Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: move piped to fw host

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-11-02 14:34:30 +01:00
parent 04cdf1bd2f
commit 794d5c2dad
6 changed files with 104 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/fw/modules/dnsmasq.nix
View File

@@ -91,6 +91,8 @@
"/omada.cloonar.com/${config.networkPrefix}.97.2"
"/web-02.cloonar.com/${config.networkPrefix}.97.5"
"/pla.cloonar.com/${config.networkPrefix}.97.5"
"/piped.cloonar.com/${config.networkPrefix}.97.5"
"/pipedapi.cloonar.com/${config.networkPrefix}.97.5"
"/fivefilters.cloonar.com/${config.networkPrefix}.97.5"
"/n8n.cloonar.com/${config.networkPrefix}.97.5"
"/home-assistant.cloonar.com/${config.networkPrefix}.97.20"

1
hosts/fw/modules/web/default.nix
View File

@@ -62,6 +62,7 @@ in {
./proxies.nix
./matrix.nix
./n8n.nix
./piped.nix
];
networkPrefix = config.networkPrefix;

272
hosts/fw/modules/web/piped.nix Normal file
View File

@@ -0,0 +1,272 @@
{ config, pkgs, lib, ... }:
with lib;
let
# Piped domains
domain = "piped.cloonar.com";
apiDomain = "pipedapi.cloonar.com";
# Port configuration
backendPort = 8082;
proxyPort = 8081;
# Database configuration
dbName = "piped";
dbUser = "piped";
# Piped backend configuration file
backendConfig = pkgs.writeText "config.properties" ''
# Database configuration
# 10.88.0.1 is the default Podman bridge gateway IP
hibernate.connection.url=jdbc:postgresql://10.88.0.1:5432/${dbName}
hibernate.connection.driver_class=org.postgresql.Driver
hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
hibernate.connection.username=${dbUser}
hibernate.connection.password=PLACEHOLDER_DB_PASSWORD
# Server configuration
PORT=${toString backendPort}
HTTP_WORKERS=2
# Proxy configuration
PROXY_PART=https://${apiDomain}/proxy
# API URL
API_URL=https://${apiDomain}
# Frontend URL
FRONTEND_URL=https://${domain}
# Disable registration (private instance)
DISABLE_REGISTRATION=false
# ReCaptcha (disabled for private instance)
CAPTCHA_ENABLED=false
# Matrix support (optional)
MATRIX_SERVER=
# Sentry (disabled)
SENTRY_DSN=
# Compromised password check (optional)
COMPROMISED_PASSWORD_CHECK=true
# Feed retention (days)
FEED_RETENTION=30
'';
# Piped frontend configuration
# Note: Piped requires the config in a specific format as a JSON file served at /config/config.json
frontendConfig = pkgs.writeText "config.json" (builtins.toJSON {
apiUrl = "https://${apiDomain}";
disableRegistration = false;
instanceName = "Piped (Private)";
});
in
{
sops.secrets = {
# Database password for postgres user (used by piped-db-init)
piped-db-password-postgres = {
key = "piped-db-password";
owner = "postgres";
};
# Database password for piped user (used by piped-config-generate)
piped-db-password-piped = {
key = "piped-db-password";
owner = "piped";
};
};
# Create system user for Piped
users.users.piped = {
isSystemUser = true;
group = "piped";
home = "/var/lib/piped";
createHome = true;
};
users.groups.piped = { };
# Note: piped user doesn't need special group membership for Podman
# Create piped config directory structure
systemd.tmpfiles.rules = [
"d /var/lib/piped 0700 piped piped - -"
"d /var/lib/piped/config 0700 piped piped - -"
];
# PostgreSQL database setup
services.postgresql = {
enable = true;
ensureDatabases = [ dbName ];
ensureUsers = [{
name = dbUser;
ensureDBOwnership = true;
}];
# Allow connections from Podman containers
settings = {
listen_addresses = mkForce "*";
};
authentication = pkgs.lib.mkOverride 10 ''
# Allow local connections
local all all trust
# Allow connections from localhost
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
# Allow connections from Podman network (typically 10.88.0.0/16)
host ${dbName} ${dbUser} 10.88.0.0/16 scram-sha-256
host ${dbName} ${dbUser} 10.89.0.0/16 scram-sha-256
'';
};
# PostgreSQL backup
services.postgresqlBackup.databases = [ dbName ];
# Allow Podman containers to connect to PostgreSQL
networking.firewall.interfaces."podman0".allowedTCPPorts = [ 5432 ];
# Setup database password (runs before containers start)
systemd.services.piped-db-init = {
description = "Initialize Piped database password";
wantedBy = [ "multi-user.target" ];
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "postgres";
Group = "postgres";
};
script = ''
password=$(cat ${config.sops.secrets.piped-db-password-postgres.path})
${config.services.postgresql.package}/bin/psql -c "ALTER USER ${dbUser} WITH PASSWORD '$password';"
'';
};
# Create Piped backend config with actual password
systemd.services.piped-config-generate = {
description = "Generate Piped backend configuration";
wantedBy = [ "multi-user.target" ];
before = [ "podman-piped-backend.service" ];
after = [ "piped-db-init.service" ];
requires = [ "piped-db-init.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "piped";
Group = "piped";
};
script = ''
mkdir -p /var/lib/piped/config
password=$(cat ${config.sops.secrets.piped-db-password-piped.path})
sed "s|PLACEHOLDER_DB_PASSWORD|$password|" ${backendConfig} > /var/lib/piped/config/config.properties
chmod 600 /var/lib/piped/config/config.properties
'';
};
# Use Podman for OCI containers
virtualisation.oci-containers.backend = "podman";
# Piped Backend Podman container
virtualisation.oci-containers.containers.piped-backend = {
image = "1337kavin/piped:latest";
ports = [ "127.0.0.1:${toString backendPort}:${toString backendPort}" ];
volumes = [
"/var/lib/piped/config/config.properties:/app/config.properties:ro"
];
extraOptions = [
"--pull=newer"
# Using default bridge network - connects to PostgreSQL via 10.88.0.1
];
};
# Ensure config is generated before backend container starts
systemd.services."podman-piped-backend" = {
after = mkAfter [ "piped-config-generate.service" ];
requires = mkAfter [ "piped-config-generate.service" ];
};
# Piped Proxy Podman container
virtualisation.oci-containers.containers.piped-proxy = {
image = "1337kavin/piped-proxy:latest";
ports = [ "127.0.0.1:${toString proxyPort}:8080" ];
environment = {
UDS = "0"; # Disable Unix domain sockets
};
extraOptions = [
"--pull=newer"
];
};
# Nginx configuration
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
# Serve Piped frontend static files
root = "${pkgs.piped}";
# Frontend (root)
locations."/" = {
extraConfig = ''
try_files $uri $uri/ /index.html;
# Inject instance configuration before Piped loads
sub_filter '<head>' '<head><script>localStorage.setItem("instance","https://${apiDomain}");</script>';
sub_filter_once on;
sub_filter_types text/html;
'';
};
# Serve custom frontend config
locations."= /config/config.json" = {
alias = frontendConfig;
extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
'';
};
};
# API and Proxy domain
services.nginx.virtualHosts.${apiDomain} = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
# Backend API (served at root)
locations."/" = {
proxyPass = "http://127.0.0.1:${toString backendPort}/";
proxyWebsockets = true;
extraConfig = ''
# Increase timeouts for long-running requests
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
'';
};
# YouTube Proxy
locations."/proxy/" = {
proxyPass = "http://127.0.0.1:${toString proxyPort}/";
extraConfig = ''
# CORS headers for video streaming (restricted to own frontend)
add_header Access-Control-Allow-Origin https://${domain} always;
add_header Access-Control-Allow-Credentials "true" always;
proxy_buffering on;
# Increase buffer sizes for video streaming
proxy_buffer_size 128k;
proxy_buffers 256 16k;
proxy_busy_buffers_size 256k;
# Increase timeouts for video streaming
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
'';
};
};
}

61
hosts/fw/modules/web/secrets.yaml
View File

@@ -1,50 +1,51 @@
borg-passphrase: ENC[AES256_GCM,data:eBe8eqkcIR6RHIGdHzxS3xh1wCYlS/bd980VZi8CwVibCQXauc0gIsx8ISzBJzjHkBFOj2JzODvUMt5cz4R718Xr1RU=,iv:8MoLCoWiZDCJoFBfBia5kHBjufqTGbT0RWPB7/FlCcw=,tag:C5x+wjVy3qO2UhQsoN7fkw==,type:str]
borg-ssh-key: ENC[AES256_GCM,data:o2VRs/GyTq1veP8rEvWL9qkaHt0I2I5vl2PrEIR9HgZ4wiFSHlteLTWTesUiVvVlRkFkk78rZytn3Ae8nxzyDfkJZe2dznM5fPTxjeGDnARG+E1Ajrzi7YE+PPcjtV5KgaUFkzI+CI59rCJ2/z827rg9sAnUzIt7voynf5HwJ25A61Dcz6AuXyfCEVVqaZ2S0rrYb/rsvF7k8ihvnLIVO/PrK4FXrkfIckZjp85zJGItc8J30sOCLX3gsuu3Fyb6+mR+8iMtIcEMkzgdaCc32JIg7YeF6V5gwBbGh8ZqhuAfFGVQuH0eUo6Ke3CLL+qmze1Zef+hcUMWRphu/DKgLXigEp6KcS4DmnDKKsueCoEbh808YAKot/2vWI1eSp9AGa9ubOyye4/1Y760OwoF5/icdyMT9F6YCUnoq14xLbmTUsN281znriX/mNjs50IBsiCE443WTl9dVPHzPQf+09xjt+NQJx/RXHnivvQp/Q83Es5jkPSi/SG/ywmy+sjRiiqxv9FX6QM7eLGlf7YwETw67vVePYIuRP3e0JCG40y/v2xzIWUIsDAAyy7AaWZoHlyr9JwZPvgMz6k66D7fl+K5lrzDd8DM4vSluVw1fbiNhT/IcUwwPxFPUa+gxhByBr+dhbbf1ZjcLCgQdCcODiBKcq93pJqWGECdfZDRfG5QJKOAt7pyvum9yyh3wKYK4u6AsNwj/umCI8B28E/zq1V16TPIPfTImc9mTbY7jyH/3ekRHcJlZr4P40GUZ7Ky73JGrTmzvb0gujq4vbrDGHeln307aUcGbgGR22FVsSjtAHQUfPEBejWjURDw9HKnDK/RiBOsSYJnwTrzb877QMG9wPKEFPTshED0kj4p1Rr5HZphnW2MEDrwcrb5OoHRhfUricz/KvCkMFIOm09A+zc1zVvwEEQANt2FAokuluI72oaBX4IChyy+zVFb6a6NsGJGXwzTcKCjH2sRnaMBNPYdIPC6U3x7nsHR2YpryDfa+uvTJMywt15/xVEim9y7LHEmYZ3Q0vqtDGA/8QhGCndZkTZzGGLulPbPl3FvolBx6maI8Xk041RkqnkH2nXPoQlYuHcGov5Kfnp7ZJmyLAFb8dtaNpcsPkOVje+/k8TBYrCTCT+v+K61c3yOUOopOUa5NakKjywLG9CK8YNkUCUYf4NKDudQnQSVPKP0h7YiXOf6jC8dVEIEBPObjGVUOHxzKi5yQAYVt8bwO6pVrKYuQsA+Y4lFCmiG7wQj3mYTNkP/Z5LCBVuoYQoaX16GKpo1RhPa6knGJgiK+IeIvkqTilTPmkab741yjov4iFdAJtIM8q8OTUbNqTjvRoWncfqdUK3efnhbUYgIfyQNg7LTLg01tlMMObhGPfeNGYOnU5GCPBiuT9phAv9FLHL0EW3U+6oGIbC1E9jg01fbctaxpJm9BLEKu61c1bYsRruFHfOCjRDrHV4zWOep2wcLupTYsmWyIRKgrbqa1BTQnWaEk57KmWkdIC2oYBe0Ogy//HNEWlg5Y9aZR6hKgpcW1Wr5KwzCMsDDzX13WqFuura68YafCg+BaWjv7hJ8NeGNKgZR9Bm5igjZxLu419n0FgeTKH4dKYsd1OGnY4leiWxAbOCGqnl2zkoJFj7V4qYUS5SbzajYX+4lxxeF0B1IgdynwXDPSpXnRgNSmRwXbsyAFuJoWLW2dnXQPTI65yqHCA7/rw9wt6RRHXGToRedx46UeDQdWAbIe0U7SyBOoWZm36QZhp3wQXF/pcczk4A2rQ8F5r+bfUhfimZByAhTRRb0ft35/LFa2pYlYyZq2YtGioxYSC6GsfEOIV10NL6RkHALGcxeQdCjiQSiBEaEVaV+YUCyeKQaMaCnyE3AYn29OsC7rLhePDrNOWr5VUQpEC3cbVlRPRfm652wb+azagjqYPuBa0ogRQp33D886+2S/WQahlKDRuCSfTp5TbLCMvvTc2IvKa7G09/k5/sZ1tcCGvhvZ5/AZZMB9gE0MNtNg3jlJirRh7Bqw03YhtRkAgi5XLmnm6B6vHA5HNStTtpogGShNRAoqWTRD/3nGED0/dkP0pCBNNZBGpWskKgGH4oyjgMX9Uloiyk5zjd7Cb86dIY2bbSnDStw1H5/NaSjse+XUuaVUNaU/l6RZ7D7GIGy4XjAKLeJbtHv+adHLDhW591XoPkC3MmFC1X4Z19Pz/zNx38OyhoUuAg7UDnIOeYRHLRHZ95i4zjivkpiq4aciz20B8TsA6UILho75zHKPwjNzhHKPGXHKUFmZJZQP0PzoIZXXHaFXy3kouLzggfR9C4DNIzbxQtqpYihtOgbNyDQZxfGXRm6VDQvXKa3mLYJeJkW2atd4i7DHWJKDPCFEYPRXqZXumKjgZ5fupHlpDCPscPW1Zizll/6FafuIjCJ6rFQIRnw8V+45BZQivYqIDXwsmZQ24tzsoDACEDhvC73z/5BfK4ZAh5q64dpdukab3wFEFJygzbXje3/3uRiiN7gXVL8kAJPVjMi31nFLsJ7rSdALj03jw+LcJgXal4toIKhJiOZi/HgadUa5X6siLCFHKxMYHlSlYRdVWbgvldlxXzCaKYgc8U+2TwPtfMoHIH55y7uoctoZDYwpLeqyPI5nQJ17l+7P9McZVb46bnIAw2M3oK37ejVjrZBIjR8+8yYiYWzK/2JmBRoyB4YfHVieF4XcPBWEDPzD+w79V/EZyAGVtM6k8V3Ceqc7OsmZ6Zzp4Ms5bDCZ0MItoIH6Gvop1lW5X4xL/g2mFWlWBYEgDBtgcVXRyRBr3OfCSWK/+980i7kSWMkIan0bn3HFBLRXELlVvQ7lG9MxrxqVj5nvxvEBr5Pca89T5eJ1QaYq8RdBPiBrtyhY+PZyDsl5JU7FeuckS6hxJvwZkHm/lTjPwy4m9s1lPzkLddZ27bKXWo/gY9/HQxsRVTPOW8CsDngsW6/GKJeS+Fhig5A+EwU5jqf9PoW7qdqKSKnMQPkrjX2d4UlT0WPU6nUEZs+CxlOFv2SAOvvqhKryLbSwbL33idm5twEdZJuB3TbKTrSIf2qoMqx9cAB6U1e7QKUKcFikzBoj7GxxI6ZpCQBtDpGy1horqsfQl4PNnL2kRnlDoDBDO2nrg8aLThrWGMfH7uVWoEBuc+STadVvAY62z/J9MQCULzDF5b82wSy5n/wRVrxCAZYCPMhNTgcfmzd2A+VxrNiy+5+hpCMTb+3XrLDVO92dRXQ6J+IEz/RMUBpWHo/7YfOgZiLUkH4PG8+k2Ov3U7DzwfC1MN9wM3YUP5TUTwsscjRlGsSuwVmc7xRRcP6/cKVMpIoS0LG6QGombQP7kMfSmLq+aU+EuXuL7qEmz0jQHPQ1l2i9c2s/skNnRLcNRxFC1anMkD+eLeFBvIDW0MhaszYs7FRo8NnF64T7X7UgpPFRPGMSbWrom+paY1w8V+qXst0QRPM/q56ReItGBKNmg==,iv:Qsy9R4P9qUEiIXyxfv+uSH9I5dZrBjcUrTK4KgLZNoI=,tag:+YPoX9extIoBdF1mlfwbOw==,type:str]
zammad-key-base: ENC[AES256_GCM,data:MPk5e7htmBMtnc/QwXfcs1FjRpRn5vkrwLWDGP5qm0xwMZwtaA1vkCMZKh/C58tGZ5weKiuWfLcWV7Z+bCEEvhfOTHED2q0r2/qChZGdBv1qPqZ0MWy6ZzvwawyDZ3lBtwW+/xM+pi8mB//VDgOAv82+OeM3mQfkxp5CDcNfJF8=,iv:v8ts3FQmtcueWheiW5BfwTDyv1DqCVWgYaeAmpqvlCA=,tag:NtXMC3foJ9hCHNRtE0nmMg==,type:str]
dendrite-private-key: ENC[AES256_GCM,data:xz2tl8YusttW7rKYVB2t10AHTCQF+WR156kFzdLIlqMuJ3LAYLl0vQDyF6ulNkH6PMrmqXCNWFZgGZ6TDaQ7DYf4GnltpAXxcaCE8v2NTqQ0PfWyQ5xj9iQBBHO2cbAWWIUiCzgybEp0kBb5MGwx/u/+fzQjQjgIQ7J74r+3n9Crdn+UCrXMZEE=,iv:wHWH/qFQUTpUUtuL319qA4MhNhHDs0urS67XGkVx/nw=,tag:LG+DoKjcHkJCrdVW51v5fw==,type:str]
matrix-shared-secret: ENC[AES256_GCM,data:fI9op4AfW+7enIajZ2oc0jPS7GRvFmMewc2mSNVSDbCdVZV1DU0bH3zSaP4HnwUcAz0DsUZY3xsd2O+H,iv:Y0ba7VY4TD5IrVopw1q8F/ssPgZo22cWa3jQUu65yuM=,tag:tSLRNVYh39idpaJdmh3IFQ==,type:str]
n8n-env: ENC[AES256_GCM,data:wVomIQKR7Aj49yPhT5bTGMQF6Mqtjs4IKNZfkkJuDvqTWa4965DRLogAPtQ/Ofr8zf3JTc5pEdNC+ZnlqgGuWGV6z5y7KfnW22gNcwvjO0pGVXs0yGXBlbc4Ed9hY65c6orH59E/79PG9zyF3J2Fp+KQuzXiaVbxBTSORB4ln6/omLP0KuKIc344d14VOa5qhqOOGfmFgsUaVUS68L/AglTMhcDEkkHy3Bdjy0TAXy0AnAIKODfWOPn2F+ZZRkseeriFwdfnZy/SRAzfoWD8SZbyMh6uNfqCCPVsPGFzkeOi2c0Ay50KuNqnX8hWoE2HIjPznXyrQgm+HFAPmlj2K6BqlwRe2meGMFKGSBGkqjDbcY5GiFcA4sELrIZPtd0=,iv:bLP6Hp3zUpStrPiQtmi6LbcNePXFhEzdJi4YgTcWEU8=,tag:QjZgxXgAZBMq91KwW+6u3g==,type:str]
n8n-git-key: ENC[AES256_GCM,data:nWPiszZmaPZ9bU2+56nyMKiS8aV2bCMWUlIVq1QlOFT1A8K8uNcwqE4B3RbmxNpiW9xGHD24+ShLsMB5eoBuqOG8Zr/7Gs46B3+D+9V6qJKeFJEr6D19Nlwy8ank0s73xFCJ9BLz08pTAI0P40+krbY/GOTfwoxaXVi9wEsjdFDopTORcSGAeVx+iC7JXMfa6Wr3SvPkwB2yWYsufFW+8lIEu/sHPt4cHJye0UBXo+6b1wim47zuuMz7qx+mn5O4mHN88/Snf/fxkEr9y8TopTk+xUzOrCTrTBeEsGXOa2YtxFJYfg6vTA//hcOt9TiHpNZtIL/CslCgfjQx1rHKvEH4XL7IaAsnoM8az04g/EJ5aMMM/IeSrdD2sKobdl3SSP+gXF6ZF8EVCei1ssTwKWTcDGtgR88HmL2CjdvYXtGqiAv/t6Rxae0YZgEyi02oQaE+rjXjD+8vVjUCDZjiIpYqovD+lJda4zh2/PsbJmWvBtXvtBUu24jRIx8zXjds6TKgWUYrRT1N+bgY/tW6,iv:BlbL2urwvumo5ihZ0dhxABWqMzuPd3k5o4Iem4zaZII=,tag:XX6gHR4eXe8PF1qlH2Xueg==,type:str]
phpldapadmin: ENC[AES256_GCM,data:kyQmDWkPCVzXJIo2f7/gYOD+ekwxrGvBl7JiPNJPlQ27euk47t9YWKSbPiY65d82393S6xiTZ3niVYuIsQLuELkVlW7EI3p0oUJd+nh7npc5EobMZkAHokSn8mixi7mhE4HCVx1JT+3HVp+75Ysiw7VzRn8IuM2HGXj2dCySEhoKjkLr9DOk+FuBDQQ90rJ3ospbXYrWfaoTe42bdjbPHRZDYo+ijmVuBxv16P7rILi1e2857VTasANKlkgqK5YzehFNHqFz/osnR7vxxvvVE1nOaKBPVm6ny4Nyb+BuIU4PiHKE5LWJrk0=,iv:iaozQaxo+YeKXw3vkkKw+0xZEFYxtbarMUHUZYDK1YA=,tag:Jam8IcpvApibCD5bd2kv9w==,type:str]
borg-passphrase: ENC[AES256_GCM,data:Mmm6dr9UTFAsO/xTgQNQZdPsBiP7dcu8AC5fF36lbNHEmjTOpmHmfGWsLn6KvKh/QKeBoYTFanEtl9dhvmLrt/SS2k0=,iv:jU1Vi1OdYa3XyvR7yxq/86rClinBKZOGiLHCnmMWA3E=,tag:64RboQqNlwVjJMHeq6t+0g==,type:str]
borg-ssh-key: ENC[AES256_GCM,data:tiBWsZoedrZWqE0qLjYGnXZxqe7xJE3alYxHrxyAOFSF2s1Rxr0qYwS/CveryzDU1QkoDQ788C1fuLic40UzrJWzCQ7NysYmZPr90/xTwPcVG/PkYSa1+Sj920mHiIal0EmlmLFI+bSaHTSIPMUjCXTpFdM50yeMHVbrbNsthXrCjEedO02TvFbVNhMsoEnL5LsgsVkpGhZ9CLVWmP2+tnawut12rYVyqTsvT854uUxmllcKp6ITA9xpHPLP0W1xzsj996BIB+ROyvZq0ORCTwYWWDzRLBZDWeKbBzNtBFvB6I77gIbqwsU8RZGBL6eO4vMEZ27zJWHGmC+GDGXUci/E0nTTH3BAf1IjdnJxaKnR9skb/1Rv4sucJjufzPJHOrAZbjCADgQHJscNfKS5uNgnlxVW7qGYUqtIFni9rs2FWqwaDAdRA6raAtXvsgB4DhBvDR+ocyurS/87Zvg9P9p1R0PZYUEOVrNYmff4Vd+n76A1s3vro4BwoZOCifTg7jfCoSQSpYDhIPJAFSetFPgk88Tng76hA0SyVc+lZ/Id2iYbvRpzNBF9J52dkZBmx0280FSJBY8ENscE2EkP+5GqdgOw1rjV7pvwe2eBHgcs8TQf8PsdhaCYpwPE8TrTuQt+AUuaYHCAWf/806V9+eGuMn2Pk7GWYQEc16J/iiUYYYaYA88sdZOp5qVWwOdvKZxxvuasXWvvloGtBWhE63zweMwZsB3AiTBojezcyvlVKLY1614FplmXOk62Ve7AKg5ZkqTGX8CFSvW72HlUEBbASApjizfSlpFmEmqtckqk2kAhvM7tPagq+MJ7AQsynOEoaXvbIlva+kiHV3ySNSFNgJd7B700NHeQ4GUacG67RPfpNxS7VnT4/BwiMgPUu49klHA6jnaiojF49i1pMC2fcdVOtgqQ6c12GYwwiX2B+5e/5Z6wqlIXZOI2yjW9FwCHmbCL1VATZU+ySDLDYUsWeRhYx4FVdITlOOOZOArMKOS9y/kIbhS7tgR8daLK6mPcTGud+K+oFnUMXOgGER59nj+Ct0jTFQEhF0lQV1EB4M10+BSEsTRzYZzlGDWiLKvS4OUrEe8AiMaCgqne87y8i7z288mnw8WTPPNTKkNTTDZLCnd70Zgx2jgw2RLQB72gO65AzoI+wntbFh/hL8Dkum396vrzVi8YxYEB1O+4g6R4qqlZzQ1duIv0UhnIu/QG6YEkzn7eg/t7vl40suWDhYv3Hbt4W/1B/QdmTiUmhIExf5xsOoj8p99tqKG62F45lRkQAV6zXhHQeyvqZOqYTjumJJbaXI/UX5es3efXLerkHq37RrmblZiaGIYdyKLGl0GYw53NmW92NGTWLkkcf2ctX8rA/YeppB65KEL6stUOIxpjp8Nl8wrh8VzArJhQqyJVoALJK8lpnHhB82VuOn+XTeSKztBHcCfIA1CUQYl9GOTsgS3CnLolqJVH2BwvC09W/xbRP+eAeRzKn8ewvzh3TlHUGw1gX0zaVbSlwrjkv6Dks3/3JEqLL9SZsBVRqPKsPF1BuAATOlkUEzTY1rHN/Vk4e0suN8VJjMwcyoJ5TW8StS4oda2eO4NHvKVAsf8G5m5jRGaUo6jRy9MMORvUtfi/EAxulvCZaE6bYoDv8iNz34DaS6DrWExhLHX/glT7GRxcy1hpvqpYpb7qh1j+jNnkEGeq1CoqFUT3Tl4qNbcE6Wz+1p0N29q/Lhhh0GSDAmLdjwkozibwupB/OM+DZWAiDCtJDkqgry+JR1A/A8pSM9N/8D875WiERfW5GEuYPawp6vkLGuaxqio6c/E1STpul6UjsiAxcEE1kk3Ai5U0thtIMm3hzOq7j+ON9GDY4xV7F+j2/HeVW7eTq7T/Ek9QWbsEYVo5OHhHxvuXlTFT4sUPg8RvYIQdR+x7hBosGo1pY3arm9gkQBzKGmucQet9WQBk/bgSa9nghzctsfZ54SuSdvyhEUk0DK3eete1MCSLujSHAx885BaQG4mhUyuH2eLNtWyA7huYFnNTRVYd8wQfR7/891qxwHnoGfy57oTbLGG4iZOQWEytayiCGHUICpEcqCWPExXeTVChmZNtf5jUIyfP8nSQdLnhMv+tOaYJ9GWKP5oIouNp9W6/P+SSBjRTj4J05F8szj6CgModAFghIJo9LFQIl/VMPyXpLTw2hKel9Hn6FAiKHN+7s6WsM2YnD/4EVKF230HeGZ8cyyWHV8u65dSsyfhGgQ1/P5yoDNLy1devTkG/Npcyn5ZzAR6lifyDo/qA8ws11b0RlFOsned/8f6KR0J/3qfv4uStL4SRBIhQjtg3d5TnZp6SnN2AQDXNEBdIq+Fm7FDb4wnZWeGUWtbzeSh4Mpdv1JTXYVPU4B28+AvxBT5PxvolyR33kBeIi8lq2LzJK1g/3y3jpozoZS3LKEd1bAmODbKVZT/Piv06Apv8IbuA0ZYOVhdA3TeouWTJqtYVvJCoLdhIezMeYHm7Fe6NYOCtrX5yba/Hchb14nneKpUqgux6TyzQHoa/a5cp56cGGwzwKIeFzPN2RM+MNOL7yrlC+JTFE/hWmoT6D0jXrOEaesHesr/0c6BwcMu2E1BYgBHWwAvZpYicx/MVyHfbCik5J8U55QhydYkHHPdw80cNB58r7BxesDfraWscG+76gYu480tn1JmP7CZ5zm1LJbjYAn/2UoxGHtPILUlP0RBLk9UaMkFGyFmkklVA5gD6HqEGAXeayMPzxgjKU1feQmrgbNdnFthb/nwUGD9PH/+Oufqv0pxjDfsjJnLfdbdDmy69llTrkYF6891kgigA/+zg9D91lteLp7ZrEX6lw7uCevN0XeVEFEEYqV0imBw+zt3/P7zGu0Lw+zRAu4Ia7RuNwdetWeJSBfkyyXHZDVp7kwzPN5slMmoPPyebP6zkqEjFO/mfJSblfx+wCXXStxoSG38nbjmjaUKMK/poRim/lvFBBrFTg1RR869qc7Kw+yiXtoVjOGUMqpUBzeNL9I/T4c5n5sG+LTwWIx8FR+MlkA4+DVZ5jEqMx3Ifkmj1mjpKRNQHiUWJ9EJ8SmbDHaTQMy+bMg7pBMNgI1FZea7woClt/GGYJaBgWTnPp7UpwdmxWBFJSBkoqyfICCGBYK8ZZPT53oKcvgMPRO5Cln+RClwolkkPWJ/XDWL2wLVlOVG77+ddJnGEzNrjFRzTaE5dcUgKyJR46bu0aeI5cbwDx+PpR4hSBvmqKjdjuWf/IyTl5E0KrlMn+aER6PbOUrnriqiiEZYIaoyOyTMi2fBOtntO0uJyPkKQ9Qjo30CyW5S3opZeBfCHbb1TVC6dQ7hI2YVZWKv5QS8sz1WhHSMxmZjnW4LDjbZdiVJ4W58r7E3hw8o/W7qfm5tBkGbcNo1xLXDCIEYDqC25UGNvZCv3yg9kbmuoN1lgeZLE5pSDPg878VwHIOeN9A4oJeou+k1i32EUSQ==,iv:QENf4n4DuSfY75SAeJJXjjHXJGFT4aLkLjdzVg9N27s=,tag:e+5tdTAwkwJMfZ038EXlow==,type:str]
zammad-key-base: ENC[AES256_GCM,data:hJzv99+t/e7QtgxFxh7F/soTQe7V5JgAz3PK6eY/1gm64TyGtTp4HjfDW8LN566OCntl03Wlm0syckvVxl1sUNedbgv+mU1Dt7siGmYG4iB/tWs4QeZ7htNyD4yXmBQWCCdib6BZz7KExlFsmUsHg8VKQUdavbKLXkgmedCZMZc=,iv:BJPfAOaeEp7Mjbylw5umMvvwkMw3GNzWFvG++h0MTwo=,tag:XQ5T7FZASY+6pFjSMtsgWg==,type:str]
dendrite-private-key: ENC[AES256_GCM,data:GpLC2qiSGh9apu5nTdltuK5/rGbUcJFiyJRUsoZvTsiKfaNShiU97ZYvb80MGNgrlj9Mh5guHu9wPgQbJDj4WDFJAPBEbp4KWXj3KdG4xd4/rKMn8EsjAdTznyfYYkzA7xq5GMuNWZtTpj9LoYUOyOZy3RYzyTRANxaWQvXf/1SBymfrJVg+T/w=,iv:g2zMeqsd6fMFi0H8sjKz0NZue1SvNm830DoRY7a8OOA=,tag:ZXkelXJpquKdBcnOPCEt1w==,type:str]
matrix-shared-secret: ENC[AES256_GCM,data:Ve6hhuyFAM4VzJmQt/jBvXvMxC2fluuFfry6IvkmGSV7KtXfN6iSIzBq6eAzDrcKMSN0fjlNn/ZAVVGO,iv:3NNRFYKpzB8JYsDuydVX37oEwnS1dPd58DxAIddz3S4=,tag:ymp6ATRTICosEU6kNjowNw==,type:str]
n8n-env: ENC[AES256_GCM,data:Y/ixe5U/LXpPAHmWWSmL+C4oyh2fprZ4f6zHrMN9ha6lIW4z7gme3NZIWsDu+r2p332ILaaHxn4hB11XgjAQ7w1sdlzdX7WL782OPWbYGSxmPAtUJSDzlpYe76KNJV36BFtko5dLyccuLuVF8/xMjiNYu4p8UtLC9b3Zr9xYG5tkjOi8GmVPAQrPbm8acKcGbBt56xB0atEpidAo9daoF8W4bmwdPobikxXLuuIhIQQnBfoYn47wFoONkgyrwq24DkDkyPj147jjlrbqpjGODmtfiyxjaP+FQ80wumSKWnZi+FGbTndsUfESGnRdNZRPrEOPhLZXznO9CLGMGZEbFtd2DTszuSrCTPUeBGCnmhjk6vzTx+QxGi3yobwYBr8=,iv:EoITvKWYqoF98GP0B5FIcdYO/IYZzEvOM9tyrVsx4WE=,tag:QSYF18LeW3zwHj/8JmfqoQ==,type:str]
n8n-git-key: ENC[AES256_GCM,data:UVEkyhjhhnOd9AxZ2hA0kVvUh9D2SquEg3KXyLc8KdRZLLO72No6/JdcqXFPhvUBowhPiIPGeWTrgVC4f5TZic/R7KNziyyyPZysQa3KYpTWz+E97AJ1RxRgFUTVkA8+STcAAVVgiMVgiMkNnELQFIlRw+uVwzM2ykecLFEJkRTknJzdW4oEyeMAAE3JaOt5WMn8UzjdEmholjWrMK0n1E87GxyTeXggLnEgadAItvQy1n3U5imrY2eY30F+v0Y7wTxyWGN5x/9zP4JZVTPZBd/5Ir3zVVCjeKnjI+6aRdrHZ32s3WoOKLEeVTdBoIHmD1XFgVMgqFONEba/Q41iyKLl+6t04BKsUodR7kxVv68BNLTpNqyoCrTvFvv0APsIHbAO1CxAHGYiTAdMEeFtdCOVYGhTH7yjx9MQ52/By2Wde8uP8q+X4PzzebiEo00si5vhapMe6Kd+O+UJ2iIxH/Zv1Gh2t/wNLCU579zJWZPqwBlX96x4AhVRQwJHTQbpboD+DrEMm3i/TUyxiil+,iv:t+xD/8vYwBj43t8XeCf2aZo6FBT36E0QoiRQX9xlgHQ=,tag:LJKqbXBzdOv/UsMH/mW5Xg==,type:str]
phpldapadmin: ENC[AES256_GCM,data:/6Kat9a6NCy6fE2vBhuwVZf2wfV4D7yqHd6mrjifmnJQZSmIq3jZaHyTYXHCA475Sw/lpWML3msgJQLSrQpPr4tm/4p5n+s8+uiRp45i72FsNBowaZzSL0nWeNqAW7pzMQRsu6/UKE6ozHUnMO4r7e0F/92Xohr4yVVX6moj40uQGYU38r9UBCQZpZpcjLzCEnHkN1cSr/AJu2qVK4OaWhZ/epKb9pG89Ht9LoNet57oRTFlI2byfWbGxafvem6N4U+woyfApOpFy3eYJDmPQ041H4S6uMoyQmaMcnLjEfrXFMhF4wq9qUs=,iv:Gu99QryK+8L0e3vK1Xcu9PsglVsdGYzk6Z6iOuc1Tt8=,tag:EBVItohssCRTy8D1G2HjDA==,type:str]
piped-db-password: ENC[AES256_GCM,data:2b1ZLMGnPgBB/W1VaRROkeNxyF0pBndv577wH0rEiCkgI0yRaCzxUjhGiEY=,iv:Yr/n1eIysGBcJ+0kTXdRgpv1D0yAzL3KNBSzyvqj1Vs=,tag:7VW7RSgYp0oUA3M/ZvRn2g==,type:str]
sops:
age:
- recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONnYxLzhEdmVSSnh4a1JQ
WCtUbFFiZktSWFRtRW9aYzN1MHRhL3hKd25vCmxQRkwrSmpqSzhtSGNOV2hLc0NQ
d2Qva3VmVkNNUktidFNjQm1Hdnp0elEKLS0tIDdKeWQ3VWVoVHowcmpQcUpzZ1Ev
OXpyWTFtdWtNSEcvdlJGbkI5TDRNNGcKQu7JboPmzSmiedawcbxdpvzGURgb4vCP
mbz7kcOWAkzhTztqxg7wJ2gMYGu3rINd8x1Th4F0IZV1t8LBn7bfzw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWXVacEMrN1hsaktGMDF4
UG9xTU4zL2JydzJsb2xmZ3Fmd0NTV0IzcTM0CmVkeDBvbTFYd0ppeTZhVE9mM1N2
QnpESlkyRE1uU3pBZTAwWURsN0xsNDQKLS0tIEgralhjRWxCMVpJZTN6U0h0QkxQ
bVkwdlBoME95d2FVUUcyck83c0prR2cKk09TB5GSeFSJEosNZOwKo2kCPj+ka/Dg
BzIRnujABAomWkAXqUECAqH3GJfcIIRy0b7m3+gXj77RGic/2so73w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNdHJZbVYwYTZjc1UxQ3Qx
eTF0VnZMRWNmSzFUSU5HTU02ZUNqNlBjQUdBCmorRFBOeExtNEpoeEpmNjlvTnov
aHJub3JjM3d5eDNpVGl0Sm1jc2ZtaTgKLS0tIGFCQ3NPT0hudFF3Mm5ZT24xWkox
WkN1MnpiZitJaExLeGtJTklFQVhmalkKS7u6tH3YsdawGJfxxW3Dndm51nsrxGk1
d6+Rt8Y3iIpdETKC/2ZoFqVEfnGI97akJGDL5l0GjQ8sanOnjku2PQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VGZYL1RyMEdlY25hbWM1
dkQ3K2o1SXJmME16cGtXNkZnS201TjdCczFjCjRUQTFnbXN1NmNOdlFRVW1lTkVa
ckoyMWJFYm1ZL2NGNk9Cb0FWRzlJa3cKLS0tIEI2c0h0ajZmalRodUFiZTI4SUJU
cFcvb09QZHFFK3IxYWh6RytPLys0bE0KzwmDBTy3Xo6gfTlmVvKH5dlZWKeSKlPN
GgPLCQglDRXWE5VpKjKfTjI62zmkCWXkW35N+cGO+rMqMvcRrfReJw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjZ1hlSG1CSEs1VE9td1JQ
UzQvUm5ucnJ1cEcrQlpzYUpCWksyUDFZTHlrClVYT2cvWWVGUnlpOVVJV2tmYnZi
WmpoYjFWNGlGemYwOCt0TG9BK1hESzQKLS0tIEpVN3kzQmpOSEM5bkJEVVVyZXI0
aUxYR3BEbWwrRzJ4TnZTb2xsMnMxUkkKAbfgJXxkXrHW5pyoZk6jSvmqulcbTLW5
4T34ZkrymqZx5zbsdAwXOaBPhGqr8s343laYY7NP6K37voeElba64A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRaUV2M2tMV0JBbmh2Vzhm
WUpwM0tkSTVLMXBWVDRacHNzVDFZOUZJdFI4ClZwQ0pKM1R5bkhhQUZWaFZpRVZJ
b21iV1ptTk5KVStZRnhYQzB0SGFtUzQKLS0tIHRhMGZURmxqUVZlNExUTVkxSGEw
NWU4amk5WHFJT2JKaFR0SkdPQjQ5cVUKyfQTZUYpxbHS7emkDlVjzR3cEQ5JpMIg
COhJJj+QP4bxKH7OmLkveTsqn/WQAWvrtTVfhVZpCkl+Yb0pPxmndA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsT0FvM2RNZmM1cEFvZ1I0
M3ZyYUpOdDRTdU5WaHFEanVPOTluT21MRGxZCk1tRDRmSXhpRkQ3YkNxQU04akV3
ZVBhVktUQitpcWdpWjRVejMzMHFRL2MKLS0tIFJSRHJrR2xZVWxkOG5oZ1ZrUUhN
VUZpWXhwWEZ3TG1jTkNoNEZRYXVxWGcK1LLDUn31FcXgO/Kv06sMq8i4KNvCDm8d
uIn38CUjfbFA+T0cfdkIAPErc6Gsqm33eAHAJk+QYNBUlYJOEVhNHg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NHNCL0tEcWZoVWorNytq
UnpFZjd2UDFTRUtvaTdmRnkvSVlSVzZzWkF3CkZmV2dyTGFINWlWQ1Z2UVVBaGNM
V1NnU0FoWjdEL0Q1bGdPQUhBbEo3STAKLS0tIE5uOVRtcXZ2RVNEcFMvZHltUlBG
a01mSERFdE1ycW5HeTRxbWdndC9OQU0KiCd29oWbYBmQe+3ERbdhE0g8UCUjAz1w
l8qRhxfcI7HtnROVr0kIIobcb7d6GjQZkhgOrYGCmT60TaBLoMWLNA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-02T09:02:59Z"
mac: ENC[AES256_GCM,data:c5UaVN0pjQ90rW90tN8Ix2ajjMgYPX1i/eEux6n/9oWAsIj7jK7y+lHYWLE6MZ1unjHQMmwy1doz5vhMfuonAJE7z1xDW+FMbZRxfyELzLQp2xSXi+X0IGE9OOyzP7z5Nf2mE4Kkz7xeoI1fXU2I3AlDQ8RsrGfgg72T4CMG9Nc=,iv:1a8Dp/pBDbXIFYU8TPTlYh8kygH7DkFOc6PhdGQW7So=,tag:V0uHwkRAgjiNixugEKXUzw==,type:str]
lastmodified: "2025-11-02T12:57:44Z"
mac: ENC[AES256_GCM,data:1npcpm/DoSEurDvRzdzmqe3WEhR9uzW9pz1tDLIiMVZznwvCnltWslVjUcG8xTSzW9wTdV3yxhjy+DDwy/nj9KyHbsd/zwAddYIsXaF9ob/jn38qtA0S1DLUpqBqL9TS8jjqhnYmRyJD7E8x9KH59S5itzZ647yiz6zutGU2rjU=,iv:slLIW/HPhPcfYo6PxO2rBwUK2BwzdJ4vqtPaecOTP+k=,tag:JoiSK4v+FawrKNltU+4eRw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0