diff --git a/.gitignore b/.gitignore
index e69de29..424bd26 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+.ansible/
diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..d19954a
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,226 @@
+keys:
+ - &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70
+ - &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - &admin_gpg_june 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - &admin_gpg_max 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - &admin_gpg_lilly D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - &admin_gpg_langoor 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+creation_rules:
+ - path_regex: inventories/chaosknoten/host_vars/cloud.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/keycloak.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/grafana.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/pad.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/ccchoir.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/pretalx.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/netbox.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/tickets.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/onlyoffice.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/zammad.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/chaosknoten/host_vars/ntfy.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/z9/host_vars/dooris.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - path_regex: inventories/z9/host_vars/yate.*
+ key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+ - key_groups:
+ - pgp:
+ - *admin_gpg_djerun
+ - *admin_gpg_stb
+ - *admin_gpg_jtbx
+ - *admin_gpg_yuri
+ - *admin_gpg_june
+ - *admin_gpg_haegar
+ - *admin_gpg_dario
+ - *admin_gpg_echtnurich
+ - *admin_gpg_max
+ - *admin_gpg_c6ristian
+ - *admin_gpg_lilly
+ - *admin_gpg_langoor
+stores:
+ yaml:
+ indent: 2
diff --git a/README.md b/README.md
index 6906a7f..5a3d90c 100644
--- a/README.md
+++ b/README.md
@@ -17,10 +17,15 @@ ansible-galaxy install -r requirements.yml
## Secrets
-Grundsätzlich sollten Secrets vermieden werden. (Also z.B.: Nutze SSH Keys statt Passwort.)
+Generally try to avoid secrets (e.g. use SSH keys instead of passwords).
-Da Secrets aber durchaus doch gebraucht werden, werden diese dann in diesem Repo direkt aus dem [password-store](https://git.hamburg.ccc.de/CCCHH/password-store) (meist aus einem Sub-Eintrag des `noc/` Ordners) geladen.
-Dies geschieht mit Hilfe des `community.general.passwordstore` lookup Plugins.
+Because secrets are nonetheless needed sometimes, we use [SOPS](https://github.com/getsops/sops) to securely store secrets in this repository.
+SOPS encrypts secrets according to "creation rules" which are defined in the `.sops.yaml`.
+Generally all secrets get encrypted for all GPG-keys of all members of the infrastructure team.
+Ansible then has access to the secrets with the help of the [`community.sops.sops` vars plugin](https://docs.ansible.com/ansible/latest/collections/community/sops/docsite/guide.html#working-with-encrypted-variables), which is configured in this repository.
+A local Ansible run then uses the locally available GPG-key to decrypt the secrets.
+
+For a tutorial on how to set up secrets using SOPS for a new host, see [Setting Up Secrets Using SOPS for a New Host](./docs/setting_up_secrets_using_sops_for_a_new_host.md).
## Playbook nur für einzelne Hosts ausführen
diff --git a/ansible.cfg b/ansible.cfg
index ca06548..654da28 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,6 +1,4 @@
[defaults]
inventory = ./inventories/z9/hosts.yaml
pipelining = True
-
-[passwordstore_lookup]
-backend = pass
+vars_plugins_enabled = host_group_vars,community.sops.sops
diff --git a/collections/requirements.yaml b/collections/requirements.yaml
index a24c121..cec061f 100644
--- a/collections/requirements.yaml
+++ b/collections/requirements.yaml
@@ -1,3 +1,4 @@
---
collections:
- community.general
+ - grafana.grafana.alloy
diff --git a/docs/setting_up_secrets_using_sops_for_a_new_host.md b/docs/setting_up_secrets_using_sops_for_a_new_host.md
new file mode 100644
index 0000000..c88315f
--- /dev/null
+++ b/docs/setting_up_secrets_using_sops_for_a_new_host.md
@@ -0,0 +1,20 @@
+# Setting Up Secrets Using SOPS for a New Host
+
+Because we're using the `community.sops.sops` vars plugin, the SOPS-encrypted secrets get stored in the inventory.
+
+1. Add a new creation rule for the hosts `host_vars` file in the sops config at `.sops.yaml`.
+ It should probably hold all admin keys.
+ You can use existing creation rules as a reference.
+2. Create a SOPS secrets file in the `host_vars` subdirectory of the relevant inventory.
+ The name of the file should be in the format `[HOSTNAME].sops.yaml` to get picked up by the vars plugin and to match the previously created creation rule.
+ This can be accomplished with a command similar to this:
+ ```
+ sops inventories/[chaosknoten|z9]/host_vars/[HOSTNAME].secrets.yaml
+ ```
+3. With the editor now open, add the secrets you want to store.
+ Because we're using the `community.sops.sops` vars plugin, the stored secrets will be exposed as Ansible variables.
+ Also note that SOPS only encrypts the values, not the keys.
+ When now creating entries, try to adhere to the following variable naming convention:
+ - Prefix variable names with `secret__`, if they are intended to be used in a template file or similar. (e.g. `secret__netbox_secret_key: secret_value`)
+ - Otherwise, if the variable is directly consumed by a role or similar, directly set the variable. (e.g. `netbox__db_password: secret_value`)
+4. Now that the secrets are stored, they are exposed as variables and can simply be used like any other variable.
diff --git a/inventories/chaosknoten/host_vars/ccchoir.sops.yaml b/inventories/chaosknoten/host_vars/ccchoir.sops.yaml
new file mode 100644
index 0000000..be571a4
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/ccchoir.sops.yaml
@@ -0,0 +1,221 @@
+secret__mariadb_root_password: ENC[AES256_GCM,data:bevk9PiMUAP0YBYqpVw9PLEz9ITKVRQ44Q==,iv:Qjr3pOWzcDWUpJAakrn31OCcvcaciJLgS1Zp+YZPWPA=,tag:DB1l6lsy+aHa+U+QLAM3tg==,type:str]
+secret__wordpress_db_password: ENC[AES256_GCM,data:QsvJ6NH4ySsfSsP3pWEx04vxjIph1Wk/jA==,iv:AnocV/jXawXPxQ0dLSw05b38ULQuU/RN2G21/1GpTmo=,tag:QlSCnuaQxCmJ3XO5jjX0zA==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:15:03Z"
+ mac: ENC[AES256_GCM,data:Za+XnpDu+WTMEUgZ3jnG9/4FOd/emfdiaLSGX+hfkuBSurlqFzVHpXqs4kyl96goOASevkiqCSXwk+DGGNTvSRDCoAH2jMfwUHh5mGHFwXKZFjraVnLidxyOkEg+YJ+tzJ9EHJ7MpQLYlHgGi8Xrc27n3+gpjni6+VhVYiLj4eQ=,iv:fQuTnJbsyNyphHZF6T9UF62jtA2wDrOxlPzW6XwsdNk=,tag:T8P100qKnYhNqr7oJaY6yQ==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//W+DGA83YWISVMvmWTFLul74Enc5+o9It2JqVRBB0sRyv
+ VJAF65zi5AQ6k3SIyZYNf1Dy8eR3C6PBskw7juPrMuLKXA4NVWu9mLl34gB53zoL
+ 9WnCoGLiF+1DhnkH2/YD8FoUytJn+7BhD6uthhWbYqeeOo6GDO0bKGuE0PIR4KSw
+ pHyP7+9B06IlNdWvU/2AqnaTyakFa0yHuNKVmtJ4qd7FfcXiJejuhedNaXLaPRg8
+ Z+dY6nt4F6rG4y9shUcTCR1rGDxgqB7aaZjm0vy5mCsefSisw/ptnASKqaz6ZXyJ
+ QQtI42wmzgw5zC6vXt+zixtEdyB/MmBaWbJkLsRIpu1frswI4inHy5GW/wJTyG7Z
+ C82Xih2R0kMbNV45lMrvDz+hBt1R7YBe2J30TavXBOEvXO5VfhOtFZDhYA0wdw0+
+ ykUWVvT6Wpai17m9CbVgjwK+RIDLAuRDQhX4+SDKPLoLycpswAUteYDovk3x5zjc
+ GdbyDo3iKfqpzO+sa8LpHQeL93A3TdYsq111Dbq/itM3EluTcMKE84A2J5zBOJ9p
+ nduMtPeS1Yqz/G66TF5BivI09duP2ayf49DsF/zrF0m9bWsvWPfWM2Rvrf5c7D6K
+ zldVilFNM8YAJOmbXJjW1kXzqgs7SjrQblp3fhxYgHx5w89K/VcyoC1sBo3XvwXS
+ XgFpgPJrG7xHbVwB8bJrG8cPsI74/FxZBtj/P64/Pjj8rT0hXYnzI56W371ihHJ/
+ Mnp8hTjGZrbzun/daNr7ejkxdD+1qBRqqT/WNzv/XcTDdUlYdok5qVkeBtE/S9M=
+ =aVMO
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAhhWtMl0Qhvctd2RjezkWE7albF7svgAJUoA4QFgPtjqy
+ IYhM/GDo1pL9gSydk1axJQPGsn2Z88QgYBuhkZBgLA9SiREgUwPKCsKvZ70bxzRS
+ hSLS7rykOmPFIobY3JjKnYCNFx1/6U/R6XdgzuHhr8Um8Cf5WWyYHmB5EuMm8Djv
+ AZJqChoE7KAFycuGWJGZxN039/rMzxdjPnaFlOmTpOPiyofICWLjA/6Y15EcxuJJ
+ ESsUEs1JXIdTGVZWC8UqGf75b0fQ2jxki1duil2nhr7N2mNYyrns/VGbfCq0113M
+ 5X1e2iNq8lyjBfErdq90cG/QqGXe4sxtUwnRDIKaWbr0RhY9mBBjBLvOjDQ3d8Yo
+ PqyznHESPESwatIfFSt5qYQQN5MVwmbQ82OSDdkX0b59ouSq1cigWvCoPQ7x5sIa
+ UJc6ehFljDoYGx9mXzLv803Li9kToHH3lWXCmaDII+huvWFqrR07pD2gC0cEKSZt
+ ttBjJuWyfqHdWPaqEyJ6EZF6Bpf3Zsm+UDDb1S7aA4cjSIPOlqt0RoiMv1QSlnJP
+ JMg0QkEEWx9HHzcIPQbtCDyk3NxO1hPGlVLUSLYruTjB826LhxDDCfbfmBAdNsXo
+ +Qod3e1StlGGubpWbtP6PIcYKBs/XDvtPsxjiazkUalc8SbBUPipHuwohCuiAFXS
+ XgEZrSWbUdOCTQK2UoU57uTDjQKNytVbuxlTGNZ3Tn02Rkdutj4Qh/cK5vJlJ1pc
+ ckfsnDLIpRM03i82WMilXeWg/dhVzJgbn+WvUElC5kmWAHGgZhk96LO1ImQyS80=
+ =FJKu
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ/+JHFiiwiZeW2wfe+6d7jDKtVyAoJiHB3FN2X8q6S1fsgj
+ 17EzxQjyVTojsPSTe5Zap0sqc/h4O38jhpUpW5aS/c38KLscv366y3Au+hWHGodm
+ 6OMlQBFKAB0x6uC7RqDnDKrT3p5mk/gKGIMZ2s6R2vayo/rZeHF52kQovkSDe/wE
+ 6BtscMXYioarFwGb2dq9x2w6sdfQO8MPaDV+jhBOrLZWGXAB0g9H+f3Eh2fonfg5
+ 3sHQRSoeYvVMSOFlLectJwP4iLQmgfEqBO35d/+ixD7M1gVt6PqOa4zt8NQPmEHB
+ 5OfSrmeeakoXPyfClcfqpXuJP8jwzEtTmqEOySVwOKa4RboheyNG8ZTAU5gUcCgk
+ 0iC4foeLdYXzghtHLsB0dt1XBBtpPMTwRUjmK9zj7J9aE4mPV+2ya70czvjgPQv7
+ cGM3oGS4g9jpn/HHBmGrQltAyLITbwnr+Oa2fjjSNxLN5aYoDDHO1nS/AaogFSQz
+ 0dV44+qaBLpqPZebTKVe9xi2ifttgUzBMBwVwnj+byctdKTzwHDoO1csLnJvcRvu
+ ESbJURybe2vWuLIfydE9fjpv54mpDNbbQPFFsklX5qmlC8u4GELCO2/ckrR43a/R
+ b4yxxxZbMCjS+Pgmr5/SVDrgp+8JP4wv6lA74hNuLf+UY4Q7m59sROQyMTNdWuPS
+ XgHt1PC5OPzV0DZgJOsFgRUhW+W4On76XR8M9/fxmuV4ixGlcpci0xxrn45cc2br
+ DbRloABWVghOplhH1cw4MnlJ6CJOjvNhaHPSsAkyVezBtSjq8PhOeiUA/mzN2Ok=
+ =ZLtE
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/9FqwSd/IuaNnWlVL0MgM1edU/tXNo6IrvCpeNLCJOaS+7
+ RvQIOsKUX7eaTCG6wUxvXPuzCgQ8bu8kpJ5fl2ntiOerj8GiAqfPWMc7zoNP2w3y
+ yWJ8yslGjqSw9rNjdsk5b88k16ohLdElS9A/fFrKwtB94gpLHbLXa98Nt+IB0O5L
+ Hmad8fbhCdICxEz0KQVIgC1WHBUyJ9BGoKJpwfjlx7aKBHXGkDweutZCuF9ZGYks
+ PmS/6EVY/ubXB3Qd5KpFPg9k7RQh8QraZZnASJIRJTZJxoiiB9gf86pXP26RUnhS
+ 2vthDrVtABarp/cfS8lEA05SX9nNnKJ/qMU7l+kBaV9oiU4dfSNWG3SwSEyb9CzD
+ 2QGUnOS8Os5HMd/RIH9ZFFdoLYYntAtiKiJCx8yrC0c88OnU2A4BsGZ/oeLmwWJI
+ KqPdH/6/NHSGvUUHENFEI+cNiEPdDUvH/Ak3/wE6BMe7z5/TXPyYz6QpiBr+npQm
+ rfufJBn/hxjAIC5Hd04JViGjp8cV966iGg9AhckYN8pwCHkd4kdqrFCdm3NmKgZ8
+ /fmPYyozeLyzp7ZjerExL+BMc+hNAlMhis4v7NH3WWA8t0yvZ1VTGfBObsYHyV/e
+ 9QyYbWI4tqOMfhLOyv4KPDdL2X99gsL/OsT8u5cTVK1/20asm9XxuWDzVum+a1bS
+ XgEIa9iie/rP1dAILcMQQesATCBdxWTjyCADTIYhliK7WX/aQUuKil8RyLLJnznh
+ kfFiCI+FNRlAGGYLztzSsDgpkbe11g/zczDaS3m0+7Jxw1JWZtp/gQW96qO9XnA=
+ =yGeq
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAhYuNoHxnDoR3vYcXNS2t0aWAKFatN7yeBNugZ7rfqiYw
+ i/XO28FpFbyjlt53vshZwUrdz9qsG6mVdQ57D3aXXtEMP1yxH3FwmKmsQHQGM7VQ
+ 0l4BT4uruLjE3clae+RU0cHcukKSuR4hEOqdUPcQDOWSV8tnboxtjsV34tkRbIZc
+ VJvLT8fM0tUWtzt0n7Paz9OHelKUtQ7eKlz2sWO+I49qCsZaE7dJ8WNRWonFu1ip
+ =w/sh
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+NGGeGx82rYFDpMgxOWJpenco6LVzC6gjeHwThOynt6se
+ 8AKQ38a4YhjUrAUudMr4kCVYRGqSEmWdHJPRG6pxET3sUNqNMLyvlBifxD/4VAi6
+ o8oNEaiVHMLBEK+zuIJ8l57RdFc/CKmBCGX6PC017ndshU9lAsVbZQt9xk4PkR+C
+ hBIKmRpZWe8CJBnTzZvG/PCHUU+fXDzUy89f0SOgUdtoNBUSHQcg0FrPvzh0BqNk
+ zkenQ4EgvkZ8eF0qXlGTmwZNfwD6KBB4qaHBNAZYUGU1CvtJ7FtrlmtpLmowF4l/
+ cE0K6HwbG4CADh9iBblSqMzpE8Iuk9kEn3IH/9E5Uggb1qtjmqtkQpCjl8M5LTHl
+ eoz2bvY0bAcQ6GZx3Nak5nosGYL2JHRQdewZd9lcnXoNzOCpV2ZwHiSjG7WVBKtV
+ iHcsPLOH7NNkLAtF56WyV9Z8n/mI4rISYRs142uezAz41cJEO73xzjUiAu1tjVZd
+ iNvplAqT01PPGLOI6ZqwT0cZQZkjl9qX1cMv1bSjBC01Y8t8iBwTxOFzv0gGLqw4
+ NjQjpPjWKSSAejYIdy5jY3XhQVkl3miPcC93MtOLR9GE6gwoAQCrJ0WqEh2pjt85
+ nFl8OYfA7UeFfO/C2XIeW7d/wU5Ec24gm4APqzw6rsAMLf91O71uJnrJ3uWkrmjS
+ XgGL7lFqTqFDpCASmTzNBspf9a3e/1kk+87DOzQG9YO4TsetYMWqJhsAzKRgg3U0
+ nVR3y2D48Y5ypVvbsQbFdz8ZI8H/1aQK62+YBjRGB2EOqHkK3+Uig8T0IyaVAow=
+ =4H45
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//W8i1bv4vXKxoegHrLH/HxHyDm7SJ2QNzcnTyNBMo3Z+u
+ sTce3jIwFvi6I4HCnHtGMf7bp7U4ORYN8yxeuLbvjTGD2v1Dmda2A1NPdRnjoy6Y
+ tLsjsz/FbT/3zea/OkdwZgeNTN4p+AQD9nd5oyAhN6XXcFmZwJ1IQegQtDADFDwY
+ zOSN9nH6cR1MWjy1ptZFYugAA3U/1WtFNq57G34+jMtszT2FUDHhDZz91PrkezlH
+ ZL4cPLejiaOS8Vm97D7kDsxo2yDTCtoypcaS330ANq1l03yrjjPjSoW9j+Hvhpzk
+ 6I86vU+AVNBLtvPSYybo58En1HvI+7TlAz6Gq+UMup2wWE1kkEDAVwmzd6kyyq/z
+ Kr8Pd/iCHs0hoc1kx7xCXQ76qJFoSAHE+eqkmGJLxUolZ1XmsbZeYBcKSwslbMKB
+ 8JHEnFjQtGbaXVf0RGjh7z4fzhYvehcN2NHBVt2/VG16xrjeUv/3xifvbnWrAa9L
+ xTIn126kWvX6mQjyEVRkZO5Ud/jVMcsW7sko2I74zhEtz27BBE/3Ms5WK7ZTVKiI
+ cWMnVn+NOB7sY9xn02fqe0oLXdBW0cnMjCLyWpdclq3odNJw5eKbaCUYm+Z7WG8p
+ DQOcPQ6ejXk7EW22VNFhedmUYJWMpDZImkbUOAo8XAN5KAVLy9D+Zu63eY5QjtzS
+ XgFBG6m9scVN7SYPyWxGZ8M7qKNqCezXmOSOWJpsYex4nFSIuIDr7LSw3bs0tp64
+ q6qvOlISvBPjoAmv4638iG5F3zronJde01ZmcYx2l9kYSRcxdr9fyUNaeWsz1aE=
+ =MW8k
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ/+M5ftMfxnz01rDri5YMAKBpUAgUHBdnWrjaVWqGIS7aZh
+ UXXqlCVRXzNfIt37Z23LiyINJGZ1y/6ES+4n0RYAli2XJWlR5vMzbN2Obh743IoZ
+ 9bApYKGXf0pnRdC2kNGFK+PC89aWHWpjVSsahBhVcYbi9G8WYFlYw/ZVrlh636OH
+ vahqWefuJStCKL6DA3sAYJzzDck8F06o1pEzmvTkGmAlJfZZ/Otam9BSQFmcegl8
+ tIqwi+EVuu35/yo0QqSMCA/QmvEGKi7rsk2OJMllyEHCe8Rtu9JHsUsnzDXCCPeV
+ UT7s8jMM0rduuEoIhgDkiEHNgbIbQ6f3/gdf4f7s0aC7NnoUHoVI3pKSbZeQhGzo
+ /pOSFsaqxlclxwu8uxIcyF/ReFf7u+sAM0AUVWdBKi0l9zeucJf7TmokY8oh3K1J
+ XX7XIuyMwvo/hrA23GTrYVk3ulzedawOlDh3ZvtNfiJH42IsNcsOMRwFDjwH8xSI
+ dYEcVrH/jhL1/a9AzY8lu3VCml/Xhs6Hwqr5urYcBNBC3PoufPoi6c79xO9lcxxl
+ iIWPEdANLdZO+lCKl0aR/mMZOojInBKplGFvqaedFYDoHr1ng2yYBeeGAbHiGf7/
+ qLervOigfGCWjc2sgyrTT1jcvcA0AuuNPiBnZmfEsiOgyiG5CWMK0y7F1Cm2cRTS
+ XgGHEBJNMoj7IbxHk3Gc++GDAschbcwsBUNbyUjhQ7THx5OmpyaMl+rUZZNEhURk
+ g3YvkqQvpP6Op8D5R1u7OHLR3/Y1T7eg+gSj+jrwAx+uj2P8PXfpuceTjPqTgQU=
+ =nBBt
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pARAAqlrh/OWyGSIJmcsjLgeF0mN0EcHYW/Tp/XWu9dtTB35i
+ ecGcS7n3UtDrOFTH0a2OufYPCf1gxsZN1XSFnwG6B2P3WCX/FDLyxk54d9ULUb5a
+ c2knQSY4mgsr9p7xIMm5q49TqWYZiJG7WnADyjkhWLb2nHiifGZ/eKS58v8Ekhik
+ rNWh+Lu6gAHh77SNMxrjKT59rQ7XZPJh47pRBdxwAUnpyvBD5QgcQVuUA6w2ohGA
+ hgNU6ep9Q7ZxJuG+EBzmn/5cJCGvdP75vxcLXB8H/qlUHew9339UY1qXFg2cEnXE
+ 4M5uQ4bUzJqQ41LrbjD4fk4hgiANVVd8rypprmHBB9ztjH/ap74guHJRnd/qs0CM
+ c/Pi7s61JEZrgRzv3zOBjuQ3CSr4w+8wdF/POknoRQWuwf9nC8gyiY6L8ROESHjH
+ v79tLHXTfPn7HZZ8Bl6YjTp01gaNGJ19lNj22X3G2G0J8tlzTCPBkgKuxi7E7JaD
+ rWFF6k/sclN1+pGPn8dfVeMAXfUdPorXZbn+fUU0o1mw2XkE9zsa9Tv6FHMkNS3j
+ +t1naeJ+NHcKF+aiFNkNo1ZfTgeni5iIxvZ7MmlS3ujj4EKZsQtXJBQthPaW9waO
+ 0H3aI/GttEA6pwgnuvPucfbabjuMNFJtIjeRwnyWzJHRSScE1/MkNZk/J/VUph3S
+ XgFwtKchdOvNI0UzFDrRF0QBaEkJynjtUtZzsAhYjNHjBiqtoFO9ud++OqzIBR96
+ lZn+sq9rTxIl3yxazoid+Ls7A/4eP6YyA4ZX72apW4/cJOSDYJ2Z2Qb+YtmWX74=
+ =8lTB
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAL7jChaBJQI2tZj4oNVqZkqNh/CwrURAsgkodnDRRM0Uw
+ YJbD170ufhkPt7g7Fk9kym94HZHxKsMyTIBLhbOWz5rQr2ZXbSmBOuUdOG2mwqhw
+ 0l4BZmmNp2oSl2P0/ROLw/vONilGvz/2jMQyCFDXN9IJDya8yZiXTrnEmK2vSM0/
+ DYtdYUg1A1wCq/n7bJJCUDWPYSnymP8b5dafTwqWjGwbA+lveg9MDNSRUI9QbG6d
+ =pja7
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAS6WN1p3uJaTwEDUFyHIvXIOhVzrS01NBXZAARIT/URMw
+ 9co0e4F2EliREPIOPlrdTkIutWzk4Hthmu0NtDk58oAkpJOFCayTcQJGDuIDLvZs
+ 0lgBruPX+8fTD83IUDCmABmrKpQW80TgpWd6HhSRVq595mobaJ4S+TY39zUvr509
+ Zrmg6DmlUrEr/FYdff3gj94Rm6wDyBkI0fm/GLXL23Il7uKVrC5WQsNZ
+ =vzES
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:03Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//Y4Fc0reFodqz/P5dKD2RsHsKu1kC3Q0KVdGxzAe9AG6M
+ c26glnYir256VUOonlP5q9gsIvAc+RDNMoFF0WwKO1HGLPmeiB5gK8DTm2U2Hz9/
+ g4xG86+5BCyR0eFkx/sEqlVnhRsnfSkPqq6L+/mJir0DQ15W8SR7fbvn7XsXKQC+
+ jKI/spzZ0CvkLtbqvqMBp00ZTQ+yU1f93hTbvipLPLLR1fBSOnJpe+f832xAwH6U
+ W0eLvxzdvdSyALDVT+1xPNH0/Ew/j5E/U6s5k44IQXl2EKQXdwBiSWk8m8Ii6Gj3
+ 0XqJj8qiJlajl16auYOdXa6jNzZac7+JAgthc4obznNQsrD8j0XSolzYybPd+4EV
+ LCW19LF49hqEOsPi3UsigDjcpaiTxx+VdLVwsboquEwwfN+9PFl/iHG5tJRRZjNh
+ 4q/im5owY8br5Ef6HtU1dWDB/PNHP4lKzWuyGXS4E4YcdenU6cx3HmwKHTTdNlpx
+ TuH3EYVHTCmTOsJ+5wXSiZa9lTsWXX+kAbxFoIFkWaoi+dtg1NNKzmkfwARPVbi2
+ pu4s5rJEGHwta43Ao0gUMUEGyqTItZ0V6gyFn5Ey7ivzvtM0RDjzigsPhbFzCQWX
+ kUbefqCxu9iQR1LFBxWdM4iPC0xPN2oK4hnRFa3rzyLxybyrhlre/tsMIsS+4lzS
+ XgGYpNwV4QTYw+YOcxHszqg5OngM/aB8aZIOELsO2HkzRJh49a3Uv75TClv/a7GC
+ DVVqRbIs7ACxDw+SBp97Rbl2J9k6UAdGJOQ9e3cgxr7JxacCfd3KAJAukco8sQc=
+ =aWRa
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/chaosknoten.yaml b/inventories/chaosknoten/host_vars/chaosknoten.yaml
new file mode 100644
index 0000000..1c8fa93
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/chaosknoten.yaml
@@ -0,0 +1,6 @@
+# Used in deploy_hypervisor playbook.
+hypervisor__template_vm_config:
+ - name: STORAGE
+ value: nvme0
+ - name: BRIDGE
+ value: vmbr4
diff --git a/inventories/chaosknoten/host_vars/cloud.sops.yaml b/inventories/chaosknoten/host_vars/cloud.sops.yaml
new file mode 100644
index 0000000..3c53a9b
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/cloud.sops.yaml
@@ -0,0 +1,222 @@
+nextcloud__admin_password: ENC[AES256_GCM,data:R+6uuaDeQWSgtV1Cp7YWZvF8LYOIhoz1K7WVKerm67NLbLRpD9191DyQH13v7ZQPvIce3JzyrWqoyQigJQIQqA==,iv:chVGvTY1Ge4OwrVbFkU5IMd0aac5HqslddQEdY8F4Es=,tag:slmFXStGVf6eJdPFplqKjg==,type:str]
+nextcloud__postgres_password: ENC[AES256_GCM,data:GIWhmhiDkOC6mQAqNe8aKQ2TpTTYQJ44jn+P1hnpAxstAWLUTJZdxE2DHdjhZ9tV6kyTb/GXANn1UtgFzxczbw==,iv:lhJAZF4mJ09jVa5DxtVTfMe5FqfjpQojrI15kYuXI6o=,tag:LvzpBXbBQtNvEnCDNphUqA==,type:str]
+secret__nextcloud_smtp_password: ENC[AES256_GCM,data:9UI+hMDQqM6Ui02fpdscXj5Q+XfN3t/g1MUX4blqd/egoLBtq8R6YpdK8wf6heqXUck6VVDgDLFnpfQzy0cqzg==,iv:dkTN/pj0YhLqEw6Sp252bKmnA1RaF9wfoDE7naGN8Ao=,tag:1Bg/ZoCITh7S9Ps617DKTg==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:15:59Z"
+ mac: ENC[AES256_GCM,data:iJcBQZ2Mpa83/bR1BcTPh5PGrsjtyQjtAwr0y/bjOXrpMjoCiE8nHl2vdfZIxGYU+v40nkgYhXS6wCIlBZgO/QgvXwVT3Qm42i4GSx93N+jV8j+iB0a1kPJ/yHAPHD0zvWF6qlNSAeFWPbifLMXHLjijZDud5LxdW2KfJ00JCuA=,iv:BTUVSDYfKJI18GZhiUC/pJ+Gbuzfk3GrJadlOapw5qk=,tag:f15zFqye7O+L1lTp0Z/8jg==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//W/vD5coVwidijwr0/l91HBYRjtbUX+D81pJ3pOa56weA
+ 0/breqUaSOUtClLfTN1wIrYHDVmLHuTOYqn3z05k0jyGjEbP9tI1Iej7Jfxn+aWh
+ 4DgDl84KO6Lpe1kV4y+bxzt9OSi95h1vSEjoV+xbQiDOhV1ZKCCiezdrTTGry1Wf
+ fMpNrkQpb7um3FYopMFhHKew3WSugDuSKU7T3JlL8kMDwoeOI9GyfEXjpBY7oyKL
+ Zs0qFqaO9PZG/c91O0lUgTfMSgiwhIgUPQEAD5P0FhyRCmm613kayGHM0QuYXjsD
+ 2NmU2WapWrrirjzUTzlXFwj1VOA5WjlqVNaHKrFqtvUDvhTP52OwgEKD1P1UkCh3
+ BChOr4T/CoXS0AcBlQGYuBlaY55XnFAcC4T3WYkcDWM7AZ/HxPFarCgpYsXGSPsg
+ WlPFccAsQ8XA/BvhuAwCvL/aipmM3h0WcBXh82rjkzIPdDcxlrECn3zRABbSuVSc
+ ULEFdzOXV9pd5LGySkbF5DcNw00+bX2g2/sgRB/ly0iQIqVta4oNOBRs6REV/e+D
+ IeEmP+E6YMc7NKz7mCSbK0p7RBtcePCXZ9uwIql/sMz+K61kxvwDXpqHQ8A5EUQu
+ EGNIhgVfSbBIkqR31x0cW4/c8NKiElUx8NRmcn5lYxdy33jl+H5jK0Ttb2pr7cXS
+ XAGJ250qZzyDFe7LmSoORJ1zoLUUIwPvWy02mcRhIlHik/FJ8/dawL3HFbdEzMOe
+ /Og1ON2961e+m5AD+sFUXV+MDHe9s+eQDzQSIGbJhzGVvo2hfMn5mKFdtUCz
+ =t2Ii
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAoJJ7x/CsgQ9AU2sI3pCuKW9wUm4+EDDqiT9CG5WtJA7k
+ lj6oqEXmSe7QY7AxniKZLEsePMWSBBDYNcieUQaf0eZpuxwytDgav9LqzkwhZUGc
+ qhJV5Wvf+MdFCNmPa3TUuV59N1d1jXZPvWLgknOBM7lZexvqc5Lr+pd0c0qWrh4h
+ WDx+oS6yFW3qFvH+98iDxzJ2y+xvjBDvXGSqiZEgcJMyFllmpB45EcUIi7E2gs6r
+ vAeNsWEEYfO7Yt/brphNq8Ns2okvD78oZbh9dNagy1oT3huWbaN7LcJPoPJ8qL8w
+ tWAymwE7xkOTWW0gY0+MQJC1NNnDmIGOCxNGuFUpku4xLjOXMUEoBHdvGKqM2b5V
+ Yj95fnz8bf2FvH44Z+7PYBUOICHZBTC7EzExfSY7fEu7SnxYIjxMW2ufE6xo3upv
+ RFSALpv7Cg7G+PBjLyh5l/xHmXhObdbHbFC7EJXrfVYvfj1F96n/+DWbuXvCOm6s
+ C3Cf+296tEfO9Jsh244XP7cN4z5CvJ0N5movSXZ7oEZ2YJL/P/ieJ1f32QrmyrbI
+ CUuPlcCycE4CWWV7yvsmyf98RQVYXMXL73MBw0EJSWRATlC4/bcGIrVnbuni/oJ1
+ 8YNlqOejqzAzMMZ5f1DEstXb7wP3bXCao2r8uWyPLwsnJTeDKgtkw85wueIKp2zS
+ XAGl6tLDdlOVzbhKFL+E+1VG6GYOdBNPFYQ4yqaiOzm5zPmnyOd+FLKzq7jvXZ9B
+ ke67IgBNK5xNpAOnHauSawozf5VewJSLM9SyV9Geohz9W2ihSiS/vnSjQk65
+ =A1pm
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ/+Ptdb4Hx7Uh2mH5h8TlOUjQW6UWxwpuOn4QHIrf5ck7tT
+ OrwEjNztauvMuzYJxSxGdVRSsKD4t/tTs0xLcTChGX1X0W+ZTjjpRjUwfyFYMLOp
+ SRdnyOBkZsmgvgt7xqvwwssJwOIbHTrJ5kp99gXggQsS4M/HAtpLRuHMOGzazgmB
+ 4H8vM1uA/NeOUjL1g6U14GwKofRgUbdLrkA2i6O3Tn6uVrpvC9heVhU2wiSF6qL1
+ No6DPheN1PvL+kV0h2DMxrMXcFNl3NjlUCE3vT90OyeykMuq8OQAfpBR+1vBOihP
+ jIH3t+kDXIhQnXvXQU8xm34bXO6Eo+c+/9CZXhVvAWRfFlOWrwR2/JzmtMMMaEEd
+ T6UjfAVlMJMWyX2kqXzpGVCijA2AqhQAFtC3JWmuovOiLKy589jYx4DOQ3h+VMMB
+ ggdZrx/hUGvkg3KpuCQoBYYs97SsOcF6vImPfQ8MApzW1GdT5tay6kFOgDauw+fu
+ yoW79sAvRN6IEd1yTBDhmL2Wd+Mr0oE1a1BWcdta3mbrKUCLvDf7LZrZLTvqLJQK
+ WzFiCOYYbSZgh+KYXzw/FSURNT5ZQqF2bUeSkR1rEbPPoFcgwFToYxKbWPvCp7ah
+ 1MUA9v7GcnmYxHS7yDhe1HOsdTM/Vpdme/2LFha/QawP0Cr6eLa/uc0KTgXxbl7S
+ XAFqDjqgejL0O5R5QrY9HHQAMcpAPfzaptRuwt2tv+V3cT0K4vJKYzsdi34qDnfJ
+ 2jHbXsjRxRsc4am7rA5xcB7r3lAHv11rkDU6oxiNu634eOoFIar94ef8VBQ9
+ =bQFe
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/9ESOx/yVKVHFnCpC4nD2r4sYAo/x7ayDJKHie5sIfaf2a
+ ebRnIAezWlCEWqJ7FVU3QUZupsry/u+SsFnJg3Kv+TE51O2ITQenLdSBD2dUG2/Y
+ M2qqVUzXsEQOXr7QymYX41AThRouj+Da1+gKZ8BWIaPU3khesjLjEu4qmuJeh4jY
+ VE1F/2QB+WFY/lw/+WHpiD2xDkrdI81J0pF73pCepwDfBNmtZttURzn4xO6t9Ey/
+ Q89laIxHjl4oGUrGJkUonwzwRYaQN979SQWjVl+DdYN17tWnMChhlweorHh4fM5f
+ qDEOyGlYFH2kzupzyhwCIHK/4OaJNt8uQbB0I3h8P1qj1Zl23sTGP40KxrvD2nNW
+ 4KMPanP1yFRSe0zM/4L6HliAMu0VHUMWmH9qD0fwRXPV5fdIWxctaMQZnrVwAqGz
+ s/DJy3VQfFP/bxO50ir1wFj2HUPjFTWs7eqzum4v58Amef35S+YuMWBcum10m2r6
+ kGapqwHQPgxCWzAttIB5tDetW6jBBs4hAc1nyliFLJITDiZ0+p/mWUNqc0pQPn7g
+ DFPCB27aWlCj8pGObVPZRHo7ks6dX9E5oy4YGFzCmDvZrSK/cqmWAtU6lsWgFYRu
+ fJ8G0NY6t9rsluN/Cw1dplIJGnHvzJihPYKuZCkxRF2pzm4ESYzwZc7JrAmAZFjS
+ XAEs5H6b1OzbdhaN48NVsB9/tonkzmFmAz6/E7loI0KQL8Vc87eTWdHc9Kc6VBQg
+ 7/OGSvCKW5PjdWP68Y1tFB+1lthakH19JyWapGhYCaVj8PlymMB0ffktfjQk
+ =2M+z
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAbe6biWCSneXlUMVbeWc4r57SEHDltmlWRXulJZ6wXhQw
+ AjEdgA6AxqwJoXBTd8KD5GSchMmpXXRVpTAE2gvjwVObudvZERba9wMuxcsAdmDe
+ 0lwBC8GonXrMNb9BpesML66avCPVcjwKOPED6K82ZXn7+XdMruGQsUmQnFNcPnWp
+ iAqehB1RrDXtXIF99yGUddKlFgChVJUcOjkSD/RDSkMyjlwtyJuS26qoFF7ZFA==
+ =8dgo
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/8D7YIg9os9dNTzsq6RfEiEQH1XPvMMucaI3g/G3cuO5Qm
+ 5MBHNXVjwYtrQrulZMY+7MIUIy9xHYjtNNZi9VIAk0TWdCJ9XL5Zy7v/x1s+pIAI
+ 9kqeGI4Uu5yp/2W2mTr3q4qKZU8gJqEnJdlWIYETbqdgAOTcIlrMaMB11AS7rC4b
+ KF9vpOcOAK/yHbQATjvbd+vjJm5+wZ67hDNWmPvgh4gqctidPKKaLIuL06wDBZR9
+ EbDSXXfKoLCYJGzYoTMNnwAu+flD+9ZZyDsox0/0wN+QJjS6czY0up9TCbWW8fyR
+ dhRaX5ZGiihndspveM9v9Pj9b542Dz2QC2oD8YG4ZZ007jy8d/+mf35YtwMjZwup
+ N7C3zEOWJa+2CUvHYMkSpxYiQbocbnKJoABO70KoCXaPKanrttRBJ913owhIr07O
+ 7qVLrJqNhMbEZCd12HSFltOuGTdZ2H0NHtypFeFQqdR2BkAt8lL+rR/+4xGq3HON
+ +AQbHdvnAUFsgs9I/9bEGvzmmdrxUKYCXO+lxG1u3AJ4vPtCnwPevUYoe/BiTtZB
+ lGCCY+1eVZT0+7YeGGWPzy24hMBMh+T2POHM8rm6+vdxi+cepoki2QrpQkGP+AQ5
+ hVk9IJ+TPTBKVX2wTKMVQe+0G/zGV5FLXlCEN843Ygm/G1j+jS2g46grKIhU9yvS
+ XAG3VoGnsNY2KiH6yCbA3U1e7rrh6tdscFmu8OTpfx5/sJ+4GDax6vUYHPURJPBc
+ Ta+H2n1Ih9QdIkPNSv0r5fHYEGSnRRQ9X9eCY9FbvWQgVQuEY6+0Sb69yBV7
+ =yRWg
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoARAAwDoWy5YkItmh2pkAvzccoc5tAOulhV5N7gA3t4wczXaD
+ QMR/o0CZRqX6gZjaWcmjT33AbDlbdzcY/KJXuFvag7kS8QyDAWI86U7Rrun7NoPl
+ EwmEjmLyagiXmSa1VJKv6iYKuoF2T1Q2NQO2ZlGi1OQJbPEnpYuDyaldk4Tin26e
+ ZG3Z50jbUBUnXE7yl++oIiP30yD0vkoWD33fQBZe8/wTURDStuFkBFSTAV4Mfc0k
+ dDFsHZm+eWGBgbtBm2MJR+E15b+OwpsIwmRDF8lirsWo7LBz4MAeGB+bMoXzmAvG
+ 9lPlH9t887slDMD9QOFZ+on8pBf0zlpx9+MqBBb3HhdOFGVo/tqdjkp4zhu48Er3
+ bvD2UOMNKNpBnxvh+Wh40DU1vBsDdeuaATAfLl3adliBg8FIGY5brzlsyDQ8Ebwv
+ PZ8R4kSzkSG1cdbLM8qpb1D7roSPClM3uikPEL8WXFvvwcc3EjqsmXl9D4sw8X3b
+ dzrjVZSZgH4jA9KJtKgwyEqlbyYdizHilnXbx5VlaZJIDMvL/nVJF+Ue0qYuAmcb
+ ACbsnHkp0B1CNZnBibuHaIy+T6UNQ1QV18xuCznccC3a7VCASWDnLLf8Ag3yUCFK
+ eOMjMCRfWLpybjPT+2yI14Xf7rFNchnHG7kIMx6XIaMA3cHN7dgQyoouJxg+3z3S
+ XAGogGEGYQm/sJ3ENi/N7D34S5MAHfwBPa9cS8PmE33q9jRdUPwIs+TbnNcklZTK
+ JxFZEU+VZWpt/oxYBG60gM7fZsCE/RZhGXeqV21+pAS56kRi0aEyuq0Imsua
+ =p6Jh
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//dJdmLs3R0IXVm6HcBvH5Um2VjDfZ+HOgl6je3NxcgMOn
+ ognp2CyUYYeR5GpPm1CydaNVlkKGVjUv0BlH9Rdh/pey5QjC85AMQpNumW0nBawS
+ XuGXB3pF53k8pQ9NRRBNmS61vC62eBV6DN6CLKUhmC6SHA/54kFrWQNI/6fnQx51
+ QyCssR33opVibfi8rz61SYQpAJKrFEM98KQRB1aHntLEhwWcYR3yKv4H83iKhuyU
+ 9O2JSn6ps7s5HFld/KnQkoVRKDZ+BvHbQAG95FSzjrwd2Ec0Q4EJlVRJrJFq6pHx
+ kMmpQebZRd4hbkEYAU9XR6fnnjXDg+RdIrPjDfxrXsH40IOlZBivgkD5ACIkTYI2
+ /bvq8K7F1SfDjgkeuuyr9y3QtXIxwUgDTo1cwu2wwfYsD20euST34Mv7DMTGwlY/
+ NUQ+LfDUgXemgWNiBXkn+bu7pFhE7PnyDr4yoTg5ZD2eUobBB6g+2gSaZLKQNe6h
+ zzZD584MQ5zz8ivyZXXAkpe73pV6bTTH5F76deXK6czt0rkrb60O9ELosAK40Ogt
+ oL0x4LFMgPanQdtzs8bEldZu7JNAf7zxrWNoey7zW6xC6mvyVLPw8+eMNS8UQt1P
+ rpEAInl6nX27x7agk5AAUDda6FOJdr6cmTLgPXnw2NxHSjG83moIGpDik4BZczDS
+ XAF8KRueOsSUOnN/0OWHwyWwIEjpkPPKCmqZ8itJjap3pDkJ7YhshRVe6nAWnDII
+ Z9bY10K6Dxev2dDYH3/ihxPPbFNSWtqeJvmyVOZXCHST3sG5DXpuTxiQ7JV4
+ =pl4Z
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//dFqd5fLpXxk/0mr9drVZy8Ih682PBGcAFme9bdYz4Ou4
+ 1uVP1WTmP7Jq9aV/SFq57JCZIEQCKbdAnMtyST/7OrSnYkYymCKRqEP9dP92K4tm
+ 9BJrVDu6FMdstBMBNNNBb04VPPgVLQjzyQw/zJnyniI5VEB9Z1MZy4b/J/zygWxG
+ nWPy4XBZeI3IhJNOm5zud/+pXj4o7jgQfHdUSMbD/pylc+2H0/23mbtHLuUT0d5v
+ nZIaua1yoCW7MWbB6tXQ8Y0O30F0wNX4ckCED4CSloZa/joApv+tivyQrxNLG5eo
+ P+KoQIB6YSG4K48j2J2WHd7yNsN1ZSevYQpdwj1MZAwnAKFvmwc6uX1oX36i9NlE
+ uAjDMMPyoEFFGAGHCR86atfeZp1LM6ot2WkaBq7SdpTeJIqO6oNJHGo9ehpn608G
+ M+Ebp4HSxMkedJQvpdKxzkuf5Y3e6dQ5YdSiC6eQC2ar0tsCMwmHfSXUE37c8zwz
+ W2oxnrANtnUGBxvV3b5QcQkUXcISW4OnoQsnDW+b6vqL7zfy8sWznsHcfdWVYknJ
+ 5OTV8oF5vzRrh1TsJvwp0Y5yDJPpV9yFjIkcwlNyCe8JGtRq2xmT2sdJ9oL4aSVO
+ yJwcdw8uFhCzyQTZR10knGbhLubDiBbwaNOAktXCMZ3bidERvcvcqbLUAMKKk5XS
+ XAE6JMUlnNaa68eQcwlph+ANQiL1WR1NTbBdwZcDdnjjxCwl0eNOliCBUn8X9p2x
+ UYVlfQMLBAOy9VthwmMe3MweDAwmeWhCL9v67D8KV2chCbYxhyOFL64ysBoA
+ =TSc1
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdArglWecS38+Bksx2+b6X4mXopM/CyOe9ogHcdSTONUlww
+ SPZNAyMDJknUOZNVhsZT8FyjpCQyECYQ27RZy+1JOmNRa0Fzlhi1HzyB2jdvy4J8
+ 0lwBOs3Hnmlh144XMitJh/RQmcAfE+gyvBVc4+ZFJgYhxiMdEZB0PlXgRVPtKOcX
+ YaO+cT58XRpJAnHAzvlZYMGXzZWTGtErJO+yQVJ1h6cjyi4Q3G1DtBxyx47vgA==
+ =qQ/l
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAeKRRJ7Fng1MXOeaUFcbPRsH45ivTIZmb84ByrvJKOT4w
+ G+8aUOX3WJ4YigTlsTc0wsbDWUmqkOBae+lMr+HjAVwzueEsKnvNVnFJ82CWk9pf
+ 0lYBAP9tPmC3ngDE48WUHkkPreAwUUqsLzSDoQVz8lPp2y1qXjK9at1g9GR2tQYp
+ ykjo7lLRQpmtyTteIyCzil/fRLNtAnBvtgINNKAomK5SpSH8yc8HLw==
+ =CZXl
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:05Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//aewr+lACFStf8lUjaodueZqLXSz0ex4UC6lyClmzuLkP
+ J0XWjiUKGs2ZWAwhKegEEM+O88RLFP4MvSaoRYIoDBbc/nLrOrPxbJVgOjCkKWMO
+ HKIXeKyFcnuDJUEXMjqIbX0NbhoyJec77Ne/u7LvUYiik+j28Vx28nGhUebP9N8n
+ gR4UWMaSeLqk84q/kiioV7hsX0hz6p+AFMvH9zGks7+FgF2Uqyfwrya9TnCjojbQ
+ OPtDdZc6d3s56TdtfcMaIkvYvam/xoEOfFnviz44wplTqiogGVqbZW08zliY/lap
+ XdhWZkYQv8rVxwVLZlZoxLtQpWZ/jRUY8jnu5LfEmCeJwIQMvUUDbvnDZClodMRo
+ xSFb/f9kwEkYHNrIZd5qLRw38GkQ2kNnVNDn4LKICBlsEKUi6roZIghEW7bllKKL
+ 6MHjc7ddIIYZRZs4S3djs8/jFpGmTvA2xtvCKCz8IvuhFzR0wnjGtIL96yHfYc6d
+ qLuJjLYTZPEFcgQc14z4Omvf69Ft2TtWPu/JhTqKNz1E55fu0snrjK43QFf3AMon
+ /mSBp6+JC+Y24wuljXjSt1PeCWyEKiHK3gnkkZGixlxRdWtl2fV0eCqgdM/j/VQ3
+ 4AB2ugyxj5JxnocWKMIFuUy8SxODnzyVE3A/7QgYjsIgPLg6RWtDOHCo/BLFBn3S
+ XAElm5jYXaasE5lt9yat3tPO5tQ9nnnuTOGou09KVta39uMwCBSQfuAlzWtLaHPv
+ h2dbbXEB6Sq3UNaxQCfI/ZWF534OIV/MocS1RlYFkuQMWNPKaDmGdyjtVnji
+ =N1/u
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml
index 7212842..0aaf92e 100644
--- a/inventories/chaosknoten/host_vars/cloud.yaml
+++ b/inventories/chaosknoten/host_vars/cloud.yaml
@@ -1,11 +1,9 @@
-nextcloud__version: 30
-nextcloud__postgres_version: 15.9
+nextcloud__version: 31
+nextcloud__postgres_version: 15.13
nextcloud__fqdn: cloud.hamburg.ccc.de
nextcloud__data_dir: /data/nextcloud
-nextcloud__admin_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/admin', create=false, missing='error') }}"
nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}"
nextcloud__use_custom_new_user_skeleton: true
nextcloud__custom_new_user_skeleton_directory: "resources/chaosknoten/cloud/nextcloud/new_user_skeleton_directory/"
-nextcloud__postgres_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/DB_PASSWORD', create=false, missing='error') }}"
nextcloud__proxy_protocol_reverse_proxy_ip: 172.31.17.140
nextcloud__certbot_acme_account_email_address: le-admin@hamburg.ccc.de
diff --git a/inventories/chaosknoten/host_vars/eh22-netbox.yaml b/inventories/chaosknoten/host_vars/eh22-netbox.yaml
deleted file mode 100644
index 56ba344..0000000
--- a/inventories/chaosknoten/host_vars/eh22-netbox.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-netbox__version: "v4.1.7"
-netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}"
-netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2') }}"
-netbox__custom_pipeline_oidc_group_and_role_mapping: true
-
-nginx__version_spec: ""
-nginx__configurations:
- - name: netbox.eh22.easterhegg.eu
- content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf') }}"
-
-certbot__version_spec: ""
-certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
-certbot__certificate_domains:
- - "netbox.eh22.easterhegg.eu"
-certbot__new_cert_commands:
- - "systemctl reload nginx.service"
diff --git a/inventories/chaosknoten/host_vars/grafana.sops.yaml b/inventories/chaosknoten/host_vars/grafana.sops.yaml
new file mode 100644
index 0000000..d9675a2
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/grafana.sops.yaml
@@ -0,0 +1,231 @@
+secret__grafana_keycloak_secret: ENC[AES256_GCM,data:85OEAwuWnYW4NgObAmYey+2kGRML2iH8FuDlIZsHyOQ=,iv:Akdk7Iopx6nIOAFXqa7ROnH25vhoe4uopzEcHjWKWo8=,tag:Lgm8H9fWA+/PCjp+SHoO7g==,type:str]
+secret__grafana_gf_security_admin_password: ENC[AES256_GCM,data:Ct3YH/5FqUA+a7Z7YlpZ8aMvUM43blRG,iv:ePwTeX+7H9p0isvi6Bu0VG5egIOqTopmIiUhYoGCmR4=,tag:SLy3totIMtbED7XxmblasQ==,type:str]
+secret__prometheus_pve_exporter_pve_password: ENC[AES256_GCM,data:dJanRGfkNwZw7oaxxwpjpbV7m3Zl/MzA91Y54WrLXxHWDRHBX5Fe1soWgysN3uI5s+rtIWWfpCux/rSggFh0gQ==,iv:6gFk3IHxGkWcoeZTpS+iReBR5uMModHp2qLZp7aG4Tk=,tag:V55iwRKmS50E2lNS7lmCoA==,type:str]
+secret__alertmanager_telegram_bot_token: ENC[AES256_GCM,data:DhMeo4UHoYu17aVx2sRtQ2v2MFuwD/vHB0xsOf7QWio35ZAcwzGHab+VOzREbg==,iv:DhrCAfMoUt2Zk8imaVA8xC0UAJhXpyqNNwqP5th5ldA=,tag:BbCDqenw+yT4ADpIgZ5row==,type:str]
+secret__loki_chaos: ENC[AES256_GCM,data:km9l2LYuyvitMQOSinAyUnnF2AePE3fcW1E1k5fF,iv:gu2FB+R3/UIsa8qivpQE6AVaOug7/Q4JO3S7nhubsww=,tag:4JaG9ZHPbyzFIdzCnYN+qQ==,type:str]
+secret__loki_chaos_basic_auth: ENC[AES256_GCM,data:9HS1Jq1LqTmshFKdUDk96Y0apSC3xhSqOAWv3G1E3djDvl3QPA==,iv:oYgoIDqV3lGsHDfivgMRh7HQ0tFZhRO9OZSOuD8Yoxo=,tag:wkFgxC9EFbm/wHIHqELv0w==,type:str]
+secret__metrics_chaos: ENC[AES256_GCM,data:GDLtKMuExpedDFWLew68JMbdaxy1aEep2j4/XkOD,iv:2sbdjEp1GY6rMq0BMw3Sfjyci3Zfm7fFkU8wUFy3IDQ=,tag:yEarnC4wJvFnB8i7tJ30kQ==,type:str]
+secret__metrics_chaos_basic_auth: ENC[AES256_GCM,data:eT39ijCsheJZP3D335EIRdeVR4nSX7APw9e4iQ40NtXz8EEfGg==,iv:+OxDeTOF8PLxSFT5ZKkUwWYZfuBgv5YUJSGWsURL2kk=,tag:0nIroxvAjTG0vB/lwq09LA==,type:str]
+secret__metrics_fux: ENC[AES256_GCM,data:aV6zeZ/XsVlA3QepSfVd/cOr+tqFVhlAxRO9SHx7,iv:fxo0o9amrh5ivPTxRVkvymB3fr5dLFVE7EqIpBlNZBk=,tag:41dm29mrV/jmqj5IkuNAaw==,type:str]
+secret__metrics_fux_basic_auth: ENC[AES256_GCM,data:YL+QLzZyyObzDcz+FcefViMrvdkVSwRhDsBx/AwoDX3RLHCDjg==,iv:GADdMa7FHMM1FnyPp8DUHElpXsJeqD+gN5Slw0R9bgs=,tag:KGCoEud2JLU5s1gurrbywg==,type:str]
+secret__ntfy_token: ENC[AES256_GCM,data:0tuPJVmxHcdDWOMIo0QQXgIEkJo+p9A5emH+kc+U5tw=,iv:NZcfiz3UFw2fMcMf+q1GRp4Fsxpxbptsx9n8wPR54z0=,tag:SJYFtXccCbPrXjECiKUOUA==,type:str]
+secret__alert_manager_email_password: ENC[AES256_GCM,data:AsBzn9KJEoMjcrUWiIhR7I/1jaaFEa+cl3gImOQVKrg=,iv:mtQnZqT0taap3+z/L/nMfUvQF3JlTKIdoljmzVr1R3c=,tag:mZrCB597p8LyB61I7ZvHNA==,type:str]
+sops:
+ lastmodified: "2025-06-10T19:17:41Z"
+ mac: ENC[AES256_GCM,data:8GGZFGSRXAaLoWUowbxd3RVv7NPMVsbkDttDxC1Aeuwjy6678ddioHTiOWn04noWSPXhVnnpaTHWNW9dT5EcbLHvTl9Vb/ydKq5EnjDi3vAI2hQZ5bJ29rwSIW2YBMwpceqh+2GqDuzebhOKxJ0ZFYsPzbfTGPt8blqOQ1abVR0=,iv:aDbIiH7H72jsBRe0rSDXHMQy6zc1QFrI6ZakJj8zxZ4=,tag:+ARO2ST+1I9gOB/f9V/OjQ==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//eid3k6mqnYu0Y/JnAaWyOqx8TJHln2gaUAwSM25+Anj7
+ 033qx+X8M2M9aDCKAKo72ej2Y4ELZ5JcDCRtTYt85I92q8CxmKOPq3Iv5WCBPXfP
+ ggIMhIs61z0m+ZH9pk488knHHuAhPpCMg7ziyNQJb8HOqjDBJe0gRlQTuZ4BDbIL
+ +AoQ4BHplgYESmcSiQsJFcOmh+BzKMrdhHMKlDY92iRKArpYfPmj5YBsAUCb/sVy
+ qzmW10PBvpifPDiJhtM4LdZmsfC4F8eOEGR1p8JldgENgRw4zH78B4kPe1W4rXAY
+ WCcBllDTtxl9AB8dVp9EHQrFJ0Kw3ch/GkM4a5SdXCddleqNk+PNbakhQwLaoEs6
+ jJeEGFMACz7oDD+zMdv4txodO3O1RuClCDx/sgGCxJXZJ6j0SgjQHG8csrdFPPXS
+ DN3Bmn7SFMFlCT5hbkSdcc4J+zkxwgT7mlwqLGXS0TqAK/DDY28/PUUW5VeOwa5z
+ uLkrNmmLfrjQrXwonlcnYvIvRAO+KHlTR/MHFfekuzp/wOyCE90O91YXDn68mfdh
+ 0Jo3PT5kDrRfAPt58wfcYwCnwJ8YewUYAH6Pw8AvDjqUSA6en01j6FS32jVv3k7t
+ Ip8M1Q0VtmvkEcJp/WN0ZnRcoLb0ijaxmKyQ3PvymkWRlGAQBut4E0ivyW4ECRXS
+ XgF63/ao1eiQ8LJdT923wCgJTIvlE+EyLyxBMAERwe5Kl8J1qDVJ4EdP3bsonrM0
+ pr8YZYPGdyEFAgcquXkQEDyynkArRdPVya5Hj9vvNOHGZ+09M948FnlO3euYm0g=
+ =U/D/
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ//QBDriv4RmHkgw06HwoF2WIbRsVaqPtCQU/rATulq9hfz
+ KJGMPjuzMkOx7dI7aNgRMtQS0CbnkjXMJMxRa/YcI4e080FFTeo3rsx43ya5y0kP
+ 7X8i5wNWnJHs6yFj+d+mQA29//1z0vZliH2xc9DKOq0xWWdYvBbvInqeEsKkEr/U
+ JXY/kfm7DlCSg5OMqJXX3FNH5qKAlHTGupVzI8cvGXvUbIt3hMBppfhQ7c+DIi9B
+ jD2eJh7MgAS3em6qIR7rjBzTdwlvIbc4W+wcoEPfjkW8Vg+EYo+AOV9w0gkwDMhp
+ zV1+zWLFHOsjk15XFbJCVfSxajraZ2jBNRHfzA/MvupQY/OF7WtLkf2+CCABo1y+
+ HEnk8sruDojFFxhPeG8eiR3SgZ92qv0nhSDtJ0u11t0yP5afNiJEJc9OrLEXcESK
+ dUIIWir96s8mdqTztC/nag4PviDZgX4U9VWiotxrqJsTwYv79lJcNJVY0bGU1GzN
+ 4NBhM24x430I03e4E3aSpfNKodJ/wfH72VZeg5a8EVjUrXM1U/LSn+6FrHbhFoOd
+ 9vTIWiJA4G0lb10SEZllB/kerDGLZmUCe7VVhQ7uJzAPjpgLSAr4KhCXMnU9Q4An
+ BlGyW8On5c+mOvUI5Bqrzl3w9nB5mkNQ+yfDDw3weh1YC2RigArbnIvrDEqukCrS
+ XgHXPOrY8Tx8NM/iDjP/X81JRKCIQ4LVqlQbx3+uMOzMBW7kZiUBtvMBhktMicZM
+ LS37Yv7taWohciOU20d1/KqJELp2FeyTDjrGQfI/L/52zBhsed7OkW3LSEkz3kY=
+ =A2+M
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAA0LeyqUZFETqujsOj5OEWx4qXnBW9jhio/TK2wn1x/E2p
+ b8bOT8OH/cxrJv3O3L6LlAbumM5NqpRQYgHcrOlRsslUK2N2UszunHReVgmRqzpE
+ 0iqIkeWl+lgaqn/2NLIXArQEnP7vH6Q6GWI9GkNdZgmrRE1qDef3pcc/ZOZMcVtY
+ eRGGhBxsEfGamqAGk/UFRZ6VexJil/5ywDkLvw5JeT5Ltq7Ru4H2Mf/K3Wwm5VT3
+ 11A/241AVUODhLZ0uS3bRIJN0mO8utW4fiI7GVHtogKFKKxKiEFkZgWXAxkYVF3J
+ i2yw4hPqYqbiQndHX8T7whz1TXA3bSADuly+wAcXXSjDcbm+71iN6UgnL3WVUhYZ
+ QUxucoyWBmTPtf0z3OSTJNSWwr5wnjcUNNAEbDWUfV6vyI6Q2gdcoQwlFve6AkyO
+ j/7PQYjaU3T6LtQINIoppLiMaBSSLjjTB/sPbNROOrhTg0xym4JSTlOru8NkioxE
+ T7k1ut48l6PjXwiSBIHZQ2Ry60diXi8xxWUggBOrHdnEMEE/HGrOCgZ6pZnugNVx
+ MhpSkEcnwQzxMfUUtOW0HyR9hZWBi0zh2sqU/DbE0UL4K/6mZu85CtS76nWzVEKj
+ 8GYubDUqhMYuz815fpXRvfoPD3xk98O9sZ4yRIUisETd0nvvyZc/rXE0teLiQsfS
+ XgGuoEcu0cAVTH1aemx45le0ixitfa7blLUxe0AsSi0+N67S20+Uoxa3tlGHf5qr
+ lD4aNYvDdbI85qShxEm2m+YGA6OmKIdDBfMLbX4Z4NRgKJybLpd6eUD30WAzoO0=
+ =1x2k
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//TLM/EyYupC1ttGiaPDdy3bJYvSAfdkx9UvpkFuGF/rBR
+ zcvBxLJ5JFxwXiR9blkt8oFX97GmtIIhNogBbaOalh49b1GPCGOawOPkvh6prJMo
+ QqFMq/YfzvBnFT0c6wL34eXPzaFSkopd5pUaXT134GvZjaziMR0sL0BjgsajlXEr
+ R9+wjZ/6scsU0ZdjxseAlj+pWZhP1g8cAPITwtKl5wuJRu2Z2e6qMXRwDDVDaZwh
+ tDLiH0FFYsenPTFEESUszw6seF3pWoHB79PBt9w1YGYFSo80Jye43jZ3SQ9BKAqI
+ xnfBXQ1Wzow83/UMtHrSdHOKKlzmHlCSPQTp9Kn4FvMaijgUs3oNiG6AZx38j6XU
+ QhPdFcL9ZSL3ZsIJooJ9ili62NC1B904l4NscUQs8Lz1Di7G0ibj1hwX+mPjZ7Jo
+ JGZtFoUmFo/jVrYoyrEIu9LWzUQsflYusRLv7nYAweePaFHGNSluY039D2CyAvg6
+ vTCIdx3vvnQcpSw0dnD4PQeCMuN9iXNEdmx3t0mcuzgaxMutB+xveLcbHKUEeSjj
+ EDDVWPql21pZoPiMYgTZrBLrK0bNwOJKtaHHntRuxlo0wV8SQF8U9L5gZqC9ZDAv
+ xXxKM24Dqt7zckNZ75Dlz/a8HQK5lMlwVeSxSiNY/36WSswX0pvK1qFXjer6yAfS
+ XgE/QffPmf10emV1bTBLSi9vDKBI0cdzxNuKuPCRlo1kmOuEA/aW80lI7g8s11da
+ Dq1Gx51uXqFKrG0vJRzB2BL4S0z1MtEcDFSke11xq5poXGM4PmfQpPBI9Pa5DGk=
+ =i+Gk
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAZS15HxhhjITM350cWmBsvc++kA9dP79oqoFTYS0w4Vsw
+ 4rMm91OlSZrXzsIHKG+1bPKtgB3hak8vX+RDS0zld98RorHSf9P4WEBUahy/xEli
+ 0l4B2seAT8SJfk5uqC+3M8i7KKUnDXi4S83HNyy28btN2kwaDKpOmaVelQeFRHYV
+ AUyzLb61JOnXzF77Y1FdDdqbxcZvUmfEjBVYwQ0uVY30x50RobV898hVmH2Gal6j
+ =TrnN
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ//QsXWu0Q4LXXUGfPoGghMzJBZYxJkn1bASs7cDX1mGRyX
+ ujxpdovJkMSK8lEQ7LqTcEvjmGEttCBLDpYL5hVOI5k5tvpGh8bIV8NtZUJK+eXO
+ tHT/A+sbhMtRqGhlXqmL7dkY930NaKAeFsBqbcvG/p1uK8zLX3b7To6n27R+u6HD
+ iikUGaljRDknqKEWxdK8L79UW3hmz6qLynLIR9V7bDHbXXRZD3CmkscOcfNUC5jp
+ q0t54YzOHN1BQ2+cg230hvd07/Iu/Ko+K9JW/YmwKG7d2oB1Plitm+oYY4GaRgmb
+ VvEavkXPBTxVB4H7DyO2ghWFs6bA7trGf6cfcQKML2k2XygsQftDdoKvWWVJVmXi
+ R7ceqCFyVzXO4Hd/XcpWmwhv5lNRD2MEbIOKWdQ0JVnzqKJygb5cb3uZriTP9B4M
+ eKT/z4nVUEWssjJXQAMeHG5+pSRkT3JlizQHuHg9jU6/68N56kSVMhUyXSwvYbCk
+ 40x4p8bCL18YpA1wUbo6VtrydikPKgdx3TF+Ce2+kQs3E5ltSBL1OVykzX/mugFa
+ KUf1i2CbEB5bb9GRftagbCbVJp6d5GmF9CiCSF7vPV1hdct2Y7+3ag2IxgQS9zeK
+ o9heXRgWeoobYDztiXkLHXiqI9I2VFHtZ69zlA8mXI93xv/pBZUrQjTfmcxNDr3S
+ XgGDCDFBG22ZEVdUWOmKG999R+krXS0w00ITpO00Qmi0Ay1ZN2QAPLQS/5niB+L4
+ cdFK00jr8VllL+qjmYl3YG87ZWOGDE6lHvIGqHNBZH4FPYNlzgKySj/5BZlN3eU=
+ =hLuU
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ/+PdWzTSem7Us/zW2xtPnxdkMPmGmTg1qfSogJzC0B7Ia2
+ 4QiTaFeMNS3XCpbuMMrcZbmHasBlVDXWwysz2vE+OPudplrjT9kClW/6cwXTYL4G
+ 5K4fCY/XQ89Av+pfURTBbkrPr+2911KiH5D+Lpcl1ra92FlH9S1MEbPEgXLgZLjT
+ oRZVHoc98lDPnumvrz6kLxMPiHwCdAy08sgj6fICeZnMWjU+mgZrJOW1KbFDd9KZ
+ yOs+6hw5IozLkqvhd3Q0gfgHZ+O0d87zH5IIzwyKMjQVYC6+T8SBikGbk0jStlzt
+ qkR/PAJg+OgFuwd4lOWcJ+iBI8EP90nqhryCmwFpmFJWBAx3HiAdqE9+vwvy2Syv
+ 9+P2B9AXYM7bUB0Eb8AFhGONhTh5K7qzeq7zExOjr8GKS/QAL/0FAldi8sM32K1f
+ 67qRb2VaX0NKZwOvl/I7aCjrTfBB/6ZZLWVplnIkq/qVHNfjIVwa92flJ/7Noa+o
+ 7TNeh2ySR92K4K4DGdC4TrcxkcCISM7tb9GL8xH3vVS/Ms67IOu46Uea7EnGJkqL
+ 1zkdoiIzVq3oMhhUFIMATYPemuCnfxOiNlyZR5WgR+rD7OhagR5tM+YXAI2MHcbC
+ 5jLcRHFZ+xIkTZWccoD9pulySRCgQZ9y5sFIvOl+OuTI0rziArdqL9MOYQ0XYwXS
+ XgHewmTVljGvj4P0oa2PqRbcGWft1ms1QjioTQ9MhSk7F2AWuB4HE/hPlN/eY2ou
+ m0o2NvaiZaq9BXG8GrVkwP5hn4IrDe3OEo9WeCar760dvBB1Z+q2R4F1FyzgesM=
+ =xc3J
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//bgiphdnwjxuJGZJle0CsS7H5hSQBlqJw79+WXrKyfeEM
+ NXxKX0tIY0QoIhbh9mXyKEJKr0oOyqO+iLYlLrqgEr2OmLWDbp4+bWl0Ixcw+drF
+ uq8orbkvkbbxLLcVIBZfwX4foFCMINr2bNnTFb68yTZXpRp6+JN0wy6zzG7d5l12
+ wKKIfh93DVb3jrxaeEZz02EzLt8py9NWfniLABbIHWZSennOmnepiqCFuqG4Wyw4
+ QuyRCn7vOnO8fQNxCVyp+OLjg+7d8u67LcrU/lYTrZLYEr1VEl0mmitIuY7M9LHw
+ +qEMZePfrk0/8CshXmqKq7HiDM266HWAHq3VaAQr0HOk08DZLgzeb41wWDyQoQtr
+ dEOOuyx96SyOVaHxlttqWE9BHoX2CQEM2jUfvhoG1Ov2scXXB516Gzg9H4YYuDMM
+ ei7qG/CdO1g+7YSS6gBtz+T0+caolAD1/1LGcvv8/lkAQeoNfcNKupOR4rIiHQEy
+ H1wS7CnB/KbQY88ZkVHG02EgjxAGvHinfDa1Tv5CmjRZH2Yy6zBuYsPZQGmrH0M7
+ n7ZSPUi/BGKCJbAs+mkdYimDpmuNh29e3i7NHwCX8+odRhghM4S3ab1sPy5pdTi+
+ z3MVM/8uUJ1GSu33EXB5Zy973Pn6Ufjr9QOw+JpjetscSz4WHf1vSAe5b9eG7XfS
+ XgFmyjzLypsn1bVj0fo8FLq+flHe2h405I3hf8Olz0If5k/UCIlgRCU52Z8kGXqW
+ QJAJerSBi1/chXZg5aKqO9ofVu0MPbhiNRXxMHni4Cm80xDBwWOy4xC8WwiKrOs=
+ =czBf
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//eZ4t+Jz7ITuSVmYRGE8jNeP9RCMR2NkML3aEbWNvOjF4
+ jVhL4WvOjDHhWIBmSSgkyZFhkV/CPiRjZt8LN9bf4ueRcY/yNr03vz/cidlfNZAS
+ PRS8QZ7UvdjrprLSvTmNJTFB74AS9eelnDXc4bQlnytStlfpsXaOzA1WmQ5w0J89
+ 8Ri5Ek5BmZaVnoYRgKrV+AwWJNwlzmBrq/lHfoncHULfRwJ1La01zEy0vJArHnJk
+ ePW/5G3+84pRkJzDXCIG67EbLFwF7dWqNIlZlUkFCJ0qZsHVo/eVg1NX2iLRPp26
+ F0t2ehznDGh77PHWCJCcIYm1pIEVqD9tYsseXrc1Qz2NAjT7EDulYSdBp+kN2WFk
+ w1iFvGK9Mzc/aWBpDJYdEhe4UGEKMSMYKeqcTJf7v2cX0LE9z1JTsXctOQnByZN1
+ AsdbcR42xniz8B8vvbDzhpmfBX2xR3gC6DyEkmAieOecsJ/6jdwJAZBT/ea/t4QO
+ YBTZB5UzgjwbfXJNm4TUWYqeAl0BaSiiZo01a5Dzlo6MyGFjB5VnYRJm0PmTRwDI
+ w6UFrc0tXIMPLddWcN7UxH7kbi8e0rPHCbJDk4aN+IagM0D0d0fyAxxYy4aaJ/dD
+ 9dpUgYALoVWUNWDooKiPQoUTPujRw0Z//HCpxvmpIdUHrvPePo2vASMZz2D1uwrS
+ XgGpKromtn4QrWSgc5PIhe1CVDJSD+LzU2cUD8wKAw1X1ytL5mtqlgvZzTpwh0ph
+ 4NtYx85rHmrn5whiGgpxgtwr6o24xeim6ZhRjwbLWvYzLgh3wYNiCXzcUX7Id8E=
+ =DOLh
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdABoDixsNCXVm7j0QyJty/LyG72v0WoIfxCkVQRP2uxUsw
+ R80k8Q226rURPAZGs3D/CnRaYSNINUyD4ngthAtOPVoAA1Ri+ftOScfnVremy7QC
+ 0l4B9DKnWfvmwJY2mnEBFRHf+SM/LpP67mlSVlPuLMFxXbfrxANfM+9RBNRk9FQN
+ WOej+WCdXOiJxlcAG3HVovIIdVpHMmPpT+YbfFzuY5rV93mbNEUI3bxsdiWEJnxS
+ =l7zU
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAhDhJSPNVIKftCaEQI29AU0eiU9Bwmm/F/gVl/Pm+zEAw
+ HZKLksOb75mMeWElV4oIqXd1YXOfkSbOwuEBurgztLD9d4YWagjmUpckoWJBBvwu
+ 0lgBjlkvxjf1d9xjEWTUw1rzjIlDRL4f2GJl2NuHoHJ4zbnJCUDe/UC5B1UXin+t
+ JmpvPy+/RJdXl7Hn2GZXC6XoO/GopbiADfLJ+Bm6j7myt2fPW7JtvIG9
+ =qwle
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:07Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ/7B5Ya6hX3Zplxrhyhh45QbRLGVYPGZlaTSwVPpGhLrKNR
+ KYfpz5gs8ONGO4H11pkmde05T8ClRgHUlIuGH0o9NyGCxAKaCnbOiqcwDijmsMTT
+ uoW0SmtV9uNVbJsDgXLiESZPLPYOi2hRX5XqZrMPorUZtaEgZiE1n+kFVqQJA4he
+ 67wpCFXvrtE5nVG7oDO/dTyBJ6WOdtTodesfIchlMxwIcfTzJiIJb6UPsJZ2ojfK
+ EcIYfy7YsYpfwc4tNmkqM9sGbpiIiJ2YhriHzftdMlW5dd+22ltYXXiFDrjTJg21
+ d9ZoBE/IWU9IwJAjWDDOHweHU0AjXef3Z1Kd38TfGrhEDmnUAYApQXjTmCgX6x/c
+ Yur9qwB8JY9ixfxc9MYpnyj/hcChKAGfKDKnRt5fOsPa2/6N+JtuSuZ57jVgMLf2
+ /DBPha7TMyvctQjFfL/ZUjgghhxt/XzKI1NvIxZtclQv5zlh2Dkxn1J6keAWd9C+
+ qiiymf5lqIyz3vo61q0fzs9gwnQU3peQlAQCyufsK3lJ6Zjxi5K7lqo8kQcdL9TV
+ P5Bg5lYhXf5heqtLdxN6qB6PHBQ9IcZu+SRadXymugITs4rnMlOiwGSSGicl16RO
+ v1jtj06e50DETj8Uwd/7RCtuRTGooDamt6oC6/yKfNAcmpGTqDBWws23CRnNHoXS
+ XgFAmqUJYjWHVxyqdsNcEdtNQl8IWUOtzmvh4rCoNssYPZlGt+8X102zOHu5UkHT
+ 1+F1WPXFTZKbE6D5S5HKuYnNs9r8SSEWyjUY19DxhHsLtC5xbsehz8oEyBBhJ00=
+ =a1U3
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/inventories/chaosknoten/host_vars/grafana.yaml b/inventories/chaosknoten/host_vars/grafana.yaml
index 87cd328..1ca6b1b 100644
--- a/inventories/chaosknoten/host_vars/grafana.yaml
+++ b/inventories/chaosknoten/host_vars/grafana.yaml
@@ -12,15 +12,128 @@ docker_compose__configuration_files:
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml') }}"
- name: alertmanager_alert_templates.tmpl
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl') }}"
+ - name: loki.yaml
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/loki.yaml') }}"
+ - name: ntfy-alertmanager-ccchh-critical
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2') }}"
+ - name: ntfy-alertmanager-ccchh
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2') }}"
+ - name: ntfy-alertmanager-fux-critical
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2') }}"
+ - name: ntfy-alertmanager-fux
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2') }}"
certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains:
- "grafana.hamburg.ccc.de"
+ - "loki.hamburg.ccc.de"
+ - "metrics.hamburg.ccc.de"
+
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
+nginx__deploy_redirect_conf: false
+nginx__deploy_htpasswds: true
+nginx__htpasswds:
+ - name: loki
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/nginx/loki.htpasswd.j2') }}"
+ - name: metrics
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2') }}"
nginx__configurations:
+ - name: redirectv6
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/redirect.conf') }}"
- name: grafana.hamburg.ccc.de
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf') }}"
+ - name: loki.hamburg.ccc.de
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf') }}"
+ - name: metrics.hamburg.ccc.de
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf') }}"
+
+
+alloy_config: |
+ prometheus.remote_write "default" {
+ endpoint {
+ url = "https://metrics.hamburg.ccc.de/api/v1/write"
+ basic_auth {
+ username = "chaos"
+ password = "{{ secret__metrics_chaos }}"
+ }
+ }
+ }
+ loki.write "default" {
+ endpoint {
+ url = "https://loki.hamburg.ccc.de/loki/api/v1/push"
+ basic_auth {
+ username = "chaos"
+ password = "{{ secret__loki_chaos }}"
+ }
+ }
+ }
+
+ loki.relabel "journal" {
+ forward_to = []
+
+ rule {
+ source_labels = ["__journal__systemd_unit"]
+ target_label = "systemd_unit"
+ }
+ rule {
+ source_labels = ["__journal__hostname"]
+ target_label = "instance"
+ }
+ rule {
+ source_labels = ["__journal__transport"]
+ target_label = "systemd_transport"
+ }
+ rule {
+ source_labels = ["__journal_syslog_identifier"]
+ target_label = "syslog_identifier"
+ }
+ rule {
+ source_labels = ["__journal_priority_keyword"]
+ target_label = "level"
+ }
+ rule {
+ source_labels = ["__journal__hostname"]
+ target_label = "host"
+ regex = "([^:]+)"
+ replacement = "${1}.hamburg.ccc.de"
+ action = "replace"
+ }
+ }
+
+ loki.source.journal "read_journal" {
+ forward_to = [loki.write.default.receiver]
+ relabel_rules = loki.relabel.journal.rules
+ format_as_json = true
+ labels = {component = "loki.source.journal", org = "ccchh"}
+ }
+
+ logging {
+ level = "info"
+ }
+ prometheus.exporter.unix "local_system" {
+ enable_collectors = ["systemd"]
+ }
+
+ prometheus.relabel "default" {
+ forward_to = [prometheus.remote_write.default.receiver]
+ rule {
+ target_label = "org"
+ replacement = "ccchh"
+ }
+ rule {
+ source_labels = ["instance"]
+ target_label = "host"
+ regex = "([^:]+)"
+ replacement = "${1}.hamburg.ccc.de"
+ action = "replace"
+ }
+ }
+
+ prometheus.scrape "scrape_metrics" {
+ targets = prometheus.exporter.unix.local_system.targets
+ forward_to = [prometheus.relabel.default.receiver]
+ }
diff --git a/inventories/chaosknoten/host_vars/keycloak.sops.yaml b/inventories/chaosknoten/host_vars/keycloak.sops.yaml
new file mode 100644
index 0000000..1436f8a
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/keycloak.sops.yaml
@@ -0,0 +1,225 @@
+secret__keycloak_admin_password: ENC[AES256_GCM,data:U6vt0UHHgz85sO+X1YucL9CIr00LtTaeyGUFZ4bVFarsg7y6gTtb+fCuYKCgsJmNDP9jek8Ny+A5WPkMkWR/pA==,iv:qq2H9nF6/1pUBhJG8dFmfRdxk9HSaIOoTdu3uu5xJDw=,tag:rpEuf7JSQ0092R1aPOojKw==,type:str]
+secret__keycloak_db_password: ENC[AES256_GCM,data:IDmQUjQh/QB1xdkwPKqv3ZAwdfy/lkSEdAJuF5MSPCNKfuANRmN+4rH570E3/ZApAJpLAkefh3pufiVbNF8Ssw==,iv:W3roegZU2KfeBDBBImQCCa6VqX+nUk2oh6jMhzbGcVM=,tag:0Qzu8gv5ThtAss4xJ4vf4A==,type:str]
+secret__idinvite_token_secret: ENC[AES256_GCM,data:FC9LqUf6wDijaH6JIde9u1Lc4qcqi/XZwQ==,iv:fSgbI4CXMeCKWSyVYyYT+3Af+OdhZ0wsFwNpZf3CA6s=,tag:tGe+xWyBH2VJr3yc3Vh0qw==,type:str]
+secret__idinvite_client_secret: ENC[AES256_GCM,data:ImweU1aPI0G9Lf5+TXvVmZwGhoigSJoHMLCuq6MxxP0=,iv:GSGqpMVHq31U+IYtnHnu9RuMt985y2N1PRvrlWFicg4=,tag:NKuqLcb3xPzna6t2VVuIog==,type:str]
+secret__idinvite_admin_password: ENC[AES256_GCM,data:fVb+vCHzPLvsQ44wWxfAwx5vRpoycJxBLA==,iv:Co53uRh5fG4pEVxnC6uWaXRrCLGH2Celg/XC+idiWSY=,tag:AWUn99jtuJCqXww/2dSS8g==,type:str]
+secret__id_no_reply_smtp: ENC[AES256_GCM,data:Sqc/UkQq/2F78G8LP92YrA==,iv:ObEdXhzHp5aDCWq3r7aUBhOEJ1sJ6lYiYC0pmWmwML8=,tag:1rtneYPlKS+uDzFWev6A4g==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:21:10Z"
+ mac: ENC[AES256_GCM,data:EgeLza2JhJZmuNase/63KyoVwR33eFRqxHqSSaJDlr8YHQ0Vx6OTGQJTUGzgdQiC5y/AE24Mesbg1iT1+qufeOwv4V9spW3F0Ci3GOBcKrqBZxnnuHNn6tiRe3R0eeu6PLRcat/HSWY4NFz3RvUposC5YaATP78JXgDuJg/wRoM=,iv:FnxDapA+BUfSMVBrTYb9mcSYz5cZ5Qof/PZo44UTXrA=,tag:2FH63YT8Z54G/o/n8s57yA==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ/+NIlVMdE2ErNYHjxzWeGY51w1d79/fwZYQmTKL5FXEJlT
+ 3HoMDrDH6KzhUf5Q+AOcjfdifhXi4SP1ZESqndkz3Z5tb3udo3U1sjAnLerUyHB7
+ Hs3v4snzOx5s6UzXS+sMgzWvpBBJaFMcLYD6+i6X90SQ71iBP3vXrnUSfRYxeHBt
+ LvY5cBW6S5Z/gOFbkHDnm+DsM5yEqc7rZomD5evqWaj+nD+L0z+kjqtx8E+nRG5h
+ 1zVV6ZgKPNXDpodyC0RHDNQZQNsZHulMQgTns6574CuqW5Dd1pceUjVzkAY3YTyX
+ fpAwkta4TaytArWkGFWLMcpY6ugwIFSD9hIFQYlkwXVBwnVs9JVVvLWNOqzSQijG
+ sW6JhjX6YYuXhTd9HTviCxo6Zy/8D59Mc20YFZZXF+11h2qmAwJ20R1L0F0hYKad
+ ObfqBkI1M2OmMoeECj8sj2J1BWI5f+qEIyQJKMzToKyJZnNBCUY5JTClYxJYK+gZ
+ PkxrVytHAwVfZ+b82sz7+M8dztPbvxDJWL5LFPO04dgiOjtfAW499vDJRuMXKNSm
+ kloByBdZJNhtHVx9r1xshPku9rlT4NptDmHB3ktFobYTzRcgZRGMxuS86ILN09Zv
+ MovjsHRHZM/C4tjDkfrxS5Xsu5uKAwsPpg89UIQ/MRhlydvqAf3WEQLU7FIQNV3S
+ XgFRay4OHiIMxtLSPRo8DorSgOGv/kqm/Y/7MMTaaMucEwj0bzluPi/JS0UHM+C9
+ IMhRnsPtCu6NmLlucyBMaNVd0kEQi77vmIFk7/qmXxyQCGX28IqEKKTLulnWcJs=
+ =mBgI
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAh+BrQJmB3omXdWL+G3nacI6ecm+u6A/R41HOUtqcPk6K
+ 0i8ImmWR9Q4lwZWvYk4yikTkKv3i5DoZGOj5111xLEKOadlsHSEtV8HDtPnzX99t
+ pZwRcRwo1/2mYUczXTx6TqigKE9uWkUUomOkbHt8+r/XHDJjA14l8e/h9GrXqHgt
+ B/Ny5hnesZlgPMYIAwr0Stad4NUwZ+w4LoyWvWgPOx3F4UVlSlZGHwD1VHpBxl7F
+ o7vYllTiwhx4bKSbKJ/IlPhU/i38trX7VK70JifOxTGqrfYw0mdN5s2W+QHoaQ7T
+ 6HTXkEm0g9EGoUxECFdVzes4lf2pMA4ReJe2rRuBZqHYYglS65Exu7MjSSbLkO52
+ Gvmk8SFWXSswKF1hZUfmttBZzn/TUfBtuM1LCeEalNQH5MjqYXLBJqhqH7AFMBZ+
+ E2RtAVQTTAv/YIDLKTM5/Yk6tOGTPXUK5Etg54IETWDaWjLexUcdsIl2F7oISoNH
+ IFcmsfSyxnZnJ7qAnWdmzRinUrtFLzl5Lr/RqVxyYK4ZUaS0QIv7+xEdUR3OBKiY
+ Gm9CvRUNY0bD7IO9u6fwc1lov70z4qww0656k+4Yo9YAZBI5EluoI0AVVSKKlCpJ
+ yhkbgGyz6gC7DAlYJmjCjv6/AqZS0STm4KWlKR5dvWrY7FSJiSpCVEANrv34mdLS
+ XgG+hIT/Iu/QFER71LdizXEBMgZB/E/9UBGLdd5cRBXtp4vYpQIajl2SgUU43pSu
+ c+NYQjbg6FUxY97k+QD9tlzgErW1bhW8jcZVDbYYrBa1I8arXYBArr5EmIIFRBU=
+ =BTO7
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ/+M0gcfxMf9f/pjwh9uMCQZ4DzuuLgMzC80L8V19tX7wic
+ tTXQcRWWhM/4Tpr1eK4UfrSMJuQrT71ezcKk1QFUBxeDkMT/V0+sCkBdwZUiWlne
+ ASdy3VrIEHFeAS3Qnv1/PACIcaj66FnuTcwUed7q5Ru9i/vskTaBwEfF0P+8EdvI
+ UJeuMr2LmpyYwNRgjVWcl7s8OUlT2WfDZUnSEPrigvcKMEaDNdEKt2Xa13slBfxO
+ RIs06bHotCEUwzsYa74xZXW/VJ7jrBwmJ6qB5SnX0/bv4UJuQ5oB7tIiXAYN7nx6
+ pIUlvXJB5g43Are8nUv0wp+Idx+ALikFNMZj5MliQRMsgJSezVGwJhkqL0Gp4+L7
+ /yJ4Lcyz3JrqXhmDOhea6Le1xczQzGyPt4XboBY/Wn3mLMTMzFkLGiq9hqarBwPs
+ Lei7ITY1dsj1mwiUKh/clHO51GBxyo7v0QmMjfODif2GubJb5ip9VrKF3CUZhreg
+ aaO92rJECzRSEpE9SYqGHqi35vGIGy6XJssunXCa5wwiQdxPcPTcmZc3tr3fxsN0
+ WZMW2hMOr6Ms8UrmCBNsKGSQqr68dZglcq/AouegIzcjoJ7LkLojBHMoWyW0ulA/
+ DhX7mJgp8BUR8JzVbpd18XcD3daue9ppD9BgydHJWJYM9uyvRwkiR08rkNdhRCPS
+ XgHCobH/fPa2NXqpVgbdAkzs30Sg45jv4F8RQVToGfVt0IMW1fyqRLPIyNNlhHKy
+ uqZThseG2c8KPclw9RzxmYNGzzx2evksZjOBhxFjffli5wjW87OSXK/3O4Ne6gY=
+ =0foj
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1ARAAk3LNsug4PeNaLy0/Ym12fIYG1+7vp/5pBzVitEXCKAEH
+ 1NtdtfBixigwvRkFIqNpAAWRLNp8pcqVS/Hv8EXoc2PqKm8ChDE0KwUjgZ54hIfV
+ X8SCKKMvWRBIoGRYsHYxHYvZbj2ZmqziP7bK7/paHeZ3r8kyvQtvg/p6slYY4RH1
+ z0NjYqddvL7Vty1tQNaCX7MpXP83JhoVI5UHSnyGWCLze9IMWJt99/8VH6X3WI+h
+ F0xE78ooj7fPo1pZXkJ6bnyk0oelSU22gl18riG3qOpQbET3ru98+8oycTGQKZ7Y
+ Tqd7i97yLTO9RZX0V5dQ7pG5ozSWTPwm71X5rJrJ6LCN+03uvvrOPc6zqzzsRQu6
+ 7oPMGMrZlPSS5FJl8WyjbyrhNj+Q1/t+7E43q3lPQFiskxpEI4jBO9qqGQZ2GMHp
+ Y4Fz2HeOav6SpOtDleS8JPoD225f13PVkUlcTouMG/5bN/coLOK8iPfmFRkbBuGM
+ u2VDW8GenH+HE7o5zWzOoSSjZUO6MjfM6ig+6KXfxGGHfLruW9AG+R3oUpra/CZS
+ LC5xgzEpQiZW4lw8Y84Ok91ZWeFjjFSZXqHLS+6NW9/0y6w0CSS1NyimliSYMjor
+ RZkGW9rzkzA3dkCyy0srH3Q28vLv0eRLgRC/FYolQMN7PoPU2Mnl46aLNTdlyhbS
+ XgF6eXZUZFb+rJjtXDJz3qS9GeJWIHAlwZtzf42MC690TO0+c1YeoT92M27P1CsV
+ LP9HWlEHWsFGyqN0YNvyp8bm/0xGhhjB3VbTx0yRPB2KbvZ6Bt2uZpfFoRB94UU=
+ =EK/K
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAVZpG1ilk17Ksf7kIR7ZVsUc2FuWFd9Q4n2TSO9Ob7Hww
+ tK9/DaPvDZkzncOqvqeMrnoy9gPY5EHo1CoGGEfWx6sBj3SdUS8SyqbHinqnW0Ev
+ 0l4BJ5y4mteeiKEdu/wymJC7x7PtC9ta4Ox+TJbUaq0iuqVANKClEdQ61KnSdTZH
+ JUKN73+qZwgD7sGmHqt9FM2TwyRzLSPhJpr31rqfz7/gWx4rhlcHmw8fShSTt/Nb
+ =YHt8
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+LmQxbBOBTe6VxBTB1sj5Kt0BW+2FACuYfc5k3QQOQzj6
+ dY+/Kyq/tSZwP8lYyAWf+U3dD8fY1miwqCL925DLTYTXtZzka7tpwaricI8emqjE
+ z0rSYikRpf9axxnrqKUKReZtyYc1qCIIgbz/yYm/LavfW/R/mP03fkjemEurLCrp
+ v89Z7IZy2VrOKPXQyG0isRMUcUY0lSwYHtHLOPxHVxFNw0Yq07tvvmvxZvRBGCh7
+ OG0liKNX1Sxn7c/pfi2beXU7ZXTHXoYRCn27JSXA40cDU32iqyzWKFCEDUsnRdSD
+ O+daN/PjsQgfkMMpTPHwVli0Fvj7IM7Q2HAJjpzLvHsLXKvd2ZxfwyOS0Z7KRH/K
+ 9rgn1Ow+JdiW4KPuaVvvWpQ4K3avIYKBRl/GURk0xvfnUQ2TwyX8lxZ5HKP90ymI
+ Bm1XN3Mjo8uaRNt4DDBHKfFfhaA2so4u4xMC3Qf6K3dRPGs10hL9tnm/+E0F62TP
+ 1dHzaIhx3uhl6Q3re4CB0R51g1K5s74Qjj69cBZdQfLVmEIMZGtRLpSCBieTxtQ0
+ C/kWXwPXwRVdBkWeq4Nq99rwaJFiGwZ4mKVoPoxsIPTWrypJzvun2ey0jIpQc4Ei
+ qQcEv9df0mpQ2uiLICIg1q8aIC/j1UxrcAUsyyPiGcXB+knr+/7YYrBlVTOxM93S
+ XgHBxdmaKfMkzFDHvPQXTg16FhcCkQ91d67h+3czOghbpaeB9y8kK3LxBfUbz9D0
+ pTtNlzzSvp9JKP2XAFTSdYnR9WPU1huxVLAPXuauhOjYashbPh2HYi1agOH7w4Y=
+ =KguU
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoARAAgQwiIq79yFvDp4fKKizLml7Zk2OcxZIjheUk0Mbc+NjZ
+ ikoJAZc9Sk0LjOF+m2N8v5rPC0TiwMoH2KTQV5GD3UIakFj6mjhj2Ap+l8HuusZ5
+ oQz57/2JMzBnSwOWAkRVOgOaob7hveq7FC32fQVZuMoQksBFpWOAT2UlGZNAy/TF
+ q6GTFl0XDrqno01TYxSUF1GchXuaqDJoMAxR8xwJr1S4fjTe1zDR3BrEofBoeIrL
+ PSP6VcuwBuxDhS57zDJWilh2ssNFi+cEuXQ1rBKn9Ogdsn4xUxs4rVkhDwIKvTZa
+ nPBdvPxIAzdJc9xGr2NOmFHfFIfwWdZOn2WgAfKe9fJgUUpUy4csbhKnrDFx1Drr
+ 1FXDV3kDt3nxWYDvMVUWY6Cb9ofKDPOdhTHDyXbEPygUzwGMeiM4wqql7jAKIzVA
+ ovimFFxyLN+ZbCMpWrc3e2wCtJRkKHV4jL/qh0LQbrgrP/whXwiohI8qGGHkQoL7
+ oe7i9s7cymfVLOMb3axu//V5aFrWDNjfdFBEaPiiPqijYqUMXou/OTYndPjL99Dl
+ au/xYsHaXVC9Fh2ofTAUfUva4Xl4pXLbIcTtKpGG2mO9eXZQ76PGcPhOLsLWbqtt
+ 5DbY/iVi/ZSojB5mTaSGR7m2uttRYYsP21dZ4ctm1hBWiw5YwAsasybVRRsIrXHS
+ XgFta6JdmtH66TJRMXxEspN3FiFgqH/Xwa4TDAn0LKuNY0BGmOvTMGvrBwkCRnX5
+ 8e6/Go2awGo11809rdu9ISrJtcCIXcKSfKpJ0RI0c+gq5tY4pVUkY+PqGUU1TkQ=
+ =cHyN
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ/9H4OlcOu5yxy3pRuLTi3NOOmlzZyscJ/erkZ/2AisNtRJ
+ iseRYUaUis1QUFjUggDXpHrZFoh4u7xeY3GIIKie2lmsXvLQJnvwOlaknImsUat1
+ +RrE4qU95nNcDJwCGbozmZSO0T1SGGKNPUsCN0ud22plIaPfgWyi2Ua7mt2l/ysi
+ w5JXCYZiO/EFDc1z2GA7sXNDqYCyM/LgiHUlutrxaQ7WfyDkIJQrSkHfRPxm8Uh7
+ K2FYFj4uOf/2EF7hpsUcoqtC0AZECOtkn4Qs8bFJkVcowg0RoZn43i4utXenC3l8
+ UMVPLx6YLTrueqf1eAC3n7U+nKoGaEYiZaMcsWLKGlyw2hvWJhLsYY9Mp1peNc64
+ NRD66js+L3DqnR6y2iCOka8ZExPNJRge2lq0r4ShIpSPdqd62/aQvnjNbr2fMInw
+ QJqxmr0ognQ519dmvt2QkstIu6zZueFrHpfuIdd0m3X0ig4XZ5Oi8NMqb2FjeUFY
+ q5DQSiv3UOi1YrXwxYKtalIwBZ9BeVYgh013GkEpaGVtxSOwcYu8pzdUoIphHwlK
+ o+zsUjcVZSKA2wTgOMIxxVzZnfackI7OTB5W2io9IiaFFRAS6RC3UHxwTKjZGQHu
+ WcPc2MQPP9maBBZFGKNNv15m9r+1vitL5uwqhQYvsWEiFstMV0KsIp2ASlNIKU7S
+ XgHyFg+Hht+0GucMjMrTjhbwJm9twIvQ7OEIQb9Tmh9yL6g+iMZ80PoOjlOKFBk8
+ ZSOclmYTDMzX+Em7J/Ft7BOsppxqqUuyRB3oV55snUn9cRvebjn4hMllVDJ6OCE=
+ =Wemz
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/9FkAVj5cGoRGQ8frGlq0O4Pn+Weooy2vla27lUsArfkqp
+ UrIw6C3TGc+nN75atxO37daaQVh+49afu5Qi/tFy5drgeNBMkWU9BmA0gAXCKnTI
+ EhZ3O4rUbQOxSo7H3doMgfKqJrFes65InTh5CwdUDGP6lCcczll1ebPFH5qxygg1
+ StTSP6MwzNBcX5PfNpTJFHSkVVJX/yXitZv1LdzDQ6LQeu0gInWMGqafrSDX3EvZ
+ hamEvBOr7KbuMCNootWp0zkh6uhrgnQY4xGirEulGSUBEfbLf+V/C/cuOFK0jl/b
+ zd4R/8Mqx3AfIdDioiOl65Fh4NelNpPMZ5Z2viS+U4pRJdI5+7nnSiPoGwnPeS77
+ OdHZiHd71VLJSwW7r5R6FmM9dfKg60EUAvyVZXHnt63vCJybGw90WrRM8jdFZYcG
+ 9Zj5U2xywiAN8/DzBUC3EoR7arzp9WtGMCskU8XF4wANClbs0pAOXcVoZ+lXVo1R
+ u2skGnob/hVpwLa6VUWwS3/ph9GO0YTTXnWnsXem+TTx2wg8HA0QZ3hdKiSx60Ab
+ QZElAJUe22GiMexBkleqHX0kF4OjX4h2xclihzlI9sHse9M/5CcqWckODacNomQZ
+ NiJj91eyxkA2TI3PXePWjgMtc3YokMyszviAu+uwuKU//7BEZrQ4IU+httWVzO/S
+ XgFzyY+zfWmCDo2fQLxWeL358VgDkJUPY/J7JoqDRzl9qkfkrhruojqjOly9v6ig
+ AgQCVoNzaQM+u35aPMaWW4Fplo62ox9lhbeXJ0juAFPFbIII+47GGFFhvOMbprA=
+ =KlTG
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdASInfjzYXG8OBDkWdFhrhM9MbPOqnACkmLX/iYH164nww
+ RWN4hXfQD+mQJyVdtvx5oPp1ALrX9/HgWaYEyLCVFGEI4cra3qOuvG7nXDCrZgXn
+ 0l4B2jTrhAeQlelek7YdVvmBxD+pZZzlgjwUccQu/jyqwBOuY3uUEHqkOfaTynwa
+ 68U9XkkVgUe1rRG6oYlHMWcCgpGi34HnO3oyv87rM8UG9a+U5FpErkbGgcFvkjxH
+ =64mQ
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdA4xYlygBA92kiyWrSqky+2gpCEPIRjSwfzwPkK38XRlsw
+ Zjr8hIWzDiGd9uYE6mwdUMY/OuGZhq78ii+vRl/ul8bINDq1XQtG31MAV0sUhMaF
+ 0lgBSAg93UUf2PK2Mme5QXqHBXwkMN1/pjIZ45h+EVedTrW2nX0VzdOy/yrr9Z8+
+ Jr5jQarfxEmvY2TJpUc2FRJHoWOqtYelGqjixRtJ3p4ZkhdPS6pJezfL
+ =sUyW
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:08Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//UKGVELZbbBiY1+5xjEUNKbB3EvkeKXfsHrmT91TIE+0H
+ A2tOb4+rz6Sg5gjCRZceUIDGaOsy8rEo5PaF4l7gt/ygB97szPmPlVVWCQYsOFkj
+ E3XxH7nwofDD2y8p5eHdZ1h/txwoU62h8aSNmUVK/He9l+eF30qqhQpSe+L7IqLe
+ lPp9OG4WLLRPZG2xjmC7NxVPYALhA4r1iIdgMXUWBW5FvS3PTEZAdQ+C5OhzyZse
+ 3gehKnvEfJsEOcuCaaOGqEMeZqjmaO7CORZDoYEehaG+qOAw3Zkoa/nHFn5CN45Y
+ kRqxCJSlbjvmvWwdOZ+dLpx4xhvLKjYljswcK7IiS299KbyVNYln3A1pGEx7B/Du
+ YgpHmRNa+HR2KiedfxTrSS9z5SnBFch8s/ilkXJC2I1/T/iML7IIQazG8tqlpoja
+ fY8HQy6TKCKshP2wcjZ8mDZPCbxKRgvqDQ9f76CRgiMixFX1YBqarCX+/zPW3Vn6
+ hahwPkVyVTuRP+atDiFEGm+6OGOdQTNx+kVjKqi0ycerjbfvsawHAzlH5hTMKe6G
+ OA9b8lhJqLpv2Aqejo9JPZj6iSvhm3sPTJfDYocaF1ByHE8W6B4jLvMw8w7t7/kh
+ iBZLhaqNt04A/P6HXbR3cwzfi2FedxNO/MWPbUd1fwkninDA+jJikNMshT8NIoTS
+ XgHLZrq6ojv9A0qLv0U1mc43YEsc5xqJ/Nbelrq7KUODkBadyy8gE6iCqliRVJd8
+ Nux3TMgoXnT9/ycPPXwC0Bj1gnKZLf1lVRXjXelUtbLRiuaZxYB5fRsQVunsk/A=
+ =faMy
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/netbox.sops.yaml b/inventories/chaosknoten/host_vars/netbox.sops.yaml
new file mode 100644
index 0000000..3ae3b55
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/netbox.sops.yaml
@@ -0,0 +1,222 @@
+netbox__db_password: ENC[AES256_GCM,data:4k0wmOe1c5AE298Juw5HMm5dttTKB1WsVxha4MwaIILpyIbJO0CfmzjYflfBTFPPGgVeuYdCobzchzqkP+8eAQ==,iv:25Cj2BLGJK9tMDr42AqV1IzJc5zG2dk1YH5vC0b1T3M=,tag:knyB+nALZwME8y7CAQ4BCg==,type:str]
+secret__netbox_secret_key: ENC[AES256_GCM,data:zPzoFK5Sx7gJ31/Apwex9ffFU/GY+HxIfwrItCW68MM4kVvS33e+LY4cI0vbPYEUF10=,iv:SjpKxyxSAVo+p9vvE/YAQFCzAEudcZ1lwnJ6scxeQD4=,tag:oA+lBep610IfelGwdTohvw==,type:str]
+secret__netbox_social_auth_keycloak_secret: ENC[AES256_GCM,data:HP753hmQ7ssbYSQRH0zcRC0vRN5bKptvMXo9jjzcuk4=,iv:GQUoojXLAJxqdB92kKLhavDaka0Rkkg2uocBLshdvTk=,tag:LVnL/JHMsAd5UmmpnUv7og==,type:str]
+sops:
+ lastmodified: "2025-05-04T13:54:30Z"
+ mac: ENC[AES256_GCM,data:/+JlBnsQuJrx3+CXlH/0dtst8PdBw7cTnUpBavcQRXFjd5PsZ54kUCosFu7Y2ngL9xh6WOWKSJCKpHFb8TCrBhslJz+8SQiH97py9m59diMwG5m/RF3I3YHBIoonSZvl8ocDTbz5myycS41fad3CMs5XtGt/vEcceSFhgqjZs9A=,iv:yL8aRIn22zmTIQ53/e71t6o2z7q1fyvmgqvpz4va39M=,tag:DH1oCBbdOgK2NdanzMSn9w==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtARAAgv0wpzF+jFkc/5dlF9m33aXqRacTsTJutFkSv+NcCHwL
+ nbOjXr817ujXarA+NNFeu58FQEW9+fxA1T1O2azbgtOz0xXdlDfkSkS8kCm4B335
+ cAu8B8UwDwMOpiRgmHrsnFmvDct1sOZ/tgnd6AB1bgSyKijNGtdIfAimbOM0pEo4
+ pNWkwh6WdsbjpSFohfuh5c3yc2unCKLV42QDyPbGYmE/MP88DW/bgBNmhept1vGM
+ k72Ih1lCaRcqZLEDaL042ttSqk3MCK8tbAzq5682MAyIJGq0H+OU4uysPgsxy7GS
+ OGDmyDHOD557msVZ+ftHpQKDsHMdN//DDo66uUR4VCS2IqILVAo4mFAbmbzF+yZ0
+ Bt79T2Cgd+c2GdhiZ7pADtuVmLGE24mw5FXxCQxb/fbouXidH+2neVIjPCqzJE7b
+ yJoaYMIo3gWIdIM7fhlFnWrh4KGMh8z/eaVW3oG2uPCtO5OBpts1VCmvcmBBE4JT
+ kTz/1w/v3kz0rwze9JTKXHyg2wK1chn5V20T+5SwP6MAL25zxZa/tlPHEIH3lte/
+ x0LHEU/5WXcQLYpYxNF7yy0mrwRlMs0SLRxC2l1Txk/O7xFffnFL0I5vBluxLU3y
+ FMB5EtIUamapM3FuOC+hzf9rCE4I+fQJ/8aBQD2hjzOQNamg7CTXTNWldbzKL/DS
+ XAHo8+Rd9b1dvjzZfxfRp/bF5Av2bfTO65lb9G6YiBHLD7+AFbo2Pn7NWh9X6J7I
+ qpYAK9Wfs0sFNm/UIhmSkFJIXmlhMbrsp14ebfH305OSoe+dvkHfLD50frdG
+ =3PUx
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAkHsW/Uz7zqX2bvbgP1SlNiQGJ979f/wAHA0q154N22r9
+ 02H3RB9zlyLQhEYlBKC8X1O7N8l4ZTod5GNGeWeqiEUacTve084u+rkrLz9HaNxt
+ Tfdpq0fqGofEvThOUB9I2B7yWahg1g+D5xee1PLhB03dhMwlWgfj2hD2+7oshlTi
+ USJsY7mR4GImWYVqcm9/nANpoQzEYJ24K0h6dw8NBDvgLPQAB8h6Td7DjXJw8NX4
+ 21gfToS8E62gUV+K66MYwCZWuc/FxS2DZz4pewm2R52ReP7yl/nmpqlYb0iCfiTC
+ RmxhFbV6+E73sPzKjK8BJDMB6k4uPHFu5Hkh86o3XjwkpAaX84EzjVKi3VIGTLG3
+ biyeWwh6efCjUhXptaGTIFZscdGiEDJGtTn0Z0J8iDXotb6pZms2Cde+oXpg2CBX
+ i6uiKiz/KtBaRNYbrb8rcDQ3IHcO8WWSvAp6dYrbOmY/bYu6q2dc4hhTVs4JFVzr
+ 5I8m5jRQdzyhaoB88S23VKS1jaOUwYhN1THKPAmcR840kAA217Jq/GwUoBx/G1t5
+ DJQmStvo5f+nYBB6N/PVNzUWLU6gblFYiYnDIFy8hFHYmkmmWjU5J6qfITyzTULa
+ f079U9SJiqdE/t5UELAPbvIz/Hl0nGemJfit3XhZV3IelaFCxSJUR4DmE+rXTV3S
+ XAE1zXyTvV6b9bYkjY6UvUMETH3NbR3yYjn2CMnnHiPykF6rK7jXQ7Z6AP+drna+
+ q9B0cmmMmGx1LcwO60wBOdbDyWsw/6aCt7SaMwX7CXw8kzQ7ZNRQDPrXtLPM
+ =3SiJ
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAAyfykThjQAYOrOMy+nHwMHNXhmQRhHwtLIb+WEekWkRP+
+ +t88NlZ0fgtQtKVZbme8V2a0TCFXK7DFmC/6ZYtawfSR6LsJCsybQ5iEXEiLnaMd
+ mddYwQocrHC8/P+MPPvG4Wu7WzPc1yl95k/GR/M/o/Jef5nsmlfsO4fEJbB1tVTc
+ rGjFZidiFIsJ12Nt0DavJi5iV+wXcrFkAEdDWSCbmp+93IVK2kEeSnSEJ2I0JOHz
+ 8EuroP9wGFSaq2pcVhEHs8LBm8fjUizMZGOVTjZPVWLH9Jc55Qwm+APKBMHkoAEW
+ KaX63+uj/IgqDKTo556JyYhK4ZzexPwduelsWfOYOY+r2coW0bV5haFEq4pvHMJH
+ 7A6m10lM2XcUzEC1j9r0BxPJuLtS5sYhub9gWsgxHsCbgArKcvkEfpC3ZRJyOmvo
+ 1EbB1Stvh4vr++ASmHlLl314qpLSt1YEYtBhGKg5XUPnGM86fOYOtH+pX9fOM5dk
+ xC4CXKLRmOfRcR+rllGoliyUrrXMTugf5r/UEeYOrSsKd40JsVPVC123Uoo8Y2j9
+ FO7xGVQ3WBy4rDrqjRXoV1nakdKOvGD8iS0hSGs8yk569YtKA34RLAcwpji3U+sm
+ wIE4X/Z6Vyrsht/PvsbIcptexG2rxq7dze7eZd1T5C/pdcwh+rQG0ujJ/GB7klnS
+ XAHpuT2TgiN3oGIKMZh2cqfJ/rEBd61pvWMJQYW6ve2JhxSNL/Zo25GxsDoCzoqO
+ ruhYleZuFEYyuVIJQ1ePwt6AeQ4yy2PaNmZAJgW5scbSn0LKMoX3T8oRtgxN
+ =tPWV
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/+IFSE4p67ld1nl5V8FYCHwDoZBAFKBz89KNv6nMmKZiVE
+ sa41YCWky0d8Tv3QXiYyL0jZuyQpN3DSXNrtQLHbjHya/mvHT16Oi51/A5ZvW8Sk
+ dABW7DHokET8cmtUpnhpx2hKGG2SbbkkGmZCBKOveVn5wq5VUPDqJjOF0P4wZWh6
+ IkEQFfequPcCsM8MAtM3ocC5Lkkjwb91p0e0A35gE92kms7iPE7ecX2DJIiaATIs
+ ABRmcgwOJeuYV7nhvpFbq5FSBUXvjuVN9IGfIG3Dl+IcCYg5xF2eJWnK/sOiqNmc
+ uFoPkaoueTYEZkgwg9ItAvHN853WPzt7ppsduEvd3kwnsCrtj+veylr1upTjxQJK
+ Rx2+a70NJz9+eaVm4hLMBDl9Ov6cEril+vZU/N0x3tSQ/vZgAJ+ofK803k6717Mn
+ TkSLjLkP6BNoKI7DLMLfxiCy0IssDsiX1po2wPSn2sDa+4rYt8U9dhfI8wYzUF5Z
+ T8IGE7ZdVvGR0FfxbPdFgxeNJSPv7atIWemnqEAMQ5fVFQ3JsBS8xHoqoLcLJHh0
+ Q8A+HPU3oSiU2ZjGlAM9yKWdUjz/DWeo0HodqaNBonJqCaxids0P0oHSGbTB6xY2
+ pYYXnD9knobCUr/etjv1eMvU3lIi8bz8Xmdn4KKmWr2SQKmxUU+9Mf1BWWq45PjS
+ XAFK4pHgiE3+YLK4ygIrjBFls6g3BPQA6rUZAiFzsr2D0g16rejdhosacoJcKcGd
+ rpYHLCfu1CfgSlz3Qx3Ass5TD+xwHdsfT9SPpRQZSoxxpcxmDUcYpqdwGeO7
+ =Fnjp
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAHaWsbzMdKQlM4f16MMkD06MaR9hPsvalNE1/K4d8Mygw
+ j5vWYfwadl8XuI/GRoyZG8hnddb0Vg545yVcHk/+0+W/SfWFzwhhvDUX8H6Qr8n8
+ 0lwB89rZt3ztUxEN+C/0UAlhFZVb1OWZ+xpDC2u53j3f/zxAtCUKjJA/cqlL9sLG
+ u037d6B3Wn0XZsmC+jK67BFZiMWs4ZD5oM03rXMLqTVMuDzjV0LO5rUFDgiq6Q==
+ =CzYe
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+PmNa3+9KdW8QK3Qp0xFsA5JCwFJ+ePnZqSy++0o39Cxf
+ htNykQUd1aNmHjlBTmfomzoGe4L8mIRULbVRDB39d8bqHI2EIUibFK2MPQrSvF9x
+ WLk3BLCKjBf0jja6y9DsgNHMIKOVKJKZ8+MSNiEwPr5yy3t+wRXIE7bTfRCSj2vO
+ mQ8MtN6XHH1klcg2MzQ2VBgt0/TgKNYRnF18d0bTzNTPg0XMosd9vT3HIdYNVtRG
+ Bs88WxoLQX4ki9B00R1diWneW3TNkD+SG+3QdbQYbkwfKVE7+/ZY1zbmAf9bUfM1
+ FAyUeUH2ZfiqDnGTTSQEyLjWXsPx8OmaeWHdvY+Nay1tQxfyvdFldjmkhnhUYhot
+ epu4o0vih7y8dPAPvD2v3eflXo4I0R8kANKDkVZmB/ugayeR27Uv6+Rb6XQ27aKc
+ qrYMEzWsNJ14Cz/mM2eqyPBaI5mxhttxlFuPRho+wz1XISqsmJz14VojT18dtY5q
+ 3gv2dvzap9+xbs2+d8VnNvjWzocJYXy18ZLoZomNIuuKl6s0OdNEQxiC1/riWMIO
+ QjkbPt3037rtM5ZczhzgFLm1r45/nFx+T7nm42fEVLYnEP4Ln8bgvsasKHOoAocs
+ QWxUFMQ1VAyMs/IftTnxMZQe6eJmqHthH+3q/wYhIqsPy3r8gnkuqjqwoCb/XTrS
+ XAEQB91o4HxiecHP6Ks7QGI3+Z1CbEF3GWBrhCVtI0j+s+r0qsSa+6zeyaSK2Z2f
+ uRQijSuYw09UTsQHY3dsxZm1KNebkXXzVqrY1Wt9Qtf2Yr2seZiCPygvPVLB
+ =aDv7
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//bEgJM9+WRz3K5KwV9I7fpiAb+BoXfNWh/mnwUGLv8FRP
+ aq72bbw1vXqBhI4jkna42eJVUm2AThL/q0QOJvGKDtud0MjJyS1tZj44kfwwC90E
+ QrybaasPvZ0WOLmSQO9DW8oyoqDqM8ue8smN9HJTOfHl15QV1oXWYjH0j2l1D/AC
+ 2iqLW7KOzo+zFr3s7HxXnCgv9/BwqmafW742aKM8amRb885b4CAzFKvhrYlvQ43T
+ Tntgp63veu+IIW1YiqrdLld+hJpPaVHHDuCRANuQ3r8hQlzjOMC0ZeAW0uXnRuIc
+ 3fOk+uQxV/POIauSQskUXSHztD8CacVjUyySi0+ZFTtJo39ulykalVy01UCNuWVE
+ O1cJW6I5ItpBsUqb6KZyMVVgQa5Iv4JkrTEaOsPXC/O8wb+JxiAz06rb8j0rn+Yx
+ z623wZNi+QwvFPc1c62DXFZN9sxFY1xcildSpjh/h491FAUE+QKYEPIMf7ChyqRw
+ uVc9A1f+tJFI9M+gzWYI0A0+Wbl5V4wMdJKzzSyZJAK4+AyJjfpwHRU33vvOk/MO
+ Cz5VdrCs0WQ/x34KauuM//AranbqjG7QLGVZT0pkknSyG57NF+T9KI8aZ/i3E1La
+ 9LEnMf50WLf0kBX7OrGryFs4RrFNWsTfSt37X1EZCmWubGTiINc96JsMQIa00bjS
+ XAEOFQq9PM2w/X8RyLnaE0s4m0gau9baCQxonUwq37S+XbjKreupgY1SldcyVMsU
+ RUWiwJwVMNI3UGdQ4LBoJYstTEhH2HLQFZecw0dlZfrLtGgWJAPYvRWAx8uw
+ =iOrq
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqARAAjJP/zQeLJ1qXKrz4ck4x+8z1TJx91XQU1aXLWLZjLcAw
+ 4v2G4ikG75WLfJcHaHNS56bhYKhPt4/xzmse16O8xuztz8xLVKsYuChna1J96IiU
+ pk0GbfWK5N/BVgPlntFE29gwXc2XhBSucHVwe9XseuIAlu99+OSf18TVXC41tKmQ
+ ZuvxgLMy5gLlt8fLLmsrgU7JM6QQXD/zfdziI9acrDw4CYKgE0Yt16+/JGCO4LI+
+ 2yeoV/GvFTS431lsVmTxhC59DVNCVXW36o6EKQxXjcLFhuzNxCSI+hUZYJr476XS
+ wgdHQWoKrTL8B6l4nJ4/2zR6ltFM3JZi62aNW88DvW/SmJsHXt1b1tATie4kVpLo
+ S1ns85v0A4NmXmDyxiORVbGT087AvdtoJw3TbLNNYiWdE1FakNW9KVcjVeqly9XA
+ Kjr72wdyRE1vyjsuDtUnM9Apuo9V2PWtfqrsNqYxgK9WJPFEzVlvhD1CkXXXsdfh
+ ncVIywwU0CYG9xOAR7DTO/pPKa+faZStU3bRlE89D+9+iUkLXqJnjx4ZPUeIMg4v
+ oByjEAX0jOqJLsUR10tSmJ7hrmdWoKSJTVEdx6pc45jyt6CZD5EOl7qMlteCVZAg
+ gkkZ71uQLde5CRFrEPIJ3UdF8xDvnjJ8HgoaLCv9AewMlWiMNrGWV31rFqp7CRnS
+ XAGsOtTt6y6VT5C1rKamG4IKK998ycirXQPlwC1svxP44sRS/LE9OI820jEiGUxT
+ SYeFvLISOje6f8Qf34hP9X5MmyxQd0lqMiOt8lkGj2GDqFzKsrKeu1cpylby
+ =Fivv
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//WS8zjYnuGKpQ63BdGAEU55mAlGu8etvOLlj3JGL/EAjX
+ CKadwY1gIPjN/AZzDN8twadasFE/o02Cz1hLAPQIS4IYgh2L5pZZVm6D/5v0rQgJ
+ Da74NBoFKXLD7D7P/+abLTFSrTG7u3rRL8AAOsXHiMpyxn1AgvNPS/lHrdTWi/7Y
+ RfvjaMqjynZs6tsOZrQjUjz1mdwZ0Pl0g4soJ/4KBN5riz+U5wubKb8g1qxEaWZ+
+ CiyGcF6rHfL1/7rugg+Z7QhRlW09wAqkQzpeB9h3rIqczqsPZVuw2gtBhSnjAGa2
+ i2q8HWFwegJYMemSxtqyO4kdtMp8J/KOXQ235ge96kMfid0muFeqD4QehSqaSta4
+ gJsPiQslhlRyBUraTAzWo+1Pgx6oBpU2Z4GD3xAsKyQ6m+wVg+7OsZJYXuMt3Y6n
+ DkMfbjJOvGUlN1XiZM5GT3YqRFFXpmn1NZ4RMBHv61vDuq6z9EWm/+6i/tR/ugxM
+ Y+qiBYohMEIwdEpzlVZVQElCt9atKPk4YLnpele/midAKVwtBnQ+IpNEjKEtXSYe
+ QYDRVu+OkYSiMxvnJ1ZmL4lKJVHhHtQ6Pi4xkK0eTPUaWvCI6T+t4Dj9r/OJTbLW
+ APOXEQ54CnDmGqG83op1wdMuwmw8edEBowogILlUyaP8mB3cK9KJt7B/31ntlc3S
+ XAFQHLwHWB3PjCYiegJYQUbXIAfL/cdTwwBfmX8uMDerJ81IQSzu5hVDhIL9pE7l
+ UVWxGbGzfUdTE2U45M082DrjTmBkV3RdE0Y3JaBqPJ0oVQh6p1aM4d2aqyhk
+ =nWD2
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAr+L6oXEIIepvoeDrCt4z9snnaxL/Pmp6dpCAkxaXXmIw
+ 5J6eEv5G83So6+XXJXvOaoneKu5qevc0fSbEBAhJfKBUYk/ygb5seBcGycBWQhDL
+ 0lwB+3jIywPou71D15VbcMJQuWshrGPkpEf8/7aaL3kiZAQbxtuajECD6/0zk9E5
+ /owG/AWfR/W8bHJ2S/CFHb+m+aLHWI0emOg/OMGKjLG4JrarB3tbdsPcdH+8jQ==
+ =K0rr
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAkzDgkAALby9UfWjtDDCJEgMH/tcIAHWeRqOx7CyojjMw
+ 0XdXIl6Q6x82GOnYKtJuFkvpGc+fSoREGiAVCOzaXi9J3vKUV410nSQEpyXuiC4c
+ 0lYBDC0rwF3mDKX7Pd7LZCH5ImaJiUB26Q6M2k6bfVhSyTygADlqcrvev6buc7sC
+ 1cfZdBGkTLJeqADe5p3+wJvHiUvK/VhlwV+hXt8PBkywDpSyLgaGWg==
+ =x/XZ
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:09Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAAuQj5yvmmxjrUXFquA58u8LqIIn9lS8fW04vvO7s66Kt3
+ RhwiM1K+uTpPD0IeYO4t7xUpfQwxLKGybVBvOnjisWyTWZYWRPvpqpR8mrt/od0R
+ 3GcB/hval/O2HtL/CwtOwMu4RcfNKVMozLpZjWYZ5N61UgHgnSPxqAbizh2MDPJ9
+ UCM3PesL54kwBDxGUgoCOD+EnIlUOIFFrys6GLWHLqQhNsNgOeXtYQAiFhMuCzqC
+ PVeKqOJrRD5q/mgRnOnMhXC6E5xgOOHB1war4rDaEF6rx0YujgiMt/c4NTqFPM36
+ aMF1Kw/XawEQthhXdCcxYtQefcAs1lFhAhAo93tGcqnwQc6MrfIgKJV8pdE8FBAk
+ xGhzQlwjQsilJ/YoXvNDm6Iy0UH1WVVcVRSKE+ogC9dw1JyG3tu4kfp7GioQvhkD
+ tGEg/9hNMcWXa7Gbyr3kCpmTHuaJGaC8R4dy0rzL/SXDMfWm3zbFZVZoZieOuzeX
+ gl1F6bUnc4gUnlOa2XPYYrIVWfQMdAJYbj6ywvl0lMLxeOtStcYVD1EdRhiGEWrJ
+ 9YoEjDAMg99WHfEvNSe+90CnBPY/UNig97lcdGZzmKAYIMh5OutJsS5t+Lx318Yn
+ C8dDvk7QbDyG0lgaZHAAeY1SPbVW4eUdRxZIOrGPsiRUpzYxlExLVdy8vtXfFHnS
+ XAEc6y4UA3fhOYN7i6MZNVye186v9gZZyGjeZX1nLJN130A1TwMOg/tIeuFBmxpO
+ 0C4SX0xckcZQuWCR51Xjeu4hDCeMVQJuMJaypjhVoyQPiw4yaWWbELuSC5/F
+ =ERpn
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml
index 2304112..4726885 100644
--- a/inventories/chaosknoten/host_vars/netbox.yaml
+++ b/inventories/chaosknoten/host_vars/netbox.yaml
@@ -1,5 +1,4 @@
netbox__version: "v4.1.7"
-netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}"
netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}"
netbox__custom_pipeline_oidc_group_and_role_mapping: true
diff --git a/inventories/chaosknoten/host_vars/ntfy.sops.yaml b/inventories/chaosknoten/host_vars/ntfy.sops.yaml
new file mode 100644
index 0000000..a839591
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/ntfy.sops.yaml
@@ -0,0 +1,227 @@
+secret__loki_chaos: ENC[AES256_GCM,data:LWFTOyER+m021ogmXYBrcr/2fUe3XuZhs5ho0KbM,iv:808LWnSUAPeclhsIgOyR6SutTvJGOu7mrGaVayo7v8M=,tag:f2WCPyUESfMiGDQ4Km5Dyw==,type:str]
+secret__metrics_chaos: ENC[AES256_GCM,data:lAepzCI4pwkF8KiGYzGnC4dPASdHDn+LfbJTFSvt,iv:EUW+CGeYUqhY4G1kb2bbU16j9iLwABHfRCdn2vac5gY=,tag:IcyscB9lZuZgC04XTxDb5w==,type:str]
+secret__ntfy_web_push_private_key: ENC[AES256_GCM,data:YqNEYa1Ln3NFpNoIuBUN1V/WRzod5HAtYueBJYHOwyM59cCaYhQR1S9aQg==,iv:t8bEs5ZAEe6pqbbOb0mpJdfgruX1P9Jd+sbNurGqkng=,tag:Cdy5HKkvb55V6AeRt+MVHg==,type:str]
+ntfy:
+ user:
+ admin: ENC[AES256_GCM,data:kwGLrQXBiqKRoHkStGzYiC0fbcGgQHdZrrk9NyZtcZcI4nrKTGx1sxrHOMI=,iv:ACrBFMOP6rkfshOgB+a32TFWH1OKhQaoHcYgwHx+tao=,tag:2QTWmH/vAzIWAjaOHOkrXg==,type:str]
+ uwrite: ENC[AES256_GCM,data:Jijz+zCPpzSaIEo0xhicKlMhWSewJNJ9GXJGYuohq1E=,iv:gnjEX3N0txcBIkJm5bOs4JfKVsdi5URgoMAmquCMqKQ=,tag:Fip0hA52NeaMODb9XxjInQ==,type:str]
+ uread: ENC[AES256_GCM,data:ZODLyYx15c/rPzKexoLURwA=,iv:WqUrXexY/RBAseUwiLPBVYpA5zqJeYBW8mmcvPvjtyI=,tag:SjB4OaTgIaVKHDe4JjDN3Q==,type:str]
+sops:
+ lastmodified: "2025-06-12T17:19:27Z"
+ mac: ENC[AES256_GCM,data:mlJuYT16bx9nEFw9IRm/Tf1y0HF1aVzx8BXhf0VKWkrBQCyzx/qbjIBXIXl22wzMrz/KCZ/diNRx0Wdq2J2u3n92NQtziiDZKwK+t/zz68+cCZAgktmO0vYc+BJ5GoJPuSmeMwHkaJqt3zYGQNzOJAYK9DPrK2AIbo+O21FgtvM=,iv:c5AmWi89ZLR00LqG+bKnbW3WfmIYsyz0X9A5r91Rar0=,tag:x3vf2WTu7naRdwQbKfrJCA==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtARAAqRsY2gr7q2ZVfuiu20XpFK4czrXPpp65Bpe+6GWfxl7G
+ hlS7o8Hb6+l7LGyjpz6Av8aA9OALiL+9TdDHUSzrIuZayC+Z6SQ8e/zcQ7TOkDxR
+ QO3lGIG9coQwDQmHNHt2VytBZYz0lffKSc1PCAzj40n7GKM+ZGCoTyhwwA3tRDXC
+ SOGz6Jq/tH38O4fb5+rFLf3jIT/b06zCP/Zz8Bo68emYhmV/f2fXqay707HtMQQg
+ gb1xhyFMzyJzQBrUogruDhXKqVVq4eih5RAEzvXjDpGaFQ69eZTkj04WfGASjoi7
+ OaxpwfdpnVzmoaUo8/R5fLfPa1iSZK4FSwzZpzOpfvodRutpB3QhOdnWtiywR7Rj
+ FPrKWr+l7yX+MBWpvuaV9qKJcwPxhn+4pGr59V61k78yAs60L1ca05Ua9/l8PO11
+ qgCMeVhHX7IXm6RGOTO2i1dz61G9fYI3oMJ4USshDVdsFPV/OV5dBX5Zkcz+i/rH
+ 2XT3eOerAtLFiHYmSnsGMEESallPDAF1rgg0HOFE1FnSw64not/eaTCGdhCy7UHX
+ 5k89BQ4PArs914XSvdA5b1ydel3dU/LWWT/pra52IcAusRqLMZfiHXF/KuUH7ua/
+ XfZ8ljcJ65FpVqAvs6xQeBGVZQoS+WyePcv1/BJkWl4QOtXCiDAMJrKVfxAM8w3S
+ XAFUtaSpYoHGooRWU51pvimpFLGvlbc/A+NRAsKkdkgMc3g/eGQkE9uLhTw8gP6c
+ vSS5yv1k1DkCE3Sff+nrD5+4o7tBFjRP4XWWLdAxRwviOUIpQdIMqUzC8YvH
+ =yE5T
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAifILi6nUR11lUf0Dyv3V26tIKqh0T7T61rcivJAzHxAu
+ TphvUwzGx7qxZRtu/B64pyFFMk3D9kd9yEN+7MXasyS0Fz9GIRY4W5OTo0xHnthU
+ vjRo6htVg6Xc4+DYlT8Et/eXqYt37dGGMu9JbV9lYDwgUTQph46vqTn8OoOSqWcQ
+ gSiw1QjsjXoMuKjUZ7ut+gik/qVG96OZk+MFuez8V7xcClVUYM4RHHD8JTP/pip5
+ 7DzZARVacxrybu67FwEtkkhLjkzOwm6gUE1GAfGOOjianIepojyOv/503BfbErqF
+ vjEFncQI/3eSDIAQvUcGOCmKwm7arOdWZYvxSQSUz2tDBS9GeK9I/PRsRRkj3mg7
+ /ZComfo/DVdp0/LzFYVNYGhKUR+n1XLzumjYzRsNb3CAD8uo4N0OfzN5XUw6OQlo
+ G7MRGZJZDJHQAiMrMaT1JRM/9c8TmNh3Q4hPD7xWB0swASnFWfSAnJXJnrPdzNaY
+ D1ycyO4eCM6xQEOuTqubW7rVFr9qgdspZMzAMAit/1cX3fqZyQj8m7L0260hdxAJ
+ f7WmR2KpcJ6J+FAdYD3HzrRbNXXOGGYzlEeq/6Gd6OYyc929m+gNUjskKWvNv90u
+ f69u5aBWyk2OU9iToxqPOfAi3cpSWY3EuoyO77sya8tRKfzjlfYs9PsKHlXXj8zS
+ XAH20hg9ndSWiyXLSzuiBoocf4veHrCOkAnS3m9U0heJ28i5RrBj/ILZ1RWqHY97
+ 1urwfro8fB9ZzEQB6UmqucSRqCghR1wPVk5/9U0BhIeULHOk/WymAUoksKav
+ =0xuz
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAA0fyCiD5hpm2Mq8Mgal8yElGmiKl4H607Ik0tHSSGJ2sj
+ NSlYv6xSxGHp5y2RrXGBjDkDE93lg0JRyjB8CA+XRq2UxpvBpvIWJQ5TqQFj86fO
+ Ni1u726BfcSEh8BV6LiOWjdQFOGu1UVwuy/R7WV660PNwj/Cb7EMWsHhJ4/t35Ec
+ EpOjBeL28+daezH5b6JwMHGZCkXLXMu6NUOx5Kd2RBEpqwB5uDBOKqFKlR5Joeel
+ pExbPsREZkilQRcYiqg7q8xy6jMqUMAEdUHNnUtY/Y4K4M4dWL6spqFcTc2BTqAO
+ NKPjLuizHRcu9byrMjoLPZfusNY4SFPBa4xLZha9/ypsuIUm1/47H0mp5k3fYiX0
+ uAbUT72h4q/9MHlX+fd/C46TIE4r3liJI4l81e6KJlPdlMOt66lNL67mWhi7tKBT
+ qKCVjJdn2OitZAbwSAQ215h8LazWzd1hASU3h4TVnlpOrRWcVwFxvS9uhe+7HUIV
+ DMG9Xw8iU5xUHKp9zvGvgGDX/W6eLBFGJxWcLHYEaiVcZ0KNg50PfQbhV6LHBT1t
+ 4oL/4r+gER+M/uHVbKoKqxOk8qzgimdGkSxlZfTFpYen+zjj2v5zW0FAbfz/n4KD
+ WcZf60j47rzNEx/NwYSsaP01+G+KgPGe/xYyTFKxGrYyxQRUkyLQQQB1H+OBGBzS
+ XAGVnhZOzAjWv0OCNAcYp0ZudqopN+PAgK4+xO2FmyOHO9YNmFPBtiH6Q0K1UIr1
+ prbxePJIAAP8AmaoHJWXgVLTwMrGFohYqQtXfT3D9fIbIVx3KRM6SekM/30o
+ =ypL4
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/+LtvkdJgZEVahtwfnYUbg+K+oleFw7V9nVeZOtpmqABTi
+ LsroF2PsatpKxusPDSoqQqj6fvKliCPcm/5UpEExqotKqi0YORhdHrFm9plju8uB
+ 1KiUmhnK/XiIZWp+HltZO9emelCmoU1NNjzs4Ayn1zK0SkY2ADYKI91mjmtLnu+Q
+ ca5QygiZ/RKAfSkyjCRyR2nhtNov8U3Ii0Erm0pkPh/XXrqBzjcuJKEGHp0Qj0Fj
+ MxCRxCCnuRaAbgQNQPCwGf+r9KNfvUIhZAWC4zFj1rd7XVxOUiPqVEUBviZvsC6t
+ rQtn3k7WEf/xlKmBS07PyJ04zplYv4AX1qkJU2qZcAR73vKtDnVFX51RYZrPyUhC
+ sQX/ZxANG54bmAco4k6/8+c+qbf3+0gyWuAPb/SGanaG0zR/ah0EUqXdlAF6pvJs
+ sV6uiamgK/qfMMz5OlPcHcqSL4iiZ7C1fIUkqRm6M+dY/TaELSgqLOPYescv9zvF
+ cWqxDcQ62UKTy6+khSVH9HXPmZ9x9uPZpyXNpwUKDYZIzAU3vRN1K1Pyt6ppYrur
+ HkNxJvXSxBXZFIOLCuZF3PnlxQQUTi24a9/Y9Fng401fUfQxWZTadKVV7iusBx8p
+ pC6KsWvVsL8W7aeFQSBXHNIsXGSMf+jdZXBAihtcg2cs7qXkhXlnjr8Tlovlg27S
+ XAHhM1w4Awy5+YxNIorJZDa+Ia4jczlgL1FO40ktLhQC1hz3huFGU/YK6Nla1Mk2
+ bQYZZYBjfuKcRqmIFFC6T6VAdA2wbvc6+lQAcLo5yBxz7o+KOcgQtTZ9X7as
+ =d42u
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAHtMliHz0MplHDFWRgKJFtfN96CpI+DOnUZ5j/QbY4H8w
+ g8NzKK7NUd5UAmPKHpO/yFiVUYltXkgJqIrd0QAZ5jBVHSKLmhdxsqWIRnUSTRqY
+ 0lwByOPxnHWqi9I0kpwAHcvCqohuIw0k3cihZiGjFGclNtUU24uc4uT9GyX3qxGu
+ jDhRd0qke+wM+NzJ2f5fVLYjCC7bTBV9q46unsnuvAidU0KXm6S35YlpTgcZ9g==
+ =lPzg
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+OEcxoM4a+dGsTuBV8GZF6Ddy+NXf47SnZ4QLdliYaYGd
+ fPpyxM0wpyO/BtDE0uFyPpBPLKKCgzh7zlQDnR1zfYzlCr/Y+IB5BLRD19+Abkwg
+ TFFrpFp3l40I7jRXNfGFge7t22gz5owdSzZfI0Pz5mXuFfX2zAwtc0sV0A0paIMp
+ fcmLwASp5Bvhgr2DoCah95DkDEwHlS+UwHZoWe+cOrwaBaV8iqomjxYEywivG+Ie
+ VV+1xUhMIDdWrdmh+Nt39eOMra5X7M7eQhMmWe++uW4UyQgZo2+Jm3s12GMyc8oe
+ mcDqhgdZ/5jBQEhteBB3wZaySfxozI1aYh4GhscIGhMJ2PMTtEBrR1CuGey8RMzo
+ 9jA6XrGnQP+X4c9b4GBii3rvrRRRS3Y6CI0HOrk6MkWr9S0SW9ypQKgEDQB3O7xX
+ +N19w7jezyGWWG/G4eLnbSlxeX3ZnvDFAQcQJCqu4vEi5Ux0dTpoT69D9/St083z
+ Q1BJduBumC49fAnXvdFxgzvcYfjb56SWFByMcYNaEn/ut+WRkFZ2H5vP+HO8+hmu
+ qPEIjmh9KhTWgOLL1wYTCsfkD+ZMTAc5FRqPzleL/je+Jc/TVKT1s1UtDf8d7GWs
+ cY2C3bTLR3qlrFmAhANzjl3k9qh5kYYGOF0qkdK60Jeg+/1sqwajQRduRZIo5nXS
+ XAE9Q4biOlM0fmwOBvw8vuIax6HmOxakP7C7RalIXqGZHF6ijjLBSFW1kZioMftl
+ KCsFc010bbgDxLQvtIIFLChn/lQlPY7EzThMkyBoDF8RkA7jcqleeAU9xmXF
+ =Wiir
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ/9FOvo7VH/i3M2qtNqiuGS8oDP3VZLXV2zcaB48BURhIFZ
+ dszZAozExdwK6yXOvuoVHr94mhgWkYNd6mR96zjFnGWhvta6w78Ecm+2uZfF/QQ5
+ tHKD7bRKcAAWC5m8ENAdz+5MLBpNk9egSNqzqjFlcNPV89dQCz6TAyfI1tUQcACv
+ pgVYZz364YMym8+HQ8WAX9rQS3K4ek3EosIjWPJf1FH2Zsj+5Bpt0SZmg3zHQ+e1
+ uC7JQfabuJ3pV4e3++Rh1W3P0cVX22gPcb+aepnM3Dv+ie6kNo9VguMjmGCEgk5w
+ TtRy1pG7e87FUvml7NEFazXHmWGWChfqvvHmuaLJCqCyLpH1TH0AylE+uHutdGQ7
+ t5Cl1slC4VpNx9YiAyhaN7phyz+WLoYn+bcEbcOF6m++PQM8FtIAggwXyaBAiG0Y
+ WRchBxnONdlic5sFmtVuaTMUqClWFO9r2HupRByU7BDTbG1yJBagiIXUFoPpMFVl
+ gfv2jJOtwJ0rGRnQ51ZU7l6MMdTa+rR5Dedo5u9fo6ZhwoAPmDOoEtmiguMZTixb
+ nE2BTZgWxJF2aLOUf8MVcewyp2m7CZlyqXaltV/D6885c4sYi+IqEsUw3CSkRqrn
+ T5RoQGQXekdut2YdaXfdD5uyBaJmXm7Yn1GNqaWfXLUqklPA5UgvHY/i92xlpJjS
+ XAH1Tlt1+DVs6zW2KN3EMvBqOTKLpxmLtClpEXP6pHd+vgaWGYNXOt1eInFfwi+P
+ BKuKXihjiFfNMibh5o1y7W+4WyISjYGpka52m1Ias+06mDeUUojqeaKuhQZ5
+ =qZvG
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//TtGxqKzGMLDUYKYVyWUcYXMua5LavcZo8+GqUoXHIa55
+ V3WJ8zOrcd3qfRlhFCmVi3yViA+WkzuG+VYUuVpGbsXq52v21tDuwOz3MZDrTs+D
+ /tO+M/I0g5Kt56h/cN8lq7//x0AONoViFhDxLCJ8ilmhZdx2ywnv3O9eCLboY2yb
+ SNsGro9juCcKGbJtcch0CZOULMEMEXXPwbo8MZ+DnXKczwvSqBFu/O3nvkF2jcs8
+ rC9A8QioMOjXFRglR+vOfpbaCvCkRsgXlkxBxPtpjdYANjA7TQbB3sj/8PTcuNwA
+ CaVf1RjZoEfABxPJnM8+UX+w+Nm7Fcc+7k/S92Fe88dZ+6jvZGMXhFCoZarSyQSA
+ +J4hFW4j4xHndlD3wpbx/niPhkVRpLxBqDYJ3KfjN3QgzZ5ufhBPGi819cfKJxwb
+ /HDR1AHX0bQJoq6wnof20STZJDploLBmP7A1ae2j119pPEBK8ErhPsrn9TQWnbwe
+ 4Tcrvu4yMJX+TMs+yKDDQXwy0oPs5DPqhEnwHzHgNVjIWuQgy92kpDZssREFNZ4D
+ cDXGPV9Q1Gcam44Cib2HsDMw9ia5Jqn6iYqfLCDo7BidxfaMRHL9ALhg0o/YLFF3
+ 6OyBb4JBFra82QtSFqo719Hzsd475EL7vtVvCk21a8MMH7owhmBuYVxl4ybQh3TS
+ XAGZi7Pfzf8oFj782HypsT+m6YvPMXHuv8m8K/0F061Vc/7pOqx+l10URVd+KDFf
+ mkS3eQF6XEyrHxTV8oIPWNGqeURAQZSINMHFNfY0TkQRG3TlKtVGWCqgfACR
+ =dVoV
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/9GG7/FHBp3uAZbW6s93J49l3Dcr1Ih9PG1FQyF3wDoakE
+ LEQ0uoqM7hb3qjJLlG5Rlpa2VdhrzixDxVUnh0FwttTHsIkA3Tpqx4UN/6rtLKxk
+ ii/oTF5ZpN+PtDE59NXJHT83734aSoGyzRUw2UGc1RwkSQUlfXNhblqbn4ok4oah
+ EZdBdE3wzcT4e8ybaDH3OS+i5EE9dKpBjt9STbEVnL+3tltst7j2H3Urki5N7/Q5
+ 0rG8H8KZ8h/FCEhFS+PAWB6VuhKJ/xVtYYJlJhmN/lwBqwkkSlSihTHTKfY8wUiy
+ efG+4rz4d0PIQTaSym+Y+pI1hbUMNFrDtRa1He8u6Lt9ANP9ilCsumP0KM9so6Ei
+ Njw3yiSnaFZsbVRIvdZdp+ZphWshE7udq6hLfuX6j2iEjvmmcuxDy1xn+ZjKsEpz
+ arETzZCQqSVhChFYsrXzzxQvnBOneVw7bF5IRP25bcMg2hf+610BfxylZaOAXBiv
+ ZmlnIY+InlznegpEClqJurzoJMyClzbohW+Gb+HOoe6BwVQ59BPhOVaVh8t1Vef2
+ Jq7kbrwBIYjUqFAf47sOL4i3r0HqOB4MLqXc/GPQsZiMsXsFvu0ew5fvTIzvFjJp
+ pMJDS2NhwCfNpWprVKTYs6i/6F/9QtZSsJuKldpODUQwaZMEkPNErye2TvmUUBHS
+ XAFn9nWQ67hPjuX5nT12si5cZ5HFK+wyZnkB+zdTKeh6dCeO7CmssfuoodqsveNm
+ VZXtojOgOPusaSFj4n3GHE9vzqNMrE5odjpG6NLWxv7FFfcg7/t97KV/nkzn
+ =cAw+
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdA5XAZB34y8KVLVqTUdQMIxtx7r8gR1OwwSeNeDIgRpiYw
+ lMLrGxCaiG+MnlDcjhv+QQkXRx3z/dvT5Jx35Bv8wFiqUY83xVD8yQG0zAJtA7RB
+ 0lwBJ69AsQI3TKDDDCfHwa8wka8vlnx9YoMH+bEfMAjHBOPeMzCmjaRgX7O0ablm
+ OoVcoHhPnExGVrR/buzrsorTuj6pRwoTc2XPRMp8cMafQQG5oKrc29roekcCig==
+ =Qrj0
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdA8drCpM8XLKp63D1s1owbpjULc3cUNVXE0X5UQZsvLjMw
+ EhgiZhQ1kobdKKXkGfCIY4sjtl7/QY/uuro20n4kZxhEgwZcBBLbUjZDOfCXb2S7
+ 0lYBSQqptAsnjkv9LwbbysuLd9i8WY1vKexAPA+cpvJgHwhtt4Ia/2EwQ2IMJBpm
+ MunAOhG+rvonQoUKxFB9MeCIX2hW9IywKWqBhfxFS8/r9VQ1V/fX4A==
+ =TgPw
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:10Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAA2u7UVNNDiTC4dJ+tIP65LYov10AN1xKw3rradLfFI1gD
+ Twuwm6pZ6esp2lC36JqLR7bx5A6uFmfnJA0qBmQryAn+TyvU6xoWbLaDJMP7MMIH
+ uYAnIzCumDWz44xTnZRup6E7f+CUiBQmns1dTGWrfz2GHzusjnF2E8xfX0sIz8bw
+ jcQsH3yvIJhOOyWVOampEwm+eZoSzxcBn3AHAwd1XsS5A4syKN0wzA3c0FLAnibF
+ nUCRKBa2Ux3yB1Xd7hENrpN7ObrdsNCUvUpRVZg0bgs+Zjr3spq/NI66DKfwRc9/
+ 0wQhn/vxoCevGRV/ir8/5JUx5aSLYtLYZ6FGxn8Cqja6rR5rcgAJzjjJP3H2iUrM
+ cuhdQKj/WGu6nui3oQ6cDCDKK4YLBGda6m/nNLTAN+ohGmGV9gh0d95OD3EiGm8D
+ F14G/ihFFb7YOMPI/3pKPA7iaHS39lZNkSYBsYUL8/FfSoG0aKyFlTMXWgLgwVwx
+ bshpe4ixBzTrIU8DtLH1Hz2j3x3j2rh4vt6NOZ6OcHlsIWWEWT9lG2hRUda4kEXG
+ X6h4c+fslqu0z0PCDsnr0jjca2PGQz7az7HQdddG24Co+cZqLgA3Myj8YNE/StE/
+ zudTl0RpWOeY9aVCaACuz9xRcPpU+nxEpC0jxOC/ZSoqkup6ndpIOy9g/chq5lPS
+ XAF4v8Q+I94rlxu/LXCQgnX2mo2iaG8/vWzKogGlixHJX5s70rDaDO0oWjoxXlN6
+ YrU4hFwRCaAznA8GODyCHsCEvcGPo0i0HuVz1hwjp0EnfVLwYreFISGOOMU/
+ =6oPX
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/inventories/chaosknoten/host_vars/ntfy.yaml b/inventories/chaosknoten/host_vars/ntfy.yaml
new file mode 100644
index 0000000..cab4e76
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/ntfy.yaml
@@ -0,0 +1,104 @@
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2') }}"
+docker_compose__configuration_files:
+ - name: server.yml
+ content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml.j2') }}"
+
+certbot__version_spec: ""
+certbot__acme_account_email_address: le-admin@hamburg.ccc.de
+certbot__certificate_domains:
+ - "ntfy.hamburg.ccc.de"
+certbot__new_cert_commands:
+ - "systemctl reload nginx.service"
+
+nginx__version_spec: ""
+nginx__configurations:
+ - name: ntfy.hamburg.ccc.de
+ content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf') }}"
+
+alloy_config: |
+ prometheus.remote_write "default" {
+ endpoint {
+ url = "https://metrics.hamburg.ccc.de/api/v1/write"
+ basic_auth {
+ username = "chaos"
+ password = "{{ secret__metrics_chaos }}"
+ }
+ }
+ }
+ loki.write "default" {
+ endpoint {
+ url = "https://loki.hamburg.ccc.de/loki/api/v1/push"
+ basic_auth {
+ username = "chaos"
+ password = "{{ secret__loki_chaos }}"
+ }
+ }
+ }
+
+ loki.relabel "journal" {
+ forward_to = []
+
+ rule {
+ source_labels = ["__journal__systemd_unit"]
+ target_label = "systemd_unit"
+ }
+ rule {
+ source_labels = ["__journal__hostname"]
+ target_label = "instance"
+ }
+ rule {
+ source_labels = ["__journal__transport"]
+ target_label = "systemd_transport"
+ }
+ rule {
+ source_labels = ["__journal_syslog_identifier"]
+ target_label = "syslog_identifier"
+ }
+ rule {
+ source_labels = ["__journal_priority_keyword"]
+ target_label = "level"
+ }
+ rule {
+ source_labels = ["__journal__hostname"]
+ target_label = "host"
+ regex = "([^:]+)"
+ replacement = "${1}.hamburg.ccc.de"
+ action = "replace"
+ }
+ }
+
+ loki.source.journal "read_journal" {
+ forward_to = [loki.write.default.receiver]
+ relabel_rules = loki.relabel.journal.rules
+ format_as_json = true
+ labels = {component = "loki.source.journal", org = "ccchh"}
+ }
+
+ prometheus.exporter.unix "local_system" {
+ enable_collectors = ["systemd"]
+ }
+
+ prometheus.relabel "default" {
+ forward_to = [prometheus.remote_write.default.receiver]
+ rule {
+ target_label = "org"
+ replacement = "ccchh"
+ }
+ rule {
+ source_labels = ["instance"]
+ target_label = "host"
+ regex = "([^:]+)"
+ replacement = "${1}.hamburg.ccc.de"
+ action = "replace"
+ }
+ }
+
+ prometheus.scrape "unix_metrics" {
+ targets = prometheus.exporter.unix.local_system.targets
+ forward_to = [prometheus.relabel.default.receiver]
+ }
+
+ prometheus.scrape "ntfy_metrics" {
+ targets = [{"__address__" = "localhost:9586", job = "ntfy", instance = "ntfy", __scrape_interval__ = "120s"}]
+ forward_to = [prometheus.relabel.default.receiver]
+ }
diff --git a/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml b/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml
new file mode 100644
index 0000000..f2a74e6
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml
@@ -0,0 +1,220 @@
+secret__onlyoffice_jwt_secret: ENC[AES256_GCM,data:x9eRTm9WrEFGdxDb8JfqLYu97NSBRvhknkEBx/zSEQlSfcah+CVNNM6JcS0Y6d9PARcGv2jGUyakuNN1wYmzYw==,iv:33lWNSnQkljr8S9uj+Eab/fItyKAH4/xAeckdpvzl1k=,tag:Ejxzaz9nkGLT/mqKF35M1w==,type:str]
+sops:
+ lastmodified: "2025-05-04T13:57:24Z"
+ mac: ENC[AES256_GCM,data:Av9x7PAOBhUoCOCF4al8/4BnpPHmUb1JvCv+PKrBmjPBVxW/sU0w6oYmUNjB4OKxI4615pWpfCsG+kVSEysbXtrRGp2RGqhnSKxS5l21W6Qy+IEkNA/jcA/teUGEOy5Qj1SvgNtWvXEBJgfm9eCQxC+w34JbzoTs2q+6nSxtwmM=,iv:HD3nBwmnOGP6MZdLiYv0hlNcvK5lSxJNaoIkr3Xadkg=,tag:uL01xCeeIbWhsdpyqmUyFg==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtARAAoJ/2LvlPFTh5vJsyUZfwTVrLg1DZ9E694J3HJ1fH9ZJj
+ 9qZJ0EtbHHjDyaoAS57FYt41AKbOeUpHa2XioVIYJfS3CgAA/m+AXmorvchU6Umm
+ tnSaEFyFYEFBUiCvGRMCbBvLepPHdK76a1SGkQww0hcwLk/rjfRAul1ffajdyhm+
+ Lqa8kMLA80PK5QLvYfAPlNtMiUgq7YsxmhAWoWQ5F/xLnMgClEnsN1QnXszoH8MH
+ 622pAp3KfQqUM54xx0wn0odFcuOEd2HCj/CVnMHdJgZ+7C3XhBg9rB5OgHDKTcMb
+ F+asweYxFszo6vLcmz1PBnuUv6sPpE15t8MRG6jckLCm7xHl9Kh5fkug8H+H8lGp
+ 3YmbV4Amr623p1vqyAsjqfcIRqB3Fdlp8034BJEFUXWZED5ZUp1m7w5aLG1mGyxC
+ C4eFPC2mqS94QINfFWYZhMieQz1qUEsZv4bFU1dxQt9H4J/ojkqU4oPVSmIe6swv
+ szmRVUdmlU5M2FLGUFPw0ikSheBoxfP3x8GuYPuz8EGc2Cdza+kGBswPT9OkKN7k
+ 1flPILolY9D263ldVamsamQL8r07MvLr2Qm+Zw7OTzc14DKyKx2H2m/6C1Koh+zE
+ 9qTCQuaNQjhpZlVf/I1nCEpixBC4Mc1gPD+DZqJjdM8dA2IN9YtLMycepM7igvzS
+ XgE21f3aoPGgiY6zYQiaUhjhZNWO8by0fxKaPeZ/x7++5stCZz8xSsG7K48mBjKh
+ NHKJ0sh2imtzPN8Nx/Sqegr30qHDXC5/x1g3eyYurVdT69T/vy4dt6Om49uFmyg=
+ =VHVp
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAApCrvjvsNSGYfmA8y3ZBA6FhfXDboXWYEPs8UfhtoWd2J
+ wdDtjMXAC7Tav0zYPYIJNag4uax0xgMsKy2YcrSxrKy5IXWpyYsX1VeOj2mJgSY8
+ gBmH2UvSXtQkYgkV8avGRYn6X+6kJIGwqZRzPlnvKullAYWrtBOR7Nlsd+4BMdLv
+ sd2iN0z4OwYEsiRI03vUUOZnZY0oDEWLc/Pjiv+rqlHx21sZCF+A9TmuP5T3iYFk
+ lWVL4ROEu13XCPo86DebfQ1iWyNMk1US82KfT872N28m+OA4/pTkc2PKJTxS+yc5
+ UOC36GPZuyu/ve+OESMT+XOE5qMar40bvFGgLPaA144tILFVo5YGy41jMU5KrQun
+ Z09FTv4qfO1WDaA13d707nXgC1AQOmo28I6HP6M0YfRq7NXmJlJUsnVN63K7MfjY
+ cPFS0r5flY2Sajx3fLgV8t4+a0/c6qwVBqmMnbjddJr3YblH5nsZ0XOoohCAPTOL
+ 9HH1z9rmBT6TywzAcKmzboymnitQ5vFifIyL0CyZND6QjjCarVbL6uOZl746eJpV
+ /sVpzIemz5FREjp3+liaMmCxUWc3S+vSTcLXwydCWQeXL/X1s/OQJ0XvPFAiW1Ne
+ 0d9Uk1qROhb+pBEDmkDA+20jQr1n1ocBqvXeQZXvLAZt/bTyceN30OLFyP/rRr3S
+ XgEdW7nQac5MS1nIHuYfVa/06zEuQCiwHQdn/wfYzU/RpWLyDj7r0j3xjwXZfT4y
+ jBP3eBtnxAEvtnuy4d61ody9nyqLxLyQHYi6/4cvLn4bZFFSDVGJt7vHZ38NiY8=
+ =2Q2D
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAA04z1h5ogEphvUqynEQPQiIR82hDjXHbG0u1CVotvOfJ0
+ xP2rIXemVsHdZiQXF8m24Iumi+cbWvj+4kqDnAx+AVOBlyL6XMNvCL0NEIrcFRrK
+ /Hi16pEPjP/z7BnpS/4OLTzFhyuUuhP0rU2XhyhhzcFHumlKctMhJu6+4go3NDG7
+ a8W4NS37C+JObbKpUO2PQteHW3ptCBKlQ3W1+Horgfy9mw8kL4BwZEQE31XMXHgj
+ lOBjmKlkKxAcaKzV/HF2oZDGfyF1Pdeic13L6UpOb+zopEgCljwUDDWZPAf4YCGF
+ tv8l14LwzVO2UoQqWWwQTwiVuA1SDbtl+mjSyNdvxSvnj7tD+NMrp25lm0SnZtyt
+ QOMmIyVJqMN0DNoNvTb+atbZWPV/nmdt0QHcGJ13x7PblCGuP/Dt0fRekwoCwBpc
+ U4MYW1VAw/PWyzQ7GWPHIAkUzIqBY9JG/Pa3HNwyisU/psu1eQlMRx0SS5cYMnwh
+ RVJvVL+4aA+2+d5bYXgZUeoaWCp1duQKyH7GEdO4io8v61IkpRDf1QPbkTNRRT7T
+ LfSwcV3Cz2PKB7aGSdoSaRn34mzJf6jOoRPr9XHOmUx9Ni7SwFNIN4/r1QhhOlXX
+ YXC3RIjZhPLMd+cAM12bcgtM+6fJqloLCzU05QxKPeGl/4rmvisb7dIXFAjF2DnS
+ XgFt34T/r0XOZGydppw219zqiKL+4AXShDKcwE7oPa8AP5rLm/UY6ZwlC4HLvHvm
+ Su/gHrv5/aR/ORGy3UdxpHTxYfV99nrO1D9qWzm185WJpQ22YhbmV1ZRiywqeMU=
+ =k56a
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//VlaN9C76SJnHeULdvnJ+A3b+idN+PxyPBXSpyOm3DQJs
+ /83eVkocwQGDL0Dr92f6OcZuHmb/gPuagwuM5Zak5mTRIYeUHaFSMggGIXBcBqJb
+ xMlYTWJ13JXkONJaSYn3AI0HVpUT+KMJwyp7H28P10RgBZJWT0k/wSmGxY10GG5d
+ uoA6HOYiK4/KnfzJa4lQiZm3NNlv+eO5yPib99KT+sl2hDPLuKJA/DUhK1mtdygC
+ pJrG+ayJUKtBq5veRrK/QpbMoD48sD/yOklPB0KadqjY9nMODh/PePpyQlFI7X6Q
+ ho4ECJeZoJMuU4cU8GwN+ICGoHhdk/l12JtqLiznDWE3uunqO/QxpyyVxIYG7vRl
+ cBL9PwLhHrsTD7BGzzihAnzz1sCbelYm1KG0bG/4mMVn8cCrwrmoU34+HJuU+5FO
+ CDExPnNEfen55KnoCqEvSu1W9tUrIJPoda4WM9Z4jWZRJ1CguF3wXALf9Wrwd5ey
+ 1ncpyb27s++lQ90G7rrGBijWBzNZISZcsDpUea58+Oz3BzHzj4Bh5O4GvDxG0TFC
+ R9P2/M0dlPOchalM5uSy5vzFM85sPCdbXns5t4yUOTJGF9ro7ZUbnjXjAThsdh+/
+ 0NyVXODQGkjs+z+KtjBX3WjnaTSlN+bCcZQRlKa+ZnNVzSffqoKOMWnjm9Ong2nS
+ XgFe+yO1c08VmGzmUtpXp0H+wuryk6OLQ4yLuv/NEk/zpdV2vkWGUbgZWBnNYpmE
+ DICvpbtmyghTmwtz6X6JHngfnUUIRlfk2oJCmh4oBsIAz/5kgECGzJ4P4qIjXQI=
+ =oz53
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAc6c5dDqGPJ7QNl2X9UEg3CqJGfRGNEymq34kyfWwNgsw
+ 0Euc9d8VaeVZzZRP0CltaxdiS4L3BiSm0mBJAcguygM3FCISZI3qrt1ZdLfWk4Y7
+ 0l4BZ8OFHdUOwHjd5CzKILYG6KVkmQLadzP+DMzavjFnXcLZQfT5QScBHmQVg+kO
+ 3jH26Jq/opnuwF5G1hE4cULrfryvMV4pR/rS/QP3Cro87+HTVnZv0cRE6JlWXJyi
+ =Uwlf
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+JnIeYmS/pnJIs/KFjj6TOv9sYUWYEN/IqOiLtSa7hLvN
+ 4ZLERku/oYFshH8k7fAXsdQ+hHbDW3HzIFZR10u2hrTbsDc1PXA6rSQw6LzY+pg3
+ e3mT+7YwtXFYiwzeKNWQajCPCKChot+eBXp+eMnGE1XINYcJc513nhxbgjyQjZSp
+ ld+UtNxVohuZZSkgihA/vxd1Gr8lOkfrX1R9hc3VUb7nF2qERT1Nhp5NBSV0XlH/
+ 4+9W01uW2vOyAbIwH97+izGLkVjYYqzaR8I0qQNGbj6Ra+MJaNNHDf6qkrPhTrHv
+ nBUrbRXs2+ioRs9EASA1M1frRfsWqRqliuteBgPrfmXHt+UMiXbHmoNufh4M7FW1
+ 6WrsunEEuS/bxMhyhzeq7OiMgC+LGb/BHtpgo+q5F9xwHuApjYfXOZX0ma0Muk1U
+ vyNnMXYUO3eoulp19E2N9FWwekwzPzynrnf25W0cdpCd6pfRAUNdnaVrop/F1Q5h
+ fQxZTokCnFzF4B/F6e7Dgw+kmJp4AZ6UcsaX7BGh0dO/RcyPxeCey5tbp8tbOOlK
+ l8iJJ3wvHff1taXjxoaaEjNkE4/a2oRQ7ILVPpzdVdvF+NUzy2nbeEF3XE1B3V+E
+ TCP6OLDBZRP2XJoRyLBym9ShJaoYkRrEdTn8mQ9MDWdR882nEsWz0+LVn3ZHbxfS
+ XgH/F7rZY2DJjCo4xbFER4G+3NjfOswanvpDdTdQ0NfP3qUWR9kroKJnGW0cjDTu
+ MymLSUZ4vhszBiQEVrvW/HSnItiuX67j4Cd+RKFnroIajkh/CBxu4If84VFg1tk=
+ =nwjq
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//Qj7HVfszo9OAqoZFQtLqk7hKptSSjpD1TpbszeXl2imT
+ X7Z7bANyApqUDqaPAgAKYfKDg40dBiiV1ebYjiPqZFEVpOfR9+oRrkuHbwlRZLFw
+ rvd3/w5InOiP++eLT23E4HiLXZuSYk7JhWFgqYLirxgS9IypQeAFgVc+1CWBizOk
+ 3DLUHfjLScNq9Imxw1NyPoQn1sSv7wzTamnnBckmJqs7KLUlkYrjAzIMkc4iXVaK
+ LBaJ05QXFKQzEcN+VACE3fm2zFPumNBoykpYBqn87rV/2CTsK/Q7wluNineiSy9/
+ jwDKnEkgm7WQsjCCZcavSpFSGM8VMDQHq7qFvZns4fgFe4z9SAqEiMPJlY8jsyNp
+ rKxc7mNu3mIUHbJ8JCsMBgUKtgq0U1kC9xpncAC6G94YsNUwcYznmkbdRHy0q54L
+ tE2H/U9YGIOAnAIoabjdW6eFuaFBiLTZOqh8pfCT2T7zhIbVFumjZZ2U2mp/2ImE
+ BbUdyV6ENuADabE+lDKDJlh7tr9MuUQxiwgga6Rggpo3F/ZwA0AL75RRAOsadfft
+ Qa9zWe+THmGnwD5YG3ZeEcGsI8WGuexaOgMlbNJld7ayqSXISMOXNL/Hv8aiKk6I
+ z9I6EZlo3DjUJ/J1Yt1jV39GuRg7PBrNaUXPzs/Adcaorlxps1hrhRDO55kNQO/S
+ XgGpOpyqXj3rW8120Ir99chuRZ8+57wrMVm3Iq+IIk2lvgsysvhABmLaJkvIxzMs
+ OKAqjSSmh88DmM4wGGhSTSWs+6Hid97rLXxZ/inrdzL45H5NzwZFMXK77CQX708=
+ =0gyc
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqARAApMNOCAyZjUdI1uFcPrDG0nLRtX1USKClRwdCTrTDY4Xr
+ vN2+ndwsIxj9NWjsfOgDqj4mEqh/l8cr4jtH4SR4C51KwCOWBnQByvaS9T9M27hZ
+ KwlfkeDuiyfxdEiEbCuYj5Ue/eKuRGl1wePSK3XsYS//jNA+yJ7I5VuqOXLuk3Ky
+ kMWqgftAiUfEwtQTUVj+oyZ94ebDtTtRZLtsLYP/NRKaNAoJoJKAtyUzOH1iTA4w
+ 5+K9rTH26PcDbkcNuCzxzlq62l/4pfSV3JQBU1ukfYKBjkQOQA57aHxGvkpT1KPs
+ 5ieLiikQRFXmPbKmUhZsFTpIBBYEMR96VyTb0GVP+Bq/iCcq0pV+xtB2ht8PMhJ8
+ oJJDSQzxtH+TAuHXIGpxh0pu0Qv5RRjGJ3APWIvlNO9f3+66Kq+7/iLrv4amau0o
+ fMdx9991xy/9O1wJseRLK7kBCo2Y0451LcxGSKDRYmnYkqYVK08qDtYdJAS7/pR4
+ zHKwt7Yx8rZDcY6FKNjaXPPc5UZkoYWKxlJbPOTQ+ZpWh/a6ITu2klFMLjtETTXE
+ oskrotoCB6MoYTDLXS6AG9H6zuGVe2YtzdBqoeV7JkD5SbXWbivoue9JqBpiAaay
+ TOqtmyqgJnfyCRJ49ll3DwDwI8qHZxF0DV6ny+UkGfu6sdXSApLw+Boqb3CA16DS
+ XgFfPBbhrhVjRnW9WU9J0hB0C9AaGsXkvKuxJtlPUyIDiL6umAXyfZwjFLWpCA9h
+ LQXsoBo/ac8a13IFUM/Mg0N2LN6Cli4Y368dl7A+rf6yrRCQDJ6furCUa/AnyVk=
+ =WYRn
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/8CyQ33WalgCh6onJN9riCoKfwnmS0Y9ph/fFs4TVoXwfQ
+ G0wZpcpEGLqpJvmD2uGWcEWjI+xYy4AI7DOc/9tCnwG7ojbN3gcyo38fCQv4rF3F
+ cfvnKhjMZ134GBaoZjAE9DTm7DktvbXfEn21UhsZJ484ga/vLkSM/GGdeGBhN+VD
+ O4MRV5+ipyinvhrFlPL+RBNfFxqG5247TakkRTuEyJooUSVSHpo6cvD10HCE5Xmu
+ CWPmL0pWZMAb/zF5YV5qAuCjYXmD2IWmvmuUJMl/MJAYFNc5Lkzv9PZ6YYO9dPm/
+ YuLHTI74sVWSzEfEWW7TpTjDV+wWtVDEluW0rU/BBi5Pe5mojsSATU/yc9xLnn11
+ f0cBfzE2edMI1JVWVGD7z36L7vbA9SmfrPMiAv4HH4XIMsKRm4E+Sagvpmfzp4aQ
+ RQaQRROnlPF3OiBEESXF6fJMTx2oUY/rGr0N4vHdbftjrAzSw1055U+sJr9hMowz
+ QEXi535RbpNYx6K06jMR5xh0s1TLZ8vQ96g+cBzWAgnL78r6WXnE4wrWQ1PIek54
+ ynUN+IckmfUNvJkNOpysgQjhXR4OZ2PJYHZK3NozDfuQ0gOn4RPAwuQLDrdsPsm9
+ cX4iJdhWfEdABZ//oWTkcTRbOgeLg3sBMQ3uKOCuIdUNxv8QArvAgzoYL0XVSrTS
+ XgFXFTQlV/Q+h+p9gqRlY83aaORunqmbKmqp7b0CXDRGTqzp78PfBpu83rcvfrlt
+ vW/Mc6sdQKbp1CLWjwi5rvicad+syff5K1Yj4KM0Va6EN02fR3Y3LX1umSUz9hg=
+ =S1o0
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAmctmfovaoatnLuqx5thkVhRKPDmu0lO1Cz5DLyEtO0Mw
+ f//rqh3/XZJV5+E9Lg3z4JwmvGOBYRzx2ieZXjG97CgXNJABKZEaVIJRYK188qvG
+ 0l4BYsSpSvsPpy2sSpaieMxYsZaHSbTVLCXXeWEuscjZf8YIt0Mtz/Xuo+vhYBCt
+ AYphX1T7gM32x84bRKY2GaHMWiJf8gliyp4GEuAcT/3Qy/5T5IzuT7ZCFPY0oJtq
+ =4oBN
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAI999uiupFybQLd1PFvc8U3Iubq8C1Ak7MSeInUWtHAow
+ /0AFYupRiOj4plWENTnOtSLaJWaUPtxH5IPmqCti5zZa3EiNaDZi+rQ0pgcMIcg+
+ 0lgBQ7C+PTBjVdFNSwbfqTNIA9d+Dnx58rAmv9gnJT29ersC7q30kA6XXt0OORP8
+ +Qw94iehnPRN4wIFunyBpB/T/rosnCQwl1o4YF8Qg6c6i33Ka40PKfbk
+ =0oiT
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:11Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ/8CBqRnnTS2cJsQ3cnCw0g8c5YG1mlfiCfo4XwcUCCYRUH
+ cCh1AtWdBzjqbL2rQ9HpJrTiudwpHI5NQhTd8M16klvlfoaJcIFkFOJlmqJIZROb
+ S1pwpCSVqfPzMH/i4/OhP3hebJ1tAv3DovKo8D6K0mwxPAr0GcWuNxwYgksArHGs
+ HwCr0+eZKtHvcIT2u7XRzbmgS7sylRT32IpouOKEj/xO5EgKlug3zDI9OWOjwQO3
+ eDB56bOpbD5lolT+mUbeklt8K9xo/AxllePOtj8VnAQiJ89VlIwzE0ULxEU1J48e
+ 6ACIZ5E337OfyiUw8CCAGeMpSG+3WJCBRPoQdTPtDXl0INIcTF2IHnFrbPQfM7gk
+ zWbU2Rc7+kuvR0eEKiy4Zs+IprG9prpLyI3ZFLrwZK98IYe54wjokDnNay154lyX
+ ncJX37e5RIj7xb0nDGQtNxaktX1n9wUXGssCHLecDIXQ8MstRkPh2/liwt3ZaGtL
+ gyp49DBLF+9S2EKAdGk3lEyCvYARuGi5FvZ390+ig5H22U0CP4c6/bwPRC9cgAK0
+ nXGleEeCCcE503cZf/ThOQQUKULtdTqrZVzL9K9OVFYUjrhjlxdW4dzIOgL+K3lK
+ h7mLEvmgRnaSYVWLfn7NjzrvUC20Zem6I02hV4GIYGjzi9epikn6IlBw9N1hwgrS
+ XgHHsygIAU6Tekg0DlMw2yb9DH2s86XlLfmp0KxBr7zuu/NSsPbhj3a9OYft38st
+ TOEdrZL+CqITCyWhUpWetmlFeDdgDtLFNts+/5y1aLf/v68mV3OsWqyledUhVa4=
+ =vAn4
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/pad.sops.yaml b/inventories/chaosknoten/host_vars/pad.sops.yaml
new file mode 100644
index 0000000..5c46042
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/pad.sops.yaml
@@ -0,0 +1,222 @@
+secret__hedgedoc_db_password: ENC[AES256_GCM,data:5Pw0orOTzb1xCefwx/n9h9m8gmEY6irE,iv:nZvnPSb6sXjS6k4wNUoo2PCJyOcwjm36gs9l0mxwAeo=,tag:0seJlVi9qTfBiol7mP6DQA==,type:str]
+secret__hedgedoc_kc_secret: ENC[AES256_GCM,data:7RyM9jfKnaaP7kJ1JwucPa/IAwaRc7Hhe9VYIKGEmlc=,iv:RvtaWLsf/X/y8s+DLANcyVgagJqGB7EkvQ2nYm2Xo24=,tag:amdgqknDGeZxUBmXsd1ksw==,type:str]
+secret__pad_smtp_password: ENC[AES256_GCM,data:msnYZYl8vP+OeISI5OOglQsCQ8vxMZ0gig==,iv:oqov/myWJNzUoAn4BSX6hN1fWyab5vud8NmT+z4ECqs=,tag:0T3Xm2zw5k5WmC9Ks03XhA==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:02:14Z"
+ mac: ENC[AES256_GCM,data:h9E+eIum7jyIx78zJh65c/4QMZRq+stNklGuBGo8afYpicLPG/A9LZz1UeBSxyEoMOV/jHAIuoU5u1wmijcsZSBBjI0LZsBTnGLORWEZCoVTEVCUp9CJHZ8zQEVj4Gt+V/moR+pD4s3YLuywamjquvghwtOMYt1JzsePGcCkHUI=,iv:wxhwDM9hmALuX9Ko4izSQ270X1aaLH5Z1iu93/D/Kls=,tag:j0+XqgV43A6ry6hbHhGj2Q==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//aNqxoOe92/qN5cGXIHEMQZLzFLwft0nn7vcp+Aumz/Ry
+ HpzIMCg9jbFOJyX/AXogcnD/eFdbByEdJoweK/8HT9bRdcMAy/JXSZ6JK4BCrdeC
+ zljtb/LMJhwwLcHo7N6te1NJUxHYiN4kCFzNx/bw18BtXxkpGThUolh9d2AKkzFl
+ WpfFD6jq1kKntHh7xgZh85XEmcrh7TMTnVbSphggl50SoDMr0QqlE6+3M15/wPJy
+ BkU8lZrd9pnAI54kf9hbyARwLXFO2op2Mg01XqPtZqr0lAJWme8tchTzYfBMy6VA
+ gdecfdSa/QNbcoT7MQc4XuNnATZ4V9MGYasxIwfAEd+gJdHTjdpGf7R580b0s5/O
+ 77fy5p2AVC3TNgjKRerIolCG946p9L5sexExphpnx+QPcfZxqxRFV6wCHAyfFE7D
+ 5pHNDwTi5xKhv5Umsx6SWIgxwGCuBdSmfp3fAMtMpZtpmgIG89ZMM+IEyhyNOOId
+ wrDIbzW2b4P39Uldg6959VYO7kgX/+geHaunogYu11sVIXl2sh+tQ3745bZUyK+4
+ 9TkY36i0pw88X+qtZeJcynIVs1X5kZU/j9NoqR8uXVo+aTUrqz0Lmw5TJmbtHuc8
+ zln5ahJ2oEAh91yKIaG4chXWmOlHa2hLseJh2XRmgmAel9LxZxRDVNxEB4MngmXS
+ XgFCCgrmDBEeADGdY+Npg3arQPdQUv7N9zOcVx0+8YzqUkwikbLlAprI82cpRYbN
+ PZbwZC68VugNQ2lrTVGl/Vszf77Sqw8YgHKHaCNQeGQ1EpLiTDSTlRidxXQeQqg=
+ =IO/Y
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAtSL8SXFBov62tJ8A9z8BUJJxlhyB287yDaE7zmZ7SJJr
+ mdIXIzd+NZjlT3E3wSbzIs6bXZ+9hpH/FUwoleMnRSinreK/2g1YxK/rDoTGNCoi
+ z8I9IT+tcxLDI7jk1UdOml7W6+QB4WKt+e3Yj03AqOVH6puo0np/UoNWxEWgttYF
+ tUeC/5nlOeR3Rmo7xR+aE+IkjwTQIVsWdkn1QjUobURm2MLEcss3ccl/6cYmmbtZ
+ zlTDWQPbR/7mmqICxJYbHaSDoB8103xBWoyjBoU6Joogt3ITBp8DZMHsrkB7JM8g
+ VwRIUGoA89SUnDLONRpY+SKyF5otpHz51oh0Zk4WvgilYsBq79BoA8RRKAdA4wif
+ 3VUZgThoDLarh2X0Y7yRHuIvo3Hyyu/Rb/qSGKc2/C36QlbCG18ZDmBJcXWzsMBr
+ 6Tgs+EVI6vDXGpsBiZNMlBB9SWa9/QPmZROHSQ7+vEV8HHQIMlQ5gCd/F8HtDSCI
+ fvva+JvvkiYGyuW36ttX/KWja8cpzqZ/sUabzsr1rIpN755OnOHwl8ct19eNNC6Y
+ FnqjmQvCiCpAafoSHMowp0gqYRAy7KuZM079fPmC81ulXdaJ/+9TwNRKxK1uxsIN
+ cRcMBng1RZ7BcaUnZl36v0If7V0FT8JQJEBnsVgb73yj0w998LrcdFkrc+8K5uzS
+ XgEmC4sgiEb+2SFqTi+pRZNuMpNI42m8oVohaaGK3daBDJzEnO4MDCyaqh7Vrc8K
+ ksOPAqV3Fge7IM171mncjMOyAFWqKLVJNB+EWFmzBOSu9pcDsOJ7bTxfE0183Bc=
+ =G4Ui
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ//W7ljbkBHoJ9PAWC27ixI3GqxvBcCVZJbjBOpZCHTMC6L
+ NvVjVM4/oHqO/RIKw/txAJ63nK4pu/VX5U2R9oPekpUOr3vTaOS+Y+SlIEWnh0r+
+ LihOfkQIMQch8LcT1yy6tcLTcO18OokuuK9PSpngkHQvq9zvcA8nYs+/apCg9RYu
+ DwQxPWukL5g5WPk+GmJHwffStp5M6W2juxwtBEjHcwL2SP3DroqXk5UE9jJ0a6QB
+ BFl8b2ubeSlbFOrm7LuhF6MREBbxP2b6pPf9Dii5tYZvpsVNcI1Zvk/FGR0j/UaJ
+ 4CP6GNjKtPIRSfVNi5InZppYvWXRWBgvYMCjjNWHMjIvf8+VmaI0KAOYcfrjN77L
+ jw2xGwY2GKuZLrgL+q0V9ZtCrXzQsw9mov/8DuzjW8cuWLJ2svHuU4pr5HNm9Mdk
+ ffcobSgNA01yvhoilil8I9OwvCBnXDSptkCg7wAiewlRW2skwBMzJ+x8tHo1ckPT
+ IxbNOZO4Ky/M2qbtMkkcrCOfN8aw/xtc4Fgd7bWpOnxqQDW5h4BMEUIhWoyrZN6m
+ BbnrsjMpuBtG2pLpIzbSXdHXYlGLglSA/HKld/HlvnJ6YzmJ5sq0fLddJejmuZP6
+ 8HE3M8NnXCqL8Lg2lu+osWCj0Ie04O51tSOL2MZa1Lrucr4k4R2fJ7JI/Wbj8i/S
+ XgH5hen0WL2gfvlYH+9L5ouHwIIuG6hzyM9dcKUAstR8bp8BvagBCHB3aoIGvtjv
+ hB0qYNOVpXQbTDS2rhX7Iyc9O2v41piZJc1Wgpe9owfQ9MXCOumRxReNXa6U3Ko=
+ =7dsm
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//UIWoUZiWc0lcwJbx7Xt4TH/A5pAHRs7tLK11kNmc/yYO
+ 9LKj0abYLcEk6ZwTFxHyuOaGixt3XWCeUBwluTsf1hVKyYU+pZoZTZZO75RtlrXv
+ tncwBjuMjMHPBxrSRtlWM1L7PnSqG2uDNcuoCDIyQPebqbmwLA92+UD61RXEayM8
+ kiU2y5LFUICbJAWcE6/wyP2WTsypmlnvy56Hn5NmekwRa3AI9YzDLDUJtvLuhzrj
+ z4Mb8UZZCje6cE5wXFuuAOBnqLFbQoqiksuHvQ1qQzoai+0MP6TAcylhTFOAYUvx
+ 5VzHLZohd+F5ukqmFpAA9FxYgnvThhmchyt6HtFIOmeQYm+/d8kcKvHT79SfyFK+
+ +FYyBx3g9mMluYrXtNeM5nltMlRFxzEKrvj4U4J5bWnqx5NtviYLk1xQgs/5fJFq
+ E6Ro+zQFDYjJB0JMgu2neF8SuFOAbhtphDTLibs7XF0N+IQd5c76+zSHmVGaVGs1
+ WrOnIDXJDPsrQ4NLA7BMffZ98t4ba8POiJt1ZSH3ZrLakh5E/l6BmDYFOUVXCiPo
+ ofsgIGq6m4I1uG1DcuZPXBYeY0FDEp4SvyjNDmsTHQZWksHiZdSFNVQtAeqnC4V0
+ Ahs3mpqZyVlNqfR5lYeoGcqbxkYKYbwUt3bC53UmSnIkarUf0po47O41FpLVMn7S
+ XgF9fIMX/lkYp9OAWnYkkYpSnJ7Ild2w6nMqclPsg1ewo1jP6mODZ+LuP0YEjqRO
+ cHvgv3LTtEmI4q365h8FvQL6KCtktVucFbDrFeldBrwaLVcdZKeOsEIogn9Wdgk=
+ =EkrG
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAV8YVHRPgSGYaixgIXdc6id8t56XZoN/E9fpSCa8TZSEw
+ 3boOWRPqAKNXtSSlo5edVKc0aKGT8SNSpcj0iZPNIjT7LjN8cX51Agbh8m/7WSwx
+ 0l4B9PGTl+6CNGVMqeRAgAmk4j+5lopHFvVOTzhdTKTGHSMSXDTWDzSRIGScTYjh
+ A7RSeNn9Plh1BFaOaHCRoe2ZN8/GiACU6YRdaaChCxfTurRqA6Tg0hrW4Hi/FcbP
+ =m6s4
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fARAAj4fYd6B+M9fL4TTp0q9vYcLpSaO5HqlhO+aA2xwfi8yV
+ KL8Y6dNQvogBwwux0mwhfPSDkU4P8NxaF5+loZS6fSpKrCfB3jOI0OXQjlkL1X4j
+ MHfxKQo3P+gHFY92OBo/H2Z0cp+COySGgQGhL/vz+tlt08eygs1MOB/6S6HWWI0a
+ fE+2x7Vm/h1QqEG/7EYKJeSnc3Mqt2+vb3Zc0Vo8A4u7ZusjVWFVJX5ka9vtyHla
+ D6QVHIZewUyqowVP81kqO9b5GPDqDySAdPMd2TSikeLqi3nrCE/ZMkqA9AlxPYds
+ UCk22jF4jqIlx2KOj+5UiBzmyJ8yZuH4KDo7Sb2ypbu4oV2w9uQbNmtpoGRoF2ZT
+ UXSvEmObVSB41OVPJPo8P2DOpdH8hTwKd2/k4z3vsAuzzRYypupy2m/rW8SCMoWR
+ zsmX8jlL08kVfokldgow7PNzDSiamhD+JyuZG/b6nxBYG8YHyYXoX3BrCr+GGAnl
+ Y2iHjiPwEQlwvYqJU3bpHeqkjp+u+S1oMVVMSEY6QPhepxUpGRvHjHvSElOua4Hn
+ CtTv5GR5B0JeuQYodDuzgADO/DGP1xAojeixJCdjfcZnwz5GlPzV5dXc3bLlvzju
+ uYF5GLLIyiMG3eVFq+mNdtNLS6/toLvptohUZHUIOzeBE7a84vj6YaIBJQuI+D3S
+ XgEW2BR7ssAb7n4m94b7v0P5+kNQXJS/mUtpWt2QRjO7ApgETPKJPL94eHq+ZUFV
+ zxGCTqmi09a/4JO6cQRAtTddp53r3Rd0Bx+1LMzlbupwJK03P4IGIu4sxUbYTrc=
+ =oBXZ
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoARAAtNvLMnRwKO4rkv+XVnhCm9fBqVqsCJtzOm3+oIxuIgcO
+ TdulmufWkPG87BqquK1MMsIfBFad26m3QJnot8JigLf4VN9KOHwaxEiOafUc+GIz
+ y+UbWpGTfVz8uCuWp+MgwdhFTQbf48rlfan5hribUL7ZG0gs/k6YCuFxMZOgVmpZ
+ CbSqGWYQm0lHZwU6dmKsXAXD21yPhU9JY+301e+uoGf/PR4NPp8CpZWSylQ/0Ndn
+ lzTn0rJEMbiM30QgS0oiKnvLodLGfq+YY1nou3YxUgXgnIun2fOlQ5lO1Wf5yfL+
+ JVegUqSJqLVBWXWjaGgNW10PWxrwmx4r431uct8SBYgG2Z4rx7nTPOK1UpvUkOf7
+ kaVpnCNChxV9URelNdDE7wv+QBqvNrATjrgV9XQ/JPmc8vgY0ukqVXh3YiBlRrgp
+ 6GRsFE20Rwwwoun060wUB5coeFxo3fvl3ARfg5tm0DW/HXQMRFLmq5oSF+UCa5ni
+ lywL7nudomVieHhrGywzFQ0zR8odC7ChY63VFTlptKQ+fbbRyPr+TiVuhKGlCQCn
+ 1KUUdqDq9xAyGycxyVF+xRairAyIb/Rpl8tCqyvv5g0PyLpdUvU5uLYLU0mINoiO
+ PvmJdBF1I4xIYOYsIDFYtnB1Ip/KQtceQ6wbVZoTkMThdiYI3IaQU69ZCnWoA5/S
+ XgFAn6epxYcIA0AKZgwLcuUK0I1UJbBwUAOOSdGs4LVjdH6HhqEtKGtMt6TW1fpb
+ iOhHHUnBKf4VJT4zrfP3D2WrlbEtV+7njzVzIxQxSLDW5c/JFWwgSkDwmcZGtXI=
+ =C12p
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//c82fjsqdQ21eVipN6br333hV5pz1ADxfdDujj85EXJkN
+ by1KP7a4bKdmuBqMZq2jAd/7BBMkiTr5VElCZVx02OkVNSAI4W+2Q9jLkLsEmq8q
+ Bx4FNqqbziu9hPjGbiEaWZZp4Nxw4PET7yLuioLsuXuvc5MBkkAv4NPY6fLia8Lh
+ J/K/FerErHHe8aDbnb1qbjIdgibGc19jQoy+8O4FjlpWxr7X5r6YIDjH61C+iTed
+ h/2b3w8OjsaBi1uk1TyXCkCxpJFHw5LpKJ5V+Xyg2k9YFWtTugGG5WiJZ7l15JE1
+ Ak2W085nzYReYBr64KiUSEZRzJzA5c7Jw7wxUwuM3LWitnvjEkJs9bjkmu3wicy8
+ z7vTQkPVXPlW3zRaEShk9jIizT17y6AxcR2HmhqznGN1cCe/6mVNCqXbjLylFHG8
+ 2ez2SheSlo3hEq8Hr42pwxUafKShOUAcvHyXC99mh5SrE2t87SwNf6pHDP48GD6D
+ bBztseGNapINd6/KMjtCKvhC/5wapyYbgW8/mYYmCqrlyvvs9pSIqBR8vanFMdDA
+ RGouV2HXLCvvf7C+QJ6I/XMPgK+ie8063+7Mz7i9wtJ44QrIEBBTqBaLgSQ+ojek
+ 5eTlB5f+6XgiAIrtvMjNuyTNYKjlGILC5+RAfhoZGH6Y5pA6lDJ4egpjRwW6/jzS
+ XgGuUCRdk0qjpfR5K1HQRLMYx7zhz/MZipHAjAXPBua5NIFDS+G4uS1bVozFY3C3
+ RuWqBLmQ/zA4mYkZyDBKdRZOKIHvnNvHT+Drpzs7HKMlt4evnU15V5Y94kveI0k=
+ =dtNw
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//e+W8JAZRCKye0xb0urWAqMhyQB9bPoUdq6NvqOhF1Obe
+ OIIg7wKMVYagNKnnQ3DT7AlaG02B4lV///cXDbF8z9CqITv0Jy9KDLhWcmCjcK4H
+ /YIs4uVEUm0SsZniGtX/XBBsVPOSZjrr1Rv+ZQj4S3QJB1bvouZmXotyiSBAGtxs
+ LWvJbHZMPpeYXYHVJwB1h643uB0RAxl5ob7t1KhdWOBczqTw5LJWkIvhiL9twjRM
+ SNo/a+R+xXj7+kNhzA6x2p48EEFoCnZLwwwnNxcH/7Ru+VCTkd3+LWRoocYu6Xml
+ 6KoyMv5QIrg8ObzzNDqqdHV9AL0yMoNbWhA8wW/pImwzWWIoZZnOB+UqnsgmvEJh
+ z0Aznuzfw490R6I7g/fKTTNXIkh2RmPe03E244H/FL3Ude7xSgVRc85JzECk26gh
+ PSvYBqgX6gafAHAFYYtu0pI52fIpY26FQ6oFd6lINmBquvu+jVRJJ0tL90x5M9oS
+ 7pW/++RX9A77sg5uda6/83H3VGyDB73epW+Zif3EY2I4pP14rHba5W6GSv5pQRRO
+ 44rB0VsrfQrFOgITCqjUWS6XJyfUcwsISCbmKz7aLqMApaoqAGdQz0LYPtlGiWvx
+ fAbBRmjFhSKt6+U7rvM6oJLjSZE0AQJ6d4BSCjqvU2Tn2jNv5o6VT3XjwqkSpOPS
+ XgFVMHLs1tTvyT2pavrsO0OkRY+wSEPkwI23/Lh51lOsdRqTChiCsoixoApEkKy+
+ /EehrjKxPsX/g7ulvoNlnAMtEYt4ShCcnXY+BJJAQLyZrGb4APSd2TIK9hRTNMk=
+ =6NMh
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAqpHTHLJ1nm14QdhNauHESrle15XBGIWMPEVapqcfc0Qw
+ KqDeoxAQS+KqklzODzy51Wmzt06gGn7AOgGf7mUTOJJDiNwtQrPJay+JYgjmKwvH
+ 0l4BUgRnvwN9iYesLjh9HNsk/yomORDhwdbMoel3Y5KN3+3dVG9wHSA2A7qpre5D
+ SWoecyXjnocvu9Iyr1p6d7aPwGcVvN+u/4wD+fsczDVj5megya5avSjD5bXI0tZy
+ =EQq2
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAgim7RmvpCENDIfjVUrEW9y7BKKfZCzDDjAo7DMKibm0w
+ fnUxNm6hFRKfZGNw7YRIZxrlkBGrzj3lQaudBzOw+Y28nKK+wjltrX1JjgDA2aQk
+ 0lgBWY1AIVKdyzJustVIuOwTu1GfLelPKpzT4lFAnvBrs6rEI0DtVgiUtgIxn2aK
+ ynDbN7LSJH/K84CigYCKzKdY7g9eg6uKuS9QWaDV//oMZbdUijhtK2M9
+ =/TsU
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:12Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//X+WG/gb9oSpWLPlQ8MC1LTGKbe0U7n1RT9GfkFq6QwaD
+ 63K+EUOPmmssmWuqIyH6XL9TXK6xX3hn1wzZ825FcmN69O3v7UoLgNTalVC6A2OY
+ +g9rcpSIb/R1Lt694p75ce0KvzepvyNdzsTwzMSMTMXd+Z4vpUyQKPzOnUCUoOK4
+ MKm8iNxX1srl5vEiw3wWR6untn+E/4DGmJMA0BZxR9TTz5dvNnW6F/xn7dG/aLvz
+ 8MwkisqkGpkb2SIeCexnJFaYtYgIHby+tNVUhBE8A8VOQdRa4OiXNbg+EhO0J7CL
+ Lhsn5B3jsUp0HAnUrPI8feuwaplzPML/keVE+eIJt+xcXh4znVbclFI3gxNPhMPp
+ lTjRptzLgPSa0k2+shtF16WA9/zCmFMO338VIEn7wtWPsrtJ2ap6jD9VLA97eas6
+ 30aDudXRx/Rg2OyT7K3lfRhgkV+727cbBCYKN5YW+TdQp6LheB5PbWbRGpr6wQbW
+ phRhgTgSkpjZf2RPCgYLNjI9xlep9lSjBwe4vZW2MdVA1778hvdVb5069n432a8O
+ A5mPPsfwNi0X+UnFmid397jIFH3ZFoF2YB/otnuRfFA9TdZbayl/lZgXVJvqnGGl
+ +Zaz74UQiQWxLBYTpmOdh8Cs2eEeo3vQGkOpRr0gw9AXrLbiVYfv+CwT0QGAUC3S
+ XgGASADjHRKN0sqUwZ6/XI9UeWTMNZq0Y/DPWBGTzT4AehLlJKo9Ju8iZlN9D6Dc
+ XoIqjpK3F7swjMED+xnK89dWCymPZDGmA9fWtkFnGkMjDWrW62+UNb9f/Oh1sGI=
+ =8MRO
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/pretalx.sops.yaml b/inventories/chaosknoten/host_vars/pretalx.sops.yaml
new file mode 100644
index 0000000..9d5082f
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/pretalx.sops.yaml
@@ -0,0 +1,221 @@
+secret__pretalx_db_password: ENC[AES256_GCM,data:T9qw46sR88tcj4NG1oK3AfjreU4N1cIN0w==,iv:g2rr7PbFN9bFDg/w7vZBiuMB4p2j2uu0eQAyiweuQ6Q=,tag:0coJNAbT5W9gxy2fVOhuoA==,type:str]
+secret__pretalx_mail_password: ENC[AES256_GCM,data:HJrrmdDKzity4Fzz+JEj/kvddzHpRbw1Yw==,iv:dW15nSyYjzlFdPkQoZmJ5k+poWyJZ7dW5Lo8IFjtfMc=,tag:AZZObQRDMMoQgnPmqo/+Tw==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:05:04Z"
+ mac: ENC[AES256_GCM,data:sO7OHejtPDQNt3bfXl+W488vCqaIicE/iZgIw6dClwoHZUHDNlv/V4aubJk89vELCs7JeOYocqZhARrrHERUxLtQMf+YguA2fBYZOVZ37chtfIqYoceq9ygzzzI6/PQlO5oRoe6HkASJK5t9oVWdfWUmBfWWWjBGrsKbUGnlPOg=,iv:p9NZw6HA0oj0PWJYDIjUKzj3DAI4ymI2V7o9knsvjnE=,tag:AbMiE6WQSPkuY2AEIcHAYw==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ/9EffdaNUw7+lCgQpIq+ZLSK08NF6VdkSgrB2qBfvdx6K2
+ rHNsBWMhfXKJRu42NBKP6v9xuJsNrpS0cJKhBaZB1sZReJ6iFRR6iFv3WfRPODNw
+ owx0dXP2OTgrrJYr9jbg8s2yUZzRYakEqa9KZkLIjz9klyxclDF6aI1DjRuNJ2iP
+ almHjD+wjr7KZSPXSCEESfRD+k2wUUk/xMLQ73tdZ+8+Azex5diquEZCXZ4VPeW2
+ B8pl3JQlDSSdaxD1YAa10eoIwIVn/ac1phPOwPbegtvhRs05HpaMVD8agP6r2IFe
+ sLoqAGRlgPAr+a8KDxwxhRirrutOxhvgaCTHqkWBaUsNdgDgWfEC1ujCM6MpzbnP
+ lu/VQsDEN1nZs1UQ3qjCehh99NBdD01bL3TzTXrT9GhoYxAKb+QN9+7csTKq9LH9
+ QAFQOQ3oIZGf3rdpYwxrLYAfA/dSu29xXHcR9qHVOSPDg5r7s1ccLCT/DwtiUfrL
+ gXzMUMPmcHAKaMhpxGXtnlyZFfSA34EmFFWL180de8fUHW+vD5AQu07RuwbDmX1O
+ ocYp2GPwyB5j6XsAGKDesyXB3q36qKyHS1A3XeWd+11cSkcorDYTQqjB/6IeA0ym
+ DSBUTVuRCput5skr2t/UMu41PnA/WTGKHmXU4tAWTCOPF2kIlJJpOcUC2m5M/+bS
+ XAGh43M0q6QwfXLVpSnbtQhT+FRGj4xgie6A4aL2kKjwbo47hfFtQ2kw3PFk6iXL
+ yAnLTG+yW0/FOm6Xmk838mO+xuNNHaOMZgCYXmD71l9u3Za5xjDPRQNm1wi6
+ =P45G
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ/+PWhuluGgAjqYQpFiTUSUhwWbAwpF8o3pQan4b+cd8a6H
+ f1jNeA5XsWQlmtzlW91T3vInqRrWzp8JKR213nFm3lA9SkNQmDs+UwcfQO8at2JQ
+ YMhUWf3ea2TWn6bKb/LNYMdcsKNlaueyQgxSJZP0rhPoI8uX4r9iVvfbK8g8iBnw
+ 9HErdOHfaf1PNXFQtSh+1/47ocyxiBg0/7+e3C/Y41S53NG/J/d8ldTU0mZs8q9o
+ 0DC1WDbMt/t0HwKyXN7zLdBoW0qB2M8FFbAyAqSpgDdB6AP513V6ggoXT8vF7tFA
+ m3Sq+8rNl0JWK2qcBmd2tIKJF0xASTnhQOd5z9PwZ5MlNBJNobB//v2UlDy6Iov3
+ lXXbXexOtxuBdrWsQ2fj1ROasTlBTBJ9AAKX2hv/x0bWY627m9sr9wQxv1BrhxzJ
+ AnPGYEHdpW2gy3dDgq42HsoGAIQlO7fjtPC4LRJ+mVpJNcpAaJgUBzjwyEK2/VZs
+ tNYnYwhrxeQLQfGsOKGBm/gMUgQI4UPmyHZqEMOziMQu9DX3PQ4lUE8NbMnzhD4A
+ XVM0XGh/rX86YSRhoqNbubmsWtz6L5HfIfNF385OnM+AVXPorpEJNcDYN0HazLYM
+ yiUJ2UD9eDTF5Q/lVAQhmi2j9sCbn+cWwBHgAUfBa3sdNhQgt1V3JcoIwvEIru3S
+ XAHnHd6LlUDdCn1zTOwvyKCz5V1gUDQmF+ocj6Sh5lca0ks7kxTAU0KCTwemDsbz
+ 1WJwR5NR+gz2YMcGeRRqZzpnSDs4+RyaTf0jCpj8plDecBhzJMoIzX/YcDlq
+ =W+aT
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAArMlCeBgkSZl0QwIU+ahxoq05l5qDc7s3k9iH2i3ZaIsg
+ ZQezH84ZKbMao+lQrRQLyDR0WzZ/gk4fytylC6zU/F3kCojVO6zsWl6llOmbdvgY
+ ypBkLT0fQVOKqljEocEpc54MI40r8n/yJrnn4J6ERxHR3VXJBc+m4M7Zqudy1hMx
+ ugx/wpjenCXRis1S+6WgdJ1XMjkd0yWusI/oLc5leac/PqnVRHufSzAx31bRq/7+
+ bjqUUotIbUp6DhOil4or6P51X8BIBlnEQhYjHTQhx3fnUyqeYLW+UTAUYaldOY6q
+ bBOE5v4q1o79gI7rGfqkSXQl6fIJWUwWcUA+VLtv9hhMiqYOAezm7f8MwXZUefp1
+ 5dCLfSoP71cwEHdfAINsxb6OoIMuvsrL39oMreEq8v+wXhLlvxxBfSB9fPg6Blw4
+ tyx72DWKcDUvcXlUCVd9AnPPUN2AqBOnuQ4bmzuIOxZHQUr7oTYUsi02H4psEkNa
+ gQ0yxiEnznnU8noykPUukzYgyfRzHsS1q1o4WLjUcJkFFLt1g5HQHTDIvD1Ebf81
+ pi++0CFjcNDZe12S4jpApcl24WTowkfJCVYJufX0cOdmL6Za7MVxllq3PWIhSlgO
+ vXmkoWhdDlsl0B+xEWeVw4CWQOmbX0J2CUwQRVdwRqhv2ejc+GCFoyjGWsiNmRXS
+ XAGwkybWT+vU/8Uy9jwdRHPFOcE+ZIPuHO3cy+9TbkH7w7M86YEUdvW6amvG0HiK
+ cnMWvbol7a4PdN1i+Ov6YzuqIkEcV1Y/RgjOa4zwbXHwX4LDLpeIMS68E8Fn
+ =mFN7
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/7BfThwS2apanA8MrUZOcED+O7zMnYryEUlMwWpBE2sEGd
+ GR6letvHkCn6ggqzVmbaFtFY6kzWnUiwHJE56rXab8ouoybf539eot1FH2rtDFWG
+ MFDO6GdJq4JHCIksx6kR5N7qDyhSTiqbuF04NsvoHvxgcpNQhkHoiTopTTnMYH3K
+ gBy6nMkfFtFZ1QTVUGGtVROUqo91r9Pop8IkBX0o6dP9piUGkQUHkVD0ci09oclA
+ xNCIO2Qfz3PJbj2EEyVJwLYTZd32kJOn22e014kI9/xOWCHNOP6zqwR5mzyb1cZl
+ ATDnb27F1JUxpuXPTx8Q6ybI5Wg/l4du4D2ZFElkvSh7xQJSeRK/OvEPpOeNV4vn
+ UKj4lxg9+AiNCbuVxgZP1uYCDKfcf7YnBhctRpHYK+DWE5DLpCxjYRrMu5/BjW06
+ Xi4uYVX9bM82RcnZUeOJA/4GY4epPlF91Kd2ZTdCyu4cV1EPtFi6CQkG4OxuqbQ/
+ cURZSmLwJHx7eoqKfpARslqMQF9713GJ3ScrvwwPEPXyEptYn0wwnuvsLSBmLO+y
+ mxJFKsTUumL4e5RSb+KT39AXRDfgP6dLW3HEYYa+wLfNBt9ObS7u3NZTvAbIqhDP
+ LExNXOxSg6cMwtXB8i1FYRAkSaOoIg/RMUXFXY5Ozd36hPKRQMz09lvxI6Vc6MzS
+ XAHKI68c+Bdu0z4LfXEWc6n4ZCLkU52fytX2chWx/SQ9K6SGPxoJ6enz28zXZP7E
+ GSFYcKW2ZnOagEHRq8ZzPjR6RsaxH9Ge0oR6//55pHQqpPyU5YBe+gq/PXh+
+ =Y2np
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAI/McyCJvJ2mjfuNy5cYD8yerRzaI6hr3DQhym9u2Pz4w
+ Xmzw8xhS2pLF+9wByaWzPa6wZNhcOw4FuoY/vuX7esfkiy8hOolggOo5N/b5OOtU
+ 0lwBy2eZXcWslQn0ywspNjRLSCMTvMtgjP+Mj+Yz1RFVuuzbf8nx6KndgghNJLeM
+ yu37XTzfcq+uoTbeAuZVtHS1JFrHbqFvuRNnqF+DA6xI7VY3TMJMhpS5I5J7dg==
+ =/a2s
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+OMpABLgtPwY/mKXXbt5ZWlPWc279oVuJfr3MKNAZAeYv
+ tEwRH8L+/QJ6WVb7eBM0QiYPfykN94lc2ibiH5gU0fYl1s5t8RhfA2+cP3aSKh52
+ 8PAuEuvfqV96/rIaZfgdhOkZhyOlB9hGiMxXzrqDSgMiDm86dCokYZSnXMYcS2QQ
+ mj4vazChKE9BOCRXT3udtHPTJr1P5oy8X9zzJD9zq9cDRimWVc3d1u5UNdTcUnp0
+ Lc4SdHImbyzrIw8dbsda9TUv8D38c5f6MCZSjGgCBQ7vH1EVpSfwPDLhvfOak38A
+ j0f7j5VRPNcYnc/SzFLM9gXpx+K/PjEgwBlZBWqQIo8VJu2j3HT/WePKABmCki/F
+ 7hvBYF20URGTIwwWvwgEPNYarqkfUsQ4MlQFLeqb/hGZmDJPI45kxA9DeDj17VJU
+ GDcyVKaU+YLQqNJzlPl2YsC+CVGwnF68+cQ6uDtFVCWYxZuB+8Uza9RWNilT7YsE
+ FWNjZNPEpURUGzXoWjeD8dsr3d6138Br5lVuGt9bT8rKNIr2icv+C0IIhAGPFn5W
+ 1mankaftwGtOgQ2kV+vJTHiAoBTWXOsl+ppeYrRYw+dEk17NMOryEmgGARtDOQ+m
+ 9ZJv0SfoRhH72gc9AyyEb/3vW+zipobRwlrFx6MZ24YsmrF6ktaefwM9qrC1QrfS
+ XAGdPW5zc3TcUNg1RBv+L/tsi2kgqY+ay4ivqeMBeKqOpaLflfzcPvUagDbyP8Dn
+ X207VaxYHuPKHkeIPTwYu+dDSUVURxSePZY6dNq4NVAniCA55BcuwpZEtSkY
+ =A2kF
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ/+N2PMc0UUZcMCFJ5r1ighIXI6vdPPKfxD9dO8CLG/d/Jg
+ 7fnr57VGf9WnDcaDWrInyY3h/dhbVdxwW1Svb+sIvN4h5HNZXT0slMqzF5s3ujQW
+ R5IKf0LOPoP961pkZvAxdGGaVs2q0KeXwzaQrRpdG5qZoZFukBMjdPlXvooWL9xj
+ 50fJ5FA9tWsplhexBJpO7gZa9ChM63OwkrMJsEPf4IX2CdAuIUUi4ZCSS9flYXwZ
+ 0sGKWFIqAdPAlREv4Oj9Yyg/w1JIxOi/FRaGX6w6e8N0ijrde5m03vM+43+oo79J
+ F/izl83N5/cHUnLsovLkwojcoYWX+lHRBPxaPti0JVtTHxNk2hgY3VJuLbgute3D
+ QJk9shKlsE1fuRFN9kYeiZH47Jb/GQ63W/W38zGEyDI/P2XFSkoLkK1XMUnv/iaU
+ BiZ9yyJqC14B5yoeI7fosnpTxbzhEU/Klk4yCjy5m3Btae7oBVrPJs1ksy1vsJVI
+ 1e0jr2kitK5vnLXntrPHrci1D48WuK8qYO9xnbPb7Y72a/Zs0K3GFaj0bb1xDp6N
+ 7MdbkpkxZfilj/TRdyFCzWAD7YYaikpdqNVNupK2eT0DiUBLEay7CPggUy4JBVwv
+ QxjKPIFEuQYKDZyoqaB4aNK7sFi/mnOnhSuiPW/Yj8nWO5cBQN+yV53MZJ+bMT/S
+ XAGRgwng3ADPdTTWI7059N1ps47zLu+X69EQXQz/XXE81LB4GpV4klf1ZyXCJxL9
+ h6NkMOelbQRzo6GmIVH3ZybulBDUEWaGcey/tjc4Nn8nsWLEEK1sZ8vxhgQS
+ =w16+
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//eCpH/tm49iFcT7m5Yy9URQh6iumq+qisjewD4I55vfI8
+ 3wm66qbVeGqRWdLhsLZ4xajNNe9WBYnO66RcR5QEyKkwsau8IzN7An7qOwsudkFi
+ Fjm1dGh0n1EvsScDE4CccPlWIgmoTEkI1AlY/bk86I84Xz2I+KKGKMDDt9M9wY4o
+ kEfqXhTWj0RyYiUWroFDTTUS37qAxj3Gsn0ANrK7fq3KWk5wZY0HxEZqiwohh2IJ
+ 1IRoPqiweJGXTAdt3XM1KHNj3goMThyW1nPUS3vegSdG36MW7zYgFgr14gEWjwe7
+ uz4au71QdsJo2wqrXcblU2KXhxMxgKsfIO6n5SB6n2beC5YB/WXK/4hqvjze+4k4
+ gmJ1OaDF+C3/hdNlAxXVYw5duYeQHaWdBnuqc3bYBR4gplCe8sHXVPldBwdBXT8/
+ arpbxaTZGGBufpAWpC2zOC/LqriFB8pgBr/WHs2zgRyy2tNB37g5w7CW/1piTxOm
+ txAkFnvlVHAvA7KJUK7ZlcilxTNhTmJbHbsgax5zol+Azr/NaiI5oCFPfEfIHMi3
+ KIFasJsHaClUjoPcoE1qqCxWS9rYcp16JA42tJHQLUTf96EMSy0PI1Gz8s29CUsc
+ 8sRQyCHg2z8CRYewpgeZPFZ6oB4li/7wk33R8Ygz2rl0v8jGYLLXOS4MKnMzmh3S
+ XAERrfs67xQE3bgzbrwobNGeTkx2XglSe5m+xK4D8ncaCjt22igKynJCN2VM4h/9
+ w17wcA5ptgHDY9FVbdzlVpG5B7k2qOU7ZpZwXxCtcYKsa2ViF8KOiYVWT8VI
+ =EeJS
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pARAAkllD5CHl9ViGIl/9NT0B/w0VXvKdt7Vm2xYAOHTDszhM
+ ytcLXB9sn1eioRPBBzVBobllNPJW6Pw0udokQtJ+AxGMbWCEiAmFBz8l3UCx5I5Z
+ UTELpSjUEd0NnUXeEeHqXFoeEgfuXpSl/jrhv5jFWKhosrYROlD62oBOn5GzTPjo
+ S4f4w/CogJGDCtH29RqknCNGILUkq4REMRkUROVBNNlt1l6u5EJ7WOYGs+8WZjHY
+ Y6GHnThJcZQdExVkLU/LqI4behM9rMWIfLuvIq9H/0JRaaUFv1HPIk/txpTAiesK
+ /u4qRzVUSXF7C98NS33qN4aOG1twRz0VcETt0KGSTCdQxQlnAnXw0MUaWIr2Xm26
+ NVly12Bfnq5iWzIx2oR0RDuD4k1TWK79+Z2Ne1h06VYTIEqxnjMrXna3aKGG2f0c
+ 0P6u0Msf8FxUXEl/HtRLZHJ9v8FoSE+qi75dOb5tsjXRCIKLlNetHN1ZIVTPjD2j
+ 2jftyIBoLe9FVdMkjhAhfkRG3nc1bpDm3Fz7LNHjr7h2TAgskYRctRCQ0sLUm+U0
+ VISkoFe5bQgln9igqaVmLOHPXLkAE0pOH0gdyXY4bYUf3CqOgvgdRRHAstup8yRE
+ TMop8obh1JoYPy+gx2jnHbr01lTAnbOqTBrnq85dh9QiZ8RD57rmmQCn334cfT/S
+ XAEWF22JjcTJ16SUDzzM/ifU7ZLn0/6S/06mvzzvc5/P1j13HxoQy0tQnYH+hSSx
+ vYs/JDWdtDOLyveQGdjEBv9DCajNPciCpvIHP8kiEIgXK+eq4ULwgn7qHUA7
+ =5J5Y
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAgrc0PgCemUNp2H9DlYhzx6YOTxe25hl9xXUry1/7UDww
+ GqWflaDgbQXWAfJ7SRg3/97xvVO2PvRZA0dSfyGZOYdJZI2DQYYmPOP0XBjGmj5e
+ 0lwBC405oP9jUhH1vqsZ/gNCQfmBF+K7+AZZLs6PMYPMbYqM/UwXYG/1PQ6Nsgjp
+ WaNDQdhsgdBF/3f0G6dMlon5GsHh74UZr25m6UnH/QXsGUsz99YC3HpYqfZ4zg==
+ =swyG
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAojcnJZkpCUbE4s+WspGi5Eu7umXR1CdYzHy2PeO3cxQw
+ AlPyrJ2Yz40wMB193w+7rH/mmtDJ+TQR7JdtUyjFh7qmTGHR3C+PkcxcMZ4f7hNo
+ 0lYBOsN8HfiXQRUz2OskzM0nohP41Y9+GJd5fZRPHMUDoXuW3vxVYlvHPs+y7b1O
+ qW9DN3zJPiDh00qpm8bL8Cj1u2XVvg53Yv6FIPbzqwnAWGIAMPY2YA==
+ =Li+p
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:13Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAA6LhhmYQ2gafJaLJeieaxVcH7cqanMdP+cWIUHU3vSL1s
+ pm45DvU82PdLot8tXVpiFE1h+Tj1NSFK2HQnyxZZCTp3WVBclPXsDM/cV/j2Ti15
+ 1y40CEHCmmNyiXWfe1oknhSd0hhsFXA1XukkTqGJNO3lWLmvxSOHcz2pVhLDZdFg
+ Sbl4NphVeKSVDthfgxq54MQYSkpQ8ad5Pu6yj+xKog6+vy2kPb4j8OGAxvXufs5b
+ zehTw6y3v3R4tEWIOhqijzxYEpXfe+CODvos/ktlBu9JRz2FxBhDKynADalgPOmQ
+ RKBy/UJnb3AQKNCqDPMtdAzYgLbjusgtZCUqNgNwXhosB63Wp2G1lwl6sXpmeBvd
+ Cwo6Q0XKNMupnYk3bLpveKTJEuGiZGkpvmj0aNEX08JuROYOIcu/8NAxD4ElY28Y
+ H58qduuiiXKmCz9LAZFmMCll9z93UzQ7G19yG7CXERwLCp+wtftcKks/K5ZMxO3i
+ suX2kydUi5UiaStLOrgaUCwAGLg2JQtOUlf/nvoxu5YHUbKwbXJ/SHqCngxoyE9U
+ Y3ZaicfiNyQW5tI6N/PVdeC0cvIp+hiaMvHXRNNehVL2Ac6yNNUF+X5fU1bzNqgQ
+ QMVIf/UX2ky9mjmxw582oOCASiBxtCQKpVxgRy+ZKqhgcdF0Rn0hp7O5arvYB7HS
+ XAGe2uopSmnOmDt3L/wOKfiEX42nYqhNgMrgJg9NcLHyE4ofyvEZrOtztSK44aUW
+ WwsG8izTHGhgUM/0GWRsqy9oZVmDUiNcxzm97n7UGqBZPqj8iHVGHCMqpLST
+ =+cIy
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/tickets.sops.yaml b/inventories/chaosknoten/host_vars/tickets.sops.yaml
new file mode 100644
index 0000000..6dfc627
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/tickets.sops.yaml
@@ -0,0 +1,220 @@
+secret__pretix_db_password: ENC[AES256_GCM,data:kAOUjT7gw0FDqO+xt8m3wAhOGuZTS6zEIQ==,iv:oPAxDzz4ellT5MxUqw8/iBYyiTMf1b/Lddj5E0iIhWE=,tag:r3OTmcSjNUETEmOzxsMhxQ==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:08:33Z"
+ mac: ENC[AES256_GCM,data:gyf0gBed5K3sEk0bTBPbNa83QtWtoLx+NVp78KrxxfyiUuPu/5ziWPKHDd7o9TQvXZnQ8isVy2BaTTwR6tK4AG5+SO2ffV0a0/uNx3/jUvh56zQFwA6LTviEnR3vKvKPa1GH1khojaCkyMpYkb2KbMnbrGIt8qqqDcwc1dMVv4s=,iv:7oPpmfeAcWttEaCOiL2WocbhoBaIh0Y33OlCAYjq98w=,tag:KTN+7sxOYEfxGwB3OXvUIQ==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//ZaLa0jFRdraV+dQbKltTYi3U5RCebaARIe6Zodux1wNF
+ nwiBpuTmGsv6zlMhisLCuvq7Xi5sjsPgxECeHTa3iO5vFmAI0FZ3edxxqO8hSzg0
+ 72C31NGvXxvXOmiPRSE1ICgi2d9QiEo9M/XIoYuH0KvfgsBtsGJizf16qRoZvV4x
+ mZ+eJhVEnrXhDAMW0KkZnuCA1p2+02ZbldEv1xO9gcDjGlJNlOmFkeQSw7YJMSL+
+ 8i8IP8bu+P04vhQ417gnTh+J2FHB3dOGyS/xDkWkvm8eoOGHd/A9iIdYS6U9IXRn
+ 1cKtuu+1WMy1tZI8NSRrjjCPgA/IKAtRsuvQW8SPD09Ry+PLGmPNDD06xWeruj7i
+ zGGBSNLudQerlcgI/jXpfa7cY7J041DIuL4LpjU31qfj3LOf38xoncgKWGp9y1Mf
+ qmPgqjVr1AQL7TaFCBs1RULs05NZh/H/aB5LySGJVDklpAmsNI7EELuQY+uLDul8
+ z3RarGJQNHHpgh7bVr/2xnX5wxnPDKTxZOX28cx60xAdoQ3YteN3sz746eVIpLy7
+ RknPiPxbLADMTDvWViXV30NBxiRIMZMyTzV8dDVybMP0HVsi60oUmt4dTxNTUwc1
+ IkJAsf5B3Gvj5QpxB1t8hhp0VGp9y5xpCIxKH02WsYD46Bk5S5GK3yfI+oWHGhTS
+ XgEUfid+nmHsdOTwLuIAcg94hpjb/qeNIZTrFu+PLv8jAXM9iZtL80TY3Z47dBDD
+ TFL5VWwnN7JvtlFAXZfdDF0Z7Ds36mrLkyP5H0HlYySfXzXRaom1X4Zoe7rdOYc=
+ =irhU
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ//ewjkGZAOs4fTiGze7L5CheqqNUbpGGC8GGwc7XNWWDTH
+ MzHw473nF2m47qxDlOPkuPaSiM42306uzLkfVOK78ZF0yR25ksWmbsUMQmjvmiIz
+ RxhN9se36iui57yTZmgklwCZHCGgH+Z14j1IMyxyjwYnVD/keNT9nyHaTXWkJspb
+ VH8HDIdUWRTz6i3lQFTU8ihsUYJEDfGq4Z/sfGGdawHCdycq/X77Wks29PkX7dsT
+ /ZWQ4wDShytB9PZkzYRuQGxe9uyI2ULGzox6DxCLiorjbWvu9XCk0PyGGd6oCYTh
+ bYwERBateIUGy5MYKye4i6bh+d+OO80jOz3MgG5WhNfmqboywi/sQ9h5/OQStNAi
+ isY8VKyqgvQMbOf/AMuBeUClecFhDDZnOHspHPMUwnvpJ7cSni+n2fB1Ng/j/sVH
+ Sjv8CTmbPOqGGSDO/yFXBtWqZa+DwSJog8XUgc08JUfSawKtWGbQyHsRZ9NPF12z
+ xtILWkYOsetA2rIz+C5L/E1linyj3QuEXueONiducFhC742dDJc9RY1+1ZfLwkoy
+ kgZuxhItOdBOhjmarK9hlpOErc6d8UiDcknrfHdOs9sZCaM1I7EptJaYMkn1Of0p
+ 0fukUpolLGAsOOphwJyaF/7qfWXmGmUXD6B/prYo0MggnGYZ7NkY4ja/MnpoYmTS
+ XgGrkpFRNk7XdrOjyV9+vYHOKegNpoKg/SORi810VyNdY5UrgeuZGRFopwY+hyR8
+ ivgndYxqvxLDKJ2IU3LTPn510slUAKrnuaSLF/ATTzIVxBtVWzxNB5LJs+QQiio=
+ =vF+Y
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ//R8nCAozvpPk0xalyBdT7rmz5veN1JQmJ56MeNe2YjKVR
+ h+VlisHyv2s/yblj0bghfK2Q5FsCqaEJu040XVjIh8TnmQSM9Ze3nso9Ey0ai+ba
+ 42S/4cXQs7WH44n37qyrP6xQoZpFfahx02FuIudQWe4HYzkKBYsKh2izdiWy8ilK
+ 8AKalfHapVilzmvVKIDXTFPfRLwXdvvqHQ4rX1lDXnaACjvvR/Xvc+G9pWTHhJbp
+ EP9UOx5au/xXoRoqqLYgoMZmVdWOHHR+tehQIxX1GknC4qjEcBNpsPUCBHPbzP4V
+ Lqeyi2w5ySxL7KVV3yJ2ftuZcCYQoiiH0FFrT4xUQ4MYdpCscv7goJ0S3XIw/5SM
+ TQLgIO7NamKob8ib23LbukcZRVK1UJdd42oZkfZQ91JZg8mkH7WusEqSLdwrYi58
+ 3HpO7danYAiymcZqjDCMqq2QngzIqfnjUGUFjECDDVzXaD4aChy7ariPKbJY2cSM
+ q72QkDXPDH5awhRUG/wGVfg34YzM1wBREkjVna1KI71jlCTGJoSFNyJOm/FGxUp8
+ KY8Vbd6rPT/bTKa4zr8xaDgMra06sD/19IOFeLYVIA6hRTQFvnid1KHflKmqf6wE
+ 4DLxpBZ+htwlRSEQBgN9F+BdZV6AhSrsyPB3RTDvcX3/brsPM3qDzSpvnjA2PnLS
+ XgFSRrF58OpmDVIBNJqhZwk3GJrfHMlJCAESbQhB2Vt2rjYEoJFIezl/+Pd3t6U1
+ 4RZF9ztdreWLDTwaBd+Y/emSg5y/35bs79WUroFzLPHfKK2TvSv3kXwmD/agU20=
+ =zN2U
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//YJRu7a84M4Aw4psDj4D1/lgFCP3Iuozn4uIrItau2sfB
+ UxVHoUmpis4AETkG8m57JkP9x/uL0Rffg4/6dHeWIWBP5ivhPQYT+VhRuTzhXSm/
+ MmkgYwjsjhKyMQQoqAoR3D9o2pP7xLojIk3nf3rCIaLTlI2JRepDpGfGJ6NuHYuY
+ 3tL4c9aUth2S5Nyu2gptzIURtjj4zxvz2H6664WwhOFwGdw6DQFncTWSqCGcF23z
+ z30yXUhl1/tN28GXKk+94/EFrrOTvmJCkKao7gQuG2kyyY6QmrbHrHB+roxL4B7L
+ HAAL6YT+bf0HYhDTM3pQQiVkmgnmjn4TnwOID1pm0SH3uAYWrYUQqgHtvCzm0i4h
+ kGPQW752BD9i0LwiENf9LPR3gbnWuYUu+Y2DZ1NcWnbJlrfwin0xzXALYYKW35ua
+ 7LtfGcgn1qpvHcEGB6wcCXUwXOf3dxNZD04isnHnXbpIh2lnXhnlWQI81s3IuIMc
+ HGnEi4/wiHNEVtAcvQ/pgfZJc9zgfPR/qJCHJKbLgni/GjJpBSPvd36FPGwfGKcC
+ Q/Mvx5nycoNondF8wI0cVmkwhPCXGJ/Qbryd9LAZpJRIGcNBtkxFXm6IEaHdeaf6
+ sQcrkhANjs4/dEsd61GTnVOMnGOqVHS88yUmgEZIHz9JyK8Zm2WtflSkGlgIXG/S
+ XgGN/mFrC0v1oLQwAMrGq2nNrcOZD38uE7UidnN+MRgfz0h8nyS76q07mrlnqh3I
+ h8wmb3iYgB4x1iSBR97uw+h9Uvpv0pc2oDv2CzKeG+5IcgVs9RCwt6mrRsgt5Xs=
+ =a2xY
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdASqL7jPR42Su2gfaIPR7d/yMSKLr7AAiUJMW7jz39A0sw
+ 86w0HyFUh/fe5DY2VGhYg9Fw90I+tNnSPFxNjgEClosdUs6FBe43UvSxsNtUpg6O
+ 0l4BqTuQX4R+nTQ1f676JRT6xIoyO+N1NMq7BAWOxrkte4nCAwPjzK12Xo4IwNCD
+ /hzfJTdYonnihE6AXe9eoURWa71j0ZpVn7G+m44e8j8vXk6Ep0AI9gtYqXo3EQ3A
+ =KlAv
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ//YBuWhGfl/V6GvA3J8DvySqzKGDMgnfxh+LTeRBmeEDui
+ fPh9MOqg9hOUEYjmJMh1WH5G3OI8e886SKZp0YN+A36C8Z7xwRnxeO9dbtFRt6F/
+ bgb6RRvZMYdbu/vgJs4OhbL73BhGPbAs4+DRtrmz+Gbrn3Sm0BaJ63zmIzahImqi
+ 4o9abLPBrB2JJPqTHo5F5PnruhLLsaSqQ+uuTrDrwBpwmPQmPD+K8/T4yWgvcAfs
+ 8bEtUmRQ7G1GM79nGhdK6IQYCGAn0WE3TAOLJvUxEiv+9hYO0YSYuefR4AivyzQ1
+ wmO7qWlqY/hJzylaXEtIyYVfN4F3YtkZwN3wSx6UHg+d5814aUPCLCi7ftdMvwJX
+ y5n72Hd1qrIIu38MEG+Z+2Z36KKv8ViK0aKG/6BBBw0BpQDktMHJInpaG3LJUCjt
+ 3ayajKQWl4t8g3jnmwhXrLZf8JFbmGyzjRq/GqOhlJLvh8W451xlI/jPJZcY2oVG
+ 4jd0x6zkG31fIHJ41qOs+2fJaeh3WUHv2jAgISuqbEoEct+3EzXj7VNSGM1uB8oB
+ 9pUP1AcoWViHhhVrbnr+aqhyQDiytID0tf+Fvddpbgm2ECDTWeGuIrzoPcYYC19k
+ 5PuNQP5u9W/zHKOLXSxs/wTpoUr55OLBxd4l/gUTq4mCZ/1YFqSDUNrR28hfWKrS
+ XgGwy3VspQj1GzFz9zJ44S/tKBI5bRQSslZfOgv226p/XdBLleoagltdHEeFdbJ8
+ wuPyOzxqWa3U/iBF+ANHjz4VIzKtObFBf4R4X8hYXSXkbko1k7W8nD/hziP0CTI=
+ =lsaG
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//XZAHFWGJZL5FxHtR+9Q+Mfv+1XYsiEii7TJPFibcNB/X
+ YDxbuJ84jmueCqCLX67ISVPBYk4rIA7qk6+qWxAqJqbOFVOq7ZXZOIZqVkViD1Wt
+ GBRq44yT9HFxi60YN/2c9smUQoxMus5VXNUzRUxJiocEFjD3r2QWaE89KDj+gac7
+ 7xO/zoqV3msfZe31qmVD3sqk+EtfKTxmkHXtSstl3fZJGak4RPUwu0MMYwzbui+H
+ q05coDVRgum4kpUSJbK63S58/QkWYGBkNg66r4eXJlg+Hb7SAfS/Sn4X0xJuflmx
+ OKgl6Z0ds1XsoZN1S9j2/DT6NhlV+5ZoibEyQYLbOIQz74aRt+IRaAX4oTG1UO0p
+ in4OYtsI+wOnSfP60JW5lF9JUHaOaCDzxWaFyeYpw9ymMyfUL6cFDiMvKQPTONXY
+ DOKVH7ejCbsX3kq/tWr1glBMeb+5AjQsrkflG5oWbVNmSfGPQXxh8HDDr7zkwdHa
+ AeNqN+b4kh1HPBohyrocyjXQcRjD3Y+j+HWQIfXFmoNMRWGATM83s8JQoTab9iO3
+ S/68vFvfHYw2ijjTBV4giR8Ch3TPh20O01/UK1FbjQmrwWM7Z0WWN2SY0mN3wBdS
+ jTJPuXW2v84dZPUE1lWtvedaT1VLUI/9x51iXYlHH5obQSRA5Fli1zFXwXEagbzS
+ XgFMiyXksg42jTdT1UcPrptCeSoiQ5nBXcKfEf6d9PAu75u/MvnVaCDFO/vGwwRd
+ MyEx54Lpmsh13tXh4NmVW3Pcy0x/4Budu9SS43mBqDkjOcsXWd9jmlPK74+QuIs=
+ =R/9b
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//e089t5UfnD35fbHpRGNboywPjwRxvfAb4qFxZZ2gJ0C/
+ lLGgL3R1vDFzJyRJegPBVpYJC4Yx//wN9kyq2sqCWe+ePrtw7f+xNotzmd1UW1tM
+ mLBSIt7o9JIGWQ2u23u5khKalL1OYzgb/mezGOsvvz/VqGyJbkm7wpy8FZn3408c
+ d+IiZiMzh+wxaS1CspPwusVy3vNL7/OtA8jiwv+wM0QKsF+BgfUAEU+Le16CE0AW
+ kbY6Pkymo8mql+gfBOslSM6B3Tn72RjRxez326Us82qKWU/bCcUcCyoL4Ddv5/Nk
+ SKc0WKWGcQ39XiBuTssModlTGonihi+BqxKlvKT/QAYYroRMC7vFNYqG7inn3c0N
+ cShjYV+zJPNdlXeiz/ZMs5TpECBIcMEBaLMBAJHkLLjb7PVH88BZIcQ5/odpyOGs
+ pXqQ6pnIJjg1XlqeEnHRP6WtSZu4U0wtuaxNWNw0CnsGg/meTCKevlzN4OpuoGLK
+ 4/2vsUzOk6Lq5CwNtG6rg8XhMhb9S869PJOqKIopSCjklcU08SfxwcUZiBKLyhG3
+ oNHT59qbSq3CtIoap+VcpnqmpLiLAhUXoc47ISCd3RP2B7LE7j1Ls3OIESKnl6d4
+ mvElwAUQE2qtWRr0I6ypW0M2Nf+axY6HpQqTwE4nRBDA0+ZN/Y9LZHW8OEZ8sGPS
+ XgE1SvXOZsJfR1r4ndxQf2SmahezpSqrO1TT2oz5pVBQ/YnmAp9awZ0B2wEmw1vt
+ am/9MrBKCXjmMHwa87l6BaqwvnCUPRa9HBwVkGhvCvLAcP8odmhmgjUT0TErkFk=
+ =c/aN
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/+Ojy06RopB8cWxcVn9AXbgX7LA00vUVkbOl7yo0hVXZbo
+ jY/vvbtd5ju+ggtn9F0H+vunV1ulJidMy4C81wfofoy68Iqok9u5g7JNxK+5k/5u
+ 3xfz1v15Ino5baSbBKsf5fTDtZkBUOPiYTXJNtIf6RexTaLlveqw7JamSZF7YY0q
+ pRaxx5XZBY4QBoWliIhuzr0pPSPSM2gBxG4PNOXwEwfVJSJVZKulyDVtUhT0DorG
+ JAw9qqS/WcyQ905SY+YZV4jlvf9VNRIWjw3Zql2o9IK+MzX7ot7R+E+03k6Pr6kQ
+ m1SagYKaQXwpViAa5w28X7hIX41Umu6aeEgCi0Piw7cReXxLSDrLVPSaIqT2LSfv
+ ov09IravRf62rp0axeouUZNTNb/lSWX7T4zv9T9J4m3Pu0sEPB877BPzcJxLCTsg
+ 9VOIXbZe459Vay4GbVC2Y+8aSbC4HIrReXIlkfPOy9gCSpN9SMMqRlU5Eidmz9md
+ HlUzeJfGQs/9ZLiEMS7Qk1Ns4U5own8qmf5Q0m7E9Ho7LcV/XZhVk9LO9LzufzId
+ qoC9r2apZjSLrvAzNU7lVmCbniK0LZ2GhGeSD4mDs2CcSo9Lxwj8Zas+J87vph4T
+ js0FW7f5cr6PQLfq2wwTtK6PSYmXMM0M3AQ+EGwzFvc5aD9dp45Jbq4Tey+xVqfS
+ XgG/zmZZnCgHYBqN5zMld1/qleWJpJFxF4pT14fKAioBUUILrAgo+X8Ikz6llDSI
+ 1byxlPT9q3NgkjrdkegYMIg9rCYNflX54jRfeOgenlMjPzZB2KbdPE7wFmHWl10=
+ =bKcs
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAXBiU//ksELwICDAN/c+pT/ujVFTVZ02nCKoGcgtMKVMw
+ lRcegt+kGVNPIx0h9JstIuLHO44/q6V2yKgsetC/NyCkSJ5tulfpuUnQWUP7rCjK
+ 0l4B3+ttuIDbAdJ/IidXZIXBlHh84OQDZCz/La8Q1PZm2LFihKCWtmyp2SA2hruX
+ 1KrzJYRrp5pBGPgga0V75FfFcZrbtyypESDoj0cyRtGnh5TJSB0pMi4RAlhow7k3
+ =nE2w
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAuaqVtpUu32jS7+N6XAZgiiO9YZccwXlyVrdtBD0Yhh8w
+ ieJT+Cel69Ewax4TsMmBhNLGchI+XIGsbGymSjEpXxj48gkW/z/bRwhJddPb3kFz
+ 0lgBSKVyrRVaG3oRmSBVYrK/RovA+GUoatm1z4eD3twxVKFS9DcPjks51MrAuZ5t
+ WqV7WAhxXQ/jOAFyNzpV+qWs6hZKotzCc1CUc11ov8Mag0zDnuvMKH3V
+ =+xgp
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:14Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//UASU3R7l9DtANEukI5MMmxq/voPtDxTprhGhdtvg3RQZ
+ OD3cfxbNbUypBlPh/CAPpwbmWLeW7ooGPKvkohpDMYb42iyL+MQCVq/dIbMrYcJt
+ y4Aof+uUJVmeJhPcYj7RDZULjPOvYrk8ONp17BQICy3t2hthcWwF2xvX6x8hzYUR
+ lPA3Gle2E1VQM+nbT6pkwPGT5mFWlrdGHbm+PpL/nuMGsuUe+VXsXTfZSzKoXEtK
+ uPIxQBk3dzOo0T2FkpjlZOli83cTFbWi870VyR9ZjxEoXK4xXi+5WmutaRb+J4ya
+ 3JmWVUTMkVyYozjXBuCVSqpti0tM3c4aGkLhdYDgMl7VCUJQer+K/7pzEhYxRl7m
+ KjkTNMESdSr/F/6u0ewRTWdeyj5Vtsz9BOHiNpESxS7bP4kiXd6UrxpxisgiiIpK
+ R2wnPviWUti0Iu9FDzT3m3jxlT+Ku9oiVXXvDnjiN3u6129yhlobPJbRn/OHR6QT
+ 4czHAJEXEdzG/TVytjRqnPVd8UpfizXte0Ul0awtAFKbC0lgFwQj68b7CN7vc1Er
+ EmnS/7IO4aLxGoErdKUDZAZElF/ubQNeh9rDfcAX8lWsCVzQQ43xBkVSBmgjF+qX
+ a/i5U5yLwNs9SlPo16cfSMd5AWJjT65Sp4UKFz5yyfwunIBRnZsgEkBw0FgoUorS
+ XgH7jq6XOsaVhtljrGFEXgK1i0aeqaj8kEx16U3bM5v4rSmDNSrPSRzvFQ6+fGYs
+ Nk5Yqfvz7BhR6DJB6DyGXw+b8lWQLOr/pllC7yQagtH2PKYfebciPT8hXYlUfcI=
+ =c/NG
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/host_vars/zammad.sops.yaml b/inventories/chaosknoten/host_vars/zammad.sops.yaml
new file mode 100644
index 0000000..a00ac6d
--- /dev/null
+++ b/inventories/chaosknoten/host_vars/zammad.sops.yaml
@@ -0,0 +1,220 @@
+secret__zammad_db_password: ENC[AES256_GCM,data:ThtJngNvMc817rvbjMjjbnp1tBlXPdAg,iv:GcQHc7p5jFcyxpTcYsUOA8PvD1Qy5HxVZXHcAuL19Uk=,tag:UjVxYkU26/zkBL1eKDfreQ==,type:str]
+sops:
+ lastmodified: "2025-05-04T14:11:05Z"
+ mac: ENC[AES256_GCM,data:GNOhRrJkLTjovRO2cZgeiRcqB3TE2sWxD220Z8GynoUV4pWS20vOKvaqwxU9seuD5Msxd05JzLRVTCtP4La6HVSgDekoVYKz3SLmdT2Hev+fscmfr0uojRi/5f+eCqGMBEy8Xs2Y7AzIC60iHqX4VBBn6FgkJuTyS50qn1akoGI=,iv:EIjJbb0adELCNBoRsdjsVvN19v4rKCiVmxcCAcnY7QY=,tag:GzqchqorbDN33+SfspGT4g==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ//adiHGDXIz24INvZMytpnO1LF74Xfg6Y7g4namdypRQO4
+ fWgaF5dFCEMr8WGbjuk0OXDzUnkAgVtjTSkhZn6TBMgLlUzDabRsG9HYdUeB2abG
+ q2gwyybBUnbKhetJXdcbEXFlQYWdRhv30GWAI/E/qLUdhhy6v6KON7ZHR+2UB/ob
+ IlPI02h/q3MDlaa5QObVgttz5OLYRS0v66DVTNTHL5qydnLNjAOOu5v5WNDHL/wI
+ CvPhnZ2bwiIK/A4XQxGCQQUo1uMSX2CkNkmg3rXK+E9n+kgj8yKmKLm2ckYd6f+z
+ VOiiKVHJT9M5LDTdzITYu93jrHsYqZDdOBBjk/MVEGHoQ3k1Wmo2ndh92W45eEdR
+ wpRGkrggpV/Nanil3rEImWOFee+Yhhhw++l7QCF4vQQ0OeGbPM2Gtt6ggnxnKXtT
+ E22C76DF1Ouljjo56r4G/P9njSN/yJyEpiz0IWytGEGhiVgqMnXdxduNegdLQI6t
+ FFVIaFz52Q4/oGISbWuvLvlDzNg0XQE+/KNUfDiqj9O0D//UW7+bs337XMfo06Db
+ eofYq1+uY0c++CBqlBTUW7RAKf4ik80DLy650pMWryOKWU+e49O2wyPl15ZhR1Cw
+ AdVmL4u4rWYQ5bWUKd1KMBzrF6z9Ijz6xWe8I1JXg0Fw21kqk5qAhvm3Ry05O3vS
+ XAGk36zIDvIa5oUx5U/hbT4pTiB/rT5PDiFjFrb7V5JVQL02CC7uxqWXk4ioYfGC
+ DwmygqUzPTr1x/KexvtNVRmCv5kQWmzf6j8Egt0CtSYi2m7JSaVpheM0H79W
+ =csYx
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ/+JoUZC+RkuWmPEIPj3PJkyYBVHaX20gY8jHf6BvUCjoRQ
+ 8rwhXohbPFbxiJN9bdWdLxuG9tRgg1lQcK4+Q/bq5sQIVCAft0Ulu26BKN+dC8Ka
+ qv2+7aHws2fe1v7cCv9e4dNkiWTlfu2RHJw00qalxfwOCCrSQfOzx1jCm4xnqreU
+ LHnzhencBzaYirMMv7J8kzUSlxTHjb4OzV1Dd2Rth8YNZNGGibw9wnJAr4ZTOZjr
+ PdjN2q8FvX7/xOb0l9hQ++Xx4+iIkyD+WnvlrI7aPZJn1GP1psYIj/n6otIWcsrk
+ LOmDhvhq6GFMht0ejDyZlNA7ls/JB6WQ4sx4pWF8MGycuh89HZJp/jfPtgob+9Db
+ Kq/uWElypzNoMIxw8F4TKSs0w3vYV95tPtzxcOJew3Gs0FP8MbyWhU8rjHXG8Njj
+ Y+KjEVlekl6TZLMdh0lewyQxww83MQLR106iw7kD/iAlgZqnsEcZ1IkCTrD0drKU
+ +7AyFT2lYQmT+3h2KaIrWnBq28EIKdf0SQ7Ap1w2XlaNz3BFIDrjvfH0Y+NCEkH9
+ CKOaIowUyosMO/liQYWmxkJCUsSFEIjHypVKCwP47NeE6JRRpXLE89OgBRpuz27X
+ xKQmRonQlCvRMOCKr0s/HulQ4wAc0vK6H2BNqBevCDQQOUwG6Xg9I1aFV54OGxnS
+ XAHy2dhsIXkbvUsnNVynbyw2YaktTKc09Obfu7t1e5AH4DWC0YbRdSHE9LPRq+Pe
+ 88q6vRz0Wvl6B0iqvzF+ckV5//Mm2bBAzdfCC0HGyriV45FkFwlCP5gh1sRY
+ =uziZ
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJARAAlY46gigcH73HsaXyUCKr50AVUw82V2x/roiGRkEd60Eh
+ x/qZzS45jYC8ngpXCusW5UuVcKjfwwoPUSlDU6XYWi6UCQJN3X+AskG8xAx8d/PM
+ vsgy31LKqD87k9x2um7MgD4MUuKvUzrXyxNpN/fUveXZapzOLSEOWyA0qyB9SkAf
+ BMuI9NY84WtxzV/C2QWBCoZxAwsexBow95gFybDiqubZZnGQ34sU0M+Kfmuxpwdn
+ t8AOX+3t61jiU1Vq6ccGhcFHjiSUbb3LAGb/WPzzjyrsk0beMmWDnguLu/xuFFaU
+ /J2CcPtF7GfJlnwSalB2VVZa4Dmoo7Jp7j+lTVkOf/KTZQqRS0cNr4bF/qdIo3PL
+ BMxyOQwSoU2qpjc4yyczjNJLaYi3bwTlHmO2JQw+fus8bzvC3JO+ZywGcQG+Qc9D
+ e/Ajk7r2wnOPy73EvBdlMyL3n4YiCLW0uedtP+dVloa1JZtuI0yYcm+Sitzez/As
+ U+5zgjVwIIIrbx6Sd2rOG3ffZiweFPO1oWh6QotGyIwaN7ub4bLbjZ4IPEOBFstF
+ 5knYUvI3i/eIV0VYv6+9mzNHmNrICzVHJrdu7k4t/l89APb2RJQYXbyyPXJYXGEJ
+ nFtEbPpGaZFdgkbx/51vLRQPr6NATjO0XucfpUlPBmITzm23UNWQZmnwiPQurCbS
+ XAECbK3k3oFFF+IFrday4yH+bsEBJmb1fZqgNXUfKYi54/e9vvS+h9ZiYeUat6e2
+ eunbb8DpLWvoTXbCIdjd1X6ewiRk8HVCW1//hKqZm+q9pq+1qtp6GXrccigY
+ =keIA
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ/+ILCiAWOp+/M8fEmyj1HMIU7eEh9zZJxlVAJtNCs8vBqq
+ N5nyV2oHGf7s5N1NcGyYYaPEj9A+fTBGsQGNH9vuxdsAv1TzOjCfuJoTaJbS5mGr
+ w0JwUEi8pFMNrf/IPbFlDTpyOKVFjNJM22hkAU27S2UuL7O29nXkULBRNMChdIJn
+ 8+9LSPdbrV/ZzNisRvf9UBHN9TCkrUgTxPC/H0IKMFfniAr+O+Tz8jHPIMHYcQTi
+ 8GcYJBXz9q+oKEGGEoAp6mLGR+qS39aQk9nWMekEAFvxdKrNqNplXRnO7b6UrYNo
+ ZJuNL8rnb39/tZbTay2+rLWTFrjtaMye0MrMSWF3iYLMMsOiN+AO2e9ij3tRRdrr
+ S7bO9Z4UUI1et9qlZ7zAPCIMCjzGeY6lCXaQzdV3MRKLW7gUDD0ZAMwHzugQ2NYM
+ VWEGkn+i9FmQJnF9fMQ+rmbKfprgjEw4ihxux7Sk46pu9THBvz1Tk/oXIVNBaMMV
+ j8HNbXJSvq8qtBBBpEIvyhkIINYsSxNuQl186CxAkxLKLqXmtmdemYRRCrrhi7C0
+ IP2G//QQgmMG+G0TS9xtpbP4v4sb2sl+90ivMaEOFrkBl7EZ14dHt/xVRchbx6fu
+ 1S1aNo90fFVBd07WJTbRBlWqLPm/tDXgXwaXCzUzxXsushArhV67wgThhkZKHbDS
+ XAEyJxt0Fi8J29aLfcozFGYyoCouFlWCpO98AX7PL4RRogiClWBsKlZs00t4NsLp
+ 17Z9+oUR2tMC0GDJJo2KpUShrmhgcVRatxZr+SbtpiTYVLlDludGY2f+tfco
+ =6cs2
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAt0jnb3zKN+/BVpWpm3R9XJuyGmu5fMPFfLGrjex3VT0w
+ JVs7elFZRTtTI3dRiIgTMnP0FIYu8Kwhr0OjjmnBScfWmu9Tc+wwEbCra9U62Xmf
+ 0lwB138WLDEtAjBIkqHgoEnGafwEqIAxFotbOfTffcSQU8xr11qSuDkPDEhY0zws
+ XXpGyCTDGFWOH4l/+OZIp4TFAjyMWwfV22/cnEyz7JOlF0syYSnxYmj3Cn45qQ==
+ =MFpS
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+MdxFZ8vm8EqCdNHGUSSQLAzZqvZNPR7PWErLimJwYQKo
+ JeYngZWNEJShYQSyFeVsunnOH57ZCWHIsvW1CRsueO8tVj0StR9RPm4uzPRjW63j
+ SYjbd8sCB1jwdOH+bfFP9gbQXB41PxYqFmM7rpnQKUkV+ExToGO+VVGHz4jf3Wio
+ XYskX0bsSp9L+2rGCJMOS2N/7NmiFliIN55pK8s5DTkvLVezo1z0kdpeey6zrmHH
+ WCQb5CdBlZyRF8xwidEpZyoeJcbvx3OmwkeM78hY12eLoNUUqUoKnB153EHX9A/N
+ OCT1vvrbHpUnwhb5qW5JcAJyuV3Vhwo3/cmmInX7smnCfKwwbZdwavuP8cIkv20R
+ Z0Z0oUp81Oho+C7cp0KKe4iU4dkCfLFsfM93nXvvKFheiPCVCfWl3aT2BvAmqm++
+ UpiUeIjCjsyuFwhZRE8st21/GtYfiFF/RMU30UlrtVTn5T31+16Zalbwbsy+syCv
+ 62ZkVCMRc6mGlcUZ+jj3F8v4afy2CKd9KGRWgOa6SzMNTRL4mA//UvpOIJG+FbBU
+ QycKvXGFsz28HvIDfDgwPr0ZjowAmmSdNUTqPEZ22PS2r/qHOOsDwkJv4CGuyKuX
+ Y7YFAEnnzu6Kak9IcHnVAz/KS6w0FMFWENz6irFNNfcnp0JvYty8AXkLdG1FbdXS
+ XAGz3xQ2kKzb5VTsbakd+MTFccn+B+/FOCnEhkZPL6l1K5AmU12kwIRVKYjwNbGW
+ Z5K2y1XI5YpaHtWQXk+z56/olkEluKNB9yqEVNCGIZ4X5DzZgf2K/JsEpo+q
+ =AiTT
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoARAAsw9RZx4oRDPdBZtoLBpTyUbyT8iILC/z79D7742MvYwg
+ X8sqgt0GKVocenn0qcJRa6z4PHRGK0Y9pepmkUthUnzz9NyfLL7hTCzummcTGwsN
+ eJKuAX6jkfoMTB1yr4B4Ex164oabT6STelTr0fBASBZtn5+GHxa2euQnAhg7JO5l
+ gexBd1mDABCZiwyCtVH7Fex1c2qFu7nK3bn+eiRvgjBEJdLIA1QKEZIIdcrOL5Eo
+ JUlvT6g52XvwvHBVjTxPVow83Ewy+Bgg4BY/kJsDZrA/h/hwE+U+kkYwuOzGsKIx
+ k9V13hcQjluJZMznaljrVC5K02AUcb4V61zisn8ve/2hV+3PURCODbBnT/fp4Lfa
+ 7d+uXe4pVLIVrY+0oJznvD3Bvog+o+lIdBvB0MEN4XFQ+IOTBUPNAzUpgzseHN9J
+ vMrJG/xEQY2P2Yk6oIlAuv+PNYCN29b4WzKMAKtSsxcQGKpFuQjXF0j6BQJ9rWeC
+ 5iZu5UKUOW92LZJPl7HpS5zSMjimjdd5fMfTp5urI1+rksZ7vRbMT3t+61y5lfNT
+ jxR4M2KCC2W69Et/Kr4MUjPMYKLQEDPxSQD0+eSf+iy/3mnGXzw4fqoN6S2cEsAJ
+ i1phH7WtQAgWlGYsPTQiYb9jlxOlN8FOZyruuwQ/9iWlJPVBuM8nmZfXH5+LvM7S
+ XAGt5mqDbySHlqqFKDGbEasXYZufjE+3+R1VSnt/L9ADrwt6YTK4dC6t4qxPj5Bt
+ GM45JUrRfpWgj/c6HlI+CooRxkkWOfrkKQl60hBCn6LB9u5PoIsRukzXyp0P
+ =gL5h
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//cbkZwvDFw6IICbo+Yj2UQlakEbLrs5Uy0/4yC7Cwf/v1
+ Xai2ETjCIQNtn6iPSIeBN/u/JaRA4KYyA3qxLrNJdamWOy0J0UuUE4Tia1tvy1fo
+ VkwH3Hoku0BaLFaU3z3eLXl9rCv02cZHee/8yNSxIoIyH3EpBMpuyelBnpptEW2c
+ gX93deWNB28KCNxPRT+b/0VMpnHq/LvxOGKmqqYw2ZSp2a640KaxPo6XFlELnrEU
+ 7+1vrf0d2jGqbv/WIDbK4M1sKV4d07fdCreEfhxgRveWV+PutAM6PZTQ4jXB3Oa1
+ kaA7BeDAkr6ZBIzykW/Jqh6xxh+Xa/t8C14i0z81F2V0eoBpbhBla+Y8Rt5sqmcB
+ g4lHLZaVqqxiK60f4cI2xuNeZPNJImnTYIIsPBBIa0dv1eCQi/wUiZERHOn5F7/m
+ YPHeWRbBqGPUYLALgsDU4IxLgF42ouYuGMgCLMhlnHL3P7cOhw+D30tlQW53jLs+
+ Y5UsU6lv+Gs34O5R7WXpOeL6PADAs9j8kbTEv4UXpZ2gGYMBCMThcJ0PgR9ypkCk
+ hebdpjRJssBTCcjzwncRXEzsd+jvXZrd1WqJgFALhEAIJjM5B6mmsky+3g5wPHSo
+ KJ24yCP2OoS8UEce1RpoKHBqHvQRZKfHzZbWVUkOXoiJl3a/MRGoZzVKKvpzzsjS
+ XAEgUl6lunwbTZyT0zHRjC5Vse0qc6ENIgSp5PEv/Aw14HOEjXYU+sTLUS85UDBe
+ z4hqrRuYqjrKDVhoFsPUP7Wq5SIF/iTtrgOkbrl3hAAyLO9MZWE0hi2fFFS7
+ =nBBD
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ/8C4yuL9dSIZ+5xd+tFFdIzYNrj8cDGpchHEFQPyOmWqEr
+ DHCIh0zidqBfFBhYA6aRLXdt8/qILMd+sd/YVDx0Xp+t7vr5NixXGU5L07u32DRK
+ sk/RD6ftYALp7UNLEVUrQV53zER1hvw/FZerKQaxW4Mf/5s1Ic5OllmTtJgXN+S2
+ wFXkKHztpIk325pcyAuWw4L45aLOQsDCXGxtmujPSjuYDN9Cmk6Fzy57J5GL0yUw
+ uXtKdo0/gRvc5mkOLOSknED0F/wDjHgLp+0X6ul60Z1y0L1zGQOP4TRpokTH9zF/
+ XfL6U/fWG6tleneE6usqEhhh9x/mEv0jl+6yqeDaT+h2idXAyQj1ZGtSEZTnCQQr
+ zO8Ww5JwBprhYTMkgEMqUkBzjHt2HvKUC5BHDCZRo4tV6MIwUHNmWpj8OWZIATsA
+ qkjaG5dLKIR/y8kiAlFXdaLjZYLwQbvV9o/fV/OjJ1Immr64DWdA4vPxJusFx0+H
+ 6GWQOqEW1QU2ua2iGjPuU96TxMpk4L5rUrSlPb7HFbMtSXJ98SUgELpX6cK5X1n9
+ m7vORvs+2jH6BT9M7nzwDGqLKV0n8FGG5wssmpZkYWG5mHX3Xffl9rZ1KWiThNtb
+ q5UzZgj1lrZXY4tuDh3tSHY6OtOEsvYAM/Co2cMOYltldBvBUjCIcfp5jMgkuivS
+ XAGOdaWlLSI8WS0wo20hFMrQ6s6nl5lF7dDA5r15KDyCj7tRDoql34wtGHlcxHVp
+ fbnvT+vnS8oYSna8pnwUKtBPgJjIQALi1g8u9iOcJcS/k3IjwtYbvTuZDqi8
+ =hy1K
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdARTwXkzDANboNyz6TgFouJT5Cn6wkJL8KzrMIdznBoSgw
+ NuMU4tStbuCfiPYtWDIPCkIb1fN6QsbsFobdoiX3mmjAfZ8zemabizr79CxY9UJM
+ 0lwBzJvszQdnz637vwhTPbKTNdn4rUYvthofHkyKhtPeM8+Lh1+a1kl7xCgjQ3QV
+ 3vwR3HYI5aSpkVji1CME/OeN6yydrwRSmD4v0mpRVLz8Q4+jckn65YzfxqLrPg==
+ =2PZw
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAVvviZBDa021FiiyOf75HsZOjZeNACkwc4x+G7IqfUzsw
+ hpC9jPCWXGLxdJ3ME8kXRnnVuK+mO6fP7j+mt+Qq/gnsOwE/tG9xAfgbeN8HtUF1
+ 0lYBLhlYSYhrE1XLqxaOY417iX48SQlkn05otmLeDMnz8FVkrKTHPw5A8+NbJH+S
+ /pUzq/YqYkz482UtIvT2NWxjjCFAq6CIoM3GG0QrWUjMXluTcI9+Fw==
+ =AIdl
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:15Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+ARAAurFFVEyyagsTeCAIJojju6tGOGo9YP/dnNGm2aCdl8+E
+ AXlvrKFC2syOn+rHTCeseRxWRI0EdBYfGLH2BKKScBOlMK6VtgPV5h8ixqfRozRS
+ HtlLinWxbhwz2+RcwXQ0i53BLWzv0royywkTIXEyhq0AqwF1LQU44CKzWRSCqpeZ
+ 2alZWpzTJyqZoT+cus5PlZrvF+GnUbU9JOdZZKjIHKJ9X/Ol9N4H8euDViomKOw6
+ UZVqDd1pejzgLwkokVgp+IBw0JwEPAd8Nz+6jFtE3wU+mblm1A1Cb8R0Iwd0DAUE
+ L3GsJ9ZnNGvxxYMcC/bsBTfjL3Ywt6htCWBC13iX4w2+bwXtJ1/7s5nejTsASVfe
+ LXJ/viuD9jixjCI9WNbpby/F8MUNv0k9tLTh56CzWJOxRqL+lIgrzXQmMUCkiWLR
+ u76u4EUMvnbM2hZaNwAYQKTKNC1kOJIcphg4lV4oO6hJdZ+q0Mx69F/qBxYhMvfK
+ M4R52beywk+bASQgbtSwysKJkwTXfP6bcJuOhkBwIiTfkx8qa3PmzhwQxwaufb0L
+ xeE+zqaKKufz3h7FiHutIVfWXh9Q6SgoTh2XZix9QAnaQYw5aZWXh/eEIniKoeHP
+ 97VPR7OUgVw10HpYVkuZlk5Ry/6oLqLPEp2ocIm5wJGP946mZkOd327/kXse0gXS
+ XAEJO1jxqfgkPVPrrFRZ1xbR8CrW/BapF3ExOWmrNgZ733LGvyo272vK02HKN4iQ
+ zIUMCpzE4vwRwHVcsd+8h6O2HIuVTbN6FdjVQuFA9dC4Jj7LfO7NILpP6TCh
+ =TJSr
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml
index cae283d..93ea984 100644
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@@ -10,10 +10,6 @@ all:
ansible_host: cloud-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
- eh22-netbox:
- ansible_host: eh22-netbox-intern.hamburg.ccc.de
- ansible_user: chaos
- ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
eh22-wiki:
ansible_host: eh22-wiki-intern.hamburg.ccc.de
ansible_user: chaos
@@ -63,6 +59,10 @@ all:
ansible_host: zammad-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
+ ntfy:
+ ansible_host: ntfy-intern.hamburg.ccc.de
+ ansible_user: chaos
+ ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
hypervisors:
hosts:
chaosknoten:
@@ -70,7 +70,6 @@ base_config_hosts:
hosts:
ccchoir:
cloud:
- eh22-netbox:
eh22-wiki:
grafana:
keycloak:
@@ -84,6 +83,7 @@ base_config_hosts:
tickets:
wiki:
zammad:
+ ntfy:
docker_compose_hosts:
hosts:
ccchoir:
@@ -95,13 +95,13 @@ docker_compose_hosts:
pad:
pretalx:
zammad:
+ ntfy:
nextcloud_hosts:
hosts:
cloud:
nginx_hosts:
hosts:
ccchoir:
- eh22-netbox:
eh22-wiki:
grafana:
tickets:
@@ -115,13 +115,13 @@ nginx_hosts:
public-reverse-proxy:
wiki:
zammad:
+ ntfy:
public_reverse_proxy_hosts:
hosts:
public-reverse-proxy:
certbot_hosts:
hosts:
ccchoir:
- eh22-netbox:
eh22-wiki:
grafana:
tickets:
@@ -134,10 +134,10 @@ certbot_hosts:
pretalx:
wiki:
zammad:
+ ntfy:
prometheus_node_exporter_hosts:
hosts:
ccchoir:
- eh22-netbox:
eh22-wiki:
tickets:
keycloak:
@@ -150,7 +150,6 @@ prometheus_node_exporter_hosts:
infrastructure_authorized_keys_hosts:
hosts:
ccchoir:
- eh22-netbox:
eh22-wiki:
grafana:
tickets:
@@ -163,11 +162,21 @@ infrastructure_authorized_keys_hosts:
public-reverse-proxy:
wiki:
zammad:
+ ntfy:
wiki_hosts:
hosts:
eh22-wiki:
wiki:
netbox_hosts:
hosts:
- eh22-netbox:
netbox:
+proxmox_vm_template_hosts:
+ hosts:
+ chaosknoten:
+ansible_pull_hosts:
+ hosts:
+ netbox:
+alloy_hosts:
+ hosts:
+ grafana:
+ ntfy:
diff --git a/inventories/z9/host_vars/dooris.sops.yaml b/inventories/z9/host_vars/dooris.sops.yaml
new file mode 100644
index 0000000..b3e5c65
--- /dev/null
+++ b/inventories/z9/host_vars/dooris.sops.yaml
@@ -0,0 +1,221 @@
+secret__dooris_client_secret: ENC[AES256_GCM,data:v85gIBNH4s4j36crJ+Pb2lu2cdZpwz0xndHzBKZNGKg=,iv:Rlt6R7JMcHTAAVPiTtFaxqsWD8G5B9Ab3yqItYdFR+E=,tag:dlMHaxTMx3LgOzCsTLUdzw==,type:str]
+secret__dooris_ccujack_password: ENC[AES256_GCM,data:bHeftSA7eC1cSydBRumksRgw2v0=,iv:X/pfsvQPZREifGjHDGx8mVk2TDrlrRVb6MiAr01wI9o=,tag:ti//x7eDbheMG6Hsn2KBlg==,type:str]
+sops:
+ lastmodified: "2025-05-29T13:28:08Z"
+ mac: ENC[AES256_GCM,data:SkqMlgJBdM+CMLE/um7m8V0ni04Xi3S9GovNsADrws6VbSWTX+50oc6HtWl+Kj2XugLfp2XpVnlzggCiq3fePsdt1af2+ZfSCue1d+dexjo5Q/gvE/olKlmn6aj5qiosUsLgu7v2bCOIb9m9WiEhlQLKx1wGiqVNQDabiLOJV6E=,iv:NUUOcXtbg+xMHqthipKpRAWLTXda8rup4aCbbP8sVEg=,tag:wyh+hrZreOyT7uQQrghb7w==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtARAAjD1i0lkwUFRgQuo0STOsM9N23W5LdKCuZJliGfVi/Sfo
+ etQhafe+GsYLMmZy3zTC7JU6KIYB+wTPAn4abAMqrxUFFZ80ij/hcmdj1p/yrgO1
+ XNZOd0PEX08RBd25GbIGLGYjvioutm3YDYdYlrR0pMhBvJl7apPLUHIFrmjlk+18
+ W/ObOqDvUEXIrm9E3GSaMYrk9b4gI8wtA78Z7JOLRFelKxnnhBPkK+46RLGEo6lo
+ 4QfN6mA3zp3oVg/dtznQrVtc7mbMvays6M32zRV+TQ/OB8ORqmsEB9lWTpjGgjzL
+ nWWt6bQVLIEUdp8RKI4kwqOE9ZxTnNAO00cQ4ZmsccsVXuLGQmNeoBynjJrayWXT
+ zQYpXh7mT2ovCh8TzPsnE3kPtQE7ISgtJxRaaX7KqW9iGq031Z6GW/j/zr1YPD/f
+ Wve1Z2bkSzHMY2EjbWBMDcIN9JpqOrjRVa4ZJtp4+pcBU/uO0yXaWZLRL+EJIDgk
+ 68CFGRYAmvEAfca7chv55gGiJWXPONRkDqix0y7Fk5pkfrll2xxkKPoDEU5pb73S
+ qdHQTDRmrrX4C+c7rSi2Cpv7kk0/azO5bxakREv+vFsiHKkz5cBwz7blBss3jsAX
+ 6lP+THKJSYDmgK0mU9CUaX6uvU766XS9lBZxp09ZY4lYeexS32ItXzfUTLsx6/bS
+ XAE829ofDeJ8nGFxCPTbk6mgIJ5tIAAPVBNNzV4Yyb5Q6EKAETEWmnZi7LgkACKL
+ pSAiQA+Khgy5DXGMnftFSA21KOsZKARhopFoajdnlSlUt3MZlEe0SjTIY4QD
+ =2QJ5
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2AQ//aMkP/gaXVNmbRWECzQUxsyVOfE3frnm6jxErV/re/uyv
+ YWfMZVB0pWrOv/Nj2niQ7JQ663uf2w3d+YdyIAvfazAW7ZA7eQ5dfMj9tOPimofa
+ 2ciVCdsqDuKxkmR6Ns7MzKk6exdnzt5IEnIJrtekZJ6Q56zkYFhxGjvPKaNRa1N9
+ nvVVgp6ovqAA2JZFyT2ay0AxqTWlZF6BsO+uEqub8NSRmuJCmbKvQgfbmI0acqAE
+ DanFRY5k2ACxed30OSBslvFUmcMGigB0Wv0SvXtqCUmEU061ZcknZgECujoYysYn
+ Z1txLQEWSFjm6rOCxdKwqRf9DOjB5aM85NOs87jQy1+nZj31+dezEJ+701ROVOCN
+ hQCQVGqzJYEOwYRDMjtf2fZjc+d/smWv0FijJleWHBB3CEvMZBSHCZaC2n3/jtFK
+ mRwi5yZDizxGqq3kvDiU/9l/jMUPL7u716o7Gj6Y6AN7QgYjQjmUiXG8DvqMiNQX
+ eFX2PLjvmDprao8unnJ+Gj3NgwQgXkFJm/jmTjVwX41V1W8n+ayTy3MdaXaa/bYJ
+ uXXVWDKijRpl1ewqu6A6K9ARbPGmKmUuNIQzhgwav1c3VvQHuO91OoFz5rX/m9cM
+ iY36OTPiRsNnrNuoqa6aXSDoMZoOd+KCkIo9Z9HV0NiKVH4oerBE9qXxvdCB3nLS
+ XAGnBTYLEVjMXiWtZxRFXpYD5FUUNjsGWsN2nO/eqPv1FVAjECfiacFWUxu3kXxW
+ ZCr/WP+vDbexsPPxKNwV4oBO4t4r5miov6mfWnil4mWmvrOvANi29ptQMRKw
+ =3Lex
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ//WXDYfzt+mSWfgpKU7MSoU9B+VuO6C4g6FNuAXVFUcblZ
+ 7JOlw0Sikvo7cPm/a2keRTGsimFvf0/BFelGdSmJBizdKE66eAc/KvXfV2RCGLVl
+ GyBJkSeAOtQvfscyJaDjCxS57E3PtyaRGaWERUJ8mdvs46gfrdrMLjnF+fHSfOOb
+ BddoGlHwGgqRmPu6jLbv+U19+SuNhI7W0Burl2JQ/vQYxvoc2H0e/r0wGOAX07sH
+ vqnsYwHMAGgaeyKV+Hz29FAqzcT/svc3P6DR3BjDgDHB6fd0jTSVUvwvzZ4MPC3z
+ lg4DZjr6V13JFvUZpQ9xi9I38DgEOpqG8jdK7XZ1U7xMfKBW+ZLH8YgB8SvJLHK9
+ H7MOLcRpdeXtWgw/S8HQXUaaOUuV/Lxid+W1Q3WDofqwJYCrEY3JdLFBVvgETxvS
+ 2wckmlBdEEUiCzt4sX1XfanwJwQuPw6NDYYxYsLe2LoFYaiM27wzgjIn6av4m4nT
+ SRD3RIdcLpOJDlh713ZubfvoPn4PFKWQH4rRnIbnwI143GjvxInuwBSoRS3yPfv/
+ GwmW1Qp3voVRgN0lwdoA/ruydYBy0MOcSDDCVm6d2ejE+QdnDLakqKcyK7NB/GNO
+ Dvg73oNCSFmM7hj3M99X25GeJlte0pEK+/ZuYO0vRa7JCPAWzYluzg1eRpcCVqTS
+ XAE0c/M1Orkjx2u9YGbEYNEmMAO4g0xgRVJmJPoYex1ZrAasgiXw/KHpPzfen9Wk
+ QSsH1K6Xudf5U/4Etjqnctjh9ZgPEMmFe0iPbD1FEz9Lzy1vo49ai6+U/rnA
+ =MyFz
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//X8MbQzTrRC2iBk8ioKdLRerWtPXEDZnS0t33MnMb8NSe
+ jEUb+nlixr0BFK9U6lpF6xpLwAKP2WAzwQjAF0LZp6v5Tn0KJws6MuU73eOlfiXJ
+ 00lDe80/UpGptmgJzXoCxIPpWA8jn411ZYaHYzKjDI5DWxacwLWJ81LoQ554t6Os
+ y++haXs7zHKyuVlFOSEJtuDQ7I1BI8kJ3h8Pk0PJZ0pDy5+CgbGJ57OBdOGL+JiM
+ x+3qitjVdDgtBql969IjZsrU5wlbNoBySvj/pfJTjCw9xifK+L8X6KOJObUa0Ny7
+ 2ykINNFIorbgrdW0PGwieUOaxh6/Kp74pS0swBrV+XcsgwLCuHRiW/3SlFpJkbSq
+ mnJgO71rSL1fWO4woGCjJOgkJ07xIlK0GrX9fzngBRUQzrFu3cO0EAtuq0d0WKwI
+ SIiwV52YQixiLyKOSOMRmfuwFziuhULGC5wgtc1Q3C7tGNmmFsahGIpKfR1lxxb5
+ zsNXkc54EZ+Oj/w6bJn04FoiQh3lr5Osvh8CfFUdXcNogMesY9Q1b5oQ758BQAUd
+ RKIwL3Drs+dlZaXJo18NMYuG1WQl3ZHXfXjVDqiJMPPVPqkizQC2QJGGYXuRJj1r
+ DMXbew50XUNTKcOYjrxaZzWTmzN9AiJt5utL7YHcg0Loaq9tUiSJxNSYT5hi/nPS
+ XAFA3pn89D+Io5Lqznif1FzL9Bp3/3cWfTFtJl+WPE74InDusLNMp7q7ZnQdvRb+
+ GLPgrEUR58KeCG7c4j0lI0zMpcCySykWqn+lqzihx7tOzb/A/fbxV+qlYo17
+ =/na3
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdAu5t9lSFJ9cRNRTTXH4ix+9jZ51eg4iqw355QQ/IlVwgw
+ N757g11ymjjHHflK/W/X10BUWHjoAmFYyMCkJaTKL5k6Nn60sNF/3hMd9lRmh34g
+ 0lwBl1flz80tjLXkCK2xie5fc76tcLIb+tXj7/hvM1WM3oPHAOS1/nZY9stLw98g
+ yHFwV+g84tL2kxYcFcdF0uck2/akvHYarGVmW+ql9yY4elTEHYl3UrZOG+YlMw==
+ =QxJA
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/+IWGcOQ49WwlWlHwkQNmJn2mJItPtyEN7WnifbjDPOKZe
+ fQuh2Qr5UfJth3WRymL734QveVdNLhR6exyi8pC6g94S++KrZa08AlDMvZUQriKu
+ t4nDlce7wJxlvkAjbOV1rYj1o3ea6iHSNOUcvaA4gHOAG2EdLP7VKnofacoKWYkE
+ Q8dic+NHVHJlNKkx+TRYX5GyKhEcJouqmj3s3jX4MOzOKqvSb2vgwT9zZsASAtqL
+ 2P6Jz4tuX7YJS7xEoKCpA/R6y3UAtpEe/qokbGa18jDDwiiojDUWGr4SIp6T+zAn
+ yCC90P1+9hZLVtCCJVka9MLn9AvGufxqt/d9lJi9u3GdAdgwGA5madXKqmppquI+
+ xCbuWUY9EFWAK+F6R9+za722juYCgPCrke37bNF02NfD+fonW++uQmRJiDCmJ/ab
+ FEPsb6CMvlIk1h94skTNwJuLm63s6nGSrVChTmz21gn98OELxcDDav/Am4okBlpM
+ dUd4nAZbla3xUu8mDWhYVufnXeUaVy0mPh1oN6LqxMAIFgrFrdzNFQiLzXGzjeO5
+ hkZnF4OLzNSTx6OIaSaTG9eFNEldkanWK5uaD79iiJ6HpDBOxIKK76d/IlkSWEo5
+ IMzYgT3J6LvuCBIp7jqq3xluarYm3jVL74iJeKd7YrmEJmH44whZzFqLFwXPRhzS
+ XAH8HQ4Z5Y7UO5V4XYV6LzI8nJzNLMpTH0RrdnDBRHHSjbtWo4coTQA+XkGqaKLC
+ Tx1NxeES5PfD+8C//8bkyDkddr17H7augKZpl6+qFZEcsnVoM2v1AyuEEa/H
+ =OJbr
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//b/ndAkI2OlGJBnsvz/U61ApEwEgqqyEmhF5GBk1T9K58
+ RIfeQgJgTOOO1HazOqovOh8++tfnNR4BtthKPXaMRPKXjZIcm0uGjDXkubWJta3P
+ EPJgJfNKz8KpaFe89dkzb/1TIyk2Nnui8rbEOIgomM0TOcf94N9tfNZru3kXHPuT
+ cglZtEwsXww/BE9QXDksZWRSDasvydDuQpQn4DCZNatUUYYOFQ9hkHUvZd0v7gL1
+ tyrF6XRJi69MHRx2GcNBBCuOCNO6RgWP0LHjD4JYKJdSyy8a9qTPmCT3Ofe9TQrA
+ FbYYOTTXLDTWmad6GnyAy7ZKUvgosoFSw7jmB5xMwzyjVIuyNnAxLvjnppvaR9Xh
+ hfgFVWc1QAWO3cLvUKmx2IMTxQP2mX+zWk5MRQqTjuTGARAe+AYKHtAyxszZEr76
+ 7uXRB0Eo7WS9uth/62iAtJy0z68pXYzRI7pHiJJueZwhGi5rGdMeDGM9tXFOEdUP
+ 7d2y8Cbx0cOfRXy6VgzQBc6sZU3wevzNNLK4M73A1urIrx2eBZC9v9itGyz9o5g7
+ d2Bs4t27KjFo31dXIM9YhJr04i3DvPq08ImY3MsNJiGFKtpt2wCkzlPLJXmyewL9
+ ybmdUieW94PL2rAfkaMbWMjaja+H7p/ItIe/Hz7WEz3R4NJL2+aaaWRKqUPuo8HS
+ XAFRkJPM17ALht9P5M2qBsdeB9Y6zsJuQySooAtubTmO0SBae2CLfLi7r9G4vh8B
+ uyaPRJU4VvXftkURyRHXK33Frj+ZJQCyVr16WXF0/klKmb5jED8TC5XwrejZ
+ =zjZ5
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//UDZyyywJC2vZuaAqLv8wvF/7lyzKoqPsXp9OhphMwCag
+ LZyQ66GkaSx1jsWWAGQjwVOeikr23SO5Sc8tqVtkKDXq26b+S0nPHf+xxnSIqOms
+ l0kTla8c7PgJadf4YgKbjZwA4PDb4d0yVM5tnpceGZyzHXtOHdojRHBKgm/ed+p1
+ bXjx1SeBZJH0F4pp7Pu5BTZrVp/RmlOCCs5SmzpBX151u1C310bIPrlMzyzKJOL2
+ SwiP+/DpwxRn1SRyZXQQ7bRzpS/Ax9g/S/+tKP8vIrYJ/07o8xensY5gjrW9Q0Qa
+ RAQLHacCFeklkqFg32NoOSXjknvITKHSKu83EPq6IWgj7SV6KKxPXAiWmWIPnL5W
+ TNh40cn2fMPrcs5667h/xTsa0PNOzHEtXf0Vx992JU5bTsOugmdc7e3bYzEiUbdZ
+ nKQZW5AUV9T1qZdXBqnB1AXwijNnFkhtJrU5e1GZApzgN9GBuJIdWUbna6SSbEiI
+ /x46YTHOfMSsxu5f8NGi8au9ww/8tonFbR+CSeYZmnG5loqf7Enyj8iGhLiEfG+0
+ mQPkxAB3mZEfjVr+TCXUz/x2Z99eO6xv1vJ0HxrQdEHd8MaErgBXsobOPi9cQcb/
+ QqfzxRB0xSPlSfcaIDi0iPXzJuNhBmpM4bUqM7RRA7CanfP2xwCNnAc9OYsw1bXS
+ XAEhWXrz6gMPCMDeqzae3ZWXBvH2aM2jSEcLy6MXz7d+0lgOCCbzBFUIJ6468AR4
+ QtDFpOl5r4sC8Lpej1mkZhQk3ngZ0fH+ELs8gliRgBeUz4I5J9prZ0H1YT5S
+ =hIWB
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//b86yL2Kay7YkWuzeGb6g4uUl89S4H1TJOzCthu7EJIUD
+ bQG/f58a5J2k1PLq88VTrIo0Ulz0BIGmblguqTAPnr0XzvAbWHpio9tnlB/LRFAk
+ hj2OKqY57/FOyFXtBTKS9bhI8hqWr3Qn/FSQQV8dbLSrkAZ28htex6egjknVVLg6
+ Rf9f8DGENEOV5Bz219NFpKs0D5dxqsXysIiHw7f6vgz4r1bLJO/RKxaNz1kGCw0w
+ 93aVHL8BJuFSTo4GdaJAWhIWuZtRbiZtrDFrSD38GHRz0KxlNjPXrSFo/wqWYey3
+ vq8hgPknEqAiQFJHSxhAKo+PHjPTOn5I97UmgJ0jpDopCWmF/mlUhI0CMMPRtzfy
+ 9mYTH9isVww7tZq6VClHt9MLtgPQbUtcUYNOTSsqpXuRw5AafH5x45SAaRmgMiZ5
+ d7NfhIi6k4kUEmqHgHBiH+MfLMsIu8GAlUJ/biLWEd7VQMgLD6ipLrijoChYvKsz
+ 1ej8G1cV3wmwT+JkCseqfiH/ju8T5axZOFzTKY1t8faSx8wr0K2GNKySR5Tq0wDM
+ 3e87vrNjs3oVH8RMBiPQzPUHJFSsNFdjjHpE49FkJUpy2Y6Jlft9kW4nHiZR6KFg
+ 9D1xK1Yd1kD1wck0Tou/bu6+iaOppRAMYzQkwmbFYCZW6byqwQWz6TZ3b7w5w/TS
+ XAExGv+29jQHHCR9uPx57ll6sLxFGFt701li7EX6P+ZBz4FYui/tYNOUqw/csGSc
+ 2BYq31FSg/zq9ejhMFgCbJMdD0D0WwlfGA3wgafk/igDYRDixuEZ1yYKqX18
+ =aiH3
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdAzHZXfaqUFHTaI+zp1Cy4dMgqNHVs/aNnojVL5beS4jkw
+ Qso98uOePpagNBVnpj6SfuQI5tZHzNETfxHl1k3qRXPS29J+ybEzBQgdbtC3xbnj
+ 0lwB+uL9zdyS3WTCCm+PJV4J2bhhd3UPgoVXuszUetlX5pqvpJSCHcfH3i50Q5ov
+ fa4/XYHhH09tfJ3nf+iB7xpJL+JlW2bBAN3v3zlD6+jiIhDxpmBmu33tHdXePQ==
+ =4m7a
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdA3M0VvuxztWirQFgVHzqzB2Og5DNTlqEjkN4bmZv313sw
+ CVDDFafeu4pwh07O1NcbVB6T+O2BkXc3PI2OWCMRWS6v4uMEkygVSZCmxiZ18XGy
+ 0lYBWY337KT1q+tb3PYDzNUTwYGulx98NBgYHyTzpDECiJ+WQXTnQO5yQ+iQ3rFC
+ 2AGHc++H5rq53D5tDi9cjqKZs0XHDhuu+D4BLB0DQKwIjAWXJIVJYg==
+ =pkPL
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:31Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ/7B92wxRSXHW2dAcmMp72Ll+4GSbjD0QFPincZ85+2D06m
+ P8vUWeCFfZ5soURASKun2RKa5GKXKSNsDlt75afM95ftsodmuyQ1SVmvbE+6SbAb
+ IwsqoKJRbBskWeEUm9zGEn7910v0qpzhaI9jwwCi6gT4OB1L6tj3NZKcVQYE801p
+ MVDf6bOoJ9DhyBFpzmNtASFRw4Je8PwcfrUZSfY5UZOfHTiBRop3l9mBJBpAw6sn
+ sfn+kx/TvRJ0JVqUQbtQzq6cAIJF3607tB2HkoFnwIswwqWQz2yuoTzMdhQpnUBi
+ 0lDHThAsu2YKyavbIH7N/sn+hqE2j+aOrQvMZQOiYFk/l4iMLm14It3UY4G48Imv
+ GohLw+gss5G/stDzeJjiQ+gDKAC9ugDGS+uisyqy7CZtoow/GuBk66GL4TGOpq1W
+ 26sH/yLBy8PBuRj8zrfgvcSYJwzvRprIcwdNmkmh+k2zf8XGMLcu1nUbb7WKZCmx
+ n/krDnKbeMyDBRxSHHO27gLmYQnk1T1W2vJc/EVdbEBpmodWlGVuzTKaWfcA0RAL
+ ldvrKLamWB0sZO/j4i7pOpeUUh6JOgXgOIiyXlMeuNjmh4QkqCWgiKvm+dk7hzoH
+ dIfQhZRQCL2CUaSxqEEQIG7vsVqkpX/4Fbi3McX1uU2LU93/LpjaMpv/Ou4HFaLS
+ XAFSkYN08zWc0548MnCXVoeYrX0szPPUmiaRIM6cDL7vI/vVR0uiVCZEY7QiyqlI
+ Wn2nOk3T44tA057BmjCkxXlnIiuLilzU0dKT+jIwikAZuNM5jF6qpEmyYEhq
+ =JQVx
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/inventories/z9/host_vars/dooris.yaml b/inventories/z9/host_vars/dooris.yaml
new file mode 100644
index 0000000..5813e3a
--- /dev/null
+++ b/inventories/z9/host_vars/dooris.yaml
@@ -0,0 +1,15 @@
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/dooris/docker_compose/compose.yaml.j2') }}"
+docker_compose__configuration_files: [ ]
+
+certbot__version_spec: ""
+certbot__acme_account_email_address: le-admin@hamburg.ccc.de
+certbot__certificate_domains:
+ - "dooris.ccchh.net"
+certbot__new_cert_commands:
+ - "systemctl reload nginx.service"
+certbot__http_01_port: 80
+
+nginx__version_spec: ""
+nginx__configurations:
+ - name: dooris.ccchh.net
+ content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/dooris.ccchh.net.conf') }}"
diff --git a/inventories/z9/host_vars/yate.sops.yaml b/inventories/z9/host_vars/yate.sops.yaml
new file mode 100644
index 0000000..f5c8f32
--- /dev/null
+++ b/inventories/z9/host_vars/yate.sops.yaml
@@ -0,0 +1,230 @@
+#ENC[AES256_GCM,data:Oc2DdKVMymwkIHbS84TeTQY=,iv:UMhNafqQrHaF5iqFSev6D1uqHPFpKQTkOpYV6JncjsU=,tag:mAmBMyGdzER3hkSkV2Fjtw==,type:comment]
+secret__yate__sip_trunk_epvpn: ENC[AES256_GCM,data:BkdNaCooUjsDlCXJ,iv:saO4IGsz1HAinvW5ZGAMA4WEtBbo+UNdfBkr0g29uag=,tag:t8RM0GNYhl1w/RMNO8wKbQ==,type:str]
+secret__yate__sip_trunk_fonial: ENC[AES256_GCM,data:N18C3XZHIi1/IA==,iv:vs9dCYNRp+1ptxRajdUO5ODTOmNREJslF99xnFL92XM=,tag:IUmnlPeRI1WTRYELzZRk/w==,type:str]
+secret__yate__sip_trunk_fux: ENC[AES256_GCM,data:zcVxNjyS3BE2dw==,iv:Prmy8nP1yeFrVI5mQaPJPKHGFCzuZp84f6fH04I9zJM=,tag:X15wqvaaifMU2/kcqLqUZQ==,type:str]
+secret__yate__sip_extension_ewerkstatt: ENC[AES256_GCM,data:qbatVvfXZiUcpVnOJUpzYw==,iv:E/fCmKGrwYvQP1gGvwT0UrL0DZ/PcMwKG+NteiukB5M=,tag:PFmU0DX56+IbSQqMtY5NSQ==,type:str]
+secret__yate__sip_extension_fritzbox_analog1: ENC[AES256_GCM,data:+ayQ6P4P34D5hTNOFv3HVA==,iv:UD71G07Z633mDmvnJVei9SKgHyM+JFXJdtOhyBhvKGY=,tag:0ISsYGQCIMMgToLWA09JwQ==,type:str]
+secret__yate__sip_extension_fritzbox_analog2: ENC[AES256_GCM,data:DbFmTcZ8wW2fqstm09yUWw==,iv:jKUqtSXaGF/QpIwPJ6hKQWZvv9xtZeIQBiPHt2xm+3I=,tag:MkWzODFnWZc8o+pVLR3KJw==,type:str]
+secret__yate__sip_extension_fritzbox_dect1: ENC[AES256_GCM,data:87MFTNA0DXmfhesT/M++ug==,iv:qDM8HWZhG9FADLFNPRJXkadN2jXD6/CfroDShNPzA+o=,tag:Ylf56nCczEdDaOGko5GrBw==,type:str]
+secret__yate__sip_extension_fritzbox_dect2: ENC[AES256_GCM,data:KOUKexyzJqZPj1HKJxFl4Q==,iv:OCChQmSF1s8C/VYuw9D3hHA1CAoCnwC4adyTpWO5Iac=,tag:VFFuYi5Nd49ChU1Ki/nHiA==,type:str]
+secret__yate__sip_extension_flausch: ENC[AES256_GCM,data:eIieA4A/ZmU8e7t20xwmCw==,iv:oDMgZIjQBDcwIVPK4/qIT1HyQKc+vImdr1iPZE1LEn4=,tag:RgS+enGC6DP6dwE8u30a6g==,type:str]
+secret__yate__sip_extension_legacy: ENC[AES256_GCM,data:gC43eKUOAYU9dgNV1JQ+nw==,iv:xN7aad2NPaihlMT4Ym2xanpKU4eX04V0FS4m6XRgZFo=,tag:Oq0yBCSf+CB8Xkx4D4TH5w==,type:str]
+sops:
+ lastmodified: "2025-08-02T07:43:00Z"
+ mac: ENC[AES256_GCM,data:Irv3y4/QbofyM5BvE4h/T6zNF3A6oTjDssMOcqmGxUOGpqL11Am1DMHBivkUgEYe4ir9N0kvPUmed1XOyDwImrl06E1mGAT6hOlfVSYKtZP0Pwvi4VVeeP6IAYN56zu8k4X8oIxv7AEfS3Fq94sJ52Fd3xDPPCG4aVtUXxxDuwQ=,iv:HdqbgUVR0lIysZnnPkOkW9gDp9G/EOrHDkwmQH6LVKQ=,tag:amVPLxjvx1Qtv+v27SGtGA==,type:str]
+ pgp:
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxK/JaB2/SdtAQ/9FteCUUAadrhDu5M0uwAT4aSpkhA9+2mHB315uhpNGV8b
+ frAvjvo/rtnmDYX3QleuyUu8dvsp8lryfde3SnQu38hqt+a/fio6mf1CDWlwuKDb
+ xlNeuPXAP+x7PHFOXj8h0RhbQoaeYDPwFAwPXLxfgDes7cX2JHKGue7tBvCjLPJS
+ 3XoSXnbktzu5dFFQM25zuqM+q1QHbn77KyjfTPVJpvLJRiWsJwZNCaYVw+gc0hwk
+ qqOGGaLN+T0PvmUiCLzY8+3QK37dtru5h+WcDk6/duiI2P8l47EC3k7oiat8hzc+
+ dfDDUhlbCK4OtE88ewA6UwT65m++CZlCzT+/VDus6gi200dMgJaT5fF6ebifitST
+ uqLbdc2qQvR/h6OL+j5CulR20aZd9pbIamCaJgoULBRozUu01CsPKYIpRBONqbmD
+ bIZkWCBv4KM6jxbW701+x4VosGNa1lVJ72k1++Xg6agEjJnx0rW005csh2jFac+E
+ dfiJBOjPTMi+LDUPFokPga4vf82tWa7iPLIzmhMLupAQ2NnapBfW1o2Awo3mmUgy
+ J6psOd0po2XSYjLgB5IuRyNNY3KfzZOXx/A9cB2S46Rp+4RrkyfQMWVy4CWZMNoO
+ 2911gSnRutgJP3LrE/flR1bXpNsdP1MIx1RMBzTpEqrMB011Ad0ZnmbN42tkVdXS
+ XAEEtt/OW5TAnBXnl1NASySaIeP8mosYIuWXVRK3382zn29AVM9+KPstSFL/yXtJ
+ Q02jmaCXt2iJbGG9z7LymLzNbE93h0A3i2VgOQ980mhuAWZFtU7w8EKNz9fF
+ =ODrF
+ -----END PGP MESSAGE-----
+ fp: EF643F59E008414882232C78FFA8331EEB7D6B70
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA6EyPtWBEI+2ARAAm2tb78/wI/RgRnuYNUbglF7zDKDUyhFc+36AbDKyB5w8
+ VFRp6bTShbV3oUvNZVV5v/7A/TUi4X6p1Nmqnl2vQLnFEs4h5xZwUajuLlsWX9AO
+ 6Hyr9D7pdBSBRfxypM1WOmzFRiDnFItxYFu5ljoc5OdkyZ7oq4W1UNWnV6dTip3D
+ c6jfswzuBSR3HtoVL2YSDFIibVDAb8Ph4kuAXDRcxKHh8FZdVaEyk5KhWDBY87aJ
+ vemqIOrh8GjbWWePNo6eDqRVU2nWZea78M7x0z6rDz6Z+VZsLWcl/cHu5pZMgDZW
+ nRUUe0JOtncgZ0FJnZu9sAw6BftaVgEk4vVrT9174evkTj1otIXClijTigVRp0Ia
+ JngM9FsQ0RLSA0dTGuCdEzoFPlUbtLLV+qL7ZGdysbfPsDiP1tlZWwCyxnYJ7gt3
+ TgqJPvZ/tuVX/MvwVCA6p13RXb3XqhbjtA2k4eXdeOcWPUYmYvVJ0385ASwQC1S7
+ PfmvQwL1f7YQkUvilkzBD/7EGeqJ8OFC4vJqx12tJNeNuqPiw195yBhNT5rml8bc
+ 2haV+wdpzWScw+eo/xj1a17i0a3SJLpwTcWiwTp0LmZEecOFtxNsaUjnZPn6d8Ms
+ RPbDVbeZP+kxNbvTuwXtQgC3d/GbcFbcSs//MAYUQLs83mA9XXW9Gzcq6ltexBPS
+ XAG2M3c5oa/2XonBoQ3X3dggKPWQoabyUVAAsehotCxcMEcdVEMtJLSB0/+CTTP4
+ 4+A7rurD5TwegQb3TmsDQRPYjwOoH0dQNXGNJQGGZpRyiVC/z0r3TXYrahze
+ =jtiP
+ -----END PGP MESSAGE-----
+ fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAz5uSgHG2iMJAQ/+IZeMdpcuIJgNH+sdovb4+CIwiIJozWprKNHOxFOBoYMC
+ ZBStuhdGS42LhJLlV6kCsWGdT5uFlQVUCjRX7YwmFurSW0NqqzFtgnnbxnHF8UWC
+ 743JTuh2lApyL5WPeNwj1PXx3xJcJFeCVynWDblvH0MrM8GVy68pZaSsIlmpcnGR
+ 2jLCdWAv72T0SVffto7qlpQmCXNJSYspykEx7LhylRglf2uOAAq4n0k9QIFFL+2X
+ EgV9rCOUh7qRpZ8zhd7PahS53o6gvqwFj7xM12u+iNbDE3pw+qThv/LiqfuoNd66
+ qHUDzz5VyVlhbZ9wcN9oEPIl2kuUL6WeMO6RGZMx2n4kiI7E6X4rF5YgRGJBQ2Mc
+ DAWxC3hWiAchyNqk7YoszskwjVR/8ozsvPzSmny1UNNsMsc6zw3BL86FZj12ODCT
+ lwIR4Wae7sGC4oBITW6Rc5uDvo4hdA58viwOPHcxCNHrLHkJHhje8CMf5AhjBYcy
+ OWFOD9Vi7c9fBeQwsy8G+LrX/wkcO5N+KoDDGJs/gx6HVAD5Rie2UnVCC4pICUXh
+ UgIXDvV0WahCv+eOBUlj4gOIpLEO35P0RcX9nNE/5izFlwH0TtG5rCziEHEosqD9
+ 9Wl7jqAi3POa7DtCD0DHIn0jxlWyVcBEXqHlgU3d6vRtOXTZMvt/NZxyLi4MUU/S
+ XAGWywtpd/gxRgiyg+OB8C9HhOioLL/bCWvOE1n0JLRotxnv571oZi0SYYqiyX6I
+ wk9s181nh4Kyfmf+tOiv4GDSkUfg01y1dx+85s8AzgyT6t5isV9AqlcWVGIs
+ =c5hi
+ -----END PGP MESSAGE-----
+ fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAw5vwmoEJHQ1AQ//VRf1w/DVkjth/BZAMx4B3i4O/Sh5vkJE1EQx7XWgpJVY
+ wX5vN0JujvIwhQ0aQf1nkFEmFTMFuKVMLzsHQ1ejT6od3XTsuD/WZsG9GJfG82Om
+ jT05mwIqcH1brD4PVqzsEdykG3PGtxVaIcFbnhdls15VxQTgiW1MXkjM+hm5ddti
+ sopwNLn6q2DbqJ4eGefl2kn88FxwDCv8tU9kQ9v4kR5/qkvtYgf8pyNl5zcQY5nH
+ y9muGRxt0eVq1Wpc7bzui/9MtZ9XOBWVPevesO2QWRTnK7PLGH23KoS4GHLKB5Tn
+ OkP1QemC75RjZ5AkfzYtTAInSlFmp9/giQ7ZDVSQMKoXxCsuN6jsVK380jWOPlq9
+ tOtXSfGCSdMeM2O0vB/Xqv1qhcqPSGGCib7BnivTUnEfgxGhHGxNOOFZ8fJBXDhQ
+ F0q7CHRye1EBhT+GpKuraSBpcNMgexj9j+B+17IAW+Riq0l5DiGJ7rgPaRnz+3Az
+ 2F4y0r2//2iV+Em6n5crVu13SsAWUzYVKyHSswJQByEK0D8ibE8vlsE+LBLwtpUs
+ 5FEVy8bxmNwbYyKGaiFR5m6njWlI3M6Chn1snzfsaKWpPxFHj/CSpUu4MRpGlNfr
+ Hc2mJxsi3FpnAUwAUbnLudW9ET72gnfrHHKBYf3DzqQAc9Xrf+dKUuPuBlDm5TPS
+ XAGNfxvILdjNFX9LvJLDffbPzHfLjKtBDSAAZV0bK8e669nFReBGfTk4RQXY2Huc
+ NW8hke7+pV4vazwcosDgFRu/XmFyc/G+bxbB1zmzs7DgQ0m2sLxiRdv1xwBX
+ =C6m1
+ -----END PGP MESSAGE-----
+ fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DerEtaFuTeewSAQdA47A8oGWP1vDUTI0iRqcliyuGmgPaM8Cmu4kRL64cmVsw
+ xTzCmlWNzdNa7YpdEGrCrzr2Ml5oE8hvLy1fM/H3m/6VM9+3Vmm6EI0Zq4mYYh6b
+ 0lwBapQSaiQxUJXIvRHqIbFfd6UvQ2k/l6K9HtnL6wHLNywCl8VqBJyGh+gzrS6p
+ Uj81QJspZL/XBbaw3vsM27p4I4644BFHVQMApAWWb0s9YTo179eLVl+XXL9/5A==
+ =hDmG
+ -----END PGP MESSAGE-----
+ fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMAxjNhCKPP69fAQ/9ETw/8YtE14vgYnOWSnGhp8ryTFdt5D2IW8B30mmFlY4e
+ 0P0ELQ36dn7ZoEe9DxfjYXFEJ9pTElnN8d1mOxOcFvvBA7HXhWYa261PVTUt0Mh5
+ sLIcNgLoXJEd35voyqm/PXtGJZmM7iK79FL9L01eVm+zGSdglhvHhLdMnFVea+SC
+ vF/sjp+9m6DUehKqD3jUr3T31mXf2wuq7864j3DdC+pRC6In4y7kuj0TUbGpZFH8
+ rKBCxDLAifp11acgB5B3r0JyBeeZgIw8uTKrrQpFXXIUEUO0g1C6xlo96M3OD7sG
+ pdvdsKo0l2687kA5uN2/hxAMqQIImLXSStod0KveDcys7UtYIZ5zVoi5KyZgxmBq
+ wJOatBlH/sKzU2TXOSSTpbQJJBlaxCRk8/3ypfii4xdc3pWBm0Jm0fmZcckYmdWs
+ bTOFCkg2Bx8gJkMpKSO5sou13j0Py45IHdeeOkYt6K/9+kEqlUCZfJUUj8PSO6Gz
+ 7kdchGWYcGDGsqDeLlAXOdt8eQxBNs8LL9r+d+Acf4KqL1CYoxYhf6UC4z0Hownf
+ jWkrs+CUxnF8xSt2WFlxoU7AWkATMkBZrPoZcN8iyTwlQWvTQgXoFJoJ9RBkOwfc
+ HCSXDd53nogbkOfCUDosmlb/CJft3vS+hTNiLTVMA0J9ixul0HaRRr/w8bE/DgjS
+ XAEdwJucMGVbFM3DNjrDb5iaVsIugBYGuZDK+/xyVwK1IlP9GDwE617SQNM/LbQo
+ Fdq9ziI3VwlTFOnwNZ5Lw2IjNzHYMmS7ZTiF1LERWrMjIUtjY9/443ZHGQSE
+ =a7K9
+ -----END PGP MESSAGE-----
+ fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA1Hthzn+T1OoAQ//TycYGKYZdRgLzgcx7G6un+2OP3HMsXGfAO6Pz8qIkd9I
+ jhVccyRB02gPRb/8xKyR5LVjeZ+zULmfBNAAwkvSDC2tjn0PlxbQwFW555Mdeg47
+ HixFzYVpi12qxqk3Vei9C70VCufyHp2x4YH82LJNKlHybJv5xMFZIFVkPdQQX09M
+ un2f5Fo6esMe8xfzfHsTbrX2X9TxluP+xwrjQLlqis9Xo1w3PJ8a/U7oGWm7cbOa
+ 2/7HR1eNQe2CIWRNo22CzvrmWcsid/LblgGgVP/W2lG7cQtXrW6dy5UctIXRYGwf
+ CjW2KgVova8Ojju7M1gZHjNSjnIEMD4ONNQCe5UiTfHwZbqPQtsfipL6NjY404/g
+ lG3ab1qtwgUSP3sdl/+gRvDEENSwjk7H/tIlk64ufABnbjqF7vGgh8EWz0u44sI/
+ a7RRYZbSjFSWpUivHiF4Z9CRxz+4OFkDFZ8oMyynwnNtXcq+Y1icqggPFN7PjPX4
+ FB0W3fxcDvUaC92TeHrbVA6gJ916WwPPf0nDYVkuKbVgBHiDUmTo68WGD3T2IAPJ
+ tj7ePAG/lreZDhDKH2s67I40Q8lPDIxFXV2u3wJ0wSOUeGvMh/mfaQyCbA1hDgIU
+ 1PfkoLxXiQ09VfH6AVTJFWEY8NRJug/R5d+6PsXp61jfX8tVT/IFUlmdQD9kRXjS
+ XAHubuQ/eNItKH9gRTj0eq9YdbzmrVJx88ImtX93Tq8Jrxc11Grlyf7OeJ5tBgin
+ UYYips2Wf+P8SibwyG+ctV/4qRtNzoo4I7B5PNsKqVkm8bBzBsnvjY5WFV5G
+ =OwXi
+ -----END PGP MESSAGE-----
+ fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA46L6MuPqfJqAQ//TO7OWNCZyYgKOGFsoBlCT6rMTCF9ZwL4URHCCc4Yt+56
+ MJ2jDB7usZTQfEMm7sAPKo82lJh7BnZR3o9ZQfJWnv1fc+B+v4FCYmHPlxD1/Srj
+ 8RqCAqcsSRpbAq2B4qdq2kFfh3vuSHewBtCAblwRxuVKhoLUg15Ax+20h+XcXIZm
+ nAQTUBauyFNxZjEnTPiAO7rEXR7XAtN3XQLnROBiZXRHL6nUy1Ud1fOLj5dWHHl+
+ YGlmyy6F8GjG8Bk3G/F5QNp67h9OogW1EYWOIRqnxfYTx5QqYLig9b9Hehf/guT8
+ rzifK62TFCqANSPwvsehHH1ucdO+pnDL0a5dLELMzYJstKqOaq9Pdly3HRIWT/lg
+ UhmN5aQ+v8sw/9suwOKb9ED7ITV50gIedRK3MjtzAb6GwmgeO5PWqcnKaIRarbo+
+ PGM85vQkkKMY9wJHHYeYvDvM+fYilmX1H0uFg7KPHqwZ2UM+4XxKp7MfQQTLIl+g
+ rvEJ2MlVp0xG9biyqB2vFUungS56Y0mDNN4gaRwxGXd21OjI2onquKIDaYXTh2uh
+ S8UPheiOYHgpX6Xd6FNhVchjd7NDfw2XwiYbBI6YvRqeG8b2RetbUdpH34y7kTTO
+ rSRx5wJecJJYL62M3DDFQ/JVgsQs2YeyROen32UIZqVZjG35NaUY4gWFvBrXk7XS
+ XAH2c64NkWvCxrQN+ypAOo1acK7JmVx8KRyJ9SkHBEGXf8u8vrM3mKErSRUdcx87
+ O+4RH7EMOnH6/5x6bX2Uwj+WmY8uXtsn1q+zxqMmnt+rQN8y3MlssJ2u3XUO
+ =Ft9S
+ -----END PGP MESSAGE-----
+ fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4EEKdYEzV0pAQ//WMDEOC0jLeKxKCpjMltCQ+jjwtsH/yZOA07o9VHBhNhX
+ kfJ+fONQb7roYaMFEM8ZRxhVf0IXjrK4vk7+P4x/vKtW0/1cQm7U/uxzUsOUBA4k
+ UZHgcgrB3s6yDOY9TdwnZnaOlRPmG0AudXOYS/FwNE6OzYeCzf+88nw0VZzXpwvJ
+ WsPV69lYpwTxcxhO8jCVDPTXjOC0sWOXBe6Ea2X/dbWuwu2KX8AxDp8O3C6Uxa30
+ jOrhNtiguMugmKgF7NZlDqgiR3v2KhbVi/ECc3vH1c+GTekT26zAkvvzFqJjkHsb
+ XS8DyAp2/ExCubtk4h25ObMhghabGqrl9o8hZ+0RlEaWU7oRi+cinIXgAZcubv0Y
+ /LEfDyJTohmoDdqpC4xYdTMQ8s8RaNRGtQG/3hISD0cgssBHDBKnoNMNB/V1qe+z
+ EZx/ewgUmlxcO9Q+mPnQG9Eo7sh4WnldbueXtdmp8f4vpt8tJ6zr66x9QLU0IJHW
+ UwgwaV6EAUdv+O+MsW40Bx/TWEbbKj8am9dymTP1dV1OcPJOLfUbNog7ybFXl6IT
+ kNnUkwHXfkRUbzZJNB5rBTTt8msuFquJEaZANl5eMKdn5fG9k2hxMpZCdYT0kECb
+ ErzpV2kUS6Z+QLL2YQzIQ/iBqy82u/pOJ44IvO6JAXYUbc5RTGVOgXNpNiFhOQLS
+ XAHfwKoAg6apAAcqJcywJ52eFwi2886lHyTcl6Zl8wlOC6FZbK+zkmhFKEcOdZyo
+ YFVoqmHT3Da/Z4rlw0XwJYR7EFyk/mHlBwdNabv68Ba94zkqXpSSDuJz7Oip
+ =K261
+ -----END PGP MESSAGE-----
+ fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DQrf1tCqiJxoSAQdARUYTLeEeQkoOgHc8ReED3vRzHOa3S648JbH8q9p8s1Uw
+ 6m+puHJX6nqoLf+TkUfNKfpx1JJpGxgcvsADJTm5Rwi0MxqKvo650DQwHA+UQHd6
+ 0lwBQ1aFrpTk+2b5mVgGGLp5dgFSTDSIsBbUBFQOXvuPX/S/n4eCwiq0sWJBNsam
+ wKTAC7nLnf9O1MX8NGXHQD01doJ2M19o7BoUsifxb0y2XorWDp23NqrSb2U+9A==
+ =xw0V
+ -----END PGP MESSAGE-----
+ fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hF4DzAGzViGx4qcSAQdAc7DD+ELFXtPiikXroB//qxDovIM8uUVXiY6/bCGDhyUw
+ 0XqwTBBntTkrxjPXSQIPuLosccZCLcqpawjCAeYKPNZmJSfhQ5ESl/iAD7wofT2V
+ 0lYBCaD9ciqJhB7nb0vh3Aoa4uphQ3EiS+PYi0Tyuo2r9MsoSv5BLGGHHaQDhvxK
+ 8FXpCyUk8oqBiJ4TRouaVvDcPUSaqWk9QQtxx1mgD0iIkPNnMXoPJA==
+ =3GJf
+ -----END PGP MESSAGE-----
+ fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
+ - created_at: "2025-07-20T18:28:37Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA2pVdGTIrZI+AQ//QR/3s7FObKxat5+yCwGERpelhkNVkwwaVl6nnyX1P2od
+ JrKHwmwgRaOpchQmlkbLwgPs9byiRc29sv8T72qAM0xQohKJq3TXXCGA2Wy4xzmn
+ tDK4m+kU/WA8qtBsJn+gfV9CkWXVmr1vnrE+oM32qNpDA5wTrEN2ueTnxkc6oiN8
+ O+rlJWkbtPBxt3o9OJfJLoidh+Ot+1aiLeg+9lrp7RdnuHcHiklwT3y+dLf2Dpje
+ SevPq5UDX1C9kbwCtQuvH11wO2Pss9IWfNhqgdltsnaEC02lFaiiZxiZL+lxb5+D
+ XcVn7o+iZUL5BjNn0Y1D17geXuIwFwOKWsRh59EsMMUU7rzK2WIeGz5eIbGcRHPw
+ MIOxhzHXH4DN1TIKLa3BoqMCaEa6FY4U5pWNAGcclOqSY5DmlmSgZxOSLijCpLCf
+ VRyWbDUiMVz6CA1dR5PtnGoIlAMk0W84SxWgjrsg5BE3zt1KeluAPkJbgD3wRTMj
+ uXq37kbIQvH80ocxjY1DyBkvz5xh21yBlUvQnMLc8gQg2C3Z8gQj9eexqJOt0z/g
+ DvW6t4ZfGncsqE5nKv+O4FiFc+xUKFt02pPI/hgqYPpXVYc8mmqD8A75dbi3fhEO
+ 5tTnEszoYZJucAF57aWNzpr+o/I3dP7SxrxbQbq9I4GO1omSkKeNFe/dQWKGzR/S
+ XAHR6DYe5ej+qdc9lcK/Lx8aA7/4b+O5jSKE0g1sJ2wEZdhNQbLM21YLGt4hFCk5
+ a/pJ9m8ShyHgQM5bab9z2MtSD/qL9yVGMfErU/UC9S9GCAvh2COAFx1vVRdv
+ =L/EP
+ -----END PGP MESSAGE-----
+ fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+ unencrypted_suffix: _unencrypted
+ version: 3.10.2
diff --git a/inventories/z9/host_vars/yate.yaml b/inventories/z9/host_vars/yate.yaml
new file mode 100644
index 0000000..b73cfa6
--- /dev/null
+++ b/inventories/z9/host_vars/yate.yaml
@@ -0,0 +1,9 @@
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/compose.yaml.j2') }}"
+docker_compose__configuration_files:
+ - name: accfile.conf
+ content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/accfile.conf.j2') }}"
+ - name: regexroute.conf
+ content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/regexroute.conf.j2') }}"
+ - name: regfile.conf
+ content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/regfile.conf.j2') }}"
+docker_compose__restart_cmd: "exec yate sh -c 'kill -1 1'"
\ No newline at end of file
diff --git a/inventories/z9/hosts.yaml b/inventories/z9/hosts.yaml
index 0dde922..4d847bf 100644
--- a/inventories/z9/hosts.yaml
+++ b/inventories/z9/hosts.yaml
@@ -1,21 +1,45 @@
all:
hosts:
- light:
- ansible_host: light.z9.ccchh.net
- ansible_user: chaos
authoritative-dns:
ansible_host: authoritative-dns.z9.ccchh.net
ansible_user: chaos
+ dooris:
+ ansible_host: 10.31.208.201
+ ansible_user: chaos
+ light:
+ ansible_host: light.z9.ccchh.net
+ ansible_user: chaos
+ thinkcccore0:
+ ansible_host: thinkcccore0.z9.ccchh.net
+ yate:
+ ansible_host: yate.ccchh.net
+ ansible_user: chaos
+certbot_hosts:
+ hosts:
+ dooris:
+docker_compose_hosts:
+ hosts:
+ dooris:
+ yate:
+foobazdmx_hosts:
+ hosts:
+ light:
+hypervisors:
+ hosts:
+ thinkcccore0:
+infrastructure_authorized_keys_hosts:
+ hosts:
+ dooris:
+ light:
+ authoritative-dns:
+ yate:
nginx_hosts:
hosts:
+ dooris:
light:
ola_hosts:
hosts:
light:
-foobazdmx_hosts:
+proxmox_vm_template_hosts:
hosts:
- light:
-infrastructure_authorized_keys_hosts:
- hosts:
- light:
- authoritative-dns:
+ thinkcccore0:
diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml
index d7dcdac..952aeec 100644
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@@ -70,5 +70,13 @@
- "o=Docker,n=${distro_codename}"
- "o=nginx,n=${distro_codename}"
+- name: Ensure Alloy is installed and Setup on alloy_hosts
+ hosts: alloy_hosts
+ become: true
+ tasks:
+ - name: Setup Alloy
+ ansible.builtin.include_role:
+ name: grafana.grafana.alloy
+
- name: Run ensure_eh22_styleguide_dir Playbook
ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml
diff --git a/playbooks/deploy_hypervisor.yaml b/playbooks/deploy_hypervisor.yaml
new file mode 100644
index 0000000..4d3200f
--- /dev/null
+++ b/playbooks/deploy_hypervisor.yaml
@@ -0,0 +1,61 @@
+- name: Ensure the VM template generation is set up
+ hosts: proxmox_vm_template_hosts
+ tasks:
+ - name: Ensure dependencies are present
+ ansible.builtin.apt:
+ name:
+ - git
+ - libguestfs-tools
+ become: true
+
+ - name: Ensure /usr/local/{lib,sbin} exist
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: directory
+ owner: root
+ group: root
+ mode: "0755"
+ become: true
+ loop:
+ - "/usr/local/lib/"
+ - "/usr/local/sbin/"
+
+ - name: Ensure the pve-template-vm repo is present
+ ansible.builtin.git:
+ repo: https://git.hamburg.ccc.de/CCCHH/pve-template-vm.git
+ dest: /usr/local/lib/pve-template-vm
+ version: main
+ force: true
+ depth: 1
+ single_branch: true
+ track_submodules: true
+ become: true
+
+ # /usr/local/sbin as the script uses qm, which is also found in /usr/sbin.
+ - name: Ensure symlink to build-proxmox-template exists in /usr/local/sbin
+ ansible.builtin.file:
+ src: /usr/local/lib/pve-template-vm/build-proxmox-template
+ dest: /usr/local/sbin/build-proxmox-template
+ state: link
+ owner: root
+ group: root
+ mode: '0755'
+ become: true
+
+ # This sets up a cron job running /usr/local/sbin/build-proxmox-template using the env vars defined in hypervisor__template_vm_config.
+ - name: Ensure cron job is present for building a fresh VM template every week on Friday 04:00
+ ansible.builtin.cron:
+ name: "ansible build proxmox template"
+ cron_file: ansible_build_proxmox_template
+ minute: 0
+ hour: 4
+ weekday: 5
+ user: root
+ job: "{% if hypervisor__template_vm_config is defined and hypervisor__template_vm_config | length > 0 %}\
+ /usr/bin/env \
+ {% for item in hypervisor__template_vm_config | default([]) %}\
+ {{ item.name }}=\"{{ item.value }}\" \
+ {% endfor %}\
+ {% endif %}\
+ /usr/local/sbin/build-proxmox-template"
+ become: true
diff --git a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
index e4ab5b6..c2108d8 100644
--- a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
@@ -6,8 +6,8 @@ services:
image: docker.io/library/mariadb:11
environment:
- "MARIADB_DATABASE=wordpress"
- - "MARIADB_ROOT_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_ROOT_PASSWORD", create=false, missing="error") }}"
- - "MARIADB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}"
+ - "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}"
+ - "MARIADB_PASSWORD={{ secret__wordpress_db_password }}"
- "MARIADB_USER=wordpress"
- "MARIADB_AUTO_UPGRADE=yes"
volumes:
@@ -23,7 +23,7 @@ services:
- "WORDPRESS_DB_NAME=wordpress"
- "WORDPRESS_DB_USER=wordpress"
- "WORDPRESS_TABLE_PREFIX=wp_"
- - "WORDPRESS_DB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}"
+ - "WORDPRESS_DB_PASSWORD={{ secret__wordpress_db_password }}"
volumes:
- wordpress:/var/www/html/wp-content
ports:
diff --git a/resources/chaosknoten/cloud/nextcloud/config.php.j2 b/resources/chaosknoten/cloud/nextcloud/config.php.j2
deleted file mode 100644
index 718bcb8..0000000
--- a/resources/chaosknoten/cloud/nextcloud/config.php.j2
+++ /dev/null
@@ -1,98 +0,0 @@
- '\\OC\\Memcache\\APCu',
- 'apps_paths' =>
- array (
- 0 =>
- array (
- 'path' => '/var/www/html/apps',
- 'url' => '/apps',
- 'writable' => false,
- ),
- 1 =>
- array (
- 'path' => '/var/www/html/custom_apps',
- 'url' => '/custom_apps',
- 'writable' => true,
- ),
- ),
- 'instanceid' => 'oc9uqhr7buka',
- 'passwordsalt' => 'SK2vmQeTEHrkkwx9K+hC1WX33lPJDs',
- 'secret' => '3dBt5THD2ehg0yWdVDAvMmsY8yLtrfk/gE560lkMqYqgh6lu',
- 'trusted_domains' =>
- array (
- 0 => 'cloud.hamburg.ccc.de',
- ),
- 'datadirectory' => '/var/www/html/data',
- 'dbtype' => 'mysql',
- 'version' => '25.0.9.2',
- 'overwrite.cli.url' => 'https://cloud.hamburg.ccc.de',
- 'dbname' => 'nextcloud',
- 'dbhost' => 'database',
- 'dbport' => '',
- 'dbtableprefix' => 'oc_',
- 'mysql.utf8mb4' => true,
- 'dbuser' => 'nextcloud',
- 'dbpassword' => 'TdBLMQQeKbz1zab3sySUsGxo3',
- 'installed' => true,
- // Some Nextcloud options that might make sense here
- 'allow_user_to_change_display_name' => false,
- 'lost_password_link' => 'disabled',
- // URL of provider. All other URLs are auto-discovered from .well-known
- 'oidc_login_provider_url' => 'https://id.ccchh.net/realms/ccchh',
- // Client ID and secret registered with the provider
- 'oidc_login_client_id' => 'cloud',
- 'oidc_login_client_secret' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/kc-client-secret", create=false, missing="error") }}',
- // Automatically redirect the login page to the provider
- 'oidc_login_auto_redirect' => true,
- // Redirect to this page after logging out the user
- //'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
- // If set to true the user will be redirected to the
- // logout endpoint of the OIDC provider after logout
- // in Nextcloud. After successfull logout the OIDC
- // provider will redirect back to 'oidc_login_logout_url' (MUST be set).
- 'oidc_login_end_session_redirect' => true,
- // Quota to assign if no quota is specified in the OIDC response (bytes)
- //
- // NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to
- // zero or -1 or ''.
- 'oidc_login_default_quota' => '1000000000',
- // Login button text
- 'oidc_login_button_text' => 'Log in via id.ccchh.net',
- // Hide the NextCloud password change form.
- 'oidc_login_hide_password_form' => false,
- // Use ID Token instead of UserInfo
- 'oidc_login_use_id_token' => false,
- 'oidc_login_attributes' => array (
- 'id' => 'preferred_username',
- 'name' => 'name',
- 'mail' => 'email',
- 'quota' => 'ownCloudQuota',
- 'home' => 'homeDirectory',
- 'ldap_uid' => 'uid',
- 'groups' => 'ownCloudGroups',
- 'login_filter' => 'realm_access_roles',
- 'photoURL' => 'picture',
- 'is_admin' => 'ownCloudAdmin',
- ),
- // Default group to add users to (optional, defaults to nothing)
- //'oidc_login_default_group' => 'oidc',
- 'oidc_login_filter_allowed_values' => null,
- // Set OpenID Connect scope
- 'oidc_login_scope' => 'openid profile',
- // The `id` attribute in `oidc_login_attributes` must return the
- // "Internal Username" (see expert settings in LDAP integration)
- 'oidc_login_proxy_ldap' => false,
- // Fallback to direct login if login from OIDC fails
- // Note that no error message will be displayed if enabled
- 'oidc_login_disable_registration' => false,
- //'oidc_login_redir_fallback' => false,
- // If you get your groups from the oidc_login_attributes, you might want
- // to create them if they are not already existing, Default is `false`.
- 'oidc_create_groups' => true,
- // Enable use of WebDAV via OIDC bearer token.
- 'oidc_login_webdav_enabled' => true,
- // Enable authentication with user/password for DAV clients that do not
- // support token authentication (e.g. DAVx⁵)
- 'oidc_login_password_authentication' => false,
-);
\ No newline at end of file
diff --git a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
index 7e6ad56..8832381 100644
--- a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
+++ b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2
@@ -11,7 +11,7 @@ $CONFIG = array (
'mail_smtpname' => 'no-reply@cloud.hamburg.ccc.de',
'mail_from_address' => 'no-reply',
'mail_domain' => 'cloud.hamburg.ccc.de',
- 'mail_smtppassword' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/smtp_password", create=false, missing="error") }}',
+ 'mail_smtppassword' => '{{ secret__nextcloud_smtp_password }}',
'mail_smtpdebug' => true,
'maintenance_window_start' => 1,
);
diff --git a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 b/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2
deleted file mode 100644
index 56995ca..0000000
--- a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2
+++ /dev/null
@@ -1,60 +0,0 @@
-ALLOWED_HOSTS = [ "netbox.eh22.easterhegg.eu" ]
-DATABASE = {
- "HOST": "localhost",
- "NAME": "netbox",
- "USER": "netbox",
- "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}",
-}
-REDIS = {
- "tasks": {
- "HOST": "localhost",
- "PORT": 6379,
- "USERNAME": "",
- "PASSWORD": "",
- "DATABASE": 0,
- "SSL": False,
- },
- "caching": {
- "HOST": "localhost",
- "PORT": 6379,
- "USERNAME": "",
- "PASSWORD": "",
- "DATABASE": 1,
- "SSL": False,
- },
-}
-SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SECRET_KEY', create=false, missing='error') }}"
-SESSION_COOKIE_SECURE = True
-
-# CCCHH ID (Keycloak) integration.
-# https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7
-# https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html
-REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2"
-SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = (
- "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
-)
-SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = (
- "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
-)
-SOCIAL_AUTH_KEYCLOAK_KEY = "eh22-netbox"
-SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB"
-SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}"
-# Use custom OIDC group and role mapping pipeline functions added in via
-# netbox__custom_pipeline_oidc_group_and_role_mapping.
-# The default pipeline this is based on can be found here:
-# https://github.com/netbox-community/netbox/blob/main/netbox/netbox/settings.py
-SOCIAL_AUTH_PIPELINE = [
- "social_core.pipeline.social_auth.social_details",
- "social_core.pipeline.social_auth.social_uid",
- "social_core.pipeline.social_auth.social_user",
- "social_core.pipeline.user.get_username",
- "social_core.pipeline.user.create_user",
- "social_core.pipeline.social_auth.associate_user",
- "netbox.authentication.user_default_groups_handler",
- "social_core.pipeline.social_auth.load_extra_data",
- "social_core.pipeline.user.user_details",
- # Custom OIDC group and role mapping functions.
- "netbox.custom_pipeline_oidc_mapping.add_groups",
- "netbox.custom_pipeline_oidc_mapping.remove_groups",
- "netbox.custom_pipeline_oidc_mapping.set_roles",
-]
diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
index 83aeaad..3e51e55 100644
--- a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
+++ b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
@@ -3,38 +3,84 @@
# - https://github.com/prometheus/alertmanager/blob/48a99764a1fc9279fc828de83e7a03ae2219abc7/doc/examples/simple.yml
route:
- group_by: ["alertname", "site", "type", "hypervisor"]
-
+ receiver: 'ccchh-infrastructure-alerts'
+ group_by: [ "alertname", "site", "type", "hypervisor" ]
group_wait: 30s
group_interval: 5m
- repeat_interval: 3h
-
- receiver: ccchh-infrastructure-alerts
-
-
-{# Disable these for now, but might be interesting in the future.
-# Inhibition rules allow to mute a set of alerts given that another alert is
-# firing.
-# We use this to mute any warning-level notifications if the same alert is
-# already critical.
-inhibit_rules:
- - source_matchers: [severity="critical"]
- target_matchers: [severity="warning"]
- # Apply inhibition if the alertname is the same.
- # CAUTION:
- # If all label names listed in `equal` are missing
- # from both the source and target alerts,
- # the inhibition rule will apply!
- equal: [alertname, cluster, service] #}
+ repeat_interval: 6h
+ routes:
+ - receiver: "null"
+ matchers:
+ - sendAlert = "false"
+ - receiver: ntfy-ccchh-critical
+ matchers:
+ - org = "ccchh"
+ - severity = "critical",
+ repeat_interval: 18h
+ continue: true
+ - receiver: ntfy-ccchh
+ matchers:
+ - org = "ccchh"
+ - severity =~ "info|warning",
+ repeat_interval: 36h
+ continue: true
+ - receiver: ntfy-fux-critical
+ matchers:
+ - org = "fux"
+ - severity = "critical",
+ repeat_interval: 18h
+ continue: true
+ - receiver: email-fux-critical
+ matchers:
+ - org = "fux"
+ - severity = "critical",
+ repeat_interval: 36h
+ continue: true
+ - receiver: ntfy-fux
+ matchers:
+ - org = "fux"
+ - severity =~ "info|warning",
+ repeat_interval: 36h
+ continue: true
+ - receiver: ccchh-infrastructure-alerts
+ matchers:
+ - org = "ccchh"
+ - severity =~ "info|warning|critical"
templates:
- "/etc/alertmanager/templates/*.tmpl"
receivers:
+ - name: "null"
- name: "ccchh-infrastructure-alerts"
telegram_configs:
- send_resolved: true
- bot_token: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/alertmanager_telegram_bot_token", create=false, missing="error") }}
+ bot_token: {{ secret__alertmanager_telegram_bot_token }}
chat_id: -1002434372415
parse_mode: HTML
message: {{ "'{{ template \"alert-message.telegram.ccchh\" . }}'" }}
+
+ - name: "ntfy-ccchh-critical"
+ webhook_configs:
+ - url: "http://ntfy-alertmanager-ccchh-critical:8000"
+
+ - name: "ntfy-fux-critical"
+ webhook_configs:
+ - url: "http://ntfy-alertmanager-fux-critical:8001"
+
+ - name: "ntfy-ccchh"
+ webhook_configs:
+ - url: "http://ntfy-alertmanager-ccchh:8010"
+
+ - name: "ntfy-fux"
+ webhook_configs:
+ - url: "http://ntfy-alertmanager-fux:8011"
+
+ - name: "email-fux-critical"
+ email_configs:
+ - send_resolved: true
+ to: "stb@lassitu.de"
+ from: "alert-manager@hamburg.ccc.de"
+ smarthost: "cow.hamburg.ccc.de:587"
+ auth_username: "alert-manager@hamburg.ccc.de"
+ auth_password: {{ secret__alert_manager_email_password }}
diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl b/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
index 5318fb0..3e97e6e 100644
--- a/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
+++ b/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl
@@ -20,16 +20,25 @@ Links & Resources
{{ define "alert-message.telegram.ccchh" }}
-{{- if .Alerts.Firing }}
-🔥{{ len .Alerts.Firing }} Alert(/s) Firing 🔥
-{{ range .Alerts.Firing -}}
-{{ template "alert-item.telegram.ccchh.internal" . }}
-{{- end }}
-{{- end }}
-{{- if .Alerts.Resolved }}
-✅{{ len .Alerts.Resolved }} Alert(/s) Resolved ✅
-{{ range .Alerts.Resolved -}}
-{{ template "alert-item.telegram.ccchh.internal" . }}
-{{- end }}
-{{- end }}
+ {{- if .Alerts.Firing }}
+ 🔥{{ len .Alerts.Firing }} Alert(/s) Firing 🔥
+ {{- if le (len .Alerts.Firing) 5 }}
+ {{- range .Alerts.Firing }}
+ {{ template "alert-item.telegram.ccchh.internal" . }}
+ {{- end }}
+ {{- else }}
+ There are too many alerts firing at once
+ {{- end }}
+ {{- end }}
+
+ {{- if .Alerts.Resolved }}
+ ✅{{ len .Alerts.Resolved }} Alert(/s) Resolved ✅
+ {{- if le (len .Alerts.Resolved) 5 }}
+ {{- range .Alerts.Resolved }}
+ {{ template "alert-item.telegram.ccchh.internal" . }}
+ {{- end }}
+ {{- else }}
+ There are too many resolved alerts to list
+ {{- end }}
+ {{- end }}
{{- end }}
diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
index 3e994dc..c9c4cca 100644
--- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
@@ -6,6 +6,8 @@ services:
container_name: prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
+ - '--web.enable-remote-write-receiver'
+ - '--enable-feature=promql-experimental-functions'
ports:
- 9090:9090
restart: unless-stopped
@@ -13,7 +15,7 @@ services:
- ./configs/prometheus.yml:/etc/prometheus/prometheus.yml
- ./configs/prometheus_alerts.rules.yaml:/etc/prometheus/rules/alerts.rules.yaml
- prom_data:/prometheus
-
+
alertmanager:
image: prom/alertmanager
container_name: alertmanager
@@ -35,7 +37,7 @@ services:
restart: unless-stopped
environment:
- GF_SECURITY_ADMIN_USER=admin
- - "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/GF_SECURITY_ADMIN_PASSWORD", create=false, missing="error") }}"
+ - "GF_SECURITY_ADMIN_PASSWORD={{ secret__grafana_gf_security_admin_password }}"
volumes:
- ./configs/grafana.ini:/etc/grafana/grafana.ini
- ./configs/grafana-datasource.yml:/etc/grafana/provisioning/datasources/datasource.yml
@@ -49,13 +51,61 @@ services:
restart: unless-stopped
environment:
- PVE_USER=grafana@pve
- - "PVE_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/prometheus-exporter", create=false, missing="error") }}"
+ - "PVE_PASSWORD={{ secret__prometheus_pve_exporter_pve_password }}"
- PVE_VERIFY_SSL=false
volumes:
- /dev/null:/etc/prometheus/pve.yml
+ loki:
+ image: grafana/loki:3
+ container_name: loki
+ ports:
+ - 13100:3100
+ - 19099:9099
+ restart: unless-stopped
+ volumes:
+ - ./configs/loki.yaml:/etc/loki/local-config.yaml
+ - loki_data:/var/loki
+
+ ntfy-alertmanager-ccchh-critical:
+ image: xenrox/ntfy-alertmanager:latest
+ container_name: ntfy-alertmanager-ccchh-critical
+ volumes:
+ - ./configs/ntfy-alertmanager-ccchh-critical:/etc/ntfy-alertmanager/config
+ ports:
+ - 8000:8000
+ restart: unless-stopped
+
+ ntfy-alertmanager-fux-critical:
+ image: xenrox/ntfy-alertmanager:latest
+ container_name: ntfy-alertmanager-fux-critical
+ volumes:
+ - ./configs/ntfy-alertmanager-fux-critical:/etc/ntfy-alertmanager/config
+ ports:
+ - 8001:8001
+ restart: unless-stopped
+
+ ntfy-alertmanager-ccchh:
+ image: xenrox/ntfy-alertmanager:latest
+ container_name: ntfy-alertmanager-ccchh
+ volumes:
+ - ./configs/ntfy-alertmanager-ccchh:/etc/ntfy-alertmanager/config
+ ports:
+ - 8010:8010
+ restart: unless-stopped
+
+ ntfy-alertmanager-fux:
+ image: xenrox/ntfy-alertmanager:latest
+ container_name: ntfy-alertmanager-fux
+ volumes:
+ - ./configs/ntfy-alertmanager-fux:/etc/ntfy-alertmanager/config
+ ports:
+ - 8011:8011
+ restart: unless-stopped
volumes:
graf_data: {}
prom_data: {}
alertmanager_data: {}
+ loki_data: {}
+ mimir_data: {}
diff --git a/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml b/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
index 44999d4..632ad1c 100644
--- a/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
+++ b/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
@@ -7,3 +7,15 @@ datasources:
isDefault: true
access: proxy
editable: true
+ - name: Loki
+ type: loki
+ url: http://loki:3100
+ access: proxy
+ editable: true
+ jsonData:
+ timeout: 60
+ maxLines: 3000
+ httpHeaderName1: "X-Scope-OrgID"
+ secureJsonData:
+ httpHeaderValue1: "chaos"
+
diff --git a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2 b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
index 65f7bed..af5b848 100644
--- a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
+++ b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
@@ -11,7 +11,7 @@ auto_login = true
name = id.hamburg.ccc.de
allow_sign_up = true
client_id = grafana
-client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
+client_secret = {{ secret__grafana_keycloak_secret }}
scopes = openid email profile offline_access roles
email_attribute_path = email
login_attribute_path = username
diff --git a/resources/chaosknoten/grafana/docker_compose/loki.yaml b/resources/chaosknoten/grafana/docker_compose/loki.yaml
new file mode 100644
index 0000000..daf214f
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/loki.yaml
@@ -0,0 +1,52 @@
+auth_enabled: true
+
+server:
+ http_listen_port: 3100
+ grpc_listen_port: 9099
+ log_level: warn
+
+limits_config:
+ retention_period: 14d
+
+common:
+ instance_addr: 127.0.0.1
+ path_prefix: /var/loki
+ storage:
+ filesystem:
+ chunks_directory: /var/loki/chunks
+ rules_directory: /var/loki/rules
+ replication_factor: 1
+ ring:
+ kvstore:
+ store: inmemory
+
+storage_config:
+ filesystem:
+ directory: /var/loki/chunks
+ index_queries_cache_config:
+ embedded_cache:
+ enabled: true
+ max_size_mb: 80
+ ttl: 30m
+
+schema_config:
+ configs:
+ - from: 2025-04-28
+ store: tsdb
+ object_store: filesystem
+ schema: v13
+ index:
+ prefix: index_
+ period: 24h
+
+chunk_store_config:
+ chunk_cache_config:
+ embedded_cache:
+ enabled: true
+ max_size_mb: 80
+ ttl: 30m
+ write_dedupe_cache_config:
+ embedded_cache:
+ enabled: true
+ max_size_mb: 80
+ ttl: 30m
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2
new file mode 100644
index 0000000..b4afc90
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2
@@ -0,0 +1,48 @@
+base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-ccchh-critical
+http-address :8000
+log-level info
+log-format text
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode)
+# Options: single, multi
+# Default: multi
+alert-mode single
+
+labels {
+ order "severity"
+
+ severity "critical" {
+ priority 4
+ tags "rotating_light"
+ }
+
+ severity "warning" {
+ priority 3
+ tags "warning"
+ }
+
+ severity "info" {
+ priority 1
+ }
+}
+
+resolved {
+ tags "white_check_mark,resolved"
+ priority 2
+}
+
+ntfy {
+ server https://ntfy.hamburg.ccc.de
+ topic ccchh-alertmanager-critical
+ access-token {{ secret__ntfy_token }}
+}
+
+alertmanager {
+ silence-duration 3h
+}
+
+cache {
+ type memory
+ duration 12h
+ cleanup-interval 1h
+}
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2
new file mode 100644
index 0000000..66fd9ab
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2
@@ -0,0 +1,48 @@
+base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-ccchh
+http-address :8010
+log-level info
+log-format text
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode)
+# Options: single, multi
+# Default: multi
+alert-mode single
+
+labels {
+ order "severity"
+
+ severity "critical" {
+ priority 4
+ tags "rotating_light"
+ }
+
+ severity "warning" {
+ priority 3
+ tags "warning"
+ }
+
+ severity "info" {
+ priority 1
+ }
+}
+
+resolved {
+ tags "white_check_mark,resolved"
+ priority 2
+}
+
+ntfy {
+ server https://ntfy.hamburg.ccc.de
+ topic ccchh-alertmanager
+ access-token {{ secret__ntfy_token }}
+}
+
+alertmanager {
+ silence-duration 3h
+}
+
+cache {
+ type memory
+ duration 12h
+ cleanup-interval 1h
+}
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2
new file mode 100644
index 0000000..afb6cc8
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2
@@ -0,0 +1,48 @@
+base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-fux-critical
+http-address :8001
+log-level info
+log-format text
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode)
+# Options: single, multi
+# Default: multi
+alert-mode single
+
+labels {
+ order "severity"
+
+ severity "critical" {
+ priority 4
+ tags "rotating_light"
+ }
+
+ severity "warning" {
+ priority 3
+ tags "warning"
+ }
+
+ severity "info" {
+ priority 1
+ }
+}
+
+resolved {
+ tags "white_check_mark,resolved"
+ priority 2
+}
+
+ntfy {
+ server https://ntfy.hamburg.ccc.de
+ topic fux-alertmanager-critical
+ access-token {{ secret__ntfy_token }}
+}
+
+alertmanager {
+ silence-duration 3h
+}
+
+cache {
+ type memory
+ duration 12h
+ cleanup-interval 1h
+}
diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2
new file mode 100644
index 0000000..1e506a3
--- /dev/null
+++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2
@@ -0,0 +1,48 @@
+base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-fux
+http-address :8011
+log-level info
+log-format text
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode)
+# Options: single, multi
+# Default: multi
+alert-mode single
+
+labels {
+ order "severity"
+
+ severity "critical" {
+ priority 4
+ tags "rotating_light"
+ }
+
+ severity "warning" {
+ priority 3
+ tags "warning"
+ }
+
+ severity "info" {
+ priority 1
+ }
+}
+
+resolved {
+ tags "white_check_mark,resolved"
+ priority 2
+}
+
+ntfy {
+ server https://ntfy.hamburg.ccc.de
+ topic fux-alertmanager
+ access-token {{ secret__ntfy_token }}
+}
+
+alertmanager {
+ silence-duration 3h
+}
+
+cache {
+ type memory
+ duration 12h
+ cleanup-interval 1h
+}
diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus.yml b/resources/chaosknoten/grafana/docker_compose/prometheus.yml
index 5f6232f..fd59034 100644
--- a/resources/chaosknoten/grafana/docker_compose/prometheus.yml
+++ b/resources/chaosknoten/grafana/docker_compose/prometheus.yml
@@ -1,12 +1,12 @@
global:
- scrape_interval: 15s
- scrape_timeout: 10s
- evaluation_interval: 15s
+ scrape_interval: 60s
+ scrape_timeout: 15s
+ evaluation_interval: 30s
alerting:
alertmanagers:
- scheme: http
- timeout: 10s
+ timeout: 15s
static_configs:
- targets:
- "alertmanager:9093"
@@ -22,6 +22,8 @@ scrape_configs:
static_configs:
- targets:
- localhost:9090
+ labels:
+ org: ccchh
- job_name: alertmanager
honor_timestamps: true
metrics_path: /metrics
@@ -29,6 +31,8 @@ scrape_configs:
static_configs:
- targets:
- alertmanager:9093
+ labels:
+ org: ccchh
- job_name: mumble
honor_timestamps: true
scrape_interval: 5s
@@ -38,6 +42,8 @@ scrape_configs:
static_configs:
- targets:
- mumble.hamburg.ccc.de:443
+ labels:
+ org: ccchh
- job_name: opnsense-ccchh
honor_timestamps: true
metrics_path: /metrics
@@ -45,6 +51,8 @@ scrape_configs:
static_configs:
- targets:
- 185.161.129.132:9100
+ labels:
+ org: ccchh
- job_name: jitsi
honor_timestamps: true
scrape_interval: 5s
@@ -54,10 +62,14 @@ scrape_configs:
static_configs:
- targets:
- jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge
+ labels:
+ org: ccchh
- job_name: 'pve'
static_configs:
- targets:
- 212.12.48.126 # chaosknoten
+ labels:
+ org: ccchh
metrics_path: /pve
params:
module: [ default ]
@@ -74,6 +86,7 @@ scrape_configs:
static_configs:
# Wieske Chaosknoten VMs
- labels:
+ org: ccchh
site: wieske
type: virtual_machine
hypervisor: chaosknoten
@@ -83,7 +96,6 @@ scrape_configs:
- public-web-static-intern.hamburg.ccc.de:9100
- git-intern.hamburg.ccc.de:9100
- forgejo-actions-runner-intern.hamburg.ccc.de:9100
- - eh22-netbox-intern.hamburg.ccc.de:9100
- eh22-wiki-intern.hamburg.ccc.de:9100
- mjolnir-intern.hamburg.ccc.de:9100
- woodpecker-intern.hamburg.ccc.de:9100
@@ -99,7 +111,13 @@ scrape_configs:
- zammad-intern.hamburg.ccc.de:9100
- pretalx-intern.hamburg.ccc.de:9100
- labels:
+ org: ccchh
site: wieske
type: physical_machine
targets:
- chaosknoten.hamburg.ccc.de:9100
+
+
+storage:
+ tsdb:
+ out_of_order_time_window: 90m
diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
index 5ec53b8..aa20a42 100644
--- a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
+++ b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
@@ -196,9 +196,9 @@ groups:
# Same rule using "node_filesystem_free_bytes" will fire when disk fills for non-root users.
- alert: HostDiskWillFillIn24Hours
expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) predict_linear(node_filesystem_avail_bytes{fstype!~"tmpfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
- for: 2m
+ for: 5m
labels:
- severity: warning
+ severity: critical
annotations:
summary: Host disk will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of space within the next 24 hours at current write rate\n VALUE = {{ $value }}"
@@ -212,9 +212,9 @@ groups:
description: "Disk is almost running out of available inodes (< 10% left)\n VALUE = {{ $value }}"
- alert: HostInodesWillFillIn24Hours
expr: (node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
- for: 2m
+ for: 5m
labels:
- severity: warning
+ severity: critical
annotations:
summary: Host inodes will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of inodes within the next 24 hours at current write rate\n VALUE = {{ $value }}"
@@ -362,7 +362,7 @@ groups:
expr: (node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
for: 0m
labels:
- severity: warning
+ severity: critical
annotations:
summary: Host systemd service crashed (instance {{ $labels.instance }})
description: "systemd service crashed\n VALUE = {{ $value }}"
@@ -438,6 +438,7 @@ groups:
for: 0m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus too many restarts (instance {{ $labels.instance }})
description: "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping.\n VALUE = {{ $value }}"
@@ -446,6 +447,7 @@ groups:
for: 0m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus AlertManager job missing (instance {{ $labels.instance }})
description: "A Prometheus AlertManager job has disappeared\n VALUE = {{ $value }}"
@@ -454,6 +456,7 @@ groups:
for: 0m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus AlertManager configuration reload failure (instance {{ $labels.instance }})
description: "AlertManager configuration reload error\n VALUE = {{ $value }}"
@@ -462,6 +465,7 @@ groups:
for: 0m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus AlertManager config not synced (instance {{ $labels.instance }})
description: "Configurations of AlertManager cluster instances are out of sync\n VALUE = {{ $value }}"
@@ -479,6 +483,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus not connected to alertmanager (instance {{ $labels.instance }})
description: "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}"
@@ -487,6 +492,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus rule evaluation failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}"
@@ -495,6 +501,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus template text expansion failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}"
@@ -503,6 +510,7 @@ groups:
for: 5m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus rule evaluation slow (instance {{ $labels.instance }})
description: "Prometheus rule evaluation took more time than the scheduled interval. It indicates a slower storage backend access or too complex query.\n VALUE = {{ $value }}"
@@ -519,6 +527,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus AlertManager notification failing (instance {{ $labels.instance }})
description: "Alertmanager is failing sending notifications\n VALUE = {{ $value }}"
@@ -527,6 +536,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus target empty (instance {{ $labels.instance }})
description: "Prometheus has no target in service discovery\n VALUE = {{ $value }}"
@@ -535,6 +545,7 @@ groups:
for: 5m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus target scraping slow (instance {{ $labels.instance }})
description: "Prometheus is scraping exporters slowly since it exceeded the requested interval time. Your Prometheus server is under-provisioned.\n VALUE = {{ $value }}"
@@ -575,6 +586,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus TSDB compactions failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB compactions failures\n VALUE = {{ $value }}"
@@ -583,6 +595,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus TSDB head truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB head truncation failures\n VALUE = {{ $value }}"
@@ -591,6 +604,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus TSDB reload failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB reload failures\n VALUE = {{ $value }}"
@@ -599,6 +613,7 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus TSDB WAL corruptions (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL corruptions\n VALUE = {{ $value }}"
@@ -607,14 +622,16 @@ groups:
for: 0m
labels:
severity: critical
+ org: ccchh
annotations:
summary: Prometheus TSDB WAL truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL truncation failures\n VALUE = {{ $value }}"
- alert: PrometheusTimeseriesCardinality
- expr: label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 10000
+ expr: label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 20000
for: 0m
labels:
severity: warning
+ org: ccchh
annotations:
summary: Prometheus timeseries cardinality (instance {{ $labels.instance }})
description: "The \"{{ $labels.name }}\" timeseries cardinality is getting very high: {{ $value }}\n VALUE = {{ $value }}"
diff --git a/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf
index a3218d1..c5b68e1 100644
--- a/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf
@@ -2,7 +2,8 @@
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
# Listen on a custom port for the proxy protocol.
- listen 8443 ssl http2 proxy_protocol;
+ listen 8443 ssl proxy_protocol;
+ http2 on;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
@@ -40,4 +41,71 @@ server {
proxy_pass http://127.0.0.1:3000/;
}
+ location /ntfy-alertmanager-ccchh-critical/ {
+ deny all;
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ proxy_pass http://127.0.0.1:8000/;
+ }
+
+ location /ntfy-alertmanager-ccchh/ {
+ deny all;
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ proxy_pass http://127.0.0.1:8010/;
+ }
+
+ location /ntfy-alertmanager-fux-critical/ {
+ deny all;
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ proxy_pass http://127.0.0.1:8001/;
+ }
+
+ location /ntfy-alertmanager-fux/ {
+ deny all;
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ proxy_pass http://127.0.0.1:8011/;
+ }
}
diff --git a/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
new file mode 100644
index 0000000..e2bf4a7
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
@@ -0,0 +1,89 @@
+server {
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+
+ deny all;
+
+ server_name loki.hamburg.ccc.de;
+
+ listen [::]:50051 ssl;
+ listen 172.31.17.145:50051 ssl;
+
+ http2 on;
+
+ client_body_buffer_size 512k;
+
+ ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
+
+ auth_basic "loki";
+ auth_basic_user_file loki.htpasswd;
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Port 9099;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header X-Scope-OrgID $remote_user;
+ grpc_pass grpc://localhost:19099;
+ }
+}
+
+server {
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ deny all;
+
+ server_name loki.hamburg.ccc.de;
+
+ listen [::]:443 ssl;
+ listen 172.31.17.145:443 ssl;
+
+ http2 on;
+
+ client_body_buffer_size 512k;
+
+ ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
+ # verify chain of trust of OCSP response using Root CA and Intermediate certs
+ ssl_trusted_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/chain.pem;
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ auth_basic "loki";
+ auth_basic_user_file loki.htpasswd;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header X-Scope-OrgID $remote_user;
+ proxy_pass http://127.0.0.1:13100;
+ }
+}
diff --git a/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2 b/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2
new file mode 100644
index 0000000..ed270c2
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2
@@ -0,0 +1 @@
+chaos:{{ secret__loki_chaos_basic_auth }}
diff --git a/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
new file mode 100644
index 0000000..2c52523
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
@@ -0,0 +1,61 @@
+server {
+ allow ::1/128;
+ allow 127.0.0.1/32;
+ # Wieske
+ allow 172.31.17.128/25;
+ allow 212.12.51.128/28;
+ allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+ allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+ allow 2a00:14b0:4200:3380::/64;
+ allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
+ # Z9
+ allow 2a07:c480:0:100::/56;
+ allow 2a07:c481:1::/48;
+ # fuxnoc
+ allow 2a07:c481:0:1::/64;
+ deny all;
+
+ server_name metrics.hamburg.ccc.de;
+
+ listen [::]:443 ssl;
+ listen 172.31.17.145:443 ssl;
+ http2 on;
+
+ client_body_buffer_size 512k;
+
+ ssl_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/metrics.hamburg.ccc.de/privkey.pem;
+ # verify chain of trust of OCSP response using Root CA and Intermediate certs
+ ssl_trusted_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/chain.pem;
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ auth_basic "metrics";
+ auth_basic_user_file metrics.htpasswd;
+
+ location /api/v1/write {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Port 3100;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_pass http://127.0.0.1:9090;
+ }
+
+ location /ready {
+ rewrite ^ /-/ready break;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+
+ proxy_pass http://127.0.0.1:9090;
+ }
+}
diff --git a/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2 b/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2
new file mode 100644
index 0000000..f680572
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2
@@ -0,0 +1,2 @@
+chaos:{{ secret__metrics_chaos_basic_auth }}
+fux:{{ secret__metrics_fux_basic_auth }}
diff --git a/resources/chaosknoten/grafana/nginx/redirect.conf b/resources/chaosknoten/grafana/nginx/redirect.conf
new file mode 100644
index 0000000..28b265a
--- /dev/null
+++ b/resources/chaosknoten/grafana/nginx/redirect.conf
@@ -0,0 +1,14 @@
+# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+
+ location /.well-known/acme-challenge/ {
+ proxy_pass http://127.0.0.1:31820/.well-known/acme-challenge/;
+ }
+}
diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
index 9509654..227db64 100644
--- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
@@ -22,7 +22,7 @@
services:
keycloak:
- image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.0
+ image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.2
pull_policy: always
restart: unless-stopped
command: start --optimized
@@ -32,11 +32,11 @@ services:
- keycloak
environment:
KEYCLOAK_ADMIN: admin
- KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
+ KEYCLOAK_ADMIN_PASSWORD: {{ secret__keycloak_admin_password }}
KC_DB: postgres
KC_DB_URL_HOST: db
KC_DB_USERNAME: keycloak
- KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
+ KC_DB_PASSWORD: {{ secret__keycloak_db_password }}
KC_HOSTNAME: https://id.hamburg.ccc.de
KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
@@ -46,7 +46,7 @@ services:
- "8080:8080"
db:
- image: postgres:15.2
+ image: postgres:15.13
restart: unless-stopped
networks:
- keycloak
@@ -54,7 +54,7 @@ services:
- "./database:/var/lib/postgresql/data"
environment:
POSTGRES_USER: keycloak
- POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
+ POSTGRES_PASSWORD: {{ secret__keycloak_db_password }}
POSTGRES_DB: keycloak
id-invite-web:
@@ -76,10 +76,10 @@ services:
- "IDINVITE_URL=https://invite.hamburg.ccc.de"
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
- "IDINVITE_VALID_HOURS=50"
- - "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}"
+ - "IDINVITE_SECRET={{ secret__idinvite_token_secret }}"
- "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
- "IDINVITE_CLIENT_ID=id-invite"
- - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
+ - "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
- "MAIL_FROM=no-reply@hamburg.ccc.de"
- "BOTTLE_HOST=0.0.0.0"
@@ -96,7 +96,7 @@ services:
- "MAIL_FROM=no-reply@id.hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
- - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}"
+ - "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}"
id-invite-keycloak:
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
@@ -107,10 +107,10 @@ services:
environment:
- "BOTTLE_HOST=0.0.0.0"
- "IDINVITE_CLIENT_ID=id-invite"
- - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
+ - "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
- "KEYCLOAK_API_URL=http://keycloak:8080"
- "KEYCLOAK_API_USERNAME=id-invite"
- - "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}"
+ - "KEYCLOAK_API_PASSWORD={{ secret__idinvite_admin_password }}"
- "KEYCLOAK_API_REALM=ccchh"
- 'KEYCLOAK_GROUPS=["user"]'
diff --git a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
index 372715d..2b0d919 100644
--- a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf
@@ -43,6 +43,7 @@ server {
allow 185.161.129.132/32; # z9
allow 2a07:c480:0:100::/56; # z9
+ allow 2a07:c481:1::/48; # z9 new ipv6
allow 213.240.180.39/32; # stbe home
allow 2a01:170:118b::1/64; # stbe home
deny all;
diff --git a/resources/chaosknoten/netbox/netbox/configuration.py.j2 b/resources/chaosknoten/netbox/netbox/configuration.py.j2
index 789a539..7648e7e 100644
--- a/resources/chaosknoten/netbox/netbox/configuration.py.j2
+++ b/resources/chaosknoten/netbox/netbox/configuration.py.j2
@@ -3,7 +3,7 @@ DATABASE = {
"HOST": "localhost",
"NAME": "netbox",
"USER": "netbox",
- "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}",
+ "PASSWORD": "{{ netbox__db_password }}",
}
REDIS = {
"tasks": {
@@ -23,7 +23,7 @@ REDIS = {
"SSL": False,
},
}
-SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SECRET_KEY', create=false, missing='error') }}"
+SECRET_KEY = "{{ secret__netbox_secret_key }}"
SESSION_COOKIE_SECURE = True
# CCCHH ID (Keycloak) integration.
@@ -38,7 +38,7 @@ SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = (
)
SOCIAL_AUTH_KEYCLOAK_KEY = "netbox"
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB"
-SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}"
+SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ secret__netbox_social_auth_keycloak_secret }}"
# Use custom OIDC group and role mapping pipeline functions added in via
# netbox__custom_pipeline_oidc_group_and_role_mapping.
# The default pipeline this is based on can be found here:
diff --git a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2
new file mode 100644
index 0000000..625e02f
--- /dev/null
+++ b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2
@@ -0,0 +1,24 @@
+---
+services:
+ ntfy:
+ image: binwiederhier/ntfy
+ container_name: ntfy
+ command:
+ - serve
+ volumes:
+ - ntfy_cache:/var/cache/ntfy
+ - ntfy_var:/var/lib/ntfy
+ - ./configs/server.yml:/etc/ntfy/server.yml
+ ports:
+ - 2586:2586
+ - 9586:9586
+ healthcheck: # optional: remember to adapt the host:port to your environment
+ test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:2586/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
+ interval: 60s
+ timeout: 10s
+ retries: 3
+ start_period: 40s
+ restart: unless-stopped
+volumes:
+ ntfy_cache: {}
+ ntfy_var: {}
diff --git a/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2
new file mode 100644
index 0000000..0a28f4f
--- /dev/null
+++ b/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2
@@ -0,0 +1,21 @@
+base-url: "https://ntfy.hamburg.ccc.de"
+default-host: "https://ntfy.hamburg.ccc.de"
+listen-http: ":2586"
+behind-proxy: true
+cache-file: "/var/cache/ntfy/cache.db"
+log-format: json
+
+enable-metrics: true
+metrics-listen-http: ":9586"
+
+auth-default-access: "deny-all"
+auth-file: "/var/lib/ntfy/user.db"
+
+attachment-cache-dir: "/var/cache/ntfy/attachments"
+
+web-push-public-key: "BCx7PqDiVNlOiAHHfSxjbTle_LN4hetwHYi58GJhQxiY33AQ663IaJVro7B28j-1KOqwdzKco3dMMwzBJl9OQ90"
+web-push-private-key: {{ secret__ntfy_web_push_private_key }}
+web-push-file: "/var/cache/ntfy/webpush.db"
+web-push-email-address: "mailto:noc@lists.hamburg.ccc.de"
+
+upstream-base-url: "https://ntfy.sh"
diff --git a/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf b/resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf
similarity index 60%
rename from resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf
rename to resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf
index 6c9d458..e7d404d 100644
--- a/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf
+++ b/resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf
@@ -2,7 +2,8 @@
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
# Listen on a custom port for the proxy protocol.
- listen 8443 ssl http2 proxy_protocol;
+ listen 8443 ssl proxy_protocol;
+ http2 on;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
@@ -12,12 +13,12 @@ server {
# header.
real_ip_header proxy_protocol;
- server_name netbox.eh22.easterhegg.eu;
+ server_name ntfy.hamburg.ccc.de;
- ssl_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/ntfy.hamburg.ccc.de/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
- ssl_trusted_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/chain.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
@@ -29,20 +30,18 @@ server {
proxy_set_header X-Forwarded-Port 443;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
- # Hide the X-Forwarded header.
- proxy_hide_header X-Forwarded;
- # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
- # is transparent).
- # Also provide "_hidden" for by, since it's not relevant.
- proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
-
- client_max_body_size 25m;
-
- location /static/ {
- alias /opt/netbox/netbox/static/;
- }
location / {
- proxy_pass http://127.0.0.1:8001;
+ proxy_pass http://127.0.0.1:2586;
+ proxy_http_version 1.1;
+
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_connect_timeout 3m;
+ proxy_send_timeout 3m;
+ proxy_read_timeout 3m;
+
+ client_max_body_size 0; # Stream request body to backend
}
}
diff --git a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
index 91c26a3..85ce7d2 100644
--- a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
@@ -14,4 +14,4 @@ services:
ports:
- "8080:80"
environment:
- JWT_SECRET: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/onlyoffice/JWT_SECRET", create=false, missing="error") }}
+ JWT_SECRET: {{ secret__onlyoffice_jwt_secret }}
diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
index 537cda0..ca29f1b 100644
--- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
@@ -6,7 +6,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=hedgedoc"
- - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
+ - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
- "POSTGRES_DB=hedgedoc"
volumes:
- database:/var/lib/postgresql/data
@@ -16,7 +16,7 @@ services:
#image: quay.io/hedgedoc/hedgedoc:1.9.9
image: quay.io/hedgedoc/hedgedoc:latest
environment:
- - "CMD_DB_URL=postgres://hedgedoc:{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}@database:5432/hedgedoc"
+ - "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc"
- "CMD_DOMAIN=pad.hamburg.ccc.de"
- "CMD_PROTOCOL_USESSL=true"
- "CMD_HSTS_ENABLE=false"
@@ -35,7 +35,7 @@ services:
- "CMD_OAUTH2_TOKEN_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
- "CMD_OAUTH2_AUTHORIZATION_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
- "CMD_OAUTH2_CLIENT_ID=pad"
- - "CMD_OAUTH2_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/KC_SECRET", create=false, missing="error") }}"
+ - "CMD_OAUTH2_CLIENT_SECRET={{ secret__hedgedoc_kc_secret }}"
- "CMD_OAUTH2_PROVIDERNAME=Keycloak"
- "CMD_OAUTH2_SCOPE=openid email profile"
volumes:
@@ -53,11 +53,11 @@ services:
environment:
- "POSTGRES_HOSTNAME=database"
- "POSTGRES_USERNAME=hedgedoc"
- - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
+ - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
- "SMTP_FROM=pad@hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=pad@hamburg.ccc.de"
- - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/smtp_password", create=false, missing="error") }}"
+ - "SMTP_PASSWORD={{ secret__pad_smtp_password }}"
- "URL=https://pad.hamburg.ccc.de"
depends_on:
- database
diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
index b210098..1eca33b 100644
--- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
@@ -6,7 +6,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=pretalx"
- - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
+ - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"
- "POSTGRES_DB=pretalx"
volumes:
- database:/var/lib/postgresql/data
@@ -53,13 +53,14 @@ services:
restart: unless-stopped
environment:
PRETALX_DATA_DIR: /data
+ PRETALX_FILE_UPLOAD_LIMIT: 1000 # MB
PRETALX_FILESYSTEM_MEDIA: /public/media
PRETALX_FILESYSTEM_STATIC: /public/static
PRETALX_SITE_URL: https://pretalx.hamburg.ccc.de
PRETALX_DB_TYPE: postgresql
PRETALX_DB_NAME: pretalx
PRETALX_DB_USER: pretalx
- PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
+ PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}"
PRETALX_DB_HOST: database
PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
PRETALX_MAIL_HOST: "cow-intern.hamburg.ccc.de"
@@ -89,13 +90,13 @@ services:
PRETALX_DB_TYPE: postgresql
PRETALX_DB_NAME: pretalx
PRETALX_DB_USER: pretalx
- PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
+ PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}"
PRETALX_DB_HOST: database
PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
PRETALX_MAIL_HOST: "cow.hamburg.ccc.de"
PRETALX_MAIL_PORT: 587
PRETALX_MAIL_USER: pretalx@hamburg.ccc.de
- PRETALX_MAIL_PASSWORD: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/PRETALX_MAIL_PASSWORD", create=false, missing="error") }}"
+ PRETALX_MAIL_PASSWORD: "{{ secret__pretalx_mail_password }}"
PRETALX_MAIL_TLS: "true"
PRETALX_CELERY_BACKEND: redis://redis/1
PRETALX_CELERY_BROKER: redis://redis/2
diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
index 4e0e8e3..e37ae7a 100644
--- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
+++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
@@ -70,8 +70,11 @@ map $host $upstream_acme_challenge_host {
design.hamburg.ccc.de 172.31.17.162:31820;
hydra.hamburg.ccc.de 172.31.17.163:31820;
cfp.eh22.easterhegg.eu 172.31.17.157:31820;
- hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820;
- netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:31820;
+ ntfy.hamburg.ccc.de 172.31.17.149:31820;
+ cryptoparty-hamburg.de 172.31.17.151:31820;
+ cryptoparty.hamburg.ccc.de 172.31.17.151:31820;
+ staging.cryptoparty-hamburg.de 172.31.17.151:31820;
+ staging.cryptoparty.hamburg.ccc.de 172.31.17.151:31820;
default "";
}
diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
index 4a7f84c..4fcc86b 100644
--- a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
+++ b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
@@ -88,8 +88,11 @@ stream {
design.hamburg.ccc.de 172.31.17.162:8443;
hydra.hamburg.ccc.de 172.31.17.163:8443;
cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443;
- hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443;
- netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:8443;
+ ntfy.hamburg.ccc.de 172.31.17.149:8443;
+ cryptoparty-hamburg.de 172.31.17.151:8443;
+ cryptoparty.hamburg.ccc.de 172.31.17.151:8443;
+ staging.cryptoparty-hamburg.de 172.31.17.151:8443;
+ staging.cryptoparty.hamburg.ccc.de 172.31.17.151:8443;
}
server {
diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
index 1f9d99d..d00a454 100644
--- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
@@ -4,7 +4,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=pretix"
- - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}"
+ - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"
- "POSTGRES_DB=pretix"
volumes:
- database:/var/lib/postgresql/data
diff --git a/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2 b/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
index 3f4af83..f1c119f 100644
--- a/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
+++ b/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
@@ -10,7 +10,7 @@ trust_x_forwarded_proto=on
backend=postgresql
name=pretix
user=pretix
-password={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}
+password={{ secret__pretix_db_password }}
host=database
[mail]
diff --git a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
index 8d345de..b2e8f4d 100644
--- a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2
@@ -11,7 +11,7 @@ see https://github.com/zammad/zammad-docker-compose/blob/master/.env
{%- set POSTGRES_DB = "zammad_production" | quote -%}
{%- set POSTGRES_HOST = "zammad-postgresql" | quote -%}
{%- set POSTGRES_USER = "zammad" | quote -%}
-{%- set POSTGRES_PASS = lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/zammad/DB_PASSWORD", create=false, missing="error") | quote -%}
+{%- set POSTGRES_PASS = secret__zammad_db_password | quote -%}
{%- set POSTGRES_PORT = "5432" | quote -%}
{%- set POSTGRES_VERSION = "15-alpine" | quote -%}
{%- set REDIS_URL = "redis://zammad-redis:6379" | quote -%}
diff --git a/resources/z9/dooris/docker_compose/compose.yaml.j2 b/resources/z9/dooris/docker_compose/compose.yaml.j2
new file mode 100644
index 0000000..38db85a
--- /dev/null
+++ b/resources/z9/dooris/docker_compose/compose.yaml.j2
@@ -0,0 +1,22 @@
+---
+
+services:
+ dooris:
+ image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest
+ environment:
+ HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56 172.31.200.0/23 172.31.202.0/27"
+ HMDOORIS_CCUJACK_CERTIFICATE_PATH: false
+ HMDOORIS_CCUJACK_PASSWORD: "{{ secret__dooris_ccujack_password }}"
+ HMDOORIS_CCUJACK_URL: https://hmdooris-ccu.ccchh.net:2122
+ HMDOORIS_CCUJACK_USERNAME: dooris
+ HMDOORIS_CLIENT_ID: dooris
+ HMDOORIS_CLIENT_SECRET: "{{ secret__dooris_client_secret }}"
+ HMDOORIS_DISCOVERY_URL: https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration
+ HMDOORIS_LISTEN: '0.0.0.0:3000'
+ HMDOORIS_REQUIRES_GROUP: /intern
+ HMDOORIS_URL: https://dooris.ccchh.net
+ PYTHONWARNINGS: "ignore:Unverified HTTPS request"
+ #DEBUG: true
+ ports:
+ - "127.0.0.1:3000:3000"
+ restart: unless-stopped
diff --git a/resources/z9/dooris/nginx/dooris.ccchh.net.conf b/resources/z9/dooris/nginx/dooris.ccchh.net.conf
new file mode 100644
index 0000000..c1ca082
--- /dev/null
+++ b/resources/z9/dooris/nginx/dooris.ccchh.net.conf
@@ -0,0 +1,37 @@
+# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
+server {
+ listen [::]:443 ssl http2;
+ listen 443 ssl http2;
+
+ server_name dooris.ccchh.net;
+
+ ssl_certificate /etc/letsencrypt/live/dooris.ccchh.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/dooris.ccchh.net/privkey.pem;
+ # verify chain of trust of OCSP response using Root CA and Intermediate certs
+ ssl_trusted_certificate /etc/letsencrypt/live/dooris.ccchh.net/chain.pem;
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Port 443;
+ # This is https in any case.
+ proxy_set_header X-Forwarded-Proto https;
+ # Hide the X-Forwarded header.
+ proxy_hide_header X-Forwarded;
+ # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
+ # is transparent).
+ # Also provide "_hidden" for by, since it's not relevant.
+ proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ location / {
+ proxy_pass http://127.0.0.1:3000/;
+ }
+}
diff --git a/resources/z9/yate/docker_compose/README.md b/resources/z9/yate/docker_compose/README.md
new file mode 100644
index 0000000..1977f4f
--- /dev/null
+++ b/resources/z9/yate/docker_compose/README.md
@@ -0,0 +1,12 @@
+# Yate Configuration
+
+Yate has a [beginners guide](https://docs.yate.ro/wiki/Beginners_in_Yate). Otherwise, you need to refer to the [sample config files](https://github.com/eventphone/yate/tree/master/conf.d).
+
+For our limited setup, we only need three files:
+* accfile.conf for defining SIP registrars that we want to register with (EPVPN, Fonial, and the Fux door intercom system)
+* regexroute.conf for the call routing rules
+* regfile.conf for the phones that connect to yate.ccchh.net
+
+## Docker Compose Setup
+
+yate runs as a container wiht host networking. The image is build through https://git.hamburg.ccc.de/CCCHH/yate-image, it is using the Eventphone fork of yate.
\ No newline at end of file
diff --git a/resources/z9/yate/docker_compose/accfile.conf.j2 b/resources/z9/yate/docker_compose/accfile.conf.j2
new file mode 100644
index 0000000..4ce65e3
--- /dev/null
+++ b/resources/z9/yate/docker_compose/accfile.conf.j2
@@ -0,0 +1,35 @@
+; Yate will register to these SIP services
+; see https://github.com/eventphone/yate/blob/master/conf.d/accfile.conf.sample
+
+[epvpn_ccchh]
+enabled=yes
+protocol=sip
+description=Eventphone EPVPN CCCHH
+username=1008
+authname=1008
+password={{ secret__yate__sip_trunk_epvpn }}
+interval=120
+registrar=hg.eventphone.de
+keepalive=1
+
+[fonial_ccchh]
+enabled=yes
+protocol=sip
+description=Fonial CCCHH
+username=fo370381tr317349_00
+authname=fo370381tr317349_00
+password={{ secret__yate__sip_trunk_fonial }}
+interval=120
+registrar=sip.plusnet.de
+keepalive=1
+
+[fux_intercom]
+enabled=yes
+protocol=sip
+description=Fux Intercom CCCHH doorbell
+username=1337
+authname=1337
+password={{ secret__yate__sip_trunk_fux }}
+interval=120
+registrar=172.16.210.2
+keepalive=1
diff --git a/resources/z9/yate/docker_compose/compose.yaml.j2 b/resources/z9/yate/docker_compose/compose.yaml.j2
new file mode 100644
index 0000000..e3d6614
--- /dev/null
+++ b/resources/z9/yate/docker_compose/compose.yaml.j2
@@ -0,0 +1,20 @@
+---
+
+services:
+ yate:
+ image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest
+ # command:
+ # - sh
+ # - "-c"
+ # - "while :; do sleep 10; done"
+ environment:
+ DEBUG: true
+ network_mode: host
+ # ports:
+ # - "127.0.0.1:3000:3000"
+ restart: unless-stopped
+ volumes:
+ - ./configs/accfile.conf:/opt/yate/etc/yate/accfile.conf
+ - ./configs/regexroute.conf:/opt/yate/etc/yate/regexroute.conf
+ - ./configs/regfile.conf:/opt/yate/etc/yate/regfile.conf
+ - ./lib-yate:/var/lib/yate
\ No newline at end of file
diff --git a/resources/z9/yate/docker_compose/regexroute.conf.j2 b/resources/z9/yate/docker_compose/regexroute.conf.j2
new file mode 100644
index 0000000..aeecf6b
--- /dev/null
+++ b/resources/z9/yate/docker_compose/regexroute.conf.j2
@@ -0,0 +1,100 @@
+; Call routing
+; see https://github.com/eventphone/yate/blob/master/conf.d/regexroute.conf.sample
+
+[priorities]
+; route: int: Priority of the routing message handler
+route=90
+
+[contexts]
+ ; INBOUND CALLS:
+${called}^1337$=inbound_fux
+${called}^1008$=inbound_epvpn
+${called}^04023830150$=inbound_fonial
+${called}^fo370381tr317349_00$=inbound_fonial
+;${called}.*=inbound
+
+;^[0-9]\{4\}$=inbound ; Calls from 4 digit numbers: EPVPN
+;^+\?[0-9]\{5,\}$=inbound ; Calls from longer numbers, optionally starting with +
+;^*\{1,2\}[0-9]\{1,3\}$=inbound ; Internal fritzbox calls
+
+ ; OUTBOUND CALLS:
+^[0-9]\{3\}=outbound
+^[a-z0-9]\{4,\}=outbound ; calls from internal users
+
+^.*$=fallback ; Whatever calls managed to not be handled yet
+
+[default] ; unused
+^.*$=echo [default]"\0"
+
+[test] ; unused
+^.*$=echo [test] "\0"
+^99991001$=tone/dial
+^99991002$=tone/busy
+^99991003$=tone/ring
+^99991004$=tone/specdial
+^99991005$=tone/congestion
+^99991006$=tone/outoforder
+^99991007$=tone/milliwatt
+^99991008$=tone/info
+
+; DEBUG HELPER
+; ^.*$=echo match \0 adr ${address} src ${callsource} form ${formats} id ${id} peer ${peerid} type ${type} user ${username} caller ${caller} called ${called}
+
+^[0-9]\{1,2\}$=return;called=\0
+
+
+[outbound] ; Calls from internal users
+^.*$=echo [outbound] "\0" ${caller}->${called} ; log for debug
+^[0-9]\{3\}$=jump internal
+^[0-9]\{1,2\}$=jump z9 ; To internal -> z9
+^.*$=echo [outbound] "\0" ${caller}->${called} ; log for debug
+^.*$=line/\0;line=epvpn_ccchh ; Route everything (.*) to the specified accfile line
+
+[inbound_epvpn]
+^.*$=echo [inbound_epvpn] ${caller}->${called}
+^.*$=return;callername=EPVPN ${caller};called=0 ; TODO which extension do we want to route to?
+
+[inbound_fux]
+^.*$=echo [inbound_fux] ${caller}->${called}
+^.*$=return;callername=Door ${caller};called=0 ; TODO which extension do we want to route to?
+
+[inbound_fonial]
+^.*$=echo [inbound_fonial] ${caller}->${called}
+^.*$=return;callername=Fonial ${caller};called=0 ; TODO which extension do we want to route to?
+
+[inbound] ; Calls from EPVPN or outside world
+^.*$=echo [inbound] "\0" ${caller}->${called} user:${user} callername:${callername} callsource:${callsource} ; log
+^.*$=return;callername=EXTERN ${caller};called=0 ; set call recipient to 0 (shared alias between
+ ; all clients in regfile.conf
+
+[internal]
+^.*$=echo [internal] "\0" ${caller}->${called}
+^110$=line/110;line=fonial_ccchh
+^112$=line/112;line=fonial_ccchh
+^115$=line/040115;line=fonial_ccchh
+^911$=line/112;line=fonial_ccchh
+^999$=line/112;line=fonial_ccchh
+; ^119$=line/01753288861;line=fonial_ccchh ; testing only stb cell number
+^.*$=return;called=\0
+
+[z9] ; Internal calls
+^.*$=echo [z9] "\0" ${caller}->${called} ; log
+
+ ; test service numbers
+^91$=sip/sip:ha@10.31.208.10:5060; called=ha;format=opus ; Homeassistant
+^98$=external/playrec/echo.sh ; Echotest
+^99$=external/play/tts.sh;mode=text;text=Hallo Hallo Hallo ; TTS test
+
+^.*$=return;called=\0 ; Any remaining internal calls to all
+ ; Context: Calls to regfile.conf aliases are always
+ ; handled directly and should never get here
+
+
+[special]
+^.*$=echo [special] "\0"
+^.*$=tone/info
+
+[fallback]
+^.*$=echo [fallback] \0 adr ${address} src ${callsource} form ${formats} id ${id} peer ${peerid} type ${type} user ${username} caller ${caller} called ${called}
+^*\{1,2\}[0-9]\{1,3\}$=jump outbound
+^.*$=tone/busy
diff --git a/resources/z9/yate/docker_compose/regfile.conf.j2 b/resources/z9/yate/docker_compose/regfile.conf.j2
new file mode 100644
index 0000000..95cf70d
--- /dev/null
+++ b/resources/z9/yate/docker_compose/regfile.conf.j2
@@ -0,0 +1,37 @@
+; YATE offers registration to these SIP devices (ie. phones)
+; see https://github.com/eventphone/yate/blob/master/conf.d/regfile.conf.sample
+
+route=100
+file=/var/lib/yate/regfile.swap
+
+[501]
+password={{ secret__yate__sip_extension_legacy }}
+alternatives=0,1008,1337
+callername=Legacy
+# Yealink im großen Raum am Fenster
+
+[502]
+password={{ secret__yate__sip_extension_flausch}}
+alternatives=0,1008,1337
+callername=Flausch
+# Yealink im großen Raum am Sofa
+
+[503]
+password={{ secret__yate__sip_extension_ewerkstatt }}
+alternatives=0,1008,1337
+callername=E-Werkstatt
+# Yealink in der E-Werkstatt
+
+[610]
+password={{ secret__yate__sip_extension_fritzbox_dect1 }}
+alternatives=0,1008,1337
+callername=DECT-1
+
+[611]
+password={{ secret__yate__sip_extension_fritzbox_dect2 }}
+alternatives=0,1008,1337
+callername=DECT-2
+
+[100]
+password=test100
+callername=stb 100
diff --git a/roles/deploy_ssh_server_config/handlers/main.yaml b/roles/deploy_ssh_server_config/handlers/main.yaml
index 001bbe4..721a348 100644
--- a/roles/deploy_ssh_server_config/handlers/main.yaml
+++ b/roles/deploy_ssh_server_config/handlers/main.yaml
@@ -1,3 +1,5 @@
-- name: reboot the system
+- name: restart the ssh service
+ ansible.builtin.systemd:
+ name: ssh.service
+ state: restarted
become: true
- ansible.builtin.reboot:
diff --git a/roles/deploy_ssh_server_config/tasks/main.yaml b/roles/deploy_ssh_server_config/tasks/main.yaml
index f5d00f5..4350790 100644
--- a/roles/deploy_ssh_server_config/tasks/main.yaml
+++ b/roles/deploy_ssh_server_config/tasks/main.yaml
@@ -12,8 +12,7 @@
group: root
src: sshd_config.j2
notify:
- # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
- - reboot the system
+ - restart the ssh service
- name: deactivate short moduli
ansible.builtin.shell:
@@ -32,5 +31,4 @@
changed_when:
- '"ansible-changed" in result.stdout'
notify:
- # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
- - reboot the system
+ - restart the ssh service
diff --git a/roles/docker_compose/defaults/main.yaml b/roles/docker_compose/defaults/main.yaml
index 76831d6..7c083ba 100644
--- a/roles/docker_compose/defaults/main.yaml
+++ b/roles/docker_compose/defaults/main.yaml
@@ -1 +1,2 @@
docker_compose__configuration_files: [ ]
+docker_compose__restart_cmd: ""
\ No newline at end of file
diff --git a/roles/docker_compose/handlers/main.yaml b/roles/docker_compose/handlers/main.yaml
index 96c5ab3..f974335 100644
--- a/roles/docker_compose/handlers/main.yaml
+++ b/roles/docker_compose/handlers/main.yaml
@@ -4,3 +4,9 @@
chdir: /ansible_docker_compose
become: true
changed_when: true # This is always changed.
+- name: docker compose reload script
+ ansible.builtin.command:
+ cmd: /usr/bin/docker compose {{ docker_compose__restart_cmd }}
+ chdir: /ansible_docker_compose
+ become: true
+ when: docker_compose__restart_cmd != ""
diff --git a/roles/docker_compose/tasks/main.yaml b/roles/docker_compose/tasks/main.yaml
index d11d826..af7f717 100644
--- a/roles/docker_compose/tasks/main.yaml
+++ b/roles/docker_compose/tasks/main.yaml
@@ -60,6 +60,7 @@
become: true
loop: "{{ docker_compose__configuration_files }}"
# notify: docker compose down
+ notify: docker compose reload script
- name: Flush handlers to make "docker compose down" handler run now
ansible.builtin.meta: flush_handlers
diff --git a/roles/kitchenowl/README.md b/roles/kitchenowl/README.md
new file mode 100644
index 0000000..2edaf16
--- /dev/null
+++ b/roles/kitchenowl/README.md
@@ -0,0 +1,39 @@
+# Ansible Kitchenowl deployment with docker
+
+## Introduction
+
+KitchenOwl is a smart self-hosted grocery list and recipe manager. Easily add items to your shopping list before you go shopping. You can also create recipes and get suggestions on what you want to cook. Track your expenses so you know how much you've spent.
+
+- Native Mobile/Web/Desktop apps with a great design
+- Add items to your shopping list and sync them in real-time with multiple users
+- Partial offline support, so you don't lose track of what to buy even when there is no signal
+- Manage recipes and add them to your shopping list
+- Share recipes with friends and family
+- Create a meal plan to always know what you'll be eating
+- Manage balances and track expenses of your household
+
+Checkout more: https://github.com/tombursch/kitchenowl
+
+## Why docker
+
+Whilst I try to refrain from using docker, especially together with ansible, it is the recommended way of installation: https://docs.kitchenowl.org/latest/self-hosting/ .
+
+One could also decide to build from source, but I fear that the chance of brakage is higher than just using docker.
+
+### Notice
+
+This role does not care about creating a rootless docker installation and should primarily used inside a vm.
+
+Checkout https://docs.docker.com/engine/security/rootless/ or https://wiki.archlinux.org/title/Docker#Rootless_Docker_daemon for more information on rootless docker.
+
+## Variables
+
+See [defaults](./defaults/main.yml) for needed variables.
+
+### OIDC
+
+OIDC can be used as decribed in https://docs.kitchenowl.org/latest/self-hosting/oidc/ by enabling `kitchenowl_oidc` and using the respected variables.
+
+### Secrets
+
+Please use secrets as described in [README#Secrets](../../README.md#secrets)
\ No newline at end of file
diff --git a/roles/kitchenowl/defaults/main.yml b/roles/kitchenowl/defaults/main.yml
new file mode 100644
index 0000000..ad69fcc
--- /dev/null
+++ b/roles/kitchenowl/defaults/main.yml
@@ -0,0 +1,10 @@
+kitchenowl_dockertag: "latest"
+kitchenowl_port: "80"
+kitchenowl_path: "/opt/kitchenowl"
+kitchenowl_jwt: USESECRET
+kitchenowl_oidc:
+ enabled: false
+ front_url:
+ oidc_issuer:
+ oidc_client_id:
+ oidc_client_secret:
diff --git a/roles/kitchenowl/handlers/main.yml b/roles/kitchenowl/handlers/main.yml
new file mode 100644
index 0000000..63eda54
--- /dev/null
+++ b/roles/kitchenowl/handlers/main.yml
@@ -0,0 +1,18 @@
+- name: docker compose down
+ community.docker.docker_compose_v2:
+ project_src: "{{ kitchenowl_path }}"
+ state: absent
+
+- name: docker compose up
+ community.docker.docker_compose_v2:
+ project_src: "{{ kitchenowl_path }}"
+
+- name: docker compose stop
+ community.docker.docker_compose_v2:
+ project_src: "{{ kitchenowl_path }}"
+ state: stopped
+
+- name: docker compose restart
+ community.docker.docker_compose_v2:
+ project_src: "{{ kitchenowl_path }}"
+ state: restarted
diff --git a/roles/kitchenowl/tasks/main.yml b/roles/kitchenowl/tasks/main.yml
new file mode 100644
index 0000000..530d468
--- /dev/null
+++ b/roles/kitchenowl/tasks/main.yml
@@ -0,0 +1,41 @@
+- name: Install latest docker & docker-compose package
+ ansible.builtin.package:
+ name:
+ - docker
+ - docker-compose
+ state: present
+
+- name: Start and enable docker service
+ ansible.builtin.service:
+ name: docker
+ state: started
+ enabled: true
+
+- name: Ensure kitchenowl directory exists
+ ansible.builtin.file:
+ path: "{{ kitchenowl_path }}"
+ state: directory
+ owner: root
+ group: root
+ mode: '0755'
+
+- name: Ensure kitchenowl docker-compose.yaml
+ ansible.builtin.template:
+ src: docker-compose.j2
+ dest: "{{ kitchenowl_path }}/docker-compose.yml"
+ owner: root
+ group: root
+ mode: '0644'
+ notify: docker compose up
+ register: output
+
+- name: Ensure latest kitchenowl image pulled
+ community.docker.docker_compose_v2_pull:
+ project_src: "{{ kitchenowl_path }}"
+ notify:
+ - docker compose down
+ - docker compose up
+
+- name: Show results
+ ansible.builtin.debug:
+ var: output
diff --git a/roles/kitchenowl/templates/docker-compose.j2 b/roles/kitchenowl/templates/docker-compose.j2
new file mode 100644
index 0000000..10ad91f
--- /dev/null
+++ b/roles/kitchenowl/templates/docker-compose.j2
@@ -0,0 +1,24 @@
+services:
+ front:
+ image: tombursch/kitchenowl-web:{{ kitchenowl_dockertag }}
+ restart: unless-stopped
+ ports:
+ - "{{ kitchenowl_port }}:80"
+ depends_on:
+ - back
+ back:
+ image: tombursch/kitchenowl-backend:{{ kitchenowl_dockertag }}
+ restart: unless-stopped
+ environment:
+ - JWT_SECRET_KEY={{ kitchenowl_jwt }}
+{% if kitchenowl_oidc['enabled'] %}
+ - FRONT_URL={{ kitchenowl_oidc['front_url'] }}
+ - OIDC_ISSUER={{ kitchenowl_oidc['oidc_issuer'] }}
+ - OIDC_CLIENT_ID={{ kitchenowl_oidc['oidc_client_id'] }}
+ - OIDC_CLIENT_SECRET: {{ kitchenowl_oidc['oidc_client_secret'] }}
+{% endif %}
+ volumes:
+ - kitchenowl_data:/data
+
+volumes:
+ kitchenowl_data:
\ No newline at end of file
diff --git a/roles/nginx/defaults/main.yaml b/roles/nginx/defaults/main.yaml
index e4d4fb0..2e56dac 100644
--- a/roles/nginx/defaults/main.yaml
+++ b/roles/nginx/defaults/main.yaml
@@ -4,3 +4,5 @@ nginx__deploy_logging_conf: true
nginx__configurations: [ ]
nginx__use_custom_nginx_conf: false
nginx__custom_nginx_conf: ""
+nginx__deploy_htpasswds: false
+nginx__htpasswds: [ ]
diff --git a/roles/nginx/meta/argument_specs.yaml b/roles/nginx/meta/argument_specs.yaml
index 866cb81..f2cb1d7 100644
--- a/roles/nginx/meta/argument_specs.yaml
+++ b/roles/nginx/meta/argument_specs.yaml
@@ -34,3 +34,19 @@ argument_specs:
type: str
required: false
default: ""
+ nginx__deploy_htpasswds:
+ type: bool
+ required: false
+ default: false
+ nginx__htpasswds:
+ type: list
+ elements: dict
+ required: false
+ default: [ ]
+ options:
+ name:
+ type: str
+ required: true
+ content:
+ type: str
+ required: true
diff --git a/roles/nginx/tasks/main/04_config_deploy.yaml b/roles/nginx/tasks/main/04_config_deploy.yaml
index 38dbfc1..7dba579 100644
--- a/roles/nginx/tasks/main/04_config_deploy.yaml
+++ b/roles/nginx/tasks/main/04_config_deploy.yaml
@@ -131,6 +131,20 @@
label: "{{ item.name }}"
notify: Restart nginx
+- name: Ensure all given htpasswd files are deployed
+ when: nginx__deploy_htpasswds
+ ansible.builtin.copy:
+ content: "{{ item.content }}"
+ dest: "/etc/nginx/{{ item.name }}.htpasswd"
+ mode: "0644"
+ owner: root
+ group: root
+ become: true
+ loop: "{{ nginx__htpasswds }}"
+ loop_control:
+ label: "{{ item.name }}"
+ notify: Restart nginx
+
- name: Add names with suffixes from `nginx__configurations` to `nginx__config_files_to_exist` fact
ansible.builtin.set_fact:
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ item.name + '.conf' ] }}" # noqa: jinja[spacing]