diff --git a/.gitignore b/.gitignore
index e69de29..424bd26 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+.ansible/
diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..d77d8fd
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,211 @@
+keys:
+ - &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70
+ - &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - &admin_gpg_june 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - &admin_gpg_max 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - &admin_gpg_lilly D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - &admin_gpg_langoor 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+creation_rules:
+ - path_regex: inventories/chaosknoten/host_vars/cloud.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/keycloak.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/grafana.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/pad.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/ccchoir.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/pretalx.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/netbox.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/tickets.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/onlyoffice.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/zammad.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/ntfy.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/z9/host_vars/dooris.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+stores:
+ yaml:
+ indent: 2
diff --git a/README.md b/README.md
index 6906a7f..5a3d90c 100644
--- a/README.md
+++ b/README.md
@@ -17,10 +17,15 @@ ansible-galaxy install -r requirements.yml
## Secrets
-Grundsätzlich sollten Secrets vermieden werden. (Also z.B.: Nutze SSH Keys statt Passwort.)
+Generally try to avoid secrets (e.g. use SSH keys instead of passwords).
-Da Secrets aber durchaus doch gebraucht werden, werden diese dann in diesem Repo direkt aus dem [password-store](https://git.hamburg.ccc.de/CCCHH/password-store) (meist aus einem Sub-Eintrag des `noc/` Ordners) geladen.
-Dies geschieht mit Hilfe des `community.general.passwordstore` lookup Plugins.
+Because secrets are nonetheless needed sometimes, we use [SOPS](https://github.com/getsops/sops) to securely store secrets in this repository.
+SOPS encrypts secrets according to "creation rules" which are defined in the `.sops.yaml`.
+Generally all secrets get encrypted for all GPG-keys of all members of the infrastructure team.
+Ansible then has access to the secrets with the help of the [`community.sops.sops` vars plugin](https://docs.ansible.com/ansible/latest/collections/community/sops/docsite/guide.html#working-with-encrypted-variables), which is configured in this repository.
+A local Ansible run then uses the locally available GPG-key to decrypt the secrets.
+
+For a tutorial on how to set up secrets using SOPS for a new host, see [Setting Up Secrets Using SOPS for a New Host](./docs/setting_up_secrets_using_sops_for_a_new_host.md).
## Playbook nur für einzelne Hosts ausführen
diff --git a/ansible.cfg b/ansible.cfg
index ca06548..654da28 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,6 +1,4 @@
[defaults]
inventory = ./inventories/z9/hosts.yaml
pipelining = True
-
-[passwordstore_lookup]
-backend = pass
+vars_plugins_enabled = host_group_vars,community.sops.sops
diff --git a/collections/requirements.yaml b/collections/requirements.yaml
index a24c121..cec061f 100644
--- a/collections/requirements.yaml
+++ b/collections/requirements.yaml
@@ -1,3 +1,4 @@
---
collections:
- community.general
+ - grafana.grafana.alloy
diff --git a/docs/setting_up_secrets_using_sops_for_a_new_host.md b/docs/setting_up_secrets_using_sops_for_a_new_host.md
new file mode 100644
index 0000000..c88315f
--- /dev/null
+++ b/docs/setting_up_secrets_using_sops_for_a_new_host.md
@@ -0,0 +1,20 @@
+# Setting Up Secrets Using SOPS for a New Host
+
+Because we're using the `community.sops.sops` vars plugin, the SOPS-encrypted secrets get stored in the inventory.
+
+1. Add a new creation rule for the hosts `host_vars` file in the sops config at `.sops.yaml`.
+ It should probably hold all admin keys.
+ You can use existing creation rules as a reference.
+2. Create a SOPS secrets file in the `host_vars` subdirectory of the relevant inventory.
+ The name of the file should be in the format `[HOSTNAME].sops.yaml` to get picked up by the vars plugin and to match the previously created creation rule.
+ This can be accomplished with a command similar to this:
+ ```
+ sops inventories/[chaosknoten|z9]/host_vars/[HOSTNAME].secrets.yaml
+ ```
+3. With the editor now open, add the secrets you want to store.
+ Because we're using the `community.sops.sops` vars plugin, the stored secrets will be exposed as Ansible variables.
+ Also note that SOPS only encrypts the values, not the keys.
+ When now creating entries, try to adhere to the following variable naming convention:
+ - Prefix variable names with `secret__`, if they are intended to be used in a template file or similar. (e.g. `secret__netbox_secret_key: secret_value`)
+ - Otherwise, if the variable is directly consumed by a role or similar, directly set the variable. (e.g. `netbox__db_password: secret_value`)
+4. Now that the secrets are stored, they are exposed as variables and can simply be used like any other variable.
diff --git a/inventories/chaosknoten/host_vars/ccchoir.sops.yaml b/inventories/chaosknoten/host_vars/ccchoir.sops.yaml
new file mode 100644
index 0000000..d067a48
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/ccchoir.sops.yaml
@@ -0,0 +1,237 @@
+secret__mariadb_root_password: ENC[AES256_GCM,data:bevk9PiMUAP0YBYqpVw9PLEz9ITKVRQ44Q==,iv:Qjr3pOWzcDWUpJAakrn31OCcvcaciJLgS1Zp+YZPWPA=,tag:DB1l6lsy+aHa+U+QLAM3tg==,type:str]
+secret__wordpress_db_password: ENC[AES256_GCM,data:QsvJ6NH4ySsfSsP3pWEx04vxjIph1Wk/jA==,iv:AnocV/jXawXPxQ0dLSw05b38ULQuU/RN2G21/1GpTmo=,tag:QlSCnuaQxCmJ3XO5jjX0zA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2025-05-04T14:15:03Z"
+ mac: ENC[AES256_GCM,data:Za+XnpDu+WTMEUgZ3jnG9/4FOd/emfdiaLSGX+hfkuBSurlqFzVHpXqs4kyl96goOASevkiqCSXwk+DGGNTvSRDCoAH2jMfwUHh5mGHFwXKZFjraVnLidxyOkEg+YJ+tzJ9EHJ7MpQLYlHgGi8Xrc27n3+gpjni6+VhVYiLj4eQ=,iv:fQuTnJbsyNyphHZF6T9UF62jtA2wDrOxlPzW6XwsdNk=,tag:T8P100qKnYhNqr7oJaY6yQ==,type:str]
+ pgp:
+ - created_at: "2025-05-04T13:06:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ/5Aaori1KxKbVlhZ2A/9Uax3yriNKXpow49zVeXmiK61YS
+ lUXQyNpH7qEhIJJyWmbg0LPBo8mjcxEhS/ynoHnrNdUgQuDrpNQU9cB40j9OpFsl
+ C3/CJjL5UkLapQCf1LK4QWpG1cfdtUiIptLq0f29KPY3J2hZsicDfteSLYPWd+BD
+ zQEPhUKy9BcJA2BfOZtLgFyyuj/OeTuaz6Z366203VhBGT9AHpwgoD0QF9Cp8le6
+ QiAxaJvVgpcRf3mDBIu6gStslAk/V1dvRsHvAm180/whz9mW/yeMG2qKqOl6DLoA
+ RbJ9Mc9R0/IXoRJK6cOeyAURqbK/RKmxlzv105Rl8xCRboIMxOeOr5qGyooAFk5j
+ cy9aKy9wlMLelvpvQYU/VZ1V2D2XaZfzVyi3Tvb0Db19Jt/kYT3JA8axEb5S/Bvm
+ TWakcj3tgZPdbLIpDnV4PMsajn4fTP6K/6asduusaEUXEOZFWsxa0U2IfXBFQSVk
+ 7zKydnmvcE/T+FjENAPX+VimLUvPvZR6E+Xk4Qv4cmalR+BH7LKden0nXokB3mZ5
+ S1U7hSaF9remkbkowQ9KbxpdVFJ0Olk/T2Ju6X8WyABjvaFIJSrYYE/OJHkfxPsi
+ ciceM7bUs/GXEej5Qn06phaGEdHN7OW5tMwQTu/pcJxeUqCRiKWDXhO3uo/xpG7U
+ aAEJAhB0zoXJlHRv8+4XGhpfPpJkTrUwN1+FGiImIwG3gkh+shA7+eHzXtUBA1I0
+ xDaWG6BVIYPjCQLK0BZv6gqzQEd3JFfqBDfHKZKkbNZ1W31xYyCNzEaF0qOdemmA
+ PXaI0bcCoUwT
+ =8ZOo
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-05-04T13:06:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ/8DxdD3bD+xI2MPADQanewfxkUmYN5ha9AAyoX6z2ByNWG
+ KQ0DWn883q7oltHB01cxKUo+DXKwOHoJfbpdJMxcvRZeyBfGynnU8SGO3FzM224a
+ GttD5cai4sYFMZV+wx296lPw5z4mvSlQnibijzR4ed+D+bZ1gPPEJh8WRdpBa8+J
+ Az4JKOnrmJzE4UWnxj3cd+sY2AzvBnqX5p8x15enLKemPS1ZFUsLi9+S1LVCTBrh
+ DPijfwvPFbiicP2KlngbdLj9Ge+IalawqJ+dw7xe0Lvjg0sayjfuEyDj42eXLKBx
+ 40aNyhvLzw13NJgihS84BddmTE07Jzq2N27TOr0lvclqNK4onk/Vr0qY97IWW1Gm
+ IB2gEagMzwgWrCx49nyZbZBR3AweJmfEg/QkyEpSY1l6SSOwLnN4jSOycF7vrJ+y
+ sOrx55XsFLvmY7VoOxv+ya4h/zXdDWoxJRADPWgnTcPp89fAkFX7K4XFeAc+9xHc
+ 28rg+SFwUaaReA/C9VfZ4Df7uBkctyshCHaE7qDdI+W2drCVvAX8ksncACUJKYY0
+ ZS8iXLrO7s6wCqMOepR7UBkH0rXw7lFlQ/jyKkut0dH8QtivDZ2irj9n8fhXrN1h
+ toWQ09jRcnuTpx1f4sGMtj/F1ccYidTnOYzL9iC7G4mcHxwzgeSdAe89BHh76JHS
+ XgGjnKmikbutrGezHDODQnLvBae5vrAnBAoPXQLSutaDf6ud7MTEp7/0rSRYuznf
+ pCGnM3G/kWLvRxZMl35Tp+D+Ld19vmKVllW+xBLp9DlGc+aamEmtlNHAkM72i7w=
+ =vmeW
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-05-04T13:06:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ//c4goAyFLjvE1bnCaM38c45zOOnZ2UM361HXNptVz5kfg
+ jLaxmoEDownD4k5SVdmffDsQvXa94ggT/AuDfa1IkXq5yP+tZFJx/oKLZamTxIh+
+ UjKs+/eRIuDElcIScwecf0quBzgoZYR7rikaEAJQX/sr6rARofp0NBBRiVIRr+Hw
+ bw7L7g136kZNeKqfhkYdZnWWyXUCE1f/p7OAb5GA48eTbvwFI6441iVQA1hV5zQy
+ UEVozf7QGniFQQ5BY6LtUIORT1jODhILDK6mJrezWXaQPH/EBGOuDYv0V6gSyzKV
+ +bqTQdET7QWDiG1Ga89nv6k1iHNtmILpWTTi0QGCySFD6Qe1nDYQZhOb9lgeGhl4
+ Tkvk/LRI/G9BvCO+Yr+n1Xz8vFKnv1agKazLv6iteeW6PVGRXyp4530Vhfr71vch
+ a5/BBCG4Ow+uZGzHlzcyQ2g9x8puOS+QgqNQ3p9vv6cY8jb6Sfore9WzJttdNSO3
+ cmTrVs1CxjRkQoW9DTU1qYH3hrQxqYz2DwcOrgVno4UAXnL/IDH+nFQ2MuxS8TBj
+ DNOx3X0GsEFHT3cG37Ic8V9l4C6fFs9uxTWYSEP5EsCjcbbTReIVhRcQpt4TrvPY
+ J+b2leQQ6TLNxVi2OUK2kQCKj02Hr77cYvjbJ6GdAgT+YzYG9bykExFLGmiWuPrS
+ XgG4t+84O9fYHEEC20/AY5C0Hol1fAaox4F+96A0P/SR1XJ2XJlwSqyjgQ239cC9
+ REtITowqDS7KajEIy6t7a2zE+cUCyYSfdr3mqlKGppT/35p9qBOUOXN3laJAgHc=
+ =GtcC
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-05-04T13:06:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/9GKykvIKDS0njJAuw61kHjgV4HsNWDwrQNkWVDblyJ4MQ
+ HGSbRXlyZSj+v69UZd8Ub8SEEnG5KjOKKt84NI0Sdnuzzl893aUmqNsqaWxk9bkr
+ rzBD1BRnuB2tt39F22/hcbe6uyfdsxD7CeinqMdqwJYlh2H6TbuGMEdKb4PwIDj9
+ hKaabDalE/RXu4bHI0qU72yPON9PriTYEAgosn+uce9uiq4EUzydjETLiJy7Wx98
+ xH34hNyBHQGJpqdJtPjFeC9NEdXDnwYygoFcFjXsMMO2DmfFxRmulTT4Oad1hTre
+ egPvWhgCg6ktfrtJahJrvcm1ccbqJNSC2YOQmwRo067sy3nB1r7D6dHs1OvGKQdK
+ tEwmIgreygbYnW9zXtsdr31Jkxw55GJa2eKOq4DjVhwlQ7OPxUiFxA43l7cHS2cH
+ aRf6gqrR2PSHcalcc5e8fp3RcalVZiOhg9p5j0hTtiObAWY4gSbv5hGrOEbjd1Gk
+ 8df0HqHa+aeE6KpdJP7YVoip86irk3//wJNkUhlkllml27lJ5oYSZ8yD1UH5p3sl
+ QfeqSX3sgTifcnjHWKMlhoZQXunBTWNV5Yiq2zQqe/1/qpjS7pXgmIwolYjAFzzM
+ eel0G/7uofMP1qYCch6LK9OWXh3a14HBIWH3XdPCnWRjQFxWTZzXtf02Ivb9HJbS
+ XgF/7Pr4HzYpwlAJCfnvWQ+aIPbDOQssWwkk8N3BwAtuIAk2sF7Uz7p1PJghVmPr
+ 6Dnvxy/ArHPDdPEQ9181MfIZSj5ywg/GnaVcz8E31GhzF4FdwEY+UhGZTrhdGuI=
+ =1rbG
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-05-04T13:06:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQILA4HMJd/cQYrVAQ/4p0ZRXMmshv0Jl27ArY4jr6i31pqZ345yKzITTYaNs/KO
+ qbtY71CXqXon1DxBUDNjsThYg25Sql2sOKJtot8iTaACj4Smr15xFyxtu024DVwR
+ NzsRSPwBXMRkeVeiCPSC63Ve1t5H97eaauSTk3FiEm4nNAjqbwbq9G23sUSnVgd7
+ iSbzE9IxI1ZUPewyQPAZkeYqHwLOaCgun9s0reM2ZNtYs58pP4DmjLCL5sQ5wVgu
+ A+M8Jpg4VwPDh1S+qGsymxDfeOaJvCN2ln3cChxaIHVxIXMy+9AzEoXc0MjcHGYy
+ WJfy5LjwHr5mPRukXlsKPFDsSB8qCSkGKGqg0fvqCm2NI3zR9a1uKNpHXbieb3Rs
+ gFvNOO13tgP8UN3d9sJFGd3V8XJMYyO5rDgXbxsxfAnQZ6A3MMdc0iXKkgQp4UKf
+ BGt7DiMHiW44rbBe9nbvtklurFhS0MQG89puCOa4SUCO8bLN2ljKL5yYERHFsjxX
+ OgxVOF29Q3XZwNOj8SogcTq2AA9q9SFQ55WIchV2Tf64ozgDvWdYi3z8R6xruwul
+ iFeOGR2iSdeX2QU02GYjy4nYLZrviy/ZGbuN3ZOtpAvMIr4wQb21M/CRbIY9mmEY
+ QbXM3fgGFjWUKyqmbNmSPKOu3dgUW81rzjepfXhruWKjFdnXtbASoseCoUjoRNJe
+ AaR76Z2dVvHxLmAS01SGmDBOiDhJH6qspW6lj2H0POvQS2tsQuY2lMSiHk2pQRPm
+ 8qw8ldy3Y/AqYOs8/8hU20C7JbPn74jjwnaGNEbOz0FPWnkUcXh4qp5pE+SG6A==
+ =wOyB
+ -----END PGP MESSAGE-----
+ fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - created_at: "2025-05-04T13:06:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ//WI1vPLWFh8Ci++4zalf53Xj1PPfwfLvfEhlAh1zDeamW
+ L6GGpcDUFT1t6N/XBw1ClCS6G9jkUX0X7OsDEpy9mdZgQTRRb8tAFtyL7n3VV3Ko
+ 9RQhl8scm66Wze+WyK4iCLG9pjbFMLEdWNTPpCCG5NcUCFak9UF6VYv4nWuiXCnD
+ ExbNHixNgZXjyFUfL5MHbJr1wC/qOJaXcfh90b/tnAsoN6tH+/HUMixdnh0SKKWb
+ rXuxf8R8Dk7DZPWybNuKYYoT4tYg5ZVSNai7ae3ZJKASQsRM6sV4ZihYfADXcbzH
+ HZIT7fsWsleYzlt3BTDmRbkYZqdDUAKmPRC4gQ2SBDcya/oMpmkd1iAo7OxOLnyR
+ sVBInu1M7QDsoS/cxhT8oWBskHgNtCM8X7ogbllU9bCPDvsQMzGfr0/lhQ/cHDqj
+ DUz4pxzh7fnm5gfXlRqWrRbQGQKCBpNdqG6iVu2amScrughnybWoNaRBclCnCrwk
+ 9KSw4US9wMpXptY63mUoKjwP9EAD0ue7bkN8qe8qJ9zYveV7eVHz3fLM1vwMgwr5
+ 1CcMIZmExMDErjGHSuG/lTuwB3x/DIWze5uPLUCdqeMA5vKSLt3hQTBD2vUaI8VT
+ Vya4T9Ufo5t7SU+IwYXNpd6TfIHB3njTQ0WOdFhq5tfMspp3NC7bOqkK0280t+HS
+ XgFMzGnrgZEb3ULn8v63J0J0eygbEJ8sb4uzCc5hF/H2WxhH+aO6KhrARTYrLYPc
+ 2AOskIonel0nbOCfz3t4X3SCuHVMXIbx04VsAVz0ZP6W6o6DHcelvhBfqEoAoRE=
+ =+sMX
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-05-04T13:06:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoARAAvAKq9W0WroaPHgt5b850OEa/rNOC1UNHrxvPGp7vG9EC
+ 1uPFHSN4Gswxy22pJaotn0hbIiY/9RqXW98kQYm1FYo15IPIp8LQdY9XrhBoDBtL
+ WnDVys56FieJ/T//6NsT42jdjy9QZGEMRBc3rW2RANDzMuEcD/xkbBNjO9j6KBjx
+ TrMlA2CLQTvX9rY9LNzPCy62xAiiH5wDcqIGjS6Z8SmvIO0Sx1Jl8Z+gW1tqgqGk
+ VeUJULgUixEEo2wZT1VDPdz9uL2IywTKYAaRhi3C2KgqeD3xkdqN+rN8vv8VzP5k
+ weZDIqhq9bU7uWprlds31wbVWS5IpuhfCnkH0DNXw4C9X1M23ixlc/e6Uy35jgRn
+ b65G/HTuHmY7IiYWmmWbe3us5LdCjx8PuL2sPPDC+ak6Ud2ZeXbnVR6ebGmFs/C2
+ rJm3cfxugz+Uwh3dNwQpNq4INu1c+A+pDelDAI80fTQeI5WTAJyfyY6jA2AtfEeq
+ m/zs4Ijys4L8yaiFzeiQRDQ/pqwI27KxXm/xsbq/syYu6MFtC5q/x7kvcA0hAS0N
+ /UvAZMHWn+0b6T66H4hm4zBGRPzJrC7NKvXKETkm6I6SDU+rHP+2SpaiNp0pOpWZ
+ VDTKWkcUpkrL02YDiCBpcGaiL3W90j/nP+iLPnQDmIv817Nv6PI2lkyUl23PINfS
+ XgFm7UHCCDF9alu2wV08j50WtDRV41Re+uHGyu/0f9GOUtZy0zvf2QOWK/hZdfjq
+ Y+8gqO0o9DFYC6XecS7Iu1BjpZE18PgPPgtPkBwM4VOC+/ikMFfSXnWftel6wxs=
+ =QIAh
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-05-04T13:06:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//SUcjkJnArDKa2P39vr2p4G+aFqoPmIHA2TqUUeGZ4yXN
+ 5AfpbC60Mi6h3YX5Wt6+kPgdhj8N/n38nCLs1UVIw+HMponjBXkAh05NmbIMvd8p
+ wo4GVdl3T9r2Gni36VM+4duWJRnDuNVQwM9m4dhPVAZyF4agSLG5+NbEyaV8lgxI
+ D2GiGHs8NN1/InCW/l4mCcbA9YV4sX5AuoqYppBdlIF24isYy98NJovYRR2mgUAX
+ 781DjpjjM8NIWGdySQu3EvGcLCnSocaB5XNMMjK+1Bo1bJWXcATcpaX0wAXQ+Yry
+ XC6NcZu5K0JPwp++VbAzqlbSOs5zPkO72AXtEYZmIAH7lA5V4QRv3P40+pjRig2V
+ bQdzUrbBJEMiCAit472NjX9SpoS139qE4NITU2NByWuMC4/MLd3TmdS+r0a2eGtX
+ alE/XD5mCPx+aXgb2WXDCuvSI0C8wr+i6l0ls/YdjPxsDRKKuD/afiUvnvE4Lfw4
+ obnteOsweyG+95Cisewtnd7RsjNysyR7KknBP44gtXMnhKCKFp4eizFzCMa2y+VF
+ l1kQdlS7/DZucv2Q4Z2jSMC7bEYeG39Lrey7a43tgDuYe00lX2qX3SiYpUZNAbhh
+ oUF59KlBY1rdkuD1heO25R85Vt/RGWtuyYHMMNbS1LFVEOjJlsZoftNH5KCtepHS
+ XgEoIuh1TKQpyZeRGkemWa6JkBn+ag4+Q0jfezjA6QnzIcEE035qumhSsJOhqN1o
+ VdbgW6zAa/5ywZ8E6Iv+zLIKHasvIvRNoXpP+AfeFx5Lb724bn2HT+mv2kT1d1k=
+ =kVZE
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-05-04T13:06:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pARAAuoKQmzBlrBGEy1rCYr88KSpKVHhCnbO40Y9W77dik8L5
+ Oj7lSE4MXb+Z8dtIi3XdHPP+R+FKFZtY/l+1VaHnOQzEow1l+1lenfPttLl08Uy5
+ N+RaNyX/XGOBexHboHR92Zq9lNgOeyvbwlcxIr1mx5R5XlihGrARpv5GWeW7U4UO
+ BWba7Hcn97Lv91/i7tkpEc380rANChX/Jxfn9h8cv99dK3dnWsapVOIVgD2DHwEq
+ SD0PlhNjnv9jF9FhNSkIs6pg19gs5o8k9uIA+qmHssKeB7tGrWH7o3/HeQD/ab9Y
+ bo9Qk6iq/J2s0NSTTLwkNb6IY+cnXhPl+fw+SJkiEAd10K36PdwbCj7UIZ3nTeyl
+ 35jTZi8b0nx6V7/TsBHGULds4fDcYoGI7RijlwiY8/p+7oszrRfhtqgoetMaWA7I
+ PdhHv5RH+flpyszW8ZVA6dv1l4PMPVexHkBY9Ro9W36l0wJmCzuK/p5u6LYLJ48c
+ F+uBVPlfj93RyAjv7oFFDgZ5o5BKfw+uKqquXeipmsdJk/trk0Vq2rqwyIys5dkZ
+ Qx+bvGr2gOli0FnpcqWVZK8yALpyJzUbJ4O2mhehC7HkoDzWtGSQPiK+KJ28daP7
+ bsOMeWh0GzZhwr6LjBv/6U+TVXD0Ktnd/vQ68UuN1CG+j+N8ZoUA03TvGEsBN0TS
+ XgF3YhNZdaqNqWXeJdNUTrLRCWmvQ8IopHKiNOIQfMcoCtmiCpUPRRa1x4fcqHMU
+ YUUGHA7zuFAUJ/84qSCY+hzHuhE2/Ekdzm96pP//ADMw2PEjcJcU77eccOg7w9g=
+ =MxWf
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-05-04T13:06:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdACln696wKIVm+glEf83eKr38r+3J5kq0scRIP7sXkyBIw
+ 6Nj/chsQQ58yY7uVH3061ha9EOtTA/WTxsOZ4g6y6hmVP3BpmxgO1wth9vSRNEfO
+ 0l4B2coHsjxJq+wWIHwmyZZuuIbO4FWiQO3PO+w6GScSzwcwcPK0kPDTqGvrGZ1M
+ U8WRBoJvhXXISu5eXT1nv/7c+RKBoJlw9C/6xfwVcTSdDIV3/ePnGw0FPKBg6iIZ
+ =idet
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-05-04T13:06:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdADTJkbTDs2aB8HDkOJMHnyYLnmitcXWcywOjimKu5RXEw
+ Od66qCjNKDIVisfaNJoMG75H1AjXOU81T3CfSIF9SizkqH1WlNpRyUJ/YsZpxCf0
+ 0lgBJLhngdZvQMZ6vsImoJJ5zWY0y6nuIHW5nrsK3pJ1QYQZYoSPFvbyeYLhlp6v
+ Nbn8FYo8t2BV+G3pAuTOyGl+6tzqhXiaodpvQ/3Hrs99Gtgi76DTOaT3
+ =XCpO
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-05-04T13:06:01Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//ZwxToDDE1zimAE33Q28+EFqh/JOCKZsIPoktloIa9umN
+ nrl5i8JOx803a66yMEdPAm+8aS3gYQPTEydTrQWU1fcvpCLOkPwzlePqZuzb2veH
+ DO/rNq/kf1WV5B+fsvFtyUfNHRzIOwtrc9ivSis+JBH7enxuIAKKOD9RSHBa9E9/
+ SXIfevM5uHcrp7Mz58nXZ6jRPBzxRbMmGJuk4uvbhxwMAfFAGbRGayTU2gEEd5XJ
+ FJdFa7O4g4VrZKO32aLtyFhP5W7/YiHyUSv4CADf+FFqtqc9G+wZN4MmJvph0tHS
+ clYf+yxPM6FrB8AzELAXN3FOCXjn4pUVfne/lA4J//EmFaelMOtvTtTsUJ6rLzt+
+ 87zIkV3sw+6ifknpgGoh16jan6C4sbZlwYYX1HSg4RrUtZifNBHRXERCEXsRz3XH
+ uRcsZQNgPxzBT1TKQFl0v+Qf18OTzsQ8Yr9N18cNk7m5qPFsA0RD6l2hAXpqASgx
+ peUQlWwF41tZgwKnaN6P6n4uDdEqj9fvtvWViGVnZflShzdBmzZvpTtr0dAauei8
+ xZeLN/3MLnAs9JlG9w+zL6pJJd1E9yxZ2fuvkNeCa7tHItcnv1qmktqZ6Qsft/je
+ y2VwZELt3dwfAn1V/tHGzHqClxrlaaYQ/F6L7KTo3qAu/ThRt7CcpPnhszS3z0XU
+ aAEJAhDL4WY2nqfMtbexKlb6hA5dWhNzeoe7qA4lcOHqHdnD23GWZKcm8ou525rj
+ WVVwEvedjTqoZ0H156TcKDkNCo0HmopNix9VjANhX3iNlD9pGIaziiz3njxwy0Te
+ FLl9WGpgaZyl
+ =In6R
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/chaosknoten.yaml b/inventories/chaosknoten/host_vars/chaosknoten.yaml
new file mode 100644
index 0000000..1c8fa93
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/chaosknoten.yaml
@@ -0,0 +1,6 @@
+# Used in deploy_hypervisor playbook.
+hypervisor__template_vm_config:
+ - name: STORAGE
+ value: nvme0
+ - name: BRIDGE
+ value: vmbr4
diff --git a/inventories/chaosknoten/host_vars/cloud.sops.yaml b/inventories/chaosknoten/host_vars/cloud.sops.yaml
new file mode 100644
index 0000000..ea6e297
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/cloud.sops.yaml
@@ -0,0 +1,238 @@
+nextcloud__admin_password: ENC[AES256_GCM,data:R+6uuaDeQWSgtV1Cp7YWZvF8LYOIhoz1K7WVKerm67NLbLRpD9191DyQH13v7ZQPvIce3JzyrWqoyQigJQIQqA==,iv:chVGvTY1Ge4OwrVbFkU5IMd0aac5HqslddQEdY8F4Es=,tag:slmFXStGVf6eJdPFplqKjg==,type:str]
+nextcloud__postgres_password: ENC[AES256_GCM,data:GIWhmhiDkOC6mQAqNe8aKQ2TpTTYQJ44jn+P1hnpAxstAWLUTJZdxE2DHdjhZ9tV6kyTb/GXANn1UtgFzxczbw==,iv:lhJAZF4mJ09jVa5DxtVTfMe5FqfjpQojrI15kYuXI6o=,tag:LvzpBXbBQtNvEnCDNphUqA==,type:str]
+secret__nextcloud_smtp_password: ENC[AES256_GCM,data:9UI+hMDQqM6Ui02fpdscXj5Q+XfN3t/g1MUX4blqd/egoLBtq8R6YpdK8wf6heqXUck6VVDgDLFnpfQzy0cqzg==,iv:dkTN/pj0YhLqEw6Sp252bKmnA1RaF9wfoDE7naGN8Ao=,tag:1Bg/ZoCITh7S9Ps617DKTg==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2025-05-04T14:15:59Z"
+ mac: ENC[AES256_GCM,data:iJcBQZ2Mpa83/bR1BcTPh5PGrsjtyQjtAwr0y/bjOXrpMjoCiE8nHl2vdfZIxGYU+v40nkgYhXS6wCIlBZgO/QgvXwVT3Qm42i4GSx93N+jV8j+iB0a1kPJ/yHAPHD0zvWF6qlNSAeFWPbifLMXHLjijZDud5LxdW2KfJ00JCuA=,iv:BTUVSDYfKJI18GZhiUC/pJ+Gbuzfk3GrJadlOapw5qk=,tag:f15zFqye7O+L1lTp0Z/8jg==,type:str]
+ pgp:
+ - created_at: "2025-05-04T13:12:56Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//b+C8LX+HQHaSvOdifbc9/7yljt2R9vKMqdSjiYoydHKW
+ hDSnsTJNROAIircedeh/WPMDwYtsL19BmxG6+l876cNb8YXAuWBZjZxz2mweWsc1
+ lDUCzaY1ir+4357fbp0CPKJLXZenOuSDtryoR0N4FJgO/BvdjpIjdxmmMl1D+zKl
+ Yg3fKA0rYWvzezYgy8ZkL4cY4c2oVF6qIX2J+SHoWpuG4avBKXZgt5unt1VkCsjd
+ 5KnfOLrqMT5IXVkqXy4Ev/JUW4iT/bd6A8dk2W2UYkdpwyscly9G/LQZYUilkBes
+ RHgf4rSGtsE0PdrY7LV3ZMSbMoUJAGVJr2jAF40skUNqxUhA5YCaJrQZ3+0+//2l
+ x/Moasoy9FbdIjnLbmQbyU/vZpNwaxLyIbCKC98NHkRszT0/5vKzmjrmEHv8LTmV
+ S5tbbJRM+jjuEyjqXITGOkT6EVELouhJQV31MoSditZHdfDBjuKJuAAop/YsPauk
+ 9TYOga6iJx5ITjety/4GR/qhF/AvtGkKJ0A4LM/rv/nC3DYt8lQAERmJ31+0MOLi
+ N0b1wHvbCZmP9qWIcMWtPy9mIrnFcY27W/jlcW5sKzkUSWDhR+9AcuHrJIEH34GA
+ 7WIn4Bh+iUYcF1k3m1Xy5dUFHMv2SUpnrECJ6qGDZdqbHDcokxZ4A3fIIKZPpHDU
+ aAEJAhBL+MA9Q1NaupjHT1Yw94p5OXqtWKx7BY6LzrVxXEIHjUIKKIyVbj5uRyGJ
+ 58O9CGbT7BvOEqLUsrLLpV35qdeu8VXiWr1Gf02hr9FDD2hPcpHAFiQNef2oKBMs
+ ml0dKEQSJtbD
+ =6PeK
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-05-04T13:12:56Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ//S1vuhiPa5p/cWHWlJp/HCh3w7Ero8yfg295vow+wUVrr
+ 6B2jTFDA4mo1+XlC0hMX1DgdW4w/ePCPyMfRKYQRq9y7YZN+N6Rz471g0Ci3DMEX
+ Tpz2cyXlLmvg1Hp9Khg4FGEbrVsB+8VNpecRjYQN3+oGDf/Y+6jlj8/zHp14MIdY
+ jElGPE5BtNqQaBQd/qgM142gh0FQEkLl4kVTdRNbKzGFe4soxkem/fKDGBW2ycTM
+ 4L+XKzXhQKaboSAf7miMuB+v8Bj3ryze5w/4m+Eqvp8AXGmlAG5aME7QXl7J3dFI
+ SBzXCZYLH/ratyiERF9vkgqShUfeud8hguqWARlBnamA62biEnaxIoQxoOzRCQUY
+ RFm3nRLy92Iha9l48v+5vwT72mAWPnSjKZDcp+pPyzFoIfpWNuisix1zSCTggJHV
+ WISXCGy2PDnGFoE+WKdX57rkYe7qGYR+R9F336uH8NM4pquPoOrnj4bkDZQQD6JB
+ sWWSTmfkAriUQcOFrWJ01lV9lyVJvFkQNtvkFGkOxovCouXqLmDlhUTLeZiIRcZI
+ ybkwyBGKNLgiGexDGJWSUSGwFGYbYrH/tCDGw7GyROnNS8Z+OuXNuPpc3cmq2vgG
+ dh6ni+6PrGCm4HrmBfLPy3dxXivm3+iRq10AA944hMiZuKUFq4qxJbekvkX+H2PS
+ XgEQoSqfwtgHMCx7Ig+GUG2rOGnPKFLaiJEm9rlWnCILY8N0ZraUG4H8ioGh0pQa
+ BEFU1bxo0kW1HLBGdMXBKCJ3uzBQmJfvI3o8PcBv7LNX4v2Fcs79Q/Ge8EQE2tc=
+ =M5WX
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-05-04T13:12:56Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ//W6glp1qrIrQrpa+12tH9sjYBVLQtOQsynnStoPVKDvYZ
+ OQP+7RRNMVpLih4A6b0WCXi+jtNWO/Nm6FCLgpTPd8wAMlgIkpSWTqwiENRlj/6f
+ PxKsxn9DbZxYARef2Xw4ur608RW9U4WHsfQSIcnxAcQ0vcj5+iTjQI70vklubIcD
+ 0X+ECiZl3oclRMRtlhKO4MPJJYBEfFAmjOHeOMptjIiS6Yc2KiQRxwDZQJLd6pdO
+ oC1QithnjFDXqHaj1q9HU2vUZOrtA1JlY8ERDJK962EibvkPVuymX3r5km3cpKlo
+ 3HdOejM3hH40KrIzeAG2VtgYf7bTuykbP+2Y1lIvb5SuAwK1K/TJSFBGUo1inrk3
+ ljbWUxVhWdi0r8PHK502pjQzM0kNog0Msd3hN/L9wdy4UYA4Xzv564ktw1XggAgn
+ pkEHb3VCAJjcEwoo+RfMYTILq4imWFAARjCaJn7X1B93wnyD2luEvnWTi0BL5Boq
+ zMDFbidOaAy1htpEnBt3Wt4lMpOP+9ZuoMEfuT9/FFOtLR0/Z1WuOC1wDd/NTTxF
+ wcyqiESepSh1evhy2jg0YCI+fT7NpMdbn5wA9ENxO/XxK/czgnP4bNsp7xxLDUrP
+ lML712wCDGYKFnc8GLkfjeggTLOGHUpIyrbe+I0TMtwXx5obAIW8UsoePab5dWDS
+ XgFTEpiI1/xdu19slPs8mdJBkTSDYTYdNv0Y+yiw+HRZsaz4fs7+momif6JxGYh1
+ o/T+I3CSkW69pRhHO2YwINB9hfQJDJd9DXAa/Ym1poh8tVW0vVushcOibui5GIA=
+ =LuKM
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-05-04T13:12:56Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//S1o8JJrXeU4OoO/Ui1S8RoqOcPDV0+M577n7nsFK4BYa
+ TqyxY1cgpRlnqm7ekoXqEgcoHdkaEkbt1MgIVm4k2boq91vRyKXMrQTILVifoH36
+ YiN7oaynaBGRJaHHrf6FyZQ6Qx6C2IsTelgKL0mQ9A3+4cZaquVEtcJy0Jrn3WJi
+ 3R0G0J7xbTITgUJfN+o+0bNTjJzQnfDP7bMacsaxp4l1W7ewVCBKFkGToxpRHrnV
+ vl2LbE2bZifL1xHz1VRpfemgt5lPBUou3/NCIcaBhlFsXbZ8NFtaQUqQsjIyQ0Xo
+ WDzk94ZLzoUwpfm+aMOdTHxAqEKNdb5MlttHLOVniD39MoaIIAIqMBz33XQMD9Rx
+ DqwKfBxsEJCgN6uuhtuxFTRmbBhm2f22mXczNFZwJ2NdV3vFP61qSEDkXnsejeS5
+ gj+kWxoB0xzbmmCJJMq3ErGU3YEZXsemCBfscy1f5gGB/1Xc0Rddik/qIt1XMjj0
+ MYqO30jAKEEEm5G6FiY60J+lR+EGek3dCQzhUidNpGzxaBxLaWK1tC2fDRDTFJmR
+ g4vQ/afcxoWKXZiS1aaU36/6IS6t6asiv45B2i+5tQi3M5hQ6v8yo4a2zTH9Ci1h
+ DbPnNbcepaFAoxZp0G7k9Tmq0BOpr/IGqMxYaNlTnvehLIcs01wmPZmbcz62/frS
+ XgGKHAJMj1FDYFh2z1LdJwo7YhrZrIwRhPhnChnoDx5htSZncDI320R+8yMfNM9F
+ iLHhowwiPSTypsTpVkfU3GwGzCCBRSY5zNBL2EPTL5/OkYDIpI6WHiUNte7fbro=
+ =fA90
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-05-04T13:12:56Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4HMJd/cQYrVAQ/+MIdCVSviTxE9UFVPtc4nyPrPmeLtUwJ2W3xBywa6BXOX
+ 7TlGFQqR+t9K/olk9DAX9fDg7uajXgA8cEhehnBlw74z2fGMKZ6iGeQE7FEOqfbI
+ 8r6Zsaz0NQrH/cv/GVvWZyrGDJeuFxjZjTr+mgh60DA7JWRu3AS5xIQzjG+tlxZU
+ Z/cy04DJjtjlxcSx6/uSxXrLSNpPclWFhdyIph+coHa5c0d5Smuwa62dHKSiGHQ2
+ q63wedR1aG7YwBbZMgR0EBrZl1uHu4OZCvtmSiGrFESnt0QCOIqLzhj+rXK1cxEY
+ ineFb2eKwETKvcgy/SYCEhK4TuZBDXWMbAULF4ymgIiJCzC256qWrj3nEVhXItt+
+ qNmG0v+1/ahezT4J7gLLIQm7YBILAqqoOFkejZDDdNHYZxESsnBtYCA1gn7Qve0G
+ yStlmTKWYdm4w2mpHlo++I3gIZabRT8d+VF3pSG93nNPgiy6tsr2V2J3g+EBG6y9
+ XxN5AbKrSdZHGie+nu1iWnx2cx6ciaTlHmm9HZ3/mxSTEns8eIt10ZCtFPG01PK1
+ dbdsDFc/8aYBMsi0FObsAfa5cGPpmwGA9CWRt6lZrHb/IEj2Dzf1Enj2GSV3tnJm
+ Ct22KTJSxVSKMypVTIfyG8qSf7dSG8HM7ikB6++HOGDoaVK0++iiqAxFaIIEahfS
+ XgHymR+mi/+W5ynoGFUkY7LO8gqMnEaMqSDAWwRIXTweyaJD5YnU0C5OGTuVmn8/
+ PvLK6pmwq9EcxFNBODDus1WLdEXQpjafx63m/OklCJdLyEw62Ie48OBf0tZ0Teo=
+ =dbh7
+ -----END PGP MESSAGE-----
+ fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - created_at: "2025-05-04T13:12:56Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ//ap0snjOJ8l+7Pz4ptrzXRl70tHvWB7CgebIDuaCWs24U
+ PqRyOKwVtUuWtCmvxFcQ4czAbH5V7KbVPo1JWkSQ4AbRKSy+9wXuKebmdl8KeuaR
+ 3lQUEpa1/yNptehh4WfeGDzz3Ixp20s7dfGi5OHJyjwhAMVCFMhtnw+a0iyP9Qpu
+ 7teOJdag8/8yusoDqV8ZaYHfLJxmVpGfuNIQu79SBnxrH3fXJE9LdtwD4DHMOafW
+ blpk4S0tMyYOZNveD9wKKCcxUlzg2KiAdvW5l0AAmXShaYYZpTsJGgb8xgiAxl2S
+ ZxGK46rramrYzVyIP3oD3Q2UDsa+HHeKmdHvtmNMYTMiO4pB4CCcsfOZVZjEiNur
+ saxt8kd3Ezdr7QQLqac8K7BRokjyMc7CYm6G9bhUDBSk6gZ3f5BXTWsjnd43/p32
+ 4+ndSyd3IBRqdeDMSfaQsw/msXOhrvv8bnpCQjugcSTyV93gfv7qhP/o7aO7ielt
+ 65aQT/RbEMr/hCHR2vreee8acU7rwMy6iJ0t5GBZ82yk6J4Q+KFGeXxLrnHzNGCr
+ UVmrCxqXnhZJ2SB1VYC2gOtxY674srHN1Ubsz7fNJ30cGpJJnMYcXfH6JpxspWNV
+ /HLc0h5um+k4shZPuD33KWu3Sj5O4xKlIh7FJakN0BKovAm0MfLiVnoDE32DxLzS
+ XgFZ90rZAyG6LUevOAPwq/paKBhDHAjvirrofk8StffflPenvzzR+nq86JrKeJeD
+ 42AzktGHXXYYKeDHUGhErtd2mpbHXit8A0WT6OCkUfFG7qITgK6qibB+UkgBzPI=
+ =WxCK
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-05-04T13:12:56Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoARAAqiO+a4teAodwFWrfU4SnTDvt1Diqx4ngjbM9Hhc61voE
+ RqlVHbvz0k3KCr01j9bDef5skYDZl2CbDJmQuXbkk4B+z9Yyk2/zZZSoiWm4YSVp
+ 0VdQW3PseYSaD6bLTNmGzuB6JEJtLNKdBe2O/sQSzXo4U4j9VeOM2nZ5/+BFiZ4B
+ WtGJ0N/2Clym6MN6srVvspN8riXoQdput2XHa5OiABfbi+eSAPTGz8UjQPQsrwbz
+ MdFfaslubZXQNO6GOXKV3o4A6PyiutBY0Fv+xd0zyBm+dllCUW+dR7kY3BviSYsA
+ BTDi64shXAs+ANBeqisn8xfU+XATIB3LWZEF2VTptUnIY70kI6hut2Bwt4BBiiBo
+ NfyHIgK8vUNaGIJ0ybJyywLqaAFgMnM1wzI4jpX4eD5/lEWZiM90YiEcW4/MBIiN
+ vq2GONxBV4vmgF9V4SoOTSKGhZoPY0Djy2HFpRf2WFH5k7XJJL+Q5yiKqtc//aRv
+ Ltmuc6Mh3SxkPq1YptBNpvuRsBcZUPY/ELj5basMFXt8HgdajNFfyKbx8hAEhKR4
+ rTBazbWLFHNZBx4eD8FKdIK+prPD5AjejPxanpG+kmAuV+IhGP0x0LJGSomEuE2V
+ 6Lz0vBm+Yx5ND1FplOosy3EJs/c7ofR5GmEWFDc65g13VXFViaz6neVUsCSBw7HS
+ XgHBcdfQtc72643G4nO83X/M58G2KmM/GNQXgy7P2u9+V4iS91BDe3WLMyuOOKtr
+ BbC5eRhp4NpShEfLXiuABYeBcrWzXOwMAsatGyvHZx8QmzzqAdzV8J4iikNPPK4=
+ =7+jt
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-05-04T13:12:56Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ/9HAG1CzCMY0MyEG6OYv/jIYqRzVv0LwQYUQWlwzykCD0M
+ Z6+Vf8GfSLWkU++V2Q8lbhsMsr9m5RMJ2GjpnBhKsUjVzAD0XmRXTE9mEHFwRtQ1
+ UWyedUxnj0jDiTswRMehwMl55aL9peRWUpALYSALq/S1JWmANpMVs9MdKIuN+l9U
+ gaTyfcNW2OjlA1r6mRKCiYhoxDDxGPN2Xii4P/D5bsEbpzybytT631qnmDVrVc/D
+ 88Co6W4l3Zh4aNFXL0ItamLrAu/+4G7Pid1qo2dGYGV3rXFDz/Nud5YTsPblqXxr
+ T2H1OxYWBTzsLQNBt/jCyRbJ7MgCHkDVcRO6lpceElM4zv+IionmNIUQso7Mpw1m
+ rss+2WOSHLYJjR5UwVsO4Ew91+tYIXDtVnsiOlnJNtb7qs46GsfNw4qM57VUwAuR
+ 28fO/9HjlKdZ3QGxHd5g7ay34SFF9Mke3lmRKZFDpr3519c9xoQJ6bvXsZnda7l4
+ ff4i1YF4HAIkymEaS0HMeTngKkCqnb8Zh+mROmxjK/rITXY9gt+Z9dj5enmWXEvP
+ 0C48sy48uMV1O60qsji7uIuKzSeqTMaIh2nad9NGUM2ZdCfbOtAolEoMtwdjGrpc
+ qB7XtwSmLI/njiC6/TP4HAf7mZ11CKEREaFSIj1eyViamXBFlMx4dMMkMsnZJdrS
+ XgGulfRkCcDqjz2czPFNOxJNpz5n6GO3QrZ79RWDEmXPfzE9rjQba/RXKqsyE4KQ
+ M78dyy3RIlaYvwBxFokuOk4MSjzqqknP8ehWLj8KSW0xre/hsLLec5ti8JxJD10=
+ =xnAl
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-05-04T13:12:56Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQILA4EEKdYEzV0pAQ/0CiwmulfqRKeWah9ns4kQp7kFHhD2fqdKEfPujQ7Ddq8S
+ pcb0D0m+/jZ/kogVCjknWwodi8BrPKKepX3QRVHKJABHt6zFIoSJIwo0+TAoDdDo
+ GD0GMgte4BTTATY88uup9DGwH2BaSF5EvUkUdSNcnt+FBZiDgg0R/pdD6lCqnIJF
+ 39rV6vbRSaT/TFxlac0PQE4IkYDX6SS/jXznKmw63Q12ajcvH5DK/4f4WJk+/vVx
+ yfwCI/yGABjpmpPvddhqatiUIsM4kDynmmhYV1oJIVJutKSNYuBAuxbU7AcFUMVu
+ 5Ib8y4HTVT7z0wZV2kMU5gol0QdsD9Nbp4ZzB2mt1OJduPCUFqdX+YGbUeojCmJc
+ Bj5oclCW5OmjTVRqnO27bUKKuj5LjCy8Q5fpGkfhnyluMwZJVy2jWqfI6Q4ht4hk
+ uei3CKSyzJbyvzwlEM4ov5OFNSkDZoRxq2+D3iS8tADOxU5Ihun3i8I2x4o/8VhE
+ t7JUxwzg0ZrsTfd/Kuhb3opSH6ot4deYshFPY6t5syxHh2kF9gUmCqQsE0lOdZl/
+ V9WPbAx5GTHoWdk7qAtjtAi/juSqzzNPC7tIf5SvNFwnbyJ1/GxKflPTtpxEGpL3
+ I5zkYgn65bspcITFbBAleumIg4GAiSnXX1IJekjcavDdmP3bce+pIzabXXHuatJe
+ AbvWXTZk1FFPHISA9S7ZMBqtGEpj13G+Jwb5VNyO5gRAQHtEVBE7kbxPOwvLDAWS
+ oAXWmaR/A/HRRGjWYxoOQjqJeDEUUWCC9YMZlQ7OioECVw2G3HEm+ORGUPCj9Q==
+ =GGHf
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-05-04T13:12:56Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAeZWBl7FZBdQGRChcSGOLjF84Y6t3UvXfOHbVCzO0ESww
+ /DHDJMKkiU5OwERzYlnJeMX10nOs+VGyIwWfPxRZ8Ci8qNRhqFFpGDpmTf9JLcjK
+ 0l4Bme1gmaBRDsK4LCLlIGiUaNJmGl26CPhAOM24ow1YMOEEq4xlEv9rtsQLIydC
+ A4eSPG7vsDlolrAM962YBSLo634OMOKfPNYv2fBzXT6gckJMZpZoLx9ooWt7Gula
+ =rxNC
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-05-04T13:12:56Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAUTHF1a2GHFEaQE6LfblINct3eE6WFAUnirqd/XsT0xQw
+ NVRFQZF+AZsmWoi+prM5GRhKwOd0ojQBiQu4SaZ7WVwZj4M2mEjGhzUp6jEdIVXV
+ 0lgBhJDo7QiKDHCmRl70NvwwPuLWHvnHgcprbe6+dc8N5Fn7GqLWpxyBgnZ9+WRO
+ yi1LHVnwRZutO4jr7MGDlzTt/AmemDRM1Qu42FqX28hfxT5UgqiUEUVx
+ =En6H
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-05-04T13:12:56Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAAkYaVFh58glA4RjaxiV+AAkQF7V0xADnA5/242Wua269T
+ 0FAvSVAtk5e8O0mHVMmfSFISAxV5rO3MXxRE3AkZbQvx9t4HY/VjpTR3MzrIFwct
+ KHyCBT1ehXLwdTN2Z7pahqSPNEM1+z5yCn1bWLvP1QgpJZKIPMc8dvuGzpPOsjHm
+ 0nTJEdJi7V6ccMWh+qZ47xJqgqrpKQgy73YbYxo19RCTDBtChjmZkPrxf4HjhxSC
+ e1JhDH7aKMDackeIHjKUmzyA4LG6726OYOGvSbM/KTrkh/LJq7bmmmBARo08Oh5/
+ G3GmTfZHPGGqpDuKreb9NJCkMci2q1rNdSfumdjLLsQ+2G5jmZEwhDatPOo8aPH+
+ glBKx9DoNMh9v8SUPmZJou3BOKWEpGrHx4I/H4hQQ0OhZlm6wxW4BsT8W9upjm4j
+ x8gU27rtBu1t+q0TJhM/g+rMpPpC2wl4gJE+YZzJJXbwue9q/stro3nn4cM9nJ3u
+ LUjI22WhGgT38xirKPisUQrxqdIAygSzVYrbgPtQXhe1YTuBaCOpt07yS8VKkwul
+ 4CBXCxNsGthgR6hAUU/fmvunh468Oc75+kiVdD5+6fG9RcuYQ0ouDjWaSK897I4a
+ OSc/b+HQgdBboJNwRQphHlU+Bf/I6t0FW4ufedkrNLFzLBWiwKE5A4sfsvPigY7U
+ aAEJAhD3W40xaXsGhhOlT++CHihg87tNj92jPDuZ2c6KmLmcKs+LpxR/etWMzYL/
+ YJ3v/NM9TzIzm1zhKgfhKkzAmWxeWJae0AYAbAvIUqACzZp50S2P3OAgXZhWYcCv
+ Q62yJ3M0z2BC
+ =DfVF
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml
index 7212842..d3c834b 100644
--- a/inventories/chaosknoten/host_vars/cloud.yaml
+++ b/inventories/chaosknoten/host_vars/cloud.yaml
@@ -1,11 +1,9 @@
nextcloud__version: 30
-nextcloud__postgres_version: 15.9
+nextcloud__postgres_version: 15.13
nextcloud__fqdn: cloud.hamburg.ccc.de
nextcloud__data_dir: /data/nextcloud
-nextcloud__admin_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/admin', create=false, missing='error') }}"
nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}"
nextcloud__use_custom_new_user_skeleton: true
nextcloud__custom_new_user_skeleton_directory: "resources/chaosknoten/cloud/nextcloud/new_user_skeleton_directory/"
-nextcloud__postgres_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/DB_PASSWORD', create=false, missing='error') }}"
nextcloud__proxy_protocol_reverse_proxy_ip: 172.31.17.140
nextcloud__certbot_acme_account_email_address: le-admin@hamburg.ccc.de
diff --git a/inventories/chaosknoten/host_vars/eh22-netbox.yaml b/inventories/chaosknoten/host_vars/eh22-netbox.yaml
deleted file mode 100644
index 56ba344..0000000
--- a/inventories/chaosknoten/host_vars/eh22-netbox.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-netbox__version: "v4.1.7"
-netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}"
-netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2') }}"
-netbox__custom_pipeline_oidc_group_and_role_mapping: true
-
-nginx__version_spec: ""
-nginx__configurations:
- - name: netbox.eh22.easterhegg.eu
- content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf') }}"
-
-certbot__version_spec: ""
-certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
-certbot__certificate_domains:
- - "netbox.eh22.easterhegg.eu"
-certbot__new_cert_commands:
- - "systemctl reload nginx.service"
diff --git a/inventories/chaosknoten/host_vars/grafana.sops.yaml b/inventories/chaosknoten/host_vars/grafana.sops.yaml
new file mode 100644
index 0000000..8d5e665
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/grafana.sops.yaml
@@ -0,0 +1,241 @@
+secret__grafana_keycloak_secret: ENC[AES256_GCM,data:85OEAwuWnYW4NgObAmYey+2kGRML2iH8FuDlIZsHyOQ=,iv:Akdk7Iopx6nIOAFXqa7ROnH25vhoe4uopzEcHjWKWo8=,tag:Lgm8H9fWA+/PCjp+SHoO7g==,type:str]
+secret__grafana_gf_security_admin_password: ENC[AES256_GCM,data:Ct3YH/5FqUA+a7Z7YlpZ8aMvUM43blRG,iv:ePwTeX+7H9p0isvi6Bu0VG5egIOqTopmIiUhYoGCmR4=,tag:SLy3totIMtbED7XxmblasQ==,type:str]
+secret__prometheus_pve_exporter_pve_password: ENC[AES256_GCM,data:dJanRGfkNwZw7oaxxwpjpbV7m3Zl/MzA91Y54WrLXxHWDRHBX5Fe1soWgysN3uI5s+rtIWWfpCux/rSggFh0gQ==,iv:6gFk3IHxGkWcoeZTpS+iReBR5uMModHp2qLZp7aG4Tk=,tag:V55iwRKmS50E2lNS7lmCoA==,type:str]
+secret__alertmanager_telegram_bot_token: ENC[AES256_GCM,data:DhMeo4UHoYu17aVx2sRtQ2v2MFuwD/vHB0xsOf7QWio35ZAcwzGHab+VOzREbg==,iv:DhrCAfMoUt2Zk8imaVA8xC0UAJhXpyqNNwqP5th5ldA=,tag:BbCDqenw+yT4ADpIgZ5row==,type:str]
+secret__loki_chaos: ENC[AES256_GCM,data:km9l2LYuyvitMQOSinAyUnnF2AePE3fcW1E1k5fF,iv:gu2FB+R3/UIsa8qivpQE6AVaOug7/Q4JO3S7nhubsww=,tag:4JaG9ZHPbyzFIdzCnYN+qQ==,type:str]
+secret__loki_chaos_basic_auth: ENC[AES256_GCM,data:9HS1Jq1LqTmshFKdUDk96Y0apSC3xhSqOAWv3G1E3djDvl3QPA==,iv:oYgoIDqV3lGsHDfivgMRh7HQ0tFZhRO9OZSOuD8Yoxo=,tag:wkFgxC9EFbm/wHIHqELv0w==,type:str]
+secret__metrics_chaos: ENC[AES256_GCM,data:GDLtKMuExpedDFWLew68JMbdaxy1aEep2j4/XkOD,iv:2sbdjEp1GY6rMq0BMw3Sfjyci3Zfm7fFkU8wUFy3IDQ=,tag:yEarnC4wJvFnB8i7tJ30kQ==,type:str]
+secret__metrics_chaos_basic_auth: ENC[AES256_GCM,data:eT39ijCsheJZP3D335EIRdeVR4nSX7APw9e4iQ40NtXz8EEfGg==,iv:+OxDeTOF8PLxSFT5ZKkUwWYZfuBgv5YUJSGWsURL2kk=,tag:0nIroxvAjTG0vB/lwq09LA==,type:str]
+secret__metrics_fux: ENC[AES256_GCM,data:aV6zeZ/XsVlA3QepSfVd/cOr+tqFVhlAxRO9SHx7,iv:fxo0o9amrh5ivPTxRVkvymB3fr5dLFVE7EqIpBlNZBk=,tag:41dm29mrV/jmqj5IkuNAaw==,type:str]
+secret__metrics_fux_basic_auth: ENC[AES256_GCM,data:YL+QLzZyyObzDcz+FcefViMrvdkVSwRhDsBx/AwoDX3RLHCDjg==,iv:GADdMa7FHMM1FnyPp8DUHElpXsJeqD+gN5Slw0R9bgs=,tag:KGCoEud2JLU5s1gurrbywg==,type:str]
+secret__ntfy_token: ENC[AES256_GCM,data:0tuPJVmxHcdDWOMIo0QQXgIEkJo+p9A5emH+kc+U5tw=,iv:NZcfiz3UFw2fMcMf+q1GRp4Fsxpxbptsx9n8wPR54z0=,tag:SJYFtXccCbPrXjECiKUOUA==,type:str]
+sops:
+ lastmodified: "2025-06-02T20:28:07Z"
+ mac: ENC[AES256_GCM,data:mrA/ytnxpotGkGLCLRAGEEEiQmhcVtsCcSguZ1hnF9Qw+sIt/QULImP0yTVpQIfn3nVYBKn06+ZfRab7hTO48YuF+w1l/hkqYIcfoiikREtO9IO+Z4LBRoh59SpfQuAFAfmdegu5iTp6cXCWrEg5LElQQP3yg930kNN/HIEpZhM=,iv:3MdudOS5QaEaRQUyFANXBga8gyrTkD/CTM6qrcH8nL4=,tag:AvxWzNVLD8gOF93LXoSavA==,type:str]
+ pgp:
+ - created_at: "2025-05-04T13:15:49Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtARAAlt7WrUDnhXPecDPypDiGdIgXP8yHFq2tJmvRE75QPdBY
+ pnevwWCAaGNUVF0x6MxCGvUxvL8vVXPljBlGwYaMc4uBvEj7Gy47bRLwE9eo4goF
+ zHN9CNyOaTT3+LNC3fGNzsKBYWKk64V0KjO88On9Ax39lZVxky5U8OrAHlEYf+Vf
+ amc7onys+/V2JSCfTcYenykZ83Hd42wQ/8uUSDSqr0kUVvaAgM+hyxr3i1mUCIQN
+ mdudv7rgERfbm9Nb5skNY8x8vHSXgMB3wnWzUaPIz7SqtZdMt0WlfHFrRp4guqLj
+ 5UtjlWZZXnGvhFIuJBPMYMmcK9xioa/2h9YSgK8mlvMSVJAWW+M21E+mxkwc9c/C
+ H5v7q+VI68SovWeIJcdgU64vBIawVF2kMtVkSag7CFj7HbsgfnmiVDy42pwuC6in
+ DXu53SM1zKV7W/y4lR+VUTMTt9TzH97XBD81hgpBviZyhXCJVBKvq6sokOcspC1k
+ SrmxORl2yMuIDPc5ECTiPJMsdtzLVLJjQ58GVoXRcOsUmOvMySfwZ048suR+ndpD
+ HTGA+1jdL46YsgbydMtsMEKj/DvoXJdUKOgftRGoaHP1kc0ht8ER1SJOEHQNt5WK
+ jjw3E0ekJ8oGC/EqHanNBG5PnZJDQa4YkTf3KSuYy7fjI+Wub40U0ERR9jWG1TXU
+ aAEJAhCI2uFFR0K/Z9POfYzXAyeNjOFmpnI0NYdKljqsW0gFozfwiDB+barDw0u0
+ wEYhHD3B2tFGqziyIbsmSUUmJ7eBD3hmpwgf2Wws++UkjvXeRKMv/Ko+aw+sEhSl
+ 6Ki4i5vDajSE
+ =Qpn9
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-05-04T13:15:49Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ/9G1WJIIqCe7E/sV2hLJiuHQGL8NOJKUyS/u01rT20KZTn
+ bZEbv/e3OAR5EtYQKajOqznS45fkLDJzvBh7g7zCmYgr3Ls1RGD4HSAGTrtKMKbg
+ B9IgIxy/KlSizfjADb8eyLue7VOpf75VJ4kobvf9JFYBDQPb6nLe0V4rSnJ1FVhA
+ newwGBbY/sk7xTgMSNZlTSd3xHN5yH1GV1QTnfU5ZvfAhLdjVxINwfB+r8FiZfYQ
+ 1D8bgBh3+9a1PH9nUAq7p5fjmeA/8X962M9esuGxtyA88bHTsromxROlKACDvAYx
+ WFXXKAoG3yUJQqSgPKiZk9iZ/ofNmFdz0L0R3rxWR3BT3K23burzXCrHfSW+3Xgx
+ 1BZkWHXg2pBjMLwpTppddMe5GkLZCQLDSX8aOUmMro+fiMz90XcdLe7mQ/uYgpjU
+ AJ1LLxghf76Y2o6ht3lhHm0ooAJKatbjmcPfKQjkWyiX2pK9gCfzKV4URiiAcRyW
+ oCv5tToFMD3rfeYKZVpIvCHzJ5mA6UeSLHAblavRIKqovndrMjSrwKmUrzCDiUlL
+ +Komhw1DY8/zK1hEBi2tLdkVTdTNWtcLocw1M10zeQa6t3MmvkjGy5s08OH7X52O
+ 5NSqQjgUjNmzuZa5T19i6RD8YjWAvFJ6FJ/R/k8tOr7zZnCAmPJ4dX350a7IMw7S
+ XgFNP2H1mU3k9uiqaj6aVRyW6NQe+c626wTpYsJlFzyhRwysN38AfnvHKaO3L74z
+ i7thGm60mN4uu1TYIqSJ3vhUeJPw9/Di4edwv+CST0d+kEuowZLOFS3VP0lUAZ8=
+ =JMre
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-05-04T13:15:49Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ//dS5c2vnexle6PqWn/cyHlNNmxqABijrCSZ1nVle99xf3
+ 7AILENFil3I9sV50/B2gE/E8A89vzThyIiXi+KOHG70PQ1bpN834urt1Btgp7IpE
+ PfngBNznJcNAEUwji+hmMOSGQ2f6zJ8v0OOn6L3bCFacK1SkS3LWbbJydEYeDpmd
+ s5wMJqtRGAfEdOKW8DMfpE2oK5Pxwv5FrShNu2S0ZZTzVOALkIYA7MWweKDEqFFN
+ bwTZ3xcwH9kdwOy2ps2fTjqsrzkSPlICnMKh5kk2uOZgOpWXB7bRQoVukpl5I7P7
+ HtoVwJS/YzuISBBV/+cvcIaqmksyLqbsbt6byZvWC+K/XIJKml4Lzcunw6WpaMvO
+ 6dAPDLoEyIVtWfIB48r35pEC3RMhDZk5lROgy27l9g91h5PUEoLn1UfNlEOvSsFQ
+ npTIOgLtjFwxg/sl+X7PzUbWDp1LBObJ/NIc/Fu7MEpVrpGfWC4OPuWNhIPlk7fX
+ S6CpgFloeos8UPCCXcGUcKTIbEqsHojVaAK5OrTH2Au2gWen5aGk3RYSUMcI0lYH
+ PA26hp8eXbVQphRync1rzFGZ110+xSlPVb4CxeKwo7saIT/DPQu7oLVCKo0xiWgB
+ SFP/b0wRoHRHRSbqrTkFsQAaU84yAkOl6tnL+LubhPxQ8kKZDosqEvUMMruV6kHS
+ XgF1eG0ay1gQ8u5TTKZDi4feDq7og5NwITlN86ZzfQQbVn0i04mdbHwBv2liXWxG
+ kcqTiwZwP6dTSo5MpX4ASJWvLG1AvEZIZo4yuyKDx9P1QZHVWEW4Nbva77UhuDY=
+ =KlOw
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-05-04T13:15:49Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//f4Ud6OS0LhcHVTHfDsDxLBrSRXRceBnFSSB5G758RYy9
+ EFow1IMUnw1mcZ91vfIoL+uOI5wTGZK21ynImFKgifdAH7QppO6b+xbjVbugKL/A
+ EzSwI6lQSqrySkmGXnSQ48C6Wv159iaur1I2NTrPJ/QIjXww9E2blEQ9vFc5Xzoc
+ LuzmIodHrK6K0OOmy709s/8l9XMiG4Xx4Ova59fFFwLZn2Y8wsk+pg2xNvw80l6v
+ xRKD06eLx/L+EfMDxrf9IeLBrq3whxx2FstJbuQNPENtuid9GjwxCNNwy5uhsiLa
+ neg7JkCNZejCE5/Ck4fx//tUPC4ywlEoVNFJ2Avs1bud1bqsSxx4Wrrhnw7AViXH
+ ROhmdELmI5Z5pZ6mMjYIniAyzRLNbjlvwZMTivBD/f0nNTEw2cGquz49zOm1FCez
+ P2cfTCRAevkKHs54CTPA1O4VxJlBiiLM3Spx2tY/xuBKFFp/cSqMBYqJSGC1u9SW
+ LNb1yidciTJ4PUEmQoXbxPtnKXxPRNpUOcPHC6I+XWLZ09qfuMTKe/rPQJtSOO6R
+ YEcjEk9XYBUu1hXNfAIjMa7BSnYgGqzocV6vBRyFlY9AOmrjhaJbDwrJVdYTKsNW
+ EOcIVAjSFcLuRq/anh5hrwntT2PADNLtOZyriblgFoxQp56rb8H7HYXuehfdT6DS
+ XgHlatZVz0+G5kvo/h7wSe0t2la1ScSoyHeM94WQVenQu78L30IKavKI/athiCU4
+ UcqQwhst9WiIPEFVAaTy/Fe6JMlu3mu72jlyOOVJYKqJmPdfCIbg2bJgp6a1Voo=
+ =wFGr
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-05-04T13:15:49Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4HMJd/cQYrVARAAn6zBIrBsZt7P9wpK/KZonmNrluuWN0ThJMwfv6mB1WGN
+ U+z0yPLbbwtUkiRtld4hO++e+12aqTln4C5Vv06X8ozEuoldQrRlmG2m2eWoGBNv
+ Q+PMFKzvMdDcxveKkG3PKdfdq01TgrgSf4UcHfGSKw/99pwfWv4NHl5IiyYxpIgw
+ D6ArC4K6dLCAOP02TMKKlezh9b+O+jOP1UdJXTPNHcygmUM8k16fOM5wfnqSG28X
+ hZ9hGG9lQkOAPWDaMx2nKSZMX58D9hguZ+wU4vcVHK+gpWGyWx8HFexVLGFEQoNw
+ yx0DCWIvhseiOMz11Qx1sxTpj0QIYVVlEuZmeS+dgRrMzB2wg/LbLkjBP9oC91Qt
+ w8cRAZkDz4Q6rWM78Z63F0Giie5NB1ZZmX5K7Ai7hqgV0r0shzuOs4NyJN5EG3FV
+ firBWq8iH9wdt3Tp+fwruK3TTTpj6sHGIa3XsI0WfYmdtp/pedx3ud15D+lZdKTY
+ 8GiDbWFar4r411vAaEdYc+oJaxANFLmWyg71Eyfna4O7yVeLwtt/Q3mNz1RE1ATq
+ 5cBud+Pb8eUpJegjGyIt3a2JVjlZA+7eM2V9oO1sP9tnQG3LyWDAawYhLeZY8/K5
+ u5Rgj4Hvwg0Yj3DBn3gpDcdEPZB6tacc5qAYN/nTzKo4SNbtS4H9rG205+aLrnXS
+ XgGBU91ILvCJ+RD96L6WGhfGOGG9i9g5rTgvbZ+nq0FrNnBn1PunnDWlXK23vc1V
+ UJct8WFaKX3+v6ABQVkdg4ii1deu9p7SsXEaFhyYpSg3REdjeT4KGE4VEfJlCb0=
+ =sTfm
+ -----END PGP MESSAGE-----
+ fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - created_at: "2025-05-04T13:15:49Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+ModidNUCVTOW4t5toGFvsgPu6Zc0MixseN4QYgzlHetN
+ j6ND8Yzy/k8hKvQC3uMVKJDywgybtF+eNXYvY4zpQ/B9/MwKBfESy+/FQEUHws7l
+ ZDLs/ZlKtIuu7O+lhvLVxy14X2rrP812FUEaJMEWh6n13mdIZvVztRYmSntUZ3uD
+ E006jpeIrx9eQSu7+LCRY2YI9oZnC6C35KMsNbzTMPOBd4NZsWoGAfj+do2pmwSJ
+ SyzH/uCdQmTPazxZJ/iZ6lXEQdwWkrpWEEdBhEUJ5zy4VeLJK3slS730CV1OBZNL
+ xmimLSS56tOyTgVzFOhT8GV6QAOyukuq36aYlGoXaF9g7CRI+SPseqPwBqN2LyRl
+ VXeNajxs6SxW6icBW148+qLNV9XiQ5BPrMLrv0xaPGWkIHhc+vz/gqj2qkiw7lJF
+ Viy/D6tRGeuyGVz7qc6d0dSVpgJHNqWE6KFPeSKL0WJ7F6LNPIGhbw0yW95QQFFQ
+ y6Uh6DzIQRZTkksSjmI0/2P8ubBP32gd9ETSxHLwFYiFPzXi8tlZ+EQaIomvpTR4
+ p+LflO1n3HHEQKxjq6DSpW/jOzOWGY4OLde4CJzrpIn+zaMvX1Fav6FyTl5/73VE
+ dw85fz0H4ClWMzS/9vFh/uKcZVMqgSCq0kpqFEru8haSfFWfmcKsrVHfS9Vn6IjS
+ XgEWSVIZnbUUwbPeOX9kvzyP7RxOZcLbc/ARqicT3ytF5UR4xDSbdDIBjnmn3+zF
+ xRArbjTc7Kj6k0CcsBooE9Orpc+89vKafepMS0Bsz3vog0bp/Gmv3yf69ySTKzQ=
+ =OiFl
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-05-04T13:15:49Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ/+PwA2BAuPrN2h1teQOqSiH1W/eosQJQv30FVsay6LRW8n
+ SNnbxUilgi9DTdbEbSzTmxJuObpFoyMZx7WG/+XRnu08EyvcNE/yUHGgMkZNzqoF
+ Ij4BwihrZc1W2xyyL5J+Va+Zla05zIiKhFC2PLwECLtxisc6mmV5vSRERt0B4Uq6
+ B9FJHcewIZSpAk9aT5aKEUeBmFsGA2ZfOLCqAxSo1Zj3iKFrPYBNgw/b6gg0wHSF
+ 07xumBvD+tWcwRHYYGih8EjxSlWxHxHV7weE7+FtIVKzXxS+zhvxx2HMDqsohNB9
+ jP8565Wi+RdDfDeoJk1sz/IP3pxNB+2EOKWOSHoZ8vnZ3eXr0p6WpUDqFNLJ7r4d
+ XMlKykESEP6JU5lYnVtsD0KfL9RhudOUQIPGhF8xSLEGWcyhNQ5ilR291fonrftV
+ kZyW5rOiFW2QEjWQLUWxGOaFLy/SzFL0msC7nK2Ot6kZ5SMFdhmjRibFMb3OH5YG
+ wpdnfXVlxJnQhiNKdUgpQ8v+xNMyNEfa5+HlG7K7jgj82gpnPfIgak52j6JJHlZV
+ BcdgFewBqZqamThCrIe1ZzRhn8z/FURnXULhhCaB4aBmoVmAZXm0x+uAESG8p58v
+ beFxcUNASBv89Veyi3mSkfMCfpPT5VipHbySYkUQJeHQdGH2CeO97p/DIhwLvjTS
+ XgGqeLOMJJObQF1SaVVv8y4dDtvqEbVx2r7LPItoG0m/FkoZUT7s87wnkKIILOgx
+ lgUE0Fc2vnsBsLzdx3ssxt2aYrDHafhsIU8DDFXLObd2ZtVR9Iq9RSl2KFSCreA=
+ =O4WF
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-05-04T13:15:49Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqARAAhVUe0yE43V9QEQkvwinBc7eewDs2sQwkfT9hFLjda21T
+ UN1FmFTbvDiX0qiTLHyFZYTSJmduzizmBdjB1MHgsooNuCf9TeJEKkPKJNFomSEe
+ fjyDShNXuBG+4gwUwQKdbCZlkgBsbwFGRrMtM4CQ2NU37yHVrAKnvMkYJ+AILY+x
+ C6oiBbRjf3xxdefPRZxq5zAKI2jcHVw/6jgRm9+9VvfHRMfPQhpefkji1MBCQ/Gm
+ I/rssIUJO5iSQNfTE7YUJAhb9wB8iSWK5G3pchjqlCOlwPXsxM4C3gUEgNQda5tY
+ 6y42lGtPlpdUI/5jHh5jwBVYYtoWAoFlwpNMq/23ih7Q77Xi4zwdAEDMxTu67Ojv
+ pYTPeMcVtF6dMMgH7KQ9ZbQ3iufROmU+iG/l1EKhvmu09ilAcPhspQ25pSiECyFg
+ iUzVwLrD3Dqk0FhymyBCkYaUgaHlfMhwg15GrKDdtdAAyoroOZz/IRpA5yc6HBBC
+ 6tRxZ0JZDZUQQc2TPSYWHaU0Z/FNYVQ00/57MOCQ9EAPVgVp3rfJzFZVjLA7UpHj
+ XHuH9gZli6LMO6nQpWUwqWx3WWQFgJT6azzUU4UEB2ICWBqyqqFs4ybr/nE18xkE
+ WFHaI5+SPkkv5qIESENx86QngZiFwupv/FSVr9cVYCW2JnZ7bQXbELXdQqfPenXS
+ XgF0v2HC+3T5IH2k6ml+6+a6FJWpZjL52u3epr9rBxObGuwKA8mrvx/QvbHYSvie
+ Znio7gSVInFFh++x2FlZ/xxsRLxPd7kNtPd825n/+INW72S+lUOVBTgcZi7XaeY=
+ =UwJL
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-05-04T13:15:49Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//UYudkqiiAv23EIrXiD2IQW4LqySD1rSHmhfP6rNYc1yl
+ +m5VP4VZfBvW7z9lKFPXvC6KTelCan0xDfoFWHXgcelDrC3UPN4qXA5yX/SSuI1R
+ 4VDplsaz/xUSnBV2uQJ76JhM3NbIP5kC68P0VciADgv4Bz8nYxYcuRkG7tzbsu0f
+ eiKoNZrOKI+6fs4xZK4GnpvFCri7hvishTwfByU8CGMCnWQCkAeoycdJvtz9tMoT
+ q38qKxwGqayRe3gOp+U7q0QBIJu7Br634Yd5d0P9DbJrPDpj4XvStVx5iGml/BIO
+ 4LAa6mSYBR9bbQESXmvguZV79J1b4vxM0y8+2YHkMzD0D+C+FE2UChVxUJfriKgg
+ fs1SjrXzAIUEHccEsEmq9evIk1rh1NqTpSrtnlx7daIJbjFoVDZ3+qzeJLEX/CB7
+ ESeUW5IhhkrOl05+woz2pDQL4+UeAGDHhdKGfhuAAtVXpJ9a7OYARS1GS2SppAtK
+ v37mO9e72hZVOfPYkrzxbgQRB/86ZoAxK7gR/ic0Wj6DKPsHYXiVnOv1YhOaqMel
+ 0wo7IKeWR3UespUQ0wQRBbbOcbeVC9wiFZ5aSyA//BcpESSYuIWIgKsAJsIw4fDc
+ F1aTQcrXU8aWtj4FfFKcEup4mTGUdaK9JlcCeeXoepeqG+TzxQjubzTXqjWWZ2PS
+ XgEcBlqh3iSNlSVt5SRTdNVIYTDO7Vo3Ufa1uO71edD7ZqQWpL5QkqOoOSrWJQrn
+ KKfk182jEdDEJaQiVJo280L9dYMx7Gjh5JJjB0XXzrMBcypPNqBfqX/etF94J4g=
+ =rBZg
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-05-04T13:15:49Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdA+WKLKwCjvDh8zENX+exbVY/fuOS9dp1MslD2vAgCh3ow
+ 81ri+csvT1op2zJerI6Z4GSLALCJlRX5CTYm1VSX2g/P28anMtHoO1irvSuHbAxR
+ 0l4Bk5mG70t7+z3CTWA01m9aJBRd+ipqld/H6RyXd1PENjO5Zop2VPwqmNk64dM/
+ DGYnM2nJr5j19XE3RBfd/MJ1kEL1QyEUQ5ydpUbCqKApOGmWFG0kvB26TvLLwZvV
+ =srkY
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-05-04T13:15:49Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdA4S41X4CuDYEmuQr+7YGOvGDtCGIKFyzXZvhatV4k+yQw
+ X0mrtyY4cHpxcLpkKfB3TlBNl6MeBo4sASvdKbJEneMhHr6uxWxud5RkUUK4/Jx7
+ 0lgBA/pC+apLHap5jEvwS3JMYbgt80Z0PpzABRi4vkFnIJjED2H3Koc8hAoKis1/
+ 9zBj4K6hXb3qIduxRzSWB15X/1K41PVp7brQ+WwY45I284fJiYhZ/FxD
+ =LPYd
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-05-04T13:15:49Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAA3GvNGrQEMdqTFkWd5aG26ScbeXv8EFAYKX2li0F3W7Ph
+ iM7kXK09JLnYprKoSSA1gIUUyQMOD2r4MAcsAYCpvp0YMM0SYSVPiXdcBQVWjukM
+ hMzRRLs2Q4lRBqYINVf6KW0q+ZvBuqXLFpiwcFq/im0ETTySCOKJaiY7qs5v+A6y
+ fHP1ZaYPBuY7cgmXL4cdJnmhT8f7T0ZeO1JbZTGNaUX/VBzJrenGXwiLYtn+Sfer
+ sS19229E19JZV24MNsILoeFSBuETEiKEAjgHSzAhKBBAygBH6n08bbUgvUytDGgq
+ 6AsndbK1NeV0COKBH9f9kS1jcMYGif09EFUqwrU4YsxRFFYoEq5QuB0TXR97xoir
+ cIpvpi7ExkwVivFS1CM8bzgWMChUzmaDR0KpQpYIUNojyfwhe5Ek0K9z8y+Sd2A7
+ KTcBeO0zeiKSHEoD6c52ZotOlJ9uqrDI1JpgENfzjRML97Hoij6XPfBAsUW0MP8I
+ nYomRWSG8/wP5dlRJwkJBJaqgXotM7oLYlvtoKR1H31c8/FAWtrbvV+qk7CHp+16
+ ckRvGYCYU7fjihj0eMsz6QWv+Klqqik0jk+EdIoUyMzsAjN89vh9VT7gj3rG4Nfw
+ kpVhRLaoStBLS2gT+bevHec61vOOQoDv8ZkstvDb7G7fqC/qhWWIChPmmpiJ/7HU
+ aAEJAhDqBnbVBbVBg/MGJb4hx+Io8NT8cQuRgZoHQQ8Ckvq5SJtpgRVQK8icAl5d
+ GOavtORsxpXjlibUfFVJWdlZ+c4L5OVe6KcO5josGsyoCg+sA8sfbiIvTCENZ9h8
+ ysiODTdEII8m
+ =+kED
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/inventories/chaosknoten/host_vars/grafana.yaml b/inventories/chaosknoten/host_vars/grafana.yaml
index 87cd328..1ca6b1b 100644
--- a/inventories/chaosknoten/host_vars/grafana.yaml
+++ b/inventories/chaosknoten/host_vars/grafana.yaml
@@ -12,15 +12,128 @@ docker_compose__configuration_files:
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml') }}"
- name: alertmanager_alert_templates.tmpl
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl') }}"
+ - name: loki.yaml
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/loki.yaml') }}"
+ - name: ntfy-alertmanager-ccchh-critical
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2') }}"
+ - name: ntfy-alertmanager-ccchh
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2') }}"
+ - name: ntfy-alertmanager-fux-critical
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2') }}"
+ - name: ntfy-alertmanager-fux
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2') }}"
certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains:
- "grafana.hamburg.ccc.de"
+ - "loki.hamburg.ccc.de"
+ - "metrics.hamburg.ccc.de"
+
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
+nginx__deploy_redirect_conf: false
+nginx__deploy_htpasswds: true
+nginx__htpasswds:
+ - name: loki
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/nginx/loki.htpasswd.j2') }}"
+ - name: metrics
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2') }}"
nginx__configurations:
+ - name: redirectv6
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/redirect.conf') }}"
- name: grafana.hamburg.ccc.de
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf') }}"
+ - name: loki.hamburg.ccc.de
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf') }}"
+ - name: metrics.hamburg.ccc.de
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf') }}"
+
+
+alloy_config: |
+ prometheus.remote_write "default" {
+ endpoint {
+ url = "https://metrics.hamburg.ccc.de/api/v1/write"
+ basic_auth {
+ username = "chaos"
+ password = "{{ secret__metrics_chaos }}"
+ }
+ }
+ }
+ loki.write "default" {
+ endpoint {
+ url = "https://loki.hamburg.ccc.de/loki/api/v1/push"
+ basic_auth {
+ username = "chaos"
+ password = "{{ secret__loki_chaos }}"
+ }
+ }
+ }
+
+ loki.relabel "journal" {
+ forward_to = []
+
+ rule {
+ source_labels = ["__journal__systemd_unit"]
+ target_label = "systemd_unit"
+ }
+ rule {
+ source_labels = ["__journal__hostname"]
+ target_label = "instance"
+ }
+ rule {
+ source_labels = ["__journal__transport"]
+ target_label = "systemd_transport"
+ }
+ rule {
+ source_labels = ["__journal_syslog_identifier"]
+ target_label = "syslog_identifier"
+ }
+ rule {
+ source_labels = ["__journal_priority_keyword"]
+ target_label = "level"
+ }
+ rule {
+ source_labels = ["__journal__hostname"]
+ target_label = "host"
+ regex = "([^:]+)"
+ replacement = "${1}.hamburg.ccc.de"
+ action = "replace"
+ }
+ }
+
+ loki.source.journal "read_journal" {
+ forward_to = [loki.write.default.receiver]
+ relabel_rules = loki.relabel.journal.rules
+ format_as_json = true
+ labels = {component = "loki.source.journal", org = "ccchh"}
+ }
+
+ logging {
+ level = "info"
+ }
+ prometheus.exporter.unix "local_system" {
+ enable_collectors = ["systemd"]
+ }
+
+ prometheus.relabel "default" {
+ forward_to = [prometheus.remote_write.default.receiver]
+ rule {
+ target_label = "org"
+ replacement = "ccchh"
+ }
+ rule {
+ source_labels = ["instance"]
+ target_label = "host"
+ regex = "([^:]+)"
+ replacement = "${1}.hamburg.ccc.de"
+ action = "replace"
+ }
+ }
+
+ prometheus.scrape "scrape_metrics" {
+ targets = prometheus.exporter.unix.local_system.targets
+ forward_to = [prometheus.relabel.default.receiver]
+ }
diff --git a/inventories/chaosknoten/host_vars/keycloak.sops.yaml b/inventories/chaosknoten/host_vars/keycloak.sops.yaml
new file mode 100644
index 0000000..ceaf610
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/keycloak.sops.yaml
@@ -0,0 +1,241 @@
+secret__keycloak_admin_password: ENC[AES256_GCM,data:U6vt0UHHgz85sO+X1YucL9CIr00LtTaeyGUFZ4bVFarsg7y6gTtb+fCuYKCgsJmNDP9jek8Ny+A5WPkMkWR/pA==,iv:qq2H9nF6/1pUBhJG8dFmfRdxk9HSaIOoTdu3uu5xJDw=,tag:rpEuf7JSQ0092R1aPOojKw==,type:str]
+secret__keycloak_db_password: ENC[AES256_GCM,data:IDmQUjQh/QB1xdkwPKqv3ZAwdfy/lkSEdAJuF5MSPCNKfuANRmN+4rH570E3/ZApAJpLAkefh3pufiVbNF8Ssw==,iv:W3roegZU2KfeBDBBImQCCa6VqX+nUk2oh6jMhzbGcVM=,tag:0Qzu8gv5ThtAss4xJ4vf4A==,type:str]
+secret__idinvite_token_secret: ENC[AES256_GCM,data:FC9LqUf6wDijaH6JIde9u1Lc4qcqi/XZwQ==,iv:fSgbI4CXMeCKWSyVYyYT+3Af+OdhZ0wsFwNpZf3CA6s=,tag:tGe+xWyBH2VJr3yc3Vh0qw==,type:str]
+secret__idinvite_client_secret: ENC[AES256_GCM,data:ImweU1aPI0G9Lf5+TXvVmZwGhoigSJoHMLCuq6MxxP0=,iv:GSGqpMVHq31U+IYtnHnu9RuMt985y2N1PRvrlWFicg4=,tag:NKuqLcb3xPzna6t2VVuIog==,type:str]
+secret__idinvite_admin_password: ENC[AES256_GCM,data:fVb+vCHzPLvsQ44wWxfAwx5vRpoycJxBLA==,iv:Co53uRh5fG4pEVxnC6uWaXRrCLGH2Celg/XC+idiWSY=,tag:AWUn99jtuJCqXww/2dSS8g==,type:str]
+secret__id_no_reply_smtp: ENC[AES256_GCM,data:Sqc/UkQq/2F78G8LP92YrA==,iv:ObEdXhzHp5aDCWq3r7aUBhOEJ1sJ6lYiYC0pmWmwML8=,tag:1rtneYPlKS+uDzFWev6A4g==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2025-05-04T14:21:10Z"
+ mac: ENC[AES256_GCM,data:EgeLza2JhJZmuNase/63KyoVwR33eFRqxHqSSaJDlr8YHQ0Vx6OTGQJTUGzgdQiC5y/AE24Mesbg1iT1+qufeOwv4V9spW3F0Ci3GOBcKrqBZxnnuHNn6tiRe3R0eeu6PLRcat/HSWY4NFz3RvUposC5YaATP78JXgDuJg/wRoM=,iv:FnxDapA+BUfSMVBrTYb9mcSYz5cZ5Qof/PZo44UTXrA=,tag:2FH63YT8Z54G/o/n8s57yA==,type:str]
+ pgp:
+ - created_at: "2025-05-04T13:44:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//ZExC1DnzxgXCNTSGsQifh9UVf1dxM19GJAwU/EUBYGAI
+ xxJo2A/j2AJgj3vHpgtSFgtrsfuVMhDSeZadXUb3k5upwpOQfGLWhtyVT9fGejmS
+ mvlcH9EtHmourS65C+jJNRRcKX+q7tPTxZiqCNxXhkP94XPWyfKXwwxb8H3Uaq8p
+ p7xczBwWVxOqaeOZWbZPhI0ciMRXgjhc0IFxqtHN2Z/baiwsI7o4yMZKGeGH5P/M
+ l8wP7xUo0TlBVVbn9rcD0KN4IXajbHw32kSV4o89wcW6H3OvgwthZYZZuAUCGmTg
+ qL5nAxwltLfp3jo+h8J3Q6fiq+N0Ywei4/lriFUl6js6GJL+0v7VjlqFKyJgPvKj
+ bBJXqKwMQEy2kxD7J60D6V5mfC3tNaVe3HQG3tuXzOkScwoy81NOt+Pe+oi2z2Rl
+ uPYUzCdyM8to2y3vVNUltL3V4Nck4EZ0gGdRtTpxzJFW+DkyGsBp57SmmQM2WjI9
+ zqYvhOW4nSfTZm2Ys369qNOsh6Rg4kEaVgNX0RchGFKv3+53RZo1Ng+ukx+P0PgZ
+ punVqPj6/wXMPVB3xCj8vBL8Oq5Tm1QWc6EB8Lr6FyfySBmzGVL5SRoUCuQWRwbb
+ KzuKlgqG1Wn5O4SVKlT8pgONDzcLmlPnhACckQcurNCOw8rgBDQ20V4d2Lm3k7rU
+ aAEJAhAgoziTL+oP7ie7066uz/knB2gda4cHFXWKfhKJkyi+xgAdi540JHyj0BYk
+ +bKKGl/afDfHfpqZiz0/BIYwNYFqghPD+CN5dq7HeozuVBA1rxN+ozpp4lJ2WXEQ
+ gZLlyoljhzn3
+ =JCEw
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-05-04T13:44:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAnBMFqT23a1S3I5+Dgi7ae6iwjxlU2uNAY6BA3dLPrZp4
+ l87+4HD4ripdNcXxHiaprs7PcDb53Ew88kGSVx3KPxmbeknQvCHkzP1UUSkhOX02
+ 50fSmP+mpxIxUnKkj9iQMXV2zS4khqPKJ9H4RyzfsGhJCtyuKLqsC5of/gf4/vRP
+ ttBSui1eQshmzOVwt7jVI2k4IsEj/FKUKNkb0dpBx9RLQdtO3wUh/p4bOMEEs0SD
+ rn0RYvdf6S+VLeOisB1cBM6wq5s9WfgCV0/H9U44VthAfYPuqv8VMPLJBZtMmm5t
+ v8GWDs9NOaTzIdjEJwxSJoAWti48c/CKMglD+zsELPGaaEtN3pZ70vCQn4+RmiwF
+ u7SfZKMtiG8rlkc0tNf2Knzk8hlRi5Dd0kfETEzFD7KZMuh56Mt5P7VrO3hcw10j
+ gOjPgBePJafHk23sFAjYnmnVBfTquup0dOXs1AU9Mey7emIV0gmXDw9UuNSPiYbs
+ Vzt9LjMnstg/Ky+IugrU4xQ2ywRQZlW7pe8n/A71QTWDv01jlFnkcm/xDQaD/rmw
+ vxPbxaTiSh4hRcquxT7HjfpIBJ2gRxK7LWyaevFWuD5O3TnMyjU5hR2vWpTRkXQp
+ dV1FqLlWISu2CsnWY6iVF6x5t11ueE5QBimfj8vGFUI6xCCcIrKh3wr0hljpDYrS
+ XgEyI6k4fTqmo6JswGbdZiHsYJUooWkX2NcsiuojK/Lc6NJCkdzHGDB4szO5rYmE
+ 111jVE6kR52TYzpneE22Q/uuVOGQVTK7eVJMuG8C03gNxdSc4npc+J/yPuPF4Iw=
+ =7hZp
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-05-04T13:44:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAA01Q3T9q8MAxRt99LTHykCF67B4iZLR1b4p1Y8JPOSgV9
+ 2ScS+7jyV0MlifSITZSDptT40EQ+dCRt7/ikIRVHM4Xag+6F61DSLGJSOVYCTXxu
+ e62Xbzqpa9NkhSKu1q10NJODyB8VEJOf9ElelWIOedS7FA3iMeDOJY+GVoyhOiXK
+ TkJd2Grpbgxnp7in+Bopt8aFyMPQj6+avsNWzIHPv9CQRS7HUsE3uhF4jsdZ7Dge
+ FYI9yhWw3sCaYo4Z1mJ/ygMQ3Y3rrXAK63pHUoMFpFvge7j4hcxrIREWP3TvhwQh
+ QN/3B5/f757uTeEmTwSvOLV/+JRE+Ih0MR+TiAD/5lOL017rhPg4d5hoGkiPmYQ2
+ 98635BwRcjziCTI+Twh+4eMaOEaYOsgX2LEM1l/4a4QShSEaVhO8NmyMlBHv35iu
+ Frxux/fA9EzmFgDCTQGz8RlXe6KYTCg44lTme4pXyYaEN0LVe9BABqKtrW6YPLPa
+ KdYUcmZfaR6eQkjHnutGz8IJ0ArshnFKffK+rZ/n3Gy2JTbBTf5JVLWAnpAGoFR4
+ 6BjO+JjXTroLczReuHyBLXFRGWYoa84wghJWyE/an7k2PbSwLyxBvUdPd4xjAwHo
+ Kh5X+U0fuKdDjyhqLcLgDpKsylGKQuIAYZtqmr+kReUTERBTcbrTcxABlG54JoPS
+ XgE8LARf1GE/HeREedaNPJqmWI/3e2f6BUO9/1OdUypbFcuayWH4nM1eUefLuPu/
+ Ck2vOmqlUyJWRzn2RVVwjB/01iAcnVOTKPel7Mgv0ORiGX1cLJOaSzyoFI6v68c=
+ =tQCa
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-05-04T13:44:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/9HeS1pdRPkAEXsc7fCCGBOCpYXet6k9qZcOPeRUZ1djVk
+ xfWm55U4ouX1YrDgCflBHmbTA3uDuodQa7w+uXUQC4eDfK9nh7+KYVBGy9Zt2+OB
+ nuH53IC7OrSXvCXy6dJZOGZ84NoMhOWlenzEAl29xZzmk8yp/uQDHJ3iqvhO8un4
+ hAJXfR1k8MUk+3eTlzQBr/qh5wdBEQTfhMTYKJgqdf64IHpStlipRNgeMG57fKG2
+ 2Y8P4p0nq8/O6NyUTx1MPKveHJGcL5LmQtR7v6P2jpdEjUe1Q5bgRq3CrN6Usa4Q
+ HNsCVfW+W1YOq4/Cj8XulbD/OwVqUWJx9YOJ3hCoTr7UxaPKOsBDe30i4L8iCRIk
+ iu/jHGP8A3Fk4sY+kJ0oV446u+VY/pKCseacXfymOcGmAA59IZW5WFO5pofiiq/y
+ cQdosLH4HpnTkoPt4FTCqFYDUq8yKxjM+cle9IxzaQcfscqe5LoGXxfwUwDqoaCi
+ 5IzIaRr7smRFQQUA0NWt9bQXZEW1XS6TfUuNg6yb2C5H/HqmMZfiCu5BrX17/yXH
+ 5Pf8PEiaDUbvwYqsFQx0UrcE+V8kO7fAg74H7yuF7XBBPpMn/kxaqlHiIhn36tqy
+ EDIyuEc3my1UEnisJBKUQYufZqmLqalffVbnqqYKemhS65slZo84Z+2oY+t0TRrS
+ XgHNBYaBHLRcXMqH9kWMxixPsXCvwvLUIVbD7AKkY6RcWv6niI9fRm6xz90pJVEI
+ lQSpfRtlnF6z7x2873/ARxBIRzqK6J1fwWpb1yyyj9AGg6vttvpAKwRGXjD12C4=
+ =tsnC
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-05-04T13:44:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4HMJd/cQYrVARAAgvYSrWmPkcSj44PbP8BYUf9NNKCfVBn9NweceLvgfIzz
+ /8dVZZZ+S7k2IYEdUxx2oeBnUQ+JC7QsDuiJQ585XEBMoPkV2WTZE5TGgWUgc7r1
+ qObMzeHGjWkHtUuChkHf4gb6IbYbXNsEY9RYu6syBTrAwamnSv7Wy2/vY8GKYq/7
+ 8QujUuKiBcR3LUa8BvqTXhgTkC1S82io0IQ1+5HiFgBj5ixTMGwJJJcD/gmyYqzx
+ F5GmFl+WQzPFxCtX/Mj3+eDCpHMeNCBq8itBh/hn4olih4lqC+Ib9F1RMxZRRnMu
+ llCvPH8xOznXEZfjR5DPPGO5+Eu02B5QWPsBDca/U5WrbNlAqJWvxrRPgW94pjob
+ c7r7aY7tax3xeO6UFdJa9si5S235r2ELF/9F76TzqCcT8C74lQc4faAIJFhzkMa1
+ uwCG2Dicgl5uwMuqT1Q/7259ECx12a7SExt/Pkb8OrO71s3D7tefOAszWdQdveDN
+ 9k/X+8i9UOwt8gGTemCnDftDlaLZXvhI0jSY7bbFOnoZhur6+OlA1UdU3t2sa8Pf
+ bkjo1CO5eBtZcXnP9ryfCXiRZBbVA7TdE1kRuAfs76ESBMbi1RffysvHbVzly5uL
+ s+8LcYMUO8gVapReJpJwswS6Ge7upbsNpwzwvu/VBuzh2/m+xyt2mtT75OC8Xx3S
+ XgHCYjxruOoCEEkJ5tTTsMLx2GtEc+Exv09E0HkNM3zkEbO1uDxaEVcYq7ruPTJf
+ RXUkw/Beiwbx0Mq+n7T+i7STkaaQLC7OCv9L8CzBYcFyeFpMNZtdnfa6oIaSNA0=
+ =dYJW
+ -----END PGP MESSAGE-----
+ fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - created_at: "2025-05-04T13:44:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ//YLgcJ0sVMF1QLBXdi+wIqsNDMg1ua5FlOOSxCR2eKVcx
+ pNNi/gizQSWk9Dni4hhvNiAl+umQDdG4WQE+iGN97bmpnxGDCG+H2QtCkuDZ4Oy9
+ 4rZs3yzvIWr5F7TYE7kGGAQo+Yv7b14WJvSfg68Itl0ozvpdhWOMQ++9G/4C2xnL
+ VA9paqOD/u44js+XEvM7g7E+DE7qE05NY1gOPpd++VTh7dHcS8mhK//0eP/fGFMh
+ gYTBE8EeJF1YjGtMIQ2783xW3IDKTdjEIhexIn6SfLFmP/0YVoW6KXRBUWGX/BbE
+ FhkxhD1FW4l51I/bz4CrLvsASBrbvZYOvKJbFCIqbb3xYcLqP+Tnp+A82vl/W7L3
+ yRwdznphJ7iGjBygvPzQGNwX3clp8RnUbw/I/T+mWtn/GfIN6qGO6ySdgPvod3A1
+ EO5kcW5L+cfxSt/LFoNQHer9catfH6xnXwFCsVpszJz7RHa9YdbAVjBwTk9HgzF4
+ O7+PSGOzzRIoKeEV7JKmjV7xdPhjyQO67FXb8syROXQ/jxqkbmP4w5OWmQuYiXnj
+ 45YBsJGwVVKTVh6OQcCrCIBf7ZyHLn2lzFMxD03tFjpcMsB+HcwCVuwkZLJ4sDun
+ Ic/cNMEQUs1QCHSOmNG48DahIOyS3/VIvhM3US9Iug8PlquRJARw01tO332nUnXS
+ XgFtypXSBQriUxTj7+EyitQgDRyXWmZb+IpOzBAdbGS1A0IN5YlvrePKQQkqruZA
+ mJUpLCxOtGPkPI3riTXMJTPqSs3FkYkWZwrbvZxymjROA9nmr6vx3lA5mVSy/Dk=
+ =XTam
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-05-04T13:44:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQILA1Hthzn+T1OoAQ/4gatpLoIZ6/K8CL86U32h2BZhrmfeeeT6yvRO7rAQzcBl
+ Z/I6JQvpmDj+UignkEgZJwV7JWwW58Bq9rgBlNgUI9xjqk0/MeN8pZUR/IL5ddf/
+ LvszxNA35kA3BRdJEo5CeXXL+TWy+8PJ+KrN3f1HNJu8+UvzGp4jWuytL+PdnO7H
+ Z2aznsUWKYwNAyEPrMrwypP65EbBLGXdpJBfe088KEmj/iz+ziVFtdej6SVAJYYs
+ Z9t3r0Kw3mqH9b/zwN6AkwLJl+8fZ+2QkHBJ568IPFcWD/eEs1Z89W1b9ULxjcDK
+ siuUvLOl4CLDS3xPEotcIMLFOcPjaOtWOchKb+Oh/8S8zEoRxS3yXKDEMWE75/X2
+ b7S1z2zzxaWIJv/56aVFhvishbDrxDzPEvyupzSGuiqgOOJ4tPxYwu3bfdNmKhEx
+ SuAPRJKkd4VXtsJvUZdcSX8QRi4cRjFWs+orvOu7AMX1U+lgNK6NFuTPZjPoKQwg
+ foeTntu6mUkTHUYAv+lzrEjfP/QMYf/Eb2Wn/z1ApSBD5ZUaPwRoeHkws2uM9HcB
+ G3z3dQM2bHwg4qGbAU0AwsybKLQRh+cOPxqnUnYY9C7bTZWGGs3rgFxqCbPc5mBZ
+ r/+sjgv+CGjDydY1STULxIBiRRyVNaTwhTUCK+3uX4UTj9S5rlOCLVhfk72LJdJe
+ AV1p4O7aGGJ9emIPi1Y7yJSJnJy7ojtYcUp5zlVZMm+igElVPxPmQ7zoLTI3kWna
+ 3qhJQMJB14/mLjX9gtgvKgBieSve/SRlAb7SNHTSXrzo+MjB3R031d0w5O1PXw==
+ =Qvik
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-05-04T13:44:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqARAAuyV4KPCO2QIPa3+jfEYiT5T0I0aCnSq2WALSe+AFZQbX
+ zOL2HDtYkQA6lRFycGSu8wFnMMm8yyxOQ8v5YJEd9Tf5JQosACxlEG7ksBGxUqz7
+ DEnybCQwR/YXT8ui5MR69a8sA/9eC9Ik7pFB9h2+wRMauAOrgU0bYjPMuRHF/1Je
+ cPqa35CdapUS3aFFe6qbgJlpVFTu+NygeL7Fo+y/1V2ChCUNsG0g6QqinQT2gO3b
+ +JhRy1KNpcrkv3g69DQBwOuSCPmNnhpWxEZSSJTazB8vOF8o13eCEcNYEYHMPrnC
+ iZwryhIpoBVqLirNRT8MoksWv3WzJWsqhvk/7U3f52qzFkWWhdZr4V5udRHBB+j8
+ 7eVoI1+D9Q5ATbMqzli/PCCcUjXFaQB+RV+N7p3SJQmIVWqK7NLW5NTOTnYpRXvz
+ pFNLinoSJhTRMBbkjELgWX4NRm2b81eQ6HJSxQuMvG7qlJR72t9JP2Ttabv/oSMX
+ Yz+fuVr6otKWapN6y9+arLu4YT1i8QiapFwig6ch1Y2ISvf4Iz6uilyOZL8YTsEN
+ CpAOqDIpp0lwiKth0fje6OigNWHtfdCndOOv1x35oiEA8u063KzK7bBE28PbehMV
+ gSAMMx5gY7C97wTIqaU4hUYgQm5+saljsFp73JzTJfU9FWTuAqh+VVdfjkHXaALS
+ XgGLbMfCFyuEqOfATuIiXfXc1bIVGRvRHdN+cfMwIhyrjaUijUZvBO/XUas4/DhT
+ bNOlvMNCM4TvZHFk3QEnIuGPOYX6Ms/W+jTIXv4lLlQnWckc45mcwac15k7AFWI=
+ =R2kq
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-05-04T13:44:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pARAAsxrgeRxzX51ZvPYVjoTw1Ip6LrPENP44Xb4wax8b/c8c
+ DTSJYOr7Yj8Qvwut2R7z4xbyTrdWFCQ97dWAPxVjQiKxwtzoOVxT4uJwHI89uSQZ
+ mmpOdtq5PVo6LvjYyhlszsQ7XQl8zP7YefkJ7GfXV36CmD2CbyffnLPqx500Gksu
+ +YmLcVnJ/0vbfsLrfqa4ETmOlpU8dlKSG5fz9pOmC464WhDltW8sQB6duBw6etf3
+ bEIufCFzP/p1e5eZv5nTmwep47xXZk/8h5U+YZIMKKJ/3NJcEtyIMfa5iHnzHMQU
+ cY/wAvFT1VJu0f3xgnAlgvMLe8xMIYHm7PW713L2GTLru3YD2nJ8q98EK78B5PM2
+ dByFLARvZL6vizEWPm2k8J6x+UJx3Gs4FmdVZWtYmtqMwsVhwAvYEQllYnwwFVLS
+ eJlXyP72SoZoIFFZjD/V/PIWETvOoUHpWCzCBfT66ufPoNEkI4lpGu7v0yi2UFPl
+ +5qu6TwieIluLdnkeM1YGqjZFPoUTU/P9guPCqasXVLeDdoNB0E+tJXiqyChWQ/l
+ PW09CqTJxxS1jXF4pOcjJaoiJitFKoPneLnyjQs9p54FoS9NGOjyJu057R/QQowr
+ Nr2pGdiqgTl3vg1hq8ko1pdHqKtpxNtIGzP+5M1cPKqiRLkhQhJdLDjB15OS9DbS
+ XgEtDU/Y3qN0soyLqJnF5MVtmCr/NXRxWCzZuyFNgIFW4XDiciKgU6g1mYyTH/kO
+ cs1dtGL2z1NxrgZnRRB1YoEaMXKyCZczSZY8VkV69vmbiCuip7r4nUl91np0jsY=
+ =P0EX
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-05-04T13:44:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAkOu1KqM01C7vYBTKCFcwmEyIX0I7lhQOuCwocNfP3wow
+ qPNi+bKsixnK1uuV/zGHK0Oe/bGV3W/WsSZwuZNpdAUThGic/njUVHDayRyjFD21
+ 0l4BvZ+LQxSoKd9BqpSKdrpQfFTfL1l7lHqNZWsrU5x36hVe/4xmIFQYggyH/CCj
+ qzOi/ucaM4xs0S8thBkSgPaLHEGjWtobaa26m8llj+7uvlPGJPeKI9J6T/WI8EZr
+ =2qfo
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-05-04T13:44:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAzrnhbcy9q3FjpOLCZFSiSYwH5yKBWkV8ZUFioDxh5igw
+ usD996wOgGD4LFFE7oGauUlj6QQddZ9zdwHxXDjuwPiC/xcWLUhcysA/qu0GyyQY
+ 0lgB/B2nTKzcOzUAEXzeE43KkGqUIJzo+f+KlRtsKCmkZSL9DNVDZV2GmexjoZkb
+ Txlbdp3j8o+Q2DJVM/PdOiC41yORb2s7XxbBu/fpVCW43GqNEKW0e1i5
+ =X08m
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-05-04T13:44:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//dfP/4N4wP/wzuQ3kUuutDBb2pJNNXPe42ujNYGGoW11e
+ ISQN1Ba+tv8HGC0eVXjm3M3WimgfmawCZ/SzgasYWUS/nzmMoNfPdeNgk+WBwRUo
+ O0dRq1iB2wCCe/KD5dP7IkrhiwYCbF9qEbzNOu7RndgR+2p8XjZ+DOiM2ICa/emq
+ ValOkZ5kZw5VB7vrEGmsmmUrvlL1KPX/YyWuA8U+dbkh9fxkLOOq9+Xofv5VQMuY
+ qEZAjRSVZUoy2ak53d3vwuzFLMc0/xbCaedQOCKNawGc9EwAfH8RceO4LcOH3vma
+ 4loNEcEYprQdKLLVWG2eR1+svD/lfF/oQEAGNmh8A6DnyWWIdyWJzUaFEo5dfNLT
+ p/TGXrSTd1Ei7nzbdznMM3MIz3FLgOQBFecSqf42tJtcsvXkasU6lKN5HfH3eI4Z
+ w4FQRMREeycHWCWptwYBC9k87NGzEC25fQ/FpX3DLE/nMjneHLlOGA/mf656/bf0
+ 0CxwKep464GqVpf9ovLqQOb+bvlOCru/nzw67RziQWHKP1kVetpEL9cqOsp5pt9a
+ awr7XYutH4e6JhYJsi1Mgajfh+UC/jr4Fq1+FMqL+FN0Hb28ihuqrX304F8IYHiR
+ d8mkxZXm0vR1vOqV7zOexRsdrXfPcJAACwM+kIW9xalYO+Z6pXmG7Rep76z1b7fU
+ aAEJAhCjWC0yfmszNhd/uQPrqCaYpibv0wyxJkirV/Y7l3HgbBgrpl7y91Z5ipTa
+ 0pLUmF+1fHhlOAA6vC4HfH5x85nvCsOqDsJiGUdxCT9dERuXKMoCGNKRYixkxGI6
+ QoV3vti+SGZC
+ =4xP1
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/netbox.sops.yaml b/inventories/chaosknoten/host_vars/netbox.sops.yaml
new file mode 100644
index 0000000..05e5395
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/netbox.sops.yaml
@@ -0,0 +1,238 @@
+netbox__db_password: ENC[AES256_GCM,data:4k0wmOe1c5AE298Juw5HMm5dttTKB1WsVxha4MwaIILpyIbJO0CfmzjYflfBTFPPGgVeuYdCobzchzqkP+8eAQ==,iv:25Cj2BLGJK9tMDr42AqV1IzJc5zG2dk1YH5vC0b1T3M=,tag:knyB+nALZwME8y7CAQ4BCg==,type:str]
+secret__netbox_secret_key: ENC[AES256_GCM,data:zPzoFK5Sx7gJ31/Apwex9ffFU/GY+HxIfwrItCW68MM4kVvS33e+LY4cI0vbPYEUF10=,iv:SjpKxyxSAVo+p9vvE/YAQFCzAEudcZ1lwnJ6scxeQD4=,tag:oA+lBep610IfelGwdTohvw==,type:str]
+secret__netbox_social_auth_keycloak_secret: ENC[AES256_GCM,data:HP753hmQ7ssbYSQRH0zcRC0vRN5bKptvMXo9jjzcuk4=,iv:GQUoojXLAJxqdB92kKLhavDaka0Rkkg2uocBLshdvTk=,tag:LVnL/JHMsAd5UmmpnUv7og==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2025-05-04T13:54:30Z"
+ mac: ENC[AES256_GCM,data:/+JlBnsQuJrx3+CXlH/0dtst8PdBw7cTnUpBavcQRXFjd5PsZ54kUCosFu7Y2ngL9xh6WOWKSJCKpHFb8TCrBhslJz+8SQiH97py9m59diMwG5m/RF3I3YHBIoonSZvl8ocDTbz5myycS41fad3CMs5XtGt/vEcceSFhgqjZs9A=,iv:yL8aRIn22zmTIQ53/e71t6o2z7q1fyvmgqvpz4va39M=,tag:DH1oCBbdOgK2NdanzMSn9w==,type:str]
+ pgp:
+ - created_at: "2025-05-04T13:51:50Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//bpe59yKZIbuu3vrmQQb8fE1KMD4sGbPL9SVZbZY9VXMg
+ ANWwUHDmf1m6IWiC03czF4oecnc2qGjaQSQqGER3m/zYk14KqofrYIVxS+uJvxGS
+ tMMCwSCtOdbOzKGCY9gxS/QwBoSYc1OO6iF7i/n9A0Ql2mXG7naGu68kw20WnKke
+ RMWSRzgF4TIveGYmQizKnAENLV8P2vOQsXvdwqpfWVTRBT/K48t3SuAVfsQYIc2g
+ TvUhlA124o+0t6lBjEfDQihWiN7YiGumDtZZX8XUili1xcdsl4OWrOqDRRzxzirC
+ ESJeCw9B3CRM2JfqCrDEYuLSJPpHJSzzyqor9T6BfeisC+xm0dhFIO90gGDUm8U3
+ 415350GAUy34Qk9WNPpelxZXx/fh2JB9iW+rYLOy1iQgE1i9EsYdEZXbhpbGjZ+l
+ 7W0qTm9kNFboy27NmT9EKPntWkJTQRRbeAqi5oHABUy5dZlUmW71vL2P1ent6XzA
+ 8tOI6VhfMtZ1TwAb0Xg/14qlBtOdWTdvH4lVw+YihTMtPfnoLa1zQ5apgW6oKUxo
+ QAhkcQHpu5HZsjiglQP9F6MylS9ggw7Na2GfR+3FIe5dUjHQvGHqkaBA4nrPkx3i
+ okWBFWLR4RVSSpwtIAvURxi6fcgRuonyoVKZzZ6m9WHTioHIB4Vvl0R/fU78hZnU
+ ZgEJAhBo1PHJr9dSYqgCI8qeq4sITZmFLieBhZaKoM5lPqb2AvLcC8M1AlFiK69d
+ Vr0AeQiWaYwxtMEBuQnJtO0OHv0XlgtA30EYP2cJVpzxFppxn+6LWq4uMGJNrk/Q
+ /31kOXsdng==
+ =899N
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-05-04T13:51:50Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAs55/kGd5sN9inu1n61yHG+ivPn5rsDhRV+chHlAjBnQM
+ EWdql7OlhDxMs2+wRLpQYR/d3LlGxpyocBYGptAmIXD7mas8T9BI6KynZ3cMCMWN
+ 9YNg1gkPNnmpbFUWHkv2l3xowXWfeKp83Nsod3F7FChwv4P3dIagbbW15OK6mCe/
+ XJb2n8AZF7REZeGYr0j6ZNMYdfxhvJ3WJAiLn40lfuLbQAOQ6tgB/MZyQdae+OJz
+ rE2eJhWb2G37h+H/N0vMuXLMpbqi4cw2WQz6078+eV7Z1CX1qZuRlcryKenJeoFQ
+ LZ5J+r7uy8RtHOre7kzDtRF21hey2VMQCjOngamgUl7hZCb1MDiazaW3OItVBPp7
+ wAiSBpoliyRNdnaAXjZa/Pt+wdy8ytJv2RouGQm0NoC3a7HcN1pYhxJJZH6hrNhJ
+ PIijyBEoREYO/9DUhKpHNxcD7FNw9eRB8HB/F/d3xTQw2vtgcG6sj6AxWaVyyZJo
+ 6OerhlKk6T4QFEPdjhpHXhYHH6gw5wKtoCmlX4E4zm5xx4Uerdn3VG65nSDOWlSQ
+ PPziZHn4zTG1jbx5FXwDGKtGskk82mMKF3+rJxWfmnnHA+O6wg327g8rWl5+F4sk
+ o+uEaMp/ix7Aw1lDzrx2io6MsMHpE9pCc05MZht4UGNHlhMW8G8UgRtCF9yurLTS
+ XAFwOkdtDAxpFCh5WRraCc/loHYXFzbOBdZgZYMfbpHyOYnVFiOkMcoBUTIdrVdz
+ duZFgkk/tq7iws3FzCHppSL97LhdQQYfqr8J9lMUhIm2TKilful/O1yqJ60r
+ =Zzwx
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-05-04T13:51:50Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ/+KRJ2tL+RTjzTThefMzFUwD2hPyEO5Z5QmaUqrO3cd0Pb
+ mnVs+Rf7RMX86kgXKQSTU/Wz/BXPgrDQhQvcVfVmaKU6veeMTLd+jZBTa/XMLiVm
+ azxjW3ZlKqGrRGAd9NxJfvgYIkNuBaXcAwkVNZ8P3byjAYM7VOfela8IBfnO4mH/
+ 0rIo+1kG+nzAYqWH4yh03TCwntzkt+lVQj+JEXa/yygfczG4+HWpKmpjS1pnGY8r
+ zVa0tyrJ5w6KxuOW7bc73AOze7g9KPS8HmRrhFya1pb1BuQnsxUcXZXD8+9jK+7s
+ R9NIELFzZj0PY+T5cfLX3EJrIYfMOzug5XF11MfmpzCafXd5OgBmfm/xAPbYTK/W
+ YPOEdgVu3Z8f2APtRwJrmqg4f0HLnHypaIodOkMquDLhMaP1WxhGcHmXZ4r5/CYt
+ qU2IcKcw09txzdeCqazj2npEvR5BX5B2xS+MEuicR/R0zzPCX+Brf4fuwMoBPkQG
+ lRoaj9nhY88UuFb352TxXKck31eI8kPeX6HNZnfRwSIn1JwdmKihWR+IEcsJg4EX
+ fNlggDjPP9M8u/UIUyOWtQhfuCBqnM45M4n+4yVY+1RmhlfyaXtK3wvWtRLAR2/6
+ PvaHtV4a6gybjHjwVkhoRZfUFVzHgGeEYq58uLCzgTG5QHqiETrfWtlbC7qYgsDS
+ XAHpOOMNxbpxoO6EjPwHEhZvQ1lQa/Tjse00pOpnosP8isgeHz9ut6ljmDPyUpIK
+ 415qhkIxX1wUIBXfmtOl27Y6GQg/1tIKzE0x1UhTG7X9l/nPnjSPIwFDLC9r
+ =c/cC
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-05-04T13:51:50Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/+ObNalgUdCT3UOdYADVxNPjI7H7pCBk4QfP/Ui4/uocxi
+ FbTleBj0wOJRhiTKUD73kdkD52WgpurVh5L/Zx6esnt3RMK7KO8BJ2fqPhC49QLD
+ iohIPybxF8+aX6ZMCmmCbImqH6vNU+Q1eQzd95UM+1w5hepieJhAgO6IHqIAWU9w
+ BdVQv0K5DrEuk4HApwaegxPr4NTu2UEI+2hBORHsOfmdIQap6ls57O1Ia1invUTp
+ Qm+19HfkTafccbso688b11zFZ9NAsOcm19B5a4m9bySLdvgnVC0CTCNOAwVG0Y6q
+ O8SxdxZt6KHaIFHK/5g/tlWxuQ4zDm/5TFE0+T3Ith3Pf2ITkqKLZFcTjM97yCNP
+ 3vdlVzmQjChx3QoA8nxZVCFoL+7kgSPvGxTIUmNlwrFgUD6+yZXfkzBiQ2ME4Qar
+ 0Fy+LIOfWblTWjHmYPmar9QWn1T9LTL66LZt9/z8R03qjebTqrf8/ScyhQXBb3gZ
+ hSLAZHOtvSYyMZwyfib0rDUFiSnRtQVZZ9eSq2UY9Pi/sXwSfbmbNA0AjchR8kmx
+ 2Q8WAjyGTDk7ESyawEgmxc0HxIeL0u2KguPmTp8wLO8dNEvi1EDwoup3fqCuA11J
+ p0wWTgL4chjFzJ49FpQ7Q2a7MHK/NaMI0U8nWuI44Rlc45iJhp13wMM1i5uj/dHS
+ XAF1Xqyf7KQYvni6eUm7kUUC4XnG1peMhBe3TiHRw4TqqOxnGIiT7/yx0eaJTMQv
+ CyR8H04cWr5rf0QApm3u/k/QxxiZ0I4uydgLAtDw8pgUMzVjZS98axdxM9Zh
+ =p2PY
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-05-04T13:51:50Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4HMJd/cQYrVAQ//S4UuEzAJ1f4c/qGGNph73wRpXk/j8Az2tqIDhE85MFho
+ 5GZB8IYaF1Hvt1N23WzEysvZjsrF1pWG0Y8aX5YFP1TxNx/JVaBndleYE4CzQV/W
+ 577HIaGL6Z8VePGQ7TQQ0b2wvH9E6ZepSyynLWLYtXeUSbmpzhOf31eRgGKL+1gz
+ oQPHpj4INOTKOvXjwxZswkP6mpFTaZ+TkvXNjKQQnhbrXHr3q/QN0guQ/wGb1nqD
+ 29zVBbKHviY/WosLLr72bhymNMJVy2/+l0SnBN1UJbUm/hEIfct6GBvGcgu7waD5
+ uF5fRQOjmRXAlM9/uFk/D7hgl+0cSapKqugyVkMRJVdjGRxYDq5O42AlI9260jTB
+ yd++YbiPV8xNwXhrqfEntKNXsQvINLbgOLiKAC7aSjD3lyNLxbt765wP/xdArsKH
+ nYsBiPvdiKLS814thY6MZlsI3TIwZzeVNouXsK5BXWhcE79be3lhlTesu36/uH6X
+ CAy3Gjy2ARX98WDp5AHsaDk4Fx9+b3DETpBLmYsmiPy0jiccMR2Wr0lrsYSQVamh
+ cpfyS+iKiHvbmXAzTTNg1IGrEtMyAH0lS99TJrvvB6qw/N4snr8v+avhGU+RJlTX
+ PhA6dC9HGdnfv/EbiIU/Nk0kmPIXiwl76v3MaqbxG82Tz8kVAV9+bBWUoRVJFc7S
+ XAHOetFJslv5kJzbmkUyjzGMyPMhXKjzEFVUmIEe5eJzsC+olavMYmGbXhZO+XJG
+ vRBn6oN+VZdcynLTTfiJjaT/zu12D3CqkIrtioMnF1rxLY/ngoDyC4C+K2hy
+ =RIa3
+ -----END PGP MESSAGE-----
+ fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - created_at: "2025-05-04T13:51:50Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fARAAmz/ImAmuv9pkG7/KGKQ9rlults7nf1g2a2+96p5D03i6
+ DKN+Bqc4CqxCkK9RQOXLEcUAw+CfZZZQBk6YTpIIkMeR1+Sb4dLQZIdo76is6CHc
+ HSYYMeTq2nPJJrO7v8LWS0udqERi1gIQr99FtjS9V6XiDH2sqnB38t+TlXpI6m3+
+ X2epCI2OrGHOtnP1yGRHs1nOd5whHPZ6Y8JXm2WVokjudDx9dC8pgP2qd8ZS/K7F
+ 3GnEo0MZZYo9VpdrGiElnpQvLS32hk1Z13hF/XdbOohTM7Gz1d4VtrUMuzjC+hHI
+ QSmjh4IKKhLnN0gOnAvmDOmzHoWfUbgTyNsvJyTmedXXPqR3vsDhHChMaO1BjBsE
+ Q64b/Tx/W4CzUDEOKJkHG5bH3HAVo3P7150JE8YToD2toua2Pj+j5o76EHCOmWMV
+ KbtG7bUef0r45yHgUzOiVUyAI+oBIdG6RvgVqfDPDUkEZxFgBFeRdCG+4HqHyTxP
+ +mI9zwabdXjx+4MwcOF+frJoP7TmxK6mBzW2ron9Mz9HwgTHUepS5ei+fgWIkYzW
+ wCMpGIXfrX35P17OkfqhkuiEib1t+Ec/xPHR9n+Rpr1p9c3EewIdqBr516EVYENs
+ M0ryuQ+MaT2q563y+sb2ocGNruY9GbsZigTJtqdovnZtoMs50xTifvGp7Dkjw0zS
+ XAGafKX8TtXlxOqcP9sI5bMpLQjfhbTFS72fgTxfQEErO3LKxV8Z/InGxRXl9HmA
+ T9bHsArbS4EpYByG0u0ZI9iZbK1Yp1njhUYoFTfB95FXL05bY5HTArELxqqq
+ =fGbe
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-05-04T13:51:50Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//bE4PcCxl8ZxiaJv6YcFNyq+3QDtCF4fkexVznowNDu97
+ SfLAEoNVjztvjdk199N1zbBWxNZVecV+2im4LHP46Z338m80eXLkSbp6Ig3QPXCA
+ IsfQ5hp/mXrDVSKa5j39zSk1TXM+nH1eUadSPNSvau74XMbXDW2SHhSdeoOxfo8q
+ Bts3fZ//QqSvEEhY90tcnI9ptvh5FtHh7F1m/0DQOnL2A0WIp7HxoXb2AvCIOyM5
+ 3iJwAWqlHI8Z1SsSB9+s3T6XwkLMFh457+w5mSWoGkeTo9mYEMPQpQmtZ5z08tnf
+ Xouyvg/TzCWfnI/4h8EJqYxm3qZdDtSd+cdYChnkv1xzhL0goEBWjzrqtSXOUoJ/
+ 6lvEjwaArrIDEJ5NcfDFTm1+9SwzDtn7OfL7ee3hctA3cUVWKj1jASB/ouGg6Uvb
+ 7dUkKu0rVuC4m9AhlDGSiaN1WaE2XHyxjtbVRbMg4Umrh2CYRX7ndeErnXuhFzfE
+ fLZyb/n8Pad4OF1KLnORZliRp79gXdyrBt8tWF+Xc9OD5Ca269Hgk7llh1DQCYPt
+ GlmkM75AOvYAumoRXi3eMCyT0HRHWtvOy1ljNB7H+DkWsR1dZbG+0H1q/xVVxvZf
+ uVc6R1oZMrMInrEeyf5+2gbILkU0Ms+TtXQgCv73qdioNuhTafi8acbyiyJJfXLS
+ XAHyl8IJ8fagy8iccVQUg6tPderxLaoA/NeH+lsxgbbZIxAPom8e79XRm7I40E7q
+ pCXFUuskc5kK3JaWzMc4PAPzlLs2895qBdLXyYJ/FRAzulhkKLypStFrZOp7
+ =SwE9
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-05-04T13:51:50Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqARAAsXgEGDcmiICJUisG40O4A6ePGtxFjIRmZtdYcl0ku093
+ 8bF6zJvPOwRyQqDMeD7Qlt3/HZXjMQZC6qnpWG6KY7KUkjLoUOHIQdG/+ofz7WJe
+ Pn/M9pp9v0/Ra2sLbtpxOIObbK+tdLSR3L3hWjBs+KMoSX2IPeW5LOtBID7CEQEZ
+ ay4Y/WnbY3jUSxQ3dqDGl1TTylyvAnmIup3vkVHmU7ZgbS4x9NLGVhbus0EYZl2w
+ C40S/mFLqixu9lt8GNcu/EdsNgihrAuUkFQATz6vPZs/lSiVGdl9EM75DrWuOFcc
+ kXBvvKvi0e9IAGKb3IT6h05wLTMj2pu0489HybYyoaj6Jg/4L/3i3HZRpdALOqzA
+ h73Akzzaqm7pRMgCyxxCo8RBuxQ84wSnkK2Oi4S5MpFoUnLLqm4CpEI2FDkpNGKQ
+ zQNEQIzAHWxz7rbhjYCXtv9x5KWACflBw5/ILuFIu4wxdyDlDGMnI0raNIhtyyfV
+ rROHwgWZtKS/WJXpTer1V6O86eHgY2AsSsSaadrWC0e0PXNZEP+VbhxtR3eftK10
+ 7a/2xVwA4lF+vYZeD6v9rVqn97hZd8DBKL7mj4N6EYEE8KtFCdt5/2FWZ3USXbQQ
+ JG+eaCtVW2IZn1ZEl3HxEV5crlGFq07RVfbDU+nH+98Hfn2qP8iuPDNFLdSQa6jS
+ XAFFDdFRXehEYgT6itTnkppNQKpPApFNbN62kiIHOvlc+gemUCLsR+XeL6f3P5QP
+ qzR9B4/dwH0IyquEkwqHOeGaZQgGnyqqzaBQuAEoDGlapYa3ThBdFgvOjl3A
+ =xw+2
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-05-04T13:51:50Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pARAAn7PuDmwZ6ii0LyFxAcsoN10eL2XoMrRr+zYsmhRfFOEO
+ vFGigdkMNg83r05MbPYOVdbIWZmWec0LVtXspHvKlXFB9XxErBYK5Mu4NMZTxIEg
+ Zf3vlXtR+A7fPg1SxrgXOjA2deAkGIUHVv/aQLAtTfJVgYtsAY4IvklEFNPLgFp+
+ DhjgkVVWsE/V/KHLMP3dUc35+ikrQD73kkIXMKvi4Ez3cGtXQQ3tONkdvCmfV/Y4
+ eXVSZPyf32XYjAl1isjx4YRgUK1C7S/MTxhhS3AFlaXtDcisRWbQzRnZZzkEo4t5
+ +/xUIl42hGdi2qRTrvnyhM0u4XXNm+lqk65CTLY7UcfYJLzAdaQbnSQcG4krDCi0
+ 8hnLmh7iflkrV0/MS44nOZDiU3I/9L6F9gy9fx+MfNZv0bDNHU0BL5NfWhTwiVIl
+ dE4Z2akYheoFvoAWpJNA3TKa5OV5Z7Zr7/N3o8KZL6QUXKv9tgDuzL+dqZE/fo+V
+ agi087xYmK51+enWcsmYW7t8UoKe2/5VsMJyGJDmuOBn/iRiHq7gVhLuyvnQtjKo
+ MeCv6bntSarPX9FfPrGnPNqgWd0ONFpFSHau69LEAmVSxhrJPEqNzVvelS2mQKx2
+ jJVqNSGc2rg5DCV4zzwf09Dlw2XAwnBFk5uRIfvYEv5XHmm7VQSfbIlyJRmeBKvS
+ XAEtrHwm24dfrh6m7DJkRPjjeNCS1FPSO3d9/rVgm/+f+7l8r9ntATNiQiHOg3Dp
+ Pq0XKumNIAvA1tfPTSqnP8ELcnGHbmnQ9r3oa1pA7t79kZbifV3TjINdIRc6
+ =q772
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-05-04T13:51:50Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAjb0VgOjbJnMpyOvRyy7ne6A22RmC73MY8VtNodSZxGgw
+ rZt89++1gokfH9gCT+0vHRT5nLa3VyEmNY6KDH68wrGF7Lo9vfFjSCziLJoRypLR
+ 0lwBoDbGqpDquVgZ49CoWEzms716kVf636RuDCm/mclqBVYqT9ueBc/1FfPgednM
+ tu08vimske+zsgxf1EWIisc36CBB5shd/W3vvcjG9+KcgNb6aA9P/vybcWxzGQ==
+ =wdPS
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-05-04T13:51:50Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAmlJByvoMsSxY6qHJKC7NfMUdf8I1zPFZ0eX4kAC812Mw
+ b2+S+R58j/XPFInJP9UHdSJsOhDVAhqQ/R7QBzf2iFRhL4M507pTJfK8FUbvhJQ9
+ 0lYB8ixT4IVILQR8FG3pCy7lMFhslLmHy6cBFcp1UomVJFmtlM1mJU9Og6jUBLhE
+ xmxtytF6/716ofjH8gOUvh/3TUe8mDOegy6SEcEm4fyqzJbH4QQJ2g==
+ =ZOn5
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-05-04T13:51:50Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAA3WKKOl7qNGQemym8vuu+ZqanNRcreICN+OxTVGU/j3rj
+ K0gtoqUlzy+QQ/KRmPYhfL2Oome5ld6LdN//OJ2MjuRwLhtLBXhJlrle2OvHbAm4
+ q5Io2Cc23X3x0nmuM9iT4e7oWjTbfwRDLseXG4vQuUZCJUCLLpJ3naOO4q9qz31u
+ tuG+llD6NcYwyFnE0d7vqy252TPOuK+C7DQ069VQnKF6ZBLciSRMeSZeAX8LFPKC
+ spkZGkIBEziZE+HxOI/XZy2K+nRGvkEpHNLcpHYo3cSKpuVBwRs5njJx1sJrkODq
+ OYhRFbcluRp4ugDVw/MLY/mDVCfvFQ01jTsJbOW2FweAPFvDuxATfgO7c9UgSL/U
+ fp3ff0rHBMatZb+4zlMyXxwYHeSr2DiLMCax/n9hm5Bsfb72TkkfQcy14viVeK+p
+ 79BjZS3nwGCZvBiKE/J7yxX1/QGe5EUEtMosA+dDa2g3jehiEJGSkDeoaKfyaUwR
+ I8BAl9qgIeHUcQOU+HI6AqoQvxztR5a7WYbf+qFoo+K7oxFAiMQrjTssjWxmVmzN
+ IrxYIQnYTIIjmy9u2nGAk97vn0RGE66g2X3BzFwV8JnNPBlomza9gD6Yg0K5MlXd
+ cvpse5bOA7Es6JV1Iqqayms+u2bDiz9AjcW80bYLun8eVRK3i/YqArUBQ3tQ8B3U
+ ZgEJAhD9cUaAxKVPkLABVS5134/Pa5hb5WyypqHu7Zj8iYWVziLhRdBprjLuP/al
+ Ld/os4MBUB/JLhIQz6SyqYECBPNhXyStBt9OIsP4KeUT52YqKmE/UzWv8TSrcJHS
+ 9Kytv+IMsQ==
+ =HnMS
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml
index 2304112..4726885 100644
--- a/inventories/chaosknoten/host_vars/netbox.yaml
+++ b/inventories/chaosknoten/host_vars/netbox.yaml
@@ -1,5 +1,4 @@
netbox__version: "v4.1.7"
-netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}"
netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}"
netbox__custom_pipeline_oidc_group_and_role_mapping: true
diff --git a/inventories/chaosknoten/host_vars/ntfy.sops.yaml b/inventories/chaosknoten/host_vars/ntfy.sops.yaml
new file mode 100644
index 0000000..2cb9b2a
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/ntfy.sops.yaml
@@ -0,0 +1,235 @@
+secret__loki_chaos: ENC[AES256_GCM,data:LWFTOyER+m021ogmXYBrcr/2fUe3XuZhs5ho0KbM,iv:808LWnSUAPeclhsIgOyR6SutTvJGOu7mrGaVayo7v8M=,tag:f2WCPyUESfMiGDQ4Km5Dyw==,type:str]
+secret__metrics_chaos: ENC[AES256_GCM,data:lAepzCI4pwkF8KiGYzGnC4dPASdHDn+LfbJTFSvt,iv:EUW+CGeYUqhY4G1kb2bbU16j9iLwABHfRCdn2vac5gY=,tag:IcyscB9lZuZgC04XTxDb5w==,type:str]
+ntfy:
+ user:
+ admin: ENC[AES256_GCM,data:kwGLrQXBiqKRoHkStGzYiC0fbcGgQHdZrrk9NyZtcZcI4nrKTGx1sxrHOMI=,iv:ACrBFMOP6rkfshOgB+a32TFWH1OKhQaoHcYgwHx+tao=,tag:2QTWmH/vAzIWAjaOHOkrXg==,type:str]
+ uwrite: ENC[AES256_GCM,data:Jijz+zCPpzSaIEo0xhicKlMhWSewJNJ9GXJGYuohq1E=,iv:gnjEX3N0txcBIkJm5bOs4JfKVsdi5URgoMAmquCMqKQ=,tag:Fip0hA52NeaMODb9XxjInQ==,type:str]
+ uread: ENC[AES256_GCM,data:ZODLyYx15c/rPzKexoLURwA=,iv:WqUrXexY/RBAseUwiLPBVYpA5zqJeYBW8mmcvPvjtyI=,tag:SjB4OaTgIaVKHDe4JjDN3Q==,type:str]
+sops:
+ lastmodified: "2025-06-02T16:34:49Z"
+ mac: ENC[AES256_GCM,data:C74LONrD83loeeJpdtwd4qW9tB+hJM5B3/gJ+uNNYh0exBjmXd9bxE17gL0nLxLW8U8iHk5vUDYj55EYtrfL5YABogYKuhBSvibxrjo5ejr0UsO3ecGD6Bd9JIjoW1lv7hIAnEUqy1J25PxklO06gTGjUB61IxDQh2Ner1Cunps=,iv:0ZOZeF7pg4Pi6pD305BlJl7V46BOc5l7Eg0oHYlYK8s=,tag:GtAfyAwqWrZs1IYKhbzN0A==,type:str]
+ pgp:
+ - created_at: "2025-06-01T21:41:02Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ/+Irbhincv0agRseJ3U03cW+YNHa4suynF5eSew3BsnY6h
+ +EevEAN2uz4JIRVSmXjBeNFPv3VtN1h5kxzmWXNHmZwFH4nNR+0w9a7zfUEa2E2W
+ 2THwlZFZIPVgxRZIA1ntr88a97Bxy+M+gJDuazOq77YvNCAWLi46Iim4MxuHGqsT
+ jTJ6uSe039gKiKQapeS8PpXPNTfs0ORq+OHkN1NWtJ/FbePZquqfPYfdG3csLJIB
+ 2O0To8jX5qKYZi9Z8Vx1EUMB2C0rT7tcteBAKs2KqYq5peWAK0JJefAuDbL0Fdb3
+ GOXnRcXKopLlLkCI8P9JZ60oW0HyyjaeuF2dvoErdqGSZEhH/RSkfYnTPoM3x03+
+ XwH6qBVFVlj3y9IRUJt9FAt634CHnFpTKGEZ7gEiNHazrIUiqF0VOEzI8zHELVdq
+ Yrx3daWBJLhMJAkv1Tgk4S0OSeK5BbJDa+UhjVgkbBjOJEvT0J0CXzaR6JVJqKNm
+ 3mGBJtc7CVBMQGX7RQZ4r6J3a1vhElMycNZCy+4hTYZ9+KCtY1wPRjleYDfgoK0E
+ 8WnsZ06phqEmmSThzB7bbCpf/5SQcxoWWUpdV22poHOEc/W0XoCy7zYXsoM2r7hP
+ JW6k/MTznJD3QnI0kOrfS44T51xkdapBUz9lFsh07nRKhi9TJJB8JXxNbCnbMhnS
+ XgF8vGN8Qulz2ljp6IM+LhoMPADm3hrQtEkJrXQxz1dpkZE4XHUk/tvgsDx8Kxco
+ z7/LzohXg/4MrvKtA8q4sl9oOMpv4B0H9pSMzdURk2vmgd96U4egiYpjXwqwBnY=
+ =3Fho
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-06-01T21:41:02Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ//Rh8YA6DUIBi6mjhixAd2eNCLPlQ5w/hRj991Q9uVCaBR
+ 55JWyQQBbondn/1MEVb2PlaHH22+HPAbv4p33FD4pbimz5W0taBw3T6CmDdx1V+E
+ UmitZIRNdoirbe4ChFToUjZ31RQbS5pdxW3ATSJKn1pmR1/g5sBq5SThenm1nwvU
+ ahV71QfUrs7oqJAYHqmPIipbR1PP1QSVfyDNGUx6gIYxWS7dQPtcNkVhS1fdCl8b
+ Utg1MW/pCqQuw9nRsI+2rSEtYfYqiap5Mv31Ihznfvu/cH+uyeBeT8Xmr4/9qmvA
+ 5WXJA/0qwd3S2+l6vcxBFgyoj9yFAYorTU200OBa1HBZGjQY+V9h9I4amYrj2SRC
+ 1wgsNgFxuhUQaEDhPlD8kdSts8QY/ApYwJyHnpCW1FuzgMPY2w6CfDjr0Hv4JCtw
+ /Iuy5zbh3cNbgV8jlVn3J4v3yMtEZnsh7rEb+EbPuZmpTuZ8AIG+NqIiW/SBfELW
+ qSHN/Iv1zIl0BmcV2qAKfrsox4QIOESM/77ISrwOLQoPd01qefNsTp8PExtt+yzn
+ 9MXNv0CHmpDA6u1ruIpub969T04tHu3oekZpM327glpCf5SoKVo+fYmEwB8IhIkW
+ NcNaQIeZ1P8jSjHM6XUAUfOHzzRMy0jqQVaz9kD/kHXCMfCJT5KfvKeSaJhCy7/S
+ XgEtCHT6VloJ2X9VxL695k5ugfyTsDYYDgteKuSD68cPbj2MnYS8uKD3VQh9/I/d
+ 5OJN8fsvpkpQIltUh3DeCgRv7AF03Zdou7amrTl5MEaNBZxX5mBJrA/qOw3XAWg=
+ =mRNR
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-06-01T21:41:02Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ//RXqm63AC3eWRV1cNDulWgCqZzThW1f/4o4xelGYxLQe0
+ cJuSqJmZoHsAItQ1GBIhyd/a+lcNt6Ym100RLlL6f5nPnHyk2pJNv/dPOpbs1b8b
+ +ulq2QBQEvvrzukmzXcqMGrjvJrzINB7U2L1uPBe0CTircMUR5J444LgOHC3VGnt
+ twBBgI5NQFcoZLADt8j73KEjfYzPJeaqHudhgU59h+cgPz+6N/v1fkG0vSQuzBuw
+ Tm+fk52t5X5qLWLyqrLtb4W8LdYN9D9TieRRlzjunYL8mISJikCQfpHroJkJWDjH
+ k4gaeVErauCOJWQ6Gp6aiYBtMehsHCh/8stGcnOgtyBpPh7o9FTTGcVR6j+qpijL
+ QYsjYfaH5aOU4JoUO5vq8wsBiVcOsP65CqeVFFLlvAVqZxPNzq3iBkBaWECLBfYy
+ QtIFRnRRznZQvTR0hjC0cw7vOpBGNwAcqnjPv9hQLPzdZyU2ViJjhwq/16alER9V
+ N2xFl6eKt/Mau5ZlX62lbq9eJLmR2Bqb+sL4rdMfRfl259kvGilBkCM7SMfkWnOq
+ z0do1+9FRzo8IC57WvYemzAS/pBfFH8o0Ey+PRSys03WC4YPW9XDnjSpRKEPpO8u
+ DbdhuKoVb19tAERzpZZKN2Rzuv68IpQ1vhEEP1BbsApoS0vlYIxcPSAVmSC1o7vS
+ XgE7yntjkVO+C8ciByubK1DGHZ/G5eXB/zkYQKj1w+bAmTJQ26DtHJa5/o7cXkk+
+ Ja3Qrc5Yp+W5MIV70+FHsDXNarpXSJbSPNf4nPKWsdFZGkauHks0o58T6D74LqQ=
+ =wHLh
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-06-01T21:41:02Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/+OAK/CpxVtW9HoLP1wJR589/JMdqJZqOxkySgAlm+z6RY
+ 4knRz/0f5wdHSQyuvAYnq/M1K9BsBD34dFiqyvdTa0+G+bJUIkHDLkSTqM8IvGMb
+ 48sCbGwW4Ghmxn5mjK3MwuGbGKxVujJWqwaRmOp6lgtRJdpKReFD68vtwTHa2qhh
+ ixnABbOTyN08Bf9pJ9cgoAQaVOcSja0E+yuPRlHUvM2hjbGNndbaiTtfq1hFn5qJ
+ VoakC+u6tcKEp31Y4plN1NTRf/ywZ8oMmT4TIf3kvFGwx/XKx2miIB9cUSMw/ojU
+ GrGNXjh4vfEaT0iIRtZ+H8FfuGnjFkU6qodLEIKlVmng8MU7ETGLErHjyNEJf2JT
+ OMnaajJxq8jXaY2SDoHsKETMgON1uwDDKW6NOBhaK+fW79W6z27uGnsN055vMTpV
+ kh1YJixyI3wIkr6bbfNHBdr6C8Tb4sY20zghvkQYBA2xCZSLOT0a5lX7GBTUp0uY
+ +hgxdfyQJi0P+4QPam28/b18lOZ25LC69YX8AtczQ4vHhIM+jQ+bzoNSoMpwcSm4
+ vZSSmMB0tX8W5O6yo6A/XLoktzyuzvMfZ2v3/6LbIWK0FKJzy5G9A9/xwnbCRulB
+ BJf+xzfwWt92pW7n3yVgjO+o48J1c2b71qAaMtukhPLNFSozgHlqv4vy5BD72pnS
+ XgGNEavqMxIRuRQtyDeeV0W5gdGCY/XUAjYxh4Ly51XJVCL1yZptYiFaWMuYEB3F
+ G3unTkE+YedYk2g/Wt4pR9lcgRLW4zRlOCtzwiE6JbAkp5NsQ6Tn/Q0UD1sTRsw=
+ =Y1YG
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-06-01T21:41:02Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4HMJd/cQYrVARAAxtzsDYAMwB8WAUx0U3RnEkBHEeyMqNvLCgzz0oU73B0v
+ eUWzHUYrTYMyYxRMKO8vqKULBPhYOKbns0hzL8s6YjCnT08XwNXtYiuKm90FVQcz
+ 4ARslyObb+0ayyfx9dd9+6aFCgyftgAZpctWCEWPhBLUIsKcsd/q+Q5hSNfhwp+1
+ IAfruNkBaCFD95A3apfsVd3E/clzXBXcNa9d2k7Te3LCduhD5Su9QUgqDvf5Je8o
+ WS1+Q8gih/+xTNR0avBfAZuSq24cqKyPg49KNRvfWq7drEZYYfUOdIMOJVZiBuRJ
+ y4HjNGgX+NIl/BDu4SpFQVFhDmv+kgIM0JxXF6p3Ap4hZAYicWRnn0StVJ5kaB6O
+ 7l58NTu9aX7eLR4W2NuYLTwmssnA/hJd8i42YSYYD05siQIKICxkaLSTVztqf1vS
+ N4RNNZNle6gkBvceRkb+8FgzPmLL8BFPkUiAFJOr5BDShbXwN/UocBgVKIRsuQah
+ mIJ5uu++9oy5jaR/eeff5QcRxtpCasi/86qW9igCSOqKuHWOMz0RWJCRaJmhWY/m
+ 5gvz0nNCqbnPOXwvbNiuAmFmhmhYs8AvEvqMPJR3DHUSy5U1Bqpx+Oeu4qK16alr
+ HxjnyyEoGLkTSfk22vN7wQZD+loQJlL9U8swQmZD+Y3pyPInCYrZotOwMBo6XazS
+ XgFRaZJlP0gC3tN83H0b1oC0eXBMagmEVkyhxMBwXCrGxl9BrcF7KGxP5GU7uqGm
+ nV0GU1UIJZAS2qrdf456Ou01E/5QbpTHac25/W7ZlPOhibqWbT9wV+ICYZfSMU0=
+ =07bf
+ -----END PGP MESSAGE-----
+ fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - created_at: "2025-06-01T21:41:02Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/5AcTObI2/IVj3lxv7G+p65eqtuexRmMCn/dsLOR3MBLkB
+ Pw6JFRUIsRAgDlpD0YI7CrqB3pisej5LemUmvB9vK9H+6IALSB5eKEMd/6MXiqlV
+ HDUw/pmZUP+X16GAsXDwvMNT1RQQuEnigTzaIo8ydDWdsgAMOs7JZ7KcF/k62x1k
+ UCqCnEZhxyKopNOtbLuVhpW8R1DnRIenm8v3tB85neVTXPBRcG8fJ5y3zqRwpIPX
+ pXUT2QI1fD6P+djMNJPFPcQdf1zz1xj02OuQQnKX68qh/VW4QJSF5e0firXSZ37n
+ dpsfQ7ROU6PfnvcXFZTPoR6b8oUgo7TxwOy4ERPqXbuM1UZm5zr0hj42IYQz1AZm
+ LlcB/AIs2MJDXgv7B2aLryZQGipBMmsASNbqyTVU+cA7f0km3hyta83RZsOw6MsX
+ wQjTQhx/lnCx3/dOJevEwBE6YgybKJAVIqscNAagAFuCtlbq5RjVYKRA3nRBGgjK
+ hDFQ0yWWl2UHYC4aIl05SIsoL2KVXEzIT1qayy4sGR/L3YmUx1OcZLiBZOvCRBYw
+ v/DX/Poz7C9g2jEPC9SV7IHXF7J1SI6aTOWcxrqpXVY45vbIW2qLQC/uJz3GTOaR
+ Om361FwXnJAYeCjOxIZXSlBy6JLEgBSjA+F9dDtwuTz3Bay1IhdNJ3Z55zzVI5rS
+ XgGJHreDweUIhIhoGBMiEuKb+d6UCQ9F6oiBulvO3zYTpqJNM2U10xllF5MEztWe
+ 96Bai8OAPTkIR5UT2cpjodlye7+SvAabxvnUDdUqoL6+2jMtECUD5/VRzLEkrfU=
+ =w6pZ
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-06-01T21:41:02Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ/+Mj7CiCY2fpytnZIrwXUaSSTvEl4TkuJrgN10NXdhEiuB
+ MsIubs9q/dGvG+GLBTNIuRJzzQespRC0z7t38ylGNMvaLODUGpy7XvfDF6aiSzCG
+ hrGcWGPwWue2HnoyPBy4ObaZq+aB7FrGrNgxVS5p5sd7ovj/UKDu75G3DNXuQ9C6
+ AYgzETIGU6wtnJvp0EhqHQTaJ88dus+kiGpLVhMxDfGPhCAwOQ/2SYwI8R/uJTEh
+ qTCkNOYms5vV+DVGXCO1kfgqeQjgRj5vnMq0+2m3Twvfrj+EVNnRh2jrJbYypqRA
+ 6rtRGUFQFrr7b0rugaB+H3FIRffjrFy56rnW6iMwwcvbsEpAx3K56hm347d+vH+8
+ AcuaD955skQ8WnopbBYzLHmajRZZgK74JwY4bmEILeg1s0+gZy7xTRWsYQQZfvTR
+ 45Cq4wVR88QDNG23vVscABZIeV9WocSiCGlayo+LN+dOZdGpkhjnq76Qw/jfzd9A
+ h5UvMVsnHcvJMw1zo73cbdHlI6IS5oCuTLsVy/w62Ts6oTD2KsQSMyZ1E8QYQts5
+ ugZ7T1mRcHaB5LE8+hSIRi4Ck01gZUtApAdIXGwu76bSgspGfvINqOmuWpOd8+K4
+ uqXW0Wu5yEfYE+ypAmUY6sxfilXOV89PmJcIv56imZNEEnr9aK+u7rjqfX+41izS
+ XgHJhO78PVLoawWZ5x4tSw/Tjd3qabdr5dx4bQriUW1ghRJEt+X/2uDvYyMEQaxH
+ mM2c4FHpM/IyG3Td89JpHcbwVxktAm0fwjVswdILyyIz4bzht8+QsJHN+msL9OQ=
+ =xDlD
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-06-01T21:41:02Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//XakvJ2IaEP1Ynaw0qYQYOEyIiQp8SJk9KReYHDpDNuqP
+ emdLwZDZSVP/QqpnPC0diJkZaTM7yaSYxRmiXTnFd0r8bEYLCL1A6GBFXIFlh+8M
+ PgOff8TRbUrLmgEtyrkv1PMjf8rX0A4iSPiuNFFL3ew7m/MBkITiPYq+8YcE8yTz
+ vgtNyuYfi59TbKai2fcas4IX3bF0HeGrhAkys0aa2iFlH/lJj4yd7NqTAsOsDbO4
+ 1eplhf+IM8Rv0WND3UZCBNk29Em7S4yllFJpH4E9xS9noWqTEyMQ1qXeoq04BSry
+ dQ0evD1d7+gLacmV5+HQo5p80OhMSgYqrClGUJBO6eNsfE/hSc24MDjAB3rs6xFb
+ wGvzMWekWqosN0eXmU8Iy38bFeT8CWbAvCA9BJomwfDMbgE6MOjNo4PURZYQ0EMf
+ oMSRcTku3vTVidOumQS2a9qanNQW1dLTVigQvHnByNTRjPxneo3IZFIvqBqYdt1e
+ UbEDbjlDBQzqLt1vPEHSoX7FlMT49HZUY49yLwp/VMUGrDscApdLYqLRp9gbgf1Q
+ gHkh60sGLUQgUQZ65L1BRJgIm3NFhkJAtONQnJq2iY5f/1ZPHlAQVqrBN9a7Hp01
+ efrdHCvNMDvoIZXTpC+y7cnvnmN4fGXaXA3Z1dJsmai36Ak83hgtMhC7s75FMtXS
+ XgGlZQUDAnkpily0mS/ZQ4IMLW2yzcBH1BkHsuHEmFWij344+6f1TlrhObMuFD+V
+ 2E+A3Uux4SSl2RbpIfEcvZptVeVB17wutOuHrVXrn1sOm2+cT/k+Ousrrfrm4v0=
+ =j38o
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-06-01T21:41:02Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/9EYMqHVt60BlFDSZXR+J0/hfnxutbvta0CPkAUslJIQS5
+ XiPcUeptVEmyLUz66bw17m1R4j4miDW8o+3JVQH3oU4YYQPUFHcY/kkSVU8yuWp5
+ e8KkSkVTOcUaAyiPNTY7YswOjWcHKs3B81eSJBAKGiS2y2SakK78fZMan5x6vUJd
+ s4O57hxZPrRXrps08zEiTC+uI8/Wl+5VvoSfllOAqwaohJpEOzt2A74aBz3cit9T
+ yBwHb8nhaZ17RYZ8DJtGyeekMlgM7vj6IGWUbxb38C+kJlY/15MDIKKWEApZ2/m2
+ VXwUR0aJcqD/oLFOnQO/fKTQM6QGnrgAQFF8Z6X2pZqIU9W6vxNHTGEzt6cn3igS
+ 0Wvp0hRQEkfyYx94xPGm36/GM4Zqhz+W2YRo+z121/OO5PWBtMxLUT39/PKBDROw
+ BU/QLPl+l2nnLg80KQqcUw60HUXZIpR1p6KEQrmK7+jrDPIx45S1NI1RmNiMEv6y
+ h35boU1/0YymYKkt6nFyz/GvqD4qviCLimz6/21a606TaIx8LqZaLmZ3YdXk7yqD
+ XcHweJ1EBbhHkLYYCZsG4tNfJj9hBgVimOjjiCnr0lkzxKAPGdVghmPdwFLlYXIO
+ V+tAi9KKPK6SRdVBuCpzHZyg6JLiFGmUsmL/piSY5hXrvv8p4oQp/TI4S4Yblv7S
+ XgHt0Xy2jfYFUPedR0BMta5TqvaNjDh1qxAZepzbWRwiDjHiQ4gsAvjytUmiceIf
+ KJDhKQqUuaNYt7cBsNF9PgtSkD/ZuF4oTRFVqM6tr/JroxjSrGjg39T6lNtGo8o=
+ =v83W
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-06-01T21:41:02Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdASHcTIysPla95JELBmv3+guJ1Ehx4VGq/zp8NFcU/nG8w
+ +o04dzI96ZV58cNGG0GZOpoq83q0XbspKpnzMnJyNtlbsMpVXhVZgrneUYY4EwnB
+ 0l4BNnrT5pIFX8+6dP7EytxWU2s1UTppVYgwELpWnWItZk+W0EgiK5f3V+x28nh6
+ psaXJSFsGOJaBJsitMv/GDyyOu7y+PKSKooY12GujdK4cgu5SZbzeq3iYcKAyQ8a
+ =TEyd
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-06-01T21:41:02Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdA/Y9Zxvac8WQmVo0KgX7LTs9c8GgtxOEMMUJ8QxP7RREw
+ NHIIMCpoidBtkB0RrLvObu23W4HO8/j4zrKV3dBmi3Z/6cdxbLMp3Kl6OK68UcCS
+ 0lgBLF455STDbzpSuZA7fMgeexxpB6rctYJt1EbVZ4Gq5CMdXEilccr+wsAqA19N
+ NFrV1QL5nlk9/qxU6X4DUaLcJP3/MAUga3ODsBq/5goVMjyQddDpprQZ
+ =p6Oh
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-06-01T21:41:02Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//YkQT0gnE4CS9iPm7kB9H6zQ6655S3vspQ/ftbVkjDgbG
+ XUlCIZOqBWcY2M+JDCSHknUsj44F8Y3COlC8c2nSKO9sFDheaDPiSMqtJxXjbuee
+ gdpbvc9pjsnIdWP2HDgOTsAtX+/qjh4OACWVjqaJI6H+mDA2EaOpt/cp00G41v7e
+ XwTbvGgeW0nwxwPSS1UzHr5oVjwBlKdZXVqjuZT3tzi+YzqbSfQ1uWwWpS8flVDL
+ yCPTaD9OpYPq16ztNJoviF6+6eyTwQVfmJHq/3DlZrmhIIcd0wsx6HOt2g4RjW4d
+ T1mAuHkGkAbxcEU5TiHzIBMCAEHEH2s4TCs7VtdG2pdjm/Fq7oz2aIsVdwI7dg/k
+ wbOGoWDvbY8YqiWD1o6RDyhDySCkuewwsi58UTDFTC7V7CJWnTapMLcqenoNOzUJ
+ E+aM/kH8zHdTXpqpOeYwtKWX4FqE6UHYJkWhI7F4KzhyQ57N+98PRoPEfXoukjjb
+ JsBWBuJg0pwNrz7aRurCMvYpW29AXuL8WbceUxwZgB0P6ztGKdnU8NLhOZj2DkE/
+ OLz28t9HtpbAfOZ1cxMrNp0log0hJFXD7g4cRX2F/zWuVKuWn0vUvhQot2GuAuw8
+ DRG0DJGSQEHhyNjtNuLufGR6FETeC2CNnpeXxXZhqik1kXwSB/AompaKZbjJGb3S
+ XgHkuxjOS/a9iREdy+vW/evtGnh1uMUa5/phMU3VGKiCp5ozfuwaQ5gvVMrE80b9
+ loGh0l/S66CyIOO1eXBlqkH5FxsMcvVAHB1u8uEZ3T9Y9yh0ontnc3LDWUpPxls=
+ =2DaK
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/inventories/chaosknoten/host_vars/ntfy.yaml b/inventories/chaosknoten/host_vars/ntfy.yaml
new file mode 100644
index 0000000..23c208b
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/ntfy.yaml
@@ -0,0 +1,99 @@
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2') }}"
+docker_compose__configuration_files:
+ - name: server.yml
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml') }}"
+
+certbot__version_spec: ""
+certbot__acme_account_email_address: le-admin@hamburg.ccc.de
+certbot__certificate_domains:
+ - "ntfy.hamburg.ccc.de"
+certbot__new_cert_commands:
+ - "systemctl reload nginx.service"
+
+nginx__version_spec: ""
+nginx__configurations:
+ - name: ntfy.hamburg.ccc.de
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf') }}"
+
+alloy_config: |
+ prometheus.remote_write "default" {
+ endpoint {
+ url = "https://metrics.hamburg.ccc.de/api/v1/write"
+ basic_auth {
+ username = "chaos"
+ password = "{{ secret__metrics_chaos }}"
+ }
+ }
+ }
+ loki.write "default" {
+ endpoint {
+ url = "https://loki.hamburg.ccc.de/loki/api/v1/push"
+ basic_auth {
+ username = "chaos"
+ password = "{{ secret__loki_chaos }}"
+ }
+ }
+ }
+
+ loki.relabel "journal" {
+ forward_to = []
+
+ rule {
+ source_labels = ["__journal__systemd_unit"]
+ target_label = "systemd_unit"
+ }
+ rule {
+ source_labels = ["__journal__hostname"]
+ target_label = "instance"
+ }
+ rule {
+ source_labels = ["__journal__transport"]
+ target_label = "systemd_transport"
+ }
+ rule {
+ source_labels = ["__journal_syslog_identifier"]
+ target_label = "syslog_identifier"
+ }
+ rule {
+ source_labels = ["__journal_priority_keyword"]
+ target_label = "level"
+ }
+ rule {
+ source_labels = ["__journal__hostname"]
+ target_label = "host"
+ regex = "([^:]+)"
+ replacement = "${1}.hamburg.ccc.de"
+ action = "replace"
+ }
+ }
+
+ loki.source.journal "read_journal" {
+ forward_to = [loki.write.default.receiver]
+ relabel_rules = loki.relabel.journal.rules
+ format_as_json = true
+ labels = {component = "loki.source.journal", org = "ccchh"}
+ }
+
+ prometheus.exporter.unix "local_system" {
+ enable_collectors = ["systemd"]
+ }
+
+ prometheus.relabel "default" {
+ forward_to = [prometheus.remote_write.default.receiver]
+ rule {
+ target_label = "org"
+ replacement = "ccchh"
+ }
+ rule {
+ source_labels = ["instance"]
+ target_label = "host"
+ regex = "([^:]+)"
+ replacement = "${1}.hamburg.ccc.de"
+ action = "replace"
+ }
+ }
+
+ prometheus.scrape "scrape_metrics" {
+ targets = prometheus.exporter.unix.local_system.targets
+ forward_to = [prometheus.relabel.default.receiver]
+ }
diff --git a/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml b/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml
new file mode 100644
index 0000000..15d5c9b
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml
@@ -0,0 +1,236 @@
+secret__onlyoffice_jwt_secret: ENC[AES256_GCM,data:x9eRTm9WrEFGdxDb8JfqLYu97NSBRvhknkEBx/zSEQlSfcah+CVNNM6JcS0Y6d9PARcGv2jGUyakuNN1wYmzYw==,iv:33lWNSnQkljr8S9uj+Eab/fItyKAH4/xAeckdpvzl1k=,tag:Ejxzaz9nkGLT/mqKF35M1w==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2025-05-04T13:57:24Z"
+ mac: ENC[AES256_GCM,data:Av9x7PAOBhUoCOCF4al8/4BnpPHmUb1JvCv+PKrBmjPBVxW/sU0w6oYmUNjB4OKxI4615pWpfCsG+kVSEysbXtrRGp2RGqhnSKxS5l21W6Qy+IEkNA/jcA/teUGEOy5Qj1SvgNtWvXEBJgfm9eCQxC+w34JbzoTs2q+6nSxtwmM=,iv:HD3nBwmnOGP6MZdLiYv0hlNcvK5lSxJNaoIkr3Xadkg=,tag:uL01xCeeIbWhsdpyqmUyFg==,type:str]
+ pgp:
+ - created_at: "2025-05-04T13:56:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtARAAi4ev6LCZmy3XTiub9f40XANKkX1SsM+b+GA7CFRRCzR3
+ eCQ0H/nbgInO3Zk/K2DQcLAF3xfpdZZGp5vPpIj4B+R1m4B1bMRlen7By+ebCBUe
+ 1iM0hBnIK8rFejGCUZsJOSjF3tknQpFyneYj4dyebyItceqENWekZs1ZB9xHuNtr
+ omH1BwjFVEVDo0bU4y1Wqa0M7ol7qCV2qLHcy8ByDkYwnRs3rbhH5dfc6Dpz0F9X
+ SxbuwPmTVR1iHh3YDJbHwWWdLdjZmnokb/q6hBLWLn4QB2p50GxlcIv1Qa3zKJk3
+ gE3y0PLQQIDqnrcBmpPm0RC8LCcZjpUO83O1eGpHyvLyUYtlKOCE46OFYt3Cf6D3
+ ewTc1Ot3jL65XZnsqXEI/HU6ld4SYGX4eREXu7CCFmCa8D717H9cAsYsnEvKXmXE
+ 6Y39ujJaQNrSm2iA6xstXTxG+RxS37u3grSFOdnr9u2iQ/gfYuTVnuongQqHmquQ
+ ITvGaJsmZSfzSnqxl8PMdfcrrsfJQkRWz2wSW7Al587FJibMUvj6tUHFTnBxYiyU
+ 6qlcedYsplemTt/eaKaEr17ILRhFCeNjuNy8iyc/pt4R9Ydvmt0f/xvLlgZ2Cfkj
+ elqoX5TggQIVC/g3LXg4P67g1fIfO++RKIwchH5T/nmes301SFpRUGcln1LgMwXU
+ aAEJAhBsH/RcBipGLrtr4sa6yDgFn2a4LvMVyHyy2is0pLGCbj9wnH9G6lbVGY1p
+ FYk5CC8xyuhjqvOnWoR4Z53iGfOdSItj1MCF+xHJbPt6MYGv07EpXQ9UCcTDgJ6l
+ +ZWXseBs2gSW
+ =TVj8
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-05-04T13:56:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ/+KdQllhSGq9hkUnPisBVCoFuKALbN1GsGGWq4S1Ru5BYZ
+ tRCRPgkdWkmV/whrixcG+8vCAeITXXFdoE+Wb7T0CgIIvb6OmTgroOuCOWVfoA2A
+ VkjME8bVu0HINOnJrP1uF442u23DfEoc5wHSeVpyyoOg4hU+xaLH6ZtBRDOj2dgE
+ 8VnHQsuJEoT2bHgUctTlRds1MhzYS5Qfc/avYqVS7gDG4kQ7Ru9eF/Gm1KTopfAw
+ S+Mc3xgH5TmUP+iRY3mEAHiNKNrVgS9+67S1x5XkTl4XeHJ2vjFQthZpGivHy7NU
+ +FZje2jq8IKLLZ8+Dk7xgDGFmXCrZV/o6HTZdyeSA+OzHLRo3eGz+YWaxmoLzQ9W
+ QXXhCYFhTw45SM6r+OfNSpt3LD9ttLU0LYex2BwpAugYHCJy3nGtEv0na311wQN7
+ 82yxLQMFWwhT/oo3X6VO/rkG/ssy4UAo1RLoz9MHvuRS+r9vwOPXKSEi/yiCdZEm
+ tsZZqMNIuLu2X1DsfOpoDYqJC7Ig19Kv86j4kzINQkiVSrm7nA1+KEtcVLTW75//
+ IdPpxCKxE89lgZ7U+cpqmyH/zLqxD+27e7Etr1R9AxeSjfhnHeLIl/iL/i1rE9e/
+ BJfRVWDJYWtX4rTsACFja8FVo30F65o3gAXGk70eFOSsem2l5LQSE7N9/Z/MgMXS
+ XgHX9Pjh6kqXhdE0vpJHZtM1HlZaoeiuk07BaavRQrIMlT/FktYd/pUzFciLeE6V
+ G4hurfbPVAs/swBqlvfB6fyos6patbdMcgqlUv8b+eR5waUda5xOd8f5bjAPk3M=
+ =tdfb
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-05-04T13:56:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ/7BadsqdHPiQ+uk8uZoFro9dkwAUX39SPbBR7scJYI+gaR
+ 9xu6tZxG42+xDD90KePGMVhpeCI3J/1wjU/8pndCdcu9ak9c2yQkIlARx1UeeRkR
+ WQhhGTbbDojbsFQXkkbPrQpoZgv9hMFwsApu1EduTVqs1+IY5q4aYwM1BkMCtkAA
+ 0c6iUoqB7XAJPUy1hUmlzf5l3w/UOceRaskyQKtMujzfiRJ7uzPyrvUGU+ee13WV
+ 0bueMMYSXvq59OG5UtnN+weFM+U7kiLhfEJGvtKZv5jNgJRF50HYoFKZvMVplAQK
+ 0DFaAMxOZ3tHObNOHrqW+kCrB4MJzbfVTguYE7y774D6KiuAsv9M7iZMBmrbfh1e
+ OA5AyU5gmTLmv9Oh3MdGlQeRZnUHAP7Zq94xKdpz2+8tP01xpzS3ZeEd9hsVFe2A
+ Xy6vvrBLececfl3Rv8aXyTp8uwcF/GwjwUgKOeaA2Cm/yOPJwTHuh3veZS8LRp0E
+ l7Pl5Pa2LsmUWRzpijr0HZfkKKLRb3Ls1BZaY3bKVpPTEFSLes5ntpFgodkwfpbw
+ eGpgb1+7pl29JG8zUv0YOSFXegEcxFfc3W8p5vU8/Ye3cVioh6LDVLwDxN5+0Fx8
+ lO4eIgenfFLkZkuvhMZIze4B2dpTuYa8mD5BK6VZW2HySHz1T1bYQt+IsEIwuyrS
+ XgESEz3S8yji3+xXEnIGxcDCp6YwC0oFOEKQ4QbLAwj7FdY/u30S8EvXWuifL3R1
+ 0tULYwYtfFcHYQ8ZyWvM7pWaGoCmOiMcsFRVMntpV3KC3DBuzjgH46/Fv6j7fF4=
+ =7p5H
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-05-04T13:56:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//eDzl6gHIvhFIr2hUz9q79t9Gl0pyWPlE5FnQ6devf8Rm
+ HierL2+FAJDmNLbGz0lleQaBTsbnP5tadmZXIdSBpfq2Sb/25ojOudyQK0WIYzkP
+ ZnGy4cmDWQoht8yU67uYyzTZBMhkknvZt/OyBUoQ0vEwpmXMdrPNYJ2LirQ9PduO
+ xkP3DeorxWdp7ZX2Bq2zbgnZmNqpVfF57K9XeegthkmXCk0al0KojzOdQ1BmwsNy
+ D028Bir0DsgxoRnibgBguxKBVDgsDSrF811Nzq+2qpi4A6rMKCaPBs9KWwud8oCK
+ vr1Pa6BjRdNbzd68AmEWx6jIYdcXBc7UBk4TWqg+stBBEHsaiqpUBEkfO/sC/Zyi
+ wicgBy2K0y/OLGm5AfwSz6ZPHs4bp7S81l8Qcc7I1h3uAKHNPMsE+2EQFr+I17Yx
+ 4UKpY4Ukh5GKrACcbo3oPPNZ+Cj5ezK4vwuvMiMnC4kUXXYGv152FMXjAZKqkKaM
+ aCDW8kFHQT9w8SJvVHPkQlB9BcNUACm3uxMOiRylyx9mnRS3ArKb7VNtYUs8iSRG
+ /f1Pm8+GqFxeL0RVEBxJ0HN5ttpmFhVupsW0yZou1ZFRCi6smQkDEEIqOGF1ezOD
+ Qeit0CEXA7zWa6oq0qGZQ614EleuUCu4ZfMu3N5Pe3RBsvfCAGIMMrOvPdqpvg/S
+ XgHIP3i9X1RJrZof2fAXREOMpS3dl6ZgjE7mjDg+yGcj5kP97I7ZaIf70l9gdvds
+ ND1LI64M84cEzedw1NSXo99PwECql3J8A9V7zhkEUg/cH5RL+FAbIWxNTCWpKO0=
+ =tAke
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-05-04T13:56:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4HMJd/cQYrVARAAmE44WT8+FIbF6fZxo/2GFw1S7j2SqMzFe25qz/Ad68Ow
+ XDEr4P3rsYlQkHNP8UDjX3vKuN04NiYoQ2HkNHtpsXNwIpdji04SAQOTluiC10pk
+ gaIZ9I0SYYP2nbhLNdIfBQ1lJ8bfhPvBpZpx6ZSreBUT6Gwwr+jDi+uYDdKTwajK
+ XbZvATXu7IY63GbVScgFcyzA5fPUFcmk9g3DTxzzAsWsCG+rnaU5ZM1BTg2xk5CF
+ txd48+GRNV2ATGYm7ZQaTXJCSGy+PFZY+RWqwSdEQ2z8Y5dlh2Q1CYctc9l/MPhE
+ NlTfaIve2Is59oLFI1yX+6qwOAKY94IARTMqLVtt6pyd5Aj8NOKY+OiOMhdOHvMZ
+ bQEIzn2yU8k5m4l6hO5xnuGS1aoCVAhznKvEnd0NVQEHS+Jh3EttyhjBbJ+4xwFz
+ IVxPu6H0x6k6v4gUJsw6F+wGO/7ArrcFE/2l7yZZCQCk1NJJSWWVyb+AnGNY1oFv
+ rXB2OGEW5kNtnfywKPzuPKWZR54mMWjBvELTpNmXSfCwnQQqrw2sVfPvcSPHugyu
+ L7D0xDHqPcMsta/zTvJ9jDQdR2hwSjOonhiXg8SDdmBdhJh3Lh2Bk48lCw6nAe6R
+ cDoWIFPehWa+6U9OfdlWyfq5xIwrR04gO057Rac5MQ0vYaew5vRYTSEJTQKT4unS
+ XgFi+IOrYnD0TctC8R4vtvwbPdpnCpcLc6GZJLl0Y69zjF0QZ+I0sjEV+MXUjOgl
+ v9BBqcMN/++AHK4i3EdXYI0xoDsBHk7sNOixuDZ6IC9OdOcrCfM2SsercleSvBo=
+ =G626
+ -----END PGP MESSAGE-----
+ fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - created_at: "2025-05-04T13:56:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fARAAg5dlGGfsMlpwFoh59zd0QnP7XxwSWEBcjHbNK3p8/Oev
+ ttg2XEzB7UDRs+wF/fx3yhUj+arseXIDGPgj4zcE3ci2RQHe8iZdAIWc8ysmIZPM
+ AaqyN9OWkro5dU5WFjGj9zDg9QdkxVO5TmYlnFjzNV3BQXbghiLZctaWl7f7g1VG
+ TKOpYrlkU+yacWNc4hZ6fMM7kNFvdZPtJhU3JQo4WiwUJTDGVFJIPSAzDzpP13C5
+ uCgLwpYmJUqFdILKtJ4KUDy0J0xCh3cTYpBTFQkTB6gErNTF7KRUJTT97o3FvgBx
+ aNn3NItkzH8bLU+k+7moL/Fmqf1Pe8td7G821UHr0RSNNkjIK+J2A3W/TA6BqVSj
+ zVrXxcL2G3o2TynXBj0j4apEYVSaiI0RYqTNRBrFAchdpvngApVlsV/3W636A6r6
+ Knv/2ZDIBPcB9gXpQ8yXdwkuqi8oX6855+yBTkvD6uhznDRBbHIWuUacH6oXDBUh
+ ch+zyUPWNIZdFipGYZMRK1hH2irSO4B3ku/AVvhqN9QraQCIx/T5edV+GN5Pu5s1
+ 2WN0VMZSqs1G/uovdpBoeanG1ORa1BDhpaYUKbg8wrBuUjqCYGBvwK/T8sdFWn32
+ OElv2B6elBOP89e0MKnofPEbO4tEISTHhx9jsIkQoGYxXigI20LvGe/6NHB0sZbS
+ XgHqxM14i8c8tq13RChkiefbJcZFYAA3MJ73XgPGyWZENZeWMyEBpqPcUMf2NS6/
+ cY3X8JJ19bl1zxIRj1vQ0d8gymVUVSTl43LmwGQR5laGy/RazpSsuyPA3jttFfQ=
+ =qvpP
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-05-04T13:56:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoARAAqG8RlMqDeEcKRnQurPI289m2uclG6zwhqpInu7+9oRlr
+ J2A+NTsMG87J3ZPs7O2LPR46mcVS2RgcVWASYtPuSB+TjKaqcg2hL+Ldl5JcTvKY
+ JwRJ4CJ4JLaZjA3qnR0aznhOnP75rTCbqRBw3/Z0Yn74Qeb8GBMRZga1WLVjZ5O5
+ oPi/omoRE1oEwYotLCtmuNXroyzWFVKcDjvU3nfKth5ik0UDtvqKGD+PedsHq021
+ b5rLaOf6c6Nto2TtjUq/oS8y0GTDOl7kcAsSPFSqWoMg5nvFrDf//W4hCOIJcyuh
+ HYz782UXvNmijS8HD/XzbFspjKuGYw3pv3/lGaZlJo2gq0pv5sqDLSimFihBE3/H
+ P392CO8yXDQO+T5z9muKXjSi6UIzcrTtV7uE0Z62iqPDgMsGIE1JdLbfh+nRA8O/
+ SS4QBma+40TpEXxB6i7eED57ZENP3jAky27B/yf6DcwOk4rTEEwxekb90lUaYgtz
+ zzzly71WDxjuZHfq0SqBBLHoFpCCiusHLQMn6es8ktm1pk0MvmeuJjbaMQQoA/YJ
+ 9vMEye6NFwwGEmweQv1jArZSYIQ9fZqEN5exSB2H+vWXWbhFGXUUiHsYTdRAvcrx
+ CtVQAD1oqJKHyNqEgXy+cHCtnOe13kkrpC3QK1I3BKOZiFklK1AtDY0o/x4zRE7S
+ XgGTFjbmTpKdC+c0DBXy4YEtuVTVJJBtFp1lqRDuOtaz3H5I+ObMRoj8eSScA89z
+ 1kiF4Sxi1vwUN2Tt25PTq+h3yevLTCkQjmCu5ZlX1VmJkhQLfAkW2fx1s1FWUDk=
+ =C+q1
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-05-04T13:56:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//R07J/SHXxPpoYuJgKksCn8F07DhTEmRfaYjfCMq5jnrq
+ 2/fUWjcKIaktji9311WTni5XIwmInLBHQI35rfQPdhcwK4CUm2SlejuN2WJ6foiy
+ vcz4NNqqV2JebGM0XQZ7nGSPZBRSQS1cDkm0rg5NYKqIaNsMfC4qXZS0RL3ZzGG6
+ 1O/RMPqulAqE/yvWNELxQ8tHdK2fpAaxA6OXLdaIoXW8547OEpgC6Q/pmOH5sX8K
+ a/5ggWEERkO8nyIy6cu3TCUOpG3JnNzYLSNRbEiT4ISizYZpkY7JV9Dk09BFPKUq
+ QzCahGd7eRNDkdn4cGBVifDV6ZKJQOPt0k2evMmogfitvEBKsQWXga5okN2h6FGl
+ Y6Dk+UMSQumiIi0JSDMgghggG+znb/SjDLzSpVByj7hB9n3MsH/zwx0BCBlOaY9U
+ o9SWTLwDBwGSepPY5gGE10TT1FjsDUplzfYaYm9DEmStZOjcGwRLZdgYR2wTDXRb
+ zLmt7HBVFBWXOZekChdXZgbfSMSmyWuv+3EqRy4ka/7f5a9S+/PcLds9BYmIEog9
+ cYNJ9UIYAPLQxV8RusvinVdmESQq9qGkU+warULpiojiqtBi/1DQf17WyaMkJsf1
+ C815HyZ5/f+wmpfoIfzOOahqzFNrZYSeRry7CDC1tKIbvGyF0UXbC3uEMIHV2ITS
+ XgGM499+EOoypvg4HYtkqgaR6ZfQY6OnNjPe/5EWMMCRBptbVwdftI3ErdHmB1At
+ FnSwOIylhb61OP8V4Xt9VEpt7Eefo0lKBw49/ZMNeu5ExLlsE4kSjsF8+peVnlM=
+ =rVBX
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-05-04T13:56:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pARAAi6wp1TEflhL7zxt4R6zMTTBSLxSLGCalwu2IwxSgQtk3
+ TiAq2dITnEIUAhOoLj5k7n+UcPESbo+CWbVighzFvKLFZ8liEZU4dCzdZ1bGjrON
+ ZU9dWa1g/4q6McR21c/Ue26A6+44i8l1gX7zEbpDhALXNv/E9adXvZGkvVdtBjNT
+ i3WEGQ/j3Gkc6SZKWujAfLjVH1TbH5eseACOdPs5p9Rjj4bK0NhJOC0UJuzUuXov
+ Uadic4erEZo4FXIjTcc7sobIbvmuswu5RmGHqjJ2mga3vY+aUodBcvbKUYdK2bjg
+ IDuDfBpOUi0A6dcEXVPsmdBTb5RGERaGmizPCZ1vvfm5LwLiWEl/MVNUCHYPQ9oa
+ Hh9ro20srtMmOlJ3qPexe9NXApZWxMjX+NMBqFtwTINbawzkFAYH0Z/rkunlO9GP
+ m+H+CjHfB+7FAG+PnA3HDLX4wHoBUyn4XwSRQ3wPq5hWeyZwO1SUqw7LjofvbVLS
+ XpuefRFE2afiyV7qSn6mzaRjopiOhkG+aoms+i1CVMuB4+2cTErzi06lUEZXqGVK
+ iiFSw2GuLGuHYi864h/XpsjH8hvNNO+025xOAV538q3NoRl7OEkpqCWM/uca+9Ua
+ 9V1Vrvkjuu0S/rZA7xyhKRLUQhx1ZCW4jEqqKg21W//3kXZ8GHCT21kjgFFzcRjS
+ XgH30y7ByITFXq1aqnnU26/JbARgEHJaytA9O9xQ0oj/3DbwWUri/GJXMp8z2oID
+ kjzJnxDTiurtnx5+SVX4wLhsZSBKRxlEvcvHbc6VG3sxW5LKHUkHWYUNAewn0Rc=
+ =RR6w
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-05-04T13:56:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAU8j7iJ7e3pmiQqZRkjkzCHMx6lThEywEWihHRSzzOB8w
+ yJmbM9ayH8BeoFcBsAUN3w/x8R3XUhXcZyEJxCJ4LUDw7ocHsNb/vgDdIy3iTrbQ
+ 0l4BiXZaTGefImxB5J3DQC8C4mV/9TffMGmwwI4sWdPG4qIMZF3tyClEODV0fdMQ
+ EUaBJMipV+9gsSwrh133/0guHhmqrBHJsMK5VfWyRkJS3B4uoDBDNhsowgVqJVaS
+ =qwUD
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-05-04T13:56:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdA+yF+aDJr6/B33edmCwQI99FN2LQRCHI3T201VvwGu3cw
+ Tu7Gk9xvXUV2x6w1JmLy7GJRCyld9sUIaHJQxKXjHbJ162QbGq3Do5rbW1vF6/LM
+ 0lgBfysY8Q3tJ/e5V528HVO4HXkoFOqsTWr1TCwCK4SbvE50wVVJAS8HakirUITE
+ GUgQGmUUld2gYlWV5RONxYgnKzmmXqlrNf6Ociom994VL2J6AxxBpjOy
+ =ocy9
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-05-04T13:56:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//Vwpp7S22Xic+U5of2H2rcJwef3U1LXSMNHRGqewis2N/
+ 4qboHkz3GGhJM5eXdhF3G/5GiR81uK5qhqVkJk/for64NrobBKXtLwCkv5MurTBr
+ IDktHeXep2Odq6sYnKYtKkaHjxUpX3AZrjHeNdCMdveJFWHNuM6FaI6VdRUhF8jN
+ 2B+8SICIapNhbiLi+s4aiWczwls2CB31eJtAYKOcE+aIqDhY5c56xrfb+w/oIsLR
+ eKVzMSY4VwXMppV1BnYoJ+E4E+MDGPt9ZRs6cluE1xY+mXP1LDH3SL0fpTlxjJyb
+ nsHqJdczlOfJCciGLwhIUmidt2KPAXBfC/8m6eDfXyoNpqacZlVcwwos5bDHRFjV
+ 5R15x7tq9d9lP3WGNv2GHR53XBegp2kLf6Z39EA9hIDMMpkaI2yR1JnMD60MKjA3
+ iFTUN29VHcehbuTvfurWub88ZiD06C5SkiTU5O1ATfHO9V18TQ6qaBVNj/oGk+u0
+ BDF2v5BhpnyMk1GJFvzFz4ryDr8lNwwTb13DSw+LJgOTkiwv9La2gxlEq0cimIGG
+ 9fQzJF6vB5JjMBjJNCgevMUebpQzqeMVsgP7+g0bBuAqltXDyDyFz8XgFbGjB/ku
+ Fh8+0zz4c5Iro2adZlvTLlTCKLHlwpxmh0L6l9HGCmbAz9K7dRpX8ALXX3xuM2DU
+ aAEJAhB+VAH3wo2IlX+koZ4onE2uEO86YMZ6deezyuBPXN2/03TmciIwx81i8xog
+ kF+6h+JJbdSc+TJnfOinTPM+RYk6hwSXQ5rc3Zn277937KOwjX+mf6+lbLUETcYY
+ n4XrGcJZZyAs
+ =paIJ
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/pad.sops.yaml b/inventories/chaosknoten/host_vars/pad.sops.yaml
new file mode 100644
index 0000000..3a5b95e
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/pad.sops.yaml
@@ -0,0 +1,238 @@
+secret__hedgedoc_db_password: ENC[AES256_GCM,data:5Pw0orOTzb1xCefwx/n9h9m8gmEY6irE,iv:nZvnPSb6sXjS6k4wNUoo2PCJyOcwjm36gs9l0mxwAeo=,tag:0seJlVi9qTfBiol7mP6DQA==,type:str]
+secret__hedgedoc_kc_secret: ENC[AES256_GCM,data:7RyM9jfKnaaP7kJ1JwucPa/IAwaRc7Hhe9VYIKGEmlc=,iv:RvtaWLsf/X/y8s+DLANcyVgagJqGB7EkvQ2nYm2Xo24=,tag:amdgqknDGeZxUBmXsd1ksw==,type:str]
+secret__pad_smtp_password: ENC[AES256_GCM,data:msnYZYl8vP+OeISI5OOglQsCQ8vxMZ0gig==,iv:oqov/myWJNzUoAn4BSX6hN1fWyab5vud8NmT+z4ECqs=,tag:0T3Xm2zw5k5WmC9Ks03XhA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2025-05-04T14:02:14Z"
+ mac: ENC[AES256_GCM,data:h9E+eIum7jyIx78zJh65c/4QMZRq+stNklGuBGo8afYpicLPG/A9LZz1UeBSxyEoMOV/jHAIuoU5u1wmijcsZSBBjI0LZsBTnGLORWEZCoVTEVCUp9CJHZ8zQEVj4Gt+V/moR+pD4s3YLuywamjquvghwtOMYt1JzsePGcCkHUI=,iv:wxhwDM9hmALuX9Ko4izSQ270X1aaLH5Z1iu93/D/Kls=,tag:j0+XqgV43A6ry6hbHhGj2Q==,type:str]
+ pgp:
+ - created_at: "2025-05-04T13:59:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ/9H4s6rTjK0cS8+PQooMV8vBQdRcwLQ0MWvRY/Vh+eYnnn
+ +BjYir1lILaFllWmdN5+AoVV/qfSI5CeyPTtjLNiU8wMYXZfop2FFxmLRklo/vkl
+ Sq4Rekk7L2eqMMBNavsZr72jQ4DUKi8y5zUcU3HaQR0fg3gQrtN51z9tsK1Dh9NH
+ 0z9iz75+pK15utX4PVodNEOJ2AVUBGYD6gm55lyPG3OBFTHASuCtgtB0+Bn7i8H1
+ X2c3kmnjsxrPjnuCzUoefDRJZ+x5cXuou7n1dlA1FEveCrMGmGCOYComadRb5cTX
+ v6/ZREBqZDFZ2TTwwVPHMgGzWuSKYwUXf05aAqdLRuZjl8XWb6zIMECd7LrGgMUR
+ 9EHoZsXYT14r1LExHS+UH8TFQGH6VqbqIRtvAo65xqPBkoC+xWZkhg52X+5RGf/B
+ DtWHy4/PkINd/B2k39xzSOSfDMySz7X7+sPYY/iUUNa9IIw/fqF0zj2SYATwmATa
+ 5eTyrg5mI9MrkK3bIcqTR/4i63VKIhakTTIUmp1RvxXiq4z+tbXk+K/Add4j7jMi
+ bQrbAJ0EZVUKJPK1yi3Z2qrRcupCVG728tlLIJCikXHnob3TErY/zcOGk4xpJYNM
+ lO4GnOEhVpWBFl2FbgZ9GR5esk3pleTPaLoFOZrnmaFtBXD9KOwnjLuUyA9r2WzU
+ aAEJAhAyMWX2d8r470tzUP+G/I/J4HaQHloXrWiD33g2lJvEW1YdZHaU4y3nhoJl
+ GR2nbgYzpyq82rArHs4I5GVcrH9D4oS7Bw+KZKzqps7A1Df4ftnzACAZLht8IHfJ
+ rZqIR0O+XdA1
+ =A4Tp
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-05-04T13:59:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ//WdfoqXrCC6ATf/1IfCrAyayEFKmxAmA28Z3x4TIo0aO1
+ CCfSIIS/d7UaiyPd0RESklbaTjP9gNgIeH4YmuTvjZ5IcLyQRDyMZ09SsnUexMek
+ eDegXAZ8xusWq13KJhE/Z3K1Mq5zJIccqW6CMBk11Ih2jTEJum8hkuxZ1tZ7E2zb
+ l5kXwbaZyMZxOQ2dxtjFo5NNaBb4u4b+DLoGtREJloXuzcSjjyFvqw1iPshozFnC
+ Q2Vy7GYoqlJJTtx1A61fTCalNB3wsKmB09CBF1KjCakE9m/sds+K/Ufy2rTpZYrn
+ L8U1Oh1KBd4xmddOFKv0d4gPJpadBwT+j352fYZdcs/b3OqsLV+xw/d6jqSpZQA/
+ VhcCRkr/mAbRMSgL4y8HJMJ1kcjcRlTbHPBbK3QLNvKMoUQItZskPzcMStisjMQ6
+ mogTpNVVv7SuFYQnbGxBMpz3p7VD81b+zBvJhIBqldLs+fhNcmdF25f1UUKDuHna
+ Fq+eSOwCP0t/I8cvzq0xJkjfmK67exI4pbBZdIHNcHM98Y7cX/6gm5rqENNFzndF
+ vIFFVKQNI6+L4Rc8VGNO94K06yL9JQEamFzZhZLx1lYq2eszORLuKvcxWaawb1ut
+ l3LiZ6h9wALZnCKq7F4MjwOW9/ohyTvxdfRlQk2ByAu9/QwDcpfd/joxAuyBlM/S
+ XgEAlGggVJkwcPaqjCv+iHO4gKSz5p7oCtkSjFemU2DkG8CQ0T6pnEG8K7tIqVqB
+ cs2Oer3GDLueMfqJKWorf+T50iX3eiVxfu7QMaMBCfnet/TWGVLp0TygaixocIg=
+ =G1BX
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-05-04T13:59:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ//bBvBIMaPKjuU7Ig7OjUYcbWZKfQsYo/mQs7iuXX+c+FT
+ l/c2RV5gAfvJTyiDll3uWqeCr5IMFLTJAx49Z2zDHWrASYytqb/TP3SFWvpRPaT6
+ 3/xNBIL93tnvQ0E19acPcxja+1OzV5TYIHpr8K/lLQewHeUX5aiR8hKgrTzx94bX
+ 5w20bChCNsSzr7mWJE9FUsA4XyEp9Z/eUavaygURJXlEzjWXOw602w6nZ02qNuG/
+ lQKK6sHho1bHEkn+a8GkrInf4DBDro1B7XWevfBOc8MqnVdJi9nLNAMCUidbdpJN
+ kUQNg9Y5YxRqjZRQmudlndzpZGgkoGKMXsQhOJrBa6R53myqYbp5eX241L3JnWJ0
+ e24NYsGWqPrVJaOHz3Z4vGD7rNCVds9X2NT7NVLf1Nqhhzbj+XSx9YZsGE0LubIP
+ Elkp0/PJS3sKSbRycK92V4B/6KQB1jsn8wvBsBF9j6CF+5sxsxx0Ax5v6nTbdf7j
+ +CXlXFySNRJC3JG4R4rDeJsUI0nacu3ytSbgKjAlZu2BsdekADbJvkkQFl85AQy4
+ V0mQ6Ua0OMludE+7DRzqz/uqk1J0D+ayEClaiyfMTQ8feqnsm09UtuD63bq0RAyq
+ oVFFMV/ETHyqwIFArYDC4kH8xcvqej5rPxpYT+oBYGJVi992Ygo6AlFMZT3M3svS
+ XgFxaFBeZQreUWFDjHf+lC7WAiM6wIOZzJaAPSUvw0ZX+9MXviJGPA6QsK+zwMkm
+ FdOWyvxJscfyN4Jz+BxBPMKb0zIRBVkD5/hOnI1zuGrbOLZ1VX4VzKELYJOsLec=
+ =Yt/6
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-05-04T13:59:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/+LcBQwEKAeiu49BpBgShVK+fo1++dPXLsmr0H6+e54FRc
+ ek7eFEQUjxalA9PryFHLpe5i5YTf+vvo46MKKvaoKgT1XuDIGWGekTNc1JW9PaEw
+ hSywvYuvbJ745X7wCoyA1I3o1UHEcyKcn0Enlf05qjXHDFRXuLp/QDMwalD5pPlF
+ 5bwLHJwfePVTcrm4oxunh3Z/RxtU5P/8kgWhUR1fs+/XAmpEXMu+Th58S65oL+qM
+ +mWZGaP5GPw8C1SgpscrHTp1PNt/+phROKNMtF5XRaWCaNy9pN/sAQxRmy10QgqT
+ Yo7y88xa382RnLNNbOc1FguXvF9aGtiS5tk1n0y7xD3qmyuOENWOneJw3pEwG39d
+ t/1f+lc5vVmhCtySCZLwvC/NnbfOWlQg3uvUyVkZjkhUfNQxdtWNuf64irOeB8vK
+ JuZi3rHC6Lfq+YWHE7LOr9q+Kh0vwozFgh+e+N1h8oc6RQGlfF4O7bZ0dX1+b6Mw
+ l4G2y5cN65c1av6NbdK0yMRf5WkOFcQyBi3PxpIgIh6B4tLlc0zIJIrO+T/57Ogr
+ KP1rYNRL3tl3JErTh59nQaLq46MD6JL0VcOx8MLV7UOykBQpQDsK/QjiLvivv/Ft
+ qUn8ITJpgKV6svXl6rwRA1TqJ4Jf7Du1FGq3JwM/FFMIvZYs/Dfy7VXoTZ4yPobS
+ XgFuFt2xJLgYJ8UF5JM6TA6f8E954U8bnPunTK4ivOKOpjuHV9/LAtUoKaOcFPzF
+ KZMzARKjuKjMo0A8Zx68GmD+nzRjdaG/oqFn5pwDQ/RShBGb/xhxYGY2evqFUfE=
+ =1XH/
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-05-04T13:59:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4HMJd/cQYrVARAAgsYgw0YLTZ3HQuquRxzx69lbnfnBsEuIIB3dIo9fSmVg
+ Hco/UmtpBiG+G8hePVr5G6o0I9n5mGsue7aOsCBfn6KwqruYF33jhVeuwKrd8stR
+ u5L8vQ1sentyOzDC8QGqUhtjfhgdE33vIfeRNcf5re8HLIafOguD/Z+Z/biQ8fu+
+ E7TIAbDEfiRKAy0uUhMSmnYpjbKB3T/GmK5dTLhIR3uGDx1rkkdUNZtDUDZpi0BV
+ OiLw5mchAeG8opo5p+phcBHuODeHkPnVr7msYFfbhXf7Vq20bRvnZVGx5mRLT2wJ
+ E9JGLWqicuXGeT4UYa1o8tWHIpGDZXw2yldiJOLNqeAxrPjk7F3FybB2JDKhQV1a
+ G56zwO4isatYejq9dBzGh/LnUZI3cARsdtri1FhF806yMo0t+B69XUi93U8PCwDA
+ shDGSjSyNZ5IlLL61RPEGGH7QdQIbkwoJevmtlxZdqn5PmLoVO0JXx4oqP/c45UG
+ CbCbNyp+2l4MRLbwe+7ISVMxzSrYAx+LMvYnbD0B1dyLQOYQ5u0kHS06n3l/8x7X
+ Zhop676NKdKZ7/zL5f3awUQOAht+zkE6ZmkYx3BqC4HIoqV8DZ0VquYmbozSUqMT
+ axnch0h5R/lY/N18vwjLylYXaIyfqPCkbf6sTkxR5tLCgln/ccgBmi8x33H2txzS
+ XgEV9G9Cnu1PM5LX/KPDVs9kOiBDIVC6EeXn0RQDE4W/wqxZ0+YhEtK/f2z6LC3R
+ PVos1EjnQIQ704IBpU0QZhulF+w/LgNB7J4KZK7ssDgoc+pbZoCqck4bZR9M/Eg=
+ =b59n
+ -----END PGP MESSAGE-----
+ fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - created_at: "2025-05-04T13:59:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+Meod+NLyuAviYT4OIW2zNFzDTECd4f7Q5rBI2YX40a0O
+ wLJngbUizhw3bXN6nhHB2+LZAe55djpruxs3YgIC8HzgsLd1pBsJ70hktNkIFohJ
+ 5xbQGmJ1pBmPAkxW42qqm6D+7AnSeuisfQjK16/Ilko6DVEDq9WnHq/qJijU4Pwg
+ hfcJdvx4YOW899kxIzhuRFBhjCp34iR6bSE5ckouJIIprTKWTaPNJ/fd3y8dq6Z9
+ v6zHHEi/+hu58Eg1sRZ4yEuPM4zMbk8zZcUx2dtwbtYXkUkmE16lm0seUI34aB0a
+ IoYEAsz/6km5AjVRnAemcvAvs3wMQYwNI7khpHU/WPAswmJ2s+oWh+4E6mwZzBOe
+ QuYQ8WvBURDmvAsqHgLc5RMlCndQt/cXBoCl5lBhqSxM2LfX6EpKJITchSNoL3iD
+ oTmwJg+lLHSGBoJYR6d8eCEU1CLyqTy8ndfwsyQS6WwvLMFZiwQCDuadNhKc8aH/
+ 4opZRzFnvHTFoiYgRFXIphyF7ZA3UOXFSUevV/2py8yzJBJHNrrfnAZ9eA5Os3Dr
+ ntprOS1K0Gg7bTeFeqf9k7yArj9is8tBQggoiBmDqU7dxeT1+R3LswNf7kJc8sF+
+ PWzkmTld1nBJvxAHrdO36iGF+BEGGIT9RYpNvrKcaVfbu6nTh8JKLouprhNUuaTS
+ XgHVnwzbkqmPmxasJ2dou+ZXPLVD/E/Qrb6YM45+xQxSX7/IAOM3M6z+eKehtdhU
+ 4EaW/RdYsu+FcHETQ3ZMuDilC03n3AScGoCSQvAfxUzIRn6zSE1XhZscM02FTYs=
+ =eraN
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-05-04T13:59:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ/+JyPJOwIdP77mIF+anBSxh+39EClVLiN7woFC5iI+Ybd/
+ bz1DYEwumlBpos0aa1/ORvmSwwBIEgS/nPh8wBO9k87dqPSMr8JNR4wkIF1yNK/r
+ NpgXzcEy8IFgFpNBqSBKMPbSqSfYVFBT5p8iE3GJ9Uhr5Vj7KmrLRFY/tiK2Im7i
+ JumdscH5FJI6oOGyN3S1POgAQCuenkJQACejBkhRix4XUJkFh+exeZmiRnBmcDkx
+ mwkvnpuYtKp2ky7IaXVZlTe0VZjZizCL9+kANZ5saFl7381+cL1laDTf+Gukb28A
+ 1S/c/7qRYEFFF4XU4HyeOUKjvzykr7NwLJpL0Ct442HzLSWzt/rJ/W9wdlBDmSif
+ lwtEM9SGHRMSKyzrwKWnz2pND/HPZWp1NW+sbtZ3UYIK2OtgXUVFHenfVPwMpvDv
+ j+G0CBkcnxB+4slB3oz5HaTUZNPN4fNCAMuo3IGwmQdu4kA3UyMJFJnCGClwu25x
+ 2DYwC9ZQSpT+z5erbjgvr1q79IjBGjHcH8jcbzmJj+zpbxkuyP1R4GU+rvBQBr0I
+ uepMaF1CfdlE1rfe78//bqjw05W1kHfdwZxo8K9oVoqpq48eFI+uljvzWKZCZxMq
+ cSjzk6DHaKM3Ye7F5WLTbnz80WefeQPHzEskzv/7It+YV5NAh1uQQzZYPyzonO/S
+ XgF4p21DiHJQOYAF4KFO61OQwkhqn+HPcYS9O07P6uxztKpjbbBavCn2sBGug1S4
+ Cenu/9A7caqKG3CwhpjhfjMzbzxzLcHP0x9UJRZZM2/QwVykq+74F5niPZmh8pQ=
+ =HLRs
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-05-04T13:59:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqARAAoCGJHaddfsyhkNSlWZZZnNw9oprWjCig9SbXGtTOH9HU
+ qOOVn8un7rGHC3WKhR43ISz2wRRF/amYtwsvx4R8Q+tXHInpnY5wiCqoB7lZESN3
+ ykWr9uRdB2tE85ADPGg4nA1zzD9d3FRneIJNx07OgPilpbWejNqnOkCzj47CW0Ts
+ ZO5sOJpNwCCsbwrpQG0ZrkowpvYzHtfhr7Hgunf6qHCcWf5iMBGgG7Me+DYGf3yd
+ te6DzQI+1MEE9/lQ9ALWDb42MDFkoiZjUdzQ427DbpFyxXZFtkTTYIFkoF0pp61w
+ JNF7gFLmEGdRu3E2OPd4MBp/Uzp8HTLG7OiXIgGY03gsBM4TtsQaVz8QxiRJJVoa
+ 1gJhQORpf+5Ng/RrTrdRBVjV1I4GL88JjgS21mfSGE0Fsd01Ku/R84s1agLluHAq
+ MYjIKQwiXiPkyyjSV4DdOzZcAuWsspE3mnRSzs5TIUrTySgKF2zxjdPzgNrIQm8t
+ AHkCmbUPKoRlWRNkEOtr7H/xVRAN6oTaEaWhERK55lHSUR9JQVbuqkKKtxPHoHAP
+ XapyE3w5Rl8GaNjXQFq/ohekJIJCGwfmjAi6oHEL8f5uKaDKbhm4lCEab0TyvvzO
+ tkmrOkkshoPHizPbpLRgFi2B0hQuIcVIZJcqPKiJPxQExN2bpSxujujJca/NbSXS
+ XgGfyrSIXKZ4sJQPLpXiuadcW5E70RbHvie9/Z+cn9zQ85C9JR1rcYh2Z90FUrub
+ 1neXA2vnsrKVdj3vF749+nmAvKN4OJM2/qpP2JxV9kJbXPZ/SGuK8LrcGWrt42Q=
+ =H6Mr
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-05-04T13:59:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pARAAwOGA/3wvf8L1Pdmd2M96Z2WYDUqHI1AmeSVIIUW5hvDs
+ dljpGpCVj58aTj7c9ag0xViLkrkOt/Jy7zncd1uXPC/sFlVptr649rv5pa2vDH1u
+ ndzKe1P2Wfxt0yQ7U+e+XCgSnu86Nbrf9n7+BPEE8wfjOBJjeaEEVaxq5Z0u+UOm
+ Fsu45I5iWriC0SNdOHKJhbCdYCriwq+hTe/gt4aCaiCDcbHOzZZl27Wtt3C6uRAX
+ wtPjVoDtVET74UV6zpiSD3c6UebCaGefD1dYDTX9u/zHVcEAeirT0cxYaZH6GuBp
+ lBgWTQFWTKN9mi+/sSRhv2zs8hf8B4SX6XrddN1P0O95Ts5lZJ6oPNHEYpNeQHLO
+ o0OMP5Ttm5zixsBydmyt4g/tiD1dgzToqzk93Dh/Sj1XBGxM8s4JCsRWqQywwm0q
+ XLEUcN7b1zikilhontgun5ub2KEgnCwRm650ZDySpYwNLK3y4XN+xY0uHZaUl9El
+ P8vX6MHV9Yx8zZCre7cw8JgRlYtz5ocIFIWktWJTVTL9F9jCWekmNt9+FKlo451u
+ cOy6gt8KZngaIfHKqO9FS2FsievORpcWCrtbccZ6aGywrtKF1NyCk1kgv8H/WU0q
+ q7B8gg5Nd9VYUpCXu7OIhmdyQko9S4Ns2MPSaAQtB7lrUWroCl77lj6lYZvMe2bS
+ XgHcaZ5lvd7dhcbL7pO0WimyLLIrAhIijc20fLnJCjJY1HymrjL7f+5fp2xh7WAP
+ BTb0Sb762QJmvqu2rMSqfHe7a95/wHQuKOBNHs/A2S4S9YW6nsY9nGVz4ramS10=
+ =O4jt
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-05-04T13:59:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdARgDqFMNjujD9L9YTUTCEUlp/ihjCvO++SUYAosEpbSQw
+ EuBZnHr45gd2HNHEEWoy97TgSnSfGkj/p3LSSHNyxdaDtwydDG3xrshZWfGEj/7O
+ 0l4B73TYPgvm3QuBqZCB2Xya3O/4Gio1W7/p85u3lwTDLDXNDTrAbByEK7rREgba
+ XvTwyWBSEDmkwc65V2wE9+W6GMJUtP3Mc3mHQxVEQeoFPrE5CrlSjdD3v313GB6Q
+ =Cjb/
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-05-04T13:59:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdATTrR8/mJ7kVNw7oz1ao5P9q7vCfj2lJed8pbbwMZoykw
+ OsyqUaYWqofO4c3ATff0YPIAQPQr2r0cQJVws72vRRL4CCNq5cjyHqOKEpCqPxXX
+ 0lgB+pBH8dfL91ixxtb8OfG9cv8UK003ey8eoNlnwuhsdcS6HN/hzvP5u6upq6i6
+ haFibiCnP1zcUVKwCJxzW41SzVztBptSsZ27hpKUSMVIFqe3DksmEnUv
+ =F9pq
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-05-04T13:59:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//Sn4XmOHIzx8AoJ58vCdwbvElFwISg24Fh/9MLuW8lZFG
+ tUWsWK4Ar1VuobXkb1+81NtVXZ1J1iQGtM+/ez8xTm7DXYBs2kbuWpktUqY7aOP/
+ wOgzP8ux2IChJVyTXlHmHr0R6FtB+nmLTRuSzAoMaRnimZW6LbbFs9CbaoG3KVk5
+ eay1HzNA1Yhzl6XN1QkpYEhay9Q025WCdVwevxfoaME3jLAQUZoJ8FSHRLP8Jmyw
+ 7w5vLswLJbIqzqzlc63URPVdyPE763MKvKqiDTjXxpqzMhJ7Px0fOPMBkvuIkA9M
+ ZWiGhRvpE/bjb7Y5Sj7aVpmaBh1ixZBkQxx6gzWarPWetajMSc5csQezYhK9F/UV
+ yLNmpony2DQiKr7L2HPzAtC+GJQUt9lL5eJasFQJiyJJxNXBEttfeWwMLspD69YE
+ RtIrQCvXxZkoeMZCM+a1k6EKfkJ8ow5EwvuLvQW7CaFBB4OmIQ56lw9qhMjyYA3p
+ RCXQ1ixVNdDFyNseXxACBYWJI7BieCIsUTreMzphqYlaQkYpWf1RUehG8PP61Tx0
+ USJVbFeCu2B/fkS25F2iIbcsCvlhQ3gSZOLNBMAab6tC5GQAVpe5MsUMrifexTwy
+ kfcPCd2UxZsnD00NFwjhf25u5J7Hcqssa0L1V/kOYtMKg6p3gl3e7t6eMqYN5qzU
+ aAEJAhBXh7OMyt57H94F+XrJPFuxbU1cWdoUOBP3MXVZL6TMrT3KmAJ+apr4rgvk
+ Zigop7UWsAAvxsO6sq0dfZ+Hea7rTcpXiFjlp+4yOWjqZPPsPcKOJUcD6UJ6Wwq5
+ DQiw6hZuyEii
+ =dTum
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/pretalx.sops.yaml b/inventories/chaosknoten/host_vars/pretalx.sops.yaml
new file mode 100644
index 0000000..ae4bc73
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/pretalx.sops.yaml
@@ -0,0 +1,237 @@
+secret__pretalx_db_password: ENC[AES256_GCM,data:T9qw46sR88tcj4NG1oK3AfjreU4N1cIN0w==,iv:g2rr7PbFN9bFDg/w7vZBiuMB4p2j2uu0eQAyiweuQ6Q=,tag:0coJNAbT5W9gxy2fVOhuoA==,type:str]
+secret__pretalx_mail_password: ENC[AES256_GCM,data:HJrrmdDKzity4Fzz+JEj/kvddzHpRbw1Yw==,iv:dW15nSyYjzlFdPkQoZmJ5k+poWyJZ7dW5Lo8IFjtfMc=,tag:AZZObQRDMMoQgnPmqo/+Tw==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2025-05-04T14:05:04Z"
+ mac: ENC[AES256_GCM,data:sO7OHejtPDQNt3bfXl+W488vCqaIicE/iZgIw6dClwoHZUHDNlv/V4aubJk89vELCs7JeOYocqZhARrrHERUxLtQMf+YguA2fBYZOVZ37chtfIqYoceq9ygzzzI6/PQlO5oRoe6HkASJK5t9oVWdfWUmBfWWWjBGrsKbUGnlPOg=,iv:p9NZw6HA0oj0PWJYDIjUKzj3DAI4ymI2V7o9knsvjnE=,tag:AbMiE6WQSPkuY2AEIcHAYw==,type:str]
+ pgp:
+ - created_at: "2025-05-04T14:03:45Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ/9E0ry1ZvLJ8ZIWM0ZJ1g66CB6SDwECgyMmTznUKMZNhTk
+ F4k+DGuq8ZXLyqMAxJ4i2niVjsFM+VuKlZll9zlZJuwqdv/nACHNq5cJlymz7r9Y
+ g+iJw/vCQQJHCHX11FB1lfc9DodCUYG0p9kqiryEosAYAtA9Na8hrrlwn8Vtl2tw
+ ceDX0cdRlf5MIy2lOP4/3wz/PUOM2703/Ks5Ux999OXtjnyJ8ZKhtNu9vQjfKpr5
+ CyA7yQyFR3EahAOKt08D6kRvzMs4bnTeiK0qQbGxaf66pZZ3qFrfvsgqn6cZd0nf
+ 9UExvavAMeQ5FQ6OnYCX3Kdmz0yH5AedqZDxUeG2DNzjY9CTjl5s3zEmWQiR58i2
+ xmnifspiGnSguzX51aMUvHuOba0dIUFlnAQJVeW/ZeeEaHzqX4Mo2057ggYpQvX7
+ RmhRFuJqEGKYO+yNwkLudy4hxyT3TusV+VpNkp0Lrk9JryQ4XcOW1yP+K94WyQ9/
+ U1ZtWXz7ChetrnAZN0gH3D3+n++p+aXqILom4UOdg9u31NxrJds6SV8o/4QGoZOE
+ +JuYzILGNy2KwMea+us+JURT4Mnsu0FWZdTy2+5bi+ZON0STowhe0wYQmsHKAoqp
+ O+6np1AHRifiDDm90au7dSsvbpF0I1jwh30e4YimETQzNNxPma3V8vS9o3UHeW7U
+ aAEJAhClVMKjtMKzJhbsnrH+v6s4Y14JhgGHT0Io25NdwVxZVqBSffTkOdTnAOlE
+ AGU28haY6YNKMd3qhM7Q6/KQwDUaj076gmpqVnSXRMYzYoWSZFVPkPKQxrgPz3ts
+ IdcBWmL9KzRV
+ =OXzK
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-05-04T14:03:45Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ//REsp/BVDxvafAJ+1TRt6F5sUod1y94YEMnKUyFUD4gR0
+ YOROfFeyuLWQfp/aL/EhE1k5SqrCT10ryYkqRaJM+zh+WtGPpElbcp8v2yzS+CV0
+ rzudA2YWp7glyo4fvntsDlEgL1WSSNJG4MCXp7H24jRly3qqqqwhYfz+3HK6anK9
+ 8LpF4IzVtaeR7YsMSRLrEZLSrh59BG6Dqdu8xkMrQQcKvsrOrMCl6eNERepo91sy
+ VnAQyakzoB6Iam6f6KtO1blQzigi0wngj9fe5nfNMTLxhUQf2lKc2cJcj601Lfuk
+ 8B1Fi9OmbW3yeLHfFWJaMnoj+wOzMptY1kIIUX9p5p4JPV1JpdZPb5MqoB71WLo9
+ ecqQlPMs1smAOlP4NNAOPwY9cC0yWNirUy8Tqxp+82g+zdlRkPgRd7vNV5oPepIm
+ C+rpkIFOyTIL5tugnHhdp/jV+nWiTPybdzzzxpuHpHrBljyqz2AbLd5ECqQm6I4h
+ KGkjEzF65Mjx6JuK0+dJj8CRH8HvlhrUlg6/REGx91LAB/Px5MJ2djNncPkdb/NX
+ Pe7caCLtNdvIp2xNags5c8GgUTtFMLvz1CbyBca1/Dq2D0f8fkCMF8WR2H8GHJ48
+ OlYSisEn1BwfHRsgeC7LmhzU9E8bvZYx/9H4kwj2Sq3Hdcbwa/1EOi43SxMgoCLS
+ XgHKHa2wvsrN1Ub5sZOvHAZucAZfg7if/0gJu1PZf8FHI119Eer1XkK0F/GDsGV7
+ pAnk1P52V7JQikxqH4ZaINUENEZpRPsbiW5t4l1zAdlL++SqfRPylV7z3J7hXkQ=
+ =1TlA
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-05-04T14:03:45Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ/8C0WsxAkPV5Om7qIlukgulG8ekTeVHzjVHKaQhp2Wd8f8
+ Vbc80OzdWlCgu1iGk1R+dJAyJRioCfVA2gl/mf+Syt5Jm7PfubpNoxTWD2kNn1Ve
+ Kb/I1iUISibEM4bV+1g81yWKtzuvjrDZta6N5PioPqvjCExKHmYKFTXPbFZBFhYO
+ o3sNcjuOZ5PjBr060phHNDuw8CHWpwOc8NrzD1x0PBQRNuxtLXOJajpSr5bivOtR
+ AZuOvKBAJUYuttd9G04Qk9yR2rkyU7cu5Y/CNgoGIFvBqf+ezCf2R05/XNqjiGzM
+ wrU+p4MqPRrNxr6EnO4WvLWbHzKbinuKzzOW53WL4jRWXZ6D7kW3cuWKrI4Jxz1c
+ lFrUJQiUMp5Feu0+vKwm7xRRNbH/dUU3WLZ7GPaIXrbAt/8j24hJmE76xQ9IuDAV
+ HnNuGfUxzRBy1JfViA1EU69ihmTR+oYHbtR0nxK7AmUzdo33GaUQiz38evCOZGds
+ QzB+OedxV9guFOZNbgXZM+8rQGYGbTWPOFO0O6/HaQ5nPPsBPYbfp3PhFMpsD0Bw
+ LEGJyUUbvCZYlfGDQlzLhvkVkBWyglfu7vgh88ewW6FpMQ1QG8tT6apaHntQxySl
+ /Ba12VA8eDASiVG7yAnO+YX3FRgKfAnYErx6GDdG3iaJ+MFk7Yt748ls3v60nnHS
+ XgHcc5ZSDTCaJxCjIZ9158tj3j+66p6V503ybybVMJXBlXOzfqWeDUHdWAaM02tu
+ 9xA+VMmB9S+DQycnHqUZjI+WDwDUb0zgDQ4xDsojWBu9ZBl6MG1ZBPAwCUHvkxs=
+ =nvLO
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-05-04T14:03:45Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1ARAAqo1KNGrd/1PBCZaB3uDWOD/0SUIQaI+E+kIHnXukLoRQ
+ 72PLSErlMcHhVBU+Vhz60+JUjGMm69eDOrH05Bq3fcpCX2N1+TbUBftc7A34Po7r
+ diOb8YE/AE97uc5CDdfRaXii5aDRP6ehOg2RnAtu53dGyN4gfol1oMeSgkALSZmO
+ WJnDBYjLjpEsUPcV6YNlSy+iEqt+DfS23JTOW9MiZ7GMH4fh5seBUUVa1ha/IiF0
+ inZjanfkj3R/lWXbEJ0hzHz5AaiAn4BIT4ubfJf0oVEMFZYhjRJf3QkKt+OZ8EkS
+ ZduvHFNiLlOmja9lKucDogWpK5WULfiwiRxFXFu0oZGZ40GORzXtMASc0f1BosSp
+ zGtj2nJFqWYDn2D6pzaD7qgJVeHeWkVl2GhzEQr1ryyDu85n4pka4gGpmBykR5iU
+ GPiEVH3FXMfhH0yH1R4otmJGU1CbGpugPKlClSVhNy2em1ntXxvENtwq3l3x64HY
+ vxK48ryJIooduDrloJXz2+FU0+iMV+EgjnR/uZONN5HB1AXZrruZUMUDKPqoSRnE
+ +oCvvpgNa0WK2yG/DZ1A+lGGSw50fXf0C6Q2CNm/IB0cD/PLf/ocnWlaysBhR1uC
+ WIs/UdhPWYcgj0F/iGZA6u1fm+cVRhPi2dWcfIQhvRA1LUwxQes9iaE29OjvqVvS
+ XgFNLi2R8FIJqOCPuCl80hX1TsMOXcL6253ZkG+8jZkMoCJ5csIpJdO9VsQdsH8y
+ wPJ84EDRYYU1VinBb9cHDoOuMvJczGRR+RbP5DGCGsCLnZSuvZuOTQ2XMjfKRdw=
+ =DFRl
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-05-04T14:03:45Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4HMJd/cQYrVARAAkXjxngQK5sC5nqEUs05ziujLsMhgvu+lbnttSolYjE7m
+ akvxeAZ2I1BjMRTPrKzdCiJB5A8BMv+N3LIWplV1EcIhVDiygvw7j0iGbKmkV+LM
+ uoeZH9qZEcpLRhodysdpN0/1Rdo3Z+j5hp2TFr2xNudociYNrdl3Z5uIko9t9FEV
+ vn4/826xqTJlYQobsOS/kFmkxsbFKbggQ8U3nH8rmeThlglcFfrpsqIOIRnpwCSb
+ FKuuJzQcePGiFK6deO6ZFDRbVn3dFHOmcVJbuMaPXqPQPwFCYIEJOMrqNqAT5DPK
+ 7XOYxfsSYM7N3XQRNARva6GHuI/5JDm3f9/vfYbJJ9KNYa/q1Vslkia5rLa+3QHy
+ +4nkHX7d7yHuTVKqMdWzUySgMeLtoAQQWnXq34gzHp9aiztQZFryaOzAcy0YsWKG
+ X/DOkmM0kYQR0Upma2oRO14VAtXBfpe3ciULxtAtQKZZEeSYe4u+jpYH1vvl97XR
+ jPvYJM0Mwh+zHdgG8ljKAa6cY+cN9ruRaNQLMPiMeE6KcH4n3rAuA5MWMYR9wgSJ
+ BpFx/jZHZGl5GQ/Z+/GMl93Yq0tjd960F3VuS1WzFgZgL0afdWz9bI3s2CQL7Yvx
+ N2Y4e8KnrkncPCmEfmdjA2PncERBqzmVxEDhEQI+rDeOP0oY4QsrDKu/n9CNdb/S
+ XgHGt/VOYWTY//akl0rkMkMILrk7p85DICzuzRdDKdONg/9apSCuJmGgHKQaaCbw
+ 2uyOPXMth+NnRZqqgM1bXlZeDFfUup1kq02ssWwR9OXW91uHULm/JwwPUr1dM8s=
+ =Iym8
+ -----END PGP MESSAGE-----
+ fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - created_at: "2025-05-04T14:03:45Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fARAAgWV/FANu4i2YvmRLsUNKvPqi0+kbtd3TX2T9bHW6mURe
+ CJo5RMH5KXcpTydmeEphQZjand+2LU60yFjLDJs6DXr1GNIUm2Ro50RciYaszf2S
+ 4AIvQt2r6nXtN0wMnhrdezE/xvfspdqEPg5KneCQZnsfaU/n6/ZtjMdtawpDAqkt
+ tiZaKXcwT4iWFCWyXLeM2IxSPrvGFDgDMrSQ//CMF3X/uAmnZrm+sNRC4DXeyVbC
+ UJvp9rLQ4PjkKgnYVY1cT5aEUxpsHEw11iqSed4RMiG4Uz5Gwc7s1kj/BzhwcZxN
+ fo0hFTa2RSCyzrP+AsdaXtzgOOgsWFITD5eGUHIa6l+tAM+QvFWidWyvKEuvM/PW
+ AUSukYsA9DqrxSkzSV6PszVQRzalfmd9/uIlSNpEuqF3P5ZWCTKkaPQdxu3o2ZRA
+ 4Z5aGJy7SV3G2894RxldDEORk1KnGTr9UMb0WyGTU6yrGi217uOOorXrkoyh8NYF
+ gHrPyiazmONC3EicUuDzHZc7m9z8H2cMiFBDo06I/ZKvpYxN3MzwAwNp+IcQRLwr
+ sa1iJQ0ULoMyN608zqIecW39mXX0bQ1AiPhO1+TPEBOhgtCYweeCbuagsz4VdC9c
+ vkE4StGmE9IaQxRFFU4xNw84gtjUNr1zhaBp3BryW/o75TEViLsu1GNQOcsNjrfS
+ XgFUCxRxdK3mwYz4G0+fHCm3XWCCjiGJjEJpbb8uNQs6PbdUc/CvIUBUKgmLT/2i
+ hssKrKLQJXUBbeX4iMNoHigiIMtWHFwGNWQHZs/equBaYHGreDvwjW30ehshsIU=
+ =lGob
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-05-04T14:03:45Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//Szh96AcyAWvkP9oWGy9WujUFZ/LFMXSLQs7VauTPAXQD
+ PX4L2S//cKP623B/ZLMW8wbzqtPgoZsoIsbw1/VZuvKHzuTLMrQtGXquI0W9lgWu
+ yngS7UMkjnbHTtvnqcqlPNarwVyom7TNeHOQfNDpDZ2kjaZ0sQlfcl1J1qoatA+3
+ 8F69FdmfBvDsixuAS+6RvTljQPox1jRGr4XsWyXd1iF09bNcW5j5g1+xJmxWvNKB
+ 06oHjB8Dm1NeWlgUWIcG1WqwcHwisAABLcNe6AH3YrjM4pLDuc8QlzI1sSCIl/H/
+ DBZ90h8CboHv2wyISnDKvyKneax6/Ms0g0WL1xn1Yuar531V4OcTBfUYIUg6zhnC
+ qG+mSU9BPQQCyu+SlbafBo+Lq+jBoaXHQGy8RUgAFNePLdy7lkEzFl+7i8brdd9Z
+ q0hwdPhBeizKoX8OmxirkwkTlwYgO6tTw+nMxu0aw5zx7Xs8iVwnanzRz5qgv4SU
+ 0/+d+bu3QoNZBU7gN8NQkSSeRjo49cRrhgVQZ6B7GsViSfE3/DTWtOs9fQEC1c/x
+ kQl48QvAbvxfXk4rrXpLSvw3BJ61/xf841wvSQmBk0+ETGmq409GO4flaHv931/S
+ Sec+ulkgJQowmRZShUXFilXswCVUiGjICxn3zynDj1FW5JHiXFVBlcgouXe6J9XS
+ XgF7ts0x1XWYr6BfTpx+tp1DAzBNvrPiRX8Zt3R4p5e/+oDKOPMMKSes1kq1AztX
+ IH0e0HBXkwI0bDFwQ8AlDidwU0H9j2NvvlURs4UO7S8MVwU7NnW87e6n29U9fBs=
+ =JmXk
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-05-04T14:03:45Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ/+OR343oPuf8rcRG04hMz/RVmh3esYzuf9nXhXaX2dHM7l
+ x3XAar8QTBCCGbX/GWyYI3fYuCh4d60AUaF9mF5WljoCsqLzjfhOO7c7oyZnXM1o
+ p27ubDV41/N5dV6AGM7CPggLwG1J8kCxoXdmzz0OiqW5kTwuaBj54KrA72MRiqpW
+ ciHGA4iazWbYNtw7mNRs1TZSj4t1JGHQilGAjyJotTrzHl0Nx/7Vp8EzKQDSenXZ
+ LsvpB/47eMiQgxkoi/KqUC9jjBcWJHgiFc16TaSsf4p03s3Ykf+vkufTk0HZ2T89
+ VZ7gpnl2etdJ8B6hgAOE57NHPAM+NWwayLWkf1EYIMIfpVCbD4ht/itmdmdu0wJn
+ /jhmu2HOliJqIOgxu3seY5suoxtD8exOF3Lx0ir76yox/BOWCDgQPQD1k+OF0kRi
+ QpZmj94JAElcw2oRgwfHmmgzDP7Su1KciWhHY/FiDrh6Jjcpfri3BK7UOp/Y2hhH
+ jn4LY11KZFFuX+BTl0cpUnrC0bSa+t2ozur/OAlz41b3DyYXPUwzTamLBnxpvFXe
+ fUcTM+vaBHxNCj3rD56PAdboE1S48Gg+SaGfX6UuEtiKOKX9/Z03CKyxulFB0+1P
+ YE8Oecs3Z0GIOjndN8GzZrd4WawO8xNeSzlvoCPoHGNeDugNWSj2nNR8Y3Rrmz3S
+ XgF9IKzQT61HTVr0UTQU4P027AJybW5fN+5Ss5aQyu8VmZQ+IGcyXPON/pnTNHnA
+ /8av/X1oF9WT+8nH58D+/SuvJqPjRqIzgsH4snSdZ0taOQcAsgy2nxrmobgw10U=
+ =j+5I
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-05-04T14:03:45Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//YWqadDznsC+xH3Ar9YW4K6vnWH7rs7AV3Wter7Fe8iHa
+ QIDddf8cWftX/mZIGGYjhzEbyau509Z2Dc+rB59FvpOMVV2NKFWkCBYAxVKTjk+p
+ maq/C3rNlatDWsGgZuzVhKm40FnOW23NquAUxcHYiSXXRZl6tvokdl9cS9jF6QaD
+ 087vj9pCnCsQT1BtXP6qGSSyQO+tJsIwR2Jl8eghbdPwcnm2FLL7mfzn7qLKxOpy
+ JO38tjJstRlXsgIOpcQ/7Du36kQMxjeWicvVidYuP+KnsP+cRyxeWMsYjd0VX4XP
+ qaAviYq0zSzd+WV8nbdEKTflxtF46Vkjzn+/HheQUS92dIOEngEPRtxVbrMEoiOk
+ gtSdXnrAfiFX/djj/74cv1YO9k8pZHE3qkkVZHpXpv0m2OQYUQ2EMyStqxRKNqw0
+ I1ra+NykmEB4H+TmGIOF2d5gRgzvZYQ2aWSho3MYb0HBLL0FgPVsHb0jzjfWGHz4
+ Phify1XbwKdTcK9xvCIa6iio7SLru2KKeT2MhJPi/cfwnHAENrt1uiCmk3HceE7B
+ sbEDPlm5QiAQ2KI3RGYbD+kEm4x9uggYO7tqOBBLywKoYRJC8f8GnfkmkftesT5U
+ wlZo5w4QkUOeOHei6qgUNs/mHhCm9bNjvlWL+hHm0uUc6FSjREpcHdLFGyJ3swLS
+ XgEEvvqF98ewdnAauGF1Vi3OwJU8js68KUm9g+YhWixuER/LbT3BoUBMusK7nPPi
+ T7+3R8UU4FIw6UmP+87WwYsJf5TeB2jI71hPSWDYUGAmmlCywPGL4Oap2wqnkjU=
+ =LpFV
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-05-04T14:03:45Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdATZFk1LUFgh5SiDHfI7lgEm50HhWiFJHQ2Pt0RV49uDAw
+ D6hLyiqGzpF6SfL0NNd6skIoPNrD9InRU6yMRnFrbtfR+1xUADHhHGLaCxlo37sa
+ 0l4B1Jwr7D+O9XT3uqEfkkFnez1QXKTp+MvOZUu2dpeQ1aTzmMdmYG6qkfgnymrV
+ oCtI+0RXJf+WQ1uSKcw835ZYkoznGTXNiHFxI6RWI8LzAtwbaj0xeZI1q5DLlTO9
+ =1CKQ
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-05-04T14:03:45Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAvBaS2J64rZtQxs/JCwn9LekcVUPrHMU3y6VM/hg5vDsw
+ 3qSHMHGrdtU569joPGSeD+sf5gsNz/3IC32ujbaYrgxZJigWW2ENl9MTtP1jr3/U
+ 0lgBccWGfw3xWoFpKjWTJOaxvPgoyKK3VFHselTAFQxBPoO3gS0d7lsbyZSdgWwp
+ B7w2p/KfYKktVpHnV4OuwhuaWID3ArecA8YXmS9TgxKd4QjeSNw+x63O
+ =LNgx
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-05-04T14:03:45Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAApKPfxL6WTZ2skSB7qDCzGts2anYTJvLHjj3T8I6ly6qn
+ LJVvLidyrrFa4VaWEqIsy6T27w+oguSCq4DKd5qv2rMvMRy4WuUC672htw+MGsd/
+ /DiiKrWtxF9ZGKYCzqjlirt5BEdfEhLHhzo2Qn2UKP299lcgTkyr0trbBVR/Q0Ha
+ nFHSSGSInWtuFmuVpkDYMkAODpl2h1yaIZ+D97eLtZblmauoYW22Tws1Y3PmvC6c
+ GewD/U/HqMUR94avlmjsbt8pMY7pm5+TeB5Lj4oN8Zezp1zoKwwOeuYXr/8q6117
+ xQSaSd8NNGxTOmAW3BKOxSBcl/6PoENIQ/RERJbX1Chg0KRY/Asj9U9cTgGuKb8W
+ ohEgYX5ayjPGYf8NdbaFtDu3nXHPg9h5OBQCa8fXX8lMZap3Kr/DoLCuXmTikbA+
+ 42XQSNYK/ZyinLjk75UWR78xhWUUAV2TJfVCzGp2L5l6naeyitwF/Gub8MldaGT/
+ +/L8zwbkysEi/N7d60G1hcxa2oC0VyUA285Guu6J/pL0fdLe2s5DzQMlIDKVuH3l
+ 5PdqmAQIAlazj8JXLt+gtKnrUCeQD3RDdn4jlOHr+yEmPxuvQViuyr2MBKaFErF8
+ JHzuGIps5xM1thoqS0or0Blwnag2/BiVYIuCSdS24p1OJD/Iboz29G5VtPJVNmDU
+ aAEJAhCAdlt6l6f3mrEis35yDCnMvveg69x7r6vsIX2hVTrqPLlp53CKx5Jwu340
+ TmWdjEe6+mUwv6/hlE3gYiwZUsRWNUEMk4yB4DS4hdVYwMIQrBe2Pq1KBT9XfPM0
+ bun9l0iEVCK4
+ =yc3e
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/tickets.sops.yaml b/inventories/chaosknoten/host_vars/tickets.sops.yaml
new file mode 100644
index 0000000..ea93ec0
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/tickets.sops.yaml
@@ -0,0 +1,236 @@
+secret__pretix_db_password: ENC[AES256_GCM,data:kAOUjT7gw0FDqO+xt8m3wAhOGuZTS6zEIQ==,iv:oPAxDzz4ellT5MxUqw8/iBYyiTMf1b/Lddj5E0iIhWE=,tag:r3OTmcSjNUETEmOzxsMhxQ==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2025-05-04T14:08:33Z"
+ mac: ENC[AES256_GCM,data:gyf0gBed5K3sEk0bTBPbNa83QtWtoLx+NVp78KrxxfyiUuPu/5ziWPKHDd7o9TQvXZnQ8isVy2BaTTwR6tK4AG5+SO2ffV0a0/uNx3/jUvh56zQFwA6LTviEnR3vKvKPa1GH1khojaCkyMpYkb2KbMnbrGIt8qqqDcwc1dMVv4s=,iv:7oPpmfeAcWttEaCOiL2WocbhoBaIh0Y33OlCAYjq98w=,tag:KTN+7sxOYEfxGwB3OXvUIQ==,type:str]
+ pgp:
+ - created_at: "2025-05-04T14:07:23Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//QgcmpPHpwpOIlPBqZ3NqqVXchSGkz63htequ6/0AT8gM
+ zCKpuozwIIUy1yTadwOWujH+zdIATE0+r1f8YOyeedqYayWjRzuNM0duL9Htt+Ak
+ e6Tzay2G3qDwPO7e5nPMLz8Y2Qi8SqFEikD+n0v3voXktG9tZNMmqgN4r0aJqNYS
+ UegGHbv0QEj18ku5WR4OCnLmPMrhhcy0bUDnAbco2vBpht4WZWEZwdmjAPS3WamS
+ y3P0/fLWLj27hPk5XiC0T+/uIdJ8HvdCZXJkNc/RCKCrbMCc2cPTim4mxD22EjGk
+ AzX3p7YN+r8RIKoQkEOlXtXP4pzc2w6kP652nS/ZZrEccut64wogklL2u/csPVvi
+ 4sX1XyUDrP5K9yBl/N1wdYhJdmwD2v3Ofw9uOu0slA4id8kHF4cWNAoIENCfp+nc
+ xR/IgJoU/akVIML/dYsXAV1SfnEeDJ2jC3P8u9sr8XEj3q7ZLlxvZpYiR1N17lur
+ UkusSJt5YzGyT/GDM2OAH6QdHmME+xaojJtkRcSkhVWhfRfZiXBZzXq81N/5mzNq
+ 0yFreVdB3IhO3LoDCdyB0Qd5ddnKAhngl9krPhAqgVc+z+Angr9UNCt//YlCmgZZ
+ jW38vYVosy8yTRUjH6SfxUZiNm/of0oenMzmazRZ1UrPyg4Cmcdu2lCyTK+tDvjU
+ aAEJAhDetX8A2Kl/EsH4t07ivQF9Vgvkx/m6/ABfZQ7oWGnVBXs2iAvnbJW4OF+m
+ Pz/kJ8pU9zfrAi58+RAQVR5PS1WQr9Jw7MBQMOME5O7PPdalwwnCYBhjlR16ZhMZ
+ Ear1t9yUc/Ng
+ =bT1O
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-05-04T14:07:23Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ/+NIQcpj9/g8YirZJXsiyh7h2SHdfgCW6B81Zlc3WmnhgH
+ hqI7MVA3xrNXwdNLr1vIFBsrCE6vDtHyT6yX1lr56aXMTc89RSFQ9yVbc2wJNf9w
+ JJkOkPpjBOksKGyMkG/gP4kzPiJzSEP/Lfs0n9bx3nPEedVHH2vgEXresSn/Q1Rj
+ cXh43oSdGo2/VzxRHe5NbS3VcXiyMJVxtIocOhdObnHN+NzEgRxPsIA5OBPj1hs9
+ zcN8p2EqP+DHFpV5iaPjtaTMpOlPxOtpCo740DU3mFD3aS0veqWyLEg2WjTrniTY
+ rIPpgdEwZ1rBLQy5Mwuna7n9BAkI0+nMEYt99eWwtObqCBZQApxd8R7tJpIsSbEE
+ 4OgkEGKZpXxlBM0BEXcB5QORx861eUStr91il8SFLwksisXeH85yAzASAridMgh4
+ uE+HeJwiBBWHGUXz0sLcGobNqC08D9WX6sFIwEDtICUsioj3TuDdwOl/fvxrJOHf
+ UMXbaliRTbwpco899kWawGEoqw2gPK4RUu35r3RPbRQnUys7qlg/nsL7I+6rQ6Kj
+ vPrOCzq/lYzuyPp39NN7SSZChvnbenLnahbNWdeR6DWhY7JKJcigSNhQJ/e9NkFa
+ gjXJuqNKdiXzsQ2h1IQMulSw5LTeAjDdCeMcdYLg/1SPrCJb3N/wQ3E1qlHsX8zS
+ XgHULxVaMdkN9qRS/lraZnQct5RUwOhmhfLX0zTdZZsdodYFtW8ZKx28nbm5CVrG
+ kpfLo1Hrm6m7WrY3h41PRFaX1Aj7UPFQNPGa6pAsoVlZo9iUqGYo99et6VxyOFw=
+ =2Apj
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-05-04T14:07:23Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ/+Kp7Tcpo50301mFDCcOo+pE7KafirFEL1496eXB8INaJt
+ 8/+iBjIZbY3vuu19MIA9zVl3+57v+0TeL86RLA3yuKzd+gfhwvRjgJHiN9e5pSlB
+ vN20gqnEJJSGHRYdp/GLx3sUizvMca4qBwYD3QfGKLp8bvWanvIsECiqfStToR3e
+ nw6hYGBWMxlPmLBxZCDkUuqNQ85kwSjVx8X9vegEa8cK94On9kfZzeRrfkvlAhnV
+ p+rQFDdI7v9U73zsickCz+zB5Gf0mpa4wIR1PBIuuapq3m+g5wt8N/Guo6dk+YWa
+ TpMeFq4ue6QnUv7hSgGCyyLTnb4WNUnZWpKRn1HqNaNlmtR+wfgI5ef3giOm87Ho
+ HhwBFP+VeFG4pesp5ealKRaGvb/31Er0IRbqTVDgG1p+zMZuLJjPSAiZ4RCYhs6u
+ RWk3HtWGjwawa9dLXN2woxjPZv7sUMKgV034Vy4d0DE2XBcVXVoKFAyk5FBzAxKz
+ 6WmYUWaSM0X3z+EmgorqYp3uV8+ZpFEtZhjvmQCPsp7hO0U6S6I4j26tYjX2luvY
+ EmMi6g+u7rxUmmdLRRZ0QcfMAc7fXTRQNTY6h5JCfyvcdvGOcN/MByk4rH8beUV0
+ RkYSx8H9zAFMXPQtLL3iMV6EsqFBHDpQoYus/LqyNYbMoHUA6gzJT7KqmfXPT8nS
+ XgFRwH5z29+AXyBTlv5eb0oCmtMvtjl3qctX25P9CZzHOdRpe259Z1Pwx7K6fxu/
+ ti90GNTNGCftKNZdNOmbGr75SphsHTjY7En9j0tNoGFj/T2HZHqGssZegE+WWAY=
+ =5ojj
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-05-04T14:07:23Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1ARAAuRY+6/pUPM8E1NUJN7YI9KR9Pomtwumtjya6X8f8gV1U
+ QQuju5/ZP217UrFMf2oVICm0txGtoewkHQ0VYYRcp28GkUJuyoXIbjFCgAoMreqU
+ HM3wG++zMOMp61InyqM5NjGTcu3i1rm6FwYKEJ/3hX16P2fjP02AWcne9pZH12n7
+ ZxjELQ7EJ2BbXK9Gm/s8t5tMV8/W+DV+b4IbzJehQ34bri7pAQE4xw/igzoc9pW8
+ n8nRxUaeJTJ0ec27m4g1M+RY/KfBz/EU3sPJH0KGj80p5AlMMYwFM72qatKtPwrG
+ 06OC4M+3/87teWnTho/KbXZ/q68cI0YSjjaFNdvWGEzjU0eFoD4YP25CTUHjlrUg
+ 4UkUGwMms60F3g7jdPMTb2aJago/3pD9aMrynDiexC4YwO2rTbVLwLSbBXdrxSdR
+ nrxKUPPoPWUFaeylpOLV+SXwVXjiP0F1WVtViRHFZa89zpvKrLjnFZuTiSGHTkb0
+ q5s+3AnWElGsm6tjY+03Wp9FHznvazULVWGbVmStERBAVC04n2v3sNSFCXkv7g08
+ ttnAPmg0hDyVe8MsseP/ihlK594QKBz9KVFLimYY++XUYxFrIo4VyxxztLqC1DJN
+ Z5uHnS2iZkRLorpCNbfR37gEo1GjYdzJ6WllwqhzvrkripEznMJtFCzh6yb3yaPS
+ XgEtooPu7XfRmsumoHjZl9tqHR3g/iGU3/jefka3koEGHWEoYaWYfcYcYVgcmebt
+ rVD3mVeqqkDu5GFiRDNC7VyOrf0lUDYMXiZBEPgvZqqJSx2v63PWkZbwTsd7RGQ=
+ =wnbO
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-05-04T14:07:23Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4HMJd/cQYrVAQ/+OGf+qcGi/iJM0D7cGWh7GkczndjaR+B8KHiv8VDSZ7R7
+ BU926yUBwZKfEndiiyFXo7SFItI8bIQZurszLVyajgiocts354mBUm0Ilx9KetWG
+ 6yFaQAq9hqSeJ2wIdLHL65ex6gbeR2SMvvxbFCMzImWcmuPmJuAWFs2zONq3iear
+ Zf7o+beuq9iB1udiXr9vLfONaLUJSCA1DIbqiDxyv7pW6ZaEQqNCZCnzvBLM17fb
+ sG5iShEoJ8vfdnqg5MLXlkIZ4Z4FnIu20o+BgKVJBC2W2df6MEsNWx/vFNyJ5E/O
+ d9aM1mJ43x709CpB6MfqR+ARFNH5drgwzZYf7D6xvgRGpmKEETmQTrF0cGf4c+ou
+ wIlDCduZ7vvhsujGZHKR/YlS6SmpKiUE2nwWH5Jj5SeWXIyfFe4K0Fwm6Jh7PZ+U
+ maFO19kPpgZfR1L5yWWh3ppNs9GtkCHTckHdvYkWtc80giqZNn9AEJLf1Kk3wwCN
+ ncyEZiqmWvwBYSMWV3rD5aEGKn3qq1o8J9ZkKiwfgBXRkQakh2rDXZG8wl4QCZk9
+ NN1cilB95lTLWgl/JY2YuCh0BDAoiBYmDZoP3uMrwmuVbgwPIclkU+4BYMM0WxIZ
+ DqDEcIDfwC807L5L4PSj+SuyAeo5dHbe/bC4DMdnxmiWVd7QBTdKsjBL/7HmsD/S
+ XgFrfQkKnwrK4YEdCjbto7qbi33QKA1MHbkv2rCRQlqadFUJxDWC+EsnLqWMtfqv
+ 2Ou+99RPBgIzHyzaAFnvNak51fX/g0NlHVX8MdKrBNvmbFCX4ToCNAswRqvcz/4=
+ =ocb9
+ -----END PGP MESSAGE-----
+ fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - created_at: "2025-05-04T14:07:23Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fARAAkAdGVS/2zcY9893Sxc1OmTu+q4z3iggKIUTtMZ3hHeXG
+ EYnICC2grs12ywwq/wqLqxsIhPM0M2TqzxleDq78yVFlBZ6OZOJokZxXNp9bm6lA
+ e/k27OmuF0BQif4egqIzYTenZ4X4L2SzUZgTM6Z9cdn87P54puFNTjyyf+VFJn17
+ afgu258gvxxCeNoyhynfZlUiUOWdatScyj1HEwlg4ms1saHoNlwTuxbjgouK0i0m
+ XonSZzbJBm8MLDLDIDdEOJA10/dQSDr8sQ3uuJIWgRtAiZxTiKqy0h2aR1/qswjE
+ yqxvFooRFh1q3vUQhTTV0YL4tIs1qHpSaypcdHGGJtziT45JjsCbSdJKQyIclaBW
+ LxV4jSZwxwshmVt+eNSKeZfM3TXT3IFs2WC8tKZ8e4DoZL76wAS014HO8pdU0HcT
+ zeI3ffByydp7gTteKqWXJGx9IE9rme1h1iBH2+bdkO7fx26ApSz8amPSbS/meaiY
+ VmfWROjv5qGAmmHQSxlm7ZRkjOlxAO0DTvPC/LqYMByyBDWxtpvsqOwTxv2Qe5Bj
+ J+e3qfhJEeLTm//tz4oLmcnEPcHjhaD2hAAtxebUgkpKLHBTW1E4iJMsy0HfnzLd
+ LmhnC019vWDbOMXl3IHo6EPV6aSi0aZZF0xxDBo+WlEtkhqxq8I4McGtusuweyLS
+ XgFBDGCNbgmKB6pqWyooFj0FkaCHLK3K3xwq7unmti3AHQezu1Y1kXorZMX6RTOP
+ lJBe0n6mpzUDVEBylyr8aAEk7AyxnBJdjmWOytIh4b5Gfff1t6xVyE2h7L7he/E=
+ =ryW4
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-05-04T14:07:23Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ/6A3W3BMhy+Op5IfHSR1i5oM0SnIr0yCDHHRKLGYxK4tco
+ +uw1O1Fk/c6A+WGey8dF3jEu6Gc3N+r0k8XSBrGx4aHIKRqFqbBJ8gvkNJPAVpXd
+ Tdtnu83t6wm8oKrX63UIaHR7DRZ1JL9okSYBPWWveRnFHZLUiFIMzKFl6+nL2le2
+ hxT/L/hzzu+WcMRZTFjjmKd/Z5mGT6BokBTKZGfCaFDJVpyZmJO5S6STAYNDZOfj
+ G4oa/evm7lJSPLgF/92TB9WjDshKh7BmZqbCX08KJykcXqarZj9aHAPpB1atRss6
+ pfJQQp7UpodUF5+/71BwIQ22p695N2GPKO3WnOGTX5WwHfqLedAc0fnxaeFN/khN
+ +owZaO4r8SXcTP7xJVpW0OJC3Yx/Cp32TF0J74n/i9+pQlxOBg6Wt05afXBdIOs/
+ bpCBVyvTFRcU9ldmfdaPduuUEhyaMB/15Mus/3QqxHfDRPNtMkMKWcZmjzOC3wLf
+ 2SUVgf1/JO7sQXqkwROoAy9BTD943/iVw3dBWHiVQ3MhmcPPmwkn5Yjwy4y9GGTX
+ FGFC/QxzCu6gQlH61v1fHSAEOi0QMHpZpuX9kDAzxzWor9eCC3MXMzCRgbqvFeFg
+ N6ChnU3Xq971QmrhByaIYa19654qEhYhlld0WmuyvIpXP45ok59IWaRQ1ASVPcjS
+ XgGp7LQZ0NReeoQpMVgA3c27T6a6KO/1iP7ZUAqTyg/b8ZziD0MEUmsm1G7TzjmN
+ NpJNw2wYM5fSCzQle0S8jx8GKY1LDp/J/V/dnrT4qk8eyqpfJy9KRF8Yo2vzYa4=
+ =PS6b
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-05-04T14:07:23Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqARAAu5bB749JrrKEzoAgFu+TD5klsOSu1Ba1dsV26oNsdmOY
+ XY8xvMe4A/uJOtrcfuFIev5Q4KVNAoMECOiCD43emHenY80DGTNvJ44/gsOALP6i
+ 5bMm0KUJW0U8ZSyjOgkYjPvLleIu/WQ4DfwMlOYVtjHp+2k3OkqCx8CvtrGNsmVc
+ Ax2zucT3LwhxOhdnDjczSKXd9EMOU0GsKgkbrIzXlzatzxq957tQ9smQ5zu38N80
+ ULRanZzH2yIQm3UpeJtcEN3xMKUGyQwuHqMwqNhyNnO1b2Qo8InWngMGEmCqzhKv
+ oTYHusKutyYWgnIxcaVAMO1DWq2i0As6cVAqEzpEAFLodi7RiqofIMfSbMu1W7wn
+ W4Voc3mQ2iSCDDUJ2DZHPLhhmusCQcpWK4PIPr8sYKj25tnx2/LTg/sfyW6HOxhN
+ /uGm5OC+YNCKyv+TykYOp9Lkn0gV/wlJyfLpDOlgXRkVOsMMV6vAsrrnbT644edM
+ ptnAxxbOQYVdHBIKU0se0MSVwrO7FaPuYBFa/DY8y7Ix6Ebpsjg+dTBbA7IBgbWT
+ wJvKqxkNDd+LPEk4kBU0LuskKxgFS/N1seM3ayjSvVZ2gD8c5g53Ys4D3dOeRFl/
+ sJJ4QZ2/vWQjZklcJEZwT4Az/rh2kzIFkYlC8Uzl0WnmsMOZl5EX4gyCwxc/sjHS
+ XgHRlbcfIb487Ls0Wv5i7VXgcjkC85j9pgXxa/kdCL25bw2QFFaB5oSFNbWVp3L/
+ FajZdxADrSui4vtBTP4EIHURnhZhgBkixk8URcbxvadgqycZljNUsicc7dLprtk=
+ =uDEz
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-05-04T14:07:23Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/+I/2oJSBffD+Fjz+z/7vbb5f2WwiNtvq+xWW+KsmYgiHt
+ csrM556L6YmJYbuZ1Vlp4/M1Ld/rTtCZeVtKrLLgxgRq7yFBp8u4APjYiHqDrcD+
+ TJLiiARG3FRmVVNfailTUbyglOE5N5jD7hkgljcU7KFNVXRS8fpQnn4VJzobnlJ6
+ KFlLdeNjBO2D7AZZeckTPHPnzu1WHUR4fu7Jd8Kv2G/8GBwy8nKP0z292Bl6AG5c
+ i/OdhhyAUCcCHNSNJrcx0BZOWKHBn9KRgYWKp28Bl1GsPuFFBmrO1MyyA2VmIpTH
+ RHwu7OMThNR6uTaTxLAy+dtnRXWBiwyucLvKfXe81NxgRbtS1HMGg0Y27IXrgQLd
+ MMCX5iLMXnDf//8sdL0LHs/Y1LveqAuYLUxdyCG2D2T+8O9/rFSx9+w/UXLmwWV9
+ KPLdv3Ovs6AOgYopmHd/IQIh8WqmOqZdeInthObhk/RXL862AThZmusCd/yGUe6N
+ hevxfeowkBMoU6/aj1QWquzggwJCox23GhUTocIEs0Ay/8PxMmC4OFSA8hjs1AQq
+ tiT2iocaKQt/pvQ24Pe3RiGUASSmNvN3HrFGeB6YyAhz5Y6Uknz8Lo0JbiLO7UED
+ VacGkMsWvlEyhRdtjm7kDuMP7EJUoI0od0K9cuXehaQBhsi4BBEORlhivHT6p2LS
+ XgFXb+IW4nFRfkcBha734mZVc/FbH/31nCU5dbn/NfIDXF7NftWktbwP06L8Hag3
+ R0bPQ7uv3D2m4oE9Ak2CkX9yvhfF1I7yQbBMgG9jWHhEHb9FFiKgqZEHjVvNGek=
+ =qePr
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-05-04T14:07:23Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAtInx3ggOfOtrNqXnRhHlzf0HTDmMhdnk7l7n6s1NLBQw
+ kvQ3P4seyuLl5O+g2qrvcsDybKGA+TkPkcIQuIbkMW5MaqmjH4R366A8HYtGpBaT
+ 0l4BWj8Phod1gJ2dSHbs9oiDcmJF1yYW/jlv9kIS+fBlMcrRMNdmPX1R3zLHzIN1
+ 8HJLNWFaWXNF1UGxsMM69hpmAGs42eL9NTWByquQEmy+lbaMcm9adAEOwFXKZCYV
+ =oI7d
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-05-04T14:07:23Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAA091HoZd24FrQJyK5sH30hklq4umbuozfDfR7axZ+How
+ NTGfEDYGsMtxiZ4YK8sj2OSka8Pi2hdawKR/RfPcUxtfc+tseX2DehjSt/GrJ5B4
+ 0lgB0CpOmj54WwTQ+PxkTmavjHozZWYGuvAD8OQ3dSKgFDdxKgILgIjUAgwKGXms
+ H6eIR8VhYvtyiPJH1yEm4GPFWk1gHHzpE1u/HuUObuJG8KOl10WW97E7
+ =5I37
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-05-04T14:07:23Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAA6jyK4gSGMO/9rdDUfrFTO2DB6qpMh6ghy+koTnu0bP/C
+ 8+K0O5kz3fsEXjd26W++VE3TrGpTdhXLgSkxjtHEUs289yi23Dt0Sv8ptDq3+sSD
+ o9tbkL7VJ6tM8B4Xi+d0bHapIS9xJt2GgAT8N1ibI15uSRs0vBN0/lpCwK+Jstge
+ CH4eA/651Qp6v087/51rh6qOwqPoesT9FpReSdLIcxN8JL7w3MYDEO4gZuoE5qmQ
+ 29f0LM8+9iqDkUlPY+hKk3kHBrw2DTkl292KslMHIoyJm7f7j+XmUlQ2TgoqN7T2
+ sBL95kGHYFVRr4y/m7tRWzhFv9z+HFggfPaeVwpF2bbp+BObuLJZYnyWsDcY8Dza
+ Y8TBWKp2Hiii/7j9Ps4Cs+tqCVsQt5FCHiIhX54/2AJ2qKRYol1Gr+Z/CYqEQvYi
+ DGkd8p9uc1sWUccMaSZBEkxqQPPrELwPjY1kcD4E70aremZyPuH04r5smk0bIhtU
+ 6UvAxy/3OdQQU66PpqomeZq6LpE6BNinJMBxArknVTLibEm6qCi4ddiA/na9aFvB
+ 6P2kbtpkz7I3fS2ZAnQTM418k+ANllA2UBbZJpv5oQkw9NHZUDJOMJQUpMYZGyay
+ IQIyZWOwnxFP3Hh3kDjJvbVTL+knhI2xXRbKb/sSYq7lipV5Eu4tNIYQIL1CsZXU
+ aAEJAhDDXIMCArDvTS4SEijHZPxEnAUyGJ7U7vLrHHHbsba1A6CsHBmCUxX/YLvx
+ AzjezwcHhbn8goITobK1bcZZLI64rxANAMF+H/r+18OSDAeytrvd9JSsiSPqo5xc
+ 2Dscy08hMok/
+ =nM3N
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/zammad.sops.yaml b/inventories/chaosknoten/host_vars/zammad.sops.yaml
new file mode 100644
index 0000000..e47831a
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/zammad.sops.yaml
@@ -0,0 +1,236 @@
+secret__zammad_db_password: ENC[AES256_GCM,data:ThtJngNvMc817rvbjMjjbnp1tBlXPdAg,iv:GcQHc7p5jFcyxpTcYsUOA8PvD1Qy5HxVZXHcAuL19Uk=,tag:UjVxYkU26/zkBL1eKDfreQ==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2025-05-04T14:11:05Z"
+ mac: ENC[AES256_GCM,data:GNOhRrJkLTjovRO2cZgeiRcqB3TE2sWxD220Z8GynoUV4pWS20vOKvaqwxU9seuD5Msxd05JzLRVTCtP4La6HVSgDekoVYKz3SLmdT2Hev+fscmfr0uojRi/5f+eCqGMBEy8Xs2Y7AzIC60iHqX4VBBn6FgkJuTyS50qn1akoGI=,iv:EIjJbb0adELCNBoRsdjsVvN19v4rKCiVmxcCAcnY7QY=,tag:GzqchqorbDN33+SfspGT4g==,type:str]
+ pgp:
+ - created_at: "2025-05-04T14:10:20Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ/8DpUNC0LPBL+3I44FbZzzdo0uvCWBYMySESqv+Gmzds6X
+ LJ9hwPPw7Uba8WKMO1SNXbTnO/omQEN6ZtDzGZu2datCdog5iaQY14+y06NTd6Fp
+ JK+FI7fjEOzTj7THt8Zzl3Ymnl2hwkyDM+7fWViCTwa1/kQ11Nko5IGZOrZ7GUjT
+ RIiGWhfczmj5asLvgKbQXJyg181LIbZ0Sd943DVTU2q2pfcl2sxopy5DfNdMPoUp
+ onx6S4ChxtbnqZAOM9jtI9qDn4kwTo3usR/pATUG1cECj7syCA1qEQBQQrtCZsG0
+ tXDKLoaFFRydVcHZ1hVYoeW3aVg/x4hum0EN2cKVdWf1eaHn68Xp1OJ5ZwsYsRBK
+ /DYyUnH0i2RTwTAHUC0IQzAPWx4yF5PTxE1KwPVTun/OIrajH9/eX7quRPdzJIza
+ JrAZkmwDshGjNGf6UyE301aKvW5Gd5rrpIT8r4thaOQmrTZZFaUri0wWazRUZmAc
+ YCgqPf4eAm+Z7cwA4CNOqoB8BLLIXLd/VxaLk8jovNr6eK5boi8orfuqGo+r9fdG
+ 1TlyWBDty0ksayXM7n3Z5SPuMkmx2BkgKbN4oACBVJBanNJVe5HLKU4vnH7eu1h3
+ yUOJFMJY1VmpR4RxAKo0ll/dpfr9K9ClaE+OxYBwX+qHFVANqi3cwPs/FLB86g/U
+ ZgEJAhDW4HQ/W+riGu26FXk7u2r/PziPQ4Xl+MUHkW6yzT3n40RTh8jOvTx9Deo5
+ Vide+3FRIzb/jJGWnsECSE2QlJrvWmB0pOBqDmS0sY3igMyAW3bpDg6yJB/FNh21
+ dl1+Tsoybg==
+ =3KpT
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-05-04T14:10:20Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAtHEhXYqci78zS60h4qI2+dJPQGWbEHETf7qDljSONSX3
+ pRZTmst9W5CVp4MEHuzZNl+dhL8kxQlT77u07zE56RMHoJaAjmxhWz4XA2JqPWAt
+ t4BKu3fMJLy3DctK3rJPUZplXnDYLFjwXxZILPr8yycz94ZSCHWCN+CRNHnzmEAY
+ HgjC3ttOBv8nOUHF+z4EV01pXpsWSGraXl/KJ+zXsjmU2auIEdzy9MZeA7Reahq3
+ KhubDNR7c+OMDK1QcQv1u23TlvgXN3zbwFrPCMInrx5FaEBacs8Sf0iHO2MtO4q5
+ TDP7/NOOfdar5qzNivudgOSbUCC/nU0BZ4rz/ATHTWwObbOgTSr93U5hDFwJS6YP
+ BT5q5uuPH0C+sB9yL9JT32jLzpHqNHkgNpavYjs2xB2ATULnXycglwm/FN7Uqgg2
+ 6mDXuRh/ixPe6WbOR1+o3uKgS7UlQU9mZKDjB9lirAkC5VAnsnEW8xD/XGYKosUt
+ uXqb/eq2iwOcZ/tS8xPHnzhY0jEQc3zSebGwgIhwJIsKOZSol4O8g8XKEnZb5kAW
+ WSVTrIcJIejaeiMlJsGLD+03LEWW5lOvICeX6NKQH5sR1tbxW4OT2ni+4l0p6qV1
+ 31xk4VRQ9/RgUGAzn4gYy/VehR1IO79j73+WedpyBL0mY6IhohVLcHgjBzc32oPS
+ XAHSTxVs6yvefZ6RPXWjbzHYNXizEBUuxS/2GttWmP+UIzlng2FQt2T+eipn+HDm
+ WjP82sptURzQkqml2DF5Y1omwq9O2SaBlFGWqmQLuwUn/UAOlyCb13uqgbzc
+ =TPj5
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-05-04T14:10:20Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ//eU/kEWfPMN9oX4oDzzitvn2kvP6b0HrXpFu4ujY7JtPr
+ 5dOpezdNz5MnbH8JZr+GG2xdllxF2DYSdZIE3MGZpvGbmmAthCH62ms+YAVX7+NO
+ q1lZ5OO7FE6ePin50QwHMRftluTeNt+7y/GiwTKZhrhSZQtBlHXFjnJyz9x0bvV6
+ F75l3PJstUIUjDr/6FaY9Gaaqb1c856ot3AiQY5PtzTKV7IWRu4tu7+wxaYmjZco
+ uGSyHmgZmUR1iUACUIl/vplA5Qdb7sZWhMJi7THS8nnRbCsOsmIsD+Jj2kjWJzvp
+ BW2GP3i0xa/AZdjwMVNcO8Kk6UQxnjIqSib1oYeqYiNBArDrRkHdN9L538WD5AWw
+ zrTZB8IoWSA3PdHBoZRBLU0JATTYJIXEwlvSm/1agX9QEPHmTFMZts9TtVJQ9825
+ +qlOxY7huTXfa6dB7hufduOuRz8p/sBv8ZhkivCtrH6iOjGL8g5wjIMpu+GCx7b6
+ /+xVHDL/FpqY9uXVxx3e3anktEJUTRc1dVLdUsPLnBMOFD5gC49zgmhs4d0ZHDzD
+ ako0RTm7wxWui4XqS0663/l3Zoh4GZ7ONU9E4BFmAWotQMZllKBHHnnpqSWEsgU8
+ ln6hzbNt7ZoILTQ2+X1vsFtjcA/wmBRjCUA/vxs+/fSrqcFTN0dc/17tz0cL9+nS
+ XAEtOz4YRIbkzZ7DXJcAP1y4xiuh/MCEVtD6EF56Unkdoj14Cyo6KRgWzwO44g2z
+ oq+xzqjwPHn1sJi58ZaKk3aKj0PjRhFwQQPonwvhEX5anB77kvFu6DYdHg/k
+ =wFB4
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-05-04T14:10:20Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//UKcywSlvWSmCVrmlNhC9/fgJ0wVvHOzeFW3tt58KnUph
+ jv9DW4J8r3pPOMuSQa1ITu58dcgbxp/yqKSzawqIu86fmRqruuMJaH6UqsD8EPEJ
+ QBdV3KLfMNM5U9Nu2ujZJDMTTMJZGRO9u7BikLrDlq9kjhikAjHHcnNVwR2eIqPF
+ f8h6OZ3WuipMn0q5UcKm599N5VuMmws32SwL69yrDPwDXOBZ4wJMUPNLO+FoYZGS
+ k0GNRuvNRCa5a2jEitB1kWxrpxh32Vc8hoAaXFidcEfMnmlshT6OugJn3FzMWYL9
+ NN28jj06rLQA7PumU2/cWiZkF5GSydrbaUGMVFJQ/eI/ObJicXQVcG+nWr8BIepa
+ cumx37zL/NvOnJXbd45M1mGbizCVnhljGARY+7hvVSn9o56l9G6HDBP0qE5lB4K3
+ C7uJW//kFZtZ6FT+vu0p76eUPP1fBAyMz9pmKLvKkdVC6h+YWllROpXvR7641u2Z
+ Bq0qdr3TwU6KGFw17q3WrTTVmVKSoUXdn1WI0O65cXLqMT5I8cNxSA75pyLA9l1t
+ qByUvrZkYyOlhcr72E2f1FS7V5Glxk2Pt9GPdtoO78OM8smKfMqckJLnVxAqdW0M
+ LrOSvxPY1DNlM/+MTI4q2mXm85e8UKMp2qnYkNXaiOep3OjZts4Rwez6Fu21QLPS
+ XAHaUGeAFKxdR8P5p6hkA08xIVbkk8DN15V1wmv6EsjAWkOISq8d+ZZR7Ri2YuoV
+ XhsZ+Pk+40oTNvO7ZiPXplk2d6dmoIQuFcd1wmfZ8KpSvslWSOUd7TP1sUTP
+ =EZX5
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-05-04T14:10:20Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4HMJd/cQYrVARAAtBXdUbllfV9ea0OQQ1OAltYwKWiIaTomyiGhfnisR2WX
+ PFTt/iOBMw6XQrSrO37MzHL/HW12o7lEfAlyE7PCdHo16utmxkx2N5n6JJW+Iido
+ 9XuD2/33KeZyxVGDG0L8/FavdNvTmH2gP0f7Y+1p9mv7KZP7ypPpGdrAC2kXG09A
+ lZ+y2Sz5y8NF9wKxkDHdubuKmDrbDbz7x62yF4anFqU+vYNCM+v6HsFq442xFTLn
+ CLKVB6svlsrl4MbBnSaK8QA3dk0u+0fB0HUzM+sgqP7DJNJNz+crBeGRGqE6UFMv
+ bs6UzpnveEhjQDB7DnaLSnq+dcnkO9NHEY/sT55HWi6UQfbP2byEOWdTBxTDrSrN
+ G0e/oigUwBMovkOSCQ80c3WtrZNCLwOp/zFBN7mqb2humbOETYChjdaSsb66+Qem
+ 9hnLzRiWj4JoU1atsyFLxzRT18o8th5qSYsfKGQTgKRxL8VGDcibMnkChwHPvji6
+ yuMOfidzaZvGgR4n38SpmJmQE3chvKCvxfYcFuiex+PJbxBQe5sjk+z0ja7mv0wB
+ 24S+F/KRZ0I2M8d7Cl/p2Ky33in/O00fQzUd8hyo4UOo1LpKrspurcRjSo3qG/+t
+ smR4y2LH24gg1LKFxBXokaWI8lgCFHhSWELzFcW8uKeAQlSbrEy3uuSPcBsXJaPS
+ XAEyecYBkwn508UgG0YV1fZtSjTuXlnJkIIM2/8Vm6vjIYJglbtZahh0Gg5ETWw3
+ 0VHQOx2JauGWJy56ux/OpMsQlk4iZ23zovN5LFz+wOuXWHFU2olzfl5sAocQ
+ =9zs+
+ -----END PGP MESSAGE-----
+ fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - created_at: "2025-05-04T14:10:20Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ//SRQxhYLiuKBCn82GWeEJRP7EjyikzsjYfZ3DjyI5EhDv
+ oXPcBIl5wrYxncwBXCmXsgZgzESR8pvJ6nJztbWljvt/fIgkJo5s1LVyAzgTRJEm
+ Am7nju5QL07yvSORooENYCLI/jomjd3uo4tutTzl0ty2Q7VJ6r08K49mQ2coABSu
+ 082Umi0LJHvYHohLBl7XcjFH9H1a8f7hoV33PdAT8FGI4EYWEBy0AY2d08e7QFW1
+ P++Ye3kueuDxpglLJMqaQAz7AM5X9m57A8sg+9EzT5ZEYcvYUB2cy7S93xeHZxq8
+ X3XrChCCZ0Qv166lIHa355z/0KrAZu8R1rjjQehkKJ2eSSBYtX4+WAWyzidWfRHf
+ Uyh9Ap5ca8nenhNunTFkftpYm7LqyTv1jjH1XSraPEVHDkzMo58AisU8tdHPE3xR
+ cfsKL82dbyWvJjvFrjwXq0YqmBYXkOEsqzMj8a3n+EpF9tLuQQEVIifUO9DhKDQt
+ AIQfIJKk1gO/uMh8xni8M8EotxOx6QCdOWYgUBzM8zMASa5/4WPg0kbyrtCQty4K
+ H4RiClQbyd9UreP76cTDMnNr9QZugZs0XQ6FG0WNwC0jd1X8/P8PefisNDamqyL8
+ 9yKW74drVC0JhtMtV6V329n3AoTH5R6b45xAaLXitk+gw8Q8J0IRexoQ9lpDN9fS
+ XAHUEgwq2KUuqal3RvVs8FTCOAgoQBoeBiv44nD57sgP42Bw54BxwdbKEGjaWnY1
+ DruDcJWiF/naXIUcdEhj/JmiGAVf+U6zQFTEFhTH4jlbrWCfgMlvtIBi4ygg
+ =icN/
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-05-04T14:10:20Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ/+MvW8gX8fZA/o60+ZoREvvGBKYTpuOK45MS99LrX7nD6v
+ nut+hn7WSpBl8EusHk1onDr8nsfpNAFVtY4GDUudVHeF7/zNHO55cj83Kwva1OjJ
+ xTTHHiVqOp1W8t7lIy9Yydvq8ll7WLwi+CP8l2eY9z+727AtLAp1F72uefp3bp0n
+ MBMA/G6WEXEOpvwvo/vkBE9pULOlHb2+lds6eobkkIC/+277DpC6btjX9nrSkmPd
+ GU7Qa/oJJiJsaCr6RVFbcsv6QD18zQwMvD5RiBCEjT6yzBQkLfhSFQW3GGNAWXAd
+ zdaPuCc0NMMVq5KiIxIDfTQfLDe640dSFShq+eLtS10r/G4ejujvoSRKqQgA9pXV
+ phDNMvQ0c4sT2mHtcw7OuEF5b593GfBfH5PtADEi7UAWQlMiE2uDhHEHfBNe0zgM
+ 5PVeKum0HVe6JM9hOZMT4riyFjW4zKZy7yMAsYnHpvmUe3HNPQPShHktXgA0UAsI
+ rxe5xdorfirk8e8I1zNnf6L17T0elNM2X/v+bkV3hUehS12IpSexA8PEiRbEGEUl
+ H6Yjcml80OZyJpHJD6cbqkjORU4oeZNVdlpLlkoJWRgx9qT5ane1DOtZBSTQjo0s
+ 8J7CU9Tee7vezrLs4G6xp1AWXvrE52cjkOMkG+oPknQHoMMXtTXHv24SG0VYw27S
+ XAFT6x/xZ+H+EILKXAwX/y172IPzxU7o6naQfB+ozR1JEBl98pKZjp/DfosX5CR9
+ cLI3eZrNJtqNqj45LcLBqYQH7122yMbgmcyW0w/uBVXDEGkchqfBi0qrDKyH
+ =Gtac
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-05-04T14:10:20Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqARAAkwQ5W/weumEoda7pv8H81AnAFKsmI5DxKSjTwFd0022f
+ OmnmH3rMyFIC2jIUfyHDpq4mhipT/M0DWTRcMVlefG8/AEJdz5+fa67MC+2aPOkG
+ rQGHOSJ5wi8g8W0CdEkpGqrPW4bHI/BFpAyDTQQm606O419Mm3g9F7e760uCxU9Q
+ jBPMcg9QWjhZwRyanMPUvX/IumhLCi0bx129+c6ZIxGXCl8cBruqx35+1uhYTBm2
+ MRsM2AEsNKfBP2l+WZWJUG47Jc94L+paF+7Em906ajREhr3jlzT9y1S5MCQVzTNu
+ z7PXCkdB4d+gmAs7MzgLT72++ago7cuc3kQQztDaken62lQ+fJbc/GaS1SFB/EV6
+ x1hVmaJSkS1ewbX7KuDRvP13Msj3NXuzeneoxq1LblPJpnNlDulmbicpm7gi1FVM
+ 6FtkoQV3BiBzNGE7DkKMTzo++vxNiseFMMAl6rZj3MxItcKYp5oh3AkGymxYfTFk
+ miinj8z025yDLcW9aU3WwzwG5C4BzMFZ/n84fVoV+d8fSuEdOAeiaa8l+cdwwC9D
+ NyMu3uUC/iXpVBaybQIFPtXAGGedaZDpySo8LlhK6h776XA5iIj8fw4Tlt9kpKct
+ lvAbClWQhaChIKu5q13R2Z76MTqdjfSepe7St+pYAszAUCNNX4MJsODeFPTVZpTS
+ XAEZpjYxiNJSQf9q8UlBsSWTQTlHpoUhKhj1tNrsfpWL3Dd76pkflje3NFpxi6qw
+ 0yCzw/FX0lGhRsSaOGwQVASmzC3FeFHOR/djYeIlDDK8zukF9wr0SmMQxpNt
+ =vHDm
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-05-04T14:10:20Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pARAAlhNz81r7JHtCKbt3jiQjeDUwrkNBGHNRaNb6LLXgnCcX
+ +ybr+cuASrGTvcufAGtbgTORfb8On37MHhsFv1STmIzAq+Nz9t98F7vFk9P3R4yd
+ jSbWhho48/1g5iPb9XdUNmD4WqUrsz0bslgxyGn30LOnrP9JXceU+B5b5x+OuKjf
+ /l6JA/7J+uJ5v2+EpFcZg+5+/WkqViZCZc2Z9jLgSnXjR554QgIW9rXfbH2drhLB
+ prvQO1NShASCup390K5w3UTDd+mV8qZfm4Ey7PIH82kkUu0QYJKNNFJUC3a6e+kd
+ EGi70YvkjDIeSRIIUNW4Meu30yeC9VPuCI71JjLo23KP3uFYpd6Vt53L6uT3AOqi
+ X7dIDeJ+Vlr2zqF0iMR7rCzwiHU3KGIFYhpmiyI6DIdInamwoYM3RcjX9icOBeMW
+ +PKbYP9+8zs+h8zoPzZEUYvQPweYjv97Y/vnN10I9/ChQXh9Z5jM8XZxlh0AFQIF
+ ph6LSCa+/+YmNmLJh1jTVDjp44UUevNP1duh8VFqmPeP81rfxmfoBlwOoeqjv7qv
+ zHvPa4lvgEN6Q40ezkCj6jMrWwYq5IC7Ip2seKq83P8w4AZCFVNmuDKyaHEci03S
+ TjAxffgkg47AbXXCFYoxI09TtVXIogFO8xc3zOF95Kgio+q1CPK1WuNRSOQMCPzS
+ XAEsYteowgEdM9K+3JQSNKVa+nfSuEhNc5OBfVi20RlxaIBItLcIIjlu713tHp9Q
+ WjsD4T9hawDCjTtNb9w9NKVNsoquyX24qkNENp241S5pbqteW47w86RhnnR2
+ =tVB8
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-05-04T14:10:20Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAe03furGv4V+EcQV8ttYjbun57r3TAgdZnYPq0mM8vlww
+ O9zU4w1p37OeBRvWoOHVEw39AqHzOIfFKA2KIDoKOYrFzIWW6pqEKy/2LWrUqf4U
+ 0lwBeHRyQiFZ0ur5oOGqYMUzcg84eEM7i+ozX+M6Z1Djve+Sn8xT7WsdTwaG5Hfq
+ PntqfU+pbjMCz4vCDb2SLZL9z7Qe1fTCplLpz90Rw5JcjNZja2C+gExmp6eucw==
+ =TVr3
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-05-04T14:10:20Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAKuQFebQ8mRDbMfpM1HNzJAhdV94IH+dK2EGa7rgcSAAw
+ ht7QD24IeGhT5J3RudV5Bfy0Y1ysW2PjKFTN2FBVZKDG8bFWwtu0tPxoXw5hZTKd
+ 0lYBZJudihBuULdV4BcMUzCaNSariUNO51eMZM9xlEUdZWyuMgIg2VETEyZa7xaW
+ Tt5JqYBx9LpIzCwDXpT8P7CRiE/MkO5R7itIwl6LiQXc9OSwbD/Pkw==
+ =lAyj
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-05-04T14:10:20Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//bdII+7rJQgXCCjuto72G82sOZ37y2AuqtPWZc3yY9Pzo
+ mQdZ7qqAGdKbY9qjPTs/guu8jkBG+vCG+LZBu/vorxmIJWrgRAzdA1Q18q7r22Hj
+ rzzielzrRbYv5So0LQ4PjaBh6Us1hDuJYt+w5NPAKum6t8omF8H5SWsjC7sYdfsM
+ Q5oFxbqsSsnpY3GwYWCgqhRGI0pc71KyXAAmFkjT8bJQcO/GqKgm8nG8Jna9iUu+
+ hdhp/9VVmyYwwWW+5+YnbODQxyo9RRYL4NyKPe/52lDvM1THyMdbZ1dZqgDw0dgw
+ yAl7KxiKnZjeqnluicsBJCGFQjY7JTJ/jmo1P8kusKTpVa599mJ5Gw7KqsQlo0tI
+ y4h6O3RGEqVMhSg4Ul5qjMcMiCv/o1RS506kcmMSDVaCs1aLnN6QOuoijtA7xDSS
+ KtvWSrnV0yBQSEIMgZN+ehXdhDU2vLBBAvDmSKVYAaOAB7mD50y1vIEVuz8WazYF
+ oD/r2PvyOpfLGD30qGN8az2ksACB4ggxKTQnjQzk/hekBKIx6CeczZGN5L0CfICL
+ iGlSQncuw1U6FEgd9OaioA7OKhTgAiacR6s2z5oHZOG08OwO26H4UgdeWgmGNTt1
+ TNOprQ2oYvFtvYU3YKO08lXjk813yX9G67s2r8m+w+u85msmXiBVmejOsnnbEKDU
+ ZgEJAhCkbuFfbKDL2sbVYGiK7FGrMEy0XwBd1zS+MfHGbiYoTxO2SVLlIqHtY9LR
+ RULtQPNb/ZVynJluztUzMMIGM6oHxxOzZSnCu7rikNoPJdt0wWyWEl8Ezg3lqmOa
+ Fwy/yEEkHA==
+ =IOur
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml
index cae283d..93ea984 100644
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@@ -10,10 +10,6 @@ all:
ansible_host: cloud-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
- eh22-netbox:
- ansible_host: eh22-netbox-intern.hamburg.ccc.de
- ansible_user: chaos
- ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
eh22-wiki:
ansible_host: eh22-wiki-intern.hamburg.ccc.de
ansible_user: chaos
@@ -63,6 +59,10 @@ all:
ansible_host: zammad-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
+ ntfy:
+ ansible_host: ntfy-intern.hamburg.ccc.de
+ ansible_user: chaos
+ ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
hypervisors:
hosts:
chaosknoten:
@@ -70,7 +70,6 @@ base_config_hosts:
hosts:
ccchoir:
cloud:
- eh22-netbox:
eh22-wiki:
grafana:
keycloak:
@@ -84,6 +83,7 @@ base_config_hosts:
tickets:
wiki:
zammad:
+ ntfy:
docker_compose_hosts:
hosts:
ccchoir:
@@ -95,13 +95,13 @@ docker_compose_hosts:
pad:
pretalx:
zammad:
+ ntfy:
nextcloud_hosts:
hosts:
cloud:
nginx_hosts:
hosts:
ccchoir:
- eh22-netbox:
eh22-wiki:
grafana:
tickets:
@@ -115,13 +115,13 @@ nginx_hosts:
public-reverse-proxy:
wiki:
zammad:
+ ntfy:
public_reverse_proxy_hosts:
hosts:
public-reverse-proxy:
certbot_hosts:
hosts:
ccchoir:
- eh22-netbox:
eh22-wiki:
grafana:
tickets:
@@ -134,10 +134,10 @@ certbot_hosts:
pretalx:
wiki:
zammad:
+ ntfy:
prometheus_node_exporter_hosts:
hosts:
ccchoir:
- eh22-netbox:
eh22-wiki:
tickets:
keycloak:
@@ -150,7 +150,6 @@ prometheus_node_exporter_hosts:
infrastructure_authorized_keys_hosts:
hosts:
ccchoir:
- eh22-netbox:
eh22-wiki:
grafana:
tickets:
@@ -163,11 +162,21 @@ infrastructure_authorized_keys_hosts:
public-reverse-proxy:
wiki:
zammad:
+ ntfy:
wiki_hosts:
hosts:
eh22-wiki:
wiki:
netbox_hosts:
hosts:
- eh22-netbox:
netbox:
+proxmox_vm_template_hosts:
+ hosts:
+ chaosknoten:
+ansible_pull_hosts:
+ hosts:
+ netbox:
+alloy_hosts:
+ hosts:
+ grafana:
+ ntfy:
diff --git a/inventories/z9/host_vars/dooris.sops.yaml b/inventories/z9/host_vars/dooris.sops.yaml
new file mode 100644
index 0000000..b2ec161
--- /dev/null
+++ b/inventories/z9/host_vars/dooris.sops.yaml
@@ -0,0 +1,232 @@
+secret__dooris_client_secret: ENC[AES256_GCM,data:v85gIBNH4s4j36crJ+Pb2lu2cdZpwz0xndHzBKZNGKg=,iv:Rlt6R7JMcHTAAVPiTtFaxqsWD8G5B9Ab3yqItYdFR+E=,tag:dlMHaxTMx3LgOzCsTLUdzw==,type:str]
+secret__dooris_ccujack_password: ENC[AES256_GCM,data:bHeftSA7eC1cSydBRumksRgw2v0=,iv:X/pfsvQPZREifGjHDGx8mVk2TDrlrRVb6MiAr01wI9o=,tag:ti//x7eDbheMG6Hsn2KBlg==,type:str]
+sops:
+ lastmodified: "2025-05-29T13:28:08Z"
+ mac: ENC[AES256_GCM,data:SkqMlgJBdM+CMLE/um7m8V0ni04Xi3S9GovNsADrws6VbSWTX+50oc6HtWl+Kj2XugLfp2XpVnlzggCiq3fePsdt1af2+ZfSCue1d+dexjo5Q/gvE/olKlmn6aj5qiosUsLgu7v2bCOIb9m9WiEhlQLKx1wGiqVNQDabiLOJV6E=,iv:NUUOcXtbg+xMHqthipKpRAWLTXda8rup4aCbbP8sVEg=,tag:wyh+hrZreOyT7uQQrghb7w==,type:str]
+ pgp:
+ - created_at: "2025-05-29T13:09:43Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtARAAjrmnSy9HYxao+iAaOWEmTX/irINxrrA3Un+Nhna8W5ri
+ zokFzeCpto1iraFy2UMh6xQE1b2SEmFvGv+mCdwnPcYRR0PJ6vIulGr+sNURUe+O
+ fEgPJgXWxR+1FT8/Ko+9P28TlcSHSdy6bemLtQmi2wNJjkexLoiX9QB0B287I9GQ
+ 5wx/xW3uzA/wTheAtP1OhuLqQn5ADvzYovKFy71JIBWyxu0zVozUYi5AYKq9t3qP
+ eyeh4ZYbUgfD6pVF1rXuf3sr6y4TjW9XN9EmYzN1+/qcL287S0LWTAGzS0xgkvKR
+ QM2xIPU+MfX278G5ISxcqirbXGWpm8+WXn7wDUcpPeenffbvyL1FIqOb8QkJBYVM
+ Q4XxjrvTT7rTdz6u2Z8y6BuK03R6dXtqwMQ+Jn8ovrTEAr2nk57vLkOlLSoPH5qp
+ O//1fHSD7Rm4VPwSRahwJQ5gQ1orvpZ7wj27DrUCvG16zqtdYLvXIa8CG7Kr28dh
+ EpuKHD4vQJTrY6SXUfLYEYeTBjGnT0tl8kgQnffbnB46pS5ekDdE7w+S9QSzPgXt
+ e058viX1qAVCy1xPeyj38kRJBtHX0sgE8T50AbkKBG3+H9RY4NOIRKsPkfL3D/9K
+ luPXcAM8Qbmu0T99ZpyQuLFg0RosJaMNlcL+MLpqOGAU3Jj0TfYQzy+s1Vm0+lLU
+ ZgEJAhCUkAKxLkbSVKdt8bK8fb6Wxs245XPUZZpnnwtF2psGOgCU4JbQu2e6Uu+H
+ W/cLSXth85OKfrsypO5AAyDhcNw5K/63jHsOq1MUlv7qKxqS28LgmLxvH+fkTlX2
+ yy2c6b4rgQ==
+ =i7G7
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-05-29T13:09:43Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ//UxDv3k98prigd9KUtFZsiDGlY9Vw7YDlYdUQx6kjxHnF
+ JfO6LvXrnpkVwYQ6Nbda5ugKm+1b+wvMO0w0xcLFJ1BTKW3prvm51ect8UiOgetx
+ go/tnUl2R42gu8D9Czge4/bQJO1pdzeDF71gSQju2k/sYGcTP2QCsxdbQziziKy2
+ vMcnBCMSJFTkDjDYlCsAzDJ3Axb/1NFYdOiAeAr0V9P5SHZAxoAw6w8NgbgyUggB
+ Nrh9pwvUMHa7mT6TWR0wTYlseoGAGWBhDaIZOn3SW/yupJMFqOOMy7iEchnRdIPb
+ 4d5RKlaZxWHDeD8yMQBHmNE9hzi+lbVyCtP2ozFGhYvyrHvOQ/H/NsPT6aW6XCEj
+ PCVTmmWUX3ZUjOoyFtJvWI8QJWicnqYm3hZg+Q1N19MTfmSBjvP5unqu3yLJIBuR
+ S5olb3F9dAdMaHHtfEaXdX1jftqlupS6KenCDss+aTSIrAllM970CILNduvvEvrG
+ u9cIofQs0G8B4qy1SYAdMT0psh/e/lzUb2qFKy6OWnWU9Q+DEclCsjYQQYdOaFEg
+ Mf2diWFTsD2tVlZk3inQ5LYLb0HgOEPgOBcpz0VGqdTerCx7bN6va1cZN+TOEwzw
+ w28WTYEabeH13x8L2QB1hBxuyZjKb5nBBNncV5lR77o4VGeacxxxzriMD27HCavS
+ XAGX+omwzhH9M70XmTHANNTxuB3GM6zz0y9tHWtr6HZ9yZwHKTfRGOOmSL8+m6k2
+ k3gHVlcdzac7L1VExaWTdGATzvL1CxRo6F+DPPpz5Tg7872IfGR2PZ4gB7ko
+ =AJfS
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-05-29T13:09:43Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAAvQPy/OBTDUzdnp3SEaAva0GcJLol10vbsCKyT4KLlW3d
+ ByrqmPzRov/CZ8SOs8lTvqgp7qWOH60c1wwCrJTZ9WNQNfQ0C0fjl/KKhsFKelHE
+ JZVGfwz7cKV90ZrGFhUZF5koiT9Wetzc+kQ4SQo6xrMOjWVtwbFjJ8NjH7Se+URK
+ 8VbEp+dMU5ilql9rmOzx/74vmr+z4p8/LCFJmOjPbwuEFUFIO53+ytrD9JV2LbOh
+ W3T0kBn3kqWDnVbI+sclwc09d6C6d3cb/MppHDDggH4TMnS6coEU8On8xEsAvHco
+ +XH1Cdu6nYlfqF+k5G+fEfP7Rk8NE/wWJ1bX7J+gcCABvl+Y2/5TYJQvvDrEngPa
+ VfFujgqq+b9EvIznfYVgPqiJq222hZzesZXZGc8T4TpP3szo7GRL9d8Ivg63Y3Nz
+ ty7eRb/WmBnkfVa8CamjmR7Gqt5LOVSXfZksK3kXXVAtLrZ0fQIll9ug3EELCo9D
+ cbhhud2JLXoJZNlYh6fBlKMRWJWjIbxEETx9S8FgFIUegOyLu6ydlqAYAQTnYa/1
+ kWmuwQB3xjgiY3+9Ji7BO5e7ZlRIhs837brJfZ0bbJneTGO5IRI8gpdjt+D79XlK
+ 72yG/7zlrNi/xbWdUtT1D6PIwq5KTltMt9D3Kp0iZF9WvzQ1hVl/lXWaI7LtaU/S
+ XAHVfQzc4HoskbWHsOdlQNAOks4J4eBRFkVxmWbVXgeiWJ+ATPf29PQR9Jbqlzum
+ AZuIGvoXqS41oy5+mOgmtKY1pKMH/cGjfXYzi9HJmQnjEt9IR+hgUx16A+tG
+ =PedT
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-05-29T13:09:43Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1ARAAnxFIPa1QdjcBu4yUulTP5ptMhXObVnLMLK6SmKiq/rmG
+ SD/M9fWNuROi8NodJd0TJN1L/osSSMuD9aqV0SkZPnt7NM4yood5k0N9sTDZAr0u
+ KRYccvv+gJACRyalZL9v4t5/YZU5uexJ0ciBSnuNk3ds0nm3Ln1Iz4BMBMR2KTiT
+ f2PvZMIE2PP0v0oGDYPIOSPqfoXjjUFyqp/3HI+l+bzORNT2yzl/062e3h1m7zVA
+ TA7zWLDVcZFA/Aa3+LACKaz45V5Lj7gUXkgJ7R+d/qg963OYTUbLSiNTgtgqnLLa
+ DJmc3RDcuOeHaG2AY8l/r+cf3s2TH0J6bLIAZVEBSvBvXD1wMY4nCjubUEd3nUp8
+ 5GT8WyQ6f8aB8Ay4rytdtOWu8NuMIwDpT3ksT0W4XI22EeHJv66vTSvV4pfcoiSe
+ cdrCChfRGCpiWW52tJZ4HjkhXW61a86Vt/khhok/h8T6SWADRn3aHj52s+qNtigf
+ scYEmBFUA2GSmTB3gHCjwWckVGgpFmXPYaI4LE50vU2nndxkxHx17GQjSLS+9Pt2
+ iTVVOqJu+mlfiXqfO7LS/NzaIDlMcYr8/JVA+hTRM0cUN6HgzC5s/486JoPbU9BX
+ o5i+NhNyhY5E8H4VXK48fvNUGHjpJLqC/InVM1wguxYxeHbI4YYqZkFtO/oIxwnS
+ XAGsRHOkwxoDL2QNQpFeJ5oeXG5WccCLbIBiuQJYh8GGE0fnIOakx5SyU0A1+TVN
+ Kr/n3tJosVGNCtfFvjKxYtUSxqf7yu1VeoPyD9o52XevAfE0OtEIcQ+Nyy2Z
+ =R48r
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-05-29T13:09:43Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4HMJd/cQYrVARAAxMZNf/eTAZvHArZJDJ67u7conjEEL0BHNmY0Tq2v2vFH
+ SDbPrecIRGVK6eY4eQDm3OKt14pa93qPZxaGZAZCKCVDNb2lpXSvoT05sUi29X3k
+ 9yDDKnXsWM0zK7U9/WPeLlVVT9zKzRixlRKHJWD0567lVXmAIq3xI4/QxkVIaH/r
+ 9+2oISxoXnz1c3JTNwdNEoA85m+nTi1Rd44T1QuTH0fj7i1VwWgK92TMQ2V92NnY
+ k8JdQQmCNXoC4BeEdo4v2nCUPWxBHC3ti2Yh4BFsik9iv3WeDe5RGLwdQwrI65pd
+ L6C1Sp+Q0CDZuaavheC/p6pplUDAml57EFEovQSgpm+ye5j9LO0dUxdeBG2krVoi
+ 3Rzz+DAI2C/zAXm3FHak+UnlVsQ0D6fF8qaiozwc8FDxSJZGbUE2hywuMuosNSUE
+ iPxT4XW+cWCqQOTLAAbyHSS4bAcc8Q26vw9OpQ5J65JanRUgxSfKOHGJr1bNJTVx
+ RPs6y/KPdxArzlxmXcJ+U4OBDMQQTMZ8ntsdQgMqqYZy1IUQKQQg4+X+Wj3C9AWY
+ sAdgY9bLdQTo5+zP+vkY22+QGIqs6piY4e4qj772Rue65LyF5qUpe0jkNyA7NzhK
+ uaCingCMAyt8IMMRjGJcI6uru43QgUBYpaAWc9hBbNQ5ASHp4bbj3WemJt1k7XPS
+ XAEO2UMCisCNfCsKsqE/uKi/zQ0xtugh2XrTUG42xnFS4t24DVJJEC0+aXAtyvNk
+ B2FYqlaHnqCNyifLR2r6CGO/PysTGIBvfDwNHcfD9TylONdKOLr91s4UV2W6
+ =rUnM
+ -----END PGP MESSAGE-----
+ fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
+ - created_at: "2025-05-29T13:09:43Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ//VPjP2gKLowb22MawLvWyvEBvPqY5snNBNHMUaNxd/e4J
+ XaX8Z98AYn9rSL8uzGOk4e62uNZsOCRoK+v5gwM3p4Y4qzVjFYAD4pRBYsdHEEEk
+ 5hu8nrB2KdHCFocWWgW5IdTXalITX5nb4MpwZkd2pg8Nnm2VRGmGmPUVcY4cA+m4
+ vhwe1ExWiUmfEditK347VJib+T2nNdsrCPDzFpo9MzUhOh0k7xLlIhgCHNkF91xX
+ Fmlkw/lUqIOvZlfQ4YyH/e/am6803w9bP1iAtSc1KVFK8M0+ETnYgLniWlQ22UKX
+ bp9bRovhhoTIwz24DZYEKFyAJ1X/ovD1hl1RhAjGniGHNnGOUQrLyFVNdJS//3as
+ 4Ag0WbQDiOg6AdUFPq1LIPnSxHquwFc4zQNE/9FjbFL+H+bena8fXyeQYy303/j/
+ ZXyTjkui1jVdEb5XEF24kIe6E7eBnyYD4h4gNVf1FF4r0vbRxdoKSxHG4ebiwPWd
+ o9eSkCXl8hJj0b9fC9EC+G9xtxVyc+Oyimft8UueMDnneenzGrFo0uDgJryRECKn
+ uAs/RpHz7af8JAkm5Bb0s5oCRpG0NZoEX71jSjcS602gT9tA1ySA/iNKbCXzmmKw
+ brWfOwvjotEgZJAhnUfQ4dPcu0lNoGVWbcgwBOrIj556CtdWH82Qm8igi30DhuXS
+ XAFstOs9MB0KTkS5SoqnRKGQYL7nB+JAN5cUCYgxyIsKdOA2a+i/Hez56Nqlaat4
+ RauajOum1aFl68PgCFDHMJOYIaC8dOTo5n4xnNhMNtcrdApKifsAuqDP+sh5
+ =V9/6
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-05-29T13:09:43Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//XU4i+oehBWqZYgbJufjf9hg6pkPegnYoOMO439OA79Uu
+ axlWSHcTB6+vRC/o3e5LW3p5R5ANb64OOGyDeW5PeH6C2+b6/xlqyPAU233tNbmv
+ sQX1H/4BJjuWmM+tmpjP9H1K8rWmw+6+xvVVbOFudkYyyJtNupOrUtkQIep92Kve
+ rrgAlOXE02+3rqIl678s1R53wjIeovFd4XNxbO8LGWVELGgvREjJrUooYuqT1DYo
+ unVtK/W9WFzXv2hCzXiiFLfg5HJCpUq61jiKexEDYRdMqRAHBNQim556vN2RghCD
+ TH2B85GH57UKMIMCQB0XXekCEM1f/P9FBjulnhwZPOU5J41pmeHL3NB6Jo3GDXSO
+ U1pK8NOE44dyVCIw6GB5ZPSmB+pKITu7Rhet5pFUQvEkbzbvh2ckiclL8viK/Rq9
+ ntPJ/NNb4IjVs/tBtmnAM1gXvoTSc3FGH8TTDow1RTpyqixx8xao+5PE9+zKL4Wu
+ aRe6NMa5xVWexCM2kQ3dLPPypO1yAodlB+a611ocQc2JHsKyxhIuS4VIJeJ1TWc/
+ pdPW0JbgiPR1D3xvbLy89SOANFFug3WZzqjsl/BKxs8g2NA+dWYgbzUq5axrcIWd
+ j8F4gNa36BmvnTwA/UEkq30wNfaEucYrSoT4vdeT9rlhXuna1/iBHg8mCxQotxPS
+ XAGSQDissUfuC6QmJoUY7o1eGlr/yC11zghiJQRwi8/czQnnnukv2BMQL3UMBcvq
+ 9by5gFOjpytXGsk94VLzsD/jg5AeQqpFU8UJwr/XAPaPaaBo1RemYQf68O8E
+ =3RuY
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-05-29T13:09:43Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//ZOAZkk8v70befbmw0wVTgb7VQam9XpcvJ8y19A+bMIDV
+ R464pWEoBxSh+pvj0QoG2U40YX9Loc/VbAydlWrPFCGajxxkqkOxn1sbI5QfvYnw
+ efGIxWaTUQYH5miWWh2ZeES49wVqosplCP4VAq1F7B//9e5i5YiKcF2s1agMIgp7
+ nSnQrekNgP409CQPsYYuUGq18eiH5lz1waXBkqK9aQnTMB6dh8tf/xnLzQsdwliK
+ dgITB93MMYZ64CYQmhTspBsqB/eFEjZCvnn43Y2+vwwzRz8p4NlpM/U+N3xdBy97
+ tmhKdNWl1zzmoqp7k8gTnJlSJibXuOJOMK7lXT3/eKfOp5tFauvHCwqq6TroE4Q/
+ yqBonz7RWmBtLlqIUs0C8sqq8sCmtOFI4o04zcV/IGA98KeNa3ZkfkO/fPhnO9D9
+ bwzWMrdgpQwb3lzNM0/WbNBfIjdloviDa7I2Pgrc1LM8UcFVMsCmk2eqImD74YIn
+ eyNkIY6FMJhrVapuYShTf0sKn8bDWxi+VYZxPGbObTe2t52/z/6XP2tnSSZ5rn2H
+ zn68Its9dGhZ9ILkEDBuBh3/4cJwKs94MwhOIlPwgWIl98Sr6NUricSmNMV4B/Ku
+ DXlPfVxbxqJhzvIFG7pADm5HbFyWgFl9QpVfomJoacsQSTE3KPPe/2SKzG2l5aPS
+ XAFFzACeI/226BzPJGQ12BBFPfMKcQB3Rfg20Y60s4E28AFWGhQUI5BNNLkhEELu
+ JiKiSt/baYpehzEDCbKAnk1xCVldeV5WfyaOako1PaApXxjKb68cdyKJtZ8+
+ =D3tP
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-05-29T13:09:43Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/9HbqjtdZC+8Al972EhHn0985LiD8o398dKO4lgufq5gKd
+ E4EhSEr1OmeEdSvTFDo2C3UFKrhoX6mU+GG9yZfRX0R6FJUJJP2xr7F1gkL4icXb
+ BBbHu7MDTLzVM8oP2/y6dwzZL507t1AhcTXAzSoY7jkvjSYzLukocZfFhJ94QPQS
+ T+k6pjVEgDJDJ5sHWw9zfW79Wo0Sl8hpSPVOkV02VV9EmDH+9kXj8u5ZT92/3zWN
+ HVUGWKDDIerpGHurwDEr1B8Ql1Tk+UgPjcErt3TlKOkUaIIwcN3STP4B1XaFxhjt
+ u1XrFVrqI9jFYCtgt/Mf1mfEfhf18bclQjTqswxY3HUqG23T1EClu57mJsofcS3H
+ bqF+1Mv798C2jFz6ht31LDJllI95pCnwuxbL3Z0tm2u0oj2us9WodERIWVEwcisD
+ hK5Shhv03T2X1OJmAPPAoSQhYIVKBdwkautTF+J2jPRUXulzgLVG7MLowTzbX/c+
+ dT4uZ/ZKM3SWVmrwN5AOcGG8PVNtkt7/Dd8uDLeNNlK9QXJK5nfxDnhlRRpOmbDA
+ fRnS9tLPmY+T1knwKbMO8k918FqEhjdAHdEr+C5YbEiupUY+0KpoCqaf04cWlI8W
+ Ei0dhZ4OrBKiIZIY5i12BXcskgjsXPRNLqkN/fYqVyR+5VjM07kSOsnpgfinF+DS
+ XAHL+cPJCA+k7jnyrDDxjqETeEwf0gTgWMCSWQecULBV1UPh6AjNARsKAAOrr8BJ
+ nynWrpIAHfsb4CP5FfYl/CnydhJB3GHfBtElrUS17v4hhl656IXMyXMeGgKz
+ =l5zk
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-05-29T13:09:43Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAR8zTJ9Cb4meMl7X9r47AeKuyWkK3ck+s3WfwPSv6qzQw
+ RCWHumJZKT8+ZhZkyfHbcvNvx5q23cPngLdJ2GDpXfkl5imFJUdrfpxJvCvBJl/n
+ 0lwBsBFzr+gLGVuPodabHjiAx22Fc3tjEigHTBpV2fclmM97oJDBk6vx10vWIgv6
+ yWWlGWo25LvlrGc9hNX5UzCTBUwkDs3cmV2r7O/wzDEgyqs82/lzm+hnDtHcsg==
+ =zBp8
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-05-29T13:09:43Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAQpzleW1vX2SXQXVn6NgWQTmlMfWm3RW4OUpdxByKlkEw
+ lADSS3szOdQWtQ8TWUAFhDbakJ6vLgUgvNV163Onxrn9GFJXylfdSSspE+8Z6Vws
+ 0lYBY2g09YqA1WBhBorJAF0GZk8j+SDhLXs4YVcGbxDYr4pFbSqsJQ6M5k0Kv5W3
+ MjxvKJVl0qxhhv+FF8kLicwX9avCarpSrgH8dSNH8926ZEyAm6g9JQ==
+ =7bUV
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-05-29T13:09:43Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAA2McI7djN679I+L/8DY9L5j+hYHdu78KkfB/HTAWtI88L
+ rHathJG/yW4Vao+x/SYyhcRLY9oWblqIgausLAPLQpTN8M+2ZsVS2Q0J+OWhIsfy
+ 889cGno22s561YU4mrutREn+XC/QL3T01bHJw7QWCQcGQ9rD6ACTkipxmDr9aLEB
+ AQRFCPGxKPdj5R4ZwABR/5kXAwtYtkdDIxE9Ckx9Ex8AGb0mX+4EL14Mi/uCmmZT
+ +h0geY7DDu6O5EP5zn2y/jT4T1vWc5N1xsHZlL6qgFA2Bdx58UQaVVBtrGos6S82
+ eIbgz1F/LtteYnAdjfeWUK6FdRh4FA5oyyVb82MzrwWk77vj2eLOhY3X6UywB4EP
+ HoVkgUxeKaKV620RO+nCV80ZTy+rqJrq2a/MpZGD9Ra+hKOkCt0mElayCG091mlz
+ tygLXwgt5ID9m3V1mJQ0f4GK6w5s+t8pK/TByXM1eToqlDsyFM/iAwbmDoehSe/r
+ 2Dq3fuB7f3Mqxnit8xfMRK/HGV1yDFwco2y6CggU1rhwl8gm56Pd90AEx3J+gkzP
+ Y6hQ5lldcHlpb2oSdI+C7UjJKySuEui2FvAYRgf2u/edcCUvrYR9zHqmanS9NCR2
+ +ZCgfBHoQRPWOWzuDKo5RFmheghhYDtqpp1BUHjpR+0B27h1sWeqECMzAvnLOfLU
+ ZgEJAhCr45YwxmaISlsPR5Z8Dr5G4sXuuciiIX7qJnDiQZBZcaPDMIUjheb69GbX
+ aMW5suQMmVlCPfaqJtKrBmtpSuF0DvDALuBIQIOUD60AUewlZq4OnOabdDo4nsIZ
+ Oo1AY3Jhcg==
+ =SuqK
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/inventories/z9/host_vars/dooris.yaml b/inventories/z9/host_vars/dooris.yaml
new file mode 100644
index 0000000..5813e3a
--- /dev/null
+++ b/inventories/z9/host_vars/dooris.yaml
@@ -0,0 +1,15 @@
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/dooris/docker_compose/compose.yaml.j2') }}"
+docker_compose__configuration_files: [ ]
+
+certbot__version_spec: ""
+certbot__acme_account_email_address: le-admin@hamburg.ccc.de
+certbot__certificate_domains:
+ - "dooris.ccchh.net"
+certbot__new_cert_commands:
+ - "systemctl reload nginx.service"
+certbot__http_01_port: 80
+
+nginx__version_spec: ""
+nginx__configurations:
+ - name: dooris.ccchh.net
+ content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/dooris.ccchh.net.conf') }}"
diff --git a/inventories/z9/hosts.yaml b/inventories/z9/hosts.yaml
index 0dde922..afe226e 100644
--- a/inventories/z9/hosts.yaml
+++ b/inventories/z9/hosts.yaml
@@ -1,21 +1,40 @@
all:
hosts:
- light:
- ansible_host: light.z9.ccchh.net
- ansible_user: chaos
authoritative-dns:
ansible_host: authoritative-dns.z9.ccchh.net
ansible_user: chaos
+ dooris:
+ ansible_host: 10.31.208.201
+ ansible_user: chaos
+ light:
+ ansible_host: light.z9.ccchh.net
+ ansible_user: chaos
+ thinkcccore0:
+ ansible_host: thinkcccore0.z9.ccchh.net
+certbot_hosts:
+ hosts:
+ dooris:
+docker_compose_hosts:
+ hosts:
+ dooris:
+foobazdmx_hosts:
+ hosts:
+ light:
+hypervisors:
+ hosts:
+ thinkcccore0:
+infrastructure_authorized_keys_hosts:
+ hosts:
+ dooris:
+ light:
+ authoritative-dns:
nginx_hosts:
hosts:
+ dooris:
light:
ola_hosts:
hosts:
light:
-foobazdmx_hosts:
+proxmox_vm_template_hosts:
hosts:
- light:
-infrastructure_authorized_keys_hosts:
- hosts:
- light:
- authoritative-dns:
+ thinkcccore0:
diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml
index d7dcdac..952aeec 100644
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@@ -70,5 +70,13 @@
- "o=Docker,n=${distro_codename}"
- "o=nginx,n=${distro_codename}"
+- name: Ensure Alloy is installed and Setup on alloy_hosts
+ hosts: alloy_hosts
+ become: true
+ tasks:
+ - name: Setup Alloy
+ ansible.builtin.include_role:
+ name: grafana.grafana.alloy
+
- name: Run ensure_eh22_styleguide_dir Playbook
ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml
diff --git a/playbooks/deploy_hypervisor.yaml b/playbooks/deploy_hypervisor.yaml
new file mode 100644
index 0000000..4d3200f
--- /dev/null
+++ b/playbooks/deploy_hypervisor.yaml
@@ -0,0 +1,61 @@
+- name: Ensure the VM template generation is set up
+ hosts: proxmox_vm_template_hosts
+ tasks:
+ - name: Ensure dependencies are present
+ ansible.builtin.apt:
+ name:
+ - git
+ - libguestfs-tools
+ become: true
+
+ - name: Ensure /usr/local/{lib,sbin} exist
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: directory
+ owner: root
+ group: root
+ mode: "0755"
+ become: true
+ loop:
+ - "/usr/local/lib/"
+ - "/usr/local/sbin/"
+
+ - name: Ensure the pve-template-vm repo is present
+ ansible.builtin.git:
+ repo: https://git.hamburg.ccc.de/CCCHH/pve-template-vm.git
+ dest: /usr/local/lib/pve-template-vm
+ version: main
+ force: true
+ depth: 1
+ single_branch: true
+ track_submodules: true
+ become: true
+
+ # /usr/local/sbin as the script uses qm, which is also found in /usr/sbin.
+ - name: Ensure symlink to build-proxmox-template exists in /usr/local/sbin
+ ansible.builtin.file:
+ src: /usr/local/lib/pve-template-vm/build-proxmox-template
+ dest: /usr/local/sbin/build-proxmox-template
+ state: link
+ owner: root
+ group: root
+ mode: '0755'
+ become: true
+
+ # This sets up a cron job running /usr/local/sbin/build-proxmox-template using the env vars defined in hypervisor__template_vm_config.
+ - name: Ensure cron job is present for building a fresh VM template every week on Friday 04:00
+ ansible.builtin.cron:
+ name: "ansible build proxmox template"
+ cron_file: ansible_build_proxmox_template
+ minute: 0
+ hour: 4
+ weekday: 5
+ user: root
+ job: "{% if hypervisor__template_vm_config is defined and hypervisor__template_vm_config | length > 0 %}\
+ /usr/bin/env \
+ {% for item in hypervisor__template_vm_config | default([]) %}\
+ {{ item.name }}=\"{{ item.value }}\" \
+ {% endfor %}\
+ {% endif %}\
+ /usr/local/sbin/build-proxmox-template"
+ become: true
diff --git a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
index e4ab5b6..c2108d8 100644
--- a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
@@ -6,8 +6,8 @@ services:
image: docker.io/library/mariadb:11
environment:
- "MARIADB_DATABASE=wordpress"
- - "MARIADB_ROOT_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_ROOT_PASSWORD", create=false, missing="error") }}"
- - "MARIADB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}"
+ - "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}"
+ - "MARIADB_PASSWORD={{ secret__wordpress_db_password }}"
- "MARIADB_USER=wordpress"
- "MARIADB_AUTO_UPGRADE=yes"
volumes:
@@ -23,7 +23,7 @@ services:
- "WORDPRESS_DB_NAME=wordpress"
- "WORDPRESS_DB_USER=wordpress"
- "WORDPRESS_TABLE_PREFIX=wp_"
- - "WORDPRESS_DB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}"
+ - "WORDPRESS_DB_PASSWORD={{ secret__wordpress_db_password }}"
volumes:
- wordpress:/var/www/html/wp-content
ports:
diff --git a/resources/chaosknoten/cloud/nextcloud/config.php.j2 b/resources/chaosknoten/cloud/nextcloud/config.php.j2
deleted file mode 100644
index 718bcb8..0000000
--- a/resources/chaosknoten/cloud/nextcloud/config.php.j2
+++ /dev/null
@@ -1,98 +0,0 @@
- '\\OC\\Memcache\\APCu',
- 'apps_paths' =>
- array (
- 0 =>
- array (
- 'path' => '/var/www/html/apps',
- 'url' => '/apps',
- 'writable' => false,
- ),
- 1 =>
- array (
- 'path' => '/var/www/html/custom_apps',
- 'url' => '/custom_apps',
- 'writable' => true,
- ),
- ),
- 'instanceid' => 'oc9uqhr7buka',
- 'passwordsalt' => 'SK2vmQeTEHrkkwx9K+hC1WX33lPJDs',
- 'secret' => '3dBt5THD2ehg0yWdVDAvMmsY8yLtrfk/gE560lkMqYqgh6lu',
- 'trusted_domains' =>
- array (
- 0 => 'cloud.hamburg.ccc.de',
- ),
- 'datadirectory' => '/var/www/html/data',
- 'dbtype' => 'mysql',
- 'version' => '25.0.9.2',
- 'overwrite.cli.url' => 'https://cloud.hamburg.ccc.de',
- 'dbname' => 'nextcloud',
- 'dbhost' => 'database',
- 'dbport' => '',
- 'dbtableprefix' => 'oc_',
- 'mysql.utf8mb4' => true,
- 'dbuser' => 'nextcloud',
- 'dbpassword' => 'TdBLMQQeKbz1zab3sySUsGxo3',
- 'installed' => true,
- // Some Nextcloud options that might make sense here
- 'allow_user_to_change_display_name' => false,
- 'lost_password_link' => 'disabled',
- // URL of provider. All other URLs are auto-discovered from .well-known
- 'oidc_login_provider_url' => 'https://id.ccchh.net/realms/ccchh',
- // Client ID and secret registered with the provider
- 'oidc_login_client_id' => 'cloud',
- 'oidc_login_client_secret' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/kc-client-secret", create=false, missing="error") }}',
- // Automatically redirect the login page to the provider
- 'oidc_login_auto_redirect' => true,
- // Redirect to this page after logging out the user
- //'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
- // If set to true the user will be redirected to the
- // logout endpoint of the OIDC provider after logout
- // in Nextcloud. After successfull logout the OIDC
- // provider will redirect back to 'oidc_login_logout_url' (MUST be set).
- 'oidc_login_end_session_redirect' => true,
- // Quota to assign if no quota is specified in the OIDC response (bytes)
- //
- // NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to
- // zero or -1 or ''.
- 'oidc_login_default_quota' => '1000000000',
- // Login button text
- 'oidc_login_button_text' => 'Log in via id.ccchh.net',
- // Hide the NextCloud password change form.
- 'oidc_login_hide_password_form' => false,
- // Use ID Token instead of UserInfo
- 'oidc_login_use_id_token' => false,
- 'oidc_login_attributes' => array (
- 'id' => 'preferred_username',
- 'name' => 'name',
- 'mail' => 'email',
- 'quota' => 'ownCloudQuota',
- 'home' => 'homeDirectory',
- 'ldap_uid' => 'uid',
- 'groups' => 'ownCloudGroups',
- 'login_filter' => 'realm_access_roles',
- 'photoURL' => 'picture',
- 'is_admin' => 'ownCloudAdmin',
- ),
- // Default group to add users to (optional, defaults to nothing)
- //'oidc_login_default_group' => 'oidc',
- 'oidc_login_filter_allowed_values' => null,
- // Set OpenID Connect scope
- 'oidc_login_scope' => 'openid profile',
- // The `id` attribute in `oidc_login_attributes` must return the
- // "Internal Username" (see expert settings in LDAP integration)
- 'oidc_login_proxy_ldap' => false,
- // Fallback to direct login if login from OIDC fails
- // Note that no error message will be displayed if enabled
- 'oidc_login_disable_registration' => false,
- //'oidc_login_redir_fallback' => false,
- // If you get your groups from the oidc_login_attributes, you might want
- // to create them if they are not already existing, Default is `false`.
- 'oidc_create_groups' => true,
- // Enable use of WebDAV via OIDC bearer token.
- 'oidc_login_webdav_enabled' => true,
- // Enable authentication with user/password for DAV clients that do not
- // support token authentication (e.g. DAVx⁵)
- 'oidc_login_password_authentication' => false,
-);
\ No newline at end of file
diff --git a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
index 7e6ad56..8832381 100644
--- a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
+++ b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
@@ -11,7 +11,7 @@ $CONFIG = array (
'mail_smtpname' => 'no-reply@cloud.hamburg.ccc.de',
'mail_from_address' => 'no-reply',
'mail_domain' => 'cloud.hamburg.ccc.de',
- 'mail_smtppassword' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/smtp_password", create=false, missing="error") }}',
+ 'mail_smtppassword' => '{{ secret__nextcloud_smtp_password }}',
'mail_smtpdebug' => true,
'maintenance_window_start' => 1,
);
diff --git a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 b/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2
deleted file mode 100644
index 56995ca..0000000
--- a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2
+++ /dev/null
@@ -1,60 +0,0 @@
-ALLOWED_HOSTS = [ "netbox.eh22.easterhegg.eu" ]
-DATABASE = {
- "HOST": "localhost",
- "NAME": "netbox",
- "USER": "netbox",
- "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}",
-}
-REDIS = {
- "tasks": {
- "HOST": "localhost",
- "PORT": 6379,
- "USERNAME": "",
- "PASSWORD": "",
- "DATABASE": 0,
- "SSL": False,
- },
- "caching": {
- "HOST": "localhost",
- "PORT": 6379,
- "USERNAME": "",
- "PASSWORD": "",
- "DATABASE": 1,
- "SSL": False,
- },
-}
-SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SECRET_KEY', create=false, missing='error') }}"
-SESSION_COOKIE_SECURE = True
-
-# CCCHH ID (Keycloak) integration.
-# https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7
-# https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html
-REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2"
-SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = (
- "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
-)
-SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = (
- "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
-)
-SOCIAL_AUTH_KEYCLOAK_KEY = "eh22-netbox"
-SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB"
-SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}"
-# Use custom OIDC group and role mapping pipeline functions added in via
-# netbox__custom_pipeline_oidc_group_and_role_mapping.
-# The default pipeline this is based on can be found here:
-# https://github.com/netbox-community/netbox/blob/main/netbox/netbox/settings.py
-SOCIAL_AUTH_PIPELINE = [
- "social_core.pipeline.social_auth.social_details",
- "social_core.pipeline.social_auth.social_uid",
- "social_core.pipeline.social_auth.social_user",
- "social_core.pipeline.user.get_username",
- "social_core.pipeline.user.create_user",
- "social_core.pipeline.social_auth.associate_user",
- "netbox.authentication.user_default_groups_handler",
- "social_core.pipeline.social_auth.load_extra_data",
- "social_core.pipeline.user.user_details",
- # Custom OIDC group and role mapping functions.
- "netbox.custom_pipeline_oidc_mapping.add_groups",
- "netbox.custom_pipeline_oidc_mapping.remove_groups",
- "netbox.custom_pipeline_oidc_mapping.set_roles",
-]
diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
index 83aeaad..93fb68b 100644
--- a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
+++ b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
@@ -3,29 +3,28 @@
# - https://github.com/prometheus/alertmanager/blob/48a99764a1fc9279fc828de83e7a03ae2219abc7/doc/examples/simple.yml
route:
- group_by: ["alertname", "site", "type", "hypervisor"]
-
+ receiver: 'ccchh-infrastructure-alerts'
+ group_by: [ "alertname", "site", "type", "hypervisor" ]
group_wait: 30s
group_interval: 5m
repeat_interval: 3h
-
- receiver: ccchh-infrastructure-alerts
-
-
-{# Disable these for now, but might be interesting in the future.
-# Inhibition rules allow to mute a set of alerts given that another alert is
-# firing.
-# We use this to mute any warning-level notifications if the same alert is
-# already critical.
-inhibit_rules:
- - source_matchers: [severity="critical"]
- target_matchers: [severity="warning"]
- # Apply inhibition if the alertname is the same.
- # CAUTION:
- # If all label names listed in `equal` are missing
- # from both the source and target alerts,
- # the inhibition rule will apply!
- equal: [alertname, cluster, service] #}
+ routes:
+ - matchers:
+ - org = "ccchh"
+ - severity = "critical",
+ receiver: ntfy-ccchh-critical
+ - matchers:
+ - org = "fux"
+ - severity = "critical",
+ receiver: ntfy-fux-critical
+ - matchers:
+ - org = "ccchh"
+ - severity =~ "info|warning",
+ receiver: ntfy-ccchh
+ - matchers:
+ - org = "fux"
+ - severity =~ "info|warning",
+ receiver: ntfy-fux
templates:
- "/etc/alertmanager/templates/*.tmpl"
@@ -34,7 +33,23 @@ receivers:
- name: "ccchh-infrastructure-alerts"
telegram_configs:
- send_resolved: true
- bot_token: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/alertmanager_telegram_bot_token", create=false, missing="error") }}
+ bot_token: {{ secret__alertmanager_telegram_bot_token }}
chat_id: -1002434372415
parse_mode: HTML
message: {{ "'{{ template \"alert-message.telegram.ccchh\" . }}'" }}
+
+ - name: "ntfy-ccchh-critical"
+ webhook_configs:
+ - url: "http://ntfy-alertmanager-ccchh-critical:8000"
+
+ - name: "ntfy-fux-critical"
+ webhook_configs:
+ - url: "http://ntfy-alertmanager-fux-critical:8001"
+
+ - name: "ntfy-ccchh"
+ webhook_configs:
+ - url: "http://ntfy-alertmanager-ccchh:8010"
+
+ - name: "ntfy-fux"
+ webhook_configs:
+ - url: "http://ntfy-alertmanager-fux:8011"
diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl b/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
index 5318fb0..3e97e6e 100644
--- a/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
+++ b/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
@@ -20,16 +20,25 @@ Links & Resources
{{ define "alert-message.telegram.ccchh" }}
-{{- if .Alerts.Firing }}
-🔥{{ len .Alerts.Firing }} Alert(/s) Firing 🔥
-{{ range .Alerts.Firing -}}
-{{ template "alert-item.telegram.ccchh.internal" . }}
-{{- end }}
-{{- end }}
-{{- if .Alerts.Resolved }}
-✅{{ len .Alerts.Resolved }} Alert(/s) Resolved ✅
-{{ range .Alerts.Resolved -}}
-{{ template "alert-item.telegram.ccchh.internal" . }}
-{{- end }}
-{{- end }}
+ {{- if .Alerts.Firing }}
+ 🔥{{ len .Alerts.Firing }} Alert(/s) Firing 🔥
+ {{- if le (len .Alerts.Firing) 5 }}
+ {{- range .Alerts.Firing }}
+ {{ template "alert-item.telegram.ccchh.internal" . }}
+ {{- end }}
+ {{- else }}
+ There are too many alerts firing at once
+ {{- end }}
+ {{- end }}
+
+ {{- if .Alerts.Resolved }}
+ ✅{{ len .Alerts.Resolved }} Alert(/s) Resolved ✅
+ {{- if le (len .Alerts.Resolved) 5 }}
+ {{- range .Alerts.Resolved }}
+ {{ template "alert-item.telegram.ccchh.internal" . }}
+ {{- end }}
+ {{- else }}
+ There are too many resolved alerts to list
+ {{- end }}
+ {{- end }}
{{- end }}
diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
index 3e994dc..8e22dc1 100644
--- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
@@ -6,6 +6,7 @@ services:
container_name: prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
+ - '--web.enable-remote-write-receiver'
ports:
- 9090:9090
restart: unless-stopped
@@ -13,7 +14,7 @@ services:
- ./configs/prometheus.yml:/etc/prometheus/prometheus.yml
- ./configs/prometheus_alerts.rules.yaml:/etc/prometheus/rules/alerts.rules.yaml
- prom_data:/prometheus
-
+
alertmanager:
image: prom/alertmanager
container_name: alertmanager
@@ -35,7 +36,7 @@ services:
restart: unless-stopped
environment:
- GF_SECURITY_ADMIN_USER=admin
- - "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/GF_SECURITY_ADMIN_PASSWORD", create=false, missing="error") }}"
+ - "GF_SECURITY_ADMIN_PASSWORD={{ secret__grafana_gf_security_admin_password }}"
volumes:
- ./configs/grafana.ini:/etc/grafana/grafana.ini
- ./configs/grafana-datasource.yml:/etc/grafana/provisioning/datasources/datasource.yml
@@ -49,13 +50,61 @@ services:
restart: unless-stopped
environment:
- PVE_USER=grafana@pve
- - "PVE_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/prometheus-exporter", create=false, missing="error") }}"
+ - "PVE_PASSWORD={{ secret__prometheus_pve_exporter_pve_password }}"
- PVE_VERIFY_SSL=false
volumes:
- /dev/null:/etc/prometheus/pve.yml
+ loki:
+ image: grafana/loki:3
+ container_name: loki
+ ports:
+ - 13100:3100
+ - 19099:9099
+ restart: unless-stopped
+ volumes:
+ - ./configs/loki.yaml:/etc/loki/local-config.yaml
+ - loki_data:/var/loki
+
+ ntfy-alertmanager-ccchh-critical:
+ image: xenrox/ntfy-alertmanager:latest
+ container_name: ntfy-alertmanager-ccchh-critical
+ volumes:
+ - ./configs/ntfy-alertmanager-ccchh-critical:/etc/ntfy-alertmanager/config
+ ports:
+ - 8000:8000
+ restart: unless-stopped
+
+ ntfy-alertmanager-fux-critical:
+ image: xenrox/ntfy-alertmanager:latest
+ container_name: ntfy-alertmanager-fux-critical
+ volumes:
+ - ./configs/ntfy-alertmanager-fux-critical:/etc/ntfy-alertmanager/config
+ ports:
+ - 8001:8001
+ restart: unless-stopped
+
+ ntfy-alertmanager-ccchh:
+ image: xenrox/ntfy-alertmanager:latest
+ container_name: ntfy-alertmanager-ccchh
+ volumes:
+ - ./configs/ntfy-alertmanager-ccchh:/etc/ntfy-alertmanager/config
+ ports:
+ - 8010:8010
+ restart: unless-stopped
+
+ ntfy-alertmanager-fux:
+ image: xenrox/ntfy-alertmanager:latest
+ container_name: ntfy-alertmanager-fux
+ volumes:
+ - ./configs/ntfy-alertmanager-fux:/etc/ntfy-alertmanager/config
+ ports:
+ - 8011:8011
+ restart: unless-stopped
volumes:
graf_data: {}
prom_data: {}
alertmanager_data: {}
+ loki_data: {}
+ mimir_data: {}
diff --git a/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml b/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
index 44999d4..632ad1c 100644
--- a/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
+++ b/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
@@ -7,3 +7,15 @@ datasources:
isDefault: true
access: proxy
editable: true
+ - name: Loki
+ type: loki
+ url: http://loki:3100
+ access: proxy
+ editable: true
+ jsonData:
+ timeout: 60
+ maxLines: 3000
+ httpHeaderName1: "X-Scope-OrgID"
+ secureJsonData:
+ httpHeaderValue1: "chaos"
+
diff --git a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2 b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
index 65f7bed..af5b848 100644
--- a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
+++ b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
@@ -11,7 +11,7 @@ auto_login = true
name = id.hamburg.ccc.de
allow_sign_up = true
client_id = grafana
-client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
+client_secret = {{ secret__grafana_keycloak_secret }}
scopes = openid email profile offline_access roles
email_attribute_path = email
login_attribute_path = username
diff --git a/resources/chaosknoten/grafana/docker_compose/loki.yaml b/resources/chaosknoten/grafana/docker_compose/loki.yaml
new file mode 100644
index 0000000..daf214f
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/loki.yaml
@@ -0,0 +1,52 @@
+auth_enabled: true
+
+server:
+ http_listen_port: 3100
+ grpc_listen_port: 9099
+ log_level: warn
+
+limits_config:
+ retention_period: 14d
+
+common:
+ instance_addr: 127.0.0.1
+ path_prefix: /var/loki
+ storage:
+ filesystem:
+ chunks_directory: /var/loki/chunks
+ rules_directory: /var/loki/rules
+ replication_factor: 1
+ ring:
+ kvstore:
+ store: inmemory
+
+storage_config:
+ filesystem:
+ directory: /var/loki/chunks
+ index_queries_cache_config:
+ embedded_cache:
+ enabled: true
+ max_size_mb: 80
+ ttl: 30m
+
+schema_config:
+ configs:
+ - from: 2025-04-28
+ store: tsdb
+ object_store: filesystem
+ schema: v13
+ index:
+ prefix: index_
+ period: 24h
+
+chunk_store_config:
+ chunk_cache_config:
+ embedded_cache:
+ enabled: true
+ max_size_mb: 80
+ ttl: 30m
+ write_dedupe_cache_config:
+ embedded_cache:
+ enabled: true
+ max_size_mb: 80
+ ttl: 30m
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2
new file mode 100644
index 0000000..03cc955
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2
@@ -0,0 +1,39 @@
+http-address :8000
+log-level info
+log-format text
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode)
+# Options: single, multi
+# Default: multi
+alert-mode single
+
+labels {
+ order "severity"
+
+ severity "critical" {
+ priority 4
+ }
+
+ severity "warning" {
+ priority 3
+ }
+
+ severity "info" {
+ priority 1
+ }
+}
+
+resolved {
+ tags "resolved"
+}
+
+ntfy {
+ server https://ntfy.hamburg.ccc.de
+ topic ccchh-alertmanager-critical
+ access-token {{ secret__ntfy_token }}
+}
+
+alertmanager {
+ silence-duration 1m
+}
+
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2
new file mode 100644
index 0000000..e65b20c
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2
@@ -0,0 +1,39 @@
+http-address :8010
+log-level info
+log-format text
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode)
+# Options: single, multi
+# Default: multi
+alert-mode single
+
+labels {
+ order "severity"
+
+ severity "critical" {
+ priority 4
+ }
+
+ severity "warning" {
+ priority 3
+ }
+
+ severity "info" {
+ priority 1
+ }
+}
+
+resolved {
+ tags "resolved"
+}
+
+ntfy {
+ server https://ntfy.hamburg.ccc.de
+ topic ccchh-alertmanager
+ access-token {{ secret__ntfy_token }}
+}
+
+alertmanager {
+ silence-duration 1m
+}
+
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2
new file mode 100644
index 0000000..bede36a
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2
@@ -0,0 +1,39 @@
+http-address :8001
+log-level info
+log-format text
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode)
+# Options: single, multi
+# Default: multi
+alert-mode single
+
+labels {
+ order "severity"
+
+ severity "critical" {
+ priority 4
+ }
+
+ severity "warning" {
+ priority 3
+ }
+
+ severity "info" {
+ priority 1
+ }
+}
+
+resolved {
+ tags "resolved"
+}
+
+ntfy {
+ server https://ntfy.hamburg.ccc.de
+ topic fux-alertmanager-critical
+ access-token {{ secret__ntfy_token }}
+}
+
+alertmanager {
+ silence-duration 1m
+}
+
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2
new file mode 100644
index 0000000..df41e90
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2
@@ -0,0 +1,39 @@
+http-address :8011
+log-level info
+log-format text
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode)
+# Options: single, multi
+# Default: multi
+alert-mode single
+
+labels {
+ order "severity"
+
+ severity "critical" {
+ priority 4
+ }
+
+ severity "warning" {
+ priority 3
+ }
+
+ severity "info" {
+ priority 1
+ }
+}
+
+resolved {
+ tags "resolved"
+}
+
+ntfy {
+ server https://ntfy.hamburg.ccc.de
+ topic fux-alertmanager
+ access-token {{ secret__ntfy_token }}
+}
+
+alertmanager {
+ silence-duration 1m
+}
+
diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus.yml b/resources/chaosknoten/grafana/docker_compose/prometheus.yml
index 5f6232f..769cdc8 100644
--- a/resources/chaosknoten/grafana/docker_compose/prometheus.yml
+++ b/resources/chaosknoten/grafana/docker_compose/prometheus.yml
@@ -22,6 +22,8 @@ scrape_configs:
static_configs:
- targets:
- localhost:9090
+ labels:
+ org: ccchh
- job_name: alertmanager
honor_timestamps: true
metrics_path: /metrics
@@ -29,6 +31,8 @@ scrape_configs:
static_configs:
- targets:
- alertmanager:9093
+ labels:
+ org: ccchh
- job_name: mumble
honor_timestamps: true
scrape_interval: 5s
@@ -38,6 +42,8 @@ scrape_configs:
static_configs:
- targets:
- mumble.hamburg.ccc.de:443
+ labels:
+ org: ccchh
- job_name: opnsense-ccchh
honor_timestamps: true
metrics_path: /metrics
@@ -45,6 +51,8 @@ scrape_configs:
static_configs:
- targets:
- 185.161.129.132:9100
+ labels:
+ org: ccchh
- job_name: jitsi
honor_timestamps: true
scrape_interval: 5s
@@ -54,10 +62,14 @@ scrape_configs:
static_configs:
- targets:
- jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge
+ labels:
+ org: ccchh
- job_name: 'pve'
static_configs:
- targets:
- 212.12.48.126 # chaosknoten
+ labels:
+ org: ccchh
metrics_path: /pve
params:
module: [ default ]
@@ -74,6 +86,7 @@ scrape_configs:
static_configs:
# Wieske Chaosknoten VMs
- labels:
+ org: ccchh
site: wieske
type: virtual_machine
hypervisor: chaosknoten
@@ -83,7 +96,6 @@ scrape_configs:
- public-web-static-intern.hamburg.ccc.de:9100
- git-intern.hamburg.ccc.de:9100
- forgejo-actions-runner-intern.hamburg.ccc.de:9100
- - eh22-netbox-intern.hamburg.ccc.de:9100
- eh22-wiki-intern.hamburg.ccc.de:9100
- mjolnir-intern.hamburg.ccc.de:9100
- woodpecker-intern.hamburg.ccc.de:9100
@@ -99,6 +111,7 @@ scrape_configs:
- zammad-intern.hamburg.ccc.de:9100
- pretalx-intern.hamburg.ccc.de:9100
- labels:
+ org: ccchh
site: wieske
type: physical_machine
targets:
diff --git a/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
new file mode 100644
index 0000000..4c39fbc
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
@@ -0,0 +1,83 @@
+server {
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+
+ deny all;
+
+ listen [::]:50051 ssl;
+ listen 172.31.17.145:50051 ssl;
+ http2 on;
+
+ server_name loki.hamburg.ccc.de;
+
+ ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
+
+ auth_basic "loki";
+ auth_basic_user_file loki.htpasswd;
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Port 9099;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header X-Scope-OrgID $remote_user;
+ grpc_pass grpc://localhost:19099;
+ }
+}
+
+server {
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ deny all;
+
+ listen [::]:443 ssl;
+ listen 172.31.17.145:443 ssl;
+ http2 on;
+
+ server_name loki.hamburg.ccc.de;
+
+ ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
+ # verify chain of trust of OCSP response using Root CA and Intermediate certs
+ ssl_trusted_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/chain.pem;
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ auth_basic "loki";
+ auth_basic_user_file loki.htpasswd;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header X-Scope-OrgID $remote_user;
+ proxy_pass http://127.0.0.1:13100;
+ }
+}
diff --git a/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2 b/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2
new file mode 100644
index 0000000..ed270c2
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2
@@ -0,0 +1 @@
+chaos:{{ secret__loki_chaos_basic_auth }}
diff --git a/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
new file mode 100644
index 0000000..bcfc428
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
@@ -0,0 +1,61 @@
+server {
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ # fuxnoc
+ allow 2a07:c481:0:1::/64;
+ deny all;
+
+ listen [::]:443 ssl;
+ listen 172.31.17.145:443 ssl;
+ http2 on;
+
+ server_name metrics.hamburg.ccc.de;
+
+ client_body_buffer_size 32k;
+
+ ssl_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/metrics.hamburg.ccc.de/privkey.pem;
+ # verify chain of trust of OCSP response using Root CA and Intermediate certs
+ ssl_trusted_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/chain.pem;
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ auth_basic "metrics";
+ auth_basic_user_file metrics.htpasswd;
+
+ location /api/v1/write {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Port 3100;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_pass http://127.0.0.1:9090;
+ }
+
+ location /ready {
+ rewrite ^ /-/ready break;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_pass http://127.0.0.1:9090;
+ }
+}
diff --git a/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2 b/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2
new file mode 100644
index 0000000..f680572
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2
@@ -0,0 +1,2 @@
+chaos:{{ secret__metrics_chaos_basic_auth }}
+fux:{{ secret__metrics_fux_basic_auth }}
diff --git a/resources/chaosknoten/grafana/nginx/redirect.conf b/resources/chaosknoten/grafana/nginx/redirect.conf
new file mode 100644
index 0000000..28b265a
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/redirect.conf
@@ -0,0 +1,14 @@
+# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+
+ location /.well-known/acme-challenge/ {
+ proxy_pass http://127.0.0.1:31820/.well-known/acme-challenge/;
+ }
+}
diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
index 231f581..227db64 100644
--- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
@@ -22,7 +22,7 @@
services:
keycloak:
- image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.1
+ image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.2
pull_policy: always
restart: unless-stopped
command: start --optimized
@@ -32,11 +32,11 @@ services:
- keycloak
environment:
KEYCLOAK_ADMIN: admin
- KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
+ KEYCLOAK_ADMIN_PASSWORD: {{ secret__keycloak_admin_password }}
KC_DB: postgres
KC_DB_URL_HOST: db
KC_DB_USERNAME: keycloak
- KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
+ KC_DB_PASSWORD: {{ secret__keycloak_db_password }}
KC_HOSTNAME: https://id.hamburg.ccc.de
KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
@@ -46,7 +46,7 @@ services:
- "8080:8080"
db:
- image: postgres:15.12
+ image: postgres:15.13
restart: unless-stopped
networks:
- keycloak
@@ -54,7 +54,7 @@ services:
- "./database:/var/lib/postgresql/data"
environment:
POSTGRES_USER: keycloak
- POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
+ POSTGRES_PASSWORD: {{ secret__keycloak_db_password }}
POSTGRES_DB: keycloak
id-invite-web:
@@ -76,10 +76,10 @@ services:
- "IDINVITE_URL=https://invite.hamburg.ccc.de"
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
- "IDINVITE_VALID_HOURS=50"
- - "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}"
+ - "IDINVITE_SECRET={{ secret__idinvite_token_secret }}"
- "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
- "IDINVITE_CLIENT_ID=id-invite"
- - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
+ - "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
- "MAIL_FROM=no-reply@hamburg.ccc.de"
- "BOTTLE_HOST=0.0.0.0"
@@ -96,7 +96,7 @@ services:
- "MAIL_FROM=no-reply@id.hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
- - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}"
+ - "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}"
id-invite-keycloak:
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
@@ -107,10 +107,10 @@ services:
environment:
- "BOTTLE_HOST=0.0.0.0"
- "IDINVITE_CLIENT_ID=id-invite"
- - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
+ - "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
- "KEYCLOAK_API_URL=http://keycloak:8080"
- "KEYCLOAK_API_USERNAME=id-invite"
- - "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}"
+ - "KEYCLOAK_API_PASSWORD={{ secret__idinvite_admin_password }}"
- "KEYCLOAK_API_REALM=ccchh"
- 'KEYCLOAK_GROUPS=["user"]'
diff --git a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
index 372715d..2b0d919 100644
--- a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
@@ -43,6 +43,7 @@ server {
allow 185.161.129.132/32; # z9
allow 2a07:c480:0:100::/56; # z9
+ allow 2a07:c481:1::/48; # z9 new ipv6
allow 213.240.180.39/32; # stbe home
allow 2a01:170:118b::1/64; # stbe home
deny all;
diff --git a/resources/chaosknoten/netbox/netbox/configuration.py.j2 b/resources/chaosknoten/netbox/netbox/configuration.py.j2
index 789a539..7648e7e 100644
--- a/resources/chaosknoten/netbox/netbox/configuration.py.j2
+++ b/resources/chaosknoten/netbox/netbox/configuration.py.j2
@@ -3,7 +3,7 @@ DATABASE = {
"HOST": "localhost",
"NAME": "netbox",
"USER": "netbox",
- "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}",
+ "PASSWORD": "{{ netbox__db_password }}",
}
REDIS = {
"tasks": {
@@ -23,7 +23,7 @@ REDIS = {
"SSL": False,
},
}
-SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SECRET_KEY', create=false, missing='error') }}"
+SECRET_KEY = "{{ secret__netbox_secret_key }}"
SESSION_COOKIE_SECURE = True
# CCCHH ID (Keycloak) integration.
@@ -38,7 +38,7 @@ SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = (
)
SOCIAL_AUTH_KEYCLOAK_KEY = "netbox"
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB"
-SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}"
+SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ secret__netbox_social_auth_keycloak_secret }}"
# Use custom OIDC group and role mapping pipeline functions added in via
# netbox__custom_pipeline_oidc_group_and_role_mapping.
# The default pipeline this is based on can be found here:
diff --git a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2
new file mode 100644
index 0000000..818e17d
--- /dev/null
+++ b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2
@@ -0,0 +1,23 @@
+---
+services:
+ ntfy:
+ image: binwiederhier/ntfy
+ container_name: ntfy
+ command:
+ - serve
+ volumes:
+ - ntfy_cache:/var/cache/ntfy
+ - ntfy_var:/var/lib/ntfy
+ - ./configs/server.yml:/etc/ntfy/server.yml
+ ports:
+ - 2586:2586
+ healthcheck: # optional: remember to adapt the host:port to your environment
+ test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:2586/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
+ interval: 60s
+ timeout: 10s
+ retries: 3
+ start_period: 40s
+ restart: unless-stopped
+volumes:
+ ntfy_cache: {}
+ ntfy_var: {}
diff --git a/resources/chaosknoten/ntfy/docker_compose/server.yaml b/resources/chaosknoten/ntfy/docker_compose/server.yaml
new file mode 100644
index 0000000..a58e931
--- /dev/null
+++ b/resources/chaosknoten/ntfy/docker_compose/server.yaml
@@ -0,0 +1,9 @@
+base-url: "https://ntfy.hamburg.ccc.de"
+default-host: "https://ntfy.hamburg.ccc.de"
+listen-http: ":2586"
+behind-proxy: true
+keepalive-interval: "45s"
+cache-file: "/var/cache/ntfy/cache.db"
+attachment-cache-dir: "/var/cache/ntfy/attachments"
+auth-default-access: "deny-all"
+auth-file: "/var/lib/ntfy/user.db"
diff --git a/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf b/resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf
similarity index 60%
rename from resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf
rename to resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf
index 6c9d458..f3b6010 100644
--- a/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf
+++ b/resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf
@@ -2,7 +2,8 @@
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
# Listen on a custom port for the proxy protocol.
- listen 8443 ssl http2 proxy_protocol;
+ listen 8443 ssl proxy_protocol;
+ http2 on;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
@@ -12,12 +13,12 @@ server {
# header.
real_ip_header proxy_protocol;
- server_name netbox.eh22.easterhegg.eu;
+ server_name ntfy.hamburg.ccc.de;
- ssl_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/ntfy.hamburg.ccc.de/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
- ssl_trusted_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/chain.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
@@ -29,20 +30,18 @@ server {
proxy_set_header X-Forwarded-Port 443;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
- # Hide the X-Forwarded header.
- proxy_hide_header X-Forwarded;
- # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
- # is transparent).
- # Also provide "_hidden" for by, since it's not relevant.
- proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
- client_max_body_size 25m;
-
- location /static/ {
- alias /opt/netbox/netbox/static/;
- }
+ proxy_set_header Upgrade $http_upgrade;
location / {
- proxy_pass http://127.0.0.1:8001;
+ proxy_pass http://127.0.0.1:2586;
+
+ proxy_http_version 1.1;
+
+ proxy_connect_timeout 3m;
+ proxy_send_timeout 3m;
+ proxy_read_timeout 3m;
+
+ client_max_body_size 0; # Stream request body to backend
}
}
diff --git a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
index 91c26a3..85ce7d2 100644
--- a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
@@ -14,4 +14,4 @@ services:
ports:
- "8080:80"
environment:
- JWT_SECRET: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/onlyoffice/JWT_SECRET", create=false, missing="error") }}
+ JWT_SECRET: {{ secret__onlyoffice_jwt_secret }}
diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
index 537cda0..ca29f1b 100644
--- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
@@ -6,7 +6,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=hedgedoc"
- - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
+ - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
- "POSTGRES_DB=hedgedoc"
volumes:
- database:/var/lib/postgresql/data
@@ -16,7 +16,7 @@ services:
#image: quay.io/hedgedoc/hedgedoc:1.9.9
image: quay.io/hedgedoc/hedgedoc:latest
environment:
- - "CMD_DB_URL=postgres://hedgedoc:{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}@database:5432/hedgedoc"
+ - "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc"
- "CMD_DOMAIN=pad.hamburg.ccc.de"
- "CMD_PROTOCOL_USESSL=true"
- "CMD_HSTS_ENABLE=false"
@@ -35,7 +35,7 @@ services:
- "CMD_OAUTH2_TOKEN_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
- "CMD_OAUTH2_AUTHORIZATION_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
- "CMD_OAUTH2_CLIENT_ID=pad"
- - "CMD_OAUTH2_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/KC_SECRET", create=false, missing="error") }}"
+ - "CMD_OAUTH2_CLIENT_SECRET={{ secret__hedgedoc_kc_secret }}"
- "CMD_OAUTH2_PROVIDERNAME=Keycloak"
- "CMD_OAUTH2_SCOPE=openid email profile"
volumes:
@@ -53,11 +53,11 @@ services:
environment:
- "POSTGRES_HOSTNAME=database"
- "POSTGRES_USERNAME=hedgedoc"
- - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
+ - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
- "SMTP_FROM=pad@hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=pad@hamburg.ccc.de"
- - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/smtp_password", create=false, missing="error") }}"
+ - "SMTP_PASSWORD={{ secret__pad_smtp_password }}"
- "URL=https://pad.hamburg.ccc.de"
depends_on:
- database
diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
index b210098..1eca33b 100644
--- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
@@ -6,7 +6,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=pretalx"
- - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
+ - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"
- "POSTGRES_DB=pretalx"
volumes:
- database:/var/lib/postgresql/data
@@ -53,13 +53,14 @@ services:
restart: unless-stopped
environment:
PRETALX_DATA_DIR: /data
+ PRETALX_FILE_UPLOAD_LIMIT: 1000 # MB
PRETALX_FILESYSTEM_MEDIA: /public/media
PRETALX_FILESYSTEM_STATIC: /public/static
PRETALX_SITE_URL: https://pretalx.hamburg.ccc.de
PRETALX_DB_TYPE: postgresql
PRETALX_DB_NAME: pretalx
PRETALX_DB_USER: pretalx
- PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
+ PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}"
PRETALX_DB_HOST: database
PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
PRETALX_MAIL_HOST: "cow-intern.hamburg.ccc.de"
@@ -89,13 +90,13 @@ services:
PRETALX_DB_TYPE: postgresql
PRETALX_DB_NAME: pretalx
PRETALX_DB_USER: pretalx
- PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
+ PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}"
PRETALX_DB_HOST: database
PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
PRETALX_MAIL_HOST: "cow.hamburg.ccc.de"
PRETALX_MAIL_PORT: 587
PRETALX_MAIL_USER: pretalx@hamburg.ccc.de
- PRETALX_MAIL_PASSWORD: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/PRETALX_MAIL_PASSWORD", create=false, missing="error") }}"
+ PRETALX_MAIL_PASSWORD: "{{ secret__pretalx_mail_password }}"
PRETALX_MAIL_TLS: "true"
PRETALX_CELERY_BACKEND: redis://redis/1
PRETALX_CELERY_BROKER: redis://redis/2
diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
index 4e0e8e3..1b998fc 100644
--- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
+++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
@@ -70,8 +70,7 @@ map $host $upstream_acme_challenge_host {
design.hamburg.ccc.de 172.31.17.162:31820;
hydra.hamburg.ccc.de 172.31.17.163:31820;
cfp.eh22.easterhegg.eu 172.31.17.157:31820;
- hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820;
- netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:31820;
+ ntfy.hamburg.ccc.de 172.31.17.149:31820;
default "";
}
diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
index 4a7f84c..37f62a1 100644
--- a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
+++ b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
@@ -88,8 +88,7 @@ stream {
design.hamburg.ccc.de 172.31.17.162:8443;
hydra.hamburg.ccc.de 172.31.17.163:8443;
cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443;
- hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443;
- netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:8443;
+ ntfy.hamburg.ccc.de 172.31.17.149:8443;
}
server {
diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
index 1f9d99d..d00a454 100644
--- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
@@ -4,7 +4,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=pretix"
- - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}"
+ - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"
- "POSTGRES_DB=pretix"
volumes:
- database:/var/lib/postgresql/data
diff --git a/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2 b/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
index 3f4af83..f1c119f 100644
--- a/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
+++ b/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
@@ -10,7 +10,7 @@ trust_x_forwarded_proto=on
backend=postgresql
name=pretix
user=pretix
-password={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}
+password={{ secret__pretix_db_password }}
host=database
[mail]
diff --git a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
index 8d345de..b2e8f4d 100644
--- a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
@@ -11,7 +11,7 @@ see https://github.com/zammad/zammad-docker-compose/blob/master/.env
{%- set POSTGRES_DB = "zammad_production" | quote -%}
{%- set POSTGRES_HOST = "zammad-postgresql" | quote -%}
{%- set POSTGRES_USER = "zammad" | quote -%}
-{%- set POSTGRES_PASS = lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/zammad/DB_PASSWORD", create=false, missing="error") | quote -%}
+{%- set POSTGRES_PASS = secret__zammad_db_password | quote -%}
{%- set POSTGRES_PORT = "5432" | quote -%}
{%- set POSTGRES_VERSION = "15-alpine" | quote -%}
{%- set REDIS_URL = "redis://zammad-redis:6379" | quote -%}
diff --git a/resources/z9/dooris/docker_compose/compose.yaml.j2 b/resources/z9/dooris/docker_compose/compose.yaml.j2
new file mode 100644
index 0000000..38db85a
--- /dev/null
+++ b/resources/z9/dooris/docker_compose/compose.yaml.j2
@@ -0,0 +1,22 @@
+---
+
+services:
+ dooris:
+ image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest
+ environment:
+ HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56 172.31.200.0/23 172.31.202.0/27"
+ HMDOORIS_CCUJACK_CERTIFICATE_PATH: false
+ HMDOORIS_CCUJACK_PASSWORD: "{{ secret__dooris_ccujack_password }}"
+ HMDOORIS_CCUJACK_URL: https://hmdooris-ccu.ccchh.net:2122
+ HMDOORIS_CCUJACK_USERNAME: dooris
+ HMDOORIS_CLIENT_ID: dooris
+ HMDOORIS_CLIENT_SECRET: "{{ secret__dooris_client_secret }}"
+ HMDOORIS_DISCOVERY_URL: https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration
+ HMDOORIS_LISTEN: '0.0.0.0:3000'
+ HMDOORIS_REQUIRES_GROUP: /intern
+ HMDOORIS_URL: https://dooris.ccchh.net
+ PYTHONWARNINGS: "ignore:Unverified HTTPS request"
+ #DEBUG: true
+ ports:
+ - "127.0.0.1:3000:3000"
+ restart: unless-stopped
diff --git a/resources/z9/dooris/nginx/dooris.ccchh.net.conf b/resources/z9/dooris/nginx/dooris.ccchh.net.conf
new file mode 100644
index 0000000..c1ca082
--- /dev/null
+++ b/resources/z9/dooris/nginx/dooris.ccchh.net.conf
@@ -0,0 +1,37 @@
+# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
+server {
+ listen [::]:443 ssl http2;
+ listen 443 ssl http2;
+
+ server_name dooris.ccchh.net;
+
+ ssl_certificate /etc/letsencrypt/live/dooris.ccchh.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/dooris.ccchh.net/privkey.pem;
+ # verify chain of trust of OCSP response using Root CA and Intermediate certs
+ ssl_trusted_certificate /etc/letsencrypt/live/dooris.ccchh.net/chain.pem;
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Port 443;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+ # Hide the X-Forwarded header.
+ proxy_hide_header X-Forwarded;
+ # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
+ # is transparent).
+ # Also provide "_hidden" for by, since it's not relevant.
+ proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ location / {
+ proxy_pass http://127.0.0.1:3000/;
+ }
+}
diff --git a/roles/deploy_ssh_server_config/handlers/main.yaml b/roles/deploy_ssh_server_config/handlers/main.yaml
index 001bbe4..721a348 100644
--- a/roles/deploy_ssh_server_config/handlers/main.yaml
+++ b/roles/deploy_ssh_server_config/handlers/main.yaml
@@ -1,3 +1,5 @@
-- name: reboot the system
+- name: restart the ssh service
+ ansible.builtin.systemd:
+ name: ssh.service
+ state: restarted
become: true
- ansible.builtin.reboot:
diff --git a/roles/deploy_ssh_server_config/tasks/main.yaml b/roles/deploy_ssh_server_config/tasks/main.yaml
index f5d00f5..4350790 100644
--- a/roles/deploy_ssh_server_config/tasks/main.yaml
+++ b/roles/deploy_ssh_server_config/tasks/main.yaml
@@ -12,8 +12,7 @@
group: root
src: sshd_config.j2
notify:
- # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
- - reboot the system
+ - restart the ssh service
- name: deactivate short moduli
ansible.builtin.shell:
@@ -32,5 +31,4 @@
changed_when:
- '"ansible-changed" in result.stdout'
notify:
- # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
- - reboot the system
+ - restart the ssh service
diff --git a/roles/nginx/defaults/main.yaml b/roles/nginx/defaults/main.yaml
index e4d4fb0..2e56dac 100644
--- a/roles/nginx/defaults/main.yaml
+++ b/roles/nginx/defaults/main.yaml
@@ -4,3 +4,5 @@ nginx__deploy_logging_conf: true
nginx__configurations: [ ]
nginx__use_custom_nginx_conf: false
nginx__custom_nginx_conf: ""
+nginx__deploy_htpasswds: false
+nginx__htpasswds: [ ]
diff --git a/roles/nginx/meta/argument_specs.yaml b/roles/nginx/meta/argument_specs.yaml
index 866cb81..f2cb1d7 100644
--- a/roles/nginx/meta/argument_specs.yaml
+++ b/roles/nginx/meta/argument_specs.yaml
@@ -34,3 +34,19 @@ argument_specs:
type: str
required: false
default: ""
+ nginx__deploy_htpasswds:
+ type: bool
+ required: false
+ default: false
+ nginx__htpasswds:
+ type: list
+ elements: dict
+ required: false
+ default: [ ]
+ options:
+ name:
+ type: str
+ required: true
+ content:
+ type: str
+ required: true
diff --git a/roles/nginx/tasks/main/04_config_deploy.yaml b/roles/nginx/tasks/main/04_config_deploy.yaml
index 38dbfc1..7dba579 100644
--- a/roles/nginx/tasks/main/04_config_deploy.yaml
+++ b/roles/nginx/tasks/main/04_config_deploy.yaml
@@ -131,6 +131,20 @@
label: "{{ item.name }}"
notify: Restart nginx
+- name: Ensure all given htpasswd files are deployed
+ when: nginx__deploy_htpasswds
+ ansible.builtin.copy:
+ content: "{{ item.content }}"
+ dest: "/etc/nginx/{{ item.name }}.htpasswd"
+ mode: "0644"
+ owner: root
+ group: root
+ become: true
+ loop: "{{ nginx__htpasswds }}"
+ loop_control:
+ label: "{{ item.name }}"
+ notify: Restart nginx
+
- name: Add names with suffixes from `nginx__configurations` to `nginx__config_files_to_exist` fact
ansible.builtin.set_fact:
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ item.name + '.conf' ] }}" # noqa: jinja[spacing]