diff --git a/.gitignore b/.gitignore
index e69de29..424bd26 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+.ansible/
diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..d19954a
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,226 @@
+keys:
+ - &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70
+ - &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - &admin_gpg_june 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - &admin_gpg_max 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - &admin_gpg_lilly D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - &admin_gpg_langoor 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+creation_rules:
+ - path_regex: inventories/chaosknoten/host_vars/cloud.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/keycloak.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/grafana.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/pad.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/ccchoir.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/pretalx.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/netbox.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/tickets.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/onlyoffice.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/zammad.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/ntfy.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/z9/host_vars/dooris.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/z9/host_vars/yate.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+stores:
+ yaml:
+ indent: 2
diff --git a/README.md b/README.md
index 6906a7f..5a3d90c 100644
--- a/README.md
+++ b/README.md
@@ -17,10 +17,15 @@ ansible-galaxy install -r requirements.yml
## Secrets
-Grundsätzlich sollten Secrets vermieden werden. (Also z.B.: Nutze SSH Keys statt Passwort.)
+Generally try to avoid secrets (e.g. use SSH keys instead of passwords).
-Da Secrets aber durchaus doch gebraucht werden, werden diese dann in diesem Repo direkt aus dem [password-store](https://git.hamburg.ccc.de/CCCHH/password-store) (meist aus einem Sub-Eintrag des `noc/` Ordners) geladen.
-Dies geschieht mit Hilfe des `community.general.passwordstore` lookup Plugins.
+Because secrets are nonetheless needed sometimes, we use [SOPS](https://github.com/getsops/sops) to securely store secrets in this repository.
+SOPS encrypts secrets according to "creation rules" which are defined in the `.sops.yaml`.
+Generally all secrets get encrypted for all GPG-keys of all members of the infrastructure team.
+Ansible then has access to the secrets with the help of the [`community.sops.sops` vars plugin](https://docs.ansible.com/ansible/latest/collections/community/sops/docsite/guide.html#working-with-encrypted-variables), which is configured in this repository.
+A local Ansible run then uses the locally available GPG-key to decrypt the secrets.
+
+For a tutorial on how to set up secrets using SOPS for a new host, see [Setting Up Secrets Using SOPS for a New Host](./docs/setting_up_secrets_using_sops_for_a_new_host.md).
## Playbook nur für einzelne Hosts ausführen
diff --git a/ansible.cfg b/ansible.cfg
index ca06548..654da28 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,6 +1,4 @@
[defaults]
inventory = ./inventories/z9/hosts.yaml
pipelining = True
-
-[passwordstore_lookup]
-backend = pass
+vars_plugins_enabled = host_group_vars,community.sops.sops
diff --git a/collections/requirements.yaml b/collections/requirements.yaml
index a24c121..cec061f 100644
--- a/collections/requirements.yaml
+++ b/collections/requirements.yaml
@@ -1,3 +1,4 @@
---
collections:
- community.general
+ - grafana.grafana.alloy
diff --git a/docs/setting_up_secrets_using_sops_for_a_new_host.md b/docs/setting_up_secrets_using_sops_for_a_new_host.md
new file mode 100644
index 0000000..c88315f
--- /dev/null
+++ b/docs/setting_up_secrets_using_sops_for_a_new_host.md
@@ -0,0 +1,20 @@
+# Setting Up Secrets Using SOPS for a New Host
+
+Because we're using the `community.sops.sops` vars plugin, the SOPS-encrypted secrets get stored in the inventory.
+
+1. Add a new creation rule for the hosts `host_vars` file in the sops config at `.sops.yaml`.
+ It should probably hold all admin keys.
+ You can use existing creation rules as a reference.
+2. Create a SOPS secrets file in the `host_vars` subdirectory of the relevant inventory.
+ The name of the file should be in the format `[HOSTNAME].sops.yaml` to get picked up by the vars plugin and to match the previously created creation rule.
+ This can be accomplished with a command similar to this:
+ ```
+ sops inventories/[chaosknoten|z9]/host_vars/[HOSTNAME].secrets.yaml
+ ```
+3. With the editor now open, add the secrets you want to store.
+ Because we're using the `community.sops.sops` vars plugin, the stored secrets will be exposed as Ansible variables.
+ Also note that SOPS only encrypts the values, not the keys.
+ When now creating entries, try to adhere to the following variable naming convention:
+ - Prefix variable names with `secret__`, if they are intended to be used in a template file or similar. (e.g. `secret__netbox_secret_key: secret_value`)
+ - Otherwise, if the variable is directly consumed by a role or similar, directly set the variable. (e.g. `netbox__db_password: secret_value`)
+4. Now that the secrets are stored, they are exposed as variables and can simply be used like any other variable.
diff --git a/inventories/chaosknoten/host_vars/ccchoir.sops.yaml b/inventories/chaosknoten/host_vars/ccchoir.sops.yaml
new file mode 100644
index 0000000..be571a4
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/ccchoir.sops.yaml
@@ -0,0 +1,221 @@
+secret__mariadb_root_password: ENC[AES256_GCM,data:bevk9PiMUAP0YBYqpVw9PLEz9ITKVRQ44Q==,iv:Qjr3pOWzcDWUpJAakrn31OCcvcaciJLgS1Zp+YZPWPA=,tag:DB1l6lsy+aHa+U+QLAM3tg==,type:str]
+secret__wordpress_db_password: ENC[AES256_GCM,data:QsvJ6NH4ySsfSsP3pWEx04vxjIph1Wk/jA==,iv:AnocV/jXawXPxQ0dLSw05b38ULQuU/RN2G21/1GpTmo=,tag:QlSCnuaQxCmJ3XO5jjX0zA==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:15:03Z"
+ mac: ENC[AES256_GCM,data:Za+XnpDu+WTMEUgZ3jnG9/4FOd/emfdiaLSGX+hfkuBSurlqFzVHpXqs4kyl96goOASevkiqCSXwk+DGGNTvSRDCoAH2jMfwUHh5mGHFwXKZFjraVnLidxyOkEg+YJ+tzJ9EHJ7MpQLYlHgGi8Xrc27n3+gpjni6+VhVYiLj4eQ=,iv:fQuTnJbsyNyphHZF6T9UF62jtA2wDrOxlPzW6XwsdNk=,tag:T8P100qKnYhNqr7oJaY6yQ==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//W+DGA83YWISVMvmWTFLul74Enc5+o9It2JqVRBB0sRyv
+ VJAF65zi5AQ6k3SIyZYNf1Dy8eR3C6PBskw7juPrMuLKXA4NVWu9mLl34gB53zoL
+ 9WnCoGLiF+1DhnkH2/YD8FoUytJn+7BhD6uthhWbYqeeOo6GDO0bKGuE0PIR4KSw
+ pHyP7+9B06IlNdWvU/2AqnaTyakFa0yHuNKVmtJ4qd7FfcXiJejuhedNaXLaPRg8
+ Z+dY6nt4F6rG4y9shUcTCR1rGDxgqB7aaZjm0vy5mCsefSisw/ptnASKqaz6ZXyJ
+ QQtI42wmzgw5zC6vXt+zixtEdyB/MmBaWbJkLsRIpu1frswI4inHy5GW/wJTyG7Z
+ C82Xih2R0kMbNV45lMrvDz+hBt1R7YBe2J30TavXBOEvXO5VfhOtFZDhYA0wdw0+
+ ykUWVvT6Wpai17m9CbVgjwK+RIDLAuRDQhX4+SDKPLoLycpswAUteYDovk3x5zjc
+ GdbyDo3iKfqpzO+sa8LpHQeL93A3TdYsq111Dbq/itM3EluTcMKE84A2J5zBOJ9p
+ nduMtPeS1Yqz/G66TF5BivI09duP2ayf49DsF/zrF0m9bWsvWPfWM2Rvrf5c7D6K
+ zldVilFNM8YAJOmbXJjW1kXzqgs7SjrQblp3fhxYgHx5w89K/VcyoC1sBo3XvwXS
+ XgFpgPJrG7xHbVwB8bJrG8cPsI74/FxZBtj/P64/Pjj8rT0hXYnzI56W371ihHJ/
+ Mnp8hTjGZrbzun/daNr7ejkxdD+1qBRqqT/WNzv/XcTDdUlYdok5qVkeBtE/S9M=
+ =aVMO
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAhhWtMl0Qhvctd2RjezkWE7albF7svgAJUoA4QFgPtjqy
+ IYhM/GDo1pL9gSydk1axJQPGsn2Z88QgYBuhkZBgLA9SiREgUwPKCsKvZ70bxzRS
+ hSLS7rykOmPFIobY3JjKnYCNFx1/6U/R6XdgzuHhr8Um8Cf5WWyYHmB5EuMm8Djv
+ AZJqChoE7KAFycuGWJGZxN039/rMzxdjPnaFlOmTpOPiyofICWLjA/6Y15EcxuJJ
+ ESsUEs1JXIdTGVZWC8UqGf75b0fQ2jxki1duil2nhr7N2mNYyrns/VGbfCq0113M
+ 5X1e2iNq8lyjBfErdq90cG/QqGXe4sxtUwnRDIKaWbr0RhY9mBBjBLvOjDQ3d8Yo
+ PqyznHESPESwatIfFSt5qYQQN5MVwmbQ82OSDdkX0b59ouSq1cigWvCoPQ7x5sIa
+ UJc6ehFljDoYGx9mXzLv803Li9kToHH3lWXCmaDII+huvWFqrR07pD2gC0cEKSZt
+ ttBjJuWyfqHdWPaqEyJ6EZF6Bpf3Zsm+UDDb1S7aA4cjSIPOlqt0RoiMv1QSlnJP
+ JMg0QkEEWx9HHzcIPQbtCDyk3NxO1hPGlVLUSLYruTjB826LhxDDCfbfmBAdNsXo
+ +Qod3e1StlGGubpWbtP6PIcYKBs/XDvtPsxjiazkUalc8SbBUPipHuwohCuiAFXS
+ XgEZrSWbUdOCTQK2UoU57uTDjQKNytVbuxlTGNZ3Tn02Rkdutj4Qh/cK5vJlJ1pc
+ ckfsnDLIpRM03i82WMilXeWg/dhVzJgbn+WvUElC5kmWAHGgZhk96LO1ImQyS80=
+ =FJKu
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ/+JHFiiwiZeW2wfe+6d7jDKtVyAoJiHB3FN2X8q6S1fsgj
+ 17EzxQjyVTojsPSTe5Zap0sqc/h4O38jhpUpW5aS/c38KLscv366y3Au+hWHGodm
+ 6OMlQBFKAB0x6uC7RqDnDKrT3p5mk/gKGIMZ2s6R2vayo/rZeHF52kQovkSDe/wE
+ 6BtscMXYioarFwGb2dq9x2w6sdfQO8MPaDV+jhBOrLZWGXAB0g9H+f3Eh2fonfg5
+ 3sHQRSoeYvVMSOFlLectJwP4iLQmgfEqBO35d/+ixD7M1gVt6PqOa4zt8NQPmEHB
+ 5OfSrmeeakoXPyfClcfqpXuJP8jwzEtTmqEOySVwOKa4RboheyNG8ZTAU5gUcCgk
+ 0iC4foeLdYXzghtHLsB0dt1XBBtpPMTwRUjmK9zj7J9aE4mPV+2ya70czvjgPQv7
+ cGM3oGS4g9jpn/HHBmGrQltAyLITbwnr+Oa2fjjSNxLN5aYoDDHO1nS/AaogFSQz
+ 0dV44+qaBLpqPZebTKVe9xi2ifttgUzBMBwVwnj+byctdKTzwHDoO1csLnJvcRvu
+ ESbJURybe2vWuLIfydE9fjpv54mpDNbbQPFFsklX5qmlC8u4GELCO2/ckrR43a/R
+ b4yxxxZbMCjS+Pgmr5/SVDrgp+8JP4wv6lA74hNuLf+UY4Q7m59sROQyMTNdWuPS
+ XgHt1PC5OPzV0DZgJOsFgRUhW+W4On76XR8M9/fxmuV4ixGlcpci0xxrn45cc2br
+ DbRloABWVghOplhH1cw4MnlJ6CJOjvNhaHPSsAkyVezBtSjq8PhOeiUA/mzN2Ok=
+ =ZLtE
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/9FqwSd/IuaNnWlVL0MgM1edU/tXNo6IrvCpeNLCJOaS+7
+ RvQIOsKUX7eaTCG6wUxvXPuzCgQ8bu8kpJ5fl2ntiOerj8GiAqfPWMc7zoNP2w3y
+ yWJ8yslGjqSw9rNjdsk5b88k16ohLdElS9A/fFrKwtB94gpLHbLXa98Nt+IB0O5L
+ Hmad8fbhCdICxEz0KQVIgC1WHBUyJ9BGoKJpwfjlx7aKBHXGkDweutZCuF9ZGYks
+ PmS/6EVY/ubXB3Qd5KpFPg9k7RQh8QraZZnASJIRJTZJxoiiB9gf86pXP26RUnhS
+ 2vthDrVtABarp/cfS8lEA05SX9nNnKJ/qMU7l+kBaV9oiU4dfSNWG3SwSEyb9CzD
+ 2QGUnOS8Os5HMd/RIH9ZFFdoLYYntAtiKiJCx8yrC0c88OnU2A4BsGZ/oeLmwWJI
+ KqPdH/6/NHSGvUUHENFEI+cNiEPdDUvH/Ak3/wE6BMe7z5/TXPyYz6QpiBr+npQm
+ rfufJBn/hxjAIC5Hd04JViGjp8cV966iGg9AhckYN8pwCHkd4kdqrFCdm3NmKgZ8
+ /fmPYyozeLyzp7ZjerExL+BMc+hNAlMhis4v7NH3WWA8t0yvZ1VTGfBObsYHyV/e
+ 9QyYbWI4tqOMfhLOyv4KPDdL2X99gsL/OsT8u5cTVK1/20asm9XxuWDzVum+a1bS
+ XgEIa9iie/rP1dAILcMQQesATCBdxWTjyCADTIYhliK7WX/aQUuKil8RyLLJnznh
+ kfFiCI+FNRlAGGYLztzSsDgpkbe11g/zczDaS3m0+7Jxw1JWZtp/gQW96qO9XnA=
+ =yGeq
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAhYuNoHxnDoR3vYcXNS2t0aWAKFatN7yeBNugZ7rfqiYw
+ i/XO28FpFbyjlt53vshZwUrdz9qsG6mVdQ57D3aXXtEMP1yxH3FwmKmsQHQGM7VQ
+ 0l4BT4uruLjE3clae+RU0cHcukKSuR4hEOqdUPcQDOWSV8tnboxtjsV34tkRbIZc
+ VJvLT8fM0tUWtzt0n7Paz9OHelKUtQ7eKlz2sWO+I49qCsZaE7dJ8WNRWonFu1ip
+ =w/sh
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+NGGeGx82rYFDpMgxOWJpenco6LVzC6gjeHwThOynt6se
+ 8AKQ38a4YhjUrAUudMr4kCVYRGqSEmWdHJPRG6pxET3sUNqNMLyvlBifxD/4VAi6
+ o8oNEaiVHMLBEK+zuIJ8l57RdFc/CKmBCGX6PC017ndshU9lAsVbZQt9xk4PkR+C
+ hBIKmRpZWe8CJBnTzZvG/PCHUU+fXDzUy89f0SOgUdtoNBUSHQcg0FrPvzh0BqNk
+ zkenQ4EgvkZ8eF0qXlGTmwZNfwD6KBB4qaHBNAZYUGU1CvtJ7FtrlmtpLmowF4l/
+ cE0K6HwbG4CADh9iBblSqMzpE8Iuk9kEn3IH/9E5Uggb1qtjmqtkQpCjl8M5LTHl
+ eoz2bvY0bAcQ6GZx3Nak5nosGYL2JHRQdewZd9lcnXoNzOCpV2ZwHiSjG7WVBKtV
+ iHcsPLOH7NNkLAtF56WyV9Z8n/mI4rISYRs142uezAz41cJEO73xzjUiAu1tjVZd
+ iNvplAqT01PPGLOI6ZqwT0cZQZkjl9qX1cMv1bSjBC01Y8t8iBwTxOFzv0gGLqw4
+ NjQjpPjWKSSAejYIdy5jY3XhQVkl3miPcC93MtOLR9GE6gwoAQCrJ0WqEh2pjt85
+ nFl8OYfA7UeFfO/C2XIeW7d/wU5Ec24gm4APqzw6rsAMLf91O71uJnrJ3uWkrmjS
+ XgGL7lFqTqFDpCASmTzNBspf9a3e/1kk+87DOzQG9YO4TsetYMWqJhsAzKRgg3U0
+ nVR3y2D48Y5ypVvbsQbFdz8ZI8H/1aQK62+YBjRGB2EOqHkK3+Uig8T0IyaVAow=
+ =4H45
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//W8i1bv4vXKxoegHrLH/HxHyDm7SJ2QNzcnTyNBMo3Z+u
+ sTce3jIwFvi6I4HCnHtGMf7bp7U4ORYN8yxeuLbvjTGD2v1Dmda2A1NPdRnjoy6Y
+ tLsjsz/FbT/3zea/OkdwZgeNTN4p+AQD9nd5oyAhN6XXcFmZwJ1IQegQtDADFDwY
+ zOSN9nH6cR1MWjy1ptZFYugAA3U/1WtFNq57G34+jMtszT2FUDHhDZz91PrkezlH
+ ZL4cPLejiaOS8Vm97D7kDsxo2yDTCtoypcaS330ANq1l03yrjjPjSoW9j+Hvhpzk
+ 6I86vU+AVNBLtvPSYybo58En1HvI+7TlAz6Gq+UMup2wWE1kkEDAVwmzd6kyyq/z
+ Kr8Pd/iCHs0hoc1kx7xCXQ76qJFoSAHE+eqkmGJLxUolZ1XmsbZeYBcKSwslbMKB
+ 8JHEnFjQtGbaXVf0RGjh7z4fzhYvehcN2NHBVt2/VG16xrjeUv/3xifvbnWrAa9L
+ xTIn126kWvX6mQjyEVRkZO5Ud/jVMcsW7sko2I74zhEtz27BBE/3Ms5WK7ZTVKiI
+ cWMnVn+NOB7sY9xn02fqe0oLXdBW0cnMjCLyWpdclq3odNJw5eKbaCUYm+Z7WG8p
+ DQOcPQ6ejXk7EW22VNFhedmUYJWMpDZImkbUOAo8XAN5KAVLy9D+Zu63eY5QjtzS
+ XgFBG6m9scVN7SYPyWxGZ8M7qKNqCezXmOSOWJpsYex4nFSIuIDr7LSw3bs0tp64
+ q6qvOlISvBPjoAmv4638iG5F3zronJde01ZmcYx2l9kYSRcxdr9fyUNaeWsz1aE=
+ =MW8k
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ/+M5ftMfxnz01rDri5YMAKBpUAgUHBdnWrjaVWqGIS7aZh
+ UXXqlCVRXzNfIt37Z23LiyINJGZ1y/6ES+4n0RYAli2XJWlR5vMzbN2Obh743IoZ
+ 9bApYKGXf0pnRdC2kNGFK+PC89aWHWpjVSsahBhVcYbi9G8WYFlYw/ZVrlh636OH
+ vahqWefuJStCKL6DA3sAYJzzDck8F06o1pEzmvTkGmAlJfZZ/Otam9BSQFmcegl8
+ tIqwi+EVuu35/yo0QqSMCA/QmvEGKi7rsk2OJMllyEHCe8Rtu9JHsUsnzDXCCPeV
+ UT7s8jMM0rduuEoIhgDkiEHNgbIbQ6f3/gdf4f7s0aC7NnoUHoVI3pKSbZeQhGzo
+ /pOSFsaqxlclxwu8uxIcyF/ReFf7u+sAM0AUVWdBKi0l9zeucJf7TmokY8oh3K1J
+ XX7XIuyMwvo/hrA23GTrYVk3ulzedawOlDh3ZvtNfiJH42IsNcsOMRwFDjwH8xSI
+ dYEcVrH/jhL1/a9AzY8lu3VCml/Xhs6Hwqr5urYcBNBC3PoufPoi6c79xO9lcxxl
+ iIWPEdANLdZO+lCKl0aR/mMZOojInBKplGFvqaedFYDoHr1ng2yYBeeGAbHiGf7/
+ qLervOigfGCWjc2sgyrTT1jcvcA0AuuNPiBnZmfEsiOgyiG5CWMK0y7F1Cm2cRTS
+ XgGHEBJNMoj7IbxHk3Gc++GDAschbcwsBUNbyUjhQ7THx5OmpyaMl+rUZZNEhURk
+ g3YvkqQvpP6Op8D5R1u7OHLR3/Y1T7eg+gSj+jrwAx+uj2P8PXfpuceTjPqTgQU=
+ =nBBt
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pARAAqlrh/OWyGSIJmcsjLgeF0mN0EcHYW/Tp/XWu9dtTB35i
+ ecGcS7n3UtDrOFTH0a2OufYPCf1gxsZN1XSFnwG6B2P3WCX/FDLyxk54d9ULUb5a
+ c2knQSY4mgsr9p7xIMm5q49TqWYZiJG7WnADyjkhWLb2nHiifGZ/eKS58v8Ekhik
+ rNWh+Lu6gAHh77SNMxrjKT59rQ7XZPJh47pRBdxwAUnpyvBD5QgcQVuUA6w2ohGA
+ hgNU6ep9Q7ZxJuG+EBzmn/5cJCGvdP75vxcLXB8H/qlUHew9339UY1qXFg2cEnXE
+ 4M5uQ4bUzJqQ41LrbjD4fk4hgiANVVd8rypprmHBB9ztjH/ap74guHJRnd/qs0CM
+ c/Pi7s61JEZrgRzv3zOBjuQ3CSr4w+8wdF/POknoRQWuwf9nC8gyiY6L8ROESHjH
+ v79tLHXTfPn7HZZ8Bl6YjTp01gaNGJ19lNj22X3G2G0J8tlzTCPBkgKuxi7E7JaD
+ rWFF6k/sclN1+pGPn8dfVeMAXfUdPorXZbn+fUU0o1mw2XkE9zsa9Tv6FHMkNS3j
+ +t1naeJ+NHcKF+aiFNkNo1ZfTgeni5iIxvZ7MmlS3ujj4EKZsQtXJBQthPaW9waO
+ 0H3aI/GttEA6pwgnuvPucfbabjuMNFJtIjeRwnyWzJHRSScE1/MkNZk/J/VUph3S
+ XgFwtKchdOvNI0UzFDrRF0QBaEkJynjtUtZzsAhYjNHjBiqtoFO9ud++OqzIBR96
+ lZn+sq9rTxIl3yxazoid+Ls7A/4eP6YyA4ZX72apW4/cJOSDYJ2Z2Qb+YtmWX74=
+ =8lTB
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAL7jChaBJQI2tZj4oNVqZkqNh/CwrURAsgkodnDRRM0Uw
+ YJbD170ufhkPt7g7Fk9kym94HZHxKsMyTIBLhbOWz5rQr2ZXbSmBOuUdOG2mwqhw
+ 0l4BZmmNp2oSl2P0/ROLw/vONilGvz/2jMQyCFDXN9IJDya8yZiXTrnEmK2vSM0/
+ DYtdYUg1A1wCq/n7bJJCUDWPYSnymP8b5dafTwqWjGwbA+lveg9MDNSRUI9QbG6d
+ =pja7
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAS6WN1p3uJaTwEDUFyHIvXIOhVzrS01NBXZAARIT/URMw
+ 9co0e4F2EliREPIOPlrdTkIutWzk4Hthmu0NtDk58oAkpJOFCayTcQJGDuIDLvZs
+ 0lgBruPX+8fTD83IUDCmABmrKpQW80TgpWd6HhSRVq595mobaJ4S+TY39zUvr509
+ Zrmg6DmlUrEr/FYdff3gj94Rm6wDyBkI0fm/GLXL23Il7uKVrC5WQsNZ
+ =vzES
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//Y4Fc0reFodqz/P5dKD2RsHsKu1kC3Q0KVdGxzAe9AG6M
+ c26glnYir256VUOonlP5q9gsIvAc+RDNMoFF0WwKO1HGLPmeiB5gK8DTm2U2Hz9/
+ g4xG86+5BCyR0eFkx/sEqlVnhRsnfSkPqq6L+/mJir0DQ15W8SR7fbvn7XsXKQC+
+ jKI/spzZ0CvkLtbqvqMBp00ZTQ+yU1f93hTbvipLPLLR1fBSOnJpe+f832xAwH6U
+ W0eLvxzdvdSyALDVT+1xPNH0/Ew/j5E/U6s5k44IQXl2EKQXdwBiSWk8m8Ii6Gj3
+ 0XqJj8qiJlajl16auYOdXa6jNzZac7+JAgthc4obznNQsrD8j0XSolzYybPd+4EV
+ LCW19LF49hqEOsPi3UsigDjcpaiTxx+VdLVwsboquEwwfN+9PFl/iHG5tJRRZjNh
+ 4q/im5owY8br5Ef6HtU1dWDB/PNHP4lKzWuyGXS4E4YcdenU6cx3HmwKHTTdNlpx
+ TuH3EYVHTCmTOsJ+5wXSiZa9lTsWXX+kAbxFoIFkWaoi+dtg1NNKzmkfwARPVbi2
+ pu4s5rJEGHwta43Ao0gUMUEGyqTItZ0V6gyFn5Ey7ivzvtM0RDjzigsPhbFzCQWX
+ kUbefqCxu9iQR1LFBxWdM4iPC0xPN2oK4hnRFa3rzyLxybyrhlre/tsMIsS+4lzS
+ XgGYpNwV4QTYw+YOcxHszqg5OngM/aB8aZIOELsO2HkzRJh49a3Uv75TClv/a7GC
+ DVVqRbIs7ACxDw+SBp97Rbl2J9k6UAdGJOQ9e3cgxr7JxacCfd3KAJAukco8sQc=
+ =aWRa
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/chaosknoten.yaml b/inventories/chaosknoten/host_vars/chaosknoten.yaml
new file mode 100644
index 0000000..1c8fa93
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/chaosknoten.yaml
@@ -0,0 +1,6 @@
+# Used in deploy_hypervisor playbook.
+hypervisor__template_vm_config:
+ - name: STORAGE
+ value: nvme0
+ - name: BRIDGE
+ value: vmbr4
diff --git a/inventories/chaosknoten/host_vars/cloud.sops.yaml b/inventories/chaosknoten/host_vars/cloud.sops.yaml
new file mode 100644
index 0000000..3c53a9b
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/cloud.sops.yaml
@@ -0,0 +1,222 @@
+nextcloud__admin_password: ENC[AES256_GCM,data:R+6uuaDeQWSgtV1Cp7YWZvF8LYOIhoz1K7WVKerm67NLbLRpD9191DyQH13v7ZQPvIce3JzyrWqoyQigJQIQqA==,iv:chVGvTY1Ge4OwrVbFkU5IMd0aac5HqslddQEdY8F4Es=,tag:slmFXStGVf6eJdPFplqKjg==,type:str]
+nextcloud__postgres_password: ENC[AES256_GCM,data:GIWhmhiDkOC6mQAqNe8aKQ2TpTTYQJ44jn+P1hnpAxstAWLUTJZdxE2DHdjhZ9tV6kyTb/GXANn1UtgFzxczbw==,iv:lhJAZF4mJ09jVa5DxtVTfMe5FqfjpQojrI15kYuXI6o=,tag:LvzpBXbBQtNvEnCDNphUqA==,type:str]
+secret__nextcloud_smtp_password: ENC[AES256_GCM,data:9UI+hMDQqM6Ui02fpdscXj5Q+XfN3t/g1MUX4blqd/egoLBtq8R6YpdK8wf6heqXUck6VVDgDLFnpfQzy0cqzg==,iv:dkTN/pj0YhLqEw6Sp252bKmnA1RaF9wfoDE7naGN8Ao=,tag:1Bg/ZoCITh7S9Ps617DKTg==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:15:59Z"
+ mac: ENC[AES256_GCM,data:iJcBQZ2Mpa83/bR1BcTPh5PGrsjtyQjtAwr0y/bjOXrpMjoCiE8nHl2vdfZIxGYU+v40nkgYhXS6wCIlBZgO/QgvXwVT3Qm42i4GSx93N+jV8j+iB0a1kPJ/yHAPHD0zvWF6qlNSAeFWPbifLMXHLjijZDud5LxdW2KfJ00JCuA=,iv:BTUVSDYfKJI18GZhiUC/pJ+Gbuzfk3GrJadlOapw5qk=,tag:f15zFqye7O+L1lTp0Z/8jg==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//W/vD5coVwidijwr0/l91HBYRjtbUX+D81pJ3pOa56weA
+ 0/breqUaSOUtClLfTN1wIrYHDVmLHuTOYqn3z05k0jyGjEbP9tI1Iej7Jfxn+aWh
+ 4DgDl84KO6Lpe1kV4y+bxzt9OSi95h1vSEjoV+xbQiDOhV1ZKCCiezdrTTGry1Wf
+ fMpNrkQpb7um3FYopMFhHKew3WSugDuSKU7T3JlL8kMDwoeOI9GyfEXjpBY7oyKL
+ Zs0qFqaO9PZG/c91O0lUgTfMSgiwhIgUPQEAD5P0FhyRCmm613kayGHM0QuYXjsD
+ 2NmU2WapWrrirjzUTzlXFwj1VOA5WjlqVNaHKrFqtvUDvhTP52OwgEKD1P1UkCh3
+ BChOr4T/CoXS0AcBlQGYuBlaY55XnFAcC4T3WYkcDWM7AZ/HxPFarCgpYsXGSPsg
+ WlPFccAsQ8XA/BvhuAwCvL/aipmM3h0WcBXh82rjkzIPdDcxlrECn3zRABbSuVSc
+ ULEFdzOXV9pd5LGySkbF5DcNw00+bX2g2/sgRB/ly0iQIqVta4oNOBRs6REV/e+D
+ IeEmP+E6YMc7NKz7mCSbK0p7RBtcePCXZ9uwIql/sMz+K61kxvwDXpqHQ8A5EUQu
+ EGNIhgVfSbBIkqR31x0cW4/c8NKiElUx8NRmcn5lYxdy33jl+H5jK0Ttb2pr7cXS
+ XAGJ250qZzyDFe7LmSoORJ1zoLUUIwPvWy02mcRhIlHik/FJ8/dawL3HFbdEzMOe
+ /Og1ON2961e+m5AD+sFUXV+MDHe9s+eQDzQSIGbJhzGVvo2hfMn5mKFdtUCz
+ =t2Ii
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAoJJ7x/CsgQ9AU2sI3pCuKW9wUm4+EDDqiT9CG5WtJA7k
+ lj6oqEXmSe7QY7AxniKZLEsePMWSBBDYNcieUQaf0eZpuxwytDgav9LqzkwhZUGc
+ qhJV5Wvf+MdFCNmPa3TUuV59N1d1jXZPvWLgknOBM7lZexvqc5Lr+pd0c0qWrh4h
+ WDx+oS6yFW3qFvH+98iDxzJ2y+xvjBDvXGSqiZEgcJMyFllmpB45EcUIi7E2gs6r
+ vAeNsWEEYfO7Yt/brphNq8Ns2okvD78oZbh9dNagy1oT3huWbaN7LcJPoPJ8qL8w
+ tWAymwE7xkOTWW0gY0+MQJC1NNnDmIGOCxNGuFUpku4xLjOXMUEoBHdvGKqM2b5V
+ Yj95fnz8bf2FvH44Z+7PYBUOICHZBTC7EzExfSY7fEu7SnxYIjxMW2ufE6xo3upv
+ RFSALpv7Cg7G+PBjLyh5l/xHmXhObdbHbFC7EJXrfVYvfj1F96n/+DWbuXvCOm6s
+ C3Cf+296tEfO9Jsh244XP7cN4z5CvJ0N5movSXZ7oEZ2YJL/P/ieJ1f32QrmyrbI
+ CUuPlcCycE4CWWV7yvsmyf98RQVYXMXL73MBw0EJSWRATlC4/bcGIrVnbuni/oJ1
+ 8YNlqOejqzAzMMZ5f1DEstXb7wP3bXCao2r8uWyPLwsnJTeDKgtkw85wueIKp2zS
+ XAGl6tLDdlOVzbhKFL+E+1VG6GYOdBNPFYQ4yqaiOzm5zPmnyOd+FLKzq7jvXZ9B
+ ke67IgBNK5xNpAOnHauSawozf5VewJSLM9SyV9Geohz9W2ihSiS/vnSjQk65
+ =A1pm
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ/+Ptdb4Hx7Uh2mH5h8TlOUjQW6UWxwpuOn4QHIrf5ck7tT
+ OrwEjNztauvMuzYJxSxGdVRSsKD4t/tTs0xLcTChGX1X0W+ZTjjpRjUwfyFYMLOp
+ SRdnyOBkZsmgvgt7xqvwwssJwOIbHTrJ5kp99gXggQsS4M/HAtpLRuHMOGzazgmB
+ 4H8vM1uA/NeOUjL1g6U14GwKofRgUbdLrkA2i6O3Tn6uVrpvC9heVhU2wiSF6qL1
+ No6DPheN1PvL+kV0h2DMxrMXcFNl3NjlUCE3vT90OyeykMuq8OQAfpBR+1vBOihP
+ jIH3t+kDXIhQnXvXQU8xm34bXO6Eo+c+/9CZXhVvAWRfFlOWrwR2/JzmtMMMaEEd
+ T6UjfAVlMJMWyX2kqXzpGVCijA2AqhQAFtC3JWmuovOiLKy589jYx4DOQ3h+VMMB
+ ggdZrx/hUGvkg3KpuCQoBYYs97SsOcF6vImPfQ8MApzW1GdT5tay6kFOgDauw+fu
+ yoW79sAvRN6IEd1yTBDhmL2Wd+Mr0oE1a1BWcdta3mbrKUCLvDf7LZrZLTvqLJQK
+ WzFiCOYYbSZgh+KYXzw/FSURNT5ZQqF2bUeSkR1rEbPPoFcgwFToYxKbWPvCp7ah
+ 1MUA9v7GcnmYxHS7yDhe1HOsdTM/Vpdme/2LFha/QawP0Cr6eLa/uc0KTgXxbl7S
+ XAFqDjqgejL0O5R5QrY9HHQAMcpAPfzaptRuwt2tv+V3cT0K4vJKYzsdi34qDnfJ
+ 2jHbXsjRxRsc4am7rA5xcB7r3lAHv11rkDU6oxiNu634eOoFIar94ef8VBQ9
+ =bQFe
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/9ESOx/yVKVHFnCpC4nD2r4sYAo/x7ayDJKHie5sIfaf2a
+ ebRnIAezWlCEWqJ7FVU3QUZupsry/u+SsFnJg3Kv+TE51O2ITQenLdSBD2dUG2/Y
+ M2qqVUzXsEQOXr7QymYX41AThRouj+Da1+gKZ8BWIaPU3khesjLjEu4qmuJeh4jY
+ VE1F/2QB+WFY/lw/+WHpiD2xDkrdI81J0pF73pCepwDfBNmtZttURzn4xO6t9Ey/
+ Q89laIxHjl4oGUrGJkUonwzwRYaQN979SQWjVl+DdYN17tWnMChhlweorHh4fM5f
+ qDEOyGlYFH2kzupzyhwCIHK/4OaJNt8uQbB0I3h8P1qj1Zl23sTGP40KxrvD2nNW
+ 4KMPanP1yFRSe0zM/4L6HliAMu0VHUMWmH9qD0fwRXPV5fdIWxctaMQZnrVwAqGz
+ s/DJy3VQfFP/bxO50ir1wFj2HUPjFTWs7eqzum4v58Amef35S+YuMWBcum10m2r6
+ kGapqwHQPgxCWzAttIB5tDetW6jBBs4hAc1nyliFLJITDiZ0+p/mWUNqc0pQPn7g
+ DFPCB27aWlCj8pGObVPZRHo7ks6dX9E5oy4YGFzCmDvZrSK/cqmWAtU6lsWgFYRu
+ fJ8G0NY6t9rsluN/Cw1dplIJGnHvzJihPYKuZCkxRF2pzm4ESYzwZc7JrAmAZFjS
+ XAEs5H6b1OzbdhaN48NVsB9/tonkzmFmAz6/E7loI0KQL8Vc87eTWdHc9Kc6VBQg
+ 7/OGSvCKW5PjdWP68Y1tFB+1lthakH19JyWapGhYCaVj8PlymMB0ffktfjQk
+ =2M+z
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAbe6biWCSneXlUMVbeWc4r57SEHDltmlWRXulJZ6wXhQw
+ AjEdgA6AxqwJoXBTd8KD5GSchMmpXXRVpTAE2gvjwVObudvZERba9wMuxcsAdmDe
+ 0lwBC8GonXrMNb9BpesML66avCPVcjwKOPED6K82ZXn7+XdMruGQsUmQnFNcPnWp
+ iAqehB1RrDXtXIF99yGUddKlFgChVJUcOjkSD/RDSkMyjlwtyJuS26qoFF7ZFA==
+ =8dgo
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/8D7YIg9os9dNTzsq6RfEiEQH1XPvMMucaI3g/G3cuO5Qm
+ 5MBHNXVjwYtrQrulZMY+7MIUIy9xHYjtNNZi9VIAk0TWdCJ9XL5Zy7v/x1s+pIAI
+ 9kqeGI4Uu5yp/2W2mTr3q4qKZU8gJqEnJdlWIYETbqdgAOTcIlrMaMB11AS7rC4b
+ KF9vpOcOAK/yHbQATjvbd+vjJm5+wZ67hDNWmPvgh4gqctidPKKaLIuL06wDBZR9
+ EbDSXXfKoLCYJGzYoTMNnwAu+flD+9ZZyDsox0/0wN+QJjS6czY0up9TCbWW8fyR
+ dhRaX5ZGiihndspveM9v9Pj9b542Dz2QC2oD8YG4ZZ007jy8d/+mf35YtwMjZwup
+ N7C3zEOWJa+2CUvHYMkSpxYiQbocbnKJoABO70KoCXaPKanrttRBJ913owhIr07O
+ 7qVLrJqNhMbEZCd12HSFltOuGTdZ2H0NHtypFeFQqdR2BkAt8lL+rR/+4xGq3HON
+ +AQbHdvnAUFsgs9I/9bEGvzmmdrxUKYCXO+lxG1u3AJ4vPtCnwPevUYoe/BiTtZB
+ lGCCY+1eVZT0+7YeGGWPzy24hMBMh+T2POHM8rm6+vdxi+cepoki2QrpQkGP+AQ5
+ hVk9IJ+TPTBKVX2wTKMVQe+0G/zGV5FLXlCEN843Ygm/G1j+jS2g46grKIhU9yvS
+ XAG3VoGnsNY2KiH6yCbA3U1e7rrh6tdscFmu8OTpfx5/sJ+4GDax6vUYHPURJPBc
+ Ta+H2n1Ih9QdIkPNSv0r5fHYEGSnRRQ9X9eCY9FbvWQgVQuEY6+0Sb69yBV7
+ =yRWg
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoARAAwDoWy5YkItmh2pkAvzccoc5tAOulhV5N7gA3t4wczXaD
+ QMR/o0CZRqX6gZjaWcmjT33AbDlbdzcY/KJXuFvag7kS8QyDAWI86U7Rrun7NoPl
+ EwmEjmLyagiXmSa1VJKv6iYKuoF2T1Q2NQO2ZlGi1OQJbPEnpYuDyaldk4Tin26e
+ ZG3Z50jbUBUnXE7yl++oIiP30yD0vkoWD33fQBZe8/wTURDStuFkBFSTAV4Mfc0k
+ dDFsHZm+eWGBgbtBm2MJR+E15b+OwpsIwmRDF8lirsWo7LBz4MAeGB+bMoXzmAvG
+ 9lPlH9t887slDMD9QOFZ+on8pBf0zlpx9+MqBBb3HhdOFGVo/tqdjkp4zhu48Er3
+ bvD2UOMNKNpBnxvh+Wh40DU1vBsDdeuaATAfLl3adliBg8FIGY5brzlsyDQ8Ebwv
+ PZ8R4kSzkSG1cdbLM8qpb1D7roSPClM3uikPEL8WXFvvwcc3EjqsmXl9D4sw8X3b
+ dzrjVZSZgH4jA9KJtKgwyEqlbyYdizHilnXbx5VlaZJIDMvL/nVJF+Ue0qYuAmcb
+ ACbsnHkp0B1CNZnBibuHaIy+T6UNQ1QV18xuCznccC3a7VCASWDnLLf8Ag3yUCFK
+ eOMjMCRfWLpybjPT+2yI14Xf7rFNchnHG7kIMx6XIaMA3cHN7dgQyoouJxg+3z3S
+ XAGogGEGYQm/sJ3ENi/N7D34S5MAHfwBPa9cS8PmE33q9jRdUPwIs+TbnNcklZTK
+ JxFZEU+VZWpt/oxYBG60gM7fZsCE/RZhGXeqV21+pAS56kRi0aEyuq0Imsua
+ =p6Jh
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//dJdmLs3R0IXVm6HcBvH5Um2VjDfZ+HOgl6je3NxcgMOn
+ ognp2CyUYYeR5GpPm1CydaNVlkKGVjUv0BlH9Rdh/pey5QjC85AMQpNumW0nBawS
+ XuGXB3pF53k8pQ9NRRBNmS61vC62eBV6DN6CLKUhmC6SHA/54kFrWQNI/6fnQx51
+ QyCssR33opVibfi8rz61SYQpAJKrFEM98KQRB1aHntLEhwWcYR3yKv4H83iKhuyU
+ 9O2JSn6ps7s5HFld/KnQkoVRKDZ+BvHbQAG95FSzjrwd2Ec0Q4EJlVRJrJFq6pHx
+ kMmpQebZRd4hbkEYAU9XR6fnnjXDg+RdIrPjDfxrXsH40IOlZBivgkD5ACIkTYI2
+ /bvq8K7F1SfDjgkeuuyr9y3QtXIxwUgDTo1cwu2wwfYsD20euST34Mv7DMTGwlY/
+ NUQ+LfDUgXemgWNiBXkn+bu7pFhE7PnyDr4yoTg5ZD2eUobBB6g+2gSaZLKQNe6h
+ zzZD584MQ5zz8ivyZXXAkpe73pV6bTTH5F76deXK6czt0rkrb60O9ELosAK40Ogt
+ oL0x4LFMgPanQdtzs8bEldZu7JNAf7zxrWNoey7zW6xC6mvyVLPw8+eMNS8UQt1P
+ rpEAInl6nX27x7agk5AAUDda6FOJdr6cmTLgPXnw2NxHSjG83moIGpDik4BZczDS
+ XAF8KRueOsSUOnN/0OWHwyWwIEjpkPPKCmqZ8itJjap3pDkJ7YhshRVe6nAWnDII
+ Z9bY10K6Dxev2dDYH3/ihxPPbFNSWtqeJvmyVOZXCHST3sG5DXpuTxiQ7JV4
+ =pl4Z
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//dFqd5fLpXxk/0mr9drVZy8Ih682PBGcAFme9bdYz4Ou4
+ 1uVP1WTmP7Jq9aV/SFq57JCZIEQCKbdAnMtyST/7OrSnYkYymCKRqEP9dP92K4tm
+ 9BJrVDu6FMdstBMBNNNBb04VPPgVLQjzyQw/zJnyniI5VEB9Z1MZy4b/J/zygWxG
+ nWPy4XBZeI3IhJNOm5zud/+pXj4o7jgQfHdUSMbD/pylc+2H0/23mbtHLuUT0d5v
+ nZIaua1yoCW7MWbB6tXQ8Y0O30F0wNX4ckCED4CSloZa/joApv+tivyQrxNLG5eo
+ P+KoQIB6YSG4K48j2J2WHd7yNsN1ZSevYQpdwj1MZAwnAKFvmwc6uX1oX36i9NlE
+ uAjDMMPyoEFFGAGHCR86atfeZp1LM6ot2WkaBq7SdpTeJIqO6oNJHGo9ehpn608G
+ M+Ebp4HSxMkedJQvpdKxzkuf5Y3e6dQ5YdSiC6eQC2ar0tsCMwmHfSXUE37c8zwz
+ W2oxnrANtnUGBxvV3b5QcQkUXcISW4OnoQsnDW+b6vqL7zfy8sWznsHcfdWVYknJ
+ 5OTV8oF5vzRrh1TsJvwp0Y5yDJPpV9yFjIkcwlNyCe8JGtRq2xmT2sdJ9oL4aSVO
+ yJwcdw8uFhCzyQTZR10knGbhLubDiBbwaNOAktXCMZ3bidERvcvcqbLUAMKKk5XS
+ XAE6JMUlnNaa68eQcwlph+ANQiL1WR1NTbBdwZcDdnjjxCwl0eNOliCBUn8X9p2x
+ UYVlfQMLBAOy9VthwmMe3MweDAwmeWhCL9v67D8KV2chCbYxhyOFL64ysBoA
+ =TSc1
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdArglWecS38+Bksx2+b6X4mXopM/CyOe9ogHcdSTONUlww
+ SPZNAyMDJknUOZNVhsZT8FyjpCQyECYQ27RZy+1JOmNRa0Fzlhi1HzyB2jdvy4J8
+ 0lwBOs3Hnmlh144XMitJh/RQmcAfE+gyvBVc4+ZFJgYhxiMdEZB0PlXgRVPtKOcX
+ YaO+cT58XRpJAnHAzvlZYMGXzZWTGtErJO+yQVJ1h6cjyi4Q3G1DtBxyx47vgA==
+ =qQ/l
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAeKRRJ7Fng1MXOeaUFcbPRsH45ivTIZmb84ByrvJKOT4w
+ G+8aUOX3WJ4YigTlsTc0wsbDWUmqkOBae+lMr+HjAVwzueEsKnvNVnFJ82CWk9pf
+ 0lYBAP9tPmC3ngDE48WUHkkPreAwUUqsLzSDoQVz8lPp2y1qXjK9at1g9GR2tQYp
+ ykjo7lLRQpmtyTteIyCzil/fRLNtAnBvtgINNKAomK5SpSH8yc8HLw==
+ =CZXl
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//aewr+lACFStf8lUjaodueZqLXSz0ex4UC6lyClmzuLkP
+ J0XWjiUKGs2ZWAwhKegEEM+O88RLFP4MvSaoRYIoDBbc/nLrOrPxbJVgOjCkKWMO
+ HKIXeKyFcnuDJUEXMjqIbX0NbhoyJec77Ne/u7LvUYiik+j28Vx28nGhUebP9N8n
+ gR4UWMaSeLqk84q/kiioV7hsX0hz6p+AFMvH9zGks7+FgF2Uqyfwrya9TnCjojbQ
+ OPtDdZc6d3s56TdtfcMaIkvYvam/xoEOfFnviz44wplTqiogGVqbZW08zliY/lap
+ XdhWZkYQv8rVxwVLZlZoxLtQpWZ/jRUY8jnu5LfEmCeJwIQMvUUDbvnDZClodMRo
+ xSFb/f9kwEkYHNrIZd5qLRw38GkQ2kNnVNDn4LKICBlsEKUi6roZIghEW7bllKKL
+ 6MHjc7ddIIYZRZs4S3djs8/jFpGmTvA2xtvCKCz8IvuhFzR0wnjGtIL96yHfYc6d
+ qLuJjLYTZPEFcgQc14z4Omvf69Ft2TtWPu/JhTqKNz1E55fu0snrjK43QFf3AMon
+ /mSBp6+JC+Y24wuljXjSt1PeCWyEKiHK3gnkkZGixlxRdWtl2fV0eCqgdM/j/VQ3
+ 4AB2ugyxj5JxnocWKMIFuUy8SxODnzyVE3A/7QgYjsIgPLg6RWtDOHCo/BLFBn3S
+ XAElm5jYXaasE5lt9yat3tPO5tQ9nnnuTOGou09KVta39uMwCBSQfuAlzWtLaHPv
+ h2dbbXEB6Sq3UNaxQCfI/ZWF534OIV/MocS1RlYFkuQMWNPKaDmGdyjtVnji
+ =N1/u
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml
index 7212842..0aaf92e 100644
--- a/inventories/chaosknoten/host_vars/cloud.yaml
+++ b/inventories/chaosknoten/host_vars/cloud.yaml
@@ -1,11 +1,9 @@
-nextcloud__version: 30
-nextcloud__postgres_version: 15.9
+nextcloud__version: 31
+nextcloud__postgres_version: 15.13
nextcloud__fqdn: cloud.hamburg.ccc.de
nextcloud__data_dir: /data/nextcloud
-nextcloud__admin_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/admin', create=false, missing='error') }}"
nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}"
nextcloud__use_custom_new_user_skeleton: true
nextcloud__custom_new_user_skeleton_directory: "resources/chaosknoten/cloud/nextcloud/new_user_skeleton_directory/"
-nextcloud__postgres_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/DB_PASSWORD', create=false, missing='error') }}"
nextcloud__proxy_protocol_reverse_proxy_ip: 172.31.17.140
nextcloud__certbot_acme_account_email_address: le-admin@hamburg.ccc.de
diff --git a/inventories/chaosknoten/host_vars/eh22-netbox.yaml b/inventories/chaosknoten/host_vars/eh22-netbox.yaml
deleted file mode 100644
index 56ba344..0000000
--- a/inventories/chaosknoten/host_vars/eh22-netbox.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-netbox__version: "v4.1.7"
-netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}"
-netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2') }}"
-netbox__custom_pipeline_oidc_group_and_role_mapping: true
-
-nginx__version_spec: ""
-nginx__configurations:
- - name: netbox.eh22.easterhegg.eu
- content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf') }}"
-
-certbot__version_spec: ""
-certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
-certbot__certificate_domains:
- - "netbox.eh22.easterhegg.eu"
-certbot__new_cert_commands:
- - "systemctl reload nginx.service"
diff --git a/inventories/chaosknoten/host_vars/grafana.sops.yaml b/inventories/chaosknoten/host_vars/grafana.sops.yaml
new file mode 100644
index 0000000..d9675a2
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/grafana.sops.yaml
@@ -0,0 +1,231 @@
+secret__grafana_keycloak_secret: ENC[AES256_GCM,data:85OEAwuWnYW4NgObAmYey+2kGRML2iH8FuDlIZsHyOQ=,iv:Akdk7Iopx6nIOAFXqa7ROnH25vhoe4uopzEcHjWKWo8=,tag:Lgm8H9fWA+/PCjp+SHoO7g==,type:str]
+secret__grafana_gf_security_admin_password: ENC[AES256_GCM,data:Ct3YH/5FqUA+a7Z7YlpZ8aMvUM43blRG,iv:ePwTeX+7H9p0isvi6Bu0VG5egIOqTopmIiUhYoGCmR4=,tag:SLy3totIMtbED7XxmblasQ==,type:str]
+secret__prometheus_pve_exporter_pve_password: ENC[AES256_GCM,data:dJanRGfkNwZw7oaxxwpjpbV7m3Zl/MzA91Y54WrLXxHWDRHBX5Fe1soWgysN3uI5s+rtIWWfpCux/rSggFh0gQ==,iv:6gFk3IHxGkWcoeZTpS+iReBR5uMModHp2qLZp7aG4Tk=,tag:V55iwRKmS50E2lNS7lmCoA==,type:str]
+secret__alertmanager_telegram_bot_token: ENC[AES256_GCM,data:DhMeo4UHoYu17aVx2sRtQ2v2MFuwD/vHB0xsOf7QWio35ZAcwzGHab+VOzREbg==,iv:DhrCAfMoUt2Zk8imaVA8xC0UAJhXpyqNNwqP5th5ldA=,tag:BbCDqenw+yT4ADpIgZ5row==,type:str]
+secret__loki_chaos: ENC[AES256_GCM,data:km9l2LYuyvitMQOSinAyUnnF2AePE3fcW1E1k5fF,iv:gu2FB+R3/UIsa8qivpQE6AVaOug7/Q4JO3S7nhubsww=,tag:4JaG9ZHPbyzFIdzCnYN+qQ==,type:str]
+secret__loki_chaos_basic_auth: ENC[AES256_GCM,data:9HS1Jq1LqTmshFKdUDk96Y0apSC3xhSqOAWv3G1E3djDvl3QPA==,iv:oYgoIDqV3lGsHDfivgMRh7HQ0tFZhRO9OZSOuD8Yoxo=,tag:wkFgxC9EFbm/wHIHqELv0w==,type:str]
+secret__metrics_chaos: ENC[AES256_GCM,data:GDLtKMuExpedDFWLew68JMbdaxy1aEep2j4/XkOD,iv:2sbdjEp1GY6rMq0BMw3Sfjyci3Zfm7fFkU8wUFy3IDQ=,tag:yEarnC4wJvFnB8i7tJ30kQ==,type:str]
+secret__metrics_chaos_basic_auth: ENC[AES256_GCM,data:eT39ijCsheJZP3D335EIRdeVR4nSX7APw9e4iQ40NtXz8EEfGg==,iv:+OxDeTOF8PLxSFT5ZKkUwWYZfuBgv5YUJSGWsURL2kk=,tag:0nIroxvAjTG0vB/lwq09LA==,type:str]
+secret__metrics_fux: ENC[AES256_GCM,data:aV6zeZ/XsVlA3QepSfVd/cOr+tqFVhlAxRO9SHx7,iv:fxo0o9amrh5ivPTxRVkvymB3fr5dLFVE7EqIpBlNZBk=,tag:41dm29mrV/jmqj5IkuNAaw==,type:str]
+secret__metrics_fux_basic_auth: ENC[AES256_GCM,data:YL+QLzZyyObzDcz+FcefViMrvdkVSwRhDsBx/AwoDX3RLHCDjg==,iv:GADdMa7FHMM1FnyPp8DUHElpXsJeqD+gN5Slw0R9bgs=,tag:KGCoEud2JLU5s1gurrbywg==,type:str]
+secret__ntfy_token: ENC[AES256_GCM,data:0tuPJVmxHcdDWOMIo0QQXgIEkJo+p9A5emH+kc+U5tw=,iv:NZcfiz3UFw2fMcMf+q1GRp4Fsxpxbptsx9n8wPR54z0=,tag:SJYFtXccCbPrXjECiKUOUA==,type:str]
+secret__alert_manager_email_password: ENC[AES256_GCM,data:AsBzn9KJEoMjcrUWiIhR7I/1jaaFEa+cl3gImOQVKrg=,iv:mtQnZqT0taap3+z/L/nMfUvQF3JlTKIdoljmzVr1R3c=,tag:mZrCB597p8LyB61I7ZvHNA==,type:str]
+sops:
+ lastmodified: "2025-06-10T19:17:41Z"
+ mac: ENC[AES256_GCM,data:8GGZFGSRXAaLoWUowbxd3RVv7NPMVsbkDttDxC1Aeuwjy6678ddioHTiOWn04noWSPXhVnnpaTHWNW9dT5EcbLHvTl9Vb/ydKq5EnjDi3vAI2hQZ5bJ29rwSIW2YBMwpceqh+2GqDuzebhOKxJ0ZFYsPzbfTGPt8blqOQ1abVR0=,iv:aDbIiH7H72jsBRe0rSDXHMQy6zc1QFrI6ZakJj8zxZ4=,tag:+ARO2ST+1I9gOB/f9V/OjQ==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//eid3k6mqnYu0Y/JnAaWyOqx8TJHln2gaUAwSM25+Anj7
+ 033qx+X8M2M9aDCKAKo72ej2Y4ELZ5JcDCRtTYt85I92q8CxmKOPq3Iv5WCBPXfP
+ ggIMhIs61z0m+ZH9pk488knHHuAhPpCMg7ziyNQJb8HOqjDBJe0gRlQTuZ4BDbIL
+ +AoQ4BHplgYESmcSiQsJFcOmh+BzKMrdhHMKlDY92iRKArpYfPmj5YBsAUCb/sVy
+ qzmW10PBvpifPDiJhtM4LdZmsfC4F8eOEGR1p8JldgENgRw4zH78B4kPe1W4rXAY
+ WCcBllDTtxl9AB8dVp9EHQrFJ0Kw3ch/GkM4a5SdXCddleqNk+PNbakhQwLaoEs6
+ jJeEGFMACz7oDD+zMdv4txodO3O1RuClCDx/sgGCxJXZJ6j0SgjQHG8csrdFPPXS
+ DN3Bmn7SFMFlCT5hbkSdcc4J+zkxwgT7mlwqLGXS0TqAK/DDY28/PUUW5VeOwa5z
+ uLkrNmmLfrjQrXwonlcnYvIvRAO+KHlTR/MHFfekuzp/wOyCE90O91YXDn68mfdh
+ 0Jo3PT5kDrRfAPt58wfcYwCnwJ8YewUYAH6Pw8AvDjqUSA6en01j6FS32jVv3k7t
+ Ip8M1Q0VtmvkEcJp/WN0ZnRcoLb0ijaxmKyQ3PvymkWRlGAQBut4E0ivyW4ECRXS
+ XgF63/ao1eiQ8LJdT923wCgJTIvlE+EyLyxBMAERwe5Kl8J1qDVJ4EdP3bsonrM0
+ pr8YZYPGdyEFAgcquXkQEDyynkArRdPVya5Hj9vvNOHGZ+09M948FnlO3euYm0g=
+ =U/D/
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ//QBDriv4RmHkgw06HwoF2WIbRsVaqPtCQU/rATulq9hfz
+ KJGMPjuzMkOx7dI7aNgRMtQS0CbnkjXMJMxRa/YcI4e080FFTeo3rsx43ya5y0kP
+ 7X8i5wNWnJHs6yFj+d+mQA29//1z0vZliH2xc9DKOq0xWWdYvBbvInqeEsKkEr/U
+ JXY/kfm7DlCSg5OMqJXX3FNH5qKAlHTGupVzI8cvGXvUbIt3hMBppfhQ7c+DIi9B
+ jD2eJh7MgAS3em6qIR7rjBzTdwlvIbc4W+wcoEPfjkW8Vg+EYo+AOV9w0gkwDMhp
+ zV1+zWLFHOsjk15XFbJCVfSxajraZ2jBNRHfzA/MvupQY/OF7WtLkf2+CCABo1y+
+ HEnk8sruDojFFxhPeG8eiR3SgZ92qv0nhSDtJ0u11t0yP5afNiJEJc9OrLEXcESK
+ dUIIWir96s8mdqTztC/nag4PviDZgX4U9VWiotxrqJsTwYv79lJcNJVY0bGU1GzN
+ 4NBhM24x430I03e4E3aSpfNKodJ/wfH72VZeg5a8EVjUrXM1U/LSn+6FrHbhFoOd
+ 9vTIWiJA4G0lb10SEZllB/kerDGLZmUCe7VVhQ7uJzAPjpgLSAr4KhCXMnU9Q4An
+ BlGyW8On5c+mOvUI5Bqrzl3w9nB5mkNQ+yfDDw3weh1YC2RigArbnIvrDEqukCrS
+ XgHXPOrY8Tx8NM/iDjP/X81JRKCIQ4LVqlQbx3+uMOzMBW7kZiUBtvMBhktMicZM
+ LS37Yv7taWohciOU20d1/KqJELp2FeyTDjrGQfI/L/52zBhsed7OkW3LSEkz3kY=
+ =A2+M
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAA0LeyqUZFETqujsOj5OEWx4qXnBW9jhio/TK2wn1x/E2p
+ b8bOT8OH/cxrJv3O3L6LlAbumM5NqpRQYgHcrOlRsslUK2N2UszunHReVgmRqzpE
+ 0iqIkeWl+lgaqn/2NLIXArQEnP7vH6Q6GWI9GkNdZgmrRE1qDef3pcc/ZOZMcVtY
+ eRGGhBxsEfGamqAGk/UFRZ6VexJil/5ywDkLvw5JeT5Ltq7Ru4H2Mf/K3Wwm5VT3
+ 11A/241AVUODhLZ0uS3bRIJN0mO8utW4fiI7GVHtogKFKKxKiEFkZgWXAxkYVF3J
+ i2yw4hPqYqbiQndHX8T7whz1TXA3bSADuly+wAcXXSjDcbm+71iN6UgnL3WVUhYZ
+ QUxucoyWBmTPtf0z3OSTJNSWwr5wnjcUNNAEbDWUfV6vyI6Q2gdcoQwlFve6AkyO
+ j/7PQYjaU3T6LtQINIoppLiMaBSSLjjTB/sPbNROOrhTg0xym4JSTlOru8NkioxE
+ T7k1ut48l6PjXwiSBIHZQ2Ry60diXi8xxWUggBOrHdnEMEE/HGrOCgZ6pZnugNVx
+ MhpSkEcnwQzxMfUUtOW0HyR9hZWBi0zh2sqU/DbE0UL4K/6mZu85CtS76nWzVEKj
+ 8GYubDUqhMYuz815fpXRvfoPD3xk98O9sZ4yRIUisETd0nvvyZc/rXE0teLiQsfS
+ XgGuoEcu0cAVTH1aemx45le0ixitfa7blLUxe0AsSi0+N67S20+Uoxa3tlGHf5qr
+ lD4aNYvDdbI85qShxEm2m+YGA6OmKIdDBfMLbX4Z4NRgKJybLpd6eUD30WAzoO0=
+ =1x2k
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//TLM/EyYupC1ttGiaPDdy3bJYvSAfdkx9UvpkFuGF/rBR
+ zcvBxLJ5JFxwXiR9blkt8oFX97GmtIIhNogBbaOalh49b1GPCGOawOPkvh6prJMo
+ QqFMq/YfzvBnFT0c6wL34eXPzaFSkopd5pUaXT134GvZjaziMR0sL0BjgsajlXEr
+ R9+wjZ/6scsU0ZdjxseAlj+pWZhP1g8cAPITwtKl5wuJRu2Z2e6qMXRwDDVDaZwh
+ tDLiH0FFYsenPTFEESUszw6seF3pWoHB79PBt9w1YGYFSo80Jye43jZ3SQ9BKAqI
+ xnfBXQ1Wzow83/UMtHrSdHOKKlzmHlCSPQTp9Kn4FvMaijgUs3oNiG6AZx38j6XU
+ QhPdFcL9ZSL3ZsIJooJ9ili62NC1B904l4NscUQs8Lz1Di7G0ibj1hwX+mPjZ7Jo
+ JGZtFoUmFo/jVrYoyrEIu9LWzUQsflYusRLv7nYAweePaFHGNSluY039D2CyAvg6
+ vTCIdx3vvnQcpSw0dnD4PQeCMuN9iXNEdmx3t0mcuzgaxMutB+xveLcbHKUEeSjj
+ EDDVWPql21pZoPiMYgTZrBLrK0bNwOJKtaHHntRuxlo0wV8SQF8U9L5gZqC9ZDAv
+ xXxKM24Dqt7zckNZ75Dlz/a8HQK5lMlwVeSxSiNY/36WSswX0pvK1qFXjer6yAfS
+ XgE/QffPmf10emV1bTBLSi9vDKBI0cdzxNuKuPCRlo1kmOuEA/aW80lI7g8s11da
+ Dq1Gx51uXqFKrG0vJRzB2BL4S0z1MtEcDFSke11xq5poXGM4PmfQpPBI9Pa5DGk=
+ =i+Gk
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAZS15HxhhjITM350cWmBsvc++kA9dP79oqoFTYS0w4Vsw
+ 4rMm91OlSZrXzsIHKG+1bPKtgB3hak8vX+RDS0zld98RorHSf9P4WEBUahy/xEli
+ 0l4B2seAT8SJfk5uqC+3M8i7KKUnDXi4S83HNyy28btN2kwaDKpOmaVelQeFRHYV
+ AUyzLb61JOnXzF77Y1FdDdqbxcZvUmfEjBVYwQ0uVY30x50RobV898hVmH2Gal6j
+ =TrnN
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ//QsXWu0Q4LXXUGfPoGghMzJBZYxJkn1bASs7cDX1mGRyX
+ ujxpdovJkMSK8lEQ7LqTcEvjmGEttCBLDpYL5hVOI5k5tvpGh8bIV8NtZUJK+eXO
+ tHT/A+sbhMtRqGhlXqmL7dkY930NaKAeFsBqbcvG/p1uK8zLX3b7To6n27R+u6HD
+ iikUGaljRDknqKEWxdK8L79UW3hmz6qLynLIR9V7bDHbXXRZD3CmkscOcfNUC5jp
+ q0t54YzOHN1BQ2+cg230hvd07/Iu/Ko+K9JW/YmwKG7d2oB1Plitm+oYY4GaRgmb
+ VvEavkXPBTxVB4H7DyO2ghWFs6bA7trGf6cfcQKML2k2XygsQftDdoKvWWVJVmXi
+ R7ceqCFyVzXO4Hd/XcpWmwhv5lNRD2MEbIOKWdQ0JVnzqKJygb5cb3uZriTP9B4M
+ eKT/z4nVUEWssjJXQAMeHG5+pSRkT3JlizQHuHg9jU6/68N56kSVMhUyXSwvYbCk
+ 40x4p8bCL18YpA1wUbo6VtrydikPKgdx3TF+Ce2+kQs3E5ltSBL1OVykzX/mugFa
+ KUf1i2CbEB5bb9GRftagbCbVJp6d5GmF9CiCSF7vPV1hdct2Y7+3ag2IxgQS9zeK
+ o9heXRgWeoobYDztiXkLHXiqI9I2VFHtZ69zlA8mXI93xv/pBZUrQjTfmcxNDr3S
+ XgGDCDFBG22ZEVdUWOmKG999R+krXS0w00ITpO00Qmi0Ay1ZN2QAPLQS/5niB+L4
+ cdFK00jr8VllL+qjmYl3YG87ZWOGDE6lHvIGqHNBZH4FPYNlzgKySj/5BZlN3eU=
+ =hLuU
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ/+PdWzTSem7Us/zW2xtPnxdkMPmGmTg1qfSogJzC0B7Ia2
+ 4QiTaFeMNS3XCpbuMMrcZbmHasBlVDXWwysz2vE+OPudplrjT9kClW/6cwXTYL4G
+ 5K4fCY/XQ89Av+pfURTBbkrPr+2911KiH5D+Lpcl1ra92FlH9S1MEbPEgXLgZLjT
+ oRZVHoc98lDPnumvrz6kLxMPiHwCdAy08sgj6fICeZnMWjU+mgZrJOW1KbFDd9KZ
+ yOs+6hw5IozLkqvhd3Q0gfgHZ+O0d87zH5IIzwyKMjQVYC6+T8SBikGbk0jStlzt
+ qkR/PAJg+OgFuwd4lOWcJ+iBI8EP90nqhryCmwFpmFJWBAx3HiAdqE9+vwvy2Syv
+ 9+P2B9AXYM7bUB0Eb8AFhGONhTh5K7qzeq7zExOjr8GKS/QAL/0FAldi8sM32K1f
+ 67qRb2VaX0NKZwOvl/I7aCjrTfBB/6ZZLWVplnIkq/qVHNfjIVwa92flJ/7Noa+o
+ 7TNeh2ySR92K4K4DGdC4TrcxkcCISM7tb9GL8xH3vVS/Ms67IOu46Uea7EnGJkqL
+ 1zkdoiIzVq3oMhhUFIMATYPemuCnfxOiNlyZR5WgR+rD7OhagR5tM+YXAI2MHcbC
+ 5jLcRHFZ+xIkTZWccoD9pulySRCgQZ9y5sFIvOl+OuTI0rziArdqL9MOYQ0XYwXS
+ XgHewmTVljGvj4P0oa2PqRbcGWft1ms1QjioTQ9MhSk7F2AWuB4HE/hPlN/eY2ou
+ m0o2NvaiZaq9BXG8GrVkwP5hn4IrDe3OEo9WeCar760dvBB1Z+q2R4F1FyzgesM=
+ =xc3J
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//bgiphdnwjxuJGZJle0CsS7H5hSQBlqJw79+WXrKyfeEM
+ NXxKX0tIY0QoIhbh9mXyKEJKr0oOyqO+iLYlLrqgEr2OmLWDbp4+bWl0Ixcw+drF
+ uq8orbkvkbbxLLcVIBZfwX4foFCMINr2bNnTFb68yTZXpRp6+JN0wy6zzG7d5l12
+ wKKIfh93DVb3jrxaeEZz02EzLt8py9NWfniLABbIHWZSennOmnepiqCFuqG4Wyw4
+ QuyRCn7vOnO8fQNxCVyp+OLjg+7d8u67LcrU/lYTrZLYEr1VEl0mmitIuY7M9LHw
+ +qEMZePfrk0/8CshXmqKq7HiDM266HWAHq3VaAQr0HOk08DZLgzeb41wWDyQoQtr
+ dEOOuyx96SyOVaHxlttqWE9BHoX2CQEM2jUfvhoG1Ov2scXXB516Gzg9H4YYuDMM
+ ei7qG/CdO1g+7YSS6gBtz+T0+caolAD1/1LGcvv8/lkAQeoNfcNKupOR4rIiHQEy
+ H1wS7CnB/KbQY88ZkVHG02EgjxAGvHinfDa1Tv5CmjRZH2Yy6zBuYsPZQGmrH0M7
+ n7ZSPUi/BGKCJbAs+mkdYimDpmuNh29e3i7NHwCX8+odRhghM4S3ab1sPy5pdTi+
+ z3MVM/8uUJ1GSu33EXB5Zy973Pn6Ufjr9QOw+JpjetscSz4WHf1vSAe5b9eG7XfS
+ XgFmyjzLypsn1bVj0fo8FLq+flHe2h405I3hf8Olz0If5k/UCIlgRCU52Z8kGXqW
+ QJAJerSBi1/chXZg5aKqO9ofVu0MPbhiNRXxMHni4Cm80xDBwWOy4xC8WwiKrOs=
+ =czBf
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//eZ4t+Jz7ITuSVmYRGE8jNeP9RCMR2NkML3aEbWNvOjF4
+ jVhL4WvOjDHhWIBmSSgkyZFhkV/CPiRjZt8LN9bf4ueRcY/yNr03vz/cidlfNZAS
+ PRS8QZ7UvdjrprLSvTmNJTFB74AS9eelnDXc4bQlnytStlfpsXaOzA1WmQ5w0J89
+ 8Ri5Ek5BmZaVnoYRgKrV+AwWJNwlzmBrq/lHfoncHULfRwJ1La01zEy0vJArHnJk
+ ePW/5G3+84pRkJzDXCIG67EbLFwF7dWqNIlZlUkFCJ0qZsHVo/eVg1NX2iLRPp26
+ F0t2ehznDGh77PHWCJCcIYm1pIEVqD9tYsseXrc1Qz2NAjT7EDulYSdBp+kN2WFk
+ w1iFvGK9Mzc/aWBpDJYdEhe4UGEKMSMYKeqcTJf7v2cX0LE9z1JTsXctOQnByZN1
+ AsdbcR42xniz8B8vvbDzhpmfBX2xR3gC6DyEkmAieOecsJ/6jdwJAZBT/ea/t4QO
+ YBTZB5UzgjwbfXJNm4TUWYqeAl0BaSiiZo01a5Dzlo6MyGFjB5VnYRJm0PmTRwDI
+ w6UFrc0tXIMPLddWcN7UxH7kbi8e0rPHCbJDk4aN+IagM0D0d0fyAxxYy4aaJ/dD
+ 9dpUgYALoVWUNWDooKiPQoUTPujRw0Z//HCpxvmpIdUHrvPePo2vASMZz2D1uwrS
+ XgGpKromtn4QrWSgc5PIhe1CVDJSD+LzU2cUD8wKAw1X1ytL5mtqlgvZzTpwh0ph
+ 4NtYx85rHmrn5whiGgpxgtwr6o24xeim6ZhRjwbLWvYzLgh3wYNiCXzcUX7Id8E=
+ =DOLh
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdABoDixsNCXVm7j0QyJty/LyG72v0WoIfxCkVQRP2uxUsw
+ R80k8Q226rURPAZGs3D/CnRaYSNINUyD4ngthAtOPVoAA1Ri+ftOScfnVremy7QC
+ 0l4B9DKnWfvmwJY2mnEBFRHf+SM/LpP67mlSVlPuLMFxXbfrxANfM+9RBNRk9FQN
+ WOej+WCdXOiJxlcAG3HVovIIdVpHMmPpT+YbfFzuY5rV93mbNEUI3bxsdiWEJnxS
+ =l7zU
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAhDhJSPNVIKftCaEQI29AU0eiU9Bwmm/F/gVl/Pm+zEAw
+ HZKLksOb75mMeWElV4oIqXd1YXOfkSbOwuEBurgztLD9d4YWagjmUpckoWJBBvwu
+ 0lgBjlkvxjf1d9xjEWTUw1rzjIlDRL4f2GJl2NuHoHJ4zbnJCUDe/UC5B1UXin+t
+ JmpvPy+/RJdXl7Hn2GZXC6XoO/GopbiADfLJ+Bm6j7myt2fPW7JtvIG9
+ =qwle
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ/7B5Ya6hX3Zplxrhyhh45QbRLGVYPGZlaTSwVPpGhLrKNR
+ KYfpz5gs8ONGO4H11pkmde05T8ClRgHUlIuGH0o9NyGCxAKaCnbOiqcwDijmsMTT
+ uoW0SmtV9uNVbJsDgXLiESZPLPYOi2hRX5XqZrMPorUZtaEgZiE1n+kFVqQJA4he
+ 67wpCFXvrtE5nVG7oDO/dTyBJ6WOdtTodesfIchlMxwIcfTzJiIJb6UPsJZ2ojfK
+ EcIYfy7YsYpfwc4tNmkqM9sGbpiIiJ2YhriHzftdMlW5dd+22ltYXXiFDrjTJg21
+ d9ZoBE/IWU9IwJAjWDDOHweHU0AjXef3Z1Kd38TfGrhEDmnUAYApQXjTmCgX6x/c
+ Yur9qwB8JY9ixfxc9MYpnyj/hcChKAGfKDKnRt5fOsPa2/6N+JtuSuZ57jVgMLf2
+ /DBPha7TMyvctQjFfL/ZUjgghhxt/XzKI1NvIxZtclQv5zlh2Dkxn1J6keAWd9C+
+ qiiymf5lqIyz3vo61q0fzs9gwnQU3peQlAQCyufsK3lJ6Zjxi5K7lqo8kQcdL9TV
+ P5Bg5lYhXf5heqtLdxN6qB6PHBQ9IcZu+SRadXymugITs4rnMlOiwGSSGicl16RO
+ v1jtj06e50DETj8Uwd/7RCtuRTGooDamt6oC6/yKfNAcmpGTqDBWws23CRnNHoXS
+ XgFAmqUJYjWHVxyqdsNcEdtNQl8IWUOtzmvh4rCoNssYPZlGt+8X102zOHu5UkHT
+ 1+F1WPXFTZKbE6D5S5HKuYnNs9r8SSEWyjUY19DxhHsLtC5xbsehz8oEyBBhJ00=
+ =a1U3
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/inventories/chaosknoten/host_vars/grafana.yaml b/inventories/chaosknoten/host_vars/grafana.yaml
index 87cd328..2e3672e 100644
--- a/inventories/chaosknoten/host_vars/grafana.yaml
+++ b/inventories/chaosknoten/host_vars/grafana.yaml
@@ -10,17 +10,132 @@ docker_compose__configuration_files:
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2') }}"
- name: prometheus_alerts.rules.yaml
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml') }}"
+ - name: prometheus_alerts-fux.rules.yaml
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml') }}"
- name: alertmanager_alert_templates.tmpl
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl') }}"
+ - name: loki.yaml
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/loki.yaml') }}"
+ - name: ntfy-alertmanager-ccchh-critical
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2') }}"
+ - name: ntfy-alertmanager-ccchh
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2') }}"
+ - name: ntfy-alertmanager-fux-critical
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2') }}"
+ - name: ntfy-alertmanager-fux
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2') }}"
certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains:
- "grafana.hamburg.ccc.de"
+ - "loki.hamburg.ccc.de"
+ - "metrics.hamburg.ccc.de"
+
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
+nginx__deploy_redirect_conf: false
+nginx__deploy_htpasswds: true
+nginx__htpasswds:
+ - name: loki
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/nginx/loki.htpasswd.j2') }}"
+ - name: metrics
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2') }}"
nginx__configurations:
+ - name: redirectv6
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/redirect.conf') }}"
- name: grafana.hamburg.ccc.de
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf') }}"
+ - name: loki.hamburg.ccc.de
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf') }}"
+ - name: metrics.hamburg.ccc.de
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf') }}"
+
+
+alloy_config: |
+ prometheus.remote_write "default" {
+ endpoint {
+ url = "https://metrics.hamburg.ccc.de/api/v1/write"
+ basic_auth {
+ username = "chaos"
+ password = "{{ secret__metrics_chaos }}"
+ }
+ }
+ }
+ loki.write "default" {
+ endpoint {
+ url = "https://loki.hamburg.ccc.de/loki/api/v1/push"
+ basic_auth {
+ username = "chaos"
+ password = "{{ secret__loki_chaos }}"
+ }
+ }
+ }
+
+ loki.relabel "journal" {
+ forward_to = []
+
+ rule {
+ source_labels = ["__journal__systemd_unit"]
+ target_label = "systemd_unit"
+ }
+ rule {
+ source_labels = ["__journal__hostname"]
+ target_label = "instance"
+ }
+ rule {
+ source_labels = ["__journal__transport"]
+ target_label = "systemd_transport"
+ }
+ rule {
+ source_labels = ["__journal_syslog_identifier"]
+ target_label = "syslog_identifier"
+ }
+ rule {
+ source_labels = ["__journal_priority_keyword"]
+ target_label = "level"
+ }
+ rule {
+ source_labels = ["__journal__hostname"]
+ target_label = "host"
+ regex = "([^:]+)"
+ replacement = "${1}.hamburg.ccc.de"
+ action = "replace"
+ }
+ }
+
+ loki.source.journal "read_journal" {
+ forward_to = [loki.write.default.receiver]
+ relabel_rules = loki.relabel.journal.rules
+ format_as_json = true
+ labels = {component = "loki.source.journal", org = "ccchh"}
+ }
+
+ logging {
+ level = "info"
+ }
+ prometheus.exporter.unix "local_system" {
+ enable_collectors = ["systemd"]
+ }
+
+ prometheus.relabel "default" {
+ forward_to = [prometheus.remote_write.default.receiver]
+ rule {
+ target_label = "org"
+ replacement = "ccchh"
+ }
+ rule {
+ source_labels = ["instance"]
+ target_label = "host"
+ regex = "([^:]+)"
+ replacement = "${1}.hamburg.ccc.de"
+ action = "replace"
+ }
+ }
+
+ prometheus.scrape "scrape_metrics" {
+ targets = prometheus.exporter.unix.local_system.targets
+ forward_to = [prometheus.relabel.default.receiver]
+ }
diff --git a/inventories/chaosknoten/host_vars/keycloak.sops.yaml b/inventories/chaosknoten/host_vars/keycloak.sops.yaml
new file mode 100644
index 0000000..1436f8a
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/keycloak.sops.yaml
@@ -0,0 +1,225 @@
+secret__keycloak_admin_password: ENC[AES256_GCM,data:U6vt0UHHgz85sO+X1YucL9CIr00LtTaeyGUFZ4bVFarsg7y6gTtb+fCuYKCgsJmNDP9jek8Ny+A5WPkMkWR/pA==,iv:qq2H9nF6/1pUBhJG8dFmfRdxk9HSaIOoTdu3uu5xJDw=,tag:rpEuf7JSQ0092R1aPOojKw==,type:str]
+secret__keycloak_db_password: ENC[AES256_GCM,data:IDmQUjQh/QB1xdkwPKqv3ZAwdfy/lkSEdAJuF5MSPCNKfuANRmN+4rH570E3/ZApAJpLAkefh3pufiVbNF8Ssw==,iv:W3roegZU2KfeBDBBImQCCa6VqX+nUk2oh6jMhzbGcVM=,tag:0Qzu8gv5ThtAss4xJ4vf4A==,type:str]
+secret__idinvite_token_secret: ENC[AES256_GCM,data:FC9LqUf6wDijaH6JIde9u1Lc4qcqi/XZwQ==,iv:fSgbI4CXMeCKWSyVYyYT+3Af+OdhZ0wsFwNpZf3CA6s=,tag:tGe+xWyBH2VJr3yc3Vh0qw==,type:str]
+secret__idinvite_client_secret: ENC[AES256_GCM,data:ImweU1aPI0G9Lf5+TXvVmZwGhoigSJoHMLCuq6MxxP0=,iv:GSGqpMVHq31U+IYtnHnu9RuMt985y2N1PRvrlWFicg4=,tag:NKuqLcb3xPzna6t2VVuIog==,type:str]
+secret__idinvite_admin_password: ENC[AES256_GCM,data:fVb+vCHzPLvsQ44wWxfAwx5vRpoycJxBLA==,iv:Co53uRh5fG4pEVxnC6uWaXRrCLGH2Celg/XC+idiWSY=,tag:AWUn99jtuJCqXww/2dSS8g==,type:str]
+secret__id_no_reply_smtp: ENC[AES256_GCM,data:Sqc/UkQq/2F78G8LP92YrA==,iv:ObEdXhzHp5aDCWq3r7aUBhOEJ1sJ6lYiYC0pmWmwML8=,tag:1rtneYPlKS+uDzFWev6A4g==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:21:10Z"
+ mac: ENC[AES256_GCM,data:EgeLza2JhJZmuNase/63KyoVwR33eFRqxHqSSaJDlr8YHQ0Vx6OTGQJTUGzgdQiC5y/AE24Mesbg1iT1+qufeOwv4V9spW3F0Ci3GOBcKrqBZxnnuHNn6tiRe3R0eeu6PLRcat/HSWY4NFz3RvUposC5YaATP78JXgDuJg/wRoM=,iv:FnxDapA+BUfSMVBrTYb9mcSYz5cZ5Qof/PZo44UTXrA=,tag:2FH63YT8Z54G/o/n8s57yA==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ/+NIlVMdE2ErNYHjxzWeGY51w1d79/fwZYQmTKL5FXEJlT
+ 3HoMDrDH6KzhUf5Q+AOcjfdifhXi4SP1ZESqndkz3Z5tb3udo3U1sjAnLerUyHB7
+ Hs3v4snzOx5s6UzXS+sMgzWvpBBJaFMcLYD6+i6X90SQ71iBP3vXrnUSfRYxeHBt
+ LvY5cBW6S5Z/gOFbkHDnm+DsM5yEqc7rZomD5evqWaj+nD+L0z+kjqtx8E+nRG5h
+ 1zVV6ZgKPNXDpodyC0RHDNQZQNsZHulMQgTns6574CuqW5Dd1pceUjVzkAY3YTyX
+ fpAwkta4TaytArWkGFWLMcpY6ugwIFSD9hIFQYlkwXVBwnVs9JVVvLWNOqzSQijG
+ sW6JhjX6YYuXhTd9HTviCxo6Zy/8D59Mc20YFZZXF+11h2qmAwJ20R1L0F0hYKad
+ ObfqBkI1M2OmMoeECj8sj2J1BWI5f+qEIyQJKMzToKyJZnNBCUY5JTClYxJYK+gZ
+ PkxrVytHAwVfZ+b82sz7+M8dztPbvxDJWL5LFPO04dgiOjtfAW499vDJRuMXKNSm
+ kloByBdZJNhtHVx9r1xshPku9rlT4NptDmHB3ktFobYTzRcgZRGMxuS86ILN09Zv
+ MovjsHRHZM/C4tjDkfrxS5Xsu5uKAwsPpg89UIQ/MRhlydvqAf3WEQLU7FIQNV3S
+ XgFRay4OHiIMxtLSPRo8DorSgOGv/kqm/Y/7MMTaaMucEwj0bzluPi/JS0UHM+C9
+ IMhRnsPtCu6NmLlucyBMaNVd0kEQi77vmIFk7/qmXxyQCGX28IqEKKTLulnWcJs=
+ =mBgI
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAh+BrQJmB3omXdWL+G3nacI6ecm+u6A/R41HOUtqcPk6K
+ 0i8ImmWR9Q4lwZWvYk4yikTkKv3i5DoZGOj5111xLEKOadlsHSEtV8HDtPnzX99t
+ pZwRcRwo1/2mYUczXTx6TqigKE9uWkUUomOkbHt8+r/XHDJjA14l8e/h9GrXqHgt
+ B/Ny5hnesZlgPMYIAwr0Stad4NUwZ+w4LoyWvWgPOx3F4UVlSlZGHwD1VHpBxl7F
+ o7vYllTiwhx4bKSbKJ/IlPhU/i38trX7VK70JifOxTGqrfYw0mdN5s2W+QHoaQ7T
+ 6HTXkEm0g9EGoUxECFdVzes4lf2pMA4ReJe2rRuBZqHYYglS65Exu7MjSSbLkO52
+ Gvmk8SFWXSswKF1hZUfmttBZzn/TUfBtuM1LCeEalNQH5MjqYXLBJqhqH7AFMBZ+
+ E2RtAVQTTAv/YIDLKTM5/Yk6tOGTPXUK5Etg54IETWDaWjLexUcdsIl2F7oISoNH
+ IFcmsfSyxnZnJ7qAnWdmzRinUrtFLzl5Lr/RqVxyYK4ZUaS0QIv7+xEdUR3OBKiY
+ Gm9CvRUNY0bD7IO9u6fwc1lov70z4qww0656k+4Yo9YAZBI5EluoI0AVVSKKlCpJ
+ yhkbgGyz6gC7DAlYJmjCjv6/AqZS0STm4KWlKR5dvWrY7FSJiSpCVEANrv34mdLS
+ XgG+hIT/Iu/QFER71LdizXEBMgZB/E/9UBGLdd5cRBXtp4vYpQIajl2SgUU43pSu
+ c+NYQjbg6FUxY97k+QD9tlzgErW1bhW8jcZVDbYYrBa1I8arXYBArr5EmIIFRBU=
+ =BTO7
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ/+M0gcfxMf9f/pjwh9uMCQZ4DzuuLgMzC80L8V19tX7wic
+ tTXQcRWWhM/4Tpr1eK4UfrSMJuQrT71ezcKk1QFUBxeDkMT/V0+sCkBdwZUiWlne
+ ASdy3VrIEHFeAS3Qnv1/PACIcaj66FnuTcwUed7q5Ru9i/vskTaBwEfF0P+8EdvI
+ UJeuMr2LmpyYwNRgjVWcl7s8OUlT2WfDZUnSEPrigvcKMEaDNdEKt2Xa13slBfxO
+ RIs06bHotCEUwzsYa74xZXW/VJ7jrBwmJ6qB5SnX0/bv4UJuQ5oB7tIiXAYN7nx6
+ pIUlvXJB5g43Are8nUv0wp+Idx+ALikFNMZj5MliQRMsgJSezVGwJhkqL0Gp4+L7
+ /yJ4Lcyz3JrqXhmDOhea6Le1xczQzGyPt4XboBY/Wn3mLMTMzFkLGiq9hqarBwPs
+ Lei7ITY1dsj1mwiUKh/clHO51GBxyo7v0QmMjfODif2GubJb5ip9VrKF3CUZhreg
+ aaO92rJECzRSEpE9SYqGHqi35vGIGy6XJssunXCa5wwiQdxPcPTcmZc3tr3fxsN0
+ WZMW2hMOr6Ms8UrmCBNsKGSQqr68dZglcq/AouegIzcjoJ7LkLojBHMoWyW0ulA/
+ DhX7mJgp8BUR8JzVbpd18XcD3daue9ppD9BgydHJWJYM9uyvRwkiR08rkNdhRCPS
+ XgHCobH/fPa2NXqpVgbdAkzs30Sg45jv4F8RQVToGfVt0IMW1fyqRLPIyNNlhHKy
+ uqZThseG2c8KPclw9RzxmYNGzzx2evksZjOBhxFjffli5wjW87OSXK/3O4Ne6gY=
+ =0foj
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1ARAAk3LNsug4PeNaLy0/Ym12fIYG1+7vp/5pBzVitEXCKAEH
+ 1NtdtfBixigwvRkFIqNpAAWRLNp8pcqVS/Hv8EXoc2PqKm8ChDE0KwUjgZ54hIfV
+ X8SCKKMvWRBIoGRYsHYxHYvZbj2ZmqziP7bK7/paHeZ3r8kyvQtvg/p6slYY4RH1
+ z0NjYqddvL7Vty1tQNaCX7MpXP83JhoVI5UHSnyGWCLze9IMWJt99/8VH6X3WI+h
+ F0xE78ooj7fPo1pZXkJ6bnyk0oelSU22gl18riG3qOpQbET3ru98+8oycTGQKZ7Y
+ Tqd7i97yLTO9RZX0V5dQ7pG5ozSWTPwm71X5rJrJ6LCN+03uvvrOPc6zqzzsRQu6
+ 7oPMGMrZlPSS5FJl8WyjbyrhNj+Q1/t+7E43q3lPQFiskxpEI4jBO9qqGQZ2GMHp
+ Y4Fz2HeOav6SpOtDleS8JPoD225f13PVkUlcTouMG/5bN/coLOK8iPfmFRkbBuGM
+ u2VDW8GenH+HE7o5zWzOoSSjZUO6MjfM6ig+6KXfxGGHfLruW9AG+R3oUpra/CZS
+ LC5xgzEpQiZW4lw8Y84Ok91ZWeFjjFSZXqHLS+6NW9/0y6w0CSS1NyimliSYMjor
+ RZkGW9rzkzA3dkCyy0srH3Q28vLv0eRLgRC/FYolQMN7PoPU2Mnl46aLNTdlyhbS
+ XgF6eXZUZFb+rJjtXDJz3qS9GeJWIHAlwZtzf42MC690TO0+c1YeoT92M27P1CsV
+ LP9HWlEHWsFGyqN0YNvyp8bm/0xGhhjB3VbTx0yRPB2KbvZ6Bt2uZpfFoRB94UU=
+ =EK/K
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAVZpG1ilk17Ksf7kIR7ZVsUc2FuWFd9Q4n2TSO9Ob7Hww
+ tK9/DaPvDZkzncOqvqeMrnoy9gPY5EHo1CoGGEfWx6sBj3SdUS8SyqbHinqnW0Ev
+ 0l4BJ5y4mteeiKEdu/wymJC7x7PtC9ta4Ox+TJbUaq0iuqVANKClEdQ61KnSdTZH
+ JUKN73+qZwgD7sGmHqt9FM2TwyRzLSPhJpr31rqfz7/gWx4rhlcHmw8fShSTt/Nb
+ =YHt8
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+LmQxbBOBTe6VxBTB1sj5Kt0BW+2FACuYfc5k3QQOQzj6
+ dY+/Kyq/tSZwP8lYyAWf+U3dD8fY1miwqCL925DLTYTXtZzka7tpwaricI8emqjE
+ z0rSYikRpf9axxnrqKUKReZtyYc1qCIIgbz/yYm/LavfW/R/mP03fkjemEurLCrp
+ v89Z7IZy2VrOKPXQyG0isRMUcUY0lSwYHtHLOPxHVxFNw0Yq07tvvmvxZvRBGCh7
+ OG0liKNX1Sxn7c/pfi2beXU7ZXTHXoYRCn27JSXA40cDU32iqyzWKFCEDUsnRdSD
+ O+daN/PjsQgfkMMpTPHwVli0Fvj7IM7Q2HAJjpzLvHsLXKvd2ZxfwyOS0Z7KRH/K
+ 9rgn1Ow+JdiW4KPuaVvvWpQ4K3avIYKBRl/GURk0xvfnUQ2TwyX8lxZ5HKP90ymI
+ Bm1XN3Mjo8uaRNt4DDBHKfFfhaA2so4u4xMC3Qf6K3dRPGs10hL9tnm/+E0F62TP
+ 1dHzaIhx3uhl6Q3re4CB0R51g1K5s74Qjj69cBZdQfLVmEIMZGtRLpSCBieTxtQ0
+ C/kWXwPXwRVdBkWeq4Nq99rwaJFiGwZ4mKVoPoxsIPTWrypJzvun2ey0jIpQc4Ei
+ qQcEv9df0mpQ2uiLICIg1q8aIC/j1UxrcAUsyyPiGcXB+knr+/7YYrBlVTOxM93S
+ XgHBxdmaKfMkzFDHvPQXTg16FhcCkQ91d67h+3czOghbpaeB9y8kK3LxBfUbz9D0
+ pTtNlzzSvp9JKP2XAFTSdYnR9WPU1huxVLAPXuauhOjYashbPh2HYi1agOH7w4Y=
+ =KguU
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoARAAgQwiIq79yFvDp4fKKizLml7Zk2OcxZIjheUk0Mbc+NjZ
+ ikoJAZc9Sk0LjOF+m2N8v5rPC0TiwMoH2KTQV5GD3UIakFj6mjhj2Ap+l8HuusZ5
+ oQz57/2JMzBnSwOWAkRVOgOaob7hveq7FC32fQVZuMoQksBFpWOAT2UlGZNAy/TF
+ q6GTFl0XDrqno01TYxSUF1GchXuaqDJoMAxR8xwJr1S4fjTe1zDR3BrEofBoeIrL
+ PSP6VcuwBuxDhS57zDJWilh2ssNFi+cEuXQ1rBKn9Ogdsn4xUxs4rVkhDwIKvTZa
+ nPBdvPxIAzdJc9xGr2NOmFHfFIfwWdZOn2WgAfKe9fJgUUpUy4csbhKnrDFx1Drr
+ 1FXDV3kDt3nxWYDvMVUWY6Cb9ofKDPOdhTHDyXbEPygUzwGMeiM4wqql7jAKIzVA
+ ovimFFxyLN+ZbCMpWrc3e2wCtJRkKHV4jL/qh0LQbrgrP/whXwiohI8qGGHkQoL7
+ oe7i9s7cymfVLOMb3axu//V5aFrWDNjfdFBEaPiiPqijYqUMXou/OTYndPjL99Dl
+ au/xYsHaXVC9Fh2ofTAUfUva4Xl4pXLbIcTtKpGG2mO9eXZQ76PGcPhOLsLWbqtt
+ 5DbY/iVi/ZSojB5mTaSGR7m2uttRYYsP21dZ4ctm1hBWiw5YwAsasybVRRsIrXHS
+ XgFta6JdmtH66TJRMXxEspN3FiFgqH/Xwa4TDAn0LKuNY0BGmOvTMGvrBwkCRnX5
+ 8e6/Go2awGo11809rdu9ISrJtcCIXcKSfKpJ0RI0c+gq5tY4pVUkY+PqGUU1TkQ=
+ =cHyN
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ/9H4OlcOu5yxy3pRuLTi3NOOmlzZyscJ/erkZ/2AisNtRJ
+ iseRYUaUis1QUFjUggDXpHrZFoh4u7xeY3GIIKie2lmsXvLQJnvwOlaknImsUat1
+ +RrE4qU95nNcDJwCGbozmZSO0T1SGGKNPUsCN0ud22plIaPfgWyi2Ua7mt2l/ysi
+ w5JXCYZiO/EFDc1z2GA7sXNDqYCyM/LgiHUlutrxaQ7WfyDkIJQrSkHfRPxm8Uh7
+ K2FYFj4uOf/2EF7hpsUcoqtC0AZECOtkn4Qs8bFJkVcowg0RoZn43i4utXenC3l8
+ UMVPLx6YLTrueqf1eAC3n7U+nKoGaEYiZaMcsWLKGlyw2hvWJhLsYY9Mp1peNc64
+ NRD66js+L3DqnR6y2iCOka8ZExPNJRge2lq0r4ShIpSPdqd62/aQvnjNbr2fMInw
+ QJqxmr0ognQ519dmvt2QkstIu6zZueFrHpfuIdd0m3X0ig4XZ5Oi8NMqb2FjeUFY
+ q5DQSiv3UOi1YrXwxYKtalIwBZ9BeVYgh013GkEpaGVtxSOwcYu8pzdUoIphHwlK
+ o+zsUjcVZSKA2wTgOMIxxVzZnfackI7OTB5W2io9IiaFFRAS6RC3UHxwTKjZGQHu
+ WcPc2MQPP9maBBZFGKNNv15m9r+1vitL5uwqhQYvsWEiFstMV0KsIp2ASlNIKU7S
+ XgHyFg+Hht+0GucMjMrTjhbwJm9twIvQ7OEIQb9Tmh9yL6g+iMZ80PoOjlOKFBk8
+ ZSOclmYTDMzX+Em7J/Ft7BOsppxqqUuyRB3oV55snUn9cRvebjn4hMllVDJ6OCE=
+ =Wemz
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/9FkAVj5cGoRGQ8frGlq0O4Pn+Weooy2vla27lUsArfkqp
+ UrIw6C3TGc+nN75atxO37daaQVh+49afu5Qi/tFy5drgeNBMkWU9BmA0gAXCKnTI
+ EhZ3O4rUbQOxSo7H3doMgfKqJrFes65InTh5CwdUDGP6lCcczll1ebPFH5qxygg1
+ StTSP6MwzNBcX5PfNpTJFHSkVVJX/yXitZv1LdzDQ6LQeu0gInWMGqafrSDX3EvZ
+ hamEvBOr7KbuMCNootWp0zkh6uhrgnQY4xGirEulGSUBEfbLf+V/C/cuOFK0jl/b
+ zd4R/8Mqx3AfIdDioiOl65Fh4NelNpPMZ5Z2viS+U4pRJdI5+7nnSiPoGwnPeS77
+ OdHZiHd71VLJSwW7r5R6FmM9dfKg60EUAvyVZXHnt63vCJybGw90WrRM8jdFZYcG
+ 9Zj5U2xywiAN8/DzBUC3EoR7arzp9WtGMCskU8XF4wANClbs0pAOXcVoZ+lXVo1R
+ u2skGnob/hVpwLa6VUWwS3/ph9GO0YTTXnWnsXem+TTx2wg8HA0QZ3hdKiSx60Ab
+ QZElAJUe22GiMexBkleqHX0kF4OjX4h2xclihzlI9sHse9M/5CcqWckODacNomQZ
+ NiJj91eyxkA2TI3PXePWjgMtc3YokMyszviAu+uwuKU//7BEZrQ4IU+httWVzO/S
+ XgFzyY+zfWmCDo2fQLxWeL358VgDkJUPY/J7JoqDRzl9qkfkrhruojqjOly9v6ig
+ AgQCVoNzaQM+u35aPMaWW4Fplo62ox9lhbeXJ0juAFPFbIII+47GGFFhvOMbprA=
+ =KlTG
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdASInfjzYXG8OBDkWdFhrhM9MbPOqnACkmLX/iYH164nww
+ RWN4hXfQD+mQJyVdtvx5oPp1ALrX9/HgWaYEyLCVFGEI4cra3qOuvG7nXDCrZgXn
+ 0l4B2jTrhAeQlelek7YdVvmBxD+pZZzlgjwUccQu/jyqwBOuY3uUEHqkOfaTynwa
+ 68U9XkkVgUe1rRG6oYlHMWcCgpGi34HnO3oyv87rM8UG9a+U5FpErkbGgcFvkjxH
+ =64mQ
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdA4xYlygBA92kiyWrSqky+2gpCEPIRjSwfzwPkK38XRlsw
+ Zjr8hIWzDiGd9uYE6mwdUMY/OuGZhq78ii+vRl/ul8bINDq1XQtG31MAV0sUhMaF
+ 0lgBSAg93UUf2PK2Mme5QXqHBXwkMN1/pjIZ45h+EVedTrW2nX0VzdOy/yrr9Z8+
+ Jr5jQarfxEmvY2TJpUc2FRJHoWOqtYelGqjixRtJ3p4ZkhdPS6pJezfL
+ =sUyW
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//UKGVELZbbBiY1+5xjEUNKbB3EvkeKXfsHrmT91TIE+0H
+ A2tOb4+rz6Sg5gjCRZceUIDGaOsy8rEo5PaF4l7gt/ygB97szPmPlVVWCQYsOFkj
+ E3XxH7nwofDD2y8p5eHdZ1h/txwoU62h8aSNmUVK/He9l+eF30qqhQpSe+L7IqLe
+ lPp9OG4WLLRPZG2xjmC7NxVPYALhA4r1iIdgMXUWBW5FvS3PTEZAdQ+C5OhzyZse
+ 3gehKnvEfJsEOcuCaaOGqEMeZqjmaO7CORZDoYEehaG+qOAw3Zkoa/nHFn5CN45Y
+ kRqxCJSlbjvmvWwdOZ+dLpx4xhvLKjYljswcK7IiS299KbyVNYln3A1pGEx7B/Du
+ YgpHmRNa+HR2KiedfxTrSS9z5SnBFch8s/ilkXJC2I1/T/iML7IIQazG8tqlpoja
+ fY8HQy6TKCKshP2wcjZ8mDZPCbxKRgvqDQ9f76CRgiMixFX1YBqarCX+/zPW3Vn6
+ hahwPkVyVTuRP+atDiFEGm+6OGOdQTNx+kVjKqi0ycerjbfvsawHAzlH5hTMKe6G
+ OA9b8lhJqLpv2Aqejo9JPZj6iSvhm3sPTJfDYocaF1ByHE8W6B4jLvMw8w7t7/kh
+ iBZLhaqNt04A/P6HXbR3cwzfi2FedxNO/MWPbUd1fwkninDA+jJikNMshT8NIoTS
+ XgHLZrq6ojv9A0qLv0U1mc43YEsc5xqJ/Nbelrq7KUODkBadyy8gE6iCqliRVJd8
+ Nux3TMgoXnT9/ycPPXwC0Bj1gnKZLf1lVRXjXelUtbLRiuaZxYB5fRsQVunsk/A=
+ =faMy
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/netbox.sops.yaml b/inventories/chaosknoten/host_vars/netbox.sops.yaml
new file mode 100644
index 0000000..3ae3b55
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/netbox.sops.yaml
@@ -0,0 +1,222 @@
+netbox__db_password: ENC[AES256_GCM,data:4k0wmOe1c5AE298Juw5HMm5dttTKB1WsVxha4MwaIILpyIbJO0CfmzjYflfBTFPPGgVeuYdCobzchzqkP+8eAQ==,iv:25Cj2BLGJK9tMDr42AqV1IzJc5zG2dk1YH5vC0b1T3M=,tag:knyB+nALZwME8y7CAQ4BCg==,type:str]
+secret__netbox_secret_key: ENC[AES256_GCM,data:zPzoFK5Sx7gJ31/Apwex9ffFU/GY+HxIfwrItCW68MM4kVvS33e+LY4cI0vbPYEUF10=,iv:SjpKxyxSAVo+p9vvE/YAQFCzAEudcZ1lwnJ6scxeQD4=,tag:oA+lBep610IfelGwdTohvw==,type:str]
+secret__netbox_social_auth_keycloak_secret: ENC[AES256_GCM,data:HP753hmQ7ssbYSQRH0zcRC0vRN5bKptvMXo9jjzcuk4=,iv:GQUoojXLAJxqdB92kKLhavDaka0Rkkg2uocBLshdvTk=,tag:LVnL/JHMsAd5UmmpnUv7og==,type:str]
+sops:
+ lastmodified: "2025-05-04T13:54:30Z"
+ mac: ENC[AES256_GCM,data:/+JlBnsQuJrx3+CXlH/0dtst8PdBw7cTnUpBavcQRXFjd5PsZ54kUCosFu7Y2ngL9xh6WOWKSJCKpHFb8TCrBhslJz+8SQiH97py9m59diMwG5m/RF3I3YHBIoonSZvl8ocDTbz5myycS41fad3CMs5XtGt/vEcceSFhgqjZs9A=,iv:yL8aRIn22zmTIQ53/e71t6o2z7q1fyvmgqvpz4va39M=,tag:DH1oCBbdOgK2NdanzMSn9w==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtARAAgv0wpzF+jFkc/5dlF9m33aXqRacTsTJutFkSv+NcCHwL
+ nbOjXr817ujXarA+NNFeu58FQEW9+fxA1T1O2azbgtOz0xXdlDfkSkS8kCm4B335
+ cAu8B8UwDwMOpiRgmHrsnFmvDct1sOZ/tgnd6AB1bgSyKijNGtdIfAimbOM0pEo4
+ pNWkwh6WdsbjpSFohfuh5c3yc2unCKLV42QDyPbGYmE/MP88DW/bgBNmhept1vGM
+ k72Ih1lCaRcqZLEDaL042ttSqk3MCK8tbAzq5682MAyIJGq0H+OU4uysPgsxy7GS
+ OGDmyDHOD557msVZ+ftHpQKDsHMdN//DDo66uUR4VCS2IqILVAo4mFAbmbzF+yZ0
+ Bt79T2Cgd+c2GdhiZ7pADtuVmLGE24mw5FXxCQxb/fbouXidH+2neVIjPCqzJE7b
+ yJoaYMIo3gWIdIM7fhlFnWrh4KGMh8z/eaVW3oG2uPCtO5OBpts1VCmvcmBBE4JT
+ kTz/1w/v3kz0rwze9JTKXHyg2wK1chn5V20T+5SwP6MAL25zxZa/tlPHEIH3lte/
+ x0LHEU/5WXcQLYpYxNF7yy0mrwRlMs0SLRxC2l1Txk/O7xFffnFL0I5vBluxLU3y
+ FMB5EtIUamapM3FuOC+hzf9rCE4I+fQJ/8aBQD2hjzOQNamg7CTXTNWldbzKL/DS
+ XAHo8+Rd9b1dvjzZfxfRp/bF5Av2bfTO65lb9G6YiBHLD7+AFbo2Pn7NWh9X6J7I
+ qpYAK9Wfs0sFNm/UIhmSkFJIXmlhMbrsp14ebfH305OSoe+dvkHfLD50frdG
+ =3PUx
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAkHsW/Uz7zqX2bvbgP1SlNiQGJ979f/wAHA0q154N22r9
+ 02H3RB9zlyLQhEYlBKC8X1O7N8l4ZTod5GNGeWeqiEUacTve084u+rkrLz9HaNxt
+ Tfdpq0fqGofEvThOUB9I2B7yWahg1g+D5xee1PLhB03dhMwlWgfj2hD2+7oshlTi
+ USJsY7mR4GImWYVqcm9/nANpoQzEYJ24K0h6dw8NBDvgLPQAB8h6Td7DjXJw8NX4
+ 21gfToS8E62gUV+K66MYwCZWuc/FxS2DZz4pewm2R52ReP7yl/nmpqlYb0iCfiTC
+ RmxhFbV6+E73sPzKjK8BJDMB6k4uPHFu5Hkh86o3XjwkpAaX84EzjVKi3VIGTLG3
+ biyeWwh6efCjUhXptaGTIFZscdGiEDJGtTn0Z0J8iDXotb6pZms2Cde+oXpg2CBX
+ i6uiKiz/KtBaRNYbrb8rcDQ3IHcO8WWSvAp6dYrbOmY/bYu6q2dc4hhTVs4JFVzr
+ 5I8m5jRQdzyhaoB88S23VKS1jaOUwYhN1THKPAmcR840kAA217Jq/GwUoBx/G1t5
+ DJQmStvo5f+nYBB6N/PVNzUWLU6gblFYiYnDIFy8hFHYmkmmWjU5J6qfITyzTULa
+ f079U9SJiqdE/t5UELAPbvIz/Hl0nGemJfit3XhZV3IelaFCxSJUR4DmE+rXTV3S
+ XAE1zXyTvV6b9bYkjY6UvUMETH3NbR3yYjn2CMnnHiPykF6rK7jXQ7Z6AP+drna+
+ q9B0cmmMmGx1LcwO60wBOdbDyWsw/6aCt7SaMwX7CXw8kzQ7ZNRQDPrXtLPM
+ =3SiJ
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAAyfykThjQAYOrOMy+nHwMHNXhmQRhHwtLIb+WEekWkRP+
+ +t88NlZ0fgtQtKVZbme8V2a0TCFXK7DFmC/6ZYtawfSR6LsJCsybQ5iEXEiLnaMd
+ mddYwQocrHC8/P+MPPvG4Wu7WzPc1yl95k/GR/M/o/Jef5nsmlfsO4fEJbB1tVTc
+ rGjFZidiFIsJ12Nt0DavJi5iV+wXcrFkAEdDWSCbmp+93IVK2kEeSnSEJ2I0JOHz
+ 8EuroP9wGFSaq2pcVhEHs8LBm8fjUizMZGOVTjZPVWLH9Jc55Qwm+APKBMHkoAEW
+ KaX63+uj/IgqDKTo556JyYhK4ZzexPwduelsWfOYOY+r2coW0bV5haFEq4pvHMJH
+ 7A6m10lM2XcUzEC1j9r0BxPJuLtS5sYhub9gWsgxHsCbgArKcvkEfpC3ZRJyOmvo
+ 1EbB1Stvh4vr++ASmHlLl314qpLSt1YEYtBhGKg5XUPnGM86fOYOtH+pX9fOM5dk
+ xC4CXKLRmOfRcR+rllGoliyUrrXMTugf5r/UEeYOrSsKd40JsVPVC123Uoo8Y2j9
+ FO7xGVQ3WBy4rDrqjRXoV1nakdKOvGD8iS0hSGs8yk569YtKA34RLAcwpji3U+sm
+ wIE4X/Z6Vyrsht/PvsbIcptexG2rxq7dze7eZd1T5C/pdcwh+rQG0ujJ/GB7klnS
+ XAHpuT2TgiN3oGIKMZh2cqfJ/rEBd61pvWMJQYW6ve2JhxSNL/Zo25GxsDoCzoqO
+ ruhYleZuFEYyuVIJQ1ePwt6AeQ4yy2PaNmZAJgW5scbSn0LKMoX3T8oRtgxN
+ =tPWV
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/+IFSE4p67ld1nl5V8FYCHwDoZBAFKBz89KNv6nMmKZiVE
+ sa41YCWky0d8Tv3QXiYyL0jZuyQpN3DSXNrtQLHbjHya/mvHT16Oi51/A5ZvW8Sk
+ dABW7DHokET8cmtUpnhpx2hKGG2SbbkkGmZCBKOveVn5wq5VUPDqJjOF0P4wZWh6
+ IkEQFfequPcCsM8MAtM3ocC5Lkkjwb91p0e0A35gE92kms7iPE7ecX2DJIiaATIs
+ ABRmcgwOJeuYV7nhvpFbq5FSBUXvjuVN9IGfIG3Dl+IcCYg5xF2eJWnK/sOiqNmc
+ uFoPkaoueTYEZkgwg9ItAvHN853WPzt7ppsduEvd3kwnsCrtj+veylr1upTjxQJK
+ Rx2+a70NJz9+eaVm4hLMBDl9Ov6cEril+vZU/N0x3tSQ/vZgAJ+ofK803k6717Mn
+ TkSLjLkP6BNoKI7DLMLfxiCy0IssDsiX1po2wPSn2sDa+4rYt8U9dhfI8wYzUF5Z
+ T8IGE7ZdVvGR0FfxbPdFgxeNJSPv7atIWemnqEAMQ5fVFQ3JsBS8xHoqoLcLJHh0
+ Q8A+HPU3oSiU2ZjGlAM9yKWdUjz/DWeo0HodqaNBonJqCaxids0P0oHSGbTB6xY2
+ pYYXnD9knobCUr/etjv1eMvU3lIi8bz8Xmdn4KKmWr2SQKmxUU+9Mf1BWWq45PjS
+ XAFK4pHgiE3+YLK4ygIrjBFls6g3BPQA6rUZAiFzsr2D0g16rejdhosacoJcKcGd
+ rpYHLCfu1CfgSlz3Qx3Ass5TD+xwHdsfT9SPpRQZSoxxpcxmDUcYpqdwGeO7
+ =Fnjp
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAHaWsbzMdKQlM4f16MMkD06MaR9hPsvalNE1/K4d8Mygw
+ j5vWYfwadl8XuI/GRoyZG8hnddb0Vg545yVcHk/+0+W/SfWFzwhhvDUX8H6Qr8n8
+ 0lwB89rZt3ztUxEN+C/0UAlhFZVb1OWZ+xpDC2u53j3f/zxAtCUKjJA/cqlL9sLG
+ u037d6B3Wn0XZsmC+jK67BFZiMWs4ZD5oM03rXMLqTVMuDzjV0LO5rUFDgiq6Q==
+ =CzYe
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+PmNa3+9KdW8QK3Qp0xFsA5JCwFJ+ePnZqSy++0o39Cxf
+ htNykQUd1aNmHjlBTmfomzoGe4L8mIRULbVRDB39d8bqHI2EIUibFK2MPQrSvF9x
+ WLk3BLCKjBf0jja6y9DsgNHMIKOVKJKZ8+MSNiEwPr5yy3t+wRXIE7bTfRCSj2vO
+ mQ8MtN6XHH1klcg2MzQ2VBgt0/TgKNYRnF18d0bTzNTPg0XMosd9vT3HIdYNVtRG
+ Bs88WxoLQX4ki9B00R1diWneW3TNkD+SG+3QdbQYbkwfKVE7+/ZY1zbmAf9bUfM1
+ FAyUeUH2ZfiqDnGTTSQEyLjWXsPx8OmaeWHdvY+Nay1tQxfyvdFldjmkhnhUYhot
+ epu4o0vih7y8dPAPvD2v3eflXo4I0R8kANKDkVZmB/ugayeR27Uv6+Rb6XQ27aKc
+ qrYMEzWsNJ14Cz/mM2eqyPBaI5mxhttxlFuPRho+wz1XISqsmJz14VojT18dtY5q
+ 3gv2dvzap9+xbs2+d8VnNvjWzocJYXy18ZLoZomNIuuKl6s0OdNEQxiC1/riWMIO
+ QjkbPt3037rtM5ZczhzgFLm1r45/nFx+T7nm42fEVLYnEP4Ln8bgvsasKHOoAocs
+ QWxUFMQ1VAyMs/IftTnxMZQe6eJmqHthH+3q/wYhIqsPy3r8gnkuqjqwoCb/XTrS
+ XAEQB91o4HxiecHP6Ks7QGI3+Z1CbEF3GWBrhCVtI0j+s+r0qsSa+6zeyaSK2Z2f
+ uRQijSuYw09UTsQHY3dsxZm1KNebkXXzVqrY1Wt9Qtf2Yr2seZiCPygvPVLB
+ =aDv7
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//bEgJM9+WRz3K5KwV9I7fpiAb+BoXfNWh/mnwUGLv8FRP
+ aq72bbw1vXqBhI4jkna42eJVUm2AThL/q0QOJvGKDtud0MjJyS1tZj44kfwwC90E
+ QrybaasPvZ0WOLmSQO9DW8oyoqDqM8ue8smN9HJTOfHl15QV1oXWYjH0j2l1D/AC
+ 2iqLW7KOzo+zFr3s7HxXnCgv9/BwqmafW742aKM8amRb885b4CAzFKvhrYlvQ43T
+ Tntgp63veu+IIW1YiqrdLld+hJpPaVHHDuCRANuQ3r8hQlzjOMC0ZeAW0uXnRuIc
+ 3fOk+uQxV/POIauSQskUXSHztD8CacVjUyySi0+ZFTtJo39ulykalVy01UCNuWVE
+ O1cJW6I5ItpBsUqb6KZyMVVgQa5Iv4JkrTEaOsPXC/O8wb+JxiAz06rb8j0rn+Yx
+ z623wZNi+QwvFPc1c62DXFZN9sxFY1xcildSpjh/h491FAUE+QKYEPIMf7ChyqRw
+ uVc9A1f+tJFI9M+gzWYI0A0+Wbl5V4wMdJKzzSyZJAK4+AyJjfpwHRU33vvOk/MO
+ Cz5VdrCs0WQ/x34KauuM//AranbqjG7QLGVZT0pkknSyG57NF+T9KI8aZ/i3E1La
+ 9LEnMf50WLf0kBX7OrGryFs4RrFNWsTfSt37X1EZCmWubGTiINc96JsMQIa00bjS
+ XAEOFQq9PM2w/X8RyLnaE0s4m0gau9baCQxonUwq37S+XbjKreupgY1SldcyVMsU
+ RUWiwJwVMNI3UGdQ4LBoJYstTEhH2HLQFZecw0dlZfrLtGgWJAPYvRWAx8uw
+ =iOrq
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqARAAjJP/zQeLJ1qXKrz4ck4x+8z1TJx91XQU1aXLWLZjLcAw
+ 4v2G4ikG75WLfJcHaHNS56bhYKhPt4/xzmse16O8xuztz8xLVKsYuChna1J96IiU
+ pk0GbfWK5N/BVgPlntFE29gwXc2XhBSucHVwe9XseuIAlu99+OSf18TVXC41tKmQ
+ ZuvxgLMy5gLlt8fLLmsrgU7JM6QQXD/zfdziI9acrDw4CYKgE0Yt16+/JGCO4LI+
+ 2yeoV/GvFTS431lsVmTxhC59DVNCVXW36o6EKQxXjcLFhuzNxCSI+hUZYJr476XS
+ wgdHQWoKrTL8B6l4nJ4/2zR6ltFM3JZi62aNW88DvW/SmJsHXt1b1tATie4kVpLo
+ S1ns85v0A4NmXmDyxiORVbGT087AvdtoJw3TbLNNYiWdE1FakNW9KVcjVeqly9XA
+ Kjr72wdyRE1vyjsuDtUnM9Apuo9V2PWtfqrsNqYxgK9WJPFEzVlvhD1CkXXXsdfh
+ ncVIywwU0CYG9xOAR7DTO/pPKa+faZStU3bRlE89D+9+iUkLXqJnjx4ZPUeIMg4v
+ oByjEAX0jOqJLsUR10tSmJ7hrmdWoKSJTVEdx6pc45jyt6CZD5EOl7qMlteCVZAg
+ gkkZ71uQLde5CRFrEPIJ3UdF8xDvnjJ8HgoaLCv9AewMlWiMNrGWV31rFqp7CRnS
+ XAGsOtTt6y6VT5C1rKamG4IKK998ycirXQPlwC1svxP44sRS/LE9OI820jEiGUxT
+ SYeFvLISOje6f8Qf34hP9X5MmyxQd0lqMiOt8lkGj2GDqFzKsrKeu1cpylby
+ =Fivv
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//WS8zjYnuGKpQ63BdGAEU55mAlGu8etvOLlj3JGL/EAjX
+ CKadwY1gIPjN/AZzDN8twadasFE/o02Cz1hLAPQIS4IYgh2L5pZZVm6D/5v0rQgJ
+ Da74NBoFKXLD7D7P/+abLTFSrTG7u3rRL8AAOsXHiMpyxn1AgvNPS/lHrdTWi/7Y
+ RfvjaMqjynZs6tsOZrQjUjz1mdwZ0Pl0g4soJ/4KBN5riz+U5wubKb8g1qxEaWZ+
+ CiyGcF6rHfL1/7rugg+Z7QhRlW09wAqkQzpeB9h3rIqczqsPZVuw2gtBhSnjAGa2
+ i2q8HWFwegJYMemSxtqyO4kdtMp8J/KOXQ235ge96kMfid0muFeqD4QehSqaSta4
+ gJsPiQslhlRyBUraTAzWo+1Pgx6oBpU2Z4GD3xAsKyQ6m+wVg+7OsZJYXuMt3Y6n
+ DkMfbjJOvGUlN1XiZM5GT3YqRFFXpmn1NZ4RMBHv61vDuq6z9EWm/+6i/tR/ugxM
+ Y+qiBYohMEIwdEpzlVZVQElCt9atKPk4YLnpele/midAKVwtBnQ+IpNEjKEtXSYe
+ QYDRVu+OkYSiMxvnJ1ZmL4lKJVHhHtQ6Pi4xkK0eTPUaWvCI6T+t4Dj9r/OJTbLW
+ APOXEQ54CnDmGqG83op1wdMuwmw8edEBowogILlUyaP8mB3cK9KJt7B/31ntlc3S
+ XAFQHLwHWB3PjCYiegJYQUbXIAfL/cdTwwBfmX8uMDerJ81IQSzu5hVDhIL9pE7l
+ UVWxGbGzfUdTE2U45M082DrjTmBkV3RdE0Y3JaBqPJ0oVQh6p1aM4d2aqyhk
+ =nWD2
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAr+L6oXEIIepvoeDrCt4z9snnaxL/Pmp6dpCAkxaXXmIw
+ 5J6eEv5G83So6+XXJXvOaoneKu5qevc0fSbEBAhJfKBUYk/ygb5seBcGycBWQhDL
+ 0lwB+3jIywPou71D15VbcMJQuWshrGPkpEf8/7aaL3kiZAQbxtuajECD6/0zk9E5
+ /owG/AWfR/W8bHJ2S/CFHb+m+aLHWI0emOg/OMGKjLG4JrarB3tbdsPcdH+8jQ==
+ =K0rr
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAkzDgkAALby9UfWjtDDCJEgMH/tcIAHWeRqOx7CyojjMw
+ 0XdXIl6Q6x82GOnYKtJuFkvpGc+fSoREGiAVCOzaXi9J3vKUV410nSQEpyXuiC4c
+ 0lYBDC0rwF3mDKX7Pd7LZCH5ImaJiUB26Q6M2k6bfVhSyTygADlqcrvev6buc7sC
+ 1cfZdBGkTLJeqADe5p3+wJvHiUvK/VhlwV+hXt8PBkywDpSyLgaGWg==
+ =x/XZ
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAAuQj5yvmmxjrUXFquA58u8LqIIn9lS8fW04vvO7s66Kt3
+ RhwiM1K+uTpPD0IeYO4t7xUpfQwxLKGybVBvOnjisWyTWZYWRPvpqpR8mrt/od0R
+ 3GcB/hval/O2HtL/CwtOwMu4RcfNKVMozLpZjWYZ5N61UgHgnSPxqAbizh2MDPJ9
+ UCM3PesL54kwBDxGUgoCOD+EnIlUOIFFrys6GLWHLqQhNsNgOeXtYQAiFhMuCzqC
+ PVeKqOJrRD5q/mgRnOnMhXC6E5xgOOHB1war4rDaEF6rx0YujgiMt/c4NTqFPM36
+ aMF1Kw/XawEQthhXdCcxYtQefcAs1lFhAhAo93tGcqnwQc6MrfIgKJV8pdE8FBAk
+ xGhzQlwjQsilJ/YoXvNDm6Iy0UH1WVVcVRSKE+ogC9dw1JyG3tu4kfp7GioQvhkD
+ tGEg/9hNMcWXa7Gbyr3kCpmTHuaJGaC8R4dy0rzL/SXDMfWm3zbFZVZoZieOuzeX
+ gl1F6bUnc4gUnlOa2XPYYrIVWfQMdAJYbj6ywvl0lMLxeOtStcYVD1EdRhiGEWrJ
+ 9YoEjDAMg99WHfEvNSe+90CnBPY/UNig97lcdGZzmKAYIMh5OutJsS5t+Lx318Yn
+ C8dDvk7QbDyG0lgaZHAAeY1SPbVW4eUdRxZIOrGPsiRUpzYxlExLVdy8vtXfFHnS
+ XAEc6y4UA3fhOYN7i6MZNVye186v9gZZyGjeZX1nLJN130A1TwMOg/tIeuFBmxpO
+ 0C4SX0xckcZQuWCR51Xjeu4hDCeMVQJuMJaypjhVoyQPiw4yaWWbELuSC5/F
+ =ERpn
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml
index 2304112..4726885 100644
--- a/inventories/chaosknoten/host_vars/netbox.yaml
+++ b/inventories/chaosknoten/host_vars/netbox.yaml
@@ -1,5 +1,4 @@
netbox__version: "v4.1.7"
-netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}"
netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}"
netbox__custom_pipeline_oidc_group_and_role_mapping: true
diff --git a/inventories/chaosknoten/host_vars/ntfy.sops.yaml b/inventories/chaosknoten/host_vars/ntfy.sops.yaml
new file mode 100644
index 0000000..a839591
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/ntfy.sops.yaml
@@ -0,0 +1,227 @@
+secret__loki_chaos: ENC[AES256_GCM,data:LWFTOyER+m021ogmXYBrcr/2fUe3XuZhs5ho0KbM,iv:808LWnSUAPeclhsIgOyR6SutTvJGOu7mrGaVayo7v8M=,tag:f2WCPyUESfMiGDQ4Km5Dyw==,type:str]
+secret__metrics_chaos: ENC[AES256_GCM,data:lAepzCI4pwkF8KiGYzGnC4dPASdHDn+LfbJTFSvt,iv:EUW+CGeYUqhY4G1kb2bbU16j9iLwABHfRCdn2vac5gY=,tag:IcyscB9lZuZgC04XTxDb5w==,type:str]
+secret__ntfy_web_push_private_key: ENC[AES256_GCM,data:YqNEYa1Ln3NFpNoIuBUN1V/WRzod5HAtYueBJYHOwyM59cCaYhQR1S9aQg==,iv:t8bEs5ZAEe6pqbbOb0mpJdfgruX1P9Jd+sbNurGqkng=,tag:Cdy5HKkvb55V6AeRt+MVHg==,type:str]
+ntfy:
+ user:
+ admin: ENC[AES256_GCM,data:kwGLrQXBiqKRoHkStGzYiC0fbcGgQHdZrrk9NyZtcZcI4nrKTGx1sxrHOMI=,iv:ACrBFMOP6rkfshOgB+a32TFWH1OKhQaoHcYgwHx+tao=,tag:2QTWmH/vAzIWAjaOHOkrXg==,type:str]
+ uwrite: ENC[AES256_GCM,data:Jijz+zCPpzSaIEo0xhicKlMhWSewJNJ9GXJGYuohq1E=,iv:gnjEX3N0txcBIkJm5bOs4JfKVsdi5URgoMAmquCMqKQ=,tag:Fip0hA52NeaMODb9XxjInQ==,type:str]
+ uread: ENC[AES256_GCM,data:ZODLyYx15c/rPzKexoLURwA=,iv:WqUrXexY/RBAseUwiLPBVYpA5zqJeYBW8mmcvPvjtyI=,tag:SjB4OaTgIaVKHDe4JjDN3Q==,type:str]
+sops:
+ lastmodified: "2025-06-12T17:19:27Z"
+ mac: ENC[AES256_GCM,data:mlJuYT16bx9nEFw9IRm/Tf1y0HF1aVzx8BXhf0VKWkrBQCyzx/qbjIBXIXl22wzMrz/KCZ/diNRx0Wdq2J2u3n92NQtziiDZKwK+t/zz68+cCZAgktmO0vYc+BJ5GoJPuSmeMwHkaJqt3zYGQNzOJAYK9DPrK2AIbo+O21FgtvM=,iv:c5AmWi89ZLR00LqG+bKnbW3WfmIYsyz0X9A5r91Rar0=,tag:x3vf2WTu7naRdwQbKfrJCA==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtARAAqRsY2gr7q2ZVfuiu20XpFK4czrXPpp65Bpe+6GWfxl7G
+ hlS7o8Hb6+l7LGyjpz6Av8aA9OALiL+9TdDHUSzrIuZayC+Z6SQ8e/zcQ7TOkDxR
+ QO3lGIG9coQwDQmHNHt2VytBZYz0lffKSc1PCAzj40n7GKM+ZGCoTyhwwA3tRDXC
+ SOGz6Jq/tH38O4fb5+rFLf3jIT/b06zCP/Zz8Bo68emYhmV/f2fXqay707HtMQQg
+ gb1xhyFMzyJzQBrUogruDhXKqVVq4eih5RAEzvXjDpGaFQ69eZTkj04WfGASjoi7
+ OaxpwfdpnVzmoaUo8/R5fLfPa1iSZK4FSwzZpzOpfvodRutpB3QhOdnWtiywR7Rj
+ FPrKWr+l7yX+MBWpvuaV9qKJcwPxhn+4pGr59V61k78yAs60L1ca05Ua9/l8PO11
+ qgCMeVhHX7IXm6RGOTO2i1dz61G9fYI3oMJ4USshDVdsFPV/OV5dBX5Zkcz+i/rH
+ 2XT3eOerAtLFiHYmSnsGMEESallPDAF1rgg0HOFE1FnSw64not/eaTCGdhCy7UHX
+ 5k89BQ4PArs914XSvdA5b1ydel3dU/LWWT/pra52IcAusRqLMZfiHXF/KuUH7ua/
+ XfZ8ljcJ65FpVqAvs6xQeBGVZQoS+WyePcv1/BJkWl4QOtXCiDAMJrKVfxAM8w3S
+ XAFUtaSpYoHGooRWU51pvimpFLGvlbc/A+NRAsKkdkgMc3g/eGQkE9uLhTw8gP6c
+ vSS5yv1k1DkCE3Sff+nrD5+4o7tBFjRP4XWWLdAxRwviOUIpQdIMqUzC8YvH
+ =yE5T
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAifILi6nUR11lUf0Dyv3V26tIKqh0T7T61rcivJAzHxAu
+ TphvUwzGx7qxZRtu/B64pyFFMk3D9kd9yEN+7MXasyS0Fz9GIRY4W5OTo0xHnthU
+ vjRo6htVg6Xc4+DYlT8Et/eXqYt37dGGMu9JbV9lYDwgUTQph46vqTn8OoOSqWcQ
+ gSiw1QjsjXoMuKjUZ7ut+gik/qVG96OZk+MFuez8V7xcClVUYM4RHHD8JTP/pip5
+ 7DzZARVacxrybu67FwEtkkhLjkzOwm6gUE1GAfGOOjianIepojyOv/503BfbErqF
+ vjEFncQI/3eSDIAQvUcGOCmKwm7arOdWZYvxSQSUz2tDBS9GeK9I/PRsRRkj3mg7
+ /ZComfo/DVdp0/LzFYVNYGhKUR+n1XLzumjYzRsNb3CAD8uo4N0OfzN5XUw6OQlo
+ G7MRGZJZDJHQAiMrMaT1JRM/9c8TmNh3Q4hPD7xWB0swASnFWfSAnJXJnrPdzNaY
+ D1ycyO4eCM6xQEOuTqubW7rVFr9qgdspZMzAMAit/1cX3fqZyQj8m7L0260hdxAJ
+ f7WmR2KpcJ6J+FAdYD3HzrRbNXXOGGYzlEeq/6Gd6OYyc929m+gNUjskKWvNv90u
+ f69u5aBWyk2OU9iToxqPOfAi3cpSWY3EuoyO77sya8tRKfzjlfYs9PsKHlXXj8zS
+ XAH20hg9ndSWiyXLSzuiBoocf4veHrCOkAnS3m9U0heJ28i5RrBj/ILZ1RWqHY97
+ 1urwfro8fB9ZzEQB6UmqucSRqCghR1wPVk5/9U0BhIeULHOk/WymAUoksKav
+ =0xuz
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAA0fyCiD5hpm2Mq8Mgal8yElGmiKl4H607Ik0tHSSGJ2sj
+ NSlYv6xSxGHp5y2RrXGBjDkDE93lg0JRyjB8CA+XRq2UxpvBpvIWJQ5TqQFj86fO
+ Ni1u726BfcSEh8BV6LiOWjdQFOGu1UVwuy/R7WV660PNwj/Cb7EMWsHhJ4/t35Ec
+ EpOjBeL28+daezH5b6JwMHGZCkXLXMu6NUOx5Kd2RBEpqwB5uDBOKqFKlR5Joeel
+ pExbPsREZkilQRcYiqg7q8xy6jMqUMAEdUHNnUtY/Y4K4M4dWL6spqFcTc2BTqAO
+ NKPjLuizHRcu9byrMjoLPZfusNY4SFPBa4xLZha9/ypsuIUm1/47H0mp5k3fYiX0
+ uAbUT72h4q/9MHlX+fd/C46TIE4r3liJI4l81e6KJlPdlMOt66lNL67mWhi7tKBT
+ qKCVjJdn2OitZAbwSAQ215h8LazWzd1hASU3h4TVnlpOrRWcVwFxvS9uhe+7HUIV
+ DMG9Xw8iU5xUHKp9zvGvgGDX/W6eLBFGJxWcLHYEaiVcZ0KNg50PfQbhV6LHBT1t
+ 4oL/4r+gER+M/uHVbKoKqxOk8qzgimdGkSxlZfTFpYen+zjj2v5zW0FAbfz/n4KD
+ WcZf60j47rzNEx/NwYSsaP01+G+KgPGe/xYyTFKxGrYyxQRUkyLQQQB1H+OBGBzS
+ XAGVnhZOzAjWv0OCNAcYp0ZudqopN+PAgK4+xO2FmyOHO9YNmFPBtiH6Q0K1UIr1
+ prbxePJIAAP8AmaoHJWXgVLTwMrGFohYqQtXfT3D9fIbIVx3KRM6SekM/30o
+ =ypL4
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/+LtvkdJgZEVahtwfnYUbg+K+oleFw7V9nVeZOtpmqABTi
+ LsroF2PsatpKxusPDSoqQqj6fvKliCPcm/5UpEExqotKqi0YORhdHrFm9plju8uB
+ 1KiUmhnK/XiIZWp+HltZO9emelCmoU1NNjzs4Ayn1zK0SkY2ADYKI91mjmtLnu+Q
+ ca5QygiZ/RKAfSkyjCRyR2nhtNov8U3Ii0Erm0pkPh/XXrqBzjcuJKEGHp0Qj0Fj
+ MxCRxCCnuRaAbgQNQPCwGf+r9KNfvUIhZAWC4zFj1rd7XVxOUiPqVEUBviZvsC6t
+ rQtn3k7WEf/xlKmBS07PyJ04zplYv4AX1qkJU2qZcAR73vKtDnVFX51RYZrPyUhC
+ sQX/ZxANG54bmAco4k6/8+c+qbf3+0gyWuAPb/SGanaG0zR/ah0EUqXdlAF6pvJs
+ sV6uiamgK/qfMMz5OlPcHcqSL4iiZ7C1fIUkqRm6M+dY/TaELSgqLOPYescv9zvF
+ cWqxDcQ62UKTy6+khSVH9HXPmZ9x9uPZpyXNpwUKDYZIzAU3vRN1K1Pyt6ppYrur
+ HkNxJvXSxBXZFIOLCuZF3PnlxQQUTi24a9/Y9Fng401fUfQxWZTadKVV7iusBx8p
+ pC6KsWvVsL8W7aeFQSBXHNIsXGSMf+jdZXBAihtcg2cs7qXkhXlnjr8Tlovlg27S
+ XAHhM1w4Awy5+YxNIorJZDa+Ia4jczlgL1FO40ktLhQC1hz3huFGU/YK6Nla1Mk2
+ bQYZZYBjfuKcRqmIFFC6T6VAdA2wbvc6+lQAcLo5yBxz7o+KOcgQtTZ9X7as
+ =d42u
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAHtMliHz0MplHDFWRgKJFtfN96CpI+DOnUZ5j/QbY4H8w
+ g8NzKK7NUd5UAmPKHpO/yFiVUYltXkgJqIrd0QAZ5jBVHSKLmhdxsqWIRnUSTRqY
+ 0lwByOPxnHWqi9I0kpwAHcvCqohuIw0k3cihZiGjFGclNtUU24uc4uT9GyX3qxGu
+ jDhRd0qke+wM+NzJ2f5fVLYjCC7bTBV9q46unsnuvAidU0KXm6S35YlpTgcZ9g==
+ =lPzg
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+OEcxoM4a+dGsTuBV8GZF6Ddy+NXf47SnZ4QLdliYaYGd
+ fPpyxM0wpyO/BtDE0uFyPpBPLKKCgzh7zlQDnR1zfYzlCr/Y+IB5BLRD19+Abkwg
+ TFFrpFp3l40I7jRXNfGFge7t22gz5owdSzZfI0Pz5mXuFfX2zAwtc0sV0A0paIMp
+ fcmLwASp5Bvhgr2DoCah95DkDEwHlS+UwHZoWe+cOrwaBaV8iqomjxYEywivG+Ie
+ VV+1xUhMIDdWrdmh+Nt39eOMra5X7M7eQhMmWe++uW4UyQgZo2+Jm3s12GMyc8oe
+ mcDqhgdZ/5jBQEhteBB3wZaySfxozI1aYh4GhscIGhMJ2PMTtEBrR1CuGey8RMzo
+ 9jA6XrGnQP+X4c9b4GBii3rvrRRRS3Y6CI0HOrk6MkWr9S0SW9ypQKgEDQB3O7xX
+ +N19w7jezyGWWG/G4eLnbSlxeX3ZnvDFAQcQJCqu4vEi5Ux0dTpoT69D9/St083z
+ Q1BJduBumC49fAnXvdFxgzvcYfjb56SWFByMcYNaEn/ut+WRkFZ2H5vP+HO8+hmu
+ qPEIjmh9KhTWgOLL1wYTCsfkD+ZMTAc5FRqPzleL/je+Jc/TVKT1s1UtDf8d7GWs
+ cY2C3bTLR3qlrFmAhANzjl3k9qh5kYYGOF0qkdK60Jeg+/1sqwajQRduRZIo5nXS
+ XAE9Q4biOlM0fmwOBvw8vuIax6HmOxakP7C7RalIXqGZHF6ijjLBSFW1kZioMftl
+ KCsFc010bbgDxLQvtIIFLChn/lQlPY7EzThMkyBoDF8RkA7jcqleeAU9xmXF
+ =Wiir
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ/9FOvo7VH/i3M2qtNqiuGS8oDP3VZLXV2zcaB48BURhIFZ
+ dszZAozExdwK6yXOvuoVHr94mhgWkYNd6mR96zjFnGWhvta6w78Ecm+2uZfF/QQ5
+ tHKD7bRKcAAWC5m8ENAdz+5MLBpNk9egSNqzqjFlcNPV89dQCz6TAyfI1tUQcACv
+ pgVYZz364YMym8+HQ8WAX9rQS3K4ek3EosIjWPJf1FH2Zsj+5Bpt0SZmg3zHQ+e1
+ uC7JQfabuJ3pV4e3++Rh1W3P0cVX22gPcb+aepnM3Dv+ie6kNo9VguMjmGCEgk5w
+ TtRy1pG7e87FUvml7NEFazXHmWGWChfqvvHmuaLJCqCyLpH1TH0AylE+uHutdGQ7
+ t5Cl1slC4VpNx9YiAyhaN7phyz+WLoYn+bcEbcOF6m++PQM8FtIAggwXyaBAiG0Y
+ WRchBxnONdlic5sFmtVuaTMUqClWFO9r2HupRByU7BDTbG1yJBagiIXUFoPpMFVl
+ gfv2jJOtwJ0rGRnQ51ZU7l6MMdTa+rR5Dedo5u9fo6ZhwoAPmDOoEtmiguMZTixb
+ nE2BTZgWxJF2aLOUf8MVcewyp2m7CZlyqXaltV/D6885c4sYi+IqEsUw3CSkRqrn
+ T5RoQGQXekdut2YdaXfdD5uyBaJmXm7Yn1GNqaWfXLUqklPA5UgvHY/i92xlpJjS
+ XAH1Tlt1+DVs6zW2KN3EMvBqOTKLpxmLtClpEXP6pHd+vgaWGYNXOt1eInFfwi+P
+ BKuKXihjiFfNMibh5o1y7W+4WyISjYGpka52m1Ias+06mDeUUojqeaKuhQZ5
+ =qZvG
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//TtGxqKzGMLDUYKYVyWUcYXMua5LavcZo8+GqUoXHIa55
+ V3WJ8zOrcd3qfRlhFCmVi3yViA+WkzuG+VYUuVpGbsXq52v21tDuwOz3MZDrTs+D
+ /tO+M/I0g5Kt56h/cN8lq7//x0AONoViFhDxLCJ8ilmhZdx2ywnv3O9eCLboY2yb
+ SNsGro9juCcKGbJtcch0CZOULMEMEXXPwbo8MZ+DnXKczwvSqBFu/O3nvkF2jcs8
+ rC9A8QioMOjXFRglR+vOfpbaCvCkRsgXlkxBxPtpjdYANjA7TQbB3sj/8PTcuNwA
+ CaVf1RjZoEfABxPJnM8+UX+w+Nm7Fcc+7k/S92Fe88dZ+6jvZGMXhFCoZarSyQSA
+ +J4hFW4j4xHndlD3wpbx/niPhkVRpLxBqDYJ3KfjN3QgzZ5ufhBPGi819cfKJxwb
+ /HDR1AHX0bQJoq6wnof20STZJDploLBmP7A1ae2j119pPEBK8ErhPsrn9TQWnbwe
+ 4Tcrvu4yMJX+TMs+yKDDQXwy0oPs5DPqhEnwHzHgNVjIWuQgy92kpDZssREFNZ4D
+ cDXGPV9Q1Gcam44Cib2HsDMw9ia5Jqn6iYqfLCDo7BidxfaMRHL9ALhg0o/YLFF3
+ 6OyBb4JBFra82QtSFqo719Hzsd475EL7vtVvCk21a8MMH7owhmBuYVxl4ybQh3TS
+ XAGZi7Pfzf8oFj782HypsT+m6YvPMXHuv8m8K/0F061Vc/7pOqx+l10URVd+KDFf
+ mkS3eQF6XEyrHxTV8oIPWNGqeURAQZSINMHFNfY0TkQRG3TlKtVGWCqgfACR
+ =dVoV
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/9GG7/FHBp3uAZbW6s93J49l3Dcr1Ih9PG1FQyF3wDoakE
+ LEQ0uoqM7hb3qjJLlG5Rlpa2VdhrzixDxVUnh0FwttTHsIkA3Tpqx4UN/6rtLKxk
+ ii/oTF5ZpN+PtDE59NXJHT83734aSoGyzRUw2UGc1RwkSQUlfXNhblqbn4ok4oah
+ EZdBdE3wzcT4e8ybaDH3OS+i5EE9dKpBjt9STbEVnL+3tltst7j2H3Urki5N7/Q5
+ 0rG8H8KZ8h/FCEhFS+PAWB6VuhKJ/xVtYYJlJhmN/lwBqwkkSlSihTHTKfY8wUiy
+ efG+4rz4d0PIQTaSym+Y+pI1hbUMNFrDtRa1He8u6Lt9ANP9ilCsumP0KM9so6Ei
+ Njw3yiSnaFZsbVRIvdZdp+ZphWshE7udq6hLfuX6j2iEjvmmcuxDy1xn+ZjKsEpz
+ arETzZCQqSVhChFYsrXzzxQvnBOneVw7bF5IRP25bcMg2hf+610BfxylZaOAXBiv
+ ZmlnIY+InlznegpEClqJurzoJMyClzbohW+Gb+HOoe6BwVQ59BPhOVaVh8t1Vef2
+ Jq7kbrwBIYjUqFAf47sOL4i3r0HqOB4MLqXc/GPQsZiMsXsFvu0ew5fvTIzvFjJp
+ pMJDS2NhwCfNpWprVKTYs6i/6F/9QtZSsJuKldpODUQwaZMEkPNErye2TvmUUBHS
+ XAFn9nWQ67hPjuX5nT12si5cZ5HFK+wyZnkB+zdTKeh6dCeO7CmssfuoodqsveNm
+ VZXtojOgOPusaSFj4n3GHE9vzqNMrE5odjpG6NLWxv7FFfcg7/t97KV/nkzn
+ =cAw+
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdA5XAZB34y8KVLVqTUdQMIxtx7r8gR1OwwSeNeDIgRpiYw
+ lMLrGxCaiG+MnlDcjhv+QQkXRx3z/dvT5Jx35Bv8wFiqUY83xVD8yQG0zAJtA7RB
+ 0lwBJ69AsQI3TKDDDCfHwa8wka8vlnx9YoMH+bEfMAjHBOPeMzCmjaRgX7O0ablm
+ OoVcoHhPnExGVrR/buzrsorTuj6pRwoTc2XPRMp8cMafQQG5oKrc29roekcCig==
+ =Qrj0
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdA8drCpM8XLKp63D1s1owbpjULc3cUNVXE0X5UQZsvLjMw
+ EhgiZhQ1kobdKKXkGfCIY4sjtl7/QY/uuro20n4kZxhEgwZcBBLbUjZDOfCXb2S7
+ 0lYBSQqptAsnjkv9LwbbysuLd9i8WY1vKexAPA+cpvJgHwhtt4Ia/2EwQ2IMJBpm
+ MunAOhG+rvonQoUKxFB9MeCIX2hW9IywKWqBhfxFS8/r9VQ1V/fX4A==
+ =TgPw
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAA2u7UVNNDiTC4dJ+tIP65LYov10AN1xKw3rradLfFI1gD
+ Twuwm6pZ6esp2lC36JqLR7bx5A6uFmfnJA0qBmQryAn+TyvU6xoWbLaDJMP7MMIH
+ uYAnIzCumDWz44xTnZRup6E7f+CUiBQmns1dTGWrfz2GHzusjnF2E8xfX0sIz8bw
+ jcQsH3yvIJhOOyWVOampEwm+eZoSzxcBn3AHAwd1XsS5A4syKN0wzA3c0FLAnibF
+ nUCRKBa2Ux3yB1Xd7hENrpN7ObrdsNCUvUpRVZg0bgs+Zjr3spq/NI66DKfwRc9/
+ 0wQhn/vxoCevGRV/ir8/5JUx5aSLYtLYZ6FGxn8Cqja6rR5rcgAJzjjJP3H2iUrM
+ cuhdQKj/WGu6nui3oQ6cDCDKK4YLBGda6m/nNLTAN+ohGmGV9gh0d95OD3EiGm8D
+ F14G/ihFFb7YOMPI/3pKPA7iaHS39lZNkSYBsYUL8/FfSoG0aKyFlTMXWgLgwVwx
+ bshpe4ixBzTrIU8DtLH1Hz2j3x3j2rh4vt6NOZ6OcHlsIWWEWT9lG2hRUda4kEXG
+ X6h4c+fslqu0z0PCDsnr0jjca2PGQz7az7HQdddG24Co+cZqLgA3Myj8YNE/StE/
+ zudTl0RpWOeY9aVCaACuz9xRcPpU+nxEpC0jxOC/ZSoqkup6ndpIOy9g/chq5lPS
+ XAF4v8Q+I94rlxu/LXCQgnX2mo2iaG8/vWzKogGlixHJX5s70rDaDO0oWjoxXlN6
+ YrU4hFwRCaAznA8GODyCHsCEvcGPo0i0HuVz1hwjp0EnfVLwYreFISGOOMU/
+ =6oPX
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/inventories/chaosknoten/host_vars/ntfy.yaml b/inventories/chaosknoten/host_vars/ntfy.yaml
new file mode 100644
index 0000000..cab4e76
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/ntfy.yaml
@@ -0,0 +1,104 @@
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2') }}"
+docker_compose__configuration_files:
+ - name: server.yml
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml.j2') }}"
+
+certbot__version_spec: ""
+certbot__acme_account_email_address: le-admin@hamburg.ccc.de
+certbot__certificate_domains:
+ - "ntfy.hamburg.ccc.de"
+certbot__new_cert_commands:
+ - "systemctl reload nginx.service"
+
+nginx__version_spec: ""
+nginx__configurations:
+ - name: ntfy.hamburg.ccc.de
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf') }}"
+
+alloy_config: |
+ prometheus.remote_write "default" {
+ endpoint {
+ url = "https://metrics.hamburg.ccc.de/api/v1/write"
+ basic_auth {
+ username = "chaos"
+ password = "{{ secret__metrics_chaos }}"
+ }
+ }
+ }
+ loki.write "default" {
+ endpoint {
+ url = "https://loki.hamburg.ccc.de/loki/api/v1/push"
+ basic_auth {
+ username = "chaos"
+ password = "{{ secret__loki_chaos }}"
+ }
+ }
+ }
+
+ loki.relabel "journal" {
+ forward_to = []
+
+ rule {
+ source_labels = ["__journal__systemd_unit"]
+ target_label = "systemd_unit"
+ }
+ rule {
+ source_labels = ["__journal__hostname"]
+ target_label = "instance"
+ }
+ rule {
+ source_labels = ["__journal__transport"]
+ target_label = "systemd_transport"
+ }
+ rule {
+ source_labels = ["__journal_syslog_identifier"]
+ target_label = "syslog_identifier"
+ }
+ rule {
+ source_labels = ["__journal_priority_keyword"]
+ target_label = "level"
+ }
+ rule {
+ source_labels = ["__journal__hostname"]
+ target_label = "host"
+ regex = "([^:]+)"
+ replacement = "${1}.hamburg.ccc.de"
+ action = "replace"
+ }
+ }
+
+ loki.source.journal "read_journal" {
+ forward_to = [loki.write.default.receiver]
+ relabel_rules = loki.relabel.journal.rules
+ format_as_json = true
+ labels = {component = "loki.source.journal", org = "ccchh"}
+ }
+
+ prometheus.exporter.unix "local_system" {
+ enable_collectors = ["systemd"]
+ }
+
+ prometheus.relabel "default" {
+ forward_to = [prometheus.remote_write.default.receiver]
+ rule {
+ target_label = "org"
+ replacement = "ccchh"
+ }
+ rule {
+ source_labels = ["instance"]
+ target_label = "host"
+ regex = "([^:]+)"
+ replacement = "${1}.hamburg.ccc.de"
+ action = "replace"
+ }
+ }
+
+ prometheus.scrape "unix_metrics" {
+ targets = prometheus.exporter.unix.local_system.targets
+ forward_to = [prometheus.relabel.default.receiver]
+ }
+
+ prometheus.scrape "ntfy_metrics" {
+ targets = [{"__address__" = "localhost:9586", job = "ntfy", instance = "ntfy", __scrape_interval__ = "120s"}]
+ forward_to = [prometheus.relabel.default.receiver]
+ }
diff --git a/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml b/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml
new file mode 100644
index 0000000..f2a74e6
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml
@@ -0,0 +1,220 @@
+secret__onlyoffice_jwt_secret: ENC[AES256_GCM,data:x9eRTm9WrEFGdxDb8JfqLYu97NSBRvhknkEBx/zSEQlSfcah+CVNNM6JcS0Y6d9PARcGv2jGUyakuNN1wYmzYw==,iv:33lWNSnQkljr8S9uj+Eab/fItyKAH4/xAeckdpvzl1k=,tag:Ejxzaz9nkGLT/mqKF35M1w==,type:str]
+sops:
+ lastmodified: "2025-05-04T13:57:24Z"
+ mac: ENC[AES256_GCM,data:Av9x7PAOBhUoCOCF4al8/4BnpPHmUb1JvCv+PKrBmjPBVxW/sU0w6oYmUNjB4OKxI4615pWpfCsG+kVSEysbXtrRGp2RGqhnSKxS5l21W6Qy+IEkNA/jcA/teUGEOy5Qj1SvgNtWvXEBJgfm9eCQxC+w34JbzoTs2q+6nSxtwmM=,iv:HD3nBwmnOGP6MZdLiYv0hlNcvK5lSxJNaoIkr3Xadkg=,tag:uL01xCeeIbWhsdpyqmUyFg==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtARAAoJ/2LvlPFTh5vJsyUZfwTVrLg1DZ9E694J3HJ1fH9ZJj
+ 9qZJ0EtbHHjDyaoAS57FYt41AKbOeUpHa2XioVIYJfS3CgAA/m+AXmorvchU6Umm
+ tnSaEFyFYEFBUiCvGRMCbBvLepPHdK76a1SGkQww0hcwLk/rjfRAul1ffajdyhm+
+ Lqa8kMLA80PK5QLvYfAPlNtMiUgq7YsxmhAWoWQ5F/xLnMgClEnsN1QnXszoH8MH
+ 622pAp3KfQqUM54xx0wn0odFcuOEd2HCj/CVnMHdJgZ+7C3XhBg9rB5OgHDKTcMb
+ F+asweYxFszo6vLcmz1PBnuUv6sPpE15t8MRG6jckLCm7xHl9Kh5fkug8H+H8lGp
+ 3YmbV4Amr623p1vqyAsjqfcIRqB3Fdlp8034BJEFUXWZED5ZUp1m7w5aLG1mGyxC
+ C4eFPC2mqS94QINfFWYZhMieQz1qUEsZv4bFU1dxQt9H4J/ojkqU4oPVSmIe6swv
+ szmRVUdmlU5M2FLGUFPw0ikSheBoxfP3x8GuYPuz8EGc2Cdza+kGBswPT9OkKN7k
+ 1flPILolY9D263ldVamsamQL8r07MvLr2Qm+Zw7OTzc14DKyKx2H2m/6C1Koh+zE
+ 9qTCQuaNQjhpZlVf/I1nCEpixBC4Mc1gPD+DZqJjdM8dA2IN9YtLMycepM7igvzS
+ XgE21f3aoPGgiY6zYQiaUhjhZNWO8by0fxKaPeZ/x7++5stCZz8xSsG7K48mBjKh
+ NHKJ0sh2imtzPN8Nx/Sqegr30qHDXC5/x1g3eyYurVdT69T/vy4dt6Om49uFmyg=
+ =VHVp
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAApCrvjvsNSGYfmA8y3ZBA6FhfXDboXWYEPs8UfhtoWd2J
+ wdDtjMXAC7Tav0zYPYIJNag4uax0xgMsKy2YcrSxrKy5IXWpyYsX1VeOj2mJgSY8
+ gBmH2UvSXtQkYgkV8avGRYn6X+6kJIGwqZRzPlnvKullAYWrtBOR7Nlsd+4BMdLv
+ sd2iN0z4OwYEsiRI03vUUOZnZY0oDEWLc/Pjiv+rqlHx21sZCF+A9TmuP5T3iYFk
+ lWVL4ROEu13XCPo86DebfQ1iWyNMk1US82KfT872N28m+OA4/pTkc2PKJTxS+yc5
+ UOC36GPZuyu/ve+OESMT+XOE5qMar40bvFGgLPaA144tILFVo5YGy41jMU5KrQun
+ Z09FTv4qfO1WDaA13d707nXgC1AQOmo28I6HP6M0YfRq7NXmJlJUsnVN63K7MfjY
+ cPFS0r5flY2Sajx3fLgV8t4+a0/c6qwVBqmMnbjddJr3YblH5nsZ0XOoohCAPTOL
+ 9HH1z9rmBT6TywzAcKmzboymnitQ5vFifIyL0CyZND6QjjCarVbL6uOZl746eJpV
+ /sVpzIemz5FREjp3+liaMmCxUWc3S+vSTcLXwydCWQeXL/X1s/OQJ0XvPFAiW1Ne
+ 0d9Uk1qROhb+pBEDmkDA+20jQr1n1ocBqvXeQZXvLAZt/bTyceN30OLFyP/rRr3S
+ XgEdW7nQac5MS1nIHuYfVa/06zEuQCiwHQdn/wfYzU/RpWLyDj7r0j3xjwXZfT4y
+ jBP3eBtnxAEvtnuy4d61ody9nyqLxLyQHYi6/4cvLn4bZFFSDVGJt7vHZ38NiY8=
+ =2Q2D
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAA04z1h5ogEphvUqynEQPQiIR82hDjXHbG0u1CVotvOfJ0
+ xP2rIXemVsHdZiQXF8m24Iumi+cbWvj+4kqDnAx+AVOBlyL6XMNvCL0NEIrcFRrK
+ /Hi16pEPjP/z7BnpS/4OLTzFhyuUuhP0rU2XhyhhzcFHumlKctMhJu6+4go3NDG7
+ a8W4NS37C+JObbKpUO2PQteHW3ptCBKlQ3W1+Horgfy9mw8kL4BwZEQE31XMXHgj
+ lOBjmKlkKxAcaKzV/HF2oZDGfyF1Pdeic13L6UpOb+zopEgCljwUDDWZPAf4YCGF
+ tv8l14LwzVO2UoQqWWwQTwiVuA1SDbtl+mjSyNdvxSvnj7tD+NMrp25lm0SnZtyt
+ QOMmIyVJqMN0DNoNvTb+atbZWPV/nmdt0QHcGJ13x7PblCGuP/Dt0fRekwoCwBpc
+ U4MYW1VAw/PWyzQ7GWPHIAkUzIqBY9JG/Pa3HNwyisU/psu1eQlMRx0SS5cYMnwh
+ RVJvVL+4aA+2+d5bYXgZUeoaWCp1duQKyH7GEdO4io8v61IkpRDf1QPbkTNRRT7T
+ LfSwcV3Cz2PKB7aGSdoSaRn34mzJf6jOoRPr9XHOmUx9Ni7SwFNIN4/r1QhhOlXX
+ YXC3RIjZhPLMd+cAM12bcgtM+6fJqloLCzU05QxKPeGl/4rmvisb7dIXFAjF2DnS
+ XgFt34T/r0XOZGydppw219zqiKL+4AXShDKcwE7oPa8AP5rLm/UY6ZwlC4HLvHvm
+ Su/gHrv5/aR/ORGy3UdxpHTxYfV99nrO1D9qWzm185WJpQ22YhbmV1ZRiywqeMU=
+ =k56a
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//VlaN9C76SJnHeULdvnJ+A3b+idN+PxyPBXSpyOm3DQJs
+ /83eVkocwQGDL0Dr92f6OcZuHmb/gPuagwuM5Zak5mTRIYeUHaFSMggGIXBcBqJb
+ xMlYTWJ13JXkONJaSYn3AI0HVpUT+KMJwyp7H28P10RgBZJWT0k/wSmGxY10GG5d
+ uoA6HOYiK4/KnfzJa4lQiZm3NNlv+eO5yPib99KT+sl2hDPLuKJA/DUhK1mtdygC
+ pJrG+ayJUKtBq5veRrK/QpbMoD48sD/yOklPB0KadqjY9nMODh/PePpyQlFI7X6Q
+ ho4ECJeZoJMuU4cU8GwN+ICGoHhdk/l12JtqLiznDWE3uunqO/QxpyyVxIYG7vRl
+ cBL9PwLhHrsTD7BGzzihAnzz1sCbelYm1KG0bG/4mMVn8cCrwrmoU34+HJuU+5FO
+ CDExPnNEfen55KnoCqEvSu1W9tUrIJPoda4WM9Z4jWZRJ1CguF3wXALf9Wrwd5ey
+ 1ncpyb27s++lQ90G7rrGBijWBzNZISZcsDpUea58+Oz3BzHzj4Bh5O4GvDxG0TFC
+ R9P2/M0dlPOchalM5uSy5vzFM85sPCdbXns5t4yUOTJGF9ro7ZUbnjXjAThsdh+/
+ 0NyVXODQGkjs+z+KtjBX3WjnaTSlN+bCcZQRlKa+ZnNVzSffqoKOMWnjm9Ong2nS
+ XgFe+yO1c08VmGzmUtpXp0H+wuryk6OLQ4yLuv/NEk/zpdV2vkWGUbgZWBnNYpmE
+ DICvpbtmyghTmwtz6X6JHngfnUUIRlfk2oJCmh4oBsIAz/5kgECGzJ4P4qIjXQI=
+ =oz53
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAc6c5dDqGPJ7QNl2X9UEg3CqJGfRGNEymq34kyfWwNgsw
+ 0Euc9d8VaeVZzZRP0CltaxdiS4L3BiSm0mBJAcguygM3FCISZI3qrt1ZdLfWk4Y7
+ 0l4BZ8OFHdUOwHjd5CzKILYG6KVkmQLadzP+DMzavjFnXcLZQfT5QScBHmQVg+kO
+ 3jH26Jq/opnuwF5G1hE4cULrfryvMV4pR/rS/QP3Cro87+HTVnZv0cRE6JlWXJyi
+ =Uwlf
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+JnIeYmS/pnJIs/KFjj6TOv9sYUWYEN/IqOiLtSa7hLvN
+ 4ZLERku/oYFshH8k7fAXsdQ+hHbDW3HzIFZR10u2hrTbsDc1PXA6rSQw6LzY+pg3
+ e3mT+7YwtXFYiwzeKNWQajCPCKChot+eBXp+eMnGE1XINYcJc513nhxbgjyQjZSp
+ ld+UtNxVohuZZSkgihA/vxd1Gr8lOkfrX1R9hc3VUb7nF2qERT1Nhp5NBSV0XlH/
+ 4+9W01uW2vOyAbIwH97+izGLkVjYYqzaR8I0qQNGbj6Ra+MJaNNHDf6qkrPhTrHv
+ nBUrbRXs2+ioRs9EASA1M1frRfsWqRqliuteBgPrfmXHt+UMiXbHmoNufh4M7FW1
+ 6WrsunEEuS/bxMhyhzeq7OiMgC+LGb/BHtpgo+q5F9xwHuApjYfXOZX0ma0Muk1U
+ vyNnMXYUO3eoulp19E2N9FWwekwzPzynrnf25W0cdpCd6pfRAUNdnaVrop/F1Q5h
+ fQxZTokCnFzF4B/F6e7Dgw+kmJp4AZ6UcsaX7BGh0dO/RcyPxeCey5tbp8tbOOlK
+ l8iJJ3wvHff1taXjxoaaEjNkE4/a2oRQ7ILVPpzdVdvF+NUzy2nbeEF3XE1B3V+E
+ TCP6OLDBZRP2XJoRyLBym9ShJaoYkRrEdTn8mQ9MDWdR882nEsWz0+LVn3ZHbxfS
+ XgH/F7rZY2DJjCo4xbFER4G+3NjfOswanvpDdTdQ0NfP3qUWR9kroKJnGW0cjDTu
+ MymLSUZ4vhszBiQEVrvW/HSnItiuX67j4Cd+RKFnroIajkh/CBxu4If84VFg1tk=
+ =nwjq
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//Qj7HVfszo9OAqoZFQtLqk7hKptSSjpD1TpbszeXl2imT
+ X7Z7bANyApqUDqaPAgAKYfKDg40dBiiV1ebYjiPqZFEVpOfR9+oRrkuHbwlRZLFw
+ rvd3/w5InOiP++eLT23E4HiLXZuSYk7JhWFgqYLirxgS9IypQeAFgVc+1CWBizOk
+ 3DLUHfjLScNq9Imxw1NyPoQn1sSv7wzTamnnBckmJqs7KLUlkYrjAzIMkc4iXVaK
+ LBaJ05QXFKQzEcN+VACE3fm2zFPumNBoykpYBqn87rV/2CTsK/Q7wluNineiSy9/
+ jwDKnEkgm7WQsjCCZcavSpFSGM8VMDQHq7qFvZns4fgFe4z9SAqEiMPJlY8jsyNp
+ rKxc7mNu3mIUHbJ8JCsMBgUKtgq0U1kC9xpncAC6G94YsNUwcYznmkbdRHy0q54L
+ tE2H/U9YGIOAnAIoabjdW6eFuaFBiLTZOqh8pfCT2T7zhIbVFumjZZ2U2mp/2ImE
+ BbUdyV6ENuADabE+lDKDJlh7tr9MuUQxiwgga6Rggpo3F/ZwA0AL75RRAOsadfft
+ Qa9zWe+THmGnwD5YG3ZeEcGsI8WGuexaOgMlbNJld7ayqSXISMOXNL/Hv8aiKk6I
+ z9I6EZlo3DjUJ/J1Yt1jV39GuRg7PBrNaUXPzs/Adcaorlxps1hrhRDO55kNQO/S
+ XgGpOpyqXj3rW8120Ir99chuRZ8+57wrMVm3Iq+IIk2lvgsysvhABmLaJkvIxzMs
+ OKAqjSSmh88DmM4wGGhSTSWs+6Hid97rLXxZ/inrdzL45H5NzwZFMXK77CQX708=
+ =0gyc
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqARAApMNOCAyZjUdI1uFcPrDG0nLRtX1USKClRwdCTrTDY4Xr
+ vN2+ndwsIxj9NWjsfOgDqj4mEqh/l8cr4jtH4SR4C51KwCOWBnQByvaS9T9M27hZ
+ KwlfkeDuiyfxdEiEbCuYj5Ue/eKuRGl1wePSK3XsYS//jNA+yJ7I5VuqOXLuk3Ky
+ kMWqgftAiUfEwtQTUVj+oyZ94ebDtTtRZLtsLYP/NRKaNAoJoJKAtyUzOH1iTA4w
+ 5+K9rTH26PcDbkcNuCzxzlq62l/4pfSV3JQBU1ukfYKBjkQOQA57aHxGvkpT1KPs
+ 5ieLiikQRFXmPbKmUhZsFTpIBBYEMR96VyTb0GVP+Bq/iCcq0pV+xtB2ht8PMhJ8
+ oJJDSQzxtH+TAuHXIGpxh0pu0Qv5RRjGJ3APWIvlNO9f3+66Kq+7/iLrv4amau0o
+ fMdx9991xy/9O1wJseRLK7kBCo2Y0451LcxGSKDRYmnYkqYVK08qDtYdJAS7/pR4
+ zHKwt7Yx8rZDcY6FKNjaXPPc5UZkoYWKxlJbPOTQ+ZpWh/a6ITu2klFMLjtETTXE
+ oskrotoCB6MoYTDLXS6AG9H6zuGVe2YtzdBqoeV7JkD5SbXWbivoue9JqBpiAaay
+ TOqtmyqgJnfyCRJ49ll3DwDwI8qHZxF0DV6ny+UkGfu6sdXSApLw+Boqb3CA16DS
+ XgFfPBbhrhVjRnW9WU9J0hB0C9AaGsXkvKuxJtlPUyIDiL6umAXyfZwjFLWpCA9h
+ LQXsoBo/ac8a13IFUM/Mg0N2LN6Cli4Y368dl7A+rf6yrRCQDJ6furCUa/AnyVk=
+ =WYRn
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/8CyQ33WalgCh6onJN9riCoKfwnmS0Y9ph/fFs4TVoXwfQ
+ G0wZpcpEGLqpJvmD2uGWcEWjI+xYy4AI7DOc/9tCnwG7ojbN3gcyo38fCQv4rF3F
+ cfvnKhjMZ134GBaoZjAE9DTm7DktvbXfEn21UhsZJ484ga/vLkSM/GGdeGBhN+VD
+ O4MRV5+ipyinvhrFlPL+RBNfFxqG5247TakkRTuEyJooUSVSHpo6cvD10HCE5Xmu
+ CWPmL0pWZMAb/zF5YV5qAuCjYXmD2IWmvmuUJMl/MJAYFNc5Lkzv9PZ6YYO9dPm/
+ YuLHTI74sVWSzEfEWW7TpTjDV+wWtVDEluW0rU/BBi5Pe5mojsSATU/yc9xLnn11
+ f0cBfzE2edMI1JVWVGD7z36L7vbA9SmfrPMiAv4HH4XIMsKRm4E+Sagvpmfzp4aQ
+ RQaQRROnlPF3OiBEESXF6fJMTx2oUY/rGr0N4vHdbftjrAzSw1055U+sJr9hMowz
+ QEXi535RbpNYx6K06jMR5xh0s1TLZ8vQ96g+cBzWAgnL78r6WXnE4wrWQ1PIek54
+ ynUN+IckmfUNvJkNOpysgQjhXR4OZ2PJYHZK3NozDfuQ0gOn4RPAwuQLDrdsPsm9
+ cX4iJdhWfEdABZ//oWTkcTRbOgeLg3sBMQ3uKOCuIdUNxv8QArvAgzoYL0XVSrTS
+ XgFXFTQlV/Q+h+p9gqRlY83aaORunqmbKmqp7b0CXDRGTqzp78PfBpu83rcvfrlt
+ vW/Mc6sdQKbp1CLWjwi5rvicad+syff5K1Yj4KM0Va6EN02fR3Y3LX1umSUz9hg=
+ =S1o0
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAmctmfovaoatnLuqx5thkVhRKPDmu0lO1Cz5DLyEtO0Mw
+ f//rqh3/XZJV5+E9Lg3z4JwmvGOBYRzx2ieZXjG97CgXNJABKZEaVIJRYK188qvG
+ 0l4BYsSpSvsPpy2sSpaieMxYsZaHSbTVLCXXeWEuscjZf8YIt0Mtz/Xuo+vhYBCt
+ AYphX1T7gM32x84bRKY2GaHMWiJf8gliyp4GEuAcT/3Qy/5T5IzuT7ZCFPY0oJtq
+ =4oBN
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAI999uiupFybQLd1PFvc8U3Iubq8C1Ak7MSeInUWtHAow
+ /0AFYupRiOj4plWENTnOtSLaJWaUPtxH5IPmqCti5zZa3EiNaDZi+rQ0pgcMIcg+
+ 0lgBQ7C+PTBjVdFNSwbfqTNIA9d+Dnx58rAmv9gnJT29ersC7q30kA6XXt0OORP8
+ +Qw94iehnPRN4wIFunyBpB/T/rosnCQwl1o4YF8Qg6c6i33Ka40PKfbk
+ =0oiT
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ/8CBqRnnTS2cJsQ3cnCw0g8c5YG1mlfiCfo4XwcUCCYRUH
+ cCh1AtWdBzjqbL2rQ9HpJrTiudwpHI5NQhTd8M16klvlfoaJcIFkFOJlmqJIZROb
+ S1pwpCSVqfPzMH/i4/OhP3hebJ1tAv3DovKo8D6K0mwxPAr0GcWuNxwYgksArHGs
+ HwCr0+eZKtHvcIT2u7XRzbmgS7sylRT32IpouOKEj/xO5EgKlug3zDI9OWOjwQO3
+ eDB56bOpbD5lolT+mUbeklt8K9xo/AxllePOtj8VnAQiJ89VlIwzE0ULxEU1J48e
+ 6ACIZ5E337OfyiUw8CCAGeMpSG+3WJCBRPoQdTPtDXl0INIcTF2IHnFrbPQfM7gk
+ zWbU2Rc7+kuvR0eEKiy4Zs+IprG9prpLyI3ZFLrwZK98IYe54wjokDnNay154lyX
+ ncJX37e5RIj7xb0nDGQtNxaktX1n9wUXGssCHLecDIXQ8MstRkPh2/liwt3ZaGtL
+ gyp49DBLF+9S2EKAdGk3lEyCvYARuGi5FvZ390+ig5H22U0CP4c6/bwPRC9cgAK0
+ nXGleEeCCcE503cZf/ThOQQUKULtdTqrZVzL9K9OVFYUjrhjlxdW4dzIOgL+K3lK
+ h7mLEvmgRnaSYVWLfn7NjzrvUC20Zem6I02hV4GIYGjzi9epikn6IlBw9N1hwgrS
+ XgHHsygIAU6Tekg0DlMw2yb9DH2s86XlLfmp0KxBr7zuu/NSsPbhj3a9OYft38st
+ TOEdrZL+CqITCyWhUpWetmlFeDdgDtLFNts+/5y1aLf/v68mV3OsWqyledUhVa4=
+ =vAn4
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/pad.sops.yaml b/inventories/chaosknoten/host_vars/pad.sops.yaml
new file mode 100644
index 0000000..5c46042
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/pad.sops.yaml
@@ -0,0 +1,222 @@
+secret__hedgedoc_db_password: ENC[AES256_GCM,data:5Pw0orOTzb1xCefwx/n9h9m8gmEY6irE,iv:nZvnPSb6sXjS6k4wNUoo2PCJyOcwjm36gs9l0mxwAeo=,tag:0seJlVi9qTfBiol7mP6DQA==,type:str]
+secret__hedgedoc_kc_secret: ENC[AES256_GCM,data:7RyM9jfKnaaP7kJ1JwucPa/IAwaRc7Hhe9VYIKGEmlc=,iv:RvtaWLsf/X/y8s+DLANcyVgagJqGB7EkvQ2nYm2Xo24=,tag:amdgqknDGeZxUBmXsd1ksw==,type:str]
+secret__pad_smtp_password: ENC[AES256_GCM,data:msnYZYl8vP+OeISI5OOglQsCQ8vxMZ0gig==,iv:oqov/myWJNzUoAn4BSX6hN1fWyab5vud8NmT+z4ECqs=,tag:0T3Xm2zw5k5WmC9Ks03XhA==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:02:14Z"
+ mac: ENC[AES256_GCM,data:h9E+eIum7jyIx78zJh65c/4QMZRq+stNklGuBGo8afYpicLPG/A9LZz1UeBSxyEoMOV/jHAIuoU5u1wmijcsZSBBjI0LZsBTnGLORWEZCoVTEVCUp9CJHZ8zQEVj4Gt+V/moR+pD4s3YLuywamjquvghwtOMYt1JzsePGcCkHUI=,iv:wxhwDM9hmALuX9Ko4izSQ270X1aaLH5Z1iu93/D/Kls=,tag:j0+XqgV43A6ry6hbHhGj2Q==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//aNqxoOe92/qN5cGXIHEMQZLzFLwft0nn7vcp+Aumz/Ry
+ HpzIMCg9jbFOJyX/AXogcnD/eFdbByEdJoweK/8HT9bRdcMAy/JXSZ6JK4BCrdeC
+ zljtb/LMJhwwLcHo7N6te1NJUxHYiN4kCFzNx/bw18BtXxkpGThUolh9d2AKkzFl
+ WpfFD6jq1kKntHh7xgZh85XEmcrh7TMTnVbSphggl50SoDMr0QqlE6+3M15/wPJy
+ BkU8lZrd9pnAI54kf9hbyARwLXFO2op2Mg01XqPtZqr0lAJWme8tchTzYfBMy6VA
+ gdecfdSa/QNbcoT7MQc4XuNnATZ4V9MGYasxIwfAEd+gJdHTjdpGf7R580b0s5/O
+ 77fy5p2AVC3TNgjKRerIolCG946p9L5sexExphpnx+QPcfZxqxRFV6wCHAyfFE7D
+ 5pHNDwTi5xKhv5Umsx6SWIgxwGCuBdSmfp3fAMtMpZtpmgIG89ZMM+IEyhyNOOId
+ wrDIbzW2b4P39Uldg6959VYO7kgX/+geHaunogYu11sVIXl2sh+tQ3745bZUyK+4
+ 9TkY36i0pw88X+qtZeJcynIVs1X5kZU/j9NoqR8uXVo+aTUrqz0Lmw5TJmbtHuc8
+ zln5ahJ2oEAh91yKIaG4chXWmOlHa2hLseJh2XRmgmAel9LxZxRDVNxEB4MngmXS
+ XgFCCgrmDBEeADGdY+Npg3arQPdQUv7N9zOcVx0+8YzqUkwikbLlAprI82cpRYbN
+ PZbwZC68VugNQ2lrTVGl/Vszf77Sqw8YgHKHaCNQeGQ1EpLiTDSTlRidxXQeQqg=
+ =IO/Y
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAtSL8SXFBov62tJ8A9z8BUJJxlhyB287yDaE7zmZ7SJJr
+ mdIXIzd+NZjlT3E3wSbzIs6bXZ+9hpH/FUwoleMnRSinreK/2g1YxK/rDoTGNCoi
+ z8I9IT+tcxLDI7jk1UdOml7W6+QB4WKt+e3Yj03AqOVH6puo0np/UoNWxEWgttYF
+ tUeC/5nlOeR3Rmo7xR+aE+IkjwTQIVsWdkn1QjUobURm2MLEcss3ccl/6cYmmbtZ
+ zlTDWQPbR/7mmqICxJYbHaSDoB8103xBWoyjBoU6Joogt3ITBp8DZMHsrkB7JM8g
+ VwRIUGoA89SUnDLONRpY+SKyF5otpHz51oh0Zk4WvgilYsBq79BoA8RRKAdA4wif
+ 3VUZgThoDLarh2X0Y7yRHuIvo3Hyyu/Rb/qSGKc2/C36QlbCG18ZDmBJcXWzsMBr
+ 6Tgs+EVI6vDXGpsBiZNMlBB9SWa9/QPmZROHSQ7+vEV8HHQIMlQ5gCd/F8HtDSCI
+ fvva+JvvkiYGyuW36ttX/KWja8cpzqZ/sUabzsr1rIpN755OnOHwl8ct19eNNC6Y
+ FnqjmQvCiCpAafoSHMowp0gqYRAy7KuZM079fPmC81ulXdaJ/+9TwNRKxK1uxsIN
+ cRcMBng1RZ7BcaUnZl36v0If7V0FT8JQJEBnsVgb73yj0w998LrcdFkrc+8K5uzS
+ XgEmC4sgiEb+2SFqTi+pRZNuMpNI42m8oVohaaGK3daBDJzEnO4MDCyaqh7Vrc8K
+ ksOPAqV3Fge7IM171mncjMOyAFWqKLVJNB+EWFmzBOSu9pcDsOJ7bTxfE0183Bc=
+ =G4Ui
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ//W7ljbkBHoJ9PAWC27ixI3GqxvBcCVZJbjBOpZCHTMC6L
+ NvVjVM4/oHqO/RIKw/txAJ63nK4pu/VX5U2R9oPekpUOr3vTaOS+Y+SlIEWnh0r+
+ LihOfkQIMQch8LcT1yy6tcLTcO18OokuuK9PSpngkHQvq9zvcA8nYs+/apCg9RYu
+ DwQxPWukL5g5WPk+GmJHwffStp5M6W2juxwtBEjHcwL2SP3DroqXk5UE9jJ0a6QB
+ BFl8b2ubeSlbFOrm7LuhF6MREBbxP2b6pPf9Dii5tYZvpsVNcI1Zvk/FGR0j/UaJ
+ 4CP6GNjKtPIRSfVNi5InZppYvWXRWBgvYMCjjNWHMjIvf8+VmaI0KAOYcfrjN77L
+ jw2xGwY2GKuZLrgL+q0V9ZtCrXzQsw9mov/8DuzjW8cuWLJ2svHuU4pr5HNm9Mdk
+ ffcobSgNA01yvhoilil8I9OwvCBnXDSptkCg7wAiewlRW2skwBMzJ+x8tHo1ckPT
+ IxbNOZO4Ky/M2qbtMkkcrCOfN8aw/xtc4Fgd7bWpOnxqQDW5h4BMEUIhWoyrZN6m
+ BbnrsjMpuBtG2pLpIzbSXdHXYlGLglSA/HKld/HlvnJ6YzmJ5sq0fLddJejmuZP6
+ 8HE3M8NnXCqL8Lg2lu+osWCj0Ie04O51tSOL2MZa1Lrucr4k4R2fJ7JI/Wbj8i/S
+ XgH5hen0WL2gfvlYH+9L5ouHwIIuG6hzyM9dcKUAstR8bp8BvagBCHB3aoIGvtjv
+ hB0qYNOVpXQbTDS2rhX7Iyc9O2v41piZJc1Wgpe9owfQ9MXCOumRxReNXa6U3Ko=
+ =7dsm
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//UIWoUZiWc0lcwJbx7Xt4TH/A5pAHRs7tLK11kNmc/yYO
+ 9LKj0abYLcEk6ZwTFxHyuOaGixt3XWCeUBwluTsf1hVKyYU+pZoZTZZO75RtlrXv
+ tncwBjuMjMHPBxrSRtlWM1L7PnSqG2uDNcuoCDIyQPebqbmwLA92+UD61RXEayM8
+ kiU2y5LFUICbJAWcE6/wyP2WTsypmlnvy56Hn5NmekwRa3AI9YzDLDUJtvLuhzrj
+ z4Mb8UZZCje6cE5wXFuuAOBnqLFbQoqiksuHvQ1qQzoai+0MP6TAcylhTFOAYUvx
+ 5VzHLZohd+F5ukqmFpAA9FxYgnvThhmchyt6HtFIOmeQYm+/d8kcKvHT79SfyFK+
+ +FYyBx3g9mMluYrXtNeM5nltMlRFxzEKrvj4U4J5bWnqx5NtviYLk1xQgs/5fJFq
+ E6Ro+zQFDYjJB0JMgu2neF8SuFOAbhtphDTLibs7XF0N+IQd5c76+zSHmVGaVGs1
+ WrOnIDXJDPsrQ4NLA7BMffZ98t4ba8POiJt1ZSH3ZrLakh5E/l6BmDYFOUVXCiPo
+ ofsgIGq6m4I1uG1DcuZPXBYeY0FDEp4SvyjNDmsTHQZWksHiZdSFNVQtAeqnC4V0
+ Ahs3mpqZyVlNqfR5lYeoGcqbxkYKYbwUt3bC53UmSnIkarUf0po47O41FpLVMn7S
+ XgF9fIMX/lkYp9OAWnYkkYpSnJ7Ild2w6nMqclPsg1ewo1jP6mODZ+LuP0YEjqRO
+ cHvgv3LTtEmI4q365h8FvQL6KCtktVucFbDrFeldBrwaLVcdZKeOsEIogn9Wdgk=
+ =EkrG
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAV8YVHRPgSGYaixgIXdc6id8t56XZoN/E9fpSCa8TZSEw
+ 3boOWRPqAKNXtSSlo5edVKc0aKGT8SNSpcj0iZPNIjT7LjN8cX51Agbh8m/7WSwx
+ 0l4B9PGTl+6CNGVMqeRAgAmk4j+5lopHFvVOTzhdTKTGHSMSXDTWDzSRIGScTYjh
+ A7RSeNn9Plh1BFaOaHCRoe2ZN8/GiACU6YRdaaChCxfTurRqA6Tg0hrW4Hi/FcbP
+ =m6s4
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fARAAj4fYd6B+M9fL4TTp0q9vYcLpSaO5HqlhO+aA2xwfi8yV
+ KL8Y6dNQvogBwwux0mwhfPSDkU4P8NxaF5+loZS6fSpKrCfB3jOI0OXQjlkL1X4j
+ MHfxKQo3P+gHFY92OBo/H2Z0cp+COySGgQGhL/vz+tlt08eygs1MOB/6S6HWWI0a
+ fE+2x7Vm/h1QqEG/7EYKJeSnc3Mqt2+vb3Zc0Vo8A4u7ZusjVWFVJX5ka9vtyHla
+ D6QVHIZewUyqowVP81kqO9b5GPDqDySAdPMd2TSikeLqi3nrCE/ZMkqA9AlxPYds
+ UCk22jF4jqIlx2KOj+5UiBzmyJ8yZuH4KDo7Sb2ypbu4oV2w9uQbNmtpoGRoF2ZT
+ UXSvEmObVSB41OVPJPo8P2DOpdH8hTwKd2/k4z3vsAuzzRYypupy2m/rW8SCMoWR
+ zsmX8jlL08kVfokldgow7PNzDSiamhD+JyuZG/b6nxBYG8YHyYXoX3BrCr+GGAnl
+ Y2iHjiPwEQlwvYqJU3bpHeqkjp+u+S1oMVVMSEY6QPhepxUpGRvHjHvSElOua4Hn
+ CtTv5GR5B0JeuQYodDuzgADO/DGP1xAojeixJCdjfcZnwz5GlPzV5dXc3bLlvzju
+ uYF5GLLIyiMG3eVFq+mNdtNLS6/toLvptohUZHUIOzeBE7a84vj6YaIBJQuI+D3S
+ XgEW2BR7ssAb7n4m94b7v0P5+kNQXJS/mUtpWt2QRjO7ApgETPKJPL94eHq+ZUFV
+ zxGCTqmi09a/4JO6cQRAtTddp53r3Rd0Bx+1LMzlbupwJK03P4IGIu4sxUbYTrc=
+ =oBXZ
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoARAAtNvLMnRwKO4rkv+XVnhCm9fBqVqsCJtzOm3+oIxuIgcO
+ TdulmufWkPG87BqquK1MMsIfBFad26m3QJnot8JigLf4VN9KOHwaxEiOafUc+GIz
+ y+UbWpGTfVz8uCuWp+MgwdhFTQbf48rlfan5hribUL7ZG0gs/k6YCuFxMZOgVmpZ
+ CbSqGWYQm0lHZwU6dmKsXAXD21yPhU9JY+301e+uoGf/PR4NPp8CpZWSylQ/0Ndn
+ lzTn0rJEMbiM30QgS0oiKnvLodLGfq+YY1nou3YxUgXgnIun2fOlQ5lO1Wf5yfL+
+ JVegUqSJqLVBWXWjaGgNW10PWxrwmx4r431uct8SBYgG2Z4rx7nTPOK1UpvUkOf7
+ kaVpnCNChxV9URelNdDE7wv+QBqvNrATjrgV9XQ/JPmc8vgY0ukqVXh3YiBlRrgp
+ 6GRsFE20Rwwwoun060wUB5coeFxo3fvl3ARfg5tm0DW/HXQMRFLmq5oSF+UCa5ni
+ lywL7nudomVieHhrGywzFQ0zR8odC7ChY63VFTlptKQ+fbbRyPr+TiVuhKGlCQCn
+ 1KUUdqDq9xAyGycxyVF+xRairAyIb/Rpl8tCqyvv5g0PyLpdUvU5uLYLU0mINoiO
+ PvmJdBF1I4xIYOYsIDFYtnB1Ip/KQtceQ6wbVZoTkMThdiYI3IaQU69ZCnWoA5/S
+ XgFAn6epxYcIA0AKZgwLcuUK0I1UJbBwUAOOSdGs4LVjdH6HhqEtKGtMt6TW1fpb
+ iOhHHUnBKf4VJT4zrfP3D2WrlbEtV+7njzVzIxQxSLDW5c/JFWwgSkDwmcZGtXI=
+ =C12p
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//c82fjsqdQ21eVipN6br333hV5pz1ADxfdDujj85EXJkN
+ by1KP7a4bKdmuBqMZq2jAd/7BBMkiTr5VElCZVx02OkVNSAI4W+2Q9jLkLsEmq8q
+ Bx4FNqqbziu9hPjGbiEaWZZp4Nxw4PET7yLuioLsuXuvc5MBkkAv4NPY6fLia8Lh
+ J/K/FerErHHe8aDbnb1qbjIdgibGc19jQoy+8O4FjlpWxr7X5r6YIDjH61C+iTed
+ h/2b3w8OjsaBi1uk1TyXCkCxpJFHw5LpKJ5V+Xyg2k9YFWtTugGG5WiJZ7l15JE1
+ Ak2W085nzYReYBr64KiUSEZRzJzA5c7Jw7wxUwuM3LWitnvjEkJs9bjkmu3wicy8
+ z7vTQkPVXPlW3zRaEShk9jIizT17y6AxcR2HmhqznGN1cCe/6mVNCqXbjLylFHG8
+ 2ez2SheSlo3hEq8Hr42pwxUafKShOUAcvHyXC99mh5SrE2t87SwNf6pHDP48GD6D
+ bBztseGNapINd6/KMjtCKvhC/5wapyYbgW8/mYYmCqrlyvvs9pSIqBR8vanFMdDA
+ RGouV2HXLCvvf7C+QJ6I/XMPgK+ie8063+7Mz7i9wtJ44QrIEBBTqBaLgSQ+ojek
+ 5eTlB5f+6XgiAIrtvMjNuyTNYKjlGILC5+RAfhoZGH6Y5pA6lDJ4egpjRwW6/jzS
+ XgGuUCRdk0qjpfR5K1HQRLMYx7zhz/MZipHAjAXPBua5NIFDS+G4uS1bVozFY3C3
+ RuWqBLmQ/zA4mYkZyDBKdRZOKIHvnNvHT+Drpzs7HKMlt4evnU15V5Y94kveI0k=
+ =dtNw
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//e+W8JAZRCKye0xb0urWAqMhyQB9bPoUdq6NvqOhF1Obe
+ OIIg7wKMVYagNKnnQ3DT7AlaG02B4lV///cXDbF8z9CqITv0Jy9KDLhWcmCjcK4H
+ /YIs4uVEUm0SsZniGtX/XBBsVPOSZjrr1Rv+ZQj4S3QJB1bvouZmXotyiSBAGtxs
+ LWvJbHZMPpeYXYHVJwB1h643uB0RAxl5ob7t1KhdWOBczqTw5LJWkIvhiL9twjRM
+ SNo/a+R+xXj7+kNhzA6x2p48EEFoCnZLwwwnNxcH/7Ru+VCTkd3+LWRoocYu6Xml
+ 6KoyMv5QIrg8ObzzNDqqdHV9AL0yMoNbWhA8wW/pImwzWWIoZZnOB+UqnsgmvEJh
+ z0Aznuzfw490R6I7g/fKTTNXIkh2RmPe03E244H/FL3Ude7xSgVRc85JzECk26gh
+ PSvYBqgX6gafAHAFYYtu0pI52fIpY26FQ6oFd6lINmBquvu+jVRJJ0tL90x5M9oS
+ 7pW/++RX9A77sg5uda6/83H3VGyDB73epW+Zif3EY2I4pP14rHba5W6GSv5pQRRO
+ 44rB0VsrfQrFOgITCqjUWS6XJyfUcwsISCbmKz7aLqMApaoqAGdQz0LYPtlGiWvx
+ fAbBRmjFhSKt6+U7rvM6oJLjSZE0AQJ6d4BSCjqvU2Tn2jNv5o6VT3XjwqkSpOPS
+ XgFVMHLs1tTvyT2pavrsO0OkRY+wSEPkwI23/Lh51lOsdRqTChiCsoixoApEkKy+
+ /EehrjKxPsX/g7ulvoNlnAMtEYt4ShCcnXY+BJJAQLyZrGb4APSd2TIK9hRTNMk=
+ =6NMh
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAqpHTHLJ1nm14QdhNauHESrle15XBGIWMPEVapqcfc0Qw
+ KqDeoxAQS+KqklzODzy51Wmzt06gGn7AOgGf7mUTOJJDiNwtQrPJay+JYgjmKwvH
+ 0l4BUgRnvwN9iYesLjh9HNsk/yomORDhwdbMoel3Y5KN3+3dVG9wHSA2A7qpre5D
+ SWoecyXjnocvu9Iyr1p6d7aPwGcVvN+u/4wD+fsczDVj5megya5avSjD5bXI0tZy
+ =EQq2
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAgim7RmvpCENDIfjVUrEW9y7BKKfZCzDDjAo7DMKibm0w
+ fnUxNm6hFRKfZGNw7YRIZxrlkBGrzj3lQaudBzOw+Y28nKK+wjltrX1JjgDA2aQk
+ 0lgBWY1AIVKdyzJustVIuOwTu1GfLelPKpzT4lFAnvBrs6rEI0DtVgiUtgIxn2aK
+ ynDbN7LSJH/K84CigYCKzKdY7g9eg6uKuS9QWaDV//oMZbdUijhtK2M9
+ =/TsU
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//X+WG/gb9oSpWLPlQ8MC1LTGKbe0U7n1RT9GfkFq6QwaD
+ 63K+EUOPmmssmWuqIyH6XL9TXK6xX3hn1wzZ825FcmN69O3v7UoLgNTalVC6A2OY
+ +g9rcpSIb/R1Lt694p75ce0KvzepvyNdzsTwzMSMTMXd+Z4vpUyQKPzOnUCUoOK4
+ MKm8iNxX1srl5vEiw3wWR6untn+E/4DGmJMA0BZxR9TTz5dvNnW6F/xn7dG/aLvz
+ 8MwkisqkGpkb2SIeCexnJFaYtYgIHby+tNVUhBE8A8VOQdRa4OiXNbg+EhO0J7CL
+ Lhsn5B3jsUp0HAnUrPI8feuwaplzPML/keVE+eIJt+xcXh4znVbclFI3gxNPhMPp
+ lTjRptzLgPSa0k2+shtF16WA9/zCmFMO338VIEn7wtWPsrtJ2ap6jD9VLA97eas6
+ 30aDudXRx/Rg2OyT7K3lfRhgkV+727cbBCYKN5YW+TdQp6LheB5PbWbRGpr6wQbW
+ phRhgTgSkpjZf2RPCgYLNjI9xlep9lSjBwe4vZW2MdVA1778hvdVb5069n432a8O
+ A5mPPsfwNi0X+UnFmid397jIFH3ZFoF2YB/otnuRfFA9TdZbayl/lZgXVJvqnGGl
+ +Zaz74UQiQWxLBYTpmOdh8Cs2eEeo3vQGkOpRr0gw9AXrLbiVYfv+CwT0QGAUC3S
+ XgGASADjHRKN0sqUwZ6/XI9UeWTMNZq0Y/DPWBGTzT4AehLlJKo9Ju8iZlN9D6Dc
+ XoIqjpK3F7swjMED+xnK89dWCymPZDGmA9fWtkFnGkMjDWrW62+UNb9f/Oh1sGI=
+ =8MRO
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/pretalx.sops.yaml b/inventories/chaosknoten/host_vars/pretalx.sops.yaml
new file mode 100644
index 0000000..9d5082f
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/pretalx.sops.yaml
@@ -0,0 +1,221 @@
+secret__pretalx_db_password: ENC[AES256_GCM,data:T9qw46sR88tcj4NG1oK3AfjreU4N1cIN0w==,iv:g2rr7PbFN9bFDg/w7vZBiuMB4p2j2uu0eQAyiweuQ6Q=,tag:0coJNAbT5W9gxy2fVOhuoA==,type:str]
+secret__pretalx_mail_password: ENC[AES256_GCM,data:HJrrmdDKzity4Fzz+JEj/kvddzHpRbw1Yw==,iv:dW15nSyYjzlFdPkQoZmJ5k+poWyJZ7dW5Lo8IFjtfMc=,tag:AZZObQRDMMoQgnPmqo/+Tw==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:05:04Z"
+ mac: ENC[AES256_GCM,data:sO7OHejtPDQNt3bfXl+W488vCqaIicE/iZgIw6dClwoHZUHDNlv/V4aubJk89vELCs7JeOYocqZhARrrHERUxLtQMf+YguA2fBYZOVZ37chtfIqYoceq9ygzzzI6/PQlO5oRoe6HkASJK5t9oVWdfWUmBfWWWjBGrsKbUGnlPOg=,iv:p9NZw6HA0oj0PWJYDIjUKzj3DAI4ymI2V7o9knsvjnE=,tag:AbMiE6WQSPkuY2AEIcHAYw==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ/9EffdaNUw7+lCgQpIq+ZLSK08NF6VdkSgrB2qBfvdx6K2
+ rHNsBWMhfXKJRu42NBKP6v9xuJsNrpS0cJKhBaZB1sZReJ6iFRR6iFv3WfRPODNw
+ owx0dXP2OTgrrJYr9jbg8s2yUZzRYakEqa9KZkLIjz9klyxclDF6aI1DjRuNJ2iP
+ almHjD+wjr7KZSPXSCEESfRD+k2wUUk/xMLQ73tdZ+8+Azex5diquEZCXZ4VPeW2
+ B8pl3JQlDSSdaxD1YAa10eoIwIVn/ac1phPOwPbegtvhRs05HpaMVD8agP6r2IFe
+ sLoqAGRlgPAr+a8KDxwxhRirrutOxhvgaCTHqkWBaUsNdgDgWfEC1ujCM6MpzbnP
+ lu/VQsDEN1nZs1UQ3qjCehh99NBdD01bL3TzTXrT9GhoYxAKb+QN9+7csTKq9LH9
+ QAFQOQ3oIZGf3rdpYwxrLYAfA/dSu29xXHcR9qHVOSPDg5r7s1ccLCT/DwtiUfrL
+ gXzMUMPmcHAKaMhpxGXtnlyZFfSA34EmFFWL180de8fUHW+vD5AQu07RuwbDmX1O
+ ocYp2GPwyB5j6XsAGKDesyXB3q36qKyHS1A3XeWd+11cSkcorDYTQqjB/6IeA0ym
+ DSBUTVuRCput5skr2t/UMu41PnA/WTGKHmXU4tAWTCOPF2kIlJJpOcUC2m5M/+bS
+ XAGh43M0q6QwfXLVpSnbtQhT+FRGj4xgie6A4aL2kKjwbo47hfFtQ2kw3PFk6iXL
+ yAnLTG+yW0/FOm6Xmk838mO+xuNNHaOMZgCYXmD71l9u3Za5xjDPRQNm1wi6
+ =P45G
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ/+PWhuluGgAjqYQpFiTUSUhwWbAwpF8o3pQan4b+cd8a6H
+ f1jNeA5XsWQlmtzlW91T3vInqRrWzp8JKR213nFm3lA9SkNQmDs+UwcfQO8at2JQ
+ YMhUWf3ea2TWn6bKb/LNYMdcsKNlaueyQgxSJZP0rhPoI8uX4r9iVvfbK8g8iBnw
+ 9HErdOHfaf1PNXFQtSh+1/47ocyxiBg0/7+e3C/Y41S53NG/J/d8ldTU0mZs8q9o
+ 0DC1WDbMt/t0HwKyXN7zLdBoW0qB2M8FFbAyAqSpgDdB6AP513V6ggoXT8vF7tFA
+ m3Sq+8rNl0JWK2qcBmd2tIKJF0xASTnhQOd5z9PwZ5MlNBJNobB//v2UlDy6Iov3
+ lXXbXexOtxuBdrWsQ2fj1ROasTlBTBJ9AAKX2hv/x0bWY627m9sr9wQxv1BrhxzJ
+ AnPGYEHdpW2gy3dDgq42HsoGAIQlO7fjtPC4LRJ+mVpJNcpAaJgUBzjwyEK2/VZs
+ tNYnYwhrxeQLQfGsOKGBm/gMUgQI4UPmyHZqEMOziMQu9DX3PQ4lUE8NbMnzhD4A
+ XVM0XGh/rX86YSRhoqNbubmsWtz6L5HfIfNF385OnM+AVXPorpEJNcDYN0HazLYM
+ yiUJ2UD9eDTF5Q/lVAQhmi2j9sCbn+cWwBHgAUfBa3sdNhQgt1V3JcoIwvEIru3S
+ XAHnHd6LlUDdCn1zTOwvyKCz5V1gUDQmF+ocj6Sh5lca0ks7kxTAU0KCTwemDsbz
+ 1WJwR5NR+gz2YMcGeRRqZzpnSDs4+RyaTf0jCpj8plDecBhzJMoIzX/YcDlq
+ =W+aT
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAArMlCeBgkSZl0QwIU+ahxoq05l5qDc7s3k9iH2i3ZaIsg
+ ZQezH84ZKbMao+lQrRQLyDR0WzZ/gk4fytylC6zU/F3kCojVO6zsWl6llOmbdvgY
+ ypBkLT0fQVOKqljEocEpc54MI40r8n/yJrnn4J6ERxHR3VXJBc+m4M7Zqudy1hMx
+ ugx/wpjenCXRis1S+6WgdJ1XMjkd0yWusI/oLc5leac/PqnVRHufSzAx31bRq/7+
+ bjqUUotIbUp6DhOil4or6P51X8BIBlnEQhYjHTQhx3fnUyqeYLW+UTAUYaldOY6q
+ bBOE5v4q1o79gI7rGfqkSXQl6fIJWUwWcUA+VLtv9hhMiqYOAezm7f8MwXZUefp1
+ 5dCLfSoP71cwEHdfAINsxb6OoIMuvsrL39oMreEq8v+wXhLlvxxBfSB9fPg6Blw4
+ tyx72DWKcDUvcXlUCVd9AnPPUN2AqBOnuQ4bmzuIOxZHQUr7oTYUsi02H4psEkNa
+ gQ0yxiEnznnU8noykPUukzYgyfRzHsS1q1o4WLjUcJkFFLt1g5HQHTDIvD1Ebf81
+ pi++0CFjcNDZe12S4jpApcl24WTowkfJCVYJufX0cOdmL6Za7MVxllq3PWIhSlgO
+ vXmkoWhdDlsl0B+xEWeVw4CWQOmbX0J2CUwQRVdwRqhv2ejc+GCFoyjGWsiNmRXS
+ XAGwkybWT+vU/8Uy9jwdRHPFOcE+ZIPuHO3cy+9TbkH7w7M86YEUdvW6amvG0HiK
+ cnMWvbol7a4PdN1i+Ov6YzuqIkEcV1Y/RgjOa4zwbXHwX4LDLpeIMS68E8Fn
+ =mFN7
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/7BfThwS2apanA8MrUZOcED+O7zMnYryEUlMwWpBE2sEGd
+ GR6letvHkCn6ggqzVmbaFtFY6kzWnUiwHJE56rXab8ouoybf539eot1FH2rtDFWG
+ MFDO6GdJq4JHCIksx6kR5N7qDyhSTiqbuF04NsvoHvxgcpNQhkHoiTopTTnMYH3K
+ gBy6nMkfFtFZ1QTVUGGtVROUqo91r9Pop8IkBX0o6dP9piUGkQUHkVD0ci09oclA
+ xNCIO2Qfz3PJbj2EEyVJwLYTZd32kJOn22e014kI9/xOWCHNOP6zqwR5mzyb1cZl
+ ATDnb27F1JUxpuXPTx8Q6ybI5Wg/l4du4D2ZFElkvSh7xQJSeRK/OvEPpOeNV4vn
+ UKj4lxg9+AiNCbuVxgZP1uYCDKfcf7YnBhctRpHYK+DWE5DLpCxjYRrMu5/BjW06
+ Xi4uYVX9bM82RcnZUeOJA/4GY4epPlF91Kd2ZTdCyu4cV1EPtFi6CQkG4OxuqbQ/
+ cURZSmLwJHx7eoqKfpARslqMQF9713GJ3ScrvwwPEPXyEptYn0wwnuvsLSBmLO+y
+ mxJFKsTUumL4e5RSb+KT39AXRDfgP6dLW3HEYYa+wLfNBt9ObS7u3NZTvAbIqhDP
+ LExNXOxSg6cMwtXB8i1FYRAkSaOoIg/RMUXFXY5Ozd36hPKRQMz09lvxI6Vc6MzS
+ XAHKI68c+Bdu0z4LfXEWc6n4ZCLkU52fytX2chWx/SQ9K6SGPxoJ6enz28zXZP7E
+ GSFYcKW2ZnOagEHRq8ZzPjR6RsaxH9Ge0oR6//55pHQqpPyU5YBe+gq/PXh+
+ =Y2np
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAI/McyCJvJ2mjfuNy5cYD8yerRzaI6hr3DQhym9u2Pz4w
+ Xmzw8xhS2pLF+9wByaWzPa6wZNhcOw4FuoY/vuX7esfkiy8hOolggOo5N/b5OOtU
+ 0lwBy2eZXcWslQn0ywspNjRLSCMTvMtgjP+Mj+Yz1RFVuuzbf8nx6KndgghNJLeM
+ yu37XTzfcq+uoTbeAuZVtHS1JFrHbqFvuRNnqF+DA6xI7VY3TMJMhpS5I5J7dg==
+ =/a2s
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+OMpABLgtPwY/mKXXbt5ZWlPWc279oVuJfr3MKNAZAeYv
+ tEwRH8L+/QJ6WVb7eBM0QiYPfykN94lc2ibiH5gU0fYl1s5t8RhfA2+cP3aSKh52
+ 8PAuEuvfqV96/rIaZfgdhOkZhyOlB9hGiMxXzrqDSgMiDm86dCokYZSnXMYcS2QQ
+ mj4vazChKE9BOCRXT3udtHPTJr1P5oy8X9zzJD9zq9cDRimWVc3d1u5UNdTcUnp0
+ Lc4SdHImbyzrIw8dbsda9TUv8D38c5f6MCZSjGgCBQ7vH1EVpSfwPDLhvfOak38A
+ j0f7j5VRPNcYnc/SzFLM9gXpx+K/PjEgwBlZBWqQIo8VJu2j3HT/WePKABmCki/F
+ 7hvBYF20URGTIwwWvwgEPNYarqkfUsQ4MlQFLeqb/hGZmDJPI45kxA9DeDj17VJU
+ GDcyVKaU+YLQqNJzlPl2YsC+CVGwnF68+cQ6uDtFVCWYxZuB+8Uza9RWNilT7YsE
+ FWNjZNPEpURUGzXoWjeD8dsr3d6138Br5lVuGt9bT8rKNIr2icv+C0IIhAGPFn5W
+ 1mankaftwGtOgQ2kV+vJTHiAoBTWXOsl+ppeYrRYw+dEk17NMOryEmgGARtDOQ+m
+ 9ZJv0SfoRhH72gc9AyyEb/3vW+zipobRwlrFx6MZ24YsmrF6ktaefwM9qrC1QrfS
+ XAGdPW5zc3TcUNg1RBv+L/tsi2kgqY+ay4ivqeMBeKqOpaLflfzcPvUagDbyP8Dn
+ X207VaxYHuPKHkeIPTwYu+dDSUVURxSePZY6dNq4NVAniCA55BcuwpZEtSkY
+ =A2kF
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ/+N2PMc0UUZcMCFJ5r1ighIXI6vdPPKfxD9dO8CLG/d/Jg
+ 7fnr57VGf9WnDcaDWrInyY3h/dhbVdxwW1Svb+sIvN4h5HNZXT0slMqzF5s3ujQW
+ R5IKf0LOPoP961pkZvAxdGGaVs2q0KeXwzaQrRpdG5qZoZFukBMjdPlXvooWL9xj
+ 50fJ5FA9tWsplhexBJpO7gZa9ChM63OwkrMJsEPf4IX2CdAuIUUi4ZCSS9flYXwZ
+ 0sGKWFIqAdPAlREv4Oj9Yyg/w1JIxOi/FRaGX6w6e8N0ijrde5m03vM+43+oo79J
+ F/izl83N5/cHUnLsovLkwojcoYWX+lHRBPxaPti0JVtTHxNk2hgY3VJuLbgute3D
+ QJk9shKlsE1fuRFN9kYeiZH47Jb/GQ63W/W38zGEyDI/P2XFSkoLkK1XMUnv/iaU
+ BiZ9yyJqC14B5yoeI7fosnpTxbzhEU/Klk4yCjy5m3Btae7oBVrPJs1ksy1vsJVI
+ 1e0jr2kitK5vnLXntrPHrci1D48WuK8qYO9xnbPb7Y72a/Zs0K3GFaj0bb1xDp6N
+ 7MdbkpkxZfilj/TRdyFCzWAD7YYaikpdqNVNupK2eT0DiUBLEay7CPggUy4JBVwv
+ QxjKPIFEuQYKDZyoqaB4aNK7sFi/mnOnhSuiPW/Yj8nWO5cBQN+yV53MZJ+bMT/S
+ XAGRgwng3ADPdTTWI7059N1ps47zLu+X69EQXQz/XXE81LB4GpV4klf1ZyXCJxL9
+ h6NkMOelbQRzo6GmIVH3ZybulBDUEWaGcey/tjc4Nn8nsWLEEK1sZ8vxhgQS
+ =w16+
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//eCpH/tm49iFcT7m5Yy9URQh6iumq+qisjewD4I55vfI8
+ 3wm66qbVeGqRWdLhsLZ4xajNNe9WBYnO66RcR5QEyKkwsau8IzN7An7qOwsudkFi
+ Fjm1dGh0n1EvsScDE4CccPlWIgmoTEkI1AlY/bk86I84Xz2I+KKGKMDDt9M9wY4o
+ kEfqXhTWj0RyYiUWroFDTTUS37qAxj3Gsn0ANrK7fq3KWk5wZY0HxEZqiwohh2IJ
+ 1IRoPqiweJGXTAdt3XM1KHNj3goMThyW1nPUS3vegSdG36MW7zYgFgr14gEWjwe7
+ uz4au71QdsJo2wqrXcblU2KXhxMxgKsfIO6n5SB6n2beC5YB/WXK/4hqvjze+4k4
+ gmJ1OaDF+C3/hdNlAxXVYw5duYeQHaWdBnuqc3bYBR4gplCe8sHXVPldBwdBXT8/
+ arpbxaTZGGBufpAWpC2zOC/LqriFB8pgBr/WHs2zgRyy2tNB37g5w7CW/1piTxOm
+ txAkFnvlVHAvA7KJUK7ZlcilxTNhTmJbHbsgax5zol+Azr/NaiI5oCFPfEfIHMi3
+ KIFasJsHaClUjoPcoE1qqCxWS9rYcp16JA42tJHQLUTf96EMSy0PI1Gz8s29CUsc
+ 8sRQyCHg2z8CRYewpgeZPFZ6oB4li/7wk33R8Ygz2rl0v8jGYLLXOS4MKnMzmh3S
+ XAERrfs67xQE3bgzbrwobNGeTkx2XglSe5m+xK4D8ncaCjt22igKynJCN2VM4h/9
+ w17wcA5ptgHDY9FVbdzlVpG5B7k2qOU7ZpZwXxCtcYKsa2ViF8KOiYVWT8VI
+ =EeJS
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pARAAkllD5CHl9ViGIl/9NT0B/w0VXvKdt7Vm2xYAOHTDszhM
+ ytcLXB9sn1eioRPBBzVBobllNPJW6Pw0udokQtJ+AxGMbWCEiAmFBz8l3UCx5I5Z
+ UTELpSjUEd0NnUXeEeHqXFoeEgfuXpSl/jrhv5jFWKhosrYROlD62oBOn5GzTPjo
+ S4f4w/CogJGDCtH29RqknCNGILUkq4REMRkUROVBNNlt1l6u5EJ7WOYGs+8WZjHY
+ Y6GHnThJcZQdExVkLU/LqI4behM9rMWIfLuvIq9H/0JRaaUFv1HPIk/txpTAiesK
+ /u4qRzVUSXF7C98NS33qN4aOG1twRz0VcETt0KGSTCdQxQlnAnXw0MUaWIr2Xm26
+ NVly12Bfnq5iWzIx2oR0RDuD4k1TWK79+Z2Ne1h06VYTIEqxnjMrXna3aKGG2f0c
+ 0P6u0Msf8FxUXEl/HtRLZHJ9v8FoSE+qi75dOb5tsjXRCIKLlNetHN1ZIVTPjD2j
+ 2jftyIBoLe9FVdMkjhAhfkRG3nc1bpDm3Fz7LNHjr7h2TAgskYRctRCQ0sLUm+U0
+ VISkoFe5bQgln9igqaVmLOHPXLkAE0pOH0gdyXY4bYUf3CqOgvgdRRHAstup8yRE
+ TMop8obh1JoYPy+gx2jnHbr01lTAnbOqTBrnq85dh9QiZ8RD57rmmQCn334cfT/S
+ XAEWF22JjcTJ16SUDzzM/ifU7ZLn0/6S/06mvzzvc5/P1j13HxoQy0tQnYH+hSSx
+ vYs/JDWdtDOLyveQGdjEBv9DCajNPciCpvIHP8kiEIgXK+eq4ULwgn7qHUA7
+ =5J5Y
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAgrc0PgCemUNp2H9DlYhzx6YOTxe25hl9xXUry1/7UDww
+ GqWflaDgbQXWAfJ7SRg3/97xvVO2PvRZA0dSfyGZOYdJZI2DQYYmPOP0XBjGmj5e
+ 0lwBC405oP9jUhH1vqsZ/gNCQfmBF+K7+AZZLs6PMYPMbYqM/UwXYG/1PQ6Nsgjp
+ WaNDQdhsgdBF/3f0G6dMlon5GsHh74UZr25m6UnH/QXsGUsz99YC3HpYqfZ4zg==
+ =swyG
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAojcnJZkpCUbE4s+WspGi5Eu7umXR1CdYzHy2PeO3cxQw
+ AlPyrJ2Yz40wMB193w+7rH/mmtDJ+TQR7JdtUyjFh7qmTGHR3C+PkcxcMZ4f7hNo
+ 0lYBOsN8HfiXQRUz2OskzM0nohP41Y9+GJd5fZRPHMUDoXuW3vxVYlvHPs+y7b1O
+ qW9DN3zJPiDh00qpm8bL8Cj1u2XVvg53Yv6FIPbzqwnAWGIAMPY2YA==
+ =Li+p
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAA6LhhmYQ2gafJaLJeieaxVcH7cqanMdP+cWIUHU3vSL1s
+ pm45DvU82PdLot8tXVpiFE1h+Tj1NSFK2HQnyxZZCTp3WVBclPXsDM/cV/j2Ti15
+ 1y40CEHCmmNyiXWfe1oknhSd0hhsFXA1XukkTqGJNO3lWLmvxSOHcz2pVhLDZdFg
+ Sbl4NphVeKSVDthfgxq54MQYSkpQ8ad5Pu6yj+xKog6+vy2kPb4j8OGAxvXufs5b
+ zehTw6y3v3R4tEWIOhqijzxYEpXfe+CODvos/ktlBu9JRz2FxBhDKynADalgPOmQ
+ RKBy/UJnb3AQKNCqDPMtdAzYgLbjusgtZCUqNgNwXhosB63Wp2G1lwl6sXpmeBvd
+ Cwo6Q0XKNMupnYk3bLpveKTJEuGiZGkpvmj0aNEX08JuROYOIcu/8NAxD4ElY28Y
+ H58qduuiiXKmCz9LAZFmMCll9z93UzQ7G19yG7CXERwLCp+wtftcKks/K5ZMxO3i
+ suX2kydUi5UiaStLOrgaUCwAGLg2JQtOUlf/nvoxu5YHUbKwbXJ/SHqCngxoyE9U
+ Y3ZaicfiNyQW5tI6N/PVdeC0cvIp+hiaMvHXRNNehVL2Ac6yNNUF+X5fU1bzNqgQ
+ QMVIf/UX2ky9mjmxw582oOCASiBxtCQKpVxgRy+ZKqhgcdF0Rn0hp7O5arvYB7HS
+ XAGe2uopSmnOmDt3L/wOKfiEX42nYqhNgMrgJg9NcLHyE4ofyvEZrOtztSK44aUW
+ WwsG8izTHGhgUM/0GWRsqy9oZVmDUiNcxzm97n7UGqBZPqj8iHVGHCMqpLST
+ =+cIy
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/tickets.sops.yaml b/inventories/chaosknoten/host_vars/tickets.sops.yaml
new file mode 100644
index 0000000..6dfc627
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/tickets.sops.yaml
@@ -0,0 +1,220 @@
+secret__pretix_db_password: ENC[AES256_GCM,data:kAOUjT7gw0FDqO+xt8m3wAhOGuZTS6zEIQ==,iv:oPAxDzz4ellT5MxUqw8/iBYyiTMf1b/Lddj5E0iIhWE=,tag:r3OTmcSjNUETEmOzxsMhxQ==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:08:33Z"
+ mac: ENC[AES256_GCM,data:gyf0gBed5K3sEk0bTBPbNa83QtWtoLx+NVp78KrxxfyiUuPu/5ziWPKHDd7o9TQvXZnQ8isVy2BaTTwR6tK4AG5+SO2ffV0a0/uNx3/jUvh56zQFwA6LTviEnR3vKvKPa1GH1khojaCkyMpYkb2KbMnbrGIt8qqqDcwc1dMVv4s=,iv:7oPpmfeAcWttEaCOiL2WocbhoBaIh0Y33OlCAYjq98w=,tag:KTN+7sxOYEfxGwB3OXvUIQ==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//ZaLa0jFRdraV+dQbKltTYi3U5RCebaARIe6Zodux1wNF
+ nwiBpuTmGsv6zlMhisLCuvq7Xi5sjsPgxECeHTa3iO5vFmAI0FZ3edxxqO8hSzg0
+ 72C31NGvXxvXOmiPRSE1ICgi2d9QiEo9M/XIoYuH0KvfgsBtsGJizf16qRoZvV4x
+ mZ+eJhVEnrXhDAMW0KkZnuCA1p2+02ZbldEv1xO9gcDjGlJNlOmFkeQSw7YJMSL+
+ 8i8IP8bu+P04vhQ417gnTh+J2FHB3dOGyS/xDkWkvm8eoOGHd/A9iIdYS6U9IXRn
+ 1cKtuu+1WMy1tZI8NSRrjjCPgA/IKAtRsuvQW8SPD09Ry+PLGmPNDD06xWeruj7i
+ zGGBSNLudQerlcgI/jXpfa7cY7J041DIuL4LpjU31qfj3LOf38xoncgKWGp9y1Mf
+ qmPgqjVr1AQL7TaFCBs1RULs05NZh/H/aB5LySGJVDklpAmsNI7EELuQY+uLDul8
+ z3RarGJQNHHpgh7bVr/2xnX5wxnPDKTxZOX28cx60xAdoQ3YteN3sz746eVIpLy7
+ RknPiPxbLADMTDvWViXV30NBxiRIMZMyTzV8dDVybMP0HVsi60oUmt4dTxNTUwc1
+ IkJAsf5B3Gvj5QpxB1t8hhp0VGp9y5xpCIxKH02WsYD46Bk5S5GK3yfI+oWHGhTS
+ XgEUfid+nmHsdOTwLuIAcg94hpjb/qeNIZTrFu+PLv8jAXM9iZtL80TY3Z47dBDD
+ TFL5VWwnN7JvtlFAXZfdDF0Z7Ds36mrLkyP5H0HlYySfXzXRaom1X4Zoe7rdOYc=
+ =irhU
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ//ewjkGZAOs4fTiGze7L5CheqqNUbpGGC8GGwc7XNWWDTH
+ MzHw473nF2m47qxDlOPkuPaSiM42306uzLkfVOK78ZF0yR25ksWmbsUMQmjvmiIz
+ RxhN9se36iui57yTZmgklwCZHCGgH+Z14j1IMyxyjwYnVD/keNT9nyHaTXWkJspb
+ VH8HDIdUWRTz6i3lQFTU8ihsUYJEDfGq4Z/sfGGdawHCdycq/X77Wks29PkX7dsT
+ /ZWQ4wDShytB9PZkzYRuQGxe9uyI2ULGzox6DxCLiorjbWvu9XCk0PyGGd6oCYTh
+ bYwERBateIUGy5MYKye4i6bh+d+OO80jOz3MgG5WhNfmqboywi/sQ9h5/OQStNAi
+ isY8VKyqgvQMbOf/AMuBeUClecFhDDZnOHspHPMUwnvpJ7cSni+n2fB1Ng/j/sVH
+ Sjv8CTmbPOqGGSDO/yFXBtWqZa+DwSJog8XUgc08JUfSawKtWGbQyHsRZ9NPF12z
+ xtILWkYOsetA2rIz+C5L/E1linyj3QuEXueONiducFhC742dDJc9RY1+1ZfLwkoy
+ kgZuxhItOdBOhjmarK9hlpOErc6d8UiDcknrfHdOs9sZCaM1I7EptJaYMkn1Of0p
+ 0fukUpolLGAsOOphwJyaF/7qfWXmGmUXD6B/prYo0MggnGYZ7NkY4ja/MnpoYmTS
+ XgGrkpFRNk7XdrOjyV9+vYHOKegNpoKg/SORi810VyNdY5UrgeuZGRFopwY+hyR8
+ ivgndYxqvxLDKJ2IU3LTPn510slUAKrnuaSLF/ATTzIVxBtVWzxNB5LJs+QQiio=
+ =vF+Y
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ//R8nCAozvpPk0xalyBdT7rmz5veN1JQmJ56MeNe2YjKVR
+ h+VlisHyv2s/yblj0bghfK2Q5FsCqaEJu040XVjIh8TnmQSM9Ze3nso9Ey0ai+ba
+ 42S/4cXQs7WH44n37qyrP6xQoZpFfahx02FuIudQWe4HYzkKBYsKh2izdiWy8ilK
+ 8AKalfHapVilzmvVKIDXTFPfRLwXdvvqHQ4rX1lDXnaACjvvR/Xvc+G9pWTHhJbp
+ EP9UOx5au/xXoRoqqLYgoMZmVdWOHHR+tehQIxX1GknC4qjEcBNpsPUCBHPbzP4V
+ Lqeyi2w5ySxL7KVV3yJ2ftuZcCYQoiiH0FFrT4xUQ4MYdpCscv7goJ0S3XIw/5SM
+ TQLgIO7NamKob8ib23LbukcZRVK1UJdd42oZkfZQ91JZg8mkH7WusEqSLdwrYi58
+ 3HpO7danYAiymcZqjDCMqq2QngzIqfnjUGUFjECDDVzXaD4aChy7ariPKbJY2cSM
+ q72QkDXPDH5awhRUG/wGVfg34YzM1wBREkjVna1KI71jlCTGJoSFNyJOm/FGxUp8
+ KY8Vbd6rPT/bTKa4zr8xaDgMra06sD/19IOFeLYVIA6hRTQFvnid1KHflKmqf6wE
+ 4DLxpBZ+htwlRSEQBgN9F+BdZV6AhSrsyPB3RTDvcX3/brsPM3qDzSpvnjA2PnLS
+ XgFSRrF58OpmDVIBNJqhZwk3GJrfHMlJCAESbQhB2Vt2rjYEoJFIezl/+Pd3t6U1
+ 4RZF9ztdreWLDTwaBd+Y/emSg5y/35bs79WUroFzLPHfKK2TvSv3kXwmD/agU20=
+ =zN2U
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//YJRu7a84M4Aw4psDj4D1/lgFCP3Iuozn4uIrItau2sfB
+ UxVHoUmpis4AETkG8m57JkP9x/uL0Rffg4/6dHeWIWBP5ivhPQYT+VhRuTzhXSm/
+ MmkgYwjsjhKyMQQoqAoR3D9o2pP7xLojIk3nf3rCIaLTlI2JRepDpGfGJ6NuHYuY
+ 3tL4c9aUth2S5Nyu2gptzIURtjj4zxvz2H6664WwhOFwGdw6DQFncTWSqCGcF23z
+ z30yXUhl1/tN28GXKk+94/EFrrOTvmJCkKao7gQuG2kyyY6QmrbHrHB+roxL4B7L
+ HAAL6YT+bf0HYhDTM3pQQiVkmgnmjn4TnwOID1pm0SH3uAYWrYUQqgHtvCzm0i4h
+ kGPQW752BD9i0LwiENf9LPR3gbnWuYUu+Y2DZ1NcWnbJlrfwin0xzXALYYKW35ua
+ 7LtfGcgn1qpvHcEGB6wcCXUwXOf3dxNZD04isnHnXbpIh2lnXhnlWQI81s3IuIMc
+ HGnEi4/wiHNEVtAcvQ/pgfZJc9zgfPR/qJCHJKbLgni/GjJpBSPvd36FPGwfGKcC
+ Q/Mvx5nycoNondF8wI0cVmkwhPCXGJ/Qbryd9LAZpJRIGcNBtkxFXm6IEaHdeaf6
+ sQcrkhANjs4/dEsd61GTnVOMnGOqVHS88yUmgEZIHz9JyK8Zm2WtflSkGlgIXG/S
+ XgGN/mFrC0v1oLQwAMrGq2nNrcOZD38uE7UidnN+MRgfz0h8nyS76q07mrlnqh3I
+ h8wmb3iYgB4x1iSBR97uw+h9Uvpv0pc2oDv2CzKeG+5IcgVs9RCwt6mrRsgt5Xs=
+ =a2xY
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdASqL7jPR42Su2gfaIPR7d/yMSKLr7AAiUJMW7jz39A0sw
+ 86w0HyFUh/fe5DY2VGhYg9Fw90I+tNnSPFxNjgEClosdUs6FBe43UvSxsNtUpg6O
+ 0l4BqTuQX4R+nTQ1f676JRT6xIoyO+N1NMq7BAWOxrkte4nCAwPjzK12Xo4IwNCD
+ /hzfJTdYonnihE6AXe9eoURWa71j0ZpVn7G+m44e8j8vXk6Ep0AI9gtYqXo3EQ3A
+ =KlAv
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ//YBuWhGfl/V6GvA3J8DvySqzKGDMgnfxh+LTeRBmeEDui
+ fPh9MOqg9hOUEYjmJMh1WH5G3OI8e886SKZp0YN+A36C8Z7xwRnxeO9dbtFRt6F/
+ bgb6RRvZMYdbu/vgJs4OhbL73BhGPbAs4+DRtrmz+Gbrn3Sm0BaJ63zmIzahImqi
+ 4o9abLPBrB2JJPqTHo5F5PnruhLLsaSqQ+uuTrDrwBpwmPQmPD+K8/T4yWgvcAfs
+ 8bEtUmRQ7G1GM79nGhdK6IQYCGAn0WE3TAOLJvUxEiv+9hYO0YSYuefR4AivyzQ1
+ wmO7qWlqY/hJzylaXEtIyYVfN4F3YtkZwN3wSx6UHg+d5814aUPCLCi7ftdMvwJX
+ y5n72Hd1qrIIu38MEG+Z+2Z36KKv8ViK0aKG/6BBBw0BpQDktMHJInpaG3LJUCjt
+ 3ayajKQWl4t8g3jnmwhXrLZf8JFbmGyzjRq/GqOhlJLvh8W451xlI/jPJZcY2oVG
+ 4jd0x6zkG31fIHJ41qOs+2fJaeh3WUHv2jAgISuqbEoEct+3EzXj7VNSGM1uB8oB
+ 9pUP1AcoWViHhhVrbnr+aqhyQDiytID0tf+Fvddpbgm2ECDTWeGuIrzoPcYYC19k
+ 5PuNQP5u9W/zHKOLXSxs/wTpoUr55OLBxd4l/gUTq4mCZ/1YFqSDUNrR28hfWKrS
+ XgGwy3VspQj1GzFz9zJ44S/tKBI5bRQSslZfOgv226p/XdBLleoagltdHEeFdbJ8
+ wuPyOzxqWa3U/iBF+ANHjz4VIzKtObFBf4R4X8hYXSXkbko1k7W8nD/hziP0CTI=
+ =lsaG
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//XZAHFWGJZL5FxHtR+9Q+Mfv+1XYsiEii7TJPFibcNB/X
+ YDxbuJ84jmueCqCLX67ISVPBYk4rIA7qk6+qWxAqJqbOFVOq7ZXZOIZqVkViD1Wt
+ GBRq44yT9HFxi60YN/2c9smUQoxMus5VXNUzRUxJiocEFjD3r2QWaE89KDj+gac7
+ 7xO/zoqV3msfZe31qmVD3sqk+EtfKTxmkHXtSstl3fZJGak4RPUwu0MMYwzbui+H
+ q05coDVRgum4kpUSJbK63S58/QkWYGBkNg66r4eXJlg+Hb7SAfS/Sn4X0xJuflmx
+ OKgl6Z0ds1XsoZN1S9j2/DT6NhlV+5ZoibEyQYLbOIQz74aRt+IRaAX4oTG1UO0p
+ in4OYtsI+wOnSfP60JW5lF9JUHaOaCDzxWaFyeYpw9ymMyfUL6cFDiMvKQPTONXY
+ DOKVH7ejCbsX3kq/tWr1glBMeb+5AjQsrkflG5oWbVNmSfGPQXxh8HDDr7zkwdHa
+ AeNqN+b4kh1HPBohyrocyjXQcRjD3Y+j+HWQIfXFmoNMRWGATM83s8JQoTab9iO3
+ S/68vFvfHYw2ijjTBV4giR8Ch3TPh20O01/UK1FbjQmrwWM7Z0WWN2SY0mN3wBdS
+ jTJPuXW2v84dZPUE1lWtvedaT1VLUI/9x51iXYlHH5obQSRA5Fli1zFXwXEagbzS
+ XgFMiyXksg42jTdT1UcPrptCeSoiQ5nBXcKfEf6d9PAu75u/MvnVaCDFO/vGwwRd
+ MyEx54Lpmsh13tXh4NmVW3Pcy0x/4Budu9SS43mBqDkjOcsXWd9jmlPK74+QuIs=
+ =R/9b
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//e089t5UfnD35fbHpRGNboywPjwRxvfAb4qFxZZ2gJ0C/
+ lLGgL3R1vDFzJyRJegPBVpYJC4Yx//wN9kyq2sqCWe+ePrtw7f+xNotzmd1UW1tM
+ mLBSIt7o9JIGWQ2u23u5khKalL1OYzgb/mezGOsvvz/VqGyJbkm7wpy8FZn3408c
+ d+IiZiMzh+wxaS1CspPwusVy3vNL7/OtA8jiwv+wM0QKsF+BgfUAEU+Le16CE0AW
+ kbY6Pkymo8mql+gfBOslSM6B3Tn72RjRxez326Us82qKWU/bCcUcCyoL4Ddv5/Nk
+ SKc0WKWGcQ39XiBuTssModlTGonihi+BqxKlvKT/QAYYroRMC7vFNYqG7inn3c0N
+ cShjYV+zJPNdlXeiz/ZMs5TpECBIcMEBaLMBAJHkLLjb7PVH88BZIcQ5/odpyOGs
+ pXqQ6pnIJjg1XlqeEnHRP6WtSZu4U0wtuaxNWNw0CnsGg/meTCKevlzN4OpuoGLK
+ 4/2vsUzOk6Lq5CwNtG6rg8XhMhb9S869PJOqKIopSCjklcU08SfxwcUZiBKLyhG3
+ oNHT59qbSq3CtIoap+VcpnqmpLiLAhUXoc47ISCd3RP2B7LE7j1Ls3OIESKnl6d4
+ mvElwAUQE2qtWRr0I6ypW0M2Nf+axY6HpQqTwE4nRBDA0+ZN/Y9LZHW8OEZ8sGPS
+ XgE1SvXOZsJfR1r4ndxQf2SmahezpSqrO1TT2oz5pVBQ/YnmAp9awZ0B2wEmw1vt
+ am/9MrBKCXjmMHwa87l6BaqwvnCUPRa9HBwVkGhvCvLAcP8odmhmgjUT0TErkFk=
+ =c/aN
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/+Ojy06RopB8cWxcVn9AXbgX7LA00vUVkbOl7yo0hVXZbo
+ jY/vvbtd5ju+ggtn9F0H+vunV1ulJidMy4C81wfofoy68Iqok9u5g7JNxK+5k/5u
+ 3xfz1v15Ino5baSbBKsf5fTDtZkBUOPiYTXJNtIf6RexTaLlveqw7JamSZF7YY0q
+ pRaxx5XZBY4QBoWliIhuzr0pPSPSM2gBxG4PNOXwEwfVJSJVZKulyDVtUhT0DorG
+ JAw9qqS/WcyQ905SY+YZV4jlvf9VNRIWjw3Zql2o9IK+MzX7ot7R+E+03k6Pr6kQ
+ m1SagYKaQXwpViAa5w28X7hIX41Umu6aeEgCi0Piw7cReXxLSDrLVPSaIqT2LSfv
+ ov09IravRf62rp0axeouUZNTNb/lSWX7T4zv9T9J4m3Pu0sEPB877BPzcJxLCTsg
+ 9VOIXbZe459Vay4GbVC2Y+8aSbC4HIrReXIlkfPOy9gCSpN9SMMqRlU5Eidmz9md
+ HlUzeJfGQs/9ZLiEMS7Qk1Ns4U5own8qmf5Q0m7E9Ho7LcV/XZhVk9LO9LzufzId
+ qoC9r2apZjSLrvAzNU7lVmCbniK0LZ2GhGeSD4mDs2CcSo9Lxwj8Zas+J87vph4T
+ js0FW7f5cr6PQLfq2wwTtK6PSYmXMM0M3AQ+EGwzFvc5aD9dp45Jbq4Tey+xVqfS
+ XgG/zmZZnCgHYBqN5zMld1/qleWJpJFxF4pT14fKAioBUUILrAgo+X8Ikz6llDSI
+ 1byxlPT9q3NgkjrdkegYMIg9rCYNflX54jRfeOgenlMjPzZB2KbdPE7wFmHWl10=
+ =bKcs
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAXBiU//ksELwICDAN/c+pT/ujVFTVZ02nCKoGcgtMKVMw
+ lRcegt+kGVNPIx0h9JstIuLHO44/q6V2yKgsetC/NyCkSJ5tulfpuUnQWUP7rCjK
+ 0l4B3+ttuIDbAdJ/IidXZIXBlHh84OQDZCz/La8Q1PZm2LFihKCWtmyp2SA2hruX
+ 1KrzJYRrp5pBGPgga0V75FfFcZrbtyypESDoj0cyRtGnh5TJSB0pMi4RAlhow7k3
+ =nE2w
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAuaqVtpUu32jS7+N6XAZgiiO9YZccwXlyVrdtBD0Yhh8w
+ ieJT+Cel69Ewax4TsMmBhNLGchI+XIGsbGymSjEpXxj48gkW/z/bRwhJddPb3kFz
+ 0lgBSKVyrRVaG3oRmSBVYrK/RovA+GUoatm1z4eD3twxVKFS9DcPjks51MrAuZ5t
+ WqV7WAhxXQ/jOAFyNzpV+qWs6hZKotzCc1CUc11ov8Mag0zDnuvMKH3V
+ =+xgp
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//UASU3R7l9DtANEukI5MMmxq/voPtDxTprhGhdtvg3RQZ
+ OD3cfxbNbUypBlPh/CAPpwbmWLeW7ooGPKvkohpDMYb42iyL+MQCVq/dIbMrYcJt
+ y4Aof+uUJVmeJhPcYj7RDZULjPOvYrk8ONp17BQICy3t2hthcWwF2xvX6x8hzYUR
+ lPA3Gle2E1VQM+nbT6pkwPGT5mFWlrdGHbm+PpL/nuMGsuUe+VXsXTfZSzKoXEtK
+ uPIxQBk3dzOo0T2FkpjlZOli83cTFbWi870VyR9ZjxEoXK4xXi+5WmutaRb+J4ya
+ 3JmWVUTMkVyYozjXBuCVSqpti0tM3c4aGkLhdYDgMl7VCUJQer+K/7pzEhYxRl7m
+ KjkTNMESdSr/F/6u0ewRTWdeyj5Vtsz9BOHiNpESxS7bP4kiXd6UrxpxisgiiIpK
+ R2wnPviWUti0Iu9FDzT3m3jxlT+Ku9oiVXXvDnjiN3u6129yhlobPJbRn/OHR6QT
+ 4czHAJEXEdzG/TVytjRqnPVd8UpfizXte0Ul0awtAFKbC0lgFwQj68b7CN7vc1Er
+ EmnS/7IO4aLxGoErdKUDZAZElF/ubQNeh9rDfcAX8lWsCVzQQ43xBkVSBmgjF+qX
+ a/i5U5yLwNs9SlPo16cfSMd5AWJjT65Sp4UKFz5yyfwunIBRnZsgEkBw0FgoUorS
+ XgH7jq6XOsaVhtljrGFEXgK1i0aeqaj8kEx16U3bM5v4rSmDNSrPSRzvFQ6+fGYs
+ Nk5Yqfvz7BhR6DJB6DyGXw+b8lWQLOr/pllC7yQagtH2PKYfebciPT8hXYlUfcI=
+ =c/NG
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/zammad.sops.yaml b/inventories/chaosknoten/host_vars/zammad.sops.yaml
new file mode 100644
index 0000000..a00ac6d
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/zammad.sops.yaml
@@ -0,0 +1,220 @@
+secret__zammad_db_password: ENC[AES256_GCM,data:ThtJngNvMc817rvbjMjjbnp1tBlXPdAg,iv:GcQHc7p5jFcyxpTcYsUOA8PvD1Qy5HxVZXHcAuL19Uk=,tag:UjVxYkU26/zkBL1eKDfreQ==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:11:05Z"
+ mac: ENC[AES256_GCM,data:GNOhRrJkLTjovRO2cZgeiRcqB3TE2sWxD220Z8GynoUV4pWS20vOKvaqwxU9seuD5Msxd05JzLRVTCtP4La6HVSgDekoVYKz3SLmdT2Hev+fscmfr0uojRi/5f+eCqGMBEy8Xs2Y7AzIC60iHqX4VBBn6FgkJuTyS50qn1akoGI=,iv:EIjJbb0adELCNBoRsdjsVvN19v4rKCiVmxcCAcnY7QY=,tag:GzqchqorbDN33+SfspGT4g==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//adiHGDXIz24INvZMytpnO1LF74Xfg6Y7g4namdypRQO4
+ fWgaF5dFCEMr8WGbjuk0OXDzUnkAgVtjTSkhZn6TBMgLlUzDabRsG9HYdUeB2abG
+ q2gwyybBUnbKhetJXdcbEXFlQYWdRhv30GWAI/E/qLUdhhy6v6KON7ZHR+2UB/ob
+ IlPI02h/q3MDlaa5QObVgttz5OLYRS0v66DVTNTHL5qydnLNjAOOu5v5WNDHL/wI
+ CvPhnZ2bwiIK/A4XQxGCQQUo1uMSX2CkNkmg3rXK+E9n+kgj8yKmKLm2ckYd6f+z
+ VOiiKVHJT9M5LDTdzITYu93jrHsYqZDdOBBjk/MVEGHoQ3k1Wmo2ndh92W45eEdR
+ wpRGkrggpV/Nanil3rEImWOFee+Yhhhw++l7QCF4vQQ0OeGbPM2Gtt6ggnxnKXtT
+ E22C76DF1Ouljjo56r4G/P9njSN/yJyEpiz0IWytGEGhiVgqMnXdxduNegdLQI6t
+ FFVIaFz52Q4/oGISbWuvLvlDzNg0XQE+/KNUfDiqj9O0D//UW7+bs337XMfo06Db
+ eofYq1+uY0c++CBqlBTUW7RAKf4ik80DLy650pMWryOKWU+e49O2wyPl15ZhR1Cw
+ AdVmL4u4rWYQ5bWUKd1KMBzrF6z9Ijz6xWe8I1JXg0Fw21kqk5qAhvm3Ry05O3vS
+ XAGk36zIDvIa5oUx5U/hbT4pTiB/rT5PDiFjFrb7V5JVQL02CC7uxqWXk4ioYfGC
+ DwmygqUzPTr1x/KexvtNVRmCv5kQWmzf6j8Egt0CtSYi2m7JSaVpheM0H79W
+ =csYx
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ/+JoUZC+RkuWmPEIPj3PJkyYBVHaX20gY8jHf6BvUCjoRQ
+ 8rwhXohbPFbxiJN9bdWdLxuG9tRgg1lQcK4+Q/bq5sQIVCAft0Ulu26BKN+dC8Ka
+ qv2+7aHws2fe1v7cCv9e4dNkiWTlfu2RHJw00qalxfwOCCrSQfOzx1jCm4xnqreU
+ LHnzhencBzaYirMMv7J8kzUSlxTHjb4OzV1Dd2Rth8YNZNGGibw9wnJAr4ZTOZjr
+ PdjN2q8FvX7/xOb0l9hQ++Xx4+iIkyD+WnvlrI7aPZJn1GP1psYIj/n6otIWcsrk
+ LOmDhvhq6GFMht0ejDyZlNA7ls/JB6WQ4sx4pWF8MGycuh89HZJp/jfPtgob+9Db
+ Kq/uWElypzNoMIxw8F4TKSs0w3vYV95tPtzxcOJew3Gs0FP8MbyWhU8rjHXG8Njj
+ Y+KjEVlekl6TZLMdh0lewyQxww83MQLR106iw7kD/iAlgZqnsEcZ1IkCTrD0drKU
+ +7AyFT2lYQmT+3h2KaIrWnBq28EIKdf0SQ7Ap1w2XlaNz3BFIDrjvfH0Y+NCEkH9
+ CKOaIowUyosMO/liQYWmxkJCUsSFEIjHypVKCwP47NeE6JRRpXLE89OgBRpuz27X
+ xKQmRonQlCvRMOCKr0s/HulQ4wAc0vK6H2BNqBevCDQQOUwG6Xg9I1aFV54OGxnS
+ XAHy2dhsIXkbvUsnNVynbyw2YaktTKc09Obfu7t1e5AH4DWC0YbRdSHE9LPRq+Pe
+ 88q6vRz0Wvl6B0iqvzF+ckV5//Mm2bBAzdfCC0HGyriV45FkFwlCP5gh1sRY
+ =uziZ
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAAlY46gigcH73HsaXyUCKr50AVUw82V2x/roiGRkEd60Eh
+ x/qZzS45jYC8ngpXCusW5UuVcKjfwwoPUSlDU6XYWi6UCQJN3X+AskG8xAx8d/PM
+ vsgy31LKqD87k9x2um7MgD4MUuKvUzrXyxNpN/fUveXZapzOLSEOWyA0qyB9SkAf
+ BMuI9NY84WtxzV/C2QWBCoZxAwsexBow95gFybDiqubZZnGQ34sU0M+Kfmuxpwdn
+ t8AOX+3t61jiU1Vq6ccGhcFHjiSUbb3LAGb/WPzzjyrsk0beMmWDnguLu/xuFFaU
+ /J2CcPtF7GfJlnwSalB2VVZa4Dmoo7Jp7j+lTVkOf/KTZQqRS0cNr4bF/qdIo3PL
+ BMxyOQwSoU2qpjc4yyczjNJLaYi3bwTlHmO2JQw+fus8bzvC3JO+ZywGcQG+Qc9D
+ e/Ajk7r2wnOPy73EvBdlMyL3n4YiCLW0uedtP+dVloa1JZtuI0yYcm+Sitzez/As
+ U+5zgjVwIIIrbx6Sd2rOG3ffZiweFPO1oWh6QotGyIwaN7ub4bLbjZ4IPEOBFstF
+ 5knYUvI3i/eIV0VYv6+9mzNHmNrICzVHJrdu7k4t/l89APb2RJQYXbyyPXJYXGEJ
+ nFtEbPpGaZFdgkbx/51vLRQPr6NATjO0XucfpUlPBmITzm23UNWQZmnwiPQurCbS
+ XAECbK3k3oFFF+IFrday4yH+bsEBJmb1fZqgNXUfKYi54/e9vvS+h9ZiYeUat6e2
+ eunbb8DpLWvoTXbCIdjd1X6ewiRk8HVCW1//hKqZm+q9pq+1qtp6GXrccigY
+ =keIA
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/+ILCiAWOp+/M8fEmyj1HMIU7eEh9zZJxlVAJtNCs8vBqq
+ N5nyV2oHGf7s5N1NcGyYYaPEj9A+fTBGsQGNH9vuxdsAv1TzOjCfuJoTaJbS5mGr
+ w0JwUEi8pFMNrf/IPbFlDTpyOKVFjNJM22hkAU27S2UuL7O29nXkULBRNMChdIJn
+ 8+9LSPdbrV/ZzNisRvf9UBHN9TCkrUgTxPC/H0IKMFfniAr+O+Tz8jHPIMHYcQTi
+ 8GcYJBXz9q+oKEGGEoAp6mLGR+qS39aQk9nWMekEAFvxdKrNqNplXRnO7b6UrYNo
+ ZJuNL8rnb39/tZbTay2+rLWTFrjtaMye0MrMSWF3iYLMMsOiN+AO2e9ij3tRRdrr
+ S7bO9Z4UUI1et9qlZ7zAPCIMCjzGeY6lCXaQzdV3MRKLW7gUDD0ZAMwHzugQ2NYM
+ VWEGkn+i9FmQJnF9fMQ+rmbKfprgjEw4ihxux7Sk46pu9THBvz1Tk/oXIVNBaMMV
+ j8HNbXJSvq8qtBBBpEIvyhkIINYsSxNuQl186CxAkxLKLqXmtmdemYRRCrrhi7C0
+ IP2G//QQgmMG+G0TS9xtpbP4v4sb2sl+90ivMaEOFrkBl7EZ14dHt/xVRchbx6fu
+ 1S1aNo90fFVBd07WJTbRBlWqLPm/tDXgXwaXCzUzxXsushArhV67wgThhkZKHbDS
+ XAEyJxt0Fi8J29aLfcozFGYyoCouFlWCpO98AX7PL4RRogiClWBsKlZs00t4NsLp
+ 17Z9+oUR2tMC0GDJJo2KpUShrmhgcVRatxZr+SbtpiTYVLlDludGY2f+tfco
+ =6cs2
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAt0jnb3zKN+/BVpWpm3R9XJuyGmu5fMPFfLGrjex3VT0w
+ JVs7elFZRTtTI3dRiIgTMnP0FIYu8Kwhr0OjjmnBScfWmu9Tc+wwEbCra9U62Xmf
+ 0lwB138WLDEtAjBIkqHgoEnGafwEqIAxFotbOfTffcSQU8xr11qSuDkPDEhY0zws
+ XXpGyCTDGFWOH4l/+OZIp4TFAjyMWwfV22/cnEyz7JOlF0syYSnxYmj3Cn45qQ==
+ =MFpS
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+MdxFZ8vm8EqCdNHGUSSQLAzZqvZNPR7PWErLimJwYQKo
+ JeYngZWNEJShYQSyFeVsunnOH57ZCWHIsvW1CRsueO8tVj0StR9RPm4uzPRjW63j
+ SYjbd8sCB1jwdOH+bfFP9gbQXB41PxYqFmM7rpnQKUkV+ExToGO+VVGHz4jf3Wio
+ XYskX0bsSp9L+2rGCJMOS2N/7NmiFliIN55pK8s5DTkvLVezo1z0kdpeey6zrmHH
+ WCQb5CdBlZyRF8xwidEpZyoeJcbvx3OmwkeM78hY12eLoNUUqUoKnB153EHX9A/N
+ OCT1vvrbHpUnwhb5qW5JcAJyuV3Vhwo3/cmmInX7smnCfKwwbZdwavuP8cIkv20R
+ Z0Z0oUp81Oho+C7cp0KKe4iU4dkCfLFsfM93nXvvKFheiPCVCfWl3aT2BvAmqm++
+ UpiUeIjCjsyuFwhZRE8st21/GtYfiFF/RMU30UlrtVTn5T31+16Zalbwbsy+syCv
+ 62ZkVCMRc6mGlcUZ+jj3F8v4afy2CKd9KGRWgOa6SzMNTRL4mA//UvpOIJG+FbBU
+ QycKvXGFsz28HvIDfDgwPr0ZjowAmmSdNUTqPEZ22PS2r/qHOOsDwkJv4CGuyKuX
+ Y7YFAEnnzu6Kak9IcHnVAz/KS6w0FMFWENz6irFNNfcnp0JvYty8AXkLdG1FbdXS
+ XAGz3xQ2kKzb5VTsbakd+MTFccn+B+/FOCnEhkZPL6l1K5AmU12kwIRVKYjwNbGW
+ Z5K2y1XI5YpaHtWQXk+z56/olkEluKNB9yqEVNCGIZ4X5DzZgf2K/JsEpo+q
+ =AiTT
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoARAAsw9RZx4oRDPdBZtoLBpTyUbyT8iILC/z79D7742MvYwg
+ X8sqgt0GKVocenn0qcJRa6z4PHRGK0Y9pepmkUthUnzz9NyfLL7hTCzummcTGwsN
+ eJKuAX6jkfoMTB1yr4B4Ex164oabT6STelTr0fBASBZtn5+GHxa2euQnAhg7JO5l
+ gexBd1mDABCZiwyCtVH7Fex1c2qFu7nK3bn+eiRvgjBEJdLIA1QKEZIIdcrOL5Eo
+ JUlvT6g52XvwvHBVjTxPVow83Ewy+Bgg4BY/kJsDZrA/h/hwE+U+kkYwuOzGsKIx
+ k9V13hcQjluJZMznaljrVC5K02AUcb4V61zisn8ve/2hV+3PURCODbBnT/fp4Lfa
+ 7d+uXe4pVLIVrY+0oJznvD3Bvog+o+lIdBvB0MEN4XFQ+IOTBUPNAzUpgzseHN9J
+ vMrJG/xEQY2P2Yk6oIlAuv+PNYCN29b4WzKMAKtSsxcQGKpFuQjXF0j6BQJ9rWeC
+ 5iZu5UKUOW92LZJPl7HpS5zSMjimjdd5fMfTp5urI1+rksZ7vRbMT3t+61y5lfNT
+ jxR4M2KCC2W69Et/Kr4MUjPMYKLQEDPxSQD0+eSf+iy/3mnGXzw4fqoN6S2cEsAJ
+ i1phH7WtQAgWlGYsPTQiYb9jlxOlN8FOZyruuwQ/9iWlJPVBuM8nmZfXH5+LvM7S
+ XAGt5mqDbySHlqqFKDGbEasXYZufjE+3+R1VSnt/L9ADrwt6YTK4dC6t4qxPj5Bt
+ GM45JUrRfpWgj/c6HlI+CooRxkkWOfrkKQl60hBCn6LB9u5PoIsRukzXyp0P
+ =gL5h
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//cbkZwvDFw6IICbo+Yj2UQlakEbLrs5Uy0/4yC7Cwf/v1
+ Xai2ETjCIQNtn6iPSIeBN/u/JaRA4KYyA3qxLrNJdamWOy0J0UuUE4Tia1tvy1fo
+ VkwH3Hoku0BaLFaU3z3eLXl9rCv02cZHee/8yNSxIoIyH3EpBMpuyelBnpptEW2c
+ gX93deWNB28KCNxPRT+b/0VMpnHq/LvxOGKmqqYw2ZSp2a640KaxPo6XFlELnrEU
+ 7+1vrf0d2jGqbv/WIDbK4M1sKV4d07fdCreEfhxgRveWV+PutAM6PZTQ4jXB3Oa1
+ kaA7BeDAkr6ZBIzykW/Jqh6xxh+Xa/t8C14i0z81F2V0eoBpbhBla+Y8Rt5sqmcB
+ g4lHLZaVqqxiK60f4cI2xuNeZPNJImnTYIIsPBBIa0dv1eCQi/wUiZERHOn5F7/m
+ YPHeWRbBqGPUYLALgsDU4IxLgF42ouYuGMgCLMhlnHL3P7cOhw+D30tlQW53jLs+
+ Y5UsU6lv+Gs34O5R7WXpOeL6PADAs9j8kbTEv4UXpZ2gGYMBCMThcJ0PgR9ypkCk
+ hebdpjRJssBTCcjzwncRXEzsd+jvXZrd1WqJgFALhEAIJjM5B6mmsky+3g5wPHSo
+ KJ24yCP2OoS8UEce1RpoKHBqHvQRZKfHzZbWVUkOXoiJl3a/MRGoZzVKKvpzzsjS
+ XAEgUl6lunwbTZyT0zHRjC5Vse0qc6ENIgSp5PEv/Aw14HOEjXYU+sTLUS85UDBe
+ z4hqrRuYqjrKDVhoFsPUP7Wq5SIF/iTtrgOkbrl3hAAyLO9MZWE0hi2fFFS7
+ =nBBD
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/8C4yuL9dSIZ+5xd+tFFdIzYNrj8cDGpchHEFQPyOmWqEr
+ DHCIh0zidqBfFBhYA6aRLXdt8/qILMd+sd/YVDx0Xp+t7vr5NixXGU5L07u32DRK
+ sk/RD6ftYALp7UNLEVUrQV53zER1hvw/FZerKQaxW4Mf/5s1Ic5OllmTtJgXN+S2
+ wFXkKHztpIk325pcyAuWw4L45aLOQsDCXGxtmujPSjuYDN9Cmk6Fzy57J5GL0yUw
+ uXtKdo0/gRvc5mkOLOSknED0F/wDjHgLp+0X6ul60Z1y0L1zGQOP4TRpokTH9zF/
+ XfL6U/fWG6tleneE6usqEhhh9x/mEv0jl+6yqeDaT+h2idXAyQj1ZGtSEZTnCQQr
+ zO8Ww5JwBprhYTMkgEMqUkBzjHt2HvKUC5BHDCZRo4tV6MIwUHNmWpj8OWZIATsA
+ qkjaG5dLKIR/y8kiAlFXdaLjZYLwQbvV9o/fV/OjJ1Immr64DWdA4vPxJusFx0+H
+ 6GWQOqEW1QU2ua2iGjPuU96TxMpk4L5rUrSlPb7HFbMtSXJ98SUgELpX6cK5X1n9
+ m7vORvs+2jH6BT9M7nzwDGqLKV0n8FGG5wssmpZkYWG5mHX3Xffl9rZ1KWiThNtb
+ q5UzZgj1lrZXY4tuDh3tSHY6OtOEsvYAM/Co2cMOYltldBvBUjCIcfp5jMgkuivS
+ XAGOdaWlLSI8WS0wo20hFMrQ6s6nl5lF7dDA5r15KDyCj7tRDoql34wtGHlcxHVp
+ fbnvT+vnS8oYSna8pnwUKtBPgJjIQALi1g8u9iOcJcS/k3IjwtYbvTuZDqi8
+ =hy1K
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdARTwXkzDANboNyz6TgFouJT5Cn6wkJL8KzrMIdznBoSgw
+ NuMU4tStbuCfiPYtWDIPCkIb1fN6QsbsFobdoiX3mmjAfZ8zemabizr79CxY9UJM
+ 0lwBzJvszQdnz637vwhTPbKTNdn4rUYvthofHkyKhtPeM8+Lh1+a1kl7xCgjQ3QV
+ 3vwR3HYI5aSpkVji1CME/OeN6yydrwRSmD4v0mpRVLz8Q4+jckn65YzfxqLrPg==
+ =2PZw
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAVvviZBDa021FiiyOf75HsZOjZeNACkwc4x+G7IqfUzsw
+ hpC9jPCWXGLxdJ3ME8kXRnnVuK+mO6fP7j+mt+Qq/gnsOwE/tG9xAfgbeN8HtUF1
+ 0lYBLhlYSYhrE1XLqxaOY417iX48SQlkn05otmLeDMnz8FVkrKTHPw5A8+NbJH+S
+ /pUzq/YqYkz482UtIvT2NWxjjCFAq6CIoM3GG0QrWUjMXluTcI9+Fw==
+ =AIdl
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAAurFFVEyyagsTeCAIJojju6tGOGo9YP/dnNGm2aCdl8+E
+ AXlvrKFC2syOn+rHTCeseRxWRI0EdBYfGLH2BKKScBOlMK6VtgPV5h8ixqfRozRS
+ HtlLinWxbhwz2+RcwXQ0i53BLWzv0royywkTIXEyhq0AqwF1LQU44CKzWRSCqpeZ
+ 2alZWpzTJyqZoT+cus5PlZrvF+GnUbU9JOdZZKjIHKJ9X/Ol9N4H8euDViomKOw6
+ UZVqDd1pejzgLwkokVgp+IBw0JwEPAd8Nz+6jFtE3wU+mblm1A1Cb8R0Iwd0DAUE
+ L3GsJ9ZnNGvxxYMcC/bsBTfjL3Ywt6htCWBC13iX4w2+bwXtJ1/7s5nejTsASVfe
+ LXJ/viuD9jixjCI9WNbpby/F8MUNv0k9tLTh56CzWJOxRqL+lIgrzXQmMUCkiWLR
+ u76u4EUMvnbM2hZaNwAYQKTKNC1kOJIcphg4lV4oO6hJdZ+q0Mx69F/qBxYhMvfK
+ M4R52beywk+bASQgbtSwysKJkwTXfP6bcJuOhkBwIiTfkx8qa3PmzhwQxwaufb0L
+ xeE+zqaKKufz3h7FiHutIVfWXh9Q6SgoTh2XZix9QAnaQYw5aZWXh/eEIniKoeHP
+ 97VPR7OUgVw10HpYVkuZlk5Ry/6oLqLPEp2ocIm5wJGP946mZkOd327/kXse0gXS
+ XAEJO1jxqfgkPVPrrFRZ1xbR8CrW/BapF3ExOWmrNgZ733LGvyo272vK02HKN4iQ
+ zIUMCpzE4vwRwHVcsd+8h6O2HIuVTbN6FdjVQuFA9dC4Jj7LfO7NILpP6TCh
+ =TJSr
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml
index cae283d..dca40f9 100644
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@@ -10,10 +10,6 @@ all:
ansible_host: cloud-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
- eh22-netbox:
- ansible_host: eh22-netbox-intern.hamburg.ccc.de
- ansible_user: chaos
- ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
eh22-wiki:
ansible_host: eh22-wiki-intern.hamburg.ccc.de
ansible_user: chaos
@@ -55,6 +51,9 @@ all:
public-reverse-proxy:
ansible_host: public-reverse-proxy.hamburg.ccc.de
ansible_user: chaos
+ router:
+ ansible_host: router.hamburg.ccc.de
+ ansible_user: chaos
wiki:
ansible_host: wiki-intern.hamburg.ccc.de
ansible_user: chaos
@@ -63,6 +62,10 @@ all:
ansible_host: zammad-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
+ ntfy:
+ ansible_host: ntfy-intern.hamburg.ccc.de
+ ansible_user: chaos
+ ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
hypervisors:
hosts:
chaosknoten:
@@ -70,7 +73,6 @@ base_config_hosts:
hosts:
ccchoir:
cloud:
- eh22-netbox:
eh22-wiki:
grafana:
keycloak:
@@ -81,9 +83,11 @@ base_config_hosts:
pad:
pretalx:
public-reverse-proxy:
+ router:
tickets:
wiki:
zammad:
+ ntfy:
docker_compose_hosts:
hosts:
ccchoir:
@@ -95,13 +99,13 @@ docker_compose_hosts:
pad:
pretalx:
zammad:
+ ntfy:
nextcloud_hosts:
hosts:
cloud:
nginx_hosts:
hosts:
ccchoir:
- eh22-netbox:
eh22-wiki:
grafana:
tickets:
@@ -115,13 +119,13 @@ nginx_hosts:
public-reverse-proxy:
wiki:
zammad:
+ ntfy:
public_reverse_proxy_hosts:
hosts:
public-reverse-proxy:
certbot_hosts:
hosts:
ccchoir:
- eh22-netbox:
eh22-wiki:
grafana:
tickets:
@@ -134,10 +138,10 @@ certbot_hosts:
pretalx:
wiki:
zammad:
+ ntfy:
prometheus_node_exporter_hosts:
hosts:
ccchoir:
- eh22-netbox:
eh22-wiki:
tickets:
keycloak:
@@ -150,7 +154,6 @@ prometheus_node_exporter_hosts:
infrastructure_authorized_keys_hosts:
hosts:
ccchoir:
- eh22-netbox:
eh22-wiki:
grafana:
tickets:
@@ -161,13 +164,24 @@ infrastructure_authorized_keys_hosts:
pad:
pretalx:
public-reverse-proxy:
+ router:
wiki:
zammad:
+ ntfy:
wiki_hosts:
hosts:
eh22-wiki:
wiki:
netbox_hosts:
hosts:
- eh22-netbox:
netbox:
+proxmox_vm_template_hosts:
+ hosts:
+ chaosknoten:
+ansible_pull_hosts:
+ hosts:
+ netbox:
+alloy_hosts:
+ hosts:
+ grafana:
+ ntfy:
diff --git a/inventories/z9/host_vars/dooris.sops.yaml b/inventories/z9/host_vars/dooris.sops.yaml
new file mode 100644
index 0000000..b3e5c65
--- /dev/null
+++ b/inventories/z9/host_vars/dooris.sops.yaml
@@ -0,0 +1,221 @@
+secret__dooris_client_secret: ENC[AES256_GCM,data:v85gIBNH4s4j36crJ+Pb2lu2cdZpwz0xndHzBKZNGKg=,iv:Rlt6R7JMcHTAAVPiTtFaxqsWD8G5B9Ab3yqItYdFR+E=,tag:dlMHaxTMx3LgOzCsTLUdzw==,type:str]
+secret__dooris_ccujack_password: ENC[AES256_GCM,data:bHeftSA7eC1cSydBRumksRgw2v0=,iv:X/pfsvQPZREifGjHDGx8mVk2TDrlrRVb6MiAr01wI9o=,tag:ti//x7eDbheMG6Hsn2KBlg==,type:str]
+sops:
+ lastmodified: "2025-05-29T13:28:08Z"
+ mac: ENC[AES256_GCM,data:SkqMlgJBdM+CMLE/um7m8V0ni04Xi3S9GovNsADrws6VbSWTX+50oc6HtWl+Kj2XugLfp2XpVnlzggCiq3fePsdt1af2+ZfSCue1d+dexjo5Q/gvE/olKlmn6aj5qiosUsLgu7v2bCOIb9m9WiEhlQLKx1wGiqVNQDabiLOJV6E=,iv:NUUOcXtbg+xMHqthipKpRAWLTXda8rup4aCbbP8sVEg=,tag:wyh+hrZreOyT7uQQrghb7w==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtARAAjD1i0lkwUFRgQuo0STOsM9N23W5LdKCuZJliGfVi/Sfo
+ etQhafe+GsYLMmZy3zTC7JU6KIYB+wTPAn4abAMqrxUFFZ80ij/hcmdj1p/yrgO1
+ XNZOd0PEX08RBd25GbIGLGYjvioutm3YDYdYlrR0pMhBvJl7apPLUHIFrmjlk+18
+ W/ObOqDvUEXIrm9E3GSaMYrk9b4gI8wtA78Z7JOLRFelKxnnhBPkK+46RLGEo6lo
+ 4QfN6mA3zp3oVg/dtznQrVtc7mbMvays6M32zRV+TQ/OB8ORqmsEB9lWTpjGgjzL
+ nWWt6bQVLIEUdp8RKI4kwqOE9ZxTnNAO00cQ4ZmsccsVXuLGQmNeoBynjJrayWXT
+ zQYpXh7mT2ovCh8TzPsnE3kPtQE7ISgtJxRaaX7KqW9iGq031Z6GW/j/zr1YPD/f
+ Wve1Z2bkSzHMY2EjbWBMDcIN9JpqOrjRVa4ZJtp4+pcBU/uO0yXaWZLRL+EJIDgk
+ 68CFGRYAmvEAfca7chv55gGiJWXPONRkDqix0y7Fk5pkfrll2xxkKPoDEU5pb73S
+ qdHQTDRmrrX4C+c7rSi2Cpv7kk0/azO5bxakREv+vFsiHKkz5cBwz7blBss3jsAX
+ 6lP+THKJSYDmgK0mU9CUaX6uvU766XS9lBZxp09ZY4lYeexS32ItXzfUTLsx6/bS
+ XAE829ofDeJ8nGFxCPTbk6mgIJ5tIAAPVBNNzV4Yyb5Q6EKAETEWmnZi7LgkACKL
+ pSAiQA+Khgy5DXGMnftFSA21KOsZKARhopFoajdnlSlUt3MZlEe0SjTIY4QD
+ =2QJ5
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ//aMkP/gaXVNmbRWECzQUxsyVOfE3frnm6jxErV/re/uyv
+ YWfMZVB0pWrOv/Nj2niQ7JQ663uf2w3d+YdyIAvfazAW7ZA7eQ5dfMj9tOPimofa
+ 2ciVCdsqDuKxkmR6Ns7MzKk6exdnzt5IEnIJrtekZJ6Q56zkYFhxGjvPKaNRa1N9
+ nvVVgp6ovqAA2JZFyT2ay0AxqTWlZF6BsO+uEqub8NSRmuJCmbKvQgfbmI0acqAE
+ DanFRY5k2ACxed30OSBslvFUmcMGigB0Wv0SvXtqCUmEU061ZcknZgECujoYysYn
+ Z1txLQEWSFjm6rOCxdKwqRf9DOjB5aM85NOs87jQy1+nZj31+dezEJ+701ROVOCN
+ hQCQVGqzJYEOwYRDMjtf2fZjc+d/smWv0FijJleWHBB3CEvMZBSHCZaC2n3/jtFK
+ mRwi5yZDizxGqq3kvDiU/9l/jMUPL7u716o7Gj6Y6AN7QgYjQjmUiXG8DvqMiNQX
+ eFX2PLjvmDprao8unnJ+Gj3NgwQgXkFJm/jmTjVwX41V1W8n+ayTy3MdaXaa/bYJ
+ uXXVWDKijRpl1ewqu6A6K9ARbPGmKmUuNIQzhgwav1c3VvQHuO91OoFz5rX/m9cM
+ iY36OTPiRsNnrNuoqa6aXSDoMZoOd+KCkIo9Z9HV0NiKVH4oerBE9qXxvdCB3nLS
+ XAGnBTYLEVjMXiWtZxRFXpYD5FUUNjsGWsN2nO/eqPv1FVAjECfiacFWUxu3kXxW
+ ZCr/WP+vDbexsPPxKNwV4oBO4t4r5miov6mfWnil4mWmvrOvANi29ptQMRKw
+ =3Lex
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ//WXDYfzt+mSWfgpKU7MSoU9B+VuO6C4g6FNuAXVFUcblZ
+ 7JOlw0Sikvo7cPm/a2keRTGsimFvf0/BFelGdSmJBizdKE66eAc/KvXfV2RCGLVl
+ GyBJkSeAOtQvfscyJaDjCxS57E3PtyaRGaWERUJ8mdvs46gfrdrMLjnF+fHSfOOb
+ BddoGlHwGgqRmPu6jLbv+U19+SuNhI7W0Burl2JQ/vQYxvoc2H0e/r0wGOAX07sH
+ vqnsYwHMAGgaeyKV+Hz29FAqzcT/svc3P6DR3BjDgDHB6fd0jTSVUvwvzZ4MPC3z
+ lg4DZjr6V13JFvUZpQ9xi9I38DgEOpqG8jdK7XZ1U7xMfKBW+ZLH8YgB8SvJLHK9
+ H7MOLcRpdeXtWgw/S8HQXUaaOUuV/Lxid+W1Q3WDofqwJYCrEY3JdLFBVvgETxvS
+ 2wckmlBdEEUiCzt4sX1XfanwJwQuPw6NDYYxYsLe2LoFYaiM27wzgjIn6av4m4nT
+ SRD3RIdcLpOJDlh713ZubfvoPn4PFKWQH4rRnIbnwI143GjvxInuwBSoRS3yPfv/
+ GwmW1Qp3voVRgN0lwdoA/ruydYBy0MOcSDDCVm6d2ejE+QdnDLakqKcyK7NB/GNO
+ Dvg73oNCSFmM7hj3M99X25GeJlte0pEK+/ZuYO0vRa7JCPAWzYluzg1eRpcCVqTS
+ XAE0c/M1Orkjx2u9YGbEYNEmMAO4g0xgRVJmJPoYex1ZrAasgiXw/KHpPzfen9Wk
+ QSsH1K6Xudf5U/4Etjqnctjh9ZgPEMmFe0iPbD1FEz9Lzy1vo49ai6+U/rnA
+ =MyFz
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//X8MbQzTrRC2iBk8ioKdLRerWtPXEDZnS0t33MnMb8NSe
+ jEUb+nlixr0BFK9U6lpF6xpLwAKP2WAzwQjAF0LZp6v5Tn0KJws6MuU73eOlfiXJ
+ 00lDe80/UpGptmgJzXoCxIPpWA8jn411ZYaHYzKjDI5DWxacwLWJ81LoQ554t6Os
+ y++haXs7zHKyuVlFOSEJtuDQ7I1BI8kJ3h8Pk0PJZ0pDy5+CgbGJ57OBdOGL+JiM
+ x+3qitjVdDgtBql969IjZsrU5wlbNoBySvj/pfJTjCw9xifK+L8X6KOJObUa0Ny7
+ 2ykINNFIorbgrdW0PGwieUOaxh6/Kp74pS0swBrV+XcsgwLCuHRiW/3SlFpJkbSq
+ mnJgO71rSL1fWO4woGCjJOgkJ07xIlK0GrX9fzngBRUQzrFu3cO0EAtuq0d0WKwI
+ SIiwV52YQixiLyKOSOMRmfuwFziuhULGC5wgtc1Q3C7tGNmmFsahGIpKfR1lxxb5
+ zsNXkc54EZ+Oj/w6bJn04FoiQh3lr5Osvh8CfFUdXcNogMesY9Q1b5oQ758BQAUd
+ RKIwL3Drs+dlZaXJo18NMYuG1WQl3ZHXfXjVDqiJMPPVPqkizQC2QJGGYXuRJj1r
+ DMXbew50XUNTKcOYjrxaZzWTmzN9AiJt5utL7YHcg0Loaq9tUiSJxNSYT5hi/nPS
+ XAFA3pn89D+Io5Lqznif1FzL9Bp3/3cWfTFtJl+WPE74InDusLNMp7q7ZnQdvRb+
+ GLPgrEUR58KeCG7c4j0lI0zMpcCySykWqn+lqzihx7tOzb/A/fbxV+qlYo17
+ =/na3
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAu5t9lSFJ9cRNRTTXH4ix+9jZ51eg4iqw355QQ/IlVwgw
+ N757g11ymjjHHflK/W/X10BUWHjoAmFYyMCkJaTKL5k6Nn60sNF/3hMd9lRmh34g
+ 0lwBl1flz80tjLXkCK2xie5fc76tcLIb+tXj7/hvM1WM3oPHAOS1/nZY9stLw98g
+ yHFwV+g84tL2kxYcFcdF0uck2/akvHYarGVmW+ql9yY4elTEHYl3UrZOG+YlMw==
+ =QxJA
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+IWGcOQ49WwlWlHwkQNmJn2mJItPtyEN7WnifbjDPOKZe
+ fQuh2Qr5UfJth3WRymL734QveVdNLhR6exyi8pC6g94S++KrZa08AlDMvZUQriKu
+ t4nDlce7wJxlvkAjbOV1rYj1o3ea6iHSNOUcvaA4gHOAG2EdLP7VKnofacoKWYkE
+ Q8dic+NHVHJlNKkx+TRYX5GyKhEcJouqmj3s3jX4MOzOKqvSb2vgwT9zZsASAtqL
+ 2P6Jz4tuX7YJS7xEoKCpA/R6y3UAtpEe/qokbGa18jDDwiiojDUWGr4SIp6T+zAn
+ yCC90P1+9hZLVtCCJVka9MLn9AvGufxqt/d9lJi9u3GdAdgwGA5madXKqmppquI+
+ xCbuWUY9EFWAK+F6R9+za722juYCgPCrke37bNF02NfD+fonW++uQmRJiDCmJ/ab
+ FEPsb6CMvlIk1h94skTNwJuLm63s6nGSrVChTmz21gn98OELxcDDav/Am4okBlpM
+ dUd4nAZbla3xUu8mDWhYVufnXeUaVy0mPh1oN6LqxMAIFgrFrdzNFQiLzXGzjeO5
+ hkZnF4OLzNSTx6OIaSaTG9eFNEldkanWK5uaD79iiJ6HpDBOxIKK76d/IlkSWEo5
+ IMzYgT3J6LvuCBIp7jqq3xluarYm3jVL74iJeKd7YrmEJmH44whZzFqLFwXPRhzS
+ XAH8HQ4Z5Y7UO5V4XYV6LzI8nJzNLMpTH0RrdnDBRHHSjbtWo4coTQA+XkGqaKLC
+ Tx1NxeES5PfD+8C//8bkyDkddr17H7augKZpl6+qFZEcsnVoM2v1AyuEEa/H
+ =OJbr
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//b/ndAkI2OlGJBnsvz/U61ApEwEgqqyEmhF5GBk1T9K58
+ RIfeQgJgTOOO1HazOqovOh8++tfnNR4BtthKPXaMRPKXjZIcm0uGjDXkubWJta3P
+ EPJgJfNKz8KpaFe89dkzb/1TIyk2Nnui8rbEOIgomM0TOcf94N9tfNZru3kXHPuT
+ cglZtEwsXww/BE9QXDksZWRSDasvydDuQpQn4DCZNatUUYYOFQ9hkHUvZd0v7gL1
+ tyrF6XRJi69MHRx2GcNBBCuOCNO6RgWP0LHjD4JYKJdSyy8a9qTPmCT3Ofe9TQrA
+ FbYYOTTXLDTWmad6GnyAy7ZKUvgosoFSw7jmB5xMwzyjVIuyNnAxLvjnppvaR9Xh
+ hfgFVWc1QAWO3cLvUKmx2IMTxQP2mX+zWk5MRQqTjuTGARAe+AYKHtAyxszZEr76
+ 7uXRB0Eo7WS9uth/62iAtJy0z68pXYzRI7pHiJJueZwhGi5rGdMeDGM9tXFOEdUP
+ 7d2y8Cbx0cOfRXy6VgzQBc6sZU3wevzNNLK4M73A1urIrx2eBZC9v9itGyz9o5g7
+ d2Bs4t27KjFo31dXIM9YhJr04i3DvPq08ImY3MsNJiGFKtpt2wCkzlPLJXmyewL9
+ ybmdUieW94PL2rAfkaMbWMjaja+H7p/ItIe/Hz7WEz3R4NJL2+aaaWRKqUPuo8HS
+ XAFRkJPM17ALht9P5M2qBsdeB9Y6zsJuQySooAtubTmO0SBae2CLfLi7r9G4vh8B
+ uyaPRJU4VvXftkURyRHXK33Frj+ZJQCyVr16WXF0/klKmb5jED8TC5XwrejZ
+ =zjZ5
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//UDZyyywJC2vZuaAqLv8wvF/7lyzKoqPsXp9OhphMwCag
+ LZyQ66GkaSx1jsWWAGQjwVOeikr23SO5Sc8tqVtkKDXq26b+S0nPHf+xxnSIqOms
+ l0kTla8c7PgJadf4YgKbjZwA4PDb4d0yVM5tnpceGZyzHXtOHdojRHBKgm/ed+p1
+ bXjx1SeBZJH0F4pp7Pu5BTZrVp/RmlOCCs5SmzpBX151u1C310bIPrlMzyzKJOL2
+ SwiP+/DpwxRn1SRyZXQQ7bRzpS/Ax9g/S/+tKP8vIrYJ/07o8xensY5gjrW9Q0Qa
+ RAQLHacCFeklkqFg32NoOSXjknvITKHSKu83EPq6IWgj7SV6KKxPXAiWmWIPnL5W
+ TNh40cn2fMPrcs5667h/xTsa0PNOzHEtXf0Vx992JU5bTsOugmdc7e3bYzEiUbdZ
+ nKQZW5AUV9T1qZdXBqnB1AXwijNnFkhtJrU5e1GZApzgN9GBuJIdWUbna6SSbEiI
+ /x46YTHOfMSsxu5f8NGi8au9ww/8tonFbR+CSeYZmnG5loqf7Enyj8iGhLiEfG+0
+ mQPkxAB3mZEfjVr+TCXUz/x2Z99eO6xv1vJ0HxrQdEHd8MaErgBXsobOPi9cQcb/
+ QqfzxRB0xSPlSfcaIDi0iPXzJuNhBmpM4bUqM7RRA7CanfP2xwCNnAc9OYsw1bXS
+ XAEhWXrz6gMPCMDeqzae3ZWXBvH2aM2jSEcLy6MXz7d+0lgOCCbzBFUIJ6468AR4
+ QtDFpOl5r4sC8Lpej1mkZhQk3ngZ0fH+ELs8gliRgBeUz4I5J9prZ0H1YT5S
+ =hIWB
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//b86yL2Kay7YkWuzeGb6g4uUl89S4H1TJOzCthu7EJIUD
+ bQG/f58a5J2k1PLq88VTrIo0Ulz0BIGmblguqTAPnr0XzvAbWHpio9tnlB/LRFAk
+ hj2OKqY57/FOyFXtBTKS9bhI8hqWr3Qn/FSQQV8dbLSrkAZ28htex6egjknVVLg6
+ Rf9f8DGENEOV5Bz219NFpKs0D5dxqsXysIiHw7f6vgz4r1bLJO/RKxaNz1kGCw0w
+ 93aVHL8BJuFSTo4GdaJAWhIWuZtRbiZtrDFrSD38GHRz0KxlNjPXrSFo/wqWYey3
+ vq8hgPknEqAiQFJHSxhAKo+PHjPTOn5I97UmgJ0jpDopCWmF/mlUhI0CMMPRtzfy
+ 9mYTH9isVww7tZq6VClHt9MLtgPQbUtcUYNOTSsqpXuRw5AafH5x45SAaRmgMiZ5
+ d7NfhIi6k4kUEmqHgHBiH+MfLMsIu8GAlUJ/biLWEd7VQMgLD6ipLrijoChYvKsz
+ 1ej8G1cV3wmwT+JkCseqfiH/ju8T5axZOFzTKY1t8faSx8wr0K2GNKySR5Tq0wDM
+ 3e87vrNjs3oVH8RMBiPQzPUHJFSsNFdjjHpE49FkJUpy2Y6Jlft9kW4nHiZR6KFg
+ 9D1xK1Yd1kD1wck0Tou/bu6+iaOppRAMYzQkwmbFYCZW6byqwQWz6TZ3b7w5w/TS
+ XAExGv+29jQHHCR9uPx57ll6sLxFGFt701li7EX6P+ZBz4FYui/tYNOUqw/csGSc
+ 2BYq31FSg/zq9ejhMFgCbJMdD0D0WwlfGA3wgafk/igDYRDixuEZ1yYKqX18
+ =aiH3
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAzHZXfaqUFHTaI+zp1Cy4dMgqNHVs/aNnojVL5beS4jkw
+ Qso98uOePpagNBVnpj6SfuQI5tZHzNETfxHl1k3qRXPS29J+ybEzBQgdbtC3xbnj
+ 0lwB+uL9zdyS3WTCCm+PJV4J2bhhd3UPgoVXuszUetlX5pqvpJSCHcfH3i50Q5ov
+ fa4/XYHhH09tfJ3nf+iB7xpJL+JlW2bBAN3v3zlD6+jiIhDxpmBmu33tHdXePQ==
+ =4m7a
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdA3M0VvuxztWirQFgVHzqzB2Og5DNTlqEjkN4bmZv313sw
+ CVDDFafeu4pwh07O1NcbVB6T+O2BkXc3PI2OWCMRWS6v4uMEkygVSZCmxiZ18XGy
+ 0lYBWY337KT1q+tb3PYDzNUTwYGulx98NBgYHyTzpDECiJ+WQXTnQO5yQ+iQ3rFC
+ 2AGHc++H5rq53D5tDi9cjqKZs0XHDhuu+D4BLB0DQKwIjAWXJIVJYg==
+ =pkPL
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ/7B92wxRSXHW2dAcmMp72Ll+4GSbjD0QFPincZ85+2D06m
+ P8vUWeCFfZ5soURASKun2RKa5GKXKSNsDlt75afM95ftsodmuyQ1SVmvbE+6SbAb
+ IwsqoKJRbBskWeEUm9zGEn7910v0qpzhaI9jwwCi6gT4OB1L6tj3NZKcVQYE801p
+ MVDf6bOoJ9DhyBFpzmNtASFRw4Je8PwcfrUZSfY5UZOfHTiBRop3l9mBJBpAw6sn
+ sfn+kx/TvRJ0JVqUQbtQzq6cAIJF3607tB2HkoFnwIswwqWQz2yuoTzMdhQpnUBi
+ 0lDHThAsu2YKyavbIH7N/sn+hqE2j+aOrQvMZQOiYFk/l4iMLm14It3UY4G48Imv
+ GohLw+gss5G/stDzeJjiQ+gDKAC9ugDGS+uisyqy7CZtoow/GuBk66GL4TGOpq1W
+ 26sH/yLBy8PBuRj8zrfgvcSYJwzvRprIcwdNmkmh+k2zf8XGMLcu1nUbb7WKZCmx
+ n/krDnKbeMyDBRxSHHO27gLmYQnk1T1W2vJc/EVdbEBpmodWlGVuzTKaWfcA0RAL
+ ldvrKLamWB0sZO/j4i7pOpeUUh6JOgXgOIiyXlMeuNjmh4QkqCWgiKvm+dk7hzoH
+ dIfQhZRQCL2CUaSxqEEQIG7vsVqkpX/4Fbi3McX1uU2LU93/LpjaMpv/Ou4HFaLS
+ XAFSkYN08zWc0548MnCXVoeYrX0szPPUmiaRIM6cDL7vI/vVR0uiVCZEY7QiyqlI
+ Wn2nOk3T44tA057BmjCkxXlnIiuLilzU0dKT+jIwikAZuNM5jF6qpEmyYEhq
+ =JQVx
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/inventories/z9/host_vars/dooris.yaml b/inventories/z9/host_vars/dooris.yaml
new file mode 100644
index 0000000..5813e3a
--- /dev/null
+++ b/inventories/z9/host_vars/dooris.yaml
@@ -0,0 +1,15 @@
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/dooris/docker_compose/compose.yaml.j2') }}"
+docker_compose__configuration_files: [ ]
+
+certbot__version_spec: ""
+certbot__acme_account_email_address: le-admin@hamburg.ccc.de
+certbot__certificate_domains:
+ - "dooris.ccchh.net"
+certbot__new_cert_commands:
+ - "systemctl reload nginx.service"
+certbot__http_01_port: 80
+
+nginx__version_spec: ""
+nginx__configurations:
+ - name: dooris.ccchh.net
+ content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/dooris.ccchh.net.conf') }}"
diff --git a/inventories/z9/host_vars/waybackproxy.yaml b/inventories/z9/host_vars/waybackproxy.yaml
new file mode 100644
index 0000000..18540ee
--- /dev/null
+++ b/inventories/z9/host_vars/waybackproxy.yaml
@@ -0,0 +1,7 @@
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/waybackproxy/docker_compose/compose.yaml.j2') }}"
+docker_compose__configuration_files: [ ]
+
+nginx__version_spec: ""
+nginx__configurations:
+ - name: waybackproxy.ccchh.net
+ content: "{{ lookup('ansible.builtin.file', 'resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf') }}"
diff --git a/inventories/z9/host_vars/yate.sops.yaml b/inventories/z9/host_vars/yate.sops.yaml
new file mode 100644
index 0000000..f5c8f32
--- /dev/null
+++ b/inventories/z9/host_vars/yate.sops.yaml
@@ -0,0 +1,230 @@
+#ENC[AES256_GCM,data:Oc2DdKVMymwkIHbS84TeTQY=,iv:UMhNafqQrHaF5iqFSev6D1uqHPFpKQTkOpYV6JncjsU=,tag:mAmBMyGdzER3hkSkV2Fjtw==,type:comment]
+secret__yate__sip_trunk_epvpn: ENC[AES256_GCM,data:BkdNaCooUjsDlCXJ,iv:saO4IGsz1HAinvW5ZGAMA4WEtBbo+UNdfBkr0g29uag=,tag:t8RM0GNYhl1w/RMNO8wKbQ==,type:str]
+secret__yate__sip_trunk_fonial: ENC[AES256_GCM,data:N18C3XZHIi1/IA==,iv:vs9dCYNRp+1ptxRajdUO5ODTOmNREJslF99xnFL92XM=,tag:IUmnlPeRI1WTRYELzZRk/w==,type:str]
+secret__yate__sip_trunk_fux: ENC[AES256_GCM,data:zcVxNjyS3BE2dw==,iv:Prmy8nP1yeFrVI5mQaPJPKHGFCzuZp84f6fH04I9zJM=,tag:X15wqvaaifMU2/kcqLqUZQ==,type:str]
+secret__yate__sip_extension_ewerkstatt: ENC[AES256_GCM,data:qbatVvfXZiUcpVnOJUpzYw==,iv:E/fCmKGrwYvQP1gGvwT0UrL0DZ/PcMwKG+NteiukB5M=,tag:PFmU0DX56+IbSQqMtY5NSQ==,type:str]
+secret__yate__sip_extension_fritzbox_analog1: ENC[AES256_GCM,data:+ayQ6P4P34D5hTNOFv3HVA==,iv:UD71G07Z633mDmvnJVei9SKgHyM+JFXJdtOhyBhvKGY=,tag:0ISsYGQCIMMgToLWA09JwQ==,type:str]
+secret__yate__sip_extension_fritzbox_analog2: ENC[AES256_GCM,data:DbFmTcZ8wW2fqstm09yUWw==,iv:jKUqtSXaGF/QpIwPJ6hKQWZvv9xtZeIQBiPHt2xm+3I=,tag:MkWzODFnWZc8o+pVLR3KJw==,type:str]
+secret__yate__sip_extension_fritzbox_dect1: ENC[AES256_GCM,data:87MFTNA0DXmfhesT/M++ug==,iv:qDM8HWZhG9FADLFNPRJXkadN2jXD6/CfroDShNPzA+o=,tag:Ylf56nCczEdDaOGko5GrBw==,type:str]
+secret__yate__sip_extension_fritzbox_dect2: ENC[AES256_GCM,data:KOUKexyzJqZPj1HKJxFl4Q==,iv:OCChQmSF1s8C/VYuw9D3hHA1CAoCnwC4adyTpWO5Iac=,tag:VFFuYi5Nd49ChU1Ki/nHiA==,type:str]
+secret__yate__sip_extension_flausch: ENC[AES256_GCM,data:eIieA4A/ZmU8e7t20xwmCw==,iv:oDMgZIjQBDcwIVPK4/qIT1HyQKc+vImdr1iPZE1LEn4=,tag:RgS+enGC6DP6dwE8u30a6g==,type:str]
+secret__yate__sip_extension_legacy: ENC[AES256_GCM,data:gC43eKUOAYU9dgNV1JQ+nw==,iv:xN7aad2NPaihlMT4Ym2xanpKU4eX04V0FS4m6XRgZFo=,tag:Oq0yBCSf+CB8Xkx4D4TH5w==,type:str]
+sops:
+ lastmodified: "2025-08-02T07:43:00Z"
+ mac: ENC[AES256_GCM,data:Irv3y4/QbofyM5BvE4h/T6zNF3A6oTjDssMOcqmGxUOGpqL11Am1DMHBivkUgEYe4ir9N0kvPUmed1XOyDwImrl06E1mGAT6hOlfVSYKtZP0Pwvi4VVeeP6IAYN56zu8k4X8oIxv7AEfS3Fq94sJ52Fd3xDPPCG4aVtUXxxDuwQ=,iv:HdqbgUVR0lIysZnnPkOkW9gDp9G/EOrHDkwmQH6LVKQ=,tag:amVPLxjvx1Qtv+v27SGtGA==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ/9FteCUUAadrhDu5M0uwAT4aSpkhA9+2mHB315uhpNGV8b
+ frAvjvo/rtnmDYX3QleuyUu8dvsp8lryfde3SnQu38hqt+a/fio6mf1CDWlwuKDb
+ xlNeuPXAP+x7PHFOXj8h0RhbQoaeYDPwFAwPXLxfgDes7cX2JHKGue7tBvCjLPJS
+ 3XoSXnbktzu5dFFQM25zuqM+q1QHbn77KyjfTPVJpvLJRiWsJwZNCaYVw+gc0hwk
+ qqOGGaLN+T0PvmUiCLzY8+3QK37dtru5h+WcDk6/duiI2P8l47EC3k7oiat8hzc+
+ dfDDUhlbCK4OtE88ewA6UwT65m++CZlCzT+/VDus6gi200dMgJaT5fF6ebifitST
+ uqLbdc2qQvR/h6OL+j5CulR20aZd9pbIamCaJgoULBRozUu01CsPKYIpRBONqbmD
+ bIZkWCBv4KM6jxbW701+x4VosGNa1lVJ72k1++Xg6agEjJnx0rW005csh2jFac+E
+ dfiJBOjPTMi+LDUPFokPga4vf82tWa7iPLIzmhMLupAQ2NnapBfW1o2Awo3mmUgy
+ J6psOd0po2XSYjLgB5IuRyNNY3KfzZOXx/A9cB2S46Rp+4RrkyfQMWVy4CWZMNoO
+ 2911gSnRutgJP3LrE/flR1bXpNsdP1MIx1RMBzTpEqrMB011Ad0ZnmbN42tkVdXS
+ XAEEtt/OW5TAnBXnl1NASySaIeP8mosYIuWXVRK3382zn29AVM9+KPstSFL/yXtJ
+ Q02jmaCXt2iJbGG9z7LymLzNbE93h0A3i2VgOQ980mhuAWZFtU7w8EKNz9fF
+ =ODrF
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAm2tb78/wI/RgRnuYNUbglF7zDKDUyhFc+36AbDKyB5w8
+ VFRp6bTShbV3oUvNZVV5v/7A/TUi4X6p1Nmqnl2vQLnFEs4h5xZwUajuLlsWX9AO
+ 6Hyr9D7pdBSBRfxypM1WOmzFRiDnFItxYFu5ljoc5OdkyZ7oq4W1UNWnV6dTip3D
+ c6jfswzuBSR3HtoVL2YSDFIibVDAb8Ph4kuAXDRcxKHh8FZdVaEyk5KhWDBY87aJ
+ vemqIOrh8GjbWWePNo6eDqRVU2nWZea78M7x0z6rDz6Z+VZsLWcl/cHu5pZMgDZW
+ nRUUe0JOtncgZ0FJnZu9sAw6BftaVgEk4vVrT9174evkTj1otIXClijTigVRp0Ia
+ JngM9FsQ0RLSA0dTGuCdEzoFPlUbtLLV+qL7ZGdysbfPsDiP1tlZWwCyxnYJ7gt3
+ TgqJPvZ/tuVX/MvwVCA6p13RXb3XqhbjtA2k4eXdeOcWPUYmYvVJ0385ASwQC1S7
+ PfmvQwL1f7YQkUvilkzBD/7EGeqJ8OFC4vJqx12tJNeNuqPiw195yBhNT5rml8bc
+ 2haV+wdpzWScw+eo/xj1a17i0a3SJLpwTcWiwTp0LmZEecOFtxNsaUjnZPn6d8Ms
+ RPbDVbeZP+kxNbvTuwXtQgC3d/GbcFbcSs//MAYUQLs83mA9XXW9Gzcq6ltexBPS
+ XAG2M3c5oa/2XonBoQ3X3dggKPWQoabyUVAAsehotCxcMEcdVEMtJLSB0/+CTTP4
+ 4+A7rurD5TwegQb3TmsDQRPYjwOoH0dQNXGNJQGGZpRyiVC/z0r3TXYrahze
+ =jtiP
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ/+IZeMdpcuIJgNH+sdovb4+CIwiIJozWprKNHOxFOBoYMC
+ ZBStuhdGS42LhJLlV6kCsWGdT5uFlQVUCjRX7YwmFurSW0NqqzFtgnnbxnHF8UWC
+ 743JTuh2lApyL5WPeNwj1PXx3xJcJFeCVynWDblvH0MrM8GVy68pZaSsIlmpcnGR
+ 2jLCdWAv72T0SVffto7qlpQmCXNJSYspykEx7LhylRglf2uOAAq4n0k9QIFFL+2X
+ EgV9rCOUh7qRpZ8zhd7PahS53o6gvqwFj7xM12u+iNbDE3pw+qThv/LiqfuoNd66
+ qHUDzz5VyVlhbZ9wcN9oEPIl2kuUL6WeMO6RGZMx2n4kiI7E6X4rF5YgRGJBQ2Mc
+ DAWxC3hWiAchyNqk7YoszskwjVR/8ozsvPzSmny1UNNsMsc6zw3BL86FZj12ODCT
+ lwIR4Wae7sGC4oBITW6Rc5uDvo4hdA58viwOPHcxCNHrLHkJHhje8CMf5AhjBYcy
+ OWFOD9Vi7c9fBeQwsy8G+LrX/wkcO5N+KoDDGJs/gx6HVAD5Rie2UnVCC4pICUXh
+ UgIXDvV0WahCv+eOBUlj4gOIpLEO35P0RcX9nNE/5izFlwH0TtG5rCziEHEosqD9
+ 9Wl7jqAi3POa7DtCD0DHIn0jxlWyVcBEXqHlgU3d6vRtOXTZMvt/NZxyLi4MUU/S
+ XAGWywtpd/gxRgiyg+OB8C9HhOioLL/bCWvOE1n0JLRotxnv571oZi0SYYqiyX6I
+ wk9s181nh4Kyfmf+tOiv4GDSkUfg01y1dx+85s8AzgyT6t5isV9AqlcWVGIs
+ =c5hi
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//VRf1w/DVkjth/BZAMx4B3i4O/Sh5vkJE1EQx7XWgpJVY
+ wX5vN0JujvIwhQ0aQf1nkFEmFTMFuKVMLzsHQ1ejT6od3XTsuD/WZsG9GJfG82Om
+ jT05mwIqcH1brD4PVqzsEdykG3PGtxVaIcFbnhdls15VxQTgiW1MXkjM+hm5ddti
+ sopwNLn6q2DbqJ4eGefl2kn88FxwDCv8tU9kQ9v4kR5/qkvtYgf8pyNl5zcQY5nH
+ y9muGRxt0eVq1Wpc7bzui/9MtZ9XOBWVPevesO2QWRTnK7PLGH23KoS4GHLKB5Tn
+ OkP1QemC75RjZ5AkfzYtTAInSlFmp9/giQ7ZDVSQMKoXxCsuN6jsVK380jWOPlq9
+ tOtXSfGCSdMeM2O0vB/Xqv1qhcqPSGGCib7BnivTUnEfgxGhHGxNOOFZ8fJBXDhQ
+ F0q7CHRye1EBhT+GpKuraSBpcNMgexj9j+B+17IAW+Riq0l5DiGJ7rgPaRnz+3Az
+ 2F4y0r2//2iV+Em6n5crVu13SsAWUzYVKyHSswJQByEK0D8ibE8vlsE+LBLwtpUs
+ 5FEVy8bxmNwbYyKGaiFR5m6njWlI3M6Chn1snzfsaKWpPxFHj/CSpUu4MRpGlNfr
+ Hc2mJxsi3FpnAUwAUbnLudW9ET72gnfrHHKBYf3DzqQAc9Xrf+dKUuPuBlDm5TPS
+ XAGNfxvILdjNFX9LvJLDffbPzHfLjKtBDSAAZV0bK8e669nFReBGfTk4RQXY2Huc
+ NW8hke7+pV4vazwcosDgFRu/XmFyc/G+bxbB1zmzs7DgQ0m2sLxiRdv1xwBX
+ =C6m1
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdA47A8oGWP1vDUTI0iRqcliyuGmgPaM8Cmu4kRL64cmVsw
+ xTzCmlWNzdNa7YpdEGrCrzr2Ml5oE8hvLy1fM/H3m/6VM9+3Vmm6EI0Zq4mYYh6b
+ 0lwBapQSaiQxUJXIvRHqIbFfd6UvQ2k/l6K9HtnL6wHLNywCl8VqBJyGh+gzrS6p
+ Uj81QJspZL/XBbaw3vsM27p4I4644BFHVQMApAWWb0s9YTo179eLVl+XXL9/5A==
+ =hDmG
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/9ETw/8YtE14vgYnOWSnGhp8ryTFdt5D2IW8B30mmFlY4e
+ 0P0ELQ36dn7ZoEe9DxfjYXFEJ9pTElnN8d1mOxOcFvvBA7HXhWYa261PVTUt0Mh5
+ sLIcNgLoXJEd35voyqm/PXtGJZmM7iK79FL9L01eVm+zGSdglhvHhLdMnFVea+SC
+ vF/sjp+9m6DUehKqD3jUr3T31mXf2wuq7864j3DdC+pRC6In4y7kuj0TUbGpZFH8
+ rKBCxDLAifp11acgB5B3r0JyBeeZgIw8uTKrrQpFXXIUEUO0g1C6xlo96M3OD7sG
+ pdvdsKo0l2687kA5uN2/hxAMqQIImLXSStod0KveDcys7UtYIZ5zVoi5KyZgxmBq
+ wJOatBlH/sKzU2TXOSSTpbQJJBlaxCRk8/3ypfii4xdc3pWBm0Jm0fmZcckYmdWs
+ bTOFCkg2Bx8gJkMpKSO5sou13j0Py45IHdeeOkYt6K/9+kEqlUCZfJUUj8PSO6Gz
+ 7kdchGWYcGDGsqDeLlAXOdt8eQxBNs8LL9r+d+Acf4KqL1CYoxYhf6UC4z0Hownf
+ jWkrs+CUxnF8xSt2WFlxoU7AWkATMkBZrPoZcN8iyTwlQWvTQgXoFJoJ9RBkOwfc
+ HCSXDd53nogbkOfCUDosmlb/CJft3vS+hTNiLTVMA0J9ixul0HaRRr/w8bE/DgjS
+ XAEdwJucMGVbFM3DNjrDb5iaVsIugBYGuZDK+/xyVwK1IlP9GDwE617SQNM/LbQo
+ Fdq9ziI3VwlTFOnwNZ5Lw2IjNzHYMmS7ZTiF1LERWrMjIUtjY9/443ZHGQSE
+ =a7K9
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//TycYGKYZdRgLzgcx7G6un+2OP3HMsXGfAO6Pz8qIkd9I
+ jhVccyRB02gPRb/8xKyR5LVjeZ+zULmfBNAAwkvSDC2tjn0PlxbQwFW555Mdeg47
+ HixFzYVpi12qxqk3Vei9C70VCufyHp2x4YH82LJNKlHybJv5xMFZIFVkPdQQX09M
+ un2f5Fo6esMe8xfzfHsTbrX2X9TxluP+xwrjQLlqis9Xo1w3PJ8a/U7oGWm7cbOa
+ 2/7HR1eNQe2CIWRNo22CzvrmWcsid/LblgGgVP/W2lG7cQtXrW6dy5UctIXRYGwf
+ CjW2KgVova8Ojju7M1gZHjNSjnIEMD4ONNQCe5UiTfHwZbqPQtsfipL6NjY404/g
+ lG3ab1qtwgUSP3sdl/+gRvDEENSwjk7H/tIlk64ufABnbjqF7vGgh8EWz0u44sI/
+ a7RRYZbSjFSWpUivHiF4Z9CRxz+4OFkDFZ8oMyynwnNtXcq+Y1icqggPFN7PjPX4
+ FB0W3fxcDvUaC92TeHrbVA6gJ916WwPPf0nDYVkuKbVgBHiDUmTo68WGD3T2IAPJ
+ tj7ePAG/lreZDhDKH2s67I40Q8lPDIxFXV2u3wJ0wSOUeGvMh/mfaQyCbA1hDgIU
+ 1PfkoLxXiQ09VfH6AVTJFWEY8NRJug/R5d+6PsXp61jfX8tVT/IFUlmdQD9kRXjS
+ XAHubuQ/eNItKH9gRTj0eq9YdbzmrVJx88ImtX93Tq8Jrxc11Grlyf7OeJ5tBgin
+ UYYips2Wf+P8SibwyG+ctV/4qRtNzoo4I7B5PNsKqVkm8bBzBsnvjY5WFV5G
+ =OwXi
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//TO7OWNCZyYgKOGFsoBlCT6rMTCF9ZwL4URHCCc4Yt+56
+ MJ2jDB7usZTQfEMm7sAPKo82lJh7BnZR3o9ZQfJWnv1fc+B+v4FCYmHPlxD1/Srj
+ 8RqCAqcsSRpbAq2B4qdq2kFfh3vuSHewBtCAblwRxuVKhoLUg15Ax+20h+XcXIZm
+ nAQTUBauyFNxZjEnTPiAO7rEXR7XAtN3XQLnROBiZXRHL6nUy1Ud1fOLj5dWHHl+
+ YGlmyy6F8GjG8Bk3G/F5QNp67h9OogW1EYWOIRqnxfYTx5QqYLig9b9Hehf/guT8
+ rzifK62TFCqANSPwvsehHH1ucdO+pnDL0a5dLELMzYJstKqOaq9Pdly3HRIWT/lg
+ UhmN5aQ+v8sw/9suwOKb9ED7ITV50gIedRK3MjtzAb6GwmgeO5PWqcnKaIRarbo+
+ PGM85vQkkKMY9wJHHYeYvDvM+fYilmX1H0uFg7KPHqwZ2UM+4XxKp7MfQQTLIl+g
+ rvEJ2MlVp0xG9biyqB2vFUungS56Y0mDNN4gaRwxGXd21OjI2onquKIDaYXTh2uh
+ S8UPheiOYHgpX6Xd6FNhVchjd7NDfw2XwiYbBI6YvRqeG8b2RetbUdpH34y7kTTO
+ rSRx5wJecJJYL62M3DDFQ/JVgsQs2YeyROen32UIZqVZjG35NaUY4gWFvBrXk7XS
+ XAH2c64NkWvCxrQN+ypAOo1acK7JmVx8KRyJ9SkHBEGXf8u8vrM3mKErSRUdcx87
+ O+4RH7EMOnH6/5x6bX2Uwj+WmY8uXtsn1q+zxqMmnt+rQN8y3MlssJ2u3XUO
+ =Ft9S
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//WMDEOC0jLeKxKCpjMltCQ+jjwtsH/yZOA07o9VHBhNhX
+ kfJ+fONQb7roYaMFEM8ZRxhVf0IXjrK4vk7+P4x/vKtW0/1cQm7U/uxzUsOUBA4k
+ UZHgcgrB3s6yDOY9TdwnZnaOlRPmG0AudXOYS/FwNE6OzYeCzf+88nw0VZzXpwvJ
+ WsPV69lYpwTxcxhO8jCVDPTXjOC0sWOXBe6Ea2X/dbWuwu2KX8AxDp8O3C6Uxa30
+ jOrhNtiguMugmKgF7NZlDqgiR3v2KhbVi/ECc3vH1c+GTekT26zAkvvzFqJjkHsb
+ XS8DyAp2/ExCubtk4h25ObMhghabGqrl9o8hZ+0RlEaWU7oRi+cinIXgAZcubv0Y
+ /LEfDyJTohmoDdqpC4xYdTMQ8s8RaNRGtQG/3hISD0cgssBHDBKnoNMNB/V1qe+z
+ EZx/ewgUmlxcO9Q+mPnQG9Eo7sh4WnldbueXtdmp8f4vpt8tJ6zr66x9QLU0IJHW
+ UwgwaV6EAUdv+O+MsW40Bx/TWEbbKj8am9dymTP1dV1OcPJOLfUbNog7ybFXl6IT
+ kNnUkwHXfkRUbzZJNB5rBTTt8msuFquJEaZANl5eMKdn5fG9k2hxMpZCdYT0kECb
+ ErzpV2kUS6Z+QLL2YQzIQ/iBqy82u/pOJ44IvO6JAXYUbc5RTGVOgXNpNiFhOQLS
+ XAHfwKoAg6apAAcqJcywJ52eFwi2886lHyTcl6Zl8wlOC6FZbK+zkmhFKEcOdZyo
+ YFVoqmHT3Da/Z4rlw0XwJYR7EFyk/mHlBwdNabv68Ba94zkqXpSSDuJz7Oip
+ =K261
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdARUYTLeEeQkoOgHc8ReED3vRzHOa3S648JbH8q9p8s1Uw
+ 6m+puHJX6nqoLf+TkUfNKfpx1JJpGxgcvsADJTm5Rwi0MxqKvo650DQwHA+UQHd6
+ 0lwBQ1aFrpTk+2b5mVgGGLp5dgFSTDSIsBbUBFQOXvuPX/S/n4eCwiq0sWJBNsam
+ wKTAC7nLnf9O1MX8NGXHQD01doJ2M19o7BoUsifxb0y2XorWDp23NqrSb2U+9A==
+ =xw0V
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAc7DD+ELFXtPiikXroB//qxDovIM8uUVXiY6/bCGDhyUw
+ 0XqwTBBntTkrxjPXSQIPuLosccZCLcqpawjCAeYKPNZmJSfhQ5ESl/iAD7wofT2V
+ 0lYBCaD9ciqJhB7nb0vh3Aoa4uphQ3EiS+PYi0Tyuo2r9MsoSv5BLGGHHaQDhvxK
+ 8FXpCyUk8oqBiJ4TRouaVvDcPUSaqWk9QQtxx1mgD0iIkPNnMXoPJA==
+ =3GJf
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//QR/3s7FObKxat5+yCwGERpelhkNVkwwaVl6nnyX1P2od
+ JrKHwmwgRaOpchQmlkbLwgPs9byiRc29sv8T72qAM0xQohKJq3TXXCGA2Wy4xzmn
+ tDK4m+kU/WA8qtBsJn+gfV9CkWXVmr1vnrE+oM32qNpDA5wTrEN2ueTnxkc6oiN8
+ O+rlJWkbtPBxt3o9OJfJLoidh+Ot+1aiLeg+9lrp7RdnuHcHiklwT3y+dLf2Dpje
+ SevPq5UDX1C9kbwCtQuvH11wO2Pss9IWfNhqgdltsnaEC02lFaiiZxiZL+lxb5+D
+ XcVn7o+iZUL5BjNn0Y1D17geXuIwFwOKWsRh59EsMMUU7rzK2WIeGz5eIbGcRHPw
+ MIOxhzHXH4DN1TIKLa3BoqMCaEa6FY4U5pWNAGcclOqSY5DmlmSgZxOSLijCpLCf
+ VRyWbDUiMVz6CA1dR5PtnGoIlAMk0W84SxWgjrsg5BE3zt1KeluAPkJbgD3wRTMj
+ uXq37kbIQvH80ocxjY1DyBkvz5xh21yBlUvQnMLc8gQg2C3Z8gQj9eexqJOt0z/g
+ DvW6t4ZfGncsqE5nKv+O4FiFc+xUKFt02pPI/hgqYPpXVYc8mmqD8A75dbi3fhEO
+ 5tTnEszoYZJucAF57aWNzpr+o/I3dP7SxrxbQbq9I4GO1omSkKeNFe/dQWKGzR/S
+ XAHR6DYe5ej+qdc9lcK/Lx8aA7/4b+O5jSKE0g1sJ2wEZdhNQbLM21YLGt4hFCk5
+ a/pJ9m8ShyHgQM5bab9z2MtSD/qL9yVGMfErU/UC9S9GCAvh2COAFx1vVRdv
+ =L/EP
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/inventories/z9/host_vars/yate.yaml b/inventories/z9/host_vars/yate.yaml
new file mode 100644
index 0000000..b73cfa6
--- /dev/null
+++ b/inventories/z9/host_vars/yate.yaml
@@ -0,0 +1,9 @@
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/compose.yaml.j2') }}"
+docker_compose__configuration_files:
+ - name: accfile.conf
+ content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/accfile.conf.j2') }}"
+ - name: regexroute.conf
+ content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/regexroute.conf.j2') }}"
+ - name: regfile.conf
+ content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/regfile.conf.j2') }}"
+docker_compose__restart_cmd: "exec yate sh -c 'kill -1 1'"
\ No newline at end of file
diff --git a/inventories/z9/hosts.yaml b/inventories/z9/hosts.yaml
index 0dde922..62cacf1 100644
--- a/inventories/z9/hosts.yaml
+++ b/inventories/z9/hosts.yaml
@@ -1,21 +1,51 @@
all:
hosts:
- light:
- ansible_host: light.z9.ccchh.net
- ansible_user: chaos
authoritative-dns:
ansible_host: authoritative-dns.z9.ccchh.net
ansible_user: chaos
-nginx_hosts:
- hosts:
+ dooris:
+ ansible_host: 10.31.208.201
+ ansible_user: chaos
light:
-ola_hosts:
+ ansible_host: light.z9.ccchh.net
+ ansible_user: chaos
+ thinkcccore0:
+ ansible_host: thinkcccore0.z9.ccchh.net
+ waybackproxy:
+ ansible_host: waybackproxy.ccchh.net
+ ansible_user: chaos
+ yate:
+ ansible_host: yate.ccchh.net
+ ansible_user: chaos
+certbot_hosts:
hosts:
- light:
+ dooris:
+docker_compose_hosts:
+ hosts:
+ dooris:
+ waybackproxy:
+ yate:
foobazdmx_hosts:
hosts:
light:
+hypervisors:
+ hosts:
+ thinkcccore0:
infrastructure_authorized_keys_hosts:
hosts:
+ dooris:
light:
authoritative-dns:
+ waybackproxy:
+ yate:
+nginx_hosts:
+ hosts:
+ dooris:
+ light:
+ waybackproxy:
+ola_hosts:
+ hosts:
+ light:
+proxmox_vm_template_hosts:
+ hosts:
+ thinkcccore0:
diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml
index d7dcdac..952aeec 100644
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@@ -70,5 +70,13 @@
- "o=Docker,n=${distro_codename}"
- "o=nginx,n=${distro_codename}"
+- name: Ensure Alloy is installed and Setup on alloy_hosts
+ hosts: alloy_hosts
+ become: true
+ tasks:
+ - name: Setup Alloy
+ ansible.builtin.include_role:
+ name: grafana.grafana.alloy
+
- name: Run ensure_eh22_styleguide_dir Playbook
ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml
diff --git a/playbooks/deploy_hypervisor.yaml b/playbooks/deploy_hypervisor.yaml
new file mode 100644
index 0000000..4d3200f
--- /dev/null
+++ b/playbooks/deploy_hypervisor.yaml
@@ -0,0 +1,61 @@
+- name: Ensure the VM template generation is set up
+ hosts: proxmox_vm_template_hosts
+ tasks:
+ - name: Ensure dependencies are present
+ ansible.builtin.apt:
+ name:
+ - git
+ - libguestfs-tools
+ become: true
+
+ - name: Ensure /usr/local/{lib,sbin} exist
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: directory
+ owner: root
+ group: root
+ mode: "0755"
+ become: true
+ loop:
+ - "/usr/local/lib/"
+ - "/usr/local/sbin/"
+
+ - name: Ensure the pve-template-vm repo is present
+ ansible.builtin.git:
+ repo: https://git.hamburg.ccc.de/CCCHH/pve-template-vm.git
+ dest: /usr/local/lib/pve-template-vm
+ version: main
+ force: true
+ depth: 1
+ single_branch: true
+ track_submodules: true
+ become: true
+
+ # /usr/local/sbin as the script uses qm, which is also found in /usr/sbin.
+ - name: Ensure symlink to build-proxmox-template exists in /usr/local/sbin
+ ansible.builtin.file:
+ src: /usr/local/lib/pve-template-vm/build-proxmox-template
+ dest: /usr/local/sbin/build-proxmox-template
+ state: link
+ owner: root
+ group: root
+ mode: '0755'
+ become: true
+
+ # This sets up a cron job running /usr/local/sbin/build-proxmox-template using the env vars defined in hypervisor__template_vm_config.
+ - name: Ensure cron job is present for building a fresh VM template every week on Friday 04:00
+ ansible.builtin.cron:
+ name: "ansible build proxmox template"
+ cron_file: ansible_build_proxmox_template
+ minute: 0
+ hour: 4
+ weekday: 5
+ user: root
+ job: "{% if hypervisor__template_vm_config is defined and hypervisor__template_vm_config | length > 0 %}\
+ /usr/bin/env \
+ {% for item in hypervisor__template_vm_config | default([]) %}\
+ {{ item.name }}=\"{{ item.value }}\" \
+ {% endfor %}\
+ {% endif %}\
+ /usr/local/sbin/build-proxmox-template"
+ become: true
diff --git a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
index e4ab5b6..c2108d8 100644
--- a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
@@ -6,8 +6,8 @@ services:
image: docker.io/library/mariadb:11
environment:
- "MARIADB_DATABASE=wordpress"
- - "MARIADB_ROOT_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_ROOT_PASSWORD", create=false, missing="error") }}"
- - "MARIADB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}"
+ - "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}"
+ - "MARIADB_PASSWORD={{ secret__wordpress_db_password }}"
- "MARIADB_USER=wordpress"
- "MARIADB_AUTO_UPGRADE=yes"
volumes:
@@ -23,7 +23,7 @@ services:
- "WORDPRESS_DB_NAME=wordpress"
- "WORDPRESS_DB_USER=wordpress"
- "WORDPRESS_TABLE_PREFIX=wp_"
- - "WORDPRESS_DB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}"
+ - "WORDPRESS_DB_PASSWORD={{ secret__wordpress_db_password }}"
volumes:
- wordpress:/var/www/html/wp-content
ports:
diff --git a/resources/chaosknoten/cloud/nextcloud/config.php.j2 b/resources/chaosknoten/cloud/nextcloud/config.php.j2
deleted file mode 100644
index 718bcb8..0000000
--- a/resources/chaosknoten/cloud/nextcloud/config.php.j2
+++ /dev/null
@@ -1,98 +0,0 @@
- '\\OC\\Memcache\\APCu',
- 'apps_paths' =>
- array (
- 0 =>
- array (
- 'path' => '/var/www/html/apps',
- 'url' => '/apps',
- 'writable' => false,
- ),
- 1 =>
- array (
- 'path' => '/var/www/html/custom_apps',
- 'url' => '/custom_apps',
- 'writable' => true,
- ),
- ),
- 'instanceid' => 'oc9uqhr7buka',
- 'passwordsalt' => 'SK2vmQeTEHrkkwx9K+hC1WX33lPJDs',
- 'secret' => '3dBt5THD2ehg0yWdVDAvMmsY8yLtrfk/gE560lkMqYqgh6lu',
- 'trusted_domains' =>
- array (
- 0 => 'cloud.hamburg.ccc.de',
- ),
- 'datadirectory' => '/var/www/html/data',
- 'dbtype' => 'mysql',
- 'version' => '25.0.9.2',
- 'overwrite.cli.url' => 'https://cloud.hamburg.ccc.de',
- 'dbname' => 'nextcloud',
- 'dbhost' => 'database',
- 'dbport' => '',
- 'dbtableprefix' => 'oc_',
- 'mysql.utf8mb4' => true,
- 'dbuser' => 'nextcloud',
- 'dbpassword' => 'TdBLMQQeKbz1zab3sySUsGxo3',
- 'installed' => true,
- // Some Nextcloud options that might make sense here
- 'allow_user_to_change_display_name' => false,
- 'lost_password_link' => 'disabled',
- // URL of provider. All other URLs are auto-discovered from .well-known
- 'oidc_login_provider_url' => 'https://id.ccchh.net/realms/ccchh',
- // Client ID and secret registered with the provider
- 'oidc_login_client_id' => 'cloud',
- 'oidc_login_client_secret' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/kc-client-secret", create=false, missing="error") }}',
- // Automatically redirect the login page to the provider
- 'oidc_login_auto_redirect' => true,
- // Redirect to this page after logging out the user
- //'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
- // If set to true the user will be redirected to the
- // logout endpoint of the OIDC provider after logout
- // in Nextcloud. After successfull logout the OIDC
- // provider will redirect back to 'oidc_login_logout_url' (MUST be set).
- 'oidc_login_end_session_redirect' => true,
- // Quota to assign if no quota is specified in the OIDC response (bytes)
- //
- // NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to
- // zero or -1 or ''.
- 'oidc_login_default_quota' => '1000000000',
- // Login button text
- 'oidc_login_button_text' => 'Log in via id.ccchh.net',
- // Hide the NextCloud password change form.
- 'oidc_login_hide_password_form' => false,
- // Use ID Token instead of UserInfo
- 'oidc_login_use_id_token' => false,
- 'oidc_login_attributes' => array (
- 'id' => 'preferred_username',
- 'name' => 'name',
- 'mail' => 'email',
- 'quota' => 'ownCloudQuota',
- 'home' => 'homeDirectory',
- 'ldap_uid' => 'uid',
- 'groups' => 'ownCloudGroups',
- 'login_filter' => 'realm_access_roles',
- 'photoURL' => 'picture',
- 'is_admin' => 'ownCloudAdmin',
- ),
- // Default group to add users to (optional, defaults to nothing)
- //'oidc_login_default_group' => 'oidc',
- 'oidc_login_filter_allowed_values' => null,
- // Set OpenID Connect scope
- 'oidc_login_scope' => 'openid profile',
- // The `id` attribute in `oidc_login_attributes` must return the
- // "Internal Username" (see expert settings in LDAP integration)
- 'oidc_login_proxy_ldap' => false,
- // Fallback to direct login if login from OIDC fails
- // Note that no error message will be displayed if enabled
- 'oidc_login_disable_registration' => false,
- //'oidc_login_redir_fallback' => false,
- // If you get your groups from the oidc_login_attributes, you might want
- // to create them if they are not already existing, Default is `false`.
- 'oidc_create_groups' => true,
- // Enable use of WebDAV via OIDC bearer token.
- 'oidc_login_webdav_enabled' => true,
- // Enable authentication with user/password for DAV clients that do not
- // support token authentication (e.g. DAVx⁵)
- 'oidc_login_password_authentication' => false,
-);
\ No newline at end of file
diff --git a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
index 7e6ad56..8832381 100644
--- a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
+++ b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
@@ -11,7 +11,7 @@ $CONFIG = array (
'mail_smtpname' => 'no-reply@cloud.hamburg.ccc.de',
'mail_from_address' => 'no-reply',
'mail_domain' => 'cloud.hamburg.ccc.de',
- 'mail_smtppassword' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/smtp_password", create=false, missing="error") }}',
+ 'mail_smtppassword' => '{{ secret__nextcloud_smtp_password }}',
'mail_smtpdebug' => true,
'maintenance_window_start' => 1,
);
diff --git a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 b/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2
deleted file mode 100644
index 56995ca..0000000
--- a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2
+++ /dev/null
@@ -1,60 +0,0 @@
-ALLOWED_HOSTS = [ "netbox.eh22.easterhegg.eu" ]
-DATABASE = {
- "HOST": "localhost",
- "NAME": "netbox",
- "USER": "netbox",
- "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}",
-}
-REDIS = {
- "tasks": {
- "HOST": "localhost",
- "PORT": 6379,
- "USERNAME": "",
- "PASSWORD": "",
- "DATABASE": 0,
- "SSL": False,
- },
- "caching": {
- "HOST": "localhost",
- "PORT": 6379,
- "USERNAME": "",
- "PASSWORD": "",
- "DATABASE": 1,
- "SSL": False,
- },
-}
-SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SECRET_KEY', create=false, missing='error') }}"
-SESSION_COOKIE_SECURE = True
-
-# CCCHH ID (Keycloak) integration.
-# https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7
-# https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html
-REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2"
-SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = (
- "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
-)
-SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = (
- "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
-)
-SOCIAL_AUTH_KEYCLOAK_KEY = "eh22-netbox"
-SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB"
-SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}"
-# Use custom OIDC group and role mapping pipeline functions added in via
-# netbox__custom_pipeline_oidc_group_and_role_mapping.
-# The default pipeline this is based on can be found here:
-# https://github.com/netbox-community/netbox/blob/main/netbox/netbox/settings.py
-SOCIAL_AUTH_PIPELINE = [
- "social_core.pipeline.social_auth.social_details",
- "social_core.pipeline.social_auth.social_uid",
- "social_core.pipeline.social_auth.social_user",
- "social_core.pipeline.user.get_username",
- "social_core.pipeline.user.create_user",
- "social_core.pipeline.social_auth.associate_user",
- "netbox.authentication.user_default_groups_handler",
- "social_core.pipeline.social_auth.load_extra_data",
- "social_core.pipeline.user.user_details",
- # Custom OIDC group and role mapping functions.
- "netbox.custom_pipeline_oidc_mapping.add_groups",
- "netbox.custom_pipeline_oidc_mapping.remove_groups",
- "netbox.custom_pipeline_oidc_mapping.set_roles",
-]
diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
index 83aeaad..51aeb63 100644
--- a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
+++ b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
@@ -3,38 +3,84 @@
# - https://github.com/prometheus/alertmanager/blob/48a99764a1fc9279fc828de83e7a03ae2219abc7/doc/examples/simple.yml
route:
- group_by: ["alertname", "site", "type", "hypervisor"]
-
+ receiver: 'ccchh-infrastructure-alerts'
+ group_by: [ "alertname", "site", "type", "hypervisor" ]
group_wait: 30s
group_interval: 5m
- repeat_interval: 3h
-
- receiver: ccchh-infrastructure-alerts
-
-
-{# Disable these for now, but might be interesting in the future.
-# Inhibition rules allow to mute a set of alerts given that another alert is
-# firing.
-# We use this to mute any warning-level notifications if the same alert is
-# already critical.
-inhibit_rules:
- - source_matchers: [severity="critical"]
- target_matchers: [severity="warning"]
- # Apply inhibition if the alertname is the same.
- # CAUTION:
- # If all label names listed in `equal` are missing
- # from both the source and target alerts,
- # the inhibition rule will apply!
- equal: [alertname, cluster, service] #}
+ repeat_interval: 6h
+ routes:
+ - receiver: "null"
+ matchers:
+ - sendAlert = "false"
+ - receiver: ntfy-ccchh-critical
+ matchers:
+ - org = "ccchh"
+ - severity = "critical",
+ repeat_interval: 18h
+ continue: true
+ - receiver: ntfy-ccchh
+ matchers:
+ - org = "ccchh"
+ - severity =~ "info|warning",
+ repeat_interval: 36h
+ continue: true
+ - receiver: ntfy-fux-critical
+ matchers:
+ - org = "fux"
+ - severity = "critical",
+ repeat_interval: 18h
+ continue: true
+ - receiver: email-fux-critical
+ matchers:
+ - org = "fux"
+ - severity = "critical",
+ repeat_interval: 36h
+ continue: true
+ - receiver: ntfy-fux
+ matchers:
+ - org = "fux"
+ - severity =~ "info|warning",
+ repeat_interval: 36h
+ continue: true
+ - receiver: ccchh-infrastructure-alerts
+ matchers:
+ - org = "ccchh"
+ - severity =~ "info|warning|critical"
templates:
- "/etc/alertmanager/templates/*.tmpl"
receivers:
+ - name: "null"
- name: "ccchh-infrastructure-alerts"
telegram_configs:
- send_resolved: true
- bot_token: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/alertmanager_telegram_bot_token", create=false, missing="error") }}
+ bot_token: {{ secret__alertmanager_telegram_bot_token }}
chat_id: -1002434372415
parse_mode: HTML
message: {{ "'{{ template \"alert-message.telegram.ccchh\" . }}'" }}
+
+ - name: "ntfy-ccchh-critical"
+ webhook_configs:
+ - url: "http://ntfy-alertmanager-ccchh-critical:8000"
+
+ - name: "ntfy-fux-critical"
+ webhook_configs:
+ - url: "http://ntfy-alertmanager-fux-critical:8001"
+
+ - name: "ntfy-ccchh"
+ webhook_configs:
+ - url: "http://ntfy-alertmanager-ccchh:8010"
+
+ - name: "ntfy-fux"
+ webhook_configs:
+ - url: "http://ntfy-alertmanager-fux:8011"
+
+ - name: "email-fux-critical"
+ email_configs:
+ - send_resolved: true
+ to: "stb@lassitu.de,fux@zimdahl.org"
+ from: "alert-manager@hamburg.ccc.de"
+ smarthost: "cow.hamburg.ccc.de:587"
+ auth_username: "alert-manager@hamburg.ccc.de"
+ auth_password: {{ secret__alert_manager_email_password }}
diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl b/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
index 5318fb0..3e97e6e 100644
--- a/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
+++ b/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
@@ -20,16 +20,25 @@ Links & Resources
{{ define "alert-message.telegram.ccchh" }}
-{{- if .Alerts.Firing }}
-🔥{{ len .Alerts.Firing }} Alert(/s) Firing 🔥
-{{ range .Alerts.Firing -}}
-{{ template "alert-item.telegram.ccchh.internal" . }}
-{{- end }}
-{{- end }}
-{{- if .Alerts.Resolved }}
-✅{{ len .Alerts.Resolved }} Alert(/s) Resolved ✅
-{{ range .Alerts.Resolved -}}
-{{ template "alert-item.telegram.ccchh.internal" . }}
-{{- end }}
-{{- end }}
+ {{- if .Alerts.Firing }}
+ 🔥{{ len .Alerts.Firing }} Alert(/s) Firing 🔥
+ {{- if le (len .Alerts.Firing) 5 }}
+ {{- range .Alerts.Firing }}
+ {{ template "alert-item.telegram.ccchh.internal" . }}
+ {{- end }}
+ {{- else }}
+ There are too many alerts firing at once
+ {{- end }}
+ {{- end }}
+
+ {{- if .Alerts.Resolved }}
+ ✅{{ len .Alerts.Resolved }} Alert(/s) Resolved ✅
+ {{- if le (len .Alerts.Resolved) 5 }}
+ {{- range .Alerts.Resolved }}
+ {{ template "alert-item.telegram.ccchh.internal" . }}
+ {{- end }}
+ {{- else }}
+ There are too many resolved alerts to list
+ {{- end }}
+ {{- end }}
{{- end }}
diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
index 3e994dc..1683b79 100644
--- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
@@ -6,14 +6,17 @@ services:
container_name: prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
+ - '--web.enable-remote-write-receiver'
+ - '--enable-feature=promql-experimental-functions'
ports:
- 9090:9090
restart: unless-stopped
volumes:
- ./configs/prometheus.yml:/etc/prometheus/prometheus.yml
- ./configs/prometheus_alerts.rules.yaml:/etc/prometheus/rules/alerts.rules.yaml
+ - ./configs/prometheus_alerts-fux.rules.yaml:/etc/prometheus/rules/alerts-fux.rules.yaml
- prom_data:/prometheus
-
+
alertmanager:
image: prom/alertmanager
container_name: alertmanager
@@ -35,7 +38,7 @@ services:
restart: unless-stopped
environment:
- GF_SECURITY_ADMIN_USER=admin
- - "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/GF_SECURITY_ADMIN_PASSWORD", create=false, missing="error") }}"
+ - "GF_SECURITY_ADMIN_PASSWORD={{ secret__grafana_gf_security_admin_password }}"
volumes:
- ./configs/grafana.ini:/etc/grafana/grafana.ini
- ./configs/grafana-datasource.yml:/etc/grafana/provisioning/datasources/datasource.yml
@@ -49,13 +52,61 @@ services:
restart: unless-stopped
environment:
- PVE_USER=grafana@pve
- - "PVE_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/prometheus-exporter", create=false, missing="error") }}"
+ - "PVE_PASSWORD={{ secret__prometheus_pve_exporter_pve_password }}"
- PVE_VERIFY_SSL=false
volumes:
- /dev/null:/etc/prometheus/pve.yml
+ loki:
+ image: grafana/loki:3
+ container_name: loki
+ ports:
+ - 13100:3100
+ - 19099:9099
+ restart: unless-stopped
+ volumes:
+ - ./configs/loki.yaml:/etc/loki/local-config.yaml
+ - loki_data:/var/loki
+
+ ntfy-alertmanager-ccchh-critical:
+ image: xenrox/ntfy-alertmanager:latest
+ container_name: ntfy-alertmanager-ccchh-critical
+ volumes:
+ - ./configs/ntfy-alertmanager-ccchh-critical:/etc/ntfy-alertmanager/config
+ ports:
+ - 8000:8000
+ restart: unless-stopped
+
+ ntfy-alertmanager-fux-critical:
+ image: xenrox/ntfy-alertmanager:latest
+ container_name: ntfy-alertmanager-fux-critical
+ volumes:
+ - ./configs/ntfy-alertmanager-fux-critical:/etc/ntfy-alertmanager/config
+ ports:
+ - 8001:8001
+ restart: unless-stopped
+
+ ntfy-alertmanager-ccchh:
+ image: xenrox/ntfy-alertmanager:latest
+ container_name: ntfy-alertmanager-ccchh
+ volumes:
+ - ./configs/ntfy-alertmanager-ccchh:/etc/ntfy-alertmanager/config
+ ports:
+ - 8010:8010
+ restart: unless-stopped
+
+ ntfy-alertmanager-fux:
+ image: xenrox/ntfy-alertmanager:latest
+ container_name: ntfy-alertmanager-fux
+ volumes:
+ - ./configs/ntfy-alertmanager-fux:/etc/ntfy-alertmanager/config
+ ports:
+ - 8011:8011
+ restart: unless-stopped
volumes:
graf_data: {}
prom_data: {}
alertmanager_data: {}
+ loki_data: {}
+ mimir_data: {}
diff --git a/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml b/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
index 44999d4..3cb6995 100644
--- a/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
+++ b/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
@@ -7,3 +7,14 @@ datasources:
isDefault: true
access: proxy
editable: true
+ - name: Loki
+ type: loki
+ url: http://loki:3100
+ access: proxy
+ editable: true
+ jsonData:
+ timeout: 60
+ maxLines: 3000
+ httpHeaderName1: "X-Scope-OrgID"
+ secureJsonData:
+ httpHeaderValue1: "chaos"
diff --git a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2 b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
index 65f7bed..af5b848 100644
--- a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
+++ b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
@@ -11,7 +11,7 @@ auto_login = true
name = id.hamburg.ccc.de
allow_sign_up = true
client_id = grafana
-client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
+client_secret = {{ secret__grafana_keycloak_secret }}
scopes = openid email profile offline_access roles
email_attribute_path = email
login_attribute_path = username
diff --git a/resources/chaosknoten/grafana/docker_compose/loki.yaml b/resources/chaosknoten/grafana/docker_compose/loki.yaml
new file mode 100644
index 0000000..daf214f
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/loki.yaml
@@ -0,0 +1,52 @@
+auth_enabled: true
+
+server:
+ http_listen_port: 3100
+ grpc_listen_port: 9099
+ log_level: warn
+
+limits_config:
+ retention_period: 14d
+
+common:
+ instance_addr: 127.0.0.1
+ path_prefix: /var/loki
+ storage:
+ filesystem:
+ chunks_directory: /var/loki/chunks
+ rules_directory: /var/loki/rules
+ replication_factor: 1
+ ring:
+ kvstore:
+ store: inmemory
+
+storage_config:
+ filesystem:
+ directory: /var/loki/chunks
+ index_queries_cache_config:
+ embedded_cache:
+ enabled: true
+ max_size_mb: 80
+ ttl: 30m
+
+schema_config:
+ configs:
+ - from: 2025-04-28
+ store: tsdb
+ object_store: filesystem
+ schema: v13
+ index:
+ prefix: index_
+ period: 24h
+
+chunk_store_config:
+ chunk_cache_config:
+ embedded_cache:
+ enabled: true
+ max_size_mb: 80
+ ttl: 30m
+ write_dedupe_cache_config:
+ embedded_cache:
+ enabled: true
+ max_size_mb: 80
+ ttl: 30m
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2
new file mode 100644
index 0000000..b4afc90
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2
@@ -0,0 +1,48 @@
+base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-ccchh-critical
+http-address :8000
+log-level info
+log-format text
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode)
+# Options: single, multi
+# Default: multi
+alert-mode single
+
+labels {
+ order "severity"
+
+ severity "critical" {
+ priority 4
+ tags "rotating_light"
+ }
+
+ severity "warning" {
+ priority 3
+ tags "warning"
+ }
+
+ severity "info" {
+ priority 1
+ }
+}
+
+resolved {
+ tags "white_check_mark,resolved"
+ priority 2
+}
+
+ntfy {
+ server https://ntfy.hamburg.ccc.de
+ topic ccchh-alertmanager-critical
+ access-token {{ secret__ntfy_token }}
+}
+
+alertmanager {
+ silence-duration 3h
+}
+
+cache {
+ type memory
+ duration 12h
+ cleanup-interval 1h
+}
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2
new file mode 100644
index 0000000..66fd9ab
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2
@@ -0,0 +1,48 @@
+base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-ccchh
+http-address :8010
+log-level info
+log-format text
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode)
+# Options: single, multi
+# Default: multi
+alert-mode single
+
+labels {
+ order "severity"
+
+ severity "critical" {
+ priority 4
+ tags "rotating_light"
+ }
+
+ severity "warning" {
+ priority 3
+ tags "warning"
+ }
+
+ severity "info" {
+ priority 1
+ }
+}
+
+resolved {
+ tags "white_check_mark,resolved"
+ priority 2
+}
+
+ntfy {
+ server https://ntfy.hamburg.ccc.de
+ topic ccchh-alertmanager
+ access-token {{ secret__ntfy_token }}
+}
+
+alertmanager {
+ silence-duration 3h
+}
+
+cache {
+ type memory
+ duration 12h
+ cleanup-interval 1h
+}
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2
new file mode 100644
index 0000000..afb6cc8
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2
@@ -0,0 +1,48 @@
+base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-fux-critical
+http-address :8001
+log-level info
+log-format text
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode)
+# Options: single, multi
+# Default: multi
+alert-mode single
+
+labels {
+ order "severity"
+
+ severity "critical" {
+ priority 4
+ tags "rotating_light"
+ }
+
+ severity "warning" {
+ priority 3
+ tags "warning"
+ }
+
+ severity "info" {
+ priority 1
+ }
+}
+
+resolved {
+ tags "white_check_mark,resolved"
+ priority 2
+}
+
+ntfy {
+ server https://ntfy.hamburg.ccc.de
+ topic fux-alertmanager-critical
+ access-token {{ secret__ntfy_token }}
+}
+
+alertmanager {
+ silence-duration 3h
+}
+
+cache {
+ type memory
+ duration 12h
+ cleanup-interval 1h
+}
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2
new file mode 100644
index 0000000..1e506a3
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2
@@ -0,0 +1,48 @@
+base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-fux
+http-address :8011
+log-level info
+log-format text
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode)
+# Options: single, multi
+# Default: multi
+alert-mode single
+
+labels {
+ order "severity"
+
+ severity "critical" {
+ priority 4
+ tags "rotating_light"
+ }
+
+ severity "warning" {
+ priority 3
+ tags "warning"
+ }
+
+ severity "info" {
+ priority 1
+ }
+}
+
+resolved {
+ tags "white_check_mark,resolved"
+ priority 2
+}
+
+ntfy {
+ server https://ntfy.hamburg.ccc.de
+ topic fux-alertmanager
+ access-token {{ secret__ntfy_token }}
+}
+
+alertmanager {
+ silence-duration 3h
+}
+
+cache {
+ type memory
+ duration 12h
+ cleanup-interval 1h
+}
diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus.yml b/resources/chaosknoten/grafana/docker_compose/prometheus.yml
index 5f6232f..fd59034 100644
--- a/resources/chaosknoten/grafana/docker_compose/prometheus.yml
+++ b/resources/chaosknoten/grafana/docker_compose/prometheus.yml
@@ -1,12 +1,12 @@
global:
- scrape_interval: 15s
- scrape_timeout: 10s
- evaluation_interval: 15s
+ scrape_interval: 60s
+ scrape_timeout: 15s
+ evaluation_interval: 30s
alerting:
alertmanagers:
- scheme: http
- timeout: 10s
+ timeout: 15s
static_configs:
- targets:
- "alertmanager:9093"
@@ -22,6 +22,8 @@ scrape_configs:
static_configs:
- targets:
- localhost:9090
+ labels:
+ org: ccchh
- job_name: alertmanager
honor_timestamps: true
metrics_path: /metrics
@@ -29,6 +31,8 @@ scrape_configs:
static_configs:
- targets:
- alertmanager:9093
+ labels:
+ org: ccchh
- job_name: mumble
honor_timestamps: true
scrape_interval: 5s
@@ -38,6 +42,8 @@ scrape_configs:
static_configs:
- targets:
- mumble.hamburg.ccc.de:443
+ labels:
+ org: ccchh
- job_name: opnsense-ccchh
honor_timestamps: true
metrics_path: /metrics
@@ -45,6 +51,8 @@ scrape_configs:
static_configs:
- targets:
- 185.161.129.132:9100
+ labels:
+ org: ccchh
- job_name: jitsi
honor_timestamps: true
scrape_interval: 5s
@@ -54,10 +62,14 @@ scrape_configs:
static_configs:
- targets:
- jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge
+ labels:
+ org: ccchh
- job_name: 'pve'
static_configs:
- targets:
- 212.12.48.126 # chaosknoten
+ labels:
+ org: ccchh
metrics_path: /pve
params:
module: [ default ]
@@ -74,6 +86,7 @@ scrape_configs:
static_configs:
# Wieske Chaosknoten VMs
- labels:
+ org: ccchh
site: wieske
type: virtual_machine
hypervisor: chaosknoten
@@ -83,7 +96,6 @@ scrape_configs:
- public-web-static-intern.hamburg.ccc.de:9100
- git-intern.hamburg.ccc.de:9100
- forgejo-actions-runner-intern.hamburg.ccc.de:9100
- - eh22-netbox-intern.hamburg.ccc.de:9100
- eh22-wiki-intern.hamburg.ccc.de:9100
- mjolnir-intern.hamburg.ccc.de:9100
- woodpecker-intern.hamburg.ccc.de:9100
@@ -99,7 +111,13 @@ scrape_configs:
- zammad-intern.hamburg.ccc.de:9100
- pretalx-intern.hamburg.ccc.de:9100
- labels:
+ org: ccchh
site: wieske
type: physical_machine
targets:
- chaosknoten.hamburg.ccc.de:9100
+
+
+storage:
+ tsdb:
+ out_of_order_time_window: 90m
diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml
new file mode 100644
index 0000000..b1836a3
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml
@@ -0,0 +1,41 @@
+groups:
+ - name: Fux-Generic
+ rules:
+ - alert: HostJobFlaky
+ expr: group by(instance, job) (changes(up{org="fux"}[24h]) > 7)
+ for: 0m
+ labels:
+ severity: info
+ org: fux
+ annotations:
+ summary: Job {{ $labels.job }} flaky on (instance {{ $labels.instance }})
+ description: "The job {{ $labels.job }} on target: {{ $labels.instance }} has been flaky over the last 24 hours."
+ - name: Fux-SNMP
+ rules:
+ - alert: SnmpTargetMissing
+ expr: up{job=~".*snmp.*", org="fux"} == 0
+ for: 15m
+ labels:
+ severity: critical
+ org: fux
+ annotations:
+ summary: SNMP target missing (instance {{ $labels.instance }})
+ description: "SNMP target: {{ $labels.instance }} has disappeared for more the 15 min."
+ - name: Fux-DHCP
+ rules:
+ - alert: DhcpFuxSharedFailed
+ expr: script_success{script="check_dhcp_fux_shared"} == 0
+ for: 2m
+ labels:
+ severity: critical
+ annotations:
+ summary: DHCP for Fux Shared stoped working
+ description: "No DHCP lease for the Fux Shared range was received \n V"
+ - alert: DhcpFuxAdminFailed
+ expr: script_success{script_success="check_dhcp_fux_admin"} == 0
+ for: 2m
+ labels:
+ severity: critical
+ annotations:
+ summary: DHCP for Fux Admin stoped working
+ description: "No DHCP lease for the Fux Admin range was received"
diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
index 5ec53b8..4a2bc6f 100644
--- a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
+++ b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
@@ -196,9 +196,9 @@ groups:
# Same rule using "node_filesystem_free_bytes" will fire when disk fills for non-root users.
- alert: HostDiskWillFillIn24Hours
expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) predict_linear(node_filesystem_avail_bytes{fstype!~"tmpfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
- for: 2m
+ for: 5m
labels:
- severity: warning
+ severity: critical
annotations:
summary: Host disk will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of space within the next 24 hours at current write rate\n VALUE = {{ $value }}"
@@ -212,9 +212,9 @@ groups:
description: "Disk is almost running out of available inodes (< 10% left)\n VALUE = {{ $value }}"
- alert: HostInodesWillFillIn24Hours
expr: (node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
- for: 2m
+ for: 5m
labels:
- severity: warning
+ severity: critical
annotations:
summary: Host inodes will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of inodes within the next 24 hours at current write rate\n VALUE = {{ $value }}"
@@ -362,7 +362,7 @@ groups:
expr: (node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
for: 0m
labels:
- severity: warning
+ severity: critical
annotations:
summary: Host systemd service crashed (instance {{ $labels.instance }})
description: "systemd service crashed\n VALUE = {{ $value }}"
@@ -410,7 +410,7 @@ groups:
summary: Prometheus job missing (instance {{ $labels.instance }})
description: "A Prometheus job has disappeared\n VALUE = {{ $value }}"
- alert: PrometheusTargetMissing
- expr: up == 0
+ expr: up{job!~"snmp|noc_room_temp"} == 0
for: 0m
labels:
severity: critical
@@ -418,7 +418,7 @@ groups:
summary: Prometheus target missing (instance {{ $labels.instance }})
description: "A Prometheus target has disappeared. An exporter might be crashed.\n VALUE = {{ $value }}"
- alert: PrometheusAllTargetsMissing
- expr: sum by (job) (up) == 0
+ expr: sum by (job) (up{job!~"snmp|noc_room_temp"}) == 0
for: 0m
labels:
severity: critical
@@ -438,6 +438,7 @@ groups:
for: 0m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus too many restarts (instance {{ $labels.instance }})
description: "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping.\n VALUE = {{ $value }}"
@@ -446,6 +447,7 @@ groups:
for: 0m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus AlertManager job missing (instance {{ $labels.instance }})
description: "A Prometheus AlertManager job has disappeared\n VALUE = {{ $value }}"
@@ -454,6 +456,7 @@ groups:
for: 0m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus AlertManager configuration reload failure (instance {{ $labels.instance }})
description: "AlertManager configuration reload error\n VALUE = {{ $value }}"
@@ -462,6 +465,7 @@ groups:
for: 0m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus AlertManager config not synced (instance {{ $labels.instance }})
description: "Configurations of AlertManager cluster instances are out of sync\n VALUE = {{ $value }}"
@@ -479,6 +483,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus not connected to alertmanager (instance {{ $labels.instance }})
description: "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}"
@@ -487,6 +492,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus rule evaluation failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}"
@@ -495,6 +501,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus template text expansion failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}"
@@ -503,6 +510,7 @@ groups:
for: 5m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus rule evaluation slow (instance {{ $labels.instance }})
description: "Prometheus rule evaluation took more time than the scheduled interval. It indicates a slower storage backend access or too complex query.\n VALUE = {{ $value }}"
@@ -519,6 +527,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus AlertManager notification failing (instance {{ $labels.instance }})
description: "Alertmanager is failing sending notifications\n VALUE = {{ $value }}"
@@ -527,6 +536,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus target empty (instance {{ $labels.instance }})
description: "Prometheus has no target in service discovery\n VALUE = {{ $value }}"
@@ -535,6 +545,7 @@ groups:
for: 5m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus target scraping slow (instance {{ $labels.instance }})
description: "Prometheus is scraping exporters slowly since it exceeded the requested interval time. Your Prometheus server is under-provisioned.\n VALUE = {{ $value }}"
@@ -575,6 +586,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus TSDB compactions failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB compactions failures\n VALUE = {{ $value }}"
@@ -583,6 +595,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus TSDB head truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB head truncation failures\n VALUE = {{ $value }}"
@@ -591,6 +604,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus TSDB reload failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB reload failures\n VALUE = {{ $value }}"
@@ -599,6 +613,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus TSDB WAL corruptions (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL corruptions\n VALUE = {{ $value }}"
@@ -607,14 +622,16 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus TSDB WAL truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL truncation failures\n VALUE = {{ $value }}"
- alert: PrometheusTimeseriesCardinality
- expr: label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 10000
+ expr: label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 20000
for: 0m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus timeseries cardinality (instance {{ $labels.instance }})
description: "The \"{{ $labels.name }}\" timeseries cardinality is getting very high: {{ $value }}\n VALUE = {{ $value }}"
diff --git a/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf
index a3218d1..c5b68e1 100644
--- a/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf
@@ -2,7 +2,8 @@
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
# Listen on a custom port for the proxy protocol.
- listen 8443 ssl http2 proxy_protocol;
+ listen 8443 ssl proxy_protocol;
+ http2 on;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
@@ -40,4 +41,71 @@ server {
proxy_pass http://127.0.0.1:3000/;
}
+ location /ntfy-alertmanager-ccchh-critical/ {
+ deny all;
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ proxy_pass http://127.0.0.1:8000/;
+ }
+
+ location /ntfy-alertmanager-ccchh/ {
+ deny all;
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ proxy_pass http://127.0.0.1:8010/;
+ }
+
+ location /ntfy-alertmanager-fux-critical/ {
+ deny all;
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ proxy_pass http://127.0.0.1:8001/;
+ }
+
+ location /ntfy-alertmanager-fux/ {
+ deny all;
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ proxy_pass http://127.0.0.1:8011/;
+ }
}
diff --git a/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
new file mode 100644
index 0000000..e2bf4a7
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
@@ -0,0 +1,89 @@
+server {
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+
+ deny all;
+
+ server_name loki.hamburg.ccc.de;
+
+ listen [::]:50051 ssl;
+ listen 172.31.17.145:50051 ssl;
+
+ http2 on;
+
+ client_body_buffer_size 512k;
+
+ ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
+
+ auth_basic "loki";
+ auth_basic_user_file loki.htpasswd;
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Port 9099;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header X-Scope-OrgID $remote_user;
+ grpc_pass grpc://localhost:19099;
+ }
+}
+
+server {
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ deny all;
+
+ server_name loki.hamburg.ccc.de;
+
+ listen [::]:443 ssl;
+ listen 172.31.17.145:443 ssl;
+
+ http2 on;
+
+ client_body_buffer_size 512k;
+
+ ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
+ # verify chain of trust of OCSP response using Root CA and Intermediate certs
+ ssl_trusted_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/chain.pem;
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ auth_basic "loki";
+ auth_basic_user_file loki.htpasswd;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header X-Scope-OrgID $remote_user;
+ proxy_pass http://127.0.0.1:13100;
+ }
+}
diff --git a/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2 b/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2
new file mode 100644
index 0000000..ed270c2
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2
@@ -0,0 +1 @@
+chaos:{{ secret__loki_chaos_basic_auth }}
diff --git a/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
new file mode 100644
index 0000000..2c52523
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
@@ -0,0 +1,61 @@
+server {
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ # fuxnoc
+ allow 2a07:c481:0:1::/64;
+ deny all;
+
+ server_name metrics.hamburg.ccc.de;
+
+ listen [::]:443 ssl;
+ listen 172.31.17.145:443 ssl;
+ http2 on;
+
+ client_body_buffer_size 512k;
+
+ ssl_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/metrics.hamburg.ccc.de/privkey.pem;
+ # verify chain of trust of OCSP response using Root CA and Intermediate certs
+ ssl_trusted_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/chain.pem;
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ auth_basic "metrics";
+ auth_basic_user_file metrics.htpasswd;
+
+ location /api/v1/write {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Port 3100;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_pass http://127.0.0.1:9090;
+ }
+
+ location /ready {
+ rewrite ^ /-/ready break;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_pass http://127.0.0.1:9090;
+ }
+}
diff --git a/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2 b/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2
new file mode 100644
index 0000000..f680572
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2
@@ -0,0 +1,2 @@
+chaos:{{ secret__metrics_chaos_basic_auth }}
+fux:{{ secret__metrics_fux_basic_auth }}
diff --git a/resources/chaosknoten/grafana/nginx/redirect.conf b/resources/chaosknoten/grafana/nginx/redirect.conf
new file mode 100644
index 0000000..28b265a
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/redirect.conf
@@ -0,0 +1,14 @@
+# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+
+ location /.well-known/acme-challenge/ {
+ proxy_pass http://127.0.0.1:31820/.well-known/acme-challenge/;
+ }
+}
diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
index 9509654..227db64 100644
--- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
@@ -22,7 +22,7 @@
services:
keycloak:
- image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.0
+ image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.2
pull_policy: always
restart: unless-stopped
command: start --optimized
@@ -32,11 +32,11 @@ services:
- keycloak
environment:
KEYCLOAK_ADMIN: admin
- KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
+ KEYCLOAK_ADMIN_PASSWORD: {{ secret__keycloak_admin_password }}
KC_DB: postgres
KC_DB_URL_HOST: db
KC_DB_USERNAME: keycloak
- KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
+ KC_DB_PASSWORD: {{ secret__keycloak_db_password }}
KC_HOSTNAME: https://id.hamburg.ccc.de
KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
@@ -46,7 +46,7 @@ services:
- "8080:8080"
db:
- image: postgres:15.2
+ image: postgres:15.13
restart: unless-stopped
networks:
- keycloak
@@ -54,7 +54,7 @@ services:
- "./database:/var/lib/postgresql/data"
environment:
POSTGRES_USER: keycloak
- POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
+ POSTGRES_PASSWORD: {{ secret__keycloak_db_password }}
POSTGRES_DB: keycloak
id-invite-web:
@@ -76,10 +76,10 @@ services:
- "IDINVITE_URL=https://invite.hamburg.ccc.de"
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
- "IDINVITE_VALID_HOURS=50"
- - "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}"
+ - "IDINVITE_SECRET={{ secret__idinvite_token_secret }}"
- "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
- "IDINVITE_CLIENT_ID=id-invite"
- - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
+ - "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
- "MAIL_FROM=no-reply@hamburg.ccc.de"
- "BOTTLE_HOST=0.0.0.0"
@@ -96,7 +96,7 @@ services:
- "MAIL_FROM=no-reply@id.hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
- - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}"
+ - "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}"
id-invite-keycloak:
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
@@ -107,10 +107,10 @@ services:
environment:
- "BOTTLE_HOST=0.0.0.0"
- "IDINVITE_CLIENT_ID=id-invite"
- - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
+ - "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
- "KEYCLOAK_API_URL=http://keycloak:8080"
- "KEYCLOAK_API_USERNAME=id-invite"
- - "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}"
+ - "KEYCLOAK_API_PASSWORD={{ secret__idinvite_admin_password }}"
- "KEYCLOAK_API_REALM=ccchh"
- 'KEYCLOAK_GROUPS=["user"]'
diff --git a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
index 372715d..2b0d919 100644
--- a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
@@ -43,6 +43,7 @@ server {
allow 185.161.129.132/32; # z9
allow 2a07:c480:0:100::/56; # z9
+ allow 2a07:c481:1::/48; # z9 new ipv6
allow 213.240.180.39/32; # stbe home
allow 2a01:170:118b::1/64; # stbe home
deny all;
diff --git a/resources/chaosknoten/netbox/netbox/configuration.py.j2 b/resources/chaosknoten/netbox/netbox/configuration.py.j2
index 789a539..7648e7e 100644
--- a/resources/chaosknoten/netbox/netbox/configuration.py.j2
+++ b/resources/chaosknoten/netbox/netbox/configuration.py.j2
@@ -3,7 +3,7 @@ DATABASE = {
"HOST": "localhost",
"NAME": "netbox",
"USER": "netbox",
- "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}",
+ "PASSWORD": "{{ netbox__db_password }}",
}
REDIS = {
"tasks": {
@@ -23,7 +23,7 @@ REDIS = {
"SSL": False,
},
}
-SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SECRET_KEY', create=false, missing='error') }}"
+SECRET_KEY = "{{ secret__netbox_secret_key }}"
SESSION_COOKIE_SECURE = True
# CCCHH ID (Keycloak) integration.
@@ -38,7 +38,7 @@ SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = (
)
SOCIAL_AUTH_KEYCLOAK_KEY = "netbox"
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB"
-SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}"
+SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ secret__netbox_social_auth_keycloak_secret }}"
# Use custom OIDC group and role mapping pipeline functions added in via
# netbox__custom_pipeline_oidc_group_and_role_mapping.
# The default pipeline this is based on can be found here:
diff --git a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2
new file mode 100644
index 0000000..625e02f
--- /dev/null
+++ b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2
@@ -0,0 +1,24 @@
+---
+services:
+ ntfy:
+ image: binwiederhier/ntfy
+ container_name: ntfy
+ command:
+ - serve
+ volumes:
+ - ntfy_cache:/var/cache/ntfy
+ - ntfy_var:/var/lib/ntfy
+ - ./configs/server.yml:/etc/ntfy/server.yml
+ ports:
+ - 2586:2586
+ - 9586:9586
+ healthcheck: # optional: remember to adapt the host:port to your environment
+ test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:2586/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
+ interval: 60s
+ timeout: 10s
+ retries: 3
+ start_period: 40s
+ restart: unless-stopped
+volumes:
+ ntfy_cache: {}
+ ntfy_var: {}
diff --git a/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2
new file mode 100644
index 0000000..0a28f4f
--- /dev/null
+++ b/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2
@@ -0,0 +1,21 @@
+base-url: "https://ntfy.hamburg.ccc.de"
+default-host: "https://ntfy.hamburg.ccc.de"
+listen-http: ":2586"
+behind-proxy: true
+cache-file: "/var/cache/ntfy/cache.db"
+log-format: json
+
+enable-metrics: true
+metrics-listen-http: ":9586"
+
+auth-default-access: "deny-all"
+auth-file: "/var/lib/ntfy/user.db"
+
+attachment-cache-dir: "/var/cache/ntfy/attachments"
+
+web-push-public-key: "BCx7PqDiVNlOiAHHfSxjbTle_LN4hetwHYi58GJhQxiY33AQ663IaJVro7B28j-1KOqwdzKco3dMMwzBJl9OQ90"
+web-push-private-key: {{ secret__ntfy_web_push_private_key }}
+web-push-file: "/var/cache/ntfy/webpush.db"
+web-push-email-address: "mailto:noc@lists.hamburg.ccc.de"
+
+upstream-base-url: "https://ntfy.sh"
diff --git a/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf b/resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf
similarity index 60%
rename from resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf
rename to resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf
index 6c9d458..e7d404d 100644
--- a/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf
+++ b/resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf
@@ -2,7 +2,8 @@
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
# Listen on a custom port for the proxy protocol.
- listen 8443 ssl http2 proxy_protocol;
+ listen 8443 ssl proxy_protocol;
+ http2 on;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
@@ -12,12 +13,12 @@ server {
# header.
real_ip_header proxy_protocol;
- server_name netbox.eh22.easterhegg.eu;
+ server_name ntfy.hamburg.ccc.de;
- ssl_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/ntfy.hamburg.ccc.de/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
- ssl_trusted_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/chain.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
@@ -29,20 +30,18 @@ server {
proxy_set_header X-Forwarded-Port 443;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
- # Hide the X-Forwarded header.
- proxy_hide_header X-Forwarded;
- # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
- # is transparent).
- # Also provide "_hidden" for by, since it's not relevant.
- proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
-
- client_max_body_size 25m;
-
- location /static/ {
- alias /opt/netbox/netbox/static/;
- }
location / {
- proxy_pass http://127.0.0.1:8001;
+ proxy_pass http://127.0.0.1:2586;
+ proxy_http_version 1.1;
+
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_connect_timeout 3m;
+ proxy_send_timeout 3m;
+ proxy_read_timeout 3m;
+
+ client_max_body_size 0; # Stream request body to backend
}
}
diff --git a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
index 91c26a3..85ce7d2 100644
--- a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
@@ -14,4 +14,4 @@ services:
ports:
- "8080:80"
environment:
- JWT_SECRET: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/onlyoffice/JWT_SECRET", create=false, missing="error") }}
+ JWT_SECRET: {{ secret__onlyoffice_jwt_secret }}
diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
index 537cda0..ca29f1b 100644
--- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
@@ -6,7 +6,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=hedgedoc"
- - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
+ - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
- "POSTGRES_DB=hedgedoc"
volumes:
- database:/var/lib/postgresql/data
@@ -16,7 +16,7 @@ services:
#image: quay.io/hedgedoc/hedgedoc:1.9.9
image: quay.io/hedgedoc/hedgedoc:latest
environment:
- - "CMD_DB_URL=postgres://hedgedoc:{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}@database:5432/hedgedoc"
+ - "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc"
- "CMD_DOMAIN=pad.hamburg.ccc.de"
- "CMD_PROTOCOL_USESSL=true"
- "CMD_HSTS_ENABLE=false"
@@ -35,7 +35,7 @@ services:
- "CMD_OAUTH2_TOKEN_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
- "CMD_OAUTH2_AUTHORIZATION_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
- "CMD_OAUTH2_CLIENT_ID=pad"
- - "CMD_OAUTH2_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/KC_SECRET", create=false, missing="error") }}"
+ - "CMD_OAUTH2_CLIENT_SECRET={{ secret__hedgedoc_kc_secret }}"
- "CMD_OAUTH2_PROVIDERNAME=Keycloak"
- "CMD_OAUTH2_SCOPE=openid email profile"
volumes:
@@ -53,11 +53,11 @@ services:
environment:
- "POSTGRES_HOSTNAME=database"
- "POSTGRES_USERNAME=hedgedoc"
- - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
+ - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
- "SMTP_FROM=pad@hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=pad@hamburg.ccc.de"
- - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/smtp_password", create=false, missing="error") }}"
+ - "SMTP_PASSWORD={{ secret__pad_smtp_password }}"
- "URL=https://pad.hamburg.ccc.de"
depends_on:
- database
diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
index b210098..1eca33b 100644
--- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
@@ -6,7 +6,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=pretalx"
- - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
+ - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"
- "POSTGRES_DB=pretalx"
volumes:
- database:/var/lib/postgresql/data
@@ -53,13 +53,14 @@ services:
restart: unless-stopped
environment:
PRETALX_DATA_DIR: /data
+ PRETALX_FILE_UPLOAD_LIMIT: 1000 # MB
PRETALX_FILESYSTEM_MEDIA: /public/media
PRETALX_FILESYSTEM_STATIC: /public/static
PRETALX_SITE_URL: https://pretalx.hamburg.ccc.de
PRETALX_DB_TYPE: postgresql
PRETALX_DB_NAME: pretalx
PRETALX_DB_USER: pretalx
- PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
+ PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}"
PRETALX_DB_HOST: database
PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
PRETALX_MAIL_HOST: "cow-intern.hamburg.ccc.de"
@@ -89,13 +90,13 @@ services:
PRETALX_DB_TYPE: postgresql
PRETALX_DB_NAME: pretalx
PRETALX_DB_USER: pretalx
- PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
+ PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}"
PRETALX_DB_HOST: database
PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
PRETALX_MAIL_HOST: "cow.hamburg.ccc.de"
PRETALX_MAIL_PORT: 587
PRETALX_MAIL_USER: pretalx@hamburg.ccc.de
- PRETALX_MAIL_PASSWORD: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/PRETALX_MAIL_PASSWORD", create=false, missing="error") }}"
+ PRETALX_MAIL_PASSWORD: "{{ secret__pretalx_mail_password }}"
PRETALX_MAIL_TLS: "true"
PRETALX_CELERY_BACKEND: redis://redis/1
PRETALX_CELERY_BROKER: redis://redis/2
diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
index 4e0e8e3..e37ae7a 100644
--- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
+++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
@@ -70,8 +70,11 @@ map $host $upstream_acme_challenge_host {
design.hamburg.ccc.de 172.31.17.162:31820;
hydra.hamburg.ccc.de 172.31.17.163:31820;
cfp.eh22.easterhegg.eu 172.31.17.157:31820;
- hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820;
- netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:31820;
+ ntfy.hamburg.ccc.de 172.31.17.149:31820;
+ cryptoparty-hamburg.de 172.31.17.151:31820;
+ cryptoparty.hamburg.ccc.de 172.31.17.151:31820;
+ staging.cryptoparty-hamburg.de 172.31.17.151:31820;
+ staging.cryptoparty.hamburg.ccc.de 172.31.17.151:31820;
default "";
}
diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
index 4a7f84c..4fcc86b 100644
--- a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
+++ b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
@@ -88,8 +88,11 @@ stream {
design.hamburg.ccc.de 172.31.17.162:8443;
hydra.hamburg.ccc.de 172.31.17.163:8443;
cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443;
- hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443;
- netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:8443;
+ ntfy.hamburg.ccc.de 172.31.17.149:8443;
+ cryptoparty-hamburg.de 172.31.17.151:8443;
+ cryptoparty.hamburg.ccc.de 172.31.17.151:8443;
+ staging.cryptoparty-hamburg.de 172.31.17.151:8443;
+ staging.cryptoparty.hamburg.ccc.de 172.31.17.151:8443;
}
server {
diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
index 1f9d99d..d00a454 100644
--- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
@@ -4,7 +4,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=pretix"
- - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}"
+ - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"
- "POSTGRES_DB=pretix"
volumes:
- database:/var/lib/postgresql/data
diff --git a/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2 b/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
index 3f4af83..f1c119f 100644
--- a/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
+++ b/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
@@ -10,7 +10,7 @@ trust_x_forwarded_proto=on
backend=postgresql
name=pretix
user=pretix
-password={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}
+password={{ secret__pretix_db_password }}
host=database
[mail]
diff --git a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
index 8d345de..b2e8f4d 100644
--- a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
@@ -11,7 +11,7 @@ see https://github.com/zammad/zammad-docker-compose/blob/master/.env
{%- set POSTGRES_DB = "zammad_production" | quote -%}
{%- set POSTGRES_HOST = "zammad-postgresql" | quote -%}
{%- set POSTGRES_USER = "zammad" | quote -%}
-{%- set POSTGRES_PASS = lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/zammad/DB_PASSWORD", create=false, missing="error") | quote -%}
+{%- set POSTGRES_PASS = secret__zammad_db_password | quote -%}
{%- set POSTGRES_PORT = "5432" | quote -%}
{%- set POSTGRES_VERSION = "15-alpine" | quote -%}
{%- set REDIS_URL = "redis://zammad-redis:6379" | quote -%}
diff --git a/resources/z9/dooris/docker_compose/compose.yaml.j2 b/resources/z9/dooris/docker_compose/compose.yaml.j2
new file mode 100644
index 0000000..38db85a
--- /dev/null
+++ b/resources/z9/dooris/docker_compose/compose.yaml.j2
@@ -0,0 +1,22 @@
+---
+
+services:
+ dooris:
+ image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest
+ environment:
+ HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56 172.31.200.0/23 172.31.202.0/27"
+ HMDOORIS_CCUJACK_CERTIFICATE_PATH: false
+ HMDOORIS_CCUJACK_PASSWORD: "{{ secret__dooris_ccujack_password }}"
+ HMDOORIS_CCUJACK_URL: https://hmdooris-ccu.ccchh.net:2122
+ HMDOORIS_CCUJACK_USERNAME: dooris
+ HMDOORIS_CLIENT_ID: dooris
+ HMDOORIS_CLIENT_SECRET: "{{ secret__dooris_client_secret }}"
+ HMDOORIS_DISCOVERY_URL: https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration
+ HMDOORIS_LISTEN: '0.0.0.0:3000'
+ HMDOORIS_REQUIRES_GROUP: /intern
+ HMDOORIS_URL: https://dooris.ccchh.net
+ PYTHONWARNINGS: "ignore:Unverified HTTPS request"
+ #DEBUG: true
+ ports:
+ - "127.0.0.1:3000:3000"
+ restart: unless-stopped
diff --git a/resources/z9/dooris/nginx/dooris.ccchh.net.conf b/resources/z9/dooris/nginx/dooris.ccchh.net.conf
new file mode 100644
index 0000000..c1ca082
--- /dev/null
+++ b/resources/z9/dooris/nginx/dooris.ccchh.net.conf
@@ -0,0 +1,37 @@
+# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
+server {
+ listen [::]:443 ssl http2;
+ listen 443 ssl http2;
+
+ server_name dooris.ccchh.net;
+
+ ssl_certificate /etc/letsencrypt/live/dooris.ccchh.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/dooris.ccchh.net/privkey.pem;
+ # verify chain of trust of OCSP response using Root CA and Intermediate certs
+ ssl_trusted_certificate /etc/letsencrypt/live/dooris.ccchh.net/chain.pem;
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Port 443;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+ # Hide the X-Forwarded header.
+ proxy_hide_header X-Forwarded;
+ # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
+ # is transparent).
+ # Also provide "_hidden" for by, since it's not relevant.
+ proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ location / {
+ proxy_pass http://127.0.0.1:3000/;
+ }
+}
diff --git a/resources/z9/waybackproxy/docker_compose/compose.yaml.j2 b/resources/z9/waybackproxy/docker_compose/compose.yaml.j2
new file mode 100644
index 0000000..b6752fa
--- /dev/null
+++ b/resources/z9/waybackproxy/docker_compose/compose.yaml.j2
@@ -0,0 +1,10 @@
+services:
+ # https://github.com/richardg867/WaybackProxy
+ waybackproxy:
+ image: cttynul/waybackproxy:latest
+ environment:
+ DATE: 19990101
+ DATE_TOLERANCE: 730
+ ports:
+ - "1999:8888"
+ restart: unless-stopped
diff --git a/resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf b/resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf
new file mode 100644
index 0000000..7c616c7
--- /dev/null
+++ b/resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf
@@ -0,0 +1,5 @@
+# TODO: set up caching proxy
+
+# server {
+# listen 1999
+# }
diff --git a/resources/z9/yate/docker_compose/README.md b/resources/z9/yate/docker_compose/README.md
new file mode 100644
index 0000000..1977f4f
--- /dev/null
+++ b/resources/z9/yate/docker_compose/README.md
@@ -0,0 +1,12 @@
+# Yate Configuration
+
+Yate has a [beginners guide](https://docs.yate.ro/wiki/Beginners_in_Yate). Otherwise, you need to refer to the [sample config files](https://github.com/eventphone/yate/tree/master/conf.d).
+
+For our limited setup, we only need three files:
+* accfile.conf for defining SIP registrars that we want to register with (EPVPN, Fonial, and the Fux door intercom system)
+* regexroute.conf for the call routing rules
+* regfile.conf for the phones that connect to yate.ccchh.net
+
+## Docker Compose Setup
+
+yate runs as a container wiht host networking. The image is build through https://git.hamburg.ccc.de/CCCHH/yate-image, it is using the Eventphone fork of yate.
\ No newline at end of file
diff --git a/resources/z9/yate/docker_compose/accfile.conf.j2 b/resources/z9/yate/docker_compose/accfile.conf.j2
new file mode 100644
index 0000000..4ce65e3
--- /dev/null
+++ b/resources/z9/yate/docker_compose/accfile.conf.j2
@@ -0,0 +1,35 @@
+; Yate will register to these SIP services
+; see https://github.com/eventphone/yate/blob/master/conf.d/accfile.conf.sample
+
+[epvpn_ccchh]
+enabled=yes
+protocol=sip
+description=Eventphone EPVPN CCCHH
+username=1008
+authname=1008
+password={{ secret__yate__sip_trunk_epvpn }}
+interval=120
+registrar=hg.eventphone.de
+keepalive=1
+
+[fonial_ccchh]
+enabled=yes
+protocol=sip
+description=Fonial CCCHH
+username=fo370381tr317349_00
+authname=fo370381tr317349_00
+password={{ secret__yate__sip_trunk_fonial }}
+interval=120
+registrar=sip.plusnet.de
+keepalive=1
+
+[fux_intercom]
+enabled=yes
+protocol=sip
+description=Fux Intercom CCCHH doorbell
+username=1337
+authname=1337
+password={{ secret__yate__sip_trunk_fux }}
+interval=120
+registrar=172.16.210.2
+keepalive=1
diff --git a/resources/z9/yate/docker_compose/compose.yaml.j2 b/resources/z9/yate/docker_compose/compose.yaml.j2
new file mode 100644
index 0000000..e3d6614
--- /dev/null
+++ b/resources/z9/yate/docker_compose/compose.yaml.j2
@@ -0,0 +1,20 @@
+---
+
+services:
+ yate:
+ image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest
+ # command:
+ # - sh
+ # - "-c"
+ # - "while :; do sleep 10; done"
+ environment:
+ DEBUG: true
+ network_mode: host
+ # ports:
+ # - "127.0.0.1:3000:3000"
+ restart: unless-stopped
+ volumes:
+ - ./configs/accfile.conf:/opt/yate/etc/yate/accfile.conf
+ - ./configs/regexroute.conf:/opt/yate/etc/yate/regexroute.conf
+ - ./configs/regfile.conf:/opt/yate/etc/yate/regfile.conf
+ - ./lib-yate:/var/lib/yate
\ No newline at end of file
diff --git a/resources/z9/yate/docker_compose/regexroute.conf.j2 b/resources/z9/yate/docker_compose/regexroute.conf.j2
new file mode 100644
index 0000000..aeecf6b
--- /dev/null
+++ b/resources/z9/yate/docker_compose/regexroute.conf.j2
@@ -0,0 +1,100 @@
+; Call routing
+; see https://github.com/eventphone/yate/blob/master/conf.d/regexroute.conf.sample
+
+[priorities]
+; route: int: Priority of the routing message handler
+route=90
+
+[contexts]
+ ; INBOUND CALLS:
+${called}^1337$=inbound_fux
+${called}^1008$=inbound_epvpn
+${called}^04023830150$=inbound_fonial
+${called}^fo370381tr317349_00$=inbound_fonial
+;${called}.*=inbound
+
+;^[0-9]\{4\}$=inbound ; Calls from 4 digit numbers: EPVPN
+;^+\?[0-9]\{5,\}$=inbound ; Calls from longer numbers, optionally starting with +
+;^*\{1,2\}[0-9]\{1,3\}$=inbound ; Internal fritzbox calls
+
+ ; OUTBOUND CALLS:
+^[0-9]\{3\}=outbound
+^[a-z0-9]\{4,\}=outbound ; calls from internal users
+
+^.*$=fallback ; Whatever calls managed to not be handled yet
+
+[default] ; unused
+^.*$=echo [default]"\0"
+
+[test] ; unused
+^.*$=echo [test] "\0"
+^99991001$=tone/dial
+^99991002$=tone/busy
+^99991003$=tone/ring
+^99991004$=tone/specdial
+^99991005$=tone/congestion
+^99991006$=tone/outoforder
+^99991007$=tone/milliwatt
+^99991008$=tone/info
+
+; DEBUG HELPER
+; ^.*$=echo match \0 adr ${address} src ${callsource} form ${formats} id ${id} peer ${peerid} type ${type} user ${username} caller ${caller} called ${called}
+
+^[0-9]\{1,2\}$=return;called=\0
+
+
+[outbound] ; Calls from internal users
+^.*$=echo [outbound] "\0" ${caller}->${called} ; log for debug
+^[0-9]\{3\}$=jump internal
+^[0-9]\{1,2\}$=jump z9 ; To internal -> z9
+^.*$=echo [outbound] "\0" ${caller}->${called} ; log for debug
+^.*$=line/\0;line=epvpn_ccchh ; Route everything (.*) to the specified accfile line
+
+[inbound_epvpn]
+^.*$=echo [inbound_epvpn] ${caller}->${called}
+^.*$=return;callername=EPVPN ${caller};called=0 ; TODO which extension do we want to route to?
+
+[inbound_fux]
+^.*$=echo [inbound_fux] ${caller}->${called}
+^.*$=return;callername=Door ${caller};called=0 ; TODO which extension do we want to route to?
+
+[inbound_fonial]
+^.*$=echo [inbound_fonial] ${caller}->${called}
+^.*$=return;callername=Fonial ${caller};called=0 ; TODO which extension do we want to route to?
+
+[inbound] ; Calls from EPVPN or outside world
+^.*$=echo [inbound] "\0" ${caller}->${called} user:${user} callername:${callername} callsource:${callsource} ; log
+^.*$=return;callername=EXTERN ${caller};called=0 ; set call recipient to 0 (shared alias between
+ ; all clients in regfile.conf
+
+[internal]
+^.*$=echo [internal] "\0" ${caller}->${called}
+^110$=line/110;line=fonial_ccchh
+^112$=line/112;line=fonial_ccchh
+^115$=line/040115;line=fonial_ccchh
+^911$=line/112;line=fonial_ccchh
+^999$=line/112;line=fonial_ccchh
+; ^119$=line/01753288861;line=fonial_ccchh ; testing only stb cell number
+^.*$=return;called=\0
+
+[z9] ; Internal calls
+^.*$=echo [z9] "\0" ${caller}->${called} ; log
+
+ ; test service numbers
+^91$=sip/sip:ha@10.31.208.10:5060; called=ha;format=opus ; Homeassistant
+^98$=external/playrec/echo.sh ; Echotest
+^99$=external/play/tts.sh;mode=text;text=Hallo Hallo Hallo ; TTS test
+
+^.*$=return;called=\0 ; Any remaining internal calls to all
+ ; Context: Calls to regfile.conf aliases are always
+ ; handled directly and should never get here
+
+
+[special]
+^.*$=echo [special] "\0"
+^.*$=tone/info
+
+[fallback]
+^.*$=echo [fallback] \0 adr ${address} src ${callsource} form ${formats} id ${id} peer ${peerid} type ${type} user ${username} caller ${caller} called ${called}
+^*\{1,2\}[0-9]\{1,3\}$=jump outbound
+^.*$=tone/busy
diff --git a/resources/z9/yate/docker_compose/regfile.conf.j2 b/resources/z9/yate/docker_compose/regfile.conf.j2
new file mode 100644
index 0000000..95cf70d
--- /dev/null
+++ b/resources/z9/yate/docker_compose/regfile.conf.j2
@@ -0,0 +1,37 @@
+; YATE offers registration to these SIP devices (ie. phones)
+; see https://github.com/eventphone/yate/blob/master/conf.d/regfile.conf.sample
+
+route=100
+file=/var/lib/yate/regfile.swap
+
+[501]
+password={{ secret__yate__sip_extension_legacy }}
+alternatives=0,1008,1337
+callername=Legacy
+# Yealink im großen Raum am Fenster
+
+[502]
+password={{ secret__yate__sip_extension_flausch}}
+alternatives=0,1008,1337
+callername=Flausch
+# Yealink im großen Raum am Sofa
+
+[503]
+password={{ secret__yate__sip_extension_ewerkstatt }}
+alternatives=0,1008,1337
+callername=E-Werkstatt
+# Yealink in der E-Werkstatt
+
+[610]
+password={{ secret__yate__sip_extension_fritzbox_dect1 }}
+alternatives=0,1008,1337
+callername=DECT-1
+
+[611]
+password={{ secret__yate__sip_extension_fritzbox_dect2 }}
+alternatives=0,1008,1337
+callername=DECT-2
+
+[100]
+password=test100
+callername=stb 100
diff --git a/roles/deploy_ssh_server_config/handlers/main.yaml b/roles/deploy_ssh_server_config/handlers/main.yaml
index 001bbe4..721a348 100644
--- a/roles/deploy_ssh_server_config/handlers/main.yaml
+++ b/roles/deploy_ssh_server_config/handlers/main.yaml
@@ -1,3 +1,5 @@
-- name: reboot the system
+- name: restart the ssh service
+ ansible.builtin.systemd:
+ name: ssh.service
+ state: restarted
become: true
- ansible.builtin.reboot:
diff --git a/roles/deploy_ssh_server_config/tasks/main.yaml b/roles/deploy_ssh_server_config/tasks/main.yaml
index f5d00f5..4350790 100644
--- a/roles/deploy_ssh_server_config/tasks/main.yaml
+++ b/roles/deploy_ssh_server_config/tasks/main.yaml
@@ -12,8 +12,7 @@
group: root
src: sshd_config.j2
notify:
- # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
- - reboot the system
+ - restart the ssh service
- name: deactivate short moduli
ansible.builtin.shell:
@@ -32,5 +31,4 @@
changed_when:
- '"ansible-changed" in result.stdout'
notify:
- # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
- - reboot the system
+ - restart the ssh service
diff --git a/roles/docker_compose/defaults/main.yaml b/roles/docker_compose/defaults/main.yaml
index 76831d6..7c083ba 100644
--- a/roles/docker_compose/defaults/main.yaml
+++ b/roles/docker_compose/defaults/main.yaml
@@ -1 +1,2 @@
docker_compose__configuration_files: [ ]
+docker_compose__restart_cmd: ""
\ No newline at end of file
diff --git a/roles/docker_compose/handlers/main.yaml b/roles/docker_compose/handlers/main.yaml
index 96c5ab3..f974335 100644
--- a/roles/docker_compose/handlers/main.yaml
+++ b/roles/docker_compose/handlers/main.yaml
@@ -4,3 +4,9 @@
chdir: /ansible_docker_compose
become: true
changed_when: true # This is always changed.
+- name: docker compose reload script
+ ansible.builtin.command:
+ cmd: /usr/bin/docker compose {{ docker_compose__restart_cmd }}
+ chdir: /ansible_docker_compose
+ become: true
+ when: docker_compose__restart_cmd != ""
diff --git a/roles/docker_compose/tasks/main.yaml b/roles/docker_compose/tasks/main.yaml
index d11d826..af7f717 100644
--- a/roles/docker_compose/tasks/main.yaml
+++ b/roles/docker_compose/tasks/main.yaml
@@ -60,6 +60,7 @@
become: true
loop: "{{ docker_compose__configuration_files }}"
# notify: docker compose down
+ notify: docker compose reload script
- name: Flush handlers to make "docker compose down" handler run now
ansible.builtin.meta: flush_handlers
diff --git a/roles/nginx/defaults/main.yaml b/roles/nginx/defaults/main.yaml
index e4d4fb0..2e56dac 100644
--- a/roles/nginx/defaults/main.yaml
+++ b/roles/nginx/defaults/main.yaml
@@ -4,3 +4,5 @@ nginx__deploy_logging_conf: true
nginx__configurations: [ ]
nginx__use_custom_nginx_conf: false
nginx__custom_nginx_conf: ""
+nginx__deploy_htpasswds: false
+nginx__htpasswds: [ ]
diff --git a/roles/nginx/meta/argument_specs.yaml b/roles/nginx/meta/argument_specs.yaml
index 866cb81..f2cb1d7 100644
--- a/roles/nginx/meta/argument_specs.yaml
+++ b/roles/nginx/meta/argument_specs.yaml
@@ -34,3 +34,19 @@ argument_specs:
type: str
required: false
default: ""
+ nginx__deploy_htpasswds:
+ type: bool
+ required: false
+ default: false
+ nginx__htpasswds:
+ type: list
+ elements: dict
+ required: false
+ default: [ ]
+ options:
+ name:
+ type: str
+ required: true
+ content:
+ type: str
+ required: true
diff --git a/roles/nginx/tasks/main/04_config_deploy.yaml b/roles/nginx/tasks/main/04_config_deploy.yaml
index 38dbfc1..7dba579 100644
--- a/roles/nginx/tasks/main/04_config_deploy.yaml
+++ b/roles/nginx/tasks/main/04_config_deploy.yaml
@@ -131,6 +131,20 @@
label: "{{ item.name }}"
notify: Restart nginx
+- name: Ensure all given htpasswd files are deployed
+ when: nginx__deploy_htpasswds
+ ansible.builtin.copy:
+ content: "{{ item.content }}"
+ dest: "/etc/nginx/{{ item.name }}.htpasswd"
+ mode: "0644"
+ owner: root
+ group: root
+ become: true
+ loop: "{{ nginx__htpasswds }}"
+ loop_control:
+ label: "{{ item.name }}"
+ notify: Restart nginx
+
- name: Add names with suffixes from `nginx__configurations` to `nginx__config_files_to_exist` fact
ansible.builtin.set_fact:
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ item.name + '.conf' ] }}" # noqa: jinja[spacing]