From b57342f53e97f60e94bc691bc8f1d25b8c020750 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 3 Nov 2025 00:59:18 +0100 Subject: [PATCH 1/3] feat: add invidious --- hosts/fw/modules/dnsmasq.nix | 5 +- hosts/fw/modules/web/default.nix | 7 ++- hosts/fw/modules/web/invidious-init-user.nix | 61 +++++++++++++++++++ hosts/fw/modules/web/invidious.nix | 60 ++++++++++++++++++ hosts/fw/modules/web/secrets.yaml | 64 ++++++++++---------- 5 files changed, 161 insertions(+), 36 deletions(-) create mode 100644 hosts/fw/modules/web/invidious-init-user.nix create mode 100644 hosts/fw/modules/web/invidious.nix diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index 5dd311d..feb7942 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -91,8 +91,9 @@ "/omada.cloonar.com/${config.networkPrefix}.97.2" "/web-02.cloonar.com/${config.networkPrefix}.97.5" "/pla.cloonar.com/${config.networkPrefix}.97.5" - "/piped.cloonar.com/${config.networkPrefix}.97.5" - "/pipedapi.cloonar.com/${config.networkPrefix}.97.5" + # "/piped.cloonar.com/${config.networkPrefix}.97.5" # Replaced by Invidious + # "/pipedapi.cloonar.com/${config.networkPrefix}.97.5" # Replaced by Invidious + "/invidious.cloonar.com/${config.networkPrefix}.97.5" "/fivefilters.cloonar.com/${config.networkPrefix}.97.5" "/n8n.cloonar.com/${config.networkPrefix}.97.5" "/home-assistant.cloonar.com/${config.networkPrefix}.97.20" diff --git a/hosts/fw/modules/web/default.nix b/hosts/fw/modules/web/default.nix index dea9281..31e742c 100644 --- a/hosts/fw/modules/web/default.nix +++ b/hosts/fw/modules/web/default.nix @@ -58,11 +58,12 @@ in { # ../../utils/modules/borgbackup.nix ./phpldapadmin.nix - ./zammad.nix ./proxies.nix - ./matrix.nix + # ./matrix.nix ./n8n.nix - ./piped.nix + # ./piped.nix # Replaced by Invidious + ./invidious.nix + ./invidious-init-user.nix ]; networkPrefix = config.networkPrefix; diff --git a/hosts/fw/modules/web/invidious-init-user.nix b/hosts/fw/modules/web/invidious-init-user.nix new file mode 100644 index 0000000..3645183 --- /dev/null +++ b/hosts/fw/modules/web/invidious-init-user.nix @@ -0,0 +1,61 @@ +{ config, pkgs, ... }: + +let + pythonWithBcrypt = pkgs.python3.withPackages (ps: [ ps.bcrypt ]); +in +{ + # Invidious admin user initialization + # Creates the initial admin user directly in the PostgreSQL database + + # Secret for admin user password + sops.secrets."invidious-admin-password" = { + sopsFile = ./secrets.yaml; + }; + + # One-time service to create admin user + systemd.services.invidious-init-admin-user = { + description = "Initialize Invidious admin user"; + after = [ "invidious.service" "postgresql.service" ]; + wants = [ "invidious.service" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "oneshot"; + User = "postgres"; + RemainAfterExit = true; + LoadCredential = [ "admin_password:${config.sops.secrets."invidious-admin-password".path}" ]; + }; + + script = '' + # Wait for Invidious to initialize the database schema + sleep 5 + + # Check if user already exists + USER_EXISTS=$(${pkgs.postgresql}/bin/psql -d invidious -tAc "SELECT COUNT(*) FROM users WHERE email = 'admin@cloonar.com';") + + if [ "$USER_EXISTS" -eq "0" ]; then + echo "Creating admin user..." + + # Read password from credential + PASSWORD=$(cat $CREDENTIALS_DIRECTORY/admin_password) + + # Generate bcrypt hash + HASH=$(${pythonWithBcrypt}/bin/python3 -c "import bcrypt; import sys; print(bcrypt.hashpw('$PASSWORD'.encode(), bcrypt.gensalt(rounds=10)).decode())") + + # Generate random token + TOKEN=$(head -c 32 /dev/urandom | base64 | tr -d '/+=' | head -c 32) + + # Insert user into database + ${pkgs.postgresql}/bin/psql -d invidious <<-SQL + INSERT INTO users (email, password, preferences, updated, notifications, subscriptions, watched, token) + VALUES ('admin@cloonar.com', '$HASH', '{}', NOW(), ARRAY[]::text[], ARRAY[]::text[], ARRAY[]::text[], '$TOKEN') + ON CONFLICT (email) DO NOTHING; + SQL + + echo "Admin user created successfully" + else + echo "Admin user already exists, skipping..." + fi + ''; + }; +} diff --git a/hosts/fw/modules/web/invidious.nix b/hosts/fw/modules/web/invidious.nix new file mode 100644 index 0000000..bef7e9c --- /dev/null +++ b/hosts/fw/modules/web/invidious.nix @@ -0,0 +1,60 @@ +{ config, pkgs, lib, ... }: + +{ + # Invidious - Privacy-focused YouTube frontend + # Replaces Piped with native NixOS service + + # Main Invidious service + services.invidious = { + enable = true; + domain = "invidious.cloonar.com"; + port = 3000; + + # PostgreSQL database configuration + database = { + createLocally = true; + }; + + # Enable nginx reverse proxy with automatic TLS + nginx.enable = true; + + # Signature helper disabled - crashes with current YouTube player patterns + # Re-enable once inv-sig-helper is updated to handle new YouTube obfuscation + # sig-helper = { + # enable = true; + # }; + + # Service settings + settings = { + # Disable registration - admin user created via init script + registration_enabled = false; + + # Disable CAPTCHA (not needed for private instance) + captcha_enabled = false; + + # Database configuration + check_tables = true; + db = { + user = "invidious"; + dbname = "invidious"; + }; + + # Optional: Instance customization + default_home = "Popular"; + feed_menu = [ "Popular" "Trending" "Subscriptions" ]; + }; + }; + + # Override nginx vhost configuration + services.nginx.virtualHosts."invidious.cloonar.com" = { + acmeRoot = null; + }; + + # Firewall configuration for Invidious + # (nginx handles external access on ports 80/443) + + # PostgreSQL backup for Invidious database + services.postgresqlBackup = { + databases = [ "invidious" ]; + }; +} diff --git a/hosts/fw/modules/web/secrets.yaml b/hosts/fw/modules/web/secrets.yaml index 22480ae..06a4e0e 100644 --- a/hosts/fw/modules/web/secrets.yaml +++ b/hosts/fw/modules/web/secrets.yaml @@ -1,51 +1,53 @@ -borg-passphrase: ENC[AES256_GCM,data:Mmm6dr9UTFAsO/xTgQNQZdPsBiP7dcu8AC5fF36lbNHEmjTOpmHmfGWsLn6KvKh/QKeBoYTFanEtl9dhvmLrt/SS2k0=,iv:jU1Vi1OdYa3XyvR7yxq/86rClinBKZOGiLHCnmMWA3E=,tag:64RboQqNlwVjJMHeq6t+0g==,type:str] -borg-ssh-key: ENC[AES256_GCM,data:tiBWsZoedrZWqE0qLjYGnXZxqe7xJE3alYxHrxyAOFSF2s1Rxr0qYwS/CveryzDU1QkoDQ788C1fuLic40UzrJWzCQ7NysYmZPr90/xTwPcVG/PkYSa1+Sj920mHiIal0EmlmLFI+bSaHTSIPMUjCXTpFdM50yeMHVbrbNsthXrCjEedO02TvFbVNhMsoEnL5LsgsVkpGhZ9CLVWmP2+tnawut12rYVyqTsvT854uUxmllcKp6ITA9xpHPLP0W1xzsj996BIB+ROyvZq0ORCTwYWWDzRLBZDWeKbBzNtBFvB6I77gIbqwsU8RZGBL6eO4vMEZ27zJWHGmC+GDGXUci/E0nTTH3BAf1IjdnJxaKnR9skb/1Rv4sucJjufzPJHOrAZbjCADgQHJscNfKS5uNgnlxVW7qGYUqtIFni9rs2FWqwaDAdRA6raAtXvsgB4DhBvDR+ocyurS/87Zvg9P9p1R0PZYUEOVrNYmff4Vd+n76A1s3vro4BwoZOCifTg7jfCoSQSpYDhIPJAFSetFPgk88Tng76hA0SyVc+lZ/Id2iYbvRpzNBF9J52dkZBmx0280FSJBY8ENscE2EkP+5GqdgOw1rjV7pvwe2eBHgcs8TQf8PsdhaCYpwPE8TrTuQt+AUuaYHCAWf/806V9+eGuMn2Pk7GWYQEc16J/iiUYYYaYA88sdZOp5qVWwOdvKZxxvuasXWvvloGtBWhE63zweMwZsB3AiTBojezcyvlVKLY1614FplmXOk62Ve7AKg5ZkqTGX8CFSvW72HlUEBbASApjizfSlpFmEmqtckqk2kAhvM7tPagq+MJ7AQsynOEoaXvbIlva+kiHV3ySNSFNgJd7B700NHeQ4GUacG67RPfpNxS7VnT4/BwiMgPUu49klHA6jnaiojF49i1pMC2fcdVOtgqQ6c12GYwwiX2B+5e/5Z6wqlIXZOI2yjW9FwCHmbCL1VATZU+ySDLDYUsWeRhYx4FVdITlOOOZOArMKOS9y/kIbhS7tgR8daLK6mPcTGud+K+oFnUMXOgGER59nj+Ct0jTFQEhF0lQV1EB4M10+BSEsTRzYZzlGDWiLKvS4OUrEe8AiMaCgqne87y8i7z288mnw8WTPPNTKkNTTDZLCnd70Zgx2jgw2RLQB72gO65AzoI+wntbFh/hL8Dkum396vrzVi8YxYEB1O+4g6R4qqlZzQ1duIv0UhnIu/QG6YEkzn7eg/t7vl40suWDhYv3Hbt4W/1B/QdmTiUmhIExf5xsOoj8p99tqKG62F45lRkQAV6zXhHQeyvqZOqYTjumJJbaXI/UX5es3efXLerkHq37RrmblZiaGIYdyKLGl0GYw53NmW92NGTWLkkcf2ctX8rA/YeppB65KEL6stUOIxpjp8Nl8wrh8VzArJhQqyJVoALJK8lpnHhB82VuOn+XTeSKztBHcCfIA1CUQYl9GOTsgS3CnLolqJVH2BwvC09W/xbRP+eAeRzKn8ewvzh3TlHUGw1gX0zaVbSlwrjkv6Dks3/3JEqLL9SZsBVRqPKsPF1BuAATOlkUEzTY1rHN/Vk4e0suN8VJjMwcyoJ5TW8StS4oda2eO4NHvKVAsf8G5m5jRGaUo6jRy9MMORvUtfi/EAxulvCZaE6bYoDv8iNz34DaS6DrWExhLHX/glT7GRxcy1hpvqpYpb7qh1j+jNnkEGeq1CoqFUT3Tl4qNbcE6Wz+1p0N29q/Lhhh0GSDAmLdjwkozibwupB/OM+DZWAiDCtJDkqgry+JR1A/A8pSM9N/8D875WiERfW5GEuYPawp6vkLGuaxqio6c/E1STpul6UjsiAxcEE1kk3Ai5U0thtIMm3hzOq7j+ON9GDY4xV7F+j2/HeVW7eTq7T/Ek9QWbsEYVo5OHhHxvuXlTFT4sUPg8RvYIQdR+x7hBosGo1pY3arm9gkQBzKGmucQet9WQBk/bgSa9nghzctsfZ54SuSdvyhEUk0DK3eete1MCSLujSHAx885BaQG4mhUyuH2eLNtWyA7huYFnNTRVYd8wQfR7/891qxwHnoGfy57oTbLGG4iZOQWEytayiCGHUICpEcqCWPExXeTVChmZNtf5jUIyfP8nSQdLnhMv+tOaYJ9GWKP5oIouNp9W6/P+SSBjRTj4J05F8szj6CgModAFghIJo9LFQIl/VMPyXpLTw2hKel9Hn6FAiKHN+7s6WsM2YnD/4EVKF230HeGZ8cyyWHV8u65dSsyfhGgQ1/P5yoDNLy1devTkG/Npcyn5ZzAR6lifyDo/qA8ws11b0RlFOsned/8f6KR0J/3qfv4uStL4SRBIhQjtg3d5TnZp6SnN2AQDXNEBdIq+Fm7FDb4wnZWeGUWtbzeSh4Mpdv1JTXYVPU4B28+AvxBT5PxvolyR33kBeIi8lq2LzJK1g/3y3jpozoZS3LKEd1bAmODbKVZT/Piv06Apv8IbuA0ZYOVhdA3TeouWTJqtYVvJCoLdhIezMeYHm7Fe6NYOCtrX5yba/Hchb14nneKpUqgux6TyzQHoa/a5cp56cGGwzwKIeFzPN2RM+MNOL7yrlC+JTFE/hWmoT6D0jXrOEaesHesr/0c6BwcMu2E1BYgBHWwAvZpYicx/MVyHfbCik5J8U55QhydYkHHPdw80cNB58r7BxesDfraWscG+76gYu480tn1JmP7CZ5zm1LJbjYAn/2UoxGHtPILUlP0RBLk9UaMkFGyFmkklVA5gD6HqEGAXeayMPzxgjKU1feQmrgbNdnFthb/nwUGD9PH/+Oufqv0pxjDfsjJnLfdbdDmy69llTrkYF6891kgigA/+zg9D91lteLp7ZrEX6lw7uCevN0XeVEFEEYqV0imBw+zt3/P7zGu0Lw+zRAu4Ia7RuNwdetWeJSBfkyyXHZDVp7kwzPN5slMmoPPyebP6zkqEjFO/mfJSblfx+wCXXStxoSG38nbjmjaUKMK/poRim/lvFBBrFTg1RR869qc7Kw+yiXtoVjOGUMqpUBzeNL9I/T4c5n5sG+LTwWIx8FR+MlkA4+DVZ5jEqMx3Ifkmj1mjpKRNQHiUWJ9EJ8SmbDHaTQMy+bMg7pBMNgI1FZea7woClt/GGYJaBgWTnPp7UpwdmxWBFJSBkoqyfICCGBYK8ZZPT53oKcvgMPRO5Cln+RClwolkkPWJ/XDWL2wLVlOVG77+ddJnGEzNrjFRzTaE5dcUgKyJR46bu0aeI5cbwDx+PpR4hSBvmqKjdjuWf/IyTl5E0KrlMn+aER6PbOUrnriqiiEZYIaoyOyTMi2fBOtntO0uJyPkKQ9Qjo30CyW5S3opZeBfCHbb1TVC6dQ7hI2YVZWKv5QS8sz1WhHSMxmZjnW4LDjbZdiVJ4W58r7E3hw8o/W7qfm5tBkGbcNo1xLXDCIEYDqC25UGNvZCv3yg9kbmuoN1lgeZLE5pSDPg878VwHIOeN9A4oJeou+k1i32EUSQ==,iv:QENf4n4DuSfY75SAeJJXjjHXJGFT4aLkLjdzVg9N27s=,tag:e+5tdTAwkwJMfZ038EXlow==,type:str] -zammad-key-base: ENC[AES256_GCM,data:hJzv99+t/e7QtgxFxh7F/soTQe7V5JgAz3PK6eY/1gm64TyGtTp4HjfDW8LN566OCntl03Wlm0syckvVxl1sUNedbgv+mU1Dt7siGmYG4iB/tWs4QeZ7htNyD4yXmBQWCCdib6BZz7KExlFsmUsHg8VKQUdavbKLXkgmedCZMZc=,iv:BJPfAOaeEp7Mjbylw5umMvvwkMw3GNzWFvG++h0MTwo=,tag:XQ5T7FZASY+6pFjSMtsgWg==,type:str] -dendrite-private-key: ENC[AES256_GCM,data:GpLC2qiSGh9apu5nTdltuK5/rGbUcJFiyJRUsoZvTsiKfaNShiU97ZYvb80MGNgrlj9Mh5guHu9wPgQbJDj4WDFJAPBEbp4KWXj3KdG4xd4/rKMn8EsjAdTznyfYYkzA7xq5GMuNWZtTpj9LoYUOyOZy3RYzyTRANxaWQvXf/1SBymfrJVg+T/w=,iv:g2zMeqsd6fMFi0H8sjKz0NZue1SvNm830DoRY7a8OOA=,tag:ZXkelXJpquKdBcnOPCEt1w==,type:str] -matrix-shared-secret: ENC[AES256_GCM,data:Ve6hhuyFAM4VzJmQt/jBvXvMxC2fluuFfry6IvkmGSV7KtXfN6iSIzBq6eAzDrcKMSN0fjlNn/ZAVVGO,iv:3NNRFYKpzB8JYsDuydVX37oEwnS1dPd58DxAIddz3S4=,tag:ymp6ATRTICosEU6kNjowNw==,type:str] -n8n-env: ENC[AES256_GCM,data:Y/ixe5U/LXpPAHmWWSmL+C4oyh2fprZ4f6zHrMN9ha6lIW4z7gme3NZIWsDu+r2p332ILaaHxn4hB11XgjAQ7w1sdlzdX7WL782OPWbYGSxmPAtUJSDzlpYe76KNJV36BFtko5dLyccuLuVF8/xMjiNYu4p8UtLC9b3Zr9xYG5tkjOi8GmVPAQrPbm8acKcGbBt56xB0atEpidAo9daoF8W4bmwdPobikxXLuuIhIQQnBfoYn47wFoONkgyrwq24DkDkyPj147jjlrbqpjGODmtfiyxjaP+FQ80wumSKWnZi+FGbTndsUfESGnRdNZRPrEOPhLZXznO9CLGMGZEbFtd2DTszuSrCTPUeBGCnmhjk6vzTx+QxGi3yobwYBr8=,iv:EoITvKWYqoF98GP0B5FIcdYO/IYZzEvOM9tyrVsx4WE=,tag:QSYF18LeW3zwHj/8JmfqoQ==,type:str] -n8n-git-key: ENC[AES256_GCM,data:UVEkyhjhhnOd9AxZ2hA0kVvUh9D2SquEg3KXyLc8KdRZLLO72No6/JdcqXFPhvUBowhPiIPGeWTrgVC4f5TZic/R7KNziyyyPZysQa3KYpTWz+E97AJ1RxRgFUTVkA8+STcAAVVgiMVgiMkNnELQFIlRw+uVwzM2ykecLFEJkRTknJzdW4oEyeMAAE3JaOt5WMn8UzjdEmholjWrMK0n1E87GxyTeXggLnEgadAItvQy1n3U5imrY2eY30F+v0Y7wTxyWGN5x/9zP4JZVTPZBd/5Ir3zVVCjeKnjI+6aRdrHZ32s3WoOKLEeVTdBoIHmD1XFgVMgqFONEba/Q41iyKLl+6t04BKsUodR7kxVv68BNLTpNqyoCrTvFvv0APsIHbAO1CxAHGYiTAdMEeFtdCOVYGhTH7yjx9MQ52/By2Wde8uP8q+X4PzzebiEo00si5vhapMe6Kd+O+UJ2iIxH/Zv1Gh2t/wNLCU579zJWZPqwBlX96x4AhVRQwJHTQbpboD+DrEMm3i/TUyxiil+,iv:t+xD/8vYwBj43t8XeCf2aZo6FBT36E0QoiRQX9xlgHQ=,tag:LJKqbXBzdOv/UsMH/mW5Xg==,type:str] -phpldapadmin: ENC[AES256_GCM,data:/6Kat9a6NCy6fE2vBhuwVZf2wfV4D7yqHd6mrjifmnJQZSmIq3jZaHyTYXHCA475Sw/lpWML3msgJQLSrQpPr4tm/4p5n+s8+uiRp45i72FsNBowaZzSL0nWeNqAW7pzMQRsu6/UKE6ozHUnMO4r7e0F/92Xohr4yVVX6moj40uQGYU38r9UBCQZpZpcjLzCEnHkN1cSr/AJu2qVK4OaWhZ/epKb9pG89Ht9LoNet57oRTFlI2byfWbGxafvem6N4U+woyfApOpFy3eYJDmPQ041H4S6uMoyQmaMcnLjEfrXFMhF4wq9qUs=,iv:Gu99QryK+8L0e3vK1Xcu9PsglVsdGYzk6Z6iOuc1Tt8=,tag:EBVItohssCRTy8D1G2HjDA==,type:str] -piped-db-password: ENC[AES256_GCM,data:2b1ZLMGnPgBB/W1VaRROkeNxyF0pBndv577wH0rEiCkgI0yRaCzxUjhGiEY=,iv:Yr/n1eIysGBcJ+0kTXdRgpv1D0yAzL3KNBSzyvqj1Vs=,tag:7VW7RSgYp0oUA3M/ZvRn2g==,type:str] +borg-passphrase: ENC[AES256_GCM,data:CIYxjC7iJU6w1XaardEJFuVWP4WFo0n56fpOiLpMNZDA2o9LYBIcI7BX6LfqvmJjKqTx6ED2t0KQORL6q3HNj/o90Bk=,iv:2HpfWUg343mHBOAr0/UGzB+b81noMzCSNNSSJzDES3w=,tag:9AthB+9VYglL+mBVaDwyNA==,type:str] +borg-ssh-key: ENC[AES256_GCM,data:htfKfhsBSR1E319rx8s+TNLfPw127fgqIXe9kjLxNQ9lb+vbXhrkDOl0xXm1+3MvKtPTJqFHzyBdE6dQTLFEV+XP/CIH86OeUiIsucceUkaX2csmPzPqauB2A15CxpO5r0zPSLp/0rb6p9Hm4+9oOjDTCJrOIsMouj9JZxe1dsD5wphwq1NQYq5G2owU6uQ6FpCg/Uo6KypLHOmTfGbCccfpH8ELyJHQdUpQQDCYYT/Uy/O7H8jB8Tn5/QhcKJzUq2X/sHUc1qPU6yM3ZdDzZ5kmCvFeD08aU14hlte2cqy+qh/Pf1w3/VOwKXhFWVf4yFE9y3zkA/IpeylHCdVDSH7YfhqAOvwLDo+F8ywKS91qtpPExPc0KieNYxdSnf8JXFxbxWfo3p2BC9KvXam9HdhktddfLoNRkS9L4yFqLXfgjRy1SBFdUQ4pbSh6sYTA45SoWlwCRWJd/hN2dShuNNu9EFncobMJh7b0C5gKe72OY8ScwogAiINetXgC5jZqlBBhB62yFyRQ5bbZm3CGbf1tb2QWFr6+lW5eSY8RAYddlbS0cjPF2zcsU6dqMWRIOqDIuH8iZ4UUlOY6Uvj3sl67ut+3nS/O2xr8Ugrf3tVFD2XTQsX22mzlltJmnVkM+AiU1VZpC04u/c5OY2yAZid2zQQ8vo5Y3FQxXuzvID0tHbjsVzs0oZvtMxeMQNnJiPBqdlxIDvWs1bp5HlLVT5EzV+Nll3ki6J4xvyAAg23JOUIVrcKfqrI4J/X5w7iirehomwhEGeJymcVSmziwV7lt5iWEuUySJ0rfG9jlfISzATW6CZ67IbY1IiU8NHhJm5KYbVa5DvI44u74UbT56euzV4xNG+JAyu6cMWEpS0A01GK5IMThiYAnPX8Iymtwn1d6MW9bV/Yqyrhhur7c3N4mBW+4HPM+m4GzHQ2e9NJMUMouM8f4OKu2AmguKLBurKuaXv7Pej/PFa5zCx4ppn8FIwe95d3oXxGCN/UEiEkCmEWPlaokj5d0M5nCkglH107aos/8rAq6/Cc54A91P+awGsrKcHwRYnMsX3yocNc2Peb+e6mqOt+CrAW82u3LvIZLEIQjodvNAAwlcGxbMIp96SH5Z5jXKGO2utgG/9b6httFIRMRtD7BxTJTMTSba8AFfsgJBPUcGAQF+0LymqXzX5vrbuvuqX0aUqKHbvcsmfB5Poywh8mNVpqVORI137LnvjNavW366vaqHp7hjAxRUfEu2CWkvNHbXUhYSAssfGQSHwA8D5Ob0nWoTsaT3gvVzAPXjLJR3B8EJ05JoH9xnKjwkea6jw8plxOA+9E4CT/uDqRrLfypnGSR5wNOq7McYEoG4RiHAfT84E5XXCYODHq17ECUY1yCdLBE4eWKvKgcZGRUUaYY37E2BGc0qSZdzxaVPIMKKEnqIJmWsnpp9aSJiydjKdpIF2jrebxs4JyzHJqx34WzCjpOl0Yvyy8THyH+74aMLIZ4qOd44ImzTG4ZwLUK4H3MdU0ziKEaLeZT8/Z4MRkyWjlhDSgEFdcjHqFyTQ/PhxNzV91KeXmmR1DEqRUSaz2seeMPvcgSkto5j9n4mo7wOjVh8FzVVERHkATE612zA4dtvqlHYVmMxlKpgufb/81Ipg8AHfdiNd4z5mJnE2z6to+m3F9idSaneNu0tm1edgz3WdVMO2JMpEwSIJFPvUIrwNdm4FYj99Ha2Eh6TZibseTl3TvN3KIfdGwqV2B/uojL/dS+MItq4/BnBmdow+ByGfH+XclMUzZanyjoP8En4p3BJppL/ymDMWov75wt0isO7W4IpwEjpPU3xB9MYShyGAbBVyaPWhyXVpzXfb7KVj/S6p9yaCRIWLTBPbnEHkym8/ObNDtbS7y+z9t14VtoQzMVFR36hx3zcL/8jia0c2+08thsn83Bhh5FAPH7wzPqlxVG7Kcl1ZlEL1+6/tlCOA7NBl237Pivf2QMUfMS+vj2NSg9XNeer1WGXSgX+gkpKbCpg6BBMS7hYovU+kiRhFZn13l6ezaynlzVdHN/wh/58ahoDIIPeFEkMb8NmGjMHhcPlQo42x9VDDY/rXMWDaRb36KKL0zSEe+KGj5TG5XK5uSlc1/B7ojWBZ/XCWCn9dE4IV3PHdd8MTiA+Q1LzMgxBHmnJtWRlYTX9zXIg0be3lA/tr5yzFchAg+T2Nclj1mgI8z1MI9DwRLxH+2smQRYCe06kVjOY3hfHWAaOcxN0w/RUp5gMIDpCKusBvf/AwjFlnsFgPRVnCjgRrrQSxA2YDmd1mf62IyZ1rCQmIVhr0l/hXFU8clRR0o/MArKNTsEz7QNKMUM7i9eD6Pk0Y8nT0X67mxHgG4NnBVhhGo3AveQWnV9hpzwcUqNar7/0JN/xBzUdYZA8qCmT3RXm5L7owkEmBxDWmJNfXx+o0V/xTa6K6sle1Y84kuOpuTRRNkCeXr3F2dcvzDCtCCAUxe8gZgX/f6IqkKZGhi9LnHa9vPFOVN0Jkx0RZtyOmBpZq2DEY0J7+fHKmfvMO8r+3YwKnSgpO4cU3xvaUmtzkQ3TLc9EGv+0AANmwzL6DY1VVUTiEz2M78zB+3ZASQzhOabBpwXhN/GfMFyUJwSKtDWdomLznbvGxMR788hUxK6TJ94MGLj6BiBYqxNK6a0XFJerFkcvzd9cbZkIXyJA+k8H8CSsGZnoqhssPNqosje7IAYfZUOvevGhXDKlIdVk7H1Fz+vbrwwD7Unm+KXHMXT/mc/AKUl+d2+Yp+qvaMJM+C3eIh32wMQcN4AF43wWrSRh6s+Vpw1sFYdg9gcdv3JwGo4m50zmLlVw9NMsW+Y0JxhVsHtVf6g9q5PJKHEAs2+MOL6Ilse+Q8/Gh7PzmyboUK+ZWz/2DwfW2NUnX8Yucz3TnldqRvgS/5TY4TpBm1DB9EiXxIplqDOyYU/bBZjusOD90yg1lfgPea7qDtWxHlMxv88W0kX8d661QtlyiI8HKXzp/84VYeNyF1/JRDNmFQccYRnWj9UJrzft2wcM9N+cef+wM/yza93sil/1NfQ3y5/FBCJIoTtthoIUb8VBhHcgFQFQOmIjskVDS6R+meNPpbHGDotgtqHWS58DPjXSuY7V2bvuun74s07dvD3Pqs8kJQuuZq+ODdpr/o7zuBAGc+7JNcGzdZUs224/jsmJZs8Z83Du9/psRYARmVVAUCIKgzEfwSEW04Y1RpdeQCvHPdlwfWWsapiLMpEsaKcaIeM2Hrrbc0Hj2DsGOPrSNcKp+EmHycKzyOnzofL64UH8G1uQiVLWCUnFUm2EJJ2fGUaJA34lmif8gmKxtTDriynu9yHYV9bvX9uymJayy7ecf6HUg8FUuO6Gz/JkaUAptv6Aa+YBkevbPfA+wZJ2no8FDaHbkwr6NEjepd1TeU0E4iDRjYD2rC4GOr6jzfaVYYACN30zJOyaWnR4RiJWNUBhorP+YRcz8FKZg==,iv:1KxCvGS61tQ2iFcV5ya7RIUIB/mAlM2Zd/6plyfAdCs=,tag:zfeyPL4mmwuzhs5cyey77A==,type:str] +zammad-key-base: ENC[AES256_GCM,data:pZN4GGUevyS9LmlZJd3rRXxBL427mNpbbTMLrkz8TV91T5x1aI8I+6SfYy76Iq4CQ+Ffpu5JpnxKdjT5drEA+zKZhdZc8uRiQNn2sPyGKbEtD0l/kxa01crjWsK0pC1EPcL9SO2XasQpIS5bOK4pqZzGXUgDNBNN3DdDzvo4JNw=,iv:WOANiPY/OMAQReqP3HHmB5waXDp+nG2z2txak5Pk1YA=,tag:jP4rs0rv1e7608mr8NRrCg==,type:str] +invidious-hmac-key: ENC[AES256_GCM,data:9B5IrJIPnROcklZXnvjx+FW7k77GPoy7XFYwfA==,iv:Sd21/n777H0I8OY+xcXxShUoEnaeSQYwcZe++hRLb3E=,tag:co9h+A/eE3qldB5IKw9yLw==,type:str] +invidious-admin-password: ENC[AES256_GCM,data:9LOrwqdq7nYAaMrE/U16HZIVpNQiSQQCqW4GsMeupz8rm1FMj0+r7clVQFUPigkMnq7hmsKAwRo2,iv:8UopNqO9tLwR/+PbHcpTUxDUFInaWcT25QxGgpXKHpA=,tag:y8tyFGb5k3s4nPe0CEZMBQ==,type:str] +dendrite-private-key: ENC[AES256_GCM,data:kg7g6T+WKKhkVSECxlsz+5x6IkCmY/0ucDp0p2iBMmHI3lDvQnRG5Pkv0xDs5o+fXbQ4g9XLrK+aHuJcJj2fq1r4FvoKQyVIzhySVd1TvnUBFyMPVpK1ideRuY1Ns/3+Tfm2cGodAKs0NgwahwQ3pXdf7M0vSzP5E/MNMWHzklhnnoBrwNVcGlE=,iv:PokPIme4BsNK1T8vfm7qkV3+9sN6VXGvwzAkSdUNK48=,tag:ctFYjeKMDWEJAe5shHeuow==,type:str] +matrix-shared-secret: ENC[AES256_GCM,data:Na5fHaZBFvU0bDkf5yEHSHaJmMQmp82LR/6jYqff+z/FzSq8ey7Tdn2fIB6U/quIt1lE3hSgi/iZg6Jz,iv:qJuXa5FAslUBGSFnIyRTi5ZlFlL/N1VCs63L+pjlGTw=,tag:XYVPHi/vIYPQTZvrVLYKMA==,type:str] +n8n-env: ENC[AES256_GCM,data:03asZDbl8d832MpcO1YV4FTWNqePGcoYaWdqTeqy48iHnYtYvGaotJEo4fBmd432VobDZ62w7bNecQHr9KzQ4yKeMrVidyA55I0ROnxzuFTX17Q0J1eSiuabPgfvVuLFd6SXdRG6+uRhyIZTEGdKepRmhB2LPCarzUtnw68BdguR0vvVdmGmLVdQco8+Hkt/gSB6O/iHKStrniPLjWbT1dkJETJjc2vPVR/AUNdG0Cio8CaZTISskKJbJqPeZfuksCHfGoT97whthRelOuzQCOHVq/I04ROLsyjCb2hGhuCAofwLJUhB28dDtRH4O5HbMsf4vwJnJdU5XmDrGvCRjEy99iOSMyoztiDfFexOzeZbmxOBLbCe05P+aFlu7vs=,iv:G2jLbMjCBtzwJer8HjhYVWlXoQnj3kjQfuRS+j4aUqg=,tag:KuGMHtRBD+PEPjNlpNXFmw==,type:str] +n8n-git-key: ENC[AES256_GCM,data:0wxucXVYV6rOQ3wqPiuFuzKLDehIPKe992jzJYjne18M9xQv+CnyjS2nNM0ggDV507N66eA7LU3r6nUD5LZLYP9R0S3xBwqkNHQj8LfjdgwJeqUMV2SNTk0Q+KL7BIldz/R7TVitIxceyOvqw+/S63TF77RBmtowvnIGgRo39CTEGIzTQBYVRXoBTICIz5wmLBrqSOLngDPCBlHXshe4qBI7+pn57kSgRnguR8oCP+mVv+EbXNc0j/FSgbShJr+BWm90vVem9UQNI6wKc0iEdq5NOmHErw3dDgeZV9/FySkrXlBU4yexLn6G15KqXTlBcUBpJfR4oc9J7S1jZYhMBIlRgKpsws8eZ6XirRhFMZiPpudHCX5eigHPx6f4eLdyNnrZACSt7MBIs10l3VQrgxLgqApYABdVZxq9i0Ma5LHfM17U7e2zIZ3k6ilOoVeOWf1DVCSQ/tR3zphgY66WBBkw1ZLEPV+tSTIrgIGWk+p+uo/uMUln1AMe7KHF2sY2aTbl91SEj4wKxZyjww1w,iv:FLJzULCC/V/u9fQyvwRDnC4ubyXS6AhREpXyoAaYOkg=,tag:3+ekPn8bq8ZTXHWLjayQeA==,type:str] +phpldapadmin: ENC[AES256_GCM,data:mP+0QPxzBeL0GJ5Gixt/OmzB1PXHwT3KikO97kv6+tpCXjLCUKJ/yvZQ9++BOApOdUAgrJfy4UnXwrzAuPVeBAO/lGljua1SjShMhpb4dwqdWe1fh+TeV3kIdQtKKqMN7wS38LTevoKBmfUq8VMxA8G39DWKpsSjlMJX7l6AE8h4nWmI5pVjfo5d/MxEEcujHvfnDUcKG+4kVbTBxYy2Y474tC+M2lasBbI0h1TNlR0223VXKIdRr0Za6p8WHYdoaExj91xjd25f/3mnGSOSM6aiuoBm+OljATHtpP2hfYyP2KcMLDdxZso=,iv:jqlD+WdQqyfpCt+ZP73dSjq0dxmlTWj5fpIbbYEO9Nk=,tag:7b6AWZCbCa7fB5qQoFDLLA==,type:str] +piped-db-password: ENC[AES256_GCM,data:IJRf7KwLu4TbOBu+wXXKW7/ioScSIjAKomjL3AdOGPlIRSG7Vxmp8Gzik/0=,iv:UwdcDmRad0iPAQ6c8cuVmi1oanXUaLUJG+ko9FmTGus=,tag:f3PImoUccgy9DTvupjw1dQ==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWXVacEMrN1hsaktGMDF4 - UG9xTU4zL2JydzJsb2xmZ3Fmd0NTV0IzcTM0CmVkeDBvbTFYd0ppeTZhVE9mM1N2 - QnpESlkyRE1uU3pBZTAwWURsN0xsNDQKLS0tIEgralhjRWxCMVpJZTN6U0h0QkxQ - bVkwdlBoME95d2FVUUcyck83c0prR2cKk09TB5GSeFSJEosNZOwKo2kCPj+ka/Dg - BzIRnujABAomWkAXqUECAqH3GJfcIIRy0b7m3+gXj77RGic/2so73w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTlFFQnVtL0hzRXRwWFNL + dklNYnlTUjIreFg4L0doZUJ3VSszbFkwMUE0CnlXeTJZTGpRMzh1bDEyVVVOam8w + K0lsT24yc2FLWEI5bUFIZldUVmhkSjgKLS0tIEtLOEsvMlNCWVNBWi9JMGdReE5t + UDJkMGFyTW83SjY0UUdQSnBXSStRRUUKYlNPvlIHZ00PJpzP0UxuszeGTEo6PDOM + qwonnWeGNc/JaIGhKKiVFh2OIOGeoK2JIBhfi0JVwX9iuccwXlKhXQ== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VGZYL1RyMEdlY25hbWM1 - dkQ3K2o1SXJmME16cGtXNkZnS201TjdCczFjCjRUQTFnbXN1NmNOdlFRVW1lTkVa - ckoyMWJFYm1ZL2NGNk9Cb0FWRzlJa3cKLS0tIEI2c0h0ajZmalRodUFiZTI4SUJU - cFcvb09QZHFFK3IxYWh6RytPLys0bE0KzwmDBTy3Xo6gfTlmVvKH5dlZWKeSKlPN - GgPLCQglDRXWE5VpKjKfTjI62zmkCWXkW35N+cGO+rMqMvcRrfReJw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAza1A1dXd0QWs3YTJ3MzYx + Zld0eXF3UDFCTG1NNkRpTnFzWUIvVmYxdlNZCnNJUzlnTWMzUlpsbFhzN0twRi9r + Y1dKSWlzZjloZ2wwU2krLzV5UDlQVVEKLS0tIFoyRnZsaTJLN1pRT1MxRnVQcGFB + dkhLc0tZdHdlMkZiK0FYWVlPWFk1UEEK/Cjr5fa2FB19ERR0pR3JbxO8Y+t2U6Sn + 1ffRHAmy8J3PAyhqMs7iSWJUPkNEIRoGl4KvkS6nzktHDUruNsvb1A== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRaUV2M2tMV0JBbmh2Vzhm - WUpwM0tkSTVLMXBWVDRacHNzVDFZOUZJdFI4ClZwQ0pKM1R5bkhhQUZWaFZpRVZJ - b21iV1ptTk5KVStZRnhYQzB0SGFtUzQKLS0tIHRhMGZURmxqUVZlNExUTVkxSGEw - NWU4amk5WHFJT2JKaFR0SkdPQjQ5cVUKyfQTZUYpxbHS7emkDlVjzR3cEQ5JpMIg - COhJJj+QP4bxKH7OmLkveTsqn/WQAWvrtTVfhVZpCkl+Yb0pPxmndA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjZWpCLzVWWWVSdnZJRXl0 + ZE9FV09XS0lYOWl0bzhIdFFrUXlsZ0EveVRJCmtMMjVRMmNEcWYwOVFERXo4dkFp + V0MyeFA4RG1SMmF6WWxFYjBZVGFtODgKLS0tIFhXazk4cmhjb3F1TGdFZkxURXVU + WEVJd21TRXM3aVJDTDBBeEZ6cGFsRTAKOCVazAk2/3BuRPcGZ0B6pRImfkjHM68o + +Z9TY5Dkr4B6+j69hF0ucyrU1HqCv/lky2tOmHzrwGslg9T3VcYJBw== -----END AGE ENCRYPTED FILE----- - recipient: age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NHNCL0tEcWZoVWorNytq - UnpFZjd2UDFTRUtvaTdmRnkvSVlSVzZzWkF3CkZmV2dyTGFINWlWQ1Z2UVVBaGNM - V1NnU0FoWjdEL0Q1bGdPQUhBbEo3STAKLS0tIE5uOVRtcXZ2RVNEcFMvZHltUlBG - a01mSERFdE1ycW5HeTRxbWdndC9OQU0KiCd29oWbYBmQe+3ERbdhE0g8UCUjAz1w - l8qRhxfcI7HtnROVr0kIIobcb7d6GjQZkhgOrYGCmT60TaBLoMWLNA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArV3E2SEkwWkQwR0NzQ09q + dG9xelVkY1RZaDhhdjM1VUZGZ3NqaDJTaGtFCjFvMzhPdDZFVTBzRVhmbmZPZXJi + TFovUGMzTFJMcG9EWVVVcGEzUUxlWGcKLS0tIHJYMWRtc3Z4MFRLTFB5Z1p0Myty + MmpiUEd2bVRyaUNLVmtobmIvSHZEOVUKJUHIP4cnjz0SX9RkmxOt18booSvpLJe5 + WYWIblgjducfGJaNq43x+7zqMAafoUJ/6C0duIB8zJVvJuvfu8kQ8w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-02T12:57:44Z" - mac: ENC[AES256_GCM,data:1npcpm/DoSEurDvRzdzmqe3WEhR9uzW9pz1tDLIiMVZznwvCnltWslVjUcG8xTSzW9wTdV3yxhjy+DDwy/nj9KyHbsd/zwAddYIsXaF9ob/jn38qtA0S1DLUpqBqL9TS8jjqhnYmRyJD7E8x9KH59S5itzZ647yiz6zutGU2rjU=,iv:slLIW/HPhPcfYo6PxO2rBwUK2BwzdJ4vqtPaecOTP+k=,tag:JoiSK4v+FawrKNltU+4eRw==,type:str] + lastmodified: "2025-11-02T22:03:28Z" + mac: ENC[AES256_GCM,data:ufqECg3Ssl43hl9ahr8peqMIn1dRhjlq7FxNVJAmC1yIMy6WXoSCYAnAdgxcB+x8J9FXKdyXY38ivvJI9MVRSdSZ6E8C7Wtsex8E/HR8vkAlIHdN9HKfZ8R8X6JvEfx83uSWx5wkHmF+OsXu+bCPF8eloAxWErS5cQY/fTUQiaE=,iv:h53QCaqcAN6N5/6tE4Iu1FQdR5W+/lJmqetfkma844U=,tag:Hab61Kq9cGfCwbqLZkx8vg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 63dad8c62634a1ad107b4165b56cb9c80c261f5e Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 3 Nov 2025 01:38:16 +0100 Subject: [PATCH 2/3] fix: invidious password --- hosts/fw/modules/web/invidious-init-user.nix | 7 ++- hosts/fw/modules/web/secrets.yaml | 66 ++++++++++---------- hosts/web-arm/modules/blackbox-exporter.nix | 1 + 3 files changed, 39 insertions(+), 35 deletions(-) diff --git a/hosts/fw/modules/web/invidious-init-user.nix b/hosts/fw/modules/web/invidious-init-user.nix index 3645183..69a5e45 100644 --- a/hosts/fw/modules/web/invidious-init-user.nix +++ b/hosts/fw/modules/web/invidious-init-user.nix @@ -36,8 +36,11 @@ in if [ "$USER_EXISTS" -eq "0" ]; then echo "Creating admin user..." - # Read password from credential - PASSWORD=$(cat $CREDENTIALS_DIRECTORY/admin_password) + # Read password from credential and trim whitespace + PASSWORD=$(cat $CREDENTIALS_DIRECTORY/admin_password | tr -d '\n\r') + + # Truncate to 55 characters (Invidious password limit) + PASSWORD="''${PASSWORD:0:55}" # Generate bcrypt hash HASH=$(${pythonWithBcrypt}/bin/python3 -c "import bcrypt; import sys; print(bcrypt.hashpw('$PASSWORD'.encode(), bcrypt.gensalt(rounds=10)).decode())") diff --git a/hosts/fw/modules/web/secrets.yaml b/hosts/fw/modules/web/secrets.yaml index 06a4e0e..b4ed1cc 100644 --- a/hosts/fw/modules/web/secrets.yaml +++ b/hosts/fw/modules/web/secrets.yaml @@ -1,53 +1,53 @@ -borg-passphrase: ENC[AES256_GCM,data:CIYxjC7iJU6w1XaardEJFuVWP4WFo0n56fpOiLpMNZDA2o9LYBIcI7BX6LfqvmJjKqTx6ED2t0KQORL6q3HNj/o90Bk=,iv:2HpfWUg343mHBOAr0/UGzB+b81noMzCSNNSSJzDES3w=,tag:9AthB+9VYglL+mBVaDwyNA==,type:str] -borg-ssh-key: ENC[AES256_GCM,data:htfKfhsBSR1E319rx8s+TNLfPw127fgqIXe9kjLxNQ9lb+vbXhrkDOl0xXm1+3MvKtPTJqFHzyBdE6dQTLFEV+XP/CIH86OeUiIsucceUkaX2csmPzPqauB2A15CxpO5r0zPSLp/0rb6p9Hm4+9oOjDTCJrOIsMouj9JZxe1dsD5wphwq1NQYq5G2owU6uQ6FpCg/Uo6KypLHOmTfGbCccfpH8ELyJHQdUpQQDCYYT/Uy/O7H8jB8Tn5/QhcKJzUq2X/sHUc1qPU6yM3ZdDzZ5kmCvFeD08aU14hlte2cqy+qh/Pf1w3/VOwKXhFWVf4yFE9y3zkA/IpeylHCdVDSH7YfhqAOvwLDo+F8ywKS91qtpPExPc0KieNYxdSnf8JXFxbxWfo3p2BC9KvXam9HdhktddfLoNRkS9L4yFqLXfgjRy1SBFdUQ4pbSh6sYTA45SoWlwCRWJd/hN2dShuNNu9EFncobMJh7b0C5gKe72OY8ScwogAiINetXgC5jZqlBBhB62yFyRQ5bbZm3CGbf1tb2QWFr6+lW5eSY8RAYddlbS0cjPF2zcsU6dqMWRIOqDIuH8iZ4UUlOY6Uvj3sl67ut+3nS/O2xr8Ugrf3tVFD2XTQsX22mzlltJmnVkM+AiU1VZpC04u/c5OY2yAZid2zQQ8vo5Y3FQxXuzvID0tHbjsVzs0oZvtMxeMQNnJiPBqdlxIDvWs1bp5HlLVT5EzV+Nll3ki6J4xvyAAg23JOUIVrcKfqrI4J/X5w7iirehomwhEGeJymcVSmziwV7lt5iWEuUySJ0rfG9jlfISzATW6CZ67IbY1IiU8NHhJm5KYbVa5DvI44u74UbT56euzV4xNG+JAyu6cMWEpS0A01GK5IMThiYAnPX8Iymtwn1d6MW9bV/Yqyrhhur7c3N4mBW+4HPM+m4GzHQ2e9NJMUMouM8f4OKu2AmguKLBurKuaXv7Pej/PFa5zCx4ppn8FIwe95d3oXxGCN/UEiEkCmEWPlaokj5d0M5nCkglH107aos/8rAq6/Cc54A91P+awGsrKcHwRYnMsX3yocNc2Peb+e6mqOt+CrAW82u3LvIZLEIQjodvNAAwlcGxbMIp96SH5Z5jXKGO2utgG/9b6httFIRMRtD7BxTJTMTSba8AFfsgJBPUcGAQF+0LymqXzX5vrbuvuqX0aUqKHbvcsmfB5Poywh8mNVpqVORI137LnvjNavW366vaqHp7hjAxRUfEu2CWkvNHbXUhYSAssfGQSHwA8D5Ob0nWoTsaT3gvVzAPXjLJR3B8EJ05JoH9xnKjwkea6jw8plxOA+9E4CT/uDqRrLfypnGSR5wNOq7McYEoG4RiHAfT84E5XXCYODHq17ECUY1yCdLBE4eWKvKgcZGRUUaYY37E2BGc0qSZdzxaVPIMKKEnqIJmWsnpp9aSJiydjKdpIF2jrebxs4JyzHJqx34WzCjpOl0Yvyy8THyH+74aMLIZ4qOd44ImzTG4ZwLUK4H3MdU0ziKEaLeZT8/Z4MRkyWjlhDSgEFdcjHqFyTQ/PhxNzV91KeXmmR1DEqRUSaz2seeMPvcgSkto5j9n4mo7wOjVh8FzVVERHkATE612zA4dtvqlHYVmMxlKpgufb/81Ipg8AHfdiNd4z5mJnE2z6to+m3F9idSaneNu0tm1edgz3WdVMO2JMpEwSIJFPvUIrwNdm4FYj99Ha2Eh6TZibseTl3TvN3KIfdGwqV2B/uojL/dS+MItq4/BnBmdow+ByGfH+XclMUzZanyjoP8En4p3BJppL/ymDMWov75wt0isO7W4IpwEjpPU3xB9MYShyGAbBVyaPWhyXVpzXfb7KVj/S6p9yaCRIWLTBPbnEHkym8/ObNDtbS7y+z9t14VtoQzMVFR36hx3zcL/8jia0c2+08thsn83Bhh5FAPH7wzPqlxVG7Kcl1ZlEL1+6/tlCOA7NBl237Pivf2QMUfMS+vj2NSg9XNeer1WGXSgX+gkpKbCpg6BBMS7hYovU+kiRhFZn13l6ezaynlzVdHN/wh/58ahoDIIPeFEkMb8NmGjMHhcPlQo42x9VDDY/rXMWDaRb36KKL0zSEe+KGj5TG5XK5uSlc1/B7ojWBZ/XCWCn9dE4IV3PHdd8MTiA+Q1LzMgxBHmnJtWRlYTX9zXIg0be3lA/tr5yzFchAg+T2Nclj1mgI8z1MI9DwRLxH+2smQRYCe06kVjOY3hfHWAaOcxN0w/RUp5gMIDpCKusBvf/AwjFlnsFgPRVnCjgRrrQSxA2YDmd1mf62IyZ1rCQmIVhr0l/hXFU8clRR0o/MArKNTsEz7QNKMUM7i9eD6Pk0Y8nT0X67mxHgG4NnBVhhGo3AveQWnV9hpzwcUqNar7/0JN/xBzUdYZA8qCmT3RXm5L7owkEmBxDWmJNfXx+o0V/xTa6K6sle1Y84kuOpuTRRNkCeXr3F2dcvzDCtCCAUxe8gZgX/f6IqkKZGhi9LnHa9vPFOVN0Jkx0RZtyOmBpZq2DEY0J7+fHKmfvMO8r+3YwKnSgpO4cU3xvaUmtzkQ3TLc9EGv+0AANmwzL6DY1VVUTiEz2M78zB+3ZASQzhOabBpwXhN/GfMFyUJwSKtDWdomLznbvGxMR788hUxK6TJ94MGLj6BiBYqxNK6a0XFJerFkcvzd9cbZkIXyJA+k8H8CSsGZnoqhssPNqosje7IAYfZUOvevGhXDKlIdVk7H1Fz+vbrwwD7Unm+KXHMXT/mc/AKUl+d2+Yp+qvaMJM+C3eIh32wMQcN4AF43wWrSRh6s+Vpw1sFYdg9gcdv3JwGo4m50zmLlVw9NMsW+Y0JxhVsHtVf6g9q5PJKHEAs2+MOL6Ilse+Q8/Gh7PzmyboUK+ZWz/2DwfW2NUnX8Yucz3TnldqRvgS/5TY4TpBm1DB9EiXxIplqDOyYU/bBZjusOD90yg1lfgPea7qDtWxHlMxv88W0kX8d661QtlyiI8HKXzp/84VYeNyF1/JRDNmFQccYRnWj9UJrzft2wcM9N+cef+wM/yza93sil/1NfQ3y5/FBCJIoTtthoIUb8VBhHcgFQFQOmIjskVDS6R+meNPpbHGDotgtqHWS58DPjXSuY7V2bvuun74s07dvD3Pqs8kJQuuZq+ODdpr/o7zuBAGc+7JNcGzdZUs224/jsmJZs8Z83Du9/psRYARmVVAUCIKgzEfwSEW04Y1RpdeQCvHPdlwfWWsapiLMpEsaKcaIeM2Hrrbc0Hj2DsGOPrSNcKp+EmHycKzyOnzofL64UH8G1uQiVLWCUnFUm2EJJ2fGUaJA34lmif8gmKxtTDriynu9yHYV9bvX9uymJayy7ecf6HUg8FUuO6Gz/JkaUAptv6Aa+YBkevbPfA+wZJ2no8FDaHbkwr6NEjepd1TeU0E4iDRjYD2rC4GOr6jzfaVYYACN30zJOyaWnR4RiJWNUBhorP+YRcz8FKZg==,iv:1KxCvGS61tQ2iFcV5ya7RIUIB/mAlM2Zd/6plyfAdCs=,tag:zfeyPL4mmwuzhs5cyey77A==,type:str] -zammad-key-base: ENC[AES256_GCM,data:pZN4GGUevyS9LmlZJd3rRXxBL427mNpbbTMLrkz8TV91T5x1aI8I+6SfYy76Iq4CQ+Ffpu5JpnxKdjT5drEA+zKZhdZc8uRiQNn2sPyGKbEtD0l/kxa01crjWsK0pC1EPcL9SO2XasQpIS5bOK4pqZzGXUgDNBNN3DdDzvo4JNw=,iv:WOANiPY/OMAQReqP3HHmB5waXDp+nG2z2txak5Pk1YA=,tag:jP4rs0rv1e7608mr8NRrCg==,type:str] -invidious-hmac-key: ENC[AES256_GCM,data:9B5IrJIPnROcklZXnvjx+FW7k77GPoy7XFYwfA==,iv:Sd21/n777H0I8OY+xcXxShUoEnaeSQYwcZe++hRLb3E=,tag:co9h+A/eE3qldB5IKw9yLw==,type:str] -invidious-admin-password: ENC[AES256_GCM,data:9LOrwqdq7nYAaMrE/U16HZIVpNQiSQQCqW4GsMeupz8rm1FMj0+r7clVQFUPigkMnq7hmsKAwRo2,iv:8UopNqO9tLwR/+PbHcpTUxDUFInaWcT25QxGgpXKHpA=,tag:y8tyFGb5k3s4nPe0CEZMBQ==,type:str] -dendrite-private-key: ENC[AES256_GCM,data:kg7g6T+WKKhkVSECxlsz+5x6IkCmY/0ucDp0p2iBMmHI3lDvQnRG5Pkv0xDs5o+fXbQ4g9XLrK+aHuJcJj2fq1r4FvoKQyVIzhySVd1TvnUBFyMPVpK1ideRuY1Ns/3+Tfm2cGodAKs0NgwahwQ3pXdf7M0vSzP5E/MNMWHzklhnnoBrwNVcGlE=,iv:PokPIme4BsNK1T8vfm7qkV3+9sN6VXGvwzAkSdUNK48=,tag:ctFYjeKMDWEJAe5shHeuow==,type:str] -matrix-shared-secret: ENC[AES256_GCM,data:Na5fHaZBFvU0bDkf5yEHSHaJmMQmp82LR/6jYqff+z/FzSq8ey7Tdn2fIB6U/quIt1lE3hSgi/iZg6Jz,iv:qJuXa5FAslUBGSFnIyRTi5ZlFlL/N1VCs63L+pjlGTw=,tag:XYVPHi/vIYPQTZvrVLYKMA==,type:str] -n8n-env: ENC[AES256_GCM,data:03asZDbl8d832MpcO1YV4FTWNqePGcoYaWdqTeqy48iHnYtYvGaotJEo4fBmd432VobDZ62w7bNecQHr9KzQ4yKeMrVidyA55I0ROnxzuFTX17Q0J1eSiuabPgfvVuLFd6SXdRG6+uRhyIZTEGdKepRmhB2LPCarzUtnw68BdguR0vvVdmGmLVdQco8+Hkt/gSB6O/iHKStrniPLjWbT1dkJETJjc2vPVR/AUNdG0Cio8CaZTISskKJbJqPeZfuksCHfGoT97whthRelOuzQCOHVq/I04ROLsyjCb2hGhuCAofwLJUhB28dDtRH4O5HbMsf4vwJnJdU5XmDrGvCRjEy99iOSMyoztiDfFexOzeZbmxOBLbCe05P+aFlu7vs=,iv:G2jLbMjCBtzwJer8HjhYVWlXoQnj3kjQfuRS+j4aUqg=,tag:KuGMHtRBD+PEPjNlpNXFmw==,type:str] -n8n-git-key: ENC[AES256_GCM,data:0wxucXVYV6rOQ3wqPiuFuzKLDehIPKe992jzJYjne18M9xQv+CnyjS2nNM0ggDV507N66eA7LU3r6nUD5LZLYP9R0S3xBwqkNHQj8LfjdgwJeqUMV2SNTk0Q+KL7BIldz/R7TVitIxceyOvqw+/S63TF77RBmtowvnIGgRo39CTEGIzTQBYVRXoBTICIz5wmLBrqSOLngDPCBlHXshe4qBI7+pn57kSgRnguR8oCP+mVv+EbXNc0j/FSgbShJr+BWm90vVem9UQNI6wKc0iEdq5NOmHErw3dDgeZV9/FySkrXlBU4yexLn6G15KqXTlBcUBpJfR4oc9J7S1jZYhMBIlRgKpsws8eZ6XirRhFMZiPpudHCX5eigHPx6f4eLdyNnrZACSt7MBIs10l3VQrgxLgqApYABdVZxq9i0Ma5LHfM17U7e2zIZ3k6ilOoVeOWf1DVCSQ/tR3zphgY66WBBkw1ZLEPV+tSTIrgIGWk+p+uo/uMUln1AMe7KHF2sY2aTbl91SEj4wKxZyjww1w,iv:FLJzULCC/V/u9fQyvwRDnC4ubyXS6AhREpXyoAaYOkg=,tag:3+ekPn8bq8ZTXHWLjayQeA==,type:str] -phpldapadmin: ENC[AES256_GCM,data:mP+0QPxzBeL0GJ5Gixt/OmzB1PXHwT3KikO97kv6+tpCXjLCUKJ/yvZQ9++BOApOdUAgrJfy4UnXwrzAuPVeBAO/lGljua1SjShMhpb4dwqdWe1fh+TeV3kIdQtKKqMN7wS38LTevoKBmfUq8VMxA8G39DWKpsSjlMJX7l6AE8h4nWmI5pVjfo5d/MxEEcujHvfnDUcKG+4kVbTBxYy2Y474tC+M2lasBbI0h1TNlR0223VXKIdRr0Za6p8WHYdoaExj91xjd25f/3mnGSOSM6aiuoBm+OljATHtpP2hfYyP2KcMLDdxZso=,iv:jqlD+WdQqyfpCt+ZP73dSjq0dxmlTWj5fpIbbYEO9Nk=,tag:7b6AWZCbCa7fB5qQoFDLLA==,type:str] -piped-db-password: ENC[AES256_GCM,data:IJRf7KwLu4TbOBu+wXXKW7/ioScSIjAKomjL3AdOGPlIRSG7Vxmp8Gzik/0=,iv:UwdcDmRad0iPAQ6c8cuVmi1oanXUaLUJG+ko9FmTGus=,tag:f3PImoUccgy9DTvupjw1dQ==,type:str] +borg-passphrase: ENC[AES256_GCM,data:8ufR69AT0KDYCyjlDM8ZteiCaOs9GgTY0GutQIb4zZqGaXmLl8+ZKZfPdISz7s12INIJzQS73Am4L4DSmLt8/Gz0v/Q=,iv:yHE6eSX7E18SthxEpsIsuw3Mab65UvQPSNEDsjQGaGo=,tag:YYC8r9Ci/Ozu+6tqseFn/Q==,type:str] +borg-ssh-key: ENC[AES256_GCM,data:9YstInAqRioQKUm2AQD1Lm8NNuyjYxfdnbGu8K8wGIaUjNPfQxFe3afv1CndWWzSs0KVZnuV8pja2+F5PwpEvvlEYIV+pdXCcUGTE9VnhmHHcQVrf9bDMgt/yca1bWBmiUJJZnn9SSO1ncUtjWWY0k/thSLylKPhAg6fo94snx8Mo89A9b1xBZfsVTBqi2cgYWZ6VGPmCVcOVv2G89m8qttj8bY1QWFXryGFHiONXwWKLafN0UNmn3++r4h+Dgdm1NX7FNRawt2CbbJ+aXuPNqtPcHJgEL43DA6LQwSK4MB57rh7iUeURBYAfC/HoHnngfPJLl8GHbAZaKlmS4vc/hJW3Or5JpJZIMR6taimYX7kklJys5kHgDoPjUqGucdPh+6d/cVTxFPaBGvIBFStljtgah3IlDyLuHO5bRKjOfZ5qSZpyCg3TZw7+cVN5RHCaIEp8AKlgIKdHTvSsWfXQsnbJ+e3gFe6P+MXC0VARFeRnT4q6ssUTj1hX7X4erwtER9fYD+ogCiDXW981GdJLssWGIy6cIg0F3JP5uOFKmnS/GnmGAyQY3Ukae3b2R3tJiABDjQ4trkBQ0b6KjH85F/KjSAVW43Wx1kO0rUGYdo/RhVVj+8DP3ECnrh2s6CpPT29/kpCSuA7C7bGkiGnDroFt4PbyveqsqlqAR9GQzz0c0u0zowxUZjeTgb76NsFfSSReTmDQ2qZbEBiW6FHe34s+lPZO3wtW6j/Z7aAf1F+EW3uvMqB7Jh9+sbDjarvGgXni5ApQzP+n7T7TOhgDbxU8mql7fb8v6ZGLv4OtQDvpoFAthe0JKY/REN5AQFL4f4oQi+GFVVEh1hZW9zssXZOWHJzlL3jljTTljZFFVBGWOk2livnf/IKs7uV5FWWBRx6MCw3wE/L4Vs3zSIBl6tTDeGOZsRnlGdCGAxIqLkUaM7OGMidyoMYHJbaxyfeLgsY6GJ1pOKIfK1bBYlHibrlq+DARZZTU2G/bdlWZZPsIMpXDo05GgSjMFRWbkL2TBWBLWO+1eaP2tkejZZWaS2Bdv70Zqa+vbJI3vGJN/f2a/kw111sVzhdKHX+F6rDmCuCZBTrxsnmXZIBRW/Kz17OL607zuCHi3s7ruA38WGufnzxacQP+V2qADvkmXtlFB8FkbLxd0RAAKUX+wAQDehN3PWItmdqBakZVXKIOa3Y9sye/tDOUdpMmHqtW9zsHkj+5sL2Zvls9XPzWrwTpR4PL7Vwl84VdeGJqmh+Mpo1wld4/IXX1egBPVABK+h+1A7aD/DKTkcawFDSs6K3o9HWvPZnCSgXhxdoFAQt2bqj9NCxs6ONNc4dQps7hGKMjcjE9UBtacUdlT9twiiGzqoUhqcCJLBqn0hrgt5hg5OQP4vNoNAZJUcZ3LbHBaZcthnSkXAuWVhnuY8gxuBVpZrVq60XQgTeV6ZQHtGBhBc7YYOqfGkudQLQyrysmvaDRoNVbKxE8TqnQfMrvsBBdT3t8iKM/+jZjZ64tMoUXz3O8qWCpChB/mMVB3zEROZptmbCh4foOQuEC4n1/dwWdSFHSNoBjzaApI3CyqQ6taxGM4owuV37RgzAarG4FeUSjSknzGkZUzLynL+3pTtcVKdR+Z7S5leHITZRp1YmLKr8+CTwixDYveSJd0uhy9GITOKS18JHqJPxyP6qrOvopnl+Nm1Oh/eum7hl3KvCHPzn0XT3vgoEzjae3Qct974ACblNMEcY2KTVNMB9ecEkexC/ZoDnacu/VpZx5uVqPpMgdRn59IjutrXPCt48HiEswbKA32kL361/wXKPLuLQ75qbxeNpoBIK95hEIB5SYL47Nz4a7mOTOkBFX6zBoeG1DdPh2jC64pIa7TCg2hk/B9sBg9YdTFp54ngtODSTYoG6tlSEycyR3972KLrpOYFQDMBwh93itxAzr9cHkw+XdHeK86wQXbhAtR6ruerYdbnBNilckFC9VrYQK6TwOJSWzyQMP9EJ4DL3oskh46oodHF/p2OedTd5o/JfI6ctXFFwJPBpQK/k1r8hXRvuSNQHsiey1Urpw1qWMB3l8KyZ7O2rvmr2kRu/QIh/pF4Dlgd0LfYr3MO+0xV7XcIESexZzi/eMdkaVvKeGXjJUmNJhxt6l50Xz6hWJWXFvdfddI9Th6LTUiMHavvMZZNDd8J4+ZD1x4Gk3cEflUiLTiHGPZnKcCbIf4Zra7CNds1VU3+N8jdaB8qjCE/Wdf0A0gcNBbT8hF/4Ypym/iV76NytrNbgF6+1NtH0GQd4+27HLPhnK0QSNkl/tl6UojJh+jy6pVo92GyTY+NEUpfECGfMKcH7OjmkKf8kJXLIzweDRrM6nEXmuEQfN7Zkf1hR/sM38OtMnAw09exZ9OG+uoFG4F0e/myraQaut9nUXGWEdxr+LA4X+ZlJmp0DboURJKrT9jgiy5Kzn++dTXQpeuMpxn0kLMMjzfumS7GdMhj8tpibyku7WeQ61Y7D01cqtzTpHsECiTLhEe3g98RcfH1Zq8DvAKLUnkIXiI0ooo3a3hKBd2m8/tyWijoVLIWhpRUl5ac/DJVwmeEItepKChsQX0ELC4VKAgzuY/a9RyZ0Qd1JUJL0w1aFs4db08ID1cZsq6frY6W/xJGExpZQR2+yzuDeGAPW1rvql8W+I4O97UO4Y4YxiBGgeXbh0ve0lUgm9mORQw+R0hRvcNkvHJC2FC6A/qp4N59OGPNkb2NCBmI/By/iIyFmP+zQKP1X+yktHX+Alez41R68lAlDrGp+5yFEViZTLnnoJoe5AsZBuyz7ij4OIaat8+6TLmeF4hbmiL3rPMAjVKfnumSZoANcPf9gi3hJ3ltKy5jfDUw3+CyVTj9YixPLRTRJjDGgOPWqhKy9UclmAA+wHq+s2D/geEmGmhvuWDw6TrJ9EqrrDNWdd7s4YRe+9C5dgxasP2NtWo5HR0wf+F3SqXyIb9zaj4aalr5Rm7p0fH7GN0Gs7aowoyKfrka6+qe+kXChKT4j+ogyUkn7+pMRnPFdh+652yfle9BADQlbRUssf/a79EUaBDvty1YXrU2BdqKCPR4OxCzyU7/Jfvn7tCPPnPjnLkwMRARwn347dK9T2+7ry8Ik1ezGrKMmGl3+uLcJ1BsNK2nCDZe07mkvRTdq/WI2iS5UGzSurp0nxVe95YzFjOwTy71yDxS5A2tI+/dVynU+McapmJqhBOpPinV8yhVyyAVQSS33iNk0xUhUw8s/MLan1XKjEIra1xgjTpKQWYIMvsza9mwbp8q0rbJv39dgC0L/mZVHbx417BE2HYHrxv3fCwdttuOUOKMZff03v0D1OyKD9X4/bjKPcEfmg3PhL2m004DDkuCpZ4wPZRCSIZ/1qHHk1KVrtnMvplm17tFI654b36TGUf4Ry8zC4iVOYPSpn+WQD+dl02FvfmDkks4TGIVfeav+9h3K14cJEFZKWkiKmELp35a8Yw==,iv:q8vIXAvmoYkvBHItDTiu0e9lUVpxKB0fNhWt2p3x8KU=,tag:m3S47WxDYVCFWxn2HuRN4w==,type:str] +zammad-key-base: ENC[AES256_GCM,data:rf9yUAaVRLIGapSBa9dWywPbQxOLNNuwB9H2L2eDZ7Hod6YzoOnX2kJmmRN3Q/VoFX4cN1HRBYHnhhaTFSphIlqWt3RMIv29vZAgSBGKqg3l1DAQPiCrXMslQCt1E3BFYMyvfKefscBI14F4C2UDSsyrfUBoEys9hMSU4nsKIXc=,iv:kLJniOc4GwuiOKniS5H2FX89+V2ymN5RClE7hlMKg0s=,tag:+p1dlhgzIMkfOaOvv2gc1w==,type:str] +invidious-hmac-key: ENC[AES256_GCM,data:6ycC0op/xwFcS07gYupToc4eBpi0+lah1Npv9A==,iv:P8I1rQaaQKM86ykdnp7nR0wVYPV5I2qSe644aqSNews=,tag:L3wD75bTOGxI/aDUpQn86g==,type:str] +invidious-admin-password: ENC[AES256_GCM,data:nLpb78d3lVb7RkVJQxE+e6kDYvA5+HkvVa0ITaTyBb8+Zap1I6fV9NGohfjrGTPTGg==,iv:0Rsw6kB0pDenltJo65ZVSVq8xvAn6HGsg+X0S5cSRJc=,tag:tGDuhCt8Wtc1ZjVZqhrDFA==,type:str] +dendrite-private-key: ENC[AES256_GCM,data:I7JRujo8/XeF8zCz6GwOqjqzW/b9ve/+FGiB7GfwRtBF33zAMBoE0kHJNvypvi4sLAB7W+BOiZvSeNU+qTuNlK9poviSbpEoMb8GQH9qL1OBW8gWqc/23h89NVxG/FPNE6eQiERwIcld7jGXuIjnCPu3tSSzrutTMgdgiTiwuMVAO9f0gcnLGWU=,iv:SchQxe8Z/vRzzDSKOJ/IHY+414vZNAyZm26/lhefpuM=,tag:RQpEnlDUuR7dK9Z4xBce+w==,type:str] +matrix-shared-secret: ENC[AES256_GCM,data:jpgIio7iGrQ8KN5CAgssi2Vufv1CTh74ObOKfwGNAD+odIt+M9fu5LAiByP11tX9X8G3GgNP1zCGSThj,iv:KlAdTN3+3aFlUNbZtHasDfw0Q4D8pIPyxbnkNXuhERw=,tag:otAuKehS/+fMG37lKtqO4w==,type:str] +n8n-env: ENC[AES256_GCM,data:rKaT9yHFXNNZk2zPPUgcaKWSwL1t8IwsACQYN9nA6uCwZryLgknW9jz57ZQ/YRxHmhARd9ucMZk0uPaHad1Iyf/XZwgUkYsYJYVtL/DU3rb4gRwdU4nvGIKTJH/LdcFMePFd48q3AuZDNXusCd6Haf54XkpJtqKJS8PYv3wbrH+1noTsKf8u4EbBaAwPofdwsFrS6jANbDY+7sf4N5Gvjn9PjaxZza1C5gqqT5Qz3chIBdbAEO8/OY6PZJ/uHtbTcCgxGFZNwzZjIlZdXGbAmzDqOFU+XnESZeW7f1T2OMTBRPdi87AdCvV4mCJVyKi0Sm7oyZKpeUnRwn98xajiEsNpkjzo0gt49w0Hs+EMB08Okg2IXFbCMPFkYX2xCSc=,iv:17jSsSMtLwBmslRN02gz5AXuRonmeA57eCr916h1g9g=,tag:sKyp0ROPB7vliyTwpl8XYQ==,type:str] +n8n-git-key: ENC[AES256_GCM,data:VUuK35Anwgwh29lGPeBdvKusIlt6Vh96i5aMy+/LVQAGtlrqmFQwK0EmLkMGqMWx924ZpuOlEo5qDriXyvzuue3SBaMlJnSeSETT3UBpDoy+cX+K+KUx5Y8q78l6mD8+uXIZIGqNz3ZQ2HUNtwvcAwlM8jWCpCPvR+e6D3XA51sMICLOMIZjORqE7qqtJpbPiRXrKS7/HL9nR5JcHwx5ukssMUL0iTbHZ9O/AxLW1U/QBFSGluCF0mu2UnvuScCpm05qmLU9COjgDayIh7RHGCDXgTRjol8Kt1pV/bj4WK9h7Nj9kl1sCEhmLn4MMB7CpORfqVY1LX3v10BdDc4o+KQUdRYdKLwWOk7RNbeDzuw1P3hRcwGzcIRusv/xKViEaJv4ju78UuHHU9RoSFxxJP9EqT7VP2hn9F3bhfAZ7DUVXfEqD5bxDwJQOiyLxePuk/JImS3FweAih7/KbPLIqkVuqjcVqH+XUduVmOQks3ZflwskL0C8elJST3zEXEPd8b3Bv0XQD0jMZPFQ+PKg,iv:ZWTWbe4MI8fItYRjxCszBLtLGp1jhO0PrSOmLxfnpok=,tag:C2MxSRYNIEhn06ucRqZkQQ==,type:str] +phpldapadmin: ENC[AES256_GCM,data:7WSqMdRm6gtndh3LhLQ7H+e32uOwGQLNr3xAVWa3Zsrs4gD6r5QSaqxGJQjwILU/gt3xj8SerDNEQKDOKBooIVm2Oa12tBo/4WAMmJB3rqasmoPuW76wEEaVzPFAV9kxy1inCzcGPnUJlKaxGkF+GNTntiQ6Q/yCkQJHbsPO1j5J7PD18tL7Zm7a3mxp3p1B1uVVPDwKPh/+rguzY33avwjld+MhaBtdrjSv4suRkCsMkJP1YPEP0m3wThd/bVz18x4bF9OkGjiz1qkVbifgKcgW+lY6igLvpC0+u2DkXqNE0pxIlvMdRZM=,iv:id2nNign8ocz+F+e2mU2cL65HIhEPnR6Em6hfzti3PY=,tag:bOyRB4CWxanHVU2pD8xtag==,type:str] +piped-db-password: ENC[AES256_GCM,data:U6rBTl31hUiuwk9iUtxZ4Gyh1XtloLcDUpXhrfgam7ctwIsHSJLa5knt2LI=,iv:ZfcUmgglfiMmBJz+vzgh8QJ8tGkKbmXWR2ukKlByG0c=,tag:XOSRlBK57WvN6plpZbZr1A==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTlFFQnVtL0hzRXRwWFNL - dklNYnlTUjIreFg4L0doZUJ3VSszbFkwMUE0CnlXeTJZTGpRMzh1bDEyVVVOam8w - K0lsT24yc2FLWEI5bUFIZldUVmhkSjgKLS0tIEtLOEsvMlNCWVNBWi9JMGdReE5t - UDJkMGFyTW83SjY0UUdQSnBXSStRRUUKYlNPvlIHZ00PJpzP0UxuszeGTEo6PDOM - qwonnWeGNc/JaIGhKKiVFh2OIOGeoK2JIBhfi0JVwX9iuccwXlKhXQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bUR0Q3U1ZldrejRSTE5z + dU1IeThPYTZPTWVFTXBrOUo4ckJrZlVac0cwCkJ1ODcxRGdzbG0xMFI1ZlhSNWoz + aERRcHRMRXNyYVZOcGxJVzA0UGNHeW8KLS0tIG0vUkJVYk9MeWI3cXRUaEQyTUlD + bm4xUWxYaDNoMWRZNmhBeDJCQWgva28KTI0NIhKKwAl+5ERTtd+Uv4Vrc61rQXv8 + OpuwORiKD2hC+eYmdTTbzdRozRmuhW1ZV+jQsAag5a5QMJ1J/4cQvw== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAza1A1dXd0QWs3YTJ3MzYx - Zld0eXF3UDFCTG1NNkRpTnFzWUIvVmYxdlNZCnNJUzlnTWMzUlpsbFhzN0twRi9r - Y1dKSWlzZjloZ2wwU2krLzV5UDlQVVEKLS0tIFoyRnZsaTJLN1pRT1MxRnVQcGFB - dkhLc0tZdHdlMkZiK0FYWVlPWFk1UEEK/Cjr5fa2FB19ERR0pR3JbxO8Y+t2U6Sn - 1ffRHAmy8J3PAyhqMs7iSWJUPkNEIRoGl4KvkS6nzktHDUruNsvb1A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3RDlsR3RQcWZNSnlBRkx3 + YTFRQ1Z6VytGd3MrdXM1L1BwZ2xIWHdYWFJ3CnFSczJTelh1NitldDhubEZmMngz + bUhnOEQ1a3dNZmxKTlhRWVRKbFMyZGMKLS0tIDFja2psQnJmOG95RWpkL0RkeSta + clAvTnR3TWJaTXRqNFM3RnhyMnEzcWsKp4iGnlaGqF81vTCtr7QHfT0TF+zeT2fG + Xp/fgcUvubAvLWkaLxymF+8DXSZEipKy/M3sikiYEXBUP9WKdL92NA== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjZWpCLzVWWWVSdnZJRXl0 - ZE9FV09XS0lYOWl0bzhIdFFrUXlsZ0EveVRJCmtMMjVRMmNEcWYwOVFERXo4dkFp - V0MyeFA4RG1SMmF6WWxFYjBZVGFtODgKLS0tIFhXazk4cmhjb3F1TGdFZkxURXVU - WEVJd21TRXM3aVJDTDBBeEZ6cGFsRTAKOCVazAk2/3BuRPcGZ0B6pRImfkjHM68o - +Z9TY5Dkr4B6+j69hF0ucyrU1HqCv/lky2tOmHzrwGslg9T3VcYJBw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSUI5MHJSajB0MjJUNHhZ + L3BLN09aMjRxQTh6Q3MxaktzcGJGSDlVZVRZCloxRW1yWlYwd0hGRVFYNzdidnF2 + U0EwMnhyY21mT0Z4eUc4Q2VHMmxCTk0KLS0tIFdVeDlVZzB4OWlXY0hBVUJyUnNq + U1g1MXRhTlYyTktTOTRhSVN3V1kya0kKTTxtLGwaTsZ2QhZbYeE777Fj3FJJPmbo + obE8R5CGiHT+1qrR9TqA/UKWwd7zWNruHQT3O8qhjbWKyurmqUxlqw== -----END AGE ENCRYPTED FILE----- - recipient: age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArV3E2SEkwWkQwR0NzQ09q - dG9xelVkY1RZaDhhdjM1VUZGZ3NqaDJTaGtFCjFvMzhPdDZFVTBzRVhmbmZPZXJi - TFovUGMzTFJMcG9EWVVVcGEzUUxlWGcKLS0tIHJYMWRtc3Z4MFRLTFB5Z1p0Myty - MmpiUEd2bVRyaUNLVmtobmIvSHZEOVUKJUHIP4cnjz0SX9RkmxOt18booSvpLJe5 - WYWIblgjducfGJaNq43x+7zqMAafoUJ/6C0duIB8zJVvJuvfu8kQ8w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHK0JsQ3d1MWt0a1pjVHNT + dE52K2IrTyswbTMyYiszbjBvZExvcGNNUGs4CjB2Z0p3WUEyOHU2UFloNHRIcVVa + OExQN1p0UzRJaEtMMFhZWjhPZWhOclUKLS0tIGZDb0pTYnZ2ek02S3c1OXhBVjZ1 + dE9JSGJKd0JKQVE4eXN2UWh5WHVUc2MKWjLJFNm7Ithf1qEOMBb6pxRp91dR1MzP + 0En9N1BxtK/LP66OVWTl6c7rnmx/domdt5YRQusXuWDL3yg05hEfqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-02T22:03:28Z" - mac: ENC[AES256_GCM,data:ufqECg3Ssl43hl9ahr8peqMIn1dRhjlq7FxNVJAmC1yIMy6WXoSCYAnAdgxcB+x8J9FXKdyXY38ivvJI9MVRSdSZ6E8C7Wtsex8E/HR8vkAlIHdN9HKfZ8R8X6JvEfx83uSWx5wkHmF+OsXu+bCPF8eloAxWErS5cQY/fTUQiaE=,iv:h53QCaqcAN6N5/6tE4Iu1FQdR5W+/lJmqetfkma844U=,tag:Hab61Kq9cGfCwbqLZkx8vg==,type:str] + lastmodified: "2025-11-03T00:25:45Z" + mac: ENC[AES256_GCM,data:pJPxZS3FIXyQuo65ya4osPZCGz09fpQ4FDzl2rVj95Xg5nWokEqFh9HJdp8YgWTa71PsxJEZSguYtpORrTNtn/yp1/GhdzZgf8gZhzl0TZhna/Yc6anrOJpdLE0RICBDUJC78heeWJe9QWguiDu5y+WHn+q8khHG2dyvOOUza68=,iv:Of8DcXBhBxDtEi+tFVYFVy5g3RpgJ2mykAvTsLtL19c=,tag:o4IkNmzHS/qhrMBXt2PMbw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/hosts/web-arm/modules/blackbox-exporter.nix b/hosts/web-arm/modules/blackbox-exporter.nix index 6ba61c9..5513105 100644 --- a/hosts/web-arm/modules/blackbox-exporter.nix +++ b/hosts/web-arm/modules/blackbox-exporter.nix @@ -32,6 +32,7 @@ in { "victoria-server.cloonar.com" "updns.cloonar.com" "feeds.jordanrannells.com" + "invidious.cloonar.com" ]; }; # Systemd service for Blackbox Exporter From 709a24366a79790fe2e6c68189339bf939f3efa8 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 3 Nov 2025 12:12:14 +0100 Subject: [PATCH 3/3] fix: piped --- hosts/fw/modules/dnsmasq.nix | 4 +- hosts/fw/modules/web/default.nix | 6 +-- hosts/fw/modules/web/invidious.nix | 41 ++++++++++++++++++++- hosts/fw/modules/web/piped.nix | 31 +++++++++++++--- hosts/web-arm/modules/blackbox-exporter.nix | 2 + 5 files changed, 72 insertions(+), 12 deletions(-) diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index feb7942..70d5ef9 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -91,8 +91,8 @@ "/omada.cloonar.com/${config.networkPrefix}.97.2" "/web-02.cloonar.com/${config.networkPrefix}.97.5" "/pla.cloonar.com/${config.networkPrefix}.97.5" - # "/piped.cloonar.com/${config.networkPrefix}.97.5" # Replaced by Invidious - # "/pipedapi.cloonar.com/${config.networkPrefix}.97.5" # Replaced by Invidious + "/piped.cloonar.com/${config.networkPrefix}.97.5" # Replaced by Invidious + "/pipedapi.cloonar.com/${config.networkPrefix}.97.5" # Replaced by Invidious "/invidious.cloonar.com/${config.networkPrefix}.97.5" "/fivefilters.cloonar.com/${config.networkPrefix}.97.5" "/n8n.cloonar.com/${config.networkPrefix}.97.5" diff --git a/hosts/fw/modules/web/default.nix b/hosts/fw/modules/web/default.nix index 31e742c..de51256 100644 --- a/hosts/fw/modules/web/default.nix +++ b/hosts/fw/modules/web/default.nix @@ -61,9 +61,9 @@ in { ./proxies.nix # ./matrix.nix ./n8n.nix - # ./piped.nix # Replaced by Invidious - ./invidious.nix - ./invidious-init-user.nix + ./piped.nix # Replaced by Invidious + # ./invidious.nix + # ./invidious-init-user.nix ]; networkPrefix = config.networkPrefix; diff --git a/hosts/fw/modules/web/invidious.nix b/hosts/fw/modules/web/invidious.nix index bef7e9c..72b7114 100644 --- a/hosts/fw/modules/web/invidious.nix +++ b/hosts/fw/modules/web/invidious.nix @@ -18,8 +18,11 @@ # Enable nginx reverse proxy with automatic TLS nginx.enable = true; - # Signature helper disabled - crashes with current YouTube player patterns - # Re-enable once inv-sig-helper is updated to handle new YouTube obfuscation + # Enable http3-ytproxy for video/image proxying + # Handles /videoplayback, /vi/, /ggpht/, /sb/ paths + http3-ytproxy.enable = true; + + # Signature helper - crashes with current YouTube player format # sig-helper = { # enable = true; # }; @@ -42,12 +45,46 @@ # Optional: Instance customization default_home = "Popular"; feed_menu = [ "Popular" "Trending" "Subscriptions" ]; + + # YouTube compatibility settings + use_quic = true; + force_resolve = "ipv4"; }; }; # Override nginx vhost configuration services.nginx.virtualHosts."invidious.cloonar.com" = { acmeRoot = null; + + # Complete http3-ytproxy configuration with proper headers and buffering + # This overrides the minimal config from the NixOS module + locations."~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/)" = { + proxyPass = "http://unix:/run/http3-ytproxy/socket/http-proxy.sock"; + extraConfig = '' + # Enable buffering for large video files + proxy_buffering on; + proxy_buffers 1024 16k; + proxy_buffer_size 128k; + proxy_busy_buffers_size 256k; + + # Use HTTP/1.1 with keepalive for better performance + proxy_http_version 1.1; + proxy_set_header Connection ""; + + # Hide headers that might cause issues + proxy_hide_header Cache-Control; + proxy_hide_header etag; + proxy_hide_header "alt-svc"; + + # Optimize for large file transfers + sendfile on; + sendfile_max_chunk 512k; + tcp_nopush on; + + # Disable access logging for video traffic + access_log off; + ''; + }; }; # Firewall configuration for Invidious diff --git a/hosts/fw/modules/web/piped.nix b/hosts/fw/modules/web/piped.nix index 146579b..b35f9f8 100644 --- a/hosts/fw/modules/web/piped.nix +++ b/hosts/fw/modules/web/piped.nix @@ -19,7 +19,7 @@ let backendConfig = pkgs.writeText "config.properties" '' # Database configuration # 10.88.0.1 is the default Podman bridge gateway IP - hibernate.connection.url=jdbc:postgresql://10.88.0.1:5432/${dbName} + hibernate.connection.url=jdbc:postgresql://10.89.0.1:5432/${dbName} hibernate.connection.driver_class=org.postgresql.Driver hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect hibernate.connection.username=${dbUser} @@ -126,7 +126,8 @@ in services.postgresqlBackup.databases = [ dbName ]; # Allow Podman containers to connect to PostgreSQL - networking.firewall.interfaces."podman0".allowedTCPPorts = [ 5432 ]; + networking.firewall.interfaces."podman1".allowedTCPPorts = [ 5432 ]; + networking.firewall.interfaces."podman1".allowedUDPPorts = [ 53 5432 ]; # Setup database password (runs before containers start) systemd.services.piped-db-init = { @@ -170,6 +171,25 @@ in # Use Podman for OCI containers virtualisation.oci-containers.backend = "podman"; + # Create Piped network for container-to-container communication + systemd.services.init-piped-network = { + description = "Create Podman network for Piped services"; + wantedBy = [ "multi-user.target" ]; + before = [ + "podman-piped-backend.service" + "podman-piped-bg-helper.service" + "podman-piped-proxy.service" + ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + ${pkgs.podman}/bin/podman network exists piped-net || \ + ${pkgs.podman}/bin/podman network create --interface-name=podman1 --subnet=10.89.0.0/24 piped-net + ''; + }; + # Piped Backend Podman container (using custom image with iOS compatibility fixes) virtualisation.oci-containers.containers.piped-backend = { image = "git.cloonar.com/infrastructure/piped-backend:latest"; @@ -179,8 +199,8 @@ in ]; extraOptions = [ "--pull=newer" - # Using default bridge network - connects to PostgreSQL via 10.88.0.1 - # Also connects to bg-helper via container name resolution + "--network=podman" # Default bridge for PostgreSQL access at 10.88.0.1 + "--network=piped-net" # Custom network for DNS resolution to bg-helper ]; }; @@ -196,7 +216,7 @@ in ports = [ "127.0.0.1:${toString bgHelperPort}:3000" ]; extraOptions = [ "--pull=newer" - # Using default bridge network - accessible by backend via container name + "--network=piped-net" ]; }; @@ -209,6 +229,7 @@ in }; extraOptions = [ "--pull=newer" + "--network=piped-net" ]; }; diff --git a/hosts/web-arm/modules/blackbox-exporter.nix b/hosts/web-arm/modules/blackbox-exporter.nix index 5513105..b9741ea 100644 --- a/hosts/web-arm/modules/blackbox-exporter.nix +++ b/hosts/web-arm/modules/blackbox-exporter.nix @@ -33,6 +33,8 @@ in { "updns.cloonar.com" "feeds.jordanrannells.com" "invidious.cloonar.com" + "piped.cloonar.com" + "pipedapi.cloonar.com" ]; }; # Systemd service for Blackbox Exporter