diff --git a/fleet.nix b/fleet.nix index e8a8ab5..2084c8b 100644 --- a/fleet.nix +++ b/fleet.nix @@ -51,6 +51,10 @@ username = "nas"; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICS6b97LPUpr7/kWvOcI40s5e+gfbfz0I2/hAPL6zTmU"; } + { + username = "dev"; + key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICS6b97LPUpr7/kWvOcI40s5e+gfbfz0I2/hAPL6zTmU"; + } { username = "amzebs-01"; diff --git a/hosts/amzebs-01/configuration.nix b/hosts/amzebs-01/configuration.nix index 700cc30..1485f94 100644 --- a/hosts/amzebs-01/configuration.nix +++ b/hosts/amzebs-01/configuration.nix @@ -60,6 +60,9 @@ }; }; + # Systemd services to monitor + services.victoriametrics.monitoredServices = [ "mysql" "nginx" "phpfpm-.*" ]; + # backups - adjust repo for this host borgbackup.repo = "u149513-sub10@u149513-sub10.your-backup.de:borg"; diff --git a/hosts/dev/channel b/hosts/dev/channel new file mode 100644 index 0000000..57f31e7 --- /dev/null +++ b/hosts/dev/channel @@ -0,0 +1 @@ +https://channels.nixos.org/nixos-25.11 diff --git a/hosts/dev/configuration.nix b/hosts/dev/configuration.nix new file mode 100644 index 0000000..7fcc526 --- /dev/null +++ b/hosts/dev/configuration.nix @@ -0,0 +1,112 @@ +{ config, lib, pkgs, ... }: + +let + projectsDir = "projects"; # Relative to /home/dominik + + repositories = [ + { url = "gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git"; path = "cloonar/wohnservice-wien"; } + # Add repos here: { url = "git@..."; path = "relative/path"; } + ]; + + cloneScript = pkgs.writeShellScript "clone-repos" '' + set -eu + export PATH="${pkgs.openssh}/bin:$PATH" + export GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh" + HOME_DIR="/home/dominik" + PROJECTS_DIR="$HOME_DIR/${projectsDir}" + + mkdir -p "$PROJECTS_DIR" + chown dominik:users "$PROJECTS_DIR" + + ${lib.concatMapStrings (repo: '' + if [ ! -d "$PROJECTS_DIR/${repo.path}" ]; then + ${pkgs.sudo}/bin/sudo -u dominik -E ${pkgs.git}/bin/git clone ${repo.url} "$PROJECTS_DIR/${repo.path}" || true + fi + '') repositories} + ''; +in +{ + imports = [ + ./modules/dev-tools.nix + ]; + + networking.hostName = "dev"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 80 443 ]; + }; + system.stateVersion = "22.05"; + time.timeZone = "Europe/Vienna"; + + # User configuration + users.users.dominik = { + isNormalUser = true; + uid = 1000; + home = "/home/dominik"; + extraGroups = [ "wheel" "docker" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" + ]; + }; + users.groups.users = {}; + + services.openssh.enable = true; + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + + # Welcome message with Claude Code reminder + users.motd = '' + Welcome to dev + + Claude Code: claude or cr (resume last session) + ''; + + # Short alias for resuming Claude sessions + programs.zsh.shellAliases = { + cr = "claude --resume"; + }; + + # Passwordless sudo for dominik + security.sudo.extraRules = [{ + users = [ "dominik" ]; + commands = [{ + command = "ALL"; + options = [ "NOPASSWD" ]; + }]; + }]; + + # Clone repos as dominik user on boot + systemd.services.clone-repos = { + description = "Clone configured git repositories"; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = cloneScript; + RemainAfterExit = true; + }; + }; + + # Create ddev global config to bind on all interfaces (allows access from other devices) + systemd.services.ddev-config = { + description = "Create ddev global config"; + after = [ "local-fs.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + User = "dominik"; + Group = "users"; + }; + script = '' + mkdir -p /home/dominik/.ddev + if [ ! -f /home/dominik/.ddev/global_config.yaml ]; then + cat > /home/dominik/.ddev/global_config.yaml << 'EOF' +router_bind_all_interfaces: true +EOF + fi + ''; + }; +} diff --git a/hosts/dev/modules/dev-tools.nix b/hosts/dev/modules/dev-tools.nix new file mode 100644 index 0000000..fb3fc2e --- /dev/null +++ b/hosts/dev/modules/dev-tools.nix @@ -0,0 +1,53 @@ +{ pkgs, ... }: +{ + nixpkgs.overlays = [ + (import ../utils/overlays/packages.nix) + ]; + + environment.systemPackages = with pkgs; [ + # Development tools + ddev + docker-compose + git + git-lfs + mkcert + screen + + # PHP + php + + # Node.js + nodejs_22 + + # AI coding + claude-code + + # Utilities + jq + unzip + vim + wget + curl + htop + ]; + + # Persistent SSH sessions with tmux + programs.tmux = { + enable = true; + clock24 = true; + historyLimit = 50000; + terminal = "screen-256color"; + extraConfig = '' + # Enable mouse support + set -g mouse on + + # Start windows and panes at 1, not 0 + set -g base-index 1 + setw -g pane-base-index 1 + ''; + }; + + # Docker for ddev + virtualisation.docker.enable = true; + users.users.dominik.extraGroups = [ "docker" ]; +} diff --git a/hosts/dev/utils b/hosts/dev/utils new file mode 120000 index 0000000..6b18391 --- /dev/null +++ b/hosts/dev/utils @@ -0,0 +1 @@ +../../utils \ No newline at end of file diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index e3f8115..5e29c0d 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -32,17 +32,19 @@ # microvm ./modules/microvm.nix - ./modules/gitea-vm.nix + ./modules/forgejo-runner.nix + ./modules/dev-microvm.nix # ./modules/vscode-server.nix # Add VS Code Server microvm ./modules/ai-mailer.nix # ./modules/wazuh.nix + ./modules/moltbot.nix # web ./modules/web # git - ./modules/gitea.nix + ./modules/forgejo.nix # ./modules/fwmetrics.nix # ha customers @@ -76,6 +78,9 @@ networkPrefix = "10.42"; + # Systemd services to monitor + services.victoriametrics.monitoredServices = [ "ai-mailer" "container@forgejo" "microvm@fj-runner-" ]; + nixpkgs.overlays = [ (import ./utils/overlays/packages.nix) ]; @@ -88,6 +93,7 @@ "mongodb" "ai-mailer" "filebot" + "claude-code" ]; # Intel N100 Graphics Support for hardware transcoding diff --git a/hosts/fw/dev b/hosts/fw/dev new file mode 120000 index 0000000..009de10 --- /dev/null +++ b/hosts/fw/dev @@ -0,0 +1 @@ +../dev \ No newline at end of file diff --git a/hosts/fw/modules/ddclient.nix b/hosts/fw/modules/ddclient.nix index 8217224..4df533c 100644 --- a/hosts/fw/modules/ddclient.nix +++ b/hosts/fw/modules/ddclient.nix @@ -2,20 +2,26 @@ { services.ddclient = { enable = true; - usev4 = "if, if=wan"; + usev4 = "ifv4, ifv4=wan"; + usev6 = "disabled"; protocol = "hetzner"; # server = "https://dns.hetzner.com/api/v1/"; username = "dominik.polakovics@cloonar.com"; passwordFile = config.sops.secrets.ddclient.path; zone = "cloonar.com"; domains = [ - "fw.cloonar.com" - "vpn.cloonar.com" - "git.cloonar.com" - "palworld.cloonar.com" - "matrix.cloonar.com" + "audiobooks.cloonar.com" "element.cloonar.com" - "tinder.cloonar.com" + "foundry-vtt.cloonar.com" + "foundry-ha.cloonar.com" + "fw.cloonar.com" + "git.cloonar.com" + "jellyfin.cloonar.com" + "matrix.cloonar.com" + "palworld.cloonar.com" + "support.cloonar.com" + "sync.cloonar.com" + "vpn.cloonar.com" ]; }; diff --git a/hosts/fw/modules/dev-microvm.nix b/hosts/fw/modules/dev-microvm.nix new file mode 100644 index 0000000..56c49a7 --- /dev/null +++ b/hosts/fw/modules/dev-microvm.nix @@ -0,0 +1,73 @@ +{ lib, pkgs, config, ... }: +let + hostname = "dev"; +in +{ + # Create persist directories on the host + # UID 1000 = dominik user inside the microvm + systemd.tmpfiles.rules = [ + "d /var/lib/microvm-persist 0755 root root -" + "d /var/lib/microvm-persist/dev 0755 root root -" + "d /var/lib/microvm-persist/dev/home 0755 root root -" + "d /var/lib/microvm-persist/dev/home/dominik 0700 1000 100 -" + ]; + + microvm.vms.dev = { + # Use host's pkgs which already has overlays applied + inherit pkgs; + + config = { + imports = [ + ../dev/configuration.nix + ./network-prefix.nix + ]; + + networkPrefix = config.networkPrefix; + + microvm = { + mem = 4096; + vcpu = 2; + + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + { + source = "/var/lib/microvm-persist/dev"; + mountPoint = "/persist"; + tag = "persist"; + proto = "virtiofs"; + } + { + source = "/var/lib/microvm-persist/dev/home"; + mountPoint = "/home"; + tag = "home"; + proto = "virtiofs"; + } + ]; + + volumes = [{ + image = "rootfs.img"; + mountPoint = "/"; + size = 51200; + }]; + + interfaces = [{ + type = "tap"; + id = "vm-${hostname}"; + mac = "02:00:00:00:02:01"; + }]; + }; + + systemd.network.networks."10-lan" = { + matchConfig.PermanentMACAddress = "02:00:00:00:02:01"; + address = [ "${config.networkPrefix}.97.15/24" ]; + gateway = [ "${config.networkPrefix}.97.1" ]; + dns = [ "${config.networkPrefix}.97.1" ]; + }; + }; + }; +} diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index d2884e3..9e16d42 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -97,11 +97,13 @@ "/invidious.cloonar.com/${config.networkPrefix}.97.5" "/fivefilters.cloonar.com/${config.networkPrefix}.97.5" "/n8n.cloonar.com/${config.networkPrefix}.97.5" + "/dev.cloonar.com/${config.networkPrefix}.97.15" + "/.ddev.site/${config.networkPrefix}.97.15" # Wildcard for ddev projects "/home-assistant.cloonar.com/${config.networkPrefix}.97.20" "/mopidy.cloonar.com/${config.networkPrefix}.97.21" "/snapcast.cloonar.com/${config.networkPrefix}.97.21" "/lms.cloonar.com/${config.networkPrefix}.97.21" - "/git.cloonar.com/${config.networkPrefix}.97.50" + "/git.cloonar.com/${config.networkPrefix}.97.55" "/feeds.cloonar.com/188.34.191.144" "/nukibridge1a753f72.cloonar.smart/${config.networkPrefix}.100.112" "/allywatch.cloonar.com/${config.networkPrefix}.97.5" @@ -137,6 +139,8 @@ # multimedia "/dl.cloonar.com/${config.networkPrefix}.97.5" "/jellyfin.cloonar.com/${config.networkPrefix}.97.5" + "/audiobooks.cloonar.com/${config.networkPrefix}.97.5" + "/moltbot.cloonar.com/${config.networkPrefix}.97.5" "/deconz.cloonar.multimedia/${config.networkPrefix}.97.22" diff --git a/hosts/fw/modules/firewall.nix b/hosts/fw/modules/firewall.nix index 22bc6a1..c876e13 100644 --- a/hosts/fw/modules/firewall.nix +++ b/hosts/fw/modules/firewall.nix @@ -118,7 +118,7 @@ iifname "smart" oifname "server" ip daddr ${config.networkPrefix}.97.20/32 tcp dport { 1883 } counter accept # Forward to git server - oifname "server" ip daddr ${config.networkPrefix}.97.50 tcp dport { 22 } counter accept + oifname "server" ip daddr ${config.networkPrefix}.97.55 tcp dport { 22 } counter accept oifname "server" ip daddr ${config.networkPrefix}.97.5 tcp dport { 80, 443 } counter accept # lan and vpn to any @@ -167,7 +167,7 @@ chain prerouting { type nat hook prerouting priority filter; policy accept; iifname "server" ip daddr ${config.networkPrefix}.96.255 udp dport { 9 } dnat to ${config.networkPrefix}.96.255 - iifname "wan" tcp dport { 22 } dnat to ${config.networkPrefix}.97.50 + iifname "wan" tcp dport { 22 } dnat to ${config.networkPrefix}.97.55 iifname "wan" tcp dport { 80, 443 } dnat to ${config.networkPrefix}.97.5 iifname "wan" tcp dport { 5000 } dnat to ${config.networkPrefix}.97.51 iifname { "wan", "lan" } udp dport { 7777, 7778, 27015 } dnat to ${config.networkPrefix}.97.201 diff --git a/hosts/fw/modules/forgejo-runner.nix b/hosts/fw/modules/forgejo-runner.nix new file mode 100644 index 0000000..c8f93f8 --- /dev/null +++ b/hosts/fw/modules/forgejo-runner.nix @@ -0,0 +1,87 @@ +{ config, lib, pkgs, ... }: let + # Short names to fit Linux interface name limit (15 chars for vm-fj-runner-1) + runners = ["fj-runner-1" "fj-runner-2"]; + # Offset by 5 to avoid conflicts with Gitea runners (01-02) + runnerOffset = 5; +in { + microvm.vms = lib.mapAttrs (runner: idx: { + config = { + microvm = { + mem = 8096; + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + { + source = "/run/secrets"; + mountPoint = "/run/secrets"; + tag = "ro-token"; + proto = "virtiofs"; + } + ]; + volumes = [ + { + image = "rootfs.img"; + mountPoint = "/"; + size = 51200; + } + ]; + interfaces = [ + { + type = "tap"; + id = "vm-${runner}"; + mac = "02:00:00:00:00:0${toString (idx + runnerOffset)}"; + } + ]; + }; + + systemd.network.networks."10-lan" = { + matchConfig.PermanentMACAddress = "02:00:00:00:00:0${toString (idx + runnerOffset)}"; + address = [ "${config.networkPrefix}.97.5${toString (idx + runnerOffset)}/24" ]; + gateway = [ "${config.networkPrefix}.97.1" ]; + dns = [ "${config.networkPrefix}.97.1" ]; + }; + + networking.hostName = runner; + + virtualisation.podman.enable = true; + + services.gitea-actions-runner.instances.${runner} = { + enable = true; + url = "https://git.cloonar.com"; + name = runner; + tokenFile = "/run/secrets/forgejo-runner-token"; + labels = [ + "ubuntu-latest:docker://git.cloonar.com/infrastructure/gitea-runner:1.0.0" + ]; + settings = { + container = { + network = "podman"; + }; + cache = { + enabled = true; + host = "${config.networkPrefix}.97.5${toString (idx + runnerOffset)}"; + port = 8088; + }; + }; + }; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + ]; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 8088 ]; + }; + + system.stateVersion = "22.05"; + }; + }) (lib.listToAttrs (lib.lists.imap1 (i: v: { name=v; value=i; }) runners)); + + sops.secrets.forgejo-runner-token = {}; +} diff --git a/hosts/fw/modules/forgejo.nix b/hosts/fw/modules/forgejo.nix new file mode 100644 index 0000000..afb4cd1 --- /dev/null +++ b/hosts/fw/modules/forgejo.nix @@ -0,0 +1,149 @@ +{ config, pkgs, ... }: +let + cids = import ../modules/staticids.nix; + domain = "git.cloonar.com"; + networkPrefix = config.networkPrefix; + + user = { + isSystemUser = true; + uid = cids.uids.forgejo; + group = "forgejo"; + home = "/var/lib/forgejo"; + createHome = true; + }; + group = { + gid = cids.gids.forgejo; + }; +in +{ + users.users.forgejo = user; + users.groups.forgejo = group; + + security.acme.certs."git.cloonar.com" = { + group = "nginx"; + }; + + containers.forgejo = { + autoStart = true; + ephemeral = false; # because of ssh key + privateNetwork = true; + hostBridge = "server"; + hostAddress = "${networkPrefix}.97.1"; + localAddress = "${networkPrefix}.97.55/24"; # Different from gitea's .50 + bindMounts = { + "/var/lib/forgejo" = { + hostPath = "/var/lib/forgejo/"; + isReadOnly = false; + }; + "/var/lib/acme/forgejo/" = { + hostPath = config.security.acme.certs.${domain}.directory; + isReadOnly = true; + }; + "/run/secrets/forgejo-mailer-password" = { + hostPath = config.sops.secrets.forgejo-mailer-password.path; + }; + }; + config = { lib, config, pkgs, ... }: { + imports = [ + ../fleet.nix + ../modules/cloonar-assistant-config-server.nix + ]; + + environment.systemPackages = with pkgs; [ + vim # my preferred editor + ]; + + networking = { + hostName = "forgejo"; + useHostResolvConf = false; + defaultGateway = { + address = "${networkPrefix}.96.1"; + interface = "eth0"; + }; + firewall.enable = false; + nameservers = [ "${networkPrefix}.97.1" ]; + }; + + services.nginx.enable = true; + services.nginx.virtualHosts."${domain}" = { + sslCertificate = "/var/lib/acme/forgejo/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/forgejo/key.pem"; + sslTrustedCertificate = "/var/lib/acme/forgejo/chain.pem"; + forceSSL = true; + extraConfig = '' + client_max_body_size 2048M; + ''; + locations."/" = { + proxyPass = "http://localhost:3001/"; + }; + }; + + services.forgejo = { + enable = true; + stateDir = "/var/lib/forgejo"; + settings = { + DEFAULT = { + APP_NAME = "Cloonar Forgejo server"; + }; + server = { + ROOT_URL = "https://${domain}/"; + HTTP_PORT = 3001; + DOMAIN = domain; + }; + repository = { + DEFAULT_BRANCH = "main"; + }; + openid = { + ENABLE_OPENID_SIGNIN = false; + ENABLE_OPENID_SIGNUP = true; + WHITELISTED_URIS = "auth.cloonar.com"; + }; + service = { + DISABLE_REGISTRATION = false; + ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + SHOW_REGISTRATION_BUTTON = false; + ENABLE_NOTIFY_MAIL = true; + REQUIRE_SIGNIN_VIEW = false; + }; + mailer = { + ENABLED = true; + FROM = "Forgejo Cloonar "; + PROTOCOL = "smtp+starttls"; + SMTP_ADDR = "mail.cloonar.com"; + SMTP_PORT = 587; + USER = "gitea@cloonar.com"; + }; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; # Pull actions from GitHub + }; + attachment = { + MAX_SIZE = 2048; # 2GB in MB for general attachments + }; + packages = { + ENABLED = true; + }; + }; + }; + + # Configure mailer password + systemd.services.forgejo.serviceConfig.EnvironmentFile = "/run/secrets/forgejo-mailer-password"; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" + ]; + + users.users.forgejo = user; + users.groups.forgejo = group; + + system.stateVersion = "23.05"; + }; + }; + + sops.secrets.forgejo-mailer-password = { + owner = "forgejo"; + restartUnits = [ "container@forgejo.service" ]; + }; +} diff --git a/hosts/fw/modules/fwmetrics.nix b/hosts/fw/modules/fwmetrics.nix index e1de095..7ee2e9e 100644 --- a/hosts/fw/modules/fwmetrics.nix +++ b/hosts/fw/modules/fwmetrics.nix @@ -14,7 +14,7 @@ in { }; services.prometheus.exporters.node.enable = true; - + systemd.services.export-fw-to-prometheus = { path = with pkgs; [victoriametrics]; enable = true; diff --git a/hosts/fw/modules/gitea-vm.nix b/hosts/fw/modules/gitea-vm.nix index 8c47651..c3afdea 100644 --- a/hosts/fw/modules/gitea-vm.nix +++ b/hosts/fw/modules/gitea-vm.nix @@ -7,7 +7,7 @@ in { microvm.vms = lib.mapAttrs (runner: idx: { config = { microvm = { - mem = 4048; + mem = 8096; shares = [ { source = "/nix/store"; diff --git a/hosts/fw/modules/home-assistant/coming-home.nix b/hosts/fw/modules/home-assistant/coming-home.nix new file mode 100644 index 0000000..9b666e1 --- /dev/null +++ b/hosts/fw/modules/home-assistant/coming-home.nix @@ -0,0 +1,27 @@ +{ + services.home-assistant.config = { + rest_command = { + moltbot_home_arrival = { + url = "https://moltbot.cloonar.com/hooks/agent"; + method = "POST"; + headers = { + Authorization = "!secret moltbot_home_arrival"; + Content-Type = "application/json"; + }; + payload = ''{"message":"Home arrival. Read memory/arrival-reminders.json silently. For each item: if it's a task (fetch weather, check calendar, look something up, etc.), execute it. If it's a simple reminder, include it. Combine everything into ONE message with just the results - no preamble, no explanations, no mentioning files or process. Then clear the file. If empty: reply NO_REPLY","name":"HomeArrival","deliver":true,"channel":"whatsapp","to":"+436607055308"}''; + }; + }; + "automation home_arrival" = { + alias = "home_arrival"; + trigger = { + platform = "zone"; + entity_id = "person.dominik"; + zone = "zone.home"; + event = "enter"; + }; + action = { + service = "rest_command.moltbot_home_arrival"; + }; + }; + }; +} diff --git a/hosts/fw/modules/home-assistant/default.nix b/hosts/fw/modules/home-assistant/default.nix index c7e1eac..4f70b8f 100644 --- a/hosts/fw/modules/home-assistant/default.nix +++ b/hosts/fw/modules/home-assistant/default.nix @@ -101,6 +101,9 @@ in ./shelly.nix ./sleep.nix ./snapcast.nix + + ./coming-home.nix + ./morning-active.nix ]; networking = { diff --git a/hosts/fw/modules/home-assistant/locks.nix b/hosts/fw/modules/home-assistant/locks.nix index aa14f1d..edcd5af 100644 --- a/hosts/fw/modules/home-assistant/locks.nix +++ b/hosts/fw/modules/home-assistant/locks.nix @@ -1,7 +1,6 @@ let - devices = [ - "device_tracker.dominiks_iphone" - "device_tracker.dominiks_mp01" + persons = [ + "person.dominiks" ]; in { services.home-assistant.extraComponents = [ @@ -13,18 +12,12 @@ in { alias = "house_door"; mode = "restart"; trigger = { - platform = "state"; - entity_id = devices; - from = "not_home"; - to = "home"; + platform = "zone"; + entity_id = "person.dominik"; + zone = "zone.home"; + event = "enter"; }; action = [ - { - service = "script.turn_on"; - target = { - entity_id = "script.turn_on_circuits"; - }; - } { service = "lock.unlock"; target = { diff --git a/hosts/fw/modules/home-assistant/morning-active.nix b/hosts/fw/modules/home-assistant/morning-active.nix new file mode 100644 index 0000000..9e7f846 --- /dev/null +++ b/hosts/fw/modules/home-assistant/morning-active.nix @@ -0,0 +1,76 @@ +{ + services.home-assistant.config = { + # Track if morning hook already triggered today + input_boolean = { + morning_active_triggered = { + name = "Morning Active Triggered"; + icon = "mdi:weather-sunny"; + }; + }; + + # REST command to call Moltbot + rest_command = { + moltbot_morning_active = { + url = "https://moltbot.cloonar.com/hooks/agent"; + method = "POST"; + headers = { + Authorization = "!secret moltbot_home_arrival"; # reuse same token + Content-Type = "application/json"; + }; + payload = ''{"message":"Morning briefing. Give a brief, friendly summary: 1) Today's weather for Vienna 2) Calendar events for today (check CalDAV) 3) Any pending reminders. Keep it concise, no fluff. Just the info.","name":"MorningBriefing","deliver":true,"channel":"whatsapp","to":"+436607055308"}''; + }; + }; + + # Main automation: detect morning activity + "automation morning_active" = { + alias = "morning_active"; + trigger = [ + { + platform = "state"; + entity_id = "light.toilet_lights"; + to = "on"; + } + # Future: add kitchen motion sensor here + # { + # platform = "state"; + # entity_id = "binary_sensor.kitchen_motion"; + # to = "on"; + # } + ]; + condition = [ + { + condition = "time"; + after = "05:00:00"; + before = "12:00:00"; + } + { + condition = "state"; + entity_id = "input_boolean.morning_active_triggered"; + state = "off"; + } + ]; + action = [ + { + service = "input_boolean.turn_on"; + target.entity_id = "input_boolean.morning_active_triggered"; + } + { + service = "rest_command.moltbot_morning_active"; + } + ]; + }; + + # Reset automation: reset triggered state at 3:00 AM + "automation morning_active_reset" = { + alias = "morning_active_reset"; + trigger = { + platform = "time"; + at = "03:00:00"; + }; + action = { + service = "input_boolean.turn_off"; + target.entity_id = "input_boolean.morning_active_triggered"; + }; + }; + }; +} diff --git a/hosts/fw/modules/home-assistant/power-saving.nix b/hosts/fw/modules/home-assistant/power-saving.nix index cf645be..1824242 100644 --- a/hosts/fw/modules/home-assistant/power-saving.nix +++ b/hosts/fw/modules/home-assistant/power-saving.nix @@ -23,12 +23,10 @@ "automation arrive home power" = { alias = "arrive home power"; trigger = { - platform = "state"; - entity_id = [ - "device_tracker.dominiks_iphone" - ]; - from = "not_home"; - to = "home"; + platform = "zone"; + entity_id = "person.dominik"; + zone = "zone.home"; + event = "enter"; }; action = [ { diff --git a/hosts/fw/modules/moltbot.nix b/hosts/fw/modules/moltbot.nix new file mode 100644 index 0000000..7bc9295 --- /dev/null +++ b/hosts/fw/modules/moltbot.nix @@ -0,0 +1,58 @@ +{ config, pkgs, lib, ... }: + +with lib; +{ + # Moltbot - AI assistant with WebChat + # Container with browser support for web automation + + virtualisation.oci-containers.backend = "podman"; + + # Secret for gateway authentication token + sops.secrets.moltbot-gateway-token = { + key = "moltbot-gateway-token"; + }; + + # Persistent directories on host for backup + # UID 1000 is the 'node' user inside the container + systemd.tmpfiles.rules = [ + "d /var/lib/moltbot 0755 1000 1000 - -" + "d /var/lib/moltbot/home 0755 1000 1000 - -" + "d /var/lib/moltbot/extensions 0755 1000 1000 - -" + "d /run/moltbot 0700 root root - -" + ]; + + virtualisation.oci-containers.containers.moltbot = { + image = "ghcr.io/moltbot/moltbot:main"; + + # Run gateway mode, bind to all interfaces in container + cmd = [ "dist/index.js" "gateway" "--bind" "lan" "--port" "18789" "--allow-unconfigured" ]; + + ports = [ + "${config.networkPrefix}.97.1:18789:18789" # Gateway/WebChat + "${config.networkPrefix}.97.1:18790:18790" # Bridge + ]; + + volumes = [ + "/var/lib/moltbot/home:/home/node:rw" + "/var/lib/moltbot/extensions:/app/extensions:rw" + ]; + + environment = { + HOME = "/home/node"; + TERM = "xterm-256color"; + MOLTBOT_STATE_DIR = "/home/node/.moltbot"; + CLAWDBOT_STATE_DIR = "/home/node/.moltbot"; + PUPPETEER_SKIP_CHROMIUM_DOWNLOAD = "false"; + }; + + extraOptions = [ + "--pull=newer" + "--network=server" + "--ip=${config.networkPrefix}.97.60" + "--init" + # Chrome sandbox capabilities + "--cap-add=SYS_ADMIN" + "--security-opt=seccomp=unconfined" + ]; + }; +} diff --git a/hosts/fw/modules/staticids.nix b/hosts/fw/modules/staticids.nix index d382370..90b3973 100644 --- a/hosts/fw/modules/staticids.nix +++ b/hosts/fw/modules/staticids.nix @@ -8,6 +8,7 @@ pyload = 10006; jellyfin = 10007; filebot = 10008; + forgejo = 10009; }; gids = { unbound = 10001; @@ -18,5 +19,6 @@ pyload = 10006; jellyfin = 10007; filebot = 10008; + forgejo = 10009; }; } diff --git a/hosts/fw/modules/unbound.nix b/hosts/fw/modules/unbound.nix deleted file mode 100644 index c5f21c5..0000000 --- a/hosts/fw/modules/unbound.nix +++ /dev/null @@ -1,349 +0,0 @@ -{ config, pkgs, ... }: -let - cids = import ../modules/staticids.nix; - domain = "ns.cloonar.com"; - - adblockLocalZones = pkgs.stdenv.mkDerivation { - name = "unbound-zones-adblock"; - - src = (pkgs.fetchFromGitHub { - owner = "StevenBlack"; - repo = "hosts"; - rev = "3.0.0"; - sha256 = "01g6pc9s1ah2w1cbf6bvi424762hkbpbgja9585a0w99cq0n6bxv"; - } + "/hosts"); - - phases = [ "installPhase" ]; - - installPhase = '' - ${pkgs.gawk}/bin/awk '{sub(/\r$/,"")} {sub(/^127\.0\.0\.1/,"0.0.0.0")} BEGIN { OFS = "" } NF == 2 && $1 == "0.0.0.0" { print "local-zone: \"", $2, "\" static"}' $src | tr '[:upper:]' '[:lower:]' | sort -u > $out - ''; - - }; - cfg = { - remote-control.control-enable = true; - server = { - # include = [ - # "\"${adblockLocalZones}\"" - # ]; - interface = [ "0.0.0.0" "::0" ]; - interface-automatic = "yes"; - access-control = [ - "127.0.0.0/8 allow" - "${config.networkPrefix}.96.0/24 allow" - "${config.networkPrefix}.97.0/24 allow" - "${config.networkPrefix}.98.0/24 allow" - "${config.networkPrefix}.99.0/24 allow" - "${config.networkPrefix}.101.0/24 allow" - "0.0.0.0/0 allow" - ]; - tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt"; - local-zone = "\"cloonar.com\" transparent"; - local-data = [ - "\"localhost A 127.0.0.1\"" - "\"localhost.cloonar.com A 127.0.0.1\"" - "\"localhost AAAA ::1\"" - "\"localhost.cloonar.com AAAA ::1\"" - "\"fw.cloonar.com A ${config.networkPrefix}.97.1\"" - "\"fw A ${config.networkPrefix}.97.1\"" - - "\"www.7-zip.org A 49.12.202.237\"" - - "\"pc.cloonar.com IN A ${config.networkPrefix}.96.5\"" - "\"omada.cloonar.com IN A ${config.networkPrefix}.97.2\"" - "\"switch.cloonar.com IN A ${config.networkPrefix}.97.10\"" - "\"mopidy.cloonar.com IN A ${config.networkPrefix}.97.21\"" - "\"deconz.cloonar.com IN A ${config.networkPrefix}.97.22\"" - "\"wazuh-manager.cloonar.com IN A ${config.networkPrefix}.97.31\"" - "\"wazuh-indexer.cloonar.com IN A ${config.networkPrefix}.97.32\"" - "\"wazuh.cloonar.com IN A ${config.networkPrefix}.97.33\"" - "\"brn30055c566237.cloonar.com IN A ${config.networkPrefix}.96.100\"" - "\"snapcast.cloonar.com IN A ${config.networkPrefix}.97.21\"" - "\"home-assistant.cloonar.com IN A ${config.networkPrefix}.97.20\"" - "\"web-02.cloonar.com IN A ${config.networkPrefix}.97.5\"" - "\"matrix.cloonar.com IN A ${config.networkPrefix}.97.5\"" - "\"element.cloonar.com IN A ${config.networkPrefix}.97.5\"" - "\"support.cloonar.com IN A ${config.networkPrefix}.97.5\"" - "\"tinder.cloonar.com IN A ${config.networkPrefix}.97.5\"" - "\"git.cloonar.com IN A ${config.networkPrefix}.97.50\"" - "\"sync.cloonar.com IN A ${config.networkPrefix}.97.51\"" - - "\"feeds.cloonar.com IN A 188.34.191.144\"" - # "\"paraclub.cloonar.dev IN A 49.12.244.139\"" - # "\"api.paraclub.cloonar.dev IN A 49.12.244.139\"" - # "\"module.paraclub.cloonar.dev IN A 49.12.244.139\"" - # "\"tandem.paraclub.cloonar.dev IN A 49.12.244.139\"" - - "\"stage.wsw.at IN A 10.254.235.22\"" - "\"prod.wsw.at IN A 10.254.217.23\"" - "\"piwik.wohnservice-wien.at IN A 10.254.240.109\"" - "\"wohnservice-wien.at IN A 10.254.240.109\"" - "\"mieterhilfe.at IN A 10.254.240.109\"" - "\"wohnpartner-wien.at IN A 10.254.240.109\"" - "\"new.wohnberatung-wien.at IN A 10.254.240.109\"" - "\"new.wohnpartner-wien.at IN A 10.254.240.109\"" - "\"wohnberatung-wien.at IN A 10.254.240.109\"" - "\"wienbautvor.at IN A 10.254.240.109\"" - "\"wienwohntbesser.at IN A 10.254.240.109\"" - "\"b.wohnservice-wien.at IN A 10.254.240.109\"" - "\"b.mieterhilfe.at IN A 10.254.240.109\"" - "\"b.wohnpartner-wien.at IN A 10.254.240.109\"" - "\"b.wohnberatung-wien.at IN A 10.254.240.109\"" - "\"b.wienbautvor.at IN A 10.254.240.109\"" - "\"b.wienwohntbesser.at IN A 10.254.240.109\"" - "\"a.wohnservice-wien.at IN A 10.254.240.109\"" - "\"a.wohnpartner-wien.at IN A 10.254.240.109\"" - "\"a.stage.wohnservice-wien.at IN A 10.254.240.110\"" - "\"a.stage.mieterhilfe.at IN A 10.254.240.110\"" - "\"a.stage.wohnpartner-wien.at IN A 10.254.240.110\"" - "\"a.stage.wohnberatung-wien.at IN A 10.254.240.110\"" - "\"a.stage.wienbautvor.at IN A 10.254.240.110\"" - "\"a.stage.wienwohntbesser.at IN A 10.254.240.110\"" - "\"b.stage.wohnservice-wien.at IN A 10.254.240.110\"" - "\"b.stage.mieterhilfe.at IN A 10.254.240.110\"" - "\"b.stage.wohnpartner-wien.at IN A 10.254.240.110\"" - "\"b.stage.new.wohnberatung-wien.at IN A 10.254.240.110\"" - "\"b.stage.new.wohnpartner-wien.at IN A 10.254.240.110\"" - "\"b.stage.wohnberatung-wien.at IN A 10.254.240.110\"" - "\"b.stage.wienbautvor.at IN A 10.254.240.110\"" - "\"b.stage.wienwohntbesser.at IN A 10.254.240.110\"" - "\"upgrade-staging.wohnservice-wien.at IN A 10.254.240.110\"" - "\"upgrade-staging.mieterhilfe.at IN A 10.254.240.110\"" - "\"upgrade-staging.wohnpartner-wien.at IN A 10.254.240.110\"" - "\"upgrade-staging.wohnberatung-wien.at IN A 10.254.240.110\"" - "\"upgrade-staging.wienbautvor.at IN A 10.254.240.110\"" - "\"upgrade-staging.wienwohntbesser.at IN A 10.254.240.110\"" - "\"conf.wrwks.at IN A 10.254.240.105\"" - - "\"web.hilgenberg-gmbh.de IN A 91.107.197.169\"" - "\"web.lenaschilling.at IN A 159.69.3.18\"" - - # gaming - "\"foundry-vtt.cloonar.com IN A ${config.networkPrefix}.97.5\"" - - "\"deconz.cloonar.multimedia IN A ${config.networkPrefix}.97.22\"" - "\"metz.cloonar.multimedia IN A ${config.networkPrefix}.99.10\"" - # "\"ps5.cloonar.multimedia IN A ${config.networkPrefix}.99.12\"" - "\"xbox.cloonar.multimedia IN A ${config.networkPrefix}.99.13\"" - # "\"switch.cloonar.multimedia IN A ${config.networkPrefix}.99.14\"" - #living room - "\"shellyuni-livingroom-1.cloonar.smart IN A ${config.networkPrefix}.100.8\"" - "\"shellyswitch25-livingroom-1.cloonar.smart IN A ${config.networkPrefix}.100.9\"" - "\"shellyplug-s-living-1.cloonar.smart IN A ${config.networkPrefix}.100.10\"" - "\"shellyplug-s-living-2.cloonar.smart IN A ${config.networkPrefix}.100.11\"" - # kitchen - "\"shellyplug-s-kitchen-1.cloonar.smart IN A ${config.networkPrefix}.100.17\"" - "\"shellyrgbw2-kitchen-1.cloonar.smart IN A ${config.networkPrefix}.100.18\"" - #bedroom - "\"shelly1-bedroom-1.cloonar.smart IN A ${config.networkPrefix}.100.33\"" - "\"shellybutton1-bedroom-1.cloonar.smart IN A ${config.networkPrefix}.100.34\"" - "\"shellybutton1-bedroom-2.cloonar.smart IN A ${config.networkPrefix}.100.35\"" # todo - "\"shellyrgbw2-bedroom-1.cloonar.smart IN A ${config.networkPrefix}.100.36\"" - "\"shellyrgbw2-bedroom-2.cloonar.smart IN A ${config.networkPrefix}.100.37\"" - "\"shellyrgbw2-bedroom-3.cloonar.smart IN A ${config.networkPrefix}.100.38\"" - # bath - "\"shellyswitch25-bath-1.cloonar.smart IN A ${config.networkPrefix}.100.49\"" - "\"shelly1pm-bath-1.cloonar.smart IN A ${config.networkPrefix}.100.52\"" - "\"shellyht-bath-1.cloonar.smart IN A ${config.networkPrefix}.100.53\"" # todo - # hallway - "\"shelly1-hallway-1.cloonar.smart IN A ${config.networkPrefix}.100.65\"" - "\"shellyem3.cloonar.smart IN A ${config.networkPrefix}.100.70\"" - "\"shellypro-1.cloonar.smart IN A ${config.networkPrefix}.100.71\"" - "\"shellypro-2.cloonar.smart IN A ${config.networkPrefix}.100.72\"" - # toilet - "\"shelly1-toilet-1.cloonar.smart IN A ${config.networkPrefix}.100.81\"" - "\"shellybulbduo-toilet-1.cloonar.smart IN A ${config.networkPrefix}.100.82\"" - # storage - "\"shelly1-storage-1.cloonar.smart IN A ${config.networkPrefix}.100.97\"" - "\"shellyplug-storage-1.cloonar.smart IN A ${config.networkPrefix}.100.98\"" - "\"brn30055c566237.cloonar.multimedia IN A ${config.networkPrefix}.99.100\"" - - "\"ddl-warez.to IN A 172.67.184.30\"" - "\"cdnjs.cloudflare.com IN A 104.17.24.14\"" - ]; - local-data-ptr = [ - "\"127.0.0.1 localhost\"" - "\"::1 localhost\"" - "\"${config.networkPrefix}.97.1 fw.cloonar.com\"" - "\"${config.networkPrefix}.97.20 home-assistant.cloonar.com\"" - "\"${config.networkPrefix}.97.21 snapcast.cloonar.com\"" - "\"${config.networkPrefix}.97.22 deconz.cloonar.com\"" - "\"${config.networkPrefix}.97.50 git.cloonar.com\"" - - "\"10.254.235.22 stage.wsw.at\"" - "\"10.254.217.23 prod.wsw.at\"" - "\"10.254.240.109 wohnservice-wien.at\"" - "\"10.254.240.110 a.stage.wohnservice-wien.at\"" - - "\"172.67.184.30 ddl-warez.to\"" - "\"104.17.24.14 cdnjs.cloudflare.com\"" - ]; - # ssl-upstream = "yes"; - }; - forward-zone = [ - { - name = "local.ghetto.at."; - forward-tls-upstream = "no"; - forward-addr = [ - "10.43.97.1" - ]; - } - { - name = "ghetto.at.local."; - forward-tls-upstream = "no"; - forward-addr = [ - "10.43.97.1" - ]; - } - { - name = "epicenter.works."; - forward-tls-upstream = "no"; - forward-addr = [ - "10.50.60.1" - ]; - } - { - name = "akvorrat.at."; - forward-tls-upstream = "no"; - forward-addr = [ - "10.50.60.1" - ]; - } - { - name = "epicenter.intra."; - forward-tls-upstream = "no"; - forward-addr = [ - "10.14.1.1" - ]; - } - { - name = "intra.epicenter.works."; - forward-tls-upstream = "no"; - forward-addr = [ - "10.14.1.1" - ]; - } - { - name = "."; - forward-tls-upstream = "yes"; - forward-first = "no"; - forward-addr = [ - "9.9.9.9@853#dns9.quad9.net" - "149.112.112.11@853#dns11.quad9.net" - ]; - } - ]; - }; -in { - users.users.unbound = { - group = "unbound"; - isSystemUser = true; - uid = cids.uids.unbound; - }; - users.groups.unbound = { - gid = cids.gids.unbound; - }; - - security.acme.certs."${domain}" = { - group = "unbound"; - }; - security.acme.certs."fw.cloonar.com" = { - group = "unbound"; - }; - - services.resolved.enable = false; - - services.unbound = { - enable = true; - settings = cfg; - }; - systemd.services.unbound-sync = { - enable = true; - path = with pkgs; [ unbound inotify-tools ]; - script = '' - #!/usr/bin/env bash - set -euo pipefail - - # readFile and readFileUnique as beforeā€¦ - function readFile() { - if [[ "''\$2" == "A" ]] ; then - cat "''\$1" | tail -n +2 | while IFS=, read -r address hwaddr client_id valid_lifetime expire subnet_id fqdn_fwd fqdn_rev hostname state user_context - do - echo "''\${address},''\${hostname}" - done - else - cat "''\$1" | tail -n +2 | while IFS=, read -r address duid valid_lifetime expire subnet_id pref_lifetime lease_type iaid prefix_len fqdn_fwd fqdn_rev hostname hwaddr state user_context hwtype hwaddr_source - do - echo "''\${address},''\${hostname}" - done - fi - } - - function readFileUnique() { - readFile "''\$1" ''\$2 | uniq | while IFS=, read -r address hostname - do - if echo "''\${1}" | grep -Eq '.*\.(cloonar.com|cloonar.multimedia|cloonar.smart)'; then - echo ''\${hostname} ''\$2 ''\${address} - unbound-control local_data ''\${hostname} ''\$2 ''\${address} > /dev/null 2>&1 - if [[ "''\$2" == "A" ]] ; then - echo ''\${address} | while IFS=. read -r ip0 ip1 ip2 ip3 - do - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} > /dev/null 2>&1 - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} > /dev/null 2>&1 - done - fi - else - if [[ "''\$2" == "A" ]] ; then - echo ''\${address} | while IFS=. read -r ip0 ip1 ip2 ip3 - do - if [[ "''\${hostname}" != "" ]]; then - domain=cloonar.com - if [[ "''\${ip2}" == 99 ]]; then - domain=cloonar.multimedia - fi - if [[ "''\${ip2}" == 100 ]]; then - domain=cloonar.smart - fi - if [[ "''\${hostname}" != *. ]]; then - unbound-control local_data ''\${hostname}.''\${domain} ''\$2 ''\${address} > /dev/null 2>&1 - else - unbound-control local_data ''\${hostname}''\${domain} ''\$2 ''\${address} > /dev/null 2>&1 - fi - - fi - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} > /dev/null 2>&1 - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} > /dev/null 2>&1 - done - fi - fi - done - } - - function syncLeases() { - # 1) nuke all of our old lease records from unbound - unbound-control list_local_data \ - | grep -E 'cloonar\.(com|multimedia|smart)|ip4\.arpa|in-addr\.arpa' \ - | while read -r name type data; do - unbound-control local_data_remove "$name" "$type" "$data" \ - > /dev/null 2>&1 - done - - # 2) re-push every current lease - readFileUnique "/var/lib/kea/dhcp4.leases" A - # if you need IPv6: - # readFileUnique "/var/lib/kea/dhcp6.leases" AAAA - } - - while true; do - syncLeases - sleep 10 - done - ''; - wants = [ "network-online.target" "unbound.service" ]; - after = [ "network-online.target" "unbound.service" ]; - partOf = [ "unbound.service" ]; - wantedBy = [ "multi-user.target" ]; - }; - - networking.firewall.allowedUDPPorts = [ 53 5353 ]; -} diff --git a/hosts/fw/modules/web/proxies.nix b/hosts/fw/modules/web/proxies.nix index 5e62a11..421ea1a 100644 --- a/hosts/fw/modules/web/proxies.nix +++ b/hosts/fw/modules/web/proxies.nix @@ -4,7 +4,8 @@ enableACME = true; acmeRoot = null; locations."/" = { - proxyPass = "https://git.cloonar.com/"; + proxyPass = "http://${config.networkPrefix}.97.55:3001/"; + proxyWebsockets = true; }; }; services.nginx.virtualHosts."foundry-vtt.cloonar.com" = { @@ -57,15 +58,6 @@ enableACME = true; acmeRoot = null; - # Restrict to internal LAN only - extraConfig = '' - allow ${config.networkPrefix}.96.0/24; - allow ${config.networkPrefix}.97.0/24; - allow ${config.networkPrefix}.98.0/24; - allow ${config.networkPrefix}.99.0/24; - deny all; - ''; - locations."/" = { proxyPass = "http://${config.networkPrefix}.97.11:8096"; proxyWebsockets = true; @@ -82,4 +74,52 @@ ''; }; }; + + services.nginx.virtualHosts."audiobooks.cloonar.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + + locations."/" = { + proxyPass = "http://${config.networkPrefix}.97.11:13378"; + proxyWebsockets = true; + + extraConfig = '' + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + # Disable buffering for better streaming performance + proxy_buffering off; + ''; + }; + }; + + services.nginx.virtualHosts."moltbot.cloonar.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + + # Restrict to internal networks only (LAN + VPN) + extraConfig = '' + allow ${config.networkPrefix}.96.0/24; + allow ${config.networkPrefix}.97.0/24; + allow ${config.networkPrefix}.98.0/24; + deny all; + ''; + + locations."/" = { + proxyPass = "http://${config.networkPrefix}.97.60:18789"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + }; + }; } diff --git a/hosts/fw/modules/wireguard.nix b/hosts/fw/modules/wireguard.nix index 239e36f..b8bd074 100644 --- a/hosts/fw/modules/wireguard.nix +++ b/hosts/fw/modules/wireguard.nix @@ -29,6 +29,10 @@ publicKey = "yv0AWQl4LFebVa7SvwdxpEmB3PPglwjoKy6A3og93WI="; allowedIPs = [ "${config.networkPrefix}.98.204/32" ]; } + { # FairPhone + publicKey = "tLsvuXo6Cp8tzjJau1yJZ9apeQvYa+cGrnAXBBifO3Y="; + allowedIPs = [ "${config.networkPrefix}.98.205/32" ]; + } ]; }; wg_epicenter = { diff --git a/hosts/fw/secrets.yaml b/hosts/fw/secrets.yaml index e0da8b6..d4c4599 100644 --- a/hosts/fw/secrets.yaml +++ b/hosts/fw/secrets.yaml @@ -1,69 +1,72 @@ -ai-mailer-imap-password: ENC[AES256_GCM,data:q9eJ9Tom+X6KxQJhWQTUB61k5A==,iv:FH+IUWi2yZBBgMiL/kNW470GEVHEG3fImf0bel9og/c=,tag:RSlcpXwmNyLB8Oc/K2Epvw==,type:str] -ai-mailer-openrouter-key: ENC[AES256_GCM,data:EvI0BuCBA1uYOderjAVcB8RSk7un7tiKmgsSe70KQcmfu3CxmQerP/2kQsRTJ0/6pWf4QqNpaes691O3nf+UG1qgG2CUcIaYRQ==,iv:OYEy0xMs+vkGa0qMtY4UP/iol5JPQ0eFVyPpPXLAmUE=,tag:5PeXZcI8TRSUOyuKs0STWg==,type:str] -borg-passphrase: ENC[AES256_GCM,data:GGmf09zX5wQ8Fih1EyP1p3up9ckFjVKsktU6ZFwvuZnG/O2OyOod66qXc/IXx8GQordubZ3TgisOeMLNnSowp2qylh8=,iv:fFgw/x8Ww9cInkNlPIoE3stUfISbfk46PBj7aimuXNA=,tag:hnNYrkLgt1qJc+gN5s9L2Q==,type:str] -borg-ssh-key: ENC[AES256_GCM,data:I7hErgUwWDIxKLdw2FPKuTx9aOcqF/EhOIyU3pfd5QA9sQZkZT/c+IU3b0rNdi6OL6KYDQ8+pMhFuDB7Tcna17etB5HQYnWR6L/QDv5rZTHAHbhTNUEk8w+4zIsvffKJlfObM6qnKZhZbCZT4CvbbvFqmg1KxkFqhpMZSOfR4hpvsNVqEmagygYxuPUSamWgb0y8+CFBxgR8FVEz36tJW8bH7110ZupfkF3P/DNgw9Mci5tYHdrzu6CU5YhbpW+hx88U62rvenWc4T0r7gVcEZYjkVExPJRKs994UVCZO22e8Kx8cy9OZo0S4FBgFfT8Kx8HkYX5viBnwxZrWRsw1ober2LIa48Yc9Sh1cuf1HqD3HSwEc90LuXP0EFKwJLm8MJ3Y26fLLz+NMQhVtug6lAt2cUZj1qapgMiSznw1RJv7nEJNKRx4rKGDdzf4gJ1Nn1DcuS1gPe+WMd2K1WoGB+QiBRIvCvv8f6YrnanNS5YDt5W11vrh2YK6u4JVjehbScoG32ikv2YAYD6HxkNmIyPAwKXM1hIdk91d55bk/feXDLSGsnlBcSdQ7AgBDKEy4UDLEvUPKwNgxur2t9PgEa+AHXZSjhQOpYVEHQI7qzALgSR5v9lEpPLvz4Oa26VwglMwyKcCxB6vYhz5CXnRXXuypBi0TAEtnWsQaUQrcYNduEkNTi5BwtGYJSwD0nVxOFQhqxwbCvQSbW4iT1QBHbvfEGhKtsDIetZrx2DL96aQ0maj9B08O5ODsiQsZzyc68vyS80Ctn6dd/7BIeJka1ciCbXrZiWXHa4Ibrfp4pdjTfLVXhvqocNolLQupwqxXdCMI7pmZYrcQEY6VmyYmuePWOQr76/ed4QG3mhmAJN16SZw3SlDo02LxF7qiQV1oCojpeqxdWnr0jh+tG8z2hzK4cODvwnNx1XCq8O1P8A2vcuk7mzCnB3tTMtLdIGh6kF0V8I6l4zidJkDPRhqB/LonbK6Gj1OixqgL9aJ3Od0ahF3rOq/SnMQWg+MJkJUv0CV9KJCJZ5FoHv9JfChzTG76PsrXtAFGoXwHMsrjJi/1E1UxSFV7TuD48FB1fRleWrt1Zhbefaq6aDfYPCiRLbpNbQlepnX8mRzMfXleq/ESZqXHKaG2dza9R7hiaJFOd5OTXrqoaf3spIRCdhSAhvd6ChpD+NtFssqUWaAXmZuVQhg/udVOGGW+mOgd6pRKoFjOXkD5bnVf27KY+w1EHTOUNoKWtZlLWmmsbJBF8MGc3E5XIGM+Mlq0E5mNSWB/XwnionuUTGg1+gUUCcCbcmOm7P6J3k4l3ZLhuu4ilw+wV31pjednAnw/IIw9r4lMGL0RN+zJL7leE6FT+fFqdjRx3ZCdCFGxjrmJgugtfZECjgR6nHQWk2zLv81fi6OD38wBFeeMe7Bm7fV0A7+oHYrTXyvxuo5aXfv3pOacAGnUulbhWUIcsN/GTFzcGio5iBlIOI7yI6EeW6VcLbXm+ISw2YHv/zhMFCDrOeXn5jYCI5zwi31+T+XTIuku0DOr+k7WnS8WKWQhdlhuLUp8XpNdUVwegfrZoU3xWo46WbUWrtOcpBoQguvjGvVYelb/FHWx6k8mQy/9Ke7juaPXgrhKclAA1pyKuOvFjO8UuUI/KBMZGTWtnAxrS+cOTdf8CBhw5smJ782wyvYkxQJfddfcUU42TWGLSpLUJUYc0kAjbbAEfKkWQw73tCPH68VPSq4/3nWH6lS95bMayn5yj9B8pnl5Ml1Fv7q1SAj/F5FrC5uLB7QBUP8alKQoLvpCCkXwRQn6FHPzTPoKMmkmRCuqrVmG0blyyY1PtZq+hzfYw2oM7kPwElXKUMo+Pd7bJKerRcTRir0odIMyKXNXCu+OC2/WhcLLfwuiW9PH5clbCt3gjjM4XSMsz/vxxwasuN+WnzFHuTlL2DN21rSFNKjPR7b9FfifQObQQCfEE+GBAeid8OsLU+7Uk+0PvjWq072HOMU+fkbgdISLp1wmafOjjt68hsnxx/dtsqTxaE+mBCTnLlBdSJOHi9JvcAC8QZD/fHUVGd0EpItUQJCePaWSVjkg3Sd5wYR5zko7WHAW0iuGXqZUQkNJpMm93w8cygkAiNJMffM4FkCM3yXpSwBqpjN6+OHNtcHzDIjwwUCMigyqHKvCkalcsgSLus0451Z7m6FsUnOvlkIZxWovQEQVqVDwa42g7EqPyaVghaUmIsUo23Dlz/eNPM/HmgqtdQN6+vJTgK4kdkX2HBqEpPvNn7Faa1hW/gfLIVl2cknNUNDNnkmqkvJLPSUS8Fi9lNhM5HDt0hCr4JmmGJrvgo2TlxnMpBGUPi4UkfxEuFIgxmzvpNhSpyDJNF+nFp0UD0ztcCdtAta1lpoGQ0zZEiTr6Mwwc0fozxerGtxFLPm2pTSgjXKI65JyRGJjNHAHG2XeOC/7dWnwo4GthFCZBKPB8/W5EsaOeuSsWfDAP8n3GW0AIVwIh8Pmf3tdml7dKU1J7ciVnLqoHE9NcXfmnRW6liJ05Ca1UUgcrtQasQKETbSEIBBM/hvZAMd8aaazyIBRJwNc67TIEkKBpvC6dRxpUYEJ5ZwVvWGrJIkh4WekDEV+fFZDyH6V8sngTmnT6Z3GCyRContJLg8Gx+CE6fLnZ69OUXVZ0FU6C0K7GUqueB8l60ccJa5AniiEqhRk/5WQAJBrcpYAYrYU/WTEKkyt7EtBnxeWPCyb7CpnF/11i2JOk33WAcYeXUK0IIfVaPmW5cBQFDVZ9JX5W/kfEMwufizXqjWSMXIKnON3ICD74iOJRmnMevaT9/ruVtMlXx/7M4iQVMeIl8+0He5S5+U/1kUZVvx4OmvQBdfgIQrjso6fTDeGMziM5jeQeCUUWJg/cBV9VGrMsGlELiZiCWvVI3Ysa/H2LkutKa1dIRHtvhZNBan4y1GYq7hcDpkmBJ6e0WHV2gQxhgbwgWpOrf0nww+KUivUJySz2uTdRunrujkwCMDIt7zDXHrItuI0xAfrENYWXvp+KyOMeWUbjUrOUc0IdeAD4DIBywKVgZD/2j5xtew53d0wv8LmcBe89dKSyMHWm09ZPjbwm5FL+qafFLFZZYSlfr/7f+MFg0kK1Fd51rh1pmO9vpgha15MrzgK1KQ7FBsShG5UZ/7l57CPGV7+TS8B6ujDbFvX3vvmwJ9LMhPsOkeh2f8yQGjZppaOjx7WorqCnjP7K4HP5gfbz+GC90jZ8xEabm5p95t3tnOw0NBG8peE0bObUosd5phJN3PuahcCYGNF9WBtCAsDR9WzC4vJgwpSRl1qVZydm/F5c5N29cszRViM2yG1vIqzbUo3uGkN4+Dvr82YB5rRhn25pdV7Z79xroJMnx9mDGAM5ShQPDloEZeG32i/rGB3PKruyfCYNaWUT48qrvt8S9FTrt0etZVJrxFp1v9M7Ct4ojw+OQPW+bh+bTIWd1UqY4TGhAeg==,iv:f7rBK8aNqX8dGyzjoeRX6yl20XsnLU8b4gitaw9+O+0=,tag:WvfUw1JgFBAtS3vsVIvM6Q==,type:str] -ddclient: ENC[AES256_GCM,data:dS6TVVNb6R7EE1JVMDfSnRYCZyHHqEPvwaYpkTSj+VA=,iv:9uMo+9X7dFdVW4wuSgrqIAaQelXuA4cek2oif0GRHow=,tag:ncQq4UeUzWtjPNxEUOlqNA==,type:str] -filebot-license: ENC[AES256_GCM,data:jY7E29fFJ/h9NIgIjuX++WBhnLk6Mm4iRfMh4P0pUDdqH231gXDsTZ6pJ1rpFXdEHSuNN4LfznDTKgZ2azKid4WprDUzGkN0uJD6CfSR8gTIx5Rq0M8vkRah51LC36bop4hTMzECYQd1YA47hOBV/gfyg3RIw95coWamV9FebnQjIBgWYxE+wTvO5iRvWpiCHd6VZQfkiiR0KF1DrkYkuxlX0piGEKmIgyYCiKMFZ4nrrIe58x5lEQA9uPVjE7vmq3c3ge6tJzjVVaaNocbJhxhA18GLMqTSHfnBsOLRlA8qSQ3xX/VRzKQmaYQHIM77Ylb9ZQsvFt6EDlzQMl5NqT7OJZUW/0jwNaEXHURjeTOC3Hr1HugiDGm+uLXEraaJ6Na2AbFDn28o+3J22p9xNg6vWL0FElzKuaz5TFDzdZLZsD9HOPQm95/ZM8JymDjN4qxkkd2o9rEKY6to1MVDarj+lDxIHhf4pL23YhZsn3esNlEbFswzHQiH7nMsu9Jg6a0rPu7IYylDnH/soBjxSKmf2dhH1LLsDm8It9K/7NnXwmvncFXaqNBqm/e7JzCDBCCyVUf/BXbBc3xwLwZf5MiirZ/iYiYnRtUssveh7BV7ICigRj5Ewtr+n97+IGI+FyonkvOgM0bn8nHf79ZzJCKMuntcw3FlGd1nIkmcehkC79PlKIS95oV/wypl1OmU0CVel+D8hsMuONmF9NPHgFk/ztp4GF+XXRO4ExNotX1XrUlvLOccoHDsl1TedUOISzgAK71edxfI8y110shIe9OfsCEUAbmWMmjGVWH2fKu/IrYYQTry6pYFOjG2bIEUXMaiIP0lALbq/QNgleqMNPY8wGzFbP+/jaYzTbw9KXH4bwYQCl1hSI8THfV7lLE=,iv:4ik/aQqi/hIqH8ix3ejgUiXGY7ycw0ymdVrV+CEQe1o=,tag:7ymc4QZEezJVPlYTlU4H/g==,type:str] -gitea-mailer-password: ENC[AES256_GCM,data:lEv5euTCHG6pyNqrVtKK7oE8wLvk+q8ABXOzFSizQ2TVFi35lyGPzOTel/dCCC0Je5GAHE1KQQ4Y4/iHghZgb5Ft,iv:gt/mCzLbDrHFNqW+Lkd2dy9nRIBKO+rqsVuXM45zJ8k=,tag:gCxTSzY7GZ+jQP9SCsdUtw==,type:str] -gitea-runner: ENC[AES256_GCM,data:HLjSETmu2C2ROf6kqUuIzQl/t4Fe5EOVkMqdTeLNnb6AJ95l6M/WUk//dnPMrWVvEq7rV07awUiyvyJcYQzMgPNddCrfcn2Xr0dYK4XFenz/sdhknVex9uS/RhK8fOqdYJ6djpynikMKddZMQr9AOVfpF5mea//87+Az9rOrlzLdgNtf5HyBEAFKaOFbkZboAsP+jlxyyYurGHPr8LxxikewDVxnpB+XzMc6RAnesrZPOTDQlkMiPZ2t2o0klhD/4VomgiHEklULxCCmIAHaqDo=,iv:1FwTespqVTnKFbyf9Unbbod08D36MKsVbDhIBNGBkHg=,tag:rgVvyxUCwzYB2CqWm2fwgg==,type:str] -gitea-runner-token: ENC[AES256_GCM,data:pzJp7j1Ktz+27oU+qtESk7D32w7+BSEUkPSX4xuFml0i10z12Gzu0QHXL9s3734=,iv:U77b5515H1URfz5BCdzuY03zVkhSRsL9d+HdHUJFx9U=,tag:QvooaT4TS/X5R5KGdaVpVQ==,type:str] -home-assistant-ldap: ENC[AES256_GCM,data:4kofJzPbiLXILxjuAZWiTb9hu2Gver/IHBCXDnrmrKuCSII6SJ9FrSi67nl7SHdoA6xe22GSMfmPrKzy5sGiow==,iv:F8mIHhWHpaI6kzRV9du6uW/Fj07PbEIU1goSDmeSD5E=,tag:6NIC6sN8OclinribZhrLLw==,type:str] -home-assistant-secrets.yaml: ENC[AES256_GCM,data:rns9heAmVMxB6WWlGMXvF/ianFUnja3FObiLTEKJmodePNsJ8ah3OhuCAX5jON+/7NZ+3JN/hIJjXsORC5WYhr01DvO9meykf0aMpbmAnYI+cmPEPvcunF4NNInl96rpcI519nMiHDSh5J7pD74CxHZcXSV4c9ZR5UBymchrwmHyZMF6dVrD9Jbr9yph1r7iq6S5wlI2ZImWRjaoGDZ1x+ZU8XnsUmYcP4pa1Yt8JBxSnyUw5gxgBkVCh4eSZBsUCt0cd9P0i7qWVg==,iv:YXQsawXZsQb9ZUt1/lkpfTa4tfKIQrLkkyShFtBRaIQ=,tag:/vSnipGiMntdMqHLePSEQw==,type:str] -piped-db-password: ENC[AES256_GCM,data:5atQccdHYDEf638bpiON9VO14jqNDtzZ8nnXVW0/cqtWkZJc8RYn9N7QhAw=,iv:Gwyf1R+mpmX+TFuoYLPHjXwSDwzJhSEpnj5ZsJgmrtk=,tag:zm4zNkzbqbCyTN6o3lQQfg==,type:str] -pushover-api-token: ENC[AES256_GCM,data:cMBDdySEBQ7vS7FUC2DsCcSvEMpapWvMFmnuCsY6,iv:SVDrrDm2pcAfwUVAC5j47YwF4s/FWNARlZdIZ1Wgwgw=,tag:w7ZeNMPXWc9j+zVaSxq1cQ==,type:str] -pushover-user-key: ENC[AES256_GCM,data:fjoA2YQxmeWEbSKWWE5iyi+CUh1vtW9usVCm5EGk,iv:p4YwYIhpgn/bY9t61//CDrDmZrsj9B/naZit62lCpwo=,tag:pqEw3pDlX7i87tE0Nsy0/Q==,type:str] -wrwks_vpn_key: ENC[AES256_GCM,data:VEHqnr/bDtmyLzs0wnmZ0jCWS0BGJWu6Wjq0ZHJuEz8PH3j/E54S9NUe6WRIo+BJCsh1PlRqw/PD9xSqlW5uPg==,iv:OMP0s8Lc2CmFgwRuwB3UWJVuQFqvpy+BiyhnIKbVIb8=,tag:x1LvSf6i8khd8jKgv/284g==,type:str] -wg_cloonar_key: ENC[AES256_GCM,data:1OfHD8yX+pgCXqqxn7cddnnCA9HBjGra4eht7uLxdcbdG9vDvxUoE1x6aWg=,iv:/NBEbmA3wP/zwrqCeBKDzaoSMqz3f4ZeMlWbu81R5Pg=,tag:Apt8x/j0qiJAKR4UEVSkrA==,type:str] -wg_epicenter_works_key: ENC[AES256_GCM,data:CTZkVGEVRlCdt6W0BGPmX0SZbuBBH5IIlUsi44SGXi7gdmrZNwv2zDv6zjA=,iv:4ZDDKqR6pBq8cjX763tBxOvWFaS2IiGaBxJu6L2JYig=,tag:H8p63BvXSx1SKPFw5gnptw==,type:str] -wg_epicenter_works_psk: ENC[AES256_GCM,data:K0SDlDWfUk9vIGP5U1j8p6TJ9GsydJTuKPb4kMgde1CILOia0S9/+4AkMWY=,iv:ITwLoWZXR6NxRFF3eBvOogiWHLmXnf7S1e2FW0ofr/M=,tag:2OVi3OBFYT0nlCx8gf2AdA==,type:str] -wg_ghetto_at_key: ENC[AES256_GCM,data:+bonpVjV1hxwaqtR7ywshmoDxCnFPD11q0OiNLzxUJIaYrDeS1srpyo6rlE=,iv:Djn16kuXTWqJZy/AT77GpH8RcNtUMZ6zcIdKIMHv+PM=,tag:LP2JCaPKpzeOKvBc2bMr4w==,type:str] -matrix-shared-secret: ENC[AES256_GCM,data:nVSHwPa8xYUaDCxL+5neFtzc11DDNzJtoDCSHYXZ+bZXVAAbp6/Pjx6UkTdAA8B2GOM09nFAsBuLnQfJ3w==,iv:WU3hnRlWVwx7Qin3ejw7V4VhAmYLf6oXzVk6xQgZPgA=,tag:O2hJ2q8XDxYF+rHPNgATgA==,type:str] -phpldapadmin: ENC[AES256_GCM,data:94jCcgGJ89Er5ENLqhFZ1qY44Qp709SuUhBUuED6v/a7mPPjrJGDmi0Gm3r1Hb4CDPGkWf+x4NStY7LSQ2bHEzjyMPMS23wvSLTmC5b2TVca1UI8vZRTD1R7OvdWo8d1oNweSpYEnAXGv3USYF0NZo8DrPLM5G8lG5Tk/rKS/mxU5ZRhPyA60rbmIiy3Mk4yNcs1tvTEckxU/zMVl7zUPAsOOlmYGuwJrHmmh9p7YIWHGIgZNiLs3U0BvSKzN7WktmlwqjfWpeLn4dusqgov4SSQ2otAkxLHIH8mGhyotd1wgXJDZc6tilMe+WPHQDz9db7FT0VdeKggQ94FD+8rP0OsIjR4AdjZ,iv:C8X10wtA9jPgS41pxasaZJTO/XFcRymOyTDZCWJlhmg=,tag:xkMJsGubny+Di+GucAqypQ==,type:str] -palworld: ENC[AES256_GCM,data:iR9nceVotLKrFHnPIVskCYVLev9OzGLLlmfCGQq5hqB1HveXjhjkfm/NMmqnSi9o776+Ezy7l3kkS0R+0cFJ2B9kaWGsdJtdYDwQevmf6Nq5eaBYmvu8kTnaatqZ5e/1BQzcF3to6MA061XL54YGqsAV5FpnDVLhyyzIvaR3gMvMqJ748NL7K+hbBqMFuWcSH3hKXwxtDK7SLtcgx93W5ZgXkZMMumtlH9hSSlZL4yxuQDAQUwHrEBL+rdphA0m27dyS87DA3Av5ZL1MZ+Vlm4uAHM68T+rtVYXTakNImDTc0WrhIP8FZD/UKTAhVYAbA9oz6cbeC574vchuEY1z19SY9+2HshZZBOiPDMqdvrqyszMQCo5I9dUzAJCemQQTlYG8ekREQ0wxARnBYi3iy5PbmgDQWdM3+ff4yhMmGiHtiMQLHzrquKy8nvS9lDp9uT7njkaI0QAt3eNWa2DAQRqXQAtmuRVob5+GS2Nt6XMTWRkbeEb1phwbTqZD5mH4p2TiyMKCn6KOXsgQTxqGr35Izbe+bfptCmUeyscTKq01IZg77w/dvg3AX4iHAcMNgJ9LIHDLibGHQzu9fGN6alpeyy788GDwRY4glYyKxPhCasKkBSj/uhcDAtdg+c63vDTBhqRjNr6+v1NeRW6lVBzrgq+f9QvO5RVKrvdsVHnTA3CMGQzUPAaluNZMpzV5KqxqIrpAAPXnN0ktig==,iv:kkcm/alLHwC84IKK//OJpa36ec9ddOARTIM+KJlOHHs=,tag:jV1DjfNzRgNaCGgJTKIy5g==,type:str] -ark: ENC[AES256_GCM,data:TRTwxqkeUGbtgrWuj1YEFr73+nxCXmt/fR5vVnYR+k4FpNBB2FoY/gXl0kqeFKPDcajwn8nYBs8YE9vmYtAX/Qs4g5OyU9qC/pkmSV7/gbGfqLLqcbIlbWrZzeM8gRW0fp6h1TMPsGO8/iYdF4bmInfuZW+fKr0i7ZRgrtOpPiRCOI/ztPGkFaduuwGIy+yVoS64b9r7ZLRnOZT7ghVv80GKorJuuOQIipNAJMzEqtSA2IqaxWeb13v8wdQoKuMNcD6dCYVJnvgwf4R+,iv:+F9+yJUZBzPSSIt4uLHxjjXAjzRojLxKAyrd8grMXkk=,tag:VrIr4FFbIGTq9RBJMz8/Ig==,type:str] -firefox-sync: ENC[AES256_GCM,data:guNgEVi9n8uJuLkkX2Z3tMY/NVqzQ2tdIutZAqleah9qBri0/3dzVHF2xvztLeAgm/59tN7TtAlAH2SMK6gcfAZDasAWOJ/rGEASxLi6VRjqCe25glDMp2YrA0/mcqZVYMCg+QZ5OPA56b55WDqPHPoBJkPDuTm9axwm6AOxdNi5BkDzMw12fVBxlJL/Rm8=,iv:yD+MkZK5vvZ85vYGd9X2Dv6KkSvMUsMGLrwlJ1pRqlk=,tag:YA379QupHh7aJZKcQxB7bA==,type:str] -knot-tsig-key: ENC[AES256_GCM,data:CBFaRKPr+HRVM01fA9/OLWeD1O33axQKEKJuqDRfcGmuDeP3oXf+ccEJhQE=,iv:2O5y24YenpiMc9txPx8kz8x0aO37LpLjIcwlNywPEak=,tag:J4bVZ7RNSR9fiOBQ2HKpnQ==,type:str] -mopidy-spotify: ENC[AES256_GCM,data:irBeIh2FieNkdf6Hls/Oj+qYxj1U7R7/Ffq6dx+JCS0PdOiFWIHXtccY+PXPKP7RhhaQOgZtIcgPyqTiML52P0c8AwN6UHMl7kgUcKnk60AI0IUZNWorCBZluHhEpf2e2OISlFzDGjSHk+zAzh2eDS1lJ9lCRYEC,iv:r6aZmlVHdRsA9DxkelcIVVpwwm32jaOgP429h61NL/U=,tag:FvPIr0HX/V7+G9kal4nO8w==,type:str] -lms-spotify: ENC[AES256_GCM,data:E53aUSNxE30SSrG6Y6SWKVzmsv0lu8aZvjk1RBgSj3q4m65dPLwGM9HcagN3BPoVTc0tKJaccrjoL2k5FOMnwcTXIz3qgiZGbnB6hVCoOhMrrkoFRN2JzSIA5WxKOT8VuMoC4/a6WaWbY8SWAdhgRQb9uq1hUxdkMCoNRLNJnPqR/0w07lCDVHvkj8XuBV4rGl93VVT3rCzjVTL+Vigv38WZ2il2aANkCz3joNeN8Uod3K/HA5uXLw3cLFmD7eI7LBDSTHpMEg==,iv:iRKrij3TRaufB5BXy7Xhiu3asClZ6hpkbMV14aod7jk=,tag:hpUwP/OHygqfgI6j6q2sKQ==,type:str] +ai-mailer-imap-password: ENC[AES256_GCM,data:gLSr5s/9YGd8DOD23k/MGZU58Q==,iv:ELdtCuD7Geofd9ElapMVX4UZ0gZgTtVvJpaDmY2NUq0=,tag:g4/ENc7/0PyUvY4VSg+mqQ==,type:str] +ai-mailer-openrouter-key: ENC[AES256_GCM,data:2y9JyDBYzo9Tcx+t8rrr/TleS9Lq2D6jOVSCnm99DBMauJ1QlfLIJ4zXpX0gebxGb8BPA0jBYnJdNQxHfjvYJVmnG7+qIw7zCA==,iv:ytkagoqtrT9kGqUFo6xrXNJp4LKSO6UNGjWZemCg2A4=,tag:0OoSoYchvMUYNUi1MclWOQ==,type:str] +borg-passphrase: ENC[AES256_GCM,data:ajkDfsz1sLcxcM5VEsU8z8opB4qLXZr6BdOc5IxX4OKb/8cckd341+mXk431IWuN6bLpd1XmINimLRLin9bnb6y29L0=,iv:w8VsAJrbkBLIjR8o5L3L1l6xgsLEa1cdyEAVqfCE8y0=,tag:PvhBSrp4n9oyqskekEDBQA==,type:str] +borg-ssh-key: ENC[AES256_GCM,data:V+jg1s8E55AVRYcz+tMACmr5KszQRjvKXFBmnJPzzhRcSaes/WvtkY6gm+wvoDwMSVb97eMFwQ1GWiK5+kZ3eEN9kVYZweZde757+Pdd4wBy/sfGQ8OUpHG9mBM45g9tftLb8l7lHSkEk49GGQiot5seorAz5z+sa8pwkOaltdtBxcqqhkuvrDZRQO0tv+5zGZ+PWx2dMZThDnR1s+Tuum6bMI+5Aoat/MsQT53LprpFbwS5NYNg5fzQACoRam504dtCWqS8+mwITDJaR7LFqjZGMAmfARC2L8pIDWrt1XrsPx47/MHzBA1+h62CilczsTcpXex5vKB1TyPUKAWfIiF6/NtRBWIMSSDMlZlq0WABcs1CxNe6e/mISoQpKkH5YX8jQUC4t2nwE7WECYmllubsp8fxFCMs9yFWQ8915I54OutOkFQd8/eq0Hu2o/+jTTfelnjbxDXdPdHdMKGhJKvb2Nqs3B1oiga6SIeXJ5nDm9/K/0NQ6yjnysqBUZM10hK0Ii8oH7guMKScUrNcGgtLNMgMR4REA/zhv1hmed/86N2GZsUIpfri3aly62RmlN33ZQdKGk30KcMDikm1zDWGbH3dyhOgDfzVYTXIp+Xq+3qD00LH5F/dptad9/kCdh+shDTt5yTQdyi5zOfl4k5LGcxhP7BStsIhitVA49LL9uVkgnm2DBeUO1C29oIrSBIDIgACU6Jq/oDbqeltJqsoWmYZ1roEJXq4dFJ7P9e2UcDL06y7+HBBhHHnGC7gNZhV3uO8w/GH+tuasyeHbGSEyg9YG23Z9dkJ9azLtVUCROv4/8/4cSerlCWtIQkZ+GURW1zfWTFX3t8f1LebSeMLvyWmoglFhAk5TpNPW6ShSUqRX2yr3yUyP77pTU2EYHp4g7pztb5LpJh8VlB1PR7XQS4zcMsKJdu0yfYAh4/sJoLS7f9gJvdC3Urr2YkF2LAtFRivNY+Tlyb3rSZvh/vEl8aGWtSfjeByAR9e07riMwdpoWxLGRAha/omKW/UuFKBiUAj5A/JFNRgb5UkcOlA7O4ft5P67217mtx33QsADZSNcyuLyN9Gu/JCIV74isgWm4pZdBKi/7H2EviO9hL57MXcHdZcObqZnl0EprZYvS3lqdeXHthUQgFu/qU0QprKDgYOpF+FGZ4y9AK02WQePMiaK+JuVe1Wp4kl9U/HGTdN9o6s/JBKMaFP4f6kvw/OTV5BGG8bypntYc4eUMnTumBiDF/vUdSsAHimpqe9S1s+vnX2GQgj0eshm/LKmbqMJMRAcxKLjoSmYEhWoeQv6+G6tKND6TjZc9HF6yjfvWnk5iV+G1/4qce3Rbnu0TxPTC4kZPiSi3Yp7OU97oH1MVYw9iMIlrA9BaB6sYDtoLWd34GgPlOVVZAwb1hqQE7OZ0vQn8umjFZPbCA4A1rzgjaRmcUOTY+wpIAcaRr2FaLMRjZPzBizav4Lf/uKXRUniFsBZr3kReiaWGYDcR3HrvNQVJTxJJyWC/jSAPz/9JKvLbZQYkX2vDGfSOYLcFaYxNpgyEN0epeJRIDRUpmugYw/Or3j2BjIW+YqAN3uwW7UuxZHcpN0bJuuqHf2mjr5kBvrTzwHwaRDj2mATKQjisqHUY6jbf0L+AmaTOk7e2Dr/dUREr1LMBYX7bxXGRCN5a1bFxM9D89fWFuZNqgJ8DmY/lDF3yLgaCXGEuFgQw+HrY2uSBRJ0FfxvKvChPTCBSUHwAtABtD/v3Kx5N9DPN8ocZnJtO8bQeokWJBtaxhre9b+TawmVJsVURG/3ImZCOtY07hU0jRF+sxjNfG4xJLHnfoeF0CiK1JuoDKg7Ej2EBZgRB4XB2VJN2or12ozvxj1EuCDjoAtUmVKog/6JUxje5atCKaDmj6pkAq7N6XRUUUbZvPHj87osBYLkch3YzUBM/IgDKLDV/eowfbCueajI8dk0pGRio5zBIjrW5dHCCk2byswFehC+f+SGJJ+bdi0eB4jCjswAE6x+TiGVohq9XLxWW+EHJQh0ZezO4Q6BI7qAxmuXcFwPa8B27xIEqKMmJScKBH6Hv66zQkLgyDTkoWpv/xxyaLoKAU7uW4hJa1pfRZH9OUpZbfI+7u42mRMPv6erMuZngKTtTtRCV8RpXKaKiFVAdd6hVc0Rgdje9D8WW1rkn7C3JfSR9WhNOPajIMg5gwRKZBUCvGCHYp/RsZiwOzdjKNlzPjSi1oDEmf4LtkyaZdFrqIHdgvGoaIcFi4AlXWaCpBHmbty8aTyl1CWFlLYnMslXHoaXVnVimBL28LVxV8rQfzig7TJI5GVD70rgMZnlLWgBKOMjJNR7w60JkVcsBlplYPibj7FxD8p+F2Ywou1UgrhLrberdJfgOk8TQwLPKhyZHzcHS82o97A2bp9jpvpV0XsOfhSvLkdEFWvn5FePSWhxDvO81M0V/J84OBVJowQ6NVGiECKlUkx0wiXrbMPscxaww1DDiVwvGjl7mzGvmhCeoKtcNihLst5h5ng7LIKriUpdImj9QSHC39IYgxqBSAuoHrdQs25Mxd5jKbLJF3OIotxDe6Vtw0DtwHxJySD2I4neAeUVfP/UkQ+pWYY5afGgWymBcOhK6tOStV7MN61bSFJ7t9c+oITfcsvQSJ3IGBSCf50nO5am+aLtJgx81PKv54PqWywZsALElC+IhebVtc/LNDCgAXdfZPY+TFDA+q+c0XHbEZKRihwTn5hGVqPQv8N7sPI+Gzc/garIxGUB207n3rjsGdtufy0w1LCn/hGJCzKglNg9SymDstymKHNH0Jp67dPWIJ4oWdQ3cKpNJklAzFN2J12TkVRFljut8Lr4O7uWYHNtbDLZxvl7vgMoETsQeRigzI7YvsVb75ismfIjRZ4wU1XPDSKonAOYmBzeQ8CfXrweaQGSH1bHP4B43oNh9bGZEySHlcHxjl4yabsqsIMhYN7JiemUetAnXjluhlSUD2Uf9QD0jjzYBpcBJ2pMqH010VM+BxmV+86HjOcMFCOkdQ3CjD9BBXbHbdH9MiPdx5+CZ5hX0ybont55L2ElI4Ue/sIT9jU3Z3rG+P7wCSzAATpqNzyOJdYIlK/fb6ivdwh++CtI7snAqbo5HTOXoMQ9mFMkAnJuZFCMAJEL08s+rGq3HOEH8B9fu4frAI0lExlRAv0bTdyb0CvyCIN8HAhKT26G83rUHhhlaxutgPW93/qeS9TC/QWgGOFJ/5dyDzHBupTh3Vex5Nu22lP5pSAbUoDBjCXjlZSdq7qIXVAsMon9NiXbPrNWoboLoc9XlzQM9gRDqWSn5QUFRUdqg07jFgSUf/heOV934Bez7RTL6L2rXh7rbHXZWTe4p70Q68zo7mUQDuQBO1y/Jx2l8rfUND9Gt1wnGUAZO9tgL6oqn4to9bp0o4dO1jWefdNHh/KbZckRuTtbEddPasBs0xc9MCu/C20ceAtREnDRNu41YtgSw==,iv:XOQg3GqMhWAWJdLgcw6wLi/Jw0KZp4YpuoY5MhzizoU=,tag:2AHG2lyRClCa96qBZM9MLA==,type:str] +ddclient: ENC[AES256_GCM,data:bB0gOu82+124M8d+AcTrhnaexZn3IRx18OM7JkdXpdo=,iv:o7pI+mMlD11TVK7dpf1pIKLWZjFoJE0BUW+FWB1CNkk=,tag:2eiyrhFAfCRwh8kx+ox6VA==,type:str] +filebot-license: ENC[AES256_GCM,data:twfY90M2Qq4T0B2yXwFw1hW94JIjCsgXDtXw+sjJxxCwn3t3A7cil64jJ4cjSFHf7gnT6/ijgGVBh70+DzurSI5F5XhIg9vpl+NtNvbvNRwVfO+tvBgFsDpmhZ4iAY+9b4uJFSF3BRHF6cNfK7imRkQCrNLBxxrRKdL3TWqWrSyz8k8OCs9oVHXUTLv1qkdcOn8R0a3c9CM+u1/FA3d7wFVAhdgj8T7mubbBAtv4CJFrU9Qm0KZSx1PpRFrwjHTIzLL1on40SExhQLrKMzQs/Abv2+p6QeSAMWRFc7RKuWOyQUF+Cti+a7q63DZn/IlOUeDvdnjzqtv6xTdh2jcBb7zujXgkkBOvo9PosF4hYL5LMpl5IKKz67lVplo9CHiDOWDdjgfel331ItVJrPnwQFpv0EanzjyWC98/WVjOrLqAK+zXsayDrVpYOGGAiCmBe5ucJSy7xQV/z1qMQxVDqw+zt6e2HLz4zfMBWLTzxtOjX/eLSk/omcrpPx+wDWjXBjFJtcLHvTtdq3nU8i/a7XFCKsywu9UkyShqaYj0zS3+pg4GkolcpohH9c/fQTX1HFOdRXFgMoRd5pgvhHE3aAGXr83d+Euvdo/NuKnQWbU6XYWeOwJLRevayoACd8luIAB/gm+1lTJux0Vjxj6VEbDxJEXIqL7C9tDF2ikfYcrMytCrA/ZcBRJujIBLoOpCTiFhbHjT6F03T6Np49qOxYRIHSA/GaZzGHhBpb7srZVsSi5qhTfOl+EiiShsgmZjhse0lXoyNWBllo5Dy3E9vB26d2QL0lEI30kqrO4XdgaLtZuCC4lWP/RxHXbYSah1xm5K3T8z454mGBRHJqMHrCMEhuk1NHdX07xLbVeGM8qnfX9y519hzQEPSf6Cmz0=,iv:wWL5EcM25VSjsAB79FO5lv+8/q5JBYd34dhIyyjJiuY=,tag:MyaQAWslwW3caXE/XiRdNw==,type:str] +forgejo-mailer-password: ENC[AES256_GCM,data:anUrMCIKbWCqNSN5HJKjMaqhlXVT+QsKfi1YdW4sDKACzL9LpMbdT4cThr779QDSvGFhbRuTysEs0jEQjDUdam00,iv:pBlGfyuPbKzp+QXHlR3eZpvy6Uhcj5rM3T1rx47P+us=,tag:lCcNRj7xo90kx0dknRU4Vw==,type:str] +forgejo-runner-token: ENC[AES256_GCM,data:HPn7kdxG570G0R74oT8IhGb+ZgIOgiqzio+GAPBXuO1Enq5ygm9xsFPeY+m7kBM=,iv:Sc9oRZctOAe9JEAy+JotKFFErMA3J0lc+0S6N1W+MGo=,tag:PY8G6SasJgpZUP25CP1r1g==,type:str] +gitea-mailer-password: ENC[AES256_GCM,data:ahsBBVjmUse9VrZOGQ++3C4WVOkFHJdTPYg3b3PGowdHheZkoSe2uEeKmnflDPHGD+lMtFoLAES18pIv8G2/tDAr,iv:QADR4/YZ4ikJskcHwfqiGvnCKB7WG4VTDtJkVuNaho0=,tag:E8WSmvw6IwLa6CxaVu9GhA==,type:str] +gitea-runner: ENC[AES256_GCM,data:eoGF7AlQqGWUQT1mtbgGFhloDd8WJp9qcc6XNohWz4oLS3Y3hdx2hcBL6VnF/vgtXZOHLZ9Bib3JFEzViYDf1p1gouvcfsK/4hKNfsoe5rswKvPRb3m4jDJnuOUf8JCFoh5XYBjCH6X9EG7WHtWTzYprRJ9EzMLwIHUyGULT2BmfLNHkEBDkfPffp5Rh2Kc/d2VpGM/qBDkDb6eDskiXC0UeOHfPyIyDsORD9bWx+1YYiUu1S7fpLD5nlN0JW3eaw683yvczNsgSoR1DWl5/6/I=,iv:UtRDVC1TATS2I0wWXHfOrfgFTJpML9TS9AN2sXGqtPA=,tag:XhDdZl66RRvxGNWYK8iQTg==,type:str] +gitea-runner-token: ENC[AES256_GCM,data:7z3aE/HNuZ0H8wsc/cy5ZiX0cBjtEUYPU7vabkh9AXgOBd0Gfv+bCyrCzvN8MyI=,iv:VYfJw/g2R5Unok+e9/wJjHS4gYNmbF+yxoRzyHsm8iU=,tag:mLwUu1GSWcq7vzc9PEJKWQ==,type:str] +home-assistant-ldap: ENC[AES256_GCM,data:P+yqFcbfqQvgzNj3wu488HgTUFd7bE35cQCpe2nWUQ1SqsXVT4+Q8i+WlnpWaxLAP0QlWQqKBzqUJiU3/k9PWA==,iv:VjlAXLAs134gopU4oaKaPoHfTKoEK5SUlD+IuMw+3hQ=,tag:G0RFhr4AOXbhCSJPJA35Kg==,type:str] +home-assistant-secrets.yaml: ENC[AES256_GCM,data:naM/fFaLtlRWEkVaCkfUa1RvdYK/pJl3mREGSI3QA+3vqOGRj46yTDdTvBhcdi6hKRatJr9HJMj229gyJSneUUFIb1cz+rPyrXnIxBMl9fsjQfBF8s7YoZy1UJxO8TIrdBkgKPKg+olk8aoR2jkafEwix96g8JR8C3nqJF86JT+LgJ4jeoPDBLUG3Ae01fRNkhKWbo1JK3RCp61m/cR6Mp9H+EbgO1bQ9puRCAXESabEwF/TgcQQuv56h9v1glU9kqfe602zOzyUxuUOo1VB9+lRCiAV462vtZ99kKxIvRbNWd4PQ0xoPI5j7mTkXIpxZSUkrIsXdrbZuAYvHERD,iv:KycHSWt6nXdf9MoRf7cNWJgQ3e3JYK6gbJhSnHu3/2Q=,tag:QmiYIF1FYjDa3I86KB9oMA==,type:str] +moltbot-gateway-token: ENC[AES256_GCM,data:TIw7yqHbyNLdka0PHCrX1UNgK+PYj13sjJY9QoyMVIuMvFhFh1Fg9I8vTqD5/AWCypkcmmQullx3t/rOU/NI3Q==,iv:fkZn4u81Q+ZdEBM8l4YVhDVpAqdLEMFXRQMuZ3mdeC0=,tag:/ZFOiNCvI1holTkOtvgF9Q==,type:str] +piped-db-password: ENC[AES256_GCM,data:JM1ZyHOhYDo+fgiVRrYB+iF6ITL+hSpVY+h/xVH+aP85HEoaF+Ryo3iFxpk=,iv:iM67fueJ1ebGF79Mj/6YH8mEDc6uz0uTUGsKF43xhAI=,tag:oPBws8hO0fmS+o859RdsMQ==,type:str] +pushover-api-token: ENC[AES256_GCM,data:EBdqKj3ac/H9vYWdMWBKuRo18ucuAZHXEiS2LNLW,iv:vIx2/15QgfT14GcYFVdUcsNEk3On5nZ8jbqeP5fFwG8=,tag:sR+j0iqjbMPaFePWVRID4g==,type:str] +pushover-user-key: ENC[AES256_GCM,data:/dKxdB/eM0MtNSVcr4NYGv7tw1Cvkge8p/HcWv/+,iv:RzLuLyg+2KSGH9UW2495KeKEyiTo5OzMWtlZhgg48uw=,tag:2q7rAvy8bWyLPLNONmagig==,type:str] +wrwks_vpn_key: ENC[AES256_GCM,data:8LmRG8yVFfMTwgRnT5dQg5H0b5Yaz/fM15l4TsaVaEQ0PZsSHY2PvVacv+6iZdDZOeyVZfslg+12dCD5OicN3g==,iv:QGRs/d8HK77PwJRpGFu+7ciX7sqs8ZV+3KEh2BlHZ/M=,tag:EwebFPtI4TfAR7b9ps7vJw==,type:str] +wg_cloonar_key: ENC[AES256_GCM,data:9FgI8sAGXgn680jhzUvWY1IsmcuGfk2lPalE5xWN7iFi2KnSbj6inawwJmQ=,iv:qahuBL2U2ncS4SPUPYNJ4Eqaq4hc2zkgVAiyF7+0jVM=,tag:Ony3Fd1F08Dxy3fTGmp2sA==,type:str] +wg_epicenter_works_key: ENC[AES256_GCM,data:2gtqs64Zzz3Uy7RPWHszideTtzooA3YMaw4+WfmTxBbQNKREaeySV2+Vdls=,iv:sE0CRkgz7FCiH3cWg3ozzgjEMjQ1PxSm06wFKqqi/DY=,tag:DkgJISsUh0v2yIGZFVcQzA==,type:str] +wg_epicenter_works_psk: ENC[AES256_GCM,data:gl/6kg+QT+y3InIcx6OcVlEckhyKYzDvCFbc62CjFTLq7pCDuNbAMSpLJFA=,iv:0QuR2twfIMuyhT11tblvZ7A6BHqBJzZcx4IprTVlqw0=,tag:oJlLXnsy8w1Dcbs81MGsjA==,type:str] +wg_ghetto_at_key: ENC[AES256_GCM,data:mpKsGzoWz8U/v/aZdN+z/U4z9kzlSo6IRK81yEkGjrOqhc4IHEuYe6U6I1s=,iv:qityQlwmZMo+Dst48hGhegN04cpMwyB0soeWRiZiVZI=,tag:uBtl/jdXF7BihNfIYlqJ5w==,type:str] +matrix-shared-secret: ENC[AES256_GCM,data:IyeA3VvLhgGzEpTrQC85MlK5ngrPMvw/GmQhk9mWQ58NJsC942t8LcQO4AGMQBtrq17eLv6Ke2rOuoxlRA==,iv:zLKhiv01ViSH8dN9j3XJA520KdgBFQWO1bo/cuJVDuM=,tag:fiQ4NWhr+TtNN+AbGAtjxg==,type:str] +phpldapadmin: ENC[AES256_GCM,data:Xv7G0iCfuPG7rXWfddgLV2Ztftwh1/lCY1KU+hGJDSGxbXKMkjThS9HL8+2BkOwHr46YVp0JHtxEcK4dxOQ/QTCF0xU6eo92dneXJ8ZyPe4UVWX+3x26vp1iOEpaDqL5n55FqKX0vJHffJBUS0mBu403fkJS463Mgyd8i9GPYBGZrGiiiApj49DUqA4bKdnxZMfOvY1SLk5wLfoY10uUuWlG/hwKrp3y5EkyQdUuD43kyDUMG0Zcka5ovz9TFGCQqGERWWnasOlduYTlR057h3w6TKi/I4wupbp2IHu+hyvrRtkM2/EcVPXpvWgEE/i+EFto3ku/Go+L5yjahJoJEhog0oIsZOg3,iv:26JI37tNe85LM88gg/AOoTqmSPjXD4hXbePwSJQrqWw=,tag:pFwr+73n5s/cGFwNnBlLsg==,type:str] +palworld: ENC[AES256_GCM,data:ihtdcEXcqiSr2RqsYreg9HlYB9SVkPdNTDThZTU390Lxu8SfNkbruYmYAALo8H8N2nMX83FAyuLGQ0OHlN0qSPzroK8QVUF2oI+JAcyjMnKB/gqhLMMgr9UN+72X2/3K2OwH+rY873uiBVAVbTBtfOJzDGDCgINERSjVtyw00n1Wxzlz7JWti80b8Hdilpg6LZj7VshAZf19s0VWljxz/drGBHCetWLn9dCop5Q00Hqd7dC4rn+efVelL0M7OT8KiGfYyoUL5cQhGb4ihYXa5+QuvIazm6C5hoQn0Ou7PFQGitB13gziwTu/OXkZeNLm4+xuayr52G3Min3HwzEtiGVP0DtYJmx+ONUOal/scZXuhkC1fjtkIdSQZi3L78CKvvkxQz6VGXi2gWxeZ63fvxGEitiEhE4JG1XwERDQQup1OneKIeelNqiQKSaYmQe3nJjn8lrFW+TKoj2hgFHw9u2xH4Qad2HcsJPiz8w2MdwBVj5H88vBSBWGUWyi6D2cxC7uaJ+qEINzjkWodgdUfD+OyPrRqQcuB6geRgadYpmpr+fqH4sIbYg31GfUgXtEfCxm9muAywMzhhmEq4173F2JNTYHGJG+R+2CoMpw9nJSidQJNaSJnZRPpNlShmBbgPt2rvqrFVXeKpaIpk4OjT57U+vlV6OzP0x8CnYe77cspCntm5VcP5lzqTJ+Xn4AZWY8gPolQM87VZ+oOQ==,iv:7M4FSofk3eYlLKuVIdxL49g4bwTF4ju8omO0PLMnZVw=,tag:5E9q+as6oLdF++dapuG6TA==,type:str] +ark: ENC[AES256_GCM,data:M3ztO6/LUCD6Zik+g1SuKf+2ne4ZSDaaD0R/kWX+qwHJZ8Scfzku63a8qAfytfICQ/XhTEF+f6s5pxTkiN1mgPMfdIda73d+Rv2yeVTkdgsamY9kTrTx9v3wZHiNyUvQM+IjNUje2CsF4iivMzyJhIF0112qYH7bMuvbKydHO5EQw4WPBonIXfLC1vd5wqAXWgyuQmvHTwHLgTQXSLiKbP/MhoBrpuzQtNM479VjMNVy5FpCf8+hl9ffj9MEcsORCB/hbG7HT7tdkP4w,iv:EU0ofqpq6qDCgwc9wrI32o1f20bhIASVcymYSuUMy2I=,tag:tvtVedgFpyosA/kMsxIGGw==,type:str] +firefox-sync: ENC[AES256_GCM,data:ctJxQDELOxkXJAJusvwGT70jShSr2o+xtAFvX9EuWe5DxfXrXeUVdHo1tELp8kofPMnYq1dMGDvj0iBNzK6MPQ75jeehZSO+RVyeRQopEmIJUOOFKR/goCeP0gcTOkuKmyr1p01OBjUTIp1UWvcsY6QC0ZHjF602WsmEZ+KeWw3uBnR18+7dA5tAkvoy1O4=,iv:/eVCI11oCbRxuhQpX3BEgwJCaoPHPTBE0s1XgVT1rHE=,tag:USu3y/CGQlliVJzeloCtQQ==,type:str] +knot-tsig-key: ENC[AES256_GCM,data:JXz7YJGgxoEJV9KiaaaiDgE50cVcZhOyXmknOxpV4zdgximUrM+TsNXmd9k=,iv:hhOThVcAMWTwp0bqC+7JMDS6O1iZzpE50AxvDB0sy2c=,tag:IAdZlLxgNjACBZxKXCrh/A==,type:str] +mopidy-spotify: ENC[AES256_GCM,data:/InQ6bFDZMyP2Np6f8zOh/Ssdgr27tcrwaOZhodR7Gagau2RQCJ8QHYK42x8P/3TEDXLbR2umySv48cOa/XtI8CTQaPAttfw++11QLIaXGfiiKgw4NyjNAAnhB+qlvXBDaLrGyk2PuDcPBkXm1x87hh3Rtou0Wa/,iv:35drh5LsdQLhd3v5VfK1IeVOeTRM29PdZSY/dH9b7ZI=,tag:lqkiE1rUlUq3Ym5sl5Nsog==,type:str] +lms-spotify: ENC[AES256_GCM,data:7yiuiZc6/65ppPjzK5ngt6DOvFtnD0HRgKca+TfsZ8rI0CaNywVZceW1lA0v6l9a4FJaOcMegNIs+2cNa7BkVpia53uFRL0ikHTDyI0nB9XLIhmbnzlbGSJ26MMeczJNS3J6rEX758BcEXme9pAvEmSWUga/GTlRcjfuFkvbToEpbVe6oEhthtnf0kucH2Yr/7ETUOMJLaUfb8NhvUUt6+BOb4zy52cXRBmB+IWo1qM4djx4L15ESP7MAo7iah83lktyyJgn5g==,iv:Y0mWmoW5xxlKDEjX7NIFG36AhTfO8Yuz9nqwwvK/s9E=,tag:pQl6V3q/DojdqmJuMZBJHA==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTDFvM2l3Tm5lU0paWXpF - cjVBSFhENW5mNG9DSFM1NXh3UHdaKzlKMGlZCnRmNFBFVWY4N0FqLzF1bUMyUDdL - U091VENiVFhYeEJ5K0xodXlHVkhHKzgKLS0tIGxta3A2TjJiMUtiR2RzcU02Rys5 - U1c0SjRKK2UwbTVIQUMrT1pOOVFmOVkKY3UyGNIPZJLE8GG124y0pLgqGub9SMCq - plK5H+kASOB1X6pK+3PBFuDYT1AbsRxXvWgAEMvVI7eBcxQlSrrB4Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRjRJU3ZXYk1wbndIRTRV + WmNTY1BxdTdtMThwbnNNYmVwdlBVV21UeEhZCjFpY0VMWjZSdlFWNjFkVjNrcXVY + NGIyR1QwOWYvbzA0bjBGdVljYURJUVUKLS0tIG0valMrZm5GLzVHL1ZFWFR6WEE4 + SFZidDhhTGRWZ3N1OVRIck0zdU44enMKcvt5966NSlt6heJmmOk0BRHOZnimLzi+ + EPD1lnQH/Pq56Bcb+aFY4qymUwWov3TbshVBhh7CTiNtF8OSkgoEsw== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaXBqMGl1UytNL3BkZEhQ - S3RFL3lZRVZKTGVRTGFMNlFlWFRCNDNvRTM4CnpWZWovSDZaclQvN2Vwa0dWZGgz - Q1ZLM0sveXBxOVpvNHkycWJWWXdmVE0KLS0tIHl2bFk3RE03N01IdDJPWk5HT1Np - Qm82Sit3Q0haaDdnbzFjendMUm04Wk0KYp09dxXjzvC4IlH6Ilip8YjTz0mFeu/0 - 5IDMYjT1BuW5YiKgIJVd+UgOd6ysZLFFwk+Us2AcV7z110xk/askqQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBNSthOTgzZUhCVjBVb0tn + RnM4TWRPZmFvdzNMVUJuanlXdDZIMnpkMng0ClRrdHRNblNQQTRSdkZ0dzFWQW83 + azA2UkdqOFFxTDdTOGJEdXhXWkZQSWMKLS0tIGdyRndDOXd3MnI4cDAyRmQvZElW + Y25yZXdwQXJ4a1NGbzFlVi9oMWJOYVkKjMFhePSmIyDjjzn9y5wJN2yEx+88KGhM + W2W3iUGBjLOhnsUdNzDtrc5mDM+OH6jckvAz3UQpAUBtEaf+TUv3VA== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Wkd0YnBQRnExeVdUTGFu - N3o3MnF2aTY2NlBmdDJYT01zRytWZ2w1dFg0ClAzcnJ0NFYrVWlBM2JQU1B0SEJi - MGE5aVh6KzNmaEoxaHFOTW90K0VmMGsKLS0tIDNkOGZyVmMzME80TlBWMzI5UVR2 - djB3Y2FIRDFKWlEwTnRBUnRIT3M2OXcK+SIt/7DRdQi6H1AZooJN2Pt2g1EwVTZe - Q14cEt0sLyVYzLJugfz2JWRHDZX6wPueYcTSEs7w3wAPVwvJWju8bg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBib3l5NVZMMWlVbEc1Y29N + THBXTmt6YVpnMG4xVjVNb3BJampuUVJoY3dnCnRMNk5wQnJzcWVLS0IyUk9ta2cv + U3dVWVJ1Tm1US2pROHphOGlidmxUK1kKLS0tIGtFdUpWdm9KMTVLS0tUdjBMZDlY + Vzl6QVE3azNtQm5IblVnMnBadkVCcFEKSbU+++fmAfh5oXPnjHbXK9XYDoLbtn9Z + qREcR1NZjTliJd5jJ8sgMMxDKo6+ml6nOsRLqyCqITllJpgFzSLe5A== -----END AGE ENCRYPTED FILE----- - recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQXhNSFBnNUtMdkpwR0th - M1NmOVorcUdlZTFDM3dVRHZlYWpJcDZiakVnCit6eTFOeW92SzhPYzJxR0VTem9r - MSs4cWxRbzVBQmlWaHIwMjB5RUlJMXcKLS0tIHNSVTloOEVVVndDWkVrWmQrYXlD - NTd1WGFJWHVLTnFNT3hYbDdtSnMzTTAKBmJOayZLbjmBejwVzVtUSYPki+qPkYwG - xdO3L7n0Z8Cv/kVYZpkuG5GqOUL+nCJuYDjF0g4PaLb6WWd0W8ZGFA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YzIxSkEvUHdlL0FYcDhm + OTlTR0ExNVRPZzVTdlhFUWZ3YS9ncm1ObWw0CkQwWGZyRG5iN2FHNk9lVnpvUlFt + eTJKbzJYbXBuSjZwTitrRWtERnJyWHcKLS0tIDRZZU8rTUxCQnI3QkVhZ0h6WC9y + U1BDd1V3M1VnK0dqamVndGdVUysvbDAKPipxKNbjkE5VugEvKxt5If1iFules5ul + WLH7rH8M7R4uTOufBomXAqx3vMxxaCqUQlfbqhUkN7AT8vDPt5gqFg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-01T11:01:54Z" - mac: ENC[AES256_GCM,data:taGX5HHZCL7Zo4taS2Jz/5WxhvpBNNKZ13ZCtS3x/P17tC1Nrk2UDcxbOZ1pPVbVvvaAHJtDb3owFvBOM4nr2Eve0M9zT4HbXh3hke7AviQ6U7CT1ru6LjY7W8lBjbQ6uCt+Ldxd1PRPPGiyKdK5GAUPKg6avFjpJbhEikh8Gww=,iv:NNs5usVJ5izYvHKnNm1IgjSt4dg0QFQ7cClJ6zh+3wM=,tag:sYYbEWIUgOWthEItdy5PFg==,type:str] + lastmodified: "2026-01-31T13:59:03Z" + mac: ENC[AES256_GCM,data:Nr7KPjlCuzWE4aAZj1MqD8Nm5TsC5FZWBpc9qQJMUOGjQMHYqwZU0fttRcY5Ik6MIH7+f+lPxHyRqqoy9ufYOqtAs5+fTDIgTGpYsBqN/MYqFLtwqAqOKoM3M+q0V8zmIotA13MQR8UxCF4WXCg37vwWKFKbNXlilpGOMOr1lHA=,iv:cjtfFHhqelIeNM7Xh6HIOJuQB2QzFp/vw8LcZujo6c0=,tag:Kb78AF9dswbO/MqjHDoQRg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/hosts/mail/modules/metrics/default.nix b/hosts/mail/modules/metrics/default.nix index 998283a..c355986 100644 --- a/hosts/mail/modules/metrics/default.nix +++ b/hosts/mail/modules/metrics/default.nix @@ -5,4 +5,7 @@ ./postfix-exporter.nix ./dovecot-exporter.nix ]; + + # Systemd services to monitor + services.victoriametrics.monitoredServices = [ "postfix" "dovecot" "openldap" "wireguard-wg_cloonar" ]; } \ No newline at end of file diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index d83e825..6a6add6 100644 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -12,10 +12,12 @@ in { ./utils/modules/set-nix-channel.nix ./utils/modules/victoriametrics ./utils/modules/promtail + ./utils/modules/autoupgrade.nix ./modules/cyberghost.nix ./modules/pyload.nix ./modules/jellyfin.nix + ./modules/audiobookshelf.nix ./modules/power-management.nix ./modules/disk-monitoring.nix ./modules/ugreen-leds.nix @@ -63,6 +65,7 @@ in { directories = [ "/var/lib/pyload" "/var/lib/jellyfin" + "/var/lib/audiobookshelf" "/var/log" "/var/lib/nixos" "/var/bento" diff --git a/hosts/nas/modules/audiobookshelf.nix b/hosts/nas/modules/audiobookshelf.nix new file mode 100644 index 0000000..7bc2fa6 --- /dev/null +++ b/hosts/nas/modules/audiobookshelf.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: { + # Audiobookshelf user with jellyfin and pyload groups for multimedia access + users.users.audiobookshelf = { + isSystemUser = true; + group = "audiobookshelf"; + extraGroups = [ "jellyfin" "pyload" ]; + }; + users.groups.audiobookshelf = {}; + + services.audiobookshelf = { + enable = true; + openFirewall = true; # Opens default port 13378 + host = "0.0.0.0"; # Listen on all interfaces + port = 13378; + }; +} diff --git a/hosts/nas/modules/cyberghost.nix b/hosts/nas/modules/cyberghost.nix index e2e7419..b4937f4 100644 --- a/hosts/nas/modules/cyberghost.nix +++ b/hosts/nas/modules/cyberghost.nix @@ -1,7 +1,8 @@ { config, pkgs, ... }: let localNetwork = "10.42.96.0/20"; - vpnServer = "87-1-hu.cg-dialup.net"; + # vpnServer = "87-1-hu.cg-dialup.net"; + vpnServer = "87-1-AT.cg-dialup.net"; in { # SOPS secrets for CyberGhost credentials @@ -37,8 +38,8 @@ in config = '' client dev tun - proto udp - remote 87-1-hu.cg-dialup.net 443 + proto tcp + remote ${vpnServer} 443 resolv-retry infinite nobind persist-key diff --git a/hosts/nas/modules/disk-monitoring.nix b/hosts/nas/modules/disk-monitoring.nix index a4cb579..af23ce0 100644 --- a/hosts/nas/modules/disk-monitoring.nix +++ b/hosts/nas/modules/disk-monitoring.nix @@ -7,8 +7,6 @@ let # Disk identifiers from hardware-configuration.nix disks = [ - "/dev/disk/by-id/ata-ST18000NM000J-2TV103_ZR52TBSB" - "/dev/disk/by-id/ata-ST18000NM000J-2TV103_ZR52V9QX" "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_8582A01SF4MJ" "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_75V2A0H3F4MJ" "/dev/disk/by-id/nvme-KIOXIA-EXCERIA_PLUS_G3_SSD_7FJKS1MAZ0E7" diff --git a/hosts/nas/modules/pyload.nix b/hosts/nas/modules/pyload.nix index 05a8152..6788f79 100644 --- a/hosts/nas/modules/pyload.nix +++ b/hosts/nas/modules/pyload.nix @@ -52,6 +52,7 @@ in home = "/var/lib/pyload"; createHome = true; extraGroups = [ "jellyfin" ]; + shell = pkgs.bashInteractive; # Required for filebot-process script }; users.groups.pyload = {}; @@ -90,6 +91,9 @@ in }; serviceConfig = { + # Disable PrivateTmp so unrar can use system /tmp for extraction + PrivateTmp = lib.mkForce false; + # Bind-mount DNS configuration files into the sandboxed service BindReadOnlyPaths = [ "/etc/resolv.conf" diff --git a/hosts/nas/secrets.yaml b/hosts/nas/secrets.yaml index ad10006..c152bfb 100644 --- a/hosts/nas/secrets.yaml +++ b/hosts/nas/secrets.yaml @@ -1,48 +1,143 @@ -pyload-extraction-passwords: ENC[AES256_GCM,data:zOvPYcnvcg2OwJaCZovYQz87ZN9DdpKX1Re1/v24daw0WGBG3sGeJn1q+LDfjPIMy487CdY=,iv:loWfUcIw30kVXchmXwAts10FNUGxSsTY2UVRKs0RTJ8=,tag:WlTYugSv2ApR496Uc1KPEg==,type:str] -cyberghost-auth: ENC[AES256_GCM,data:v8PlO2qi06p2FZR1iFbHAVPr0k+X/A==,iv:oEzIIZ7KiVJ5EpMT2YMgvMZSJZwtIsnTWwkMXxl/R4w=,tag:+NOMggSKloW0SOYxopHrYA==,type:str] -cyberghost-ca: ENC[AES256_GCM,data:BAYpZ2xQgD05MNn4ZNmIGPByF0ERMLaIIC+iY6MDFC1rbfy50zqDKvzx8fdSYJp0hmUd7M+QnJUDDtq9dJkNcY90A1jiXhWK43gxBSeklcEhj5+l8tzmXuYGe7XtALu7D+Kee2NIUBEY7NHZOYP0Tj9BVFVzmyAKhgu6vs7UEwNt518LeIlH33eDO/809/vXVW2VhX3HoMytit9kkhczDRh/oCnMzmC7SKsKwouCQAcOSLLaNyAHy3jOFi78CPqBPuuv3i6wsAgKByvdQ3QpMGO7xx9MbEZsRZJiDJRRhP5BOy4DX/H6PwsR89E4QqqL0fU9P82p+3FlmVyHED8MJO905T0SC4PPVKAUlbtCbOvoAZOSXTouKhLNLY7WMiwXEEVhrBlu/Ml40yCwUJ7QCiU7DQBEBvOvo8l8pBU1nx1JzbzGopDsOVE9csF6H5g6Dxf24YqAsDeB6cmeDXNuDXJcr+6AeDtMyw8d+SiTLKmPa58eTqM6JEYY2yn/1DNkRyyyc5bFykdRUacWOUuqXKnzT/oSxfrEZHMN2YMRJU4Vo/K5WQ0ymiSv5miFSnZnm60Ha7G+S54swjFaUUmcMh15Rva3LUw4N0uM9QuXiLko1VqJlPtzv+eveCBCM7UiET9d45PAOjbk4FCjmzONSCNdjQhI0B6OwuZ6G0aP9rrGV+vOCijfBBqy6Y/wLKV166OZ4GYXkdBuQJ8VnSjoxA0vbtLOXA/L8PdvVMbRbZ7kYTFbtLQJsO+gCpEJOKB3VxnEVXcnLqyCpwEOtYVf8e9haTOVr09WvYJ1xLx0kjDKlp5g3X3s1CLAJiBnm97bLH8T/j6FCqijSLZwVjZtF6HEM+gn9G6nT78QastOOIfGE9YTWTPEl4t4dQRwK/Sv0OoaLokYN18gXEtAHxGLhHjzjeCeTZz8o1dE2ILA0t/xk56nzPWb8KzJFvjyWfUpyZuWNvEftxWhtV9c4i+Na3uyt8JAAySljpEcefWDYn10lr9RrixDgpU094Z34PMZCoLvViIn8Winxe1WIjQlchUlgTyBKse0A/q0Xr52jyOuMms2GUS2ssDnBIocER3RT6EetJzLvTjFh5EeQbRr6EgdXsvWzrN46n10WfqyN85DzBZneKLPT/XWlYSZPE4aJj2KGPT9Gic8Yoouf5y22exXnQkfRZsCM32THg5ug075Qzkf77aQLPx7gFzGEWrJo/hjRb178yJW/Hhc8IYPPK9HdA6iRZm0LKfrEWi3gUFzkQO76fj9/wbYe57bHuYJW8B1516fyjvWPaz0fqdA//xLIfEgV6QS/iE122TYAqPk4OCraR7RbQ4stVutrI6o+ZJDSkCc4FI8McECtReVe7TN+pEzeVGlOa5s49L0QxEhP4ne5Y0gfJy5vBsD5HKSrLpZxww0P73UTUZdDCjKAnAhCFfYBmk8+VOFybazZS6Rv4zF2fvNPQ11Hacx1V2NGHA1uxrRpr+nUdeCIMPR6dtX67WTv4juIbr0oQBuJMsutzX265JQ+Rt2aC12FFpfN9TCBprFgkgRdgBUJWRcFfRwjD6jjzyQZGQ+nGuibogi7TIn3QPpVMNuwbe8a2Ks9BC5XjVhmym0mhS01DUmITLD1DPyVh3wGodB+4OQ5miJOwJeA11HBq1B44sTjC7vTSom4Dk/AOH91WnJrW1bG7Yw+j/DH/bc5efXlho3cHOQoQSWC7EQdLMzV5TXqY06idTwOQ+wo9l61qPCh9gqJLPlnNUrUqyEfc0zkwWvIt7gu26qykjET2Mt4cyXoFyHORqNywff37e3WSroo+meAVtO+xDPIJ5fI0AOsfwXRKiT+B/nmtE3VGL7duZt7yIbav7WnKn3zU+dEGdeQSt6cYNVGUtaVvsTO7RKermIIkA/8g/q+OVihf7MvCG5WTYBspu51swP9tN0NRcmmoRyI0bs6DEv8qHplpiC5eUUmyZU3wbhrXXLcyCDpNfwjq4vrotM1BG8maR2BLtVuTzpfKO0NMHA99pT0tateSLNC8YARCIjY/9njmHlVti/XHnjWm977syI3SGf06FUcTK52Vrxaoyp3x96VzGhdPLye8dDQ4MD9B8+B5qdzHF+m6rOeDZpbJmDMea6L4W+LiJLNSq6QolmM+aya3sQvQyCcSve2d+i7QLtIPKPmJkPPnwrbjCn6PHzE8KCAa7jmmd4pfUOAayp2NEWn5AS5qSGMZ4etUMde7BdHWWR3i632XCzrllMzOdOsLu9WF8SlcC4Nt6WQxDLXqhkl8pIeBe6rmy+AXc5wgkj/q60qYK96M12EHaB3dDfwYx/Ijx3Q1qqmMRFR8LGrmsryUsQm2sxQZUeE6I3EJqHD1vbQSZdt7TjLUaITOiRka/BNxQ4frThhiyUvm9zWaZKcoF/mdNdinxYxDE243535Yv/cquQFgKwoZ2/mU83CWyd3D9/8gYOJqrw6acNn1zlFXc4JSWnDaSqn1mSGZyw5PMPPKL1Pv2M9acV0t3d1asB5agohfVVpHgGp6/fQ7xbF/q5/07MaN/XRgbJHwo39q25Q1uec7PP/0qT0XlS0fPYEnDr9m9odfisw7Ku1MSJgic+eaNHXtkIRy3K5tLM9AM793Usn5PJeyS3+imOkit59gSAUlZzv2+IyJeZJIpgptPxVvvLzMpZ3+2PLvFNkmwlsJi+Nn7Fk7+BdzggNkIQMyBApWrZARbMhHxrtVLj3k1XoRciiEwNz11xFDwlyeXnxkikkt8pMQQIW/OMZJoenjbHlMdm4FM+gQ27cHbOu2OVFqeGAlgxIQJK66MglG52M4tHhSgvbdEReHY79AWXjGyy3nXpJx2CSB+Rvlvhsfgb21MjyGxChygxh1wTuKtHVz3F/ya60NLWRAHKQskZB5S6VgsZlgslan4v0mJzBemlh8AUp6g/P8skhLzeNh4JV4vshwIq9+mzTjUli1gzhKA8JP4WbNq+45DMwmURiB1sMalmT91uq9REage2Jx+pQ1PjC5DweFe8y6Bd4G4=,iv:mWBG6fP3do+VzwyBlCVXsWiywRNiyMiWNaxlYFTkms0=,tag:94YPWZtVy1viq0KbclF6LA==,type:str] -cyberghost-cert: ENC[AES256_GCM,data:U2QtxwqqPpuTvawmbUmaFjM4muDJptsdAp1GJrxiFsEtQJJYWJWf2zSNL857asH8/yzTkkaHNAHn8fHpN5GgDqXsHn7A9L1gWQ40OVDYoY8C3KevgyPlqQQgmgpk+F/ogWC6ZSBZIk2ayTe8E1qtOI/KpVjzPoteiXB6akD6OBBsysXAEr56MvdU1c9OnqxauHsFZr1BskYM9fqFXm6b7KzMpzA2BPfxtpuGrnTDzMwciRuQXqJM95h2tDs4KoHMGwhgQjyIrti2eZrXb5GK1N54Hi+fmTCRvEDYrYiOE058uROdYV0oCmXJmZ9LFu+ti7zTZzoIq3jqshLh6QAEBxxi1eWqQ8Qq/zkjZDdOOQIacURBK6UGYRzZTqEQB34m/5+NCuyTq+bhFORNXuEDPf+JYWlvnqDGQ6FAnM+Wg4LmSFALnDL7UHPIHWas+VU/EZ2QwVQQ46AZ8tnyWwsp/0VSZepZuPXOyle/tp7jHOT1aTVFAD5AdUIgB5g5CjTo0Aw4tBVAGfnQEcjClZU/ccpTHeS3agDNte+fvpodIC548hm1tHDHJL98ZsxcE6C4zzc5Kq7nIl4Pqc6bDurHtmk+/O9stDqZGTpb4NERTsFBLaQYgWd1bbQEXXx4YFnoSKQZZVNxVqG0mVHwYuYSLZiGIwj/msKsIqZW7RRZfnfNfc9Er5/KC4SJbQLKcwbJY00gGKHCr+WQZ4wtxFoEefyefabyJkFjQonvVcAN1yjJGq9fN9ZaVrQ92vxFQy3rNHuTyvWvTDhZLedu0ukK3jC/Fc1yuzEcvv308gvoJROS5O8Jk/nfVtfPDZeSkIY52sYKpTQP4gAyn4+56RO2HROBnFvmvIFq/4jb4AZR/GUWV6v2u1zvHw/gX84uI7WyqG6TvC5tPuQKQ5se+xg+bbt3xL+8h+ieBB/a26asFk8M5CnweHB1rg4NkcqrSa4vU9wf7Kd20HH8Odrb4Q9xc876s4HhSqPAE22ZAvTDhGUO4R+pAU86YZzKt2TuPXlR1S7l3v1gzyMgMq95G/VzxOVkV2zY63KjGc72U/u6ia4oIida8QMASckchB7+V+Uas8YUJj22VVvxYq38Nm2e/wUDSLFUoPk/k05D1hGvkoejcfbwmnVoBWDC+sifjuImOLwZ0V2EV1S3Qgxf5OnAbjPKe+gfqnmrVvF+67jJUyRpNmxhq1TBnn28X3QMVu3/cW6kxpaYPXT1OgPdTZ0OeKonnXGAh314XSWH9kTrTgIB2f6xBOD95Xquu1UDMTaMZopljjplX6y63xoRIugeOIXS5wxL+jQz7fTH6l6DCHN9yPp+YM+lKqyLx4KerpjDwB43QOaiqFdk3wEj6u0N+UvHWDaKjhHi5K5FQP+VekuHbBgbj/kG1u6HPZNyeiJ11h4LDvV3ZCdZetUOzTcn4g2S+ai5SryOKKXh9+lVb467swTCtCrE+3+7dplE82HYbTaF7A4k0jwOXvWYLS3EW93pIZsYwsanxNRWInQk85GO+9hSkJSD3InTDUaFWs4m6Y8wbZCr6kQ9XMsjCJlGcJ89k5ump8m+IWhDjEWlKv8+8Fves/ktF2TS2Nij+eL/GUaUSLm8EkRj7vKTsKOfFk8uyn9z6dxjDQ04jhJDPLZ/h4UtiQhQntGAjCuTX9psRiNTHr+b3uge3UszH43+F0SUuqMS6+ytGNeQvC5jSE6CAi1I4DP9bQXUIKm0UC6gPuStgUnWnszy/wf785Ryt6X6Wbj+v65iPfb365AifDozhD99NKabiIvzRfqAP7sVLUh1e9dMa2NjagnC092oNrgkoIJuLlpjaxu9KszRRP38b4KwMbz8A99Y/Rom/BUIU6n0jzzvbAEAw6/mdng7E1GTUXMUQF1lrm4ZBuhanX72akG6fx4mFzaTZuN2a+psuwJYtbl9ewBkWYu8pif3K9mBe/eJ2eoxA6jR1wmjfmDXYTINd/HDjZK2n90j0ZgdxySa1bgqoBWf2VftxWhm+jkVQDXJixZTj4FKfGBmvl2lvkQBMyo1l/tifqAkpzQa6BJFfPBy167B1OuhhEFpQlXgW+e7Hs70htjp3izTRg8/0msDfMTcB/f3kBODpRxnUbZdfNu3adYjzo2DMdBLfJ+DSR08aMVueSXij9sNShXqEWEkX+XKL0lQYKeErqQlwpoy13CjjxpDzmI2M0OaQ9Ow9aIs4H60CTPM2vg9KsyJR+RrgpP2kFFaDnd6+pY4rdE8/yUcTs94tQ6QEouF3/Pvvz0t66+unQT23i1zMEUENiJXUaznhtLRpfj+NJyCh/2CAHRTu95oBg89wqxDfG3B23SuiWwzXqAFnj/GMgXo0O27H2GplYW8rgXnzYwMeEDlbK4V+BtzOUN2sEOZOq1Gu4GY5Dw60V5vL2P0RUsUOyDEeSnAFoEioLU2quswjZMl1/3NCXF5dYV1jUTn3WDEZhE1VF7LRNT/dCG+8+QUf9KiFrkTG+DfY6X3qOSIWXtGWtDMk1Cmj321+NyWdtV78eEg0E3BYDz8B0DndRm/oxBA6UOU+wAcdVRS+zKKOQykdS89NhofqFyAAA8nQY2TwdwrETQOYIjjJAEnIB9C77IkwDvMwK0RO0X5r4RlNlFPaFgFF5yu8NdYTUKmr/kcR0aM5x9rPllRFaYWGCN2EHYTrqin3dflgBooFkNbTEo8J3Mo8agTFfonR3o4YBaCxbxTS0AMo7QoKj6Jm8t4fFl48YKFgtAJX/x2QRm5sTQ6KKsz/rz6beLia7iP8ookdoNkkTkDAmNZJTZMOTeLmGGh4AvGbZz0H8GjGBnhRajl37eed81m5lEVRJUowv9lK2cp/e5rWKheUOpFSULIvj5xnmhTcS+77jLXoUcdMZLwJlceeDaF+HanqaKKgvrKFa6g6xpe4WyuK1+0gE7x9HAmdn+aoUqCDChzCBXgBo9jkuBYviYJTGfLgDx7ZCptdl5xEX4wLbGChjaVCeXsOEqRdewnV3TnQRBAnd/IMlSSgrtWljSQCp667wuSvl40SHQ5zgb0hjcsep5av5u+Cx+L4J8VeKQjSmk383c/2drqC9V+SZaR3rK4p8Hb0qFnDreS4KOT3VQqtshJOrwUfa1EYPqeLXqZ6Ar9YcUpZTFAgcWf3oDLXQ==,iv:kavsBNAUcK7vHOJnj9nyX4D9dHzgP3aBwCLQb9umBJo=,tag:aeTpc2vpO72R45cjBR+cFw==,type:str] -cyberghost-key: ENC[AES256_GCM,data:135n9JkLyNluYlINp4j8/R1gMn8dGX9YPpdpvq8y/KYT7x1Yr/MzD9ogfXFDWTcrfkcRIu+sSeSLFLSifgRQ0oje33VNLUGIBXAN68sLvA1UybBrZzKdOywVHiCl0DDjQ20Mjk0fA9rTAV6+zm3KfutNtjjpBojNmrujosZC8YBbb3O189aiy7Ppq4DF8Q3gF5iaOiDDtgdjH9ASW7yAz5ufcTy9vX9qtbEItShE6spvjbQJ47wUyhDQ2M9eSK85EGSX7VjoMSGgxtKs+XVORXHSoSErtlhXSt8wNJoY7Nl6uB5iz7BdlfVKqsx4ab4aVnenZ1v1boTsUNQ3+ABXNFlgG2FEpGiu3Vnx0yqfc224ogxIOa3hf+IaMdysI1xCkdCOv1Ix7kf6osJ2kspU/DsZNobDZvRsGJQjjHDD45WIVxnI7efnJORVOcWlU67/XmpH16KhN1RKCG6vgXSPwvcjq4SDFhgUNktqD7DaZlRdkEvat/7nMjRT/ReysyBLzsu0HXesewjYw1WskOtdza+nctv47GtBwWwk+PrbmylDe31Iv8k1w0FcyxkhpOTANneeLW1u1EGOo7+sTK2Oei83xmIFHK1ODsP6WflRaELoLE09PrXERk/ohfDzTb515oKAJKd4Wso6vXFYK87CZCnIou+/bAUlk6tl0fXPNTPDUH82KuoEnUEgkyjvthBOq+st7vUbJG4eVoELG95vh9iCjJg5U4ldCd37s3YSH3osJRtNziW5/ZityMRCuePZs35fWGGviRZnhqOM4obz1hz3a5no9UXBWfgOO08nYbpQsVEAPg2qKo7ljRnBhtiQJcxP6/+Kcr0ZXEfVjfmENxhRWUO9IscUJ+ZCk09J4JnvAcgALy6qmIAjgBAvVAIEeJ89KM/972XuFPj7ebTfBmCInYq41hahs8AaPanQAywQTx5Av4ir0G5KpaDt5k8eda5BKANuTPAjZRDxGq+dCXczLjVIk0TTfwHnHlFt7twyxKnQlUCOI+v3dnVVbzjNWdVhp5Gdw7Jij/woEep/zLLHLONmD9qznEczr6sIl/wECJXNcLAMrsNqo70rZ529e0S0+ym3x2TI30jwMhhk/7br+1voku8CBdAEZign+3+GxPGCxQHQOWnHkPslQgm0Uyxu736e8/OKJWNDlC3U/UygPtv6fEnrbb/1BjV9NG1+SErR84Aau44YbCMnBofI7LhJsDXle/XD6FCHlURWPtJi2Tl5tm00sVQhap0LnYb6JunDECbJDwOprOfjqc+fmd2Ja9nj7s5c7ywrHeV4SXbml+FQMCXwh5PAQ/QGM21OShUh9wDkrt37K23d2zginG7ua2c5tPhu2ZOQS7XBBzGDPLUQUb0acPQhd6mFl5DLCt3P6p/o7uiQB48b4OfQRlgSlxoaTCrD3M58zNQYoJ+aa+dY9OxQBL49/bIhf8i9j2uA4mtwzLHE3cBN9A0s+t4VoXeeNz/telVebNlCNpWVM8oFpMAsK8qRtRxGMpsgH1usp9yzL3tzpSkFChXMjL/uKDK8N6VJauBPpnKNcWVPATMI77/apAYV9bttMj+LmR2tzjsetYELqES5MVcxOKENvRtSdX7Xdm71uQH1pIoG0bPVMF/BpysTGoOSBNjG0Sm47B5XzUSsEFavgHFo26a4vi2tRV5RcjEQOC4NxC3uMNc7IkFg0s94EIy5uDEn9r6AXpONG+/kGV0LCPgh4W5a3PTHeHd9Zczq6ZwoAANSVsCH9VHlUUH4Gaz1/HVotsJJWarM/8zVbVTUpSesW3L2DRh8948LP51scIgi05jBLOJq4pmXK3bQNjjFtVU2sVYMUicSGi19hpCsimqm467RKh0ynfATknyruudD9/98Ug8EnXy9scPWNaVeNHPkKidD0vFmoh2I9JpfTrH4Q4z/UCAPyBLG8IWLZnWHysu3w1TW+ro/pkYqCC9HkVXxDbPsfHhKwZsonV6cuZ7JEfjzKWwOZqs5CbtEamOegVtFOUgW4FMwyUYgIQdkKdtidnIINQk0JhfGtnK1MR/oxAB6jsuA4i3XL+cdnCqdncH9HqfEkSA3NhczmEQbY0Nm814gaItORFlXXUgp2TzccOETJETBegCVIwNp1mQ70FKgLu2xAxNrOQwloizJh5aiLLJJ2E8/OFjDUpLLxGDwJfrhzV/kY8b+e6U2BFY4qM8DIXjy4Ris7NBkwgwrgN9Xp3FtP2IGxP4jWvRP6JdW0vP9OnN+nxoE928eQj0Pmh2ZTPwC2ZOJPcKVr8YWXn0BW7SeAcS/vCl3J8KjDLXofFchg94K41J3l17STVlvPTXzLVcED9zzcNIZalDj5KYI7vDC3L9C3gdqtOzT4vO1BEf5GaCSz3xDVYAmS4LoRmXprsNZ4VqEYSQQsuLwFBRwyP1JyNVKa4XGSJDqhhEUYkNB1hQ5llDdLANXz1vsD1DYP57snJxJjgFRIw8paTZdSqA1kOeY8iMtetA62+jKvazyoFmYm6r+TCcVY67qujHODr5eNf9yjqvcV0FX6CcxIcnKsU08k2CWl3E3AqqK8C9Pkw3amVXsHXCgo00ubrZXcNpVxYruuDbrHSr6irLBcXMik9QZuiYj8afaD2sxGjRFsWwMGS0X2f/DJLR8qXLaqh0wrZvf4P75UtBp2mBZJoZGu3Y5AThJyLW2lsdGU5Ij0YLsbEQN17W0oGMgR17+5blOiiWLG7WvRW858odxCPmUcamsQxWdIAIVxfbqpyaxnIX5/Cqnm2ZvU54ULq2SgIPh30yJ/xm1TfDGmHrcawx+wMULcx4GL63OQ5SIp6/UEY4WNtCAHyHB1Ft9qgmuH+S83PkqFR+7cZ7eAxBNhdMwYPPfB4N8F7zB21/f6oMbb8H13fpxtpCRfItf9NLqvEULy1stacaI93ClrpAzS2T7er8Vgr1WS8O3kWRdQH1Bhxxil/xfTTXqXuXYm3BdGr2qOK6AkX+16aaQcTmaGt+LSAFHsezKUKrfBK6xAElR6+7qIeyfJQeZyi08G6kuTj54HpEHJXgOV7Rm2i2Z2cXaBPPLwFrASeCKqGTYXOzP2uI0LC+rl0zyzD7rbwtoqssc9HldMaUDHNrs8ijZ8QrTgwYj4b/QOQU3s549pP16PeGy1GR7catxWJiAACv7VyEq99mMzVMvf2r6QJCIO01DwCRdZswqhRZO1h6Q8S2W3HGdy0rzAWnPoCAQzPKHtKqX9TvgF3NcSL3hfUfDX/vLeLQE35G+xI6IrMT00KYUt5tyK6NKIJ/F29zgF9hZRxWirIf4tsIVxDWRLFAsrB5Kk1Rf4cWCygQ7vJHZBTP7tcWZim1AqXXIJsgdyJcBZ+5FKclIokG45e9La3kbviuevsIuDXsGXvUSuUN5QO9liSe2ZAHcQdEgg9XqMiiJ9xnIi9I+RyE5r7sFSSBGGdsv+OhXDuG7XbOGALfsaGxs3CGAC3JTgDBXxW1xCcSkcFT0pGa1a/FDSH/BVklOt70g4hbp4m36oPa2JCq1dcLqcFqLP1A5aXow7nlRCag64ssG7qAtnTA7/Q7WUj3XXmYFMtNWdIfO0PkcDWcx0BOrmaCbSgp0O6wX8PT9II4tZ/E0KokVqvFEwRCG+IfQzzPW8Il8+52RNFePjPFXnFss+mu/nzDhb+tRi6nviArXMmmSK9fj81JqbnIAS+3qZvow18fbU1uNc2smmmT2tAHyLqefokafqehwIaTXuAI+aeJs/gwG5JlIqcAcrU5lFhYfy2pyUld1nRd3N5ejDInNgdqbpdMTIehgU2MDQBsa87ian8ZDUsoiBu5zKzHn3opoG+tHQYyzifZEF0nSTXfchAJwiTMusy4JeEgIsquQOB6MJJgaPueHiwwuOCfOAuSL8tC+EJI7GyhfXesSO+sfpVfBPnZDeWty14rQarT/3gxB75IaXnkubJuOOXZ2oeq81iqNXl9G8nLenhXFg9GQjl695YsF6DgqMsYwsB9I0Z5wM2RLP28d245tJ8Fw4pMxPf4jfUgFcpuqGKXJZyS5/X1eUiVhz3JU5aUahZvolmPPASGMZL2HJdyyb7/4KdBZVESSE2dM9rXcJITgB7UbNccF8EamFUr053hBCYiwN/W80H+4pKhIRUjwTPgXs0S0spakIngHGcCnvr5tpV7gru51ghyJnnD68JzUxvjZoihJUIzqkyYqRC/YVpV6Q9WMIbWefIcDIadqU+deOX05p5pVNkJEHeRQMIywrkW8mjdpHP0yDQdN2rPNQrmCQZwPKFt0ye1HaRVte9BGfCjsIdKWS+KoF++dXYVzGDjJr0/hjQWQYSZmPloX9Q5M+fUPKFzW0LWcKVfeUdsXXOcCqfRRX24=,iv:DmcNUOhsi9doTYta+s65BFpuIgiK7QAjAorfVq/VGLA=,tag:c/mZS7ZnasX5XX4HIx80AA==,type:str] -filebot-license: ENC[AES256_GCM,data:Ib+NXsb0dJfBqm5GYvXxGMOQk3zL28oeS3VXsk4pFIGV5XsakqZRZb307X1oJnafMVXva/eQppraI8CqjwBDzy3AZSnwpFgj96/zvPWZi12IWemnqhFUDFZGaMG4Scg6Ugcq8hwJqU39Mf5JehSbJ/PoULg/Ovekj8R0nG7WlmQsqxpZWXWeAdfYZHw1/4MQTX/IGZG82SdsdFc4J9jTedks0yvW5MLkS3azZSFDqY2WXAMVa5J9jXEcie58k6p0QqAUpWGltoXz1tdN/mTnVV7PA35wReS/Ejm11KS5AsjkTIZRLeJ14BL0vALUh3z6JSdr8kPG1S31MMYxarzGBqjI78LfFmFynGonAlqj/jPoxA7AXOew5xRfoEqnxf8lSUf2F2n7PF+B1SgY/hwFvwUeoaA4ep8uFugT7pCvg3N+FmfsV4TAP6tfU75WjwZ07UKQ0t63C/aDI1lZZjfKDzXDFqliD6omhFPUVxhGIo9gBkvOZj6ujdn7ErWohxAc7JSVsDJ8nBKqVGXMMgecWHyqU5LB9+3CKkE32vMy6fbGVlHhgRI4EofVCiuCn2Opg8txCz7Rh8eU297xotIjfCzhPjaY0CmD0dm/8SVLT9Tt3qQMDzlzolcWg+9o3e4bbjSOzliR+4c4fCGBPxZvBPd4kZ87eo22m6WqtS18tMTD1tq+8nVjpHFyrsyyMZtfv9/QXug0SFhJpUz6izCcl+iiNiQIb+DBi4Oifhr88Ji+Y4iQrj7mPUGzNr/T1x/uSBabv83HPsZUa5+OBrlbvp/Ya2ktIagiyv+JrHmcFMkVGYvFK4idLsREcvteduP7XeWaOXuJZJ5GOPZPDM+8DSxv3eOULH1B25J1/838vaVKZM3ukQkiybYTJWVV2co=,iv:G6bhfqx0go6vbJ2zwXkSbHLt5WdDRwu2o4BsCXw5Rlw=,tag:msCGdlefM3M8lbQWJPcOgA==,type:str] +pyload-extraction-passwords: ENC[AES256_GCM,data:YAIw1GI1vQ8netbOiYx9h/2rrXXgj4Cqq+5/JdINbXx4boo8OyXKPQ0BmtNwwHBR1K+nngxY5aUPh/Ao0P61YSrt,iv:LtfoocZebY6ZtVCjw2jclG2vlwH0pAI9WwiTQJdrqqk=,tag:4ZfjJNUp4jywtEtu52s9dw==,type:str] +#ENC[AES256_GCM,data:AiUvhDGbKiNVf10clEehkHg1iQ==,iv:cHDIZAkbjX5z5dUlyMa+yZfXQrFSROM1MqCeTXkXXTU=,tag:Gzxrmp10mPNLCOvTBCREKA==,type:comment] +#ENC[AES256_GCM,data:A8jpbbNQ3gkulMC1LJu/,iv:Mx7udL0LnsL3X1+u5qiFU04S9FhlcS53L9bnBj7Qxtc=,tag:CRFfUGHZTC0R42GU7RDN1w==,type:comment] +#ENC[AES256_GCM,data:g/i0RZzvmXDSs3kKSXSe,iv:77lW0RzLQXTXFcAr5wYLp7VmZQ8HQ7YQpYMMr3Wgxq4=,tag:3FQwFZW+oxjdP3e3oqR3cg==,type:comment] +cyberghost-auth: ENC[AES256_GCM,data:XfzciqTCL62vyaSYPv/iGohjhjWZ1Q==,iv:/uurkgFWmaGyceXBW9Qa9vPN4uHQ8jVqk1xVBMkOWmA=,tag:rfh55YNFni3ppNzKX5g4Zw==,type:str] +cyberghost-ca: ENC[AES256_GCM,data:hWsS8ceIBPG7yLbJdkbVMTcfTUghPWEJgJPzWyyloU8vdoJTTS1WDl+/f+G3KBWGztc7qX1j5bXfP+kw5w55sjjzJ/QnZayHf7HTAxD10PCCMGr35oQ7mIabk6jimaYUt/DJb9HfIPwG/AYQ4rF0pSgK+aMr43XL0urqPrwq0X9XB5dzLtPzx621DZvs55/41i0ETq/kaxvm5x9+gY+bJ5zsIkpwmaxMJaRReyAP9nNPacJ0ZaV2qw+W1rVkkCCv/A229fDXmlr4W8RkdNiXWpLvb/w02cTdC9105Xaydoh2Al7hz7ZKxPoWNiBp08HGhBHIvJcekZb8QhpNBIsi5hl7TaJKF+4j9Pg2IBwNdxAAMjm4LYzrwRzYUGr/Q787d8LHrwDifuFdXIg6rWOHK80KEMqIAXbBwTFe37i+bIY276uBfvnkvXu7548sg1EIvBCn5CwtQ3IWk+H6o5c5xXIBGW7tvWO67UqVnJVhPdqourMwDlieocuWxrkbTjFddhXVbAHDnwscjySzoY0VoewIdJjQ3h1s2UW8LBNaIjL+oDh/X+ZyfYzQiKZAuepuWvSuJQdh6WDjBHR4Yx5fH65DcV8Zm7C+WzlRsJDrBNu+bDrPt2wwvqFpwjMAFMdHv1Cr7ImkoTOFL1hJh3anm+iPlcLKDAzJ/CofnhIXkm6H4MNiOEbeWpHklUyD+aH8J4ek8g6L3dZUaHa5UpC0q5Tacxi+SxY157+5R+7julvoO0KxG2orxn58EvWUgBOU9p5oR8eGnVzh2/UiYA9mW9Lqa7/xsEyNtqLltKOB+jC9N2Z6S3KgfGRjTXOsajJHgtGC2XVEf9V/zJiUw5T8Yh4jFWXQufYvhiUduH3UEk3iPeRkxOZmMH80v0ey6hBAy8V7cXLeFEcRB+oQSszyTRW6Dme8npYiOqZJwrRmNq5KTHsT8C2QSFLd10x8Lj475Apt930gbcTNL2oMdoXca5WEMTSUZFpszzFhEW8cJs8QaujrDSlJF7bcZ9VGCtSe0/u5AeGscGG00/xBGyJ0IobbBnLtxvp4pWfx8KotQ6VabWPCYwG6T04VkNA9Au9KeW7TJPJC8R9s3uOYP1cCuwjqBOmsRq7JsR3W9iz8IkoDjN+4/PDAuPfYG+0cVAvJRd/aFZ48UX1TZEdbT3q+co8GH1vEdmzjlUODsn4K8HyZpmeSuCFi5Mp88YPzrZ3eKaXizWRNcPOztmUPhVSbazi8JHUoDz0kuMvyb137Tt1U95de2Sv9jI7f92k9D3f6ynXPG5r9/DoeLYM48nK1aTq22tZG1XgMNARhKqH+oDN371yNWOVziMAz5A5eyFbL3SOn50WUPF3d0s5e6fokhzMT541LjbHQ+ZSoBFJy2bMGdwKZEvz6sWGEDcW/lFUibUqPtiwnlQPWBCyRFrtDUfxx8AGrVlsjNofkUaL09eMtZOF7f+tbMQ9vXF3Amis1TEb3+CpWXRUVrEwMfAIx8lZPVTXQvjPd//XCO1LBUvXrTBcwqS5hX2okgIo9hv/otrcNce2JrYwv4JVOoGWAdvbCebaH8JEosS+Q0S4iYk1EFl5je3mOXWc6s+T51Trui0Bt4RKRb0eSdNScRIAvNy47CY9Z+H99jHEj6QtIGZtfAxGQKNS5xvCGqehMDa/Ld0jYYRxsSk+R50Eq2jOnNhs6NZ5W9AVRDTWsmq74e4GdJIIrRWmIdO4RW2VGFdkKMbsghiYL+2Gben+3RdkkGGMTxVQHc3FdKcYM4VgFpXfMyafUCyeL0mgXP66gMwuP6jwFVNVtrCEX4l0RuaqFSplLikEykkX8aACbiGxzcxEIg9L+7s+6mbNdb+nMbDorLB1WJfJmWSI9zc9oIuHuit+a6N6Gw2QQzgMXKmMxNlzjZ2ZGvzOebo0ixOhe1/sdQpvyMMnkKZWoEZ9WUA4WdTSx//wswbBxKdjbP9uoqQFlVqXPq13qb33pC7PzmYOiDF17+kjHwV4dl5lvLOvYI+uYv6eEKhur8WLTeFFEjfwJHKTVvlhBCx6GDmlnWvGQh/tlNN+CChDZHUcAXk/EkLQQbfAk1RzrMNWEi/2D531Xw9O03TWIDqI2WTuDftiC/mm7xPihnh5Yc6GngQeNyqKavL8JPKVHkenhgAA89ykPtlIAW5A4hqAfZTItvSCK6ij+l2sj3fpp+FIvSa6leXw+GdGptfz3+ktN8UxM+r2F+/JKVSIuLlad8Oh6z38tW9AaWalv5GSJmr2GoVHntyIjCgxOIwCROISkvcS7yW/sjV23Xfl35GieysqoXfjvqDqNT9IlY+aNCeJeb7fEn6PVOvqtX7XMectDeqn+p9dwA+YW0iMWipD706C2iFoBEiW9xfzyQ5uxV81/ouBfWKw0i9FQUVrzoGGUbIMzqh+dU7xiQoeaZ9J02Fwgf9rFjCfU3vhrArv/Y/uBU54rN0hiGAwPnB6QqgtiVMH6R17A7z6q92tMVs4OMGNgy+Vr1/UsnQB+RqBmBz3i1AN6RJWAChViR1usqQVmKo1d2F8O6y5rkrydJvcJZ8lxapedrRdPfFcevCcJpGXGd9vceuWG6fovNSKgIqijTeVfSQAJY8CoqJOKjOCEfSVfR/qGk+Xf++c4GpSFiJO0HqiUN0HtzDde42B0JAUzudUwFhvgWWwgN+Naxdc8T8+YIbe3e8gMgwUN3y84Iamc6AXAPzCiJohFtcWdNse3lB2j7obauMvo7CFUrlHdGRzuI484Jwr/8NI4IqV5ElX/760ybLHn+w7iKXFQtv11KKz3OAvp0kloy5DdIj10Z2ZRBL1kqTCxyXyUqUpHrhLd8J9kE+6z8JOa45pTcpreldb4sGbr1nHyQfmi2SjffC3ZMh21Jf9zOWf7S1/w5JWYQkXHBqVsSBKLiewtRAymU5wqFbYEkAuKu5BqVMQbxxgd8iBjIqBCOFnCFSZyGYvskNffQ/kSlPEiJzXv2nYuVg0hYhBzAs+S+hWOFBpXKxzzCB/tTFgppP5/ZvI=,iv:LetwDzkXB6huYJLZtekvwCXBoPOr2BmZZ15Nt5yqKRw=,tag:Qtos9VfWsdc38qZSQr/1/w==,type:str] +cyberghost-cert: ENC[AES256_GCM,data:lgLBEwD4adeGYpzrZF2oGmovMAwBNNYnLl26+YLl6EbtpIblfnTTKtY8cbzty4XmC/x9CHSMqcStNxxKmJN881aTxUhZVwLndeZBRZFy6d8CZK6o/juEomDrbsIYK6DQvZqrCpQK2gYnVRDiSYULVXAwOuccCx3lXmgqqcSVfHRjoW8A5OLUAf2lycdr4E3MksVogk0w8jN9WLCZyiZrBprw8dtiXfJu+GBPAulxL9sxFtNTJCf8sMLkB7MeIQNZpya2RfkJmtFtCy6vGUiGAo97cK41lm+aieUeX7aItj1emNc9206XMhXYa1ERXIU/XLTt1tMIZAeX9b80aJvcXxJV7LyxfNi5j06BwWu+MfIsk8V8zYl0hudX1TZ1thuR72ts6ZnHjlYHudFV/K6my+I5LNqP8swaUd5NXhb5rnL7dOecwKElXxJ7I6X9kZom2xqTU4p3caxpAyqmKrGTfeEUjR7823XWfuC/EP0aH5APU0u+TJgEKIgGN35Fsx6cpdqqWC1NIPRvAxRDrdFBHFP+C1cxQkgfF4rWqSnib5b2uA8DFSU4Sz+bfNKCpP4mi6c3K1u8yNelVHHmisYDemRB+iyUcKW1Ax6hwyi0m0BlfKl2fydaBcgnswX2kivIlm0XVGt59RqyG1vnyy0XRvAPR4p/40L4ZoBWc6DBhh08Yb54snS+shQH5/7NDpZ6YRna6d0yOGDO5rACxkg0teecKOo+5ZUflTAj3vxDwBYxNCwhTf2sS0zEFiT1VinusHDDb34sXcWO3ed9tCM6PAxbqW6Rl10A54g0dD3XXrARV1++NjrFa2WoodVujbHwGtkZYitAAqCIWdS5C7i2VFO+RborZTwfy0UCU7aIU7SLiggeEERSOfP5XKzMD1KUSt3srPsVKbQAtb0tO0PIWFl/1pGYmlkE5hwdVM4CsFsaC1zrgBMAQkV3XvV36RmPl0tp/qGuqB4Xvl96lBKJcnJBeMPnvV2/UWoG2BsJVLVvAD5K3jGE2Qk6FRKpy3yXCCuy/Uqj6JIMK85fjusm6K8qWFul/2CBCIViR0nk4N9UiYUeiJ0U6o4NwE6MzTqsaL1MrjiYjTE3FdOIPxN1lAMjf8mD92PuK4/n613KBe+gAmK5n+H2Oc6MCQ12o1EFXH/9I29zd9tKzq7/IZkcjTPIU3Tu/aJ0Alof+JJCpEmfco8DKYvqhPi9fxO8W9rJosQ7NT2opiilNqI9MtlU+XiYNRzs8PeYz5JN0cAdof5BB+Syx7vKHrdMsNumw8hj5qOgMoYkwsbv5Z9lPlB/Ehm6IVSzhqTjsInWFLd3OFb6zI8sqhSjOxTgI/LO8NwvxfMzSVa+nSKcr8AncX3H4qppfYHrp94OkRkZZY/sgmmAVkRyZgTizek8uCAeEnQIOwV6W52FArZOBNytHBwHcL3l4Q6czSKzz/LJ8KHkirTECO4ambKwMqOg3lkW+/DGjKyI3s1xWzCg3wIyNx7Tk6/Tf+PR2eajdIFt8pazdrxBamKmQ0iyQ1LrSkI3OB31C/ly+oeHZW96+8+5GETxaIDcONFbKgvX1SPp+Fmns5WtdKGO3JoSRiqPqL2CGnwrwA8kHTM6v49mMgBGraw8pzIZYekfYmV2eLh43TJrieIw6UKXiE1Lm/eCEjAq/wvbTE9j5sL+aNMkta8QDvNdgvpKV6bCOFhXf03En1CWgFn9Sg6ZpkbbKvRGrDPbnV61oOWB0DFVzoe+cJ6xS6y/UrPjqHHgsqHOTBFJ9vRfpMpUfyDC8NkvGuiA4RNrCj5qPutv6GqEH2Lykh8uFMY4zWDjzh80TB4Pq19YRljviS6ONLGk4YmDGcK8C4Z+gM0oFGFigHS+Yx2GXi5o3VqwgorNxG+DxF9viVjm3mO2dqoTFYwawKWmMJw8RMxznJtneMQouFYl9bY97cI5qfZTQKI7qEGm8+9oQnC4QqboV3Y1h0zKeXZMj5b1cPfImhtSACvl2UukBtp3RLK7nYVpLZDkMxniWFsH7cTVmbkfMXnGlfjQzNCb6MYW0KoXVRmNrqG4VRmAC3KOxYmR09FNhyodsMP0XFA4hqs3FpOEf3F01VvTvFFV20HcbM0CaVTm0uweSTwHcTvWU+4OL+1qcffrUd2QIDD/VyUGaDRFZzN5bT/ZF9U35eXZD7e65/cNJblQJm0Pv2eN0ZxJ5yujMfValEuSFu+rX5S3PiVOqW73pxsekSIBFlc3y6TOsepik+7/dIaTZzyuOHz/ljDAO6pXpCBSPvH5ErH8DeG2sx0uVRUzryU4o4oKeXscVRv+W8+ztTOFWjlLb6GvG9ZKWo0DtFjtEPOJHGBLiILy1FT+/1dr8vBRlgwi0vAjiyj/wyWAdh2oBM49s73utPWhkty6/WyBQCzF4Uj/JxMjgzGroWgnG9oi0IcJDzumuNc/uN6H1llMdttVSbnOmdWnpdQuoX32QfPEfUNnCMuwoCbA6bUVrBRyAa7XgFT9TKx+1q8Ll9leMefOCUfEu3q04k66XnstCnDbwvCe0S+bYC2ZL+FgDP2STZ1BGHSBlAXYv+8oaTOP3E1J+SW63kjo6AkZ23tozv+5doS10BFqwhEiMB85cWPnC0eJximekIQ/Dfz6SeLfhdD/FtfdQAe6nv7M1HAxc05HK+G0Z0xD+eyEME9WGbrtMuVGu6WYoPrta6n8XA5e0o0KV/sbxO44y9qyXNSh1SWd4nlVyEyKw0g6rZmxhOjH9p1saW4IKnFWVyR98c+nqTB2MRsrd6xs1uAGp+mTUoQKnDjXl7BWfKeoaFExPqoVlNCrk9SU3Lo/Q+E7EX6dH4+L1ovsUQlkubR6KtLmgK38zjv8E1KOYFKY3Un3fdup3cEilgkQpLX8N5u/LAw4wGfW/Q5qMtEQT/DZi8V7N0FS4wdLe8YPp4H6y0zDh+NUtbTPqrSPc/9YskJ8LXmorZwoiMwCa4lks6gXDCR5fzmCRm37pVmxZ9GlXWyDb8U7ZnLbdz0ZVQJKbfYwSLOqB6NdzdV+BiEHnAuZP+2zrCvYBcpU7M0ST/TY2PEEWPfBnrhxue7Ag/NqYk6d3w+6Q+mlDHeDEtUKkHs/ki69HXB/ODTPbAe9RbypyQ9YlewoY8zXjZdOhp0oTTAvF/HsQjwUTQ==,iv:kXQn6HaQbglJXi70xo88BUlS7qRFwiHshmywWGRMw3U=,tag:bleGSWRsu6rwcETv7Au5MA==,type:str] +#ENC[AES256_GCM,data:sHIXwB3Ebuv2B1UqYc/zkpcSyg==,iv:htsZYVCx1nLI+sk2lRGI/W03eWSjg7EqB3LgiTbe7t8=,tag:dqX4wUvsMK7etZumV+m3QQ==,type:comment] +#ENC[AES256_GCM,data:MMecGi8zooPpOkSj28OmAUU2wUqQGM1Jhe2UPxmplrs=,iv:z4GtQGGWALWRrtuCwgsemHumP7uts4kmiTaylLKzGxU=,tag:xwjeqYkP2mTHvbxFzXLb6g==,type:comment] +#ENC[AES256_GCM,data:Y0ve3H6gMxAcnABMhDLcg1FXq9RXvAAwNcy7v0BKAFtz+PWb60pb7bxS9H0i3Xo9J2y0feNlQ4eZ67a/IDNKSbzTEcfA,iv:P1eyOxSBeudZcSAnQpEAYgpE4aKb/viDsgbOFOIbDUk=,tag:1lE/qG+88xPHcg3v4SEVAw==,type:comment] +#ENC[AES256_GCM,data:/D2CEMzfVy4gWxv9opHdI7O1oAXJSpXXUSYq2/38E3W+a3/OeLglEpfX4w78JVxhV1WlEDBGDZuvQQUFPr1l5h9xqrOo,iv:A0Yd2ShQOgZ/78vDjObmxueA9PPTw8+Nwm8K2+jf6ik=,tag:+GqUedPwGlNVniwVNdkzKA==,type:comment] +#ENC[AES256_GCM,data:GzVCQ0TvVhQ7EEHxES2y58zvcuY3gVypGCpBgeZNl8+ibj8403xlm06Th8798VYzSOCDxaNnm4RHBnpAivPdGcbgR0dI,iv:foZ/MByWatS69b3klSomBo70PXQR3LabBGIzoybcLO4=,tag:SCC8f7We47/ZO177VvEmLA==,type:comment] +#ENC[AES256_GCM,data:FUhLossgDjizyKAnGEaIgtSbcfAqbdl43hkIUdt/qzYksfxu9dPoHrX7YyzzQ7imAsvbd7iVLYcsiLB9FKS02c481G1/,iv:koXSyIsAJXiehCCKADuiSFV3MQ76+qXVNMcW+YqX4gs=,tag:wetQdcBt1zroLY4Yxw/LNg==,type:comment] +#ENC[AES256_GCM,data:BJTQxWXfg/odNFnA5K/0zRKLrrJ8t58d4Wk2PHNb3MTl3ORSr8DhcRu68ZrPLxOg65+k6p/IeIEfd1eD24j3Bzv06wCY,iv:GqUYSh+W2QnrpzMuXUkmrR2HQHZ3ToiklaKNLrB4Rdc=,tag:OzN7usqKtja2xwwWxRWjlg==,type:comment] +#ENC[AES256_GCM,data:Ir+nUbAtii7IR707Fehz/QGqb6qpYygEjVlzN/VM1p0r8RIHeH5FZHKu8AOPH/j14aKEg9jAcW7zYzOjdnJ7TPO98aUG,iv:EmQcRqgHgLdNqP/XB+myOI4l96YjoDHsVce31AKhRDI=,tag:E9Ms7vSO7XvTiONqyeDakg==,type:comment] +#ENC[AES256_GCM,data:73yACFLMtDaPGxwCr1CcMBtKypzZ8bRX259ELP4ruzkorUbMQlxYhTg2OLQc0fgohwpM8KGk/E5seImfUPheP90Kvhpb,iv:PXi0+lOxbh5ReUc228VPTzwHm4Kwuwl5E7UVyXgqqHc=,tag:R8ZOg1QN0XnryOUFkBccKA==,type:comment] +#ENC[AES256_GCM,data:O855e5J9a+4Lahv8fpdrlawF8j6rCVXpV6I2gNgC42sjrM5SWdfbXWs8DkNygh8M4+JIEZH9Ib0nQzs2lxYamjjU4X+6,iv:8CIdyE2r74hoUXB3D1CJr8mSSaLW1cpkNrpSyXhyRWQ=,tag:xm0JU5dLC38/9YX20Q873w==,type:comment] +#ENC[AES256_GCM,data:cytsTKtODcVaexEsKJS1X6K2kGAin8l+pxdzEks6FmRj8nMgj/X7k53DlHvH8sKluQXP1HuPfB94N2G2vecDUa0Tftx9,iv:pB9KRIyV6g/lQ+auO14VWsOvHkGz/WX+DZbrE2QqLo8=,tag:JCj5zkr248l45Rue+KKtUw==,type:comment] +#ENC[AES256_GCM,data:BYPOzqAolBtxXdNqqA+kCUiAaqk7u1ZAOm0Vjlv8hfmsMvpcM8biErRV5QUflMcrV09DHrJ+3Mf0RnESr9/+X04nmr/v,iv:ANcSi0sBdaUDXfM7MJat9SLV8H4f83ZIFPHNhc3ACJ0=,tag:T7Gyk0oxeg1eSobbqF7QyQ==,type:comment] +#ENC[AES256_GCM,data:DqA4OIlyGSJteozi5jPvuGjFtnbaUw2LuG8TXNvKkl1qLP3iKP8925DtvW4InKjX1x2957SLRWSaTbUlGohR+hra54lt,iv:NaafFKn0pfknzeJPI2yMmYwtGglKaw8boGu6yRG+eZk=,tag:NrBIOGA2d9Mr23DTBpeYDA==,type:comment] +#ENC[AES256_GCM,data:nxNSMp1w7LZ6mdOmO38xzyqPKKqI8Ib+BgMIVrJ/lKmvY+kuMhkrKi98M6EwzbpnrGV8Up/N5gC6gD3nVpVq814x94R9,iv:Zy08/hF/xGECIjGLta0nOeMvhP6KPivowHphRAlkDNI=,tag:eAl77isC5I9Arr05rg7HPA==,type:comment] +#ENC[AES256_GCM,data:ZTDCukzebTSY76xi40vNrvv+XxFZSj4QfdkPKL5uMeTVCA394s6FjOG2QflscmEsUaLIXqbNaBB4jv2L2qw+7S0EcZpr,iv:0OktweURWm0PGNX6LApOhu7PGf0Tw9499H7RorEjthg=,tag:f6U5Vxk+bnYTksKSqAGdlg==,type:comment] +#ENC[AES256_GCM,data:R/HWi6LbUpWD2WEWB/9G3n8VLpKe+l473pP7Z5kNYjREIbDRUwvsl1sjFUdxN36CqhEgcrTYCNAAjvh6O++i/y/IgNIu,iv:/e/gKFDgDzcIrw/SmSKVrLkhLgDIaR20CT21WsCX+M0=,tag:QZVVyyRBrv6oZncrmQQhmA==,type:comment] +#ENC[AES256_GCM,data:8ykXJbXKMV7VRMig9NYaoC3/Jk3x2dQTjPb5ASF+hflB3hqn+4U4JI9AIwEHem+L9WRlsVi6x2/5S/hfZd7Mjk6kWYUN,iv:g2idJPzft+Pdbv3E73FH9cbCAREJgrLcksjJ9CqauSE=,tag:5MvAm0QQ4lV2rQIy1hakTg==,type:comment] +#ENC[AES256_GCM,data:A6HpTXvMzIW6teDPrAfKj2NtJB2fdp+OX6B5u1rDa+iBBXJF8zb+04yJj9eQc0wqiDe10KbxqQ5IJPAkAPCVQRrdfaWj,iv:k23+0W0QcaAP2O4YZzA6naUfnjNY5MU8WKkH9xK+HZg=,tag:q+kslC0BYhe9WBQxMiuPxA==,type:comment] +#ENC[AES256_GCM,data:5sMRYp9U0YKRQgxM6kFHKP6mXj4UYUncC+XM4TWOCunX9WK0JU+d8y2nz6KZeKg5BcBnGuMrNCF6qJU5b6VtvIvryDxt,iv:ZLJXLhNuKfLVnDgJTy/+wvZEIUlhUL7nNOGuDMBLQuw=,tag:sLy/6r6VeJkWDG1P/OSGWA==,type:comment] +#ENC[AES256_GCM,data:7QUHlFBuFgghNwyaAswAG6oBx37WPmZWTzA8MX2OvdTJYiDJPgqGVQdGLBrTgpLNghTNjwP9GZKtpp92hvCSULpTNBER,iv:NNB2er6VHxWkDU57jf9sXGT50202STT8v1JDLVqpzHs=,tag:vbCb2Ecd6KhAwPYQ+2Y7UQ==,type:comment] +#ENC[AES256_GCM,data:kQPmVuaIG9GKYCkPAr3r6we7vOMymTNH8HnmN02Q7JrEANiKsH9NQQdgPrXsInFyma3970J5/RgiaMRSpIt2j205U7P9,iv:BLKf3GGn4zscC6dWdCbvAEHG645LI77nIlV8q63ePgk=,tag:1CnCkP3330eg0bF+esJsTQ==,type:comment] +#ENC[AES256_GCM,data:yo+kP+PD3OA0YGOhNU0RfKyzr/VbjGH5i5xVyFxJrCtQmaVhaTACfggPVu7OCqOYKBZLXJruBbP+I1u9ivKLFBNV0Cvt,iv:MksSrxf4ja3HsADUbc6Vbdq1m+ZNqM620H/XABnFPwc=,tag:FdBy95bNp4GSccD/1TE7sQ==,type:comment] +#ENC[AES256_GCM,data:GdGtmSqLFD9ph8vCx+cNVGXQQDl/+PtdiFG21Co4BS/mHTl46u63UT8LMNTqCBQJH3AXIPSZiPZIPdreBhXTMAvcsLeV,iv:DR1HdQSmQ4bAAiDiqfou//0eplcH2xLY1oBwVd0IR2M=,tag:WY9t4974U+wETwKvONoZyw==,type:comment] +#ENC[AES256_GCM,data:8T/If88L8TKJnOUncF9j7uLB4lqDIXvuQczogvVkM+K4Ye6U5E64kok1I5X14fN6I8IgPsd3ezTd/WvY6OIeBdpi2aVv,iv:1eKt3j1kP+C2TQe8Y3gqK3N3T+og0Pibf94Tv7+RxT0=,tag:PVSuPIxSys+s9N/KyacyXA==,type:comment] +#ENC[AES256_GCM,data:iUiQkdm0yKxJGnCEAovcF0Afv+eP/NeomRh4KZ7q9v/LOOoVSbcGfu4D+qBSOUujEuM7h5DmYOdVRBge7Q3/xQdBc3Gr,iv:X++jpJpmfnjr4YZfiJdWg4yMlYrLh/OXRhCLAzncFM4=,tag:XgZCvk9QV/PpAy+apqSV9Q==,type:comment] +#ENC[AES256_GCM,data:vKIpSUjoqnJRmXpOYLv/vdQq8eZn44gJj/pIIY009RYFP5FmBEqTrJaJqCme/xIa60cKXwSHpOtAR+SfX5TGfWobL+9d,iv:QFhA1NuzVjE45QdiUvjxq6rmxT+zSN5jhiUxy1lVMwI=,tag:SLUlN7O+rrpmCNfzW7JkIw==,type:comment] +#ENC[AES256_GCM,data:WXYXebZR9+nHRYBHVeOtY3qoeMYDg5laHGn5gLxQHb+AMLYiWRhVRQMQ7hcdhpPBWQgv1Ma1XEyiWzp9bpI0SwhyTlHB,iv:wa51Mk/UllMooZnG+h5xcyOrbCvfRX1md6pMM00KvMg=,tag:WsmW2fO1d+Kphz8+22Tkag==,type:comment] +#ENC[AES256_GCM,data:kBCFML5g24zc9pSd6Ax5tr7PMhqcRndi92jL2+043ayNhiqQ5FGsVoyNiz4zaxsss5tgCwcDiEe7wc9vvYOikcjxoJjY,iv:SokzH35erfVYrr3unLU80rkOwt04ckPN1qOjbxg7n7w=,tag:7akUpbwcNIzyIpa7VGJpEA==,type:comment] +#ENC[AES256_GCM,data:LCzq2TaNLiT0r7w6C5cDPYHND+5jMdXp/u4ymCarj3LEvh/Sye2+Gs5170FzZNQ1at1U9uou73KrDQLERN3gR2n5Iav7,iv:yAzB+3XfI7SdRnlHLB5dFyiAXqyVbtQ2zSh98PkjiTE=,tag:4c3P+CMMJHwTSXp8m5OBQA==,type:comment] +#ENC[AES256_GCM,data:biD9i+suor4XV9dSb/Wgq6YMcHM1p1V2n9Bb6UMUPFXZzT6bn83C4HvskOABycdys2h+9F+lnUn0wVybQMU+oh6xpScH,iv:w6gRANQXH//z9gUuFz8HUuib4xJ5DUyijY+xGU/EV8Q=,tag:cRYHR61Qa5zDFuIxYzW8Ag==,type:comment] +#ENC[AES256_GCM,data:G1mBf1cxIDV5xO2n/fzwbTgy/7+T8EfMO8DhBNBayOJRVRyLVLRtET0Q5T4gsAIFzFubjPuqNCDzFAjAoCZ0iODY/+cb,iv:HcT5ATkDFDMaTT2nY4fVQjg/ywF45mh8GeEM5CHX4jQ=,tag:PR4uJsjrAVhaQCPzCFMSmw==,type:comment] +#ENC[AES256_GCM,data:tFByW7XbFKUb77lrhGpYSpYSoVcpWzLIzkMcgIcRT0vbPDJe0VTUZ7SpArP9p7NaE7+vj8Rn5Gb5zqMDCxMPsAsU3KIR,iv:CL3nF8MyUa0DJ+zHbCqBk5wWJZMQPaV3fVZGPmE5wr8=,tag:pkVXP6yMaXzRjzxsYNKh+Q==,type:comment] +#ENC[AES256_GCM,data:okfYGm0lhVNOq0Ma9Yul4E4jTLhPhcicmeeIl/FtonyEPoFjwiHBpCmWXUg2jpfA3ciluJUlBOrA+RPCOkQh8rcLyRmf,iv:JiTsAOR8GFO/gBt5cJenG7VBJHIavAcWZWfPsmfTGwM=,tag:BCBSRZD0wbBGYLYIDA7j8w==,type:comment] +#ENC[AES256_GCM,data:xLVY1TK4EN9B6JCYV1QdObuggOPSXkh+ZgU7oMtzo+pG96jLxqLOeWey//693hSTILNSdziNRzkeLL9mDM1huVknDSAI,iv:gEK9acp5+jHTwoLsv6ZVuZCZ2h4Mg7c9g3z1CCyvsFk=,tag:NbCI3u8kDtUFkT6tOGZxRA==,type:comment] +#ENC[AES256_GCM,data:uUFbL/FfBpNtZd+u+LbNSRbV/Pjldin4Fr/+igIXj7SuJsz/tUh0qmmw1vE9dZ/Uc/bUYtV21McE9uV/KUA0jj4+Sx8t,iv:YCQhIeNltodLtLkcmwdRJZ+treQfA8UhD46v7VSrAlI=,tag:AnLEzJjOg/xqqE81kUXPYg==,type:comment] +#ENC[AES256_GCM,data:C1VoFYugfCoOv/OesA78VtVNOGSL8/sSu/SxyWCZL1oq7OBJlj9OZazlts8CusO0vrf8TMQAg+IYfGGEgwhgPOQ698VC,iv:MjBnT5Y/6zoLMBxo2pZMi5XwLpxGZDcjNtp7FVrLq7E=,tag:WhT9z9U+YaRNcC4sSDrKEg==,type:comment] +#ENC[AES256_GCM,data:25QquCUZwdPa9KlED8cjp8TqdLCQ4sY+9vaeBc4IaeF5Go79BTNECQ7S4A6ijdQUzKCktqbpliNvgik4GWXlQDq6yAwt,iv:Pp32KfaXWwapjPZRltEX3IQO7PJMOXkn6zQ3VLuA/oQ=,tag:sg6aMGkI6InEdLQ5Ie/bjg==,type:comment] +#ENC[AES256_GCM,data:JgEsketsuFAIgLSOKfX51A+s7YM5S5cilZLll2c8umfubBor6g==,iv:i96glV73Pu0E4govH72dC7kInvAr/22wZ99bPQZCyOY=,tag:dhJFczdKDOGXRX2AcidbVA==,type:comment] +#ENC[AES256_GCM,data:Cuz2T/ZHmG6czj01mYSkseNjHHVzkc7nCRziFl3J,iv:s4z2J7quVzo+34nymk2hUxwQ36VONnfOxOTmUFnjnKw=,tag:O2DvKSEPABZQuEWFUXI80A==,type:comment] +cyberghost-key: ENC[AES256_GCM,data:hY2NnD+SubQ5/+IgwSFnrk7pgLPW/M5pm1euSfdaT7jT8BnYo/KzXc3AgRGXCAhPHDBeM+CE6ClT6T5aeslNaiezyJBXBbIPCcN2g0MQHB2dv26LKUnNfIX14/+BPTdwkNMiIKnw80P82dZjic3WHmtHW5MRMrAxtJW/q7JiAJid14G+J2nnJeqNUzD9ZxPLSFgIFcD8ysZ6zaLc1jdL8gWCxQipbULmPKqf82mrvdutWweJBhQzL/JazbUD24+Aq5NQGip/aB8huBZA00e6c96JduIxV+N7SYRbJrQu9ay1dMfi9mNTetJc/RBZFTWGnoPy1FhqnH/wMMvirGekzSoAIZPnFYCnQ1yrQE+hPtpkTqq1tdli5aet1xitj6RsgIOxRG6rkejpeLqBNUtWY8ClElf1qQut+T7eyPHEnTba7/rYW8X9jFwZeI1+YipmBqmdZZeqaOLcu4qNrXHDYZr+2nNXQ7MKNgsfhAf+r9jfmHzSJJDEkxCuKiYRpUfJqJLSsUeVDqMkZ+1grcM5uxnev8RU5I2aTTUSUFgNdLKfHTCpFiPtcKDLSwPcaEKPkP2pOTe+B/Xf4z+JpuiW+Yw4cWBRTgxUYdlnEKeO5M14YHS9asTfJ18wJ7uxrDwMkQEWk+TmLqjNhfng6QW3fehuaYWDbHmMjHyXMn0cC78SKMLIE7Yusy2eKeqRUbn1I3ud2c6S+7U1HK7PoWIwDXFvcrDj12DPqRvGlndE6t1gD770g1qkDf5RYNoodrXODxQOdBiycu4sTXGc/Ncz2G9P9b9pK0PNF9TRg0wvDFY4mHKj+lyiNgsjgEyXJSIY8yRYV3RlTD9S/lFK3d/3ujLMZBupI4o63T3exN6Pz/F0/bEoCjHFmHn4MN1na6CIUsibKlTXfQl6Oxk9xGop4rcg4Nfygan33VSBwO2O/MEnQ5sePtsivx0SE1bR9edYhI8HyF5XrAUBEffL4qOTTpiqui+112IzSwN/uHK2RGZYB1rgLpGQKPgdkghcDz/rbQ8AqPxkqvQSgjZ0B7ZsRMVjOXHSc0WCdmEl2AkZblULrd6soujVhPTlTIRvo9NRcpmQliQRrd6Q2Oj4nrItJzSgIvMeABUH9Vz74KE6gwBwhuFOuQaSLEgT1kUobuswGWQuUkV8oGFbdCnlzIHmvlYIpQG950y+82a4fA5AJvefyCtT0XdHqvaQK/xHSv0n/MdHTUlRbxcsL5Z3aIZQ3FnHKAeouLbPZpaXIKLcc4fahMxeIZqPV/cX6KnETKbj2m8rb02izrduuZWbdZqQ7qqwMzrUFS8WROcum7LpGnKIo9570JNUxRrBDyVb97RKsmShjtdd0H8U+FSxlZnM4OASR+Cx3BncI8KIqMDkvqdwgICuMEjENMG1fe6E/S3Tz3zi0BlJZrQfQJ0oxKlKXDBb9NCsoyBmWaWvp/WhRUV8vSFOiaCK+J0esonULXQQnA/tsKAhP7DmmdgSvc66+IQl70ArIAFS9b+rIZCAK5ObH7P6PjxNt6bLu4MQajvcAI/LUuflcka3YUPRwpCWH4zoIckwSgLAGUVx1Pv7f+shmZDveShG+bOx1mj8g9hwrCkTJHoT3szSsCtNkwQ4cn+PUPbqlLS2kjZaiLFUhP+sSH4dvt1Co6VEfdWkNCCVWxADzSP35mSnY0J91oV7QatGSl2/kWEaZ85Fo1EgVpyUWD0d2FdsWqrDI4L+INFGgWSMzcomu5BVbn/XExCBZA4XG6/CW/dBIGucdYtHLTAGkhuJ1FrzlNGj8dCu7bGsls/tMv4K6WGgefXlRIJiW1/7ad5yRPjKdY8EA3S7/JGNhEqQJXyUETcM0sDmQ6eVJTMm6JoxFfUzpqTskEuF1OrQU7al/QL5swXykqIyypJeEmaLbRborE/jfR3X7x52CYjDLofcRyVfwec76tFvg0uOEE6c7L1eq/6MYQNv8RZ7QTjFphjHVzs3zMEsd/SNivzOq5fTKzUu1Ji0+9rpbcs3Mz0psXDjmRbrK2gO5orG9VQur1+9ZvUNFVFZiNVkmynRyFqMdoQsZ5nXXsfzGifoW//F1tnXZIDx+pLWsCwg9639aRpIAMNANsmMJgzEJUAbBtVDDJp4Kl70bTJsSEOhZB0NSHcayfOSpMEKU/DTri3b5JtxRD8pQSMoxJRbFbTXBIYrp3XbJhDiOiYcW8aFyIGrlED8hMjVF1IL0lQwfpBY658/SHdf2mguL9+aclv5YcOdLmyc8vNC1ur0VSI58Y1+eNjER4iYsx4J7ez9znQuQ1pZVyni5TN4uEgkcbD922aC85TnCxdDS+vltXe3I+z/RZyJMWO/4EfQZ3Bw+CrHQJ/y80ZYan9x0nARDIwFfBTl5UyalGMhU8lGjxznn9blfmx2Mn6LgE0y296A8GNL6Re4QiMf5RkCXY+5OzUDiVbpvyiGCr930EaP0zTi85PE3aN06lvuwPoD9/LzQtl/AjaMGnER9whicj0i3NGlmHOQ7vECqGe/YkFexNi5m+9mJg6reWzU4RtOhfztr08JZMIXwSxMu5jYPOJUxLn9Ui7BIQr3CsdVV0zYkY6XiRXNQ5HYDtbHPh8MY2QTKkmkVQmr0MSIrjCnmiIEyl5U/BvaUtBNTPrE8vKMBOm99EGFPZgt7Nr1k7d4khpyeNEFvMk1Y6rzRr6J2HdE/iD65URYQrxZMU/FxXyS0sjcXfifpc6pGYkb3naW9Q4zKJt8Ipw8tDLBIsHFux+dJn0IKdpJ8b9f+ftGqUOLicC1Gp35cn9fbGhpQ/Z+bdJkQlCOTVivAEVWiL5Tm7FX6eYe9Ad84dezy7sRKG0FAZpdbiCrpJGtsZ6q8zJBUspT0y4kXbIwtkk4N7kOkIOwR6ZotRiLQKx/LMO4gQGCMWxY1NzrbX7ny4N0KbGDJXPnnGwllSKv+4j/tjjWLKAI8AXlq/Yriq4NOiBt1Yw1nDDd/meI5v77hNJL5rRQYN3qRSolnwu7E5qbfjb+kPME5b1ZvTCmVIBO9zdHDvLlrJkKF+i7U7+0+dVJztMmuAWNaT3iXN0Hgi3HfIlm4Tb5bj8FOhTx6hiQoAOj1HrdUG8HATC9DPV30JDBqAs+U0s10x1bJZtlDCzl5zGkw1zxtYLg6K9cVO4QEp8PSaxp3t1x57LrtUMimYL5o508RMgSMp+jRtv6yX7tP61qP/IDuH2dvNtYaUOKKLAqYIbfWsqe5nrZn1YYuxWPxHfV5D9joSMHFAyYwkOjc6GNefMRyg4Dv/vYeieaYfILrMauoNfEp6YXsHjxvl14qwOt+dhML3iRY46QLO/1xNWeRUUfmD01dRyJBGfDq4hBiSXJCZh1a323uoZVUqgMrwwX3qiNNVc3KjSJgosf2BIQA+Q0WdKI45ejIyhl7dayVILyCy3eI+5RcByjwiMH1BRb3Y+Y94bQcxE5avyv/kCaW+1gA5kbqCz3+SueTh0T1x4q9IdHVhMK9ipmlkaf70eH3zUK0DipNjoT0PA/xR2mvKITW+ZrVPV3ZVua1ZShvgmOkwOAsLEe3H4BKiPKipRANuws3mEzLnnDeL/DiZFnCM9eeunBEHxELs/+qLQmesDxcsLSxI7+9i9Bz5gL8jnGxSXCoB7uhQFZtFq+W891GWZFrW9FL9dqRFlyaxrjePEqyAL75+6RHTEnkPSZmA+Xb/TMK3FSl13/WFFnibPj9feG0Yrfe3cCud0u6WWyyaGJZFE8YxzRAHn5v6pjWO+D1r27A0klIorvUE8vEkJZS/RbnkQubPvAvKuPN20WpQYlYMNJeQztQ18+HuW3gaDiVFTHFJu0QCy6+k+Ht4Z3ADJBxmRGAeMmgAkOEyFcU4OP2I3X77qk7M0YIFD16+KQjXtmH4pT7/msurjSO68TttUdh8Z9HIQra9QbiJz383obCDEQPjMG51hnVaPlKN/DOV/gxVmJdaulAHCMMpYAMU6jUZN2krGh5zAJLdSR750teawXluCulYtzjtrLUauUN9c4dV/70HVHJZKZZSOdFHyh8bjJFrm7eLcscnv7QFjjDad5+VzgIh6PqYnWYFXUJxwqJ6uj8lg4MeJdwoJCFQEjvEQS82E8WFXwzlR/M1ts3d7M6z7B/cWQ/DeXTLuZmdd6DB43pHYSZ+z7ANzjssTdIuYA8q234w/AIt5+iG1Gb6ttVN8rc3dMhfpG92x2/3JEUyj/m/HBhpHjlOYAn8M74L5NNl25EpCCDSaaMCxP8X9M0MJANGD3ZUheWjrxcB/b9MeoZL+NNKr8hlyRNUQd/Y28wvubF0+HLC+nXhghqIk5DC23XzRmdiBbmrsAM1u7KRsGCOM4EdYRZXSxcIdAcW2DVCRHiMdP,iv:izyclzkGY+/IFS9WyTO0O+1/puRnHdpJ0zQ22Y/R8hM=,tag:Dc8IKjbf294dKCN5TGERQg==,type:str] +#ENC[AES256_GCM,data:u0XjrBhByODbAIY3rw8sxevg,iv:vH1W0C/u58itloVKJ1XZ7WqShTeUzoSR0s8zMkkSRDw=,tag:I79fNiLpYV8A70ax5ekddg==,type:comment] +#ENC[AES256_GCM,data:YLneC0aKJCSIHgYNB1/SgSnLgC4hEjkNIlrNdwYB1Q0=,iv:SN9TkvmNsX5ntncd6M25TvybPCwKPi3+6snUE/eeO1U=,tag:bUVrZ+xXxfC8vwkbt2HTQQ==,type:comment] +#ENC[AES256_GCM,data:NNKAoCsyk4MLx6Wk1pBJqgmih0SWjOa5wmBMVLBcK4t9IpsP5rq+03eUT7bLCLoHQHKlDEAdrfbFkNvkFYjtz7eK69Sv,iv:60yZR8iVpq3iB85YFpy8Lp70O2o3hQNlUQH7CKqF63o=,tag:dTBxRSyFYS6q+iM5Zo2KbQ==,type:comment] +#ENC[AES256_GCM,data:Di/aKcBppy1l2om1LE02QZJcZlc7B9QD3LUJpnXfIVVcLbc1UdhzgX7DoxhgNMuJ1O2xoglTkCTuClCtmup6aMkoF/ZY,iv:c6XcEsKj847k6O0fTQu87vPHgMwHn7ZUzZEnhdLJunI=,tag:WcnM3WvcauwCQXvSOnoS9A==,type:comment] +#ENC[AES256_GCM,data:3EgUhcXCon9P+0kCbflSWoLA+U8ku9765GJS9TQDTkOlsK2GjlPCfix8/D/z7y2uNdtNdAOonQz2veKqsImG9Cmy1V5+,iv:q35S/ksqCnFJEKdQJMoFFqCuPy/YE1WlXVtYOPy92ws=,tag:RaW9PjNQk6s2+rW4O++/bw==,type:comment] +#ENC[AES256_GCM,data:zoWAthL0gnzRVzWqpgtBlpzcF2q4/UIIuXRIsuEYwt3FYwlvSmasuRa/tNDEJ60gYqN0pho5Tey03S7Iq99+HZ+x61f9,iv:UvmuuTsA5AP/3xmWK165uFHxbFpSOR6C/Azg1/2jS6I=,tag:DBaK/lB8Kw+WslTyfnmuIw==,type:comment] +#ENC[AES256_GCM,data:qjh0lLOirgkI6cMeCPW95G9H0fSHN92ImXA41S1dmEAgs/dxVKslIDP9PsDUMjLmPRmCfvI/26NKidV9U4AB9bYG1gya,iv:zgZEpFRXDihvfxtmz4qywZhsvVvehk8HBZQNcNNbpPY=,tag:+QfUTQTMggVRBIek6f2sAg==,type:comment] +#ENC[AES256_GCM,data:yrKGYOat9F3vqIvMwd+DwgDcNtgwG0ufB3wc/+Vfq9TgkiCu+k5niEN+ZJlpRru9ie2yAFpSS9WewrWKRgL34GlOoomO,iv:XWGKWApPptltsTeg5Ycfxwv3qmCZukatUkpn9eGS2/0=,tag:HDRo8/HaCEgU8CYYvZ64WQ==,type:comment] +#ENC[AES256_GCM,data:G632NRFgypp9mATV4jTolGVjEUkDE1K7x3F1hJJWLSpYWgkk5gp4JjWOs8ev/N0HZ3bPhJlbKyGPPVcxhnLwVxWGkSKe,iv:FyyvYK52YL/lbojDc/Jr1OB9pRKfoHnAUPoMRgLeAIU=,tag:8rGQeXqfDcF7+FYps0EDjA==,type:comment] +#ENC[AES256_GCM,data:CGCk3s/QNlA6dbOT6CMsbIQP3yF0SAvnb4tQ+HKmo1XnkENx77jG8zRwO61uP6IVOKB0vMeN+1C5e+xRdf4k3lpQGDxz,iv:6pUd7vb4Mb8KIFTBJcwRNhYO1KiFXIODfvzynNIa6TM=,tag:BME0UKST5xH4MTawyfXpHg==,type:comment] +#ENC[AES256_GCM,data:Kq/lvJYUM27F900bgRZ2RYRKkTZA8VgJTCI1+Vl8yI7E10CQhk6lH5NTNPDYqxWWIl+jpihAlR6To1R2Z3U43q3lRaE4,iv:6zaJJnnbQg0deodTq9rx3eEz7PH0GdZScIKlT+0nimM=,tag:2KhMAolLYAcqhdC/tRFqXQ==,type:comment] +#ENC[AES256_GCM,data:hMoad5zwcWe4dq/86HIbq55exoVNbll7BjkuVTQdNJFbGxGG7KbxrndRE0HUTLEIYVNYwEQGb33mljamy9WZF29KhviD,iv:pDt+YIpGc36a9G24yJOT6MzJ5ggvuooVDJyoZw73ElI=,tag:g67gRvlPRDVaTrwU+BaqBQ==,type:comment] +#ENC[AES256_GCM,data:zkL3UAYHY+0CQlQKn2qxSWlpEk1Y4rJRA/hseFhXO+oHHGJqtP6Z9dkaee129aiEu4ZKKXYlDNtpzsNBZNavNcYvMBpD,iv:FlFEgJiMAdo9s4/KdLjLaifXa8t2nJ+ugdly+IZJpyM=,tag:RIZCVZSzB8msjZ3CiZnRoA==,type:comment] +#ENC[AES256_GCM,data:aSeuVQyxpo6JsczVW78z3Fj3UKwR3RnSOGH/6xu9ZzA96NUknm/d65oa3Z5TpVqiVOf6OVYvkVh0LmJV4mrfPm9dlxMV,iv:dclSy2ZegvPUIcVVUK4BTg3628hMz3elh39oAYPbSXY=,tag:W2bZGtAKTJihqL+2YtOoyQ==,type:comment] +#ENC[AES256_GCM,data:U3QlhauSgyTeo8Ab+l8D5O30lvlAk3kzqhEx/dCpvjReT4z60/wPVzPp5da8D2VLMEk3/H59zkqhlFwxTBqjJ/XR5Dm9,iv:eg/qixxp5i7S3gw7Ub+WSqXe6tCpWccsKd5zmoXrK6g=,tag:CPr0o3vBdSXqX8yD+JA08A==,type:comment] +#ENC[AES256_GCM,data:IsFocr818QLO5ut7IUrvLvtvB9rzSFk+AiBlJlhSbecpvVL5s/hu8jrvcGnH42ja4diqZspoNiBUJdo7L/H1s4PSc8g5,iv:X52W07jiX9EllpXXHDMq7f29gBddJFhSS/dCIx5e35I=,tag:KcarpmPBpzNgeIKooBdRjQ==,type:comment] +#ENC[AES256_GCM,data:KZGze8BTXPtvSx7ILLdTAvuyqsR+X5S3LEybznpGj4eUufVPZEcIVYB6VRL4AQVeHD/LSozcecOajQYtUASPKeuDM7ar,iv:fTvESlbXvHHkI7blRULmlxQJTOe5uGCXvR6a8WsMCf4=,tag:m12Oj7OWKEmzwn+c/2lDgw==,type:comment] +#ENC[AES256_GCM,data:47tQXJXNbsN/nHJnRhktiH8opVBneNDnhnHP1KaPbSH1GnBamNU9DNuDjWVfUVZUaFkkOuKbu/UKnMMSehTWntl9unvs,iv:gDw2ozica309CIDC9/AifkwL/YDwpImHFebk9QLGqUk=,tag:GzhqjpAPLAc2YSrAo1310w==,type:comment] +#ENC[AES256_GCM,data:1V/vciDyiw8+MleW+ULAxXfRk+S84ZSSgSohxqMgZfApuI70S4opJbo7VEGX/WxaDe7jj7Hwjt9O4p6xyBu7ijfgWBy7,iv:s6Ozm7ek9L+SH4Nc68ubYXUwe1EqeursZGQyxSJHi44=,tag:mIu9vK19sh8M/kl72IcOUw==,type:comment] +#ENC[AES256_GCM,data:jqyJ79BdcRNj8XUcZlNq394bwRLglCc379RVQzspNQO2dvtzb/pF/hhMALxGYVmElFX59sdUKKy7+socscnMMWrnXf5A,iv:nPZmTR9VJYqej2Oua3R6Ta48WlQfHDJunh9zqSEwqco=,tag:RqmgdKzIVSH1KpspXg04Kg==,type:comment] +#ENC[AES256_GCM,data:zyFx0m4ZufrzDRhA9NMa6cLU5r8mju1JE4I2/NRDw5PGPz327TJ3rrSUOjunU+CxA9Sy/Xb3nMlQjcjvGHZJsSEG7DHk,iv:x/inJ//qRL8noOFMMG3R0U0N7MF0EzyIHNNf1NYevyY=,tag:BaMom2wr09zrRJMeaTVMfg==,type:comment] +#ENC[AES256_GCM,data:JMKZktB4ryZ2Y1fLpQCowkAgD81DM3b9qoDJqpociIsRXvsaIOb0+Jtzm5s+FGwsoz6x1j+om1bJ4H4jxRVrnu0Ag1UI,iv:h8zH+zpqmIlmQef8y3QY6ID1oxY+7qtTLgk8yWf1Mfc=,tag:Nh/jYF7rypESthdG+itASQ==,type:comment] +#ENC[AES256_GCM,data:nc/f7QUaJeBW74P6SiYAtPz56tdcPDzs4x2b1P9c7tCdN7AqKPfh4ZcCSPfIDl+Esuh81eMKZXppgC69ugM0Eq7hlkAK,iv:9PEZkgkQi0Z1OTM2GR6YaTXillOCb/l5qZS8btuamSM=,tag:LxaiPjq15NMiEPdEM3kwuw==,type:comment] +#ENC[AES256_GCM,data:Cb+vpJV+PFsIut0NBvn5UjFpDE0wFfKFSCOg5OtpnUhzME3eFKHTWQY4OYHYjhKwhlZpOpARhbvoNYfEJvoUtPSnvwPe,iv:Mr8c+TP4YABP4hiDoS4y0lHq1xUm+b6MzS782bbCAYM=,tag:Q6/mYYpcokafX02kwL+o8Q==,type:comment] +#ENC[AES256_GCM,data:FBKMZPaleAPrxX1ncpdTP4/fYS0J/Ac3J03iKtYZvsFxZJiNUhaYStUVu6stzsEL1eCuCBuoe/aZ0YKx1d97IKfUnc+T,iv:eDWe5W1LN96YlfcrInFjg+zlAw8RDfXfIzM+4pdNlfE=,tag:LTrc29LOcb7/Oqcok4siEw==,type:comment] +#ENC[AES256_GCM,data:BoTcxe4+NC5A6K9ozueJ3YS9n7BAn+kzwjuOnsAUght+nAM7lLfn8xDkujfIdLqwYGKB5d4XriVusMQeN3uZfqjikCtW,iv:hye5bTzhSdd016DX4hOMFGvt0bRteQRutNaO6GzzrsI=,tag:SN9tuYEADZzdpy28+FVPYQ==,type:comment] +#ENC[AES256_GCM,data:QioUKc3QYeBrcwjshyAEFtqeclXygWKp9gPiUAKKoVTe4fu84WtPYhSt/HLGSda6oWyMXCQ5NqUBMWi9HK4QKvJ61tSA,iv:zv719W+PB6PsDgyHhfuaPjliIWqd62cWglUJLkGDcKQ=,tag:GNwzSqvufaNuEUUUu4t7bQ==,type:comment] +#ENC[AES256_GCM,data:LvU8yxoFojdTTgpXH8KkLcRMMOC1b9l5EstrjRvnjqLTAJo6vI1G+SCQ0O4PQyuH9XDfjD3SfQcLtK69PYiDPDDppqmn,iv:hRfvkWxw+bAIZMxXhYteFk0B873Sam86+/hMNrCqS5c=,tag:5WFIXiUkRCbfdIl5gs+VIA==,type:comment] +#ENC[AES256_GCM,data:uiCDpAX4I7tXVryvhnMOUlkJIeLCYSkORAkPDDRQ4ZKXgu1nxHhVoGFGYHFA2wsBGkULdst33ttTSYeApZJMDYgLX+rj,iv:sTr0YXbJx5jBDFwQ4hRnT/AQPzWq3ukxRWjg3aHYjFg=,tag:e6jsm2Le7R3EdLVzZW58RQ==,type:comment] +#ENC[AES256_GCM,data:YZrREVMOKkrVafgV1e4l2zf6c3b24uJ4B4uvP+Ho6AFxs3xdxjmzGmTktPDfEzETEFvOA1G1cOu8KR7BJVV7Rns/l740,iv:IzSo8Y5jI6u1ApKPGwRj+Y35qyChQ4Rm2UCUOmMT5r0=,tag:raCeJx4FkUC0lw2h7JlPiA==,type:comment] +#ENC[AES256_GCM,data:ojDgdzToEgTRhPajQKiVmXL0OCVviv70gBaTcJQi7KeB2k3h976yIzt8Y1eTliU7r5yVcUXiCuWUQBOZmmqvEbe8rQ5u,iv:u3GctKl/40idqour5hd7JJarypZC57/EJaKG+xgW6Rc=,tag:JfY1wZdrm6aNpcGOikTimA==,type:comment] +#ENC[AES256_GCM,data:rUbCaEZYE/MlF+ZvVoX0NfDWh5CgwWVt/kchfC0aAbn4jgEcYB7aOYXr10roqCcL1IIzE9fqboeR4uIoSc+kQ5NPGKIL,iv:p44nuigZwKF6WJ915hSeMvEeV6hOBvGs3GYJMWZcums=,tag:jbNQ+QhXPMdY7EkA7v8iBw==,type:comment] +#ENC[AES256_GCM,data:XUqPWj3OiBZMj8uCPbCX9mzpbiBFrHqspYzdW4pKzW7mYS/ZYDRla1i3ZW2Zi44KMRNwptgvkMXwE1C5e281fcn6Xyqc,iv:SneTuyiok1WPnTUfCVZa3lZfmf0ty+vjyt5gFnJGoTU=,tag:sSXbjIVdx5Pn63K3BLdinQ==,type:comment] +#ENC[AES256_GCM,data:ESizsRC4W2jae5CxXSNt5yiusq6+NEID/D5vOxiPtQxCXpk8jh1ka1TI8/SoQTBJkuXAIGQ1N0Ej4EUBTDy7A1h0TjKA,iv:pHz5ShHtJqylzOeUG4fmLzPP9Heb/mbLoFB1QrF9qsc=,tag:DKObC3vienXDccxaR79TLQ==,type:comment] +#ENC[AES256_GCM,data:AFQKW4cH1xL4udZlyQayPbv8Xb8pn/aMzwlL/+R6fiLMPM2dI+/9747mMAsK3bPStxSNcWuVsGTuV6yzFdWAS8Bl1SWq,iv:chk28nzEUk+pYFUJ/n5A5M4EaIjnQySkV54Gx1lnTfo=,tag:V7BtvEdz+1vZ/3VOzjRE/Q==,type:comment] +#ENC[AES256_GCM,data:5fp8AZxaS5BEhhQruSnvGUA52jDHi2NJd273ygHosJX5sK8OwdCx545CZ8DTvVC3w9gXaYMdPCQse6er1YOoSytx125E,iv:z4QwgjWjylEuMrSZbVsONOmX8pjboI3DqJ6MuxZBZwE=,tag:ZUXdUcJkavc8ucLoCuQkfw==,type:comment] +#ENC[AES256_GCM,data:Q8iG/NBsnYSHCPpsY+1EzvBBS4p+IBEi2XrO30HFH7nyGajNLVAUQ+8RLluBDkusEmNL7Lpo/ryduUDD3eIJ+FJ4LD8u,iv:sqkdLHQDK8OqNSTiTeyAvJH1KUoBlbu91+ddp13Bsbs=,tag:TNhNTnOm6vnD+wEz+ihZ4Q==,type:comment] +#ENC[AES256_GCM,data:u2BhbD8zppsei1S3m4NVhgGTmoIV58LuQDIjUhocIixeEuXB7FzQrS5bNOhTgtMiQQR+Qizt12wsPdD703aQvFoWTHWL,iv:mBkK8OjFFqL8vD/FeNr9vTVVs4AvyA8lt4xKRMwDVeY=,tag:hWJtGcx0dFco9tyu2VSrbw==,type:comment] +#ENC[AES256_GCM,data:KPDDIhmcZ9WJGSKh14a7/ev9fzg/+CoPjs1454xRDyoEIpFcH0WCXaam4IFyi1uFajkQkZcMuQeRqGO9uGATHLedVFJ6,iv:5HhUNzs9RTrMyv5fHSFM/vC+ejYWwdl7qMgmgFtyhYs=,tag:210fYB+i77sfz+X2/+9/cA==,type:comment] +#ENC[AES256_GCM,data:6j2Rwrex6R7oFgUnCGE1aGQW34RYiHyAmZmUIgmgUFv7c7d5XGnV+f7jouX33gzasMTt6EElZLeWKJ79HcoFtPTkWxRE,iv:3wTU8N2Luyw8m9sXRXpYj6c8rfY9VxgbD7h6ISzJMo8=,tag:AQ1mxk/zV3y7k0+bVdGbcA==,type:comment] +#ENC[AES256_GCM,data:LKaWXyxJEmFrbQ/ITxAuQBMvmbow3bPD1i1O4beg6sKo8A1XHvLIJd/5sUgB1KGWdUbwHFxT+WECnvfizHl9Rxi3Xapu,iv:kvj1965+madvaAA52d15170ef4sNnS3MyQkY3WpCQFo=,tag:C7NL952CqPnfpGhbBsFxww==,type:comment] +#ENC[AES256_GCM,data:j6r7Yto6EknUEKR/Fh2dZBBWH9APlXyBuue60JeMQ1PtXm8ha7mzRj25T6kKP9RVG0VMgFD3v8qfb7z52mdaLND28cjp,iv:gN910mK/iZBlf9Vev9Ld8y36XWrhU4tlLKNnyoDJiTs=,tag:auAdVxU1sK5NUMAnzeUUcw==,type:comment] +#ENC[AES256_GCM,data:McfSlBLpe0kvmRu8Pg4N+8jy0m2gMw6s4bsXKzvG9GvtDHiQkUxh2hv05gq0AjJyHYzl5OVY3a4A+N2JIdaqBV3cVE75,iv:CIEHXB6UaiL9QWbX1aZcFlJq1VrXbT7ebsn0Md8D/Mw=,tag:yYRkB9NmvpVPLlv5avCTYA==,type:comment] +#ENC[AES256_GCM,data:TNEd3ACXMnT+9KCoaMECEIrGppL1UTu72DxbnnxnG7EwQsIxtQ58diLIZGpSKguWjRBQQhoUoJvE53isKFHy0SodoEPf,iv:DoxyAmnhn31Mzg6l5ZMLcAwzQQm2dUnOp1zaEmjcOb0=,tag:rEODR5e+0HQq/DyDo59T1g==,type:comment] +#ENC[AES256_GCM,data:iJjY12EireQuj7jBOLgsjw9sLrw8iA2QF3KcKjjVDiv/4kIyPWfL7iWNpkqZ/7lOvp3svYmkLixoBeynU3QYEP9ZO0oc,iv:rz6lJzmErOg2acisHOei7NKVwTy2WEY+V0xSfb7KNyg=,tag:VJz+X+i04+cU8s8zgog/Tg==,type:comment] +#ENC[AES256_GCM,data:wzJggZAB8CGxWfrVSUjrD+rQdo7GYTh2/Qy1EzMXwJB2PNzmmnMMRg1eHawsnUXZDyYq+SFhNcs92drYoTJDpYTLbrmF,iv:3xnt3iISR0Dqqqde6BttnHtFzo07gIBQK1va0l7gyLI=,tag:L2fY8hY23cdYRu5fbjkz+Q==,type:comment] +#ENC[AES256_GCM,data:Ra3+7MNyv5eIyNUoyvyk1diD9F2ezD7+38hcMUkwFfEG0LrNZyAYMYdRZbJsRcnWBRU8+TXtbYNyf8XTbQYbP+vBfGiV,iv:Vk/ashcQdIwglcrwCFki47NoDI+PBKhuumZTzEubbv4=,tag:hWkMU+MHfRb0hvsuA8gp2Q==,type:comment] +#ENC[AES256_GCM,data:hBo3XPiw2wTnFf6iiInD995LCth4MoCrDE5Bz+SsagYFG5muh2V+4OSTTDXUCwudIYp508lX4Q4vJ9D+zTtxD12jBUpX,iv:I3z4AcG2ZrSFB9+2+LScLpkGCkQqO2ry7LubiDnRGWc=,tag:XhUrRAlHnwAEfzHvGWZ/dg==,type:comment] +#ENC[AES256_GCM,data:F5jxqXP/rcu6FlZuUV2iuXx2RLXeb6vmwwQ9xGAELts+Bphair6MLLDhGuF9nSz2L4oAXYYs+WVJ4e1ITqhMS62u6MFz,iv:+UTbP1qm4FqsArUNC3+mJkzMfFZt1UrfQMSAzjDBYS8=,tag:izynW2aZn7thVPJCVl3kcg==,type:comment] +#ENC[AES256_GCM,data:h7lHLsEpm0AE77oa/59vC4+F8RIkSMRuTxJxj5wMvElcK2qFkPQsmo6laenKgObOOQU/a7vE8symMw3LI+ZyIsjejDPv,iv:LTt+33tebAQmWX1Mt0WSoj4qZXvclx+Uz11e0jpNP+0=,tag:4kPgwgzDJlSS6n7eCxUWjg==,type:comment] +#ENC[AES256_GCM,data:ONtwydPbpb8YmmN+xESRaKH1suOUpGUISZU6A2Yf2S3yg1pbo2eD+Gd0td0HX9WAdbfkVa5JhDxQidssbo/2cXLZnxyg,iv:7rwWnXj/8Ei26DjxGJPxy3BgEiQinzm2IpxnjGrjAjM=,tag:EOaD+hiihZKoIbfcPlGA4g==,type:comment] +#ENC[AES256_GCM,data:DIx61nolHcn26hmeWg3IsJJoQca0VgamSknvPCwfnmnfMl/T9Q==,iv:wJPXMTER0SRmKB5EF1beX3GID7K8tcZIO/e02HpCKCc=,tag:oGeoYoQT4IIstoXq7FSWkQ==,type:comment] +#ENC[AES256_GCM,data:fIdL8pOxs07JSRVJxqmLZ5G502pTk9yx6Zu4KRvm,iv:KDgg9EjXBOHf6YMttZsL7IM11AaFkqBdsFFrliIRY7I=,tag:25m6m5dNqbLuX8ze6ieZFg==,type:comment] +filebot-license: ENC[AES256_GCM,data:iBcze+YKbRqgSc07PJ9iSV7+H/eeyX0JWbIk7ftGzvIuaDeZkNjhBGYWtcg7MEagN9fG9V9QBGOYbbxxWoG30pMwMvc35KCQntFSrxWNN09BlZ8eijdQDeWlIIEA/+sTrDNo/Cw4yS4cMDy3QDbOdMNh3If29ewT0hyrvbu+HWasNR9Y8KAytdHvCCcgxTRFHV25sqOyeLXrKRzMDndsF8gZ+kGyeKu9Ft4NMwZFaS/ZYPWHNFhWuZ+c0OeAoD40v/+Ay3DdEGRUIiNo+u4GIHfEbg3xGSrkARl2Bn81rxUawcaKD4YRS0kpVz25PShK3aPuwZAQ7nUcLV84xZLijaF6yz3a7I2bFnDrKQu+ZihBuXuHEAz4HAou1qLIcnXp8Z1R5cMWIjEfP2PsqorgqtuDXZLEaEWBFObug9Ve3kJH8N05DLZlkB8UR9YDIymXsoMxMANCDA57FbL3GgOy7gJmX9xsOn5kmLsTbXPfkGYo+Sf8YRkkTTs9OA+f4JummXvKe2xjJitm4De+Lqe3jzgNkDYEN2E7IdDBqpsw8D+HTYny9plEHlGEkZKCgF/77IWKLak0ACnz13ZEaHdo2rKIkzXcTWQG+D1ZELd2H7zemU4fChdERAl15L8D+TWP0K3zInDRROFeAyudQeXFDL55lBGTfKDxY+DKcCJRX1gb38wMIMlPd2t55cmvBN07DCWvV3JRWTtUfjlH/vL+WWMY0j+cb5aMtg3YXcjmzYlhqhQ4mTNA/cJIatbs9soutAGt2x6lC6PAU4o8tSwFMXYf2zoQznxDygiQ/iQ933CVndbhnQNLdmpQ7Rovl+AJHoNOoUXZUnmKZhPfn8Q9WmKDAe+d3Amhc82Jm+d1W7U16eJ7ULSAkcqSK1cDRbk=,iv:xbvkcdhZRAPwmJqyYf8nFudi13GUEMSE5X306xhMXNA=,tag:jHWjDRIAlV8rEyr/UwFoQA==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvemExcjFLT2tjTlhtMlFl - UFlCQWhtUDc5YmFHU21SdDBoMXNCV2dlbXl3CnJzVmpMcXUwbWx1a1VLUVRhSnFu - MmtmYjVESVJpdFh1UmtwSWl5WE5WZFkKLS0tIE5wZzQ0MENna2EwMzVDUU9QcDlk - bitkdVVwM0l4ajJVYldWM2JqV05tUzgKsJem/g4ckwrmiTJgwtHc98zALWlwmVgH - +O0nH3kcU54SjDQYVRKUWdaCNbsXHEN9wqICS9q0Ill7pD2K0ElZLg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOEJEOEpRWTZRS0VVOTcz + T0pFQlFtQkd3WjZEa1BVR3oyY29qckJZZVE4ClNLZkRDclNPRTlNQ0I1YXlzQUtH + UTNmdWx3bGkrRW5DRDdaMEd6VEExd00KLS0tIFVhSGhneFJ6NFFLZ2M0cEdSc2xI + a1JNZWo3WjRYdjRmS1RaQUZKYjVmOE0KwD5B1U3YPp8qn8q/OvbEIBVM4E6uV3Ml + GwOi/vNGlvevDR++AHOVJ+tzlhCjLo5S4FmFJfNCTkDCz0AifB4Bjg== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEb1dtSlJMKzFreWtmclBE - YUgvYXBQb1FtaFhZRjlqTWk1aUZkcjhCbjBFCi9rSUMzdWFkL3I3c3E0bUxERkVN - TDFaUCtHWE5xNEN4NzNXTlBWWnpYR2sKLS0tIDQ5dTM3S0JQdGJvaE0rTkZYWXNN - aTJQNUZuMW5kZVNJQ0lObkZRdzVyZ3MKwfD8PgUM1kHCa1aaDAp0Iv3zaSGsOWS8 - f3W8gUMV2Qv1FC4hBccbYH2bHuq5ENVhkleIyE51GT+Ckwt5oR14vw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZbHJBUnhjRzlMNHd3NFdt + eXhDWEF1OFF3RWhCUEE1QnhSY0ZUSWFnL240CmRnbGhmMXZXdHVuaUl0V1lTTnFv + dVVYcnZ5b083RTA2dnYxbEY2SlZnU1EKLS0tIGFWRzRtZWhEYkRwVWY5dEJ4ekdL + TWJpMFNHT1lRNXYxSVJuRGtsK3ZvQzAKM6QKBmkddZAjdNdS4Cb1kEuOWm2NLnG3 + fLmTx6e5Q0zGQ4KQdPsiKPbGXEXWKRG9qLaf90c7RbRGPEesTUPhTA== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dE5zaEpBSEYvVE5QTjVF - dldFY2t3YThTalowbkMrckhUWjhGdXFVNG1BCldqV2lOS280Z0xjQXo4THlPenQ2 - WVRiWDAxSFgzQUkvSjVZUEpBNzZkR0kKLS0tIC9rOHAvSUZadCs5OXhheFpERzlx - QmRCYldBUW9zeTF3cmtUOXVuV2pOMEEKDJC7lyekw9TQmuwfPRb9UsUgqdbAVaxy - tZYmhSYhUFBOUyJ7xwiIfMgOu5A4D2p/q+T2MPCmeOSLUDyycE8Zuw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVeXY1bkl2d3FOaVk0YWdS + R1lYLzNFcXhHN1QvN3dMZjN3MC8yWGU0WGlVCk1ydEJIMlFQWUkrNkxGcDdNVnpM + U0pvWmJPdVIvTGRoU3ZadFBONGMzTFUKLS0tIFIxMVdkTFBuSHFpMmZYaFlsMTBS + eVBaOW9URjJJZHM4UHRvSWRtalc3R3MKp1EjLf9Hh3I9dF3Z+LlI84A26erCLmh/ + VK4+X+itppbZ2y5FOnM4I21WlabC+0O6yizjarqC7fByHNeMHc2x1g== -----END AGE ENCRYPTED FILE----- - recipient: age1x3elhtccp4u8ha5ry32juj9fkpg0qg7qqx4gduuehgwwnnhcxp8s892hek enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzdkUramxKVFVZQVJVMU9E - a1pYck8yOEhpZWZGcktxYkR0U290dll6VmdnCnZWZU9uWXFWZ2ZrVnp0cDBteGdr - azVGVHg5Y0VuZi82UUtkWUtLeDA3UWcKLS0tIDNJZGJQNmpHdFpQUVdiMHh3djhP - WURRbGNNWWJvKzZabGxyd3NXN3lKZ2cKryVInc722ZsjoiYel0YYAQZUsgXDx0by - Ds65yQDcI0ttbmMyFN8oYqD7pnOaD1aZYg6cxqzUVPen9iqCkclMwg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWnFhNi95VUJNUnlHcGo0 + eEI0RVczNUliQTJFVEhzOEsxQXlWQ3Qzd0JrCmtJOUg0dFJ1MVNIbjI5MEl2eDJD + eUdyV0t4WWRMKzF5WEVlQUpDY0ZhY1kKLS0tIGltVU83YThiU1lPY3VrRjVFOXRr + YjEvWGZvVlIvcHY2MXVCbjRsTmkrZUkKwnSybPXDYmVjK0wxh3j/TjKK5yudMOGv + yqsn6nOVuJ2EJmVyN1sYZnlIx5qbwYV2DoUusrEDjFKYqVGjXmPXbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-08T12:02:01Z" - mac: ENC[AES256_GCM,data:K1kelYSO6R1kU3hLQVmlPI3vn9p4uEHDQnb7eVgn5PH/HFlqJrRj9HfagD/yKT0hBIehC3R8rxv73SeXacBcCaBx+A1Ty1fj/K18oQdEpFlOWxYhIvRX23NHaaqudFdVRiVg23spOoTgP48+mSzJdE4dk3jQcm94yxiUQy9kBSw=,iv:iSL9knAzk0SLXDJ1m6xy+Vkv6RqtUP2lzcluQTdKG5g=,tag:Z8I+UY/taf/uq4sQ7qIUEg==,type:str] + lastmodified: "2025-12-25T19:24:57Z" + mac: ENC[AES256_GCM,data:WKwg2pSXlqk4ESacn/e73WVZy2JTdAvEMYvm6OLlEZCOA2Q6iSANE6c5Eq+/QblhD5dGU5YY8jH+zL9xX9UotgE0IpAP8uMDvTVGI92hA6z38wSOS454duSftz5aW++EswmkcJY2Y/oIr+kx8qKxVyNoNyY3s+u4tMeHIKx3KJg=,iv:m35hc/0Mt2+sFA4ua0E4DngK4OBn/Z4xVxDp57+HHaQ=,tag:cigcOoVu8fsSMMb2XdWyZw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/hosts/nb/configuration.nix b/hosts/nb/configuration.nix index 8b20710..57ba254 100644 --- a/hosts/nb/configuration.nix +++ b/hosts/nb/configuration.nix @@ -40,6 +40,7 @@ in { # ./modules/steam.nix ./modules/fingerprint.nix ./modules/set-nix-channel.nix + ./modules/networking.nix ./hardware-configuration.nix ]; @@ -249,36 +250,6 @@ in { }; }; - networking.wireguard.interfaces = { - wg0 = { - ips = [ "10.42.98.201/32" ]; - # publicKey: YdlRGsjh4hS3OMJI+t6SZ2eGXKbs0wZBXWudHW4NyS8= - privateKeyFile = config.sops.secrets.wg-cloonar-key.path; - - peers = [ - { - publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q="; - allowedIPs = [ - "10.42.96.0/20" - # wohnservice-wien - "10.254.240.0/24" - "10.254.235.0/24" - # epicenter.works - "10.14.0.0/16" - "10.25.0.0/16" - "188.34.191.144/32" # web-arm - "91.107.201.241" # mail - ]; - endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 - persistentKeepalive = 25; - } - ]; - postSetup = '' - printf "nameserver 10.42.97.1\nsearch cloonar.com" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0 -x - ''; - }; - }; - # pgp services.pcscd.enable = true; programs.gnupg.agent = { diff --git a/hosts/nb/modules/desktop/default.nix b/hosts/nb/modules/desktop/default.nix index b58ada7..f09fbc3 100644 --- a/hosts/nb/modules/desktop/default.nix +++ b/hosts/nb/modules/desktop/default.nix @@ -19,6 +19,7 @@ in { fontforge freecad firefox + handbrake openscad orca-slicer diff --git a/hosts/nb/modules/development/default.nix b/hosts/nb/modules/development/default.nix index 244f929..1062286 100644 --- a/hosts/nb/modules/development/default.nix +++ b/hosts/nb/modules/development/default.nix @@ -25,6 +25,10 @@ in { glib gnumake + # mobile + flutter + supabase-cli + air go @@ -35,6 +39,7 @@ in { nix-prefetch-git nodejs_22 php + postgresql rbw sops unzip diff --git a/hosts/nb/modules/development/nvim/config/terminal.lua b/hosts/nb/modules/development/nvim/config/terminal.lua index 23fffaa..43b96c2 100644 --- a/hosts/nb/modules/development/nvim/config/terminal.lua +++ b/hosts/nb/modules/development/nvim/config/terminal.lua @@ -3,7 +3,7 @@ local config = { on_config_done = nil, -- size can be a number or function which is passed the current terminal size = 60, - open_mapping = [[]], + open_mapping = nil, hide_numbers = true, -- hide the number column in toggleterm buffers shade_filetypes = {}, shade_terminals = true, @@ -42,7 +42,7 @@ local config = { { vim.o.shell, "", "Float Terminal 1", "float", nil }, { vim.o.shell, "", "Float Terminal 2", "float", nil }, { "claude", "", "Claude Terminal", "float", nil }, - { vim.o.shell, "", "Float Terminal 4", "float", nil }, + { "codex", "", "Codex Terminal", "float", nil }, { vim.o.shell, "", "Float Terminal 5", "float", nil }, }, } diff --git a/hosts/nb/modules/networking.nix b/hosts/nb/modules/networking.nix new file mode 100644 index 0000000..0bf1995 --- /dev/null +++ b/hosts/nb/modules/networking.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: + +{ + # Enable systemd-resolved with split DNS for ddev.site + services.resolved = { + enable = true; + dnssec = "false"; + extraConfig = '' + DNS=127.0.0.1:5353 + Domains=~ddev.site + ''; + }; + + # Integrate NetworkManager with systemd-resolved + networking.networkmanager.dns = "systemd-resolved"; + + # Local dnsmasq for .ddev.site resolution only (port 5353) + services.dnsmasq = { + enable = true; + settings = { + port = 5353; + listen-address = "127.0.0.1"; + bind-interfaces = true; + no-resolv = true; + address = "/.ddev.site/127.0.0.1"; + }; + }; + + # WireGuard VPN configuration + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.42.98.201/32" ]; + # publicKey: YdlRGsjh4hS3OMJI+t6SZ2eGXKbs0wZBXWudHW4NyS8= + privateKeyFile = config.sops.secrets.wg-cloonar-key.path; + + peers = [ + { + publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q="; + allowedIPs = [ + "10.42.96.0/20" + # wohnservice-wien + "10.254.240.0/24" + "10.254.235.0/24" + # epicenter.works + "10.14.0.0/16" + "10.25.0.0/16" + "188.34.191.144/32" # web-arm + "91.107.201.241" # mail + ]; + endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 + persistentKeepalive = 25; + } + ]; + + # Use resolvectl for systemd-resolved integration + # Note: No postDown needed - systemd-resolved automatically handles interface removal + postSetup = '' + ${pkgs.systemd}/bin/resolvectl dns wg0 10.42.97.1 + ${pkgs.systemd}/bin/resolvectl domain wg0 cloonar.com + ''; + }; + }; +} diff --git a/hosts/nb/modules/sway/sway.nix b/hosts/nb/modules/sway/sway.nix index 6fc071d..3198322 100644 --- a/hosts/nb/modules/sway/sway.nix +++ b/hosts/nb/modules/sway/sway.nix @@ -37,8 +37,10 @@ let capacity=$(cat "$cap_file") status=$(cat "$status_file" 2>/dev/null || echo "Unknown") + stamp="/run/user/$(id -u)/.battery_swaynag_stamp" + pidfile="/run/user/$(id -u)/.battery_swaynag_pid" + if [[ "$capacity" -lt 20 && "$status" != "Charging" && "$status" != "Full" ]]; then - stamp="/run/user/$(id -u)/.battery_swaynag_stamp" now=$(date +%s) last=0 if [[ -f "$stamp" ]]; then @@ -46,10 +48,27 @@ let fi # Avoid spamming: at most once every 5 minutes if (( now - last >= 300 )); then + # Kill previous battery swaynag if still running + if [[ -f "$pidfile" ]]; then + old_pid=$(cat "$pidfile" 2>/dev/null || echo "") + if [[ -n "$old_pid" ]] && kill -0 "$old_pid" 2>/dev/null; then + kill "$old_pid" 2>/dev/null || true + fi + fi echo "$now" > "$stamp" swaynag -t warning -m "Battery low: ''${capacity}% - plug in the charger." -b "Dismiss" "true" & + echo $! > "$pidfile" disown || true fi + else + # Charging or battery OK - close any existing warning bar + if [[ -f "$pidfile" ]]; then + old_pid=$(cat "$pidfile" 2>/dev/null || echo "") + if [[ -n "$old_pid" ]] && kill -0 "$old_pid" 2>/dev/null; then + kill "$old_pid" 2>/dev/null || true + fi + rm -f "$pidfile" "$stamp" + fi fi ''; diff --git a/hosts/nb/users/configs/project_history b/hosts/nb/users/configs/project_history index 16b2b75..ec0ad0b 100644 --- a/hosts/nb/users/configs/project_history +++ b/hosts/nb/users/configs/project_history @@ -1,3 +1,6 @@ +/home/dominik/projects/infrastructure/actions +/home/dominik/projects/infrastructure/forgejo-mcp + /home/dominik/projects/cloonar/chatgpt.vim /home/dominik/projects/cloonar/ai.nvim /home/dominik/projects/cloonar/gitea.nvim @@ -13,6 +16,7 @@ /home/dominik/projects/scana11y/sa-core /home/dominik/projects/cloonar/cloonar-fit /home/dominik/projects/cloonar/ai-image-alt +/home/dominik/projects/cloonar/bookmap /home/dominik/projects/home-automation/lego-hetzner-bridge /home/dominik/projects/home-automation/ghetto-nixos diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index 9487d72..318106f 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -20,16 +20,16 @@ let "calendar.ui.version" = 3; "calendar.timezone.local" = "Europe/Vienna"; "calendar.week.start" = 1; - "layout.css.devPixelsPerPx" = "1.25"; + "layout.css.devPixelsPerPx" = "-1.0"; }; - thunderbirdCalendarPersonal = { + # Base calendar settings (without identity) + thunderbirdCalendarPersonalBase = { "calendar.registry.cloonar-personal.cache.enabled" = true; "calendar.registry.cloonar-personal.calendar-main-in-composite" = true; "calendar.registry.cloonar-personal.color" = "#232323"; "calendar.registry.cloonar-personal.disabled" = false; "calendar.registry.cloonar-personal.forceEmailScheduling" = true; - "calendar.registry.cloonar-personal.imip.identity.key" = "id6"; "calendar.registry.cloonar-personal.name" = "Personal"; "calendar.registry.cloonar-personal.readOnly" = false; "calendar.registry.cloonar-personal.refreshInterval" = 30; @@ -38,6 +38,19 @@ let "calendar.registry.cloonar-personal.uri" = "https://nextcloud.cloonar.com/remote.php/dav/calendars/dominik.polakovics@cloonar.com/personal/"; "calendar.registry.cloonar-personal.username" = "dominik.polakovics@cloonar.com"; }; + + # Generate identity key the same way Home Manager does + mkIdentityKey = email: "id_${builtins.hashString "sha256" email}"; + + # Calendar for cloonar/work profiles (sends notifications via dominik.polakovics@cloonar.com) + thunderbirdCalendarPersonalCloonar = thunderbirdCalendarPersonalBase // { + "calendar.registry.cloonar-personal.imip.identity.key" = mkIdentityKey "dominik.polakovics@cloonar.com"; + }; + + # Calendar for private profile (sends notifications via dominik@superbros.tv) + thunderbirdCalendarPersonalPrivate = thunderbirdCalendarPersonalBase // { + "calendar.registry.cloonar-personal.imip.identity.key" = mkIdentityKey "dominik@superbros.tv"; + }; thunderbirdCalendarEpicenterEmployees = { "calendar.registry.epicenter-employees.cache.enabled" = true; "calendar.registry.epicenter-employees.calendar-main-in-composite" = true; @@ -76,7 +89,7 @@ let "signon.rememberSignons" = false; "identity.sync.tokenserver.uri" = "https://sync.cloonar.com/1.0/sync/1.5"; # "toolkit.legacyUserProfileCustomizations.stylesheets" = true; - "layout.css.devPixelsPerPx" = "1.25"; + "layout.css.devPixelsPerPx" = "-1.0"; # auto-detect from Wayland compositor "media.ffmpeg.vaapi.enabled" = true; "media.ffmpeg.vaapi-drm-display.enabled" = true; "gfx.webrender.all" = true; @@ -300,6 +313,10 @@ in # Chathub id = "iaakpnchhognanibcahlpcplchdfmgma"; } + { + # Claude in Chrome + id = "fcoeoabgfenejglbffodgkkbkcdhcgfn"; + } ]; }; @@ -319,7 +336,7 @@ in # Remember and auto-resolve merge conflicts # https://git-scm.com/book/en/v2/Git-Tools-Rerere rerere.enabled = true; - "url \"gitea@git.cloonar.com:\"" = { + "url \"forgejo@git.cloonar.com:\"" = { insteadOf = "https://git.cloonar.com/"; }; }; @@ -332,21 +349,21 @@ in isDefault = true; settings = lib.mkMerge [ thunderbirdSettings - thunderbirdCalendarPersonal + thunderbirdCalendarPersonalPrivate thunderbirdContactsPersonal ]; }; cloonar = { settings = lib.mkMerge [ thunderbirdSettings - thunderbirdCalendarPersonal + thunderbirdCalendarPersonalCloonar thunderbirdContactsPersonal ]; }; work = { settings = lib.mkMerge [ thunderbirdSettings - thunderbirdCalendarPersonal + thunderbirdCalendarPersonalCloonar thunderbirdCalendarEpicenterEmployees thunderbirdContactsPersonal ]; @@ -586,55 +603,59 @@ in ssh-keygen -R git.cloonar.com ssh-keyscan git.cloonar.com >> ~/.ssh/known_hosts git clone git@github.com:dpolakovics/soundscape-sync.git ${persistHome}/projects/cloonar/soundscape-sync 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/yaapi.git ${persistHome}/projects/cloonar/yaapi 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/chatgpt.vim.git ${persistHome}/cloonar/chatgpt.vim 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/gitea.nvim.git ${persistHome}/cloonar/gitea.nvim 2>/dev/null - git clone gitea@git.cloonar.com:myhidden.life/web.git ${persistHome}/projects/myhidden.life/myhidden.life-web 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/yaapi.git ${persistHome}/projects/cloonar/yaapi 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/chatgpt.vim.git ${persistHome}/cloonar/chatgpt.vim 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/gitea.nvim.git ${persistHome}/cloonar/gitea.nvim 2>/dev/null + git clone forgejo@git.cloonar.com:myhidden.life/web.git ${persistHome}/projects/myhidden.life/myhidden.life-web 2>/dev/null git clone git@github.com:dpolakovics/glazewm.git ${persistHome}/cloonar/glazewm 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/phishguard.git ${persistHome}/projects/cloonar/phishguard 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/phishguard-frontend.git ${persistHome}/projects/cloonar/phishguard-frontend 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/gitapi.git ${persistHome}/projects/cloonar/gitapi 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/ai.nvim.git ${persistHome}/cloonar/ai.nvim 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/cloonar-assistant.git ${persistHome}/projects/cloonar/cloonar-assistant 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/cloonar-assistant-customers.git ${persistHome}/projects/cloonar/cloonar-assistant-customers 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/updns.git ${persistHome}/projects/cloonar/updns 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/phishguard.git ${persistHome}/projects/cloonar/phishguard 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/phishguard-frontend.git ${persistHome}/projects/cloonar/phishguard-frontend 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/gitapi.git ${persistHome}/projects/cloonar/gitapi 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/ai.nvim.git ${persistHome}/cloonar/ai.nvim 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/cloonar-assistant.git ${persistHome}/projects/cloonar/cloonar-assistant 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/cloonar-assistant-customers.git ${persistHome}/projects/cloonar/cloonar-assistant-customers 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/updns.git ${persistHome}/projects/cloonar/updns 2>/dev/null git clone git@github.com:dpolakovics/mcp-servers-nix.git ${persistHome}/cloonar/mcp-servers-nix 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/ldap2vcard.git ${persistHome}/projects/cloonar/ldap2vcard 2>/dev/null - git clone gitea@git.cloonar.com:ScanA11y/sa-core.git ${persistHome}/projects/scana11y/sa-core 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/ai-image-alt.git ${persistHome}/projects/cloonar/ai-image-alt 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/ldap2vcard.git ${persistHome}/projects/cloonar/ldap2vcard 2>/dev/null + git clone forgejo@git.cloonar.com:ScanA11y/sa-core.git ${persistHome}/projects/scana11y/sa-core 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/ai-image-alt.git ${persistHome}/projects/cloonar/ai-image-alt 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/bookmap.git ${persistHome}/projects/cloonar/bookmap 2>/dev/null + git clone forgejo@git.cloonar.com:infrastructure/actions.git ${persistHome}/projects/infrastructure/actions 2>/dev/null + git clone ssh://git@codeberg.org/razormind/forgejo-mcp.git ${persistHome}/projects/infrastructure/forgejo-mcp 2>/dev/null - git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null - git clone gitea@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null + + git clone forgejo@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null + git clone forgejo@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null git clone git@github.com:dpolakovics/bento.git ${persistHome}/cloonar/bento 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/freescout.git ${persistHome}/projects/cloonar/freescout 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/support-invoiced.git ${persistHome}/projects/cloonar/support-invoiced 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/nixos.git ${persistHome}/projects/cloonar/cloonar-nixos 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/website.git ${persistHome}/projects/cloonar/cloonar-website 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git ${persistHome}/projects/cloonar/wohnservice-wien 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/wohnservice-gdpr.git ${persistHome}/projects/cloonar/wohnservice-gdpr 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/gbv-aktuell.git ${persistHome}/projects/cloonar/gbv-aktuell 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/fit.git ${persistHome}/projects/cloonar/cloonar-fit 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/freescout.git ${persistHome}/projects/cloonar/freescout 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/support-invoiced.git ${persistHome}/projects/cloonar/support-invoiced 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/nixos.git ${persistHome}/projects/cloonar/cloonar-nixos 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/website.git ${persistHome}/projects/cloonar/cloonar-website 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git ${persistHome}/projects/cloonar/wohnservice-wien 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/wohnservice-gdpr.git ${persistHome}/projects/cloonar/wohnservice-gdpr 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/gbv-aktuell.git ${persistHome}/projects/cloonar/gbv-aktuell 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/fit.git ${persistHome}/projects/cloonar/cloonar-fit 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/cloonar-technologies-website.git ${persistHome}/projects/cloonar/cloonar-technologies-website 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/cloonar-technologies-website.git ${persistHome}/projects/cloonar/cloonar-technologies-website 2>/dev/null - git clone gitea@git.cloonar.com:Paraclub/api.git ${persistHome}/projects/cloonar/paraclub/paraclub-api 2>/dev/null - git clone gitea@git.cloonar.com:Paraclub/frontend.git ${persistHome}/projects/cloonar/paraclub/paraclub-frontend 2>/dev/null - git clone gitea@git.cloonar.com:Paraclub/website.git ${persistHome}/projects/cloonar/paraclub/paraclub-website 2>/dev/null - git clone gitea@git.cloonar.com:Paraclub/module.git ${persistHome}/projects/cloonar/paraclub/paraclub-module 2>/dev/null - git clone gitea@git.cloonar.com:Paraclub/ai-mailer.git ${persistHome}/projects/cloonar/paraclub/paraclub-ai-mailer 2>/dev/null + git clone forgejo@git.cloonar.com:Paraclub/api.git ${persistHome}/projects/cloonar/paraclub/paraclub-api 2>/dev/null + git clone forgejo@git.cloonar.com:Paraclub/frontend.git ${persistHome}/projects/cloonar/paraclub/paraclub-frontend 2>/dev/null + git clone forgejo@git.cloonar.com:Paraclub/website.git ${persistHome}/projects/cloonar/paraclub/paraclub-website 2>/dev/null + git clone forgejo@git.cloonar.com:Paraclub/module.git ${persistHome}/projects/cloonar/paraclub/paraclub-module 2>/dev/null + git clone forgejo@git.cloonar.com:Paraclub/ai-mailer.git ${persistHome}/projects/cloonar/paraclub/paraclub-ai-mailer 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/amz-api.git ${persistHome}/projects/cloonar/amz/amz-api 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/amz-frontend.git ${persistHome}/projects/cloonar/amz/amz-frontend 2>/dev/null - git clone gitea@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/dialog-relations-website.git ${persistHome}/projects/cloonar/dialog-relations-website 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/imperfect-perfect.com.git ${persistHome}/projects/cloonar/imperfect-perfect.com 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/amz-api.git ${persistHome}/projects/cloonar/amz/amz-api 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/amz-frontend.git ${persistHome}/projects/cloonar/amz/amz-frontend 2>/dev/null + git clone forgejo@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/dialog-relations-website.git ${persistHome}/projects/cloonar/dialog-relations-website 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/imperfect-perfect.com.git ${persistHome}/projects/cloonar/imperfect-perfect.com 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/lego-hetzner-bridge.git ${persistHome}/projects/home-automation/lego-hetzner-bridge 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/ghetto-nixos.git ${persistHome}/projects/home-automation/ghetto-nixos 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/lego-hetzner-bridge.git ${persistHome}/projects/home-automation/lego-hetzner-bridge 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/ghetto-nixos.git ${persistHome}/projects/home-automation/ghetto-nixos 2>/dev/null - git clone gitea@git.cloonar.com:ownstash/api.git ${persistHome}/projects/ownstash/ownstash-api 2>/dev/null + git clone forgejo@git.cloonar.com:ownstash/api.git ${persistHome}/projects/ownstash/ownstash-api 2>/dev/null ssh-keygen -R gitlab.epicenter.works ssh-keyscan gitlab.epicenter.works >> ~/.ssh/known_hosts diff --git a/hosts/web-arm/configuration.nix b/hosts/web-arm/configuration.nix index 21ebfff..f4e0e9f 100644 --- a/hosts/web-arm/configuration.nix +++ b/hosts/web-arm/configuration.nix @@ -58,7 +58,9 @@ screen ucommon php - php83 + (writeShellScriptBin "php82" ''exec ${php82}/bin/php "$@"'') + (writeShellScriptBin "php83" ''exec ${php83}/bin/php "$@"'') + (writeShellScriptBin "php84" ''exec ${php84}/bin/php "$@"'') ]; time.timeZone = "Europe/Vienna"; diff --git a/hosts/web-arm/modules/authelia.nix b/hosts/web-arm/modules/authelia.nix index 6216b67..4f0d5d9 100644 --- a/hosts/web-arm/modules/authelia.nix +++ b/hosts/web-arm/modules/authelia.nix @@ -5,6 +5,21 @@ let system = pkgs.system; }; in { + # Redis for Authelia session persistence + services.redis.servers.authelia = { + enable = true; + user = "authelia-main"; + unixSocket = "/run/redis-authelia/redis.sock"; + unixSocketPerm = 660; + settings = { + appendonly = "yes"; # Enable AOF persistence + appendfsync = "everysec"; # Sync every second + }; + }; + + # Add authelia user to redis group for socket access + users.users.authelia-main.extraGroups = [ "redis-authelia" ]; + sops.secrets.authelia-jwt-secret = { owner = "authelia-main"; }; @@ -106,6 +121,9 @@ in { inactivity = "45m"; remember_me_duration = "1M"; domain = "cloonar.com"; + redis = { + host = "/run/redis-authelia/redis.sock"; + }; # todo: enable with 4.38 # cookies = [ # { diff --git a/hosts/web-arm/modules/grafana/alerting/service/amzebs_mysql_down.nix b/hosts/web-arm/modules/grafana/alerting/service/amzebs_mysql_down.nix deleted file mode 100644 index 9416794..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/amzebs_mysql_down.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "amzebs-mysql-service-down-alert-uid"; - title = "MySQL Service Down on amzebs-01"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"mysql.service\", instance=\"amzebs-01:9100\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "MySQL service is down on amzebs-01"; - summary = "MySQL Service Down on amzebs-01"; - }; - labels = { - severity = "critical"; - host = "amzebs-01"; - }; - } - ]; -} diff --git a/hosts/web-arm/modules/grafana/alerting/service/amzebs_nginx_down.nix b/hosts/web-arm/modules/grafana/alerting/service/amzebs_nginx_down.nix deleted file mode 100644 index a3b2119..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/amzebs_nginx_down.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "amzebs-nginx-service-down-alert-uid"; - title = "Nginx Service Down on amzebs-01"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"nginx.service\", instance=\"amzebs-01:9100\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "Nginx service is down on amzebs-01"; - summary = "Nginx Service Down on amzebs-01"; - }; - labels = { - severity = "critical"; - host = "amzebs-01"; - }; - } - ]; -} diff --git a/hosts/web-arm/modules/grafana/alerting/service/amzebs_phpfpm_down.nix b/hosts/web-arm/modules/grafana/alerting/service/amzebs_phpfpm_down.nix deleted file mode 100644 index bfe52fa..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/amzebs_phpfpm_down.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "amzebs-phpfpm-service-down-alert-uid"; - title = "PHP-FPM Service Down on amzebs-01"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=~\"phpfpm-.*\\\\.service\", instance=\"amzebs-01:9100\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "min"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "One or more PHP-FPM services are down on amzebs-01"; - summary = "PHP-FPM Service Down on amzebs-01"; - }; - labels = { - severity = "critical"; - host = "amzebs-01"; - }; - } - ]; -} diff --git a/hosts/web-arm/modules/grafana/alerting/service/default.nix b/hosts/web-arm/modules/grafana/alerting/service/default.nix index cdcd759..edb75fb 100644 --- a/hosts/web-arm/modules/grafana/alerting/service/default.nix +++ b/hosts/web-arm/modules/grafana/alerting/service/default.nix @@ -1,26 +1,6 @@ { lib, pkgs, config, ... }: let - giteaDownAlertRules = (import ./gitea_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - giteaRunnerDownAlertRules = (import ./gitea_runner_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - postfixDownAlertRules = (import ./postfix_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - dovecotDownAlertRules = (import ./dovecot_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - openldapDownAlertRules = (import ./openldap_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - wireguardDownAlertRules = (import ./wireguard_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - - # amzebs-01 service alerts - ambebsMysqlDownAlertRules = (import ./amzebs_mysql_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - ambebsNginxDownAlertRules = (import ./amzebs_nginx_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - ambebsPhpfpmDownAlertRules = (import ./amzebs_phpfpm_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - - allServiceRules = giteaDownAlertRules - ++ giteaRunnerDownAlertRules - ++ postfixDownAlertRules - ++ dovecotDownAlertRules - ++ openldapDownAlertRules - ++ wireguardDownAlertRules - ++ ambebsMysqlDownAlertRules - ++ ambebsNginxDownAlertRules - ++ ambebsPhpfpmDownAlertRules; + servicesDownAlertRules = (import ./services_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; in { services.grafana.provision.alerting.rules.settings.groups = [ @@ -28,7 +8,7 @@ in name = "Service Alerts"; folder = "Service Monitoring"; interval = "1m"; - rules = allServiceRules; + rules = servicesDownAlertRules; } ]; -} \ No newline at end of file +} diff --git a/hosts/web-arm/modules/grafana/alerting/service/dovecot_down.nix b/hosts/web-arm/modules/grafana/alerting/service/dovecot_down.nix deleted file mode 100644 index 18645fd..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/dovecot_down.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "dovecot-service-down-alert-uid"; - title = "Dovecot Service Down"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"dovecot.service\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "Dovecot service is down on {{ $labels.instance }}"; - summary = "Dovecot Service Down"; - }; - labels = { - severity = "critical"; - }; - } - ]; -} \ No newline at end of file diff --git a/hosts/web-arm/modules/grafana/alerting/service/gitea_down.nix b/hosts/web-arm/modules/grafana/alerting/service/gitea_down.nix deleted file mode 100644 index f4b0741..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/gitea_down.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "gitea-service-down-alert-uid"; - title = "Gitea Service Down"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"container@git.service\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "Gitea service is down on {{ $labels.instance }}"; - summary = "Gitea Service Down"; - }; - labels = { - severity = "critical"; - }; - } - ]; -} \ No newline at end of file diff --git a/hosts/web-arm/modules/grafana/alerting/service/gitea_runner_down.nix b/hosts/web-arm/modules/grafana/alerting/service/gitea_runner_down.nix deleted file mode 100644 index d4232a4..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/gitea_runner_down.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "gitea-runner-service-down-alert-uid"; - title = "Gitea Runner Service Down"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"microvm@git-runner-1.service\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "Gitea Runner service is down on {{ $labels.instance }}"; - summary = "Gitea Runner Service Down"; - }; - labels = { - severity = "critical"; - }; - } - ]; -} \ No newline at end of file diff --git a/hosts/web-arm/modules/grafana/alerting/service/openldap_down.nix b/hosts/web-arm/modules/grafana/alerting/service/openldap_down.nix deleted file mode 100644 index 35172a8..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/openldap_down.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "openldap-service-down-alert-uid"; - title = "OpenLDAP Service Down"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"openldap.service\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "OpenLDAP service is down on {{ $labels.instance }}"; - summary = "OpenLDAP Service Down"; - }; - labels = { - severity = "critical"; - }; - } - ]; -} \ No newline at end of file diff --git a/hosts/web-arm/modules/grafana/alerting/service/postfix_down.nix b/hosts/web-arm/modules/grafana/alerting/service/postfix_down.nix deleted file mode 100644 index cfd5247..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/postfix_down.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "postfix-service-down-alert-uid"; - title = "Postfix Service Down"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"postfix.service\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "Postfix service is down on {{ $labels.instance }}"; - summary = "Postfix Service Down"; - }; - labels = { - severity = "critical"; - }; - } - ]; -} \ No newline at end of file diff --git a/hosts/web-arm/modules/grafana/alerting/service/services_down.nix b/hosts/web-arm/modules/grafana/alerting/service/services_down.nix new file mode 100644 index 0000000..7172280 --- /dev/null +++ b/hosts/web-arm/modules/grafana/alerting/service/services_down.nix @@ -0,0 +1,96 @@ +{ lib, pkgs, config, ... }: +let + # Add services here - each entry generates an alert rule + # instance = which node exporter to query (hostname:9100) + monitoredServices = [ + { name = "AI-Mailer"; service = "ai-mailer.service"; instance = "fw:9100"; } + { name = "Postfix"; service = "postfix.service"; instance = "mail:9100"; } + { name = "Dovecot"; service = "dovecot.service"; instance = "mail:9100"; } + { name = "OpenLDAP"; service = "openldap.service"; instance = "mail:9100"; } + { name = "Forgejo"; service = "container@forgejo.service"; instance = "fw:9100"; } + { name = "Forgejo Runner 1"; service = "microvm@fj-runner-1.service"; instance = "fw:9100"; } + { name = "Forgejo Runner 2"; service = "microvm@fj-runner-2.service"; instance = "fw:9100"; } + { name = "WireGuard"; service = "wireguard-wg_cloonar.service"; instance = "fw:9100"; } + { name = "MySQL"; service = "mysql.service"; instance = "amzebs-01:9100"; } + { name = "Nginx"; service = "nginx.service"; instance = "amzebs-01:9100"; } + { name = "PHP-FPM"; service = "phpfpm-.*[.]service"; instance = "amzebs-01:9100"; } + ]; + + # Extract host from instance (e.g., "fw:9100" -> "fw") + getHost = instance: lib.head (lib.splitString ":" instance); + + # Generate a unique UID from service name + mkUid = name: "${lib.toLower (lib.replaceStrings [" " "@" "."] ["-" "-" "-"] name)}-down-uid"; + + # Check if service pattern uses regex (contains special chars) + isRegex = svc: lib.hasInfix ".*" svc || lib.hasInfix "\\" svc; + + # Build the PromQL expression + # For regex patterns: use min() to alert if ANY matching service is down + # For single services: use OR vector(0) to handle missing metrics + mkExpr = svc: + let + nameMatch = if isRegex svc.service + then "name=~\"${svc.service}\"" + else "name=\"${svc.service}\""; + baseQuery = "node_systemd_unit_state{state=\"active\", ${nameMatch}, instance=\"${svc.instance}\"}"; + in if isRegex svc.service + then "min(${baseQuery})" + else "${baseQuery} OR on() vector(0)"; + + mkServiceAlert = svc: { + uid = mkUid svc.name; + title = "${svc.name} Service Down on ${getHost svc.instance}"; + condition = "C"; + data = [ + { + refId = "A"; + relativeTimeRange = { + from = 300; + to = 0; + }; + datasourceUid = "vm-datasource-uid"; + model = { + editorMode = "code"; + expr = mkExpr svc; + hide = false; + intervalMs = 1000; + legendFormat = "__auto"; + maxDataPoints = 43200; + range = true; + refId = "A"; + }; + } + { + refId = "B"; + datasourceUid = "__expr__"; + model = { + type = "reduce"; + expression = "A"; + reducer = "last"; + }; + } + { + refId = "C"; + datasourceUid = "__expr__"; + model = { + type = "math"; + expression = "$B < 1"; + }; + } + ]; + noDataState = "Alerting"; + execErrState = "Alerting"; + for = "5m"; + annotations = { + description = "${svc.name} service is down on ${getHost svc.instance}"; + summary = "${svc.name} Service Down"; + }; + labels = { + severity = "critical"; + host = getHost svc.instance; + }; + }; +in { + grafanaAlertRuleDefinitions = map mkServiceAlert monitoredServices; +} diff --git a/hosts/web-arm/modules/grafana/alerting/service/wireguard_down.nix b/hosts/web-arm/modules/grafana/alerting/service/wireguard_down.nix deleted file mode 100644 index b7be698..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/wireguard_down.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "wireguard-service-down-alert-uid"; - title = "WireGuard Service Down"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"wireguard-wg_cloonar.service\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "WireGuard service is down on {{ $labels.instance }}"; - summary = "WireGuard Service Down"; - }; - labels = { - severity = "critical"; - }; - } - ]; -} \ No newline at end of file diff --git a/hosts/web-arm/modules/grafana/alerting/storage/raid_alerts.nix b/hosts/web-arm/modules/grafana/alerting/storage/raid_alerts.nix index 82ad73e..0fbe8dd 100644 --- a/hosts/web-arm/modules/grafana/alerting/storage/raid_alerts.nix +++ b/hosts/web-arm/modules/grafana/alerting/storage/raid_alerts.nix @@ -12,7 +12,7 @@ datasourceUid = "vm-datasource-uid"; relativeTimeRange = { from = 300; to = 0; }; model = { - expr = ''mdadm_array_state == 0''; + expr = ''mdadm_array_state < 1''; instant = false; }; } @@ -35,7 +35,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "RAID array {{ $labels.array }} is degraded"; @@ -84,7 +84,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "RAID array {{ $labels.array }} has missing devices"; diff --git a/hosts/web-arm/modules/grafana/alerting/storage/smart_alerts.nix b/hosts/web-arm/modules/grafana/alerting/storage/smart_alerts.nix index dd36462..42e9fd6 100644 --- a/hosts/web-arm/modules/grafana/alerting/storage/smart_alerts.nix +++ b/hosts/web-arm/modules/grafana/alerting/storage/smart_alerts.nix @@ -12,7 +12,7 @@ datasourceUid = "vm-datasource-uid"; relativeTimeRange = { from = 300; to = 0; }; model = { - expr = ''smart_health_passed == 0''; + expr = ''smart_health_passed < 1''; instant = false; }; } @@ -35,7 +35,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "S.M.A.R.T. health check FAILED on {{ $labels.device }}"; @@ -84,7 +84,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "Reallocated sectors detected on {{ $labels.device }}"; @@ -133,7 +133,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "Pending sectors detected on {{ $labels.device }}"; @@ -182,7 +182,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "Offline uncorrectable errors on {{ $labels.device }}"; @@ -231,7 +231,7 @@ } ]; for = "10m"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "High temperature on {{ $labels.device }}"; @@ -280,7 +280,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "UDMA CRC errors on {{ $labels.device }}"; diff --git a/hosts/web-arm/modules/grafana/default.nix b/hosts/web-arm/modules/grafana/default.nix index f4e0ce2..68576bb 100644 --- a/hosts/web-arm/modules/grafana/default.nix +++ b/hosts/web-arm/modules/grafana/default.nix @@ -115,7 +115,6 @@ in settings = { apiToken = "\${PUSHOVER_API_TOKEN}"; userKey = "\${PUSHOVER_USER_KEY}"; - device = "iphone"; priority = 2; retry = "30s"; expire = "2m"; @@ -134,7 +133,6 @@ in settings = { apiToken = "\${PUSHOVER_API_TOKEN}"; userKey = "\${PUSHOVER_USER_KEY}"; - device = "iphone"; priority = 1; sound = "siren"; okSound = "magic"; diff --git a/hosts/web-arm/modules/nextcloud/default.nix b/hosts/web-arm/modules/nextcloud/default.nix index 882d768..ef2b59f 100644 --- a/hosts/web-arm/modules/nextcloud/default.nix +++ b/hosts/web-arm/modules/nextcloud/default.nix @@ -1,11 +1,5 @@ { pkgs, config, ... }: let - nextcloud30 = pkgs.nextcloud30.overrideAttrs (oldAttrs: { - src = pkgs.fetchurl { - url = "https://download.nextcloud.com/server/releases/nextcloud-30.0.2.tar.bz2"; - sha256 = "sha256-kpu4BF6WIW/iKmXc1mJ55b17oauynZm/QB1CO2RqRF8="; - }; - }); in { sops.secrets.nextcloud-adminpass.owner = "nextcloud"; @@ -16,14 +10,14 @@ in enable = true; hostName = "nextcloud.cloonar.com"; https = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; # Instead of using pkgs.nextcloud27Packages.apps, # we'll reference the package version specified above extraApps = { inherit (config.services.nextcloud.package.packages.apps) calendar contacts deck groupfolders mail richdocuments tasks; oidc_login = pkgs.fetchNextcloudApp rec { - url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.1.1/oidc_login.tar.gz"; - sha256 = "sha256-b/tKk+y+ZypCHGNDtunDua2msYD6/TzA0haoC0k85F4="; + url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.5/oidc_login.tar.gz"; + sha256 = "sha256-Qtqcw1OspTHg0QRIgDMxNru6ZGL8y5XhJ5gdgqn6/Wc="; license = "gpl3"; }; }; diff --git a/hosts/web-arm/modules/prometheus.nix b/hosts/web-arm/modules/prometheus.nix index dc70321..bdd5a8f 100644 --- a/hosts/web-arm/modules/prometheus.nix +++ b/hosts/web-arm/modules/prometheus.nix @@ -118,10 +118,10 @@ description="homeassistant notification {{$labels.entity}} ({{$labels.friendly_name}}): {{$value}}" } - ALERT gitea - IF rate(promhttp_metric_handler_requests_total{job="gitea", code="500"}[5m]) > 3 + ALERT forgejo + IF rate(promhttp_metric_handler_requests_total{job="forgejo", code="500"}[5m]) > 3 ANNOTATIONS { - description="{{$labels.instance}}: gitea instances error rate went up: {{$value}} errors in 5 minutes" + description="{{$labels.instance}}: forgejo instances error rate went up: {{$value}} errors in 5 minutes" } '' ]; @@ -198,7 +198,7 @@ ]; } { - job_name = "gitea"; + job_name = "forgejo"; scrape_interval = "60s"; metrics_path = "/metrics"; diff --git a/hosts/web-arm/secrets.yaml b/hosts/web-arm/secrets.yaml index 4eb993f..d5b084b 100644 --- a/hosts/web-arm/secrets.yaml +++ b/hosts/web-arm/secrets.yaml @@ -1,75 +1,76 @@ -borg-passphrase: ENC[AES256_GCM,data:BrhH8wtzT2xgfFO/QasHSLQICa0ozkvmoOpls9zvmgCv5Szx1GzFJsnml8wIugWrbXuz1eoa1mRfARlnz57SoA==,iv:Ck+Ek7umFJv2T6cqxXdtignlawVHD10jvuc4mLG7kd8=,tag:SmN+bDxRiBc3DAdlz36aAg==,type:str] -borg-ssh-key: ENC[AES256_GCM,data:4R+kgRD6n0yCj1NCtF+BJqR28SB6zgEmmZoLO58aOWIceaTjsa4xZOVobRZ1rjedzA7R2j9hikEO9K4SlLtiaZdE9q5fl+oKYNjXYXU3Dtq8PMB2y2tFM6iiRAv3eaNJSLazowpSbANL9d8q9NfEB87DJpXdOLUD0Ut1A2pNzRUcY4DneQ57MSEWntOytdSEhu+qxcqIvnC7xPtnYZqNIGkLeayddQMrUMeqy/F5FGy+N+O2025tfDS1q3vuvIQxjZLm39ZFJc5ppHHDZfWWZheEyj2b6B8pyiVUcS5e5ZQmOB3W3CSGtGpTLMoamFhgIznFVmWxNX5a2KJJCQh3ET2RJu+z02AlrfVtBAlBM/i25KJTS+D193FiZ6tibAOQtRMHylPG5VSAxbTNF8ioIW3veHvMcx3p4oIxuXmCQh51MwDeRcAEwDBNf7DZMJzEYIT93fX7alvI/4QFXFaFyF1YebdD6be60mSr1TTE0IT0Kno/FRXsoMfQlNk5KUDnXX9ITDCDrZJOP9fSum3r,iv:X+XKL3sb0/T6l50vYdbO6mlY82qwbmToQQLNHWkL/l8=,tag:bEDnU1O09Aw11/0YEFdDTA==,type:str] -vaultwarden-admin-token: ENC[AES256_GCM,data:oeAuZCbjZYZBVLuaW019QeUnLe0YwZpj5T8xnGGiwknnINZieWKXh7DMR1PE2lvaDc68DkBoRgo6NGYImos/ag==,iv:S51BeJkYRjWqTkJind1XKyDlCWZTlgPI7FPsi9ycfCY=,tag:yBOVISo16gmfCCH6pSk87Q==,type:str] -vaultwarden-ldap-password: ENC[AES256_GCM,data:CVFEMV9WSa9/tVFEL4cu1hKLQWbbLKK9mB3hzV3EO3gm7erx8cLP8UTrMde/6jXom3PwpL8pqy0zasZD5M9pCQ==,iv:vs8KWIObmG9fkEKmPN0rjM2D790277oaBW6dRGA5GLg=,tag:XkJSS8ZAwQWHPRG41QJSAw==,type:str] -vaultwarden-env: ENC[AES256_GCM,data:K3FiH6aYcPkwRj5HSBJK/FhRg1zls9yJETpBjmuzO3K5egp4FNIuPE5iKOTZULLsWSvDU7aLWw7B4ZzRv0M7g6MXG3bepDeSlrh0dXGyq95emR+TChANSShEej6gtBWo+Qmv+lf1pdVMiZVdcLJpsEgMFKQ9jv3bksv0pU7UtwyPx5EHuRJMo+SUjbQIN7aAlu2ZDgxdys3Wz2RKAUoD0+3KbdYKm/m0mKgamFaOjieLB+D1foCW0kAdCYRZ7KJUmoO9xp2R3dGBhFvXIwterFwpo3Q3FAOchJhzNXbGBVA0v++K3R0Q1HRABKd7BAHba/9V+LZkWg==,iv:dP2tHjX/Vn8VrCfzVVr9BOVDOlu88vuKYo8j8NGR/Tw=,tag:0C7GrmPQ9QTRSCdhlz5ouw==,type:str] -authelia-jwt-secret: ENC[AES256_GCM,data:weK5OLltnFADM5Wayx631Wl8zbCOvFGJi78WbsoLJ0jUI0sFvYueOVlxlyU/Y/e62j8kOVSkPbLOdUmnRdUP2g==,iv:WLXhLkXuiWhXZVcAMI9cwcY39fowpIMgdASrkSpnWgc=,tag:Mnf4O4YFv+YSNO6WT0FkMg==,type:str] -authelia-backend-ldap-password: ENC[AES256_GCM,data:ONT3hx/lQ2Ypftu7Rz8TXvErWtgq1CimiiF9QqdbWzim1fVu4d3rhxouNOOgK7C2+1hmjQ+ZRabDzzZPLZrLiA==,iv:Nluw5s/iiTFr4ebO9O1/1qKjU/ifoCpsDLc3scZ7mGw=,tag:6q6W77zpbOV9tXcXDtrmqg==,type:str] -authelia-storage-encryption-key: ENC[AES256_GCM,data:rnkG3Rq4jGzRZMIZLcr76CUR8fKBdqjO/9P3t0yYkKeD31YhDW08UKhDSQyoAX0PXgWiy7lJf4AOToFD6dZM+g==,iv:YjoK51ArmhbKZlehAW4DW6VrK23M7XuAR3aD0mXhD3E=,tag:a/97mKlYYEiMtWIl6vIeeg==,type:str] -authelia-session-secret: ENC[AES256_GCM,data:E8MHokLMjqGzphK2b+fMpO4KC18WZESMnsp9a0hAqVEiR+WX1K5oSCC6lCx3sOPKY2NDAGAO5tqobb+PkK74Dw==,iv:BYeT/NDWE3UCGaQiVrCe5413GEBQr+vLYgUzXd5B4O8=,tag:hCgWpnk7Ej+z82pBqLpDkA==,type:str] -authelia-identity-providers-oidc-hmac-secret: ENC[AES256_GCM,data:2tgvEP1gN/R2QnkpqvAzGcwzN7yEza9mC2f2mV3OrJKPONYWLiI8AXufuUT+sykwAy6RKtUK+FalbKi9cKS/zVEQ1HG1oSS5rpMoAoLqYhtPBa3ygxv/aDwjor+JxNQbIrzDp3a7esDAs60DXEIk+OWP5SzXbQgKG/fqJfK1nWg=,iv:WIp/ljDJjz/GeUpObbTICgQfej3g9BOrrpUuL0mdpkI=,tag:l3pzZgxsNVXouaE7IcOh7A==,type:str] -authelia-identity-providers-oidc-issuer-certificate-chain: ENC[AES256_GCM,data:T/TMzRkUpf6n1Nu7zO7G3rKgCwbBHO/MUVjDBCnEjskSZvXLod3QAP/i19RuoCOHzc6kzTWJ2iqvkq6gFeNWFYW9BBm+yPbAVe0eZOwRImJ2GjKOGj/WU4THEj9BAJLhw1Hzp7dGSslws3nsu721ORr1Wnrf3ByGrYto8Ure6dcLe6FBSpXhGF9VNJJpkwVHUnfhd/aGqCu6Dmyzi11ETwFdsq+7KQr7JnXQhhpV6of2ZqsxM7LyPCJir4ZAmawzjJ/C3N/8HZ3gCZmbnX2zuQlLuRpFAJS782JHcb0PXfxUyERSZGKcBmY3zSbKSp82/F9yDtzS1JRWX030XNv2/zb0HbnpAf+63DEf+FcpKoTSju9q9DC3TH9YthCYp9V3ezSH/uO6eCgQuGEUFVluh5ugZSURhLZl4dqp9/sPsmc1WjqPsbbdOL/zk7FnLe+0SfOZy5/2ncL6DYSMnU6F5s4aNurs411RksK2Us1QBpAD5Fj5WZagHmKr7+EHuWOmqmXOWraKiEqwLTUAj03zqs4eJqZxfCW3xW5MV5c3fh8MBtqoDidM1fOvTNnjmhdRhEnFuR/JME1bKwFo0zJ36C2AgRP4Ds5MJ4ct8k8bXhwMpz6gCdA0X17EWw/6UgGJNfIFv03ZvqkN+7ye8bU1JcbuKD0ER7MqS7KkgCcn5hZBS9pUt/x3mZwQD0do0T2QV4CnknlnA7iCo00Tyx4BGB2hKS+8ogIRIFuVAVh+1M+W3ZMF4CeqDasQU5IUT4CGnHxN69IAblliU8HailOfZPJfxrDSowA4apjXXkYir35G/2TnKXtVJGGQ9joprkMVxbwPoSLDVehZoeOSQrayr38Bpp6xMn5Lm2Y0PafIKz0gvreVVTET4cYEo0qvhlaTVvTKfbK6VQrTuvicTo2qrMbN/QJJ67gzux4ClbHCrch8Y97pdNMhSOAD6fdgcn0uOmMyDZrVTHxWSa8TrxLBQIVFi008K1pQiK+vI1vHoYN1VevUJtLtERlP2Vrwu1R+6WduDWkGsQ==,iv:u7zW1WUB7m1LnVLp1EiLd67U9G2NigYJo1e7ifjJCYQ=,tag:j0vihDwR5xOSl6o9SK4kcA==,type:str] -authelia-identity-providers-oidc-issuer-private-key: ENC[AES256_GCM,data:vb2qzLk6gZXlxeAE0046fWje24Dmm8MJm09O3nnwdJ+rRu2Nj4mYRUCvM2SE+qBG32TgrRWScoy5HiuQiMSGBt7XSRJ7V8x5Ov956F3omxhijoLSOWnpQr1XKlQAoIVy+j52jfgmzyJjU4pIpjG521/R+450asjUoihe23GlEPCM3yFLT4gdDTNgFlxp0myuW0fI8WQpwrVO39YiyiXpeBq+YumnTyvScsY75IbY0I9jdK08Jv86mRyhKkLvkcxUA1mBTuhIw58nCoV87A5fUu9P6twYSbN1Co8A7r6wdWHqDTPuntz7rHxm+qbClg4xNMDDBPkzgbXe8wordrdfA3P96PLL3L89RlIUjXhYjJxPB5ktN8cK58X1BmmxDIn9cnIOHrem0d9nfTiGeRp++nrKZo8CHvx0906jdu4e8BvwGj+uhWtk4oK2wlx2bbCMT5HGADNu1O55RGXilMsoFqqR5BAYSHNdyI/8Gy+zXgYqT4C1zTGo+Xlwjx9FBoPRl/iOI2GRX7f4H/QAF4y3rDvukKHprVKdB0CUmu+jpW27DCKc5js6iev+t8wIhAO+aHEEG+PG0mjbqVsxCdIAhyFC+hB6yNtPUEZcFjfRR9dIDJl5pBGh/smG8dJA7RtYTSjNlcr4Vhb0G5a6YH7HpZtAE03A/TDTciHy5mHtzYf5+DsQKfXjgGBaul1iOQVMERJI4Fe/DTF0w3eK30fokNVPZlWgHKbf60RudguWvQ+lB6gBTtfGVzzrGrRXuuR/K6hC100CtyBqV5ntvxwZJZK8sfVWv3XALH/cUcD5QDNLks3j19Q/0ugsfwDDA7FmsAtyL0GKnfXNK3LEMNb7q10h+fqbzXxg3cTg1X93wRJHF97AaJtFiDIGixzKUVh9lMyyeY9hj3a2rwbwBheV7kJC7icUSLyi+lVEs8+drQOr/lsr6xmckGpTV9nwp90YqLnVO00ZKrePavTSxiqndYLSP8cZC0peQDL11tWUdnMbFLFebBt3cElCO1UIeIH9SEr117iQZI702Orz3mr/irj1ykE1OUKwup+MnGAhvIMU1qXVfg0XFxn3vqAExebcQ8ihclZhIOZiHUKSQhXVgDGJ0O8xFC7gK2C3l67Zmk5bEXRG86gFmpLRzMNrEALY/5djpOpWMoftuMa+b2kjlaDIbYZqR/3k5d0aM1ZeXz5RUHH70K9Z33mQIIykO6qy0JzaY08EaXqPIufCi3ThVYUEhQlSblOjY1Jva+gwRGGgWn83p8Z5o7SXUoDGSRvfXf5jL1WQ1WiU8LNCVHJTMkwtL7Qco+mqmtmdiXzooYIxyMuAsIQqMuW7eRZTjquy6lxTcUX8jT4PCsI4NqcQpZstrN2JnMMeg4e8rCDBfYPAuQ842qwd9GdS6jhmmdd2hkDrdUk6M/U5647yoAIRXmxySOW9XcVT1M3NOwe/BwQLzxlxtEyUsl87D+dvALX/XS+eDu6AGP2Sdv9buStf50iL3uBP4focGP0V6CvqH97zHx/UWRsJqBt9+JDWXSxsX15Iy2hEBk9Hrp/TZkSsCkjjfz/jnpacZh9iAoE9pw9dI7S4Ad1TuMj+OdDo/l6CIY7nTRZC5cU2R6AQIShwxiXZBJZ3Ju6/Js9ZhfXaNLWyrGBdWkeNCu2wNk45H9lcSI/OOCBfB5E+RVXAJl/7tiNK3ayqn+ASwguIze+5iAveg4Jti/WZS/aA+VzjKJ3rYPMd4rm6FFCJofFYegaTR318WlFPd03khrRlbs9EH0wcUgHqkUYgoRDWYeabG+JMVWPq+U9rBgER0Q502Hzj84XYNmpTm8P/n10YE4X3IfgXRYQ22hkZfaLuaXehV2jWKrq52foIpZC2qM2ABFou/CO9Mm88IM7N8nKjdZx1V8TXrlEjJIAHvxWSa/LR6pqNZ3925sHSH5pT4g3SJGlxPtiINYwUWQ9RwX28bZfIxJy76XXEAPGEuD9B9GXUdyMAH4rpiF+QjoNDVFN3l+wTkyzUDzWc7w0OH3Q38vl0fkmhU6X6TifiWxu8MLWLk9dHhKrOxmtknCYEzoCmI51sOTON7FQENoIweFdZL88vGhJzR+04O3RvKacWZbsE1qXSq19vSjdj7LrsDUfJQyJhwJKj2L2nHbZ8MhSmD7RLLh46JKuD/zOR1Qgv4Hy5Njikb2PGzXtcCh4TGQuObpD0q4TG2E9cczhU6msue1tpOLAnpapt1Pw49hSOUc/QmNBLQfR1cQuuVVR1xhZUtXDbVEQXOc6kjtP7vMmVfdv3N6iWdiEZC6iFO3WQuCrefTsP4B8eRhesDM2gdR7DsSgQy2w4lkw8QKiWC7RZhLklTccroPT94RColdbxFNHFKfBi8wbsxWrl8OeS5WLn50tHQu+rFrR62QgoCHZeIwQ7XL4sypF7VN0+5tA+y0pkgOzMLPAWzb9Cg70ml5bkXLX9CqruHbOFB6UsOBXhsWoqJEGGbppxjuL0ad5EoqxXAjXdcdnWp7vuYbj8KoGgK3KufuHMmBCIK+Tnxx0RHEDP3qvU5n6WLbnR1gNxl8bksXGntppG4y+TJixACk1n6t0ohMhr8tKOJE+bw4n4subVkzUz4c58hwXDzFoFvdxpOlmseE4l7sBU8pwwnvD2Qy1cvzvO1j2YWXru8+tSSUauETtAFFXRBTd15IfczqeAMgskjjemYcO79oaEBV4T+yGdqbhvei40c7MobL0Wg/7ssbP6VeoSjPeJ4luWBv+qx3PzgoD/WF6//jt7cegexVtgczHIQMoTsZquvQvt2E+nPHet2h2cvnwyGNsvgVuJPcQvPvV181/nocrpbFvvfDdQt8uww446l3bvY9SGKWNdmkZFGztodg1CkdwliJh3lYA4IaIl/AAhdFfvnIkNJdv5KbZ+GVJ6qW3wzZfWQb3RTc7/tWJbLGbVaWQipCfBGxetSbzUzfdPp9RC9NVMUP2vjy8j1HYo87RsSUci1tjgytBQGWaV6PZePeOPm0XTzlA5Jl1A+yt0zhjgeG5M6cTCoFUYv13mY6Wu7Vw1nREawbwXuXV+CFhfVBkca1ktrxyGMGlXAZFOaFiTaqPzbgfhTO4Z45tA9VQrL46MO0/Pg6qvOJ6EdJsQYYa8LsMFX5JI+8fvf2IBzF94d2ahEb0pBTbl8MYE3/cLEQpWhE0YyMij05asSdAg7gWcuEfQS+94yIF8iCJkeIBMPdvsIMhlIUH+d2QnlnCrbazudX6FX1iI88Qf/TUHfdvA2F7xH6gzkBaJUEXso28VNkmUHN7wPQuXkYMIpCk2FHH3vQXgier5ZnUppk8Eo6641fpE9UipX7wkmHbxoXpm5cQrtP/AFkV5ZRZfVCiI9aG1Tu4nyW4nvnUX9U9zzXeWRxPjmg+kCY6eQSYlZaPKhbfUdMAkYxQnTp3fTIzNcAOh7lT+AY46OgHitkHGKuBucVdl7zf/ina6valHKQrtaK4WoCRYVh0p+T6Z9E+WLfvZPTnYua0FYvEIEEm4L31esvEJ3bd1F7i8+VgO3kcl6WSA7fuaGne/8ywSoVG5+fUuF9wPmRv+6l2wTwQ2VKTQYSGUamtCjf/Icw/MtWSg9OWoEm4q8DAT6khZSMD0yvg2lHFwjppDAWPpo626T2vUu/FBNFOMGBShTq+ttn4eMaf2ngCIe4Vl7D67oACdDha94tzBJRPtfMwNB/MKIxg51cXPaSa2xfqZXaI/ZGTHoo45vIlaSpdR2TmF+K0bu7fRdD2HyiI0yT685XZqjmtcds7s8jbGeNcaJCvAdIxFqbWi3rwn5Mv8xE1lmYjChLSd654Jtuz1WFnMoQI+QbleUjB9NmJvP5G6lLL9+Th1KJx4SSVlDLRy5SrTp9ziM6/Ew4vfniMpm1ySTLvPu+X8Xy56uy9FgT5pljZknktXdJ/mtMUjI+URedXgDy3oZPz37psiPg1iSLD9IFOYLFrjucG7HdmKRLtFhWAKYgc9fYgCVr7GvCD12Kb95ZE8HeYfdJOfRKeAUFb86NqLQ7lMSQ1kW/Ar833KeABvx4tLDPr+OJSBVZYnShxVHjCPKxZsW8/BPLWZHHV4ujogs9LQ+mbwP68XVqa5PxkaFoKQLD1NVSUtkbqmGkvpSWMw1kpegkePuHyj2L1PXFqS9QT+BX8SJurmXfhyFiX+nQRVbhswE8yDcFqrPdkFrciyAYNP0EtDSpLKrY0RAI1BuxgSkOeTRCiXNtDHP4i3EChA+HmN8bwlwzTGJOqw6Nn+DV/PVqiOtTc6UrIsRLNwBLr1oWPMvzwNVC0RWmQJ730e5gsa5gndYL7dN+p6pFVM+tlj,iv:SuVgw2oMtve+sfiZrlcNusbZlnQ86mKFxRAOgLW9VGU=,tag:fJcXqLhBc64f2FRr8C3FAQ==,type:str] -gitea-ssh-key: ENC[AES256_GCM,data:LSxRnX5LH1rXAQoKvxxvOjClzp+jSgvJadaSUT/vJgRhCwFjKXq8e5LH5vufTvtRC81xpfpapbIBIjmSCVVQvk51x7A9JfEh5EEeyTkxcpjILkpqw78Mf2OTxxSwVPlhN13CuEyKPTtcC53Zk82LzvsdmCNEhL3TE3c+EVldVdYtcVdxDN8hlaVuLQoYe4bUnmmJ3V4xuwoViNMOoGynHZq1mpvl/AnuEz8IGefgwLfx4zIa91Rb4NiimPRi/2EtkBxTUlm+eGeKWNqJnOFt5ISABMnPXgj8XZvfaW9SycUWZojfHo9XlwuF9szrMHA5lhUNRt+JHQ8RWx4IERXBRYZfQ48hLp23vBn13O94JXQJ7KkyvplcpkdEaXaPEBoWBPt1HNsPDyLrLNVpsY/Wu669SNyApdraW7JG2hAz473D6mHPQ4v9IWtT1r9X94DC+H+vrrMkd50EsUDLTljCudFFZURQwGfIZpXKoFfYfgC6vwbuCHCxgnHKO7acllVGkLJ9LNyy8wEAwU1T6oxY,iv:+I1iy7UBTdW5k8y7Txm5EGVCIEGUlnACtspchO12cpI=,tag:PJUJ1RFPyXv72682jSLaIA==,type:str] -grafana-ldap-password: ENC[AES256_GCM,data:NODPy+F6BPkORxF4nYG8HZQ112S7ql8lMlwl304PoCACL+4pFbZUEk/OmCDmLFMv1Uu0mOlsQPkqvRfSa8UENaICGAncj5nl+AE5kC+zuLX1yNS9UkxLTfenQLWZOhs8aFb9sn1y0O/ncGaXjMgCUIeUAiPgIdpNg7gxrNa1GVM=,iv:bzp2obHhCgY4aEsmoEGSFF1zsCco8FvCwuxZ6mptlUg=,tag:Xvi+czYQaw7dmtdJnjyLmQ==,type:str] -grafana-admin-password: ENC[AES256_GCM,data:wOgAXEdjIn0j3vHj478spVlTcXH8AdmVOxz/e12i7UVZxii5rXK63BfVCuGUbAr6JFaqe3J9x2T26J6xu19n7MTsmqHPbyvSRWgR5Hkx4+mkqm4rgIsq+TaRyLzaI+cCCrt+VAsZQ+orz+b+kyObQ77CKF3RKnxKU8T1uIlX3eA=,iv:G30viDQWOs9VLo59jVGgWlNrIKkTueuaF7j6K8cKtXg=,tag:X3Xt3fop1wRrmzIyg573Sg==,type:str] -grafana-oauth-secret: ENC[AES256_GCM,data:RPS0CtHygPCUroJSZkwQqEk65KS8PjX8GuX0wkwhONwT0WhT9mXXnmtQ1TXVuNKPOHz4EYUCSdvQHoDuO3PDTZE4tH67afCI,iv:sW0UPeG8vc0nccXRFBBFmfioIL1lc9BI82FysnIPNK0=,tag:Bwn3LC/soBjGKg4hpylYhw==,type:str] -linuxbind-password: ENC[AES256_GCM,data:G72EE1D50U111U55EUSVrtJ3h74YjvE9VyGcmJUMFczDeg9uYu2cl7BX3RUjMByBPgxKo8ZmkYHwjXS6CiHivA==,iv:2m99WHTaBgErck1cG1pfYFJ7xP9da4RKM2RBTsIMCQM=,tag:XXk+EM/C30uG81oOlQ+LEA==,type:str] -sssd-environment: ENC[AES256_GCM,data:smzU/p09zOI3FbKDet451PeH+GIL8ZMX6CD7DpEMG9Q3CbihQEIfKMemLuEr30lX8eac1Z/Wj7wpci2CgRh3LVRX4fDd+wAUknFfYeF6DZDeige71OdJEyVfQg==,iv:LYoedluwDJIZbY+ZU1uFtH9z5bdv1gLMYJmk6q4P2QA=,tag:1LffA+9QHdpLQwh43yHnXA==,type:str] -promtail-nginx-password: ENC[AES256_GCM,data:OeC1OtO0SxPcFROXHY7g2qX6isPkMTWMpPaP7FMgSA+oYydcZ8kI/0dWOTpbXiGssstXv+muqkDVTA==,iv:Ur9XTgRrbH972cIkAEueZEtZtPxmg5Bl8WBMR/RAA+o=,tag:ZR0PllD9afxxRcOHWDLDkQ==,type:str] -victoria-nginx-password: ENC[AES256_GCM,data:Qy7u3+ck8jEllvqgjYYXRqL9+SGuPXegLV5oUDN2moxynViQy+5E1rCCUxnpRCa8poC/ePo=,iv:tDYr6nggq8jagv1JXPomNYR+tMpDMXWR4X1zKIvjJ/A=,tag:2cH4Gv3mQnqawtaaj2Vo0g==,type:str] -nextcloud-adminpass: ENC[AES256_GCM,data:NVH+HJOCG2dSDmDX7+O9FErf8D6kLwDsBU6Z9gw6WOoBekUmrMbqzxaUQriBy2uDyA5BoI/8qSKe3DHRT7ZjPFcnDRHRQOpiwcIRGeG6WybL+nVkati/TXeOUMR54/G9GPfVylUxix6SQLkbCADRYznJUSNQ8B5UP29DKPXgYUA=,iv:FvZHqeFM4jyNBP6zjkwOMBK/3WRV2Q7fjYc2zcYwEOU=,tag:HFxVu82rcF11x5YFLnpYFg==,type:str] -nextcloud-secrets: ENC[AES256_GCM,data:OtDycB/G+JeDHlgZPP+fwd0N37U2NOvmRGnKpwHvBhSFIiwrpYiVrWFi29HW9B+RzulSpa1tSE40xgvoZO6bs8gqaGcfHgr+UjEYHirva7tcfXYBBlCA4OH+OwQgAxVQCvKeXADKykpgvMk9mQ==,iv:DVj76p9AUMVGpwWGSh6ksu6yzevbtaxs/lIKjPiB+6w=,tag:qSvP/U/ihzkL5MKfx9yKvg==,type:str] -nextcloud-smb-credentials: ENC[AES256_GCM,data:yJh+rs6Vh1PgjWtNIUKpfYmFg0ftRKhoGXb0WpLqVZx9iE/Z6NC7R15oyGZWNglb,iv:yBfJKRJdhC2GfxI5HvSDy/GWnHGLealPQZqAMTW1o/g=,tag:8zYBbgNyVQ85InTfRgScIg==,type:str] -atticd: ENC[AES256_GCM,data:Q1HFeO6Ax3K7auo0Ps2PphsLyjJbKFm4FhTKcDG2tg6QQsEjNwTbjV4tOo1MIpQKhsJ+YGKl8JQEENUupW/2eR0ycflVRcCHDrDEabXVAZKR/wezia9kReA3UobzGP/AHF9Dmnzf9mwUGtOjnd5MEL6exSXUyZcntXp7LXxZxhcqPBYPqJqJLcQW2illx+svQrCOdJwS/Zt8k5nNkXz/jQJGpO2Oj7GkT2FmS7EeB/6ZXuIgSlyxVxRI3LX/FqOi6FhGdrTpY/qxv7pB+IN9WgM7ilKSqvsBmWtQeTVbV6wqMLQQpt7d8hnuNQt+jIWKkBr/l2te+bLWwCFxJnbAx42z6w7js7G0LzwhtB1xWDWgsHM8m9qk91JNy1VUalMn1RppkziFoHk0lkXdjfcohsmeTYeaw6xg364xX8PBBG9xjfmNO5pNEWog7ERXMGVLgT/v4zdpRrVsFUfgcxzSqs8j+yqkc3jYLHLSKdXWQn2RXMn68f6vnl0Bo4kW9wEfwp/OWvNs+7oj5CY5U8HoZIM7ueX/RombBM7ld5VXxPlU4I/dZgskgwrNZ0MaNIJpAZ5bi/hPtQdTLVbqbA+0B/6u3F5FeSCvv5cYms4rfqSijoRqpESWx2GxRmZEpadOsjbzZLDuf2XEmCZqFzsh31KzO5Az7uVnw6apbqeuNKSvrboJ7wrKFd2ficM/mQRrF4i7oNxY8R+8UCD4gtoGpV6/J6otjoqcQ/JRwrd9l1sLUeG8NUuxLllGvbJIAnK+1wfYTMeSDQTsHTgC6XiUK3R43pbsqbSwlVjejrKiCzXmK3Qqs6GJpjAI1drMOPG+mCI9OBKhKj0XeJLU1z/8af/hcmoUj5CUDvLTKau9lpUjaB5zFFKKeSm+CdIL9aRnaBmXuVCd4DAUWqU9EynSksNi9BWXqtBzEvIaf5fX9t/m8Lgcw+GPES1nYDtyD3HYlHTTdMzdo3k4cUSoUzTFuxsTbwWInXo2AHpmy5XdeZunru1FAfdyzZi+WMUNBhEGo+ZQTWm2Dy8OdcbTipEWH65cdt58dzNUgbTRParYDXbt+cB9VtuGEZ9wwiO8ZG7EVk5qUrYAcGtPzihPNnRjZAn+iuXk30QK8fCv3nCD/Gh3lWyt7vxnDVfi2EZV9oJTdMgcS7sJCp/+Blt9zqu32LT26F3EkVG/M8HiTvv1BF7CX75QAG9J309y7gRrcE03YRK0QzkymZACHYmP7jdZHtWmZVJpUe33l4jxM64MBNeqZFQFO4GU1n1pJ0/OHUce51BNsKnp0FZH+Q4P8CY3IVY2VhTdmm/L022crkT54DH9zmSCuEfy3eecZ4libv9mOiTn0P12VPVa44h5WpEP2CoNT+mhQ3yz/MV1Yce/Ywm5829clvKVpSnwVMnmmDJAVafb7F2+tM6DHgfKVxGJnP/8ebJ6QLvCpgEQdfvp6/m7aBgxcEKZtYcNM4ygM1SLA5+TrPzfgllKgKhLpkTn38q3VGxJ2uBRPaP1C4ZylmCDZHQOgb554OrniwVqlepGa6J+gUzQys4Kt8PXXX3RuDE1jbhFx2qr+ZZjOCRYanYls3WDxKEJNApWxMZAKlLV9Zb+CXr3J6xBO43Ja9W0TQt681XhrHqpUx6ImfSyR2GQcc2ZbD01CEF3dkeOkM7mn+Ybz9v3Q7JABYNRdxvPFum3+ch0E/4Vqb87PgId5qtF8zaie8D2YguKzFi1GrhLC+CfNDcW0VrhfqwJPjB2bnGwE9nbKHvvvttgqd/o3Ewpd8afo6vmRB4aMf1Lj7JwKt+xWdYzT+ScNPO5vQ5CtSBVDlZy5xK6vRrKVj5H7s2Pu8ZdFpmwrDawZGWmHayZ8u+G3NuuHnGTT8YPkneHxy2NPIqv8Ul9hnf1VhrIzpBMnzkL+BWPUaza+jy9y4w9R9fDg5YgBwubJ6XPiHExLqPfrsAJkwvhiBvl4IRnyVuXAiJsz3+On1/FaFDDNGNCPIlsIbJ/Rc90lHDJGKkrvbneLJU4YhX+KdDNQzxTrzwYz6sDDZaZPSvXKHGKjNI/SQDHzeLQjfAZjGftRyWsj8ftGAMw36Oz/NR8DZ3EMqhS9itXtpU2UZgwJDY0A1GTISlhUxW+vr30GzkFTtMghN3UOpdHBr420OJrRAK8WjT5pzXmi/KNHz1D1dC43PAerA66ZW9sIaSt1fOU2ivKpAdK0nFCx9wHcMnoPyZ87jx3skRZV9rK+MulDJCTt8h+RNS+wSoh6UqgHaG0GEHDf8TDm1snKj391MTCvhm3mSB8Kta7y9DNmX5VUkQUJTLmKsQHrtatCaRpulLYPcqQqBBw1Si0ZoQXEkJ5gCGa7TM6AohcD59ItLOFUCggTo9eBrEa/0dJoLO2qBkhWWsWgYdubnWyh76/hncrxvut/z086pp+oaSi48QIhcD9ELQYO+LKmsaPQHBS8ZghbquufTAQP/ou+SD8Hj26OTLcWwmc5gPijUxFHqRGEDxkriytqnod9pMAxFaaY048QnubrWt1lAxHPzXDXLrnQeh8B2K0sqGYlmOqCP3reHcuntG+yT0zsIjgQIfWTLj/92iaPSMt7zdWOKD0LJIi/2RZT1jqKBpZKGGaofmSQgqvaVR0AOTr1dNvdB7sMhosxTpyR2Xa5dTAvyL9aloCTd19PoZqqbKFSF+ckR66hvuonKX0WRKQBFxBE6g6kxziqjxeb9s9r+gMbYOANUkbao2YeeiPW7MJrpqCEwLJzHXrpBrODGN5y3wXfAgZlbhcW4eRPGonoldBBHizXqu5Mjy41Iqumby4TxUAXtHh87dXRmSxVrV6kuP1nv+9q51PppwZCae7Jx55Y0Cgtz8U+kD4/4gUWPWMhQz7eZip3Fk+epOrLe2tGdnXafMy5opYo63Pw0iQMV8Anp7d434iQ1mrTIDR69NRJhFfNL27pDGkCao2CEDEBuEKqQ9p6AmWGQqeVpRZSdBxZKCeJbSMLM775i8NH9MfHjzCc1Cm2A8R6g2LXhXgVxK+yhb5Tf2Q2xagAtUwwV8WZs/OmkPO7dbAbuXpSMrVn9n4gpLRYCH1S90NKAszu2ywrKQjy3r7+lfjmoKnJqj3hE8fcHKslC8Lap5uOFcOGZThdJJ88kAh2c+j+qGmhH9s2o1RDkb1f+cfG2mYjQLTF37NNdxtMfKq8svaTvMO5R2RLtXX9uOOHVM/c9ZZuY+vsnS0DgRvgLv989kcNssQn9d588XFmB3OafAu/7j5ktnbOFy1wxTNInawEfJsARAGlzBTcHXXDdKewC/tLonFxCQuOnjasYkenJYuOtSu2D1wSozB69w6P3QIg4ddiyBRqyfeTalRsSQIwYL0LeD9E3P/JscvnR/MDn/5sLHXKsnZLhf41M6Yf85ifTuq4/z52LHkvZeVpkNJR0A4ydT6cuoMnW9KaUe321moA6tCWd8xqvZ4e42KqIOqEyOldWvG6pSTmJCkqW3o2hEhnj4Q8wWqDkm/25DhOfveV9Edx7SV7pdkmricr4fuwwyAhvh6kfyhqBGbZIH9IiUSEZatEaEh9dbN2fMErwEPiJ3bAH917tIqfkOfKJ4iKEVi2V/0acvIvvwFhgw+RBqTJ9Xzftc1ScjZrMc4PakrCQuKPprh/avu2jU6Q8yjT431UgMtByZtK3kJIMDevwppQJLXdURj1dlGN4M6z7Pt51iT2/PBJum6ElSA/uSx7ooC+h1jjBJ98KrXwiiVY/AJey8sbA6dUEjJ2UzLrLcGGmyzc6j4YzJ2h1GU0hr26jW7+c2fb1w7NWtYDUi/WISpX0ymDCHtpMhN+t1mPikzPMQU5tMaDr39N82DJDvDs0mXpEd9UEovSDMqYp1pc3CbRQYtRa3TEMLC/6mDqN7hMSp/clxEKTDc6zCOP4k5aJhLY3fOJVJu2/V/5QELHYpY3vXvqAxlHRWfYoU6oT/Sl3mVP4vHPxDxZh2Kr22iCOtdCFxy2D2F6C6C6ncTKEwVztx+YKvPMOgqW9nRN3zRVSHAQ8oOqCYwFDPPGqgp+bepItjpe23z01w42MGOKSGCh7zp1UB63acwZSRq9D4hdukYl/7j3lxhToVmKwc+ZpWA6BaaRkwxH/QSeFG2MAV74ChqNOB8fiKQA4LP9xtNxGY3sAQJv+0BQUXOdZSV6RXb4oYaqRBFFPw8bzUGaEC5O9nK+ZY6jEL4GHluDwK7yGP5uIhk4vv6e8TQTBFW+0reBVh+JNiDHUwdV0Amc5THGAkuHHSopvDSuSFa1NrlwaDh96pbnZ+Ca0gasKtuh3M6ulufDXXrACNRbmVXNA23HyLfGtfgmgoLfNexhB70JSY4NM05MlgNWfGJOKMcNX0/TS4RArUpfWhemmxRmKx0/yF+NbHPI4HAsHc6a2N0v0aCSBT+hcEr+BbnYIMeEwfhAd0Nk+QtSw/PnsY1rodjz0jE5CsAB0fuxmhOSxCz61juuhZjzgGG6iO75UvQ8nSuaAxGmwn8s9SDB0DRPcQHRsDXdXT93iaWyPU7HYYoqBiFVeZLaGz3PUvJUqRY/jVx2ofSfY38WZcK6PLXiEyXTKMPwFYGgDcN542pGBajbg1EjVtt9bW08er9ti9qInAP5IAKewx8rmlU4He3zMZSFc1/IufaXgBXoCVky5lDq4NhxlXn7qk3RwV2pTpipkkvMl7KsIJRT42oJiqJkTuyd2OtcGIvKIEbszv1qHMESJvv7TQA8JiBihdUkeegfDJAmJCCS32qktvzoIfM2ScAY7zsifllHQ2+lIdoJefFzCVt16BBuV6OvASNN79lLSkDPKjQCML5yaw5CqiauLBmzCCJKAPYzeC+tjeXBjgs7nOcUBf9iZJ5QyCks0rKPYYWD0bLhbb6TVhPpcezpTAx5I8ADLuVVttoDG7Nga02+HQv1BYqzrZfxXxnVYzAHrR7Symq7DqolfA+f53zd5eM78+CPiYCgCcNctaspNlICrTfWwg/60KKgde6yC74HBguSJAzapa+b/hHjS2aplHMuLXVs1DEbOUsXvm3Fy2sRnvw/3QJSh1Namvc5kYkcASXfe1nDDcWipx6qGrE7alDdLElYwZz1UKZEuPNizb3KnJZrUmJgEj7Q9R+GevKv/33qMHyKZIbnWDi7iYnKeonVotZSMI+EbGqluA4zzGwxrUpKqJVTlzI8LrGaXxMuM4AsZG9BNphwK8E6+I4XNWEdqslIJum2mfS6xmV5QTEVd865Auxbps4Xy4nxkA60qVbrxcRV5HqsTcelx+ldMr/QN68GhWNvtA2wpOGJRT0P+YecrqU1ERG6OsiPMxwKd364GgCiDQgtOIQ9e2YwLpehpvv8aXXrI5u7IeKOD9dSCnVdk8iDf7afqVUliHK6mwUr0JKFkMqtFA637Getr8b/fS3NKZxUHYj/Oz6YxG7dANBOB0f+nHJ7a7Uig7nRlDcYJIcEMyMZlHKhBptIra2GqWbyvMECC2IuXnyCmgAMeBeoDfFpDT6K+UqVBYPpMuCJ1iTEiptV1CZ2uyhZslMks6NybuO40IosyW/MpHsp4l7z+JjaX6gTAsjQbpEOKDK7mMjfvVgF7nB6rA5dU/dxB08Y46NExdQzq1dR699LBarPP5wl1Ab5r+k0HLzl1bODoB2jSAgPtPdm+iXqX6vbNq2H0I9d8xENs68ZVioD8tULybIXu0INMNj4eU6daJsqv+6KsYkUQ5oYn6+bh2btnafducqVbCmjpvI6j2SjAL/M4HYoQ768MJhi4SPMu+mQ5Bg/C3BlCjvjyLbcBdDFRTC+0Q+x2Ft5dncR+8ctZW8a49yMhLtDzyD0Sx4irlpO7lnbqCJug8Mb4UxjiB4uq949sRIunR+JaGNC6VZHLYS89w5RKwvxTj3xvnSrEHLKSD/Cqp3xgXfoqmCi/fRulAQMqirTA==,iv:gZkx11U6Msg318LG21cjy84Pcr651i1nUlLMHQNQGcA=,tag:XhNjTlUujGVVjPnpMk8owQ==,type:str] -atticd-smb-credentials: ENC[AES256_GCM,data:WsChTmm5SNIu5w2ER9HDa6bCV0PwHmAEeJcm62jmr67NNFeW6X5XeZ0JF/LcBK7dnR4VKulQLcOKKxB/oVeJ59HmJwR1BovuyBvOxQ==,iv:EqfnKPpkw56Oog7K9SDocnlpI5ncemSO+Z1ah9HcXXg=,tag:kG+kueSbbY7hNrhfeyrAXw==,type:str] -pushover-api-token: ENC[AES256_GCM,data:QvZviQKL/wqEZO47vACay6Mf2cDMVA7LQWZMZ6Uo,iv:xt6IcuH/HaJ62vcOqrgDMEt0dU7OPJ3XkhBfW7V0VAs=,tag:FZSv7si2woKW4kR8yJXCsg==,type:str] -pushover-user-key: ENC[AES256_GCM,data:za9T0/UEDA8Vtl7H3hHluZgQsu3Au9S8cWPLlAl1,iv:z2shZw54mnO5j0ppWcWGixujghAUhpj81xbbbXFJjgE=,tag:OGroGDqN2ZVINSC1AlR+pQ==,type:str] -sa-core-mailpw: ENC[AES256_GCM,data:ozhmMgNsXzxM0VM/mANm5HVH+efDovfRLmnX,iv:H5+xSonhgDZjU8sPyz4LG12RQXFCJ3oHfblCHXCE72I=,tag:OFjNplwD5FNpEI7huxEMsg==,type:str] -zammad-db-password: ENC[AES256_GCM,data:cjTSLACwe1+rQ7HumIcpaRpFC62uV+0VureWi8ZwiS5VdXI42ZYuDoNotWx6nbZQJhxpVyImjY9fDJ4j3YfdSA==,iv:lde3MHrISV/aXtoSJQuOLxeENciPKW19ji+oKTnzPj0=,tag:L9Ig3Ad6JpJYiJ/WA3n3kw==,type:str] -zammad-key-base: ENC[AES256_GCM,data:vxwcFz8M8EEhBpiv/b99e91PJI4qMNjA/rKWOJmPU1eCwJ1Raa10UQRUiFMfmlRwEXBvDCcemhjzj3dMNYsv4BO7BQwSomi6H6/ewASLNb1BC50woyH9dsjq5eKMqazHgp78MDUc9hsjfgh62fXOvuZuX1okYserabNBOq8PdcE=,iv:g85O8WotxmfE0Z9Rj4bjo+4EkvO+ySjR0TYpCJ8aTR4=,tag:3NNTcdHutBcp8Wn0ysad6A==,type:str] -updns-token: ENC[AES256_GCM,data:yGZf5rMW1lKcXlGyvjfbedDpkdt0goSSbdAVKR+s0wk=,iv:Myb7JAg0xJMXBe3eYZ0xsn01vtt2x4ZLIwn11Qs2nmI=,tag:McGyO6FrpOmJYczmVqKzyg==,type:str] -piped-db-password: ENC[AES256_GCM,data:knnjn4TYY77COsaWuFZKZ8fKNwdSksicss5wMrpGG/T3dYJ1ZaiSNSYBoQA=,iv:ZVNVjxezs8VEtN+sl+SoPlyK4SpWAgw509UlyKofzXc=,tag:CifCnixefYH7u87sL/QmYw==,type:str] -piped-http-auth: ENC[AES256_GCM,data:hr9I2yXGeKZJlmpGcUAuyBGyD/v1LLQpLj+bR4dVXcpx3bNgVqd4auCY0hzm,iv:UDdlPCcriu5sQYCmaAYRqNASXbQfRknz4PSdmtB8LBs=,tag:qr63wwrn4iYe/3rk6h2uDg==,type:str] +borg-passphrase: ENC[AES256_GCM,data:LmeULsmBcG/IghoZJuy3xWJaEORb08N+NrJBWOvLNy/XS1YB9bZ0kBXwyo6hVBtW4O3oxQLCW3WXC8H9ExHeKw==,iv:mBCrGZ4vOwycfnMiZI3Va73piQ/0gzvKY0/cYn45II4=,tag:qVnlwtbTqdsvxlrpcsmJ6w==,type:str] +borg-ssh-key: ENC[AES256_GCM,data:UFZKT0ieH1F4hd/qr/Vg2SXmOvtngUZK+RLnNcxXjk6oL5GnuMZfTEkImj1GLPlsKsNEVbrg6Yylk0B5ikCq3QhxvvNClodpBQJTb3Pt4l6VVQsf0GhANDyE4sHJDUezyiR3Tj9nMY6demLCAGCQsF/JvJr8pMfQPtDgNDoYrzG6qJ9lzh8Qe6IRi2yWWSN9kOYsv0903AD8KukZmk6EX1G+89oDy4Few+KTLi76RNb0JQAFJIXIjII+J7eDBZ1EwabtPQAXTNVw0PQ8rzyy6oAy7l1kSia01tpkGZmGUxVcbfbIOM1KE7fyjEOxb0skN69aJKdyxw6IMtqqEZLZzaEPIIollOeT7x3WD2PBCmsZHaZcPU0R3qDyITeehGelEj76PwqWi5pzSSU44EdAn3YUFoCWDrSG63/IhoSAz90cpnMy6UND3nLnDQ7+5Bg6bJGsdBabMBzpfypnV7bj13ZDPY3u07n9ASqLA2PHG1l8c6BajQvGeOHSFY8+NZTa00sWgjwBrhYtkOGeeXi/,iv:MrpYnh7uFu2zRdoedEqjmApNhu0yvI0WTsgyIqPU/Ns=,tag:n/QGmVoZRBoYS/2aj0rttg==,type:str] +vaultwarden-admin-token: ENC[AES256_GCM,data:cDP8ORsofNYgdjJtmuPNiIw+B6fZFunGMC+mfcqDK6oPPnTbJ8bJjgEYcDoBMnc9VW/CV+mnW+7QEgBJrsJBpA==,iv:v8N/avWQKlmFtJAH08tOKAOxaH28RKxVb+mkipPLKck=,tag:uFXeXWmWnIwxmWE3qCXOvg==,type:str] +vaultwarden-ldap-password: ENC[AES256_GCM,data:tPHHzmQGw8MqYus8tZYs73q2v5xXS+NWoRfnd8Xf7jf9iY92My45kgObQ3SZDeVHuLyvXQwvo2/J0h7CoYrUvw==,iv:G4rILsMvk8WUVY8Ro4GfbH3UlPW+NEUz4vxeWWI4TWk=,tag:Nl04bMnsscw5WXGgYDj3Tg==,type:str] +vaultwarden-env: ENC[AES256_GCM,data:uHZ8sKcrUDow96Zk97R4wyG7PnjMQy9mImpNyn0qAmYFnQ2F6QqwVj198+7jYxgnzqIaKINDOREbYoOF5N3+JTw0Ne97XhjUd0tj96X74i8jvLxLsnOHTd6WZuI+Npmdrejw9HmMjkJmHfMY+CRfpnEpAxBeo0PWXxyZTbs/Y3SkkuKvVD/77wXs2BYPKmowYhcXFwawh/2xdiGLpMY82qWXMIkkyqZ+yvJOjCemRE1+vbN5zS5XbXJlaZnbBkiSVw4PBbNo4E7Xbq8lwwaI0F0272S2/l+DymfK0sUNxX5Yp1LH/HBCzJvjsddS6a51DDNNjoj5OA==,iv:AxXmEe1+KnIc4xHZ+cDwhYa0UZe5jWnasU5zvRL1Vr4=,tag:v+t9npnU80qjc75b79H4vA==,type:str] +authelia-jwt-secret: ENC[AES256_GCM,data:s1y2hODqx1lxOn8PPbPekNFZkq5800iNI6vwOluqGPDrV0IZi2/LQ1GpuedPycTO9bpG7bGuVr72cIA1xhtYcw==,iv:NrjWdPZ+VPxn09WBuzBQm/lGBU/mxwGF4ouYwDSHQRE=,tag:ECSZW9flsUSwtHqtz0CW9Q==,type:str] +authelia-backend-ldap-password: ENC[AES256_GCM,data:/B/cg3s9DQeIbjYUCA2njXe3JGwIidsJDWaLBnAUo6Luf2sSBP/FmGCgplW+A+jh04oEVsbmExgdfcIR/wfIqg==,iv:r3+H9AM03Prbr8E8uApdVSBHTeaoi6HmZviBnS8GsLg=,tag:vMLW6hm0sB4y3Dq4Ljyqew==,type:str] +authelia-storage-encryption-key: ENC[AES256_GCM,data:NbsNmP1ZLiL5Fh0PzBfHVzAfp2GK1a2bJUFNvA43zaiGaATN0NX1giGZC2ItozE2vUAlJ9gMZ7I5UaHvI59cFQ==,iv:NS9NeRGYlhAiNellqCh6+Qt+I2ZEgHFHlY/WyTZZTjs=,tag:7tVIiR4taBSNVIuC0/AX5g==,type:str] +authelia-session-secret: ENC[AES256_GCM,data:0lQrbfxKn5y3LZW+HjUfuIWQW23y3J1pp7TcHNqYD6NgHvVDeROic9hzSe8bHTMgLlc+7wf7Glbiq9Zww6lZQQ==,iv:amya4RuA+TSuq7kcB0ln0XHTROYSzNRRmqi583o4Udc=,tag:Wh1jxnr73iweitbIi64KBw==,type:str] +authelia-identity-providers-oidc-hmac-secret: ENC[AES256_GCM,data:X2ZE5Qn1KrVN/WBWhbHqDEOJ6dxh09mLzKybW9tL0LCeeRA928i4ISelMaSbeMfN839hy8U6WjmObecuokYdyGygLb0fJGTvlErswjHhs3fZs27dOTu17LCSeEUatvYs1Hpqoo+t4PnZtHbhGtUw6KcliTzHxDTnBGAunFNLmQI=,iv:PD3tPdaxIaLSAjHz+Kd7oDqLIeiTsaFfSRTT2wf7G3Y=,tag:pXzgOJFkBFvtnv9I5TvAiQ==,type:str] +authelia-identity-providers-oidc-issuer-certificate-chain: ENC[AES256_GCM,data:cwN59aqz0b+arw4yQc6hQsRg7t+CUeyClWeQPnBt0v4J6X0gKbeShHQ8nJmDKJ5jBLmp6ltdF/j3Pl55jwNbRIEjF2XKcqs9Gd1B94Y97jyktVn2Av1fgAy3IwJcnOrVLGk3EHRdvYHe6jjVGVODYAk30qTA2Tbhxc8DPbR6ie6JFDy+ev5oAK/1EYRRhwcGq+ZETmuIQcGEpNF+EsXjVjcR/iIiJhAJzQ9MDTUrUKeD2a95tTno6J5JCRcI17LC7XYR33sjQVeAIIDEAn0FAhaRc/yDACImdzkufsjqLXZD3EcB+Px3hZHy6ZWfzU+1icys8wd7qt4O7wnGUPVwOkF06M1wYALXH3d+OnNo4so+s6Q2ZlS6yuAjudnyC6rqbzVJvY9PZF27Ogmj4hLN6O8dvsu6mPj49E4f/qsF/fgV+UkZA31cy8vWTLYnIZt3XMQLys0xsYUEAw8hvuRpwBFoGc+VGO1G68G/rO8CGUUjfzdwVa7Pip1JZ5uF5AJbEGYJ0lXBp5o7SI78quWtI6HKZoerfjXMawAUpPIp4HF9HnkVb1B8tXHOXTxLcnVebLEIeRO49qIBBIGK/PnGEkART4vwZEryHqAWxphq0c4N3HW1JG4GAERUtx4nWOD1LfdkgeS3uO+Pqh8T+qdYp8Saiq3g8HUDKq1JS4EFmSzJsEV2dXXJf7cha9v22tOY/Zi6IpdgSq1ohmwthAzT26YBSJ9ks7dcEelCoAY0WDTOHq3UDxUnbANIWReqrWZv97uetm9Nb9Aun0miS2FviFJQ/f6SZUZ437b/7TAoQ6gLrQ7FAvqU0KS1S6QHuxTYog/g8w54j62APlwd8M1eVlSVFYZUztgUff8nE1fSykz3jwwvtigDMFXsLsdvQr1jv7s5XHHmvIW17wMf5xq3hcgSIYqZx/+5nNXcA66iDYcMgJPzlr7Sd3lxWI2ZYBSGRj2Cp7zEDz8W2756Zgu89qTrKQw/VUtbs96WS2rp5bywZlstaYfXHZSTbpGDMF7yFZPXtBTYng==,iv:+zOfQNIXhA8/knuSL2V9lLunevgA541cbgi6UGMm2Tk=,tag:Y/o14+ElwwU8lVMQbTYu5w==,type:str] +authelia-identity-providers-oidc-issuer-private-key: ENC[AES256_GCM,data:BY8a38S5+9Bew+lvQtntWt7/zdI7thNCSaTCZu4/h9y3NOg/nft1C5OaLiamactuiapk/t5G/lUtafRvQixbMFvsIK+3PiVGfkGDtr3fEmvLgOZI9pmlBS1o6yyLNR21jAlpRiRk03jB1mxV+ln4b9S0xobsdvNemX6WeCMD/CZB5hSPZhvCcl9JDxbEqQ/vIkFqpoEk6XOVCkx5q9VRcZgRoMTq1t4gVONp09BYAM97ZuCFKnXDNF6f8FxlRFteMJ6knUB5mnGqPlaQH+RwRAemROIyPYESJlv3iO9Fxr5oRCw5FDHglb0Ui9n+pzEhWPZs3GMbY4QU7S/bibtD6DCvWwyMKuxhi4Ek93HxYbDeOGVYoeF78yKdNsrVEvWiXz85mxEvt+FnVdnAr0P4qpmDKMQT1cmuNE1AXDQwoekeq1oDpn63+n8lIFRqXwAB3KC09ANH817y1vKYG8x2/ASHa7wFbbfWUbO6/+MeSaYmwtVLSvpCBGWk2n+wGZeVye0dW81smXAK64g4vHehkRv/p0RejiEgQIjxw3UD0hIJsTYuBl70YVkQIY1zbNRWDjdOPsJ/fBKO4/69Avu3Wz/i/DCc1V/yLfVPsqh54Rz5zTCY0GVQe6wkbGXwVM5f97mVVjsdW3C6e2NjWOzL2MegX+rUWoJOt/gn+iYq9O+Z/j7xT0iU8XWc2EPJI6dmchs+f+8GQmROF7pO2InhXo9OJ8ntEU1JMhZAQ8VnGr+VXqovJ+/yiLE2DjC9gK/Y65R9K/bKmtE8mUjgGkHY86Bvyu/Jc224yOKyyBejxcm28a5gPKnvfSzviudiKjHMZ0pOuKoKN/EiyXj2qKvJphE6ddpbxWr4RN5UbK/rUNU/dCJM+C8DIUfdPUkpSQCXNE03yGgw0A9Hv/+zG/TI48wzWOn2y5y7gyMInZWo1Jlnuzsl/44PpwiUSdiOV2/qd0U9/keQWrq/yHakA4y+Wyvj0ENlhxm8Tv+4jFqZbVI0emLVb+I7fA2/gcYc6kJpIMLNuMUavmXg727BwqoGeUuuCjJZVeJpRCJP1sWTx1IBebxyBA12531Fe8CdCvgUtzARE3CuHB+svM1grMnJ3nSpSe2CzVCit/isqYk0PN9by7pWncb5dbutxT5/n/bDOgJHsTfjSOMyGZfIX4gBZaFjiIuTCmZA73CsfAgfI9k/irXMcSC1o/HpSvlfyA8zOW56Mt4yqqlUQirlWDQPA62MFcvr67KswwrWcSv/oZlHiiiYT8UAykSJVNbA8i1EKGf0NEU/hk364FMyzFvkbrvl/z807IxLhe/x8t4R75V2rAGOV5aiMW/2l0jM8W/YsVdhai9RZ/U22D8IaKvHb7wbOSZoQv8V7hYpAo3A/ls4YF3aV/WunanEvxzYMhvHjRHXNmwYbXaKt1rWTmQq4dA6+Pzkpia1IM+yztUHh42KeDd3g+4msh1zL9Ps87txTX71mZ3/lHdCs63ZvWDaPlHiIbgOHBvDi7nom5Xj6E2J55n3BdSSdENy9u9lwxVycdVlSWKQTIbEo8FRr8FDyuqOApRvS7CniZqvHqRxyRjbkfLFV97VWfDp2LoY0nU4m+wmcav42LxCzMT598IUa6s+aVgyeZK2sV1mxDwn96SFqLUcA0NIeOL41bg8eJDwYm+nUxjkQnXGvdD2H7PIhmyJkRuI7mKpuGgrI4qqeRolfYDGdVUXbiKvMLXgH54m8wBQFbOYddV2kNxBiu8IdIfpidElr3UABIBoGhuc+ZHZYiTStjKmWD/HA+EY2hEyGGQYxNzWQXWBu5bnHvQHrlAOmhIgmsaMblzIAFLjny2ue0fJacYOparkHRSTq9FS/+au6+N5Wr655jGpcmrn4Hm8aXArqNyXgromZZW7vXHOvPvPJz84n3d/UTRPjfyU9Sti9t7nLphHBwrxLCu7NeulQAwrVTIFV9o3qucFQWxe+MJOldnHBdWlrfu6cRBaYmD00yZappKfsaiyGFkcrgImCRU2wJfpljVMcfmP7uwR4bPTHTm39qpXgsMgApZavjYnizelBSA4y2TdxDI1N7Tt4Xn2RMYlHJkN7zWSliX1g1T4LyJ1Kv9MTgm34KqR119EanGs1ALRYOyeyf5jrdXMvfibpMjCySIlR8P6CkA27ZKl0xfKbCx6yzvPaPIbrgp7a/i78zUH0aHJ74dfk5scYUQs7du6yMRx53OYnnLpvTulUBh+63YTzaywxrqk/DrmIKH+DDF1AeMlmlvIqnKxI+3zi2yr9+EyHdocdOsDyH2tgMjuE9XjxMgQ+aZP8ZgjXHFahPPxNXCITvkBhUUNk1Osca/+6/cM7I7IjlVwL6tbf7VtxFq1ElTBg2wscEiHpvWbnxp/JjhlbG3hoW9GgMASmtbck9Ymx1cScBMrZs4pFNnn5ejhkNemzPO50U6nqihXLVMbl3ciMKt6BKWgJZAwpUfKo2IHjCAUP2pLYns4wJJXGtpkDbHtASuGTtdM+w/lA7HeUMZt1c/cH2m+ssZ47jvACSz26CAepEyeWS/ZRCpJLzToCQqLIiNVZJWf+1Tf6KHWkfUip4wm48XgW4A7i31oj1qvdW4Nxw+fspW/2RDyllRcBVxjt/WIR/9PMO3XYaIJ2bAyOD/62Q6bvrJ1/QFCzj/nPu+P+PS60mdotVckr/0z1omkcvZgjXvhfDb7c2+/HhXiaWoNqVU6iQ2qmAWwiNBGDsEl11zBRRQ8xAQck0p1/V+uoQYOOIFAx3gdOqjkb2m5jutZxA9+K5CWupG1YaMDVJeq+Ha17hsYWEN1WzvYXrCKzC7EzkyXesG9Nir3YcPgBrHr6qGFbnZVOQxNSmJaWEBX3Z3xqLjWP2gF6gmoASlgkZH2egJgQdRgogqB9OKNFsmI47wHbIotoF82LKUBV8imJSpXxiuf3tDtIxqfZGouWpUdOLaM7SyzHqMahx7d0d8FHegLB+NXavVY8lfmMoVoxXgfmTSKZn1qVpPTwS25y8zEAYbfjvnETjM9R/K7Z5H9/F0G/x08x0nM008Fr2Pa8Zt/NNw5PsozwGMT3g4SJqn1OLrSRm+GWLau3wgI3opI6+Yjrt+21nW1fd5HvXJvkb3q1NK3boym5UK/5ZB3hctGWfC05S7mTuNbclgXE58IFdEfRI1M3bUC10TXNL9EkYUdoSpsHjr7UGCNbguyRLSVX3Y6JZ8j7dMkawdkpeUykGPF+N88GR9YFMJoVPQnae0sj2FrqnQgJ52KnN712I5OP+8Gfv8evmrEqtAzGvTakwmrc+BBx+5NTEF0Adt0fhrf8RXSyyvDKae3WIC+TaAo/hhBooUBobQc4R/9x71G/mHw3MbtsXDM4pzQs3SDaVvffEK4gXiRxnTB9uQPo7qJL3HBKC/v1PCJRb20vNAIyzbubeV4CpeJNaEaqml0cEMukLVnVWENYmYOjQdjUQjyPyvsDA7C2jy2F9jCL3huYwMrpDXQr+urlgEJv/LiJYT0iuYbhfYHmqUtOKffXpAfj2knN+qPzkIug59IWkx+19suNzTPtnO+nBTsboFu/AK68I22xStGZ3WeVbay7SJqRAOy7S2iwttPq/ulBDQk5G2Rsy0PoZcv/uBQ+My2Z+Asq5G4dJBowZS3/4SJ2zOgfY+Fj+08lqSXelNOKWRHGno0485/PHiFYn4/3mUiCz+P8HhbQ2pKkAwR9DTRL/n7dGWOw/7amLlLmWzgxdE0pl22Ji4Yv9nBWYtj7FKKtQrRYzvayKZYMRAphXLTwteFWCAZkq/kOmwiPPBz80J96h9FnZYiCzzg9L+4mbLsBZNVEpEDanITJ6BwLFtOdeDdMcOPlzuaZA1Rgi4dsp8udot8mZJewLL6GrhSZf5W13lAxkFVuPT9ntPU/ZPdpqC+QCtTNc4lF2JHiqOvW2THwA3QoQWp3xFYznGwwMly1ZiwH1kPEuXcH16bE0MDLBVJ0TqeKTXxJS1Pqnio/TZiMYcmKCw4DAjiZ/bsiqe1pkQ3z/AE2UoZZs3OnBEoPmMRbZ7rHltwXS1YT2nvUkEj1SijaMSurPKO8bqhVzYMZNs6C3iL8owmK8MDG/x605cnjTX2y3oDCdmi97agmr2MyY6uCMtUyZjlcjVQSLpt1VUoVHsPKvhzS7C86HqzaI9xZdfyzKY9utp3MZxNJMhFHPR4tdTFE1I5twEi3IU893a7FLdLObIy7o8hUpj+SFqTDjI4LhB5wJYf2DB99/fCZBnD7aLVYPlq0iJSw+X+Z5eZQ/PGWTqWyfK7eWCcA0WRBro3xXNjs8JbRAnEMYJxZKtYzifSG/RC0usU,iv:6cRckfpJZnXvkPwiQq2TrvhjbxHsPGnnuvF84OksMvA=,tag:i2Nlr9DiLt8fvg0SwDzz4A==,type:str] +gitea-ssh-key: ENC[AES256_GCM,data:EkRnOqnd9NFwOC1uml45feNgqvmGUGhxX5LrV06Fo3PHwl94+0m9dxtXGhl6lxxQDvbiPFJt/tSdth/QpzZguiocjeD+RtXPntqcQ6opB9jurDPmX1QFACZpBiIL4PeH0WkkoZw3Erbo7SB4OfmUnnAkQTAKiETRmtqpgqsSWhrd5PTPsIXuSSddKxqlKVisPewf5DPy+xjNLWRCpCsq8uIg77bF7uZI0NUx/cYgRp1vWMY4U7sl5x9YMSIEeLSFTn98lPBD2/MOmrtdWwdbpl0pXDOupiEZL3mNQfgwglCPTtsmZ0mlj+0u7IKdf5QiphrK90RPxFuqd5NSYWyJuhTImqiBinJmFcp7uKeJhF/u2g8bbK4XDSjAfBFzTF2/N0NHNKI5pxPuT+TSG7asv/W87viEksqws9aFF9sw9VhjqPUO4+qKTuMIm6EJGae4V5f8AuBdOiuyG1S82MBKsnC37J5SWhKNTtioy0SO44kgUhGNq9R3RceZfKx3IUdAUwsOMr9O5Azj4dnK46Wq,iv:K6piANhGOcPKEvFmTEQiBQvzjPmnAjPfRvXTF2cxvHw=,tag:oUsJl+b1w0jE9Z69vJXS6A==,type:str] +grafana-ldap-password: ENC[AES256_GCM,data:QDerm+reNE4zeIzQtfLoAGlWNVd3KpNSDYr/S3GuNLgK4+3l5taoWdAmPrdT0oCUtxipnuUmlngaVAu6nvqes3XDrjs55cXoiBbDC1S3T2418R8EE6yKX4x0dGnvmm2QA6+YqBvP0xjIWXsAHOhIuBjKfQ38Ms97TBcEuS99XrE=,iv:HADBofo+cA5PkdXlLcemRlG3sgYcgdiVM8NR04Z7AUo=,tag:yIEMjP8PofGDskL+aYw+4A==,type:str] +grafana-admin-password: ENC[AES256_GCM,data:Ua8h43JzgRevqaHyjyTyth09qqU7VmFJXaRnqfZjza2u8jCUJgrqdLWJWn28B43hHbk62lP6vb2HEAf0FpuQIVziCXtcgCfy/CIQny5s005U7IE94P0QUWGQRernGM/rS9hNPC84RNOc6GJoJ+pyCHM6KQjYsQ/gNtH3WRCSTb0=,iv:b0kORK8iT4sr2frzIuAs3Rbz1BvusQFw/lWfE133k/Q=,tag:/KYLQ8GRrGuBLj2MoPOAnA==,type:str] +grafana-oauth-secret: ENC[AES256_GCM,data:0C08ak101LiimDPKUflH3VNzxpjq9DCq2vzeV6N/VmAKDpYm2syRYRWBbqqgEAZ6ivBGFedlUZ2cKvEKPE1oc4+Y1+U4dCet,iv:8w5yfdvx5A/PMEY1O8EeZoGAjvRBNs8PFpIgkTbRgYQ=,tag:Wa9PPht1F10UaobhH+nVAA==,type:str] +linuxbind-password: ENC[AES256_GCM,data:J99NNPSDxxdzEtzmefHt397yHNGPXLlUEbheegVvmAksbuFLnBD0DvOM/seIKGVxCWPq5pXviHD2uG3IBOuOJQ==,iv:Gmi/amlRQHSNCQrEp2wDzOKdqmEBubfLHElcDnpv/0c=,tag:2lKkwzK4dmNoc/kocqDq2w==,type:str] +sssd-environment: ENC[AES256_GCM,data:2XujyaAooH4rjPb+nMA8IzDvDLu6tJfQkS8Jo9+GN8hYITkPYOS2psjk2vv7FLtcd4/YLfktKvnfgLzn9KYW8AXOIrPRffsLfEXzbjXg5XcFvz4N4xZPJeDdoA==,iv:5z9EzxI5MftP0MvudDBeqlRm1FqlQJkLr6JhhCQEoEY=,tag:6yi/Fwp2WF8wOoVjqjay3A==,type:str] +promtail-nginx-password: ENC[AES256_GCM,data:z4p6NoIzEQgkmYWQODew/HM3d26DHJpxdZjY+enu5AZfAxN4jFEyrGd8e8qxhtdAo6t4aVWejyowTg==,iv:Ni+e5j8DnpY8YuSUHOuk+iM+SiJgJbfLGp0FkiIP5EA=,tag:dNC9JyZxqQPnRkJzCg8EOg==,type:str] +victoria-nginx-password: ENC[AES256_GCM,data:0hLUj4yo0kM2KtcaMlOLdumZWPOTMbxP9es9fkgdf45q9aEnVQhWZQRwd2R6MiU/2ShaTHA=,iv:XmiRo3UubWZifGAh7o56kOfr763YnBykGIBqi4b2iYQ=,tag:OcMmermERUnX2SyijZ44LQ==,type:str] +nextcloud-adminpass: ENC[AES256_GCM,data:nIn3sVSZNTXrq9CqWwDGN1fkkxuOST3jP128K0MEoOf8Ql5l8YwG7HfsbyJ90nl2gTLCKsNx3Ko7ocQiCWsrAI3vQLwvn2UkpFkuh4njGB8E8LJYPFSbJCOkKHnZVGvNGYlM802naAqxZqXKH5jOIGmhMq71cnPv/18UEeydOIo=,iv:6Rh5tZqRrD9pU9UwumYglgUf0nFJMWhu/eJSKXKfnPw=,tag:jDXC2ymBK6sB5arEyYpp+A==,type:str] +nextcloud-secrets: ENC[AES256_GCM,data:QSiOz9LyqAH4/fwFyeXlrpnFISK9k5IEHdffe6IqmqpA3zKyLWgTnWKh0N6fLwpnbfRla3a0OaNL+GRty0kJwL0a2EmdYjZFJgh3X5YoolTVb7+QHRNkSbMTBfJ3zkCvIW26giH44nqIuBaO+w==,iv:MqlpZMxzmOnqJ76SjAaodAZu9qtVeE0pRWMx/sStIlA=,tag:II5/3BQ/x5W1xFu5J0nUtQ==,type:str] +nextcloud-smb-credentials: ENC[AES256_GCM,data:v4R8pK/tSlDOkmEZH2fX3JwsipumiUPkAWnZX4c7nMysYQumXbBt/WSoP7lnp39u,iv:c1MtskjNTO8zx6/IOzkEdqHD+VesCo/wqOCO51wkn2Q=,tag:3qyOlqV6qA8k4KIPXp8bwQ==,type:str] +atticd: ENC[AES256_GCM,data:I9nzAkhVAcWi0ZwGcdXVEQkoLh2nI9KFWujNFCi0AfY5wf8DvYtzi1q/I8fIRVTkBjr+X9NpjX/e0FXAoLdGTefA3lzm2o4DJigKK/admwzpNwkoz10a2LChY70AsXjwxTrE9lM/RAePix5x1/9dCTwyTfBfxrlBKoudXLSB0zA3S1WiTVdvQg3adNl/K1ReR5lWMwr87WGzE/rJ4Dr1zlvpk1D/UHt5vQnTvW8HQa3j0Wj55YBfO7jvE6SlokXBUB+b0b/O5puun91nmTygDzxyoem0X48x4bRU2WXof9qG23q/8Z9zFyZHDm0GkkbmC1Z+HYx+H+2a4EsZVHTa5iw8p74F1Kky+SDQJZ6LeHcavytWufYUAYkCR8kIhvbDYzRJRl9eLnVzwYv9DEYNqucXc71geYSEWYbgP/AEHFnfSrSIsv+fmeJtWU40cLChG6kOV5U5hWXFeVUkEI/K3c0h4WwlcKCf0zjtok7vreyOQJLzaNtTh1fm6G6fsM2V0vqne8Sg0gjHDTP9J2sEX9RI/LqY1OBPLBVIkq7Q+Qi29yVv3HY8NEpFNLL6l9YjPBP/+FZGKkjtc+k417+wNC+F/OO3b1oIMRowyCpkMZEBbvJKFMhZPILXco+QcYKRthtLj+OJ9EyVqMFpuugLk0ZBG/A0mbWyuKLcHCBzVUDaRJQy/fjaCLet6QGTeJ6zvBCuOP0zb0qSrX3NQLasOi4FvbvgqX9F2YJwjMc19Z4RFnOK2NNA0Vs1XaNTwhaQN8cuJC2xMwon/eQCIaklUyWoRV+2vAs7gokC6CxIrA1t7T4Xo7E39iAllGx27uKnwJJKAKpFmQ3oYKsgIPehJOY5LfQImqjqe5gZ/LyI5Qau3VrxFXnr+x1zkIntc0IOoLb8dHBW1cb9OdVZ6XF7ZHvjJlSmoalAgxjNIrOH6AQX1qUiMFMKmIl7jmYj+DPSzEe8BMy4F3B43AHyRAwRrmEjOMi25/yG0iJDialjglCWZSDIzHaS3mIs01FpbCsJx2uX58/X9MsqcaOyAo5kvqhaBhA9/DZ76X0+xgvlxQ8sKsBNaSIMGpVnWoXbtlNLt/e7tcrMzbVNOMUt2JQPdOR8n992Mnrjh3ldwtl9CnWSJxgizxvGLOCy3aDpyfiYz6Nq4DADeoDHA9NuZkss8xG0IW2rJUim1wB+BJQ666zUx8Cap9aiFNwj72SE1+LVW4wQXa166TUqkX9O3fj+Sy32FhVF2qPopzEM/awzinVd8P/JrONgxLIvdZF7lajOZpRzn/Y8SCgXa4qsKsgsrMwLcDpIWpPWRiOQoVyNgRGE87V2p+5ubFle8vZ4B97emmhI1MYJmyA0AiSLcY/6/FYEJLx0kIWwsdTUtYut9KBx+M5eHGmTZVxQ1knr8D0rd68nF5EbV2tWJN0qSB+iUNCgCA4M7yejGHzTgQKSnuefiE7KXFfgGnME4xgqEplSg0IuhSGvnfYm2CrgtB/x0wOprJk50tYX03XJPz/JFmvDqA+K+n9kaOP+8bULfIaRCxydBCqukKmb44a/GSz9UkZU/sSiecattZRfzhHuyFbxWvkS0I/fR8M3FLS/+tsr9BVjXxSFRU5jnceg+wY6HTWXwQHHkGb4cLpWSYs8z6IivQ4ybK4bbVX+6ovQJU8L1vz2Psl52dkw0gBiWRInorlsO/dPln7kOVjpN22VX4CF3L5L0hjmmquzxXiny/tKKl6x1El4N61wx8EHazGe1TaBcHNIM9WDNg29ornM3RPEjHJkJArit8SJsNoOlprpc/e6P7MC3KctH4rbmhIZ5VpQesUbLGCbbSNeleFNoowBseDDMLv4+x5ruW0OM9CptR1hJaPYy/u/rHy5D+yqLOKhALdLe9PxE1SP+CXuvcWlcwXqL5GFvRt+yHIMqjL0Wfjryf79oT6OAtmKXJBkTZu/ckScm0Sa/3dhWkHdYaBwlp1TRxuznPIkONHi5lt2FtcUNmOK1f3HE9+EnMg8tl7bgE64egYoM+d6HuTeufQaO8IYd1wSLNsQnoDVCQjsVxcLKQI6LQ4V5863Uw1Q3FCJRAxPFGTpoTXhQyzXv2q9e3OGw3afBXvaxknY1SrdKlSV/qjigzSqjJIJ7XbdmGaWs3hgADlzXrgcTKfv8vuq34NmR6QUwTby54fWRE94AwH1/dY9hXFy8mk+GPA1JF0wx7sB8TBDPn18aQU/c0QkDHw/D0tD2NroCE7lOEPAJpSU2g7aVorT6JDt9nrcmeIUjzsTCENjGVYRC6uOG84175DP0Htol6v+9jfyDT9X9Gf7JCgge97vRMdzNbw7T72rnbV/QytS1Hp3ia3r1hQ5qYOUoKL+Q2Tr7uJy9LRTWhIuIobJvIV08RqL5h8gA6x+9kO3iXnkFD1hk8/8bXIZ4lX1yoWKEXbr4OWNb1DJe4spekCZ3NUA6Pags7wws91N8vd5lT6JUUT7QuyELV7aQw7A77LC197bvVaoo4BYNnzy+RqHmJVQPFfLm9qpbo1esSKF3Q6kiruWEoXimJwzVQOPeAkOTG7f7qxDkQ8C/oSDn83ypML83f9M5y/4DAnmpO/d6jXE3pBE6acPjx23QY6AQLVuLqX/mFujtnXaA4kCnlCvBF1eAo6PVYFM3+Klf/43PNW6r6HwKRHCLh+oGjCqDO2V4Bbs9Y/ns4M5NJWn34yCoq7Jr/Z5wsc7t6BwaXQxiHgrxsYWW42orP1caEiXjpWnUsrgqnAoVvOGEaZj9TxkmVIJ1hX8SlQWkAhKIGxgnKDuewxX8YMPfaauLzmCSqJZkjbnvs2ezDelQu5S+SspwASHEOq8eCAvcKCYbwRWLyVj4nlKUL4i6rnWzYETuxBdsCmUyPL9l7RNhCz3wStjXW97QUbT3G1J2P+1PsonMvVxcphdSq5uaLDFJcoMDivY0XoH0y5Y44/G/REgGm26soPS+ZP6wMwSzEgoADGl1yqnsKSiM0+JWKHgRAis04+nL6nRI0ArdZzmchgz+i8U4pRvHlb5RAkcx5F7xi/A4d9cmFwHBfhPCGnuXK52zYK1O+ijoxzvQa6f7rC3rXBGfp0VfmnIeyHaUoZPasuFJg4IhnFxegxgQt233at8E8hhH3J52o0gjog0syajCKbtxm/we40is62g7NC5GS9ekq3QfSn63HKbZoqsaF5/qDbH1S7OC5wtzEAqVS2cz1nwoZhYuXg2pBvq0+VeajMq1RHhOsBED58CJB0AbjSi0mOF/zfX9dL/IgaT0KWojfOP8FOiTt/0bxKmZyXvV/IhFaDyp/aaGhEpk+K7sUCPtkyzss1x5Bl6h3ghC7wjsQheeTmniqyDy7PT+7YN2b0sYj9OyzWc3piHrju+pI1EWWGr2GOOD9iSiZzAIuB8iZa5WZLtnx2ePKQ3aQJMbL1lpt9psmrcmsTiWQxUWeXoWshzkmc0i5TMZpIJrcsOMZwYpiHgNbQ58t7FH8c6DfWLYqBAoW9qtiYpoBWXH8qS0eIB5ADwzv2QX1i4QKRz+27zxG3FxFE7V+B6YHvzh0JW8CsbrZM2TWbQTdgx1uMcDpkIVyQz/WHX5vKtqHnxAlnUyHMztVuTWhxOTnx8lyPX+OIUAKHwaa4T9MTKZztwfQWj+xhpciL5e+s3uReev5U7yqeZI9rKNe5r0Z0Gkd2b1sW6pkMPPn40Odumzqp+rSTz9Ya3iRupNFr6DxfO83ZHpXi7Jcyww9oDrj6rEq4kjNLZ40UIxBVLtnfX0FB6Zb5Nql6pSWkAjgoInzvLvkOiFsD4pKIk8NwUdZdn+fUAV6CYq0FpaJH7CJcAzil4tli2ZqJbUDUNTCqjQ5QK6iEC7MlfyZnBHi9pNOsHJuVQe4EJtYg1nwpwRo37mhMejL26xiWZu2M0T9WwkA82AiPZVpk9coj2Xn0aSIs/pxGzWAMfABtVclJUXxII7oAjgmEIRE+DGigungRvwbzrB/nC5xXtXriNPEsV8M8xGy6740XIGChsiRVLi9Xo8+p56LTEmEsfjZQPz6J9CY7j9qlv/qTgWsRAjzukGY/RL6OFpN2d4lSiitpwWa9v7zDsC8vBrcfEWSSpqWwo1iBIJLTO2zsSGWqaTr/udPoXMcpr1/TGeOCZH3X4QR6TGBBAe3NBswhvlszkPXDkAzICyeeuKVk4OGWeJzwm/qMgQnkWAXUp8/hefHPwg3wna3Exp19IKeuAbLrcNTIG0ju12v5F0uUwjnTvFaxXiWKX6/dNehcZW90yELz9H5g1fshMA65rxOJuSZPVTCoH/Q6+e2iZDXaoL1zX+S96i7vTQU0QX0qqDZ65XPGa4jk/ae+w1OVCX9I1NDt31gUR0WTTVZJpXtEjacY+DkIiIdWgXzJQ0hsA1Kxe7qqn+5fK2v+gZHVSph9X3HUcw96C++gzsL494NpCSnW3+d7JRbQDZxTy3tSTFihiT2Q2pnmGlDty8+i+EJoEvx4nktOJQXw87bkCkDuljO5YIkPQ6DQZIRk3AXrBZmNOTRq3oTZZXr5k8yH6ZUDrJpmkEYsVIMJoQA7Y11EEO6iReAz9PtlSYm9c78Q9WSSCLcGQWlugUQXVUWDU2N/iTvavn0oxYZVxw9Ye/iXktmpS3I3Mn8waC329PHyK796rgQBGLnLHGvmHz9OeHUCq8FMBfQLvPabbkevVVskrzf+S/adNDcixK3dyEZWdUBCas/Z15X+P5Nn1yjVLSy/gEPlYwEnWPQGdAav4ge6KikWlzS8ekx6vwcKis0lhwARVrz1/GlhorEHEaHzMrHhCHXUOh7HxZxhIRTCiw2b/jTP5k1oMCUweJDq8KQCWSxJB2IKs3oDzZMUdq3W0aPX/u+yOnz4nwT332SeeMQPRjUt36EoY/npmjGbcKx7MNyyw6BQ+oMbGTKbzfgENjOb3L/VlGHvD8Dx8yLH24uPMNZOw9mbhilYHwBxxNER84+3AIC9shd9sSbzo1vBRDLx/q4WpTh0M9tRjOjr+7aaFwZH9Poq8qnPVHZvdkSnHg565fmraflvl5VecN6SxoqORSeN/7z2aHW6TTaupqe4PHsTVZ0/zM+0fKseRJO97XvJW0E9H337vEpowVT2IY7j9cJaAbP8q8KQCX/+oD7v7+ikHzeaRWulK5s0h2vYof/BMykbBq/T4phFpiqPJUy99aUe+fytj7SpfG6zt3agsVdLRbt0SkCa1ZBTdIYiTLjWGaoQl4qk+/wj5/1g1LnxaCoJ3P2nLpwPIHsli/KEILexYNWBIfqfM6yt5S/4NB37q04xI/x8aCwm//3gdrXxagx4XlVbRwgX+NDfUVRvJmtZAk/aZclTE/x/LNoXi6TtOcW22cL6RworIq0NcnpBmnkkqdePEQaxy+srh9uDUlJiiSFvOnXlefJ37JFOtZ0YWoSfMvIZFb/LbjVHpPZhGravq68DS4KdTXZP9QqKq+3JTFgr5n0qAbUK8tngAsTDVVOffSclLxkei47GHV0W8sO17M0VwOwR+r1ivzhyJP3gstSHGl9v7OCuUArdRINM13a/rjnPtLEdr07vyPcUuG7VCbpDlR2DbhBvXe6/hzjgSeUT+xydoBuw2CxaiX729jO3DqLRpw2I7FxxnctA2b1lcsVX7fYg1uq7B6x576sSSabG4KI+96SPKgHHAoDi3sr3RfykUWdhDxJJa+5VZn7NAX/iH4PGbPCA6nP2BF08Pih8QKupZj5uEBuQwOAVvdIeXCaThib27pQUbm88lnlgP4cXLgNZvnol2DKtmWeDS9QGEVyaBiJln6miwoU5HPYM7Z07Hcn3Wof76WG5NPO8UxLlRJt3Wu/o6WM08DW+dMx3flLTOKjrNPaWQRmXg2jgWZ2b2O+cVX27U3+1ZOXrYCeZqFSCQeZZ+ourMInbvU5iUm4wv1gIjuE9MBA==,iv:kMwmfINpPlJHly+1ErUz52Fku2euCcU9IUj0HQBYl+4=,tag:4idMOhYq6yQwNPAqktaurQ==,type:str] +atticd-smb-credentials: ENC[AES256_GCM,data:5zKR9pHMhzze2myQgAudM6IIEccgz44FiANtMWkvvyncLo1MrZWvuNZ3iy0bOjNZ9FvVgCMt6e9DxdwmhUotq2R7BDKGzWjXh40Vcw==,iv:M56v+xznTLmKVdted3AP6//snA87CHZFRwSeTeeqgWI=,tag:YiJCYGhr4Ux2SAiLCkvyaQ==,type:str] +pushover-api-token: ENC[AES256_GCM,data:/Xn7Z6f7ag4uihbmgF4icCZygvOwfVp+L/jD4bzQ,iv:DCfpfnP4zGNoiAhw+Gh5iyrAMdUYk6fa8ZXlGxtVXpQ=,tag:0wUSuFaYZjLA7YN1P8daog==,type:str] +pushover-user-key: ENC[AES256_GCM,data:prvcht2nOamLADnhnWL9h40606ilFEMFQgNGq9Ix,iv:gcNZIHAzYMreS7aJZ+FhCWpAQFjoz51Q023uIpY56Ns=,tag:pNebHXoQrYsf/R5NIQ8Vqg==,type:str] +sa-core-mailpw: ENC[AES256_GCM,data:TCKzVZ/+dAGDmXZsMn9g1WTEg5YIMFxlTH7K,iv:+DdqpTnHlD4OY7GvSSgfJosxJDr+VRqsJyY03615VvY=,tag:gYG3bS4vCfKYgG0nwkW89Q==,type:str] +zammad-db-password: ENC[AES256_GCM,data:blsSgIEA93rPvaJGh+GBnSRuaWG1I68om7Rb00J8M9ZxUt6QQLiSGCCi2aHqCCLdUhDot7m9QG7m1+PtB8Xk3Q==,iv:viqu7uqDNQvN6In3ibWH5Mtje6R0ZifkWVy3VN25dtk=,tag:XCbrf331+VLsJD/xxH8ZSw==,type:str] +zammad-key-base: ENC[AES256_GCM,data:VqMBsOL6GVM1MlcnaDCU9Nl/zHEr4IFYRj5nlF531sZ8P3tM68TZ1X6ddWvdAcBRYmFJqREVqPA3dy1UeN4HPAbBeI9kyTGMcmfs6VzsoPgXra3nRdV3Hg/CRiwd0bD/s4S+n2ot+0nAe5O07wLGwE50+e909Tgg4r+VU1DSyVM=,iv:q78GjdjZAKzMoLycUe8TDydN8lRZNTLAq5cICosZC8M=,tag:1BqYc0MsBm1qiMCWH8G7qw==,type:str] +updns-token: ENC[AES256_GCM,data:DK1RJP4trOWjJSd6h7c7Yy81W7wJh0UlTTB9ge5Zaaw=,iv:9cF8rPZ0t/zqLFOVKEk9oZ1+Dfj8cSiK3l5sn4i0nfc=,tag:kuO4ebcjwfCHjG/qCmBMPQ==,type:str] +piped-db-password: ENC[AES256_GCM,data:yi4MYougsLwtywP4GSJHO3eP4VZEiZRijYuYKWkaTsQm8hOvqTO0kWcL3RQ=,iv:Y7e/wA4GtQTNl0Y3No2ynpexZM+oWNPAmOuOmMfepvY=,tag:r0EP1bOmwty1vI0J3h0+bA==,type:str] +piped-http-auth: ENC[AES256_GCM,data:PnbYFAzy6Hm4mhb34qC5hk1+sN53oIxMK4YYReUNG+udKi7QNbiAH0UGTOds,iv:zvyPCl8bVkBkXqhBaeuzQclNiXKdN+239Lwzv1IUmBU=,tag:8oP9HZGBpv4xrW8zsgVgAA==,type:str] +fueltide-lego-credentials: ENC[AES256_GCM,data:qHTwN7IZK2qzzI0ztZkgRO3Iv1vLO2XR47sh2XUiCNMdSRxrr27PizT0dEXaFouEODoTQAOLkSHg+WdFx/QRzjcKF5i2AeAz+VKM7s4TWqLUiw==,iv:iFUAD0Uc87z4mlo0oay4X9AbIuW1ND/u47QEZRptm6U=,tag:QXkQUAl68ngOpjFvJgQ1Cw==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOa0dCWmlaZGNwSWRseEpw - U1VMMWllbzUzT1dmSkpDRHB6dEJNd29jQVhJClhGZ0d4RDgwYmhCd21VaDBSTXl1 - dTNKbkRKNFVRS2tvaGQxUTNNcHptVzAKLS0tIHVtSmVkWUhiMk83Tks2U0pFV1JP - akFvUkhnR0Y0WHV3VDJrby9nQTdERlkK2osUBlD5Iq7u1Lcg/FO+YjUimV85b5Yw - UeXiLKFWxjpy7LwUOLEktTxEjl+6K5ZIqhiwn5EEUWEFeo0+bJ7X4A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTVJIZHQ2cTduNVEwRGtI + NUVlL2UxdmR1dmcyNkZ0ODZGVlRQRFN4czJJCjNFL3VtVEk4cW9RaWVEbmFxR1l6 + TlFoWDd3YmRBdm8yQWI0cVJMdTdpTWMKLS0tIHBiS3lkaFFtL29kdFJxSm1QMXp6 + TWkrcXNtOGhrSXpldGExam9zZTZUMGMK7Y3aFWrqH25tcEzeiurB30Dyxqcgktm4 + xRAWXIpjduDqqaoCekNfMBj8b0eVQxwz0p+XakCWTZx8BwvCJCvuVA== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ekhYS05mRytiWlFFblU5 - R1F3SE1TRmE5Sm1YOGUwMjRSSVVyUFpCT21NCjQ2YVpLem9iUGlweGUyNVIzUzBV - SndCY0V1TlJUMjRqamxBNW9tNFphdmcKLS0tIDVTMHNUOGlKdk55VjBwdURjbDhI - Mm9ld3g2WXNFZTh2c2JPMHRoV2lCTmsKVqwuv+SIsWf7FU2zFhsEMb+cBL4XGnrt - 91keIcdjO5ld+/UMtaPWFeewNK5ePnQBDot6vEEzhoA4/M8oXWZNEA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPUDQvOWJrTm52UVd6Q1Ro + QzR0ZmFUMnhYcW05VEZjTjMybnluTTZMZDNFCjBldUJ2ditDQ3k3cUVQZ1NVMlRM + QkFiVnE3ZHdXdTJDaFpPbmVWOUFXYkUKLS0tIDlac0oxWnk3bE45ZUh0amVQWGxv + OTNkb0NqUCtxUmxxNHlEVlNzQXQyeG8KskwPMAzQI7AbN0TFuxi/Diis/0DPuwzU + oc93nTjFT3nmQl+JxfAD4oyGbuiKSWUQxXBugU9GPKacCGmNFDrHRQ== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4QXVDZnRhZ1lkSkltbDVw - Qmk1OU4wRU90MVE1bUN6aEwzNnVKWFZwWm5ZClRrUUtFallocGNucndua0gwSjds - WW8zNFFGaWxUZlJJYU04RDQrYW5qY0UKLS0tIHYzR2VtYlBOWko5QUpvbzRMOFBZ - bkRwUHZXWHFDSmxsK0hHK3h5QVRwT3MKZ5MwXigypoY99YI7MOOz7MOOh2fIrlr2 - PEuCzMtzQd8NUEBTd9Crg6XZvf0NXvdEtsv9/lVrHllGxCF1zf43zg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSUo1dE11TXNtaEhqaC9h + YWdnMkhQVTFaR1RRSFk1THgvNGVpZDduUUJnCkZsUEE1QmRvUnQwTVVUb3hZeWpC + TUJ0QS94eVAwRjE4dTVkUUQ1alBYY2cKLS0tIENURHNBR1FPQityZXNXcTI5OHIz + UDdaRTJIS0J3R3hZc2xPaVdOYmlWdmMKOYOtACao0QGmpJMuwhJgqnby8RWx78wE + zZMM031wVsATfOV0VtzhRWaFdSpPrRM1WggPzN8oEflIqvrtbCqAWw== -----END AGE ENCRYPTED FILE----- - recipient: age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cklYN3g0VmgyOW41dXUx - Z3F5YVVZN2tiVnNSMS9HY25pWWl6bXRSd1Y0CjFHdGVEcUdldE1xRUNvZlJoZVVG - aFlNcWc5eS9IeGdVWlpsdDdEQjdaazQKLS0tIGFNdUhvbDFwb1orMUhUQ2haaGJp - RGtaOVNnTkU0VldtSmNpMDdvdXJFV0UKKyzCQAdEzUGoJUQZ8CMMXOFj4+XCLHNF - 74m5Zzq5kWA6oQASNLEDwlldb9LPQ3VO7d73WYLNaeqcDR/VLmYNjA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTExoY3cwVTdLUHVqbitH + YWJlTmJ2ZGNvS2lNR1lmd0orc3NyZmNrWjFFCkhjcFk0N04wemsvM3RnRTA0YUov + KzJkOGJYK1hrZG1XektueEN1UVFKdWcKLS0tICtqOUNlVWJNYVRRMi90S2p3MEo4 + eUdjdmZGbFZzbVhkc0hZbVdSemY5RFUK9eVDd/b8ZZrrjrXa1fdYleYsreFgDTr1 + 5Xrvjsh3/LhOxFvPj7F7K12DXo/pKT2DANuk/i0EGiNXsSujm7zp9Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-01T20:24:09Z" - mac: ENC[AES256_GCM,data:CwxwnZhSMYifqmq2shY0JQrsgBYgRh1toyGUGOVguY5q8PPRFdn0wi2MUM6HJqVIehnYyZ1GkaVE41/SWSO6Ok0BQNIit1GCho3xU2LG8HZ0lI09aQRUU2DU/jXxcjQR2WN6HNQDl6tdxCWz+tTYq5O6TpJmOA5DyhJn3ehtXEA=,iv:FKde5p4Z6k7oazY17KayoyDxCDblg/ppT+L+S1FJWQo=,tag:ZPYHB+LpXUkKKOud/X5qJg==,type:str] + lastmodified: "2025-12-31T14:20:53Z" + mac: ENC[AES256_GCM,data:DAk5ygQbmMTjBVPs0O1cSXM4bQzEWSBMdE4RCbxvwLSWsuZQqYGzlObNC/oXQ8Nbc9S/DHleZPT0gRrHa3WW5kP+0hyCS6BrxXAwi0p6PDx1dyiKGfy+/DyrJ9YBQCw8SUQ9mAEprRJzSInKsUS79lSQU3saaZvRLI9KqIkYTrc=,iv:ggAmWYA5kpOD4Mu8mE6vhnKXbEwXqN2mxSQEOINvF8U=,tag:2oRhEvfltvqX6XqlfzkkWw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/hosts/web-arm/sites/default.nix b/hosts/web-arm/sites/default.nix index 7c10bda..aeaaf29 100644 --- a/hosts/web-arm/sites/default.nix +++ b/hosts/web-arm/sites/default.nix @@ -13,6 +13,8 @@ ./support.cloonar.dev.nix ./stage.cloonar-technologies.at.nix + ./fueltide.io.nix + ./stage.scana11y.com.nix ./scana11y.com.nix diff --git a/hosts/web-arm/sites/fueltide.io.nix b/hosts/web-arm/sites/fueltide.io.nix new file mode 100644 index 0000000..138952b --- /dev/null +++ b/hosts/web-arm/sites/fueltide.io.nix @@ -0,0 +1,75 @@ +{ pkgs, lib, config, ... }: +{ + # SOPS secret for fueltide.io DNS credentials (separate Hetzner API token) + sops.secrets.fueltide-lego-credentials = { }; + + # Override ACME credentials for fueltide.io domains + # These use a separate Hetzner DNS API token from the global default + security.acme.certs."app.fueltide.io" = { + credentialsFile = config.sops.secrets.fueltide-lego-credentials.path; + }; + + security.acme.certs."app.stage.fueltide.io" = { + credentialsFile = config.sops.secrets.fueltide-lego-credentials.path; + }; + + services.webstack.instances."fueltide.cloonar.dev" = { + enablePhp = false; + enableDefaultLocations = false; + + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv" + ]; + + locations."/".extraConfig = '' + index index.html; + try_files $uri $uri/ /index.html; + ''; + + locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = '' + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; + ''; + }; + + services.webstack.instances."app.fueltide.io" = { + enablePhp = false; + enableDefaultLocations = false; + + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv" + ]; + + locations."/".extraConfig = '' + index index.html; + try_files $uri $uri/ /index.html; + ''; + + locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = '' + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; + ''; + }; + + services.webstack.instances."app.stage.fueltide.io" = { + enablePhp = false; + enableDefaultLocations = false; + + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv" + ]; + + locations."/".extraConfig = '' + index index.html; + try_files $uri $uri/ /index.html; + ''; + + locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = '' + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; + ''; + }; +} diff --git a/scripts/migrate-gitea-to-forgejo.env.example b/scripts/migrate-gitea-to-forgejo.env.example new file mode 100644 index 0000000..7695ad0 --- /dev/null +++ b/scripts/migrate-gitea-to-forgejo.env.example @@ -0,0 +1,19 @@ +# Gitea to Forgejo Migration - Environment Configuration +# +# Copy this file to migrate-gitea-to-forgejo.env and adjust values. +# Then run: ./scripts/migrate-gitea-to-forgejo.sh +# +# IMPORTANT: Ensure Gitea is stopped before running migration. + +# Source (Gitea) - READ ONLY, never modified +# This is the original Gitea data directory +SOURCE_DATA=/var/lib/gitea + +# Target (Forgejo) - where data will be copied +# Must be on a filesystem with enough space (1.2x source size) +TARGET_DATA=/var/lib/forgejo + +# User/group for target files +# These should match your Forgejo service user +TARGET_USER=forgejo +TARGET_GROUP=forgejo diff --git a/scripts/migrate-gitea-to-forgejo.sh b/scripts/migrate-gitea-to-forgejo.sh new file mode 100755 index 0000000..aef9354 --- /dev/null +++ b/scripts/migrate-gitea-to-forgejo.sh @@ -0,0 +1,497 @@ +#!/usr/bin/env bash +# +# Gitea 1.25.4 to Forgejo Migration Script +# +# This script copies data from Gitea to Forgejo and rolls back the database +# schema from version 322/323 to 304, allowing Forgejo to run its own migrations. +# +# IMPORTANT: This script NEVER modifies source data. All operations work on copies, +# so the original Gitea instance can be restarted as a rollback. +# +# Usage: +# 1. Copy migrate-gitea-to-forgejo.env.example to migrate-gitea-to-forgejo.env +# 2. Edit the .env file with your paths +# 3. Stop Gitea +# 4. Run: ./scripts/migrate-gitea-to-forgejo.sh +# 5. Update NixOS config and deploy +# +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +ENV_FILE="${SCRIPT_DIR}/migrate-gitea-to-forgejo.env" + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +log_info() { echo -e "${BLUE}[INFO]${NC} $*"; } +log_success() { echo -e "${GREEN}[OK]${NC} $*"; } +log_warn() { echo -e "${YELLOW}[WARN]${NC} $*"; } +log_error() { echo -e "${RED}[ERROR]${NC} $*" >&2; } + +# Load environment file +if [[ ! -f "$ENV_FILE" ]]; then + log_error "Environment file not found: $ENV_FILE" + log_info "Copy migrate-gitea-to-forgejo.env.example to migrate-gitea-to-forgejo.env and configure it." + exit 1 +fi + +# shellcheck source=/dev/null +source "$ENV_FILE" + +# Verify required variables +: "${SOURCE_DATA:?SOURCE_DATA must be set in $ENV_FILE}" +: "${TARGET_DATA:?TARGET_DATA must be set in $ENV_FILE}" +: "${TARGET_USER:?TARGET_USER must be set in $ENV_FILE}" +: "${TARGET_GROUP:?TARGET_GROUP must be set in $ENV_FILE}" + +echo "========================================" +echo "Gitea to Forgejo Migration Script" +echo "========================================" +echo "" +echo "Source: $SOURCE_DATA (read-only)" +echo "Target: $TARGET_DATA" +echo "User: $TARGET_USER:$TARGET_GROUP" +echo "" + +# ============================================ +# PHASE 1: Pre-flight Checks +# ============================================ +log_info "Phase 1: Pre-flight checks..." + +# Check if running as root (needed for chown) +if [[ $EUID -ne 0 ]]; then + log_error "This script must be run as root (for chown operations)" + exit 1 +fi + +# Verify SQLite version >= 3.35 (required for DROP COLUMN) +if ! command -v sqlite3 &> /dev/null; then + log_error "sqlite3 command not found. Please install SQLite." + exit 1 +fi + +sqlite_version=$(sqlite3 --version | cut -d' ' -f1) +sqlite_major=$(echo "$sqlite_version" | cut -d'.' -f1) +sqlite_minor=$(echo "$sqlite_version" | cut -d'.' -f2) +if [[ "$sqlite_major" -lt 3 ]] || { [[ "$sqlite_major" -eq 3 ]] && [[ "$sqlite_minor" -lt 35 ]]; }; then + log_error "SQLite $sqlite_version is too old. Need 3.35+ for DROP COLUMN support." + exit 1 +fi +log_success "SQLite version: $sqlite_version" + +# Verify rsync is available (needed for incremental copying) +if ! command -v rsync &> /dev/null; then + log_error "rsync command not found. Please install rsync." + exit 1 +fi +log_success "rsync available" + +# Verify source exists +if [[ ! -d "$SOURCE_DATA" ]]; then + log_error "Source directory not found: $SOURCE_DATA" + exit 1 +fi +log_success "Source directory exists" + +# Find source database (could be gitea.db or forgejo.db depending on setup) +SOURCE_DB="" +if [[ -f "$SOURCE_DATA/data/gitea.db" ]]; then + SOURCE_DB="$SOURCE_DATA/data/gitea.db" +elif [[ -f "$SOURCE_DATA/gitea.db" ]]; then + SOURCE_DB="$SOURCE_DATA/gitea.db" +else + log_error "Source database not found in $SOURCE_DATA/data/ or $SOURCE_DATA/" + exit 1 +fi +log_success "Source database found: $SOURCE_DB" + +# Verify source app.ini exists +SOURCE_INI="" +if [[ -f "$SOURCE_DATA/custom/conf/app.ini" ]]; then + SOURCE_INI="$SOURCE_DATA/custom/conf/app.ini" +elif [[ -f "$SOURCE_DATA/conf/app.ini" ]]; then + SOURCE_INI="$SOURCE_DATA/conf/app.ini" +else + log_error "Source app.ini not found in $SOURCE_DATA/custom/conf/ or $SOURCE_DATA/conf/" + exit 1 +fi +log_success "Source app.ini found: $SOURCE_INI" + +# Check disk space (need 1.2x source size) +source_size=$(du -sb "$SOURCE_DATA" | cut -f1) +required=$((source_size * 12 / 10)) +target_parent=$(dirname "$TARGET_DATA") +mkdir -p "$target_parent" +available=$(df --output=avail -B1 "$target_parent" | tail -1) +if [[ "$available" -lt "$required" ]]; then + log_error "Not enough disk space. Need $(numfmt --to=iec $required), have $(numfmt --to=iec $available)" + exit 1 +fi +log_success "Disk space OK: need $(numfmt --to=iec $required), have $(numfmt --to=iec $available)" + +# Warn if target exists (rsync will sync incrementally) +if [[ -d "$TARGET_DATA" ]]; then + log_warn "Target directory exists: $TARGET_DATA" + log_info "rsync will perform incremental sync (only copying changed files)" + read -p "Continue with incremental sync? (y/N) " -n 1 -r + echo + if [[ ! $REPLY =~ ^[Yy]$ ]]; then + log_error "Aborted by user" + exit 1 + fi +fi + +# ============================================ +# PHASE 2: Copy All Data +# ============================================ +log_info "Phase 2: Copying data..." + +mkdir -p "$TARGET_DATA/data" +mkdir -p "$TARGET_DATA/custom/conf" + +# Copy database +log_info "Copying database..." +rsync -a --info=progress2 "$SOURCE_DB" "$TARGET_DATA/data/forgejo.db" +log_success "Database copied" + +# Copy all data directories (preserve attributes, sync incrementally) +for dir in repositories avatars attachments packages lfs custom queues indexers; do + if [[ -d "$SOURCE_DATA/$dir" ]]; then + log_info "Syncing $dir..." + mkdir -p "$TARGET_DATA/$dir" + rsync -a --delete --info=progress2 "$SOURCE_DATA/$dir/" "$TARGET_DATA/$dir/" + log_success "Synced $dir" + fi +done + +# Also check data/ subdirectory structure +for dir in repositories avatars attachments packages lfs; do + if [[ -d "$SOURCE_DATA/data/$dir" ]]; then + log_info "Syncing data/$dir..." + mkdir -p "$TARGET_DATA/data/$dir" + rsync -a --delete --info=progress2 "$SOURCE_DATA/data/$dir/" "$TARGET_DATA/data/$dir/" + log_success "Synced data/$dir" + fi +done + +# ============================================ +# PHASE 3: Database Schema Rollback +# ============================================ +log_info "Phase 3: Rolling back database schema..." + +TARGET_DB="$TARGET_DATA/data/forgejo.db" + +# Show current schema version +current_version=$(sqlite3 "$TARGET_DB" "SELECT version FROM version WHERE id=1;") +log_info "Current Gitea schema version: $current_version" +log_info "Target version: 304" + +# Create rollback SQL script +ROLLBACK_SQL=$(mktemp) +cat > "$ROLLBACK_SQL" << 'ROLLBACK_EOF' +-- ================================================================ +-- Gitea 1.25.4 to Forgejo Rollback Script +-- Rolls back migrations 305-322 to allow Forgejo to migrate cleanly +-- ================================================================ + +-- Enable foreign keys check after we're done +PRAGMA foreign_keys = OFF; + +-- ============================================ +-- MIGRATION 305: Drop repo_license table +-- ============================================ +DROP TABLE IF EXISTS repo_license; + +-- ============================================ +-- MIGRATION 308 & 317: Drop action table indices +-- (These are the main conflict source) +-- ============================================ +DROP INDEX IF EXISTS IDX_action_r_u_d; +DROP INDEX IF EXISTS IDX_action_au_r_c_u_d; +DROP INDEX IF EXISTS IDX_action_c_u_d; +DROP INDEX IF EXISTS IDX_action_c_u; +DROP INDEX IF EXISTS IDX_action_au_c_u; +-- Alternative naming conventions +DROP INDEX IF EXISTS UQE_action_r_u_d; +DROP INDEX IF EXISTS UQE_action_au_r_c_u_d; +DROP INDEX IF EXISTS UQE_action_c_u_d; +DROP INDEX IF EXISTS UQE_action_c_u; +DROP INDEX IF EXISTS UQE_action_au_c_u; + +-- ============================================ +-- MIGRATION 309: Drop notification table indices +-- ============================================ +DROP INDEX IF EXISTS IDX_notification_u_s_uu; +DROP INDEX IF EXISTS IDX_notification_user_id; +DROP INDEX IF EXISTS IDX_notification_repo_id; +DROP INDEX IF EXISTS IDX_notification_status; +DROP INDEX IF EXISTS IDX_notification_source; +DROP INDEX IF EXISTS IDX_notification_issue_id; +DROP INDEX IF EXISTS IDX_notification_commit_id; +DROP INDEX IF EXISTS IDX_notification_updated_by; +DROP INDEX IF EXISTS UQE_notification_u_s_uu; + +-- ============================================ +-- MIGRATION 313: Drop issue_pin table +-- (pin_order restoration handled separately) +-- ============================================ +DROP TABLE IF EXISTS issue_pin; + +-- ============================================ +-- MIGRATION 306: Drop protected_branch column +-- ============================================ +ALTER TABLE protected_branch DROP COLUMN IF EXISTS block_admin_merge_override; + +-- ============================================ +-- MIGRATION 310: Drop protected_branch column +-- ============================================ +ALTER TABLE protected_branch DROP COLUMN IF EXISTS priority; + +-- ============================================ +-- MIGRATION 311: Drop issue column +-- ============================================ +ALTER TABLE issue DROP COLUMN IF EXISTS time_estimate; + +-- ============================================ +-- MIGRATION 312: Drop pull_auto_merge column +-- ============================================ +ALTER TABLE pull_auto_merge DROP COLUMN IF EXISTS delete_branch_after_merge; + +-- ============================================ +-- MIGRATION 315: Drop action_runner column +-- ============================================ +ALTER TABLE action_runner DROP COLUMN IF EXISTS ephemeral; + +-- ============================================ +-- MIGRATION 316: Drop description columns +-- ============================================ +ALTER TABLE secret DROP COLUMN IF EXISTS description; +ALTER TABLE action_variable DROP COLUMN IF EXISTS description; + +-- ============================================ +-- MIGRATION 318: Drop repo_unit column +-- ============================================ +ALTER TABLE repo_unit DROP COLUMN IF EXISTS anonymous_access_mode; + +-- ============================================ +-- MIGRATION 319: Drop label column +-- ============================================ +ALTER TABLE label DROP COLUMN IF EXISTS exclusive_order; + +-- ============================================ +-- MIGRATION 320: Drop login_source column +-- ============================================ +ALTER TABLE login_source DROP COLUMN IF EXISTS two_factor_policy; + +-- ============================================ +-- SET VERSION TO 304 +-- ============================================ +UPDATE version SET version = 304 WHERE id = 1; + +PRAGMA foreign_keys = ON; +ROLLBACK_EOF + +log_info "Executing schema rollback..." + +# SQLite doesn't support DROP COLUMN IF EXISTS, so we need to handle errors gracefully +# Execute each ALTER TABLE separately to handle missing columns +sqlite3 "$TARGET_DB" << 'SQL_PART1' +PRAGMA foreign_keys = OFF; + +-- Drop tables +DROP TABLE IF EXISTS repo_license; +DROP TABLE IF EXISTS issue_pin; + +-- Drop indices (these always work, even if index doesn't exist) +DROP INDEX IF EXISTS IDX_action_r_u_d; +DROP INDEX IF EXISTS IDX_action_au_r_c_u_d; +DROP INDEX IF EXISTS IDX_action_c_u_d; +DROP INDEX IF EXISTS IDX_action_c_u; +DROP INDEX IF EXISTS IDX_action_au_c_u; +DROP INDEX IF EXISTS UQE_action_r_u_d; +DROP INDEX IF EXISTS UQE_action_au_r_c_u_d; +DROP INDEX IF EXISTS UQE_action_c_u_d; +DROP INDEX IF EXISTS UQE_action_c_u; +DROP INDEX IF EXISTS UQE_action_au_c_u; +DROP INDEX IF EXISTS IDX_notification_u_s_uu; +DROP INDEX IF EXISTS IDX_notification_user_id; +DROP INDEX IF EXISTS IDX_notification_repo_id; +DROP INDEX IF EXISTS IDX_notification_status; +DROP INDEX IF EXISTS IDX_notification_source; +DROP INDEX IF EXISTS IDX_notification_issue_id; +DROP INDEX IF EXISTS IDX_notification_commit_id; +DROP INDEX IF EXISTS IDX_notification_updated_by; +DROP INDEX IF EXISTS UQE_notification_u_s_uu; +SQL_PART1 + +# Function to drop column if it exists +drop_column_if_exists() { + local table="$1" + local column="$2" + local exists + exists=$(sqlite3 "$TARGET_DB" "SELECT COUNT(*) FROM pragma_table_info('$table') WHERE name='$column';") + if [[ "$exists" -gt 0 ]]; then + log_info "Dropping column $table.$column..." + sqlite3 "$TARGET_DB" "ALTER TABLE $table DROP COLUMN $column;" + log_success "Dropped $table.$column" + else + log_info "Column $table.$column does not exist, skipping" + fi +} + +# Drop columns added in migrations 306-320 +drop_column_if_exists "protected_branch" "block_admin_merge_override" +drop_column_if_exists "protected_branch" "priority" +drop_column_if_exists "issue" "time_estimate" +drop_column_if_exists "pull_auto_merge" "delete_branch_after_merge" +drop_column_if_exists "action_runner" "ephemeral" +drop_column_if_exists "secret" "description" +drop_column_if_exists "action_variable" "description" +drop_column_if_exists "repo_unit" "anonymous_access_mode" +drop_column_if_exists "label" "exclusive_order" +drop_column_if_exists "login_source" "two_factor_policy" + +# Check if pin_order column needs to be added back to issue table (migration 313 removed it) +log_info "Checking if pin_order column needs to be restored to issue table..." +has_pin_order=$(sqlite3 "$TARGET_DB" "SELECT COUNT(*) FROM pragma_table_info('issue') WHERE name='pin_order';") +if [[ "$has_pin_order" -eq 0 ]]; then + log_info "Adding pin_order column back to issue table..." + sqlite3 "$TARGET_DB" "ALTER TABLE issue ADD COLUMN pin_order INTEGER DEFAULT 0;" + log_success "Added pin_order column to issue table" +else + log_info "pin_order column already exists in issue table" +fi + +# Set version to 304 (allows Forgejo to run migration 305 which converts two_factor.secret from TEXT to BLOB) +sqlite3 "$TARGET_DB" "UPDATE version SET version = 304 WHERE id = 1;" +log_success "Database version set to 304" + +rm -f "$ROLLBACK_SQL" + +# ============================================ +# PHASE 4: Clear Regeneratable Data +# ============================================ +log_info "Phase 4: Clearing regeneratable data..." + +# Remove indexers (will be rebuilt on first start) +if [[ -d "$TARGET_DATA/indexers" ]]; then + rm -rf "$TARGET_DATA/indexers" + log_success "Removed indexers (will be rebuilt)" +fi + +# Remove queues (will be recreated) +if [[ -d "$TARGET_DATA/queues" ]]; then + rm -rf "$TARGET_DATA/queues" + log_success "Removed queues (will be recreated)" +fi + +# ============================================ +# PHASE 5: Update Configuration +# ============================================ +log_info "Phase 5: Updating configuration..." + +# Copy app.ini +rsync -a --info=progress2 "$SOURCE_INI" "$TARGET_DATA/custom/conf/app.ini" +log_success "Copied app.ini" + +# Update paths from gitea to forgejo +sed -i 's|/var/lib/gitea|/var/lib/forgejo|g' "$TARGET_DATA/custom/conf/app.ini" +log_success "Updated paths in app.ini" + +# Check if WAL mode is already configured +if ! grep -q "SQLITE_JOURNAL_MODE" "$TARGET_DATA/custom/conf/app.ini"; then + # Add WAL mode after [database] section + sed -i '/^\[database\]/a SQLITE_JOURNAL_MODE = WAL' "$TARGET_DATA/custom/conf/app.ini" + log_success "Enabled SQLite WAL mode" +else + log_info "SQLite journal mode already configured" +fi + +# ============================================ +# PHASE 6: Set Permissions +# ============================================ +log_info "Phase 6: Setting permissions..." + +chown -R "$TARGET_USER:$TARGET_GROUP" "$TARGET_DATA" +chmod 750 "$TARGET_DATA" +chmod 640 "$TARGET_DATA/data/forgejo.db" +log_success "Permissions set for $TARGET_USER:$TARGET_GROUP" + +# ============================================ +# PHASE 7: Verify Database Integrity +# ============================================ +log_info "Phase 7: Verifying database integrity..." + +sqlite3 "$TARGET_DB" << 'VERIFY_SQL' +.headers off +.mode list + +-- Verify version was set correctly +SELECT 'Version: ' || CASE WHEN version = 304 THEN 'PASS (304)' ELSE 'FAIL (version=' || version || ')' END +FROM version WHERE id = 1; + +-- Check critical tables exist +SELECT 'Users: ' || CASE WHEN COUNT(*) > 0 THEN 'PASS (' || COUNT(*) || ' users)' ELSE 'WARN (empty)' END FROM user; +SELECT 'Repositories: ' || CASE WHEN COUNT(*) > 0 THEN 'PASS (' || COUNT(*) || ' repos)' ELSE 'WARN (empty)' END FROM repository; +SELECT 'Secrets: PASS (' || COUNT(*) || ' secrets)' FROM secret; +SELECT 'Runners: PASS (' || COUNT(*) || ' runners)' FROM action_runner; +SELECT 'Variables: PASS (' || COUNT(*) || ' variables)' FROM action_variable; +VERIFY_SQL + +# Verify dropped tables are gone +repo_license_exists=$(sqlite3 "$TARGET_DB" "SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='repo_license';") +issue_pin_exists=$(sqlite3 "$TARGET_DB" "SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='issue_pin';") + +if [[ "$repo_license_exists" -eq 0 ]]; then + log_success "repo_license table: DROPPED" +else + log_warn "repo_license table: STILL EXISTS" +fi + +if [[ "$issue_pin_exists" -eq 0 ]]; then + log_success "issue_pin table: DROPPED" +else + log_warn "issue_pin table: STILL EXISTS" +fi + +# ============================================ +# PHASE 8: Print Next Steps +# ============================================ +echo "" +echo "========================================" +echo -e "${GREEN}Migration complete!${NC}" +echo "========================================" +echo "" +echo "Data copied to: $TARGET_DATA" +echo "Database schema rolled back to version 304" +echo "" +echo "Next steps:" +echo "" +echo "1. Update NixOS configuration:" +echo " - Create hosts/fw/modules/forgejo.nix based on gitea.nix" +echo " - Change services.gitea to services.forgejo" +echo " - Update bind mount paths in container config" +echo " - Update runner configuration for Forgejo" +echo "" +echo "2. Deploy:" +echo " nixos-rebuild switch" +echo "" +echo "3. Monitor first startup:" +echo " journalctl -u container@git -f" +echo "" +echo "4. Verify functionality:" +echo " [ ] Forgejo starts without errors" +echo " [ ] Login via OpenID (auth.cloonar.com)" +echo " [ ] All repositories visible" +echo " [ ] Can push/pull to repositories" +echo " [ ] CI/CD runners connect" +echo " [ ] Workflow with secrets runs" +echo " [ ] Packages registry accessible" +echo "" +echo -e "${YELLOW}ROLLBACK:${NC} If anything fails, original Gitea data is untouched." +echo "Just revert NixOS config and restart Gitea container." +echo "========================================" diff --git a/utils/modules/victoriametrics/default.nix b/utils/modules/victoriametrics/default.nix index a323699..bf04e4f 100644 --- a/utils/modules/victoriametrics/default.nix +++ b/utils/modules/victoriametrics/default.nix @@ -1,6 +1,9 @@ { config, lib, pkgs, ... }: with lib; let + cfg = config.services.victoriametrics; + serviceRegex = concatStringsSep "|" cfg.monitoredServices; + configure_prom = builtins.toFile "prometheus.yml" '' scrape_configs: # System metrics @@ -27,13 +30,20 @@ let regex: 'node_systemd_unit_state' action: keep - source_labels: [name] - regex: '(container@git|microvm@git-runner-|postfix|dovecot|openldap|wireguard-wg_cloonar).*\.service' + regex: '(${serviceRegex}).*\.service' action: keep - ${concatStringsSep "\n" config.services.victoriametrics.extraScrapeConfigs} + ${concatStringsSep "\n" cfg.extraScrapeConfigs} ''; in { options.services.victoriametrics = { + monitoredServices = mkOption { + type = types.listOf types.str; + default = []; + description = "List of systemd service name patterns to monitor (without .service suffix)"; + example = [ "mysql" "nginx" "phpfpm-.*" ]; + }; + extraScrapeConfigs = mkOption { type = types.listOf types.str; default = []; diff --git a/utils/pkgs/claude-code/default.nix b/utils/pkgs/claude-code/default.nix index 9e2a8cf..c51270e 100644 --- a/utils/pkgs/claude-code/default.nix +++ b/utils/pkgs/claude-code/default.nix @@ -1,11 +1,11 @@ { lib, pkgs, runCommand, claude-code }: let - version = "2.0.55"; + version = "2.1.12"; src = pkgs.fetchzip { url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz"; - hash = "sha256-wsjOkNxuBLMYprjaZQyUZHiqWl8UG7cZ1njkyKZpRYg="; + hash = "sha256-JX72YEM2fXY7qKVkuk+UFeef0OhBffljpFBjIECHMXw="; }; # Create a modified source with our package-lock.json @@ -22,7 +22,7 @@ in npmDeps = pkgs.fetchNpmDeps { src = srcWithLock; - hash = "sha256-cFvPoCmh3XpJe/5LPZizfBz6F6xAPYnBNimrK4+VbPw="; + hash = "sha256-iJwtwAYb/+1Une6Tjxek5ccf4ui3tYWy4kNlHES9He4="; }; # Remove the old postPatch since srcWithLock already includes package-lock.json diff --git a/utils/pkgs/claude-code/package-lock.json b/utils/pkgs/claude-code/package-lock.json index 61143c3..92b687f 100644 --- a/utils/pkgs/claude-code/package-lock.json +++ b/utils/pkgs/claude-code/package-lock.json @@ -5,13 +5,13 @@ "packages": { "": { "dependencies": { - "@anthropic-ai/claude-code": "^2.0.55" + "@anthropic-ai/claude-code": "^2.1.12" } }, "node_modules/@anthropic-ai/claude-code": { - "version": "2.0.55", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-2.0.55.tgz", - "integrity": "sha512-IVY6J2KgTP5BiCbLmuP3kAl8jbXfd6yGoXtvc0L0eiZwxJUMa+cubUU0U8qHRnVkNmDAis+O4P00KmeuGzSLWg==", + "version": "2.1.12", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-2.1.12.tgz", + "integrity": "sha512-oJlbUJc6iyuTA6X1z+Wsli4cYWqSHT9Ttc/jBXArrrBQcILPLb5lBOKfbVJJgcH3bNLxsXwnAkZjtmmM5SqtsQ==", "license": "SEE LICENSE IN README.md", "bin": { "claude": "cli.js"