DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Stuff

Browse Source
This commit is contained in:
DerGrumpf
2026-05-03 23:21:13 +02:00
parent 50e57a89f8 e8253312b2
commit ec862beab4
15 changed files with 327 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files
home/shell.nix
+1
View File
@@ -16,6 +16,7 @@
bat # cat alternative bat # cat alternative
ripgrep # grep alternative ripgrep # grep alternative
doas # sudo alternative doas # sudo alternative
dnsutils
# LLM in the Terminal # LLM in the Terminal
(pkgs.llm.withPlugins { llm-groq = true; }) (pkgs.llm.withPlugins { llm-groq = true; })
hosts/cyper-controller/configuration.nix
+1 -1
View File
@@ -12,8 +12,8 @@
../../nixos/roles/gitea.nix ../../nixos/roles/gitea.nix
../../nixos/roles/vaultwarden.nix ../../nixos/roles/vaultwarden.nix
../../nixos/roles/frontpage ../../nixos/roles/frontpage
../../nixos/roles/cage.nix
../../nixos/roles/paperless-ngx.nix ../../nixos/roles/paperless-ngx.nix
../../nixos/roles/octoprint.nix
]; ];
networking = { networking = {
hosts/cyper-controller/smb.nix
+12
View File
@@ -59,6 +59,18 @@
"valid users" = primaryUser; "valid users" = primaryUser;
"force user" = primaryUser; "force user" = primaryUser;
}; };
paperless-consume = {
"path" = "/storage/fast/paperless/consume";
"comment" = "Paperless incoming documents";
"browseable" = "yes";
"read only" = "no";
"valid users" = primaryUser;
"create mask" = "0664";
"directory mask" = "0775";
"force user" = "paperless";
"force group" = "paperless";
};
}; };
}; };
hosts/cyper-proxy/configuration.nix
+9 -1
View File
@@ -3,7 +3,8 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../nixos/roles/nginx.nix ../../nixos/roles/nginx.nix
../../nixos/roles/livekit.nix ../../nixos/roles/matrix/livekit.nix
# ../../nixos/roles/jitsi.nix
]; ];
networking = { networking = {
@@ -28,6 +29,13 @@
443 443
]; ];
hosts = {
"178.254.8.35" = [
"cyperpunk.de"
"matrix.cyperpunk.de"
];
};
}; };
system.stateVersion = "26.05"; system.stateVersion = "26.05";
nixos/roles/livekit.nix
-45
View File
@@ -1,45 +0,0 @@
{ pkgs, ... }:
let
keyFile = "/run/livekit/livekit.key";
domain = "cyperpunk.de";
synapseUrl = "http://100.109.179.25:8008"; # Tailscale IP of cyper-controller
in
{
services.livekit = {
enable = true;
openFirewall = true;
inherit keyFile;
settings.room.auto_create = false;
};
services.lk-jwt-service = {
enable = true;
livekitUrl = "wss://${domain}/livekit/sfu";
inherit keyFile;
};
systemd.services.livekit-key = {
before = [
"lk-jwt-service.service"
"livekit.service"
];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
livekit
coreutils
gawk
];
script = ''
mkdir -p /run/livekit
echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}"
'';
serviceConfig.Type = "oneshot";
unitConfig.ConditionPathExists = "!${keyFile}";
};
systemd.services.lk-jwt-service.environment = {
LIVEKIT_FULL_ACCESS_HOMESERVERS = domain;
MATRIX_BASE_URL = synapseUrl; # tells lk-jwt-service where to validate tokens
};
}
nixos/roles/matrix/clients.nix
+40 -2
View File
@@ -126,8 +126,14 @@ let
preferred_domain = "jitsi.cyperpunk.de"; preferred_domain = "jitsi.cyperpunk.de";
}; };
element_call = { element_call = {
url = "https://cyperpunk.de/livekit/jwt"; url = "https://element-call.cyperpunk.de";
use_exclusively = true; use_exclusively = true;
participant_limit = 8;
brand = "Cyperpunk Call";
encryption = "None";
};
livekit = {
livekit_service_url = "https://cyperpunk.de/livekit/jwt/";
}; };
setting_defaults = { setting_defaults = {
custom_themes = catppuccinThemes; custom_themes = catppuccinThemes;
@@ -135,6 +141,8 @@ let
}; };
features = { features = {
feature_group_calls = true; feature_group_calls = true;
"feature_disable_call_per_sender_encryption" = true;
"feature_sliding_sync" = true;
}; };
} }
); );
@@ -143,10 +151,30 @@ let
cp ${elementConfig} $out/config.json cp ${elementConfig} $out/config.json
''; '';
}); });
synapseAdmin = pkgs.synapse-admin-etkecc.withConfig { synapseAdmin = pkgs.ketesa.withConfig {
restrictBaseUrl = [ "https://matrix.cyperpunk.de" ]; restrictBaseUrl = [ "https://matrix.cyperpunk.de" ];
loginFlows = [ "password" ]; loginFlows = [ "password" ];
}; };
elementCallConfigured = pkgs.element-call.overrideAttrs (old: {
postInstall = (old.postInstall or "") + ''
cp ${
builtins.toFile "element-call-config.json" (
builtins.toJSON {
default_server_config = {
"m.homeserver" = {
base_url = "https://matrix.cyperpunk.de";
server_name = "cyperpunk.de";
};
};
livekit_service_url = "https://cyperpunk.de/livekit/jwt/";
e2ee = {
default = false;
};
}
)
} $out/config.json
'';
});
in in
{ {
@@ -155,6 +183,7 @@ in
8010 # Element 8010 # Element
8011 # Synapse Admin 8011 # Synapse Admin
8012 # FluffyChat 8012 # FluffyChat
8013 # Element Call
]; ];
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
@@ -196,6 +225,15 @@ in
]; ];
root = "${synapseAdmin}"; root = "${synapseAdmin}";
}; };
"element-call.cyperpunk.de" = {
listen = [
{
addr = "0.0.0.0";
port = 8013;
}
];
root = "${elementCallConfigured}";
};
}; };
virtualisation.oci-containers.containers.fluffychat = { virtualisation.oci-containers.containers.fluffychat = {
nixos/roles/matrix/default.nix
+1 -1
View File
@@ -4,8 +4,8 @@
{ {
imports = [ imports = [
./synapse.nix ./synapse.nix
# ./coturn.nix
./clients.nix ./clients.nix
./lk-jwt.nix
]; ];
#networking.firewall = { #networking.firewall = {
nixos/roles/matrix/livekit.nix
+54
View File
@@ -0,0 +1,54 @@
{ config, lib, ... }:
{
sops.secrets.livekit_key_sfu = { };
services.livekit = {
enable = true;
openFirewall = true;
keyFile = config.sops.secrets.livekit_key_sfu.path;
settings = {
rtc = {
tcp_port = 7881;
#udp_port = 7882;
port_range_start = 50000;
port_range_end = 60000;
use_external_ip = true;
node_ip = "178.254.8.35";
};
room = {
auto_create = false;
enabled_codecs = [
{ mime = "video/VP8"; }
{ mime = "video/VP9"; }
{ mime = "video/H264"; }
{ mime = "audio/opus"; }
];
enable_remote_unmute = true;
};
};
};
networking.firewall.allowedTCPPorts = [ 7881 ];
systemd.services.livekit.serviceConfig = {
PrivateUsers = lib.mkForce false;
DynamicUser = lib.mkForce false;
User = "livekit";
Group = "livekit";
RestrictAddressFamilies = lib.mkForce [
"AF_INET"
"AF_INET6"
"AF_NETLINK"
"AF_UNIX"
];
SystemCallFilter = lib.mkForce [ "@system-service" ];
};
users = {
users.livekit = {
isSystemUser = true;
group = "livekit";
};
groups.livekit = { };
};
}
nixos/roles/matrix/lk-jwt.nix
+24
View File
@@ -0,0 +1,24 @@
{ config, lib, ... }:
let
domain = "cyperpunk.de";
synapseUrl = "http://100.109.179.25:8008";
in
{
sops.secrets.livekit_key_jwt = { };
networking.firewall.allowedTCPPorts = [ 18080 ];
services.lk-jwt-service = {
enable = true;
keyFile = config.sops.secrets.livekit_key_jwt.path;
livekitUrl = "wss://cyperpunk.de/livekit/sfu";
};
systemd.services.lk-jwt-service = {
environment = {
LIVEKIT_FULL_ACCESS_HOMESERVERS = domain;
MATRIX_BASE_URL = synapseUrl;
LIVEKIT_JWT_BIND = lib.mkForce ":18080";
};
};
}
nixos/roles/matrix/synapse.nix
+14 -1
View File
@@ -33,6 +33,10 @@
experimental_features = { experimental_features = {
"msc3266_enabled" = true; "msc3266_enabled" = true;
"msc3779_enabled" = true; "msc3779_enabled" = true;
"msc3401_enabled" = true;
"msc4143_enabled" = true;
"msc4195_enabled" = true;
"msc4222_enabled" = true;
}; };
listeners = [ listeners = [
{ {
@@ -46,6 +50,7 @@
names = [ names = [
"client" "client"
"federation" "federation"
"openid"
]; ];
compress = false; compress = false;
} }
@@ -59,7 +64,15 @@
resources = [ ]; resources = [ ];
} }
]; ];
matrix_rtc = {
enabled = true;
transports = [
{
type = "livekit";
livekit_service_url = "https://cyperpunk.de/livekit/jwt/";
}
];
};
enable_metrics = true; enable_metrics = true;
}; };
}; };
nixos/roles/monitoring.nix
+1
View File
@@ -19,6 +19,7 @@ let
"cyper-desktop" = "192.168.2.40"; "cyper-desktop" = "192.168.2.40";
"cyper-node-1" = "192.168.2.30"; "cyper-node-1" = "192.168.2.30";
"cyper-node-2" = "192.168.2.31"; "cyper-node-2" = "192.168.2.31";
"cyper-proxy" = "178.254.8.35";
}; };
mkWeatherScrapeConfigs = mkWeatherScrapeConfigs =
nixos/roles/nginx.nix
+73 -5
View File
@@ -34,7 +34,17 @@ let
extraConfig = '' extraConfig = ''
default_type application/json; default_type application/json;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver":{"base_url":"https://matrix.cyperpunk.de"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://cyperpunk.de/livekit/jwt"}]}'; return 200 '{
"m.homeserver":{
"base_url":"https://matrix.cyperpunk.de"
},
"org.matrix.msc4143.rtc_foci":[
{
"type":"livekit",
"livekit_service_url":"https://cyperpunk.de/livekit/jwt/"
}
]
}';
''; '';
}; };
"/.well-known/matrix/server" = { "/.well-known/matrix/server" = {
@@ -68,6 +78,7 @@ in
"git.cyperpunk.de" = mkProxy 9000; "git.cyperpunk.de" = mkProxy 9000;
"search.cyperpunk.de" = mkProxy 11080; "search.cyperpunk.de" = mkProxy 11080;
"file.cyperpunk.de" = mkProxy 10000; "file.cyperpunk.de" = mkProxy 10000;
"ngx.cyperpunk.de" = mkWsProxy 28101;
"vault.cyperpunk.de" = mkWsProxy 8222; "vault.cyperpunk.de" = mkWsProxy 8222;
"fluffy.cyperpunk.de" = mkWsProxy 8012; "fluffy.cyperpunk.de" = mkWsProxy 8012;
@@ -89,7 +100,46 @@ in
"calvin.cyperpunk.de" = mkWsProxy 15006; "calvin.cyperpunk.de" = mkWsProxy 15006;
"cinny.cyperpunk.de" = mkWsProxy 8009; "cinny.cyperpunk.de" = mkWsProxy 8009;
"element.cyperpunk.de" = mkWsProxy 8010;
"element-call.cyperpunk.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${upstream}:8013";
proxyWebsockets = true;
extraConfig = ''
add_header Cross-Origin-Opener-Policy "same-origin";
add_header Cross-Origin-Embedder-Policy "require-corp";
add_header Cross-Origin-Resource-Policy "cross-origin";
'';
};
};
"element.cyperpunk.de" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://${upstream}:8010";
proxyWebsockets = true;
};
"/widgets/element-call/config.json" = {
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{
"livekit_service_url": "https://cyperpunk.de/livekit/jwt/",
"default_server_config": {
"m.homeserver": {
"base_url": "https://matrix.cyperpunk.de",
"server_name":"cyperpunk.de"
}
}
}';
'';
};
};
};
"cyperpunk.de" = { "cyperpunk.de" = {
forceSSL = true; forceSSL = true;
@@ -104,12 +154,30 @@ in
}; };
"^~ /livekit/jwt/" = { "^~ /livekit/jwt/" = {
priority = 400; priority = 400;
proxyPass = "http://127.0.0.1:8080"; proxyPass = "http://${upstream}:18080/";
}; };
"^~ /livekit/sfu" = { "^~ /livekit/sfu/" = {
priority = 400; priority = 400;
proxyPass = "http://127.0.0.1:7880"; proxyPass = "http://127.0.0.1:7880/";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
'';
};
"/_matrix/client/unstable/org.matrix.msc4143/rtc/transports" = {
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers "Authorization, Content-Type";
add_header Access-Control-Allow-Methods "GET, OPTIONS";
return 200 '{"rtc_transports":[{"type":"livekit","livekit_service_url":"https://cyperpunk.de/livekit/jwt/"}]}';
'';
}; };
}; };
}; };
nixos/roles/octoprint.nix
+62
View File
@@ -0,0 +1,62 @@
{ lib, pkgs, ... }:
let
octoprint-overlay = self: super: {
octoprint = super.octoprint.override {
packageOverrides = pyself: pysuper: {
octoprint-customcss = pyself.buildPythonPackage {
pname = "OctoPrint-CustomCSS";
version = "20201210";
format = "setuptools";
src = pkgs.fetchFromGitHub {
owner = "crankeye";
repo = "OctoPrint-CustomCSS";
rev = "7a042b11055592b42b59298ad8d579b731081acd";
sha256 = "sha256-N5DjaZ2KzSi1xfmvhS8gWKAMyXz5btYqU1QSRIMkFZY=";
};
propagatedBuildInputs = [ pysuper.octoprint ];
doCheck = false;
meta = with lib; {
description = "A simple plugin for adding custom CSS to OctoPrint";
homepage = "https://github.com/crankeye/OctoPrint-CustomCSS";
license = licenses.agpl3Only;
};
};
octoprint-bedlevelvisualizer = pyself.buildPythonPackage {
pname = "OctoPrint-BedLevelVisualizer";
version = "1.1.1";
format = "setuptools";
src = pkgs.fetchFromGitHub {
owner = "jneilliii";
repo = "OctoPrint-BedLevelVisualizer";
rev = "1.1.1";
sha256 = "1v7gqyp605z3hyc1w8a2h6ir6k0vp2ccby1wwxlri6h4i2yii5z8";
};
propagatedBuildInputs = [ pysuper.octoprint ];
doCheck = false;
meta = with lib; {
description = "Visualize your bed leveling via a 3D mesh";
homepage = "https://github.com/jneilliii/OctoPrint-BedLevelVisualizer";
license = licenses.mit;
};
};
};
};
};
in
{
nixpkgs.overlays = [ octoprint-overlay ];
services.octoprint = {
enable = true;
host = "0.0.0.0";
openFirewall = true;
port = 5000;
plugins =
ps: with ps; [
octoprint-customcss
octoprint-bedlevelvisualizer
];
};
}
nixos/roles/paperless-ngx.nix
+30 -24
View File
@@ -1,44 +1,50 @@
{ pkgs, ... }: { config, ... }:
{ {
sops.secrets.paperless_admin = {
owner = "paperless";
};
services.paperless = { services.paperless = {
enable = true; enable = true;
package = pkgs.paperless-ngx;
address = "0.0.0.0"; address = "0.0.0.0";
port = 28101; port = 28101;
domain = "ngx.cyperpunk.de";
consumptionDir = "/storage/fast/paperless/consume";
dataDir = "/storage/fast/paperless";
configureTika = true;
passwordFile = config.sops.secrets.paperless_admin.path;
settings = { settings = {
PAPERLESS_USE_X_FORWARDED_HOST = true;
# Da der Proxy auf einem anderen Server (via Tailscale) liegt: PAPERLESS_USE_X_FORWARDED_PORT = true;
# Erlaubt Paperless, die 'X-Forwarded-*' Header zu akzeptieren
PAPERLESS_USE_X_FORWARDED_HOST = "true";
PAPERLESS_USE_X_FORWARDED_PORT = "true";
# Erlaubt den Zugriff über die Domain UND die Tailscale-IP
# Der Stern '*' ist die einfachste Lösung für private Server
PAPERLESS_ALLOWED_HOSTS = "ngx.cyperpunk.de,100.109.179.25,localhost"; PAPERLESS_ALLOWED_HOSTS = "ngx.cyperpunk.de,100.109.179.25,localhost";
# Füge die IP auch zu den vertrauenswürdigen Ursprüngen hinzu (für CSRF)
PAPERLESS_CSRF_TRUSTED_ORIGINS = [ PAPERLESS_CSRF_TRUSTED_ORIGINS = [
"https://ngx.cyperpunk.de" "https://ngx.cyperpunk.de"
"http://100.109.179.25:28101" "http://100.109.179.25:28101"
]; ];
# Restliche Einstellungen bleiben gleich
PAPERLESS_OCR_LANGUAGE = "deu+eng"; PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_CONSUMPTION_DIR = "/var/lib/paperless/consume"; # Falls du den Bind-Mount nutzt PAPERLESS_CONSUMER_POLLING = 60;
PAPERLESS_URL = "https://ngx.cyperpunk.de"; };
exporter = {
enable = true;
directory = "/storage/backup/paperless";
}; };
}; };
# Gruppe und Berechtigungen wie besprochen
users.users.paperless.extraGroups = [ "users" ]; users.users.paperless.extraGroups = [ "users" ];
systemd.tmpfiles.rules = [ systemd = {
"d /storage/internal/paperless 0775 root users -" tmpfiles.rules = [
"z /storage/internal/paperless 0775 root users -" "d /storage/fast/paperless 0775 paperless paperless -"
]; "d /storage/fast/paperless/media 0775 paperless paperless -"
"d /storage/fast/paperless/consume 0775 paperless paperless -"
"d /storage/backup/paperless 0775 root users -"
];
# Öffne den Port für Tailscale (oder das lokale Netz) services.paperless-scheduler = {
after = [ "systemd-tmpfiles-setup.service" ];
requires = [ "systemd-tmpfiles-setup.service" ];
};
};
networking.firewall.allowedTCPPorts = [ 28101 ]; networking.firewall.allowedTCPPorts = [ 28101 ];
} }
secrets/secrets.yaml
+5 -2
View File
@@ -7,6 +7,9 @@ matrix_registration_secret: ENC[AES256_GCM,data:KhKkJZqwE8xk4/tuQ7NYTv/Ot1qCAiy8
vaultwarden_admin_token: ENC[AES256_GCM,data:yoBs4CaIEJXB5b3PEwTpXFgxpX39hR9A4r9yamwDV7cTSRRp3n3O2VjDKTcI5Vo6RP2QUjcqUqYf98cZ09wDMc+6+oHHJke7+O0FgRgOC0vOQFs4bfZCBJBLxogrGiwtLGkyykR6VYhrT64AN3CbrXflj82OED2Hl8WwEdruBzGIcfnh6FqQowDx6vDR/kXXJHk=,iv:PJQo5V7FaKPQ+GzZNsy3KB+xyjcDKJ1UBHErrqgn/1U=,tag:BRIDJEDOAeToqio/DHMQaA==,type:str] vaultwarden_admin_token: ENC[AES256_GCM,data:yoBs4CaIEJXB5b3PEwTpXFgxpX39hR9A4r9yamwDV7cTSRRp3n3O2VjDKTcI5Vo6RP2QUjcqUqYf98cZ09wDMc+6+oHHJke7+O0FgRgOC0vOQFs4bfZCBJBLxogrGiwtLGkyykR6VYhrT64AN3CbrXflj82OED2Hl8WwEdruBzGIcfnh6FqQowDx6vDR/kXXJHk=,iv:PJQo5V7FaKPQ+GzZNsy3KB+xyjcDKJ1UBHErrqgn/1U=,tag:BRIDJEDOAeToqio/DHMQaA==,type:str]
flame_phil_password: ENC[AES256_GCM,data:Xy2ixMeRlnzC2gjKGrjfSbz/ee4=,iv:WFuBS8jn7WYRxEDG3XBzCMnm4eNkHQpSs5+GUwq/dcg=,tag:1zzj0eB9/4KrmYAqcxJMlg==,type:str] flame_phil_password: ENC[AES256_GCM,data:Xy2ixMeRlnzC2gjKGrjfSbz/ee4=,iv:WFuBS8jn7WYRxEDG3XBzCMnm4eNkHQpSs5+GUwq/dcg=,tag:1zzj0eB9/4KrmYAqcxJMlg==,type:str]
flame_calvin_password: ENC[AES256_GCM,data:P5ppyqTjAJ1TL4hXtx5WyoS9a+g=,iv:sq98P3Oqud2FXfqsD76YS/p5NEF2xlN0MfG+ukCB9B0=,tag:AeKnu4Hg4xQ3tII0y6oNpQ==,type:str] flame_calvin_password: ENC[AES256_GCM,data:P5ppyqTjAJ1TL4hXtx5WyoS9a+g=,iv:sq98P3Oqud2FXfqsD76YS/p5NEF2xlN0MfG+ukCB9B0=,tag:AeKnu4Hg4xQ3tII0y6oNpQ==,type:str]
paperless_admin: ENC[AES256_GCM,data:sVvlMQ3dDE2XsDfpwpCTbzPCEKdUMNTFtRXDIuBbgyf1gd6oiJzE23Ytc57plNUGg5h5aEtgxZ7NXeuK5vrhQw==,iv:x+QNAzY9k9t23UYlM9GcAke0urEA5jlV0VzHaBQkm7M=,tag:D/bMtjuwrX6pquZfJLwdkQ==,type:str]
livekit_key_sfu: ENC[AES256_GCM,data:3pRAN0Vz134mg/omkSRlC9OAvToQg42aZbXj7TurYYOLUMnW6sWk+eexyIcYAAjCSP5GRES4WySuN/qjGeUDBKr8OYAxTXjR/w==,iv:NYhcfiKlXT3v5R4djkhHusMMRYgc3bCM66VD0G2MyME=,tag:8341ntSCmteTn+6AM0xu8g==,type:str]
livekit_key_jwt: ENC[AES256_GCM,data:9cBMJ0AyyWaoUZsXmnGvIL7EPIO8l16TQRBC6iK6h1TQAriOTPicfcE40Itf7cmiplZFtK6z7DhkgggRpG88HT7ZCvcXP0P69A==,iv:GiZb/8Vz4tiLG8kpF93kiFkmmA/KdgWr0ILARsL15oo=,tag:SZxzfFSk125q9sqlRbsxdw==,type:str]
gitea: gitea:
dbPassword: ENC[AES256_GCM,data:S6VvRgkdYk1AzXljyQEEq68UJ9zrFy6+INBMIAspXNcqcM6o+es19o0mcXA=,iv:/pHYpkZZq+9Md+75uSCb2YXfSvaDzUh6mMfH53wb7eg=,tag:ZnbyCQwrK2JnbO5HFqgJYw==,type:str] dbPassword: ENC[AES256_GCM,data:S6VvRgkdYk1AzXljyQEEq68UJ9zrFy6+INBMIAspXNcqcM6o+es19o0mcXA=,iv:/pHYpkZZq+9Md+75uSCb2YXfSvaDzUh6mMfH53wb7eg=,tag:ZnbyCQwrK2JnbO5HFqgJYw==,type:str]
internalToken: ENC[AES256_GCM,data:7N8TkPNb1YdCk2uAcCvVd2pKRVOf85//DYxAvz0UCg1E8ccEI5630xVyKafDFiSTM4ER7xiYelartzXL0jLWSf3QNOjSHUP8TIAz4bJRAZUJPxO917bURSLGGe7WEOfONzqy3Ts5QhrJ,iv:DiIs1ytlwLvqD/Ejep6m2fmpSqdFZkxBcgLNt6+29jY=,tag:8jsEcOkH0p+1mP9cnVjiDQ==,type:str] internalToken: ENC[AES256_GCM,data:7N8TkPNb1YdCk2uAcCvVd2pKRVOf85//DYxAvz0UCg1E8ccEI5630xVyKafDFiSTM4ER7xiYelartzXL0jLWSf3QNOjSHUP8TIAz4bJRAZUJPxO917bURSLGGe7WEOfONzqy3Ts5QhrJ,iv:DiIs1ytlwLvqD/Ejep6m2fmpSqdFZkxBcgLNt6+29jY=,tag:8jsEcOkH0p+1mP9cnVjiDQ==,type:str]
@@ -25,7 +28,7 @@ sops:
N3I5dzUwc3JtYzczMUhyT04vSHlZamMKT+FzYcDLmlEFYxm/XoBpJb8XaZzBH1v9 N3I5dzUwc3JtYzczMUhyT04vSHlZamMKT+FzYcDLmlEFYxm/XoBpJb8XaZzBH1v9
6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w== 6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-25T01:01:15Z" lastmodified: "2026-04-30T12:21:26Z"
mac: ENC[AES256_GCM,data:LEoQilJrVhhzLdAyMz2xugOlnsu1j3XyCJbRLnMpRivbOFlqOu9dvwAJJ8gDzizOxTwh/24YD14f+njdPGNSB42O9sD9Mcb9UdB3N2pzHNaaUYQXFDHdqfxTQ93sYkwOP4KZHbMgbtzb1a/1a+G2cLhBcmIZSdOdkAzcVwUVmVY=,iv:D9xDKS2X6AiJi61/a/YbU+DvhTq5XB30HvE85i5lGvo=,tag:ztDsyGvk4KhBa6NJdOqhGg==,type:str] mac: ENC[AES256_GCM,data:sta1qQugWsGS0+g8stmyxHtKOiba6QiVyGfV5krJ688wrW1Ox38RW1cYf9+9Z04hXVQukYguR/k/y7v49oQxoefH5+7zlt/BxzadvPC5f55RsDREC7U4FKcpEEb2Pt1PtscQ3Trx/nDy3x5S8zJ1Uy1QTvSsEccQ+FYel6pcsgQ=,iv:r8spgHthtKoJjlHIpNGpVde1WFVI0xwbE1yJ4W6nHl8=,tag:qXnmmFRDISV3LTmlSlHgvA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.2 version: 3.12.2