home/kubernetes-deployments
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

Replace Authelia with Authentik

Browse source
This commit is contained in:
Pim Kunis 2025-02-10 22:51:18 +01:00
parent b09ce94621
commit 81b553c8b0
13 changed files with 117 additions and 313 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
deployments.nix
View file

@ -124,8 +124,8 @@
namespace = "ntfy";
};
authelia = {
module.authelia.enable = true;
namespace = "authelia";
authentik = {
module.authentik.enable = true;
namespace = "authentik";
};
}

23
flake.lock generated
View file

@ -666,11 +666,11 @@
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1738631908,
"narHash": "sha256-ndQgb/SAeOcgbsG7b+7qhrVn+XSTjs/Vk5m7eEb/HZY=",
"lastModified": 1739200411,
"narHash": "sha256-9Vil9l0+QIPhEh/97Ehu3yoqaR+5d820F/tMY6rtbYs=",
"owner": "farcaller",
"repo": "nixhelm",
"rev": "e105a8264cc981d47a0f6fbfcdcc87681487aa0c",
"rev": "5b365cdeae7077e6c06524d5317f82a593546b50",
"type": "github"
},
"original": {
@ -786,22 +786,6 @@
"type": "github"
}
},
"nixpkgs-prowlarr": {
"locked": {
"lastModified": 1737932785,
"narHash": "sha256-0OW0c742vfXyJflQGWhwMSxk/nbivBOibHei8P2ADRA=",
"owner": "rhoriguchi",
"repo": "nixpkgs",
"rev": "67ead92f4a53625a8afbead0107a6139c4f668b6",
"type": "github"
},
"original": {
"owner": "rhoriguchi",
"ref": "prowlarr",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1720386169,
@ -968,7 +952,6 @@
"nixng": "nixng",
"nixpkgs": "nixpkgs_3",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-prowlarr": "nixpkgs-prowlarr",
"servers": "servers",
"treefmt-nix": "treefmt-nix_4"
}

1
flake.nix
View file

@ -7,7 +7,6 @@
flake-utils.url = "github:numtide/flake-utils";
treefmt-nix.url = "github:numtide/treefmt-nix";
blog.url = "git+https://git.kun.is/pim/blog";
nixpkgs-prowlarr.url = "github:rhoriguchi/nixpkgs/prowlarr";
git-hooks = {
url = "github:cachix/git-hooks.nix";

227
modules/authelia.nix
View file

@ -1,227 +0,0 @@
{
nixhelm,
system,
config,
lib,
...
}: {
options.authelia.enable = lib.mkEnableOption "authelia";
config = lib.mkIf config.authelia.enable {
kubernetes = {
helm.releases.authelia = {
chart = nixhelm.chartsDerivations.${system}.authelia.authelia;
includeCRDs = true;
namespace = "authelia";
values = {
pod = {
kind = "Deployment";
replicas = 1;
extraVolumes = [
{
name = "data";
persistentVolumeClaim.claimName = "data";
}
];
extraVolumeMounts = [
{
name = "data";
mountPath = "/storage";
}
];
};
secret.additionalSecrets.authelia.items = [
{
key = "storage";
path = "storage";
}
{
key = "session";
path = "session";
}
{
key = "users";
path = "users";
}
{
key = "smtpPassword";
path = "smtpPassword";
}
{
key = "oidc_hmac_secret";
path = "oidc_hmac_secret";
}
{
key = "oidc_jwk_rs256_private";
path = "oidc.jwk.RS256.pem";
}
{
key = "freshrss_client_secret";
path = "freshrss_client_secret";
}
{
key = "hedgedoc_client_secret";
path = "hedgedoc_client_secret";
}
];
configMap = {
identity_providers.oidc = {
enabled = true;
hmac_secret = {
secret_name = "authelia";
path = "oidc_hmac_secret";
};
jwks = [
{
algorithm = "RS256";
key.path = "/secrets/authelia/oidc.jwk.RS256.pem";
}
];
clients = [
{
client_id = "HDp48U5TaX-3gWKNEfHx5ea2C7gfaQm-OsSWREq4WTzln56IBGy.rT61lq9rF-LTZFlWOd44";
client_name = "FreshRSS";
client_secret.path = "/secrets/authelia/freshrss_client_secret";
public = false;
authorization_policy = "two_factor";
redirect_uris = ["https://freshrss.griffin-mermaid.ts.net/i/oidc/"];
scopes = ["openid" "groups" "email" "profile"];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic";
consent_mode = "implicit";
}
{
client_id = "ZZI33JnLIuGk58HPkN_YEfETxNTz-1Mq--YPu9Sa6Y39BwykY0GDmxBVn1w9X70fIHT09xHq";
client_name = "HedgeDoc";
client_secret.path = "/secrets/authelia/hedgedoc_client_secret";
public = false;
authorization_policy = "two_factor";
redirect_uris = ["https://md.kun.is/auth/oauth2/callback"];
scopes = ["openid" "profile" "email" "groups"];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
consent_mode = "implicit";
}
];
};
access_control = {
default_policy = "one_factor";
rules = [
{
domain = "cyberchef.kun.is";
policy = "two_factor";
}
];
};
authentication_backend = {
password_reset.disable = true;
ldap.enabled = false;
file = {
enabled = true;
path = "/secrets/authelia/users";
search.email = true;
password.algorithm = "argon2";
};
};
storage = {
encryption_key = {
secret_name = "authelia";
path = "storage";
};
local = {
enabled = true;
path = "/storage/database.sqlite";
};
};
session = {
encryption_key = {
secret_name = "authelia";
path = "session";
};
cookies = [
{
domain = "kun.is";
subdomain = "auth";
}
];
};
notifier = {
filesystem.enabled = false;
smtp = {
enabled = true;
address = "submission://mail.smtp2go.com:2525";
identifier = "auth.kun.is";
sender = "Authelia <authelia@kun.is>";
username = "uxY88HYzbBTAoWYm4PUxpT76u";
password = {
secret_name = "authelia";
path = "smtpPassword";
};
};
};
};
};
};
resources = {
deployments.authelia.spec = {
strategy = {
type = "RollingUpdate";
rollingUpdate = {
maxSurge = lib.mkForce 0;
maxUnavailable = lib.mkForce 1;
};
};
};
secrets.authelia.stringData = {
storage = "ref+sops://secrets.yml#/authelia/encryption_keys/storage";
session = "ref+sops://secrets.yml#/authelia/encryption_keys/session";
smtpPassword = "ref+sops://secrets.yml#/authelia/smtpPassword";
users = "ref+sops://secrets.yml#/authelia/users";
oidc_hmac_secret = "ref+sops://secrets.yml#/authelia/oidc/hmac_secret";
oidc_jwk_rs256_private = "ref+sops://secrets.yml#/authelia/oidc/jwk_rs256/private";
oidc_jwk_rs256_public = "ref+sops://secrets.yml#/authelia/oidc/jwk_rs256/public";
freshrss_client_secret = "ref+sops://secrets.yml#/freshrss/oidc/client_secret/digest";
hedgedoc_client_secret = "ref+sops://secrets.yml#/hedgedoc/oidc/client_secret/digest";
};
};
};
lab = {
ingresses.authelia = {
host = "auth.kun.is";
service = {
name = "authelia";
portName = "http";
};
};
longhorn.persistentVolumeClaim.data = {
volumeName = "authelia";
storage = "100Mi";
};
};
};
}

78
modules/authentik.nix Normal file
View file

@ -0,0 +1,78 @@
{
nixhelm,
system,
config,
lib,
...
}: {
options.authentik.enable = lib.mkEnableOption "authentik";
config = lib.mkIf config.authentik.enable {
kubernetes = {
helm.releases.authentik = {
chart = nixhelm.chartsDerivations.${system}.authentik.authentik;
includeCRDs = true;
namespace = "authentik";
values = {
authentik = {
secret_key = "ref+sops://secrets.yml#/authentik/secret_key";
postgresql.password = "ref+sops://secrets.yml#/authentik/postgresql_password";
};
postgresql = {
enabled = true;
auth.password = "ref+sops://secrets.yml#/authentik/postgresql_password";
primary.persistence.existingClaim = "db";
};
redis = {
enabled = true;
master.persistence.existingClaim = "redis";
};
email = {
host = "mail.smtp2go.com";
port = 2525;
username = "ref+sops://secrets.yml#/smtp2go/username";
password = "ref+sops://secrets.yml#/smtp2go/password";
from = "Authentik <authentik@kun.is>";
};
};
};
};
lab = {
longhorn.persistentVolumeClaim = {
db = {
volumeName = "authentik-db";
storage = "10Gi";
};
redis = {
volumeName = "authentik-redis";
storage = "5Gi";
};
};
ingresses.authentik = {
host = "authentik.kun.is";
service = {
name = "authentik-server";
portName = "http";
};
};
tailscaleIngresses = {
tailscale-authentik = {
host = "authentik";
service = {
name = "authentik-server";
portName = "http";
};
};
};
};
};
}

5
modules/bootstrap-default.nix
View file

@ -62,7 +62,7 @@
minecraft = {};
tailscale = {};
ntfy = {};
authelia = {};
authentik = {};
};
nodes =
@ -126,8 +126,9 @@
minecraft.storage = "1Gi";
ntfy.storage = "300Mi";
deluge.storage = "500Mi";
authelia.storage = "100Mi";
keepassxc.storage = "100Mi";
authentik-db.storage = "10Gi";
authentik-redis.storage = "5Gi";
};
tailscaleIngresses.tailscale-longhorn = {

2
modules/cyberchef.nix
View file

@ -31,8 +31,6 @@
targetPort = "web";
};
};
ingresses.cyberchef.metadata.annotations."traefik.ingress.kubernetes.io/router.middlewares" = "kube-system-forwardauth-authelia@kubernetescrd";
};
lab.ingresses.cyberchef = {

2
modules/default.nix
View file

@ -29,6 +29,6 @@
./tailscale.nix
./ntfy.nix
./minecraft.nix
./authelia.nix
./authentik.nix
];
}

13
modules/freshrss.nix
View file

@ -37,13 +37,12 @@
ADMIN_EMAIL.value = "pim@kunis.nl";
PUBLISHED_PORT.value = "443";
OIDC_ENABLED.value = "1";
OIDC_PROVIDER_METADATA_URL.value = "https://auth.kun.is/.well-known/openid-configuration";
OIDC_CLIENT_ID.value = "HDp48U5TaX-3gWKNEfHx5ea2C7gfaQm-OsSWREq4WTzln56IBGy.rT61lq9rF-LTZFlWOd44";
OIDC_CLIENT_SECRET.value = "ref+sops://secrets.yml#/freshrss/oidc/client_secret/password";
OIDC_CLIENT_CRYPTO_KEY.value = "ref+sops://secrets.yml#/freshrss/oidc/crypto_key";
OIDC_REMOTE_USER_CLAIM.value = "preferred_username";
OIDC_SCOPES.value = "openid groups email profile";
OIDC_X_FORWARDED_HEADERS.value = "X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto";
OIDC_PROVIDER_METADATA_URL.value = "https://authentik.kun.is/application/o/freshrss/.well-known/openid-configuration";
OIDC_CLIENT_ID.value = "5J2L7Ufq4KMayQ8qrqxHCslxHWL2SXNMKJmsbbiQ";
OIDC_CLIENT_SECRET.value = "ref+sops://secrets.yml#/authentik/oauth2/freshrss/client_secret";
OIDC_CLIENT_CRYPTO_KEY.value = "ref+sops://secrets.yml#/freshrss/oidc_crypto_key";
OIDC_SCOPES.value = "openid email profile";
OIDC_X_FORWARDED_HEADERS.value = "X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host";
ADMIN_PASSWORD.valueFrom.secretKeyRef = {
name = "server";

16
modules/hedgedoc.nix
View file

@ -54,18 +54,16 @@
CMD_PROTOCOL_USESSL.value = "true";
CMD_CSP_ENABLE.value = "false";
CMD_OAUTH2_PROVIDERNAME.value = "Authelia";
CMD_OAUTH2_AUTHORIZATION_URL.value = "https://auth.kun.is/api/oidc/authorization";
CMD_OAUTH2_TOKEN_URL.value = "https://auth.kun.is/api/oidc/token";
CMD_OAUTH2_USER_PROFILE_URL.value = "https://auth.kun.is/api/oidc/userinfo";
CMD_OAUTH2_CLIENT_ID.value = "ZZI33JnLIuGk58HPkN_YEfETxNTz-1Mq--YPu9Sa6Y39BwykY0GDmxBVn1w9X70fIHT09xHq";
CMD_OAUTH2_CLIENT_SECRET.value = "ref+sops://secrets.yml#/hedgedoc/oidc/client_secret/password";
CMD_OAUTH2_SCOPE.value = "openid email profile groups";
CMD_OAUTH2_PROVIDERNAME.value = "Authentik";
CMD_OAUTH2_CLIENT_ID.value = "ZF56062l4BPnq2INv2zaO9cEiE6sAj7CrxbWhExj";
CMD_OAUTH2_CLIENT_SECRET.value = "ref+sops://secrets.yml#/authentik/oauth2/hedgedoc/client_secret";
CMD_OAUTH2_SCOPE.value = "openid email profile";
CMD_OAUTH2_USER_PROFILE_URL.value = "https://authentik.kun.is/application/o/userinfo/";
CMD_OAUTH2_TOKEN_URL.value = "https://authentik.kun.is/application/o/token/";
CMD_OAUTH2_AUTHORIZATION_URL.value = "https://authentik.kun.is/application/o/authorize/";
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR.value = "preferred_username";
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR.value = "name";
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR.value = "email";
CMD_OAUTH2_ROLES_CLAIM.value = "groups";
CMD_OAUTH2_ACCESS_ROLE.value = "hedgedoc";
CMD_DB_URL.valueFrom.secretKeyRef = {
name = "hedgedoc";

18
modules/traefik.nix
View file

@ -61,24 +61,6 @@
};
};
};
middlewares.forwardauth-authelia = {
metadata.labels = {
"app.kubernetes.io/instance" = "authelia";
"app.kubernetes.io/name" = "authelia";
};
spec.forwardAuth = {
address = "http://authelia.authelia.svc.cluster.local/api/authz/forward-auth";
authResponseHeaders = [
"Remote-User"
"Remote-Groups"
"Remote-Email"
"Remote-Name"
];
};
};
};
lab = {

5
nixng-configurations/default.nix
View file

@ -6,7 +6,6 @@
blog,
nixpkgs,
nixpkgs-master,
nixpkgs-prowlarr,
...
}:
flake-utils.lib.eachDefaultSystem (system: let
@ -47,10 +46,8 @@ in {
{
nixpkgs.overlays = [
(_final: _prev: {
inherit (nixpkgs-prowlarr.legacyPackages.${system}) prowlarr;
# From master branch
inherit (nixpkgs-master.legacyPackages.${system}) jellyseerr radicale bazarr;
inherit (nixpkgs-master.legacyPackages.${system}) jellyseerr radicale bazarr prowlarr;
})
];
}

34
secrets.yml
View file

@ -1,10 +1,6 @@
freshrss:
password: ENC[AES256_GCM,data:ECDPrW+VgO8PY9p2fLIreRETNiRL5ZGnu/PMC7aNj8KaWfyNYL+l3w==,iv:srR/r1EtOpC/CKKrCDKcTLVdMFPAYIJIB1CCg8mS0UU=,tag:YN4PqR5uvPkVskpJWD+91g==,type:str]
oidc:
client_secret:
password: ENC[AES256_GCM,data:wlMJwiqCxUFqSVRGZvVkMtcRHW+r74EwpMtIAD499qnmJADsK1jPFsLuAODZ4QsklxWdWDqfNsk7T5FMZ+e61947fEp+QzGC,iv:qDEjlk5sywrMEIXQr8daVntYdTQ5M3KrtCpIHIgLy4U=,tag:QWGI0zISqE6kDR5n3IxQDg==,type:str]
digest: ENC[AES256_GCM,data:8uw5mg6VIERkb96FiJ7CuutUqWfcFk9qDA8w+8e8DBWRlegrfmvHKyg6tfUP6JKc6I1OkzuPMiSHweNJghMY5oH0eJWxU9F9YCtxjW3iJINUYF3tq2phO1kk3LEbjdnmglFMajHz2c8d4NkQ6iAfWziOaTieCN88yvnAACYnBBiU/yA=,iv:rQMDRDavPSHA8rcfJ/iijsMhGFYfcrQfOv6JF4iPbMA=,tag:tDM3+NquRN0Y6Kq9yyTSYA==,type:str]
crypto_key: ENC[AES256_GCM,data:AKEX6F1rAwapjvzz5JSyBbvDxSl4vjeOIKzH13/CMK1QGT5AzhEawpYb1j95/QVREt1M8bKulFpHHZIn8WuFZbdChgA/PMXssd5yznEMVY/qmymGqDOLe0CFv75zRG4c6RTuc0/U33Ez2tSi+DgKtLHpU9MZlgLFXIS4aCb0p0A=,iv:VhWgEzq8gqNDJPP/akmv6c/kuKHH4cv6yT9Mz47bTf4=,tag:b8DviZh9I5ZOFXpEFCU6GQ==,type:str]
oidc_crypto_key: ENC[AES256_GCM,data:dFQKZtFVd5l8W2go6WcK76o7O7hpQWnQKXCGTf9EhSVURvWigv6zzBULie7Y4lkJCsItG8oKmIiCYSy3MhFnU3DJTUJcenm4I7NHyINjvzHOBgUVPXbYQjQhouJwOlPkdqlSKv1f38ItZKNPJebMObZj+kACKbjdik6e6yM40RM=,iv:g6Ygval2qTQwKnrliI+n/r9OxJFePT9MKYyBLU6b3UQ=,tag:kWXTbm2JIR5aL/s4OX2Tqg==,type:str]
pihole:
password: ENC[AES256_GCM,data:MA60825Tl6aYEFVoPgo8k5Vjb9zmIxtPLJriQV1B3P1bOKu1KK7vxQ==,iv:RGZHox8CbJiEEEjMo2k/tNbtjCPy/QY7vOuMN/YNZcg=,tag:yphrq03IKpXM/tSDBLeSgA==,type:str]
hedgedoc:
@ -38,17 +34,17 @@ immich:
tailscale:
clientID: ENC[AES256_GCM,data:O8tTyy55xP85JkbJNR5daB4=,iv:SMj83Sxh7BvPRG3l5TnnpmclO5N2treUQCCJuMy8cO8=,tag:UUSN3bsZvb09cyYN65RQDg==,type:str]
clientSecret: ENC[AES256_GCM,data:c8E/a7McI+wGN9TFJ/yzTSkrhUlISmrNJdjDDMqAQrZ8s5wFEZ+4+h+dtwcjF9Ykj198glgny7cP3HubHVDw,iv:ifaP4NmLRQbYQtJQaMMCMaehosapZ2R3im9ew5h6f9E=,tag:XF+xB94nua8RZlkGxFDFFQ==,type:str]
authelia:
encryption_keys:
storage: ENC[AES256_GCM,data:RbD5StdFItHooBt/ESeAqnBRWV8USKedplz9cnZTA5K9k2EIE99yDdwkL+UNpRjN5oTImqQtWo3ESuBiq439ftSMeMyWT++qkV3ImbPOEYInLPdwHTxb28CC5zbY3FGH+GdB5q9V3zK+Pofslw6BMCsoL++tV8EWjX2isCfkWSk=,iv:e83TCcMW2qEc+R2E8209dhRUJvLZw2MPu4IWMSQVMy8=,tag:opewKZtNr4VT5Gj9l9B71Q==,type:str]
session: ENC[AES256_GCM,data:N50TuHkiOvjxbhTzwy7cjYSyMM9txYCas8x+zEhC2vshWi4pD0dHNDVz90jS0waDYAKLxTMYUT9v9zpkXoQ+X2VWa+tzDU3IWixclHktew/ufWN7nXCRBCW/ZEw8Tm4bB61GTalXfpra3q8Z88bMhGcEfaCiHwfnMbhVn5jjQtM=,iv:QPTVCPzuLAZI06rRPCLYiyW/hd3P/r/nxocI4u3qRtk=,tag:1oqJoQedqGsln48jQphENw==,type:str]
smtpPassword: ENC[AES256_GCM,data:Zd2F237gWaL555lf022zjr7VHVcAFUyFxg==,iv:ka8YuGFclNrWV1U0g2ERypiKy6rN5ppPIVlsjBqkFrI=,tag:e+5fO6VR1z1cqYTXJ6Yo+Q==,type:str]
oidc:
hmac_secret: ENC[AES256_GCM,data:4SDX5lopMeomhkMpkei6Qu6S+BBhFGCZswBfOtfWNSzv3qAEme9h3wQeIQ2W18J84RwprTpDZdkk++bbAYoch2iZF1yEV+8XBcmVcg4q+s5isn0lAaTDhHHCZ6Cci8KuyYy5/tcMDgF61oM5H0g7nGv7rhPD8clDubZwAvEDf7g=,iv:S7cCKyWbB4QaqGYsrp9JavKBAMxnfzhnl5bMRyq4TT4=,tag:S2+NglxgDsi4ivvR2FYjsQ==,type:str]
jwk_rs256:
private: ENC[AES256_GCM,data:WaTdMntWZF40pBOsHpKlQAcsVoceQDKkPlNbkwlPjY231cZSgHYw2u3V89BHx1p3LT4OUAEQvBcQ3c8sJbRYHTo7wXVYTwMrWL+KIu5AOp1pqHWESJrxO/12tgITcM5xJx+zwAoc/85l0LK3EIXYayEYe6ISNjx13K3YaSuD74iEXrNtWuvqwvbT9zNtYg8gb+l1FEW+TwS6wdzWyglfZl4erOQXb1a373qRdTz5m71MEPY8nJPS948nxO5M1DgJ8eqyztVdHY+z3X40vsDv3anSApeBNe/jexUVGBmuRtOhoAbirbNo7F8tjbI1qVy1lw0YNiaXAyH/BY2EtcSb9bU/VqCRdLteZnSed4LFrCIFt9mYoAWPX4GjXanfshNUaqM0IEFVjH7cXzf4rKql9VnxvCufupIGKhcOkAuxFtuOPL9q3RVT4CkarhmgDpKKjUlyAHRAvLH2F2l+K6zwEengiYDXkyBzd393Gsee6ML30X/MRSwd1TBqKZ1VInpk3bn/GwVMipywiYsviLE6JW+IcRJiHCI3bbch2aRsq9MP8AE9qornqC9nt6DQKnOr2HvEAjTHGvmiJN2nKaRU/B6T5xmH9nsdZ3CTsmTIkWBi/Fa8th9DvT8UrQe4LiQ8t6/6TrhgZ+QCjgwp59B2dwrPnT7oY8B0o5O0k/06HnsaG0YxyEM2JgVBer0K4BzUAoap4S8YGj88oPVlSHV3ks7qjx8J+pytNmyND3O1CzKUuluTjCLoowyDx9OA8AcfxVCva6BI6EqJEVU0eqlo146kdgERPR4U6TgCAU6uk4rb+SQgwN6brd15AezRKUW9iDbr4hoxCA0XNTzcDLJKKFFU2ZlHdvs9WTif7gmVwAsogy31xWyKdTdSCoUME4mAKeHM2o763UICjL4HO6drMn16G5yA0anxkctVJqWKcpLrD9rVCC30bbFy8u3H1Icfzf2dZxbTLCbJVn5i39I9AqehIOapD7SwN3pyXwicfnr6h1prGKdHQ0cXjlwCiiP7lSBLP+Q4DwjoSVF/Iei4DcFQoHqSpGreGeP5yRNiRe8HEp63yQXFM/l6PMIVZw+0q/VDb5sEUZ6XItAi/UL3CqY1WI5SVvbeuxbKivuxRcspiFRHB9aXS2eG8hx/Oq9OFvPq3eAQ7xtZLw5oMAFgED4epZl3mAaYz8n5m2i2J8QujxP1POqotkeA1uQFelQL1xMUdpIg41mRNch0M3H50fcgR5dJ3k41NAJTCi5B+X9lFVoo/ByLvX4hkmx4YeZ5VPW6hVLiZMcdA+RluBWVAShYXBBg5rV3ak/G8Lj9P/cc1Tg32Qr1m9h3Tl4Q8AEmWBABRXYcZ526fMFdTQa0SkdvO3jp6Zt/6TObygSyOrOjBIgXye4BAT3zuyNK07Z1gOP1X0rE23T50S5A4KCI59QCs+szugk9umUbqeZF3DKj1oiVq1f5I1m2zbBuWq6vi6kH7eD7eSnTqpIuYeOsuWlREvsNHfXOA7lrURy+yLheKYuIRqx+5TKJaapgMkagw5nQ74RAvEJgAPHJaKYt5YJklMSxTkUR6FlvZNq2salMpM+mGrtH9l1tEVUbKh6QAyG4EkUbnFmT3orCgBJJFh+HXMpb6pwVL06+/0sSvgBI1ZBfbGYWk//RKSHbVzOi1UXyW1izeLgSwKNc/ZUCDnZ0hrBafQn3S8Ap+5j9h++fdH9NwfQyGV7GuTMYBkCtG3+l9+iitFWPUnZ2PvNypi4kJX31XlSyR/JoQfvFNm3nWw1pdLJRF7shqYxbSuGx/Fz02zocEvNNu5NBp5+0nPXIWp5PoRHqWHXI6TvNduji0/ycKjLhtpnFV3NhhWq0no5fKo+t4seoQ88oFzbH0wVXnLRALPq6yZ1kzbWhGp5RLmtixEMXcAwuw2Ewol2BhIf2+5o7d7ndgmZ6lOM4LzApumzS0m3z91XQ1keqHZUWA0XdCekIucNrhw4uVIWg228G5IWjI1QuL6c9zeIHl8NvSCzC7lJLXR6NiCzFvVH92krQ91yiEsSvg3+8MkU+6mlLiCvbl98WVMcQ6Ig9Hh+p1ALSuUDDqOK8k4ja3sblwjDE1vQhacm9gaCjYfID+UFpbJ1FLwdOiBrcUu3jSnN2zBViWjH48xnM7kvxliDRbAElyMPylD2wE6Gce/nyueSAktsfPzt3GnHzspfuoDokJ2pss+8u/x/5whe+xkMMEhExWJWTe4WiwYxyM7dIX8JLJBqQ+T3pUQLMYwECHvPstLiQjpWy,iv:cZQEw3E1Kq+Qg1ZB0gwMW87NG1z/tGDnQOpRiCsdpUs=,tag:N/JqLdXIwCerHynMhmvhug==,type:str]
public: ENC[AES256_GCM,data:TivRCWgU3skYJbDopZAdSAZBi7OhgzLjOLi0f8bUN3hEfDS9Bqbo3ZirepWkxDZcEBJH9ut/rAwumWGedU6C71eFtOpC/++c/++VILmWGM2BDUvlUaksaWZE0sNQRZxXmHFd5Fnxq13vVhs0i5Grdu6WG6wdq9dD9iFooLqee5KT6z33lD9THitecYiGf4hccVfJXKriNmNfmFkyv2KMaDNBwgSHtAsXSbYoHOpIz68SzS3KrngSIAvavfSSsW1RXDXvf/3aB94lPtizCZVtKZ+JcHYg3xPesXdwwA6h7A5W7rfJoAQdiDGQJMb4hFhtjhaBGmiUAv5JwRvvEAhQIrVtPmkO9ibir3yDDrcwNXuJDgHrcd0rpSjYWyAM1pgzXiWAiLzhh/AcL+l2xV286XRDwm1xxoPNdGdmOYkiN2AZre8CoR1aFkIP+T479rkOylJq14RzSQAbJ8AaZ6dK2mFxKYFyVpW0aMjEoo9Yqd4IFZpMWIlVALeh3+bpqgtCCkBYq3MX3J0FJ6vL4LUV5855GUrP4CJhSSCAnKaiXKnps2TrHN8Kp1dqtnv1ihq8fwVoSgqiISN4xY8VXsW/IjJYcQ==,iv:o8F7qgHLWhWXEOOSzum+Qore2tGSraqmC1VMWtpaj0I=,tag:Kn5myis0OwoCMa+8yhssPg==,type:str]
users: ENC[AES256_GCM,data:9V0vcpT//ZzFLhlO2gZnns/5T7XEk92iDqTzHFujWC177QUi3LSYY6jcGQ0/3VlDXjsA0PsOV1UzIKc1LJXj9QuedABu48c+4OVN3cinKFs6Tqur/0yQ/T74U8lyap35qwK24lpRE02DZxKd1Tin57AfyfRqG5V6L4MVWzbApDn1cGtIWC3+TuWmO2PeSvNx5KQp/nk36rmTHcNAMZ5srsxMTtzCSTc6SUuCQvdkTbL6UpxQ34WUMkPJM0UfB06eJ19dxXJ6NnG7QlRgf21szuI11I+g6al2XYmCvvcbu2tK6IXVmIbWvdlrZmsaZ6RfN+ZcKqgwZobDTBPVou/Zuaa1SbtBaK45NDVi5I8AlcnKqhejiCdEKMhDavQ5yQrT52GmhbMTCyD3DZTn9fBZDwmpGDJ82Ty7iOtsSuwjKoblOEkEJPn+dJWMJqRcaXw6kguRSjaq7LmS43IWtiGbVhSaZDmKGsnFHHjun6mhvK2irpSw79XXsKxZC5BZhaU3S6aKB8pplak4MqId6hW1Rx7AvBtUJL8A+HIZKcmJzXckM0dvQKrKGQ3JbvmC6QNTtq5YLDLV4wiC4Za8xOxYL+f8ry2+hsFQmXIe5pElmam08nncNo9ZIRSQXYhk/5aeqqDMIjXocIXi9YwN0k2biZLfP5muWq44uIyLciWfSQxhYbTR2xibb4kpoA2eNyptYXul4AR8,iv:qbp7+yepBIPsmpuEGTeHLPENrvfEGoL9u+smf7jqHzo=,tag:u3bkLxICTMm/EEjGjt5ENA==,type:str]
authentik:
secret_key: ENC[AES256_GCM,data:bbEEpymADAGY/fDNMU7FfzveyK2SBUBCitQLN85tB5C5u32PRsRnOa2MDjKGU4kArnyV/WtJQXT4HJ//nMLVh53Q8BYclWYYVFourEjaajTixkZ2gkAfcMJ1mMaQG09ylrwMhLsZWbeaLFzW6dfPSQOCchvj3VhgvJSXuhNmr90=,iv:aE/DGt/yd9wL5qlWfdyT/9SIsCj7U3GcljArcGIdh9k=,tag:CVeiZITOJ71/jdLzjZjteA==,type:str]
postgresql_password: ENC[AES256_GCM,data:4okPqDzPDnx7ZBFQV2Jtk6SEHTskRd2GVG4XLdpMQrgivKsuhQJf1QAnCWHrjmtg74xdlUy2TdPwTWGd5UiM1G90GwHSzLPSJt6X0IFMxCuq/eyYYbD9w8Wk1pVuvqoluPcjN6WoRJdCzap1QITih8B+oSkTJ/rk84xczsjah4U=,iv:r0dYWcsIqdH8FGuBd2dxAJ1AjRmk6k4QYKq0cnZITk4=,tag:errORaXgO7yJW7ERbmdtRg==,type:str]
oauth2:
freshrss:
client_secret: ENC[AES256_GCM,data:e7wdwWRS8KivGkcWaMgSrUEEuOTHzj1oim+qUcLD35/DA/V6itM2XqVPhqIOXHrf6pOyYgprEv14bEx8zUvtT6iXV4fsEUEWeWTgt4NI3YULtx/t0yVDq9Zc8fN9cIqGxGeig1mcQwmm7vByq58mNJEpcfz46swjN2ATf/CPJQs=,iv:xeNgSKd+g4ne8NLw/2KQjTXSvNkqezOhMn5niuWpD38=,tag:ElOUMg0oZ+q15hCgh/Mzug==,type:str]
hedgedoc:
client_secret: ENC[AES256_GCM,data:hdNQzatO6Pf6mxvfO4h1XrhycKMBUHElEwacGttzByi4JDbIndAwYc2GXdwUmytPMYs/s+lVjcdHhspUFWS01DETWQfnWm/GN73GzW18uj3XyRXqt62HhMf18GvRlOWkGX+jYpUTGGoonYes2xijhD/mNCjxKk5Q+6FVFT2mdJ4=,iv:pScEX6YnoU7HelxmCes8A9vJjPdvFbqbclHYMme8OOE=,tag:FURxphI8IDMvOwB4ahD8hg==,type:str]
smtp2go:
username: ENC[AES256_GCM,data:BEr7Rq7rlGvfYEpY/ZXnhM2eClnHdqU81A==,iv:dwYD5h+C5bzS9ikUgxQ51+jRQ32TtDy2PhDbd1tpS8Q=,tag:CjjLDz5n4H28qi8jWf9S4w==,type:str]
password: ENC[AES256_GCM,data:Yys6qy6DRYo16+X+Uj9oa9otjaKBnHOtIQ==,iv:G7H9mxsODShFoVlNMwuV8O18NBG/7LTFDFdqnH83YkE=,tag:hSlYp27QMoPZwiKBqyOpKA==,type:str]
sops:
kms: []
gcp_kms: []
@ -73,8 +69,8 @@ sops:
azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68
UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-09T12:24:21Z"
mac: ENC[AES256_GCM,data:oXJ06eJS12T0T2i0XxQ2wsyLAojIa7X2lJgb4JWY11If7BOtl8wK/FFKh6ukRdM/pM5nARS2ZUgYPmIQxRX+0dfo85AcqAuFzIb8VMhLdLCIuOVciQMMWyrNmyuMzNgYq2lmk8xQarVk2A1DNBfxCiKVc07J/Uz3tVhnXOXkmGA=,iv:4MObZijkp5TDacLRLYVctEhsvDtkY/soYZ3a4WpC/+I=,tag:KUvalf5sLEouIxMDcA4acw==,type:str]
lastmodified: "2025-02-10T21:46:28Z"
mac: ENC[AES256_GCM,data:NMQNgNKgms8fyK0gLSjvLxVprk5k/zSVdJL07+dnXjbbYA7IjsktQF4Nljg641NVU12F4IHr6vLvihDfCI78Qm9c66osp+vdmsYvGwLdploWwjOLONJL8WNiJI6AJjgnbUP9puca+AeKgl8o3ymNfhro+K8GsbRb5+mk8frasGM=,iv:KUSyiojnjbY3e59Ci40+Vk6+6bAyyuhQ5rUlUmVIDBs=,tag:Cr3eQfO8AIiBihTR1T4jxw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.9.4