From 4d343623c7ca2c63a0d7a181697fadb3d765ebb6 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 27 Dec 2025 11:48:44 +0100 Subject: [PATCH 01/44] feat: update claude code --- utils/pkgs/claude-code/default.nix | 6 +++--- utils/pkgs/claude-code/package-lock.json | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/utils/pkgs/claude-code/default.nix b/utils/pkgs/claude-code/default.nix index 9e2a8cf..f40ded4 100644 --- a/utils/pkgs/claude-code/default.nix +++ b/utils/pkgs/claude-code/default.nix @@ -1,11 +1,11 @@ { lib, pkgs, runCommand, claude-code }: let - version = "2.0.55"; + version = "2.0.76"; src = pkgs.fetchzip { url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz"; - hash = "sha256-wsjOkNxuBLMYprjaZQyUZHiqWl8UG7cZ1njkyKZpRYg="; + hash = "sha256-46IqiGJZrZM4vVcanZj/vY4uxFH3/4LxNA+Qb6iIHDk="; }; # Create a modified source with our package-lock.json @@ -22,7 +22,7 @@ in npmDeps = pkgs.fetchNpmDeps { src = srcWithLock; - hash = "sha256-cFvPoCmh3XpJe/5LPZizfBz6F6xAPYnBNimrK4+VbPw="; + hash = "sha256-xSNyYImDpsW6AltA7d0ayMsfVaBcnyPIQOg/Ea2cGNk="; }; # Remove the old postPatch since srcWithLock already includes package-lock.json diff --git a/utils/pkgs/claude-code/package-lock.json b/utils/pkgs/claude-code/package-lock.json index 61143c3..125d1b9 100644 --- a/utils/pkgs/claude-code/package-lock.json +++ b/utils/pkgs/claude-code/package-lock.json @@ -5,13 +5,13 @@ "packages": { "": { "dependencies": { - "@anthropic-ai/claude-code": "^2.0.55" + "@anthropic-ai/claude-code": "^2.0.76" } }, "node_modules/@anthropic-ai/claude-code": { - "version": "2.0.55", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-2.0.55.tgz", - "integrity": "sha512-IVY6J2KgTP5BiCbLmuP3kAl8jbXfd6yGoXtvc0L0eiZwxJUMa+cubUU0U8qHRnVkNmDAis+O4P00KmeuGzSLWg==", + "version": "2.0.76", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-2.0.76.tgz", + "integrity": "sha512-BVwPez7Pst729gxHZNb7iUdjrn4UAzO49zC+Bxlyf0fMe3SsutxEhKTT16VMs2qInE9xhEBCxajCCa888mFPBg==", "license": "SEE LICENSE IN README.md", "bin": { "claude": "cli.js" From bbc0cc1d4a4d5a35c266852900243924d68a153c Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 27 Dec 2025 11:49:03 +0100 Subject: [PATCH 02/44] fix: add autoupgrade to nas --- hosts/nas/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index d83e825..18da703 100644 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -12,6 +12,7 @@ in { ./utils/modules/set-nix-channel.nix ./utils/modules/victoriametrics ./utils/modules/promtail + ./utils/modules/autoupgrade.nix ./modules/cyberghost.nix ./modules/pyload.nix From 6e28a799cc78d0c96c44b627bee3b896c60e0cd7 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 27 Dec 2025 11:49:09 +0100 Subject: [PATCH 03/44] fix: change cyberghost for speed --- hosts/nas/modules/cyberghost.nix | 7 +- hosts/nas/secrets.yaml | 151 +++++++++++++++++++++++++------ 2 files changed, 127 insertions(+), 31 deletions(-) diff --git a/hosts/nas/modules/cyberghost.nix b/hosts/nas/modules/cyberghost.nix index e2e7419..b4937f4 100644 --- a/hosts/nas/modules/cyberghost.nix +++ b/hosts/nas/modules/cyberghost.nix @@ -1,7 +1,8 @@ { config, pkgs, ... }: let localNetwork = "10.42.96.0/20"; - vpnServer = "87-1-hu.cg-dialup.net"; + # vpnServer = "87-1-hu.cg-dialup.net"; + vpnServer = "87-1-AT.cg-dialup.net"; in { # SOPS secrets for CyberGhost credentials @@ -37,8 +38,8 @@ in config = '' client dev tun - proto udp - remote 87-1-hu.cg-dialup.net 443 + proto tcp + remote ${vpnServer} 443 resolv-retry infinite nobind persist-key diff --git a/hosts/nas/secrets.yaml b/hosts/nas/secrets.yaml index ad10006..c152bfb 100644 --- a/hosts/nas/secrets.yaml +++ b/hosts/nas/secrets.yaml @@ -1,48 +1,143 @@ -pyload-extraction-passwords: ENC[AES256_GCM,data:zOvPYcnvcg2OwJaCZovYQz87ZN9DdpKX1Re1/v24daw0WGBG3sGeJn1q+LDfjPIMy487CdY=,iv:loWfUcIw30kVXchmXwAts10FNUGxSsTY2UVRKs0RTJ8=,tag:WlTYugSv2ApR496Uc1KPEg==,type:str] -cyberghost-auth: ENC[AES256_GCM,data:v8PlO2qi06p2FZR1iFbHAVPr0k+X/A==,iv:oEzIIZ7KiVJ5EpMT2YMgvMZSJZwtIsnTWwkMXxl/R4w=,tag:+NOMggSKloW0SOYxopHrYA==,type:str] -cyberghost-ca: ENC[AES256_GCM,data:BAYpZ2xQgD05MNn4ZNmIGPByF0ERMLaIIC+iY6MDFC1rbfy50zqDKvzx8fdSYJp0hmUd7M+QnJUDDtq9dJkNcY90A1jiXhWK43gxBSeklcEhj5+l8tzmXuYGe7XtALu7D+Kee2NIUBEY7NHZOYP0Tj9BVFVzmyAKhgu6vs7UEwNt518LeIlH33eDO/809/vXVW2VhX3HoMytit9kkhczDRh/oCnMzmC7SKsKwouCQAcOSLLaNyAHy3jOFi78CPqBPuuv3i6wsAgKByvdQ3QpMGO7xx9MbEZsRZJiDJRRhP5BOy4DX/H6PwsR89E4QqqL0fU9P82p+3FlmVyHED8MJO905T0SC4PPVKAUlbtCbOvoAZOSXTouKhLNLY7WMiwXEEVhrBlu/Ml40yCwUJ7QCiU7DQBEBvOvo8l8pBU1nx1JzbzGopDsOVE9csF6H5g6Dxf24YqAsDeB6cmeDXNuDXJcr+6AeDtMyw8d+SiTLKmPa58eTqM6JEYY2yn/1DNkRyyyc5bFykdRUacWOUuqXKnzT/oSxfrEZHMN2YMRJU4Vo/K5WQ0ymiSv5miFSnZnm60Ha7G+S54swjFaUUmcMh15Rva3LUw4N0uM9QuXiLko1VqJlPtzv+eveCBCM7UiET9d45PAOjbk4FCjmzONSCNdjQhI0B6OwuZ6G0aP9rrGV+vOCijfBBqy6Y/wLKV166OZ4GYXkdBuQJ8VnSjoxA0vbtLOXA/L8PdvVMbRbZ7kYTFbtLQJsO+gCpEJOKB3VxnEVXcnLqyCpwEOtYVf8e9haTOVr09WvYJ1xLx0kjDKlp5g3X3s1CLAJiBnm97bLH8T/j6FCqijSLZwVjZtF6HEM+gn9G6nT78QastOOIfGE9YTWTPEl4t4dQRwK/Sv0OoaLokYN18gXEtAHxGLhHjzjeCeTZz8o1dE2ILA0t/xk56nzPWb8KzJFvjyWfUpyZuWNvEftxWhtV9c4i+Na3uyt8JAAySljpEcefWDYn10lr9RrixDgpU094Z34PMZCoLvViIn8Winxe1WIjQlchUlgTyBKse0A/q0Xr52jyOuMms2GUS2ssDnBIocER3RT6EetJzLvTjFh5EeQbRr6EgdXsvWzrN46n10WfqyN85DzBZneKLPT/XWlYSZPE4aJj2KGPT9Gic8Yoouf5y22exXnQkfRZsCM32THg5ug075Qzkf77aQLPx7gFzGEWrJo/hjRb178yJW/Hhc8IYPPK9HdA6iRZm0LKfrEWi3gUFzkQO76fj9/wbYe57bHuYJW8B1516fyjvWPaz0fqdA//xLIfEgV6QS/iE122TYAqPk4OCraR7RbQ4stVutrI6o+ZJDSkCc4FI8McECtReVe7TN+pEzeVGlOa5s49L0QxEhP4ne5Y0gfJy5vBsD5HKSrLpZxww0P73UTUZdDCjKAnAhCFfYBmk8+VOFybazZS6Rv4zF2fvNPQ11Hacx1V2NGHA1uxrRpr+nUdeCIMPR6dtX67WTv4juIbr0oQBuJMsutzX265JQ+Rt2aC12FFpfN9TCBprFgkgRdgBUJWRcFfRwjD6jjzyQZGQ+nGuibogi7TIn3QPpVMNuwbe8a2Ks9BC5XjVhmym0mhS01DUmITLD1DPyVh3wGodB+4OQ5miJOwJeA11HBq1B44sTjC7vTSom4Dk/AOH91WnJrW1bG7Yw+j/DH/bc5efXlho3cHOQoQSWC7EQdLMzV5TXqY06idTwOQ+wo9l61qPCh9gqJLPlnNUrUqyEfc0zkwWvIt7gu26qykjET2Mt4cyXoFyHORqNywff37e3WSroo+meAVtO+xDPIJ5fI0AOsfwXRKiT+B/nmtE3VGL7duZt7yIbav7WnKn3zU+dEGdeQSt6cYNVGUtaVvsTO7RKermIIkA/8g/q+OVihf7MvCG5WTYBspu51swP9tN0NRcmmoRyI0bs6DEv8qHplpiC5eUUmyZU3wbhrXXLcyCDpNfwjq4vrotM1BG8maR2BLtVuTzpfKO0NMHA99pT0tateSLNC8YARCIjY/9njmHlVti/XHnjWm977syI3SGf06FUcTK52Vrxaoyp3x96VzGhdPLye8dDQ4MD9B8+B5qdzHF+m6rOeDZpbJmDMea6L4W+LiJLNSq6QolmM+aya3sQvQyCcSve2d+i7QLtIPKPmJkPPnwrbjCn6PHzE8KCAa7jmmd4pfUOAayp2NEWn5AS5qSGMZ4etUMde7BdHWWR3i632XCzrllMzOdOsLu9WF8SlcC4Nt6WQxDLXqhkl8pIeBe6rmy+AXc5wgkj/q60qYK96M12EHaB3dDfwYx/Ijx3Q1qqmMRFR8LGrmsryUsQm2sxQZUeE6I3EJqHD1vbQSZdt7TjLUaITOiRka/BNxQ4frThhiyUvm9zWaZKcoF/mdNdinxYxDE243535Yv/cquQFgKwoZ2/mU83CWyd3D9/8gYOJqrw6acNn1zlFXc4JSWnDaSqn1mSGZyw5PMPPKL1Pv2M9acV0t3d1asB5agohfVVpHgGp6/fQ7xbF/q5/07MaN/XRgbJHwo39q25Q1uec7PP/0qT0XlS0fPYEnDr9m9odfisw7Ku1MSJgic+eaNHXtkIRy3K5tLM9AM793Usn5PJeyS3+imOkit59gSAUlZzv2+IyJeZJIpgptPxVvvLzMpZ3+2PLvFNkmwlsJi+Nn7Fk7+BdzggNkIQMyBApWrZARbMhHxrtVLj3k1XoRciiEwNz11xFDwlyeXnxkikkt8pMQQIW/OMZJoenjbHlMdm4FM+gQ27cHbOu2OVFqeGAlgxIQJK66MglG52M4tHhSgvbdEReHY79AWXjGyy3nXpJx2CSB+Rvlvhsfgb21MjyGxChygxh1wTuKtHVz3F/ya60NLWRAHKQskZB5S6VgsZlgslan4v0mJzBemlh8AUp6g/P8skhLzeNh4JV4vshwIq9+mzTjUli1gzhKA8JP4WbNq+45DMwmURiB1sMalmT91uq9REage2Jx+pQ1PjC5DweFe8y6Bd4G4=,iv:mWBG6fP3do+VzwyBlCVXsWiywRNiyMiWNaxlYFTkms0=,tag:94YPWZtVy1viq0KbclF6LA==,type:str] -cyberghost-cert: ENC[AES256_GCM,data:U2QtxwqqPpuTvawmbUmaFjM4muDJptsdAp1GJrxiFsEtQJJYWJWf2zSNL857asH8/yzTkkaHNAHn8fHpN5GgDqXsHn7A9L1gWQ40OVDYoY8C3KevgyPlqQQgmgpk+F/ogWC6ZSBZIk2ayTe8E1qtOI/KpVjzPoteiXB6akD6OBBsysXAEr56MvdU1c9OnqxauHsFZr1BskYM9fqFXm6b7KzMpzA2BPfxtpuGrnTDzMwciRuQXqJM95h2tDs4KoHMGwhgQjyIrti2eZrXb5GK1N54Hi+fmTCRvEDYrYiOE058uROdYV0oCmXJmZ9LFu+ti7zTZzoIq3jqshLh6QAEBxxi1eWqQ8Qq/zkjZDdOOQIacURBK6UGYRzZTqEQB34m/5+NCuyTq+bhFORNXuEDPf+JYWlvnqDGQ6FAnM+Wg4LmSFALnDL7UHPIHWas+VU/EZ2QwVQQ46AZ8tnyWwsp/0VSZepZuPXOyle/tp7jHOT1aTVFAD5AdUIgB5g5CjTo0Aw4tBVAGfnQEcjClZU/ccpTHeS3agDNte+fvpodIC548hm1tHDHJL98ZsxcE6C4zzc5Kq7nIl4Pqc6bDurHtmk+/O9stDqZGTpb4NERTsFBLaQYgWd1bbQEXXx4YFnoSKQZZVNxVqG0mVHwYuYSLZiGIwj/msKsIqZW7RRZfnfNfc9Er5/KC4SJbQLKcwbJY00gGKHCr+WQZ4wtxFoEefyefabyJkFjQonvVcAN1yjJGq9fN9ZaVrQ92vxFQy3rNHuTyvWvTDhZLedu0ukK3jC/Fc1yuzEcvv308gvoJROS5O8Jk/nfVtfPDZeSkIY52sYKpTQP4gAyn4+56RO2HROBnFvmvIFq/4jb4AZR/GUWV6v2u1zvHw/gX84uI7WyqG6TvC5tPuQKQ5se+xg+bbt3xL+8h+ieBB/a26asFk8M5CnweHB1rg4NkcqrSa4vU9wf7Kd20HH8Odrb4Q9xc876s4HhSqPAE22ZAvTDhGUO4R+pAU86YZzKt2TuPXlR1S7l3v1gzyMgMq95G/VzxOVkV2zY63KjGc72U/u6ia4oIida8QMASckchB7+V+Uas8YUJj22VVvxYq38Nm2e/wUDSLFUoPk/k05D1hGvkoejcfbwmnVoBWDC+sifjuImOLwZ0V2EV1S3Qgxf5OnAbjPKe+gfqnmrVvF+67jJUyRpNmxhq1TBnn28X3QMVu3/cW6kxpaYPXT1OgPdTZ0OeKonnXGAh314XSWH9kTrTgIB2f6xBOD95Xquu1UDMTaMZopljjplX6y63xoRIugeOIXS5wxL+jQz7fTH6l6DCHN9yPp+YM+lKqyLx4KerpjDwB43QOaiqFdk3wEj6u0N+UvHWDaKjhHi5K5FQP+VekuHbBgbj/kG1u6HPZNyeiJ11h4LDvV3ZCdZetUOzTcn4g2S+ai5SryOKKXh9+lVb467swTCtCrE+3+7dplE82HYbTaF7A4k0jwOXvWYLS3EW93pIZsYwsanxNRWInQk85GO+9hSkJSD3InTDUaFWs4m6Y8wbZCr6kQ9XMsjCJlGcJ89k5ump8m+IWhDjEWlKv8+8Fves/ktF2TS2Nij+eL/GUaUSLm8EkRj7vKTsKOfFk8uyn9z6dxjDQ04jhJDPLZ/h4UtiQhQntGAjCuTX9psRiNTHr+b3uge3UszH43+F0SUuqMS6+ytGNeQvC5jSE6CAi1I4DP9bQXUIKm0UC6gPuStgUnWnszy/wf785Ryt6X6Wbj+v65iPfb365AifDozhD99NKabiIvzRfqAP7sVLUh1e9dMa2NjagnC092oNrgkoIJuLlpjaxu9KszRRP38b4KwMbz8A99Y/Rom/BUIU6n0jzzvbAEAw6/mdng7E1GTUXMUQF1lrm4ZBuhanX72akG6fx4mFzaTZuN2a+psuwJYtbl9ewBkWYu8pif3K9mBe/eJ2eoxA6jR1wmjfmDXYTINd/HDjZK2n90j0ZgdxySa1bgqoBWf2VftxWhm+jkVQDXJixZTj4FKfGBmvl2lvkQBMyo1l/tifqAkpzQa6BJFfPBy167B1OuhhEFpQlXgW+e7Hs70htjp3izTRg8/0msDfMTcB/f3kBODpRxnUbZdfNu3adYjzo2DMdBLfJ+DSR08aMVueSXij9sNShXqEWEkX+XKL0lQYKeErqQlwpoy13CjjxpDzmI2M0OaQ9Ow9aIs4H60CTPM2vg9KsyJR+RrgpP2kFFaDnd6+pY4rdE8/yUcTs94tQ6QEouF3/Pvvz0t66+unQT23i1zMEUENiJXUaznhtLRpfj+NJyCh/2CAHRTu95oBg89wqxDfG3B23SuiWwzXqAFnj/GMgXo0O27H2GplYW8rgXnzYwMeEDlbK4V+BtzOUN2sEOZOq1Gu4GY5Dw60V5vL2P0RUsUOyDEeSnAFoEioLU2quswjZMl1/3NCXF5dYV1jUTn3WDEZhE1VF7LRNT/dCG+8+QUf9KiFrkTG+DfY6X3qOSIWXtGWtDMk1Cmj321+NyWdtV78eEg0E3BYDz8B0DndRm/oxBA6UOU+wAcdVRS+zKKOQykdS89NhofqFyAAA8nQY2TwdwrETQOYIjjJAEnIB9C77IkwDvMwK0RO0X5r4RlNlFPaFgFF5yu8NdYTUKmr/kcR0aM5x9rPllRFaYWGCN2EHYTrqin3dflgBooFkNbTEo8J3Mo8agTFfonR3o4YBaCxbxTS0AMo7QoKj6Jm8t4fFl48YKFgtAJX/x2QRm5sTQ6KKsz/rz6beLia7iP8ookdoNkkTkDAmNZJTZMOTeLmGGh4AvGbZz0H8GjGBnhRajl37eed81m5lEVRJUowv9lK2cp/e5rWKheUOpFSULIvj5xnmhTcS+77jLXoUcdMZLwJlceeDaF+HanqaKKgvrKFa6g6xpe4WyuK1+0gE7x9HAmdn+aoUqCDChzCBXgBo9jkuBYviYJTGfLgDx7ZCptdl5xEX4wLbGChjaVCeXsOEqRdewnV3TnQRBAnd/IMlSSgrtWljSQCp667wuSvl40SHQ5zgb0hjcsep5av5u+Cx+L4J8VeKQjSmk383c/2drqC9V+SZaR3rK4p8Hb0qFnDreS4KOT3VQqtshJOrwUfa1EYPqeLXqZ6Ar9YcUpZTFAgcWf3oDLXQ==,iv:kavsBNAUcK7vHOJnj9nyX4D9dHzgP3aBwCLQb9umBJo=,tag:aeTpc2vpO72R45cjBR+cFw==,type:str] -cyberghost-key: ENC[AES256_GCM,data:135n9JkLyNluYlINp4j8/R1gMn8dGX9YPpdpvq8y/KYT7x1Yr/MzD9ogfXFDWTcrfkcRIu+sSeSLFLSifgRQ0oje33VNLUGIBXAN68sLvA1UybBrZzKdOywVHiCl0DDjQ20Mjk0fA9rTAV6+zm3KfutNtjjpBojNmrujosZC8YBbb3O189aiy7Ppq4DF8Q3gF5iaOiDDtgdjH9ASW7yAz5ufcTy9vX9qtbEItShE6spvjbQJ47wUyhDQ2M9eSK85EGSX7VjoMSGgxtKs+XVORXHSoSErtlhXSt8wNJoY7Nl6uB5iz7BdlfVKqsx4ab4aVnenZ1v1boTsUNQ3+ABXNFlgG2FEpGiu3Vnx0yqfc224ogxIOa3hf+IaMdysI1xCkdCOv1Ix7kf6osJ2kspU/DsZNobDZvRsGJQjjHDD45WIVxnI7efnJORVOcWlU67/XmpH16KhN1RKCG6vgXSPwvcjq4SDFhgUNktqD7DaZlRdkEvat/7nMjRT/ReysyBLzsu0HXesewjYw1WskOtdza+nctv47GtBwWwk+PrbmylDe31Iv8k1w0FcyxkhpOTANneeLW1u1EGOo7+sTK2Oei83xmIFHK1ODsP6WflRaELoLE09PrXERk/ohfDzTb515oKAJKd4Wso6vXFYK87CZCnIou+/bAUlk6tl0fXPNTPDUH82KuoEnUEgkyjvthBOq+st7vUbJG4eVoELG95vh9iCjJg5U4ldCd37s3YSH3osJRtNziW5/ZityMRCuePZs35fWGGviRZnhqOM4obz1hz3a5no9UXBWfgOO08nYbpQsVEAPg2qKo7ljRnBhtiQJcxP6/+Kcr0ZXEfVjfmENxhRWUO9IscUJ+ZCk09J4JnvAcgALy6qmIAjgBAvVAIEeJ89KM/972XuFPj7ebTfBmCInYq41hahs8AaPanQAywQTx5Av4ir0G5KpaDt5k8eda5BKANuTPAjZRDxGq+dCXczLjVIk0TTfwHnHlFt7twyxKnQlUCOI+v3dnVVbzjNWdVhp5Gdw7Jij/woEep/zLLHLONmD9qznEczr6sIl/wECJXNcLAMrsNqo70rZ529e0S0+ym3x2TI30jwMhhk/7br+1voku8CBdAEZign+3+GxPGCxQHQOWnHkPslQgm0Uyxu736e8/OKJWNDlC3U/UygPtv6fEnrbb/1BjV9NG1+SErR84Aau44YbCMnBofI7LhJsDXle/XD6FCHlURWPtJi2Tl5tm00sVQhap0LnYb6JunDECbJDwOprOfjqc+fmd2Ja9nj7s5c7ywrHeV4SXbml+FQMCXwh5PAQ/QGM21OShUh9wDkrt37K23d2zginG7ua2c5tPhu2ZOQS7XBBzGDPLUQUb0acPQhd6mFl5DLCt3P6p/o7uiQB48b4OfQRlgSlxoaTCrD3M58zNQYoJ+aa+dY9OxQBL49/bIhf8i9j2uA4mtwzLHE3cBN9A0s+t4VoXeeNz/telVebNlCNpWVM8oFpMAsK8qRtRxGMpsgH1usp9yzL3tzpSkFChXMjL/uKDK8N6VJauBPpnKNcWVPATMI77/apAYV9bttMj+LmR2tzjsetYELqES5MVcxOKENvRtSdX7Xdm71uQH1pIoG0bPVMF/BpysTGoOSBNjG0Sm47B5XzUSsEFavgHFo26a4vi2tRV5RcjEQOC4NxC3uMNc7IkFg0s94EIy5uDEn9r6AXpONG+/kGV0LCPgh4W5a3PTHeHd9Zczq6ZwoAANSVsCH9VHlUUH4Gaz1/HVotsJJWarM/8zVbVTUpSesW3L2DRh8948LP51scIgi05jBLOJq4pmXK3bQNjjFtVU2sVYMUicSGi19hpCsimqm467RKh0ynfATknyruudD9/98Ug8EnXy9scPWNaVeNHPkKidD0vFmoh2I9JpfTrH4Q4z/UCAPyBLG8IWLZnWHysu3w1TW+ro/pkYqCC9HkVXxDbPsfHhKwZsonV6cuZ7JEfjzKWwOZqs5CbtEamOegVtFOUgW4FMwyUYgIQdkKdtidnIINQk0JhfGtnK1MR/oxAB6jsuA4i3XL+cdnCqdncH9HqfEkSA3NhczmEQbY0Nm814gaItORFlXXUgp2TzccOETJETBegCVIwNp1mQ70FKgLu2xAxNrOQwloizJh5aiLLJJ2E8/OFjDUpLLxGDwJfrhzV/kY8b+e6U2BFY4qM8DIXjy4Ris7NBkwgwrgN9Xp3FtP2IGxP4jWvRP6JdW0vP9OnN+nxoE928eQj0Pmh2ZTPwC2ZOJPcKVr8YWXn0BW7SeAcS/vCl3J8KjDLXofFchg94K41J3l17STVlvPTXzLVcED9zzcNIZalDj5KYI7vDC3L9C3gdqtOzT4vO1BEf5GaCSz3xDVYAmS4LoRmXprsNZ4VqEYSQQsuLwFBRwyP1JyNVKa4XGSJDqhhEUYkNB1hQ5llDdLANXz1vsD1DYP57snJxJjgFRIw8paTZdSqA1kOeY8iMtetA62+jKvazyoFmYm6r+TCcVY67qujHODr5eNf9yjqvcV0FX6CcxIcnKsU08k2CWl3E3AqqK8C9Pkw3amVXsHXCgo00ubrZXcNpVxYruuDbrHSr6irLBcXMik9QZuiYj8afaD2sxGjRFsWwMGS0X2f/DJLR8qXLaqh0wrZvf4P75UtBp2mBZJoZGu3Y5AThJyLW2lsdGU5Ij0YLsbEQN17W0oGMgR17+5blOiiWLG7WvRW858odxCPmUcamsQxWdIAIVxfbqpyaxnIX5/Cqnm2ZvU54ULq2SgIPh30yJ/xm1TfDGmHrcawx+wMULcx4GL63OQ5SIp6/UEY4WNtCAHyHB1Ft9qgmuH+S83PkqFR+7cZ7eAxBNhdMwYPPfB4N8F7zB21/f6oMbb8H13fpxtpCRfItf9NLqvEULy1stacaI93ClrpAzS2T7er8Vgr1WS8O3kWRdQH1Bhxxil/xfTTXqXuXYm3BdGr2qOK6AkX+16aaQcTmaGt+LSAFHsezKUKrfBK6xAElR6+7qIeyfJQeZyi08G6kuTj54HpEHJXgOV7Rm2i2Z2cXaBPPLwFrASeCKqGTYXOzP2uI0LC+rl0zyzD7rbwtoqssc9HldMaUDHNrs8ijZ8QrTgwYj4b/QOQU3s549pP16PeGy1GR7catxWJiAACv7VyEq99mMzVMvf2r6QJCIO01DwCRdZswqhRZO1h6Q8S2W3HGdy0rzAWnPoCAQzPKHtKqX9TvgF3NcSL3hfUfDX/vLeLQE35G+xI6IrMT00KYUt5tyK6NKIJ/F29zgF9hZRxWirIf4tsIVxDWRLFAsrB5Kk1Rf4cWCygQ7vJHZBTP7tcWZim1AqXXIJsgdyJcBZ+5FKclIokG45e9La3kbviuevsIuDXsGXvUSuUN5QO9liSe2ZAHcQdEgg9XqMiiJ9xnIi9I+RyE5r7sFSSBGGdsv+OhXDuG7XbOGALfsaGxs3CGAC3JTgDBXxW1xCcSkcFT0pGa1a/FDSH/BVklOt70g4hbp4m36oPa2JCq1dcLqcFqLP1A5aXow7nlRCag64ssG7qAtnTA7/Q7WUj3XXmYFMtNWdIfO0PkcDWcx0BOrmaCbSgp0O6wX8PT9II4tZ/E0KokVqvFEwRCG+IfQzzPW8Il8+52RNFePjPFXnFss+mu/nzDhb+tRi6nviArXMmmSK9fj81JqbnIAS+3qZvow18fbU1uNc2smmmT2tAHyLqefokafqehwIaTXuAI+aeJs/gwG5JlIqcAcrU5lFhYfy2pyUld1nRd3N5ejDInNgdqbpdMTIehgU2MDQBsa87ian8ZDUsoiBu5zKzHn3opoG+tHQYyzifZEF0nSTXfchAJwiTMusy4JeEgIsquQOB6MJJgaPueHiwwuOCfOAuSL8tC+EJI7GyhfXesSO+sfpVfBPnZDeWty14rQarT/3gxB75IaXnkubJuOOXZ2oeq81iqNXl9G8nLenhXFg9GQjl695YsF6DgqMsYwsB9I0Z5wM2RLP28d245tJ8Fw4pMxPf4jfUgFcpuqGKXJZyS5/X1eUiVhz3JU5aUahZvolmPPASGMZL2HJdyyb7/4KdBZVESSE2dM9rXcJITgB7UbNccF8EamFUr053hBCYiwN/W80H+4pKhIRUjwTPgXs0S0spakIngHGcCnvr5tpV7gru51ghyJnnD68JzUxvjZoihJUIzqkyYqRC/YVpV6Q9WMIbWefIcDIadqU+deOX05p5pVNkJEHeRQMIywrkW8mjdpHP0yDQdN2rPNQrmCQZwPKFt0ye1HaRVte9BGfCjsIdKWS+KoF++dXYVzGDjJr0/hjQWQYSZmPloX9Q5M+fUPKFzW0LWcKVfeUdsXXOcCqfRRX24=,iv:DmcNUOhsi9doTYta+s65BFpuIgiK7QAjAorfVq/VGLA=,tag:c/mZS7ZnasX5XX4HIx80AA==,type:str] -filebot-license: ENC[AES256_GCM,data:Ib+NXsb0dJfBqm5GYvXxGMOQk3zL28oeS3VXsk4pFIGV5XsakqZRZb307X1oJnafMVXva/eQppraI8CqjwBDzy3AZSnwpFgj96/zvPWZi12IWemnqhFUDFZGaMG4Scg6Ugcq8hwJqU39Mf5JehSbJ/PoULg/Ovekj8R0nG7WlmQsqxpZWXWeAdfYZHw1/4MQTX/IGZG82SdsdFc4J9jTedks0yvW5MLkS3azZSFDqY2WXAMVa5J9jXEcie58k6p0QqAUpWGltoXz1tdN/mTnVV7PA35wReS/Ejm11KS5AsjkTIZRLeJ14BL0vALUh3z6JSdr8kPG1S31MMYxarzGBqjI78LfFmFynGonAlqj/jPoxA7AXOew5xRfoEqnxf8lSUf2F2n7PF+B1SgY/hwFvwUeoaA4ep8uFugT7pCvg3N+FmfsV4TAP6tfU75WjwZ07UKQ0t63C/aDI1lZZjfKDzXDFqliD6omhFPUVxhGIo9gBkvOZj6ujdn7ErWohxAc7JSVsDJ8nBKqVGXMMgecWHyqU5LB9+3CKkE32vMy6fbGVlHhgRI4EofVCiuCn2Opg8txCz7Rh8eU297xotIjfCzhPjaY0CmD0dm/8SVLT9Tt3qQMDzlzolcWg+9o3e4bbjSOzliR+4c4fCGBPxZvBPd4kZ87eo22m6WqtS18tMTD1tq+8nVjpHFyrsyyMZtfv9/QXug0SFhJpUz6izCcl+iiNiQIb+DBi4Oifhr88Ji+Y4iQrj7mPUGzNr/T1x/uSBabv83HPsZUa5+OBrlbvp/Ya2ktIagiyv+JrHmcFMkVGYvFK4idLsREcvteduP7XeWaOXuJZJ5GOPZPDM+8DSxv3eOULH1B25J1/838vaVKZM3ukQkiybYTJWVV2co=,iv:G6bhfqx0go6vbJ2zwXkSbHLt5WdDRwu2o4BsCXw5Rlw=,tag:msCGdlefM3M8lbQWJPcOgA==,type:str] +pyload-extraction-passwords: ENC[AES256_GCM,data:YAIw1GI1vQ8netbOiYx9h/2rrXXgj4Cqq+5/JdINbXx4boo8OyXKPQ0BmtNwwHBR1K+nngxY5aUPh/Ao0P61YSrt,iv:LtfoocZebY6ZtVCjw2jclG2vlwH0pAI9WwiTQJdrqqk=,tag:4ZfjJNUp4jywtEtu52s9dw==,type:str] +#ENC[AES256_GCM,data:AiUvhDGbKiNVf10clEehkHg1iQ==,iv:cHDIZAkbjX5z5dUlyMa+yZfXQrFSROM1MqCeTXkXXTU=,tag:Gzxrmp10mPNLCOvTBCREKA==,type:comment] +#ENC[AES256_GCM,data:A8jpbbNQ3gkulMC1LJu/,iv:Mx7udL0LnsL3X1+u5qiFU04S9FhlcS53L9bnBj7Qxtc=,tag:CRFfUGHZTC0R42GU7RDN1w==,type:comment] +#ENC[AES256_GCM,data:g/i0RZzvmXDSs3kKSXSe,iv:77lW0RzLQXTXFcAr5wYLp7VmZQ8HQ7YQpYMMr3Wgxq4=,tag:3FQwFZW+oxjdP3e3oqR3cg==,type:comment] +cyberghost-auth: ENC[AES256_GCM,data:XfzciqTCL62vyaSYPv/iGohjhjWZ1Q==,iv:/uurkgFWmaGyceXBW9Qa9vPN4uHQ8jVqk1xVBMkOWmA=,tag:rfh55YNFni3ppNzKX5g4Zw==,type:str] +cyberghost-ca: ENC[AES256_GCM,data:hWsS8ceIBPG7yLbJdkbVMTcfTUghPWEJgJPzWyyloU8vdoJTTS1WDl+/f+G3KBWGztc7qX1j5bXfP+kw5w55sjjzJ/QnZayHf7HTAxD10PCCMGr35oQ7mIabk6jimaYUt/DJb9HfIPwG/AYQ4rF0pSgK+aMr43XL0urqPrwq0X9XB5dzLtPzx621DZvs55/41i0ETq/kaxvm5x9+gY+bJ5zsIkpwmaxMJaRReyAP9nNPacJ0ZaV2qw+W1rVkkCCv/A229fDXmlr4W8RkdNiXWpLvb/w02cTdC9105Xaydoh2Al7hz7ZKxPoWNiBp08HGhBHIvJcekZb8QhpNBIsi5hl7TaJKF+4j9Pg2IBwNdxAAMjm4LYzrwRzYUGr/Q787d8LHrwDifuFdXIg6rWOHK80KEMqIAXbBwTFe37i+bIY276uBfvnkvXu7548sg1EIvBCn5CwtQ3IWk+H6o5c5xXIBGW7tvWO67UqVnJVhPdqourMwDlieocuWxrkbTjFddhXVbAHDnwscjySzoY0VoewIdJjQ3h1s2UW8LBNaIjL+oDh/X+ZyfYzQiKZAuepuWvSuJQdh6WDjBHR4Yx5fH65DcV8Zm7C+WzlRsJDrBNu+bDrPt2wwvqFpwjMAFMdHv1Cr7ImkoTOFL1hJh3anm+iPlcLKDAzJ/CofnhIXkm6H4MNiOEbeWpHklUyD+aH8J4ek8g6L3dZUaHa5UpC0q5Tacxi+SxY157+5R+7julvoO0KxG2orxn58EvWUgBOU9p5oR8eGnVzh2/UiYA9mW9Lqa7/xsEyNtqLltKOB+jC9N2Z6S3KgfGRjTXOsajJHgtGC2XVEf9V/zJiUw5T8Yh4jFWXQufYvhiUduH3UEk3iPeRkxOZmMH80v0ey6hBAy8V7cXLeFEcRB+oQSszyTRW6Dme8npYiOqZJwrRmNq5KTHsT8C2QSFLd10x8Lj475Apt930gbcTNL2oMdoXca5WEMTSUZFpszzFhEW8cJs8QaujrDSlJF7bcZ9VGCtSe0/u5AeGscGG00/xBGyJ0IobbBnLtxvp4pWfx8KotQ6VabWPCYwG6T04VkNA9Au9KeW7TJPJC8R9s3uOYP1cCuwjqBOmsRq7JsR3W9iz8IkoDjN+4/PDAuPfYG+0cVAvJRd/aFZ48UX1TZEdbT3q+co8GH1vEdmzjlUODsn4K8HyZpmeSuCFi5Mp88YPzrZ3eKaXizWRNcPOztmUPhVSbazi8JHUoDz0kuMvyb137Tt1U95de2Sv9jI7f92k9D3f6ynXPG5r9/DoeLYM48nK1aTq22tZG1XgMNARhKqH+oDN371yNWOVziMAz5A5eyFbL3SOn50WUPF3d0s5e6fokhzMT541LjbHQ+ZSoBFJy2bMGdwKZEvz6sWGEDcW/lFUibUqPtiwnlQPWBCyRFrtDUfxx8AGrVlsjNofkUaL09eMtZOF7f+tbMQ9vXF3Amis1TEb3+CpWXRUVrEwMfAIx8lZPVTXQvjPd//XCO1LBUvXrTBcwqS5hX2okgIo9hv/otrcNce2JrYwv4JVOoGWAdvbCebaH8JEosS+Q0S4iYk1EFl5je3mOXWc6s+T51Trui0Bt4RKRb0eSdNScRIAvNy47CY9Z+H99jHEj6QtIGZtfAxGQKNS5xvCGqehMDa/Ld0jYYRxsSk+R50Eq2jOnNhs6NZ5W9AVRDTWsmq74e4GdJIIrRWmIdO4RW2VGFdkKMbsghiYL+2Gben+3RdkkGGMTxVQHc3FdKcYM4VgFpXfMyafUCyeL0mgXP66gMwuP6jwFVNVtrCEX4l0RuaqFSplLikEykkX8aACbiGxzcxEIg9L+7s+6mbNdb+nMbDorLB1WJfJmWSI9zc9oIuHuit+a6N6Gw2QQzgMXKmMxNlzjZ2ZGvzOebo0ixOhe1/sdQpvyMMnkKZWoEZ9WUA4WdTSx//wswbBxKdjbP9uoqQFlVqXPq13qb33pC7PzmYOiDF17+kjHwV4dl5lvLOvYI+uYv6eEKhur8WLTeFFEjfwJHKTVvlhBCx6GDmlnWvGQh/tlNN+CChDZHUcAXk/EkLQQbfAk1RzrMNWEi/2D531Xw9O03TWIDqI2WTuDftiC/mm7xPihnh5Yc6GngQeNyqKavL8JPKVHkenhgAA89ykPtlIAW5A4hqAfZTItvSCK6ij+l2sj3fpp+FIvSa6leXw+GdGptfz3+ktN8UxM+r2F+/JKVSIuLlad8Oh6z38tW9AaWalv5GSJmr2GoVHntyIjCgxOIwCROISkvcS7yW/sjV23Xfl35GieysqoXfjvqDqNT9IlY+aNCeJeb7fEn6PVOvqtX7XMectDeqn+p9dwA+YW0iMWipD706C2iFoBEiW9xfzyQ5uxV81/ouBfWKw0i9FQUVrzoGGUbIMzqh+dU7xiQoeaZ9J02Fwgf9rFjCfU3vhrArv/Y/uBU54rN0hiGAwPnB6QqgtiVMH6R17A7z6q92tMVs4OMGNgy+Vr1/UsnQB+RqBmBz3i1AN6RJWAChViR1usqQVmKo1d2F8O6y5rkrydJvcJZ8lxapedrRdPfFcevCcJpGXGd9vceuWG6fovNSKgIqijTeVfSQAJY8CoqJOKjOCEfSVfR/qGk+Xf++c4GpSFiJO0HqiUN0HtzDde42B0JAUzudUwFhvgWWwgN+Naxdc8T8+YIbe3e8gMgwUN3y84Iamc6AXAPzCiJohFtcWdNse3lB2j7obauMvo7CFUrlHdGRzuI484Jwr/8NI4IqV5ElX/760ybLHn+w7iKXFQtv11KKz3OAvp0kloy5DdIj10Z2ZRBL1kqTCxyXyUqUpHrhLd8J9kE+6z8JOa45pTcpreldb4sGbr1nHyQfmi2SjffC3ZMh21Jf9zOWf7S1/w5JWYQkXHBqVsSBKLiewtRAymU5wqFbYEkAuKu5BqVMQbxxgd8iBjIqBCOFnCFSZyGYvskNffQ/kSlPEiJzXv2nYuVg0hYhBzAs+S+hWOFBpXKxzzCB/tTFgppP5/ZvI=,iv:LetwDzkXB6huYJLZtekvwCXBoPOr2BmZZ15Nt5yqKRw=,tag:Qtos9VfWsdc38qZSQr/1/w==,type:str] +cyberghost-cert: ENC[AES256_GCM,data:lgLBEwD4adeGYpzrZF2oGmovMAwBNNYnLl26+YLl6EbtpIblfnTTKtY8cbzty4XmC/x9CHSMqcStNxxKmJN881aTxUhZVwLndeZBRZFy6d8CZK6o/juEomDrbsIYK6DQvZqrCpQK2gYnVRDiSYULVXAwOuccCx3lXmgqqcSVfHRjoW8A5OLUAf2lycdr4E3MksVogk0w8jN9WLCZyiZrBprw8dtiXfJu+GBPAulxL9sxFtNTJCf8sMLkB7MeIQNZpya2RfkJmtFtCy6vGUiGAo97cK41lm+aieUeX7aItj1emNc9206XMhXYa1ERXIU/XLTt1tMIZAeX9b80aJvcXxJV7LyxfNi5j06BwWu+MfIsk8V8zYl0hudX1TZ1thuR72ts6ZnHjlYHudFV/K6my+I5LNqP8swaUd5NXhb5rnL7dOecwKElXxJ7I6X9kZom2xqTU4p3caxpAyqmKrGTfeEUjR7823XWfuC/EP0aH5APU0u+TJgEKIgGN35Fsx6cpdqqWC1NIPRvAxRDrdFBHFP+C1cxQkgfF4rWqSnib5b2uA8DFSU4Sz+bfNKCpP4mi6c3K1u8yNelVHHmisYDemRB+iyUcKW1Ax6hwyi0m0BlfKl2fydaBcgnswX2kivIlm0XVGt59RqyG1vnyy0XRvAPR4p/40L4ZoBWc6DBhh08Yb54snS+shQH5/7NDpZ6YRna6d0yOGDO5rACxkg0teecKOo+5ZUflTAj3vxDwBYxNCwhTf2sS0zEFiT1VinusHDDb34sXcWO3ed9tCM6PAxbqW6Rl10A54g0dD3XXrARV1++NjrFa2WoodVujbHwGtkZYitAAqCIWdS5C7i2VFO+RborZTwfy0UCU7aIU7SLiggeEERSOfP5XKzMD1KUSt3srPsVKbQAtb0tO0PIWFl/1pGYmlkE5hwdVM4CsFsaC1zrgBMAQkV3XvV36RmPl0tp/qGuqB4Xvl96lBKJcnJBeMPnvV2/UWoG2BsJVLVvAD5K3jGE2Qk6FRKpy3yXCCuy/Uqj6JIMK85fjusm6K8qWFul/2CBCIViR0nk4N9UiYUeiJ0U6o4NwE6MzTqsaL1MrjiYjTE3FdOIPxN1lAMjf8mD92PuK4/n613KBe+gAmK5n+H2Oc6MCQ12o1EFXH/9I29zd9tKzq7/IZkcjTPIU3Tu/aJ0Alof+JJCpEmfco8DKYvqhPi9fxO8W9rJosQ7NT2opiilNqI9MtlU+XiYNRzs8PeYz5JN0cAdof5BB+Syx7vKHrdMsNumw8hj5qOgMoYkwsbv5Z9lPlB/Ehm6IVSzhqTjsInWFLd3OFb6zI8sqhSjOxTgI/LO8NwvxfMzSVa+nSKcr8AncX3H4qppfYHrp94OkRkZZY/sgmmAVkRyZgTizek8uCAeEnQIOwV6W52FArZOBNytHBwHcL3l4Q6czSKzz/LJ8KHkirTECO4ambKwMqOg3lkW+/DGjKyI3s1xWzCg3wIyNx7Tk6/Tf+PR2eajdIFt8pazdrxBamKmQ0iyQ1LrSkI3OB31C/ly+oeHZW96+8+5GETxaIDcONFbKgvX1SPp+Fmns5WtdKGO3JoSRiqPqL2CGnwrwA8kHTM6v49mMgBGraw8pzIZYekfYmV2eLh43TJrieIw6UKXiE1Lm/eCEjAq/wvbTE9j5sL+aNMkta8QDvNdgvpKV6bCOFhXf03En1CWgFn9Sg6ZpkbbKvRGrDPbnV61oOWB0DFVzoe+cJ6xS6y/UrPjqHHgsqHOTBFJ9vRfpMpUfyDC8NkvGuiA4RNrCj5qPutv6GqEH2Lykh8uFMY4zWDjzh80TB4Pq19YRljviS6ONLGk4YmDGcK8C4Z+gM0oFGFigHS+Yx2GXi5o3VqwgorNxG+DxF9viVjm3mO2dqoTFYwawKWmMJw8RMxznJtneMQouFYl9bY97cI5qfZTQKI7qEGm8+9oQnC4QqboV3Y1h0zKeXZMj5b1cPfImhtSACvl2UukBtp3RLK7nYVpLZDkMxniWFsH7cTVmbkfMXnGlfjQzNCb6MYW0KoXVRmNrqG4VRmAC3KOxYmR09FNhyodsMP0XFA4hqs3FpOEf3F01VvTvFFV20HcbM0CaVTm0uweSTwHcTvWU+4OL+1qcffrUd2QIDD/VyUGaDRFZzN5bT/ZF9U35eXZD7e65/cNJblQJm0Pv2eN0ZxJ5yujMfValEuSFu+rX5S3PiVOqW73pxsekSIBFlc3y6TOsepik+7/dIaTZzyuOHz/ljDAO6pXpCBSPvH5ErH8DeG2sx0uVRUzryU4o4oKeXscVRv+W8+ztTOFWjlLb6GvG9ZKWo0DtFjtEPOJHGBLiILy1FT+/1dr8vBRlgwi0vAjiyj/wyWAdh2oBM49s73utPWhkty6/WyBQCzF4Uj/JxMjgzGroWgnG9oi0IcJDzumuNc/uN6H1llMdttVSbnOmdWnpdQuoX32QfPEfUNnCMuwoCbA6bUVrBRyAa7XgFT9TKx+1q8Ll9leMefOCUfEu3q04k66XnstCnDbwvCe0S+bYC2ZL+FgDP2STZ1BGHSBlAXYv+8oaTOP3E1J+SW63kjo6AkZ23tozv+5doS10BFqwhEiMB85cWPnC0eJximekIQ/Dfz6SeLfhdD/FtfdQAe6nv7M1HAxc05HK+G0Z0xD+eyEME9WGbrtMuVGu6WYoPrta6n8XA5e0o0KV/sbxO44y9qyXNSh1SWd4nlVyEyKw0g6rZmxhOjH9p1saW4IKnFWVyR98c+nqTB2MRsrd6xs1uAGp+mTUoQKnDjXl7BWfKeoaFExPqoVlNCrk9SU3Lo/Q+E7EX6dH4+L1ovsUQlkubR6KtLmgK38zjv8E1KOYFKY3Un3fdup3cEilgkQpLX8N5u/LAw4wGfW/Q5qMtEQT/DZi8V7N0FS4wdLe8YPp4H6y0zDh+NUtbTPqrSPc/9YskJ8LXmorZwoiMwCa4lks6gXDCR5fzmCRm37pVmxZ9GlXWyDb8U7ZnLbdz0ZVQJKbfYwSLOqB6NdzdV+BiEHnAuZP+2zrCvYBcpU7M0ST/TY2PEEWPfBnrhxue7Ag/NqYk6d3w+6Q+mlDHeDEtUKkHs/ki69HXB/ODTPbAe9RbypyQ9YlewoY8zXjZdOhp0oTTAvF/HsQjwUTQ==,iv:kXQn6HaQbglJXi70xo88BUlS7qRFwiHshmywWGRMw3U=,tag:bleGSWRsu6rwcETv7Au5MA==,type:str] +#ENC[AES256_GCM,data:sHIXwB3Ebuv2B1UqYc/zkpcSyg==,iv:htsZYVCx1nLI+sk2lRGI/W03eWSjg7EqB3LgiTbe7t8=,tag:dqX4wUvsMK7etZumV+m3QQ==,type:comment] +#ENC[AES256_GCM,data:MMecGi8zooPpOkSj28OmAUU2wUqQGM1Jhe2UPxmplrs=,iv:z4GtQGGWALWRrtuCwgsemHumP7uts4kmiTaylLKzGxU=,tag:xwjeqYkP2mTHvbxFzXLb6g==,type:comment] +#ENC[AES256_GCM,data:Y0ve3H6gMxAcnABMhDLcg1FXq9RXvAAwNcy7v0BKAFtz+PWb60pb7bxS9H0i3Xo9J2y0feNlQ4eZ67a/IDNKSbzTEcfA,iv:P1eyOxSBeudZcSAnQpEAYgpE4aKb/viDsgbOFOIbDUk=,tag:1lE/qG+88xPHcg3v4SEVAw==,type:comment] +#ENC[AES256_GCM,data:/D2CEMzfVy4gWxv9opHdI7O1oAXJSpXXUSYq2/38E3W+a3/OeLglEpfX4w78JVxhV1WlEDBGDZuvQQUFPr1l5h9xqrOo,iv:A0Yd2ShQOgZ/78vDjObmxueA9PPTw8+Nwm8K2+jf6ik=,tag:+GqUedPwGlNVniwVNdkzKA==,type:comment] +#ENC[AES256_GCM,data:GzVCQ0TvVhQ7EEHxES2y58zvcuY3gVypGCpBgeZNl8+ibj8403xlm06Th8798VYzSOCDxaNnm4RHBnpAivPdGcbgR0dI,iv:foZ/MByWatS69b3klSomBo70PXQR3LabBGIzoybcLO4=,tag:SCC8f7We47/ZO177VvEmLA==,type:comment] +#ENC[AES256_GCM,data:FUhLossgDjizyKAnGEaIgtSbcfAqbdl43hkIUdt/qzYksfxu9dPoHrX7YyzzQ7imAsvbd7iVLYcsiLB9FKS02c481G1/,iv:koXSyIsAJXiehCCKADuiSFV3MQ76+qXVNMcW+YqX4gs=,tag:wetQdcBt1zroLY4Yxw/LNg==,type:comment] +#ENC[AES256_GCM,data:BJTQxWXfg/odNFnA5K/0zRKLrrJ8t58d4Wk2PHNb3MTl3ORSr8DhcRu68ZrPLxOg65+k6p/IeIEfd1eD24j3Bzv06wCY,iv:GqUYSh+W2QnrpzMuXUkmrR2HQHZ3ToiklaKNLrB4Rdc=,tag:OzN7usqKtja2xwwWxRWjlg==,type:comment] +#ENC[AES256_GCM,data:Ir+nUbAtii7IR707Fehz/QGqb6qpYygEjVlzN/VM1p0r8RIHeH5FZHKu8AOPH/j14aKEg9jAcW7zYzOjdnJ7TPO98aUG,iv:EmQcRqgHgLdNqP/XB+myOI4l96YjoDHsVce31AKhRDI=,tag:E9Ms7vSO7XvTiONqyeDakg==,type:comment] +#ENC[AES256_GCM,data:73yACFLMtDaPGxwCr1CcMBtKypzZ8bRX259ELP4ruzkorUbMQlxYhTg2OLQc0fgohwpM8KGk/E5seImfUPheP90Kvhpb,iv:PXi0+lOxbh5ReUc228VPTzwHm4Kwuwl5E7UVyXgqqHc=,tag:R8ZOg1QN0XnryOUFkBccKA==,type:comment] +#ENC[AES256_GCM,data:O855e5J9a+4Lahv8fpdrlawF8j6rCVXpV6I2gNgC42sjrM5SWdfbXWs8DkNygh8M4+JIEZH9Ib0nQzs2lxYamjjU4X+6,iv:8CIdyE2r74hoUXB3D1CJr8mSSaLW1cpkNrpSyXhyRWQ=,tag:xm0JU5dLC38/9YX20Q873w==,type:comment] +#ENC[AES256_GCM,data:cytsTKtODcVaexEsKJS1X6K2kGAin8l+pxdzEks6FmRj8nMgj/X7k53DlHvH8sKluQXP1HuPfB94N2G2vecDUa0Tftx9,iv:pB9KRIyV6g/lQ+auO14VWsOvHkGz/WX+DZbrE2QqLo8=,tag:JCj5zkr248l45Rue+KKtUw==,type:comment] +#ENC[AES256_GCM,data:BYPOzqAolBtxXdNqqA+kCUiAaqk7u1ZAOm0Vjlv8hfmsMvpcM8biErRV5QUflMcrV09DHrJ+3Mf0RnESr9/+X04nmr/v,iv:ANcSi0sBdaUDXfM7MJat9SLV8H4f83ZIFPHNhc3ACJ0=,tag:T7Gyk0oxeg1eSobbqF7QyQ==,type:comment] +#ENC[AES256_GCM,data:DqA4OIlyGSJteozi5jPvuGjFtnbaUw2LuG8TXNvKkl1qLP3iKP8925DtvW4InKjX1x2957SLRWSaTbUlGohR+hra54lt,iv:NaafFKn0pfknzeJPI2yMmYwtGglKaw8boGu6yRG+eZk=,tag:NrBIOGA2d9Mr23DTBpeYDA==,type:comment] +#ENC[AES256_GCM,data:nxNSMp1w7LZ6mdOmO38xzyqPKKqI8Ib+BgMIVrJ/lKmvY+kuMhkrKi98M6EwzbpnrGV8Up/N5gC6gD3nVpVq814x94R9,iv:Zy08/hF/xGECIjGLta0nOeMvhP6KPivowHphRAlkDNI=,tag:eAl77isC5I9Arr05rg7HPA==,type:comment] +#ENC[AES256_GCM,data:ZTDCukzebTSY76xi40vNrvv+XxFZSj4QfdkPKL5uMeTVCA394s6FjOG2QflscmEsUaLIXqbNaBB4jv2L2qw+7S0EcZpr,iv:0OktweURWm0PGNX6LApOhu7PGf0Tw9499H7RorEjthg=,tag:f6U5Vxk+bnYTksKSqAGdlg==,type:comment] +#ENC[AES256_GCM,data:R/HWi6LbUpWD2WEWB/9G3n8VLpKe+l473pP7Z5kNYjREIbDRUwvsl1sjFUdxN36CqhEgcrTYCNAAjvh6O++i/y/IgNIu,iv:/e/gKFDgDzcIrw/SmSKVrLkhLgDIaR20CT21WsCX+M0=,tag:QZVVyyRBrv6oZncrmQQhmA==,type:comment] +#ENC[AES256_GCM,data:8ykXJbXKMV7VRMig9NYaoC3/Jk3x2dQTjPb5ASF+hflB3hqn+4U4JI9AIwEHem+L9WRlsVi6x2/5S/hfZd7Mjk6kWYUN,iv:g2idJPzft+Pdbv3E73FH9cbCAREJgrLcksjJ9CqauSE=,tag:5MvAm0QQ4lV2rQIy1hakTg==,type:comment] +#ENC[AES256_GCM,data:A6HpTXvMzIW6teDPrAfKj2NtJB2fdp+OX6B5u1rDa+iBBXJF8zb+04yJj9eQc0wqiDe10KbxqQ5IJPAkAPCVQRrdfaWj,iv:k23+0W0QcaAP2O4YZzA6naUfnjNY5MU8WKkH9xK+HZg=,tag:q+kslC0BYhe9WBQxMiuPxA==,type:comment] +#ENC[AES256_GCM,data:5sMRYp9U0YKRQgxM6kFHKP6mXj4UYUncC+XM4TWOCunX9WK0JU+d8y2nz6KZeKg5BcBnGuMrNCF6qJU5b6VtvIvryDxt,iv:ZLJXLhNuKfLVnDgJTy/+wvZEIUlhUL7nNOGuDMBLQuw=,tag:sLy/6r6VeJkWDG1P/OSGWA==,type:comment] +#ENC[AES256_GCM,data:7QUHlFBuFgghNwyaAswAG6oBx37WPmZWTzA8MX2OvdTJYiDJPgqGVQdGLBrTgpLNghTNjwP9GZKtpp92hvCSULpTNBER,iv:NNB2er6VHxWkDU57jf9sXGT50202STT8v1JDLVqpzHs=,tag:vbCb2Ecd6KhAwPYQ+2Y7UQ==,type:comment] +#ENC[AES256_GCM,data:kQPmVuaIG9GKYCkPAr3r6we7vOMymTNH8HnmN02Q7JrEANiKsH9NQQdgPrXsInFyma3970J5/RgiaMRSpIt2j205U7P9,iv:BLKf3GGn4zscC6dWdCbvAEHG645LI77nIlV8q63ePgk=,tag:1CnCkP3330eg0bF+esJsTQ==,type:comment] +#ENC[AES256_GCM,data:yo+kP+PD3OA0YGOhNU0RfKyzr/VbjGH5i5xVyFxJrCtQmaVhaTACfggPVu7OCqOYKBZLXJruBbP+I1u9ivKLFBNV0Cvt,iv:MksSrxf4ja3HsADUbc6Vbdq1m+ZNqM620H/XABnFPwc=,tag:FdBy95bNp4GSccD/1TE7sQ==,type:comment] +#ENC[AES256_GCM,data:GdGtmSqLFD9ph8vCx+cNVGXQQDl/+PtdiFG21Co4BS/mHTl46u63UT8LMNTqCBQJH3AXIPSZiPZIPdreBhXTMAvcsLeV,iv:DR1HdQSmQ4bAAiDiqfou//0eplcH2xLY1oBwVd0IR2M=,tag:WY9t4974U+wETwKvONoZyw==,type:comment] +#ENC[AES256_GCM,data:8T/If88L8TKJnOUncF9j7uLB4lqDIXvuQczogvVkM+K4Ye6U5E64kok1I5X14fN6I8IgPsd3ezTd/WvY6OIeBdpi2aVv,iv:1eKt3j1kP+C2TQe8Y3gqK3N3T+og0Pibf94Tv7+RxT0=,tag:PVSuPIxSys+s9N/KyacyXA==,type:comment] +#ENC[AES256_GCM,data:iUiQkdm0yKxJGnCEAovcF0Afv+eP/NeomRh4KZ7q9v/LOOoVSbcGfu4D+qBSOUujEuM7h5DmYOdVRBge7Q3/xQdBc3Gr,iv:X++jpJpmfnjr4YZfiJdWg4yMlYrLh/OXRhCLAzncFM4=,tag:XgZCvk9QV/PpAy+apqSV9Q==,type:comment] +#ENC[AES256_GCM,data:vKIpSUjoqnJRmXpOYLv/vdQq8eZn44gJj/pIIY009RYFP5FmBEqTrJaJqCme/xIa60cKXwSHpOtAR+SfX5TGfWobL+9d,iv:QFhA1NuzVjE45QdiUvjxq6rmxT+zSN5jhiUxy1lVMwI=,tag:SLUlN7O+rrpmCNfzW7JkIw==,type:comment] +#ENC[AES256_GCM,data:WXYXebZR9+nHRYBHVeOtY3qoeMYDg5laHGn5gLxQHb+AMLYiWRhVRQMQ7hcdhpPBWQgv1Ma1XEyiWzp9bpI0SwhyTlHB,iv:wa51Mk/UllMooZnG+h5xcyOrbCvfRX1md6pMM00KvMg=,tag:WsmW2fO1d+Kphz8+22Tkag==,type:comment] +#ENC[AES256_GCM,data:kBCFML5g24zc9pSd6Ax5tr7PMhqcRndi92jL2+043ayNhiqQ5FGsVoyNiz4zaxsss5tgCwcDiEe7wc9vvYOikcjxoJjY,iv:SokzH35erfVYrr3unLU80rkOwt04ckPN1qOjbxg7n7w=,tag:7akUpbwcNIzyIpa7VGJpEA==,type:comment] +#ENC[AES256_GCM,data:LCzq2TaNLiT0r7w6C5cDPYHND+5jMdXp/u4ymCarj3LEvh/Sye2+Gs5170FzZNQ1at1U9uou73KrDQLERN3gR2n5Iav7,iv:yAzB+3XfI7SdRnlHLB5dFyiAXqyVbtQ2zSh98PkjiTE=,tag:4c3P+CMMJHwTSXp8m5OBQA==,type:comment] +#ENC[AES256_GCM,data:biD9i+suor4XV9dSb/Wgq6YMcHM1p1V2n9Bb6UMUPFXZzT6bn83C4HvskOABycdys2h+9F+lnUn0wVybQMU+oh6xpScH,iv:w6gRANQXH//z9gUuFz8HUuib4xJ5DUyijY+xGU/EV8Q=,tag:cRYHR61Qa5zDFuIxYzW8Ag==,type:comment] +#ENC[AES256_GCM,data:G1mBf1cxIDV5xO2n/fzwbTgy/7+T8EfMO8DhBNBayOJRVRyLVLRtET0Q5T4gsAIFzFubjPuqNCDzFAjAoCZ0iODY/+cb,iv:HcT5ATkDFDMaTT2nY4fVQjg/ywF45mh8GeEM5CHX4jQ=,tag:PR4uJsjrAVhaQCPzCFMSmw==,type:comment] +#ENC[AES256_GCM,data:tFByW7XbFKUb77lrhGpYSpYSoVcpWzLIzkMcgIcRT0vbPDJe0VTUZ7SpArP9p7NaE7+vj8Rn5Gb5zqMDCxMPsAsU3KIR,iv:CL3nF8MyUa0DJ+zHbCqBk5wWJZMQPaV3fVZGPmE5wr8=,tag:pkVXP6yMaXzRjzxsYNKh+Q==,type:comment] +#ENC[AES256_GCM,data:okfYGm0lhVNOq0Ma9Yul4E4jTLhPhcicmeeIl/FtonyEPoFjwiHBpCmWXUg2jpfA3ciluJUlBOrA+RPCOkQh8rcLyRmf,iv:JiTsAOR8GFO/gBt5cJenG7VBJHIavAcWZWfPsmfTGwM=,tag:BCBSRZD0wbBGYLYIDA7j8w==,type:comment] +#ENC[AES256_GCM,data:xLVY1TK4EN9B6JCYV1QdObuggOPSXkh+ZgU7oMtzo+pG96jLxqLOeWey//693hSTILNSdziNRzkeLL9mDM1huVknDSAI,iv:gEK9acp5+jHTwoLsv6ZVuZCZ2h4Mg7c9g3z1CCyvsFk=,tag:NbCI3u8kDtUFkT6tOGZxRA==,type:comment] +#ENC[AES256_GCM,data:uUFbL/FfBpNtZd+u+LbNSRbV/Pjldin4Fr/+igIXj7SuJsz/tUh0qmmw1vE9dZ/Uc/bUYtV21McE9uV/KUA0jj4+Sx8t,iv:YCQhIeNltodLtLkcmwdRJZ+treQfA8UhD46v7VSrAlI=,tag:AnLEzJjOg/xqqE81kUXPYg==,type:comment] +#ENC[AES256_GCM,data:C1VoFYugfCoOv/OesA78VtVNOGSL8/sSu/SxyWCZL1oq7OBJlj9OZazlts8CusO0vrf8TMQAg+IYfGGEgwhgPOQ698VC,iv:MjBnT5Y/6zoLMBxo2pZMi5XwLpxGZDcjNtp7FVrLq7E=,tag:WhT9z9U+YaRNcC4sSDrKEg==,type:comment] +#ENC[AES256_GCM,data:25QquCUZwdPa9KlED8cjp8TqdLCQ4sY+9vaeBc4IaeF5Go79BTNECQ7S4A6ijdQUzKCktqbpliNvgik4GWXlQDq6yAwt,iv:Pp32KfaXWwapjPZRltEX3IQO7PJMOXkn6zQ3VLuA/oQ=,tag:sg6aMGkI6InEdLQ5Ie/bjg==,type:comment] +#ENC[AES256_GCM,data:JgEsketsuFAIgLSOKfX51A+s7YM5S5cilZLll2c8umfubBor6g==,iv:i96glV73Pu0E4govH72dC7kInvAr/22wZ99bPQZCyOY=,tag:dhJFczdKDOGXRX2AcidbVA==,type:comment] +#ENC[AES256_GCM,data:Cuz2T/ZHmG6czj01mYSkseNjHHVzkc7nCRziFl3J,iv:s4z2J7quVzo+34nymk2hUxwQ36VONnfOxOTmUFnjnKw=,tag:O2DvKSEPABZQuEWFUXI80A==,type:comment] +cyberghost-key: ENC[AES256_GCM,data:hY2NnD+SubQ5/+IgwSFnrk7pgLPW/M5pm1euSfdaT7jT8BnYo/KzXc3AgRGXCAhPHDBeM+CE6ClT6T5aeslNaiezyJBXBbIPCcN2g0MQHB2dv26LKUnNfIX14/+BPTdwkNMiIKnw80P82dZjic3WHmtHW5MRMrAxtJW/q7JiAJid14G+J2nnJeqNUzD9ZxPLSFgIFcD8ysZ6zaLc1jdL8gWCxQipbULmPKqf82mrvdutWweJBhQzL/JazbUD24+Aq5NQGip/aB8huBZA00e6c96JduIxV+N7SYRbJrQu9ay1dMfi9mNTetJc/RBZFTWGnoPy1FhqnH/wMMvirGekzSoAIZPnFYCnQ1yrQE+hPtpkTqq1tdli5aet1xitj6RsgIOxRG6rkejpeLqBNUtWY8ClElf1qQut+T7eyPHEnTba7/rYW8X9jFwZeI1+YipmBqmdZZeqaOLcu4qNrXHDYZr+2nNXQ7MKNgsfhAf+r9jfmHzSJJDEkxCuKiYRpUfJqJLSsUeVDqMkZ+1grcM5uxnev8RU5I2aTTUSUFgNdLKfHTCpFiPtcKDLSwPcaEKPkP2pOTe+B/Xf4z+JpuiW+Yw4cWBRTgxUYdlnEKeO5M14YHS9asTfJ18wJ7uxrDwMkQEWk+TmLqjNhfng6QW3fehuaYWDbHmMjHyXMn0cC78SKMLIE7Yusy2eKeqRUbn1I3ud2c6S+7U1HK7PoWIwDXFvcrDj12DPqRvGlndE6t1gD770g1qkDf5RYNoodrXODxQOdBiycu4sTXGc/Ncz2G9P9b9pK0PNF9TRg0wvDFY4mHKj+lyiNgsjgEyXJSIY8yRYV3RlTD9S/lFK3d/3ujLMZBupI4o63T3exN6Pz/F0/bEoCjHFmHn4MN1na6CIUsibKlTXfQl6Oxk9xGop4rcg4Nfygan33VSBwO2O/MEnQ5sePtsivx0SE1bR9edYhI8HyF5XrAUBEffL4qOTTpiqui+112IzSwN/uHK2RGZYB1rgLpGQKPgdkghcDz/rbQ8AqPxkqvQSgjZ0B7ZsRMVjOXHSc0WCdmEl2AkZblULrd6soujVhPTlTIRvo9NRcpmQliQRrd6Q2Oj4nrItJzSgIvMeABUH9Vz74KE6gwBwhuFOuQaSLEgT1kUobuswGWQuUkV8oGFbdCnlzIHmvlYIpQG950y+82a4fA5AJvefyCtT0XdHqvaQK/xHSv0n/MdHTUlRbxcsL5Z3aIZQ3FnHKAeouLbPZpaXIKLcc4fahMxeIZqPV/cX6KnETKbj2m8rb02izrduuZWbdZqQ7qqwMzrUFS8WROcum7LpGnKIo9570JNUxRrBDyVb97RKsmShjtdd0H8U+FSxlZnM4OASR+Cx3BncI8KIqMDkvqdwgICuMEjENMG1fe6E/S3Tz3zi0BlJZrQfQJ0oxKlKXDBb9NCsoyBmWaWvp/WhRUV8vSFOiaCK+J0esonULXQQnA/tsKAhP7DmmdgSvc66+IQl70ArIAFS9b+rIZCAK5ObH7P6PjxNt6bLu4MQajvcAI/LUuflcka3YUPRwpCWH4zoIckwSgLAGUVx1Pv7f+shmZDveShG+bOx1mj8g9hwrCkTJHoT3szSsCtNkwQ4cn+PUPbqlLS2kjZaiLFUhP+sSH4dvt1Co6VEfdWkNCCVWxADzSP35mSnY0J91oV7QatGSl2/kWEaZ85Fo1EgVpyUWD0d2FdsWqrDI4L+INFGgWSMzcomu5BVbn/XExCBZA4XG6/CW/dBIGucdYtHLTAGkhuJ1FrzlNGj8dCu7bGsls/tMv4K6WGgefXlRIJiW1/7ad5yRPjKdY8EA3S7/JGNhEqQJXyUETcM0sDmQ6eVJTMm6JoxFfUzpqTskEuF1OrQU7al/QL5swXykqIyypJeEmaLbRborE/jfR3X7x52CYjDLofcRyVfwec76tFvg0uOEE6c7L1eq/6MYQNv8RZ7QTjFphjHVzs3zMEsd/SNivzOq5fTKzUu1Ji0+9rpbcs3Mz0psXDjmRbrK2gO5orG9VQur1+9ZvUNFVFZiNVkmynRyFqMdoQsZ5nXXsfzGifoW//F1tnXZIDx+pLWsCwg9639aRpIAMNANsmMJgzEJUAbBtVDDJp4Kl70bTJsSEOhZB0NSHcayfOSpMEKU/DTri3b5JtxRD8pQSMoxJRbFbTXBIYrp3XbJhDiOiYcW8aFyIGrlED8hMjVF1IL0lQwfpBY658/SHdf2mguL9+aclv5YcOdLmyc8vNC1ur0VSI58Y1+eNjER4iYsx4J7ez9znQuQ1pZVyni5TN4uEgkcbD922aC85TnCxdDS+vltXe3I+z/RZyJMWO/4EfQZ3Bw+CrHQJ/y80ZYan9x0nARDIwFfBTl5UyalGMhU8lGjxznn9blfmx2Mn6LgE0y296A8GNL6Re4QiMf5RkCXY+5OzUDiVbpvyiGCr930EaP0zTi85PE3aN06lvuwPoD9/LzQtl/AjaMGnER9whicj0i3NGlmHOQ7vECqGe/YkFexNi5m+9mJg6reWzU4RtOhfztr08JZMIXwSxMu5jYPOJUxLn9Ui7BIQr3CsdVV0zYkY6XiRXNQ5HYDtbHPh8MY2QTKkmkVQmr0MSIrjCnmiIEyl5U/BvaUtBNTPrE8vKMBOm99EGFPZgt7Nr1k7d4khpyeNEFvMk1Y6rzRr6J2HdE/iD65URYQrxZMU/FxXyS0sjcXfifpc6pGYkb3naW9Q4zKJt8Ipw8tDLBIsHFux+dJn0IKdpJ8b9f+ftGqUOLicC1Gp35cn9fbGhpQ/Z+bdJkQlCOTVivAEVWiL5Tm7FX6eYe9Ad84dezy7sRKG0FAZpdbiCrpJGtsZ6q8zJBUspT0y4kXbIwtkk4N7kOkIOwR6ZotRiLQKx/LMO4gQGCMWxY1NzrbX7ny4N0KbGDJXPnnGwllSKv+4j/tjjWLKAI8AXlq/Yriq4NOiBt1Yw1nDDd/meI5v77hNJL5rRQYN3qRSolnwu7E5qbfjb+kPME5b1ZvTCmVIBO9zdHDvLlrJkKF+i7U7+0+dVJztMmuAWNaT3iXN0Hgi3HfIlm4Tb5bj8FOhTx6hiQoAOj1HrdUG8HATC9DPV30JDBqAs+U0s10x1bJZtlDCzl5zGkw1zxtYLg6K9cVO4QEp8PSaxp3t1x57LrtUMimYL5o508RMgSMp+jRtv6yX7tP61qP/IDuH2dvNtYaUOKKLAqYIbfWsqe5nrZn1YYuxWPxHfV5D9joSMHFAyYwkOjc6GNefMRyg4Dv/vYeieaYfILrMauoNfEp6YXsHjxvl14qwOt+dhML3iRY46QLO/1xNWeRUUfmD01dRyJBGfDq4hBiSXJCZh1a323uoZVUqgMrwwX3qiNNVc3KjSJgosf2BIQA+Q0WdKI45ejIyhl7dayVILyCy3eI+5RcByjwiMH1BRb3Y+Y94bQcxE5avyv/kCaW+1gA5kbqCz3+SueTh0T1x4q9IdHVhMK9ipmlkaf70eH3zUK0DipNjoT0PA/xR2mvKITW+ZrVPV3ZVua1ZShvgmOkwOAsLEe3H4BKiPKipRANuws3mEzLnnDeL/DiZFnCM9eeunBEHxELs/+qLQmesDxcsLSxI7+9i9Bz5gL8jnGxSXCoB7uhQFZtFq+W891GWZFrW9FL9dqRFlyaxrjePEqyAL75+6RHTEnkPSZmA+Xb/TMK3FSl13/WFFnibPj9feG0Yrfe3cCud0u6WWyyaGJZFE8YxzRAHn5v6pjWO+D1r27A0klIorvUE8vEkJZS/RbnkQubPvAvKuPN20WpQYlYMNJeQztQ18+HuW3gaDiVFTHFJu0QCy6+k+Ht4Z3ADJBxmRGAeMmgAkOEyFcU4OP2I3X77qk7M0YIFD16+KQjXtmH4pT7/msurjSO68TttUdh8Z9HIQra9QbiJz383obCDEQPjMG51hnVaPlKN/DOV/gxVmJdaulAHCMMpYAMU6jUZN2krGh5zAJLdSR750teawXluCulYtzjtrLUauUN9c4dV/70HVHJZKZZSOdFHyh8bjJFrm7eLcscnv7QFjjDad5+VzgIh6PqYnWYFXUJxwqJ6uj8lg4MeJdwoJCFQEjvEQS82E8WFXwzlR/M1ts3d7M6z7B/cWQ/DeXTLuZmdd6DB43pHYSZ+z7ANzjssTdIuYA8q234w/AIt5+iG1Gb6ttVN8rc3dMhfpG92x2/3JEUyj/m/HBhpHjlOYAn8M74L5NNl25EpCCDSaaMCxP8X9M0MJANGD3ZUheWjrxcB/b9MeoZL+NNKr8hlyRNUQd/Y28wvubF0+HLC+nXhghqIk5DC23XzRmdiBbmrsAM1u7KRsGCOM4EdYRZXSxcIdAcW2DVCRHiMdP,iv:izyclzkGY+/IFS9WyTO0O+1/puRnHdpJ0zQ22Y/R8hM=,tag:Dc8IKjbf294dKCN5TGERQg==,type:str] +#ENC[AES256_GCM,data:u0XjrBhByODbAIY3rw8sxevg,iv:vH1W0C/u58itloVKJ1XZ7WqShTeUzoSR0s8zMkkSRDw=,tag:I79fNiLpYV8A70ax5ekddg==,type:comment] +#ENC[AES256_GCM,data:YLneC0aKJCSIHgYNB1/SgSnLgC4hEjkNIlrNdwYB1Q0=,iv:SN9TkvmNsX5ntncd6M25TvybPCwKPi3+6snUE/eeO1U=,tag:bUVrZ+xXxfC8vwkbt2HTQQ==,type:comment] +#ENC[AES256_GCM,data:NNKAoCsyk4MLx6Wk1pBJqgmih0SWjOa5wmBMVLBcK4t9IpsP5rq+03eUT7bLCLoHQHKlDEAdrfbFkNvkFYjtz7eK69Sv,iv:60yZR8iVpq3iB85YFpy8Lp70O2o3hQNlUQH7CKqF63o=,tag:dTBxRSyFYS6q+iM5Zo2KbQ==,type:comment] +#ENC[AES256_GCM,data:Di/aKcBppy1l2om1LE02QZJcZlc7B9QD3LUJpnXfIVVcLbc1UdhzgX7DoxhgNMuJ1O2xoglTkCTuClCtmup6aMkoF/ZY,iv:c6XcEsKj847k6O0fTQu87vPHgMwHn7ZUzZEnhdLJunI=,tag:WcnM3WvcauwCQXvSOnoS9A==,type:comment] +#ENC[AES256_GCM,data:3EgUhcXCon9P+0kCbflSWoLA+U8ku9765GJS9TQDTkOlsK2GjlPCfix8/D/z7y2uNdtNdAOonQz2veKqsImG9Cmy1V5+,iv:q35S/ksqCnFJEKdQJMoFFqCuPy/YE1WlXVtYOPy92ws=,tag:RaW9PjNQk6s2+rW4O++/bw==,type:comment] +#ENC[AES256_GCM,data:zoWAthL0gnzRVzWqpgtBlpzcF2q4/UIIuXRIsuEYwt3FYwlvSmasuRa/tNDEJ60gYqN0pho5Tey03S7Iq99+HZ+x61f9,iv:UvmuuTsA5AP/3xmWK165uFHxbFpSOR6C/Azg1/2jS6I=,tag:DBaK/lB8Kw+WslTyfnmuIw==,type:comment] +#ENC[AES256_GCM,data:qjh0lLOirgkI6cMeCPW95G9H0fSHN92ImXA41S1dmEAgs/dxVKslIDP9PsDUMjLmPRmCfvI/26NKidV9U4AB9bYG1gya,iv:zgZEpFRXDihvfxtmz4qywZhsvVvehk8HBZQNcNNbpPY=,tag:+QfUTQTMggVRBIek6f2sAg==,type:comment] +#ENC[AES256_GCM,data:yrKGYOat9F3vqIvMwd+DwgDcNtgwG0ufB3wc/+Vfq9TgkiCu+k5niEN+ZJlpRru9ie2yAFpSS9WewrWKRgL34GlOoomO,iv:XWGKWApPptltsTeg5Ycfxwv3qmCZukatUkpn9eGS2/0=,tag:HDRo8/HaCEgU8CYYvZ64WQ==,type:comment] +#ENC[AES256_GCM,data:G632NRFgypp9mATV4jTolGVjEUkDE1K7x3F1hJJWLSpYWgkk5gp4JjWOs8ev/N0HZ3bPhJlbKyGPPVcxhnLwVxWGkSKe,iv:FyyvYK52YL/lbojDc/Jr1OB9pRKfoHnAUPoMRgLeAIU=,tag:8rGQeXqfDcF7+FYps0EDjA==,type:comment] +#ENC[AES256_GCM,data:CGCk3s/QNlA6dbOT6CMsbIQP3yF0SAvnb4tQ+HKmo1XnkENx77jG8zRwO61uP6IVOKB0vMeN+1C5e+xRdf4k3lpQGDxz,iv:6pUd7vb4Mb8KIFTBJcwRNhYO1KiFXIODfvzynNIa6TM=,tag:BME0UKST5xH4MTawyfXpHg==,type:comment] +#ENC[AES256_GCM,data:Kq/lvJYUM27F900bgRZ2RYRKkTZA8VgJTCI1+Vl8yI7E10CQhk6lH5NTNPDYqxWWIl+jpihAlR6To1R2Z3U43q3lRaE4,iv:6zaJJnnbQg0deodTq9rx3eEz7PH0GdZScIKlT+0nimM=,tag:2KhMAolLYAcqhdC/tRFqXQ==,type:comment] +#ENC[AES256_GCM,data:hMoad5zwcWe4dq/86HIbq55exoVNbll7BjkuVTQdNJFbGxGG7KbxrndRE0HUTLEIYVNYwEQGb33mljamy9WZF29KhviD,iv:pDt+YIpGc36a9G24yJOT6MzJ5ggvuooVDJyoZw73ElI=,tag:g67gRvlPRDVaTrwU+BaqBQ==,type:comment] +#ENC[AES256_GCM,data:zkL3UAYHY+0CQlQKn2qxSWlpEk1Y4rJRA/hseFhXO+oHHGJqtP6Z9dkaee129aiEu4ZKKXYlDNtpzsNBZNavNcYvMBpD,iv:FlFEgJiMAdo9s4/KdLjLaifXa8t2nJ+ugdly+IZJpyM=,tag:RIZCVZSzB8msjZ3CiZnRoA==,type:comment] +#ENC[AES256_GCM,data:aSeuVQyxpo6JsczVW78z3Fj3UKwR3RnSOGH/6xu9ZzA96NUknm/d65oa3Z5TpVqiVOf6OVYvkVh0LmJV4mrfPm9dlxMV,iv:dclSy2ZegvPUIcVVUK4BTg3628hMz3elh39oAYPbSXY=,tag:W2bZGtAKTJihqL+2YtOoyQ==,type:comment] +#ENC[AES256_GCM,data:U3QlhauSgyTeo8Ab+l8D5O30lvlAk3kzqhEx/dCpvjReT4z60/wPVzPp5da8D2VLMEk3/H59zkqhlFwxTBqjJ/XR5Dm9,iv:eg/qixxp5i7S3gw7Ub+WSqXe6tCpWccsKd5zmoXrK6g=,tag:CPr0o3vBdSXqX8yD+JA08A==,type:comment] +#ENC[AES256_GCM,data:IsFocr818QLO5ut7IUrvLvtvB9rzSFk+AiBlJlhSbecpvVL5s/hu8jrvcGnH42ja4diqZspoNiBUJdo7L/H1s4PSc8g5,iv:X52W07jiX9EllpXXHDMq7f29gBddJFhSS/dCIx5e35I=,tag:KcarpmPBpzNgeIKooBdRjQ==,type:comment] +#ENC[AES256_GCM,data:KZGze8BTXPtvSx7ILLdTAvuyqsR+X5S3LEybznpGj4eUufVPZEcIVYB6VRL4AQVeHD/LSozcecOajQYtUASPKeuDM7ar,iv:fTvESlbXvHHkI7blRULmlxQJTOe5uGCXvR6a8WsMCf4=,tag:m12Oj7OWKEmzwn+c/2lDgw==,type:comment] +#ENC[AES256_GCM,data:47tQXJXNbsN/nHJnRhktiH8opVBneNDnhnHP1KaPbSH1GnBamNU9DNuDjWVfUVZUaFkkOuKbu/UKnMMSehTWntl9unvs,iv:gDw2ozica309CIDC9/AifkwL/YDwpImHFebk9QLGqUk=,tag:GzhqjpAPLAc2YSrAo1310w==,type:comment] +#ENC[AES256_GCM,data:1V/vciDyiw8+MleW+ULAxXfRk+S84ZSSgSohxqMgZfApuI70S4opJbo7VEGX/WxaDe7jj7Hwjt9O4p6xyBu7ijfgWBy7,iv:s6Ozm7ek9L+SH4Nc68ubYXUwe1EqeursZGQyxSJHi44=,tag:mIu9vK19sh8M/kl72IcOUw==,type:comment] +#ENC[AES256_GCM,data:jqyJ79BdcRNj8XUcZlNq394bwRLglCc379RVQzspNQO2dvtzb/pF/hhMALxGYVmElFX59sdUKKy7+socscnMMWrnXf5A,iv:nPZmTR9VJYqej2Oua3R6Ta48WlQfHDJunh9zqSEwqco=,tag:RqmgdKzIVSH1KpspXg04Kg==,type:comment] +#ENC[AES256_GCM,data:zyFx0m4ZufrzDRhA9NMa6cLU5r8mju1JE4I2/NRDw5PGPz327TJ3rrSUOjunU+CxA9Sy/Xb3nMlQjcjvGHZJsSEG7DHk,iv:x/inJ//qRL8noOFMMG3R0U0N7MF0EzyIHNNf1NYevyY=,tag:BaMom2wr09zrRJMeaTVMfg==,type:comment] +#ENC[AES256_GCM,data:JMKZktB4ryZ2Y1fLpQCowkAgD81DM3b9qoDJqpociIsRXvsaIOb0+Jtzm5s+FGwsoz6x1j+om1bJ4H4jxRVrnu0Ag1UI,iv:h8zH+zpqmIlmQef8y3QY6ID1oxY+7qtTLgk8yWf1Mfc=,tag:Nh/jYF7rypESthdG+itASQ==,type:comment] +#ENC[AES256_GCM,data:nc/f7QUaJeBW74P6SiYAtPz56tdcPDzs4x2b1P9c7tCdN7AqKPfh4ZcCSPfIDl+Esuh81eMKZXppgC69ugM0Eq7hlkAK,iv:9PEZkgkQi0Z1OTM2GR6YaTXillOCb/l5qZS8btuamSM=,tag:LxaiPjq15NMiEPdEM3kwuw==,type:comment] +#ENC[AES256_GCM,data:Cb+vpJV+PFsIut0NBvn5UjFpDE0wFfKFSCOg5OtpnUhzME3eFKHTWQY4OYHYjhKwhlZpOpARhbvoNYfEJvoUtPSnvwPe,iv:Mr8c+TP4YABP4hiDoS4y0lHq1xUm+b6MzS782bbCAYM=,tag:Q6/mYYpcokafX02kwL+o8Q==,type:comment] +#ENC[AES256_GCM,data:FBKMZPaleAPrxX1ncpdTP4/fYS0J/Ac3J03iKtYZvsFxZJiNUhaYStUVu6stzsEL1eCuCBuoe/aZ0YKx1d97IKfUnc+T,iv:eDWe5W1LN96YlfcrInFjg+zlAw8RDfXfIzM+4pdNlfE=,tag:LTrc29LOcb7/Oqcok4siEw==,type:comment] +#ENC[AES256_GCM,data:BoTcxe4+NC5A6K9ozueJ3YS9n7BAn+kzwjuOnsAUght+nAM7lLfn8xDkujfIdLqwYGKB5d4XriVusMQeN3uZfqjikCtW,iv:hye5bTzhSdd016DX4hOMFGvt0bRteQRutNaO6GzzrsI=,tag:SN9tuYEADZzdpy28+FVPYQ==,type:comment] +#ENC[AES256_GCM,data:QioUKc3QYeBrcwjshyAEFtqeclXygWKp9gPiUAKKoVTe4fu84WtPYhSt/HLGSda6oWyMXCQ5NqUBMWi9HK4QKvJ61tSA,iv:zv719W+PB6PsDgyHhfuaPjliIWqd62cWglUJLkGDcKQ=,tag:GNwzSqvufaNuEUUUu4t7bQ==,type:comment] +#ENC[AES256_GCM,data:LvU8yxoFojdTTgpXH8KkLcRMMOC1b9l5EstrjRvnjqLTAJo6vI1G+SCQ0O4PQyuH9XDfjD3SfQcLtK69PYiDPDDppqmn,iv:hRfvkWxw+bAIZMxXhYteFk0B873Sam86+/hMNrCqS5c=,tag:5WFIXiUkRCbfdIl5gs+VIA==,type:comment] +#ENC[AES256_GCM,data:uiCDpAX4I7tXVryvhnMOUlkJIeLCYSkORAkPDDRQ4ZKXgu1nxHhVoGFGYHFA2wsBGkULdst33ttTSYeApZJMDYgLX+rj,iv:sTr0YXbJx5jBDFwQ4hRnT/AQPzWq3ukxRWjg3aHYjFg=,tag:e6jsm2Le7R3EdLVzZW58RQ==,type:comment] +#ENC[AES256_GCM,data:YZrREVMOKkrVafgV1e4l2zf6c3b24uJ4B4uvP+Ho6AFxs3xdxjmzGmTktPDfEzETEFvOA1G1cOu8KR7BJVV7Rns/l740,iv:IzSo8Y5jI6u1ApKPGwRj+Y35qyChQ4Rm2UCUOmMT5r0=,tag:raCeJx4FkUC0lw2h7JlPiA==,type:comment] +#ENC[AES256_GCM,data:ojDgdzToEgTRhPajQKiVmXL0OCVviv70gBaTcJQi7KeB2k3h976yIzt8Y1eTliU7r5yVcUXiCuWUQBOZmmqvEbe8rQ5u,iv:u3GctKl/40idqour5hd7JJarypZC57/EJaKG+xgW6Rc=,tag:JfY1wZdrm6aNpcGOikTimA==,type:comment] +#ENC[AES256_GCM,data:rUbCaEZYE/MlF+ZvVoX0NfDWh5CgwWVt/kchfC0aAbn4jgEcYB7aOYXr10roqCcL1IIzE9fqboeR4uIoSc+kQ5NPGKIL,iv:p44nuigZwKF6WJ915hSeMvEeV6hOBvGs3GYJMWZcums=,tag:jbNQ+QhXPMdY7EkA7v8iBw==,type:comment] +#ENC[AES256_GCM,data:XUqPWj3OiBZMj8uCPbCX9mzpbiBFrHqspYzdW4pKzW7mYS/ZYDRla1i3ZW2Zi44KMRNwptgvkMXwE1C5e281fcn6Xyqc,iv:SneTuyiok1WPnTUfCVZa3lZfmf0ty+vjyt5gFnJGoTU=,tag:sSXbjIVdx5Pn63K3BLdinQ==,type:comment] +#ENC[AES256_GCM,data:ESizsRC4W2jae5CxXSNt5yiusq6+NEID/D5vOxiPtQxCXpk8jh1ka1TI8/SoQTBJkuXAIGQ1N0Ej4EUBTDy7A1h0TjKA,iv:pHz5ShHtJqylzOeUG4fmLzPP9Heb/mbLoFB1QrF9qsc=,tag:DKObC3vienXDccxaR79TLQ==,type:comment] +#ENC[AES256_GCM,data:AFQKW4cH1xL4udZlyQayPbv8Xb8pn/aMzwlL/+R6fiLMPM2dI+/9747mMAsK3bPStxSNcWuVsGTuV6yzFdWAS8Bl1SWq,iv:chk28nzEUk+pYFUJ/n5A5M4EaIjnQySkV54Gx1lnTfo=,tag:V7BtvEdz+1vZ/3VOzjRE/Q==,type:comment] +#ENC[AES256_GCM,data:5fp8AZxaS5BEhhQruSnvGUA52jDHi2NJd273ygHosJX5sK8OwdCx545CZ8DTvVC3w9gXaYMdPCQse6er1YOoSytx125E,iv:z4QwgjWjylEuMrSZbVsONOmX8pjboI3DqJ6MuxZBZwE=,tag:ZUXdUcJkavc8ucLoCuQkfw==,type:comment] +#ENC[AES256_GCM,data:Q8iG/NBsnYSHCPpsY+1EzvBBS4p+IBEi2XrO30HFH7nyGajNLVAUQ+8RLluBDkusEmNL7Lpo/ryduUDD3eIJ+FJ4LD8u,iv:sqkdLHQDK8OqNSTiTeyAvJH1KUoBlbu91+ddp13Bsbs=,tag:TNhNTnOm6vnD+wEz+ihZ4Q==,type:comment] +#ENC[AES256_GCM,data:u2BhbD8zppsei1S3m4NVhgGTmoIV58LuQDIjUhocIixeEuXB7FzQrS5bNOhTgtMiQQR+Qizt12wsPdD703aQvFoWTHWL,iv:mBkK8OjFFqL8vD/FeNr9vTVVs4AvyA8lt4xKRMwDVeY=,tag:hWJtGcx0dFco9tyu2VSrbw==,type:comment] +#ENC[AES256_GCM,data:KPDDIhmcZ9WJGSKh14a7/ev9fzg/+CoPjs1454xRDyoEIpFcH0WCXaam4IFyi1uFajkQkZcMuQeRqGO9uGATHLedVFJ6,iv:5HhUNzs9RTrMyv5fHSFM/vC+ejYWwdl7qMgmgFtyhYs=,tag:210fYB+i77sfz+X2/+9/cA==,type:comment] +#ENC[AES256_GCM,data:6j2Rwrex6R7oFgUnCGE1aGQW34RYiHyAmZmUIgmgUFv7c7d5XGnV+f7jouX33gzasMTt6EElZLeWKJ79HcoFtPTkWxRE,iv:3wTU8N2Luyw8m9sXRXpYj6c8rfY9VxgbD7h6ISzJMo8=,tag:AQ1mxk/zV3y7k0+bVdGbcA==,type:comment] +#ENC[AES256_GCM,data:LKaWXyxJEmFrbQ/ITxAuQBMvmbow3bPD1i1O4beg6sKo8A1XHvLIJd/5sUgB1KGWdUbwHFxT+WECnvfizHl9Rxi3Xapu,iv:kvj1965+madvaAA52d15170ef4sNnS3MyQkY3WpCQFo=,tag:C7NL952CqPnfpGhbBsFxww==,type:comment] +#ENC[AES256_GCM,data:j6r7Yto6EknUEKR/Fh2dZBBWH9APlXyBuue60JeMQ1PtXm8ha7mzRj25T6kKP9RVG0VMgFD3v8qfb7z52mdaLND28cjp,iv:gN910mK/iZBlf9Vev9Ld8y36XWrhU4tlLKNnyoDJiTs=,tag:auAdVxU1sK5NUMAnzeUUcw==,type:comment] +#ENC[AES256_GCM,data:McfSlBLpe0kvmRu8Pg4N+8jy0m2gMw6s4bsXKzvG9GvtDHiQkUxh2hv05gq0AjJyHYzl5OVY3a4A+N2JIdaqBV3cVE75,iv:CIEHXB6UaiL9QWbX1aZcFlJq1VrXbT7ebsn0Md8D/Mw=,tag:yYRkB9NmvpVPLlv5avCTYA==,type:comment] +#ENC[AES256_GCM,data:TNEd3ACXMnT+9KCoaMECEIrGppL1UTu72DxbnnxnG7EwQsIxtQ58diLIZGpSKguWjRBQQhoUoJvE53isKFHy0SodoEPf,iv:DoxyAmnhn31Mzg6l5ZMLcAwzQQm2dUnOp1zaEmjcOb0=,tag:rEODR5e+0HQq/DyDo59T1g==,type:comment] +#ENC[AES256_GCM,data:iJjY12EireQuj7jBOLgsjw9sLrw8iA2QF3KcKjjVDiv/4kIyPWfL7iWNpkqZ/7lOvp3svYmkLixoBeynU3QYEP9ZO0oc,iv:rz6lJzmErOg2acisHOei7NKVwTy2WEY+V0xSfb7KNyg=,tag:VJz+X+i04+cU8s8zgog/Tg==,type:comment] +#ENC[AES256_GCM,data:wzJggZAB8CGxWfrVSUjrD+rQdo7GYTh2/Qy1EzMXwJB2PNzmmnMMRg1eHawsnUXZDyYq+SFhNcs92drYoTJDpYTLbrmF,iv:3xnt3iISR0Dqqqde6BttnHtFzo07gIBQK1va0l7gyLI=,tag:L2fY8hY23cdYRu5fbjkz+Q==,type:comment] +#ENC[AES256_GCM,data:Ra3+7MNyv5eIyNUoyvyk1diD9F2ezD7+38hcMUkwFfEG0LrNZyAYMYdRZbJsRcnWBRU8+TXtbYNyf8XTbQYbP+vBfGiV,iv:Vk/ashcQdIwglcrwCFki47NoDI+PBKhuumZTzEubbv4=,tag:hWkMU+MHfRb0hvsuA8gp2Q==,type:comment] +#ENC[AES256_GCM,data:hBo3XPiw2wTnFf6iiInD995LCth4MoCrDE5Bz+SsagYFG5muh2V+4OSTTDXUCwudIYp508lX4Q4vJ9D+zTtxD12jBUpX,iv:I3z4AcG2ZrSFB9+2+LScLpkGCkQqO2ry7LubiDnRGWc=,tag:XhUrRAlHnwAEfzHvGWZ/dg==,type:comment] +#ENC[AES256_GCM,data:F5jxqXP/rcu6FlZuUV2iuXx2RLXeb6vmwwQ9xGAELts+Bphair6MLLDhGuF9nSz2L4oAXYYs+WVJ4e1ITqhMS62u6MFz,iv:+UTbP1qm4FqsArUNC3+mJkzMfFZt1UrfQMSAzjDBYS8=,tag:izynW2aZn7thVPJCVl3kcg==,type:comment] +#ENC[AES256_GCM,data:h7lHLsEpm0AE77oa/59vC4+F8RIkSMRuTxJxj5wMvElcK2qFkPQsmo6laenKgObOOQU/a7vE8symMw3LI+ZyIsjejDPv,iv:LTt+33tebAQmWX1Mt0WSoj4qZXvclx+Uz11e0jpNP+0=,tag:4kPgwgzDJlSS6n7eCxUWjg==,type:comment] +#ENC[AES256_GCM,data:ONtwydPbpb8YmmN+xESRaKH1suOUpGUISZU6A2Yf2S3yg1pbo2eD+Gd0td0HX9WAdbfkVa5JhDxQidssbo/2cXLZnxyg,iv:7rwWnXj/8Ei26DjxGJPxy3BgEiQinzm2IpxnjGrjAjM=,tag:EOaD+hiihZKoIbfcPlGA4g==,type:comment] +#ENC[AES256_GCM,data:DIx61nolHcn26hmeWg3IsJJoQca0VgamSknvPCwfnmnfMl/T9Q==,iv:wJPXMTER0SRmKB5EF1beX3GID7K8tcZIO/e02HpCKCc=,tag:oGeoYoQT4IIstoXq7FSWkQ==,type:comment] +#ENC[AES256_GCM,data:fIdL8pOxs07JSRVJxqmLZ5G502pTk9yx6Zu4KRvm,iv:KDgg9EjXBOHf6YMttZsL7IM11AaFkqBdsFFrliIRY7I=,tag:25m6m5dNqbLuX8ze6ieZFg==,type:comment] +filebot-license: ENC[AES256_GCM,data:iBcze+YKbRqgSc07PJ9iSV7+H/eeyX0JWbIk7ftGzvIuaDeZkNjhBGYWtcg7MEagN9fG9V9QBGOYbbxxWoG30pMwMvc35KCQntFSrxWNN09BlZ8eijdQDeWlIIEA/+sTrDNo/Cw4yS4cMDy3QDbOdMNh3If29ewT0hyrvbu+HWasNR9Y8KAytdHvCCcgxTRFHV25sqOyeLXrKRzMDndsF8gZ+kGyeKu9Ft4NMwZFaS/ZYPWHNFhWuZ+c0OeAoD40v/+Ay3DdEGRUIiNo+u4GIHfEbg3xGSrkARl2Bn81rxUawcaKD4YRS0kpVz25PShK3aPuwZAQ7nUcLV84xZLijaF6yz3a7I2bFnDrKQu+ZihBuXuHEAz4HAou1qLIcnXp8Z1R5cMWIjEfP2PsqorgqtuDXZLEaEWBFObug9Ve3kJH8N05DLZlkB8UR9YDIymXsoMxMANCDA57FbL3GgOy7gJmX9xsOn5kmLsTbXPfkGYo+Sf8YRkkTTs9OA+f4JummXvKe2xjJitm4De+Lqe3jzgNkDYEN2E7IdDBqpsw8D+HTYny9plEHlGEkZKCgF/77IWKLak0ACnz13ZEaHdo2rKIkzXcTWQG+D1ZELd2H7zemU4fChdERAl15L8D+TWP0K3zInDRROFeAyudQeXFDL55lBGTfKDxY+DKcCJRX1gb38wMIMlPd2t55cmvBN07DCWvV3JRWTtUfjlH/vL+WWMY0j+cb5aMtg3YXcjmzYlhqhQ4mTNA/cJIatbs9soutAGt2x6lC6PAU4o8tSwFMXYf2zoQznxDygiQ/iQ933CVndbhnQNLdmpQ7Rovl+AJHoNOoUXZUnmKZhPfn8Q9WmKDAe+d3Amhc82Jm+d1W7U16eJ7ULSAkcqSK1cDRbk=,iv:xbvkcdhZRAPwmJqyYf8nFudi13GUEMSE5X306xhMXNA=,tag:jHWjDRIAlV8rEyr/UwFoQA==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvemExcjFLT2tjTlhtMlFl - UFlCQWhtUDc5YmFHU21SdDBoMXNCV2dlbXl3CnJzVmpMcXUwbWx1a1VLUVRhSnFu - MmtmYjVESVJpdFh1UmtwSWl5WE5WZFkKLS0tIE5wZzQ0MENna2EwMzVDUU9QcDlk - bitkdVVwM0l4ajJVYldWM2JqV05tUzgKsJem/g4ckwrmiTJgwtHc98zALWlwmVgH - +O0nH3kcU54SjDQYVRKUWdaCNbsXHEN9wqICS9q0Ill7pD2K0ElZLg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOEJEOEpRWTZRS0VVOTcz + T0pFQlFtQkd3WjZEa1BVR3oyY29qckJZZVE4ClNLZkRDclNPRTlNQ0I1YXlzQUtH + UTNmdWx3bGkrRW5DRDdaMEd6VEExd00KLS0tIFVhSGhneFJ6NFFLZ2M0cEdSc2xI + a1JNZWo3WjRYdjRmS1RaQUZKYjVmOE0KwD5B1U3YPp8qn8q/OvbEIBVM4E6uV3Ml + GwOi/vNGlvevDR++AHOVJ+tzlhCjLo5S4FmFJfNCTkDCz0AifB4Bjg== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEb1dtSlJMKzFreWtmclBE - YUgvYXBQb1FtaFhZRjlqTWk1aUZkcjhCbjBFCi9rSUMzdWFkL3I3c3E0bUxERkVN - TDFaUCtHWE5xNEN4NzNXTlBWWnpYR2sKLS0tIDQ5dTM3S0JQdGJvaE0rTkZYWXNN - aTJQNUZuMW5kZVNJQ0lObkZRdzVyZ3MKwfD8PgUM1kHCa1aaDAp0Iv3zaSGsOWS8 - f3W8gUMV2Qv1FC4hBccbYH2bHuq5ENVhkleIyE51GT+Ckwt5oR14vw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZbHJBUnhjRzlMNHd3NFdt + eXhDWEF1OFF3RWhCUEE1QnhSY0ZUSWFnL240CmRnbGhmMXZXdHVuaUl0V1lTTnFv + dVVYcnZ5b083RTA2dnYxbEY2SlZnU1EKLS0tIGFWRzRtZWhEYkRwVWY5dEJ4ekdL + TWJpMFNHT1lRNXYxSVJuRGtsK3ZvQzAKM6QKBmkddZAjdNdS4Cb1kEuOWm2NLnG3 + fLmTx6e5Q0zGQ4KQdPsiKPbGXEXWKRG9qLaf90c7RbRGPEesTUPhTA== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dE5zaEpBSEYvVE5QTjVF - dldFY2t3YThTalowbkMrckhUWjhGdXFVNG1BCldqV2lOS280Z0xjQXo4THlPenQ2 - WVRiWDAxSFgzQUkvSjVZUEpBNzZkR0kKLS0tIC9rOHAvSUZadCs5OXhheFpERzlx - QmRCYldBUW9zeTF3cmtUOXVuV2pOMEEKDJC7lyekw9TQmuwfPRb9UsUgqdbAVaxy - tZYmhSYhUFBOUyJ7xwiIfMgOu5A4D2p/q+T2MPCmeOSLUDyycE8Zuw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVeXY1bkl2d3FOaVk0YWdS + R1lYLzNFcXhHN1QvN3dMZjN3MC8yWGU0WGlVCk1ydEJIMlFQWUkrNkxGcDdNVnpM + U0pvWmJPdVIvTGRoU3ZadFBONGMzTFUKLS0tIFIxMVdkTFBuSHFpMmZYaFlsMTBS + eVBaOW9URjJJZHM4UHRvSWRtalc3R3MKp1EjLf9Hh3I9dF3Z+LlI84A26erCLmh/ + VK4+X+itppbZ2y5FOnM4I21WlabC+0O6yizjarqC7fByHNeMHc2x1g== -----END AGE ENCRYPTED FILE----- - recipient: age1x3elhtccp4u8ha5ry32juj9fkpg0qg7qqx4gduuehgwwnnhcxp8s892hek enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzdkUramxKVFVZQVJVMU9E - a1pYck8yOEhpZWZGcktxYkR0U290dll6VmdnCnZWZU9uWXFWZ2ZrVnp0cDBteGdr - azVGVHg5Y0VuZi82UUtkWUtLeDA3UWcKLS0tIDNJZGJQNmpHdFpQUVdiMHh3djhP - WURRbGNNWWJvKzZabGxyd3NXN3lKZ2cKryVInc722ZsjoiYel0YYAQZUsgXDx0by - Ds65yQDcI0ttbmMyFN8oYqD7pnOaD1aZYg6cxqzUVPen9iqCkclMwg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWnFhNi95VUJNUnlHcGo0 + eEI0RVczNUliQTJFVEhzOEsxQXlWQ3Qzd0JrCmtJOUg0dFJ1MVNIbjI5MEl2eDJD + eUdyV0t4WWRMKzF5WEVlQUpDY0ZhY1kKLS0tIGltVU83YThiU1lPY3VrRjVFOXRr + YjEvWGZvVlIvcHY2MXVCbjRsTmkrZUkKwnSybPXDYmVjK0wxh3j/TjKK5yudMOGv + yqsn6nOVuJ2EJmVyN1sYZnlIx5qbwYV2DoUusrEDjFKYqVGjXmPXbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-08T12:02:01Z" - mac: ENC[AES256_GCM,data:K1kelYSO6R1kU3hLQVmlPI3vn9p4uEHDQnb7eVgn5PH/HFlqJrRj9HfagD/yKT0hBIehC3R8rxv73SeXacBcCaBx+A1Ty1fj/K18oQdEpFlOWxYhIvRX23NHaaqudFdVRiVg23spOoTgP48+mSzJdE4dk3jQcm94yxiUQy9kBSw=,iv:iSL9knAzk0SLXDJ1m6xy+Vkv6RqtUP2lzcluQTdKG5g=,tag:Z8I+UY/taf/uq4sQ7qIUEg==,type:str] + lastmodified: "2025-12-25T19:24:57Z" + mac: ENC[AES256_GCM,data:WKwg2pSXlqk4ESacn/e73WVZy2JTdAvEMYvm6OLlEZCOA2Q6iSANE6c5Eq+/QblhD5dGU5YY8jH+zL9xX9UotgE0IpAP8uMDvTVGI92hA6z38wSOS454duSftz5aW++EswmkcJY2Y/oIr+kx8qKxVyNoNyY3s+u4tMeHIKx3KJg=,iv:m35hc/0Mt2+sFA4ua0E4DngK4OBn/Z4xVxDp57+HHaQ=,tag:cigcOoVu8fsSMMb2XdWyZw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 4709d34b3e6b83b7e232be8524bc542d97500332 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 28 Dec 2025 12:33:51 +0100 Subject: [PATCH 04/44] feat: changes to battery warning --- hosts/nb/modules/sway/sway.nix | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/hosts/nb/modules/sway/sway.nix b/hosts/nb/modules/sway/sway.nix index 6fc071d..3198322 100644 --- a/hosts/nb/modules/sway/sway.nix +++ b/hosts/nb/modules/sway/sway.nix @@ -37,8 +37,10 @@ let capacity=$(cat "$cap_file") status=$(cat "$status_file" 2>/dev/null || echo "Unknown") + stamp="/run/user/$(id -u)/.battery_swaynag_stamp" + pidfile="/run/user/$(id -u)/.battery_swaynag_pid" + if [[ "$capacity" -lt 20 && "$status" != "Charging" && "$status" != "Full" ]]; then - stamp="/run/user/$(id -u)/.battery_swaynag_stamp" now=$(date +%s) last=0 if [[ -f "$stamp" ]]; then @@ -46,10 +48,27 @@ let fi # Avoid spamming: at most once every 5 minutes if (( now - last >= 300 )); then + # Kill previous battery swaynag if still running + if [[ -f "$pidfile" ]]; then + old_pid=$(cat "$pidfile" 2>/dev/null || echo "") + if [[ -n "$old_pid" ]] && kill -0 "$old_pid" 2>/dev/null; then + kill "$old_pid" 2>/dev/null || true + fi + fi echo "$now" > "$stamp" swaynag -t warning -m "Battery low: ''${capacity}% - plug in the charger." -b "Dismiss" "true" & + echo $! > "$pidfile" disown || true fi + else + # Charging or battery OK - close any existing warning bar + if [[ -f "$pidfile" ]]; then + old_pid=$(cat "$pidfile" 2>/dev/null || echo "") + if [[ -n "$old_pid" ]] && kill -0 "$old_pid" 2>/dev/null; then + kill "$old_pid" 2>/dev/null || true + fi + rm -f "$pidfile" "$stamp" + fi fi ''; From f75f9d1a51e77a2b22c6922e5336f9d9367e7b15 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 28 Dec 2025 22:35:20 +0100 Subject: [PATCH 05/44] feat: web-arm add fueltide vhost --- hosts/web-arm/sites/default.nix | 2 ++ hosts/web-arm/sites/fueltide.io.nix | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 hosts/web-arm/sites/fueltide.io.nix diff --git a/hosts/web-arm/sites/default.nix b/hosts/web-arm/sites/default.nix index 7c10bda..aeaaf29 100644 --- a/hosts/web-arm/sites/default.nix +++ b/hosts/web-arm/sites/default.nix @@ -13,6 +13,8 @@ ./support.cloonar.dev.nix ./stage.cloonar-technologies.at.nix + ./fueltide.io.nix + ./stage.scana11y.com.nix ./scana11y.com.nix diff --git a/hosts/web-arm/sites/fueltide.io.nix b/hosts/web-arm/sites/fueltide.io.nix new file mode 100644 index 0000000..71013cc --- /dev/null +++ b/hosts/web-arm/sites/fueltide.io.nix @@ -0,0 +1,24 @@ +{ pkgs, lib, config, ... }: +let + domain = "fueltide.cloonar.dev"; + dataDir = "/var/www/${domain}"; +in { + + services.webstack.instances."${domain}" = { + enablePhp = false; + + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv" + ]; + + locations."/".extraConfig = '' + index index.html; + ''; + + locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = '' + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; + ''; + }; +} From 4bc85210f9cc60b8dd55eef46f6668a271f08e70 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 29 Dec 2025 00:24:25 +0100 Subject: [PATCH 06/44] fix: dominik thunderbird calendar invitation mail --- hosts/nb/users/dominik.nix | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index 9487d72..e91c9a0 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -23,13 +23,13 @@ let "layout.css.devPixelsPerPx" = "1.25"; }; - thunderbirdCalendarPersonal = { + # Base calendar settings (without identity) + thunderbirdCalendarPersonalBase = { "calendar.registry.cloonar-personal.cache.enabled" = true; "calendar.registry.cloonar-personal.calendar-main-in-composite" = true; "calendar.registry.cloonar-personal.color" = "#232323"; "calendar.registry.cloonar-personal.disabled" = false; "calendar.registry.cloonar-personal.forceEmailScheduling" = true; - "calendar.registry.cloonar-personal.imip.identity.key" = "id6"; "calendar.registry.cloonar-personal.name" = "Personal"; "calendar.registry.cloonar-personal.readOnly" = false; "calendar.registry.cloonar-personal.refreshInterval" = 30; @@ -38,6 +38,19 @@ let "calendar.registry.cloonar-personal.uri" = "https://nextcloud.cloonar.com/remote.php/dav/calendars/dominik.polakovics@cloonar.com/personal/"; "calendar.registry.cloonar-personal.username" = "dominik.polakovics@cloonar.com"; }; + + # Generate identity key the same way Home Manager does + mkIdentityKey = email: "id_${builtins.hashString "sha256" email}"; + + # Calendar for cloonar/work profiles (sends notifications via dominik.polakovics@cloonar.com) + thunderbirdCalendarPersonalCloonar = thunderbirdCalendarPersonalBase // { + "calendar.registry.cloonar-personal.imip.identity.key" = mkIdentityKey "dominik.polakovics@cloonar.com"; + }; + + # Calendar for private profile (sends notifications via dominik@superbros.tv) + thunderbirdCalendarPersonalPrivate = thunderbirdCalendarPersonalBase // { + "calendar.registry.cloonar-personal.imip.identity.key" = mkIdentityKey "dominik@superbros.tv"; + }; thunderbirdCalendarEpicenterEmployees = { "calendar.registry.epicenter-employees.cache.enabled" = true; "calendar.registry.epicenter-employees.calendar-main-in-composite" = true; @@ -300,6 +313,10 @@ in # Chathub id = "iaakpnchhognanibcahlpcplchdfmgma"; } + { + # Claude in Chrome + id = "fcoeoabgfenejglbffodgkkbkcdhcgfn"; + } ]; }; @@ -332,21 +349,21 @@ in isDefault = true; settings = lib.mkMerge [ thunderbirdSettings - thunderbirdCalendarPersonal + thunderbirdCalendarPersonalPrivate thunderbirdContactsPersonal ]; }; cloonar = { settings = lib.mkMerge [ thunderbirdSettings - thunderbirdCalendarPersonal + thunderbirdCalendarPersonalCloonar thunderbirdContactsPersonal ]; }; work = { settings = lib.mkMerge [ thunderbirdSettings - thunderbirdCalendarPersonal + thunderbirdCalendarPersonalCloonar thunderbirdCalendarEpicenterEmployees thunderbirdContactsPersonal ]; From 5dba6280403cd4c17fbe36077aa4056a234ef723 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Wed, 31 Dec 2025 15:07:32 +0100 Subject: [PATCH 07/44] feat: nb, nvim config, install apps --- hosts/nb/modules/desktop/default.nix | 1 + hosts/nb/modules/development/default.nix | 5 +++++ hosts/nb/modules/development/nvim/config/terminal.lua | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/hosts/nb/modules/desktop/default.nix b/hosts/nb/modules/desktop/default.nix index b58ada7..f09fbc3 100644 --- a/hosts/nb/modules/desktop/default.nix +++ b/hosts/nb/modules/desktop/default.nix @@ -19,6 +19,7 @@ in { fontforge freecad firefox + handbrake openscad orca-slicer diff --git a/hosts/nb/modules/development/default.nix b/hosts/nb/modules/development/default.nix index 244f929..1062286 100644 --- a/hosts/nb/modules/development/default.nix +++ b/hosts/nb/modules/development/default.nix @@ -25,6 +25,10 @@ in { glib gnumake + # mobile + flutter + supabase-cli + air go @@ -35,6 +39,7 @@ in { nix-prefetch-git nodejs_22 php + postgresql rbw sops unzip diff --git a/hosts/nb/modules/development/nvim/config/terminal.lua b/hosts/nb/modules/development/nvim/config/terminal.lua index 23fffaa..d377b34 100644 --- a/hosts/nb/modules/development/nvim/config/terminal.lua +++ b/hosts/nb/modules/development/nvim/config/terminal.lua @@ -3,7 +3,7 @@ local config = { on_config_done = nil, -- size can be a number or function which is passed the current terminal size = 60, - open_mapping = [[]], + open_mapping = nil, hide_numbers = true, -- hide the number column in toggleterm buffers shade_filetypes = {}, shade_terminals = true, From 8ae96c9b38fcafcb0cb0616de72f5cbc0d6c24b9 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Wed, 31 Dec 2025 15:07:47 +0100 Subject: [PATCH 08/44] fix: nas pyload filebot service --- hosts/nas/modules/pyload.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/nas/modules/pyload.nix b/hosts/nas/modules/pyload.nix index 05a8152..90b5c08 100644 --- a/hosts/nas/modules/pyload.nix +++ b/hosts/nas/modules/pyload.nix @@ -90,6 +90,9 @@ in }; serviceConfig = { + # Disable PrivateTmp so unrar can use system /tmp for extraction + PrivateTmp = lib.mkForce false; + # Bind-mount DNS configuration files into the sandboxed service BindReadOnlyPaths = [ "/etc/resolv.conf" From 336ddb13f8c791eb29b8bdf690803ec16385af69 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 3 Jan 2026 17:55:06 +0100 Subject: [PATCH 09/44] fix: fueltide hosting --- hosts/web-arm/modules/nextcloud/default.nix | 6 -- hosts/web-arm/secrets.yaml | 111 ++++++++++---------- hosts/web-arm/sites/fueltide.io.nix | 61 ++++++++++- 3 files changed, 112 insertions(+), 66 deletions(-) diff --git a/hosts/web-arm/modules/nextcloud/default.nix b/hosts/web-arm/modules/nextcloud/default.nix index 882d768..d14c0ef 100644 --- a/hosts/web-arm/modules/nextcloud/default.nix +++ b/hosts/web-arm/modules/nextcloud/default.nix @@ -1,11 +1,5 @@ { pkgs, config, ... }: let - nextcloud30 = pkgs.nextcloud30.overrideAttrs (oldAttrs: { - src = pkgs.fetchurl { - url = "https://download.nextcloud.com/server/releases/nextcloud-30.0.2.tar.bz2"; - sha256 = "sha256-kpu4BF6WIW/iKmXc1mJ55b17oauynZm/QB1CO2RqRF8="; - }; - }); in { sops.secrets.nextcloud-adminpass.owner = "nextcloud"; diff --git a/hosts/web-arm/secrets.yaml b/hosts/web-arm/secrets.yaml index 4eb993f..d5b084b 100644 --- a/hosts/web-arm/secrets.yaml +++ b/hosts/web-arm/secrets.yaml @@ -1,75 +1,76 @@ -borg-passphrase: ENC[AES256_GCM,data:BrhH8wtzT2xgfFO/QasHSLQICa0ozkvmoOpls9zvmgCv5Szx1GzFJsnml8wIugWrbXuz1eoa1mRfARlnz57SoA==,iv:Ck+Ek7umFJv2T6cqxXdtignlawVHD10jvuc4mLG7kd8=,tag:SmN+bDxRiBc3DAdlz36aAg==,type:str] -borg-ssh-key: ENC[AES256_GCM,data:4R+kgRD6n0yCj1NCtF+BJqR28SB6zgEmmZoLO58aOWIceaTjsa4xZOVobRZ1rjedzA7R2j9hikEO9K4SlLtiaZdE9q5fl+oKYNjXYXU3Dtq8PMB2y2tFM6iiRAv3eaNJSLazowpSbANL9d8q9NfEB87DJpXdOLUD0Ut1A2pNzRUcY4DneQ57MSEWntOytdSEhu+qxcqIvnC7xPtnYZqNIGkLeayddQMrUMeqy/F5FGy+N+O2025tfDS1q3vuvIQxjZLm39ZFJc5ppHHDZfWWZheEyj2b6B8pyiVUcS5e5ZQmOB3W3CSGtGpTLMoamFhgIznFVmWxNX5a2KJJCQh3ET2RJu+z02AlrfVtBAlBM/i25KJTS+D193FiZ6tibAOQtRMHylPG5VSAxbTNF8ioIW3veHvMcx3p4oIxuXmCQh51MwDeRcAEwDBNf7DZMJzEYIT93fX7alvI/4QFXFaFyF1YebdD6be60mSr1TTE0IT0Kno/FRXsoMfQlNk5KUDnXX9ITDCDrZJOP9fSum3r,iv:X+XKL3sb0/T6l50vYdbO6mlY82qwbmToQQLNHWkL/l8=,tag:bEDnU1O09Aw11/0YEFdDTA==,type:str] -vaultwarden-admin-token: ENC[AES256_GCM,data:oeAuZCbjZYZBVLuaW019QeUnLe0YwZpj5T8xnGGiwknnINZieWKXh7DMR1PE2lvaDc68DkBoRgo6NGYImos/ag==,iv:S51BeJkYRjWqTkJind1XKyDlCWZTlgPI7FPsi9ycfCY=,tag:yBOVISo16gmfCCH6pSk87Q==,type:str] -vaultwarden-ldap-password: ENC[AES256_GCM,data:CVFEMV9WSa9/tVFEL4cu1hKLQWbbLKK9mB3hzV3EO3gm7erx8cLP8UTrMde/6jXom3PwpL8pqy0zasZD5M9pCQ==,iv:vs8KWIObmG9fkEKmPN0rjM2D790277oaBW6dRGA5GLg=,tag:XkJSS8ZAwQWHPRG41QJSAw==,type:str] -vaultwarden-env: ENC[AES256_GCM,data:K3FiH6aYcPkwRj5HSBJK/FhRg1zls9yJETpBjmuzO3K5egp4FNIuPE5iKOTZULLsWSvDU7aLWw7B4ZzRv0M7g6MXG3bepDeSlrh0dXGyq95emR+TChANSShEej6gtBWo+Qmv+lf1pdVMiZVdcLJpsEgMFKQ9jv3bksv0pU7UtwyPx5EHuRJMo+SUjbQIN7aAlu2ZDgxdys3Wz2RKAUoD0+3KbdYKm/m0mKgamFaOjieLB+D1foCW0kAdCYRZ7KJUmoO9xp2R3dGBhFvXIwterFwpo3Q3FAOchJhzNXbGBVA0v++K3R0Q1HRABKd7BAHba/9V+LZkWg==,iv:dP2tHjX/Vn8VrCfzVVr9BOVDOlu88vuKYo8j8NGR/Tw=,tag:0C7GrmPQ9QTRSCdhlz5ouw==,type:str] -authelia-jwt-secret: ENC[AES256_GCM,data:weK5OLltnFADM5Wayx631Wl8zbCOvFGJi78WbsoLJ0jUI0sFvYueOVlxlyU/Y/e62j8kOVSkPbLOdUmnRdUP2g==,iv:WLXhLkXuiWhXZVcAMI9cwcY39fowpIMgdASrkSpnWgc=,tag:Mnf4O4YFv+YSNO6WT0FkMg==,type:str] -authelia-backend-ldap-password: ENC[AES256_GCM,data:ONT3hx/lQ2Ypftu7Rz8TXvErWtgq1CimiiF9QqdbWzim1fVu4d3rhxouNOOgK7C2+1hmjQ+ZRabDzzZPLZrLiA==,iv:Nluw5s/iiTFr4ebO9O1/1qKjU/ifoCpsDLc3scZ7mGw=,tag:6q6W77zpbOV9tXcXDtrmqg==,type:str] -authelia-storage-encryption-key: ENC[AES256_GCM,data:rnkG3Rq4jGzRZMIZLcr76CUR8fKBdqjO/9P3t0yYkKeD31YhDW08UKhDSQyoAX0PXgWiy7lJf4AOToFD6dZM+g==,iv:YjoK51ArmhbKZlehAW4DW6VrK23M7XuAR3aD0mXhD3E=,tag:a/97mKlYYEiMtWIl6vIeeg==,type:str] -authelia-session-secret: ENC[AES256_GCM,data:E8MHokLMjqGzphK2b+fMpO4KC18WZESMnsp9a0hAqVEiR+WX1K5oSCC6lCx3sOPKY2NDAGAO5tqobb+PkK74Dw==,iv:BYeT/NDWE3UCGaQiVrCe5413GEBQr+vLYgUzXd5B4O8=,tag:hCgWpnk7Ej+z82pBqLpDkA==,type:str] -authelia-identity-providers-oidc-hmac-secret: ENC[AES256_GCM,data:2tgvEP1gN/R2QnkpqvAzGcwzN7yEza9mC2f2mV3OrJKPONYWLiI8AXufuUT+sykwAy6RKtUK+FalbKi9cKS/zVEQ1HG1oSS5rpMoAoLqYhtPBa3ygxv/aDwjor+JxNQbIrzDp3a7esDAs60DXEIk+OWP5SzXbQgKG/fqJfK1nWg=,iv:WIp/ljDJjz/GeUpObbTICgQfej3g9BOrrpUuL0mdpkI=,tag:l3pzZgxsNVXouaE7IcOh7A==,type:str] -authelia-identity-providers-oidc-issuer-certificate-chain: ENC[AES256_GCM,data:T/TMzRkUpf6n1Nu7zO7G3rKgCwbBHO/MUVjDBCnEjskSZvXLod3QAP/i19RuoCOHzc6kzTWJ2iqvkq6gFeNWFYW9BBm+yPbAVe0eZOwRImJ2GjKOGj/WU4THEj9BAJLhw1Hzp7dGSslws3nsu721ORr1Wnrf3ByGrYto8Ure6dcLe6FBSpXhGF9VNJJpkwVHUnfhd/aGqCu6Dmyzi11ETwFdsq+7KQr7JnXQhhpV6of2ZqsxM7LyPCJir4ZAmawzjJ/C3N/8HZ3gCZmbnX2zuQlLuRpFAJS782JHcb0PXfxUyERSZGKcBmY3zSbKSp82/F9yDtzS1JRWX030XNv2/zb0HbnpAf+63DEf+FcpKoTSju9q9DC3TH9YthCYp9V3ezSH/uO6eCgQuGEUFVluh5ugZSURhLZl4dqp9/sPsmc1WjqPsbbdOL/zk7FnLe+0SfOZy5/2ncL6DYSMnU6F5s4aNurs411RksK2Us1QBpAD5Fj5WZagHmKr7+EHuWOmqmXOWraKiEqwLTUAj03zqs4eJqZxfCW3xW5MV5c3fh8MBtqoDidM1fOvTNnjmhdRhEnFuR/JME1bKwFo0zJ36C2AgRP4Ds5MJ4ct8k8bXhwMpz6gCdA0X17EWw/6UgGJNfIFv03ZvqkN+7ye8bU1JcbuKD0ER7MqS7KkgCcn5hZBS9pUt/x3mZwQD0do0T2QV4CnknlnA7iCo00Tyx4BGB2hKS+8ogIRIFuVAVh+1M+W3ZMF4CeqDasQU5IUT4CGnHxN69IAblliU8HailOfZPJfxrDSowA4apjXXkYir35G/2TnKXtVJGGQ9joprkMVxbwPoSLDVehZoeOSQrayr38Bpp6xMn5Lm2Y0PafIKz0gvreVVTET4cYEo0qvhlaTVvTKfbK6VQrTuvicTo2qrMbN/QJJ67gzux4ClbHCrch8Y97pdNMhSOAD6fdgcn0uOmMyDZrVTHxWSa8TrxLBQIVFi008K1pQiK+vI1vHoYN1VevUJtLtERlP2Vrwu1R+6WduDWkGsQ==,iv:u7zW1WUB7m1LnVLp1EiLd67U9G2NigYJo1e7ifjJCYQ=,tag:j0vihDwR5xOSl6o9SK4kcA==,type:str] -authelia-identity-providers-oidc-issuer-private-key: ENC[AES256_GCM,data:vb2qzLk6gZXlxeAE0046fWje24Dmm8MJm09O3nnwdJ+rRu2Nj4mYRUCvM2SE+qBG32TgrRWScoy5HiuQiMSGBt7XSRJ7V8x5Ov956F3omxhijoLSOWnpQr1XKlQAoIVy+j52jfgmzyJjU4pIpjG521/R+450asjUoihe23GlEPCM3yFLT4gdDTNgFlxp0myuW0fI8WQpwrVO39YiyiXpeBq+YumnTyvScsY75IbY0I9jdK08Jv86mRyhKkLvkcxUA1mBTuhIw58nCoV87A5fUu9P6twYSbN1Co8A7r6wdWHqDTPuntz7rHxm+qbClg4xNMDDBPkzgbXe8wordrdfA3P96PLL3L89RlIUjXhYjJxPB5ktN8cK58X1BmmxDIn9cnIOHrem0d9nfTiGeRp++nrKZo8CHvx0906jdu4e8BvwGj+uhWtk4oK2wlx2bbCMT5HGADNu1O55RGXilMsoFqqR5BAYSHNdyI/8Gy+zXgYqT4C1zTGo+Xlwjx9FBoPRl/iOI2GRX7f4H/QAF4y3rDvukKHprVKdB0CUmu+jpW27DCKc5js6iev+t8wIhAO+aHEEG+PG0mjbqVsxCdIAhyFC+hB6yNtPUEZcFjfRR9dIDJl5pBGh/smG8dJA7RtYTSjNlcr4Vhb0G5a6YH7HpZtAE03A/TDTciHy5mHtzYf5+DsQKfXjgGBaul1iOQVMERJI4Fe/DTF0w3eK30fokNVPZlWgHKbf60RudguWvQ+lB6gBTtfGVzzrGrRXuuR/K6hC100CtyBqV5ntvxwZJZK8sfVWv3XALH/cUcD5QDNLks3j19Q/0ugsfwDDA7FmsAtyL0GKnfXNK3LEMNb7q10h+fqbzXxg3cTg1X93wRJHF97AaJtFiDIGixzKUVh9lMyyeY9hj3a2rwbwBheV7kJC7icUSLyi+lVEs8+drQOr/lsr6xmckGpTV9nwp90YqLnVO00ZKrePavTSxiqndYLSP8cZC0peQDL11tWUdnMbFLFebBt3cElCO1UIeIH9SEr117iQZI702Orz3mr/irj1ykE1OUKwup+MnGAhvIMU1qXVfg0XFxn3vqAExebcQ8ihclZhIOZiHUKSQhXVgDGJ0O8xFC7gK2C3l67Zmk5bEXRG86gFmpLRzMNrEALY/5djpOpWMoftuMa+b2kjlaDIbYZqR/3k5d0aM1ZeXz5RUHH70K9Z33mQIIykO6qy0JzaY08EaXqPIufCi3ThVYUEhQlSblOjY1Jva+gwRGGgWn83p8Z5o7SXUoDGSRvfXf5jL1WQ1WiU8LNCVHJTMkwtL7Qco+mqmtmdiXzooYIxyMuAsIQqMuW7eRZTjquy6lxTcUX8jT4PCsI4NqcQpZstrN2JnMMeg4e8rCDBfYPAuQ842qwd9GdS6jhmmdd2hkDrdUk6M/U5647yoAIRXmxySOW9XcVT1M3NOwe/BwQLzxlxtEyUsl87D+dvALX/XS+eDu6AGP2Sdv9buStf50iL3uBP4focGP0V6CvqH97zHx/UWRsJqBt9+JDWXSxsX15Iy2hEBk9Hrp/TZkSsCkjjfz/jnpacZh9iAoE9pw9dI7S4Ad1TuMj+OdDo/l6CIY7nTRZC5cU2R6AQIShwxiXZBJZ3Ju6/Js9ZhfXaNLWyrGBdWkeNCu2wNk45H9lcSI/OOCBfB5E+RVXAJl/7tiNK3ayqn+ASwguIze+5iAveg4Jti/WZS/aA+VzjKJ3rYPMd4rm6FFCJofFYegaTR318WlFPd03khrRlbs9EH0wcUgHqkUYgoRDWYeabG+JMVWPq+U9rBgER0Q502Hzj84XYNmpTm8P/n10YE4X3IfgXRYQ22hkZfaLuaXehV2jWKrq52foIpZC2qM2ABFou/CO9Mm88IM7N8nKjdZx1V8TXrlEjJIAHvxWSa/LR6pqNZ3925sHSH5pT4g3SJGlxPtiINYwUWQ9RwX28bZfIxJy76XXEAPGEuD9B9GXUdyMAH4rpiF+QjoNDVFN3l+wTkyzUDzWc7w0OH3Q38vl0fkmhU6X6TifiWxu8MLWLk9dHhKrOxmtknCYEzoCmI51sOTON7FQENoIweFdZL88vGhJzR+04O3RvKacWZbsE1qXSq19vSjdj7LrsDUfJQyJhwJKj2L2nHbZ8MhSmD7RLLh46JKuD/zOR1Qgv4Hy5Njikb2PGzXtcCh4TGQuObpD0q4TG2E9cczhU6msue1tpOLAnpapt1Pw49hSOUc/QmNBLQfR1cQuuVVR1xhZUtXDbVEQXOc6kjtP7vMmVfdv3N6iWdiEZC6iFO3WQuCrefTsP4B8eRhesDM2gdR7DsSgQy2w4lkw8QKiWC7RZhLklTccroPT94RColdbxFNHFKfBi8wbsxWrl8OeS5WLn50tHQu+rFrR62QgoCHZeIwQ7XL4sypF7VN0+5tA+y0pkgOzMLPAWzb9Cg70ml5bkXLX9CqruHbOFB6UsOBXhsWoqJEGGbppxjuL0ad5EoqxXAjXdcdnWp7vuYbj8KoGgK3KufuHMmBCIK+Tnxx0RHEDP3qvU5n6WLbnR1gNxl8bksXGntppG4y+TJixACk1n6t0ohMhr8tKOJE+bw4n4subVkzUz4c58hwXDzFoFvdxpOlmseE4l7sBU8pwwnvD2Qy1cvzvO1j2YWXru8+tSSUauETtAFFXRBTd15IfczqeAMgskjjemYcO79oaEBV4T+yGdqbhvei40c7MobL0Wg/7ssbP6VeoSjPeJ4luWBv+qx3PzgoD/WF6//jt7cegexVtgczHIQMoTsZquvQvt2E+nPHet2h2cvnwyGNsvgVuJPcQvPvV181/nocrpbFvvfDdQt8uww446l3bvY9SGKWNdmkZFGztodg1CkdwliJh3lYA4IaIl/AAhdFfvnIkNJdv5KbZ+GVJ6qW3wzZfWQb3RTc7/tWJbLGbVaWQipCfBGxetSbzUzfdPp9RC9NVMUP2vjy8j1HYo87RsSUci1tjgytBQGWaV6PZePeOPm0XTzlA5Jl1A+yt0zhjgeG5M6cTCoFUYv13mY6Wu7Vw1nREawbwXuXV+CFhfVBkca1ktrxyGMGlXAZFOaFiTaqPzbgfhTO4Z45tA9VQrL46MO0/Pg6qvOJ6EdJsQYYa8LsMFX5JI+8fvf2IBzF94d2ahEb0pBTbl8MYE3/cLEQpWhE0YyMij05asSdAg7gWcuEfQS+94yIF8iCJkeIBMPdvsIMhlIUH+d2QnlnCrbazudX6FX1iI88Qf/TUHfdvA2F7xH6gzkBaJUEXso28VNkmUHN7wPQuXkYMIpCk2FHH3vQXgier5ZnUppk8Eo6641fpE9UipX7wkmHbxoXpm5cQrtP/AFkV5ZRZfVCiI9aG1Tu4nyW4nvnUX9U9zzXeWRxPjmg+kCY6eQSYlZaPKhbfUdMAkYxQnTp3fTIzNcAOh7lT+AY46OgHitkHGKuBucVdl7zf/ina6valHKQrtaK4WoCRYVh0p+T6Z9E+WLfvZPTnYua0FYvEIEEm4L31esvEJ3bd1F7i8+VgO3kcl6WSA7fuaGne/8ywSoVG5+fUuF9wPmRv+6l2wTwQ2VKTQYSGUamtCjf/Icw/MtWSg9OWoEm4q8DAT6khZSMD0yvg2lHFwjppDAWPpo626T2vUu/FBNFOMGBShTq+ttn4eMaf2ngCIe4Vl7D67oACdDha94tzBJRPtfMwNB/MKIxg51cXPaSa2xfqZXaI/ZGTHoo45vIlaSpdR2TmF+K0bu7fRdD2HyiI0yT685XZqjmtcds7s8jbGeNcaJCvAdIxFqbWi3rwn5Mv8xE1lmYjChLSd654Jtuz1WFnMoQI+QbleUjB9NmJvP5G6lLL9+Th1KJx4SSVlDLRy5SrTp9ziM6/Ew4vfniMpm1ySTLvPu+X8Xy56uy9FgT5pljZknktXdJ/mtMUjI+URedXgDy3oZPz37psiPg1iSLD9IFOYLFrjucG7HdmKRLtFhWAKYgc9fYgCVr7GvCD12Kb95ZE8HeYfdJOfRKeAUFb86NqLQ7lMSQ1kW/Ar833KeABvx4tLDPr+OJSBVZYnShxVHjCPKxZsW8/BPLWZHHV4ujogs9LQ+mbwP68XVqa5PxkaFoKQLD1NVSUtkbqmGkvpSWMw1kpegkePuHyj2L1PXFqS9QT+BX8SJurmXfhyFiX+nQRVbhswE8yDcFqrPdkFrciyAYNP0EtDSpLKrY0RAI1BuxgSkOeTRCiXNtDHP4i3EChA+HmN8bwlwzTGJOqw6Nn+DV/PVqiOtTc6UrIsRLNwBLr1oWPMvzwNVC0RWmQJ730e5gsa5gndYL7dN+p6pFVM+tlj,iv:SuVgw2oMtve+sfiZrlcNusbZlnQ86mKFxRAOgLW9VGU=,tag:fJcXqLhBc64f2FRr8C3FAQ==,type:str] -gitea-ssh-key: ENC[AES256_GCM,data:LSxRnX5LH1rXAQoKvxxvOjClzp+jSgvJadaSUT/vJgRhCwFjKXq8e5LH5vufTvtRC81xpfpapbIBIjmSCVVQvk51x7A9JfEh5EEeyTkxcpjILkpqw78Mf2OTxxSwVPlhN13CuEyKPTtcC53Zk82LzvsdmCNEhL3TE3c+EVldVdYtcVdxDN8hlaVuLQoYe4bUnmmJ3V4xuwoViNMOoGynHZq1mpvl/AnuEz8IGefgwLfx4zIa91Rb4NiimPRi/2EtkBxTUlm+eGeKWNqJnOFt5ISABMnPXgj8XZvfaW9SycUWZojfHo9XlwuF9szrMHA5lhUNRt+JHQ8RWx4IERXBRYZfQ48hLp23vBn13O94JXQJ7KkyvplcpkdEaXaPEBoWBPt1HNsPDyLrLNVpsY/Wu669SNyApdraW7JG2hAz473D6mHPQ4v9IWtT1r9X94DC+H+vrrMkd50EsUDLTljCudFFZURQwGfIZpXKoFfYfgC6vwbuCHCxgnHKO7acllVGkLJ9LNyy8wEAwU1T6oxY,iv:+I1iy7UBTdW5k8y7Txm5EGVCIEGUlnACtspchO12cpI=,tag:PJUJ1RFPyXv72682jSLaIA==,type:str] -grafana-ldap-password: ENC[AES256_GCM,data:NODPy+F6BPkORxF4nYG8HZQ112S7ql8lMlwl304PoCACL+4pFbZUEk/OmCDmLFMv1Uu0mOlsQPkqvRfSa8UENaICGAncj5nl+AE5kC+zuLX1yNS9UkxLTfenQLWZOhs8aFb9sn1y0O/ncGaXjMgCUIeUAiPgIdpNg7gxrNa1GVM=,iv:bzp2obHhCgY4aEsmoEGSFF1zsCco8FvCwuxZ6mptlUg=,tag:Xvi+czYQaw7dmtdJnjyLmQ==,type:str] -grafana-admin-password: ENC[AES256_GCM,data:wOgAXEdjIn0j3vHj478spVlTcXH8AdmVOxz/e12i7UVZxii5rXK63BfVCuGUbAr6JFaqe3J9x2T26J6xu19n7MTsmqHPbyvSRWgR5Hkx4+mkqm4rgIsq+TaRyLzaI+cCCrt+VAsZQ+orz+b+kyObQ77CKF3RKnxKU8T1uIlX3eA=,iv:G30viDQWOs9VLo59jVGgWlNrIKkTueuaF7j6K8cKtXg=,tag:X3Xt3fop1wRrmzIyg573Sg==,type:str] -grafana-oauth-secret: ENC[AES256_GCM,data:RPS0CtHygPCUroJSZkwQqEk65KS8PjX8GuX0wkwhONwT0WhT9mXXnmtQ1TXVuNKPOHz4EYUCSdvQHoDuO3PDTZE4tH67afCI,iv:sW0UPeG8vc0nccXRFBBFmfioIL1lc9BI82FysnIPNK0=,tag:Bwn3LC/soBjGKg4hpylYhw==,type:str] -linuxbind-password: ENC[AES256_GCM,data:G72EE1D50U111U55EUSVrtJ3h74YjvE9VyGcmJUMFczDeg9uYu2cl7BX3RUjMByBPgxKo8ZmkYHwjXS6CiHivA==,iv:2m99WHTaBgErck1cG1pfYFJ7xP9da4RKM2RBTsIMCQM=,tag:XXk+EM/C30uG81oOlQ+LEA==,type:str] -sssd-environment: ENC[AES256_GCM,data:smzU/p09zOI3FbKDet451PeH+GIL8ZMX6CD7DpEMG9Q3CbihQEIfKMemLuEr30lX8eac1Z/Wj7wpci2CgRh3LVRX4fDd+wAUknFfYeF6DZDeige71OdJEyVfQg==,iv:LYoedluwDJIZbY+ZU1uFtH9z5bdv1gLMYJmk6q4P2QA=,tag:1LffA+9QHdpLQwh43yHnXA==,type:str] -promtail-nginx-password: ENC[AES256_GCM,data:OeC1OtO0SxPcFROXHY7g2qX6isPkMTWMpPaP7FMgSA+oYydcZ8kI/0dWOTpbXiGssstXv+muqkDVTA==,iv:Ur9XTgRrbH972cIkAEueZEtZtPxmg5Bl8WBMR/RAA+o=,tag:ZR0PllD9afxxRcOHWDLDkQ==,type:str] -victoria-nginx-password: ENC[AES256_GCM,data:Qy7u3+ck8jEllvqgjYYXRqL9+SGuPXegLV5oUDN2moxynViQy+5E1rCCUxnpRCa8poC/ePo=,iv:tDYr6nggq8jagv1JXPomNYR+tMpDMXWR4X1zKIvjJ/A=,tag:2cH4Gv3mQnqawtaaj2Vo0g==,type:str] -nextcloud-adminpass: ENC[AES256_GCM,data:NVH+HJOCG2dSDmDX7+O9FErf8D6kLwDsBU6Z9gw6WOoBekUmrMbqzxaUQriBy2uDyA5BoI/8qSKe3DHRT7ZjPFcnDRHRQOpiwcIRGeG6WybL+nVkati/TXeOUMR54/G9GPfVylUxix6SQLkbCADRYznJUSNQ8B5UP29DKPXgYUA=,iv:FvZHqeFM4jyNBP6zjkwOMBK/3WRV2Q7fjYc2zcYwEOU=,tag:HFxVu82rcF11x5YFLnpYFg==,type:str] -nextcloud-secrets: ENC[AES256_GCM,data:OtDycB/G+JeDHlgZPP+fwd0N37U2NOvmRGnKpwHvBhSFIiwrpYiVrWFi29HW9B+RzulSpa1tSE40xgvoZO6bs8gqaGcfHgr+UjEYHirva7tcfXYBBlCA4OH+OwQgAxVQCvKeXADKykpgvMk9mQ==,iv:DVj76p9AUMVGpwWGSh6ksu6yzevbtaxs/lIKjPiB+6w=,tag:qSvP/U/ihzkL5MKfx9yKvg==,type:str] -nextcloud-smb-credentials: ENC[AES256_GCM,data:yJh+rs6Vh1PgjWtNIUKpfYmFg0ftRKhoGXb0WpLqVZx9iE/Z6NC7R15oyGZWNglb,iv:yBfJKRJdhC2GfxI5HvSDy/GWnHGLealPQZqAMTW1o/g=,tag:8zYBbgNyVQ85InTfRgScIg==,type:str] -atticd: ENC[AES256_GCM,data:Q1HFeO6Ax3K7auo0Ps2PphsLyjJbKFm4FhTKcDG2tg6QQsEjNwTbjV4tOo1MIpQKhsJ+YGKl8JQEENUupW/2eR0ycflVRcCHDrDEabXVAZKR/wezia9kReA3UobzGP/AHF9Dmnzf9mwUGtOjnd5MEL6exSXUyZcntXp7LXxZxhcqPBYPqJqJLcQW2illx+svQrCOdJwS/Zt8k5nNkXz/jQJGpO2Oj7GkT2FmS7EeB/6ZXuIgSlyxVxRI3LX/FqOi6FhGdrTpY/qxv7pB+IN9WgM7ilKSqvsBmWtQeTVbV6wqMLQQpt7d8hnuNQt+jIWKkBr/l2te+bLWwCFxJnbAx42z6w7js7G0LzwhtB1xWDWgsHM8m9qk91JNy1VUalMn1RppkziFoHk0lkXdjfcohsmeTYeaw6xg364xX8PBBG9xjfmNO5pNEWog7ERXMGVLgT/v4zdpRrVsFUfgcxzSqs8j+yqkc3jYLHLSKdXWQn2RXMn68f6vnl0Bo4kW9wEfwp/OWvNs+7oj5CY5U8HoZIM7ueX/RombBM7ld5VXxPlU4I/dZgskgwrNZ0MaNIJpAZ5bi/hPtQdTLVbqbA+0B/6u3F5FeSCvv5cYms4rfqSijoRqpESWx2GxRmZEpadOsjbzZLDuf2XEmCZqFzsh31KzO5Az7uVnw6apbqeuNKSvrboJ7wrKFd2ficM/mQRrF4i7oNxY8R+8UCD4gtoGpV6/J6otjoqcQ/JRwrd9l1sLUeG8NUuxLllGvbJIAnK+1wfYTMeSDQTsHTgC6XiUK3R43pbsqbSwlVjejrKiCzXmK3Qqs6GJpjAI1drMOPG+mCI9OBKhKj0XeJLU1z/8af/hcmoUj5CUDvLTKau9lpUjaB5zFFKKeSm+CdIL9aRnaBmXuVCd4DAUWqU9EynSksNi9BWXqtBzEvIaf5fX9t/m8Lgcw+GPES1nYDtyD3HYlHTTdMzdo3k4cUSoUzTFuxsTbwWInXo2AHpmy5XdeZunru1FAfdyzZi+WMUNBhEGo+ZQTWm2Dy8OdcbTipEWH65cdt58dzNUgbTRParYDXbt+cB9VtuGEZ9wwiO8ZG7EVk5qUrYAcGtPzihPNnRjZAn+iuXk30QK8fCv3nCD/Gh3lWyt7vxnDVfi2EZV9oJTdMgcS7sJCp/+Blt9zqu32LT26F3EkVG/M8HiTvv1BF7CX75QAG9J309y7gRrcE03YRK0QzkymZACHYmP7jdZHtWmZVJpUe33l4jxM64MBNeqZFQFO4GU1n1pJ0/OHUce51BNsKnp0FZH+Q4P8CY3IVY2VhTdmm/L022crkT54DH9zmSCuEfy3eecZ4libv9mOiTn0P12VPVa44h5WpEP2CoNT+mhQ3yz/MV1Yce/Ywm5829clvKVpSnwVMnmmDJAVafb7F2+tM6DHgfKVxGJnP/8ebJ6QLvCpgEQdfvp6/m7aBgxcEKZtYcNM4ygM1SLA5+TrPzfgllKgKhLpkTn38q3VGxJ2uBRPaP1C4ZylmCDZHQOgb554OrniwVqlepGa6J+gUzQys4Kt8PXXX3RuDE1jbhFx2qr+ZZjOCRYanYls3WDxKEJNApWxMZAKlLV9Zb+CXr3J6xBO43Ja9W0TQt681XhrHqpUx6ImfSyR2GQcc2ZbD01CEF3dkeOkM7mn+Ybz9v3Q7JABYNRdxvPFum3+ch0E/4Vqb87PgId5qtF8zaie8D2YguKzFi1GrhLC+CfNDcW0VrhfqwJPjB2bnGwE9nbKHvvvttgqd/o3Ewpd8afo6vmRB4aMf1Lj7JwKt+xWdYzT+ScNPO5vQ5CtSBVDlZy5xK6vRrKVj5H7s2Pu8ZdFpmwrDawZGWmHayZ8u+G3NuuHnGTT8YPkneHxy2NPIqv8Ul9hnf1VhrIzpBMnzkL+BWPUaza+jy9y4w9R9fDg5YgBwubJ6XPiHExLqPfrsAJkwvhiBvl4IRnyVuXAiJsz3+On1/FaFDDNGNCPIlsIbJ/Rc90lHDJGKkrvbneLJU4YhX+KdDNQzxTrzwYz6sDDZaZPSvXKHGKjNI/SQDHzeLQjfAZjGftRyWsj8ftGAMw36Oz/NR8DZ3EMqhS9itXtpU2UZgwJDY0A1GTISlhUxW+vr30GzkFTtMghN3UOpdHBr420OJrRAK8WjT5pzXmi/KNHz1D1dC43PAerA66ZW9sIaSt1fOU2ivKpAdK0nFCx9wHcMnoPyZ87jx3skRZV9rK+MulDJCTt8h+RNS+wSoh6UqgHaG0GEHDf8TDm1snKj391MTCvhm3mSB8Kta7y9DNmX5VUkQUJTLmKsQHrtatCaRpulLYPcqQqBBw1Si0ZoQXEkJ5gCGa7TM6AohcD59ItLOFUCggTo9eBrEa/0dJoLO2qBkhWWsWgYdubnWyh76/hncrxvut/z086pp+oaSi48QIhcD9ELQYO+LKmsaPQHBS8ZghbquufTAQP/ou+SD8Hj26OTLcWwmc5gPijUxFHqRGEDxkriytqnod9pMAxFaaY048QnubrWt1lAxHPzXDXLrnQeh8B2K0sqGYlmOqCP3reHcuntG+yT0zsIjgQIfWTLj/92iaPSMt7zdWOKD0LJIi/2RZT1jqKBpZKGGaofmSQgqvaVR0AOTr1dNvdB7sMhosxTpyR2Xa5dTAvyL9aloCTd19PoZqqbKFSF+ckR66hvuonKX0WRKQBFxBE6g6kxziqjxeb9s9r+gMbYOANUkbao2YeeiPW7MJrpqCEwLJzHXrpBrODGN5y3wXfAgZlbhcW4eRPGonoldBBHizXqu5Mjy41Iqumby4TxUAXtHh87dXRmSxVrV6kuP1nv+9q51PppwZCae7Jx55Y0Cgtz8U+kD4/4gUWPWMhQz7eZip3Fk+epOrLe2tGdnXafMy5opYo63Pw0iQMV8Anp7d434iQ1mrTIDR69NRJhFfNL27pDGkCao2CEDEBuEKqQ9p6AmWGQqeVpRZSdBxZKCeJbSMLM775i8NH9MfHjzCc1Cm2A8R6g2LXhXgVxK+yhb5Tf2Q2xagAtUwwV8WZs/OmkPO7dbAbuXpSMrVn9n4gpLRYCH1S90NKAszu2ywrKQjy3r7+lfjmoKnJqj3hE8fcHKslC8Lap5uOFcOGZThdJJ88kAh2c+j+qGmhH9s2o1RDkb1f+cfG2mYjQLTF37NNdxtMfKq8svaTvMO5R2RLtXX9uOOHVM/c9ZZuY+vsnS0DgRvgLv989kcNssQn9d588XFmB3OafAu/7j5ktnbOFy1wxTNInawEfJsARAGlzBTcHXXDdKewC/tLonFxCQuOnjasYkenJYuOtSu2D1wSozB69w6P3QIg4ddiyBRqyfeTalRsSQIwYL0LeD9E3P/JscvnR/MDn/5sLHXKsnZLhf41M6Yf85ifTuq4/z52LHkvZeVpkNJR0A4ydT6cuoMnW9KaUe321moA6tCWd8xqvZ4e42KqIOqEyOldWvG6pSTmJCkqW3o2hEhnj4Q8wWqDkm/25DhOfveV9Edx7SV7pdkmricr4fuwwyAhvh6kfyhqBGbZIH9IiUSEZatEaEh9dbN2fMErwEPiJ3bAH917tIqfkOfKJ4iKEVi2V/0acvIvvwFhgw+RBqTJ9Xzftc1ScjZrMc4PakrCQuKPprh/avu2jU6Q8yjT431UgMtByZtK3kJIMDevwppQJLXdURj1dlGN4M6z7Pt51iT2/PBJum6ElSA/uSx7ooC+h1jjBJ98KrXwiiVY/AJey8sbA6dUEjJ2UzLrLcGGmyzc6j4YzJ2h1GU0hr26jW7+c2fb1w7NWtYDUi/WISpX0ymDCHtpMhN+t1mPikzPMQU5tMaDr39N82DJDvDs0mXpEd9UEovSDMqYp1pc3CbRQYtRa3TEMLC/6mDqN7hMSp/clxEKTDc6zCOP4k5aJhLY3fOJVJu2/V/5QELHYpY3vXvqAxlHRWfYoU6oT/Sl3mVP4vHPxDxZh2Kr22iCOtdCFxy2D2F6C6C6ncTKEwVztx+YKvPMOgqW9nRN3zRVSHAQ8oOqCYwFDPPGqgp+bepItjpe23z01w42MGOKSGCh7zp1UB63acwZSRq9D4hdukYl/7j3lxhToVmKwc+ZpWA6BaaRkwxH/QSeFG2MAV74ChqNOB8fiKQA4LP9xtNxGY3sAQJv+0BQUXOdZSV6RXb4oYaqRBFFPw8bzUGaEC5O9nK+ZY6jEL4GHluDwK7yGP5uIhk4vv6e8TQTBFW+0reBVh+JNiDHUwdV0Amc5THGAkuHHSopvDSuSFa1NrlwaDh96pbnZ+Ca0gasKtuh3M6ulufDXXrACNRbmVXNA23HyLfGtfgmgoLfNexhB70JSY4NM05MlgNWfGJOKMcNX0/TS4RArUpfWhemmxRmKx0/yF+NbHPI4HAsHc6a2N0v0aCSBT+hcEr+BbnYIMeEwfhAd0Nk+QtSw/PnsY1rodjz0jE5CsAB0fuxmhOSxCz61juuhZjzgGG6iO75UvQ8nSuaAxGmwn8s9SDB0DRPcQHRsDXdXT93iaWyPU7HYYoqBiFVeZLaGz3PUvJUqRY/jVx2ofSfY38WZcK6PLXiEyXTKMPwFYGgDcN542pGBajbg1EjVtt9bW08er9ti9qInAP5IAKewx8rmlU4He3zMZSFc1/IufaXgBXoCVky5lDq4NhxlXn7qk3RwV2pTpipkkvMl7KsIJRT42oJiqJkTuyd2OtcGIvKIEbszv1qHMESJvv7TQA8JiBihdUkeegfDJAmJCCS32qktvzoIfM2ScAY7zsifllHQ2+lIdoJefFzCVt16BBuV6OvASNN79lLSkDPKjQCML5yaw5CqiauLBmzCCJKAPYzeC+tjeXBjgs7nOcUBf9iZJ5QyCks0rKPYYWD0bLhbb6TVhPpcezpTAx5I8ADLuVVttoDG7Nga02+HQv1BYqzrZfxXxnVYzAHrR7Symq7DqolfA+f53zd5eM78+CPiYCgCcNctaspNlICrTfWwg/60KKgde6yC74HBguSJAzapa+b/hHjS2aplHMuLXVs1DEbOUsXvm3Fy2sRnvw/3QJSh1Namvc5kYkcASXfe1nDDcWipx6qGrE7alDdLElYwZz1UKZEuPNizb3KnJZrUmJgEj7Q9R+GevKv/33qMHyKZIbnWDi7iYnKeonVotZSMI+EbGqluA4zzGwxrUpKqJVTlzI8LrGaXxMuM4AsZG9BNphwK8E6+I4XNWEdqslIJum2mfS6xmV5QTEVd865Auxbps4Xy4nxkA60qVbrxcRV5HqsTcelx+ldMr/QN68GhWNvtA2wpOGJRT0P+YecrqU1ERG6OsiPMxwKd364GgCiDQgtOIQ9e2YwLpehpvv8aXXrI5u7IeKOD9dSCnVdk8iDf7afqVUliHK6mwUr0JKFkMqtFA637Getr8b/fS3NKZxUHYj/Oz6YxG7dANBOB0f+nHJ7a7Uig7nRlDcYJIcEMyMZlHKhBptIra2GqWbyvMECC2IuXnyCmgAMeBeoDfFpDT6K+UqVBYPpMuCJ1iTEiptV1CZ2uyhZslMks6NybuO40IosyW/MpHsp4l7z+JjaX6gTAsjQbpEOKDK7mMjfvVgF7nB6rA5dU/dxB08Y46NExdQzq1dR699LBarPP5wl1Ab5r+k0HLzl1bODoB2jSAgPtPdm+iXqX6vbNq2H0I9d8xENs68ZVioD8tULybIXu0INMNj4eU6daJsqv+6KsYkUQ5oYn6+bh2btnafducqVbCmjpvI6j2SjAL/M4HYoQ768MJhi4SPMu+mQ5Bg/C3BlCjvjyLbcBdDFRTC+0Q+x2Ft5dncR+8ctZW8a49yMhLtDzyD0Sx4irlpO7lnbqCJug8Mb4UxjiB4uq949sRIunR+JaGNC6VZHLYS89w5RKwvxTj3xvnSrEHLKSD/Cqp3xgXfoqmCi/fRulAQMqirTA==,iv:gZkx11U6Msg318LG21cjy84Pcr651i1nUlLMHQNQGcA=,tag:XhNjTlUujGVVjPnpMk8owQ==,type:str] -atticd-smb-credentials: ENC[AES256_GCM,data:WsChTmm5SNIu5w2ER9HDa6bCV0PwHmAEeJcm62jmr67NNFeW6X5XeZ0JF/LcBK7dnR4VKulQLcOKKxB/oVeJ59HmJwR1BovuyBvOxQ==,iv:EqfnKPpkw56Oog7K9SDocnlpI5ncemSO+Z1ah9HcXXg=,tag:kG+kueSbbY7hNrhfeyrAXw==,type:str] -pushover-api-token: ENC[AES256_GCM,data:QvZviQKL/wqEZO47vACay6Mf2cDMVA7LQWZMZ6Uo,iv:xt6IcuH/HaJ62vcOqrgDMEt0dU7OPJ3XkhBfW7V0VAs=,tag:FZSv7si2woKW4kR8yJXCsg==,type:str] -pushover-user-key: ENC[AES256_GCM,data:za9T0/UEDA8Vtl7H3hHluZgQsu3Au9S8cWPLlAl1,iv:z2shZw54mnO5j0ppWcWGixujghAUhpj81xbbbXFJjgE=,tag:OGroGDqN2ZVINSC1AlR+pQ==,type:str] -sa-core-mailpw: ENC[AES256_GCM,data:ozhmMgNsXzxM0VM/mANm5HVH+efDovfRLmnX,iv:H5+xSonhgDZjU8sPyz4LG12RQXFCJ3oHfblCHXCE72I=,tag:OFjNplwD5FNpEI7huxEMsg==,type:str] -zammad-db-password: ENC[AES256_GCM,data:cjTSLACwe1+rQ7HumIcpaRpFC62uV+0VureWi8ZwiS5VdXI42ZYuDoNotWx6nbZQJhxpVyImjY9fDJ4j3YfdSA==,iv:lde3MHrISV/aXtoSJQuOLxeENciPKW19ji+oKTnzPj0=,tag:L9Ig3Ad6JpJYiJ/WA3n3kw==,type:str] -zammad-key-base: ENC[AES256_GCM,data:vxwcFz8M8EEhBpiv/b99e91PJI4qMNjA/rKWOJmPU1eCwJ1Raa10UQRUiFMfmlRwEXBvDCcemhjzj3dMNYsv4BO7BQwSomi6H6/ewASLNb1BC50woyH9dsjq5eKMqazHgp78MDUc9hsjfgh62fXOvuZuX1okYserabNBOq8PdcE=,iv:g85O8WotxmfE0Z9Rj4bjo+4EkvO+ySjR0TYpCJ8aTR4=,tag:3NNTcdHutBcp8Wn0ysad6A==,type:str] -updns-token: ENC[AES256_GCM,data:yGZf5rMW1lKcXlGyvjfbedDpkdt0goSSbdAVKR+s0wk=,iv:Myb7JAg0xJMXBe3eYZ0xsn01vtt2x4ZLIwn11Qs2nmI=,tag:McGyO6FrpOmJYczmVqKzyg==,type:str] -piped-db-password: ENC[AES256_GCM,data:knnjn4TYY77COsaWuFZKZ8fKNwdSksicss5wMrpGG/T3dYJ1ZaiSNSYBoQA=,iv:ZVNVjxezs8VEtN+sl+SoPlyK4SpWAgw509UlyKofzXc=,tag:CifCnixefYH7u87sL/QmYw==,type:str] -piped-http-auth: ENC[AES256_GCM,data:hr9I2yXGeKZJlmpGcUAuyBGyD/v1LLQpLj+bR4dVXcpx3bNgVqd4auCY0hzm,iv:UDdlPCcriu5sQYCmaAYRqNASXbQfRknz4PSdmtB8LBs=,tag:qr63wwrn4iYe/3rk6h2uDg==,type:str] +borg-passphrase: ENC[AES256_GCM,data:LmeULsmBcG/IghoZJuy3xWJaEORb08N+NrJBWOvLNy/XS1YB9bZ0kBXwyo6hVBtW4O3oxQLCW3WXC8H9ExHeKw==,iv:mBCrGZ4vOwycfnMiZI3Va73piQ/0gzvKY0/cYn45II4=,tag:qVnlwtbTqdsvxlrpcsmJ6w==,type:str] +borg-ssh-key: ENC[AES256_GCM,data:UFZKT0ieH1F4hd/qr/Vg2SXmOvtngUZK+RLnNcxXjk6oL5GnuMZfTEkImj1GLPlsKsNEVbrg6Yylk0B5ikCq3QhxvvNClodpBQJTb3Pt4l6VVQsf0GhANDyE4sHJDUezyiR3Tj9nMY6demLCAGCQsF/JvJr8pMfQPtDgNDoYrzG6qJ9lzh8Qe6IRi2yWWSN9kOYsv0903AD8KukZmk6EX1G+89oDy4Few+KTLi76RNb0JQAFJIXIjII+J7eDBZ1EwabtPQAXTNVw0PQ8rzyy6oAy7l1kSia01tpkGZmGUxVcbfbIOM1KE7fyjEOxb0skN69aJKdyxw6IMtqqEZLZzaEPIIollOeT7x3WD2PBCmsZHaZcPU0R3qDyITeehGelEj76PwqWi5pzSSU44EdAn3YUFoCWDrSG63/IhoSAz90cpnMy6UND3nLnDQ7+5Bg6bJGsdBabMBzpfypnV7bj13ZDPY3u07n9ASqLA2PHG1l8c6BajQvGeOHSFY8+NZTa00sWgjwBrhYtkOGeeXi/,iv:MrpYnh7uFu2zRdoedEqjmApNhu0yvI0WTsgyIqPU/Ns=,tag:n/QGmVoZRBoYS/2aj0rttg==,type:str] +vaultwarden-admin-token: ENC[AES256_GCM,data:cDP8ORsofNYgdjJtmuPNiIw+B6fZFunGMC+mfcqDK6oPPnTbJ8bJjgEYcDoBMnc9VW/CV+mnW+7QEgBJrsJBpA==,iv:v8N/avWQKlmFtJAH08tOKAOxaH28RKxVb+mkipPLKck=,tag:uFXeXWmWnIwxmWE3qCXOvg==,type:str] +vaultwarden-ldap-password: ENC[AES256_GCM,data:tPHHzmQGw8MqYus8tZYs73q2v5xXS+NWoRfnd8Xf7jf9iY92My45kgObQ3SZDeVHuLyvXQwvo2/J0h7CoYrUvw==,iv:G4rILsMvk8WUVY8Ro4GfbH3UlPW+NEUz4vxeWWI4TWk=,tag:Nl04bMnsscw5WXGgYDj3Tg==,type:str] +vaultwarden-env: ENC[AES256_GCM,data:uHZ8sKcrUDow96Zk97R4wyG7PnjMQy9mImpNyn0qAmYFnQ2F6QqwVj198+7jYxgnzqIaKINDOREbYoOF5N3+JTw0Ne97XhjUd0tj96X74i8jvLxLsnOHTd6WZuI+Npmdrejw9HmMjkJmHfMY+CRfpnEpAxBeo0PWXxyZTbs/Y3SkkuKvVD/77wXs2BYPKmowYhcXFwawh/2xdiGLpMY82qWXMIkkyqZ+yvJOjCemRE1+vbN5zS5XbXJlaZnbBkiSVw4PBbNo4E7Xbq8lwwaI0F0272S2/l+DymfK0sUNxX5Yp1LH/HBCzJvjsddS6a51DDNNjoj5OA==,iv:AxXmEe1+KnIc4xHZ+cDwhYa0UZe5jWnasU5zvRL1Vr4=,tag:v+t9npnU80qjc75b79H4vA==,type:str] +authelia-jwt-secret: ENC[AES256_GCM,data:s1y2hODqx1lxOn8PPbPekNFZkq5800iNI6vwOluqGPDrV0IZi2/LQ1GpuedPycTO9bpG7bGuVr72cIA1xhtYcw==,iv:NrjWdPZ+VPxn09WBuzBQm/lGBU/mxwGF4ouYwDSHQRE=,tag:ECSZW9flsUSwtHqtz0CW9Q==,type:str] +authelia-backend-ldap-password: ENC[AES256_GCM,data:/B/cg3s9DQeIbjYUCA2njXe3JGwIidsJDWaLBnAUo6Luf2sSBP/FmGCgplW+A+jh04oEVsbmExgdfcIR/wfIqg==,iv:r3+H9AM03Prbr8E8uApdVSBHTeaoi6HmZviBnS8GsLg=,tag:vMLW6hm0sB4y3Dq4Ljyqew==,type:str] +authelia-storage-encryption-key: ENC[AES256_GCM,data:NbsNmP1ZLiL5Fh0PzBfHVzAfp2GK1a2bJUFNvA43zaiGaATN0NX1giGZC2ItozE2vUAlJ9gMZ7I5UaHvI59cFQ==,iv:NS9NeRGYlhAiNellqCh6+Qt+I2ZEgHFHlY/WyTZZTjs=,tag:7tVIiR4taBSNVIuC0/AX5g==,type:str] +authelia-session-secret: ENC[AES256_GCM,data:0lQrbfxKn5y3LZW+HjUfuIWQW23y3J1pp7TcHNqYD6NgHvVDeROic9hzSe8bHTMgLlc+7wf7Glbiq9Zww6lZQQ==,iv:amya4RuA+TSuq7kcB0ln0XHTROYSzNRRmqi583o4Udc=,tag:Wh1jxnr73iweitbIi64KBw==,type:str] +authelia-identity-providers-oidc-hmac-secret: ENC[AES256_GCM,data:X2ZE5Qn1KrVN/WBWhbHqDEOJ6dxh09mLzKybW9tL0LCeeRA928i4ISelMaSbeMfN839hy8U6WjmObecuokYdyGygLb0fJGTvlErswjHhs3fZs27dOTu17LCSeEUatvYs1Hpqoo+t4PnZtHbhGtUw6KcliTzHxDTnBGAunFNLmQI=,iv:PD3tPdaxIaLSAjHz+Kd7oDqLIeiTsaFfSRTT2wf7G3Y=,tag:pXzgOJFkBFvtnv9I5TvAiQ==,type:str] +authelia-identity-providers-oidc-issuer-certificate-chain: ENC[AES256_GCM,data:cwN59aqz0b+arw4yQc6hQsRg7t+CUeyClWeQPnBt0v4J6X0gKbeShHQ8nJmDKJ5jBLmp6ltdF/j3Pl55jwNbRIEjF2XKcqs9Gd1B94Y97jyktVn2Av1fgAy3IwJcnOrVLGk3EHRdvYHe6jjVGVODYAk30qTA2Tbhxc8DPbR6ie6JFDy+ev5oAK/1EYRRhwcGq+ZETmuIQcGEpNF+EsXjVjcR/iIiJhAJzQ9MDTUrUKeD2a95tTno6J5JCRcI17LC7XYR33sjQVeAIIDEAn0FAhaRc/yDACImdzkufsjqLXZD3EcB+Px3hZHy6ZWfzU+1icys8wd7qt4O7wnGUPVwOkF06M1wYALXH3d+OnNo4so+s6Q2ZlS6yuAjudnyC6rqbzVJvY9PZF27Ogmj4hLN6O8dvsu6mPj49E4f/qsF/fgV+UkZA31cy8vWTLYnIZt3XMQLys0xsYUEAw8hvuRpwBFoGc+VGO1G68G/rO8CGUUjfzdwVa7Pip1JZ5uF5AJbEGYJ0lXBp5o7SI78quWtI6HKZoerfjXMawAUpPIp4HF9HnkVb1B8tXHOXTxLcnVebLEIeRO49qIBBIGK/PnGEkART4vwZEryHqAWxphq0c4N3HW1JG4GAERUtx4nWOD1LfdkgeS3uO+Pqh8T+qdYp8Saiq3g8HUDKq1JS4EFmSzJsEV2dXXJf7cha9v22tOY/Zi6IpdgSq1ohmwthAzT26YBSJ9ks7dcEelCoAY0WDTOHq3UDxUnbANIWReqrWZv97uetm9Nb9Aun0miS2FviFJQ/f6SZUZ437b/7TAoQ6gLrQ7FAvqU0KS1S6QHuxTYog/g8w54j62APlwd8M1eVlSVFYZUztgUff8nE1fSykz3jwwvtigDMFXsLsdvQr1jv7s5XHHmvIW17wMf5xq3hcgSIYqZx/+5nNXcA66iDYcMgJPzlr7Sd3lxWI2ZYBSGRj2Cp7zEDz8W2756Zgu89qTrKQw/VUtbs96WS2rp5bywZlstaYfXHZSTbpGDMF7yFZPXtBTYng==,iv:+zOfQNIXhA8/knuSL2V9lLunevgA541cbgi6UGMm2Tk=,tag:Y/o14+ElwwU8lVMQbTYu5w==,type:str] +authelia-identity-providers-oidc-issuer-private-key: ENC[AES256_GCM,data:BY8a38S5+9Bew+lvQtntWt7/zdI7thNCSaTCZu4/h9y3NOg/nft1C5OaLiamactuiapk/t5G/lUtafRvQixbMFvsIK+3PiVGfkGDtr3fEmvLgOZI9pmlBS1o6yyLNR21jAlpRiRk03jB1mxV+ln4b9S0xobsdvNemX6WeCMD/CZB5hSPZhvCcl9JDxbEqQ/vIkFqpoEk6XOVCkx5q9VRcZgRoMTq1t4gVONp09BYAM97ZuCFKnXDNF6f8FxlRFteMJ6knUB5mnGqPlaQH+RwRAemROIyPYESJlv3iO9Fxr5oRCw5FDHglb0Ui9n+pzEhWPZs3GMbY4QU7S/bibtD6DCvWwyMKuxhi4Ek93HxYbDeOGVYoeF78yKdNsrVEvWiXz85mxEvt+FnVdnAr0P4qpmDKMQT1cmuNE1AXDQwoekeq1oDpn63+n8lIFRqXwAB3KC09ANH817y1vKYG8x2/ASHa7wFbbfWUbO6/+MeSaYmwtVLSvpCBGWk2n+wGZeVye0dW81smXAK64g4vHehkRv/p0RejiEgQIjxw3UD0hIJsTYuBl70YVkQIY1zbNRWDjdOPsJ/fBKO4/69Avu3Wz/i/DCc1V/yLfVPsqh54Rz5zTCY0GVQe6wkbGXwVM5f97mVVjsdW3C6e2NjWOzL2MegX+rUWoJOt/gn+iYq9O+Z/j7xT0iU8XWc2EPJI6dmchs+f+8GQmROF7pO2InhXo9OJ8ntEU1JMhZAQ8VnGr+VXqovJ+/yiLE2DjC9gK/Y65R9K/bKmtE8mUjgGkHY86Bvyu/Jc224yOKyyBejxcm28a5gPKnvfSzviudiKjHMZ0pOuKoKN/EiyXj2qKvJphE6ddpbxWr4RN5UbK/rUNU/dCJM+C8DIUfdPUkpSQCXNE03yGgw0A9Hv/+zG/TI48wzWOn2y5y7gyMInZWo1Jlnuzsl/44PpwiUSdiOV2/qd0U9/keQWrq/yHakA4y+Wyvj0ENlhxm8Tv+4jFqZbVI0emLVb+I7fA2/gcYc6kJpIMLNuMUavmXg727BwqoGeUuuCjJZVeJpRCJP1sWTx1IBebxyBA12531Fe8CdCvgUtzARE3CuHB+svM1grMnJ3nSpSe2CzVCit/isqYk0PN9by7pWncb5dbutxT5/n/bDOgJHsTfjSOMyGZfIX4gBZaFjiIuTCmZA73CsfAgfI9k/irXMcSC1o/HpSvlfyA8zOW56Mt4yqqlUQirlWDQPA62MFcvr67KswwrWcSv/oZlHiiiYT8UAykSJVNbA8i1EKGf0NEU/hk364FMyzFvkbrvl/z807IxLhe/x8t4R75V2rAGOV5aiMW/2l0jM8W/YsVdhai9RZ/U22D8IaKvHb7wbOSZoQv8V7hYpAo3A/ls4YF3aV/WunanEvxzYMhvHjRHXNmwYbXaKt1rWTmQq4dA6+Pzkpia1IM+yztUHh42KeDd3g+4msh1zL9Ps87txTX71mZ3/lHdCs63ZvWDaPlHiIbgOHBvDi7nom5Xj6E2J55n3BdSSdENy9u9lwxVycdVlSWKQTIbEo8FRr8FDyuqOApRvS7CniZqvHqRxyRjbkfLFV97VWfDp2LoY0nU4m+wmcav42LxCzMT598IUa6s+aVgyeZK2sV1mxDwn96SFqLUcA0NIeOL41bg8eJDwYm+nUxjkQnXGvdD2H7PIhmyJkRuI7mKpuGgrI4qqeRolfYDGdVUXbiKvMLXgH54m8wBQFbOYddV2kNxBiu8IdIfpidElr3UABIBoGhuc+ZHZYiTStjKmWD/HA+EY2hEyGGQYxNzWQXWBu5bnHvQHrlAOmhIgmsaMblzIAFLjny2ue0fJacYOparkHRSTq9FS/+au6+N5Wr655jGpcmrn4Hm8aXArqNyXgromZZW7vXHOvPvPJz84n3d/UTRPjfyU9Sti9t7nLphHBwrxLCu7NeulQAwrVTIFV9o3qucFQWxe+MJOldnHBdWlrfu6cRBaYmD00yZappKfsaiyGFkcrgImCRU2wJfpljVMcfmP7uwR4bPTHTm39qpXgsMgApZavjYnizelBSA4y2TdxDI1N7Tt4Xn2RMYlHJkN7zWSliX1g1T4LyJ1Kv9MTgm34KqR119EanGs1ALRYOyeyf5jrdXMvfibpMjCySIlR8P6CkA27ZKl0xfKbCx6yzvPaPIbrgp7a/i78zUH0aHJ74dfk5scYUQs7du6yMRx53OYnnLpvTulUBh+63YTzaywxrqk/DrmIKH+DDF1AeMlmlvIqnKxI+3zi2yr9+EyHdocdOsDyH2tgMjuE9XjxMgQ+aZP8ZgjXHFahPPxNXCITvkBhUUNk1Osca/+6/cM7I7IjlVwL6tbf7VtxFq1ElTBg2wscEiHpvWbnxp/JjhlbG3hoW9GgMASmtbck9Ymx1cScBMrZs4pFNnn5ejhkNemzPO50U6nqihXLVMbl3ciMKt6BKWgJZAwpUfKo2IHjCAUP2pLYns4wJJXGtpkDbHtASuGTtdM+w/lA7HeUMZt1c/cH2m+ssZ47jvACSz26CAepEyeWS/ZRCpJLzToCQqLIiNVZJWf+1Tf6KHWkfUip4wm48XgW4A7i31oj1qvdW4Nxw+fspW/2RDyllRcBVxjt/WIR/9PMO3XYaIJ2bAyOD/62Q6bvrJ1/QFCzj/nPu+P+PS60mdotVckr/0z1omkcvZgjXvhfDb7c2+/HhXiaWoNqVU6iQ2qmAWwiNBGDsEl11zBRRQ8xAQck0p1/V+uoQYOOIFAx3gdOqjkb2m5jutZxA9+K5CWupG1YaMDVJeq+Ha17hsYWEN1WzvYXrCKzC7EzkyXesG9Nir3YcPgBrHr6qGFbnZVOQxNSmJaWEBX3Z3xqLjWP2gF6gmoASlgkZH2egJgQdRgogqB9OKNFsmI47wHbIotoF82LKUBV8imJSpXxiuf3tDtIxqfZGouWpUdOLaM7SyzHqMahx7d0d8FHegLB+NXavVY8lfmMoVoxXgfmTSKZn1qVpPTwS25y8zEAYbfjvnETjM9R/K7Z5H9/F0G/x08x0nM008Fr2Pa8Zt/NNw5PsozwGMT3g4SJqn1OLrSRm+GWLau3wgI3opI6+Yjrt+21nW1fd5HvXJvkb3q1NK3boym5UK/5ZB3hctGWfC05S7mTuNbclgXE58IFdEfRI1M3bUC10TXNL9EkYUdoSpsHjr7UGCNbguyRLSVX3Y6JZ8j7dMkawdkpeUykGPF+N88GR9YFMJoVPQnae0sj2FrqnQgJ52KnN712I5OP+8Gfv8evmrEqtAzGvTakwmrc+BBx+5NTEF0Adt0fhrf8RXSyyvDKae3WIC+TaAo/hhBooUBobQc4R/9x71G/mHw3MbtsXDM4pzQs3SDaVvffEK4gXiRxnTB9uQPo7qJL3HBKC/v1PCJRb20vNAIyzbubeV4CpeJNaEaqml0cEMukLVnVWENYmYOjQdjUQjyPyvsDA7C2jy2F9jCL3huYwMrpDXQr+urlgEJv/LiJYT0iuYbhfYHmqUtOKffXpAfj2knN+qPzkIug59IWkx+19suNzTPtnO+nBTsboFu/AK68I22xStGZ3WeVbay7SJqRAOy7S2iwttPq/ulBDQk5G2Rsy0PoZcv/uBQ+My2Z+Asq5G4dJBowZS3/4SJ2zOgfY+Fj+08lqSXelNOKWRHGno0485/PHiFYn4/3mUiCz+P8HhbQ2pKkAwR9DTRL/n7dGWOw/7amLlLmWzgxdE0pl22Ji4Yv9nBWYtj7FKKtQrRYzvayKZYMRAphXLTwteFWCAZkq/kOmwiPPBz80J96h9FnZYiCzzg9L+4mbLsBZNVEpEDanITJ6BwLFtOdeDdMcOPlzuaZA1Rgi4dsp8udot8mZJewLL6GrhSZf5W13lAxkFVuPT9ntPU/ZPdpqC+QCtTNc4lF2JHiqOvW2THwA3QoQWp3xFYznGwwMly1ZiwH1kPEuXcH16bE0MDLBVJ0TqeKTXxJS1Pqnio/TZiMYcmKCw4DAjiZ/bsiqe1pkQ3z/AE2UoZZs3OnBEoPmMRbZ7rHltwXS1YT2nvUkEj1SijaMSurPKO8bqhVzYMZNs6C3iL8owmK8MDG/x605cnjTX2y3oDCdmi97agmr2MyY6uCMtUyZjlcjVQSLpt1VUoVHsPKvhzS7C86HqzaI9xZdfyzKY9utp3MZxNJMhFHPR4tdTFE1I5twEi3IU893a7FLdLObIy7o8hUpj+SFqTDjI4LhB5wJYf2DB99/fCZBnD7aLVYPlq0iJSw+X+Z5eZQ/PGWTqWyfK7eWCcA0WRBro3xXNjs8JbRAnEMYJxZKtYzifSG/RC0usU,iv:6cRckfpJZnXvkPwiQq2TrvhjbxHsPGnnuvF84OksMvA=,tag:i2Nlr9DiLt8fvg0SwDzz4A==,type:str] +gitea-ssh-key: ENC[AES256_GCM,data:EkRnOqnd9NFwOC1uml45feNgqvmGUGhxX5LrV06Fo3PHwl94+0m9dxtXGhl6lxxQDvbiPFJt/tSdth/QpzZguiocjeD+RtXPntqcQ6opB9jurDPmX1QFACZpBiIL4PeH0WkkoZw3Erbo7SB4OfmUnnAkQTAKiETRmtqpgqsSWhrd5PTPsIXuSSddKxqlKVisPewf5DPy+xjNLWRCpCsq8uIg77bF7uZI0NUx/cYgRp1vWMY4U7sl5x9YMSIEeLSFTn98lPBD2/MOmrtdWwdbpl0pXDOupiEZL3mNQfgwglCPTtsmZ0mlj+0u7IKdf5QiphrK90RPxFuqd5NSYWyJuhTImqiBinJmFcp7uKeJhF/u2g8bbK4XDSjAfBFzTF2/N0NHNKI5pxPuT+TSG7asv/W87viEksqws9aFF9sw9VhjqPUO4+qKTuMIm6EJGae4V5f8AuBdOiuyG1S82MBKsnC37J5SWhKNTtioy0SO44kgUhGNq9R3RceZfKx3IUdAUwsOMr9O5Azj4dnK46Wq,iv:K6piANhGOcPKEvFmTEQiBQvzjPmnAjPfRvXTF2cxvHw=,tag:oUsJl+b1w0jE9Z69vJXS6A==,type:str] +grafana-ldap-password: ENC[AES256_GCM,data:QDerm+reNE4zeIzQtfLoAGlWNVd3KpNSDYr/S3GuNLgK4+3l5taoWdAmPrdT0oCUtxipnuUmlngaVAu6nvqes3XDrjs55cXoiBbDC1S3T2418R8EE6yKX4x0dGnvmm2QA6+YqBvP0xjIWXsAHOhIuBjKfQ38Ms97TBcEuS99XrE=,iv:HADBofo+cA5PkdXlLcemRlG3sgYcgdiVM8NR04Z7AUo=,tag:yIEMjP8PofGDskL+aYw+4A==,type:str] +grafana-admin-password: ENC[AES256_GCM,data:Ua8h43JzgRevqaHyjyTyth09qqU7VmFJXaRnqfZjza2u8jCUJgrqdLWJWn28B43hHbk62lP6vb2HEAf0FpuQIVziCXtcgCfy/CIQny5s005U7IE94P0QUWGQRernGM/rS9hNPC84RNOc6GJoJ+pyCHM6KQjYsQ/gNtH3WRCSTb0=,iv:b0kORK8iT4sr2frzIuAs3Rbz1BvusQFw/lWfE133k/Q=,tag:/KYLQ8GRrGuBLj2MoPOAnA==,type:str] +grafana-oauth-secret: ENC[AES256_GCM,data:0C08ak101LiimDPKUflH3VNzxpjq9DCq2vzeV6N/VmAKDpYm2syRYRWBbqqgEAZ6ivBGFedlUZ2cKvEKPE1oc4+Y1+U4dCet,iv:8w5yfdvx5A/PMEY1O8EeZoGAjvRBNs8PFpIgkTbRgYQ=,tag:Wa9PPht1F10UaobhH+nVAA==,type:str] +linuxbind-password: ENC[AES256_GCM,data:J99NNPSDxxdzEtzmefHt397yHNGPXLlUEbheegVvmAksbuFLnBD0DvOM/seIKGVxCWPq5pXviHD2uG3IBOuOJQ==,iv:Gmi/amlRQHSNCQrEp2wDzOKdqmEBubfLHElcDnpv/0c=,tag:2lKkwzK4dmNoc/kocqDq2w==,type:str] +sssd-environment: ENC[AES256_GCM,data:2XujyaAooH4rjPb+nMA8IzDvDLu6tJfQkS8Jo9+GN8hYITkPYOS2psjk2vv7FLtcd4/YLfktKvnfgLzn9KYW8AXOIrPRffsLfEXzbjXg5XcFvz4N4xZPJeDdoA==,iv:5z9EzxI5MftP0MvudDBeqlRm1FqlQJkLr6JhhCQEoEY=,tag:6yi/Fwp2WF8wOoVjqjay3A==,type:str] +promtail-nginx-password: ENC[AES256_GCM,data:z4p6NoIzEQgkmYWQODew/HM3d26DHJpxdZjY+enu5AZfAxN4jFEyrGd8e8qxhtdAo6t4aVWejyowTg==,iv:Ni+e5j8DnpY8YuSUHOuk+iM+SiJgJbfLGp0FkiIP5EA=,tag:dNC9JyZxqQPnRkJzCg8EOg==,type:str] +victoria-nginx-password: ENC[AES256_GCM,data:0hLUj4yo0kM2KtcaMlOLdumZWPOTMbxP9es9fkgdf45q9aEnVQhWZQRwd2R6MiU/2ShaTHA=,iv:XmiRo3UubWZifGAh7o56kOfr763YnBykGIBqi4b2iYQ=,tag:OcMmermERUnX2SyijZ44LQ==,type:str] +nextcloud-adminpass: ENC[AES256_GCM,data:nIn3sVSZNTXrq9CqWwDGN1fkkxuOST3jP128K0MEoOf8Ql5l8YwG7HfsbyJ90nl2gTLCKsNx3Ko7ocQiCWsrAI3vQLwvn2UkpFkuh4njGB8E8LJYPFSbJCOkKHnZVGvNGYlM802naAqxZqXKH5jOIGmhMq71cnPv/18UEeydOIo=,iv:6Rh5tZqRrD9pU9UwumYglgUf0nFJMWhu/eJSKXKfnPw=,tag:jDXC2ymBK6sB5arEyYpp+A==,type:str] +nextcloud-secrets: ENC[AES256_GCM,data:QSiOz9LyqAH4/fwFyeXlrpnFISK9k5IEHdffe6IqmqpA3zKyLWgTnWKh0N6fLwpnbfRla3a0OaNL+GRty0kJwL0a2EmdYjZFJgh3X5YoolTVb7+QHRNkSbMTBfJ3zkCvIW26giH44nqIuBaO+w==,iv:MqlpZMxzmOnqJ76SjAaodAZu9qtVeE0pRWMx/sStIlA=,tag:II5/3BQ/x5W1xFu5J0nUtQ==,type:str] +nextcloud-smb-credentials: ENC[AES256_GCM,data:v4R8pK/tSlDOkmEZH2fX3JwsipumiUPkAWnZX4c7nMysYQumXbBt/WSoP7lnp39u,iv:c1MtskjNTO8zx6/IOzkEdqHD+VesCo/wqOCO51wkn2Q=,tag:3qyOlqV6qA8k4KIPXp8bwQ==,type:str] +atticd: ENC[AES256_GCM,data:I9nzAkhVAcWi0ZwGcdXVEQkoLh2nI9KFWujNFCi0AfY5wf8DvYtzi1q/I8fIRVTkBjr+X9NpjX/e0FXAoLdGTefA3lzm2o4DJigKK/admwzpNwkoz10a2LChY70AsXjwxTrE9lM/RAePix5x1/9dCTwyTfBfxrlBKoudXLSB0zA3S1WiTVdvQg3adNl/K1ReR5lWMwr87WGzE/rJ4Dr1zlvpk1D/UHt5vQnTvW8HQa3j0Wj55YBfO7jvE6SlokXBUB+b0b/O5puun91nmTygDzxyoem0X48x4bRU2WXof9qG23q/8Z9zFyZHDm0GkkbmC1Z+HYx+H+2a4EsZVHTa5iw8p74F1Kky+SDQJZ6LeHcavytWufYUAYkCR8kIhvbDYzRJRl9eLnVzwYv9DEYNqucXc71geYSEWYbgP/AEHFnfSrSIsv+fmeJtWU40cLChG6kOV5U5hWXFeVUkEI/K3c0h4WwlcKCf0zjtok7vreyOQJLzaNtTh1fm6G6fsM2V0vqne8Sg0gjHDTP9J2sEX9RI/LqY1OBPLBVIkq7Q+Qi29yVv3HY8NEpFNLL6l9YjPBP/+FZGKkjtc+k417+wNC+F/OO3b1oIMRowyCpkMZEBbvJKFMhZPILXco+QcYKRthtLj+OJ9EyVqMFpuugLk0ZBG/A0mbWyuKLcHCBzVUDaRJQy/fjaCLet6QGTeJ6zvBCuOP0zb0qSrX3NQLasOi4FvbvgqX9F2YJwjMc19Z4RFnOK2NNA0Vs1XaNTwhaQN8cuJC2xMwon/eQCIaklUyWoRV+2vAs7gokC6CxIrA1t7T4Xo7E39iAllGx27uKnwJJKAKpFmQ3oYKsgIPehJOY5LfQImqjqe5gZ/LyI5Qau3VrxFXnr+x1zkIntc0IOoLb8dHBW1cb9OdVZ6XF7ZHvjJlSmoalAgxjNIrOH6AQX1qUiMFMKmIl7jmYj+DPSzEe8BMy4F3B43AHyRAwRrmEjOMi25/yG0iJDialjglCWZSDIzHaS3mIs01FpbCsJx2uX58/X9MsqcaOyAo5kvqhaBhA9/DZ76X0+xgvlxQ8sKsBNaSIMGpVnWoXbtlNLt/e7tcrMzbVNOMUt2JQPdOR8n992Mnrjh3ldwtl9CnWSJxgizxvGLOCy3aDpyfiYz6Nq4DADeoDHA9NuZkss8xG0IW2rJUim1wB+BJQ666zUx8Cap9aiFNwj72SE1+LVW4wQXa166TUqkX9O3fj+Sy32FhVF2qPopzEM/awzinVd8P/JrONgxLIvdZF7lajOZpRzn/Y8SCgXa4qsKsgsrMwLcDpIWpPWRiOQoVyNgRGE87V2p+5ubFle8vZ4B97emmhI1MYJmyA0AiSLcY/6/FYEJLx0kIWwsdTUtYut9KBx+M5eHGmTZVxQ1knr8D0rd68nF5EbV2tWJN0qSB+iUNCgCA4M7yejGHzTgQKSnuefiE7KXFfgGnME4xgqEplSg0IuhSGvnfYm2CrgtB/x0wOprJk50tYX03XJPz/JFmvDqA+K+n9kaOP+8bULfIaRCxydBCqukKmb44a/GSz9UkZU/sSiecattZRfzhHuyFbxWvkS0I/fR8M3FLS/+tsr9BVjXxSFRU5jnceg+wY6HTWXwQHHkGb4cLpWSYs8z6IivQ4ybK4bbVX+6ovQJU8L1vz2Psl52dkw0gBiWRInorlsO/dPln7kOVjpN22VX4CF3L5L0hjmmquzxXiny/tKKl6x1El4N61wx8EHazGe1TaBcHNIM9WDNg29ornM3RPEjHJkJArit8SJsNoOlprpc/e6P7MC3KctH4rbmhIZ5VpQesUbLGCbbSNeleFNoowBseDDMLv4+x5ruW0OM9CptR1hJaPYy/u/rHy5D+yqLOKhALdLe9PxE1SP+CXuvcWlcwXqL5GFvRt+yHIMqjL0Wfjryf79oT6OAtmKXJBkTZu/ckScm0Sa/3dhWkHdYaBwlp1TRxuznPIkONHi5lt2FtcUNmOK1f3HE9+EnMg8tl7bgE64egYoM+d6HuTeufQaO8IYd1wSLNsQnoDVCQjsVxcLKQI6LQ4V5863Uw1Q3FCJRAxPFGTpoTXhQyzXv2q9e3OGw3afBXvaxknY1SrdKlSV/qjigzSqjJIJ7XbdmGaWs3hgADlzXrgcTKfv8vuq34NmR6QUwTby54fWRE94AwH1/dY9hXFy8mk+GPA1JF0wx7sB8TBDPn18aQU/c0QkDHw/D0tD2NroCE7lOEPAJpSU2g7aVorT6JDt9nrcmeIUjzsTCENjGVYRC6uOG84175DP0Htol6v+9jfyDT9X9Gf7JCgge97vRMdzNbw7T72rnbV/QytS1Hp3ia3r1hQ5qYOUoKL+Q2Tr7uJy9LRTWhIuIobJvIV08RqL5h8gA6x+9kO3iXnkFD1hk8/8bXIZ4lX1yoWKEXbr4OWNb1DJe4spekCZ3NUA6Pags7wws91N8vd5lT6JUUT7QuyELV7aQw7A77LC197bvVaoo4BYNnzy+RqHmJVQPFfLm9qpbo1esSKF3Q6kiruWEoXimJwzVQOPeAkOTG7f7qxDkQ8C/oSDn83ypML83f9M5y/4DAnmpO/d6jXE3pBE6acPjx23QY6AQLVuLqX/mFujtnXaA4kCnlCvBF1eAo6PVYFM3+Klf/43PNW6r6HwKRHCLh+oGjCqDO2V4Bbs9Y/ns4M5NJWn34yCoq7Jr/Z5wsc7t6BwaXQxiHgrxsYWW42orP1caEiXjpWnUsrgqnAoVvOGEaZj9TxkmVIJ1hX8SlQWkAhKIGxgnKDuewxX8YMPfaauLzmCSqJZkjbnvs2ezDelQu5S+SspwASHEOq8eCAvcKCYbwRWLyVj4nlKUL4i6rnWzYETuxBdsCmUyPL9l7RNhCz3wStjXW97QUbT3G1J2P+1PsonMvVxcphdSq5uaLDFJcoMDivY0XoH0y5Y44/G/REgGm26soPS+ZP6wMwSzEgoADGl1yqnsKSiM0+JWKHgRAis04+nL6nRI0ArdZzmchgz+i8U4pRvHlb5RAkcx5F7xi/A4d9cmFwHBfhPCGnuXK52zYK1O+ijoxzvQa6f7rC3rXBGfp0VfmnIeyHaUoZPasuFJg4IhnFxegxgQt233at8E8hhH3J52o0gjog0syajCKbtxm/we40is62g7NC5GS9ekq3QfSn63HKbZoqsaF5/qDbH1S7OC5wtzEAqVS2cz1nwoZhYuXg2pBvq0+VeajMq1RHhOsBED58CJB0AbjSi0mOF/zfX9dL/IgaT0KWojfOP8FOiTt/0bxKmZyXvV/IhFaDyp/aaGhEpk+K7sUCPtkyzss1x5Bl6h3ghC7wjsQheeTmniqyDy7PT+7YN2b0sYj9OyzWc3piHrju+pI1EWWGr2GOOD9iSiZzAIuB8iZa5WZLtnx2ePKQ3aQJMbL1lpt9psmrcmsTiWQxUWeXoWshzkmc0i5TMZpIJrcsOMZwYpiHgNbQ58t7FH8c6DfWLYqBAoW9qtiYpoBWXH8qS0eIB5ADwzv2QX1i4QKRz+27zxG3FxFE7V+B6YHvzh0JW8CsbrZM2TWbQTdgx1uMcDpkIVyQz/WHX5vKtqHnxAlnUyHMztVuTWhxOTnx8lyPX+OIUAKHwaa4T9MTKZztwfQWj+xhpciL5e+s3uReev5U7yqeZI9rKNe5r0Z0Gkd2b1sW6pkMPPn40Odumzqp+rSTz9Ya3iRupNFr6DxfO83ZHpXi7Jcyww9oDrj6rEq4kjNLZ40UIxBVLtnfX0FB6Zb5Nql6pSWkAjgoInzvLvkOiFsD4pKIk8NwUdZdn+fUAV6CYq0FpaJH7CJcAzil4tli2ZqJbUDUNTCqjQ5QK6iEC7MlfyZnBHi9pNOsHJuVQe4EJtYg1nwpwRo37mhMejL26xiWZu2M0T9WwkA82AiPZVpk9coj2Xn0aSIs/pxGzWAMfABtVclJUXxII7oAjgmEIRE+DGigungRvwbzrB/nC5xXtXriNPEsV8M8xGy6740XIGChsiRVLi9Xo8+p56LTEmEsfjZQPz6J9CY7j9qlv/qTgWsRAjzukGY/RL6OFpN2d4lSiitpwWa9v7zDsC8vBrcfEWSSpqWwo1iBIJLTO2zsSGWqaTr/udPoXMcpr1/TGeOCZH3X4QR6TGBBAe3NBswhvlszkPXDkAzICyeeuKVk4OGWeJzwm/qMgQnkWAXUp8/hefHPwg3wna3Exp19IKeuAbLrcNTIG0ju12v5F0uUwjnTvFaxXiWKX6/dNehcZW90yELz9H5g1fshMA65rxOJuSZPVTCoH/Q6+e2iZDXaoL1zX+S96i7vTQU0QX0qqDZ65XPGa4jk/ae+w1OVCX9I1NDt31gUR0WTTVZJpXtEjacY+DkIiIdWgXzJQ0hsA1Kxe7qqn+5fK2v+gZHVSph9X3HUcw96C++gzsL494NpCSnW3+d7JRbQDZxTy3tSTFihiT2Q2pnmGlDty8+i+EJoEvx4nktOJQXw87bkCkDuljO5YIkPQ6DQZIRk3AXrBZmNOTRq3oTZZXr5k8yH6ZUDrJpmkEYsVIMJoQA7Y11EEO6iReAz9PtlSYm9c78Q9WSSCLcGQWlugUQXVUWDU2N/iTvavn0oxYZVxw9Ye/iXktmpS3I3Mn8waC329PHyK796rgQBGLnLHGvmHz9OeHUCq8FMBfQLvPabbkevVVskrzf+S/adNDcixK3dyEZWdUBCas/Z15X+P5Nn1yjVLSy/gEPlYwEnWPQGdAav4ge6KikWlzS8ekx6vwcKis0lhwARVrz1/GlhorEHEaHzMrHhCHXUOh7HxZxhIRTCiw2b/jTP5k1oMCUweJDq8KQCWSxJB2IKs3oDzZMUdq3W0aPX/u+yOnz4nwT332SeeMQPRjUt36EoY/npmjGbcKx7MNyyw6BQ+oMbGTKbzfgENjOb3L/VlGHvD8Dx8yLH24uPMNZOw9mbhilYHwBxxNER84+3AIC9shd9sSbzo1vBRDLx/q4WpTh0M9tRjOjr+7aaFwZH9Poq8qnPVHZvdkSnHg565fmraflvl5VecN6SxoqORSeN/7z2aHW6TTaupqe4PHsTVZ0/zM+0fKseRJO97XvJW0E9H337vEpowVT2IY7j9cJaAbP8q8KQCX/+oD7v7+ikHzeaRWulK5s0h2vYof/BMykbBq/T4phFpiqPJUy99aUe+fytj7SpfG6zt3agsVdLRbt0SkCa1ZBTdIYiTLjWGaoQl4qk+/wj5/1g1LnxaCoJ3P2nLpwPIHsli/KEILexYNWBIfqfM6yt5S/4NB37q04xI/x8aCwm//3gdrXxagx4XlVbRwgX+NDfUVRvJmtZAk/aZclTE/x/LNoXi6TtOcW22cL6RworIq0NcnpBmnkkqdePEQaxy+srh9uDUlJiiSFvOnXlefJ37JFOtZ0YWoSfMvIZFb/LbjVHpPZhGravq68DS4KdTXZP9QqKq+3JTFgr5n0qAbUK8tngAsTDVVOffSclLxkei47GHV0W8sO17M0VwOwR+r1ivzhyJP3gstSHGl9v7OCuUArdRINM13a/rjnPtLEdr07vyPcUuG7VCbpDlR2DbhBvXe6/hzjgSeUT+xydoBuw2CxaiX729jO3DqLRpw2I7FxxnctA2b1lcsVX7fYg1uq7B6x576sSSabG4KI+96SPKgHHAoDi3sr3RfykUWdhDxJJa+5VZn7NAX/iH4PGbPCA6nP2BF08Pih8QKupZj5uEBuQwOAVvdIeXCaThib27pQUbm88lnlgP4cXLgNZvnol2DKtmWeDS9QGEVyaBiJln6miwoU5HPYM7Z07Hcn3Wof76WG5NPO8UxLlRJt3Wu/o6WM08DW+dMx3flLTOKjrNPaWQRmXg2jgWZ2b2O+cVX27U3+1ZOXrYCeZqFSCQeZZ+ourMInbvU5iUm4wv1gIjuE9MBA==,iv:kMwmfINpPlJHly+1ErUz52Fku2euCcU9IUj0HQBYl+4=,tag:4idMOhYq6yQwNPAqktaurQ==,type:str] +atticd-smb-credentials: ENC[AES256_GCM,data:5zKR9pHMhzze2myQgAudM6IIEccgz44FiANtMWkvvyncLo1MrZWvuNZ3iy0bOjNZ9FvVgCMt6e9DxdwmhUotq2R7BDKGzWjXh40Vcw==,iv:M56v+xznTLmKVdted3AP6//snA87CHZFRwSeTeeqgWI=,tag:YiJCYGhr4Ux2SAiLCkvyaQ==,type:str] +pushover-api-token: ENC[AES256_GCM,data:/Xn7Z6f7ag4uihbmgF4icCZygvOwfVp+L/jD4bzQ,iv:DCfpfnP4zGNoiAhw+Gh5iyrAMdUYk6fa8ZXlGxtVXpQ=,tag:0wUSuFaYZjLA7YN1P8daog==,type:str] +pushover-user-key: ENC[AES256_GCM,data:prvcht2nOamLADnhnWL9h40606ilFEMFQgNGq9Ix,iv:gcNZIHAzYMreS7aJZ+FhCWpAQFjoz51Q023uIpY56Ns=,tag:pNebHXoQrYsf/R5NIQ8Vqg==,type:str] +sa-core-mailpw: ENC[AES256_GCM,data:TCKzVZ/+dAGDmXZsMn9g1WTEg5YIMFxlTH7K,iv:+DdqpTnHlD4OY7GvSSgfJosxJDr+VRqsJyY03615VvY=,tag:gYG3bS4vCfKYgG0nwkW89Q==,type:str] +zammad-db-password: ENC[AES256_GCM,data:blsSgIEA93rPvaJGh+GBnSRuaWG1I68om7Rb00J8M9ZxUt6QQLiSGCCi2aHqCCLdUhDot7m9QG7m1+PtB8Xk3Q==,iv:viqu7uqDNQvN6In3ibWH5Mtje6R0ZifkWVy3VN25dtk=,tag:XCbrf331+VLsJD/xxH8ZSw==,type:str] +zammad-key-base: ENC[AES256_GCM,data:VqMBsOL6GVM1MlcnaDCU9Nl/zHEr4IFYRj5nlF531sZ8P3tM68TZ1X6ddWvdAcBRYmFJqREVqPA3dy1UeN4HPAbBeI9kyTGMcmfs6VzsoPgXra3nRdV3Hg/CRiwd0bD/s4S+n2ot+0nAe5O07wLGwE50+e909Tgg4r+VU1DSyVM=,iv:q78GjdjZAKzMoLycUe8TDydN8lRZNTLAq5cICosZC8M=,tag:1BqYc0MsBm1qiMCWH8G7qw==,type:str] +updns-token: ENC[AES256_GCM,data:DK1RJP4trOWjJSd6h7c7Yy81W7wJh0UlTTB9ge5Zaaw=,iv:9cF8rPZ0t/zqLFOVKEk9oZ1+Dfj8cSiK3l5sn4i0nfc=,tag:kuO4ebcjwfCHjG/qCmBMPQ==,type:str] +piped-db-password: ENC[AES256_GCM,data:yi4MYougsLwtywP4GSJHO3eP4VZEiZRijYuYKWkaTsQm8hOvqTO0kWcL3RQ=,iv:Y7e/wA4GtQTNl0Y3No2ynpexZM+oWNPAmOuOmMfepvY=,tag:r0EP1bOmwty1vI0J3h0+bA==,type:str] +piped-http-auth: ENC[AES256_GCM,data:PnbYFAzy6Hm4mhb34qC5hk1+sN53oIxMK4YYReUNG+udKi7QNbiAH0UGTOds,iv:zvyPCl8bVkBkXqhBaeuzQclNiXKdN+239Lwzv1IUmBU=,tag:8oP9HZGBpv4xrW8zsgVgAA==,type:str] +fueltide-lego-credentials: ENC[AES256_GCM,data:qHTwN7IZK2qzzI0ztZkgRO3Iv1vLO2XR47sh2XUiCNMdSRxrr27PizT0dEXaFouEODoTQAOLkSHg+WdFx/QRzjcKF5i2AeAz+VKM7s4TWqLUiw==,iv:iFUAD0Uc87z4mlo0oay4X9AbIuW1ND/u47QEZRptm6U=,tag:QXkQUAl68ngOpjFvJgQ1Cw==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOa0dCWmlaZGNwSWRseEpw - U1VMMWllbzUzT1dmSkpDRHB6dEJNd29jQVhJClhGZ0d4RDgwYmhCd21VaDBSTXl1 - dTNKbkRKNFVRS2tvaGQxUTNNcHptVzAKLS0tIHVtSmVkWUhiMk83Tks2U0pFV1JP - akFvUkhnR0Y0WHV3VDJrby9nQTdERlkK2osUBlD5Iq7u1Lcg/FO+YjUimV85b5Yw - UeXiLKFWxjpy7LwUOLEktTxEjl+6K5ZIqhiwn5EEUWEFeo0+bJ7X4A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTVJIZHQ2cTduNVEwRGtI + NUVlL2UxdmR1dmcyNkZ0ODZGVlRQRFN4czJJCjNFL3VtVEk4cW9RaWVEbmFxR1l6 + TlFoWDd3YmRBdm8yQWI0cVJMdTdpTWMKLS0tIHBiS3lkaFFtL29kdFJxSm1QMXp6 + TWkrcXNtOGhrSXpldGExam9zZTZUMGMK7Y3aFWrqH25tcEzeiurB30Dyxqcgktm4 + xRAWXIpjduDqqaoCekNfMBj8b0eVQxwz0p+XakCWTZx8BwvCJCvuVA== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ekhYS05mRytiWlFFblU5 - R1F3SE1TRmE5Sm1YOGUwMjRSSVVyUFpCT21NCjQ2YVpLem9iUGlweGUyNVIzUzBV - SndCY0V1TlJUMjRqamxBNW9tNFphdmcKLS0tIDVTMHNUOGlKdk55VjBwdURjbDhI - Mm9ld3g2WXNFZTh2c2JPMHRoV2lCTmsKVqwuv+SIsWf7FU2zFhsEMb+cBL4XGnrt - 91keIcdjO5ld+/UMtaPWFeewNK5ePnQBDot6vEEzhoA4/M8oXWZNEA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPUDQvOWJrTm52UVd6Q1Ro + QzR0ZmFUMnhYcW05VEZjTjMybnluTTZMZDNFCjBldUJ2ditDQ3k3cUVQZ1NVMlRM + QkFiVnE3ZHdXdTJDaFpPbmVWOUFXYkUKLS0tIDlac0oxWnk3bE45ZUh0amVQWGxv + OTNkb0NqUCtxUmxxNHlEVlNzQXQyeG8KskwPMAzQI7AbN0TFuxi/Diis/0DPuwzU + oc93nTjFT3nmQl+JxfAD4oyGbuiKSWUQxXBugU9GPKacCGmNFDrHRQ== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4QXVDZnRhZ1lkSkltbDVw - Qmk1OU4wRU90MVE1bUN6aEwzNnVKWFZwWm5ZClRrUUtFallocGNucndua0gwSjds - WW8zNFFGaWxUZlJJYU04RDQrYW5qY0UKLS0tIHYzR2VtYlBOWko5QUpvbzRMOFBZ - bkRwUHZXWHFDSmxsK0hHK3h5QVRwT3MKZ5MwXigypoY99YI7MOOz7MOOh2fIrlr2 - PEuCzMtzQd8NUEBTd9Crg6XZvf0NXvdEtsv9/lVrHllGxCF1zf43zg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSUo1dE11TXNtaEhqaC9h + YWdnMkhQVTFaR1RRSFk1THgvNGVpZDduUUJnCkZsUEE1QmRvUnQwTVVUb3hZeWpC + TUJ0QS94eVAwRjE4dTVkUUQ1alBYY2cKLS0tIENURHNBR1FPQityZXNXcTI5OHIz + UDdaRTJIS0J3R3hZc2xPaVdOYmlWdmMKOYOtACao0QGmpJMuwhJgqnby8RWx78wE + zZMM031wVsATfOV0VtzhRWaFdSpPrRM1WggPzN8oEflIqvrtbCqAWw== -----END AGE ENCRYPTED FILE----- - recipient: age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cklYN3g0VmgyOW41dXUx - Z3F5YVVZN2tiVnNSMS9HY25pWWl6bXRSd1Y0CjFHdGVEcUdldE1xRUNvZlJoZVVG - aFlNcWc5eS9IeGdVWlpsdDdEQjdaazQKLS0tIGFNdUhvbDFwb1orMUhUQ2haaGJp - RGtaOVNnTkU0VldtSmNpMDdvdXJFV0UKKyzCQAdEzUGoJUQZ8CMMXOFj4+XCLHNF - 74m5Zzq5kWA6oQASNLEDwlldb9LPQ3VO7d73WYLNaeqcDR/VLmYNjA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTExoY3cwVTdLUHVqbitH + YWJlTmJ2ZGNvS2lNR1lmd0orc3NyZmNrWjFFCkhjcFk0N04wemsvM3RnRTA0YUov + KzJkOGJYK1hrZG1XektueEN1UVFKdWcKLS0tICtqOUNlVWJNYVRRMi90S2p3MEo4 + eUdjdmZGbFZzbVhkc0hZbVdSemY5RFUK9eVDd/b8ZZrrjrXa1fdYleYsreFgDTr1 + 5Xrvjsh3/LhOxFvPj7F7K12DXo/pKT2DANuk/i0EGiNXsSujm7zp9Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-01T20:24:09Z" - mac: ENC[AES256_GCM,data:CwxwnZhSMYifqmq2shY0JQrsgBYgRh1toyGUGOVguY5q8PPRFdn0wi2MUM6HJqVIehnYyZ1GkaVE41/SWSO6Ok0BQNIit1GCho3xU2LG8HZ0lI09aQRUU2DU/jXxcjQR2WN6HNQDl6tdxCWz+tTYq5O6TpJmOA5DyhJn3ehtXEA=,iv:FKde5p4Z6k7oazY17KayoyDxCDblg/ppT+L+S1FJWQo=,tag:ZPYHB+LpXUkKKOud/X5qJg==,type:str] + lastmodified: "2025-12-31T14:20:53Z" + mac: ENC[AES256_GCM,data:DAk5ygQbmMTjBVPs0O1cSXM4bQzEWSBMdE4RCbxvwLSWsuZQqYGzlObNC/oXQ8Nbc9S/DHleZPT0gRrHa3WW5kP+0hyCS6BrxXAwi0p6PDx1dyiKGfy+/DyrJ9YBQCw8SUQ9mAEprRJzSInKsUS79lSQU3saaZvRLI9KqIkYTrc=,iv:ggAmWYA5kpOD4Mu8mE6vhnKXbEwXqN2mxSQEOINvF8U=,tag:2oRhEvfltvqX6XqlfzkkWw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/hosts/web-arm/sites/fueltide.io.nix b/hosts/web-arm/sites/fueltide.io.nix index 71013cc..138952b 100644 --- a/hosts/web-arm/sites/fueltide.io.nix +++ b/hosts/web-arm/sites/fueltide.io.nix @@ -1,11 +1,21 @@ { pkgs, lib, config, ... }: -let - domain = "fueltide.cloonar.dev"; - dataDir = "/var/www/${domain}"; -in { +{ + # SOPS secret for fueltide.io DNS credentials (separate Hetzner API token) + sops.secrets.fueltide-lego-credentials = { }; - services.webstack.instances."${domain}" = { + # Override ACME credentials for fueltide.io domains + # These use a separate Hetzner DNS API token from the global default + security.acme.certs."app.fueltide.io" = { + credentialsFile = config.sops.secrets.fueltide-lego-credentials.path; + }; + + security.acme.certs."app.stage.fueltide.io" = { + credentialsFile = config.sops.secrets.fueltide-lego-credentials.path; + }; + + services.webstack.instances."fueltide.cloonar.dev" = { enablePhp = false; + enableDefaultLocations = false; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv" @@ -13,6 +23,47 @@ in { locations."/".extraConfig = '' index index.html; + try_files $uri $uri/ /index.html; + ''; + + locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = '' + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; + ''; + }; + + services.webstack.instances."app.fueltide.io" = { + enablePhp = false; + enableDefaultLocations = false; + + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv" + ]; + + locations."/".extraConfig = '' + index index.html; + try_files $uri $uri/ /index.html; + ''; + + locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = '' + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; + ''; + }; + + services.webstack.instances."app.stage.fueltide.io" = { + enablePhp = false; + enableDefaultLocations = false; + + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv" + ]; + + locations."/".extraConfig = '' + index index.html; + try_files $uri $uri/ /index.html; ''; locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = '' From e83aa3c8930c1529d8d7128f9393570096f85379 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 4 Jan 2026 19:02:11 +0100 Subject: [PATCH 10/44] feat: webarm: normalize service alerts --- .../alerting/service/amzebs_mysql_down.nix | 58 ------------ .../alerting/service/amzebs_nginx_down.nix | 58 ------------ .../alerting/service/amzebs_phpfpm_down.nix | 58 ------------ .../grafana/alerting/service/default.nix | 26 +----- .../grafana/alerting/service/dovecot_down.nix | 57 ------------ .../grafana/alerting/service/gitea_down.nix | 57 ------------ .../alerting/service/gitea_runner_down.nix | 57 ------------ .../alerting/service/openldap_down.nix | 57 ------------ .../grafana/alerting/service/postfix_down.nix | 57 ------------ .../alerting/service/services_down.nix | 90 +++++++++++++++++++ .../alerting/service/wireguard_down.nix | 57 ------------ 11 files changed, 93 insertions(+), 539 deletions(-) delete mode 100644 hosts/web-arm/modules/grafana/alerting/service/amzebs_mysql_down.nix delete mode 100644 hosts/web-arm/modules/grafana/alerting/service/amzebs_nginx_down.nix delete mode 100644 hosts/web-arm/modules/grafana/alerting/service/amzebs_phpfpm_down.nix delete mode 100644 hosts/web-arm/modules/grafana/alerting/service/dovecot_down.nix delete mode 100644 hosts/web-arm/modules/grafana/alerting/service/gitea_down.nix delete mode 100644 hosts/web-arm/modules/grafana/alerting/service/gitea_runner_down.nix delete mode 100644 hosts/web-arm/modules/grafana/alerting/service/openldap_down.nix delete mode 100644 hosts/web-arm/modules/grafana/alerting/service/postfix_down.nix create mode 100644 hosts/web-arm/modules/grafana/alerting/service/services_down.nix delete mode 100644 hosts/web-arm/modules/grafana/alerting/service/wireguard_down.nix diff --git a/hosts/web-arm/modules/grafana/alerting/service/amzebs_mysql_down.nix b/hosts/web-arm/modules/grafana/alerting/service/amzebs_mysql_down.nix deleted file mode 100644 index 9416794..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/amzebs_mysql_down.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "amzebs-mysql-service-down-alert-uid"; - title = "MySQL Service Down on amzebs-01"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"mysql.service\", instance=\"amzebs-01:9100\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "MySQL service is down on amzebs-01"; - summary = "MySQL Service Down on amzebs-01"; - }; - labels = { - severity = "critical"; - host = "amzebs-01"; - }; - } - ]; -} diff --git a/hosts/web-arm/modules/grafana/alerting/service/amzebs_nginx_down.nix b/hosts/web-arm/modules/grafana/alerting/service/amzebs_nginx_down.nix deleted file mode 100644 index a3b2119..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/amzebs_nginx_down.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "amzebs-nginx-service-down-alert-uid"; - title = "Nginx Service Down on amzebs-01"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"nginx.service\", instance=\"amzebs-01:9100\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "Nginx service is down on amzebs-01"; - summary = "Nginx Service Down on amzebs-01"; - }; - labels = { - severity = "critical"; - host = "amzebs-01"; - }; - } - ]; -} diff --git a/hosts/web-arm/modules/grafana/alerting/service/amzebs_phpfpm_down.nix b/hosts/web-arm/modules/grafana/alerting/service/amzebs_phpfpm_down.nix deleted file mode 100644 index bfe52fa..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/amzebs_phpfpm_down.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "amzebs-phpfpm-service-down-alert-uid"; - title = "PHP-FPM Service Down on amzebs-01"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=~\"phpfpm-.*\\\\.service\", instance=\"amzebs-01:9100\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "min"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "One or more PHP-FPM services are down on amzebs-01"; - summary = "PHP-FPM Service Down on amzebs-01"; - }; - labels = { - severity = "critical"; - host = "amzebs-01"; - }; - } - ]; -} diff --git a/hosts/web-arm/modules/grafana/alerting/service/default.nix b/hosts/web-arm/modules/grafana/alerting/service/default.nix index cdcd759..edb75fb 100644 --- a/hosts/web-arm/modules/grafana/alerting/service/default.nix +++ b/hosts/web-arm/modules/grafana/alerting/service/default.nix @@ -1,26 +1,6 @@ { lib, pkgs, config, ... }: let - giteaDownAlertRules = (import ./gitea_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - giteaRunnerDownAlertRules = (import ./gitea_runner_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - postfixDownAlertRules = (import ./postfix_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - dovecotDownAlertRules = (import ./dovecot_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - openldapDownAlertRules = (import ./openldap_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - wireguardDownAlertRules = (import ./wireguard_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - - # amzebs-01 service alerts - ambebsMysqlDownAlertRules = (import ./amzebs_mysql_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - ambebsNginxDownAlertRules = (import ./amzebs_nginx_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - ambebsPhpfpmDownAlertRules = (import ./amzebs_phpfpm_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; - - allServiceRules = giteaDownAlertRules - ++ giteaRunnerDownAlertRules - ++ postfixDownAlertRules - ++ dovecotDownAlertRules - ++ openldapDownAlertRules - ++ wireguardDownAlertRules - ++ ambebsMysqlDownAlertRules - ++ ambebsNginxDownAlertRules - ++ ambebsPhpfpmDownAlertRules; + servicesDownAlertRules = (import ./services_down.nix { inherit lib pkgs config; }).grafanaAlertRuleDefinitions; in { services.grafana.provision.alerting.rules.settings.groups = [ @@ -28,7 +8,7 @@ in name = "Service Alerts"; folder = "Service Monitoring"; interval = "1m"; - rules = allServiceRules; + rules = servicesDownAlertRules; } ]; -} \ No newline at end of file +} diff --git a/hosts/web-arm/modules/grafana/alerting/service/dovecot_down.nix b/hosts/web-arm/modules/grafana/alerting/service/dovecot_down.nix deleted file mode 100644 index 18645fd..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/dovecot_down.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "dovecot-service-down-alert-uid"; - title = "Dovecot Service Down"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"dovecot.service\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "Dovecot service is down on {{ $labels.instance }}"; - summary = "Dovecot Service Down"; - }; - labels = { - severity = "critical"; - }; - } - ]; -} \ No newline at end of file diff --git a/hosts/web-arm/modules/grafana/alerting/service/gitea_down.nix b/hosts/web-arm/modules/grafana/alerting/service/gitea_down.nix deleted file mode 100644 index f4b0741..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/gitea_down.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "gitea-service-down-alert-uid"; - title = "Gitea Service Down"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"container@git.service\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "Gitea service is down on {{ $labels.instance }}"; - summary = "Gitea Service Down"; - }; - labels = { - severity = "critical"; - }; - } - ]; -} \ No newline at end of file diff --git a/hosts/web-arm/modules/grafana/alerting/service/gitea_runner_down.nix b/hosts/web-arm/modules/grafana/alerting/service/gitea_runner_down.nix deleted file mode 100644 index d4232a4..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/gitea_runner_down.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "gitea-runner-service-down-alert-uid"; - title = "Gitea Runner Service Down"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"microvm@git-runner-1.service\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "Gitea Runner service is down on {{ $labels.instance }}"; - summary = "Gitea Runner Service Down"; - }; - labels = { - severity = "critical"; - }; - } - ]; -} \ No newline at end of file diff --git a/hosts/web-arm/modules/grafana/alerting/service/openldap_down.nix b/hosts/web-arm/modules/grafana/alerting/service/openldap_down.nix deleted file mode 100644 index 35172a8..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/openldap_down.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "openldap-service-down-alert-uid"; - title = "OpenLDAP Service Down"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"openldap.service\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "OpenLDAP service is down on {{ $labels.instance }}"; - summary = "OpenLDAP Service Down"; - }; - labels = { - severity = "critical"; - }; - } - ]; -} \ No newline at end of file diff --git a/hosts/web-arm/modules/grafana/alerting/service/postfix_down.nix b/hosts/web-arm/modules/grafana/alerting/service/postfix_down.nix deleted file mode 100644 index cfd5247..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/postfix_down.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "postfix-service-down-alert-uid"; - title = "Postfix Service Down"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"postfix.service\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "Postfix service is down on {{ $labels.instance }}"; - summary = "Postfix Service Down"; - }; - labels = { - severity = "critical"; - }; - } - ]; -} \ No newline at end of file diff --git a/hosts/web-arm/modules/grafana/alerting/service/services_down.nix b/hosts/web-arm/modules/grafana/alerting/service/services_down.nix new file mode 100644 index 0000000..bc2df22 --- /dev/null +++ b/hosts/web-arm/modules/grafana/alerting/service/services_down.nix @@ -0,0 +1,90 @@ +{ lib, pkgs, config, ... }: +let + # Add services here - each entry generates an alert rule + # instance = which node exporter to query (hostname:9100) + monitoredServices = [ + { name = "AI-Mailer"; service = "ai-mailer.service"; instance = "fw:9100"; } + { name = "Postfix"; service = "postfix.service"; instance = "mail:9100"; } + { name = "Dovecot"; service = "dovecot.service"; instance = "mail:9100"; } + { name = "OpenLDAP"; service = "openldap.service"; instance = "mail:9100"; } + { name = "Gitea"; service = "container@git.service"; instance = "fw:9100"; } + { name = "Gitea Runner"; service = "microvm@git-runner-1.service"; instance = "fw:9100"; } + { name = "WireGuard"; service = "wireguard-wg_cloonar.service"; instance = "mail:9100"; } + { name = "MySQL"; service = "mysql.service"; instance = "amzebs-01:9100"; } + { name = "Nginx"; service = "nginx.service"; instance = "amzebs-01:9100"; } + { name = "PHP-FPM"; service = "phpfpm-.*\\.service"; instance = "amzebs-01:9100"; } + ]; + + # Extract host from instance (e.g., "fw:9100" -> "fw") + getHost = instance: lib.head (lib.splitString ":" instance); + + # Generate a unique UID from service name + mkUid = name: "${lib.toLower (lib.replaceStrings [" " "@" "."] ["-" "-" "-"] name)}-down-uid"; + + # Check if service pattern uses regex (contains special chars) + isRegex = svc: lib.hasInfix ".*" svc || lib.hasInfix "\\" svc; + + # Build the PromQL expression + mkExpr = svc: + let + nameMatch = if isRegex svc.service + then "name=~\"${svc.service}\"" + else "name=\"${svc.service}\""; + in "node_systemd_unit_state{state=\"active\", ${nameMatch}, instance=\"${svc.instance}\"} OR on() vector(0)"; + + mkServiceAlert = svc: { + uid = mkUid svc.name; + title = "${svc.name} Service Down on ${getHost svc.instance}"; + condition = "C"; + data = [ + { + refId = "A"; + relativeTimeRange = { + from = 300; + to = 0; + }; + datasourceUid = "vm-datasource-uid"; + model = { + editorMode = "code"; + expr = mkExpr svc; + hide = false; + intervalMs = 1000; + legendFormat = "__auto"; + maxDataPoints = 43200; + range = true; + refId = "A"; + }; + } + { + refId = "B"; + datasourceUid = "__expr__"; + model = { + type = "reduce"; + expression = "A"; + reducer = "last"; + }; + } + { + refId = "C"; + datasourceUid = "__expr__"; + model = { + type = "math"; + expression = "$B < 1"; + }; + } + ]; + noDataState = "Alerting"; + execErrState = "Alerting"; + for = "5m"; + annotations = { + description = "${svc.name} service is down on ${getHost svc.instance}"; + summary = "${svc.name} Service Down"; + }; + labels = { + severity = "critical"; + host = getHost svc.instance; + }; + }; +in { + grafanaAlertRuleDefinitions = map mkServiceAlert monitoredServices; +} diff --git a/hosts/web-arm/modules/grafana/alerting/service/wireguard_down.nix b/hosts/web-arm/modules/grafana/alerting/service/wireguard_down.nix deleted file mode 100644 index b7be698..0000000 --- a/hosts/web-arm/modules/grafana/alerting/service/wireguard_down.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, pkgs, config, ... }: -{ - grafanaAlertRuleDefinitions = [ - { - uid = "wireguard-service-down-alert-uid"; - title = "WireGuard Service Down"; - condition = "C"; - data = [ - { - refId = "A"; - relativeTimeRange = { - from = 300; - to = 0; - }; - datasourceUid = "vm-datasource-uid"; - model = { - editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"wireguard-wg_cloonar.service\"} OR on() vector(0)"; - hide = false; - intervalMs = 1000; - legendFormat = "__auto"; - maxDataPoints = 43200; - range = true; - refId = "A"; - }; - } - { - refId = "B"; - datasourceUid = "__expr__"; - model = { - type = "reduce"; - expression = "A"; - reducer = "last"; - }; - } - { - refId = "C"; - datasourceUid = "__expr__"; - model = { - type = "math"; - expression = "$B < 1"; - }; - } - ]; - noDataState = "Alerting"; - execErrState = "Alerting"; - for = "5m"; - annotations = { - description = "WireGuard service is down on {{ $labels.instance }}"; - summary = "WireGuard Service Down"; - }; - labels = { - severity = "critical"; - }; - } - ]; -} \ No newline at end of file From ed451e3b951cc59daf621cb619e23d3e69cd9f84 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 4 Jan 2026 19:02:28 +0100 Subject: [PATCH 11/44] feat: fw add export for ai-mailer service alert --- hosts/fw/modules/fwmetrics.nix | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/hosts/fw/modules/fwmetrics.nix b/hosts/fw/modules/fwmetrics.nix index e1de095..665775b 100644 --- a/hosts/fw/modules/fwmetrics.nix +++ b/hosts/fw/modules/fwmetrics.nix @@ -2,18 +2,41 @@ let configure_prom = builtins.toFile "prometheus.yml" '' scrape_configs: - - job_name: 'server' + # System metrics + - job_name: 'node' stream_parse: true static_configs: - targets: - ${config.networking.hostName}:9100 + + # Systemd service monitoring + - job_name: 'systemd' + metrics_path: /metrics + params: + collect[]: + - 'systemd.service.state' + - 'systemd.service.start_time_seconds' + - 'systemd.unit_file.state' + static_configs: + - targets: + - ${config.networking.hostName}:9100 + relabel_configs: + - source_labels: [__name__] + regex: 'node_systemd_unit_state' + action: keep + - source_labels: [name] + regex: '(ai-mailer|container@git|microvm@git-runner-).*\.service' + action: keep ''; in { sops.secrets.victoria-agent-env = { sopsFile = ../utils/modules/victoriametrics/secrets.yaml; }; - services.prometheus.exporters.node.enable = true; + services.prometheus.exporters.node = { + enable = true; + enabledCollectors = [ "systemd" ]; + }; systemd.services.export-fw-to-prometheus = { path = with pkgs; [victoriametrics]; From 21c5c6dbd5d674c5147cd4964731fd168c757863 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 5 Jan 2026 10:45:38 +0100 Subject: [PATCH 12/44] fix: alerting --- hosts/amzebs-01/configuration.nix | 3 ++ hosts/fw/configuration.nix | 3 ++ hosts/fw/modules/fwmetrics.nix | 29 ++----------------- hosts/mail/modules/metrics/default.nix | 3 ++ .../alerting/service/services_down.nix | 11 +++++-- utils/modules/victoriametrics/default.nix | 14 +++++++-- 6 files changed, 32 insertions(+), 31 deletions(-) diff --git a/hosts/amzebs-01/configuration.nix b/hosts/amzebs-01/configuration.nix index 700cc30..1485f94 100644 --- a/hosts/amzebs-01/configuration.nix +++ b/hosts/amzebs-01/configuration.nix @@ -60,6 +60,9 @@ }; }; + # Systemd services to monitor + services.victoriametrics.monitoredServices = [ "mysql" "nginx" "phpfpm-.*" ]; + # backups - adjust repo for this host borgbackup.repo = "u149513-sub10@u149513-sub10.your-backup.de:borg"; diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index e3f8115..493d50f 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -76,6 +76,9 @@ networkPrefix = "10.42"; + # Systemd services to monitor + services.victoriametrics.monitoredServices = [ "ai-mailer" "container@git" "microvm@git-runner-" ]; + nixpkgs.overlays = [ (import ./utils/overlays/packages.nix) ]; diff --git a/hosts/fw/modules/fwmetrics.nix b/hosts/fw/modules/fwmetrics.nix index 665775b..7ee2e9e 100644 --- a/hosts/fw/modules/fwmetrics.nix +++ b/hosts/fw/modules/fwmetrics.nix @@ -2,42 +2,19 @@ let configure_prom = builtins.toFile "prometheus.yml" '' scrape_configs: - # System metrics - - job_name: 'node' + - job_name: 'server' stream_parse: true static_configs: - targets: - ${config.networking.hostName}:9100 - - # Systemd service monitoring - - job_name: 'systemd' - metrics_path: /metrics - params: - collect[]: - - 'systemd.service.state' - - 'systemd.service.start_time_seconds' - - 'systemd.unit_file.state' - static_configs: - - targets: - - ${config.networking.hostName}:9100 - relabel_configs: - - source_labels: [__name__] - regex: 'node_systemd_unit_state' - action: keep - - source_labels: [name] - regex: '(ai-mailer|container@git|microvm@git-runner-).*\.service' - action: keep ''; in { sops.secrets.victoria-agent-env = { sopsFile = ../utils/modules/victoriametrics/secrets.yaml; }; - services.prometheus.exporters.node = { - enable = true; - enabledCollectors = [ "systemd" ]; - }; - + services.prometheus.exporters.node.enable = true; + systemd.services.export-fw-to-prometheus = { path = with pkgs; [victoriametrics]; enable = true; diff --git a/hosts/mail/modules/metrics/default.nix b/hosts/mail/modules/metrics/default.nix index 998283a..c355986 100644 --- a/hosts/mail/modules/metrics/default.nix +++ b/hosts/mail/modules/metrics/default.nix @@ -5,4 +5,7 @@ ./postfix-exporter.nix ./dovecot-exporter.nix ]; + + # Systemd services to monitor + services.victoriametrics.monitoredServices = [ "postfix" "dovecot" "openldap" "wireguard-wg_cloonar" ]; } \ No newline at end of file diff --git a/hosts/web-arm/modules/grafana/alerting/service/services_down.nix b/hosts/web-arm/modules/grafana/alerting/service/services_down.nix index bc2df22..8d04832 100644 --- a/hosts/web-arm/modules/grafana/alerting/service/services_down.nix +++ b/hosts/web-arm/modules/grafana/alerting/service/services_down.nix @@ -9,10 +9,10 @@ let { name = "OpenLDAP"; service = "openldap.service"; instance = "mail:9100"; } { name = "Gitea"; service = "container@git.service"; instance = "fw:9100"; } { name = "Gitea Runner"; service = "microvm@git-runner-1.service"; instance = "fw:9100"; } - { name = "WireGuard"; service = "wireguard-wg_cloonar.service"; instance = "mail:9100"; } + { name = "WireGuard"; service = "wireguard-wg_cloonar.service"; instance = "fw:9100"; } { name = "MySQL"; service = "mysql.service"; instance = "amzebs-01:9100"; } { name = "Nginx"; service = "nginx.service"; instance = "amzebs-01:9100"; } - { name = "PHP-FPM"; service = "phpfpm-.*\\.service"; instance = "amzebs-01:9100"; } + { name = "PHP-FPM"; service = "phpfpm-.*[.]service"; instance = "amzebs-01:9100"; } ]; # Extract host from instance (e.g., "fw:9100" -> "fw") @@ -25,12 +25,17 @@ let isRegex = svc: lib.hasInfix ".*" svc || lib.hasInfix "\\" svc; # Build the PromQL expression + # For regex patterns: use min() to alert if ANY matching service is down + # For single services: use OR vector(0) to handle missing metrics mkExpr = svc: let nameMatch = if isRegex svc.service then "name=~\"${svc.service}\"" else "name=\"${svc.service}\""; - in "node_systemd_unit_state{state=\"active\", ${nameMatch}, instance=\"${svc.instance}\"} OR on() vector(0)"; + baseQuery = "node_systemd_unit_state{state=\"active\", ${nameMatch}, instance=\"${svc.instance}\"}"; + in if isRegex svc.service + then "min(${baseQuery})" + else "${baseQuery} OR on() vector(0)"; mkServiceAlert = svc: { uid = mkUid svc.name; diff --git a/utils/modules/victoriametrics/default.nix b/utils/modules/victoriametrics/default.nix index a323699..bf04e4f 100644 --- a/utils/modules/victoriametrics/default.nix +++ b/utils/modules/victoriametrics/default.nix @@ -1,6 +1,9 @@ { config, lib, pkgs, ... }: with lib; let + cfg = config.services.victoriametrics; + serviceRegex = concatStringsSep "|" cfg.monitoredServices; + configure_prom = builtins.toFile "prometheus.yml" '' scrape_configs: # System metrics @@ -27,13 +30,20 @@ let regex: 'node_systemd_unit_state' action: keep - source_labels: [name] - regex: '(container@git|microvm@git-runner-|postfix|dovecot|openldap|wireguard-wg_cloonar).*\.service' + regex: '(${serviceRegex}).*\.service' action: keep - ${concatStringsSep "\n" config.services.victoriametrics.extraScrapeConfigs} + ${concatStringsSep "\n" cfg.extraScrapeConfigs} ''; in { options.services.victoriametrics = { + monitoredServices = mkOption { + type = types.listOf types.str; + default = []; + description = "List of systemd service name patterns to monitor (without .service suffix)"; + example = [ "mysql" "nginx" "phpfpm-.*" ]; + }; + extraScrapeConfigs = mkOption { type = types.listOf types.str; default = []; From 025adf414235b0515e0dd7d14cb62eef8fbf5699 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 5 Jan 2026 10:45:45 +0100 Subject: [PATCH 13/44] feat: add project --- hosts/nb/users/configs/project_history | 1 + hosts/nb/users/dominik.nix | 2 ++ 2 files changed, 3 insertions(+) diff --git a/hosts/nb/users/configs/project_history b/hosts/nb/users/configs/project_history index 16b2b75..b38e27f 100644 --- a/hosts/nb/users/configs/project_history +++ b/hosts/nb/users/configs/project_history @@ -13,6 +13,7 @@ /home/dominik/projects/scana11y/sa-core /home/dominik/projects/cloonar/cloonar-fit /home/dominik/projects/cloonar/ai-image-alt +/home/dominik/projects/cloonar/bookmap /home/dominik/projects/home-automation/lego-hetzner-bridge /home/dominik/projects/home-automation/ghetto-nixos diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index e91c9a0..42f58d8 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -619,6 +619,8 @@ in git clone gitea@git.cloonar.com:Cloonar/ldap2vcard.git ${persistHome}/projects/cloonar/ldap2vcard 2>/dev/null git clone gitea@git.cloonar.com:ScanA11y/sa-core.git ${persistHome}/projects/scana11y/sa-core 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/ai-image-alt.git ${persistHome}/projects/cloonar/ai-image-alt 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/bookmap.git ${persistHome}/projects/cloonar/bookmap 2>/dev/null + git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null git clone gitea@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null From c478c2ea6679e66d25739193ef210fae60c8f9bc Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Thu, 8 Jan 2026 13:05:52 +0100 Subject: [PATCH 14/44] feat: web add php82, php83 and php84 --- hosts/web-arm/configuration.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/web-arm/configuration.nix b/hosts/web-arm/configuration.nix index 21ebfff..f4e0e9f 100644 --- a/hosts/web-arm/configuration.nix +++ b/hosts/web-arm/configuration.nix @@ -58,7 +58,9 @@ screen ucommon php - php83 + (writeShellScriptBin "php82" ''exec ${php82}/bin/php "$@"'') + (writeShellScriptBin "php83" ''exec ${php83}/bin/php "$@"'') + (writeShellScriptBin "php84" ''exec ${php84}/bin/php "$@"'') ]; time.timeZone = "Europe/Vienna"; From 694c11bcd593d202139b7236421bc500c4b52f2e Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 17 Jan 2026 20:13:53 +0100 Subject: [PATCH 15/44] feat: fw wg and ha add fairphone --- hosts/fw/modules/home-assistant/locks.nix | 1 + hosts/fw/modules/wireguard.nix | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/hosts/fw/modules/home-assistant/locks.nix b/hosts/fw/modules/home-assistant/locks.nix index aa14f1d..a2160b4 100644 --- a/hosts/fw/modules/home-assistant/locks.nix +++ b/hosts/fw/modules/home-assistant/locks.nix @@ -2,6 +2,7 @@ let devices = [ "device_tracker.dominiks_iphone" "device_tracker.dominiks_mp01" + "device_tracker.dominiks_fairphone_6" ]; in { services.home-assistant.extraComponents = [ diff --git a/hosts/fw/modules/wireguard.nix b/hosts/fw/modules/wireguard.nix index 239e36f..b8bd074 100644 --- a/hosts/fw/modules/wireguard.nix +++ b/hosts/fw/modules/wireguard.nix @@ -29,6 +29,10 @@ publicKey = "yv0AWQl4LFebVa7SvwdxpEmB3PPglwjoKy6A3og93WI="; allowedIPs = [ "${config.networkPrefix}.98.204/32" ]; } + { # FairPhone + publicKey = "tLsvuXo6Cp8tzjJau1yJZ9apeQvYa+cGrnAXBBifO3Y="; + allowedIPs = [ "${config.networkPrefix}.98.205/32" ]; + } ]; }; wg_epicenter = { From edbf5dcbbc39ef50e7a21513e3f751facbca5863 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 18 Jan 2026 20:41:00 +0100 Subject: [PATCH 16/44] feat: fw some changes --- hosts/fw/modules/ddclient.nix | 17 +++++++++++------ hosts/fw/modules/dnsmasq.nix | 1 + hosts/fw/modules/web/proxies.nix | 30 +++++++++++++++++++++--------- 3 files changed, 33 insertions(+), 15 deletions(-) diff --git a/hosts/fw/modules/ddclient.nix b/hosts/fw/modules/ddclient.nix index 8217224..e5ea482 100644 --- a/hosts/fw/modules/ddclient.nix +++ b/hosts/fw/modules/ddclient.nix @@ -9,13 +9,18 @@ passwordFile = config.sops.secrets.ddclient.path; zone = "cloonar.com"; domains = [ - "fw.cloonar.com" - "vpn.cloonar.com" - "git.cloonar.com" - "palworld.cloonar.com" - "matrix.cloonar.com" + "audiobooks.cloonar.com" "element.cloonar.com" - "tinder.cloonar.com" + "foundry-vtt.cloonar.com" + "foundry-ha.cloonar.com" + "fw.cloonar.com" + "git.cloonar.com" + "jellyfin.cloonar.com" + "matrix.cloonar.com" + "palworld.cloonar.com" + "support.cloonar.com" + "sync.cloonar.com" + "vpn.cloonar.com" ]; }; diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index d2884e3..12ce8e1 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -137,6 +137,7 @@ # multimedia "/dl.cloonar.com/${config.networkPrefix}.97.5" "/jellyfin.cloonar.com/${config.networkPrefix}.97.5" + "/audiobooks.cloonar.com/${config.networkPrefix}.97.5" "/deconz.cloonar.multimedia/${config.networkPrefix}.97.22" diff --git a/hosts/fw/modules/web/proxies.nix b/hosts/fw/modules/web/proxies.nix index 5e62a11..5b33e43 100644 --- a/hosts/fw/modules/web/proxies.nix +++ b/hosts/fw/modules/web/proxies.nix @@ -57,15 +57,6 @@ enableACME = true; acmeRoot = null; - # Restrict to internal LAN only - extraConfig = '' - allow ${config.networkPrefix}.96.0/24; - allow ${config.networkPrefix}.97.0/24; - allow ${config.networkPrefix}.98.0/24; - allow ${config.networkPrefix}.99.0/24; - deny all; - ''; - locations."/" = { proxyPass = "http://${config.networkPrefix}.97.11:8096"; proxyWebsockets = true; @@ -82,4 +73,25 @@ ''; }; }; + + services.nginx.virtualHosts."audiobooks.cloonar.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + + locations."/" = { + proxyPass = "http://${config.networkPrefix}.97.11:13378"; + proxyWebsockets = true; + + extraConfig = '' + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + # Disable buffering for better streaming performance + proxy_buffering off; + ''; + }; + }; } From 89b70fe6f7ce39de7575da3b88606838d698d16e Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 18 Jan 2026 20:41:17 +0100 Subject: [PATCH 17/44] feat: nas add audiobookshelf --- hosts/nas/configuration.nix | 2 ++ hosts/nas/modules/audiobookshelf.nix | 16 ++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 hosts/nas/modules/audiobookshelf.nix diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 18da703..6a6add6 100644 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -17,6 +17,7 @@ in { ./modules/cyberghost.nix ./modules/pyload.nix ./modules/jellyfin.nix + ./modules/audiobookshelf.nix ./modules/power-management.nix ./modules/disk-monitoring.nix ./modules/ugreen-leds.nix @@ -64,6 +65,7 @@ in { directories = [ "/var/lib/pyload" "/var/lib/jellyfin" + "/var/lib/audiobookshelf" "/var/log" "/var/lib/nixos" "/var/bento" diff --git a/hosts/nas/modules/audiobookshelf.nix b/hosts/nas/modules/audiobookshelf.nix new file mode 100644 index 0000000..7bc2fa6 --- /dev/null +++ b/hosts/nas/modules/audiobookshelf.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: { + # Audiobookshelf user with jellyfin and pyload groups for multimedia access + users.users.audiobookshelf = { + isSystemUser = true; + group = "audiobookshelf"; + extraGroups = [ "jellyfin" "pyload" ]; + }; + users.groups.audiobookshelf = {}; + + services.audiobookshelf = { + enable = true; + openFirewall = true; # Opens default port 13378 + host = "0.0.0.0"; # Listen on all interfaces + port = 13378; + }; +} From 64e3b4c55784271692a38b60d2ed17990db54009 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Tue, 20 Jan 2026 11:42:45 +0100 Subject: [PATCH 18/44] fix: ddclient --- hosts/fw/modules/ddclient.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/fw/modules/ddclient.nix b/hosts/fw/modules/ddclient.nix index e5ea482..4df533c 100644 --- a/hosts/fw/modules/ddclient.nix +++ b/hosts/fw/modules/ddclient.nix @@ -2,7 +2,8 @@ { services.ddclient = { enable = true; - usev4 = "if, if=wan"; + usev4 = "ifv4, ifv4=wan"; + usev6 = "disabled"; protocol = "hetzner"; # server = "https://dns.hetzner.com/api/v1/"; username = "dominik.polakovics@cloonar.com"; From f6a9a9e0ff0362014ce670c8cfea750bc7464aac Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Tue, 20 Jan 2026 13:35:09 +0100 Subject: [PATCH 19/44] feat: update claude-code --- utils/pkgs/claude-code/default.nix | 6 +++--- utils/pkgs/claude-code/package-lock.json | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/utils/pkgs/claude-code/default.nix b/utils/pkgs/claude-code/default.nix index f40ded4..c51270e 100644 --- a/utils/pkgs/claude-code/default.nix +++ b/utils/pkgs/claude-code/default.nix @@ -1,11 +1,11 @@ { lib, pkgs, runCommand, claude-code }: let - version = "2.0.76"; + version = "2.1.12"; src = pkgs.fetchzip { url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz"; - hash = "sha256-46IqiGJZrZM4vVcanZj/vY4uxFH3/4LxNA+Qb6iIHDk="; + hash = "sha256-JX72YEM2fXY7qKVkuk+UFeef0OhBffljpFBjIECHMXw="; }; # Create a modified source with our package-lock.json @@ -22,7 +22,7 @@ in npmDeps = pkgs.fetchNpmDeps { src = srcWithLock; - hash = "sha256-xSNyYImDpsW6AltA7d0ayMsfVaBcnyPIQOg/Ea2cGNk="; + hash = "sha256-iJwtwAYb/+1Une6Tjxek5ccf4ui3tYWy4kNlHES9He4="; }; # Remove the old postPatch since srcWithLock already includes package-lock.json diff --git a/utils/pkgs/claude-code/package-lock.json b/utils/pkgs/claude-code/package-lock.json index 125d1b9..92b687f 100644 --- a/utils/pkgs/claude-code/package-lock.json +++ b/utils/pkgs/claude-code/package-lock.json @@ -5,13 +5,13 @@ "packages": { "": { "dependencies": { - "@anthropic-ai/claude-code": "^2.0.76" + "@anthropic-ai/claude-code": "^2.1.12" } }, "node_modules/@anthropic-ai/claude-code": { - "version": "2.0.76", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-2.0.76.tgz", - "integrity": "sha512-BVwPez7Pst729gxHZNb7iUdjrn4UAzO49zC+Bxlyf0fMe3SsutxEhKTT16VMs2qInE9xhEBCxajCCa888mFPBg==", + "version": "2.1.12", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-2.1.12.tgz", + "integrity": "sha512-oJlbUJc6iyuTA6X1z+Wsli4cYWqSHT9Ttc/jBXArrrBQcILPLb5lBOKfbVJJgcH3bNLxsXwnAkZjtmmM5SqtsQ==", "license": "SEE LICENSE IN README.md", "bin": { "claude": "cli.js" From b0cbb5a3b4faec57a9406702bcde0d0777fa0e82 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 25 Jan 2026 14:40:41 +0100 Subject: [PATCH 20/44] fix: pyload user bash --- hosts/nas/modules/pyload.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/nas/modules/pyload.nix b/hosts/nas/modules/pyload.nix index 90b5c08..6788f79 100644 --- a/hosts/nas/modules/pyload.nix +++ b/hosts/nas/modules/pyload.nix @@ -52,6 +52,7 @@ in home = "/var/lib/pyload"; createHome = true; extraGroups = [ "jellyfin" ]; + shell = pkgs.bashInteractive; # Required for filebot-process script }; users.groups.pyload = {}; From 68273a72590350513f0bd37b15d7c5b225e42e66 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 25 Jan 2026 14:41:04 +0100 Subject: [PATCH 21/44] fix: grafana alerts --- hosts/nas/modules/disk-monitoring.nix | 2 -- .../grafana/alerting/storage/raid_alerts.nix | 6 +++--- .../grafana/alerting/storage/smart_alerts.nix | 14 +++++++------- hosts/web-arm/modules/grafana/default.nix | 2 -- 4 files changed, 10 insertions(+), 14 deletions(-) diff --git a/hosts/nas/modules/disk-monitoring.nix b/hosts/nas/modules/disk-monitoring.nix index a4cb579..af23ce0 100644 --- a/hosts/nas/modules/disk-monitoring.nix +++ b/hosts/nas/modules/disk-monitoring.nix @@ -7,8 +7,6 @@ let # Disk identifiers from hardware-configuration.nix disks = [ - "/dev/disk/by-id/ata-ST18000NM000J-2TV103_ZR52TBSB" - "/dev/disk/by-id/ata-ST18000NM000J-2TV103_ZR52V9QX" "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_8582A01SF4MJ" "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_75V2A0H3F4MJ" "/dev/disk/by-id/nvme-KIOXIA-EXCERIA_PLUS_G3_SSD_7FJKS1MAZ0E7" diff --git a/hosts/web-arm/modules/grafana/alerting/storage/raid_alerts.nix b/hosts/web-arm/modules/grafana/alerting/storage/raid_alerts.nix index 82ad73e..0fbe8dd 100644 --- a/hosts/web-arm/modules/grafana/alerting/storage/raid_alerts.nix +++ b/hosts/web-arm/modules/grafana/alerting/storage/raid_alerts.nix @@ -12,7 +12,7 @@ datasourceUid = "vm-datasource-uid"; relativeTimeRange = { from = 300; to = 0; }; model = { - expr = ''mdadm_array_state == 0''; + expr = ''mdadm_array_state < 1''; instant = false; }; } @@ -35,7 +35,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "RAID array {{ $labels.array }} is degraded"; @@ -84,7 +84,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "RAID array {{ $labels.array }} has missing devices"; diff --git a/hosts/web-arm/modules/grafana/alerting/storage/smart_alerts.nix b/hosts/web-arm/modules/grafana/alerting/storage/smart_alerts.nix index dd36462..42e9fd6 100644 --- a/hosts/web-arm/modules/grafana/alerting/storage/smart_alerts.nix +++ b/hosts/web-arm/modules/grafana/alerting/storage/smart_alerts.nix @@ -12,7 +12,7 @@ datasourceUid = "vm-datasource-uid"; relativeTimeRange = { from = 300; to = 0; }; model = { - expr = ''smart_health_passed == 0''; + expr = ''smart_health_passed < 1''; instant = false; }; } @@ -35,7 +35,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "S.M.A.R.T. health check FAILED on {{ $labels.device }}"; @@ -84,7 +84,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "Reallocated sectors detected on {{ $labels.device }}"; @@ -133,7 +133,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "Pending sectors detected on {{ $labels.device }}"; @@ -182,7 +182,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "Offline uncorrectable errors on {{ $labels.device }}"; @@ -231,7 +231,7 @@ } ]; for = "10m"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "High temperature on {{ $labels.device }}"; @@ -280,7 +280,7 @@ } ]; for = "0s"; - noDataState = "NoData"; + noDataState = "OK"; execErrState = "Error"; annotations = { summary = "UDMA CRC errors on {{ $labels.device }}"; diff --git a/hosts/web-arm/modules/grafana/default.nix b/hosts/web-arm/modules/grafana/default.nix index f4e0ce2..68576bb 100644 --- a/hosts/web-arm/modules/grafana/default.nix +++ b/hosts/web-arm/modules/grafana/default.nix @@ -115,7 +115,6 @@ in settings = { apiToken = "\${PUSHOVER_API_TOKEN}"; userKey = "\${PUSHOVER_USER_KEY}"; - device = "iphone"; priority = 2; retry = "30s"; expire = "2m"; @@ -134,7 +133,6 @@ in settings = { apiToken = "\${PUSHOVER_API_TOKEN}"; userKey = "\${PUSHOVER_USER_KEY}"; - device = "iphone"; priority = 1; sound = "siren"; okSound = "magic"; From b2b263013a40edcabcd2a19b57e008ae8ca7d2f5 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 25 Jan 2026 14:41:13 +0100 Subject: [PATCH 22/44] feat: add codex to nvim --- hosts/nb/modules/development/nvim/config/terminal.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nb/modules/development/nvim/config/terminal.lua b/hosts/nb/modules/development/nvim/config/terminal.lua index d377b34..43b96c2 100644 --- a/hosts/nb/modules/development/nvim/config/terminal.lua +++ b/hosts/nb/modules/development/nvim/config/terminal.lua @@ -42,7 +42,7 @@ local config = { { vim.o.shell, "", "Float Terminal 1", "float", nil }, { vim.o.shell, "", "Float Terminal 2", "float", nil }, { "claude", "", "Claude Terminal", "float", nil }, - { vim.o.shell, "", "Float Terminal 4", "float", nil }, + { "codex", "", "Codex Terminal", "float", nil }, { vim.o.shell, "", "Float Terminal 5", "float", nil }, }, } From c589a47353f1d247039f5c959b4da36160a61289 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 25 Jan 2026 15:23:53 +0100 Subject: [PATCH 23/44] fix: firefox and thunderbird scaling --- hosts/nb/users/dominik.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index 42f58d8..b9fc281 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -20,7 +20,7 @@ let "calendar.ui.version" = 3; "calendar.timezone.local" = "Europe/Vienna"; "calendar.week.start" = 1; - "layout.css.devPixelsPerPx" = "1.25"; + "layout.css.devPixelsPerPx" = "-1.0"; }; # Base calendar settings (without identity) @@ -89,7 +89,7 @@ let "signon.rememberSignons" = false; "identity.sync.tokenserver.uri" = "https://sync.cloonar.com/1.0/sync/1.5"; # "toolkit.legacyUserProfileCustomizations.stylesheets" = true; - "layout.css.devPixelsPerPx" = "1.25"; + "layout.css.devPixelsPerPx" = "-1.0"; # auto-detect from Wayland compositor "media.ffmpeg.vaapi.enabled" = true; "media.ffmpeg.vaapi-drm-display.enabled" = true; "gfx.webrender.all" = true; From 307e8f23074d5b9bbe55d3ffb47528cebe6e119e Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 25 Jan 2026 15:24:13 +0100 Subject: [PATCH 24/44] feat: add redis for authelia session storage --- hosts/web-arm/modules/authelia.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/hosts/web-arm/modules/authelia.nix b/hosts/web-arm/modules/authelia.nix index 6216b67..4f0d5d9 100644 --- a/hosts/web-arm/modules/authelia.nix +++ b/hosts/web-arm/modules/authelia.nix @@ -5,6 +5,21 @@ let system = pkgs.system; }; in { + # Redis for Authelia session persistence + services.redis.servers.authelia = { + enable = true; + user = "authelia-main"; + unixSocket = "/run/redis-authelia/redis.sock"; + unixSocketPerm = 660; + settings = { + appendonly = "yes"; # Enable AOF persistence + appendfsync = "everysec"; # Sync every second + }; + }; + + # Add authelia user to redis group for socket access + users.users.authelia-main.extraGroups = [ "redis-authelia" ]; + sops.secrets.authelia-jwt-secret = { owner = "authelia-main"; }; @@ -106,6 +121,9 @@ in { inactivity = "45m"; remember_me_duration = "1M"; domain = "cloonar.com"; + redis = { + host = "/run/redis-authelia/redis.sock"; + }; # todo: enable with 4.38 # cookies = [ # { From 8324aed9e0740abcead6a28170dc1fb87e190d1a Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 25 Jan 2026 15:42:13 +0100 Subject: [PATCH 25/44] feat: upgrade to nextcloud32 --- hosts/web-arm/modules/nextcloud/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/web-arm/modules/nextcloud/default.nix b/hosts/web-arm/modules/nextcloud/default.nix index d14c0ef..ef2b59f 100644 --- a/hosts/web-arm/modules/nextcloud/default.nix +++ b/hosts/web-arm/modules/nextcloud/default.nix @@ -10,14 +10,14 @@ in enable = true; hostName = "nextcloud.cloonar.com"; https = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; # Instead of using pkgs.nextcloud27Packages.apps, # we'll reference the package version specified above extraApps = { inherit (config.services.nextcloud.package.packages.apps) calendar contacts deck groupfolders mail richdocuments tasks; oidc_login = pkgs.fetchNextcloudApp rec { - url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.1.1/oidc_login.tar.gz"; - sha256 = "sha256-b/tKk+y+ZypCHGNDtunDua2msYD6/TzA0haoC0k85F4="; + url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.5/oidc_login.tar.gz"; + sha256 = "sha256-Qtqcw1OspTHg0QRIgDMxNru6ZGL8y5XhJ5gdgqn6/Wc="; license = "gpl3"; }; }; From 11e7b7414004913913e12512995f225690890516 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 26 Jan 2026 23:34:52 +0100 Subject: [PATCH 26/44] fix: git runner memory increase --- hosts/fw/modules/gitea-vm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/fw/modules/gitea-vm.nix b/hosts/fw/modules/gitea-vm.nix index 8c47651..c3afdea 100644 --- a/hosts/fw/modules/gitea-vm.nix +++ b/hosts/fw/modules/gitea-vm.nix @@ -7,7 +7,7 @@ in { microvm.vms = lib.mapAttrs (runner: idx: { config = { microvm = { - mem = 4048; + mem = 8096; shares = [ { source = "/nix/store"; From 9d7b8082c086018371c0b4d89eb939c310b93e5b Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 26 Jan 2026 23:35:07 +0100 Subject: [PATCH 27/44] feat: add initial forgejo --- hosts/fw/configuration.nix | 1 + hosts/fw/modules/forgejo.nix | 145 +++++++++++++++++++++++++++++++++ hosts/fw/modules/staticids.nix | 2 + hosts/fw/secrets.yaml | 99 +++++++++++----------- 4 files changed, 198 insertions(+), 49 deletions(-) create mode 100644 hosts/fw/modules/forgejo.nix diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index 493d50f..a2661ff 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -43,6 +43,7 @@ # git ./modules/gitea.nix + ./modules/forgejo.nix # Migration: autoStart=false, start after migration script # ./modules/fwmetrics.nix # ha customers diff --git a/hosts/fw/modules/forgejo.nix b/hosts/fw/modules/forgejo.nix new file mode 100644 index 0000000..ec6a237 --- /dev/null +++ b/hosts/fw/modules/forgejo.nix @@ -0,0 +1,145 @@ +{ config, pkgs, ... }: +let + cids = import ../modules/staticids.nix; + domain = "git.cloonar.com"; + networkPrefix = config.networkPrefix; + + user = { + isSystemUser = true; + uid = cids.uids.forgejo; + group = "forgejo"; + home = "/var/lib/forgejo"; + createHome = true; + }; + group = { + gid = cids.gids.forgejo; + }; +in +{ + users.users.forgejo = user; + users.groups.forgejo = group; + + # Reuse the existing git.cloonar.com ACME cert from gitea.nix + + containers.forgejo = { + autoStart = false; # Don't start until migration is complete + ephemeral = false; # because of ssh key + privateNetwork = true; + hostBridge = "server"; + hostAddress = "${networkPrefix}.97.1"; + localAddress = "${networkPrefix}.97.51/24"; # Different from gitea's .50 + bindMounts = { + "/var/lib/forgejo" = { + hostPath = "/var/lib/forgejo/"; + isReadOnly = false; + }; + "/var/lib/acme/forgejo/" = { + hostPath = config.security.acme.certs.${domain}.directory; + isReadOnly = true; + }; + "/run/secrets/forgejo-mailer-password" = { + hostPath = config.sops.secrets.forgejo-mailer-password.path; + }; + }; + config = { lib, config, pkgs, ... }: { + imports = [ + ../fleet.nix + ../modules/cloonar-assistant-config-server.nix + ]; + + environment.systemPackages = with pkgs; [ + vim # my preferred editor + ]; + + networking = { + hostName = "forgejo"; + useHostResolvConf = false; + defaultGateway = { + address = "${networkPrefix}.96.1"; + interface = "eth0"; + }; + firewall.enable = false; + nameservers = [ "${networkPrefix}.97.1" ]; + }; + + services.nginx.enable = true; + services.nginx.virtualHosts."${domain}" = { + sslCertificate = "/var/lib/acme/forgejo/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/forgejo/key.pem"; + sslTrustedCertificate = "/var/lib/acme/forgejo/chain.pem"; + forceSSL = true; + extraConfig = '' + client_max_body_size 2048M; + ''; + locations."/" = { + proxyPass = "http://localhost:3001/"; + }; + }; + + services.forgejo = { + enable = true; + stateDir = "/var/lib/forgejo"; + settings = { + DEFAULT = { + APP_NAME = "Cloonar Forgejo server"; + }; + server = { + ROOT_URL = "https://${domain}/"; + HTTP_PORT = 3001; + DOMAIN = domain; + }; + repository = { + DEFAULT_BRANCH = "main"; + }; + openid = { + ENABLE_OPENID_SIGNIN = false; + ENABLE_OPENID_SIGNUP = true; + WHITELISTED_URIS = "auth.cloonar.com"; + }; + service = { + DISABLE_REGISTRATION = false; + ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + SHOW_REGISTRATION_BUTTON = false; + ENABLE_NOTIFY_MAIL = true; + REQUIRE_SIGNIN_VIEW = false; + }; + mailer = { + ENABLED = true; + FROM = "Forgejo Cloonar "; + PROTOCOL = "smtp+starttls"; + SMTP_ADDR = "mail.cloonar.com"; + SMTP_PORT = 587; + USER = "gitea@cloonar.com"; + }; + actions.ENABLED=true; + attachment = { + MAX_SIZE = 2048; # 2GB in MB for general attachments + }; + packages = { + ENABLED = true; + }; + }; + }; + + # Configure mailer password + systemd.services.forgejo.serviceConfig.EnvironmentFile = "/run/secrets/forgejo-mailer-password"; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" + ]; + + users.users.forgejo = user; + users.groups.forgejo = group; + + system.stateVersion = "23.05"; + }; + }; + + sops.secrets.forgejo-mailer-password = { + owner = "forgejo"; + # restartUnits removed - would start the container even with autoStart=false + # Re-add after migration: restartUnits = [ "container@forgejo.service" ]; + }; +} diff --git a/hosts/fw/modules/staticids.nix b/hosts/fw/modules/staticids.nix index d382370..90b3973 100644 --- a/hosts/fw/modules/staticids.nix +++ b/hosts/fw/modules/staticids.nix @@ -8,6 +8,7 @@ pyload = 10006; jellyfin = 10007; filebot = 10008; + forgejo = 10009; }; gids = { unbound = 10001; @@ -18,5 +19,6 @@ pyload = 10006; jellyfin = 10007; filebot = 10008; + forgejo = 10009; }; } diff --git a/hosts/fw/secrets.yaml b/hosts/fw/secrets.yaml index e0da8b6..a15e913 100644 --- a/hosts/fw/secrets.yaml +++ b/hosts/fw/secrets.yaml @@ -1,69 +1,70 @@ -ai-mailer-imap-password: ENC[AES256_GCM,data:q9eJ9Tom+X6KxQJhWQTUB61k5A==,iv:FH+IUWi2yZBBgMiL/kNW470GEVHEG3fImf0bel9og/c=,tag:RSlcpXwmNyLB8Oc/K2Epvw==,type:str] -ai-mailer-openrouter-key: ENC[AES256_GCM,data:EvI0BuCBA1uYOderjAVcB8RSk7un7tiKmgsSe70KQcmfu3CxmQerP/2kQsRTJ0/6pWf4QqNpaes691O3nf+UG1qgG2CUcIaYRQ==,iv:OYEy0xMs+vkGa0qMtY4UP/iol5JPQ0eFVyPpPXLAmUE=,tag:5PeXZcI8TRSUOyuKs0STWg==,type:str] -borg-passphrase: ENC[AES256_GCM,data:GGmf09zX5wQ8Fih1EyP1p3up9ckFjVKsktU6ZFwvuZnG/O2OyOod66qXc/IXx8GQordubZ3TgisOeMLNnSowp2qylh8=,iv:fFgw/x8Ww9cInkNlPIoE3stUfISbfk46PBj7aimuXNA=,tag:hnNYrkLgt1qJc+gN5s9L2Q==,type:str] -borg-ssh-key: ENC[AES256_GCM,data:I7hErgUwWDIxKLdw2FPKuTx9aOcqF/EhOIyU3pfd5QA9sQZkZT/c+IU3b0rNdi6OL6KYDQ8+pMhFuDB7Tcna17etB5HQYnWR6L/QDv5rZTHAHbhTNUEk8w+4zIsvffKJlfObM6qnKZhZbCZT4CvbbvFqmg1KxkFqhpMZSOfR4hpvsNVqEmagygYxuPUSamWgb0y8+CFBxgR8FVEz36tJW8bH7110ZupfkF3P/DNgw9Mci5tYHdrzu6CU5YhbpW+hx88U62rvenWc4T0r7gVcEZYjkVExPJRKs994UVCZO22e8Kx8cy9OZo0S4FBgFfT8Kx8HkYX5viBnwxZrWRsw1ober2LIa48Yc9Sh1cuf1HqD3HSwEc90LuXP0EFKwJLm8MJ3Y26fLLz+NMQhVtug6lAt2cUZj1qapgMiSznw1RJv7nEJNKRx4rKGDdzf4gJ1Nn1DcuS1gPe+WMd2K1WoGB+QiBRIvCvv8f6YrnanNS5YDt5W11vrh2YK6u4JVjehbScoG32ikv2YAYD6HxkNmIyPAwKXM1hIdk91d55bk/feXDLSGsnlBcSdQ7AgBDKEy4UDLEvUPKwNgxur2t9PgEa+AHXZSjhQOpYVEHQI7qzALgSR5v9lEpPLvz4Oa26VwglMwyKcCxB6vYhz5CXnRXXuypBi0TAEtnWsQaUQrcYNduEkNTi5BwtGYJSwD0nVxOFQhqxwbCvQSbW4iT1QBHbvfEGhKtsDIetZrx2DL96aQ0maj9B08O5ODsiQsZzyc68vyS80Ctn6dd/7BIeJka1ciCbXrZiWXHa4Ibrfp4pdjTfLVXhvqocNolLQupwqxXdCMI7pmZYrcQEY6VmyYmuePWOQr76/ed4QG3mhmAJN16SZw3SlDo02LxF7qiQV1oCojpeqxdWnr0jh+tG8z2hzK4cODvwnNx1XCq8O1P8A2vcuk7mzCnB3tTMtLdIGh6kF0V8I6l4zidJkDPRhqB/LonbK6Gj1OixqgL9aJ3Od0ahF3rOq/SnMQWg+MJkJUv0CV9KJCJZ5FoHv9JfChzTG76PsrXtAFGoXwHMsrjJi/1E1UxSFV7TuD48FB1fRleWrt1Zhbefaq6aDfYPCiRLbpNbQlepnX8mRzMfXleq/ESZqXHKaG2dza9R7hiaJFOd5OTXrqoaf3spIRCdhSAhvd6ChpD+NtFssqUWaAXmZuVQhg/udVOGGW+mOgd6pRKoFjOXkD5bnVf27KY+w1EHTOUNoKWtZlLWmmsbJBF8MGc3E5XIGM+Mlq0E5mNSWB/XwnionuUTGg1+gUUCcCbcmOm7P6J3k4l3ZLhuu4ilw+wV31pjednAnw/IIw9r4lMGL0RN+zJL7leE6FT+fFqdjRx3ZCdCFGxjrmJgugtfZECjgR6nHQWk2zLv81fi6OD38wBFeeMe7Bm7fV0A7+oHYrTXyvxuo5aXfv3pOacAGnUulbhWUIcsN/GTFzcGio5iBlIOI7yI6EeW6VcLbXm+ISw2YHv/zhMFCDrOeXn5jYCI5zwi31+T+XTIuku0DOr+k7WnS8WKWQhdlhuLUp8XpNdUVwegfrZoU3xWo46WbUWrtOcpBoQguvjGvVYelb/FHWx6k8mQy/9Ke7juaPXgrhKclAA1pyKuOvFjO8UuUI/KBMZGTWtnAxrS+cOTdf8CBhw5smJ782wyvYkxQJfddfcUU42TWGLSpLUJUYc0kAjbbAEfKkWQw73tCPH68VPSq4/3nWH6lS95bMayn5yj9B8pnl5Ml1Fv7q1SAj/F5FrC5uLB7QBUP8alKQoLvpCCkXwRQn6FHPzTPoKMmkmRCuqrVmG0blyyY1PtZq+hzfYw2oM7kPwElXKUMo+Pd7bJKerRcTRir0odIMyKXNXCu+OC2/WhcLLfwuiW9PH5clbCt3gjjM4XSMsz/vxxwasuN+WnzFHuTlL2DN21rSFNKjPR7b9FfifQObQQCfEE+GBAeid8OsLU+7Uk+0PvjWq072HOMU+fkbgdISLp1wmafOjjt68hsnxx/dtsqTxaE+mBCTnLlBdSJOHi9JvcAC8QZD/fHUVGd0EpItUQJCePaWSVjkg3Sd5wYR5zko7WHAW0iuGXqZUQkNJpMm93w8cygkAiNJMffM4FkCM3yXpSwBqpjN6+OHNtcHzDIjwwUCMigyqHKvCkalcsgSLus0451Z7m6FsUnOvlkIZxWovQEQVqVDwa42g7EqPyaVghaUmIsUo23Dlz/eNPM/HmgqtdQN6+vJTgK4kdkX2HBqEpPvNn7Faa1hW/gfLIVl2cknNUNDNnkmqkvJLPSUS8Fi9lNhM5HDt0hCr4JmmGJrvgo2TlxnMpBGUPi4UkfxEuFIgxmzvpNhSpyDJNF+nFp0UD0ztcCdtAta1lpoGQ0zZEiTr6Mwwc0fozxerGtxFLPm2pTSgjXKI65JyRGJjNHAHG2XeOC/7dWnwo4GthFCZBKPB8/W5EsaOeuSsWfDAP8n3GW0AIVwIh8Pmf3tdml7dKU1J7ciVnLqoHE9NcXfmnRW6liJ05Ca1UUgcrtQasQKETbSEIBBM/hvZAMd8aaazyIBRJwNc67TIEkKBpvC6dRxpUYEJ5ZwVvWGrJIkh4WekDEV+fFZDyH6V8sngTmnT6Z3GCyRContJLg8Gx+CE6fLnZ69OUXVZ0FU6C0K7GUqueB8l60ccJa5AniiEqhRk/5WQAJBrcpYAYrYU/WTEKkyt7EtBnxeWPCyb7CpnF/11i2JOk33WAcYeXUK0IIfVaPmW5cBQFDVZ9JX5W/kfEMwufizXqjWSMXIKnON3ICD74iOJRmnMevaT9/ruVtMlXx/7M4iQVMeIl8+0He5S5+U/1kUZVvx4OmvQBdfgIQrjso6fTDeGMziM5jeQeCUUWJg/cBV9VGrMsGlELiZiCWvVI3Ysa/H2LkutKa1dIRHtvhZNBan4y1GYq7hcDpkmBJ6e0WHV2gQxhgbwgWpOrf0nww+KUivUJySz2uTdRunrujkwCMDIt7zDXHrItuI0xAfrENYWXvp+KyOMeWUbjUrOUc0IdeAD4DIBywKVgZD/2j5xtew53d0wv8LmcBe89dKSyMHWm09ZPjbwm5FL+qafFLFZZYSlfr/7f+MFg0kK1Fd51rh1pmO9vpgha15MrzgK1KQ7FBsShG5UZ/7l57CPGV7+TS8B6ujDbFvX3vvmwJ9LMhPsOkeh2f8yQGjZppaOjx7WorqCnjP7K4HP5gfbz+GC90jZ8xEabm5p95t3tnOw0NBG8peE0bObUosd5phJN3PuahcCYGNF9WBtCAsDR9WzC4vJgwpSRl1qVZydm/F5c5N29cszRViM2yG1vIqzbUo3uGkN4+Dvr82YB5rRhn25pdV7Z79xroJMnx9mDGAM5ShQPDloEZeG32i/rGB3PKruyfCYNaWUT48qrvt8S9FTrt0etZVJrxFp1v9M7Ct4ojw+OQPW+bh+bTIWd1UqY4TGhAeg==,iv:f7rBK8aNqX8dGyzjoeRX6yl20XsnLU8b4gitaw9+O+0=,tag:WvfUw1JgFBAtS3vsVIvM6Q==,type:str] -ddclient: ENC[AES256_GCM,data:dS6TVVNb6R7EE1JVMDfSnRYCZyHHqEPvwaYpkTSj+VA=,iv:9uMo+9X7dFdVW4wuSgrqIAaQelXuA4cek2oif0GRHow=,tag:ncQq4UeUzWtjPNxEUOlqNA==,type:str] -filebot-license: ENC[AES256_GCM,data:jY7E29fFJ/h9NIgIjuX++WBhnLk6Mm4iRfMh4P0pUDdqH231gXDsTZ6pJ1rpFXdEHSuNN4LfznDTKgZ2azKid4WprDUzGkN0uJD6CfSR8gTIx5Rq0M8vkRah51LC36bop4hTMzECYQd1YA47hOBV/gfyg3RIw95coWamV9FebnQjIBgWYxE+wTvO5iRvWpiCHd6VZQfkiiR0KF1DrkYkuxlX0piGEKmIgyYCiKMFZ4nrrIe58x5lEQA9uPVjE7vmq3c3ge6tJzjVVaaNocbJhxhA18GLMqTSHfnBsOLRlA8qSQ3xX/VRzKQmaYQHIM77Ylb9ZQsvFt6EDlzQMl5NqT7OJZUW/0jwNaEXHURjeTOC3Hr1HugiDGm+uLXEraaJ6Na2AbFDn28o+3J22p9xNg6vWL0FElzKuaz5TFDzdZLZsD9HOPQm95/ZM8JymDjN4qxkkd2o9rEKY6to1MVDarj+lDxIHhf4pL23YhZsn3esNlEbFswzHQiH7nMsu9Jg6a0rPu7IYylDnH/soBjxSKmf2dhH1LLsDm8It9K/7NnXwmvncFXaqNBqm/e7JzCDBCCyVUf/BXbBc3xwLwZf5MiirZ/iYiYnRtUssveh7BV7ICigRj5Ewtr+n97+IGI+FyonkvOgM0bn8nHf79ZzJCKMuntcw3FlGd1nIkmcehkC79PlKIS95oV/wypl1OmU0CVel+D8hsMuONmF9NPHgFk/ztp4GF+XXRO4ExNotX1XrUlvLOccoHDsl1TedUOISzgAK71edxfI8y110shIe9OfsCEUAbmWMmjGVWH2fKu/IrYYQTry6pYFOjG2bIEUXMaiIP0lALbq/QNgleqMNPY8wGzFbP+/jaYzTbw9KXH4bwYQCl1hSI8THfV7lLE=,iv:4ik/aQqi/hIqH8ix3ejgUiXGY7ycw0ymdVrV+CEQe1o=,tag:7ymc4QZEezJVPlYTlU4H/g==,type:str] -gitea-mailer-password: ENC[AES256_GCM,data:lEv5euTCHG6pyNqrVtKK7oE8wLvk+q8ABXOzFSizQ2TVFi35lyGPzOTel/dCCC0Je5GAHE1KQQ4Y4/iHghZgb5Ft,iv:gt/mCzLbDrHFNqW+Lkd2dy9nRIBKO+rqsVuXM45zJ8k=,tag:gCxTSzY7GZ+jQP9SCsdUtw==,type:str] -gitea-runner: ENC[AES256_GCM,data:HLjSETmu2C2ROf6kqUuIzQl/t4Fe5EOVkMqdTeLNnb6AJ95l6M/WUk//dnPMrWVvEq7rV07awUiyvyJcYQzMgPNddCrfcn2Xr0dYK4XFenz/sdhknVex9uS/RhK8fOqdYJ6djpynikMKddZMQr9AOVfpF5mea//87+Az9rOrlzLdgNtf5HyBEAFKaOFbkZboAsP+jlxyyYurGHPr8LxxikewDVxnpB+XzMc6RAnesrZPOTDQlkMiPZ2t2o0klhD/4VomgiHEklULxCCmIAHaqDo=,iv:1FwTespqVTnKFbyf9Unbbod08D36MKsVbDhIBNGBkHg=,tag:rgVvyxUCwzYB2CqWm2fwgg==,type:str] -gitea-runner-token: ENC[AES256_GCM,data:pzJp7j1Ktz+27oU+qtESk7D32w7+BSEUkPSX4xuFml0i10z12Gzu0QHXL9s3734=,iv:U77b5515H1URfz5BCdzuY03zVkhSRsL9d+HdHUJFx9U=,tag:QvooaT4TS/X5R5KGdaVpVQ==,type:str] -home-assistant-ldap: ENC[AES256_GCM,data:4kofJzPbiLXILxjuAZWiTb9hu2Gver/IHBCXDnrmrKuCSII6SJ9FrSi67nl7SHdoA6xe22GSMfmPrKzy5sGiow==,iv:F8mIHhWHpaI6kzRV9du6uW/Fj07PbEIU1goSDmeSD5E=,tag:6NIC6sN8OclinribZhrLLw==,type:str] -home-assistant-secrets.yaml: ENC[AES256_GCM,data:rns9heAmVMxB6WWlGMXvF/ianFUnja3FObiLTEKJmodePNsJ8ah3OhuCAX5jON+/7NZ+3JN/hIJjXsORC5WYhr01DvO9meykf0aMpbmAnYI+cmPEPvcunF4NNInl96rpcI519nMiHDSh5J7pD74CxHZcXSV4c9ZR5UBymchrwmHyZMF6dVrD9Jbr9yph1r7iq6S5wlI2ZImWRjaoGDZ1x+ZU8XnsUmYcP4pa1Yt8JBxSnyUw5gxgBkVCh4eSZBsUCt0cd9P0i7qWVg==,iv:YXQsawXZsQb9ZUt1/lkpfTa4tfKIQrLkkyShFtBRaIQ=,tag:/vSnipGiMntdMqHLePSEQw==,type:str] -piped-db-password: ENC[AES256_GCM,data:5atQccdHYDEf638bpiON9VO14jqNDtzZ8nnXVW0/cqtWkZJc8RYn9N7QhAw=,iv:Gwyf1R+mpmX+TFuoYLPHjXwSDwzJhSEpnj5ZsJgmrtk=,tag:zm4zNkzbqbCyTN6o3lQQfg==,type:str] -pushover-api-token: ENC[AES256_GCM,data:cMBDdySEBQ7vS7FUC2DsCcSvEMpapWvMFmnuCsY6,iv:SVDrrDm2pcAfwUVAC5j47YwF4s/FWNARlZdIZ1Wgwgw=,tag:w7ZeNMPXWc9j+zVaSxq1cQ==,type:str] -pushover-user-key: ENC[AES256_GCM,data:fjoA2YQxmeWEbSKWWE5iyi+CUh1vtW9usVCm5EGk,iv:p4YwYIhpgn/bY9t61//CDrDmZrsj9B/naZit62lCpwo=,tag:pqEw3pDlX7i87tE0Nsy0/Q==,type:str] -wrwks_vpn_key: ENC[AES256_GCM,data:VEHqnr/bDtmyLzs0wnmZ0jCWS0BGJWu6Wjq0ZHJuEz8PH3j/E54S9NUe6WRIo+BJCsh1PlRqw/PD9xSqlW5uPg==,iv:OMP0s8Lc2CmFgwRuwB3UWJVuQFqvpy+BiyhnIKbVIb8=,tag:x1LvSf6i8khd8jKgv/284g==,type:str] -wg_cloonar_key: ENC[AES256_GCM,data:1OfHD8yX+pgCXqqxn7cddnnCA9HBjGra4eht7uLxdcbdG9vDvxUoE1x6aWg=,iv:/NBEbmA3wP/zwrqCeBKDzaoSMqz3f4ZeMlWbu81R5Pg=,tag:Apt8x/j0qiJAKR4UEVSkrA==,type:str] -wg_epicenter_works_key: ENC[AES256_GCM,data:CTZkVGEVRlCdt6W0BGPmX0SZbuBBH5IIlUsi44SGXi7gdmrZNwv2zDv6zjA=,iv:4ZDDKqR6pBq8cjX763tBxOvWFaS2IiGaBxJu6L2JYig=,tag:H8p63BvXSx1SKPFw5gnptw==,type:str] -wg_epicenter_works_psk: ENC[AES256_GCM,data:K0SDlDWfUk9vIGP5U1j8p6TJ9GsydJTuKPb4kMgde1CILOia0S9/+4AkMWY=,iv:ITwLoWZXR6NxRFF3eBvOogiWHLmXnf7S1e2FW0ofr/M=,tag:2OVi3OBFYT0nlCx8gf2AdA==,type:str] -wg_ghetto_at_key: ENC[AES256_GCM,data:+bonpVjV1hxwaqtR7ywshmoDxCnFPD11q0OiNLzxUJIaYrDeS1srpyo6rlE=,iv:Djn16kuXTWqJZy/AT77GpH8RcNtUMZ6zcIdKIMHv+PM=,tag:LP2JCaPKpzeOKvBc2bMr4w==,type:str] -matrix-shared-secret: ENC[AES256_GCM,data:nVSHwPa8xYUaDCxL+5neFtzc11DDNzJtoDCSHYXZ+bZXVAAbp6/Pjx6UkTdAA8B2GOM09nFAsBuLnQfJ3w==,iv:WU3hnRlWVwx7Qin3ejw7V4VhAmYLf6oXzVk6xQgZPgA=,tag:O2hJ2q8XDxYF+rHPNgATgA==,type:str] -phpldapadmin: ENC[AES256_GCM,data:94jCcgGJ89Er5ENLqhFZ1qY44Qp709SuUhBUuED6v/a7mPPjrJGDmi0Gm3r1Hb4CDPGkWf+x4NStY7LSQ2bHEzjyMPMS23wvSLTmC5b2TVca1UI8vZRTD1R7OvdWo8d1oNweSpYEnAXGv3USYF0NZo8DrPLM5G8lG5Tk/rKS/mxU5ZRhPyA60rbmIiy3Mk4yNcs1tvTEckxU/zMVl7zUPAsOOlmYGuwJrHmmh9p7YIWHGIgZNiLs3U0BvSKzN7WktmlwqjfWpeLn4dusqgov4SSQ2otAkxLHIH8mGhyotd1wgXJDZc6tilMe+WPHQDz9db7FT0VdeKggQ94FD+8rP0OsIjR4AdjZ,iv:C8X10wtA9jPgS41pxasaZJTO/XFcRymOyTDZCWJlhmg=,tag:xkMJsGubny+Di+GucAqypQ==,type:str] -palworld: ENC[AES256_GCM,data:iR9nceVotLKrFHnPIVskCYVLev9OzGLLlmfCGQq5hqB1HveXjhjkfm/NMmqnSi9o776+Ezy7l3kkS0R+0cFJ2B9kaWGsdJtdYDwQevmf6Nq5eaBYmvu8kTnaatqZ5e/1BQzcF3to6MA061XL54YGqsAV5FpnDVLhyyzIvaR3gMvMqJ748NL7K+hbBqMFuWcSH3hKXwxtDK7SLtcgx93W5ZgXkZMMumtlH9hSSlZL4yxuQDAQUwHrEBL+rdphA0m27dyS87DA3Av5ZL1MZ+Vlm4uAHM68T+rtVYXTakNImDTc0WrhIP8FZD/UKTAhVYAbA9oz6cbeC574vchuEY1z19SY9+2HshZZBOiPDMqdvrqyszMQCo5I9dUzAJCemQQTlYG8ekREQ0wxARnBYi3iy5PbmgDQWdM3+ff4yhMmGiHtiMQLHzrquKy8nvS9lDp9uT7njkaI0QAt3eNWa2DAQRqXQAtmuRVob5+GS2Nt6XMTWRkbeEb1phwbTqZD5mH4p2TiyMKCn6KOXsgQTxqGr35Izbe+bfptCmUeyscTKq01IZg77w/dvg3AX4iHAcMNgJ9LIHDLibGHQzu9fGN6alpeyy788GDwRY4glYyKxPhCasKkBSj/uhcDAtdg+c63vDTBhqRjNr6+v1NeRW6lVBzrgq+f9QvO5RVKrvdsVHnTA3CMGQzUPAaluNZMpzV5KqxqIrpAAPXnN0ktig==,iv:kkcm/alLHwC84IKK//OJpa36ec9ddOARTIM+KJlOHHs=,tag:jV1DjfNzRgNaCGgJTKIy5g==,type:str] -ark: ENC[AES256_GCM,data:TRTwxqkeUGbtgrWuj1YEFr73+nxCXmt/fR5vVnYR+k4FpNBB2FoY/gXl0kqeFKPDcajwn8nYBs8YE9vmYtAX/Qs4g5OyU9qC/pkmSV7/gbGfqLLqcbIlbWrZzeM8gRW0fp6h1TMPsGO8/iYdF4bmInfuZW+fKr0i7ZRgrtOpPiRCOI/ztPGkFaduuwGIy+yVoS64b9r7ZLRnOZT7ghVv80GKorJuuOQIipNAJMzEqtSA2IqaxWeb13v8wdQoKuMNcD6dCYVJnvgwf4R+,iv:+F9+yJUZBzPSSIt4uLHxjjXAjzRojLxKAyrd8grMXkk=,tag:VrIr4FFbIGTq9RBJMz8/Ig==,type:str] -firefox-sync: ENC[AES256_GCM,data:guNgEVi9n8uJuLkkX2Z3tMY/NVqzQ2tdIutZAqleah9qBri0/3dzVHF2xvztLeAgm/59tN7TtAlAH2SMK6gcfAZDasAWOJ/rGEASxLi6VRjqCe25glDMp2YrA0/mcqZVYMCg+QZ5OPA56b55WDqPHPoBJkPDuTm9axwm6AOxdNi5BkDzMw12fVBxlJL/Rm8=,iv:yD+MkZK5vvZ85vYGd9X2Dv6KkSvMUsMGLrwlJ1pRqlk=,tag:YA379QupHh7aJZKcQxB7bA==,type:str] -knot-tsig-key: ENC[AES256_GCM,data:CBFaRKPr+HRVM01fA9/OLWeD1O33axQKEKJuqDRfcGmuDeP3oXf+ccEJhQE=,iv:2O5y24YenpiMc9txPx8kz8x0aO37LpLjIcwlNywPEak=,tag:J4bVZ7RNSR9fiOBQ2HKpnQ==,type:str] -mopidy-spotify: ENC[AES256_GCM,data:irBeIh2FieNkdf6Hls/Oj+qYxj1U7R7/Ffq6dx+JCS0PdOiFWIHXtccY+PXPKP7RhhaQOgZtIcgPyqTiML52P0c8AwN6UHMl7kgUcKnk60AI0IUZNWorCBZluHhEpf2e2OISlFzDGjSHk+zAzh2eDS1lJ9lCRYEC,iv:r6aZmlVHdRsA9DxkelcIVVpwwm32jaOgP429h61NL/U=,tag:FvPIr0HX/V7+G9kal4nO8w==,type:str] -lms-spotify: ENC[AES256_GCM,data:E53aUSNxE30SSrG6Y6SWKVzmsv0lu8aZvjk1RBgSj3q4m65dPLwGM9HcagN3BPoVTc0tKJaccrjoL2k5FOMnwcTXIz3qgiZGbnB6hVCoOhMrrkoFRN2JzSIA5WxKOT8VuMoC4/a6WaWbY8SWAdhgRQb9uq1hUxdkMCoNRLNJnPqR/0w07lCDVHvkj8XuBV4rGl93VVT3rCzjVTL+Vigv38WZ2il2aANkCz3joNeN8Uod3K/HA5uXLw3cLFmD7eI7LBDSTHpMEg==,iv:iRKrij3TRaufB5BXy7Xhiu3asClZ6hpkbMV14aod7jk=,tag:hpUwP/OHygqfgI6j6q2sKQ==,type:str] +ai-mailer-imap-password: ENC[AES256_GCM,data:shEEPVXXUwyKpqkZgvUifdxd4w==,iv:IgGyuaJLHm7ARgpzKQFUa4CoJtgxgYn6drMXaQqfG9A=,tag:PFjvzSk+l9+M16inz+X+uA==,type:str] +ai-mailer-openrouter-key: ENC[AES256_GCM,data:kJ/ujzpPep5zTv3j6ZKG2N2JaDl6Qi2e1Kz3u7Eu9aXYzziFnBcCIbru6usuKXuC1O7QhozaVemeirthUCOqFV4lzRk8cQsN+w==,iv:dngoIRY/Rr73wbWIl6htCO4TWqMdGt2oxHZS9lT+nFc=,tag:oTHu9yuDl2zTYhjNbRqmow==,type:str] +borg-passphrase: ENC[AES256_GCM,data:VfSwMgBHxETZMUXeEXnvQbRnf/C9Coq2IgrJBUrGsCAqWIvBqioBMTS47/fDPElj2sacn6su3v7vFSNVacf/u1X1+jE=,iv:OC4h9/kD0B1fd1EvBrAb09lu/0mLQcCwV3/gJLMtqDQ=,tag:NaDPQE3bg4eP49mSN6SdPg==,type:str] +borg-ssh-key: ENC[AES256_GCM,data:YKbvLl0aQcWYFuf3+z9Nh8aSFZ825v8dMfvY8sTxqqFRW8t/43qXWyNC1lnIUWnRPaN+lDwbtXknqUb8pPj/szI8j/wHgAstzT3n84dj0pfifHVlR9f2edWUzyJfBGCAz8HobG2j5Ad9TmFAP10C0n+fUWevG/VYeAIP2Ot+b6JhhJaPzRmYBROZDwZk90XSh/pl/S3+PP+usKt5Qt5kcHjz0/6z5mLMvW/3fCbG3YQrhrOAIqvaxj8cdu3OzN5/Pwfe+njoTCzUuE4xdZKBtVkX3gVjWKYN5IVLhSU1SfvHBhUKx3GYM5Io2qLXnq2MV4dFg8ujVrPrx9M3TVa7J/8lkUPdmBkf0f4m1SLNrMDlbcZwNpY3bNm4AnZNcZ+OFTq/85ETiLOQ7bEonSOy9QqDxh5Y/1P6SlPtlH5WgeWax1SwRgEIOSRzVpmjrTOEkNldKYznroGbsj1oEn8DfGEKHEypOBPT6KHsyFgqmSVJwJ7zzha/XN7QsMIK63RuOzrqra1RYPu9jvs8FhwazfX+Olv359lMrT7GRKRNsUVQUpo2XYp/cJqS6oVrb6HtmaIpwCpz4m0lj8qovBMGOCu42AzjIQh7s8hUNqlVTLYPopO/qbC903QPs3y6d1Ipi6JKlMAKkmGdcvUTiypCjEeQ3FLaCFmo697nZZJubLCRFI+9lvCUaOnnXZ+KIm7Lzkcvb/fXoS0Zq/1xpgo5lJP3AIpejAsbCSiK7yKY9ydBRRTr/G5wNQxZcWitpErH2PG8+a0TQwBWuK33bjysH58dmjLhiySNCfo02kE36e+SoUB1z+jdmEMDoNqL1Oao/4qhJ3FBSMl/1eI0Vs7VkDAZ8UAfCIFo5iGHcn1Irnkb+6Qm6JPzCpoOPwVR1b7DGQZaNToVWtl/fNQjRvtAF/S8j29wCjI6M2/akpTbp7mcax0SoT4Evy3kT7q1BYaRmhxrOU+rTctOscKhb4QSOMBjahatANFeD0HbRYd9wlWzL513n/SLP8cXumVLT+SqN1RcvoUg3zdnJy8/e99r94PwaFPjwzhBBt8DL9q4W0QTcOPbVS1zrsoSh78bJJOwArX1pqOzdArNExFldX3cKwU3U4zcSuW5zPttQXXOBowHlKoW5slqLCgoRj0JljyiRtC5yUlCGhKTukiKkRZ+1GOBAEkSus2gJdPxi6lnAZYpyAmTdpacDG6Q38S8/p6r+AXiX4mKWf1FhfymPY51XmgTNfHzPFhd2ADjIFLTxepaX9O0F8aQn71fTffobhFNlGX9Xn0Eocjy83D2ltG14DOIJWozy0KfaHHFH8ToNvEYMmY/SqH5plNsfZRdn80dG2Q7r3ZvBmd12C+ZI6ODFfQJ0NjKljzxQ+XAFzmtggLmU47iIRTVgY3mawab5hmCZl6z11tMhpETRsiULWW7nuTexs1Igf36w4mnpqm1hiGRsFoZLQumxYCaCBpIZK4nodB8cYoFoFrp+ABCc+BqgVHSjqPraNzc5w0GzUBRrTu3+e/dZnRjB5Ht+5vi7tE1KncgNgoCCPxRDZifvHJwe7hWOiPjL3C2c+ApHR9j0TiWFEZhcR6DjvExMKK+u1loYZ0hcHDNepk9joQL2DrX1E106IKElxImvbYS9GPurOosZhXmkk/SKHMyhMvSRkKaM6AHjVsfiVf4pPNRH4hjo17llxwOuPpLH/kLZI4ebx9oUNO23vMatxRN1Aw+2cXtfcLxXXl61VD8SoHDNieT9u4qIfAoPMU+97IOIQH7chGK+HatuVNnQwGZ3ur9q10kL6CnNq0p0fj/9CW8Mm9OsF0d+XgJ5YiDi5vdBtdc4mdsW6O09cTfAMfJqtx300/F+cXZnB2AHdL5KnI6lQ9SgABIhF8dNveaSG/iospB0Y4tQ0pUAxxR5195kIXZ/QXzZERzGaHAu/eRJ/GCrfkf1XHuwj1sXyERgbUm/aVXC+WJfah8rxR2eTUm2KPa8Ywd7A5NLWwFV7P81DrwJVHsnsXjAIVUsYkCySIxTI7Tm5JXAnXThQtbTPqSBPlxqCyK+9py76d16dZ8E83V8rMnUVLEPkkuaqEDzq3cT/bBkW6LEoqMlmGonz/bWSZmo78o7DoK65DSiseOZvl9CfFXSiVPyM4JY7gu/fBkvdVT79J6Bbjao2kFLUO6OYB/BbmuYUo6RqTFFHH13jntyP+FEMlLPUsQcJWYE4y3YLb5MfkQFSsF30KItSwhyL+nDBNcgFC+mG8qDSPYj3dYtlTT+RtGznCQwx5mVgYxAw2PFEB+UXiZBBTCn+VxD3D2uD7WPRrVm+i0001BOGVymPU8RKWKvUSrzuOA9itkTwbEdQ1FZ4ek9Cl/oX0fTbAVLlvU80qMz81jG7eeySiADut+IukPw8ByRl6b2zpBhKDFLeY1PQrJ41BDGxVNRKwMCuts6GGs9ijTVU8id3sCOfqa8qSmq4YsMCLmpxrwisw7kEu1tRTtBoa6Q20IwtC/igxq4kXnGPLN2fwaqnEyPXDluYwH9pqKOIsiUAZmAeIn0YzeW/P2Otz+4t3NaCPBS52+L+EfQT5pL2wmdDV9tF1EAAFgCn9IC92sRrB4zTELc+Z5siD2TFavLPDNjtEhhOfSlsKJpzs8fs49ecsRkVbNqTA4uU/f/JngpvKQyZ5Ct8RATsudocGTc/3Hv0Lzatu/XkhoeuvA02s21oowHXYnlxJcXS5goTKbpq3xAHyANr79chomkL8YQQ6hdaE955+lMcSLi0sQbiHUYrdP3QXYrln3w9cTmgkVqNAopWIRUyM4IgLxkW+lgx9vASOvBAjsqA/7vL5bqLoqLLOPTDDahv8/wDriMZ61cO5p9fBVn0EM0xF8F3Z0Sx4MkO5XKFkU4MoyrW1Nwl1paUDMvuuwKGSGkR8vLhgr4XVbMQxaXZ3CyOCImEHipyhvxVq4grEpAsp5NPDV80at2osnJqwUucuA28g715A2tvBvRkj6QdEn7K2El4OWUMw+F2sB82PYspzmZaepfDWj0Td721od2XccBLvVO5HLQ7+8Veu8m9YZQr9kilkmQYekE/cnvYNwHYFqXn3ojCIOGXJQphAwEIXs21Da9P/ecIOzUrykM8elKJXwQk4GuWx6Y66iUqBRU7LHoVUsKP0+mE23e7lJLKS11tlmZHxn9JjDBZLbqR08DRXVBxvJxNqg5/Gn6Ip9DkW+h6pajsgzjFY7obhkS58EuNKyEo/ELJYK0nK2fU71OPhESBGfPQtsIGwUfaBhrX6uS49JQMpt/MUVc8fKPTW06ThpoHlLSKhgshx5xVB1zFupznBcJs3TXBF+eK9WPK9eEpmk1Ac8S8husyctZWzKlCXMuLBGvk7we3zIIX9yiKEBkbb/EMqnl8fMMtXjjVEoMFdJRkLO0F4F75Sp6elLGq3HD/U1TF0gABqhXjsFHDHEA3sagkxvA/stijqGuRKoSImwbbQnJQ==,iv:12jhIp7FXTaUYGwh9JtO4EEnz7ps0D2wQgVnXWeeWzY=,tag:IeGpZIvOlVtXf7rp8e612A==,type:str] +ddclient: ENC[AES256_GCM,data:5TD+zbq8gbfpg0zL+Q/rZAM6/UWpdoQnWGUzxffEHNY=,iv:yOYlurCmeFpck81MT3tYmcVwSLH4Q+h8KvWAR56NGGU=,tag:XUxGcSOnn4xWHfpmj9FfDA==,type:str] +filebot-license: ENC[AES256_GCM,data:3Z01llfp3EovHTcOeALZvgoF9Sg9+ZTuSxeb+U5D06+uwl9QCM0Gl9FJ6iwt9gWJTkMS19FMHmG6smpZKVb11GZUFT3D8yTavu9AqRumZYBW6tPR8Q/WHGRSP1kUD0BLL3M3qBlbipqg7XSW4qElGKmyPCW/eswEXnhuIhcBf1wJ9q36WqQuxtOzRLhGi3S8ZaMdfQ8EdGTsePRuYA8qAinuO9G+yejQfzhrHZ5fZhcbTPWlKMzQt+q2m03N0A7Yf6DMuWujmdXbMX7FgRVMvaiz7cCgsKVQQOzRwEVbnivA+3b/BGTY98YJZs2ULKH9gMtnjqt9Pxc4iQVnJ5lUdnBXrsYcU2JVeKhMD3/h9Ds7P5P/Xzv63dvFAdQfJtMLeSvFr2+zbLL3n/1yeamtEZq/9vXs6Sj1Gerrfv/3y0oJbxo7mdlMEZ5hdkFz9m8LZ+b+G4StcWOR8I3fxKoSzXOM2SfmFQ2qeJaIaO8NfhZ6bwfsTZtevZksAeF/MY8hAAUJc4FARV7y0n6X3p5PC/iok1TrtIXOlgzMP8UVZCytDOUztqvpguag4/QpvkAZ0aOQ8ohXxAdzF2jW513beWjN1DGCUDsIn3angS3C80ybp8CsG4NNZBFsW6wL2XcmX6nHaXA9YTRLg3neIXFNcHSnRKHGZGdGIKpg5zeHZJeoN89T4YokUxSw8709F+Tzm5zowNAvnw/a3tQHCpLzy2EoS1MYeFnl5ReuRlitYjTwvZY/Zl9gMI5IGNlLGaSbW6G3r3Vkjtz0XlX/NcD6yk6usM2w5HRUaAaM4uUWvIADTcWG+IVVFgXVVRpdl8eC/4jWf85/naQEHNPch5PmRHMWO8br7iamZzkqODL/iz6UQzEUROydcCvj2KaCKrg=,iv:n/o313QaIZjmp0RJvGw/x24AGh+ZaLcMnyrMdFaugJg=,tag:flPEv7y9UEObPPSkYSwARw==,type:str] +forgejo-mailer-password: ENC[AES256_GCM,data:BK1hLTsz1GtOEHWnXeM8WhFtnUUm5PLFYNlEwTHQ2FjWNU+e244eFWj3P0xUkbXPF5poVUiMOD74LXVLbmlEQm8s,iv:VVXV7awaChr4UUKNwVMrK4MYA2NPcg7PsOEIYu33EQg=,tag:eTcguiaujYGoFf2Mim/TOg==,type:str] +gitea-mailer-password: ENC[AES256_GCM,data:jEj/pbIwJbgjlAJT/C27ZxRopzE7btaBeFV5Nnqzgwqyf/EZO1k257D263jUZX2NWmuB/jMAY8IYc8bO1BJtYiyB,iv:gPGILhy4FFDfqeq762GgHKBoBdCFnZqcLRFtxPIafAU=,tag:gzgDv5WcXGCJWlnqOpkhzA==,type:str] +gitea-runner: ENC[AES256_GCM,data:skZDOjcPFNEEYWf8IEK1goF0r7Ei9K7A9f+qdbqnv/zi/6pF7Ol2wEe6knmcbMUG7NPGg5LETqsP2/ifi0Q7TZO3aFq/cIY4hC2FEhN6mgEd2oWj8H9BT5Fop4IwCQE1a2pF36njmooEs7q83ccnQTmo7K+k2a9jrS5aEVN5fw2H75cppjoc5JSur4Z9oET/BJpeM7KhXBUui3Ebb0fD38WJItWOEXNGhyFZqtsyPFRcgJpUYejBnXo5Y08jCBMNwN1lQwl+1y+FpzJFwXGrfdQ=,iv:ossCQKu2Mg52k5UN8wHDJdC4A9+74X02LeblgINf4qw=,tag:eNekPZUC56Lf4BTax3lhgg==,type:str] +gitea-runner-token: ENC[AES256_GCM,data:6+0h+au4hg0s7XCWsHxlPls/oJUJadph0yG7BVgt15p9UFQhvyEUxIv9vqc265M=,iv:evHWbZz5/voZqKudTS1D+t/n9cSUTaYbv0JCoOUQuiE=,tag:4XMMBuIUPpvxq7iYgDnEyA==,type:str] +home-assistant-ldap: ENC[AES256_GCM,data:imgkUpeBrOG19uKCrb7f3hya3HKqVFiGKXodnb7iMom3bWWtqEQDusJtUssQxPZDvpCszejRfG/j7UZ6iob6KA==,iv:reORLwrkQe0e4c01v4//g/xBU38hXZuv7F2L+TGALVE=,tag:U9KDtcraJsWXSmVuK6xxEA==,type:str] +home-assistant-secrets.yaml: ENC[AES256_GCM,data:xR+HJgS7maPQS3/9WO+z7IKJ1aJG44MhQLBZvciyCgNpyxp17YbKaTnrt19URIWFtbgWqacDgn16GB6vZfBTsf6f3NdPsLVAV21sHr2jAXogfiZds1Db2TsBrfTpUn9ygycQaJwU0D/nkzJxxDJfegvzTYZeiTsn7Gjq2I70+2rOVjpNwXfWQbxNvxB2ywoo1Dg52Bu0wXauprZYGYt84bGg9ZFXCsLFCE4p9fNWRiZKaH7E/ugGxyF07QdfEWGS6gfE6c+/EsHM8w==,iv:wpmbJTweNQfm7fuBM3eyA6CnNL7+o/J/4bEGl6my5GY=,tag:i+VJs/LLVCx+NNEUBOmZHg==,type:str] +piped-db-password: ENC[AES256_GCM,data:6kzLGlwXvr5TZUwKZ7v+ypB+VLDshQv/vKpt/uE1E31HMrK57PcS+pHrK/U=,iv:EWSfx3PBTg3JHGWt31dPi620WZRt/HqYI1KijY7/w24=,tag:xBV6u3NByVaq4tnflmb+mg==,type:str] +pushover-api-token: ENC[AES256_GCM,data:CgqZHBAFOrzTmdwmWTYDJQ7ri2Z7PRzeMzcfD0Hc,iv:5xkiTei/6sr978E2QwQVmLswJEmSPWmfs/RSyB+D2Rc=,tag:vy5GRtAyQA7mLyePau84cw==,type:str] +pushover-user-key: ENC[AES256_GCM,data:L9E5vCh7lAWG+WMoJSV6ralPzl5yeBDSk1kvYmlq,iv:gOetcV9E0uTzeEUoDbswKo9zXvAk9GpoFg/A+TeGY60=,tag:q82CO6mfS+n9q8TfuvXX5Q==,type:str] +wrwks_vpn_key: ENC[AES256_GCM,data:o0v0AZYBaClYC1w5rNIjrnkORILZ2o/+Z5nQ3MTJgHPvvnZJ5AIORuQ4QDUmpAA8VhMivn5F3EKiZ00nBDW/Nw==,iv:XhvTRwDSfseRaUgJ8lbcL/QnaA/eBEvTByLoJh2PeXw=,tag:GLS4eGETG9Q2W6tuW9EXZA==,type:str] +wg_cloonar_key: ENC[AES256_GCM,data:iAyabwyNKEy1VrsXgAPMljxXYg6CQv/n6DzJrjLtAPDO4VbFRLSj82ln7V0=,iv:8ng5RD/hfKVeOx5aGDwilkKJQ60qJbLtgWXBiE3dqb0=,tag:zmE3BO5490U7UdawQ6i/5w==,type:str] +wg_epicenter_works_key: ENC[AES256_GCM,data:JehIfUz4Bi9mNf7nZZufcVf8FxH8MLNFKSJJ+E0/I7rbh4thzUbIjYeLmaI=,iv:KyBToeAMX1jwehlmCi9zi40+RS18RAYExpAlGL4lf/0=,tag:K/o47pmCsqjoGWmGeF+DVQ==,type:str] +wg_epicenter_works_psk: ENC[AES256_GCM,data:kq4LLsNBP6fm7lhU2OS+kUZy4xRjq4hBpT8Lgo/dFpWb/FPL/qWobVG3nDs=,iv:Qm41W1zbSnml8l0yu8yjpE/OOHttNan29gngft2v0P0=,tag:t2qjuZnarRK+9BlmAjXclg==,type:str] +wg_ghetto_at_key: ENC[AES256_GCM,data:FaI5/1P7pXUEA2/5kLiGheK7f99/ntCUNdC3W3a23M1uhNYVGA0AXA+OIXk=,iv:V7KHwsIMewJylTPOXOnSQMkI06w6U1vXecBx/NUcyg4=,tag:gsr4vkqOlN5pexhyycWquQ==,type:str] +matrix-shared-secret: ENC[AES256_GCM,data:qfXA1eFLyFM4hIk5IwXc1zfWVmwvTgUNcSJDYGar0L9b+cHD8kM0qEr2DsPkDcy+7DJNldK+tcdgkCV8GA==,iv:XqwxLRs3ADyjmmKVKMMsANGhGzTg7PXQNiYnrp+WYFo=,tag:duSgoaxqm3z71jGfP9lCoA==,type:str] +phpldapadmin: ENC[AES256_GCM,data:oDgmCm38ZEhcpOvyY49jv+7FmikzrN2WCxJ9i5wvOTvUFblz1pVSe3/qm0VZ/IqdbudTpoOHIc97znAE129fPPNGbd3prY3v+dXn5JpUhcSuBT4QOf3aXVUlPzUVgTXt9E/Y/ASX39dPXGWEDt/XelXHVkgQAHwAt4XFSx20Ph2b1x1s1Gs/WETZe1Dyl8y4TyMRn4TuGYvm1l8iob8RLGazCk5XOGL+0AyLe/0H1vTKZN9lu7S/VH6612tDQxVJf2grzmZu1t8P9QBVgFxpmqdGsudMMeGoO8ajOWkgu2DUziZc0ul+PNdDdPThpetV6jjcZ8qJ9bZsbbDadZC8WWmKt+P+WPfE,iv:IUhwcZez5ROJuiKynSmfvI7j5iLF4arJokt6Gs10Xhs=,tag:MnVgO7JyOetB1j2ZZtxLLw==,type:str] +palworld: ENC[AES256_GCM,data:ZEf4Qw6FiHQwgWJAvX/oy90rJWffjwqqu9aqhvtzY8BmffhGDDPc653GEwxBEMRdBBVot+puxYkHA/WvQgPb1FaU+qXmAkclw9ayNcxqm7Ra74thV9JAseNH6xuDycWD0mNNEF6IRjsiB86JpeOivjrZeZy5zHSieMx01u235szmR+j/qX+QOo+E5NyVNPyIIT1LiJ3MpNPLltzNfiAfuDMbT+2VHC3EzU5BxxrXJ6iY9nRvDLoLOznfGG63eNxq4xRH4BL7kp0Qv4a8JlQlV9rfGyKqcwWH4FrRVNP/1xdT2Q+9qBHlnSafY2sj0UXI2FGvbwhuHxFZ/OSVwohe5ag/xtCVDgFE8bKaKPyXl+qgR9gNvwyAYRoOv1WDQxc4MkzJIBchPGLA2L5RFGZddByOUAR4LsyqvC6n8jjU19dSFaEGWSJDF068Szq2/dWdAl19Edw/nTvfRqVnJSM2m2tf5F1kBBM/yrtJrzDzmTd/wDwLEfhbO0PyktWjltjrrEzqxlaLeIYDKwx3+vlDLn+7rxaHZAHiwshGGYgW9Yxf0Epb2+o0dNgJ6X1+v+vbeWfgyobLklA7qKvodoEvAHLGsW9YicURNNjy/ERwA8ojSezfEZ6+pRhrk5s5HUDtq4b5tbD1FocPYXZyhSlIIqc02FGWJnQQamooa1hTnABYRDz0DtFudLHvRDFnUei4v827nr97y9e91GC21Q==,iv:DtA27Ksq1pGMxlq3UJ4HxYiJC4dTjBJD/aRbDIijyNE=,tag:J0kvm+khW63qfmHZwXzyRg==,type:str] +ark: ENC[AES256_GCM,data:mwIyAXNT6rAEoxyh+kbTnTlZMgbYlRUzAKHhbI8CG7AdG5l1gNhnnAfcIPWjx2Y+VAwL6XIRJL18FCxCB52UHMDqLpkdn4/pf4gaJ6zLzLuHBNPGDtLB21+frderjuVbOMxwV6Dx946clgIHFA/FY9ooKOknS5K4mNQm7wyrTUJQ38shyRMwbbpPA9sQOK41XMkaU0Axdpie1adZiN+Vq9ikwf4H1TglymPeXvIypEwWN0iJXaHwr7CKGDyWixYAjUz4VwfkeNVfyR1u,iv:3pHjP5CZLM5xULs5oSk6BlCEHccqdrrVGLZctYSb9eA=,tag:wLMORvSvdcb/If86vZsXXg==,type:str] +firefox-sync: ENC[AES256_GCM,data:osI5nogy+LQQ7KAECZlJ2cO2eZ5lz40yON6kgW9ROmicpuukr7+9R7jURYNZg2ETNMrZpK0bSK6zWoe9hlcwtTwVz815ocLU+o4rdUFpUjE36a0+toT9AWhwF0K9RVwITK6A5nIW8TADH3RaGZI6PGQzrjn9F1nMruo3gn0h1Gv3R4mT1ySpZxc4CV9zyKE=,iv:ou78yVK/d9X4sKSmSp2s/WhRp1TCe+adbK52He5qVE8=,tag:FJgLYpS3dtwku4Vs/SvXUw==,type:str] +knot-tsig-key: ENC[AES256_GCM,data:Mj201Ikwl6VuU8cBmwRTJbApOfCwIYt/g0dZL8kYDBoLuUNkkRygO7HB+vQ=,iv:vDjQ2Of8/u4gJHZD+brUeGcjWSv3psAYTUp8FXGVDaw=,tag:7IBISNf7RnV99zYAKAyTpQ==,type:str] +mopidy-spotify: ENC[AES256_GCM,data:oZag4Uyhk7Lkd2awfInu0bABKB2aB9ZxgQ/oOqJ5QJ/HEQO6ysWVBodu2MF2PPBe13Y6zv3HAnz4DEi1rDNBRwxRloyAwSAnB8R1uTuIh0fnJ2lr64RuT2+EermmhVz/HoypCnKTlFad39d16cRCEIy3n7cYnbG3,iv:xZAroRKaKn0xuMieUWcs4KdtRyVbuxm2HaWLV5zMr/8=,tag:i0kiytOZhVXKmSvF41T/Og==,type:str] +lms-spotify: ENC[AES256_GCM,data:1GPYCleCAkqkctywo6QTTLCBv4nq1I+jGXreYXfYZX3X9qdDjBlGuQyIIzD/krspUg5iYm0m1z6CEkKZQOeCs6IUv7Da+iMV1Kte3/nosWpEqYtYeC0kIw3wV9RtAIsMCFADj9W/w97NTMjebg4CZdmqVjI8coFDEN9dKqfMWT5amsC+emH2oO4k67vA7lgBBhL69Wgi7YAC2lSL1EVvcestWSzVcIHWucH8VI7CIKXJOLNzPD6hsKoQARroo4N3lQZ/dTpd1A==,iv:7Ukq1yPXeoTTmFroXL6sOBG76INPqynKyrbBQIv1Y+A=,tag:KY2rfZrqUhm2xBSsjHRWDQ==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTDFvM2l3Tm5lU0paWXpF - cjVBSFhENW5mNG9DSFM1NXh3UHdaKzlKMGlZCnRmNFBFVWY4N0FqLzF1bUMyUDdL - U091VENiVFhYeEJ5K0xodXlHVkhHKzgKLS0tIGxta3A2TjJiMUtiR2RzcU02Rys5 - U1c0SjRKK2UwbTVIQUMrT1pOOVFmOVkKY3UyGNIPZJLE8GG124y0pLgqGub9SMCq - plK5H+kASOB1X6pK+3PBFuDYT1AbsRxXvWgAEMvVI7eBcxQlSrrB4Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZGZiWHg4OHRENFZUR0N1 + L2UwdTc5RU1RRlZrZitxNG1aeSs3eEJweEVjCnp4NjdnTFlPVGE5Z09uQjJyL1da + MjN1UGdwdDM4ODNhdVVtMmhlTDNuNEUKLS0tIHhhTUpjbkVDSEU4d1plM0dCSy9J + OFU0TU5hZW1sdzdudmRkRzRKOVZrb3cKa27jKzE608GlCCT0RW9caAaV9TN5kes6 + xqcj6s2CPa6LeMC0yMfeN2bYDPGXtEGUStzG0hXwg4pvQliBMtht5Q== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaXBqMGl1UytNL3BkZEhQ - S3RFL3lZRVZKTGVRTGFMNlFlWFRCNDNvRTM4CnpWZWovSDZaclQvN2Vwa0dWZGgz - Q1ZLM0sveXBxOVpvNHkycWJWWXdmVE0KLS0tIHl2bFk3RE03N01IdDJPWk5HT1Np - Qm82Sit3Q0haaDdnbzFjendMUm04Wk0KYp09dxXjzvC4IlH6Ilip8YjTz0mFeu/0 - 5IDMYjT1BuW5YiKgIJVd+UgOd6ysZLFFwk+Us2AcV7z110xk/askqQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cUdxb0kvNkdDeWVMYmVJ + L2xlY29QaTd6ZFY4dCtsejhHN2s2anMya3d3CjdDN3FqajlzS3llWGhVK1A3eVdE + RjFuZmVBdFROTXhzZWduK0RVRWQyT1kKLS0tIGpzekV1OEJ3cW5Md1BhMitncnBs + OWUzY1p1dndFWjBTdXNOSEZyUjhMNzgKzewnYGETh0NSUad3p9s49JQyt0JHV58Y + eni6QDJ/ruQao2d2xBhwb4koGbzSUPQ2ie0syoOfMrxXYmu76bCb7Q== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Wkd0YnBQRnExeVdUTGFu - N3o3MnF2aTY2NlBmdDJYT01zRytWZ2w1dFg0ClAzcnJ0NFYrVWlBM2JQU1B0SEJi - MGE5aVh6KzNmaEoxaHFOTW90K0VmMGsKLS0tIDNkOGZyVmMzME80TlBWMzI5UVR2 - djB3Y2FIRDFKWlEwTnRBUnRIT3M2OXcK+SIt/7DRdQi6H1AZooJN2Pt2g1EwVTZe - Q14cEt0sLyVYzLJugfz2JWRHDZX6wPueYcTSEs7w3wAPVwvJWju8bg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKNVVrZzV5dDlWeFJINkVj + KzFDUUl6OGRCN1o3eEhGdGdjTHdGVWZld0hJCjI4dWtNZUltb0RqTGxoT3JONC95 + YXgraDJWcklyYUluTWZlU2pSY3NGTUkKLS0tIHFMYUJKN3h0Mm4rU1J2MmRCdjky + Vi93N3JHdi82WDRZRXUwbFQzRlJmUk0Kha2OzeHtJo5sIVqR5S0Wcpkp/nmo0s9k + WNXEtj8qPvtR4Ji/V7P6BdwGmtn+Yr4zbN+CamHkOjR3C62EQbXZSw== -----END AGE ENCRYPTED FILE----- - recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQXhNSFBnNUtMdkpwR0th - M1NmOVorcUdlZTFDM3dVRHZlYWpJcDZiakVnCit6eTFOeW92SzhPYzJxR0VTem9r - MSs4cWxRbzVBQmlWaHIwMjB5RUlJMXcKLS0tIHNSVTloOEVVVndDWkVrWmQrYXlD - NTd1WGFJWHVLTnFNT3hYbDdtSnMzTTAKBmJOayZLbjmBejwVzVtUSYPki+qPkYwG - xdO3L7n0Z8Cv/kVYZpkuG5GqOUL+nCJuYDjF0g4PaLb6WWd0W8ZGFA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEODNlS3EwcmxFN3hvTkVv + UTU4OFVIZENTbFc4dmlkSk5Gdk1qK1FySTJnCjJWR2FTYjZ1dDA3QzMyQyt6RW1C + UFlQZkFrS0QzSldvQjdRbkdLRDJNa3cKLS0tIDZTa3NXUks0M0FOdm0xSHBuSzVp + dVdIdXVDMkEvTktYWFFDak5WSzFSWlUKJ3y82O8e/z0Yag8vP6z/SSjExcVQTyvU + OPLHYcg5sByQ75AT5GBA4ZMF7M8EH1cP2QL7X8u4SeHDrVbMTx7d2w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-01T11:01:54Z" - mac: ENC[AES256_GCM,data:taGX5HHZCL7Zo4taS2Jz/5WxhvpBNNKZ13ZCtS3x/P17tC1Nrk2UDcxbOZ1pPVbVvvaAHJtDb3owFvBOM4nr2Eve0M9zT4HbXh3hke7AviQ6U7CT1ru6LjY7W8lBjbQ6uCt+Ldxd1PRPPGiyKdK5GAUPKg6avFjpJbhEikh8Gww=,iv:NNs5usVJ5izYvHKnNm1IgjSt4dg0QFQ7cClJ6zh+3wM=,tag:sYYbEWIUgOWthEItdy5PFg==,type:str] + lastmodified: "2026-01-26T22:13:01Z" + mac: ENC[AES256_GCM,data:FuOSimEEfiyjY0oBzkaDcEwYhQZCyNiQYXPJxKFmybZ2eH+BKRoydtgMpCnOumCHHOH8W1N5HO7Ls7JSieAcx1MrFPXTkIaseUB+mQh69k42yi9FJ3rus2u1uT5KOLCDantE7HhlBCuEOSE9qoCxeda8Zx9210gXPt7QfgzkXds=,iv:39xgMDM0Y7nNF1tDN7N4zwdu0dvfL3Ss6yH5KS+Udk0=,tag:0u8crcNalWIyBc0WKxXzkQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From eba36f9d56a82dfe7961870310fe1dec7506ed2d Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Tue, 27 Jan 2026 00:52:16 +0100 Subject: [PATCH 28/44] fix: forgejo ip --- hosts/fw/modules/dnsmasq.nix | 1 + hosts/fw/modules/forgejo.nix | 8 +- hosts/fw/modules/web/proxies.nix | 9 + scripts/migrate-gitea-to-forgejo.env.example | 19 + scripts/migrate-gitea-to-forgejo.sh | 497 +++++++++++++++++++ 5 files changed, 532 insertions(+), 2 deletions(-) create mode 100644 scripts/migrate-gitea-to-forgejo.env.example create mode 100755 scripts/migrate-gitea-to-forgejo.sh diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index 12ce8e1..7461ae6 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -102,6 +102,7 @@ "/snapcast.cloonar.com/${config.networkPrefix}.97.21" "/lms.cloonar.com/${config.networkPrefix}.97.21" "/git.cloonar.com/${config.networkPrefix}.97.50" + "/forgejo.cloonar.com/${config.networkPrefix}.97.55" "/feeds.cloonar.com/188.34.191.144" "/nukibridge1a753f72.cloonar.smart/${config.networkPrefix}.100.112" "/allywatch.cloonar.com/${config.networkPrefix}.97.5" diff --git a/hosts/fw/modules/forgejo.nix b/hosts/fw/modules/forgejo.nix index ec6a237..c6fead7 100644 --- a/hosts/fw/modules/forgejo.nix +++ b/hosts/fw/modules/forgejo.nix @@ -20,6 +20,9 @@ in users.groups.forgejo = group; # Reuse the existing git.cloonar.com ACME cert from gitea.nix + security.acme.certs."forgejo.cloonar.com" = { + group = "nginx"; + }; containers.forgejo = { autoStart = false; # Don't start until migration is complete @@ -27,14 +30,15 @@ in privateNetwork = true; hostBridge = "server"; hostAddress = "${networkPrefix}.97.1"; - localAddress = "${networkPrefix}.97.51/24"; # Different from gitea's .50 + localAddress = "${networkPrefix}.97.55/24"; # Different from gitea's .50 bindMounts = { "/var/lib/forgejo" = { hostPath = "/var/lib/forgejo/"; isReadOnly = false; }; "/var/lib/acme/forgejo/" = { - hostPath = config.security.acme.certs.${domain}.directory; + # hostPath = config.security.acme.certs.${domain}.directory; + hostPath = config.security.acme.certs."forgejo.cloonar.com".directory; isReadOnly = true; }; "/run/secrets/forgejo-mailer-password" = { diff --git a/hosts/fw/modules/web/proxies.nix b/hosts/fw/modules/web/proxies.nix index 5b33e43..5cc42d5 100644 --- a/hosts/fw/modules/web/proxies.nix +++ b/hosts/fw/modules/web/proxies.nix @@ -7,6 +7,15 @@ proxyPass = "https://git.cloonar.com/"; }; }; + services.nginx.virtualHosts."forgejo.cloonar.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/" = { + proxyPass = "http://${config.networkPrefix}.97.55:3001/"; + proxyWebsockets = true; + }; + }; services.nginx.virtualHosts."foundry-vtt.cloonar.com" = { forceSSL = true; enableACME = true; diff --git a/scripts/migrate-gitea-to-forgejo.env.example b/scripts/migrate-gitea-to-forgejo.env.example new file mode 100644 index 0000000..7695ad0 --- /dev/null +++ b/scripts/migrate-gitea-to-forgejo.env.example @@ -0,0 +1,19 @@ +# Gitea to Forgejo Migration - Environment Configuration +# +# Copy this file to migrate-gitea-to-forgejo.env and adjust values. +# Then run: ./scripts/migrate-gitea-to-forgejo.sh +# +# IMPORTANT: Ensure Gitea is stopped before running migration. + +# Source (Gitea) - READ ONLY, never modified +# This is the original Gitea data directory +SOURCE_DATA=/var/lib/gitea + +# Target (Forgejo) - where data will be copied +# Must be on a filesystem with enough space (1.2x source size) +TARGET_DATA=/var/lib/forgejo + +# User/group for target files +# These should match your Forgejo service user +TARGET_USER=forgejo +TARGET_GROUP=forgejo diff --git a/scripts/migrate-gitea-to-forgejo.sh b/scripts/migrate-gitea-to-forgejo.sh new file mode 100755 index 0000000..aef9354 --- /dev/null +++ b/scripts/migrate-gitea-to-forgejo.sh @@ -0,0 +1,497 @@ +#!/usr/bin/env bash +# +# Gitea 1.25.4 to Forgejo Migration Script +# +# This script copies data from Gitea to Forgejo and rolls back the database +# schema from version 322/323 to 304, allowing Forgejo to run its own migrations. +# +# IMPORTANT: This script NEVER modifies source data. All operations work on copies, +# so the original Gitea instance can be restarted as a rollback. +# +# Usage: +# 1. Copy migrate-gitea-to-forgejo.env.example to migrate-gitea-to-forgejo.env +# 2. Edit the .env file with your paths +# 3. Stop Gitea +# 4. Run: ./scripts/migrate-gitea-to-forgejo.sh +# 5. Update NixOS config and deploy +# +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +ENV_FILE="${SCRIPT_DIR}/migrate-gitea-to-forgejo.env" + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +log_info() { echo -e "${BLUE}[INFO]${NC} $*"; } +log_success() { echo -e "${GREEN}[OK]${NC} $*"; } +log_warn() { echo -e "${YELLOW}[WARN]${NC} $*"; } +log_error() { echo -e "${RED}[ERROR]${NC} $*" >&2; } + +# Load environment file +if [[ ! -f "$ENV_FILE" ]]; then + log_error "Environment file not found: $ENV_FILE" + log_info "Copy migrate-gitea-to-forgejo.env.example to migrate-gitea-to-forgejo.env and configure it." + exit 1 +fi + +# shellcheck source=/dev/null +source "$ENV_FILE" + +# Verify required variables +: "${SOURCE_DATA:?SOURCE_DATA must be set in $ENV_FILE}" +: "${TARGET_DATA:?TARGET_DATA must be set in $ENV_FILE}" +: "${TARGET_USER:?TARGET_USER must be set in $ENV_FILE}" +: "${TARGET_GROUP:?TARGET_GROUP must be set in $ENV_FILE}" + +echo "========================================" +echo "Gitea to Forgejo Migration Script" +echo "========================================" +echo "" +echo "Source: $SOURCE_DATA (read-only)" +echo "Target: $TARGET_DATA" +echo "User: $TARGET_USER:$TARGET_GROUP" +echo "" + +# ============================================ +# PHASE 1: Pre-flight Checks +# ============================================ +log_info "Phase 1: Pre-flight checks..." + +# Check if running as root (needed for chown) +if [[ $EUID -ne 0 ]]; then + log_error "This script must be run as root (for chown operations)" + exit 1 +fi + +# Verify SQLite version >= 3.35 (required for DROP COLUMN) +if ! command -v sqlite3 &> /dev/null; then + log_error "sqlite3 command not found. Please install SQLite." + exit 1 +fi + +sqlite_version=$(sqlite3 --version | cut -d' ' -f1) +sqlite_major=$(echo "$sqlite_version" | cut -d'.' -f1) +sqlite_minor=$(echo "$sqlite_version" | cut -d'.' -f2) +if [[ "$sqlite_major" -lt 3 ]] || { [[ "$sqlite_major" -eq 3 ]] && [[ "$sqlite_minor" -lt 35 ]]; }; then + log_error "SQLite $sqlite_version is too old. Need 3.35+ for DROP COLUMN support." + exit 1 +fi +log_success "SQLite version: $sqlite_version" + +# Verify rsync is available (needed for incremental copying) +if ! command -v rsync &> /dev/null; then + log_error "rsync command not found. Please install rsync." + exit 1 +fi +log_success "rsync available" + +# Verify source exists +if [[ ! -d "$SOURCE_DATA" ]]; then + log_error "Source directory not found: $SOURCE_DATA" + exit 1 +fi +log_success "Source directory exists" + +# Find source database (could be gitea.db or forgejo.db depending on setup) +SOURCE_DB="" +if [[ -f "$SOURCE_DATA/data/gitea.db" ]]; then + SOURCE_DB="$SOURCE_DATA/data/gitea.db" +elif [[ -f "$SOURCE_DATA/gitea.db" ]]; then + SOURCE_DB="$SOURCE_DATA/gitea.db" +else + log_error "Source database not found in $SOURCE_DATA/data/ or $SOURCE_DATA/" + exit 1 +fi +log_success "Source database found: $SOURCE_DB" + +# Verify source app.ini exists +SOURCE_INI="" +if [[ -f "$SOURCE_DATA/custom/conf/app.ini" ]]; then + SOURCE_INI="$SOURCE_DATA/custom/conf/app.ini" +elif [[ -f "$SOURCE_DATA/conf/app.ini" ]]; then + SOURCE_INI="$SOURCE_DATA/conf/app.ini" +else + log_error "Source app.ini not found in $SOURCE_DATA/custom/conf/ or $SOURCE_DATA/conf/" + exit 1 +fi +log_success "Source app.ini found: $SOURCE_INI" + +# Check disk space (need 1.2x source size) +source_size=$(du -sb "$SOURCE_DATA" | cut -f1) +required=$((source_size * 12 / 10)) +target_parent=$(dirname "$TARGET_DATA") +mkdir -p "$target_parent" +available=$(df --output=avail -B1 "$target_parent" | tail -1) +if [[ "$available" -lt "$required" ]]; then + log_error "Not enough disk space. Need $(numfmt --to=iec $required), have $(numfmt --to=iec $available)" + exit 1 +fi +log_success "Disk space OK: need $(numfmt --to=iec $required), have $(numfmt --to=iec $available)" + +# Warn if target exists (rsync will sync incrementally) +if [[ -d "$TARGET_DATA" ]]; then + log_warn "Target directory exists: $TARGET_DATA" + log_info "rsync will perform incremental sync (only copying changed files)" + read -p "Continue with incremental sync? (y/N) " -n 1 -r + echo + if [[ ! $REPLY =~ ^[Yy]$ ]]; then + log_error "Aborted by user" + exit 1 + fi +fi + +# ============================================ +# PHASE 2: Copy All Data +# ============================================ +log_info "Phase 2: Copying data..." + +mkdir -p "$TARGET_DATA/data" +mkdir -p "$TARGET_DATA/custom/conf" + +# Copy database +log_info "Copying database..." +rsync -a --info=progress2 "$SOURCE_DB" "$TARGET_DATA/data/forgejo.db" +log_success "Database copied" + +# Copy all data directories (preserve attributes, sync incrementally) +for dir in repositories avatars attachments packages lfs custom queues indexers; do + if [[ -d "$SOURCE_DATA/$dir" ]]; then + log_info "Syncing $dir..." + mkdir -p "$TARGET_DATA/$dir" + rsync -a --delete --info=progress2 "$SOURCE_DATA/$dir/" "$TARGET_DATA/$dir/" + log_success "Synced $dir" + fi +done + +# Also check data/ subdirectory structure +for dir in repositories avatars attachments packages lfs; do + if [[ -d "$SOURCE_DATA/data/$dir" ]]; then + log_info "Syncing data/$dir..." + mkdir -p "$TARGET_DATA/data/$dir" + rsync -a --delete --info=progress2 "$SOURCE_DATA/data/$dir/" "$TARGET_DATA/data/$dir/" + log_success "Synced data/$dir" + fi +done + +# ============================================ +# PHASE 3: Database Schema Rollback +# ============================================ +log_info "Phase 3: Rolling back database schema..." + +TARGET_DB="$TARGET_DATA/data/forgejo.db" + +# Show current schema version +current_version=$(sqlite3 "$TARGET_DB" "SELECT version FROM version WHERE id=1;") +log_info "Current Gitea schema version: $current_version" +log_info "Target version: 304" + +# Create rollback SQL script +ROLLBACK_SQL=$(mktemp) +cat > "$ROLLBACK_SQL" << 'ROLLBACK_EOF' +-- ================================================================ +-- Gitea 1.25.4 to Forgejo Rollback Script +-- Rolls back migrations 305-322 to allow Forgejo to migrate cleanly +-- ================================================================ + +-- Enable foreign keys check after we're done +PRAGMA foreign_keys = OFF; + +-- ============================================ +-- MIGRATION 305: Drop repo_license table +-- ============================================ +DROP TABLE IF EXISTS repo_license; + +-- ============================================ +-- MIGRATION 308 & 317: Drop action table indices +-- (These are the main conflict source) +-- ============================================ +DROP INDEX IF EXISTS IDX_action_r_u_d; +DROP INDEX IF EXISTS IDX_action_au_r_c_u_d; +DROP INDEX IF EXISTS IDX_action_c_u_d; +DROP INDEX IF EXISTS IDX_action_c_u; +DROP INDEX IF EXISTS IDX_action_au_c_u; +-- Alternative naming conventions +DROP INDEX IF EXISTS UQE_action_r_u_d; +DROP INDEX IF EXISTS UQE_action_au_r_c_u_d; +DROP INDEX IF EXISTS UQE_action_c_u_d; +DROP INDEX IF EXISTS UQE_action_c_u; +DROP INDEX IF EXISTS UQE_action_au_c_u; + +-- ============================================ +-- MIGRATION 309: Drop notification table indices +-- ============================================ +DROP INDEX IF EXISTS IDX_notification_u_s_uu; +DROP INDEX IF EXISTS IDX_notification_user_id; +DROP INDEX IF EXISTS IDX_notification_repo_id; +DROP INDEX IF EXISTS IDX_notification_status; +DROP INDEX IF EXISTS IDX_notification_source; +DROP INDEX IF EXISTS IDX_notification_issue_id; +DROP INDEX IF EXISTS IDX_notification_commit_id; +DROP INDEX IF EXISTS IDX_notification_updated_by; +DROP INDEX IF EXISTS UQE_notification_u_s_uu; + +-- ============================================ +-- MIGRATION 313: Drop issue_pin table +-- (pin_order restoration handled separately) +-- ============================================ +DROP TABLE IF EXISTS issue_pin; + +-- ============================================ +-- MIGRATION 306: Drop protected_branch column +-- ============================================ +ALTER TABLE protected_branch DROP COLUMN IF EXISTS block_admin_merge_override; + +-- ============================================ +-- MIGRATION 310: Drop protected_branch column +-- ============================================ +ALTER TABLE protected_branch DROP COLUMN IF EXISTS priority; + +-- ============================================ +-- MIGRATION 311: Drop issue column +-- ============================================ +ALTER TABLE issue DROP COLUMN IF EXISTS time_estimate; + +-- ============================================ +-- MIGRATION 312: Drop pull_auto_merge column +-- ============================================ +ALTER TABLE pull_auto_merge DROP COLUMN IF EXISTS delete_branch_after_merge; + +-- ============================================ +-- MIGRATION 315: Drop action_runner column +-- ============================================ +ALTER TABLE action_runner DROP COLUMN IF EXISTS ephemeral; + +-- ============================================ +-- MIGRATION 316: Drop description columns +-- ============================================ +ALTER TABLE secret DROP COLUMN IF EXISTS description; +ALTER TABLE action_variable DROP COLUMN IF EXISTS description; + +-- ============================================ +-- MIGRATION 318: Drop repo_unit column +-- ============================================ +ALTER TABLE repo_unit DROP COLUMN IF EXISTS anonymous_access_mode; + +-- ============================================ +-- MIGRATION 319: Drop label column +-- ============================================ +ALTER TABLE label DROP COLUMN IF EXISTS exclusive_order; + +-- ============================================ +-- MIGRATION 320: Drop login_source column +-- ============================================ +ALTER TABLE login_source DROP COLUMN IF EXISTS two_factor_policy; + +-- ============================================ +-- SET VERSION TO 304 +-- ============================================ +UPDATE version SET version = 304 WHERE id = 1; + +PRAGMA foreign_keys = ON; +ROLLBACK_EOF + +log_info "Executing schema rollback..." + +# SQLite doesn't support DROP COLUMN IF EXISTS, so we need to handle errors gracefully +# Execute each ALTER TABLE separately to handle missing columns +sqlite3 "$TARGET_DB" << 'SQL_PART1' +PRAGMA foreign_keys = OFF; + +-- Drop tables +DROP TABLE IF EXISTS repo_license; +DROP TABLE IF EXISTS issue_pin; + +-- Drop indices (these always work, even if index doesn't exist) +DROP INDEX IF EXISTS IDX_action_r_u_d; +DROP INDEX IF EXISTS IDX_action_au_r_c_u_d; +DROP INDEX IF EXISTS IDX_action_c_u_d; +DROP INDEX IF EXISTS IDX_action_c_u; +DROP INDEX IF EXISTS IDX_action_au_c_u; +DROP INDEX IF EXISTS UQE_action_r_u_d; +DROP INDEX IF EXISTS UQE_action_au_r_c_u_d; +DROP INDEX IF EXISTS UQE_action_c_u_d; +DROP INDEX IF EXISTS UQE_action_c_u; +DROP INDEX IF EXISTS UQE_action_au_c_u; +DROP INDEX IF EXISTS IDX_notification_u_s_uu; +DROP INDEX IF EXISTS IDX_notification_user_id; +DROP INDEX IF EXISTS IDX_notification_repo_id; +DROP INDEX IF EXISTS IDX_notification_status; +DROP INDEX IF EXISTS IDX_notification_source; +DROP INDEX IF EXISTS IDX_notification_issue_id; +DROP INDEX IF EXISTS IDX_notification_commit_id; +DROP INDEX IF EXISTS IDX_notification_updated_by; +DROP INDEX IF EXISTS UQE_notification_u_s_uu; +SQL_PART1 + +# Function to drop column if it exists +drop_column_if_exists() { + local table="$1" + local column="$2" + local exists + exists=$(sqlite3 "$TARGET_DB" "SELECT COUNT(*) FROM pragma_table_info('$table') WHERE name='$column';") + if [[ "$exists" -gt 0 ]]; then + log_info "Dropping column $table.$column..." + sqlite3 "$TARGET_DB" "ALTER TABLE $table DROP COLUMN $column;" + log_success "Dropped $table.$column" + else + log_info "Column $table.$column does not exist, skipping" + fi +} + +# Drop columns added in migrations 306-320 +drop_column_if_exists "protected_branch" "block_admin_merge_override" +drop_column_if_exists "protected_branch" "priority" +drop_column_if_exists "issue" "time_estimate" +drop_column_if_exists "pull_auto_merge" "delete_branch_after_merge" +drop_column_if_exists "action_runner" "ephemeral" +drop_column_if_exists "secret" "description" +drop_column_if_exists "action_variable" "description" +drop_column_if_exists "repo_unit" "anonymous_access_mode" +drop_column_if_exists "label" "exclusive_order" +drop_column_if_exists "login_source" "two_factor_policy" + +# Check if pin_order column needs to be added back to issue table (migration 313 removed it) +log_info "Checking if pin_order column needs to be restored to issue table..." +has_pin_order=$(sqlite3 "$TARGET_DB" "SELECT COUNT(*) FROM pragma_table_info('issue') WHERE name='pin_order';") +if [[ "$has_pin_order" -eq 0 ]]; then + log_info "Adding pin_order column back to issue table..." + sqlite3 "$TARGET_DB" "ALTER TABLE issue ADD COLUMN pin_order INTEGER DEFAULT 0;" + log_success "Added pin_order column to issue table" +else + log_info "pin_order column already exists in issue table" +fi + +# Set version to 304 (allows Forgejo to run migration 305 which converts two_factor.secret from TEXT to BLOB) +sqlite3 "$TARGET_DB" "UPDATE version SET version = 304 WHERE id = 1;" +log_success "Database version set to 304" + +rm -f "$ROLLBACK_SQL" + +# ============================================ +# PHASE 4: Clear Regeneratable Data +# ============================================ +log_info "Phase 4: Clearing regeneratable data..." + +# Remove indexers (will be rebuilt on first start) +if [[ -d "$TARGET_DATA/indexers" ]]; then + rm -rf "$TARGET_DATA/indexers" + log_success "Removed indexers (will be rebuilt)" +fi + +# Remove queues (will be recreated) +if [[ -d "$TARGET_DATA/queues" ]]; then + rm -rf "$TARGET_DATA/queues" + log_success "Removed queues (will be recreated)" +fi + +# ============================================ +# PHASE 5: Update Configuration +# ============================================ +log_info "Phase 5: Updating configuration..." + +# Copy app.ini +rsync -a --info=progress2 "$SOURCE_INI" "$TARGET_DATA/custom/conf/app.ini" +log_success "Copied app.ini" + +# Update paths from gitea to forgejo +sed -i 's|/var/lib/gitea|/var/lib/forgejo|g' "$TARGET_DATA/custom/conf/app.ini" +log_success "Updated paths in app.ini" + +# Check if WAL mode is already configured +if ! grep -q "SQLITE_JOURNAL_MODE" "$TARGET_DATA/custom/conf/app.ini"; then + # Add WAL mode after [database] section + sed -i '/^\[database\]/a SQLITE_JOURNAL_MODE = WAL' "$TARGET_DATA/custom/conf/app.ini" + log_success "Enabled SQLite WAL mode" +else + log_info "SQLite journal mode already configured" +fi + +# ============================================ +# PHASE 6: Set Permissions +# ============================================ +log_info "Phase 6: Setting permissions..." + +chown -R "$TARGET_USER:$TARGET_GROUP" "$TARGET_DATA" +chmod 750 "$TARGET_DATA" +chmod 640 "$TARGET_DATA/data/forgejo.db" +log_success "Permissions set for $TARGET_USER:$TARGET_GROUP" + +# ============================================ +# PHASE 7: Verify Database Integrity +# ============================================ +log_info "Phase 7: Verifying database integrity..." + +sqlite3 "$TARGET_DB" << 'VERIFY_SQL' +.headers off +.mode list + +-- Verify version was set correctly +SELECT 'Version: ' || CASE WHEN version = 304 THEN 'PASS (304)' ELSE 'FAIL (version=' || version || ')' END +FROM version WHERE id = 1; + +-- Check critical tables exist +SELECT 'Users: ' || CASE WHEN COUNT(*) > 0 THEN 'PASS (' || COUNT(*) || ' users)' ELSE 'WARN (empty)' END FROM user; +SELECT 'Repositories: ' || CASE WHEN COUNT(*) > 0 THEN 'PASS (' || COUNT(*) || ' repos)' ELSE 'WARN (empty)' END FROM repository; +SELECT 'Secrets: PASS (' || COUNT(*) || ' secrets)' FROM secret; +SELECT 'Runners: PASS (' || COUNT(*) || ' runners)' FROM action_runner; +SELECT 'Variables: PASS (' || COUNT(*) || ' variables)' FROM action_variable; +VERIFY_SQL + +# Verify dropped tables are gone +repo_license_exists=$(sqlite3 "$TARGET_DB" "SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='repo_license';") +issue_pin_exists=$(sqlite3 "$TARGET_DB" "SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='issue_pin';") + +if [[ "$repo_license_exists" -eq 0 ]]; then + log_success "repo_license table: DROPPED" +else + log_warn "repo_license table: STILL EXISTS" +fi + +if [[ "$issue_pin_exists" -eq 0 ]]; then + log_success "issue_pin table: DROPPED" +else + log_warn "issue_pin table: STILL EXISTS" +fi + +# ============================================ +# PHASE 8: Print Next Steps +# ============================================ +echo "" +echo "========================================" +echo -e "${GREEN}Migration complete!${NC}" +echo "========================================" +echo "" +echo "Data copied to: $TARGET_DATA" +echo "Database schema rolled back to version 304" +echo "" +echo "Next steps:" +echo "" +echo "1. Update NixOS configuration:" +echo " - Create hosts/fw/modules/forgejo.nix based on gitea.nix" +echo " - Change services.gitea to services.forgejo" +echo " - Update bind mount paths in container config" +echo " - Update runner configuration for Forgejo" +echo "" +echo "2. Deploy:" +echo " nixos-rebuild switch" +echo "" +echo "3. Monitor first startup:" +echo " journalctl -u container@git -f" +echo "" +echo "4. Verify functionality:" +echo " [ ] Forgejo starts without errors" +echo " [ ] Login via OpenID (auth.cloonar.com)" +echo " [ ] All repositories visible" +echo " [ ] Can push/pull to repositories" +echo " [ ] CI/CD runners connect" +echo " [ ] Workflow with secrets runs" +echo " [ ] Packages registry accessible" +echo "" +echo -e "${YELLOW}ROLLBACK:${NC} If anything fails, original Gitea data is untouched." +echo "Just revert NixOS config and restart Gitea container." +echo "========================================" From 190c2ee5c51e934ce9f1839eba56229af6476235 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Fri, 30 Jan 2026 08:59:36 +0100 Subject: [PATCH 29/44] feat: changes to home assistant getting home --- .../fw/modules/home-assistant/coming-home.nix | 27 +++++++++++++++++++ hosts/fw/modules/home-assistant/default.nix | 2 ++ hosts/fw/modules/home-assistant/locks.nix | 20 +++++--------- .../modules/home-assistant/power-saving.nix | 10 +++---- 4 files changed, 39 insertions(+), 20 deletions(-) create mode 100644 hosts/fw/modules/home-assistant/coming-home.nix diff --git a/hosts/fw/modules/home-assistant/coming-home.nix b/hosts/fw/modules/home-assistant/coming-home.nix new file mode 100644 index 0000000..30bc6d2 --- /dev/null +++ b/hosts/fw/modules/home-assistant/coming-home.nix @@ -0,0 +1,27 @@ +{ + services.home-assistant.config = { + rest_command = { + moltbot_home_arrival = { + url = "https://moltbot.cloonar.com/hooks/agent"; + method = "POST"; + headers = { + Authorization = "!secret moltbot_home_arrival"; + Content-Type = "application/json"; + }; + payload = "{\"message\":\"I just arrived home. Read home-reminders.md in my workspace. This file may contain reminders to tell me, or instructions/tasks to perform (like looking something up). Execute any instructions, send me the results along with any simple reminders, then clear the file content (keep the header). If the file is empty, just welcome me home briefly.\",\"name\":\"HomeArrival\",\"deliver\":true,\"channel\":\"whatsapp\",\"to\":\"+436607055308\"}"; + }; + }; + "automation home_arrival" = { + alias = "home_arrival"; + trigger = { + platform = "zone"; + entity_id = "person.dominik"; + zone = "zone.home"; + event = "enter"; + }; + action = { + service = "rest_command.moltbot_home_arrival"; + }; + }; + }; +} diff --git a/hosts/fw/modules/home-assistant/default.nix b/hosts/fw/modules/home-assistant/default.nix index c7e1eac..ef3393f 100644 --- a/hosts/fw/modules/home-assistant/default.nix +++ b/hosts/fw/modules/home-assistant/default.nix @@ -101,6 +101,8 @@ in ./shelly.nix ./sleep.nix ./snapcast.nix + + ./coming-home.nix ]; networking = { diff --git a/hosts/fw/modules/home-assistant/locks.nix b/hosts/fw/modules/home-assistant/locks.nix index a2160b4..edcd5af 100644 --- a/hosts/fw/modules/home-assistant/locks.nix +++ b/hosts/fw/modules/home-assistant/locks.nix @@ -1,8 +1,6 @@ let - devices = [ - "device_tracker.dominiks_iphone" - "device_tracker.dominiks_mp01" - "device_tracker.dominiks_fairphone_6" + persons = [ + "person.dominiks" ]; in { services.home-assistant.extraComponents = [ @@ -14,18 +12,12 @@ in { alias = "house_door"; mode = "restart"; trigger = { - platform = "state"; - entity_id = devices; - from = "not_home"; - to = "home"; + platform = "zone"; + entity_id = "person.dominik"; + zone = "zone.home"; + event = "enter"; }; action = [ - { - service = "script.turn_on"; - target = { - entity_id = "script.turn_on_circuits"; - }; - } { service = "lock.unlock"; target = { diff --git a/hosts/fw/modules/home-assistant/power-saving.nix b/hosts/fw/modules/home-assistant/power-saving.nix index cf645be..1824242 100644 --- a/hosts/fw/modules/home-assistant/power-saving.nix +++ b/hosts/fw/modules/home-assistant/power-saving.nix @@ -23,12 +23,10 @@ "automation arrive home power" = { alias = "arrive home power"; trigger = { - platform = "state"; - entity_id = [ - "device_tracker.dominiks_iphone" - ]; - from = "not_home"; - to = "home"; + platform = "zone"; + entity_id = "person.dominik"; + zone = "zone.home"; + event = "enter"; }; action = [ { From 1ca4a59fe5bc1e05777ea814a75c84e2a10e70e1 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Fri, 30 Jan 2026 08:59:52 +0100 Subject: [PATCH 30/44] feat: fw add moltbot --- hosts/fw/configuration.nix | 1 + hosts/fw/modules/dnsmasq.nix | 1 + hosts/fw/modules/moltbot.nix | 58 ++++++++++++++++++ hosts/fw/modules/web/proxies.nix | 27 +++++++++ hosts/fw/secrets.yaml | 101 ++++++++++++++++--------------- 5 files changed, 138 insertions(+), 50 deletions(-) create mode 100644 hosts/fw/modules/moltbot.nix diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index a2661ff..38a3669 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -37,6 +37,7 @@ ./modules/ai-mailer.nix # ./modules/wazuh.nix + ./modules/moltbot.nix # web ./modules/web diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index 7461ae6..f1e0e79 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -139,6 +139,7 @@ "/dl.cloonar.com/${config.networkPrefix}.97.5" "/jellyfin.cloonar.com/${config.networkPrefix}.97.5" "/audiobooks.cloonar.com/${config.networkPrefix}.97.5" + "/moltbot.cloonar.com/${config.networkPrefix}.97.5" "/deconz.cloonar.multimedia/${config.networkPrefix}.97.22" diff --git a/hosts/fw/modules/moltbot.nix b/hosts/fw/modules/moltbot.nix new file mode 100644 index 0000000..7bc9295 --- /dev/null +++ b/hosts/fw/modules/moltbot.nix @@ -0,0 +1,58 @@ +{ config, pkgs, lib, ... }: + +with lib; +{ + # Moltbot - AI assistant with WebChat + # Container with browser support for web automation + + virtualisation.oci-containers.backend = "podman"; + + # Secret for gateway authentication token + sops.secrets.moltbot-gateway-token = { + key = "moltbot-gateway-token"; + }; + + # Persistent directories on host for backup + # UID 1000 is the 'node' user inside the container + systemd.tmpfiles.rules = [ + "d /var/lib/moltbot 0755 1000 1000 - -" + "d /var/lib/moltbot/home 0755 1000 1000 - -" + "d /var/lib/moltbot/extensions 0755 1000 1000 - -" + "d /run/moltbot 0700 root root - -" + ]; + + virtualisation.oci-containers.containers.moltbot = { + image = "ghcr.io/moltbot/moltbot:main"; + + # Run gateway mode, bind to all interfaces in container + cmd = [ "dist/index.js" "gateway" "--bind" "lan" "--port" "18789" "--allow-unconfigured" ]; + + ports = [ + "${config.networkPrefix}.97.1:18789:18789" # Gateway/WebChat + "${config.networkPrefix}.97.1:18790:18790" # Bridge + ]; + + volumes = [ + "/var/lib/moltbot/home:/home/node:rw" + "/var/lib/moltbot/extensions:/app/extensions:rw" + ]; + + environment = { + HOME = "/home/node"; + TERM = "xterm-256color"; + MOLTBOT_STATE_DIR = "/home/node/.moltbot"; + CLAWDBOT_STATE_DIR = "/home/node/.moltbot"; + PUPPETEER_SKIP_CHROMIUM_DOWNLOAD = "false"; + }; + + extraOptions = [ + "--pull=newer" + "--network=server" + "--ip=${config.networkPrefix}.97.60" + "--init" + # Chrome sandbox capabilities + "--cap-add=SYS_ADMIN" + "--security-opt=seccomp=unconfined" + ]; + }; +} diff --git a/hosts/fw/modules/web/proxies.nix b/hosts/fw/modules/web/proxies.nix index 5cc42d5..1709e39 100644 --- a/hosts/fw/modules/web/proxies.nix +++ b/hosts/fw/modules/web/proxies.nix @@ -103,4 +103,31 @@ ''; }; }; + + services.nginx.virtualHosts."moltbot.cloonar.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + + # Restrict to internal networks only (LAN + VPN) + extraConfig = '' + allow ${config.networkPrefix}.96.0/24; + allow ${config.networkPrefix}.97.0/24; + allow ${config.networkPrefix}.98.0/24; + deny all; + ''; + + locations."/" = { + proxyPass = "http://${config.networkPrefix}.97.60:18789"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + }; + }; } diff --git a/hosts/fw/secrets.yaml b/hosts/fw/secrets.yaml index a15e913..f45f13f 100644 --- a/hosts/fw/secrets.yaml +++ b/hosts/fw/secrets.yaml @@ -1,70 +1,71 @@ -ai-mailer-imap-password: ENC[AES256_GCM,data:shEEPVXXUwyKpqkZgvUifdxd4w==,iv:IgGyuaJLHm7ARgpzKQFUa4CoJtgxgYn6drMXaQqfG9A=,tag:PFjvzSk+l9+M16inz+X+uA==,type:str] -ai-mailer-openrouter-key: ENC[AES256_GCM,data:kJ/ujzpPep5zTv3j6ZKG2N2JaDl6Qi2e1Kz3u7Eu9aXYzziFnBcCIbru6usuKXuC1O7QhozaVemeirthUCOqFV4lzRk8cQsN+w==,iv:dngoIRY/Rr73wbWIl6htCO4TWqMdGt2oxHZS9lT+nFc=,tag:oTHu9yuDl2zTYhjNbRqmow==,type:str] -borg-passphrase: ENC[AES256_GCM,data:VfSwMgBHxETZMUXeEXnvQbRnf/C9Coq2IgrJBUrGsCAqWIvBqioBMTS47/fDPElj2sacn6su3v7vFSNVacf/u1X1+jE=,iv:OC4h9/kD0B1fd1EvBrAb09lu/0mLQcCwV3/gJLMtqDQ=,tag:NaDPQE3bg4eP49mSN6SdPg==,type:str] -borg-ssh-key: ENC[AES256_GCM,data:YKbvLl0aQcWYFuf3+z9Nh8aSFZ825v8dMfvY8sTxqqFRW8t/43qXWyNC1lnIUWnRPaN+lDwbtXknqUb8pPj/szI8j/wHgAstzT3n84dj0pfifHVlR9f2edWUzyJfBGCAz8HobG2j5Ad9TmFAP10C0n+fUWevG/VYeAIP2Ot+b6JhhJaPzRmYBROZDwZk90XSh/pl/S3+PP+usKt5Qt5kcHjz0/6z5mLMvW/3fCbG3YQrhrOAIqvaxj8cdu3OzN5/Pwfe+njoTCzUuE4xdZKBtVkX3gVjWKYN5IVLhSU1SfvHBhUKx3GYM5Io2qLXnq2MV4dFg8ujVrPrx9M3TVa7J/8lkUPdmBkf0f4m1SLNrMDlbcZwNpY3bNm4AnZNcZ+OFTq/85ETiLOQ7bEonSOy9QqDxh5Y/1P6SlPtlH5WgeWax1SwRgEIOSRzVpmjrTOEkNldKYznroGbsj1oEn8DfGEKHEypOBPT6KHsyFgqmSVJwJ7zzha/XN7QsMIK63RuOzrqra1RYPu9jvs8FhwazfX+Olv359lMrT7GRKRNsUVQUpo2XYp/cJqS6oVrb6HtmaIpwCpz4m0lj8qovBMGOCu42AzjIQh7s8hUNqlVTLYPopO/qbC903QPs3y6d1Ipi6JKlMAKkmGdcvUTiypCjEeQ3FLaCFmo697nZZJubLCRFI+9lvCUaOnnXZ+KIm7Lzkcvb/fXoS0Zq/1xpgo5lJP3AIpejAsbCSiK7yKY9ydBRRTr/G5wNQxZcWitpErH2PG8+a0TQwBWuK33bjysH58dmjLhiySNCfo02kE36e+SoUB1z+jdmEMDoNqL1Oao/4qhJ3FBSMl/1eI0Vs7VkDAZ8UAfCIFo5iGHcn1Irnkb+6Qm6JPzCpoOPwVR1b7DGQZaNToVWtl/fNQjRvtAF/S8j29wCjI6M2/akpTbp7mcax0SoT4Evy3kT7q1BYaRmhxrOU+rTctOscKhb4QSOMBjahatANFeD0HbRYd9wlWzL513n/SLP8cXumVLT+SqN1RcvoUg3zdnJy8/e99r94PwaFPjwzhBBt8DL9q4W0QTcOPbVS1zrsoSh78bJJOwArX1pqOzdArNExFldX3cKwU3U4zcSuW5zPttQXXOBowHlKoW5slqLCgoRj0JljyiRtC5yUlCGhKTukiKkRZ+1GOBAEkSus2gJdPxi6lnAZYpyAmTdpacDG6Q38S8/p6r+AXiX4mKWf1FhfymPY51XmgTNfHzPFhd2ADjIFLTxepaX9O0F8aQn71fTffobhFNlGX9Xn0Eocjy83D2ltG14DOIJWozy0KfaHHFH8ToNvEYMmY/SqH5plNsfZRdn80dG2Q7r3ZvBmd12C+ZI6ODFfQJ0NjKljzxQ+XAFzmtggLmU47iIRTVgY3mawab5hmCZl6z11tMhpETRsiULWW7nuTexs1Igf36w4mnpqm1hiGRsFoZLQumxYCaCBpIZK4nodB8cYoFoFrp+ABCc+BqgVHSjqPraNzc5w0GzUBRrTu3+e/dZnRjB5Ht+5vi7tE1KncgNgoCCPxRDZifvHJwe7hWOiPjL3C2c+ApHR9j0TiWFEZhcR6DjvExMKK+u1loYZ0hcHDNepk9joQL2DrX1E106IKElxImvbYS9GPurOosZhXmkk/SKHMyhMvSRkKaM6AHjVsfiVf4pPNRH4hjo17llxwOuPpLH/kLZI4ebx9oUNO23vMatxRN1Aw+2cXtfcLxXXl61VD8SoHDNieT9u4qIfAoPMU+97IOIQH7chGK+HatuVNnQwGZ3ur9q10kL6CnNq0p0fj/9CW8Mm9OsF0d+XgJ5YiDi5vdBtdc4mdsW6O09cTfAMfJqtx300/F+cXZnB2AHdL5KnI6lQ9SgABIhF8dNveaSG/iospB0Y4tQ0pUAxxR5195kIXZ/QXzZERzGaHAu/eRJ/GCrfkf1XHuwj1sXyERgbUm/aVXC+WJfah8rxR2eTUm2KPa8Ywd7A5NLWwFV7P81DrwJVHsnsXjAIVUsYkCySIxTI7Tm5JXAnXThQtbTPqSBPlxqCyK+9py76d16dZ8E83V8rMnUVLEPkkuaqEDzq3cT/bBkW6LEoqMlmGonz/bWSZmo78o7DoK65DSiseOZvl9CfFXSiVPyM4JY7gu/fBkvdVT79J6Bbjao2kFLUO6OYB/BbmuYUo6RqTFFHH13jntyP+FEMlLPUsQcJWYE4y3YLb5MfkQFSsF30KItSwhyL+nDBNcgFC+mG8qDSPYj3dYtlTT+RtGznCQwx5mVgYxAw2PFEB+UXiZBBTCn+VxD3D2uD7WPRrVm+i0001BOGVymPU8RKWKvUSrzuOA9itkTwbEdQ1FZ4ek9Cl/oX0fTbAVLlvU80qMz81jG7eeySiADut+IukPw8ByRl6b2zpBhKDFLeY1PQrJ41BDGxVNRKwMCuts6GGs9ijTVU8id3sCOfqa8qSmq4YsMCLmpxrwisw7kEu1tRTtBoa6Q20IwtC/igxq4kXnGPLN2fwaqnEyPXDluYwH9pqKOIsiUAZmAeIn0YzeW/P2Otz+4t3NaCPBS52+L+EfQT5pL2wmdDV9tF1EAAFgCn9IC92sRrB4zTELc+Z5siD2TFavLPDNjtEhhOfSlsKJpzs8fs49ecsRkVbNqTA4uU/f/JngpvKQyZ5Ct8RATsudocGTc/3Hv0Lzatu/XkhoeuvA02s21oowHXYnlxJcXS5goTKbpq3xAHyANr79chomkL8YQQ6hdaE955+lMcSLi0sQbiHUYrdP3QXYrln3w9cTmgkVqNAopWIRUyM4IgLxkW+lgx9vASOvBAjsqA/7vL5bqLoqLLOPTDDahv8/wDriMZ61cO5p9fBVn0EM0xF8F3Z0Sx4MkO5XKFkU4MoyrW1Nwl1paUDMvuuwKGSGkR8vLhgr4XVbMQxaXZ3CyOCImEHipyhvxVq4grEpAsp5NPDV80at2osnJqwUucuA28g715A2tvBvRkj6QdEn7K2El4OWUMw+F2sB82PYspzmZaepfDWj0Td721od2XccBLvVO5HLQ7+8Veu8m9YZQr9kilkmQYekE/cnvYNwHYFqXn3ojCIOGXJQphAwEIXs21Da9P/ecIOzUrykM8elKJXwQk4GuWx6Y66iUqBRU7LHoVUsKP0+mE23e7lJLKS11tlmZHxn9JjDBZLbqR08DRXVBxvJxNqg5/Gn6Ip9DkW+h6pajsgzjFY7obhkS58EuNKyEo/ELJYK0nK2fU71OPhESBGfPQtsIGwUfaBhrX6uS49JQMpt/MUVc8fKPTW06ThpoHlLSKhgshx5xVB1zFupznBcJs3TXBF+eK9WPK9eEpmk1Ac8S8husyctZWzKlCXMuLBGvk7we3zIIX9yiKEBkbb/EMqnl8fMMtXjjVEoMFdJRkLO0F4F75Sp6elLGq3HD/U1TF0gABqhXjsFHDHEA3sagkxvA/stijqGuRKoSImwbbQnJQ==,iv:12jhIp7FXTaUYGwh9JtO4EEnz7ps0D2wQgVnXWeeWzY=,tag:IeGpZIvOlVtXf7rp8e612A==,type:str] -ddclient: ENC[AES256_GCM,data:5TD+zbq8gbfpg0zL+Q/rZAM6/UWpdoQnWGUzxffEHNY=,iv:yOYlurCmeFpck81MT3tYmcVwSLH4Q+h8KvWAR56NGGU=,tag:XUxGcSOnn4xWHfpmj9FfDA==,type:str] -filebot-license: ENC[AES256_GCM,data:3Z01llfp3EovHTcOeALZvgoF9Sg9+ZTuSxeb+U5D06+uwl9QCM0Gl9FJ6iwt9gWJTkMS19FMHmG6smpZKVb11GZUFT3D8yTavu9AqRumZYBW6tPR8Q/WHGRSP1kUD0BLL3M3qBlbipqg7XSW4qElGKmyPCW/eswEXnhuIhcBf1wJ9q36WqQuxtOzRLhGi3S8ZaMdfQ8EdGTsePRuYA8qAinuO9G+yejQfzhrHZ5fZhcbTPWlKMzQt+q2m03N0A7Yf6DMuWujmdXbMX7FgRVMvaiz7cCgsKVQQOzRwEVbnivA+3b/BGTY98YJZs2ULKH9gMtnjqt9Pxc4iQVnJ5lUdnBXrsYcU2JVeKhMD3/h9Ds7P5P/Xzv63dvFAdQfJtMLeSvFr2+zbLL3n/1yeamtEZq/9vXs6Sj1Gerrfv/3y0oJbxo7mdlMEZ5hdkFz9m8LZ+b+G4StcWOR8I3fxKoSzXOM2SfmFQ2qeJaIaO8NfhZ6bwfsTZtevZksAeF/MY8hAAUJc4FARV7y0n6X3p5PC/iok1TrtIXOlgzMP8UVZCytDOUztqvpguag4/QpvkAZ0aOQ8ohXxAdzF2jW513beWjN1DGCUDsIn3angS3C80ybp8CsG4NNZBFsW6wL2XcmX6nHaXA9YTRLg3neIXFNcHSnRKHGZGdGIKpg5zeHZJeoN89T4YokUxSw8709F+Tzm5zowNAvnw/a3tQHCpLzy2EoS1MYeFnl5ReuRlitYjTwvZY/Zl9gMI5IGNlLGaSbW6G3r3Vkjtz0XlX/NcD6yk6usM2w5HRUaAaM4uUWvIADTcWG+IVVFgXVVRpdl8eC/4jWf85/naQEHNPch5PmRHMWO8br7iamZzkqODL/iz6UQzEUROydcCvj2KaCKrg=,iv:n/o313QaIZjmp0RJvGw/x24AGh+ZaLcMnyrMdFaugJg=,tag:flPEv7y9UEObPPSkYSwARw==,type:str] -forgejo-mailer-password: ENC[AES256_GCM,data:BK1hLTsz1GtOEHWnXeM8WhFtnUUm5PLFYNlEwTHQ2FjWNU+e244eFWj3P0xUkbXPF5poVUiMOD74LXVLbmlEQm8s,iv:VVXV7awaChr4UUKNwVMrK4MYA2NPcg7PsOEIYu33EQg=,tag:eTcguiaujYGoFf2Mim/TOg==,type:str] -gitea-mailer-password: ENC[AES256_GCM,data:jEj/pbIwJbgjlAJT/C27ZxRopzE7btaBeFV5Nnqzgwqyf/EZO1k257D263jUZX2NWmuB/jMAY8IYc8bO1BJtYiyB,iv:gPGILhy4FFDfqeq762GgHKBoBdCFnZqcLRFtxPIafAU=,tag:gzgDv5WcXGCJWlnqOpkhzA==,type:str] -gitea-runner: ENC[AES256_GCM,data:skZDOjcPFNEEYWf8IEK1goF0r7Ei9K7A9f+qdbqnv/zi/6pF7Ol2wEe6knmcbMUG7NPGg5LETqsP2/ifi0Q7TZO3aFq/cIY4hC2FEhN6mgEd2oWj8H9BT5Fop4IwCQE1a2pF36njmooEs7q83ccnQTmo7K+k2a9jrS5aEVN5fw2H75cppjoc5JSur4Z9oET/BJpeM7KhXBUui3Ebb0fD38WJItWOEXNGhyFZqtsyPFRcgJpUYejBnXo5Y08jCBMNwN1lQwl+1y+FpzJFwXGrfdQ=,iv:ossCQKu2Mg52k5UN8wHDJdC4A9+74X02LeblgINf4qw=,tag:eNekPZUC56Lf4BTax3lhgg==,type:str] -gitea-runner-token: ENC[AES256_GCM,data:6+0h+au4hg0s7XCWsHxlPls/oJUJadph0yG7BVgt15p9UFQhvyEUxIv9vqc265M=,iv:evHWbZz5/voZqKudTS1D+t/n9cSUTaYbv0JCoOUQuiE=,tag:4XMMBuIUPpvxq7iYgDnEyA==,type:str] -home-assistant-ldap: ENC[AES256_GCM,data:imgkUpeBrOG19uKCrb7f3hya3HKqVFiGKXodnb7iMom3bWWtqEQDusJtUssQxPZDvpCszejRfG/j7UZ6iob6KA==,iv:reORLwrkQe0e4c01v4//g/xBU38hXZuv7F2L+TGALVE=,tag:U9KDtcraJsWXSmVuK6xxEA==,type:str] -home-assistant-secrets.yaml: ENC[AES256_GCM,data:xR+HJgS7maPQS3/9WO+z7IKJ1aJG44MhQLBZvciyCgNpyxp17YbKaTnrt19URIWFtbgWqacDgn16GB6vZfBTsf6f3NdPsLVAV21sHr2jAXogfiZds1Db2TsBrfTpUn9ygycQaJwU0D/nkzJxxDJfegvzTYZeiTsn7Gjq2I70+2rOVjpNwXfWQbxNvxB2ywoo1Dg52Bu0wXauprZYGYt84bGg9ZFXCsLFCE4p9fNWRiZKaH7E/ugGxyF07QdfEWGS6gfE6c+/EsHM8w==,iv:wpmbJTweNQfm7fuBM3eyA6CnNL7+o/J/4bEGl6my5GY=,tag:i+VJs/LLVCx+NNEUBOmZHg==,type:str] -piped-db-password: ENC[AES256_GCM,data:6kzLGlwXvr5TZUwKZ7v+ypB+VLDshQv/vKpt/uE1E31HMrK57PcS+pHrK/U=,iv:EWSfx3PBTg3JHGWt31dPi620WZRt/HqYI1KijY7/w24=,tag:xBV6u3NByVaq4tnflmb+mg==,type:str] -pushover-api-token: ENC[AES256_GCM,data:CgqZHBAFOrzTmdwmWTYDJQ7ri2Z7PRzeMzcfD0Hc,iv:5xkiTei/6sr978E2QwQVmLswJEmSPWmfs/RSyB+D2Rc=,tag:vy5GRtAyQA7mLyePau84cw==,type:str] -pushover-user-key: ENC[AES256_GCM,data:L9E5vCh7lAWG+WMoJSV6ralPzl5yeBDSk1kvYmlq,iv:gOetcV9E0uTzeEUoDbswKo9zXvAk9GpoFg/A+TeGY60=,tag:q82CO6mfS+n9q8TfuvXX5Q==,type:str] -wrwks_vpn_key: ENC[AES256_GCM,data:o0v0AZYBaClYC1w5rNIjrnkORILZ2o/+Z5nQ3MTJgHPvvnZJ5AIORuQ4QDUmpAA8VhMivn5F3EKiZ00nBDW/Nw==,iv:XhvTRwDSfseRaUgJ8lbcL/QnaA/eBEvTByLoJh2PeXw=,tag:GLS4eGETG9Q2W6tuW9EXZA==,type:str] -wg_cloonar_key: ENC[AES256_GCM,data:iAyabwyNKEy1VrsXgAPMljxXYg6CQv/n6DzJrjLtAPDO4VbFRLSj82ln7V0=,iv:8ng5RD/hfKVeOx5aGDwilkKJQ60qJbLtgWXBiE3dqb0=,tag:zmE3BO5490U7UdawQ6i/5w==,type:str] -wg_epicenter_works_key: ENC[AES256_GCM,data:JehIfUz4Bi9mNf7nZZufcVf8FxH8MLNFKSJJ+E0/I7rbh4thzUbIjYeLmaI=,iv:KyBToeAMX1jwehlmCi9zi40+RS18RAYExpAlGL4lf/0=,tag:K/o47pmCsqjoGWmGeF+DVQ==,type:str] -wg_epicenter_works_psk: ENC[AES256_GCM,data:kq4LLsNBP6fm7lhU2OS+kUZy4xRjq4hBpT8Lgo/dFpWb/FPL/qWobVG3nDs=,iv:Qm41W1zbSnml8l0yu8yjpE/OOHttNan29gngft2v0P0=,tag:t2qjuZnarRK+9BlmAjXclg==,type:str] -wg_ghetto_at_key: ENC[AES256_GCM,data:FaI5/1P7pXUEA2/5kLiGheK7f99/ntCUNdC3W3a23M1uhNYVGA0AXA+OIXk=,iv:V7KHwsIMewJylTPOXOnSQMkI06w6U1vXecBx/NUcyg4=,tag:gsr4vkqOlN5pexhyycWquQ==,type:str] -matrix-shared-secret: ENC[AES256_GCM,data:qfXA1eFLyFM4hIk5IwXc1zfWVmwvTgUNcSJDYGar0L9b+cHD8kM0qEr2DsPkDcy+7DJNldK+tcdgkCV8GA==,iv:XqwxLRs3ADyjmmKVKMMsANGhGzTg7PXQNiYnrp+WYFo=,tag:duSgoaxqm3z71jGfP9lCoA==,type:str] -phpldapadmin: ENC[AES256_GCM,data:oDgmCm38ZEhcpOvyY49jv+7FmikzrN2WCxJ9i5wvOTvUFblz1pVSe3/qm0VZ/IqdbudTpoOHIc97znAE129fPPNGbd3prY3v+dXn5JpUhcSuBT4QOf3aXVUlPzUVgTXt9E/Y/ASX39dPXGWEDt/XelXHVkgQAHwAt4XFSx20Ph2b1x1s1Gs/WETZe1Dyl8y4TyMRn4TuGYvm1l8iob8RLGazCk5XOGL+0AyLe/0H1vTKZN9lu7S/VH6612tDQxVJf2grzmZu1t8P9QBVgFxpmqdGsudMMeGoO8ajOWkgu2DUziZc0ul+PNdDdPThpetV6jjcZ8qJ9bZsbbDadZC8WWmKt+P+WPfE,iv:IUhwcZez5ROJuiKynSmfvI7j5iLF4arJokt6Gs10Xhs=,tag:MnVgO7JyOetB1j2ZZtxLLw==,type:str] -palworld: ENC[AES256_GCM,data:ZEf4Qw6FiHQwgWJAvX/oy90rJWffjwqqu9aqhvtzY8BmffhGDDPc653GEwxBEMRdBBVot+puxYkHA/WvQgPb1FaU+qXmAkclw9ayNcxqm7Ra74thV9JAseNH6xuDycWD0mNNEF6IRjsiB86JpeOivjrZeZy5zHSieMx01u235szmR+j/qX+QOo+E5NyVNPyIIT1LiJ3MpNPLltzNfiAfuDMbT+2VHC3EzU5BxxrXJ6iY9nRvDLoLOznfGG63eNxq4xRH4BL7kp0Qv4a8JlQlV9rfGyKqcwWH4FrRVNP/1xdT2Q+9qBHlnSafY2sj0UXI2FGvbwhuHxFZ/OSVwohe5ag/xtCVDgFE8bKaKPyXl+qgR9gNvwyAYRoOv1WDQxc4MkzJIBchPGLA2L5RFGZddByOUAR4LsyqvC6n8jjU19dSFaEGWSJDF068Szq2/dWdAl19Edw/nTvfRqVnJSM2m2tf5F1kBBM/yrtJrzDzmTd/wDwLEfhbO0PyktWjltjrrEzqxlaLeIYDKwx3+vlDLn+7rxaHZAHiwshGGYgW9Yxf0Epb2+o0dNgJ6X1+v+vbeWfgyobLklA7qKvodoEvAHLGsW9YicURNNjy/ERwA8ojSezfEZ6+pRhrk5s5HUDtq4b5tbD1FocPYXZyhSlIIqc02FGWJnQQamooa1hTnABYRDz0DtFudLHvRDFnUei4v827nr97y9e91GC21Q==,iv:DtA27Ksq1pGMxlq3UJ4HxYiJC4dTjBJD/aRbDIijyNE=,tag:J0kvm+khW63qfmHZwXzyRg==,type:str] -ark: ENC[AES256_GCM,data:mwIyAXNT6rAEoxyh+kbTnTlZMgbYlRUzAKHhbI8CG7AdG5l1gNhnnAfcIPWjx2Y+VAwL6XIRJL18FCxCB52UHMDqLpkdn4/pf4gaJ6zLzLuHBNPGDtLB21+frderjuVbOMxwV6Dx946clgIHFA/FY9ooKOknS5K4mNQm7wyrTUJQ38shyRMwbbpPA9sQOK41XMkaU0Axdpie1adZiN+Vq9ikwf4H1TglymPeXvIypEwWN0iJXaHwr7CKGDyWixYAjUz4VwfkeNVfyR1u,iv:3pHjP5CZLM5xULs5oSk6BlCEHccqdrrVGLZctYSb9eA=,tag:wLMORvSvdcb/If86vZsXXg==,type:str] -firefox-sync: ENC[AES256_GCM,data:osI5nogy+LQQ7KAECZlJ2cO2eZ5lz40yON6kgW9ROmicpuukr7+9R7jURYNZg2ETNMrZpK0bSK6zWoe9hlcwtTwVz815ocLU+o4rdUFpUjE36a0+toT9AWhwF0K9RVwITK6A5nIW8TADH3RaGZI6PGQzrjn9F1nMruo3gn0h1Gv3R4mT1ySpZxc4CV9zyKE=,iv:ou78yVK/d9X4sKSmSp2s/WhRp1TCe+adbK52He5qVE8=,tag:FJgLYpS3dtwku4Vs/SvXUw==,type:str] -knot-tsig-key: ENC[AES256_GCM,data:Mj201Ikwl6VuU8cBmwRTJbApOfCwIYt/g0dZL8kYDBoLuUNkkRygO7HB+vQ=,iv:vDjQ2Of8/u4gJHZD+brUeGcjWSv3psAYTUp8FXGVDaw=,tag:7IBISNf7RnV99zYAKAyTpQ==,type:str] -mopidy-spotify: ENC[AES256_GCM,data:oZag4Uyhk7Lkd2awfInu0bABKB2aB9ZxgQ/oOqJ5QJ/HEQO6ysWVBodu2MF2PPBe13Y6zv3HAnz4DEi1rDNBRwxRloyAwSAnB8R1uTuIh0fnJ2lr64RuT2+EermmhVz/HoypCnKTlFad39d16cRCEIy3n7cYnbG3,iv:xZAroRKaKn0xuMieUWcs4KdtRyVbuxm2HaWLV5zMr/8=,tag:i0kiytOZhVXKmSvF41T/Og==,type:str] -lms-spotify: ENC[AES256_GCM,data:1GPYCleCAkqkctywo6QTTLCBv4nq1I+jGXreYXfYZX3X9qdDjBlGuQyIIzD/krspUg5iYm0m1z6CEkKZQOeCs6IUv7Da+iMV1Kte3/nosWpEqYtYeC0kIw3wV9RtAIsMCFADj9W/w97NTMjebg4CZdmqVjI8coFDEN9dKqfMWT5amsC+emH2oO4k67vA7lgBBhL69Wgi7YAC2lSL1EVvcestWSzVcIHWucH8VI7CIKXJOLNzPD6hsKoQARroo4N3lQZ/dTpd1A==,iv:7Ukq1yPXeoTTmFroXL6sOBG76INPqynKyrbBQIv1Y+A=,tag:KY2rfZrqUhm2xBSsjHRWDQ==,type:str] +ai-mailer-imap-password: ENC[AES256_GCM,data:h+7cYnh5KlxHsxuNPqeymzaP8w==,iv:arefLWSG15MWStl3OASrGJf5HS6vIBBOpMHbfesnou0=,tag:7n49QtZJYT4fnvep0fnspQ==,type:str] +ai-mailer-openrouter-key: ENC[AES256_GCM,data:RFf+are5v/3I/r5k6UeCYGZpjVjtbPZoZ+UoiJZIOobiP+TP7K8sooqaO9i88EyWafrZtwB+2gOkNxeSms2er7z+PsWmmnbSnw==,iv:82Z6IpMVj1t3kYKwF3K88WMAIQe4R+K6DefGgz3gmbI=,tag:PyqDejCBhXFZRkdfZyz89w==,type:str] +borg-passphrase: ENC[AES256_GCM,data:hpVWvXBM1T8dGXCjHL1+29Pm7jinmdc0tkZva5jI55KLCNbOug7exqcut5q6UziZAXr5WF2WJyelVC+h8CoNYxnj9wg=,iv:aCulcqhHqOP9OHZv/K3Gp0JgM8m/GWBxSlHEHYu7qC8=,tag:0pAb3kKJmGk9UvJ8gAZM3w==,type:str] +borg-ssh-key: ENC[AES256_GCM,data:DUuJYunBWQit+QhTiTKr82OPxNU1HD9QoLvipS3vCP13MfDb5FZnPSiEa9uq8C/cQLAuptnk2oqVEEZI/H4OfZ7fyyH++xQEqaDbNTelS+Gae4dfwXHmfkt7Lu/+XTDq/WTExnbiDCrWacPptEt7eYYqdOsLl1kJPZzAoIrp3TE2B0L4uuWj4KtXMLS/FO/sfNzgtK3/RcRhwNDr5zF954X2Di07zcJeTNllzMUYzEHrK40zC0IAQoITpt4HSbz4C8HQulqlt4ocJG/PX98Q4pT+bPxPZUHtrojkhbyDjR+8WGeAeFllwTx108i0zyrTOxJhhMnGFv/2TAJrEYCCxgiCyLog57xz+xm3SXk2gLdubHgVZs/QDd2ZwLg2BrG/uCSsHANfVlrxWRfQu8n3NeqLL9X1XINwywSYzL79KKTEndDfkZj8RKTUObzrS3A8sE68iPDB4Uym46NNHg8uwJwaOAqEJhwZd3fKR8ADqGm3DRkrZsfRfR1Cx8lvtGbUTmNZwNHv9Y1P+Kt6Uy4dgPG5yTDR1CxgsTkZ+DHOCnb7X/DvfnOAjeNFxVTRJ6e5PPkjGZO+mh4XtkKeqyKBEYVR577HGzDYeHk7YxcYg5ZSRqcHV+EKWB9sHF/b3wz38lS6nr2SCPRo5FyVeypVVQiYCmHZdOjJXtl1a7mRnOPIs2W8DQx2ynvACtUFeXmWWzntPTnJVvmDyQVtI/FfITxH3gkwnKKbym0j5hdwgdPRhl/nzYR4mvJETduByVqoUJD2DUH/il+CYnrCq0vqDIyl8BoEkNuqdwyZ0suZtKaPn02ifPdpE46mSjr+ml6VAklrJ/vDt6y+l4nqBcfya08MTglpv3fOj/inK733J8gmQisT67wvoJniX2lR723DmA0DzoHdRgvNyNQ13u9enrReNAMkZIm8eyDmJXxp7403YSKjiscRX85DW+ohUhnqshu2jyfEBX3mPXN/TJqh0mvHh0vyQW7T2z6kzwv9cKKyt7oun9+rFcho3c6j0XdLlUUGnw8eTbX2I9xRJ0vkTVbqRT/+82u0NY5d+7IvO7Z1t62eX47nY++5nL0h1Cc8QohR0sgTKTllPWmMAPkNlxqDf3NIrII8VT9VE11nXai/N/5rDkap9Snc58FH7xgMHW2QVJxj6RL7v4B/ZU9Idx6wr+fOnjkFEp9cnyhho7YCJngRLWdoMm59gbAQ5exXdmpEzTt3ScAOKKQKUWsQ5fwFh44U3eF+zk906eNrHx/3gRDWruWiiEtBMu2jmIyV1S0QJz41BSuO0X83tnUtb17gBC+yriXke1/YrDdTmtvbgz86yoaHiHlp5i+yRnKF9bKXX8xkoe5YxjEYFUtVdc1vC4CuZ945ShYXw0+DmBgpFd65pmkiiDfyJmmqtuVV7UJPrjgHhboq/9tJh8G+olmbKMqfzs4+ebyP4shkcDhEKtTm2jZyMoSQvdO7R7GqeLvhSxHhHtypm5Lh5qrmmsnPdFrn1E7HORoDOk4+AjnFj+GrFo8mozJQfHbDwIb85jFn0YTDrMWPtSjNE2xm4VlsAhqaXhnjtX7LKzVathMqYXp/tCPzBHOV6jyHVq8YZDDRkt3DlSmHsFr8lM7iyxBzLfPKr8vRMwjoastNRSDbtmPYAjFObZ+KHd+e5DfMDz806p3eGffj8c96HIOFC2o6l0A9MK7jmnrzBTxDEhTYzgl/j5g95ScbGL60clajzkxo7n9eABfuzjbKmPXvlqwvZRVANFkX1uEiViQTlyPv/TR3iwVwXwZ3LuER0uC6qnX5QJhQYZMhu8l0Ud5SNZyCssoj3NoZehi9dYtknjx6Z+akvJgr52EpYy1ZsuFYOx0ntS3eBZ3m1NOdjOWif69dvulyvNR9ImBHdTLR/9ujoMbAFt7w+rYJY523rGYiCxk2g0sr6LtvqqjJ2CVJsPjPlT1VkI1ZL5R061jtRzDc+X4UGRsEzc7Vh25dwy9QsyKLZqZe6IM5Gn7/GuwkYUarMgkGKLpzfE9UCu4R3/ATFn6KAqSitYeCopC4ybycg0qNAzjzFZMKs1u80p1GSe7DeG4mx7C6pTL2+E+Cdlu+bjXvmJQebLlJMFXUNwAJ3Qinr3PyL37PQvBhPA9ILcyalPtJMzwcGEhQR8s9Qlkuh+WPEfzdDBg4wrTLkrITN+9BQMYxuX2tCR5dXhMUkoDv8JWus3iOvHb62glWT1t9v0A8Wrg+CqA7NCyrnYwtnYkpvu3TLvPRRToSTKVJVdX0pcFCBqytClfgEGzMfUu1Z76DZMqCPQDaezmSXm3cjlBfZnq5X3Txnb6Qw0EEIJaaAerh3DvvoyA1XHVJLde0py32r2gzVUcoxtYoxJaZWb9JcZv+QghK8Ecss4UlKjvzHtzTZ7mQUWGX3xjJ92xg5ZnfGa15RveRZj/3Df2FDnL9JfE9s0lxOSjsoYhUaWfod6P7HxPFZswRLp7x6b+/3auo6ikCNz3wNyWR6cLkG7ZEFBQI2WipgPrKMsC/b2K0TlKCdGwON5CSeuQ8wWN3sKKX7gJWwevbq2V2vbiwU5mD53LmETYPu2phnqnbe6uBvqemnA/aOjtEf7gSleR1BTkTRi4GEJxfvnBToJaT+8QlkY+di6jieD7TCxpyTxhiCS20kDkjjsjzv7jvhc5ur9045LlWYdEwqUKCQ3d/yWXk+bfa3hWyDqyK33rOazfuiXXMjBZ8MgDdz3dyVCgA/l7T+Y3jpzLDDO6H0dD2r2IEwdt3WhrnYhXxQSsGLkM2ivOJ7xlDOKbmG8ow24unANAAyXP8g50qZ24EEN9cges/tNauWdgSsv3q6TRIEgbua6m4jlIY/1ixDbd1/NbC1lusg7HdFq1AbJ1uOoz8xV0P7d23UkGr72SROHgjMFiP0X/72uhEcsCTioheApLLkhV8oKt1Yuy+KpR3VZzoZi6uARtAP0wLt4DQAiBNnA5cvyvmboBioX0hbcJz/qZ/WnvJ9oYJUZWhA8K+tt1NoSjeyHCpUFzS46S/EB3sriN8FbimJW+d3rM+QbXlQLtaokJAM3UI55mmR8kqXvgmQV3qJFZuzX545ffIXKq4p7Q3TfwfXI6D1RIFVTtBlfEVZtJrfOU5NDfr6DF64r1TIk+811IEn/PBkG8YdTBTfryK2hC6PHmGjGXIHWuy+LwJDPG+j1BR1gBjCtUTgwoKKuYWQDymEHLU1o72qSB5xBitDp+JGIbKs4WCJZ5Ac/O0krUcFa1+T88slLlykHL5ZqEmlQ6PnpSBzmTxbOM2TzXKrOUvGwDCGhCxHQjaQ45ToQU6jHlS7D2axUX28pYdIP6J8W+Hxp+hNn8qYD3Zm+OgTYGbVNkY9vDLnz1k09eP3mCgvRnpeqJS4fdhZBfNKoZpnhj6deDAWVnaw3ZlYRdT2Zq7rmJ5aQk5HG6XlNhvRdEKsX49bzZ+wP44SAgEXyfigddLMdFr6A==,iv:DywkJKhme43tO9mXYXGljvtiI68vqr7+Bja42MNJybo=,tag:M+a5FV1Bu85+diV+WEdAdg==,type:str] +ddclient: ENC[AES256_GCM,data:QgmeucM/Ypm6U7t8fT0htBB9xPiFFltyQi4g2I3W5j8=,iv:mI+abEjhJbwC9qMBkUXn1I2AjB8T73sfDw9nJTjkQGs=,tag:v/WT0DsXd0qXOR65lkSvaA==,type:str] +filebot-license: ENC[AES256_GCM,data:Emr9kESkXbs2vlyOo8MkkC28xylVm2xH48P53e//3v2CMEj83NuockfBCfwbn+tgNzm9zJW4gkiWsDzELQRcntEWZEKfcNYynWeBNFrcGuaB3farcIYk3EHcvf9ibVb5b8e52tRW0deJ/Jlk+TWtRbtswaATGgldMllt90MljGtIFlLcSbWtGwA01D5AjXR19nVqKmK0TABKhWRw0O7c75Lmy4kne0f+V1+g+5pfYqcuF+skH8UNv2JCH8Qx9peVN4Ez5tv45pREkfNLkLeJX+5W4lp1kO/ewJBDKUGvDZvDeXzWpCmnfD/X2c43G9bweB1Xs/L4H1T35NvFFmETGag5m6J3omA3wf0K0O65bcfLojKoZ4HuBP+0u3QXwtWKBUbz157OWRy14lZuMzmKDe2bw81H1mQcvwU7u0jNPxPTzsbxrdSNpxmwzXRYEk8FX5yIXdSgVogW/7hvMknUcNuN0x8gTpz4GCyEJBl105kmn3t5EDS08MlhsXs1Qzz9We+tEeXU034aVag3eFSpskSWhWuJVWWiEn2R1TC0YETGPwP8Zs4Y12Hhdd3Es0JaLd5C4TN2Ny1kQv/6gO1rREw30N0h+tDtnmqJApXaWjbLzw4PWFvPEBjWCYdejlT+h6pauKy/JKUWQkgM24ToTaWrprnJCSufkftsX6hniLGylbn9JzRNNVGco1/2fO4j3Uo1i0PR9ifkC4Xzpue5QYwGYY4tRCSRixbFCo2qbjnZiOzYSyjRrBYb4DQONi3yVECJOVEpBYAsiVGXXV+ExclTznBzS5yqKuB8JrtO5Lk48vKK6vebLwEFNmy7uvvGfD1eU9E9M2fuelhsZMkOV1KEFJGCs4lhaRUTCvWoyQJ46A4c8113HtlYEqw8XmE=,iv:TR2Q7wlBIEe9LHqSj+5MZZV57EP96zTmVJ9SP3TZWpM=,tag:z5QZCUynS70aZs2nvjdLvw==,type:str] +forgejo-mailer-password: ENC[AES256_GCM,data:aOIFbPmOEFFBInQ3riR+Eknzwm/eiKIF92i7HtX6MIngNXGfcpngIL3op0Hpoa0HfRhfpk95o3p6XMRIdtd3wt3u,iv:dI6cwtprtMmPoQqYVQWWgxwGv4hTvyBN5kUWbnt4hQk=,tag:D5vDDl1YiNz+vEuUlG1wMg==,type:str] +gitea-mailer-password: ENC[AES256_GCM,data:jezSqeXme84x/E1/djCtR10ubApeS3JfjZ9UYL0/da+i9pfKJafqd5ahPDMAJWFdoxxCh20c8Zlq/oGXkrzBLmku,iv:xZUrcUoKfvIxh9A1xMQzc1GCMNVqlKwcvr814wWdv3A=,tag:38qayGrw1AY/nAmRP0ibsg==,type:str] +gitea-runner: ENC[AES256_GCM,data:E0lECHn3PphY0TyrPjwEMQ1ZEkJMRlNZlfxZZz5En/bf2e+xGPFeqqWK3rvQ3bHdKTKMjzEIuFNaf97IOrWTJ7HpiYfPQoWD5pOcX88f/aVrrX8PpTVFcDS+N+XQCsEZBsiWW4Ts7r2ayir+wbpzYxOp5C9QuEAlox27y/TRmRSYUGGl1KdRP7dTvvjve8CfjIJ57UwnXjfC0baUKrtW7Hy8hT2q9ERm6MSQSKngdxsdwFrMzNhor4IRZdspgTQALeUyzIdf3j+IXgMDqpg9quI=,iv:N7EAgNd+RhPIqrpHTTmLPl4tMAB4b3Q2OrtABfhbGjc=,tag:Tz9HDUks9T6ATP1wmMGf1A==,type:str] +gitea-runner-token: ENC[AES256_GCM,data:R/Tp+hboo5wxbVXYrwzo1fqs7lxYbERf/VaoweP65AsDLLDjXRe/cD+uI4mqHT4=,iv:R2eF/YewIExI6e51V6Q4O2OVu1e3pAcJbVx8AzV65gs=,tag:iMaYkLJCvepG+cDCpZswtw==,type:str] +home-assistant-ldap: ENC[AES256_GCM,data:xzvFCatCeiGvwPTA0ZcZAIoC1Ru8H7Jt1x5XZsZhWhz7t2zDhqMfNNCFHy1a+21eE4s8x8kwflBYl18ZaxqzgA==,iv:fCrV2CNBW1IIVdl8pNjora6BxO1QRA9+KHNESHw8CzU=,tag:JX5jOlLRbmv0vPANIKZcBQ==,type:str] +home-assistant-secrets.yaml: ENC[AES256_GCM,data:m3UnOEzKqZX92+X3f4OWG7GskkXqj+uvvwgv8qt6mzyh8LWKrebk/7IXKQW5KtBCFY0wM59ijSgVloV5PeIChfVuBXl2rclNOp04ZtBQEwtIVqTNYIcmOidOyV9qoJrRzm2ssKYQj7RJ3znFvfmX48OQ9EAvXEhYXXnISWT0kNLlIk5FPKF6j3LbU4B0ZcDqzVoB3J4MnTaKdke8Znv302sssu9/jpCLd1av4Z4RU1zoJJvFl0EDWHz/olHtHvU6O46C5bTJ53/r2abC0jQ0vyWXh4FnL9IfXuLJKPNxoHaicNH4Mqf21xrw+6Q4E9VvPRnvsGCLsz1BOxK+7wzA,iv:/hH3xtmjYHNjfCxhmJzqnLII+guxTJgvBlLnxKA5Fu0=,tag:oGzO+GQQ6CIHx9pu+wnkiA==,type:str] +moltbot-gateway-token: ENC[AES256_GCM,data:gG7J+b3/kyR7GPp4dJQTJfQ80SdTYGRqUmQ+L26B+ZrtbFDbztjtMThluYBfRlceajKWs/RWIvcQ4m3IJrcIDA==,iv:EE/7ApwIq+C4mz/f9SxXjedCJHHhMIO4LktxgKrTr+s=,tag:zXFxIwRigYepZZlGptvgkQ==,type:str] +piped-db-password: ENC[AES256_GCM,data:qHAYiTXMX4Vfv7gCm7NDCSDvj10IadYGJ6ZhL5ga/4PzM6dt7oWqVRGcEyU=,iv:w+Jlg2c1Scsfxis4kWdzuN1d/aQxvK7qqdg8Q6WRUGY=,tag:GwN6QwNYRGatEhSZVhz9cA==,type:str] +pushover-api-token: ENC[AES256_GCM,data:JzGXv7TXhs27/hwrgmltKuT2527eovwKKztpzYkJ,iv:jZg39tTa6gHrXrIy5FXtQ7XTafQ/F9vuXZcTBv5lMgQ=,tag:XDyPJWMDbkvNuVZ1FB3ulA==,type:str] +pushover-user-key: ENC[AES256_GCM,data:wPbwe2j13e9ZQn4NM+vnXSVFVBI2D9WXyTZnQtwX,iv:0hS1tdMsB4zOTCkBeaajwAZhJXvffQ2cCJC1/uKRgz4=,tag:sCeBkokGGBNbSsxZQ4faaw==,type:str] +wrwks_vpn_key: ENC[AES256_GCM,data:U9atAAPgRBmIm6m3M/LXbO5T1b8ahY9G3AXYBDX2T/Tb0mg15AWoWcH4Ods6HNX/N+sETUZUzd/8XIc/NthI7A==,iv:xk3RsHSDR0li9Wq8RmZXnl5AgrNF4AoW8ZYjwFWIuZs=,tag:I94sQd6hqRqrrDs3EKxoyg==,type:str] +wg_cloonar_key: ENC[AES256_GCM,data:Nh9/BvQTkblpJ/BHC8Yc4y0/ef3+n/eSQeFcvEkJ2gq//Hdae0WOUpyHCPQ=,iv:vOW2HakffYCEB67laaB1mtEfJlyPSai0JKg1+l6Y9Jo=,tag:FsY2e1S/lv41x2KIiBJrRA==,type:str] +wg_epicenter_works_key: ENC[AES256_GCM,data:QCj+X2w+BWIIgGYchkS0o4q3AMT04z2hU3mO+rRu8jL9592YcP8cYkJ8L9c=,iv:5I1le+n4R6qRqEVOh5Ix6ncfoJyV5ObCZYrAmzjQnzo=,tag:uXaH+ijQnGlb67szRLj4Jw==,type:str] +wg_epicenter_works_psk: ENC[AES256_GCM,data:YfKTdDpAy9BlGJg5fECudIQR+4h6Y61Fe0tTmlaDlYQeD4BL/lvqz1qjtpM=,iv:KjMzzMvPwP6RMiDxYX0GHVBIXA7R1ajUkPhkkKwUn5M=,tag:NYBbliJMZuP/Rpz7aVSbwg==,type:str] +wg_ghetto_at_key: ENC[AES256_GCM,data:QUW6RlK16l2YFrCXJp7WROI0M5v8WFVkeSGKhBbia+MmJvrVDnmgTrTEeyM=,iv:rWtbStohy/jqD1Y655m20J52pDW3vLT9UMmYlXocf3A=,tag:d/7C9VaLPe4s8XzROwRTEg==,type:str] +matrix-shared-secret: ENC[AES256_GCM,data:yuraE/GI71waIlFj+DKaiILqkt/N8YgQ0L9KgNOGcXhfrN/lDK0+pV70JCn0KLgIEPKfbGPl4C3084s67w==,iv:EK9XthRzDgA/IBqDZHd4wetjGJP+jg72xFccVCOvyMw=,tag:nwIVCrykM7YIg4INaqakDQ==,type:str] +phpldapadmin: ENC[AES256_GCM,data:4AMaNV6RO2HT6TUuN9R+tLcrY3v+Oa1N0cUaepWDxEpDwA4N0ZDg/yQyQT7QA/Z5P1Adz2eGdSISgNQR8wXplYUg8bHx2SpCLeG3JrF4QGSZl0EwQnxQtIlUVxHVXft4arFwHCt7FhDsbyRY0YFQPMzaH6I2RVNrdSKothW1A5dYH7kTRCuP3MTvrtZC9yGp/ko+sepwdar2EGha8E36A2rh8soR9jKciLmV+cal1U0FvxyWzH4fRY8YxCH+BUNI3pUJQX/de1xa/MOL+nqBi9Q8al3PjzhjWE6mWG/v4fP33yJgrC7ZWi+bzOCqCR6I27plWQK1PhQ2ZZ+sCtNu7lXS4ix7muh4,iv:X2QaqD6uPz8Fh2GMi3tPeJI0MvrFAPI4H6dSWWGCohM=,tag:xT/eCsWSMHZSdjAw4AdGKw==,type:str] +palworld: ENC[AES256_GCM,data:lpcGXcKxI+7hlZm4r2VsiMO/1c0ctoqfuvzTkqk0c5xjRRTiO5bXe/DtV0O9IFxnMQRnznG/jQsNGyvMBt0aMlylZrdfq56S43Y1a1iCpN2ZmfL9A3vd7L2X14pjG+MMphOPGhE2e9KpGImkEGEjOz/o8zIMmo2OZzA1nSBqcPQLZkwCza1GbyhLRAKNwNRttYlXDL3zBLljRQeDF9wOh0WYXuo04WLDw1GuSnpdVBI/UvBsWAc5wnZLpjqxAMKruNdLKvEURV89kWVvJIiOmJT5pFERL+Xb70vcu0Bv6oygcll4qOUKnQ2Qz3wk6l5HFNOdRJKycsHrUQXrLKA1isZnjS2dFt+dmd4JNZyH0kraC2A9OohGOVoAR5Bsjq0ZIlVSxv1lR0GFRz9oP246KUrf4u00toTfT0l7Alz8zW5IuY5j+zzd8WobynFo23LHxXBg91cYOtTRkpio/tMykVR5xQgz63uNuZDLn1hPsAiEKYqFZaXL+E2w1D++QqeHgpM4EioyrWTrAgRZe4p+rAQLLkaR6lYG181TqV5/mi4U12Tk756ahlMWEzUbakW77lM6hFjOYnsJ96JInSahVEKL0k68CxcjEu+MDgJyl7sRvKuFA2UC4j1w7uPEXMfHtEkmyleoc5GXHMfnBA3rV3t+g/CgDE+3o8fVgWM+Q4niE5LRYPoX12IwLY7bJhXJguQ8Kcchccphe4ohXg==,iv:bd9u0B7UD3FrMvz/0/+O/t/Wk1eXKL+7a2J9RcQCa8I=,tag:w/KGmAxhqj0QDh+UkDSFOQ==,type:str] +ark: ENC[AES256_GCM,data:bEZaEqhSERRTv/+SMRYAPgnEo8JgJ84gZnLqsgxFI7RkivBVNMtPUy6lrA9rHPLhyBFMXpBZW6TB9olAHJLu7rUrC/4jeo2hNJuH3PmVQ7l666eM4JzCZ09XYjJnUs87OkAtwRzcVeMmDKd59d5hSn95jxMsk9DXp1jyeqVfBQuzgE8G2A5s5qT76xTH5GIojbJ3wvkJJjoJ7l8E4qaupf/mWs2YE3khtBPdsFSoiWDONRFC/UVUFVAlxOhYKNodwLsAx7bTO/PVDvim,iv:/j1wzEU4ZD8auJ0rggejE1gQWMgJHVDqZqSY9XBS43U=,tag:mnbnoOfCh1coi3D1sytCQg==,type:str] +firefox-sync: ENC[AES256_GCM,data:+qZ6hgRpn1SILtrESmHpENXWHOmWn98DycrTSg9EfhHzVUdC0+jllQFOCcsduv4IZQ4RTuglz+PkOseh7Nac60qkiZW6Sqveg+f+M39NdVaft18ltAKiXF19+SweHz1KL9fG8hsjsHGyAGfSW+gmn0O6kEUtth4Ck/VBExg04sdXAWOVxIDN/yVKASpCfFU=,iv:6i9hjTRd91tv9kyZ4RAY88KWGTRZ9kU7vF5OAqu+Ubw=,tag:3lDN4iX6lJleQiQ7C8/Qrw==,type:str] +knot-tsig-key: ENC[AES256_GCM,data:7wR41trxv5WYK+5nr38ZB/xkoCQOuxNBqLYCZYVuj2fDiwlEqHNZIe4B4Bw=,iv:Cptzoc78Il6jrdr6By1HR6kI7uEilzhmow2HZBk7dTw=,tag:SW2+F/k+oFErU2olpJvQig==,type:str] +mopidy-spotify: ENC[AES256_GCM,data:lyOOOvu2FxQ3MhH/g6Ms5oP41XwClF/heYAvUFa1R22bUB847q3zP20+RUR/0nMCpEUXst9/kZj4oFE5jE4ze3vIIyWmCV4hmiNDrYg9E2/oBgJWjylsp3ocX+XjVtCovPMoqJ0VE9ZCZ2KaqIhVi9DC8DN35USH,iv:nTGyBAfiDcd2AH2tzTMu5qXs51PR2h38/I7HpJaZNVk=,tag:I7SbLbyf37a3tuaGC1nUTg==,type:str] +lms-spotify: ENC[AES256_GCM,data:6qjXjIKq4sALiwN5vFRSMj7ETquvida7iCldFfMbaqPdSPi1QyGD47r6+Gq5vf7GJD0TSHOCcLMm7Kxq6xVkfcrMDxN63BZDkUeU/ZNbdcMn1ZpcW9+ZCkmb5KWR0ScezzbHPHDFnvZ7EnTnVqLpbJJHz2w4xb5I33xAjhDOUSARHTIIVSavwplOk4DkJVOeQPOR3P2cwhG8bpEH2ISRoqF8tkGncTXDX+mdg8fxxAi/TVzFA6zGzDpAxFZW2W22Zp/+M0OVnQ==,iv:YKwglsAJydgDIDkLETXaKS5So/g8pE3/+lFeMdsBiRc=,tag:Gsqxcv2IjqSOiPT4lFe+5A==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZGZiWHg4OHRENFZUR0N1 - L2UwdTc5RU1RRlZrZitxNG1aeSs3eEJweEVjCnp4NjdnTFlPVGE5Z09uQjJyL1da - MjN1UGdwdDM4ODNhdVVtMmhlTDNuNEUKLS0tIHhhTUpjbkVDSEU4d1plM0dCSy9J - OFU0TU5hZW1sdzdudmRkRzRKOVZrb3cKa27jKzE608GlCCT0RW9caAaV9TN5kes6 - xqcj6s2CPa6LeMC0yMfeN2bYDPGXtEGUStzG0hXwg4pvQliBMtht5Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VldwWkptbUZwYytBTlV1 + UHhjRWI5YVR6MDFFSDZpN05mbHc3ejZNVXpZClNTVXFSWWw4YVFSSzdBenZYYlU2 + Q3BSSVJmeEdIYzZiR2VYL0h1dlJNYU0KLS0tIE5CQ2V5NlpxQ09LS2tQWm9ya3Vq + VGkra1F1N1gvLzQwNlJNbVRsUnYxS0UKXdEvFAtZ3Zfy07H5738ZiYnrMhYhf5zb + ljHthFghcYloaF3LgjTN7W0AdfVK0//4tPzwBxyThDRLJqKE95HMig== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cUdxb0kvNkdDeWVMYmVJ - L2xlY29QaTd6ZFY4dCtsejhHN2s2anMya3d3CjdDN3FqajlzS3llWGhVK1A3eVdE - RjFuZmVBdFROTXhzZWduK0RVRWQyT1kKLS0tIGpzekV1OEJ3cW5Md1BhMitncnBs - OWUzY1p1dndFWjBTdXNOSEZyUjhMNzgKzewnYGETh0NSUad3p9s49JQyt0JHV58Y - eni6QDJ/ruQao2d2xBhwb4koGbzSUPQ2ie0syoOfMrxXYmu76bCb7Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTXdXM095YWw1OXFuWXdP + OE52cUZBcnNLaGlqd2w3YVNiZG5NWm9DT1I4ClRyRzNsUThZelVHWVl2ZENhbENw + YmhPUzRWZ3JZQXgwYzFPQ2hGZzMrNlEKLS0tIGkzdzZzOGgrM0pJNmZrTmZ4ZjBT + MDh6UURpRGs0d00weEhUNytoUkNGYncKazrUNHQpzYIlAWK+ZRFiPVKS9/IunxUI + IsfSAsnH1xt2z6gBvbzjyZXu5f0dkvU8Vpd5+V9CAP9TthA3R+7Jkw== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKNVVrZzV5dDlWeFJINkVj - KzFDUUl6OGRCN1o3eEhGdGdjTHdGVWZld0hJCjI4dWtNZUltb0RqTGxoT3JONC95 - YXgraDJWcklyYUluTWZlU2pSY3NGTUkKLS0tIHFMYUJKN3h0Mm4rU1J2MmRCdjky - Vi93N3JHdi82WDRZRXUwbFQzRlJmUk0Kha2OzeHtJo5sIVqR5S0Wcpkp/nmo0s9k - WNXEtj8qPvtR4Ji/V7P6BdwGmtn+Yr4zbN+CamHkOjR3C62EQbXZSw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTGhkMlh0aGIrandzUzJC + dVI3RTB4VmhUc1JSUFBxdmVrK3ZVTmZNdWpnCjhmWkFhV09qY0k2ejF5eDl0YXp0 + aU1zY0M5c3ZEZENBc1I4ajUrNmQrRkUKLS0tIGViMERSWG9IMVNVNUg0VE1YaVFG + YzROSlZyTEtCMmlpS0NuZk5xT01EaEkK++DwKWHm+k9iZlK+oPzZKfHg7r+nbbO6 + xt9F7Xp0KzYaVzBxPuqi8c7vYpiIZaKUYXgS5NpV4oLRgGuOBzib5Q== -----END AGE ENCRYPTED FILE----- - recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEODNlS3EwcmxFN3hvTkVv - UTU4OFVIZENTbFc4dmlkSk5Gdk1qK1FySTJnCjJWR2FTYjZ1dDA3QzMyQyt6RW1C - UFlQZkFrS0QzSldvQjdRbkdLRDJNa3cKLS0tIDZTa3NXUks0M0FOdm0xSHBuSzVp - dVdIdXVDMkEvTktYWFFDak5WSzFSWlUKJ3y82O8e/z0Yag8vP6z/SSjExcVQTyvU - OPLHYcg5sByQ75AT5GBA4ZMF7M8EH1cP2QL7X8u4SeHDrVbMTx7d2w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcTVMWFBUSDZxQlhtamNt + WjhXYUNDVHFKcHJlV0VzUHNOWHd4TVR6TEN3ClVrMVBGb3ZUT3ZxZGFxMnkvd2dR + SDRCZHFlVWs3M0ZLbDJsQTAwV2JFUU0KLS0tIEZHblZsNmtvWGZtcHhYQk92dTFh + aEN1YXdpQTFRSElKb05IbVpTaW9VVlUKklD9VliJTRZMk8u8r5suw7IUeVwVXLSq + zm4SIUE/C8RPb23ev7gh3IG9J95pRplEwCRwKzib5/Hqz/SqNhUVHw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-26T22:13:01Z" - mac: ENC[AES256_GCM,data:FuOSimEEfiyjY0oBzkaDcEwYhQZCyNiQYXPJxKFmybZ2eH+BKRoydtgMpCnOumCHHOH8W1N5HO7Ls7JSieAcx1MrFPXTkIaseUB+mQh69k42yi9FJ3rus2u1uT5KOLCDantE7HhlBCuEOSE9qoCxeda8Zx9210gXPt7QfgzkXds=,iv:39xgMDM0Y7nNF1tDN7N4zwdu0dvfL3Ss6yH5KS+Udk0=,tag:0u8crcNalWIyBc0WKxXzkQ==,type:str] + lastmodified: "2026-01-29T22:47:30Z" + mac: ENC[AES256_GCM,data:6iN/OVgm59aum4xUfJofyQP8xVNyEZB1TMT319xEIqwPdE7Rx2MCkfIWfV+bEYgo5iyIFkMzFjPeJO5he35l+0fOxGd5zQlpHEre0RxGnIJX+MEEZlY+qGSQj6omsAfJdr8chBbdHzFjpnr+cCvpa7UaPX/5PKAPnFoVLIKZdww=,iv:qTupVIZoIkDNz5Mi3HWMyArLU+qhwCUSQrp1je+YxuY=,tag:1LWru+2qdt2W3AS4wGHU6w==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From d83f4ec9038d57c1dc916f2b67b2726d5c10aec1 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Fri, 30 Jan 2026 23:36:54 +0100 Subject: [PATCH 31/44] fix: ha coming home prompt --- hosts/fw/modules/home-assistant/coming-home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/fw/modules/home-assistant/coming-home.nix b/hosts/fw/modules/home-assistant/coming-home.nix index 30bc6d2..9b666e1 100644 --- a/hosts/fw/modules/home-assistant/coming-home.nix +++ b/hosts/fw/modules/home-assistant/coming-home.nix @@ -8,7 +8,7 @@ Authorization = "!secret moltbot_home_arrival"; Content-Type = "application/json"; }; - payload = "{\"message\":\"I just arrived home. Read home-reminders.md in my workspace. This file may contain reminders to tell me, or instructions/tasks to perform (like looking something up). Execute any instructions, send me the results along with any simple reminders, then clear the file content (keep the header). If the file is empty, just welcome me home briefly.\",\"name\":\"HomeArrival\",\"deliver\":true,\"channel\":\"whatsapp\",\"to\":\"+436607055308\"}"; + payload = ''{"message":"Home arrival. Read memory/arrival-reminders.json silently. For each item: if it's a task (fetch weather, check calendar, look something up, etc.), execute it. If it's a simple reminder, include it. Combine everything into ONE message with just the results - no preamble, no explanations, no mentioning files or process. Then clear the file. If empty: reply NO_REPLY","name":"HomeArrival","deliver":true,"channel":"whatsapp","to":"+436607055308"}''; }; }; "automation home_arrival" = { From b11d9b2fb9a2c99b3484bea8e0493a07b677e433 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 31 Jan 2026 15:04:23 +0100 Subject: [PATCH 32/44] feat: ha add morning active automation --- hosts/fw/modules/home-assistant/default.nix | 1 + .../modules/home-assistant/morning-active.nix | 76 +++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 hosts/fw/modules/home-assistant/morning-active.nix diff --git a/hosts/fw/modules/home-assistant/default.nix b/hosts/fw/modules/home-assistant/default.nix index ef3393f..4f70b8f 100644 --- a/hosts/fw/modules/home-assistant/default.nix +++ b/hosts/fw/modules/home-assistant/default.nix @@ -103,6 +103,7 @@ in ./snapcast.nix ./coming-home.nix + ./morning-active.nix ]; networking = { diff --git a/hosts/fw/modules/home-assistant/morning-active.nix b/hosts/fw/modules/home-assistant/morning-active.nix new file mode 100644 index 0000000..9e7f846 --- /dev/null +++ b/hosts/fw/modules/home-assistant/morning-active.nix @@ -0,0 +1,76 @@ +{ + services.home-assistant.config = { + # Track if morning hook already triggered today + input_boolean = { + morning_active_triggered = { + name = "Morning Active Triggered"; + icon = "mdi:weather-sunny"; + }; + }; + + # REST command to call Moltbot + rest_command = { + moltbot_morning_active = { + url = "https://moltbot.cloonar.com/hooks/agent"; + method = "POST"; + headers = { + Authorization = "!secret moltbot_home_arrival"; # reuse same token + Content-Type = "application/json"; + }; + payload = ''{"message":"Morning briefing. Give a brief, friendly summary: 1) Today's weather for Vienna 2) Calendar events for today (check CalDAV) 3) Any pending reminders. Keep it concise, no fluff. Just the info.","name":"MorningBriefing","deliver":true,"channel":"whatsapp","to":"+436607055308"}''; + }; + }; + + # Main automation: detect morning activity + "automation morning_active" = { + alias = "morning_active"; + trigger = [ + { + platform = "state"; + entity_id = "light.toilet_lights"; + to = "on"; + } + # Future: add kitchen motion sensor here + # { + # platform = "state"; + # entity_id = "binary_sensor.kitchen_motion"; + # to = "on"; + # } + ]; + condition = [ + { + condition = "time"; + after = "05:00:00"; + before = "12:00:00"; + } + { + condition = "state"; + entity_id = "input_boolean.morning_active_triggered"; + state = "off"; + } + ]; + action = [ + { + service = "input_boolean.turn_on"; + target.entity_id = "input_boolean.morning_active_triggered"; + } + { + service = "rest_command.moltbot_morning_active"; + } + ]; + }; + + # Reset automation: reset triggered state at 3:00 AM + "automation morning_active_reset" = { + alias = "morning_active_reset"; + trigger = { + platform = "time"; + at = "03:00:00"; + }; + action = { + service = "input_boolean.turn_off"; + target.entity_id = "input_boolean.morning_active_triggered"; + }; + }; + }; +} From bb8e720ddf20731781b6bf44c76c0044d59e2312 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 31 Jan 2026 15:04:35 +0100 Subject: [PATCH 33/44] feat: fw add forgejo runner --- hosts/fw/configuration.nix | 3 +- hosts/fw/modules/forgejo-runner.nix | 87 +++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 hosts/fw/modules/forgejo-runner.nix diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index 38a3669..f41b36c 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -33,6 +33,7 @@ # microvm ./modules/microvm.nix ./modules/gitea-vm.nix + ./modules/forgejo-runner.nix # ./modules/vscode-server.nix # Add VS Code Server microvm ./modules/ai-mailer.nix @@ -79,7 +80,7 @@ networkPrefix = "10.42"; # Systemd services to monitor - services.victoriametrics.monitoredServices = [ "ai-mailer" "container@git" "microvm@git-runner-" ]; + services.victoriametrics.monitoredServices = [ "ai-mailer" "container@git" "microvm@git-runner-" "microvm@fj-runner-" ]; nixpkgs.overlays = [ (import ./utils/overlays/packages.nix) diff --git a/hosts/fw/modules/forgejo-runner.nix b/hosts/fw/modules/forgejo-runner.nix new file mode 100644 index 0000000..06befd1 --- /dev/null +++ b/hosts/fw/modules/forgejo-runner.nix @@ -0,0 +1,87 @@ +{ config, lib, pkgs, ... }: let + # Short names to fit Linux interface name limit (15 chars for vm-fj-runner-1) + runners = ["fj-runner-1" "fj-runner-2"]; + # Offset by 5 to avoid conflicts with Gitea runners (01-02) + runnerOffset = 5; +in { + microvm.vms = lib.mapAttrs (runner: idx: { + config = { + microvm = { + mem = 8096; + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + { + source = "/run/secrets"; + mountPoint = "/run/secrets"; + tag = "ro-token"; + proto = "virtiofs"; + } + ]; + volumes = [ + { + image = "rootfs.img"; + mountPoint = "/"; + size = 51200; + } + ]; + interfaces = [ + { + type = "tap"; + id = "vm-${runner}"; + mac = "02:00:00:00:00:0${toString (idx + runnerOffset)}"; + } + ]; + }; + + systemd.network.networks."10-lan" = { + matchConfig.PermanentMACAddress = "02:00:00:00:00:0${toString (idx + runnerOffset)}"; + address = [ "${config.networkPrefix}.97.5${toString (idx + runnerOffset)}/24" ]; + gateway = [ "${config.networkPrefix}.97.1" ]; + dns = [ "${config.networkPrefix}.97.1" ]; + }; + + networking.hostName = runner; + + virtualisation.podman.enable = true; + + services.gitea-actions-runner.instances.${runner} = { + enable = true; + url = "https://forgejo.cloonar.com"; + name = runner; + tokenFile = "/run/secrets/forgejo-runner-token"; + labels = [ + "ubuntu-latest:docker://git.cloonar.com/infrastructure/gitea-runner:1.0.0" + ]; + settings = { + container = { + network = "podman"; + }; + cache = { + enabled = true; + host = "${config.networkPrefix}.97.5${toString (idx + runnerOffset)}"; + port = 8088; + }; + }; + }; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + ]; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 8088 ]; + }; + + system.stateVersion = "22.05"; + }; + }) (lib.listToAttrs (lib.lists.imap1 (i: v: { name=v; value=i; }) runners)); + + sops.secrets.forgejo-runner-token = {}; +} From 766943bbb1c0a9de984686ae3b43bdfc148eb1af Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 31 Jan 2026 15:04:47 +0100 Subject: [PATCH 34/44] fix: secrets for forgejo runner --- hosts/fw/secrets.yaml | 103 +++++++++++++++++++++--------------------- 1 file changed, 52 insertions(+), 51 deletions(-) diff --git a/hosts/fw/secrets.yaml b/hosts/fw/secrets.yaml index f45f13f..d4c4599 100644 --- a/hosts/fw/secrets.yaml +++ b/hosts/fw/secrets.yaml @@ -1,71 +1,72 @@ -ai-mailer-imap-password: ENC[AES256_GCM,data:h+7cYnh5KlxHsxuNPqeymzaP8w==,iv:arefLWSG15MWStl3OASrGJf5HS6vIBBOpMHbfesnou0=,tag:7n49QtZJYT4fnvep0fnspQ==,type:str] -ai-mailer-openrouter-key: ENC[AES256_GCM,data:RFf+are5v/3I/r5k6UeCYGZpjVjtbPZoZ+UoiJZIOobiP+TP7K8sooqaO9i88EyWafrZtwB+2gOkNxeSms2er7z+PsWmmnbSnw==,iv:82Z6IpMVj1t3kYKwF3K88WMAIQe4R+K6DefGgz3gmbI=,tag:PyqDejCBhXFZRkdfZyz89w==,type:str] -borg-passphrase: ENC[AES256_GCM,data:hpVWvXBM1T8dGXCjHL1+29Pm7jinmdc0tkZva5jI55KLCNbOug7exqcut5q6UziZAXr5WF2WJyelVC+h8CoNYxnj9wg=,iv:aCulcqhHqOP9OHZv/K3Gp0JgM8m/GWBxSlHEHYu7qC8=,tag:0pAb3kKJmGk9UvJ8gAZM3w==,type:str] -borg-ssh-key: ENC[AES256_GCM,data:DUuJYunBWQit+QhTiTKr82OPxNU1HD9QoLvipS3vCP13MfDb5FZnPSiEa9uq8C/cQLAuptnk2oqVEEZI/H4OfZ7fyyH++xQEqaDbNTelS+Gae4dfwXHmfkt7Lu/+XTDq/WTExnbiDCrWacPptEt7eYYqdOsLl1kJPZzAoIrp3TE2B0L4uuWj4KtXMLS/FO/sfNzgtK3/RcRhwNDr5zF954X2Di07zcJeTNllzMUYzEHrK40zC0IAQoITpt4HSbz4C8HQulqlt4ocJG/PX98Q4pT+bPxPZUHtrojkhbyDjR+8WGeAeFllwTx108i0zyrTOxJhhMnGFv/2TAJrEYCCxgiCyLog57xz+xm3SXk2gLdubHgVZs/QDd2ZwLg2BrG/uCSsHANfVlrxWRfQu8n3NeqLL9X1XINwywSYzL79KKTEndDfkZj8RKTUObzrS3A8sE68iPDB4Uym46NNHg8uwJwaOAqEJhwZd3fKR8ADqGm3DRkrZsfRfR1Cx8lvtGbUTmNZwNHv9Y1P+Kt6Uy4dgPG5yTDR1CxgsTkZ+DHOCnb7X/DvfnOAjeNFxVTRJ6e5PPkjGZO+mh4XtkKeqyKBEYVR577HGzDYeHk7YxcYg5ZSRqcHV+EKWB9sHF/b3wz38lS6nr2SCPRo5FyVeypVVQiYCmHZdOjJXtl1a7mRnOPIs2W8DQx2ynvACtUFeXmWWzntPTnJVvmDyQVtI/FfITxH3gkwnKKbym0j5hdwgdPRhl/nzYR4mvJETduByVqoUJD2DUH/il+CYnrCq0vqDIyl8BoEkNuqdwyZ0suZtKaPn02ifPdpE46mSjr+ml6VAklrJ/vDt6y+l4nqBcfya08MTglpv3fOj/inK733J8gmQisT67wvoJniX2lR723DmA0DzoHdRgvNyNQ13u9enrReNAMkZIm8eyDmJXxp7403YSKjiscRX85DW+ohUhnqshu2jyfEBX3mPXN/TJqh0mvHh0vyQW7T2z6kzwv9cKKyt7oun9+rFcho3c6j0XdLlUUGnw8eTbX2I9xRJ0vkTVbqRT/+82u0NY5d+7IvO7Z1t62eX47nY++5nL0h1Cc8QohR0sgTKTllPWmMAPkNlxqDf3NIrII8VT9VE11nXai/N/5rDkap9Snc58FH7xgMHW2QVJxj6RL7v4B/ZU9Idx6wr+fOnjkFEp9cnyhho7YCJngRLWdoMm59gbAQ5exXdmpEzTt3ScAOKKQKUWsQ5fwFh44U3eF+zk906eNrHx/3gRDWruWiiEtBMu2jmIyV1S0QJz41BSuO0X83tnUtb17gBC+yriXke1/YrDdTmtvbgz86yoaHiHlp5i+yRnKF9bKXX8xkoe5YxjEYFUtVdc1vC4CuZ945ShYXw0+DmBgpFd65pmkiiDfyJmmqtuVV7UJPrjgHhboq/9tJh8G+olmbKMqfzs4+ebyP4shkcDhEKtTm2jZyMoSQvdO7R7GqeLvhSxHhHtypm5Lh5qrmmsnPdFrn1E7HORoDOk4+AjnFj+GrFo8mozJQfHbDwIb85jFn0YTDrMWPtSjNE2xm4VlsAhqaXhnjtX7LKzVathMqYXp/tCPzBHOV6jyHVq8YZDDRkt3DlSmHsFr8lM7iyxBzLfPKr8vRMwjoastNRSDbtmPYAjFObZ+KHd+e5DfMDz806p3eGffj8c96HIOFC2o6l0A9MK7jmnrzBTxDEhTYzgl/j5g95ScbGL60clajzkxo7n9eABfuzjbKmPXvlqwvZRVANFkX1uEiViQTlyPv/TR3iwVwXwZ3LuER0uC6qnX5QJhQYZMhu8l0Ud5SNZyCssoj3NoZehi9dYtknjx6Z+akvJgr52EpYy1ZsuFYOx0ntS3eBZ3m1NOdjOWif69dvulyvNR9ImBHdTLR/9ujoMbAFt7w+rYJY523rGYiCxk2g0sr6LtvqqjJ2CVJsPjPlT1VkI1ZL5R061jtRzDc+X4UGRsEzc7Vh25dwy9QsyKLZqZe6IM5Gn7/GuwkYUarMgkGKLpzfE9UCu4R3/ATFn6KAqSitYeCopC4ybycg0qNAzjzFZMKs1u80p1GSe7DeG4mx7C6pTL2+E+Cdlu+bjXvmJQebLlJMFXUNwAJ3Qinr3PyL37PQvBhPA9ILcyalPtJMzwcGEhQR8s9Qlkuh+WPEfzdDBg4wrTLkrITN+9BQMYxuX2tCR5dXhMUkoDv8JWus3iOvHb62glWT1t9v0A8Wrg+CqA7NCyrnYwtnYkpvu3TLvPRRToSTKVJVdX0pcFCBqytClfgEGzMfUu1Z76DZMqCPQDaezmSXm3cjlBfZnq5X3Txnb6Qw0EEIJaaAerh3DvvoyA1XHVJLde0py32r2gzVUcoxtYoxJaZWb9JcZv+QghK8Ecss4UlKjvzHtzTZ7mQUWGX3xjJ92xg5ZnfGa15RveRZj/3Df2FDnL9JfE9s0lxOSjsoYhUaWfod6P7HxPFZswRLp7x6b+/3auo6ikCNz3wNyWR6cLkG7ZEFBQI2WipgPrKMsC/b2K0TlKCdGwON5CSeuQ8wWN3sKKX7gJWwevbq2V2vbiwU5mD53LmETYPu2phnqnbe6uBvqemnA/aOjtEf7gSleR1BTkTRi4GEJxfvnBToJaT+8QlkY+di6jieD7TCxpyTxhiCS20kDkjjsjzv7jvhc5ur9045LlWYdEwqUKCQ3d/yWXk+bfa3hWyDqyK33rOazfuiXXMjBZ8MgDdz3dyVCgA/l7T+Y3jpzLDDO6H0dD2r2IEwdt3WhrnYhXxQSsGLkM2ivOJ7xlDOKbmG8ow24unANAAyXP8g50qZ24EEN9cges/tNauWdgSsv3q6TRIEgbua6m4jlIY/1ixDbd1/NbC1lusg7HdFq1AbJ1uOoz8xV0P7d23UkGr72SROHgjMFiP0X/72uhEcsCTioheApLLkhV8oKt1Yuy+KpR3VZzoZi6uARtAP0wLt4DQAiBNnA5cvyvmboBioX0hbcJz/qZ/WnvJ9oYJUZWhA8K+tt1NoSjeyHCpUFzS46S/EB3sriN8FbimJW+d3rM+QbXlQLtaokJAM3UI55mmR8kqXvgmQV3qJFZuzX545ffIXKq4p7Q3TfwfXI6D1RIFVTtBlfEVZtJrfOU5NDfr6DF64r1TIk+811IEn/PBkG8YdTBTfryK2hC6PHmGjGXIHWuy+LwJDPG+j1BR1gBjCtUTgwoKKuYWQDymEHLU1o72qSB5xBitDp+JGIbKs4WCJZ5Ac/O0krUcFa1+T88slLlykHL5ZqEmlQ6PnpSBzmTxbOM2TzXKrOUvGwDCGhCxHQjaQ45ToQU6jHlS7D2axUX28pYdIP6J8W+Hxp+hNn8qYD3Zm+OgTYGbVNkY9vDLnz1k09eP3mCgvRnpeqJS4fdhZBfNKoZpnhj6deDAWVnaw3ZlYRdT2Zq7rmJ5aQk5HG6XlNhvRdEKsX49bzZ+wP44SAgEXyfigddLMdFr6A==,iv:DywkJKhme43tO9mXYXGljvtiI68vqr7+Bja42MNJybo=,tag:M+a5FV1Bu85+diV+WEdAdg==,type:str] -ddclient: ENC[AES256_GCM,data:QgmeucM/Ypm6U7t8fT0htBB9xPiFFltyQi4g2I3W5j8=,iv:mI+abEjhJbwC9qMBkUXn1I2AjB8T73sfDw9nJTjkQGs=,tag:v/WT0DsXd0qXOR65lkSvaA==,type:str] -filebot-license: ENC[AES256_GCM,data:Emr9kESkXbs2vlyOo8MkkC28xylVm2xH48P53e//3v2CMEj83NuockfBCfwbn+tgNzm9zJW4gkiWsDzELQRcntEWZEKfcNYynWeBNFrcGuaB3farcIYk3EHcvf9ibVb5b8e52tRW0deJ/Jlk+TWtRbtswaATGgldMllt90MljGtIFlLcSbWtGwA01D5AjXR19nVqKmK0TABKhWRw0O7c75Lmy4kne0f+V1+g+5pfYqcuF+skH8UNv2JCH8Qx9peVN4Ez5tv45pREkfNLkLeJX+5W4lp1kO/ewJBDKUGvDZvDeXzWpCmnfD/X2c43G9bweB1Xs/L4H1T35NvFFmETGag5m6J3omA3wf0K0O65bcfLojKoZ4HuBP+0u3QXwtWKBUbz157OWRy14lZuMzmKDe2bw81H1mQcvwU7u0jNPxPTzsbxrdSNpxmwzXRYEk8FX5yIXdSgVogW/7hvMknUcNuN0x8gTpz4GCyEJBl105kmn3t5EDS08MlhsXs1Qzz9We+tEeXU034aVag3eFSpskSWhWuJVWWiEn2R1TC0YETGPwP8Zs4Y12Hhdd3Es0JaLd5C4TN2Ny1kQv/6gO1rREw30N0h+tDtnmqJApXaWjbLzw4PWFvPEBjWCYdejlT+h6pauKy/JKUWQkgM24ToTaWrprnJCSufkftsX6hniLGylbn9JzRNNVGco1/2fO4j3Uo1i0PR9ifkC4Xzpue5QYwGYY4tRCSRixbFCo2qbjnZiOzYSyjRrBYb4DQONi3yVECJOVEpBYAsiVGXXV+ExclTznBzS5yqKuB8JrtO5Lk48vKK6vebLwEFNmy7uvvGfD1eU9E9M2fuelhsZMkOV1KEFJGCs4lhaRUTCvWoyQJ46A4c8113HtlYEqw8XmE=,iv:TR2Q7wlBIEe9LHqSj+5MZZV57EP96zTmVJ9SP3TZWpM=,tag:z5QZCUynS70aZs2nvjdLvw==,type:str] -forgejo-mailer-password: ENC[AES256_GCM,data:aOIFbPmOEFFBInQ3riR+Eknzwm/eiKIF92i7HtX6MIngNXGfcpngIL3op0Hpoa0HfRhfpk95o3p6XMRIdtd3wt3u,iv:dI6cwtprtMmPoQqYVQWWgxwGv4hTvyBN5kUWbnt4hQk=,tag:D5vDDl1YiNz+vEuUlG1wMg==,type:str] -gitea-mailer-password: ENC[AES256_GCM,data:jezSqeXme84x/E1/djCtR10ubApeS3JfjZ9UYL0/da+i9pfKJafqd5ahPDMAJWFdoxxCh20c8Zlq/oGXkrzBLmku,iv:xZUrcUoKfvIxh9A1xMQzc1GCMNVqlKwcvr814wWdv3A=,tag:38qayGrw1AY/nAmRP0ibsg==,type:str] -gitea-runner: ENC[AES256_GCM,data:E0lECHn3PphY0TyrPjwEMQ1ZEkJMRlNZlfxZZz5En/bf2e+xGPFeqqWK3rvQ3bHdKTKMjzEIuFNaf97IOrWTJ7HpiYfPQoWD5pOcX88f/aVrrX8PpTVFcDS+N+XQCsEZBsiWW4Ts7r2ayir+wbpzYxOp5C9QuEAlox27y/TRmRSYUGGl1KdRP7dTvvjve8CfjIJ57UwnXjfC0baUKrtW7Hy8hT2q9ERm6MSQSKngdxsdwFrMzNhor4IRZdspgTQALeUyzIdf3j+IXgMDqpg9quI=,iv:N7EAgNd+RhPIqrpHTTmLPl4tMAB4b3Q2OrtABfhbGjc=,tag:Tz9HDUks9T6ATP1wmMGf1A==,type:str] -gitea-runner-token: ENC[AES256_GCM,data:R/Tp+hboo5wxbVXYrwzo1fqs7lxYbERf/VaoweP65AsDLLDjXRe/cD+uI4mqHT4=,iv:R2eF/YewIExI6e51V6Q4O2OVu1e3pAcJbVx8AzV65gs=,tag:iMaYkLJCvepG+cDCpZswtw==,type:str] -home-assistant-ldap: ENC[AES256_GCM,data:xzvFCatCeiGvwPTA0ZcZAIoC1Ru8H7Jt1x5XZsZhWhz7t2zDhqMfNNCFHy1a+21eE4s8x8kwflBYl18ZaxqzgA==,iv:fCrV2CNBW1IIVdl8pNjora6BxO1QRA9+KHNESHw8CzU=,tag:JX5jOlLRbmv0vPANIKZcBQ==,type:str] -home-assistant-secrets.yaml: ENC[AES256_GCM,data:m3UnOEzKqZX92+X3f4OWG7GskkXqj+uvvwgv8qt6mzyh8LWKrebk/7IXKQW5KtBCFY0wM59ijSgVloV5PeIChfVuBXl2rclNOp04ZtBQEwtIVqTNYIcmOidOyV9qoJrRzm2ssKYQj7RJ3znFvfmX48OQ9EAvXEhYXXnISWT0kNLlIk5FPKF6j3LbU4B0ZcDqzVoB3J4MnTaKdke8Znv302sssu9/jpCLd1av4Z4RU1zoJJvFl0EDWHz/olHtHvU6O46C5bTJ53/r2abC0jQ0vyWXh4FnL9IfXuLJKPNxoHaicNH4Mqf21xrw+6Q4E9VvPRnvsGCLsz1BOxK+7wzA,iv:/hH3xtmjYHNjfCxhmJzqnLII+guxTJgvBlLnxKA5Fu0=,tag:oGzO+GQQ6CIHx9pu+wnkiA==,type:str] -moltbot-gateway-token: ENC[AES256_GCM,data:gG7J+b3/kyR7GPp4dJQTJfQ80SdTYGRqUmQ+L26B+ZrtbFDbztjtMThluYBfRlceajKWs/RWIvcQ4m3IJrcIDA==,iv:EE/7ApwIq+C4mz/f9SxXjedCJHHhMIO4LktxgKrTr+s=,tag:zXFxIwRigYepZZlGptvgkQ==,type:str] -piped-db-password: ENC[AES256_GCM,data:qHAYiTXMX4Vfv7gCm7NDCSDvj10IadYGJ6ZhL5ga/4PzM6dt7oWqVRGcEyU=,iv:w+Jlg2c1Scsfxis4kWdzuN1d/aQxvK7qqdg8Q6WRUGY=,tag:GwN6QwNYRGatEhSZVhz9cA==,type:str] -pushover-api-token: ENC[AES256_GCM,data:JzGXv7TXhs27/hwrgmltKuT2527eovwKKztpzYkJ,iv:jZg39tTa6gHrXrIy5FXtQ7XTafQ/F9vuXZcTBv5lMgQ=,tag:XDyPJWMDbkvNuVZ1FB3ulA==,type:str] -pushover-user-key: ENC[AES256_GCM,data:wPbwe2j13e9ZQn4NM+vnXSVFVBI2D9WXyTZnQtwX,iv:0hS1tdMsB4zOTCkBeaajwAZhJXvffQ2cCJC1/uKRgz4=,tag:sCeBkokGGBNbSsxZQ4faaw==,type:str] -wrwks_vpn_key: ENC[AES256_GCM,data:U9atAAPgRBmIm6m3M/LXbO5T1b8ahY9G3AXYBDX2T/Tb0mg15AWoWcH4Ods6HNX/N+sETUZUzd/8XIc/NthI7A==,iv:xk3RsHSDR0li9Wq8RmZXnl5AgrNF4AoW8ZYjwFWIuZs=,tag:I94sQd6hqRqrrDs3EKxoyg==,type:str] -wg_cloonar_key: ENC[AES256_GCM,data:Nh9/BvQTkblpJ/BHC8Yc4y0/ef3+n/eSQeFcvEkJ2gq//Hdae0WOUpyHCPQ=,iv:vOW2HakffYCEB67laaB1mtEfJlyPSai0JKg1+l6Y9Jo=,tag:FsY2e1S/lv41x2KIiBJrRA==,type:str] -wg_epicenter_works_key: ENC[AES256_GCM,data:QCj+X2w+BWIIgGYchkS0o4q3AMT04z2hU3mO+rRu8jL9592YcP8cYkJ8L9c=,iv:5I1le+n4R6qRqEVOh5Ix6ncfoJyV5ObCZYrAmzjQnzo=,tag:uXaH+ijQnGlb67szRLj4Jw==,type:str] -wg_epicenter_works_psk: ENC[AES256_GCM,data:YfKTdDpAy9BlGJg5fECudIQR+4h6Y61Fe0tTmlaDlYQeD4BL/lvqz1qjtpM=,iv:KjMzzMvPwP6RMiDxYX0GHVBIXA7R1ajUkPhkkKwUn5M=,tag:NYBbliJMZuP/Rpz7aVSbwg==,type:str] -wg_ghetto_at_key: ENC[AES256_GCM,data:QUW6RlK16l2YFrCXJp7WROI0M5v8WFVkeSGKhBbia+MmJvrVDnmgTrTEeyM=,iv:rWtbStohy/jqD1Y655m20J52pDW3vLT9UMmYlXocf3A=,tag:d/7C9VaLPe4s8XzROwRTEg==,type:str] -matrix-shared-secret: ENC[AES256_GCM,data:yuraE/GI71waIlFj+DKaiILqkt/N8YgQ0L9KgNOGcXhfrN/lDK0+pV70JCn0KLgIEPKfbGPl4C3084s67w==,iv:EK9XthRzDgA/IBqDZHd4wetjGJP+jg72xFccVCOvyMw=,tag:nwIVCrykM7YIg4INaqakDQ==,type:str] -phpldapadmin: ENC[AES256_GCM,data:4AMaNV6RO2HT6TUuN9R+tLcrY3v+Oa1N0cUaepWDxEpDwA4N0ZDg/yQyQT7QA/Z5P1Adz2eGdSISgNQR8wXplYUg8bHx2SpCLeG3JrF4QGSZl0EwQnxQtIlUVxHVXft4arFwHCt7FhDsbyRY0YFQPMzaH6I2RVNrdSKothW1A5dYH7kTRCuP3MTvrtZC9yGp/ko+sepwdar2EGha8E36A2rh8soR9jKciLmV+cal1U0FvxyWzH4fRY8YxCH+BUNI3pUJQX/de1xa/MOL+nqBi9Q8al3PjzhjWE6mWG/v4fP33yJgrC7ZWi+bzOCqCR6I27plWQK1PhQ2ZZ+sCtNu7lXS4ix7muh4,iv:X2QaqD6uPz8Fh2GMi3tPeJI0MvrFAPI4H6dSWWGCohM=,tag:xT/eCsWSMHZSdjAw4AdGKw==,type:str] -palworld: ENC[AES256_GCM,data:lpcGXcKxI+7hlZm4r2VsiMO/1c0ctoqfuvzTkqk0c5xjRRTiO5bXe/DtV0O9IFxnMQRnznG/jQsNGyvMBt0aMlylZrdfq56S43Y1a1iCpN2ZmfL9A3vd7L2X14pjG+MMphOPGhE2e9KpGImkEGEjOz/o8zIMmo2OZzA1nSBqcPQLZkwCza1GbyhLRAKNwNRttYlXDL3zBLljRQeDF9wOh0WYXuo04WLDw1GuSnpdVBI/UvBsWAc5wnZLpjqxAMKruNdLKvEURV89kWVvJIiOmJT5pFERL+Xb70vcu0Bv6oygcll4qOUKnQ2Qz3wk6l5HFNOdRJKycsHrUQXrLKA1isZnjS2dFt+dmd4JNZyH0kraC2A9OohGOVoAR5Bsjq0ZIlVSxv1lR0GFRz9oP246KUrf4u00toTfT0l7Alz8zW5IuY5j+zzd8WobynFo23LHxXBg91cYOtTRkpio/tMykVR5xQgz63uNuZDLn1hPsAiEKYqFZaXL+E2w1D++QqeHgpM4EioyrWTrAgRZe4p+rAQLLkaR6lYG181TqV5/mi4U12Tk756ahlMWEzUbakW77lM6hFjOYnsJ96JInSahVEKL0k68CxcjEu+MDgJyl7sRvKuFA2UC4j1w7uPEXMfHtEkmyleoc5GXHMfnBA3rV3t+g/CgDE+3o8fVgWM+Q4niE5LRYPoX12IwLY7bJhXJguQ8Kcchccphe4ohXg==,iv:bd9u0B7UD3FrMvz/0/+O/t/Wk1eXKL+7a2J9RcQCa8I=,tag:w/KGmAxhqj0QDh+UkDSFOQ==,type:str] -ark: ENC[AES256_GCM,data:bEZaEqhSERRTv/+SMRYAPgnEo8JgJ84gZnLqsgxFI7RkivBVNMtPUy6lrA9rHPLhyBFMXpBZW6TB9olAHJLu7rUrC/4jeo2hNJuH3PmVQ7l666eM4JzCZ09XYjJnUs87OkAtwRzcVeMmDKd59d5hSn95jxMsk9DXp1jyeqVfBQuzgE8G2A5s5qT76xTH5GIojbJ3wvkJJjoJ7l8E4qaupf/mWs2YE3khtBPdsFSoiWDONRFC/UVUFVAlxOhYKNodwLsAx7bTO/PVDvim,iv:/j1wzEU4ZD8auJ0rggejE1gQWMgJHVDqZqSY9XBS43U=,tag:mnbnoOfCh1coi3D1sytCQg==,type:str] -firefox-sync: ENC[AES256_GCM,data:+qZ6hgRpn1SILtrESmHpENXWHOmWn98DycrTSg9EfhHzVUdC0+jllQFOCcsduv4IZQ4RTuglz+PkOseh7Nac60qkiZW6Sqveg+f+M39NdVaft18ltAKiXF19+SweHz1KL9fG8hsjsHGyAGfSW+gmn0O6kEUtth4Ck/VBExg04sdXAWOVxIDN/yVKASpCfFU=,iv:6i9hjTRd91tv9kyZ4RAY88KWGTRZ9kU7vF5OAqu+Ubw=,tag:3lDN4iX6lJleQiQ7C8/Qrw==,type:str] -knot-tsig-key: ENC[AES256_GCM,data:7wR41trxv5WYK+5nr38ZB/xkoCQOuxNBqLYCZYVuj2fDiwlEqHNZIe4B4Bw=,iv:Cptzoc78Il6jrdr6By1HR6kI7uEilzhmow2HZBk7dTw=,tag:SW2+F/k+oFErU2olpJvQig==,type:str] -mopidy-spotify: ENC[AES256_GCM,data:lyOOOvu2FxQ3MhH/g6Ms5oP41XwClF/heYAvUFa1R22bUB847q3zP20+RUR/0nMCpEUXst9/kZj4oFE5jE4ze3vIIyWmCV4hmiNDrYg9E2/oBgJWjylsp3ocX+XjVtCovPMoqJ0VE9ZCZ2KaqIhVi9DC8DN35USH,iv:nTGyBAfiDcd2AH2tzTMu5qXs51PR2h38/I7HpJaZNVk=,tag:I7SbLbyf37a3tuaGC1nUTg==,type:str] -lms-spotify: ENC[AES256_GCM,data:6qjXjIKq4sALiwN5vFRSMj7ETquvida7iCldFfMbaqPdSPi1QyGD47r6+Gq5vf7GJD0TSHOCcLMm7Kxq6xVkfcrMDxN63BZDkUeU/ZNbdcMn1ZpcW9+ZCkmb5KWR0ScezzbHPHDFnvZ7EnTnVqLpbJJHz2w4xb5I33xAjhDOUSARHTIIVSavwplOk4DkJVOeQPOR3P2cwhG8bpEH2ISRoqF8tkGncTXDX+mdg8fxxAi/TVzFA6zGzDpAxFZW2W22Zp/+M0OVnQ==,iv:YKwglsAJydgDIDkLETXaKS5So/g8pE3/+lFeMdsBiRc=,tag:Gsqxcv2IjqSOiPT4lFe+5A==,type:str] +ai-mailer-imap-password: ENC[AES256_GCM,data:gLSr5s/9YGd8DOD23k/MGZU58Q==,iv:ELdtCuD7Geofd9ElapMVX4UZ0gZgTtVvJpaDmY2NUq0=,tag:g4/ENc7/0PyUvY4VSg+mqQ==,type:str] +ai-mailer-openrouter-key: ENC[AES256_GCM,data:2y9JyDBYzo9Tcx+t8rrr/TleS9Lq2D6jOVSCnm99DBMauJ1QlfLIJ4zXpX0gebxGb8BPA0jBYnJdNQxHfjvYJVmnG7+qIw7zCA==,iv:ytkagoqtrT9kGqUFo6xrXNJp4LKSO6UNGjWZemCg2A4=,tag:0OoSoYchvMUYNUi1MclWOQ==,type:str] +borg-passphrase: ENC[AES256_GCM,data:ajkDfsz1sLcxcM5VEsU8z8opB4qLXZr6BdOc5IxX4OKb/8cckd341+mXk431IWuN6bLpd1XmINimLRLin9bnb6y29L0=,iv:w8VsAJrbkBLIjR8o5L3L1l6xgsLEa1cdyEAVqfCE8y0=,tag:PvhBSrp4n9oyqskekEDBQA==,type:str] +borg-ssh-key: ENC[AES256_GCM,data:V+jg1s8E55AVRYcz+tMACmr5KszQRjvKXFBmnJPzzhRcSaes/WvtkY6gm+wvoDwMSVb97eMFwQ1GWiK5+kZ3eEN9kVYZweZde757+Pdd4wBy/sfGQ8OUpHG9mBM45g9tftLb8l7lHSkEk49GGQiot5seorAz5z+sa8pwkOaltdtBxcqqhkuvrDZRQO0tv+5zGZ+PWx2dMZThDnR1s+Tuum6bMI+5Aoat/MsQT53LprpFbwS5NYNg5fzQACoRam504dtCWqS8+mwITDJaR7LFqjZGMAmfARC2L8pIDWrt1XrsPx47/MHzBA1+h62CilczsTcpXex5vKB1TyPUKAWfIiF6/NtRBWIMSSDMlZlq0WABcs1CxNe6e/mISoQpKkH5YX8jQUC4t2nwE7WECYmllubsp8fxFCMs9yFWQ8915I54OutOkFQd8/eq0Hu2o/+jTTfelnjbxDXdPdHdMKGhJKvb2Nqs3B1oiga6SIeXJ5nDm9/K/0NQ6yjnysqBUZM10hK0Ii8oH7guMKScUrNcGgtLNMgMR4REA/zhv1hmed/86N2GZsUIpfri3aly62RmlN33ZQdKGk30KcMDikm1zDWGbH3dyhOgDfzVYTXIp+Xq+3qD00LH5F/dptad9/kCdh+shDTt5yTQdyi5zOfl4k5LGcxhP7BStsIhitVA49LL9uVkgnm2DBeUO1C29oIrSBIDIgACU6Jq/oDbqeltJqsoWmYZ1roEJXq4dFJ7P9e2UcDL06y7+HBBhHHnGC7gNZhV3uO8w/GH+tuasyeHbGSEyg9YG23Z9dkJ9azLtVUCROv4/8/4cSerlCWtIQkZ+GURW1zfWTFX3t8f1LebSeMLvyWmoglFhAk5TpNPW6ShSUqRX2yr3yUyP77pTU2EYHp4g7pztb5LpJh8VlB1PR7XQS4zcMsKJdu0yfYAh4/sJoLS7f9gJvdC3Urr2YkF2LAtFRivNY+Tlyb3rSZvh/vEl8aGWtSfjeByAR9e07riMwdpoWxLGRAha/omKW/UuFKBiUAj5A/JFNRgb5UkcOlA7O4ft5P67217mtx33QsADZSNcyuLyN9Gu/JCIV74isgWm4pZdBKi/7H2EviO9hL57MXcHdZcObqZnl0EprZYvS3lqdeXHthUQgFu/qU0QprKDgYOpF+FGZ4y9AK02WQePMiaK+JuVe1Wp4kl9U/HGTdN9o6s/JBKMaFP4f6kvw/OTV5BGG8bypntYc4eUMnTumBiDF/vUdSsAHimpqe9S1s+vnX2GQgj0eshm/LKmbqMJMRAcxKLjoSmYEhWoeQv6+G6tKND6TjZc9HF6yjfvWnk5iV+G1/4qce3Rbnu0TxPTC4kZPiSi3Yp7OU97oH1MVYw9iMIlrA9BaB6sYDtoLWd34GgPlOVVZAwb1hqQE7OZ0vQn8umjFZPbCA4A1rzgjaRmcUOTY+wpIAcaRr2FaLMRjZPzBizav4Lf/uKXRUniFsBZr3kReiaWGYDcR3HrvNQVJTxJJyWC/jSAPz/9JKvLbZQYkX2vDGfSOYLcFaYxNpgyEN0epeJRIDRUpmugYw/Or3j2BjIW+YqAN3uwW7UuxZHcpN0bJuuqHf2mjr5kBvrTzwHwaRDj2mATKQjisqHUY6jbf0L+AmaTOk7e2Dr/dUREr1LMBYX7bxXGRCN5a1bFxM9D89fWFuZNqgJ8DmY/lDF3yLgaCXGEuFgQw+HrY2uSBRJ0FfxvKvChPTCBSUHwAtABtD/v3Kx5N9DPN8ocZnJtO8bQeokWJBtaxhre9b+TawmVJsVURG/3ImZCOtY07hU0jRF+sxjNfG4xJLHnfoeF0CiK1JuoDKg7Ej2EBZgRB4XB2VJN2or12ozvxj1EuCDjoAtUmVKog/6JUxje5atCKaDmj6pkAq7N6XRUUUbZvPHj87osBYLkch3YzUBM/IgDKLDV/eowfbCueajI8dk0pGRio5zBIjrW5dHCCk2byswFehC+f+SGJJ+bdi0eB4jCjswAE6x+TiGVohq9XLxWW+EHJQh0ZezO4Q6BI7qAxmuXcFwPa8B27xIEqKMmJScKBH6Hv66zQkLgyDTkoWpv/xxyaLoKAU7uW4hJa1pfRZH9OUpZbfI+7u42mRMPv6erMuZngKTtTtRCV8RpXKaKiFVAdd6hVc0Rgdje9D8WW1rkn7C3JfSR9WhNOPajIMg5gwRKZBUCvGCHYp/RsZiwOzdjKNlzPjSi1oDEmf4LtkyaZdFrqIHdgvGoaIcFi4AlXWaCpBHmbty8aTyl1CWFlLYnMslXHoaXVnVimBL28LVxV8rQfzig7TJI5GVD70rgMZnlLWgBKOMjJNR7w60JkVcsBlplYPibj7FxD8p+F2Ywou1UgrhLrberdJfgOk8TQwLPKhyZHzcHS82o97A2bp9jpvpV0XsOfhSvLkdEFWvn5FePSWhxDvO81M0V/J84OBVJowQ6NVGiECKlUkx0wiXrbMPscxaww1DDiVwvGjl7mzGvmhCeoKtcNihLst5h5ng7LIKriUpdImj9QSHC39IYgxqBSAuoHrdQs25Mxd5jKbLJF3OIotxDe6Vtw0DtwHxJySD2I4neAeUVfP/UkQ+pWYY5afGgWymBcOhK6tOStV7MN61bSFJ7t9c+oITfcsvQSJ3IGBSCf50nO5am+aLtJgx81PKv54PqWywZsALElC+IhebVtc/LNDCgAXdfZPY+TFDA+q+c0XHbEZKRihwTn5hGVqPQv8N7sPI+Gzc/garIxGUB207n3rjsGdtufy0w1LCn/hGJCzKglNg9SymDstymKHNH0Jp67dPWIJ4oWdQ3cKpNJklAzFN2J12TkVRFljut8Lr4O7uWYHNtbDLZxvl7vgMoETsQeRigzI7YvsVb75ismfIjRZ4wU1XPDSKonAOYmBzeQ8CfXrweaQGSH1bHP4B43oNh9bGZEySHlcHxjl4yabsqsIMhYN7JiemUetAnXjluhlSUD2Uf9QD0jjzYBpcBJ2pMqH010VM+BxmV+86HjOcMFCOkdQ3CjD9BBXbHbdH9MiPdx5+CZ5hX0ybont55L2ElI4Ue/sIT9jU3Z3rG+P7wCSzAATpqNzyOJdYIlK/fb6ivdwh++CtI7snAqbo5HTOXoMQ9mFMkAnJuZFCMAJEL08s+rGq3HOEH8B9fu4frAI0lExlRAv0bTdyb0CvyCIN8HAhKT26G83rUHhhlaxutgPW93/qeS9TC/QWgGOFJ/5dyDzHBupTh3Vex5Nu22lP5pSAbUoDBjCXjlZSdq7qIXVAsMon9NiXbPrNWoboLoc9XlzQM9gRDqWSn5QUFRUdqg07jFgSUf/heOV934Bez7RTL6L2rXh7rbHXZWTe4p70Q68zo7mUQDuQBO1y/Jx2l8rfUND9Gt1wnGUAZO9tgL6oqn4to9bp0o4dO1jWefdNHh/KbZckRuTtbEddPasBs0xc9MCu/C20ceAtREnDRNu41YtgSw==,iv:XOQg3GqMhWAWJdLgcw6wLi/Jw0KZp4YpuoY5MhzizoU=,tag:2AHG2lyRClCa96qBZM9MLA==,type:str] +ddclient: ENC[AES256_GCM,data:bB0gOu82+124M8d+AcTrhnaexZn3IRx18OM7JkdXpdo=,iv:o7pI+mMlD11TVK7dpf1pIKLWZjFoJE0BUW+FWB1CNkk=,tag:2eiyrhFAfCRwh8kx+ox6VA==,type:str] +filebot-license: ENC[AES256_GCM,data:twfY90M2Qq4T0B2yXwFw1hW94JIjCsgXDtXw+sjJxxCwn3t3A7cil64jJ4cjSFHf7gnT6/ijgGVBh70+DzurSI5F5XhIg9vpl+NtNvbvNRwVfO+tvBgFsDpmhZ4iAY+9b4uJFSF3BRHF6cNfK7imRkQCrNLBxxrRKdL3TWqWrSyz8k8OCs9oVHXUTLv1qkdcOn8R0a3c9CM+u1/FA3d7wFVAhdgj8T7mubbBAtv4CJFrU9Qm0KZSx1PpRFrwjHTIzLL1on40SExhQLrKMzQs/Abv2+p6QeSAMWRFc7RKuWOyQUF+Cti+a7q63DZn/IlOUeDvdnjzqtv6xTdh2jcBb7zujXgkkBOvo9PosF4hYL5LMpl5IKKz67lVplo9CHiDOWDdjgfel331ItVJrPnwQFpv0EanzjyWC98/WVjOrLqAK+zXsayDrVpYOGGAiCmBe5ucJSy7xQV/z1qMQxVDqw+zt6e2HLz4zfMBWLTzxtOjX/eLSk/omcrpPx+wDWjXBjFJtcLHvTtdq3nU8i/a7XFCKsywu9UkyShqaYj0zS3+pg4GkolcpohH9c/fQTX1HFOdRXFgMoRd5pgvhHE3aAGXr83d+Euvdo/NuKnQWbU6XYWeOwJLRevayoACd8luIAB/gm+1lTJux0Vjxj6VEbDxJEXIqL7C9tDF2ikfYcrMytCrA/ZcBRJujIBLoOpCTiFhbHjT6F03T6Np49qOxYRIHSA/GaZzGHhBpb7srZVsSi5qhTfOl+EiiShsgmZjhse0lXoyNWBllo5Dy3E9vB26d2QL0lEI30kqrO4XdgaLtZuCC4lWP/RxHXbYSah1xm5K3T8z454mGBRHJqMHrCMEhuk1NHdX07xLbVeGM8qnfX9y519hzQEPSf6Cmz0=,iv:wWL5EcM25VSjsAB79FO5lv+8/q5JBYd34dhIyyjJiuY=,tag:MyaQAWslwW3caXE/XiRdNw==,type:str] +forgejo-mailer-password: ENC[AES256_GCM,data:anUrMCIKbWCqNSN5HJKjMaqhlXVT+QsKfi1YdW4sDKACzL9LpMbdT4cThr779QDSvGFhbRuTysEs0jEQjDUdam00,iv:pBlGfyuPbKzp+QXHlR3eZpvy6Uhcj5rM3T1rx47P+us=,tag:lCcNRj7xo90kx0dknRU4Vw==,type:str] +forgejo-runner-token: ENC[AES256_GCM,data:HPn7kdxG570G0R74oT8IhGb+ZgIOgiqzio+GAPBXuO1Enq5ygm9xsFPeY+m7kBM=,iv:Sc9oRZctOAe9JEAy+JotKFFErMA3J0lc+0S6N1W+MGo=,tag:PY8G6SasJgpZUP25CP1r1g==,type:str] +gitea-mailer-password: ENC[AES256_GCM,data:ahsBBVjmUse9VrZOGQ++3C4WVOkFHJdTPYg3b3PGowdHheZkoSe2uEeKmnflDPHGD+lMtFoLAES18pIv8G2/tDAr,iv:QADR4/YZ4ikJskcHwfqiGvnCKB7WG4VTDtJkVuNaho0=,tag:E8WSmvw6IwLa6CxaVu9GhA==,type:str] +gitea-runner: ENC[AES256_GCM,data:eoGF7AlQqGWUQT1mtbgGFhloDd8WJp9qcc6XNohWz4oLS3Y3hdx2hcBL6VnF/vgtXZOHLZ9Bib3JFEzViYDf1p1gouvcfsK/4hKNfsoe5rswKvPRb3m4jDJnuOUf8JCFoh5XYBjCH6X9EG7WHtWTzYprRJ9EzMLwIHUyGULT2BmfLNHkEBDkfPffp5Rh2Kc/d2VpGM/qBDkDb6eDskiXC0UeOHfPyIyDsORD9bWx+1YYiUu1S7fpLD5nlN0JW3eaw683yvczNsgSoR1DWl5/6/I=,iv:UtRDVC1TATS2I0wWXHfOrfgFTJpML9TS9AN2sXGqtPA=,tag:XhDdZl66RRvxGNWYK8iQTg==,type:str] +gitea-runner-token: ENC[AES256_GCM,data:7z3aE/HNuZ0H8wsc/cy5ZiX0cBjtEUYPU7vabkh9AXgOBd0Gfv+bCyrCzvN8MyI=,iv:VYfJw/g2R5Unok+e9/wJjHS4gYNmbF+yxoRzyHsm8iU=,tag:mLwUu1GSWcq7vzc9PEJKWQ==,type:str] +home-assistant-ldap: ENC[AES256_GCM,data:P+yqFcbfqQvgzNj3wu488HgTUFd7bE35cQCpe2nWUQ1SqsXVT4+Q8i+WlnpWaxLAP0QlWQqKBzqUJiU3/k9PWA==,iv:VjlAXLAs134gopU4oaKaPoHfTKoEK5SUlD+IuMw+3hQ=,tag:G0RFhr4AOXbhCSJPJA35Kg==,type:str] +home-assistant-secrets.yaml: ENC[AES256_GCM,data:naM/fFaLtlRWEkVaCkfUa1RvdYK/pJl3mREGSI3QA+3vqOGRj46yTDdTvBhcdi6hKRatJr9HJMj229gyJSneUUFIb1cz+rPyrXnIxBMl9fsjQfBF8s7YoZy1UJxO8TIrdBkgKPKg+olk8aoR2jkafEwix96g8JR8C3nqJF86JT+LgJ4jeoPDBLUG3Ae01fRNkhKWbo1JK3RCp61m/cR6Mp9H+EbgO1bQ9puRCAXESabEwF/TgcQQuv56h9v1glU9kqfe602zOzyUxuUOo1VB9+lRCiAV462vtZ99kKxIvRbNWd4PQ0xoPI5j7mTkXIpxZSUkrIsXdrbZuAYvHERD,iv:KycHSWt6nXdf9MoRf7cNWJgQ3e3JYK6gbJhSnHu3/2Q=,tag:QmiYIF1FYjDa3I86KB9oMA==,type:str] +moltbot-gateway-token: ENC[AES256_GCM,data:TIw7yqHbyNLdka0PHCrX1UNgK+PYj13sjJY9QoyMVIuMvFhFh1Fg9I8vTqD5/AWCypkcmmQullx3t/rOU/NI3Q==,iv:fkZn4u81Q+ZdEBM8l4YVhDVpAqdLEMFXRQMuZ3mdeC0=,tag:/ZFOiNCvI1holTkOtvgF9Q==,type:str] +piped-db-password: ENC[AES256_GCM,data:JM1ZyHOhYDo+fgiVRrYB+iF6ITL+hSpVY+h/xVH+aP85HEoaF+Ryo3iFxpk=,iv:iM67fueJ1ebGF79Mj/6YH8mEDc6uz0uTUGsKF43xhAI=,tag:oPBws8hO0fmS+o859RdsMQ==,type:str] +pushover-api-token: ENC[AES256_GCM,data:EBdqKj3ac/H9vYWdMWBKuRo18ucuAZHXEiS2LNLW,iv:vIx2/15QgfT14GcYFVdUcsNEk3On5nZ8jbqeP5fFwG8=,tag:sR+j0iqjbMPaFePWVRID4g==,type:str] +pushover-user-key: ENC[AES256_GCM,data:/dKxdB/eM0MtNSVcr4NYGv7tw1Cvkge8p/HcWv/+,iv:RzLuLyg+2KSGH9UW2495KeKEyiTo5OzMWtlZhgg48uw=,tag:2q7rAvy8bWyLPLNONmagig==,type:str] +wrwks_vpn_key: ENC[AES256_GCM,data:8LmRG8yVFfMTwgRnT5dQg5H0b5Yaz/fM15l4TsaVaEQ0PZsSHY2PvVacv+6iZdDZOeyVZfslg+12dCD5OicN3g==,iv:QGRs/d8HK77PwJRpGFu+7ciX7sqs8ZV+3KEh2BlHZ/M=,tag:EwebFPtI4TfAR7b9ps7vJw==,type:str] +wg_cloonar_key: ENC[AES256_GCM,data:9FgI8sAGXgn680jhzUvWY1IsmcuGfk2lPalE5xWN7iFi2KnSbj6inawwJmQ=,iv:qahuBL2U2ncS4SPUPYNJ4Eqaq4hc2zkgVAiyF7+0jVM=,tag:Ony3Fd1F08Dxy3fTGmp2sA==,type:str] +wg_epicenter_works_key: ENC[AES256_GCM,data:2gtqs64Zzz3Uy7RPWHszideTtzooA3YMaw4+WfmTxBbQNKREaeySV2+Vdls=,iv:sE0CRkgz7FCiH3cWg3ozzgjEMjQ1PxSm06wFKqqi/DY=,tag:DkgJISsUh0v2yIGZFVcQzA==,type:str] +wg_epicenter_works_psk: ENC[AES256_GCM,data:gl/6kg+QT+y3InIcx6OcVlEckhyKYzDvCFbc62CjFTLq7pCDuNbAMSpLJFA=,iv:0QuR2twfIMuyhT11tblvZ7A6BHqBJzZcx4IprTVlqw0=,tag:oJlLXnsy8w1Dcbs81MGsjA==,type:str] +wg_ghetto_at_key: ENC[AES256_GCM,data:mpKsGzoWz8U/v/aZdN+z/U4z9kzlSo6IRK81yEkGjrOqhc4IHEuYe6U6I1s=,iv:qityQlwmZMo+Dst48hGhegN04cpMwyB0soeWRiZiVZI=,tag:uBtl/jdXF7BihNfIYlqJ5w==,type:str] +matrix-shared-secret: ENC[AES256_GCM,data:IyeA3VvLhgGzEpTrQC85MlK5ngrPMvw/GmQhk9mWQ58NJsC942t8LcQO4AGMQBtrq17eLv6Ke2rOuoxlRA==,iv:zLKhiv01ViSH8dN9j3XJA520KdgBFQWO1bo/cuJVDuM=,tag:fiQ4NWhr+TtNN+AbGAtjxg==,type:str] +phpldapadmin: ENC[AES256_GCM,data:Xv7G0iCfuPG7rXWfddgLV2Ztftwh1/lCY1KU+hGJDSGxbXKMkjThS9HL8+2BkOwHr46YVp0JHtxEcK4dxOQ/QTCF0xU6eo92dneXJ8ZyPe4UVWX+3x26vp1iOEpaDqL5n55FqKX0vJHffJBUS0mBu403fkJS463Mgyd8i9GPYBGZrGiiiApj49DUqA4bKdnxZMfOvY1SLk5wLfoY10uUuWlG/hwKrp3y5EkyQdUuD43kyDUMG0Zcka5ovz9TFGCQqGERWWnasOlduYTlR057h3w6TKi/I4wupbp2IHu+hyvrRtkM2/EcVPXpvWgEE/i+EFto3ku/Go+L5yjahJoJEhog0oIsZOg3,iv:26JI37tNe85LM88gg/AOoTqmSPjXD4hXbePwSJQrqWw=,tag:pFwr+73n5s/cGFwNnBlLsg==,type:str] +palworld: ENC[AES256_GCM,data:ihtdcEXcqiSr2RqsYreg9HlYB9SVkPdNTDThZTU390Lxu8SfNkbruYmYAALo8H8N2nMX83FAyuLGQ0OHlN0qSPzroK8QVUF2oI+JAcyjMnKB/gqhLMMgr9UN+72X2/3K2OwH+rY873uiBVAVbTBtfOJzDGDCgINERSjVtyw00n1Wxzlz7JWti80b8Hdilpg6LZj7VshAZf19s0VWljxz/drGBHCetWLn9dCop5Q00Hqd7dC4rn+efVelL0M7OT8KiGfYyoUL5cQhGb4ihYXa5+QuvIazm6C5hoQn0Ou7PFQGitB13gziwTu/OXkZeNLm4+xuayr52G3Min3HwzEtiGVP0DtYJmx+ONUOal/scZXuhkC1fjtkIdSQZi3L78CKvvkxQz6VGXi2gWxeZ63fvxGEitiEhE4JG1XwERDQQup1OneKIeelNqiQKSaYmQe3nJjn8lrFW+TKoj2hgFHw9u2xH4Qad2HcsJPiz8w2MdwBVj5H88vBSBWGUWyi6D2cxC7uaJ+qEINzjkWodgdUfD+OyPrRqQcuB6geRgadYpmpr+fqH4sIbYg31GfUgXtEfCxm9muAywMzhhmEq4173F2JNTYHGJG+R+2CoMpw9nJSidQJNaSJnZRPpNlShmBbgPt2rvqrFVXeKpaIpk4OjT57U+vlV6OzP0x8CnYe77cspCntm5VcP5lzqTJ+Xn4AZWY8gPolQM87VZ+oOQ==,iv:7M4FSofk3eYlLKuVIdxL49g4bwTF4ju8omO0PLMnZVw=,tag:5E9q+as6oLdF++dapuG6TA==,type:str] +ark: ENC[AES256_GCM,data:M3ztO6/LUCD6Zik+g1SuKf+2ne4ZSDaaD0R/kWX+qwHJZ8Scfzku63a8qAfytfICQ/XhTEF+f6s5pxTkiN1mgPMfdIda73d+Rv2yeVTkdgsamY9kTrTx9v3wZHiNyUvQM+IjNUje2CsF4iivMzyJhIF0112qYH7bMuvbKydHO5EQw4WPBonIXfLC1vd5wqAXWgyuQmvHTwHLgTQXSLiKbP/MhoBrpuzQtNM479VjMNVy5FpCf8+hl9ffj9MEcsORCB/hbG7HT7tdkP4w,iv:EU0ofqpq6qDCgwc9wrI32o1f20bhIASVcymYSuUMy2I=,tag:tvtVedgFpyosA/kMsxIGGw==,type:str] +firefox-sync: ENC[AES256_GCM,data:ctJxQDELOxkXJAJusvwGT70jShSr2o+xtAFvX9EuWe5DxfXrXeUVdHo1tELp8kofPMnYq1dMGDvj0iBNzK6MPQ75jeehZSO+RVyeRQopEmIJUOOFKR/goCeP0gcTOkuKmyr1p01OBjUTIp1UWvcsY6QC0ZHjF602WsmEZ+KeWw3uBnR18+7dA5tAkvoy1O4=,iv:/eVCI11oCbRxuhQpX3BEgwJCaoPHPTBE0s1XgVT1rHE=,tag:USu3y/CGQlliVJzeloCtQQ==,type:str] +knot-tsig-key: ENC[AES256_GCM,data:JXz7YJGgxoEJV9KiaaaiDgE50cVcZhOyXmknOxpV4zdgximUrM+TsNXmd9k=,iv:hhOThVcAMWTwp0bqC+7JMDS6O1iZzpE50AxvDB0sy2c=,tag:IAdZlLxgNjACBZxKXCrh/A==,type:str] +mopidy-spotify: ENC[AES256_GCM,data:/InQ6bFDZMyP2Np6f8zOh/Ssdgr27tcrwaOZhodR7Gagau2RQCJ8QHYK42x8P/3TEDXLbR2umySv48cOa/XtI8CTQaPAttfw++11QLIaXGfiiKgw4NyjNAAnhB+qlvXBDaLrGyk2PuDcPBkXm1x87hh3Rtou0Wa/,iv:35drh5LsdQLhd3v5VfK1IeVOeTRM29PdZSY/dH9b7ZI=,tag:lqkiE1rUlUq3Ym5sl5Nsog==,type:str] +lms-spotify: ENC[AES256_GCM,data:7yiuiZc6/65ppPjzK5ngt6DOvFtnD0HRgKca+TfsZ8rI0CaNywVZceW1lA0v6l9a4FJaOcMegNIs+2cNa7BkVpia53uFRL0ikHTDyI0nB9XLIhmbnzlbGSJ26MMeczJNS3J6rEX758BcEXme9pAvEmSWUga/GTlRcjfuFkvbToEpbVe6oEhthtnf0kucH2Yr/7ETUOMJLaUfb8NhvUUt6+BOb4zy52cXRBmB+IWo1qM4djx4L15ESP7MAo7iah83lktyyJgn5g==,iv:Y0mWmoW5xxlKDEjX7NIFG36AhTfO8Yuz9nqwwvK/s9E=,tag:pQl6V3q/DojdqmJuMZBJHA==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VldwWkptbUZwYytBTlV1 - UHhjRWI5YVR6MDFFSDZpN05mbHc3ejZNVXpZClNTVXFSWWw4YVFSSzdBenZYYlU2 - Q3BSSVJmeEdIYzZiR2VYL0h1dlJNYU0KLS0tIE5CQ2V5NlpxQ09LS2tQWm9ya3Vq - VGkra1F1N1gvLzQwNlJNbVRsUnYxS0UKXdEvFAtZ3Zfy07H5738ZiYnrMhYhf5zb - ljHthFghcYloaF3LgjTN7W0AdfVK0//4tPzwBxyThDRLJqKE95HMig== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRjRJU3ZXYk1wbndIRTRV + WmNTY1BxdTdtMThwbnNNYmVwdlBVV21UeEhZCjFpY0VMWjZSdlFWNjFkVjNrcXVY + NGIyR1QwOWYvbzA0bjBGdVljYURJUVUKLS0tIG0valMrZm5GLzVHL1ZFWFR6WEE4 + SFZidDhhTGRWZ3N1OVRIck0zdU44enMKcvt5966NSlt6heJmmOk0BRHOZnimLzi+ + EPD1lnQH/Pq56Bcb+aFY4qymUwWov3TbshVBhh7CTiNtF8OSkgoEsw== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTXdXM095YWw1OXFuWXdP - OE52cUZBcnNLaGlqd2w3YVNiZG5NWm9DT1I4ClRyRzNsUThZelVHWVl2ZENhbENw - YmhPUzRWZ3JZQXgwYzFPQ2hGZzMrNlEKLS0tIGkzdzZzOGgrM0pJNmZrTmZ4ZjBT - MDh6UURpRGs0d00weEhUNytoUkNGYncKazrUNHQpzYIlAWK+ZRFiPVKS9/IunxUI - IsfSAsnH1xt2z6gBvbzjyZXu5f0dkvU8Vpd5+V9CAP9TthA3R+7Jkw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBNSthOTgzZUhCVjBVb0tn + RnM4TWRPZmFvdzNMVUJuanlXdDZIMnpkMng0ClRrdHRNblNQQTRSdkZ0dzFWQW83 + azA2UkdqOFFxTDdTOGJEdXhXWkZQSWMKLS0tIGdyRndDOXd3MnI4cDAyRmQvZElW + Y25yZXdwQXJ4a1NGbzFlVi9oMWJOYVkKjMFhePSmIyDjjzn9y5wJN2yEx+88KGhM + W2W3iUGBjLOhnsUdNzDtrc5mDM+OH6jckvAz3UQpAUBtEaf+TUv3VA== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTGhkMlh0aGIrandzUzJC - dVI3RTB4VmhUc1JSUFBxdmVrK3ZVTmZNdWpnCjhmWkFhV09qY0k2ejF5eDl0YXp0 - aU1zY0M5c3ZEZENBc1I4ajUrNmQrRkUKLS0tIGViMERSWG9IMVNVNUg0VE1YaVFG - YzROSlZyTEtCMmlpS0NuZk5xT01EaEkK++DwKWHm+k9iZlK+oPzZKfHg7r+nbbO6 - xt9F7Xp0KzYaVzBxPuqi8c7vYpiIZaKUYXgS5NpV4oLRgGuOBzib5Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBib3l5NVZMMWlVbEc1Y29N + THBXTmt6YVpnMG4xVjVNb3BJampuUVJoY3dnCnRMNk5wQnJzcWVLS0IyUk9ta2cv + U3dVWVJ1Tm1US2pROHphOGlidmxUK1kKLS0tIGtFdUpWdm9KMTVLS0tUdjBMZDlY + Vzl6QVE3azNtQm5IblVnMnBadkVCcFEKSbU+++fmAfh5oXPnjHbXK9XYDoLbtn9Z + qREcR1NZjTliJd5jJ8sgMMxDKo6+ml6nOsRLqyCqITllJpgFzSLe5A== -----END AGE ENCRYPTED FILE----- - recipient: age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcTVMWFBUSDZxQlhtamNt - WjhXYUNDVHFKcHJlV0VzUHNOWHd4TVR6TEN3ClVrMVBGb3ZUT3ZxZGFxMnkvd2dR - SDRCZHFlVWs3M0ZLbDJsQTAwV2JFUU0KLS0tIEZHblZsNmtvWGZtcHhYQk92dTFh - aEN1YXdpQTFRSElKb05IbVpTaW9VVlUKklD9VliJTRZMk8u8r5suw7IUeVwVXLSq - zm4SIUE/C8RPb23ev7gh3IG9J95pRplEwCRwKzib5/Hqz/SqNhUVHw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YzIxSkEvUHdlL0FYcDhm + OTlTR0ExNVRPZzVTdlhFUWZ3YS9ncm1ObWw0CkQwWGZyRG5iN2FHNk9lVnpvUlFt + eTJKbzJYbXBuSjZwTitrRWtERnJyWHcKLS0tIDRZZU8rTUxCQnI3QkVhZ0h6WC9y + U1BDd1V3M1VnK0dqamVndGdVUysvbDAKPipxKNbjkE5VugEvKxt5If1iFules5ul + WLH7rH8M7R4uTOufBomXAqx3vMxxaCqUQlfbqhUkN7AT8vDPt5gqFg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-29T22:47:30Z" - mac: ENC[AES256_GCM,data:6iN/OVgm59aum4xUfJofyQP8xVNyEZB1TMT319xEIqwPdE7Rx2MCkfIWfV+bEYgo5iyIFkMzFjPeJO5he35l+0fOxGd5zQlpHEre0RxGnIJX+MEEZlY+qGSQj6omsAfJdr8chBbdHzFjpnr+cCvpa7UaPX/5PKAPnFoVLIKZdww=,iv:qTupVIZoIkDNz5Mi3HWMyArLU+qhwCUSQrp1je+YxuY=,tag:1LWru+2qdt2W3AS4wGHU6w==,type:str] + lastmodified: "2026-01-31T13:59:03Z" + mac: ENC[AES256_GCM,data:Nr7KPjlCuzWE4aAZj1MqD8Nm5TsC5FZWBpc9qQJMUOGjQMHYqwZU0fttRcY5Ik6MIH7+f+lPxHyRqqoy9ufYOqtAs5+fTDIgTGpYsBqN/MYqFLtwqAqOKoM3M+q0V8zmIotA13MQR8UxCF4WXCg37vwWKFKbNXlilpGOMOr1lHA=,iv:cjtfFHhqelIeNM7Xh6HIOJuQB2QzFp/vw8LcZujo6c0=,tag:Kb78AF9dswbO/MqjHDoQRg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From cabf453a5dab0ad8fe3c0ddfb5bec6cefce1aa93 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 31 Jan 2026 19:55:11 +0100 Subject: [PATCH 35/44] fix: forgejo use github for actions url --- hosts/fw/modules/forgejo.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/fw/modules/forgejo.nix b/hosts/fw/modules/forgejo.nix index c6fead7..d364f72 100644 --- a/hosts/fw/modules/forgejo.nix +++ b/hosts/fw/modules/forgejo.nix @@ -115,7 +115,10 @@ in SMTP_PORT = 587; USER = "gitea@cloonar.com"; }; - actions.ENABLED=true; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; # Pull actions from GitHub + }; attachment = { MAX_SIZE = 2048; # 2GB in MB for general attachments }; From 6d7db643bce729e0e441e666dfef7d9c2d889e7d Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 1 Feb 2026 10:52:59 +0100 Subject: [PATCH 36/44] feat: add dev host --- hosts/dev/configuration.nix | 65 ++++++++++++++++++++++++++++++++ hosts/dev/modules/dev-tools.nix | 36 ++++++++++++++++++ hosts/fw/dev | 1 + hosts/fw/modules/dev-microvm.nix | 61 ++++++++++++++++++++++++++++++ 4 files changed, 163 insertions(+) create mode 100644 hosts/dev/configuration.nix create mode 100644 hosts/dev/modules/dev-tools.nix create mode 120000 hosts/fw/dev create mode 100644 hosts/fw/modules/dev-microvm.nix diff --git a/hosts/dev/configuration.nix b/hosts/dev/configuration.nix new file mode 100644 index 0000000..19d5363 --- /dev/null +++ b/hosts/dev/configuration.nix @@ -0,0 +1,65 @@ +{ config, lib, pkgs, ... }: + +let + # === CONFIGURABLE SETTINGS === + projectsDir = "projects"; # Relative to /home/dominik + + repositories = [ + { url = "gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git"; path = "projects/cloonar/wohnservice-wien"} + # Add repos here: { url = "git@..."; path = "relative/path"; } + ]; + # === END CONFIGURABLE === + + cloneScript = pkgs.writeShellScript "clone-repos" '' + set -eu + HOME_DIR="/home/dominik" + PROJECTS_DIR="$HOME_DIR/${projectsDir}" + + mkdir -p "$PROJECTS_DIR" + chown dominik:users "$PROJECTS_DIR" + + ${lib.concatMapStrings (repo: '' + if [ ! -d "$PROJECTS_DIR/${repo.path}" ]; then + ${pkgs.sudo}/bin/sudo -u dominik ${pkgs.git}/bin/git clone ${repo.url} "$PROJECTS_DIR/${repo.path}" || true + fi + '') repositories} + ''; +in +{ + imports = [ + ./modules/dev-tools.nix + ]; + + networking.hostName = "dev"; + system.stateVersion = "22.05"; + time.timeZone = "Europe/Vienna"; + + # User configuration + users.users.dominik = { + isNormalUser = true; + home = "/home/dominik"; + extraGroups = [ "wheel" "docker" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" + ]; + }; + users.groups.users = {}; + + services.openssh.enable = true; + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + + # Clone repos as dominik user on boot + systemd.services.clone-repos = { + description = "Clone configured git repositories"; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = cloneScript; + RemainAfterExit = true; + }; + }; +} diff --git a/hosts/dev/modules/dev-tools.nix b/hosts/dev/modules/dev-tools.nix new file mode 100644 index 0000000..27e0bf8 --- /dev/null +++ b/hosts/dev/modules/dev-tools.nix @@ -0,0 +1,36 @@ +{ pkgs, ... }: +{ + nixpkgs.overlays = [ + (import ../../utils/overlays/packages.nix) + ]; + + environment.systemPackages = with pkgs; [ + # Development tools + ddev + docker-compose + git + git-lfs + + # PHP + php + + # Node.js + nodejs_22 + + # AI coding + claude-code + + # Utilities + jq + unzip + vim + wget + curl + htop + tmux + ]; + + # Docker for ddev + virtualisation.docker.enable = true; + users.users.dominik.extraGroups = [ "docker" ]; +} diff --git a/hosts/fw/dev b/hosts/fw/dev new file mode 120000 index 0000000..009de10 --- /dev/null +++ b/hosts/fw/dev @@ -0,0 +1 @@ +../dev \ No newline at end of file diff --git a/hosts/fw/modules/dev-microvm.nix b/hosts/fw/modules/dev-microvm.nix new file mode 100644 index 0000000..965141e --- /dev/null +++ b/hosts/fw/modules/dev-microvm.nix @@ -0,0 +1,61 @@ +{ lib, pkgs, config, ... }: +let + hostname = "dev"; +in +{ + microvm.vms.dev = { + config = { + imports = [ + ../dev/configuration.nix + ./network-prefix.nix + ]; + + networkPrefix = config.networkPrefix; + + microvm = { + mem = 4096; + vcpu = 2; + + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + { + source = "/var/lib/microvms/persist/dev"; + mountPoint = "/persist"; + tag = "persist"; + proto = "virtiofs"; + } + { + source = "/var/lib/microvms/persist/dev/home"; + mountPoint = "/home"; + tag = "home"; + proto = "virtiofs"; + } + ]; + + volumes = [{ + image = "rootfs.img"; + mountPoint = "/"; + size = 51200; + }]; + + interfaces = [{ + type = "tap"; + id = "vm-${hostname}"; + mac = "02:00:00:00:02:01"; + }]; + }; + + systemd.network.networks."10-lan" = { + matchConfig.PermanentMACAddress = "02:00:00:00:02:01"; + address = [ "${config.networkPrefix}.97.15/24" ]; + gateway = [ "${config.networkPrefix}.97.1" ]; + dns = [ "${config.networkPrefix}.97.1" ]; + }; + }; + }; +} From 91fabfe8575e98b16a55e0cbc5f2af1e6d63d2a3 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 1 Feb 2026 14:03:32 +0100 Subject: [PATCH 37/44] feat: dev fix mkcert and ddev reachability --- hosts/dev/channel | 1 + hosts/dev/configuration.nix | 50 ++++++++++++++++++++++++++++++--- hosts/dev/modules/dev-tools.nix | 21 ++++++++++++-- hosts/dev/utils | 1 + 4 files changed, 67 insertions(+), 6 deletions(-) create mode 100644 hosts/dev/channel create mode 120000 hosts/dev/utils diff --git a/hosts/dev/channel b/hosts/dev/channel new file mode 100644 index 0000000..57f31e7 --- /dev/null +++ b/hosts/dev/channel @@ -0,0 +1 @@ +https://channels.nixos.org/nixos-25.11 diff --git a/hosts/dev/configuration.nix b/hosts/dev/configuration.nix index 19d5363..bca1d31 100644 --- a/hosts/dev/configuration.nix +++ b/hosts/dev/configuration.nix @@ -1,17 +1,17 @@ { config, lib, pkgs, ... }: let - # === CONFIGURABLE SETTINGS === projectsDir = "projects"; # Relative to /home/dominik repositories = [ - { url = "gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git"; path = "projects/cloonar/wohnservice-wien"} + { url = "gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git"; path = "cloonar/wohnservice-wien"; } # Add repos here: { url = "git@..."; path = "relative/path"; } ]; - # === END CONFIGURABLE === cloneScript = pkgs.writeShellScript "clone-repos" '' set -eu + export PATH="${pkgs.openssh}/bin:$PATH" + export GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh" HOME_DIR="/home/dominik" PROJECTS_DIR="$HOME_DIR/${projectsDir}" @@ -20,7 +20,7 @@ let ${lib.concatMapStrings (repo: '' if [ ! -d "$PROJECTS_DIR/${repo.path}" ]; then - ${pkgs.sudo}/bin/sudo -u dominik ${pkgs.git}/bin/git clone ${repo.url} "$PROJECTS_DIR/${repo.path}" || true + ${pkgs.sudo}/bin/sudo -u dominik -E ${pkgs.git}/bin/git clone ${repo.url} "$PROJECTS_DIR/${repo.path}" || true fi '') repositories} ''; @@ -31,12 +31,17 @@ in ]; networking.hostName = "dev"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 80 443 ]; + }; system.stateVersion = "22.05"; time.timeZone = "Europe/Vienna"; # User configuration users.users.dominik = { isNormalUser = true; + uid = 1000; home = "/home/dominik"; extraGroups = [ "wheel" "docker" ]; openssh.authorizedKeys.keys = [ @@ -50,6 +55,22 @@ in programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; + # Auto-attach to tmux on SSH login + environment.interactiveShellInit = '' + if [[ -n "$SSH_CONNECTION" ]] && [[ -z "$TMUX" ]]; then + tmux attach-session -t main 2>/dev/null || tmux new-session -s main + fi + ''; + + # Passwordless sudo for dominik + security.sudo.extraRules = [{ + users = [ "dominik" ]; + commands = [{ + command = "ALL"; + options = [ "NOPASSWD" ]; + }]; + }]; + # Clone repos as dominik user on boot systemd.services.clone-repos = { description = "Clone configured git repositories"; @@ -62,4 +83,25 @@ in RemainAfterExit = true; }; }; + + # Create ddev global config to bind on all interfaces (allows access from other devices) + systemd.services.ddev-config = { + description = "Create ddev global config"; + after = [ "local-fs.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + User = "dominik"; + Group = "users"; + }; + script = '' + mkdir -p /home/dominik/.ddev + if [ ! -f /home/dominik/.ddev/global_config.yaml ]; then + cat > /home/dominik/.ddev/global_config.yaml << 'EOF' +router_bind_all_interfaces: true +EOF + fi + ''; + }; } diff --git a/hosts/dev/modules/dev-tools.nix b/hosts/dev/modules/dev-tools.nix index 27e0bf8..fb3fc2e 100644 --- a/hosts/dev/modules/dev-tools.nix +++ b/hosts/dev/modules/dev-tools.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { nixpkgs.overlays = [ - (import ../../utils/overlays/packages.nix) + (import ../utils/overlays/packages.nix) ]; environment.systemPackages = with pkgs; [ @@ -10,6 +10,8 @@ docker-compose git git-lfs + mkcert + screen # PHP php @@ -27,9 +29,24 @@ wget curl htop - tmux ]; + # Persistent SSH sessions with tmux + programs.tmux = { + enable = true; + clock24 = true; + historyLimit = 50000; + terminal = "screen-256color"; + extraConfig = '' + # Enable mouse support + set -g mouse on + + # Start windows and panes at 1, not 0 + set -g base-index 1 + setw -g pane-base-index 1 + ''; + }; + # Docker for ddev virtualisation.docker.enable = true; users.users.dominik.extraGroups = [ "docker" ]; diff --git a/hosts/dev/utils b/hosts/dev/utils new file mode 120000 index 0000000..6b18391 --- /dev/null +++ b/hosts/dev/utils @@ -0,0 +1 @@ +../../utils \ No newline at end of file From cb67ba33ac4a6dbc306ffba7be5303455d314ce9 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 1 Feb 2026 14:06:46 +0100 Subject: [PATCH 38/44] feat: fw changes for dev server --- hosts/fw/configuration.nix | 2 + hosts/fw/modules/dev-microvm.nix | 16 +- hosts/fw/modules/dnsmasq.nix | 2 + hosts/fw/modules/unbound.nix | 349 ------------------------------- 4 files changed, 18 insertions(+), 351 deletions(-) delete mode 100644 hosts/fw/modules/unbound.nix diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index f41b36c..0c7af8d 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -34,6 +34,7 @@ ./modules/microvm.nix ./modules/gitea-vm.nix ./modules/forgejo-runner.nix + ./modules/dev-microvm.nix # ./modules/vscode-server.nix # Add VS Code Server microvm ./modules/ai-mailer.nix @@ -94,6 +95,7 @@ "mongodb" "ai-mailer" "filebot" + "claude-code" ]; # Intel N100 Graphics Support for hardware transcoding diff --git a/hosts/fw/modules/dev-microvm.nix b/hosts/fw/modules/dev-microvm.nix index 965141e..56c49a7 100644 --- a/hosts/fw/modules/dev-microvm.nix +++ b/hosts/fw/modules/dev-microvm.nix @@ -3,7 +3,19 @@ let hostname = "dev"; in { + # Create persist directories on the host + # UID 1000 = dominik user inside the microvm + systemd.tmpfiles.rules = [ + "d /var/lib/microvm-persist 0755 root root -" + "d /var/lib/microvm-persist/dev 0755 root root -" + "d /var/lib/microvm-persist/dev/home 0755 root root -" + "d /var/lib/microvm-persist/dev/home/dominik 0700 1000 100 -" + ]; + microvm.vms.dev = { + # Use host's pkgs which already has overlays applied + inherit pkgs; + config = { imports = [ ../dev/configuration.nix @@ -24,13 +36,13 @@ in proto = "virtiofs"; } { - source = "/var/lib/microvms/persist/dev"; + source = "/var/lib/microvm-persist/dev"; mountPoint = "/persist"; tag = "persist"; proto = "virtiofs"; } { - source = "/var/lib/microvms/persist/dev/home"; + source = "/var/lib/microvm-persist/dev/home"; mountPoint = "/home"; tag = "home"; proto = "virtiofs"; diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index f1e0e79..768f255 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -97,6 +97,8 @@ "/invidious.cloonar.com/${config.networkPrefix}.97.5" "/fivefilters.cloonar.com/${config.networkPrefix}.97.5" "/n8n.cloonar.com/${config.networkPrefix}.97.5" + "/dev.cloonar.com/${config.networkPrefix}.97.15" + "/.ddev.site/${config.networkPrefix}.97.15" # Wildcard for ddev projects "/home-assistant.cloonar.com/${config.networkPrefix}.97.20" "/mopidy.cloonar.com/${config.networkPrefix}.97.21" "/snapcast.cloonar.com/${config.networkPrefix}.97.21" diff --git a/hosts/fw/modules/unbound.nix b/hosts/fw/modules/unbound.nix deleted file mode 100644 index c5f21c5..0000000 --- a/hosts/fw/modules/unbound.nix +++ /dev/null @@ -1,349 +0,0 @@ -{ config, pkgs, ... }: -let - cids = import ../modules/staticids.nix; - domain = "ns.cloonar.com"; - - adblockLocalZones = pkgs.stdenv.mkDerivation { - name = "unbound-zones-adblock"; - - src = (pkgs.fetchFromGitHub { - owner = "StevenBlack"; - repo = "hosts"; - rev = "3.0.0"; - sha256 = "01g6pc9s1ah2w1cbf6bvi424762hkbpbgja9585a0w99cq0n6bxv"; - } + "/hosts"); - - phases = [ "installPhase" ]; - - installPhase = '' - ${pkgs.gawk}/bin/awk '{sub(/\r$/,"")} {sub(/^127\.0\.0\.1/,"0.0.0.0")} BEGIN { OFS = "" } NF == 2 && $1 == "0.0.0.0" { print "local-zone: \"", $2, "\" static"}' $src | tr '[:upper:]' '[:lower:]' | sort -u > $out - ''; - - }; - cfg = { - remote-control.control-enable = true; - server = { - # include = [ - # "\"${adblockLocalZones}\"" - # ]; - interface = [ "0.0.0.0" "::0" ]; - interface-automatic = "yes"; - access-control = [ - "127.0.0.0/8 allow" - "${config.networkPrefix}.96.0/24 allow" - "${config.networkPrefix}.97.0/24 allow" - "${config.networkPrefix}.98.0/24 allow" - "${config.networkPrefix}.99.0/24 allow" - "${config.networkPrefix}.101.0/24 allow" - "0.0.0.0/0 allow" - ]; - tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt"; - local-zone = "\"cloonar.com\" transparent"; - local-data = [ - "\"localhost A 127.0.0.1\"" - "\"localhost.cloonar.com A 127.0.0.1\"" - "\"localhost AAAA ::1\"" - "\"localhost.cloonar.com AAAA ::1\"" - "\"fw.cloonar.com A ${config.networkPrefix}.97.1\"" - "\"fw A ${config.networkPrefix}.97.1\"" - - "\"www.7-zip.org A 49.12.202.237\"" - - "\"pc.cloonar.com IN A ${config.networkPrefix}.96.5\"" - "\"omada.cloonar.com IN A ${config.networkPrefix}.97.2\"" - "\"switch.cloonar.com IN A ${config.networkPrefix}.97.10\"" - "\"mopidy.cloonar.com IN A ${config.networkPrefix}.97.21\"" - "\"deconz.cloonar.com IN A ${config.networkPrefix}.97.22\"" - "\"wazuh-manager.cloonar.com IN A ${config.networkPrefix}.97.31\"" - "\"wazuh-indexer.cloonar.com IN A ${config.networkPrefix}.97.32\"" - "\"wazuh.cloonar.com IN A ${config.networkPrefix}.97.33\"" - "\"brn30055c566237.cloonar.com IN A ${config.networkPrefix}.96.100\"" - "\"snapcast.cloonar.com IN A ${config.networkPrefix}.97.21\"" - "\"home-assistant.cloonar.com IN A ${config.networkPrefix}.97.20\"" - "\"web-02.cloonar.com IN A ${config.networkPrefix}.97.5\"" - "\"matrix.cloonar.com IN A ${config.networkPrefix}.97.5\"" - "\"element.cloonar.com IN A ${config.networkPrefix}.97.5\"" - "\"support.cloonar.com IN A ${config.networkPrefix}.97.5\"" - "\"tinder.cloonar.com IN A ${config.networkPrefix}.97.5\"" - "\"git.cloonar.com IN A ${config.networkPrefix}.97.50\"" - "\"sync.cloonar.com IN A ${config.networkPrefix}.97.51\"" - - "\"feeds.cloonar.com IN A 188.34.191.144\"" - # "\"paraclub.cloonar.dev IN A 49.12.244.139\"" - # "\"api.paraclub.cloonar.dev IN A 49.12.244.139\"" - # "\"module.paraclub.cloonar.dev IN A 49.12.244.139\"" - # "\"tandem.paraclub.cloonar.dev IN A 49.12.244.139\"" - - "\"stage.wsw.at IN A 10.254.235.22\"" - "\"prod.wsw.at IN A 10.254.217.23\"" - "\"piwik.wohnservice-wien.at IN A 10.254.240.109\"" - "\"wohnservice-wien.at IN A 10.254.240.109\"" - "\"mieterhilfe.at IN A 10.254.240.109\"" - "\"wohnpartner-wien.at IN A 10.254.240.109\"" - "\"new.wohnberatung-wien.at IN A 10.254.240.109\"" - "\"new.wohnpartner-wien.at IN A 10.254.240.109\"" - "\"wohnberatung-wien.at IN A 10.254.240.109\"" - "\"wienbautvor.at IN A 10.254.240.109\"" - "\"wienwohntbesser.at IN A 10.254.240.109\"" - "\"b.wohnservice-wien.at IN A 10.254.240.109\"" - "\"b.mieterhilfe.at IN A 10.254.240.109\"" - "\"b.wohnpartner-wien.at IN A 10.254.240.109\"" - "\"b.wohnberatung-wien.at IN A 10.254.240.109\"" - "\"b.wienbautvor.at IN A 10.254.240.109\"" - "\"b.wienwohntbesser.at IN A 10.254.240.109\"" - "\"a.wohnservice-wien.at IN A 10.254.240.109\"" - "\"a.wohnpartner-wien.at IN A 10.254.240.109\"" - "\"a.stage.wohnservice-wien.at IN A 10.254.240.110\"" - "\"a.stage.mieterhilfe.at IN A 10.254.240.110\"" - "\"a.stage.wohnpartner-wien.at IN A 10.254.240.110\"" - "\"a.stage.wohnberatung-wien.at IN A 10.254.240.110\"" - "\"a.stage.wienbautvor.at IN A 10.254.240.110\"" - "\"a.stage.wienwohntbesser.at IN A 10.254.240.110\"" - "\"b.stage.wohnservice-wien.at IN A 10.254.240.110\"" - "\"b.stage.mieterhilfe.at IN A 10.254.240.110\"" - "\"b.stage.wohnpartner-wien.at IN A 10.254.240.110\"" - "\"b.stage.new.wohnberatung-wien.at IN A 10.254.240.110\"" - "\"b.stage.new.wohnpartner-wien.at IN A 10.254.240.110\"" - "\"b.stage.wohnberatung-wien.at IN A 10.254.240.110\"" - "\"b.stage.wienbautvor.at IN A 10.254.240.110\"" - "\"b.stage.wienwohntbesser.at IN A 10.254.240.110\"" - "\"upgrade-staging.wohnservice-wien.at IN A 10.254.240.110\"" - "\"upgrade-staging.mieterhilfe.at IN A 10.254.240.110\"" - "\"upgrade-staging.wohnpartner-wien.at IN A 10.254.240.110\"" - "\"upgrade-staging.wohnberatung-wien.at IN A 10.254.240.110\"" - "\"upgrade-staging.wienbautvor.at IN A 10.254.240.110\"" - "\"upgrade-staging.wienwohntbesser.at IN A 10.254.240.110\"" - "\"conf.wrwks.at IN A 10.254.240.105\"" - - "\"web.hilgenberg-gmbh.de IN A 91.107.197.169\"" - "\"web.lenaschilling.at IN A 159.69.3.18\"" - - # gaming - "\"foundry-vtt.cloonar.com IN A ${config.networkPrefix}.97.5\"" - - "\"deconz.cloonar.multimedia IN A ${config.networkPrefix}.97.22\"" - "\"metz.cloonar.multimedia IN A ${config.networkPrefix}.99.10\"" - # "\"ps5.cloonar.multimedia IN A ${config.networkPrefix}.99.12\"" - "\"xbox.cloonar.multimedia IN A ${config.networkPrefix}.99.13\"" - # "\"switch.cloonar.multimedia IN A ${config.networkPrefix}.99.14\"" - #living room - "\"shellyuni-livingroom-1.cloonar.smart IN A ${config.networkPrefix}.100.8\"" - "\"shellyswitch25-livingroom-1.cloonar.smart IN A ${config.networkPrefix}.100.9\"" - "\"shellyplug-s-living-1.cloonar.smart IN A ${config.networkPrefix}.100.10\"" - "\"shellyplug-s-living-2.cloonar.smart IN A ${config.networkPrefix}.100.11\"" - # kitchen - "\"shellyplug-s-kitchen-1.cloonar.smart IN A ${config.networkPrefix}.100.17\"" - "\"shellyrgbw2-kitchen-1.cloonar.smart IN A ${config.networkPrefix}.100.18\"" - #bedroom - "\"shelly1-bedroom-1.cloonar.smart IN A ${config.networkPrefix}.100.33\"" - "\"shellybutton1-bedroom-1.cloonar.smart IN A ${config.networkPrefix}.100.34\"" - "\"shellybutton1-bedroom-2.cloonar.smart IN A ${config.networkPrefix}.100.35\"" # todo - "\"shellyrgbw2-bedroom-1.cloonar.smart IN A ${config.networkPrefix}.100.36\"" - "\"shellyrgbw2-bedroom-2.cloonar.smart IN A ${config.networkPrefix}.100.37\"" - "\"shellyrgbw2-bedroom-3.cloonar.smart IN A ${config.networkPrefix}.100.38\"" - # bath - "\"shellyswitch25-bath-1.cloonar.smart IN A ${config.networkPrefix}.100.49\"" - "\"shelly1pm-bath-1.cloonar.smart IN A ${config.networkPrefix}.100.52\"" - "\"shellyht-bath-1.cloonar.smart IN A ${config.networkPrefix}.100.53\"" # todo - # hallway - "\"shelly1-hallway-1.cloonar.smart IN A ${config.networkPrefix}.100.65\"" - "\"shellyem3.cloonar.smart IN A ${config.networkPrefix}.100.70\"" - "\"shellypro-1.cloonar.smart IN A ${config.networkPrefix}.100.71\"" - "\"shellypro-2.cloonar.smart IN A ${config.networkPrefix}.100.72\"" - # toilet - "\"shelly1-toilet-1.cloonar.smart IN A ${config.networkPrefix}.100.81\"" - "\"shellybulbduo-toilet-1.cloonar.smart IN A ${config.networkPrefix}.100.82\"" - # storage - "\"shelly1-storage-1.cloonar.smart IN A ${config.networkPrefix}.100.97\"" - "\"shellyplug-storage-1.cloonar.smart IN A ${config.networkPrefix}.100.98\"" - "\"brn30055c566237.cloonar.multimedia IN A ${config.networkPrefix}.99.100\"" - - "\"ddl-warez.to IN A 172.67.184.30\"" - "\"cdnjs.cloudflare.com IN A 104.17.24.14\"" - ]; - local-data-ptr = [ - "\"127.0.0.1 localhost\"" - "\"::1 localhost\"" - "\"${config.networkPrefix}.97.1 fw.cloonar.com\"" - "\"${config.networkPrefix}.97.20 home-assistant.cloonar.com\"" - "\"${config.networkPrefix}.97.21 snapcast.cloonar.com\"" - "\"${config.networkPrefix}.97.22 deconz.cloonar.com\"" - "\"${config.networkPrefix}.97.50 git.cloonar.com\"" - - "\"10.254.235.22 stage.wsw.at\"" - "\"10.254.217.23 prod.wsw.at\"" - "\"10.254.240.109 wohnservice-wien.at\"" - "\"10.254.240.110 a.stage.wohnservice-wien.at\"" - - "\"172.67.184.30 ddl-warez.to\"" - "\"104.17.24.14 cdnjs.cloudflare.com\"" - ]; - # ssl-upstream = "yes"; - }; - forward-zone = [ - { - name = "local.ghetto.at."; - forward-tls-upstream = "no"; - forward-addr = [ - "10.43.97.1" - ]; - } - { - name = "ghetto.at.local."; - forward-tls-upstream = "no"; - forward-addr = [ - "10.43.97.1" - ]; - } - { - name = "epicenter.works."; - forward-tls-upstream = "no"; - forward-addr = [ - "10.50.60.1" - ]; - } - { - name = "akvorrat.at."; - forward-tls-upstream = "no"; - forward-addr = [ - "10.50.60.1" - ]; - } - { - name = "epicenter.intra."; - forward-tls-upstream = "no"; - forward-addr = [ - "10.14.1.1" - ]; - } - { - name = "intra.epicenter.works."; - forward-tls-upstream = "no"; - forward-addr = [ - "10.14.1.1" - ]; - } - { - name = "."; - forward-tls-upstream = "yes"; - forward-first = "no"; - forward-addr = [ - "9.9.9.9@853#dns9.quad9.net" - "149.112.112.11@853#dns11.quad9.net" - ]; - } - ]; - }; -in { - users.users.unbound = { - group = "unbound"; - isSystemUser = true; - uid = cids.uids.unbound; - }; - users.groups.unbound = { - gid = cids.gids.unbound; - }; - - security.acme.certs."${domain}" = { - group = "unbound"; - }; - security.acme.certs."fw.cloonar.com" = { - group = "unbound"; - }; - - services.resolved.enable = false; - - services.unbound = { - enable = true; - settings = cfg; - }; - systemd.services.unbound-sync = { - enable = true; - path = with pkgs; [ unbound inotify-tools ]; - script = '' - #!/usr/bin/env bash - set -euo pipefail - - # readFile and readFileUnique as beforeā€¦ - function readFile() { - if [[ "''\$2" == "A" ]] ; then - cat "''\$1" | tail -n +2 | while IFS=, read -r address hwaddr client_id valid_lifetime expire subnet_id fqdn_fwd fqdn_rev hostname state user_context - do - echo "''\${address},''\${hostname}" - done - else - cat "''\$1" | tail -n +2 | while IFS=, read -r address duid valid_lifetime expire subnet_id pref_lifetime lease_type iaid prefix_len fqdn_fwd fqdn_rev hostname hwaddr state user_context hwtype hwaddr_source - do - echo "''\${address},''\${hostname}" - done - fi - } - - function readFileUnique() { - readFile "''\$1" ''\$2 | uniq | while IFS=, read -r address hostname - do - if echo "''\${1}" | grep -Eq '.*\.(cloonar.com|cloonar.multimedia|cloonar.smart)'; then - echo ''\${hostname} ''\$2 ''\${address} - unbound-control local_data ''\${hostname} ''\$2 ''\${address} > /dev/null 2>&1 - if [[ "''\$2" == "A" ]] ; then - echo ''\${address} | while IFS=. read -r ip0 ip1 ip2 ip3 - do - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} > /dev/null 2>&1 - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} > /dev/null 2>&1 - done - fi - else - if [[ "''\$2" == "A" ]] ; then - echo ''\${address} | while IFS=. read -r ip0 ip1 ip2 ip3 - do - if [[ "''\${hostname}" != "" ]]; then - domain=cloonar.com - if [[ "''\${ip2}" == 99 ]]; then - domain=cloonar.multimedia - fi - if [[ "''\${ip2}" == 100 ]]; then - domain=cloonar.smart - fi - if [[ "''\${hostname}" != *. ]]; then - unbound-control local_data ''\${hostname}.''\${domain} ''\$2 ''\${address} > /dev/null 2>&1 - else - unbound-control local_data ''\${hostname}''\${domain} ''\$2 ''\${address} > /dev/null 2>&1 - fi - - fi - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} > /dev/null 2>&1 - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} > /dev/null 2>&1 - done - fi - fi - done - } - - function syncLeases() { - # 1) nuke all of our old lease records from unbound - unbound-control list_local_data \ - | grep -E 'cloonar\.(com|multimedia|smart)|ip4\.arpa|in-addr\.arpa' \ - | while read -r name type data; do - unbound-control local_data_remove "$name" "$type" "$data" \ - > /dev/null 2>&1 - done - - # 2) re-push every current lease - readFileUnique "/var/lib/kea/dhcp4.leases" A - # if you need IPv6: - # readFileUnique "/var/lib/kea/dhcp6.leases" AAAA - } - - while true; do - syncLeases - sleep 10 - done - ''; - wants = [ "network-online.target" "unbound.service" ]; - after = [ "network-online.target" "unbound.service" ]; - partOf = [ "unbound.service" ]; - wantedBy = [ "multi-user.target" ]; - }; - - networking.firewall.allowedUDPPorts = [ 53 5353 ]; -} From 25580ded3bbb9ff805e036fb32b62d2205570315 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 1 Feb 2026 14:23:27 +0100 Subject: [PATCH 39/44] feat: nb change networking and add projects --- hosts/nb/configuration.nix | 31 +------------ hosts/nb/modules/networking.nix | 63 ++++++++++++++++++++++++++ hosts/nb/users/configs/project_history | 3 ++ hosts/nb/users/dominik.nix | 2 + 4 files changed, 69 insertions(+), 30 deletions(-) create mode 100644 hosts/nb/modules/networking.nix diff --git a/hosts/nb/configuration.nix b/hosts/nb/configuration.nix index 8b20710..57ba254 100644 --- a/hosts/nb/configuration.nix +++ b/hosts/nb/configuration.nix @@ -40,6 +40,7 @@ in { # ./modules/steam.nix ./modules/fingerprint.nix ./modules/set-nix-channel.nix + ./modules/networking.nix ./hardware-configuration.nix ]; @@ -249,36 +250,6 @@ in { }; }; - networking.wireguard.interfaces = { - wg0 = { - ips = [ "10.42.98.201/32" ]; - # publicKey: YdlRGsjh4hS3OMJI+t6SZ2eGXKbs0wZBXWudHW4NyS8= - privateKeyFile = config.sops.secrets.wg-cloonar-key.path; - - peers = [ - { - publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q="; - allowedIPs = [ - "10.42.96.0/20" - # wohnservice-wien - "10.254.240.0/24" - "10.254.235.0/24" - # epicenter.works - "10.14.0.0/16" - "10.25.0.0/16" - "188.34.191.144/32" # web-arm - "91.107.201.241" # mail - ]; - endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 - persistentKeepalive = 25; - } - ]; - postSetup = '' - printf "nameserver 10.42.97.1\nsearch cloonar.com" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0 -x - ''; - }; - }; - # pgp services.pcscd.enable = true; programs.gnupg.agent = { diff --git a/hosts/nb/modules/networking.nix b/hosts/nb/modules/networking.nix new file mode 100644 index 0000000..0bf1995 --- /dev/null +++ b/hosts/nb/modules/networking.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: + +{ + # Enable systemd-resolved with split DNS for ddev.site + services.resolved = { + enable = true; + dnssec = "false"; + extraConfig = '' + DNS=127.0.0.1:5353 + Domains=~ddev.site + ''; + }; + + # Integrate NetworkManager with systemd-resolved + networking.networkmanager.dns = "systemd-resolved"; + + # Local dnsmasq for .ddev.site resolution only (port 5353) + services.dnsmasq = { + enable = true; + settings = { + port = 5353; + listen-address = "127.0.0.1"; + bind-interfaces = true; + no-resolv = true; + address = "/.ddev.site/127.0.0.1"; + }; + }; + + # WireGuard VPN configuration + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.42.98.201/32" ]; + # publicKey: YdlRGsjh4hS3OMJI+t6SZ2eGXKbs0wZBXWudHW4NyS8= + privateKeyFile = config.sops.secrets.wg-cloonar-key.path; + + peers = [ + { + publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q="; + allowedIPs = [ + "10.42.96.0/20" + # wohnservice-wien + "10.254.240.0/24" + "10.254.235.0/24" + # epicenter.works + "10.14.0.0/16" + "10.25.0.0/16" + "188.34.191.144/32" # web-arm + "91.107.201.241" # mail + ]; + endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 + persistentKeepalive = 25; + } + ]; + + # Use resolvectl for systemd-resolved integration + # Note: No postDown needed - systemd-resolved automatically handles interface removal + postSetup = '' + ${pkgs.systemd}/bin/resolvectl dns wg0 10.42.97.1 + ${pkgs.systemd}/bin/resolvectl domain wg0 cloonar.com + ''; + }; + }; +} diff --git a/hosts/nb/users/configs/project_history b/hosts/nb/users/configs/project_history index b38e27f..ec0ad0b 100644 --- a/hosts/nb/users/configs/project_history +++ b/hosts/nb/users/configs/project_history @@ -1,3 +1,6 @@ +/home/dominik/projects/infrastructure/actions +/home/dominik/projects/infrastructure/forgejo-mcp + /home/dominik/projects/cloonar/chatgpt.vim /home/dominik/projects/cloonar/ai.nvim /home/dominik/projects/cloonar/gitea.nvim diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index b9fc281..34c0b2d 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -620,6 +620,8 @@ in git clone gitea@git.cloonar.com:ScanA11y/sa-core.git ${persistHome}/projects/scana11y/sa-core 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/ai-image-alt.git ${persistHome}/projects/cloonar/ai-image-alt 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/bookmap.git ${persistHome}/projects/cloonar/bookmap 2>/dev/null + git clone gitea@git.cloonar.com:infrastructure/actions.git ${persistHome}/projects/infrastructure/actions 2>/dev/null + git clone ssh://git@codeberg.org/razormind/forgejo-mcp.git ${persistHome}/projects/infrastructure/forgejo-mcp 2>/dev/null git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null From f5a0bc582d7207fbc8e0521f61f4db657cfa3bd3 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 1 Feb 2026 15:23:10 +0100 Subject: [PATCH 40/44] feat: fw final switch to forgejo --- hosts/fw/configuration.nix | 6 ++---- hosts/fw/modules/dnsmasq.nix | 3 +-- hosts/fw/modules/firewall.nix | 4 ++-- hosts/fw/modules/forgejo-runner.nix | 2 +- hosts/fw/modules/forgejo.nix | 11 ++++------- hosts/fw/modules/web/proxies.nix | 8 -------- 6 files changed, 10 insertions(+), 24 deletions(-) diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index 0c7af8d..5e29c0d 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -32,7 +32,6 @@ # microvm ./modules/microvm.nix - ./modules/gitea-vm.nix ./modules/forgejo-runner.nix ./modules/dev-microvm.nix # ./modules/vscode-server.nix # Add VS Code Server microvm @@ -45,8 +44,7 @@ ./modules/web # git - ./modules/gitea.nix - ./modules/forgejo.nix # Migration: autoStart=false, start after migration script + ./modules/forgejo.nix # ./modules/fwmetrics.nix # ha customers @@ -81,7 +79,7 @@ networkPrefix = "10.42"; # Systemd services to monitor - services.victoriametrics.monitoredServices = [ "ai-mailer" "container@git" "microvm@git-runner-" "microvm@fj-runner-" ]; + services.victoriametrics.monitoredServices = [ "ai-mailer" "container@forgejo" "microvm@fj-runner-" ]; nixpkgs.overlays = [ (import ./utils/overlays/packages.nix) diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index 768f255..9e16d42 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -103,8 +103,7 @@ "/mopidy.cloonar.com/${config.networkPrefix}.97.21" "/snapcast.cloonar.com/${config.networkPrefix}.97.21" "/lms.cloonar.com/${config.networkPrefix}.97.21" - "/git.cloonar.com/${config.networkPrefix}.97.50" - "/forgejo.cloonar.com/${config.networkPrefix}.97.55" + "/git.cloonar.com/${config.networkPrefix}.97.55" "/feeds.cloonar.com/188.34.191.144" "/nukibridge1a753f72.cloonar.smart/${config.networkPrefix}.100.112" "/allywatch.cloonar.com/${config.networkPrefix}.97.5" diff --git a/hosts/fw/modules/firewall.nix b/hosts/fw/modules/firewall.nix index 22bc6a1..c876e13 100644 --- a/hosts/fw/modules/firewall.nix +++ b/hosts/fw/modules/firewall.nix @@ -118,7 +118,7 @@ iifname "smart" oifname "server" ip daddr ${config.networkPrefix}.97.20/32 tcp dport { 1883 } counter accept # Forward to git server - oifname "server" ip daddr ${config.networkPrefix}.97.50 tcp dport { 22 } counter accept + oifname "server" ip daddr ${config.networkPrefix}.97.55 tcp dport { 22 } counter accept oifname "server" ip daddr ${config.networkPrefix}.97.5 tcp dport { 80, 443 } counter accept # lan and vpn to any @@ -167,7 +167,7 @@ chain prerouting { type nat hook prerouting priority filter; policy accept; iifname "server" ip daddr ${config.networkPrefix}.96.255 udp dport { 9 } dnat to ${config.networkPrefix}.96.255 - iifname "wan" tcp dport { 22 } dnat to ${config.networkPrefix}.97.50 + iifname "wan" tcp dport { 22 } dnat to ${config.networkPrefix}.97.55 iifname "wan" tcp dport { 80, 443 } dnat to ${config.networkPrefix}.97.5 iifname "wan" tcp dport { 5000 } dnat to ${config.networkPrefix}.97.51 iifname { "wan", "lan" } udp dport { 7777, 7778, 27015 } dnat to ${config.networkPrefix}.97.201 diff --git a/hosts/fw/modules/forgejo-runner.nix b/hosts/fw/modules/forgejo-runner.nix index 06befd1..c8f93f8 100644 --- a/hosts/fw/modules/forgejo-runner.nix +++ b/hosts/fw/modules/forgejo-runner.nix @@ -51,7 +51,7 @@ in { services.gitea-actions-runner.instances.${runner} = { enable = true; - url = "https://forgejo.cloonar.com"; + url = "https://git.cloonar.com"; name = runner; tokenFile = "/run/secrets/forgejo-runner-token"; labels = [ diff --git a/hosts/fw/modules/forgejo.nix b/hosts/fw/modules/forgejo.nix index d364f72..afb4cd1 100644 --- a/hosts/fw/modules/forgejo.nix +++ b/hosts/fw/modules/forgejo.nix @@ -19,13 +19,12 @@ in users.users.forgejo = user; users.groups.forgejo = group; - # Reuse the existing git.cloonar.com ACME cert from gitea.nix - security.acme.certs."forgejo.cloonar.com" = { + security.acme.certs."git.cloonar.com" = { group = "nginx"; }; containers.forgejo = { - autoStart = false; # Don't start until migration is complete + autoStart = true; ephemeral = false; # because of ssh key privateNetwork = true; hostBridge = "server"; @@ -37,8 +36,7 @@ in isReadOnly = false; }; "/var/lib/acme/forgejo/" = { - # hostPath = config.security.acme.certs.${domain}.directory; - hostPath = config.security.acme.certs."forgejo.cloonar.com".directory; + hostPath = config.security.acme.certs.${domain}.directory; isReadOnly = true; }; "/run/secrets/forgejo-mailer-password" = { @@ -146,7 +144,6 @@ in sops.secrets.forgejo-mailer-password = { owner = "forgejo"; - # restartUnits removed - would start the container even with autoStart=false - # Re-add after migration: restartUnits = [ "container@forgejo.service" ]; + restartUnits = [ "container@forgejo.service" ]; }; } diff --git a/hosts/fw/modules/web/proxies.nix b/hosts/fw/modules/web/proxies.nix index 1709e39..421ea1a 100644 --- a/hosts/fw/modules/web/proxies.nix +++ b/hosts/fw/modules/web/proxies.nix @@ -1,13 +1,5 @@ { config, lib, ... }: { services.nginx.virtualHosts."git.cloonar.com" = { - forceSSL = true; - enableACME = true; - acmeRoot = null; - locations."/" = { - proxyPass = "https://git.cloonar.com/"; - }; - }; - services.nginx.virtualHosts."forgejo.cloonar.com" = { forceSSL = true; enableACME = true; acmeRoot = null; From 646bbde71ca2e180e3e1023763de323129cffb92 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 1 Feb 2026 15:23:25 +0100 Subject: [PATCH 41/44] feat: forgejo alerts --- .../modules/grafana/alerting/service/services_down.nix | 5 +++-- hosts/web-arm/modules/prometheus.nix | 8 ++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/hosts/web-arm/modules/grafana/alerting/service/services_down.nix b/hosts/web-arm/modules/grafana/alerting/service/services_down.nix index 8d04832..7172280 100644 --- a/hosts/web-arm/modules/grafana/alerting/service/services_down.nix +++ b/hosts/web-arm/modules/grafana/alerting/service/services_down.nix @@ -7,8 +7,9 @@ let { name = "Postfix"; service = "postfix.service"; instance = "mail:9100"; } { name = "Dovecot"; service = "dovecot.service"; instance = "mail:9100"; } { name = "OpenLDAP"; service = "openldap.service"; instance = "mail:9100"; } - { name = "Gitea"; service = "container@git.service"; instance = "fw:9100"; } - { name = "Gitea Runner"; service = "microvm@git-runner-1.service"; instance = "fw:9100"; } + { name = "Forgejo"; service = "container@forgejo.service"; instance = "fw:9100"; } + { name = "Forgejo Runner 1"; service = "microvm@fj-runner-1.service"; instance = "fw:9100"; } + { name = "Forgejo Runner 2"; service = "microvm@fj-runner-2.service"; instance = "fw:9100"; } { name = "WireGuard"; service = "wireguard-wg_cloonar.service"; instance = "fw:9100"; } { name = "MySQL"; service = "mysql.service"; instance = "amzebs-01:9100"; } { name = "Nginx"; service = "nginx.service"; instance = "amzebs-01:9100"; } diff --git a/hosts/web-arm/modules/prometheus.nix b/hosts/web-arm/modules/prometheus.nix index dc70321..bdd5a8f 100644 --- a/hosts/web-arm/modules/prometheus.nix +++ b/hosts/web-arm/modules/prometheus.nix @@ -118,10 +118,10 @@ description="homeassistant notification {{$labels.entity}} ({{$labels.friendly_name}}): {{$value}}" } - ALERT gitea - IF rate(promhttp_metric_handler_requests_total{job="gitea", code="500"}[5m]) > 3 + ALERT forgejo + IF rate(promhttp_metric_handler_requests_total{job="forgejo", code="500"}[5m]) > 3 ANNOTATIONS { - description="{{$labels.instance}}: gitea instances error rate went up: {{$value}} errors in 5 minutes" + description="{{$labels.instance}}: forgejo instances error rate went up: {{$value}} errors in 5 minutes" } '' ]; @@ -198,7 +198,7 @@ ]; } { - job_name = "gitea"; + job_name = "forgejo"; scrape_interval = "60s"; metrics_path = "/metrics"; From 0af34231472203db9db1fb03664534cf271b336b Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 1 Feb 2026 15:36:29 +0100 Subject: [PATCH 42/44] feat: add dev host to fleet --- fleet.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fleet.nix b/fleet.nix index e8a8ab5..2084c8b 100644 --- a/fleet.nix +++ b/fleet.nix @@ -51,6 +51,10 @@ username = "nas"; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICS6b97LPUpr7/kWvOcI40s5e+gfbfz0I2/hAPL6zTmU"; } + { + username = "dev"; + key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICS6b97LPUpr7/kWvOcI40s5e+gfbfz0I2/hAPL6zTmU"; + } { username = "amzebs-01"; From d140a20ed95e8f6a00823ca446050f184a7fab2b Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 1 Feb 2026 15:47:41 +0100 Subject: [PATCH 43/44] feat: remove tmux from dev and add claude resume shortcut --- hosts/dev/configuration.nix | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/hosts/dev/configuration.nix b/hosts/dev/configuration.nix index bca1d31..7fcc526 100644 --- a/hosts/dev/configuration.nix +++ b/hosts/dev/configuration.nix @@ -55,13 +55,18 @@ in programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; - # Auto-attach to tmux on SSH login - environment.interactiveShellInit = '' - if [[ -n "$SSH_CONNECTION" ]] && [[ -z "$TMUX" ]]; then - tmux attach-session -t main 2>/dev/null || tmux new-session -s main - fi + # Welcome message with Claude Code reminder + users.motd = '' + Welcome to dev + + Claude Code: claude or cr (resume last session) ''; + # Short alias for resuming Claude sessions + programs.zsh.shellAliases = { + cr = "claude --resume"; + }; + # Passwordless sudo for dominik security.sudo.extraRules = [{ users = [ "dominik" ]; From 470f84a4b9cb8ba9acf7b338b59baa9a5f9033d7 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 1 Feb 2026 16:05:54 +0100 Subject: [PATCH 44/44] feat: update repos to new forgejo --- hosts/nb/users/dominik.nix | 86 +++++++++++++++++++------------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index 34c0b2d..318106f 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -336,7 +336,7 @@ in # Remember and auto-resolve merge conflicts # https://git-scm.com/book/en/v2/Git-Tools-Rerere rerere.enabled = true; - "url \"gitea@git.cloonar.com:\"" = { + "url \"forgejo@git.cloonar.com:\"" = { insteadOf = "https://git.cloonar.com/"; }; }; @@ -603,59 +603,59 @@ in ssh-keygen -R git.cloonar.com ssh-keyscan git.cloonar.com >> ~/.ssh/known_hosts git clone git@github.com:dpolakovics/soundscape-sync.git ${persistHome}/projects/cloonar/soundscape-sync 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/yaapi.git ${persistHome}/projects/cloonar/yaapi 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/chatgpt.vim.git ${persistHome}/cloonar/chatgpt.vim 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/gitea.nvim.git ${persistHome}/cloonar/gitea.nvim 2>/dev/null - git clone gitea@git.cloonar.com:myhidden.life/web.git ${persistHome}/projects/myhidden.life/myhidden.life-web 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/yaapi.git ${persistHome}/projects/cloonar/yaapi 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/chatgpt.vim.git ${persistHome}/cloonar/chatgpt.vim 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/gitea.nvim.git ${persistHome}/cloonar/gitea.nvim 2>/dev/null + git clone forgejo@git.cloonar.com:myhidden.life/web.git ${persistHome}/projects/myhidden.life/myhidden.life-web 2>/dev/null git clone git@github.com:dpolakovics/glazewm.git ${persistHome}/cloonar/glazewm 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/phishguard.git ${persistHome}/projects/cloonar/phishguard 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/phishguard-frontend.git ${persistHome}/projects/cloonar/phishguard-frontend 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/gitapi.git ${persistHome}/projects/cloonar/gitapi 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/ai.nvim.git ${persistHome}/cloonar/ai.nvim 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/cloonar-assistant.git ${persistHome}/projects/cloonar/cloonar-assistant 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/cloonar-assistant-customers.git ${persistHome}/projects/cloonar/cloonar-assistant-customers 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/updns.git ${persistHome}/projects/cloonar/updns 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/phishguard.git ${persistHome}/projects/cloonar/phishguard 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/phishguard-frontend.git ${persistHome}/projects/cloonar/phishguard-frontend 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/gitapi.git ${persistHome}/projects/cloonar/gitapi 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/ai.nvim.git ${persistHome}/cloonar/ai.nvim 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/cloonar-assistant.git ${persistHome}/projects/cloonar/cloonar-assistant 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/cloonar-assistant-customers.git ${persistHome}/projects/cloonar/cloonar-assistant-customers 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/updns.git ${persistHome}/projects/cloonar/updns 2>/dev/null git clone git@github.com:dpolakovics/mcp-servers-nix.git ${persistHome}/cloonar/mcp-servers-nix 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/ldap2vcard.git ${persistHome}/projects/cloonar/ldap2vcard 2>/dev/null - git clone gitea@git.cloonar.com:ScanA11y/sa-core.git ${persistHome}/projects/scana11y/sa-core 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/ai-image-alt.git ${persistHome}/projects/cloonar/ai-image-alt 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/bookmap.git ${persistHome}/projects/cloonar/bookmap 2>/dev/null - git clone gitea@git.cloonar.com:infrastructure/actions.git ${persistHome}/projects/infrastructure/actions 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/ldap2vcard.git ${persistHome}/projects/cloonar/ldap2vcard 2>/dev/null + git clone forgejo@git.cloonar.com:ScanA11y/sa-core.git ${persistHome}/projects/scana11y/sa-core 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/ai-image-alt.git ${persistHome}/projects/cloonar/ai-image-alt 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/bookmap.git ${persistHome}/projects/cloonar/bookmap 2>/dev/null + git clone forgejo@git.cloonar.com:infrastructure/actions.git ${persistHome}/projects/infrastructure/actions 2>/dev/null git clone ssh://git@codeberg.org/razormind/forgejo-mcp.git ${persistHome}/projects/infrastructure/forgejo-mcp 2>/dev/null - git clone gitea@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null - git clone gitea@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null + git clone forgejo@git.cloonar.com:dominik.polakovics/typo3-basic.git ${persistHome}/cloonar/typo3-basic 2>/dev/null + git clone forgejo@git.cloonar.com:renovate/renovate-config.git ${persistHome}/cloonar/renovate-config 2>/dev/null git clone git@github.com:dpolakovics/bento.git ${persistHome}/cloonar/bento 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/freescout.git ${persistHome}/projects/cloonar/freescout 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/support-invoiced.git ${persistHome}/projects/cloonar/support-invoiced 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/nixos.git ${persistHome}/projects/cloonar/cloonar-nixos 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/website.git ${persistHome}/projects/cloonar/cloonar-website 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git ${persistHome}/projects/cloonar/wohnservice-wien 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/wohnservice-gdpr.git ${persistHome}/projects/cloonar/wohnservice-gdpr 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/gbv-aktuell.git ${persistHome}/projects/cloonar/gbv-aktuell 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/fit.git ${persistHome}/projects/cloonar/cloonar-fit 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/freescout.git ${persistHome}/projects/cloonar/freescout 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/support-invoiced.git ${persistHome}/projects/cloonar/support-invoiced 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/nixos.git ${persistHome}/projects/cloonar/cloonar-nixos 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/website.git ${persistHome}/projects/cloonar/cloonar-website 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git ${persistHome}/projects/cloonar/wohnservice-wien 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/wohnservice-gdpr.git ${persistHome}/projects/cloonar/wohnservice-gdpr 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/gbv-aktuell.git ${persistHome}/projects/cloonar/gbv-aktuell 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/fit.git ${persistHome}/projects/cloonar/cloonar-fit 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/cloonar-technologies-website.git ${persistHome}/projects/cloonar/cloonar-technologies-website 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/cloonar-technologies-website.git ${persistHome}/projects/cloonar/cloonar-technologies-website 2>/dev/null - git clone gitea@git.cloonar.com:Paraclub/api.git ${persistHome}/projects/cloonar/paraclub/paraclub-api 2>/dev/null - git clone gitea@git.cloonar.com:Paraclub/frontend.git ${persistHome}/projects/cloonar/paraclub/paraclub-frontend 2>/dev/null - git clone gitea@git.cloonar.com:Paraclub/website.git ${persistHome}/projects/cloonar/paraclub/paraclub-website 2>/dev/null - git clone gitea@git.cloonar.com:Paraclub/module.git ${persistHome}/projects/cloonar/paraclub/paraclub-module 2>/dev/null - git clone gitea@git.cloonar.com:Paraclub/ai-mailer.git ${persistHome}/projects/cloonar/paraclub/paraclub-ai-mailer 2>/dev/null + git clone forgejo@git.cloonar.com:Paraclub/api.git ${persistHome}/projects/cloonar/paraclub/paraclub-api 2>/dev/null + git clone forgejo@git.cloonar.com:Paraclub/frontend.git ${persistHome}/projects/cloonar/paraclub/paraclub-frontend 2>/dev/null + git clone forgejo@git.cloonar.com:Paraclub/website.git ${persistHome}/projects/cloonar/paraclub/paraclub-website 2>/dev/null + git clone forgejo@git.cloonar.com:Paraclub/module.git ${persistHome}/projects/cloonar/paraclub/paraclub-module 2>/dev/null + git clone forgejo@git.cloonar.com:Paraclub/ai-mailer.git ${persistHome}/projects/cloonar/paraclub/paraclub-ai-mailer 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/amz-api.git ${persistHome}/projects/cloonar/amz/amz-api 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/amz-frontend.git ${persistHome}/projects/cloonar/amz/amz-frontend 2>/dev/null - git clone gitea@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/dialog-relations-website.git ${persistHome}/projects/cloonar/dialog-relations-website 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/imperfect-perfect.com.git ${persistHome}/projects/cloonar/imperfect-perfect.com 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/amz-api.git ${persistHome}/projects/cloonar/amz/amz-api 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/amz-frontend.git ${persistHome}/projects/cloonar/amz/amz-frontend 2>/dev/null + git clone forgejo@git.cloonar.com:hilgenberg/website.git ${persistHome}/projects/cloonar/hilgenberg-website 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/korean-skin.care.git ${persistHome}/projects/cloonar/korean-skin.care 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/lena-schilling-website.git ${persistHome}/projects/cloonar/lena-schilling-website 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/dialog-relations-website.git ${persistHome}/projects/cloonar/dialog-relations-website 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/imperfect-perfect.com.git ${persistHome}/projects/cloonar/imperfect-perfect.com 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/lego-hetzner-bridge.git ${persistHome}/projects/home-automation/lego-hetzner-bridge 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/ghetto-nixos.git ${persistHome}/projects/home-automation/ghetto-nixos 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/lego-hetzner-bridge.git ${persistHome}/projects/home-automation/lego-hetzner-bridge 2>/dev/null + git clone forgejo@git.cloonar.com:Cloonar/ghetto-nixos.git ${persistHome}/projects/home-automation/ghetto-nixos 2>/dev/null - git clone gitea@git.cloonar.com:ownstash/api.git ${persistHome}/projects/ownstash/ownstash-api 2>/dev/null + git clone forgejo@git.cloonar.com:ownstash/api.git ${persistHome}/projects/ownstash/ownstash-api 2>/dev/null ssh-keygen -R gitlab.epicenter.works ssh-keyscan gitlab.epicenter.works >> ~/.ssh/known_hosts