public-reverse-proxy:
+ router:
wiki:
zammad:
- ntfy:
- sunders:
wiki_hosts:
hosts:
eh22-wiki:
wiki:
netbox_hosts:
hosts:
+ eh22-netbox:
netbox:
-proxmox_vm_template_hosts:
- hosts:
- chaosknoten:
-alloy_hosts:
- hosts:
- grafana:
- ntfy:
-ansible_pull_hosts:
- hosts:
- netbox:
-msmtp_hosts:
- hosts:
diff --git a/inventories/z9/host_vars/dooris.sops.yaml b/inventories/z9/host_vars/dooris.sops.yaml
deleted file mode 100644
index a83a288..0000000
--- a/inventories/z9/host_vars/dooris.sops.yaml
+++ /dev/null
@@ -1,201 +0,0 @@
-secret__dooris_client_secret: ENC[AES256_GCM,data:v85gIBNH4s4j36crJ+Pb2lu2cdZpwz0xndHzBKZNGKg=,iv:Rlt6R7JMcHTAAVPiTtFaxqsWD8G5B9Ab3yqItYdFR+E=,tag:dlMHaxTMx3LgOzCsTLUdzw==,type:str]
-secret__dooris_ccujack_password: ENC[AES256_GCM,data:bHeftSA7eC1cSydBRumksRgw2v0=,iv:X/pfsvQPZREifGjHDGx8mVk2TDrlrRVb6MiAr01wI9o=,tag:ti//x7eDbheMG6Hsn2KBlg==,type:str]
-sops:
- lastmodified: "2025-05-29T13:28:08Z"
- mac: ENC[AES256_GCM,data:SkqMlgJBdM+CMLE/um7m8V0ni04Xi3S9GovNsADrws6VbSWTX+50oc6HtWl+Kj2XugLfp2XpVnlzggCiq3fePsdt1af2+ZfSCue1d+dexjo5Q/gvE/olKlmn6aj5qiosUsLgu7v2bCOIb9m9WiEhlQLKx1wGiqVNQDabiLOJV6E=,iv:NUUOcXtbg+xMHqthipKpRAWLTXda8rup4aCbbP8sVEg=,tag:wyh+hrZreOyT7uQQrghb7w==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:58Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtAQ/+P4Y/6oXngawMZSyE8nrizlGEOL+SD1Uc8A0+pqmB5RF8
- RLbDvAMmicGGK3dAj6WaoCEl3F8oP4VvWc6pQC9xaRsaJRH1hstajavI46xv3GCF
- ILhitEd6HbDMrVB7QlzRRUwdpJN9/+PSORRK8PejiH22+vIWnMqiYVM5fjoJD8KO
- rPZjYnu3b+uV0I1gCQmp11+dBk4sizxr0w0bDNGJ3hMzg/DMOqmJUK1atXg9ooBJ
- XwYlVFHj60TS/3so20EG56mYEYyNyds7yY9N1mA1S0SyWoIXtJbEYYriW0y7FOPd
- f8kuLp670IJotOglJThq3BP0ch6LxL1DpV4E4dhsxwq4zbujR4H4e4Fl15kNj3Ca
- vtCo29yd8at4Hmct+sNyFuX/zGYLZXrl0mKnQq1K22Ot6x0tdQI0kSijg0moUpPp
- d/hx6jeSw2TFIhwm2KhnNWOsFSbmREJ0L/rJ2yhunV4UTHfjqq3eKFI30wnC4On7
- qM1u61sEJcULx8Df9yqnRa+PUnltlNuswFBJw5jZ94H2k0CWXAjtfDGO/aVjD7QW
- bGngJdxu8+zNhCEyO1QxQQqjY/dFSxwzRlv/jRpD4ragM6AgWgRehqrVwut9yMjx
- zf/hq4XeQueVntCZ5UqgusT9zcwZU7cGr4Hl+EeMftNyZ7VzIUfRZ7pv/pBSnwrS
- XgHjRqAMR/c+BGmsRUqE7xmwL3YlPCVTXvHg4C2JSruiuYOzeSnKGy2JB4Yq/+wM
- auoFgVhOuuwZCerXiTNc/Rj6KF8MmHtpqu3c/NCY2rYsaN3tl6jvm65YDy6ji+4=
- =4+eJ
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:58Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2AQ//UYavx7nbBECdEhDefYN1Pk1ydInIBa6MWCA7GGNoVX8P
- N/KDvuBwJGSONY9x0/tpoBRYuLdefDIkfnHXAMHCKPDjyTuFHM7WiqJRNUaChnMH
- j73ecjWB8kImCNA+OsDwSYzs06t3BOuYPauH0Vaba1jYN5sKx0SeFdQJRZBTPZkO
- HVR1DVGvSK1jd8d9synPJ8ltvxo6S+JYM7dOHoVI8i0Shzrn+HFg32s7ZDLbIbau
- F7D4BjzTzdDX8FvT0NJO+Yqhk6pdc8586o9bO5wzfTTqsEEwTaXRrImMa3K1pQu6
- 6G/6F946bW70ie0HmNrzt6gUnyCWWM8Oc8gtyNG2+wVyz2Zh5ttCgFkvHF0sIyiS
- AV4JNGVs++RZUmEfxkr4ZfMCQjYToG8RFTQQQ8WUDm/t1OJIEo7lnupLuvWadvwO
- XBatyEfUNqncY3pFUtEcjWYTafZi+FQteBNUv4c4JNRtG3efFhzvxJNXBfqVXIKe
- 7Uke0KkhG+HOIBQvWc/7JGSA8vtmIuGCOD1aDaHfwFxVEYyBnu/m3H4yt4rOaUsd
- 61/XY48drYrEVXyv+4xxV7BG+HaX5boKgI2i+iqZdhdf2Bbbp/PA4woUVQMp4pLP
- 5c8vidwGtZwS1dhOPoUXuYElkMgFUV+kPfQxTwT9RMsB1uYcsL+2e0TcOUQNbM7S
- XgFbt3ySJ32ovWkpu2OqctN1xBtQ3J3FeQhT71Z2mPmnauYUGQwtTPUQVidpJDI5
- KhOwgDYO/ZXxQ6P3faG79gz5cGiKUcbargOISgQrm+gSurxYdg3YCZase8+CwwI=
- =cBUH
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:58Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJARAAqo/EQcO7Bxq5ahIqJJKfUWl1fUYqbXDJKUsr7peoHGQd
- dHex1kkerSC1HTi1Ua9uLdz61nZkC0gLG9jl5Jfa8hBIHpsygMWdFM8TkbR/rZQQ
- 4f+HuiN6ZGmKankMnuSs8nCdqkQFTiMVItBGxGQ3P6cfkZvaxQ0M7U7OVZ1H/rGt
- qkvu6IdcMLfuXnfEyI02bH6nhA5cqcuVdXiA7H+av/AgZxHy6RJCbrAhihNiw5zh
- HWzYD0vt9o4U/5iOpdpE+0gMdj9N41bWsXcDvmhd74HmXdI4mKwb94MB+CTIddaj
- UXTfHeJABVtUSEuq9jnRW5kUKcJl9kZlFbcy0as5tizzQ+g3M9ukglziQU7hm6zJ
- EIPOke5GOu74r5V2wg6Dip55Qe2AQaY7fkQz2m1dDmb2dvakaDzdZ1/KYuIQ1Bd1
- PM70wPsliUsO/UAxvmgtGvEDdZvHBX6C5Ib70DkHB8A0zm43/ZIvB7l3mVPoX6TW
- ZZyH6hTHvF8NcX0XA2sOaP054GGpBzVBqG3I6NndbOeHVq59rN17c6aSNGE58wq5
- G2M4F2nX1fGILxXeGUJVahaib7ZI6DIr8u6BwFGMLr+Td/fUxMD2qdar892NzeCm
- 8gC2v8kwjk0cQp1hv8bn2Vf4TjwR7V5++/qYeXzOd8cQHE55oYZa9GrJ1SLKGAbS
- XgE83PddEBkjuaJLjOloXr1M+rykoPlQ1+UtK5XVW+Kp6EC8JcXRJ35XiZ15ScIj
- nLZpmjD7FbSr4BthLf370LaClX+iQIfPSaDd0DhPx0cbOzsK4vIsNX8BeoIPa24=
- =dRX2
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:58Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1AQ/9HwAW1OlLo2jy47Z+KdRPMMx4EhcYGJKgwxnL0/pzDRod
- TDwSgfas+MsDhx0fx+drC8O+mzw79xGmHQWAEHhZ6EpZlHQRsE3Sn/8nCam0jQ7l
- LeKCyh5MK3n3K0MPzgis2DxR/Y1LOaBnIyL693MCHy5xdB+kIO4kFipWtGlzbUYQ
- /SUUhLXBJv+GzZuEtErgvhViW5cy3xoKoPRzeu6+3tj8rqye2h+GuMl2c171uh5G
- jkGZ8RzYK6R50gwPT7J0yVAEvUbilSNi0W4k+cBg14WRFC8CnMtGngV0PsZxbD3+
- nk0FgTeUq/MAPos6blXzny5xKfQ88/eqX9UVB3VW2X2Gqrrd2WA1zGYwJqxcCqS7
- on+VBjsc+uObCJXTyYH5hyJUtoD0Ed+GxvSoGDiwcmhs+6mvVb3sANTLYCXo4J75
- xN03s4UMlgrzyXNhqL12zlshth6EKD5q4SjQI28fOWgsgOlpcDY+QI8dBMDOPm3H
- mbd09lbvquSdGTEGkCLOGOAg72Ph/jWf65+yYnC7hPCaRxI9K/bfbVU8HQ+rJgsC
- D7ckDKMcTu7uYhFnzEsUqTe0aNS6puuKK+r3XDi+JM3bG7R4AjsYUstj8AD0tOY1
- aEaxnroF18Cr4BrguFjgd8h8waK6DfxAiG53a72v/mNkcXtKOrm7zImpSPEzQG/S
- XgEzCBftKE23Xjg9mzl59muw6+L8JMDUAFWmB7npL5DTqGpz31cpVc6gihlrSiMO
- HXVCUm/pQAJVCdXTqxsjkQmv9hQQhX0wIK7WVxzqAM5R/YzBP/sGgUeGhuSfJkg=
- =AR6z
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:58Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdAG+nf0X9XiYVa6T7YWuwocUM2FKyC5ZzkBepUimI3G3Aw
- LJ0I40vOoEfRoa/q1lEDuizyA4l9RG8EVwi+c6yAT1OuyqI8QcRCwjrzvQoCKTDc
- 0l4BwS5IX4l0/BvSP9F6A98s7HjWwNRInLQNhgOTHgMppnjJIDls9QnKjlnwKReN
- 1DwniCgRWCB4UQrP9O4kla74RItxaqJMAjo5Bjwpyi9UsyHppp+hOMLWamMhqT/J
- =BL/2
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:58Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fARAAodfqlZG5jgwmQrY55giGV+U+UX7xHSzXhBqZXcj+mMwY
- mF656+UizvKgyDQu1IkFJA1Xdqmq59qPwOSDWUpPCxNXUvnWnoQ2klZVLUFcPKd3
- N9851Kd3q7BBcTDqIJvDZaHNnThyc8/x2Z4X6gG0+F6xs2CGsvtgw2CUmlf9y9da
- QYVcEZVl86Th6d0GXXM7VtzVxv7NFb9HhGU7XlvP1sF59d7BqST9pl0CMHfevkAa
- LmTGlr0wLZtOAvbFIHXdI8j5nPSzEJorBlme0q+8fGFOED3tUstvJ2XPgdqKcsGq
- PFZ9hALTTraatZchDhBKusOaEeb/YQ26W/OmU04JVG6CEFjqdsuwee5SubTswYV0
- FNYdivJdVyLiJiRkcWyjOZdbJ845EApPUYap46RHxHDv4p4MionH/v4FsXRrX7KX
- Gcp2LEuv5uhJfYsJ0XmiNXyU55YGsRsNbqM7mIR+gmBOA6Cv6/+HiiYaDAPmvv/3
- ZG/AsHfBgxpVSJ3oTB+sNeiC570kdZRDTtNcwcDeozpQiZGKktcrYQzzltvYhE0o
- /KdtXScTs/wDOIsfFm2SPj02gFFvpn44SEOu++EAFGEapv0cl7y1vprhMXewW7Fw
- H9YW+P/BvjbhI1p8GHY86nBP6UG76uTlb4Dn3GGkTwhTS0ax3iKFJleHGAiskOTS
- XgEhbRzzb33cM1LbxMaOM5ap4YowPuymr5EPqF3ZZ+3FrX8gj0OabzpjBGF+aV8o
- 6o/fFbMSOTUb+++jmejtnvpl7BsyIDHuAjEmPEswLjYr1P4pI3Cdg70MEZCb2H8=
- =FKsS
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:58Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoARAAsGw0iqjlsDVLy20bFGiyXP4urrmxEys6x4+1/d0zEpuj
- mnjkM7MCht4O0i15Qc2OZNFOExwNzAYq1KDeO05MaNW0A8UCi0GmoVTK9RsTy5OA
- poUWQAr1pGJ5mCrrGJRCOBdXqxmEskW5HW/43r7TL9X6EnSRyjJNPWjn0/6IGG9Y
- OWHBnMWevhWr4Vdj/LSQhgm/3TuSSd+cBN94QjtRsNcscTsGgZ6I9FZIBwSu8QMg
- 2R6LZlLpck/Kq6a4k3Yqm3yqh/bCxkHyy4pp0JHmZJs7BMhkmyM+h5riclHN5bjh
- cafMw4HmOm2gNprYmWHBkftd+9iDDfjkL0azNs5EZ5A4QFwsFayqGmr+c2bazifb
- KmNO7XoABubnlhe8LuI6d//hiMJB7iKeKh3NiAeRv3PeCVo3F0DMXkphtF/POMfY
- LiEenCgpuV+S8Yld0hFxxh84abMKyZqasSE7IoU6I++Ti0OsK5ZfEUAdlE2Mx33e
- KC6QPA5/eo3i3gvOb3nh5XBys6lInN5Cm/J0RhuahZH2L5R0UEj09at9XmdNck3u
- TnW8vSf66p3FYDuEyjNOq5WMwA1rVnuHHIx6cjBl0T2COhRFHk130qfAv5Flzyoo
- HkSeUfoM6Rt1Gh7+fLP/BvDG4Jc3PbLVTulAlO7+k300oHrBjXOSkpqO8IM0CATS
- XgEAomlCqti55GbMR+lKgxVDJ4kXeFEUg7CCptesHkux3eDFcxmL7XbgIrlJvh1a
- DYMDeIK/okQhe/W3mMcF68+xm/Yit6I24KODBxagTCe7ArBy9N67Tg2Wzz//Q/k=
- =uZ8i
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:58Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqARAAvL/LzRFhGCXA6G+5aW6fSnR0dPynX5eM5BigDBa8VYAM
- x5hbt4GOblXrRVS80YRC+rppuzc+UemzlX6aZVbgWtgARpAJNAh029ZdSJNwhFfB
- LGyUxvErTkyJZPTHC7hd1B0kdegPr+ZZOvf/oZVYJ8NRlKAIBk+ahmrz+xpjDI/W
- Cy27gShHmNBiuSF0nS50RzE1KBW743ERYmW3qVetWgyQuqHh4h7W1y+YkxgzSDFE
- qgQr4t9g7+saq2zTZVq/TmDRH266mGtjOWFxw/R17gR6WRykU8qqPl42NqsvH/mV
- 0kDZKZ9YTkDJB5C+vr8AbpexHxYzxYcBudgVTnlrB60QCV0x+bWl8xpgtCZ/Gpxm
- 7A52rnA1ZFZi5uj3UQQUA/UyRRLTMdu0w+KkVCxj95OdgG9Ul4D8ex368E1N2JnO
- eu2yF1a5atswxKq08RSFiL9ft82PQuh7ZdjA57byOjknb+21gcjoIGp2VYFqxSko
- bLQ9uw3oMJu+AWYHZUiA71zeigrEz/pW49BRL4KGTq7Ik6nzduiD06/Td0B+4XEo
- xUhsPLnYLlQ5F1IvFPq2FRl3+ZPPR+qdaBR2CCbLoAjSusvAg3z6pQ1D+FkYz2aw
- 64W9lYBDrn9hd9sXbVpoNMV8rqEv/lrREueYdZ6doiQn8WVDcfwbq7t9+Y3lawbS
- XgEmGkxkpyiVRtjDCSFJpRCA8jRdOQH3+DTzb+LPCrKOs+ibKztXXO2wz8nMENMw
- yBBednsNcPNcE/fDXXnRRJSEnsbnROmjnVPWa1VTsaVilGW0dVLCPwtMDpqIQEM=
- =68Sf
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:58Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdAyB6EqNKBRibDLjoNJQa0j+H+b3o9kHcqsSyuFIp9ClUw
- Wq6E+kPd17DtWt2PstpcmYGfnMl3LnnKvpReObUNQeFHgCG/jMLVCQtqdWcu5YG2
- 0l4BYZMZ0h70SKMX8GD5TcqPmiO9nM19beb3EuGHvAnUHoLryQd82DhTPLQPhJ9Z
- o9s7V6B+QH2wlKURcINADZv27EpU1BGQX8hXqdT9vF+JKBuNMv4Y0+svkCB1zJsD
- =UPAZ
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:58Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdAyghr3s7Dt4ZC3zZ5J6JQQb/39WeKOiigIMItG0XMwREw
- oTRbAgrSD/CWSGTgoMJySH2b7yeJ+bD2nvXHgNwvPS0QaJ199pjUZhxzzOIccwok
- 0lgB1/nSHdDSfiO+VzbNdhK+dHgnC77dVbkmjYwfCsDgh0j4I0IiExX6cLixA7n4
- FOvQJmdM5NYOTouAwa0CAIpDC1WkDTZ92jz7HUVuz/OJxQm5RgfDSqdI
- =vhg2
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:58Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+AQ/+Pw+aOaC4FzDEBKFnInfbRJDkJZZcmdmtTYB4L6u71XyO
- bQwqjyneXCKK6/qtFSY3P8dTNbXZ6q5H+pB4LDrk2czW25EOYWSlkxP93BR6lB3e
- gqsTelVjpH8Qs1B6IG6P/5Yf++7hOu1qKo/fxnqjsCYpmqetwyrxImAR0kp4w/pC
- kXtCi9BIpwE++HxvZIYB1oB1+fOWy0Byo8ugjCP+h/LKTjFNDrY8khPRt9uOY6L9
- LAyOFHagyMVxMs+cW2ihObO1ko4f6dIXZvmD99WbkCtK+vBsKX8DWQB7aChbKXFw
- L0QnWn1G1Rvlj7uSCu1LVogdZuB6t0hbLFburPAURCRgHiZroDqdJWYQLiB16MK3
- kV8/oD1/PN2H+kZOmy38Wj0UiaFLTn7Q3ejOlahN+7OOhFxGHFw2QDikrh5+xmZv
- CvHeThQeCDdDy1pErqTZ9nP68y7+LKpQ/gjyxrfPMJdW4n3kIqihk4yfxnQDHM+w
- DwJeRc0tIwV/hdCobWf/hetGw1iguPWQLCc3R4J9INaonj3rXb5yG5HCK+KgqoQa
- RUKUjx6hbCR/bMpgGveG8O2xTPezRlXipXrF8wZSp84+3EydO2018z6EZ5A2fKLI
- F+34M07zg0sVRQhKJ1qryIsmG89NabH68r2JEEayMrHpisBKnBe3Q/n9hvX6ZDLS
- XgFYAgB+TJkdhCZeiwcQ5SSlYpfVlg/a5DJ6MVc+OUfsoRNczCYwqRwpR9mlAJqo
- QS0E4qhIIhM9kAtBECPqy0eUay07PauC0O1Abujq8DQeRdFwnYh04j6GSzeSnbE=
- =f3En
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.10.2
diff --git a/inventories/z9/host_vars/dooris.yaml b/inventories/z9/host_vars/dooris.yaml
deleted file mode 100644
index 5813e3a..0000000
--- a/inventories/z9/host_vars/dooris.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/dooris/docker_compose/compose.yaml.j2') }}"
-docker_compose__configuration_files: [ ]
-
-certbot__version_spec: ""
-certbot__acme_account_email_address: le-admin@hamburg.ccc.de
-certbot__certificate_domains:
- - "dooris.ccchh.net"
-certbot__new_cert_commands:
- - "systemctl reload nginx.service"
-certbot__http_01_port: 80
-
-nginx__version_spec: ""
-nginx__configurations:
- - name: dooris.ccchh.net
- content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/dooris.ccchh.net.conf') }}"
diff --git a/inventories/z9/host_vars/waybackproxy.yaml b/inventories/z9/host_vars/waybackproxy.yaml
deleted file mode 100644
index 18540ee..0000000
--- a/inventories/z9/host_vars/waybackproxy.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/waybackproxy/docker_compose/compose.yaml.j2') }}"
-docker_compose__configuration_files: [ ]
-
-nginx__version_spec: ""
-nginx__configurations:
- - name: waybackproxy.ccchh.net
- content: "{{ lookup('ansible.builtin.file', 'resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf') }}"
diff --git a/inventories/z9/host_vars/yate.sops.yaml b/inventories/z9/host_vars/yate.sops.yaml
deleted file mode 100644
index 19853bd..0000000
--- a/inventories/z9/host_vars/yate.sops.yaml
+++ /dev/null
@@ -1,210 +0,0 @@
-#ENC[AES256_GCM,data:Oc2DdKVMymwkIHbS84TeTQY=,iv:UMhNafqQrHaF5iqFSev6D1uqHPFpKQTkOpYV6JncjsU=,tag:mAmBMyGdzER3hkSkV2Fjtw==,type:comment]
-secret__yate__sip_trunk_epvpn: ENC[AES256_GCM,data:BkdNaCooUjsDlCXJ,iv:saO4IGsz1HAinvW5ZGAMA4WEtBbo+UNdfBkr0g29uag=,tag:t8RM0GNYhl1w/RMNO8wKbQ==,type:str]
-secret__yate__sip_trunk_fonial: ENC[AES256_GCM,data:N18C3XZHIi1/IA==,iv:vs9dCYNRp+1ptxRajdUO5ODTOmNREJslF99xnFL92XM=,tag:IUmnlPeRI1WTRYELzZRk/w==,type:str]
-secret__yate__sip_trunk_fux: ENC[AES256_GCM,data:zcVxNjyS3BE2dw==,iv:Prmy8nP1yeFrVI5mQaPJPKHGFCzuZp84f6fH04I9zJM=,tag:X15wqvaaifMU2/kcqLqUZQ==,type:str]
-secret__yate__sip_extension_ewerkstatt: ENC[AES256_GCM,data:qbatVvfXZiUcpVnOJUpzYw==,iv:E/fCmKGrwYvQP1gGvwT0UrL0DZ/PcMwKG+NteiukB5M=,tag:PFmU0DX56+IbSQqMtY5NSQ==,type:str]
-secret__yate__sip_extension_fritzbox_analog1: ENC[AES256_GCM,data:+ayQ6P4P34D5hTNOFv3HVA==,iv:UD71G07Z633mDmvnJVei9SKgHyM+JFXJdtOhyBhvKGY=,tag:0ISsYGQCIMMgToLWA09JwQ==,type:str]
-secret__yate__sip_extension_fritzbox_analog2: ENC[AES256_GCM,data:DbFmTcZ8wW2fqstm09yUWw==,iv:jKUqtSXaGF/QpIwPJ6hKQWZvv9xtZeIQBiPHt2xm+3I=,tag:MkWzODFnWZc8o+pVLR3KJw==,type:str]
-secret__yate__sip_extension_fritzbox_dect1: ENC[AES256_GCM,data:87MFTNA0DXmfhesT/M++ug==,iv:qDM8HWZhG9FADLFNPRJXkadN2jXD6/CfroDShNPzA+o=,tag:Ylf56nCczEdDaOGko5GrBw==,type:str]
-secret__yate__sip_extension_fritzbox_dect2: ENC[AES256_GCM,data:KOUKexyzJqZPj1HKJxFl4Q==,iv:OCChQmSF1s8C/VYuw9D3hHA1CAoCnwC4adyTpWO5Iac=,tag:VFFuYi5Nd49ChU1Ki/nHiA==,type:str]
-secret__yate__sip_extension_flausch: ENC[AES256_GCM,data:eIieA4A/ZmU8e7t20xwmCw==,iv:oDMgZIjQBDcwIVPK4/qIT1HyQKc+vImdr1iPZE1LEn4=,tag:RgS+enGC6DP6dwE8u30a6g==,type:str]
-secret__yate__sip_extension_legacy: ENC[AES256_GCM,data:gC43eKUOAYU9dgNV1JQ+nw==,iv:xN7aad2NPaihlMT4Ym2xanpKU4eX04V0FS4m6XRgZFo=,tag:Oq0yBCSf+CB8Xkx4D4TH5w==,type:str]
-sops:
- lastmodified: "2025-08-02T07:43:00Z"
- mac: ENC[AES256_GCM,data:Irv3y4/QbofyM5BvE4h/T6zNF3A6oTjDssMOcqmGxUOGpqL11Am1DMHBivkUgEYe4ir9N0kvPUmed1XOyDwImrl06E1mGAT6hOlfVSYKtZP0Pwvi4VVeeP6IAYN56zu8k4X8oIxv7AEfS3Fq94sJ52Fd3xDPPCG4aVtUXxxDuwQ=,iv:HdqbgUVR0lIysZnnPkOkW9gDp9G/EOrHDkwmQH6LVKQ=,tag:amVPLxjvx1Qtv+v27SGtGA==,type:str]
- pgp:
- - created_at: "2025-10-13T20:10:57Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxK/JaB2/SdtAQ/8DrVTO2xvkFg6N4Klvaii4KqEgm5h9Vdqb5RZWXIKXBsA
- JyW3EANye3lI3/HKkEztbOTDZ/NuL+4pJR54+KUFq+C768cB+JEZmY9IFOXGN0mX
- 0qPYzAbls1v0yDSwBHDXj5Yc59CT7XK8rYudJOVTZQbsf/xM3wfGh4oXmFBmyCkF
- zcPyA/L28jmAeKrXIIi52V63/3ipCjAzh2RpfrGxISi5F14mANToHAp6KWsin1E7
- rj2wcq3F+UIf0b1iRlkTAwTA4C9Q8TpzZDEjKuO+Kw62m8wa+mgPDLkxbsUmJs5z
- gM1HADpQrb6NtaPgXBTUL38+MPq0Uz6B18YJbSVydJbJ1HXFMpaPJCLE/5V+2+zA
- 92XxhYu+fV7NaL9Lw652r4H8ZErZLvVDfdRkipeIh7+sQvBQUb6AmCSKZUo08CtK
- HBEeuF6CG2h2jlisj4eRDjbB5ognoCT/kAxOYXN4Vwf+ycAKX7sK0odQ81FgOpsT
- psjAkAJLE1l9d95bMSaO5uyMD/uKHbvlHJ/wk8X5AHabSI5Hy5zK3AKkJlgKO/hK
- q50BkVaHHZFThAPRSzzBjRsjAJhuMi5sdNaG0Uu7S95+Y+hoX/2y7ZHmdMYcRY9O
- XaeQcO+EDxF69GKfiK94yjJL2iGjoIX4b6LlCB1pMrgWulSGey2Z9xbZF6CYTVjS
- XAH7OHW6r/Ru3Hat4XTFwDi5Gox7MrAsv3JZTL5r/CD7bRBZ84P7PRHWDFfDxgbJ
- 6tAQRD2whP/3GG4XvVs35SJ5vkk0qEdXlvp14ghPfmphbDMN8JJK/efzyyn+
- =5kn6
- -----END PGP MESSAGE-----
- fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- - created_at: "2025-10-13T20:10:57Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA6EyPtWBEI+2AQ//U1w+VzucTyOBNrttljmFoiF81Oh2180qVNwH+PIJZRsf
- p9SKR5y/l/EOrQHC1KR1ld+M7fMnXxrDKhKhyvfC9I6w+XNWqHqqVNA7RYTWuSCI
- c2AuEyWKWXpchQE2RK7hA5fdd47TmFfXmohSdw0/TJF4LfSG42Lz+Du1b3nyKXqL
- leWXC/IP7gsGBmQwSFrecdoQ7HK60w06xiEJSD6XAY+RhuzGK3mOjw62eiBqb4MI
- Tiptkmw/wCvsayJqIqAssVOJPprPzBl1i4hfr6SNFPS1GiPpaiCjkbQmqY2bu9pD
- Jau8AyRn09UV5VJLmb3lOiWKlyO8VG91Q1R2xqGNp9jQtbrRBr3hVQwsdJC4WGV6
- n3VUKhhJ6AYaZHhcfmf+aYVSD/SfOxTWixAfv5UAVLtNqsVRS0qeCWC+lsd1W+U/
- hXORfrv/tipnnY65leWrePxhdpFoub78pMTpNbipwufZgMPifm54XzEfMTrF/oq3
- rzP8RdHs8+u0gEyn2ovIp1yKOI+b15DTVyt6C5YRLw+JeykcbtMRDDnAKxN2F8j5
- 5iY6Ord2Z2Eg+jBvrG212IroI7yGrXKfRLfCFYM2Lpd82PUx2sV9+xZH4lYJ8flc
- oeA48lUGcoVhEEmWrwl7a5mrdST7HGOdZVBFJIr78Qo1FNMn7V53yGbAbLGv4KjS
- XAEsOsXNdHVCaBWkm+rFJ/HrQ/6FS2l9jN7eO7SyMUZmceDCjgoI8LUSuZJ4qRI+
- DeD34OHX/nlaN+2iUNq2VSJgTNJVWBIlJndusXuzSKI9TTVVzSYYn8Y8sDpb
- =zTis
- -----END PGP MESSAGE-----
- fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- - created_at: "2025-10-13T20:10:57Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAz5uSgHG2iMJAQ/9FYNXETmqENgmxKuHXohSN+WU0/wblJLwQss+d7AJnu1I
- JpcglLu3K8w/ghd9I3BfrUDHrYyRaGZ8bsTbPM8/lxV51dWbQd17yYGYtxwamgV2
- EY5b32l4w6Kr+QclO5Z/lmNA5Co2WVLkE3tATO24cfuNcH9JS1paVijaAkNXb/8E
- ii56vUYZessPXus8Hbgsy4bF2ot4Y+h4dNHJ0u2l8a0CwZ7pa1TvXqtm8xnt/stJ
- lOtpXFyCXZEGvpNGJkJxEJHVo6WibdEhee+GQhGRsh98eZLPE2G8gmMKXpWJx4n4
- 83mEApQGrL4e+Bnxh9XDLs7FXyMtDEcsw4tps2VEQkPQ2PEOEOZXxJc8OxsV1aGA
- CWqczWK90/tI+ZNu0y5fEs5jkWnc66Zvu/TkoUpgmZ3cWOewfLNYbbZ2k2/kLUX0
- JVnrNQ41KD1FDVuVHin7AfVjsdC4Pk3QOZQuxumtmhbAi2hpaBB+KJOYcpovs9Sc
- 4A6l6ZXVbdgyy6PYqhgEI4A3RnsKoI7Id2t8Urm2kOMAqpqnOa3K+KfsglLyssbW
- jNN9rbtDA3Nj0etGGtChE3sybt/G3kDhm8IGDPGlExS0lXuiN9WNBtzxzwgMchVH
- PqpvYaHYwFZ34rTe7wy5681Ss04cFsKJs3NiUFAbmZn0gaFWqPEIewbo+PMVMDPS
- XAFapF7QhyZwom2515O5m4QqxU63ZIoMRQKBjvsRwyTnJqXXVab81vAhX6iq7cqR
- 2QKxuhNIKAvrLbllJi1a1pmKQxtpRBTzLJjplB+QBGgTQZQMpxQ+sbPL9GCc
- =nbQL
- -----END PGP MESSAGE-----
- fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- - created_at: "2025-10-13T20:10:57Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAw5vwmoEJHQ1ARAAxHv4uWEGtDZRrwsX9aiNS8NsQC/1ITIoY9walqGsvhpU
- +s4yOo3yGDbjJIrkWDdg7+LAY2Os9acQTxy3589pyDSMUEo/0wKonYfrebBteXiw
- wHyu7hXBTdorb3OMHqQxm2/aettqLDHk7H73Hnd/nrFggxpVlYzpShq3vYXCDEH+
- OhrwNzTtKWv5hrvO5L+RLBcKbJKbtGgLnu1ybrWsDGAf5np0NU0ogMQmHjMADjzq
- jqvaChv/Pa++57NorJILIUAkb4DWI4m6WvtiAbGBxAad7m36s9kzNyLxjU36B04N
- mQNrxF8+F81wuVpGXIEPDX1XxHAiDeQR6a8IOMvy5OhADqoobAFDh+cejzxPt7ml
- lqzugaxMqFGWzesgeExwTCTaORr28jXOcLWo7gzZSBzgYkfe/7HASviWgDL3Y+jH
- j0NL4hIZ87dCjY5A63qa56gWqWrUjn7CmjcROX57+Y8MNHYoSrGKnuVhetkZriRm
- SPvjFox7HGLst7aALxbEyqXj6yQaWXi4moGHImXUA5yWKxTl3ZCC++wq88mBVglm
- U3fX81XaZJXNnG7dtaZPk/om7MHA67zuy/FIXSSxVf7wyK+6cvtWoN2HPzleVXie
- mK7OcFKmzax1ojgRNLmcbHQcdJoA4nK58AnQbZvRJDw7FQ3b9ainTBe2nmrc9FTS
- XAG24SqSunZHTfNPha58wB9Tz8eQ/CmCfodNsClet5Nirj4ZAzm85YC8z4iLw9PN
- DEXqWw/GUs6EYGE0QYuqIUiNMEnowcATsXXrTuSVlX/FudZ7nJBuLG5FqwJ2
- =dCvy
- -----END PGP MESSAGE-----
- fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- - created_at: "2025-10-13T20:10:57Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DerEtaFuTeewSAQdA/J3hvNw2zIKpSydLiXh7RKFHOCKcacZw0xTohfwHPCEw
- INXjpmaKQTX1rE6qAEPpy7AAXuwrAID73QZFoOkj6j8fUexq6UIF9ov58MKy2bgo
- 0lwBsNGWUkhHBUXXCOs6JfUR4KbVQwLYxWTteFgqDUF7TGvK4sFqjUyhN0MA7LSs
- YNxuobepZ0RFxG+yMO4wZ468A6Re/DlM0hsUIDeC1uoLyhJZy+WipS+YQW6jAg==
- =1evm
- -----END PGP MESSAGE-----
- fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- - created_at: "2025-10-13T20:10:57Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMAxjNhCKPP69fAQ//Ts4opuQ2hl82CNDoi0i53p6nXFLJQ2OuozZ0C/8MvqAD
- rR8GeLKBBhCcFgMzvzKeQXr5kbPFOMtTFo5+zAMj7m5Dr/WIlCouVRX0xGVBcRgP
- 5XtWaLJ66+5X4y5ynI9EfcDD6vgOoTOmu0vp9QYrzMuOzMWzLWdjWuClx4Zz7NCa
- dXm3FXJPMl9BIwKlOxDeM7w7LYCbGhj8XivSfMdZFh/855rN9T+PeBPpsalVgw5v
- 3PQiFPXLvAq+Dj+NW8UqVKE5GPfZQj5eFiwMgA4gnuYFxKW8haJebXiOP3dqT9EV
- 2wRYQQXLhRKBt4Pdl6esZGDz1cw/FDW0G5+aEg295tV3VIYptyeVk+PF3ZZx1ymw
- gC46HKXj3MZOhSXBXeHeFGbHoHRFEETHYXgki5zdJvrDh9DUvaXWmx62Luf8u/eV
- ao7wXO8zzXFWNQM1C2/bFRlAj41pqMKESeSPrK+BTFTeaNTt/XNQYxBqllcVICA3
- jgvhrPgZaN0DzRs7+5RrDAe0yAc1Zrs8QC1Y81CikxG03PvBIyFXRAXz2BASN+Af
- yzfwz1BwEd0sQxYKSKToK86JGD51edvYi7z5nETGBrQheJSU3MnqOO/yFdsZrvtb
- HYk77eqHuif6ZzfHylUVHEoS+nyUjgsLeIfMDoQUdLcLAjn44wp0CXRHya5ZsZPS
- XAHD2X1aq0vs7qHG3czvG7tRyFK6+aQ6PCWWCF7IiX4fagPMW2eD1li+uqdu1UPM
- fanXEfibFnnpPMQG4j+W+r9plwUv1fTP295trXNzKcBldNqp1IJX75gz2MzC
- =wsfS
- -----END PGP MESSAGE-----
- fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- - created_at: "2025-10-13T20:10:57Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA1Hthzn+T1OoARAAtM6V34YykAdgHBatDCQOqclPueg6glMsUXqsWacnl1Ui
- fOYdy5QWC4Slhr+W+x41svrKDAVncxaYrwpBddi+KYjqh5eWY9S6dxhc/8ni8+Sy
- 1TwOB4jPt8U9txPxrRlvenHITXMHfbekjkYT6efK6ougO/Au9hXJOc56dGAoJZOP
- KLUGUxES3r69e1FoE7JlFJ0NDVEzF5Ald8l1DqTQEBSvVTPGWTgig0K2BnFg77ip
- AK/P42eQktooFH6YEeFmgQ4O0ti15xyEkbMJ/5hg46FI5K/GwjpsYgVsVo3gvrpe
- Uw/z0f5Fkm6JJ1YHpycSu6OyK7OmFR3Bft8+57DL0NNadPBlt33oGq4P+r6xSkgZ
- 5NSRW98hY8xhnduEPoe09DazeZXxeOY3kpMpSvsYYifAVLwMIAe3oA0USxn7mA3i
- igHeyWwkdRDU290h31jkGgyULCXeCoQ8uajF+oknGYTDra4Qn0/pF7igdLEZQvlo
- 7Dz+OTiZeECyeIQRuwAv2lQYonCbcTilZEI26RCXOnfIjB4a+nm/6IauovqeEv+4
- LtZQeVTEPhWDBAsTApPZz02WOiok/cYqa20gpBPb4UWLNTFzBRUZHbDsyVuEH3rT
- Vgj/QkuVmB/yCje9cNnYZtMkA3L4iNDcLGAqyLzPtuZwleqP24Minu7tzZgipr3S
- XAEMuzk/qLMCSCs6sSjP/vKK50y77x873GAfM75cZpSSkXXZPcTFgvmno2YbFDzh
- 0/gxocKFefLkXhm4pbrnntAJnnLlnTh7W/tETA22VxbuxUxv2371n6qSwatw
- =twII
- -----END PGP MESSAGE-----
- fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- - created_at: "2025-10-13T20:10:57Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA46L6MuPqfJqAQ/+IURRSEmFhMSIu8rWrVCjkLH5C62eU+B+p0ve3QMJ8/RV
- 3e85LT7q+VW+qr1EOUL+WSL6//jlhc0s6Un/yKOgxLbMmZayXbUS70+HjZq1pIFL
- uxmVoBYw8vT8dPE4/u6quMTZQZpn2sncrhHaEek/ED+nAE37V6EHI3ubwiQPv0dB
- hPFxm2h7qOJ0/QAyZh3M/kGZYRoZDvBWnMnV0cYKZkj4hWQyq27PjqG8grN7Nbc5
- H8tsF3XoWw0wymKKMKTI2g7/MLI5V3yRKHZNR6kiKc0srSLBSuoGoyElUeFW+MG8
- H1l5Rj7LEmTHXYLGj/zA65Fpw4tWwxM567YkQirdEnh2z/uxdX03aJLkU8qHYiGp
- ekMxaR9/dqIt5TO1oT0zclue6IMd0jrZGJ70dovpUglfIk9/OHxTDJD1Qzf/qCoW
- VefKWhBWhcWzlEHwfwiygilvaCgOVyYwFNeSoF+Y1teVl/qXx48VG3V2y6Z1VOfL
- fncuHkbetyQ2BY2QWSJZNIG4mI+oZbp+YWWXJ4z31l3ng9ujt3eUqZB3KSy3hx+O
- a/3l+4lKzNTYFvSNmVdubr37x5ygy+2nfk3g2ww0UOOwS6yiJqU2ZqA3OuTYwYu+
- iHApavjPMg9WBE4Td8BYFxi4VyaZ91GrrnL7I1ytZIhUpMGPh8m5PYdVtUug17XS
- XAEZ/KriGSAbovs+3DtH22113/oJhqpp25MJl+tTu2HbL00nu10DoLbZXTQixLo8
- XrSN3EwXcJGpn5mgo7qYwVPL151VPdOoFp1g/pfmL5WeLY+avJb4WumMA80v
- =0DR6
- -----END PGP MESSAGE-----
- fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- - created_at: "2025-10-13T20:10:57Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DQrf1tCqiJxoSAQdA73jpbxIMcc3GEvix/5TNwqMO2CiLgN4BLuaxU8sFPSIw
- /ssO0s5uEpT2V0U5whKQf+CXZRvLZKXJsjcQRXYDi47yAopdg4LNcgv6rPftp/mD
- 0lwB9j89HaTDQ0wIPOiAqG9Pv8CHsKxC1XYvNz2hzIxhreoMh5W2Sr3f/5OHQWGl
- 2Mi+CmcoIihoV6rp/RgePZIf+7i/zeYqGbdP36rTJr+X7y+beWxNKot6xCfHOg==
- =et3H
- -----END PGP MESSAGE-----
- fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- - created_at: "2025-10-13T20:10:57Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4DzAGzViGx4qcSAQdAcwtuk+qh7Bo86gmUU1P96RHBt3TgdhVfZV4aPUO1TGsw
- oIZS+b/Tjynr+npZ392TFoS/JrT/j9A/FK4w8eZ+ICdVwplxGlhfTPlooSdywa6M
- 0lYBY+QLBsmuRD5bb+p4zH/uX4qTO5MYNpGUvZBnLP3CHYMW8WBwFbBeqFJb3sKA
- DOqjQhA0L8G1sI/tGrmyvziNifP8LkpxaBNUKnPScbMjE5F/7KX2Dw==
- =8lLB
- -----END PGP MESSAGE-----
- fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- - created_at: "2025-10-13T20:10:57Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hQIMA2pVdGTIrZI+AQ//QJytSLyuRPBrBrtirYU2ZTPR22S6FgqI8JUhP6dCdkUA
- 8PrZzI2UNJ7mhvXXEq8/nMI2UkZHkr7IwBQuHj0CIqxkxTv3hOK9djGdpD3wtHX6
- 3C7jAEy4LKVUxeDIPv+CFREKNPtxxqbbqtRZHXrxh5+O7+iMS+tQyUb49883DSXc
- spxOq25E3X37gAepqKQHSH0A1txpZtMcd87fE3hMJuKblMU/5hW/IiihqDbUyhEz
- tYZpSMxUu4QgR5fhf7pIq12yLMM9F3Z4WMtFtU3uh27q//dpLiPfrgBJldTU5e34
- FprGNNyKaLgO2XpQl89x4UXdQ7vTtuH6fMbKJV0TzHdwQXEZyL+XJ4OKG784011e
- w0xzuexHpMKrgFekbZ+WwK7otC9QZ5WvPSE6kpIYbh1a6SPESNAEG9BsDNAAYdrd
- FWAj7YeO0PtAZkO05oQfq7k0PlAc9kaeJ89K0MtB94QGBdrRcowERJG1cDiND7HY
- tlAEHZhizSw45cunI8ICDwNfiO0CPeShVcKh4qzbfKvOaDYZj9bzBCMPF+XgI6w8
- THk3ZwvEIaf7gIEQFUnc3C1JGHwYDBrcCl/cUJ18DxvxjyjWDDR2iXT/86A7foVt
- hwmpxuQOSTKujGJtTyIu8n+/lbVbpDo2OLJ28h2TGcXnxD83OigH4cHtpL+7WfbS
- XAHuYliyndjEFBvrpEEBkPyIYo8dH3ip6205hAN/wp7cQ7MNjqppGEYN9nrwHxtH
- o+leEHXmIDdmvbC5iDbplKISDr0EHtCfxFt1N0IpYQhlwygAv7JWEUpBLGNV
- =/LEP
- -----END PGP MESSAGE-----
- fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
- unencrypted_suffix: _unencrypted
- version: 3.10.2
diff --git a/inventories/z9/host_vars/yate.yaml b/inventories/z9/host_vars/yate.yaml
deleted file mode 100644
index d2dc518..0000000
--- a/inventories/z9/host_vars/yate.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/compose.yaml.j2') }}"
-docker_compose__configuration_files:
- - name: accfile.conf
- content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/accfile.conf.j2') }}"
- - name: regexroute.conf
- content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/regexroute.conf.j2') }}"
- - name: regfile.conf
- content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/regfile.conf.j2') }}"
-docker_compose__restart_cmd: "exec yate sh -c 'kill -1 1'"
diff --git a/inventories/z9/hosts.yaml b/inventories/z9/hosts.yaml
index 9d5bb09..0dde922 100644
--- a/inventories/z9/hosts.yaml
+++ b/inventories/z9/hosts.yaml
@@ -1,53 +1,21 @@
all:
hosts:
- authoritative-dns:
- ansible_host: authoritative-dns.z9.ccchh.net
- ansible_user: chaos
- dooris:
- ansible_host: 10.31.208.201
- ansible_user: chaos
light:
ansible_host: light.z9.ccchh.net
ansible_user: chaos
- thinkcccore0:
- ansible_host: thinkcccore0.z9.ccchh.net
- waybackproxy:
- ansible_host: waybackproxy.ccchh.net
- ansible_user: chaos
- yate:
- ansible_host: yate.ccchh.net
- ansible_user: chaos
-certbot_hosts:
- hosts:
- dooris:
-docker_compose_hosts:
- hosts:
- dooris:
- waybackproxy:
- yate:
-foobazdmx_hosts:
- hosts:
- light:
-hypervisors:
- hosts:
- thinkcccore0:
-infrastructure_authorized_keys_hosts:
- hosts:
- dooris:
- light:
authoritative-dns:
- waybackproxy:
- yate:
+ ansible_host: authoritative-dns.z9.ccchh.net
+ ansible_user: chaos
nginx_hosts:
hosts:
- dooris:
light:
- waybackproxy:
ola_hosts:
hosts:
light:
-proxmox_vm_template_hosts:
+foobazdmx_hosts:
hosts:
- thinkcccore0:
-ansible_pull_hosts:
+ light:
+infrastructure_authorized_keys_hosts:
hosts:
+ light:
+ authoritative-dns:
diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml
index dc3a22d..d971cf4 100644
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@@ -4,6 +4,16 @@
roles:
- base_config
+- name: Ensure systemd-networkd config deployment on systemd_networkd_hosts
+ hosts: systemd_networkd_hosts
+ roles:
+ - systemd_networkd
+
+- name: Ensure nftables deployment on nftables_hosts
+ hosts: nftables_hosts
+ roles:
+ - nftables
+
- name: Ensure deployment of infrastructure authorized keys
hosts: infrastructure_authorized_keys_hosts
roles:
@@ -70,23 +80,5 @@
- "o=Docker,n=${distro_codename}"
- "o=nginx,n=${distro_codename}"
-- name: Ensure Alloy is installed and Setup on alloy_hosts
- hosts: alloy_hosts
- become: true
- tasks:
- - name: Setup Alloy
- ansible.builtin.include_role:
- name: grafana.grafana.alloy
-
-- name: Ensure ansible_pull deployment on ansible_pull_hosts
- hosts: ansible_pull_hosts
- roles:
- - ansible_pull
-
-- name: Ensure msmtp is setup on msmtp_hosts
- hosts: msmtp_hosts
- roles:
- - msmtp
-
- name: Run ensure_eh22_styleguide_dir Playbook
ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml
diff --git a/playbooks/deploy_hypervisor.yaml b/playbooks/deploy_hypervisor.yaml
deleted file mode 100644
index 4d3200f..0000000
--- a/playbooks/deploy_hypervisor.yaml
+++ /dev/null
@@ -1,61 +0,0 @@
-- name: Ensure the VM template generation is set up
- hosts: proxmox_vm_template_hosts
- tasks:
- - name: Ensure dependencies are present
- ansible.builtin.apt:
- name:
- - git
- - libguestfs-tools
- become: true
-
- - name: Ensure /usr/local/{lib,sbin} exist
- ansible.builtin.file:
- path: "{{ item }}"
- state: directory
- owner: root
- group: root
- mode: "0755"
- become: true
- loop:
- - "/usr/local/lib/"
- - "/usr/local/sbin/"
-
- - name: Ensure the pve-template-vm repo is present
- ansible.builtin.git:
- repo: https://git.hamburg.ccc.de/CCCHH/pve-template-vm.git
- dest: /usr/local/lib/pve-template-vm
- version: main
- force: true
- depth: 1
- single_branch: true
- track_submodules: true
- become: true
-
- # /usr/local/sbin as the script uses qm, which is also found in /usr/sbin.
- - name: Ensure symlink to build-proxmox-template exists in /usr/local/sbin
- ansible.builtin.file:
- src: /usr/local/lib/pve-template-vm/build-proxmox-template
- dest: /usr/local/sbin/build-proxmox-template
- state: link
- owner: root
- group: root
- mode: '0755'
- become: true
-
- # This sets up a cron job running /usr/local/sbin/build-proxmox-template using the env vars defined in hypervisor__template_vm_config.
- - name: Ensure cron job is present for building a fresh VM template every week on Friday 04:00
- ansible.builtin.cron:
- name: "ansible build proxmox template"
- cron_file: ansible_build_proxmox_template
- minute: 0
- hour: 4
- weekday: 5
- user: root
- job: "{% if hypervisor__template_vm_config is defined and hypervisor__template_vm_config | length > 0 %}\
- /usr/bin/env \
- {% for item in hypervisor__template_vm_config | default([]) %}\
- {{ item.name }}=\"{{ item.value }}\" \
- {% endfor %}\
- {% endif %}\
- /usr/local/sbin/build-proxmox-template"
- become: true
diff --git a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
index c2108d8..e4ab5b6 100644
--- a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
@@ -6,8 +6,8 @@ services:
image: docker.io/library/mariadb:11
environment:
- "MARIADB_DATABASE=wordpress"
- - "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}"
- - "MARIADB_PASSWORD={{ secret__wordpress_db_password }}"
+ - "MARIADB_ROOT_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_ROOT_PASSWORD", create=false, missing="error") }}"
+ - "MARIADB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}"
- "MARIADB_USER=wordpress"
- "MARIADB_AUTO_UPGRADE=yes"
volumes:
@@ -23,7 +23,7 @@ services:
- "WORDPRESS_DB_NAME=wordpress"
- "WORDPRESS_DB_USER=wordpress"
- "WORDPRESS_TABLE_PREFIX=wp_"
- - "WORDPRESS_DB_PASSWORD={{ secret__wordpress_db_password }}"
+ - "WORDPRESS_DB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}"
volumes:
- wordpress:/var/www/html/wp-content
ports:
diff --git a/resources/chaosknoten/cloud/nextcloud/config.php.j2 b/resources/chaosknoten/cloud/nextcloud/config.php.j2
new file mode 100644
index 0000000..718bcb8
--- /dev/null
+++ b/resources/chaosknoten/cloud/nextcloud/config.php.j2
@@ -0,0 +1,98 @@
+ '\\OC\\Memcache\\APCu',
+ 'apps_paths' =>
+ array (
+ 0 =>
+ array (
+ 'path' => '/var/www/html/apps',
+ 'url' => '/apps',
+ 'writable' => false,
+ ),
+ 1 =>
+ array (
+ 'path' => '/var/www/html/custom_apps',
+ 'url' => '/custom_apps',
+ 'writable' => true,
+ ),
+ ),
+ 'instanceid' => 'oc9uqhr7buka',
+ 'passwordsalt' => 'SK2vmQeTEHrkkwx9K+hC1WX33lPJDs',
+ 'secret' => '3dBt5THD2ehg0yWdVDAvMmsY8yLtrfk/gE560lkMqYqgh6lu',
+ 'trusted_domains' =>
+ array (
+ 0 => 'cloud.hamburg.ccc.de',
+ ),
+ 'datadirectory' => '/var/www/html/data',
+ 'dbtype' => 'mysql',
+ 'version' => '25.0.9.2',
+ 'overwrite.cli.url' => 'https://cloud.hamburg.ccc.de',
+ 'dbname' => 'nextcloud',
+ 'dbhost' => 'database',
+ 'dbport' => '',
+ 'dbtableprefix' => 'oc_',
+ 'mysql.utf8mb4' => true,
+ 'dbuser' => 'nextcloud',
+ 'dbpassword' => 'TdBLMQQeKbz1zab3sySUsGxo3',
+ 'installed' => true,
+ // Some Nextcloud options that might make sense here
+ 'allow_user_to_change_display_name' => false,
+ 'lost_password_link' => 'disabled',
+ // URL of provider. All other URLs are auto-discovered from .well-known
+ 'oidc_login_provider_url' => 'https://id.ccchh.net/realms/ccchh',
+ // Client ID and secret registered with the provider
+ 'oidc_login_client_id' => 'cloud',
+ 'oidc_login_client_secret' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/kc-client-secret", create=false, missing="error") }}',
+ // Automatically redirect the login page to the provider
+ 'oidc_login_auto_redirect' => true,
+ // Redirect to this page after logging out the user
+ //'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
+ // If set to true the user will be redirected to the
+ // logout endpoint of the OIDC provider after logout
+ // in Nextcloud. After successfull logout the OIDC
+ // provider will redirect back to 'oidc_login_logout_url' (MUST be set).
+ 'oidc_login_end_session_redirect' => true,
+ // Quota to assign if no quota is specified in the OIDC response (bytes)
+ //
+ // NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to
+ // zero or -1 or ''.
+ 'oidc_login_default_quota' => '1000000000',
+ // Login button text
+ 'oidc_login_button_text' => 'Log in via id.ccchh.net',
+ // Hide the NextCloud password change form.
+ 'oidc_login_hide_password_form' => false,
+ // Use ID Token instead of UserInfo
+ 'oidc_login_use_id_token' => false,
+ 'oidc_login_attributes' => array (
+ 'id' => 'preferred_username',
+ 'name' => 'name',
+ 'mail' => 'email',
+ 'quota' => 'ownCloudQuota',
+ 'home' => 'homeDirectory',
+ 'ldap_uid' => 'uid',
+ 'groups' => 'ownCloudGroups',
+ 'login_filter' => 'realm_access_roles',
+ 'photoURL' => 'picture',
+ 'is_admin' => 'ownCloudAdmin',
+ ),
+ // Default group to add users to (optional, defaults to nothing)
+ //'oidc_login_default_group' => 'oidc',
+ 'oidc_login_filter_allowed_values' => null,
+ // Set OpenID Connect scope
+ 'oidc_login_scope' => 'openid profile',
+ // The `id` attribute in `oidc_login_attributes` must return the
+ // "Internal Username" (see expert settings in LDAP integration)
+ 'oidc_login_proxy_ldap' => false,
+ // Fallback to direct login if login from OIDC fails
+ // Note that no error message will be displayed if enabled
+ 'oidc_login_disable_registration' => false,
+ //'oidc_login_redir_fallback' => false,
+ // If you get your groups from the oidc_login_attributes, you might want
+ // to create them if they are not already existing, Default is `false`.
+ 'oidc_create_groups' => true,
+ // Enable use of WebDAV via OIDC bearer token.
+ 'oidc_login_webdav_enabled' => true,
+ // Enable authentication with user/password for DAV clients that do not
+ // support token authentication (e.g. DAVx⁵)
+ 'oidc_login_password_authentication' => false,
+);
\ No newline at end of file
diff --git a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
index 8832381..7e6ad56 100644
--- a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
+++ b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
@@ -11,7 +11,7 @@ $CONFIG = array (
'mail_smtpname' => 'no-reply@cloud.hamburg.ccc.de',
'mail_from_address' => 'no-reply',
'mail_domain' => 'cloud.hamburg.ccc.de',
- 'mail_smtppassword' => '{{ secret__nextcloud_smtp_password }}',
+ 'mail_smtppassword' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/smtp_password", create=false, missing="error") }}',
'mail_smtpdebug' => true,
'maintenance_window_start' => 1,
);
diff --git a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 b/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2
new file mode 100644
index 0000000..56995ca
--- /dev/null
+++ b/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2
@@ -0,0 +1,60 @@
+ALLOWED_HOSTS = [ "netbox.eh22.easterhegg.eu" ]
+DATABASE = {
+ "HOST": "localhost",
+ "NAME": "netbox",
+ "USER": "netbox",
+ "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}",
+}
+REDIS = {
+ "tasks": {
+ "HOST": "localhost",
+ "PORT": 6379,
+ "USERNAME": "",
+ "PASSWORD": "",
+ "DATABASE": 0,
+ "SSL": False,
+ },
+ "caching": {
+ "HOST": "localhost",
+ "PORT": 6379,
+ "USERNAME": "",
+ "PASSWORD": "",
+ "DATABASE": 1,
+ "SSL": False,
+ },
+}
+SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SECRET_KEY', create=false, missing='error') }}"
+SESSION_COOKIE_SECURE = True
+
+# CCCHH ID (Keycloak) integration.
+# https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7
+# https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html
+REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2"
+SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = (
+ "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
+)
+SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = (
+ "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
+)
+SOCIAL_AUTH_KEYCLOAK_KEY = "eh22-netbox"
+SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB"
+SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}"
+# Use custom OIDC group and role mapping pipeline functions added in via
+# netbox__custom_pipeline_oidc_group_and_role_mapping.
+# The default pipeline this is based on can be found here:
+# https://github.com/netbox-community/netbox/blob/main/netbox/netbox/settings.py
+SOCIAL_AUTH_PIPELINE = [
+ "social_core.pipeline.social_auth.social_details",
+ "social_core.pipeline.social_auth.social_uid",
+ "social_core.pipeline.social_auth.social_user",
+ "social_core.pipeline.user.get_username",
+ "social_core.pipeline.user.create_user",
+ "social_core.pipeline.social_auth.associate_user",
+ "netbox.authentication.user_default_groups_handler",
+ "social_core.pipeline.social_auth.load_extra_data",
+ "social_core.pipeline.user.user_details",
+ # Custom OIDC group and role mapping functions.
+ "netbox.custom_pipeline_oidc_mapping.add_groups",
+ "netbox.custom_pipeline_oidc_mapping.remove_groups",
+ "netbox.custom_pipeline_oidc_mapping.set_roles",
+]
diff --git a/resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf b/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf
similarity index 60%
rename from resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf
rename to resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf
index e7d404d..6c9d458 100644
--- a/resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf
@@ -2,8 +2,7 @@
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
# Listen on a custom port for the proxy protocol.
- listen 8443 ssl proxy_protocol;
- http2 on;
+ listen 8443 ssl http2 proxy_protocol;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
@@ -13,12 +12,12 @@ server {
# header.
real_ip_header proxy_protocol;
- server_name ntfy.hamburg.ccc.de;
+ server_name netbox.eh22.easterhegg.eu;
- ssl_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/ntfy.hamburg.ccc.de/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
- ssl_trusted_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/chain.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
@@ -30,18 +29,20 @@ server {
proxy_set_header X-Forwarded-Port 443;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
+ # Hide the X-Forwarded header.
+ proxy_hide_header X-Forwarded;
+ # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
+ # is transparent).
+ # Also provide "_hidden" for by, since it's not relevant.
+ proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
+
+ client_max_body_size 25m;
+
+ location /static/ {
+ alias /opt/netbox/netbox/static/;
+ }
location / {
- proxy_pass http://127.0.0.1:2586;
- proxy_http_version 1.1;
-
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
-
- proxy_connect_timeout 3m;
- proxy_send_timeout 3m;
- proxy_read_timeout 3m;
-
- client_max_body_size 0; # Stream request body to backend
+ proxy_pass http://127.0.0.1:8001;
}
}
diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
index 51aeb63..83aeaad 100644
--- a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
+++ b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
@@ -3,84 +3,38 @@
# - https://github.com/prometheus/alertmanager/blob/48a99764a1fc9279fc828de83e7a03ae2219abc7/doc/examples/simple.yml
route:
- receiver: 'ccchh-infrastructure-alerts'
- group_by: [ "alertname", "site", "type", "hypervisor" ]
+ group_by: ["alertname", "site", "type", "hypervisor"]
+
group_wait: 30s
group_interval: 5m
- repeat_interval: 6h
- routes:
- - receiver: "null"
- matchers:
- - sendAlert = "false"
- - receiver: ntfy-ccchh-critical
- matchers:
- - org = "ccchh"
- - severity = "critical",
- repeat_interval: 18h
- continue: true
- - receiver: ntfy-ccchh
- matchers:
- - org = "ccchh"
- - severity =~ "info|warning",
- repeat_interval: 36h
- continue: true
- - receiver: ntfy-fux-critical
- matchers:
- - org = "fux"
- - severity = "critical",
- repeat_interval: 18h
- continue: true
- - receiver: email-fux-critical
- matchers:
- - org = "fux"
- - severity = "critical",
- repeat_interval: 36h
- continue: true
- - receiver: ntfy-fux
- matchers:
- - org = "fux"
- - severity =~ "info|warning",
- repeat_interval: 36h
- continue: true
- - receiver: ccchh-infrastructure-alerts
- matchers:
- - org = "ccchh"
- - severity =~ "info|warning|critical"
+ repeat_interval: 3h
+
+ receiver: ccchh-infrastructure-alerts
+
+
+{# Disable these for now, but might be interesting in the future.
+# Inhibition rules allow to mute a set of alerts given that another alert is
+# firing.
+# We use this to mute any warning-level notifications if the same alert is
+# already critical.
+inhibit_rules:
+ - source_matchers: [severity="critical"]
+ target_matchers: [severity="warning"]
+ # Apply inhibition if the alertname is the same.
+ # CAUTION:
+ # If all label names listed in `equal` are missing
+ # from both the source and target alerts,
+ # the inhibition rule will apply!
+ equal: [alertname, cluster, service] #}
templates:
- "/etc/alertmanager/templates/*.tmpl"
receivers:
- - name: "null"
- name: "ccchh-infrastructure-alerts"
telegram_configs:
- send_resolved: true
- bot_token: {{ secret__alertmanager_telegram_bot_token }}
+ bot_token: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/alertmanager_telegram_bot_token", create=false, missing="error") }}
chat_id: -1002434372415
parse_mode: HTML
message: {{ "'{{ template \"alert-message.telegram.ccchh\" . }}'" }}
-
- - name: "ntfy-ccchh-critical"
- webhook_configs:
- - url: "http://ntfy-alertmanager-ccchh-critical:8000"
-
- - name: "ntfy-fux-critical"
- webhook_configs:
- - url: "http://ntfy-alertmanager-fux-critical:8001"
-
- - name: "ntfy-ccchh"
- webhook_configs:
- - url: "http://ntfy-alertmanager-ccchh:8010"
-
- - name: "ntfy-fux"
- webhook_configs:
- - url: "http://ntfy-alertmanager-fux:8011"
-
- - name: "email-fux-critical"
- email_configs:
- - send_resolved: true
- to: "stb@lassitu.de,fux@zimdahl.org"
- from: "alert-manager@hamburg.ccc.de"
- smarthost: "cow.hamburg.ccc.de:587"
- auth_username: "alert-manager@hamburg.ccc.de"
- auth_password: {{ secret__alert_manager_email_password }}
diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl b/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
index 3e97e6e..5318fb0 100644
--- a/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
+++ b/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
@@ -20,25 +20,16 @@ Links & Resources
{{ define "alert-message.telegram.ccchh" }}
- {{- if .Alerts.Firing }}
- 🔥{{ len .Alerts.Firing }} Alert(/s) Firing 🔥
- {{- if le (len .Alerts.Firing) 5 }}
- {{- range .Alerts.Firing }}
- {{ template "alert-item.telegram.ccchh.internal" . }}
- {{- end }}
- {{- else }}
- There are too many alerts firing at once
- {{- end }}
- {{- end }}
-
- {{- if .Alerts.Resolved }}
- ✅{{ len .Alerts.Resolved }} Alert(/s) Resolved ✅
- {{- if le (len .Alerts.Resolved) 5 }}
- {{- range .Alerts.Resolved }}
- {{ template "alert-item.telegram.ccchh.internal" . }}
- {{- end }}
- {{- else }}
- There are too many resolved alerts to list
- {{- end }}
- {{- end }}
+{{- if .Alerts.Firing }}
+🔥{{ len .Alerts.Firing }} Alert(/s) Firing 🔥
+{{ range .Alerts.Firing -}}
+{{ template "alert-item.telegram.ccchh.internal" . }}
+{{- end }}
+{{- end }}
+{{- if .Alerts.Resolved }}
+✅{{ len .Alerts.Resolved }} Alert(/s) Resolved ✅
+{{ range .Alerts.Resolved -}}
+{{ template "alert-item.telegram.ccchh.internal" . }}
+{{- end }}
+{{- end }}
{{- end }}
diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
index 1683b79..3e994dc 100644
--- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
@@ -6,17 +6,14 @@ services:
container_name: prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- - '--web.enable-remote-write-receiver'
- - '--enable-feature=promql-experimental-functions'
ports:
- 9090:9090
restart: unless-stopped
volumes:
- ./configs/prometheus.yml:/etc/prometheus/prometheus.yml
- ./configs/prometheus_alerts.rules.yaml:/etc/prometheus/rules/alerts.rules.yaml
- - ./configs/prometheus_alerts-fux.rules.yaml:/etc/prometheus/rules/alerts-fux.rules.yaml
- prom_data:/prometheus
-
+
alertmanager:
image: prom/alertmanager
container_name: alertmanager
@@ -38,7 +35,7 @@ services:
restart: unless-stopped
environment:
- GF_SECURITY_ADMIN_USER=admin
- - "GF_SECURITY_ADMIN_PASSWORD={{ secret__grafana_gf_security_admin_password }}"
+ - "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/GF_SECURITY_ADMIN_PASSWORD", create=false, missing="error") }}"
volumes:
- ./configs/grafana.ini:/etc/grafana/grafana.ini
- ./configs/grafana-datasource.yml:/etc/grafana/provisioning/datasources/datasource.yml
@@ -52,61 +49,13 @@ services:
restart: unless-stopped
environment:
- PVE_USER=grafana@pve
- - "PVE_PASSWORD={{ secret__prometheus_pve_exporter_pve_password }}"
+ - "PVE_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/prometheus-exporter", create=false, missing="error") }}"
- PVE_VERIFY_SSL=false
volumes:
- /dev/null:/etc/prometheus/pve.yml
- loki:
- image: grafana/loki:3
- container_name: loki
- ports:
- - 13100:3100
- - 19099:9099
- restart: unless-stopped
- volumes:
- - ./configs/loki.yaml:/etc/loki/local-config.yaml
- - loki_data:/var/loki
-
- ntfy-alertmanager-ccchh-critical:
- image: xenrox/ntfy-alertmanager:latest
- container_name: ntfy-alertmanager-ccchh-critical
- volumes:
- - ./configs/ntfy-alertmanager-ccchh-critical:/etc/ntfy-alertmanager/config
- ports:
- - 8000:8000
- restart: unless-stopped
-
- ntfy-alertmanager-fux-critical:
- image: xenrox/ntfy-alertmanager:latest
- container_name: ntfy-alertmanager-fux-critical
- volumes:
- - ./configs/ntfy-alertmanager-fux-critical:/etc/ntfy-alertmanager/config
- ports:
- - 8001:8001
- restart: unless-stopped
-
- ntfy-alertmanager-ccchh:
- image: xenrox/ntfy-alertmanager:latest
- container_name: ntfy-alertmanager-ccchh
- volumes:
- - ./configs/ntfy-alertmanager-ccchh:/etc/ntfy-alertmanager/config
- ports:
- - 8010:8010
- restart: unless-stopped
-
- ntfy-alertmanager-fux:
- image: xenrox/ntfy-alertmanager:latest
- container_name: ntfy-alertmanager-fux
- volumes:
- - ./configs/ntfy-alertmanager-fux:/etc/ntfy-alertmanager/config
- ports:
- - 8011:8011
- restart: unless-stopped
volumes:
graf_data: {}
prom_data: {}
alertmanager_data: {}
- loki_data: {}
- mimir_data: {}
diff --git a/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml b/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
index 3cb6995..44999d4 100644
--- a/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
+++ b/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
@@ -7,14 +7,3 @@ datasources:
isDefault: true
access: proxy
editable: true
- - name: Loki
- type: loki
- url: http://loki:3100
- access: proxy
- editable: true
- jsonData:
- timeout: 60
- maxLines: 3000
- httpHeaderName1: "X-Scope-OrgID"
- secureJsonData:
- httpHeaderValue1: "chaos"
diff --git a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2 b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
index af5b848..65f7bed 100644
--- a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
+++ b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
@@ -11,7 +11,7 @@ auto_login = true
name = id.hamburg.ccc.de
allow_sign_up = true
client_id = grafana
-client_secret = {{ secret__grafana_keycloak_secret }}
+client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
scopes = openid email profile offline_access roles
email_attribute_path = email
login_attribute_path = username
diff --git a/resources/chaosknoten/grafana/docker_compose/loki.yaml b/resources/chaosknoten/grafana/docker_compose/loki.yaml
deleted file mode 100644
index daf214f..0000000
--- a/resources/chaosknoten/grafana/docker_compose/loki.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-auth_enabled: true
-
-server:
- http_listen_port: 3100
- grpc_listen_port: 9099
- log_level: warn
-
-limits_config:
- retention_period: 14d
-
-common:
- instance_addr: 127.0.0.1
- path_prefix: /var/loki
- storage:
- filesystem:
- chunks_directory: /var/loki/chunks
- rules_directory: /var/loki/rules
- replication_factor: 1
- ring:
- kvstore:
- store: inmemory
-
-storage_config:
- filesystem:
- directory: /var/loki/chunks
- index_queries_cache_config:
- embedded_cache:
- enabled: true
- max_size_mb: 80
- ttl: 30m
-
-schema_config:
- configs:
- - from: 2025-04-28
- store: tsdb
- object_store: filesystem
- schema: v13
- index:
- prefix: index_
- period: 24h
-
-chunk_store_config:
- chunk_cache_config:
- embedded_cache:
- enabled: true
- max_size_mb: 80
- ttl: 30m
- write_dedupe_cache_config:
- embedded_cache:
- enabled: true
- max_size_mb: 80
- ttl: 30m
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2
deleted file mode 100644
index b4afc90..0000000
--- a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2
+++ /dev/null
@@ -1,48 +0,0 @@
-base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-ccchh-critical
-http-address :8000
-log-level info
-log-format text
-# When multiple alerts are grouped together by Alertmanager, they can either be sent
-# each on their own (single mode) or be kept together (multi mode)
-# Options: single, multi
-# Default: multi
-alert-mode single
-
-labels {
- order "severity"
-
- severity "critical" {
- priority 4
- tags "rotating_light"
- }
-
- severity "warning" {
- priority 3
- tags "warning"
- }
-
- severity "info" {
- priority 1
- }
-}
-
-resolved {
- tags "white_check_mark,resolved"
- priority 2
-}
-
-ntfy {
- server https://ntfy.hamburg.ccc.de
- topic ccchh-alertmanager-critical
- access-token {{ secret__ntfy_token }}
-}
-
-alertmanager {
- silence-duration 3h
-}
-
-cache {
- type memory
- duration 12h
- cleanup-interval 1h
-}
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2
deleted file mode 100644
index 66fd9ab..0000000
--- a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2
+++ /dev/null
@@ -1,48 +0,0 @@
-base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-ccchh
-http-address :8010
-log-level info
-log-format text
-# When multiple alerts are grouped together by Alertmanager, they can either be sent
-# each on their own (single mode) or be kept together (multi mode)
-# Options: single, multi
-# Default: multi
-alert-mode single
-
-labels {
- order "severity"
-
- severity "critical" {
- priority 4
- tags "rotating_light"
- }
-
- severity "warning" {
- priority 3
- tags "warning"
- }
-
- severity "info" {
- priority 1
- }
-}
-
-resolved {
- tags "white_check_mark,resolved"
- priority 2
-}
-
-ntfy {
- server https://ntfy.hamburg.ccc.de
- topic ccchh-alertmanager
- access-token {{ secret__ntfy_token }}
-}
-
-alertmanager {
- silence-duration 3h
-}
-
-cache {
- type memory
- duration 12h
- cleanup-interval 1h
-}
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2
deleted file mode 100644
index afb6cc8..0000000
--- a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2
+++ /dev/null
@@ -1,48 +0,0 @@
-base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-fux-critical
-http-address :8001
-log-level info
-log-format text
-# When multiple alerts are grouped together by Alertmanager, they can either be sent
-# each on their own (single mode) or be kept together (multi mode)
-# Options: single, multi
-# Default: multi
-alert-mode single
-
-labels {
- order "severity"
-
- severity "critical" {
- priority 4
- tags "rotating_light"
- }
-
- severity "warning" {
- priority 3
- tags "warning"
- }
-
- severity "info" {
- priority 1
- }
-}
-
-resolved {
- tags "white_check_mark,resolved"
- priority 2
-}
-
-ntfy {
- server https://ntfy.hamburg.ccc.de
- topic fux-alertmanager-critical
- access-token {{ secret__ntfy_token }}
-}
-
-alertmanager {
- silence-duration 3h
-}
-
-cache {
- type memory
- duration 12h
- cleanup-interval 1h
-}
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2
deleted file mode 100644
index 1e506a3..0000000
--- a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2
+++ /dev/null
@@ -1,48 +0,0 @@
-base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-fux
-http-address :8011
-log-level info
-log-format text
-# When multiple alerts are grouped together by Alertmanager, they can either be sent
-# each on their own (single mode) or be kept together (multi mode)
-# Options: single, multi
-# Default: multi
-alert-mode single
-
-labels {
- order "severity"
-
- severity "critical" {
- priority 4
- tags "rotating_light"
- }
-
- severity "warning" {
- priority 3
- tags "warning"
- }
-
- severity "info" {
- priority 1
- }
-}
-
-resolved {
- tags "white_check_mark,resolved"
- priority 2
-}
-
-ntfy {
- server https://ntfy.hamburg.ccc.de
- topic fux-alertmanager
- access-token {{ secret__ntfy_token }}
-}
-
-alertmanager {
- silence-duration 3h
-}
-
-cache {
- type memory
- duration 12h
- cleanup-interval 1h
-}
diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus.yml b/resources/chaosknoten/grafana/docker_compose/prometheus.yml
index fd59034..5f6232f 100644
--- a/resources/chaosknoten/grafana/docker_compose/prometheus.yml
+++ b/resources/chaosknoten/grafana/docker_compose/prometheus.yml
@@ -1,12 +1,12 @@
global:
- scrape_interval: 60s
- scrape_timeout: 15s
- evaluation_interval: 30s
+ scrape_interval: 15s
+ scrape_timeout: 10s
+ evaluation_interval: 15s
alerting:
alertmanagers:
- scheme: http
- timeout: 15s
+ timeout: 10s
static_configs:
- targets:
- "alertmanager:9093"
@@ -22,8 +22,6 @@ scrape_configs:
static_configs:
- targets:
- localhost:9090
- labels:
- org: ccchh
- job_name: alertmanager
honor_timestamps: true
metrics_path: /metrics
@@ -31,8 +29,6 @@ scrape_configs:
static_configs:
- targets:
- alertmanager:9093
- labels:
- org: ccchh
- job_name: mumble
honor_timestamps: true
scrape_interval: 5s
@@ -42,8 +38,6 @@ scrape_configs:
static_configs:
- targets:
- mumble.hamburg.ccc.de:443
- labels:
- org: ccchh
- job_name: opnsense-ccchh
honor_timestamps: true
metrics_path: /metrics
@@ -51,8 +45,6 @@ scrape_configs:
static_configs:
- targets:
- 185.161.129.132:9100
- labels:
- org: ccchh
- job_name: jitsi
honor_timestamps: true
scrape_interval: 5s
@@ -62,14 +54,10 @@ scrape_configs:
static_configs:
- targets:
- jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge
- labels:
- org: ccchh
- job_name: 'pve'
static_configs:
- targets:
- 212.12.48.126 # chaosknoten
- labels:
- org: ccchh
metrics_path: /pve
params:
module: [ default ]
@@ -86,7 +74,6 @@ scrape_configs:
static_configs:
# Wieske Chaosknoten VMs
- labels:
- org: ccchh
site: wieske
type: virtual_machine
hypervisor: chaosknoten
@@ -96,6 +83,7 @@ scrape_configs:
- public-web-static-intern.hamburg.ccc.de:9100
- git-intern.hamburg.ccc.de:9100
- forgejo-actions-runner-intern.hamburg.ccc.de:9100
+ - eh22-netbox-intern.hamburg.ccc.de:9100
- eh22-wiki-intern.hamburg.ccc.de:9100
- mjolnir-intern.hamburg.ccc.de:9100
- woodpecker-intern.hamburg.ccc.de:9100
@@ -111,13 +99,7 @@ scrape_configs:
- zammad-intern.hamburg.ccc.de:9100
- pretalx-intern.hamburg.ccc.de:9100
- labels:
- org: ccchh
site: wieske
type: physical_machine
targets:
- chaosknoten.hamburg.ccc.de:9100
-
-
-storage:
- tsdb:
- out_of_order_time_window: 90m
diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml
deleted file mode 100644
index b1836a3..0000000
--- a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-groups:
- - name: Fux-Generic
- rules:
- - alert: HostJobFlaky
- expr: group by(instance, job) (changes(up{org="fux"}[24h]) > 7)
- for: 0m
- labels:
- severity: info
- org: fux
- annotations:
- summary: Job {{ $labels.job }} flaky on (instance {{ $labels.instance }})
- description: "The job {{ $labels.job }} on target: {{ $labels.instance }} has been flaky over the last 24 hours."
- - name: Fux-SNMP
- rules:
- - alert: SnmpTargetMissing
- expr: up{job=~".*snmp.*", org="fux"} == 0
- for: 15m
- labels:
- severity: critical
- org: fux
- annotations:
- summary: SNMP target missing (instance {{ $labels.instance }})
- description: "SNMP target: {{ $labels.instance }} has disappeared for more the 15 min."
- - name: Fux-DHCP
- rules:
- - alert: DhcpFuxSharedFailed
- expr: script_success{script="check_dhcp_fux_shared"} == 0
- for: 2m
- labels:
- severity: critical
- annotations:
- summary: DHCP for Fux Shared stoped working
- description: "No DHCP lease for the Fux Shared range was received \n V"
- - alert: DhcpFuxAdminFailed
- expr: script_success{script_success="check_dhcp_fux_admin"} == 0
- for: 2m
- labels:
- severity: critical
- annotations:
- summary: DHCP for Fux Admin stoped working
- description: "No DHCP lease for the Fux Admin range was received"
diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
index 4a2bc6f..5ec53b8 100644
--- a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
+++ b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
@@ -196,9 +196,9 @@ groups:
# Same rule using "node_filesystem_free_bytes" will fire when disk fills for non-root users.
- alert: HostDiskWillFillIn24Hours
expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) predict_linear(node_filesystem_avail_bytes{fstype!~"tmpfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
- for: 5m
+ for: 2m
labels:
- severity: critical
+ severity: warning
annotations:
summary: Host disk will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of space within the next 24 hours at current write rate\n VALUE = {{ $value }}"
@@ -212,9 +212,9 @@ groups:
description: "Disk is almost running out of available inodes (< 10% left)\n VALUE = {{ $value }}"
- alert: HostInodesWillFillIn24Hours
expr: (node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
- for: 5m
+ for: 2m
labels:
- severity: critical
+ severity: warning
annotations:
summary: Host inodes will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of inodes within the next 24 hours at current write rate\n VALUE = {{ $value }}"
@@ -362,7 +362,7 @@ groups:
expr: (node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
for: 0m
labels:
- severity: critical
+ severity: warning
annotations:
summary: Host systemd service crashed (instance {{ $labels.instance }})
description: "systemd service crashed\n VALUE = {{ $value }}"
@@ -410,7 +410,7 @@ groups:
summary: Prometheus job missing (instance {{ $labels.instance }})
description: "A Prometheus job has disappeared\n VALUE = {{ $value }}"
- alert: PrometheusTargetMissing
- expr: up{job!~"snmp|noc_room_temp"} == 0
+ expr: up == 0
for: 0m
labels:
severity: critical
@@ -418,7 +418,7 @@ groups:
summary: Prometheus target missing (instance {{ $labels.instance }})
description: "A Prometheus target has disappeared. An exporter might be crashed.\n VALUE = {{ $value }}"
- alert: PrometheusAllTargetsMissing
- expr: sum by (job) (up{job!~"snmp|noc_room_temp"}) == 0
+ expr: sum by (job) (up) == 0
for: 0m
labels:
severity: critical
@@ -438,7 +438,6 @@ groups:
for: 0m
labels:
severity: warning
- org: ccchh
annotations:
summary: Prometheus too many restarts (instance {{ $labels.instance }})
description: "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping.\n VALUE = {{ $value }}"
@@ -447,7 +446,6 @@ groups:
for: 0m
labels:
severity: warning
- org: ccchh
annotations:
summary: Prometheus AlertManager job missing (instance {{ $labels.instance }})
description: "A Prometheus AlertManager job has disappeared\n VALUE = {{ $value }}"
@@ -456,7 +454,6 @@ groups:
for: 0m
labels:
severity: warning
- org: ccchh
annotations:
summary: Prometheus AlertManager configuration reload failure (instance {{ $labels.instance }})
description: "AlertManager configuration reload error\n VALUE = {{ $value }}"
@@ -465,7 +462,6 @@ groups:
for: 0m
labels:
severity: warning
- org: ccchh
annotations:
summary: Prometheus AlertManager config not synced (instance {{ $labels.instance }})
description: "Configurations of AlertManager cluster instances are out of sync\n VALUE = {{ $value }}"
@@ -483,7 +479,6 @@ groups:
for: 0m
labels:
severity: critical
- org: ccchh
annotations:
summary: Prometheus not connected to alertmanager (instance {{ $labels.instance }})
description: "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}"
@@ -492,7 +487,6 @@ groups:
for: 0m
labels:
severity: critical
- org: ccchh
annotations:
summary: Prometheus rule evaluation failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}"
@@ -501,7 +495,6 @@ groups:
for: 0m
labels:
severity: critical
- org: ccchh
annotations:
summary: Prometheus template text expansion failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}"
@@ -510,7 +503,6 @@ groups:
for: 5m
labels:
severity: warning
- org: ccchh
annotations:
summary: Prometheus rule evaluation slow (instance {{ $labels.instance }})
description: "Prometheus rule evaluation took more time than the scheduled interval. It indicates a slower storage backend access or too complex query.\n VALUE = {{ $value }}"
@@ -527,7 +519,6 @@ groups:
for: 0m
labels:
severity: critical
- org: ccchh
annotations:
summary: Prometheus AlertManager notification failing (instance {{ $labels.instance }})
description: "Alertmanager is failing sending notifications\n VALUE = {{ $value }}"
@@ -536,7 +527,6 @@ groups:
for: 0m
labels:
severity: critical
- org: ccchh
annotations:
summary: Prometheus target empty (instance {{ $labels.instance }})
description: "Prometheus has no target in service discovery\n VALUE = {{ $value }}"
@@ -545,7 +535,6 @@ groups:
for: 5m
labels:
severity: warning
- org: ccchh
annotations:
summary: Prometheus target scraping slow (instance {{ $labels.instance }})
description: "Prometheus is scraping exporters slowly since it exceeded the requested interval time. Your Prometheus server is under-provisioned.\n VALUE = {{ $value }}"
@@ -586,7 +575,6 @@ groups:
for: 0m
labels:
severity: critical
- org: ccchh
annotations:
summary: Prometheus TSDB compactions failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB compactions failures\n VALUE = {{ $value }}"
@@ -595,7 +583,6 @@ groups:
for: 0m
labels:
severity: critical
- org: ccchh
annotations:
summary: Prometheus TSDB head truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB head truncation failures\n VALUE = {{ $value }}"
@@ -604,7 +591,6 @@ groups:
for: 0m
labels:
severity: critical
- org: ccchh
annotations:
summary: Prometheus TSDB reload failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB reload failures\n VALUE = {{ $value }}"
@@ -613,7 +599,6 @@ groups:
for: 0m
labels:
severity: critical
- org: ccchh
annotations:
summary: Prometheus TSDB WAL corruptions (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL corruptions\n VALUE = {{ $value }}"
@@ -622,16 +607,14 @@ groups:
for: 0m
labels:
severity: critical
- org: ccchh
annotations:
summary: Prometheus TSDB WAL truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL truncation failures\n VALUE = {{ $value }}"
- alert: PrometheusTimeseriesCardinality
- expr: label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 20000
+ expr: label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 10000
for: 0m
labels:
severity: warning
- org: ccchh
annotations:
summary: Prometheus timeseries cardinality (instance {{ $labels.instance }})
description: "The \"{{ $labels.name }}\" timeseries cardinality is getting very high: {{ $value }}\n VALUE = {{ $value }}"
diff --git a/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf
index c5b68e1..a3218d1 100644
--- a/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf
@@ -2,8 +2,7 @@
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
# Listen on a custom port for the proxy protocol.
- listen 8443 ssl proxy_protocol;
- http2 on;
+ listen 8443 ssl http2 proxy_protocol;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
@@ -41,71 +40,4 @@ server {
proxy_pass http://127.0.0.1:3000/;
}
- location /ntfy-alertmanager-ccchh-critical/ {
- deny all;
- allow ::1/128;
- allow 127.0.0.1/32;
- # Wieske
- allow 172.31.17.128/25;
- allow 212.12.51.128/28;
- allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
- allow 2a00:14b0:4200:3000::/64; #Bei Wieske
- allow 2a00:14b0:4200:3380::/64;
- allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
- # Z9
- allow 2a07:c480:0:100::/56;
- allow 2a07:c481:1::/48;
- proxy_pass http://127.0.0.1:8000/;
- }
-
- location /ntfy-alertmanager-ccchh/ {
- deny all;
- allow ::1/128;
- allow 127.0.0.1/32;
- # Wieske
- allow 172.31.17.128/25;
- allow 212.12.51.128/28;
- allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
- allow 2a00:14b0:4200:3000::/64; #Bei Wieske
- allow 2a00:14b0:4200:3380::/64;
- allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
- # Z9
- allow 2a07:c480:0:100::/56;
- allow 2a07:c481:1::/48;
- proxy_pass http://127.0.0.1:8010/;
- }
-
- location /ntfy-alertmanager-fux-critical/ {
- deny all;
- allow ::1/128;
- allow 127.0.0.1/32;
- # Wieske
- allow 172.31.17.128/25;
- allow 212.12.51.128/28;
- allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
- allow 2a00:14b0:4200:3000::/64; #Bei Wieske
- allow 2a00:14b0:4200:3380::/64;
- allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
- # Z9
- allow 2a07:c480:0:100::/56;
- allow 2a07:c481:1::/48;
- proxy_pass http://127.0.0.1:8001/;
- }
-
- location /ntfy-alertmanager-fux/ {
- deny all;
- allow ::1/128;
- allow 127.0.0.1/32;
- # Wieske
- allow 172.31.17.128/25;
- allow 212.12.51.128/28;
- allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
- allow 2a00:14b0:4200:3000::/64; #Bei Wieske
- allow 2a00:14b0:4200:3380::/64;
- allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
- # Z9
- allow 2a07:c480:0:100::/56;
- allow 2a07:c481:1::/48;
- proxy_pass http://127.0.0.1:8011/;
- }
}
diff --git a/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
deleted file mode 100644
index e2bf4a7..0000000
--- a/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
+++ /dev/null
@@ -1,89 +0,0 @@
-server {
- allow ::1/128;
- allow 127.0.0.1/32;
- # Wieske
- allow 172.31.17.128/25;
- allow 212.12.51.128/28;
- allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
- allow 2a00:14b0:4200:3000::/64; #Bei Wieske
- allow 2a00:14b0:4200:3380::/64;
- allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
- # Z9
- allow 2a07:c480:0:100::/56;
- allow 2a07:c481:1::/48;
-
- deny all;
-
- server_name loki.hamburg.ccc.de;
-
- listen [::]:50051 ssl;
- listen 172.31.17.145:50051 ssl;
-
- http2 on;
-
- client_body_buffer_size 512k;
-
- ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
-
- auth_basic "loki";
- auth_basic_user_file loki.htpasswd;
- location / {
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Port 9099;
- # This is https in any case.
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header X-Scope-OrgID $remote_user;
- grpc_pass grpc://localhost:19099;
- }
-}
-
-server {
- allow ::1/128;
- allow 127.0.0.1/32;
- # Wieske
- allow 172.31.17.128/25;
- allow 212.12.51.128/28;
- allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
- allow 2a00:14b0:4200:3000::/64; #Bei Wieske
- allow 2a00:14b0:4200:3380::/64;
- allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
- # Z9
- allow 2a07:c480:0:100::/56;
- allow 2a07:c481:1::/48;
- deny all;
-
- server_name loki.hamburg.ccc.de;
-
- listen [::]:443 ssl;
- listen 172.31.17.145:443 ssl;
-
- http2 on;
-
- client_body_buffer_size 512k;
-
- ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
- # verify chain of trust of OCSP response using Root CA and Intermediate certs
- ssl_trusted_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/chain.pem;
-
- # HSTS (ngx_http_headers_module is required) (63072000 seconds)
- add_header Strict-Transport-Security "max-age=63072000" always;
-
- auth_basic "loki";
- auth_basic_user_file loki.htpasswd;
-
- location / {
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- # This is https in any case.
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header X-Scope-OrgID $remote_user;
- proxy_pass http://127.0.0.1:13100;
- }
-}
diff --git a/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2 b/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2
deleted file mode 100644
index ed270c2..0000000
--- a/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2
+++ /dev/null
@@ -1 +0,0 @@
-chaos:{{ secret__loki_chaos_basic_auth }}
diff --git a/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
deleted file mode 100644
index 2c52523..0000000
--- a/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
+++ /dev/null
@@ -1,61 +0,0 @@
-server {
- allow ::1/128;
- allow 127.0.0.1/32;
- # Wieske
- allow 172.31.17.128/25;
- allow 212.12.51.128/28;
- allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
- allow 2a00:14b0:4200:3000::/64; #Bei Wieske
- allow 2a00:14b0:4200:3380::/64;
- allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
- # Z9
- allow 2a07:c480:0:100::/56;
- allow 2a07:c481:1::/48;
- # fuxnoc
- allow 2a07:c481:0:1::/64;
- deny all;
-
- server_name metrics.hamburg.ccc.de;
-
- listen [::]:443 ssl;
- listen 172.31.17.145:443 ssl;
- http2 on;
-
- client_body_buffer_size 512k;
-
- ssl_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/metrics.hamburg.ccc.de/privkey.pem;
- # verify chain of trust of OCSP response using Root CA and Intermediate certs
- ssl_trusted_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/chain.pem;
-
- # HSTS (ngx_http_headers_module is required) (63072000 seconds)
- add_header Strict-Transport-Security "max-age=63072000" always;
-
- auth_basic "metrics";
- auth_basic_user_file metrics.htpasswd;
-
- location /api/v1/write {
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Port 3100;
- # This is https in any case.
- proxy_set_header X-Forwarded-Proto https;
-
- proxy_pass http://127.0.0.1:9090;
- }
-
- location /ready {
- rewrite ^ /-/ready break;
-
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- # This is https in any case.
- proxy_set_header X-Forwarded-Proto https;
-
- proxy_pass http://127.0.0.1:9090;
- }
-}
diff --git a/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2 b/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2
deleted file mode 100644
index f680572..0000000
--- a/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2
+++ /dev/null
@@ -1,2 +0,0 @@
-chaos:{{ secret__metrics_chaos_basic_auth }}
-fux:{{ secret__metrics_fux_basic_auth }}
diff --git a/resources/chaosknoten/grafana/nginx/redirect.conf b/resources/chaosknoten/grafana/nginx/redirect.conf
deleted file mode 100644
index 28b265a..0000000
--- a/resources/chaosknoten/grafana/nginx/redirect.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
-# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
-server {
- listen 80 default_server;
- listen [::]:80 default_server;
-
- location / {
- return 301 https://$host$request_uri;
- }
-
- location /.well-known/acme-challenge/ {
- proxy_pass http://127.0.0.1:31820/.well-known/acme-challenge/;
- }
-}
diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
index 227db64..9509654 100644
--- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
@@ -22,7 +22,7 @@
services:
keycloak:
- image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.2
+ image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.0
pull_policy: always
restart: unless-stopped
command: start --optimized
@@ -32,11 +32,11 @@ services:
- keycloak
environment:
KEYCLOAK_ADMIN: admin
- KEYCLOAK_ADMIN_PASSWORD: {{ secret__keycloak_admin_password }}
+ KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
KC_DB: postgres
KC_DB_URL_HOST: db
KC_DB_USERNAME: keycloak
- KC_DB_PASSWORD: {{ secret__keycloak_db_password }}
+ KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
KC_HOSTNAME: https://id.hamburg.ccc.de
KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
@@ -46,7 +46,7 @@ services:
- "8080:8080"
db:
- image: postgres:15.13
+ image: postgres:15.2
restart: unless-stopped
networks:
- keycloak
@@ -54,7 +54,7 @@ services:
- "./database:/var/lib/postgresql/data"
environment:
POSTGRES_USER: keycloak
- POSTGRES_PASSWORD: {{ secret__keycloak_db_password }}
+ POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
POSTGRES_DB: keycloak
id-invite-web:
@@ -76,10 +76,10 @@ services:
- "IDINVITE_URL=https://invite.hamburg.ccc.de"
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
- "IDINVITE_VALID_HOURS=50"
- - "IDINVITE_SECRET={{ secret__idinvite_token_secret }}"
+ - "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}"
- "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
- "IDINVITE_CLIENT_ID=id-invite"
- - "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
+ - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
- "MAIL_FROM=no-reply@hamburg.ccc.de"
- "BOTTLE_HOST=0.0.0.0"
@@ -96,7 +96,7 @@ services:
- "MAIL_FROM=no-reply@id.hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
- - "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}"
+ - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}"
id-invite-keycloak:
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
@@ -107,10 +107,10 @@ services:
environment:
- "BOTTLE_HOST=0.0.0.0"
- "IDINVITE_CLIENT_ID=id-invite"
- - "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
+ - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
- "KEYCLOAK_API_URL=http://keycloak:8080"
- "KEYCLOAK_API_USERNAME=id-invite"
- - "KEYCLOAK_API_PASSWORD={{ secret__idinvite_admin_password }}"
+ - "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}"
- "KEYCLOAK_API_REALM=ccchh"
- 'KEYCLOAK_GROUPS=["user"]'
diff --git a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
index 2b0d919..372715d 100644
--- a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
@@ -43,7 +43,6 @@ server {
allow 185.161.129.132/32; # z9
allow 2a07:c480:0:100::/56; # z9
- allow 2a07:c481:1::/48; # z9 new ipv6
allow 213.240.180.39/32; # stbe home
allow 2a01:170:118b::1/64; # stbe home
deny all;
diff --git a/resources/chaosknoten/netbox/netbox/configuration.py.j2 b/resources/chaosknoten/netbox/netbox/configuration.py.j2
index 7648e7e..789a539 100644
--- a/resources/chaosknoten/netbox/netbox/configuration.py.j2
+++ b/resources/chaosknoten/netbox/netbox/configuration.py.j2
@@ -3,7 +3,7 @@ DATABASE = {
"HOST": "localhost",
"NAME": "netbox",
"USER": "netbox",
- "PASSWORD": "{{ netbox__db_password }}",
+ "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}",
}
REDIS = {
"tasks": {
@@ -23,7 +23,7 @@ REDIS = {
"SSL": False,
},
}
-SECRET_KEY = "{{ secret__netbox_secret_key }}"
+SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SECRET_KEY', create=false, missing='error') }}"
SESSION_COOKIE_SECURE = True
# CCCHH ID (Keycloak) integration.
@@ -38,7 +38,7 @@ SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = (
)
SOCIAL_AUTH_KEYCLOAK_KEY = "netbox"
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB"
-SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ secret__netbox_social_auth_keycloak_secret }}"
+SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}"
# Use custom OIDC group and role mapping pipeline functions added in via
# netbox__custom_pipeline_oidc_group_and_role_mapping.
# The default pipeline this is based on can be found here:
diff --git a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2
deleted file mode 100644
index 625e02f..0000000
--- a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2
+++ /dev/null
@@ -1,24 +0,0 @@
----
-services:
- ntfy:
- image: binwiederhier/ntfy
- container_name: ntfy
- command:
- - serve
- volumes:
- - ntfy_cache:/var/cache/ntfy
- - ntfy_var:/var/lib/ntfy
- - ./configs/server.yml:/etc/ntfy/server.yml
- ports:
- - 2586:2586
- - 9586:9586
- healthcheck: # optional: remember to adapt the host:port to your environment
- test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:2586/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
- interval: 60s
- timeout: 10s
- retries: 3
- start_period: 40s
- restart: unless-stopped
-volumes:
- ntfy_cache: {}
- ntfy_var: {}
diff --git a/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2
deleted file mode 100644
index 0a28f4f..0000000
--- a/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2
+++ /dev/null
@@ -1,21 +0,0 @@
-base-url: "https://ntfy.hamburg.ccc.de"
-default-host: "https://ntfy.hamburg.ccc.de"
-listen-http: ":2586"
-behind-proxy: true
-cache-file: "/var/cache/ntfy/cache.db"
-log-format: json
-
-enable-metrics: true
-metrics-listen-http: ":9586"
-
-auth-default-access: "deny-all"
-auth-file: "/var/lib/ntfy/user.db"
-
-attachment-cache-dir: "/var/cache/ntfy/attachments"
-
-web-push-public-key: "BCx7PqDiVNlOiAHHfSxjbTle_LN4hetwHYi58GJhQxiY33AQ663IaJVro7B28j-1KOqwdzKco3dMMwzBJl9OQ90"
-web-push-private-key: {{ secret__ntfy_web_push_private_key }}
-web-push-file: "/var/cache/ntfy/webpush.db"
-web-push-email-address: "mailto:noc@lists.hamburg.ccc.de"
-
-upstream-base-url: "https://ntfy.sh"
diff --git a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
index 85ce7d2..91c26a3 100644
--- a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
@@ -14,4 +14,4 @@ services:
ports:
- "8080:80"
environment:
- JWT_SECRET: {{ secret__onlyoffice_jwt_secret }}
+ JWT_SECRET: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/onlyoffice/JWT_SECRET", create=false, missing="error") }}
diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
index ca29f1b..537cda0 100644
--- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
@@ -6,7 +6,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=hedgedoc"
- - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
+ - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
- "POSTGRES_DB=hedgedoc"
volumes:
- database:/var/lib/postgresql/data
@@ -16,7 +16,7 @@ services:
#image: quay.io/hedgedoc/hedgedoc:1.9.9
image: quay.io/hedgedoc/hedgedoc:latest
environment:
- - "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc"
+ - "CMD_DB_URL=postgres://hedgedoc:{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}@database:5432/hedgedoc"
- "CMD_DOMAIN=pad.hamburg.ccc.de"
- "CMD_PROTOCOL_USESSL=true"
- "CMD_HSTS_ENABLE=false"
@@ -35,7 +35,7 @@ services:
- "CMD_OAUTH2_TOKEN_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
- "CMD_OAUTH2_AUTHORIZATION_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
- "CMD_OAUTH2_CLIENT_ID=pad"
- - "CMD_OAUTH2_CLIENT_SECRET={{ secret__hedgedoc_kc_secret }}"
+ - "CMD_OAUTH2_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/KC_SECRET", create=false, missing="error") }}"
- "CMD_OAUTH2_PROVIDERNAME=Keycloak"
- "CMD_OAUTH2_SCOPE=openid email profile"
volumes:
@@ -53,11 +53,11 @@ services:
environment:
- "POSTGRES_HOSTNAME=database"
- "POSTGRES_USERNAME=hedgedoc"
- - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
+ - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
- "SMTP_FROM=pad@hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=pad@hamburg.ccc.de"
- - "SMTP_PASSWORD={{ secret__pad_smtp_password }}"
+ - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/smtp_password", create=false, missing="error") }}"
- "URL=https://pad.hamburg.ccc.de"
depends_on:
- database
diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
index 1eca33b..b210098 100644
--- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
@@ -6,7 +6,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=pretalx"
- - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"
+ - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
- "POSTGRES_DB=pretalx"
volumes:
- database:/var/lib/postgresql/data
@@ -53,14 +53,13 @@ services:
restart: unless-stopped
environment:
PRETALX_DATA_DIR: /data
- PRETALX_FILE_UPLOAD_LIMIT: 1000 # MB
PRETALX_FILESYSTEM_MEDIA: /public/media
PRETALX_FILESYSTEM_STATIC: /public/static
PRETALX_SITE_URL: https://pretalx.hamburg.ccc.de
PRETALX_DB_TYPE: postgresql
PRETALX_DB_NAME: pretalx
PRETALX_DB_USER: pretalx
- PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}"
+ PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
PRETALX_DB_HOST: database
PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
PRETALX_MAIL_HOST: "cow-intern.hamburg.ccc.de"
@@ -90,13 +89,13 @@ services:
PRETALX_DB_TYPE: postgresql
PRETALX_DB_NAME: pretalx
PRETALX_DB_USER: pretalx
- PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}"
+ PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
PRETALX_DB_HOST: database
PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
PRETALX_MAIL_HOST: "cow.hamburg.ccc.de"
PRETALX_MAIL_PORT: 587
PRETALX_MAIL_USER: pretalx@hamburg.ccc.de
- PRETALX_MAIL_PASSWORD: "{{ secret__pretalx_mail_password }}"
+ PRETALX_MAIL_PASSWORD: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/PRETALX_MAIL_PASSWORD", create=false, missing="error") }}"
PRETALX_MAIL_TLS: "true"
PRETALX_CELERY_BACKEND: redis://redis/1
PRETALX_CELERY_BROKER: redis://redis/2
diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
index 790ca77..4e0e8e3 100644
--- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
+++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
@@ -17,8 +17,6 @@ map $host $upstream_acme_challenge_host {
invite.hamburg.ccc.de 172.31.17.144:31820;
keycloak-admin.hamburg.ccc.de 172.31.17.144:31820;
matrix.hamburg.ccc.de 172.31.17.150:31820;
- mas.hamburg.ccc.de 172.31.17.150:31820;
- element-admin.hamburg.ccc.de 172.31.17.151:31820;
netbox.hamburg.ccc.de 172.31.17.167:31820;
onlyoffice.hamburg.ccc.de 172.31.17.147:31820;
pad.hamburg.ccc.de 172.31.17.141:31820;
@@ -72,11 +70,8 @@ map $host $upstream_acme_challenge_host {
design.hamburg.ccc.de 172.31.17.162:31820;
hydra.hamburg.ccc.de 172.31.17.163:31820;
cfp.eh22.easterhegg.eu 172.31.17.157:31820;
- ntfy.hamburg.ccc.de 172.31.17.149:31820;
- cryptoparty-hamburg.de 172.31.17.151:31820;
- cryptoparty.hamburg.ccc.de 172.31.17.151:31820;
- staging.cryptoparty-hamburg.de 172.31.17.151:31820;
- staging.cryptoparty.hamburg.ccc.de 172.31.17.151:31820;
+ hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820;
+ netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:31820;
default "";
}
diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
index 87b5408..4a7f84c 100644
--- a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
+++ b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
@@ -34,8 +34,6 @@ stream {
staging.hackertours.hamburg.ccc.de 172.31.17.151:8443;
netbox.hamburg.ccc.de 172.31.17.167:8443;
matrix.hamburg.ccc.de 172.31.17.150:8443;
- mas.hamburg.ccc.de 172.31.17.150:8443;
- element-admin.hamburg.ccc.de 172.31.17.151:8443;
element.hamburg.ccc.de 172.31.17.151:8443;
branding-resources.hamburg.ccc.de 172.31.17.151:8443;
www.hamburg.ccc.de 172.31.17.151:8443;
@@ -90,11 +88,8 @@ stream {
design.hamburg.ccc.de 172.31.17.162:8443;
hydra.hamburg.ccc.de 172.31.17.163:8443;
cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443;
- ntfy.hamburg.ccc.de 172.31.17.149:8443;
- cryptoparty-hamburg.de 172.31.17.151:8443;
- cryptoparty.hamburg.ccc.de 172.31.17.151:8443;
- staging.cryptoparty-hamburg.de 172.31.17.151:8443;
- staging.cryptoparty.hamburg.ccc.de 172.31.17.151:8443;
+ hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443;
+ netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:8443;
}
server {
diff --git a/resources/chaosknoten/router/nftables/nftables.conf b/resources/chaosknoten/router/nftables/nftables.conf
new file mode 100644
index 0000000..8d30852
--- /dev/null
+++ b/resources/chaosknoten/router/nftables/nftables.conf
@@ -0,0 +1,84 @@
+#!/usr/sbin/nft -f
+
+## Variables
+
+# Interfaces
+define if_net1_v4_wan = "net1"
+define if_net2_v6_wan = "net2"
+define if_net0_2_v4_nat = "net0.2"
+define if_net0_3_ci_runner = "net0.3"
+define if_net0_4_v4_nat_legacy = "net0.4"
+define if_net0_5_public = "net0.5"
+
+# Interface Groups
+define wan_ifs = { $if_net1_v4_wan,
+ $if_net2_v6_wan }
+define lan_ifs = { $if_net0_2_v4_nat,
+ $if_net0_3_ci_runner,
+ $if_net0_4_v4_nat_legacy,
+ $if_net0_5_public }
+define v4_exposed_ifs = { $if_net0_5_public }
+define v6_exposed_ifs = { $if_net0_2_v4_nat,
+ $if_net0_4_v4_nat_legacy,
+ $if_net0_5_public }
+
+
+## Rules
+
+table inet reverse-path-forwarding {
+ chain rpf-filter {
+ type filter hook prerouting priority mangle + 10; policy drop;
+
+ # Only allow packets if their source address is routed via their incoming interface.
+ # https://github.com/NixOS/nixpkgs/blob/d9d87c51960050e89c79e4025082ed965e770d68/nixos/modules/services/networking/firewall-nftables.nix#L100
+ fib saddr . mark . iif oif exists accept
+ }
+}
+
+table inet host {
+ chain input {
+ type filter hook input priority filter; policy drop;
+
+ iifname "lo" accept comment "allow loopback"
+
+ ct state invalid drop
+ ct state established,related accept
+
+ ip protocol icmp accept
+ ip6 nexthdr icmpv6 accept
+
+ # Allow SSH access.
+ tcp dport 22 accept comment "allow ssh access"
+
+ # Allow DHCP server access.
+ iifname $if_net0_3_ci_runner udp dport 67 accept comment "allow dhcp server access"
+ }
+}
+
+table ip v4nat {
+ chain prerouting {
+ type nat hook prerouting priority dstnat; policy accept;
+ }
+
+ chain postrouting {
+ type nat hook postrouting priority srcnat; policy accept;
+
+ oifname $if_net1_v4_wan masquerade
+ }
+}
+
+table inet forward {
+ chain forward {
+ type filter hook forward priority filter; policy drop;
+
+ ct state invalid drop
+ ct state established,related accept
+
+ # Allow internet access.
+ iifname $lan_ifs oifname $wan_ifs accept comment "allow internet access"
+
+ # Allow access to exposed networks from internet.
+ meta nfproto ipv4 oifname $v4_exposed_ifs accept comment "allow v4 exposed network access"
+ meta nfproto ipv6 oifname $v6_exposed_ifs accept comment "allow v6 exposed network access"
+ }
+}
diff --git a/resources/chaosknoten/router/systemd_networkd/00-net0.link b/resources/chaosknoten/router/systemd_networkd/00-net0.link
new file mode 100644
index 0000000..0c55d13
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/00-net0.link
@@ -0,0 +1,6 @@
+[Match]
+MACAddress=BC:24:11:54:11:15
+Type=ether
+
+[Link]
+Name=net0
diff --git a/resources/chaosknoten/router/systemd_networkd/00-net1.link b/resources/chaosknoten/router/systemd_networkd/00-net1.link
new file mode 100644
index 0000000..9489f17
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/00-net1.link
@@ -0,0 +1,7 @@
+[Match]
+# Stolen from turing to make 212.12.48.122 work.
+MACAddress=0E:A4:E3:97:16:92
+Type=ether
+
+[Link]
+Name=net1
diff --git a/resources/chaosknoten/router/systemd_networkd/00-net2.link b/resources/chaosknoten/router/systemd_networkd/00-net2.link
new file mode 100644
index 0000000..2a56f72
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/00-net2.link
@@ -0,0 +1,6 @@
+[Match]
+MACAddress=BC:24:11:AE:C7:04
+Type=ether
+
+[Link]
+Name=net2
diff --git a/resources/chaosknoten/router/systemd_networkd/10-net0.2-v4_nat.netdev b/resources/chaosknoten/router/systemd_networkd/10-net0.2-v4_nat.netdev
new file mode 100644
index 0000000..a46afb4
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/10-net0.2-v4_nat.netdev
@@ -0,0 +1,7 @@
+[NetDev]
+Name=net0.2
+Kind=vlan
+
+[VLAN]
+Id=2
+
diff --git a/resources/chaosknoten/router/systemd_networkd/10-net0.3-ci_runner.netdev b/resources/chaosknoten/router/systemd_networkd/10-net0.3-ci_runner.netdev
new file mode 100644
index 0000000..0cd60db
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/10-net0.3-ci_runner.netdev
@@ -0,0 +1,7 @@
+[NetDev]
+Name=net0.3
+Kind=vlan
+
+[VLAN]
+Id=3
+
diff --git a/resources/chaosknoten/router/systemd_networkd/10-net0.4-v4_nat_legacy.netdev b/resources/chaosknoten/router/systemd_networkd/10-net0.4-v4_nat_legacy.netdev
new file mode 100644
index 0000000..5cb68ed
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/10-net0.4-v4_nat_legacy.netdev
@@ -0,0 +1,6 @@
+[NetDev]
+Name=net0.4
+Kind=vlan
+
+[VLAN]
+Id=4
diff --git a/resources/chaosknoten/router/systemd_networkd/10-net0.5-public.netdev b/resources/chaosknoten/router/systemd_networkd/10-net0.5-public.netdev
new file mode 100644
index 0000000..be3c9d9
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/10-net0.5-public.netdev
@@ -0,0 +1,6 @@
+[NetDev]
+Name=net0.5
+Kind=vlan
+
+[VLAN]
+Id=5
diff --git a/resources/chaosknoten/router/systemd_networkd/20-net0.network b/resources/chaosknoten/router/systemd_networkd/20-net0.network
new file mode 100644
index 0000000..59897cf
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/20-net0.network
@@ -0,0 +1,13 @@
+[Match]
+Name=net0
+
+[Link]
+RequiredForOnline=no
+
+[Network]
+VLAN=net0.2
+VLAN=net0.3
+VLAN=net0.4
+VLAN=net0.5
+
+LinkLocalAddressing=no
diff --git a/resources/chaosknoten/router/systemd_networkd/20-net1.network b/resources/chaosknoten/router/systemd_networkd/20-net1.network
new file mode 100644
index 0000000..5789ef6
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/20-net1.network
@@ -0,0 +1,15 @@
+[Match]
+Name=net1
+
+[Network]
+DNS=212.12.50.158
+IPForward=ipv4
+IPv6AcceptRA=no
+# v4 taken from turing for routing public v4 range and turing-compat for v4-NAT-legacy network.
+# Also just the v4 for other purposes as well.
+Address=212.12.48.122/24
+Address=212.12.48.123/24
+# v6 for turing-compat for v4-NAT-legacy network routed v6.
+Address=2a00:14b0:4200:3000:122::1
+Gateway=212.12.48.55
+Gateway=2a00:14b0:4200:3000::1
diff --git a/resources/chaosknoten/router/systemd_networkd/20-net2.network b/resources/chaosknoten/router/systemd_networkd/20-net2.network
new file mode 100644
index 0000000..b3f497d
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/20-net2.network
@@ -0,0 +1,14 @@
+[Match]
+Name=net2
+
+[Network]
+#DNS=212.12.50.158
+IPForward=ipv6
+IPv6AcceptRA=no
+
+[Address]
+Address=2a00:14b0:4200:3500::130:2/112
+
+[Route]
+Gateway=2a00:14b0:4200:3500::130:1
+
diff --git a/resources/chaosknoten/router/systemd_networkd/21-net0.2-v4_nat.network b/resources/chaosknoten/router/systemd_networkd/21-net0.2-v4_nat.network
new file mode 100644
index 0000000..c7fd9a7
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/21-net0.2-v4_nat.network
@@ -0,0 +1,23 @@
+[Match]
+Name=net0.2
+Type=vlan
+
+[Link]
+RequiredForOnline=no
+
+[Network]
+Description=v4-NAT
+
+# Masquerading done in nftables (nftables.conf).
+IPv6SendRA=yes
+
+[Address]
+Address=10.32.2.1/24
+
+[IPv6SendRA]
+UplinkInterface=net2
+
+[IPv6Prefix]
+Prefix=2a00:14b0:42:102::/64
+Assign=true
+Token=static:::1
diff --git a/resources/chaosknoten/router/systemd_networkd/21-net0.3-ci_runners.network b/resources/chaosknoten/router/systemd_networkd/21-net0.3-ci_runners.network
new file mode 100644
index 0000000..9caca86
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/21-net0.3-ci_runners.network
@@ -0,0 +1,29 @@
+[Match]
+Name=net0.3
+Type=vlan
+
+[Link]
+RequiredForOnline=no
+
+[Network]
+Description=ci-runners
+
+# Masquerading done in nftables (nftables.conf).
+IPv6SendRA=yes
+
+DHCPServer=true
+
+[DHCPServer]
+PoolOffset=100
+PoolSize=150
+
+[Address]
+Address=10.32.3.1/24
+
+[IPv6SendRA]
+UplinkInterface=net2
+
+[IPv6Prefix]
+Prefix=2a00:14b0:42:103::/64
+Assign=true
+Token=static:::1
diff --git a/resources/chaosknoten/router/systemd_networkd/21-net0.4-v4_nat_legacy.network b/resources/chaosknoten/router/systemd_networkd/21-net0.4-v4_nat_legacy.network
new file mode 100644
index 0000000..dd63a73
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/21-net0.4-v4_nat_legacy.network
@@ -0,0 +1,23 @@
+[Match]
+Name=net0.4
+Type=vlan
+
+[Link]
+RequiredForOnline=no
+
+[Network]
+Description=v4-NAT-legacy
+
+# Masquerading done in nftables (nftables.conf).
+IPv6SendRA=yes
+
+[Address]
+Address=172.31.17.129/25
+
+[IPv6SendRA]
+UplinkInterface=net1
+
+[IPv6Prefix]
+Prefix=2a00:14b0:f000:23::/64
+Assign=true
+Token=static:::1
diff --git a/resources/chaosknoten/router/systemd_networkd/21-net0.5-public.network b/resources/chaosknoten/router/systemd_networkd/21-net0.5-public.network
new file mode 100644
index 0000000..d49eb60
--- /dev/null
+++ b/resources/chaosknoten/router/systemd_networkd/21-net0.5-public.network
@@ -0,0 +1,22 @@
+[Match]
+Name=net0.5
+Type=vlan
+
+[Link]
+RequiredForOnline=no
+
+[Network]
+Description=public
+
+IPv6SendRA=yes
+
+[Address]
+Address=212.12.50.209/29
+
+[IPv6SendRA]
+UplinkInterface=net2
+
+[IPv6Prefix]
+Prefix=2a00:14b0:42:105::/64
+Assign=true
+Token=static:::1
diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
index d00a454..1f9d99d 100644
--- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
@@ -4,7 +4,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=pretix"
- - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"
+ - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}"
- "POSTGRES_DB=pretix"
volumes:
- database:/var/lib/postgresql/data
diff --git a/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2 b/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
index f1c119f..3f4af83 100644
--- a/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
+++ b/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
@@ -10,7 +10,7 @@ trust_x_forwarded_proto=on
backend=postgresql
name=pretix
user=pretix
-password={{ secret__pretix_db_password }}
+password={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}
host=database
[mail]
diff --git a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
index b2e8f4d..8d345de 100644
--- a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
@@ -11,7 +11,7 @@ see https://github.com/zammad/zammad-docker-compose/blob/master/.env
{%- set POSTGRES_DB = "zammad_production" | quote -%}
{%- set POSTGRES_HOST = "zammad-postgresql" | quote -%}
{%- set POSTGRES_USER = "zammad" | quote -%}
-{%- set POSTGRES_PASS = secret__zammad_db_password | quote -%}
+{%- set POSTGRES_PASS = lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/zammad/DB_PASSWORD", create=false, missing="error") | quote -%}
{%- set POSTGRES_PORT = "5432" | quote -%}
{%- set POSTGRES_VERSION = "15-alpine" | quote -%}
{%- set REDIS_URL = "redis://zammad-redis:6379" | quote -%}
diff --git a/resources/z9/dooris/docker_compose/compose.yaml.j2 b/resources/z9/dooris/docker_compose/compose.yaml.j2
deleted file mode 100644
index 38db85a..0000000
--- a/resources/z9/dooris/docker_compose/compose.yaml.j2
+++ /dev/null
@@ -1,22 +0,0 @@
----
-
-services:
- dooris:
- image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest
- environment:
- HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56 172.31.200.0/23 172.31.202.0/27"
- HMDOORIS_CCUJACK_CERTIFICATE_PATH: false
- HMDOORIS_CCUJACK_PASSWORD: "{{ secret__dooris_ccujack_password }}"
- HMDOORIS_CCUJACK_URL: https://hmdooris-ccu.ccchh.net:2122
- HMDOORIS_CCUJACK_USERNAME: dooris
- HMDOORIS_CLIENT_ID: dooris
- HMDOORIS_CLIENT_SECRET: "{{ secret__dooris_client_secret }}"
- HMDOORIS_DISCOVERY_URL: https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration
- HMDOORIS_LISTEN: '0.0.0.0:3000'
- HMDOORIS_REQUIRES_GROUP: /intern
- HMDOORIS_URL: https://dooris.ccchh.net
- PYTHONWARNINGS: "ignore:Unverified HTTPS request"
- #DEBUG: true
- ports:
- - "127.0.0.1:3000:3000"
- restart: unless-stopped
diff --git a/resources/z9/dooris/nginx/dooris.ccchh.net.conf b/resources/z9/dooris/nginx/dooris.ccchh.net.conf
deleted file mode 100644
index c1ca082..0000000
--- a/resources/z9/dooris/nginx/dooris.ccchh.net.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
-# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
-server {
- listen [::]:443 ssl http2;
- listen 443 ssl http2;
-
- server_name dooris.ccchh.net;
-
- ssl_certificate /etc/letsencrypt/live/dooris.ccchh.net/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/dooris.ccchh.net/privkey.pem;
- # verify chain of trust of OCSP response using Root CA and Intermediate certs
- ssl_trusted_certificate /etc/letsencrypt/live/dooris.ccchh.net/chain.pem;
-
- # HSTS (ngx_http_headers_module is required) (63072000 seconds)
- add_header Strict-Transport-Security "max-age=63072000" always;
-
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Port 443;
- # This is https in any case.
- proxy_set_header X-Forwarded-Proto https;
- # Hide the X-Forwarded header.
- proxy_hide_header X-Forwarded;
- # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
- # is transparent).
- # Also provide "_hidden" for by, since it's not relevant.
- proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
-
- location / {
- proxy_pass http://127.0.0.1:3000/;
- }
-}
diff --git a/resources/z9/waybackproxy/docker_compose/compose.yaml.j2 b/resources/z9/waybackproxy/docker_compose/compose.yaml.j2
deleted file mode 100644
index b6752fa..0000000
--- a/resources/z9/waybackproxy/docker_compose/compose.yaml.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-services:
- # https://github.com/richardg867/WaybackProxy
- waybackproxy:
- image: cttynul/waybackproxy:latest
- environment:
- DATE: 19990101
- DATE_TOLERANCE: 730
- ports:
- - "1999:8888"
- restart: unless-stopped
diff --git a/resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf b/resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf
deleted file mode 100644
index 7c616c7..0000000
--- a/resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# TODO: set up caching proxy
-
-# server {
-# listen 1999
-# }
diff --git a/resources/z9/yate/docker_compose/README.md b/resources/z9/yate/docker_compose/README.md
deleted file mode 100644
index 1977f4f..0000000
--- a/resources/z9/yate/docker_compose/README.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# Yate Configuration
-
-Yate has a [beginners guide](https://docs.yate.ro/wiki/Beginners_in_Yate). Otherwise, you need to refer to the [sample config files](https://github.com/eventphone/yate/tree/master/conf.d).
-
-For our limited setup, we only need three files:
-* accfile.conf for defining SIP registrars that we want to register with (EPVPN, Fonial, and the Fux door intercom system)
-* regexroute.conf for the call routing rules
-* regfile.conf for the phones that connect to yate.ccchh.net
-
-## Docker Compose Setup
-
-yate runs as a container wiht host networking. The image is build through https://git.hamburg.ccc.de/CCCHH/yate-image, it is using the Eventphone fork of yate.
\ No newline at end of file
diff --git a/resources/z9/yate/docker_compose/accfile.conf.j2 b/resources/z9/yate/docker_compose/accfile.conf.j2
deleted file mode 100644
index 4ce65e3..0000000
--- a/resources/z9/yate/docker_compose/accfile.conf.j2
+++ /dev/null
@@ -1,35 +0,0 @@
-; Yate will register to these SIP services
-; see https://github.com/eventphone/yate/blob/master/conf.d/accfile.conf.sample
-
-[epvpn_ccchh]
-enabled=yes
-protocol=sip
-description=Eventphone EPVPN CCCHH
-username=1008
-authname=1008
-password={{ secret__yate__sip_trunk_epvpn }}
-interval=120
-registrar=hg.eventphone.de
-keepalive=1
-
-[fonial_ccchh]
-enabled=yes
-protocol=sip
-description=Fonial CCCHH
-username=fo370381tr317349_00
-authname=fo370381tr317349_00
-password={{ secret__yate__sip_trunk_fonial }}
-interval=120
-registrar=sip.plusnet.de
-keepalive=1
-
-[fux_intercom]
-enabled=yes
-protocol=sip
-description=Fux Intercom CCCHH doorbell
-username=1337
-authname=1337
-password={{ secret__yate__sip_trunk_fux }}
-interval=120
-registrar=172.16.210.2
-keepalive=1
diff --git a/resources/z9/yate/docker_compose/compose.yaml.j2 b/resources/z9/yate/docker_compose/compose.yaml.j2
deleted file mode 100644
index e3d6614..0000000
--- a/resources/z9/yate/docker_compose/compose.yaml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
----
-
-services:
- yate:
- image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest
- # command:
- # - sh
- # - "-c"
- # - "while :; do sleep 10; done"
- environment:
- DEBUG: true
- network_mode: host
- # ports:
- # - "127.0.0.1:3000:3000"
- restart: unless-stopped
- volumes:
- - ./configs/accfile.conf:/opt/yate/etc/yate/accfile.conf
- - ./configs/regexroute.conf:/opt/yate/etc/yate/regexroute.conf
- - ./configs/regfile.conf:/opt/yate/etc/yate/regfile.conf
- - ./lib-yate:/var/lib/yate
\ No newline at end of file
diff --git a/resources/z9/yate/docker_compose/regexroute.conf.j2 b/resources/z9/yate/docker_compose/regexroute.conf.j2
deleted file mode 100644
index aeecf6b..0000000
--- a/resources/z9/yate/docker_compose/regexroute.conf.j2
+++ /dev/null
@@ -1,100 +0,0 @@
-; Call routing
-; see https://github.com/eventphone/yate/blob/master/conf.d/regexroute.conf.sample
-
-[priorities]
-; route: int: Priority of the routing message handler
-route=90
-
-[contexts]
- ; INBOUND CALLS:
-${called}^1337$=inbound_fux
-${called}^1008$=inbound_epvpn
-${called}^04023830150$=inbound_fonial
-${called}^fo370381tr317349_00$=inbound_fonial
-;${called}.*=inbound
-
-;^[0-9]\{4\}$=inbound ; Calls from 4 digit numbers: EPVPN
-;^+\?[0-9]\{5,\}$=inbound ; Calls from longer numbers, optionally starting with +
-;^*\{1,2\}[0-9]\{1,3\}$=inbound ; Internal fritzbox calls
-
- ; OUTBOUND CALLS:
-^[0-9]\{3\}=outbound
-^[a-z0-9]\{4,\}=outbound ; calls from internal users
-
-^.*$=fallback ; Whatever calls managed to not be handled yet
-
-[default] ; unused
-^.*$=echo [default]"\0"
-
-[test] ; unused
-^.*$=echo [test] "\0"
-^99991001$=tone/dial
-^99991002$=tone/busy
-^99991003$=tone/ring
-^99991004$=tone/specdial
-^99991005$=tone/congestion
-^99991006$=tone/outoforder
-^99991007$=tone/milliwatt
-^99991008$=tone/info
-
-; DEBUG HELPER
-; ^.*$=echo match \0 adr ${address} src ${callsource} form ${formats} id ${id} peer ${peerid} type ${type} user ${username} caller ${caller} called ${called}
-
-^[0-9]\{1,2\}$=return;called=\0
-
-
-[outbound] ; Calls from internal users
-^.*$=echo [outbound] "\0" ${caller}->${called} ; log for debug
-^[0-9]\{3\}$=jump internal
-^[0-9]\{1,2\}$=jump z9 ; To internal -> z9
-^.*$=echo [outbound] "\0" ${caller}->${called} ; log for debug
-^.*$=line/\0;line=epvpn_ccchh ; Route everything (.*) to the specified accfile line
-
-[inbound_epvpn]
-^.*$=echo [inbound_epvpn] ${caller}->${called}
-^.*$=return;callername=EPVPN ${caller};called=0 ; TODO which extension do we want to route to?
-
-[inbound_fux]
-^.*$=echo [inbound_fux] ${caller}->${called}
-^.*$=return;callername=Door ${caller};called=0 ; TODO which extension do we want to route to?
-
-[inbound_fonial]
-^.*$=echo [inbound_fonial] ${caller}->${called}
-^.*$=return;callername=Fonial ${caller};called=0 ; TODO which extension do we want to route to?
-
-[inbound] ; Calls from EPVPN or outside world
-^.*$=echo [inbound] "\0" ${caller}->${called} user:${user} callername:${callername} callsource:${callsource} ; log
-^.*$=return;callername=EXTERN ${caller};called=0 ; set call recipient to 0 (shared alias between
- ; all clients in regfile.conf
-
-[internal]
-^.*$=echo [internal] "\0" ${caller}->${called}
-^110$=line/110;line=fonial_ccchh
-^112$=line/112;line=fonial_ccchh
-^115$=line/040115;line=fonial_ccchh
-^911$=line/112;line=fonial_ccchh
-^999$=line/112;line=fonial_ccchh
-; ^119$=line/01753288861;line=fonial_ccchh ; testing only stb cell number
-^.*$=return;called=\0
-
-[z9] ; Internal calls
-^.*$=echo [z9] "\0" ${caller}->${called} ; log
-
- ; test service numbers
-^91$=sip/sip:ha@10.31.208.10:5060; called=ha;format=opus ; Homeassistant
-^98$=external/playrec/echo.sh ; Echotest
-^99$=external/play/tts.sh;mode=text;text=Hallo Hallo Hallo ; TTS test
-
-^.*$=return;called=\0 ; Any remaining internal calls to all
- ; Context: Calls to regfile.conf aliases are always
- ; handled directly and should never get here
-
-
-[special]
-^.*$=echo [special] "\0"
-^.*$=tone/info
-
-[fallback]
-^.*$=echo [fallback] \0 adr ${address} src ${callsource} form ${formats} id ${id} peer ${peerid} type ${type} user ${username} caller ${caller} called ${called}
-^*\{1,2\}[0-9]\{1,3\}$=jump outbound
-^.*$=tone/busy
diff --git a/resources/z9/yate/docker_compose/regfile.conf.j2 b/resources/z9/yate/docker_compose/regfile.conf.j2
deleted file mode 100644
index 95cf70d..0000000
--- a/resources/z9/yate/docker_compose/regfile.conf.j2
+++ /dev/null
@@ -1,37 +0,0 @@
-; YATE offers registration to these SIP devices (ie. phones)
-; see https://github.com/eventphone/yate/blob/master/conf.d/regfile.conf.sample
-
-route=100
-file=/var/lib/yate/regfile.swap
-
-[501]
-password={{ secret__yate__sip_extension_legacy }}
-alternatives=0,1008,1337
-callername=Legacy
-# Yealink im großen Raum am Fenster
-
-[502]
-password={{ secret__yate__sip_extension_flausch}}
-alternatives=0,1008,1337
-callername=Flausch
-# Yealink im großen Raum am Sofa
-
-[503]
-password={{ secret__yate__sip_extension_ewerkstatt }}
-alternatives=0,1008,1337
-callername=E-Werkstatt
-# Yealink in der E-Werkstatt
-
-[610]
-password={{ secret__yate__sip_extension_fritzbox_dect1 }}
-alternatives=0,1008,1337
-callername=DECT-1
-
-[611]
-password={{ secret__yate__sip_extension_fritzbox_dect2 }}
-alternatives=0,1008,1337
-callername=DECT-2
-
-[100]
-password=test100
-callername=stb 100
diff --git a/roles/ansible_pull/README.md b/roles/ansible_pull/README.md
deleted file mode 100644
index f31c552..0000000
--- a/roles/ansible_pull/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# `ansible_pull` role
-
-A role for setting up automatic `ansible_pull` runs.
-
-## Supported Distributions
-
-Should work on Debian-based distributions.
-
-## Required Arguments
-
-- `ansible_pull__age_private_key`: The age private key to use to decrypt SOPS secrets with.
-- `ansible_pull__repo_url`: The URL of the repo to run the playbook from.
-- `ansible_pull__inventory`: The inventory to use.
-- `ansible_pull__playbook`: The playbook to run.
-- `ansible_pull__timer_on_calendar`: When to run the playbook. This is the argument to a systemd timers OnCalendar. See the systemd.time man page for reference.
-
-## Optional Arguments
-
-- `ansible_pull__user`: The user to run `ansible_pull` as. Defaults to `ansible_user`.
-- `ansible_pull__checkout`: The branch/tag/commit to check out to run the playbook from. Defaults to `main`.
-- `ansible_pull__timer_randomized_delay_sec`: The timer will be randomly delayed by a value between 0 and this. Useful to not have all timers fire at the same time, even if `ansible_pull__timer_on_calendar` is the same. Time value in seconds. Defaults to 0.
diff --git a/roles/ansible_pull/defaults/main.yaml b/roles/ansible_pull/defaults/main.yaml
deleted file mode 100644
index 3b9acb2..0000000
--- a/roles/ansible_pull/defaults/main.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-ansible_pull__user: "{{ ansible_user }}"
-ansible_pull__checkout: "main"
-ansible_pull__timer_randomized_delay_sec: "0"
diff --git a/roles/ansible_pull/handlers/main.yaml b/roles/ansible_pull/handlers/main.yaml
deleted file mode 100644
index ada2426..0000000
--- a/roles/ansible_pull/handlers/main.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-- name: systemd daemon reload
- ansible.builtin.systemd_service:
- daemon_reload: true
- become: true
diff --git a/roles/ansible_pull/meta/argument_specs.yaml b/roles/ansible_pull/meta/argument_specs.yaml
deleted file mode 100644
index e5c88af..0000000
--- a/roles/ansible_pull/meta/argument_specs.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-argument_specs:
- main:
- options:
- ansible_pull__age_private_key:
- type: str
- required: true
- ansible_pull__repo_url:
- type: str
- required: true
- ansible_pull__inventory:
- type: str
- required: true
- ansible_pull__playbook:
- type: str
- required: true
- ansible_pull__timer_on_calendar:
- type: str
- required: true
- ansible_pull__user:
- type: str
- required: false
- ansible_pull__checkout:
- type: str
- required: false
- ansible_pull__timer_randomized_delay_sec:
- type: str
- required: false
diff --git a/roles/ansible_pull/tasks/main.yaml b/roles/ansible_pull/tasks/main.yaml
deleted file mode 100644
index 53fc219..0000000
--- a/roles/ansible_pull/tasks/main.yaml
+++ /dev/null
@@ -1,63 +0,0 @@
-- name: ensure dependencies are installed
- ansible.builtin.apt:
- name: virtualenv
- state: present
- become: true
-
-# https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-and-upgrading-ansible-with-pip
-# https://www.redhat.com/en/blog/python-venv-ansible
-- name: ensure Ansible installation exists
- ansible.builtin.pip:
- name:
- - ansible
- - jmespath
- state: present
- virtualenv: /usr/local/lib/ansible_pull_venv
- become: true
-
-- name: ensure secrets directory exists
- ansible.builtin.file:
- path: /etc/ansible_pull_secrets
- state: directory
- mode: "0750"
- owner: root
- group: "{{ ansible_pull__user }}"
- become: true
-
-- name: ensure age private key is deployed
- ansible.builtin.copy:
- content: "{{ ansible_pull__age_private_key }}"
- dest: /etc/ansible_pull_secrets/age_private_key
- mode: "0640"
- owner: root
- group: "{{ ansible_pull__user }}"
- become: true
-
-- name: ensure systemd service exists
- ansible.builtin.template:
- src: ansible-pull.service.j2
- dest: /etc/systemd/system/ansible-pull.service
- owner: root
- group: root
- mode: "0644"
- become: true
- notify:
- - systemd daemon reload
-
-- name: ensure systemd timer exists
- ansible.builtin.template:
- src: ansible-pull.timer.j2
- dest: /etc/systemd/system/ansible-pull.timer
- owner: root
- group: root
- mode: "0644"
- become: true
- notify:
- - systemd daemon reload
-
-- name: ensure systemd timer is started and enabled
- ansible.builtin.systemd_service:
- name: ansible-pull.timer
- state: started
- enabled: true
- become: true
diff --git a/roles/ansible_pull/templates/ansible-pull.service.j2 b/roles/ansible_pull/templates/ansible-pull.service.j2
deleted file mode 100644
index 588741c..0000000
--- a/roles/ansible_pull/templates/ansible-pull.service.j2
+++ /dev/null
@@ -1,18 +0,0 @@
-[Unit]
-Description=ansible-pull for configuration and maintenance
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-Type=oneshot
-Environment="SOPS_AGE_KEY_FILE=/etc/ansible_pull_secrets/age_private_key"
-ExecStart=/usr/local/lib/ansible_pull_venv/bin/ansible-pull \
- --directory /home/chaos/ansible_pull_checkout \
- --clean \
- --url "{{ ansible_pull__repo_url }}" \
- --checkout "{{ ansible_pull__checkout }}" \
- --inventory "{{ ansible_pull__inventory }}" \
- "{{ ansible_pull__playbook }}"
-User={{ ansible_pull__user }}
-# Reboot, if /var/run/reboot-required or /var/run/ansible-reboot-required exist.
-ExecStartPost=/usr/bin/bash -c 'if [ -e /var/run/reboot-required ] || [ -e /var/run/ansible-reboot-required ]; then sudo systemctl reboot; fi'
diff --git a/roles/ansible_pull/templates/ansible-pull.timer.j2 b/roles/ansible_pull/templates/ansible-pull.timer.j2
deleted file mode 100644
index 24bc8ba..0000000
--- a/roles/ansible_pull/templates/ansible-pull.timer.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=ansible-pull for configuration and maintenance on a timer
-
-[Timer]
-OnCalendar={{ ansible_pull__timer_on_calendar }}
-RandomizedDelaySec={{ ansible_pull__timer_randomized_delay_sec }}
-
-[Install]
-WantedBy=timers.target
diff --git a/roles/apt_update_and_upgrade/handlers/main.yaml b/roles/apt_update_and_upgrade/handlers/main.yaml
index 4af18be..001bbe4 100644
--- a/roles/apt_update_and_upgrade/handlers/main.yaml
+++ b/roles/apt_update_and_upgrade/handlers/main.yaml
@@ -1,5 +1,3 @@
- name: reboot the system
- ansible.builtin.include_tasks: "../../reboot/tasks/main.yaml"
- vars:
- # Simply don't reboot on local connections and rely on proper handling of /var/run/reboot-required.
- reboot__local_handling: ignore
+ become: true
+ ansible.builtin.reboot:
diff --git a/roles/deploy_ssh_server_config/handlers/main.yaml b/roles/deploy_ssh_server_config/handlers/main.yaml
index 721a348..001bbe4 100644
--- a/roles/deploy_ssh_server_config/handlers/main.yaml
+++ b/roles/deploy_ssh_server_config/handlers/main.yaml
@@ -1,5 +1,3 @@
-- name: restart the ssh service
- ansible.builtin.systemd:
- name: ssh.service
- state: restarted
+- name: reboot the system
become: true
+ ansible.builtin.reboot:
diff --git a/roles/deploy_ssh_server_config/tasks/main.yaml b/roles/deploy_ssh_server_config/tasks/main.yaml
index dbbf76e..f5d00f5 100644
--- a/roles/deploy_ssh_server_config/tasks/main.yaml
+++ b/roles/deploy_ssh_server_config/tasks/main.yaml
@@ -12,7 +12,8 @@
group: root
src: sshd_config.j2
notify:
- - restart the ssh service
+ # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
+ - reboot the system
- name: deactivate short moduli
ansible.builtin.shell:
@@ -27,8 +28,9 @@
mv /etc/ssh/moduli.tmp /etc/ssh/moduli
echo "ansible-changed: changed /etc/ssh/moduli"
fi
- register: deploy_ssh_server_config__result
+ register: result
changed_when:
- - '"ansible-changed" in deploy_ssh_server_config__result.stdout'
+ - '"ansible-changed" in result.stdout'
notify:
- - restart the ssh service
+ # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
+ - reboot the system
diff --git a/roles/docker_compose/defaults/main.yaml b/roles/docker_compose/defaults/main.yaml
index 1312972..76831d6 100644
--- a/roles/docker_compose/defaults/main.yaml
+++ b/roles/docker_compose/defaults/main.yaml
@@ -1,2 +1 @@
docker_compose__configuration_files: [ ]
-docker_compose__restart_cmd: ""
diff --git a/roles/docker_compose/handlers/main.yaml b/roles/docker_compose/handlers/main.yaml
index 49e064c..96c5ab3 100644
--- a/roles/docker_compose/handlers/main.yaml
+++ b/roles/docker_compose/handlers/main.yaml
@@ -4,10 +4,3 @@
chdir: /ansible_docker_compose
become: true
changed_when: true # This is always changed.
-- name: docker compose reload script
- ansible.builtin.command:
- cmd: /usr/bin/docker compose {{ docker_compose__restart_cmd }}
- chdir: /ansible_docker_compose
- become: true
- changed_when: true # Mark this as always changed (for now?).
- when: docker_compose__restart_cmd != ""
diff --git a/roles/docker_compose/tasks/main.yaml b/roles/docker_compose/tasks/main.yaml
index af7f717..d11d826 100644
--- a/roles/docker_compose/tasks/main.yaml
+++ b/roles/docker_compose/tasks/main.yaml
@@ -60,7 +60,6 @@
become: true
loop: "{{ docker_compose__configuration_files }}"
# notify: docker compose down
- notify: docker compose reload script
- name: Flush handlers to make "docker compose down" handler run now
ansible.builtin.meta: flush_handlers
diff --git a/roles/msmtp/README.md b/roles/msmtp/README.md
deleted file mode 100644
index e333527..0000000
--- a/roles/msmtp/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# Role `msmtp`
-
-A role for setting up msmtp for mail sending.
-
-The role only supports mail servers supporting either STARTTLS or SMTPS.
-
-## Supported Distributions
-
-Should work on Debian-based distributions.
-
-## Required Arguments
-
-- `msmtp__smtp_host`: The SMTP host to use.
-- `msmtp__smtp_port`: The SMTP port to use.
-- `msmtp__smtp_tls_method`: The SMTP TLS method to use.
- Possible choices:
- - `starttls`: Use STARTTLS to connect to the server.
- - `smtps`: Use SMTPS to connect to the server.
-- `msmtp__smtp_user`: The SMTP user to use for authentication.
-- `msmtp__smtp_password`: The SMTP password to use for authentication.
-- `msmtp__smtp_from`: The SMTP from address to use when sending mails.
diff --git a/roles/msmtp/meta/argument_specs.yaml b/roles/msmtp/meta/argument_specs.yaml
deleted file mode 100644
index 84f940f..0000000
--- a/roles/msmtp/meta/argument_specs.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-argument_specs:
- main:
- options:
- msmtp__smtp_host:
- type: str
- required: true
- msmtp__smtp_port:
- type: int
- required: true
- msmtp__smtp_tls_method:
- type: str
- required: true
- choices:
- - "starttls"
- - "smtps"
- msmtp__smtp_user:
- type: str
- required: true
- msmtp__smtp_password:
- type: str
- required: true
- msmtp__smtp_from:
- type: str
- required: true
diff --git a/roles/msmtp/tasks/main.yaml b/roles/msmtp/tasks/main.yaml
deleted file mode 100644
index 7689ddc..0000000
--- a/roles/msmtp/tasks/main.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-- name: ensure msmtp is installed
- ansible.builtin.apt:
- name: msmtp
- state: present
- become: true
-
-- name: ensure msmtp config for root user
- ansible.builtin.template:
- src: msmtprc.j2
- dest: /root/.msmtprc
- owner: root
- group: root
- mode: "0600"
- become: true
diff --git a/roles/msmtp/templates/msmtprc.j2 b/roles/msmtp/templates/msmtprc.j2
deleted file mode 100644
index 3c4faa7..0000000
--- a/roles/msmtp/templates/msmtprc.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-# ansible-managed
-
-# defaults
-defaults
-auth on
-tls on
-
-# ansible-managed-account
-account ansible-managed-account
-host {{ msmtp__smtp_host }}
-port {{ msmtp__smtp_port }}
-tls_starttls {% if msmtp__smtp_tls_method == "starttls" %}on{% else %}off{% endif +%}
-user {{ msmtp__smtp_user }}
-password {{ msmtp__smtp_password }}
-from {{ msmtp__smtp_from }}
-
-account default: ansible-managed-account
diff --git a/roles/nftables/README.md b/roles/nftables/README.md
new file mode 100644
index 0000000..81d8871
--- /dev/null
+++ b/roles/nftables/README.md
@@ -0,0 +1,11 @@
+# Role `nftables`
+
+Deploys nftables.
+
+## Support Distributions
+
+Should work on Debian-based distributions.
+
+## Required Arguments
+
+- `nftables__config`: nftables configuration to deploy.
diff --git a/roles/nftables/handlers/main.yaml b/roles/nftables/handlers/main.yaml
new file mode 100644
index 0000000..3b72c54
--- /dev/null
+++ b/roles/nftables/handlers/main.yaml
@@ -0,0 +1,5 @@
+- name: Restart nftables service
+ ansible.builtin.systemd_service:
+ name: nftables
+ state: restarted
+ become: true
diff --git a/roles/nftables/meta/argument_specs.yaml b/roles/nftables/meta/argument_specs.yaml
new file mode 100644
index 0000000..aa56223
--- /dev/null
+++ b/roles/nftables/meta/argument_specs.yaml
@@ -0,0 +1,6 @@
+argument_specs:
+ main:
+ options:
+ nftables__config:
+ type: str
+ required: true
diff --git a/roles/nftables/tasks/main.yaml b/roles/nftables/tasks/main.yaml
new file mode 100644
index 0000000..46ea18d
--- /dev/null
+++ b/roles/nftables/tasks/main.yaml
@@ -0,0 +1,15 @@
+- name: ensure nftables is installed
+ ansible.builtin.apt:
+ name: nftables
+ state: present
+ become: true
+
+- name: deploy nftables configuration
+ ansible.builtin.copy:
+ content: "{{ nftables__config }}"
+ dest: "/etc/nftables.conf"
+ mode: "0644"
+ owner: root
+ group: root
+ become: true
+ notify: Restart nftables service
diff --git a/roles/nginx/defaults/main.yaml b/roles/nginx/defaults/main.yaml
index 2e56dac..e4d4fb0 100644
--- a/roles/nginx/defaults/main.yaml
+++ b/roles/nginx/defaults/main.yaml
@@ -4,5 +4,3 @@ nginx__deploy_logging_conf: true
nginx__configurations: [ ]
nginx__use_custom_nginx_conf: false
nginx__custom_nginx_conf: ""
-nginx__deploy_htpasswds: false
-nginx__htpasswds: [ ]
diff --git a/roles/nginx/meta/argument_specs.yaml b/roles/nginx/meta/argument_specs.yaml
index f2cb1d7..866cb81 100644
--- a/roles/nginx/meta/argument_specs.yaml
+++ b/roles/nginx/meta/argument_specs.yaml
@@ -34,19 +34,3 @@ argument_specs:
type: str
required: false
default: ""
- nginx__deploy_htpasswds:
- type: bool
- required: false
- default: false
- nginx__htpasswds:
- type: list
- elements: dict
- required: false
- default: [ ]
- options:
- name:
- type: str
- required: true
- content:
- type: str
- required: true
diff --git a/roles/nginx/tasks/main/04_config_deploy.yaml b/roles/nginx/tasks/main/04_config_deploy.yaml
index 7dba579..38dbfc1 100644
--- a/roles/nginx/tasks/main/04_config_deploy.yaml
+++ b/roles/nginx/tasks/main/04_config_deploy.yaml
@@ -131,20 +131,6 @@
label: "{{ item.name }}"
notify: Restart nginx
-- name: Ensure all given htpasswd files are deployed
- when: nginx__deploy_htpasswds
- ansible.builtin.copy:
- content: "{{ item.content }}"
- dest: "/etc/nginx/{{ item.name }}.htpasswd"
- mode: "0644"
- owner: root
- group: root
- become: true
- loop: "{{ nginx__htpasswds }}"
- loop_control:
- label: "{{ item.name }}"
- notify: Restart nginx
-
- name: Add names with suffixes from `nginx__configurations` to `nginx__config_files_to_exist` fact
ansible.builtin.set_fact:
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ item.name + '.conf' ] }}" # noqa: jinja[spacing]
diff --git a/roles/reboot/README.md b/roles/reboot/README.md
deleted file mode 100644
index 1aaa6a6..0000000
--- a/roles/reboot/README.md
+++ /dev/null
@@ -1,26 +0,0 @@
-# Role `reboot`
-
-A role for rebooting a host, which also handles local connections gracefully.
-
-## Optional Arguments
-
-- `reboot__local_handling`: How to handle reboot on local connections. The default mode is `none`.
- Possible choices:
- - `none`: Just runs `ansible.builtin.reboot`, which would fail on local connections.
- - `ignore`: Just doesn't reboot on local connections.
- - `file`: Doesn't reboot on local connections and instead touches the file defined by `reboot__local_handling_file`.
-- `reboot__local_handling_file`: The file to touch, if `reboot__local_handling` is `file`. Defaults to `/var/run/ansible-reboot-required`.
-
-## Usage in a Handler
-
-Since a reboot should often be triggered from a handler and since handlers can't include or import roles, this roles logic can also be run by including the `main.yaml` task using `ansible.builtin.include_tasks` as a workaround.
-When doing so, arguments should be specified explicitly as necessary (so at least `reboot__local_handling`) as the default role inclusion mechanisms like setting default values don't work.
-
-An example handler would look like this:
-
-```yaml
-- name: reboot the system
- ansible.builtin.include_tasks: "../../reboot/tasks/main.yaml"
- vars:
- reboot__local_handling: ignore
-```
diff --git a/roles/reboot/defaults/main.yaml b/roles/reboot/defaults/main.yaml
deleted file mode 100644
index dbcdd1b..0000000
--- a/roles/reboot/defaults/main.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-reboot__local_handling: none
-reboot__local_handling_file: /var/run/ansible-reboot-required
diff --git a/roles/reboot/meta/argument_specs.yaml b/roles/reboot/meta/argument_specs.yaml
deleted file mode 100644
index 7bad88f..0000000
--- a/roles/reboot/meta/argument_specs.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-argument_specs:
- main:
- options:
- reboot__local_handling:
- type: str
- required: false
- choices:
- - "none"
- - "ignore"
- - "file"
- reboot__local_handling_file:
- type: path
- required: false
diff --git a/roles/reboot/tasks/main.yaml b/roles/reboot/tasks/main.yaml
deleted file mode 100644
index 791bf73..0000000
--- a/roles/reboot/tasks/main.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-- name: Reboot
- ansible.builtin.reboot:
- become: true
- when: ansible_connection != "local" or reboot__local_handling == "none"
-
-- name: Touch a reboot required file
- ansible.builtin.file:
- path: "{{ reboot__local_handling_file }}"
- state: touch
- owner: root
- group: root
- mode: "0644"
- become: true
- when: ansible_connection == "local" and reboot__local_handling == "file"
diff --git a/roles/systemd_networkd/README.md b/roles/systemd_networkd/README.md
new file mode 100644
index 0000000..3297c47
--- /dev/null
+++ b/roles/systemd_networkd/README.md
@@ -0,0 +1,11 @@
+# Role `systemd_networkd`
+
+Deploys the given systemd-networkd configuration files.
+
+## Support Distributions
+
+Should work on Debian-based distributions.
+
+## Required Arguments
+
+- `systemd_networkd__config_dir`: Directory with systemd-networkd configs to deploy.
diff --git a/roles/systemd_networkd/meta/argument_specs.yaml b/roles/systemd_networkd/meta/argument_specs.yaml
new file mode 100644
index 0000000..81b046a
--- /dev/null
+++ b/roles/systemd_networkd/meta/argument_specs.yaml
@@ -0,0 +1,6 @@
+argument_specs:
+ main:
+ options:
+ systemd_networkd__config_dir:
+ type: path
+ required: true
diff --git a/roles/systemd_networkd/tasks/main.yaml b/roles/systemd_networkd/tasks/main.yaml
new file mode 100644
index 0000000..f88ed14
--- /dev/null
+++ b/roles/systemd_networkd/tasks/main.yaml
@@ -0,0 +1,14 @@
+- name: ensure rsync is installed
+ ansible.builtin.apt:
+ name: rsync
+ state: present
+ become: true
+
+- name: synchronize systemd-networkd configs
+ ansible.posix.synchronize:
+ src: "{{ systemd_networkd__config_dir }}"
+ dest: "/etc/systemd/network"
+ archive: false
+ recursive: true
+ delete: true
+ become: true