From 6585a3c88a573a519fa862d5e622956e5f299e1c Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 16 Jun 2023 23:18:53 +0100 Subject: [PATCH] email: email is semi functional, can send but it doesnot save to sent items Unsure about recieve --- applications/email.nix | 169 ++++++++++++++++++++++++++++++ flake.lock | 103 +++++++++++++++++- flake.nix | 7 +- machines/gir.nix | 57 ++++++++++ machines/vendetta.nix | 3 - secrets/dns_certs.secret.age | Bin 1173 -> 1334 bytes secrets/dns_dnskeys.conf.age | Bin 879 -> 890 bytes secrets/gitlab/db_pw.age | 27 ++--- secrets/gitlab/ldap_pw.age | Bin 786 -> 728 bytes secrets/gitlab/pw.age | Bin 778 -> 691 bytes secrets/gitlab/secrets_db.age | 27 +++-- secrets/gitlab/secrets_jws.age | Bin 2339 -> 2334 bytes secrets/gitlab/secrets_otp.age | 26 ++--- secrets/gitlab/secrets_secret.age | Bin 743 -> 720 bytes secrets/ldap/pw.age | Bin 828 -> 966 bytes secrets/ldap/self_service.age | Bin 1666 -> 1861 bytes secrets/secrets.nix | 10 +- secrets/stream_ulfm.age | Bin 2857 -> 2875 bytes 18 files changed, 383 insertions(+), 46 deletions(-) create mode 100644 applications/email.nix create mode 100644 machines/gir.nix diff --git a/applications/email.nix b/applications/email.nix new file mode 100644 index 0000000..b660c02 --- /dev/null +++ b/applications/email.nix @@ -0,0 +1,169 @@ +{ config, pkgs, lib, ...}: with lib; + let + cfg = config.services.skynet_email; + in { + + imports = [ + ./dns.nix + ]; + + /* + backups = [ + "/var/vmail" + "/var/dkim" + ]; + */ + + options.services.skynet_email = { + # options that need to be passed in to make this work + + enable = mkEnableOption "Skynet Email"; + + host = { + ip = mkOption { + type = types.str; + }; + + name = mkOption { + type = types.str; + }; + }; + + domain = mkOption { + type = types.str; + default = "ulcompsoc.ie"; + description = lib.mdDoc "domaino"; + }; + + sub = mkOption { + type = types.str; + default = "mail"; + description = lib.mdDoc "mailserver subdomain"; + }; + + ldap = { + hosts = mkOption { + type = types.listOf types.str; + default = [ + "ldaps://sso.skynet.ie" + ]; + description = lib.mdDoc "ldap domains"; + }; + + base = mkOption { + type = types.str; + default = "dc=skynet,dc=ie"; + description = lib.mdDoc "where to find users"; + }; + + searchBase = mkOption { + type = types.str; + default = "ou=users,${cfg.ldap.base}"; + description = lib.mdDoc "where to find users"; + }; + + bind_dn = mkOption { + type = types.str; + default = "cn=admin,${cfg.ldap.base}"; + description = lib.mdDoc "where to find users"; + }; + + }; + + }; + + config = mkIf cfg.enable { + + age.secrets.ldap_pw.file = ../secrets/ldap/pw.age; + + # set up dns record for it + skynet_dns.records.external = [ + # basic one + "mail A ${cfg.host.ip}" + + "${cfg.domain} MX 10 ${cfg.sub}.${cfg.domain}" + + # reverse pointer + "${builtins.substring 9 3 cfg.host.ip}.99.1.193.in-addr.arpa IN PTR ${cfg.sub}.${cfg.domain}" + + # SPF record + "${cfg.domain} TXT v=spf1 a:${cfg.sub}.${cfg.domain} -all" + + # DKIM + #"mail._domainkey 10800 TXT v=DKIM1; p=" + + # DMARC + "_dmarc TXT v=DMARC1; p=none" + ]; + + mailserver = { + enable = true; + fqdn = "${cfg.sub}.${cfg.domain}"; + domains = [ + cfg.domain + ]; + + #hierarchySeparator = "/"; + + # 100MB max size + messageSizeLimit = 100000000; + + #localDnsResolver = false; + + ldap = { + enable = true; + uris = cfg.ldap.hosts; + bind = { + dn = cfg.ldap.bind_dn; + passwordFile = config.age.secrets.ldap_pw.path; + }; + searchBase = cfg.ldap.searchBase; + searchScope = "sub"; + + + dovecot = { + #userAttrs = "uidNumber=uid,gidNumber=gid,skMail=mail"; + # use the set email account + #userFilter = "(&(memberOf=cn=skynet-users,ou=groups,${cfg.ldap.base}))(uid=%n))"; + #userFilter = "(&(objectClass=posixAccount)(uid=%u))"; + userFilter = "(uid=%n)"; + + # "fix" until userAttrs is fixed + passAttrs = ''uid=user,userPassword=password + user_attrs = uidNumber=uid,gidNumber=gid + ''; + passFilter = "(uid=%n)"; + }; + + postfix = { + filter = "skMail=%s"; + + # these may be reversed??? + # https://gist.github.com/calbrecht/bca39174f39a74e52a6d05bf630ad495 + uidAttribute = "skMail"; + mailAttribute = "uid"; + }; + + + }; + + + # feckin spammers + rejectRecipients = [ + + ]; + + }; + + # tune the spam filter + /* + services.rspamd.extraConfig = '' + actions { + reject = null; # Disable rejects, default is 15 + add_header = 7; # Add header when reaching this score + greylist = 4; # Apply greylisting when reaching this score + } + ''; + */ + }; +} diff --git a/flake.lock b/flake.lock index f0528a9..49dcf65 100644 --- a/flake.lock +++ b/flake.lock @@ -38,6 +38,38 @@ "type": "github" } }, + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -106,6 +138,21 @@ "type": "github" } }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1673450908, @@ -137,12 +184,66 @@ "type": "indirect" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1670751203, + "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, "root": { "inputs": { "agenix": "agenix", "arion": "arion", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_3", + "simple-nixos-mailserver": "simple-nixos-mailserver" + } + }, + "simple-nixos-mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs_4", + "nixpkgs-22_11": "nixpkgs-22_11", + "utils": "utils" + }, + "locked": { + "lastModified": 1684569145, + "narHash": "sha256-Dr8KAgjiGuigTgEp7zFO08zPA5o0RxzoPad+oDtg/G0=", + "owner": "mweinelt", + "repo": "nixos-mailserver", + "rev": "5d13cf0550bd5b201b28f116acc5f4b19dd5d753", + "type": "gitlab" + }, + "original": { + "owner": "mweinelt", + "ref": "ldap-support", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, + "utils": { + "locked": { + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index d07df68..6fd9804 100644 --- a/flake.nix +++ b/flake.nix @@ -11,9 +11,11 @@ agenix.url = "github:ryantm/agenix"; arion.url = "github:hercules-ci/arion"; + # email + simple-nixos-mailserver.url = "gitlab:mweinelt/nixos-mailserver/ldap-support"; }; - outputs = { self, nixpkgs, agenix, arion, ... }: { + outputs = { self, nixpkgs, agenix, arion, simple-nixos-mailserver, ... }: { # https://github.com/zhaofengli/colmena # colmena apply --on agentjones # colmena apply --on @dns @@ -55,6 +57,9 @@ # Gitlab glados = import ./machines/glados.nix; + # email + gir.imports = [ ./machines/gir.nix simple-nixos-mailserver.nixosModule]; + }; }; diff --git a/machines/gir.nix b/machines/gir.nix new file mode 100644 index 0000000..2594441 --- /dev/null +++ b/machines/gir.nix @@ -0,0 +1,57 @@ +/* + + Name: https://zim.fandom.com/wiki/GIR + Why: Gir used to have this role before, servers never die + Type: VM + Hardware: - + From: 2023 + Role: Email Server + Notes: + +*/ + +{ pkgs, lib, nodes, ... }: +let + # name of the server, sets teh hostname and record for it + name = "gir"; + ip_pub = "193.1.99.76"; + ip_priv = "172.20.20.5"; + hostname = "${name}.skynet.ie"; + #hostname = ip_pub; + +in { + imports = [ + ../applications/email.nix + ]; + + deployment = { + targetHost = hostname; + targetPort = 22; + targetUser = "root"; + + tags = [ "active" ]; + }; + + # add this server to dns + skynet_dns.records = { + external = [ + "${name} A ${ip_pub}" + ]; + reverse = [ + "${builtins.substring 9 3 ip_pub} IN PTR ${name}" + ]; + }; + + # we use this to pass in teh relevent infomation to the + services.skynet_email = { + enable = true; + + host = { + # pass in teh ip (used for firewall) + ip = ip_pub; + + # the name is used for dns + name = name; + }; + }; +} diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 7de619a..fd73889 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -61,9 +61,6 @@ in { external = [ "${name} A ${ip_pub}" "${ns} A ${ip_pub}" - - # needs this, temporally - "mail A ${ip_pub}" ]; cname = [ #"misc CNAME vendetta" diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age index f4b8701e483e0eaf04ee74afc2e559b07996c4bd..c774a4524cf16ca78354d7c8c3210a419c3e859c 100644 GIT binary patch literal 1334 zcmZY8+pF6I90zbYI>pL{a72a-jZUW$>PgZjX%vqp&9%+tq-oPMUZ9sGZF6gqHfe$m znQlJGV4&bOkM3;`4)@}owg<=dvImt3ZsJ5_!UPdf8Hmoy1fS0Sf)C%{_xtNRR@n-M zaXy<*!r-YecGgn3R9**?WL&mJ2#Uf4pu@9FCIM6f6#=U`ej*DTPc=mq9xfHeY)oeo zjX-L~%?YYa)Am>>aRuwm93}EquI3Bs(y*}%CDqvV{TXc=U@(!gIEgD3%WTzRA@kA< z$iV`cbVxfQaetEWttveCxqRyLR5vLq)2Y`g+%+p23^}Ky&vI|jaiNH|B6n(H7_I1q zBlC?M&ZaS8RdJ~Apj{-eI$O1Yl@n8Y%m3VW0z zWwoZ2&g=bNKaD1iW%W_dM$FJuq6oCWsU0E1ZdS^)MF=~iX2MPikoJMGeTQyoQw21?_xUcy_VDp0B;n(mrFqPCQ>C|)Dv7~TLH7q{BV~x{w zrWCS#GwWCTX54pS6-+@D88FankqvVrZs{9H#fY$ssl`rht0okr6p=tBYK)79o7`MP zU?(F-aA8y@o5a%1s)Grm^+Ewfxn|pHt0l2w;j#=eC_%MGYF2O~b~c=A)pj$@^PDsM zCDm&NAcfesXbZETDh^PULWL(3sL59xKEj{`oUx701}R`F;;GO`#5movl&V2GB}u1x zplyj2P{!FI&5>H}1=eH|Yht30#h^b4BbBIE)X^=y@dIcwQvt2r+#qbo?d0*uG$Vc( zvaGW)#M45`b4M_0vWhl(dSF0ONv>n@R9IG`LEW;P<#I`xn%@?gIhIgkTt*TZdwF_`9JuD28kWO*gdyv&}Wnah+G@DjzkLfsGM z5Yg#{8Vxtag{br(16LFYV{FvAdGc|8S^ZCYsjZfs*y<-1@bXxF6kpSyA)E_Sh6y1Gx72#gC+u#iTrLA#YhVh4xR)rR-zby-(E_8fF&MSFYNFed zp%@Eumtc9umP(&~yLoy4hkGwXKVCU^@9kHPKChpC`dJr0o}Ibxq4Pid>8j=-BaiHymIU?a&0GacvFn|$t?yrd>(|};E?>BQ!#w4sqm|R%-CrKN z^J04J+L3kmuj^j@<4=my2inJfzjWZ-Xte#0U7wXc|7UP;dGg?R=lcDv9j&V$luusU ic7m1c9rA-%b9MEuZ7YvlJmkK)@6ofyPb;hYgYv&9HO&eD literal 1173 zcmZY5+pF6I0D$oar)+T`h#togG=djc?b4)4lPDbQC2i6+N!zqdn{CV_O_MZf(xkbA zGMOMUFQ8{2x`&BAc-(}6D56iEIdB{XG6y2lP3NOb*<{m~iQwbeU-0q!WL?W^j_Rk2 zz;vB`uCGH84CL3q< z!7F2b(CVXvEe;~7pg1OCgn`hjK=!1fn2TnchmCGZ0UeJQCLKFK>xelhxa@+_QyMm5 zMkCdM9<{@?Dp;D_@_clA%_Fp?u7lH3Y84?4FJ}r?cavc#3a*4FRB49J+KA@JEZ5YR zuo2Z+KxQc-vHd!%>3yN<)iAb9;zedssm?{c1`Xq&-BsNtq*U&(jRe13ib1z)#EYUo znvKIQS5$d8Ct7;wSR$J}hgG?>Dh|mp*JQ|$(w#eOOjc&SG6=`5u~+h@t^_yD zn4|nOEAg>COQ#)Tf%E;AQAOo>NQWW=ER{r%YRNJ*aFs=DX684-8WL3pd`L1bO`@?w z*h2>&xXbOfP|7Mr9n7)_Z4HFJEz!dSn?_~Y?mp9 z3!Mg8YE0}#0qUv(CYf;CfETRp2aXi5XpfLwug3SON}Xy>`s~o214gFJD4d0Iq9W3+ zI(3Le(Lu6Gd2SWsq$d@4W{!4&d_E86hV3w?NsUy5$D-1x5k$M78>1F&$u>k4s(irA zE6tWc!UJGqW#whPbDC{looa7fIez4?+rJgRdiUg>hb~`u^zstj|CYG5_S)0$|N8Iq z$KE+)UVLKjkN>=~diDbh`gHTDo9Kh&*26cj3pd&)9{6k>ySOoV@$<7g>kIJ6b6>u< zdb{!Gsh__&>A?2^r)!t?pSl0)%I~|XZ(ch3$9eS&gs$)2JYJ-)H=o>b^y9Va#I ze|PWe-|pB;Z`hlA4nKST;6Cu4Pk^t}6ThsVJNDCEyRM(YsVgV*Td$tDcKYo@)S17f hpm1xa{=?1n)<@voyVt&dlet6)q{{ZJ)oyhDuK-Lasxq8A^B)snu#|SnM`ZyQ^$6r%lCRz@$Te2^v!Z1CKT<$Kr0{ zly$u7%PDf}kK68pi>Lp*bK};PlRtd%+V2C2{^j9Y^uOuo;HyiQujRY!nFsq{ z|LT15?CIkCsr%I{-#vcx?TZY&e(v0d@BM9_Jz4zq&+8XHzTUa{{%!Ki=TDtDxc|

AT1^#P LKt4TsY5(qjB$zwI literal 879 zcmZ9_&8yo4003}!C&|r&CkJNC$H1=3cbmf7gM7A0nxtuywuvC5Nt(1tn&!LBa2{kJ zdQm11MD}DboVY1?aN9{l!OJEh=s{01ym(R=de}wr`hNew&-T5xw{f!lwpb;b%Sq-# z6#}%6!8{Mzo{JI$(gUZ+wpJ)mG1PIzd3K_;vRUN`i*%WjCWOU7Z13dtJTw@{rdql} z3&5!GN1huDhJo736>}_;@t}@$2{M^vKUNVJ*J!$jOt?OGcFTl1s%p?iQ8rU$i6#g| zvM@#?O|DEvYfK-Ydt4L~UehKEA*6X2&`T)VPnSK;VTTyqM54#3WsFOCB=p#^FmF`F zBx{2gL;38MlAh@MpgcthYD4gK6))343r;jGsS4PVrpBf_L+iCS?z4mqXKM|h2{9}r zH5H4H?U9^^tx~2GGoBwtU3a3w7Af{ZjWmRTe|Fo_t{B%~B`~g&vOe3PREz21^H{9Q zff=kxb+p!`&|4|f4n9}ym;&P3+q*IyI1|3yY5CfpVLmcXx_sl(W?vETT$?UP4~@6= z*{woNxJQADfrAty-BC?qiP5b%5UXw@>^U4p3KiwujIyQS&e#b|4L}QF=Z?dIUNuo; zXbh=hn$)Oit_Z-<;rd#(jC3qs8dnucnv3pth1Ah zK?Kt-76ECa0qu4hgvCxJFE~`&k{zrx$TaQ4j3nF5oC%Zeeh)mk{qYBn@!JQNK3Yw`dfBzE%g_A=p1l6y>4Q(M-uj2Vh^(%i zJZdhz_@wcVzkGrG ssh-ed25519 V1pwNA IOb6wPqymDlfE5GaRfa3GTL27wqgcekApo/qCoPSXz4 -rJx72HZRS55Zg99/DDRu7ESUOwyvTyfqc7QPk5EyVoE --> ssh-ed25519 rIwlvw pe+EmEcqFCveKudkObc16bj3NqauA3M8vjzTd0FoxFI -pqzzusOOZ84kPKB+CVOwKJpQUF2hwkzI7YcTxWESw/0 --> ssh-ed25519 q8eJgg BS44mKwwzaDCmh9Uce9OBij0ZL/AqynMO45eEjd4QBM -3wpAfqahoT2ookuR92TKFjgwCM+6hmWmrikjZaTY5/Y --> ssh-ed25519 uZzB3g Zz/cbglOs3Il55yt4OIIyVULiaSZdsp3CZ10cSvJ5yk -0KrYOL6VxpzemHFjyMDFkcAveVX3ADXDN928DCus7sw --> NN-grease sCx=PO( 6!N8`ix -zky9jZ8A ---- k917T+C0/4+P8CqCqY6aTg+ITePJ/n3LZxiF1ZmGIoI -z>@rD*ӵJŭ=xjN^$$* /`ps]DCܘ}<;:t "MA!\5e% -7B:{өz ;B:_AƳg$ Ћv-'ŀҭRBbq<|/ \ No newline at end of file +-> ssh-ed25519 V1pwNA EbcKNppMc8Hq9CzalGP8tvYMl9qLyKQiiNILhw1l4zA +KSeA3rVxWG2ID+k3AE9lBrGjEqRFLohhXzQBxxaAcoc +-> ssh-ed25519 rIwlvw dAEdSuZAdPKzGGm2v9fcZCMnRlqzQDoGXOtyuyuuezo +VcvtlisTT4HAih5rvUwDf1nTO6WHCzu7IYmkc5MTxvA +-> ssh-ed25519 q8eJgg vYulFK34+SJmclt6MzOQ90dsl55Hm6jinU7ZQGOzT0Q +BUnfjyd+RVUvgtO5oV6OtBzDFvVeRy4VG/9IJ5tLp0A +-> ssh-ed25519 uZzB3g KqwwJMZpsdu6dMeiJFD0ElSnzXKtD5Y5e3KsharU8nU +zx8ILlqatXmVCbz91HK+gipiCA+UY6gITB1hYGluzJY +-> vcbD%9-grease } b->U-FWa P- +kNm0DVuSdtvR0wFNkOpMig +--- dLxnlUZ24wxKq733+FBkyCh5PLRHjxv+oza/07SIC6w +nD~pA}=IJDߕۡ29H y,EC;| 4xT 865I&003ZA6bT-L9d-~$ouGrPBx#!_l_5*Bv`w4zBT2iopd(q|Hd)&wO`4{O z=+p_q4x4iWnTX;+#M^f8;~*#siU^8qI`Qan2hqzAL=c~!@Z3D~_27;1d5=P>f=bTy zJl#km2nK|rS@U~6!7sMGs2||z0BD}fsBIpC2Urj#x_!T?=Oqcoi#>pLL|v#6h+nXX zpl_rMN{a$HprG*CkmG1!P>JCt-CgOoSr=n@LZPSv|RWO1sgEA3w*a%-Mbs9;WPHJ_#nJcgS8lDz( zE{Ge5geNmuI@aU6o)pg+IlWh#?%7y%mNI?61FTdlQ-<18uH5Q2P|tA@Kvw1qrP0b2 zxLBen(@e{Cb8fsji&IvkW3JBZ8=g-(2-XY;8Lse}jiwn9?W7%0(W*9AffZ6Un|Z4> zh2@o?3ZV)RbFHAHxC{b=Drxoyyq?Qa1#ytI2!xK$4zvU%0Ht60zXYe5nQ+qviUXin zJOS%^nUJ}9*5L{kUhxH1j-=+fq=EaYCHBa=LuqkO@St!w9Ey+*jJdi&_WKgf!(zHV z%@K|zHliXC^RrZhRI7BWiaJpqdOz}fZP_U>6W!NC7jA9IkB&ch^GBG_ive+G(KI$N ze(iC3L43Bb`E+mZ@~fe1teo*b#=ynLo8$F+==~EPPWc-LcD7DGS^7J%w8(zDv_3i+ zDxdqZQ`(++$AwE>urO_@FGr5;UtYakIr)MZ`+RqFQdYumKaKrhHjW%+_iDS*9hw){ ZRc3R={0%(>hp(QwUi*G!`~1(X-G8eU@Vx*4 delta 716 zcmWmBOKZ~r003YW6b&NYL_Dls#-Ns_X_K}L2W{6iZTd))CSAf{%kpaTUYa&d5#}3Z z40MX1h&sW?Y4|*dUIabp#nWU?ncHRJV~6eHoX`0ezHe^()Q)q9#>*B5$zTc>iV6wB zVbqdIg_7kqMOUa|QrGgCNLjOD!8!o~5|X5w3?_9t21MxM7#;UJf-x$!aGs+_Rk6-u zj5OxY5nurb^!XZ%T0j&a7!JjKcGlHeu1`!?pw$W}4NxJNp<#ywUEFS$k*ord9%{CEuI2&*A%-Ef{=AyhV-=Mywd-E7W*eD7 z)@wH0jxrjKv$O)18Ir#+ymj9=3FDEf9rVXjY^92ziYei`wkcqzz*t1B3kkOdnuw;R z+F2mfugM9iuH?pAngqcD5)?}@%Wm?Z-y~20PtlHuTOCWR@&A>iVzn%7#$^uq%4ocD@Lf}@v(?M zoib$%_4qcE$*UTWaG;EdFcG(4V09DZQ>v`uJX>1j zX0FWqnqRi?rPDti9$9{WY~pzHmaI&y`ajN}_3hetwQ}wH+liiQ&Hl%?pD#|V)~t6Y z_MBbcdol5McH87#ZTjna^xJQ)TUgtFe`;~(y)TnT)i;wbL%Td+5bT@NhLSlM$Y)4ZzSyyRNYiwC7ZF*5>V+t)k zAaiqQEoEdfH8n9gAaY4}Y<71bI95bfi_Y(`5|V@gSLI5<*RQfV}L za7a)$Mq)^DD@kW#3TAC%H*;BbY%6I-FH}r#X>Dp`S#4)$T6kz-WJp0(R!~euY(a5m zNl!&Vk?|K-Mk`Bkd2v~4W^ZF?RAMwrcr-Rec0oCCPDD2|Pew;`D>ijiSYkOccV}-3 zbWTZGQbTQeLQq6*SW8-XY%h0EFE&g}D|dHAF*q+xaA9sRW_378M`A&fUjY|?Vsv+L zaxqI*IB;W5LQ!R8R#Z7}MMF$0Zgxa%Xf#YOR7Ni|D`#>@F*0KcZcKPhXEAXvW?@WJ zGZCj_^k*V1&e`om}C?kc8U8sEp0p~RR7vKfr-oy6xr$CAU z#YhglQ<7s1!fR7J2nCKx7cjciPdi)sy=XOZLcp8u3X>+=pq7EMy6%_Fzf(YVc3c_S;2#SKBDELCX2;%oAe7CpEZJi$*v_+!pH8_Uj zWD!OJWF<>kUKmA5(h*rI7bpd7xy9qOz$GBwR&l~ss`50(iey?0MeTI83}>fV!EBXa zM-J=tRtyk;k|F;QpJmnkN)-hl81b2DSMRz$*l6ZB;37n*(o)3|CQ-mhkSK1%`J$z( zKu4-lr`6=8o<=~pWtE#zMhyhgDBH_PK@1aNy-=WFSj$CgTuVkmxYLi3CbRHuMCv6| zcD$?0tXEF8(VBp<4PY8-ppFDp8ng*apOEY_tcIdBD2`1}FdC*4jx8dZBXW-!@PHh?)ke-2=E=R-tJ{uuv0f?CZrn#L8YBFTbR%#MrNp8#o zY7x@A77*+-2$GSI+^FNb=oIqXgo~LZ0a*CAHoVr`c*UjqySd!O#rm zXi6eW6EUb7aI;1UuG2M_DNaNozu)gmG@}`;j(hn?n2E&&s??`55n1V|ld51(TE&=Y z#I%GVwY?&AYpS@od{aH|ydNIyIY_K8-`tpU=4U?#FZ7?mFQ1PRS03{p_Z2r^-1~if z_s~gb=FGzC`>{1|N9E~8 zZ;apj5qQ8Vr|L`i@SojxQwyuNDC)=H<3aP{v7>7{H-6gb`}>#QuI@TMqRc+|_3F!| VhrY&8|A2gX`@2(bMz>x6`wwFt1RnqZ diff --git a/secrets/gitlab/secrets_db.age b/secrets/gitlab/secrets_db.age index 4ce25bc..cdd483b 100644 --- a/secrets/gitlab/secrets_db.age +++ b/secrets/gitlab/secrets_db.age @@ -1,15 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA zDNOQBle5xm4szgmn2Dc9wATIJ62WvqFvZ0FdPu15gc -wZZWDJPQlBxd1zapcnEsBeY/WscawxPFfriJpYSrsBA --> ssh-ed25519 rIwlvw XTu6bV4GUK55mfVQzZGBZWx7MFfmwS02phXKgN3OKQw -MWMCcA6tfM0qwgMypwaZ2dAnXRe/3n8FY9AGhEXZJAQ --> ssh-ed25519 q8eJgg FcTKuXjwll6kEqXZFUUHcHKqq4VzDxuXNSq93OoRxnY -hR3hvGsTZrjNmowqLIWtftW5XqzLxns4QL+kop/UFDc --> ssh-ed25519 uZzB3g MTh3/nKjbNyMkmq5zZ4GS4fakylSgfAsEzwkX+jHeXA -TUIwfWxXCUUrKnKhK6KjzjGXfVcV260BFRPXr/fiVB4 --> Q34)S:o=-grease -/04lX+TiKjQn7mf/TcrjNlkIO1CdWZ/tNI+BpOmjUA2DvdagkV89nq8OHRykjX9O -me5XZHZdcIP7WFpPXWQZDnkl ---- GApKhoyIlXNDiNORp6Lu0qaSvxHQw00Mz8l9ca2YHoA -IW:g贋'"<1Q)en5gr"D0׺;q*o@K9&g;9ʀo(X NHԫKԶ@HAbZztg !A$.r'ɭz6ݱCMU(P>w] -A V( \ No newline at end of file +-> ssh-ed25519 V1pwNA jPL12+E4d4aPmxgrzGHkFqccSHIRBcB29O+5cwIbVWE +ij9TOU52WvYACeZpKnxYysp5tLgtSe1hhxSU6JdFxss +-> ssh-ed25519 rIwlvw meBrACSZjoiuEtF40Yi5767u1EEKPPevOmBAyS9Z9mo +dwI1Kdpyg101rgAYw0LG4OxvcX2qb4uLYv9/vtqVLiQ +-> ssh-ed25519 q8eJgg vV2lfHL6HVEo6q7hvht8aJNDyPjL+ZSiw1Q16zGFYTk +Z+u2a3CbIQIhU9Syy4iSnOyi/QpygL5lrV3ABGUlXxs +-> ssh-ed25519 uZzB3g 1sGZCRGyBXwN027g2tj+fTk1n+bytxQ7ecXFYD5OugU +Lbmx3Rgh3PcgEDDbQpByHpYbWoa/iSnpBOHycDxviCo +-> jb2y@E-grease BY k0nF v\N &~-`QA +QXL29erKeT1jWkmcSmBz2IahR0op0MvneWIGcqdA2/kv0OVHuIAGMDgnxcqsxijB +CAxFxgKtVHRisrKx5EgZ2o5VJfjFYCspEDZEf1bzH33EiNvSz7ennulAxA +--- qNvRPXLiwBSUuVegfVLgoALYgF3vkGxOxdOurWQzoG4 +.>Y{Ok23F F8zaic;_Y6`s,Y[dL: =Hm3s'̭T[,5)'m՟|dϔvJ&ɨ*$n=!X8p%>[O$ \ No newline at end of file diff --git a/secrets/gitlab/secrets_jws.age b/secrets/gitlab/secrets_jws.age index d0958b5a7d5efbefad3ab4ce785b7788a564bb40..148c60deb557a14dfe0d3f1fac7d2f9d2a00e805 100644 GIT binary patch delta 2276 zcmV9VQyx3cxPBmFjZtUQe#wUHcdf6OHxv8PkC!|Sqd#a zAaiqQEoEdfH8n9gAaY4}Y<71bWJFF#VrgV{RWLDhL3BrNct&DxY)LUNS5ro7L@{Vj zF>zIMGih-zby96X3S@dWRZ~wwZ%i~cG+I+)dU8m5Sw?DkcWgyNXH{xeFF|isa7$}8 zQfxABk?|K-V=#GCMr%e`Z%a;SS~zxaN@hklMoL&uHCc34cujFxI5AZ;R8%x(Q)z1o zL2plSLR3&ub7XjGa5Y(Ea6>~iY%pX{Ol)y4HA*%^P&ad9HcC@5QBy^eUjY|?dTwrT zT4i@mL|9HnFL6RNkCYc*FgFi1IdQd2KvcvxgMGgmZvNHakSGfhH6ML}9tMQk}k zVsSw>RYo;-M^rCKNOEmsdT32YR(NnPP-1FqGHfskEj}Q4Wi4lNWnpt=Abo00SZZ`` z3PLtfIC()ePhnVBHFS1zOL1s_S!!o=T23@MHhM!VGgxFYNli~_N>^}9c4lUCcuR3G zS~6rsbTngTLpFLaF*FKDWOG3|Z*DR*Y-D#=VqrB&Qg1S2a8+koFJlTVEiE8yPi9Rt zOg2bOK}t7gICXMCR!dbvN;ofdFDqnab7?C@bWC_@Hc>cQQ#cA7H0OwaK`PzIxXY%{ z!Qa0{cTf;lfQwR(LUe^H@(Y+4d>qfVU^zzki6}NNBW2T7$JivhmI-G)vwF0X(hMd~ znelpBeO76W*SyA(B1U5$)Zn6@F}Fe5qE?w4_^@q<~0&Rj-@!G%1=eWT6^&Fw(!Y+S%V_|7!g0Cl>*RiEDQJ&hFRj z$o$Jd<6znm4#~CL+ub#7_yY#O? zyM!tjytMF-Wev>wxJS zKU-@lE=W0F02=FpC0y;1+WOEaALbrpAK0&-Jm(^E1uR`u-}|)EX5K5Q0wmZ~GarWw zmunWia+c>0E*3j~5WI#b=)ODPxeAOiaYwsLhELjnKr$jR- z-Ck-RLHWatB4`{IiP_vF8~D3PT#b;7)V)Q0g0j#f|E!Ng*Ja5(Bn zw0NNl;cWeoA-%{xHD+IG4Vxwimc3z0958pz|IgjPnN6S1tQY+amMy}lKG99*e< zd4WQ|JnC@_9#9{GLKqpjEQ2%*iXORulCyHT&Mk9N_q|3rI>bJvmMT)c9OQNC9K2SY zm^S&DuaDY)BQWTw;iqe{ov#g(Lb`_G0|mxeV(l`ibvwGvqp#Gh7_7Wu&4km&9tN(( zN(TT)nF%*eEgoqI9?((w4)IpUSMPmVWH6?lA;3MINcS`H2GN_U4sqkx5O3C6<;4gb zYIpA)MG9@AIH7B8NEVNw+KOm)7#?(n`{T&g!0fnxjSohNgds>O*ucvqf-$3ZAtSLL zMqab$N_v&l&Ial z+j;(fPo*Kr0lB4hb_tQu%VOCX0xy{=7N?CU;~nz9BF zI%-x4&gHXk>7W}*=fZ9Rqz;oobqmu*^l_cI;MpWsBEp*1T5dqnRuh%31AL!1Jbjkw zZwM~KL*^oU+#;IGXkS8nNd9F|%&KD97weRN3RSfuKAqX-4JPx!wvWy9l6H6p%X}p< zsFoc}0QIbM@ut0(Ngn{ysNa#WOBs=<2UmO}z+jEnW6`QbOAK6V5oc|Sn*&_az@{Xj zZYUDU)!P7CH@YizI5&A0e&(XyQ#lt9kfDbY(?YTDP>)#rF9+E_klCq^^3iE<#2*@e zdqex2`1)>QVw=1J8C>rqAo_9y|HJdnX$UXNWczPY935kJz2tUxXFua_kXv=NhgMr> z&Pxja$of3Gx5!{wciNXQnQ zQs#6-rCmZgg2?XgyOWrpp?u~!`+x!}z5X@PpIHotFU=_K43@4ZifxMM^xWFxmT5uv zW@zCTiKxLS(W zoS)Dx*~jZAG4bODNp+81PC#dW$=8fY5*&aC^U)6G&|j`hdJW6pY|~aqG{KWSK_y07 zE~&h@%sKp!q`GZpl;E)SLjN5Q7Sk8K&n8OOB9=)Dui=S${1=oWlWq<5BI__9etW2|==0;Y$e`e=oxS6&$eUx+w$>e4^ ys0g53ri;S-Z_GzeQn^jWzp_YLg?@SO|MQ=Y6EiYcQ9x&N<~j(Q$}o8Z&h!2HbiuIXf#exG-h#Ba|$g! zAaiqQEoEdfH8n9gAaY4}Y<71bR&iNGFH387a$#9^WLQ^tW=42dS#VKSHCJjdQEEjt zFIqECba!S#bya#}3QR*xP)|v9QDJd#ZcI2wQBhe@NOgB*OK($kFLhN+Y;Y@dPit{= zXh}*qk?|K-S~yN^a#uugL|Qj`ICd*nba-rWL^)1zNo{a3ad$OJQgCo_YDQ}_W^FJE zWoR-+Zc%b-P*r$CWNSlAc6M_{Ye#BsX-0W@QE@X+L`O|YYH(w0O*l=HUjY|?Oi3_r zX)9wgK{Q!YK`=^Fcyl>ZOj&wyF?cX9FfvYUS2;2-GBJ5iYDPE;VMuK+N@#XcW5wjT5VT!OJ{j-G)7rMO;IxnWM?;6XF^L%LuhbtM{8GWZfH>oEiEk| zY&2v|bu?FWO-fisGgwGQH%@F*Z7*+lNmEBeQ#n^wLw8DZOmS~)by7ip3i^xvR**lr z4Ug?&Ud^>flh?YwgdIj~-_H8RI?w460vC1aQ2ItU7wXZW6npg<49TnDHH0tw_$2sO zj{^8s+8no4kB7c{tC7a3T7)or&zNTb_Ex;aqR65mgKiE3l}`@R@5Q9{1c2qh6}Uf} zd(>#R+=Is))X?@-HTXV%Y8tiaj#XL?ahlQf z-Q%1r1g^*l7Q63#04&VQe8&9DSB|alj^WB0&|9NQvW5hqYCO`m(~wF_fr?sCAX=+8 zE>N&ECy0jNwRSx#S{$cmI{29AR-u~VRL zhKZ?H09*2rk0`Baom@}t#?;iSo=yA54~>nn{>|Jd8{lTdn=vTOEFBsusFhtEgKgXK zFlRZ+85jq95N*Q1J99;nl*J9QKbQ}Vy(9bUhx7FUiyOXw-@tc~-Q{GY`8%K0yH2n1 zUfg|O_m#ESUpeau#h3)`**VoWHtVn-18a4u+QsxV8yr~!9mgX%(joqBE-u28b=Pu2 zbJwjCAQ<5D?rNpyFzar1!5eg~`Ve>yyWzTJl%Ipm(Hv3W;eWs1>~E7Qr_JC6tpF4` z_J7!Dq!99dske@AzM5ZM$PAkbnm~)i*e3G&%8Kp|7M%*`J>99!UNP6;m2|8{YWpS2 zAR|zAL)wosA&EL3z4-q)KKyCY0FJ-YC1<@!CLF&xw8Xu>3cH{qYkk5vRi+f0*$RpU z&!1m_)Ws`AD#vM6r6cVIgZcJLhh482g8~q0(}PuiSjG@WY;XwDj7%5`l=b!5_ft40 znA(qKC!lQ^?Ob<%xXR)aPg5aTHRGguYvLU2SojjJOw!BqTOZUHRd-mmPxB0`BKhVa zV_yA=po=ZRZn72!d&*;=+T1q2cZ`T4Z-$R{&ZFuWh!T+GAOr)~B>7vTuAjjC+SPUU z|BGvXADMkOLtK-fw=eM@J4gP(Yz*{g9%=&*!T}w6v3!FZ#KIPKQqkB# zxXz4msq;o4{hVOU6TsRAvs!`Wt2U-II4zuiaKIAO$&vy52X)Qd=a=`XVOM1r9M*Jk zG8X+nPeii(J+X_LId6cUP3gW7J^&pEA-V)f)f*J{SDX$BcNOwFBE3$VBqF<@lHb`% z`>ftRR1`yfHm-C!#P??#!|MZtCToJ_Hy}4^`N&|9LqJ2qyjZ@znrCF*MJN@zQvP&* z#`PEkr!PrI89*QFi6RMt+C>N_kz){Qs@bKU6_~XZ48!8*#URB1oP*_Ju2Zl>7-xNE z?`bVDIK~yHcU<}nuq6P{qzP)5Oek|ht~qw5n3PdS6}GshPDrBVuSqT*ofm;8z{Q-W zFELD947zV@#JUYq-zlN7_JQ3o<$~0IQnQ}85`zMf)SA&c?MLAHr%s`Y>0PGn=tp($ zQnv7{`#+KYdP0C-1Z6~vK3#_!x4!jlYE1(p?nX1M3U%k)VB}V7{H(B2*xvSFKwWLL z+R1=EW4t#}M?{#rr){TZxTcmXkWmeu{=tim3>u=|^rSgV2A$NzFPcnQuY0zCrJ?nA za6n2iH>@tAM|9mh^%}PzLbHyOVWN?;aqQ2&9YqcG8wSIj<_8bN#sN|)SoguBt31@6 zE$x3m4;t#rNuqABUi5a}MBr}pH(Jps!XF!Ga_Tj|)v!D`dMG1pjI={^Fg@%RM>p#r z<#Y;)LATdxNb#zH_<<91+$Ju6@X{W?q$Z;Mq^H}-Rr__#UC9Ue#ZmugnweCKN)Do2 z#0w<#UQH3+q5dIoFU$>d%uOw>e8|?0=1}(gvzLg8HHk94NXY zc@YNB(leRMRH6i>vq#D|mCjJ8LD?8Ui|s2Yf`H#<9#>JDcD0^qj^N$|y~UQs5Pz^h DN$VfB diff --git a/secrets/gitlab/secrets_otp.age b/secrets/gitlab/secrets_otp.age index 34d40fd..4a7662b 100644 --- a/secrets/gitlab/secrets_otp.age +++ b/secrets/gitlab/secrets_otp.age @@ -1,14 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA kZwcudEAwSOd+jJ22NnvNlt+fNElnJufPhxIiNLLm3c -DhhvCQbQE+7CDSDFnmpC4BztM6yWGEhGnS8foyVtv8A --> ssh-ed25519 rIwlvw q1gCRBLEzBM6sMvpNiKn/DCBlh7jGayVtIq2ifFutX8 -uXilx2tRp/l0iuHLRqGFD7JzOsvNhC3YWCFYbDSnCAE --> ssh-ed25519 q8eJgg myE1PBgDBdSV3YoRY5WLU1FCN6SomE4OUIT7RTT/jks -20LCHmVHbTf+Avvtc02IVtQzppnmYmUXx1q/h2bNC1o --> ssh-ed25519 uZzB3g AgY9YaVBna+M11ENambBCo7WC2NVBv6i34xNrl8sPw0 -4yzCr64HqVDdMTYSraUDOFhtOdpf0/ULvS1278IIXZo --> b$y90E6m-grease jp O jm8Y>| n(/.tZ -+SC2qx0vhLmdBol0asd5W8NRY+b42SBVHgYyEh/wWmFitA ---- 3CziwJgcWnyHyWTyrK6ru9Pd2Tmk/Acn+/mSsdl1FKE -Wi}XgM'2Oqfpǎ~u#V .HMց -V19Im7}XAyU<УfU1ݘB$>yEHMwQp >x]psu!c۽l>y̜٢Vi \ No newline at end of file +-> ssh-ed25519 V1pwNA yv25GV2kuwXTU/hxE34ybWt5a8EqJ/VlQ44q90FiFhw +O5Y236IJujwbJKRceCmqWzmeMT51Lg2GOoxVybV2kos +-> ssh-ed25519 rIwlvw Ivvet9xAdzT3cONFxCmB2KoU7R672hlFVS6PN9H8YkQ +3NtQR7IpeSkD+aKoOH4jUeSDRu3+xpR91WHQnu0XmJE +-> ssh-ed25519 q8eJgg vXlcQKk/QsGht4oPTbpOI3SIA5qq6htalZaC4brpNFI +FQzb/TcZOqtK0w7AxYeB/hNNQ0UwKn8YadyjoHmXiY0 +-> ssh-ed25519 uZzB3g IWEkV5hOPb6iBpgNByNQfQkMoUITXZkHVLKkI/qA3AQ +UJoXL/i656DfRNzQyPKKpzLgXGWw5mPhvQrR8IyeDWI +-> p3}N/u>-grease gui +4R5c1q04NPXKYCuHBmLXYdUW2z5/fCLaTp8AV02MpZ1W458NBqDG9gsXOBcg1o1i +eA +--- 0iTQml3iIebXgWCeK6gBu7MjW2iVa1AmUherR1lRqa0 +CQnӎ U!FVUbK,Hi U)s)5˟lVR&21e`x(U5b/n/V gN) OE:\Q~5 ﮠ)vF&mE{LXF?柩KQXۺ \ No newline at end of file diff --git a/secrets/gitlab/secrets_secret.age b/secrets/gitlab/secrets_secret.age index abdb04963a98c237f308aa493fb67bf934552c6c..b98fad08aed954a6b8b1b4ed269af8d9e5c331c5 100644 GIT binary patch delta 649 zcmWmAOKZ~r003a8%xYDfu+f2nVX%SJ(xz$J1;v_nP1aYIwoB6nU(Ks&(GV? z*+GTDbl_p&K~cvpW1@(TO%N|S6h%SZt{$BD81p1fnE3sK?@Q;~&Z*<$R1#sZx}B$G zUqc>Zd6hHVrdw99REksL5lOLQqjgznU|7-F5E0l`B(@k4aHUR?%?t`hB~0{2SS?oe z5^S+pO4x0=8j3kRrvSr{JOb~BVGsfIxK(RfK%GD&dN|X723g!J$8Zq4h>s2;Ryapa~s%#}nl?R&wUa0bX zY`L?CR?aOy{;_oQSE!?Zerb2aJNsdF*Url`-$j1z$-viJ?lZl6pU&T2_^eD!J|A0K zyuYSzukU-f*>zQT*|W+$2;a>u?+O2TcH_6_-CTY49 zWrzq)cW`*vM7@cKC@KRP3S*#NhK}J$@Zjs<<06}G?jWN6gzwwx``mYBd@jetrW^4o z!6YOS30StQBYLTWVoa4N&>Wp9R05HDCI!>I7?6;Zro>LhaK1!h1eA#&Mu`F^D_xZ= zIwF$PTFq3ur)6M=27D*ImR0k~5)ugbr@UsO+jP2KD$;Dowh@wSN>AA_%EoyXt}q=L zODIv0iKaRRVM(ayMk67>@&_0e3U(}iNtG*HuSeE2(rG6tJxjo`Qan^3aLeDTR}gD) zdx(=}yQrp47aDa%hXlNex`PS&6&sE*XF^K{FmK`D#!M4SUlu<2q!cor^IYX(oUq2m9gyc!ITg?)-C z3ziH(7#_{a(E^v8%raF0u@e(6NzLU$MOCb)AP016bT%s(ipZz6j?%#MilmzSB;fP; zyd<9y((x1{wABV;LZBr~;k>MAdJ;!#B2L&D)`ch<5>pC54xIjmo$;t!=FXsTYQz1o z{@XnI%3K=T+;4ovM^|31tsOoaLiZN>?_Pdmo!5N9hxuI(@q`-x6r0(5e9u^YG=K2> z@OAF~XapO4>l@g9_Vd@ug9GgIk?{J*{^i%!JAI^l+jDMYUnrlr(MJO@xbWrHF>Lvc q*S(m#wqvc@ou}dc8Q{qLi%UN?Hm8So7Y<#3j{kYT=*caWZ~g`9Huih~ diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index ef878c0c0a93a255565b611a6bfea6ebb12e3c72..eabbe4894319d0acebc882c725409803a2821871 100644 GIT binary patch literal 966 zcmZ9{&8yo4008ilh(SaJ^&rf6+v8E&Bu(3RP}3yMSCi(eNmJ07G~Z2=G-;Y9?liop z2fZl5CL(T3Hh3s*H$OpiF!Z9RCwaV0!IR?9gD?<0_AmJHvwXMZCX2kzHes4PmF9kX z3jwWXz@i9Rt^=begn>GgRU!_q@xyr%PDltp#1*l2@p_>vni@)sG+k9o%+7@_%GI+R zqJZ%l-e6r+m05R27J}3_gNZcikZM$+yxBH|jl(Ax>&hmzujOnNZ!6FkDV8WIYj2qe zUREG+$|rcpH!<4{15_#b?L;4ByB4Q^28uM*_9YI-7 zY}3&)XY1v@wjQ{g?}J&F4JwCbFi{@Fla!sL0xt8UsfD?@B9>;MFg-uWY>x2()3U?` zAr=zCdv${ZeNEOB&x*J$+}ln3p@kMlaVIujhASf!(dIKTnn)kw~dw1f?owwQJrDw zzE;kgA>xA+Z1p=G4CPR%W(bDN%Ppe%j%30^qwa;`Zp_3roHxm(|X z$NygZ_0!L0_)9O_(>EUa;lYC#Ia_~m;UDPsjn5xH$c%Dd9)N$2%`%Liet$Xeq z-O+v;c&9Jv`i4^OWB+U)9bEhPHgNCLe~DlIefPrgwQpW;zE)otbbG^I*U%v6? zW%K8+emwc;x5q9%F#6?_=f_XHT7G-_IoF`Czj$hQ|JgsTC?CG|`?-gUXOA9v(qTXN E4^sP9YXATM delta 758 zcmW;I-;2|B008h4e+Vo%{-KuPmRY`#?X;M0WPIHCK`rODpU>9rm|To)VOQeGNMtVlE@Y&Eggg)9~+Yhirq@79^(CcoW>-D zMgoi${3I?2+?d33pe_MzFv2i$i5g!%yKi=C3qxKMC9^C~(o$PRRd--ooshumWf(+V zyeBl(7<3iW%0ulq@FsDQF1I{zwFSbfjXM(DprfINMD7qX-!Gl}^pjIj z#`KK#*huLTpPc@@p6c1DMX01F7UtR{j7+QYpri|AF`_U0(*Y0|PClte^oBX#sXQ*>gB;Nh2Eu z*BNnqh&0m!PF?&Tut_MB$)xbbgr6o^U0^y$F813CR%j8huJUpy8cc&wTJ^v}*=!A7 z96)o^4`;p^eR1&1lNaao+)?N2&Aa=4Ed8scXNusT_1VKOuGRHdZ{F?w{w!JV&42dS z?yhzuwRd*=#+eg7iXQ2196b8^WzC>{@h@~ diff --git a/secrets/ldap/self_service.age b/secrets/ldap/self_service.age index 95603f0252c604a19997bf05de44aa6f874efa27..4cfef0d23fa17e4ce0ac6081d82f07ae4a3233c7 100644 GIT binary patch delta 1799 zcmZ9|`#Y400>E+7W{pS+u_>L{Jq&B^V<_$1&3)dv&!mkRb2IPUFYnAG)25E2DB4Q4 z+LX54l9W?hR#|oxQEks^OXQjmOFAdnJk>dSe%-&|`+2@QLvDtaC;O;*phU+~(pUm2 z8?d_-kkn+7%W|1UBZzUSRYH(N%u>rxE)h)*6KLR&*=(}o;AjKZorc9|aLklWRz5`vAoY40SK^|n$ryp%z}E|{kjS9ai>)rT6ky2tx-^)> z0Y``-i2}|i$T=9bQ|@$F0j`CjbLzA#4Vy1O@jwX6hvRwBms|a#e0Z@y4f5zZ8H13j z!`a-aG6h+j$77KYXtP#`qZkwdO&%T)Vq|8RB-f)s>Oc#F!$DH>f1NE+4X z5$owp6^TNW!&2cg6@iFh0t_zKEg}N0KcyhtOE#MY4kO#*MtDG!SFY6{?Z97iSxSW7 z0>nx4aV!BGFV?!~BsPcc80tf9P_i5~kU4x#y;7cFaDyQih=>JC)=<7uWaDsBq;i2JoM!+m{& z4znzRT+S_~<>xH+A>XBMiCAKNlRWwh|bsbEi@wz6mS2cka@MD;44N)|wb| zV0RsQN7XcHU;01PE7~`&9{jY5e_gatIe3giNq>87L2Ockn+9^bHm7}5eWcsH{^0LI zLRX6joZ~KCI_O(hMp)lghTh$v!SSO5oc=}SbFsiT=v|gIMf(dhovI_}vjcAf$CIm= z&vCWDOm{J0K9y$~lD*!z5H34R3e1Tguiia-Rx-yPDWAq#%NAG2(t4X>mdwUdIb-jx zZs1>7z4YPE!{Z54Nq+k`|6AKQPcC?!0H063%%739<@oj{>^xuz@IDDD&3S+2hJEhW z`sB$w;kP6$q_L`>?<_w`?frT9@nQO#@tc#MUGC*B`tF~B>Q(asO5vF=<7hoGjk()o zejsZ>s=Zzb9ZQ)s3ZAwO8xteCo}#W^RJvb}pJpr1zx|+*y6slytH`7S-Gu8!fqGeb zr{{gA($y>Veco4}C2{btrL1XS17Ok8SN{>UejN)g!JuxX9H`iGLbd%TZf?Nds3G(c zik~=EknUoA-l2-H;qtc%f}s|4`!hWgf$Q`5iN zkPsRE=~pKj5rdDsDh9D>vS(%nc=e(z1n~e>^M@|Ox7f{%Nv(eJRlKqI$j5i%Gfl3G zk1lQMHfCXmz`m1bHzjo(dwR4z)R3P4>%bQO!f!(h=Z8z~z5Lszx~D%-R_t1LJJE-l zaN4{Jo-4)rn%%9P8ERgLx&z!gf0_{Xa#`eR)x~;D`odg=%e#4d<4n%VuKs;x|E*YK zX`KDBf2`C82ivMN1JaPk@ur}y2|c|X9nJS2Vqfj#j7QC%X$}2X+=GEH2GgI^X_<~g z;{%cCwe^=>EAP&6uY?rBic&|f@o}}9_U0+us4;2zz79jMvH6EJ!e#HJvvd-5uxF#N zPkI-JZ`$ Y`~3NBPtc>Pnb`Z;lZ9`k9|E5L0oZ#3aR2}S delta 1603 zcmV-J2E6&j4uTDkEPpRJWOI6DT2WJJa8zz(SVLw;GiFF`WqNB%c{ejSOLsy_d1Fv` zc6L-jZwgRiZAwZ=Vo+gsaZ52zN@90OZ%IvcMo?=sQ+Y`3}TL_~N|H(4)eWOFrdMocwjS}|^Fb7U(qO<6KGLTyC~S4n4CG--8tdUH}$ zc}h%1YG-3>SV3zmcra=)b4yZ2Qfy&&H$`GEX;d@{Ej}P}bto@cSzIk=a%Ew2Wgu!Q zIb1v=W*{g&JPLJBGjdZ-O*M6YSZ{YoWk@q@N-zp7EiE8LWO7n-PIO8~H8yHWFH2%Z zOJiAaQ%+GFQdw(DQE@U-QFC-~OhF30%vlK?NIe!0cib;qs;*rWp z{?(RH4kFut!$glGv=vNkLFC%sk%Q2;eAod@^J2>B=oCMvCUNR*?n1^2;)Sjl#6IQFnRk5DX|vpu`Y1DhL;@iNd*-g?vOkRx zZM{O6SK$vFz37FrSW3u4>RyVysuLzRhzl=w&7ShE#CvTu8{ZgNzFaGE3%80`(^el+ zMvRLwVS^n>ro6gx3~APYL+p~gqpDT5Y>$7l1J}rQ1`L?ol?KHP8$ertpBpT%V6MgV zOz$vfKh+Rdwu^Fq_WnjJJe%hk#%6U&B+)Na60Eq2y8S0LocN{rhhqk*_WMuE#ij}- zXmZi^X8TT$z|2TuIQ0Bs0O481&|ugJ5u3)q=d_}IwsJkj)pYOF8MHC-?cn=y6+eTe z@_exLGCV_f!LZA$ExQC)I9$tHk?9AJ&{33pya%W`yFls)*hqTji4!?+^yO#X56 zjU>|{HM4eenNFynaU&Vpr}h#A=NGP-6*|ars=1g0ikl-ziFF?;#&LfoUdN(RK3-K zbSTIN;_ZT55T0rF2VUU?;_|)Gxuj_l(XwO~Ddc9klv<+hxLJHV+X;!Fr&P0oA>66ibysd~X?R62Q$}G*N^W6y zOHxfUO$usxS};{{c|mA#G(%@MOG-9NHfd@`LqTXuMMP&$Z#QUoP%uVHRY^v3Q3@?S zAaiqQEoEdfH8n9gAaY4}Y<71bV{=MzFe^nhY%g?Acx*ycF-CPsIdWxoY;rMBRx>tt zdN@c@V{&OwRAw+Z3TR0$O-Ds_bXsj_LReNXGj?%qX;MUOSW8KBL~LexQ)6y$VRvF< zGe~%6k?|K-K}JbIS9*DHGet&iaW+#~XID^pa&u!gWk^h6Hg`F7V{&n1Q(|yVNJKOW zM{jd8P%(ODMO9d7b5m+gd2CrkNb7df0dJ1hy zLSk}CG&X5=LU(O4D>G|MD{EnYF=|y#QcGGwW@B+!VN+&!D@#XCIcI26PcdpScuz)J zcS}`5N;hVCVR}gld1^6sd1Fy?IWuosYEw65P;3aq(*-pP0OYETbQ zvtv3f+5u>01z1}X=_q) zv#5)QRhTc(%CHHwuXJB7M}7*Hd$NIl%2S*yrbQdBN(%*vbi5@9MQ5`3{6?hzxD-pSt#l#EW@+|T za!-YV*yKgA-{GETpVQFC2{q+@8L`PH~qbYY{H%m)9im`>AWEh)*inQOpOv zX}@3xNHyeYG$`CPpVNmZ)5`ophCg6k%%QK{L7cXA6prkF8STJMhy;A${h{ii-CbH3!H}F#d=yk zW6vw98|qoHvyXb`_GhGN&ITy`#Ve8-3>UvL&mQP|(e6Wxh)P@VmxS?2&*zsuc#u^0 zBBjoy#i7BpVFU7iD7~MK6zuv_)e)ku*B0RIv+cnQ_x5qqTE%w*T;S6TOQA=1gqhvR z*JYto8eg01_*LcemdHfjrx+(FR{RDPHBymEszZ#sT{VcF2Bu_(F_1^T-A!9xa)inM z3%16F$&ENTX1B6+pi9&Gqb-ukR}IIxEA!t;%V!K9$>1D+G??HT3E|z{$jdqJwodm@ z&rfaBZ{`Aur!HYWzpF65nEudDP=dVH*)Nb6Zh^O=Gu}9?Q#nZa@$Py1XhC%cf% z6|D2T9()`pWCcF@F$!t-yv&m`iLnhp9`{MjAsT3h*TAAt)9+e2N*+DslW=!yHhy`8 z5o;A@o7_Nu8|iOK5H*85Zv3VRfOkVElf;EHVhg4Ip{Ze@E7%gHdgM@MZTdGJ<5F?q zIqw@1N)$%-);2SNSqXBHJV}4|T*r-nta_Tkx3(OZ1Z8J{0`pSlQyMnlFaOuPiGOA4 zatEzB82&j=@6aW^*dIz<6c=l`iZ33q7W8)?E9LEfC;M-nv=uC8Z2ctBvTo~v%9gMg zT?+A_cP{V%zE!7_JO}Y1?jG~yR=O^Uks1t7V*-kck^8ATDa_JPuXBiV<$8T<)-kqj z#Rx3Y2d_6Z(JF}kp^?5hN}t;ua`ilJD38za-KUcq3G^W4uNyj)kOS*J;9s|s+>93FqD(Q`Wr{M|ST>-6 z)U#2dhw=MV&Ld#Ets8(_RkNU!)&f|oCGfiCN`sbh^jBujrMndasJW5-N&1XdrD2b-*e29Y!k z#JEW%o%%UIX^8y-q8k)V{FH#U5p>2BB+iBX6fCO0)ma@}wHO*c?UY4C1K$M357gCw zWC-Cc9H0j_;ZDDcwts&{Q_5BsCg?qXqaSu#akZyUBTd5BcbM3QsL{CYC6>)u(vM$@ zMmUf<0(gn1bgt2=otTGZbX_?K-_ z@;NzMX^yyI(G2IsM`LgBoZ>zn-s6KtbX^h@p36E`XuxPnq1&;qRCOwUXc_H)0Vk}G zH*`rHvl_a0%M@{0(+Z_8_5!O*efo>=;k;P8ATQ{_irSn|5Xo}kDLwpLI&F|DE)|rR z_HU=iU>|F1xut{QytWqROTAH=^8ekn-}#Qm1S!!l7Z;Hg`^5PA`>(|)9oBeV*>;WL zkUkIBb7=Y2u|V>u2>&L-mbFJ;(#j2v?*)z~KrO|EbKc)st6=x>4bOz&S3BsYgjc z>pFX#V)r>j&yyWO=c1o>&~h{TE&|T0|95lB_Qqk2yt#3Ju=k`L9NXFk!1hYn0z#!O zFX23#?bOldTeTQ*a10wPNCPR2OrGcabU#pCu$}ds-RX&pjx;c}a63u+qhsNm#MZe0 zzSc>|fn%)cq$q#)Nhf=MH5HovznD9OUwIXDeZ@omHo5{F;Yft}JcigJBkgo5-2?Y; zm=grB_=y5Ku@#7{)hoA~A-ViQ`y{N_+xq@KC#x#KtV5UJrp*AS@n>#!vttC_ne&WD z2nwHEMhfJxD(EG)#m$S`J~cN=j(96Iphb^JZfg{@w$C3Y2Ngkooca)aw@8NSjEik) zUQ4jJhH9t~qHbpZ`ogcHHNK>UlMlPYTf>u?CkfC%les?FJ7E0J5iLC7x~$JuotM3a zXAb#?%sW)YXKszv!feY}gD8v@O5?4{a2m!VWF6GscpkvWJSd#1Pp?LJzlnI(O3-#~ zVtkb4pHNK4$H>HgRn9K<2~AIxS}*BZ({>@uF4AbH9Qu;f%D*xA$n^5-iO@+TKW}wD zK8_(IER(sFI^O{5&Sg;5!o5m`7B3*P!F#MHMW0;-rp9vM$y%rtccu3ky6S^?W+ua?;0E&$4mH-fV3P%=_YQ!`(NM(xw(laiC^rMQVn?7Z!mx&S)toKaD2 X>B22+j_71*Bdprelzc99p0Gg)&qQFv%jL1bA^b7)9d zRdHrjX9`47NHa<^cWh%qS#?2DVq;80PI!7ZW@TnENilX%W=cslWiwGSL~Kh{RSGRW zAaiqQEoEdfH8n9gAaY4}Y<71bNn}q?cWEyxaBELwK`%sYc1Af@Nq93_Hh6GxR8Dku zL_}G2bWK$?YgAHA3QcxrVq3bU9UXF-3DzLUeXkWmRTXd2n`U zK~s8jk?|K-dR0(jW=dyyR6#gqHd-)DYII zF)?9jWmG|S5ataHdRYlH)Aw#bw@NuHgr=-LU1o|dU|hRLPug%H)=@=Yi}<$HZWF1T1YZ< zMO9=sPc%70S8_vSGe>E2S~6%!NJlwqS7lmRNNP9=Ej}P-FL)+dGCoc%XL4m>b7df9 zATvQ`HbE>PIC(=#Mj%vkX$pCNN?|cMM>tMqVsA}yVNEZ0V>50!Zggm9XG1SeLQi;c zLQq6BVs}AOSusR7b8KjFbZlaAZ)Hn$aBm7NEiE83Yf&*PaBON!dTVVqGA~3Rz0Zj73@f)>+8)5Nk91{VKzPj#fR4}E*VW zBR}co8IVwcIv;uT{3kBF;>S3H1?kof=T;G9`nfW3kFEZ8&_=)uMD2rRk0Qxd&A$S1 zm|Y5Md!+;E3I`{-U?n+!=nb=3?^K=Icw!b!v#RCb#=DL`4bj`IrmGQMjIm|;RD|NO zkYnuMn1hT3LRJeE*pE&QY{ZNkb1AUV0ly3?*A(N8e^VZNPg%NGAtj|u$zh6xd5X-C zW@SCg2?)$y-tyrBb7>C7d4;t4OkG6jc913GkICG9j{B1>4?${wZV|}ZVrAqbr12Uq z4FF3Rzm0M>^r-CaR>YfV%EME41d9aUwFJ5YOE4ZiZ;ug09+sjz0RVNwf82MF51t`_ zMRgwnm6o}mfHTCosR{S_Y9$*VS9`2u15qJTMk{!gaX;jSWNAHx*?tbVWCH9q?#G&c z&TR!ZfI_CldFfSuZ4Ip`DzqdeoIJaNTTG1;Ea#|jVn)Z$7X_a zJ1(s7Dgo?^chCCv`NuDU=8XBnsv^i| zs*^E(Zbm@`yI7j!vf&-&_8O|*suC6f(4x)~jN|yS?dOls&&1emyxe2m|FMtt6c;?c z6yp?s6WUUZJnyQoiTt@E|2{2B4MMYOR0aqgE8EjnblEA7L9LuK8ufY-Ts$Jh%n31l zCThMOKWXsS^3Kfm%k1+QQ=Wn#jKw-Ljs{squS|KSyKZzCP{L<&Q8`7!K5JzVz#>Mf zh6?ZvYLcW{R6q@Da|zG8F;JoHo%0^8Sdx~1L~H(M&Up!5{--zDaLNq%Gxb*=Ptk%o zXp6xu*}9tOJ6u=GJyhiAx^j7*ryP|L!K>dVHs50iMg%v>^N)dYp_9(kh<1)e-m0ue zOt^!B$v)E@@#o*TK~5tCgqh>&N2sSS2dDR`Ek+6)pgz4Gd4v%9F}8m=&FR z2wT_1ASWwE-KLBcM@Sx1&dgCvjkv(`a%hYk_;QwHNq>Thqm?j$*|frAAKmMJF`H}) z$njzs=S(2aj9XpNmYU#8`M52>5|V|4o&?dEpu?-q68cuyNqwMhry4H2%!$mC>KO?WsXi0c-d z3-wc+a{sfHy9Tl@-#6**2G|BHIP3q(%1nV6p0TAh(Pf2Nk4_6l;3sIq+(BOR)2&vM zHE~HfQ?ty*(rT1&*>_mL_@ZQ`NlmrOSlOx2X&bYb@EN{V0}d|J*tIBs0D>{KfPt}$ zIOLgx8Ky#$Mh{sOsC3R==TxZwmNdV#okNLLdDqj}QZZN##f4l`T30qwT~8wOQ&X*I z0(X_NOgd%)X@1m<=W|EE%BHAhixWHiAP8GfFVj=PiWQ%4ua~IBN5wEo0*Ge!oac!C zQvD$O-)>wIVzXnzoK(!9&qLJ&BqDTVwBkxhEMLA+~fN5T88t zFL54^C~Jv)Zb%-mVp+HTZ@RsSWK;WP+5}V{bgEe$0!Pj%WZFgtTf8Tb*Zjd@nw1G6 z^M7H?^y*P^yvM;va~r7iQ{HeGfOxBl>3gN`<^%s-cEOkGQ8_=PDzNvVt}1W)c|i2J zRP`H?Lmqa9PN#u?x}Wc(c#EIs$~tDi^y{nIT(Z0@gPL%kI;fT54&rL^^ls=?0}H^k z{2VXss6`qaxgOTOGxOk9 z;aR1k9F(mrqAdX*K&U5FXeJ80{ivk{#Q6jK1h9@uEuMLQX$83#1ZD?Uo?j3POu?vr FY&rYT4B`L)