diff --git a/modules/cloud/authentik/default.nix b/modules/cloud/authentik/default.nix index a5a8851..e0d6459 100644 --- a/modules/cloud/authentik/default.nix +++ b/modules/cloud/authentik/default.nix @@ -48,7 +48,14 @@ in }; config = mkIf cfg.enable { - systemd.services.arion-authentik.serviceConfig.EnvironmentFile = cfg.envFile; + systemd.services.arion-authentik = { + serviceConfig.EnvironmentFile = cfg.envFile; + serviceConfig.Type = "notify"; + serviceConfig.NotifyAccess = "all"; + script = lib.mkBefore '' + ${lib.getExe pkgs.wait4x} http http://127.0.0.1:${toString cfg.port} --expect-status-code 200 -t 0 -q -- systemd-notify --ready & + ''; + }; virtualisation.arion.projects.authentik.settings = { services.postgresql.service = { image = images.postgresql; diff --git a/modules/cloud/conduit/heisenbridge.nix b/modules/cloud/conduit/heisenbridge.nix index 1db1040..c220423 100644 --- a/modules/cloud/conduit/heisenbridge.nix +++ b/modules/cloud/conduit/heisenbridge.nix @@ -33,7 +33,7 @@ with lib; { { systemd.services.heisenbridge = { description = "Matrix<->IRC bridge"; - requires = [ "matrix-synapse.service" ]; # So the registration file can be used by Synapse + requires = [ "matrix-conduit-nkagami.service" "matrix-synapse.service" ]; # So the registration file can be used by Synapse wantedBy = [ "multi-user.target" ]; serviceConfig = rec { diff --git a/modules/cloud/gotosocial/default.nix b/modules/cloud/gotosocial/default.nix index 9b7bc32..745dc62 100644 --- a/modules/cloud/gotosocial/default.nix +++ b/modules/cloud/gotosocial/default.nix @@ -4,6 +4,7 @@ let cfg = config.cloud.gotosocial; dbUser = "gotosocial"; + storageLocation = "/mnt/data/gotosocial"; in { options.cloud.gotosocial = { @@ -74,6 +75,9 @@ in # Media media-emoji-remote-max-size = 256 * 1024 /* bytes */; media-emoji-local-max-size = 256 * 1024 /* bytes */; + media-remote-cache-days = 7; + media-cleanup-from = "00:00"; + media-cleanup-every = "24h"; # OIDC oidc-enabled = true; oidc-idp-name = "DTTH"; @@ -82,10 +86,22 @@ in http-client.block-ips = [ "11.0.0.0/24" ]; # Advanced advanced-rate-limit-requests = 0; + # Storage + storage-backend = "local"; + storage-local-base-path = "${storageLocation}/storage"; # instance-inject-mastodon-version = true; }; }; - systemd.services.gotosocial.requires = mkAfter [ "minio.service" "postgresql.service" ]; - systemd.services.gotosocial.after = mkAfter [ "minio.service" "postgresql.service" ]; + systemd.services.gotosocial.requires = mkAfter [ "postgresql.service" "arion-authentik.service" ]; + systemd.services.gotosocial.after = mkAfter [ "postgresql.service" "arion-authentik.service" ]; + systemd.services.gotosocial.unitConfig = { + RequiresMountsFor = [ storageLocation ]; + ReadWritePaths = [ storageLocation ]; + }; + systemd.tmpfiles.settings."10-gotosocial".${storageLocation}.d = { + user = dbUser; + group = dbUser; + mode = "0700"; + }; }; } diff --git a/modules/cloud/outline/r2.patch b/modules/cloud/outline/r2.patch new file mode 100644 index 0000000..e62abb5 --- /dev/null +++ b/modules/cloud/outline/r2.patch @@ -0,0 +1,183 @@ +commit 8c7f8c28fabc174a71499a4737579b24b5c4b244 +Author: Natsu Kagami +Date: Mon Oct 21 02:17:36 2024 +0200 + + Support R2 + +diff --git a/.env.sample b/.env.sample +index eb57ad85c..94ffcee07 100644 +--- a/.env.sample ++++ b/.env.sample +@@ -66,6 +66,8 @@ AWS_S3_UPLOAD_BUCKET_URL=http://s3:4569 + AWS_S3_UPLOAD_BUCKET_NAME=bucket_name_here + AWS_S3_FORCE_PATH_STYLE=true + AWS_S3_ACL=private ++AWS_S3_R2=true ++AWS_S3_R2_PUBLIC_URL=http://s3:4569 + + # –––––––––––––– AUTHENTICATION –––––––––––––– + +diff --git a/app/utils/files.ts b/app/utils/files.ts +index 6607a6b12..5138f68ad 100644 +--- a/app/utils/files.ts ++++ b/app/utils/files.ts +@@ -63,8 +63,13 @@ export const uploadFile = async ( + xhr.addEventListener("loadend", () => { + resolve(xhr.readyState === 4 && xhr.status >= 200 && xhr.status < 400); + }); +- xhr.open("POST", data.uploadUrl, true); +- xhr.send(formData); ++ xhr.open(data.method, data.uploadUrl, true); ++ xhr.setRequestHeader("Content-Type", file.type); ++ if (data.method === "POST") { ++ xhr.send(formData); ++ } else { ++ xhr.send(file); ++ } + }); + + if (!success) { +diff --git a/server/env.ts b/server/env.ts +index 5b420f2e1..4ea1e8d3c 100644 +--- a/server/env.ts ++++ b/server/env.ts +@@ -519,6 +519,14 @@ export class Environment { + environment.AWS_S3_UPLOAD_BUCKET_NAME + ); + ++ @IsOptional() ++ public AWS_S3_R2 = this.toBoolean(environment.AWS_S3_R2 ?? "false"); ++ ++ @IsOptional() ++ public AWS_S3_R2_PUBLIC_URL = this.toOptionalString( ++ environment.AWS_S3_R2_PUBLIC_URL ++ ); ++ + /** + * Whether to force path style URLs for S3 objects, this is required for some + * S3-compatible storage providers. +diff --git a/server/routes/api/attachments/attachments.ts b/server/routes/api/attachments/attachments.ts +index 5e6c27594..b7620f440 100644 +--- a/server/routes/api/attachments/attachments.ts ++++ b/server/routes/api/attachments/attachments.ts +@@ -3,6 +3,7 @@ import { v4 as uuidv4 } from "uuid"; + import { AttachmentPreset } from "@shared/types"; + import { bytesToHumanReadable } from "@shared/utils/files"; + import { AttachmentValidation } from "@shared/validations"; ++import env from "@server/env"; + import { AuthorizationError, ValidationError } from "@server/errors"; + import auth from "@server/middlewares/authentication"; + import { rateLimiter } from "@server/middlewares/rateLimiter"; +@@ -90,16 +91,30 @@ router.post( + { transaction } + ); + +- const presignedPost = await FileStorage.getPresignedPost( +- key, +- acl, +- maxUploadSize, +- contentType +- ); ++ let uploadUrl; ++ let method; ++ let presignedPost = { ++ fields: {}, ++ }; ++ if (env.AWS_S3_R2) { ++ uploadUrl = await FileStorage.getPresignedPut(key); ++ method = "PUT"; ++ } else { ++ uploadUrl = FileStorage.getUploadUrl(); ++ method = "POST"; ++ ++ presignedPost = await FileStorage.getPresignedPost( ++ key, ++ acl, ++ maxUploadSize, ++ contentType ++ ); ++ } + + ctx.body = { + data: { +- uploadUrl: FileStorage.getUploadUrl(), ++ uploadUrl, ++ method, + form: { + "Cache-Control": "max-age=31557600", + "Content-Type": contentType, +diff --git a/server/storage/files/BaseStorage.ts b/server/storage/files/BaseStorage.ts +index ce0287ebc..a1931c83d 100644 +--- a/server/storage/files/BaseStorage.ts ++++ b/server/storage/files/BaseStorage.ts +@@ -26,6 +26,8 @@ export default abstract class BaseStorage { + contentType: string + ): Promise>; + ++ public abstract getPresignedPut(key: string): Promise; ++ + /** + * Returns a promise that resolves with a stream for reading a file from the storage provider. + * +diff --git a/server/storage/files/LocalStorage.ts b/server/storage/files/LocalStorage.ts +index 83cf98c50..324e60dd9 100644 +--- a/server/storage/files/LocalStorage.ts ++++ b/server/storage/files/LocalStorage.ts +@@ -30,6 +30,10 @@ export default class LocalStorage extends BaseStorage { + }); + } + ++ public async getPresignedPut(key: string) { ++ return this.getUrlForKey(key); ++ } ++ + public getUploadUrl() { + return "/api/files.create"; + } +diff --git a/server/storage/files/S3Storage.ts b/server/storage/files/S3Storage.ts +index a42442e0c..d55ef5472 100644 +--- a/server/storage/files/S3Storage.ts ++++ b/server/storage/files/S3Storage.ts +@@ -4,6 +4,7 @@ import { + S3Client, + DeleteObjectCommand, + GetObjectCommand, ++ PutObjectCommand, + ObjectCannedACL, + } from "@aws-sdk/client-s3"; + import { Upload } from "@aws-sdk/lib-storage"; +@@ -58,6 +59,16 @@ export default class S3Storage extends BaseStorage { + return createPresignedPost(this.client, params); + } + ++ public async getPresignedPut(key: string) { ++ const params = { ++ Bucket: env.AWS_S3_UPLOAD_BUCKET_NAME, ++ Key: key, ++ }; ++ ++ const command = new PutObjectCommand(params); ++ return await getSignedUrl(this.client, command, { expiresIn: 3600 }); ++ } ++ + private getPublicEndpoint(isServerUpload?: boolean) { + if (env.AWS_S3_ACCELERATE_URL) { + return env.AWS_S3_ACCELERATE_URL; +@@ -137,10 +148,17 @@ export default class S3Storage extends BaseStorage { + ); + } + ++ public getR2ObjectUrl = async (key: string) => ++ env.AWS_S3_R2_PUBLIC_URL + "/" + key; ++ + public getSignedUrl = async ( + key: string, + expiresIn = S3Storage.defaultSignedUrlExpires + ) => { ++ if (env.AWS_S3_R2) { ++ return this.getR2ObjectUrl(key); ++ } ++ + const isDocker = env.AWS_S3_UPLOAD_BUCKET_URL.match(/http:\/\/s3:/); + const params = { + Bucket: this.getBucket(), diff --git a/nki-personal-do/configuration.nix b/nki-personal-do/configuration.nix index 8d65ae4..447da89 100644 --- a/nki-personal-do/configuration.nix +++ b/nki-personal-do/configuration.nix @@ -24,8 +24,11 @@ ./invidious.nix ./owncast.nix ./peertube.nix + ./outline.nix ]; + system.stateVersion = "21.11"; + common.linux.enable = false; # Don't enable the "common linux" module, this is a special machine. # Personal user @@ -189,74 +192,13 @@ protocol = "udp"; }; - - # Outline - sops.secrets.minio-secret-key = { owner = "root"; mode = "0444"; }; - sops.secrets.authentik-oidc-client-secret = { owner = "outline"; }; - sops.secrets."outline/smtp-password" = { owner = "outline"; }; - services.outline = { - enable = true; - package = pkgs.outline.overrideAttrs (attrs: { - patches = if builtins.hasAttr "patches" attrs then attrs.patches else [ ] ++ [ ../modules/cloud/outline/dtth-wiki.patch ]; - }); - databaseUrl = "postgres://outline:outline@localhost/outline?sslmode=disable"; - redisUrl = "local"; - publicUrl = "https://wiki.dtth.ch"; - port = 18729; - storage = { - accessKey = "minio"; - secretKeyFile = config.sops.secrets.minio-secret-key.path; - region = config.services.minio.region; - uploadBucketUrl = "https://s3.dtth.ch"; - uploadBucketName = "dtth-outline"; - uploadMaxSize = 50 * 1024 * 1000; - }; - maximumImportSize = 50 * 1024 * 1000; - - oidcAuthentication = { - clientId = "3a0c10e00cdcb4a1194315577fa208a747c1a5f7"; - clientSecretFile = config.sops.secrets.authentik-oidc-client-secret.path; - authUrl = "https://auth.dtth.ch/application/o/authorize/"; - tokenUrl = "https://auth.dtth.ch/application/o/token/"; - userinfoUrl = "https://auth.dtth.ch/application/o/userinfo/"; - displayName = "DTTH Account"; - }; - - smtp = { - fromEmail = "DTTH Wiki "; - replyEmail = ""; - host = "mx1.nkagami.me"; - username = "dtth.wiki@nkagami.me"; - passwordFile = config.sops.secrets."outline/smtp-password".path; - port = 465; - secure = true; - }; - - forceHttps = false; - }; - cloud.postgresql.databases = [ "outline" ]; - systemd.services.outline.requires = [ "postgresql.service" ]; - cloud.traefik.hosts.outline = { host = "wiki.dtth.ch"; port = 18729; }; - # GoToSocial - sops.secrets.gts-env = { }; + sops.secrets.gts-env = { restartUnits = [ "gotosocial.service" ]; }; cloud.gotosocial = { enable = true; envFile = config.sops.secrets.gts-env.path; }; - # Minio - sops.secrets.minio-credentials = { }; - services.minio = { - enable = true; - listenAddress = ":61929"; - consoleAddress = ":62929"; - rootCredentialsFile = config.sops.secrets.minio-credentials.path; - dataDir = lib.mkForce [ "/mnt/data/minio" ]; - }; - cloud.traefik.hosts.minio = { host = "s3.dtth.ch"; port = 61929; }; - system.stateVersion = "21.11"; - # ntfy cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; noCloudflare = true; }; services.ntfy-sh = { diff --git a/nki-personal-do/gitea.nix b/nki-personal-do/gitea.nix index 2e1612f..237d6d5 100644 --- a/nki-personal-do/gitea.nix +++ b/nki-personal-do/gitea.nix @@ -98,6 +98,7 @@ in }; users.groups.${user} = { }; sops.secrets."gitea/signing-key".owner = user; + sops.secrets."gitea/minio-secret-key".owner = user; sops.secrets."gitea/mailer-password".owner = user; # database cloud.postgresql.databases = [ user ]; @@ -174,6 +175,17 @@ in PATH = "${pkgs.git}/bin/git"; }; + storage = { + STORAGE_TYPE = "minio"; + MINIO_USE_SSL = "true"; + MINIO_ENDPOINT = "60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com"; + MINIO_ACCESS_KEY_ID = "704c29ade7a8b438b77ab520da2799ca"; + MINIO_SECRET_ACCESS_KEY = "#miniosecretkey#"; + MINIO_BUCKET = "dtth-gitea"; + MINIO_LOCATION = "auto"; + MINIO_CHECKSUM_ALGORITHM = "md5"; # R2 moment + }; + federation.ENABLED = true; DEFAULT.APP_NAME = "DTTHGit"; }; @@ -203,17 +215,25 @@ in environment.GNUPGHOME = "${config.services.gitea.stateDir}/.gnupg"; # https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7 serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; - preStart = '' - # Import the signing subkey - if cat ${config.services.gitea.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then - echo "Keys already imported" - # imported - else - echo "Import your keys!" - ${pkgs.gnupg}/bin/gpg --quiet --import ${secrets."gitea/signing-key".path} - echo "trusted-key ${signingKey}" >> ${config.services.gitea.stateDir}/.gnupg/gpg.conf - exit 1 - fi - ''; + preStart = + let + configFile = "${config.services.forgejo.customDir}/conf/app.ini"; + in + '' + # Update minio secret key + chmod u+w ${configFile} && \ + ${lib.getExe pkgs.replace-secret} '#miniosecretkey#' '${config.sops.secrets."gitea/minio-secret-key".path}' '${configFile}' && \ + chmod u-w ${configFile} + # Import the signing subkey + if cat ${config.services.forgejo.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then + echo "Keys already imported" + # imported + else + echo "Import your keys!" + ${pkgs.gnupg}/bin/gpg --quiet --import ${secrets."gitea/signing-key".path} + echo "trusted-key ${signingKey}" >> ${config.services.forgejo.stateDir}/.gnupg/gpg.conf + exit 1 + fi + ''; }; } diff --git a/nki-personal-do/hardware-configuration.nix b/nki-personal-do/hardware-configuration.nix index f2a2b10..33d4e0f 100644 --- a/nki-personal-do/hardware-configuration.nix +++ b/nki-personal-do/hardware-configuration.nix @@ -9,9 +9,11 @@ swapDevices = [{ device = "/var/swapfile"; size = 4 * 1024; priority = 1024; }]; zramSwap.enable = true; # volumes + services.btrfs.autoScrub.enable = true; fileSystems.data = { - device = "/dev/disk/by-id/scsi-0HC_Volume_31812942"; - fsType = "ext4"; + device = "/dev/disk/by-id/scsi-0HC_Volume_101470796"; + fsType = "btrfs"; mountPoint = "/mnt/data"; + options = [ "compress=zstd" ]; }; } diff --git a/nki-personal-do/nextcloud.nix b/nki-personal-do/nextcloud.nix deleted file mode 100644 index 2bb15f2..0000000 --- a/nki-personal-do/nextcloud.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ lib, pkgs, config, ... }: -with lib; -let - user = "nextcloud"; - host = "cloud.dtth.ch"; - port = 61155; - - secrets = config.sops.secrets; -in -{ - sops.secrets."nextcloud/admin-password" = { owner = user; }; - sops.secrets."nextcloud/minio-secret-key" = { owner = user; key = "minio-secret-key"; }; - # database - cloud.postgresql.databases = [ user ]; - # traefik - cloud.traefik.hosts.nextcloud = { - inherit port host; - }; - systemd.services.nextcloud.requires = [ "postgresql.service" ]; - services.nextcloud = { - enable = true; - hostName = host; - package = pkgs.nextcloud26; - enableBrokenCiphersForSSE = false; - - home = "/mnt/data/nextcloud"; - https = true; - database.createLocally = false; - - extraApps = with pkgs.nextcloud26Packages.apps; { - inherit calendar contacts deck forms groupfolders news tasks; - sociallogin = pkgs.fetchNextcloudApp rec { - url = "https://github.com/zorn-v/nextcloud-social-login/releases/download/v5.4.3/release.tar.gz"; - sha256 = "sha256-ZKwtF9j9WFIk3MZgng9DmN00A73S2Rb4qbehL9adaZo="; - }; - }; - - config = { - # Database - dbtype = "pgsql"; - dbname = user; - dbuser = user; - dbhost = "/run/postgresql"; - # User - adminuser = "nki"; - adminpassFile = secrets."nextcloud/admin-password".path; - # General - overwriteProtocol = "https"; - defaultPhoneRegion = "VN"; - - objectstore.s3 = { - enable = true; - bucket = "nextcloud-dtth"; - autocreate = true; - key = "minio"; - secretFile = config.sops.secrets."nextcloud/minio-secret-key".path; - hostname = "s3.dtth.ch"; - port = 443; - useSsl = true; - usePathStyle = true; - region = "us-east-1"; - }; - }; - }; - services.nginx.virtualHosts.${host}.listen = [{ inherit port; addr = "127.0.0.1"; }]; -} - diff --git a/nki-personal-do/outline.nix b/nki-personal-do/outline.nix new file mode 100644 index 0000000..de5e64c --- /dev/null +++ b/nki-personal-do/outline.nix @@ -0,0 +1,56 @@ +{ config, pkgs, ... }: { + sops.secrets.authentik-oidc-client-secret = { owner = "outline"; }; + sops.secrets."outline/smtp-password" = { owner = "outline"; }; + sops.secrets."outline/s3-secret-key" = { owner = "outline"; }; + + services.outline = { + enable = true; + package = pkgs.outline.overrideAttrs (attrs: { + patches = attrs.patches or [ ] ++ [ + ../modules/cloud/outline/dtth-wiki.patch + ../modules/cloud/outline/r2.patch + ]; + }); + databaseUrl = "postgres://outline:outline@localhost/outline?sslmode=disable"; + redisUrl = "local"; + publicUrl = "https://wiki.dtth.ch"; + port = 18729; + storage = { + accessKey = "6ef730e13f172d2ed6ed77f0b5b9bad9"; + secretKeyFile = config.sops.secrets."outline/s3-secret-key".path; + region = "auto"; + uploadBucketUrl = "https://60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com"; + uploadBucketName = "dtth-outline"; + uploadMaxSize = 50 * 1024 * 1000; + }; + maximumImportSize = 50 * 1024 * 1000; + + oidcAuthentication = { + clientId = "3a0c10e00cdcb4a1194315577fa208a747c1a5f7"; + clientSecretFile = config.sops.secrets.authentik-oidc-client-secret.path; + authUrl = "https://auth.dtth.ch/application/o/authorize/"; + tokenUrl = "https://auth.dtth.ch/application/o/token/"; + userinfoUrl = "https://auth.dtth.ch/application/o/userinfo/"; + displayName = "DTTH Account"; + }; + + smtp = { + fromEmail = "DTTH Wiki "; + replyEmail = ""; + host = "mx1.nkagami.me"; + username = "dtth.wiki@nkagami.me"; + passwordFile = config.sops.secrets."outline/smtp-password".path; + port = 465; + secure = true; + }; + + forceHttps = false; + }; + cloud.postgresql.databases = [ "outline" ]; + systemd.services.outline.requires = [ "postgresql.service" ]; + systemd.services.outline.environment = { + AWS_S3_R2 = "true"; + AWS_S3_R2_PUBLIC_URL = "https://s3.wiki.dtth.ch"; + }; + cloud.traefik.hosts.outline = { host = "wiki.dtth.ch"; port = 18729; }; +} diff --git a/nki-personal-do/secrets/secrets.yaml b/nki-personal-do/secrets/secrets.yaml index 43e4aa3..c02ed8e 100644 --- a/nki-personal-do/secrets/secrets.yaml +++ b/nki-personal-do/secrets/secrets.yaml @@ -2,8 +2,6 @@ tinc: ed25519-private-key: ENC[AES256_GCM,data:HE5xtTb9BVn+5icNDivyvo4gXMXyd0dYjXyKsLfpf/6CDgYZzpBeCTEriedBnyFDqHHCuarS6Y6Tqc2DdeZ3dN1WeaLXFKYxpCGWKHu7Zjp/aZavpdYcqYJvr8GVy+bsImzg9P1lR2h8V+KdQAaT+RgnoiIQPY0f95JO9RmcJSog9h8j1UBixWdNK3n9sDAE+cstI3MUFr93u1vy1wRV/Nt9Aktcz+TAagM55YD/bep00rG3HIYr1y8+gjhKM+zovEQQOvTg+0I=,iv:JJT6kd3laU/e79YJSl0MQRG0iFHSvdlMJAbKwYDVH3A=,tag:EQp8i7OaEtxhVM5lRC8Vyw==,type:str] rsa-private-key: ENC[AES256_GCM,data:fDCdIxS48TG0Uil9n0/2d0HLfNXK2YsaP+6MC0BtP+y+Qbd7zSAfehDRnzO+1tQ9kc7qKnuO49DVybdJO41J7lG+zn9uhU+rnUOHmgOg4AejO4znSNz2ZVo4y7GIGH7HB4WWs/OJApkt9ja//PXf8VNxZx9aYKhL7rLYYmnmm64IMx8Ip3WHCwgSm9V//yBHDchSSxmnVc1CId9Tp7yJjgHNz8X2UpSdSUlowhhAOVEgmjkLmJ3XxlNS7rifcXREBvEENdauMcefw38h90tfgO9oU6STev7UOT4B4p/IqQjBt9eKDuQ+w7VpyaWHqRy0uQlCfiknXxL6I77N3+HgeQKgicJBXxlbO1/1tMMAPd8Kf/Dqg1mo44VwqKgBgZ1KfQYf4PNz/EIMCYtsivmbk7DKYyIFivPdJJSzm5sKzKCZvWpaJagvRrP4uxadh8l5HxihiU1eaGAx51MC7Rw1/9b5/dI3Hs5kCUUuEycE0piXaUpEyFii5N9/lT4dFGIF/L6CpElZeUjyO3G4TCP+YM+RW/acyLJNMS4sFDRjLNMdE99F68xQXYukYvv2CjR8QKf2SFrrydSLPHCQ1vZlkwz8VZ/lsAUIoalmqRm7mlsFglyn2j3g3GNbxX7Sn+CylmdhQhCa7S9Alt5+PlJeiYiV/k/MY0qtdF2KghKM+LA3vLoO36JcYhirAjGCabwoSL3UXdzN4rRPA/twly9MhHK4S6hEk9Nh7+waIqbeG/Fyq2BNMy/ZQb6E9TJarqEnK0JUZYxKdtIwl/1KCqasiKXA06+Yt9d0PepX71KWYjaWET1ZfmqLPvDa2/PgmmSNXz3sV8tEBl5bcjmwHk1Nvh7K6B1tNVE74TUgRRGFgbofbuo8XHfhICVmleaemllHHeVO2EwTNUWRHkoktrfyOzIuP1QI4jxIiLjx/ONp3xWfDVw0cpYtMOs1QAWzkEV+YSDyOcVLifYP+5B5Htj2PTfsAV7ptZFdQI2U1Fm0uivRWzkdEeVSrcnnuPHdGdYhrqU6Er67xgqXI7L1Oc+ku0rVXu/zIiA5XEYKWDd1Da8WgwMRgC5XqOl4VaEHDgs2MCIxF+QKQg9PQRy1p033w9BWDyAKxaDxJZaaPRS6UVKjuxDUSlons/kRMwQ3XsoPF5gTFfapX71lxvg+0GkLVh3RLRgEvTvfA5UoZz1tCDChGIZyLsFU6yBtUd5FMhRLMnup3ujdLgkk2ekxZ3iykeuNPSIz4QjrLSzq8htcNbmXxWuD9EYjFii1AnCUlWX1+o9c+hyV7A6rkugIZJ1aop0TWtoQoEhMN6nbdi/uImqh++Ez0iGlybTr5ynu5oRAjvrCMwHT6u8HolBdqPQP213fWvNNaIbLbUNRyYbZRlNrSa8DeSU/BIGEzfCfG0b9UF4ggES4V261ighdM/sDwwT7D10IKpAPYiupigY0x2Lb+s7LBGUcXcxcWR9kHpYM2CpyNUtVApbR79xoR83nTe0h9sVFYp+XkV7qF9QjY3Pq7CTqKWJJdiPOHvU1vPAIFAmygj5SRuhCXuQvrJTzX8Dpe0hfXNH31CmniESuP7veAmTcxL3DPHANRY0Lf5/NEbQAdOmxCSxmbfFKB/03xAy5X5q/OvL2XEfDmOmYXQV2wD097Co7ENbq7R6eHY6rutg5Szz5giGwSgC6Fszviw963faaol1d4KtqLCdRXhV26nKraHuwnhB9UR5CyY3LLsx6fpvQoa+nKzJMaiUyzhJSaXPb+IJgPcEBOFAdXm/hW/eSM7ZoQ40CNue6hWzO0BnKbPcE7dUEcWgKV0R8e1G9amxFaPOQ3hw4EoxCUH4g155tao42dnDx9/CDIaqEcDGwwP26/JKO9c6yRMjPwwOr3/hr8hJtUPXQPJ/LyolEx1PiHGJWveiKVIJ85uplf/L971Vwm98C8WTqiPi2AmO29pNbOd1u/6+fi453x3O9CUb5w8fxney4dFaSTf5wOGSIGuas4XOwNAAupeaIyuA3BCX0ormcd1gzT1B/ujq0biRceD+YLRaPWswoKtoe3t8wrOmDi9u14AePaKdh6/qE6w/3a9NNC7qp7A8srQ1R/BSWiQ9UBmS49kjkmiHW9qLdbz30K/k1P4W5byqtoOG/2GK78fksqey8Y0852+roE0MhV27XAJD5RFViev+XPJfpHLNjAz/DotdKTASfbmSYFK3iRhzvgZMaSOmmX0xyMSsEn54Zt1RgG0NNxqJTzZgdkrRUlILe/Efeno4Z1JEUjGowGba67kUsXw94xBKzxz61rPxe90dXsa81wdkzYg4CnFRXmHvt62/9yv1KSyYPUqRhCheRwuMpmd2cf6/O9zrwSdipcZT/6vucbOZFT/nG8CWZCA3fUisD6f3kyDIG/nDzDsa3qaSsYzUFm7PMsnm2nBd2Mjy/U9rotrrfAkVmVwzue3l8r2QCnrZBhYQgDFxqDB9odKC4dFYzvb1LLzpRkdf0k4sT3hFw2Can8taEhYu+L4OYPvm/f06ngJvEHxiZLbvkA4G6483scLQWHJt+80SlgAVOPXWe9VluJmrf2v/ZXYfTL6goUTrzykU2fsSjTgeTBIwTON+kjW2d6dvxcnpJNPGPdXsbAAVvSJ1/TEa1gHyvMvZGyxvtuWhHWs+wmDHLURW6BE/RXqx+NmfM6M+WTP0ueF4DCs6IrxCcXjCY7nFeL3pd1TpuSK+kuLwdYS6s/7fLd6pIcKtZl4UzoTqt/QlgFAlhfJKA8F1Rc6k0r57ESmElCgynZ/9JbEDQA//1LU54bAmfuoYY20HBjKYzoPWCp1xcWMKaiCD6ff+qPZ++L93rDzGXtOk2iuv8s6+Y/SsorbKKphRt6LGKdfHV/hw302si6QAWa0L9kURKnr5mKeLGJfweoBP41Lwd7upKx18/2fEpYCGndJ7uTfyDqmaKJwZeqkwg+K2Z+WiPYh+RlCilsc2fQyi5TokpPpi+BTC30j3ylob7rdZOm4eFkTdx/khwqygg6XRhUt2Y8MHeDW3oPCaSWFvulz/qyne94xMVOzKBK03tNXaLHOSnRzyIL5qSMZAMyoJOEBALVkPnHOpNS8eutWmKf/eFcN903oKA4hKUrn9qWMdcHXwEvwyVwOvveJgL1ws6jOPFvUc9zhtyQ5MUlW66UymFp9NSKiCkDeIsjCPiBSoyp8JYj4pXnzGG+nR3f0VLocfA/jseH3rVU2qLauM5iNnoObCuupDkvhECHZs9Zy2ksJgftxD5ezTZ6AgUB9SeMqxbU2m6jZFfU7Uak0+YcSUK8tsspzhtNRRptYj1J88S/YtIuaBH4fA6Z2QPZ6q6Jk6+uSJ0JeQ/DbQbCcPcPsU+5fd0rRJHNnk0UTyTM5QnLfDcS0H5+bwupPR8EwO6vncLBYvAhmoQygFBJHp6qKzAZuat3Yd83PN/JIbzu1ceHrt4ewSyPoBZ0Wo57N9+QV6Kqr0GFMv2ZajQEs6QDFpbFL1VF89R02H3BGgpimQNURk12wL4kB5J9wF5Mj4U7jFkVkdrQeVMr3YLgzT4a8Wrfvxo+IItCHQEFiFFwqCAlIsUtm4lVBhu4Hz0OXn//ZbQEzPp78IQG/BV568EfKYl7DNzeRrLojGCUv/GjgjZf2cGY4h7EdYWWjKFEytRk9fbdOv3QPlClDbCwFW9k73G1h0C8k/VYIAQdr5esPWFb/rJBdiIK7BlqvLezXWfuozbDXWzjYMGs+pLqmjKOzfLOnR2jI8nEavrhLR6ok+iPnmd+yoDx6zchmqKvoVzqzz9KfaYOPU51/VQeyPgBiK7/+C8Bx+8323sUEbD8jp+1VMwb5hSdfJTdlB6MmAwf9NgdodjRPDzHCoYAQoTI7A6UnWoq3yOKV2+tfZiwusxgHRTuSrjqNUukDgKHDjz38YRaD3sr4ZA3Zr20ZUkIia3G68KPwlKWu5/2qdYCm4u/48qZjbZsBHKGtrvlukq9XQVLgPbGB4U4dzmJHS4gByMWJ36nBR5ye4YalSM+dgTuNe+vxSl3lKZ1BKfGXEv3AdjQcHrp0IDxsXlgBnVJC3SNW/aXhK6c+JYAsfwAMpcPQoaZXwBmp6sbl8lmb4WuQlrbCTR43G5JY0TZhmWeLHoG7u52ZVolpnpOIixB7EVBEaCXTZVgEZRSEKVV1wvKyjqzzqtFIp7nqCYSjdFSVyylaKhxeZ7+hnTY9ExJFBYforsJh/JxRS53I117gRO4SvNC4tbYHrGl7PJZ6tFaYwy8Th51YG2i6j8ch21k0bntOrmXr7y+R3DIek7nUmeOSaIuyCB+YsUMXJ/uje2RcO4FAY7Psig+r6OSawv7efjlqScw1hcY42xY3FgU74YdpaArlI5g8h3qSDWPXcMaazef9WGS4T7jkqm2hb+mP5PeHrVBvXNz0bSknWE7G09vU3Wr1oP4MA3JRbcOWP5NREuospcBT6fxLjiEzALAs9RQZN2sREiUkOgr9x08SHPwGEv/ZgBjeL9SJ84t/A0SxdhmKUmvZb8h2IeVPxtmgBx7BBGYpd2suV5wa2yl3SU7TR/Y87ZU082w57afYuESpTbzkM31JT3MbJnPryfPtFJuUvugropCtGwAw7wwGFNHIrLdXKvxpb8Mi61wDVg+SkUBT5nP5C/XRilDPjJiGrrNB1U4++CKF63g69UJwsjBwm3jLnik7CVnMS6mK9chcuZ4F9i9b4ASFCS+CXbOHO3hzTPV+sd+HPFumz8RvMJUbLSJJpPc8fZHEmhbvvRnWaqIA7/6UwoL2lpNArCBjROunRvN2M2VuAmTowynp6q4vglK1iVrH7oFvA6HBZcn8n+lC4zddpuuD3WQDI3O3trR9qgoELbtv8q2RQrXhynUGOdoW3sxwvt3zZd/CZcmvMfDyvT3dsAYPxChtO+RXsQ7PKjPcHmJ48Fq4JJMSANzRpfvaWgszaXiy0pAyGobQO3AR9sPQ2vFEkZml87P9anIabBlYNWbDOIL9e/dJAQC/ELnkBqkbvYe6jjtk6YcO8PODdaAzdHgwfPxb2536ghq67gGcOtL+RlwXgMAXvT7YGgQjiJ9c90Up09tRiurpHCRKWPSFngNkwMWaj7LlcspBWABUwD14hOgOtFQr0xFlWY8VoUgtblrDNuSzEMse+X8bdY1gXEQmgsx+KLj7zD0o1/kyvTxhWs1fuiC3HMulhBsp8Ub6FQ9oMmxIaaogagLWI7eQOeafgQD9ASZpr3QuHzhpm90w8s3zIutKJpn+GFa47dVu0oLrjNIlzCRY/LOfNGjA3GWndmi+2yD+MjKE4P1GK609jGOZR+dYGYonQ55hrJIDA1ufFafc9GFeAsUbGQCDY3tDjylahX6+ZGMpMmpdkpAJlj9skI3osbP7Efr+5Kd5xEHIWn7Vn2XybgHe+MrM8gm+YVp+hS/1LtcIiMBfZVvkAy/0B2rfQYRADaRGCgq4eo30W4UT5B7PHZWT/Tja8AmvWDcvuuolvx7Zfn19smZWhIbvMlKk0n+C8nFAOU95lr4N9NdU893wsPCB12cOno3/aZ1wE3iE35xPRiIin7P4wq9q3MHIyJLA8bXo3tyn88Jrxe+KRlYtMc1WHyKtLFejLoXv9CLmBb5TVYJ3rMBCMrci1OquQ2CAAzKiBjSZwZLe6CVVV5PW7hUiqFbiQBxORoLUF0bKn1nMmklixufWdaaDu8lZls2zYzEXhwlTQgYb8izoReMhRdO3MBNVuZfDl+xsPTQ/SubskJgT1NlbivcHID7mrsUueeXReCqWLzfWez1ZRIiQNvvxZ4C/Bp7O+Pm8WiJCh94XMnrx7eDP3f3OKtd/zqs15RBTcUnKsCxmcx3VmbW5pu42okvcjIcVTPt7hKLFb+Pvgd3nGiMczYlict/pkf5TX6yPDqW82B6UtLWuh9Keskxhr6Vg+0/+oNZyg8Pg9RjHrTkIhYBU3WMpUQhpi3oQvCN5DZMsH7IGXUPRV2AsRwcLdKuf8zgiDqNr+cZcxhts5wAt+3G12/c3NrWCATLvfTt6GcZh1O4k9U3CGvBl4w7bgBtJKL3P46b5bPBNy9C1DnvfEqtGK7Fdg2RNEyT2Lk3+6DJbu+waaw49zSj41I8fP3O4Oh5G9KLbaMvLzfs+DFGUTRmQAOShERLTU+CdXxhp+xl46LlGsS8Gwb3kdqp3GFJpoA/CCAdrW4C1RTxnZqHFDbQECEmNt9jDHrWLIKkPS2yLNUwoTx3yc1FKJr2+vaSM4VYbOhJ3h9i5ifd2qhSkEdHq8yl7BSuLhh0asE6nymlAHHbFHAtQwBFNBAtRcqIzmkkbOGjl07Sc5ey3WT6Lbuz/pa2U0HczHgpYQrtO0PPmumMjC7g2uj04lQ4RStOlug/V0kHv9BXl8LwYlAHtJNkaHQ/5IFSKRFRMr/hWecdZdU4Yvhr+JWS2JCOfV7wlANgQrhaNmFRoESKZfvI4Nm5kXo7+H0I+G3f+eiEMLjrHzs1q+OvxthVoC5+pO81ZYrXI+CUv+yOLufsjlluJsUtRhiNC7ch4Aqq5n6JTq35Z/kxua7YuyGY2wc7Dw+AY25wVqeShco2Mzrnd/SXB1osGl+5lKw2tbFCuCvA/6jatVhxBp0Cr4TsrI/KF/LQHI83O9caVCk7auV4eG64O8noOFk/hh9P8c+uqDG3rwwP3aLS/KLaR1OJSxdZ3/orNBb81YnxfzWL0uceBD6MDNJFVFnwsw/OQs9IX+VxU8ICF+o7tjUVFDm17ghzJ+jGUjOYUJfsVpT/5zFv7Us1uu9cSbhDJdmizARstP1eYfRBAqoUJC+o4nlJK6yv1vs1mZYt8HKx9OWx5l/H0SCdOvjSDUhgwLuQUXghK/sh33IKnOhQf2IeqqDC9Vx2hu3tfq85yArvN1eADrhEMLjCTmYm0R8dU9BgU2OYp72yth8zvaH4P1hc8tOavKDud4NsNeEE9i4tzjAFuH2BmmYgGyktyRE3nLBnP2eHFU7t7/96f/HwUofIgFo2cYESF+CWHU1eLuKSoBBDKRatbT9fR7FBPkHPQFfXW8fnBQnKmb6+ua0ddSGDK6OKXATW5aOfp4Y8Bu5Docey6CE9ybGJo+9ZK3jHrYTLJhkgAauS1Plig0lzfQrPfXD6vq8VxpZxmeQtumoQQocyOnuhTMUx/bsCzC3KW/cVy256gDi38+i53wEvebu/rRusqFTEIQ6qipR+XqcfunL4MoBwOQ286ZheaEFnsRP1nz3y3hnpdqMn7b7sDmJ35CIdADpPdwXOJZhkUk494aiXnMZMvgwQRQMSmhQm7vUXbZ/Tuanke2RMEuUdM22dDeKZAXQb8Xwaa8PGhwFznT4v69275bHTcdyHR4TPiHijQmQXc/rDMyKSA9kSMcn7YpKAyWAGJy5UaWlURaZF+Z7MjvSJKdXwOkwh/Q/xPu8TJhRLbppW6m+hnC15ZQeeXYnGR647tHu0o9eXFOHU5GR2khJNI/xUofDLTvx/Q8jVkllcYe7wkaClC+osy0rj9AhuPfYX0GzI4SIaNsUz1HUZsve/dlyvtROWyoA1VmKufIUy22rhjYUToiHfAQkit2tA5f6XmoPxkLtPDa7sLUu14FmePW7gQ8dkQgAp3PeJ8eszAQyu7X/gU0WlMTW90VXnpZpeGQ/9xmzo4V5FhHJrdJTmSkkLXyywKwMSQqMKvQGty52AodvjLwt1gBxTxgIFbgfGb5iwKxNfzhx1S/YJ561AsWihvFDTgoWVguwlff77y+IFXwy0QSIEuzPhqxvZWmRNx+aUyYT+L+TpTOGGK3Y74CDKjJ6DUvSbUqnd1FqntFSadG01dU/TcWzwjr97cupKybJab+9QbypQ0AngLvcjYFE6fHb1KRcXxli3kpfn4g/RWK/ZBcPi2iTbE9n8/98CnmxoZ7TWOYDCDPAeY3Gmkop6q/bhLw2m7r2u7nTubCbwyhMZTWjYgz/avmsfUsjfSK+3RKuORY00tdUpkWu9eVomxXFQiGO4ygk1fdMcKpvG0Olbj4Lbh0oxiuSYy28X7wBG1eE+SBk/3wWDtTVhNo+bZNmVHmApsw6RhNS9Cqo4zkwnFpadfqQOysw95xS2W5IAnNVHZLsC5/eNagc0dgFHmE8lm8XD3Hywp+3plI6Eko5eVH40rzSj8zgst4Q2+v/FhLOdFJW5pr9DgN7dCK0DMY6v4XzaLfvENJmIViJjL/6kAgyxbO+kaWycsCGdU3p1KL9OtArqJy15Pz/UHsf0NZjC5/gAJF1peuAjRbob6ljzlkbi28fbpJRy5NPRgDmX3hnAxsNUKc6HYWBm2K2yfAwSky28N9MfN0R2WunM5VzvJurhqD8XGOwqPBj1Bim+LAfZdAU1tFhg8dMkMEEZfQrQpTvmgAklKR+3enIoFkOxT2DC6Jw9DKMlOPpYLEKExKiuwzBJPmOV83yPZd+J6H8LRzuAdTjpITSlWfNNTbvngQOwgfZ9yEWpJ4XOvCdz4K+,iv:NggGOw2tAGuxLrryL6pb12FkCzFdplXaKiq/IP0gGcs=,tag:rEeKIvhfFksNGCRo+BE4ug==,type:str] authentik-oidc-client-secret: ENC[AES256_GCM,data:lD/xyU87nik68JX+T2H3Gw5ZqsSGzXWX1RjqWskiNu68b5uCFjhRRQ+C3A9P59Xp1pVGamEYx8J4P+hs35Xf0Y9yG/ATiOwkV5k4o7n1d3gkvNwVY/9NaQuNr3KdvjZf8Z5WmGCQkKHvYyq0e89Z9IPe7ML44zQ8qV7Jcn/q3eM=,iv:M3RHdROf+Juxnvd8SiTrjXP8ZirtkcKye8tBpIZphvc=,tag:0BFwX0e0DIj0I3xAU6PbpQ==,type:str] -minio-credentials: ENC[AES256_GCM,data:J4msUueIfNf/ExBe9c85Tf/VEDBQiICWga6swbCuE6e8polpjlRZxTa65k47g4IjEvLJ94jp1LrtH248QdB2QFqQtaOo+IjQ1Yu6,iv:7rjGHctLC1bxNjI8yF1Fuiw6xPXsmyGoANIxanF7H4I=,tag:2+tWwlO8HdAOwLgz7XFf3w==,type:str] -minio-secret-key: ENC[AES256_GCM,data:FkF4hFiW7s5gYbMbdemsmhduYDtb/aqMoUgP+CWI3rw=,iv:6syOMYtryL1Yw4UqIyuLcp2FM/dWLaVNA3UlPdeSZTQ=,tag:GPkHq0d7rvzKbg2BKrmB5w==,type:str] cloudflare-dns-api-token: ENC[AES256_GCM,data:2ny3JehpK30fTUDKrbzHv1QOczriChRyMQn6kNPULpUJ+eVwdptLvg==,iv:8wNAn3oawzLez7sO4ZvhFXcaZIpFVKgKCvTBlszFHn8=,tag:fRaO+u/5MtAWnTiy2Zwh0Q==,type:str] #ENC[AES256_GCM,data:KWrVRQg+cLm5MUdfsYrh7hkI4CWkl4Z0sDj0769eebeXDy+veixrQrxh1ZW+ro3WLwoIdU/IH5DPM4TWYn2qoM5aDHjGX764pr1x,iv:uZHBsGvSHv9vd/Wragl1dYNJ+8vCcMit2K3SrMFlz7s=,tag:7z4LyADfQvXsM2vvtWru8w==,type:comment] traefik-dashboard-users: ENC[AES256_GCM,data:kviapOq+xzxhjryse+5DaZbXRS/LEYyjqqFbHymXAZVEkWlu0T5pZ2bxSNCbXN+tXnb0u+6YPgGCaRNPLW74AF1hO8W8QqlLDA==,iv:41bwPyFQcuOLILTjLWUu5Kcnct/MaIIJsMbllc+n7Y0=,tag:17HyUjfRUcLGb0FrUm1O2A==,type:str] @@ -11,11 +9,12 @@ mail-users: ENC[AES256_GCM,data:qKLi42k8LT6ojxbPXQgbi6FlI2I6ge6qJn0aNj/Lp9iRjjnn youmubot-env: ENC[AES256_GCM,data:EQ9e6lmCrjofHiHyN5Qe4b2oplP9/3JKl0vuFp54Hw9aYIS7j3nqzWLCvV54ZK7j1PcQ+CQorjeCVMV0TUy1f1Pf3qjrLkdOdV7ICq540gdfXOeXuhAx2EILpGkwIYOdKmTMSO3l2QkOlM02RNOn1lq/DogAydkEq7gJ7qSWnUEr45oNCa1+LamH8vcbDmIyzUWWXyA5EQ==,iv:fnNGZ6OaZ4D71SvWPRynsMpO1IsvxjQ3XtrswNSY+Wo=,tag:cN/ZnKrjSfD6AbU9pYNl+Q==,type:str] outline: smtp-password: ENC[AES256_GCM,data:zpIi6jVB2Y7ksBOR8SGFgjOD1x3aS6dKa6taLKB8v2l9p92iWDti75qgB1puglmmq8mCzz8KXLrM0Bv7W8GWRg==,iv:6tKINzQcApmNuIbNn0kSzFJtwn3rky/uFG2Ff3lazUk=,tag:kjB6qB87tRQVpy32Pt3D5A==,type:str] + s3-secret-key: ENC[AES256_GCM,data:dH1Uh3G3RNqITOvsecOW0my3xM3H6xhKYONcwORNPBZmlvSWYvhZUxkOghlH9sYHLIU4yb31QO7npi01Sn3kww==,iv:cV4xqzS5/3HseODY3hS/ycjI6HccsrSGz5Dh9exqNIA=,tag:FMGR9NiTn5S2fTxNSQYBDw==,type:str] heisenbridge: ENC[AES256_GCM,data:rJY7gpcOY8nODR3KlYW1rEs54mKxr+AjNBeg1/2vTG0Gzpuvjgbnn5UVJS+P8uej/P4HfeFtlQSFZCEy8cXcwvwq97ppVliCGL4GMLRWaFmop35feC8t2ovh79cy/vKC7drASeGvWYNUmGRjboPuKA8W5LARa0HVDPGDLIEMVgJfYry/YKR3gsGmLzU7Mx1yLO6M/EFOJQJc84bSuu+CPSZcyUVF4SSNBiaDU5/NazlqaA9KWL6Xzu1MD2LEYdEFkRfitNgYj2m2gLd9voyGV4cfaCqJvYjJPwuZeZUoqCpDnom2JoV29q/Yq/gmyumPgOvriGxLsYBqV14MaCcE6KXE2uLicD+I/5or1AxepVDVjG9NoSgho1HpLvpRhMSCeXLk9+U+ykH3QA+0M+VVu9pswMMVQifnTtXZRM6pWxOnRVAzGf2tGDo4jy36S7pHaRn7SJcrljjWLfwHuNiu7E2uZhMrkcCjnjcBA9Xrb3drDQYVHya7XcoD4wOBHBDvVZwhYkNdkS3oYkom8A==,iv:fO1onfon3EdSNC/LjN1aWxpHBYq5aa0F/h0V6gl88ac=,tag:NL9p2nhIlEqgOdvUDM19Dg==,type:str] matrix-discord-bridge: ENC[AES256_GCM,data:/rlSjD6inKfak7HKKghH5ays5RjKmb9czGsoIOYHyTZC4A5EMucCbfn8DL1gkYXgvRHJ+QglGX/BGo5ebaxSj6nF60+aW87UG31KggOt5kkMuWsPsjvrufoc5IlNfWnXIWmqf8cdC01hmHEp7biUpI8CcfEZiD9OkOxbZcRfYqW+ttnzplFniRBjGPVZfL5g4DBbuJen5MuOrrMDo5CT+78n,iv:r9VBbDCAAElisCaDehrB6PhJHsaaHjdrk3103lmBT7o=,tag:WoNMMfyMifsL56yWq3MUOg==,type:str] authentik-env: ENC[AES256_GCM,data:CjxTaqIcpBX7ea9L3tgJDELr8HBPJdxXsrOfhsiH4cXwCEzktsNKHjF7l95ZFgI5O08q4Vlbln5Dg4xPEx33nwUesEbQrT5d+n+2YaAxmm/WInrYzF+jB7HYTXASb3rY9PWgd2C3v+YPBkJetHlTUc/k19Q7lOQRNw==,iv:cG8Bi2eCsS+v94tSJBsqp+bjVLzXZvvwX1QVVSYExL8=,tag:VmbfcxCcfi3IpKjg3f8QPw==,type:str] firezone-env: ENC[AES256_GCM,data:Guwc3ovHJyr0m0gsvcJeYDXxOsccv6ZMBJSjWa87F7BZwCXLanMetz8b/GAxe/+0qT8IBKCDvLS7B5v2DM5SYOZD2tQWnrwjU90Pjji2RZhZZy7Pc1kAmhLA6ddpBKGJTLcGxWkTnWOcv8qWEwmfNpgT+kUIDLmjQz2pIMUXiXBpheQyPLWBvIIgrBT8QxkX81LHSUDNG29r7olJv1t4oox58r/PKxnfzUkX7lMhZdIpDMbxdWCU6/F2R483YIaFAaL1BuhCkK/QbuqOPRL7yIGID+W1a0JvKsRc2oPPU7WAWyGA3CLwmJka2sTvHrxosMgY/eZYfCWDtRno6q+OA+LI5ZfFu0weA9dpiUkWLGJ2auSZtiL0Sa5D0VHxZlG2m0iD7o3bcIWUi65cb2olcABn3NikMglw6PCWXxM7E5hqAbpvwcN5JeIkTTesI6xthzT9eoUak5SSvdThrwSlc3dvMqOvmRVGD/wR8T9GcKIZoNT7wOvgltecpDbYPNgwKimHhBloMON/qKXuIaYV1dP1XQ10MMpSM1vUZl/JD24pDjFXH8XkZK6owVI2tRTTRZajQT2uB73oVN8EMPFHPdI3uwyH72NycQojIzXmDvMI/UXNsYWArWZyTwGpHbE0pr+I9rXch78pJYKvlIVFTqicE/NceeOm8bMO1O7qofk1/yiIE8RVjs7YrNNahcBrNI+97lvBNLmk9zpWU0YFtfmyDb/XxBsepwj++QY+3gJ5331ohp9BK5Ypr9pp1WRt9syKv2cwFMBIcHKMCji43NW1MqBj/2bgKGfoNAyCUaJqZ9yRcb1TwHyulvEVhJUAOeUxPHdJeA==,iv:6kPPn4Zl1lhxaEtRqq2BcMW7d1zKy/HUJzXdAgkPv7E=,tag:VaVIWg4RbOE7tnimOuqhGw==,type:str] -gts-env: ENC[AES256_GCM,data:7Pf2O3zDrqA96LbwQeVO4prWAu/xgiKxvwPP4I7zsam04kgN+CLyEMNmzQ2EQSFRkr4qriJTo/PX12lZH+hPnwfCjmnGnYJeDwW2cD4sxz8/y+EYBpul6J76vlEALorw9s2O7CEA+PXBsfjNqjzdBMVXxh4zvhFBqwvbDNlUOeuS+xLanf4XHxNXEcbgfL8QCnE84yhzah4f2dS0jLvSK9jngHc3ozmRyS0bWtVGJ5MWuPFw/8p1AUbeFDI1DdDJBl0aEwBR6zPboH85zcdgUge+IrTyy+7ZycJeFmnugdfCubUhasJ6xvjxpwSBaufieOZCghJuCaTllMedS9fYkZsfPl/U0M8rE6+7uBVsKyM/H1QlFPMNV4QtlaEEKIVtSkD8n89JaJ+Pt4VXzcKmZUBPucdgcx6QvqDi9UAg0IdyIfV/9awTsp3v22GoGD9J6Nf5qjl48jxOGDKyl9XQfJyw86gZHRLa1liGpuc2BCHsKeZIK3uxkCw22aHQaBliIJAnh7BAtf4dVlbNM8H7UjXKIeFV3BIwkobNRsFIYEitmAxJTAdcJeyr2q8vndKQ8bNuRO1N1H1uD+NjUvdMX22YehC7rLBNbuLh6uc64XONFTX63xYZzDpJ5RNUHoPwik+IONa5jo+Ym9Jmy39/NOWEx1fh629v/2nwY0k7o2WH3tYbcwvmmO5wLajC9DF+RIASQAfAM2oX2ec6WFR3KrKnSquo9pqpMnAsaZ5ZSEXb50uUxRWqnzX+m+CoDmMwwKvsEjtSyydA8Gz+UGtIiDgndC1eoamkKuceTm67EZ87ThLEtoVkBY3e/agRFC0yLiY3C3VcUuGwKObfoxje2Awt6GgSUY47cZp1T/MjajBCbpI4VVxCPqg30cqL07vxlMAH5e/n3qG3d4O6r7hTi1jto8qi9jvt3uGAnmqPalD7MdXayq3XxwuwQ3cZwsfE/+MiYvADhgerKa6Z32wDcDItzzb9NIQCQvhhXJ8YUdkOyFviUGS7u4Hhe9SDyw==,iv:bZscSruEqVFtphcrk9BmepnUkgf9pnJA66Xc1KQyKZo=,tag:b+35RaqsUC8KR5aoU5sl5A==,type:str] +gts-env: ENC[AES256_GCM,data:qcoDQh23XApyXPwvzMTGb2x2sMgis9SqFU2NRuR4O2puPYEb7ShTYCNSHBNje11w8WAsLmXnbY+kke7bIFIsgb7JOPBKvRvV5TumH2eBuiEAwW98erEU+s+7ArY68OIIhuyX+pViVlvj6rMHzS91zr5IE9hA3tWpdSQ5gb/LyZhcxJgK4cksLIkDNSZFn87qVGEpYChsM5jbbQq2zk39e0AmJpeLUVgLmydMhI6A6UnclW2n+43W+SOUMl9IwB1SrXA8sFphOLsyUfxG2Ne0L4QFtnywUxPln+COSHmC6Qd+yZdF7O9leQoWEWg7d0OvjFkZCrF4HryMIYIgRk7WGTuazcN6FtQHY4tiCePCx3DBy8TxDMg8vAd1WJsEca/9LeBNl6fzfJ/ZoTCbCvtI3SyiqNCxwIwpXrnUykwszs+KdnVKnfMSACs9aP0I1JCdxKyMWWFwCV5VGrRZh/3JQst/GLOiw58EbtwmavlGYjaaUM+JzcCDIWmZbF5G7P10SPgu/931FBchN1+r9jcbEUXemfE1Oit1J2pgAmRh/6Y7kSbj+8rtvOIxVVxoKidVETUJ/W92NsWRpgdSrcFy7W0nu55ufZOzEHLFKsEoSGZL1IlLh4iw0iC0xtCcgiR/cRZQNd7igkV6T+HT64kkjPy2WI3Ei60gkqjoxDT60Sxd1UlBr1ge0dI+SY8XOq4mgvBXWQynjNDdKZOzVIT0Z/o9cBjx1nZUA5Bw5fmTKw+sF/68lHqeRCyNNhUaOLOzH0SH5CbKUayRFYxvyjW3UAAFvqoFkOODAFOMtjDZ+vfHDtJ/I5GpR8HdeQ6ewMwltVc+8Hkn0PtSDRBN+e2Bh90pQdnzHn8OCFQrx3cnHK6r6g+Zvbq3nEKeEHXLSNw7Z5qUL35xhO7rOMteUdTVIrV4GE78jAKyCuKttcjkNao3HjDAA7RePxUJ90h4OU/fq2MLcSqV0Yo3DIXtTN8=,iv:B7VIq/i6RgqSC/aV5GrLazbnBeGtq3twisSf60VAjfM=,tag:V4eAGJqPbZQTEwS7ieZBog==,type:str] headscale: client_secret: ENC[AES256_GCM,data:MLW0z2stjhXgxb4poAYr7LzrLzTNj5HqJzsyzOvYpKpKbyfx7SEdeZidG+m3ROuaN4PVsdpJblFjsvozzQlDQYRJZo8q+kpPvUPvhU0Ejya/XBO/sFcJKzulpfr4j3rK7FSKh2V6PiB8m9mvLziHfDmgL30le0wDD9uCNWkaHVo=,iv:1hRwI1NG2yO6igBsEGCg2Qn/po97ZhsyAEZOMKP3EZc=,tag:FV+RXBKyq+EJRsKT+DZ6lQ==,type:str] webui-env: ENC[AES256_GCM,data:F4fGd5szjEGYqseq15VF8Emdd5oXKAlj+O7jET7BpD/w0/M162KgXQ/xN/uzO5Bh/euzedMrair0c8SQKO/06Ko9cj35lclaSrnBiwHSDIkFvuoITvLeSVSR4W3dsui91Dh8GCCYO8JAZQnpqClls6kHBOO2FYVwF06zg8Coxli9cKkPdeJKLDEnPGUb2UpLoP0dieanNFc3YNIavlXwkgt4/hxEoKHJplTYrilekBtZjD998SyvubhhVKHTH/VhTgxodXgnbI3sV1a3uJCrUKWt79NwHu5TUd+C2/gZqAniCbo4AX8=,iv:87cme6ToLFR4eF5apZauIm3Q6HR3Z8EM3GkQxo06oNI=,tag:dbXLQhw6qn/DyYJ3/UeDiw==,type:str] @@ -23,6 +22,7 @@ headscale: vnm: ENC[AES256_GCM,data:F6rAV5ZZvtUvFC6sF8M9gKVrcnUZGl0IwWzTDyLXITQ/QeXC9VU9ypGSz5a9GAZ78tPgHtUJ2fJFEEpteMz9Ru2/Imh112NrGf1INqvDKCnX0j+3P1Fms/aXdehETPVSprNl0C2u03ygFNX5tjyNDYysI7Bqsu8MtkRkBFjm8x52VPXiLsrK80Gctt9OhBz4Zc9G3RcluMfVr6y2RZHIsJgVgXWm5rG8WQHTsB67D3Uz9c63KOkQ+Ib/5ERtJ7RwjBGollQlFhUSMgc0m6ftmNUt6xNbMnt16bJVUtm3rRD9S+2bkfXObCp7FpqIWBCIYF89,iv:ScBU0FV5wZSlc/p7SSe3PMVRddLEgLeQ8/ghVsw4TM0=,tag:XwvlBiVzl+FTiQOGScVLag==,type:str] gitea: mailer-password: ENC[AES256_GCM,data:LDW0bpbfanBa2QjqdgtKu6F+zG84xaGuLg1cs6eTJbg=,iv:Kle+czR9Xqi45qWjYJIjRhq87rG2PNoNF6YQ7tQ+HJA=,tag:WUuPgwdnz8F2WtFsgcrw/Q==,type:str] + minio-secret-key: ENC[AES256_GCM,data:IRuaRgOgR+7LMSLwg9NxxSqUCbze8qu9cPWJllsA6GTNmllEHrlKA6ywZrlTlVmS16fkmQWCCi5wjZmltw6UCg==,iv:zCtqGkS195f7/ikwnjhYPTxqmUV2y+kI4OMT1OjMtCw=,tag:wMLfU8+zau7VTxRArfm1sg==,type:str] signing-key: ENC[AES256_GCM,data:64tLU6rVcCq6CSfVGtFfSc8m89gHFHwGQ4JSHw8p7GqlB7ioHrJVu8o+6u6UPERMfkcHsTG2gTwh7wpblF//bk1+TRyYWSuDnIGl1G7+6FVmJbvLyGJBck0NauW4s5Keiqr2qg38i3y9qy7kPaJGz/2J6cYYSQxB9xy8mtdoxwypGf+zxu1teiUnKmWa89i941s2FZZ+FoQvQCZs/7En3YnxNiDM+lXR4wqbPZPROlYHaVDOgeACBgq8GwNdgAFF7qRLdjxMGgjS3jjlD4QCJlEO6UbqVEBEK7pf4Or4kx/RM2A0rgGNUPpwKu/b5xGTUkA0X7TcZNIcLJ2zred0JIEj0bM7MNrkBIQovHEYLT3m33W1zKTTBC2lgPh90I/tPauIOb1hWHzgjM+LpV8bPkGXIk3BmoxW8eCiFmSjfvxdyS6WVJ6lGOIhaFNl59LyKsljyUmYcauig7/T+ylGyWiPViXuYB4fWxWr1t7Tb6DgY2fJdl5KQHLkDoAylHQ6pOb0l2YUGw1+vvHocMA9KTJeTnhTWAPZLOIFbfZL8sxrWRlpuZvvKdXlOjzKwVgCzWudYJ4jUoPSCmvxpnuCpiPbqaoZyA3Vyx7UCTN7UhKRb99jxEqdTrDPwRL0VlVZUQgLDTMPXHjdoOan06wXmDJEDRDBFsrrpna9wY1uvyPGBBpZ+uQZdxPZfXKQ8HRVHS1dKfyvdIaG/eYUrimF9euhYKYGPH02S6UcU+yQXw5B12HBxLDwS0oF3yWXfTMBsgejWFAuyQkQVJJjAi/Zs+9HJ3FQqr4vl/hUclv/X2XURuPc/jjYziNuOAn6yGhXuNC713SzUOnZlDgEcCkm8DHn5hQ/W4rZGUbSq+y/HUk8GA6XSw8u8H7KDQFnV4l4Chg1cKAf0YSXeinJ2x/RA9GXBvC5FVOM/Cx95arxS57vD578Rkdf/c7UQmuH+6X9YTX8MHVgkpHAGJ+bu2UnQ/hjAvGW6kee4jqefybCTxJm7qcSz1JrG6rS+S+9ZFj8BrXLcSIRlvxotg+FmBjdlqJMj5i0w+cR2f2zXPsmeDC0gmSTV7mYNz9+uMv708xwm26e4/rTT0hS+szLzzz/Ygm9yAkLf9lIS3457IWEjF+LCs9SEq3jfkx5zqpWfOpBCQU9rYKJhvjCVK6a1Hb2PfO4klkuwSNFPwyMHDlEqNmIVUf6uM5p8RVEQy07GsE4ycNtgicC32JGpkotcaU1ByQVbqRXlqJqMJnUEbnWH6qf3Em+wi8eBHmPf1BNjdP3f9BOle+H17/SdKssRbA8o4qQAGVkFzfjybMIh0onB1e15Rt5TUrRDxQAZG+uIsrHEiEOCDED846wO9apeV7wuOKXv2USDhybQhIctcuwxFGQEZWtGGrKzWTlK82Qb8FUM44x2HFj1SK7mIQbU20TcL2bd3b1OZ2kQe16CaT9R0BkpRlPLfiA1ZD7+3DdCyOJxTjutCQgaI1ONQuWn47rDOMbyqZhxs+Gj6bormGEWVRXQpV4VTknN/GyFB2aWQmZF8hGpEBl/t8IfOXDs56kN2Z8W2eKzHZz9u11HQ0eJ05LX2xz5DB+22UZT4bGK6Y3vJtB0+27r7G7hh79Fkapggm61xh3+D593epyW6Ix4hN29KrJWz/s93gi/g==,iv:LlUhINacJf7haxl7i0QI9ALdOFLdLJGbsXgszKVJOVg=,tag:ALkAcUmPFHp8wpI7DVYbiw==,type:str] nextcloud: admin-password: ENC[AES256_GCM,data:wDL8xCv8/mFQniIRQOR+zl1kArSUXc2KAfCP1jmnidLOYwC4X0d8V60s0hAXCO1gUxNTETjbjBkGlENpvQm8dL94DIshCMyMxFc5gUmrF9qc+omOPT5HF82FgaHnN9N6sH3r19SfoXkMtBROj1V6xlU/lVqx+CiJCSCBfbllYkY=,iv:DGFlXNRXey0dIQVzsg0qkPGxDG+36tcg0BXUQzHfANk=,tag:HdpNO+ikmXo7wtahYwtkDg==,type:str] @@ -75,8 +75,8 @@ sops: by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-17T15:08:31Z" - mac: ENC[AES256_GCM,data:ejelcIHDYd7zbIJVw62fj4EcgR8ln/jm32QlaE7shYHwt9nJEsV0aWy9rqEjAm8Z0z3ruT4hR9M7aFkNICR9W20r54V0aRfJsp0txe9LeisAE4gXmVo3/+6pBGOUQNtFO+WaLqDwAGNvfr7IlQFXJyrkuOGe+HGVkhlx+UHxRDI=,iv:pI2xAfhajEWt4RjL2Cu3QPX8bgJn1/ew8ldz8E5Jej8=,tag:KJoia8X/FpaSbuXSDOjQAQ==,type:str] + lastmodified: "2024-10-26T12:06:05Z" + mac: ENC[AES256_GCM,data:nici08Luubj2xDfsi1s16VCyG5oizIC6DRfvypmjWRpn0DSpcoWW1j32ya2poEwzpBJoVksFp7ijyjaJv8obExKx94ZYc790eOp/kp1f8lBaHDF8qrYYPL5penkt+UTKeb8xb7BPCJ7O89IVkIjAt7EoQOliMYrLpbiZGkMdHE0=,iv:qY5+MjU5VaXAesuFGt4SgmEdcJ6+vb/mk+NdOPLjCik=,tag:poRJZW3sAMv6EMi64SEQyA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.9.1 diff --git a/overlay.nix b/overlay.nix index 8ea7abf..63eed4c 100644 --- a/overlay.nix +++ b/overlay.nix @@ -25,7 +25,7 @@ let overlay-versioning = final: prev: { gotosocial = prev.gotosocial.overrideAttrs (attrs: rec { - version = "0.17.0"; + version = "0.17.1"; ldflags = [ "-s" "-w" @@ -35,13 +35,13 @@ let web-assets = final.fetchurl { url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${version}/gotosocial_${version}_web-assets.tar.gz"; - hash = "sha256-ASqPIf98qdnkh3j72ifQN3mWnzNCTRcUegmrStvQ08Q="; + hash = "sha256-rGntLlIbgfCtdqpD7tnvAY8qwF+BpYbQWfAGMhdOTgY="; }; src = final.fetchFromGitHub { owner = "superseriousbusiness"; repo = "gotosocial"; rev = "v${version}"; - hash = "sha256-uyqP3zhjcXKejGFAwZoTn2kY8IpX0QAAXNzb1VG6ve8="; + hash = "sha256-oWWsCs9jgd244yzWhgLkuHp7kY0BQ8+Ay6KpuBVG+U8="; }; postInstall = '' tar xf ${web-assets}