From 48d519244b1e1406e3e1f7b6406d8e10894c875d Mon Sep 17 00:00:00 2001 From: h7x4 Date: Sat, 30 Mar 2024 15:33:36 +0100 Subject: [PATCH] add secrets --- .../services/idp-simplesamlphp/config.php | 4 +-- .../services/idp-simplesamlphp/default.nix | 24 ++++++++++++------ .../bekkalokk/services/mediawiki/default.nix | 25 ++++++++++++++----- .../services/mediawiki/simplesaml-config.php | 6 ++--- secrets/bekkalokk/bekkalokk.yaml | 14 ++++++++--- 5 files changed, 51 insertions(+), 22 deletions(-) diff --git a/hosts/bekkalokk/services/idp-simplesamlphp/config.php b/hosts/bekkalokk/services/idp-simplesamlphp/config.php index 2e0e2ea..41002bc 100644 --- a/hosts/bekkalokk/services/idp-simplesamlphp/config.php +++ b/hosts/bekkalokk/services/idp-simplesamlphp/config.php @@ -476,12 +476,12 @@ $config = [ * Ensure that you have the required PDO database driver installed * for your connection string. */ - 'database.dsn' => 'mysql:host=localhost;dbname=saml', + 'database.dsn' => 'postgres:host=bicep.pvv.ntnu.no;dbname=idp', /* * SQL database credentials */ - 'database.username' => 'simplesamlphp', + 'database.username' => 'idp', 'database.password' => 'secret', 'database.options' => [], diff --git a/hosts/bekkalokk/services/idp-simplesamlphp/default.nix b/hosts/bekkalokk/services/idp-simplesamlphp/default.nix index ec031f0..945e653 100644 --- a/hosts/bekkalokk/services/idp-simplesamlphp/default.nix +++ b/hosts/bekkalokk/services/idp-simplesamlphp/default.nix @@ -85,9 +85,12 @@ let substituteInPlace "$out" \ --replace '$SAML_COOKIE_SECURE' 'true' \ - --replace '$SAML_COOKIE_SALT' '"asdfasdfasjdf"' \ - --replace '$SAML_ADMIN_PASSWORD' '"asdfasdfasdf"' \ + --replace '$SAML_COOKIE_SALT' 'readfile("${config.sops.secrets."idp/cookie_salt".path}")' \ + --replace '$SAML_ADMIN_PASSWORD' 'readfile("${config.sops.secrets."idp/admin_password".path}")' \ --replace '$SAML_TRUSTED_DOMAINS' 'array( "idp2.pvv.ntnu.no" )' \ + --replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \ + --replace '$SAML_DATABASE_USERNAME' '"idp"' \ + --replace '$SAML_DATABASE_PASSWORD' 'readfile("${config.sops.secrets."idp/postgres_password".path}")' \ --replace '$STATE_DIRECTORY' '/var/lib/idp' \ --replace '$CACHE_DIRECTORY' '/var/cache/idp' ''; @@ -111,16 +114,23 @@ in config = { sops.secrets = { - "idp/certificate" = { - owner = "idp"; - group = "idp"; - mode = "0770"; - }; "idp/privatekey" = { owner = "idp"; group = "idp"; mode = "0770"; }; + "idp/admin_password" = { + owner = "idp"; + group = "idp"; + }; + "idp/postgres_password" = { + owner = "idp"; + group = "idp"; + }; + "idp/cookie_salt" = { + owner = "idp"; + group = "idp"; + }; }; users.groups."idp" = { }; diff --git a/hosts/bekkalokk/services/mediawiki/default.nix b/hosts/bekkalokk/services/mediawiki/default.nix index 7bf7ca4..b8e4e12 100644 --- a/hosts/bekkalokk/services/mediawiki/default.nix +++ b/hosts/bekkalokk/services/mediawiki/default.nix @@ -18,9 +18,12 @@ substituteInPlace "$out" \ --replace '$SAML_COOKIE_SECURE' 'true' \ - --replace '$SAML_COOKIE_SALT' '"asdfasdfasjdf"' \ - --replace '$SAML_ADMIN_PASSWORD' '"asdfasdfasdf"' \ + --replace '$SAML_COOKIE_SALT' 'readfile("${config.sops.secrets."mediawiki/simplesamlphp/cookie_salt".path}")' \ + --replace '$SAML_ADMIN_PASSWORD' 'readfile("${config.sops.secrets."mediawiki/simplesamlphp/admin_password".path}")' \ --replace '$SAML_TRUSTED_DOMAINS' 'array( "wiki2.pvv.ntnu.no" )' \ + --replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=mediawiki_simplesamlphp"' \ + --replace '$SAML_DATABASE_USERNAME' '"mediawiki_simplesamlphp"' \ + --replace '$SAML_DATABASE_PASSWORD' 'readfile("${config.sops.secrets."mediawiki/simplesamlphp/postgres_password".path}' \ --replace '$STATE_DIRECTORY' '/var/lib/mediawiki' \ --replace '$CACHE_DIRECTORY' '/var/cache/mediawiki/idp' ''; @@ -31,12 +34,22 @@ in { sops.secrets = { "mediawiki/password" = { - restartUnits = [ "mediawiki-init.service" "phpfpm-mediawiki.service" ]; owner = user; group = group; }; - "mediawiki/database" = { - restartUnits = [ "mediawiki-init.service" "phpfpm-mediawiki.service" ]; + "mediawiki/postgres_password" = { + owner = user; + group = group; + }; + "mediawiki/simplesamlphp/postgres_password" = { + owner = user; + group = group; + }; + "mediawiki/simplesamlphp/cookie_salt" = { + owner = user; + group = group; + }; + "mediawiki/simplesamlphp/admin_password" = { owner = user; group = group; }; @@ -52,7 +65,7 @@ in { type = "postgres"; host = "postgres.pvv.ntnu.no"; port = config.services.postgresql.port; - passwordFile = config.sops.secrets."mediawiki/database".path; + passwordFile = config.sops.secrets."mediawiki/postgres_password".path; createLocally = false; # TODO: create a normal database and copy over old data when the service is production ready name = "mediawiki_test"; diff --git a/hosts/bekkalokk/services/mediawiki/simplesaml-config.php b/hosts/bekkalokk/services/mediawiki/simplesaml-config.php index f383e0b..ee156ec 100644 --- a/hosts/bekkalokk/services/mediawiki/simplesaml-config.php +++ b/hosts/bekkalokk/services/mediawiki/simplesaml-config.php @@ -476,13 +476,13 @@ $config = [ * Ensure that you have the required PDO database driver installed * for your connection string. */ - 'database.dsn' => 'mysql:host=localhost;dbname=saml', + 'database.dsn' => $SAML_DATABASE_DSN, /* * SQL database credentials */ - 'database.username' => 'simplesamlphp', - 'database.password' => 'secret', + 'database.username' => $SAML_DATABASE_USERNAME, + 'database.password' => $SAML_DATABASE_PASSWORD, 'database.options' => [], /* diff --git a/secrets/bekkalokk/bekkalokk.yaml b/secrets/bekkalokk/bekkalokk.yaml index 405497c..d1cc815 100644 --- a/secrets/bekkalokk/bekkalokk.yaml +++ b/secrets/bekkalokk/bekkalokk.yaml @@ -10,12 +10,18 @@ gitea: epsilon: ENC[AES256_GCM,data:JMnZVBdiy+5oPyXgDpfYvy7qLzIEfHy09fQSBDpNG4zDXTil2pSKBKxk09h5xg==,iv:/8oXKJW6+sMBjDt51MqVAWjQPM5nk02Lv5QqbZsZ5ms=,tag:+Rx7ursfVWc0EcExCLgLhQ==,type:str] mediawiki: password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str] - database: ENC[AES256_GCM,data:EvVK3Mo6cZiIZS+gTxixU4r9SXN41VqwaWOtortZRNH+WPJ4xcYvzYMJNg==,iv:JtFTRLn3fzKIfgAPRqRgQjct7EdkEHtiyQKPy8/sZ2Q=,tag:nqzseG6BC0X5UNI/3kZZ3A==,type:str] + postgres_password: ENC[AES256_GCM,data:XIOmrOVXWvMMcPJtmovhdyZvLlhmrsrwjuMMkdEY1NIXWjevj5XEkp6Cpw==,iv:KMPTRzu3H/ewfEhc/O0q3o230QNkABfPYF/D1SYL2R8=,tag:sFZiFPHWxwzD9HndPmH3pQ==,type:str] + simplesamlphp: + postgres_password: ENC[AES256_GCM,data:rzzp73rbL4emNPzt+UqiMnHlOfZnqd4B,iv:L6aXf7E+QmU6a1PyDGJTV/T38w8fZzd6UFgZgue5xlk=,tag:H3vMZ7lKs4yZ+9PQEThwwg==,type:str] + cookie_salt: ENC[AES256_GCM,data:xgpi8f2iPLH+fWt5oWylA3ZcvAC2ePK0k4rIDHd37S4JBH1oE4cdcJ+9hG9AEXX17bACO+PHbFMELUQO+XY2JA==,iv:3yvwuEy8CLHiWegPFxifT3vvcdG21NuYxYWPsW/xemk=,tag:A//N9XEmsmW2aMv6w/Pajw==,type:str] + admin_password: ENC[AES256_GCM,data:rtXRt3tB8OLFq2ru3+NRa8hrZEgg+r2I,iv:Lz69n8yy/lbKuZM+RtdW7ME3Vj6f1AJHAmanQ5Wpe5k=,tag:l2ewwWi+ltCEHhwoIgGFkQ==,type:str] keycloak: database: ENC[AES256_GCM,data:76+AZnNR5EiturTP7BdOCKE90bFFkfGlRtviSP5NHxPbb3RfFPJEMlwtzA==,iv:nS7VTossHdlrHjPeethhX+Ysp9ukrb5JD7kjG28OFpY=,tag:OMpiEv9nQA7v6lWJfNxEEw==,type:str] idp: + cookie_salt: ENC[AES256_GCM,data:fj57BnGNeDjmNWqAZeYn7QyOT/pMxX8dJamwc+Gtcl0IPhfqL7tf7v6czopKkZhIipKVmatG9lctQzHDy+FrVw==,iv:mBDGatLRC0PD540P0yZjXyEsMFZuDalxShPUdnKGvHs=,tag:qkQ2sPkHZliR0e8HhP+2Yg==,type:str] + admin_password: ENC[AES256_GCM,data:q/WiT9HceJ8SG3wFE57ygUyDOJDqkDUH,iv:F3fteg6hSPv4AoOpaUi2Onm38gaif5KzY8pQnsVciR4=,tag:kJGC5En0r1GeSZzJD4+qaw==,type:str] + postgres_password: ENC[AES256_GCM,data:P8r81qatSogHPhwrD9olpl/3MBXX/LY3,iv:jelKMCbLbk5oJ/UPcKw2CIKFJd4p8Pvy8WCeLndjIfE=,tag:NZp1Yv3ckhMj/cahqlNiCQ==,type:str] privatekey: ENC[AES256_GCM,data:pK74wjuk9lt2PNJIzi6NpPBkxcSRsBZJl28BElUiri2zz17CY81x66CMlFsNjvzKB3JVX+b28FHFuSsEpd/mAPtmzZPR+CoWBHvU+OrSYYoufBxexRTtXzu0vx/KFL4X5tsb+GCgfm72CM+u9dElYHJzn3teBUmZc0pIoF29slTuwF+iZrbFwaieECxXMjHC9f+ivxWQsOvYFjhmAwgjBw/LsfURgLxZwcIRiiKsN41P2WtR9a/hjN53sJnihL9VZw/Xbbynm+bDmaAwhKUAZR28TU9Q1PTfNPEAOMoRgKF4MFuhQ5o0Cxq8RRz7fwCcCTV2sK4jgL7gKiy/gI/K41ybPQPon3NrDj3U2G1VhNgBfSNaTHgygiWI08HGWRHk83eJPHp3Ph8/A774g15SE10BXkL12n0kzodsZWYu3ybrhp167vL/ZW3xUnvFFlm4dTX/ndwS5rp1dIW0a5/0EDwMoGIJw94W5ph5sK9YoUTXwLdAJ9UWRZKQGk6iJstq2BMEBAN2BCSPHS2cflMjoVV4KKX1eq6s8/w6YFzCSQkt3+pGQ3DmiOaaqiv7sUfxyfMDzDcuTVETYRhsvr1ChfBFNn1yoH8BffeVTI2Ei3Edek1vXcg05mHxslhCmzQ4U4us0agtpm2Ar6ppvuedJHLWLFz8pgWSENeGdRcbz0CXiy7lIEYW4uQBru4MAjQ+ZQhz/F4L6At60Q4NelYMDxryQ8LxV0fA/ba2llwl8bDHDFDYkxu3/IaaWG8bp1i6gqvEao3/CRpPt/OAJGAHO3HViPm6xmWlWinUEatNlgCoDotkc56eZU/Af/P7R0QPQF0PpEIDHPcNjc/HcfheUXzJSzkD7wja8VB6rtqdRHFC793QsgdHJMJ+/bvJWZSQciSwaY3PBKLLuB6vrn7VD2NB4cE6beaGwneiAn83lAV+I4cJMDQFLkhWm8LIC7JIZKq/7eBfDEmajWEBL6wSbomBi/UGbA+FyvOokYYMemwVu1JGULcz9Lvn6pxkftQlN0gqE3MncrcZ/l59fepbka/z8oqH6i+3nKdaEh6D+WudD/0xiJSdXAVM6jGrxQtFc1R+OmGTTKJB4aLqgcM25YQ760wKavx5+B52pSki7XdYLmb6Xbnnv7AnyCNmGcpcj795P7qasE2sVokqq9a2PZD7VhP9TPHGtEO6QkkNV5gLxGsGvmshMM8KQgjK60HPQuSfHFVN/SlcOKvvH5ec8sBuYUt24xcDPewV9cXZwjcmwufFOVbC72FTEmU5qvmKobJTGjjbhWsHwpopESctmXuArIcVPsX5jSe3C9Y+9tjbkBGW6/+o8pTfodsjioXevVDXwjVBmGYk8xjZtF6/xfhpWvfunDXgEhnpT4i6ikoQiva8Mw8NvLe8U8Ivr6qCDE4ys4RTs56aw/CJHzydKjX96ZPzim52fAIJvEt1HvMvQx/O/q00h0WujYBcSBivYDtl7hC2fl6pBvM7fjipbeF04idkAKKXf4j6SGunx4hWq+eIA5tnlG8XVZZKIpdXKLgarvWs5pLlTSAK5ckF/yddcik7gAZc+pwo8kCAXIXPisX/yw9cZhI51PNTG1yxtPHAWKgULYLoWcnBCGTmPVXmj6IhpGuNuQ18TTpEtwnrMmcGq6aG/M2ZI+oq0q6suJUWwsCKUVM/TS6SKXEArzDtOMdXgyyDC/H3u+w3Bt/DwALLacq6lwoKBJZxQ6ewv3+ZkLcOkMRKu97hgV+rKmFqdPXqs+Skrf2MRl48sUCPIUXhD46ocFNpemcXcr73G7AxmmFLT6T4ZFm69K6eftUP6FsgUwbed+SaWTeptaG+wueL1NECoXafGlJAmXkjbBdWVgF2oMQFP3Kau135fiqmHpoWGzG5UhKxshTTtRIvbG/296NOkNZWBT/VzjwZti3IUka7HjC3leu28IlLsN0fsNPjQc2uIR3uVsR020g6et0m/Nys9gHDWXG/aCAYKhrgU8w37ZHBs383rkl4uUIYJH61SmTS4JP/wgh/+Q1aU8gXaZ8/Bc0BZUJdF3JR48fjkuMi2A8q5vkTQ1yFCvbBTtdg336v5tZc/xOW5/pt0W1Y7IgPFwHNh4iPAtKQZ3Qybh5PXs4N80YeYFWIjV6Ai0uY4yPdwYPfd1pRdpf3Ll+bhnbDPg0ye4f9lAhSR/cAZpft7BTd6W6jCv8QfWZcDmoBGZy68GZsYfCJ3QAo6szxzDtuyp7WMJRxioPt1EVA9q+8Rp7hHmZosoZOIUV+q3W5yZymL/PXZABiIc2OW9kryNlxQlBo79CSLGdXWeMq3dN1MSWoKJzxEseQqtSY5E1DYQosT1+3B8DXm77WSLMuB6OLjEz760y8jyIiLTGAVslcOb5XNfrQf5+l52nxCl/uSZo9FxiKg7ip0v3PZLuFSTSEaR2R2WeSuv/KoXi7WxFiG6VskpyL5jMhBwjepExFVosrOi4XugqR8vD3byTYUnmQvWJyyrI2LqQsYsa3o65SIO4g8SMKRsJJ8WWHpywLjF00HJSWiGRu8bQguvDTQd3UP6lgudzpubERXuUIBiMPqBKFJ1QTWA6N/t7dxR7NVaSexrGmY4ZSoIBKb9Jnge/+lkKrO9CgqDQpTAAvwwBZpFOV7EYLZNRpW+F8HaCNMeql7V/nFqdaaNdm9yLBhXbaeujalyiLtvBCghe330JVjbBTYWiRulJ2xnlX4GLzORBRIVHJYjxEKzCeVW7J2wAKkJ6gx5rlfDOd6r+Tf+1L8ZZoJEdBhIW7flslxo4amGRTI9QGJKVCIq/hrUGEgIAKsDsqTd21lVdhy+EDM+gumO7FbMcqVPRpwmQMFAZbJgH6TeS46tA4XQJGbwQhhBaqVb3jz7OJVOZ9C3/XfxPPpK4B2OyqINKNIRfyZ0fSmGlIT4LPf2IUEDCEKuPd3ClX51qNnVAPt/MbooF++Vp91KImdqCHwdiAygZTH9u91UN8S9IW8vo0XE4eAgdInjOM+IzUPhC+G8i6UNHbOpfQ7dntDc2nCv4nFKLjLZrgpm2kFrQ60/gDlbXBFF2eRcfYkSQSxVLWC4kWF1ce9YZf/j6erm6GnsQiyNoePe/Nb0v2f5DAR+9yoSJEOAi/AHacA9Dq5kfcoOYCrLkoc17SKQYmy/M9m5Mh3inI/O4wbUQrYDKHT0j77BJnkY11M6AiEF9YC0F4lCV4hIefQ3PnI4nmmo9b8rHnqvmrwUZrcOom6Zp+A7ydo4t0Bw1cDzEwJfpcb3JjpFi7F32/vHHLtGuPDvcJqkhw8VLuaAWAcEPJcIHJ+vAKCGWtDH7yQEOhFq4touwyPYDWBA5tqPY2xkFIAImFRhyLtTQupiNbZVR4G4dj24l8uQl2iz9aoDbJlNhoT+9YhwrKrYdM6hqnvpmiYqLIM+2kijZ8JmBS0BWNLCr+6rnbZbEB5e1ezokice8HQ1XcXbsegcI+eJ+gfDhYKw75VVyOd1Uy/pjLCCwQTywTIbf3iSuETvs3YjQrET1m7GJm3q8G4dx2M9c2B7R6B0ej06pkC4WwzFg3hEG6z2BaNrkopKkoE99bjoB2VHkgGTe+YM1Q3t+jA8IB7XNlnVH82AJ6eDMqgGSWBZiGxwx0KVUMg7cTi0iD6JNSYea0ykw+fh7Mj+8N0zhmzdUjdNBwZqxHVUbqIhUhk6meGRN5EASyt6qR329AqzbKaloS2VqjLjDkSEMhQfL4jHa8yPp8Cyj6EjgM2n5LnZs0u/43eh0h4ig3zQYMkwrHixI5hNQTBwSm3QnNpr3OnXAlypCPbCTiMC5sxHfrSTFkmjduT29aZ5qHQOc5zYG5bE2CmhWJdCOZm1s1mUT+Pxbxf4m/sh8w7TwnA+leD1rUvwYfyl5WI8f071vPcg62uTwScxr+TErvdzAkg9HElnsO6km0IncHIh79zexCR51CrtrZAVxc1gnnDtTLsaKmcEDkqIY4U2cUv+1CtPWz7IfKea9B56x+bFY32pwqYeXCHdDVfBGSMuM7mqZUBu+3jETSbglozYrukbgjftdWob3s/hR0WB0lH9uwkugfoGVonasPkmPvBhuvozkCLvP9aplqwUoL74D4JhHFLciPvV+Cmw5ag1WtErB89Oimm3tnOpynCJwZTQM+NVgBtKjom0qOnyn7l0vYIKQFJwV2k5w+RfrX5EOOjFfg9D2u+gHgmrqzaSl6kk2dHlQYmfeP+nJxiH7eGO5D3ooYHp7JKZBAaJHcAWWpgqVL/L8pjSJLCPRGBF/5DnfggwFdNprl3LqYnr4io+Wp4+Du74uvQHNpojrUQ4j7Qp330rSbCK9iX5v14zYr6RlqKe5CtTqHjPzuL8CxFUI1ImHgViNpff4=,iv:8cb1FcIm0oGkcrfLNqXamx4aDA3owBZoHur8+uFsdmA=,tag:oFPP/Yene6QrxFDKlmoVcA==,type:str] - certificate: ENC[AES256_GCM,data:y3Tgp6o4bMWylqDgDWJwU3ZNw3dVnE19O4UsFqIvNp50saud8dEe0tZ1Mq+6p+QTW9WFT7hfZq9Otb0VkKLWNOYk5mQDmHJWfTJP/3NlyhfiNJ0fCH0B5xrbhcXFH1yfjnSMAPmt8B9+0ONhdny0VV7ke8/8GTh9gjExdEiI6hc0JOMi0BrBcq3Caz+sV6lAGy75JGJmp3RMGSeIgFib/EIYUCo0Zu8L8s3ldhZMRErNzrTk/3rUKqLE+pmJwhGiT4DP75ez30M4mNR0SrIXQ0pJLpfUHTNkR+v0n5L0maEVa1zdbwg+Zk+PJHb60ZqMkL5m1kGf9CxxV40uhovUDfUXqwo6D7/5elhdR9oFTh9mTNaUcAngZFvvkN+bUomNEk0VW0KCLeHmenkmqMV32m0Kc/nQxdGtNdGiWmNwTFa+F3TrL3moHAOIwppCGlFnZ3tv5dsqXt/vUq9Kq+gB9WeJJBY0mgv1PgV43E54W2Ai/EUvefn9Or90Qyt32LFRVPO64fv2Vva5f1dc6GSO+pLPt4MUHfQ6C1gjzZi/SibNRg9QNS/S+YexOAvDKo89ynbuIhoGF4X/PfHwvKmw9gah7TCGi2CDnjjibE3kxdJNgjVzWCq942NbRXakTD9kiKa4/i2Ew6lsYfFzZkIHuRCx1q+hKn7ZjZAwWYfSRaS2ZZXUSROh1em54+5b5kBqRkM2/KFsukzQTMDbGJJpVxdesbCg7svNX01vGrRdwDyCUNKkuryeNxx+3qVCE08PmOhCJ+AU2qr8HkGyyiVdWD5UX4ITn3gsETVVdJSzMO1O4yegCdNhjxxK099MkA1nS37WCvuuvwn0oj3zAVotrsP0RGT/GKs9Czi10HZtE60VgbjXFDIAeBxKU08fPV+cbVSbBznEDwmbwPbdOmuLufegxIs0heLFAb0CRtko0LP9xpHgx9DCMaPLPVDXe83rrJyu5tThh4XrzosFb/WvaoOs8UUiCF8qohhr1WwHdBOSFov5TaDr6KyUVhcM8Vj7HqUy3qlx76cLqbxYVKz/5uc/8dnlNwM4OdfS1cV63I3VFEMMZL4kcbTWTeiaNtC0THq3mm8p9HdRjpvj7b96g6zB1UFq4T1y88ctAJbDf+bpK6Y7ITGX5O696T3sT/8Uzb0f0t4QD1kUfKb1mpJ++T7BFdHNHBqWyOoVWo741Z3INRJGT5Xtwcx23tqoE2U95St4C8hNnqfmJl7yLYjuu1IAyShVNdqo/lEzu1HRqP4G/x+h4SLHW5hK53weKGPBxPukrFbOOnhxWmSEhVSWGSnyLY8uxp01580k0g/2ZcNePkPtu4yYrOvuNz85vxURaCZiuG+DIfSSkf307hcMbqQjudXR+2dpUT9e5Z2N1ECGbQXmjBGrAIfdHmxmRGW+6D7GNI64tVzv7+IStX6NKa2l5JDh3guTdE/VtwWw6CR4ezlk0xUdNkfi4GH34if7twy4XglwsqvcP536SYtWBjg5HXo3WRRdmOnATfEKiqwKEfxNPRougZVvGXqUbHmpysSKw7Mu1wMZjzsyXyGva0Bv1kW93PXPxiwtvT/vP2Aqf52VHsMTVIkrtsEWl2G6n56P8t1dZ8XVEO1ycEbOB21GtnlkIkkTUJEgndb4GZHZxBSa+U37vk9t0RKGT8s7tUFrKUlzHB/xbCu8k+ygvBVyoSLglq34/iVca2rmUhVT7Pzd7Sx/Qc0veF5TLH9EnaRFvkOe+P3E0+2Z1fo9rcmjQwqxwzO+gggdho7BZ9I8hz1rwu+b6coOrkGxNKZdjpfUG629WAvxG4UfgoGN3s9lP9jrmZY5nlen/Nd6ZcntStuJ7sf5XvzteWweZCkDx66/pZKUhGd3CAEIvgZop5NfwcMwSWtMAi87MUaPRTUDbn6RV0OwKAYB1OT+gSpSK/R+s+VB1hQfXpYLhAL34+2p1MZ/r7m9b5ZwyeavZLXAkgl9XXk+sguep5YdRPAcE/6DDYcRkjEDiDnCtTPOwf57dsnsCt+uI4m1Jl44rYy92APjdBZYGo9+vCbzuEYiYEu6AE2RpM6usrFfdsViDYG1YgPRomIi4uqd2KEgwJRHjE2mJNl4iBvWJXggE7+/96fSQL2vohy+UzoAj9lhFK35xMsyCys1+BiKCwk+jhKBhhT0PKUBV+QI63rWVYboGRSNRWMdnkAFzR6pYxLhNDqv4fkBZf9cEUUTnuh0/7u1QHJ0/OL5chWHct4qUWisNuNAjqK1JamyLU7wTwxxAHYs7w+PIBmA35NOp8Vs+O8+9GB0A/RVd/ksYKnMnILifCm2+3/N9hNhManp3Qo2fkBhItatttv2Mf7mhFFFUmJKE6kVRCEruBG2eho/+BeXrXW+96vfeGvdsTfsjqKPu7rB2n2fFTzXvzNvrK5qOByZPF7LnJ+2NLQ6Si+0qiTi1PUskSPSpw/hPBcdPTrWSijk9+4PFbgkAc264LidzffV+gc450te48mfP2B6whV/jdkoXPD/JvKO8aFV4Oaj/tvLFOlDwskHwA3Okd6yWUJ9RMdCgt0UdfLsOAs10Cy5QWKgL1DNon418vRnattA+jVpms+wJJOd5nRLyxRfWTyRJYQV9XXTKJFEWOeRAqNYlcL0F+Nc7wyy5PymK09sgUFMbv0Vu14jFVs+EIL0ApqaWPBXk4wbRTERSxegW7NDiffhd3xuepVV,iv:V9Yy2cSLE851+kadGSmNNwfD221/yBxmbfrHsxr5yPY=,tag:OWVaSGd/mWBDZLXZy202cg==,type:str] sops: kms: [] gcp_kms: [] @@ -49,8 +55,8 @@ sops: akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-30T00:29:04Z" - mac: ENC[AES256_GCM,data:l8vekHln82lOopG/T/NCxqaeLtIOoDex2/9wM4W6wgEpq3YF3mzYG9+g2k9cGX3fKHtb+CdiFT7qkkR0mg4jn3IxfTVIjGCNDyaQ0suSCYq6dNAgvbXYKN3B7tvb5jHLmG8f+8rtRgxebwZShw+0hrvvrvIzgYDC4PQdZrxRdJY=,iv:mgLDpkVczFTfLBdW/RpN0J9ZJ6WvDfKt1czezVp+G1o=,tag:Vk55ERTSFW+7XNmJm2WvZg==,type:str] + lastmodified: "2024-03-30T14:33:55Z" + mac: ENC[AES256_GCM,data:kxvqexMgxnvwKUE1n6PfQDCktUsEB9Ux1IzlVv+6Y5Ci9+C++5SzDEK1YxGoA/wbwXteGk8fs/kDRM/8ljv2bN6hT2NNfKq8u6yQnvfdaeavdiUKa4AOvgUqBn/poIHScfcOs5Zo8dXMC50wdSpP9PHyqj0NmdrEg9cb1uKpJVM=,iv:S66PR00hfdiKMnCow43Kf4MCyyVpiUeXC8RGi+7Q0b8=,tag:EQ+YhKhV6L85982sHHlEyQ==,type:str] pgp: - created_at: "2023-05-21T00:28:40Z" enc: |