CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests Wiki Activity Actions

Compare commits

base: CCCHH:main
Branches Tags
CCCHH:main
CCCHH:ansible_pull_notify
CCCHH:feature/add-new-router
CCCHH:router-killing-turing
CCCHH:fux-alerts
CCCHH:move_to_sops
..
compare: CCCHH:router-killing-turing
Branches Tags
CCCHH:ansible_pull_notify
CCCHH:main
CCCHH:feature/add-new-router
CCCHH:router-killing-turing
CCCHH:fux-alerts
CCCHH:move_to_sops

6 commits
main ... router-kil

Author SHA1 Message Date
June
23548107d5
 		router killing turing
Some checks failed
/ Ansible Lint (push) Failing after 46s
Details
2025-09-21 02:16:51 +02:00
June
e3c12b18e8
 		router(host): add nftables config for basic router functionality
Some checks failed
/ Ansible Lint (push) Failing after 50s
Details
2025-09-20 23:34:17 +02:00
June
c8fa55fafd
 		nftables(role): introduce role for deploying nftables 2025-09-20 21:38:39 +02:00
June
217b44c3fa
 		router(host): add systemd-networkd-based network config
Some checks failed
/ Ansible Lint (push) Failing after 48s
Details
2025-09-20 20:06:03 +02:00
June
ed8670f7da
 		systemd_networkd(role): introd. role for deploy. systemd-networkd config 2025-09-20 20:06:03 +02:00
jtbx
987327863a
 		router(host): introduce router 2025-09-20 20:05:47 +02:00
128 changed files with 675 additions and 4840 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.ansible-lint
View file

@ -4,4 +4,3 @@ skip_list:
exclude_paths:
- .forgejo/
- "**/*.sops.yaml"

1
.gitignore vendored
View file

@ -1 +0,0 @@
.ansible/

88
.sops.yaml
View file

@ -1,88 +0,0 @@
keys:
admins:
gpg: &admin_gpg_keys
- &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70
- &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505
- &admin_gpg_june 057870A2C72CD82566A3EC983695F4FCBCAE4912
- &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB
- &admin_gpg_lilly D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- &admin_gpg_langoor 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
hosts:
chaosknoten:
age: &host_chaosknoten_age_keys
- &host_netbox_ansible_pull_age_key age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3
creation_rules:
# group vars
- path_regex: inventories/chaosknoten/group_vars/all.*
key_groups:
- pgp:
*admin_gpg_keys
age:
*host_chaosknoten_age_keys
# host vars
- path_regex: inventories/chaosknoten/host_vars/cloud.*
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: inventories/chaosknoten/host_vars/keycloak.*
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: inventories/chaosknoten/host_vars/grafana.*
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: inventories/chaosknoten/host_vars/pad.*
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: inventories/chaosknoten/host_vars/ccchoir.*
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: inventories/chaosknoten/host_vars/pretalx.*
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: inventories/chaosknoten/host_vars/netbox.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_netbox_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/tickets.*
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: inventories/chaosknoten/host_vars/onlyoffice.*
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: inventories/chaosknoten/host_vars/zammad.*
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: inventories/chaosknoten/host_vars/ntfy.*
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: inventories/z9/host_vars/dooris.*
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: inventories/z9/host_vars/yate.*
key_groups:
- pgp:
*admin_gpg_keys
# general
- key_groups:
- pgp:
*admin_gpg_keys
stores:
yaml:
indent: 2

11
README.md
View file

@ -17,15 +17,10 @@ ansible-galaxy install -r requirements.yml
## Secrets
Generally try to avoid secrets (e.g. use SSH keys instead of passwords).
Grundsätzlich sollten Secrets vermieden werden. (Also z.B.: Nutze SSH Keys statt Passwort.)
Because secrets are nonetheless needed sometimes, we use [SOPS](https://github.com/getsops/sops) to securely store secrets in this repository.
SOPS encrypts secrets according to "creation rules" which are defined in the `.sops.yaml`.
Generally all secrets get encrypted for all GPG-keys of all members of the infrastructure team.
Ansible then has access to the secrets with the help of the [`community.sops.sops` vars plugin](https://docs.ansible.com/ansible/latest/collections/community/sops/docsite/guide.html#working-with-encrypted-variables), which is configured in this repository.
A local Ansible run then uses the locally available GPG-key to decrypt the secrets.
For a tutorial on how to set up secrets using SOPS for a new host, see [Setting Up Secrets Using SOPS for a New Host](./docs/setting_up_secrets_using_sops_for_a_new_host.md).
Da Secrets aber durchaus doch gebraucht werden, werden diese dann in diesem Repo direkt aus dem [password-store](https://git.hamburg.ccc.de/CCCHH/password-store) (meist aus einem Sub-Eintrag des `noc/` Ordners) geladen.
Dies geschieht mit Hilfe des `community.general.passwordstore` lookup Plugins.
## Playbook nur für einzelne Hosts ausführen

4
ansible.cfg
View file

@ -1,4 +1,6 @@
[defaults]
inventory = ./inventories/z9/hosts.yaml
pipelining = True
vars_plugins_enabled = host_group_vars,community.sops.sops
[passwordstore_lookup]
backend = pass

1
collections/requirements.yaml
View file

@ -1,4 +1,3 @@
---
collections:
- community.general
- grafana.grafana.alloy

20
docs/setting_up_secrets_using_sops_for_a_new_host.md
View file

@ -1,20 +0,0 @@
# Setting Up Secrets Using SOPS for a New Host
Because we're using the `community.sops.sops` vars plugin, the SOPS-encrypted secrets get stored in the inventory.
1. Add a new creation rule for the hosts `host_vars` file in the sops config at `.sops.yaml`.
It should probably hold all admin keys.
You can use existing creation rules as a reference.
2. Create a SOPS secrets file in the `host_vars` subdirectory of the relevant inventory.
The name of the file should be in the format `[HOSTNAME].sops.yaml` to get picked up by the vars plugin and to match the previously created creation rule.
This can be accomplished with a command similar to this:
```
sops inventories/[chaosknoten|z9]/host_vars/[HOSTNAME].secrets.yaml
```
3. With the editor now open, add the secrets you want to store.
Because we're using the `community.sops.sops` vars plugin, the stored secrets will be exposed as Ansible variables.
Also note that SOPS only encrypts the values, not the keys.
When now creating entries, try to adhere to the following variable naming convention:
- Prefix variable names with `secret__`, if they are intended to be used in a template file or similar. (e.g. `secret__netbox_secret_key: secret_value`)
- Otherwise, if the variable is directly consumed by a role or similar, directly set the variable. (e.g. `netbox__db_password: secret_value`)
4. Now that the secrets are stored, they are exposed as variables and can simply be used like any other variable.

210
inventories/chaosknoten/group_vars/all.sops.yaml
View file

@ -1,210 +0,0 @@
msmtp__smtp_password: ENC[AES256_GCM,data:xcBVBTb6mfr5Ubyfga9ibKWKhrfrEEaDWD98vIbX8fl8lQ4YTovg8Ax1HTK4UQ6AkJGHq2A0D5B67KUTlp9eLw==,iv:TOp1G1LktRPj/KMCRU5CXBUsgKOqGssUvvk5oY0QnPM=,tag:SVBdDQy+fM0xeEToappP+A==,type:str]
sops:
age:
- recipient: age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsemRxOVROLytjZ0NJazJB
UnRWTmNvb0JxUnhWMGJTOTl2ZVpyYmxZbUdVCnorcTgyY1pNVzNnVWYwNkFITEZl
RmxrZUN4V1BRenBISDVBZ0hVelVqU0kKLS0tIDQ4QlFMajNXQzRDVWd2Skl6QkdK
dEZGZ21qR2ZWT21OYi8rR0svaWJkU2sKND8yz4CSMVjWtGHymzD26Nxlk6leEkCD
XYpGJSyvhaw6Y/oExjzuXYMDXCr/EQFpM8wpU00YA62rZ34FBsyoUA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-13T23:45:06Z"
mac: ENC[AES256_GCM,data:QxH4lnNyCAAEJhzbgCrq7QeLs+OAtYgwQP4oFm93NE4Fbz7/Hz2dvL/2SopOdW7nYVeb1scuG1ra+yvgzuQDhg4lcgt9eBJoBiynM3qiHBs+FtcSJoKs16I/ACAadQwClALb4E0xxwKFJI8ewMZu5BAxi5EhYbgNfnKCIbhvgWo=,iv:LRa2vX0HUBugeEAVeOqXbPsMQrfrCpyzGUGjK6+VaQc=,tag:/sfhJM8V1IYBh94ZS/TDxQ==,type:str]
pgp:
- created_at: "2025-10-13T23:43:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtAQ/9Hx48AvlY9g+JVcwqC399JS62WOMmswvmqJIStHCVCEJN
DPAkbabJ6MC9GiN2A65+VNQJ+X9sjbjKt1kjOEujS5xbA4yX2p3GzHBdgQxMEf6p
mZSZtI37N0J8bCkHU9IPbIl7W3l8cKq1f+2ZCvtozveWelZDCvx1TN1HLrRO0a1Z
BINbaSwDs+pQ/3Puu/R9G8Wxti8V5ECXMjB1Olf1Npg1QsyHYOTusketRKbCp1vh
A78U30BUM+asmgg5MaF+9pxuNDnt/kBXf9VjiElU0XOoIoyTZuVSNtJKxcaTim+g
yj0RisLPuH5TRo9ADks600WLwFshLJ8sUA3f1X/jI7gM77MUr3iTLxTdq2bKMXTs
BHo0eiXSi5z5d7FZhWa8nlMDnN6hOiOpXCYG6+5yyt9w2iepAon0U4MBvqfEbe1z
I4q3gYuHyTbTKuwDEQAiULfRQErBHL0jYb9VZmopSyXmdahHJ3weXmVxy6Y2YZat
pzJyRpCA9368stdKQajI5qGhOPKVI94WLVsOfKPJH7YsZTa2sQgpLMU4wzqhkQMm
TzZ0aifl+zB5RCkfdA4vtqnC3t1JuA1Mn05f5OIuGa2v8FIxG4uOtCAOTN7MLesk
bNcxYIwPGukN/OoSyJE6TutAaUOIlsSwWysN8p5elE8jE5Q2f+IMLd0U25JfD3zS
XgE6eJmQB90gSIRG6C2R26UY2onC5LqLDZ9zhOTiorHrzLXvtbYS90XMLtbzX8ft
7zTsME/nRZpnCSZb97nqGsb6tnhnQLnSCwagmVRtJVi3N60TnxAm6ulizbzTLt8=
=d44L
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T23:43:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2ARAAs6qi0w48EL+4D3HVU7XaTpX7CdYTgYiDvUosVTWEcx2c
pRSTkX2Ai1uIGPd3+zTrindOCJNTgdpAK5PAHPT8nzPJUT8o8xAsFTHfS7sphHVo
RGx4CNHafMAXn734Rzzl6n+tAoW5Bw1Su19+dmeme0o6qrWU4JB9ZWIaZrtqPRP4
QDWSO7yGLQ0IHyK81x3nCHS5J6VNUyKn7zEn7Ezw8m+G51MK46oymS+c7B5n2bLN
MmmC5GKnmGE3AOnyRN+1O60ZRq8FHN8BM8aADZ+dUx8wPlS2tD2K9I6V/0gOSINH
Yq0FIeh4Fbd3NS2PNZTgLjjiU+OSi4/q3uLTOBOAroPwhZ83I0UhlMfotE6/z++y
mBo+SL2jBnG53J3iFqeXUfHOpEkrItviFyJp2MR+l6+hM9fzzIp+N1+2HB9oUuAA
8Sa9NeY6htVGH/W1T90LK3kwZNTt7REdbaYAgzBrqLemrGLAQSdOotnaohoCXgst
uf2v7y+8351tPZ2o8cCv7LsuTARGhJWW4Fw2MVfM/hvYq6rBdelfv3GS3hLI5vyW
f5BWWODgE/+DmT8+Flrg09JEvJJfMtPaNG82WLkPmFCNkZPgup5yyOp7sVHmRhZ1
Yw6azYPiViDlAPItAUaLMHpcU0CIa0zIZ4ND8wk5IopFiXek330imyhB4qVqOv/S
XgHcOQmSGWwvTrxs8/JEwaKlRBYDXVDw6NgO+cIoW7uv8raGHdb7cLZ60FfvtFP3
i8h4hQcaDGoEGsoehOpIjRtOSgyqT96/UN/slauL8eF9Sjh7zrxS8b0McXvDxRk=
=CEM8
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T23:43:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJAQ//fooeHFVDPbuEJ2I8fgbEDpNi+yASN3ERLu3b4SzD1ik0
byKoqHY6E/+vjC79EPQE31qAapigO8oKz2n09+Qtn2H4oxigJvV9lA0SF+b5OAns
UtuJIiGrTR/aLBcS2Vg368S13WYYdRxfF9nt+HEbjxb8JnwV9nkXx9GnuWYzCe/C
4dTZva32GKfLHthAb4FqFRgiDoDMg5rdKE4T7W0dllSJ5cHXnYSo3U0KkaOP6EMA
yx9ztKDZUMskiks2xo9pw6bNC8txseuvwIImw1+ep2DzlrR62XpyMeQkfKWaFkEu
ECJH+FZIsb+STE1GtjCfGGP+Aa2mOIXMmde3BZxZIBk1TY5t6ITs4AvAZKTcb3ZZ
vHupolz3cEOcK0vJdiUfnFLAOkQWMKQu7ReZQXuAFpq5BJUF24UupD24P9VKjUSR
8LkZdD+knQXb5lO6LFybIiLTM+eVBjZ03/RpLF8QRfqKKlRFWawHJ+OJOYHEP9Tu
HZDrhLrgTNyu+R350xlUoduYf8/H6bQ4IyCQdKvjLIvMlDKQ4iADY4Uc9vcqBQKL
LadQ6F2EwaRVEL8+NoRbFeLfAKLCK7N5NzHXK4BX95NhEosXP2194vPRZUkFuE9C
PjceuiG0Ad18X4doCSnRcr4gR8eDoRjar8dNmniVypWeJSwzGbnOc/uD0GPtoC3S
XgGAP3CciOVyXtqwBqZF/jPyE7UI020gSda9qzCD/SZ8BrZwx1hFpqcjfAP3FHme
Tjhv+cQnYKuBdjyLpwVKDfv2fq9lWRKAOBTztJ50Vg65imXFJcjZO4zYzpjBmGM=
=2a4J
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T23:43:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ//X92V3Tr6xeWIeF9QUi8xXzyF/jyvXvkRHnfI7YSUsFpW
0IOiSUVGM5+/kAKTvBfjyTbSTKiYMDgmtEak8Ya3frVAh+oR8IR2p1dKfh4efCP6
UTUv5SGUnFS1otb8+/HSN2dI4s46djwNSVEellyRHoQOqotFGZa0V+4G56cNEyvy
luk/HRoL8nUDy8pPw4Ea4HJ48snKYLHuzwV5rDQffyfp1ORB2ic5yz5Ooi/XyBV4
rGLrQWzftMuha0WpUScgPdXmrRTYgE5ikSClgc5t/MBBo8Kn7bUiK5gug7/DHtgL
XtbsMduE+8Ea8YOiu/MYkXX1K00cI7MO8iJCHoI4AcPMXAANmNw1qDtIeNJjrsIJ
Szj9BoHYulmlKnW2/m+Y5OR/NxrwWoXP2lfTFHbqjkh/SwetybDfOrw91AcT0i/q
aJ82RYadQiUBwICAykr5/lPdtgfj+H9WoMRXD854/DLBhJaDByLGu7QYyJSGdl8U
6RrYQLHlwpzLVApJl708Hu5kLK9hEWNXQnmLTl2KLYIXsrTXamzf+C3KTPpY6d6w
HZ9GzlVCsqGlFdUAWCfuC1/bY4KJOSqORGoMq5Cl1Rg9nO9YlVMPYgfBvdECclT+
mYuidzlKpWbkVp8iFas1M7yP3seMTJbG0+TIe90Anp2LCQGhRn2FnOzqogxT2GjS
XgFHh1DBVxNeNsYdsycTv7DQFilW+cag0aXXIJbB6PG7YLc+A3fi5FlpvA9+5zOA
g4jeKoltkAOLBs/IwUS9Irep/Qks1aEj8glOtznGWIUwHQIJBSo7pTYgSKHQULM=
=5YCl
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T23:43:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdA2C4sNjhrk1FmX46I8/VI5YDqbWJcyUM+mgsbj0jqVjIw
5IIGIzKcXoLQbkDnVi74bGYa37EfpxX3Zo447B+i05iqG6Nn5nvBlUvEt4mtajfZ
0l4BFYglNIp9HDZAEzXEbn8v1xF7+f32AQiWVKtb1VJHTN+TWOtf7QMhha72y7Jc
P3EKJEzADNW/FBXhk911Ezi/vora0CMuAGdj9LUwvjJKgWVc9FgTfs5Q4kp+rkue
=eXCq
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T23:43:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fARAAiG57bEoJewA47OYe2GwraqV7ro2x8lzXAW/XSTDcDzyN
LIFpNM30gzTbDKX0EyHAMuzgseNHlxb9SkMtginA0NrfbMIwo/vxQCjosUv2i1S0
3SxzTsPXaj4yBfRyOvRnKnQfiLkUevNlAQI+rnoJvdVDcpXM769otiQQaMaa8sBG
+A+D3m74W6WHf2TIdpFZVVnp3sIJ1FFRO5Y1xsyjXSybYTzX8duofaquTN/ZNztB
VBEtHLJtvVKaLmimo40ae+Frg/R8oi8I2owaO/S6V9n4pU27S9vC1IyuyuazMyTC
6d6rWtyA78sg8j1ru6tmuI04z14hx4UTg3sZFjXT7kM9Lv/57ZyU2ncPR7qokehT
5mQuTMlk58D+/svJK5aiAQbrP1xDarnCovtFelewOZWCjUF90PC1HuqKLuytr4HR
YWqXPkENhfAaVDUsAkKnY51OcrsLvntxg67nQmmxL3NmaYaf9mXEwuxnCgF1IMvP
Uvw9cQbdVkEdNxR8G/eN53898gcTXnFbaFGIZ1NKvPc1yBWai6Lpx+NQoJuyVE6V
JrT8vzbIHFxEzB/+3zl0/xI59gIPYciswrKpqiMrtR+oAOPxooV196vAYOdJuEZm
2xSzBp0C2YdQKJnJUlzM9brD1rPp40GPionJZPiV2oNBYxL0Z1aZFiKw2gNgwz/S
XgHdzUJ1PJam3o78wjrwl/zB0qwdkvOpSOrubvJFk83z2c6S6I7HWqHDsOUBjU22
yf8jKG6Qt5d1I35kYckRyCj8/fnly+70UlN+OjSYAkrvsKpECMvjzSC3ZeyuhOU=
=6R7D
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T23:43:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ//Zo1bsLgKMrjB3/3VRXyXTo+plRyd5hYzmKc3ecC7XAYb
coo+ct73coyF47hsnLUlyVucNRKdBql0V48mPqpWZAGZIVDVSVeX5laWeKmXeCdz
RiFBTTwBv1jasDQA87rMRPc+XbX5Jb0GCmHLF6RdiCksYIC564BqLwgxCvGCResZ
mHLek07gJpFiYa1Yvjds6kn3+s9jP6kTwbbCBziz8pmifuasqlYb/ZRZPTgO+yGh
vuanXnhFiJZQoY7kCpwOEbjZYTtmt0buqyUsY9wWmwyM8T7tIdq0BsOCSGxr7nQP
KLb0JJ15aQKLeZBQbuLOM6Z4fkcn5mdfsJ/UTackq50OSmUya6cYC3LergvLXf0n
IiyS/+RUzVJ8qlhRBAMvy1Aifmbb60px32TXSD8T6tyed4KxeAuGblDyNVJm2Rdy
Li8/VpX9ZnSxf9SQemw7mi7iyIXiCU0Vl/A2/LEIMN4Hb+0AFKEbN1zZRGSC4vFh
0JMaiGl4TSTV4NBHRhaKGZvWnWbtR754V6BzgHMdsL5NHo2pgMQ1cwyMPDBAECDw
K+z0pNuIksZTlb08PHsQX/PXvO20QFR210Kd3ObMtBxcEOdi6Wk8g+udVzBCY1WK
m10LA3ocg2VupzO7cAfO6/DfjXcs6QGD3gtJ8LRt+CFTLgi4m3M1KIZJF7FlTqPS
XgEmne9JRZGPY+vblzx2RH8nEfLIsEBnZYMa8eUFC6dYZkK82i8xI9i4lBtyXUBN
f6oQZ5dz69AvJRkdDu8/iVMHtwRXcGYuvn0v2+qJooHuDoAwujk+VFNtzRDJhkM=
=sVQm
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T23:43:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqARAAgWks85bShgeHgNHxjIjRJ4/ytYdHjxj2haIjNABOHjsE
4HD1bxq2XcH492qsHzCjvGJn4x57H/CnUJOp5TacAt/CyR+rgr5ChuA8pecJaUju
mUenre4zHhu3P8bS8q/Qs9J3WdyVdm0+wE9RTfq2ZoRCFA+d4M7VWg9Dw56UM3i6
27Xtkmog5olITjtzWtF/Uuf0dr9sTxSwHVqddUbzoQs/vtCKyUTUEtz46oBXQtC1
+jKu1Xgj4rbaajEOviQf0DQ6zDkB7ETtuOCDhnQDFG+Yw27mBZ7jAT8l1ykEuMl7
897x9RNOOitTYkqKjylEeSMcUUyQrOuLLhuBSnC7/vroZEgNc2Wtj4M7Sq8tVMUm
psSZ9lYVbKNH8JuAVZj3YHhexPVQLuHcnHgG2tdUZ97PB6+yI5pos36ItjkGtM3+
5jMCPLAKgrlpAMc4xZmktkXZV4BkrCvN2E5h7HXnsKjQaCsKsn7rD33LNIx/XB25
5vDZjxfGHwQrkuq/xTTwhRO1F/S2OK+JBygHcrcdZKMDhMDTYYxf2bwgW2BdLqxZ
DoenMkq5fredvkB5qpoJEM3iXcy+49SNsBBTRWQXoWl0tFAfU5+y9ez8qBw9QY2r
q22UFl3JAR6jEyLpH1pUL3LD3lCop8ZqZdo+7Id4gnNHDbt6njQwSAsSGGDbylXS
XgGronOVF9eWA0dPz7CW1j55MrgbCXAvIPVSMJ2tgxN00u3TkYc1aHhXe644ZLF7
guNFppFmxmJXVngfWoQhcXxLRJx/dXukIt5TvRCia9ngpNR6EIhL8y6ROlWHpf4=
=aYRJ
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T23:43:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAdw3qzfTgQK3KfmJ/Uatv1fbVqQvR4xTHLssc8Sg9N10w
cDMYAvx9mKVWXwzT7NiZc66a6/juktGAIdbEwXCz2tVAp7rclaiNNUc7G/WXqUMx
0l4BWPcWxzXmDmZkZzaFRioScTXg/yE2ncbUuouKq3gKZrNErPCD/RG8MMkve9XI
iBOtNwicXX7l3TH8m/7eOSa9sLJH8mUafvVGWG5Ri2HvbU/EpctFi9YrrQCR8mgj
=z8g+
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T23:43:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAKEVSFnlcT9WYIhkmOZkLkvwnJcCl4t70AHVvsDzZJ2Ew
Zb1JCI2E5xyeUB61GyAdsTPBCF55bXr5SD2UojCw91QcJ5EgRdZM4lyRpbG4lGud
0lgBB0VHoP2DKeJI7TltIFsn/5A4vykzGFjM3aK7O4Hs631Mz0qCeEO0hL0psAnw
0HcmzOKWKTC00BkZIf4I4CovFte6t29Q8BGR1SlPIlf5rrRRl3UshEHo
=6vZf
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T23:43:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+AQ//QZt4gKKhw1mV9eMCfD2jKSBsanAiAVObv4Qr+D0DyDe2
lkVaZ9A6l2+jUmcFG7l0FumcsWqbz/GR63m9GbXAQHrIXkT1MtR4LwAK3DWrbuTj
D2qWYwrKYs/Pu72aqqwacWRQxy80eY7tvtaFjXYNso/VIRRqwqKQWwTIYePce34I
E/goG0Dr/bVqTNnPMVoeK2N/JL/n4sMR54tEYzkEhveFCO7SyHaGxpr98vJFioF2
9z+inw3lKY3B4QsKsQzKSmNfs2QB4mMqJ+TBDKG3VdwaudFROtJ79wO6+ahzDsoj
1ct3YbsS8wZUReGxHE6EYHqYg05djr+DjsOvNbX/J5RQK7iFLFfIxx+9ep8/W63C
JNnnq4UmZuolPEDEJsQgv2NOppC++amAxHpSKl9s2s9jy3JrlNKWLov9WOHsihVn
ZTs7Os/UKQ3r3cq94Xa3UJ7xNWI2qMwxw/pRD9Yy5IN8ZJjtcbtO6paaNWxJkNV0
o3n8UM1Sf3ddauj5GG0BdPZR+NA82bSSjpm+Vnsd5QGwNdWa6NOMW4K5HKj56/xB
1kjta3TimXnGVGYzt8KTAmkdhChU0LeM3MBvF8/IVuHOyYkf4sN8Mfqoy7YFca4Z
UVw/rvMYRgy4ORMsIDg/ucDoPsF/oPnionQIXmY5GMVsV0VzYuWVP9Mt48+W8InS
XgH7xkrrQno8PqHaPc5C11eJFBxw/p92vp4Y0BwBQzcmt6sfO/kLFYO6FdQ9EQIX
7ncs9anVdF8Hcy44N+6u0eA1GY5IulkHbsulvW2xek7wT4IqWC6tMwVrWrpq35Q=
=qx+H
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.10.2

15
inventories/chaosknoten/group_vars/all.yaml
View file

@ -1,15 +0,0 @@
# ansible_pull
# ansible_pull__age_private_key needs to be defined per host (probably HOST.sops.yaml).
ansible_pull__repo_url: https://git.hamburg.ccc.de/CCCHH/ansible-infra.git
ansible_pull__inventory: inventories/chaosknoten
ansible_pull__playbook: playbooks/maintenance.yaml
ansible_pull__timer_on_calendar: "*-*-* 04:00:00 Europe/Berlin"
ansible_pull__timer_randomized_delay_sec: 30min
# msmtp
# msmtp__smtp_password is defined in the all.sops.yaml.
msmtp__smtp_host: cow.hamburg.ccc.de
msmtp__smtp_port: 465
msmtp__smtp_tls_method: smtps
msmtp__smtp_user: any@hosts.hamburg.ccc.de
msmtp__smtp_from: "{{ inventory_hostname }}@hosts.hamburg.ccc.de"

201
inventories/chaosknoten/host_vars/ccchoir.sops.yaml
View file

@ -1,201 +0,0 @@
secret__mariadb_root_password: ENC[AES256_GCM,data:bevk9PiMUAP0YBYqpVw9PLEz9ITKVRQ44Q==,iv:Qjr3pOWzcDWUpJAakrn31OCcvcaciJLgS1Zp+YZPWPA=,tag:DB1l6lsy+aHa+U+QLAM3tg==,type:str]
secret__wordpress_db_password: ENC[AES256_GCM,data:QsvJ6NH4ySsfSsP3pWEx04vxjIph1Wk/jA==,iv:AnocV/jXawXPxQ0dLSw05b38ULQuU/RN2G21/1GpTmo=,tag:QlSCnuaQxCmJ3XO5jjX0zA==,type:str]
sops:
lastmodified: "2025-05-04T14:15:03Z"
mac: ENC[AES256_GCM,data:Za+XnpDu+WTMEUgZ3jnG9/4FOd/emfdiaLSGX+hfkuBSurlqFzVHpXqs4kyl96goOASevkiqCSXwk+DGGNTvSRDCoAH2jMfwUHh5mGHFwXKZFjraVnLidxyOkEg+YJ+tzJ9EHJ7MpQLYlHgGi8Xrc27n3+gpjni6+VhVYiLj4eQ=,iv:fQuTnJbsyNyphHZF6T9UF62jtA2wDrOxlPzW6XwsdNk=,tag:T8P100qKnYhNqr7oJaY6yQ==,type:str]
pgp:
- created_at: "2025-10-13T20:10:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtAQ/+IosfvaYuM7bZdXUtdanSZDkss7wW0McZYkFUZOjeersP
EFkcPo7fvcpQ40GHL2Q0hbPiSLFnoTIVXxZnYtP32OJaz59CCfGc8pm/UjP/mQ9k
LqyfsmpSHtQA5as7EYpq5fMsQVDizW+8Ie/xEzbsrrlv83YeEqtcVIhMGcCcJi9R
ZJB4UtiyPq47Zlo/5Jcaa+xyOJn/Uzqkpz2byKYWacGjsLuuC0Tjp5jAXh/KARcM
lobUcm747MxXihHUnaFxLVE+8DSM49axILPZ6E5gPMDT3PLRKryxbLyCYQMQkEds
AQNaXTPAJU3B6WnNP9/dOX2dsspgHvLpQVDCTTjI0jXXrJCcdbOTlG9UyyUZEDbx
h2JqlecBQ06FSiA0ON+DJy2Xg1LwzcQXpf+nLpZqYi7wab/celcn1EpQXI2C87Hv
rgWO1tnAAh152QYaX/sBKiC1QbomCViOwA3e8UGBC+WgBNCDWtpFce25kgRFOs6A
zdiGO5NzJsmdVF3moW6f2v+nSZs31ziQeNDzIY3moJTbwebXZ5EMfK0g51nwAp4a
fhiTTu7Bb85VJyGzpQcWvkauUOMlYMTFenLXj3jr6QzFGy+OuGcuJyE7MSIK4pdw
hO69qGidvepjHI+nc+8+VV4t3xau8hsPM+6LFFd+X/ol1YBlcy0Cp2edmJveOX3S
XgFFVnOdot7zxsYDAYQjRtrSVP6lvingK7cYnMnou/3d1csuj2KnUmg93IX5veRm
ln56AwW2LE2L1DWBJblXX0FlA4j+s8Vz1mSaTRQAb2fH8miBjFXYhfo6Ts+GPuk=
=kbe2
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2ARAAr5dNAp2mqlJHRBMy88OX5mAU9ZL48HaxwtAApGRcqzdP
JL3MhhUMEsrk44o1ypQBEf1d+F6qqtEpbbdwYkonfIZsLtwQit3f+yhCI/o2GROi
tP+0Nhj/4SJh1r4c6qcbAO1j1/E6wopK3TIPs81jvao3au1lTNgkw52Yhz/tF9Rs
Gn2RWFW+ivpb2DJPL4KMw6HJC3CN5b2sP81vdxFxT/Wf+lx0JQWjSSot4wo5bgIC
xMkwrNbN+agAm5mOv6ra3it9+CzhX/4XnAhSL56Irx6vjy6JudHPre5eUR3ZZ5Vw
bbIwJBSUCk/rLzdJak2BpjOfqjIw4PcIdFD5aWH6KIE59pPEbJ31eZEqBiRX7rcY
mH3guxkgvAV2nMpQa1UrMSNZa7Pu9fawEA6GMzqRhy8uL8EnCl63nOE83JVh/fgg
31zYRvrMfgbwNcr3bvOB7cCH95iEJV26B+2oBp8r733EPHc6ZA4/j5dvebXTwxwn
/95D2XvRiOZPu0Et7I7GYOJobfL6tD43T+n4V1oFRqvjJUc99hNw+n3BpGiFR4/L
qFi8jkasE8i6DgLqU0pHGnVZxEyZkSr/fqFBpOx3vW4U0J6qgjVHZvZq9+ChHWDM
2vHB6JQHOAZv7g1arlH+OZErE7GanTVZsiwB3rll4FFhR7HVIFtXknR5ie5qsDPS
XgEkB65zknz+Ra5mTtvSN59epuPeJLpN6OHSSEfI5wJXfRzxgtVjgEIhF1UhDaEp
Eai4vv/sD5dX++55/jUEOwKP1AslcrwxdPWQL3Mn0RDdpt1ZlbkdKfofrGuR++M=
=SxKy
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJAQ//We4uBivofpNlzGUgviNEKCRaySb7BOyWauQ4ovSB9xBM
5k2G/7eC4JdZlmCWztDQAzsOwauzrusIz5ZvCSWuW38ydsOFp1iDQZylx5khDBh7
gubv8lQcr1I3FC2SX5JOzhVRaVqLjh4/3k3OnpaIGm6KJHjLCd31X6Juas9xVWoH
IHxhSVaoQK9GWXjESSNf9GDP9yh18GibVlQ02X8V9G7MkDz3ttGW3xXMXrGdkPOu
uhYlr+GeoAbQ+fcBLk7Cre5my9VyUHhIz+WAxFkxEbab9wqUDUnXuFgcxHOynfoM
TJa0PdlHeUy2Qh85TI1Fo0SxErHmNgDXQhLulLDSJbiXoUN9TuyAiQW8qnnQk6O7
KH05ahvrK5vOXeBv/QIddbZ/TbB3tRIEVF+rDaJVZK6VuZwoSvOg7trO14Wjn4+y
mAH/fBKSbDTO8cFfYVJn0ZubCIsealOGhCCaaS4z2/m1/kzqE50hCtcagESbJQYk
v7zI1fM81CUUiQVZB8RKmwgQrs1IEk9Y9E2Bve3AuFAJQVx5u6teklgJXtr51Iw9
7H+y/t2R2J6Z/mQhZ7QcKdezkrqaWtWJox3ZMjKCjrzePXX394DXuvnz/6QAVue7
6ycKBQA7B1EH7GhUfBjtEncqxWmg+Hn+8mIAjDtk9HK5tIDAj+tnpgtdC9w38QjS
XgHC+3QjA6QxE6k0Wm9Hg9NFUdXNUAJP4Ok8MqT7DdwkVFtXJExxgJUhpCHrRA5t
ryeh6TU3lpxMsePFo/s9DZ2wJ+xrTKV0oiYL0D2oD9tJ0weF39feQDoDicqwVqY=
=e4lK
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ//UNWJ+gFT3vUo3uST5HzxBh2odFv89z39XG6BTjf5zSLs
uUuwyjzwNniguaHff9vU0s5EXY55D6IA9Q34hNMPDG9TRettwDY+pNkvHF56zx1B
pZkRKqEW2czwM2CYRufLjkaI8Z4dysMss0itLCgY3ip/fwZ/91qQmZ0UsNw/w8Y4
C6V4cJD2o9PyaO60iEMB4QTvCRtyJjDe9pArWnGQyR6hbH7b6wI1voWP2IA1TGXZ
GsWQR4+JGdew1o92NDLmbyOLcw1aUZ1WvtuVAljwHuSwm/Atl2uFVlntTJ6YI57K
tgKi8afbXBiGG4Y5KjyoViJIkXQsGyqN9NBoRUEfUtf9+iFY0blTIeE+077WKhUY
Ql83rMMMDy5NyU3H64WfkUMJbDk6FVhVHEsBrib0OhGGCacHgrB45raj69O4ixR8
PBXEAPbE+8mchMYLsQEG7Zu/qLFiybPKF683WHsHQM3WGiC1YaIv37WmyHLEZEQe
icJ75ZlsMWWvmF0BT+Fx+JoC80f8kh4EMTqiVFcqXMtvye5XS1/nwdb92k1QGnyw
HhcmqnkmE/cso9le9Iqjqf9AOVkFN7Ul/P+husp7Kl3CXAsL4jy1yAPi6sOPlgGv
yBYsOzYs7UAAfbydZV/mafx1/LGd5dt47HvQu3FOlAZ6AQQLqHmndJLLMD1AP6LS
XgEDk5ll/yQTuHRd+4170gQb6gOORrCVCJW7aDQ8ShU/FdGsMgm23RlLO/85/yo2
Qp7SqAtnUwZfFvDs+3gHpoGE94Rkp9N2D2eirn+yZ0uk7Ak76JafPNZ9QANQL7w=
=LrpK
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdAe+GkmU8o7XoHMyntQtPEbV5zNqUgrcoWvcZ+MFuajQ8w
7lyJarLC/f2j/HZ3+lZlULrMjFjXgBf2bNXcOhF1nwO11R8+NfV0xwcpvRVSuo1m
0l4Bpti3RneLHjS9OcRdIz/TzcTq53L8JtD6F33f1NnrbE4Sxg6HvLbchuWCaXh2
FNQ319tjWrfndWkLCFa/UlFhA/kv7H8JcISn48pmFv8WGGzlb0zr9LS3Gh3Rfk/G
=c3IE
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fAQ/+JOKaKiQeu7RN+zUvKcsg6N+IIOnPM+5+5KUqum4bYHGX
gGQK86Q997gUr8jj5RVd7Nx1iX+XZZwl9248Ou+mnGcl3C2lBK0figPftKrZBvAv
AMdKxBWImfPoyggoLLcRdOQB1CXWohBkvIz5bwF+lBNTweR0FCa+sJXyp5Yhgdnz
axgHkEP0QWIDK6w5T4ZFxwtuOMmL1T22MRvDllMuv7TMD1vXESOaMlKXbFUXrKC1
+/+nVLNgwL4RmClGZJqMAyO1rzquui//EW4yiF2k9G/oI+2Ewa7/E3/Ln837rExE
520P6BNPD4oUZBOES50IQU2JvZuzWkBOuOAERt43PlpxT7psGEFnGnOyvBxL4BM4
UVh2FKzo8oTrLsueLLe55VolmjecT3GGnJT5u3aK/MWjxEVrZaFz7aabC5mnVZlC
EEDOl0RzSNsnhEW/QkPGmlEjkoufORoNFF0Ezsustc3HlymVh4Ar//QBYvQcigQe
gjSb5gXhMiLVTZF50Z30Bss8uAr3zQVjoSQWMnoatt64/CDztKVN5dZwx7qMG4V0
m3VDV2WqGotOiI3Uc82COQnRvUw9dTC7qf9/xvsm8I3EBUbMqVELScDA5C6hY4cz
obzK4t6AbwOR8nFSdIWucbw8FT5/ENoZz+ZiqQCz7fPN7/PzUDJOt6IpgGNFp0bS
XgF+XHxIfU03AbOwdEU9Tv/NOv/s9AE80fk1BBDNeFJr5ggnnDLq6p73zcJkMLxa
BzXJrO+VUQ5NJ44mIvZGO7nnOd90pqSevBvpTiu+1W6867nMgdCVPjaC4qQ3L0A=
=aofb
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoARAArCEwTYQAguomjEj8jk3byLQvcFbtnGHHVLGPXu+OGmfR
roh8xGoOTurgb20uGVH0z1aYuROnTkZoBKuxKJvZl6r+2Dkk+HIVwtH/OpLgLNpl
SF3FyygJInzZ7WjXAEltwCR5Eprp26k2VMDOXPQ4SxtcGEwwvYpZ9svB3tK88gnr
veWjgsrSwDD2wrz+LNo4vWMal9GcoF8efarx41IapR1201ptvEjWWJL5NE9Ze22i
7wnxtVB/H6BP9f9P/yzfjW/KMyEAdkBbbpSWCzO8iVVv20j3Tq/stDb6gXDqC7w5
ft1zxyxdWk7+eSC/n72zLYF94bO3WwMOr+2ofSs2i/m2yfxdmK7t6cm86D8auY9j
1CJn6lQcS8uy/HruWksc66xWUTMaF57DWOHB+qUK8MfEcLSJTfQdrpVHE5S0gD84
pgJv7DxI/UY5M/GVf71ZdSu78Rkcq6l6cYzEdUqQ0/qk8x9llUZmxQz+KJOlntY3
RTx8AvHT2Jc98eS0jxpVRzs7TrSjSZJ5ZBzCaE44TbW+YHsdyErvy0M5bOFFnnNo
8EopvHpGHKzcIWBPbBO1oWxEmDfTPlPQQAjTeK+y3ugQoqevmyHbBZRFL/22mhRE
+wboV90XAgzMZUSh878AWvaUoT0g5hY0D7AjYOTkNVBHcTFzjdq8txcbXM8nCQvS
XgEittw3PSSyvbygsPoogLaWkWJKeBPEFAFW2ZhjNrfXGKAi26PZzTtyM6ZIOKmK
O4f1wgAET7As+EmU+1tcsRpJf0WCpc9MAZOqqwiQ94eAZikt2ARc9psv01mH/AM=
=Lza0
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ/9HdV9WgUpLimmc8bxANWzIWryCRxLRoyj3Mo61VX5bz00
fHDltJBQDCfPqEL0sTLGXTFhVMEQOnxWX6EE5xiCD7+Ys5uTjbNQrNcG2b12Ja0v
hPB3IoApcMAwffD8qF05VNOnMqB/yHdcqOHjL0xh/KtkfdcWjqhNqwLtQb+1Dtez
mRjaC8EwnzDAEdIkDOAIX+hhYcGXXLMNY0fNlWhecztzJCejcCt8YqIaR/IlVNhh
/nMpL5rWIWf6iR/+/5UHUqaSmFwKkPkvmzXaitIN5h9OuSIMDjnMpsHmU+IOR8HH
Da82Z1O2hVE0fbVOMM34d3DproEtyFpkU207kqFVGudLX9Ok+r9gEsMJVAOi3+j5
ysgke1xNAXLSO7tg7sGXpOLYb48/offwTBVrETKjlAr6nWtd0sxLJBGPiXBTofX7
15uwtT0zSt1uH3v93O6SeNLdGvxet2dHukgM8+h1SUxOmSpdKGScJhCd3X+mzloh
JUlr4pBW2XV7ulH2WOv4izZEbRh+PGPvUbebYaCpVfEAxHbqISZUTO+yG2Z+4iMQ
2bE0I2ZOxsZt0UK5nFnq9YG4sAjPnroh2mXMRp35EUT0yo16i5h0ZkeWEUyuDfhh
I0YK9rD7e9ZjA5No1MSjIAKWReR0VrLJSnGqorbjDmNW+D8KlIlXTKKN6/2hZSnS
XgGQwg0XCTsS6QOHIL1e66zC9pZ0K9osxW5Rpqd76Foq08/xY0oZKpYPnH3caTdC
j/ghGkzN12Z76L1OSDVWbgwImQgHaX4VsYiMG8NxB/6MzY/aVUAXgOsjm0htvxI=
=pvas
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAARpxP1zmv3LqcHwAQCW9vYNfk4DR8PLZb9TwTA7Vtw4w
7UpJLEhacSaDrgEhlNI3kTe0VgBGOX+7xp7JLwg+OGT/3O1nHo/cHLuXAZIBmMFa
0l4BLIf4+vmvYQvG3blC3F9aeL8SfZE0sWxA+V0GojQgV84LOxb0UnjUYEQWLXQ9
eZ/nWgOPwsbcurnW/WtHpsrqrQQ7a24q+w+0kRS2LaJaNtJtT6lPWtl/WL2+AQc5
=UyYR
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdA6CEqFJge03j/S1dkej8ji8uiiwYI8e2C3DNzSZ4lZkow
6xAbHyeLLU3MYwq0w8WIX3H6oPv53VFo8IF1dyh6LdcpZhrQmwxFgy6A/hs95WRJ
0lgB/NhT4QrJb1EOASmKjTbcaUgibCflVZwCjmLC7SH3cKPvNeVhStTm2WGOPHwR
PWrv7UxFByIgB/itd49BLayex3V7kqYqZevKfbxgycFMA9O9fLHtVrJU
=A1O+
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+ARAAxv8X+QbxGoOISPxHZFDJefo61SKQDXKSY8Mm7LlGG6b7
+6d1hwEUdg6QshLPtLzKWzfnXQrcFFO9ri48/kwro4zlSAok4pXKB21OZwd8fKMu
rSvroEibSul1wN++sya60sMJI3Ia7lXBEKGygjE+iNZ4oHXKSecpO59fEQvg2hv5
WrNqn77Y7OSyIUhnaP0WETuhy/iGuXNGyHLCdimcIkhj3fi/rliycLIravBrQ7vy
lI940fPkuv9iKOvoHah28geVdGIRAe9uHv1D3dygy6aGBZltP7ewuy5TKCoQ65CX
h5GJqq02ACnOQhKm8vS4c6/7vDxCcZW+OBgb0w2a8bBvzm9OV8ISIxwApJBSW4Rn
86xCqKKygcZP35lwGGc7DQFFcZIhtHbSAOz8LLXbcNPxKsgMcWZwASobNgDPlSPW
BHAr3ytdHcpHXh9oK3rlOzuPcr30LcEhDXY/5OwD3vhG7tvs2RBpxYzQD98p3lPR
3Y7AcyvUDY40B5nN6IFr28585M+9GH+IpklIvxE4FOVbTDLYcMD8tZVFMRqjt9DR
s2JqacCkztxYjTkqgurbIppfv4hNz2JsBKk7RQf0UT+R3Mj/NaO6H0Zxw36+RI9C
GA51Dcxvrzqt4gZhWwbcF4NCialAjx+ZVX5Gj/llP5He4Z6g6ovEXwVoZtf/yvPS
XgG7JTpjoLM4pAIRakxhmzQJuxmyE2xU8MZXNL65NW5c0KNtoZGATw2q/9BxCUjl
ef//IDnCsHgWYuPTmtte30BoxqJiR3wDQKRfl2jqR+pjN4JJeMOwH/t98XDhZvs=
=Esah
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.9.4

6
inventories/chaosknoten/host_vars/chaosknoten.yaml
View file

@ -1,6 +0,0 @@
# Used in deploy_hypervisor playbook.
hypervisor__template_vm_config:
- name: STORAGE
value: nvme0
- name: BRIDGE
value: vmbr4

202
inventories/chaosknoten/host_vars/cloud.sops.yaml
View file

@ -1,202 +0,0 @@
nextcloud__admin_password: ENC[AES256_GCM,data:R+6uuaDeQWSgtV1Cp7YWZvF8LYOIhoz1K7WVKerm67NLbLRpD9191DyQH13v7ZQPvIce3JzyrWqoyQigJQIQqA==,iv:chVGvTY1Ge4OwrVbFkU5IMd0aac5HqslddQEdY8F4Es=,tag:slmFXStGVf6eJdPFplqKjg==,type:str]
nextcloud__postgres_password: ENC[AES256_GCM,data:GIWhmhiDkOC6mQAqNe8aKQ2TpTTYQJ44jn+P1hnpAxstAWLUTJZdxE2DHdjhZ9tV6kyTb/GXANn1UtgFzxczbw==,iv:lhJAZF4mJ09jVa5DxtVTfMe5FqfjpQojrI15kYuXI6o=,tag:LvzpBXbBQtNvEnCDNphUqA==,type:str]
secret__nextcloud_smtp_password: ENC[AES256_GCM,data:9UI+hMDQqM6Ui02fpdscXj5Q+XfN3t/g1MUX4blqd/egoLBtq8R6YpdK8wf6heqXUck6VVDgDLFnpfQzy0cqzg==,iv:dkTN/pj0YhLqEw6Sp252bKmnA1RaF9wfoDE7naGN8Ao=,tag:1Bg/ZoCITh7S9Ps617DKTg==,type:str]
sops:
lastmodified: "2025-05-04T14:15:59Z"
mac: ENC[AES256_GCM,data:iJcBQZ2Mpa83/bR1BcTPh5PGrsjtyQjtAwr0y/bjOXrpMjoCiE8nHl2vdfZIxGYU+v40nkgYhXS6wCIlBZgO/QgvXwVT3Qm42i4GSx93N+jV8j+iB0a1kPJ/yHAPHD0zvWF6qlNSAeFWPbifLMXHLjijZDud5LxdW2KfJ00JCuA=,iv:BTUVSDYfKJI18GZhiUC/pJ+Gbuzfk3GrJadlOapw5qk=,tag:f15zFqye7O+L1lTp0Z/8jg==,type:str]
pgp:
- created_at: "2025-10-13T20:10:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtAQ/+PY8+7GETf0WcH1rsbXJ/IJWPCVTxGk8c+ivcgBm6hN7X
ZwE0V+3smhB4kHC+EJ2R3rV3URB1LySrOt8NCVrcH77+GfWIorpcQ2cJpLHpVvd7
krAyGaG/FpEcLUnLGM/qrfSiStrqaQwAIie+ogl3vls6ZPtDjgdvwclWjCfngesM
nBZhimzXCF65NIqspw+WsfdPWVCoHdSGPFV0uXy3yOa3mE8QAchElnnwYDtjB6Vh
YA0aX/MNDjq3vxrLnH//TSZXJobzgu9ecu6AaR4ZYDuuvIyXc0wajzYyH/js7sxC
2xjyBrKk+EeojpDH+jcZ+kMTYjJmoxmXUzznQKRW7zYN3pwhTy8bZu57EdKQyabr
SMddY3+DRPEe9gMqbbbaNUn3XdbWCTHCaolmvp+n1g7+u2oIH/oRa0aIe46l5CJH
qEYsPdP60XZ4KJZZMfSejnAwkksWnHJu748PF2IqikSHiHW23nrw2wiL475SAbCx
t3kA9lqUwJHqxc5j8l9mbHF4TlvZV/nEnibQmBqto9IihMCLXwfXfgmRd6eIfJAL
l0feN4c0xeVtl+ulCJoS/MtDbWK5zPnIg0Jtp/q5FPmEBs0T02tX/Hi/rtwH+70c
N/wqCi6UI6HYfR4eZlzIrrnebK0EfZZhvglO8tuOzLFCyrrfIHMHFBlKrB1RiajS
XgHSr48HW2688nsdoaOQ6h1nVAfCSs2dDzvkg6ODfRi8jOsCEYdFOI/4aY+ImKg3
vBp7LaHOAPsmRHd2mpychyWnzbLakl2qoM2cwZR2hqbQyl68loRtOT+9qtK82vw=
=S5Ao
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2ARAAt8BODeKoqbfIwq0XiauI06ez8SR+ycZVyscg8VQKs4Qj
shCzJkhdA3wS/0JhqF2pAtPHDpkQzrJcZZcetv5h7qfL7QQi13rv+Uz+a5R+Me50
2u3HCNQRKF9P9my67gQI32t9Z5UGCE6v6xZHlbETPFXfBq+PJzVi01i9rM5ovfMx
cWS01rn/2x91BW/q8LQ/LD+B7ygMcUsc3ot70gRQIF4AGhzYjOpWApg+2XhhSBr4
rBA2fG1SqYWus1k/2iODDF0CtoeqHykVOeSfeO3Xb7qP3Sjc/Qz7HGvabBy+BOPz
H1kDbQRFCILBYaeV5SrwkAiMZmrcUDJ5UnYQ6ZhzKro+YaS8d4M5psx8+1vbygsl
xFBGljRKPAR8HkhG8KvLfXs1URQzBu2QgKsjtADsF0avvHKHzZ939pHhYFcPVGmB
33vf+rPMJwl2g2pDPfXgqevwNlfm7M8bsy5bT8Ugu33E2hCH4Lun4qnFVkqM5Ea3
4yk9WVMXxS5kyUflGhvV1Nz2bw0Oyquw1y++odvRfCEha85ksge0sgQ2FimDR04I
ZAgyGdX0Q8gW9ufQLjGa7ewivoACsStf4Zo8/n5PpC7Nv7Z87ysLnZWkin46ey+F
vruU4ewcbKV6JEgxgPgRDBLmzuXhI8qccWOdRz0gECk+/x8MXNKLRqO0XJAhyuDS
XgGGoT0loFbWp85Pg6j6ahDDmfHEUzrA1hV42bicbE30eKinISX4Gzv6j6wCnEpb
A3pe+pvnT3V0o8M0dX5CiIXrcIGjurE5+h+2JPreYiM6Rvv5HKi7Uhoq8ICFQ4o=
=hSIx
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJAQ/6A+OOQLzV5xTWZMxPir0Ue04LG3mzhmHjVOmEoDA/NIx5
7Kc3InKN5a/S8HtjEHih5jFhXr3UPm2uik2PxGJp6FoleJrOEA43Rt80bL4kbS6K
BhSijFHBlIOxbJTC3AEsrC5okQqAFo18bJVtcljWupUTGnys3e5UXses+8O0bkOz
hKYH0Tfy+NpqoTMzV+V8O3GUNJ2dGVwdc996IMYwTcWpYchzXp+oAU3ScDmgYIeA
tc3L60M/zgRnj5IE+cjXwDqwkyaq4izI6dsRrr4ciFzoHlTD7lg9jA56qhDGAebt
cvj3ZlBnlSOimVG6PoOTZyjm9YGmm9eN+dm8iDVjigpcqo+KtL02MOSi/d9Gd+43
7P+hPALvnmvh6wcaSpUwWalUkFWF9iP5+OEpUfzTtm7rMUhqlVk+cUSBMhkbEzer
wt3bPm+L4mqZaoBnY6jM3DDYgZYZuUg3+nh91II6weTZAvem9gD6AZs2ONQaTHx0
0jjvw4veUeahfaM+OPDN5Qx0jG4xJEXp8m9iMgO/djeyXB+jNatfKI8i1UfNZzJj
0KUHQtNTa6aeq6dQ/suTGj6jAqqMuBBj4eVrsVIXrgk07ae/1gcNTAjFgYRkKa+U
qo2MCR82rPwAgdaKBNxubYHOZ5N2eCjXS5B+b0tPppOSYVsH4TSnZdbBFM6aiUHS
XgEbekTD106zwR23pxF8NshsZQQLEG4voGOjPUxGCkXoQTr5ET3e70a0/WmepdDA
2zdqv8uh/d7auM3qFKhKGKQRk0Fl8dWCbzBkQdHhfBQkYce18pps99s9cdR6VaY=
=JylG
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ//YsTDRh92ztU8kyua+AcF3D5z4t9d+S3zqxTJQG0Xjjid
z5VAHo9kUTQdKZ7CV01m+yslTRcHkOiKoUQm86Af2cDBT+YhJm/DxRVV/E/7kzPA
rORX6uhKeZQQ/nXY6LXvaLIbCNCdC1OWwnd6O4EBOKfWXHziHQCXh4h3RZB748sa
JylL++9mxSkXwsTrrDuWhMlH6dRDF6wAkU9c7B4QbBFnFBMOZjvCMKcC35yrEIXn
8/uU4bBDyj5PDa3JCfObbAZJgG1zdPBza+lcCz12L60b/5vdy1pGQ5Y7LnJlaWF2
4hBwKODwK/Ba4fXjNLrUJULexqg8iDT52ab1zEGii07REIiZJOmbBprGN1qW5BoG
YvZ+rOTE+SG5VwJKHYzPd2n1b+awFcyIb3n2sRtF7TEqthTo+3RwK81I4D444akc
da5NiS2y5BaH3UoRUpS2Rt2uMqbiyq/Ge7Fm3Gj2t3DcHdYjb8ry6HB4SYppRA5B
gGE7EwO4g2mf1ee2D9nicPRaMnba+JeU+y74m2MtAGsxyHWRFX2PuRJcMlTRXULm
nZTAcsr6w1MeMr31tOzOzNIFE+R5HbJ3iccvr1B8NRq//yOAerd8DSVpEQDtCEMZ
dFad+s2x/AMH56eofe4WCchk+x6v2/xnmeq02XFWwVjSt9UFTKt2NDdeDx6vJDLS
XgG8IPwF45ZHLsqrRzc/C9VDqv9h+s3oyPc/UsuSQYGZB3qw3qyXxGAzgIMI2ENO
GHKEDAGYxW0gDW7sFDS9r5I7d3/ulSox6+YPWHtIEIaPnDArKz6ILLG3cAAQjQU=
=/rbM
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdAuA368PGHvZRM8X86voY5pG2xxIMfR1RzhruWL0aa5wow
VCI/bfIVsn+6jusdHZHGgpe97SxszO1sJ0WwNwHr7xm1v6LMGHAYW+VmlokVjGu8
0l4B0+KdFfsddFiGkMI1EWxM/9IZuQyo9JanzK4IxLD/VCw6QEihxnyzy8Z39TB0
XYD3UrsNwBH07dNNiB3CHoZiI7TZZjV/9hTi/4hjh9tMbol58HbIydYe+/gsOEr5
=fR/o
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fAQ/+KDS2/uNgGlSIysNLRBWuTkUrF6hN/hOOjQO9Aw+ZnjJj
vEqG4eMaEB/KObRxA4h+ymYPXJcdybX44uI9/KH0AWqICT4XuekREyZX0rjvFirv
v2snZF78JsV/oDh8zzQNhgVMtgfMlQSF/+5R9RUFhKsuafe+ht0QmXDicKIjH1nY
MmrtXIHXsBWJfKj3Eijan1XCFa8FlApNTJsLIueUNd7rMwOht2Ugfldzfpjsr/qI
lbybq6sTfpszRhYyYXOhD9oxx4hOtiAAlEitiupuoB5YZQV3ulh7UC5o2JOfwEk8
qiEDiL5qnf/KgHXlnH8sQoM6ePI98VyBQ5uAliObHfYDNSrZO8XMgFezRc/Wqk1Z
2cCdk8mnEDra5HO6wZVWxGKpFC23tW5jVQC+Yv2mgDzkXKp6BHWjYuFOh3NJNEOX
AMS1/K63MmVud0Eqg+VgYwyFV7AbNSIbfR3VITc3YiHewbzE82WPQW3DUaw6XEKV
ezNI2cHf/m3HUvacTXrKpgKZk/g+6B3t1H3Hw9WhYyZLuyCSZ4kretn1knpf7m6X
uuIsjegZ7o5bX14kjiQ5l/fSRfJEzrifioEFXCUTF3iShseFUnhLwD0bHZGBD2/2
OPc9PUcV9OLeIdUZWo4/My8Vt+8Mz/n9kVwI1Q8s/dgoEDBaC4fXKhJVsCcGqmrS
XgFh+/S/tJTtpJcsqTSE6CdR+r7ir7Rd1EmkqasWwttN1GENo2pjvU2Q7FLQsiR/
vwUpEehtOwQY91SpUbQ+zr1gQhxxlLuf3ZarWKDGn0XFjSUh1p39dZx3n93s9vw=
=u++D
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoARAArTbO3YHUA3a+++vC02evwcpJ5khFMzms4v38qqS3FYBP
D3LKYpgDdccneirenmL5uXdDqw9A0GF/wqNXHg2dz5zz45fARbJVRJSwPwIwx60W
U3rUt04Mpks2WWrithsrP9E7pIP4vJ6urvxFR7nkjm4UuCN9Q3QBvGvlrKolnPNw
GyyOnxh77mkPNVeHdSsVXOFW096FUEWbmZ3VowKIuskb5PHZE18KwsT2fq4Ef6xD
iEvlPafk2Vwtfjd/n7LfnCQfoCCxIJVAJ5zJbQCQhC3j5eRRE/Y8ncklvmFUusue
2dtmQnaqoOgtcJbRP/UKhu+IvAmC+V5Wl9ZZfyD16/jFrY/v6uw9AHM3LP8cx4fk
62mxZ9mF7GuGayGVy4tnEha/3+GzWUcANOQx0qy5jtDF7qdA73ElZII2U5XA+eiK
t3iMRcMeKLETaukRlV4/8x48ebPxZT5jG4W5C2bON8zYZVD1ekJq4bW4ZTG1a3Qz
VT/C1LAg2VGmESbkTl92kRafxyOuyS8cdNQaR3L8cljRrH2vts6eDqidxVHdkS37
JLvqKe46UHLjNglZct0sMugoYk+7h5IwgZs1XJhFxbh33V3XghbmHTgx3i9tmIfw
+S0oGH921n5xwkEguUUPprdMZJHs+D81ouQLmgU3BwkfxSXqk7vMq7YGuxEYR9PS
XgEn2dMxdCwTOCdtWHySos2pgzMBlp4+N3DD2z96TMNhULawQMucCuhD4xMWEfzg
9OOTH31yuFEEKX+WNGiMcfyuKE5J//5lnaSVUePMazdyP34eIKlLuLR6Xfh6BTE=
=cyds
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ//Y1DAY406FGCJJUil2U0g/jFYKnKO6itcrZ8VtAW4N/ed
O346a0Hm9UqEERbI31bkgJjT3AtgcpaUY55mWUJG8UUfHitHOhUflk6gmtUY6CrD
KI1NpWyWnC2JzPy6f9Hz6RY/MpBCEECySLdIIrkucy9GHA+Wc+Z8AKsAUcqGfhEW
OD71BH5MbA2JWSWteTnNZPngsRBYS2h8Mdfk86fHP0R2oRk2XppKV9BFSnH7JgFg
yzSPQkFrnfUcrq1sMZCLZBZSLMoQP1NI6fXMSuF7uMlKEgrSY/ajB+9anjs68/7x
q0WmxvlK/UFexZH5LumiXWnxtMsKxjNLVkud6Sq1CQy5xAHID7oQj4GP4m0fKcYx
5rZbnoOCiTD2QL41G+Yf1gpz6J5o0DspnHIUW7+IGttp7PqjrTfz8HEctWFtaCp3
2L1z962594DzZiOKWCzp1bQxZSjId5HA+60OZNAIaRe7/s3dSPNao/H2MUObLBcU
zu6LekR2YdUrWamT0f+BqyFy44C5Phgiz70oNxqRXoeMOTxyV4IXO3o/G/hzlOMf
1+sIvqVJlut2niuckyUwlVRxi9VqLt/E5IIR00nGQS0KSo/U6zpYaof3obTo9+Xt
ayBvmHHSMNN1W7IqG4VD8WedG8jbzVxMN2DLvK2E50GgwLefrjv1hgh793+1uxDS
XgH5uOcFGcZYejliXBsGFpL7umCil5EPJM40LAmQovjxAfaYMnV8sqN91z/++G+4
mqnsX/u6INgQ2f59kage22fbdwg4raJohuV65qi1BnImDmW7FJ7TXcbQMCfM7Hk=
=Isfy
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdA/V+CVyLW0oVHmPyCi/rNqxWveQ4J+nhQ8WyMhSaIJGMw
VQiJjRAhN5pI0TWZ4KN92KThvEFBWgelWWMYSnw+L9tnS96bHw0h591mSUqznR6F
0l4BszYkX9VJXkzbq+aPQ9Z2K0JK9sjmj9PwC28r8bXJPGPRF7+e+rzCPUwW7R71
CS33s11YMkhLB3vFQF4I5t9UCYIHB0Ss1VzhjvQXe5tmPmh7ZFxXQD6vtIkLMjz3
=Bdmm
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAZyOE9ALOzrU7lxSS7IfFvRL8m0WS6wzIEM2vBS5nh2Iw
vGJeTxv5ApScEZzSGFruuhKeZWmsa53feCDVaNxH5eumwTBeQrDRAXGZMuSI4Lv5
0lgBQ81YtDbZAH46HfG0AEGumO9V9hXwKu3XSW7MoqEqYmZwzB6qn2Y9yPQ/RNRv
yrEFfFJC7Gm0nA42tGPctFJHBnHP1L/a4Sy0g1RZAA2mUiarpsddVEli
=ey5I
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+AQ//ef30XL7zPLoHqwl9AHADBWi3cuWJCXzUazSnf5c7UxKO
B+jlwNWhKfLHJsv8JiFdHJ0szBKxVXTZgIPpNIEhT1NwWqYF3aUoMjWYH1jlmbjv
xB4OlGQeRUT+TQY6Ht7RZ0SLKlbN1N7MhzN4b9l0ZIdrXYhCYTHghieiHeSA616B
m+Y2bPil8y7kj3c8qO1fO/hRmUXj8s6rqwN1Umo0JoZmEl5l+/+EOGdAeT8SQMHe
JqbLHF1gQBPrrtsqy+mB/oY7QHm4axxsQtu26UXBcGFZI1Td8CNvdInAc/d5JBjV
Xk6SP7vBZaYR3r3x7yPxo9a43IE1w28Uu/KWcas7NwtGA83QoEltdLIJCgm7SyZg
8RY6eYbX8vSWXOHqIBfdXtwpMng5c5Da28TpT4kqOXywTpFQ2Ku7034jwBZbwVAQ
wqvCSdOy/SrMT95wF5R2lv7dGKCvR4DaO5GIuYxHN/7o3Ehm3vmlXhDkFnWdz8DV
K8cBL+Y5aMYRaIWxuAbXD3y0v+bnMzqOO4XwVfo7yvuZ3wgjuI6sVpczI613c+FD
nRjizbXpU7hSfDnP0+3I/UcWb9Q7l+zkZGbfB3NcEOzgvhSL84AI9dzMH2GDdoqI
mcEfU2ljXlotkOqWfRRItDjOuOXHbvy6012kArnlY9QaoqaLNLWLB/QoerIB8h7S
XgFhIXJuz3zeWvjVZ4dCGx7lZtc1pvzvlWojokR66qU5oHRJ8hSTItof/KrOJdBe
u0M+fWCy/AN+3fWevbCl2RJuCS6033ZTpGVqShL3Zyd4wMgYVuRcg+s72gP5d9Y=
=FS4s
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.9.4

6
inventories/chaosknoten/host_vars/cloud.yaml
View file

@ -1,9 +1,11 @@
nextcloud__version: 31
nextcloud__postgres_version: 15.13
nextcloud__version: 30
nextcloud__postgres_version: 15.9
nextcloud__fqdn: cloud.hamburg.ccc.de
nextcloud__data_dir: /data/nextcloud
nextcloud__admin_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/admin', create=false, missing='error') }}"
nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}"
nextcloud__use_custom_new_user_skeleton: true
nextcloud__custom_new_user_skeleton_directory: "resources/chaosknoten/cloud/nextcloud/new_user_skeleton_directory/"
nextcloud__postgres_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/DB_PASSWORD', create=false, missing='error') }}"
nextcloud__proxy_protocol_reverse_proxy_ip: 172.31.17.140
nextcloud__certbot_acme_account_email_address: le-admin@hamburg.ccc.de

16
inventories/chaosknoten/host_vars/eh22-netbox.yaml Normal file
View file

@ -0,0 +1,16 @@
netbox__version: "v4.1.7"
netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}"
netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2') }}"
netbox__custom_pipeline_oidc_group_and_role_mapping: true
nginx__version_spec: ""
nginx__configurations:
- name: netbox.eh22.easterhegg.eu
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf') }}"
certbot__version_spec: ""
certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
certbot__certificate_domains:
- "netbox.eh22.easterhegg.eu"
certbot__new_cert_commands:
- "systemctl reload nginx.service"

211
inventories/chaosknoten/host_vars/grafana.sops.yaml
View file

@ -1,211 +0,0 @@
secret__grafana_keycloak_secret: ENC[AES256_GCM,data:85OEAwuWnYW4NgObAmYey+2kGRML2iH8FuDlIZsHyOQ=,iv:Akdk7Iopx6nIOAFXqa7ROnH25vhoe4uopzEcHjWKWo8=,tag:Lgm8H9fWA+/PCjp+SHoO7g==,type:str]
secret__grafana_gf_security_admin_password: ENC[AES256_GCM,data:Ct3YH/5FqUA+a7Z7YlpZ8aMvUM43blRG,iv:ePwTeX+7H9p0isvi6Bu0VG5egIOqTopmIiUhYoGCmR4=,tag:SLy3totIMtbED7XxmblasQ==,type:str]
secret__prometheus_pve_exporter_pve_password: ENC[AES256_GCM,data:dJanRGfkNwZw7oaxxwpjpbV7m3Zl/MzA91Y54WrLXxHWDRHBX5Fe1soWgysN3uI5s+rtIWWfpCux/rSggFh0gQ==,iv:6gFk3IHxGkWcoeZTpS+iReBR5uMModHp2qLZp7aG4Tk=,tag:V55iwRKmS50E2lNS7lmCoA==,type:str]
secret__alertmanager_telegram_bot_token: ENC[AES256_GCM,data:DhMeo4UHoYu17aVx2sRtQ2v2MFuwD/vHB0xsOf7QWio35ZAcwzGHab+VOzREbg==,iv:DhrCAfMoUt2Zk8imaVA8xC0UAJhXpyqNNwqP5th5ldA=,tag:BbCDqenw+yT4ADpIgZ5row==,type:str]
secret__loki_chaos: ENC[AES256_GCM,data:km9l2LYuyvitMQOSinAyUnnF2AePE3fcW1E1k5fF,iv:gu2FB+R3/UIsa8qivpQE6AVaOug7/Q4JO3S7nhubsww=,tag:4JaG9ZHPbyzFIdzCnYN+qQ==,type:str]
secret__loki_chaos_basic_auth: ENC[AES256_GCM,data:9HS1Jq1LqTmshFKdUDk96Y0apSC3xhSqOAWv3G1E3djDvl3QPA==,iv:oYgoIDqV3lGsHDfivgMRh7HQ0tFZhRO9OZSOuD8Yoxo=,tag:wkFgxC9EFbm/wHIHqELv0w==,type:str]
secret__metrics_chaos: ENC[AES256_GCM,data:GDLtKMuExpedDFWLew68JMbdaxy1aEep2j4/XkOD,iv:2sbdjEp1GY6rMq0BMw3Sfjyci3Zfm7fFkU8wUFy3IDQ=,tag:yEarnC4wJvFnB8i7tJ30kQ==,type:str]
secret__metrics_chaos_basic_auth: ENC[AES256_GCM,data:eT39ijCsheJZP3D335EIRdeVR4nSX7APw9e4iQ40NtXz8EEfGg==,iv:+OxDeTOF8PLxSFT5ZKkUwWYZfuBgv5YUJSGWsURL2kk=,tag:0nIroxvAjTG0vB/lwq09LA==,type:str]
secret__metrics_fux: ENC[AES256_GCM,data:aV6zeZ/XsVlA3QepSfVd/cOr+tqFVhlAxRO9SHx7,iv:fxo0o9amrh5ivPTxRVkvymB3fr5dLFVE7EqIpBlNZBk=,tag:41dm29mrV/jmqj5IkuNAaw==,type:str]
secret__metrics_fux_basic_auth: ENC[AES256_GCM,data:YL+QLzZyyObzDcz+FcefViMrvdkVSwRhDsBx/AwoDX3RLHCDjg==,iv:GADdMa7FHMM1FnyPp8DUHElpXsJeqD+gN5Slw0R9bgs=,tag:KGCoEud2JLU5s1gurrbywg==,type:str]
secret__ntfy_token: ENC[AES256_GCM,data:0tuPJVmxHcdDWOMIo0QQXgIEkJo+p9A5emH+kc+U5tw=,iv:NZcfiz3UFw2fMcMf+q1GRp4Fsxpxbptsx9n8wPR54z0=,tag:SJYFtXccCbPrXjECiKUOUA==,type:str]
secret__alert_manager_email_password: ENC[AES256_GCM,data:AsBzn9KJEoMjcrUWiIhR7I/1jaaFEa+cl3gImOQVKrg=,iv:mtQnZqT0taap3+z/L/nMfUvQF3JlTKIdoljmzVr1R3c=,tag:mZrCB597p8LyB61I7ZvHNA==,type:str]
sops:
lastmodified: "2025-06-10T19:17:41Z"
mac: ENC[AES256_GCM,data:8GGZFGSRXAaLoWUowbxd3RVv7NPMVsbkDttDxC1Aeuwjy6678ddioHTiOWn04noWSPXhVnnpaTHWNW9dT5EcbLHvTl9Vb/ydKq5EnjDi3vAI2hQZ5bJ29rwSIW2YBMwpceqh+2GqDuzebhOKxJ0ZFYsPzbfTGPt8blqOQ1abVR0=,iv:aDbIiH7H72jsBRe0rSDXHMQy6zc1QFrI6ZakJj8zxZ4=,tag:+ARO2ST+1I9gOB/f9V/OjQ==,type:str]
pgp:
- created_at: "2025-10-13T20:10:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtAQ/9EvoGHf93vGDL9jnSyPCy9J3cmSBCSHdb+Al2uCcMRJcy
acu2RkssYhPC8h7cL0NqV3MdSVEGbyu695yJjSpO8HeM552q9yCB2VItW1DsuzAL
k5GSoZTLLngQWsoApaVbhUP9/UsLSVTkdnGme7iQcB3zFut3Db4j2RSex0rTN7f+
JnhZ+77AYxlexvtBEYWvS8COcZ2qYjPW+IUulIjsvEEegrYNOgYRx4SKI1qIkISj
PRfQLMEMcGJvH2IeRQvpADy5v8KIl6jAakwH+C+XZAp/rnUlwRhJ/J7Eyx2JN0hY
fVqhpsw4bD/0QgbiVK/dH7pdPgr7BBNnPGG/+2qlSQfxnCVWbuiptZy4yhhLn/mV
S7+hOfymdl0XFn9bFhwctJd6b9Z2lNEB4VwXfOJwJeTKw7oPJwBhPg8LVfb5yEm4
/J7IRjqo3THZM2cNMbb+IvhXCD+5rFTO7ichtc1zm3RERygyuk2vh3BGypOqS3Rt
iUcS0WZz647hohCwiXEbHcb6TW6q7n485rwrPHFae/4dFdX9aNSDENO8hV1P1Lxv
0/FpCscH9OBYFXMIPdZvUmKf3FLcLND9iiC1aoh4PJdv7xbjf7TiJKVfG7yVMIbf
YSbmPllQiCty8vnl9BhycSLWYBd/nKywFFc74yS87Ip5jIf7dUPQ748te/15lijS
XgGgzs+7ZoAtUhcSmp+L03vKA3Lobh9fbnR72LLAA/FmCAUMKQTq12fPSZozCrPW
DfAmS5gtxCCchAsNmFs3C8GWUWzOW8N/KuZsmTLyygcXes3C5MeeoTp+OWtnv08=
=UY1h
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ/+PD5ybX+ImMBoEYImXYvqRDPE8GlJhX3MOwufMCWGJgX4
Y2ygtfSZbzeYadVDLz1CXHmjvcpG2T+xZ8rAI6C2S6X+MQefgiFG2al4/QM51qsX
PIUQa6Q4Nqko1cVPX0TJGTaGwS1Svj2GiJNdpm9Y8lLSj1mfSgHSB2DnGUDtmZsl
6y9mUN4cgYjNNnwUClvMApj/JZhZoU3mmCA4NN9emMG09AkK/fO/sygkZ4FyFpeD
oihvTw/0xPy9RnhZPFS9f0+4beiZszI1+8GRi/fBXDx2YsImeKSUhDEDipe0tYv2
24CqIa30LWyYt/hCzIFU9IOyRB/ZvOR7jB2815pk+MNZDcbaMta21HpvAls2InAH
LS3UF44Xx/8LPAHOkqE6Gmea+nQx5grgQw0sbxBprKtsq4YhZyZ131ID8J/AWyvM
xFnYzX092zceJfu4bS2TYdYMp9SV+7Uy9WYxKTUbyocgJMYVtCSC/kyBQfccT9Sf
McyjHaqVnDb5nUgumS6A96av9SMp+R4CcoL7k8u2sc4PzPwk4QD9nP9/Zd+0iGSR
AsnwJCKrEkEM7tjZgRYqT8jl1Nvkk99iKrq9bwKUaL+y1qTsecLn1egpuR/3qr42
+PsfcOx1z9Zexp8H7RpcAHbUmq68Y4CRsyPOn/tuXsHKNbQ2dJJ8ifRoAoVpHszS
XgEbvz2w6VoN+l911n0F5n7dBwsgUn0HNRJY90OwH2OI/tTNgeJEOVbNtfqzc/sy
fFPaQrgls5wtO1FZ9Gfh1G6XYfATXisvJAmnpC1EtK3h/EdCy9Z3TQJNx1owBsw=
=H9eT
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJARAAmldVuSQOWO3rkhOWNuVca1EGr0PKubWDQILdgEw4gAVO
EXaWLoiGOwEkQ+wzkjaL/w4vjMW0cMagQ+QgMHz33KNE+xPGC82ZqydCJVm0YBrg
6sqzCxrOga03QIk+T2gUOSkocQQ5WeLvFXaGNMYSNmTV6fvECg+uyqTE+h/AjeR5
1hJOh6WnSC2pw9ph0WUsNAOhMlC27XJ6Vz6pyB0AQmUcp84vCuaG6Lb78sz1gla1
pA9vJyIl/SPRR3++RTGI3mqWCEbCn0OQoZ3j+mIsjsVpbFE9JKML2MNx6iTikgiw
uO+kpWXc6j2j+EB09bChwMI1ZJdXgaXsPV6kV1sxj00q6r8mzsnbxjx95UeVKM0p
63N1Tfy6R2SAWcMcZvCKbNMwok9NiOPkZdHFuH55iwNw8T+SNvq5lV22nyIcbc3Z
+hzDB5aYz2FP+ENafkQGXSuLd5UTGy9+ZXehPi3qc50HvXE+PSCN65XFgxWp9QnP
kumpgtkkjgBe0ESvwKvBDPjmd5OxSj2UOxDZosXBKthw7ugv/uLFrPpjcEgyJhYO
tTJybMIULftgniQLDUs2F+ld8u5NaTyCA7ZZXay5EZBu55xTJ1bLLz2YXWH71DH2
spHf2TRGoW5eqPw8KE4Jq359Z0WUvKLfNNY704l0pgTDH1Mw2oqWDUTTe+UrPr7S
XgFCRUILWbQ53tzU9SRq5uAWEXxb6wBgYMAP+8K/OsOO8ttcmFbqSw9eLDRm9mh1
/F31OMNqS4ao9kicW/nOLKdNSeJ1AuMHA7kYCWksOuOmW3KO/imBOo3JLMFkHDg=
=xraW
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1ARAAo9HPxkonFM2NZ9XcVA6D1T5qnIEwGmC3F5z4qDNuOqs5
r4cv6iilp1ev3331I61Qp+58/WAElbWBixgiXUOHh8ES77MrFyexp6TxW3LBN3I/
RfNV//Ptz2hBLpt89mbSoe+BQOJU0utdO+IbgWsUSU+7/l5b7kOpPdNmFME0znc0
AGms5UblXYwUY1yL5ALFM93/OtJJoJf4vmBRTEhIXciaQipBMk7a6MH1QjZ9hywK
Oinoo+fmaXHGyaMxMvsnoohNMDluZqQoHgre3+dIyOM0Q1dTBb3zxzSFXJexB/fm
f/1cTpTg1Hh4aXg7Q8K/hHI6mkZLEjS80BE5Wjwme7nJDpmypN4iwM/GwDjjXGE7
9zk1nSrThskw8tdHUhzXjEP9wCj1YFddsAELZXFPwBJJrcxKnO6+NvDe4/npt43l
vD0BGxBDlDOufKIdQmuId3fxthPdI1QvlvnlGxq2b2F4l9t+ymlvB0hgmmsU3psE
I8JPZvz8jgx1SSbaOksIePZ5qUTXp/7WRbJrhx2axWj6qAIZhzVCL+5Szuy7TT2j
ZM2jHWXd3xRs5VAtvlDbY74JjOP0gv+ba85vFlYn2fcms1UFJF4DROLkS0qZYWaX
1l3vPRR/O1e/fTEShffHWAY3ld5sxLsa8OkK5Mxsz4Z8VX6tF55R7ri7xOvEPFXS
XgEK3/eF9JCPunybZ9qWTNtkGOa90SO5YSed3hgIQw8AGF4M0wMHoPMfzfX/e3WF
PvLce+GC+M4rygcfnQh7BuWYFijE2xLqQM06B8FtbQCit4yjmJnknfwoqp0QewE=
=qMHJ
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdADqEQ9hxSntxmo/7fb+J59O3w1NpozEHh9egR67lbHBsw
83EGLOW0JW6Cp+k73zoiipeoS2nogHhQxG09yVqgQERDbcu8C6JlgM4adZ4+f/Eb
0l4BxTXJpJf+saBXXWUWRaTDQZpi/QkojF2ZgJnaA73RMdufBmGDlvbydebQ3mVe
N1SOD+6ohNuRb2mT1NS4YzO2MHkYaNZG5L3sjhNhmSFxgd5mCiNQ6YsBElDTxk7B
=2cmG
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fARAAppTC3WqFUiZIq1mX7JP7+ddll8G1nFnbduXfBE9eAOJr
QRobQvwbl2krFAKlmzU1RKTLD8qObkHgzHy8d+Rk2kN00Bqk6hcQZCoeWyEy89nq
FV7pvd4OAFQacWaTWaHGzBq+Qrpg3X5Ywo+sFrgJ1FpJg/0YkBDcEp9WBQF+z3vW
hDzQCQCl9TzgTNMV9X5JkvbptxL+0mw4NiSZffGnrFOSGUnikS7bXGPU1atj+xfN
bwdGsRLwHf92Yo9QbjcM2lws830Caf9uqjLXsK5Xvtp7NuPB+Xmvc0Qx/9aUi2Y9
l/HgOtXaAgfTF+4DEJh7yn9/BAlDoqt7Hj9PWQlaAygnhEXFZ+1Qiui4qOuTx0k3
T11faYDyLjgKeBZQvDhi8ZJoICEZn7ysgr6LsBORPSDEoL17Z7s+7hpzEk+3bosA
fEYppu520zUHDGX0lzktK3yvfRzp/qlhf3aJev4Vgl92vQNKweN2KEgu4EutQc3c
/EhINqfk/ibF205dSWudapoQvBu9s1ldalTmiIB93WkPi4jxGKQNYaJZgLIhD66K
8mmMJ1CCHIo97bFTeltuDaUdP3Js5dKCeiVrTSLuFiX9Jet7ZjCY68kuPqlc461Y
osCN8xrripV+Vw0fBlg1AYq8G/Kffhlv5tnGT/2VEPGiUi6n8Q2eEAbrXu3sf6LS
XgFctsUqefLAUU6eDM4epYn2OkyRZhLX4S374g6oMEyL/OCcMSWsH9OeprwpgXGU
L/egGlhu8ZbmnRcDVAHcp6UulnIDGPVcUQO5jUNACcPIA6K6SMGF1rUz4eJeLj4=
=EMp9
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ/9FG+ZeWpP4WULWoCYTH86qEU8m9sp0JKwoKYdc0LRjNpi
nWr2aiWhhcru6U1yulOF7fVL+M44RbaV6uiPGayWPE1tkZYdIUnzlfKWNOz/ibsQ
euO9VhBicKl5x7eZaQkvrY9CchfqGPD0PQSbNBLFtPhI+sDWnb12sGfJpVejP1HN
ILBRcsAkSFP9d0k4Bba9sT/HIBloHOzB3wWGDM0mUiSdXCU8tx3DQXcHHg+jn4Bs
vCrKvtf9E4ivIPrnKdGeeqDuzvLjS8fvbRKZgHCjfjZaYHD/+ioo/GgVIXxsA4J8
O/6lau/+MHh4lkEKeWtVaEpXqgrDiOre9YhP9kiegKBtnrGoT5M9Uv12D37VFlww
eGFpVraCG2nbIeA8tKK9PMdKKF+0rGp2rTVecziq6xEs5DzUyYjU8hwxyQCcKZAz
D4JLV3On1GS740sCmos6HXjAIzqoXbaOxgR3rc6EUxy3MA2qwhAfoF4iSR/yCYT0
senokC+5D9bb/DTRGEfZ5G0KVK4WG6iNq0HOuoLafLvesK7ZRxNJ2xUFUqDMcXu/
o3ooIawICKaeiU6DTrx4apXLgr9uz6Fyq46G3vB/W46iUY6Q7+9g5fJurcgsBnKi
gHwe6e+TGS0v2T20j1oqkUIHXb7RJBG1hU5aLCdwMxfTKulpEDElb+xclLcol3fS
XgF/CiUR2MXnX3meLzUQk2TdBo4Flxjd/uQLlZIxkWifGi+BLbVtYSm/Ls8kcsho
61BvrEtRQGe9SflOQpkNE1Bkd7wpx/CHnJVL2BveHEXzihAbgCwhM+mJ4oQIGV8=
=79oA
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ/+LMa0/m6NvgFCnQfckQw7HT2aTuwq1Rfmn0sbqzre5PA9
IzY2v96pmutN53TcAdrlAWt1tAx2+OiAxEBbbes9kdiTCf4OUzsZfF1npnxnYztU
bXBaANw6heAvvPaWJhh/l14ccbVf8S7WT45P1HulRfQQBqKDp3WpwTR0MxGjy88p
cmYRWa6Zl0dvaEgEZ7Avwhvlbi/HNE2gEvPrFfxEsUrWfIKvGKDATPU8+vtxCmg8
x/X1k0YMR5pWUwwLQkGxTDkR0jQZTeGxHFb5u4mCRO+X/ofxG8YnLrI3Emw8NMpV
4enSDg9cIITQgxnnArC1mSkGhdTabC7EKPfUjWuDUJTvC4HD2GnrRUbOwC+Dhwup
cU8VdVxOauxe73fne/HqgTgUqiyiRqA8j2VCSyHJs07SSQUS9mfDH4pcXxH26t6q
505S7wljxaVJaxysiojcPvJjY98jRT31UibZzK2XgjvzjepjBf+brrkdpotV70on
3TNaT0ILhTj62s3RTlF63YIHkb5tRLndaIImwBFMs3Wg5CaOJuf7oKdAPj8QHy0d
vgWaZcPCmzMPFaq3N23D3xEjJyKYXp0vkDAyNN26auzg1OF4XX/k3ZF+IbXX35R1
sg9xLGA1PAS1Ug2icnXDR9LGWfKwGB5KBFFtob62ZFxC6vRvM1FQOkYp690ewWXS
XgFHK1Tm2RQd9cN4OSn/NedFGVpWB8IjTp2015OiAcwkEQzbey9nmB2Pf17/6bT+
SVNSrvAWfMljmpCj7vxOPgJt44GPCTNgRtEIFuOxGtaYU7KDybOrbbuRIKpnFsc=
=ylUj
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAs4mO7jTUP5LsFO0HMlubU53pFFq3jDR7SnhK32frfXIw
m39xWAYu686yBAWKFVebPRh79nhbEzrBwBOXt3JasGPQULU6QcMmSd8NiAi2MPFb
0l4BySUuU6pOfYtts1VsCYaR4sa6ChJVBywiXO4TSu6wtQ6Hc8SmQKOPNYrytqae
bGFLBZBnBrGXSEYrkYBpDewta3AU1JL3Q+L2x1OOA+jZfrQxlJ08TQs5B2IDizOB
=GTv5
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAlnwr4TqIpDBMWOtPYJVUcz/JGHSStXyYqM/YbNRd1zkw
JD9NlCdchX7vKLfo3sgYIh0PhBZ05KuxJQdpKEZi+DmSdDvdE91mKx8kICnMxML4
0lgBv1+hkZn0rvxHq28bIKrv6Z6y91ilYos6f0elChyZi9Ah2qhZgoxo6lKr9r3s
mTdMipim/zck5HDfD4Zc2AJP5OlelhozESXRH9aNti02Sxq+v+4GnyIs
=oMbe
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+ARAAv/E5FKelurIm3WmYknhsdVbxiUWHCWyYeDC159yS+o0T
c+zh44azcmX4gulynZg1LTRiyavc07HdV3cp1+ZbwVmmRnnT1OTNOU+C1RnDfZa9
s/fCmMzootQlfsBgD21lxmAIzLQGuWVgpSWNZuSHz0W9gNwjNpIbNMu8amS7naMt
k8LlRAQ56C0U9/SFYBUSL901hmO8Y+nlwWkjAc8KyyZoADfHPjm7TAbHpQLgpKiF
Ciouyts04WJzdEjIab3a6cBO6dSskDcxarnTyCI1e04wllXRMXwM5xA47IPMRruc
OK/GxG9YRxiWE5bEJnErdMx+uQapSWc/8f5KmWSUQeeBaXOKz3XMZnnSHyYaV6OU
oV+UdhWoMMXFYF5CV7mtOWmdmI2WMUMs4sDYwpOgp7LrhI/DA5QVoFz23K318PjR
8oj9joUOPcWN0ExvAd4bQvVXLzflF7RSx119ezNR5HAKChJRoiqI8hoT4fcCHxGC
LZQCWqW5pyi6MKg86TbO8Miy3YUcYzlQ6Uk72zkH3gCf6RLFcdR7YMbt86Kmpx0b
49qwRbaaWPOrKmeyHpZTnjRSKadk/pM+/T24Q/843mulr1zLiGU1eWdHFwx4+lAb
T2I0Rtl1J6Ny5Cms6HSdHYXaHN4dn13oM09EpdF2J481LyfIFAQyuDwNK/aw0x7S
XgGBZewEDElkJJhI+0OzAWJeV0RrCE1qehlzVwx4matuZTFjiZJFQhYYr/iwamng
AslyRgMOoDxYhLlGc/7TePi22RXVQOj4KEFZrU7NjEbheBi9wodVNNrB4k4je+E=
=XTdL
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.10.2

115
inventories/chaosknoten/host_vars/grafana.yaml
View file

@ -10,132 +10,17 @@ docker_compose__configuration_files:
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2') }}"
- name: prometheus_alerts.rules.yaml
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml') }}"
- name: prometheus_alerts-fux.rules.yaml
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml') }}"
- name: alertmanager_alert_templates.tmpl
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl') }}"
- name: loki.yaml
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/loki.yaml') }}"
- name: ntfy-alertmanager-ccchh-critical
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2') }}"
- name: ntfy-alertmanager-ccchh
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2') }}"
- name: ntfy-alertmanager-fux-critical
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2') }}"
- name: ntfy-alertmanager-fux
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2') }}"
certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains:
- "grafana.hamburg.ccc.de"
- "loki.hamburg.ccc.de"
- "metrics.hamburg.ccc.de"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
nginx__deploy_redirect_conf: false
nginx__deploy_htpasswds: true
nginx__htpasswds:
- name: loki
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/nginx/loki.htpasswd.j2') }}"
- name: metrics
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2') }}"
nginx__configurations:
- name: redirectv6
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/redirect.conf') }}"
- name: grafana.hamburg.ccc.de
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf') }}"
- name: loki.hamburg.ccc.de
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf') }}"
- name: metrics.hamburg.ccc.de
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf') }}"
alloy_config: |
prometheus.remote_write "default" {
endpoint {
url = "https://metrics.hamburg.ccc.de/api/v1/write"
basic_auth {
username = "chaos"
password = "{{ secret__metrics_chaos }}"
}
}
}
loki.write "default" {
endpoint {
url = "https://loki.hamburg.ccc.de/loki/api/v1/push"
basic_auth {
username = "chaos"
password = "{{ secret__loki_chaos }}"
}
}
}
loki.relabel "journal" {
forward_to = []
rule {
source_labels = ["__journal__systemd_unit"]
target_label = "systemd_unit"
}
rule {
source_labels = ["__journal__hostname"]
target_label = "instance"
}
rule {
source_labels = ["__journal__transport"]
target_label = "systemd_transport"
}
rule {
source_labels = ["__journal_syslog_identifier"]
target_label = "syslog_identifier"
}
rule {
source_labels = ["__journal_priority_keyword"]
target_label = "level"
}
rule {
source_labels = ["__journal__hostname"]
target_label = "host"
regex = "([^:]+)"
replacement = "${1}.hamburg.ccc.de"
action = "replace"
}
}
loki.source.journal "read_journal" {
forward_to = [loki.write.default.receiver]
relabel_rules = loki.relabel.journal.rules
format_as_json = true
labels = {component = "loki.source.journal", org = "ccchh"}
}
logging {
level = "info"
}
prometheus.exporter.unix "local_system" {
enable_collectors = ["systemd"]
}
prometheus.relabel "default" {
forward_to = [prometheus.remote_write.default.receiver]
rule {
target_label = "org"
replacement = "ccchh"
}
rule {
source_labels = ["instance"]
target_label = "host"
regex = "([^:]+)"
replacement = "${1}.hamburg.ccc.de"
action = "replace"
}
}
prometheus.scrape "scrape_metrics" {
targets = prometheus.exporter.unix.local_system.targets
forward_to = [prometheus.relabel.default.receiver]
}

205
inventories/chaosknoten/host_vars/keycloak.sops.yaml
View file

@ -1,205 +0,0 @@
secret__keycloak_admin_password: ENC[AES256_GCM,data:U6vt0UHHgz85sO+X1YucL9CIr00LtTaeyGUFZ4bVFarsg7y6gTtb+fCuYKCgsJmNDP9jek8Ny+A5WPkMkWR/pA==,iv:qq2H9nF6/1pUBhJG8dFmfRdxk9HSaIOoTdu3uu5xJDw=,tag:rpEuf7JSQ0092R1aPOojKw==,type:str]
secret__keycloak_db_password: ENC[AES256_GCM,data:IDmQUjQh/QB1xdkwPKqv3ZAwdfy/lkSEdAJuF5MSPCNKfuANRmN+4rH570E3/ZApAJpLAkefh3pufiVbNF8Ssw==,iv:W3roegZU2KfeBDBBImQCCa6VqX+nUk2oh6jMhzbGcVM=,tag:0Qzu8gv5ThtAss4xJ4vf4A==,type:str]
secret__idinvite_token_secret: ENC[AES256_GCM,data:FC9LqUf6wDijaH6JIde9u1Lc4qcqi/XZwQ==,iv:fSgbI4CXMeCKWSyVYyYT+3Af+OdhZ0wsFwNpZf3CA6s=,tag:tGe+xWyBH2VJr3yc3Vh0qw==,type:str]
secret__idinvite_client_secret: ENC[AES256_GCM,data:ImweU1aPI0G9Lf5+TXvVmZwGhoigSJoHMLCuq6MxxP0=,iv:GSGqpMVHq31U+IYtnHnu9RuMt985y2N1PRvrlWFicg4=,tag:NKuqLcb3xPzna6t2VVuIog==,type:str]
secret__idinvite_admin_password: ENC[AES256_GCM,data:fVb+vCHzPLvsQ44wWxfAwx5vRpoycJxBLA==,iv:Co53uRh5fG4pEVxnC6uWaXRrCLGH2Celg/XC+idiWSY=,tag:AWUn99jtuJCqXww/2dSS8g==,type:str]
secret__id_no_reply_smtp: ENC[AES256_GCM,data:Sqc/UkQq/2F78G8LP92YrA==,iv:ObEdXhzHp5aDCWq3r7aUBhOEJ1sJ6lYiYC0pmWmwML8=,tag:1rtneYPlKS+uDzFWev6A4g==,type:str]
sops:
lastmodified: "2025-05-04T14:21:10Z"
mac: ENC[AES256_GCM,data:EgeLza2JhJZmuNase/63KyoVwR33eFRqxHqSSaJDlr8YHQ0Vx6OTGQJTUGzgdQiC5y/AE24Mesbg1iT1+qufeOwv4V9spW3F0Ci3GOBcKrqBZxnnuHNn6tiRe3R0eeu6PLRcat/HSWY4NFz3RvUposC5YaATP78JXgDuJg/wRoM=,iv:FnxDapA+BUfSMVBrTYb9mcSYz5cZ5Qof/PZo44UTXrA=,tag:2FH63YT8Z54G/o/n8s57yA==,type:str]
pgp:
- created_at: "2025-10-13T20:10:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtAQ/9F+8yUqNVGb0IZSig9Vzwgk47vXOGpJ3A30JpHpJGXrpn
8dzPP+pCnCBpdfCep7LapfOUBJz0NY6J2QFe7R/R5h8shlirsO041i9gxqyXiIkR
bqpD5+mGs8hmwiflPK5dVVG5eoDBorGPm98G+M1P0k7mBVwgzaTgjm3OjGeCt1ox
v60zbnslzbQkX/pnKxKGrN7VKt0rxOv1LrQRFwC3y0ReZxu1c7/MHCkH4fdeD5SA
xh1GucV/IHiq7XsAbIaD7wuS8GfuJlXblrstKiJJIUOnrwIDH09bAogk+pahYT7h
zbczVhNjedd2fokX0UYtmpzorkSAgWFX7nSMZTgOtstW+nUNGSxePcif6KwPLwr3
I9jnBxui/UF56u7+IkfbQ8jlKLf/nw14g8PzhR5OW0mj/dbJGXcOmqvtkd8Nr0I+
yYLrkjrjbJq2UC8IjzmBT2/zPc8Vs+Y1LKVHCHAji9FiXCEjrQSl9L/svRRxcU/n
bh5kwRC4k4cJ20B3ALYlUspAOake7oYKEmD+sa9IRi4H47ocU4PASnMWmA0AakRS
rIn5/RgNaRMkZBQqUgagPkwGf5IqKpa2BrzY3dAGm6NGQrLDYRbO5BjFIOqfXhpE
BPguAikJb43FX1FLQkgQo6rmDtzrgUVL5zETVvjbHJdPq+KIa5yPQNacaaUzoe/S
XgHRkq4ZylSE5fA4R/aQkEV6ASkBm9Z0O8ggcbxIdr/sBy2U+fKTA1ixnVGjh08s
OafN9s42/Ex4XN2dnQVQRrI49PU6okWEX8Lhc49fi0g6pJGAxyDiD5wafvVJNG8=
=mSqm
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ//fWg3KSKdi5HPiBed+BuYyyYYMNMnzlQdUSye4XgSUBZG
bsjAMgUrBZ6hICfjKxcKMwF7BTYVv8GwOTvqQ/rNJ/URAwRsiOZ0M9LuP/zoOzW/
8asV7p145qfRoS6jf+O8a3iD1bwGWwrbd93MR3yFONRfTDF+YksMwK5yBOYruodg
G3NTeKcYVgd3TA22wXer2U81VUdvxnyWYL+5/vczuCnGC1hBGf2Q9DfKtC0KAwxB
DBKuYG4Gzx7yjN81tEk4AoAegN2nptUyKEYzGQrSfINtru0EurGqxCeCBS8MU5Kd
hstcGcTZdtSjBMojCrq1pqhJYgzTEgbcbdPZf5hiczJU7rYnz6SfzmGrIcgJuS0+
d/F1Ig7Yux6Wkf0UthMTw1eu1WDQc9DnozzAfhDBU1+V5P6sDmgQVmTJguk6qAry
ii2fTIDuWRtfcsehFMi7SA5SdzXqupCkrbfmmpSXjSGUjZoHAsHySnCecayDMNhI
+p9Me2xBOxaPPqWIu8tNHMkBaJKCAi1b241lN02K47y7HFk/zkatvs4173Ww+zQS
rzgsKjDu0dQ/Rpn2nAHZ8O7Z8gw9vnpc4oWR6bbIXj4AU507nSnRnnzTC8IdCK6Z
W+eHT4/cZ2bvCluaP9Rj0MkBBj4mThAbOVqNNVMijQG7Wt5N7+X9bcrs2mLLO8PS
XgE9sqigZVvVh6KCDxFgTzSh6aHH6hjBF3D/ThjJnNmYYF58Q7LgsLyQtcr40g3u
nb7BYVggETiQ3x7P/ZOfhrtuAoh67lfOI3T5wDt9+WcdcpXuD6+iuPspAiXoeGc=
=Wrky
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJARAAmqWDD5gRqXIdYmUS3Nv2PQJf6g7gN+P7AFay2YQmDrxE
K3Lef6fbA/wuHieq374guin/BhGvr47OC+yZh/R2UC3V1+tNfIe99uFr/T/fOyNz
/FQSORhkoghhR75iggh4T2F3KvlopFOQLqW1Zb3Qwf7e9xwsCvl0MVhOtJyeA4yC
KU6ros1fvDkrLo6N7DWdKGP9GpZwk2twWKAnnnm+gbZMFAKMOBavcJeoYe+hcVSg
vs7SO0aU0YtHZ/O+js0DpIv07WznogCUm3GRS7RpOfV7jswsZYIVQD5vOcPPn56z
2oiPUnJsdM6RwxjXM7mbpxb6ttAqNP9pnbD4QcTTZTWDb/ylJVu9TDrg+dtTrGW2
eqajsRXogpvS3wcDMVityT81NxvBHzhY4ymIKiCPaD7ANk4TFi6fDv7Qc7S8Z9eh
qOWHFSsj2LSzsZZ6FF65kg+kAIpzClkSHjL8rNETQ+UKySNKvNjivOfCm7cgDwfX
Ezeggm+kHTDaFnWjOnk53uoPhCEY3X7J+95lZHQabLMDumXUzabVXBZaTPGGZytk
dr7oyHTPWUa4qOOEnBlwnee0pEAw620bJbkzOQsUPfT5KCRq4vxLWniIy4M1g0/E
NA2JmvOIF1QgbEwLVkSLsGmoUoP+WbFgdKmSKkRIiKEEyUuEhlkG/1eQu9W6cE3S
XgF83WWU8iR4wvXUz0CeGytv6MoF2r03BQE1lU6WpTFN4+7d6Xy+lZhRcoLIQfpb
6qNuHPwA5hWyRiV/j7Mard1pcfVEllZj2qd0JsSK5otTKN9xTQN2J9jDZKfJXtQ=
=szy1
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ/9GRDvEs6I4NwkGon7+N4kbi3l4qFxkRCrqN/EWANwI9EY
af6kNt3Px2+30Y8UsnZjHFmW4S2u6YrpEANuD8pWszLbSuvCY5JINBdFmfu9T/n0
LS22NK7hsMyW20Unj1Yl2DKQyTBvLsB/m129bx/RwuxLv8Zv+WGHUu/amF68+/Tb
SuLLYfjsDYeyLVOVJVOPAcrXBQykf2dCgQwhBFpgmPkZzX5SPwfGEYY+Lm4f+aiD
kobyhGmKCSYY4N2UzSNRvJpoiROjVfgm1ujtRctbw+8VdwKzIwiaA+ex1a/oxEcn
PQPq1lzM/CpPCFxk4niNG9fG+NhFsSfxbo5K5squcLiYUsev5a3dhXUHt8OEFTzB
Q/hlhw9V/aTzy7ILxEHndSKznjauknnshG14mvzv2CdJBFURE8KFL111meijDk2y
M0b2pTO2ggu1GgZsY09mRZCYn4L+HTMq9eKT3LenqL6G/vgWrsnTZbZXuTmvNmWh
jTkq5tCtUodwKY/vB6JCdk8HL4lzVsLExCViBeqZifUyrDAfaijJ5asNnyg+kRw7
owm0H+LikhWiucQiI3wDFDaGCXLAfZC4k/Wpc5wOC4T0tCmHbv0yAwvoG48SG1eV
M3VnbemkFwfjTYnOoRU0+JCvwWTqR8ICRWuEnMu/4aRkMGTli7qbJ8hodbzaZT/S
XgHSasMVkmmD2DDOumcPj7FamYRyRMqEjKsvDki/EeHUvpOgyMhVQ/pRLl0v2fsg
uIjAzSJgUsaGkSM9s18AArSDRUX+ueByp0p7jyOQeqY67p9ELRt4REk5M89DLks=
=Ngwt
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdAtDsOQOeWE70hZw+0Du7uqAF+OHFLHDLZAuZrmr5ggSIw
p8mUVqd5eqS69gKLgJQ80vPYD1laU8MAhdS8DzAqTsER/EKZtSMX4ANiruNve278
0l4ByfC7bS5/1DLWqYTQ0M3bsw7X5H1qR0hFJm14XjjgbBuObzz1V7IOO97ZAPZZ
XT27F+lSE8pX99AkkjPtgYq0refbw6A/BIQXH6f8fPqgZh/OYAAIj6ynQf59pGgu
=HKjV
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fAQ/+JLkWIztQmdTjmgpuXU+hJe6IEMzJXjdhGJWBGX1t/MKt
oi2/Tk2HmEXdemtNdKpiphFHZfsfeqnQb0gzJUucTFPDScw+3D31xUX1ygczmxiM
M/WyNsyUJFsQ/J5RnDyJvYvFXqEAboF/frk25c8gBoe5HLmfhi5YWje8n0oG1nZ/
x2mAhuYYen7r5AT03ZaS7Ke2WPcKzfhs5uXx1gc1jm7SnTR+MKrf9S3pzH3rapPw
UoJNHW6nkg0FOOOg7aczJbt17r3luup5pYzu2RoBlx18JzS6uCnen3yEjwuqKW+N
jEDaMpD1HyPKYD7Af2yfUDtyGcB9TOdrLKbERoPU4ytL6megzopeIGdpP9cnY3Ak
HF/94x4If/Q/zxbXZJGoFmbC0xzEwNdtD/sqw+oLTaApYYp0gJigkSbhj/5xzDZf
duRIzkLvfbzrDRf7Y10OJuKblRmF9dDwn13SxpGA+/zgS+817wkkCKs58sNx5DPh
zVjfnlMiKkzPRGQt43lbOUYbP5eD6nLqO3+P1YPE7TH60umkFYv6X35Z7nnHv+lm
oseNCseb4xV8a9+QOwaTvlbQ3OblCYDyEm5RDmqc6fiMy1L1kq3DYDEsCToFAGWF
JJ27BsfU9NTcUo4+rruIkb1NSHpkhbl2EYCzneKdKcQVLzrimwtWTrDtvahfT3nS
XgFxSYX3q73DESUyay/AXzpOmebLXNPSLcB8ay0+yDcELs4E/JXQwCPn24egh9oj
3pmTa5DWMBFF6/hWEWjjPFYkQmBdIO/SsBPvrYjJVUJQzmbmsjOf6mKCQyr83+Y=
=cA2w
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ/6A0DvwSv1bLOcctpoPdHFtYADLNWtXMbFKakmaUuSoAxX
1Fr4BLOPJ9QvUoHoEfEDhtL6CJ1p5BLB0Isrnm9gvoNM0PfOlHSl7nbFZ1nngZL1
y5c7hnI9GY2ZzBT638pba+G7CUPSalfyFG/OZRCeSf4Rdek52uNMiI99XKqPTefN
Pm0hVsNY0DN5iyRUDka8eswRCQ4pwxZuxrGRPuNAnPMnZkj668H5wqgi76YceISl
53HMD+MQmYtdePupcFhqOvCd8sumpD3xkhzrcpqqyRVSQM48Z9kBVsqdljZN5G9Z
7VxabSfyZTG7igliAqvSJUk0Eei6OXjrqRMKT4JTHRVMteeI0pmmNPLiWm7YaSOP
ZfsSNHfX/JR6PuAR936HazDJuS8xZWS3vT6uSksQmvkO6NzMhsUTv55z24ZQUO4X
PBBo8jbjgu0ty0HdPVnvhGNtqSzDhgNqSBM4j7HerdRz1w/yUvwN37UKlz4tbnON
oQr++nnK+M+u0JKrx+GUobbu7cGsqVsWGq4ZgkOrYYn/bTJvUUEvVgae5bGUdKnz
CMOgJIn6PrsWN7SvcBUl9A02P8NrVRIur2sd/8rrWnan1k112HCnjMNtFhENIfX5
vSeC8H+CSP7oUL5yWP2nymo4E9bCD6aVDG502umtAdsjmOJdTwWOE+pa6XMXs+3S
XgHEGvwU3oommS9JvbLirC1ght4tyoTsEKR87aljqt8YxDdx3uzln/0zGmQOV5Wl
RlUj6IvdcpOg4EEIV5j9lk1LThud5LzLOf7y5YMDWa6weokxPFyalBNBFCw8kmM=
=LLyl
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ//TIT5XZeSOpfXWv+C+9n/GnVRFI80u1AsaUb7u1ykzXeD
9Ca6o5g+MDXP1KfuaS0783vpN+DgxGbKl+yPTJ9y0gfTYXu+gppyNVJD5mGBMpMq
BS6ueX64mQ3wVcpoM/TjRZhQ8ZfUkAh5QPBoGMpQZwqVMgurojt1Xb6VmdVHmaUj
qJis6dzoO6vLwbBfjqmCyHN734UboWNZhmhq3Fz8G4U+3hoaLdhVZfj2hJQRQ7kl
HVul5ZT1dmYP9ZzSCU9Tmz/ucjJsAO27vtXGCpBRLz8XYj5+ZEw2fDhzuHESGumj
hZFgC/nJl8t4h7U4EHgysVOCVPWKFda/sfbNsArrAqBGq86Gens/UbS9upU1maVz
qits/r0srrfI5kdK91gXgaYWOgjlfgZ0sahEHAofKlpcZ/eNCtPRZ6U9IBFJ+PFW
fz0cceMw0JbuAR9ArxcR2ylTJOtMRAGKHvNFwxShaYegcMktI0KtMqZYO9yvms8x
lmKwkB5swaAQhaIMm4/9XwQWE/talLTqFs0DePwUHekhgNZDSbyi/C8DP6BLnelj
1kSDa4HT8P0oXQ0Wom+1zIq8rZOs4418fri2X4YrexeKWDEc/rnXNoNacoL/NxKU
3hOrhfYz0hgQraC8+v64pe/W3P4sySKXPh0pm759PQtyBMP+FbsLg5BBaLGeYCXS
XgG5u2M/sOoH2/2QkZjbzR29hZxTzOXEcLeJOPyhakNXQejrahM29QQWgtrA2768
5wFXbVKi82VJ8xeuCcU8PllgOY3Yyb2qehBM2cBFMcsmYk8D7iEzyc2GUtVqgK0=
=GI1c
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAjxxja4+aqH9LtBaFsqIC7xU/AWLx11pQeAfKeFtg/1cw
BcwQZcjlmEPpO3KVvQJ9pF+SDB4mj7+MlzZZe332CRSDIRS+JruUB1fY3kzw2wrh
0l4BRIjIuU6eveaH5r3EoAieCO8Fie/v90HBnhqj5EHk9sb9RIrsQtcB1j0ISWx+
N2vhfLt41VjDf0EA77XPWWA73ULadGjtaf5fY2T/CYdpZn+dXlp1LJ0rJsM8Yd/P
=p8Kw
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAUUdcZJnQn1EcfuAqp9BafmuUbOSq+Ppj51XcQnw/NB8w
XajucpNlzRvDLqnOh0XyaHU2Tqe5DWMD7db0xzd9uax/PElp6u7yvgESdV3ZQCJy
0lgBtwU0dvgD901znlFhmNFwDjS5ViWqtDgDhJ2gRZD5ICJyiClB8T8DZgln5lun
ETJp5OM+J38e7lGI1xWPDDzsI20/Ee2ELDytHlg4bPqdInkNoZ+vkQGl
=F0pd
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:52Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+ARAAuWO/F0/utrDSBlt/zIz5EeQ+AD/t2LNIJXDemlwQBYW8
6c098Sb8rgi4wY07ZVdxCukv5ApcGqf1o++akMHyfd1z756HVjPTVmBGPPP1yPFF
6iPKkNwfDJVD3oHLqq3rczwYQbVUR1ri+CibuHfhdvMXI05MqL7VUNlhbt9R6IqY
vZk+3X0ikllZf8AuSfWXXzRkuAkpg2fWF//trWkaKlZbl6reVZuHTGIWgtjk+VEP
t1tV+0tYdP73dG/2u6/8EJQ+iZ3LrRJn+/1ALEOD6eFhHZS7Dzgz/I14qxyX/5Fn
imxH3gV3BaNxPMUFw0D6V3jzfJB00wcuXQkm72Ef2mtemjhZudiOd5U2buIgtb/h
wqySS1XNxT1IWikOdz3OVpmGW0kD82ResYO31qh43xsO35ZjCSzLjbkzXqeqImsn
Qj2+xtbtc4Tu5u1r7CSeZzGdk0ZrneUuztSu2dBnEFukYmmHq78sj84GBBbpvkNG
TWLnFB+VQO4o1EaNR5GrIlBo3zBMaftJj8EEGcoAuIgjc/b6iWrOlL5aQcEteqKP
GPCEmtZN5ET9tW8qg6G8ue6W4+KVmG6V4WYh7ftN/YhqO35dXeviRLKst0Z0Rh5r
7UqaY4NYS7CmCDi09+b19C2X9R/Y8Z6dEex6gSzG4Ze2+NgpvdS0zPhNb1FTJJPS
XgFc77guJSHqZ40hrh6NLafevW74kzGJSsyMm7U98gyVzt3daRK0Kb6OkAfDDnbE
kVTVeunEDWDxLQUFldVZwjzruIGi7nkqQMDh1RfGqdN6XIBbL0kAdJBfwIfqv2I=
=U36g
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.9.4

213
inventories/chaosknoten/host_vars/netbox.sops.yaml
View file

@ -1,213 +0,0 @@
netbox__db_password: ENC[AES256_GCM,data:4k0wmOe1c5AE298Juw5HMm5dttTKB1WsVxha4MwaIILpyIbJO0CfmzjYflfBTFPPGgVeuYdCobzchzqkP+8eAQ==,iv:25Cj2BLGJK9tMDr42AqV1IzJc5zG2dk1YH5vC0b1T3M=,tag:knyB+nALZwME8y7CAQ4BCg==,type:str]
secret__netbox_secret_key: ENC[AES256_GCM,data:zPzoFK5Sx7gJ31/Apwex9ffFU/GY+HxIfwrItCW68MM4kVvS33e+LY4cI0vbPYEUF10=,iv:SjpKxyxSAVo+p9vvE/YAQFCzAEudcZ1lwnJ6scxeQD4=,tag:oA+lBep610IfelGwdTohvw==,type:str]
secret__netbox_social_auth_keycloak_secret: ENC[AES256_GCM,data:HP753hmQ7ssbYSQRH0zcRC0vRN5bKptvMXo9jjzcuk4=,iv:GQUoojXLAJxqdB92kKLhavDaka0Rkkg2uocBLshdvTk=,tag:LVnL/JHMsAd5UmmpnUv7og==,type:str]
ansible_pull__age_private_key: ENC[AES256_GCM,data:KgD61z3hYRPSoCXmJgOMmHFqXtqoKHRPUT/+ayEImPsbpk+6B1hVscQbmsKJFWNsyQlCAV2MqYlIrP68pP9ckfURIaN8g5n9X+Y=,iv:eTjmF0e4/5NSnORZVtZKTaL4r1RBg1ZbHZueOrnMVlY=,tag:v1ndJchirNLPvg8mWA1otA==,type:str]
sops:
age:
- recipient: age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZUUrOW9jUXZDUE5oUk1o
ZWxNdkVwZDJVVlEwSGUvaFJxdlFEUFpIODNnCkxtaHhHby9CUGVzMC9LUjZySlUv
RjdveHNHWmFvelcvbmlCQUlyQWZ1QkkKLS0tIC9NbEE0L0lWcDJzR0o3UUgzR0JS
eGthSkl1OWwwTjFiVFlCUnNkTDRYMUUKYfdYzrGyBzlm86EUHyN14cgIPgomgzG2
Zt8nCvmd7/0wxHJ1WhrDWkQvx2ZXC6BeD9oShCVe5RcHqbFQumn5+g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-21T18:08:40Z"
mac: ENC[AES256_GCM,data:SvTSvRYd7ljYpQb72yRkQ+fDrDWRMQzFwTrI4RuLglBCzKNxu1g2JFAVFUSNRybWASCYhg0FqtHoC31HRHbs24g43fRFrXrvBB3sCwQ503y7A78/UfX55Bz3VBqYVJfh9w/Fm23Tak0ki1CQoAl53lz88eUHjCJjeyKtY81/PnI=,iv:y4C3RMWPsnTTgkscvfqVEzcgAg6L0QaKinzcBFLOfSg=,tag:kIcvmJXSNhpQDUHy+ZpPyQ==,type:str]
pgp:
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtAQ//RZgO+bBNMO0ZfNf4hzPSoZrjGEWaw6eg7/60QSltdMYt
pQuuecBYba1YsCWKOWQd95vFBGfZ04EBaEJuJhBKrwxxGl5Vurr2LJeTpfqpAR36
rXwELGqVHr0HXyBwPzOPOzM21NlXnNMPrboVJR9+DryT0Jw1BbLXqs8PwO/vWH+G
p8cqRvAnPglQXV70tQHCZSN6rDV0pLZiKnW1PPE8goSVkwInuAsZE5Nw1+fX4HBF
1j2gFxS9t8vFaz1nFTIZpI7ixvAvUiKtnTwforiNEuF3X7lAkyyHtmbxAYFB1OVB
ieC7X8OCZFYYSjMPxerHGiyiJ7GPO6rTMrcqOixeB5m4x+z63w9Ev3aLuWxcPKFX
tPNZ5t4lBO881KsPIm34cxKzUa11NKD+c4PQyMwXvZ55XeUq7SdO6wKTdGyCdjq8
s7WegSpieAVtdlLrJIv9FENE4aFuBhQDXKaZtA8+WTC+DhcQZeras+WApcWa/ugU
iUsHE446qlHs+yn5t5ygAGNX7u0j/kZggRnF87BKBsPVTmaClcC/tQM2su5W8Xuh
ohlFAlgwdlPP2A4RBZXOAdAH3HJMHqxL3ZZvop6QAf6mRv5aioMdFttFFJY4V/SP
cgCxsXcsz8JZtNU1GB0MqeMY7NQnWkxVafJMF6Qg750Gdd7TpjLfm+7PMSOpwdDS
XgGxU8tDEkaZWE6IeUEwbXrGwdHQYutZuQpDmuld9kepTNbSdo36SYEgp8QGv1tK
cN7UxJhSNj72pyBvXU8apmjurajdGLCs5TM9qpCPcZJIRku14CCEedM9bNXCkQA=
=KfmX
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ/9F6hLD/F/9/gSWxWqQm7yxPrQBFNkfs8Z5IsUE9YyJy7x
1Qqn2WjvjdMvzQRoNI9eqX5lXFOArXprIcV5i+DYNo/pkXXKHrEQgHtMamBsyTho
2jSYC7RKns9P6pT3PJsSn11K/uzhmtAO4zrHJXvo83g5I3KPA7VmTIqAMUywebvB
et8jrRlxSj0eITZzCLGF8GcI2GQozLxsxbnBkMtzaEBAU5id1URlPL0ozJd4bcj0
bKfKeT9ufcfq+9BEK+Y1n3amUK/ioSWrOzvLBVOba2MXC5VM1/u11DXjX3fymssM
IpEBdsFsQk5YwbyfdTw10LM/LavS7SqwM0/b1UzRgifDs5EZUEVHsK3uUgrNErcv
XGrSQUfq0zwvmGIOHANBwBDZ6tZx1AuOzpWQXTDME683F2HcauqDM1X4Rbp9QBZ8
sFyJflTxbuJrR1OKE7Ro9SzsVhOj6Jdh5LnPJoUY209/Kspm2+6DKq4Y+y1Ibaq4
VMviDt4WRF4yykjP3HvzW1hFpjbjjQpoevZHxWlD0VIssq/lX5YlPSrz8NmCeTPQ
UUi3zQrmbyp3bS9yX4rHKMxxfkqFrzLplQbyVmZ+Q2phCTT1UcR/pdaZhAu1QVOR
ueZNMba6YIi5mQhAklL7PfZmBTbmV1lsHbI1ZpHzqLxDRcWCirnOGf2PUj33JXTS
XgGO0fiU6lVXiTXCvwaX2WV0aP6expw3cKQDVK4RSc3ngtrT6j44mxM+odkjY4bx
/YZyNmaQcWIWod/p1sQTZ64ZtN2cOYn+jEwYSUjOgixMBSrAwym+JozjFhrs3WI=
=5XOk
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJAQ//SucuDD2gHz2PWvMZ8dT2Iid8442i99ZF8Ud3Us4z207z
BpZmo7bLiqqUs9OvMKszSijPpIRavpPcrpy2utuTLl0MiTITBkwRm7a/d1p6GBiz
jDoqMuXpYtWlcELBUNlJncjd9FG2r9q7nOf8cQNkMJnKklkqr8Bb7vpkiHI5OihC
DiOIdA3nz+0wapjoxxyM8Pdr6AUzUEuU9kz4Q3TYlDtbRo7HRViUj4V6bADQJsbn
71qzQ2C6eqmEHrkj6B1MTjjqf7XXYBx8vbdopoB+tqYc4EqJ2Hzd6fUbyNo1Cnpi
ndXds30JayJkRy3h/qw+so9Zmoqq8vS7X5ZAVD0lHT0UDVTLMwA7JVlzOZ1UOQo2
hW80AhwJIXkC5EMG/uF9HWlLTxM73CbGrFC5gk1YNKto5/waZ72QbsHAUqagCcPe
Z9BwlCISDz72QANuLGkpcoznBRMw52Xa+R+uoPDv9f+UjOZyQxMkH+uaxutKnfuO
HpYRf0FGSqpDs1Bz+G6obPZ2vQhkjK3C24BivJvVm5fyLv6GYZtQZr2JpgkjU7h5
lzDXJ1wB7UueY8YjqB04FWSfaWW4S31PpWGdBIEN57sHbhlsxj3DpOZimjyjvJ8Y
uavqVNJpaZWAQQAJkL9SF3rFBGdawuslPc7RsjRQ5sWxm1+HJiuAsAnLCsiFcjbS
XgH6bvd6helroHo/RLMsgtilpkWmJUfMC7uoiHplkwY1GQdV0MwCuGTpiccE+FVt
xwPrZyfeY2LITjRZa0oo6un+42ZNvVeJauEOR8VFv+G4R3gT32KuYbUtU2sUCho=
=X11W
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ//foFjUY/5G1Pxh1JnzfChYC1QsJYNWNWz6kANfXFcxQ8i
nMFfPBePJoxD9g+A5y0Q5r5ypTmhNIzSdJAeRFGl2I9Vv4eDLnzjnCn2NxMZbS7h
CcNx5bZeX679gi88I4xb2jdlAGr0UyirVvgCX6LkmbOuMXfftuPIqxJQFg3CKz/h
Msoeex2XDNyW4pwf3/mbhLyd4f7kVBNYQTMKlTiz9OSUVnmuwXOVidNGB+PI6zvB
IdGjZSZCu6NtTzFsx5lqCkRs9LQtSW3QZYqlMVt+hq8cd3DRKpzGO51ZNr+pgyga
vtLiO5Rj3198FB/qC1+vn/fromqryBU7EJ/Bu8a3n0aJgIRHWg2JkkoUtFwDtg39
JIN8r0/KOj7VwkgoiBPCMhQGumgOPIkvlQEcRWlpw4lQGxee2rHCy384zWNvOugY
Y9UsoqHAUFBbfxJt8xwSwJ5EtXk8lNNHARMM4I0pCLTHQbmXILRk0VJ4Ycdi0LGH
8QBywXUIOvloeqKe091stfmfv9BY95Aap3ByG+KMy0sfcOpp6ECXGNfV6T4txl/v
/HyUjdrOH5vN9zOBe0/Y2+Bu8lS95CGx6SuArK4Kn9We48gdVKJlPxJwHzwRwz4E
jMBcepDLmhNyJAlLS3lLEkh2kPjXdXjWzgYNi3RIDZ7wCgqPq34WzrHwjXvR0VPS
XgFiHx3g8CiWQLSXCmcOUgpQq3AzCipXNhGcv843GRvkK2MORk2wVMgKsIVXUpw3
rVU3we7VrmgSxq+NvbHoNxWCdBCQQ+do/3gtBaeTuT55O2Sq9F8ilwPC+dj5+IU=
=ld+h
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdAMPFQYlbeRj/MpVx7JfDp75l/NOiUN71OspQ7YL9iey0w
CqwiSo+D/xRQamcxSHX6CK3fPTj2sneLztFo0i8RlQ1ElMm9BL4UpWXh3Y8X+6np
0l4B/NWek19NSsnockklHuZcrwRzbnutW3xtDKuLUUSMCuZ9mKD/RRe2lHyqcGdG
TNRW2buI+jpGQNXDu5KbPicJP5LfSqMofWk5mRkmhpDy+va/0UAGnnaCulAQ8eNy
=0rax
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fARAAnDRIiGY9lMbRJNEvz1hRl7KdwtWn/FEei8Qh2OK5UAnh
499nEOYjJI/fmWYhF589nR/YiZjTUaXHcYoJ6NgxHdxi6abwWypyNp2qcrYmL2jn
NnZgZEZdV4nr7TMnNnxF7e9Yz5um4FSjZz5jbXuQm2/wJirEzHmd6ImiN49+fbLE
CrwVxi04IrjAahggVHmcWtnavXvLjmUVd7d4s58TlUms3q9KFj6+xSFOjAOYFZy3
Pkk/tGPV39aKQNZgx30KID2yGcyQT3r1KahQt6nG8dHaRNihnFlgP95goXG1j4JH
NbrWv0siKdrYZ70xBCMrRBWGStFDIsGAnts7r0dMK21yrNsSpHaZW/blLUmKN/Zm
MwiD4GFQUH7ierhpCt66xWyDeCZ8hzZ02Pu05EXStwi2RFtCXFC50m2zvkP3IKuP
9B9kJu2zpP8UfOkHMwdf2xsZQdqY73qXuyDewRt7Pe0gwlHjknpQiO64dvuSkX42
ZQJA5stvYsM0t6lmvO8oRsvztOeOWjET3aHDGDjN6/CwmpBwd4qT8xZsW/QZYPAo
uZl3rHJGi8ury+RSgRKk27safwgaRak8B1YBEJqgDxx5i2Zh1tYKSnMtWdomKmFM
qFXCHqQcqDbFWCpDtpFRxBUKd2evcBVtZ36zPPpJPk10i6KH8OrQlpw9akstylTS
XgFEk3dzaxW+wnvpF+swu//RNNiWxi3oxLFERyHF44nb2MOWN92nfmkh88sLPUVm
9OVrBfzvxDDECSLvHzAcB/Cyi17VHCP0PHJ1qMuqpSNeMifZNPS0m/21l0HO4d4=
=UBLi
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ//d5tVcTB+gGOQ/XoghkTLtrK/jcze4yPGsPlQC3IBbvqc
CXDjIAnMj1vASB6znJXn0M9WmdUA4HmNl13vhJS0JF5X2pjhhsn8UIO36L2uLDAD
o3FgNoDRJYe7ubhMPVZbBbCDwasRgnR0LzD8efYD0anBE3kpReHPVf5yP82mJjKs
SG2c+QRI3ZOwFPHVGzRnqszqpb90uIhQAwy8Ta7MK08Jao9KVQbSe0YMam0s4GGZ
8F87rn1LV/oLW/uDP0DP4TSdDOP/ZnujM/iQcb0WNmOywrUxlySVGrtzTBwX65Iq
Czz1HbfUPUU58xwmf7TTfEUahdIeSseMrrR/hTIWneP0mlF2YpOtS8OhI4/xqpL7
D3sCRpCBgSl8dCJLQD3GyP7DTHI1Hm1TZIjwTIKf++IvMFKS2mYmVnVHevW1xO/T
s03VRDIs2qsUqmF8hp60linbKKtZ9+dIYPa8q9SZn36ogoX3kQ0G69TGnpGMCTfC
Xbq6nT2PemYUx4ASvUCR0TeAUApGFJOZkexx8pxd11puXlCOBteq4C9kZioC8ACK
BRZrCJ2Zdw4yqW1tY+2Qbru4RGk1F0MRAyAy1U2v/tM1uLrNnDW7rOSzJOTvM23t
KQSb+TCQ2/WCve8EkHYMW5M/UbAee6aZzUs40KHHwiiFiCdoPOIbk8zv5qBBHFDS
XgHmk0spm/mTYFGyIVAszDgX5m8vfj4eFFtUnil2aJ4qBurQ1e3anp+k+okoDFzf
9txYitRzrfYV3HA9XRp2MpvxLCi73RoNp3ssyIldnJix/OmFFZLy28o3e1b2XOg=
=K5wp
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ//bgJFcgiF3gfShw4zUmTQoiUQsTnidPchdNkgU2bSeTBr
8VWX26kJGkYDUoPMwRK5jPQgehDeuJQMXqkkDVC4NbLVBsHzQX+cjHvm8uZAqqq0
aXNrEqmiVNdpMxiETLCb+Ufu2Vc5oF4YyHWWke+090iMg8zOGhN0720uSYjXrc6w
GUx/FbaHPaHqG9D0FRImkzz7NacsazHWOiu2MaTX/Gcfnx7QRsgZmusZZblmpvcE
VuLi52RTgIJ1n3MHspywMqM3PgHi2zZ55kPAHCbgpzv3YIl6rKBN/Gf/5Df7cvVf
Duh7Sj65SV/1IFXsF2V4fp9nPAfooLIUW4w9oi1F4zQ74vYbZB4r4aQ820pTb9ZO
Dpct3ogTwk7vqrvXJ+hLkoJ/H1CYO6lnZ/T96y743DtXSZg+GbQf0CJ7ptsmsYnF
pHWxG0J0wudThtr2/NPYlEkip39pjWXPwi7Pjhp9BQqfY1G57MUV9AncTOc1QUDB
qFllE4PFS594quaAIlr4hk/+bnDM6peyRc3yDqFUWwY1n/znQSxc7S3VMUEVh5zy
0+EuvMLNG8RfUCCyXqi7DLe6EpCXJL2nl50e5oAD+KjKXjcAUPRTGT3tSq4xSctB
1hGrkTMO2+e3OoXToRGzGqPWTrjHIZlppIt+LXWKcvyjmvNGpH9XIWaxdKHBJSPS
XgHTKw1srs4n+gpblT68cedpz7eC7+MsnkEJIAaOf5+4x2d97Ualb2RYmgWmjuCv
3TAKmmmU9QrdiPUXEM4OfnucbPX8hDZuq45AFP/wAGLVn482TW7kzGXpJoWzJSs=
=qxx3
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAF6ipxbyfHFiQdfLBZS+MG4OqjwSK7DuaoeajSKAG0V0w
FDR1EWxsLF4XO8yKTjK0J+iQeJTiAaBxACpdB50H1XAsvSSZNSTF0yxa4VT1t4OG
0l4BgosZR77tSvEyxwA4JCq+PdLraCh6TEHP5jNCTDfjGRSKMQel0mDxxC3+wk6Y
09UP3kq9OLSzy3TJ68/Dzdalt7DLmUDymdw4Ge8RKMLOHWIkCXqjUr7Pj1aRi4+t
=ItUL
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAkadkEUquIY01vNygyOa2ScTMkvQ8tNWVrFrWoenNJGMw
fszAyJblP70NGlNEX0zorSMxGbyMhYyHqTO9qM0+1+Tc6yJ5mqMUgt9kdvKJEGX1
0lgB0eihxUD8Jl9lxuD7dEX4i2AUppoTzVB68Y1ibeIzmjABoNuZQ9kpAAQS9UsL
WF4T78p/mA75XSJPyp8lQNB5+hjWd5OM8bCZ4fG1ld+dtXhZ0C0WvIvB
=DkSc
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+AQ//XGse9ZddCZYBfTyrIJ5PUZUv/pA58PiRPDDz4P9zUeC8
nUqNRCAHUJGKEEzHaC+PNmd+bD6uJshZnVVCBn40iwFRmU9j59evzXmr/AtfmshN
ujzTUVsweyxiCtG+h9fwjshmIXpkyyyF8MmE8b/45FlGjK6Pt33IYjthdl+NL4oF
+sOGQ1e1K7q57tNXxW3Bww9aXnDiysCmLJhEDsAkHExedHX8bZw989mV3IxHnNDz
F4hkdNquZczjvlKiXzO7XJmiGYXjCyw9umpQoL5jIyqklZKIu9XW6DMc4FDKkDMJ
zr5HmYawg2W8NxHJLL81Led0/zSQKC2t6pKcjDcrcAr0qtyzEbrbMhOjkDW0TtbP
SizD6mLpB7Al3+p9dy7UlzqojD9W0luZooXASb6mlo13rpPhyBVK+Z/Cw6bIJdpJ
DuzprJSO6Iesgabbkx4PK/dh/Q0qlTH18FNoyGKzqph72HeQXIRB91bbp8WuRYDf
a2diW/mVSDEfIAG1Of6/zqSJiHqoIk1A7nR7UkrVZhjadDkdqzKIjTiqP/oHnykF
g9RR/7AGVfGS+m1ggOijl6d2jh7P3qyNBKN3GA3mCwwXWUy8+MVT6iOFaBKPmvH7
ZxC/B9cwYexm45TV4IdqQhtvAH/CbbYUoDOwAmR8hKjvC3o7Dqf7goRlYGLzDGjS
XgGZUdpsfDr6XnbPqUQxD8/NQNTUtHnsyypqm6Lz+6mU5NrmUs8YjO6ZlTNyE4Lm
BGoiEi7tIxEA25rfTmhdTG3R0GZEwhYp/HDjtlXQZK2KjYMOORfkqw7f1vnY2vo=
=Ypup
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.10.2

1
inventories/chaosknoten/host_vars/netbox.yaml
View file

@ -1,4 +1,5 @@
netbox__version: "v4.1.7"
netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}"
netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}"
netbox__custom_pipeline_oidc_group_and_role_mapping: true

207
inventories/chaosknoten/host_vars/ntfy.sops.yaml
View file

@ -1,207 +0,0 @@
secret__loki_chaos: ENC[AES256_GCM,data:LWFTOyER+m021ogmXYBrcr/2fUe3XuZhs5ho0KbM,iv:808LWnSUAPeclhsIgOyR6SutTvJGOu7mrGaVayo7v8M=,tag:f2WCPyUESfMiGDQ4Km5Dyw==,type:str]
secret__metrics_chaos: ENC[AES256_GCM,data:lAepzCI4pwkF8KiGYzGnC4dPASdHDn+LfbJTFSvt,iv:EUW+CGeYUqhY4G1kb2bbU16j9iLwABHfRCdn2vac5gY=,tag:IcyscB9lZuZgC04XTxDb5w==,type:str]
secret__ntfy_web_push_private_key: ENC[AES256_GCM,data:YqNEYa1Ln3NFpNoIuBUN1V/WRzod5HAtYueBJYHOwyM59cCaYhQR1S9aQg==,iv:t8bEs5ZAEe6pqbbOb0mpJdfgruX1P9Jd+sbNurGqkng=,tag:Cdy5HKkvb55V6AeRt+MVHg==,type:str]
ntfy:
user:
admin: ENC[AES256_GCM,data:kwGLrQXBiqKRoHkStGzYiC0fbcGgQHdZrrk9NyZtcZcI4nrKTGx1sxrHOMI=,iv:ACrBFMOP6rkfshOgB+a32TFWH1OKhQaoHcYgwHx+tao=,tag:2QTWmH/vAzIWAjaOHOkrXg==,type:str]
uwrite: ENC[AES256_GCM,data:Jijz+zCPpzSaIEo0xhicKlMhWSewJNJ9GXJGYuohq1E=,iv:gnjEX3N0txcBIkJm5bOs4JfKVsdi5URgoMAmquCMqKQ=,tag:Fip0hA52NeaMODb9XxjInQ==,type:str]
uread: ENC[AES256_GCM,data:ZODLyYx15c/rPzKexoLURwA=,iv:WqUrXexY/RBAseUwiLPBVYpA5zqJeYBW8mmcvPvjtyI=,tag:SjB4OaTgIaVKHDe4JjDN3Q==,type:str]
sops:
lastmodified: "2025-06-12T17:19:27Z"
mac: ENC[AES256_GCM,data:mlJuYT16bx9nEFw9IRm/Tf1y0HF1aVzx8BXhf0VKWkrBQCyzx/qbjIBXIXl22wzMrz/KCZ/diNRx0Wdq2J2u3n92NQtziiDZKwK+t/zz68+cCZAgktmO0vYc+BJ5GoJPuSmeMwHkaJqt3zYGQNzOJAYK9DPrK2AIbo+O21FgtvM=,iv:c5AmWi89ZLR00LqG+bKnbW3WfmIYsyz0X9A5r91Rar0=,tag:x3vf2WTu7naRdwQbKfrJCA==,type:str]
pgp:
- created_at: "2025-10-13T20:10:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtAQ/+OtDGnGLt6wALS/6XENEpmsRU1WRqgHfQFFuTTcejZ7IH
EnN/t7vgI/Rh0f06ty6yZaklEdYhtgRtEBG/yXt5Cn02WgxH6FCUiDrTEgA+Ig0b
O3xncqMei06ImmFW0kfuP3zAgrGSxmfR5JwLbsKXBdjClG7YSJBfeyn73w7JdQxQ
mWuQCaDrc84mbQPeKUKnApkEOdUOKnoW54el4bgSc/e/eZqMfiRiAwkpDev6j8Gr
WDQeHoXBnx9h/GdyD3rxzcoXVqzV02rB4uZS2lXJVRwh3bA1hO9oP5FsTLY4d4yE
0FcnbeTKDc/aJ+H48+Wq7KY0Zhs+mb1fhIuA5qjlW3rBcmKD2+X75YYXeCRMX7q/
Hzc5ZNK35g5IV5WMzpXZaQunFHt36EXP4j+WqC/ZQQx3oSZ/2AQUiMlFcIwnmvVx
m1c4TCF8EGzxoJBKtLpF/simuEf9XBYJeuZ+IQ5w2/dxb4c21whMAE0PRguzS/wB
IzMIDv9ra/iVKRH9FikrzBk0b73CHohF2tBvGEH4R9NOaWjCYBC1+f6Wzs77uEs+
SplLBLlEGne1x5aH8ZMcEElIxvNds38RzpBkEJkR+1TgEr9DLUocFeTKI1yVokAL
031NHMY7CYR8M7hJEaw3Q19FuxaKuCZ9KmlUnS4yGhpKpBALqQwPO88RW9I0nTvS
XgHS1MKkbVRk6OFnke2wb6xyEEzYnOGVi1WclpEXRHPbTp34G8ELSfdcN0DnSUuw
+2pVOBJZwx0YSYEuVHOEUDyP+TXHGBiv6Vg4HMlXccwekzPHAAoLJ8GAouThtys=
=il1S
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ/8CHF7Nw8PguNoqxb4CEuWOVyp0lQ65+LaUP0RO6seZ2ru
YWcQDiVM94zXAbu4yhzFANnBboXXYEhXkkG6X7VRDuyPwyGC1ScDE495+3PUIo8w
VPrBf1jpzla2qy6qYWuEbfBt8sjHWLS+Yc4Hw3xyYJeBXlOkPt5JDnMc5jNwGpj/
6BUvbNqWfqdPGa4iNeCNaKIntJOVvHAQtK0muu/GsDT058bxpnbLQ1FBcpRI5f4x
HcibMmiswHcCLbqUei3KgtUXCriMUSP8Vcc3oH53tm+2g5imLDHz2ZDVjRoWHqJS
Mn3dDLvb+s+WW3heh+6cN52tmw205doljPfAS/8XKak/6PyHlUiTk2BaYeBibURi
qLt+hCFmlqvO0vMDsABY053m/9zgjP6sAYcum1pd8vxhSi+aZnC3TNJpGPWYLEdu
nwDA98qag170emAgXQwwi5D2HA/Zay0MMU9Iqj/+FCN24iiJ4pv8fUsY0r5cXL7A
6EYN7u1cUwC5tsjF9H9RLo4NV3u+Nbwkvl3NLWH0Osj8WXCUqpG3Bags6eKkAJty
hiSQGfWVYTu4PKV83+upgvfOTaI8mDY7Rh+iYdSeIxLBG2efNvKD6CAgRnWHZxMB
0C+mqmL/R2iZtUS+BftYFHPpStXmlHk4pNLJph70FpdRqo66YyqnRudtSC94XvXS
XgFISA2DDfSnQdjPK07lvQeVfasYLtNcPyCUNYNftG0EOXo6gyu26JGtdlfr3aMj
6I0rSaUBtiDhW2DZuyqD1XApSi5WowoiU1CAeNI0+PgTSeUvoJnxfLSmkieakOw=
=1sDn
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJAQ/9HMYrcviZAeuoNHBMEG3vmDe+auJaPZ2I28+CLzEMYrD+
0AIQJhkgdB4RdOesH66ymQlqm2IOOod3ukRfQlWHnm+xhuro+vZdBsdpZmZ5Gflz
tUOOcCrQMC2+ZANwDsZGuwdES0Mv0bUPPWJ0ymA7dx2pMxcw0sZkyBTEgtLPjePG
/SNkIEByOZQeuTcD1XCQAZwVxpr2X7F8DPUpiN2UI4FIHm6CXgSUIaAumEQ/iRmU
JeYi+bPHgAGWTIpahRDUb55X14VCVByldaOOjis2xTlwFivscBNPQyGeD18w2XaA
68FL0Oz6RLyNxWyO1PSEoHf8bRJaOFWr0GdqriQ/DopFgpRDLA/Zhodg8uXylo+P
4j3SjX+B1sPTtDalHeE00PeBPphF6tFqCJem6jJyVfW2XojhA//GJvHA4U5kjC3K
ZewlCKQFQeMiWe0roLidEom632Nwu4SSPGSoLjVwf7RCgwLEDECZefSa15liRCUL
YfnG/2qNAovDePwiy3NH4K25iUEbd15Qt6GjlqwTPw0UKLcWFdwN7eYxeANONDYl
eo3s65NjfxJPxhkENefVSQPGz5OOjR1hQd7bK0d2zdygT0fgYFp1AFGMGVzzE7Vf
I0ZacKO+2qUwTsiRB3Q89Tj3q/h+1zPBx/5eCsFEmy9EC+o4+zIiw4rVLhFWe+LS
XgEg5O7VX1jUhh8e1Sf+o+LvL959kG9JWCjkito+RWPk6ZJIMf+q//1SuDHq43ZC
/NZ9yHUL1wMt+I8vW8aoWiumdMMAlExOWe0bPm5o2E+rFKGlfSrDkTewt9hdMgw=
=eGdQ
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ//Xgqm1urvBP6Ox1BH4tjNSXrU477byrpdMOPsUycbZVci
bugfc/xl1AX2x6BSDuRYMwXNgn09w0i0NlppnU14Nk4zO6Bd6srTOntZ9VCupW6u
X+CSHP6Q732aW81nQdsYgQ/43ma1sF9Mg/RHucDQhDW9NQyQVNfLyjLXIeM1eNg8
UFf4RWDkku4AT8oA0vhNN0ICUp5lMY8YASSAF2qUj/6xmARgCW01m6YYi5xuRg+B
u0KVn+59h/Dk+CpHrldnCdQ0jB9e9wsneaai/mGvQA0XeIKSXa4XPt4ke7/xjBbB
OX72ElaQ9LjIaRbE8wyO2PR+ojP+Rotdg1upYa9Y+PXlfYq6iaZ9+Ngom8qMVJY8
xJO/gJd6ofvdZ0eG4GQjAnZ3Tg241V+ZzZQ4ikG2d4ZA077Uut8etUMvc+A3SR03
PQ68sBlVEwzix16h4igDSmDfrNOI33uFhvwICs1HZeFQU6yDPgfFUYVg5CParqTX
e19fxExYJq+0GzVUSaFrA5N+k2mrNB3LRzHJhAFyQHm6CjzH2DUQWnGN+4dIjIWa
L03RhgqtmRh+yU+FY8SDDopsUCbTqAB/ryiPeI6IoQJEHgi3Bjw6aVho6qFg86Zs
03qfgqo1HrwOvOXpGQab/I6KJm4Ch0BJLtBbr+UyJQVb1F4s38GpfFvTl4CqTsfS
XgEc93bvGAb1H3O7sWJA6AgFatVRCO8uYc59P3JtrUprSqVLups8wO2qJN/5kpTY
5dbbLLoPhODa5S/KeuSLQE6m67d0wwhaOtB4DYFDstb8rR9OnEKzDqFf0QSYX3w=
=nSRC
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdAzV1pxVVB++XYkZXR/VxbDn4KCGv2q0qwfvHq78tQelww
ejgqEdFSd4lpD9rPPljp0ZRwD0C9ZZeJJaiNKO3PJNtfmYXbGZXng6SgB0sehs3Z
0l4BnePG0fCcb6YKlfoXcp4JUc/hlnok5Ftt6H6UapaSnghJvoaqz1x4uHFewTVk
4uLT5OGzx23xB+nQR9Zu//1MH8JdCiZ3DAOKyoXa52pMD1kt8T9a+26rdZgpfsXA
=du9s
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fAQ/9Go4ytWtrKrWK5daXLBhqAEOinCKekQpjcW5CC2bhTR/r
TZoJYphkGxHYzAy8DFE2EnM5mPLvLeJHh96+WbcDLB0VPHvQ2tLlOJgyANgGBcuE
c5gHmHYbdN+TKkku/hCPXCui9S0xYvAEQUOw9tul4oZmy48CEf8f6okXTEiDZHwD
VqfCAvrN264t4qB+IT7ZzkfcZzvkSVBblRwX3dmNEK+sYT2UdWojWlq1HS2aurd2
Dp5WRkDu/eVUVv99f2E7aDFTy8wBT3c6O9I1Qr8ROMpwQs2+Urc3mEXc6pHQy0FT
pSDhKsmjUuCNvbr07HxiYDiKYVXDoVh1koLWNlJy2zHl5SwiJ/vefXULGLcFDtiD
VSaeok41RVfKCACZd06BtgbVtHBRX0UrYfek2ngNZFUqVv1596du6Q8DjM6+NZgj
bisLPcPLvaY98mheUgpb/apX+FSnTysxlmJes3d8OHD2trG5tyDqp5uQHjmU1uCN
jfLxuMlxTd9ogNBIfvwMJ+TfkDAL8MvRRHL9n7MbHgZ7PhAwvtaQgNxyRYPKUHrS
MloWHrW8bWggW1KhR7e/AQmF/zWELM67rZ+mhATvh63aqGz7+AGD/XfJzXot2ApF
xwSMrz1096yKau+zPv4i7bXk2xM1bPYL41V0wTk4JkHyPCNZwx9DRu3kDl1pDALS
XgGl5/wueV/EjAYImOQ/QFT9LcQtPKrzHgWr3YT7sjUdgRxF8UZki/DY4nY/J44x
pXXG8cgYG/AIWkQULbNYacG5Xe/ipcR4F/s56Xn+jmD9uvqxx5ZDSMUf1EGmSqs=
=VnID
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ//aeSxtONmkn37ZD4R85kwupF++d+F5OiRF4z2QvEeWGwS
kOby+TqYXlDBZj/3/8K/mM0JKxWA8Nz+xXM+2yiqsHmZKJMXtXMo45jC6bJ5Q5a1
0mEAD6UPX8ORJkxDoxlzpZ+ghWQUGNwyTSeXFzhSW5ikN1KkFOhT+rZS4CBXvPEf
YQVA5Yf3QIAuocw10mIiPso8SFWd35b78LdGQv6fUkxHcqwZj9sdNsVIC7UZCZXG
G3KHV01KmWtgTk/8XjQT7SVWl1O3/48d8DW5KRFopLHyC6j6n2NdF8t+nNaR4d1z
1CIfjdnvPrd6F3WuKg94gXqgot6yhxv9hocDte2Mf8IR8SqTlXoXqVW654NClxHN
vanZwwYY1gakQDoLzubJamC0hd11ilX8UeX1suF0gXy0TGjyT1VSzDfCF70J8I7q
pj61aXjTt7nQJBVoebvXuW42ZI0NMvQZb7s611Ld3scpTe8Xkxb8bKxDTKpaoY6n
Gs7UMhn5WHD9pCjkfknsa6C8H+NHY5Srt0JM6Ec/2FlD52ZK5AwQjM6VKZhyqQHh
tXsZwHi+el3Hv9jayAF9+Qv14iPn5807vdCLR1ErnefsB5hZcM6rPfhI/BqPuJnn
Rn7OaqzXuHaNi7TVE8RhruSr667AXdoH1dYd4JMsRYH268CPvmP8cmMufEfJ6/TS
XgGB3+MkHwXhLzPDtobCE/ZqA5b2vIbxeMEUNH09FaJhQLejXc2XkNWlQIm1BO34
aEmVHOwvOFZEND4cDkJKdoFKHx6W39jWwMJy7SvxCY6OZTGY1zTBHqwLHptZs8Q=
=tRKC
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqARAAmgQWepRi9uxL1Bc67Bq12/fvQlk34xnZRgWUnrRNkHeC
pmE81tXMZT7pUVCG7FRWnEkkdy/nbcR1z3ogv6MKc4M86Hw2CMGQFXGp5QNjHEm1
uTtQ56tnrou3x714Zy1JaGbzt2og+tCH3JisgZSpGI8hZPqak8bGF35dHylw4iD3
y77/8VyDAeB5BMqOgtQvhbhUe/k09KoNxG4N86bbuib1mPVe+GkwEaZs4SQAeige
9UQNOaogvZhf9QZQAvkB/9AKre8OEWAIFXZQWiuMK0qDm5T0l7QjjehsgXtiNNOq
FoVn/KPhZ0W7VfWE80jFtCykxzC9tUiDQdeO+AX4KtMbWN72GtMvXLAzC3OZnFAb
1DRzcaOQMG9+I36JALTwSvKZfJu54mZlt9fdMIk1AwQ/BAXIKQdxBRGCQFeO18ac
Nas93tSox0sm0W3MwmyhfqONJgEJpEu/cPqCdi5TDcaOXuyM1Rkd3DR97xieXdrG
qNOLlm9cICeC3ZF+8TcxWqaSQoO0v08Ky2eL1W3g8z2llFZLsddlnB7iOx/gFRB+
bbNdwZLvz637SZNlFOxf8F+Oii5wv2Dd5szTJ3WsNcaFiT8sCgiPpOeLbKtE+cG6
8ElwNICA9Wz36MK3nNesfI2Qo3X+GW9/NKNQT+tr0EYCOkVj7drPdf/0nWThLbnS
XgGqDga/2tLpJWVxGlrrBebbd0egZgSQKrEAWIQf/CMqWVga6uEiNxnuR377KuLq
pyyml1Fg0rLZEcyCOEEtqBuQSUqtetzF5HMPiWQbK8HAVAipn2Wglz37/9uw6eQ=
=AYMr
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdA7ygaB17SxzcWIG3zaGElxBpYnlOVvQSH9NBHboF3sXow
7oLhRFY8fj4cw3+dSBmspZOVySRUZEtP0ttvTrQjcGny8yKi8rLQXuMu+YbbcwL+
0l4BKeJOzNVgtJCLDbkWIion6UwLLjDnxZyDbyyi1fV3CHnJsANaB87Puj49eJUd
Dw38YkWGApDWqjUJYpABgYHuKeIhEzI1bxdrHdblTYQKtEsDmBaPdyuEyVXIQgLg
=YgFd
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAhbVz0+bmLjF+/I68+hr5U8Mv7PfCXoenoxzIElAoqCAw
3FbXM1hOlcDWlvpgB8gXag5qrJk26SlkWO7Zd9kxqSbYX7kFnnrpbkQUqo34cvDN
0lgBOF62rdXPHPX8FiTUKMmZRcE+OPgAEx0Ztm1kKJxM4AZsPeYumKFT4oAjuT1t
taZe+BsC/LcH3bRthWFzY5WpNb04z/7iPsN0DGQmW2Uk3tO/zBtf9o42
=T8Wd
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+ARAAmB/8gFVaILor5kyCXkvRgc3ZiFQ18aR6xHcfeWnJHfO/
I75Havml75ArY3J2c+deEkyDKlJv0d6+u2i/xHOG+OQuy0CPKZyoztFdyXcA6lA7
WURTkcDMrCZG9izvvxdXZs7blX7ViiSY6XCrBi+J2VePf9S8RG+CIuP3waUN3/Ma
et02KZkwJGAWeHvwEgV0sX0iJLBROtjpBkC3XuvjY0pP715ci9dOs9mBh8ISR724
X6luhbwIZ9xXXfdevaiWyNb3+Mv4W9n94A3CqQ06Zq0DFx/2/XQBIt8KRWBuMW1B
b2356X+HUMEtzzsRN19eklZZ7eF0MPNJCHdmLq/l5KXUBThUiCb1X8zrc0y+Hrdf
3roJ0iuVLI0ZTWI6o7YXERFvtg42E+FjL+SPHBzzyPn/9m9uEggiGsn4ya2sZx+U
OXZVqEuKHzaRfvhH6UzzN6SQPOm1T+zdqcVTX5aCUJzJhrUBXZewa3F1Hj+clOsC
MGAeDofHr1j2Ww/zpQgq9FGHNa7EeJEQOWAJeH7YYg2oX/6kP1KAZQaF6aX/wtgq
XN8n1wdlF7GPJYLY5bKpaPxm8Es7B6nhtdzpey/dakfEEGjDWkR4VP7rTwp1AWVf
c1erNtkb2paFpuVqsu2yWTwEY2D8erCNVTJio32aAip4IqGoB6HfJBiA7Lkb1r/S
XgGEOrYxOZ9zwdnek61HxklAjfORwOuS/0pzsUrYF5KvqzrYgOdn/Pp4Z2eSDsx7
iWpzbFMXDcVUwjS6TuL3UCr10Nj7fn6STGxSULv/pYgO2lXAeRxsCO2jfKS63GI=
=jH2X
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.10.2

104
inventories/chaosknoten/host_vars/ntfy.yaml
View file

@ -1,104 +0,0 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2') }}"
docker_compose__configuration_files:
- name: server.yml
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml.j2') }}"
certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains:
- "ntfy.hamburg.ccc.de"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
nginx__configurations:
- name: ntfy.hamburg.ccc.de
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf') }}"
alloy_config: |
prometheus.remote_write "default" {
endpoint {
url = "https://metrics.hamburg.ccc.de/api/v1/write"
basic_auth {
username = "chaos"
password = "{{ secret__metrics_chaos }}"
}
}
}
loki.write "default" {
endpoint {
url = "https://loki.hamburg.ccc.de/loki/api/v1/push"
basic_auth {
username = "chaos"
password = "{{ secret__loki_chaos }}"
}
}
}
loki.relabel "journal" {
forward_to = []
rule {
source_labels = ["__journal__systemd_unit"]
target_label = "systemd_unit"
}
rule {
source_labels = ["__journal__hostname"]
target_label = "instance"
}
rule {
source_labels = ["__journal__transport"]
target_label = "systemd_transport"
}
rule {
source_labels = ["__journal_syslog_identifier"]
target_label = "syslog_identifier"
}
rule {
source_labels = ["__journal_priority_keyword"]
target_label = "level"
}
rule {
source_labels = ["__journal__hostname"]
target_label = "host"
regex = "([^:]+)"
replacement = "${1}.hamburg.ccc.de"
action = "replace"
}
}
loki.source.journal "read_journal" {
forward_to = [loki.write.default.receiver]
relabel_rules = loki.relabel.journal.rules
format_as_json = true
labels = {component = "loki.source.journal", org = "ccchh"}
}
prometheus.exporter.unix "local_system" {
enable_collectors = ["systemd"]
}
prometheus.relabel "default" {
forward_to = [prometheus.remote_write.default.receiver]
rule {
target_label = "org"
replacement = "ccchh"
}
rule {
source_labels = ["instance"]
target_label = "host"
regex = "([^:]+)"
replacement = "${1}.hamburg.ccc.de"
action = "replace"
}
}
prometheus.scrape "unix_metrics" {
targets = prometheus.exporter.unix.local_system.targets
forward_to = [prometheus.relabel.default.receiver]
}
prometheus.scrape "ntfy_metrics" {
targets = [{"__address__" = "localhost:9586", job = "ntfy", instance = "ntfy", __scrape_interval__ = "120s"}]
forward_to = [prometheus.relabel.default.receiver]
}

200
inventories/chaosknoten/host_vars/onlyoffice.sops.yaml
View file

@ -1,200 +0,0 @@
secret__onlyoffice_jwt_secret: ENC[AES256_GCM,data:x9eRTm9WrEFGdxDb8JfqLYu97NSBRvhknkEBx/zSEQlSfcah+CVNNM6JcS0Y6d9PARcGv2jGUyakuNN1wYmzYw==,iv:33lWNSnQkljr8S9uj+Eab/fItyKAH4/xAeckdpvzl1k=,tag:Ejxzaz9nkGLT/mqKF35M1w==,type:str]
sops:
lastmodified: "2025-05-04T13:57:24Z"
mac: ENC[AES256_GCM,data:Av9x7PAOBhUoCOCF4al8/4BnpPHmUb1JvCv+PKrBmjPBVxW/sU0w6oYmUNjB4OKxI4615pWpfCsG+kVSEysbXtrRGp2RGqhnSKxS5l21W6Qy+IEkNA/jcA/teUGEOy5Qj1SvgNtWvXEBJgfm9eCQxC+w34JbzoTs2q+6nSxtwmM=,iv:HD3nBwmnOGP6MZdLiYv0hlNcvK5lSxJNaoIkr3Xadkg=,tag:uL01xCeeIbWhsdpyqmUyFg==,type:str]
pgp:
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtARAAhcYelGfxO4U60gidWjgBoIAc7QK0/pavktBL4gHcq2UG
2wcNeMRpcwDTASn3r0GMw80a4xD1QXIjOI9knHypQ1Ie2IxM7p4tOEnj9cOaPb8q
LVFb1WsmkDqxWL7PMd/Prg7OSctFhfhbKhUnxYMVWGMppZp0+NR+g6LjgCHDLWPc
65SbV9nYIOGJ6lZ4RcmC8iQN1vooVI8aunVDSnRGmPeECaO0AQI/idV0wsArbesT
uZ9oLjPLGsr2edjTx/LwzEgZC86zYMvVYrgVpED5ZQz3Rwdp3Mn7k+5kanwvfaIx
P+LJOi4RDBJe9W2K4VFaZ4mMn2qGbKiELoDEa6j8f1GYsQ/DeaTOrknXIYchsTuD
sqa3lHq3pojh6cEId0D7/vRRmlie+2X3waOyV6E0qlnU0odRkCsuoyQizJqwzopT
kHDb04kkj5I3jtOLs8c4xCazpG0uZTyNokwG0hIXzyoPMDHRKmal7LMFTMwcPw+6
SYTQKyofM9W9G3t1I9Hlto0+RMlS2F9hxuIP6Pyk1gd78pC5RQlp426ZXbebiXHT
TmRFZbVsK/im0htBUZPbR3/p6Sg/aaF6xy8I2kj/9Ef9ioxrTV3C33Yi6V38KOge
NwyX8s2KBSksA6TMaipE2nb15QQ0JFGIsHdlGgzC4U2eVASf9VGNgNvwCTlVVn7S
XgGTL5+U+WKfVQJZ9v2MVKS6K8dDIC2gJagWgkrbVHNxbLDdAJCF294FveXUGP+Q
/JdVNL9CN1+ShaM9v65YOqr3ezZBqif/T5PsA9ldn80F9mNTmGEmnAbTIdobP0M=
=Ui/S
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ/5AZ8jtOFLBIT9kvnDqsoBEBgVZMa1NviPs33IgO3qLydT
kxjZ9NG4H/3AuFxN0eI7BI8ppHJeSGsx3UuerVRYMVWt59UhpYUlkhFNMyvnsLGp
LMg5p4XZY3Qrz5Y1zRHw8j/EgtpnH/ZZC2CSMB5Ab7bRMntW13lvEJ/Ku2fr6tTE
XpZBrKv/ArzdOYY+Ydd5HfWBTBo+HlLiKtBUfegx8QrvODjNnqtVZ+B+nXLv/ZzS
N+Krs+SBu9S2NNC+83r980wiP36ogZDYzbwmOgJXvH5XyvT1URq1axpEXK7Y1SUF
cmeiYwJGNIjLogweDALQ1KoerJqhQP9toWt9kvK0a6534wSYJalmw1aav6Crjo9k
sUzc2rFa6no3pMroSseIi2j/gio7Wnc2hRe4JRk5XYRarKWoLDV/1tdESDIBU2ys
kM7E9rQPKd7QnYfZXkohaHtNoRPRc2iqtxv5opu+k6YW9/x1o/0a2GSy98eUG8k3
kmLZXyoFTDrS1/k4lvF0o7Bj4ng9HMD2MKYSwvlapO7IWWdKjjnoht3UNRC+t2zh
B/fKNUH4E2HjU/aHf6+OQde48pmjj3ZvNdc15TsKZnMXFOeiBgN1XQupkS9dWynv
vvPiPBgb0fLuz12wwuyJX7HH7oJTF5QpDW5U6wdn+7vYmf0qPAJEHqG3uZuRcvrS
XgF4toIKkiMrgC4f24NvfK+ZDPUVo+nVKClN7ezokutTiVo9tLuLgWLpPQn7SCpR
5SnFt1CN8f0s0y9UrNmxoUf6RVhkay6LP/QB6RVrp8DhxoFTEpHG2Qwg+vPJxVI=
=0BcU
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJAQ/+MhE8xzGB1GQehGHkz3oosrA6WcrNXzI6ZovZrwmFc3Kg
Guc4tDF1BN6Jxej9GU2zW6z/28I8vSeNgaKR4hJMAcMCYxNlCVOSa2kVETsFD0gs
QzMa7gf2Vi05PxBUVlV3NhLaxiMydDJXgSncBb5qI5ye3niPlzjNnWl6dN4LxmGd
JPaCXdIXXGrZo0gVfdz/ef9IbnGGXyUGDrF1ae1r47BGuXRr0c/ax6hcavzsK0tV
ctjwaqOEwQJG0uTA3kyGH284BSRYSQuAIuDVG5GbnFTCNCnw4u4ujP5e1odmfNSq
IOwK25/5/5jtM1Whdu5K5Ti9bhzc2wCwnkzfjzHawwDMkV5YCmz7jDTSAXGbdUK6
J6ahJ66MaIOp8onFc2UlNuuK5a4O1M302KQLpXAvxFbwGZefG7zPdcURYppPuWD2
KkTBGxfibM89PArAyp5G025HOubNExZoRQ2eccbo0i+p2hiDpRbGTOraGQPq8h76
g/q21rYLG/rlkeffU0zh/0hKdOPLWY5GuIHyumFUBll0O1jK8mKi4B1zJrEypcrE
VTUcw6torSPdA2L9rq6EwQA0+Bi9+nPO8+HycALTlN6RKel6ZcSTuYxQ2lx/TRI+
tRQNRTrZ8ff6pJxtlaFi7yqfwpdsWLMIAv5qwaFXGs1TaONAH+eDZbq6AL5TwKDS
XgEOrMHunsWF4pF7gRGkld7KTfE2X2WjwwlLvEmd54JxSwhUC9jgxsIgDIIklsya
zlsRC5TbXM5FdwQb2Amm1dNvlQxrErSI6Vt2311IzTO09CMnc5TwqXCojGtAyb4=
=rEj7
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ/+OZwSba6kCCMRQ2I//QiqTmrAkX7at0oSta9WqDHuR0rZ
8KYkF2PfQo+hXfweKPQ5wl3225hwdc9rowW3XNZ8QX3oP3t4bXKciY+wxvMI42ZD
uQHKqhlIsFvC9IhYdIUQaM8xxzCLH6vofjFWKeCTNBhtlR4TAZ9XsMYYqsRwxWJp
VKskajQFDZnHg/qw18MkgQaC0Xbm0fAGMZa3/9ET0qnc/6yL8H8idnCZIRvrxfLP
X7rXh+XXJYtv7uRhJLUYiOm76GrBhjFRA0kSnhFGv76dFftIMbt5UsGfBzde4fMC
oRV2fA6irtv7LdA6hIRK+Wehpet9zkQFeQaXnGmtu5GQWyDGCo1o6PqtQH3+iRUs
CiVJumE0qP+LGQ7SPUYjq+XCYohMak5DnWxgVZac3SaUeNY7Sl6rz538twxfh0OE
k+1O3HkANwoow8mBvDig3UdkvSdmz7ilsc0u/8IcZjGieQ18dmuEjIAuyu8e23kx
hSfQ/P8Ym07NtUmRpB83tM+2MgA6x0NvhVkfcR8MQUTsYLX6cr+llyfu3u9q/OCm
uVMs6BdufsM60yshNP5umEUucS27UwfI2GqnIKzCUt4PG4YtZZs/zhljDKxq/B6Q
udZktQE+X7CBRpBO08qAGi0LUk0ywANHXgJaQvAiotWsxNS35SAhmIrg0pU8DwLS
XgEVbnsVLBPrZ+7g7eleQuCxyZ/hXoRkpC4ZA54R3UOVUuUJqXv5iYTOlz4ktEQm
VmIBOXS83I0XXdtSwzXJLYZFjRhPElYqcQDHz/JPuMrJcfVJ/5XNgmb4rrNh0I4=
=43Ft
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdAJcIypJ1e45UuZQhRrxTwOPWBbCBca46PMSe9m/jECmsw
QbNtYY8BHMiA4xoWh7Mq+IAFSKpBnnC8G03rxWUE11zFAlZoGKhfLC1nlAPHKe1K
0l4BsNZr0utkNNSzIZVSEuXj4ZeiXlPH0W1ZN2zqzJM14iM+zcE7zoTji64RWpFP
gJI0PnPAfTozJRR01kxkS835P83TA20g5qETCShhfZ2pdfk/NCXjbnWzyrPzRQp3
=6NS2
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fAQ/+OfU/K3KOJETZY+6eok9W5mnSe+CfgY0YNl4U1wV3iWOp
eN8r8oD+cj2L1c/cjB7/AbnYdakUj15JtOIK/sQHgqgMjrt0/Qn85696DV02vhjH
LizofnsD/GdZp10Mr9hVqtldsxZ+2hpv/UVv3ijxCLkbBSeB/urhIspRDRLVclJ8
FfGUFbXhPZvsf2boNMH3IAsXumUf6X0CXZorVPeUfGEtNp/upEmdJ7RVyKoaNbSh
lDsqcnvez+6AAB8KzkBl3cIcl4RcnniyVjhwCSnrhwj4AFyadhFI367pt85eTnw5
LzchFBBCu5ptNVaWea9MsSLUT13Mzas4TjzaEyG78oJVbRw7T57HSIJZoNtxVrG0
hkNTLIvSAC9Hoo2CJYNVmVsmssfxjgmw16DdqMYd/WX4mTt7vfpFD1ESibRnkNGj
hNqfZbQ+j0rhTFUtg4WvWGx5F6CgB8Ap6q12wibTilgT4iVEzJ7y6TfOAOTDZ6cK
8WImS0+5Sc753XlBi5e4Dhz/DtGNKg3kosACN21AsyJvMztPM+5BDfIj9xkdZ6bT
zmvkYBYJSB0SGkj1DUXdO4tLgA27+X8c+G6pZ8ezSjg33NHR89wlgIeKzMM7Y7Du
cTLfsfmsJRZ41dC4ShiUW7bD29UtBPt3G5xWAym4GyEbaUc+tdad7zonfANBS+zS
XgESquN5xawvfQdXdeTvNlyoJdOrj4jnoQBQ4BFDJsFCPmGW1XJM9SYMy+n/oblQ
9FND78u1AyQNbYiZR8/XJSQojG3RarERmC95zYfE/v6J9ZePl3IcFrzSFkKMEbM=
=wYBz
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ//aUjp3+PSRB/eg9NPc4F0rylFKYrN5wNgBPGqMVIZisfs
5OsJZv+rp1sLNDoEFF9mShN6sjDgNlESCrC54v05y1YKDoc4v1ByBrmFsOe5SNmH
4a21LLAhf8AVUgYjsNEumllcKGSoN+a7qpXsXK8eFZaI0twLT875CTfgECKuUwMQ
WckrimOCUEtELOnSXcbX20LK3/SeqFCQP8vmYweMco/bSgduSya8X/I2ccLxFdBn
3xJVJRfv/U+gHNX1aTS3W7T/hTWrYfdoYS02JcESgs8qwixmdeh9jOSRvyNghzlx
e9FCeoCCl22/hdeAV6/FAGKZf/c1UdCw9iyQcZfss9jbfMHXwb7oUyrHFZWA7cox
4GE96EIWO13nRiNhuwuZtCvpQNObfNmBQTQCexDsCyWbqf7Ugo/rxK1qZy20GQ5T
kkYXbiUfpw4Dd+tNdWBLuYcwPGzJT9u2UxAIdQ8LMC5q0gPa3BIHOEeQehsFu3/H
WgL8hF0Nlzy2NtVDNBwWoCpC0bHP4eYHjZvHTSYvdm8fuhsYLczeUqozXPTaPVxy
qTjVIe+Iub2GtNTIVbLImfz7suraeEu2EMFykSbABk3Ai7Pr+W9AbwYaSCKNgoBl
UdSZVIVUmK60ir/wX9NFXdasKGcD+9QsNSGEyUrJQlprGa4qK9d+UR3dv/H0RvTS
XgFjVJcrym9yFcMxJ1CyQkOsGeJV8GlxhRo2/sZ28oqmyNAWjCy0+ctuNAKMYzgs
HtbCncFw/dkMT3taMWByxWPo4u3mMDkK9IP9ok60w7tf63xQYmYy90R6H/5js64=
=bM86
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ/9Fd95ys+j2usUMwvOtC5kOxEtEE5oBaQFJ3J3KdFEVhzj
shBjHlWkMJQmbk9DhXPlcop8qQdp0rqF4RX2KbgH77Aulh6MBTQ6GUGWWW13sWW2
Cv52adz9Yf6V96Waklgp+WtnyLQjGO46QH4vReCjzE/mjy2MTaVaoDEdN1+x+XUJ
kze1DkVLjrOh0UYK1WFwmZdDA2ZbObyMCmgZOKMh+C59GKSe+Vzom3ulnmBpoIIk
63QdzX4X6C1HlE5l9JOW/09da37hQrCjGvvyq6SByOSsgjAEt7Ib9GTSspVmlcLz
Zv+xTGiMMFMqmnhuBz/2BTFcSR3CXfa5J/bOHS0DJ53hJF4WSsz/1abOiW5VX8ou
4U/d0iCb3mjieJZS8NEYJBJGrvVm508PriRDm7SiC163ar8yuOewQtnbfXZY2hvv
NnbBmjwHh9nxTVabo9eIoVR5/ZrQ381USPppGCDGtP7KewGsJeyXcOFKFploG0pp
MrBanO/ad2QTvkAR/GmG/23KR9mxwa7GJEZDMsGo3kBWjgf0EMjf2rHm9ODxdvJP
av8pCn0k0f0g3muC6Y4tSB+vnZ2teUi3RruYBCvFNFRLhaMmlSgjLVZsmoMJnAiC
iDHqFWhRbB3ep0T0nyRChsosH4pRCBR/m/rh4JrOndxZrqActMzTd/V3d0UI2mfS
XgFbi4mkURuALFlf+/bKnJnv51NHbG+EIynn4sFjJ2qVaGKThOdJbxOLqOiMN9z3
TF9LJrPWahIWud6/M8vX9i7u7KfuaXdfp9taC2tw2DSm5WK9uA7+H0AtuY5Fv1g=
=BaqN
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAnCWM69qHNONCr9s8GS6BCXCtOLFpxeCZfzA7jOZVg1Qw
/nNKYjCP6FbEyy0C1ho30O4zrq48Zto0/qGb3VLn2iXpanlHXN932C+I8rTs6HSW
0l4BPdB07w+0s3/y2yLFJQ+s8IeWY4y6WmLubNgdFfZizbp4UvfWfRIs0cMpOaCD
UQzChZSP7SvM2laiD+025SQ5ryN3p1DxEmn6BURdg207MInBs4UyzZmAxfl7/8yY
=uZOR
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAudk8kyoAg1AzLdhTIjIPycUgF8I6yYJWs9ox/kLLLmYw
gIVZS1m8gNCe18uoYnNYdLCr8s9HXvOj/c9hg+ZwUnd6pqCSn1nQ4Fc8evURoGYS
0lgBvVS2bVCTqST0qTrelYtPIfDbKeszGA0kNSVjIgiL8t8mJDg03ZJgm5cw4Lg2
Zfxyg3699siroPSJ57cPOM3vLYIQQ8JmS832qj+WNRB2s8ggr36fPGXk
=Lnsx
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:51Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+ARAAzDme1irtt/6nz5sxWuabWgo6EDqf3eI7bDY0Q3Xatb2g
Pvg/CjB+dLJft56Kte/lnWjVkaaKTK7aIsQ0aI61CvWpmGanPe5U7Z4WTdz86TaZ
aIuxWvS7io/oUILcKk8u76V9cvunfHPUHDdzvQUvoEeAyOl5r13eUxfHGNSXyGly
SsFOkCkUaPCEKdZf6F2PXBdMT76jl7z4iiM0Sj4HnDb+Liw29WtJsVbX75TszF5d
ngDjobt5odFSm3Ea4faZx9ONNHUS73QuDtidBcbA+79tUlHwLICpRZrwI8Ox3prs
t7TKERP0h+lx0t+a5pqqxSNbkoZlDGsrrONaWeXBocrvYwVs58nMu7qrwJjd2rhn
AeME5mY2MIez7R6NYlXdLAFmfFczOVHgVX9mtawNPlgZjhmQFgPiqJWWfIvL8d2v
yAvuSd1SMT3CNYYIQvr7DLc2xqJb3VVrIpG1s8OW9OvtHRA2gFSYssNCmgIFUaxu
nj7eL6wGsZ3BXLZeSmx/LEV4OhXER2YU3H8zljyk/OJ7a5p7fVa++tQXjdLcBh0l
ssh52dML5270t1IgoM/vTZHe9OitqFj8cplSt5DZP6M/L1+/lPjSC32/WJ/aW0cf
FGSHucAYp5Jb9mWIAczLJG04VXGmvgo2qk2UH+VFuHNYX6591oTOpcFXVYRWfTHS
XgEZaJVKSZqJpmE3zCCUMRBLFF52YWSo4bDEiA/6THtTJkOgQ6GFUxrjolv+QFth
c6hNvbX8jRISpXfKYiUavDyT8Rj83/5weEB8c2jTxI8mbx+QYSmG/FNh/upDtLc=
=U5vk
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.9.4

202
inventories/chaosknoten/host_vars/pad.sops.yaml
View file

@ -1,202 +0,0 @@
secret__hedgedoc_db_password: ENC[AES256_GCM,data:5Pw0orOTzb1xCefwx/n9h9m8gmEY6irE,iv:nZvnPSb6sXjS6k4wNUoo2PCJyOcwjm36gs9l0mxwAeo=,tag:0seJlVi9qTfBiol7mP6DQA==,type:str]
secret__hedgedoc_kc_secret: ENC[AES256_GCM,data:7RyM9jfKnaaP7kJ1JwucPa/IAwaRc7Hhe9VYIKGEmlc=,iv:RvtaWLsf/X/y8s+DLANcyVgagJqGB7EkvQ2nYm2Xo24=,tag:amdgqknDGeZxUBmXsd1ksw==,type:str]
secret__pad_smtp_password: ENC[AES256_GCM,data:msnYZYl8vP+OeISI5OOglQsCQ8vxMZ0gig==,iv:oqov/myWJNzUoAn4BSX6hN1fWyab5vud8NmT+z4ECqs=,tag:0T3Xm2zw5k5WmC9Ks03XhA==,type:str]
sops:
lastmodified: "2025-05-04T14:02:14Z"
mac: ENC[AES256_GCM,data:h9E+eIum7jyIx78zJh65c/4QMZRq+stNklGuBGo8afYpicLPG/A9LZz1UeBSxyEoMOV/jHAIuoU5u1wmijcsZSBBjI0LZsBTnGLORWEZCoVTEVCUp9CJHZ8zQEVj4Gt+V/moR+pD4s3YLuywamjquvghwtOMYt1JzsePGcCkHUI=,iv:wxhwDM9hmALuX9Ko4izSQ270X1aaLH5Z1iu93/D/Kls=,tag:j0+XqgV43A6ry6hbHhGj2Q==,type:str]
pgp:
- created_at: "2025-10-13T20:10:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtARAAkolIEsdplQJcA8+qj1QblUlBFtNdBkAN/uR2DsJUeA1K
u79l9bmOv2/gQNDU5VHNQvbklU4uqjZh3wEfTd4E1ywEjKNzA62njYAg+2/t2tM7
+0a3I3SsnXI6+BVRiLOqclIZ0/D3h9y5vGrIyBMG4P1kaB7c+5aPR8d2lP58Dxkn
wJA81U8JaAhjSYstzgSUUfsp9dNCQj6hax4YaHrXVq17ToJIftMa9TgAyUCZCqRW
7DAILy+D0J0h9mvZL8++Sl+mkQqF4FpOlN1kphEz5itmOJ3LrGPDa8HalJMaHaJH
UZ4GPlZY5kAqmMffZPArQD1aMbgRiF9kN1FBfI2Xvkp7PRxuCzj/cxyiyPY2EsVV
cfSSdBot60WS0GyH8pVPW2Yi1UWNjDEazq9Lrp80q1F4SA9NC56spfDgji3V5EMe
D25LwSXB4zhgb4S9/iAYgJjz6dXvm9pVi1q1GBo5PrfBeX1cS47H9ULYtVTvYFSd
CKTZlOvolBrdMwSUMCD2UEa8hO2cxlf/nD/E0PY4CWHVhXwzcxBWXE7MIiNwlnzg
lJ2uBM05xEVzZq23Gc3wCMLA7042VDMKlq3jp0rrtMoCa4AzcHdmGB3vcR5WeeuW
uWjgWTOjWdd8P1TDzkvrOOA64RAKI5kyOPehWreCuVefmhQjIUCKJdZ6/0X+48jS
XgHBHrjRDE2GIJ4KmwmRH6A/npul74ABhFpZz+TioTOLABvGjN+vv/aSaKOf1yVM
busIpxXSDX57Ku8i3zOMjGq0PNUM687h06ySTRx2GtCK9OxoyNJWpiPlpw6gnNc=
=P+Ya
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ//WoxZP4T54kwqz+0Z30UCYfdIYUjuL1g/D7fiuXbMSZHe
cIY6hNfok4gAhfgarrEImIPo82gfTlDGj1m7TdciEMvPS4wOrcwO9PUMhlYPGePd
nHZFlWe58p6H8uKY7TSb4oxklWQ6eDvROuTEFK2fjnKeFFatVjbVrbE12D4iXfSY
L6Qtf+Vadh8GV8BiDWA/eHLLwlK/Z8/6sBXFrp/7iA/aavp2cEYm7YZHWwMXaErB
UbEa5hzV97l9pYtepukE+PbnY9Z9n6uNOy/0+bdjy8aF2QKFMYwjfpyAlfJyz0qf
MrdMnsaYWdYTI07q3FRHtrELSoOektTx9Ln+jELDHG0RWsIpVX+k0SBPaMFE8mMZ
DgiAE+zfQ0qiY/LFuL0Lb9hC/ksdT7RIUbVD1PYyWvi4LriynUv9s+rRNoUNVscr
JnZEeD/HCtH2GaJK/7TtpZGyobWSFr3Mr1d0GMQX2NmnNqCeRCOeLzKB5jaGx/gw
OjMq2QrTGW61oa71l15MpWGNTfPNDAGF3KjZ8IBDUfadY1qjb0TzTGrXBx0SB/L+
cxaMmCTQJ8ixqs2c4eAFJ9VFiLPN7ABYj84zEmeO6MhCTMrNOxEFco/go3+Iow5Z
XgeyjiUK8MwI8i3OG49sNgtmAPLumris322InYzbSX1OSFVW0gfLadfhE6lXxRLS
XgFMdQnnNa5fQOpPa7RfrVj/1u6G1kRq4vgvZqJUCEcZmKpXidl1vnYrwOBf/0MD
xDO7LsKK5UvN3jHNAQJKMZXOBk076LcJPQQ3G9WsmtsZc6+1KsrHev0irXgokNQ=
=f0+4
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJARAAuukdEMZwSNDit2YQMbyBCBGGTqQtcHndjKCfRKMMqDTA
T+ANtxWuL1YB6kXaZpRurCYBKOMlFC7un8/GIDUiJNep4DOcSY8zBYIuPbjSpuQ7
hCBziiCQhAZMBDB7piHxFTbn03BXFBeTXLR5oz7VPFQ69uJcOCytLYjLz5J483VH
VvJfMKPhIA1i8teesgPcQlkgOlFWP5NxPAUMyNkOrz6G83snsSa1FYS5X1su5YKo
vd3EqQVhv1FO+2s0X1S0am5BK0GWZDMOuzHbMVKTbY/Wizz9KhicXtsCDSq493VX
bXziWQ80rYYOfVOEWHqsgfXWe1OuLzT4JMCp5nx50g7qmKFRw73kMJdyDfijgIjX
NYqvRI+LD6D/sAXGrMvP/CPW0+HxXWfwja2LI4v1cKeI15qVOGvqkrT0X0J+L/xi
ef68zqXQ62M9ICOVJzynV508ZZmrYxM1uLLQfgf2oYM5TlJP+uITPgwB9bELGuIa
h1mGpquxUcbcwmtRKnhJhGmIoEf5t5jyX2wLbdPRGj9S5NzAL7fRGwypgprL5vGR
18jJY6x6yzyB30DZnxEJyjnwnq3fvbZOuONt55rIKD9v0m11ogYNSMU+X6TTfURz
D7XYmqU2gbvP2g+pS6MmwFIjxwV2r30bmWyGtmOosmvBid9hSkXBNEE9jppN5azS
XgGe4vpkmFNPySNTazuFYHXLFg/wWB8N6ZZIRPXFKtBLmSptJm22YWiiLqpcb/Am
D0onXEHPu0gOBoYhh+dbz2u5ELqfnay/CVOc3WvqegSJvr85mHKX5sXlZGdHFSg=
=A3kB
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1ARAAoN2q5jd5EXQCcZ5m9dS9iuoofusrHNBwx3rxC63AuE+I
SEhOV7QRTzzzyTmmqb/OFmzKgJiy5epCFkT3nkS4lNAZdiw3qBNTS7L1xC6ireeo
1DMquTVOy/DQ11Zj77oKGRX5DWuXCLAq2mkB89pcglKK2vXGQs16eTuR9tRpNwAS
L8qRBLN1zTJQUTUCyI7+CCBMFkQ3SUFFZG4nfrka08n4O59OubcmkkpYHa262s29
u5wdgkxI+3GyXvMLku/hLr8kGK76YpvduEM6oMpYC+5k53RMBfekilfWFnyW8cpm
9CN6Z/BS+TNFH/xrC5MlsV9PwgDXAltXs2CpolpOx2WtZjspPzIrQWqw0I1unocQ
GF4Vlu6S1f/sKKe3y7AMPNq/tZ77vakwELc7zpP2GOoJQTR9eSaK91s70BkO/2il
0DXc9sT7ecW574NyJ8Qiy9UYHrlmdHZZwtFypZIDRO6bGh8wzhr7mpug6NeQNJpk
Y4zkpoLEdksJ0BeyeUbVS26HHEHe0tAXK04Q9euG6Rs21qJLEkPbpzx4P4oq6z7s
Zj3IBPUn0155GwxrmDdA7l+bnet0XYJt3O+NIyKh3tZXZEBqxs6APhSZsyrbMfm2
dkDGa1aYM9PICHfsu5gYGZSodAiuu1LDe9foZAWnX8Bqv2GdAg28Z7p84b3zO8zS
XgG7R0YcKoe9Ene1lOe95QSqg1t8Mc4HkNDHd4lH8dVw4KckNKgPYsI8eOB2ilCS
YhPxRLXhUSbb/D0dsbkvuTvNjuvUPyBWPRRoqcmE0A6An1XMCEuOpKwwyr3T1hk=
=dGri
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdAMOYfq13YmUmzXgRSFo+/+vTTrQ6c7NFscvUXvyWeeDQw
uBjdC2BK1e7ZXtzdLe+8lCMEL873lYUP85JZicE84J9DKD4KJ4JdyhobbAtKC5Q+
0l4BYTEO99Dt6fSWPpnh9FAWqM77RTgv/5+polMBNvAEJVgHaOl068BZJj9ZlILa
ReLmOzff0TA773KOh9JlXHCTf/AtMdPSOIOK4AcfccOe5m3muRVkpTH/goENlvnP
=Nnkb
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fARAApvCZ7Y4Eg6jo4I77/gR7o1cBNVk9y7SO8txYXFzzIUX/
CYooi5WAne2a0PZAXbxwvoSv4hQ4vf59tCYJugu08IRnDWHwlHtQabX7Mg4pGYyC
gJIl/P7XTb7/4C11wm8KH9BleQcbwVt247h9dAdW9nP29MUY707dqos8Snl+0AcA
TnVfC4FJced3jbrgkrJrprYfj853xDdFhDQnoRA2ICRf6X7e2jkwwsPRYtyEphIr
msHBfXtzVbNf+elYU8Elya1YekxUre9fKQDZIYr3Nr7DywEIVSu2oAu+m8M/kn/t
5tYAOw0uTQ8ToHFIyWGuiYxVDMtwcEFIXznGT4VFebgAqYWhc1U+rSV0oE3VW/rf
GS/ehWoN07MwTWNYm4B04ChywR43czkKeutPqnRPO+LiaDFfEv5n6gwgS+aghBCf
82Npprkazjun8QkPh4rATOhmp96VPCQKlUIP2N0hYF5Tj30kiKioj9ei/0+K91c/
+Rg9XUe7zj73qOFGKnu3/c+pWMvX2oTG6RtdkKG5Ah/3xD3PdmTRBA8Zy815cSCF
IkdBbfCNiiNG0miXlij0o7t5/h1z5yBLr7WuhdM4g+l/ms35oWpV57StWbfZZh6p
OP+0UFxm1XX7VkZKxZWOAj/paW2X0OBHS9QoPwSVP7k1Z0+5QkrNhwpIBPWpr13S
XgF5h/yHujI71bqg+qsuaEutUicf72XhC4l7QzC8hngvn3yVwJdVeuMsTzpdf8FX
pVG5TlVwyEiCCyELV23FgW0XCluX7NQaiRVI7A/p18AbSqkwMt9sYBNZlAVVDRo=
=2yt1
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ//Xon6qrBk1OukKuTGzyz0LrNGkJrBLZC5FpQ4KWVVuTGO
UakD1V4tSliQ01PxjdwVluyCVvMA7Cs4XsrMQPEnJKXcJukl0tK6qNpQtGExU4Yt
SUslVxSjdfcVa+zJYTSQcNivtJUnd05nX/CeRFkJbqGMLYWVI59GZ6R8gLD2J5iI
plWnncxDaV9Wcnsos3DEiamA5qlGY4YUUUx+Cf1tPZtStkuueGq1Ir0uGxn101W2
Rf3yC38bk3N93yNyka2Bm/KvPVE1fPZovpsyc+Y4gh5UzkI2VCBSnjiKgD4ZbFC4
lLmobWJgKzIQmP1b8xfjsN83fEeX556J23IVV5H7Q9zCvBWCpXu43MtrbkHhZ53d
oVevbq1lc+J8lMarQNM6UPGXecrlMGCG2wZncD+0SIeLFOJBogTNVxV4hk6f/llt
f0pX/Kd5zZmEOhE3cBXrlDOHaaEMQVXwn2Hv+zpPvnhNZekH0CK0+Z83rC3Uer1G
lLUJdzO3lIy58edAQPrwfeodo2eBxyqKRPoggaB30N659qOBiFWy+OCN9gkVhKYV
sgEVXYdsw0/07OG8shEJz8h8PZIMRzYnxvUMae97UfV02TsyBtB0K0IS9n6uBWZB
u3v8Gicm/n6fN4CTIinGNvRkTLuNTfHrDkxLuRNgvNyuy+09/7UjzleIwqhC+pPS
XgGUVQy+K+OiGLkzjhmtvvKwpbngUXlkz4t4yn8Gf9AeZfiT4CMN5pj+A+C6Bwjx
frjQ7d3eCgo7aOhjD1BU77HIBYELLXHnqBT3MGu5n7FAFFBT1Kfs+lODRszY2p0=
=ZBB5
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ/9F4N+HC55MyvYJEADJ7HoFyb1KqqKjq1ZRJkO8DEaA2+m
x47pNAX1qBHSnR2vDHMtKI6c103MQ56gP8FjPe56yXIFSYipM2Z0vsID2jMjed85
7SpZ1hSmcyP8xYxjVQ83uvYKZ1DVNTn72u89FCEpLBSIXvWHoxXFZ9lANaDoyzGa
jcpFdgVFo65R8offS36lSz19ErpEXzlhiyS0qwCZsT+BXctrybxo3HHgafjrvZqf
oDwsN65a3skhFkph5kE3/3Y3sF5Q6t5maq3TGpenRtsS613avVkWwqw/X9/nmd1t
jik7Rkccx507MZvj6TSny9nCIkEGmew/Vbj1JLA38DCkdRIUWjUhWZBE4QtwtqnA
rGhAt7tr9B/SIeOyQy+TtdICRT398h3GpyrqwlOmheCyunk/ns6rnhvKc06yhs+S
5uMkuUhvTi7qUcGHjX3cj6N16BknUrSz5kGoiv3U0JM1gz0oP55iDWCfFw6K9TNZ
ROObvZzzCcrwF4o0YxhaEJTf4jAH1O01dL7iRBYa8EVEv9DigmIJNSI1ZBZh31Jc
Oa/D34UIw8TpAAbtNPXY6kovbcADZVbpaXEAa9NDfM94TfLX5tx0l4++W23ZB9GB
aUGTn78SWlSNBLR83u4aJ/sHvIZ6gmCL3LeT0JfRZ8Ryt0H1mLpunJ4lDXNktuPS
XgHxdfkx2FJMsiqK8ygfeeJUvSx8AVRDHycLPALyjIvOQW6E1kgpZf3fLGPcwoY2
+EDYy3fG0wQ7O67pWL+hMxuYr4A1L9O4Xdb3dmFEYntmVEr1w3YNJRecRy5ihPw=
=to6D
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAgJIqr9tgiyPy0TLAOk0htl6gARxNr7ARDXllXNusblAw
jzCtJ/u4EPAu+ZFPLe2KsdKgEAvhOsx9VH1wG8/bhd1aJd4SjPy2O1db/TuZ/v9c
0l4BmAINKLonChboizDJrQICD6axZ0kEVC9zZcvY1dXAgKlmTkDwgjkKmU6dFL9Y
I7HBtKXGO3DXtc+QsjUpOCGVcst+Or7ME+iBDmz73yfWRTbBPmEUOGoWRFRrPERX
=Ogqm
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdA4oOJ4bW4yP7Pk2AMH0CtRRVxqxUmT1571X7DiBhG/2Iw
AIj8yxWAAIuoLifLPcbFNosVuhMqxAHU/sDoMQOJ6bWixYQnpVJXQmgmCiaF8sbS
0lgBwfQtjHG4BQ9gDXZ+9O0vEkmxAebt6C+Y4x+HvzQsXlGGdZRxrsWsiEFubHO7
qghONWmqTh3mdt83OtD9l1lR5KpDTZG5D7z9Mxxbd+44s+cPORcJX4bd
=bp0D
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+AQ//dUnHLEoYSvPewKYvDUZdW0djUpzaq3911lbn/5RJ4YyG
tM7XhBVmgN9Vw3UArrKk9ZRFt4kwTKC5jLAp1c5HmecRBr+T8IP7z/yg6fO7CNP/
jLO5l6tct2d9YAvNdzPKVM58B1pv6EgDDYV6kIlNIZ5MsZMcC/p1XfOALPIZl0Qk
C/o0+QAco/qYv+cBx+8AkaCcAHSngpf0Y+lqpQkRUShIYGuhuCt88QX9sfAiopJc
oyzNRZqvG2FQT0AXk5xQ1xhLECm5HFVnYiQetCJCieltXqByY8QrWjIKr70N1r0L
Fmr4pvr/2tLGJoaWNqa/6/RdUSj+SkIUkqB0tZVTUyKquCVaSbVHhwnKNLIeg94n
ulDPz4GaKj30Y2WmqZ0Z1+7TizsLFR6iO7PlZ1vsuVoswnbB98Y2e1fCsQsw2hSa
qeP25kdhBA14R0na+4zmXdrmhxjdJ4gGF3iBGyTq5kTVVkfeRZ5mougLzJaATj5l
5XSgwDO0seix+0z6eALMcTVrO6mARoXjVCkzCslzjqyVKj2kTGxxl4Xktb4KH7tF
Rdicrh6SOBMFOZpqZENM8Vl0nNNzbmA9dKmEyCilun2lit9lz9xYZp8esrkLCbh+
Mz8bEEk8hCsHCCyfZ4Pfg9wscxruTX/p561SDUYFhAUXUVNUfQpdg3crcwHAs8/S
XgEnr6ig77/vjVN6P1kMUN/XrAE8pbPlFRYX3kxqPB9xKzrNj/SHwjFstjKUcfhY
wEgrFIMGwP/BsDfXnMvPoTHcl+GnOVGBQ2jGW05NG32IvXqU8gedG6Ajfxa1EzQ=
=m5ke
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.9.4

201
inventories/chaosknoten/host_vars/pretalx.sops.yaml
View file

@ -1,201 +0,0 @@
secret__pretalx_db_password: ENC[AES256_GCM,data:T9qw46sR88tcj4NG1oK3AfjreU4N1cIN0w==,iv:g2rr7PbFN9bFDg/w7vZBiuMB4p2j2uu0eQAyiweuQ6Q=,tag:0coJNAbT5W9gxy2fVOhuoA==,type:str]
secret__pretalx_mail_password: ENC[AES256_GCM,data:HJrrmdDKzity4Fzz+JEj/kvddzHpRbw1Yw==,iv:dW15nSyYjzlFdPkQoZmJ5k+poWyJZ7dW5Lo8IFjtfMc=,tag:AZZObQRDMMoQgnPmqo/+Tw==,type:str]
sops:
lastmodified: "2025-05-04T14:05:04Z"
mac: ENC[AES256_GCM,data:sO7OHejtPDQNt3bfXl+W488vCqaIicE/iZgIw6dClwoHZUHDNlv/V4aubJk89vELCs7JeOYocqZhARrrHERUxLtQMf+YguA2fBYZOVZ37chtfIqYoceq9ygzzzI6/PQlO5oRoe6HkASJK5t9oVWdfWUmBfWWWjBGrsKbUGnlPOg=,iv:p9NZw6HA0oj0PWJYDIjUKzj3DAI4ymI2V7o9knsvjnE=,tag:AbMiE6WQSPkuY2AEIcHAYw==,type:str]
pgp:
- created_at: "2025-10-13T20:10:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtARAAm0F/Zw60hawLrD82SGr4spPY+fDKhyHBwenuFLaQsFme
ahf4kedykaTlUbTWODAIcL7KkDhG6RzuUr57nVD8V3i+hO3UPW3Bv+rssrABTex/
PzKhrfK+oFcE/abvzMfMIhjxpC0htWa3twipxmBANsYER08kftbZc+DS/pvWCYjC
KlzCsaujQyWaWrA/0sUdSe71S0oNSDCUIYQQbuWG+h/FFqCAMJ1yXLbjfeQlwZba
c8RYvh5Zr+fizHiSJsYDwjKYCNocaSygW5I/mpbpjGK7WhleGrcEkt3Ijvb1K1Dn
J0ysspmPZmOhV+uuygcEQxCQHL+0oWp82qu7AwcnYrnYe9KoXFTmx5GBXtLDxOYG
sxc9JQs2gI9cGSaQbVtE4BrNaKuCDFLIAy8RBXC6m126gjG2uIDv626ONx39HCd9
UBeDXQHRoq8H73pncz0RPb5Q2yKPbnTUw/C3ORbfE4c70oioIvtA6ZRtnGA+bkl9
x6YR+Vqc08qwe3/qyKEnHZXhY7KEw1L6qK6ox7iLFHmYylNccwZ7Y5qMd0b/QhGz
4uIIdJEI6TO6KAloSKrATlcqt/vnS/9DGeI6Ad2fwt0SpzHhW/r90cw7aOL0gGl3
CCqiKOxj5pjIIvUoD4nVoSkvlzMn97TBlir7GQuKMHlhap415N4WNsuLrE06TOHS
XgHUs3CX25PSJSuVk2wyblHrMqsNIdfGDQyxSsgS13huBksWsvlbgNixNSzkFzZS
DDJAksal/P/a7IJWopnR22TonZxPV4bANPtxucBdjiKSmXCfkQuzTjm3QOzW0ek=
=8BaF
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ//YjtcACzner31t97RDu0LVzJkLfxyZbpAPNth8ZoIdpN/
HzH3aM4aid4zYc6pE1P0syuvg1iVirTS1Vmh8rxfdelWxGOjuHuPp2ivDxSbf5Ed
U0fgCIFFYPKbimP7Er0Mkcd6hv5hHIv2W1IuZXVgXM+8nvdAnKYeH8mUlqn4OLnf
x6LSxmkKs9qjaliOeg11/wcJZLk1eF4VkjKDIwyxFwI85FnRVUhcZDIOnhp2THuX
RBm9DgyRmd4kFw0OpdktAmfqG3fRlFzrHz84yYjhZ/BqDRA/GGk8Rd7E6Z4EaAHb
mz/0CAYxm02Mh2+TM6OgAtJPImZ+GcHHapnPO0WkcfWSihEGi4MULxhV12pSaRYU
1hTycZcgVGOjFfahXTnl5ZNh4974vrLcP+8rRkSxZbKNM4P9UXGDgjcM1cTtOIGg
K9X76gVNMdTRt1y6bHRVcovm62uzyHpy4k1prJq9LLMg0rkuDKimOztjplpNrW/I
Dc4ntj7XJDXUBLduvagrxGxezOVwGnM+HNvTL/a13YQggPJaQyJaIxhtA4f48GoN
iHSGS60Je8ycDv49BdwnNmwn/IiwhlyTSD6PJJh0irGsO1H4oho21hdapKdWQmKA
/drz0nopl7afCAqWn+TTE2DXmaF/BbZmrE6Z9YDrtoxzP7E9PnytiL/Slrit2l3S
XgGkI2AKwfuabADWIUt+FuqJp+bVeATW4/vT1TpdknjltE+euKF7T3g3gOxuku4/
s7hGyK9LKIAwNm0j+urUz2BqyFIW76R4dC2RU5hogKZNtwZFiL4CXIr8qBJKjPo=
=qs6f
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJAQ/+JG2zH0EB/fiLvKfC5ZpEhyG8u0Ri37TpNUfVejUAnDu7
gK19ih7g+DgxRyIoIub5B0wQz1GGMEQ0fhx3yJdLXMhqtwjfRdJYcWV0PWGT09Rf
5fxcro3KPxyuHgWggsEPEQcrRUBFqHCiNasvsRREIwvk9O0au8WYzD/MW/pMCuJ/
yHXsbYIYMVEVrRhwsaUhnWoK8pbyYnyKNNKWEf892MOwPpsJLZds/rsqwbTlAHK0
wRZfSRE9m3IM7LPPih0RwFZv9Acgb6qzXXm5VWpAHpct4C8U0DCZzTF4/jecIRbt
qHh3ZCWuPtQOjggdh+gWeHyxnNfKeT3f0YS6nwQcNXj2FU0bk0L/aiLua6C1ucqI
NMwhGD4oTXCc4O9H5nb7UFfZbr5nYXBs4RWfM9yMEx/6osZjG6Cfskb0vxAn5pCh
tq9zAEnNwBiGgf4toXzg185keD0QR19GwqhJAZfLI4aoX/mTk7siTCE6fqsvnptM
+FG0hqb4hrhynTIYTiLEkJMvQyqVMkz+g5SUl/ARkk1JLw7lizOwq/8lKuASXvKX
nHNwhc/9DOBfBkfjdIH8BsHTDtPL00Wfl5ZlKfTaFvWCtmkv0XCkbhZ4qzwAa69H
QSfxDqjYUCh7O4TUwMZSin2LLpVgivTv9ased109T44eujS2mzLwYxTGlFyNXcnS
XgH92E4iQj2Kkt2hJcRyZEQsvYLQYDjp4qGzim+CAagzAv4bkjXedGJs8VVcyXkL
Q9SP78uiF3jQv40HPRv79aXj2oXtcpaqJln0UGGAZrVbonsbxvGaGPE5hFLzuwM=
=UR6u
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ/+N0njIeQTZmbbpRUIVcuFQrFS8h0e3Ov6rpI4lhYxGOcs
cE/BGgVr3TpLI0gOoP5/vuYEPEDG7f8bjvUuJ39D8Ty1MNXbRWxONh/EVUZe3cSF
fzYEVOcagCo4gX9VEV8EFrEnbmnQYXVxGRsvTxA+T6G4JSlOOjXdf/yQGKG7CsSJ
sySr/IJPw75C5NWUbFQ2UvSbfG25Lrfx/SI77V6A0Chs2YkcfRjz6oSV/imb2fnC
zu4NWLNLBCYN/N4XfzDxlzWrDNGV2e2bLa7OZckdofpEmbTlcovOhenJw4xgp3St
sWnUbrXyXcc15Sa1/EyJAH+l6I2zFXEWeR2tmocF+nBqo5708lzpGke1cyTqqYcG
qCUfKl6NJqRUyoNhXpiVK1YtEMbIKhynJVjsupkE6IH5UmXRoEEjTn1XPhLh6IEz
FO9Hylb7uJM+a4WQeE7PpsrwjbR/B9WcYsLsa+byqYg6nIqznwhpzd99afOj11Wo
TfcL2VWCP5jpJx6kAtuhbDlNBPdEwvUnx15dhFcLpM02HVJNnQd8zOjODa3ICY3j
qwR5aCdbLXsxw3xsWWMYt5jYtZdVaytGbzGvuEujbeY/yK85tzg18nTxlVNLTJIb
c2qRAW+SfneubJkXdiMxZYrzD1G/w/ZYljmd7FcPKv6IQBjDqxG93EY9T8GErA3S
XgHQaMSRFV/8eiewoQxAuGkXQ4kphk1989wnCaUWPpZyAlOgSHuPJXkkps9rFZpc
wLcocDXREBReUb4B8+d8K0L+A89XzcUt+offd+qB6S5XEG4XQn3TnS3f4Gstwgw=
=DOdH
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdABetSMqsBG5cMDIKkpeHIckaUfL5ZkZRYK0bZ72nW/j4w
mEI3voDWxlSEBbJPpqlgUzETLlr7np6xj0B5DRuqpEDNRQ/n7mQCiDLfo5nQzUt8
0l4B0bcur0dxaexJ6Yl1UInHVti2E1zKoRZpneKPhMttt/7qv/lRUdyn1rMV622R
Z8ZQEc0E3L1+H86704A3dCXf1TbyBpEUfuN1Bs3Dlx4eyPB7oPxacLq5v8FqhJMz
=eQ2K
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fAQ/+OxlfT+bq47MU/MhjByVcsCrIG+3uDoTBEjm7LkCXUzS5
6uOPpqDeTn9u6bkjKr+mpo12kmhGltOpftyskePOxz5qx/AGi1g32FPJafitK8xb
NSM5qxaXB47QKT9MA/DlSn/tzZI0YbZCrv/04Y2r8zxFF5lHZF42NEBD5Q2le2+k
IIC8/f7zYNni1aCPM1k1B9YyJLFgwJmX4CWyEFvdeHeK9NxrFD6z9t1UU0RP1B87
qbteFxjaYB3KrkdrnDNMyVCVD2dSFzWHpO2uuYoX3RV9fLmvr2gn2jBM5jthkJNI
wSUJveWe5WJi18mRG+L5ST4kHxK1EGi3S9OHeDgBW9tJsAplDyTngscbY0V3tF2/
eGM7mm5NuxIO1yQoBhpJRZIMFVOMc3I10vZPN4dUNCRtJ7uxN3BVD0ozhuhRCz82
c+VueWfqCXWj9s/XvrtQu5douMFGlFaK1itpU6wQiLuIbZR2ax+/xwrsDr9lvmNb
CxvJdiLZOuO7SFVFyo18wg/OxGMXIXyxFwt4z1UmzV/fPw5SlFJFRH2pRrIYxdFc
mw6NwFs4WI2h45YqaQDE8bNKIR4xohn+px2TQxEpb3LhuD9R6Ix+3uAaz65yt1P+
szWbZoMp7rrhU8gWVBlFce9hiuV8mEOfFtcZPhN5LPfDSKwXdLL843Ak11DW4knS
XgFpKd0vjhx61yjkjjpBzF+j7thXnzohmvcwW/HukW67JV6lpifbktgde0QPA1I8
zIc7XUmJ5efjDh/F/sm1mr09/ofCXFRSnGPbj8joLKWaoeqfGy27M0fLCYKJLX8=
=Bmty
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ//TSyMcl09q3mBXtuzxo5BtABtz1LggXzQXiV2+/C5eetG
MybvjjqZouHBWPFfzv+PFxbVkuOkmMj/OfFt0MiZPYnt19EOMW1FxpsNkgyJ7Z8I
lnqtnlVqsO40Brso2FxqP/FgknxTaxMMu5j4pjIaHDSIA2aHZmcEOjPJFdfAZ3qw
LzxM0PrjTxRvzE6rgMayljCegDsCjgse1Tdg4XtvIV5rKINGkfLiOLggMx9sDje6
XOsQKTIN6P+ESFWOSFe9TytQgs4NQBGH94w7Nwhce3P/Y2CcUqR/Mo4ns1gvS6QU
RA7kzIi35AUUy4r0hymGwaPOGdUF86ceXxHw7nPVrvPl1YL4WRWF6xeuz3UREL1q
dlAJ+REWA1IMw+hEs5/n0kxa9RAl5oAtAGPV1urc3VerBX3MTww1dqEr4UAoggYJ
UE7k4dDS8FQonXFNwKE7n7Y+5cDIgLXiTmwlgOqDO22irwHefuZg7p+LoQIY5mOB
bFNf8s8HLTsZvJBMl7/Dlh1CiK4Y1afjtgQu2SiboxPVoiutV0RoLcfhhsE+brw/
DndNquaDxG0CK6p1OZjN5CE5RhhgfDy11aAgYkfo4WB6Vsl/HFHJf2BC1GFa+MNy
p2jPEWus2gujvfMa4SriZCTGgO4r2s1OWwiaTZi6X6pk/G4MW8hSaLaI85HAF2nS
XgHab+EbQU5l+7jBFrB7ClLbHun5v8SkUT1E1ZyN3ET3fAsFeTASlqqq3iCBpOQb
TeT6qjXi3IpEUSuZBeWVfM2zSbbaz3txcuwQwXotdI0sDyYzxXHyUp5+aPJoieo=
=y5X8
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ/+NNp8TawnZK+TXGCg9lzS+VbYFyLYHYqAxdMnvZwQk0kV
gTh1vLRrtgm1WBSYtZLqAnKKMKyUwRzqMjHjhTiAyEL6pHaiRu9McX7N1cZ6zVr2
tavNwU5GyflsqPFoxxvjKLDinWv23+LcO75HDAnZ7nQU9cV2M87byb+Yi0kPAorD
vOv8kvxIfbLFh+TRsj/w+a+N1i/EJ1A3EII0aoq9GDPC/LqMjpFJmywqX3iDU2iB
mcJcQAlD7TNiIRi+cEVVhY9AIDjB6VnU+ITzKf2ZRlVkYtSoNATzdEhhcnSR1Ddv
cNoc6GxIN4a8YF5b72FYmDMJNZ0HB+Ttx8Wv1KYTaQZ+9bgmfXMx3ef/bTKxIWov
NXA5bSDmG0jqOpV7E6f8i0OShrjO1SrdCCGjeQLVyuxzvt7PxBKiga7gU/ekznzC
p9M7ixNL6jUURGHeU7VJDX5TTMXhaKCr8vkFGW0PAf0Q79WI5kZFZo6L0nxJB5KR
J9bpCH/9qqmHIq7FmWBSf7URx2Qnq4mNABUkQu5gBCbb3BnA/6Inca6zBp2AddHG
4b26JOhxK6itCYxzdY8y9GlxgHbUwXts/e22e3C7HPU7D/7PkGXv+ElSM5/grJaJ
ZMyCZGZoYk4xSVlT5Ca3ibxd5R0b11jBU98j4Y3Y1eIBvBp4CFRmuGHgTkrQ3KPS
XgFRZ82TLSMA0AgEYhZx+CBl8C2j7F+LXTcQw7SjZ40CX0Md0Wmj2xQWNM7GxDaF
UYFWpk+dgmTedZnwgHYwqSuO3GlSE5MaTDs90cqXC9qNib+KOxq9TjQQdulSNCs=
=6ejM
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdA59wAmAWKpEi2e/6Daw4V96WPthNmQxIXw+H/+/G3LWQw
Rr+WSsmwhzN1x58KolnrfRta55rxBzE8tGqs0LxrEiv51PkWmwQc885M5ViqWTbG
0l4BVbXKdsaEXjEhn9ccOs9J0WhQe7YdMN+NOwPzRGSV28zD9eDwxs9j1k4v4kX+
RNgpfp9dgKlck1gYIlTZteiJTkb5fvfQYPZAfQB+L8MawTOtzdKEBUHsC8kWWC5u
=jO4q
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAa1I6oIHWuNa5p6nytd5KF6aXy+80v/F4hYyh9h9MWD8w
D9mJKnKztFMkvu3e452vT8KhPXWOKbVVpU4BHW3lrNC0yQGaDIwIEpCsPFQ/W3iB
0lgBIbmEigpaEP8Edj7xzrs/79Da7Pjl7GtwAB/A+iM+tT3bnr9oG3kYYxhPJSKn
3VKDoNh565yMFp/8b5hYPA+HPT6hdjuLxfxRmil2eIegEox4i5dPjaWh
=bo9+
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+ARAA1B8GehpJz0AOrWDaHLzXn8hjVMH6UKwUEwBGd6vaz4PO
EHhkZAqbb4zkCxW/6XLBMf6p1JVf+llvBapB6wZGdqdThWOW/RS2i2sNbON4hAac
nSVnPdiJdQWlN1QEMAZrbFqOrIoXlxVX+he8amQS2WNYPwRWEBdXuhJOe5S6OhRb
lOFM+wGtc+PdBB/DxnOt87FhCF3g4jq2FA9HQXgDaFacA/K5DbZ+Azo0rOGsjRKi
2CMNAWNwMv1IL+EdqRVajRMPxHg9Krq2VuBric9EtQQhCC6EqyFd6E8LLjp7Mxtz
cy6vhDscrfOL3Kr90o3zyhAJDuLFcz1KQRgYI+iuq8mZ5MGcr0Lb1qu+7JXtlpdR
UtjRwXU9wT6ooSa2jv42z7CnPG2cPKkMpkiCvQNDw3hk5vyOdyNCh9C2KBomPDIM
wtLooHrXgAG31ESMgPZxNvQHN5SQM16xLAj9b0zoIsMdWZNvmFXxtTJtk1GIbgGh
K9bDUa/A9EdSQjZP3ojvsuGjHeyMNSvk2V/qf6xvj/Ud2HYAgzXqh2kEos6N2T9e
xjizBkWGN15XAxjqlb7ffgr4tMymS6O3A1h8P1oq7vyU9SXhDH1jjciJWMXFcNv9
d7W1XMgWwI1o0iYNBzBNnq73ovOeSPasIsbIwXw84Oe5OSTUed0OLVsRhDkx+kbS
XgE0W8RWzrJywD+o8mEuUACWAxJB48HygYK/cDMM4zuCdF1IoNnmR4yYyffZ7V6w
6Kj+SibkwjfCuH50XSyLpLTilkFa43/EW0dn02aI988saNfKHZnTnlRX014t//0=
=uo14
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.9.4

2
inventories/chaosknoten/host_vars/router.yaml Normal file
View file

@ -0,0 +1,2 @@
systemd_networkd__config_dir: 'resources/chaosknoten/router/systemd_networkd/'
nftables__config: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/router/nftables/nftables.conf') }}"

200
inventories/chaosknoten/host_vars/tickets.sops.yaml
View file

@ -1,200 +0,0 @@
secret__pretix_db_password: ENC[AES256_GCM,data:kAOUjT7gw0FDqO+xt8m3wAhOGuZTS6zEIQ==,iv:oPAxDzz4ellT5MxUqw8/iBYyiTMf1b/Lddj5E0iIhWE=,tag:r3OTmcSjNUETEmOzxsMhxQ==,type:str]
sops:
lastmodified: "2025-05-04T14:08:33Z"
mac: ENC[AES256_GCM,data:gyf0gBed5K3sEk0bTBPbNa83QtWtoLx+NVp78KrxxfyiUuPu/5ziWPKHDd7o9TQvXZnQ8isVy2BaTTwR6tK4AG5+SO2ffV0a0/uNx3/jUvh56zQFwA6LTviEnR3vKvKPa1GH1khojaCkyMpYkb2KbMnbrGIt8qqqDcwc1dMVv4s=,iv:7oPpmfeAcWttEaCOiL2WocbhoBaIh0Y33OlCAYjq98w=,tag:KTN+7sxOYEfxGwB3OXvUIQ==,type:str]
pgp:
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQILAxK/JaB2/SdtAQ/3YbYFufLkMmPxTkW55MUkNx5UzrCufB7vyf5KJAAPAgy/
Uh9h2LtkBN+LL82amrCn8++Sv2/4eEY/NGEL2F3yrVtTtpag/ORTjxcRFFdNGWVz
+YpreQ0lNXzMFEvrdg/oN7+9s6QfCUevWpuiWkIPPtROu3aU5VAITrVS09wd2prS
VI/kYNBZ4FSbgGIfms6hPKZ6tsYveKAAYmLNZLGWuRHkKS/oHpKSlIDpKpMZc5Tz
GbRYIukF70/jeo1gGqc6Ksh/nMglq8zxj2v0hQ8ye5RFuyfiKBgVd6uTdAOetUyJ
K4XH7GFFMOEwdei/7ZDh4FtuDqCGguvLuQDomaNIhV+ybWJJfaseBno/p7GwobI6
0g9H2RS9GieNilA7yMRkLzqtOy4iwgldSwGbJpL+NzO/d0SpYgbLOYdkRvdaJvyz
E5u7W2dPe3HOgNsaLy1Hb/EWMMBLHbzvysnhe4ynYMYDkKPmpX8W3zshlZ7pgIbi
Z/XyKwPJtmwDboFuL65g+tDqn6nvvTjO0X8hAIa9DAjWenIskzQ/HHrMyVEWoQy5
4HEW6VAWSosYbewwt4fpnK8SiTZgWrkU0RDi1WH6DGaATamc9eXZmzxvLVtW8D9t
PGozG0gAlOejuAU8pALoDBETH188Xb9yZEX7Pbj1qXe3t+ZQbS/n49PviIi5VtJe
AWjRF1ng5WY5sjBoUozg0AOshAbDNkbdpqvvwNXtXp2tLCBvDKYBZ0KdeERrTF0u
QYpvyVgg6tLPDEtL0AfcW3SpTrEu9hxQMt/grVJy9P9sCNkGCCNj+jZnCoUd5w==
=9hD0
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2ARAAjMwcq9PqOz7fZ/eIFRE8ZqOTdK7xjQw6y80/M/UezCG8
P9NbzDyXw1O6sTrTAnDmaBuZA/22w0w3pfwbIZ9eIbIKUYLR/79bJqEwFbNYo/gB
Z5HrkdbP9ZtKdWt7rY/zt+gv29z9FlXKqS/G9rIpsXTFL+xJfaymhNVjgdKbebzu
aD1dIC+6ehw8/zSTXJUMGIGlgipDz1ug6NEVAJ5S5hXNSUFenb8pK8tko82+PdFm
X7E1HjBxWktBTjGMAUFweqdGUYskh1D9iZhYPDiaUWOHcnaml78TaD45x7CY4Vx3
IdnV/48hRwTwaEh78xT/6RxKMJvWWnPBqUE25GjNSNAN1dUZGSSqmGxcDUM4u+tA
YxzNJ5NdJhl5BQC+Dxj0wloaVbMCkCsWdkT9Ewn8s0XqxsNWXTD23SZHfKl6iO8Q
44YpLo4R4T5XJypuG4hCF3PEuIzL5L4NaPijOMiVrMQLuAbhdUkNWl9i5syjfzfZ
nm+8Vm6NR6ntp9jm+9tIGjidi0dQcYnQvdg6ph2wivYduOxxQOriJNKVFjHGuvhy
HjbOFcbsScj0tDO0jQYLUQVBbKSPEzTLqina6LF6E8aH9N+ZCRZ0kBAskH0OC12V
lj14suIziyl/i0DGO+DDbVeyELPl51V5Cf840ZPnXHTsRf4pRn812i+mX1dKBWDS
XgGy3G4A/yeXMkvZoge9qRvlK8qGysAZVTHd9PzLDOq8oDlaHfF7D8xZ00PtvUmv
ZmpVQbUr6Ou50DqwjQ5y2Zsxtzn6ds9k9n664E5efFU7CtuGRU/sB7H9hr2BgS0=
=QUNG
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJARAA23eiDKMKgFZsxbDfCbXHd70e35HPoJPEQdBlXDaFK719
tfx4ZnZXC8ZFxXr+hNf9YSAb0GXoIOXBGw3w6OG7t9b6nE0wmM4McBFPmiJP8clY
YFXWCEBoX/U7wKbOtO1YS9iPQZXvAwU6vjVGzUrNSJJgIYD64nwxaVmKvWitNt25
dPzqqskE+JBX/MrzuF9qFu6e1bDR25c8Sz040HCdzoLjHePu9JFJ1jL7ayaT/odk
goe4dY2Ax9cPZKRXAWuzaikLCVMTtchJlyR7BI+SRmEiQlNTYgF+eufVg7djn+kO
7BEQ5O9o9FvxNVWUXyvExiLcLSJEEGpfrusXwbUz1GMs9bsAVV8q7tlUvT5IW5Nn
UOItNitarzVn501WkPFmyN04myRrPY+F20Vs+3CS7IqwiQe/iK8/51dGH22Hwu9S
ksOSmcjVbBfxG05U0bLJgIr9g7PlG0fhFWjnUO6fQnTAHUljXljSqofcBLK115i/
fHXc34C2zZ9tbNfeRnCLe448mqlNziH3TLIyQZe+gt4e80J5PZmipgSxHwO8MPiN
iBxS3r6i0Jh6g7vmbCh+JUT9/G/OvOVpF2RB1q2OoavbDOuAW68ptPG0vU5VMKAr
t3m8tBX4fL2h7EjWLewa0aIACK9a5s5UYV9mRW8TDntGyCbw11WTTEtAUUwhD3jS
XgENM90AHk3JOzSvx0a5o5NNZ2zCOishcltheFKhT8hAbXNZ8Jmt98qlmBfqKNSe
qKLUBH/F2J945CSjlFKA1n2BdXZ0NrPqGd5TsSeBAo2N6H3Uqvn16ZQadTbqsvw=
=nOJ7
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ//cCTlbsyrbw4RDZq33xVO51ouvfxvY3MSLb16J/orxqGi
b1Du569Hc9da1AXeAgTzBGt3QERJ/rVEMPIrkRaH1dTlOjlpGHZIxsXyTM4Igo4s
R4OjiP3nqh9eJNhcLjsA5tXCqvxTAnm00hMEehWIf7vaOQs3XbMQ6mq/e4RRRHBT
LCGyI1BVb2H+IH3tMPclkn+SqyR2P7sCawS5tdpjxED6l43l2EHrdzb1/XZjXPJH
R3fBzOoAqlvOy6baEsDSmD3CCfuU0POGe3M19krXE3OT+HgprjzK32wfDkKnLp6P
rvNH0KWWMV85ZvLEQREASpbtv8xB1+oYiFQxDdD6b1yH/iPXxXD28kxI/8WDe7OZ
f9pnMS/lQLSXEyQZZEax4d+7ayjBTOTdLcPXVtNY6uT0Ye7vHwwiWxEnCysaFwFk
p0JglvRBW7SXHb5JhCho4B/uLb3jwIOELe/0fPhurd8Fwk4gH9kOA9dj3EbmYnZE
bjEinHdig+P0eMO/GkDtPGcDYtscuxh7ObFuzeaIkD1g4ZaWA71cbPurZUQYOFyW
0Fp3CjKC2ZCh6nrHolE3L53oaEkydmAGJsbIu7Gtb85HgF/w/173bXzukInBohKR
uFBL9UvzeuHvmCg1kdYR23QY47SbBogJweFezA795dB/X9zFu+ArEawv43GFnWHS
XgEasTZX1nCs5IidUgCI8+gtH51qHjuW1hiayOJweFyl8aLwmCe69y8sEeZqOoVd
BZPKsghNVH2SekJs+aRsuoQwRQJHmExcO6/FOPFiuwxrcramoVCMaexBkuc2ElI=
=PW0k
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdAsmE/t3OobfHFHvL4bwMjRh/QXeE/NzcMG6iFT8h93h4w
oEgzFoLiI0VJhSAwzOahL677vdb8q+CZTyIRK8ODCczPCCxgv1h15XrfYT5+0taG
0l4BID+1ry9B+PmcDy7p++552+XxRR1sEXjKmy6iprQgODM0/6hvqtal6lUvqNeL
4JCLFKMAr0TEiyVn9NoR/WPXOnHaPr4vos9XaS911lphttOde1OEiK4mJrtMhxFg
=NnpF
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fAQ//c0hi4pLLXCKNkD8ue3lb5BKQ1z8FL96JksjSmPwjWDrC
MfOgG9NiusE6dkUfS8pe1kV1ZIpuJ9VO6Hqt2eFzYK1gu92+cERNlgLWMYYzvaIG
s1dwbo9cW4SnrDnplX/NenQ+N+IF/AC2lsj/V1fF3lARXHBi4h0ETzGhFMMybJHr
BfYG4fvcXQ4gZnEDiN9kNM4Gv1tqCYL2His+Wfo3iuPpIg8xWveadpNYJl61d8Gf
c85K8s0EvuTUmJydqB0D0HjUFGgcKKhYXNy+jwTtXiX/iMo4I0XEpQ367d70oCnn
2dW5OQ43Bt143PQcdXEtpXkwZjX7+azZMSH1InfQ5TQ02Wj5G0EkYKLZ4MInV7bH
/nPUnpHqZSbYqj1ltoeDZylokk2a8zBwAoICLqDam9YgQGFKhNg6748cYhN6janA
Z55Cdp7yLy+n8oMW5ZaXrxo6Rj/idJLSQRGFCRzZyMR5t+xbbmUbPLgKIDJ/VpD1
inpMFCSfdFOwhZst4wWG9AR2foy5j41khYElcoqYr7UDdmFYb5Dkik0yTE4Q45bZ
ah9eDMas9N2t/fZ7I0OnD4JN4EgayiS0Ga0sngYwhMfoQophTh+3ufzIozNvVBQ7
rajYeG+cjMAPvE5acHM4WT8qCCG6gIyUOeE5//KE9T/F63lY/pqEzlvz/Lw42WnS
XgFa9qofeWvl8LmkWPkcGCavL5Z7TSieGab9xnzfOX1knAIZZ9r235Klko7lqHyG
5nGadiOZ2v7NFqTeWSBWUDASj70NloMdbq1lcXlh4tJ8vYEbL15sthmA1Ln/5w4=
=KH6H
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ//fGWqV1GSmhKcyQZqZbkLQl1invlq9v/AZVSoeSrYtKH3
HoqNl1jd8PqKzda4pD7qu6aGvXzHCuBnRzYh2NZLk6qyV2lzsmrwLY2kYykJyH0b
UFTni2vMPmHAQ++nBawmK3yqmVVSXlA61gWRL5CgsU0DJRVO0PTb+DLBU9+uoYrn
yxqDoaa54PQSfhMxhqsRrMY+GF3JyLOi1IYVIePeJ2D4jRyTuST+9lQ9ITKDGx+Z
xIfu1vPzd/WtnS3O94ZlxfHgcPwnRGa+cvyCwb1TmfF0HeGo755CAZ6Ge4aDM1+V
/gkv0SRt/gV6SEaxPsFIIcN9KDOoREjtJNvvWg0Y59tAUS0udsAcIaYD9XNoEVTg
QTmFKfI416Vqiov9M+DNKds45TiQD1g8K7/dJODzNl4h4nUqdpYH7+/lP6BaojNd
1mnk4u6Au6uj6Jv/JT/pKsEwaWkZoG7zswpEBeuXfYkp8JfpGDs34P3cpV+4c+8g
Tu3ERPdzM4GkzFs924AIIWvkh5fww1kWCmHiX2zUKhhm0xr9K87qb1/fwTXtPoCc
610HRvc7c11aCU3Vudk/PTQpPeLx+gvqacPTUxgzHpNl3ut3wj/3Ej8eOE1UL2xa
3DsMFgg+3XmyQ5LBNE2FECBrVE16n8+eFulMuT0M0ZI8lHW8eKYB03SwWxmFBfLS
XgHbgnZ26IgjVGPzp0hF8Re8nk5Jcn6dXg3dUIiqJWBCvVaenhlFP8EEW8etF15C
Z7OeiIkDlH9bQb0HdAZSdYfDuAMEgYW1DZeivnFdtPjc0hV5yvq/vtz2MvNrhqY=
=kZhk
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ//SfeMwFnW6CKSqFde8R5qc+wNvcrlcVD4rr+AB+9ewmPI
luCNFCwAg046NfEYGwFP7n4Mv14Wjnv4+en+xmn9Bqjt1skRqthkE/lFjNThaLgU
75ZqSYRqcXakDyu5wBXQzn8LUuVIDci0w4a8xW/OI1myfk4gdZdw0Ju4uYUr9jjX
ROUf0ccnmIkVLJmMwiYYDwnxKMPachmwIb+WqUksS8GrSsctdYbHzD+ElkzkArcg
cix5M3a/DWS85C2W6yDu57wMEc25zugZqOOt2A1UYbMyOfQE8FPODEZUCth6F85+
511lKo1vY7op8lgC0pvUScSiHH5/sYTb2XsCIgQscwbz18PW23fu+FwwhxYCK+n3
DcdknKw3lHjVKKjkWba3jBXe3ztMYMKs2VIhqymqOXO1O482quXvDkm3r/JdjiMv
Rrh/xT4RtKlUMjULG/CIuufkSzdG890CRFL2lGMEg9a5Th1N+x7SRbD9cLT99JQu
Hla3/nDKlCyVeTKP9mwSzQ3BfHFY+2yuxI5p/1ZLjUrWnz/mkiWnFn0ABjsHwNWR
roOldCiGQt84sa4GfyuLnnA8siBSrL0zpPkpsi7A1Sxq5oNPJIiBxmO71FFESRK2
MlU2AMccAAEJ4W03tL7DTeqOUMhDQIgYodA4p4P2LGyoIeqn+y8/vRghRMKEkHTS
XgFrUvjyBLOQPgLPfcqceORp8HeviLnXBOn4vxOyJROQCvS2RR85c8zpWlWJzKU8
UIvzVWlAHXkB27fu+OYD9Ab0Rfa+5JcWq+9reum8eav/zG3tz4RuxYQZ5lvdw0s=
=bAYV
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAMSMUC7luOQYfb/yF30H6IAfWSPcMVcDlCSbMBl1dEk8w
Lma3+Py9wjoUTf4jyONh8PPJxP7Yo2PywQjCLFGuuMdWX47Y7UhBnWdbtaH/SiU5
0l4BVp2HXR6wvKNlPj+Jj3GKfL4+lG4/TLacLHA/fNk+ptKwTJaF/4OIePQkT1To
j4mWQzjAUlmKDLc0FJlaolrxGhmXGOn+8N1oWen6JYa0dNuvWWZY17eSerDQJPGg
=OukI
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAsDSanBfgX/RFnK0ypieGYVXvGSww5Gvr6EsspePrb1sw
pA7N/F8ExFyhP5iNdMCNx5EI4qGGh7aim5+6MyArP7v+yf91KgCn//LixlI5QAea
0lgBcUQyJ2iwJkko6rxUkCnyB3FfQXdgi9dte72sVLVpft9Nw8/TcRqoe9N1fwRI
rxP76Sd2Fvr1FqfqZozesQvX1XqaW5XWt5fp9UH7ehBF99N4fSdJug+Z
=AmkT
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+AQ/+PySQtMQUJ1Kir6YYRn/lW+CArNN8dmD0ryceVS8OOITO
skIUqVkhuKPnKur/O6U1poyo0EFMOnMZjXEK87EZCTnGZL5sSu7VFGiwPf/h3z99
ljli8/uidyhoYsQY3yAosCKO594PQA3RzHnNVKWsNwIe6Zo2J3qTwm3H+RK1supE
HOkt4EgvIb2q8UaYD+lZVPGTj+pa0FthIeIixtjauvQJreRiS2b7OsyRL3bpAqc4
f8Ov5JZP1Ou9V+QFn1buqt2eeUm2SWkwsmC+RD37sAXH2zuUvh5Q5R4iSnc/Ry48
UJ9+80DBamauQP02vw6a7WccmSku1b0O3lheiiWkzKc1u7RhzVcQEy1SOBJso4xB
g22Kn1E0RzUus4Eoj2M7MQ3Vzlg+hveNHfJJSIteKvAa7505x+y6sxZ1zNmjQSTx
D1AqXIpr3oBkW0LO6tIYbjIKUE/2hSNEpuzJDpB+dsqZPS5p5aOc4y0rLbNlb9Ni
M4w61kcXzxaJxL1pwb/eBetxzQL/3eA8omZR0pwbeqHTxGAGoTGUMDlqK0rq21S+
hkjpL1VeduGVh+q7+c5yQ9XnS9xRNe7pMm+uKf9Z50OzSFQsQzamm1g5xTX6G4wF
gyjypWKNiPk75vIw9j4zbDONnzvSYRIAKno88LLh7ycdl9SN2776NKLtcrpA+gjS
XgGfFZRKkEM4wG5ShafYLGvesYaBWjoM5upFZklVcHtrSZbZ64PJjSSAQyX8d0k3
JJ2K7fP5VY7TlZqYXujbNQh8410ARlDuoGVL0s9etx0bbbLHLG1r/kCdSnN26w0=
=+CLr
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.9.4

200
inventories/chaosknoten/host_vars/zammad.sops.yaml
View file

@ -1,200 +0,0 @@
secret__zammad_db_password: ENC[AES256_GCM,data:ThtJngNvMc817rvbjMjjbnp1tBlXPdAg,iv:GcQHc7p5jFcyxpTcYsUOA8PvD1Qy5HxVZXHcAuL19Uk=,tag:UjVxYkU26/zkBL1eKDfreQ==,type:str]
sops:
lastmodified: "2025-05-04T14:11:05Z"
mac: ENC[AES256_GCM,data:GNOhRrJkLTjovRO2cZgeiRcqB3TE2sWxD220Z8GynoUV4pWS20vOKvaqwxU9seuD5Msxd05JzLRVTCtP4La6HVSgDekoVYKz3SLmdT2Hev+fscmfr0uojRi/5f+eCqGMBEy8Xs2Y7AzIC60iHqX4VBBn6FgkJuTyS50qn1akoGI=,iv:EIjJbb0adELCNBoRsdjsVvN19v4rKCiVmxcCAcnY7QY=,tag:GzqchqorbDN33+SfspGT4g==,type:str]
pgp:
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtAQ/9G6kv/pu3reUUCTVQyPf+vZSEKl1W3plShn5zV1mexSsf
g561L3tA/jKc9xdCFvrzkgq0P5dNHLUoT4GbbdCA7CM1274See2QE294tLrZ6Uww
pkAd2swywKP3bn0j1zYmFxemGaGXPcukSpQ5X4ZhBvDKvM8dgWo6KRUPviQ89kOg
v/9NWaOfbgGF7ZcZd90JAUBMD6X5xABKVIac6qKcBuvz4nm3KJRboFMxgtG3ja/t
fz0LTqwGsqBRcRkZgLudnCCS9uWKee53CqWuStgHP7wfqLasqgNY0TacjyBg9WWg
ZeapLkhv6d0tXsSGAMmiYdXEst2yK/usXbqo88sod40VUJhZG2NUrgWsuU4rijD8
ukIoZYpie7UyKDf/tfMAvoyI05BS+HXvhgmH1rsUTLsLTe+JnPgC1fmLTLJuvA54
WgAsrAt1m0FmoPsegcVpaSIBldR9JDMpbE+6OxLfnMthh4b40SEcymodSz5Gb6vl
tLoYlx3+VJpp3+kK6NLxyP77Z8drpNVYdRMI/4XyQe0RCAvudV8nFCzDTjXPNoG4
Xtd+xTO3So9xpql3hYm08IVxFa+hua7qgyeINt5W2WmZ+MJiGjX0GTTj8Mq++j+1
0EnugIqqaTQ4vrITP02ohUq60lmBr6zbH28hZBUHBgnVEut6nA6wDIVT6VTP7B/S
XAHAzMdG+Nhw06jFiH+Lh6BRs76+AFt7O2pDWL8TzSiA60gqvXZiWO7rU7oDsCe3
2uC05B+ryAH8WIybxPBlB4eLoHJwQzCdxHsKwWYKtpvnSiuZNnkObuDJg0yG
=b7mo
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ//WL4ttnjERa6PUAoZYyuKnrnFkS6foR3adZhsOynGKVAC
RP9cryOBrLZ4tWf00Nl+wh/hWswJuBWe81dQ0ZyRq0ao2FJAdm9WukNVKinRShbv
bgsRdzjS7W/LYpapNvbJKmxQ+2acah/7VbKsh9S6kdymwJTShRcGjhwiJCXPtyDd
rG3LQ+dguIY3kg2fL9LEtl5Q8xeAtA9RiSAxuu6y9BcUmiz8HJMkaDXFwrleds5L
OFJ3A+DlIO/MgoHwS8T/pQj3L4d7Tr7SqkSPuWKvrX+Au8uLqRM8tVOK7YJiKP0z
ZIayOg7ntTm/jCRSkMuX3oZ97Jbpp0VBX6im9Kgzjj4LPJxM8n7K7/wuZxm+akeL
7/V+cuySYVfL96hPUINjHe2zrUz6EZ3/oo1EkpWxPd57ksCfTVoy14w1+hF9v0fl
O3sI8f92BvvIKDQHeI05EFweoWUkty34RrOT1zAUj5ir2F7K6Th4m8jWdA3gWevd
oZsVOIOyzTyzHAyFL6XlRphrdRW91CpW6rRoSBgMxaCX4Cso6NWocgU7lSD8sIrD
xTKAPqO9T9qMOKhUKIYnvt9s7FWpDa9xqvdWKX61KUGMfntk7rYEhp3125AW8hBx
HBuZXgLiplOJZEs969JBL3X6vpcMpLJK9C5qHUAi0jW4OU39ktoO9u6elEO0VYDS
XAGs8wOfvnkDlnzeN3E1+o5NjRruLKasBa+6KOnQG4/5XEW7b/LD8po4BuuMy0uG
qLQyWVCDSu0FOYp4GFaGdqN7QZpiUbxnD307xd+MJmlPkP34MRW6Tdx0H9ry
=xCEm
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJAQ//V5M/XCLawn6KtqJigp5GEr4j8c4FBgYN/7Vx2ExtvHZz
635xc/UE9WiMFQAtkiftm5g8cdz44Jx8rIjECsx07Nu2/mNsdzuNJ4JJS1cXSK/3
o9Iq4wR7iGKAwEk5AazVe5raq/4rlqTvrzXZhiFTHLdKzEpSsvyeWVZb5rJUDgiN
h76iZ7qlSfIeHPWSlfBT8BhFVI1luUhCJpP+UUPrl88ilrgY8NGTQiiYJZuLneED
NdvRdzqOePrK41SlLq5QWqZbhracfDbg1WQZkLiJhJfYE05UuKP+YrRYqm9FeZaz
AvFBB9NKk7zmG2XDjI87IO48vPBge3pujH4Qzh6NYisiPnWWrYUYKuOy1fmVfEjt
/sM0btfqNfQx5P0yvn0E9UurJbhGsI4+mZsFRMWlgMI1yIxpo4DP+rK7l8YJstbZ
OpHloRez3bwZdpAzL2tzJgfK+U7DqSaBWSezWKVTD6mUORNpZVhtMJt/mfktFtuJ
hyLs9KVtCMhFfF0hO/AY8efm6DTJpbCuRAUSw1wPteQvzTxCVf4VE8Fkpm5Ij5bi
TkWPVhfeLkQcQlRTIAq5K/CKn9ck+5apD2ew1kspPQQXVbF5DGtO2ekPGCVzw2mI
kzxNH82ajjHOYQNJVe+L69A0yrJvf27BR+dVkvVnTwo25cKzRLKUTUkt3QQyDCfS
XAFhNN0aRmQNxj1oAViXSp8CEQ/rPifUEdK760ukcwDNEM1y6D1ky3O+yR1TcTFe
40BoYos2qbEb8Wl6M7+mOem8O8e0/SvE9ktjSUaUEFAn4GaU5kg61Ek5ISwa
=0Uat
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1ARAAtZ0xm/ZfBtEbJXB1DyykZmO8+q8+N0ZgKAh8g321nxcM
Z9f1Dvpnq4RsVsqJkP8hibLnu+B44sKcAMN5j0i39k5LwJ3q/unoJZe0vcf0wbg0
fid7Z9U+D8TJMenS0o1TfyB0bqRZ+INwZYo/q0lxGCyr84RWPqyGGTzgRZh9N33X
EsdwaOhUAS9sFmkwciqFvuNW7Oz5zU0K1SQuK29GEtUoq4EyQJ7wWg/e4sxm8jmU
/yTH+NlyLw8p08YbkrKgVdzgWQ+zzNfkSvadtRs8Xix9XV1GzD7tXIwZIXmWQD+M
CA8gTTAmu7k3V82kN6BhnVYWFlazd5rHLfQCVXV9dlMWXUepnOoGFGq8Fsd9j3Kr
0OTnLZrZO1+2snMoXMUoqgJpCTrxgC5ix1zYpfCqd8WeAWh88ndxbsR3T9xhrVbz
3bxpgXa7BgIaL/hA3svTuk+/psJSQK8ZY1z2Ehj2Evg1KEOIz/g3CtIQY2T/8i6E
GBkra0tVUqAbnxhGI+rSONijQbmyXFv6jHFoRkCt8h0e4CRuXxXyGYnegNA/u6PU
ifck5iOy7mSbcLxjLvIKT3AgB7HAyhF9NMaTTruNw1gEaLscySRL5UstuT2bjVk4
xu5PZUWTBMc4uAnFQdlJlUM7gaIHAreO3tt40B4mWT4em574YGuBkWqS1/vfsVLS
XAFUjgAEUud/yBnM4kGZaEEXVoPTiHXMzzXvqazGXLWdy85yyH8Vc0/G55oIjmka
gp/ae5/WPFQedYSVPmeOCzZYe76V/LdudID8ShbYqmPPyCZNHEwWSQTRYcl2
=TSxz
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdAiWvVhgNgXZ1xEKTEvpC0EeSl6RmJ7NPJ2m2/TXwdPxAw
GTWFhnCOpN9yOhnTx01pYBT+DliA8I1DQkzKWcZZLfAWRoNtZt/bY94XnwffJBG2
0lwBj/ewRld8z8+qKZRAwg2B6cJODdzp5UlqhM5B25ocH/YOfOFLOEdwj1mv44O8
tAMopgKi/krCTrm28ceeYl7Y8+iA0EOP72BoS4IaEb1y6WhZT90rXq43J3JaDw==
=UNES
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fARAAlJsKlKsKrONfko5V/yrsITbkZOsZQdwjPv2+BpmjRxI0
UCN0vl0xhyxhKIVJkuL5nXOzmoW1Vux6cZ60OpdUxccvMaQ8+Y8CuY5jSTNKrA9n
ag232Fm5P50PBbvH9LPtz8DzMaCNG8Xec/QegozAmTeFHdbPvloNpb6kwTYqR5uy
vNRVnN9uX0LUPdR4gRqsQGD6aFJ1oXVAw5G+j30eD998NOrnBBq0zDarjG2ys2/Q
EqYRvqW/wUpNozTdhlB4JUcuFBmNhWaEKriPCXDD+NgEJrapdEK8YFr6PsLkzQ22
zkFxPItkXbuAoG9KPskMYygeChCQKWy4WfMbFK8t8wnywhXf1zl5yvSKubto8wtD
9x2LB5R+cW3rHIdd4jWZZuyv/VLbL3SEpVQitMXmz8Jj45yidCiL3xV/t6rNzWzh
E9/PUYEVGKRZV9mte+hiniVYUMHQniAwomaTa7w1EHTE9sziGPrPTqb0xGADsVmd
XBiKhyqwatTgnmsFNTw8gr80hI5CJpkMm8cpAKOXTHP5zzgpidfLTWAnGWPOu2cL
fpTQZ6s6Plxv8341JL8+/FFl7wEeMrMDdDZePkEQXXhmbOlQBbhGCNE5WxZVrU7o
ZYhQd5Gg/q65cTUJfcpmQZLYKy//MYVNsxEi8Gt3boinvq+opbOt3fGoU5b35S7S
XAFVTsQgr6i2aPslkIfbZ7jCK8H1/t5CGckcj38ekkKnc+qFo04BHYpdzrLqjM0o
e16w/tILSlWFz1aGzS88rkhUDjAXJvPVszZziqdoF1Yhui0eeqWX9lwg3AY8
=VP6H
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ/7B9zToh5Sjx08QIWHvCSU3p9gcs6TEzntEmomSC+f9D2m
HByLrfkTiizvAnoa2m8x7W3hocFGuWiMO2Out2HTpr/wS36mRuTNmgfWb31avhyt
dTKBiPJzL04LG6kT2sVMPlfbhJ8pZ0YEJz9Qwr/HTqYVuQNdnARXu9TMU7WTRlSK
XcyfRU6ioDC4HAidTrq+D9udY9k+UyT/Xx+98azpOpa3bOeHqKmsMEevJ+lBs9BU
bqWFEKxkSNPHnMMVc2Ii76ng1r8qDVWyLDQ8GL+0XmNeWtLA82D6OdASdiUT+Wia
mo8ztvkOOQUNXaBPk7pH0vIVBEq1WrmpIbx7uVJF646DD+MUAPpxpQW4agrsWB47
YnnAOIY6JRNhwSf7/o52fereFT+CIaHCBTk2tsXPznZt5Y4H6UEZJ77xW5clEiCA
hsY+orVXGkyejpuXb/W3l/hl0vWxhpErDeEF6xa71rGeq4gdNdGVki2zdAWlB3UU
sMNdBKvZcFWcvVQhKC73OUfsDieGS8CdWGn/BsjZQX8Jtz/9D8sTe+KwvIt88NRM
muSrfHPEd6BfDmZcqlqWGXg2CoN1/g8pprYiFrKXuuPy4qA1K5ydarh/mFNyjX6p
btOgsWDy7VdSOq3vv6dVhLaIB7mszVzLfdmkgOr+Hm5pTvHIqZhQznIofvgcoW3S
XAGKeM5Fjrv6nXEW0Xj4zJ4eC11hDSyXeJ7P7+U5KwT0vixELGVpQv0axRNNaPNR
jMku1rVHdYRGNNquiL2oJyY/V8jFJtt40rTEvoALy3pbnrEdE8RG7NxVpPes
=ysNG
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ//Rt/1s0yAosBekTFgIJhDggMHVy+4BSMcX1H6ouv6hYNG
zEFd668fDcpBAq0hAXalxh8vCpZC9CeYzX5a3qlWvsk7sUHNsQALVZLjwN9HHfm5
4owzgHbmGd8BINtoirWa0GgqPOMX50uWZvPYXDAjdawywSYxLTj9CwPLw9LKo8GW
b5SBuG0Bz4jWZ591r6g/pvC2Q2ozFUqcbvGylo82rAkgH9lEzepG21Vw7sMdEMwB
3l0QsAse6Oc9gKgDeqHutoO0vaASvljC6geHBZ39rNHuEjFi3e4OuKFz8RpWRps/
3sHwOydT9Ao0cgduUtbzLm/3NHvcH1Hn5zJvNkoEPIhnX0ynJ7GzM5n/A3MW8jRj
I+PX2dcVHEzIhdTcbjB2Cmx2xYpY/CBp1Z5I+IhqnJ0Zo+nwDPldn5rvnO7hofvt
C1adexgMKPGB8zkojRxQErkN95IFaiCbDiwcQWC7ZI7OzDGr12S37OTJrZf6Fqyg
639k034mFZUR6auDGLqAmzXYmD/VcReepsnl1Eqke7R3w+n7RgBhCAoQjy5mvys+
Zbe7ooN2vAe8WcdqcCnwwYc1kFNebNQE9L0coLHsZwEZjhYNCPyGI+drGKigezhR
abp2XoLItTiYqbSy3fD0K4Y0aV6kDwFJQiMedZGbqN4nTJcTY1t7V5GTx8pPfSfS
XAGY0zsoT7EX3Cnt34J5YSNRt8hyf6YEpeQHDPyM9Qzlp1ppM8lvmkA2KhcJZzBL
fMBA4S4zs3qi7prrgtNsAF5Smt69XzoyOuo9qofN+776LVWKSyjfQS6ZNe+R
=nlmA
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAyO0n+fU1kq4NR2/Zf8SHKx+6zegT/HCgDkpM9DGh/now
db5MRmmINkcRSBE8583KwaSiInuYSqBaw3UxOv1VRZvHnsVVm2AWRtBaYdpnfRLC
0lwB8TVBhkjNuMRtIiLVdd0IzWaXPmNTW+MGHtjfFocnor+MMU0zIFucRMY8L9jt
eLntMuWw8knwJ7l7kea8So8+bWLlCouxyEWk/+PuLhcWiGBh501yKhkREagRuQ==
=Kos+
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdA+EeOaqri8YCU5eC4iwE66pHwS5bJa8UGO5CNi4t7JUcw
0ZGI75VZydgTRWSaCB1AGyix1oviS5ans6i0KeCtciYTuaFl+jPbnJL9EtnO1OV/
0lYB5t6/oT1J+mRr9mocrzaDJOZkv6xy+90QGA+NFF82bKWvQI63hV9bhuC26WKW
CWEALAdCLDo76JrhcqaGjmZrKDWi2y7Ju6rXk8RT86W03y+eUHloYA==
=AqlY
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+AQ//X6diZXCicV3lW5GSRRUG9aR+AmtuZtjDXvqatdVSzYR3
NeGYYmWwHaPAfQrH2i07c1JeDt3RY/aKo17afSdm3jrnIvfAAFZbPQ6DTA6jvxlJ
eDKJgExHGR2y84EWerQYgKYwQFROiOExNotRKoDP9WEvVO1fEP9JpkxeliRi5+hH
87uGbhEZGpn5QRF3kkBLvS6zx40wQtdXehXp95eD2LAbgUdlfZJsBsCQ7rvOss6l
CxOceLJPZG2ccPgi9eu6/17+5GyX606/bkzOZefSKlv2ifkIaU900/1Zswn5GU1I
D8xibc1gM6j7l+Tp8hevUiN+lhv8LWiyCk3ph7b9MrXLjcBpeGRZUq/sj+ffZdDH
zxon4BAgYSVw3QvUbi8TrbGv8nH6uxWwd1WOeEf5pHpqSlWpIN+TTXgvroivO93n
bTwkiUH7mmHdZihJUpE18Tp5dipvmKW0t8cz1ahsK4WF/mlIOMTg2xJ7gWMvQO6/
8ZpW9lIOzCirYn3L8kG4rtAdaOyk2yhQMBPJGas5udXqn8nfGrHG7wJoR+NgsOxj
l/FkOfc2jYgrVSYxK5DiotWcxgg6lpV8b0YngJF+7+R6wC+E/h1ux+L3y/wH4lCd
ioC0iGeJfHdo6C6dmlHNRzgJOKAQfQFATLvcrlIYm3ejrDYYqMwxxmTkHSuZBljS
XAEaFIbQtogDamtHcrF32E+5GzNeHm5SCNhOZle5KXnHHj1s9+d6YVG8MNLr++N1
Rjr/RLVjOZOcjzF4eOh3DCqbxaY8YaubH2zAIcBk7H1dhmaVR6tQ1cn8v8u3
=PYNi
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.9.4

48
inventories/chaosknoten/hosts.yaml
View file

@ -10,6 +10,10 @@ all:
ansible_host: cloud-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
eh22-netbox:
ansible_host: eh22-netbox-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
eh22-wiki:
ansible_host: eh22-wiki-intern.hamburg.ccc.de
ansible_user: chaos
@ -51,6 +55,9 @@ all:
public-reverse-proxy:
ansible_host: public-reverse-proxy.hamburg.ccc.de
ansible_user: chaos
router:
ansible_host: router.hamburg.ccc.de
ansible_user: chaos
wiki:
ansible_host: wiki-intern.hamburg.ccc.de
ansible_user: chaos
@ -59,14 +66,6 @@ all:
ansible_host: zammad-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
ntfy:
ansible_host: ntfy-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
sunders:
ansible_host: sunders-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
hypervisors:
hosts:
chaosknoten:
@ -74,6 +73,7 @@ base_config_hosts:
hosts:
ccchoir:
cloud:
eh22-netbox:
eh22-wiki:
grafana:
keycloak:
@ -84,11 +84,16 @@ base_config_hosts:
pad:
pretalx:
public-reverse-proxy:
router:
tickets:
wiki:
zammad:
ntfy:
sunders:
systemd_networkd_hosts:
hosts:
router:
nftables_hosts:
hosts:
router:
docker_compose_hosts:
hosts:
ccchoir:
@ -100,13 +105,13 @@ docker_compose_hosts:
pad:
pretalx:
zammad:
ntfy:
nextcloud_hosts:
hosts:
cloud:
nginx_hosts:
hosts:
ccchoir:
eh22-netbox:
eh22-wiki:
grafana:
tickets:
@ -120,13 +125,13 @@ nginx_hosts:
public-reverse-proxy:
wiki:
zammad:
ntfy:
public_reverse_proxy_hosts:
hosts:
public-reverse-proxy:
certbot_hosts:
hosts:
ccchoir:
eh22-netbox:
eh22-wiki:
grafana:
tickets:
@ -139,10 +144,10 @@ certbot_hosts:
pretalx:
wiki:
zammad:
ntfy:
prometheus_node_exporter_hosts:
hosts:
ccchoir:
eh22-netbox:
eh22-wiki:
tickets:
keycloak:
@ -155,6 +160,7 @@ prometheus_node_exporter_hosts:
infrastructure_authorized_keys_hosts:
hosts:
ccchoir:
eh22-netbox:
eh22-wiki:
grafana:
tickets:
@ -165,26 +171,14 @@ infrastructure_authorized_keys_hosts:
pad:
pretalx:
public-reverse-proxy:
router:
wiki:
zammad:
ntfy:
sunders:
wiki_hosts:
hosts:
eh22-wiki:
wiki:
netbox_hosts:
hosts:
eh22-netbox:
netbox:
proxmox_vm_template_hosts:
hosts:
chaosknoten:
alloy_hosts:
hosts:
grafana:
ntfy:
ansible_pull_hosts:
hosts:
netbox:
msmtp_hosts:
hosts:

201
inventories/z9/host_vars/dooris.sops.yaml
View file

@ -1,201 +0,0 @@
secret__dooris_client_secret: ENC[AES256_GCM,data:v85gIBNH4s4j36crJ+Pb2lu2cdZpwz0xndHzBKZNGKg=,iv:Rlt6R7JMcHTAAVPiTtFaxqsWD8G5B9Ab3yqItYdFR+E=,tag:dlMHaxTMx3LgOzCsTLUdzw==,type:str]
secret__dooris_ccujack_password: ENC[AES256_GCM,data:bHeftSA7eC1cSydBRumksRgw2v0=,iv:X/pfsvQPZREifGjHDGx8mVk2TDrlrRVb6MiAr01wI9o=,tag:ti//x7eDbheMG6Hsn2KBlg==,type:str]
sops:
lastmodified: "2025-05-29T13:28:08Z"
mac: ENC[AES256_GCM,data:SkqMlgJBdM+CMLE/um7m8V0ni04Xi3S9GovNsADrws6VbSWTX+50oc6HtWl+Kj2XugLfp2XpVnlzggCiq3fePsdt1af2+ZfSCue1d+dexjo5Q/gvE/olKlmn6aj5qiosUsLgu7v2bCOIb9m9WiEhlQLKx1wGiqVNQDabiLOJV6E=,iv:NUUOcXtbg+xMHqthipKpRAWLTXda8rup4aCbbP8sVEg=,tag:wyh+hrZreOyT7uQQrghb7w==,type:str]
pgp:
- created_at: "2025-10-13T20:10:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtAQ/+P4Y/6oXngawMZSyE8nrizlGEOL+SD1Uc8A0+pqmB5RF8
RLbDvAMmicGGK3dAj6WaoCEl3F8oP4VvWc6pQC9xaRsaJRH1hstajavI46xv3GCF
ILhitEd6HbDMrVB7QlzRRUwdpJN9/+PSORRK8PejiH22+vIWnMqiYVM5fjoJD8KO
rPZjYnu3b+uV0I1gCQmp11+dBk4sizxr0w0bDNGJ3hMzg/DMOqmJUK1atXg9ooBJ
XwYlVFHj60TS/3so20EG56mYEYyNyds7yY9N1mA1S0SyWoIXtJbEYYriW0y7FOPd
f8kuLp670IJotOglJThq3BP0ch6LxL1DpV4E4dhsxwq4zbujR4H4e4Fl15kNj3Ca
vtCo29yd8at4Hmct+sNyFuX/zGYLZXrl0mKnQq1K22Ot6x0tdQI0kSijg0moUpPp
d/hx6jeSw2TFIhwm2KhnNWOsFSbmREJ0L/rJ2yhunV4UTHfjqq3eKFI30wnC4On7
qM1u61sEJcULx8Df9yqnRa+PUnltlNuswFBJw5jZ94H2k0CWXAjtfDGO/aVjD7QW
bGngJdxu8+zNhCEyO1QxQQqjY/dFSxwzRlv/jRpD4ragM6AgWgRehqrVwut9yMjx
zf/hq4XeQueVntCZ5UqgusT9zcwZU7cGr4Hl+EeMftNyZ7VzIUfRZ7pv/pBSnwrS
XgHjRqAMR/c+BGmsRUqE7xmwL3YlPCVTXvHg4C2JSruiuYOzeSnKGy2JB4Yq/+wM
auoFgVhOuuwZCerXiTNc/Rj6KF8MmHtpqu3c/NCY2rYsaN3tl6jvm65YDy6ji+4=
=4+eJ
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ//UYavx7nbBECdEhDefYN1Pk1ydInIBa6MWCA7GGNoVX8P
N/KDvuBwJGSONY9x0/tpoBRYuLdefDIkfnHXAMHCKPDjyTuFHM7WiqJRNUaChnMH
j73ecjWB8kImCNA+OsDwSYzs06t3BOuYPauH0Vaba1jYN5sKx0SeFdQJRZBTPZkO
HVR1DVGvSK1jd8d9synPJ8ltvxo6S+JYM7dOHoVI8i0Shzrn+HFg32s7ZDLbIbau
F7D4BjzTzdDX8FvT0NJO+Yqhk6pdc8586o9bO5wzfTTqsEEwTaXRrImMa3K1pQu6
6G/6F946bW70ie0HmNrzt6gUnyCWWM8Oc8gtyNG2+wVyz2Zh5ttCgFkvHF0sIyiS
AV4JNGVs++RZUmEfxkr4ZfMCQjYToG8RFTQQQ8WUDm/t1OJIEo7lnupLuvWadvwO
XBatyEfUNqncY3pFUtEcjWYTafZi+FQteBNUv4c4JNRtG3efFhzvxJNXBfqVXIKe
7Uke0KkhG+HOIBQvWc/7JGSA8vtmIuGCOD1aDaHfwFxVEYyBnu/m3H4yt4rOaUsd
61/XY48drYrEVXyv+4xxV7BG+HaX5boKgI2i+iqZdhdf2Bbbp/PA4woUVQMp4pLP
5c8vidwGtZwS1dhOPoUXuYElkMgFUV+kPfQxTwT9RMsB1uYcsL+2e0TcOUQNbM7S
XgFbt3ySJ32ovWkpu2OqctN1xBtQ3J3FeQhT71Z2mPmnauYUGQwtTPUQVidpJDI5
KhOwgDYO/ZXxQ6P3faG79gz5cGiKUcbargOISgQrm+gSurxYdg3YCZase8+CwwI=
=cBUH
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJARAAqo/EQcO7Bxq5ahIqJJKfUWl1fUYqbXDJKUsr7peoHGQd
dHex1kkerSC1HTi1Ua9uLdz61nZkC0gLG9jl5Jfa8hBIHpsygMWdFM8TkbR/rZQQ
4f+HuiN6ZGmKankMnuSs8nCdqkQFTiMVItBGxGQ3P6cfkZvaxQ0M7U7OVZ1H/rGt
qkvu6IdcMLfuXnfEyI02bH6nhA5cqcuVdXiA7H+av/AgZxHy6RJCbrAhihNiw5zh
HWzYD0vt9o4U/5iOpdpE+0gMdj9N41bWsXcDvmhd74HmXdI4mKwb94MB+CTIddaj
UXTfHeJABVtUSEuq9jnRW5kUKcJl9kZlFbcy0as5tizzQ+g3M9ukglziQU7hm6zJ
EIPOke5GOu74r5V2wg6Dip55Qe2AQaY7fkQz2m1dDmb2dvakaDzdZ1/KYuIQ1Bd1
PM70wPsliUsO/UAxvmgtGvEDdZvHBX6C5Ib70DkHB8A0zm43/ZIvB7l3mVPoX6TW
ZZyH6hTHvF8NcX0XA2sOaP054GGpBzVBqG3I6NndbOeHVq59rN17c6aSNGE58wq5
G2M4F2nX1fGILxXeGUJVahaib7ZI6DIr8u6BwFGMLr+Td/fUxMD2qdar892NzeCm
8gC2v8kwjk0cQp1hv8bn2Vf4TjwR7V5++/qYeXzOd8cQHE55oYZa9GrJ1SLKGAbS
XgE83PddEBkjuaJLjOloXr1M+rykoPlQ1+UtK5XVW+Kp6EC8JcXRJ35XiZ15ScIj
nLZpmjD7FbSr4BthLf370LaClX+iQIfPSaDd0DhPx0cbOzsK4vIsNX8BeoIPa24=
=dRX2
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ/9HwAW1OlLo2jy47Z+KdRPMMx4EhcYGJKgwxnL0/pzDRod
TDwSgfas+MsDhx0fx+drC8O+mzw79xGmHQWAEHhZ6EpZlHQRsE3Sn/8nCam0jQ7l
LeKCyh5MK3n3K0MPzgis2DxR/Y1LOaBnIyL693MCHy5xdB+kIO4kFipWtGlzbUYQ
/SUUhLXBJv+GzZuEtErgvhViW5cy3xoKoPRzeu6+3tj8rqye2h+GuMl2c171uh5G
jkGZ8RzYK6R50gwPT7J0yVAEvUbilSNi0W4k+cBg14WRFC8CnMtGngV0PsZxbD3+
nk0FgTeUq/MAPos6blXzny5xKfQ88/eqX9UVB3VW2X2Gqrrd2WA1zGYwJqxcCqS7
on+VBjsc+uObCJXTyYH5hyJUtoD0Ed+GxvSoGDiwcmhs+6mvVb3sANTLYCXo4J75
xN03s4UMlgrzyXNhqL12zlshth6EKD5q4SjQI28fOWgsgOlpcDY+QI8dBMDOPm3H
mbd09lbvquSdGTEGkCLOGOAg72Ph/jWf65+yYnC7hPCaRxI9K/bfbVU8HQ+rJgsC
D7ckDKMcTu7uYhFnzEsUqTe0aNS6puuKK+r3XDi+JM3bG7R4AjsYUstj8AD0tOY1
aEaxnroF18Cr4BrguFjgd8h8waK6DfxAiG53a72v/mNkcXtKOrm7zImpSPEzQG/S
XgEzCBftKE23Xjg9mzl59muw6+L8JMDUAFWmB7npL5DTqGpz31cpVc6gihlrSiMO
HXVCUm/pQAJVCdXTqxsjkQmv9hQQhX0wIK7WVxzqAM5R/YzBP/sGgUeGhuSfJkg=
=AR6z
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdAG+nf0X9XiYVa6T7YWuwocUM2FKyC5ZzkBepUimI3G3Aw
LJ0I40vOoEfRoa/q1lEDuizyA4l9RG8EVwi+c6yAT1OuyqI8QcRCwjrzvQoCKTDc
0l4BwS5IX4l0/BvSP9F6A98s7HjWwNRInLQNhgOTHgMppnjJIDls9QnKjlnwKReN
1DwniCgRWCB4UQrP9O4kla74RItxaqJMAjo5Bjwpyi9UsyHppp+hOMLWamMhqT/J
=BL/2
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fARAAodfqlZG5jgwmQrY55giGV+U+UX7xHSzXhBqZXcj+mMwY
mF656+UizvKgyDQu1IkFJA1Xdqmq59qPwOSDWUpPCxNXUvnWnoQ2klZVLUFcPKd3
N9851Kd3q7BBcTDqIJvDZaHNnThyc8/x2Z4X6gG0+F6xs2CGsvtgw2CUmlf9y9da
QYVcEZVl86Th6d0GXXM7VtzVxv7NFb9HhGU7XlvP1sF59d7BqST9pl0CMHfevkAa
LmTGlr0wLZtOAvbFIHXdI8j5nPSzEJorBlme0q+8fGFOED3tUstvJ2XPgdqKcsGq
PFZ9hALTTraatZchDhBKusOaEeb/YQ26W/OmU04JVG6CEFjqdsuwee5SubTswYV0
FNYdivJdVyLiJiRkcWyjOZdbJ845EApPUYap46RHxHDv4p4MionH/v4FsXRrX7KX
Gcp2LEuv5uhJfYsJ0XmiNXyU55YGsRsNbqM7mIR+gmBOA6Cv6/+HiiYaDAPmvv/3
ZG/AsHfBgxpVSJ3oTB+sNeiC570kdZRDTtNcwcDeozpQiZGKktcrYQzzltvYhE0o
/KdtXScTs/wDOIsfFm2SPj02gFFvpn44SEOu++EAFGEapv0cl7y1vprhMXewW7Fw
H9YW+P/BvjbhI1p8GHY86nBP6UG76uTlb4Dn3GGkTwhTS0ax3iKFJleHGAiskOTS
XgEhbRzzb33cM1LbxMaOM5ap4YowPuymr5EPqF3ZZ+3FrX8gj0OabzpjBGF+aV8o
6o/fFbMSOTUb+++jmejtnvpl7BsyIDHuAjEmPEswLjYr1P4pI3Cdg70MEZCb2H8=
=FKsS
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoARAAsGw0iqjlsDVLy20bFGiyXP4urrmxEys6x4+1/d0zEpuj
mnjkM7MCht4O0i15Qc2OZNFOExwNzAYq1KDeO05MaNW0A8UCi0GmoVTK9RsTy5OA
poUWQAr1pGJ5mCrrGJRCOBdXqxmEskW5HW/43r7TL9X6EnSRyjJNPWjn0/6IGG9Y
OWHBnMWevhWr4Vdj/LSQhgm/3TuSSd+cBN94QjtRsNcscTsGgZ6I9FZIBwSu8QMg
2R6LZlLpck/Kq6a4k3Yqm3yqh/bCxkHyy4pp0JHmZJs7BMhkmyM+h5riclHN5bjh
cafMw4HmOm2gNprYmWHBkftd+9iDDfjkL0azNs5EZ5A4QFwsFayqGmr+c2bazifb
KmNO7XoABubnlhe8LuI6d//hiMJB7iKeKh3NiAeRv3PeCVo3F0DMXkphtF/POMfY
LiEenCgpuV+S8Yld0hFxxh84abMKyZqasSE7IoU6I++Ti0OsK5ZfEUAdlE2Mx33e
KC6QPA5/eo3i3gvOb3nh5XBys6lInN5Cm/J0RhuahZH2L5R0UEj09at9XmdNck3u
TnW8vSf66p3FYDuEyjNOq5WMwA1rVnuHHIx6cjBl0T2COhRFHk130qfAv5Flzyoo
HkSeUfoM6Rt1Gh7+fLP/BvDG4Jc3PbLVTulAlO7+k300oHrBjXOSkpqO8IM0CATS
XgEAomlCqti55GbMR+lKgxVDJ4kXeFEUg7CCptesHkux3eDFcxmL7XbgIrlJvh1a
DYMDeIK/okQhe/W3mMcF68+xm/Yit6I24KODBxagTCe7ArBy9N67Tg2Wzz//Q/k=
=uZ8i
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqARAAvL/LzRFhGCXA6G+5aW6fSnR0dPynX5eM5BigDBa8VYAM
x5hbt4GOblXrRVS80YRC+rppuzc+UemzlX6aZVbgWtgARpAJNAh029ZdSJNwhFfB
LGyUxvErTkyJZPTHC7hd1B0kdegPr+ZZOvf/oZVYJ8NRlKAIBk+ahmrz+xpjDI/W
Cy27gShHmNBiuSF0nS50RzE1KBW743ERYmW3qVetWgyQuqHh4h7W1y+YkxgzSDFE
qgQr4t9g7+saq2zTZVq/TmDRH266mGtjOWFxw/R17gR6WRykU8qqPl42NqsvH/mV
0kDZKZ9YTkDJB5C+vr8AbpexHxYzxYcBudgVTnlrB60QCV0x+bWl8xpgtCZ/Gpxm
7A52rnA1ZFZi5uj3UQQUA/UyRRLTMdu0w+KkVCxj95OdgG9Ul4D8ex368E1N2JnO
eu2yF1a5atswxKq08RSFiL9ft82PQuh7ZdjA57byOjknb+21gcjoIGp2VYFqxSko
bLQ9uw3oMJu+AWYHZUiA71zeigrEz/pW49BRL4KGTq7Ik6nzduiD06/Td0B+4XEo
xUhsPLnYLlQ5F1IvFPq2FRl3+ZPPR+qdaBR2CCbLoAjSusvAg3z6pQ1D+FkYz2aw
64W9lYBDrn9hd9sXbVpoNMV8rqEv/lrREueYdZ6doiQn8WVDcfwbq7t9+Y3lawbS
XgEmGkxkpyiVRtjDCSFJpRCA8jRdOQH3+DTzb+LPCrKOs+ibKztXXO2wz8nMENMw
yBBednsNcPNcE/fDXXnRRJSEnsbnROmjnVPWa1VTsaVilGW0dVLCPwtMDpqIQEM=
=68Sf
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAyB6EqNKBRibDLjoNJQa0j+H+b3o9kHcqsSyuFIp9ClUw
Wq6E+kPd17DtWt2PstpcmYGfnMl3LnnKvpReObUNQeFHgCG/jMLVCQtqdWcu5YG2
0l4BYZMZ0h70SKMX8GD5TcqPmiO9nM19beb3EuGHvAnUHoLryQd82DhTPLQPhJ9Z
o9s7V6B+QH2wlKURcINADZv27EpU1BGQX8hXqdT9vF+JKBuNMv4Y0+svkCB1zJsD
=UPAZ
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAyghr3s7Dt4ZC3zZ5J6JQQb/39WeKOiigIMItG0XMwREw
oTRbAgrSD/CWSGTgoMJySH2b7yeJ+bD2nvXHgNwvPS0QaJ199pjUZhxzzOIccwok
0lgB1/nSHdDSfiO+VzbNdhK+dHgnC77dVbkmjYwfCsDgh0j4I0IiExX6cLixA7n4
FOvQJmdM5NYOTouAwa0CAIpDC1WkDTZ92jz7HUVuz/OJxQm5RgfDSqdI
=vhg2
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+AQ/+Pw+aOaC4FzDEBKFnInfbRJDkJZZcmdmtTYB4L6u71XyO
bQwqjyneXCKK6/qtFSY3P8dTNbXZ6q5H+pB4LDrk2czW25EOYWSlkxP93BR6lB3e
gqsTelVjpH8Qs1B6IG6P/5Yf++7hOu1qKo/fxnqjsCYpmqetwyrxImAR0kp4w/pC
kXtCi9BIpwE++HxvZIYB1oB1+fOWy0Byo8ugjCP+h/LKTjFNDrY8khPRt9uOY6L9
LAyOFHagyMVxMs+cW2ihObO1ko4f6dIXZvmD99WbkCtK+vBsKX8DWQB7aChbKXFw
L0QnWn1G1Rvlj7uSCu1LVogdZuB6t0hbLFburPAURCRgHiZroDqdJWYQLiB16MK3
kV8/oD1/PN2H+kZOmy38Wj0UiaFLTn7Q3ejOlahN+7OOhFxGHFw2QDikrh5+xmZv
CvHeThQeCDdDy1pErqTZ9nP68y7+LKpQ/gjyxrfPMJdW4n3kIqihk4yfxnQDHM+w
DwJeRc0tIwV/hdCobWf/hetGw1iguPWQLCc3R4J9INaonj3rXb5yG5HCK+KgqoQa
RUKUjx6hbCR/bMpgGveG8O2xTPezRlXipXrF8wZSp84+3EydO2018z6EZ5A2fKLI
F+34M07zg0sVRQhKJ1qryIsmG89NabH68r2JEEayMrHpisBKnBe3Q/n9hvX6ZDLS
XgFYAgB+TJkdhCZeiwcQ5SSlYpfVlg/a5DJ6MVc+OUfsoRNczCYwqRwpR9mlAJqo
QS0E4qhIIhM9kAtBECPqy0eUay07PauC0O1Abujq8DQeRdFwnYh04j6GSzeSnbE=
=f3En
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.10.2

15
inventories/z9/host_vars/dooris.yaml
View file

@ -1,15 +0,0 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/dooris/docker_compose/compose.yaml.j2') }}"
docker_compose__configuration_files: [ ]
certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains:
- "dooris.ccchh.net"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
certbot__http_01_port: 80
nginx__version_spec: ""
nginx__configurations:
- name: dooris.ccchh.net
content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/dooris.ccchh.net.conf') }}"

7
inventories/z9/host_vars/waybackproxy.yaml
View file

@ -1,7 +0,0 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/waybackproxy/docker_compose/compose.yaml.j2') }}"
docker_compose__configuration_files: [ ]
nginx__version_spec: ""
nginx__configurations:
- name: waybackproxy.ccchh.net
content: "{{ lookup('ansible.builtin.file', 'resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf') }}"

210
inventories/z9/host_vars/yate.sops.yaml
View file

@ -1,210 +0,0 @@
#ENC[AES256_GCM,data:Oc2DdKVMymwkIHbS84TeTQY=,iv:UMhNafqQrHaF5iqFSev6D1uqHPFpKQTkOpYV6JncjsU=,tag:mAmBMyGdzER3hkSkV2Fjtw==,type:comment]
secret__yate__sip_trunk_epvpn: ENC[AES256_GCM,data:BkdNaCooUjsDlCXJ,iv:saO4IGsz1HAinvW5ZGAMA4WEtBbo+UNdfBkr0g29uag=,tag:t8RM0GNYhl1w/RMNO8wKbQ==,type:str]
secret__yate__sip_trunk_fonial: ENC[AES256_GCM,data:N18C3XZHIi1/IA==,iv:vs9dCYNRp+1ptxRajdUO5ODTOmNREJslF99xnFL92XM=,tag:IUmnlPeRI1WTRYELzZRk/w==,type:str]
secret__yate__sip_trunk_fux: ENC[AES256_GCM,data:zcVxNjyS3BE2dw==,iv:Prmy8nP1yeFrVI5mQaPJPKHGFCzuZp84f6fH04I9zJM=,tag:X15wqvaaifMU2/kcqLqUZQ==,type:str]
secret__yate__sip_extension_ewerkstatt: ENC[AES256_GCM,data:qbatVvfXZiUcpVnOJUpzYw==,iv:E/fCmKGrwYvQP1gGvwT0UrL0DZ/PcMwKG+NteiukB5M=,tag:PFmU0DX56+IbSQqMtY5NSQ==,type:str]
secret__yate__sip_extension_fritzbox_analog1: ENC[AES256_GCM,data:+ayQ6P4P34D5hTNOFv3HVA==,iv:UD71G07Z633mDmvnJVei9SKgHyM+JFXJdtOhyBhvKGY=,tag:0ISsYGQCIMMgToLWA09JwQ==,type:str]
secret__yate__sip_extension_fritzbox_analog2: ENC[AES256_GCM,data:DbFmTcZ8wW2fqstm09yUWw==,iv:jKUqtSXaGF/QpIwPJ6hKQWZvv9xtZeIQBiPHt2xm+3I=,tag:MkWzODFnWZc8o+pVLR3KJw==,type:str]
secret__yate__sip_extension_fritzbox_dect1: ENC[AES256_GCM,data:87MFTNA0DXmfhesT/M++ug==,iv:qDM8HWZhG9FADLFNPRJXkadN2jXD6/CfroDShNPzA+o=,tag:Ylf56nCczEdDaOGko5GrBw==,type:str]
secret__yate__sip_extension_fritzbox_dect2: ENC[AES256_GCM,data:KOUKexyzJqZPj1HKJxFl4Q==,iv:OCChQmSF1s8C/VYuw9D3hHA1CAoCnwC4adyTpWO5Iac=,tag:VFFuYi5Nd49ChU1Ki/nHiA==,type:str]
secret__yate__sip_extension_flausch: ENC[AES256_GCM,data:eIieA4A/ZmU8e7t20xwmCw==,iv:oDMgZIjQBDcwIVPK4/qIT1HyQKc+vImdr1iPZE1LEn4=,tag:RgS+enGC6DP6dwE8u30a6g==,type:str]
secret__yate__sip_extension_legacy: ENC[AES256_GCM,data:gC43eKUOAYU9dgNV1JQ+nw==,iv:xN7aad2NPaihlMT4Ym2xanpKU4eX04V0FS4m6XRgZFo=,tag:Oq0yBCSf+CB8Xkx4D4TH5w==,type:str]
sops:
lastmodified: "2025-08-02T07:43:00Z"
mac: ENC[AES256_GCM,data:Irv3y4/QbofyM5BvE4h/T6zNF3A6oTjDssMOcqmGxUOGpqL11Am1DMHBivkUgEYe4ir9N0kvPUmed1XOyDwImrl06E1mGAT6hOlfVSYKtZP0Pwvi4VVeeP6IAYN56zu8k4X8oIxv7AEfS3Fq94sJ52Fd3xDPPCG4aVtUXxxDuwQ=,iv:HdqbgUVR0lIysZnnPkOkW9gDp9G/EOrHDkwmQH6LVKQ=,tag:amVPLxjvx1Qtv+v27SGtGA==,type:str]
pgp:
- created_at: "2025-10-13T20:10:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtAQ/8DrVTO2xvkFg6N4Klvaii4KqEgm5h9Vdqb5RZWXIKXBsA
JyW3EANye3lI3/HKkEztbOTDZ/NuL+4pJR54+KUFq+C768cB+JEZmY9IFOXGN0mX
0qPYzAbls1v0yDSwBHDXj5Yc59CT7XK8rYudJOVTZQbsf/xM3wfGh4oXmFBmyCkF
zcPyA/L28jmAeKrXIIi52V63/3ipCjAzh2RpfrGxISi5F14mANToHAp6KWsin1E7
rj2wcq3F+UIf0b1iRlkTAwTA4C9Q8TpzZDEjKuO+Kw62m8wa+mgPDLkxbsUmJs5z
gM1HADpQrb6NtaPgXBTUL38+MPq0Uz6B18YJbSVydJbJ1HXFMpaPJCLE/5V+2+zA
92XxhYu+fV7NaL9Lw652r4H8ZErZLvVDfdRkipeIh7+sQvBQUb6AmCSKZUo08CtK
HBEeuF6CG2h2jlisj4eRDjbB5ognoCT/kAxOYXN4Vwf+ycAKX7sK0odQ81FgOpsT
psjAkAJLE1l9d95bMSaO5uyMD/uKHbvlHJ/wk8X5AHabSI5Hy5zK3AKkJlgKO/hK
q50BkVaHHZFThAPRSzzBjRsjAJhuMi5sdNaG0Uu7S95+Y+hoX/2y7ZHmdMYcRY9O
XaeQcO+EDxF69GKfiK94yjJL2iGjoIX4b6LlCB1pMrgWulSGey2Z9xbZF6CYTVjS
XAH7OHW6r/Ru3Hat4XTFwDi5Gox7MrAsv3JZTL5r/CD7bRBZ84P7PRHWDFfDxgbJ
6tAQRD2whP/3GG4XvVs35SJ5vkk0qEdXlvp14ghPfmphbDMN8JJK/efzyyn+
=5kn6
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-10-13T20:10:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ//U1w+VzucTyOBNrttljmFoiF81Oh2180qVNwH+PIJZRsf
p9SKR5y/l/EOrQHC1KR1ld+M7fMnXxrDKhKhyvfC9I6w+XNWqHqqVNA7RYTWuSCI
c2AuEyWKWXpchQE2RK7hA5fdd47TmFfXmohSdw0/TJF4LfSG42Lz+Du1b3nyKXqL
leWXC/IP7gsGBmQwSFrecdoQ7HK60w06xiEJSD6XAY+RhuzGK3mOjw62eiBqb4MI
Tiptkmw/wCvsayJqIqAssVOJPprPzBl1i4hfr6SNFPS1GiPpaiCjkbQmqY2bu9pD
Jau8AyRn09UV5VJLmb3lOiWKlyO8VG91Q1R2xqGNp9jQtbrRBr3hVQwsdJC4WGV6
n3VUKhhJ6AYaZHhcfmf+aYVSD/SfOxTWixAfv5UAVLtNqsVRS0qeCWC+lsd1W+U/
hXORfrv/tipnnY65leWrePxhdpFoub78pMTpNbipwufZgMPifm54XzEfMTrF/oq3
rzP8RdHs8+u0gEyn2ovIp1yKOI+b15DTVyt6C5YRLw+JeykcbtMRDDnAKxN2F8j5
5iY6Ord2Z2Eg+jBvrG212IroI7yGrXKfRLfCFYM2Lpd82PUx2sV9+xZH4lYJ8flc
oeA48lUGcoVhEEmWrwl7a5mrdST7HGOdZVBFJIr78Qo1FNMn7V53yGbAbLGv4KjS
XAEsOsXNdHVCaBWkm+rFJ/HrQ/6FS2l9jN7eO7SyMUZmceDCjgoI8LUSuZJ4qRI+
DeD34OHX/nlaN+2iUNq2VSJgTNJVWBIlJndusXuzSKI9TTVVzSYYn8Y8sDpb
=zTis
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-10-13T20:10:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJAQ/9FYNXETmqENgmxKuHXohSN+WU0/wblJLwQss+d7AJnu1I
JpcglLu3K8w/ghd9I3BfrUDHrYyRaGZ8bsTbPM8/lxV51dWbQd17yYGYtxwamgV2
EY5b32l4w6Kr+QclO5Z/lmNA5Co2WVLkE3tATO24cfuNcH9JS1paVijaAkNXb/8E
ii56vUYZessPXus8Hbgsy4bF2ot4Y+h4dNHJ0u2l8a0CwZ7pa1TvXqtm8xnt/stJ
lOtpXFyCXZEGvpNGJkJxEJHVo6WibdEhee+GQhGRsh98eZLPE2G8gmMKXpWJx4n4
83mEApQGrL4e+Bnxh9XDLs7FXyMtDEcsw4tps2VEQkPQ2PEOEOZXxJc8OxsV1aGA
CWqczWK90/tI+ZNu0y5fEs5jkWnc66Zvu/TkoUpgmZ3cWOewfLNYbbZ2k2/kLUX0
JVnrNQ41KD1FDVuVHin7AfVjsdC4Pk3QOZQuxumtmhbAi2hpaBB+KJOYcpovs9Sc
4A6l6ZXVbdgyy6PYqhgEI4A3RnsKoI7Id2t8Urm2kOMAqpqnOa3K+KfsglLyssbW
jNN9rbtDA3Nj0etGGtChE3sybt/G3kDhm8IGDPGlExS0lXuiN9WNBtzxzwgMchVH
PqpvYaHYwFZ34rTe7wy5681Ss04cFsKJs3NiUFAbmZn0gaFWqPEIewbo+PMVMDPS
XAFapF7QhyZwom2515O5m4QqxU63ZIoMRQKBjvsRwyTnJqXXVab81vAhX6iq7cqR
2QKxuhNIKAvrLbllJi1a1pmKQxtpRBTzLJjplB+QBGgTQZQMpxQ+sbPL9GCc
=nbQL
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-10-13T20:10:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1ARAAxHv4uWEGtDZRrwsX9aiNS8NsQC/1ITIoY9walqGsvhpU
+s4yOo3yGDbjJIrkWDdg7+LAY2Os9acQTxy3589pyDSMUEo/0wKonYfrebBteXiw
wHyu7hXBTdorb3OMHqQxm2/aettqLDHk7H73Hnd/nrFggxpVlYzpShq3vYXCDEH+
OhrwNzTtKWv5hrvO5L+RLBcKbJKbtGgLnu1ybrWsDGAf5np0NU0ogMQmHjMADjzq
jqvaChv/Pa++57NorJILIUAkb4DWI4m6WvtiAbGBxAad7m36s9kzNyLxjU36B04N
mQNrxF8+F81wuVpGXIEPDX1XxHAiDeQR6a8IOMvy5OhADqoobAFDh+cejzxPt7ml
lqzugaxMqFGWzesgeExwTCTaORr28jXOcLWo7gzZSBzgYkfe/7HASviWgDL3Y+jH
j0NL4hIZ87dCjY5A63qa56gWqWrUjn7CmjcROX57+Y8MNHYoSrGKnuVhetkZriRm
SPvjFox7HGLst7aALxbEyqXj6yQaWXi4moGHImXUA5yWKxTl3ZCC++wq88mBVglm
U3fX81XaZJXNnG7dtaZPk/om7MHA67zuy/FIXSSxVf7wyK+6cvtWoN2HPzleVXie
mK7OcFKmzax1ojgRNLmcbHQcdJoA4nK58AnQbZvRJDw7FQ3b9ainTBe2nmrc9FTS
XAG24SqSunZHTfNPha58wB9Tz8eQ/CmCfodNsClet5Nirj4ZAzm85YC8z4iLw9PN
DEXqWw/GUs6EYGE0QYuqIUiNMEnowcATsXXrTuSVlX/FudZ7nJBuLG5FqwJ2
=dCvy
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-10-13T20:10:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DerEtaFuTeewSAQdA/J3hvNw2zIKpSydLiXh7RKFHOCKcacZw0xTohfwHPCEw
INXjpmaKQTX1rE6qAEPpy7AAXuwrAID73QZFoOkj6j8fUexq6UIF9ov58MKy2bgo
0lwBsNGWUkhHBUXXCOs6JfUR4KbVQwLYxWTteFgqDUF7TGvK4sFqjUyhN0MA7LSs
YNxuobepZ0RFxG+yMO4wZ468A6Re/DlM0hsUIDeC1uoLyhJZy+WipS+YQW6jAg==
=1evm
-----END PGP MESSAGE-----
fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
- created_at: "2025-10-13T20:10:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fAQ//Ts4opuQ2hl82CNDoi0i53p6nXFLJQ2OuozZ0C/8MvqAD
rR8GeLKBBhCcFgMzvzKeQXr5kbPFOMtTFo5+zAMj7m5Dr/WIlCouVRX0xGVBcRgP
5XtWaLJ66+5X4y5ynI9EfcDD6vgOoTOmu0vp9QYrzMuOzMWzLWdjWuClx4Zz7NCa
dXm3FXJPMl9BIwKlOxDeM7w7LYCbGhj8XivSfMdZFh/855rN9T+PeBPpsalVgw5v
3PQiFPXLvAq+Dj+NW8UqVKE5GPfZQj5eFiwMgA4gnuYFxKW8haJebXiOP3dqT9EV
2wRYQQXLhRKBt4Pdl6esZGDz1cw/FDW0G5+aEg295tV3VIYptyeVk+PF3ZZx1ymw
gC46HKXj3MZOhSXBXeHeFGbHoHRFEETHYXgki5zdJvrDh9DUvaXWmx62Luf8u/eV
ao7wXO8zzXFWNQM1C2/bFRlAj41pqMKESeSPrK+BTFTeaNTt/XNQYxBqllcVICA3
jgvhrPgZaN0DzRs7+5RrDAe0yAc1Zrs8QC1Y81CikxG03PvBIyFXRAXz2BASN+Af
yzfwz1BwEd0sQxYKSKToK86JGD51edvYi7z5nETGBrQheJSU3MnqOO/yFdsZrvtb
HYk77eqHuif6ZzfHylUVHEoS+nyUjgsLeIfMDoQUdLcLAjn44wp0CXRHya5ZsZPS
XAHD2X1aq0vs7qHG3czvG7tRyFK6+aQ6PCWWCF7IiX4fagPMW2eD1li+uqdu1UPM
fanXEfibFnnpPMQG4j+W+r9plwUv1fTP295trXNzKcBldNqp1IJX75gz2MzC
=wsfS
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-10-13T20:10:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoARAAtM6V34YykAdgHBatDCQOqclPueg6glMsUXqsWacnl1Ui
fOYdy5QWC4Slhr+W+x41svrKDAVncxaYrwpBddi+KYjqh5eWY9S6dxhc/8ni8+Sy
1TwOB4jPt8U9txPxrRlvenHITXMHfbekjkYT6efK6ougO/Au9hXJOc56dGAoJZOP
KLUGUxES3r69e1FoE7JlFJ0NDVEzF5Ald8l1DqTQEBSvVTPGWTgig0K2BnFg77ip
AK/P42eQktooFH6YEeFmgQ4O0ti15xyEkbMJ/5hg46FI5K/GwjpsYgVsVo3gvrpe
Uw/z0f5Fkm6JJ1YHpycSu6OyK7OmFR3Bft8+57DL0NNadPBlt33oGq4P+r6xSkgZ
5NSRW98hY8xhnduEPoe09DazeZXxeOY3kpMpSvsYYifAVLwMIAe3oA0USxn7mA3i
igHeyWwkdRDU290h31jkGgyULCXeCoQ8uajF+oknGYTDra4Qn0/pF7igdLEZQvlo
7Dz+OTiZeECyeIQRuwAv2lQYonCbcTilZEI26RCXOnfIjB4a+nm/6IauovqeEv+4
LtZQeVTEPhWDBAsTApPZz02WOiok/cYqa20gpBPb4UWLNTFzBRUZHbDsyVuEH3rT
Vgj/QkuVmB/yCje9cNnYZtMkA3L4iNDcLGAqyLzPtuZwleqP24Minu7tzZgipr3S
XAEMuzk/qLMCSCs6sSjP/vKK50y77x873GAfM75cZpSSkXXZPcTFgvmno2YbFDzh
0/gxocKFefLkXhm4pbrnntAJnnLlnTh7W/tETA22VxbuxUxv2371n6qSwatw
=twII
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-10-13T20:10:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ/+IURRSEmFhMSIu8rWrVCjkLH5C62eU+B+p0ve3QMJ8/RV
3e85LT7q+VW+qr1EOUL+WSL6//jlhc0s6Un/yKOgxLbMmZayXbUS70+HjZq1pIFL
uxmVoBYw8vT8dPE4/u6quMTZQZpn2sncrhHaEek/ED+nAE37V6EHI3ubwiQPv0dB
hPFxm2h7qOJ0/QAyZh3M/kGZYRoZDvBWnMnV0cYKZkj4hWQyq27PjqG8grN7Nbc5
H8tsF3XoWw0wymKKMKTI2g7/MLI5V3yRKHZNR6kiKc0srSLBSuoGoyElUeFW+MG8
H1l5Rj7LEmTHXYLGj/zA65Fpw4tWwxM567YkQirdEnh2z/uxdX03aJLkU8qHYiGp
ekMxaR9/dqIt5TO1oT0zclue6IMd0jrZGJ70dovpUglfIk9/OHxTDJD1Qzf/qCoW
VefKWhBWhcWzlEHwfwiygilvaCgOVyYwFNeSoF+Y1teVl/qXx48VG3V2y6Z1VOfL
fncuHkbetyQ2BY2QWSJZNIG4mI+oZbp+YWWXJ4z31l3ng9ujt3eUqZB3KSy3hx+O
a/3l+4lKzNTYFvSNmVdubr37x5ygy+2nfk3g2ww0UOOwS6yiJqU2ZqA3OuTYwYu+
iHApavjPMg9WBE4Td8BYFxi4VyaZ91GrrnL7I1ytZIhUpMGPh8m5PYdVtUug17XS
XAEZ/KriGSAbovs+3DtH22113/oJhqpp25MJl+tTu2HbL00nu10DoLbZXTQixLo8
XrSN3EwXcJGpn5mgo7qYwVPL151VPdOoFp1g/pfmL5WeLY+avJb4WumMA80v
=0DR6
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-10-13T20:10:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdA73jpbxIMcc3GEvix/5TNwqMO2CiLgN4BLuaxU8sFPSIw
/ssO0s5uEpT2V0U5whKQf+CXZRvLZKXJsjcQRXYDi47yAopdg4LNcgv6rPftp/mD
0lwB9j89HaTDQ0wIPOiAqG9Pv8CHsKxC1XYvNz2hzIxhreoMh5W2Sr3f/5OHQWGl
2Mi+CmcoIihoV6rp/RgePZIf+7i/zeYqGbdP36rTJr+X7y+beWxNKot6xCfHOg==
=et3H
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-10-13T20:10:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAcwtuk+qh7Bo86gmUU1P96RHBt3TgdhVfZV4aPUO1TGsw
oIZS+b/Tjynr+npZ392TFoS/JrT/j9A/FK4w8eZ+ICdVwplxGlhfTPlooSdywa6M
0lYBY+QLBsmuRD5bb+p4zH/uX4qTO5MYNpGUvZBnLP3CHYMW8WBwFbBeqFJb3sKA
DOqjQhA0L8G1sI/tGrmyvziNifP8LkpxaBNUKnPScbMjE5F/7KX2Dw==
=8lLB
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-10-13T20:10:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+AQ//QJytSLyuRPBrBrtirYU2ZTPR22S6FgqI8JUhP6dCdkUA
8PrZzI2UNJ7mhvXXEq8/nMI2UkZHkr7IwBQuHj0CIqxkxTv3hOK9djGdpD3wtHX6
3C7jAEy4LKVUxeDIPv+CFREKNPtxxqbbqtRZHXrxh5+O7+iMS+tQyUb49883DSXc
spxOq25E3X37gAepqKQHSH0A1txpZtMcd87fE3hMJuKblMU/5hW/IiihqDbUyhEz
tYZpSMxUu4QgR5fhf7pIq12yLMM9F3Z4WMtFtU3uh27q//dpLiPfrgBJldTU5e34
FprGNNyKaLgO2XpQl89x4UXdQ7vTtuH6fMbKJV0TzHdwQXEZyL+XJ4OKG784011e
w0xzuexHpMKrgFekbZ+WwK7otC9QZ5WvPSE6kpIYbh1a6SPESNAEG9BsDNAAYdrd
FWAj7YeO0PtAZkO05oQfq7k0PlAc9kaeJ89K0MtB94QGBdrRcowERJG1cDiND7HY
tlAEHZhizSw45cunI8ICDwNfiO0CPeShVcKh4qzbfKvOaDYZj9bzBCMPF+XgI6w8
THk3ZwvEIaf7gIEQFUnc3C1JGHwYDBrcCl/cUJ18DxvxjyjWDDR2iXT/86A7foVt
hwmpxuQOSTKujGJtTyIu8n+/lbVbpDo2OLJ28h2TGcXnxD83OigH4cHtpL+7WfbS
XAHuYliyndjEFBvrpEEBkPyIYo8dH3ip6205hAN/wp7cQ7MNjqppGEYN9nrwHxtH
o+leEHXmIDdmvbC5iDbplKISDr0EHtCfxFt1N0IpYQhlwygAv7JWEUpBLGNV
=/LEP
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.10.2

9
inventories/z9/host_vars/yate.yaml
View file

@ -1,9 +0,0 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/compose.yaml.j2') }}"
docker_compose__configuration_files:
- name: accfile.conf
content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/accfile.conf.j2') }}"
- name: regexroute.conf
content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/regexroute.conf.j2') }}"
- name: regfile.conf
content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/regfile.conf.j2') }}"
docker_compose__restart_cmd: "exec yate sh -c 'kill -1 1'"

46
inventories/z9/hosts.yaml
View file

@ -1,53 +1,21 @@
all:
hosts:
authoritative-dns:
ansible_host: authoritative-dns.z9.ccchh.net
ansible_user: chaos
dooris:
ansible_host: 10.31.208.201
ansible_user: chaos
light:
ansible_host: light.z9.ccchh.net
ansible_user: chaos
thinkcccore0:
ansible_host: thinkcccore0.z9.ccchh.net
waybackproxy:
ansible_host: waybackproxy.ccchh.net
ansible_user: chaos
yate:
ansible_host: yate.ccchh.net
ansible_user: chaos
certbot_hosts:
hosts:
dooris:
docker_compose_hosts:
hosts:
dooris:
waybackproxy:
yate:
foobazdmx_hosts:
hosts:
light:
hypervisors:
hosts:
thinkcccore0:
infrastructure_authorized_keys_hosts:
hosts:
dooris:
light:
authoritative-dns:
waybackproxy:
yate:
ansible_host: authoritative-dns.z9.ccchh.net
ansible_user: chaos
nginx_hosts:
hosts:
dooris:
light:
waybackproxy:
ola_hosts:
hosts:
light:
proxmox_vm_template_hosts:
foobazdmx_hosts:
hosts:
thinkcccore0:
ansible_pull_hosts:
light:
infrastructure_authorized_keys_hosts:
hosts:
light:
authoritative-dns:

28
playbooks/deploy.yaml
View file

@ -4,6 +4,16 @@
roles:
- base_config
- name: Ensure systemd-networkd config deployment on systemd_networkd_hosts
hosts: systemd_networkd_hosts
roles:
- systemd_networkd
- name: Ensure nftables deployment on nftables_hosts
hosts: nftables_hosts
roles:
- nftables
- name: Ensure deployment of infrastructure authorized keys
hosts: infrastructure_authorized_keys_hosts
roles:
@ -70,23 +80,5 @@
- "o=Docker,n=${distro_codename}"
- "o=nginx,n=${distro_codename}"
- name: Ensure Alloy is installed and Setup on alloy_hosts
hosts: alloy_hosts
become: true
tasks:
- name: Setup Alloy
ansible.builtin.include_role:
name: grafana.grafana.alloy
- name: Ensure ansible_pull deployment on ansible_pull_hosts
hosts: ansible_pull_hosts
roles:
- ansible_pull
- name: Ensure msmtp is setup on msmtp_hosts
hosts: msmtp_hosts
roles:
- msmtp
- name: Run ensure_eh22_styleguide_dir Playbook
ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml

61
playbooks/deploy_hypervisor.yaml
View file

@ -1,61 +0,0 @@
- name: Ensure the VM template generation is set up
hosts: proxmox_vm_template_hosts
tasks:
- name: Ensure dependencies are present
ansible.builtin.apt:
name:
- git
- libguestfs-tools
become: true
- name: Ensure /usr/local/{lib,sbin} exist
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: "0755"
become: true
loop:
- "/usr/local/lib/"
- "/usr/local/sbin/"
- name: Ensure the pve-template-vm repo is present
ansible.builtin.git:
repo: https://git.hamburg.ccc.de/CCCHH/pve-template-vm.git
dest: /usr/local/lib/pve-template-vm
version: main
force: true
depth: 1
single_branch: true
track_submodules: true
become: true
# /usr/local/sbin as the script uses qm, which is also found in /usr/sbin.
- name: Ensure symlink to build-proxmox-template exists in /usr/local/sbin
ansible.builtin.file:
src: /usr/local/lib/pve-template-vm/build-proxmox-template
dest: /usr/local/sbin/build-proxmox-template
state: link
owner: root
group: root
mode: '0755'
become: true
# This sets up a cron job running /usr/local/sbin/build-proxmox-template using the env vars defined in hypervisor__template_vm_config.
- name: Ensure cron job is present for building a fresh VM template every week on Friday 04:00
ansible.builtin.cron:
name: "ansible build proxmox template"
cron_file: ansible_build_proxmox_template
minute: 0
hour: 4
weekday: 5
user: root
job: "{% if hypervisor__template_vm_config is defined and hypervisor__template_vm_config | length > 0 %}\
/usr/bin/env \
{% for item in hypervisor__template_vm_config | default([]) %}\
{{ item.name }}=\"{{ item.value }}\" \
{% endfor %}\
{% endif %}\
/usr/local/sbin/build-proxmox-template"
become: true

6
resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
View file

@ -6,8 +6,8 @@ services:
image: docker.io/library/mariadb:11
environment:
- "MARIADB_DATABASE=wordpress"
- "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}"
- "MARIADB_PASSWORD={{ secret__wordpress_db_password }}"
- "MARIADB_ROOT_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_ROOT_PASSWORD", create=false, missing="error") }}"
- "MARIADB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}"
- "MARIADB_USER=wordpress"
- "MARIADB_AUTO_UPGRADE=yes"
volumes:
@ -23,7 +23,7 @@ services:
- "WORDPRESS_DB_NAME=wordpress"
- "WORDPRESS_DB_USER=wordpress"
- "WORDPRESS_TABLE_PREFIX=wp_"
- "WORDPRESS_DB_PASSWORD={{ secret__wordpress_db_password }}"
- "WORDPRESS_DB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}"
volumes:
- wordpress:/var/www/html/wp-content
ports:

98
resources/chaosknoten/cloud/nextcloud/config.php.j2 Normal file
View file

@ -0,0 +1,98 @@
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'instanceid' => 'oc9uqhr7buka',
'passwordsalt' => 'SK2vmQeTEHrkkwx9K+hC1WX33lPJDs',
'secret' => '3dBt5THD2ehg0yWdVDAvMmsY8yLtrfk/gE560lkMqYqgh6lu',
'trusted_domains' =>
array (
0 => 'cloud.hamburg.ccc.de',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '25.0.9.2',
'overwrite.cli.url' => 'https://cloud.hamburg.ccc.de',
'dbname' => 'nextcloud',
'dbhost' => 'database',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => 'TdBLMQQeKbz1zab3sySUsGxo3',
'installed' => true,
// Some Nextcloud options that might make sense here
'allow_user_to_change_display_name' => false,
'lost_password_link' => 'disabled',
// URL of provider. All other URLs are auto-discovered from .well-known
'oidc_login_provider_url' => 'https://id.ccchh.net/realms/ccchh',
// Client ID and secret registered with the provider
'oidc_login_client_id' => 'cloud',
'oidc_login_client_secret' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/kc-client-secret", create=false, missing="error") }}',
// Automatically redirect the login page to the provider
'oidc_login_auto_redirect' => true,
// Redirect to this page after logging out the user
//'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
// If set to true the user will be redirected to the
// logout endpoint of the OIDC provider after logout
// in Nextcloud. After successfull logout the OIDC
// provider will redirect back to 'oidc_login_logout_url' (MUST be set).
'oidc_login_end_session_redirect' => true,
// Quota to assign if no quota is specified in the OIDC response (bytes)
//
// NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to
// zero or -1 or ''.
'oidc_login_default_quota' => '1000000000',
// Login button text
'oidc_login_button_text' => 'Log in via id.ccchh.net',
// Hide the NextCloud password change form.
'oidc_login_hide_password_form' => false,
// Use ID Token instead of UserInfo
'oidc_login_use_id_token' => false,
'oidc_login_attributes' => array (
'id' => 'preferred_username',
'name' => 'name',
'mail' => 'email',
'quota' => 'ownCloudQuota',
'home' => 'homeDirectory',
'ldap_uid' => 'uid',
'groups' => 'ownCloudGroups',
'login_filter' => 'realm_access_roles',
'photoURL' => 'picture',
'is_admin' => 'ownCloudAdmin',
),
// Default group to add users to (optional, defaults to nothing)
//'oidc_login_default_group' => 'oidc',
'oidc_login_filter_allowed_values' => null,
// Set OpenID Connect scope
'oidc_login_scope' => 'openid profile',
// The `id` attribute in `oidc_login_attributes` must return the
// "Internal Username" (see expert settings in LDAP integration)
'oidc_login_proxy_ldap' => false,
// Fallback to direct login if login from OIDC fails
// Note that no error message will be displayed if enabled
'oidc_login_disable_registration' => false,
//'oidc_login_redir_fallback' => false,
// If you get your groups from the oidc_login_attributes, you might want
// to create them if they are not already existing, Default is `false`.
'oidc_create_groups' => true,
// Enable use of WebDAV via OIDC bearer token.
'oidc_login_webdav_enabled' => true,
// Enable authentication with user/password for DAV clients that do not
// support token authentication (e.g. DAVx⁵)
'oidc_login_password_authentication' => false,
);

2
resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
View file

@ -11,7 +11,7 @@ $CONFIG = array (
'mail_smtpname' => 'no-reply@cloud.hamburg.ccc.de',
'mail_from_address' => 'no-reply',
'mail_domain' => 'cloud.hamburg.ccc.de',
'mail_smtppassword' => '{{ secret__nextcloud_smtp_password }}',
'mail_smtppassword' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/smtp_password", create=false, missing="error") }}',
'mail_smtpdebug' => true,
'maintenance_window_start' => 1,
);

60
resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 Normal file
View file

@ -0,0 +1,60 @@
ALLOWED_HOSTS = [ "netbox.eh22.easterhegg.eu" ]
DATABASE = {
"HOST": "localhost",
"NAME": "netbox",
"USER": "netbox",
"PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}",
}
REDIS = {
"tasks": {
"HOST": "localhost",
"PORT": 6379,
"USERNAME": "",
"PASSWORD": "",
"DATABASE": 0,
"SSL": False,
},
"caching": {
"HOST": "localhost",
"PORT": 6379,
"USERNAME": "",
"PASSWORD": "",
"DATABASE": 1,
"SSL": False,
},
}
SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SECRET_KEY', create=false, missing='error') }}"
SESSION_COOKIE_SECURE = True
# CCCHH ID (Keycloak) integration.
# https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7
# https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html
REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2"
SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = (
"https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
)
SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = (
"https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
)
SOCIAL_AUTH_KEYCLOAK_KEY = "eh22-netbox"
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB"
SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}"
# Use custom OIDC group and role mapping pipeline functions added in via
# netbox__custom_pipeline_oidc_group_and_role_mapping.
# The default pipeline this is based on can be found here:
# https://github.com/netbox-community/netbox/blob/main/netbox/netbox/settings.py
SOCIAL_AUTH_PIPELINE = [
"social_core.pipeline.social_auth.social_details",
"social_core.pipeline.social_auth.social_uid",
"social_core.pipeline.social_auth.social_user",
"social_core.pipeline.user.get_username",
"social_core.pipeline.user.create_user",
"social_core.pipeline.social_auth.associate_user",
"netbox.authentication.user_default_groups_handler",
"social_core.pipeline.social_auth.load_extra_data",
"social_core.pipeline.user.user_details",
# Custom OIDC group and role mapping functions.
"netbox.custom_pipeline_oidc_mapping.add_groups",
"netbox.custom_pipeline_oidc_mapping.remove_groups",
"netbox.custom_pipeline_oidc_mapping.set_roles",
]

35
resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf → resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf
View file

@ -2,8 +2,7 @@
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
# Listen on a custom port for the proxy protocol.
listen 8443 ssl proxy_protocol;
http2 on;
listen 8443 ssl http2 proxy_protocol;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
@ -13,12 +12,12 @@ server {
# header.
real_ip_header proxy_protocol;
server_name ntfy.hamburg.ccc.de;
server_name netbox.eh22.easterhegg.eu;
ssl_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ntfy.hamburg.ccc.de/privkey.pem;
ssl_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/chain.pem;
ssl_trusted_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
@ -30,18 +29,20 @@ server {
proxy_set_header X-Forwarded-Port 443;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
# Hide the X-Forwarded header.
proxy_hide_header X-Forwarded;
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
# is transparent).
# Also provide "_hidden" for by, since it's not relevant.
proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
client_max_body_size 25m;
location /static/ {
alias /opt/netbox/netbox/static/;
}
location / {
proxy_pass http://127.0.0.1:2586;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 3m;
proxy_send_timeout 3m;
proxy_read_timeout 3m;
client_max_body_size 0; # Stream request body to backend
proxy_pass http://127.0.0.1:8001;
}
}

90
resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
View file

@ -3,84 +3,38 @@
# - https://github.com/prometheus/alertmanager/blob/48a99764a1fc9279fc828de83e7a03ae2219abc7/doc/examples/simple.yml
route:
receiver: 'ccchh-infrastructure-alerts'
group_by: [ "alertname", "site", "type", "hypervisor" ]
group_by: ["alertname", "site", "type", "hypervisor"]
group_wait: 30s
group_interval: 5m
repeat_interval: 6h
routes:
- receiver: "null"
matchers:
- sendAlert = "false"
- receiver: ntfy-ccchh-critical
matchers:
- org = "ccchh"
- severity = "critical",
repeat_interval: 18h
continue: true
- receiver: ntfy-ccchh
matchers:
- org = "ccchh"
- severity =~ "info|warning",
repeat_interval: 36h
continue: true
- receiver: ntfy-fux-critical
matchers:
- org = "fux"
- severity = "critical",
repeat_interval: 18h
continue: true
- receiver: email-fux-critical
matchers:
- org = "fux"
- severity = "critical",
repeat_interval: 36h
continue: true
- receiver: ntfy-fux
matchers:
- org = "fux"
- severity =~ "info|warning",
repeat_interval: 36h
continue: true
- receiver: ccchh-infrastructure-alerts
matchers:
- org = "ccchh"
- severity =~ "info|warning|critical"
repeat_interval: 3h
receiver: ccchh-infrastructure-alerts
{# Disable these for now, but might be interesting in the future.
# Inhibition rules allow to mute a set of alerts given that another alert is
# firing.
# We use this to mute any warning-level notifications if the same alert is
# already critical.
inhibit_rules:
- source_matchers: [severity="critical"]
target_matchers: [severity="warning"]
# Apply inhibition if the alertname is the same.
# CAUTION:
# If all label names listed in `equal` are missing
# from both the source and target alerts,
# the inhibition rule will apply!
equal: [alertname, cluster, service] #}
templates:
- "/etc/alertmanager/templates/*.tmpl"
receivers:
- name: "null"
- name: "ccchh-infrastructure-alerts"
telegram_configs:
- send_resolved: true
bot_token: {{ secret__alertmanager_telegram_bot_token }}
bot_token: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/alertmanager_telegram_bot_token", create=false, missing="error") }}
chat_id: -1002434372415
parse_mode: HTML
message: {{ "'{{ template \"alert-message.telegram.ccchh\" . }}'" }}
- name: "ntfy-ccchh-critical"
webhook_configs:
- url: "http://ntfy-alertmanager-ccchh-critical:8000"
- name: "ntfy-fux-critical"
webhook_configs:
- url: "http://ntfy-alertmanager-fux-critical:8001"
- name: "ntfy-ccchh"
webhook_configs:
- url: "http://ntfy-alertmanager-ccchh:8010"
- name: "ntfy-fux"
webhook_configs:
- url: "http://ntfy-alertmanager-fux:8011"
- name: "email-fux-critical"
email_configs:
- send_resolved: true
to: "stb@lassitu.de,fux@zimdahl.org"
from: "alert-manager@hamburg.ccc.de"
smarthost: "cow.hamburg.ccc.de:587"
auth_username: "alert-manager@hamburg.ccc.de"
auth_password: {{ secret__alert_manager_email_password }}

33
resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
View file

@ -20,25 +20,16 @@ Links & Resources
{{ define "alert-message.telegram.ccchh" }}
{{- if .Alerts.Firing }}
<u>🔥{{ len .Alerts.Firing }} Alert(/s) Firing 🔥</u>
{{- if le (len .Alerts.Firing) 5 }}
{{- range .Alerts.Firing }}
{{ template "alert-item.telegram.ccchh.internal" . }}
{{- end }}
{{- else }}
There are too many alerts firing at once
{{- end }}
{{- end }}
{{- if .Alerts.Resolved }}
<u>✅{{ len .Alerts.Resolved }} Alert(/s) Resolved ✅</u>
{{- if le (len .Alerts.Resolved) 5 }}
{{- range .Alerts.Resolved }}
{{ template "alert-item.telegram.ccchh.internal" . }}
{{- end }}
{{- else }}
There are too many resolved alerts to list
{{- end }}
{{- end }}
{{- if .Alerts.Firing }}
<u>🔥{{ len .Alerts.Firing }} Alert(/s) Firing 🔥</u>
{{ range .Alerts.Firing -}}
{{ template "alert-item.telegram.ccchh.internal" . }}
{{- end }}
{{- end }}
{{- if .Alerts.Resolved }}
<u>✅{{ len .Alerts.Resolved }} Alert(/s) Resolved ✅</u>
{{ range .Alerts.Resolved -}}
{{ template "alert-item.telegram.ccchh.internal" . }}
{{- end }}
{{- end }}
{{- end }}

57
resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
View file

@ -6,17 +6,14 @@ services:
container_name: prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--web.enable-remote-write-receiver'
- '--enable-feature=promql-experimental-functions'
ports:
- 9090:9090
restart: unless-stopped
volumes:
- ./configs/prometheus.yml:/etc/prometheus/prometheus.yml
- ./configs/prometheus_alerts.rules.yaml:/etc/prometheus/rules/alerts.rules.yaml
- ./configs/prometheus_alerts-fux.rules.yaml:/etc/prometheus/rules/alerts-fux.rules.yaml
- prom_data:/prometheus
alertmanager:
image: prom/alertmanager
container_name: alertmanager
@ -38,7 +35,7 @@ services:
restart: unless-stopped
environment:
- GF_SECURITY_ADMIN_USER=admin
- "GF_SECURITY_ADMIN_PASSWORD={{ secret__grafana_gf_security_admin_password }}"
- "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/GF_SECURITY_ADMIN_PASSWORD", create=false, missing="error") }}"
volumes:
- ./configs/grafana.ini:/etc/grafana/grafana.ini
- ./configs/grafana-datasource.yml:/etc/grafana/provisioning/datasources/datasource.yml
@ -52,61 +49,13 @@ services:
restart: unless-stopped
environment:
- PVE_USER=grafana@pve
- "PVE_PASSWORD={{ secret__prometheus_pve_exporter_pve_password }}"
- "PVE_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/prometheus-exporter", create=false, missing="error") }}"
- PVE_VERIFY_SSL=false
volumes:
- /dev/null:/etc/prometheus/pve.yml
loki:
image: grafana/loki:3
container_name: loki
ports:
- 13100:3100
- 19099:9099
restart: unless-stopped
volumes:
- ./configs/loki.yaml:/etc/loki/local-config.yaml
- loki_data:/var/loki
ntfy-alertmanager-ccchh-critical:
image: xenrox/ntfy-alertmanager:latest
container_name: ntfy-alertmanager-ccchh-critical
volumes:
- ./configs/ntfy-alertmanager-ccchh-critical:/etc/ntfy-alertmanager/config
ports:
- 8000:8000
restart: unless-stopped
ntfy-alertmanager-fux-critical:
image: xenrox/ntfy-alertmanager:latest
container_name: ntfy-alertmanager-fux-critical
volumes:
- ./configs/ntfy-alertmanager-fux-critical:/etc/ntfy-alertmanager/config
ports:
- 8001:8001
restart: unless-stopped
ntfy-alertmanager-ccchh:
image: xenrox/ntfy-alertmanager:latest
container_name: ntfy-alertmanager-ccchh
volumes:
- ./configs/ntfy-alertmanager-ccchh:/etc/ntfy-alertmanager/config
ports:
- 8010:8010
restart: unless-stopped
ntfy-alertmanager-fux:
image: xenrox/ntfy-alertmanager:latest
container_name: ntfy-alertmanager-fux
volumes:
- ./configs/ntfy-alertmanager-fux:/etc/ntfy-alertmanager/config
ports:
- 8011:8011
restart: unless-stopped
volumes:
graf_data: {}
prom_data: {}
alertmanager_data: {}
loki_data: {}
mimir_data: {}

11
resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
View file

@ -7,14 +7,3 @@ datasources:
isDefault: true
access: proxy
editable: true
- name: Loki
type: loki
url: http://loki:3100
access: proxy
editable: true
jsonData:
timeout: 60
maxLines: 3000
httpHeaderName1: "X-Scope-OrgID"
secureJsonData:
httpHeaderValue1: "chaos"

2
resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
View file

@ -11,7 +11,7 @@ auto_login = true
name = id.hamburg.ccc.de
allow_sign_up = true
client_id = grafana
client_secret = {{ secret__grafana_keycloak_secret }}
client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
scopes = openid email profile offline_access roles
email_attribute_path = email
login_attribute_path = username

52
resources/chaosknoten/grafana/docker_compose/loki.yaml
View file

@ -1,52 +0,0 @@
auth_enabled: true
server:
http_listen_port: 3100
grpc_listen_port: 9099
log_level: warn
limits_config:
retention_period: 14d
common:
instance_addr: 127.0.0.1
path_prefix: /var/loki
storage:
filesystem:
chunks_directory: /var/loki/chunks
rules_directory: /var/loki/rules
replication_factor: 1
ring:
kvstore:
store: inmemory
storage_config:
filesystem:
directory: /var/loki/chunks
index_queries_cache_config:
embedded_cache:
enabled: true
max_size_mb: 80
ttl: 30m
schema_config:
configs:
- from: 2025-04-28
store: tsdb
object_store: filesystem
schema: v13
index:
prefix: index_
period: 24h
chunk_store_config:
chunk_cache_config:
embedded_cache:
enabled: true
max_size_mb: 80
ttl: 30m
write_dedupe_cache_config:
embedded_cache:
enabled: true
max_size_mb: 80
ttl: 30m

48
resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2
View file

@ -1,48 +0,0 @@
base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-ccchh-critical
http-address :8000
log-level info
log-format text
# When multiple alerts are grouped together by Alertmanager, they can either be sent
# each on their own (single mode) or be kept together (multi mode)
# Options: single, multi
# Default: multi
alert-mode single
labels {
order "severity"
severity "critical" {
priority 4
tags "rotating_light"
}
severity "warning" {
priority 3
tags "warning"
}
severity "info" {
priority 1
}
}
resolved {
tags "white_check_mark,resolved"
priority 2
}
ntfy {
server https://ntfy.hamburg.ccc.de
topic ccchh-alertmanager-critical
access-token {{ secret__ntfy_token }}
}
alertmanager {
silence-duration 3h
}
cache {
type memory
duration 12h
cleanup-interval 1h
}

48
resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2
View file

@ -1,48 +0,0 @@
base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-ccchh
http-address :8010
log-level info
log-format text
# When multiple alerts are grouped together by Alertmanager, they can either be sent
# each on their own (single mode) or be kept together (multi mode)
# Options: single, multi
# Default: multi
alert-mode single
labels {
order "severity"
severity "critical" {
priority 4
tags "rotating_light"
}
severity "warning" {
priority 3
tags "warning"
}
severity "info" {
priority 1
}
}
resolved {
tags "white_check_mark,resolved"
priority 2
}
ntfy {
server https://ntfy.hamburg.ccc.de
topic ccchh-alertmanager
access-token {{ secret__ntfy_token }}
}
alertmanager {
silence-duration 3h
}
cache {
type memory
duration 12h
cleanup-interval 1h
}

48
resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2
View file

@ -1,48 +0,0 @@
base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-fux-critical
http-address :8001
log-level info
log-format text
# When multiple alerts are grouped together by Alertmanager, they can either be sent
# each on their own (single mode) or be kept together (multi mode)
# Options: single, multi
# Default: multi
alert-mode single
labels {
order "severity"
severity "critical" {
priority 4
tags "rotating_light"
}
severity "warning" {
priority 3
tags "warning"
}
severity "info" {
priority 1
}
}
resolved {
tags "white_check_mark,resolved"
priority 2
}
ntfy {
server https://ntfy.hamburg.ccc.de
topic fux-alertmanager-critical
access-token {{ secret__ntfy_token }}
}
alertmanager {
silence-duration 3h
}
cache {
type memory
duration 12h
cleanup-interval 1h
}

48
resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2
View file

@ -1,48 +0,0 @@
base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-fux
http-address :8011
log-level info
log-format text
# When multiple alerts are grouped together by Alertmanager, they can either be sent
# each on their own (single mode) or be kept together (multi mode)
# Options: single, multi
# Default: multi
alert-mode single
labels {
order "severity"
severity "critical" {
priority 4
tags "rotating_light"
}
severity "warning" {
priority 3
tags "warning"
}
severity "info" {
priority 1
}
}
resolved {
tags "white_check_mark,resolved"
priority 2
}
ntfy {
server https://ntfy.hamburg.ccc.de
topic fux-alertmanager
access-token {{ secret__ntfy_token }}
}
alertmanager {
silence-duration 3h
}
cache {
type memory
duration 12h
cleanup-interval 1h
}

28
resources/chaosknoten/grafana/docker_compose/prometheus.yml
View file

@ -1,12 +1,12 @@
global:
scrape_interval: 60s
scrape_timeout: 15s
evaluation_interval: 30s
scrape_interval: 15s
scrape_timeout: 10s
evaluation_interval: 15s
alerting:
alertmanagers:
- scheme: http
timeout: 15s
timeout: 10s
static_configs:
- targets:
- "alertmanager:9093"
@ -22,8 +22,6 @@ scrape_configs:
static_configs:
- targets:
- localhost:9090
labels:
org: ccchh
- job_name: alertmanager
honor_timestamps: true
metrics_path: /metrics
@ -31,8 +29,6 @@ scrape_configs:
static_configs:
- targets:
- alertmanager:9093
labels:
org: ccchh
- job_name: mumble
honor_timestamps: true
scrape_interval: 5s
@ -42,8 +38,6 @@ scrape_configs:
static_configs:
- targets:
- mumble.hamburg.ccc.de:443
labels:
org: ccchh
- job_name: opnsense-ccchh
honor_timestamps: true
metrics_path: /metrics
@ -51,8 +45,6 @@ scrape_configs:
static_configs:
- targets:
- 185.161.129.132:9100
labels:
org: ccchh
- job_name: jitsi
honor_timestamps: true
scrape_interval: 5s
@ -62,14 +54,10 @@ scrape_configs:
static_configs:
- targets:
- jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge
labels:
org: ccchh
- job_name: 'pve'
static_configs:
- targets:
- 212.12.48.126 # chaosknoten
labels:
org: ccchh
metrics_path: /pve
params:
module: [ default ]
@ -86,7 +74,6 @@ scrape_configs:
static_configs:
# Wieske Chaosknoten VMs
- labels:
org: ccchh
site: wieske
type: virtual_machine
hypervisor: chaosknoten
@ -96,6 +83,7 @@ scrape_configs:
- public-web-static-intern.hamburg.ccc.de:9100
- git-intern.hamburg.ccc.de:9100
- forgejo-actions-runner-intern.hamburg.ccc.de:9100
- eh22-netbox-intern.hamburg.ccc.de:9100
- eh22-wiki-intern.hamburg.ccc.de:9100
- mjolnir-intern.hamburg.ccc.de:9100
- woodpecker-intern.hamburg.ccc.de:9100
@ -111,13 +99,7 @@ scrape_configs:
- zammad-intern.hamburg.ccc.de:9100
- pretalx-intern.hamburg.ccc.de:9100
- labels:
org: ccchh
site: wieske
type: physical_machine
targets:
- chaosknoten.hamburg.ccc.de:9100
storage:
tsdb:
out_of_order_time_window: 90m

41
resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml
View file

@ -1,41 +0,0 @@
groups:
- name: Fux-Generic
rules:
- alert: HostJobFlaky
expr: group by(instance, job) (changes(up{org="fux"}[24h]) > 7)
for: 0m
labels:
severity: info
org: fux
annotations:
summary: Job {{ $labels.job }} flaky on (instance {{ $labels.instance }})
description: "The job {{ $labels.job }} on target: {{ $labels.instance }} has been flaky over the last 24 hours."
- name: Fux-SNMP
rules:
- alert: SnmpTargetMissing
expr: up{job=~".*snmp.*", org="fux"} == 0
for: 15m
labels:
severity: critical
org: fux
annotations:
summary: SNMP target missing (instance {{ $labels.instance }})
description: "SNMP target: {{ $labels.instance }} has disappeared for more the 15 min."
- name: Fux-DHCP
rules:
- alert: DhcpFuxSharedFailed
expr: script_success{script="check_dhcp_fux_shared"} == 0
for: 2m
labels:
severity: critical
annotations:
summary: DHCP for Fux Shared stoped working
description: "No DHCP lease for the Fux Shared range was received \n V"
- alert: DhcpFuxAdminFailed
expr: script_success{script_success="check_dhcp_fux_admin"} == 0
for: 2m
labels:
severity: critical
annotations:
summary: DHCP for Fux Admin stoped working
description: "No DHCP lease for the Fux Admin range was received"

33
resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
View file

@ -196,9 +196,9 @@ groups:
# Same rule using "node_filesystem_free_bytes" will fire when disk fills for non-root users.
- alert: HostDiskWillFillIn24Hours
expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) predict_linear(node_filesystem_avail_bytes{fstype!~"tmpfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
for: 5m
for: 2m
labels:
severity: critical
severity: warning
annotations:
summary: Host disk will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of space within the next 24 hours at current write rate\n VALUE = {{ $value }}"
@ -212,9 +212,9 @@ groups:
description: "Disk is almost running out of available inodes (< 10% left)\n VALUE = {{ $value }}"
- alert: HostInodesWillFillIn24Hours
expr: (node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
for: 5m
for: 2m
labels:
severity: critical
severity: warning
annotations:
summary: Host inodes will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of inodes within the next 24 hours at current write rate\n VALUE = {{ $value }}"
@ -362,7 +362,7 @@ groups:
expr: (node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
for: 0m
labels:
severity: critical
severity: warning
annotations:
summary: Host systemd service crashed (instance {{ $labels.instance }})
description: "systemd service crashed\n VALUE = {{ $value }}"
@ -410,7 +410,7 @@ groups:
summary: Prometheus job missing (instance {{ $labels.instance }})
description: "A Prometheus job has disappeared\n VALUE = {{ $value }}"
- alert: PrometheusTargetMissing
expr: up{job!~"snmp|noc_room_temp"} == 0
expr: up == 0
for: 0m
labels:
severity: critical
@ -418,7 +418,7 @@ groups:
summary: Prometheus target missing (instance {{ $labels.instance }})
description: "A Prometheus target has disappeared. An exporter might be crashed.\n VALUE = {{ $value }}"
- alert: PrometheusAllTargetsMissing
expr: sum by (job) (up{job!~"snmp|noc_room_temp"}) == 0
expr: sum by (job) (up) == 0
for: 0m
labels:
severity: critical
@ -438,7 +438,6 @@ groups:
for: 0m
labels:
severity: warning
org: ccchh
annotations:
summary: Prometheus too many restarts (instance {{ $labels.instance }})
description: "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping.\n VALUE = {{ $value }}"
@ -447,7 +446,6 @@ groups:
for: 0m
labels:
severity: warning
org: ccchh
annotations:
summary: Prometheus AlertManager job missing (instance {{ $labels.instance }})
description: "A Prometheus AlertManager job has disappeared\n VALUE = {{ $value }}"
@ -456,7 +454,6 @@ groups:
for: 0m
labels:
severity: warning
org: ccchh
annotations:
summary: Prometheus AlertManager configuration reload failure (instance {{ $labels.instance }})
description: "AlertManager configuration reload error\n VALUE = {{ $value }}"
@ -465,7 +462,6 @@ groups:
for: 0m
labels:
severity: warning
org: ccchh
annotations:
summary: Prometheus AlertManager config not synced (instance {{ $labels.instance }})
description: "Configurations of AlertManager cluster instances are out of sync\n VALUE = {{ $value }}"
@ -483,7 +479,6 @@ groups:
for: 0m
labels:
severity: critical
org: ccchh
annotations:
summary: Prometheus not connected to alertmanager (instance {{ $labels.instance }})
description: "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}"
@ -492,7 +487,6 @@ groups:
for: 0m
labels:
severity: critical
org: ccchh
annotations:
summary: Prometheus rule evaluation failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}"
@ -501,7 +495,6 @@ groups:
for: 0m
labels:
severity: critical
org: ccchh
annotations:
summary: Prometheus template text expansion failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}"
@ -510,7 +503,6 @@ groups:
for: 5m
labels:
severity: warning
org: ccchh
annotations:
summary: Prometheus rule evaluation slow (instance {{ $labels.instance }})
description: "Prometheus rule evaluation took more time than the scheduled interval. It indicates a slower storage backend access or too complex query.\n VALUE = {{ $value }}"
@ -527,7 +519,6 @@ groups:
for: 0m
labels:
severity: critical
org: ccchh
annotations:
summary: Prometheus AlertManager notification failing (instance {{ $labels.instance }})
description: "Alertmanager is failing sending notifications\n VALUE = {{ $value }}"
@ -536,7 +527,6 @@ groups:
for: 0m
labels:
severity: critical
org: ccchh
annotations:
summary: Prometheus target empty (instance {{ $labels.instance }})
description: "Prometheus has no target in service discovery\n VALUE = {{ $value }}"
@ -545,7 +535,6 @@ groups:
for: 5m
labels:
severity: warning
org: ccchh
annotations:
summary: Prometheus target scraping slow (instance {{ $labels.instance }})
description: "Prometheus is scraping exporters slowly since it exceeded the requested interval time. Your Prometheus server is under-provisioned.\n VALUE = {{ $value }}"
@ -586,7 +575,6 @@ groups:
for: 0m
labels:
severity: critical
org: ccchh
annotations:
summary: Prometheus TSDB compactions failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB compactions failures\n VALUE = {{ $value }}"
@ -595,7 +583,6 @@ groups:
for: 0m
labels:
severity: critical
org: ccchh
annotations:
summary: Prometheus TSDB head truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB head truncation failures\n VALUE = {{ $value }}"
@ -604,7 +591,6 @@ groups:
for: 0m
labels:
severity: critical
org: ccchh
annotations:
summary: Prometheus TSDB reload failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB reload failures\n VALUE = {{ $value }}"
@ -613,7 +599,6 @@ groups:
for: 0m
labels:
severity: critical
org: ccchh
annotations:
summary: Prometheus TSDB WAL corruptions (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL corruptions\n VALUE = {{ $value }}"
@ -622,16 +607,14 @@ groups:
for: 0m
labels:
severity: critical
org: ccchh
annotations:
summary: Prometheus TSDB WAL truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL truncation failures\n VALUE = {{ $value }}"
- alert: PrometheusTimeseriesCardinality
expr: label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 20000
expr: label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 10000
for: 0m
labels:
severity: warning
org: ccchh
annotations:
summary: Prometheus timeseries cardinality (instance {{ $labels.instance }})
description: "The \"{{ $labels.name }}\" timeseries cardinality is getting very high: {{ $value }}\n VALUE = {{ $value }}"

70
resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf
View file

@ -2,8 +2,7 @@
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
# Listen on a custom port for the proxy protocol.
listen 8443 ssl proxy_protocol;
http2 on;
listen 8443 ssl http2 proxy_protocol;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
@ -41,71 +40,4 @@ server {
proxy_pass http://127.0.0.1:3000/;
}
location /ntfy-alertmanager-ccchh-critical/ {
deny all;
allow ::1/128;
allow 127.0.0.1/32;
# Wieske
allow 172.31.17.128/25;
allow 212.12.51.128/28;
allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
allow 2a00:14b0:4200:3000::/64; #Bei Wieske
allow 2a00:14b0:4200:3380::/64;
allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
# Z9
allow 2a07:c480:0:100::/56;
allow 2a07:c481:1::/48;
proxy_pass http://127.0.0.1:8000/;
}
location /ntfy-alertmanager-ccchh/ {
deny all;
allow ::1/128;
allow 127.0.0.1/32;
# Wieske
allow 172.31.17.128/25;
allow 212.12.51.128/28;
allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
allow 2a00:14b0:4200:3000::/64; #Bei Wieske
allow 2a00:14b0:4200:3380::/64;
allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
# Z9
allow 2a07:c480:0:100::/56;
allow 2a07:c481:1::/48;
proxy_pass http://127.0.0.1:8010/;
}
location /ntfy-alertmanager-fux-critical/ {
deny all;
allow ::1/128;
allow 127.0.0.1/32;
# Wieske
allow 172.31.17.128/25;
allow 212.12.51.128/28;
allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
allow 2a00:14b0:4200:3000::/64; #Bei Wieske
allow 2a00:14b0:4200:3380::/64;
allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
# Z9
allow 2a07:c480:0:100::/56;
allow 2a07:c481:1::/48;
proxy_pass http://127.0.0.1:8001/;
}
location /ntfy-alertmanager-fux/ {
deny all;
allow ::1/128;
allow 127.0.0.1/32;
# Wieske
allow 172.31.17.128/25;
allow 212.12.51.128/28;
allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
allow 2a00:14b0:4200:3000::/64; #Bei Wieske
allow 2a00:14b0:4200:3380::/64;
allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
# Z9
allow 2a07:c480:0:100::/56;
allow 2a07:c481:1::/48;
proxy_pass http://127.0.0.1:8011/;
}
}

89
resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
View file

@ -1,89 +0,0 @@
server {
allow ::1/128;
allow 127.0.0.1/32;
# Wieske
allow 172.31.17.128/25;
allow 212.12.51.128/28;
allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
allow 2a00:14b0:4200:3000::/64; #Bei Wieske
allow 2a00:14b0:4200:3380::/64;
allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
# Z9
allow 2a07:c480:0:100::/56;
allow 2a07:c481:1::/48;
deny all;
server_name loki.hamburg.ccc.de;
listen [::]:50051 ssl;
listen 172.31.17.145:50051 ssl;
http2 on;
client_body_buffer_size 512k;
ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
auth_basic "loki";
auth_basic_user_file loki.htpasswd;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 9099;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Scope-OrgID $remote_user;
grpc_pass grpc://localhost:19099;
}
}
server {
allow ::1/128;
allow 127.0.0.1/32;
# Wieske
allow 172.31.17.128/25;
allow 212.12.51.128/28;
allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
allow 2a00:14b0:4200:3000::/64; #Bei Wieske
allow 2a00:14b0:4200:3380::/64;
allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
# Z9
allow 2a07:c480:0:100::/56;
allow 2a07:c481:1::/48;
deny all;
server_name loki.hamburg.ccc.de;
listen [::]:443 ssl;
listen 172.31.17.145:443 ssl;
http2 on;
client_body_buffer_size 512k;
ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
auth_basic "loki";
auth_basic_user_file loki.htpasswd;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Scope-OrgID $remote_user;
proxy_pass http://127.0.0.1:13100;
}
}

1
resources/chaosknoten/grafana/nginx/loki.htpasswd.j2
View file

@ -1 +0,0 @@
chaos:{{ secret__loki_chaos_basic_auth }}

61
resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
View file

@ -1,61 +0,0 @@
server {
allow ::1/128;
allow 127.0.0.1/32;
# Wieske
allow 172.31.17.128/25;
allow 212.12.51.128/28;
allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
allow 2a00:14b0:4200:3000::/64; #Bei Wieske
allow 2a00:14b0:4200:3380::/64;
allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
# Z9
allow 2a07:c480:0:100::/56;
allow 2a07:c481:1::/48;
# fuxnoc
allow 2a07:c481:0:1::/64;
deny all;
server_name metrics.hamburg.ccc.de;
listen [::]:443 ssl;
listen 172.31.17.145:443 ssl;
http2 on;
client_body_buffer_size 512k;
ssl_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/metrics.hamburg.ccc.de/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
auth_basic "metrics";
auth_basic_user_file metrics.htpasswd;
location /api/v1/write {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 3100;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:9090;
}
location /ready {
rewrite ^ /-/ready break;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:9090;
}
}

2
resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2
View file

@ -1,2 +0,0 @@
chaos:{{ secret__metrics_chaos_basic_auth }}
fux:{{ secret__metrics_fux_basic_auth }}

14
resources/chaosknoten/grafana/nginx/redirect.conf
View file

@ -1,14 +0,0 @@
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
proxy_pass http://127.0.0.1:31820/.well-known/acme-challenge/;
}
}

20
resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
View file

@ -22,7 +22,7 @@
services:
keycloak:
image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.2
image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.0
pull_policy: always
restart: unless-stopped
command: start --optimized
@ -32,11 +32,11 @@ services:
- keycloak
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: {{ secret__keycloak_admin_password }}
KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
KC_DB: postgres
KC_DB_URL_HOST: db
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: {{ secret__keycloak_db_password }}
KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
KC_HOSTNAME: https://id.hamburg.ccc.de
KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
@ -46,7 +46,7 @@ services:
- "8080:8080"
db:
image: postgres:15.13
image: postgres:15.2
restart: unless-stopped
networks:
- keycloak
@ -54,7 +54,7 @@ services:
- "./database:/var/lib/postgresql/data"
environment:
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: {{ secret__keycloak_db_password }}
POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
POSTGRES_DB: keycloak
id-invite-web:
@ -76,10 +76,10 @@ services:
- "IDINVITE_URL=https://invite.hamburg.ccc.de"
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
- "IDINVITE_VALID_HOURS=50"
- "IDINVITE_SECRET={{ secret__idinvite_token_secret }}"
- "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}"
- "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
- "IDINVITE_CLIENT_ID=id-invite"
- "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
- "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
- "MAIL_FROM=no-reply@hamburg.ccc.de"
- "BOTTLE_HOST=0.0.0.0"
@ -96,7 +96,7 @@ services:
- "MAIL_FROM=no-reply@id.hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
- "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}"
- "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}"
id-invite-keycloak:
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
@ -107,10 +107,10 @@ services:
environment:
- "BOTTLE_HOST=0.0.0.0"
- "IDINVITE_CLIENT_ID=id-invite"
- "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
- "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
- "KEYCLOAK_API_URL=http://keycloak:8080"
- "KEYCLOAK_API_USERNAME=id-invite"
- "KEYCLOAK_API_PASSWORD={{ secret__idinvite_admin_password }}"
- "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}"
- "KEYCLOAK_API_REALM=ccchh"
- 'KEYCLOAK_GROUPS=["user"]'

1
resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
View file

@ -43,7 +43,6 @@ server {
allow 185.161.129.132/32; # z9
allow 2a07:c480:0:100::/56; # z9
allow 2a07:c481:1::/48; # z9 new ipv6
allow 213.240.180.39/32; # stbe home
allow 2a01:170:118b::1/64; # stbe home
deny all;

6
resources/chaosknoten/netbox/netbox/configuration.py.j2
View file

@ -3,7 +3,7 @@ DATABASE = {
"HOST": "localhost",
"NAME": "netbox",
"USER": "netbox",
"PASSWORD": "{{ netbox__db_password }}",
"PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}",
}
REDIS = {
"tasks": {
@ -23,7 +23,7 @@ REDIS = {
"SSL": False,
},
}
SECRET_KEY = "{{ secret__netbox_secret_key }}"
SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SECRET_KEY', create=false, missing='error') }}"
SESSION_COOKIE_SECURE = True
# CCCHH ID (Keycloak) integration.
@ -38,7 +38,7 @@ SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = (
)
SOCIAL_AUTH_KEYCLOAK_KEY = "netbox"
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB"
SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ secret__netbox_social_auth_keycloak_secret }}"
SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}"
# Use custom OIDC group and role mapping pipeline functions added in via
# netbox__custom_pipeline_oidc_group_and_role_mapping.
# The default pipeline this is based on can be found here:

24
resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2
View file

@ -1,24 +0,0 @@
---
services:
ntfy:
image: binwiederhier/ntfy
container_name: ntfy
command:
- serve
volumes:
- ntfy_cache:/var/cache/ntfy
- ntfy_var:/var/lib/ntfy
- ./configs/server.yml:/etc/ntfy/server.yml
ports:
- 2586:2586
- 9586:9586
healthcheck: # optional: remember to adapt the host:port to your environment
test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:2586/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
interval: 60s
timeout: 10s
retries: 3
start_period: 40s
restart: unless-stopped
volumes:
ntfy_cache: {}
ntfy_var: {}

21
resources/chaosknoten/ntfy/docker_compose/server.yaml.j2
View file

@ -1,21 +0,0 @@
base-url: "https://ntfy.hamburg.ccc.de"
default-host: "https://ntfy.hamburg.ccc.de"
listen-http: ":2586"
behind-proxy: true
cache-file: "/var/cache/ntfy/cache.db"
log-format: json
enable-metrics: true
metrics-listen-http: ":9586"
auth-default-access: "deny-all"
auth-file: "/var/lib/ntfy/user.db"
attachment-cache-dir: "/var/cache/ntfy/attachments"
web-push-public-key: "BCx7PqDiVNlOiAHHfSxjbTle_LN4hetwHYi58GJhQxiY33AQ663IaJVro7B28j-1KOqwdzKco3dMMwzBJl9OQ90"
web-push-private-key: {{ secret__ntfy_web_push_private_key }}
web-push-file: "/var/cache/ntfy/webpush.db"
web-push-email-address: "mailto:noc@lists.hamburg.ccc.de"
upstream-base-url: "https://ntfy.sh"

2
resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
View file

@ -14,4 +14,4 @@ services:
ports:
- "8080:80"
environment:
JWT_SECRET: {{ secret__onlyoffice_jwt_secret }}
JWT_SECRET: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/onlyoffice/JWT_SECRET", create=false, missing="error") }}

10
resources/chaosknoten/pad/docker_compose/compose.yaml.j2
View file

@ -6,7 +6,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=hedgedoc"
- "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
- "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
- "POSTGRES_DB=hedgedoc"
volumes:
- database:/var/lib/postgresql/data
@ -16,7 +16,7 @@ services:
#image: quay.io/hedgedoc/hedgedoc:1.9.9
image: quay.io/hedgedoc/hedgedoc:latest
environment:
- "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc"
- "CMD_DB_URL=postgres://hedgedoc:{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}@database:5432/hedgedoc"
- "CMD_DOMAIN=pad.hamburg.ccc.de"
- "CMD_PROTOCOL_USESSL=true"
- "CMD_HSTS_ENABLE=false"
@ -35,7 +35,7 @@ services:
- "CMD_OAUTH2_TOKEN_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
- "CMD_OAUTH2_AUTHORIZATION_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
- "CMD_OAUTH2_CLIENT_ID=pad"
- "CMD_OAUTH2_CLIENT_SECRET={{ secret__hedgedoc_kc_secret }}"
- "CMD_OAUTH2_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/KC_SECRET", create=false, missing="error") }}"
- "CMD_OAUTH2_PROVIDERNAME=Keycloak"
- "CMD_OAUTH2_SCOPE=openid email profile"
volumes:
@ -53,11 +53,11 @@ services:
environment:
- "POSTGRES_HOSTNAME=database"
- "POSTGRES_USERNAME=hedgedoc"
- "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
- "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
- "SMTP_FROM=pad@hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=pad@hamburg.ccc.de"
- "SMTP_PASSWORD={{ secret__pad_smtp_password }}"
- "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/smtp_password", create=false, missing="error") }}"
- "URL=https://pad.hamburg.ccc.de"
depends_on:
- database

9
resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
View file

@ -6,7 +6,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=pretalx"
- "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"
- "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
- "POSTGRES_DB=pretalx"
volumes:
- database:/var/lib/postgresql/data
@ -53,14 +53,13 @@ services:
restart: unless-stopped
environment:
PRETALX_DATA_DIR: /data
PRETALX_FILE_UPLOAD_LIMIT: 1000 # MB
PRETALX_FILESYSTEM_MEDIA: /public/media
PRETALX_FILESYSTEM_STATIC: /public/static
PRETALX_SITE_URL: https://pretalx.hamburg.ccc.de
PRETALX_DB_TYPE: postgresql
PRETALX_DB_NAME: pretalx
PRETALX_DB_USER: pretalx
PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}"
PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
PRETALX_DB_HOST: database
PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
PRETALX_MAIL_HOST: "cow-intern.hamburg.ccc.de"
@ -90,13 +89,13 @@ services:
PRETALX_DB_TYPE: postgresql
PRETALX_DB_NAME: pretalx
PRETALX_DB_USER: pretalx
PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}"
PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
PRETALX_DB_HOST: database
PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
PRETALX_MAIL_HOST: "cow.hamburg.ccc.de"
PRETALX_MAIL_PORT: 587
PRETALX_MAIL_USER: pretalx@hamburg.ccc.de
PRETALX_MAIL_PASSWORD: "{{ secret__pretalx_mail_password }}"
PRETALX_MAIL_PASSWORD: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/PRETALX_MAIL_PASSWORD", create=false, missing="error") }}"
PRETALX_MAIL_TLS: "true"
PRETALX_CELERY_BACKEND: redis://redis/1
PRETALX_CELERY_BROKER: redis://redis/2

9
resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
View file

@ -17,8 +17,6 @@ map $host $upstream_acme_challenge_host {
invite.hamburg.ccc.de 172.31.17.144:31820;
keycloak-admin.hamburg.ccc.de 172.31.17.144:31820;
matrix.hamburg.ccc.de 172.31.17.150:31820;
mas.hamburg.ccc.de 172.31.17.150:31820;
element-admin.hamburg.ccc.de 172.31.17.151:31820;
netbox.hamburg.ccc.de 172.31.17.167:31820;
onlyoffice.hamburg.ccc.de 172.31.17.147:31820;
pad.hamburg.ccc.de 172.31.17.141:31820;
@ -72,11 +70,8 @@ map $host $upstream_acme_challenge_host {
design.hamburg.ccc.de 172.31.17.162:31820;
hydra.hamburg.ccc.de 172.31.17.163:31820;
cfp.eh22.easterhegg.eu 172.31.17.157:31820;
ntfy.hamburg.ccc.de 172.31.17.149:31820;
cryptoparty-hamburg.de 172.31.17.151:31820;
cryptoparty.hamburg.ccc.de 172.31.17.151:31820;
staging.cryptoparty-hamburg.de 172.31.17.151:31820;
staging.cryptoparty.hamburg.ccc.de 172.31.17.151:31820;
hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820;
netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:31820;
default "";
}

9
resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
View file

@ -34,8 +34,6 @@ stream {
staging.hackertours.hamburg.ccc.de 172.31.17.151:8443;
netbox.hamburg.ccc.de 172.31.17.167:8443;
matrix.hamburg.ccc.de 172.31.17.150:8443;
mas.hamburg.ccc.de 172.31.17.150:8443;
element-admin.hamburg.ccc.de 172.31.17.151:8443;
element.hamburg.ccc.de 172.31.17.151:8443;
branding-resources.hamburg.ccc.de 172.31.17.151:8443;
www.hamburg.ccc.de 172.31.17.151:8443;
@ -90,11 +88,8 @@ stream {
design.hamburg.ccc.de 172.31.17.162:8443;
hydra.hamburg.ccc.de 172.31.17.163:8443;
cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443;
ntfy.hamburg.ccc.de 172.31.17.149:8443;
cryptoparty-hamburg.de 172.31.17.151:8443;
cryptoparty.hamburg.ccc.de 172.31.17.151:8443;
staging.cryptoparty-hamburg.de 172.31.17.151:8443;
staging.cryptoparty.hamburg.ccc.de 172.31.17.151:8443;
hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443;
netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:8443;
}
server {

84
resources/chaosknoten/router/nftables/nftables.conf Normal file
View file

@ -0,0 +1,84 @@
#!/usr/sbin/nft -f
## Variables
# Interfaces
define if_net1_v4_wan = "net1"
define if_net2_v6_wan = "net2"
define if_net0_2_v4_nat = "net0.2"
define if_net0_3_ci_runner = "net0.3"
define if_net0_4_v4_nat_legacy = "net0.4"
define if_net0_5_public = "net0.5"
# Interface Groups
define wan_ifs = { $if_net1_v4_wan,
$if_net2_v6_wan }
define lan_ifs = { $if_net0_2_v4_nat,
$if_net0_3_ci_runner,
$if_net0_4_v4_nat_legacy,
$if_net0_5_public }
define v4_exposed_ifs = { $if_net0_5_public }
define v6_exposed_ifs = { $if_net0_2_v4_nat,
$if_net0_4_v4_nat_legacy,
$if_net0_5_public }
## Rules
table inet reverse-path-forwarding {
chain rpf-filter {
type filter hook prerouting priority mangle + 10; policy drop;
# Only allow packets if their source address is routed via their incoming interface.
# https://github.com/NixOS/nixpkgs/blob/d9d87c51960050e89c79e4025082ed965e770d68/nixos/modules/services/networking/firewall-nftables.nix#L100
fib saddr . mark . iif oif exists accept
}
}
table inet host {
chain input {
type filter hook input priority filter; policy drop;
iifname "lo" accept comment "allow loopback"
ct state invalid drop
ct state established,related accept
ip protocol icmp accept
ip6 nexthdr icmpv6 accept
# Allow SSH access.
tcp dport 22 accept comment "allow ssh access"
# Allow DHCP server access.
iifname $if_net0_3_ci_runner udp dport 67 accept comment "allow dhcp server access"
}
}
table ip v4nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
oifname $if_net1_v4_wan masquerade
}
}
table inet forward {
chain forward {
type filter hook forward priority filter; policy drop;
ct state invalid drop
ct state established,related accept
# Allow internet access.
iifname $lan_ifs oifname $wan_ifs accept comment "allow internet access"
# Allow access to exposed networks from internet.
meta nfproto ipv4 oifname $v4_exposed_ifs accept comment "allow v4 exposed network access"
meta nfproto ipv6 oifname $v6_exposed_ifs accept comment "allow v6 exposed network access"
}
}

6
resources/chaosknoten/router/systemd_networkd/00-net0.link Normal file
View file

@ -0,0 +1,6 @@
[Match]
MACAddress=BC:24:11:54:11:15
Type=ether
[Link]
Name=net0

7
resources/chaosknoten/router/systemd_networkd/00-net1.link Normal file
View file

@ -0,0 +1,7 @@
[Match]
# Stolen from turing to make 212.12.48.122 work.
MACAddress=0E:A4:E3:97:16:92
Type=ether
[Link]
Name=net1

6
resources/chaosknoten/router/systemd_networkd/00-net2.link Normal file
View file

@ -0,0 +1,6 @@
[Match]
MACAddress=BC:24:11:AE:C7:04
Type=ether
[Link]
Name=net2

7
resources/chaosknoten/router/systemd_networkd/10-net0.2-v4_nat.netdev Normal file
View file

@ -0,0 +1,7 @@
[NetDev]
Name=net0.2
Kind=vlan
[VLAN]
Id=2

7
resources/chaosknoten/router/systemd_networkd/10-net0.3-ci_runner.netdev Normal file
View file

@ -0,0 +1,7 @@
[NetDev]
Name=net0.3
Kind=vlan
[VLAN]
Id=3

6
resources/chaosknoten/router/systemd_networkd/10-net0.4-v4_nat_legacy.netdev Normal file
View file

@ -0,0 +1,6 @@
[NetDev]
Name=net0.4
Kind=vlan
[VLAN]
Id=4

6
resources/chaosknoten/router/systemd_networkd/10-net0.5-public.netdev Normal file
View file

@ -0,0 +1,6 @@
[NetDev]
Name=net0.5
Kind=vlan
[VLAN]
Id=5

13
resources/chaosknoten/router/systemd_networkd/20-net0.network Normal file
View file

@ -0,0 +1,13 @@
[Match]
Name=net0
[Link]
RequiredForOnline=no
[Network]
VLAN=net0.2
VLAN=net0.3
VLAN=net0.4
VLAN=net0.5
LinkLocalAddressing=no

15
resources/chaosknoten/router/systemd_networkd/20-net1.network Normal file
View file

@ -0,0 +1,15 @@
[Match]
Name=net1
[Network]
DNS=212.12.50.158
IPForward=ipv4
IPv6AcceptRA=no
# v4 taken from turing for routing public v4 range and turing-compat for v4-NAT-legacy network.
# Also just the v4 for other purposes as well.
Address=212.12.48.122/24
Address=212.12.48.123/24
# v6 for turing-compat for v4-NAT-legacy network routed v6.
Address=2a00:14b0:4200:3000:122::1
Gateway=212.12.48.55
Gateway=2a00:14b0:4200:3000::1

14
resources/chaosknoten/router/systemd_networkd/20-net2.network Normal file
View file

@ -0,0 +1,14 @@
[Match]
Name=net2
[Network]
#DNS=212.12.50.158
IPForward=ipv6
IPv6AcceptRA=no
[Address]
Address=2a00:14b0:4200:3500::130:2/112
[Route]
Gateway=2a00:14b0:4200:3500::130:1

23
resources/chaosknoten/router/systemd_networkd/21-net0.2-v4_nat.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=net0.2
Type=vlan
[Link]
RequiredForOnline=no
[Network]
Description=v4-NAT
# Masquerading done in nftables (nftables.conf).
IPv6SendRA=yes
[Address]
Address=10.32.2.1/24
[IPv6SendRA]
UplinkInterface=net2
[IPv6Prefix]
Prefix=2a00:14b0:42:102::/64
Assign=true
Token=static:::1

29
resources/chaosknoten/router/systemd_networkd/21-net0.3-ci_runners.network Normal file
View file

@ -0,0 +1,29 @@
[Match]
Name=net0.3
Type=vlan
[Link]
RequiredForOnline=no
[Network]
Description=ci-runners
# Masquerading done in nftables (nftables.conf).
IPv6SendRA=yes
DHCPServer=true
[DHCPServer]
PoolOffset=100
PoolSize=150
[Address]
Address=10.32.3.1/24
[IPv6SendRA]
UplinkInterface=net2
[IPv6Prefix]
Prefix=2a00:14b0:42:103::/64
Assign=true
Token=static:::1

23
resources/chaosknoten/router/systemd_networkd/21-net0.4-v4_nat_legacy.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=net0.4
Type=vlan
[Link]
RequiredForOnline=no
[Network]
Description=v4-NAT-legacy
# Masquerading done in nftables (nftables.conf).
IPv6SendRA=yes
[Address]
Address=172.31.17.129/25
[IPv6SendRA]
UplinkInterface=net1
[IPv6Prefix]
Prefix=2a00:14b0:f000:23::/64
Assign=true
Token=static:::1

22
resources/chaosknoten/router/systemd_networkd/21-net0.5-public.network Normal file
View file

@ -0,0 +1,22 @@
[Match]
Name=net0.5
Type=vlan
[Link]
RequiredForOnline=no
[Network]
Description=public
IPv6SendRA=yes
[Address]
Address=212.12.50.209/29
[IPv6SendRA]
UplinkInterface=net2
[IPv6Prefix]
Prefix=2a00:14b0:42:105::/64
Assign=true
Token=static:::1

2
resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
View file

@ -4,7 +4,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=pretix"
- "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"
- "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}"
- "POSTGRES_DB=pretix"
volumes:
- database:/var/lib/postgresql/data

2
resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
View file

@ -10,7 +10,7 @@ trust_x_forwarded_proto=on
backend=postgresql
name=pretix
user=pretix
password={{ secret__pretix_db_password }}
password={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}
host=database
[mail]

2
resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
View file

@ -11,7 +11,7 @@ see https://github.com/zammad/zammad-docker-compose/blob/master/.env
{%- set POSTGRES_DB = "zammad_production" | quote -%}
{%- set POSTGRES_HOST = "zammad-postgresql" | quote -%}
{%- set POSTGRES_USER = "zammad" | quote -%}
{%- set POSTGRES_PASS = secret__zammad_db_password | quote -%}
{%- set POSTGRES_PASS = lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/zammad/DB_PASSWORD", create=false, missing="error") | quote -%}
{%- set POSTGRES_PORT = "5432" | quote -%}
{%- set POSTGRES_VERSION = "15-alpine" | quote -%}
{%- set REDIS_URL = "redis://zammad-redis:6379" | quote -%}

22
resources/z9/dooris/docker_compose/compose.yaml.j2
View file

@ -1,22 +0,0 @@
---
services:
dooris:
image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest
environment:
HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56 172.31.200.0/23 172.31.202.0/27"
HMDOORIS_CCUJACK_CERTIFICATE_PATH: false
HMDOORIS_CCUJACK_PASSWORD: "{{ secret__dooris_ccujack_password }}"
HMDOORIS_CCUJACK_URL: https://hmdooris-ccu.ccchh.net:2122
HMDOORIS_CCUJACK_USERNAME: dooris
HMDOORIS_CLIENT_ID: dooris
HMDOORIS_CLIENT_SECRET: "{{ secret__dooris_client_secret }}"
HMDOORIS_DISCOVERY_URL: https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration
HMDOORIS_LISTEN: '0.0.0.0:3000'
HMDOORIS_REQUIRES_GROUP: /intern
HMDOORIS_URL: https://dooris.ccchh.net
PYTHONWARNINGS: "ignore:Unverified HTTPS request"
#DEBUG: true
ports:
- "127.0.0.1:3000:3000"
restart: unless-stopped

37
resources/z9/dooris/nginx/dooris.ccchh.net.conf
View file

@ -1,37 +0,0 @@
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name dooris.ccchh.net;
ssl_certificate /etc/letsencrypt/live/dooris.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dooris.ccchh.net/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/dooris.ccchh.net/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 443;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
# Hide the X-Forwarded header.
proxy_hide_header X-Forwarded;
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
# is transparent).
# Also provide "_hidden" for by, since it's not relevant.
proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
location / {
proxy_pass http://127.0.0.1:3000/;
}
}

10
resources/z9/waybackproxy/docker_compose/compose.yaml.j2
View file

@ -1,10 +0,0 @@
services:
# https://github.com/richardg867/WaybackProxy
waybackproxy:
image: cttynul/waybackproxy:latest
environment:
DATE: 19990101
DATE_TOLERANCE: 730
ports:
- "1999:8888"
restart: unless-stopped

5
resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf
View file

@ -1,5 +0,0 @@
# TODO: set up caching proxy
# server {
# listen 1999
# }

12
resources/z9/yate/docker_compose/README.md
View file

@ -1,12 +0,0 @@
# Yate Configuration
Yate has a [beginners guide](https://docs.yate.ro/wiki/Beginners_in_Yate). Otherwise, you need to refer to the [sample config files](https://github.com/eventphone/yate/tree/master/conf.d).
For our limited setup, we only need three files:
* accfile.conf for defining SIP registrars that we want to register with (EPVPN, Fonial, and the Fux door intercom system)
* regexroute.conf for the call routing rules
* regfile.conf for the phones that connect to yate.ccchh.net
## Docker Compose Setup
yate runs as a container wiht host networking. The image is build through https://git.hamburg.ccc.de/CCCHH/yate-image, it is using the Eventphone fork of yate.

35
resources/z9/yate/docker_compose/accfile.conf.j2
View file

@ -1,35 +0,0 @@
; Yate will register to these SIP services
; see https://github.com/eventphone/yate/blob/master/conf.d/accfile.conf.sample
[epvpn_ccchh]
enabled=yes
protocol=sip
description=Eventphone EPVPN CCCHH
username=1008
authname=1008
password={{ secret__yate__sip_trunk_epvpn }}
interval=120
registrar=hg.eventphone.de
keepalive=1
[fonial_ccchh]
enabled=yes
protocol=sip
description=Fonial CCCHH
username=fo370381tr317349_00
authname=fo370381tr317349_00
password={{ secret__yate__sip_trunk_fonial }}
interval=120
registrar=sip.plusnet.de
keepalive=1
[fux_intercom]
enabled=yes
protocol=sip
description=Fux Intercom CCCHH doorbell
username=1337
authname=1337
password={{ secret__yate__sip_trunk_fux }}
interval=120
registrar=172.16.210.2
keepalive=1

20
resources/z9/yate/docker_compose/compose.yaml.j2
View file

@ -1,20 +0,0 @@
---
services:
yate:
image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest
# command:
# - sh
# - "-c"
# - "while :; do sleep 10; done"
environment:
DEBUG: true
network_mode: host
# ports:
# - "127.0.0.1:3000:3000"
restart: unless-stopped
volumes:
- ./configs/accfile.conf:/opt/yate/etc/yate/accfile.conf
- ./configs/regexroute.conf:/opt/yate/etc/yate/regexroute.conf
- ./configs/regfile.conf:/opt/yate/etc/yate/regfile.conf
- ./lib-yate:/var/lib/yate

100
resources/z9/yate/docker_compose/regexroute.conf.j2
View file

@ -1,100 +0,0 @@
; Call routing
; see https://github.com/eventphone/yate/blob/master/conf.d/regexroute.conf.sample
[priorities]
; route: int: Priority of the routing message handler
route=90
[contexts]
; INBOUND CALLS:
${called}^1337$=inbound_fux
${called}^1008$=inbound_epvpn
${called}^04023830150$=inbound_fonial
${called}^fo370381tr317349_00$=inbound_fonial
;${called}.*=inbound
;^[0-9]\{4\}$=inbound ; Calls from 4 digit numbers: EPVPN
;^+\?[0-9]\{5,\}$=inbound ; Calls from longer numbers, optionally starting with +
;^*\{1,2\}[0-9]\{1,3\}$=inbound ; Internal fritzbox calls
; OUTBOUND CALLS:
^[0-9]\{3\}=outbound
^[a-z0-9]\{4,\}=outbound ; calls from internal users
^.*$=fallback ; Whatever calls managed to not be handled yet
[default] ; unused
^.*$=echo [default]"\0"
[test] ; unused
^.*$=echo [test] "\0"
^99991001$=tone/dial
^99991002$=tone/busy
^99991003$=tone/ring
^99991004$=tone/specdial
^99991005$=tone/congestion
^99991006$=tone/outoforder
^99991007$=tone/milliwatt
^99991008$=tone/info
; DEBUG HELPER
; ^.*$=echo match \0 adr ${address} src ${callsource} form ${formats} id ${id} peer ${peerid} type ${type} user ${username} caller ${caller} called ${called}
^[0-9]\{1,2\}$=return;called=\0
[outbound] ; Calls from internal users
^.*$=echo [outbound] "\0" ${caller}->${called} ; log for debug
^[0-9]\{3\}$=jump internal
^[0-9]\{1,2\}$=jump z9 ; To internal -> z9
^.*$=echo [outbound] "\0" ${caller}->${called} ; log for debug
^.*$=line/\0;line=epvpn_ccchh ; Route everything (.*) to the specified accfile line
[inbound_epvpn]
^.*$=echo [inbound_epvpn] ${caller}->${called}
^.*$=return;callername=EPVPN ${caller};called=0 ; TODO which extension do we want to route to?
[inbound_fux]
^.*$=echo [inbound_fux] ${caller}->${called}
^.*$=return;callername=Door ${caller};called=0 ; TODO which extension do we want to route to?
[inbound_fonial]
^.*$=echo [inbound_fonial] ${caller}->${called}
^.*$=return;callername=Fonial ${caller};called=0 ; TODO which extension do we want to route to?
[inbound] ; Calls from EPVPN or outside world
^.*$=echo [inbound] "\0" ${caller}->${called} user:${user} callername:${callername} callsource:${callsource} ; log
^.*$=return;callername=EXTERN ${caller};called=0 ; set call recipient to 0 (shared alias between
; all clients in regfile.conf
[internal]
^.*$=echo [internal] "\0" ${caller}->${called}
^110$=line/110;line=fonial_ccchh
^112$=line/112;line=fonial_ccchh
^115$=line/040115;line=fonial_ccchh
^911$=line/112;line=fonial_ccchh
^999$=line/112;line=fonial_ccchh
; ^119$=line/01753288861;line=fonial_ccchh ; testing only stb cell number
^.*$=return;called=\0
[z9] ; Internal calls
^.*$=echo [z9] "\0" ${caller}->${called} ; log
; test service numbers
^91$=sip/sip:ha@10.31.208.10:5060; called=ha;format=opus ; Homeassistant
^98$=external/playrec/echo.sh ; Echotest
^99$=external/play/tts.sh;mode=text;text=Hallo Hallo Hallo ; TTS test
^.*$=return;called=\0 ; Any remaining internal calls to all
; Context: Calls to regfile.conf aliases are always
; handled directly and should never get here
[special]
^.*$=echo [special] "\0"
^.*$=tone/info
[fallback]
^.*$=echo [fallback] \0 adr ${address} src ${callsource} form ${formats} id ${id} peer ${peerid} type ${type} user ${username} caller ${caller} called ${called}
^*\{1,2\}[0-9]\{1,3\}$=jump outbound
^.*$=tone/busy

37
resources/z9/yate/docker_compose/regfile.conf.j2
View file

@ -1,37 +0,0 @@
; YATE offers registration to these SIP devices (ie. phones)
; see https://github.com/eventphone/yate/blob/master/conf.d/regfile.conf.sample
route=100
file=/var/lib/yate/regfile.swap
[501]
password={{ secret__yate__sip_extension_legacy }}
alternatives=0,1008,1337
callername=Legacy
# Yealink im großen Raum am Fenster
[502]
password={{ secret__yate__sip_extension_flausch}}
alternatives=0,1008,1337
callername=Flausch
# Yealink im großen Raum am Sofa
[503]
password={{ secret__yate__sip_extension_ewerkstatt }}
alternatives=0,1008,1337
callername=E-Werkstatt
# Yealink in der E-Werkstatt
[610]
password={{ secret__yate__sip_extension_fritzbox_dect1 }}
alternatives=0,1008,1337
callername=DECT-1
[611]
password={{ secret__yate__sip_extension_fritzbox_dect2 }}
alternatives=0,1008,1337
callername=DECT-2
[100]
password=test100
callername=stb 100

21
roles/ansible_pull/README.md
View file

@ -1,21 +0,0 @@
# `ansible_pull` role
A role for setting up automatic `ansible_pull` runs.
## Supported Distributions
Should work on Debian-based distributions.
## Required Arguments
- `ansible_pull__age_private_key`: The age private key to use to decrypt SOPS secrets with.
- `ansible_pull__repo_url`: The URL of the repo to run the playbook from.
- `ansible_pull__inventory`: The inventory to use.
- `ansible_pull__playbook`: The playbook to run.
- `ansible_pull__timer_on_calendar`: When to run the playbook. This is the argument to a systemd timers OnCalendar. See the systemd.time man page for reference.
## Optional Arguments
- `ansible_pull__user`: The user to run `ansible_pull` as. Defaults to `ansible_user`.
- `ansible_pull__checkout`: The branch/tag/commit to check out to run the playbook from. Defaults to `main`.
- `ansible_pull__timer_randomized_delay_sec`: The timer will be randomly delayed by a value between 0 and this. Useful to not have all timers fire at the same time, even if `ansible_pull__timer_on_calendar` is the same. Time value in seconds. Defaults to 0.

3
roles/ansible_pull/defaults/main.yaml
View file

@ -1,3 +0,0 @@
ansible_pull__user: "{{ ansible_user }}"
ansible_pull__checkout: "main"
ansible_pull__timer_randomized_delay_sec: "0"

4
roles/ansible_pull/handlers/main.yaml
View file

@ -1,4 +0,0 @@
- name: systemd daemon reload
ansible.builtin.systemd_service:
daemon_reload: true
become: true

Some files were not shown because too many files have changed in this diff Show more