wip: ansible pull

Also use this role instead of plain ansible.builtin.reboot.
This is in preparation for using ansible_pull as we don't want to have
ansible.builtin.reboot fail local playbook runs.

.sops.yaml

@@ -11,6 +11,7 @@ keys:
   - &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB
   - &admin_gpg_lilly D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
   - &admin_gpg_langoor 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
+  - &host_netbox_ansible_pull_age_key age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3
 creation_rules:
   - path_regex: inventories/chaosknoten/host_vars/cloud.*
     key_groups:
@@ -117,6 +118,8 @@ creation_rules:
           - *admin_gpg_c6ristian
           - *admin_gpg_lilly
           - *admin_gpg_langoor
+        age:
+          - *host_netbox_ansible_pull_age_key
   - path_regex: inventories/chaosknoten/host_vars/tickets.*
     key_groups:
       - pgp:

inventories/chaosknoten/host_vars/netbox.sops.yaml

@@ -1,222 +1,233 @@
 netbox__db_password: ENC[AES256_GCM,data:4k0wmOe1c5AE298Juw5HMm5dttTKB1WsVxha4MwaIILpyIbJO0CfmzjYflfBTFPPGgVeuYdCobzchzqkP+8eAQ==,iv:25Cj2BLGJK9tMDr42AqV1IzJc5zG2dk1YH5vC0b1T3M=,tag:knyB+nALZwME8y7CAQ4BCg==,type:str]
 secret__netbox_secret_key: ENC[AES256_GCM,data:zPzoFK5Sx7gJ31/Apwex9ffFU/GY+HxIfwrItCW68MM4kVvS33e+LY4cI0vbPYEUF10=,iv:SjpKxyxSAVo+p9vvE/YAQFCzAEudcZ1lwnJ6scxeQD4=,tag:oA+lBep610IfelGwdTohvw==,type:str]
 secret__netbox_social_auth_keycloak_secret: ENC[AES256_GCM,data:HP753hmQ7ssbYSQRH0zcRC0vRN5bKptvMXo9jjzcuk4=,iv:GQUoojXLAJxqdB92kKLhavDaka0Rkkg2uocBLshdvTk=,tag:LVnL/JHMsAd5UmmpnUv7og==,type:str]
+ansible_pull__age_private_key: ENC[AES256_GCM,data:KgD61z3hYRPSoCXmJgOMmHFqXtqoKHRPUT/+ayEImPsbpk+6B1hVscQbmsKJFWNsyQlCAV2MqYlIrP68pP9ckfURIaN8g5n9X+Y=,iv:eTjmF0e4/5NSnORZVtZKTaL4r1RBg1ZbHZueOrnMVlY=,tag:v1ndJchirNLPvg8mWA1otA==,type:str]
 sops:
-  lastmodified: "2025-05-04T13:54:30Z"
+  age:
-  mac: ENC[AES256_GCM,data:/+JlBnsQuJrx3+CXlH/0dtst8PdBw7cTnUpBavcQRXFjd5PsZ54kUCosFu7Y2ngL9xh6WOWKSJCKpHFb8TCrBhslJz+8SQiH97py9m59diMwG5m/RF3I3YHBIoonSZvl8ocDTbz5myycS41fad3CMs5XtGt/vEcceSFhgqjZs9A=,iv:yL8aRIn22zmTIQ53/e71t6o2z7q1fyvmgqvpz4va39M=,tag:DH1oCBbdOgK2NdanzMSn9w==,type:str]
+    - recipient: age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrY3VsVTVSdC83SXNuMEhp
+        Z051c2RrT29mbGhGZmtxUnFmMWY0UUt4MmpJCnhwWjlQcnJHUDI5QWhPYUFKMzhW
+        eUpteTdUdTNvczFPNXRnQzlkNFh3bUUKLS0tIFN2bndWTGRKZ3ZSYisyU1hBbk1K
+        RU1La1Z2Q0lPYW5qYnl3OEVhaXZ1cFEKGMbMxcGda3uTGO6DjhnY57d6ulnfsKxt
+        PFVehZXh+/FD+u0RDnWMBcdjI1Qi7e6+q/dZX7xCn9dGloDynycbJg==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2025-07-21T18:08:40Z"
+  mac: ENC[AES256_GCM,data:SvTSvRYd7ljYpQb72yRkQ+fDrDWRMQzFwTrI4RuLglBCzKNxu1g2JFAVFUSNRybWASCYhg0FqtHoC31HRHbs24g43fRFrXrvBB3sCwQ503y7A78/UfX55Bz3VBqYVJfh9w/Fm23Tak0ki1CQoAl53lz88eUHjCJjeyKtY81/PnI=,iv:y4C3RMWPsnTTgkscvfqVEzcgAg6L0QaKinzcBFLOfSg=,tag:kIcvmJXSNhpQDUHy+ZpPyQ==,type:str]
   pgp:
-    - created_at: "2025-07-20T18:28:09Z"
+    - created_at: "2025-07-21T18:15:42Z"
       enc: |-
         -----BEGIN PGP MESSAGE-----
 
-        hQIMAxK/JaB2/SdtARAAgv0wpzF+jFkc/5dlF9m33aXqRacTsTJutFkSv+NcCHwL
+        hQIMAxK/JaB2/SdtAQ//c7qCMOidrBOwgXR02ajbMhzNdo5T+QnhLPh44y/YTICp
-        nbOjXr817ujXarA+NNFeu58FQEW9+fxA1T1O2azbgtOz0xXdlDfkSkS8kCm4B335
+        JGoTowZ+hPyK5gwaTPRkduRzK074uxcjSedUfcKAPvnmmYkl4oMo/7BjXRNAgUNX
-        cAu8B8UwDwMOpiRgmHrsnFmvDct1sOZ/tgnd6AB1bgSyKijNGtdIfAimbOM0pEo4
+        leqmHnE/9+gR8EgVcYbfbsk5EPg9shhq9IYrt32PCL0D+17O5KCi78wMykmU9ZX3
-        pNWkwh6WdsbjpSFohfuh5c3yc2unCKLV42QDyPbGYmE/MP88DW/bgBNmhept1vGM
+        +DpZUHsZQHUUKKwCtBy4HgaFMIRTUIRFDYyfdVyKyDYvPypKzXw9ljZT4DPo257o
-        k72Ih1lCaRcqZLEDaL042ttSqk3MCK8tbAzq5682MAyIJGq0H+OU4uysPgsxy7GS
+        3pRLRltzxrehRgvVgajdd8NCmy17KLxdgI/TV0EWuQkRV/C6kzyvts4GYnFScyT5
-        OGDmyDHOD557msVZ+ftHpQKDsHMdN//DDo66uUR4VCS2IqILVAo4mFAbmbzF+yZ0
+        B54X7ApFoHitjWcNl28kYg0zcwd8Grk5ucWqDdMaelG5of4nIqzphcVmsm/4we9Q
-        Bt79T2Cgd+c2GdhiZ7pADtuVmLGE24mw5FXxCQxb/fbouXidH+2neVIjPCqzJE7b
+        Br0vbI1coNYzOoC+5SEzdnmqeouPR6IQ+uwza0m5srCTEoKsTwDlPKwU8oFqCJBY
-        yJoaYMIo3gWIdIM7fhlFnWrh4KGMh8z/eaVW3oG2uPCtO5OBpts1VCmvcmBBE4JT
+        Hi6pjEbLFBwnkn2hIO+B9YEJUENjLw04DAKfmiTXr8H0/DvVdQBeQtSpRTUdijSK
-        kTz/1w/v3kz0rwze9JTKXHyg2wK1chn5V20T+5SwP6MAL25zxZa/tlPHEIH3lte/
+        x1GXJm2+lgWzLtcYB2W7QphktO78hQ8lUx3lEP4j1VM9aTAhCfSrdsx+4EmrRSTm
-        x0LHEU/5WXcQLYpYxNF7yy0mrwRlMs0SLRxC2l1Txk/O7xFffnFL0I5vBluxLU3y
+        q2AjSYXI+xzAldSnYyXP6Oy4IWUaJ9vf0x3PqfCrn78rJghQC3PEPpeg5YoQz5VL
-        FMB5EtIUamapM3FuOC+hzf9rCE4I+fQJ/8aBQD2hjzOQNamg7CTXTNWldbzKL/DS
+        6NvULUpSlC0huFgSxHyYoGOfM1fNAAAXPUg0BqaORTLcOMdXA+BC8scd7CPfcyLS
-        XAHo8+Rd9b1dvjzZfxfRp/bF5Av2bfTO65lb9G6YiBHLD7+AFbo2Pn7NWh9X6J7I
+        XAFG8sQUz1KWp/0rB5cOfSM8Cg5zqY1c4lG46NK3sPOaun3RXRoyq2BjB4izlMKM
-        qpYAK9Wfs0sFNm/UIhmSkFJIXmlhMbrsp14ebfH305OSoe+dvkHfLD50frdG
+        tZ3fixqUoAr3yYSo6WEeKnFwT14wog4al124tn9QHhUHq2Nm1w0u76qssDgL
-        =3PUx
+        =Oiyj
         -----END PGP MESSAGE-----
       fp: EF643F59E008414882232C78FFA8331EEB7D6B70
-    - created_at: "2025-07-20T18:28:09Z"
+    - created_at: "2025-07-21T18:15:42Z"
       enc: |-
         -----BEGIN PGP MESSAGE-----
 
-        hQIMA6EyPtWBEI+2ARAAkHsW/Uz7zqX2bvbgP1SlNiQGJ979f/wAHA0q154N22r9
+        hQIMA6EyPtWBEI+2AQ/7BpnVJCzGYCmtfzG115O6575g44wna0k/UmNp9T25HCsr
-        02H3RB9zlyLQhEYlBKC8X1O7N8l4ZTod5GNGeWeqiEUacTve084u+rkrLz9HaNxt
+        Ka59WhuqqUMbRNo+ZcxhOl2fiABeBjPT0GR4lU/Z0L3+fDE91ayPN7cWSThVf8fH
-        Tfdpq0fqGofEvThOUB9I2B7yWahg1g+D5xee1PLhB03dhMwlWgfj2hD2+7oshlTi
+        jU7u6A4ljRQCzh1zVCbLrYw/KvpIZm0+pIsPhtf48yKvvJA1VJ8iGSrsnkz91ABc
-        USJsY7mR4GImWYVqcm9/nANpoQzEYJ24K0h6dw8NBDvgLPQAB8h6Td7DjXJw8NX4
+        13JN9BQ2I0jELTBYNbXJ/rxmH26ypyZ7u2tER6Xh+cFCoNILWdnkPkTnFvLI2c45
-        21gfToS8E62gUV+K66MYwCZWuc/FxS2DZz4pewm2R52ReP7yl/nmpqlYb0iCfiTC
+        /6dbAUsrSQNeQiPhjsYBi3MwNbjjOIk0qbqzEuC0Ow4WpbvW/1JVB/wDipLpudqP
-        RmxhFbV6+E73sPzKjK8BJDMB6k4uPHFu5Hkh86o3XjwkpAaX84EzjVKi3VIGTLG3
+        TSmvAe6CgbbkPTabFHOMWQRHgR87YJMwiiA4iJuSsYzvF6hGkRT1C7sF+riMc2Vy
-        biyeWwh6efCjUhXptaGTIFZscdGiEDJGtTn0Z0J8iDXotb6pZms2Cde+oXpg2CBX
+        zaK0v1YpXkR0yrI+XqEHl4+K5mh8GOhR2gT2QA6U3hvgFwXwaTpzJBbYT9JzJFML
-        i6uiKiz/KtBaRNYbrb8rcDQ3IHcO8WWSvAp6dYrbOmY/bYu6q2dc4hhTVs4JFVzr
+        yz0FUDxGTpPBBL4ltC1vfexXEAe+z/9AZTTvMPYUHNLR9n3oNWXmhuAioiSPfeCX
-        5I8m5jRQdzyhaoB88S23VKS1jaOUwYhN1THKPAmcR840kAA217Jq/GwUoBx/G1t5
+        ketaB4kX+gcYW8+5VnqDL44rtPooRZtIWP/e0GIhApcHZjQLEfowGiZjUeEGaXR0
-        DJQmStvo5f+nYBB6N/PVNzUWLU6gblFYiYnDIFy8hFHYmkmmWjU5J6qfITyzTULa
+        RDqyUSd6eYnoZ5n3ew03DtG/1wlzaKfDCszRa22oZxP2p9XVW7oYiRGobKwwU6qS
-        f079U9SJiqdE/t5UELAPbvIz/Hl0nGemJfit3XhZV3IelaFCxSJUR4DmE+rXTV3S
+        wQzahX1rL2NTKzjYzORSXRIzH/ZANGlgQAn82kFRbQRehUiq8OxnA7ZPWa02fFPS
-        XAE1zXyTvV6b9bYkjY6UvUMETH3NbR3yYjn2CMnnHiPykF6rK7jXQ7Z6AP+drna+
+        XAGk5eFschzQhXfgBNN0FoTl54/guA+xi1bOZ77erVMP4XhEEQMJd5LH/uieDhGy
-        q9B0cmmMmGx1LcwO60wBOdbDyWsw/6aCt7SaMwX7CXw8kzQ7ZNRQDPrXtLPM
+        FfSJJAr7ArayJaOH9ULhD05om76Q9ufR/zfa2pu/bBNknhXxa/qNpxREGdx8
-        =3SiJ
+        =GL38
         -----END PGP MESSAGE-----
       fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
-    - created_at: "2025-07-20T18:28:09Z"
+    - created_at: "2025-07-21T18:15:42Z"
       enc: |-
         -----BEGIN PGP MESSAGE-----
 
-        hQIMAz5uSgHG2iMJARAAyfykThjQAYOrOMy+nHwMHNXhmQRhHwtLIb+WEekWkRP+
+        hQIMAz5uSgHG2iMJARAA6hFD9VSOsX7LMTz5Iv3fEF9m6d9J9DvFGdVhzKjrl13P
-        +t88NlZ0fgtQtKVZbme8V2a0TCFXK7DFmC/6ZYtawfSR6LsJCsybQ5iEXEiLnaMd
+        RS3NdRUReyExTgJv1UztRSOWAFpYjt7EY5cDv9KejbQcuVUmknCV0rLiKkgKcn0T
-        mddYwQocrHC8/P+MPPvG4Wu7WzPc1yl95k/GR/M/o/Jef5nsmlfsO4fEJbB1tVTc
+        Q3L761zy8BXfCSk1O8wSSgQyOgOe2jGdqP94sr8vF5/BHZpZjYAUvoTUCe/to/VJ
-        rGjFZidiFIsJ12Nt0DavJi5iV+wXcrFkAEdDWSCbmp+93IVK2kEeSnSEJ2I0JOHz
+        wXBwZOXsxeL6ipbgvUhDv/V2lr/SXxEEkAmmrsm2JzsjFi0kyj0XF81bxafnYNsX
-        8EuroP9wGFSaq2pcVhEHs8LBm8fjUizMZGOVTjZPVWLH9Jc55Qwm+APKBMHkoAEW
+        TI85/Ejs4+WFhubr9UAJ5R2/tnPCXJq8fgZTemRpl+6OH0DnpuMUB3CsA13m2CnI
-        KaX63+uj/IgqDKTo556JyYhK4ZzexPwduelsWfOYOY+r2coW0bV5haFEq4pvHMJH
+        ftGvdy4j4ihVFN6M2sbUbeUFY2u92X7E9PLUSKQVn5TX0j1FM9Nzm2//V6yE+y5/
-        7A6m10lM2XcUzEC1j9r0BxPJuLtS5sYhub9gWsgxHsCbgArKcvkEfpC3ZRJyOmvo
+        GBYKL1zk2m0EFPLvc7LqboMu1RAej8dZ5VvhJBKG1oaN3c7bLUpFUuQm1uPTJrYB
-        1EbB1Stvh4vr++ASmHlLl314qpLSt1YEYtBhGKg5XUPnGM86fOYOtH+pX9fOM5dk
+        I/2T2B+iyZp1+KCOpqLQKZCTY4yr5RbMlGqwvOcpzEP5xMCNPkIoFGKm9KyPMpFk
-        xC4CXKLRmOfRcR+rllGoliyUrrXMTugf5r/UEeYOrSsKd40JsVPVC123Uoo8Y2j9
+        /O2WwaC/ewRAmSBiEVM38SOOS1Gm5Z7BXlmaZrD3GT1jBmTPqjrX9u89Q1EmJrEq
-        FO7xGVQ3WBy4rDrqjRXoV1nakdKOvGD8iS0hSGs8yk569YtKA34RLAcwpji3U+sm
+        2Go61OwGtmi2PcMSZ4ah99mBnP9aVei0br4OkZxa/wGfKPzlSqB4cLI8oAEnJk40
-        wIE4X/Z6Vyrsht/PvsbIcptexG2rxq7dze7eZd1T5C/pdcwh+rQG0ujJ/GB7klnS
+        JRU3BxlsunE5RCEOlNS08Id+/osjFI4VFDRZqDnw1NPaDbCvo5a2NkpEc+fTGzvS
-        XAHpuT2TgiN3oGIKMZh2cqfJ/rEBd61pvWMJQYW6ve2JhxSNL/Zo25GxsDoCzoqO
+        XAHAT+2ZErI1QeQV3jM/zbk5U7jxRpx1HCOQN9fnGPS01WpAgY3dlpy1US5T4LbH
-        ruhYleZuFEYyuVIJQ1ePwt6AeQ4yy2PaNmZAJgW5scbSn0LKMoX3T8oRtgxN
+        qNeuH5drHt4NaSvipAzKOoC+zZfciYgfsSVNOXDlztnjP0O/NqL35BzJ3FMV
-        =tPWV
+        =omHk
         -----END PGP MESSAGE-----
       fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
-    - created_at: "2025-07-20T18:28:09Z"
+    - created_at: "2025-07-21T18:15:42Z"
       enc: |-
         -----BEGIN PGP MESSAGE-----
 
-        hQIMAw5vwmoEJHQ1AQ/+IFSE4p67ld1nl5V8FYCHwDoZBAFKBz89KNv6nMmKZiVE
+        hQIMAw5vwmoEJHQ1AQ/+K42NmCDc6ZHlF+EBvXvbueEUrXIcrNA68XIeLr3YXPOW
-        sa41YCWky0d8Tv3QXiYyL0jZuyQpN3DSXNrtQLHbjHya/mvHT16Oi51/A5ZvW8Sk
+        rzWMhSGVxT6tQOueM6bsMROMLfhJr4daRAmyHmAGP9j3pcQXJJYQpmzGuU/Pz7uZ
-        dABW7DHokET8cmtUpnhpx2hKGG2SbbkkGmZCBKOveVn5wq5VUPDqJjOF0P4wZWh6
+        nWoD9u9fkk4NyvTvDCM9ZHrg7/R2yEQrhCkGnqwu/Of6DL90DvTgQ/3QFcwTnbDp
-        IkEQFfequPcCsM8MAtM3ocC5Lkkjwb91p0e0A35gE92kms7iPE7ecX2DJIiaATIs
+        FcyHsAufvtovjEWv4XCYujjo0fEMvmWmPoVgfsoFMXReNBD6f43jw5iEN31oAcfQ
-        ABRmcgwOJeuYV7nhvpFbq5FSBUXvjuVN9IGfIG3Dl+IcCYg5xF2eJWnK/sOiqNmc
+        sULeplAxBk/gFQj3IivSGKvIG/U6CIxNWfgQZcxMISxlKByX6u3aYbM+3xtCXAH4
-        uFoPkaoueTYEZkgwg9ItAvHN853WPzt7ppsduEvd3kwnsCrtj+veylr1upTjxQJK
+        oG1hu0db/L5H0Espys+dK0cWs/hRy9QUOgOVF88oFtYUkW/5DbfFSIxFcJpTdFGv
-        Rx2+a70NJz9+eaVm4hLMBDl9Ov6cEril+vZU/N0x3tSQ/vZgAJ+ofK803k6717Mn
+        NgQF7w3aZpRL8ZSHc4zbqqwB35bV5dfFV/28ygYxBK7qZzTlBxh2XUvXA/VhxWM5
-        TkSLjLkP6BNoKI7DLMLfxiCy0IssDsiX1po2wPSn2sDa+4rYt8U9dhfI8wYzUF5Z
+        Yqp9IIrb8TLRogYhxGD0ha5o5S5nWFIlprjclSFgkCZWO707jfFxVSRZ0l4a8R27
-        T8IGE7ZdVvGR0FfxbPdFgxeNJSPv7atIWemnqEAMQ5fVFQ3JsBS8xHoqoLcLJHh0
+        Tf9lmCKVs92keLOFe7lZ2bsAOCjupOjbztc81pmom0Ql9/BUCiZJVjn3eUs9q3cM
-        Q8A+HPU3oSiU2ZjGlAM9yKWdUjz/DWeo0HodqaNBonJqCaxids0P0oHSGbTB6xY2
+        Zj5sS2+etLOPjzWlO24MMnP3cVpSVdkp+biN8l01Gzb5Q4BXVdSQo1frvh7f0PRi
-        pYYXnD9knobCUr/etjv1eMvU3lIi8bz8Xmdn4KKmWr2SQKmxUU+9Mf1BWWq45PjS
+        yeuXlNdUbGV+xyaz/gk6DTgIs5HNhOKawEO32M6vZoUlLiJ85Sl6SUPvdSamZ33S
-        XAFK4pHgiE3+YLK4ygIrjBFls6g3BPQA6rUZAiFzsr2D0g16rejdhosacoJcKcGd
+        XAHkr/lYlp+ZdbIvJuMH8dOPQxWwM1GzGRMKZLy0yCs7TrM/AkzdU/26BsZByT3X
-        rpYHLCfu1CfgSlz3Qx3Ass5TD+xwHdsfT9SPpRQZSoxxpcxmDUcYpqdwGeO7
+        L5V4hzFxWiIWjUg6T6B7ID3W8rCqusGYql2Le3sNIC/6VxrHqZRPVc1FGzXP
-        =Fnjp
+        =JsQQ
         -----END PGP MESSAGE-----
       fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
-    - created_at: "2025-07-20T18:28:09Z"
+    - created_at: "2025-07-21T18:15:42Z"
       enc: |-
         -----BEGIN PGP MESSAGE-----
 
-        hF4DerEtaFuTeewSAQdAHaWsbzMdKQlM4f16MMkD06MaR9hPsvalNE1/K4d8Mygw
+        hF4DerEtaFuTeewSAQdAQEgSJ3Q/NpXw+IJGJRAvR39zMTlXbN0qt3ghoKOTnkcw
-        j5vWYfwadl8XuI/GRoyZG8hnddb0Vg545yVcHk/+0+W/SfWFzwhhvDUX8H6Qr8n8
+        a+PCLvg3ud8vbFe52dN4vVFYqrCZcLKWJ1ehoYgH9LqA+Wh6t7YAYKr2QkHXm5ye
-        0lwB89rZt3ztUxEN+C/0UAlhFZVb1OWZ+xpDC2u53j3f/zxAtCUKjJA/cqlL9sLG
+        0lwBF+AqFoT509SjXRZSv20bM1PBbc81pJU88CaOzfrxUqNfo6pxr4W1AvgmVYFK
-        u037d6B3Wn0XZsmC+jK67BFZiMWs4ZD5oM03rXMLqTVMuDzjV0LO5rUFDgiq6Q==
+        Qz3GypWGkz3zspmML+VtFAbi/aLm+UMhL7JIxYg71kidPCnF4HOS1S6sYyLEVw==
-        =CzYe
+        =c0K9
         -----END PGP MESSAGE-----
       fp: 057870A2C72CD82566A3EC983695F4FCBCAE4912
-    - created_at: "2025-07-20T18:28:09Z"
+    - created_at: "2025-07-21T18:15:42Z"
       enc: |-
         -----BEGIN PGP MESSAGE-----
 
-        hQIMAxjNhCKPP69fAQ/+PmNa3+9KdW8QK3Qp0xFsA5JCwFJ+ePnZqSy++0o39Cxf
+        hQIMAxjNhCKPP69fAQ/+L7rNz2P8t00W4dy880oUR0j1Bu9UEzk1DzQCw2VTRMeU
-        htNykQUd1aNmHjlBTmfomzoGe4L8mIRULbVRDB39d8bqHI2EIUibFK2MPQrSvF9x
+        InpbyXkTzsBeKlnX6sPUKu9asEO8EuaKnMzTg780HQTgeavJn7I/BgrdOce0hYWC
-        WLk3BLCKjBf0jja6y9DsgNHMIKOVKJKZ8+MSNiEwPr5yy3t+wRXIE7bTfRCSj2vO
+        Gt5W7s73un3/2RXSjeugR7xaWDc8FOjiH3oLMmHNBVL22kGZ2KenfQ98M3LJdMoV
-        mQ8MtN6XHH1klcg2MzQ2VBgt0/TgKNYRnF18d0bTzNTPg0XMosd9vT3HIdYNVtRG
+        ROas97fjFYvhRG5DU9qGafv3SJs2lx6SU5Rhmg+RHsJPeYFh2OyZRqyIn9VdBt+E
-        Bs88WxoLQX4ki9B00R1diWneW3TNkD+SG+3QdbQYbkwfKVE7+/ZY1zbmAf9bUfM1
+        X5g96AlTS3KrvUrafvHXur7tR3GGioqC7Wr28zHyTJlf1o7BwxvYUdk7s9z7wPUv
-        FAyUeUH2ZfiqDnGTTSQEyLjWXsPx8OmaeWHdvY+Nay1tQxfyvdFldjmkhnhUYhot
+        yznieBrqu3WvdteX2qUBtOlFFtbDWVpWDgRkdA+1ZYAJonVpKuTpH8KBZrG+sCOp
-        epu4o0vih7y8dPAPvD2v3eflXo4I0R8kANKDkVZmB/ugayeR27Uv6+Rb6XQ27aKc
+        OOJc1nneWk12Gay1dX33pKWC2CSqsznekzkAnQYTcrQtx/9EsA4G30trZcZMKwfn
-        qrYMEzWsNJ14Cz/mM2eqyPBaI5mxhttxlFuPRho+wz1XISqsmJz14VojT18dtY5q
+        JluHD+r9zdRGNWEXP6zyT8Gu+qa+1XrUftfut8Gva9RIPQlfCJuqyT3ZJkRW42W0
-        3gv2dvzap9+xbs2+d8VnNvjWzocJYXy18ZLoZomNIuuKl6s0OdNEQxiC1/riWMIO
+        NbsSDhMKSXEKyBvQhnyFZfw/mN36H5lraiX0N3v3MWC+jPjL4PLwvHg8UEAYVyeO
-        QjkbPt3037rtM5ZczhzgFLm1r45/nFx+T7nm42fEVLYnEP4Ln8bgvsasKHOoAocs
+        bLyJfyAr/b2RZ+oWmrmvkV8KG9PIWHOzIgheeswKa3EuwrvkHlzCpDkSTvm74GxE
-        QWxUFMQ1VAyMs/IftTnxMZQe6eJmqHthH+3q/wYhIqsPy3r8gnkuqjqwoCb/XTrS
+        J8unBed5rkKpvYdPtwb2Nez2bVd1UGbl4PpPNz6p/wyCVF/NjAZGz96+TsJ6/LjS
-        XAEQB91o4HxiecHP6Ks7QGI3+Z1CbEF3GWBrhCVtI0j+s+r0qsSa+6zeyaSK2Z2f
+        XAHw/zBQr1QYDCZNOCPyf6HwZBCKYGI/uFjvMesFj3M7qAUOr0YPmw7xn20ic8v+
-        uRQijSuYw09UTsQHY3dsxZm1KNebkXXzVqrY1Wt9Qtf2Yr2seZiCPygvPVLB
+        C1hvgE+3OdO8ugXdte5ckT8Wfn7bMweOVW6AZ2UMGxzWBPPq06/LvXZ/XMMx
-        =aDv7
+        =sFro
         -----END PGP MESSAGE-----
       fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
-    - created_at: "2025-07-20T18:28:09Z"
+    - created_at: "2025-07-21T18:15:42Z"
       enc: |-
         -----BEGIN PGP MESSAGE-----
 
-        hQIMA1Hthzn+T1OoAQ//bEgJM9+WRz3K5KwV9I7fpiAb+BoXfNWh/mnwUGLv8FRP
+        hQIMA1Hthzn+T1OoAQ/+LMO10efzBKOBSoqYM80n4JwV15nY19yRPo8MeJdo4RVU
-        aq72bbw1vXqBhI4jkna42eJVUm2AThL/q0QOJvGKDtud0MjJyS1tZj44kfwwC90E
+        txY3YGH25l0hfH5Uba4vU8mltIfF6+ZfxfKRXKgqG3OKSl+C9s/eLFpVgmOXyGER
-        QrybaasPvZ0WOLmSQO9DW8oyoqDqM8ue8smN9HJTOfHl15QV1oXWYjH0j2l1D/AC
+        R5BT53cOfboES5v0oWhwtp9Bya5d7TtD0SaShR6h0CKT/AAybF8IJ4QrioM03dxZ
-        2iqLW7KOzo+zFr3s7HxXnCgv9/BwqmafW742aKM8amRb885b4CAzFKvhrYlvQ43T
+        00JyT7ikmgSQCq1IrTQOvXNR4nFCZwu5npThsantJePmKdtGFvGmwZ7XIOkmS+mM
-        Tntgp63veu+IIW1YiqrdLld+hJpPaVHHDuCRANuQ3r8hQlzjOMC0ZeAW0uXnRuIc
+        XEM7IQv0q7xCyw+N7YlH9E+rXeDyB3tCZS68228p4JvvNaN2zOTHpGRCbQ2Xrd8B
-        3fOk+uQxV/POIauSQskUXSHztD8CacVjUyySi0+ZFTtJo39ulykalVy01UCNuWVE
+        36qtai0osZjsyPbOqnXSSAOVATsLtlmqxn12qBXPbmcet8Mn1Xr89ezRYg8EqPwA
-        O1cJW6I5ItpBsUqb6KZyMVVgQa5Iv4JkrTEaOsPXC/O8wb+JxiAz06rb8j0rn+Yx
+        K1aEjVcAKuojmTdLx+UNofJxq86QHvNV9DdbFddttgRyRcqSQj3/4oCmdBRPxR13
-        z623wZNi+QwvFPc1c62DXFZN9sxFY1xcildSpjh/h491FAUE+QKYEPIMf7ChyqRw
+        eL5NSP2uj2qeun5+7AToxdGGOD7CL5EsClmKVA6qxdaO/DEcVcwypyaCZxqX69c6
-        uVc9A1f+tJFI9M+gzWYI0A0+Wbl5V4wMdJKzzSyZJAK4+AyJjfpwHRU33vvOk/MO
+        d+mPNZqgyoxBT+oif6JPr+ywZVeKN5VDyncxre1zGSx/pXTTz01LzdUDZ5ww9W7y
-        Cz5VdrCs0WQ/x34KauuM//AranbqjG7QLGVZT0pkknSyG57NF+T9KI8aZ/i3E1La
+        sN9LVoDncxA3ijte8JW8+JLw5/Yoc14bf3qIo2FH/Fk8o49sUIzYljP4fqwlPbWn
-        9LEnMf50WLf0kBX7OrGryFs4RrFNWsTfSt37X1EZCmWubGTiINc96JsMQIa00bjS
+        H/dCrzjT4m66jN01MT/B6Y+Yen+PHW71aCLQZDVdFuDfuVX6bPAea01b9/hca+XS
-        XAEOFQq9PM2w/X8RyLnaE0s4m0gau9baCQxonUwq37S+XbjKreupgY1SldcyVMsU
+        XAFQGaqLizvr6jWZfewixnL8MI90GI08fw31a3zKFgDGUginOX61+24FTR+jxYMg
-        RUWiwJwVMNI3UGdQ4LBoJYstTEhH2HLQFZecw0dlZfrLtGgWJAPYvRWAx8uw
+        L61u0oB2FGCNXO6UQjGRTSckrw4Z7X8h292iso3A4lVc9ExhE1brCeFLgW3A
-        =iOrq
+        =Nujv
         -----END PGP MESSAGE-----
       fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
-    - created_at: "2025-07-20T18:28:09Z"
+    - created_at: "2025-07-21T18:15:42Z"
       enc: |-
         -----BEGIN PGP MESSAGE-----
 
-        hQIMA46L6MuPqfJqARAAjJP/zQeLJ1qXKrz4ck4x+8z1TJx91XQU1aXLWLZjLcAw
+        hQIMA46L6MuPqfJqAQ//UAy0uZUyPPGm/GoAKew4uDa/xYAWpAx+rxQQiRZBmSZY
-        4v2G4ikG75WLfJcHaHNS56bhYKhPt4/xzmse16O8xuztz8xLVKsYuChna1J96IiU
+        MnGQUsgiMIBsQt2gdyutzlggSZzjc5WRcaghlYzXZaKIRDakp92ajgL49snaYEnX
-        pk0GbfWK5N/BVgPlntFE29gwXc2XhBSucHVwe9XseuIAlu99+OSf18TVXC41tKmQ
+        LX6qFmoMgRSbxmQPlrEfcj2yJ2bbC+GF2MZNtMMQISvsgA94KMyZ+UEZSI/ooZGF
-        ZuvxgLMy5gLlt8fLLmsrgU7JM6QQXD/zfdziI9acrDw4CYKgE0Yt16+/JGCO4LI+
+        +PbEnfibu0kgTFdmz841E0AkT8xEab/ERa/AYxE+l3Iz/+WPUNd6U4n3RXonzcaE
-        2yeoV/GvFTS431lsVmTxhC59DVNCVXW36o6EKQxXjcLFhuzNxCSI+hUZYJr476XS
+        WvpvDXKqA7o3erZvULX2u1XJlZbbZM13HLwXDBCODOqG8JtDh6UvX8ZiUADtb4up
-        wgdHQWoKrTL8B6l4nJ4/2zR6ltFM3JZi62aNW88DvW/SmJsHXt1b1tATie4kVpLo
+        4QlO6ETaWtWgzx+OrF70URFEzJ8biqczC/cAuaXHZzfoLZZ+smcFwBUaRQQbdIwr
-        S1ns85v0A4NmXmDyxiORVbGT087AvdtoJw3TbLNNYiWdE1FakNW9KVcjVeqly9XA
+        pR1GGosJrY7kwNrKPgKF+jucAtVo1k7PrYSHTN+FB4pDR2qLcm3PFU1BBfpViJDo
-        Kjr72wdyRE1vyjsuDtUnM9Apuo9V2PWtfqrsNqYxgK9WJPFEzVlvhD1CkXXXsdfh
+        cWlivN3sS0/8/dQvf49WBOqWfdz8I9MuX6H+dAQu4X51yjUU0nVIDD9dxvDFdk/O
-        ncVIywwU0CYG9xOAR7DTO/pPKa+faZStU3bRlE89D+9+iUkLXqJnjx4ZPUeIMg4v
+        KUMLJDgyfzS4bsNPBjAJs/49JsQeiTDbldM1MNDgICPGp8AbOrwudvS/l9iueoOo
-        oByjEAX0jOqJLsUR10tSmJ7hrmdWoKSJTVEdx6pc45jyt6CZD5EOl7qMlteCVZAg
+        mPdQTtFwxzM21t2M+pTvkuBpB8lNfUspmfvotWdYXCKG5rWCUD+kaRHoKpg8L9us
-        gkkZ71uQLde5CRFrEPIJ3UdF8xDvnjJ8HgoaLCv9AewMlWiMNrGWV31rFqp7CRnS
+        1762pnE5Bu0ofzvBbpxNcUOO0HGMkE9Sv/Gk2E6khpfXo6m5sLXzfL7PwfjuzP7S
-        XAGsOtTt6y6VT5C1rKamG4IKK998ycirXQPlwC1svxP44sRS/LE9OI820jEiGUxT
+        XAFfCp4gp0Ms3hLz+vlkwNGfMlSY11OrqANN1uwXb7FARdNBhqitd9BSufdtce9c
-        SYeFvLISOje6f8Qf34hP9X5MmyxQd0lqMiOt8lkGj2GDqFzKsrKeu1cpylby
+        S1Kw9zApbVOSr2MtoNR4MKMplrJpIWE0lKYDhfCpr/wR1xXO6OraAqGgoNko
-        =Fivv
+        =uqNL
         -----END PGP MESSAGE-----
       fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
-    - created_at: "2025-07-20T18:28:09Z"
+    - created_at: "2025-07-21T18:15:42Z"
       enc: |-
         -----BEGIN PGP MESSAGE-----
 
-        hQIMA4EEKdYEzV0pAQ//WS8zjYnuGKpQ63BdGAEU55mAlGu8etvOLlj3JGL/EAjX
+        hQIMA4EEKdYEzV0pAQ/+J3y2ilg+0a++IuFyeAS+1S4akdbOSE5K8pwcSulmrT8K
-        CKadwY1gIPjN/AZzDN8twadasFE/o02Cz1hLAPQIS4IYgh2L5pZZVm6D/5v0rQgJ
+        hnZ2Y/U+IF4pjhZYbFeCiVh8BzH6VwXLqFQrpsQhq2fNs0U7M6KuZxFEcMhrRH7O
-        Da74NBoFKXLD7D7P/+abLTFSrTG7u3rRL8AAOsXHiMpyxn1AgvNPS/lHrdTWi/7Y
+        ULs7ZtoVg3qQ1F6uM5YS3cW1bzHZdRZ0mYNUi46LQWwFVNisjtMKrjJBN9fr4aeR
-        RfvjaMqjynZs6tsOZrQjUjz1mdwZ0Pl0g4soJ/4KBN5riz+U5wubKb8g1qxEaWZ+
+        Cei1+bkPUMCQ/7ChQwf9MHO5pUzwXA5ttsChXPMU+HzzbcCuVZjHT6rptrPsSLPR
-        CiyGcF6rHfL1/7rugg+Z7QhRlW09wAqkQzpeB9h3rIqczqsPZVuw2gtBhSnjAGa2
+        QsR/fDOTweUiRk6+Lj5/OAjwgGRaO/yLgdS9fGrezwssVvDm08ZxFMPCBEn7Yrob
-        i2q8HWFwegJYMemSxtqyO4kdtMp8J/KOXQ235ge96kMfid0muFeqD4QehSqaSta4
+        Jwe2uMdkGOE/e6SJyfh/glg+uie42g/HYo+PaBwuLot/3E/q7TbaAAHKEIlRfZSo
-        gJsPiQslhlRyBUraTAzWo+1Pgx6oBpU2Z4GD3xAsKyQ6m+wVg+7OsZJYXuMt3Y6n
+        LRsSs/FaX+2HGnNgHHNxHhvEh+FDvp/EdMcZG9vF5mIM/XYFCbUJEdwWMfgyFq6N
-        DkMfbjJOvGUlN1XiZM5GT3YqRFFXpmn1NZ4RMBHv61vDuq6z9EWm/+6i/tR/ugxM
+        hOxMK7KCcnqbMJPPdypSjyOnyBD7asyhqBwavxnqJrQ+6gH8XvVtOgc6Kt04QlP9
-        Y+qiBYohMEIwdEpzlVZVQElCt9atKPk4YLnpele/midAKVwtBnQ+IpNEjKEtXSYe
+        CgrWuqrEq8Ulx8w9KkKP9VGg9z6FbWdF4TYQwQ6KfVC5EMSrVHM+N2Y6DDpoXHuS
-        QYDRVu+OkYSiMxvnJ1ZmL4lKJVHhHtQ6Pi4xkK0eTPUaWvCI6T+t4Dj9r/OJTbLW
+        HZKtJH3qITxsofPhdssjxlvGtJRU+t1Bsa/wponQC4hJpKQ2QpNRWxrI7Oewy8jT
-        APOXEQ54CnDmGqG83op1wdMuwmw8edEBowogILlUyaP8mB3cK9KJt7B/31ntlc3S
+        ku78htjN7HFD9IrF/Dg+3kxLDIdi7/+Z8mE0eMg4RvfBBJJSJHADV+BqH/9vZ+jS
-        XAFQHLwHWB3PjCYiegJYQUbXIAfL/cdTwwBfmX8uMDerJ81IQSzu5hVDhIL9pE7l
+        XAETzKYL69TUOxK4xohMkICkjVms0z/LyMgWjAuY70MC5EaNSXKNVqDGYTtsWLYS
-        UVWxGbGzfUdTE2U45M082DrjTmBkV3RdE0Y3JaBqPJ0oVQh6p1aM4d2aqyhk
+        4ZGh3YNZCC1uK+lwos+s4OhtGLEs4pRWubz8wH66MlrAKfrI4hgQv0V4bO29
-        =nWD2
+        =o5Ja
         -----END PGP MESSAGE-----
       fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
-    - created_at: "2025-07-20T18:28:09Z"
+    - created_at: "2025-07-21T18:15:42Z"
       enc: |-
         -----BEGIN PGP MESSAGE-----
 
-        hF4DQrf1tCqiJxoSAQdAr+L6oXEIIepvoeDrCt4z9snnaxL/Pmp6dpCAkxaXXmIw
+        hF4DQrf1tCqiJxoSAQdAcZJvd8VKNf+utHb2ndF8WC713BKaMip39sdKr5MII1sw
-        5J6eEv5G83So6+XXJXvOaoneKu5qevc0fSbEBAhJfKBUYk/ygb5seBcGycBWQhDL
+        U5z2I11J3lvM7hJ0ZIWdjLeZyok69Kk7kSRxbWxn26YfMtxlrR/zNkr6glj9TKoI
-        0lwB+3jIywPou71D15VbcMJQuWshrGPkpEf8/7aaL3kiZAQbxtuajECD6/0zk9E5
+        0lwB+c7VagQFT9bcMDab/+1Vh3P4gGAF/nzw/aP9K6W1gbW7Ji5ZS6RQN8kfeJxJ
-        /owG/AWfR/W8bHJ2S/CFHb+m+aLHWI0emOg/OMGKjLG4JrarB3tbdsPcdH+8jQ==
+        14qesoUtJ02a69xVGxmuMK7FgMbEpNHvAUkTKIVEjb7t3MQv7nCHa4bCVyYspw==
-        =K0rr
+        =Wjzk
         -----END PGP MESSAGE-----
       fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
-    - created_at: "2025-07-20T18:28:09Z"
+    - created_at: "2025-07-21T18:15:42Z"
       enc: |-
         -----BEGIN PGP MESSAGE-----
 
-        hF4DzAGzViGx4qcSAQdAkzDgkAALby9UfWjtDDCJEgMH/tcIAHWeRqOx7CyojjMw
+        hF4DzAGzViGx4qcSAQdALleBKgLCOu4Y6BGE6Z8URBAHPwl4AUdOLxBne4zgtwUw
-        0XdXIl6Q6x82GOnYKtJuFkvpGc+fSoREGiAVCOzaXi9J3vKUV410nSQEpyXuiC4c
+        JWcx6dlmEa1CVsV7U8jtxGbqI6oxDeqdBRRnSkG/VgHunx83p4d0XIIzt0UZCOdl
-        0lYBDC0rwF3mDKX7Pd7LZCH5ImaJiUB26Q6M2k6bfVhSyTygADlqcrvev6buc7sC
+        0lYBR0PWpdHc/73Iuqjb6tNl4f/uMEmPWMY2gsauF+FMPjQoenPLPi3uvqbVrqVu
-        1cfZdBGkTLJeqADe5p3+wJvHiUvK/VhlwV+hXt8PBkywDpSyLgaGWg==
+        Y6FGIg7Y3fTjE0oW0dZ1XXurDgpZNw1W/R1k5lPi+ChYAbjWChcQkg==
-        =x/XZ
+        =LGE9
         -----END PGP MESSAGE-----
       fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
-    - created_at: "2025-07-20T18:28:09Z"
+    - created_at: "2025-07-21T18:15:42Z"
       enc: |-
         -----BEGIN PGP MESSAGE-----
 
-        hQIMA2pVdGTIrZI+ARAAuQj5yvmmxjrUXFquA58u8LqIIn9lS8fW04vvO7s66Kt3
+        hQIMA2pVdGTIrZI+ARAAspXdhAYalua5flBfBxEXq6zlXxQolT1+91bWRoW7mA4d
-        RhwiM1K+uTpPD0IeYO4t7xUpfQwxLKGybVBvOnjisWyTWZYWRPvpqpR8mrt/od0R
+        RV0GyJuGmlBr84fwys5qoyYMZZfkSioW+IluK/Z2+07flygwlHntpRBQeXVMhT05
-        3GcB/hval/O2HtL/CwtOwMu4RcfNKVMozLpZjWYZ5N61UgHgnSPxqAbizh2MDPJ9
+        uZMQsmyT1Q73XWsYAb0BKXkrMz/xUvhnHbyytE6SkBADC18xmcX3O2o7dbVFRFpz
-        UCM3PesL54kwBDxGUgoCOD+EnIlUOIFFrys6GLWHLqQhNsNgOeXtYQAiFhMuCzqC
+        1Yz//wdt5ErF3ms1fdmLZa2heLFudBrNxvaexgHnnk/gtJ9nH6kTb/c5hn6G53Xx
-        PVeKqOJrRD5q/mgRnOnMhXC6E5xgOOHB1war4rDaEF6rx0YujgiMt/c4NTqFPM36
+        ez1Vy72+qi0lFJswId7jgSGyf6bXlHHsEeAp9/H1LsUqoscnk5hmnrOCLzVNSPmK
-        aMF1Kw/XawEQthhXdCcxYtQefcAs1lFhAhAo93tGcqnwQc6MrfIgKJV8pdE8FBAk
+        V/qjMAxGuN8lQVf7MCJ4zbGLFZe2kTaFLBaRqIz8YSAdIuGTrM54Tu8193K73se6
-        xGhzQlwjQsilJ/YoXvNDm6Iy0UH1WVVcVRSKE+ogC9dw1JyG3tu4kfp7GioQvhkD
+        fBuhL5gQELKWLRpUNe96HF/NeEnswCprNwyr9Yu58/EjKDyMo8AYhKo6Ia7QTofQ
-        tGEg/9hNMcWXa7Gbyr3kCpmTHuaJGaC8R4dy0rzL/SXDMfWm3zbFZVZoZieOuzeX
+        67vtSOpHVQqbYYV+CRVhpQqxYu7XiC2bjtBoMmMz7vXUAFnUe+EScPrFLlAsaDD6
-        gl1F6bUnc4gUnlOa2XPYYrIVWfQMdAJYbj6ywvl0lMLxeOtStcYVD1EdRhiGEWrJ
+        9S01IEZcqe8D98X6e6W+0D0jTgd7JkvRZGOD1PWm+S1hyCgZ3AkTiiv70forhsGv
-        9YoEjDAMg99WHfEvNSe+90CnBPY/UNig97lcdGZzmKAYIMh5OutJsS5t+Lx318Yn
+        YPEqNyOvetiWFYxbgylzxeact5kyUfK4ckYfeNYK66NS/QwOfgfBvafHhLSSDmct
-        C8dDvk7QbDyG0lgaZHAAeY1SPbVW4eUdRxZIOrGPsiRUpzYxlExLVdy8vtXfFHnS
+        H4hm2ct1R8bMbMIM23oIkeuxudRi2J9Uf2/+/hT2kn3zeGYYVGBfqEnUfBoaZafS
-        XAEc6y4UA3fhOYN7i6MZNVye186v9gZZyGjeZX1nLJN130A1TwMOg/tIeuFBmxpO
+        XAFGyI1xu0sgZNP6M3muvk1/NqxVxfRB9uVh1bfDcCDM+rlolFhdWPN4S1MmfiEV
-        0C4SX0xckcZQuWCR51Xjeu4hDCeMVQJuMJaypjhVoyQPiw4yaWWbELuSC5/F
+        9E2Pi1mF2M0ii5rM1kXnzEKPMgXcvhakNhn/J1MxDTlDzWIkMuWY2WQNTT57
-        =ERpn
+        =WSNg
         -----END PGP MESSAGE-----
       fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
   unencrypted_suffix: _unencrypted
-  version: 3.9.4
+  version: 3.10.2

inventories/chaosknoten/host_vars/netbox.yaml

@@ -1,3 +1,10 @@
+ansible_pull__repo_url: https://git.hamburg.ccc.de/CCCHH/ansible-infra.git
+ansible_pull__inventory: inventories/chaosknoten
+ansible_pull__playbook: playbooks/maintenance.yaml
+ansible_pull__timer_on_calendar: "*-*-* 04:00:00 Europe/Berlin"
+ansible_pull__timer_randomized_delay_sec: 30min
+ansible_pull__checkout: ansible_pull
+
 netbox__version: "v4.1.7"
 netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}"
 netbox__custom_pipeline_oidc_group_and_role_mapping: true

inventories/chaosknoten/hosts.yaml

@@ -180,3 +180,6 @@ alloy_hosts:
   hosts:
     grafana:
     ntfy:
+ansible_pull_hosts:
+  hosts:
+    netbox:

inventories/z9/host_vars/yate.sops.yaml

@@ -2,16 +2,13 @@
 secret__yate__sip_trunk_epvpn: ENC[AES256_GCM,data:BkdNaCooUjsDlCXJ,iv:saO4IGsz1HAinvW5ZGAMA4WEtBbo+UNdfBkr0g29uag=,tag:t8RM0GNYhl1w/RMNO8wKbQ==,type:str]
 secret__yate__sip_trunk_fonial: ENC[AES256_GCM,data:N18C3XZHIi1/IA==,iv:vs9dCYNRp+1ptxRajdUO5ODTOmNREJslF99xnFL92XM=,tag:IUmnlPeRI1WTRYELzZRk/w==,type:str]
 secret__yate__sip_trunk_fux: ENC[AES256_GCM,data:zcVxNjyS3BE2dw==,iv:Prmy8nP1yeFrVI5mQaPJPKHGFCzuZp84f6fH04I9zJM=,tag:X15wqvaaifMU2/kcqLqUZQ==,type:str]
-secret__yate__sip_extension_ewerkstatt: ENC[AES256_GCM,data:qbatVvfXZiUcpVnOJUpzYw==,iv:E/fCmKGrwYvQP1gGvwT0UrL0DZ/PcMwKG+NteiukB5M=,tag:PFmU0DX56+IbSQqMtY5NSQ==,type:str]
 secret__yate__sip_extension_fritzbox_analog1: ENC[AES256_GCM,data:+ayQ6P4P34D5hTNOFv3HVA==,iv:UD71G07Z633mDmvnJVei9SKgHyM+JFXJdtOhyBhvKGY=,tag:0ISsYGQCIMMgToLWA09JwQ==,type:str]
 secret__yate__sip_extension_fritzbox_analog2: ENC[AES256_GCM,data:DbFmTcZ8wW2fqstm09yUWw==,iv:jKUqtSXaGF/QpIwPJ6hKQWZvv9xtZeIQBiPHt2xm+3I=,tag:MkWzODFnWZc8o+pVLR3KJw==,type:str]
 secret__yate__sip_extension_fritzbox_dect1: ENC[AES256_GCM,data:87MFTNA0DXmfhesT/M++ug==,iv:qDM8HWZhG9FADLFNPRJXkadN2jXD6/CfroDShNPzA+o=,tag:Ylf56nCczEdDaOGko5GrBw==,type:str]
-secret__yate__sip_extension_fritzbox_dect2: ENC[AES256_GCM,data:KOUKexyzJqZPj1HKJxFl4Q==,iv:OCChQmSF1s8C/VYuw9D3hHA1CAoCnwC4adyTpWO5Iac=,tag:VFFuYi5Nd49ChU1Ki/nHiA==,type:str]
-secret__yate__sip_extension_flausch: ENC[AES256_GCM,data:eIieA4A/ZmU8e7t20xwmCw==,iv:oDMgZIjQBDcwIVPK4/qIT1HyQKc+vImdr1iPZE1LEn4=,tag:RgS+enGC6DP6dwE8u30a6g==,type:str]
 secret__yate__sip_extension_legacy: ENC[AES256_GCM,data:gC43eKUOAYU9dgNV1JQ+nw==,iv:xN7aad2NPaihlMT4Ym2xanpKU4eX04V0FS4m6XRgZFo=,tag:Oq0yBCSf+CB8Xkx4D4TH5w==,type:str]
 sops:
-  lastmodified: "2025-08-02T07:43:00Z"
+  lastmodified: "2025-07-11T17:10:24Z"
-  mac: ENC[AES256_GCM,data:Irv3y4/QbofyM5BvE4h/T6zNF3A6oTjDssMOcqmGxUOGpqL11Am1DMHBivkUgEYe4ir9N0kvPUmed1XOyDwImrl06E1mGAT6hOlfVSYKtZP0Pwvi4VVeeP6IAYN56zu8k4X8oIxv7AEfS3Fq94sJ52Fd3xDPPCG4aVtUXxxDuwQ=,iv:HdqbgUVR0lIysZnnPkOkW9gDp9G/EOrHDkwmQH6LVKQ=,tag:amVPLxjvx1Qtv+v27SGtGA==,type:str]
+  mac: ENC[AES256_GCM,data:aO2kEoKvWccDkF9lnaNeoBWfgUetZ3W4ImappoPU4emLpWMtRGWFiKUbTwQCbLGBdQ/C+Dk0bZYV1wJjotmSIiEyPzijINX+d5obH7Gm2XSkqFHGlz+XnVg11PY91enBbHSQTiOyCzS1Ez/xWAVdztTHWA5r8lhaojmAHSe3UHo=,iv:VAEnZscqlPmVuEypiNRdhfGoooGa1qet9FBht/NNUK0=,tag:o2Q5GsHRS5GaZuQm3chZDA==,type:str]
   pgp:
     - created_at: "2025-07-20T18:28:37Z"
       enc: |-

playbooks/deploy.yaml

@@ -78,5 +78,10 @@
       ansible.builtin.include_role:
         name: grafana.grafana.alloy
 
+- name: Ensure ansible_pull deployment on ansible_pull_hosts
+  hosts: ansible_pull_hosts
+  roles:
+    - ansible_pull
+
 - name: Run ensure_eh22_styleguide_dir Playbook
   ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml

resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf

@@ -71,10 +71,6 @@ map $host $upstream_acme_challenge_host {
     hydra.hamburg.ccc.de 172.31.17.163:31820;
     cfp.eh22.easterhegg.eu 172.31.17.157:31820;
     ntfy.hamburg.ccc.de 172.31.17.149:31820;
-    cryptoparty-hamburg.de 172.31.17.151:31820;
-    cryptoparty.hamburg.ccc.de 172.31.17.151:31820;
-    staging.cryptoparty-hamburg.de 172.31.17.151:31820;
-    staging.cryptoparty.hamburg.ccc.de 172.31.17.151:31820;
     default "";
 }
 

resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf

@@ -89,10 +89,6 @@ stream {
         hydra.hamburg.ccc.de 172.31.17.163:8443;
         cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443;
         ntfy.hamburg.ccc.de 172.31.17.149:8443;
-        cryptoparty-hamburg.de 172.31.17.151:8443;
-        cryptoparty.hamburg.ccc.de 172.31.17.151:8443;
-        staging.cryptoparty-hamburg.de 172.31.17.151:8443;
-        staging.cryptoparty.hamburg.ccc.de 172.31.17.151:8443;
     }
 
     server {

resources/z9/yate/docker_compose/regfile.conf.j2

@@ -10,28 +10,75 @@ alternatives=0,1008,1337
 callername=Legacy
 # Yealink im großen Raum am Fenster
 
-[502]
-password={{ secret__yate__sip_extension_flausch}}
-alternatives=0,1008,1337
-callername=Flausch
-# Yealink im großen Raum am Sofa
-
-[503]
-password={{ secret__yate__sip_extension_ewerkstatt }}
-alternatives=0,1008,1337
-callername=E-Werkstatt
-# Yealink in der E-Werkstatt
-
 [610]
 password={{ secret__yate__sip_extension_fritzbox_dect1 }}
 alternatives=0,1008,1337
 callername=DECT-1
 
-[611]
-password={{ secret__yate__sip_extension_fritzbox_dect2 }}
-alternatives=0,1008,1337
-callername=DECT-2
-
 [100]
 password=test100
 callername=stb 100
+
+
+;;;;; old stuff, please clean up stb 2025-07-11
+
+[echt]
+password=test
+alternatives=0,9,91,3248,1337
+
+[test]
+password=test
+alternatives=0,9,92,3248,1337
+
+[unittest1]
+password=test
+alternatives=93,3248,1337
+
+[unittest2]
+password=test
+alternatives=94,3248,1337
+
+[door]
+password=test
+alternatives=0,1,11,3248,1337
+callername=Main Door
+
+[kitchen]
+password=test
+alternatives=0,1,12,3248,1337
+callername=Kitchen
+
+[desk]
+password=test
+alternatives=0,1,13,3248,1337
+callername=Desk
+
+[workshop]
+password=test
+alternatives=0,2,21,3248,1337
+callername=Workshop Lobby
+
+[clean]
+password=test
+alternatives=0,2,22,3248,1337
+callername=Clean Workshop
+
+[dirty]
+password=test
+alternatives=0,2,23,3248,1337
+callername=Dirty Workshop
+
+[dect1]
+password=test
+alternatives=0,3,31,3248,1337
+callername=DECT-1
+
+[analog1]
+password=test
+alternatives=0,4,41,3248,1337
+callername=Analog-1
+
+[analog2]
+password=test
+alternatives=0,4,42,3248,1337
+callername=Analog-2

roles/ansible_pull/README.md

@@ -0,0 +1,23 @@
+# `ansible_pull` role
+
+A role for setting up automatic `ansible_pull` runs.  
+
+## Supported Distributions
+
+Should work on Debian-based distributions.
+
+## Required Arguments
+
+- `ansible_pull__age_private_key`: The age private key to use to decrypt SOPS secrets with.
+- `ansible_pull__repo_url`: The URL of the repo to run the playbook from.
+- `ansible_pull__inventory`: The inventory to use.
+- `ansible_pull__playbook`: The playbook to run.
+- `ansible_pull__timer_on_calendar`: When to run the playbook. This is the argument to a systemd timers OnCalendar. See the systemd.time man page for reference.
+
+## Optional Arguments
+
+- `ansible_pull__user`: The user to run `ansible_pull` as. Defaults to `ansible_user`.
+- `ansible_pull__checkout`: The branch/tag/commit to check out to run the playbook from. Defaults to `main`.
+- `ansible_pull__timer_randomized_delay_sec`: The timer will be randomly delayed by a value between 0 and this. Useful to not have all timers fire at the same time, even if `ansible_pull__timer_on_calendar` is the same. Time value in seconds. Defaults to 0.
+
+## Links & Resources

roles/ansible_pull/defaults/main.yaml

@@ -0,0 +1,3 @@
+ansible_pull__user: "{{ ansible_user }}"
+ansible_pull__checkout: "main"
+ansible_pull__timer_randomized_delay_sec: "0"

roles/ansible_pull/handlers/main.yaml

@@ -0,0 +1,4 @@
+- name: systemd daemon reload
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  become: true

roles/ansible_pull/meta/argument_specs.yaml

@@ -0,0 +1,27 @@
+argument_specs:
+  main:
+    options:
+      ansible_pull__age_private_key:
+        type: str
+        required: true
+      ansible_pull__repo_url:
+        type: str
+        required: true
+      ansible_pull__inventory:
+        type: str
+        required: true
+      ansible_pull__playbook:
+        type: str
+        required: true
+      ansible_pull__timer_on_calendar:
+        type: str
+        required: true
+      ansible_pull__user:
+        type: str
+        required: false
+      ansible_pull__checkout:
+        type: str
+        required: false
+      ansible_pull__timer_randomized_delay_sec:
+        type: str
+        required: false

roles/ansible_pull/tasks/main.yaml

@@ -0,0 +1,63 @@
+- name: ensure dependencies are installed
+  ansible.builtin.apt:
+    name: virtualenv
+    state: present
+  become: true
+
+# https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-and-upgrading-ansible-with-pip
+# https://www.redhat.com/en/blog/python-venv-ansible
+- name: ensure Ansible installation exists
+  ansible.builtin.pip:
+    name:
+      - ansible
+      - jmespath
+    state: present
+    virtualenv: /usr/local/lib/ansible_pull_venv
+  become: true
+
+- name: ensure secrets directory exists
+  ansible.builtin.file:
+    path: /etc/ansible_pull_secrets
+    state: directory
+    mode: "0750"
+    owner: root
+    group: "{{ ansible_pull__user }}"
+  become: true
+
+- name: ensure age private key is deployed
+  ansible.builtin.copy:
+    content: "{{ ansible_pull__age_private_key }}"
+    dest: /etc/ansible_pull_secrets/age_private_key
+    mode: "0640"
+    owner: root
+    group: "{{ ansible_pull__user }}"
+  become: true
+
+- name: ensure systemd service exists
+  ansible.builtin.template:
+    src: ansible-pull.service.j2
+    dest: /etc/systemd/system/ansible-pull.service
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify:
+    - systemd daemon reload
+
+- name: ensure systemd timer exists
+  ansible.builtin.template:
+    src: ansible-pull.timer.j2
+    dest: /etc/systemd/system/ansible-pull.timer
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify:
+    - systemd daemon reload
+
+- name: ensure systemd timer is started and enabled
+  ansible.builtin.systemd_service:
+    name: ansible-pull.timer
+    state: started
+    enabled: true
+  become: true

roles/ansible_pull/templates/ansible-pull.service.j2

@@ -0,0 +1,16 @@
+[Unit]
+Description=ansible-pull for configuration and maintenance
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+Environment="SOPS_AGE_KEY_FILE=/etc/ansible_pull_secrets/age_private_key"
+ExecStart=/usr/local/lib/ansible_pull_venv/bin/ansible-pull \
+          --directory /home/chaos/ansible_pull_checkout \
+          --clean \
+          --url "{{ ansible_pull__repo_url }}" \
+          --checkout "{{ ansible_pull__checkout }}" \
+          --inventory "{{ ansible_pull__inventory }}" \
+          "{{ ansible_pull__playbook }}"
+User={{ ansible_pull__user }}

roles/ansible_pull/templates/ansible-pull.timer.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=ansible-pull for configuration and maintenance on a timer
+
+[Timer]
+OnCalendar={{ ansible_pull__timer_on_calendar }}
+RandomizedDelaySec={{ ansible_pull__timer_randomized_delay_sec }}
+
+[Install]
+WantedBy=timers.target

roles/apt_update_and_upgrade/handlers/main.yaml

@@ -1,3 +1,5 @@
 - name: reboot the system
-  become: true
+  ansible.builtin.include_tasks: "../../reboot/tasks/main.yaml"
-  ansible.builtin.reboot:
+  vars:
+    # Simply don't reboot on local connections and rely on proper handling of /var/run/reboot-required.
+    reboot__local_handling: ignore

roles/kitchenowl/README.md

@@ -1,39 +0,0 @@
-# Ansible Kitchenowl deployment with docker
-
-## Introduction
-
-KitchenOwl is a smart self-hosted grocery list and recipe manager. Easily add items to your shopping list before you go shopping. You can also create recipes and get suggestions on what you want to cook. Track your expenses so you know how much you've spent.
-
-- Native Mobile/Web/Desktop apps with a great design
-- Add items to your shopping list and sync them in real-time with multiple users
-- Partial offline support, so you don't lose track of what to buy even when there is no signal
-- Manage recipes and add them to your shopping list
-- Share recipes with friends and family
-- Create a meal plan to always know what you'll be eating
-- Manage balances and track expenses of your household
-
-Checkout more: https://github.com/tombursch/kitchenowl
-
-## Why docker
-
-Whilst I try to refrain from using docker, especially together with ansible, it is the recommended way of installation: https://docs.kitchenowl.org/latest/self-hosting/ .
-
-One could also decide to build from source, but I fear that the chance of brakage is higher than just using docker.
-
-### Notice
-
-This role does not care about creating a rootless docker installation and should primarily used inside a vm.
-
-Checkout https://docs.docker.com/engine/security/rootless/ or https://wiki.archlinux.org/title/Docker#Rootless_Docker_daemon for more information on rootless docker.
-
-## Variables
-
-See [defaults](./defaults/main.yml) for needed variables.
-
-### OIDC
-
-OIDC can be used as decribed in https://docs.kitchenowl.org/latest/self-hosting/oidc/ by enabling `kitchenowl_oidc` and using the respected variables.
-
-### Secrets
-
-Please use secrets as described in [README#Secrets](../../README.md#secrets)

roles/kitchenowl/defaults/main.yml

@@ -1,10 +0,0 @@
-kitchenowl_dockertag: "latest"
-kitchenowl_port: "80"
-kitchenowl_path: "/opt/kitchenowl"
-kitchenowl_jwt: USESECRET
-kitchenowl_oidc:
-  enabled: false
-  front_url: <URL>
-  oidc_issuer: <URL>
-  oidc_client_id: <ID>
-  oidc_client_secret: <SECRET>

roles/kitchenowl/handlers/main.yml

@@ -1,18 +0,0 @@
-- name: docker compose down
-  community.docker.docker_compose_v2:
-    project_src: "{{ kitchenowl_path }}"
-    state: absent
-
-- name: docker compose up
-  community.docker.docker_compose_v2:
-    project_src: "{{ kitchenowl_path }}"
-
-- name: docker compose stop
-  community.docker.docker_compose_v2:
-    project_src: "{{ kitchenowl_path }}"
-    state: stopped
-
-- name: docker compose restart
-  community.docker.docker_compose_v2:
-    project_src: "{{ kitchenowl_path }}"
-    state: restarted

roles/kitchenowl/tasks/main.yml

@@ -1,41 +0,0 @@
-- name: Install latest docker & docker-compose package
-  ansible.builtin.package:
-    name:
-      - docker
-      - docker-compose
-    state: present
-
-- name: Start and enable docker service
-  ansible.builtin.service:
-    name: docker
-    state: started
-    enabled: true
-
-- name: Ensure kitchenowl directory exists
-  ansible.builtin.file:
-    path: "{{ kitchenowl_path }}"
-    state: directory
-    owner: root
-    group: root
-    mode: '0755'
-
-- name: Ensure kitchenowl docker-compose.yaml
-  ansible.builtin.template:
-    src: docker-compose.j2
-    dest: "{{ kitchenowl_path }}/docker-compose.yml"
-    owner: root
-    group: root
-    mode: '0644'
-  notify: docker compose up
-  register: output
-
-- name: Ensure latest kitchenowl image pulled
-  community.docker.docker_compose_v2_pull:
-    project_src: "{{ kitchenowl_path }}"
-  notify:
-    - docker compose down
-    - docker compose up
-
-- name: Show results
-  ansible.builtin.debug:
-    var: output

roles/kitchenowl/templates/docker-compose.j2

@@ -1,24 +0,0 @@
-services:
-  front:
-    image: tombursch/kitchenowl-web:{{ kitchenowl_dockertag }}
-    restart: unless-stopped
-    ports:
-      - "{{ kitchenowl_port }}:80"
-    depends_on:
-      - back
-  back:
-    image: tombursch/kitchenowl-backend:{{ kitchenowl_dockertag }}
-    restart: unless-stopped
-    environment:
-      - JWT_SECRET_KEY={{ kitchenowl_jwt }}
-{% if kitchenowl_oidc['enabled'] %}
-      - FRONT_URL={{ kitchenowl_oidc['front_url'] }}
-      - OIDC_ISSUER={{ kitchenowl_oidc['oidc_issuer'] }}
-      - OIDC_CLIENT_ID={{ kitchenowl_oidc['oidc_client_id'] }}
-      - OIDC_CLIENT_SECRET: {{ kitchenowl_oidc['oidc_client_secret'] }}
-{% endif %}
-    volumes:
-      - kitchenowl_data:/data
-
-volumes:
-  kitchenowl_data:

roles/reboot/README.md

@@ -0,0 +1,26 @@
+# Role `reboot`
+
+A role for rebooting a host, which also handles local connections gracefully.
+
+## Optional Arguments
+
+- `reboot__local_handling`: How to handle reboot on local connections. The default mode is `none`.  
+  Possible choices:
+  - `none`: Just runs `ansible.builtin.reboot`, which would fail on local connections.
+  - `ignore`: Just doesn't reboot on local connections.
+  - `file`: Doesn't reboot on local connections and instead touches the file defined by `reboot__local_handling_file`.
+- `reboot__local_handling_file`: The file to touch, if `reboot__local_handling` is `file`. Defaults to `/var/run/ansible-reboot-required`.
+
+## Usage in a Handler
+
+Since a reboot should often be triggered from a handler and since handlers can't include or import roles, this roles logic can also be run by including the `main.yaml` task using `ansible.builtin.include_tasks` as a workaround.  
+When doing so, arguments should be specified explicitly as necessary (so at least `reboot__local_handling`) as the default role inclusion mechanisms like setting default values don't work.
+
+An example handler would look like this:
+
+```yaml
+- name: reboot the system
+  ansible.builtin.include_tasks: "../../reboot/tasks/main.yaml"
+  vars:
+    reboot__local_handling: ignore
+```

roles/reboot/defaults/main.yaml

@@ -0,0 +1,2 @@
+reboot__local_handling: none
+reboot__local_handling_file: /var/run/ansible-reboot-required

roles/reboot/meta/argument_specs.yaml

@@ -0,0 +1,13 @@
+argument_specs:
+  main:
+    options:
+      reboot__local_handling:
+        type: str
+        required: false
+        choices:
+          - "none"
+          - "ignore"
+          - "file"
+      reboot__local_handling_file:
+        type: path
+        required: false

roles/reboot/tasks/main.yaml

@@ -0,0 +1,14 @@
+- name: Reboot
+  ansible.builtin.reboot:
+  become: true
+  when: ansible_connection != "local" or reboot__local_handling == "none"
+
+- name: Touch a reboot required file
+  ansible.builtin.file:
+    path: "{{ reboot__local_handling_file }}"
+    state: touch
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  when: ansible_connection == "local" and reboot__local_handling == "file"