diff --git a/.ansible-lint b/.ansible-lint index f68da38..6b5f8aa 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -4,3 +4,4 @@ skip_list: exclude_paths: - .forgejo/ + - "**/*.sops.yaml" diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml index 1002532..a867c13 100644 --- a/.forgejo/workflows/lint.yaml +++ b/.forgejo/workflows/lint.yaml @@ -10,7 +10,7 @@ jobs: name: Ansible Lint runs-on: docker steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - name: Install pip run: | apt update @@ -24,7 +24,7 @@ jobs: # work in our environmnet. # Rather manually setup python (pip) before instead. - name: Run ansible-lint - uses: https://github.com/ansible/ansible-lint@v24.10.0 + uses: https://github.com/ansible/ansible-lint@d7cd7cfa2469536527aceaef9ef2ec6f2fb331cb # v25.9.2 with: setup_python: "false" requirements_file: "requirements.yml" diff --git a/.gitignore b/.gitignore index e69de29..424bd26 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +.ansible/ diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..98aaf3c --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,167 @@ +keys: + admins: + gpg: &admin_gpg_keys + - &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70 + - &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505 + - &admin_gpg_june 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB + - &admin_gpg_lilly D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - &admin_gpg_langoor 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + hosts: + chaosknoten: + age: &host_chaosknoten_age_keys + - &host_netbox_ansible_pull_age_key age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3 + - &host_cloud_ansible_pull_age_key age1gdfhx5hy829uqkw4nwjwlpvl7zqvljguzsnjv0dpwz5q5u7dtf6s90wndt + - &host_eh22_wiki_ansible_pull_age_key age13nm6hfz66ce4wpn89fye05mag3l3h04etvz6wj7szm3vzrdlfupqhrp3fa + - &host_grafana_ansible_pull_age_key age1jtusr294t8mzar2qy857v6s329ret9s353y4kuulxwnlyy4dvpjsvyl67m + - &host_onlyoffice_ansible_pull_age_key age1a27euccw8j23wec76ls8vmzp7mntfcn4v8tkyegmg8alzfhk3suqwm6vgv + - &host_pretalx_ansible_pull_age_key age133wy6sxhgx3kkwxecra6xf9ey2uhnvtjpgwawwfmpvz0jpd0s5dqe385u3 + - &host_sunders_ansible_pull_age_key age1na0nh9ndnr9cxpnlvstrxskr4fxf4spnkw48ufl7m43f98y40y7shhnvgd + - &host_wiki_ansible_pull_age_key age1sqs05anv4acculyap35e6vehdxw3g6ycwnvh6hsuv8u33re984zsnqfvqv + - &host_renovate_ansible_pull_age_key age18qam683rva3ee3wgue7r0ey4ws4jttz4a4dpe3q8kq8lmrp97ezq2cns8d + - &host_ccchoir_ansible_pull_age_key age19rg2cuj9smv8nzxmr03azfqe69edhep53dep6kvh83paf08zv58sntm0fg + - &host_tickets_ansible_pull_age_key age16znyzvquuy8467gg27mdwdt8k6kcu3fjrvfm6gnl4nmqp8tuvqaspqgcet + - &host_keycloak_ansible_pull_age_key age1azkgwrcwqhc6flj7gturptpl2uvay6pd94cam4t6yuk2n4wlnsqsj38hca + - &host_lists_ansible_pull_age_key age17x20h3m6wgfhereusc224u95ac8aj68fzlkkj5ptvs9c5vlz3usqdu7crq + - &host_mumble_ansible_pull_age_key age1wnympe3x8ce8hk87cymmt6wvccs4aes5rhhs44hq0s529v5z4g5sfyphwx + - &host_pad_ansible_pull_age_key age172pk7lyc6p4ewy0f2h6pau5d5sz6z8cq66hm4u4tpzx3an496a2sljx7x5 + - &host_public_reverse_proxy_ansible_pull_age_key age1p7pxgq5kwcpdkhkh3qq4pvnltrdk4gwf60hdhv8ka0mdxmgnjepqyleyen + - &host_zammad_ansible_pull_age_key age1sv7uhpnk9d3u3je9zzvlux0kd83f627aclpamnz2h3ksg599838qjgrvqs + - &host_ntfy_ansible_pull_age_key age1dkecypmfuj0tcm2cz8vnvq5drpu2ddhgnfkzxvscs7m4e79gpseqyhr9pg +creation_rules: + # group vars + - path_regex: inventories/chaosknoten/group_vars/all.* + key_groups: + - pgp: + *admin_gpg_keys + age: + *host_chaosknoten_age_keys + # host vars + - path_regex: inventories/chaosknoten/host_vars/cloud.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_cloud_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/keycloak.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_keycloak_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/grafana.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_grafana_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/pad.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_pad_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/ccchoir.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_ccchoir_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/pretalx.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_pretalx_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/netbox.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_netbox_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/tickets.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_tickets_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/onlyoffice.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_onlyoffice_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/zammad.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_zammad_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/ntfy.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_ntfy_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/eh22-wiki.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_eh22_wiki_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/sunders.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_sunders_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/wiki.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_wiki_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/renovate.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_renovate_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/lists.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_lists_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/mumble.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_mumble_ansible_pull_age_key + - path_regex: inventories/chaosknoten/host_vars/public-reverse-proxy.* + key_groups: + - pgp: + *admin_gpg_keys + age: + - *host_public_reverse_proxy_ansible_pull_age_key + - path_regex: inventories/z9/host_vars/dooris.* + key_groups: + - pgp: + *admin_gpg_keys + - path_regex: inventories/z9/host_vars/yate.* + key_groups: + - pgp: + *admin_gpg_keys + # general + - key_groups: + - pgp: + *admin_gpg_keys +stores: + yaml: + indent: 2 diff --git a/README.md b/README.md index 6906a7f..5a3d90c 100644 --- a/README.md +++ b/README.md @@ -17,10 +17,15 @@ ansible-galaxy install -r requirements.yml ## Secrets -Grundsätzlich sollten Secrets vermieden werden. (Also z.B.: Nutze SSH Keys statt Passwort.) +Generally try to avoid secrets (e.g. use SSH keys instead of passwords). -Da Secrets aber durchaus doch gebraucht werden, werden diese dann in diesem Repo direkt aus dem [password-store](https://git.hamburg.ccc.de/CCCHH/password-store) (meist aus einem Sub-Eintrag des `noc/` Ordners) geladen. -Dies geschieht mit Hilfe des `community.general.passwordstore` lookup Plugins. +Because secrets are nonetheless needed sometimes, we use [SOPS](https://github.com/getsops/sops) to securely store secrets in this repository. +SOPS encrypts secrets according to "creation rules" which are defined in the `.sops.yaml`. +Generally all secrets get encrypted for all GPG-keys of all members of the infrastructure team. +Ansible then has access to the secrets with the help of the [`community.sops.sops` vars plugin](https://docs.ansible.com/ansible/latest/collections/community/sops/docsite/guide.html#working-with-encrypted-variables), which is configured in this repository. +A local Ansible run then uses the locally available GPG-key to decrypt the secrets. + +For a tutorial on how to set up secrets using SOPS for a new host, see [Setting Up Secrets Using SOPS for a New Host](./docs/setting_up_secrets_using_sops_for_a_new_host.md). ## Playbook nur für einzelne Hosts ausführen diff --git a/ansible.cfg b/ansible.cfg index ca06548..654da28 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,6 +1,4 @@ [defaults] inventory = ./inventories/z9/hosts.yaml pipelining = True - -[passwordstore_lookup] -backend = pass +vars_plugins_enabled = host_group_vars,community.sops.sops diff --git a/collections/requirements.yaml b/collections/requirements.yaml index a24c121..cec061f 100644 --- a/collections/requirements.yaml +++ b/collections/requirements.yaml @@ -1,3 +1,4 @@ --- collections: - community.general + - grafana.grafana.alloy diff --git a/docs/setting_up_secrets_using_sops_for_a_new_host.md b/docs/setting_up_secrets_using_sops_for_a_new_host.md new file mode 100644 index 0000000..c88315f --- /dev/null +++ b/docs/setting_up_secrets_using_sops_for_a_new_host.md @@ -0,0 +1,20 @@ +# Setting Up Secrets Using SOPS for a New Host + +Because we're using the `community.sops.sops` vars plugin, the SOPS-encrypted secrets get stored in the inventory. + +1. Add a new creation rule for the hosts `host_vars` file in the sops config at `.sops.yaml`. + It should probably hold all admin keys. + You can use existing creation rules as a reference. +2. Create a SOPS secrets file in the `host_vars` subdirectory of the relevant inventory. + The name of the file should be in the format `[HOSTNAME].sops.yaml` to get picked up by the vars plugin and to match the previously created creation rule. + This can be accomplished with a command similar to this: + ``` + sops inventories/[chaosknoten|z9]/host_vars/[HOSTNAME].secrets.yaml + ``` +3. With the editor now open, add the secrets you want to store. + Because we're using the `community.sops.sops` vars plugin, the stored secrets will be exposed as Ansible variables. + Also note that SOPS only encrypts the values, not the keys. + When now creating entries, try to adhere to the following variable naming convention: + - Prefix variable names with `secret__`, if they are intended to be used in a template file or similar. (e.g. `secret__netbox_secret_key: secret_value`) + - Otherwise, if the variable is directly consumed by a role or similar, directly set the variable. (e.g. `netbox__db_password: secret_value`) +4. Now that the secrets are stored, they are exposed as variables and can simply be used like any other variable. diff --git a/inventories/chaosknoten/group_vars/all.sops.yaml b/inventories/chaosknoten/group_vars/all.sops.yaml new file mode 100644 index 0000000..ebc53b7 --- /dev/null +++ b/inventories/chaosknoten/group_vars/all.sops.yaml @@ -0,0 +1,363 @@ +msmtp__smtp_password: ENC[AES256_GCM,data:xcBVBTb6mfr5Ubyfga9ibKWKhrfrEEaDWD98vIbX8fl8lQ4YTovg8Ax1HTK4UQ6AkJGHq2A0D5B67KUTlp9eLw==,iv:TOp1G1LktRPj/KMCRU5CXBUsgKOqGssUvvk5oY0QnPM=,tag:SVBdDQy+fM0xeEToappP+A==,type:str] +sops: + age: + - recipient: age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1S0d6cnB5UGJEZlNKcEpD + NGQyYTNwS0E1TjZTbkdaNXlTVHFyendtT3g4Ck0xRkJhZHR2a1RJVDd3bUE5RTl6 + SVZrN0NIR2VKeTl6Qk9oTUd6VDdQYlEKLS0tIE82YXFoVkQ4bk1SRTU2YTZ0eVF4 + akdQTFBoY1B1aVZHSGw4bXJPZTd0MHMKnchC61XZk3cPfe7QjijW5uBlDkf2Sjc3 + /Spp+9cuf9jIJvFg+h3EY7CLAMVyAK59WnODM0HvQNhreXRg8CgK2g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1gdfhx5hy829uqkw4nwjwlpvl7zqvljguzsnjv0dpwz5q5u7dtf6s90wndt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSWW1ScXNWSEo3S1RpYitK + aEVsWklvS3Ryc2pqakpUc05mejIwWi9GaG1ZCk90UXdKVVZzdXBuTXowTURDekhM + NlJEbU5teThWaCs3R1ltUHBRMWVncGMKLS0tIGszeDJ0ekJIK2FYUW9Xdjcyc0Rl + Rlp0RXNhc1N5UXdmMG1NMkNoYkZZNkEK96GpdskKEXHK/ZQFSN+Y//wygKmnxP2b + ukFolURV7qlQVamWuDoUC/ToQtl3bU0jce/STQjGY67OwG5kecxEKw== + -----END AGE ENCRYPTED FILE----- + - recipient: age13nm6hfz66ce4wpn89fye05mag3l3h04etvz6wj7szm3vzrdlfupqhrp3fa + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVYzlXY0FvUEtIa3BVTjUv + MzI3cE8vbVd6WWF3Q2J5RlRISW5kOU1XZEJjClFsS3VlbXZHVDlWMWZMUGwzdTFC + K0xpV3FjRGJmWThDbklNbFByLy9FTXcKLS0tIGpMYlM5S3dodTBhWDY0TjNkT0p4 + WWpCdVN4cjIwMCtRZXJCR0kvWmV2TDQKeAE9hmGim0wdG7AC9Ypk1/zAOvpWEc9w + B5j3MGmJiDV5vqZ6YDJ158fkB3s3XDIohaTP0XT5Y1zEDnn0ee62zA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1jtusr294t8mzar2qy857v6s329ret9s353y4kuulxwnlyy4dvpjsvyl67m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1cXdneDFCNUxZR2VYVXpo + RzhwNFZnYnhzOXBrTmQ5NlNhUThsbjA4ZENnCjRWVXpzb1lZcjNQeUVoY0lkZTRj + bVU1S2thNzg4T2UyaGFqdDlvLzRJVFEKLS0tIFBIMEIvaWtPU08vR1crSGxUSklx + Ujh3bDFVdktOOVdvbVNrRGEvM0ZiczgKDAvWbY515jRhcWEkZrNNmtBsSwchclVz + FvnQB3G8ZIxJliJCkOHrFokvRskCHt9KJNZogqPtGF9a5OWcKkWgNQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a27euccw8j23wec76ls8vmzp7mntfcn4v8tkyegmg8alzfhk3suqwm6vgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdkpuODFJZ2xPT3NOT3ZP + MmVuSkx1UmdwWVBEZzJQOUNodUpvUlJrSlNnCjJBT1AyNzZmNC9sZytNaGpEOUZT + Tmx3VkdRVGNHOGJkZzgrZmFmRFFFY3cKLS0tIDZONHQ3SUh1bXM0LytmYUVZSmRZ + VmEzUkRqdnUvc0s3SmRNcmpZRndvVUUKHRo25oFVNtzJlTqkQ03znzH+Ce8j2rgO + Bt/HQ2tJC/0PL67zjCr4oyxWs2RfSuswM6pGh3TXmSkUawzzyMAPTA== + -----END AGE ENCRYPTED FILE----- + - recipient: age133wy6sxhgx3kkwxecra6xf9ey2uhnvtjpgwawwfmpvz0jpd0s5dqe385u3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMd3dwQ290Q3JCclBPbS9X + S1pnNVU5YlJjZkkzTEtuWWhlcmh6cEtMZmd3Cis2MW5henJ0dWZwNnpTcy9ia3Uz + QThPMlpBN0lkZVI3d1RqQ1pGeDkwTVkKLS0tIElGYWR6QXdkTS91cGRQVUZPZWVE + aXNhWGFQWncybG5ycTF3bGUxUEdRYlEKXMlP+iC1L+lCeFB9rnyDE6tKMNiqFAQQ + lvQKLGvZVRMk7RNR/OWb2IsZNtK3yGAgqjGpb8UwZKjUwYwgBzkklQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1na0nh9ndnr9cxpnlvstrxskr4fxf4spnkw48ufl7m43f98y40y7shhnvgd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0enhNVHF0eHZkTlB3bTZN + ZWJaVDc5TUkrSHFFTnJ0UE9hTEg0Tkt0OVNFClFCNTlsTUJlQ1MySkdFa2o0WGRB + VWUzbkxFTkxQMVBqTXJtNEVCb2ZPYW8KLS0tIDR6ZXdoOWNwbjdNcmtxS2FBd1Zx + dWVLVUlZWEh0UWRXTlhYV3ZTT01ZQXcKz/ughevubxHCk315eL6WV0JETo4tblck + t2b4h0kcDpFO6aPCHBSX69QOLJpBCBnKI8ZBlxgTdTDLFlScG/8HRw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1sqs05anv4acculyap35e6vehdxw3g6ycwnvh6hsuv8u33re984zsnqfvqv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MGlobGt4MG5YbXhYVWM5 + SDlraHdnR0srZDF2T1FicVFGR3IvNzBhMkVFCm9Nc1JnZ2toOGUzbDZ6cTRTajc3 + SVk0U2JlSStWQXFYY3htOTh2Uy80aDQKLS0tIHRkRkNwb1Q5dTZ5cDVoVXIwcmVi + MXBDdzdWZi84OXRRMUt2Mnh5QStLZWcKR/1GROkmyQWyY2GcZGplX8vYqHoeqvvX + ioWRF+QaK3GpgHOaSFybFt3r8wfeILbQ7zMs9qMARTg0kVMVvE/8pA== + -----END AGE ENCRYPTED FILE----- + - recipient: age18qam683rva3ee3wgue7r0ey4ws4jttz4a4dpe3q8kq8lmrp97ezq2cns8d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeGV1VTA3R0FsMkdKYWo5 + K0VFK3VFR3Z5bmdmS2QzR0hRTWRvOEFEclgwCm9MQUZQSjZqVXJVQ3FoUTMzWjU4 + Q0luVDE0RUhUNmZGSlZXYWEwNHprS2cKLS0tIHBRQnZibGkrUmU3OHNHVjcvelVF + UEtad0g0T1JZRFYxUnpiblNIV0VybE0KVCw68UXleN43Qi/MSFpyGjrbwZS/EtWw + tbfZMPLalJ52pv4cxT4nrPfipoUyX7tHxEEd2f1SDzt5RUk0TO7ojA== + -----END AGE ENCRYPTED FILE----- + - recipient: age19rg2cuj9smv8nzxmr03azfqe69edhep53dep6kvh83paf08zv58sntm0fg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4QXVVSlZ2QXA5NWN6Zllh + REQ3UE05eWkrUHdyL3FRUHJMTkE3QWtwbENnClBGdnFhT3NzWEJKM0YzT3RpS2FY + cnNaczRIRUEzSDgxejNjbTdoaERiRkEKLS0tIEdOOHdISkF0YnNpcFNKekVLYWVN + allIenQ4OFoyaEdCK1YrM0tpM0FHRjAKwrOJS9RGCHS7lcPX+eufZnEjaIvO3f73 + RWThSP0d2iy/vul18hdLF8PqKE2Hy0j6lvs9qhvwI1EQa53zHAWRDg== + -----END AGE ENCRYPTED FILE----- + - recipient: age16znyzvquuy8467gg27mdwdt8k6kcu3fjrvfm6gnl4nmqp8tuvqaspqgcet + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYmNHaUcvMitRcklkbkU3 + VDRyQnhhak82d2I4MnRKMk1qdTU3bDRzdlUwCnBzSEJHZmRTazZ3Rktmc2FKaXJC + cnJiMU9oUW03Q3dlbGtTZWNtZXZqZk0KLS0tIHVTNU1QU2dRQ3JMclhqQjN1VjBK + dHgrU2EyT0FHUng2L0R6dFFZSU1kU1UK2x72pMCRGCz/cyekHrTY/vXhxACPGjYn + PxEXKoi70Dq9ox3ggknmE6JLZqMvFoudLoE2GAzvimFomYWb4e3NmQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1azkgwrcwqhc6flj7gturptpl2uvay6pd94cam4t6yuk2n4wlnsqsj38hca + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArMVhJOFh6TTg5RFkybnBy + T3ozZ2MvZ2lCVFBvWW1jRElmNFBIUU05MkdjCnZZR0FjUUJlQXR1bnBGU3NPc2t2 + a3hKVzJZbzNWMkd3dENMUzQ3bk14YTQKLS0tIG5kSEdYS3dLcXdlOXBmWTVzNDFt + ekdmK0Zid3A0aUNHUHhmeHp2NHFZMlEKb6116XqAHYMl7P4RFRcz0IlZfx1/buby + V8y9TiECFZfWhuY3XaES99wjPw06nGszn/U29C1XtZZ0pc5Soc3dxw== + -----END AGE ENCRYPTED FILE----- + - recipient: age17x20h3m6wgfhereusc224u95ac8aj68fzlkkj5ptvs9c5vlz3usqdu7crq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhMVZWQlRZVnY2ZnZweW0x + VmswdHpRUjVrNytaS2lZNHdsYXM3WHVCVGlNCmJ0ME9LYjFWTkVrZ1QwOHdtempG + dEJ4NGpPcHZabGxJdFJNNStxTm9nREEKLS0tIFB5NkZnZTZjL29YRlZVZEJJOHNu + ejRmc0V5RzVwY3BtVGpIY3lqVGt3SGMKvSFU/FZw3CeOrkbVKqz9Nsfmw/DU/obE + 6bIs15L7m9hOzqj8PeQYv09NO83WCfYj4cjh+Jsdtlvtz8Fz7yt2eA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1wnympe3x8ce8hk87cymmt6wvccs4aes5rhhs44hq0s529v5z4g5sfyphwx + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUVhSY2JnZUFjS1lySGlC + MUdVdTF1S2xLdDlVODk3Qm1FZ0RxQTdkQ3pnCmFPYVg1dDN0amtoOUdKQWFRNVJS + ZkhCM3VFbUc5RHJHS1ZJbit1N05OLzgKLS0tIEhCMmRFN3hLNDFlTkpzUWYvR2R3 + Y0RZSHZrbnJ1SEc3aCszeG5tTkNvNlEK4pUz8bk/tDKYIxu6dCG/DTk8OtTTYJaL + qKNNZ1COhPtVTCHaIbRSPWu8MqFy9+9nf7Hoc9fEE8aM+Yohs4sySw== + -----END AGE ENCRYPTED FILE----- + - recipient: age172pk7lyc6p4ewy0f2h6pau5d5sz6z8cq66hm4u4tpzx3an496a2sljx7x5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUERGWmwvRW5tQzJleExq + VXhmQ0dkMFJuWEwzbHlGMTNudE9UbUwrNEc0CmdMK0hCb0h3NjRuSVZRNEFwYlVl + L3VnTnpad2tJL0dCamVrT082ZmUxWUEKLS0tIGJFbG5ZU0Q2b0xQNFNjT3NBTE9I + Z2MwSm95Vy9XUDkrWDZMZUEvY3VHcDQKJanzV+qzgfuBpNzHLl2DS1GvXLV+UEKa + wD/2s/EkL4RR4F9mV/9+1vwFTNw6Lc8T8ezzxl3/Iu+VpziFgx8ypg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1p7pxgq5kwcpdkhkh3qq4pvnltrdk4gwf60hdhv8ka0mdxmgnjepqyleyen + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVXdkSHNOSHZmZ3pLWC9B + emc2S0NpenVZSW5GMWZha2ovS1VsbGs5OGhBCmZIWDBDaGVYMDhHRDR0bFgzbDN1 + MlBnOW43Ky9PV0VwZ3VlekJPa2xwMTAKLS0tIGNEVUVkbWIwVmFzaS9vdGhPU2s4 + a09LaU05VnVBa3ZGcUNMdFFZRXdaYkkKp1TYQXMSlZoGWgfSK9s4WXFu9xG7VFXP + 3O+FYTXTRTVVnZCPE5V0P0/v3H/BRgdbM2yuIiXTtmz69J8DNjFaNA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1sv7uhpnk9d3u3je9zzvlux0kd83f627aclpamnz2h3ksg599838qjgrvqs + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcUJ3cTNUZGp6Q29wTEgx + UjQ1RU1uSHREVEhwZGtmbUV0azJEQmtGbG1jCkQxbGZhSmRXTE1uUURaSUhZTlNF + U2loMmR5ZExXS2Y4eTBybGFsNFp0WGsKLS0tIHJjRDhDelB5N1BvbHFydW84ak1Z + YndpUERJbDJSZlBLQWdnVXpUU3dLdUEKQYddtnDd4U7bkjBeMnCQuYVddCCApnzQ + L/LgjBXfUav5ipWWUjW/loZJiHBsxrG5NkCYEyf72WMyDusd8mCN+A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dkecypmfuj0tcm2cz8vnvq5drpu2ddhgnfkzxvscs7m4e79gpseqyhr9pg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOei9SYzNGMjAyUVJGYlJy + QlFBVnV0cDN1TmI4VEt3aGNtbWtvZHJFcXg0CkltM1V4UVp1THFrZEswOEZUUTJy + WVVPUDU2emNabFBDek9jMkhScUh4cjQKLS0tIGgrSytmcTZkbTJuUVE3Snp2RERn + SnUrSUlvMXhnY3JrbER0TkxBcGJucmsKdBDkRY5FUtOo8zQ0QtfPFGJn0O2Fg5xn + mSloxLaFwdXAR9L1QfUdsW+9Vgez4s5bxMJtn8hkwqIfyJc25FEEcA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-13T23:45:06Z" + mac: ENC[AES256_GCM,data:QxH4lnNyCAAEJhzbgCrq7QeLs+OAtYgwQP4oFm93NE4Fbz7/Hz2dvL/2SopOdW7nYVeb1scuG1ra+yvgzuQDhg4lcgt9eBJoBiynM3qiHBs+FtcSJoKs16I/ACAadQwClALb4E0xxwKFJI8ewMZu5BAxi5EhYbgNfnKCIbhvgWo=,iv:LRa2vX0HUBugeEAVeOqXbPsMQrfrCpyzGUGjK6+VaQc=,tag:/sfhJM8V1IYBh94ZS/TDxQ==,type:str] + pgp: + - created_at: "2025-10-20T19:03:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//QVwiv+sO4ibaxO8UMPFnMnLuNfaTJ+Nry109XkTwLkvp + +6I2TW9nAhL+M6cWBcWTJIm8Q9/EAKu0jFrmsmlJg1g7am2DcARoyDTXA2W7RM8x + kSshBHJxCjQn15cwWpMcGboKJDnn5uGqfdf1rbFLiJxWlFlIstO8Bia9YF2qSYXe + z/w5PQot7GDKa9AFC77I/I0k6hJduVX3jC88N0GZZO7oz017yit24QyOwTSaQtmO + J0NgoyC6uN50buRJ6cXbONwU1rOGYvMBc+I7mZrEBho8RbQObkNy8ndQpDbpMqSy + /FVECVfhAo1KOGsTSS/i8z+maBcFNnia2+hbOZTpq1gCJ7sgE/pJG9CKWltD8U0G + DkgO086x2xuuXGAksJpeiRelbjM4C3ScvFuQu0p+pbsG+0f2pNnkCm3Fi9zFYpqo + xzlOKxwwcBRpy76jWIQbVRodnaN8thinT/ySIfuIisfn8TgM6O0IA83jJEMy/CBc + QGwWiLFWOED864OOV4kFTBO2rGAi0rLPBoAfWPCpP/z5vpRHICCg35i+Y/Mg9tDJ + ToFbH/Q8ZpWaN3kM2J6wNKY58/AoVutODbJkC3ZydLA+m++fKsD122Sk4er335Ev + MH2txLTAcBXq6CAUTIYvEb1vSurIxh4vbgC1lN/Sg/b1p5IWKYmOx3onq0kUa7PS + XgFmbb6fq6VVS8GOD4bMCDheVGAwYG1z/1utYoiLcuyp3YKAWtwGB3WdawglzRWt + ceLfKBRuHl+CnMyMjdTNcRq9ATpupHPniCaoYMRpNy7GuLGHXgRybqxnqSySj0E= + =68mZ + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-20T19:03:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2ARAAgWVVIYSzPJeeRYdO7SHudkxO1miNVhEaTa6ArJXhvj9X + f7Onb+kPRJ2H45O06+k4QUBN//Jl2wsAayHGvGKb9NmlO1wT8cd8yAe4AllebcTA + FGBhWpgD1f8RNyhU6s9YQEmUMFFuze3Frkf5pF36KmSO9Kb0yXNgQebURbUKIwt7 + W6KVBdlh9+y/8liH78X+QXFMneb8RA50mFvkSp4NxPyHGLV/S74jKaMv28q70ukC + 3ExtiLu22ACzA3jdn+BGTh/0bp/WRRYEt1TBmt3HFnVcKDkdgxOub2cwYug6YeYt + dvA61xnK0mmkt39WfR3wFtmrnMQywJn0r9cRZZwdjfuuKzWmkDGKoaiX4oXcq8hl + GJsljraNnRdSZsYCWKeQwM9VnQdTumZZpeyzH99AgbPanNEocLNG3s3WB1MOTBMC + SdktojCvHSKg2HBykxApLY1wUOLiYdVGNuTjNyTg8lo8IlNgeEEIa/8MxtPN1U57 + GDPXDvE9oJy3SvP7Tf0j4KVC7B30UYhb/jwqsG2wzjGKw3JMYucDX2JjgoTEXFxj + YqGDr+4/Vfd8bEadcQ8XJnoeCr/cUykflqO7EJnXt7kigQ8P5Jo+Vwu7oRFFlxRW + H9YZV0dOeVi3ux5Tw8ft5BRtYym7k0GP5ypQFzSSTeTTUa6QnZMWPssHMHQ+8xbS + XgEARDjMMwp6cl8adFfGJnuQmTC8pGCzOPLEhPY00t3Paz/WYvEwhioS6Lz2IsrF + QMgw8d2RrOZPJAAv9wq2ztTKk07aFxrQ8WYT9gscYPEgIpPmMUFR4nJ/fzSeiZ0= + =1N3o + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-20T19:03:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAAl+0vmB2+PBg2aAZHZ1Fa9r/4zByhvLrjZ+5yWWcyf7fS + T/1Q2VbnDFvUwsEdbDs2RJYVejGxs5cyIge2ptn/9rnp1aMTu+FG1uQrY3lhGP6L + vpyDZWa2e1+bapttkrBBe79TZGZ4ABv+FCqHqWiH2HJ3V6ELXaooNhTrtlURCDqT + Cqgs8gH1qdVgISI9kvsxS8uGa58assuM/WW2+jATIoxBzUG9iHTugr75HWJw8xb7 + R4Xbtfpev5exXicbbAvO8b3scnBU3Y1OUERo7xPxxskVSCu8q2gDtyeckOY9SN0i + V4sr+bUBfvPChlfoIq9kifZPo4Pv2yP8EhH6D5pVRqO/aiBYr9l0XtxDaHB+d1Dj + Q2f7azUuM5MDRotUM8mhn09hd61haag4R6dVAOq3mL9rxXLj8sdHS4A4ufkjn+dc + PI/Q93gL+sFy9N0wgCvHZEhY1QoKssSBCu03q2ZVlLFuYfcXWEIQU3XpbzyCmAA6 + VkCvwXEA8xRs2ClrBpMOj7wRKzYoS3ATc3nFx0XL5pL74rUE68yiRlsZLccRB+9/ + nJSY72QzR9FFUhFFv0/DxUFs4OVCUzLwQVVUT+Wi8EZen0aY4zFG1u59F6E03Pre + wC9TIxDCR5MY6/SGgYPep5qheeYVdXw7a0TQWrwXpaTPSj7tm2FFQES5DRkVNN3S + XgEMoELXGpBjzixYKSsQ0/yT5qX9v7vjrZ/a3EuXtkdh7MAfMbRV+YDl2hlN9IJM + vpAo/V/vH1AyWqBL0oQ00xZzNvxi4RiPk0KPZg2zH1C4aokELI7i8D4Dz3L83Tc= + =LofD + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-20T19:03:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/+Pr/ATDoZJGDuIOTI2RgXFefWN0/iz3KeI8n/8F9/1vkY + 1G/Bs0X9NkuzT6A/oIjBDa3630DMMvfdbY5Gclqrdwobft9dqhP05naf7BujX2DY + oL2SbTnfB06NUPiSsZ9aE/2yyzvnZjAxRczXZCi9DmhBhaXicILiJpJMUReldGtB + zbGtRzMUojwXqc1Fi52mXvn8XVTgrD//jX1IOUnpXmaFKa7zJCHe7Qfl0P7LMCw/ + vTDAXSazVFqvgyASPPHgVFw9oFdJ9Na02ML4jynRnIIra9WoBe+9+aPoaNG5WePP + Lqxmaj3uz5Uh2S4Lr8Qr+n7swjPUlYkZKSRY0WDfhoi+aCC1ejtysZaAwH32+CQA + sbnh4m+/qnEiNZlgy2vS/6yQKMAQ6HnLkBfkXYTseI4egVw2X7byMFpmAlqo1pwl + kr4cKaYGYDBT7/fDDrB8AAdXUq+guABm+8UO4GHvvSCzWY+8ie2/wrTSB4O9rLnQ + WQABESou4c/w2hKordim25w1UWWPhiX6TdumBjtep/SPNMrVNShn8s+G8uh+eAwQ + blNH7H6EwHW1b7gvSmKrlczW5/TXsi5URl+cuel0C5/ckdWej+jIIbfCPd+D3BbH + pFkQWZR0vFpvUZcUfU5kSTUz8N6jh/nGvOuOKZ07645ZFAKHjxE1JqjhqcJEqDDS + XgFphkUBFPhmz2FJdIQvfkyl6/CCj+MUfNLsB1hZAd4GRxcBPFyLB1rAkB0kV1QY + RdIXX5ahmk6JmtkwJsO+m5aAWu0ft5xpsX3jJKqAyoVWcRO/3kER8b1K9IL57nA= + =I4Bv + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-20T19:03:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdA3oIk2sfUn8ZzJf8T1xFQ/gSWqIoOXZvpAf8R88A5+2ow + kM6YFiCCShgt2qGZi1k9xNxoRO1aRmSdEqdwMHAwpFRtEr+tOcE1pq0o1HQUzqqR + 0l4BUDcJXeyrY44ufOXKRVd9J9LuwSf0GHfvSzGxCfFGQVKAtRx69TUwyo25Xwdb + mN/mmVecb+atPqdB5uMSvsMC2Tw+F313Y+uvgjK6B54iK9wjTiudD1TvzrTeaOPY + =QmFT + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-20T19:03:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//QqFgN/hbCgpEB/KyJ+5uc8Nmi1FLWFBEPhnstvIlGx34 + rPkmO+mLxa39ikwNg2bAwFxDRdwFREj/5lcdEPaKMgyxNxngS4PSs7TtHroNvyXk + jEsNsyanhaajctcBJNSEcDWNFItTn2gLGmHOuribULXBdixI3sXCjrrDKceNs5YS + XUIw4SIl4NS2nCUQcFlMqVlKOiw5d5aNfPND0UzFI2CFGo1740F/G9wugOIzsLwP + C69o2JZDmsvs7rwgfWYbS5prxD0hHzXrjuHnONyPD9NdtIRVU0jDEPrcmxJfbj4D + nzkTqeEyNmcIGnVhCCM0ysk54e/VxI6Xl3upp8qgz21h0vBu88liJFeQo+uegNsa + ozLyvzsFSdbxbIzcqnXxMurWIoDZW59d0AsitmACez1PFHXmC4KEH28bxFNek0/u + hpxFiPRvr4hxPouCTSx1pP7HnDGUfJtNOu4BLigO9hjU2K628WBkZt95L4wprBIm + kgt/st3Bk96EC6bWLtn4n6Zb6l7+mdv+6qg1XBzbLFDxcu+L62qtd4j7BjI3ckGY + hO5tkGroSyRdOkqw9IJ7KoDyk90IE4Q0xy/XM5dqAXQz59sPhIOPBxje1FursyaV + RY7tZARigq/JEWwwTLlbOYPd3XGdbw6N5LfDZoXe2Lz+isHsxL2cAqJ+wgYgfb3S + XgEIk9UCAztF21PD6IC4E4OkK1ARhpwIGwdluazSGzYeTqKEB2g7N9iowAlp+bcG + aZ2DU/R6XYdU5jch6fiU0zz421Li5gngNwg3FOVdZzhdrSiWdjRUFCJEbituyvs= + =Msjh + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-20T19:03:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoARAAlYlRUFLenIg5rQuMsq6Qd/3V1L+EomZcDTeVWUlvNBhJ + wdh58x2OqaXRbujPT7ekJY1xDg3S541yG+7al5eR3Sv4zcE5ZgNoM/rY/Ik4hnWr + 03+a/jIRQxoFeIVKAhAMcj9hxjBUCaQeNwvfYRrkWRC2fKAe9X26oTRlk0oEobMI + 5EZTi558D8ZVxIlK+LCBk5jGFepGkts0FlPjzH0+S43FLtFOqRVV5UGGahbUZ6aq + mF8ULy6+V0LxIqOaDYRwfUhX+BvPdCiBRf14yhkMIWKDpDa3lVuKWAzSF/CKk2z6 + lO12dlpI3+50zwEuG5hyei0UlMPV9rR7nLL4kG7cjIaJKCeXtbgt6Qf9Ml3uAF+t + xBjsQmnPstsBJZlj3cBlo+U6RKktkfeiU2Fg2OGUxf+iER6rBfGwBiPLME6RPiXc + 26RiEMMyIMqzgaM+2I0GL/cMEcsYj3OR/Q3q34EIFFTQXjz7dsWFjuRIELg3lxB2 + hNJfn8JnDYsP/yw7GMZM9TQCHOcLL2+vzh/GhIy6kBEeI6DSbnMR92REezSUclHi + g1292f8mDidAmb7aVFkMPnVkTFrriKiXDMO7Lh6qkIWmnGfcecsLONGif2olW9e4 + /PZb4d44UrHdG7FIn+iuTqWcwkIY0AuOZg0eDa6qi0pcePPG1IaGnF34R8amkYHS + XgFP1eurU9GajS2HDU5Ghd4KMFncCiibP5xA22inFdGwHK0Rc0JH5LbOwWugU/yC + 5a60wP3Sg7LIxYriI4a4kpmKpqE7+ZhfuqQ10wC3eCXmca5bkqIOFd91X7gfnFc= + =m//a + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-20T19:03:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAAlOnbIDuRQI95foLsmVkTz3iBPoAGWP4T+BmwRXbBzchI + xnb2bVuSp2XS8ndofmqwPVfIA/XzQeS6+R1wE8z7IxBZEr25Oe+l/vnz/iIHfoMy + LpJYqP4dAMf/VLQ0h2X/WfN0QYkxbBEHj4vwR8NIjYxb1iygIcZuBEl28/ZqNAAs + 0CogIZpD057gX+SUdnL4HmpZJu1VcduOxEQq+4TBZELPw7yQ+obCtalncubnXGOh + COyjN4DkMeLNyZ5B8JKnsCCEzssn6/gI3nNzR8gTozvVdiPqmItix/lWgNZlxxnD + yxHtqs+RRxQrZxMBrVo7Z/2hNm15rT2XmpOYvs6eIKn0NILs46erKSFHi5Vbgu0f + rNshtzt8zwPsrGS2gyMauXBq4vB11hXMuOS1zgi9gA/mIzGbLLPl8JYVKjpZdRXj + BelPHOpEVEI+6Rk02+QuEGjN5XJnnLOshEt7Gg+be6APCpDsf9KhoxIPeG1e1MV0 + W5yfykmCC4E059Q7jJp7npNzAk8Xnk6zkScUT1zibXi+DYcaN3sSKqB7UgmjpqJ6 + vBn17pmhJYCa7CwlJif9abliw6mHt5qN8Xrg2064I3cPwJpzOSaTI/G+kl73Wn4Q + x4G2l2XTHAMnvAoL7I4r2F0I1MpmDiubj4BnKp3/C2YhICDOpsCE7e6ceuYI4HHS + XgHNkVi8iHF/02oV2nLDAfPASomsCTDQYRE6/dLbt4d38BaGJ6iIIcNMxGbUByMj + nAEWtH7+8crR42yJp/OxVPLlXLHKoDEd0IydLpFl9dnsaYAqdPYUqCQ8merJlPg= + =5z9a + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-20T19:03:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdATdhehHCg+P5ryd+GcDKRDMHgwv5c88CHXI+L/6meUSEw + EXNK49Y4NeLrDllZuDdS8Xd/U3BJtdw/Ef744lhv/CvSCEIBOVu0n7hsHZ6E+MQd + 0l4BFNDMgxj51IVlf/vNyWKHrcf3iYLLJdDL31sSHiRk/zTElaM2W3s2zujSOgiB + cveF2p4/0TZ1lt+kzSWPdKZ7gixngC1vKtb1uok7sAzStAM3wdvpBjvouti/yduQ + =Nvpr + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-20T19:03:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAVM1+fV0H62T2slKovp8/rIF6CBYl28z6hbbAyixUQFYw + 0qeyMu6ujpCHiSx9xps+FHYONtfEcjxpZHPk4C9fP6h3D+l4xnfGtzVXo7t1budp + 0lgBJZCP7JuE7omAuo00L3hjTSaYpa6UWE8cZEbwkOGsm47m1xzMlEzSExBZ61wj + dKkSNVFLd7z/5SlKFgFJgbgwuAl7umjDVQjItyrqRNnhuPBUmZbYBEEJ + =Xu7e + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-20T19:03:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ//R6I646qRFql6ouszDIf24Jc1HU49sWK00jfEgfDAMXVX + FcHyARVKbjq+4Luzf0ut/KrHaGC17iEcohvfaWVds/j8fOA40RWXXG5wkiqmrXQ9 + xgPpV418jCpLhrE85W5emNVH8a0sX746sulslm5NhCBbYsKgmvWB0NW/kSmPBAD7 + xnx6ZysaDEt2kgFy+GhCBMjm+WUOEypF1xoH8YlOO8rtJPVwTX3QPkgEYxrEtloJ + T7cScRPJo66y5ne1E4FKFUApH5cDlD4et9/TpJKR76y1hml+geCM9S7oOD1LmHIM + PxQFfNVL8/RWUSxNtkA+4ixlERitMbW3x4rqq864m1MnZEyYGOiUgF4uU8t7VruJ + bE+qbqOdy+HROi5vBgB7NZ3S1k7iBweGll7xcEfRHWd+lIunezzb/V/lJoShuSBL + WEetGEijGGDLPwTWG2ZSGQQsrPZH0VoA2rRS/aZ75Bau3ctIFAEPuNLS2+AnSh1C + hWMCXsGu3JVwq53TS0Lg5scquaXWPcuEQPJ6ZEmQOGfq+zjJKCp0Wq3W1GqkMAR+ + 9WFvAeh8/fLFTuDnqGLqHoeO9YQ3AK8uraMRf+hVco7RjXOAYks1JvbGDCijlUhv + pUrmkELbYnZgnVvAy/uwpYhVdJkQq4Hev+ELFFfTjcX5i3lO9V9iZJ2UUrXj5cnS + XgEBs+srIKZqr9mNQlfc6t3+JfaRtRPs5ozaSgJIJx+K9x2e7Guci+ZSAoEP7kn6 + 163uoxaZiP3W7vW/fVe8IDnPsPAc2FuvI0MbpDlEmUcoHWU/s3aY6foYtwg+w0I= + =/9CT + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/inventories/chaosknoten/group_vars/all.yaml b/inventories/chaosknoten/group_vars/all.yaml new file mode 100644 index 0000000..b8f13d0 --- /dev/null +++ b/inventories/chaosknoten/group_vars/all.yaml @@ -0,0 +1,16 @@ +# ansible_pull +# ansible_pull__age_private_key needs to be defined per host (probably HOST.sops.yaml). +ansible_pull__repo_url: https://git.hamburg.ccc.de/CCCHH/ansible-infra.git +ansible_pull__inventory: inventories/chaosknoten +ansible_pull__playbook: playbooks/maintenance.yaml +ansible_pull__timer_on_calendar: "*-*-* 04:00:00 Europe/Berlin" +ansible_pull__failure_notification_address: noc-notifications@lists.hamburg.ccc.de +ansible_pull__timer_randomized_delay_sec: 30min + +# msmtp +# msmtp__smtp_password is defined in the all.sops.yaml. +msmtp__smtp_host: cow.hamburg.ccc.de +msmtp__smtp_port: 465 +msmtp__smtp_tls_method: smtps +msmtp__smtp_user: any@hosts.hamburg.ccc.de +msmtp__smtp_from: "{{ inventory_hostname }}@hosts.hamburg.ccc.de" diff --git a/inventories/chaosknoten/host_vars/ccchoir.sops.yaml b/inventories/chaosknoten/host_vars/ccchoir.sops.yaml new file mode 100644 index 0000000..b6a907a --- /dev/null +++ b/inventories/chaosknoten/host_vars/ccchoir.sops.yaml @@ -0,0 +1,212 @@ +secret__mariadb_root_password: ENC[AES256_GCM,data:bevk9PiMUAP0YBYqpVw9PLEz9ITKVRQ44Q==,iv:Qjr3pOWzcDWUpJAakrn31OCcvcaciJLgS1Zp+YZPWPA=,tag:DB1l6lsy+aHa+U+QLAM3tg==,type:str] +secret__wordpress_db_password: ENC[AES256_GCM,data:QsvJ6NH4ySsfSsP3pWEx04vxjIph1Wk/jA==,iv:AnocV/jXawXPxQ0dLSw05b38ULQuU/RN2G21/1GpTmo=,tag:QlSCnuaQxCmJ3XO5jjX0zA==,type:str] +ansible_pull__age_private_key: ENC[AES256_GCM,data:D/DuvRa02zvwD9+mLzAWBFF0cZOwMcidGvz8hTYP2QtDAMUwPhcG7WuJdHDY52eZpeyoD3zIfd903n1YT+tNYmWe0Y/jFbunyOw=,iv:apgU6HqH5vIfi7dIPDTUrsxirEeQw7GUJSaM2AAbZwc=,tag:RdvtS2F0N588wrmojKZmQA==,type:str] +sops: + age: + - recipient: age19rg2cuj9smv8nzxmr03azfqe69edhep53dep6kvh83paf08zv58sntm0fg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKVlJYaXNVTE16UEIydGNH + eE9GRGNscnZTMHJ3YkttVVF3aFRSZzdWUmtVCnNhYWh4RnVYUVBZWnhwRjYvR2pG + bi9kRUlzRGtucVhENWFmdVJwUUpiWTQKLS0tIGYvZ0FtSXErdVdFVXp2Y1dKbkVY + amtOS2g2UGNkeERIbmpOVGZRcWFGckUKkwNAAKfzrXq2Hp4bveIGqDJGEcfkec3H + XO73uTKSFAOs1vevdhZqgz+xNbLRo/0ALAARZGq4ULhKfX5eTEo4gw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-20T18:55:05Z" + mac: ENC[AES256_GCM,data:2psRwsVlJLLhxNJq5ilGaQ+q/07eQKQbxzq2xzM+HevwwvhMAeXsHnn8kkkP+YOaWrkv7QLQNnjtpoV+34bF+8OsIFlAp8sZRNGyKdJ9NVAY53EhWlabsLP9rXN2IC9EPTpaWBI5F++LEFNHhc7mpfnC0D9fJZd5AiiNO0ARVJE=,iv:G4eTrwBfrlw8FTrEDm3pSHXIoG+8qrfXxAe4H/UIb7E=,tag:BilFyvyQspxEeqT7FDbw6w==,type:str] + pgp: + - created_at: "2025-10-20T19:02:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ/+KHJ8ENkANIBaQ9Xh1qXP2d0U3NlLa4pzH4c1/Hscv8fF + yKjJgioDsBh0b3zTnz/kimnmoOyLZ9GM5QYPv7yqyd5CF5uZdMjnkpLjdFxDkmOu + vK3BDDjPPFGBGOVdNzTZQQGQ2B74B7IB5smTFjY9/BZcRdokM/y7kAljxXvgIFMV + +B2+0hsTgYJVy3sK+gNBzaJiDzWGgXW7lP58Ulh3kV8rNgBau9ur/kh2CDW9VSJq + 6eWrXHne2I0PAbkqeOq7VZiOL1BcGUFi6n9XG3tNER74J+ps4yq1/QIPTM/xfWjd + 8wT6MwDczKxgcnCD1Iyl64jB0r/DAim7M8fstR8z0SgUSi76CIE7RejSeTx1y9kS + cCAsnqAwhOuO5WY4J/Mcq+k7CwwzxF/EzBklYE+ndAFbp4cvU1jLqssgXeh80eXx + 4eghrYA2Hm6jXyCA6qiZ1MfTNtLv6BPPyFcC5TbDN07m02mo/AblR2fnkM1nbH6e + T8UTvevCtzNJrfUb/IErOu0dsy4yOKj9WZhrYc7WbZQoKGbtUFG2HP1SXP71SPgd + Obzm+Iya1TaegtiDc7glnhQcJSPpwNIU8VrrS/KPneIle/6R7MAdtwOZ3f3Rz7sO + KZ2I5vTCMh2UWQ9MFHGtDvkXTWd6PvjCiFfySfxpi2dd9JyD7QM5g2ef9jXYUq3S + XgHflGRyTFphfRa5rqxOa1CQnP3+IzVt6v7lkcsrrI28WP4peq6gyjuJmB3x0NOn + Me2tAe0iFJhWyJRp1eSF3fKETbE9VVhrrkLd7pfCa3pWNRXi/P6z1emcPFO3U+Y= + =uqtA + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-20T19:02:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2ARAAi9TKbDyjuz2CQCK/mAEBst4h0gARRT8nTudG1oH0W6ic + 0T3CK2pWuBS7ZkNNCs3xoHXQZfmtmpbX52V0m3lls7Ev3XmWUPq1ig1O+6fS1QAv + I0+zxRYaRX+uMOBvI5Gw0GZWadTF3Y3IUDiCCGGAJWWXYS0DlTbZvBG1Xjv1Pjem + b1VGXriqt7TC1LMyEwKlQiR9moUjAT6GrtSaC3cvKgWQ2h1zpXIb7o+ffYpLl6qY + 1KiTLHXe9g1K9aO4R2S38CETY/9u3Ftk1CucIbqshQWnDLldKBEHEpF9oX3k8a57 + yvcfgS0pUQVJGKsz2k/NAlUuf0p+oMDIVTEfx9ELc6JOTff4U0feC819KuTe34Wy + BNz2zZ4v4w2reCO/RL4o78wPpd/gHp3yOeLOvBFoDJr0PXzchi/KMcAWclLJNyh4 + L38JdNJL0KDXhRvjFlF139ZoNghP7gvaOhKbztIAtM3BSGjJqX5+mmBCKcYLEItN + Q+Ij3m1cKANajF84Dd5lV6w7FHiTplEDmSO1NS6Norv+4Jc0R9Z1uOMRsjX+W/va + cOUQEn9KYMoFQp1uY+OZBZizOZE3EOnUNbXMNbtWtjOKTwTn5cWyBX3niGqSuHaw + a34D7SX4AO7djrHDkY67t/yE2ZaOBEy31ZUyFmYnDgSApGnnuC3EE7tcZMQsShrS + XgHz9tgI545+6hUHe02hSWemeev/evymzkKZno8jj2NN+lT1fDaGBsytqvOb3i+3 + t3MXPNpZeAj0SE9FoUblJgabrVlVT22mVZUDzzT5IUaTFB3PLJZ20kDxVwZ9DcQ= + =M6QG + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-20T19:02:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAA0dd4OK7rynEz9Txj8P5oN0e6bMFEMgLr+vGswjmczZy/ + bkE+x3SLLS2K39zWJb2Jg3SM9AV77eZkQlsjG2DEdlhvCLniBdJGlOtVRKKYTq00 + siIymRi0e7ZcDLprGQnEkqv0TXxrhcW+YjtuqitkHmrJYrySspMnjqdoxz2vc5QZ + uUUtrRJYIb5UgO/L+jn4CugoloPXmJiuGAKyzwUgPiHEGm+il+/buOwM2RHEvaZj + I86lxYImSlCLmXvV6emte08eaasP8eSwyZVBFPCvwEsYCXKEiySifd/JRXX6xjh2 + 61YM57SowmKGuuX1iySYyM+wB/Q/v8oTbJAcZ8f62V8PkGi89Yt2HmzKIMJMvlmx + GT7APrldNE31mf7CYccsBw8smZaec5z7maXPwCSMH2ufUYp7Vwjy5dYpcZD1jPUv + gAYfBIcLzgrhTB2k6fh5Suqn8gbF51xOhl7dVaFABH7bqn04epUiFVhIVE8hKdw0 + wDNZataAkVnB+wXM4NIS2i/MGbZ7RUwOaWC0+fwXMRhMPVWnqlY9FV5kBKEFRacn + pFBLwmfcZIeO0kNq7KeF4QoYGV3jm5cVX4Ah8LCAy7GqwpeLapx4VYiuDWtK/QPA + ajqHeM0BPA6IcA9iShRj8tiTRU+VSyU0+PaWKDdkNBNngRx0unRaV+pEq+Q0ZeDS + XgER/b9ENkhrf17XsIUWF6ifNxGTf/KRhZ0HTKoI+t94ZGXSWR0ZHsent29LcwzD + ZiaVGD5vZ+lai39UqCFhuySw39uH2O8MSvb9BpZN51xo+XaRoejSZvZysVo6FKo= + =cdUW + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-20T19:02:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ//bthRQejszW2v+xe8OsL3doJ3XcAOBVpjhgLDDxq9Lcqt + ewqJT+u4V0FTlQKRca3auyVIKkPX5lXUQf6KnNkmqmHQRpS+APyl4jagGA5+U8d+ + d3cWfYn3b+tB2GCw4RpxRudlDZozE52ZfNbUjaEMrFrpZVBrWevS24Ql0CqWqQ2i + 64HJJnkQwQ6Mi6BFIgxToWH/VV0BZdd70QdRKfNVl5thcoxa4GAhrS2e3ds0KpZL + wIneNj3yOU5hHfSJH8mZrszZKUeKZjDm6hjsZ0HrbS7e+7xD9zEIjppGUq4Tl69p + pVDCZouevY+rSYMWi0yeb4E4kknnJOwJ8tAhkmpriJTRS+K2+7p1jMRQYAqe4gEk + sIXCwMAaDneQyleiM3kiyA1Qsh/pniRh6k1H9qzmvn1ELTUe3tw9A0sOb/GCD4So + ypVGLlJe/J1/oqhF0uwUMYVBt9QvgR1w0ZoPWBwiEG9Y+uJAimGf6trRTeTlpOF1 + V87Ok9XQNyV2vQ3mzVQ9JK1tNQp4x84j41h7sJRfgk52k8ZKbJT9baPUXcheWiuz + nYkdrOo65rHq6Vnf/qd0cZIhMPmmsk8lb++L93X7egEOeOMFASJyunClP1uZVGuo + GlGUycvy6VR6vxC+VPL2ZB4pIyYasIInDGEDx11VOR0l/5Hlx7XEv/yVt0AQ+xDS + XgG5V5kJKqgkl94oW9sF05izRA0gS16HrFDZEXNyw9Uz4AVwPNmsryWiQ2LgLVhS + YO5NLAttl+AiaBrXbcAZp/O/trWW9q4D0752tFTxhPs75Xo7Q7SabaSTrFqzCUM= + =3aWX + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-20T19:02:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAP7lfX19jnpSpCRnxmkCi40V9p5bb+kEkaOB9FgDAMDcw + oKaSrWVj5bKUaR5PlCTsEHpUEbrMW+9/tGVxmDnFSVao1yAk4hgfPpoFPekznc1v + 0l4BTiP/B0V4HlRF3Q9WGYUjAZ0zNmldqe2zUVU1sG0DTc5y21jio+vf7Fa+vMiS + hZiAVopN84wz36065XEoiUxuOsR6JkUP5Y17IgpYzJQ//iK9OmN1/jhh/Ccb6p5w + =6L1k + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-20T19:02:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//YX7mBdQg8yO1DknAB0H8DSm3sx3W+cyy+NXe6jYsRitq + Z5rztGA30GecT4E7vZKtQTqBzPe70R/Oy9m8KwrPpCDoqZvb3cBtWa9XV48D2BYN + 0eT9oWI4Yomqix2upXlBqzleJ9Lvc625Ib1lrggHzD6JBJ5GpcU6ovBsUjIRBc1/ + osWOpGe6jQI/8o/rL0zy2713+gmSGI4zHXVPelip3aucC+7AvbdMnjT4/qJrrvnD + QQs9Y2oF/YF3K8kowsXBRM6qQZiP602CVgInmuiCkubSxn9tTVlHEWaAGc9okWMz + kjb0M7s7SYgIJGOfM+Wt7eqODg/q+dr2LRN+9swMVNA5W9XDpEExf1oKyxbohiZQ + R8IgPk0X+HhaO9hAw2PH1K9/sT/NszGDBFH82Vc9+e/VpTKHmWQWwN7xK/31AtWB + VsOjLQq9YIopoFltYYQBtlm/ygLpGFgq6NHamdMXXecVbWualNYYVTIfekzejDgY + RYo59hnI4Lb5ajylvcqnGaCQNG2OkqVOVUX6OMnQ4wTp6/VfSzIXN0os4jpMbb0A + UvdbuRYA60eRoCfzNP0s9orhbJpdFW8fuM6VqLJidR1n/Ebszz0ixH1UHNQm62Nv + X5DShNQ1Q62ZFjKSb9nspM2FhSkBdLHX37gNEUjUvDKLOtQXcs6E+JJDr+n3a8vS + XgEQ7R29Oc5iiOGboyrUsEd19GYrFGuo5OYvV0he9YYXWTTHIDFKkewJksBw4IB3 + uqZMN6SKUTxZp5yeiAcFo5R0PXfUEGJ9Msm1WSrZBamBsga0EOwBLOUxkYPBBqE= + =Wp5w + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-20T19:02:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//Sq7PqpXna0HA3KyoMZ9BIfQA8wsD/NYVS7bEXem7ORy9 + DSk2DNJclLwL4JTTj1pKjj4cf9tNz8hkku5ZPXKBVHNOzs7ss0HfpwxGHhw5npFx + IrydEPVgbHusbtLBYHIxwWKTHjX43wDEm7oY9wMHe8IszlwvnmozeBEWUaV7uhpG + 8UXqwx9UKzKv958NNNxqXvbwIKGNW8eTyHa/vtUvh5mNrW1zLhg2E5anLX+M928L + +TpwEs0ioWrOlbuZs6T0NmcUC6HdtkRJIjTWaq1pVD2dPZwHJpKbOS0kgzkxZ6/+ + 4Qudfu3Y6F1UgA6B8A45FjwSVIN+Lq6FKQvfS4uG1ida8lV4mWQllC9FYinFEBJg + XG7/uxW/EU+1YvcuS1s9LzrQxoUFO9fvhgSgzTQR8tsO2VW9Gp8FkAPDhihHDfgx + qpSF1Al8bMZCEWOSOHh32b2z2e+uOX6wL7bNdoL+/RFEgG/iNBKxCsQq/PZFl0qe + 5FFP+jbB7Ju5htsJtlzJju+07Aq7KNIjSgWg6T69+S7ovTvMQDud9WxHCc1Z7vaV + QpCMzMjrb+66rozEAUl3tttyd+N8JqWSSA8xI/juTfHU1+0WASP81Yvpe6tIp4A3 + 1CUBFVNl8XLI++WJNV+U7Ld9/+7jrrRMSPGY3zw+JzOEJJu4PDSVLEuLrKiWpCjS + XgE0uQG6Q/knk5rCcqcabEUW5YTH6eNg1eIP/95kbinL0Nt2mK1f5p+1VahI3+Vs + 739/t3RU9fhCEXB9fZj1QDiUiEZ+prHB43J1Y+MraU26/YUW82qvlgytmSg7+Vk= + =h1xt + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-20T19:02:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAAnNfcfYe+6tdLO/3YOkOywk3D8VKIUamqTqu6ECWJAvQP + G8HTKTao/5M9yuue1guceE81se9kmw1sPGgKizOUln8k2Spf2r5wBRKXZJuaUBLj + 09Otl5X8vP+aQ6txmw2mu5AnfHNMIOLf5ynw7sNwsppdhWlJP44uQ/IVM6D6K2v6 + IMUQVXQkJNLkYFjA3vHjpj5B+Hb3f4lZG5jmPilmLHckWyYXXkMiLdkIngzMKXu4 + y+lMTYwcjVWWF1O+DxVM3IEAKoBZjCUL5JWZ15/V79KkJTvtR4WnoRAFbebZ8eKf + infJfNh4IwqmnlWiwR9Ur9HQDt6Gyb7VC/OdyNj0aUX37DHvP5hv+cFYvB764+9a + OwA6vRpJ9QynqMdJo8LIysw0Xu9rTDy4Tc718XkMg9sAYWhne9/h19NHz3cCyz7c + OOLlT/khQSHzKh9RCw+4Ql36EJe/S+v2o+aH67jM4PKgqx06A01e/1wbSfbHT099 + tdGfyy0LFyJjnY6up5OTYZReUsG/6HxkDB8xk8nyrkQIzX3N7+Uzz5gHGdQv0EsW + AYGY4MwyiP4Dd4bY25wcMejct+0StlM7w3bE7Zm5S3rafgMycl4ZqV1WyrF8k2Yi + lR51WdB8b6c004/JHJtELYbwr44ZZ7mv70KWWTX09fTP6AaEi4Fl8fA8RoNzp7LS + XgFEPiGH2J8bWh3B3GxpZlC0B5QQbFtj9QWNNwxKl22gGMQbu46PQPOPqVgXnJpV + jU3MOjGW7JOdFfvtW0HDiPJcAlJEwt0XXN1y+lCKMSAf2Gx5/3+4DP0ZwOJKGSs= + =Gpaq + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-20T19:02:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAArcUCDD30QwF7maUAmX29Aa+l1T1/6NqE5+0niLV42Yw + sjGl8g7yW8A0vLBWXP5nlVvgwK1PoE6bef77m9FozDw3j2koG/gt80tqgG1pCiUA + 0l4BHZuEAaFjgG2AhZSzYj7OJk09gGEgvGYPDzESYrwaUgTCXO9T2HmhwR0Mr+08 + sMrp57xGYY/J/pw+vYNBNjXxrfKnr96w2UfDPG2U5P3qFugUqzNsIImeoxiWD/dT + =MzMp + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-20T19:02:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAa7MoTcb6GvQid9iDS19VWCjRamlLSaCiEqs+OnCvMxsw + vdFUC4txiChg+CzeIKC1wv6AORdRRGKRvav9MZhO1rX3J4PKVkQ0m/E9jmMW/LLe + 0lgBc+vXNMn4nF/vqolz+CxRFpDnCKGyqF7iTqPbW/3yF07/mTe5aawHLrnrL2nL + AOzEYdB3e9Gglyh/beUiC6KTCCeGWjSTPHskXGU7/e5Q2mljcy5q+UFp + =2h8E + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-20T19:02:44Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAqV1W2mgHAQKKvKL80HB5oHBo5DRoDkRaYlIQtH2HetJf + pHrIVXWskAYP439kQDUDGhOsQszJl1O3jYnuiM/lr99K3oNNwjngjlb5IloGZbG7 + F4doJc3l6HWE8kmvD2frH1NBVB8yLVbUW153+oors2KXX7J8IDSR6FcYlvnL5T8y + 82LC0IJOE05rHyVngXYJUOz1JO5f8Yf8V5fcltOa1IX4dJ4vG3kJEtV8BTWL9+8S + dOhwXKkM3AhN022BXkr74bgQmgWNDcjtNJuSxsNbhF9FNJbjkAGveYrux1lFR5/Z + 8myeZTKfe/OoCG41BvgZfFch4hDO3KUSaRg52sveqzPayDjW82wxHvBL/WQXwy3I + 0CZMAC9t061u+iYX7GPrVqxi34Vs91Ypjd1U1eUZaaAjd4aabCdYz0HlHy+eKW9j + tiQZM8zvi/R1svdn/HdC+uh03uZ8i2Vf0ci2EP+yhcO9fvEEd6NJ5krm6AHORelI + hifReVMZ4HW/y3HcNwPDF2TvxCKMeYuzgsicbU+bv86z+pVY3Kulk7efxcfgrcPP + l6ROfasoLUOAEvGfe/N8qTMexV53ADHhCDcoXrLMLkVX60NmKhg6EcZ2HQEalOwd + bndJuMMu+nW+hVmUt0pp2i1vytbg0ak4qyqtNa3zMgkexZQ5SinnpwcLvoAAfPnS + XgFo+F8mppMuJXm/GarENxvJU90pl02/iJ5ZvYKt9BZqfDqCWtvez+3i+LTd1Piw + om874prhdrpGKucYd9YPkam1fSBmrCaFzsCLI3KwUuvTpnw7YhdemWeGPDidGwk= + =Ttu2 + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/inventories/chaosknoten/host_vars/chaosknoten.yaml b/inventories/chaosknoten/host_vars/chaosknoten.yaml new file mode 100644 index 0000000..1c8fa93 --- /dev/null +++ b/inventories/chaosknoten/host_vars/chaosknoten.yaml @@ -0,0 +1,6 @@ +# Used in deploy_hypervisor playbook. +hypervisor__template_vm_config: + - name: STORAGE + value: nvme0 + - name: BRIDGE + value: vmbr4 diff --git a/inventories/chaosknoten/host_vars/cloud.sops.yaml b/inventories/chaosknoten/host_vars/cloud.sops.yaml new file mode 100644 index 0000000..a05d7ef --- /dev/null +++ b/inventories/chaosknoten/host_vars/cloud.sops.yaml @@ -0,0 +1,213 @@ +nextcloud__admin_password: ENC[AES256_GCM,data:R+6uuaDeQWSgtV1Cp7YWZvF8LYOIhoz1K7WVKerm67NLbLRpD9191DyQH13v7ZQPvIce3JzyrWqoyQigJQIQqA==,iv:chVGvTY1Ge4OwrVbFkU5IMd0aac5HqslddQEdY8F4Es=,tag:slmFXStGVf6eJdPFplqKjg==,type:str] +nextcloud__postgres_password: ENC[AES256_GCM,data:GIWhmhiDkOC6mQAqNe8aKQ2TpTTYQJ44jn+P1hnpAxstAWLUTJZdxE2DHdjhZ9tV6kyTb/GXANn1UtgFzxczbw==,iv:lhJAZF4mJ09jVa5DxtVTfMe5FqfjpQojrI15kYuXI6o=,tag:LvzpBXbBQtNvEnCDNphUqA==,type:str] +secret__nextcloud_smtp_password: ENC[AES256_GCM,data:9UI+hMDQqM6Ui02fpdscXj5Q+XfN3t/g1MUX4blqd/egoLBtq8R6YpdK8wf6heqXUck6VVDgDLFnpfQzy0cqzg==,iv:dkTN/pj0YhLqEw6Sp252bKmnA1RaF9wfoDE7naGN8Ao=,tag:1Bg/ZoCITh7S9Ps617DKTg==,type:str] +ansible_pull__age_private_key: ENC[AES256_GCM,data:vVTf/4AGnFFWK9W3g5RMeTanmvLmz5NJc3fKZmdm+jALM+sINWbWMXqHj8brb1i27WSotn1bC4RdN9HVvDlhXQClbiYa05yESkA=,iv:PtoBDeh4yxOOHnzK6uEWiqx9ZUCPAkxOhNwcfnRxjm0=,tag:8zoMw+HtxyzqSS5/E6uOgg==,type:str] +sops: + age: + - recipient: age1gdfhx5hy829uqkw4nwjwlpvl7zqvljguzsnjv0dpwz5q5u7dtf6s90wndt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpL1lWRStKNE96SlFhNXNj + OS9pTnc0TEhMNi9EVi94YXYrOEJMTkZMbTFZClMwc212dUFaTmV2TFMzZzBFWjIy + L2FvUGxnc1JaNUZzT1dtL0ovNXVWNjgKLS0tIEJJNjRDR0JSQ1Z4Y3oxSWNrT0Rm + cVBHL0h1ZTBsNlNJcGV4MUlDM2s2RkUKi/PK5BgQoOhdi7TpXDEdWVpFDxvwrp0t + Xw7FgNhb0tWFWIUIsYbnjw8h6cnAAwpxjpXDNniXkNNFJRJ94Blgxg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-14T23:34:26Z" + mac: ENC[AES256_GCM,data:wPkDg2j5sKQqpgXGzJmXLiNbko18FUWKbNoVIWoyj+rtBUiWkBVRBKwvYgt94PIRPoDKumJlsuer+BpQKjCDjVc60lxFFcd2saiiGQg1B/9VrHh0iPD28uNayo9fDxBIYmcx7EZl/CoOAIQ+eRFJ8opQe7SsQLFnxt7WAKbYWt4=,iv:1LhnLySBQa7dNPR3VIelxLRLHip/rtiMOzlX87kJ/1Q=,tag:BpowDN/ZSaeUOldf+FWaNg==,type:str] + pgp: + - created_at: "2025-10-14T23:47:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtARAAlT+0pZifDkjCvoIJ1mMxZoNCxn5PuCypg/grqzn0zPXI + KrF2r4y5pQgZTVqqlmZwlZ4IfBgaAlnmjqpD/WZ6qOTcxt1+DS/w0222tdRGJfKH + t0LgKRQqD96E8Gb8z4CfqnSj40HYuQF9xjrKbvjFemDJ9OmB8a2YXUe9tAE2Q2jm + gjD52gR6645KiTF6keUfQbu5/8WbPjlHldfxRBaLtZ3g/y6SsET6tKzKDtUuyzCP + 7B1KlTpCWjEiyyUlBxozVeEJNRIFqjDmVn8kPO1mfLDkJXtxSZJQEz9y2OxeEAb/ + VVTNTGxbNn2OilUgCfPH/hytOqsQWix4Y9+ObdrzKGtrHGxAn7/9B4wW/mWdAjU/ + jOURc22DKSBJ6pmveX/8MrV1AA/bLMBwtBauJlIGoCCDrOXL4ZeOdgteaVwQon24 + 9pS5PYjftIV1/smIg7nndXnmG2eLwMfNqmhp5klBzsrlCLlcEWnvu4d2trSIdCdp + zusU9QT109lab6mhspckZSyneNpansXU5ZMN9uB44z6g4uWC6rkMlo3AtTjlDk+z + SO9TWT5dCEvMPiLy6YyRTE2GbsLEKVb8rtoe5yNDpoxbV1AVno3zc+nIZNkOtR9+ + bHnMGtau1zXVGhPiVQldhRuW0MMvD9GTFIUj8/0sDVsQoc5pAIBaKrWorMn2wPPS + XgHjqMwzlRMEU7RPTDkVrp5IquZJpTkqx1WlkNYi/uCcsPscLHQ2MSH8f2+n5isv + eUTiotRZ93tRaNJXjRauCEwONZA7LDTa2ESuRY3+MBvNr5JrZvcTMV6VfJBredo= + =o6S7 + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-14T23:47:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//WOz287F2AbbXuxxvbB63N6BuReZdVAEdWeI6uSLa1zZS + 6+PQuQD8OrzC+IT412w+gNgsz9ZP6pQ/o+cNT7htlsoZgICE3TU6mAaN1UA4Eywn + KuqQj/hyWKVrR4Q6dniFFWWRQORl7OZrkDhG/ybeB8G8Vyi1j1a+jZp41Sen5Y2x + NCLLs5dbxXMEjpcLUogGBLJc/cW6/7O+WPxkoNIKXSKcAiXzB8DocJc9oiUuKywJ + Q2JCR7KdSf+Io+88Tcy8sd98bPZeaAJiIDsDSQ1A7GtpwIAaM5snwb1WBnaG7iuO + Hmt9SthCqaExYZGYbyN/aJoj3KB8hvTyyaUvrL7PQv5P+Jh7MDqfVcBbKuAaGBSa + 0XnrlEDVG9ZcfjQYS1LmHlb+gc0p0vn9nF4mytbewmvJZ+igUEPwMay9VS3esSeR + 9mBtNW1kO46rRJfb1v2Sx+zdl0SNGbFDrR5y+mXPpYAxhdsh9+BUom4zv5nl1kOU + YcEf2XLLt4zUvIyrhzLTbZrJOGzhIFp/KWsSMNK1Ay4acH0Y3wZrK50o5Ni6P+t/ + ENxEcAoqncnGsJ7ZR+BTFcSu9y8vPbDYnG39vDS8JNho8g8goAHwNrV1c3xB78TG + pM0i+1PLmwIzyeh8ftrB8NCyC2NyHpq+xoOsqozfdDQIhHasTQbc8KOAHzk8XoPS + XgH5pBsffUhYoibrMQ6RhweWhUhqQA7B3jLAObGe7hHzHirZdoYlTdslZ8viwzJn + tT9dJmQPdaTJmE/iLXdho79kSNc/CkKkNVLCydLiGYq/w0Apw4CU3yabHKxV3x8= + =OcNV + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-14T23:47:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/+L3iTru+jy7PTC6+OvIxRarKgw8KyD9ankiMmD5eXkVf5 + 32w+NAWNvG0k54Kk7KKYVVHZedyy3jnFh1ENskDpkLFgtKstIkuCOrsVNl35sE6i + ZFyGWqhR/SAlZQBMuwf2oDswOF1KH+rs5Q+qdPa1o7bJYSlSLGymhaRiBbJcSVOq + do9Bb0s8laTWBV9GYwnXlcYYBpIaHahmxnb5ugHnIfCHRGnDoTUquCKoqo5Ws4bm + LU07fe06Db8C/spB1gjtRF8c26lNhx/JY0UABbV4ezW0gTjszgHCq8einY2nbfwh + mLq5cui6qrwZ09LclO2wB8ymAIy/FDNGTqnMaReBDB7ZLns44xeZOFCahcvk+DfR + PBqczaY2Qtzxn71NUOy42U8qgAOfDvz+K0vD+yqGhzQj8uK6eJ/cMYbx52Bc9AsP + 2OxYMF4+rBJ1KZIW1pLPjTSRrYMD8suqRPek6U4SBWY7SD1WUcHvNYA0+jUyJ8dN + 9NPrTxEbV0hs7xU9SbIIwcH511PzsdsyQiM6Y9v4y2AT/NYE0i+OiyOmgNVvaVEy + BbQOXL57rFZgEtWNtxjtZ6fRQ/D1JNHXSk3GfOFo92eFF8eAlpbg/ifLcpmfrRyB + aKJnSkOguUoocfsqcktxHwXt/Uj4XChJJb0eKzpS7CWrvAFrP6G8yqYLF/vaLDPS + XgF2wixNV6KXeBzp1D+JFDB/nUkGun1ISJFfXalqEzmIYUcq5V438vQaTdd95c2J + jlIWsu47i/a53R6a1q440+FdrDj8e18/7zxZakI8h2Gf82QooNjZJT0f6KI5KBw= + =gvTk + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-14T23:47:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1ARAAvBkstXt9xfubAYuIUf1d1tplhrfcR+dfO/YvUIpjVuFY + l60z72dLLmRoZnpm/uTH4h+XRLATKnDj+pUsEbYazH1B+pxAG8UVamzUFy3ghNdZ + JzRxaYaRzyAytNTnQVHQedpsd0fgpcsOgyLafiQZDI6P3uUdiweMdkGe+s3yKmWS + 5pV3NTxeLl7rLIEf9F3AGXHCb50eqDpMUqFL9eMjQ2z4ETrJD+Nxo+KLi9rllqRy + 2YRq6k/Jfa1QDVagidSNg5U7EHEeUdM+95wIIuH/VPvojLuoAudUtlRAYW7D3Cd7 + ZS2El63g5EaPackd8D0WgTe2nZlf2fysnLEwf6Ay5XniaWO7/9VOs5j8clgja3gK + JHoRSB2itiuLR3kJ2eX2HEDWXFu8IaSAa/u2ccULQ0fumIosFD31PnCgzfxgUUX3 + 06QOsXyoeR0rnotM66SgSf2QiWWkQA7HY2uGLMGi8EBouBLzxKOBsJaFaerG+UGo + 1PLQq6LVofPUwJE9pskRMzprFRvNG4knu2hQo/QHVzNdLomvj5kETCLE5ma2SfQ0 + YWNOEs4m4qzaTH/Hm1ECPLpSDpYzeMQMI/m6CT3kJTtwNjt52Of4CTqYO7k6UtBL + c9vkpn+27ra42PHTyuTWK6ghWmlHfeqwvDpinCtnE8ZyQecPDyWaCCnKce6REa/S + XgE1UXBjvxLZfWJpjZBZ9lZj+AhS8lX1bKW3mv970pOZTfL3liq3rk5Sz6MyNEHQ + B/HrdWYhaSz5kme5aBTZmfCGs9eiF3dafnjHxzRhFyLNL/ZpBdDRGlGD1f7M2hU= + =C1fO + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-14T23:47:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAWdOyUxkvucIvDlcvo5jU09n/xyTaox76UpEkqi5+PC4w + PT3sTJK4LhwKTCDSOKz5yVKdS6vOvCBeXRmJTitlhOUWeKMAD1U7dL5XZElQ3xve + 0l4BrczY8LKy2hnGm7O1RYBaRE9gWh0n+octU09oBszuSamarrLUfzc+mdQ6oLIE + Ubz1oIAhjTgS624+693S1KHP7Y4Rr0DmISDy0+jYcnn3ekYBWfSgvw6d3islnPfh + =MSsP + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-14T23:47:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//RSsGf6CBDAm56VpXxAfcBM/Egg40IcIfNqRy7WuaHH3i + u6Zu2uB0/Xo0wJeqjFCQ/LbO6GNWLUSzEoLzpCxLjxUIuiv3TLGu7OiDP/QJ6igL + SXhF2KIDJiNdVug1yt6+zZWiB7VIGybfiYGb4mKz94RuefQFoFRWoT1j9g6W+tV+ + 1t+vW2XYAjaCUWq2mWiddfRohIqIMnUUK/sjfliqVO8hkBIxn4sefYl+OtYCcqsY + 9fCSZF3L8fmn7oC6Mnf/Nax/LFvvRsHYkljbrbuEymjhv/3o9KheNpB3nsbwEjm+ + K2rdM7panGgzuzWG7GxC2M/MO5T/tAZB+1nEdi23u4oJB/Qm7Fi3Oo0oxnqPCrkf + EsE9uHoYDXmCrEKGtuV6PYygKjiAQufYGyiAuqxbBX0AbmyQ8LYtZglXHfNwyUqZ + qQOjarS61PUh/iDOhNIwMp3BDwv6yrxReODB9sJ7AWbBQXqcg22yTxRMJqgWyONu + fFyWvzVhF36gdlQej4bHeafuPbL8idI2z9wdSCFrgjzEGV5GlNMvowmCjbbi4zsc + p4M4RmF4JSKODvziG7YoJr9hpmj2mpi5oQktDXFC5IjkYuHZVcDer6nOO4pKFTeJ + XPT7JwX2hPrFYY4woECXloK1FV4jBT4Gpa+QFh5Cki0KA5rarBDjzGyqT7ela2nS + XgGry9VQLN4gmbWS4nSeYUaJNRagx2VpcGE31XQOyM9sJ2yLM+J8fvXLvJQk7kdT + HSf/nYF0YJIE2H1s9pbYsGWnJnefSsFNrbwwrPU0cer+ZvhQ6todIPR2G5HQtcc= + =H1YM + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-14T23:47:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//QkbYp/jUkoLETqJmDtSv37Ygj1dtv/RCzXDdSYLoHlgC + LfbRlGBaewM6UIb+UQBV+D90h9/bCh2NBGJLWIEq4OWG7udNhKSCrxujYA3YoiJh + OX15U1rPhuUPKBO+ZO3rg2RcDtATSoLKUtfFRPLJv3HjtDju4FD1pF1D+IbOJv6j + /b/iygSNWBu3mTQhW08SiaRkNNe3BJ5u0wTCtgOiO1QTUgqF1oWuw2wEnSHVbhY6 + kFkSrvyca+PTIOP3cvBMS7ylyRwf+ePtJe1cBM3qAG1FIvFE9APuzz5Y9FER3yx/ + f2InZWsb2z2uU5/J0mEDVg2xy62MJkyw7yvRcQzknUwRRK173yq7ewrNzORBgNI5 + 7E2hbkyI1ILJTQVPltSYH1fL4TMlYKbaO//9kfZbVCCHv1RHjkRk07qEhGIKIUuY + x8RS6BWzJ+WswFDmmyfDu0MysHh21mLkK35cpbEgpHiVz6bOZ3ge+kRf+ckPyIxg + Ymw85apG1GCYfHL+UL3H19UoIWPWyux9ovgySwcPJCxfe5/2PtQc+sJBYiwOFzUF + OGkN/kbArwitnHBar1cDyHBfETSDS+bz09tXgbAhyPFTjWh1YcWAK6B2OWH+h667 + A0QvPZyurODo16P6+oMRef6QMwrWnRL+LOjWfakSCQmQJqNHwcCs016PMyQ+EHvS + XgHd4H9QN7vlRHI0T5jVSTD8c0EjA7/s0PSMNUxghizteSgj1o7RhtzObCRxkJlH + y6wxZ65A32++6cprIeEPkZHu25meM1At7bbZtjLqLQufbOFsgP1M1LxrkkJeoKo= + =b+Eb + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-14T23:47:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//Vngztt7hgbeSRSao3OupiUFCn/5VuvPHnj5gcMQ7VYXK + cinYGi6ay1WRhotR4qPhXR2WTpzKUKnzkKgHsIDMtWPW93Iy4/4J4g78AEnzqHux + AVQDFJdA77bm5tt1IjpvNlALazOTDrixd5AgRZ6nWknBUQcIG6z/Lf0h+71vxKmQ + nyEfqCIdQscVSmGQ1Dn/xrcVFvQdSwWV6WtzrPPHhUKs/kPCjyWa8iPnqp0oJfwp + sV53SLEvD8LwXMDW0qbLxUbSCZAJevqox8qINUfIR5+f+Lblc/V2v77JWpmMDwZf + P891B09awQfZGIUQxJ69zOGIfPbaTCBKaNX/CqU4iNa+QfmcGhum4rILtpC5rs3s + a6e1ZtaI7GvDngdU8BpIn8mKwqwwfqQXNgVjqQqEw6Plwx23eEV2iFuCzO3qgYfe + Kn1eckDQx6gsMY3JX0+8CJ0PjYRtZpZc0dBkvnkeTn97cWg2DSi6l+kHuijrkVc+ + fxqE/mKo7g9CRR0B8OqocWcsSY6UIgfSpVqoWmaXbyijw3F4ZzMzinrV3m7WrFVm + xpTVm0uZwZcceGvgfyg2gyxt69kSdWjsQom7HtwT7T5WuoSD/4g9VhGBDEgoolIQ + 1phNz9QhDIygwOfCbhC1N7wmZpzcnAm296BsvK/ciU9M0XuzustH2E5TUiK2/bPS + XgFB9Uu+yELkE50SKCwxjoedGPK1Piduqf/F/10bTIMUM6GgfqvaZ07DLozYAZx/ + rdITAdWbuUGphaW4kOCqSfvqZpWlch05ShzVP4+Th6nN5jLquSK/NBz3zpVqNq8= + =hxLS + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-14T23:47:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAhHLSFJasBZzugQ1XdVpqklmn/52t38wKFGGlv0e7PSYw + tHejTV4qjCWS9VG08CvdkC6vobDvnznrsxY2vEp8S4jxgUg2T/WFRb+2BOLo04Za + 0l4ByKzgXT6aoUOSyOKwGq8LxwaAg+aypQbhLZ2kkUG5Yh+uiRrc3L8yeEtMCJOi + ZgwCBsfazyjLKjOu7nPXvE8DE6HWUk6N3tWkV30t7npVDWGC5qLMAqCz2iAOOKKN + =vSwS + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-14T23:47:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdA61+dY2/SgWbNcLmjrIW6etaqlWJMVfXvrwi9ob1uhiQw + lfQajGEA0AM3RM6Fjay6Tv8W+WmtSG6A8UmFzxxUqTot+g4wMHFkBfL5V/iYkLcT + 0lgB8aYR6hUKci5dyPmzHCoNkeISln1L7n1CRY99GxVd/kmVZcoHhsqVIlYXN/kM + L1QVYTsyjlBJEanqEwqo9K/TZsJClVg8dkudVrZeuG51+6x77X/Cx20X + =NK8G + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-14T23:47:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ/6AhM6ujRGEaRuvGu+kOCbbY8ODTY81tVCxOlC0KZ+8gAn + CnNYbgptlt/Vv0v5z7fSW2Z2NcG93He2ozonRHm1WesgCLtx5SnMHyH4oL7qd8JA + MryMFfdBXzLlAHLzscju2+nfGCXnALEC26oV+dIEuFKmTinm3o3Mj5oGaIf06aE9 + rqWqLkmDFtTYlJKdELsnzbsJNh2bdKfpuIolDs2EcKCtm4MzGvoN4Di1JwD2Neum + nGfH7p0LKTSjwyC6Vz07V+reWgQhfqv0pEkXzs83zHOpQjfiBpN4cbfTgSfEsoF9 + jVehh/nq1yr43HrlNF+tMZG2/BDOyaFxKf4erWHBNLK8zXoqLvh8ZSd9nsWT5R4P + 3Um1e0m5wjt99Nq1RvfEiUCqOWtrF48zCGjEWe1SfU9K0r2tR/lRX+VHYJj7Sym2 + Kk38jyZNN3oVLBCzYPb5Zsyp5UBkkwago9FswmyGeMMSLff8tIX/flm+g1l6MLK1 + hpwk5hsaA6YBEid9zHSBgpIkgFNOVb+IiQ+83NeQx3yIup//X4orqLSMYCRlwW0X + 6JgZK+j/tyzkNnVTw/gNZeKfJHAy5IEvU9ufZrFe5appmfugDSp5Ks2Wck91fItu + Di+GHnxpDdDQG2rTOic30jGips+hDm/LDLXQMoFhFQONqyFI58OkkMuI2Kg/KPLS + XgGn2cxeCQkcU8tm2Ut4rmq9l1qYfI8TAPKBRToiP8KrtfFLn2444fyNmnl+6VSG + KdeGSoGBFNsMFdsDG2tSvm31D6oK1bUITEq+nU6AEM+xSlMvTjcDz8SXaePed9Y= + =nLiV + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index 7212842..35fb162 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -1,11 +1,9 @@ -nextcloud__version: 30 -nextcloud__postgres_version: 15.9 +nextcloud__version: 32 +nextcloud__postgres_version: 15.14 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud -nextcloud__admin_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/admin', create=false, missing='error') }}" nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" nextcloud__use_custom_new_user_skeleton: true nextcloud__custom_new_user_skeleton_directory: "resources/chaosknoten/cloud/nextcloud/new_user_skeleton_directory/" -nextcloud__postgres_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/cloud/DB_PASSWORD', create=false, missing='error') }}" nextcloud__proxy_protocol_reverse_proxy_ip: 172.31.17.140 nextcloud__certbot_acme_account_email_address: le-admin@hamburg.ccc.de diff --git a/inventories/chaosknoten/host_vars/eh22-netbox.yaml b/inventories/chaosknoten/host_vars/eh22-netbox.yaml deleted file mode 100644 index 56ba344..0000000 --- a/inventories/chaosknoten/host_vars/eh22-netbox.yaml +++ /dev/null @@ -1,16 +0,0 @@ -netbox__version: "v4.1.7" -netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}" -netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2') }}" -netbox__custom_pipeline_oidc_group_and_role_mapping: true - -nginx__version_spec: "" -nginx__configurations: - - name: netbox.eh22.easterhegg.eu - content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf') }}" - -certbot__version_spec: "" -certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz -certbot__certificate_domains: - - "netbox.eh22.easterhegg.eu" -certbot__new_cert_commands: - - "systemctl reload nginx.service" diff --git a/inventories/chaosknoten/host_vars/eh22-wiki.sops.yaml b/inventories/chaosknoten/host_vars/eh22-wiki.sops.yaml new file mode 100644 index 0000000..c22c882 --- /dev/null +++ b/inventories/chaosknoten/host_vars/eh22-wiki.sops.yaml @@ -0,0 +1,210 @@ +ansible_pull__age_private_key: ENC[AES256_GCM,data:9KqIeO+anvrbbw/3ixb0H/5IRjGYGrmYG44u7AoSNAKDSxPWImrUtbxRjd+mtTbUbj5hybTJ6T560LIhmz7oM7/fKyWKDHgGOFs=,iv:ONryhnxKe1fh6z+2OqPiYnZgCijRUTKtsEi1AuhE3Iw=,tag:lae+JSvB0TK0TYv7+kUPYQ==,type:str] +sops: + age: + - recipient: age13nm6hfz66ce4wpn89fye05mag3l3h04etvz6wj7szm3vzrdlfupqhrp3fa + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAreThzT1hIei9hM2t1a0hQ + aEJ5SzJ6SjIrc1VxVXlraFJrRStEVFhSWnlvCjQ4SkxlcEVrOFo2RHdvcUljMjY5 + cUt6RVR4UWlrZWZCNmhUZWNrK0kycVEKLS0tIFgxR1hlNU1UalhKNjBab2ZTeDdp + alR6aTdXM2I1alRRTmJYbVBtU0tZYWMKKbukpWMjO712b3xQ4KtzZXTBa12ZLQI0 + Hdoo5vso2gUNO2E92kD7sEXinurE/nS34kpVXzRGr6ecj+CA3Y+SLQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-14T23:36:57Z" + mac: ENC[AES256_GCM,data:0UWzDg9rKldTtvBUTMu4sE7WpEJcCOSrdJtGg44H+3NMnkYdjFpwkUWCX7yB8gxkh0fNGpO6ofj85VJsOPpr43QLjsIQt8TvPRHAGsZh7UfEQLRTOkx9hF0qIOY7ZFnFL1LYMsU1kLb1/OUFcGnjMTCWrZzYhg1XZN2by3/paK4=,iv:cXaBdX81ZunvEKuahrblhJZS97pab0nd4uyD2u2/E+A=,tag:hc4W4PUBQA7yvs80aw8GsA==,type:str] + pgp: + - created_at: "2025-10-15T08:45:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//U4q6nD7qTfeix2yKYYH/6teYtUHzIFOlql+pyajnTkkK + to6Em+K96TkJs9uJuLD3L9GE4v8LjSJGGTwO8A+4c6amUFV5vSXD0Xjh0bwupKIu + 9Dqy30/V2bZVcbHuzWpZub1SHq10r2BlWVf+wGvH1SevySpoI+hIbNzJvU858Znq + 0vAwC3VmzkK/cQUko+4iIJRSl81DYwg28mqfXEdRoRPy87Cg3aRrmDTyFp881NIu + fP7SWX9Llna7OvnLdk1drvQam6A3CPNPMV6tWmpZv3tHFavNRriGKgCfpzTy4ICL + iqTRFybSpxiCH/twDGKSXuENPKRSXNu0BGM94JR1rx8l0/fLp6un3Lb+Y1Nh5PcD + XMtDLEEOcFqpqj90w0WgtyTwuPtKOmuoJoC61qj5V+jTqM+RzQVQUazkUjiifaej + MlIqiuLILqKbHrKV/IY1ABt3Ep6ZWB5kMNn09KlcpSAjHYyTjx8Sm4dVjlQ8ORX8 + 2oP/W6g58nEIL4ZIR31M9jpsSDSCRs/XWAJMdCgM7Ori2Ep1pT0XiPF3jfvU8cMv + h5T2nYLLNGk/hlfspb/BEXiPzyvKGCN0JRfHrnje3yN7IXxGmBGp15p6ZXpBRNvj + i2rHxWHZbs79uGDnxB1efmnG1gR5H0UuBP8IUPCGOx8N/DhRf/KbBnwwiwBjLRTS + XgFAk2lR0MEHTh/PxZe0S2ZKvC+ALHnYM3/0LYcSVyYzpju/vdpkBm6MjnMGD3oP + gYsDqd5qJPDK4cBKQDgVsFa0IxcFCTkZiKgkey69nk4kc+gVLXL4J8f8ei9EDik= + =LQxU + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-15T08:45:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//R3VOX9Pee/Qhzadq3GCmTuDcgI3UNUTt4Z5lbIN9y1Ee + 1iwcydUCFJh6ArsrxFjhplvaAF/FwKiV4/naDF4dxScDur05LT5LrBLDXMu+yuJy + 2OWuL6m7L0rsgp6CwpWfuO1Oz7qI1qeWDYVTaA+MXfB/nJ9gqZ8j0aW6KsfE8WDo + TD4G4kNekI7Dc51pKeWB3MGW/g04Q1X+IROfmo4sG7G/C+ksNV66QhUsjyWpXE4R + qVIXkmBtxRu8gQ4DCEx69j04ImoFR4laOLzf9/ebUtBUxhxAX7hjiXBc2ml0qh0P + 385eeA0wwSlPE4sPxx6DDKl0/O942b8VfLNAEPv7jepUqQc/ypi7p8/5veJZjLyh + vO5PWfHmFFpZeyTAkoMt0QNFkpHE8UDzOQkoK2mzih6g8/6kR/UrWrACappplpz6 + L7EI3iC6UirspqelpivyYky/22aZnCcmn1rkSEIVMoRtMar0nO3qhdVja33UO9kA + fmStidsrRLjz9Lnt6NV+MG/4kAgp6txJVBEbQ1EJwhkzXaVPXCqwHibcNnesBcrj + XmpNb+SIuRWQiItSJWcgKuQpqtLxDfQ7hPg4Yzs6cZ4+TYXHWhEIjpjxkc1J9goV + DrY8FWc5i2XIYx7caDewbNiM9OBfId6BqT1FM3Ozn5WvbnOKIkc8IzsJgk1JCh7S + XgHExqCwZFRvhM4FpVXAcLb10P5RZ+bB9F4Z6zAym0H7l2+0i9+rjZEem4+6cW8P + PaaNIv7GCcqhR61COTpgnCoFUa7Ko0HBZis5wTWqLG7EN9t8e2NOjP0wq0TcxoM= + =MXEi + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-15T08:45:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/9Ei+pUNJI06nf7MJrlXCio2P+AlAbyT+/N6onk9Z2s7JP + iJ54XbWAAqnG5zLDk3JcJeFH23wMDeRflR1iOaSRIDHwIm18WVOEsPH9KHbeb1wV + xPWdNZW4CkhWA+3uM2YZ27lobLSJ6+r2eYCt/oitWWNpaVX9wpgk9Eob+5dYb1fd + tFF5BEW2KKp9pH6CbGQw7TQsp3q/l3bT80kcBOdehtu6fP+SzX9RI0Es4bTVvdVX + 91Cen5YfsGN/8evAi+JiGwIvCAynb1366Xxt+JKVQBLN2JE1e578SCVV0NojgzZB + DwCo85AxVhadj1v9tb4tSsc/wv+zsXNehZ8J731MwIgZ4yqdPRUF4aFA7L30hdv6 + S3AjkWDK9dKy2MK9tlnnflN41v1MDJde3gRTE36DInYPke1V3rPLaR7n7AT5tgSC + WNeSPqdKRZ7KB80fi6PPTXr6+mKXbBuKgqio4n0G5KRx8yut+9/1GhPEpC8zhLGb + frzkec9CAmBNwQ57DVjfu5QMqK2eS4UMpt1P8dVJK/23V6TRHjyRw61SBiGK7UFj + zoYxjmyK7z5eY6Kh18178KBjk8EiO+9hEd1XZQxy/NSshotNH1+1TFJImAgZhual + wAeFKgeXedXLDOjNhwwwW2nZwJWXE9LmgDaafV1Jia18Gd03tLitwzCb0tHKaiTS + XgF6Sz2qdvIP8F49VqWPC6SqIMaUgA51TPjCjQjGXiYDzxf3eX7ogwJ2ltFjpcM5 + Tk+eto19n8dy9kNS85ZEJF3Nh88J0US4sSRiX5adtbox6mTycMSIHBnaQv+pPB4= + =By60 + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-15T08:45:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ//WFYbLIogXZ34JicsNxWN62ZN1OvsX/BreeMLHLZOxwgO + 5mBBvl99IgXmp89CHHiOiWvnrNc1Z0E9hLJoNV31KaabFRT3qcYmLWxA/ZLAiHga + oTfM2ZGAYvitQIB9bKiGdAwG+Z3HqGrlaHPfyXMRd5FFKHfGMnBa5HWG7ECqBcp+ + 6jKvfZgC8I8FPjKobTolsVmZ1Tig13st8qkO9gOfWUU5D/ovKT6UCakOY+vNVqeC + j65pY9d+O3w6LbKjsaPNhzwVRrBj7xJWjTVkhzW8jMaWDnQeMiek2x7mRCkCkfVE + IHpf4Dx0H2HWUKjtZizgpgzYgLqEMhm7QkmB8okUAHo/X0N3I559vbDE4f01CSM/ + YUwwC3g2xESBJVKB9qfcWDI3wAfo1UM/2LpNv4NKYm1wM/xEKJ03XBB5DabDdosJ + ZGM5ykA0ChrmB/s2rmYZlx2ezf3k4n622lZmrnUoz9gITr4fpmiRLNAEGjfD4Rdz + 7TjyLTsyBkHLfTR/L9POFv2rY3NOVrAMzebzvlWzNUPzoG0n3Bgn9EnOKHlzf099 + gir/yHoJla2yO4T7OP5C9uxZoGgo2PtgJiNIGayvafP1HhXJ/pbNXZ9lIeuNqNdL + rMcCof4d1uamf90ujEYhCQHyiG7kMD0jjiLasZqR60mMCazNboj/ujZpEwM+GvHS + XgG4WYMAP/cXPbHE7CyIxIra2Mhk4BjC8nRbwJapiFHJLi5jPbQ/2o2R0I1CTlfC + FzxoQE1CtbtJw00mSI1p6stbH8hiDe6laozSwb7euo3oea9n5hSQ5aV3UidbAuE= + =UZmy + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-15T08:45:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAY+csMuB0w/u8X7G9jNWercIChlRC20l7Ykv3g7jPmREw + XmAFCB7XQXmn/lz+054r//9pdYtGi0aaHgx9LcK8HkT0tVqDZzouRoAFiloCv8w6 + 0l4Bvdaay3AZUfrELJUe09AoR8IUo/81m2ruz8U3Frfgw+7WVRSOKEDFygbYMh03 + RP4zHcke6z0GnzeyLvDZHzj5DDPJmK6RjvWbU0o2o91JTZhlB2mKkLXDHBmOkzz+ + =vwsN + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-15T08:45:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fARAAivNnFmR6CiXdgMM8K3E3+HF2tILIK9u1o1DcvU00Tgc1 + ynwfKG6Vbu7v3XbObQnj00l/aG+3Xdx47XbY3UUQuRAzFQQ2gBPDGli8ZKOr2Ih8 + lWk0d0fwu+Kgp+rSKdipdPb+KNNRamcM0WpJbf1cWEnyXGfYuKDKm63y1CklebjO + Vr0rOHVrf7dii1C6G9z5taVwONfWX8lfJWHsA0wteqSDOQuUJ0fr5HCzMRlkT9No + lxGFlxqOU2zuR5Bg1uUm/Yx18IXIBpYfHusSUOxFXCFUaxny9zl7NQxjGBc1dzSW + XQsbNfjZ1ik0H9PyqKWEqeCyN14cJmDnL19laP/3/TTdamwVIwmYURXwm/tRCH3Q + K/H8vMBs9f+/OKtf66gUMWc3MO2WvYogu1d464ryYfAJ31aVXhCw/YVT+OCdAdag + VSCKA31N1C69Q8kxejcw1ZGaGsslRztd3nB1V4+Xv0Sj+BLopb8f/qXUqqtjOYHI + l6jxBRfshptg0fO2co2UNrRJi/Sr2QYOz69O1SpGLhf6gsl1Cpx5oy+KL3m75cPF + VvMFI1OPoW+B6a+aVILHJ1HJ4vNgjLWzS9rvF1ylJvPMF8nSkUCEIpHLPV7o66mH + nT7KyX+Xpf7UgjroBMY5WytTDoJ2ZUhkdbTrDCmOtxEtZ4mwXwyOBYDD+GZf6o7S + XgGSBxeYvxjgKtlbHtm8r0cbG01dUkS4GN2Db93ocSOCDWWdG8oRjQQb2ecmp9Iz + 8AEgTg2UCW0FsLIUDB3oHUx/lodD26F3Q4/dXO8qw+MHf7sCIpW6NWkvZJmPB6g= + =UJ40 + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-15T08:45:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//Xq1G201XxrV8zZiKYTRstRMOZViTdVdO2EKi8cTdpkbM + L5crA1cyi18P9ZnSemYak5m+YJY/UWh/Nv4RaALQJWLRx12g9e6Ahm9tk9FPy3li + 5MMIZJtkjFmU7HxJnawW6vrLtBwqN+Xs1Pzdi4kZiwdEJXgeSAnJ/JfVYGgSWuXs + BREBvHCBf5wsGvqpIe81OgZZ5+uVTcBfuoqmpXrfXdAf74ehsz7d0Vc2QMoXvTt9 + eSDWWroOZWXOh/8pz0ZjLs/k9v2HdyCGohZ12QmTPe2B+n3pWZwPM/yNUz8a1fRf + 8B13x026N+4AyrcIA9fnUytMjV6BoIFown4nn3e/MAMvroAX+Jh/W5Vm2EBITIgq + l0eziBXyRGuDloeY6gvsGJmMXWEY/xHL6EZ7oEs9yEpuQmyp+PDeyP77GuboYabq + xZQyYq1wFEp/9/WunYXyTEH/IsTM3ZZy929iZMevjRGIAbykQCzo7BlrDl2REXub + RFmcCr8yUgk5XD7wETrp6DrBwGVdg4AFYRlSUzrTe7sLbFR3tx7WToUSZlTRxeGC + xOPpRZ0TqqqXcTh+LZKAhlioXhY8jWxS2GV+5/eRLdGmMhu1DpshrQRV/HyLCh57 + tUY7CJUC+f91MddNmRMVpYcBC5dAqgI1Xr3tGQAXsn9fH3Zq05HijIBr4rFE2m7S + XgFdzNv5deQCByYK23LVWZNUW7CfyZSGGRTyUikvPsG5paOI+1TxMfKHVjstv4wX + VN/qOm7SrDH5gshI+WBMC2aABnW6exbLwgZOlc8M7D9xHMc4ZdEgo4WutlI6Uik= + =lPG5 + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-15T08:45:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAAvQvFXD+SIaT3uQmGv0+WO4Y0lrqF6VWETVC3yCnUiTAm + nJsvrNOMUJui/WHiJqwjVmDoT7ilkh33WnF3Rnw2Jw2WNX2bCuG5iXddBKUr3Ogz + ZWMae6eY79KDpWix/iiaNe1dqkBPgdUZDPuXudDkq1cpO8VCrT0vWpjLkh2TegzT + DnqoUAf2zS1cG455XUS1L3Os5aoryFLlB6AsgVuLjEHNoYqsygjyYA4opWBmZTlu + FcuIlp+5JczwK0Lmo7fF0IWD+ujbILFzBOYZsVsTRnOERxdLANX0QKBgljnRLiMm + LE5tlpOvgag+MSFrTIDy3BKlJ9dJrwqIzT2joRRE7+MzFZNZGsAqRjx7o7LlKDrf + xmsFP0u1cCTtZ4yDbhi9x9rKjks8vMCNKvNeACWfli0FWXKRbqvL9uegrN5FMpNU + 5JMegL8ag624IcOCNKExBFQ08Tu6Su9Gmv6IL6oBn/GZE5NH5KaEw6Qgp+kcxXjc + D4d7dLPk4NOc+crvPIEdPOS6QqtB5j0iJAgSe1UBL6Chlk2Jo0toCa8hcznjltLn + zQD55B+y6XfCLinHClmlztQBIcyx18b7BKr6i49LXPZ0sTAQXmIE9CUyJjdFdbUT + 2E0ownpn7e5s61h0fKmY64CVOR0ffQYf/cMYnMo5h4pJLx4VzikvwK6Zge2fF17S + XgFGFcB+3P66RKZrXYxnBEQDUy2SH4z2K8NQ+FwfHk5Xn8lR7oVGBMYiL4wi9mi2 + g3H2mKb1DOXwBPmrH0Hvwtd4WQBxrpk4/L0o9N9Ydj/yXrqe7c0yDb0dPwHx9Wo= + =Yi8M + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-15T08:45:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAchTFsCspaX2IvJhVtq9DBvXPOEQ4wScxdrP2knyXfXow + 32iUuXqsTdx00wdbLmrjqgRPNdkpXDELob3dp6VBXZw3Qdnq7Vy/vdCuJKZpF+le + 0l4B+uKiPm/hX6j3+s3kkUASDE2UDlan7JhRY6E9AAazOLz/DbEqDll78DOajPO4 + 5VExDFgRLohMUmiSbEehhTX0fUe7UC06fI+RFit8FTrXQOBNQ2ZxXgzhTh5BL78Q + =iaOe + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-15T08:45:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAEgM+oWVAskw4+VndKfML5KAMOAIuToqUi39n9vPMBBkw + Uhp4bTCdl6CZsves8JTIo/WWv3TOfrjsbpCfS7KTuT4JjcIXM2lCdGOk8XmgAIKe + 0lgBSyhDGYG977wPYdnTcccUPIOvPuTG241N7pvjrkjlf9ahofzja+9lsx6exieh + OXrDRwvKnqUQi48lxMtOjNg1tZYbNe2EMm01zfTVTN+PWVtRn8UYCYzn + =SpnO + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-15T08:45:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ//b+te5kA+Unebbevaf2VUcgblzOAQFpTi194VY/HGulLm + 6310SD3x1w1VYuNoVO87icmnImx+NXbyT+LZlLaCBwXYS4IdZBfCsDJ520aedKY1 + rFixaLHxgRIfCcQ46Hhx+EW5E5PoROGAoE5U+EbEoHRviHvHzir+lwU9nEmB2AXp + o4JLiadGpLYipjNOFx/gIQEkAuPxqGzmglp190AC4V/1BQfnPOxsWhFIZOKgFV82 + tGixkMu8hgviQZV2EAnPuI2OQw9O96VrX7xdyACLdE1aPJvBliJJXuemXg7DdlbU + QtziJiTPhAx8NkrlDiN/L505wpNo9nTfePuWqVgFWtcZN+g3/2OQep7TOHgYKV0S + eU+QaI2FnFgScJ0N8mhOXCgZzrX5pEhoPHLyeZNEWxNcEQ2fU0LRbiZiRnkYrpNq + GWPTxpUee4dSeM6wicYEyMCrZGO8UmsACGWumKZdoerWn2ryqMznzCmLCkzuXEkD + 057jS3H5SPQyL+UWJDPtqNQlerjTX1XxYoCvFxGpASvNfLnyK0m0QmBEWXChg8JK + 2RI6tHbdSzWWH54H7VUSCghAUrF2J6r2aF+OzPah17NHkFZdzIkcv3u5NX0hbZ3u + rZQ8NuH2GrVcArH5CTuvb+OnmXKJlfej8KglDMs77170AZmcJPcjh/zMHVcDtrzS + XgFYC5oAARO1XY4XrH0qxRYSBsEutnfgNyDYI32+1lJo186pFpuPocR6lXGMRJSw + RUNHZm/QsQYMithnbrqSGg+tLc8J4zSXzJXM0RvIX0VFOB4YeTPPx3uhRy87BKU= + =mZsg + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/inventories/chaosknoten/host_vars/grafana.sops.yaml b/inventories/chaosknoten/host_vars/grafana.sops.yaml new file mode 100644 index 0000000..3c2372a --- /dev/null +++ b/inventories/chaosknoten/host_vars/grafana.sops.yaml @@ -0,0 +1,222 @@ +secret__grafana_keycloak_secret: ENC[AES256_GCM,data:85OEAwuWnYW4NgObAmYey+2kGRML2iH8FuDlIZsHyOQ=,iv:Akdk7Iopx6nIOAFXqa7ROnH25vhoe4uopzEcHjWKWo8=,tag:Lgm8H9fWA+/PCjp+SHoO7g==,type:str] +secret__grafana_gf_security_admin_password: ENC[AES256_GCM,data:Ct3YH/5FqUA+a7Z7YlpZ8aMvUM43blRG,iv:ePwTeX+7H9p0isvi6Bu0VG5egIOqTopmIiUhYoGCmR4=,tag:SLy3totIMtbED7XxmblasQ==,type:str] +secret__prometheus_pve_exporter_pve_password: ENC[AES256_GCM,data:dJanRGfkNwZw7oaxxwpjpbV7m3Zl/MzA91Y54WrLXxHWDRHBX5Fe1soWgysN3uI5s+rtIWWfpCux/rSggFh0gQ==,iv:6gFk3IHxGkWcoeZTpS+iReBR5uMModHp2qLZp7aG4Tk=,tag:V55iwRKmS50E2lNS7lmCoA==,type:str] +secret__alertmanager_telegram_bot_token: ENC[AES256_GCM,data:DhMeo4UHoYu17aVx2sRtQ2v2MFuwD/vHB0xsOf7QWio35ZAcwzGHab+VOzREbg==,iv:DhrCAfMoUt2Zk8imaVA8xC0UAJhXpyqNNwqP5th5ldA=,tag:BbCDqenw+yT4ADpIgZ5row==,type:str] +secret__loki_chaos: ENC[AES256_GCM,data:km9l2LYuyvitMQOSinAyUnnF2AePE3fcW1E1k5fF,iv:gu2FB+R3/UIsa8qivpQE6AVaOug7/Q4JO3S7nhubsww=,tag:4JaG9ZHPbyzFIdzCnYN+qQ==,type:str] +secret__loki_chaos_basic_auth: ENC[AES256_GCM,data:9HS1Jq1LqTmshFKdUDk96Y0apSC3xhSqOAWv3G1E3djDvl3QPA==,iv:oYgoIDqV3lGsHDfivgMRh7HQ0tFZhRO9OZSOuD8Yoxo=,tag:wkFgxC9EFbm/wHIHqELv0w==,type:str] +secret__metrics_chaos: ENC[AES256_GCM,data:GDLtKMuExpedDFWLew68JMbdaxy1aEep2j4/XkOD,iv:2sbdjEp1GY6rMq0BMw3Sfjyci3Zfm7fFkU8wUFy3IDQ=,tag:yEarnC4wJvFnB8i7tJ30kQ==,type:str] +secret__metrics_chaos_basic_auth: ENC[AES256_GCM,data:eT39ijCsheJZP3D335EIRdeVR4nSX7APw9e4iQ40NtXz8EEfGg==,iv:+OxDeTOF8PLxSFT5ZKkUwWYZfuBgv5YUJSGWsURL2kk=,tag:0nIroxvAjTG0vB/lwq09LA==,type:str] +secret__metrics_fux: ENC[AES256_GCM,data:aV6zeZ/XsVlA3QepSfVd/cOr+tqFVhlAxRO9SHx7,iv:fxo0o9amrh5ivPTxRVkvymB3fr5dLFVE7EqIpBlNZBk=,tag:41dm29mrV/jmqj5IkuNAaw==,type:str] +secret__metrics_fux_basic_auth: ENC[AES256_GCM,data:YL+QLzZyyObzDcz+FcefViMrvdkVSwRhDsBx/AwoDX3RLHCDjg==,iv:GADdMa7FHMM1FnyPp8DUHElpXsJeqD+gN5Slw0R9bgs=,tag:KGCoEud2JLU5s1gurrbywg==,type:str] +secret__ntfy_token: ENC[AES256_GCM,data:0tuPJVmxHcdDWOMIo0QQXgIEkJo+p9A5emH+kc+U5tw=,iv:NZcfiz3UFw2fMcMf+q1GRp4Fsxpxbptsx9n8wPR54z0=,tag:SJYFtXccCbPrXjECiKUOUA==,type:str] +secret__alert_manager_email_password: ENC[AES256_GCM,data:AsBzn9KJEoMjcrUWiIhR7I/1jaaFEa+cl3gImOQVKrg=,iv:mtQnZqT0taap3+z/L/nMfUvQF3JlTKIdoljmzVr1R3c=,tag:mZrCB597p8LyB61I7ZvHNA==,type:str] +ansible_pull__age_private_key: ENC[AES256_GCM,data:OITNx5IxnrtyNQKrLoY7WKTLYeqjGXHAZ1bkwSrHzqUxXKMWOAGGHQkK5r+poOgGkiYSulNLA0NMgdBkkv7/YRQiu9Kt2di6pt4=,iv:CWGR9z1/KfCVoOOicqfWBu+XXGs6fTXMbk4De4izjcQ=,tag:Qum6h0k2YfWXPyunqFsQKw==,type:str] +sops: + age: + - recipient: age1jtusr294t8mzar2qy857v6s329ret9s353y4kuulxwnlyy4dvpjsvyl67m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSWtZeTlMNmFPcmV4RGN2 + K3pET1lHSmRRRWVlRFJtcjdFMkUzdUZleEFvCkIvM2l2NU1QT3V3SFhjNHlhdUcy + Z0RPL1VTYmhBZzhjNUJNazU3cTIvTnMKLS0tIEYvR0kyeFg3SWgvdGV2N2h4blpD + bFdHelh2dklCMXl5aWo5bnJUYURablUKU46qv7mUT6SX7xlX2Dw6Gy4nJAT+dmHG + Y5lVYXV0r+nLejalbXZy6kH/7mZAPXvu3/rkrbeaO1WASQHPxr5tXw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-14T23:38:52Z" + mac: ENC[AES256_GCM,data:bKdCkiO3OjBfwsNBOFVrFMti9fXtedYWhKuPFDgNQVYFblZji9UQP8XsX6kTSfzU1DxM+OR14RMgV5xssoB4f9q5tP5FgyhCcwWHCt1cg6lIQzIoOx3o68YmNf5X0C59Q/j5QGeGQiCNDV2eymDYcm/dV8eKEHD0EtmUGNFlOfQ=,iv:7jW4IFcebqx/0N0sqygV9SsvS+m+kQSlEGkixtIMy94=,tag:Eg3Z+blFGyG3lAXacwVPqQ==,type:str] + pgp: + - created_at: "2025-10-14T23:47:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//U7iuPGV/ORWjqLnzICRMwhtI15YgLOlRehuVc5DXU+Nd + rLEiqs6OCOahGFlskF9VqEFlV09P35r8by5k7QxPKvnWo7kdbY3cmI/VyusaJmPe + hQH53/uUU4pBNqLDFnitr04Q9cRklRUfRW8xGerUM86q0FXOer98WhYTHJ7WqrAS + hx4rUsyuUkPTfeLvGcWZ6RrbTM4bLCPT9lGeta0oYPTah2MkP8bdy8bz0rBDE9Vl + Wpw/q5iB+a4YtrkXDsFl/jfqYJJ/hBBDi71/KcS58new7EWwLONuvYxgR3bEv7k3 + N45kFd9CmrBdyIbrAoIjsgLtt0JvOqzXxT63+OzMLOK+6crhsa9roeuJAXNIruSK + ON/3B7TE10FU1ncO9JNX9IRFaM3GtiXSThDz8J95jN/WyqHWeKG6hvDDbGiKAeK6 + 6amr2e/OFLkonto83xncv4p43RPYU58tjolHOsTrUjycqYXJjxaE//Oyl4I0EoY+ + E3lhFZ+fB3hGKjis9DeOoxZbtjpG/+tqPF9RZhLXbf2bA5caaeju543/jaOcpR+L + p3n+bZFi9cE7B8Uyd/XYTL2X/a7nka81CWp2PZGqikFy7oDNTUxEZkKhud8APa9d + Nb+FZ5sAyafVyiN2po10fUUXrbQgBjsrBePrBDUQoReZr4cFNlvMHrV75Sdw9pzS + XgHwYabeUIoAvazkW5bFucSMVrNJWakK/Kstv9d2+4yz1q6FVNy/ZLLqs6EWLAXC + 6vjStMSDIutyc4pzzJ8Xt2CxOO7shECH2xE3DJd+/z/CD1x+CcGNeQvCQWDJxqU= + =9mvJ + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-14T23:47:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ/+ITdkdAphlMAL4w0tn+sQGTE3ddOoU7QyMo5S6SBvkBoA + r7cQr1PCXGOB+SdDlnuifD0HJUP4ClrswLZqv0lzpMd0t5OaQraklP9t4zi1DVYD + roW8nK3AoaW4lf1WTOaySxuAQ1/pPvqGMERhnm9U8dVdLJqqNHJaMT/7t3vjlaQJ + L63PDVnov7bG+eDm9U6yMLZnxN+L3X1KsRGC/1XYKJhAkzJ9jwjhdyiRBon7lKQd + yKocR+vvr9uJwMsWuvOZ0Y7J/T9yBgn/pMyK0PU10sSZiTkxVQxIDBOma/kYWIKo + etteamIsi76y4ZW1/G+HYSCMi8YvUxINJIjV4zUq+NkMLqADv8xiZF03QXTnUl43 + dvmefBQUncfFBFo8cnrM0dJ2fDyTy3OfHVkNF8X2RlYfVx0JKf73vsf8Sm2sVx6r + NDlv69RUQULXXoEJZNRyegTkm8YOXasu29ik+SCPP2tAGKIk9qUM6pGtvKMdQRaD + vZ6Y9JAmiWMWUgGeF+NUGQSbN9wXaR4w68gn6SkK1DfGsgRXKBQ4qv2tGGckFAjT + galVfKR13j8wvqmTNSvDSXEDVIf9lCI+NR0RV1pCw9biO95dy/hEf4U6T2SQ3tKk + eieAbpmCwXrJU1Xiil8NPM84nvY4B0LtPnhv3nYVCdAQn9N65EcmvQVidgFvWUbS + XgEoH7GE3urClVq/iTy5hPLyUIr1egx4SmoSS+Vc6DPkEgJ7tuEYbAgnQx/SyJsO + sEeKVK43PbQN+btiYF1j8PiYxFVrX+2xsGlfunqEIrt7ILjQx9QrTcqeuVa5ISk= + =fNv7 + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-14T23:47:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAA1l+iSgYvzloves68ga73Trmn/YOCUToXpEGYWfx/ZMZu + FhWcbhmLGUE2zocIR2eawpWlSARiwJYPh75kUCRNmY4UxA+qLgQi17txdWuWGH39 + +2R3Aa7YTRfRi8APKVu7zrhquPgqzzeUqIwkOY0ta+er+Fzp56BQACbf10OYDeWm + ux1pQVxDQLIelaXTpSo6gF9yQ8dZVvd+3h2HcTmIrdQ5oAJmU/MiZ6VC/KAJTlvL + Q8KlWtBz+4KxBThwz5JOPppuRvtAWKCvXe6KojPJfUcuTxfSSGeE65kMByBe6o+c + YCyC+6ooNrVIrHyzO4YpwbFio+DErgx8U5zwqX5mTsRihXRedZLJv0AOBXkh01Jb + /J9u90HeWG45++K/qpz7ockrAhEkN9/ZWCxbdLQBcEklcNB+VZVduv9HWWhJfD6D + jFzov5CYv3vVsl/SIA1IeLAhYtY08sVhWRQD8Q4BV36mj6qtfmrVf4y6DnhDaqsH + gyiEMCib00jdt6xCJhCCHvu9xcxyE5gUc5oqoNJ3e5GIK3R7LdoX3LecGKJKyq+J + TofTgYyQF1GsGUWQCshSahHFW+89l+aVpv70LtH7nFeUelG4GGobi5J0uq1F71js + n6AITVGk8/UFbJHTdIBiXWOWaPsw0w7G1vUbEz1dosY9obYV5SO0AuP4wkfn8UbS + XgGjaVPqqBIyYOY/4OramutUOnhuZXCDNKsf/WXFiawiEpK64+sWyqDXB2e7K+32 + iRDWxb/tdeiTEj44p0lnywpsT4+LSewAdhLU31yNi69zU4b87g5FiAtUAox/TMc= + =EGO0 + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-14T23:47:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/8C4OH0VGhxX68TMIvcxngiHFFm7ewrRBuyEFUeg7Jx2zZ + xhSefZ1mjzOdv7XthL4RE85B/OOexro0Yhg25obGPfevZgOkNeREOr/bfo2NEGY0 + 4bBzttJFrGZnO8r4AbfKXHhSlb6QRseh399VEbcSDl4bM/7dqKiWW3GE2mdzxIOu + /+mGJrOLVugmjNrNr1TvmRrV/hQwga3dTk0dyEMzjA6GNaZNoYLsJUirRyPEJTuC + bIdE02/qaYuNGmaOMMDVnxDabwFl5XzQge8c/JiKOKoSd0fDBURGi59yY6RhvWFC + v3be5cdf86Pe4ei1wLVPxs5PGJtYPq/dLavyEIPN5VrA3eb/Kapt3WRTJ2RBMsZN + MSnTclW0T3CtsuS7rKMXdWxDj2RJSrP627/kMR9TAK0Rb+yud4r+zmSbTkxV7tO4 + Amq/jWFxIbeJfy/FLPc8ZvSR2Wxs0D8MOnAcg11qh8mX4G+2cZWLowIOPaQAqQaC + 5DPugxMScr0ZtW+cYX4b4MvbCdIQJqS31O5Ih5MwGycp5iFDZvp1IJt9kY/dRVef + n88pSCDX2MdECWZx6QAu6mvT7jbB3bEoMVspETqPKj/4V+JZZZqAyQeRrHXmNGwZ + 35+4txbq5E75ZugZlm72CnQaq5c3a9DJ7d/y8xy+SiOzU5+AY0lo1qaoq9AH7mvS + XgHaAlXJ6ChyA/lVI3KEFWYDTtzN5K7qDfxCPwEMSU1GoT85Jk3m+EMvoQhhJUJy + 4ooY2hWSFd8eZyGRPNg2SuFpLGovFbvP5JMmVhpbZR76z1v5Ex3jdT7ECeweu5g= + =GPL+ + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-14T23:47:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdADjjTJ70hiKLmxb9BMyvicWlgeO5KNWm7puNb3cPIIWow + ND+b+aFnXNK5pO1Ez/4An+s4czBOMWMXZp18Znll5pisu4ysE/YvUcfwwATv63pM + 0l4BSOkDIMxgKPH7IFEV0b/64uhPfFWQdqFZy1UCsWqUvs3rZLvHlx+mR8OCPNeG + jksysqrY9ctTlKInq3NlobPQlhDcvjX/hkTIs5ePthDPF4fMmIdT0w+Upgi3mvcB + =Ow1f + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-14T23:47:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ/8Dv12x2bjxI4lg/v7wRlCqSAhHzLnJ8nnAIlt1Rwqty7M + D9VGEKBoITBvSeX5wHAi7e28gBP9u2MEpTG/aHEoWdRlsNEKYr/YW57gAW4zCSxI + 8DS/MNmyFmQ5JnauPe4mCJFr6uNBpghouH8nenvCiQZlyL4OIiunx63WWViyXehk + x/wC5sYCpaniTgf7WisMK9wlilMKXmZxBAqGtqHZLGKQtl2gqnmkP+svn1Xbg55n + TqkznJixV064rBFTpWLayqrPymrKp9KLzH1Hn70bJ7iZRHWsfMYTuB0TO96ed81+ + 3lH/dY+0yzza4HdlAsnDrZ6NT5pJJwHHbckFtvz2Z6zwKoGu9rVPaS6BxCRaW6Fx + tokrf/6sKH6v2cugvKDdPFbqPnUpUzMhh5U7YtO7qm+w0qtWHJoX9pcZKEmwmqz7 + 9n3zQx9zb60VnzDKGMgTt1Cvm70YcM0tLC05KRaL4vF0IR0LiMJ45fjyH1FKPf5f + xvmLgv58RcdlDeRMyOqYMxwGuj0ATcUGsU5rU5gIuqEiSsZMzukRGkiA3z9vUTDE + yheFsyzlvHHhAZb2FQfJ/p03VUudV6HSriCar5B+6OTzojgdf/fOmTCdKczTBlq9 + 8VxF4UsKWA040ljpLgpuD0oercexN3jhAuotEuXhIZ/yBSzQhsXxovhMY/atkHXS + XgGIic1vUdKVyhCECQfyaKW11dwJedaF3BJXnGQnQfUo54Bj3LcsMdpWYM5TnU7+ + ImyFLICagP3fAH6047JxFykxk6pobxRAMkBcleXILx1u/e6eRLpVR+w4Y8ZZaMQ= + =qlxy + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-14T23:47:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoARAAsOV7fgbHpVf5ct9yFIIems7wm2fDN2pkmRd/XYT4+D5y + uS5/lFBBSeCvlXKvCJt35reXnY2Ru8urgRaeyyZbLmd5Veq8xyjVlGyOc6TaadQE + 4qPlOoYzNg/dkyC4yT/2Rnq7Gsq1u9NXtKzKjKthmpY9PFDLKLuQUgFRpXlrgz9Z + WoWyIFmJxQPPRVFvDC4g2+jOhF7do5qqvTfENpR9HtFzbnVRzPfKIRW9N9VlchB6 + A+fCNlfWIbP6IJR58/rCyY9qjTT/MScYCR4/bzV6yZNpciVPLLP0f2MDVHoDkbxj + 9xscq2J4JaT7g4HX6xwMuBoUztCODSCBApMwqYiSqB3mcB/uG9bbIBq38pZRbjhB + YLKi+rAVbKy+0TLzJuHZ3KJt2TrFUVch2Bk8EcOxl5vE01GF0Xp2KWbK/eaG6+aP + e9b7WY9fTdJZmAoE3xgIN4DsbUNBBEsfNbEcUfMjeafT8go9WB8XJ1riBkUQ2SXC + hwujd7iFzwsDQtyaEhYFXSy/29q11N8sO98sFeulaHOAV5Za0/C6td0v2/Il9U0A + bnqzxCXA/4kuGQVIQb2x7EaGxBk+6aEq005cvr9HowxI3ULGLxxebJeEssx2iE4o + puKLPHqjhORtlppjjlBpC7bnOisRkIPTGUKLV75J1fPWOSSDsU8nBz90wDNs8ArS + XgHWGBWEGuZkDaeUhNomFB//DYQQyMsDul9s/5+9FKuATr2K3bjuLHb8dU/kHpgC + sZ4mqztBL7tNdh2Spqv/P1n0TS7ktc4ch8hMbzlS75l6RwYPLVL4WcQt36p9tpY= + =e89V + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-14T23:47:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//UsnfUGvNbHb+Vudh7QjzaGCiWQg1fKfJYyEXOgfJs6Ap + Amagw/sbGE3GSqoMweRnSZNf2jw9Gp7hcnLsU2kI60/i4Gx+LYYwMZ4Xh9gQKdMd + J/SW5WHei2c76Xi83T/BFWgA82DC4k2ncAxLoNGsJPN8yYtiRTXrASriVtwRlOOQ + 6P7FXCJWXt+zAvlN68q7/6GDyesiHfhM7py2kNmmbrX2JU9kLq12jj00ctzpJnGt + x13MNZCB7SeItRFeWa6aUEAwzdeyUizdV9aK7lhS81czN2+SlwRNQhIAKAHAOzWC + 2p/u03LmJvLzi5FZhLy1yY9WTcQIapg9KAjjIIe9zWBIqDZOFXjO+3xqckxUW5GL + btEzysmz0ogpW1iEc2jEFYK5akaq9MixqggrP9cwZapM4EpUvqPboCRm9lu9EDzQ + CPsj/nDm+/fwmw//cXY4UvGG7rqV2j3JnoNBcIj8uU4lI5gUhx9KJsZnkGyfepc8 + LAszENEv9fJW6S2mXW5mla4NOS84ZxuvJDyGamHYUplaUH2vYRzAiqHc6WAz0y3q + Z0eCgGpJUd5hK7VHkkPsFKG0mrX9k21EolRZ38G0KorRG9Y8dN9l5//KYikdZrmx + Jtm6LNAfQ9u1vPZ5WcB0ejVHbXuhiej1l5IQGCgViWxCtJWXwFIpS/2ERxgUwUXS + XgEvwI0PzLSbo4vHeE1trTNW1rSD8sb5DfIc1XVjrGT52WoQXBB72ZsHGWOWyCpr + r3vdTn1RcxzxM4wbtKQ4yTrv0EUT8BNjYGPBcdLN0/PrFmQYvKw2deH6JdGFNGo= + =Bgcy + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-14T23:47:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAP3YSzvfgRNuXtdYqEMvTDu8jjZAs6PhCDv1k/0RnShgw + BKUuJI06W4oXp3cchwLdc9Uy/ps7U2xbzAEbUGGjRu2/pqN+ETKkxwz8d3ID0Bnv + 0l4B1l/yKulQ1Umt67YFzAxPxdo38qyqkQkV9zP3NbjX7aRTPZOHRnYvDNjodAaL + dcznEAMP+18IvbY2Qohllz84KNREYUYLHWN7WVA8DbMS2KcvJk3YP0xlMXKKuGKm + =9OY4 + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-14T23:47:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdASfYc3nVVgO+E3WnggKJ8x1bdgMdTlaTXKI+Mpmhs6www + mgZetbtHTEKDQLGWt3cmIezG3+wcwulrFDWXE8nT2h1Onb2bEYvXxkZlPnb4+kuw + 0lgB29OX0Zj1fWH2kcO6nxwvb/ZtJtoqXOLl2gpeGP8J+q/UdRE8+9dgef4KRK1m + oVbiBy2qHVrk68dTyZnt/kCz4vog/mjt/UMtNdqenywyGs0CuuPDKOyG + =XZU1 + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-14T23:47:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ//UPYnQ15X6EuiTexyRW1voN4I+Ox3DvhnAZhsCBi17L8Y + MHUwp3BEQksomeiFq/8u7zzNYNUZhrU6VIUmf8oSX+qZYI5RQGAXyMFRXp5Ikls1 + DP31IfVnRO27PNKjGuXrc/jLMjHWI17SMv0DzxdnA/QLARA0UF4CmycIWPiBN5f+ + B5hHqL4JyqdaAxsM/qsUB1SouKJVOo7AqKLW8ueIvVun6SaSGKRu917N7ce7JGy6 + iy128tZZcZTWbXll/SPcINJOOEqaat/rRLVvJ1gV16cqTZHsqfDYn1VjInRhbh77 + 7q4Ci2XN8RtSPXtYUjKtotcZMRYeYxIqeblYa7DFRfyQFluparXH/x4F52S3Uqwu + j8hslqbCU0LoxVHjDF1w0LJHfqaUlgB6BYcl+c9uQeVfSKjdzTqIMy2qD/7ffFpS + vb8/alB9Ga+Yj0TwYC7PjvFuMViVslDgoEtzc0/1aDqTflK7jAFDBBXVfF3KZUo2 + mTAirKNWyA+cwiUrEJBgv3iGbQr5AAovht5LQ3pVbnBUoH3/s+M7yE6M4PbTaUyp + 8bQXhwXNhuEf0g8GwSd9J8tTVcy7YChkjdajH6S/vtWsuvjQJ4Uw2YmqITCqT6Y/ + cOHIZlxIKEsYGAGEql4fxjLl9+lIv2A92lrD/pmHG74WWfAPpGeZB+DTBurKvH3S + XgFP2FY6oBVlFVGRgD84EoEg3bsB3x4OkI5nP0XYCqp4XUi7Ed2xiRmroCDp/2ev + INhl/Wjujd+nijjcpdPYCxXOLHfma9pY5B7lrBOyWZUQO+CErTZ6775ooAJDXKA= + =k1ZB + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/inventories/chaosknoten/host_vars/grafana.yaml b/inventories/chaosknoten/host_vars/grafana.yaml index 87cd328..2e3672e 100644 --- a/inventories/chaosknoten/host_vars/grafana.yaml +++ b/inventories/chaosknoten/host_vars/grafana.yaml @@ -10,17 +10,132 @@ docker_compose__configuration_files: content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2') }}" - name: prometheus_alerts.rules.yaml content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml') }}" + - name: prometheus_alerts-fux.rules.yaml + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml') }}" - name: alertmanager_alert_templates.tmpl content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl') }}" + - name: loki.yaml + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/loki.yaml') }}" + - name: ntfy-alertmanager-ccchh-critical + content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2') }}" + - name: ntfy-alertmanager-ccchh + content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2') }}" + - name: ntfy-alertmanager-fux-critical + content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2') }}" + - name: ntfy-alertmanager-fux + content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2') }}" certbot__version_spec: "" certbot__acme_account_email_address: le-admin@hamburg.ccc.de certbot__certificate_domains: - "grafana.hamburg.ccc.de" + - "loki.hamburg.ccc.de" + - "metrics.hamburg.ccc.de" + certbot__new_cert_commands: - "systemctl reload nginx.service" nginx__version_spec: "" +nginx__deploy_redirect_conf: false +nginx__deploy_htpasswds: true +nginx__htpasswds: + - name: loki + content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/nginx/loki.htpasswd.j2') }}" + - name: metrics + content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2') }}" nginx__configurations: + - name: redirectv6 + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/redirect.conf') }}" - name: grafana.hamburg.ccc.de content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf') }}" + - name: loki.hamburg.ccc.de + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf') }}" + - name: metrics.hamburg.ccc.de + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf') }}" + + +alloy_config: | + prometheus.remote_write "default" { + endpoint { + url = "https://metrics.hamburg.ccc.de/api/v1/write" + basic_auth { + username = "chaos" + password = "{{ secret__metrics_chaos }}" + } + } + } + loki.write "default" { + endpoint { + url = "https://loki.hamburg.ccc.de/loki/api/v1/push" + basic_auth { + username = "chaos" + password = "{{ secret__loki_chaos }}" + } + } + } + + loki.relabel "journal" { + forward_to = [] + + rule { + source_labels = ["__journal__systemd_unit"] + target_label = "systemd_unit" + } + rule { + source_labels = ["__journal__hostname"] + target_label = "instance" + } + rule { + source_labels = ["__journal__transport"] + target_label = "systemd_transport" + } + rule { + source_labels = ["__journal_syslog_identifier"] + target_label = "syslog_identifier" + } + rule { + source_labels = ["__journal_priority_keyword"] + target_label = "level" + } + rule { + source_labels = ["__journal__hostname"] + target_label = "host" + regex = "([^:]+)" + replacement = "${1}.hamburg.ccc.de" + action = "replace" + } + } + + loki.source.journal "read_journal" { + forward_to = [loki.write.default.receiver] + relabel_rules = loki.relabel.journal.rules + format_as_json = true + labels = {component = "loki.source.journal", org = "ccchh"} + } + + logging { + level = "info" + } + prometheus.exporter.unix "local_system" { + enable_collectors = ["systemd"] + } + + prometheus.relabel "default" { + forward_to = [prometheus.remote_write.default.receiver] + rule { + target_label = "org" + replacement = "ccchh" + } + rule { + source_labels = ["instance"] + target_label = "host" + regex = "([^:]+)" + replacement = "${1}.hamburg.ccc.de" + action = "replace" + } + } + + prometheus.scrape "scrape_metrics" { + targets = prometheus.exporter.unix.local_system.targets + forward_to = [prometheus.relabel.default.receiver] + } diff --git a/inventories/chaosknoten/host_vars/keycloak.sops.yaml b/inventories/chaosknoten/host_vars/keycloak.sops.yaml new file mode 100644 index 0000000..73026b3 --- /dev/null +++ b/inventories/chaosknoten/host_vars/keycloak.sops.yaml @@ -0,0 +1,216 @@ +secret__keycloak_admin_password: ENC[AES256_GCM,data:U6vt0UHHgz85sO+X1YucL9CIr00LtTaeyGUFZ4bVFarsg7y6gTtb+fCuYKCgsJmNDP9jek8Ny+A5WPkMkWR/pA==,iv:qq2H9nF6/1pUBhJG8dFmfRdxk9HSaIOoTdu3uu5xJDw=,tag:rpEuf7JSQ0092R1aPOojKw==,type:str] +secret__keycloak_db_password: ENC[AES256_GCM,data:IDmQUjQh/QB1xdkwPKqv3ZAwdfy/lkSEdAJuF5MSPCNKfuANRmN+4rH570E3/ZApAJpLAkefh3pufiVbNF8Ssw==,iv:W3roegZU2KfeBDBBImQCCa6VqX+nUk2oh6jMhzbGcVM=,tag:0Qzu8gv5ThtAss4xJ4vf4A==,type:str] +secret__idinvite_token_secret: ENC[AES256_GCM,data:FC9LqUf6wDijaH6JIde9u1Lc4qcqi/XZwQ==,iv:fSgbI4CXMeCKWSyVYyYT+3Af+OdhZ0wsFwNpZf3CA6s=,tag:tGe+xWyBH2VJr3yc3Vh0qw==,type:str] +secret__idinvite_client_secret: ENC[AES256_GCM,data:ImweU1aPI0G9Lf5+TXvVmZwGhoigSJoHMLCuq6MxxP0=,iv:GSGqpMVHq31U+IYtnHnu9RuMt985y2N1PRvrlWFicg4=,tag:NKuqLcb3xPzna6t2VVuIog==,type:str] +secret__idinvite_admin_password: ENC[AES256_GCM,data:fVb+vCHzPLvsQ44wWxfAwx5vRpoycJxBLA==,iv:Co53uRh5fG4pEVxnC6uWaXRrCLGH2Celg/XC+idiWSY=,tag:AWUn99jtuJCqXww/2dSS8g==,type:str] +secret__id_no_reply_smtp: ENC[AES256_GCM,data:Sqc/UkQq/2F78G8LP92YrA==,iv:ObEdXhzHp5aDCWq3r7aUBhOEJ1sJ6lYiYC0pmWmwML8=,tag:1rtneYPlKS+uDzFWev6A4g==,type:str] +ansible_pull__age_private_key: ENC[AES256_GCM,data:do68bbNEpLJsuVTYbxsVsP/9AjnqANPIzC0VIC9QRvWPiuQlteCR7OQPX+uTrjVn6dYMpzi/G32AsX6X5gEx5paSh8XNl5rmdlY=,iv:gdCxC6WFxuhMbusFcwCVT1hdxoXbzhtyHW3ASh+N5ww=,tag:WgXzfOAL8r5ge37JwdRvwg==,type:str] +sops: + age: + - recipient: age1azkgwrcwqhc6flj7gturptpl2uvay6pd94cam4t6yuk2n4wlnsqsj38hca + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLSnpFTUxpS1YrblZsOE5i + VzluS280cnFmYk52c1RGaHN6eG04MlQ1a1NvClFoeWV5cm9pVHVsbTFuNDM4d1Rt + T3ZvSnJCU0hkZEpnS1hFV1F2cmJRVkUKLS0tIGZ3T1BvWW04U1VKTk1YNmdtekZx + ZnI2cjhQTXJMSkZBeDF6OWl1VllkV2MKx1u2B72DW0ylpoa7YFVxmcmWCvejf83P + U6bzAUyqpNoTVfH1MNti0KDXntV3/xfie4V+uBdHlJoM4wWgwfpxsA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-20T18:56:43Z" + mac: ENC[AES256_GCM,data:zuJ5oJfVma8DH2f+Gh9cSBFFiPjSpP4tJcBc1Rvb8jW+rLgxQWLcmScvHzNS6Yj0h3vINnV1oG+pYb0S4rnUxdH5tyYvI0M+DxMuC4zodxGEkvMcg/r1mf+cHUS2evDOJbKzOrNQ6oXTXu7ByBtug4x8SmJ026ul8qUJFJTucAQ=,iv:sJ8oLM1c9Jf3vqKqMbcLUyO8wubhshj/AgfYL3bjn7I=,tag:dwwktlJDiEg9/TSmkcfupw==,type:str] + pgp: + - created_at: "2025-10-20T19:03:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//YN2BM0cAL8+W4bKnOgJpws9PmVTLVb45xBjuljQpwMhp + aXIihHyl/594wq8HDfLkTNeiPCLPtwsyUghGxO2K0JtlByVrZqb4ou9I5MiFrNID + 30I1lV+KfUK/l0RxtOwk0u5r2T1eaUsonnW/D19ypBPP9GivW3Mr0tU8eorwwMRp + fVKO6Tx6JsZM6Ta+RjsTD/XsGA3hz7Fhikg9WWJAxFXtSmUFH/cOLzywqUqfoVJZ + 9fiJ0ddr9ZIduUPUJeCr4Rk5Neym2ixNONk4EB/+C8EglEcuq0iFlu5MWcHYPsWF + TFAFRMXPC4iA0iwNLBq7GtT+PlGZ0nGHghDfWfNzN6w0CrAQOKbU+X3rq/A9l107 + YVhH/qqsITN3DWBS/XzqTvLkoF26kFfPsJx+zPOZSwvNFg7AtoA1gKsM03SZu4ws + NARtkVEPUvpuEmZpvNgl5oFh3GcB2upUZy2G7hZGiOveYzzJ8kSm4xi2Dm9aRAZA + IoXUTN7IJbvvmFIzgt8zdxHOq7O+6NNsmuXkIoPe3U+vpXU/MFqO9DrW6VNp1DDA + hMZK46AiaNqYaikoSG5QT6T7deW92eRla182nQMM3vwQXINyttxSQwsO+9aID8H5 + SagAMnmNwyre9zybqqh1te6yxGEN3gytrFpOVVFekenMwr47Us02jsl8gT6nErXS + XgHBrsQdxFal8aqQm4dk4n1cngXcW3/stdEDGiHS16hOFtRA5gk4Wh46lccgrkA+ + yYXz5jrLUN1Day0JslWLLARPHr09Y1Mw0xhuOwTCrrXMigmWl4lN+e8QsxvNA1I= + =Towe + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-20T19:03:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2ARAAt8fzgHEAREmswy5LbVkYEUcE4gZ6/MGplykbsmqHhVTn + 2RfbM2DtIk23R9SFo3y1YPwoTtr++YM797TttEKfMAf3jEm8xcDosGw/he1bBM9r + wyvYI///usr87O+IiVuk8F0NYk4UCpDzYuyUANiIPPml+D3I2rskg+WohMoeBSAN + pVOkdqayR1BZzENoMRN5SJEamoMQ922b7jVeKedg/gT9GmcOB0zn36ktnhOQaonQ + yLS9D0SU+da+NWQMxu2uY3XNjtrmqc+n189SQixAB5x7SlnnnUFMHBJh0GA5xvD1 + Xtox+8YiRdHhIbUNeXSOTm0YfAmL2YKxalUBAWyiAcKg0UnDU8ZNsQNTYJcMP3bz + 5QPmkGcV3Ge3Qvr63CUA4qQPQXdXIy8dIl8ETiyGi9oStvsSjcpOKyEG8LE+bGli + aOCtdsi5cvnmMt9D3UCyeYqLhQdDZ34z/N35cUohMBmfWV55rdBioZu6Q9a09YVg + 1JyoxF70bZ2aFfYAQoKGD9TzR7Uehyf9moFSjp9gHXIVtoq9w1Du3nzzwk1H42U9 + Qp5Jiof3WIQ/1OjPGuhxyA6f2cXEg/iwVqpcDgzaloW49wtEaVmINummxnCJX9Ud + TqzKidbKUQhuBYdNhLemnmsLflym7ohgUhqt9a4PuBl4WwuAEoFGAZ6z5uEaM5DS + XgG6J9Y52oSne2pIw96Wmdtv/BdujPWoGCeeRMHYwuxE2cZ1wNoFWq8RoB74PoqY + LGfp9U3tI7LVyn/Zs12UNVAs1zZtZmplcqTBvIbZun2ToAMzEfrGeVK0T54M9CE= + =r5XD + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-20T19:03:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ//ScnbrArByH6JmtM2gnT4MHxXfjJ1hOSrmv0Bw3oj23ec + jFA7kueGGtDPhEcKHZRPVR9oWRj1Ll8G0Utl5p9dtuTWr3Tmkprnwg53KP/2EAOI + Ih5/oJ9RtJmIfkfJCy0uPRpP0dC8FLcAOB5gBGgUqYsz7DKQXXnfUcpEmW7Bu6SW + DFGBsxNsSqQOiKUlUD2Y+s5KvQYzjYWz0grAao5OZ9cjdrhkmtdfeeTgphrFPBbG + TJBeBjrrjA40fHTiS+QETITaywYXuNe2QsL3Mj2Ww6cl1P/+b+yBsU2kWb34XUzE + 70oEvLM8rOzqV98ihLZM6XQEYpAmo9I4up+sMicXTPn+QU97XhxMxPaJBttC/AeM + aWzLcSKncZoHP/QE4bVBNuVfS5lF+nTDuCAMXDqsmkSEnLSV5P+eTV2hcCdpjT6R + fKJAlkpkjJsGzr+UhgxveUqGvRpuLQdL/o8zo/tV1++hCjS2rqRsSrG9wOBNypcS + fIymigIeuYnC29osYqsnU/oUrBDFFN7/gjdQkuviWsYH3tAAYlN3byNxkqLFB8dM + yq7xXnkmgM3cZDpUsoAk9776ovKGw9Ho7o2nH7/Ztqguvue03aTcAWvMwZV66Met + tmzjHDg7LQ53I5YCWJ16PRu7MonSbhpG1FAhzTd/MC0ycDZvsh6MUTkvlmHG7E/S + XgG7H7QPOhcvxXNrMkwvlpTWz6Hrzb/RrSgnuepzxUJ4ZspxbFcg7u2VdSS15BkO + alZ53MQiF8FOyXoXPTuVOvftxfJlNs7kFejN+m3M0ObIsglLQZrB/nmWdkfmEr4= + =9FFb + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-20T19:03:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ//aFsuLbi6Ko141qRzvVNa5+d+QVKlOgaDg1DUU7L8eOB8 + qJQr+pLg+5DfQ0JKaYICvG5AJUXYZ3eW2OnIr+1I917G9X/4zk8XjfPRxda6lOBf + lX/NZsFplcxzASamIQtwlKdaA/rNZ23JgVNZn/EnnKxTCTDAd3wpVeKqPAgJUY6m + jSvuYJ9NzWBG2Qd5bdvX18YUZSra6NXalJRpqU3jgRV++AKBUVIPxAU9KthwScuH + yxB2K0Nd9l45Jhg4SyQxi22MN849iYrlOohIi6q9ykYUAEdy4wImxEP86k/pIgbA + 0JdV4+UqbV0+A8PU8yx1ZZGA6YMwrj4zVpvOJokn3rbMOHMuj9TwGpNXe9cMdhJs + di52jGoCEgeWEcm67j6EBq3LZjMjnFfjoUozNT4O6zKg0rYD9Db4cSMmsveIkjpk + d80gv9TEGhDN/8BwKu8fpMGKX9sCEuxmZHh7W8teSTrEerXOt3Elov76pYdk50dW + Fc9hYdAhNS7Brkb0hLl2FWDV9rFB0j7SUUEMMfcTGCJNQsVTIFpKPpRDRyJ3f3ne + KmOG19BL2q01/Kb5hrfsNvRx2/apj5CV3VlFNubVXRqTVR3AK2nAyXImiTh2Pb5r + wEiWhC382Rt5B9ePV7LLte0DsOi67QY7cAzaZ7xq2DljVTu96dO/qauNOjllDzrS + XgEo9UEndszKuuQbHQNP7UWmfoX5Xld1aj7QY7+hbjYw8cdQ0kxDn1iu+ePla8T4 + XO4egiG8ZUWY149hbAvej/eKM+vimPEyHMHJqINjg3o0cgoFmodhWidGXupYZ9E= + =4faq + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-20T19:03:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdA/k+VqkHz5pYFUppWY3oV9YTayH3jeHOzQhGz4fIqiUow + N9DXVNvXoHyOVmH4EW+AIrDcunUFh3JZL2OLw8zSmwXw2vdw6wfCEP7TuG/xtpmG + 0l4Bo3JAPGe48qDDPxUQke8CAYuMLeAMo7i+yAajGOzB17wv1kyfI6gjOE1YN1Zz + TVpn0QL9dBoU3l1zdxueo3IX3EnVGvmDWx0ZOD6IYBqCI9ywYVfUBSRnU0hTvnmb + =0xE5 + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-20T19:03:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//e0JAmDrwi7CZZTAPeJf/ulgbX0Mjr7T38CKLMjv8ACQX + ZEGV9Uw+JiJkSqVMKR0I5BlqoZjCEyKDsO6YI25Gg8ques45mDdEv/1XJUrm/SUN + nVgk6cQZY+9RlNUb7iRQuA9C9PHQdR2r1vpZaBNNQac8lYXLnAIntKsYk7ahQIdl + zASKaqADkKG46lftwskNixd3y3FLundIQ4pHOnG4w1ibOnCVHeX3CI5DTCptWr9/ + G9D8gblpU47bvRe1o1chfQWulelDcqs6UpCKkWBZ3VlN/ky4kgRby7OfGDeWZ7pB + 5qhpeabgG/OUItj9WwM2EiU5hRjec8G9f3ZoGgMU1iEzy0Fn0iMNUwVq0X+0mTXU + MDFJR7OuU5fttwnV/ZbscZsnr2Bg0TJtJ1LqswXqfTSYoRQjIgq3TZgOojgRfWMB + T3xB6PjmsH4JemZop8/MTWeaNVhU26T3to+B0YitTWZiutUyvxONS6rk3d8mPIun + 1uufVhv/ElmlsKj2JOpISGhJ7HWdkVfwzbLHDXHquroF7rqQnYSLesqmTqet6WEV + ZNv3c1H0R+Le+dMIAyzufxil3xeFfAzZARKw1cdr+h3/WMQ9Ew5Wqc+YMzj7NebL + EtKik2RW5kismM8CaFCPAaeGhT1hQObSFn3+07cAzs25vFdA17p5tjE6830BHqrS + XgHWmEYCnQLmY6VHJLcRNN93Kuh9HzaRVlHru/44xX41j9MOXn5G7gUi64FVwa4h + 2L1N++c9UNmpshELP2tt4c3Bc1r3leGs4SabpqJ6VUpwiHJmO6zNGG9scnFdLKk= + =lKcM + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-20T19:03:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//XqzOZvpif1cnn2vcwbigLFxqSgQ2f20NGCu1sNuCxqMi + C6b4X3BYTysb2hp2n9fHo6VdLEO/O8qi8e/22nI/A3C+8cLQyXNR03GPN75xoQgC + cXvnOdsACQvtPorrsbJhzKqxDVP7offWNeBxNyQB6UPiFEOXtKBtaiG1OwiBNI5K + PpaW72M2QW/oha1DwIvwA0Am8Ge9xze7KjamKZEl19pplLVGdSkxPY2Q2lB0l6sw + zrn1rZOrH0y6X7d3AYajdxs+3ERscfRFBBck55h7MZXDRNLECZGpRG9/6EOosoMf + zVk+ANxoEiPGnvs3f9LLcNSj8PlwOdfrwghG8J5DKUUy4gzPpvx6QiYuohYt0mRQ + IA2KPi3EaytJvYrB1dwWrEMXk+xV5AJN3XiVtPHaag5fv2lL89ZxPxG1zGIRCX4d + 0VxFk5HDYDu0n4QwtaGkg337l9XLtW48nfnI+5Vu0a6ACDyNGBwlP+iDWpp2KplM + KYwLe9Iw6OjhwUDxZygZYppo6gJ/3zItqc3CNI18WyDNKZbW5HXbJuXwU9CHGyff + qt6pqLdsdZ07hdTKHKheE3QKPYu/3sxHX5H0wjZeLil0FVjQGg+UQ1Z5vDBOxdOW + Up+j0DdRdguThffY10U4UIJulmY0L8YkCgUcNQWlaJSg4Rz1Ebmapg5ETtwQtg7S + XgGq+qimi0YqNYDpDKX23ormKuOUD9RoBaZW5LdSAjXux8hCABh/EOud/J1yvUnQ + 7RXxNvN+jB34Fq6RoZnAmC0ZyZ1baqQsXUEKt7xQ/XVc/ouK3GTIKmeFrdlkKSQ= + =iFsx + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-20T19:03:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAArTCJBi/ajhB5IgD2rphY9CT78lpf3Fhap0Ra0wVjej6q + X1nOa8KenH9GAiVj5VcL5Po1SXVCXf/aMAnkSVZ28k12JrjdBXe4wKr324tUTXFq + VrhaLTxCV0sCB+RMoh1kVowRnyNrGUskw9NdEfKmnFC/o9NixkFrQHDDG0m5QNvi + W4wTFKlyp+GgkZ5Q3VJnpS5c0wEbS+JHv6mXG02be9IvKEOc6T3Os50JrKvxeDX9 + 7DM/sT7JCUepjrXFJrBVCv0H6NnZi2fhM7gKBK3dF+9X5E2X8lqSzl1V4ad46YRt + UNUR2ALZ9f646uxMTEfrpH6eICgdv/k0N5pHPmsC6FdyaG9b20rLyXaCnvNvT57y + Xy2xXjO+QnkkUFoy8q2Z4lIEvAoiINIrxJr19aamG7EBKA1EnTgD+Ug+z4wHgdlV + gfg89nPxIrM0yHikSeKZOU5HI7DKz37vVwAZANjFNqqVUKvCnIu0EAhMOtlmj08C + db3PdorygJD6oP118dzOToYlNgKhtNjPeVL7qmMf9mN3oK+fcLQgpv83gG9AAVxa + 2nmev5eEAVDULrHXJjplMTZG+5NgJy0Zr4gdrc3n1uzYuQjbw7ucYuSoR/fjpxlK + 2qE3xoGzAP3FMmVaYbedJUas/RdKh6xM0ZQAF2MhLgMt7cZF6ay8rbHeJ1uGB7DS + XgGOitJbiD5hNJH1PLTl1vplMi+GGI6VvsdArzoAdPBuXlUseyoLaNQBLQJ9tlYv + 16J6/mCZrUjVRoXe8XAZ6PEQW9Z35DXsFwAtnBQIzpG3Ww7kf+mVBHQ5ElkNDE4= + =yj/J + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-20T19:03:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdA6LlIV/tP2myea1X8BGHbF0OdTkLRPk2M659U+Z4zAigw + g/OspH8USPFrJQf4OdvoOASv4mIUlr6XiZ98WdgSR47TdEmfLInaJMN5BxZ0PRPf + 0l4BJ7gyU1pjxibIMm3cJz33+AfL7st3F0p/aWsbneytlGF+GWRLQpnEjt2pO+Y6 + tjRVCIbZ52zdZKu8p4HCo8YlGujWuyLDoxs5Ra2k8MvZ8wn+2vwQ9rldWqRKxikA + =OHMy + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-20T19:03:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAQUT3qNMP0m9l9ZNUzE2QI957/0Cb8ocQLFg7PGsR4Tgw + 60xK6O5zxpTpRMWu2iddr4ducvsEHvZxOykmY0fFrLmmkZDp99ac1wd51YJTAcms + 0lgB73iny5g+GUvM/s9dgbJwnFvoGcHOJapbhVBl0QpT4HylDtdbskNK07lTNqys + cf2Qj+2wvYtVCciHirXNUhOHEtY7IoJDQk7SubPBEZpMoAj6zstqhhLi + =4ph8 + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-20T19:03:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ/9FTUO0mkPUFLv5cFLhsNibSoVh4L0Gnd/cIFhjcI6onkT + mS6A6xLmPJn/tpEZUeyxw7HfE9VGzGvkmd6PCxKq9C3Yyd/CCoCPjIsIOpd9nw/B + rOBwmsQLyIOWKkx6PQ1A4aEoRHb9RnPWTJLd4CWTOGauRkrM9tZ0n9uO3L98cRUl + NAwwzH+Ztg9ihj1CUJoX0i0njOvrhg2Qrl5diCE40g91b5Uk5rCmJfy/+Frn6iIw + JuG2FphhvdN9mbhw3afL26YwlYYGbvKI31CpZX9Jl+k04PqTm3S/rxX1LDr9PDUj + Xm016D183mqQHM/Tr3KPTkdOg/pyIvR0w71MSC3VrIv1z8EoojF9QwOxiSlxXX1y + KY2/tT86HKBPtzXKbAXyguuSdrMzjBCubOjRJRZj9QdMArQwL+7Q+nXGLQ2faKaK + f/axEZBXu1A0z179QkBfIn78tznw7E7chmnABQeyOpLCfCuoyjJJDgiWOKSozIWk + 7SrAVjO2WLKJcyVeLdO4KZapSumE2mIBBH6xxZKFAHPGeWTkd7Tlcsk2D25lcdPE + /i+jzSyBSTPDzF0Kg9of0BmfkbvRg8/3Yjapr3gfmZVAyjLPqzAoyqi4d2o626Tn + s577vgIdafAiS+iMTa9QtS5hyHwcD+dqmJWv9J8Oexb8R+9Xi3XlN6exiQaolD3S + XgFoGy4Lvce9j0zJJxWp+jN38brNsrRkTZ0VYtow6wUMPK7J5RPlXpOTI/0hHxDv + ULJ3lIj9paK2rlnSDEGv3jCfM88OXC8GSiIAN4618vyk9QOy9sWfMTq12BzvESs= + =nzfQ + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/inventories/chaosknoten/host_vars/lists.sops.yaml b/inventories/chaosknoten/host_vars/lists.sops.yaml new file mode 100644 index 0000000..0f17dd2 --- /dev/null +++ b/inventories/chaosknoten/host_vars/lists.sops.yaml @@ -0,0 +1,210 @@ +ansible_pull__age_private_key: ENC[AES256_GCM,data:pUFhg492OUXVIlDZ3Z9A/H0doJCuTX0zh9qLU88nz18jMzWmzXhc2kbQkk4QeSTnZ12juiTbpUFW+1cE1bOontIu5qiQgpe3c8s=,iv:bONSyFUibcszUcxBt749aiVVnqLKBuEJmfege0dGaM8=,tag:cvapTnTN62XTR6tQBSe+IQ==,type:str] +sops: + age: + - recipient: age17x20h3m6wgfhereusc224u95ac8aj68fzlkkj5ptvs9c5vlz3usqdu7crq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnZ0xCY2M1aTR1aHI4blZW + RStrN3czUnNaZUIrMGwzR3VyTGFGaUNNN2lvCjVEc1FOUmJKcEgrUisva1lUQ2FU + TjRzbDBoSkZIZHVDMVJtZGNQVU1aYkUKLS0tIDZsMkFva2ZlTS95cTIzRXpHaE8w + UjhNS0lWelJ3WjlTT0s5UlhOMlExN3cKRmzaekpinaXNml8Dq6Doqok+vn2cmBgu + iv5wPriaTHkfrMg+4vbGzTldIjuMhrXdEq7luF37grN9dgyEDn6Z5A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-20T18:57:27Z" + mac: ENC[AES256_GCM,data:IAM6vn4rI1l6qvPWEcDJ5xoD3I8/GWOr+PmRQ0QdkVMD9Pt7cHtMhHPpYvH3e8MfDPhC2g2uwt9FHsPqpcOXpflme0aF4E9PndGi1Pzi+yh40FSBAzLT3MEQ50vZ2rifzqUe5KSrXByF1WAnZxLTMST+xIlvEZOV0gx6y0G/iHQ=,iv:15MZsyClZ+WLBZgcRSq740LgDakuHAXAb3hAQyLKVSU=,tag:7+lRz4XKKVlkSeDVs4Jy9g==,type:str] + pgp: + - created_at: "2025-10-20T18:57:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtARAAiVpVbDyneSRJEUF2n6Szwfc6aHzYsldZpid297JEPuMm + YtqUcZmb1rCLs8F2reLKq1HUoHKvxgtC8IaiJH5EB1a2JYRr3zlu0Cq2D7DwpePK + cJHcoCzkVIcSonV2ojj+ay+L3T2mwEZEjVO9lJuXQuiupPC5fo0+qyMOeyfmQnWT + FLF8C1WiYIQPw5gy+p1VykYNrcGQa2mRPGTU4JwlZc5IiDJ3DDXduwcsg7bj6aA7 + hVR7UPDjGRmGSr5vV1d8M4EB0JEKES/e9nbUfJuEoYE7jeRbPs0RoSYiNmSi3q3J + YuUMw/rneZ3vBUm2HPP1X94MH+MeECIqL/T1Q0+lXPNEWjw/S6X7q6+N+5rkRj54 + urmNo/x5ruDf3Xap0vSObHwFTzfpYZYoAXwLofkT01Dtkhj9Nr8PxVMNNYkkKNmh + nPvfcDvwfr7wCCqtEigzK0cN0rWQJaDr+Cyu56yoRl1s0vnr+fAuvqNHsT1kq2WY + E+ep1lbyqvTb56ep/d6a+gFH1G4IcsmmVoFzOwBuGB9xFN5zhulQPSbyk6/eTGTZ + v6BGhQbQf/XLkYZLFv4I2v2WSYgiJcmBBqi61dpnPtOtdblth4yj+SsYXiddY7m7 + UitDQ9uOiRpFmABq5jSQN+WaZryrmqKpDDqfK9XJbTB9XTJsWGaeenzPhvzwaoLS + XAGxhAvtQsqH934jMtUZCQrhN4DbZXlyyMo+h2FYa3BGQkb0gYE/eFB7PwuMYCmI + ANVDs7Qzxl7GMfNz8tm7juj/wXGfr2B/I1Gw0j0M5ytWkKf2d7BWabM1aLxX + =jM/Q + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-20T18:57:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//c/sAL4NHAWYI4SVDP/F6q9CelDGuBK/oUlH7DY2kgBuD + hyFnjYC5ypLTFm3iV/5Ctpfb5ypFyAdMKkdgvt84VRV9XqLi4Qda+H4xprg3JMFA + oQfsuMYSlXfVYGC5ppL8TaI4jmMS9juz8dUenZGNK6y19VrinbbjU6+pPy9X8U5+ + gMq3rcCuzhigUBoQ55dSbw53FN/lFCGyq2cST1wgfthJIB3mxQmjq2kl6kSrtQdL + +5etkk25wLOWPZGCQzsyzF7IkHEpKcqQdWuEyVV1jZT/CoOiPGbKFmH8TDPX2i8b + rOnCAlCSJqm7w9vIqiZz4h09ZDlUQBq7RKK2YCcLTtfv8LwPr5HvSX4ffBgF6G38 + roZUG/o3FKbhRHn2MriS6YsqdVtNaX4svkiFQ4DBuyCuLLZXaQVGfIYwuna3X1hY + ZrkgtpJHYgenO6TadQj3mbe4PbwJKnU5iFosizSUV9Y1vgoSasqpxkCbqvxYPqF9 + 8nZbUfyoaLpuiZo+j+c+3fj/uQ44OJre8wFSsUPt6uLSQQ9HqSX9o3OPM5IRepg5 + aNmPq9rZkxLQrI6mlwx7nmkA41Cy3hmbP7einbpFVG/tno1ZMgzT4laMZsDuA8hL + OjYGX3e3NJZJ1lQZVMWkAsvMcXsVe5HZrH6DhPeZjuEHmcAWMWuhUUW5/a2Sy+zS + XAHSQtBIXhr+DWVrL24ZNZ9dfTkyOofnQwYUqEPdn95lMFvIhfwB7vnL0UK4kI7D + JWGYM7fPADgMxjG0Avd9m1IJuzMPzvk1SoYoRXoAjLN39nY9sZsabbKrQ0Ct + =rXgv + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-20T18:57:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/+L3+oHRYY2uN95HfPSHk/gZ4WMuqNwPcIMyCm2kAiSLS1 + KC9wKpTSWEkAf43EdG3DbzOtxbfBoMwfufm4wORnixQdpTwSk5GrvxyjBxR5GtCZ + oTGepcT72wUxJ9wMp1kC1txqCJtH/sqxQJ058lRP5EsYQSfbijc3Ardn8FRUcNzY + K/MJ2vkJnq0wsOrg3HrURdrIEvLKI/np///py11NicP//l9Onde5Pqds6Yk7VCtW + 7WADEnGclDtrSwvvXcRD0mMo2tAy1j8Id+EL2vwGMkGIydpPvGF19Ef345IsT/ES + Fn3+xzi/KdOISUktYc+RTRegwtE8v36XtWJnqDsYs6jdwKXM3tyYvqoCm1u3ZySU + GTli+rxDxqkacXT8bTJ+N9+3untZwcSyYgetbT8psSiqR26N11klh42tnjtfF4tx + R0UkNcIj23EhinpvZXrPiOgSrddgX7hZzYNdrx8rkxudIM94neS24c9jKpXxmO1N + GZ63TdZnUfIW4jQ36Zsb7VbGclGEwIxC19x6RUCGUgZHqWKyEG+Jl/8jwP7bbjw2 + NBY7tI57CLqx4UkiadYq+vT68oV+R581gpkC/uzLjqOoVVzWkStoNag5lCbxhvvS + J8gwqyCamNQpq5n6vArqUEHDGE7dC/4kxBdx3knRmJ8UhtOdE1qd8VJmGlSgrkLS + XAGKBGsRUmNZK5QULK43RJFGJnYJABMZEbW0LncsDRpwPELgb5HvqFIgxsVj1J4t + jQDkMgY4jUajqSQvCIzQlzvhxoVYUydimDEhUFW3ElzeqvvDiXhy8wk8jzUk + =1AVp + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-20T18:57:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ//TwaiFsGmDJ1O7zQZ6OWgfpl6Im9Db4lluy4ztcSFJB// + SpyoTlxSLJrGREVMIcWEWpTcTVoUaqIEBDRsdgMoBrdEv/uL6rU1Ix94YWPmLsDO + U8BZ+SmOGPuHpyTFKPibe/kdpKraWeqi4d/cDOcnnxbtX8mWTONZQLViVhlHS2JN + 9jsXzvNLuhii8AQdVOqB2TtXeD2IUrK3CpeMELrMxQO8Vj/11ycF1SvoM6UxyJD4 + Js5dH5FkysB+nJxeUwMjDUSa5GTGABwTz46Gy6e2gDdi2p7ofFW/z1GL0RPcuD2g + VjAgkxKJLtOVWHbSRkWBEYpD/t45ZYFDqJonbbTjKG9+asmbcKDXqUvn2I1vdo9E + s1B3XvGVtlVkeCpwpzKli+UxB9LyQLa9QQnbGGoxBCuySGdc9t7hokdG+mO0ulpy + hSqMtM0g3EuNLOLL0H0OdlGoaS41BXsCCd/E1W0l+JcVbCEwm/BFjrOFDvDp7BGS + ZAMJQE2zOaxqFkQ6HqkSugmUZdWIqflO8lC3vOlDU69Vv4BSqZjuC593JuHkSGZn + /az8dIKPJI4PSbU13twz4JHSxPk6RJsLCsFeAqZCmgAu0nD8Yw/xMORZCALM6dUz + kZC9eguLywU/cEJyHI1l9RiFqlwfNK2lPtxax0Lo7LKCMEsTtuSFcvLvxl1Xev7S + XAFkHw+9fkzrWf+gLc050EFpY0k4kMBP3at75KWb/Sl4LSE0+ZGKeyWGgyVPDWAj + l2sJbf4GXHjHl/M/Uph2uDmcmNtlECJO07LylHcdOPkiF+Qf3JBBavOtpTLw + =KnHm + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-20T18:57:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdA/jTg8rl1ZMl9rSubQTyoyNGpowlbqPTwaykbESi9Dxow + mrdhmIK8FJibVGbhL5y+upDQP61JWbQVL7Jn7HvmjQ0UkOMjB+lBZwRxqD56bkMk + 0lwBkOc0ICDT0ieiYEaacNPsK/xgW4W0/M/QE8943nNGxZbzJwCBLD0iT7sFU/FU + E+UWISiGWskH8ND+IJTMLjCkz8efLbppKk8e2qaCogzbfnrwNc++N+0zb6HycQ== + =FlIT + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-20T18:57:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ/8Dx/PoYg/fB0SsOF+o0/5ihVXzbs0pUcFnOvR8VdSXHhu + X/+pRu1j1h36BU9tWbDoinU2p5P2GKdirlCPpNxIm4Fke7n4OjtUC+lIfNTg0K4K + pDLLXBhLZd24sD1zs86CVYMH7tJXxJk29q5Cq7YRnhRHc2RmF0bXLIjeyNRI73I3 + Np0NDfrTLiOlpKwjnX2G4lXIm75R+D4E7rJFxs20OSvl4lkk6n6/BLdo8pP7OpCd + kVNqrIF/UQwdkbg0FJFlt21+QstwVHrE22HmLVzVXNcAXt7tPNcMXhIwZU7gGpxZ + 2Z/hWhdozI4bvDPDd67gN5Svz9ERM+sshkdkIKmaCO8NIzOYLbfVTSeXtlPG6xfQ + CdNmwGALncXv1F6QoxcEw0PeuJhUqx+ZnIiRTLT2FGBJXZkT2eG5YwhtaQJeTJKB + zIP83j0lJK2/+I8x8kxDSKHMTQfnskUHbSZ5GFfaG3TXFLM2HRh16msQZFQMDZOX + zXR9uJmXaaO2WVm5Xg6YuJ/yzPdeDN4+FaWoGHKR8TlDpn/FtbkE3yllMFmwg6jF + 0iQRAVWhruDAFlVOsIENnyPd3FmTlk47WiA2juFUP1rBShDal6qPJ9HMPIwe4XVN + 4kjmji736kdoW8TgwwHe4h7gUx7SP8jjOVPvx7Rkh9hOKziQXUVuPjxXjR2Wp53S + XAF9NEzsFAoR45xmjJRqCBWZBx5HKASSp4XmFz0IZWtX8nVghzL8d2X8f+RmEHCf + /tV/dddUdjulNY1ZdSciXYZ5ev7TYJbKQ6vWdYu5s/JyLs8dXgIv/xr/o6IA + =ikuf + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-20T18:57:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//WTe7k3NYS+8aLr1DS9icHnrHtF6ksULdGnuFbcO6C0R1 + H6EfIDfZgWLUhGc9hNDGMtSEIgj4umQCdTeqDpQS4utvefKdrgcLBv6LzxJ90I2/ + i6jbb95ruJi/MxYCDF9NPCT1M34tN50rPr6octPZ51mfj9zvTCJcJhwLfB0MK+mh + sNMoVNUsBm+EN9u1Mg2plJ9cxIgGxHV3+GyoYNm3s8KRQNJYskvh7OvkK+IRbiT8 + PKtbAdhn81yk9vbjlGx9AFy0VRzvpqIO1twGdPWaCdPsKuWlAEcNYEFFIr7Qiz4n + 0h6UQcjc2VpvXZruPwXByuiSAWv/+UJXbBZ3BZ6KaMOhP0la45DPY+UAqC4nXFmv + Ma3USBkhtIEC2A4TjTLQGdPEfAF640Xi73nTSX82we82hB4Iv8A0R4M6DLBnrPhN + rR7C5AffOTFiunqTG0QpE9jCHfr11ZXcf1qmyi7l2K9Tl9m+R1NubNEUIVIjaHf0 + FKaJsvUdCrE7B3egLUJW+xGCg6Cwng/pM0dZJ0vNp8M/VMQ5pBFOXKQV7pH94sBA + G9+QVPXRNZFhin0cPvI1+FNLHtznzN/Avx3rLQtMFcwZdqFLG0Sh/ai6nsKdjBPG + xE/RygNqHRiB+5wuig/WZcMEkqpElD6zottMdTY9ByZascrKLtuGbjBeh4+A6BrS + XAEiuvXkLOQD8kKhezCS5rWtMyh5o7xcAGcii4g/mABMZ2TMu+Rl1O5mX0Jomv4H + mf5zIu0yBMvVjkxX33Vh8hbgBWN2f1zvX9bEiqs6lLBBNOI2eMort2hqQyVc + =4DjK + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-20T18:57:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAAmqBvEPLdMy19MCzc7u51J9izozkxy19lABUlyRHYJyyo + UiWpY/DXmZMx3MyCLTctUFUb+MQv6eNC97jvTC7i36BUQWoPcck1S9HvEotwH+DF + N+cJrVjFyF01N9fn0FaGRlT2wh72QW0ZJMr9b7QbfO+cKngGXTm79HulBY42CSVa + 2OYFSaXUkmp7t3+1A+4U2V6+v1kfZ5KASb4GVGG8QSvKjIMGHLvWsEOUQb/2k+jw + 9rzyCjfqENvvkxdNOrS15ZBFOR0Mye7ubbRzHFk0rUH4fZrNtp9FY0JrT3sNe4M2 + onRkjsVWcCybkSAuRQQU8CG7I4/lcsUoK3Bj5Hq6zbit0XuZnmgciPF4hjuzbngg + Z1pWHfbCNhz9JqhHvXG9CZAFfQJV0fFEfvn1HfB579uSX9+WD0UYJLAWgEUfkSKP + 0BDH0HEO/wuUkr8WntKDhFMDMowbcCecwe/pYvuUWUYoi7boghHXuKHHsR1uGk9h + d7s1Hbx7Sk+dliVrVrk/gQCLsFcSXlH7z4SLmN7lRn2hO+rh5WlQ5u8ML/xoVV+U + t08566Fo2QoMyDl9R/fL/kgl96/JGl7rajsPpjPGBDcA8I9Roe7QS449Fa2XZIkJ + ZnbmlvpMnZqFapPss5S8sMiXCxLYbbZSazwvZ3HA5dXMiRVSLK5fM3MqOat9dzTS + XAEASS7AMxF+TXACMSMQuGmf00blIT6LDdZrZSPrdcUUc9ECMtaJbV1HuC6G1OEB + yfu+SIjVtSd+6yx6AgCBFpCCDAl17duYEVwskRWbjTih4FJA/1U4iQmB1wY3 + =eH4e + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-20T18:57:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdALkMupeBQcs+Pno/Cf2NdeJ/ka5Y5VQnxiU3JmrPaYXcw + 0IocsrdKZROgxzQKrNZVqZiWiM79IzInI1sClRPNdjfNB36sLVtX1dU/ocRyrgtm + 0lwBOX+kEseLmOHKncalLDG+J16wIOhmJMhBeze4zFrohjfQgtiXqixMjjTHeJ2l + A2TjtKPv9hhceLUKAkN1dI9TuAjFsgIDpxZMdWeGzvPEe7QpVIPjJf3umELgwQ== + =OnVX + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-20T18:57:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAqqgpaDHHwoU3lOy7PaPJq2efK9Qac+/MF9T5CLNHznAw + wff1KBo/NkeNN+bX9tP3W5ZpAhXElARDqR4G9R50GgC6/ENHo7RkiUSwKpQp2Wdj + 0lYBPgMWH985eMpwVB8NAHXQAL+Ar/eiXahk4XMviPjRhRViFVjoHWs5ubSHlnL/ + 8nZweTOlqbCrDGeZWkYexXrSV89HP7k2Gt19y+Oz7jisjjLBuN4R3w== + =th0k + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-20T18:57:10Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAzdC66g9n52nWLcl+baPnLlFLgjjIkUA0D/lZW2ZhDyID + 6XSBQ3eia0F0cesGBusa2TYHifgvz26UfxnGrnIAVX0HSDTF+9rZ3cMSfkZK3Piz + O19XIrYJIHogDbbG91EXI9aw/V4gn+boq+hz4LfJLz+t6jVa67i+7AXMn5FNDgb/ + +S+GHEBqSCbHTujZEoWeW92ZfyBRxCTvwsA00IGQoEswe/HDdfPOjWj3TuGSJrL6 + ffGW5GuFmwxbEhCuXyvC8I4ixUBeOv/0f9UArchLOsNZrnaU+/OQ4JxWOa16WSVE + IEo5exoHdhtPINV9p0CKV1xxbT2cFirVwQPOJH7Puh4aY+a3DtY4DSaZ1aU9AKks + 8dJd2+k/gC9j+qjSQ9DZPEbVlj3Pi134wK3QT/U+2LgWYR+VqkZr8Aef50AYPGXU + n/81ykuJFmHkDywfYddkjeQGYoTppgRKnHZguFzhZeqoELYlZSGmc9fG0aNcKYmm + hXf4zWGv+gUTgtQ/ybZuvLoNIT6ngTS8nJ8XrPaARfLyTty6BvRT+4kFKGer5koJ + B1kQZZV7/nPCRmJmQJdhTMQVI0+E2LX/UaezfngtCZFjdJ9x5tL3sw5vrq0Hxp/x + U//lw/H0YnxjbiGbQyVybWuRxtkRonaIM2bm/VL1ZH1B2nJiE3AZEcxK3vHakF3S + XAEsg/OjB4UT0ZvWfb+Y+qeVb94AM2d6vAeifCaBCinzm9wH2ak7dcgNEa9eES1X + +JrnARO1TnIxch44B06zg2jfAq0AJpmwOKCvqJic0uw4hBYq3kezosfL81K4 + =Nl9Y + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/inventories/chaosknoten/host_vars/mumble.sops.yaml b/inventories/chaosknoten/host_vars/mumble.sops.yaml new file mode 100644 index 0000000..e7024f3 --- /dev/null +++ b/inventories/chaosknoten/host_vars/mumble.sops.yaml @@ -0,0 +1,210 @@ +ansible_pull__age_private_key: ENC[AES256_GCM,data:D5QKEPEMrbVQH8bWqFGASVn14AFt+oe3Texpld/K493gtc6v1gsIMukykXQanGlVN6uacv1g+MWg9KFhbMlINiNahIx6mnJbjIs=,iv:NorEEfNpzrPHWDRFmoY8+AcHDn/KmeXnSMa4Iykfs5c=,tag:IvP0COjaq82ZcgXPr9bA4Q==,type:str] +sops: + age: + - recipient: age1wnympe3x8ce8hk87cymmt6wvccs4aes5rhhs44hq0s529v5z4g5sfyphwx + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzZ1NvVVVsWTZ6L2VibWJN + RmJaL29rdE9JSnBScS9Ra0txMUNPMFFkUjJNCjN3MVNQVk5ObG1NSyt6RFVVd3FJ + ODZlTjFtRWRhajdXYXZUYkZETXRJZU0KLS0tIDJwNHNKVG5lS1ZPWlRIaE1ubFEy + TDhDbHlJTFFkSkh3cVRRblZ5WS9nYm8KSIxaGYZBlX+uAxMHt+pO6rgVb0fO+j9P + zgrFlUZPpxVGx7opsmGcdSLKwFciyzep7TI0FrNS8pXovjLQ5GNNPg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-20T18:58:08Z" + mac: ENC[AES256_GCM,data:8to2Az5MbQ7KjshRpOwQZq/qclSAjmGvIM5n9ANudP/kCRsxu9r+Dq+XB1wczxG1qFdvgEaBpUNp/VKKCpFCo3OtcAfm40IVU6hySNa/NDmcGNz1LbpULgw3nKyX7YxLr5d88yAPDH9yPiXxEjQ9xkSY7iweeiT+dH05cca1aEQ=,iv:rYs+85IVSEMylG8mSfkFKSV4RktUTBWoQkxo3+PRBBw=,tag:tv/RoMVDMdU2DBx/xsQTaQ==,type:str] + pgp: + - created_at: "2025-10-20T18:57:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ/9FtgphjgMkrekylJTWUEK7v86QkuO8W/gEGTWBNAfyj+b + uT5aSZl8Bzrpkv9SWGZFlxXoXRYuVVLkOEnNE/f+A4NJic27WxlcGzUHQz/Z8bJb + rkrubWFJJuUL2EUlkUBzGj+pQ7mY3GZUjmfW7WCQ6RXp3Vs+Bw76UKCs+cGiXiHL + Gr/zWKf/XIzQDlUoPnHoullEzm8WDqexRVqZNTi/yTMHyP732zeigv6f9OxWzCjp + ODVl4nJQDJSrdVRCT6/H9drEsLfE17RnyCVVSBgukmve9hiEAkttUADTEMp1CGmf + Yb7uA24JSlvrPZg8eZklRhS9Dr8G4A7LIh4p6ilAuxp/Lo1eZB7lMZrTvlhjA7dr + F0mDWpbkV/LIT3wZFtS7Db3fXmDIuKF9VfTqc9tUQVRyiJUVwkboppmcYvqup8Bo + FbKRflsSxeXnotM1/Oo7GN0HrZCL3ma7ZBP1Fopcn/dreXptVUrYzUJrFtoDsf24 + XO6Sg1Gzpw46HIjE6lppQr1DTOuXLjs9VQbbTi+2x2+H+cmo/8qELMw4VDzecC36 + grxfFw9l6r0FKBGKBhopQeR3kQWnQA459+bMIofn0orcfg7fsuX6VOTuNX1hoac2 + AuLxWWfNEsowK0SuYEjEeJt2yjMnZITmNtWann+AhKgJKDmzKfosexbYTR5Jf8/S + UQFBfd7ah5Ga38BLX1ai5TIscccuqnk3zZZVVwrcc/WHuwPF1KpBa6kpxWKy8xrA + iFv/lj8FEzT2gQVvtXtjRIn2ZAi4LR7Kp2qukbXbaCwgCQ== + =Nxy+ + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-20T18:57:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ/+LzX+QBZ/LPm8TvLxI1ZT/mU24S6s3CwksVV3iYrzx+JK + uuOFO57c1J4mu1q9tehPV/VAHEYA++6svDnZWnztNL61IUq0ixalTCBMtvg+/Z5u + ZdEJkMLZOiVo/JQoroRjhh9LqyDi2pQ4k6mU5DcXJ1hXsoQ/wvlBXOqAlakMky8C + j4gqfK8XPCJ8LyNbXvlmPwUrrC+8P5pXbhKPoGIm6q94Y/wcC3VwdCQn+RgSuIWf + uhuFUV6mCS5yEmBpEeL+KiPq+uZOt5PLWf9MASUTT+RroDDlRwKhcR03fwRt7JTV + 3yW2OiixQtekYepHdMGo2n4nL76Cf92/wlhupAg3NMUoghhg9CkN5hzdUPBjUuVa + tIKBf8n7DCvjf9EH+JtuDBnhqNUUac+2fRXCI5i4xLwIckZVAXpNLoDIhxpjy+D1 + 9t1Fg0oX86H69vcD1xZGGOFFbC22ce3mZri3WtEMTxeYD/7K1McKBiZK3bRx054P + AkhFivKVOf6gKhiyttKAG9fPB2loRlU8b8tQvJ0O8IBaKwrWh9xgO29ykmpF3/dg + hjWK5k/DVIfMpR0ZRwxrMQ4kFAfThjvVDH3Czfs1JTLmwU+tsVJOKVmmO2DcgahI + 83zMFFajGw4LwztqFWlH7JoSpyZBiEBNCx9x7DbdCHnbXST3tef6Ct3GwXgKX83S + UQHSy9LQekeGBdsfa2AnDXNRETBcemV3WKeiPzBWc0IXlSVO58t8q9K8OTivkVkA + AScBR2Ddq1dezLZo/bLVyO0z8uSJGFQUXA19Kvpb0/PpjA== + =V3Bi + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-20T18:57:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/+PJjifaZHBS1/YYjduFPQFQ/iU7BLq3cFmj967g8f2JDg + 3b/8M07JtMrkbMBSUfIXmKfHJRKan6239jESwhF6g3PjXcbQsiZV9mg1qU1TEloV + I1XrtkNUqkwckGt3T4fhEwQSCMYZtaiQQLKyUhNdrmg+hHr98LjNxRgrnsWXLFdQ + OnxDjDwXG4ngb4tDea+IDqEkDDSjWINmvLRhxU5cvDqwaJja9d6eXwh35M+NrU5m + XGCxHMQKMiDftIRW6mIxk6CWAGA4PCOJ533q3pdbA6+zRpbnSy/OW100FlpK1mkj + 3mCJZRTsik/DETu/utOUKP1RIgKTDrNQe9Dngj1bt1EZjnXm395ubrYoIVarDWJu + WvD4kDjonamnWIudk7F9mptkjcvFaWx1b5vSHjY9VjTrUx+muITZzBHhQy4qidXp + rr3Q3cfZ6qHp1sB+EnX8FiMSmsIt16wGCtgigleXkubcoiMcvHiQkgk0NUhg7EBk + UOwlcewRyfo9qgMz5PSuuO0zsIaJf7e4/DNeVwnTKQGwdKSfd2rVxJQ/8fm4zJdD + uoQW822AjN3woJW1EOx8Fo76oZq9uceAsFcOt+2KLi0mXaFlp+G20JnzDVwZwyFE + YovaKD/d022s8Ij3U3an0+JSy6wTYLI71VTwSL8o889FZxW7KMl4FW5Wkbao5VrS + UQEbGa1yCYaMRcAP2eZbkZpmo28SukHB/VdnHDpDZM6Ur/X2FPwCOHvPZbcFw2ma + Dk1Gbn0dTSqoCFwA4K2ss3PPdGi+eyWu2Z9Zy1ErRrHTwg== + =xdLl + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-20T18:57:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/+PwWdBJXteHfl1dav4XpVxibvMJP6FlDunCdqnvNm40CL + hYjm94Ll0g70++B7pzhy39xco3vzmgY29Evyl7CWseZdAdoeRf4bYzZai6rUjg3w + ZXlq9x3cXhgiYOEE38mbHL8NJjgTiv12YNNG0FESiAYTyVf5n8/8q/Gl94XuiCkf + 3apMas5ce9N6hXCceD/3EoX+2mVcLB0tPxK6RqNJIxT61fdpQy9izJ8mmTbofjuc + jzhbMQ5L44A8MkRDG4zoUfCXs/IOV3tL432RAPfkkU9Q+GzlXk4ZuPXZMdVBnmJl + PlxLFeUWSML7tt+3cYRTzA5DQUrv5O/sCbOG7SpdFEuqgL50cztnig3aCqFWbsoI + tFuVf/cCIbwC6T4kW+/cDE6xYWFkB2+j1sJFhGlHqBmnHl8XHBcVQVew3KvthpBw + xZu10G8NjqKgQpCXP+aumcboLPWNj1RZ3kuO0De6iIRiWamkkKFE62WrsPKarEcz + jCPJl8XUlU7Td7egU/4JHKdH+GZAauewElTFgrhQGGkhwlcb/QrG8i2zPPMu4ufp + jwKvIdfc31tU2vvZ8qEWjnu6V8k3KjO+Vg2G9Nzn3ggeQhbWeGNphnqiyvs7+6tY + 3LboSbTYOhmKOxGpNFTWKh/OmJizPskhTPhQ7uXWLLig/YXnCdd+U6ArQRAyTsnS + UQFiq9sXtBZdVYDFAI3Q9HGZjgGwdQXB6cL3mKyCicAVkmbxeHpjSR8YcGZ1R2K0 + 2kph8Q1V6llwQnyz2EcqDMaWJNJNAgSlDKAxYaUhZeFvwA== + =GAJT + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-20T18:57:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAJT2dnLY3x+H5e8BRQJ9+S326foc6x63bfE/NPXuai2gw + WhKINqOp4v7lEog9qmWjV6LpWB394MnJ7fd506SSJjmcgZmzbLlDYNyN+ZcVLNvc + 0lEB1+BFEjGOV7OwBy5nNrjUqVuSFfh7+6fpzeBke600jRQMjfx6guZf37LUA9gE + +mt/KYVTcWNFqnhGckke0w4a8Z6ep4Rf1QF8zABk6lPDSpg= + =skWm + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-20T18:57:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ/+K+uo/N2Wf/H8mAQLtK12w9Wwi8Qm86zTkFBV+w2pn7GJ + ZDkKx7ICrUnTwjfHIH+GWW4SzHF9N9eZWL8nbdd3GqbFd5Cmm7U3okxlNkTlQURc + L1ptCTWCLco2XwV6iw5qGpRW1q41AKlJF5WFkZa77H9kddRYYu0i0+uZJCkprdBQ + ZqtEcFcJ82UxWLhROJRMoDG57INoPtOrrdcFVo1Vzp9Mv1/igKuAifkPHf4GFd10 + VPxw9WKgByENke5s1e821NOjWY/MmL3HwqLzu6ndNDzd4A4XxIyUUb58sygUwl3J + Q/ImYpnNQHN72N9af8bVwdNFJlVUzugRRR5ubF/ccNtdpZOg42n5pd3tbITpe+pr + kkRZ1ipM7/BtkN2BoHPBZBwpyyRdSLbTaX9+6THk3i8ECVgoe5kOQ7JzRQ7OSyuS + paJbbjsr8jd36hPxYq3ggKT6DSdB+CzcLHQo2ncQ9gRS6rC6Lve7OXVYhjhEznvV + j3qDZVGkKFe3juyTsLRARVYDzUwoLTrguEtvCAkUsMy5jfy9P9uBkmin+DiDZM1n + LWYsEy7X+7kLhDUHuYIUr7LuT6hK31XnftvrPzOFKW46mSflF+zBP24oySBKkcw1 + W5PTUE4tHgg1h4f7kXZgR3gwEgWwimA3FZj5I7KsfwuijMO215MZdn6T07M+hLXS + UQGcb1n7QW3iCez+Kiz1zm48/N4ld3NBDBwQ9HUmaHLau/zfmlRH67Whd7clwAGL + Ry9+aVqNy/H8/kSJ8BvSikhdZQeqI1NFQKrm6xeMpadnJg== + =ACfG + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-20T18:57:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//e0Sn0WEOtOLDhZkWdJBp6Uy7/w4nSt72LCpP+gSzNLkr + 7WxsSa38eMLYpVKMfBsIut/qVSTMqKrKJG5fKs86Lx/ekrZEbK2qtGzhAlXPVLVG + wHO7vKnyZkUC1gSpTZCuPKxsF35hsA4djaxrh8BmyltQEPCBh2fqsP3xOHt+OyEa + TW2itW7hJzj2+oF0+84RWwpbAOhzb0Hyk40adHutEZL8jInx2Z+loXMp2c97R4kL + paxZls/DQIP4J9lnMd39HhQhoTe0jaI8f0x3FzFCkuiI1V4q/I24PUypgzJCsazB + wuXksAmaQuZBHqEhgDk9wgf1dtOQumoxFSFvD3ryfovS8bgfL7HNJ/Opi+S3J7p3 + prZhv+NhXD6i+FpcZzrnHzB9WIZBOBfTtKxeRIUuU5NjizZFQ2T/RuGnrnaCk3Za + JMrLMcxKfMTiPusBwMTzJGf+cSJGNxp39WXqcKCeYx1+L7GGNwfqhWxULevg13jB + voxRsZqat7MNTPLfvaKl8DprkYmGWW4wMIzDhJmgT7OOuzOrLqAmt4U6CJtnG5ae + G5MhtHpvl9pRBbfdQ3qkaDxeBKUY8X8gdxJlkUpmaJ6fxontO2tsV7xo0DvQRFeY + GHi7FOeghvss2zLiWeZxFLG7EmGrfD5foZ1DqQVUkcvx26Vk2gX4E9r9r7uau2jS + UQHxGDiSRhJnUZk9CoCMwwRgT5Yadag5ylYHSMKPBpQXOp63nylR/vjw9hwx/y1P + Ft8SGHrOOKZkWjlWUPAGZAke1jYRVKAdkw9+oy1eDpytRQ== + =KQMV + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-20T18:57:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAAmraxSuqAKqWBVVhssWxKl7F8DmQcm4PY5MYNIuyP8dMI + qUyV7HvBArK6C1H8QDnuYOSdGUp62RR3IL2GxVQ1EDFnJ4BFjy5LbahbJWeuLTQV + UeYFom9dNfZW7j6TP/CMrcydBFtLrtXL4zq8j9vIBHsQGvbTLXqag+am0UiOwmDA + mNApcM2eAetXNykbBmxm1citwmufo0sfvTozMQA5/MYiHL5c5JFgcxD+P7R7ynD0 + U9xWQNdFQO8xo+dSbyu0bKPG1lcGXenvxKKHjs+BjLTjyghOXDpMg0twWAlxvz/y + HhNlbxSa/13mRtGcj3Q5iLCPmikkbcL5ehadlSl32Hirvg8D3TngdHEZNRaWQacO + ppI9s6869EVtC389/q32E0knKI6qHJPrc8Hw543C4q4yQDfMFkBlRNg1+0x4oizl + KUGa/gGgKlA98a45m+fWadEOTjEZAKfdTDXaNCFgeDW5+grcKcsL3PxuCUo9cAmO + 46/tlqL/XaZtAD0YrKgAV6zC8mRb9Xr444ucer4t42cdKCLc9shrD/mpnCKcJkKP + LZcTJAQirQ9uaZSSAY7YhwnmkZSUDq6uLhWRHcTXTWD830E5usn4HqTLnmxGVLIa + 4574E3pD6U1eZ34GSp6aj2abeul+6giw47tpnZ6O1PowfZr7izxT9nus783dyl/S + UQF4SptWIcXtYvqj8uHCInr80bAFx0UcxR2mZMI5Uq4uKBBlGKdtLHfyfxfow3lm + x8fehZVtkB12Y4ipkbqkxYH1sUuDHB9Y3gm2s1/Y3HjPag== + =l8n0 + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-20T18:57:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAIIVQi9RufgWWixnU6SVnsH97GyNm+cGZsJoSu3tzBSkw + uBErsKxC8Dj+jI5Mac/Q+KQ+B9q1NHFJJsE7PJG2LSCe0SrN93hnfZR4ebkgSKUl + 0lEBWlbiYvvdPapOn4wF1cZyzk6QmXmCLBby78Yg8re0dqWY5NOtOE7sWFcAI1xM + TDAF9ywrxHHDtcMySC9MqumApLUPLCPgcutyZFVCeG0TuuM= + =o7+t + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-20T18:57:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAeUS4LlzoSf1HNWkI4NxJTs0xCeUmpMzEhH65jiu6hEEw + /s4sPh/oADqaybe+dcoL4KcJl8mnpHBEDN/DSORV6Nc64IlmFZG7STQ/+ZhPwSwv + 0lEBiqJiBK5wZld3GiheneIPVp4ULEK3SwFfxD6Am9cSCIWc7QTZxpBRS7lm8727 + 99qQ2qmRGOl48w77HqTRtA+7lk99ORnFQZjOA5UGSM+XszA= + =eokJ + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-20T18:57:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ//cK9ViXUHIPk0b2fXQtVDYyugjIdBrQUoyBKYxTJbzYFm + CTmnnYIdvNCvD2VZtu1TL2b6ZVXrzSSMJO0lZJfKu9SE5/JTpXFbpr7V9bLSd3Fl + n4eDU/9rF0p9g/6ApSg8IbMsl4JUJmPgG2/A5tkVBr35iS4zeW6t1si6hzJy1blp + rtjrqXLtdmK9zhvLtCHazIiY2TIFqMCH+i4NLJDX/pNQ5eFudS6rnkphLajHXxIH + xDIHTOQVNf+pGyZvmVFiygtUzxviNI/QeEUbv1XdKqahIyYRHBKsuNTeOpeGKplT + Re1s7qhCgUSC29U36niySGHC/deQboniW9/3U1+m95DxMt0R3SdOXrax50jyS5s2 + 2AuG7QruNXHcEfxVXxkvmunnqaFPplwglionB4/pZjy4Z4QmqmxeFN3bNJyL6QI3 + rAs5j5abuYF+Uf/6k1XF3YwqeBbv+wT7rXvp0930BcElNFT3fgd3bXnIqgBgwsXU + u/VoHe53xF9cK6KoNYGf4rfIRntbRMTjWEP9Jti5eyf+58JwSm17GiP4QUF0zzUu + V53lCOFzPzJ/zHZlLElbL5n7i9WndqY/OOsOGaz8eRTRJJMOkoLLaGAPfGvOaKvr + 9pgUMvpcjQqhGSlVlT1smHxksWh4pLnlDRBj60b6EscNLrRD9FIosJn+JuqsbRbS + UQGhlimbbbaMc11g/BBEUHTeFDMg8gd2Ix/HfHc7yrnZaTb2YOgvbOJgXG6i+QUb + FHeaHynxAQCK12itmIqxu6uQjYgTcCCj3Bm19dT1FEWV1g== + =vCLV + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/inventories/chaosknoten/host_vars/netbox.sops.yaml b/inventories/chaosknoten/host_vars/netbox.sops.yaml new file mode 100644 index 0000000..a9b5362 --- /dev/null +++ b/inventories/chaosknoten/host_vars/netbox.sops.yaml @@ -0,0 +1,213 @@ +netbox__db_password: ENC[AES256_GCM,data:4k0wmOe1c5AE298Juw5HMm5dttTKB1WsVxha4MwaIILpyIbJO0CfmzjYflfBTFPPGgVeuYdCobzchzqkP+8eAQ==,iv:25Cj2BLGJK9tMDr42AqV1IzJc5zG2dk1YH5vC0b1T3M=,tag:knyB+nALZwME8y7CAQ4BCg==,type:str] +secret__netbox_secret_key: ENC[AES256_GCM,data:zPzoFK5Sx7gJ31/Apwex9ffFU/GY+HxIfwrItCW68MM4kVvS33e+LY4cI0vbPYEUF10=,iv:SjpKxyxSAVo+p9vvE/YAQFCzAEudcZ1lwnJ6scxeQD4=,tag:oA+lBep610IfelGwdTohvw==,type:str] +secret__netbox_social_auth_keycloak_secret: ENC[AES256_GCM,data:HP753hmQ7ssbYSQRH0zcRC0vRN5bKptvMXo9jjzcuk4=,iv:GQUoojXLAJxqdB92kKLhavDaka0Rkkg2uocBLshdvTk=,tag:LVnL/JHMsAd5UmmpnUv7og==,type:str] +ansible_pull__age_private_key: ENC[AES256_GCM,data:KgD61z3hYRPSoCXmJgOMmHFqXtqoKHRPUT/+ayEImPsbpk+6B1hVscQbmsKJFWNsyQlCAV2MqYlIrP68pP9ckfURIaN8g5n9X+Y=,iv:eTjmF0e4/5NSnORZVtZKTaL4r1RBg1ZbHZueOrnMVlY=,tag:v1ndJchirNLPvg8mWA1otA==,type:str] +sops: + age: + - recipient: age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZUUrOW9jUXZDUE5oUk1o + ZWxNdkVwZDJVVlEwSGUvaFJxdlFEUFpIODNnCkxtaHhHby9CUGVzMC9LUjZySlUv + RjdveHNHWmFvelcvbmlCQUlyQWZ1QkkKLS0tIC9NbEE0L0lWcDJzR0o3UUgzR0JS + eGthSkl1OWwwTjFiVFlCUnNkTDRYMUUKYfdYzrGyBzlm86EUHyN14cgIPgomgzG2 + Zt8nCvmd7/0wxHJ1WhrDWkQvx2ZXC6BeD9oShCVe5RcHqbFQumn5+g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-21T18:08:40Z" + mac: ENC[AES256_GCM,data:SvTSvRYd7ljYpQb72yRkQ+fDrDWRMQzFwTrI4RuLglBCzKNxu1g2JFAVFUSNRybWASCYhg0FqtHoC31HRHbs24g43fRFrXrvBB3sCwQ503y7A78/UfX55Bz3VBqYVJfh9w/Fm23Tak0ki1CQoAl53lz88eUHjCJjeyKtY81/PnI=,iv:y4C3RMWPsnTTgkscvfqVEzcgAg6L0QaKinzcBFLOfSg=,tag:kIcvmJXSNhpQDUHy+ZpPyQ==,type:str] + pgp: + - created_at: "2025-10-13T20:10:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//RZgO+bBNMO0ZfNf4hzPSoZrjGEWaw6eg7/60QSltdMYt + pQuuecBYba1YsCWKOWQd95vFBGfZ04EBaEJuJhBKrwxxGl5Vurr2LJeTpfqpAR36 + rXwELGqVHr0HXyBwPzOPOzM21NlXnNMPrboVJR9+DryT0Jw1BbLXqs8PwO/vWH+G + p8cqRvAnPglQXV70tQHCZSN6rDV0pLZiKnW1PPE8goSVkwInuAsZE5Nw1+fX4HBF + 1j2gFxS9t8vFaz1nFTIZpI7ixvAvUiKtnTwforiNEuF3X7lAkyyHtmbxAYFB1OVB + ieC7X8OCZFYYSjMPxerHGiyiJ7GPO6rTMrcqOixeB5m4x+z63w9Ev3aLuWxcPKFX + tPNZ5t4lBO881KsPIm34cxKzUa11NKD+c4PQyMwXvZ55XeUq7SdO6wKTdGyCdjq8 + s7WegSpieAVtdlLrJIv9FENE4aFuBhQDXKaZtA8+WTC+DhcQZeras+WApcWa/ugU + iUsHE446qlHs+yn5t5ygAGNX7u0j/kZggRnF87BKBsPVTmaClcC/tQM2su5W8Xuh + ohlFAlgwdlPP2A4RBZXOAdAH3HJMHqxL3ZZvop6QAf6mRv5aioMdFttFFJY4V/SP + cgCxsXcsz8JZtNU1GB0MqeMY7NQnWkxVafJMF6Qg750Gdd7TpjLfm+7PMSOpwdDS + XgGxU8tDEkaZWE6IeUEwbXrGwdHQYutZuQpDmuld9kepTNbSdo36SYEgp8QGv1tK + cN7UxJhSNj72pyBvXU8apmjurajdGLCs5TM9qpCPcZJIRku14CCEedM9bNXCkQA= + =KfmX + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-13T20:10:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ/9F6hLD/F/9/gSWxWqQm7yxPrQBFNkfs8Z5IsUE9YyJy7x + 1Qqn2WjvjdMvzQRoNI9eqX5lXFOArXprIcV5i+DYNo/pkXXKHrEQgHtMamBsyTho + 2jSYC7RKns9P6pT3PJsSn11K/uzhmtAO4zrHJXvo83g5I3KPA7VmTIqAMUywebvB + et8jrRlxSj0eITZzCLGF8GcI2GQozLxsxbnBkMtzaEBAU5id1URlPL0ozJd4bcj0 + bKfKeT9ufcfq+9BEK+Y1n3amUK/ioSWrOzvLBVOba2MXC5VM1/u11DXjX3fymssM + IpEBdsFsQk5YwbyfdTw10LM/LavS7SqwM0/b1UzRgifDs5EZUEVHsK3uUgrNErcv + XGrSQUfq0zwvmGIOHANBwBDZ6tZx1AuOzpWQXTDME683F2HcauqDM1X4Rbp9QBZ8 + sFyJflTxbuJrR1OKE7Ro9SzsVhOj6Jdh5LnPJoUY209/Kspm2+6DKq4Y+y1Ibaq4 + VMviDt4WRF4yykjP3HvzW1hFpjbjjQpoevZHxWlD0VIssq/lX5YlPSrz8NmCeTPQ + UUi3zQrmbyp3bS9yX4rHKMxxfkqFrzLplQbyVmZ+Q2phCTT1UcR/pdaZhAu1QVOR + ueZNMba6YIi5mQhAklL7PfZmBTbmV1lsHbI1ZpHzqLxDRcWCirnOGf2PUj33JXTS + XgGO0fiU6lVXiTXCvwaX2WV0aP6expw3cKQDVK4RSc3ngtrT6j44mxM+odkjY4bx + /YZyNmaQcWIWod/p1sQTZ64ZtN2cOYn+jEwYSUjOgixMBSrAwym+JozjFhrs3WI= + =5XOk + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-13T20:10:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ//SucuDD2gHz2PWvMZ8dT2Iid8442i99ZF8Ud3Us4z207z + BpZmo7bLiqqUs9OvMKszSijPpIRavpPcrpy2utuTLl0MiTITBkwRm7a/d1p6GBiz + jDoqMuXpYtWlcELBUNlJncjd9FG2r9q7nOf8cQNkMJnKklkqr8Bb7vpkiHI5OihC + DiOIdA3nz+0wapjoxxyM8Pdr6AUzUEuU9kz4Q3TYlDtbRo7HRViUj4V6bADQJsbn + 71qzQ2C6eqmEHrkj6B1MTjjqf7XXYBx8vbdopoB+tqYc4EqJ2Hzd6fUbyNo1Cnpi + ndXds30JayJkRy3h/qw+so9Zmoqq8vS7X5ZAVD0lHT0UDVTLMwA7JVlzOZ1UOQo2 + hW80AhwJIXkC5EMG/uF9HWlLTxM73CbGrFC5gk1YNKto5/waZ72QbsHAUqagCcPe + Z9BwlCISDz72QANuLGkpcoznBRMw52Xa+R+uoPDv9f+UjOZyQxMkH+uaxutKnfuO + HpYRf0FGSqpDs1Bz+G6obPZ2vQhkjK3C24BivJvVm5fyLv6GYZtQZr2JpgkjU7h5 + lzDXJ1wB7UueY8YjqB04FWSfaWW4S31PpWGdBIEN57sHbhlsxj3DpOZimjyjvJ8Y + uavqVNJpaZWAQQAJkL9SF3rFBGdawuslPc7RsjRQ5sWxm1+HJiuAsAnLCsiFcjbS + XgH6bvd6helroHo/RLMsgtilpkWmJUfMC7uoiHplkwY1GQdV0MwCuGTpiccE+FVt + xwPrZyfeY2LITjRZa0oo6un+42ZNvVeJauEOR8VFv+G4R3gT32KuYbUtU2sUCho= + =X11W + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-13T20:10:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ//foFjUY/5G1Pxh1JnzfChYC1QsJYNWNWz6kANfXFcxQ8i + nMFfPBePJoxD9g+A5y0Q5r5ypTmhNIzSdJAeRFGl2I9Vv4eDLnzjnCn2NxMZbS7h + CcNx5bZeX679gi88I4xb2jdlAGr0UyirVvgCX6LkmbOuMXfftuPIqxJQFg3CKz/h + Msoeex2XDNyW4pwf3/mbhLyd4f7kVBNYQTMKlTiz9OSUVnmuwXOVidNGB+PI6zvB + IdGjZSZCu6NtTzFsx5lqCkRs9LQtSW3QZYqlMVt+hq8cd3DRKpzGO51ZNr+pgyga + vtLiO5Rj3198FB/qC1+vn/fromqryBU7EJ/Bu8a3n0aJgIRHWg2JkkoUtFwDtg39 + JIN8r0/KOj7VwkgoiBPCMhQGumgOPIkvlQEcRWlpw4lQGxee2rHCy384zWNvOugY + Y9UsoqHAUFBbfxJt8xwSwJ5EtXk8lNNHARMM4I0pCLTHQbmXILRk0VJ4Ycdi0LGH + 8QBywXUIOvloeqKe091stfmfv9BY95Aap3ByG+KMy0sfcOpp6ECXGNfV6T4txl/v + /HyUjdrOH5vN9zOBe0/Y2+Bu8lS95CGx6SuArK4Kn9We48gdVKJlPxJwHzwRwz4E + jMBcepDLmhNyJAlLS3lLEkh2kPjXdXjWzgYNi3RIDZ7wCgqPq34WzrHwjXvR0VPS + XgFiHx3g8CiWQLSXCmcOUgpQq3AzCipXNhGcv843GRvkK2MORk2wVMgKsIVXUpw3 + rVU3we7VrmgSxq+NvbHoNxWCdBCQQ+do/3gtBaeTuT55O2Sq9F8ilwPC+dj5+IU= + =ld+h + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-13T20:10:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAMPFQYlbeRj/MpVx7JfDp75l/NOiUN71OspQ7YL9iey0w + CqwiSo+D/xRQamcxSHX6CK3fPTj2sneLztFo0i8RlQ1ElMm9BL4UpWXh3Y8X+6np + 0l4B/NWek19NSsnockklHuZcrwRzbnutW3xtDKuLUUSMCuZ9mKD/RRe2lHyqcGdG + TNRW2buI+jpGQNXDu5KbPicJP5LfSqMofWk5mRkmhpDy+va/0UAGnnaCulAQ8eNy + =0rax + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-13T20:10:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fARAAnDRIiGY9lMbRJNEvz1hRl7KdwtWn/FEei8Qh2OK5UAnh + 499nEOYjJI/fmWYhF589nR/YiZjTUaXHcYoJ6NgxHdxi6abwWypyNp2qcrYmL2jn + NnZgZEZdV4nr7TMnNnxF7e9Yz5um4FSjZz5jbXuQm2/wJirEzHmd6ImiN49+fbLE + CrwVxi04IrjAahggVHmcWtnavXvLjmUVd7d4s58TlUms3q9KFj6+xSFOjAOYFZy3 + Pkk/tGPV39aKQNZgx30KID2yGcyQT3r1KahQt6nG8dHaRNihnFlgP95goXG1j4JH + NbrWv0siKdrYZ70xBCMrRBWGStFDIsGAnts7r0dMK21yrNsSpHaZW/blLUmKN/Zm + MwiD4GFQUH7ierhpCt66xWyDeCZ8hzZ02Pu05EXStwi2RFtCXFC50m2zvkP3IKuP + 9B9kJu2zpP8UfOkHMwdf2xsZQdqY73qXuyDewRt7Pe0gwlHjknpQiO64dvuSkX42 + ZQJA5stvYsM0t6lmvO8oRsvztOeOWjET3aHDGDjN6/CwmpBwd4qT8xZsW/QZYPAo + uZl3rHJGi8ury+RSgRKk27safwgaRak8B1YBEJqgDxx5i2Zh1tYKSnMtWdomKmFM + qFXCHqQcqDbFWCpDtpFRxBUKd2evcBVtZ36zPPpJPk10i6KH8OrQlpw9akstylTS + XgFEk3dzaxW+wnvpF+swu//RNNiWxi3oxLFERyHF44nb2MOWN92nfmkh88sLPUVm + 9OVrBfzvxDDECSLvHzAcB/Cyi17VHCP0PHJ1qMuqpSNeMifZNPS0m/21l0HO4d4= + =UBLi + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-13T20:10:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//d5tVcTB+gGOQ/XoghkTLtrK/jcze4yPGsPlQC3IBbvqc + CXDjIAnMj1vASB6znJXn0M9WmdUA4HmNl13vhJS0JF5X2pjhhsn8UIO36L2uLDAD + o3FgNoDRJYe7ubhMPVZbBbCDwasRgnR0LzD8efYD0anBE3kpReHPVf5yP82mJjKs + SG2c+QRI3ZOwFPHVGzRnqszqpb90uIhQAwy8Ta7MK08Jao9KVQbSe0YMam0s4GGZ + 8F87rn1LV/oLW/uDP0DP4TSdDOP/ZnujM/iQcb0WNmOywrUxlySVGrtzTBwX65Iq + Czz1HbfUPUU58xwmf7TTfEUahdIeSseMrrR/hTIWneP0mlF2YpOtS8OhI4/xqpL7 + D3sCRpCBgSl8dCJLQD3GyP7DTHI1Hm1TZIjwTIKf++IvMFKS2mYmVnVHevW1xO/T + s03VRDIs2qsUqmF8hp60linbKKtZ9+dIYPa8q9SZn36ogoX3kQ0G69TGnpGMCTfC + Xbq6nT2PemYUx4ASvUCR0TeAUApGFJOZkexx8pxd11puXlCOBteq4C9kZioC8ACK + BRZrCJ2Zdw4yqW1tY+2Qbru4RGk1F0MRAyAy1U2v/tM1uLrNnDW7rOSzJOTvM23t + KQSb+TCQ2/WCve8EkHYMW5M/UbAee6aZzUs40KHHwiiFiCdoPOIbk8zv5qBBHFDS + XgHmk0spm/mTYFGyIVAszDgX5m8vfj4eFFtUnil2aJ4qBurQ1e3anp+k+okoDFzf + 9txYitRzrfYV3HA9XRp2MpvxLCi73RoNp3ssyIldnJix/OmFFZLy28o3e1b2XOg= + =K5wp + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-13T20:10:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//bgJFcgiF3gfShw4zUmTQoiUQsTnidPchdNkgU2bSeTBr + 8VWX26kJGkYDUoPMwRK5jPQgehDeuJQMXqkkDVC4NbLVBsHzQX+cjHvm8uZAqqq0 + aXNrEqmiVNdpMxiETLCb+Ufu2Vc5oF4YyHWWke+090iMg8zOGhN0720uSYjXrc6w + GUx/FbaHPaHqG9D0FRImkzz7NacsazHWOiu2MaTX/Gcfnx7QRsgZmusZZblmpvcE + VuLi52RTgIJ1n3MHspywMqM3PgHi2zZ55kPAHCbgpzv3YIl6rKBN/Gf/5Df7cvVf + Duh7Sj65SV/1IFXsF2V4fp9nPAfooLIUW4w9oi1F4zQ74vYbZB4r4aQ820pTb9ZO + Dpct3ogTwk7vqrvXJ+hLkoJ/H1CYO6lnZ/T96y743DtXSZg+GbQf0CJ7ptsmsYnF + pHWxG0J0wudThtr2/NPYlEkip39pjWXPwi7Pjhp9BQqfY1G57MUV9AncTOc1QUDB + qFllE4PFS594quaAIlr4hk/+bnDM6peyRc3yDqFUWwY1n/znQSxc7S3VMUEVh5zy + 0+EuvMLNG8RfUCCyXqi7DLe6EpCXJL2nl50e5oAD+KjKXjcAUPRTGT3tSq4xSctB + 1hGrkTMO2+e3OoXToRGzGqPWTrjHIZlppIt+LXWKcvyjmvNGpH9XIWaxdKHBJSPS + XgHTKw1srs4n+gpblT68cedpz7eC7+MsnkEJIAaOf5+4x2d97Ualb2RYmgWmjuCv + 3TAKmmmU9QrdiPUXEM4OfnucbPX8hDZuq45AFP/wAGLVn482TW7kzGXpJoWzJSs= + =qxx3 + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-13T20:10:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAF6ipxbyfHFiQdfLBZS+MG4OqjwSK7DuaoeajSKAG0V0w + FDR1EWxsLF4XO8yKTjK0J+iQeJTiAaBxACpdB50H1XAsvSSZNSTF0yxa4VT1t4OG + 0l4BgosZR77tSvEyxwA4JCq+PdLraCh6TEHP5jNCTDfjGRSKMQel0mDxxC3+wk6Y + 09UP3kq9OLSzy3TJ68/Dzdalt7DLmUDymdw4Ge8RKMLOHWIkCXqjUr7Pj1aRi4+t + =ItUL + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-13T20:10:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAkadkEUquIY01vNygyOa2ScTMkvQ8tNWVrFrWoenNJGMw + fszAyJblP70NGlNEX0zorSMxGbyMhYyHqTO9qM0+1+Tc6yJ5mqMUgt9kdvKJEGX1 + 0lgB0eihxUD8Jl9lxuD7dEX4i2AUppoTzVB68Y1ibeIzmjABoNuZQ9kpAAQS9UsL + WF4T78p/mA75XSJPyp8lQNB5+hjWd5OM8bCZ4fG1ld+dtXhZ0C0WvIvB + =DkSc + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-13T20:10:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ//XGse9ZddCZYBfTyrIJ5PUZUv/pA58PiRPDDz4P9zUeC8 + nUqNRCAHUJGKEEzHaC+PNmd+bD6uJshZnVVCBn40iwFRmU9j59evzXmr/AtfmshN + ujzTUVsweyxiCtG+h9fwjshmIXpkyyyF8MmE8b/45FlGjK6Pt33IYjthdl+NL4oF + +sOGQ1e1K7q57tNXxW3Bww9aXnDiysCmLJhEDsAkHExedHX8bZw989mV3IxHnNDz + F4hkdNquZczjvlKiXzO7XJmiGYXjCyw9umpQoL5jIyqklZKIu9XW6DMc4FDKkDMJ + zr5HmYawg2W8NxHJLL81Led0/zSQKC2t6pKcjDcrcAr0qtyzEbrbMhOjkDW0TtbP + SizD6mLpB7Al3+p9dy7UlzqojD9W0luZooXASb6mlo13rpPhyBVK+Z/Cw6bIJdpJ + DuzprJSO6Iesgabbkx4PK/dh/Q0qlTH18FNoyGKzqph72HeQXIRB91bbp8WuRYDf + a2diW/mVSDEfIAG1Of6/zqSJiHqoIk1A7nR7UkrVZhjadDkdqzKIjTiqP/oHnykF + g9RR/7AGVfGS+m1ggOijl6d2jh7P3qyNBKN3GA3mCwwXWUy8+MVT6iOFaBKPmvH7 + ZxC/B9cwYexm45TV4IdqQhtvAH/CbbYUoDOwAmR8hKjvC3o7Dqf7goRlYGLzDGjS + XgGZUdpsfDr6XnbPqUQxD8/NQNTUtHnsyypqm6Lz+6mU5NrmUs8YjO6ZlTNyE4Lm + BGoiEi7tIxEA25rfTmhdTG3R0GZEwhYp/HDjtlXQZK2KjYMOORfkqw7f1vnY2vo= + =Ypup + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml index 2304112..4726885 100644 --- a/inventories/chaosknoten/host_vars/netbox.yaml +++ b/inventories/chaosknoten/host_vars/netbox.yaml @@ -1,5 +1,4 @@ netbox__version: "v4.1.7" -netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}" netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}" netbox__custom_pipeline_oidc_group_and_role_mapping: true diff --git a/inventories/chaosknoten/host_vars/ntfy.sops.yaml b/inventories/chaosknoten/host_vars/ntfy.sops.yaml new file mode 100644 index 0000000..e860cca --- /dev/null +++ b/inventories/chaosknoten/host_vars/ntfy.sops.yaml @@ -0,0 +1,218 @@ +secret__loki_chaos: ENC[AES256_GCM,data:LWFTOyER+m021ogmXYBrcr/2fUe3XuZhs5ho0KbM,iv:808LWnSUAPeclhsIgOyR6SutTvJGOu7mrGaVayo7v8M=,tag:f2WCPyUESfMiGDQ4Km5Dyw==,type:str] +secret__metrics_chaos: ENC[AES256_GCM,data:lAepzCI4pwkF8KiGYzGnC4dPASdHDn+LfbJTFSvt,iv:EUW+CGeYUqhY4G1kb2bbU16j9iLwABHfRCdn2vac5gY=,tag:IcyscB9lZuZgC04XTxDb5w==,type:str] +secret__ntfy_web_push_private_key: ENC[AES256_GCM,data:YqNEYa1Ln3NFpNoIuBUN1V/WRzod5HAtYueBJYHOwyM59cCaYhQR1S9aQg==,iv:t8bEs5ZAEe6pqbbOb0mpJdfgruX1P9Jd+sbNurGqkng=,tag:Cdy5HKkvb55V6AeRt+MVHg==,type:str] +ntfy: + user: + admin: ENC[AES256_GCM,data:kwGLrQXBiqKRoHkStGzYiC0fbcGgQHdZrrk9NyZtcZcI4nrKTGx1sxrHOMI=,iv:ACrBFMOP6rkfshOgB+a32TFWH1OKhQaoHcYgwHx+tao=,tag:2QTWmH/vAzIWAjaOHOkrXg==,type:str] + uwrite: ENC[AES256_GCM,data:Jijz+zCPpzSaIEo0xhicKlMhWSewJNJ9GXJGYuohq1E=,iv:gnjEX3N0txcBIkJm5bOs4JfKVsdi5URgoMAmquCMqKQ=,tag:Fip0hA52NeaMODb9XxjInQ==,type:str] + uread: ENC[AES256_GCM,data:ZODLyYx15c/rPzKexoLURwA=,iv:WqUrXexY/RBAseUwiLPBVYpA5zqJeYBW8mmcvPvjtyI=,tag:SjB4OaTgIaVKHDe4JjDN3Q==,type:str] +ansible_pull__age_private_key: ENC[AES256_GCM,data:zdb3BMrvrCBJpzAbIFYfeDY8jFB5UyOHO3LFcW7oP1jQ9lHNcz+KrIBdorEiLmrpup3qCCB4YGhrmsPC0lFxtTzvalHYiNyZbYQ=,iv:OeaB1/fvm+nePi0kooWlYnoELmZgftDJyYaV1e8w//k=,tag:XOqH+lUHroCVDnxO6p7iJg==,type:str] +sops: + age: + - recipient: age1dkecypmfuj0tcm2cz8vnvq5drpu2ddhgnfkzxvscs7m4e79gpseqyhr9pg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSMjNibWJDNDVGbmFObWQ2 + Sm5zZ3hkdllGVjRHSGk0MU5XbWU2L2ppZ0dZCnNMRHRHUFpPdlhyZmZ1RGZaL3RO + MU9BcW04VHE1T0RCSlpKTm9YTU53VzAKLS0tIHNHYmVPTy9SdTkwZmJ3b2RhcG9a + bUhGdEFwOEVxUzVZdERReVF6cmcxeDgKDlO+jacsYgWXqjoxAIKJiB8mCHZ8U7TM + sGD3oaCi9x6Uvse7hq0BaUe/LaJt2tDaqve9nm3n06V93HNcR9/cdw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-20T19:01:39Z" + mac: ENC[AES256_GCM,data:a87jRAGBIypZfYCILYCOM+H8KCVUBgb2/1sG05wDbPmLe9IfDT6rzlljbRFOUozq9xsqxpFLsPQx1wPVDi1lhaRT+5oE/NDgVH8aQCofA96DQd3SeB8fWn3LhYjOpmo9ZsFSemvGcXYk/SjVvoU9aN8KG4DHYCOOseGIBTa/a2Y=,iv:5Atem3ACdfdCPUp184cAf/EI9BEXQ1i719l+sIlOnUY=,tag:LWQCxrsZ3660UCcOjY4gMQ==,type:str] + pgp: + - created_at: "2025-10-20T19:03:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//SwpVlClYGns3aG6XVAtsyLIIOrHAaPgNVy5F/JrFhTAp + sG5acnkNeNKzvenHV8HZNnhYF3SITBnRH+D+PSFArdFuxLJGfhhR74CXKQIwjHLU + qYAyBPVHEGXSlBg3k+5qCgp2GsoLCr8qeB+TFjSB7u3Ujc7JCvlTLtzbMOWz8+M7 + Wu/NxA8NvMjy6pE4F6OzDOIyD9BpE6jPW20kSBfsFsGicUA967W8ZRhy7jvTTYlW + wkcKA5IULqo+DbOBwbXFXWcrwKBQBX+7m08ul+8/2plSavh1gevdX5Gqkhnp10zo + 0O/YfIS9umbHOnXA+TJ3xDKxGg0BKKdL0GrzaIsG5UUNmHwf3HhlFYYcQnaOIt3W + y56IdFkiBuVo01FggUOlx97k6M94xrKbPvocWNcs3BW4oJl9329OHo9AJHlhzzeq + gzl1Ft+vtLDghzt29feljG3zWVD/U7uOStPWFdU5QDs+7CfQ6Ahnsux1D1zb1qNv + nT5FHRv9L8HjRuthI5+Z/rmixiM0xPRWHYwkpHKP9Tml6xj1HaEUf3SSS1LjAfzg + tMCa0H6EqAPrkZtLMCzItbqTIBvzWnAmdanE4h+kLzn9aj1kqPGzzt50bFbxZ9pd + FTaupAGlIkbS0U6jiwTdyfFSnm9Rjmp0L28J16rSk6n/uTruwbkJfF5sCDvJInzS + XgERl0iwzoa53nG5thQ0L8fWT8oIxXl9hmenVpZolweKZSFJw0rgtzXcY7WL7uII + QsuVJeHoacJLnG/g68rIq/AGstdIJjYHqD3We2rZ+9fzu/DTR/JInIxYHeMwfkQ= + =kdsd + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-20T19:03:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ/+Jwnnh4eeV1u90tsWsb0R80M9arke5wQLqm9y96U5U70w + vI944olkc+6uTctfyfLHgiTbLyIwYSCRvYxfQc6ULl6ZNcQXwVROV3qo3HzsjPE8 + jXIAMECVb9G1TYQOEnUq++Bn1ziABONWcEK6Ysh7td5GjjlS/72CtjUvawY53Xhi + 8XFbAolBUDpiwdwKtTZcloajNz2No7Xze40BFb8A/RJrdBUxmB7et6CMoXKqfnvN + ipksQRwcadezvq+mVHiKwkAwaplUQu9m8xLbntpq2sYy6LTkyud8xnvQ4uf3RfSd + CaDalyyRI9FL0SOGURcHoLvLbFM2ug6nN5jZa3V7aLRzFcj6SP2lh7/AW3U6mdOy + XL2ULG4cYFLPrz11FQb3cabq591XEdi1GLzdXuewRRX/neytGBYgcUXY5+Fh3iRR + yVXp//mMfIM6sZarV/pRjFY3+ks4liWhThak81Ma/PQ6u0lsblGNKPFtDaMdgcsI + i/h4P/VXDwp+kb2Lx7ige12T9wQUeR/mvxqz2xVhPxypI7Q4iac2cz5xLMeFpf/g + 18uTWarTTYZYN5M54ecl1oc7BkZC0LaTymud1BR0oZVu+1/l129PamFlx2dvI/1U + DehrtduYeufopLT6z7l00/N9kS+73DF7Ynuo9lXN+eVZCcjYHxaZDU4SRne839jS + XgHoc4bH4a9z5qExI2TjuzDWvouCmuf1JvhG09baUgpP/DqHQtEHJ2diPulhNB4U + eWSSGAUhNy3/fTX6P6tBOVe6kD+qdWpTaRXEX2E9CFKBwTljFta9CdKYZ6RKS3g= + =itLQ + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-20T19:03:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/+OJ8C7E/T7Y+55zjUCdo8UpPwSbB6MvhRWQQnn9pWkL57 + aVa7uLMsgqkgJhbJxqp3fABKb8eBF23feJYdjKhDbCDKfV82tzIh17XYbPa5A81c + m4s03DBIptmFAbnH5MscTNEW8Yaysx3dYuHaHDuM82q9tS7ruzVMkSQe4ZsP9zhH + p3FkQthrLj+TICI39lhN83ytDt9cDCR/z4mH7cY61AOCZ7WjNXLHuU7ESwnoFiV2 + R7SDmtnjS+NndcsK5PBcAwGvcjIbAF3JiaQYAtrNJAvcmGN55GsgHcUprKn9reIX + fRh6dWlK1EhIKyxuLojRnx2sJ8BQeB8+bg/JfW4iqhhlXbUAv7nWFgJeIvjc6urb + xsjCHleMVy23c34gy713mAFEC/2XuMd+85tWEaWO1S2smbpvrP/OkECsx2PW+Zus + TMSRRyDmRSKZenyMdIJU7mBxaJ9dwsJ0b2qImfiNC5EBlj/CF4R75kmxrDdSPEvP + YJ/1XWYZFlhQ7CtoSn1YA4uJYgtUMXJgHF7HEjDzblFys+NSxwZHgPT32v88zg/N + A9JMyhiY/faLpDZ0KIHKs+hD5umF9Gir6a25L76ACGlBRk6Ib/FjFDUOVfhU8yPF + Q6fmCyUWBQzUMxx5gw3GRvuzHSKloZ4v9iVS7lTtP+rDwsz193ZA/qek+fas0yDS + XgG02CtGuKDCNdtXUJoqLuoBcWURnn77o1gkTdqqK1HOqbgH8MHhLRHXinvTmQC4 + 7NC7rhp5/O0TTcglHhp9uUVv85ANGZXqk2g5joB34pRYTxe6yAUMquycKIJP6FE= + =I1xQ + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-20T19:03:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ//Q72yKgMp8HTvhXxnVs6/jy/64oeWLamhUbUUFfusvGRv + ZZ0ZlInH9pCn/qoCQOMyxSGbfp/fcj0j8BKOI6f/AOOAxAh6KKiPsasaY1LhqhOy + TfBM81aUis/0TEed7S4JTKsLlkP24lZnLm4uVHPoZgWkfikW7kPjY2wMVdrc9lTL + iqbddmOJhue5HGGAcgWUtXtqLYsYOk78viDn+a9xXcYT7pHnPIrdOhFKI9uOTwoP + CjUapguMzniqsVZjWVshq1hms2XlOaTA557IeE/EF6338h1frA+ZE4mwt/6hZmW3 + z8L8Y9Y0m9qDr8KsnlygYLFQOYyCLVfnn3m5GnUn6p9A7S+S6pkPRi9an4cDHk8O + fWO1w8V4msbveno0YzAguysWQ2kk1PHHbPlwhZdOPM3k8tuIHslvucLWoYEv5jeo + k+M6QuDvcR8P91CW1Uhpfw/OpDMzaF5TNyLEXvIfI6BUwS0C39SY0kHKcPppdvnG + 09AfdJrf895viORcssU+VBrxtX75Toj561ENE1mAns5IOk30vuB+no+MCu8oAwEy + rUzJX/bwl4wcDQ3pXAjz+dweL0aiyaFtvJAcv3FOOVinvn9W+yUaCPSAwysVU/YR + By3qOMqcNBcvBHCElzd1P9EiRQhrv/sxKOXO77u/jW8SvjCYkitkRJIDDxMR7/zS + XgFdGisfXHBHTeF97mUH1m8tFX29RDImF+4fFWoKs2fy+aRccmeTW/8gbcOYd37l + Aum9uCHzFhrn4zAED3Fvg2lM6xuRCzgV3/uwbSUvRhkxihLZNq7RSOFoHtM06kM= + =LIQ7 + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-20T19:03:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdA3h6kExo61dH6kzd/MEACy9ObjPq7Pd/5uOHAP5iqxV0w + rFjatsAuot3hYdCt0tAXcO1lmS7VEpyw7oPQC26FYigOymsG3TRJR0VNcael6xvi + 0l4BIRwRuSyXhy2A/67MWMK4WvfOHufBZg+8qvlhIFoa969ik0LWkaRNokOaiLr0 + e3SbOipBlJFyzbtMNHVnmNuFLEmYWdXTC7nw9roE/h7H1ngtFKSXFweJRWbX2JvJ + =hYiQ + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-20T19:03:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fARAAoX8Q+2hBLXwiOKmAyH4h2//VYwZeXNnsd5pI2Re79gsc + kZEEyiL5MuzcPvT8SdatXbJu+ISjAz6HJpzWp4CgdUajV8rxOBbjRPtX/COcoUdB + UO8cDkx+drOG2Uq1Pi030lz+uFwTEVAM1CUjLTjjBSs1g+Ira6Z32vGWnU2nmPk7 + 7VqNl/AvOlreVpe8LS26HcmwKjoyfabY1AZN7eX8Mz/p/FOg2eotJ02fESNlLkN0 + Fm1oc7RbGTP7kON0ZLPHrh/B25JA/28aV+DO8qB1BC6Q1RQzozU9xIdVBEoZb11d + +vs26uIvG+CwQ42KxMnLDPR6DGRDIBaWl/m3vhWAJ0MUmn3ZJZOOwtzwc+HjrdDE + cwlyrCwVYaMNPkUzk6nJl3tLGtoBFXkvQlqR6wJ6Gpn3W+u5XeWgkFXFBhqdjylb + YTg40kXc97u0KEU2MPref9fJQkfdviIh013+RzXC9Ts4sQ7nsdFeUyPf2ZZiu2jh + qNnf9SRNXLMdeAPmGvR7R0ng7y8TNw2dOAeODFtg9uRYZukFBxDoN49jGmnSR0Ci + 649AjpmltKqWkvw9sPJt9CpBP+OzUakTX9/NWIkKn7nZHiCGNxApW0CuU7UiYrau + qCwmbgFDqidpBbYs9zTTSkJbTCrVAfQjCMXRCJ7MptFTA+PG6dFcL52li7sqTRTS + XgGl4ksdewaA9g4XlRF5pbcmVSquBh9b3HiIhSoZlz7XreFFX8QObEnYdt7EzqaR + +ZO+1vJnkEovMSiqGECDF+gZLaaVwWu9xY67Eot4c0RVCtueIA3ykCOrtukEuq0= + =ANgm + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-20T19:03:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ/9H+qP3QpG5Cb4KoDJk7RLE9OsasPhXxlyASt1OY2wJ5FD + Xkj4yPw71jy9qN7iNDGLpTw3FBYsW6rY4v/7cagJvn2qZWq2KYk8tVcolIPAEtdT + lXKH9IpcQENU+W2BnbD6944hINOOamNSmXOcpZUadMLi98kTyaxbEuxiBdEL/79j + hquJykWQFgatRQezzLFHi8+Dro47uYonLi+9iPzX9tC4vcCal9q/hJ6w6kLR2N4+ + Y6CfUdzxKxa4KIlLZ4NfBOuyFLLv1jGYVc6lwEPcRI3StTFwLkjOKKQ3baRheuHT + SJ6GQ33Bhw59BNJ59/x7gCKUc0yPZJnuHfrrf8j6LC8vVCN2x3eraAKsDUwKDUOP + 2aTZ0PNn8quIeUzOJlic0Gtmhumwt8hu3urHq7TNJ+4mJx23iYLRxCpleLTMWZ/z + NaKKxkSRHjoeOATa3YY2thk6e8mHKpoINUVua3xJ3U8ntfmVIPUf6MDztYzoy3zJ + b2pFvTlDHHyNm6Ky+XC222C/k2yC/b2wCS29PaM/ZMNl2tHT1SywM6LoQiJb8dIG + LWaqBbQxizUgopbhHjT6JfQ55l89xDaCf958pcG5MwmHZ8qj5QgUJ4fVBOCKYv/N + coWjm5NGMlZpSg9Q3b7qZAR1rpyKmEl2IwjDyJiMotklU46xcXfM5HhYFVZinWvS + XgEe9SwQmlz/4TyxFQLzek7cTHN62MKLnYYMCIr4GYntWUsUf+pI9Wy4LjvdO+dV + +2qbMuryBtC5f5WItg1YGdUKNXcw1fR08wOh/Kkp/RcOw/n4EHbHaYe11trbKDE= + =dfVt + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-20T19:03:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//XTD4bslFjaymzokJ4KSRLjH411UWqCCEMklwrqrNH2AL + LxhpaGHRWOp6+0UGuwEtX3valFJ00GrS3QPBbh2Gd8c4+fKv3eGChvjIhqCdDhGH + iML2AMKDDAnUEYWfTX/AyaJgFBFaL8KCei042mZgoMIsFSdLGqfFSbYuR+xBGezA + 6SaeieuxFIoQdvFkEb/W9acoCkMybS08xDRbvKbvXx4G8hVhW2aDSUUTWNcZg4QW + bDVlxV4viptyrn7jMxBdSoogW8heNuECI4po43vlpzo1q2f/+sDGRLnY4Sif0eDL + AEOnn4Rnines+onDk79jvMAUqVRBL5dc/LABQmLXw5uhwKIVhY/YqAbvdBHm73p+ + PxiZOyvqq0y37JhFXHoUDkLXaOak7bBAlUpgYQfdqfH2svU3tlYKLMDvx8t88ajr + 6+zFUOMVcV/9d9lUMLGxXrKz+ubonwPNCHswOFgWxBb8ODYK23v8g0V3vA0xI2Rb + BAZzmZ5KxbERhDTcIY/fTgE1Isms1Z/vfRttULHP54fEbLe0Y4DPs4XMOk1z5P2Q + xJzUZQzgCt1RgD/hI+HZvtWuSlhw6o0sU+3DWaM/zM68WvGzQVx1xXbiW44mcIR9 + KLK5Ccrk4fkybKf4RnKHdCNqYi8FH8bi9ys1MBxTq/HmOjfw/B7Sjkh6QnRnw5/S + XgFFxksAOCbeKGFiC5stkgzEYs1vD+70f/8xEe8ZLhto9VdsMS4qzhMTZP2pEGvH + qzBcjQyviALdRj8QUVX/cdpr/fyJyWtOfMh5kPwBa81A5JZy+Kf9pKAPhJvz0zU= + =2nU7 + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-20T19:03:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAcT6G39wB3Ev2Ygwqr5Grt9vZOzASGQA+ikmZwiXgomUw + 5+EbqDaGbHUu7WQKxcqTn33HADL36GUJkdbJSDrBZZxFlEM10z6MYhEwqKaXKTno + 0l4BVxsRuwpvgBkQbNDUd/lLj9VfWqkAqkaarDeTYp4Ypb4KJrwdq0E3S2dT5RKK + kusbNAZhVfHbnV9p6u7II4mSXykzFd6yiyULU7m3VYh0mzWGp1rD7zoKa1aJanXm + =ej6v + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-20T19:03:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdA8PCFPQ53k9ff1PZgbIjZjjiQ7NC/Lz99FMBDm6JXd2Uw + mzu84dVlowjWhal2Nhv+Ll5CX1da2hAsn2EfHUms9lVVvjvLgckQrTz8xqtdsMj7 + 0lgBhjbiSrz+4pAzNhkQiQEdLrxPuo3L3z19lc+f/U8HHy/nnDMNgB6Y2ptJaaPP + hk1apratKJXwUl2X70O7O2Muyt/xwbSGRWaTrZS4X7OVK0ONsgn6Ctl6 + =0cNg + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-20T19:03:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ//Sh/t17msk1UHJO4Qr2BPa8miw68ZFfx+L8yMO2JaLAjM + I3xjjSnQkNJPnNWstn8xcqVnVSwZuhXhuweqM40OeHV0OYB48VR2qW1Ac3FlzZQn + WAdaX2sHtvcNQQL8zDhzyluJyUF7ZIQZc+pgsFgA5XP1G529aRit5NPNNs8heUeV + hlX+HUwq8pcCW6ec7VHo02hncZk2w56+MNvJSwpztG98vL9lCWeQm2t4Yh9kh5f/ + vDZXnoQtNlcpwgMJlVuhEzCn/D6rXr30YSJZwM6Lx2d+8bj8ExYjYRhalpja6XFt + 0Ra1hrkmtqQHBRP0OGlQ5HbbLCHxR6y23lrS4btkqEKwSFpbxpi9moo/j2Li1p8w + YE/fPHMcxeWo6N+3qKxWo00VTXgMg16XuRIHxZ4J6JG3MuK0uXyk1FDdQAROokTC + Yn+FXskUTYd8wfuYR1VJQaWtSd9NhQVnUzkiarokSOxq1YHvTLtUgZ4/UCJoUyMc + gOTielnWVe09EFelBSkhC6NBOYYdGqKl8sYHIjt2wRhFJKClkakIyDYFzFSdZOI1 + BEBR7Ww0SA5U0FYqa7f3So/K0MIFGld8IvdxtsDEreXdQTdHks/5l9oEk/HpUYeZ + fNETuC10ZdznBeCft7jfw5O+gFUPaixN0hEavx10iaty2SLS9P/ZWXXOgPsoYGnS + XgFuSH4jztLWZGW/G4Se4XRfLuhaiOYW1GvnnggViSFAVrpHPptwodcFaIA9cB8B + dzNCv5qzsu0b+SCrooFwyNoAmDFdiwX0MuEQPnGcZLxWsLnNXiLDelXUAzHdouU= + =t+fx + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/inventories/chaosknoten/host_vars/ntfy.yaml b/inventories/chaosknoten/host_vars/ntfy.yaml new file mode 100644 index 0000000..cab4e76 --- /dev/null +++ b/inventories/chaosknoten/host_vars/ntfy.yaml @@ -0,0 +1,104 @@ +docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2') }}" +docker_compose__configuration_files: + - name: server.yml + content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml.j2') }}" + +certbot__version_spec: "" +certbot__acme_account_email_address: le-admin@hamburg.ccc.de +certbot__certificate_domains: + - "ntfy.hamburg.ccc.de" +certbot__new_cert_commands: + - "systemctl reload nginx.service" + +nginx__version_spec: "" +nginx__configurations: + - name: ntfy.hamburg.ccc.de + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf') }}" + +alloy_config: | + prometheus.remote_write "default" { + endpoint { + url = "https://metrics.hamburg.ccc.de/api/v1/write" + basic_auth { + username = "chaos" + password = "{{ secret__metrics_chaos }}" + } + } + } + loki.write "default" { + endpoint { + url = "https://loki.hamburg.ccc.de/loki/api/v1/push" + basic_auth { + username = "chaos" + password = "{{ secret__loki_chaos }}" + } + } + } + + loki.relabel "journal" { + forward_to = [] + + rule { + source_labels = ["__journal__systemd_unit"] + target_label = "systemd_unit" + } + rule { + source_labels = ["__journal__hostname"] + target_label = "instance" + } + rule { + source_labels = ["__journal__transport"] + target_label = "systemd_transport" + } + rule { + source_labels = ["__journal_syslog_identifier"] + target_label = "syslog_identifier" + } + rule { + source_labels = ["__journal_priority_keyword"] + target_label = "level" + } + rule { + source_labels = ["__journal__hostname"] + target_label = "host" + regex = "([^:]+)" + replacement = "${1}.hamburg.ccc.de" + action = "replace" + } + } + + loki.source.journal "read_journal" { + forward_to = [loki.write.default.receiver] + relabel_rules = loki.relabel.journal.rules + format_as_json = true + labels = {component = "loki.source.journal", org = "ccchh"} + } + + prometheus.exporter.unix "local_system" { + enable_collectors = ["systemd"] + } + + prometheus.relabel "default" { + forward_to = [prometheus.remote_write.default.receiver] + rule { + target_label = "org" + replacement = "ccchh" + } + rule { + source_labels = ["instance"] + target_label = "host" + regex = "([^:]+)" + replacement = "${1}.hamburg.ccc.de" + action = "replace" + } + } + + prometheus.scrape "unix_metrics" { + targets = prometheus.exporter.unix.local_system.targets + forward_to = [prometheus.relabel.default.receiver] + } + + prometheus.scrape "ntfy_metrics" { + targets = [{"__address__" = "localhost:9586", job = "ntfy", instance = "ntfy", __scrape_interval__ = "120s"}] + forward_to = [prometheus.relabel.default.receiver] + } diff --git a/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml b/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml new file mode 100644 index 0000000..f862adb --- /dev/null +++ b/inventories/chaosknoten/host_vars/onlyoffice.sops.yaml @@ -0,0 +1,211 @@ +secret__onlyoffice_jwt_secret: ENC[AES256_GCM,data:x9eRTm9WrEFGdxDb8JfqLYu97NSBRvhknkEBx/zSEQlSfcah+CVNNM6JcS0Y6d9PARcGv2jGUyakuNN1wYmzYw==,iv:33lWNSnQkljr8S9uj+Eab/fItyKAH4/xAeckdpvzl1k=,tag:Ejxzaz9nkGLT/mqKF35M1w==,type:str] +ansible_pull__age_private_key: ENC[AES256_GCM,data:TrdfJFaLUBppAunBatJ25yMy1LuvLZ2rbNVHj04Y1gyFPZXjovvujqnFKjZ3eqWOI31szQrJeliRQSRPhEVuTns3I7pGHRqiUXQ=,iv:U2EWL9lBaz+g2wBnPNmecrKCkMTIXVwdjq0KcvvdhsA=,tag:no/VOkQ7ANf27oFsQdxI2A==,type:str] +sops: + age: + - recipient: age1a27euccw8j23wec76ls8vmzp7mntfcn4v8tkyegmg8alzfhk3suqwm6vgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWFVFK25CVmFYK0VOQm1h + OXc2TzkxN05CT0thNHJKL2l1RFc2dFg5MTNBCkVuZXlTWEgyVHczN3M5YndaQ2sr + VGxyeEEwREVIQk9STEpjbDMrTmRMcHMKLS0tIExwTkMralA0akJObkVyam40SmhR + WWFjdHptbDBxODhvalBENy9sYkxCYVkKfntDDRBX94zh41MEUKgRjBeMjPXtNWQH + 4KO8Z+f195UmAn1OGC6esThcyvSaAUF6VWw6Tbsweyl8z6mLxzO3GA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-14T23:40:23Z" + mac: ENC[AES256_GCM,data:T9laVSnqqQRfRK2zdkw/5d0+JS19o6wJBTLj9BqH/B7snV56BNOJjaOZnYFVudQWhCIqP7S2Gj0FO2TCEa0H8aedtlE8g7HXpakxyP5/p2rt624+HiFQBvW1+r5srlru4ebVKB/HMTos6yjl4au2j5UWJe6LtnE+ww4JSg6lt44=,iv:5Is9/DV3qLo9MnY3WQcJ/NNk0Y5/qII+zztUXUDQN6Q=,tag:oklBHWxacS4RUrdCKegbIA==,type:str] + pgp: + - created_at: "2025-10-14T23:47:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//WCp5YpylzSylnJXYn8P2yi13/AUHwvGBzLVgmv/mx+wE + +2mNozb9N9xvkCqnsmNSJr8xGAyu1hj3KErXa9+cJ0qzbevzEJhQ16KKPucxWoeg + pP5/WVHWcA4blueEq+hTPxShqagtuvPzvc7ehg6ZRTJGtiXe4LoQ3A5xF0SdY0zK + amKLqWRR7N5uCrNPcfzMcnmUpkEEHqeFm4EEWkVlHePJT9zc8zSSLZeZo+XtJ+E3 + 7zhixDYNi2TKxog8xV0CjnsPopMuMArz441nrCRIDz8mrsDJZ3uCI8QoAC39sE99 + FjLCHchoYxBoqM7spUkXtYFvdCnq+mbdHU1stKWxGFLLUtncmN82yjVLUsw2eHm3 + 4b46BbZilEVSGTv4chWrIs+/z1L5nmKaQG28rtRUxthFKaDcptGBpEqRooI7QSV5 + Ly27+6+umobuN/XX1j5WcRp5NGyFQdcmNcR+HdzLslCav+XmcxcBrH8CjtofhQ0O + 4GXknjF8Sd19OjZUeL3KPfz5ObYWLioHgqYEWHTttP0QsDaHLSud9G68mUGlEe9a + InnZrWvdan0Yv9HJlZ3jeqrulf8IplcbAB8iK0KwR/iECedEmljYQr0xa3NOVT7j + 2e74xMIG73W98earu5SBO0jMRXWfCYuZKC4e2xe1YDRcwkjKtNT2wnVPxKhxILDS + XgEkK+9lqo365zOD7nMzYXAb4V9jwx9CmUoNn2XlHIxJBTdxCCh4EPmwlRYtytm8 + yrlz3ESZJZOOs4bpw315Bohz1iMA/fsTCU++IS+/QLEhpkIgvv0S2kQejnlujJk= + =4OsP + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-14T23:47:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ/+JA5AejEkCmdpMkaQDVb3fQShWh90TpYnPTK5duT7mv1W + jm8RFEe6R+NztQQ02MAUspj/djd7POJrGyQvY5jDG9Tf5xYk0momgKVUWwLrSI5+ + ctRhiJgUCyewtelcLbmCIv7UYCyzFC3LkvNI2IttZ+yUrArESTCdlxy2mnsMRdoZ + lFcXkNFpiOGNn1fc8sPSTaOB5Yvy6NBGPZXUCZMm9tJir7lzGeVNalbU+Pf4zUlR + wZYgzMSJ83H93YFKRHl+MIp16mI2bNdF9BWq4wbjnOGbEVhZq/FV+9NHKPwM6QO6 + sJpRjsWzRbP5peMZLeYpt2hdG3/ejLvR7NQYSPztVvckemA875nNaqFlmP3wzCWQ + 7r+7x5WEk/aBWm8Dv+gHjY52lI+K2wmxDgnPyYGpXXTKsX8kCZzaI4LrN4fUIAw1 + JSRylL55AhCxdpYCkIJgPc+PUeIJ9h89HdaS4pP760iD2y5Mcn8NgYn8X2qSvSWG + zcLSug1yQL+c26zAjCqI7PNhawQm+eEw7OUKxDkexoMDexryBBc/lmk7t2MvNwEj + uEnn5BY3Wvh42tj+Hsk/J8BjZTtrxsRM+guSSCOlyqNfECZ8dmKhBRPNLXLwz/W4 + VunIYQ6e9FWQoBQ92+2ZwFv8UZK/GLprI7tDBjx6Vhr5j0XZxmuce396Aj7CMHjS + XgHb9lm5fm2WkjvJfiXiIbhvnuxPu5UobDRl2qAYC9TTe+rzKKH5Oae5XSbAeQiK + ZJet0m9nh9T5RYK81I6NdYyCStXnkAwIsXtPIVWpoUjOF9w3IAVLa3ow27nqFRo= + =EJTL + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-14T23:47:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ//TWaicqbf8pUtIUVFYz5ENUWyT4N3gDyefSB5Yw4dfO4E + ZVFMMolfStfC5OUSEG8hzMlPTivrbCMtn7M6SYA1JN1XNZSu6BM65YhTZb4kJ9zE + yOsWN3cdPQVNV4R/xKvxCXhs5exaeNFgSLs/fWdyk/qyNlXd7+Hn7rJeZ2kmXlMi + L2SDUIRUCDc6eePuMo3DNsfISah/Mno1K5ExbiWK4GcCTCTS1YsrrufEDj0MXmr3 + hzayA5gLhcF1aCKp0c8Vb1+K+RIsy0QJP37+IsFXIR5IemX6VEy0J6wehRyt1MWR + 0W35EIZWPEmO+y3IB4DJ/1QHwJkmSwSkkVX6Vv7ch9C97lYCeKpLFgm19bT+GqwV + CqdOSKGKNLzcaDHSGwpNxflPSG2kYxwoRoFXE/lrU5IRzI6ngDFu0gabgNXfrBbD + znSF0gCVpRKPw3mzpyNO4ozLftj+SOrI1z8mhh8hd12BgsMHIwnftUs4HJLxuVCm + cL3ONPDqLuOX7yb2BB+x7HO7kHNVueRDlGtnaY6CzBBWLbrr5Cq8xVi6I3oU37Mt + Ng7+b1SgpvHkvLSz21aNwEMHXteyldxPOyLPhdSg09sTu0CzGRm8Z/VbOT1qGcHT + U8cf7n3MUluk/QM8Tt3PKhruGdE2u0NdDpSm5LzRjHcIACo3nvlVJRJ1ED6s/CfS + XgFbFZmodF/YCS5pfITJNr5PnnZ9OD6kQkAdwf34g2MNqt89GpMQjFxp82rXZ2oP + DUiJyXYHrVAP1FTwuSmiU22xC+7SWGHWmxeo6PO27QocGtdmfqduC+FYlnWXRKM= + =yHwA + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-14T23:47:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/9H63NmlEQroQsh59o0StQvIbe4HIEoi4DuzOPlARGlSts + ELak698PHUOAha214Fm1aD9rwUJNQudUc4NmkhZ24qq5ULImofRp7Pc3ja0/eYqg + jD3vW/8/padrh/kD12WIa8vusL/yZmUSTIr2Dyouxk/myQaX3/bT8HX9SUBMNple + +vHEi9+QSWTK+ituhtGoa6O+UEkt1eAPXMGLa46jbuYvdtzHuyWq5pqvokQkfWPd + nm1tR0eRBryN85kM5OzYEBUOrJ2z366T1ItKSY9DwFqF6XNkQm2yykAyKGNAWhmL + iQ0jQl+XdMWxPurW5wA3BPU3E2kvbbY2obk4VadcBbiJWruPRQckRHRbu6au3xyX + j0sr/gZ1FnnGZlKyCA5DmDcfC3zAlftpHJlPn3RCZTjKuN2xqDeGGOg8Sxbp2qBP + JdRQhnypOr21bfipFDtRFUSTzu9AUtbSdbYGBRh+1tWbV47hrpqPuVuF4oLF7/nN + 15Q9OrhDESaOoYaJCx189mk/UPWySGqb26B50+Rqw2qP1MKrlppWi9bODNtO1u4l + w0WkQgZ7lhyDMYNJ8Jw6dNwTZhQewopUZmRPYBnN3U7huNr/+BQeAiF1GsSduuGa + 1Vy2tjnPphRWDZ1gU4mDVZpw8zpamxZooq/YOOhE9FmIWoxjRw2n288IwHfM97DS + XgGtuKZg/e7c6mrWZHTnuqGQmSbjk+Qj/uEzjFrfKk3fdelD38wbM+lY49lXlHXH + 4IDUZOU3e80YyN8S2rNSYR7DaEb7Xk4iexYSoK8ptotw47ZdDTNbT1OBf9olc4U= + =M1Sp + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-14T23:47:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAiDe3AmA1YEWBmE0IQDQPUhmazg4sLkvlhQgQdmRIBUow + E2RIHYKMDjHErEOSLEHSUZuuswuVe7sdvEi/sezQT7DgrTppQIAfVoQaWG60ilPE + 0l4BjDaIQj3xJZWRryClVQ6J5O3tizSYB4fuAmx86bK4X4MarpJvXTRgvDA1Qn3v + PPG/5jCheQ/zx19ufDyZdHs8Zsa3SLvxt/J9tryVfaRuAdp4RqvoKwXPtjej6JT/ + =aT0u + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-14T23:47:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fARAAlUg5WdEYGT1UG60GMi22Y+jI6Um+QOn9Av4FBUvjm+/N + cfeiVWsXTuufOZWSENtpVWAmo3Lw7tJyfadMacqs/6f6fWQfP4FKaVTn8hXaffIG + 4eycc+SfyC+GRDt+3OS2fnwM+td+by9fIdIfRC3hdSGw8xcBTCAuSl5PIsC2Gx1n + j2V2xWsccanEEdiGQOmFkoG3qLZG+pSEvJW7N/Ree91snFLxO5qWyuPOUNw2oDSN + KH/HZEbjT1uR7XD77PQb6qpIE53wbQRaCsZY+vLu3/R+dng/EyBo4ytEQfR/hSOi + epkX/PU9b84Y+hfdjwtfdzt3q+NOcrtEw2MkBlYatJUfoMBSvF94bz6jXUJFq/75 + OTKVh4i1bcjoD0KLe+umynOBmL2GMehNARGY8YU1yYe8TxkpIbVKRXWs/84qI3OL + 139Rs4zlLPPTcp9/zp/KAQQ8ek0tPOtrYcaAGDLMWdY3jkB9pc5SVl0jn7nsJ/Po + ZtfaBlzjBbqjOEe7DtsFcqIrt8ruE8fa20qKyP4uB3D2ZEvhtUp2wLBQbT3GHwbS + pEPBou9HPmvFE1VZgtS4ZamHgDar3oJnlckB8DEPCbPQ1ui3CfafpHqs9IFI+CVN + XmfRB1nPtdaNlC4ZmiW4wDnGQqGJbAYkhJTu0pPtLvT1WPqFXC4DZ1PJEsUUlKbS + XgEh0ICVLrI39YwUc5rWTiEDomXxttlRu5hzLvXxR3h07oHaNWm0bXyZ/Sqwectn + hq/H58TBsFVRbouH2aZvi5U7OwGa7UkXeECq6LimkKTS+ca/7Dq1UPeXPbkucW0= + =hfDU + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-14T23:47:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//egG2BgMMGfN65oNaTJCcQ1AFp+m7J/F5zHHQwK8J5NbE + lTLNPclNCfUXArM64NjHKh1vLVe4yF8TOGh97CmhH27d1eD6dHG0m1EnoOGOawep + +MD7lMqhw3x2qODUB2bbrswmmJbO3C7Y9gh+K2i5UsmdFgv7AwBOBatJsFxv9B0m + eXmekvc/T0rZxRhzPAtlCS6ZGP4JqKELgBDe1NG8upeJW8n4IyYESwnNLoJSta5H + AkVyV5eqv1LnQGyMqyV8YBDguzZe/AABvv51nbVl+HM8iqA+OM6SrPzWfIMorJDj + JJr/xXgJ81d6HWoLisCU7uYMlUyl/B3dCPaWlWtfWb0edf+fiUs/FoZzAlbrzbkf + P03NmYBxvu/dLMrxdqJ/PGnVnW4nr6J3OBRqnxHpz/WMtewZRcli1YXuPgj6uU8m + edejnwz2jkd20Ob8lF5AoPyZ8B21uMsPZndKiNFj2/TjmxzvXUuMbfZUyhYbrRXe + VqvopsuOT/WGjKWiTLQPNN37VMyPIIsxgp3jdSGTom1F9Un//iFjBKOJV6Wo+i9U + 6bawc/44Dzd7FbHlEOe6Y9vSjo95GmE+nM4Us592s6V+nbDDoXUq3+SRzv3R2aeL + 4ks4GVuBl8s1vZzSDO/VIlnoXUmA0S9/AAP+6xsQEhfAB1IrO5qt2fRH8gSd4HrS + XgEHDQayM/vGPnBf5YDYVYS9aQMHzrJm9uEU3zFjoZDK1smV0Kr+TOFT7HvpppLa + 77z5btgan97JOSpq6S5bhZVAkJplbERmXdhfDD1nVDlpXcrdDa8GI+0V92mUYDA= + =Lk9e + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-14T23:47:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ/9HFIznjs3/Xk2alVzJBNeVNpNaHVa0XzK2voyw0rgaP5h + qwTJ8p+xWpEsc+el+E7Rw9muGdANA1o/TbdHkimRa7XNTbJW9Typ55THVifJLct0 + 6cOjneKCOv9IBnzF8G98dHGekPK+MBhaRdMrjRUtSeVnZqgZ+emw+CiinxGOn+us + 36dJZiSQxqtGfCR+mo6rPsUacHh8J10HNEAM0aP5Rb+8OppVGFJeU5KqlfbiazNL + 98DznZIupx2mfND3MHzfj6v1t90jh+W+RpiIAKFtPebiBCDOhTHkJSLRjv3KVAtH + 2zca5urU2Whs+ploQVud5k2z0+o97kCWdeFDtnXOzwA8yZOIYcFnRMlH3w8BxMk2 + lPymLvL9rowP9r+HHWHi+b89obCUjeXjZEZHlRFJAV2pE/XMd91LUcgcJVilk0n1 + tbZbS1z4cX8/mkfmQyRMd3Xm1mKh0CjX0YjTXaiTbTgdhMFWUZM01l1mbsw93s/x + i7giC/SnX/b/+HarfrlwWc3mHRDsG895PHphf4Au2pCOq2KzcQlmhXFiIUdZE7tA + t2ND6oEnuzI2LsxW8U2ffBcSthGa5UyURCtR7i3mGvEN8UVVGbNazMAs8jrvb6sC + 6WdlT2MqYve/AAGDrjwi8o0Q6uIXoJOiopzCx2kAndUPMJrKAWCyG8TxV3gaBofS + XgFY5YuiKX04DdWgslS1NbTyIZ/BTAdSuYCujDXxKzx2Q10NOgwNnnE4HB0aVOx+ + SwKN1i7ABHvYGrIL55+fz8eFgLkpv1MV/dPUEAKjMWsEq3emmDfJm/MrEL0Dp14= + =5rI5 + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-14T23:47:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAJmnvghcmfK64sCnqVjjFj7GpQk2gOu9MCxOcMMgcHRsw + Eavo/MAiHqzuT3lSFfDWhvcjSL+jimgw3yqYMoEzTK6RbNNJHroRAOunuQ/fofMf + 0l4BUf62EBKB7XFIO/Pk/zcvLRtvZZSGIr7qczX4IgFxt9VSPljmDOnSnCKPR+rD + ieSVMMq28nlAOwm1pnyH3X+qQvDvQmyrz40UW72I7i+T1mBPLXqdleu3YypbzgOv + =TcFO + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-14T23:47:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdACOXxpkI7QrdFaQjtSs6pjCjH7BWY7oydAWvXewLkgXcw + Xu4rDdYRln9Qu3C9fPcuKPkWGIGQzHRGgxo811iJ6hSx/TawgIekzgpXiORjB10j + 0lgBlem3eflbCRqCLzB/LTBk70nDb36E4hmzlEW7+YvEc7YVv6eB6+M2+ztsYHC0 + qyaOm0oy7IPZz5Wo5Refu4ISa25YH5bvZcrWdmcPMhP1B5OZ4YOZlVGN + =k/e5 + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-14T23:47:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ/+K3BKZ+sNFk8To0r94cCoX/PVjJcmE4GKUyBde0XfuVTK + fzd1lRBBjneuMvkx9RI3F/ZxSniOdA6vuengbFN4nl/Uyi8b/keoMHgnKYt54FtM + YgtWQVd2JqWeJKPWfibaP+DpuU4wRVIKKTrVTIN5pe1YZCDG3Zj2P2an3Aq8xbio + pQorYwf5ilS3YljEkHU3ipKeNXUzbe4zvvHi1MdQT4MCZd68rUECKqQi6KdBVsth + IlIPAIa+Xi1OgZaoV4uFUUh7fBXHggTSYABvUNxcGTilFotTbhxgCO84Km3kw0z5 + I+VfkmmkEuQCQYN0u5k038bs/tkbmWCM5os2FvG2ZWMTni3K434GY2y2cHpol9kI + wiTxJBZhXacKrrT29L0ICHge592rRwFOrEhYA5vANVSrAuyoxURlVtldlFiIB/z/ + dF4NdWCikCNaV6bPe3bqqcB7WBv1K7OVoN213xYGctySu43vyXdVWf/uFuzdh9Jn + 60G5ldk3mIEvz+Obz91kmRr8b0dtxNxlVKbJw4zPxDm8YDm62yuc3N2eE0VMMOYw + loFI03ahj6H2C+aLJIfIffW34BhBxDhkjtaPNE9TZuv5fu67XscEdR1hLgZFC8gQ + JOVrIU/6UMAY1jYkUnyVQbNiYwq7Zc4xIO7LlFGk/yNDyDFyPO6hJMt4QcI/jqvS + XgFcYnU/70kDn+ivmCohGl1TN5odP3DZlUKT3KFvU9U7rtMkVomSrb7dNnrxXPHU + C/R1EDc5cER5nP4tX6VGehEfc6XYGQPaqHDo7dkdWnvGNSWkkpLMrFzMqghW1KE= + =fBgJ + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/inventories/chaosknoten/host_vars/pad.sops.yaml b/inventories/chaosknoten/host_vars/pad.sops.yaml new file mode 100644 index 0000000..f1ceb75 --- /dev/null +++ b/inventories/chaosknoten/host_vars/pad.sops.yaml @@ -0,0 +1,213 @@ +secret__hedgedoc_db_password: ENC[AES256_GCM,data:5Pw0orOTzb1xCefwx/n9h9m8gmEY6irE,iv:nZvnPSb6sXjS6k4wNUoo2PCJyOcwjm36gs9l0mxwAeo=,tag:0seJlVi9qTfBiol7mP6DQA==,type:str] +secret__hedgedoc_kc_secret: ENC[AES256_GCM,data:7RyM9jfKnaaP7kJ1JwucPa/IAwaRc7Hhe9VYIKGEmlc=,iv:RvtaWLsf/X/y8s+DLANcyVgagJqGB7EkvQ2nYm2Xo24=,tag:amdgqknDGeZxUBmXsd1ksw==,type:str] +secret__pad_smtp_password: ENC[AES256_GCM,data:msnYZYl8vP+OeISI5OOglQsCQ8vxMZ0gig==,iv:oqov/myWJNzUoAn4BSX6hN1fWyab5vud8NmT+z4ECqs=,tag:0T3Xm2zw5k5WmC9Ks03XhA==,type:str] +ansible_pull__age_private_key: ENC[AES256_GCM,data:r9j1ikemQXl+Fq3D141P/MVltGLR27UyHxCCWnZphOLyGhyhQgqcuFqwPy1kZhnbg/mj5DclJ8rzqyH65T0XQu9h8d/vh7Apm4c=,iv:xOmxBTVIOTRt3rzWM8wHKVD7UHeuPj2+NSHJnCvU4xo=,tag:CA9dR+/rB/wfcPuU/+zwsA==,type:str] +sops: + age: + - recipient: age172pk7lyc6p4ewy0f2h6pau5d5sz6z8cq66hm4u4tpzx3an496a2sljx7x5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeU0vdWM5N29uQlBjMmtr + RGQ0STVzaFJHKzNiOEdTWFVvZkVPbXdCYm5VCjBkcWJPbnBKLzVQdnVKTXFPYmlJ + cHYwenBBN3Zjd1FNRkpScGhxcytoLzgKLS0tIGU2YUN3bGZKaE5WOGZ6dDY5Qkpk + QmYxMFVRRjYxTTVJTjgyWmZUcUp4UDgK0WghiJ7qqE9Scq343SjkZ0zDQI/FFJsd + 6cJ/+X0LRg0pzlCHa7K7amaYUAHSlmjv25LNIJR61Xhn4kGuLBCosg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-20T18:59:09Z" + mac: ENC[AES256_GCM,data:3BwneKrw8YKmfwIoDyNRo+SG6i6VMW5tECQrhMXiq/mB/14xHHrUcrWRanFknm6JB518Ohv5HEjeHsrYdUehwpzsl1vtCji95osa8JdZY5moAt+4f06viRFTYa6GrfnNKToUR9obZFiPAHlMXcTTx6y0m/nPrtFZhuNtFssOdxg=,iv:4fElvIvapfqSqxRLE/NSiWyun5hAA8JLsai/Eoa5K68=,tag:mPKOquAMj43I0WhK6budLQ==,type:str] + pgp: + - created_at: "2025-10-20T19:02:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//ULps+cAGPArP6TiSvqD2TpEcvSmMiGpyQM1wgVzoTAvQ + NFOa1Ayrnt4T3xCiYcIubYp0/on6hU1mlNV81VtfpVq1pcAo9MCLQL0ggkXvOb0g + pSSe+7wl2rBz0uH5yqR9cUmiKI6YM80X9Qg7RuF6UkfZespQ51YkdEUwNHVb0avn + ytc2+1c3YXZJsqypxs28gos5YhlvLS/RUENr7tJQQfhQyzmZyRF7gVjgI6+K3l78 + skGXZeCiQX1Hqc73NvRkz8/GW3/eFTGooJXFgervmi9siEwcGhoJjNh0cSGaYAIY + nBXMk0NvU55ix9HOz5quS6GkIBvH4nTQHT3EoLA1N4ePJkpjSYVli7gf8BdJlegb + CHvf2Czzrs7lmKNeyNa0q8B2W2J1VShQw3sF2TRWZpQcsIb/gKdC9pCWsw9fbQO6 + MJLGTPczoDGWuE3hlpZQXzTJOpgg+qLoHzFqhfL7EhUJhYBZcTSvg4HcHtlWbEZ9 + NDcVBdifIhgKgH7icbt9BIonoGOi/Ggv6nC7L8RGaJ3B5IRclTxslbxtdPgBY2CK + e5v4rGUgpBwX1ziaNCXrYufKDRKz2PtUWhY9L9y/SkxEqoi+snNrYQFwDlAqzVsV + 1JAaySGpg0027kgvmUs0VQSgTxcKzCjswQirwUAQ9/FcEYcDgCFg3MJFyERJw8rS + XgHgPPTsb0+kgHD92YY6Ns/Jw5baEKnjuyqp5xt9zU/vXJqmx6TelQ+GkWrSZDuJ + eENiInxjCbtBcHY+p6FeMncnozr5NTMnAj+xpCievtHfK6/1lw23z7qYGFs7+hc= + =33TL + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-20T19:02:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//ffDofAam8JzM2BkXLtth9oS5eocIrDe/PVXWdeRrSCcP + pbuBaOGCAAjAam+x1t5bTI4r1sCEnVq3xHDxm9tK/CPzwC/Ha6RRZSLbJISOt2lG + QVFtYptRJGxtbAtl6L7YhsyZs2of1KOnRQ57nLi/q+Ho/eKZShaGr1VB/nkRpHTB + 8qg3qJ+sGL3tjqPLzh37lQzW+3MBRRLoAty3js3KrY63VJgrmy0xZM6BX355F5zQ + ArelBoowccbdjE/Tiw/ymlcPXBd9DLlKDPQA7kRV3MuB4/6xd2hcg//dAi5kavN5 + +zgF1O0xbPfDGDLIpfnAB2EFNHgTXXQ3mxyjLg8ZtoHjv0/rSrcOdgTj3qmOrDZU + ImvP4DTGIPYwxypk6gxkQvCWvyoBELa1oDKxyI3TqAM/IvSxBx5DVIsotNv5p7Hi + lCbXuiuwoO4zg2Q507d3BKvwbpeZVLHdX1eFOGF9PXEcisouxakHE+Eq971bSej/ + WhvZT86S5Tkzrek3ykVpmpdNp9EjkDoJ6eXyuVLVC7egiGlmvgVgw9BashutsYhL + 9uB9oePgHD+TQ+Pe2LjkjTTVM7J6zm0P4HUxkGUw27JYJ75DAix9wXBhPQvwtZDH + og8zJi7nzLmu1ntUEFCLyBlbxgeWt10+WMxwLHkrQZZFEJFMUpfMsLFZIkSXaibS + XgGJPLIcFKc95WPEEX5dG5uIR3zx18WjCZpFgviuWT0h2UWUlhLoUoHJzuKTuhTf + JuF4kbTnw4Gz4aJ8btSTzO9iq7Y0i2qdevWNgZi1/o6jQgxnfJv55UlgIOyDGz0= + =STPQ + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-20T19:02:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAAyhjh84qJ3nVpKu4Z9hWUlUHpNbYVxpIb4w388qMaONB2 + +lK5EuQ3w9Oxec3rvN4tH658S76ciur2MZK/CLAkA43JY1tsKLXgYSVMwNFm2B18 + PobkuTTI40n9u1iFYlI3bBjq8KeVTHFoQVnMzbl1c2y5VfhNRvJSn6OVMROE/PW3 + Vdhl46DQJkjz0DQYub/L3AMssFwFdOUotP8W0lVXv0IaRiB4Ud6BM9P+A+4t5c07 + ZiUZ58qyT+eJxvDI1SFDoVAOlSAkBSw4+ZgOdbdfSl9AyQ3kmGsSjkfFCz5vcSsH + CsTTpiKuRmbNwpef6ufnjexNUXzFQv7YFMlbkKbbA+tYD++RptWGPv7QhC7wrZXD + Y43HIvk9itwU8dtZA0XKG9fZdNe29yeoDWWKP75HI/7N3rNvXXAZ5Q6eiWtkiAfq + iDDdYMfelcsCBK2W9zTw4wFNhzh2tiTl0rFk6BtkHqcAIKmqViOGfvd6H7/KHusR + C70hYMIm5J9aKXzKhNMO/TwzdRh6tKETD5PDtJI34e3lzQrmDQbc+llxSfyINkGR + l8T2sXRLPUwWZaFrlj0K6IaudzgQ3HORlpJ3rXsmcsdWVWLeWUWhFkXyafvKk/Fl + aPfJ8VVqBt0r4MDvkqq7+8SpowoZAynST3RrXyj3/zIJXUN8yh/+59PWI499nB3S + XgHPl7vKAly8bChR9Le0lQhdiwtMxipRUlaowkh41QMZRsKKNJPETFbwN5TRr+nh + KPwlwfGNAlgsFd0wFgdw3R5I3/9JZxaJ2YRHg6F0CQpoTTDGDLGfSFhDfXPQtoM= + =4yn6 + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-20T19:02:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/+IiCAkI8bT/0oPS1nkWYYDivXR7EC0YAPOPW4WvjQbpGP + 9jtMDVbTTAVCOdPRjW/ewhY4Ul7aL+8kt5b9Zg/RzHk9KZO43X8+/O9vBZz3iv73 + SkcRrQVoFff2cb5JstfIz/pIPV/NZvMmNn9twxiZgIMYL+DKo8eCNxj4GREOLvIi + o4aHQJZFFukuaFPZDtZjfPDVhz/WGLy+/e2XxxSw4hXPf380ELEBIls0YMiEcwjn + m9uWn/hxY10wV+aZvIkRKWZMKB1SWWRklF1ZSDlVGJOLAbBGbry3VfcLhAIIzEun + x5kf6elgwnwXonZkz4ualAdu5xEgVXGr0IPhaO+79TwlJr+1c2UhCKbxWun5jswu + ioxvTYw60SDFSvKjPEAB6ANGS3bL6t09LTc1//pQnElW7s7TSwSUdG270XcZGaJd + wYMYCrFRA6rYmQU03AQJLnze/fiRoJs47SPtGF0LFHvcAWS3Dqb/R8AIRmciliJy + SAMwUD7PixhN5YTo+t91utGLV2yi24fFFlxfH6LgWDXsmvjm8mBJ0xuM+RyfmrIe + Iq/zDGgpzXz5qfJz1QiH3MnGiHrQqG7u6j0sutkw5SJIdXn4FBwMq8mEwWu2KB08 + xbUtlIv+6W8BgfHtOwBqxRJdGau2jesY5ALYXf5IbKXQquRNTYaJDBYUDZlgdgPS + XgGlBl08PvNVmh511c0pojHm9PRHdk8eLJJgyOm6L2L4ZoQCU3lZvJtMnhsyBVAu + 99TReQ40oCKEpwwOsrHwmEuaTOi7I1lgUhsMKrop3HdrCxVdBVRf1tjdoQ/vSgA= + =JCRR + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-20T19:02:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAc9abZ7m+uvp/RNWkoOIo369V5WsuNtAVs0A1ktTctwkw + xUSaofi3bI6UJcwoITA0eAc6cv7FwQnYp537kZgHrUhoo8TVbVEa2CTSiiJTlf2k + 0l4BRQWRZSsXT8K+7ohukFB5UGzXAcbJHxxVb9oLkgmVJmkTsR9U+Vhce1t+4kvk + x4EXxgBpyCIBx0ZEW0TIG80UvYnX+ny40RMg03oAg965hH14GeQnLYgby6VDlCCf + =8d6o + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-20T19:02:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fARAAg/M9aWO8pV66I+x/BoNAbJpmJseKDmDscLLUmOgroSSu + M8YNZdKkEswU+3PQzEM6JoE8OxPdqA7g2HQqLm+pswEk4aYX3uUbcmqiHeJd7Nb2 + BtVNbGsm2p2+8wBe38PSNtbGzIkgD573EPeZgtKwy+Xdg6vl9+q2O1EUsWMafInH + T1y7BGT+gY1HdBiZrbnjg0krw3ZSdHRUIZWfJ+Hpgw4XHJul8mOMPfbUzhnFw1+t + ji0sFYsGZZZSTc2rhOwt+cchc2CR1w3Kjx8TiZdpDlclpjmCOvGu6uIKjcpWRygA + h00Tyih3quSDzCDQGd9JQVSU3TaSCbZPxv6zgX7PeSBOS5E0zcNI6pv+O3i6xDIf + ZvT9/pKLRw2aEIVjAMTMMbTi9fy/oCyXS/JTaY4VbYnkW6UEWxhP3YiXdNHIqoLd + 2nooNOh/3fHfWTuOVahuiip3aJLfoQDQj8UcOY2iOnVRFig+YSG8b+zwtV6NN+KF + DpzoUaEoyFM0DZ7uCY9sE5SuCpv7k57QdH6+TqBxrQsV0WdmSlNKf8QdIPmBXK5p + DIEom+KZ+ALoryvqnv2mbAVpmWGs3X/V+YjyLQJz3TPzhmotz0+eOtSNpy8tShgR + qYKCXOQZHeOK30fUg53I6orQs7GdheUOf0AaP+CuXVIi00CnFT57Oe2tJKaYL4vS + XgHgZL77YDp5C4iWmdx7l3yivkv/4thHdLf+y+u1CZDbYe+Gu3CiN9s/3FwvB9or + v3WSq28wmRUUgP5PCRJJcBZas4FFvZyGl24orL8ZC+AAHIpWOiJW4rynNp5kvrY= + =TP+V + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-20T19:02:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoARAAgR/ac4NfKm1SNgn+OTrAD3uNwAEyAbuOEpWJU9GImpnO + jH7tM/in4MAc5p8s4VextAaOZMUZ9xO/ecV1kjygcOjHtROv163Q5RJjmdkv7YOd + 84M5xg0OtHYVfmlRo6nAxEXtkQlMAbOHKOL45BBzlGs6lCq3hywbyZlolZ24Wbd2 + uojGAH0yuLIYRAXgir68hralvlaUfNt41iWIvFvfO6R/Ja/3Dok2U8wSqdQQcPr3 + lwldHmbrIcz8eLpuGMuBKe6/2aNrkOuBRExRnW+wV/FV7qjFISBiLjekrd42HJ/c + uY/5SllVrA1UwWx7IUGLtb0XUQ/9U9VlhcpFB7dwCb3CCmpNO7+UuQb/U5TZ7uKe + ML1sebXmrV/GRRV2/rb5ZAOq6Dzqo95xrCJAQ8y2Dp0kjkYLfjhVSfuELxhzemZF + 58Xwx7OuSgQw6nXlr7vZ0kdvKaAa5WTQNkGbLnC6UXz4IBgTEGn+Svv60xKgUm2e + n8eUBp1VCxwnhUbF31XpE4SE29ZLmo+D7Vdw86irMWvuBMU2cTxAi13Z0OQCGYWs + kNS37+E6js3LvnwPWhA2zXDE+DXx4LSWdfJVoSTmVW5lVnyc04LXkXNJ87LV9Pv1 + JhrAAmXC3wlLfn/aPrPfdR9XGjnwyNojRYpvJJFpT6j/nK5mb4FGorqtFtQR5m3S + XgHj1QJGtTwSQNvs3kOfB241bxGZV75YAJPi+af6v4pZGtdyqVLlj+EIgFjHFd93 + wjeGKfA9wtrKeTkl9LQ6/uq+x1CnLpejCvz1MiOiYLoU+Hab3/X2jrzIN5mY1+Y= + =uuXv + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-20T19:02:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAAn4LRudcrjLTCjqQnjRTzqMbnzDui823FQpSYFZ4mASuk + NiyX7Fyu5UV7sHkVq198oN4wFOeZXO4941ZTYJGhtOxQlWIuPed/TJQ/L2+tIPcf + gljfyubYvL4IRKMxVMpiMDbsTMvFoDEk3tcjRT5ZWPKjPaR9LMqP/dbQU6AzfEbF + nUaoxIUv0gJ+chDyHccdx2rys4KwV/ez+Y2DfPOfG5Y002pdGF0wOACwUWAY5+tj + 6Wt4n12RENGA8c3CRhIQ8Q4ZKb9uTA6LVUznC6z7+8xSmMPWDWIKAGKiSP9hpcIc + hoM/EMqu6WS51I/do8MuPusuxLKDYoL0uMQPiYnI28twJr1AWneQL24priuEEGin + gaZ1f170GHFbHMbJoKZ/BKuRRg7jx6DTPOmayXSEgtU7GyeoV7Go276A7yj6whb9 + qD7QF0FQ44Pm66IT4NaC2O3xBw8e1gn6RVurHodkPOLP15/5g+i9NDfQsdDQRFHE + LQ+VYF5Sn5vmie8RZvk4fwQATQR59FPMd28chYBPp8r/94ejMdPr6HFKYqGsu7RM + MTcSskZRL6pR7uJbrHS99IpT3demUXJUwE02V2vmd+LELVPyKrC0LKYzFSx+uYCB + Ozk8I+qHTb94tY/D9dvfHabp6W4FQRNnnNQBeWqQzu/LysfaSNBA5VYOKRu1g5jS + XgFzp7nAHdBXH2dnibevh2RgHnc/MKQr3mfDFERkxKphDuj51w7/lSs2r9iQsGp5 + xQMx6P8UGxAeOVvYogYqflLkQD+ybtk3YBsxvRQ0Y4YYtZw303+5C99XB2kaLoE= + =XWp8 + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-20T19:02:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAtH7dYUPIUbkcD1k/qOkBUW/xrIizSLzwO1z2a8QC0Cww + RVl835uxs+sv761WBO0q/N1ZJSQ7I+K8HwBD5zI+0mq0Qy3hqFKwA1l2lwhLcDfe + 0l4B9WdrtK2c4DSS4AwZ81Xih5+6orMejRWAjRQ3H+IPNo8ox6u6CQ2ewfFQgqxX + 2BdyCvcYdfJAbOj4lHDVLOZrv/926ulTWoPozzQjZcxUuyAXIFFY4sJ0wUSY+4OI + =qnuh + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-20T19:02:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdASPQhebBJb6SL/p1DOH/lBRcRr48+YRp6gjqEbWwBhHQw + OaYqBiWsSxJ+YS4Wcy6aqJvbqgVoMY0ZcyI3PfzwIaNsjKqaw0U6KXK+lXA0DfJP + 0lgBUcPBBIAKatz5IRX8zFMdhR0HxfAIe+0pwMwW39FnT1HXkPy1s6ccqSgDEnH/ + Arwr0Iz6pAzMdJzDfpRDaXLrI4+x6jmZCAm0rXaeDXohOFs2C2y/lzrW + =9QK9 + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-20T19:02:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAk8AbqfdQPREQV/uyz3awAq1u2tXykXWzjs6DarQoxA6o + DlY2tAr/7DvmPGvk+1ZTxf7D0n3sAbhhRkpRtlr6mguzByKEQtf5rXxrURyTe+mi + dsRtOdSZwJpgdDE805IiC0Q4dYYOLiFzlouYMBqc3nhqEee4q5X3xJjq6qaJ1QcZ + bACvKFfVfr5VraWEGn6+JCsmqDNcc+5MGfDiFzo42I0nnAd09k5+ymyZ+de1NqJ8 + BVq/+z0TsUigCR+vlm7TMno9DCIonaSHFuxE2tdO1SXzQwBvno3q1kkrhvKVA5PI + nZWwRF3s7wv4QXqp0fmsD6KMf+jyMY2N2udY61jOa0b4z8PSRFxzaIg3iOz21Z4r + uJ7lUtgqL1KoLX9Y+Odkmyj+Wg4VqqcfI/qcr8VMK7bW50dO+ueYTrFGh3mxs5zs + 72XGjnuZC9niXbxPenMdvN82eoVXY370yYyoC/Mk0aVTGkoCC02OsDb6+GAM+HEM + GT6IObIp6N7AYrZSHzFAAAFafD0UNqmXV+b2mTlsHLgJenK7SL7Mv5vA0l4cNTgD + F9ykx5oJxHnDoMEum8hHs+RltDLNGKT3x0ELnyeTTqR9gIPy9pKYsTdVNZxtQmRx + WMWV5XAo7sTBTiuOvKZCYgoAglhCcRpF04VtmgcatVgkieZqP3Af0Vuiw24pmBrS + XgHnt/XLzOTwRAIcdLr7CR4kB7FHTk9ae5HlV/kl2R/O5kGS7L4XixEaBvgf8TQY + dqw86sjSzCVpQp1lukxr4jUhZLwkug8+wuTePyUPO/iTmWzxYl4iOgMsC773J5M= + =ihdo + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/inventories/chaosknoten/host_vars/pretalx.sops.yaml b/inventories/chaosknoten/host_vars/pretalx.sops.yaml new file mode 100644 index 0000000..f143970 --- /dev/null +++ b/inventories/chaosknoten/host_vars/pretalx.sops.yaml @@ -0,0 +1,212 @@ +secret__pretalx_db_password: ENC[AES256_GCM,data:T9qw46sR88tcj4NG1oK3AfjreU4N1cIN0w==,iv:g2rr7PbFN9bFDg/w7vZBiuMB4p2j2uu0eQAyiweuQ6Q=,tag:0coJNAbT5W9gxy2fVOhuoA==,type:str] +secret__pretalx_mail_password: ENC[AES256_GCM,data:HJrrmdDKzity4Fzz+JEj/kvddzHpRbw1Yw==,iv:dW15nSyYjzlFdPkQoZmJ5k+poWyJZ7dW5Lo8IFjtfMc=,tag:AZZObQRDMMoQgnPmqo/+Tw==,type:str] +ansible_pull__age_private_key: ENC[AES256_GCM,data:CguBtrNgimXc0dBhIHn6SNYhmHY1z6mHXdb7bmAFUy5FtqAmU/HGTxIsOZdn+GjwHhk3idi4my68qAkyxiuvHno7yQ+HTRgPl4k=,iv:kFLI2ptzZi2UK0MLEyFpYdvJ4o2C0zaQ1K6fowYmG/4=,tag:8hwlDVpu+HBm+hjNAdiVyw==,type:str] +sops: + age: + - recipient: age133wy6sxhgx3kkwxecra6xf9ey2uhnvtjpgwawwfmpvz0jpd0s5dqe385u3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFL0g1ZlpWWmgrcUE1bFhU + L0syN0c5WkxCNXNXcnZoa3docUNBN0xOa1Q0CkhsL01IWElmU2tCSnZ1L2dRTy9w + aUdrbUplVyt1eitqMU9RLy9mWXJ4Tm8KLS0tIGNEYUlLMGdXM2h1M1V5SXkrZVll + dDRBZERmNjhnMDJpRDB6dGN3aWJXS00KGWMfPBbO1YcyLacYRZzn7r2ZdY/6O0rJ + VDP2y05evxOvQLG7wWkuk0tXfYkBglmS5h/jmnBUC32toDv43IRejQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-14T23:41:45Z" + mac: ENC[AES256_GCM,data:tw/zADjnc9mNcT1sEGDeCFr9RuyPsgj6mtcmDwpYdquhdfmjvccUBwly/NFFdHAwUqmL4l5R2xAFaeKxiEO03DT9nx6jujDvgpKaWyiXqgPnzMvft/9SXdjwx1+4COmT15WQ3LfTQbTXAJH3taGDQeRJBPRYFcykscyw3S5/aU8=,iv:kmCUVVT17MPoV4/tGqxKGeXuf1eIzX9qqJt6HL2ygPQ=,tag:+v+TVU4Nr+ZCqLxWvWWjdA==,type:str] + pgp: + - created_at: "2025-10-14T23:46:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//f6qoqsPpJs3l7V4u0n7kx/0XwSH6oPgAyqjza3ZY3vPx + aAEqhLe3ZzqwLR5nAJ0XexdwqlXv/m1QOLJqvgGK4ryT2cge4mTXkV4zg/5bTHal + DfHah9L9a2HOOj1AxG4aFRgj67NwO8lNvDwn5cAxfj3swAIqst6NaUQdRA2XWscj + FBRKu37avIvcKeEHI1UsjYfrXJlPTmoaYp84+mJYo3PQG3M7k+k9XhNFiEtu/cRB + P9GJRZrWtFaK88x/nfV2/bPXDfjb1ieqXIm4ah6fI/KG+gNL3hSCtdUbC7ShKrAI + CTzCI6O2Bd6fXeeT8lppSUL8A59WXU1Yw4YMrwOr5vThF5Zr2LTo4i0JMWgZYZhB + gA7qizM457Yrsq6Pn4HvorJJC9uiHTzg7Mxv6Q7IrbtHkHL7CP25lOluFh9YgXMZ + rPfRZoCts1LU+XC4n97KxwEpWeasykeb/tW+/elRql//AF7lZMJ+yaUdXRM5JFny + T1tr/eIN2HljrVq1YbVONGmdKoGtJzI5vFh3qjGj5lNilq3u2+gEShway73yQv02 + uTrQcUMgIgIIe7uwxScuQcdVRajpWnXA6nFYMvPXRzZHWng1Hjo2RuKWT1e8qh6d + 0ImE8Y5Ypc3sMVdU33dQHVEPzkbzj48QfjrAo0pmRDA8xD6kbQ60tZPfv2wChj/S + XgHdXrSL48nqO9MJR90s9nKNMtb6Bru0PBohcnwDThH38GmiUWQ/EzUeZRXXtQYL + ja2MnZ8gY7FdVQY1SYirdwX+dAF0SQhxs21dEPComfGmRP9ZbtycKqKIIyFzDto= + =/33I + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-14T23:46:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ/+Ky1VwXtE6UpmNBZA5yaC4+SPQjLk1xHyLPWbETGhAOVg + rOnDLErDDmD1ND+wHlnkG8mCztyjOS+w02SrDUXr1cjVzUFr4Gz5Ud2H4FmZQlfV + YVixRJzpCCbcqKplk7MPKMJnWJWK9TqKJrqwVEQ2dppf9eGl5Uo6+DyYLJKBi8Q6 + 1SdCDDJO8Fr+DzuGqcUktiWAqTZV623rIe80Ux6eFWtnFzUTRAXaeZ5UjI5n5Z1I + W8bD33ks+5xNi3i7dI6CdZ1nAvrAJns/U3GzRui+3hTsRyUdmWVKAnJv7+ok3YNV + c4asPzNmbduXi7/YIPQm4lkiyH35cUtcOWpEu3BoUlX+4q4fe9vTYRvD/RbToVoO + hoaAVQ8wq/PXfVO6ZM+kT2wjrHGNPi5w14pGXQpYUcqauArWdqGQIZ0q42BWuUTn + RY1CMmdPyp64s1euTMC40tRXi8XJLYTfGni0hQWG7CVHlvwmZpOTWpMKu179zLCG + wpK22T6lTqcMqB0qaDJoODwvXTVyRcvrkTVziUbEmApyiYWwpSabHltLkUfTMVtq + Sy1Lh5Y0ou58tx/sVj+uKJLKEPhAQL9lsSffB19HUT3E69J2xR1kXqyTKggdbgTI + mWdzoAeOnmOfr+GEJWD5w7rgt1TRBuzovLRVwazOzH/78L2w88oKYB4kbCSF9ALS + XgGNO6J0vV+qtMU1R253gRdX1raRM1weMkwviwKBoy6kU9nbzMcXBRzBovPw/FjT + pQjL5nUT8OHrNi8U2Wz1fir9vx2gORGPAvzevoMocKTFkz/n7XgRB5sSLbXRvzY= + =NP6G + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-14T23:46:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAAzWniYxjHypfhrEOmfkgkM2f+KEEJUSQbE4T5Jj/tcehH + ZQ0K5d9Lj3bwOk4YwOl98+Et62UYTxwSIoZj9afw+oRbhx/3wpUrwIo4yHI9rBBb + TBHccyYB4nTYIc7s7VzwM2IQtr7c3yfZAj0QiynSBbjo3txgys1tTBvojTzjKk8t + LgFjkvj7O7md3I3Kbqy5efQr7OJFjGJUgIK+fv6OqEVmKovFWYRkKFgBAlOJa9gQ + 9BpK0Pt32JpngV3O7UFsV+IMCCjr6r0RSK8e1NETlbCGOFjQt9Tvr4ElhYIq3NeN + ldm2AR+Lu4yDAa/bk9zN1TkEQsFkyV9WbrlYSw2CAwH80yXGdUBuRXRBbN9kkefr + psQ6aPlbfNR1S7zk6NSflJ3ARubRPzKI+o5Zx6QZwqX/ocNSaf5Mg0hZkEZe0c9x + I6CD7fDqL14/3n3RFhpsld1YirxwKazaAstICiPqDnK8Oaaom4T9o8qP0ArH+s9u + TcgXVv+Gpd4NWZLnRM7bR1TdtY21JrkXwb4lMGcIp3RMdlvM0MvdJt37BcAhJ/g6 + Drc/oSBzbodVC0rB0fcEnEY/Qzh/qQFSV3PNCJiDFAnC7GI8hocT5BMKRFXfLu4D + 5YD47fSGjMRVM+d3AAMYPgvacnN5wQ7yr5gyC0CfQ15ZAf5IzwWYKjrU7CbYvGHS + XgEXKHbpwzPdTABe6mYPJpptp+X3RVyBsJIUl30TytcSNtJG++/crv4+vzI22cfZ + GOg7Yucxhv436UnROxki2OQfAeunJogVg6HiwXWEiMByVjRHy0TxM/cV6Uiflsw= + =y04N + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-14T23:46:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1ARAAnbCwPtBktZdw4lfQ1OdRhhc6NLEsoOo5/F+cUpld6Hop + c7IZ2Cwwgp1bJAKNKbGg1VCQgZG6VXLi7zrOJ9vimbZL7IWU8bN4Z9OKn6dLk4Ny + 7uYM6CTadLMdjShHSmvTloPdQDNEE/ryTiXu2kDTL8A1/B9mVZe5/S1gMaAgMwNG + 05aowADBHSLKCPH7a7MFcg4Lgv1+Gt+mHU3Jscoy76HIqZAZSSTisMXWbRF2hGt7 + c6fFrLVrh1CLZBXZQotpFEe1CwVP8+4kYAbTAfBFGIKOsFSDlyJgb70QTZEg4qQq + q+TmBZB7fllvrqvZw2rTggggAoN2M9yABBoWbX8Y9THF3E/aSTPTNI01auks1fmN + Pc50sVtlVy8vqJ2Z28whzWDJBkmw7f27bPdKg+iISOCXT+yqt0NTx+YeUAHmZD1Q + mogeSlQ7jrsUFQurlhKdnv5FEm0s1gc2+oZzC9IOADJ8w5R+xV8gWr71feDgHNnY + VnEetmZx4MbBcesO07eUdu7Sy8waY6BJuy6/+9uNRMSM6kTx+RriObd1umwlpCW4 + 0msHtIcJ7vZHVz0RfRtqcKy2rea/BC8A0UjHUn1l2OFmfebExtgZdHQiH9ne41Yz + zonWgQkceZhO2FRW5nqE5yXta+pp/pj0Aeb3/q/kKQ8vZwEU+QZBSmZ9j9qfd0vS + XgF16rfgIgVv3PZIkMeZ4KRhV3zVLCMyMUAsvp6IHIq8vn+z3qbqh3P3mj2bKEx8 + h52BieO56a+Hdb+Sv2J1wTowLD0oOSJhdYtr3EcoCyQWHsfGP2MyyQbUJPh6feQ= + =zrLo + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-14T23:46:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdA8gTHsk6g1gSvlQUmqaf2mCQIHQWApJaS/fBeX1ZR2lQw + nDLf4R06KPbVLpCWNc/3qE5H5T6InWPVzO/NOvz+XKjGj3+cFYj9gdfXNzPeUVsH + 0l4BCr5BOG5puCZK2KmwDbEvoqXWdxMY98uW4hjWNvuQjVmvJIXLVkP6FriTHyoQ + uIFKN4VFLcyuQwbWKhkKQV4Mx13/ZMqNy+/Ujp6t9NWo9RYoZk6peeq4aneXHONC + =7Ovg + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-14T23:46:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ/+IFvHpX7YylbazuQvefBZjcXCJ7un0G5cnhdXNAcXZ/JL + HP7Jpj4reMN/g84BCZigN+NocPCyKNhHpSqIL1oRBK7aZMCysB1iFCky621vhs/M + 6U7WnqX/nVQlkqAkzHiqJ1Fdc4p3V2gI0R+M4Q0OTDz3f/V7tBVauDJTlbkNLgg4 + PxT7jsm0YQOQ6Hz05K51YRG0ClN6UY03vLZOQLThHVxqdgqM213GhfE29PfyRyDv + iCLEvFw1uorE2IyNAfLFuOAM1It6a5BWLQ3fjCctW/BI3+tux+eDYthCKuKGcxAS + ZYHGV02U0721Hr6spPhWITzpj0EMkGzMMUjLcBQC96BIaz9jx6xvl92+4wDNTENN + PYjWb8UY40I9WYFudLe4gg8tbe5djoYYwHGzp+R6Mlgy871IbgXQN2j7Ll6w5Fbp + ztF6sfbMZg5xL9E6CC3V5NC306nejiTUevWmbWaZRfe/MKPnoUfrKw7idBj1ax0I + HtYUNBIu1Dya2j53E6Vn0pZQenO0jvnogMeAQWqdHSZ9gfbdCVWumiLFUjyrVTWP + KU4i2jmUYjkh61dO8PyDYmdbxz5OhI2+NPfz2X6my+TgwfmI4FHaTj6yV6qPb6hN + upPps9cpObKFxtvVOclnzKmurW2mCXymEy/Z52ggQtiV4l4IrT4sDD9qlmslwEbS + XgEdub4ZZMFM6IqboRvTls2Od7bfX93Xb70OrpCFhaPq9zpraT9UzZWg9rs1UrhG + tmO5j90uxIijYHpkTtn4R7LJxn6rWr0vUsfrEnCYuVaNPfZ9uzJx/ml8CB4Dgzg= + =n/JA + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-14T23:46:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoARAAuROL9h6fxHfaAayEWqm6HZnGT+7E1KgKDeLD5+nqjmT+ + I0oekBaMKnwrkGi5S19fgfae6zi7UaelnrKmJkIvpDTrP3R2CEq2o1MEbus5jziC + FxHRqPZ4+ZLwSSM8yLPI1xSgrR0i08N3+7SIwXIkiluXg9Y+Vr/0xo9OX/PK6JCZ + 2xept3K2tJW5+8Xr1Vo/KlXrirEASvu2DLP5Ol8tcAg89MQTW3zrgCK41RWoyD6T + RnU7bLV+d0Y7w1wdbnbwaHswRQwv06nksWf7ESZNt6rdvIEJlGstErqgx5HkRi1c + jFd8r8L1ODvHAAwEal9RXlSyfWaCquNY+0iXAxx5Mf82dUMSw6ghWVxipn8bBTzq + AvdUEBTsbwOkTdInXFPUHNbSbsADnaiCNsFpDy4IJFhTpFXee1FNTl0zy40Y06Ac + 9nzaFWcQ0QcYVzdb3gHDzlXfasRpM/jePbGxRV+GPVvJeA4aTXHf865ssPBnz6zy + ySu/hvSI0Vs7Knf03BwA8AiQKXas0O0xxs2oxo8FhdryQNjOyR8BAlRG51urDp3d + gmTIrX5YT8jcfQh9gWcGFL9TLpxvw5AJWZczjROxzs0Sz6Sf7a7ii7rRQqsZaOM1 + Hgzt2kqoQmF8p8yplheS2nVMsFTctcMlM/wkWn4QlOMS0A7ciI8q54Eh90o4igLS + XgE4kW+C9CPoDeKOgVBpRltKn0kwE9Og/WRsvHJBXqq/zIwAG93uK4icFNEFesqc + sDBck/n7Vik3vsghDBJnH+NYTGyQHu/sRJ0jT7r/1u5VajiytFhx9581Q3qnwMk= + =I2Rt + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-14T23:46:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAAu1re71AE2SZ+3fLIS6GhCojz8vKkrkgGke+s8F25ThOU + XQgvd0oWKzWApaohcbFvpt7ROw+OWeDuQZWclA5js/i1qaAh/9O8stDPlfEKmWOx + uWzLwD5On+pT8qG9DtJezj9v/A/IUmqKp63pO1eQwWhZk4RKzrVdmcZ99OAcwm+P + 5qvYuT8gvJCEnANA4cOcfR7POmBq0Np3NO5YmRGUNcjNjpBiMdUnjJeewU4/YUmI + glvkc7wzXh8lQ81w3L+bIl5DKpu0jAw8UPs7/jcdQeTPrfrVzEXVzJdK0cb7aZ+J + abNxEDm8YP20WeYHq5bS/fGeWEhoOJlK8e3dZoBeEM2MFnN6qDgKMbuAYtsaqYkf + hsSM33KScHVKJHsY5j23fwubxtWoVpiPNWqs3dR5c9I3i1BvzoYKPQeQU9l/SJmg + cs8j0CIIuangw91Y6JmViJtlm+2vgfvTl4xox+ECDgiRZ+LQizzhodfa3fodDmUG + jXA5s7iJpXSonMLnQeydNim2UwyN5YSUyC+XcIkRBZzKZnyo4iiXINs8dReprZka + T/H4lSNdpCobFu0DPJ2BpSa2Z1laasrKD30OMsLf42xL7jS/Y4w4XJKweTjQD6S4 + 61TKOsNqhgs6IbV/sF1Whcy/zzMovLPIv8vhMmI1XWwdc0Pg5i2PjtKzPnZ1LuHS + XgHE169r4eBvBatgPpP+RQEXG+DtQkTjvScFJiOBJKb4gkTPyPb2lOW54PI4DgT8 + v6qT5/vLY2z2/hqp5rryX7uh3AyQkS/OgIEsSRGs8EGqDD5xTPPb7q2jSoechDQ= + =labo + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-14T23:46:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAlzGw7eJ19tl0mlyKY8RX3nbw3YnD+HTDa/MKvTZR7Vcw + rzippnMP3k43C41VEd4li0YsX+y2N1jhagIuH/i7UmCEJRt7Twcv2E/S6cvPLNAb + 0l4B2ZvLw3dgA07vH91SqgXo19O6QVPpQAisUGy86thEl1fS2yFog6WspaiKe7Tf + r0137/wQSxkgnZOOUB4V+HOxf6IO9VYOo6MX8RTvu6w7CMh9kFYwgR0suydi0bRv + =NrMm + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-14T23:46:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAVZ6M0UQYg6ou1mm94d88BZDObl1RdEEw2AUlVkywKHIw + Uk1ZPOs+Sk67/yTMQtC4Kx7DFD3u255JQw/OY6GK9Rceu5/vqZUk31D3w0A1FBmW + 0lgBX3sZvCE50V+qRdAlILF0OfeoagfrA3pnOpAME6qjGHrdrzmyzJSlpYsN7aja + 953m7SMAzX15zLs0AjmOoOIIbnf1ctcLjmBxii67SzW4PJUtHzkc3YLO + =+Ubn + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-14T23:46:52Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAA4sgYlM1jPEatyPSFWcgEnsZ3Eewo9vCJIXtkc/Vwj0ME + Ckf8iuOqhiMEojywmyKwxFMRscr/sDW2iByoJYhsAh/rp3XHG6mZczp2/3NUx/vy + jnZoQnwfjaDBTBKbFztttcgDBc2NB0MnmbmzP3n8Skgay5sTNuimM/f/ePq4oGOF + dZ9eva3saiHNK2HLFgryvqq/CjnhdzeBMJ8ArL8Zg/LYljwFWn5avo0mMsA98f4N + uVUjZ3DLcPKFEEu/Ooh3Sdch7wfIYIZpgo/SOB6GDC544temY9l0i+R3tQQSgd28 + oEBI6z4WWUEjUX6mZ90xUcNs7r8dcPPjGfezOq5wiSNmspc89d5UFyIb84BYkc8H + fG61KMUgTetcxYWbkkoOLPofRapjTuT2hzC8tt84u/UKnDDL/B2RIpbKhzhf4mKq + pWZsTrYaOH5T9xphti7BEceqzvGYGxgybvNV7KtL95+N2bV8NdBaAH97muejDjoJ + fzLUTMf2VWHFOtn6vPNigYBXv+1xOpLfOGwl0SzeuckJuOSutNfxmfylbrRdsJK1 + kAVDQ8cBe9A9idMtKnwCreTt1IbAY/JQFeZ3Qd4A1NLraT0Yw6PlEqdlpOAvOVL5 + wvCTLI/7JIRQLvPrWFGEfvOmAmIRusdycaiMf01if+Z9O9b11YxTKYXEGKtZLejS + XgFShZKa07VBFsaq0+RVjsYQi+izQHvD/uCTr3zZSAqrCt+Iph88gwklNmdAMosd + d+cZXKZK24MaJ2at4IJQK1f5e/I7YdIJKVNvTskMUAEkkG/gK62+ZBLnEy5wXRQ= + =SXzD + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/inventories/chaosknoten/host_vars/public-reverse-proxy.sops.yaml b/inventories/chaosknoten/host_vars/public-reverse-proxy.sops.yaml new file mode 100644 index 0000000..c256d90 --- /dev/null +++ b/inventories/chaosknoten/host_vars/public-reverse-proxy.sops.yaml @@ -0,0 +1,210 @@ +ansible_pull__age_private_key: ENC[AES256_GCM,data:5kj/2+uVwXpGdyqnmH8Aihh0bj7st2KT+huBD3bdPTLN5aztNpLfbz/IvI3O6ABDNPagrgnT/0RamU87RnOnofT5VzjsVIbxYa4=,iv:zQ2z6J5g2onxBfiN56oFu21zvrcuoD3mV5w/HXbzOWI=,tag:HORT10RIqmtRVx+rrUkjcA==,type:str] +sops: + age: + - recipient: age1p7pxgq5kwcpdkhkh3qq4pvnltrdk4gwf60hdhv8ka0mdxmgnjepqyleyen + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbG82aWZrdW5VUTZJcThT + dUl2OW9oaU9lR1BYY2lha0dGdWkzQ3ZjK0drCi9MQW5VTmVlQzViVDN6cW12TVFm + ZmZuVjNwVWxqSi9zN0ZNYkoxNHZ5VjAKLS0tIGVkR3g1TFczRGM5My9QbUdRWGlh + RmRzdUdNYUY2SFVmOWtvVUU1TFBHdncKJIdqp6bjfQ4ofzhreMJUXIrEnLAe6Ept + YmKe0G5vTOxzkpdFmKs4Ymr8BmmhTyVIWx5SF7OGIirmcJ0nvPvqsA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-20T18:59:56Z" + mac: ENC[AES256_GCM,data:t+6pVWsdm3aSU7nwXjr9Uf4KRj8ibBEPemfyz+CT1kr+x22TJ97PmHGOag+sQwAl8s4EUCx2O+T1XuhVQ+iB//ZEhbtl+qtqnf/Vxpb4WGGH7gMUrYOqJEWhOxHK/itjttNicG3wAUoBTwbSuGEE9G9YCYVLGAC8UPuKoykwsOg=,iv:U9MrJJwUZ4jrIfonK60JlIToD+00Q1mTtKeFtA7TJew=,tag:bKdtyNrvOk33DbB5r0HcVQ==,type:str] + pgp: + - created_at: "2025-10-20T18:59:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtARAArnNDRas6J8JZI0z0uJuGm+fLraRGbEVNbMS1UPZXXX/k + eBKTcx2bkKLJFWLcL2pAYeFu2gfjz2RaDLCwCMQ2+l+z/UGpqF5iIu6etkpsn2rd + fD1r+hCjFKpVAVecqUCtGuQjAGIecD9p21m7bRfX0fgmhQYNs2ZNrVn5cu1vDJVd + cRSGT7/j81CSfphXmD9b0dK6QTmTltZtf22KOO6WrE3dDvBbTrI/7Q8Fur6nl3d1 + GgUEm3Xbf8Qgkj9CVBZ5mz/7LkkGxjiYhZXsH3oXxQ08eDMhP9p/qmmwF79jp22a + LMkk9Pg51zvK+8eB0bIzF7WCmNPfgKGMo3dq1qvb1i26AITO/v3MrVVgHBGGTs8/ + emZarwQjYUv+ByQHs/57JbsY8JD0ohiFFJfK5yCG1+H4Si6MtjqFc1d9512Ty64v + 8SzeQX7fu6LetoWCcJ5LURE85vX9zoL7hlLwCgNxi6exKDxqoAk1ASwZyL1tqb2+ + l4gP89T2hAF+cg00+4+zRz4klukNVk+SKsH95+mE0ZWpeFen0kBBEROjAiMtyZS9 + 2P/mIRK0ICYTF6gkq4ucPd62FxxXwWoJ3hXW/CNURikPFTpX6O7WnnDmprCA4oR9 + 3ah34pStwGaN+MZqXpeDHu6LqJPI6jy8ftu9nAdPzuzXZeh1Vv+A+nuehE06JmTS + XgGZRn5yzzRUmp9z7o7mpXmO0DudCUQ/y7A+S3xD69pszLZRvw5sE+obyQZnVva3 + CFCYInGvkA1N06OcgIK/i5pWTUmBtMDBaHLK64zOx3poTAv0sLZMa4LoItiIUZI= + =tGOp + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-20T18:59:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//bSprsTehuGajMHCYmt8mhZHR2T1kkCB6sM7tYs+uqx4Q + IfaUG5LhETNSS/2zutenVDxOC4sC+aNyA2l7SKpu5iyZ2l78I8CorE1VcDwkDcNu + S/euhRbLEMYyT1GZaWia6l2f5dKD93QjyKI28t5oQapUrChU4PKSkWxkDX82ZcJM + Gf0TxdJqFBankjUlwVGz7BDxTplBr8E9bwxyjwY85CadcfClRFurs5nmuwA22OWD + /XRz2p4s8uWJtCvyL9RSQZa/jGh8dm8ly+Z7m6sGZfXKx+WFK/7s8bRoD/b9ut35 + geiSVhwyetR2tCDPN/KKEnOx3ln1A6qO8ROF/ZJl7SqwbAgKXkR7sWdmxhUcLnME + 5EDdnQFnTEW/0E4QtNvEw9YuwtPMZ99yjkpP0IeA4veJS3o6ru/pFiLKSYG4fAfS + oJsTy/Wi8NnjauqyEaIdv3Y5DCvZ8KAXzrmfa5h4CA8MU5VomjiZ0X7IkBhBn3Gi + 1hT5JlIfq/Vg6L0yfnguQIRQRNb45LEu6SqJkk0OleAqMObbh3vPf2uQYDRB4ReN + qoUvTeHE3F4NXrrW/4I3Q29cXkVe2KVzNsHlQTmlUsVMimmWWyBsjyzfVWrhaOiR + /rN872VvfbDs1MO9YululhhFxpONEVlDHNLcnpEFQPKwqJ4Yf1fIaEBSQBDx92PS + XgHqIDQnO6Ntj14JtWop0saCd7Q0ztCphLG2RvinxeP2R8ie7VzlMZf4kA99GUuU + xL97kVWMiqh1UV+BTDxpbJOzYgJcSXXetWARML9Mi1jGNPV1bOz/Ij3aZ7yB6aU= + =K1Ro + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-20T18:59:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAAzpjYvVUka1qd3VLbw9aghIeJvJeA0oQUOtQkTl7kgLIe + c5tDJWHC2qVea+z3jKns+2Yb9hldahNMdka86OAQCnNRHHu7peTTLiVNHeoQYelv + 3aEB5Ww3DZueBeosKuCSzS+8Hp+rzrmYBwUPw+bgbxn+CifDyiaCWh6X7fYL7o1n + Z1Cm2H+fkRhOCfhVxWr7ju6G6H0BKqI+ZcAXwibXnt1AZxP0kepIvm3M5U3jFKsO + fs26yOqYqtfKTV6VRySP+ArcvsNqk8t1BRYiKuWPqo2ogvPLT4QQ/NUJFLlw604I + BEERo1Ope8jZcjkFDEFSEa82Oorg00IZOM5l2TLzCAn7P1klam/MzQjZdD4AxMUu + nxhXf06Sk3fh3LgM4gcLoXdaCpC4JgheY3kS4EqDLH7UBACWcgnHvk8oRuDqzmiT + AnYFevAl/qILMqF0YPG8aYFqGfsQ/pmFS/rFsTkrFwQDlBbjurMuq1n1/HhSiQTu + rhKrJstsj7eknne6qTFxTMXYwoHpEBHGk4odkELjqG5tlngzt6VL6PU21cVy/SwW + 3/26HTXKkD2r96mtzyJ782SfXETUKO081CTE1EfvpK79Qq2PQMY4DUeM/gN2RJdW + DmgezETSvCgVOU/CFEJRCCHoRDJuTladmv57R90N5GsupJbOqxhKqQmVxPxgagrS + XgFiwVmVkUHiX9ajGT3QZXCOCZi/dSR6u82VR+wCa0c2gvdzOAOkCf8u9PgHzHGe + Ixq0TTvgpV8F6lTyXrsbKr2eo4nb4ZVyD73Xya5yifjrtrOXwzZZTCmJya4fYRY= + =4Lug + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-20T18:59:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/+KX8kz0jH1IbSUMhMHcWdKFJm0iWkVn9KfJt6tKwHTvPb + v7XLZiNoJBcdQinBlSssYMRIyvp0YkquReID/TmNyQjqelww17ncF3tjxZ6Ta2g0 + Ap2VMR2nK43wuLhDKboSxM9VZYU/UZVex5AiBjyxA8Xb298YSZzL05/wKSJrshkK + EYiHM7gzO0uSH/eHSCB3FGbyplgzre9m9cfdtjS1uFWjGH54VXdLicei7MmBrl61 + 47rCeN4tq0gNb6CQf0oMKO13ZADk43sGs7QQ7WRrU9iO69XYXtsod1/rW1PjaH8P + fQV1f/9X9nrhJfRHDVytmgDmrnkdap06RGnKA5dJ//0M0bYTqpMf1pOM14LbG+H8 + fal0pO+FX7UvhjNBeEdz0jlzpVz8rWV27a6Xz4FHCosqDmspi06EsI74xg+OnhZh + 1G7d2rMP8X24g09rnED7PNyGGoUwytqlvyc4lnDaHCwbRhU6y9Q9tRAFdBE41xVM + AEucVCCj20B/vJySJgW4Tn9YPCZqx4YRUNswr58cqbC4EOks+MI1xhqs2E/VHOIl + Zy3ymkfLdjE7FlQcjbwuCZaaBgM1ailEjAYB8WpeVPjfdp5PzLDKXQUD8eBwjrK6 + sPcFF0F+m1S/Dls0NYJ3crPBiaUn3oxebZKYfqRPz7M3YexjTwjkxOyhdf8waxLS + XgELsgdqhiUZzS5jtPXWRQDTpLUgVTDKyX1hG5vr+7mHfPaRRLJG8P4Qum4DY0lN + aW0HIL6naKBANNKlnke5CnJEPThpY5c+P4f6e+3lu6vSliwO2arjd6pEHh5x5KU= + =ja4z + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-20T18:59:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAqzM5vG79MA8EUsKYUYZfjso4zRAlqJaaa0+vdEaFqXsw + jfsd4YA85e3G4ZkRIrMViJVbJM0r6ARvEgTr+t8E1Zs2jKT1TJJtvkLEVw0hFjqh + 0l4BS2+6jAewLKyUbT8nxE5R3wVSYNgU5xW+Kh9wW1xsJJbjKSKAn0QglF81RBXd + 47q2AHPVRtUHoKVUuU9nU7Fw074xbUr8RyNJd6euoPiKnOf9DE/c8SyGP8iPppcK + =zhDO + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-20T18:59:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ/8D7V8PkNYAt8m9paXMyqx53m5wNznAIVR8PKUaJ6v4K1I + xq0ZfXzgQROVlSlNJ1IOKLPSyj4X+JkzccO8sAmJX4qp/1zSbjy5y+MUSz54qPpD + zbIw/iP1V2pyeObgt44yPRcsiAabUG0YqoRAJQH5x91h3RklA1JYGgEn9m6pO9bk + YGkR8+zjstAx9Oq2LKQor8nSG+7RHxcRrbsDUSNCb/fC+PhmlDSlbcXXdYh3U3zi + Pu6eItWH7bIGGAYQC6cmXGFxflW7LT1Fr02KwVAYl2ycW6PIq6DwegH0ZsTc4zt5 + /lkeKX7yNorQx+fMdsm4sqdGijeLWv6RiA4tHYQ9WGV/YS0YuEI3aLdybUtnsL7B + V0PYgdmPb+hcgb6WxMrr5unCsqouTOvUj07ucrAKfzLmeUh21edKbGT5+XsqoC/6 + ii7BHgqX1ej5FE1F5PFvA4j+f3vlVjh85ivCJppyzk4wSk+qSVF1nc3Wpe6Rskpf + KjdzaPSNKT34lTZ+SN+HG7Vgo8vRoUbe4G97m3id8iYgy8l4tkvXvrSggPHs7rXF + TJQ4l+FlR5ZVJ0OLJJdNsLym4JARv9VQ4XzmQYJwf4oe9s0UjcUBzmTh0ICVHYQE + z6iVoYvWOnqLJWdEwBMDMqxL68VnBCPIXogaKhUpMfGndzo+WHsxFOiCC9KYWQTS + XgFWoU507I1wfTpBMlYjAZffVvLrI5tGPbHuDm3X2MaHxq1gdkGlls534opWuU3c + I4PnAAJOLBizVlNLq+GpBXGCzsM06ChpekhMiZlNJy+Rs8ozMqfIG15dtx82v3E= + =hFTi + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-20T18:59:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//WXlEfd1k2QL9LOmOQA+21TMQr81u/GxVRspVoD34TgMA + 7gnwWY5gBUuZHGMqLDwkxno+819Y5sSPKfsS5OWKoYSV21R6cpME6IMcb96qdwNU + 4/2GaN6m+My0zqPs4/WR1c/COkCMqgjbV90GMMRAl485YzVmjCY9eqQigr1/pxPS + uPUfjiSScfKJ6uCA0Z/Hx+Xux801nYAwNxC8zfzHIjutNPCauGKZgP7i3I/nEpnJ + LDwD74CLPm4FsAPNp0WRrITLIV7QuheFpAAdpo6DvH+8iz7cHGp0iHRua8jWMlzY + /0zDYIYBh3BSft37krmvMID98kC00O1WRmzq5Ut0QZe8MONFEFXoxIVN6Hl/35uK + 5RIR33ZD56euf+p+rm3dahEYGZ21SR4XAq+q367AbGY9sK4DszPuATZ2dTisOWpu + 3ICqDdzF+3u2a5FIJzU84ff7pmNJLMNtBrJrqDA3TVwAI56bTF3RS5wwL5wg2pSl + Utnn6BNwG4TP5Uepik3uBzXnEpdxHOOuayzGuNFQ/JVFqHX6BzYCUVh8jYWZg13N + G0WNKfipZgrhVV749yw4n3wT5l2tV5UNsV39nTcgZZgRo4oMwkegCcNQN5tmCUz0 + Xxx3OuD/GOnbat+V8ABFh+O7QXSBMCZKeQZEIOl5UuWKo5hPodu3wAj1gSj9Y0rS + XgGZyQEdbLvo4QQuw9tUExxiLx7CsWmlT41lX/DRou66wOr4DwjW0ya3US4HWQF0 + RWHRPoIwmo7L7UFQG7h8K50xyDKzx9Puhh7IAeXo1xj4tgcOrKV5aKbseb0lNhY= + =25qo + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-20T18:59:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAAt6ChifeYBwZ/9zKinfjOnwKD9CpgyrbOA8MheG0AGyVB + MF4VOl/jm7J9j1w1oY85N1oXHjRETeAIeLDG3ygn29bMSs1qy0hMZFmzrAWt3HTa + KwGjEqz3ml5YN50+6BrJp4gglwrfJeMfvP4bNZhKZA8HDpaoqOJUaPBj/NB/osdq + HAiMLXEYccYcB5HK/lGmg96LT8+0HxLWTqjwWtBUmpRLICcmr580Pzzm7tcKAVUF + 532dvLYzguPXXh2GePT+DU1I3YlFAfvG8LWkJVFE8cUBH2FTdTyAHpxsXQM/6R3b + dJlepztNMR24GsGK5htzVjIs1Cp09NvXwKTI/+KMtc9JNW3k3XJc06mdu0C0gsBU + sBA6j8GWfobxd2jhI3g/20ZNhyu4UWqHglvAOZnKdnqYWvfTXoB+p/guVVkFw8cR + U1eKCX5MuqeNLaZ8KGJfoXAx+G1fYufbC652t59MCHhog9lVGQk79lqCcGe9BptV + 6SMgrVr309L4nsdt3bympdiNQHYBN4iqMqPldq4SAlIffds7bmnWdunWYv8uqMAI + 3CivU86SD52yUFFR1LFZtWFUWFB2PRglBR6I/5yXdq9+VWVjdNsgo+yT5yZaR8x3 + CAhApICzf7acPovWzUYfL0t4lVxoaVivOXkh8PbaLeMNyWnaXIU1/CMd+Lh5DMLS + XgHimRgOmNn4xAutA+CyLW0cR3y3NqJgHftx/r2kbs4+gfCTMrDgKzW6ssIGIKbF + HDm83gheAAVoVW9p1wvti1pG4yuKSasGzMaVB7gmBtmpGmpvCdXNmOYeDQCNA0g= + =bIiS + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-20T18:59:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAX4Eh1NRx1dVWh00AVlB7w8N9YqCujehKR1ik5g9LNmMw + XBshAVAzq4nIcloVC10ARzpCUULoPJxwGTFgZvmIbMMMzcoY6KqRFfn2EOzh5RdT + 0l4BE75QWcnxA/CBxr/2gZmkYbITQ6RoCw7cnBdR98T1S78EUc+T+lEBanXAK0vp + Td1qBZioxzARmIcDVPGyn0COAqFpRX4S1SZ2+/vaRcwFXhD5LwVH5/i9MLUQqaU3 + =ZfVZ + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-20T18:59:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAgGIqC9mjErTwNhDtUn8qKtNsCdQHUJkcSQ1s9uK/7Hkw + UeDzIP3V5i+PQnFMhq9cYNP0GIsWSa1VXWx+NpB5OZ/OavcaD8tgu+f+tFQGQHJ6 + 0lgBNh97It82aI+AGxYO7y/QOOaMBsHB8kBdKtSj8/3U9fZpJBWni34TjcNLf8be + s1SUY9ba3BRg2IbdPDLeVr0wvw0UfAXa2+f7/EsULvDH9GxXJim5RihO + =ITOc + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-20T18:59:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAA5M+n9C4Sxq68KAhnNs+GKF2YHZG0l3J+Szd5PV/Ma4Br + GC+rB00mHmNJugp3Mw4Wvrh38pZNbRcr1cDtJwRhuCNqT+odP78WECkCqTPoWML3 + B8EX9aQVOZv9wk/Xeok3NTtU94vF11+JScsMUQAPyYRE8TH3frK/SgnwyQ7ntTfq + T3dZz/HFdiGfrRil7Ev9yofZyUNtMcRxNcDjcKMUUjB7ih4yK4ggZZv5TmVlb4ln + LnCn39wf9gNCPWOHPJW2Ib7Iwfb7VEc02LAD52quRavpKn7onJhwLPSJsSVMscHX + mlYnnHC3gFZsqDR67VSZg2uRG8L+86usXA03IWEHy2AGDYFDw2u6kGVuYyezU4xL + pEWRIYTtyB7IJvOoSXJ56I9XOJwfRE886gESHbJKgwrOR2K2ePBjOVIsn6p9W+jE + 76qVusEjEZw4SIiXmGaSR6z8eNePxcknG1+37YMtTzdMv3zWUeHtdsLNLi7zA5jF + cGvUXhuYvsjgjevD0Kk7N2oO8QrkXVhITx15m9n4GGFxNMJEJKP5VRPFJGXHjPvH + 4skowy5MTC5WLQW24P8hw+fHvXTr7A1l6kS6Wj4alB7jjA1nY9nUYeG8y43zQko5 + DZJ4VypcsJYZUm0mF2dBxrgWetHqHMiWwvELB/Ka248ORvFA8jbjH3tzzqiDDvHS + XgGBDeKq89WmMQMUL6MR9caGQrROtl6LxD2Jea5ocBqrJuSJInIIwjJWZEIRf039 + A/jucUvJrDXAzWW9wm2Q1n/zqRrks/DVDdh4jH6qjBPZTOgLgYyHvuDqFepoXu0= + =qKHE + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/inventories/chaosknoten/host_vars/renovate.sops.yaml b/inventories/chaosknoten/host_vars/renovate.sops.yaml new file mode 100644 index 0000000..3f00cb0 --- /dev/null +++ b/inventories/chaosknoten/host_vars/renovate.sops.yaml @@ -0,0 +1,212 @@ +ansible_pull__age_private_key: ENC[AES256_GCM,data:bdqHlOytu9POaLwjA2U3soUvwmcZsd/CZrVcG868AT//DP3uA0doe1foJ7S9P2+7vfO/eBtp3hidYoQRDACDD+KhucFPpjY7aKI=,iv:EUi66ScqjCWrGXaokJjKr+4LUgkHsPcOFQMpyuDXq4A=,tag:RSm2ReudORWzGafm94J8UQ==,type:str] +secret__renovate_token: ENC[AES256_GCM,data:NVyWH/FnAhR0gQ16FZ9h+gOxlSYFAGcKG2VgtNuOupx9e1RrJg8RSQ==,iv:v6auLeQ9TGnQakA/6oqG7gyNK/pRgCpx4foUSYZEZ0g=,tag:2lmTCWYI7N6hNa+5ABO8ug==,type:str] +secret__renovate_github_token: ENC[AES256_GCM,data:Dw4MBY9HvDRBdyp/hBsKZYeqZ6nLpuMAJAJ98i7ZODxUclMh6X73+g==,iv:kttRN7fG94Za+BN5tVyp2MYJJOnUYX5GrnzmhhKf4sY=,tag:EwYobl1TjwJ2AlVTD/f8bA==,type:str] +sops: + age: + - recipient: age18qam683rva3ee3wgue7r0ey4ws4jttz4a4dpe3q8kq8lmrp97ezq2cns8d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFOFRua2M4UnEybkEzV0lX + Ung3SGFLbkpuUzFYbGllMVMzT0ZwNjIvcEYwCkVWcnJLUVJ3aUxQYWlrNnNzUGwv + MkIrdSs0Ri9uUVJWbU5NSHZTcW9uS2sKLS0tIENlNE9YUkhvNVJKRzVUQmQ5dGpG + aDZsUFBwbkRtd3FjVHJhdnQ5WTFtOFUKIZzFbaXhG/+a+qtKv0p7YJMhKDqsK8Lr + QSWWWzKH6mYcJcQ4AV0ZH8givdvX67wo9DYF4XKGs4H5vbM3COoBIQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-16T23:16:54Z" + mac: ENC[AES256_GCM,data:62IDMR52Sno73D8KNBHhXLVAm3TaXYKc0A06Uzi2i7Fw6Zr/mQWk8DTrPsiFVR9THUfX+HrJAo0ChD6hjt+Aeb+KF4nn5iZ7NO1hgnMpjBFc7FtpiLMQyKedWv4PDZafzPq9IERQJP7ThAPcg/1B0FhUw7Q2STkOucFQHWJ/UQI=,iv:ABhwB0GAolUcmJjqWhdwL1+2I22WpWZhaEAe6AOs498=,tag:V+RN4Edj8Z2Fk13RpiSwtg==,type:str] + pgp: + - created_at: "2025-10-16T14:03:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtARAAmntHneUj10baDIMzqLkh9IYnVJv8jDi68HkAVcTNa63V + Uu04D+Hi3E5iUoFvTi4PPOHCa7uqU1fwfTlovCqCGIpXncHYsN6Gs5uZUgFTdWqy + HqwLRNMa3ob3YTYVLkKXKIbu7VtFOYruF7LJK9tiElPAjQVSQoc88BjZEoZnFk0I + EGEJTw1gPern5vAxI7T35TLNajGfQ86oxBOTIIxRxAJNmYynEEt6pX8cOza/IGsY + wdCZo7QHB4yJ7ggOH463sBCJJAvUEypqDstNsYgXbIXkEB0nlgT+ZnabLiW1M+CU + kk0MOL4buorW+7jFguxD6xKDZdKXzx3iPtfzxpZbZsFaCCOYFEkBI4OQF0fZqAoI + ZVNa49seuiW2rbadXYZ3/8pw7h55gJAKMJ24IPm4NZl+ZwzCOTmJS9sRj3Ts42XQ + tqZE0ZGVGqhx8+mjIlVoDuOuMvhUL/VK3YQgUzXev+KlVTZnpSYZJIB7rmPzLq8O + N/+JLKk4QGebEY5bKTG01J1YIXOhJb6Ko3dvC896KIJKnLWQIuEv0vuuSmEtA0KI + lbUNW134gIw0F9M/76z4MqE3chxocutxmTySRs19cZnEXv2ENK3gTG8BKFc/9I3d + NxwyOlbXzzLXSBrknxmCfIXMaXDMyi5WFESn8NEOS2SuS3ASqBJjoBsZn9QywQ/S + XAGDhGo66CnoFBcTdeepROsm5ygJ9GhVMWkMlninZczhpVqOT9s+usmwLA1dO4+a + 5upNB+uqyVfU+xmvu6z5C9GswVACE+7tBVG8PhBA1tUPJk6ImTA+F0OCzOqE + =v1F3 + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-16T14:03:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2ARAAoo2QhL1qTqvYOgK1OJuVViy0v7Mctc0qudgD5vcZXO1b + Oh32GKl3kPOclfpWPwjAkLLgaf7qeHt/HI/F8uUrpR/Q2NKT+cIlT437J02GRFtW + 1yTDxCXbzUpNBURxbo4HSnAhX79iwSp7MNkZ2ejdGnY7L5hoCxk011dqOZ/6vBW2 + EInQRXL2o+2EuhWFRpXcDY4qXtE50pylYGVK/m/tNEwIK1/PtBOETBAMwrQs64iK + dk0+yg6bD1+F4Cm06IecFbu7p/ZgusGCchd4SQXD2OxKNbSXqC2xeNIUAVwgIQYX + 2k9eU88RnC2U0pPrGzQ3eFVQlAsjx9Rea7NKZkEdkr5EuQE0pyYhTPEaW0JTh2Dm + meqGhqsrCiZkqOwWdoJ+x5T0+k6iKVpdh8GVFtQPki17et6iRglw3Y5T1SB3Lwty + kANuvZerkAjixQt1R+H6iN8U0nTQ1+uJRse1llj4XRN7ccOOQSslbQX0R3DkgS+s + D8BABxR3qLecx1GMgowP8m9h1VEhTtu/IbSDkHmdIg3udc7q95uIsyfBKqSzayIU + rBIugOY2T8nKi6iI9kh7lJzppFTVXUo43hL70WFtzB9/5vCm2dyHkSk3VoBPKm3z + w5WrphNlw+u1VqgJOr59lbRDLktH51OtSkY/hs/ZR6+rz6nb87bsTcPm00wBAmTS + XAFan60iIoJTSlH3jOpPZ2fX+ezSVlvPcC+tC+jKK+xjOeQqSn6y84xuG++jv5+6 + cgorfw2h63wXwP5IhZWftGh2YYI4UdtXtDj3MQWTGgAK+O+r+FMH37RoLLho + =rw7I + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-16T14:03:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ//VhpkM7X5pwbH/No3L1tn8XItEm8IzGPCdFHFECUUKcUI + +Xhzzj/AQtKi8o/bC5UKPHEmnvCMdOIn5EyFMwnsmdXOW7HBqbskgET+Pna1GJor + BDAmjZnkjaSRqDObLH/tXhgxLLhGQWD2P0B5l/WmFryElDZK1JlV6/yjVtJJMwDI + lrZ8AKolnlDeVc1HQTcuqwoBJrubL56KGB0ibJBAb0qTCTe+B6WiILlUtS0TUtZH + +aoz6X6MvzHVQjzc59SVv4K+70grSUJ683qR7BD+dfIBCy1pFXfE/k+24cze9Ayf + 1ewPeJLVHhbUZWd3EC6FtvNFoBF7tLY01O/EamAOLFgbS0WM56yF++FMhisdsyk/ + fCTJTZ+cCEABYJvJxpS86O2TZ6euHRYKB0iz5duFBiKmEXNDKPaddxI4kKamtGJr + JlpOdUkaH57L7i8gssoHAPKaXGEOydhEWr9Q67IYTUgj++LHLC8rvX/GjAoN/jPe + tiZSAUvLBkbUP62pX4j9VVvF3hCbv8bwgLF6+itOIJCYsALKNK9aCfOqMgfr7gll + AETp3CtDMqvT8AKxvRZJNYI17YBTj0GEzPgA9WPLvPoiVevfn7Cs0TDwcIm9DkRz + NsGAQ7OeBAlYPlib1qFpwS0jmb63kyX8KOJBGys4yr+p1+t+sfoogckDnB4GCI7S + XAEXxyN56JW1/TbyvR9LwWYPSgYfjASkCmksyYJMxqJqZNGeo9YzoQyvmHiRSV27 + eBTzua70gKwbGlNM/KyIyKgMfDeJVxds+qxoF1PsaZ2Qbg6tW3oGOivgn1SC + =mpsN + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-16T14:03:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1ARAAveReIRx5pGebuFZoJriJ1kbd52W37367ypCErCQd2nKE + Xls31lMFAyZLL1IiNj42imP4ZmAK4CpUr53NcxUEskdc350ZCnJg6En1Wn3SbYhB + D6JQGzgbVEVCk8JrQH9cunRqZP5O/wkH1p6iTsktAaMZX/n9a0gF7sv1hainaRKj + ZHupkQ94hQ6VZLHRrJo6PKsofT+vm/ue8BZVz8grUWa6FcMJrxUz3C1Beytw2q/o + wW+TL7HEGeo0igDC+JRk1sTXDJHiVzrihtdVf6iyEAStOF4SKXqH+e96tHuPv+xh + Lhr7t+wWJEvfmHHmUGNSJaz7hGFffVIAxG023E20AIusn4TDvKZl3SDJnZWUnKv/ + TYn4Op6hKLNKIl8M8IFKqlaqCyuPvFwRSglbvyTuGiq27AeXOOqi0YPwfNpeo0PR + 8WiX79t6g3qykazQyau7kOVPq6st2KEYjntEDNwQqNJGDh6tllA3iUN3aJjQ9tCM + /Bcb07pSfXeSN6AMKbBCvPoweHyuAJApyIALYaioqbJeWZRkYnLf/pJdO+Sb1uM6 + lXdGMJjDZRaASRQ8Itq4q34AI8RW8oo96K8sG98rsow/YxDgpWnHHv0r9y69JS5B + 1rZUTckPG57sFjfGcs9OBEWzuHtE1C0l8cxu93TDyb2atbRdMTl62l86RLFDX3XS + XAGUrZPztS+QnCH+0vwOoEwHN79gxbylfRuT2J5nyzp6UwwVjFk8GUCKTBB1dRac + tpcdlYRNL5X+ybpR1SQ1xgsMiP+Qcu9EURXWc4oK5eRg4qKsr3U9Pn2JxkTP + =eF0q + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-16T14:03:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdABv1nkvhryXv+RAGgHf2c1tMq79ZXwr+hDXZRHjjBEXgw + rSpWHH+3XNoR7IPBfk3/n/1hRCz1TOoIbs1/yAKHLLsz8z5+wLzeej+WHScx8LjI + 0lwBF5bFWFk4xcfJoO2Fe09G5Hlj63WrBu5W+kV/D2+pUXI4n3etETx9LVZNobWo + TOE7vrtAVUILHT0iv+zZiqflKLmp/xDBWLKXvCnWGBkjhj+nBH9Fqgx2QayV1Q== + =KTPl + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-16T14:03:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//Zlmb4M1u7i/N5ogBdfdw4iBypChTrv6RBqIMk1sK6r61 + koJsK+3hixZGQH4UAhT/nfC11NdHoAcG4hgPTxfMt2yUOSb+fwZyYXt6ShZ/1GMj + Q95e88df2xS5OvCORcq6pupFh1AfuwsxgP9iaE/BQ6V8uLaN8nsYrL/i4Iq2SI3b + uZsQToB3JYcGqJr+YP7flFcOYNRwBkeweWfXef5ID1Raj+mPjJmpegZLNY6l4zzk + 5avqd9EAMFl3aKzS2nD9+5B525Ze9joGOPAmkToYtDiETXNCeMXylsltVVy9qc9x + X4brC5umiuIDjFVZYupLJ1cGSRfLgVIeiDkGRd6q62gSKQ0x35VnbSDPVBYhSetB + zB0XtIBPg3mCXNypuaSHbo9exiFfpY4juswTuZ/nEK8Xip9v7S6PVLe5EhEojB2N + fEzuQ7MMxdAqJOe4CXmi6dybtSKCEDFK5xYr6VSpEylZQIDgHHWH9zifOUisxtjv + 1uo5aH6bGrMG4UyGjf60Fcnl8G3vOAI+DOqWTtO8brb5NILdyi4+AS5voqr+5pTh + u/wlwhKSKbUzEDFBJk04JDjpdnXEeOdVdKXIor0rGCyU3volUP8cKLHyEW2u02RX + MBhQTOd8s+EuHd7ueJw+EmBZqkQN4WSfUbAilnvTEumaVtJBDr1CMKgzVx0eWC/S + XAExGPmke/j2hG8g+tRjgmQmRvzwOYF46PoUtwFZY4bXaDxAww2YgjRzdqHBXRds + fMpnz+fAtJTj2GIJP2Wk4jOY5fUbaoxOfWcx4Yl2bbGHh/2sg1XN/0rvB0+X + =nm/4 + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-16T14:03:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ/+IqdYTsLvMJ7wMf1AWjmBJ5I4IqcW30VeEt4NErMzLa+f + OT3zJAUkOlIv+JtKKq0DFShOnixaqBGZKK3IUt0+1gTpaRGcUT7D0F4jFOwXZMDw + EuSK/LGFDNIh3Ma7aJV1KGJzjf0/IO+OTahXfnhaufDc5a6bR9yb2fkHeAakPLrq + QDbADoTNhmBNA/H8rg974FniX8dENBDWlgOXNJKKnQ+Y4sHrR5dcyavF5DyRKO4l + qAIpVenGFWcqrK4JsklrU6sfrHe3Ho4GUBspcO8lDfy39ZMdb3Ypu4+u6aDicStx + WUwqcHquu4p2s12u8xiz0twQlvd+zJaqqtjhpjjKggH9jgl1nY8i7VhVKi/P4VfK + 3XuBiY9cTtMeJk0lSE0XvIT1WD8L73Em7LaT3Rskxah72mV3v2WdHn6wMuDILpOb + 29/YnGE0BAOY0thq6veuFAWPuywAtGFrmx9RmswEOWh1D8HJW7/+8uBdseFqRbB0 + SZ8UkPDW9Ko1pNGdGHLlTC9UkJXHibiZqNUbDvOat2rcInk4zqjxWs86F0RhPruI + 3wwdMPsYCi7uR7moiZyiCt1hmrcaHJG36zaZBuUkqd486/YxYGt5rS+2OKZn6VOP + 7k8fZskHF69ciAgSEItyOu5hAK0o9vBb/plQONyor15/wXkxeP0/7Vpt0Qy/Ad7S + XAEoYbLf/EYQeVjV2pPmv0ff1lBq95g0pj+vf/1StniCOTv7fSUfjkxQ1K/yFsC8 + z5COp2XhwhVF0xTGu4pzYcHeuR+/KU1pqL+UFFy7sMBkLbsrxoCuyUbLWwNs + =j9gL + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-16T14:03:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//Z/HFWjTVat/Rhli4RQXmeKrP7BpHn/z238w2GX4jt78O + /fXDniLCNZk508IpUQ9bGfbMsaRw7bdnewtW+f0nPO/vRVuQe/ADjw9Z5dogDImp + OvOd1gfIRcX8tm4r1BlSWf7A2qg5qZDOcGSxRNSHhv9NhnJJLHzTYG5TCoUCZ2wK + mYpufnpYfpc/siNOW8a5jNRV5sW3+Bp+pd3AqEO4P9tHhOwxWmNju8PyrBCqRI42 + QyQhdG2eMIiUs6YJ4cR60rMqZZ8lq0gLXM5sO3OrxlQEP5FWePLRwq4oq4/oozxd + 9wqGFanYW56LVL5vsKyJVHBFlZfHYjjh12gSvb9O/QyxTRfT46CnWbHD8sYWQbxU + z6bTIhQ8+kELKT56TnAcIxqWmPRbWOKXY+iruECkXqTyKdm8Ux+Q7qhPvjxp/cnC + SZfVS00CJG9T/mJ4jwe+bD7a4fIeU+nZWJ4Y4S38HZlJ759nbn/MebxQXNEnRjgM + z48c0cGb/QHz1Yh0l5xMKMDNMN4Zcp5rDsdmEnRMCtgXUlEGsHPh76a5lNeE74uW + ErgrRG/EEyXDHaC6HK0izp7dUBYcV3NKJrvG8XF4lYCXQjw+IEXz5mGBKLpPfvlN + 0utfEUDp2We6kFUXiDrQgEga9+ZNDhIoaUGHIUKIH9vWV0DYWY+2Tsi5p1XauMjS + XAHP7lbYvp5GQCZ/listotwc0z8YABKrObVRd3xvURQ0PL8UdelIMSBSruYXXMUX + X3whSggk6G59iBJvXTpXioVfPBaRpGH+b1SWIR8wNcd4+yWo+JExFw+OAF8+ + =H9fX + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-16T14:03:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdA+mj8Zet+EX625kPU8Mca1O9QklMKAsDVyerrcpXpkTAw + c7uDpTKWutUj+B3x4LlffmxtABIQV3WEujFmafaXxYvU20B75m+DGfp32A+k/Av1 + 0lwBocEM8tY5X5gT5OVwZKynFxcB7HxB8dYZNPf5YUIUfKXIk+ZDSMUJgOy15BIk + x3FeKugtRrX29+az8LNlsBNcCeqT10U/mMvqtU6xwU5qbOOwkh7DgZZGk25opw== + =tl7N + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-16T14:03:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAvHPZfWwZCO2rlfLJx6B/omZNgE/PnFM0ePmqu2L/cGcw + 07lNHTEjOyDnVtuvbL8MbTfZUONVUia6cPL76ae3f0074yzGMSvus+WZGbwq8g5O + 0lYB4JNvI5zyuolaPUIH6RQQzY5+U4Uxex22rkhdZFXHpqyC6a4LkR56PnIYgS0P + /09c5d+q5obcTxFeE9HZDqeY7NaUT62zN02ME1ZVxg/hVSpXPseJWw== + =8dD2 + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-16T14:03:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAoOnxlDH1+B7TXdh70Kvau1/h6KvrYHV8h+Dh1ECFlO44 + GxUXxjZLy61dJb5s3zA8MAJCwuv1tSUjLUUTh7AR7cugDV8XJjFKgXJYz3AtMoVS + aY1J+ifz+i5i2uhvVOTnjiVEtTGIlD9xYdo7t90TCgC2lMxrXEwE/wswzeg9mkag + cz3wDXsFBlA3v9na7VMcJwywy93SbtIS+wmGHriChv7hi54YwG8lPdhLMN25l2iI + sT1eOYbc/NzJpGoU0at/kB1CtELbvD5OmyZZ36eGTyS4meGY1niev407tvOFLHbr + lsCoG2twdfGeBFqj/lRvae1OfA8WkHUtcje7tXq6PH50AqC9iWLrHx5sqWbiia+0 + pIJ1iZB3OvVCQiha/adtFY3gwHXFue6UxpWam+wfkZf/iu2Tzf/R7rZbZEnl+Yp9 + Vt7tUXTB4enOj5DieeeJbDzllPiwCQj69jBZcbxzzoCN8OJUssKyPdmbUSzaAcC0 + YZRjYRDsENk0duvzX6GJQOSOV7jH8QE5Zkut0P3U6yU8nyBvi9jO0ZC9iHqH+i1d + /Fdl9XQP6GwIWd3VXZXJQnhiNyWOv7BGIV+8Hmx/8564xJUiOnip1uDcxfUqyEut + 3JcxI7BBXxUuZYBRI8JM9SOmqQLwz8t419pt4YohEMzcE6NBaDluVTaOvc3VjlLS + XAFVgBuP4Q6V6Fc0ZbEQKFMo/zcVLCcICHf7CxnefF2bnCUXSt2/2mGq17w2RCk5 + apmuIngabTkZi5brZRbRr6QixmIXJ6oOA5WCxSmjbNI08z5pR2+SKj57Zc/v + =d+GD + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/inventories/chaosknoten/host_vars/renovate.yaml b/inventories/chaosknoten/host_vars/renovate.yaml new file mode 100644 index 0000000..17b9737 --- /dev/null +++ b/inventories/chaosknoten/host_vars/renovate.yaml @@ -0,0 +1 @@ +renovate__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/renovate/renovate/config.js.j2') }}" diff --git a/inventories/chaosknoten/host_vars/sunders.sops.yaml b/inventories/chaosknoten/host_vars/sunders.sops.yaml new file mode 100644 index 0000000..98b3917 --- /dev/null +++ b/inventories/chaosknoten/host_vars/sunders.sops.yaml @@ -0,0 +1,210 @@ +ansible_pull__age_private_key: ENC[AES256_GCM,data:tP84jDYh2zeWjf7wqDoefm9zaeg/Q2TWUyIstOcrjYHgrZdGLk64skLuGyH5q4FxQL9QEhe9qBT+AAxxKE6fU630/M1LVOR4Sls=,iv:I9W6KxIoisJFFMtOrN5u8KgnsmuIgF9RvzWanLNGVVM=,tag:w9bhDahR4Ai4/nLLeR58lA==,type:str] +sops: + age: + - recipient: age1na0nh9ndnr9cxpnlvstrxskr4fxf4spnkw48ufl7m43f98y40y7shhnvgd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGYmdmSjc0U2t6clF0eEVw + eFRjaDNZQ2VrdGdCMTFLd0EzUDN3TG9QVzNJClp5NUZEaCsveitxVmNZd3VkR0JS + NFlWcEd3WlFYUEZaVmVhTE5OMFFLNTQKLS0tIHRFS21OeGJqc2lPTDFuSkRwYll1 + S3NiK3R6UWQ5UU0xUmYwa1hqMUo5c28K4EVQwBcALc6k53CNsemfMy2s6AGO5LJf + 3U1zeFtEcsvEnUfkvFT//M7cB6pUqQF0KIq1VnnFoQF7IpvSN23lxg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-14T23:43:05Z" + mac: ENC[AES256_GCM,data:15TRSKlDhjQy3yMcFhz2Den2YorcrpJmCw0BVl10qlG8u9G7Vw/7aV/hJnZdkCz3w1ZkEbNS6DCKxCLs1Qgf2SEPaG/cRraO2mcl+YH7k4gb5LMzu81fRkbCx66B4LG+DY8fsAJeO4mxui2m0ZAHb2SNFIP4Q4vdLav3jTaiwAc=,iv:71qa6JTc+S5MLynGc27tx1WBGrpvTCSCoEv01SZnPF8=,tag:ju4WP1MK1/sWw7TAitzM0Q==,type:str] + pgp: + - created_at: "2025-10-15T08:45:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//fkLWQ/3OVcu4GKLhg4o2uHTWlqvFQyzpagXsDxM5RcIM + JteCVklioa5qRBZzDnwGs9LxDZmpmlURxCA2QVx9/M79KaFr/qfPupecS+3FLOy7 + 4XJTQhFxNzQgLDepAPj9JJI3Sp1QyChaIwH1SvGX/oGnjazXo7NhthyXaLFIRXqJ + +dwBiVcyjVLuVxopLKALil0K/aq0wRhxBQDA/K3X+rbHsKllo/D3+RhNsaVcz87+ + 4kVB2EjcxMezl6vQeXPvDaMGwhYLohTNng4py9pmA2ihyYLwDuSwVkAQKjO2T3gR + nmvtw0jZ0cgGUkeChBHG6MrvrQepFkgFwpj9S0TzNxAAmOSwp2HVIKorBcSjB+tH + 1C3cjjFEWHlE0kfWRrvsbT/57nsOIWSXOx5gMqRsMo19wP7CpCMYL9p+jSphQbFE + ILBtmmcuzlr1ExLi+F/gfEX3yA0kSswV6BJePUXHECiNuVv8PM7/sUOba2fcFyDx + fKBkD+5CEjr8joUgBE42kLP0aSEwwdqmgzVhIlSY6Zn5QVx6tSPBx6Qi0I19ic9u + 4MldM2cKt4IP1LNcLrtuPNRRWZ704LGVTp1XWtKed7q0cae/k4uOvYwYf1QKWY84 + 50wApyybTl7s9JaNAVIK2bXQoK7ALLiOIDTwPu8B5q05zrjyE5XK+qNi7ueXcQjS + XgH7kGxwfpXKGJpXJ9dDaW+2pmoUU6LTOCm9cuqZEGB3jk+jl2M2A7M9wFKbtrkh + PGcloa0AVlc43dEzqG7tox4fMqToNHwKTpR26D2GCOx2BmovIGC3qaStSbA/jgw= + =/HmI + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-15T08:45:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//XSwyLenM3YV/KuBSSUy57ungQfU+aujOwfhZLMK4w7dj + iLDNBtSb1rNr3rQ2PSQxX8uqZIKrxW+SQ7YN7dOKhAWXNdRPZIEuPRCfhrgdL57p + VBCHpBSPQqzuDhHXHp+hf5GpAOSeNKgPLYua0hT2jNaHHkaGi1twKDuyJBUtXv+J + oXw1W2DKFLIhhKVLK/p3OqbYplLKRVoCJg0+0A80mAoVwtpIW7CU144jsvM1rMTZ + mLFXBjDXgq1uy034MFBAQod7vcgmfoYwFr9LCHKygAcpFmOhDtNsNTQvjKFmmHdw + m8ykzdEShe4vhzKfH7icKlYcwrrGhT8JoswzzBx6aA8k/e9m8P1Blez5Ief3Et7E + lUiSZBSzgmZDMxaNTLhNmfOmG6BEkM0X0fv6NBtpuO/vl/zn3pcSPUao3LKhXAwy + 91iTRjxpm/pYKZ6RG2Z6eI8mIdNMWcfkOpzYSMjELggvrfkMhdSVSmLPT0Hozx4f + S/2yNb+7QFufrwJw8Fg0Acst7oPU7siMtaJu2MdNJUlDqEHCWFfHM6Lz55jnJNVC + Nmr1lRcTgaaOIMpE5UAJw+ownlCZFMN/pbOJFb9+Hy3GlmciqVYch+0cR/05vNPN + dDnuALTlgsJ3YMv8PhVOAffcxJ3ua61hSCQmHlPxP5MzB96JY9BQ3+3ufLtPA1nS + XgGRXNlyqtW0YwQS/kUctV5n8k5BhnBKgxJHq5+Wztp/o4D2GvxgkmdEdOBK3C5t + an+hSe5PhubEVnd6tWhzmqBQzThTyY0S53RcbAFYRId2VKodlT7yXV0wwewL84U= + =3lT2 + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-15T08:45:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/+OSLzOzAJtSU2JijWvzYhf64CClYDmUXP4nXN6CJs4o1z + iet7JJfruRBLTlQdqbCESg3WHbtjFk639rlCV7d3cPQIHcEQkIv7YAisiM+27v8g + jJ8+gWC75+rtyikVDq5hxf5VktjXmdnhz+xppRU2YyY46tFgp5vRhxsS8wQXcKBD + JgL881OPCz2yZUj2kaqlDf1GipRtwswxuuKj02mTfXiQ50GGYBEd2nSzdtmfdQ83 + TRFLZxhmZFUQ/EVB3wCa+l4y6SThXwpJ6ImTCK4BNxfy8WPm87soTEs3mgvhiBIl + 7q6yCW+6t5oDaxLg/SCZ4lU3HPgUjMF8Ax3SovHqZ210YFZrNpcJ9C+pVrAkZUIm + oHWTbR01G1Yaq7c+e4bGiA34C66gv3UNgA4kDcXt8OcydtCjX38x6Q5kdUB9I/x6 + zwVS/6GXGDvxOodbPpe17LdUDGqswjPZ94UbKPwCbQDosN+5Xnt/XYF/nzP3V0JB + x3fZQbBWI0sTciFRvaMmB+qG/knF42LZOdhVaTASLnNcAfAGesbyH8Z/0zivMa3F + 0Bjw/LCldSS9+wvhJOyyiorV5mR25w9G2IDa9l8f/ZuknHQ4Ht4ptlkddZokgXFv + CF6nKcHBFHMofzs4a953dxJZ/rVTFj8sOY27pKf/+uQZjZLcMI4NtmkTeVhKQX/S + XgFmp1yvDE1KfuqtmZ2UMQtarN9zsaUi9HPcTaJyTuYr2s3f3/i4vtUmAeotfV+O + x9iPs0ttwfi1XxDJgFdxoa1MBFRlUS1sJShxNzC2UYYHKhHlIago0kTMZKHGczQ= + =BtEA + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-15T08:45:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1ARAAirhhnMsEuxUaDwxgSehvzEeX3WHSYCUPVEoCqnMMMr5T + /6J0cEXitvwmw/l29jpCuJrEfQ6d10syMuSrJvAnwbma4Dt867jQc8Cj7Xn7Z3BC + Tk0s0TPW5hCEBF7Mg4k104yLDK8qIwAMtSuFZ0f9Fw2gEjdHE8+r0y1ZDEUndxQI + jUfTPmcXq8e679VFjhYT6O7ttUgd4asoQeNi2f9c2fqpiOUDlL0hV8yFI+0lhqPA + m99GbCDTnSx4kWNc8HRtffz2v2+/HIvOQo7qPIEf0SS144OebvqYOFEqw+0tNTA5 + 9INouMXBwm5OjyQtjMd8YY5/f7y+e9Gj9KM4EMoNOl3hmLVQAez98ReJEuX2g7pE + 8lPmBmvcUM19UnKiNuofLQyaABUkyrv+gc5NG+8RtyiQIHoe2gBpXrKXa23TuvD9 + PA5AkTTCeFxxnj5eNgPrwTQKfD6pvp//xj4qJTAD/WVkkQRzUmoWdnvzv3OVnFZ3 + iO7Dlco+klnAljzZEmB/sY4W58fo9ltCaCflFHE0iOSp+Hr4yqlDpO9hitq6qf0U + juTQiHJ9T0MjPXzquZftTNy8Icacc4R3myyf/NZ0wLsWg/X/sQcSvr7ldZ1gLSN0 + EpPKEAWMvEwOrc4wPAp74N0BTPsadCaEX08JrvC4Cj7XdmcdZ5i7PLWd+YE1iC3S + XgGIywh3ADFH9wSWOVLcW4KeSLuxl91XFaqc834WaeiQgrRKy68cSj8BPulWn42k + W4A74ndSgyooVfuJPSPrY17QYtnEGiQU9YsqDr4mbuBfExZ0olQYGsBS4bX9uoM= + =i9LM + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-15T08:45:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAIoIvHLe5CKp9zHMCCa5+pAa+NSNGuEl0eSC04ZgLHDkw + 1SYTz1t23cM3UjK1lRXkRVaGeM0U5G0v2shY7zb8XomNxPmlXmc05xYLIkM/F/dt + 0l4Bb55iZgJXODO9B89qQXvcPqdd1Du2W+jvWK1uxDzqUQojhfOMLgwtF9UIjV8l + atM1bQTX9413XOMDvSGP3A51iyzYKGBU5Gmm01IM5WsMttJxdY04uzXanHli2ynY + =Xi7e + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-15T08:45:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//WKQgxhiG/KTWv6UTeLNYh7wCFz3SW6LbXCgzwhwesEbv + Pu0gS4Ki+nEW7BjGos3u/Iv6ECwh+4qFZRccGDcU7gbyLt9I3/L4JKh3RA+wiynn + mXW8xtpXLF1FnTBXK0lV/Lnow6oddo3C9UJ0rrr3mM72gNqSFiaObnTMDTA873gh + Gpixud/NQNbhMIkUVbUBYXW1xz6Qm7+g6C1Xlo5F/8CDvIKv7fHRO7ICWKlEKNGF + yC+a+xplDSbgSsfvrafNMFg9RWieHg52bAIu2J3EpTTWcqeTYGbQbBKbpT4aFI5j + fnQxAVFq6AbKX+hEfUfpTqGFju97SggTqR2J5Sfsq6owcuk5snwDY3b9DVJLfxbu + MLYgwDlzHQssL3RkCwwNI2Ov8Og4yMQbNGB+o6/9OaJbfLi6opb31eWB3FLSYM2V + EZdEoXfl43eEpOv/iceSyjbNCRNOXyou8YJ+nTLNRKjwmGvluz8RI6m7C0mreh/D + AFpod9nmFBhBxEO5gwvdYztpY8aJq2Fva0aTvCQ4FCU2Tz8CKJduEFQeSxafBrUu + BSV0VNVCZ1cffWkNbv9VPJ+8kswaMrIkotDHpdouvoGosbICDeEaG5ur+F1qKPxr + nne+sM3+ZjzrqTz7SUrU49ekEGKnhcV6P1nhwv1XSVaRlRin4kF2ApkM1+wXCoXS + XgG696X0SmBm8ifPKWD+HPYsaPThpbdOfSZOPExgPxRIfpqzeqw/YGyoQZ/ZKc4P + xLGoG/NlLBJ7xj37AW90CJEQZ2X4u4WJIwK51MArhHppC888RmuW5DcwMcLd5T4= + =zKAr + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-15T08:45:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ/7B2ah5eKEwBZDS3U/dN6vEzMW/nQnCxHSX8TwvgpnIyCc + gdlX4yrT9jHv4+ER0t9bV0LdSgRPactHc1UbwQb9IJm8znXKmfl6eo9weD45GKjV + hBdWjTHCC3qyNROPQlny9jvSd+JLi5JadClrXBADzcTtMCygko0JPv5U08+vbmAM + iVHhB/Bef6Dl/76rDrV9uM0TMfENeS951mfuUGe5XbihVB39zTAGHuMIqF3gN0oy + lclHWJn2fUbnOlzfYEMM+xdoyM7w0IrO73GzEUKxXj7zU9AAGMMA0nrA2YvO+i7c + RFgJ3hqqep3bM94a5p5w5Dp2Lu+o7no6/kuhITJ/3xa+hu0UZIpRpRmxfsr+KZy7 + qxrhyAAsJa6OMVOalaeq0MnRU9k//UR8AEXPVV+9W1RpvJNxxtNy+9rtD5T64kFY + /uWehI8zWXZ9Afto08OmVFw1102Lby2xFEYmB+K3tU3v89PFZV1CVPBoDndpW5Cv + l81LqdqvwQC0W0YkEAZUcVOYWf+QT9qBO/x/VrFMJbBEmgUbCqaIlWSFTsCTknoI + LctO9kClYDTIZT3oftwmmvulOIDplXDAt+/ye0Uc89TdPW/UWKso5g9TGx45qiem + aiuglzPPC34UBP72XYtYlgTiTsAQWPdEOdczBX8fNDZHOBMW38k8q3w/hSrSG3bS + XgFCnSnxIyNpbNbqiM/6Wp9wuOB5yIsubRhR6EqsNVqn7KGpZHiM0lE7CJ0L23wJ + v2KceoHICRyXEJ6CCp3ZpctRztZNqqKbnLuixN+TH5H+nscmqYf5M2ycBimjP1U= + =K2Aq + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-15T08:45:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ/+JOmH/Rbqq4C7Oh7CeLem3g27BSzZfjfYX8hDzzGNc6D4 + SLtko7TUmrag3tqlgi78li/mBaimsEswug+/N8GYZt2XSOk/rDfUawNlt8Pk51hD + ErX/cS2AWAZd81BNWYnLLeT6+qE6CcIjPpvVJj9qnR0eR/gFoQR2Puu7jH/999PH + kNH7oMYJ2SPdBmeRWl7UbtFW+tlavzYAQspkpKgWzZTZm/d1SVZorFcH+oYSQ3PZ + 7j0vuzCsvn0PLSJbH6rlc4PquhxgHeeV++Asujw0/qcnDy/CwbCoezy6NZ7ay+0Z + p6EaV3zpGK+BdvNud+HKEnEqZvTSmGd3KaaYWIkAGwTMUDj4gfzUGWs0t+QcpxKg + ujb3bllti3/+YBdN+PsUzGpLeODxb38AlDVO7mQqRnsEonlvdEJQBzX7GMrrNLLu + AXNLtGdJyePLkWTIZM7nvA7+lTQfM18gl5KawPm3q0yMpKaCmSDSktymHCqm8iAi + 1eUYNcCU7XwJfdrNmMCpYotVUZoALYCWXeFCxHfVsnuC98jIMWs8//DhaT1DVGkF + xkk4risEdScs855VNmQRW8Dg9fx5NrCSslFqmxNixEET1IhYBP1+5kIv+5O6Qeci + 5jHvhmz/Cg+6RcOn12w0lZO+eHH/p9MH+nhta8uVnJPYXxk+EWwT3YxZC822kWHS + XgGu94yW1Gsu3TsfyG50AgbvG/BGdGZ39EjU47AZZv+r0DBX4zvnQ4BEuvrrA1OU + 69kbfdIN1RqDLsFQRsgT5X9J+oABdekYKsz67BHH9ISDBhgF2BYngMD7zVln8Mo= + =5bU3 + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-15T08:45:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAbH64m1QTpsgWwOJpudkwpsaxzoSDEfljEnIiVrzArmww + OMDXywm+1iiRpnbx4IL3LsoHCSe6KJah6ZJdLbohv2AbL8+vcZ7FIUaBbeMXiEGZ + 0l4BpWjzCauPu4IKBbtHN1TVawGljnNHzNbhjdCeiA0YQbeAp55vQufmJcIOEFzV + 42fFXTqa1bGbeOKjCV26mSQX34DOT81gH5dcjHtv8cDTsOsGqmft2faknKqkaHFp + =GvTi + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-15T08:45:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdApdQiqrrqkcuXl4ZOORj9xDo9rgqDYfufdm+mcOdOrTgw + amysE1TCgugTEEoQn10VMv6IVJM+AwYsUG3LI4HkrnvzidsUm7YTfDvWBlZPgsar + 0lgBH4wfqCR5orVnsJkSazAS4/AKQHLZuRdlb3LKrxbCLas+sDWR18/lKjSRTWqb + YOJtFUsXcBWgmCsgFBvgLWEPExSLrCWeTKVzcycI3uL20BejUHU9//8C + =XVFg + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-15T08:45:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ/7BPhkMJhB+qcwqrPBnPKu01R9maR7OHBvcL1gH0QmRPab + YVBjv8gcxjdT+FQquhRg4PAR52A16vijb1rzwC3lMaB85yWNIzBRnKrUZFoDqwAz + 4FdFlw5cV/pLI+QII/eA5HAMPDFDj9UFY+/tyDaSka7LK7J/0nbv8tcTXj2r3m0N + JoSo39Y8x/tRRr5BoiL8TvBJ8GsSsjqKR5ppAQaW0u+csGL5XlcOxP8OjN20yibT + ZosOWMjMLZo29s5eqT7EXuMGspZV4ptf/zRAqBdD22CuQfRwYtVAKwFVi6qneLc9 + VKA09losPSgC9dGMLp0zB5v94SHJJzuq7jXQ6yWp4syco6GtCkx8CONx60p0FAwG + C+IhgxG0zz8c/7Bdg9xeUs0Ml77lFcXM9j+ldSI8+/9pKM3T4gmtydDFHQrLonsv + mZBgO9aGMJVVtx/oJ5aeypu2/lhxsixhxtLCk4var5RNG3Y4HsMYYtWvVbf0Gk2Q + ZFHHMyYg+fnh4Jjjgcw5gC8qtQLJ0lDaYyMNgnDismLTbaPpMbQHeFSNZCM98vjE + TJalalvaYeCZF5kx1J838GoxbdBvz9UDrkVXIjI4inLvv+J+psetC3lpRLpQAHSf + KiCwJAaeRm4jwoaPXPoECpfrdo4OuLGGhmt44JrqmkBJpVCiP5uShRkahwsSZTrS + XgHt+KX/ZL53wC4kd79fs+vhy35cflOTqZcvdQDLyqfUHyuzMlizqxQ3L/tv201C + A8V80upXtVhCiCCDLzMYfMZ4jsBkI27Pbv/YHPcEQgQUd9BuIhKiEOsSbd+8jxk= + =5Eek + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/inventories/chaosknoten/host_vars/tickets.sops.yaml b/inventories/chaosknoten/host_vars/tickets.sops.yaml new file mode 100644 index 0000000..9b44b1e --- /dev/null +++ b/inventories/chaosknoten/host_vars/tickets.sops.yaml @@ -0,0 +1,211 @@ +secret__pretix_db_password: ENC[AES256_GCM,data:kAOUjT7gw0FDqO+xt8m3wAhOGuZTS6zEIQ==,iv:oPAxDzz4ellT5MxUqw8/iBYyiTMf1b/Lddj5E0iIhWE=,tag:r3OTmcSjNUETEmOzxsMhxQ==,type:str] +ansible_pull__age_private_key: ENC[AES256_GCM,data:Bhtx7X1ae0pWpxNwHSUJhe2aTO6k27+cEePOs3BBMWdAPFYHtcKUJakq07BTF5tnlvY4Hex0YsO3/l45e+zEfzo5U7FezdYbUPY=,iv:7z8Iy+vdnpfc9TspkH3KMKNGGsHzbxSjERwRP9JQyeM=,tag:AWx4xVf2YmC9giLS/mD1Sw==,type:str] +sops: + age: + - recipient: age16znyzvquuy8467gg27mdwdt8k6kcu3fjrvfm6gnl4nmqp8tuvqaspqgcet + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2OVFaYWpkbzlQZkZKZms0 + SW5KT2lKbkREMnZiRm9EV0ZqalJpK21RcDNrCjcrUGhybSthZVplNFlxaE1TQkRX + SmpRY05Vdk0xU0hXWDZ3SDVCV2xQZzAKLS0tIHBPWS9HejhLaGZVTEVkNHY5aXdC + amM5cE9iTUUwRzlLbzNzdzdGYldDZnMK2KFxt+LlezSECxqOsaGVLjizmngsO62h + pVJK8C/c5EzN5tX5aAhOWStNLHNRt9XjcNAUhi8EFls2Gl+yXGH11A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-20T18:55:55Z" + mac: ENC[AES256_GCM,data:8OYQB3sIlIStuKPIkDRkeOcIPNEsMYENgyQ44DvvQNkR3lU8lHzyR2zL6HiO/zXF4hXeLUZSqcyH2jU61mEKr1kNFpA49BlYsxuPSOADJURhG2P9oUrc9hi2JL6KtwdRtvTcQB16YRVmhXgt0MLAmyAFc8V3CI6O5wfuEKLkmM4=,iv:dpJCVGga5FnTkCQlouUh0de+6wSW9Dif5Ft/aCf2mCk=,tag:/9m3rCWIhd5jyXXpmIb4jA==,type:str] + pgp: + - created_at: "2025-10-20T19:03:05Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//WF711Lgt2ls8W1xD6yS4RSQ/mrdG8ae8ZNPv8GfvGRFW + X456rSDSyI0y2Nx5M0J2JOnmDyNCZhwXZsRJVjYyLsvtZWjPwgHwG2NO0ivkXZcD + mCXWLG4pgb3vET21LO+mYtD+WDrmgRIL4soSIEu9q5AsFO/D1LNjVCC4knmSb/Uo + bwUe5AHKTh52lvWN0Rwn3u7pNyavHfx0RasoQ2dHrwCuYw6twt2p2LfZybPABPxI + X2FoymRqRNwec8CZnPe1MEjFAYS2h/HnriIMRF/m8TYUMalwb/ESn3eWrI1KOUsS + UJ0zw/JdjLdEnEkK+gDzOBUg9pVto3jjWWkp90Zy676fIuFMdRd5WSQLgpBSP/hp + BYVIDb0PcfekDo82ItXKxp8/pniaMYDGrP0Wqy2VgBvQltonAv5P/J9W1luaQFnA + gF6pa8q48h7ptjqkcpSFuH0Tdoafr4Q8q3ubEUrHlyNp5cGXYI+MUv6pn1xPhVq4 + kMcFTISOZwSUYLM1yvz8CwHQd6R9S1iLMSH/EKOWDKGIGzKvqkFWsyWSa4V2vbr+ + X7Yi4/wN4ucXPwI5hnrevwaEpqvnL8eZ3nLhCbFPtZPaay+IxNMySuLY6r2cfPxF + zME++5FdXNseV57i7KkChooF7vLyc7hkN8fxmoc/r81m8EVr/tsFzsZMLyQDSErS + XgHGbVJ789+6IpV1Ph1jQ7SJQm8+ADtDqOy/BF5hlmjN9sI5vhy0k4BeyQk2zgT0 + w7iMZ4hyn0A0uXajtg+RiQRkE+0tJOIj7Yb99y6TfFkYrtBc1Ln2QnLH6a4ETbo= + =enot + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-20T19:03:05Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ/6AtwxjLj7/MfCwnbY3YjPXp4Yh56foOt4J6PQm8oYGTAM + YooEOFit0lx9zYhhJuZ5UWE2+3NZxzBguvx6OJWoGBDsY/VuSHjD/55YlgH6Mnhc + 2kjENMi4vdOpcVuCYr7U8+dQVOO0CTmxFevcaH1KQBQr7h1QCkH3v3QRR2BPvdwX + OYiy0+bertHzRYvscAFxr+knf0a92LGC4J0k3gWVVy2EkixJ5LdEg66LRxNo+XTX + kTZE1RGznHXQw37dWAPzQdiNg+4WQcfDXob2VJFSRXm0Yjc91XtwCyEUQtbDvLwD + +wLgLekcxvUceohFA2cj+wMZV1yzp4xzHZ1wm0olGvqsVuPxAO5bLHt7KDUybBue + W3eA8x/U9amKhwOzEACHbEdVNE9thfaqpJr0HnauPCPl5CYSpCv91Teq4702WDGK + 3z1WhK8uWzYcgdmDkRZYTWtqcIHSPoy6U9k3/vpJ6lJ341NslW63thg1MU+JOV24 + z/hBXVq1y8M9EGVgKS9MyzY/KKxrTwIRFh8AJ9H7dN2BHKRKJIzK3TYUwKh8EQTv + prki6BwVvP5NQ5Q9wASJwiGvqfcWsthBZvDjrg+4kGc6fz27OiNK+dA46Spk3mHu + XKEkhhVnZpuWTOv9rt1B3q3XQusqxs7ozGtvyH1TRGEJ11L8MpYJbRlBd8iCsSvS + XgFEwjGXROS5nSYxUBZG9JetWW1tHZy+PB2goqHGiV0vQSgUa+x9m2Ya46k6FtTg + L4+wLEz7DLZythAGFM6CQxhSB2fBdaUTecN1zHaD1UP/+xjQ1SVGmYx0FAsUAVI= + =mQuW + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-20T19:03:05Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAApxKnEr+oYp+hdWaUWFS+VLI3j8kIDbBHmwfPMeG8NWFq + acknfjnyXRuXYgLRx+MIrcdg6wMSdjhB5D0lpbjvtOPnTfcaACAGBlJ1jJPmPC3X + pj/dX62EHR7ckJG43Dc2jzCVwPGy+vjketc2gjvpbMtgQY5TD3fMoGKh+L7+EDH7 + C5qUdAm718PIWTh1B4Rj8VH6yiAWC722XJHAHDyJpq3OKLKOYqk7Omrr0PC1A/Wc + aHinfF+4isyxPctBgsbg+KM6zAbdoUMO473pgRh7mtZ5dEersQ9TqI+pvqI1iQQG + jUS+39bZeNeBEi0gKb5d5LkkzGo/ugtZMZw3Uk/xEd1FI1Z3n/9UF574Czl47sCf + feR3f6sCww7SsJYM84PBJjfXekOH6eSsdQVd2nh2sgiL2mkuU7biXjHqxNGuJegs + QjslvYR8vYCaLp7mI1+Q2ICFzqBT4Vd7F6nIIArbkMKeAACg7EcD7RjvIrKnZw8r + fz8rS7+SQ2PrxVW2mYNlZbDlcGOph2kLDNOgmeDckz3KxJYEhaa6noVsRw4HHP+M + 2BFc7p56716QTgeNKL/x6+NynHQlxpY9LENNAnxQTE1i5Tw8PoHXF9yIETxPXFbu + F2AKQTKR6GBUeP5w6szYLVm4WLzOwO1DZAumPhxwodA82Dyfq+Xgynwfl5QYgy/S + XgGgPZ1k4wqoG+keqrmtq6i9/hRjNSfgcngS/D25BU5o0+CdCSNCe96ECrtfb5Ml + TjE/0+B4em+m9vCmcaEcgYicgH9/gYDCIFUl5KhpLQ1UPQRolVSYD2kSM9JYmtU= + =RZDM + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-20T19:03:05Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/+K31CsFsZubkgbe71xE3+KKz56JNihazfz31kc1yFe0MA + OAyURpzCnI3nb1vrfzTt6H5OdeM1nj1jSU0848XQaSVp0FSVnBwz1Hwx2TX4rN/J + W0hNmMZX6DEsyYdOyDX9cdVLm0psmmsLArjjKD2nF4B+or2GaCwkPCyae3Apd/8v + Ho7jRahT7YBNjuk3KpWLjkZ7jbcnvxphmFXP0uQbVyvF0MfiEWVWCaG+dHD//PCD + f+Rh3AfovjYF6XdJccNHyCWCW7aKsBNn5P5Lm1kRqWlWdU3qjdhLDYgtllIIRuFR + H4Nv3wabPSakkVhQNnnO7br+weKXjgBJpRIJQGB34WW90eHYkPqR2agpR4bLYxBo + n+IuGDvnsEflx4hgk5iFvUkx/GMF1npuDnzWvhrCzmsYlodajrWkAfc1hdzmJ7mR + M+0XJ++AlRYkDQmq1lor+2NEICNRO4a47WHwYQVhS1FNuEBtlPxxavqC7d3BLktk + fN1OmhyasZhZ/KOagKBF0UoXsDugWlySwQN7Uk3oWRAlP0B5GMn7vqh6I/+sOEhz + h5tJBZ+Bgj8GFhUNqZbJTjHqVWfz7DR8JYxk/G9E7RFh3vgKuAbSqJ50jcgu9qPA + NDgtm8Ze3aq4ujCwUIgljIV9dYKmZt/KplrQ5HpoQ5Q+nzP2uXdubwtYYr8gA6XS + XgGrLg5b0vMoUvyCU8+FDkKP3AqD9JbglZ1QzRns1y87rzoMqgwRfk2C8Gt/XL95 + j1dRQ+V+8CFCiMZjoXk++0Hb/CzFURp83RkppcMaCPi6tZN2vs9RmpguNPuo0T8= + =JHZL + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-20T19:03:05Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAqL3NkB1/n4A6ndC6r/eOi30F6MYugUg2Hh1T/8cu3R8w + wDBDY07FGgoRWQuZdvWDHIfRcGOsjMCrNS2sUZQd4uc8epP3+G+nZ2haWR6dyNqO + 0l4BcMvfD0E4DSDd3LUTZuOBknUkko3zASDNTSHdULb/bLN1wMcXhwq0i6z9yw/M + Bj/+k3/mQyjwisg1wVdazdtOU1lJiUz7+XSrUYu/f7UgkVjxs/MfglaW0uvEgFoq + =srkq + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-20T19:03:05Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//dHgHPIH2E/e75AAtrSPhLOcfqp+VJqoVat8VU9bbDZgD + zlsZDuofmCH95ikyLSK2BTJUSv7dtQDaeKMbnVBrCPgRNidVtZICE9tPSxCuAAB9 + Qh++1WivziiX5aW+t/KC8tuZLB8MwkD1V2xdabJNxfAyu4117hRzLxG5ODNj8l10 + l0H2DkulvM9njQorgf20QD9BdTLSVLVgzgwfkEe+R8t62azCE5pNrKo5GBJcHO4k + vuZe+PIsMHSBUceNQILTt4fVCT7Mi0mNJ0NgyMWuZrLhZaLNLE2HspCYyVrc+9r/ + /tl+dXMV620EWq08cSzsxijxM459aIO8H1WktnNaIw9SlCXHmK7V4EHskk+H3KNY + cpebQ8sOx8bkHD3L6osbquad2QlKvt3w7BV5AIhMDIMNY0/dlIbeKhYL+v8QFvyy + jywo/QfAIZ5l20RAHpGTNZmZdaLXG5v4TJK04AI0Iu1VfymltxQrBxCM2ItBzZ0h + KQnB219os3SSM2NNE7bfAgkME1lqHAAwqLwF20Oq2Bh4+GI1TC2K5q6pbM2xmzXB + bCNh5sD6FeEbTxktWZPgs/7JFYyLvNLyWQTYnBP965JISRRta/pqrATGFWEpPzY8 + A0IzqiVVCILS2F5zO+bOB0oLdTLaDqWiNQv2wJjuIMQkjNai8ShIxfHrdpdDxs3S + XgES+zZWhNU0BkClLSqVSDuZWMcnrTSb71oumeKP+WY4elG6DQF7M2Mbxm5tPd/5 + 0QXGU35iUpUV5umvJTp2tXA7fsYjDA1ixu6CbwS6YQ6rjl49FthvGNMHCp7VZuM= + =uy25 + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-20T19:03:05Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ//WRUBChaoYbkkqv/6bud2NwjpHnmFaCsvlQaDp5o4dwWg + gpMzlTiltGy9/Co+BMZOh1Q+15jDlFEajLcLNhQhAsCry23VYquhqeMo9rR+yqHq + DwuWui+EKHuwD3ZAzW4rBIVNRzPAFz6KgkBYCXJNg3ZbVZaCWnTGriEt7yTuYa6u + 8lD0nCdVWsWYakoImN7mujMwR//coVTa+7a35fbXVmncc8DIsfTgeqAUkursFgLK + pb8k8bPMnt1MbL9JE33RBqVEIDh/du4SjERveI6QhyRg7KXxrU6nncOQOODRB+wO + yCgKi8vUMumlFDDo3tPu6EiYg142qCfXr4+W6uKTjzzxiKDrG2piEElsiAWauLLy + Cpm/G0EURz58EX6hXviuc9vRKmOxla/1uF2pAvmh6KLhovX79pSmIxd8LHJQDwz+ + bmtudvtMcQz50LwE8wkACsy7Lm884q1K21VuytFqwVH+7fzLnpumEUMPtcAwMSh6 + KaoygewS/CzR1HnwvMCmOS8nByk+U865b3c02APxLr/EwX16IdMnxukdh6ZdtjYg + K/ww4nFZ85sIcS/vqLsxIXrhZ5Xam71e9Aky6yJVo2JFBj0Zz6rJtdhh9SnH0xOm + Kq59fVf0iyiIRlTJOl1nBxNtrMU6T5qaH6X1iS3pAWAlXPuI6nqN1skhRdi2dG/S + XgHLODNQ1CfGxflNcrySpAi5eQ2Fv4ls1CrMhyKfgUAhVSeJdFiHssA5z9FMNCZ4 + ujbWAviWw9mmnFDDGwdgUoktWpnJSH65y/UOZCnmlafePW8EsHsBYn8IQQ9a8Rc= + =604Z + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-20T19:03:05Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ//Rr/YlJmilbwe19pdUZmKuIdCk4+1BtOpf5xqfx+UqF9x + EM+UFlWmvbvi0g+CB/rsmZccPqu40A3PBcMa0BajLLAtoXB8F6MGiIS9Nk+p6Q5+ + Y5FAn7txhcAMb9VX4YSykav9KGlwICNM89ItG2CgLVgJFJNvWOuWby+vA7MLq7zb + WC+4vRmFo7tik1NyJOoSEUuVdFaR6bgy4PX8LSqgA6HkwJQ28eTrmdAp1xcVo5xF + VzvlmmsXg62gCoVyfu0tGo4x/pTc8d189lxpuK90PTmlQByBrmYUDPv579xupugS + X5wySB7FXSdvDKVkR2PiEXOI4AqooWFLWeiP+khwV0bTebyleYxYHVx1NqNSA3Yi + LCtq/ve82pLWOYndJw/cjUGS9KaVGb0juxEq5gGj2FGdD0J6zNfDCUTfbJbQ5mhk + z21Uo8E9pdHxygy9jQtLhby0HJIOwyt55vhZKaWvho56CYa7K5IsUnamrnOGjCMv + FZyq/9oe1dKY4qvwGABTpGqyxiGmFbo/5bUN8gRZ55Ad8kEUczTOPtFghNH6CHzz + 5nX+hgH9dgJYhWq/Gh30Ncr1mUP+mp7Wu7+ICFX3bBMZ3CMBHohMuBCjqT9mRA6n + sVc//UHJfhwOZtvojXRLg3ml8UB7uR0UadVq0EDH4E2r8xB9bNRw+stcau03RPnS + XgF4See3E+DIK1pDQQiPJhpusG1zJNkmmucv9bx7d1Ml9AB4cEGYKtS46KHfhGmj + bUCH5635aok2OIY5PBOEaGO52HJmjmKISosour5jYkY/Xxu5lDNyKBc10W7quuE= + =33rF + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-20T19:03:05Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdA009TV7DH++wcvU+3nwA3Romc+DPa2QbF9QAQpLTV7j8w + XCT0y3auPS26f6+1VoyKEVCcbbJj04WfS6LpQgFzh0zcveW9eCPmyfJUQexsslCV + 0l4BxxywC4sThDoU+x/SjsX9Ux5s8Jxt+p+6meXIBN2r5uZ6UOvnbV0GLd9Y/IeG + oZuyB+KFwgWEGkdVskNe0LQ9fv7EMiklGOqeu1KeBP7dJyQp4ch0IctG4lX1bnOP + =qfjj + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-20T19:03:05Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdA45UHDodM8FtfD3VgrYVRzfPgDrBqBYGJC8OOgULKbAMw + vyPiROW5sWFc2ghokzeSQqOOfRAwKFCgGHirI00IIdBdeDVGIV0m2MNmnd4uBGfS + 0lgBSUFt3MFTUMqc0yI7Jqae5a9cOXTRoR8Lt+W0KaEkciMBbdDHJktQbQHZ77Uj + 3d/NB9tW56YuP7UzAm3xm6dM6I/qehQo0bL7hOfbyNy+PuxUZglFCsh8 + =N1ud + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-20T19:03:05Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAxLqs/FhUjRL0Qk966pCx75xHSyhW8W7EAOITdHZaU2RF + Tr1YzMHF/nUD/1YQ3XmnUp/b+EEds2JWV/Obt4lZbeK5EoQHMkBDA7O/ZBWQ95+B + ubbkqDEW08l0jT7B51i5EIaLxs3802xLfnW2ZDoyTy67Y6Sv/nb5JNoTLB3Ts1x8 + x7r56v4fnq2O26SkHrhsNWDajDdjtREYNiyTQ1bxGlWFmSInWTKaYE9gvCNoAele + rFFjCyD826gR2Uk0kgJHD0zQrrIPu3TugUdYVjEtTfAuqTimGuurQX5ZbK04xZ2O + f++XouOWFFnJ3xadFJce5Wg8Lw4VJ7/FaSq5YFN3DXkFR5CnQc5su+cf9AN5GNoL + gMHnlomTg/1kf9MrOzd0geFaKRwx7OLhsieFmTJw2KoZ67xc5W3t4OrehkLHb3UR + nJMrm3qpHD6ypkcD8/ooWak/EGNQ6yrihiqW0Wli3Cp+EWyxrJ9I2UDfJPT4osrY + iIS9wK3/d7mNXJb6SnGeKQcjPtuozNhxyzUkLeQuh6h8ziwsxzpI3v+4/GhrTuM/ + uGojgZqMl9nRQ8VjEZ1BSfGD9TU6aUctZd+pzvtA+29wMwekTopCR+CCPYXCHsq/ + 6QsJg0ge2l+7Ei25WzlIlFYj72MEWecdGLeqaM2o+S/OKNACE+EpO6zJGoiJX8/S + XgEJ41AoYZwHtvGEVWfw/wlw7zTlXlwjU7mjJ/NLDs9TEYM1J20tQT9bbWXC77yV + fPRP/u5MR2uZEPr20YAghHLFPumqpK4laHmYqJDNvNiGibVmksz3jAYS7tgItl4= + =8bqP + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/inventories/chaosknoten/host_vars/wiki.sops.yaml b/inventories/chaosknoten/host_vars/wiki.sops.yaml new file mode 100644 index 0000000..ea23e8c --- /dev/null +++ b/inventories/chaosknoten/host_vars/wiki.sops.yaml @@ -0,0 +1,210 @@ +ansible_pull__age_private_key: ENC[AES256_GCM,data:NskytXI3EgNvNGqLunJuKIK42jni/TuRdEkcoGa1ZXObELt5Dd1yiCdEIOmJCHyCxSrXGUU/8wbTciLHfNYYoldx1Gia5LovX78=,iv:aoCUz1xzYr+dZSKwtxiHeq+Hf9ObbC979VRiK1M8vCI=,tag:01VwAOByHn4PRfQNS4oFgQ==,type:str] +sops: + age: + - recipient: age1sqs05anv4acculyap35e6vehdxw3g6ycwnvh6hsuv8u33re984zsnqfvqv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwTjVMQUduQkdsejFlcklu + eGJvZTJsYmtsc1RaMWxBcGZnSndlLzRwTFVJCmFsd2xWZTVCL1lqd1FWR3ArZ3Va + V3NhdTVuUmh0VFJ0VUtyR2wzTnhoYncKLS0tIG5aSnlBZ3ZGZHZJa2NCLzNPcHg2 + OEV0RHlPV0hPSHd5eFlKRlR1SllXcDAKJ99EvscYIOPV6gKePC+Xo2/9Iz+FplXv + 5pa+7WFlHlw6UjXl3l+6qUqBDQxWpVBegZqZFbKTtYSt473vD+6H1Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-14T23:44:34Z" + mac: ENC[AES256_GCM,data:Q2x63fsUZMuicE70thSVCG/pKAyzTw7FD6f1SVbvBnCv3r2xsNcXczmk0xoke3H3eErf5aiaxzsI50VbEzjLOb3kLfFeHXMCMvT/SZ/DHo1bkMJ1P86Pg6y3VFAflAJRtRvRpNyP4H9rk80Ii25iVZUqwuEcdECTUQuIF9G2Xew=,iv:QMlN4DUcAWQ4I+G0p6R1vEL9lFF9ziRlntEOf8Au6jM=,tag:qUENqPQBJBjul0S9Z7Y0NQ==,type:str] + pgp: + - created_at: "2025-10-15T08:45:26Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ//ZxDKUI/QyvpPjVij4av1VxHUmOm1avYBumYremT9O6Lp + r2GeQqTwZNwGqRE+LKKOFjAtoIeOSvw60by+XQQPwpFRBGud+emD1Gku5WZcomxH + vD6YOuRN+Y5PhlQ/Q7asIkh/HTvY4GXK0pyltE9gB+tIPj2RDOaR/BzeCvv9xPro + ZLBWKEnGB/J6Ia93VwGkAzJ0KzdQx75MyAGYaN0l/F5fwZr5UgvwjDrL4+HEGVBK + 1Op8jmJrFdTBgK1YC1MaXQ1/bEI3688InRDqwDigCCfU2x1QB4lfjpw1bbRiBmtU + fAnaOfE74Ym84Lmfpvqyo0V8VaNz93miRHDLj3yTVuDAgoLHBREK5FofkIjBOj9E + NfnMiGaibIQRIWztHSz2/B21lPBT80yyLCPauCqe4N7IUrUnlI+CimMsiTcyniek + Vwrl42DkwPct1N8AbKY9YMTw8RTH3ZUT9JTIqGyGA8kOSgl5VAV4nqb11Wgsd2YR + C1KBAk7xDeQ5ihpVcqBf6tuxI3ES8kQihm6H4y4weTJkmIKDE6webusP6eXL+JX1 + rCsBsBUv0ijD38dWeXPrNKQdSElZ0hLgyttFT0KZuH+4dPgtTMCeYHiQndC81e4J + qdDlYB5f+y0S91qKYMPdm3/n2e0uU2Jzc/vTkTV7wE3/3nOk6zhRIH/0K9IQgGnS + XgGJGambfGpPDxGzmhAxtxI8GAuTsM9az2PD1Y8jMPDRdvbZ3m8shh0QTHad4f5I + qrtoRJLr4EDvQ5wroLFrMizBbVYBobFZewvY2978v5+MzndWF9gmr1RollhqqR4= + =rv7B + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-15T08:45:26Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ/+KsTuWMKbHHrW+bM7vG98Un+9MWCUKl0JbNn+rS4d8G4H + 4lwyT6pEGfAJqJuP7kPu6VxKDYX2+oTaRoZDirjVM6Mvc13tjYmeQGin5QJcRquI + Q1JVoG1sLLckZSnwIDnzgXH9J+JK2JTqfEnF7eKiYE2oWDoQaKL3SsTKdfpzIiRf + kEo6ujik/02/fJ+sIf3GFF5a4s6Ji6N/fMmzQ1pyWYC9udTIIhHxUqaMvrVAkzFq + ETgQkR/nW1FMF52BH6AmgYgPZ/Sp10TRPr/VDsKwI6zvp2Ix91wOY32Kd5sw80Ek + p0J0oyZPTMaJ/REyCSHtiXWsxQiwd8S5+WgJ3D7khmKNbF8O6PybQ5e4Gi4VhysO + CDkGiaHDq3qOD1Bnd01nL6Bjjw7ppgpbw1PoDEHO6EDUoPO8A8RZBkSmEVebmNQ0 + Aw4xXLWsq4A4DHqBHdGi+hnM19zjv4+0bzVMCc+7M4q6zFnMwRPSzZIL6ISd9y8C + A0xXzvl7zX4F+kkOi2tYhauYutEz+GT3/O8J465ckkgwyEAjT+iA/LESk+1ofjnH + dmdMQQOP9Qf5kTtUvxwvQq14ParIDUdHcFa5MSrgMVPRR9SoXOYcqgBsF7tmVDft + 0wXCmnUcq41xONYa8Iau+eFwjJc9WJxU4D3JmVr0nBbofHnbgBEsD9BtW4cTUPrS + XgGeyoONP4ZujhZ54Ikg0czs5o5L/MPiCCHTH3d1wrruoeMCV5kQO4pQ+qfTvmRw + oxp54uMreBXoGNX3mqAaE9dymXPc/9axk6j4w7QYVz5G9fGBE4phqFUB3anTIsk= + =Y5hE + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-15T08:45:26Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/9Exu9vbiDjtU3s/Rtf2gc02l7BGq2/r4qz7xm6MKx9En+ + 4gYmBvTAqCNX9rRW7vyCHlGqM+Unr7zEvpQC29GKqELUAgsmNM78m0Sv0w/PGSB+ + 2m5pOjQ9JxEYpibPebTZ7ulkrZNmGCGtC/JTfPql4QOLHLbor0UdRC8CnC5JUZr7 + z1kKWUFk3Oo/t6U82EcdofdneZU7AH14rRmsyIvUUYSDpHZrz7S9PO+NgkUKbMlT + 1pOzO/zDRzbix3APqaaeq8zo0n0ExraSxxscuFu+5nNzAsO3TsHfX9U+vi66d2xC + 8ksuXONKPy/BMnURouwEVA6iYleGl9fq/mGSNHTJv3WgglmG8W6+nmPuHxuCagd7 + NrimK7ch8Te1VaidLfN+8Rkbs8hElHDUGF/fAU0/ovU1Suzzcu9PX5dLyoDhJxQ8 + v7gmRk1UBxC8xhuNCHn5ZyMMwvpWVCDmCgd5o3STts+1AU0HVN4d/+8d7atkBkoQ + YDUTreUvgxP4+dddBjsn8X0D/pe9OXPfnoyKkSwHD2WhYMPcJvB52Afp1rX3jk8w + AEsiNC7AakEdZO4IOSa2tatOi8z4KvpzEWeEV0VsAjuS01pib72LOKOKJzFClSv1 + dnKGagci8jLYggoT2oJnRnPDav6ZEQeE6G5KNVWYVZTEPkyTRpnKrxYlzkItcGHS + XgHHYsC8OerJFk73RY6uyKx+Gcaaz5NxsS7n+hsA9QU4alXK2UbpErSXhgnnqjUz + u08x+QaBvKpAuwU4q78HqqeE6Brs9ywDMHPZZ3lxffNq9z8y98iP/bHfCfIC/jU= + =w9Zd + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-15T08:45:26Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1ARAAhg4Br/cOdrHdvPsvim4YK188M8tll+bHC1LTkbjSmZQM + 6MRXe4z3Y9s+R9Qi6OFrkedtgb6Jw/p0JssBeAU6Z8GuxEKSJ1tBsi7oplge22Ie + myqAFR1GoTdshj2UXKyWzKXwem5Q9jd6bajg/863m1ItS69DQcSg22Kv6kOyi760 + bje2woAZb0J3G5jzB/jra4Tw0kw20KqkyKqnYXfhLTMcsWB95D69MtkxmmBO0mz5 + 0kPYq4ryyb2hgZi8mYxzKxeEYbW4LhWnmqyt0/BsyaNwIOgnjcsWJHNWQivbQ/04 + dZdBSQEft3dDRE5WbHq3Yu8EtXyk28cOkfpFQNkBqVTfQ9XHQdiPNSxe7RpqjAxG + 6N93EQ/NehN1jD8UW5mVe5OFdOULmyUoX2MhluVHiZsnlD5yNR09FKcZ6FUHOdm6 + 2kKam+vjo6AOkVI3s2gP7dAepRkdxo4fb46Au+DWA4pUCWPor2wYrqxK5h3XXFJ+ + 7tw4oV3o25ZyUrMkU0oGP2amp41MMLMofD3Cr76uoSV7GvVIfyXpiyWUDBI/WbuA + sHKAYpSRO84Ry7AK0Xv7Yu1LfAB8FDJlcw8uifaK9FMSAHRPgRDriaR1QQrVveHu + HypZn2lIqMKKk9MGGruoBLRYDQwL89cSHQwvUcwYmEfgkVjBJ85OQAbB+3UhHnHS + XgFFg3y5qFdyCwqI3vNdl3TSprbqE5Gn99q9tBAlXFAryhHDxDhk2vMSY8e4dkmR + c1vuO4qoQCGxP0hJPTbI0U0qCVRviA3r3z9HzCGoDFIWDk5AR5KVsp2rZTfIaps= + =3m6U + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-15T08:45:26Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAMC8JipxJ+7R7EF4Zg+b4B6kRYQ7vQc8GRnlPkMDCcT0w + XzaRfm4FrfiExhb+Cew/vH9l5uGR7OaTyAsplOqduD1sXwrXnr4LmRpbIaH48nuF + 0l4Bx8XjzP4dmCbZF8PyTNn5kqUPo77Hl/B2zHXYU6BXbhHbF79TQAnvkv/RbIyz + EgNs7zMf7HVU5whwU0zwp0e/SZHBpidFtk2lfgfYGaENSRSj74KEAk3SY5oLCeaB + =LeLR + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-15T08:45:26Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ/+KW0CDAFEw6L0gollSiBcywcRuecTE83wlAhleIquum6o + 7XJ4Dpy9tsuadP/sCjLP/CtxUdj9sfnHvj4upMYITe/mnPZXrTMaCp6XsL0RHS5K + QrSGrvuv4zW5/H/2s9cNineQ5PFVBOoYkAos28d6iAmvoQY9X0a9JH3bsFPcyW5i + kz29b0wwEOvHkV+sj4A7h/YuZX8qMrzxbpawdJmjIlgd4gEdkaP8LRhSwgcdx5X6 + ifA9QXgx9C5/3O2KzpDpwGzvy2G1KMglNBrtEKzrxfHdphE6NTJrlly2Hx4XdAx/ + i8SsyFGkjXQv6rZXUs1fGSt/ioNLFxzk8Lqycen4/zPPP7vb0kCM8Zj0qjXapbAs + Xm/LcHolbvj2hU86gMexg+dJ9fxkwrxArh6tJGC0unLoad5HpD9iN5xj7CA4ZxfS + UrgL/ODOs8OO3+pc/zVDl2jWTyc6ybwM1tZ546Zp/7DpzZI3mFbQI/CczT21YH2w + epnmrYwvG096E93Q7/IDNHHTZkBG73ZzRPfProZXRfpJR7b+8llpj4GEHb4EAW0S + adsbNgzaHxl2y64iTlHlis21Nx1CtiLPI5evUckI0yhFX05bwe1iUooIpzWyRvbB + z1lPtx6JpPauNz2Kb6cTRBBQuZOqzSBRU4mk/kc1ANhPlUNcCw2njNyAE4a3DHPS + XgEgviJ1TXZW3P7gJefRTr7RyPL8puf9iw+DkiM4esKMp367eYxvSqhPhNhPRJ6Y + AEZ2FtC5unZ2IwWWgDPH1KpOpTNR5DkvC+8xI3zLACUy0x7GXTHBTEuBq325OWA= + =N5mE + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-15T08:45:26Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoAQ/9Flk7XZdzIUdn96HmMeibsZy+zpwmxxFItI/7vRJfu0ro + jh74Mdxf7ycfCxPOpPQlCMj1PfCsyutxu+mPZDfSKu+YnlxaK9uoBlxoqZx/JDZf + tnjyTHqcykEzadDEeJasmz+1kA0Udlyz9/276LVJ+dbHzyHU3FcsGpwYgv1ul/tx + +VRLO2ZK1uVxtIn10KXAKbEKMV87BfjgKcfbdHF66jPAuiZKANj8ZwhpbjJEpozV + fuOzPkVO6SgpUKWVCIZPMgji9ZP2+jD/dllK5PTXPmlaTOtr46ufYkfxkzzyw5sU + q6Us/N0h5EYXBYYvzdgBAGOq7NlW93DW89I0saridv8NC3Q1VSYGCd21aGC8xwrf + +yaU6Fcjggzvt2iH9nUrGpqxB4AwrVvh0MPmS6XPZ5hqsFCNOMLAPqvTVmrh5qAM + cWzfzVLP6LqSZ58Na0MNb3hxTq5py5hZolmfjDbtBashQ4qv7/5o/i9Ntoemcq8i + sQHYYNDHC586EY4GfoU9Igo425VigLzIuvEbcA+PSUnZCX8FTMxCLJ+wo8y6GaU6 + BbJi3QX7pw7XyPmkoQLcGDcmmGkWjHTS0VCj13MWtlk3mce37HH1Y2piftxo36cP + 0cR8c/vP4yr80IRPfZLgrGfJZaeBV+I+gfnSKbKO8+HKzVFtF9NAa2RnSXFqscrS + XgFCqFYfaJ/05gdrA+/My+n4/9Cm44tK2o195uta/xEm69M1KVWOkNYcbW8F+n9D + qHVGdGGH9EEdfEls2QQ5H5UL59Fv93rn9dWlfyGtJOonMvzlNH+Kvw4m6LzO3PE= + =NVhE + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-15T08:45:26Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ/8DvbHIyGLCH2mznpiipcVfmKrZcTRvnWRkJcljjwZl5q8 + qcI7d47cOV3E8Prmx2Q/0PB6RU5Y3qXcDV3/VMiZCjCC++Hyvk5l8FsCJRPDqe0r + h6YKyIe3sWfW/Pk2Jtqlitws5/biOyCmc54ERSiVmVyqOnJKwjKsibn1S/46uDVS + kemJ3VWzvwNWeL0sJay8kL4fL3uabQg7t9aaNKb8qp9ZEI0jad4dFj+0JbmHckYo + d6d9jCIkkZc1YB9O7qrE/qkb8f/d0mU9rqcZ87nGuINYUYedUnt6f1Ui4pHhUmjY + IDsTry7XvC7JaiEwivmPbaZ9ffe8QyMmtBq5WLvBPJQGRKNl6iCbbnZsp96UzPrE + taHIGF9b9qUocrD5STbQDfRGGjXSamr+V1x2OPwCUkfGB/Ts4EmmPTPsB4K/iAIL + Coi5GWHTl164N5tZ3o1e4ga2sHodka6sDVLbsVTtutlbqr0VvW06bm6aFoC9wOk8 + BLB6pO+R8RjT7RfS0V0/R4YfX8LoaQR0M/B+kC65D2+kn0aou0RYzG50VenH4QQm + FkNKiWJ5vn0kZ0kE4iC1THuiRRNSBkC2TmlRVlshLSLOX05zKX9NU30y+ehWaCNL + XC49stTV0kGYYr8TnB0q0DvxHzgJE4e7YseqhS5irrBVcm/Ltsw/gajT5zJx813S + XgGUstn2BMiSrYYce6WQp573/HZGG8ULlt3acVeRFCs5/QbpJUCMnf8N7CQuw01O + KX8EFWHY7w9A48qFDl6Yw5t1o4mFb0y6rEWIewnIkwnl/FTX6AKi+FObW7WXHHw= + =QGIZ + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-15T08:45:26Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAbAPphVEzj6P83i+VBCWW0mvtTNC+BtZF1oSi1qqpOlAw + gKtI+PFAQs1VmcP7LqPlFRe8fXMGCC0gGd6ls6vB+dKeB6mOYRZZf+5/NTErljIc + 0l4BuJxN062P8rKWoxidpkkug9qGzAGss5yehxI7ErmQzAlagnnQ+fg1xCVuOEf3 + NQfplRgI9wN/CMK2X0f0gBLwxcQ4exnC9x+ww/5/cYZ7Nmwq0/z7DYS9HCtD/RZz + =DYD+ + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-15T08:45:26Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAXgHEVvWms2IrfU6GEYx5K+OR/YwThlRSlDbna7SkIxUw + n8imZ5Q5X990XNdjj/L2AlXdVvj8wRulS4mdWEuyEv//DSY5nqVKD4BHE93xoqf7 + 0lgBAeIpAei4A5V1kdiuZkkh23tIkjDc+9bsJIGpa9uOilo/f1b/g7we2X5dsslp + 8Q7vwpLD53KbHlEi6ByaGX1unt5Ws4FmARmzV9SF4adzkN5eoGYQknLI + =R94Y + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-15T08:45:26Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAAxLENJeplBhemssg4MdCeeVP7SM3xnx2yFgh1GR8FWPgF + lpkMmZF/POF9lVg1drAxb1GTa7kLxoZKdN+LvrJmp1pfYudasubfCG6xRatNpflZ + SbP0Qvcsxl44PqK1vv6o/KEVc1JNSF6iFmuc3iF2wWepnWejiUpvtd56R7NjXAB/ + RcYSzEoncJdMD9PqLFce8sldHhLAZnHW1rFVHZprV+wJVEycWnXX6LyL6NlIEvC9 + jRQwA+CfG27zoe1eQmrd2bRypZw9eZzqj4g6j7bGdKPfYza/YhWUm0bp0pMM72vP + PqfvMBPNwC+Oe9n4xYq9e9bj1MTabVUMsO7eyh5PhSf0iWWS0nNYoM1iCwRUHm2g + EweEyZlUXhZyCSrVqBKJ5MP5rOkgyPA1RYINkYWESF80FS4qu+QZ9+djRLF+3C+x + t+/3lH5kMnw3jFo1XGdodDyR8z4AQyMgdfBNP0bCNhyN6jROMRzE5SG/uaGzyCAy + 4n185bH90RAau/0s0d/wLtG5OmH9EajOWN69mclWXKeF1hBvrnDPMBYmSmbUeocU + 2MfYTXo3Cq6hlQHI5HjzbH50Ei9PtTA6k12BsZNCQfjKef8FFpWhribFRFo3h0wq + aGf0v4+DvpLAPqIP/44yz38p3vT6bo6bVvREebhPRo2NbEcSpiKuINMvv/iymlvS + XgFdB+W5sN7UOFtINqYyHQQNhTf5ltsfHoaSNqgigEAWhLHSMEnOClVdcFpM43r1 + i4sePHswqH0/4XLf660mglYgmayUiTv9iqEjCfFjwPb2/8JZVagh7tdaFpcLviU= + =fCZM + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/inventories/chaosknoten/host_vars/zammad.sops.yaml b/inventories/chaosknoten/host_vars/zammad.sops.yaml new file mode 100644 index 0000000..91906fa --- /dev/null +++ b/inventories/chaosknoten/host_vars/zammad.sops.yaml @@ -0,0 +1,211 @@ +secret__zammad_db_password: ENC[AES256_GCM,data:ThtJngNvMc817rvbjMjjbnp1tBlXPdAg,iv:GcQHc7p5jFcyxpTcYsUOA8PvD1Qy5HxVZXHcAuL19Uk=,tag:UjVxYkU26/zkBL1eKDfreQ==,type:str] +ansible_pull__age_private_key: ENC[AES256_GCM,data:1GDuO2fe4n0qDxBHbMZleLr5EeEtBs5Vlh6PZsJJ4HWA+yTc6q0QtLuuMkBywKhCBPThGrBaUTPSOzVAQzLu2WdNhGmdQ4KoWE4=,iv:UWr2LMoLfLPGOZA0Pne38NDUql/Mh7dHslYr/1SicIU=,tag:npddFnsbRQIDhotK80EtlQ==,type:str] +sops: + age: + - recipient: age1sv7uhpnk9d3u3je9zzvlux0kd83f627aclpamnz2h3ksg599838qjgrvqs + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RUtTamQ0ZHVubnc2VjZt + YzZyeCs2b1NuY01DZm91amZvVitiVmpDNjBVCkdPTVFUUE01TFJWOUlDTENIcDlI + T1ZlV2JuZDJCQWJkcjhkS29nM3UvYWcKLS0tIDV6bkU5U3dZR0d6QVp1bG9mamov + c3ZRRDVWTDYrclJERVZEdXZYSGxBRGcKJGGOHHqqHAZxxhLY5X5nW8jvzRlIewwD + luVs0Edqf06uxdntEbDlDWnXthpnx0nypokxgPWEMaQp1vhSqTmVqA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-20T19:00:44Z" + mac: ENC[AES256_GCM,data:Wb4wcEmSj1n5dINoeNR3wyXk+7Ukmw0EivRk7dOJ2jpg80LShB26nemoH/KR38f+9lCRG95vfX2LHbK92/yzJnrVi8cbdmR3Nbc7EvJtwaRM/tzuSR4KQXtt7Xh1rwbJaofdlEtF6yPvjjKLHsioijOSDwlI6+aZy2//Xxt21+g=,iv:k+daocz9naGwdIH585zR2ilN9PJaSQ3p7hsQWHkh8Nk=,tag:8ljEybJqu2dFdIOvbO1JOw==,type:str] + pgp: + - created_at: "2025-10-20T19:03:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ/7B7FKN/EC9k1+me9liDPJ5dRGH5jy6Bwovr+SoAN3xOWu + xASqd8sp+amXQOP0MH3aQM58JFEfMNVo7qLYjfaAHg4I4OqA3KLM9NpnmdU/j4gb + DsOeHkA/WbSHUCH/j3pKv3uFE/s52OhKTrIZz4N9n507uWa3giYGupkCKqgHO7ZO + hw3HmCfmySaY/gowuGlApLaF9f0HmEKP6/horx1GD1ulEL8YyHEuMEqXyj8zwUYH + 0dKJvUsSPzeUdAy+uMs+seEEBkWOgVHZGqvVOINaf5Bj4cKQXF5CEPiB7gOWy1K1 + 4omLwmmQj8B0nNg2Xw5U35pri6ciLpbhRfSqYKV91sLty/svZ7Gk2eZV4gOCw2bK + HTJitD5G9sa7TFdSO8OnvYNPKAv8p0lQ1iVfKL+7dxp910kPXdaHpiMuHuAZbDnJ + 7PlZ/+DlrZ6aajzHJGV9XuGQQ9iWsgWFmSWIi3P0qMk9DYHuwhNoWcsQnfWDpQc0 + IibL8wZcRHi6OjU1RrUoYYGu+YW9ljyJosdousbp+nOnGlQFghUJZqcgySHhfvnt + sVGGSsYk5W2w3UQ9LwGdDvUl2KwJ33Peac+QWsgyYEIeFWx9oYREOW0h6tqBsgC4 + xHjBQwLU4A1iExwlBWup6xvL4to11GN7MLLwhBdS5XoNP/SSrEniY2/qP3bMBXjS + XAGTa53J/PhRwYjnNBsBDIAUE9rp8AP7mDsyzTZ/5mbm/ajx3Gk96/vu2UL0iXK0 + HwjQsgIBCX9UP6hqXigGr0UFRBkD49ITJymBRqusuisnL+nJrOzwhOds87Ec + =vSC/ + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-20T19:03:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//cTscdt7T2Xuc0y1fKqRbSEuPfFzFCuWSdYeY4lm4SpC3 + r0/U6+vHpXxVdtRQXc7NIW+GT+8OGd0uNz6rNFdQa7sOs05bo8PUWGXgLKEnn5XR + wp6Abz+SDuGCDyA3HKbkhDozubgq3EBpvziMU5Pgszp3PJeonofw2ZyIWVv5cH7W + /oemH8556PBwC5rMOw0hLPT0heT3TrV7X9IUkYhs63VjsnUkFeAw4v07VkapPVWK + wmDov8kS08USm4xa5Kzj64BVTuX8GK7OoLfbc1VJTzsxpS8seN6aBz+0dxExCx9G + GPX37iqdwdPjol6HcrmLs2lg5Gp0bQtE9uf2OZgIAu8LTFriTT+szSSLStuQyuVn + CmgGmFL1V14u7be6HGJdlHOxZ8lcEZzyu4hFDS+EvcEsVsVIkEr8exMF6AcCVUmu + 0dz3Ybe0BR4LyFB0pYpA8Y/ZrPf8nhrSp6Mz+uA5EJBuetfpyVpSGQzlVHI/AmWk + 0dbhoKITKvh3cesIOg8xvj+HK8t7LI2ENRLvQthWrDsxQqVnk/IE1KpVqH+B+i+c + lr2QQYDQRBARnHCFQXNfoTwLBpBIc9I9dy+b7bfXO2ELZ9aovRpoglwKWIRvwJTB + Wns6wjhiBGS//6gcY97Tc/XFIVBIbBLE7KovzTmSIhwoXd2jWdTyTvnbGrBoqSrS + XAGDU9Zvp4+BShpMNPAG3kHcO2cGEbAuYjyZ4fM1slbqOJgGcPZZ7BgQUIS588fk + jwUpSs4IGtfI/h4IOSy+KeIrLfWRNhTevyi8SSPOUuMLkrZ31/5goq4uridk + =mc+s + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-20T19:03:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAA2ImP7YdTd5nJ0EPCmirI6m3XoWNHje/UtVJgzy1H6AP6 + aFK6fXPFTXAzSYsl3IeHhcVrhANolbJGQWBuUq9LsJ0gwGAkF09haOkYi4Y/ljr3 + JqygviUjwk/Uz69/U5hCxMT+l/9YmkeHFN3QSY9OYaMcoaKorWSObT3z0ADAVwLt + P3Pm3S6KYss7B/3NH7z9qJUp/+95RR0fNm5HLZipqlTLVBdXNY9LrOylEPjuLPEf + fMAuOLj3xaUzawr0RgatQWB66aoPeFvMzTMSqLx+isnYFpzFUfcikYuDZeN+bRw8 + zT0JVP3xyFRKr9pNQDa/lXXOfQOW8gbSRYJE8zAai8D4tmFVbqQKlOWCxst1BNv0 + TVos0yQJrW8+snSNp9Irt+VCwBtOxLzoI8cjakAuG85Mx3xJ5lYT/Itt40L+M1UM + KkGzxXOZmm57b86jrKu+0lnAm9hvwIP95qxJupBzTJT4BfPLIeBMQ8AOV79CLaoI + vAjpTRatN1mpNWHYWFWYWNVkyNG/fZXqSB/oAAmHUvPD78tPdKlibpI57R1qa6f3 + ArL8Se8tnTHeF6od0VMk64cLKMnHBCJsu4dagMRpoSLPHXz61+846FHUb+AcJOaX + uPlie6GI2rSsMNCaAXP7cpz3IRQq4IK5Mpgst66MOyDexX3RLhf3dObQTZ4MmL/S + XAF1MlW1r/8h9rvVWOkFmz0BSz+qPWbGDssku1eJTs7BrZKCl9kx3MkHfPuUtLYt + lE+vE2nL7Qy/Miruf6voF6BYlvsBwx5h0BrZqgGo5Yv/d6smJ+U8tTJtcR/m + =V91f + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-20T19:03:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/9GPe2+qZxMOc+znXm5uV9tQMORKfVHLZQG2L6xP7I+bkn + z7TMKMfz4RFzwONn80dxzbvYSXWy1EnzZ3dAkxXR+Kzm+LoPU7TXLPNv66h13MHs + SVFh0beeQbtdAZ9+8KDB+8K+ee4gwlO8jzZcsd2kL9fxL74mEcTbhg8U82+PL4v4 + 1+W48sIhvETv5vknW+1elouCwTxWw5lUGqjiMpdb7xif4BNTrILLqjfmdjOhTM2K + 5tkNdlAh07mMXU/yMPaD8C3Z4AoeoXET2Z0z0lIpyNn1nN8blBU0IDNjq1Kt+ROn + 8IHvB8hwmkj4Nh5hDhOP3rBiAE/2SPUT2+vKmoEDxmjuvKNqIPRc/Cs0FYETpJNT + YfykD7w/PXg7tXISg6iXfgu15FrlBKnimHcihjjstl/GARqKdgcuY79gztOySj9e + uv9Ur0fkpajee72azIrW8mGz1J1U0iCPq5MbiT3mddzxzMWl9olYWm/Y5WB1oX4j + //U5CwOTeoXWkk+JvL9IyWP3llUO+N4qOIcfA8j9aaxyQkfCg8kcnyfJy3+iYzbY + 2DuIjW6Cz4oYVIUclfM2NqTQKDOcZbssDFQn0L1O8RISQ2sDw5Yd41BVy6DFe4E4 + Ozl5cWHPhvbgFLy4f4meQY5r8EerRfeW1Eof3lp/1UOPwTI5vRQgdy7NAewNUFXS + XAFJA1bB5Gz12EcUwAa2DrUWNMqs4HmQwnFPhY2EpC3sZH12L1oVmMIa1AQzm/Mj + vuhm4yD/SYwpbAlimxDPnMyaeNG1NCLNUHcHR/hgjbzpzXNiRA3plot73+82 + =WFVE + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-20T19:03:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdALpcxVqWAeHmiCiRbICOxovMiwCzNGTTs4qbala850yow + r1ZKkG8HIJOybZtEs9DA3PVMMU2hMCrmsrbYbisZSn8TeCzchNc04kfLU4TdOSHl + 0lwBs3ScY2EgYHIe3WOcBvy6r96da8XLfDMfxYlP4QGkbp1spurrcQe7H7V99guB + TxoubvEgtJ8eMlfXkWjxdOWEq9aUd0dr6x0nwAvivW0ApuNx01WCTYuscgsKxQ== + =QcOA + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-20T19:03:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ/9F1xkOwiQoCYwXsSxpwVMlbN2svqSey0i3KV38fboNs5X + XB62Ry7rB5X7LTw2+5MOuPMAMsHk5KNFah25mipuMYD4UiXqh77emNfeB52MF70r + t8hnmj6CtaaVSnWnHeMOlF11br2d8ZGdwnHhn5En78Cz+W69+u75goPR0YqXJaar + 7hfm/oouSQk+ankVJYEvreO6WKr46+XGd2FWcxYZQw8PVW9iDE5+JhOZM//NVlzv + vylrYmLK9nhswXeEfq2EP7yWUeUClLEIQY2SuMA/VWK8wf48oQTd7eiXWb7pd/Ls + U82Viqn3+/Y7QMt31JnPhrMLaLCDwuPphxMuOzrncGjNig3mVcyE388gWSpkVHRT + 4nm/lHsVbFyvJdj9pDgxXNTsSe3fViMvs8kd6ZIn5WyU2W8NymcFbptySt9iy02R + hJaC+7Wbmjfw1Nq52HljcPNqRml93Z2nJaQZCeJEaLo9I4mz/MrGLBrQ+5lQ2Dwp + PPSYDQpJUmZRa6QkGFceQ4sC+SQp8hQBwyQ/sVNDWF3ocaxIU/erS8eDZrP2Zve0 + z7ZZDrjIfx+ArGDLOxlaADr8PyNRCnEX40HgZXGyyjbK3jnwoRkdkp6dx56IJTWr + smIWH82eQQ6JSRsfeERcCWQF605pNVrnGMYx5kj8VVgNPpimRdvUrPsdwYz5WnHS + XAEt/U8izWISfq+DFbwaZhnLAQRZ3VJ3QIjqSoBRGU/UfRqmTLpOspnndK2hL/6k + 260An3SyQea917a+WmEIlI8RtPh0Mfpq0+ao5Q6okGECdjwXhJm0LPQ32pUk + =rZNp + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-20T19:03:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoARAAmiRGmQDxdiJV66w2dm5wTUtfjTEzy+GI16b2C+kkjF/r + iW7VridRtVo+3wmhAXIVokFB7JMaDcCWSesg68jf/pKfrB8uSdeXRisKthD/gO5O + CeqUNWXV+rD9LUbuHpNBJfwen/6CaGZiw4Ww01miUBPODjtr7ljaYbgRdN9Wi8s7 + 8cRAoQSh6J/bfWx1zA1sMA9l/EO2bLmFlt+Q5YTEY1yAISuih5fXO45QW4Fxn69k + MSZUywyp9+n/wssCnGb7JUvXh+t2fa/1fTYgl6OI75Hb5BfAJfG2JnF7dUyt4RRn + 8il4qsrAvxG60HC84NYxR2j4h62wK6v1806bgMLEF1enXnwUWjrLOmgQPqhdEHFq + rNjPtv85P2vgFVEYPovaZ7Cv2Gfbqw48wI6L5uBoqcRtkMzJgUQOHpSZSpjF71HM + 2Qtnj3SOYeufGnipIQL+XQarQK9Q7FgcKhqlTFveSuBG1uNyhQRiAVpPiBWZsaQk + 98QrazESu1NAB3Q4Hp3oAa26adUrPz5wEF8mGY+EpZkBO+GeD9fAxFzxQxkaHGkh + rCFJ6fbGIdrhZil/03T85EbUSR+SoDeo7UB6Lyug2xq3XR5FPAYWAxyx3V//XoSO + zerEQpN/COVCMXs10GBxPLfZgPHkj7hXKJQxhIP7WaxWmV5M+5VjUHYge7obfW/S + XAERv41J599iu7hqiisdGmWOoPhPLD2rjztKoF8XizYbTFIRH2/5g/4OJU9+vYPq + 1Dh90GVvugJ025BFhb13HUuy+9yNP2c3A2uzi20ELjqfrzlFZ/yo6a+fQH8y + =tprY + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-20T19:03:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAAkqzpoQx7t/2mz+3IdpMQ2bpR6RMtR66e5Qw6x50iyx5I + viDVixTbe79ksRGQg/qBE2L4lNZ5m72+QcMwrv0SOylDEi0ne5U4OCwAsjM7vZl0 + gJzCFkIZkGwOWBkszdBHOE0uQfgRh38VMnXBcq7Ju+wJZYHoq63QPp81965dYHBB + P4GNGOI/XMMYs1KUGhk7MPQsY8fAbH34VaJ/E7k3ahMYYHQ0c/J+2OSKb15W61T5 + MQ/ry7iZPNiLR9dCMzKAYf+ImR9PBDyVMtANrcgFJzpFn1RSgKThMTBjmgGYAjJg + ESyjrhrbhWbvte1WeK6bgu/bebDXYm7DH/bt+N7oB2OUbsg5fQ94a0xXJeR0/3jH + fMhKWThdGga6+Bp2exoBduXVy/GFtlZ2BKYVUWOdSimbpK8EMjqWgja8dpzmdamc + VVQxNHhjPz4UV/SsedMBrK3E6Vx2F+jf0LYui7+ShLR2KuKievtHXbnNASCgZFfI + 1pSQXpWVDRRkhIHT0eL3nNaw8un23E40q+e+KJ42u8Os/TKHii/BsBotsfbMGo0X + d5lL494HAOjK9U/3JV9x+Vmvf2D9VNP37j66OqUqqmTre+XE4WtQcjMNonO4y7pS + e8D6D+7ILZFQRf87JKQmObLDBHCvHLGibjgiNxmF7fZIBeuWNo0YVY/j8CHGQjvS + XAHoTbOoqSgPvOS5751EHpj0eLtk39izLil1eNkH6hdj3I5j95pttH9daDslwDuB + Fyack3iGns7TDEqcmbxHOf9yklqsMkKtUMVA4mdhDQMnxe7KwmBeD764QP5D + =eTmd + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-20T19:03:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdA5BohdesewCWjbpIcOC262ZgqLAdYtqQcyJUND3GcKmUw + TqK7WKIfk8yGVuTF9cSQMqc8fURCt6Zfd+P1ITOh7Hs+QlbycxfLJZTS0Y+PE+sv + 0lwBdeZImzCIG8Z0y9fMRdcrEcZnjXykCP67o5QusyF1/xllkGdDPIUh1YHWq1ST + Jadqvwo6Z0toJLHbk2DY5Dz/eDi3BP1Oq0p9YxlB39rvRkaSIvA2Y3lba3bGPw== + =4c4A + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-20T19:03:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAl9xzEuj3J+553qb7AYJMh/gl6cg7kCOOmuslG8lf9QMw + FWSFlSIUIVrerNf8eYnORu+ERTjGN7a52sVM695bR0EQCHVMkLH7HoNiVPZIgxvs + 0lYB3ENG1NtUCaAf1LRbTJdz/rfmciczPWF+FCGWy+H8/d9dy0VMEyS0HFWYdb8h + wTP38dybO5KEPLQo7nibGaqx7uYQtRcR/i8PLe4NF3THEnCAf4kOaQ== + =cRSb + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-20T19:03:06Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+ARAA11KAP7tpUgq1qXT3+H8L3tcYt7vUlbN13UGYpIgcGDKs + 9TBBWB5sSult2CygmankqX9IKatm0jRhXYbGwI1kvBmyjF8dtBfvjFNAKUQ8oEUm + C4IanxjTceyT1KKnSsiVomCs7LCoc7ZM4wFQSCNthl6g969mJHQNVRtgTJf4ezKY + 6ZaPXrECxbnzf0TvPBVHZuDbjAVcIyzRkbkknuysAWMDEh2TChoiz1Rv8g/r6EV9 + 0z6Oyk2DLqc9mCj8hyWjezIi/nUFwRcokh2fWrW/GZ9weCEit9EULJ2nBZEsvuV9 + evDfFFAjmMFm255VB4T0brzp6XMbwW3sGNYJ1xcw1sFQmnZrp0l73XQD5gU/60MG + JvEQ8KmJrMSuqxN20g4S+Gl3iaRE5UvMxiPOdCpL7KDDs/cW1++iOdtklAt+8WAX + hBut0O3tgstddlsRpU/U4fY6IHWpOChSisWx/PlK6yJ8XMMl1D0Ho97gC+niktWa + Zwp0mzSk/dYIvzxPMdscjCaed3Cf6zQ1KNKnZIR8rw8OSd7JkEdDymk7Ihkbx1Oj + YO+7shxgj99mkVxwbA1GdgmXKnlz5PURTMW7T28562SqqcOSXY371k0BKXfObm6P + x2eD0StUa/m0jpi13KnNrO2wYx2MLCeMYrCsu396Td8Bk1m1iEam9QBU5ssInQPS + XAFWSMzR1Efn6iXwXbnPmnHzRgfevYWCDqwzqwoy6j1D4/1QLwB314wEk4jf/jvW + r5J4LwPDJRiupClobgruW7qMaz5Rkn8853F78oafkmaQ+D5GATEDddlusBNX + =XooS + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/inventories/chaosknoten/host_vars/zammad.yaml b/inventories/chaosknoten/host_vars/zammad.yaml index 88ad99c..65ea352 100644 --- a/inventories/chaosknoten/host_vars/zammad.yaml +++ b/inventories/chaosknoten/host_vars/zammad.yaml @@ -1,4 +1,5 @@ -docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/zammad/docker_compose/compose.yaml.j2') }}" +docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/zammad/docker_compose/compose.yaml') }}" +docker_compose__env_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/zammad/docker_compose/.env.j2') }}" docker_compose__configuration_files: [ ] certbot__version_spec: "" diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml index cae283d..1f1445c 100644 --- a/inventories/chaosknoten/hosts.yaml +++ b/inventories/chaosknoten/hosts.yaml @@ -10,10 +10,6 @@ all: ansible_host: cloud-intern.hamburg.ccc.de ansible_user: chaos ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de - eh22-netbox: - ansible_host: eh22-netbox-intern.hamburg.ccc.de - ansible_user: chaos - ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de eh22-wiki: ansible_host: eh22-wiki-intern.hamburg.ccc.de ansible_user: chaos @@ -63,6 +59,18 @@ all: ansible_host: zammad-intern.hamburg.ccc.de ansible_user: chaos ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de + ntfy: + ansible_host: ntfy-intern.hamburg.ccc.de + ansible_user: chaos + ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de + sunders: + ansible_host: sunders-intern.hamburg.ccc.de + ansible_user: chaos + ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de + renovate: + ansible_host: renovate-intern.hamburg.ccc.de + ansible_user: chaos + ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de hypervisors: hosts: chaosknoten: @@ -70,7 +78,6 @@ base_config_hosts: hosts: ccchoir: cloud: - eh22-netbox: eh22-wiki: grafana: keycloak: @@ -84,6 +91,9 @@ base_config_hosts: tickets: wiki: zammad: + ntfy: + sunders: + renovate: docker_compose_hosts: hosts: ccchoir: @@ -95,13 +105,13 @@ docker_compose_hosts: pad: pretalx: zammad: + ntfy: nextcloud_hosts: hosts: cloud: nginx_hosts: hosts: ccchoir: - eh22-netbox: eh22-wiki: grafana: tickets: @@ -115,13 +125,13 @@ nginx_hosts: public-reverse-proxy: wiki: zammad: + ntfy: public_reverse_proxy_hosts: hosts: public-reverse-proxy: certbot_hosts: hosts: ccchoir: - eh22-netbox: eh22-wiki: grafana: tickets: @@ -134,10 +144,10 @@ certbot_hosts: pretalx: wiki: zammad: + ntfy: prometheus_node_exporter_hosts: hosts: ccchoir: - eh22-netbox: eh22-wiki: tickets: keycloak: @@ -150,7 +160,6 @@ prometheus_node_exporter_hosts: infrastructure_authorized_keys_hosts: hosts: ccchoir: - eh22-netbox: eh22-wiki: grafana: tickets: @@ -163,11 +172,45 @@ infrastructure_authorized_keys_hosts: public-reverse-proxy: wiki: zammad: + ntfy: + sunders: + renovate: wiki_hosts: hosts: eh22-wiki: wiki: netbox_hosts: hosts: - eh22-netbox: netbox: +proxmox_vm_template_hosts: + hosts: + chaosknoten: +alloy_hosts: + hosts: + grafana: + ntfy: +ansible_pull_hosts: + hosts: + netbox: + cloud: + eh22-wiki: + grafana: + onlyoffice: + pretalx: + sunders: + renovate: + wiki: + ccchoir: + tickets: + keycloak: + lists: + mumble: + pad: + public-reverse-proxy: + zammad: + ntfy: +msmtp_hosts: + hosts: +renovate_hosts: + hosts: + renovate: diff --git a/inventories/z9/host_vars/dooris.sops.yaml b/inventories/z9/host_vars/dooris.sops.yaml new file mode 100644 index 0000000..a83a288 --- /dev/null +++ b/inventories/z9/host_vars/dooris.sops.yaml @@ -0,0 +1,201 @@ +secret__dooris_client_secret: ENC[AES256_GCM,data:v85gIBNH4s4j36crJ+Pb2lu2cdZpwz0xndHzBKZNGKg=,iv:Rlt6R7JMcHTAAVPiTtFaxqsWD8G5B9Ab3yqItYdFR+E=,tag:dlMHaxTMx3LgOzCsTLUdzw==,type:str] +secret__dooris_ccujack_password: ENC[AES256_GCM,data:bHeftSA7eC1cSydBRumksRgw2v0=,iv:X/pfsvQPZREifGjHDGx8mVk2TDrlrRVb6MiAr01wI9o=,tag:ti//x7eDbheMG6Hsn2KBlg==,type:str] +sops: + lastmodified: "2025-05-29T13:28:08Z" + mac: ENC[AES256_GCM,data:SkqMlgJBdM+CMLE/um7m8V0ni04Xi3S9GovNsADrws6VbSWTX+50oc6HtWl+Kj2XugLfp2XpVnlzggCiq3fePsdt1af2+ZfSCue1d+dexjo5Q/gvE/olKlmn6aj5qiosUsLgu7v2bCOIb9m9WiEhlQLKx1wGiqVNQDabiLOJV6E=,iv:NUUOcXtbg+xMHqthipKpRAWLTXda8rup4aCbbP8sVEg=,tag:wyh+hrZreOyT7uQQrghb7w==,type:str] + pgp: + - created_at: "2025-10-13T20:10:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ/+P4Y/6oXngawMZSyE8nrizlGEOL+SD1Uc8A0+pqmB5RF8 + RLbDvAMmicGGK3dAj6WaoCEl3F8oP4VvWc6pQC9xaRsaJRH1hstajavI46xv3GCF + ILhitEd6HbDMrVB7QlzRRUwdpJN9/+PSORRK8PejiH22+vIWnMqiYVM5fjoJD8KO + rPZjYnu3b+uV0I1gCQmp11+dBk4sizxr0w0bDNGJ3hMzg/DMOqmJUK1atXg9ooBJ + XwYlVFHj60TS/3so20EG56mYEYyNyds7yY9N1mA1S0SyWoIXtJbEYYriW0y7FOPd + f8kuLp670IJotOglJThq3BP0ch6LxL1DpV4E4dhsxwq4zbujR4H4e4Fl15kNj3Ca + vtCo29yd8at4Hmct+sNyFuX/zGYLZXrl0mKnQq1K22Ot6x0tdQI0kSijg0moUpPp + d/hx6jeSw2TFIhwm2KhnNWOsFSbmREJ0L/rJ2yhunV4UTHfjqq3eKFI30wnC4On7 + qM1u61sEJcULx8Df9yqnRa+PUnltlNuswFBJw5jZ94H2k0CWXAjtfDGO/aVjD7QW + bGngJdxu8+zNhCEyO1QxQQqjY/dFSxwzRlv/jRpD4ragM6AgWgRehqrVwut9yMjx + zf/hq4XeQueVntCZ5UqgusT9zcwZU7cGr4Hl+EeMftNyZ7VzIUfRZ7pv/pBSnwrS + XgHjRqAMR/c+BGmsRUqE7xmwL3YlPCVTXvHg4C2JSruiuYOzeSnKGy2JB4Yq/+wM + auoFgVhOuuwZCerXiTNc/Rj6KF8MmHtpqu3c/NCY2rYsaN3tl6jvm65YDy6ji+4= + =4+eJ + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-13T20:10:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//UYavx7nbBECdEhDefYN1Pk1ydInIBa6MWCA7GGNoVX8P + N/KDvuBwJGSONY9x0/tpoBRYuLdefDIkfnHXAMHCKPDjyTuFHM7WiqJRNUaChnMH + j73ecjWB8kImCNA+OsDwSYzs06t3BOuYPauH0Vaba1jYN5sKx0SeFdQJRZBTPZkO + HVR1DVGvSK1jd8d9synPJ8ltvxo6S+JYM7dOHoVI8i0Shzrn+HFg32s7ZDLbIbau + F7D4BjzTzdDX8FvT0NJO+Yqhk6pdc8586o9bO5wzfTTqsEEwTaXRrImMa3K1pQu6 + 6G/6F946bW70ie0HmNrzt6gUnyCWWM8Oc8gtyNG2+wVyz2Zh5ttCgFkvHF0sIyiS + AV4JNGVs++RZUmEfxkr4ZfMCQjYToG8RFTQQQ8WUDm/t1OJIEo7lnupLuvWadvwO + XBatyEfUNqncY3pFUtEcjWYTafZi+FQteBNUv4c4JNRtG3efFhzvxJNXBfqVXIKe + 7Uke0KkhG+HOIBQvWc/7JGSA8vtmIuGCOD1aDaHfwFxVEYyBnu/m3H4yt4rOaUsd + 61/XY48drYrEVXyv+4xxV7BG+HaX5boKgI2i+iqZdhdf2Bbbp/PA4woUVQMp4pLP + 5c8vidwGtZwS1dhOPoUXuYElkMgFUV+kPfQxTwT9RMsB1uYcsL+2e0TcOUQNbM7S + XgFbt3ySJ32ovWkpu2OqctN1xBtQ3J3FeQhT71Z2mPmnauYUGQwtTPUQVidpJDI5 + KhOwgDYO/ZXxQ6P3faG79gz5cGiKUcbargOISgQrm+gSurxYdg3YCZase8+CwwI= + =cBUH + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-13T20:10:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJARAAqo/EQcO7Bxq5ahIqJJKfUWl1fUYqbXDJKUsr7peoHGQd + dHex1kkerSC1HTi1Ua9uLdz61nZkC0gLG9jl5Jfa8hBIHpsygMWdFM8TkbR/rZQQ + 4f+HuiN6ZGmKankMnuSs8nCdqkQFTiMVItBGxGQ3P6cfkZvaxQ0M7U7OVZ1H/rGt + qkvu6IdcMLfuXnfEyI02bH6nhA5cqcuVdXiA7H+av/AgZxHy6RJCbrAhihNiw5zh + HWzYD0vt9o4U/5iOpdpE+0gMdj9N41bWsXcDvmhd74HmXdI4mKwb94MB+CTIddaj + UXTfHeJABVtUSEuq9jnRW5kUKcJl9kZlFbcy0as5tizzQ+g3M9ukglziQU7hm6zJ + EIPOke5GOu74r5V2wg6Dip55Qe2AQaY7fkQz2m1dDmb2dvakaDzdZ1/KYuIQ1Bd1 + PM70wPsliUsO/UAxvmgtGvEDdZvHBX6C5Ib70DkHB8A0zm43/ZIvB7l3mVPoX6TW + ZZyH6hTHvF8NcX0XA2sOaP054GGpBzVBqG3I6NndbOeHVq59rN17c6aSNGE58wq5 + G2M4F2nX1fGILxXeGUJVahaib7ZI6DIr8u6BwFGMLr+Td/fUxMD2qdar892NzeCm + 8gC2v8kwjk0cQp1hv8bn2Vf4TjwR7V5++/qYeXzOd8cQHE55oYZa9GrJ1SLKGAbS + XgE83PddEBkjuaJLjOloXr1M+rykoPlQ1+UtK5XVW+Kp6EC8JcXRJ35XiZ15ScIj + nLZpmjD7FbSr4BthLf370LaClX+iQIfPSaDd0DhPx0cbOzsK4vIsNX8BeoIPa24= + =dRX2 + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-13T20:10:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1AQ/9HwAW1OlLo2jy47Z+KdRPMMx4EhcYGJKgwxnL0/pzDRod + TDwSgfas+MsDhx0fx+drC8O+mzw79xGmHQWAEHhZ6EpZlHQRsE3Sn/8nCam0jQ7l + LeKCyh5MK3n3K0MPzgis2DxR/Y1LOaBnIyL693MCHy5xdB+kIO4kFipWtGlzbUYQ + /SUUhLXBJv+GzZuEtErgvhViW5cy3xoKoPRzeu6+3tj8rqye2h+GuMl2c171uh5G + jkGZ8RzYK6R50gwPT7J0yVAEvUbilSNi0W4k+cBg14WRFC8CnMtGngV0PsZxbD3+ + nk0FgTeUq/MAPos6blXzny5xKfQ88/eqX9UVB3VW2X2Gqrrd2WA1zGYwJqxcCqS7 + on+VBjsc+uObCJXTyYH5hyJUtoD0Ed+GxvSoGDiwcmhs+6mvVb3sANTLYCXo4J75 + xN03s4UMlgrzyXNhqL12zlshth6EKD5q4SjQI28fOWgsgOlpcDY+QI8dBMDOPm3H + mbd09lbvquSdGTEGkCLOGOAg72Ph/jWf65+yYnC7hPCaRxI9K/bfbVU8HQ+rJgsC + D7ckDKMcTu7uYhFnzEsUqTe0aNS6puuKK+r3XDi+JM3bG7R4AjsYUstj8AD0tOY1 + aEaxnroF18Cr4BrguFjgd8h8waK6DfxAiG53a72v/mNkcXtKOrm7zImpSPEzQG/S + XgEzCBftKE23Xjg9mzl59muw6+L8JMDUAFWmB7npL5DTqGpz31cpVc6gihlrSiMO + HXVCUm/pQAJVCdXTqxsjkQmv9hQQhX0wIK7WVxzqAM5R/YzBP/sGgUeGhuSfJkg= + =AR6z + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-13T20:10:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdAG+nf0X9XiYVa6T7YWuwocUM2FKyC5ZzkBepUimI3G3Aw + LJ0I40vOoEfRoa/q1lEDuizyA4l9RG8EVwi+c6yAT1OuyqI8QcRCwjrzvQoCKTDc + 0l4BwS5IX4l0/BvSP9F6A98s7HjWwNRInLQNhgOTHgMppnjJIDls9QnKjlnwKReN + 1DwniCgRWCB4UQrP9O4kla74RItxaqJMAjo5Bjwpyi9UsyHppp+hOMLWamMhqT/J + =BL/2 + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-13T20:10:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fARAAodfqlZG5jgwmQrY55giGV+U+UX7xHSzXhBqZXcj+mMwY + mF656+UizvKgyDQu1IkFJA1Xdqmq59qPwOSDWUpPCxNXUvnWnoQ2klZVLUFcPKd3 + N9851Kd3q7BBcTDqIJvDZaHNnThyc8/x2Z4X6gG0+F6xs2CGsvtgw2CUmlf9y9da + QYVcEZVl86Th6d0GXXM7VtzVxv7NFb9HhGU7XlvP1sF59d7BqST9pl0CMHfevkAa + LmTGlr0wLZtOAvbFIHXdI8j5nPSzEJorBlme0q+8fGFOED3tUstvJ2XPgdqKcsGq + PFZ9hALTTraatZchDhBKusOaEeb/YQ26W/OmU04JVG6CEFjqdsuwee5SubTswYV0 + FNYdivJdVyLiJiRkcWyjOZdbJ845EApPUYap46RHxHDv4p4MionH/v4FsXRrX7KX + Gcp2LEuv5uhJfYsJ0XmiNXyU55YGsRsNbqM7mIR+gmBOA6Cv6/+HiiYaDAPmvv/3 + ZG/AsHfBgxpVSJ3oTB+sNeiC570kdZRDTtNcwcDeozpQiZGKktcrYQzzltvYhE0o + /KdtXScTs/wDOIsfFm2SPj02gFFvpn44SEOu++EAFGEapv0cl7y1vprhMXewW7Fw + H9YW+P/BvjbhI1p8GHY86nBP6UG76uTlb4Dn3GGkTwhTS0ax3iKFJleHGAiskOTS + XgEhbRzzb33cM1LbxMaOM5ap4YowPuymr5EPqF3ZZ+3FrX8gj0OabzpjBGF+aV8o + 6o/fFbMSOTUb+++jmejtnvpl7BsyIDHuAjEmPEswLjYr1P4pI3Cdg70MEZCb2H8= + =FKsS + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-13T20:10:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoARAAsGw0iqjlsDVLy20bFGiyXP4urrmxEys6x4+1/d0zEpuj + mnjkM7MCht4O0i15Qc2OZNFOExwNzAYq1KDeO05MaNW0A8UCi0GmoVTK9RsTy5OA + poUWQAr1pGJ5mCrrGJRCOBdXqxmEskW5HW/43r7TL9X6EnSRyjJNPWjn0/6IGG9Y + OWHBnMWevhWr4Vdj/LSQhgm/3TuSSd+cBN94QjtRsNcscTsGgZ6I9FZIBwSu8QMg + 2R6LZlLpck/Kq6a4k3Yqm3yqh/bCxkHyy4pp0JHmZJs7BMhkmyM+h5riclHN5bjh + cafMw4HmOm2gNprYmWHBkftd+9iDDfjkL0azNs5EZ5A4QFwsFayqGmr+c2bazifb + KmNO7XoABubnlhe8LuI6d//hiMJB7iKeKh3NiAeRv3PeCVo3F0DMXkphtF/POMfY + LiEenCgpuV+S8Yld0hFxxh84abMKyZqasSE7IoU6I++Ti0OsK5ZfEUAdlE2Mx33e + KC6QPA5/eo3i3gvOb3nh5XBys6lInN5Cm/J0RhuahZH2L5R0UEj09at9XmdNck3u + TnW8vSf66p3FYDuEyjNOq5WMwA1rVnuHHIx6cjBl0T2COhRFHk130qfAv5Flzyoo + HkSeUfoM6Rt1Gh7+fLP/BvDG4Jc3PbLVTulAlO7+k300oHrBjXOSkpqO8IM0CATS + XgEAomlCqti55GbMR+lKgxVDJ4kXeFEUg7CCptesHkux3eDFcxmL7XbgIrlJvh1a + DYMDeIK/okQhe/W3mMcF68+xm/Yit6I24KODBxagTCe7ArBy9N67Tg2Wzz//Q/k= + =uZ8i + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-13T20:10:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqARAAvL/LzRFhGCXA6G+5aW6fSnR0dPynX5eM5BigDBa8VYAM + x5hbt4GOblXrRVS80YRC+rppuzc+UemzlX6aZVbgWtgARpAJNAh029ZdSJNwhFfB + LGyUxvErTkyJZPTHC7hd1B0kdegPr+ZZOvf/oZVYJ8NRlKAIBk+ahmrz+xpjDI/W + Cy27gShHmNBiuSF0nS50RzE1KBW743ERYmW3qVetWgyQuqHh4h7W1y+YkxgzSDFE + qgQr4t9g7+saq2zTZVq/TmDRH266mGtjOWFxw/R17gR6WRykU8qqPl42NqsvH/mV + 0kDZKZ9YTkDJB5C+vr8AbpexHxYzxYcBudgVTnlrB60QCV0x+bWl8xpgtCZ/Gpxm + 7A52rnA1ZFZi5uj3UQQUA/UyRRLTMdu0w+KkVCxj95OdgG9Ul4D8ex368E1N2JnO + eu2yF1a5atswxKq08RSFiL9ft82PQuh7ZdjA57byOjknb+21gcjoIGp2VYFqxSko + bLQ9uw3oMJu+AWYHZUiA71zeigrEz/pW49BRL4KGTq7Ik6nzduiD06/Td0B+4XEo + xUhsPLnYLlQ5F1IvFPq2FRl3+ZPPR+qdaBR2CCbLoAjSusvAg3z6pQ1D+FkYz2aw + 64W9lYBDrn9hd9sXbVpoNMV8rqEv/lrREueYdZ6doiQn8WVDcfwbq7t9+Y3lawbS + XgEmGkxkpyiVRtjDCSFJpRCA8jRdOQH3+DTzb+LPCrKOs+ibKztXXO2wz8nMENMw + yBBednsNcPNcE/fDXXnRRJSEnsbnROmjnVPWa1VTsaVilGW0dVLCPwtMDpqIQEM= + =68Sf + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-13T20:10:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdAyB6EqNKBRibDLjoNJQa0j+H+b3o9kHcqsSyuFIp9ClUw + Wq6E+kPd17DtWt2PstpcmYGfnMl3LnnKvpReObUNQeFHgCG/jMLVCQtqdWcu5YG2 + 0l4BYZMZ0h70SKMX8GD5TcqPmiO9nM19beb3EuGHvAnUHoLryQd82DhTPLQPhJ9Z + o9s7V6B+QH2wlKURcINADZv27EpU1BGQX8hXqdT9vF+JKBuNMv4Y0+svkCB1zJsD + =UPAZ + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-13T20:10:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAyghr3s7Dt4ZC3zZ5J6JQQb/39WeKOiigIMItG0XMwREw + oTRbAgrSD/CWSGTgoMJySH2b7yeJ+bD2nvXHgNwvPS0QaJ199pjUZhxzzOIccwok + 0lgB1/nSHdDSfiO+VzbNdhK+dHgnC77dVbkmjYwfCsDgh0j4I0IiExX6cLixA7n4 + FOvQJmdM5NYOTouAwa0CAIpDC1WkDTZ92jz7HUVuz/OJxQm5RgfDSqdI + =vhg2 + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-13T20:10:58Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ/+Pw+aOaC4FzDEBKFnInfbRJDkJZZcmdmtTYB4L6u71XyO + bQwqjyneXCKK6/qtFSY3P8dTNbXZ6q5H+pB4LDrk2czW25EOYWSlkxP93BR6lB3e + gqsTelVjpH8Qs1B6IG6P/5Yf++7hOu1qKo/fxnqjsCYpmqetwyrxImAR0kp4w/pC + kXtCi9BIpwE++HxvZIYB1oB1+fOWy0Byo8ugjCP+h/LKTjFNDrY8khPRt9uOY6L9 + LAyOFHagyMVxMs+cW2ihObO1ko4f6dIXZvmD99WbkCtK+vBsKX8DWQB7aChbKXFw + L0QnWn1G1Rvlj7uSCu1LVogdZuB6t0hbLFburPAURCRgHiZroDqdJWYQLiB16MK3 + kV8/oD1/PN2H+kZOmy38Wj0UiaFLTn7Q3ejOlahN+7OOhFxGHFw2QDikrh5+xmZv + CvHeThQeCDdDy1pErqTZ9nP68y7+LKpQ/gjyxrfPMJdW4n3kIqihk4yfxnQDHM+w + DwJeRc0tIwV/hdCobWf/hetGw1iguPWQLCc3R4J9INaonj3rXb5yG5HCK+KgqoQa + RUKUjx6hbCR/bMpgGveG8O2xTPezRlXipXrF8wZSp84+3EydO2018z6EZ5A2fKLI + F+34M07zg0sVRQhKJ1qryIsmG89NabH68r2JEEayMrHpisBKnBe3Q/n9hvX6ZDLS + XgFYAgB+TJkdhCZeiwcQ5SSlYpfVlg/a5DJ6MVc+OUfsoRNczCYwqRwpR9mlAJqo + QS0E4qhIIhM9kAtBECPqy0eUay07PauC0O1Abujq8DQeRdFwnYh04j6GSzeSnbE= + =f3En + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/inventories/z9/host_vars/dooris.yaml b/inventories/z9/host_vars/dooris.yaml new file mode 100644 index 0000000..5813e3a --- /dev/null +++ b/inventories/z9/host_vars/dooris.yaml @@ -0,0 +1,15 @@ +docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/dooris/docker_compose/compose.yaml.j2') }}" +docker_compose__configuration_files: [ ] + +certbot__version_spec: "" +certbot__acme_account_email_address: le-admin@hamburg.ccc.de +certbot__certificate_domains: + - "dooris.ccchh.net" +certbot__new_cert_commands: + - "systemctl reload nginx.service" +certbot__http_01_port: 80 + +nginx__version_spec: "" +nginx__configurations: + - name: dooris.ccchh.net + content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/dooris.ccchh.net.conf') }}" diff --git a/inventories/z9/host_vars/waybackproxy.yaml b/inventories/z9/host_vars/waybackproxy.yaml new file mode 100644 index 0000000..18540ee --- /dev/null +++ b/inventories/z9/host_vars/waybackproxy.yaml @@ -0,0 +1,7 @@ +docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/waybackproxy/docker_compose/compose.yaml.j2') }}" +docker_compose__configuration_files: [ ] + +nginx__version_spec: "" +nginx__configurations: + - name: waybackproxy.ccchh.net + content: "{{ lookup('ansible.builtin.file', 'resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf') }}" diff --git a/inventories/z9/host_vars/yate.sops.yaml b/inventories/z9/host_vars/yate.sops.yaml new file mode 100644 index 0000000..19853bd --- /dev/null +++ b/inventories/z9/host_vars/yate.sops.yaml @@ -0,0 +1,210 @@ +#ENC[AES256_GCM,data:Oc2DdKVMymwkIHbS84TeTQY=,iv:UMhNafqQrHaF5iqFSev6D1uqHPFpKQTkOpYV6JncjsU=,tag:mAmBMyGdzER3hkSkV2Fjtw==,type:comment] +secret__yate__sip_trunk_epvpn: ENC[AES256_GCM,data:BkdNaCooUjsDlCXJ,iv:saO4IGsz1HAinvW5ZGAMA4WEtBbo+UNdfBkr0g29uag=,tag:t8RM0GNYhl1w/RMNO8wKbQ==,type:str] +secret__yate__sip_trunk_fonial: ENC[AES256_GCM,data:N18C3XZHIi1/IA==,iv:vs9dCYNRp+1ptxRajdUO5ODTOmNREJslF99xnFL92XM=,tag:IUmnlPeRI1WTRYELzZRk/w==,type:str] +secret__yate__sip_trunk_fux: ENC[AES256_GCM,data:zcVxNjyS3BE2dw==,iv:Prmy8nP1yeFrVI5mQaPJPKHGFCzuZp84f6fH04I9zJM=,tag:X15wqvaaifMU2/kcqLqUZQ==,type:str] +secret__yate__sip_extension_ewerkstatt: ENC[AES256_GCM,data:qbatVvfXZiUcpVnOJUpzYw==,iv:E/fCmKGrwYvQP1gGvwT0UrL0DZ/PcMwKG+NteiukB5M=,tag:PFmU0DX56+IbSQqMtY5NSQ==,type:str] +secret__yate__sip_extension_fritzbox_analog1: ENC[AES256_GCM,data:+ayQ6P4P34D5hTNOFv3HVA==,iv:UD71G07Z633mDmvnJVei9SKgHyM+JFXJdtOhyBhvKGY=,tag:0ISsYGQCIMMgToLWA09JwQ==,type:str] +secret__yate__sip_extension_fritzbox_analog2: ENC[AES256_GCM,data:DbFmTcZ8wW2fqstm09yUWw==,iv:jKUqtSXaGF/QpIwPJ6hKQWZvv9xtZeIQBiPHt2xm+3I=,tag:MkWzODFnWZc8o+pVLR3KJw==,type:str] +secret__yate__sip_extension_fritzbox_dect1: ENC[AES256_GCM,data:87MFTNA0DXmfhesT/M++ug==,iv:qDM8HWZhG9FADLFNPRJXkadN2jXD6/CfroDShNPzA+o=,tag:Ylf56nCczEdDaOGko5GrBw==,type:str] +secret__yate__sip_extension_fritzbox_dect2: ENC[AES256_GCM,data:KOUKexyzJqZPj1HKJxFl4Q==,iv:OCChQmSF1s8C/VYuw9D3hHA1CAoCnwC4adyTpWO5Iac=,tag:VFFuYi5Nd49ChU1Ki/nHiA==,type:str] +secret__yate__sip_extension_flausch: ENC[AES256_GCM,data:eIieA4A/ZmU8e7t20xwmCw==,iv:oDMgZIjQBDcwIVPK4/qIT1HyQKc+vImdr1iPZE1LEn4=,tag:RgS+enGC6DP6dwE8u30a6g==,type:str] +secret__yate__sip_extension_legacy: ENC[AES256_GCM,data:gC43eKUOAYU9dgNV1JQ+nw==,iv:xN7aad2NPaihlMT4Ym2xanpKU4eX04V0FS4m6XRgZFo=,tag:Oq0yBCSf+CB8Xkx4D4TH5w==,type:str] +sops: + lastmodified: "2025-08-02T07:43:00Z" + mac: ENC[AES256_GCM,data:Irv3y4/QbofyM5BvE4h/T6zNF3A6oTjDssMOcqmGxUOGpqL11Am1DMHBivkUgEYe4ir9N0kvPUmed1XOyDwImrl06E1mGAT6hOlfVSYKtZP0Pwvi4VVeeP6IAYN56zu8k4X8oIxv7AEfS3Fq94sJ52Fd3xDPPCG4aVtUXxxDuwQ=,iv:HdqbgUVR0lIysZnnPkOkW9gDp9G/EOrHDkwmQH6LVKQ=,tag:amVPLxjvx1Qtv+v27SGtGA==,type:str] + pgp: + - created_at: "2025-10-13T20:10:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxK/JaB2/SdtAQ/8DrVTO2xvkFg6N4Klvaii4KqEgm5h9Vdqb5RZWXIKXBsA + JyW3EANye3lI3/HKkEztbOTDZ/NuL+4pJR54+KUFq+C768cB+JEZmY9IFOXGN0mX + 0qPYzAbls1v0yDSwBHDXj5Yc59CT7XK8rYudJOVTZQbsf/xM3wfGh4oXmFBmyCkF + zcPyA/L28jmAeKrXIIi52V63/3ipCjAzh2RpfrGxISi5F14mANToHAp6KWsin1E7 + rj2wcq3F+UIf0b1iRlkTAwTA4C9Q8TpzZDEjKuO+Kw62m8wa+mgPDLkxbsUmJs5z + gM1HADpQrb6NtaPgXBTUL38+MPq0Uz6B18YJbSVydJbJ1HXFMpaPJCLE/5V+2+zA + 92XxhYu+fV7NaL9Lw652r4H8ZErZLvVDfdRkipeIh7+sQvBQUb6AmCSKZUo08CtK + HBEeuF6CG2h2jlisj4eRDjbB5ognoCT/kAxOYXN4Vwf+ycAKX7sK0odQ81FgOpsT + psjAkAJLE1l9d95bMSaO5uyMD/uKHbvlHJ/wk8X5AHabSI5Hy5zK3AKkJlgKO/hK + q50BkVaHHZFThAPRSzzBjRsjAJhuMi5sdNaG0Uu7S95+Y+hoX/2y7ZHmdMYcRY9O + XaeQcO+EDxF69GKfiK94yjJL2iGjoIX4b6LlCB1pMrgWulSGey2Z9xbZF6CYTVjS + XAH7OHW6r/Ru3Hat4XTFwDi5Gox7MrAsv3JZTL5r/CD7bRBZ84P7PRHWDFfDxgbJ + 6tAQRD2whP/3GG4XvVs35SJ5vkk0qEdXlvp14ghPfmphbDMN8JJK/efzyyn+ + =5kn6 + -----END PGP MESSAGE----- + fp: EF643F59E008414882232C78FFA8331EEB7D6B70 + - created_at: "2025-10-13T20:10:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6EyPtWBEI+2AQ//U1w+VzucTyOBNrttljmFoiF81Oh2180qVNwH+PIJZRsf + p9SKR5y/l/EOrQHC1KR1ld+M7fMnXxrDKhKhyvfC9I6w+XNWqHqqVNA7RYTWuSCI + c2AuEyWKWXpchQE2RK7hA5fdd47TmFfXmohSdw0/TJF4LfSG42Lz+Du1b3nyKXqL + leWXC/IP7gsGBmQwSFrecdoQ7HK60w06xiEJSD6XAY+RhuzGK3mOjw62eiBqb4MI + Tiptkmw/wCvsayJqIqAssVOJPprPzBl1i4hfr6SNFPS1GiPpaiCjkbQmqY2bu9pD + Jau8AyRn09UV5VJLmb3lOiWKlyO8VG91Q1R2xqGNp9jQtbrRBr3hVQwsdJC4WGV6 + n3VUKhhJ6AYaZHhcfmf+aYVSD/SfOxTWixAfv5UAVLtNqsVRS0qeCWC+lsd1W+U/ + hXORfrv/tipnnY65leWrePxhdpFoub78pMTpNbipwufZgMPifm54XzEfMTrF/oq3 + rzP8RdHs8+u0gEyn2ovIp1yKOI+b15DTVyt6C5YRLw+JeykcbtMRDDnAKxN2F8j5 + 5iY6Ord2Z2Eg+jBvrG212IroI7yGrXKfRLfCFYM2Lpd82PUx2sV9+xZH4lYJ8flc + oeA48lUGcoVhEEmWrwl7a5mrdST7HGOdZVBFJIr78Qo1FNMn7V53yGbAbLGv4KjS + XAEsOsXNdHVCaBWkm+rFJ/HrQ/6FS2l9jN7eO7SyMUZmceDCjgoI8LUSuZJ4qRI+ + DeD34OHX/nlaN+2iUNq2VSJgTNJVWBIlJndusXuzSKI9TTVVzSYYn8Y8sDpb + =zTis + -----END PGP MESSAGE----- + fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC + - created_at: "2025-10-13T20:10:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz5uSgHG2iMJAQ/9FYNXETmqENgmxKuHXohSN+WU0/wblJLwQss+d7AJnu1I + JpcglLu3K8w/ghd9I3BfrUDHrYyRaGZ8bsTbPM8/lxV51dWbQd17yYGYtxwamgV2 + EY5b32l4w6Kr+QclO5Z/lmNA5Co2WVLkE3tATO24cfuNcH9JS1paVijaAkNXb/8E + ii56vUYZessPXus8Hbgsy4bF2ot4Y+h4dNHJ0u2l8a0CwZ7pa1TvXqtm8xnt/stJ + lOtpXFyCXZEGvpNGJkJxEJHVo6WibdEhee+GQhGRsh98eZLPE2G8gmMKXpWJx4n4 + 83mEApQGrL4e+Bnxh9XDLs7FXyMtDEcsw4tps2VEQkPQ2PEOEOZXxJc8OxsV1aGA + CWqczWK90/tI+ZNu0y5fEs5jkWnc66Zvu/TkoUpgmZ3cWOewfLNYbbZ2k2/kLUX0 + JVnrNQ41KD1FDVuVHin7AfVjsdC4Pk3QOZQuxumtmhbAi2hpaBB+KJOYcpovs9Sc + 4A6l6ZXVbdgyy6PYqhgEI4A3RnsKoI7Id2t8Urm2kOMAqpqnOa3K+KfsglLyssbW + jNN9rbtDA3Nj0etGGtChE3sybt/G3kDhm8IGDPGlExS0lXuiN9WNBtzxzwgMchVH + PqpvYaHYwFZ34rTe7wy5681Ss04cFsKJs3NiUFAbmZn0gaFWqPEIewbo+PMVMDPS + XAFapF7QhyZwom2515O5m4QqxU63ZIoMRQKBjvsRwyTnJqXXVab81vAhX6iq7cqR + 2QKxuhNIKAvrLbllJi1a1pmKQxtpRBTzLJjplB+QBGgTQZQMpxQ+sbPL9GCc + =nbQL + -----END PGP MESSAGE----- + fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5 + - created_at: "2025-10-13T20:10:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw5vwmoEJHQ1ARAAxHv4uWEGtDZRrwsX9aiNS8NsQC/1ITIoY9walqGsvhpU + +s4yOo3yGDbjJIrkWDdg7+LAY2Os9acQTxy3589pyDSMUEo/0wKonYfrebBteXiw + wHyu7hXBTdorb3OMHqQxm2/aettqLDHk7H73Hnd/nrFggxpVlYzpShq3vYXCDEH+ + OhrwNzTtKWv5hrvO5L+RLBcKbJKbtGgLnu1ybrWsDGAf5np0NU0ogMQmHjMADjzq + jqvaChv/Pa++57NorJILIUAkb4DWI4m6WvtiAbGBxAad7m36s9kzNyLxjU36B04N + mQNrxF8+F81wuVpGXIEPDX1XxHAiDeQR6a8IOMvy5OhADqoobAFDh+cejzxPt7ml + lqzugaxMqFGWzesgeExwTCTaORr28jXOcLWo7gzZSBzgYkfe/7HASviWgDL3Y+jH + j0NL4hIZ87dCjY5A63qa56gWqWrUjn7CmjcROX57+Y8MNHYoSrGKnuVhetkZriRm + SPvjFox7HGLst7aALxbEyqXj6yQaWXi4moGHImXUA5yWKxTl3ZCC++wq88mBVglm + U3fX81XaZJXNnG7dtaZPk/om7MHA67zuy/FIXSSxVf7wyK+6cvtWoN2HPzleVXie + mK7OcFKmzax1ojgRNLmcbHQcdJoA4nK58AnQbZvRJDw7FQ3b9ainTBe2nmrc9FTS + XAG24SqSunZHTfNPha58wB9Tz8eQ/CmCfodNsClet5Nirj4ZAzm85YC8z4iLw9PN + DEXqWw/GUs6EYGE0QYuqIUiNMEnowcATsXXrTuSVlX/FudZ7nJBuLG5FqwJ2 + =dCvy + -----END PGP MESSAGE----- + fp: 87AB00D45D37C9E9167B5A5A333448678B60E505 + - created_at: "2025-10-13T20:10:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DerEtaFuTeewSAQdA/J3hvNw2zIKpSydLiXh7RKFHOCKcacZw0xTohfwHPCEw + INXjpmaKQTX1rE6qAEPpy7AAXuwrAID73QZFoOkj6j8fUexq6UIF9ov58MKy2bgo + 0lwBsNGWUkhHBUXXCOs6JfUR4KbVQwLYxWTteFgqDUF7TGvK4sFqjUyhN0MA7LSs + YNxuobepZ0RFxG+yMO4wZ468A6Re/DlM0hsUIDeC1uoLyhJZy+WipS+YQW6jAg== + =1evm + -----END PGP MESSAGE----- + fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912 + - created_at: "2025-10-13T20:10:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxjNhCKPP69fAQ//Ts4opuQ2hl82CNDoi0i53p6nXFLJQ2OuozZ0C/8MvqAD + rR8GeLKBBhCcFgMzvzKeQXr5kbPFOMtTFo5+zAMj7m5Dr/WIlCouVRX0xGVBcRgP + 5XtWaLJ66+5X4y5ynI9EfcDD6vgOoTOmu0vp9QYrzMuOzMWzLWdjWuClx4Zz7NCa + dXm3FXJPMl9BIwKlOxDeM7w7LYCbGhj8XivSfMdZFh/855rN9T+PeBPpsalVgw5v + 3PQiFPXLvAq+Dj+NW8UqVKE5GPfZQj5eFiwMgA4gnuYFxKW8haJebXiOP3dqT9EV + 2wRYQQXLhRKBt4Pdl6esZGDz1cw/FDW0G5+aEg295tV3VIYptyeVk+PF3ZZx1ymw + gC46HKXj3MZOhSXBXeHeFGbHoHRFEETHYXgki5zdJvrDh9DUvaXWmx62Luf8u/eV + ao7wXO8zzXFWNQM1C2/bFRlAj41pqMKESeSPrK+BTFTeaNTt/XNQYxBqllcVICA3 + jgvhrPgZaN0DzRs7+5RrDAe0yAc1Zrs8QC1Y81CikxG03PvBIyFXRAXz2BASN+Af + yzfwz1BwEd0sQxYKSKToK86JGD51edvYi7z5nETGBrQheJSU3MnqOO/yFdsZrvtb + HYk77eqHuif6ZzfHylUVHEoS+nyUjgsLeIfMDoQUdLcLAjn44wp0CXRHya5ZsZPS + XAHD2X1aq0vs7qHG3czvG7tRyFK6+aQ6PCWWCF7IiX4fagPMW2eD1li+uqdu1UPM + fanXEfibFnnpPMQG4j+W+r9plwUv1fTP295trXNzKcBldNqp1IJX75gz2MzC + =wsfS + -----END PGP MESSAGE----- + fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55 + - created_at: "2025-10-13T20:10:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1Hthzn+T1OoARAAtM6V34YykAdgHBatDCQOqclPueg6glMsUXqsWacnl1Ui + fOYdy5QWC4Slhr+W+x41svrKDAVncxaYrwpBddi+KYjqh5eWY9S6dxhc/8ni8+Sy + 1TwOB4jPt8U9txPxrRlvenHITXMHfbekjkYT6efK6ougO/Au9hXJOc56dGAoJZOP + KLUGUxES3r69e1FoE7JlFJ0NDVEzF5Ald8l1DqTQEBSvVTPGWTgig0K2BnFg77ip + AK/P42eQktooFH6YEeFmgQ4O0ti15xyEkbMJ/5hg46FI5K/GwjpsYgVsVo3gvrpe + Uw/z0f5Fkm6JJ1YHpycSu6OyK7OmFR3Bft8+57DL0NNadPBlt33oGq4P+r6xSkgZ + 5NSRW98hY8xhnduEPoe09DazeZXxeOY3kpMpSvsYYifAVLwMIAe3oA0USxn7mA3i + igHeyWwkdRDU290h31jkGgyULCXeCoQ8uajF+oknGYTDra4Qn0/pF7igdLEZQvlo + 7Dz+OTiZeECyeIQRuwAv2lQYonCbcTilZEI26RCXOnfIjB4a+nm/6IauovqeEv+4 + LtZQeVTEPhWDBAsTApPZz02WOiok/cYqa20gpBPb4UWLNTFzBRUZHbDsyVuEH3rT + Vgj/QkuVmB/yCje9cNnYZtMkA3L4iNDcLGAqyLzPtuZwleqP24Minu7tzZgipr3S + XAEMuzk/qLMCSCs6sSjP/vKK50y77x873GAfM75cZpSSkXXZPcTFgvmno2YbFDzh + 0/gxocKFefLkXhm4pbrnntAJnnLlnTh7W/tETA22VxbuxUxv2371n6qSwatw + =twII + -----END PGP MESSAGE----- + fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD + - created_at: "2025-10-13T20:10:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA46L6MuPqfJqAQ/+IURRSEmFhMSIu8rWrVCjkLH5C62eU+B+p0ve3QMJ8/RV + 3e85LT7q+VW+qr1EOUL+WSL6//jlhc0s6Un/yKOgxLbMmZayXbUS70+HjZq1pIFL + uxmVoBYw8vT8dPE4/u6quMTZQZpn2sncrhHaEek/ED+nAE37V6EHI3ubwiQPv0dB + hPFxm2h7qOJ0/QAyZh3M/kGZYRoZDvBWnMnV0cYKZkj4hWQyq27PjqG8grN7Nbc5 + H8tsF3XoWw0wymKKMKTI2g7/MLI5V3yRKHZNR6kiKc0srSLBSuoGoyElUeFW+MG8 + H1l5Rj7LEmTHXYLGj/zA65Fpw4tWwxM567YkQirdEnh2z/uxdX03aJLkU8qHYiGp + ekMxaR9/dqIt5TO1oT0zclue6IMd0jrZGJ70dovpUglfIk9/OHxTDJD1Qzf/qCoW + VefKWhBWhcWzlEHwfwiygilvaCgOVyYwFNeSoF+Y1teVl/qXx48VG3V2y6Z1VOfL + fncuHkbetyQ2BY2QWSJZNIG4mI+oZbp+YWWXJ4z31l3ng9ujt3eUqZB3KSy3hx+O + a/3l+4lKzNTYFvSNmVdubr37x5ygy+2nfk3g2ww0UOOwS6yiJqU2ZqA3OuTYwYu+ + iHApavjPMg9WBE4Td8BYFxi4VyaZ91GrrnL7I1ytZIhUpMGPh8m5PYdVtUug17XS + XAEZ/KriGSAbovs+3DtH22113/oJhqpp25MJl+tTu2HbL00nu10DoLbZXTQixLo8 + XrSN3EwXcJGpn5mgo7qYwVPL151VPdOoFp1g/pfmL5WeLY+avJb4WumMA80v + =0DR6 + -----END PGP MESSAGE----- + fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A + - created_at: "2025-10-13T20:10:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQrf1tCqiJxoSAQdA73jpbxIMcc3GEvix/5TNwqMO2CiLgN4BLuaxU8sFPSIw + /ssO0s5uEpT2V0U5whKQf+CXZRvLZKXJsjcQRXYDi47yAopdg4LNcgv6rPftp/mD + 0lwB9j89HaTDQ0wIPOiAqG9Pv8CHsKxC1XYvNz2hzIxhreoMh5W2Sr3f/5OHQWGl + 2Mi+CmcoIihoV6rp/RgePZIf+7i/zeYqGbdP36rTJr+X7y+beWxNKot6xCfHOg== + =et3H + -----END PGP MESSAGE----- + fp: B71138A6A8964A3C3B8899857B4F70C356765BAB + - created_at: "2025-10-13T20:10:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzAGzViGx4qcSAQdAcwtuk+qh7Bo86gmUU1P96RHBt3TgdhVfZV4aPUO1TGsw + oIZS+b/Tjynr+npZ392TFoS/JrT/j9A/FK4w8eZ+ICdVwplxGlhfTPlooSdywa6M + 0lYBY+QLBsmuRD5bb+p4zH/uX4qTO5MYNpGUvZBnLP3CHYMW8WBwFbBeqFJb3sKA + DOqjQhA0L8G1sI/tGrmyvziNifP8LkpxaBNUKnPScbMjE5F/7KX2Dw== + =8lLB + -----END PGP MESSAGE----- + fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD + - created_at: "2025-10-13T20:10:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA2pVdGTIrZI+AQ//QJytSLyuRPBrBrtirYU2ZTPR22S6FgqI8JUhP6dCdkUA + 8PrZzI2UNJ7mhvXXEq8/nMI2UkZHkr7IwBQuHj0CIqxkxTv3hOK9djGdpD3wtHX6 + 3C7jAEy4LKVUxeDIPv+CFREKNPtxxqbbqtRZHXrxh5+O7+iMS+tQyUb49883DSXc + spxOq25E3X37gAepqKQHSH0A1txpZtMcd87fE3hMJuKblMU/5hW/IiihqDbUyhEz + tYZpSMxUu4QgR5fhf7pIq12yLMM9F3Z4WMtFtU3uh27q//dpLiPfrgBJldTU5e34 + FprGNNyKaLgO2XpQl89x4UXdQ7vTtuH6fMbKJV0TzHdwQXEZyL+XJ4OKG784011e + w0xzuexHpMKrgFekbZ+WwK7otC9QZ5WvPSE6kpIYbh1a6SPESNAEG9BsDNAAYdrd + FWAj7YeO0PtAZkO05oQfq7k0PlAc9kaeJ89K0MtB94QGBdrRcowERJG1cDiND7HY + tlAEHZhizSw45cunI8ICDwNfiO0CPeShVcKh4qzbfKvOaDYZj9bzBCMPF+XgI6w8 + THk3ZwvEIaf7gIEQFUnc3C1JGHwYDBrcCl/cUJ18DxvxjyjWDDR2iXT/86A7foVt + hwmpxuQOSTKujGJtTyIu8n+/lbVbpDo2OLJ28h2TGcXnxD83OigH4cHtpL+7WfbS + XAHuYliyndjEFBvrpEEBkPyIYo8dH3ip6205hAN/wp7cQ7MNjqppGEYN9nrwHxtH + o+leEHXmIDdmvbC5iDbplKISDr0EHtCfxFt1N0IpYQhlwygAv7JWEUpBLGNV + =/LEP + -----END PGP MESSAGE----- + fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/inventories/z9/host_vars/yate.yaml b/inventories/z9/host_vars/yate.yaml new file mode 100644 index 0000000..d2dc518 --- /dev/null +++ b/inventories/z9/host_vars/yate.yaml @@ -0,0 +1,9 @@ +docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/compose.yaml.j2') }}" +docker_compose__configuration_files: + - name: accfile.conf + content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/accfile.conf.j2') }}" + - name: regexroute.conf + content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/regexroute.conf.j2') }}" + - name: regfile.conf + content: "{{ lookup('ansible.builtin.template', 'resources/z9/yate/docker_compose/regfile.conf.j2') }}" +docker_compose__restart_cmd: "exec yate sh -c 'kill -1 1'" diff --git a/inventories/z9/hosts.yaml b/inventories/z9/hosts.yaml index 0dde922..9d5bb09 100644 --- a/inventories/z9/hosts.yaml +++ b/inventories/z9/hosts.yaml @@ -1,21 +1,53 @@ all: hosts: - light: - ansible_host: light.z9.ccchh.net - ansible_user: chaos authoritative-dns: ansible_host: authoritative-dns.z9.ccchh.net ansible_user: chaos -nginx_hosts: - hosts: + dooris: + ansible_host: 10.31.208.201 + ansible_user: chaos light: -ola_hosts: + ansible_host: light.z9.ccchh.net + ansible_user: chaos + thinkcccore0: + ansible_host: thinkcccore0.z9.ccchh.net + waybackproxy: + ansible_host: waybackproxy.ccchh.net + ansible_user: chaos + yate: + ansible_host: yate.ccchh.net + ansible_user: chaos +certbot_hosts: hosts: - light: + dooris: +docker_compose_hosts: + hosts: + dooris: + waybackproxy: + yate: foobazdmx_hosts: hosts: light: +hypervisors: + hosts: + thinkcccore0: infrastructure_authorized_keys_hosts: hosts: + dooris: light: authoritative-dns: + waybackproxy: + yate: +nginx_hosts: + hosts: + dooris: + light: + waybackproxy: +ola_hosts: + hosts: + light: +proxmox_vm_template_hosts: + hosts: + thinkcccore0: +ansible_pull_hosts: + hosts: diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml index d7dcdac..d7bacac 100644 --- a/playbooks/deploy.yaml +++ b/playbooks/deploy.yaml @@ -70,5 +70,28 @@ - "o=Docker,n=${distro_codename}" - "o=nginx,n=${distro_codename}" +- name: Ensure Alloy is installed and Setup on alloy_hosts + hosts: alloy_hosts + become: true + tasks: + - name: Setup Alloy + ansible.builtin.include_role: + name: grafana.grafana.alloy + +- name: Ensure ansible_pull deployment on ansible_pull_hosts + hosts: ansible_pull_hosts + roles: + - ansible_pull + +- name: Ensure msmtp is setup on msmtp_hosts + hosts: msmtp_hosts + roles: + - msmtp + +- name: Ensure Renovate is setup on renovate_hosts + hosts: renovate_hosts + roles: + - renovate + - name: Run ensure_eh22_styleguide_dir Playbook ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml diff --git a/playbooks/deploy_hypervisor.yaml b/playbooks/deploy_hypervisor.yaml new file mode 100644 index 0000000..4d3200f --- /dev/null +++ b/playbooks/deploy_hypervisor.yaml @@ -0,0 +1,61 @@ +- name: Ensure the VM template generation is set up + hosts: proxmox_vm_template_hosts + tasks: + - name: Ensure dependencies are present + ansible.builtin.apt: + name: + - git + - libguestfs-tools + become: true + + - name: Ensure /usr/local/{lib,sbin} exist + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: root + group: root + mode: "0755" + become: true + loop: + - "/usr/local/lib/" + - "/usr/local/sbin/" + + - name: Ensure the pve-template-vm repo is present + ansible.builtin.git: + repo: https://git.hamburg.ccc.de/CCCHH/pve-template-vm.git + dest: /usr/local/lib/pve-template-vm + version: main + force: true + depth: 1 + single_branch: true + track_submodules: true + become: true + + # /usr/local/sbin as the script uses qm, which is also found in /usr/sbin. + - name: Ensure symlink to build-proxmox-template exists in /usr/local/sbin + ansible.builtin.file: + src: /usr/local/lib/pve-template-vm/build-proxmox-template + dest: /usr/local/sbin/build-proxmox-template + state: link + owner: root + group: root + mode: '0755' + become: true + + # This sets up a cron job running /usr/local/sbin/build-proxmox-template using the env vars defined in hypervisor__template_vm_config. + - name: Ensure cron job is present for building a fresh VM template every week on Friday 04:00 + ansible.builtin.cron: + name: "ansible build proxmox template" + cron_file: ansible_build_proxmox_template + minute: 0 + hour: 4 + weekday: 5 + user: root + job: "{% if hypervisor__template_vm_config is defined and hypervisor__template_vm_config | length > 0 %}\ + /usr/bin/env \ + {% for item in hypervisor__template_vm_config | default([]) %}\ + {{ item.name }}=\"{{ item.value }}\" \ + {% endfor %}\ + {% endif %}\ + /usr/local/sbin/build-proxmox-template" + become: true diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..f72babb --- /dev/null +++ b/renovate.json @@ -0,0 +1,38 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended", // Included in config:best-practices anyway, but added for clarity. + "config:best-practices", + ":ignoreUnstable", + ":disableRateLimiting", + ":rebaseStalePrs", + ":label(renovate)", + "group:allDigest" + ], + "semanticCommits": "disabled", + "packageRules": [ + // Create a package rule for grouping all stable non-major dependency updates together. + // A combination of/inspired by: + // https://docs.renovatebot.com/presets-group/#groupallnonmajor + // https://docs.renovatebot.com/presets-default/#automergestablenonmajor + { + "groupName": "all stable non-major dependencies", + "groupSlug": "all-stable-minor-patch", + "matchCurrentVersion": "!/^0/", + "matchUpdateTypes": [ + "minor", + "patch" + ] + }, + { + "matchDatasources": ["docker"], + "matchPackageNames": ["docker.io/pretix/standalone"], + "versioning": "regex:^(?\\d+\\.\\d+)(?:\\.(?\\d+))$" + } + ], + "docker-compose": { + "managerFilePatterns": [ + "/(^|/)(?:docker-)?compose[^/]*\\.ya?ml.j2$/" + ] + } +} diff --git a/requirements.yml b/requirements.yml index d5ebdfc..e5538cc 100644 --- a/requirements.yml +++ b/requirements.yml @@ -3,3 +3,6 @@ collections: - name: debops.debops version: ">=3.1.0" source: https://galaxy.ansible.com + - name: community.sops + version: ">=2.2.4" + source: https://galaxy.ansible.com diff --git a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 index e4ab5b6..4c9d491 100644 --- a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 @@ -3,11 +3,11 @@ services: database: - image: docker.io/library/mariadb:11 + image: docker.io/library/mariadb:11@sha256:ae6119716edac6998ae85508431b3d2e666530ddf4e94c61a10710caec9b0f71 environment: - "MARIADB_DATABASE=wordpress" - - "MARIADB_ROOT_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_ROOT_PASSWORD", create=false, missing="error") }}" - - "MARIADB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}" + - "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}" + - "MARIADB_PASSWORD={{ secret__wordpress_db_password }}" - "MARIADB_USER=wordpress" - "MARIADB_AUTO_UPGRADE=yes" volumes: @@ -17,13 +17,13 @@ services: restart: unless-stopped app: - image: docker.io/library/wordpress:6-php8.1 + image: docker.io/library/wordpress:6-php8.1@sha256:d93a391bc1ba9d2db3e53c8c8421a88d6beadb7b654235ba83ccf9ea93ecdcd5 environment: - "WORDPRESS_DB_HOST=database" - "WORDPRESS_DB_NAME=wordpress" - "WORDPRESS_DB_USER=wordpress" - "WORDPRESS_TABLE_PREFIX=wp_" - - "WORDPRESS_DB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}" + - "WORDPRESS_DB_PASSWORD={{ secret__wordpress_db_password }}" volumes: - wordpress:/var/www/html/wp-content ports: diff --git a/resources/chaosknoten/cloud/nextcloud/config.php.j2 b/resources/chaosknoten/cloud/nextcloud/config.php.j2 deleted file mode 100644 index 718bcb8..0000000 --- a/resources/chaosknoten/cloud/nextcloud/config.php.j2 +++ /dev/null @@ -1,98 +0,0 @@ - '\\OC\\Memcache\\APCu', - 'apps_paths' => - array ( - 0 => - array ( - 'path' => '/var/www/html/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => - array ( - 'path' => '/var/www/html/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), - 'instanceid' => 'oc9uqhr7buka', - 'passwordsalt' => 'SK2vmQeTEHrkkwx9K+hC1WX33lPJDs', - 'secret' => '3dBt5THD2ehg0yWdVDAvMmsY8yLtrfk/gE560lkMqYqgh6lu', - 'trusted_domains' => - array ( - 0 => 'cloud.hamburg.ccc.de', - ), - 'datadirectory' => '/var/www/html/data', - 'dbtype' => 'mysql', - 'version' => '25.0.9.2', - 'overwrite.cli.url' => 'https://cloud.hamburg.ccc.de', - 'dbname' => 'nextcloud', - 'dbhost' => 'database', - 'dbport' => '', - 'dbtableprefix' => 'oc_', - 'mysql.utf8mb4' => true, - 'dbuser' => 'nextcloud', - 'dbpassword' => 'TdBLMQQeKbz1zab3sySUsGxo3', - 'installed' => true, - // Some Nextcloud options that might make sense here - 'allow_user_to_change_display_name' => false, - 'lost_password_link' => 'disabled', - // URL of provider. All other URLs are auto-discovered from .well-known - 'oidc_login_provider_url' => 'https://id.ccchh.net/realms/ccchh', - // Client ID and secret registered with the provider - 'oidc_login_client_id' => 'cloud', - 'oidc_login_client_secret' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/kc-client-secret", create=false, missing="error") }}', - // Automatically redirect the login page to the provider - 'oidc_login_auto_redirect' => true, - // Redirect to this page after logging out the user - //'oidc_login_logout_url' => 'https://openid.example.com/thankyou', - // If set to true the user will be redirected to the - // logout endpoint of the OIDC provider after logout - // in Nextcloud. After successfull logout the OIDC - // provider will redirect back to 'oidc_login_logout_url' (MUST be set). - 'oidc_login_end_session_redirect' => true, - // Quota to assign if no quota is specified in the OIDC response (bytes) - // - // NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to - // zero or -1 or ''. - 'oidc_login_default_quota' => '1000000000', - // Login button text - 'oidc_login_button_text' => 'Log in via id.ccchh.net', - // Hide the NextCloud password change form. - 'oidc_login_hide_password_form' => false, - // Use ID Token instead of UserInfo - 'oidc_login_use_id_token' => false, - 'oidc_login_attributes' => array ( - 'id' => 'preferred_username', - 'name' => 'name', - 'mail' => 'email', - 'quota' => 'ownCloudQuota', - 'home' => 'homeDirectory', - 'ldap_uid' => 'uid', - 'groups' => 'ownCloudGroups', - 'login_filter' => 'realm_access_roles', - 'photoURL' => 'picture', - 'is_admin' => 'ownCloudAdmin', - ), - // Default group to add users to (optional, defaults to nothing) - //'oidc_login_default_group' => 'oidc', - 'oidc_login_filter_allowed_values' => null, - // Set OpenID Connect scope - 'oidc_login_scope' => 'openid profile', - // The `id` attribute in `oidc_login_attributes` must return the - // "Internal Username" (see expert settings in LDAP integration) - 'oidc_login_proxy_ldap' => false, - // Fallback to direct login if login from OIDC fails - // Note that no error message will be displayed if enabled - 'oidc_login_disable_registration' => false, - //'oidc_login_redir_fallback' => false, - // If you get your groups from the oidc_login_attributes, you might want - // to create them if they are not already existing, Default is `false`. - 'oidc_create_groups' => true, - // Enable use of WebDAV via OIDC bearer token. - 'oidc_login_webdav_enabled' => true, - // Enable authentication with user/password for DAV clients that do not - // support token authentication (e.g. DAVx⁵) - 'oidc_login_password_authentication' => false, -); \ No newline at end of file diff --git a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 index 7e6ad56..8832381 100644 --- a/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 +++ b/resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2 @@ -11,7 +11,7 @@ $CONFIG = array ( 'mail_smtpname' => 'no-reply@cloud.hamburg.ccc.de', 'mail_from_address' => 'no-reply', 'mail_domain' => 'cloud.hamburg.ccc.de', - 'mail_smtppassword' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/smtp_password", create=false, missing="error") }}', + 'mail_smtppassword' => '{{ secret__nextcloud_smtp_password }}', 'mail_smtpdebug' => true, 'maintenance_window_start' => 1, ); diff --git a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 b/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 deleted file mode 100644 index 56995ca..0000000 --- a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 +++ /dev/null @@ -1,60 +0,0 @@ -ALLOWED_HOSTS = [ "netbox.eh22.easterhegg.eu" ] -DATABASE = { - "HOST": "localhost", - "NAME": "netbox", - "USER": "netbox", - "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}", -} -REDIS = { - "tasks": { - "HOST": "localhost", - "PORT": 6379, - "USERNAME": "", - "PASSWORD": "", - "DATABASE": 0, - "SSL": False, - }, - "caching": { - "HOST": "localhost", - "PORT": 6379, - "USERNAME": "", - "PASSWORD": "", - "DATABASE": 1, - "SSL": False, - }, -} -SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SECRET_KEY', create=false, missing='error') }}" -SESSION_COOKIE_SECURE = True - -# CCCHH ID (Keycloak) integration. -# https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7 -# https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html -REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2" -SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = ( - "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token" -) -SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = ( - "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth" -) -SOCIAL_AUTH_KEYCLOAK_KEY = "eh22-netbox" -SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB" -SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}" -# Use custom OIDC group and role mapping pipeline functions added in via -# netbox__custom_pipeline_oidc_group_and_role_mapping. -# The default pipeline this is based on can be found here: -# https://github.com/netbox-community/netbox/blob/main/netbox/netbox/settings.py -SOCIAL_AUTH_PIPELINE = [ - "social_core.pipeline.social_auth.social_details", - "social_core.pipeline.social_auth.social_uid", - "social_core.pipeline.social_auth.social_user", - "social_core.pipeline.user.get_username", - "social_core.pipeline.user.create_user", - "social_core.pipeline.social_auth.associate_user", - "netbox.authentication.user_default_groups_handler", - "social_core.pipeline.social_auth.load_extra_data", - "social_core.pipeline.user.user_details", - # Custom OIDC group and role mapping functions. - "netbox.custom_pipeline_oidc_mapping.add_groups", - "netbox.custom_pipeline_oidc_mapping.remove_groups", - "netbox.custom_pipeline_oidc_mapping.set_roles", -] diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 index 83aeaad..51aeb63 100644 --- a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 @@ -3,38 +3,84 @@ # - https://github.com/prometheus/alertmanager/blob/48a99764a1fc9279fc828de83e7a03ae2219abc7/doc/examples/simple.yml route: - group_by: ["alertname", "site", "type", "hypervisor"] - + receiver: 'ccchh-infrastructure-alerts' + group_by: [ "alertname", "site", "type", "hypervisor" ] group_wait: 30s group_interval: 5m - repeat_interval: 3h - - receiver: ccchh-infrastructure-alerts - - -{# Disable these for now, but might be interesting in the future. -# Inhibition rules allow to mute a set of alerts given that another alert is -# firing. -# We use this to mute any warning-level notifications if the same alert is -# already critical. -inhibit_rules: - - source_matchers: [severity="critical"] - target_matchers: [severity="warning"] - # Apply inhibition if the alertname is the same. - # CAUTION: - # If all label names listed in `equal` are missing - # from both the source and target alerts, - # the inhibition rule will apply! - equal: [alertname, cluster, service] #} + repeat_interval: 6h + routes: + - receiver: "null" + matchers: + - sendAlert = "false" + - receiver: ntfy-ccchh-critical + matchers: + - org = "ccchh" + - severity = "critical", + repeat_interval: 18h + continue: true + - receiver: ntfy-ccchh + matchers: + - org = "ccchh" + - severity =~ "info|warning", + repeat_interval: 36h + continue: true + - receiver: ntfy-fux-critical + matchers: + - org = "fux" + - severity = "critical", + repeat_interval: 18h + continue: true + - receiver: email-fux-critical + matchers: + - org = "fux" + - severity = "critical", + repeat_interval: 36h + continue: true + - receiver: ntfy-fux + matchers: + - org = "fux" + - severity =~ "info|warning", + repeat_interval: 36h + continue: true + - receiver: ccchh-infrastructure-alerts + matchers: + - org = "ccchh" + - severity =~ "info|warning|critical" templates: - "/etc/alertmanager/templates/*.tmpl" receivers: + - name: "null" - name: "ccchh-infrastructure-alerts" telegram_configs: - send_resolved: true - bot_token: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/alertmanager_telegram_bot_token", create=false, missing="error") }} + bot_token: {{ secret__alertmanager_telegram_bot_token }} chat_id: -1002434372415 parse_mode: HTML message: {{ "'{{ template \"alert-message.telegram.ccchh\" . }}'" }} + + - name: "ntfy-ccchh-critical" + webhook_configs: + - url: "http://ntfy-alertmanager-ccchh-critical:8000" + + - name: "ntfy-fux-critical" + webhook_configs: + - url: "http://ntfy-alertmanager-fux-critical:8001" + + - name: "ntfy-ccchh" + webhook_configs: + - url: "http://ntfy-alertmanager-ccchh:8010" + + - name: "ntfy-fux" + webhook_configs: + - url: "http://ntfy-alertmanager-fux:8011" + + - name: "email-fux-critical" + email_configs: + - send_resolved: true + to: "stb@lassitu.de,fux@zimdahl.org" + from: "alert-manager@hamburg.ccc.de" + smarthost: "cow.hamburg.ccc.de:587" + auth_username: "alert-manager@hamburg.ccc.de" + auth_password: {{ secret__alert_manager_email_password }} diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl b/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl index 5318fb0..3e97e6e 100644 --- a/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl +++ b/resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl @@ -20,16 +20,25 @@ Links & Resources {{ define "alert-message.telegram.ccchh" }} -{{- if .Alerts.Firing }} -🔥{{ len .Alerts.Firing }} Alert(/s) Firing 🔥 -{{ range .Alerts.Firing -}} -{{ template "alert-item.telegram.ccchh.internal" . }} -{{- end }} -{{- end }} -{{- if .Alerts.Resolved }} -✅{{ len .Alerts.Resolved }} Alert(/s) Resolved ✅ -{{ range .Alerts.Resolved -}} -{{ template "alert-item.telegram.ccchh.internal" . }} -{{- end }} -{{- end }} + {{- if .Alerts.Firing }} + 🔥{{ len .Alerts.Firing }} Alert(/s) Firing 🔥 + {{- if le (len .Alerts.Firing) 5 }} + {{- range .Alerts.Firing }} + {{ template "alert-item.telegram.ccchh.internal" . }} + {{- end }} + {{- else }} + There are too many alerts firing at once + {{- end }} + {{- end }} + + {{- if .Alerts.Resolved }} + ✅{{ len .Alerts.Resolved }} Alert(/s) Resolved ✅ + {{- if le (len .Alerts.Resolved) 5 }} + {{- range .Alerts.Resolved }} + {{ template "alert-item.telegram.ccchh.internal" . }} + {{- end }} + {{- else }} + There are too many resolved alerts to list + {{- end }} + {{- end }} {{- end }} diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 index 3e994dc..436669a 100644 --- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 @@ -2,20 +2,23 @@ services: prometheus: - image: prom/prometheus + image: docker.io/prom/prometheus:v3.7.1@sha256:ff7e389acbe064a4823212a500393d40a28a8f362e4b05cbf6742a9a3ef736b2 container_name: prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' + - '--web.enable-remote-write-receiver' + - '--enable-feature=promql-experimental-functions' ports: - 9090:9090 restart: unless-stopped volumes: - ./configs/prometheus.yml:/etc/prometheus/prometheus.yml - ./configs/prometheus_alerts.rules.yaml:/etc/prometheus/rules/alerts.rules.yaml + - ./configs/prometheus_alerts-fux.rules.yaml:/etc/prometheus/rules/alerts-fux.rules.yaml - prom_data:/prometheus - + alertmanager: - image: prom/alertmanager + image: docker.io/prom/alertmanager:v0.28.1@sha256:27c475db5fb156cab31d5c18a4251ac7ed567746a2483ff264516437a39b15ba container_name: alertmanager command: - '--config.file=/etc/alertmanager/alertmanager.yaml' @@ -28,34 +31,82 @@ services: - alertmanager_data:/alertmanager grafana: - image: grafana/grafana + image: docker.io/grafana/grafana:12.2.1@sha256:35c41e0fd0295f5d0ee5db7e780cf33506abfaf47686196f825364889dee878b container_name: grafana ports: - 3000:3000 restart: unless-stopped environment: - GF_SECURITY_ADMIN_USER=admin - - "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/GF_SECURITY_ADMIN_PASSWORD", create=false, missing="error") }}" + - "GF_SECURITY_ADMIN_PASSWORD={{ secret__grafana_gf_security_admin_password }}" volumes: - ./configs/grafana.ini:/etc/grafana/grafana.ini - ./configs/grafana-datasource.yml:/etc/grafana/provisioning/datasources/datasource.yml - graf_data:/var/lib/grafana pve-exporter: - image: prompve/prometheus-pve-exporter + image: docker.io/prompve/prometheus-pve-exporter:3.5.5@sha256:79a5598906697b1a5a006d09f0200528a77c6ff1568faf018539ac65824454df container_name: pve-exporter ports: - 9221:9221 restart: unless-stopped environment: - PVE_USER=grafana@pve - - "PVE_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/prometheus-exporter", create=false, missing="error") }}" + - "PVE_PASSWORD={{ secret__prometheus_pve_exporter_pve_password }}" - PVE_VERIFY_SSL=false volumes: - /dev/null:/etc/prometheus/pve.yml + loki: + image: docker.io/grafana/loki:3.5.7@sha256:0eaee7bf39cc83aaef46914fb58f287d4f4c4be6ec96b86c2ed55719a75e49c8 + container_name: loki + ports: + - 13100:3100 + - 19099:9099 + restart: unless-stopped + volumes: + - ./configs/loki.yaml:/etc/loki/local-config.yaml + - loki_data:/var/loki + + ntfy-alertmanager-ccchh-critical: + image: docker.io/xenrox/ntfy-alertmanager:0.5.0@sha256:5fea88db3bf0257d98c007ab0c4ef064c6d67d7b7ceead7d6956dfa0a5cb333b + container_name: ntfy-alertmanager-ccchh-critical + volumes: + - ./configs/ntfy-alertmanager-ccchh-critical:/etc/ntfy-alertmanager/config + ports: + - 8000:8000 + restart: unless-stopped + + ntfy-alertmanager-fux-critical: + image: docker.io/xenrox/ntfy-alertmanager:0.5.0@sha256:5fea88db3bf0257d98c007ab0c4ef064c6d67d7b7ceead7d6956dfa0a5cb333b + container_name: ntfy-alertmanager-fux-critical + volumes: + - ./configs/ntfy-alertmanager-fux-critical:/etc/ntfy-alertmanager/config + ports: + - 8001:8001 + restart: unless-stopped + + ntfy-alertmanager-ccchh: + image: docker.io/xenrox/ntfy-alertmanager:0.5.0@sha256:5fea88db3bf0257d98c007ab0c4ef064c6d67d7b7ceead7d6956dfa0a5cb333b + container_name: ntfy-alertmanager-ccchh + volumes: + - ./configs/ntfy-alertmanager-ccchh:/etc/ntfy-alertmanager/config + ports: + - 8010:8010 + restart: unless-stopped + + ntfy-alertmanager-fux: + image: docker.io/xenrox/ntfy-alertmanager:0.5.0@sha256:5fea88db3bf0257d98c007ab0c4ef064c6d67d7b7ceead7d6956dfa0a5cb333b + container_name: ntfy-alertmanager-fux + volumes: + - ./configs/ntfy-alertmanager-fux:/etc/ntfy-alertmanager/config + ports: + - 8011:8011 + restart: unless-stopped volumes: graf_data: {} prom_data: {} alertmanager_data: {} + loki_data: {} + mimir_data: {} diff --git a/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml b/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml index 44999d4..3cb6995 100644 --- a/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml +++ b/resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml @@ -7,3 +7,14 @@ datasources: isDefault: true access: proxy editable: true + - name: Loki + type: loki + url: http://loki:3100 + access: proxy + editable: true + jsonData: + timeout: 60 + maxLines: 3000 + httpHeaderName1: "X-Scope-OrgID" + secureJsonData: + httpHeaderValue1: "chaos" diff --git a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2 b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2 index 65f7bed..af5b848 100644 --- a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2 +++ b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2 @@ -11,7 +11,7 @@ auto_login = true name = id.hamburg.ccc.de allow_sign_up = true client_id = grafana -client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }} +client_secret = {{ secret__grafana_keycloak_secret }} scopes = openid email profile offline_access roles email_attribute_path = email login_attribute_path = username diff --git a/resources/chaosknoten/grafana/docker_compose/loki.yaml b/resources/chaosknoten/grafana/docker_compose/loki.yaml new file mode 100644 index 0000000..daf214f --- /dev/null +++ b/resources/chaosknoten/grafana/docker_compose/loki.yaml @@ -0,0 +1,52 @@ +auth_enabled: true + +server: + http_listen_port: 3100 + grpc_listen_port: 9099 + log_level: warn + +limits_config: + retention_period: 14d + +common: + instance_addr: 127.0.0.1 + path_prefix: /var/loki + storage: + filesystem: + chunks_directory: /var/loki/chunks + rules_directory: /var/loki/rules + replication_factor: 1 + ring: + kvstore: + store: inmemory + +storage_config: + filesystem: + directory: /var/loki/chunks + index_queries_cache_config: + embedded_cache: + enabled: true + max_size_mb: 80 + ttl: 30m + +schema_config: + configs: + - from: 2025-04-28 + store: tsdb + object_store: filesystem + schema: v13 + index: + prefix: index_ + period: 24h + +chunk_store_config: + chunk_cache_config: + embedded_cache: + enabled: true + max_size_mb: 80 + ttl: 30m + write_dedupe_cache_config: + embedded_cache: + enabled: true + max_size_mb: 80 + ttl: 30m diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2 new file mode 100644 index 0000000..b4afc90 --- /dev/null +++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh-critical.j2 @@ -0,0 +1,48 @@ +base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-ccchh-critical +http-address :8000 +log-level info +log-format text +# When multiple alerts are grouped together by Alertmanager, they can either be sent +# each on their own (single mode) or be kept together (multi mode) +# Options: single, multi +# Default: multi +alert-mode single + +labels { + order "severity" + + severity "critical" { + priority 4 + tags "rotating_light" + } + + severity "warning" { + priority 3 + tags "warning" + } + + severity "info" { + priority 1 + } +} + +resolved { + tags "white_check_mark,resolved" + priority 2 +} + +ntfy { + server https://ntfy.hamburg.ccc.de + topic ccchh-alertmanager-critical + access-token {{ secret__ntfy_token }} +} + +alertmanager { + silence-duration 3h +} + +cache { + type memory + duration 12h + cleanup-interval 1h +} diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2 new file mode 100644 index 0000000..66fd9ab --- /dev/null +++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-ccchh.j2 @@ -0,0 +1,48 @@ +base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-ccchh +http-address :8010 +log-level info +log-format text +# When multiple alerts are grouped together by Alertmanager, they can either be sent +# each on their own (single mode) or be kept together (multi mode) +# Options: single, multi +# Default: multi +alert-mode single + +labels { + order "severity" + + severity "critical" { + priority 4 + tags "rotating_light" + } + + severity "warning" { + priority 3 + tags "warning" + } + + severity "info" { + priority 1 + } +} + +resolved { + tags "white_check_mark,resolved" + priority 2 +} + +ntfy { + server https://ntfy.hamburg.ccc.de + topic ccchh-alertmanager + access-token {{ secret__ntfy_token }} +} + +alertmanager { + silence-duration 3h +} + +cache { + type memory + duration 12h + cleanup-interval 1h +} diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2 new file mode 100644 index 0000000..afb6cc8 --- /dev/null +++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux-critical.j2 @@ -0,0 +1,48 @@ +base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-fux-critical +http-address :8001 +log-level info +log-format text +# When multiple alerts are grouped together by Alertmanager, they can either be sent +# each on their own (single mode) or be kept together (multi mode) +# Options: single, multi +# Default: multi +alert-mode single + +labels { + order "severity" + + severity "critical" { + priority 4 + tags "rotating_light" + } + + severity "warning" { + priority 3 + tags "warning" + } + + severity "info" { + priority 1 + } +} + +resolved { + tags "white_check_mark,resolved" + priority 2 +} + +ntfy { + server https://ntfy.hamburg.ccc.de + topic fux-alertmanager-critical + access-token {{ secret__ntfy_token }} +} + +alertmanager { + silence-duration 3h +} + +cache { + type memory + duration 12h + cleanup-interval 1h +} diff --git a/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2 b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2 new file mode 100644 index 0000000..1e506a3 --- /dev/null +++ b/resources/chaosknoten/grafana/docker_compose/ntfy-alertmanager-fux.j2 @@ -0,0 +1,48 @@ +base-url https://grafana.hamburg.ccc.de/ntfy-alertmanager-fux +http-address :8011 +log-level info +log-format text +# When multiple alerts are grouped together by Alertmanager, they can either be sent +# each on their own (single mode) or be kept together (multi mode) +# Options: single, multi +# Default: multi +alert-mode single + +labels { + order "severity" + + severity "critical" { + priority 4 + tags "rotating_light" + } + + severity "warning" { + priority 3 + tags "warning" + } + + severity "info" { + priority 1 + } +} + +resolved { + tags "white_check_mark,resolved" + priority 2 +} + +ntfy { + server https://ntfy.hamburg.ccc.de + topic fux-alertmanager + access-token {{ secret__ntfy_token }} +} + +alertmanager { + silence-duration 3h +} + +cache { + type memory + duration 12h + cleanup-interval 1h +} diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus.yml b/resources/chaosknoten/grafana/docker_compose/prometheus.yml index 5f6232f..fd59034 100644 --- a/resources/chaosknoten/grafana/docker_compose/prometheus.yml +++ b/resources/chaosknoten/grafana/docker_compose/prometheus.yml @@ -1,12 +1,12 @@ global: - scrape_interval: 15s - scrape_timeout: 10s - evaluation_interval: 15s + scrape_interval: 60s + scrape_timeout: 15s + evaluation_interval: 30s alerting: alertmanagers: - scheme: http - timeout: 10s + timeout: 15s static_configs: - targets: - "alertmanager:9093" @@ -22,6 +22,8 @@ scrape_configs: static_configs: - targets: - localhost:9090 + labels: + org: ccchh - job_name: alertmanager honor_timestamps: true metrics_path: /metrics @@ -29,6 +31,8 @@ scrape_configs: static_configs: - targets: - alertmanager:9093 + labels: + org: ccchh - job_name: mumble honor_timestamps: true scrape_interval: 5s @@ -38,6 +42,8 @@ scrape_configs: static_configs: - targets: - mumble.hamburg.ccc.de:443 + labels: + org: ccchh - job_name: opnsense-ccchh honor_timestamps: true metrics_path: /metrics @@ -45,6 +51,8 @@ scrape_configs: static_configs: - targets: - 185.161.129.132:9100 + labels: + org: ccchh - job_name: jitsi honor_timestamps: true scrape_interval: 5s @@ -54,10 +62,14 @@ scrape_configs: static_configs: - targets: - jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge + labels: + org: ccchh - job_name: 'pve' static_configs: - targets: - 212.12.48.126 # chaosknoten + labels: + org: ccchh metrics_path: /pve params: module: [ default ] @@ -74,6 +86,7 @@ scrape_configs: static_configs: # Wieske Chaosknoten VMs - labels: + org: ccchh site: wieske type: virtual_machine hypervisor: chaosknoten @@ -83,7 +96,6 @@ scrape_configs: - public-web-static-intern.hamburg.ccc.de:9100 - git-intern.hamburg.ccc.de:9100 - forgejo-actions-runner-intern.hamburg.ccc.de:9100 - - eh22-netbox-intern.hamburg.ccc.de:9100 - eh22-wiki-intern.hamburg.ccc.de:9100 - mjolnir-intern.hamburg.ccc.de:9100 - woodpecker-intern.hamburg.ccc.de:9100 @@ -99,7 +111,13 @@ scrape_configs: - zammad-intern.hamburg.ccc.de:9100 - pretalx-intern.hamburg.ccc.de:9100 - labels: + org: ccchh site: wieske type: physical_machine targets: - chaosknoten.hamburg.ccc.de:9100 + + +storage: + tsdb: + out_of_order_time_window: 90m diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml new file mode 100644 index 0000000..b1836a3 --- /dev/null +++ b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml @@ -0,0 +1,41 @@ +groups: + - name: Fux-Generic + rules: + - alert: HostJobFlaky + expr: group by(instance, job) (changes(up{org="fux"}[24h]) > 7) + for: 0m + labels: + severity: info + org: fux + annotations: + summary: Job {{ $labels.job }} flaky on (instance {{ $labels.instance }}) + description: "The job {{ $labels.job }} on target: {{ $labels.instance }} has been flaky over the last 24 hours." + - name: Fux-SNMP + rules: + - alert: SnmpTargetMissing + expr: up{job=~".*snmp.*", org="fux"} == 0 + for: 15m + labels: + severity: critical + org: fux + annotations: + summary: SNMP target missing (instance {{ $labels.instance }}) + description: "SNMP target: {{ $labels.instance }} has disappeared for more the 15 min." + - name: Fux-DHCP + rules: + - alert: DhcpFuxSharedFailed + expr: script_success{script="check_dhcp_fux_shared"} == 0 + for: 2m + labels: + severity: critical + annotations: + summary: DHCP for Fux Shared stoped working + description: "No DHCP lease for the Fux Shared range was received \n V" + - alert: DhcpFuxAdminFailed + expr: script_success{script_success="check_dhcp_fux_admin"} == 0 + for: 2m + labels: + severity: critical + annotations: + summary: DHCP for Fux Admin stoped working + description: "No DHCP lease for the Fux Admin range was received" diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml index 5ec53b8..4a2bc6f 100644 --- a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml +++ b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml @@ -196,9 +196,9 @@ groups: # Same rule using "node_filesystem_free_bytes" will fire when disk fills for non-root users. - alert: HostDiskWillFillIn24Hours expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) predict_linear(node_filesystem_avail_bytes{fstype!~"tmpfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"} - for: 2m + for: 5m labels: - severity: warning + severity: critical annotations: summary: Host disk will fill in 24 hours (instance {{ $labels.instance }}) description: "Filesystem is predicted to run out of space within the next 24 hours at current write rate\n VALUE = {{ $value }}" @@ -212,9 +212,9 @@ groups: description: "Disk is almost running out of available inodes (< 10% left)\n VALUE = {{ $value }}" - alert: HostInodesWillFillIn24Hours expr: (node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"} - for: 2m + for: 5m labels: - severity: warning + severity: critical annotations: summary: Host inodes will fill in 24 hours (instance {{ $labels.instance }}) description: "Filesystem is predicted to run out of inodes within the next 24 hours at current write rate\n VALUE = {{ $value }}" @@ -362,7 +362,7 @@ groups: expr: (node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"} for: 0m labels: - severity: warning + severity: critical annotations: summary: Host systemd service crashed (instance {{ $labels.instance }}) description: "systemd service crashed\n VALUE = {{ $value }}" @@ -410,7 +410,7 @@ groups: summary: Prometheus job missing (instance {{ $labels.instance }}) description: "A Prometheus job has disappeared\n VALUE = {{ $value }}" - alert: PrometheusTargetMissing - expr: up == 0 + expr: up{job!~"snmp|noc_room_temp"} == 0 for: 0m labels: severity: critical @@ -418,7 +418,7 @@ groups: summary: Prometheus target missing (instance {{ $labels.instance }}) description: "A Prometheus target has disappeared. An exporter might be crashed.\n VALUE = {{ $value }}" - alert: PrometheusAllTargetsMissing - expr: sum by (job) (up) == 0 + expr: sum by (job) (up{job!~"snmp|noc_room_temp"}) == 0 for: 0m labels: severity: critical @@ -438,6 +438,7 @@ groups: for: 0m labels: severity: warning + org: ccchh annotations: summary: Prometheus too many restarts (instance {{ $labels.instance }}) description: "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping.\n VALUE = {{ $value }}" @@ -446,6 +447,7 @@ groups: for: 0m labels: severity: warning + org: ccchh annotations: summary: Prometheus AlertManager job missing (instance {{ $labels.instance }}) description: "A Prometheus AlertManager job has disappeared\n VALUE = {{ $value }}" @@ -454,6 +456,7 @@ groups: for: 0m labels: severity: warning + org: ccchh annotations: summary: Prometheus AlertManager configuration reload failure (instance {{ $labels.instance }}) description: "AlertManager configuration reload error\n VALUE = {{ $value }}" @@ -462,6 +465,7 @@ groups: for: 0m labels: severity: warning + org: ccchh annotations: summary: Prometheus AlertManager config not synced (instance {{ $labels.instance }}) description: "Configurations of AlertManager cluster instances are out of sync\n VALUE = {{ $value }}" @@ -479,6 +483,7 @@ groups: for: 0m labels: severity: critical + org: ccchh annotations: summary: Prometheus not connected to alertmanager (instance {{ $labels.instance }}) description: "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}" @@ -487,6 +492,7 @@ groups: for: 0m labels: severity: critical + org: ccchh annotations: summary: Prometheus rule evaluation failures (instance {{ $labels.instance }}) description: "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}" @@ -495,6 +501,7 @@ groups: for: 0m labels: severity: critical + org: ccchh annotations: summary: Prometheus template text expansion failures (instance {{ $labels.instance }}) description: "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}" @@ -503,6 +510,7 @@ groups: for: 5m labels: severity: warning + org: ccchh annotations: summary: Prometheus rule evaluation slow (instance {{ $labels.instance }}) description: "Prometheus rule evaluation took more time than the scheduled interval. It indicates a slower storage backend access or too complex query.\n VALUE = {{ $value }}" @@ -519,6 +527,7 @@ groups: for: 0m labels: severity: critical + org: ccchh annotations: summary: Prometheus AlertManager notification failing (instance {{ $labels.instance }}) description: "Alertmanager is failing sending notifications\n VALUE = {{ $value }}" @@ -527,6 +536,7 @@ groups: for: 0m labels: severity: critical + org: ccchh annotations: summary: Prometheus target empty (instance {{ $labels.instance }}) description: "Prometheus has no target in service discovery\n VALUE = {{ $value }}" @@ -535,6 +545,7 @@ groups: for: 5m labels: severity: warning + org: ccchh annotations: summary: Prometheus target scraping slow (instance {{ $labels.instance }}) description: "Prometheus is scraping exporters slowly since it exceeded the requested interval time. Your Prometheus server is under-provisioned.\n VALUE = {{ $value }}" @@ -575,6 +586,7 @@ groups: for: 0m labels: severity: critical + org: ccchh annotations: summary: Prometheus TSDB compactions failed (instance {{ $labels.instance }}) description: "Prometheus encountered {{ $value }} TSDB compactions failures\n VALUE = {{ $value }}" @@ -583,6 +595,7 @@ groups: for: 0m labels: severity: critical + org: ccchh annotations: summary: Prometheus TSDB head truncations failed (instance {{ $labels.instance }}) description: "Prometheus encountered {{ $value }} TSDB head truncation failures\n VALUE = {{ $value }}" @@ -591,6 +604,7 @@ groups: for: 0m labels: severity: critical + org: ccchh annotations: summary: Prometheus TSDB reload failures (instance {{ $labels.instance }}) description: "Prometheus encountered {{ $value }} TSDB reload failures\n VALUE = {{ $value }}" @@ -599,6 +613,7 @@ groups: for: 0m labels: severity: critical + org: ccchh annotations: summary: Prometheus TSDB WAL corruptions (instance {{ $labels.instance }}) description: "Prometheus encountered {{ $value }} TSDB WAL corruptions\n VALUE = {{ $value }}" @@ -607,14 +622,16 @@ groups: for: 0m labels: severity: critical + org: ccchh annotations: summary: Prometheus TSDB WAL truncations failed (instance {{ $labels.instance }}) description: "Prometheus encountered {{ $value }} TSDB WAL truncation failures\n VALUE = {{ $value }}" - alert: PrometheusTimeseriesCardinality - expr: label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 10000 + expr: label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 20000 for: 0m labels: severity: warning + org: ccchh annotations: summary: Prometheus timeseries cardinality (instance {{ $labels.instance }}) description: "The \"{{ $labels.name }}\" timeseries cardinality is getting very high: {{ $value }}\n VALUE = {{ $value }}" diff --git a/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf index a3218d1..c5b68e1 100644 --- a/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf +++ b/resources/chaosknoten/grafana/nginx/grafana.hamburg.ccc.de.conf @@ -2,7 +2,8 @@ # https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 server { # Listen on a custom port for the proxy protocol. - listen 8443 ssl http2 proxy_protocol; + listen 8443 ssl proxy_protocol; + http2 on; # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy # protocol. @@ -40,4 +41,71 @@ server { proxy_pass http://127.0.0.1:3000/; } + location /ntfy-alertmanager-ccchh-critical/ { + deny all; + allow ::1/128; + allow 127.0.0.1/32; + # Wieske + allow 172.31.17.128/25; + allow 212.12.51.128/28; + allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router + allow 2a00:14b0:4200:3000::/64; #Bei Wieske + allow 2a00:14b0:4200:3380::/64; + allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing + # Z9 + allow 2a07:c480:0:100::/56; + allow 2a07:c481:1::/48; + proxy_pass http://127.0.0.1:8000/; + } + + location /ntfy-alertmanager-ccchh/ { + deny all; + allow ::1/128; + allow 127.0.0.1/32; + # Wieske + allow 172.31.17.128/25; + allow 212.12.51.128/28; + allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router + allow 2a00:14b0:4200:3000::/64; #Bei Wieske + allow 2a00:14b0:4200:3380::/64; + allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing + # Z9 + allow 2a07:c480:0:100::/56; + allow 2a07:c481:1::/48; + proxy_pass http://127.0.0.1:8010/; + } + + location /ntfy-alertmanager-fux-critical/ { + deny all; + allow ::1/128; + allow 127.0.0.1/32; + # Wieske + allow 172.31.17.128/25; + allow 212.12.51.128/28; + allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router + allow 2a00:14b0:4200:3000::/64; #Bei Wieske + allow 2a00:14b0:4200:3380::/64; + allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing + # Z9 + allow 2a07:c480:0:100::/56; + allow 2a07:c481:1::/48; + proxy_pass http://127.0.0.1:8001/; + } + + location /ntfy-alertmanager-fux/ { + deny all; + allow ::1/128; + allow 127.0.0.1/32; + # Wieske + allow 172.31.17.128/25; + allow 212.12.51.128/28; + allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router + allow 2a00:14b0:4200:3000::/64; #Bei Wieske + allow 2a00:14b0:4200:3380::/64; + allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing + # Z9 + allow 2a07:c480:0:100::/56; + allow 2a07:c481:1::/48; + proxy_pass http://127.0.0.1:8011/; + } } diff --git a/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf new file mode 100644 index 0000000..e2bf4a7 --- /dev/null +++ b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf @@ -0,0 +1,89 @@ +server { + allow ::1/128; + allow 127.0.0.1/32; + # Wieske + allow 172.31.17.128/25; + allow 212.12.51.128/28; + allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router + allow 2a00:14b0:4200:3000::/64; #Bei Wieske + allow 2a00:14b0:4200:3380::/64; + allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing + # Z9 + allow 2a07:c480:0:100::/56; + allow 2a07:c481:1::/48; + + deny all; + + server_name loki.hamburg.ccc.de; + + listen [::]:50051 ssl; + listen 172.31.17.145:50051 ssl; + + http2 on; + + client_body_buffer_size 512k; + + ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem; + + auth_basic "loki"; + auth_basic_user_file loki.htpasswd; + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Port 9099; + # This is https in any case. + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Scope-OrgID $remote_user; + grpc_pass grpc://localhost:19099; + } +} + +server { + allow ::1/128; + allow 127.0.0.1/32; + # Wieske + allow 172.31.17.128/25; + allow 212.12.51.128/28; + allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router + allow 2a00:14b0:4200:3000::/64; #Bei Wieske + allow 2a00:14b0:4200:3380::/64; + allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing + # Z9 + allow 2a07:c480:0:100::/56; + allow 2a07:c481:1::/48; + deny all; + + server_name loki.hamburg.ccc.de; + + listen [::]:443 ssl; + listen 172.31.17.145:443 ssl; + + http2 on; + + client_body_buffer_size 512k; + + ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem; + # verify chain of trust of OCSP response using Root CA and Intermediate certs + ssl_trusted_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/chain.pem; + + # HSTS (ngx_http_headers_module is required) (63072000 seconds) + add_header Strict-Transport-Security "max-age=63072000" always; + + auth_basic "loki"; + auth_basic_user_file loki.htpasswd; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # This is https in any case. + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Scope-OrgID $remote_user; + proxy_pass http://127.0.0.1:13100; + } +} diff --git a/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2 b/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2 new file mode 100644 index 0000000..ed270c2 --- /dev/null +++ b/resources/chaosknoten/grafana/nginx/loki.htpasswd.j2 @@ -0,0 +1 @@ +chaos:{{ secret__loki_chaos_basic_auth }} diff --git a/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf new file mode 100644 index 0000000..2c52523 --- /dev/null +++ b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf @@ -0,0 +1,61 @@ +server { + allow ::1/128; + allow 127.0.0.1/32; + # Wieske + allow 172.31.17.128/25; + allow 212.12.51.128/28; + allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router + allow 2a00:14b0:4200:3000::/64; #Bei Wieske + allow 2a00:14b0:4200:3380::/64; + allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing + # Z9 + allow 2a07:c480:0:100::/56; + allow 2a07:c481:1::/48; + # fuxnoc + allow 2a07:c481:0:1::/64; + deny all; + + server_name metrics.hamburg.ccc.de; + + listen [::]:443 ssl; + listen 172.31.17.145:443 ssl; + http2 on; + + client_body_buffer_size 512k; + + ssl_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/metrics.hamburg.ccc.de/privkey.pem; + # verify chain of trust of OCSP response using Root CA and Intermediate certs + ssl_trusted_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/chain.pem; + + # HSTS (ngx_http_headers_module is required) (63072000 seconds) + add_header Strict-Transport-Security "max-age=63072000" always; + + auth_basic "metrics"; + auth_basic_user_file metrics.htpasswd; + + location /api/v1/write { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Port 3100; + # This is https in any case. + proxy_set_header X-Forwarded-Proto https; + + proxy_pass http://127.0.0.1:9090; + } + + location /ready { + rewrite ^ /-/ready break; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # This is https in any case. + proxy_set_header X-Forwarded-Proto https; + + proxy_pass http://127.0.0.1:9090; + } +} diff --git a/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2 b/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2 new file mode 100644 index 0000000..f680572 --- /dev/null +++ b/resources/chaosknoten/grafana/nginx/metrics.htpasswd.j2 @@ -0,0 +1,2 @@ +chaos:{{ secret__metrics_chaos_basic_auth }} +fux:{{ secret__metrics_fux_basic_auth }} diff --git a/resources/chaosknoten/grafana/nginx/redirect.conf b/resources/chaosknoten/grafana/nginx/redirect.conf new file mode 100644 index 0000000..28b265a --- /dev/null +++ b/resources/chaosknoten/grafana/nginx/redirect.conf @@ -0,0 +1,14 @@ +# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration +# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 +server { + listen 80 default_server; + listen [::]:80 default_server; + + location / { + return 301 https://$host$request_uri; + } + + location /.well-known/acme-challenge/ { + proxy_pass http://127.0.0.1:31820/.well-known/acme-challenge/; + } +} diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index 9509654..398d814 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -22,7 +22,7 @@ services: keycloak: - image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.0 + image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.4@sha256:65d65fa0e858a608fd3e7d16ecfd7a5ced2fba4ab22a8fd3b86f3742ecec0a83 pull_policy: always restart: unless-stopped command: start --optimized @@ -32,11 +32,11 @@ services: - keycloak environment: KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }} + KEYCLOAK_ADMIN_PASSWORD: {{ secret__keycloak_admin_password }} KC_DB: postgres KC_DB_URL_HOST: db KC_DB_USERNAME: keycloak - KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }} + KC_DB_PASSWORD: {{ secret__keycloak_db_password }} KC_HOSTNAME: https://id.hamburg.ccc.de KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de @@ -46,7 +46,7 @@ services: - "8080:8080" db: - image: postgres:15.2 + image: docker.io/library/postgres:15.14@sha256:9541969afa16d1ac724e16d1cf3c26ddd0c5bae5dd1c230118a7f5b9c14cde1f restart: unless-stopped networks: - keycloak @@ -54,11 +54,11 @@ services: - "./database:/var/lib/postgresql/data" environment: POSTGRES_USER: keycloak - POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }} + POSTGRES_PASSWORD: {{ secret__keycloak_db_password }} POSTGRES_DB: keycloak id-invite-web: - image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest + image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a command: web restart: unless-stopped networks: @@ -76,15 +76,15 @@ services: - "IDINVITE_URL=https://invite.hamburg.ccc.de" - "IDINVITE_KEYCLOAK_NAME=CCCHH ID" - "IDINVITE_VALID_HOURS=50" - - "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}" + - "IDINVITE_SECRET={{ secret__idinvite_token_secret }}" - "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration" - "IDINVITE_CLIENT_ID=id-invite" - - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}" + - "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}" - "MAIL_FROM=no-reply@hamburg.ccc.de" - "BOTTLE_HOST=0.0.0.0" id-invite-email: - image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest + image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a command: email restart: unless-stopped networks: @@ -96,10 +96,10 @@ services: - "MAIL_FROM=no-reply@id.hamburg.ccc.de" - "SMTP_HOSTNAME=cow.hamburg.ccc.de" - "SMTP_USERNAME=no-reply@id.hamburg.ccc.de" - - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}" + - "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}" id-invite-keycloak: - image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest + image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a command: keycloak restart: unless-stopped networks: @@ -107,10 +107,10 @@ services: environment: - "BOTTLE_HOST=0.0.0.0" - "IDINVITE_CLIENT_ID=id-invite" - - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}" + - "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}" - "KEYCLOAK_API_URL=http://keycloak:8080" - "KEYCLOAK_API_USERNAME=id-invite" - - "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}" + - "KEYCLOAK_API_PASSWORD={{ secret__idinvite_admin_password }}" - "KEYCLOAK_API_REALM=ccchh" - 'KEYCLOAK_GROUPS=["user"]' diff --git a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf index 372715d..2b0d919 100644 --- a/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf +++ b/resources/chaosknoten/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf @@ -43,6 +43,7 @@ server { allow 185.161.129.132/32; # z9 allow 2a07:c480:0:100::/56; # z9 + allow 2a07:c481:1::/48; # z9 new ipv6 allow 213.240.180.39/32; # stbe home allow 2a01:170:118b::1/64; # stbe home deny all; diff --git a/resources/chaosknoten/lists/docker_compose/compose.yaml b/resources/chaosknoten/lists/docker_compose/compose.yaml index 232627a..8537ead 100644 --- a/resources/chaosknoten/lists/docker_compose/compose.yaml +++ b/resources/chaosknoten/lists/docker_compose/compose.yaml @@ -1,7 +1,7 @@ services: mailman-core: restart: unless-stopped - image: maxking/mailman-core:0.5 # Use a specific version tag (tag latest is not published) + image: docker.io/maxking/mailman-core:0.5@sha256:cb8e412bb18d74480f996da68f46e92473b6103995e71bc5aeba139b255cc3d2 # Use a specific version tag (tag latest is not published) container_name: mailman-core hostname: mailman-core volumes: @@ -25,7 +25,7 @@ services: mailman-web: restart: unless-stopped - image: maxking/mailman-web:0.5 # Use a specific version tag (tag latest is not published) + image: docker.io/maxking/mailman-web:0.5@sha256:014726db85586fb53541f66f6ce964bf07e939791cfd5ffc796cd6d243696a18 # Use a specific version tag (tag latest is not published) container_name: mailman-web hostname: mailman-web depends_on: @@ -56,7 +56,7 @@ services: - POSTGRES_DB=mailmandb - POSTGRES_USER=mailman - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz - image: postgres:12-alpine + image: docker.io/library/postgres:12-alpine@sha256:7c8f4870583184ebadf7f17a6513620aac5f365a7938dc6a6911c1d5df2f481a volumes: - /opt/mailman/database:/var/lib/postgresql/data networks: diff --git a/resources/chaosknoten/netbox/netbox/configuration.py.j2 b/resources/chaosknoten/netbox/netbox/configuration.py.j2 index 789a539..7648e7e 100644 --- a/resources/chaosknoten/netbox/netbox/configuration.py.j2 +++ b/resources/chaosknoten/netbox/netbox/configuration.py.j2 @@ -3,7 +3,7 @@ DATABASE = { "HOST": "localhost", "NAME": "netbox", "USER": "netbox", - "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}", + "PASSWORD": "{{ netbox__db_password }}", } REDIS = { "tasks": { @@ -23,7 +23,7 @@ REDIS = { "SSL": False, }, } -SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SECRET_KEY', create=false, missing='error') }}" +SECRET_KEY = "{{ secret__netbox_secret_key }}" SESSION_COOKIE_SECURE = True # CCCHH ID (Keycloak) integration. @@ -38,7 +38,7 @@ SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = ( ) SOCIAL_AUTH_KEYCLOAK_KEY = "netbox" SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB" -SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}" +SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ secret__netbox_social_auth_keycloak_secret }}" # Use custom OIDC group and role mapping pipeline functions added in via # netbox__custom_pipeline_oidc_group_and_role_mapping. # The default pipeline this is based on can be found here: diff --git a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 new file mode 100644 index 0000000..07e8d9e --- /dev/null +++ b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 @@ -0,0 +1,24 @@ +--- +services: + ntfy: + image: docker.io/binwiederhier/ntfy:v2.14.0@sha256:5a051798d14138c3ecb12c038652558ab6a077e1aceeb867c151cbf5fa8451ef + container_name: ntfy + command: + - serve + volumes: + - ntfy_cache:/var/cache/ntfy + - ntfy_var:/var/lib/ntfy + - ./configs/server.yml:/etc/ntfy/server.yml + ports: + - 2586:2586 + - 9586:9586 + healthcheck: # optional: remember to adapt the host:port to your environment + test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:2586/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"] + interval: 60s + timeout: 10s + retries: 3 + start_period: 40s + restart: unless-stopped +volumes: + ntfy_cache: {} + ntfy_var: {} diff --git a/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2 new file mode 100644 index 0000000..0a28f4f --- /dev/null +++ b/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2 @@ -0,0 +1,21 @@ +base-url: "https://ntfy.hamburg.ccc.de" +default-host: "https://ntfy.hamburg.ccc.de" +listen-http: ":2586" +behind-proxy: true +cache-file: "/var/cache/ntfy/cache.db" +log-format: json + +enable-metrics: true +metrics-listen-http: ":9586" + +auth-default-access: "deny-all" +auth-file: "/var/lib/ntfy/user.db" + +attachment-cache-dir: "/var/cache/ntfy/attachments" + +web-push-public-key: "BCx7PqDiVNlOiAHHfSxjbTle_LN4hetwHYi58GJhQxiY33AQ663IaJVro7B28j-1KOqwdzKco3dMMwzBJl9OQ90" +web-push-private-key: {{ secret__ntfy_web_push_private_key }} +web-push-file: "/var/cache/ntfy/webpush.db" +web-push-email-address: "mailto:noc@lists.hamburg.ccc.de" + +upstream-base-url: "https://ntfy.sh" diff --git a/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf b/resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf similarity index 60% rename from resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf rename to resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf index 6c9d458..e7d404d 100644 --- a/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf +++ b/resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf @@ -2,7 +2,8 @@ # https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 server { # Listen on a custom port for the proxy protocol. - listen 8443 ssl http2 proxy_protocol; + listen 8443 ssl proxy_protocol; + http2 on; # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy # protocol. @@ -12,12 +13,12 @@ server { # header. real_ip_header proxy_protocol; - server_name netbox.eh22.easterhegg.eu; + server_name ntfy.hamburg.ccc.de; - ssl_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/privkey.pem; + ssl_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ntfy.hamburg.ccc.de/privkey.pem; # verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/chain.pem; + ssl_trusted_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/chain.pem; # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=63072000" always; @@ -29,20 +30,18 @@ server { proxy_set_header X-Forwarded-Port 443; # This is https in any case. proxy_set_header X-Forwarded-Proto https; - # Hide the X-Forwarded header. - proxy_hide_header X-Forwarded; - # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that - # is transparent). - # Also provide "_hidden" for by, since it's not relevant. - proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden"; - - client_max_body_size 25m; - - location /static/ { - alias /opt/netbox/netbox/static/; - } location / { - proxy_pass http://127.0.0.1:8001; + proxy_pass http://127.0.0.1:2586; + proxy_http_version 1.1; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_connect_timeout 3m; + proxy_send_timeout 3m; + proxy_read_timeout 3m; + + client_max_body_size 0; # Stream request body to backend } } diff --git a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 index 91c26a3..5c9a42a 100644 --- a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 @@ -4,7 +4,7 @@ services: onlyoffice: - image: onlyoffice/documentserver:latest + image: docker.io/onlyoffice/documentserver:9.1.0@sha256:34b92f4a67bfd939bd6b75893e8217556e3b977f81e49472f7e28737b741ba1d restart: unless-stopped volumes: - "./onlyoffice/DocumentServer/logs:/var/log/onlyoffice" @@ -14,4 +14,4 @@ services: ports: - "8080:80" environment: - JWT_SECRET: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/onlyoffice/JWT_SECRET", create=false, missing="error") }} + JWT_SECRET: {{ secret__onlyoffice_jwt_secret }} diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index 537cda0..014b8af 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -3,20 +3,19 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:15-alpine@sha256:2e50ad404aead120409575d21758230cc295aec52dfa05ece9b4d0429bc38636 environment: - "POSTGRES_USER=hedgedoc" - - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}" + - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}" - "POSTGRES_DB=hedgedoc" volumes: - database:/var/lib/postgresql/data restart: unless-stopped app: - #image: quay.io/hedgedoc/hedgedoc:1.9.9 - image: quay.io/hedgedoc/hedgedoc:latest + image: quay.io/hedgedoc/hedgedoc:1.10.3@sha256:ca58fd73ecf05c89559b384fb7a1519c18c8cbba5c21a0018674ed820b9bdb73 environment: - - "CMD_DB_URL=postgres://hedgedoc:{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}@database:5432/hedgedoc" + - "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc" - "CMD_DOMAIN=pad.hamburg.ccc.de" - "CMD_PROTOCOL_USESSL=true" - "CMD_HSTS_ENABLE=false" @@ -35,7 +34,7 @@ services: - "CMD_OAUTH2_TOKEN_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token" - "CMD_OAUTH2_AUTHORIZATION_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth" - "CMD_OAUTH2_CLIENT_ID=pad" - - "CMD_OAUTH2_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/KC_SECRET", create=false, missing="error") }}" + - "CMD_OAUTH2_CLIENT_SECRET={{ secret__hedgedoc_kc_secret }}" - "CMD_OAUTH2_PROVIDERNAME=Keycloak" - "CMD_OAUTH2_SCOPE=openid email profile" volumes: @@ -47,17 +46,17 @@ services: - database hedgedoc-expire: - image: git.hamburg.ccc.de/ccchh/hedgedoc-expire/hedgedoc-expire:latest + image: git.hamburg.ccc.de/ccchh/hedgedoc-expire/hedgedoc-expire:latest@sha256:9be261712a8ee57ff89068c3926a8c5d7c96ff80aa629f98eec239786c6158b1 # command: "emailcheck" command: "cron" environment: - "POSTGRES_HOSTNAME=database" - "POSTGRES_USERNAME=hedgedoc" - - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}" + - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}" - "SMTP_FROM=pad@hamburg.ccc.de" - "SMTP_HOSTNAME=cow.hamburg.ccc.de" - "SMTP_USERNAME=pad@hamburg.ccc.de" - - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/smtp_password", create=false, missing="error") }}" + - "SMTP_PASSWORD={{ secret__pad_smtp_password }}" - "URL=https://pad.hamburg.ccc.de" depends_on: - database diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index b210098..66f6172 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -3,10 +3,10 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:15-alpine@sha256:2e50ad404aead120409575d21758230cc295aec52dfa05ece9b4d0429bc38636 environment: - "POSTGRES_USER=pretalx" - - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}" + - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}" - "POSTGRES_DB=pretalx" volumes: - database:/var/lib/postgresql/data @@ -15,7 +15,7 @@ services: - pretalx_net redis: - image: redis:latest + image: docker.io/library/redis:8.2.2@sha256:4521b581dbddea6e7d81f8fe95ede93f5648aaa66a9dacd581611bf6fe7527bd restart: unless-stopped volumes: - redis:/data @@ -23,7 +23,7 @@ services: - pretalx_net static: - image: docker.io/library/nginx + image: docker.io/library/nginx:1.29.2@sha256:029d4461bd98f124e531380505ceea2072418fdf28752aa73b7b273ba3048903 restart: unless-stopped volumes: - public:/usr/share/nginx/html @@ -33,7 +33,7 @@ services: - pretalx_net pretalx: - image: pretalx/standalone:latest + image: docker.io/pretalx/standalone:v2025.1.0@sha256:fb2d15f11bcae8bb15430084ed81a150cfdf7c79705450583b51e352ba486e8e entrypoint: gunicorn command: - "pretalx.wsgi" @@ -53,13 +53,14 @@ services: restart: unless-stopped environment: PRETALX_DATA_DIR: /data + PRETALX_FILE_UPLOAD_LIMIT: 1000 # MB PRETALX_FILESYSTEM_MEDIA: /public/media PRETALX_FILESYSTEM_STATIC: /public/static PRETALX_SITE_URL: https://pretalx.hamburg.ccc.de PRETALX_DB_TYPE: postgresql PRETALX_DB_NAME: pretalx PRETALX_DB_USER: pretalx - PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}" + PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}" PRETALX_DB_HOST: database PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de" PRETALX_MAIL_HOST: "cow-intern.hamburg.ccc.de" @@ -77,7 +78,7 @@ services: - pretalx_net celery: - image: pretalx/standalone:latest + image: docker.io/pretalx/standalone:v2025.1.0@sha256:fb2d15f11bcae8bb15430084ed81a150cfdf7c79705450583b51e352ba486e8e command: - taskworker restart: unless-stopped @@ -89,13 +90,13 @@ services: PRETALX_DB_TYPE: postgresql PRETALX_DB_NAME: pretalx PRETALX_DB_USER: pretalx - PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}" + PRETALX_DB_PASS: "{{ secret__pretalx_db_password }}" PRETALX_DB_HOST: database PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de" PRETALX_MAIL_HOST: "cow.hamburg.ccc.de" PRETALX_MAIL_PORT: 587 PRETALX_MAIL_USER: pretalx@hamburg.ccc.de - PRETALX_MAIL_PASSWORD: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/PRETALX_MAIL_PASSWORD", create=false, missing="error") }}" + PRETALX_MAIL_PASSWORD: "{{ secret__pretalx_mail_password }}" PRETALX_MAIL_TLS: "true" PRETALX_CELERY_BACKEND: redis://redis/1 PRETALX_CELERY_BROKER: redis://redis/2 diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf index 4e0e8e3..790ca77 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf @@ -17,6 +17,8 @@ map $host $upstream_acme_challenge_host { invite.hamburg.ccc.de 172.31.17.144:31820; keycloak-admin.hamburg.ccc.de 172.31.17.144:31820; matrix.hamburg.ccc.de 172.31.17.150:31820; + mas.hamburg.ccc.de 172.31.17.150:31820; + element-admin.hamburg.ccc.de 172.31.17.151:31820; netbox.hamburg.ccc.de 172.31.17.167:31820; onlyoffice.hamburg.ccc.de 172.31.17.147:31820; pad.hamburg.ccc.de 172.31.17.141:31820; @@ -70,8 +72,11 @@ map $host $upstream_acme_challenge_host { design.hamburg.ccc.de 172.31.17.162:31820; hydra.hamburg.ccc.de 172.31.17.163:31820; cfp.eh22.easterhegg.eu 172.31.17.157:31820; - hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820; - netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:31820; + ntfy.hamburg.ccc.de 172.31.17.149:31820; + cryptoparty-hamburg.de 172.31.17.151:31820; + cryptoparty.hamburg.ccc.de 172.31.17.151:31820; + staging.cryptoparty-hamburg.de 172.31.17.151:31820; + staging.cryptoparty.hamburg.ccc.de 172.31.17.151:31820; default ""; } diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf index 4a7f84c..87b5408 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf @@ -34,6 +34,8 @@ stream { staging.hackertours.hamburg.ccc.de 172.31.17.151:8443; netbox.hamburg.ccc.de 172.31.17.167:8443; matrix.hamburg.ccc.de 172.31.17.150:8443; + mas.hamburg.ccc.de 172.31.17.150:8443; + element-admin.hamburg.ccc.de 172.31.17.151:8443; element.hamburg.ccc.de 172.31.17.151:8443; branding-resources.hamburg.ccc.de 172.31.17.151:8443; www.hamburg.ccc.de 172.31.17.151:8443; @@ -88,8 +90,11 @@ stream { design.hamburg.ccc.de 172.31.17.162:8443; hydra.hamburg.ccc.de 172.31.17.163:8443; cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443; - hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443; - netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:8443; + ntfy.hamburg.ccc.de 172.31.17.149:8443; + cryptoparty-hamburg.de 172.31.17.151:8443; + cryptoparty.hamburg.ccc.de 172.31.17.151:8443; + staging.cryptoparty-hamburg.de 172.31.17.151:8443; + staging.cryptoparty.hamburg.ccc.de 172.31.17.151:8443; } server { diff --git a/resources/chaosknoten/renovate/renovate/config.js.j2 b/resources/chaosknoten/renovate/renovate/config.js.j2 new file mode 100644 index 0000000..5d53a07 --- /dev/null +++ b/resources/chaosknoten/renovate/renovate/config.js.j2 @@ -0,0 +1,21 @@ +module.exports = { + username: "renovate", + token: "{{ secret__renovate_token }}", + endpoint: "https://git.hamburg.ccc.de/", + platform: "forgejo", + persistRepoData: true, + onboardingConfig: { + "extends": ["config:recommended"], + }, + autodiscover: true, + autodiscoverNamespaces: [ + "CCCHH" + ], + detectHostRulesFromEnv: false, + hostRules: [ + { + matchHost: "api.github.com", + token: "{{ secret__renovate_github_token }}" + } + ] +}; diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index 1f9d99d..057da55 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -1,19 +1,19 @@ --- services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:15-alpine@sha256:2e50ad404aead120409575d21758230cc295aec52dfa05ece9b4d0429bc38636 environment: - "POSTGRES_USER=pretix" - - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}" + - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}" - "POSTGRES_DB=pretix" volumes: - database:/var/lib/postgresql/data networks: backend: restart: unless-stopped - + redis: - image: docker.io/library/redis:7 + image: docker.io/library/redis:7.4.6@sha256:a9cc41d6d01da2aa26c219e4f99ecbeead955a7b656c1c499cce8922311b2514 ports: - "6379:6379" volumes: @@ -25,7 +25,7 @@ services: backend: pretix: - image: docker.io/pretix/standalone:2024.8 + image: docker.io/pretix/standalone:2024.8@sha256:110bac37efa5f736227f158f38e421ed738d03dccc274dfb415b258ab0f75cfe command: ["all"] ports: - "8345:80" diff --git a/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2 b/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2 index 3f4af83..f1c119f 100644 --- a/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2 +++ b/resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2 @@ -10,7 +10,7 @@ trust_x_forwarded_proto=on backend=postgresql name=pretix user=pretix -password={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }} +password={{ secret__pretix_db_password }} host=database [mail] diff --git a/resources/chaosknoten/zammad/docker_compose/.env.j2 b/resources/chaosknoten/zammad/docker_compose/.env.j2 new file mode 100644 index 0000000..adeeb48 --- /dev/null +++ b/resources/chaosknoten/zammad/docker_compose/.env.j2 @@ -0,0 +1,4 @@ +POSTGRES_PASS={{ secret__zammad_db_password }} +POSTGRES_VERSION=15-alpine +REDIS_VERSION=7-alpine +NGINX_SERVER_SCHEME=https diff --git a/resources/chaosknoten/zammad/docker_compose/compose.yaml b/resources/chaosknoten/zammad/docker_compose/compose.yaml new file mode 100644 index 0000000..66192da --- /dev/null +++ b/resources/chaosknoten/zammad/docker_compose/compose.yaml @@ -0,0 +1,149 @@ +--- +version: "3.8" + +# Taken from: https://github.com/zammad/zammad-docker-compose/blob/master/docker-compose.yml +# Version: v14.1.1 +# Update from new tag by replacing all content. +# Configuration should be done in the .env.j2. + +x-shared: + zammad-service: &zammad-service + environment: &zammad-environment + MEMCACHE_SERVERS: ${MEMCACHE_SERVERS:-zammad-memcached:11211} + POSTGRESQL_DB: ${POSTGRES_DB:-zammad_production} + POSTGRESQL_HOST: ${POSTGRES_HOST:-zammad-postgresql} + POSTGRESQL_USER: ${POSTGRES_USER:-zammad} + POSTGRESQL_PASS: ${POSTGRES_PASS:-zammad} + POSTGRESQL_PORT: ${POSTGRES_PORT:-5432} + POSTGRESQL_OPTIONS: ${POSTGRESQL_OPTIONS:-?pool=50} + POSTGRESQL_DB_CREATE: + REDIS_URL: ${REDIS_URL:-redis://zammad-redis:6379} + S3_URL: + # Backup settings + BACKUP_DIR: "${BACKUP_DIR:-/var/tmp/zammad}" + BACKUP_TIME: "${BACKUP_TIME:-03:00}" + HOLD_DAYS: "${HOLD_DAYS:-10}" + TZ: "${TZ:-Europe/Berlin}" + # Allow passing in these variables via .env: + AUTOWIZARD_JSON: + AUTOWIZARD_RELATIVE_PATH: + ELASTICSEARCH_ENABLED: + ELASTICSEARCH_SCHEMA: + ELASTICSEARCH_HOST: + ELASTICSEARCH_PORT: + ELASTICSEARCH_USER: + ELASTICSEARCH_PASS: + ELASTICSEARCH_NAMESPACE: + ELASTICSEARCH_REINDEX: + NGINX_PORT: + NGINX_CLIENT_MAX_BODY_SIZE: + NGINX_SERVER_NAME: + NGINX_SERVER_SCHEME: + RAILS_TRUSTED_PROXIES: + ZAMMAD_HTTP_TYPE: + ZAMMAD_FQDN: + ZAMMAD_WEB_CONCURRENCY: + ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS: + ZAMMAD_PROCESS_SCHEDULED_JOBS_WORKERS: + ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: + # ZAMMAD_SESSION_JOBS_CONCURRENT is deprecated, please use ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS instead. + ZAMMAD_SESSION_JOBS_CONCURRENT: + # Variables used by ngingx-proxy container for reverse proxy creations + # for docs refer to https://github.com/nginx-proxy/nginx-proxy + VIRTUAL_HOST: + VIRTUAL_PORT: + # Variables used by acme-companion for retrieval of LetsEncrypt certificate + # for docs refer to https://github.com/nginx-proxy/acme-companion + LETSENCRYPT_HOST: + LETSENCRYPT_EMAIL: + + image: ${IMAGE_REPO:-ghcr.io/zammad/zammad}:${VERSION:-6.5.2} + restart: ${RESTART:-always} + volumes: + - zammad-storage:/opt/zammad/storage + depends_on: + - zammad-memcached + - zammad-postgresql + - zammad-redis + +services: + zammad-backup: + <<: *zammad-service + command: ["zammad-backup"] + volumes: + - zammad-backup:/var/tmp/zammad + - zammad-storage:/opt/zammad/storage:ro + user: 0:0 + + zammad-elasticsearch: + image: elasticsearch:${ELASTICSEARCH_VERSION:-8.19.4} + restart: ${RESTART:-always} + volumes: + - elasticsearch-data:/usr/share/elasticsearch/data + environment: + discovery.type: single-node + xpack.security.enabled: 'false' + ES_JAVA_OPTS: ${ELASTICSEARCH_JAVA_OPTS:--Xms1g -Xmx1g} + + zammad-init: + <<: *zammad-service + command: ["zammad-init"] + depends_on: + - zammad-postgresql + restart: on-failure + user: 0:0 + + zammad-memcached: + command: memcached -m 256M + image: memcached:${MEMCACHE_VERSION:-1.6.39-alpine} + restart: ${RESTART:-always} + + zammad-nginx: + <<: *zammad-service + command: ["zammad-nginx"] + expose: + - "${NGINX_PORT:-8080}" + ports: + - "${NGINX_EXPOSE_PORT:-8080}:${NGINX_PORT:-8080}" + depends_on: + - zammad-railsserver + + zammad-postgresql: + environment: + POSTGRES_DB: ${POSTGRES_DB:-zammad_production} + POSTGRES_USER: ${POSTGRES_USER:-zammad} + POSTGRES_PASSWORD: ${POSTGRES_PASS:-zammad} + image: postgres:${POSTGRES_VERSION:-17.6-alpine} + restart: ${RESTART:-always} + volumes: + - postgresql-data:/var/lib/postgresql/data + + zammad-railsserver: + <<: *zammad-service + command: ["zammad-railsserver"] + + zammad-redis: + image: redis:${REDIS_VERSION:-7.4.5-alpine} + restart: ${RESTART:-always} + volumes: + - redis-data:/data + + zammad-scheduler: + <<: *zammad-service + command: ["zammad-scheduler"] + + zammad-websocket: + <<: *zammad-service + command: ["zammad-websocket"] + +volumes: + elasticsearch-data: + driver: local + postgresql-data: + driver: local + redis-data: + driver: local + zammad-backup: + driver: local + zammad-storage: + driver: local diff --git a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 deleted file mode 100644 index 8d345de..0000000 --- a/resources/chaosknoten/zammad/docker_compose/compose.yaml.j2 +++ /dev/null @@ -1,158 +0,0 @@ ---- -{# -https://github.com/zammad/zammad-docker-compose -Docker Compose does not allow defining variables in the compose file (only in .env files), so we use Jinja variables instead -see https://github.com/zammad/zammad-docker-compose/blob/master/.env -#} -{%- set ELASTICSEARCH_VERSION = "8" | quote -%} -{%- set IMAGE_REPO = "ghcr.io/zammad/zammad" | quote -%} -{%- set MEMCACHE_SERVERS = "zammad-memcached:11211" | quote -%} -{%- set MEMCACHE_VERSION = "1.6-alpine" | quote -%} -{%- set POSTGRES_DB = "zammad_production" | quote -%} -{%- set POSTGRES_HOST = "zammad-postgresql" | quote -%} -{%- set POSTGRES_USER = "zammad" | quote -%} -{%- set POSTGRES_PASS = lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/zammad/DB_PASSWORD", create=false, missing="error") | quote -%} -{%- set POSTGRES_PORT = "5432" | quote -%} -{%- set POSTGRES_VERSION = "15-alpine" | quote -%} -{%- set REDIS_URL = "redis://zammad-redis:6379" | quote -%} -{%- set REDIS_VERSION = "7-alpine" | quote -%} -{%- set RESTART = "always" | quote -%} -{%- set VERSION = "6" | quote -%} -x-shared: - zammad-service: &zammad-service - environment: &zammad-environment - MEMCACHE_SERVERS: {{ MEMCACHE_SERVERS }} - POSTGRESQL_DB: {{ POSTGRES_DB }} - POSTGRESQL_HOST: {{ POSTGRES_HOST }} - POSTGRESQL_USER: {{ POSTGRES_USER }} - POSTGRESQL_PASS: {{ POSTGRES_PASS }} - POSTGRESQL_PORT: {{ POSTGRES_PORT }} - REDIS_URL: {{ REDIS_URL }} - # Allow passing in these variables via .env: - AUTOWIZARD_JSON: - AUTOWIZARD_RELATIVE_PATH: - ELASTICSEARCH_ENABLED: - ELASTICSEARCH_HOST: - ELASTICSEARCH_PORT: - ELASTICSEARCH_SCHEMA: - ELASTICSEARCH_NAMESPACE: - ELASTICSEARCH_REINDEX: - ELASTICSEARCH_SSL_VERIFY: - NGINX_PORT: - NGINX_SERVER_NAME: - NGINX_SERVER_SCHEME: https - POSTGRESQL_DB_CREATE: - POSTGRESQL_OPTIONS: - RAILS_TRUSTED_PROXIES: - ZAMMAD_WEB_CONCURRENCY: - ZAMMAD_SESSION_JOBS: - ZAMMAD_PROCESS_SCHEDULED: - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: - image: {{ IMAGE_REPO }}:{{ VERSION }} - restart: {{ RESTART }} - volumes: - - zammad-storage:/opt/zammad/storage - - zammad-var:/opt/zammad/var - depends_on: - - zammad-memcached - - zammad-postgresql - - zammad-redis - -services: - - zammad-backup: - command: ["zammad-backup"] - depends_on: - - zammad-railsserver - - zammad-postgresql - entrypoint: /usr/local/bin/backup.sh - environment: - <<: *zammad-environment - BACKUP_TIME: "03:00" - HOLD_DAYS: "10" - TZ: Europe/Berlin - image: postgres:{{ POSTGRES_VERSION }} - restart: {{ RESTART }} - volumes: - - zammad-backup:/var/tmp/zammad - - zammad-storage:/opt/zammad/storage:ro - - zammad-var:/opt/zammad/var:ro - - ./scripts/backup.sh:/usr/local/bin/backup.sh:ro - - zammad-elasticsearch: - image: bitnami/elasticsearch:{{ ELASTICSEARCH_VERSION }} - restart: {{ RESTART }} - volumes: - - elasticsearch-data:/bitnami/elasticsearch/data - - zammad-init: - <<: *zammad-service - command: ["zammad-init"] - depends_on: - - zammad-postgresql - restart: on-failure - user: 0:0 - volumes: - - zammad-storage:/opt/zammad/storage - - zammad-var:/opt/zammad/var - - zammad-memcached: - command: memcached -m 256M - image: memcached:{{ MEMCACHE_VERSION }} - restart: {{ RESTART }} - - zammad-nginx: - <<: *zammad-service - command: ["zammad-nginx"] - expose: - - "8080" - ports: - - "8080:8080" - depends_on: - - zammad-railsserver - volumes: - - zammad-var:/opt/zammad/var:ro # required for the zammad-ready check file - - zammad-postgresql: - environment: - POSTGRES_DB: {{ POSTGRES_DB }} - POSTGRES_USER: {{ POSTGRES_USER }} - POSTGRES_PASSWORD: {{ POSTGRES_PASS }} - image: postgres:{{ POSTGRES_VERSION }} - restart: {{ RESTART }} - volumes: - - postgresql-data:/var/lib/postgresql/data - - zammad-railsserver: - <<: *zammad-service - command: ["zammad-railsserver"] - - zammad-redis: - image: redis:{{ REDIS_VERSION }} - restart: {{ RESTART }} - volumes: - - redis-data:/data - - zammad-scheduler: - <<: *zammad-service - command: ["zammad-scheduler"] - volumes: - - /ansible_docker_compose/zammad-scheduler-database.yml:/opt/zammad/config/database.yml # workaround for connection pool issue - - zammad-websocket: - <<: *zammad-service - command: ["zammad-websocket"] - -volumes: - elasticsearch-data: - driver: local - postgresql-data: - driver: local - redis-data: - driver: local - zammad-backup: - driver: local - zammad-storage: - driver: local - zammad-var: - driver: local diff --git a/resources/z9/dooris/docker_compose/compose.yaml.j2 b/resources/z9/dooris/docker_compose/compose.yaml.j2 new file mode 100644 index 0000000..b722aa7 --- /dev/null +++ b/resources/z9/dooris/docker_compose/compose.yaml.j2 @@ -0,0 +1,22 @@ +--- + +services: + dooris: + image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest@sha256:a895989b0955936cbe0641de0309bcb343a9da9c2c8d6184d906a66bf1151303 + environment: + HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56 172.31.200.0/23 172.31.202.0/27" + HMDOORIS_CCUJACK_CERTIFICATE_PATH: false + HMDOORIS_CCUJACK_PASSWORD: "{{ secret__dooris_ccujack_password }}" + HMDOORIS_CCUJACK_URL: https://hmdooris-ccu.ccchh.net:2122 + HMDOORIS_CCUJACK_USERNAME: dooris + HMDOORIS_CLIENT_ID: dooris + HMDOORIS_CLIENT_SECRET: "{{ secret__dooris_client_secret }}" + HMDOORIS_DISCOVERY_URL: https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration + HMDOORIS_LISTEN: '0.0.0.0:3000' + HMDOORIS_REQUIRES_GROUP: /intern + HMDOORIS_URL: https://dooris.ccchh.net + PYTHONWARNINGS: "ignore:Unverified HTTPS request" + #DEBUG: true + ports: + - "127.0.0.1:3000:3000" + restart: unless-stopped diff --git a/resources/z9/dooris/nginx/dooris.ccchh.net.conf b/resources/z9/dooris/nginx/dooris.ccchh.net.conf new file mode 100644 index 0000000..c1ca082 --- /dev/null +++ b/resources/z9/dooris/nginx/dooris.ccchh.net.conf @@ -0,0 +1,37 @@ +# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration +# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 +server { + listen [::]:443 ssl http2; + listen 443 ssl http2; + + server_name dooris.ccchh.net; + + ssl_certificate /etc/letsencrypt/live/dooris.ccchh.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dooris.ccchh.net/privkey.pem; + # verify chain of trust of OCSP response using Root CA and Intermediate certs + ssl_trusted_certificate /etc/letsencrypt/live/dooris.ccchh.net/chain.pem; + + # HSTS (ngx_http_headers_module is required) (63072000 seconds) + add_header Strict-Transport-Security "max-age=63072000" always; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Port 443; + # This is https in any case. + proxy_set_header X-Forwarded-Proto https; + # Hide the X-Forwarded header. + proxy_hide_header X-Forwarded; + # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that + # is transparent). + # Also provide "_hidden" for by, since it's not relevant. + proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden"; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + location / { + proxy_pass http://127.0.0.1:3000/; + } +} diff --git a/resources/z9/waybackproxy/docker_compose/compose.yaml.j2 b/resources/z9/waybackproxy/docker_compose/compose.yaml.j2 new file mode 100644 index 0000000..52d57df --- /dev/null +++ b/resources/z9/waybackproxy/docker_compose/compose.yaml.j2 @@ -0,0 +1,10 @@ +services: + # https://github.com/richardg867/WaybackProxy + waybackproxy: + image: cttynul/waybackproxy:latest@sha256:e001d5b1d746522cd1ab2728092173c0d96f08086cbd3e49cdf1e298b8add22e + environment: + DATE: 19990101 + DATE_TOLERANCE: 730 + ports: + - "1999:8888" + restart: unless-stopped diff --git a/resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf b/resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf new file mode 100644 index 0000000..7c616c7 --- /dev/null +++ b/resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf @@ -0,0 +1,5 @@ +# TODO: set up caching proxy + +# server { +# listen 1999 +# } diff --git a/resources/z9/yate/docker_compose/README.md b/resources/z9/yate/docker_compose/README.md new file mode 100644 index 0000000..1977f4f --- /dev/null +++ b/resources/z9/yate/docker_compose/README.md @@ -0,0 +1,12 @@ +# Yate Configuration + +Yate has a [beginners guide](https://docs.yate.ro/wiki/Beginners_in_Yate). Otherwise, you need to refer to the [sample config files](https://github.com/eventphone/yate/tree/master/conf.d). + +For our limited setup, we only need three files: +* accfile.conf for defining SIP registrars that we want to register with (EPVPN, Fonial, and the Fux door intercom system) +* regexroute.conf for the call routing rules +* regfile.conf for the phones that connect to yate.ccchh.net + +## Docker Compose Setup + +yate runs as a container wiht host networking. The image is build through https://git.hamburg.ccc.de/CCCHH/yate-image, it is using the Eventphone fork of yate. \ No newline at end of file diff --git a/resources/z9/yate/docker_compose/accfile.conf.j2 b/resources/z9/yate/docker_compose/accfile.conf.j2 new file mode 100644 index 0000000..4ce65e3 --- /dev/null +++ b/resources/z9/yate/docker_compose/accfile.conf.j2 @@ -0,0 +1,35 @@ +; Yate will register to these SIP services +; see https://github.com/eventphone/yate/blob/master/conf.d/accfile.conf.sample + +[epvpn_ccchh] +enabled=yes +protocol=sip +description=Eventphone EPVPN CCCHH +username=1008 +authname=1008 +password={{ secret__yate__sip_trunk_epvpn }} +interval=120 +registrar=hg.eventphone.de +keepalive=1 + +[fonial_ccchh] +enabled=yes +protocol=sip +description=Fonial CCCHH +username=fo370381tr317349_00 +authname=fo370381tr317349_00 +password={{ secret__yate__sip_trunk_fonial }} +interval=120 +registrar=sip.plusnet.de +keepalive=1 + +[fux_intercom] +enabled=yes +protocol=sip +description=Fux Intercom CCCHH doorbell +username=1337 +authname=1337 +password={{ secret__yate__sip_trunk_fux }} +interval=120 +registrar=172.16.210.2 +keepalive=1 diff --git a/resources/z9/yate/docker_compose/compose.yaml.j2 b/resources/z9/yate/docker_compose/compose.yaml.j2 new file mode 100644 index 0000000..c39afa4 --- /dev/null +++ b/resources/z9/yate/docker_compose/compose.yaml.j2 @@ -0,0 +1,20 @@ +--- + +services: + yate: + image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest@sha256:66f77d63dc52c9aeb09481e48b9d62f5f95439f86eab3766fce94daea7b2e26a + # command: + # - sh + # - "-c" + # - "while :; do sleep 10; done" + environment: + DEBUG: true + network_mode: host + # ports: + # - "127.0.0.1:3000:3000" + restart: unless-stopped + volumes: + - ./configs/accfile.conf:/opt/yate/etc/yate/accfile.conf + - ./configs/regexroute.conf:/opt/yate/etc/yate/regexroute.conf + - ./configs/regfile.conf:/opt/yate/etc/yate/regfile.conf + - ./lib-yate:/var/lib/yate \ No newline at end of file diff --git a/resources/z9/yate/docker_compose/regexroute.conf.j2 b/resources/z9/yate/docker_compose/regexroute.conf.j2 new file mode 100644 index 0000000..aeecf6b --- /dev/null +++ b/resources/z9/yate/docker_compose/regexroute.conf.j2 @@ -0,0 +1,100 @@ +; Call routing +; see https://github.com/eventphone/yate/blob/master/conf.d/regexroute.conf.sample + +[priorities] +; route: int: Priority of the routing message handler +route=90 + +[contexts] + ; INBOUND CALLS: +${called}^1337$=inbound_fux +${called}^1008$=inbound_epvpn +${called}^04023830150$=inbound_fonial +${called}^fo370381tr317349_00$=inbound_fonial +;${called}.*=inbound + +;^[0-9]\{4\}$=inbound ; Calls from 4 digit numbers: EPVPN +;^+\?[0-9]\{5,\}$=inbound ; Calls from longer numbers, optionally starting with + +;^*\{1,2\}[0-9]\{1,3\}$=inbound ; Internal fritzbox calls + + ; OUTBOUND CALLS: +^[0-9]\{3\}=outbound +^[a-z0-9]\{4,\}=outbound ; calls from internal users + +^.*$=fallback ; Whatever calls managed to not be handled yet + +[default] ; unused +^.*$=echo [default]"\0" + +[test] ; unused +^.*$=echo [test] "\0" +^99991001$=tone/dial +^99991002$=tone/busy +^99991003$=tone/ring +^99991004$=tone/specdial +^99991005$=tone/congestion +^99991006$=tone/outoforder +^99991007$=tone/milliwatt +^99991008$=tone/info + +; DEBUG HELPER +; ^.*$=echo match \0 adr ${address} src ${callsource} form ${formats} id ${id} peer ${peerid} type ${type} user ${username} caller ${caller} called ${called} + +^[0-9]\{1,2\}$=return;called=\0 + + +[outbound] ; Calls from internal users +^.*$=echo [outbound] "\0" ${caller}->${called} ; log for debug +^[0-9]\{3\}$=jump internal +^[0-9]\{1,2\}$=jump z9 ; To internal -> z9 +^.*$=echo [outbound] "\0" ${caller}->${called} ; log for debug +^.*$=line/\0;line=epvpn_ccchh ; Route everything (.*) to the specified accfile line + +[inbound_epvpn] +^.*$=echo [inbound_epvpn] ${caller}->${called} +^.*$=return;callername=EPVPN ${caller};called=0 ; TODO which extension do we want to route to? + +[inbound_fux] +^.*$=echo [inbound_fux] ${caller}->${called} +^.*$=return;callername=Door ${caller};called=0 ; TODO which extension do we want to route to? + +[inbound_fonial] +^.*$=echo [inbound_fonial] ${caller}->${called} +^.*$=return;callername=Fonial ${caller};called=0 ; TODO which extension do we want to route to? + +[inbound] ; Calls from EPVPN or outside world +^.*$=echo [inbound] "\0" ${caller}->${called} user:${user} callername:${callername} callsource:${callsource} ; log +^.*$=return;callername=EXTERN ${caller};called=0 ; set call recipient to 0 (shared alias between + ; all clients in regfile.conf + +[internal] +^.*$=echo [internal] "\0" ${caller}->${called} +^110$=line/110;line=fonial_ccchh +^112$=line/112;line=fonial_ccchh +^115$=line/040115;line=fonial_ccchh +^911$=line/112;line=fonial_ccchh +^999$=line/112;line=fonial_ccchh +; ^119$=line/01753288861;line=fonial_ccchh ; testing only stb cell number +^.*$=return;called=\0 + +[z9] ; Internal calls +^.*$=echo [z9] "\0" ${caller}->${called} ; log + + ; test service numbers +^91$=sip/sip:ha@10.31.208.10:5060; called=ha;format=opus ; Homeassistant +^98$=external/playrec/echo.sh ; Echotest +^99$=external/play/tts.sh;mode=text;text=Hallo Hallo Hallo ; TTS test + +^.*$=return;called=\0 ; Any remaining internal calls to all + ; Context: Calls to regfile.conf aliases are always + ; handled directly and should never get here + + +[special] +^.*$=echo [special] "\0" +^.*$=tone/info + +[fallback] +^.*$=echo [fallback] \0 adr ${address} src ${callsource} form ${formats} id ${id} peer ${peerid} type ${type} user ${username} caller ${caller} called ${called} +^*\{1,2\}[0-9]\{1,3\}$=jump outbound +^.*$=tone/busy diff --git a/resources/z9/yate/docker_compose/regfile.conf.j2 b/resources/z9/yate/docker_compose/regfile.conf.j2 new file mode 100644 index 0000000..95cf70d --- /dev/null +++ b/resources/z9/yate/docker_compose/regfile.conf.j2 @@ -0,0 +1,37 @@ +; YATE offers registration to these SIP devices (ie. phones) +; see https://github.com/eventphone/yate/blob/master/conf.d/regfile.conf.sample + +route=100 +file=/var/lib/yate/regfile.swap + +[501] +password={{ secret__yate__sip_extension_legacy }} +alternatives=0,1008,1337 +callername=Legacy +# Yealink im großen Raum am Fenster + +[502] +password={{ secret__yate__sip_extension_flausch}} +alternatives=0,1008,1337 +callername=Flausch +# Yealink im großen Raum am Sofa + +[503] +password={{ secret__yate__sip_extension_ewerkstatt }} +alternatives=0,1008,1337 +callername=E-Werkstatt +# Yealink in der E-Werkstatt + +[610] +password={{ secret__yate__sip_extension_fritzbox_dect1 }} +alternatives=0,1008,1337 +callername=DECT-1 + +[611] +password={{ secret__yate__sip_extension_fritzbox_dect2 }} +alternatives=0,1008,1337 +callername=DECT-2 + +[100] +password=test100 +callername=stb 100 diff --git a/roles/ansible_pull/README.md b/roles/ansible_pull/README.md new file mode 100644 index 0000000..cf90e60 --- /dev/null +++ b/roles/ansible_pull/README.md @@ -0,0 +1,22 @@ +# `ansible_pull` role + +A role for setting up automatic `ansible_pull` runs. + +## Supported Distributions + +Should work on Debian-based distributions. + +## Required Arguments + +- `ansible_pull__age_private_key`: The age private key to use to decrypt SOPS secrets with. +- `ansible_pull__repo_url`: The URL of the repo to run the playbook from. +- `ansible_pull__inventory`: The inventory to use. +- `ansible_pull__playbook`: The playbook to run. +- `ansible_pull__timer_on_calendar`: When to run the playbook. This is the argument to a systemd timers OnCalendar. See the systemd.time man page for reference. +- `ansible_pull__failure_notification_address`: The address to send the failure notification to. + +## Optional Arguments + +- `ansible_pull__user`: The user to run `ansible_pull` as. Defaults to `ansible_user`. +- `ansible_pull__checkout`: The branch/tag/commit to check out to run the playbook from. Defaults to `main`. +- `ansible_pull__timer_randomized_delay_sec`: The timer will be randomly delayed by a value between 0 and this. Useful to not have all timers fire at the same time, even if `ansible_pull__timer_on_calendar` is the same. Time value in seconds. Defaults to 0. diff --git a/roles/ansible_pull/defaults/main.yaml b/roles/ansible_pull/defaults/main.yaml new file mode 100644 index 0000000..3b9acb2 --- /dev/null +++ b/roles/ansible_pull/defaults/main.yaml @@ -0,0 +1,3 @@ +ansible_pull__user: "{{ ansible_user }}" +ansible_pull__checkout: "main" +ansible_pull__timer_randomized_delay_sec: "0" diff --git a/roles/ansible_pull/handlers/main.yaml b/roles/ansible_pull/handlers/main.yaml new file mode 100644 index 0000000..ada2426 --- /dev/null +++ b/roles/ansible_pull/handlers/main.yaml @@ -0,0 +1,4 @@ +- name: systemd daemon reload + ansible.builtin.systemd_service: + daemon_reload: true + become: true diff --git a/roles/ansible_pull/meta/argument_specs.yaml b/roles/ansible_pull/meta/argument_specs.yaml new file mode 100644 index 0000000..682fdcd --- /dev/null +++ b/roles/ansible_pull/meta/argument_specs.yaml @@ -0,0 +1,30 @@ +argument_specs: + main: + options: + ansible_pull__age_private_key: + type: str + required: true + ansible_pull__repo_url: + type: str + required: true + ansible_pull__inventory: + type: str + required: true + ansible_pull__playbook: + type: str + required: true + ansible_pull__timer_on_calendar: + type: str + required: true + ansible_pull__failure_notification_address: + type: str + required: true + ansible_pull__user: + type: str + required: false + ansible_pull__checkout: + type: str + required: false + ansible_pull__timer_randomized_delay_sec: + type: str + required: false diff --git a/roles/ansible_pull/meta/main.yaml b/roles/ansible_pull/meta/main.yaml new file mode 100644 index 0000000..25aaf90 --- /dev/null +++ b/roles/ansible_pull/meta/main.yaml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: msmtp diff --git a/roles/ansible_pull/tasks/main.yaml b/roles/ansible_pull/tasks/main.yaml new file mode 100644 index 0000000..5abcd10 --- /dev/null +++ b/roles/ansible_pull/tasks/main.yaml @@ -0,0 +1,83 @@ +- name: ensure dependencies are installed + block: + - name: ensure apt dependencies are installed + ansible.builtin.apt: + name: + - virtualenv + - git + state: present + become: true + + - name: ensure SOPS is installed + ansible.builtin.include_role: + name: community.sops.install + +# https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-and-upgrading-ansible-with-pip +# https://www.redhat.com/en/blog/python-venv-ansible +- name: ensure Ansible installation exists + ansible.builtin.pip: + name: + - ansible + - jmespath + state: present + virtualenv: /usr/local/lib/ansible_pull_venv + become: true + +- name: ensure ansible-pull-failure-notify script installation exists + ansible.builtin.template: + src: ansible-pull-failure-notify.sh.j2 + dest: /usr/local/sbin/ansible-pull-failure-notify.sh + owner: root + group: root + mode: "0755" + become: true + +- name: ensure secrets directory exists + ansible.builtin.file: + path: /etc/ansible_pull_secrets + state: directory + mode: "0750" + owner: root + group: "{{ ansible_pull__user }}" + become: true + +- name: ensure age private key is deployed + ansible.builtin.copy: + content: "{{ ansible_pull__age_private_key }}" + dest: /etc/ansible_pull_secrets/age_private_key + mode: "0640" + owner: root + group: "{{ ansible_pull__user }}" + become: true + +- name: ensure systemd services exists + ansible.builtin.template: + src: "{{ item }}.j2" + dest: "/etc/systemd/system/{{ item }}" + owner: root + group: root + mode: "0644" + become: true + loop: + - ansible-pull.service + - ansible-pull-failure-notify.service + notify: + - systemd daemon reload + +- name: ensure systemd timer exists + ansible.builtin.template: + src: ansible-pull.timer.j2 + dest: /etc/systemd/system/ansible-pull.timer + owner: root + group: root + mode: "0644" + become: true + notify: + - systemd daemon reload + +- name: ensure systemd timer is started and enabled + ansible.builtin.systemd_service: + name: ansible-pull.timer + state: started + enabled: true + become: true diff --git a/roles/ansible_pull/templates/ansible-pull-failure-notify.service.j2 b/roles/ansible_pull/templates/ansible-pull-failure-notify.service.j2 new file mode 100644 index 0000000..fa5d471 --- /dev/null +++ b/roles/ansible_pull/templates/ansible-pull-failure-notify.service.j2 @@ -0,0 +1,7 @@ +[Unit] +Description=ansible-pull failure notifier + +[Service] +Type=oneshot +ExecStart=/usr/local/sbin/ansible-pull-failure-notify.sh +User=root diff --git a/roles/ansible_pull/templates/ansible-pull-failure-notify.sh.j2 b/roles/ansible_pull/templates/ansible-pull-failure-notify.sh.j2 new file mode 100644 index 0000000..fe7dbc8 --- /dev/null +++ b/roles/ansible_pull/templates/ansible-pull-failure-notify.sh.j2 @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +# Ideally we would use --invocation instead of --since, but this isn't supported in the systemd version Debian 12 ships. +ANSIBLE_PULL_LOG=$(journalctl --unit=ansible-pull --identifier=ansible-pull --since=-6h --output=cat) + +MESSAGE="Subject: [{{ inventory_hostname }}] ansible-pull: execution failure + +An error occured during the ansible-pull execution. + +Logs: +""$ANSIBLE_PULL_LOG"" + +To view the logs yourself run: +journalctl --unit=ansible-pull --identifier=ansible-pull -e +" + +printf "$MESSAGE" | msmtp '{{ ansible_pull__failure_notification_address }}' diff --git a/roles/ansible_pull/templates/ansible-pull.service.j2 b/roles/ansible_pull/templates/ansible-pull.service.j2 new file mode 100644 index 0000000..b344505 --- /dev/null +++ b/roles/ansible_pull/templates/ansible-pull.service.j2 @@ -0,0 +1,22 @@ +[Unit] +Description=ansible-pull for configuration and maintenance +After=network-online.target +Wants=network-online.target +OnFailure=ansible-pull-failure-notify.service + +[Service] +Type=oneshot +Environment="SOPS_AGE_KEY_FILE=/etc/ansible_pull_secrets/age_private_key" +ExecStartPre=/usr/bin/bash -c 'if [ ! -e /home/chaos/ansible_pull_checkout ]; then git clone --depth 1 "{{ ansible_pull__repo_url }}" /home/chaos/ansible_pull_checkout ; fi' +ExecStartPre=/usr/local/lib/ansible_pull_venv/bin/ansible-galaxy role install -r /home/chaos/ansible_pull_checkout/requirements.yml +ExecStartPre=/usr/local/lib/ansible_pull_venv/bin/ansible-galaxy collection install -r /home/chaos/ansible_pull_checkout/requirements.yml +ExecStart=/usr/local/lib/ansible_pull_venv/bin/ansible-pull \ + --directory /home/chaos/ansible_pull_checkout \ + --clean \ + --url "{{ ansible_pull__repo_url }}" \ + --checkout "{{ ansible_pull__checkout }}" \ + --inventory "{{ ansible_pull__inventory }}" \ + "{{ ansible_pull__playbook }}" +User={{ ansible_pull__user }} +# Reboot, if /var/run/reboot-required or /var/run/ansible-reboot-required exist. +ExecStartPost=/usr/bin/bash -c 'if [ -e /var/run/reboot-required ] || [ -e /var/run/ansible-reboot-required ]; then sudo systemctl reboot; fi' diff --git a/roles/ansible_pull/templates/ansible-pull.timer.j2 b/roles/ansible_pull/templates/ansible-pull.timer.j2 new file mode 100644 index 0000000..24bc8ba --- /dev/null +++ b/roles/ansible_pull/templates/ansible-pull.timer.j2 @@ -0,0 +1,9 @@ +[Unit] +Description=ansible-pull for configuration and maintenance on a timer + +[Timer] +OnCalendar={{ ansible_pull__timer_on_calendar }} +RandomizedDelaySec={{ ansible_pull__timer_randomized_delay_sec }} + +[Install] +WantedBy=timers.target diff --git a/roles/apt_update_and_upgrade/handlers/main.yaml b/roles/apt_update_and_upgrade/handlers/main.yaml index 001bbe4..4af18be 100644 --- a/roles/apt_update_and_upgrade/handlers/main.yaml +++ b/roles/apt_update_and_upgrade/handlers/main.yaml @@ -1,3 +1,5 @@ - name: reboot the system - become: true - ansible.builtin.reboot: + ansible.builtin.include_tasks: "../../reboot/tasks/main.yaml" + vars: + # Simply don't reboot on local connections and rely on proper handling of /var/run/reboot-required. + reboot__local_handling: ignore diff --git a/roles/deploy_ssh_server_config/docs/Debian_13_cloud_2025-10-17_default_etc_ssh_sshd_config b/roles/deploy_ssh_server_config/docs/Debian_13_cloud_2025-10-17_default_etc_ssh_sshd_config new file mode 100644 index 0000000..4ab41aa --- /dev/null +++ b/roles/deploy_ssh_server_config/docs/Debian_13_cloud_2025-10-17_default_etc_ssh_sshd_config @@ -0,0 +1,125 @@ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Include /etc/ssh/sshd_config.d/*.conf + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to "no" here! +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to "yes" to enable keyboard-interactive authentication. Depending on +# the system's configuration, this may involve passwords, challenge-response, +# one-time passwords or some combination of these and other methods. +# Beware issues with some PAM modules and threads. +KbdInteractiveAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale and color environment variables +AcceptEnv LANG LC_* COLORTERM NO_COLOR + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server +ClientAliveInterval 120 diff --git a/roles/deploy_ssh_server_config/handlers/main.yaml b/roles/deploy_ssh_server_config/handlers/main.yaml index 001bbe4..721a348 100644 --- a/roles/deploy_ssh_server_config/handlers/main.yaml +++ b/roles/deploy_ssh_server_config/handlers/main.yaml @@ -1,3 +1,5 @@ -- name: reboot the system +- name: restart the ssh service + ansible.builtin.systemd: + name: ssh.service + state: restarted become: true - ansible.builtin.reboot: diff --git a/roles/deploy_ssh_server_config/tasks/main.yaml b/roles/deploy_ssh_server_config/tasks/main.yaml index f5d00f5..dbbf76e 100644 --- a/roles/deploy_ssh_server_config/tasks/main.yaml +++ b/roles/deploy_ssh_server_config/tasks/main.yaml @@ -12,8 +12,7 @@ group: root src: sshd_config.j2 notify: - # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection. - - reboot the system + - restart the ssh service - name: deactivate short moduli ansible.builtin.shell: @@ -28,9 +27,8 @@ mv /etc/ssh/moduli.tmp /etc/ssh/moduli echo "ansible-changed: changed /etc/ssh/moduli" fi - register: result + register: deploy_ssh_server_config__result changed_when: - - '"ansible-changed" in result.stdout' + - '"ansible-changed" in deploy_ssh_server_config__result.stdout' notify: - # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection. - - reboot the system + - restart the ssh service diff --git a/roles/docker_compose/README.md b/roles/docker_compose/README.md index d407a62..d3204ec 100644 --- a/roles/docker_compose/README.md +++ b/roles/docker_compose/README.md @@ -1,8 +1,8 @@ # Role `docker_compose` A role for deploying a Docker-Compose-based application. -It deploys the given Compose file as well as configuration files to the specified hosts and makes sure all services are up-to-date and running. -The Compose file gets deployed to `/ansible_docker_compose/compose.yaml` and the configuration files get deployed into the `/ansible_docker_compose/configs/` directory. +It deploys the given Compose file, an optional `.env` file, as well as configuration files to the specified hosts and makes sure all services are up-to-date and running. +The Compose file gets deployed to `/ansible_docker_compose/compose.yaml`, the `.env` file to `/ansible_docker_compose/.env` and the configuration files get deployed into the `/ansible_docker_compose/configs/` directory. A use case for the deployment of the additional configuration files is Composes top-level element `configs` in conjunction with the `configs` option for services. ## Supported Distributions diff --git a/roles/docker_compose/defaults/main.yaml b/roles/docker_compose/defaults/main.yaml index 76831d6..1312972 100644 --- a/roles/docker_compose/defaults/main.yaml +++ b/roles/docker_compose/defaults/main.yaml @@ -1 +1,2 @@ docker_compose__configuration_files: [ ] +docker_compose__restart_cmd: "" diff --git a/roles/docker_compose/handlers/main.yaml b/roles/docker_compose/handlers/main.yaml index 96c5ab3..49e064c 100644 --- a/roles/docker_compose/handlers/main.yaml +++ b/roles/docker_compose/handlers/main.yaml @@ -4,3 +4,10 @@ chdir: /ansible_docker_compose become: true changed_when: true # This is always changed. +- name: docker compose reload script + ansible.builtin.command: + cmd: /usr/bin/docker compose {{ docker_compose__restart_cmd }} + chdir: /ansible_docker_compose + become: true + changed_when: true # Mark this as always changed (for now?). + when: docker_compose__restart_cmd != "" diff --git a/roles/docker_compose/meta/argument_specs.yaml b/roles/docker_compose/meta/argument_specs.yaml index 81ce504..c588ba0 100644 --- a/roles/docker_compose/meta/argument_specs.yaml +++ b/roles/docker_compose/meta/argument_specs.yaml @@ -7,6 +7,12 @@ argument_specs: `/ansible_docker_compose/compose.yaml`. type: str required: true + docker_compose__env_file_content: + description: >- + The content of the .env file at + `/ansible_docker_compose/.env`. + type: str + required: false docker_compose__configuration_files: description: >- A list of configuration files to be deployed in the diff --git a/roles/docker_compose/tasks/main.yaml b/roles/docker_compose/tasks/main.yaml index d11d826..7b01304 100644 --- a/roles/docker_compose/tasks/main.yaml +++ b/roles/docker_compose/tasks/main.yaml @@ -17,6 +17,17 @@ become: true notify: docker compose down +- name: deploy the .env file + ansible.builtin.copy: + content: "{{ docker_compose__env_file_content }}" + dest: /ansible_docker_compose/.env + mode: "0644" + owner: root + group: root + become: true + when: docker_compose__env_file_content is defined + notify: docker compose down + - name: make sure the `/ansible_docker_compose/configs` directory exists ansible.builtin.file: path: /ansible_docker_compose/configs @@ -60,6 +71,7 @@ become: true loop: "{{ docker_compose__configuration_files }}" # notify: docker compose down + notify: docker compose reload script - name: Flush handlers to make "docker compose down" handler run now ansible.builtin.meta: flush_handlers diff --git a/roles/msmtp/README.md b/roles/msmtp/README.md new file mode 100644 index 0000000..e333527 --- /dev/null +++ b/roles/msmtp/README.md @@ -0,0 +1,21 @@ +# Role `msmtp` + +A role for setting up msmtp for mail sending. + +The role only supports mail servers supporting either STARTTLS or SMTPS. + +## Supported Distributions + +Should work on Debian-based distributions. + +## Required Arguments + +- `msmtp__smtp_host`: The SMTP host to use. +- `msmtp__smtp_port`: The SMTP port to use. +- `msmtp__smtp_tls_method`: The SMTP TLS method to use. + Possible choices: + - `starttls`: Use STARTTLS to connect to the server. + - `smtps`: Use SMTPS to connect to the server. +- `msmtp__smtp_user`: The SMTP user to use for authentication. +- `msmtp__smtp_password`: The SMTP password to use for authentication. +- `msmtp__smtp_from`: The SMTP from address to use when sending mails. diff --git a/roles/msmtp/meta/argument_specs.yaml b/roles/msmtp/meta/argument_specs.yaml new file mode 100644 index 0000000..84f940f --- /dev/null +++ b/roles/msmtp/meta/argument_specs.yaml @@ -0,0 +1,24 @@ +argument_specs: + main: + options: + msmtp__smtp_host: + type: str + required: true + msmtp__smtp_port: + type: int + required: true + msmtp__smtp_tls_method: + type: str + required: true + choices: + - "starttls" + - "smtps" + msmtp__smtp_user: + type: str + required: true + msmtp__smtp_password: + type: str + required: true + msmtp__smtp_from: + type: str + required: true diff --git a/roles/msmtp/tasks/main.yaml b/roles/msmtp/tasks/main.yaml new file mode 100644 index 0000000..7689ddc --- /dev/null +++ b/roles/msmtp/tasks/main.yaml @@ -0,0 +1,14 @@ +- name: ensure msmtp is installed + ansible.builtin.apt: + name: msmtp + state: present + become: true + +- name: ensure msmtp config for root user + ansible.builtin.template: + src: msmtprc.j2 + dest: /root/.msmtprc + owner: root + group: root + mode: "0600" + become: true diff --git a/roles/msmtp/templates/msmtprc.j2 b/roles/msmtp/templates/msmtprc.j2 new file mode 100644 index 0000000..3c4faa7 --- /dev/null +++ b/roles/msmtp/templates/msmtprc.j2 @@ -0,0 +1,17 @@ +# ansible-managed + +# defaults +defaults +auth on +tls on + +# ansible-managed-account +account ansible-managed-account +host {{ msmtp__smtp_host }} +port {{ msmtp__smtp_port }} +tls_starttls {% if msmtp__smtp_tls_method == "starttls" %}on{% else %}off{% endif +%} +user {{ msmtp__smtp_user }} +password {{ msmtp__smtp_password }} +from {{ msmtp__smtp_from }} + +account default: ansible-managed-account diff --git a/roles/nginx/defaults/main.yaml b/roles/nginx/defaults/main.yaml index e4d4fb0..2e56dac 100644 --- a/roles/nginx/defaults/main.yaml +++ b/roles/nginx/defaults/main.yaml @@ -4,3 +4,5 @@ nginx__deploy_logging_conf: true nginx__configurations: [ ] nginx__use_custom_nginx_conf: false nginx__custom_nginx_conf: "" +nginx__deploy_htpasswds: false +nginx__htpasswds: [ ] diff --git a/roles/nginx/meta/argument_specs.yaml b/roles/nginx/meta/argument_specs.yaml index 866cb81..f2cb1d7 100644 --- a/roles/nginx/meta/argument_specs.yaml +++ b/roles/nginx/meta/argument_specs.yaml @@ -34,3 +34,19 @@ argument_specs: type: str required: false default: "" + nginx__deploy_htpasswds: + type: bool + required: false + default: false + nginx__htpasswds: + type: list + elements: dict + required: false + default: [ ] + options: + name: + type: str + required: true + content: + type: str + required: true diff --git a/roles/nginx/tasks/main/04_config_deploy.yaml b/roles/nginx/tasks/main/04_config_deploy.yaml index 38dbfc1..7dba579 100644 --- a/roles/nginx/tasks/main/04_config_deploy.yaml +++ b/roles/nginx/tasks/main/04_config_deploy.yaml @@ -131,6 +131,20 @@ label: "{{ item.name }}" notify: Restart nginx +- name: Ensure all given htpasswd files are deployed + when: nginx__deploy_htpasswds + ansible.builtin.copy: + content: "{{ item.content }}" + dest: "/etc/nginx/{{ item.name }}.htpasswd" + mode: "0644" + owner: root + group: root + become: true + loop: "{{ nginx__htpasswds }}" + loop_control: + label: "{{ item.name }}" + notify: Restart nginx + - name: Add names with suffixes from `nginx__configurations` to `nginx__config_files_to_exist` fact ansible.builtin.set_fact: nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ item.name + '.conf' ] }}" # noqa: jinja[spacing] diff --git a/roles/reboot/README.md b/roles/reboot/README.md new file mode 100644 index 0000000..1aaa6a6 --- /dev/null +++ b/roles/reboot/README.md @@ -0,0 +1,26 @@ +# Role `reboot` + +A role for rebooting a host, which also handles local connections gracefully. + +## Optional Arguments + +- `reboot__local_handling`: How to handle reboot on local connections. The default mode is `none`. + Possible choices: + - `none`: Just runs `ansible.builtin.reboot`, which would fail on local connections. + - `ignore`: Just doesn't reboot on local connections. + - `file`: Doesn't reboot on local connections and instead touches the file defined by `reboot__local_handling_file`. +- `reboot__local_handling_file`: The file to touch, if `reboot__local_handling` is `file`. Defaults to `/var/run/ansible-reboot-required`. + +## Usage in a Handler + +Since a reboot should often be triggered from a handler and since handlers can't include or import roles, this roles logic can also be run by including the `main.yaml` task using `ansible.builtin.include_tasks` as a workaround. +When doing so, arguments should be specified explicitly as necessary (so at least `reboot__local_handling`) as the default role inclusion mechanisms like setting default values don't work. + +An example handler would look like this: + +```yaml +- name: reboot the system + ansible.builtin.include_tasks: "../../reboot/tasks/main.yaml" + vars: + reboot__local_handling: ignore +``` diff --git a/roles/reboot/defaults/main.yaml b/roles/reboot/defaults/main.yaml new file mode 100644 index 0000000..dbcdd1b --- /dev/null +++ b/roles/reboot/defaults/main.yaml @@ -0,0 +1,2 @@ +reboot__local_handling: none +reboot__local_handling_file: /var/run/ansible-reboot-required diff --git a/roles/reboot/meta/argument_specs.yaml b/roles/reboot/meta/argument_specs.yaml new file mode 100644 index 0000000..7bad88f --- /dev/null +++ b/roles/reboot/meta/argument_specs.yaml @@ -0,0 +1,13 @@ +argument_specs: + main: + options: + reboot__local_handling: + type: str + required: false + choices: + - "none" + - "ignore" + - "file" + reboot__local_handling_file: + type: path + required: false diff --git a/roles/reboot/tasks/main.yaml b/roles/reboot/tasks/main.yaml new file mode 100644 index 0000000..791bf73 --- /dev/null +++ b/roles/reboot/tasks/main.yaml @@ -0,0 +1,14 @@ +- name: Reboot + ansible.builtin.reboot: + become: true + when: ansible_connection != "local" or reboot__local_handling == "none" + +- name: Touch a reboot required file + ansible.builtin.file: + path: "{{ reboot__local_handling_file }}" + state: touch + owner: root + group: root + mode: "0644" + become: true + when: ansible_connection == "local" and reboot__local_handling == "file" diff --git a/roles/renovate/README.md b/roles/renovate/README.md new file mode 100644 index 0000000..f19a458 --- /dev/null +++ b/roles/renovate/README.md @@ -0,0 +1,11 @@ +# Role `renovate` + +A role for setting up [Renovate](https://docs.renovatebot.com/). + +## Supported Distributions + +Should work on Debian-based distributions. + +## Required Arguments + +- `renovate__config`: The Renovate config to deploy. diff --git a/roles/renovate/files/renovate.service b/roles/renovate/files/renovate.service new file mode 100644 index 0000000..6cb8f16 --- /dev/null +++ b/roles/renovate/files/renovate.service @@ -0,0 +1,12 @@ +[Unit] +Description=renovate +After=network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/docker run --rm \ + -v "/etc/renovate/config.js:/usr/src/app/config.js" \ + --mount "type=volume,src=renovate,dst=/tmp/renovate" \ + --env "RENOVATE_BASE_DIR=/tmp/renovate" \ + renovate/renovate diff --git a/roles/renovate/files/renovate.timer b/roles/renovate/files/renovate.timer new file mode 100644 index 0000000..f7a3a63 --- /dev/null +++ b/roles/renovate/files/renovate.timer @@ -0,0 +1,8 @@ +[Unit] +Description=renovate running every 15 minutes + +[Timer] +OnCalendar=*-*-* *:00,15,30,45:00 + +[Install] +WantedBy=timers.target diff --git a/roles/renovate/handlers/main.yaml b/roles/renovate/handlers/main.yaml new file mode 100644 index 0000000..ada2426 --- /dev/null +++ b/roles/renovate/handlers/main.yaml @@ -0,0 +1,4 @@ +- name: systemd daemon reload + ansible.builtin.systemd_service: + daemon_reload: true + become: true diff --git a/roles/renovate/meta/argument_specs.yaml b/roles/renovate/meta/argument_specs.yaml new file mode 100644 index 0000000..8be0fb1 --- /dev/null +++ b/roles/renovate/meta/argument_specs.yaml @@ -0,0 +1,6 @@ +argument_specs: + main: + options: + renovate__config: + type: str + required: true diff --git a/roles/renovate/meta/main.yaml b/roles/renovate/meta/main.yaml new file mode 100644 index 0000000..cb7d8e0 --- /dev/null +++ b/roles/renovate/meta/main.yaml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: docker diff --git a/roles/renovate/tasks/main.yaml b/roles/renovate/tasks/main.yaml new file mode 100644 index 0000000..f6988ab --- /dev/null +++ b/roles/renovate/tasks/main.yaml @@ -0,0 +1,46 @@ +- name: ensure renovate config directory exists + ansible.builtin.file: + path: /etc/renovate + state: directory + owner: root + group: root + mode: "0755" + become: true + +- name: ensure renovate config + ansible.builtin.copy: + content: "{{ renovate__config }}" + dest: /etc/renovate/config.js + owner: root + group: root + mode: "0640" + become: true + +- name: ensure systemd service exists + ansible.builtin.copy: + src: renovate.service + dest: /etc/systemd/system/renovate.service + owner: root + group: root + mode: "0644" + become: true + notify: + - systemd daemon reload + +- name: ensure systemd timer exists + ansible.builtin.copy: + src: renovate.timer + dest: /etc/systemd/system/renovate.timer + owner: root + group: root + mode: "0644" + become: true + notify: + - systemd daemon reload + +- name: ensure systemd timer is started and enabled + ansible.builtin.systemd_service: + name: renovate.timer + state: started + enabled: true + become: true