shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

🔧 authelia + lldap

Browse Source
This commit is contained in:
auricom
2023-07-08 18:32:24 +02:00
parent 7d128755c3
commit 0280e7ac4b
8 changed files with 106 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
kubernetes/apps/default/authelia/app/config/configuration.yml → kubernetes/apps/default/authelia/app/config/configuration.yaml
View File

@@ -14,7 +14,7 @@ session:
access_control:
## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
## resource if there is no policy to be applied to the user.
default_policy: deny
default_policy: two_factor
networks:
- name: private
networks: ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
@@ -29,18 +29,13 @@ access_control:
- domain:
- "*.${SECRET_CLUSTER_DOMAIN}"
policy: one_factor
subject: ["group:admins", "group:users"]
subject: ["group:homelab_admins", "group:homelab_users"]
networks:
- private
# Deny public resources
- domain: ["navidrome.${SECRET_CLUSTER_DOMAIN}"]
resources: ["^/metrics.*$"]
policy: deny
# Two factors auth for WAN
- domain:
- "*.${SECRET_CLUSTER_DOMAIN}"
subject: ["group:admins", "group:users"]
policy: two_factor
identity_providers:
oidc:
cors:

22
kubernetes/apps/default/authelia/app/gatus.yaml Normal file
View File

@@ -0,0 +1,22 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: authelia-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: authelia
group: external
url: https://auth.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
dns-resolver: tcp://1.1.1.1:53
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

94
kubernetes/apps/default/authelia/app/helmrelease.yaml
View File

@@ -1,12 +1,12 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app authelia
namespace: default
spec:
interval: 15m
interval: 30m
chart:
spec:
chart: app-template
@@ -15,7 +15,7 @@ spec:
kind: HelmRepository
name: bjw-s
namespace: flux-system
maxHistory: 3
maxHistory: 2
install:
createNamespace: true
remediation:
@@ -26,7 +26,17 @@ spec:
retries: 3
uninstall:
keepHistory: false
dependsOn:
- name: lldap
- name: redis
values:
initContainers:
01-init-db:
image: ghcr.io/onedr0p/postgres-init:14.8
imagePullPolicy: IfNotPresent
envFrom: &envFrom
- secretRef:
name: authelia-secret
controller:
replicas: 2
strategy: RollingUpdate
@@ -34,19 +44,66 @@ spec:
reloader.stakater.com/auto: "true"
image:
repository: ghcr.io/authelia/authelia
tag: 4.37.5
envFrom:
- secretRef:
name: authelia-secret
tag: master@sha256:a3647c3dd136402745c7639e446944004145630c822f27e22f999c414c234d2f
args: ["--config", "/config/configuration.yaml", "--config.experimental.filters", "expand-env"]
env:
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_GROUPS_DN: ou=groups
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_USERS_DN: ou=people
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_BASE_DN: dc=home,dc=arpa
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_DISPLAY_NAME_ATTRIBUTE: displayName
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUPS_FILTER: (member={dn})
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUP_NAME_ATTRIBUTE: cn
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_IMPLEMENTATION: custom
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_MAIL_ATTRIBUTE: mail
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_START_TLS: "false"
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TIMEOUT: 5s
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_URL: ldap://lldap.default.svc.cluster.local:5389
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USER: uid=admin,ou=people,dc=home,dc=arpa
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERNAME_ATTRIBUTE: uid
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERS_FILTER: (&({username_attribute}={input})(objectClass=person))
AUTHELIA_AUTHENTICATION_BACKEND_PASSWORD_RESET_DISABLE: "true"
AUTHELIA_AUTHENTICATION_BACKEND_REFRESH_INTERVAL: 1m
AUTHELIA_DEFAULT_REDIRECTION_URL: https://auth.${SECRET_CLUSTER_DOMAIN}
AUTHELIA_DUO_API_DISABLE: "true"
AUTHELIA_LOG_LEVEL: info
AUTHELIA_NOTIFIER_DISABLE_STARTUP_CHECK: "true"
AUTHELIA_NOTIFIER_SMTP_DISABLE_REQUIRE_TLS: "true"
AUTHELIA_NOTIFIER_SMTP_HOST: smtp-relay.default.svc.cluster.local.
AUTHELIA_NOTIFIER_SMTP_PORT: "2525"
AUTHELIA_NOTIFIER_SMTP_SENDER: "Authelia <authelia@${SECRET_DOMAIN}>"
AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true"
AUTHELIA_SERVER_PORT: &port 8888
AUTHELIA_SESSION_DOMAIN: ${SECRET_CLUSTER_DOMAIN}
AUTHELIA_SESSION_NAME: authelia-home-ops
AUTHELIA_SESSION_REDIS_DATABASE_INDEX: 14
AUTHELIA_SESSION_REDIS_HOST: redis.database.svc.cluster.local.
AUTHELIA_SESSION_REDIS_PORT: 6379
AUTHELIA_STORAGE_POSTGRES_DATABASE: authelia
AUTHELIA_STORAGE_POSTGRES_HOST: ${POSTGRES_HOST}
AUTHELIA_TELEMETRY_METRICS_ADDRESS: tcp://0.0.0.0:8080
AUTHELIA_TELEMETRY_METRICS_ENABLED: "true"
AUTHELIA_THEME: dark
AUTHELIA_TOTP_ISSUER: authelia.com
AUTHELIA_WEBAUTHN_DISABLE: "true"
envFrom: *envFrom
enableServiceLinks: false
service:
main:
ports:
http:
port: &port 8888
port: *port
metrics:
enabled: true
port: 8080
serviceMonitor:
main:
enabled: true
endpoints:
- port: metrics
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s
probes:
liveness: &probes
enabled: true
@@ -62,19 +119,10 @@ spec:
readiness: *probes
startup:
enabled: false
serviceMonitor:
main:
enabled: true
endpoints:
- port: metrics
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s
ingress:
main:
enabled: true
ingressClassName: "nginx"
ingressClassName: nginx
annotations:
external-dns.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
@@ -84,7 +132,7 @@ spec:
add_header X-XSS-Protection "1; mode=block";
hajimari.io/icon: mdi:shield-account
hosts:
- host: &host "auth.${SECRET_CLUSTER_DOMAIN}"
- host: &host auth.${SECRET_CLUSTER_DOMAIN}
paths:
- path: /
pathType: Prefix
@@ -95,14 +143,14 @@ spec:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
fsGroupChangePolicy: OnRootMismatch
persistence:
config:
enabled: true
type: configMap
name: authelia-configmap
subPath: configuration.yml
mountPath: /config/configuration.yml
subPath: configuration.yaml
mountPath: /config/configuration.yaml
readOnly: false
topologySpreadConstraints:
- maxSkew: 1
@@ -116,4 +164,4 @@ spec:
cpu: 5m
memory: 10Mi
limits:
memory: 100Mi
memory: 200Mi

5
kubernetes/apps/default/authelia/app/kustomization.yaml
View File

@@ -6,12 +6,9 @@ namespace: default
resources:
- ./secret.sops.yaml
- ./helmrelease.yaml
patchesStrategicMerge:
- ./patches/env.yaml
- ./patches/postgres.yaml
configMapGenerator:
- name: authelia-configmap
files:
- ./config/configuration.yml
- ./config/configuration.yaml
generatorOptions:
disableNameSuffixHash: true

40
kubernetes/apps/default/authelia/app/patches/env.yaml
View File

@@ -1,40 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: authelia
namespace: default
spec:
values:
env:
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_USERS_DN: ou=users
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_BASE_DN: dc=home,dc=arpa
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_DISPLAY_NAME_ATTRIBUTE: givenName
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUPS_FILTER: "(&(memberUid={username})(objectClass=posixGroup))"
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUP_NAME_ATTRIBUTE: cn
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_MAIL_ATTRIBUTE: mail
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_URL: "ldap://glauth.default.svc.cluster.local.:8389"
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USER: cn=search,ou=svcaccts,dc=home,dc=arpa
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERNAME_ATTRIBUTE: uid
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERS_FILTER: "(&({username_attribute}={input})(objectClass=posixAccount))"
AUTHELIA_AUTHENTICATION_BACKEND_PASSWORD_RESET_DISABLE: "true"
AUTHELIA_DEFAULT_REDIRECTION_URL: "https://auth.${SECRET_CLUSTER_DOMAIN}"
AUTHELIA_DUO_API_DISABLE: "true"
AUTHELIA_LOG_LEVEL: trace
AUTHELIA_NOTIFIER_SMTP_DISABLE_REQUIRE_TLS: "true"
AUTHELIA_NOTIFIER_SMTP_HOST: smtp-relay.default.svc.cluster.local.
AUTHELIA_NOTIFIER_SMTP_PORT: "2525"
AUTHELIA_NOTIFIER_SMTP_SENDER: "Authelia <authelia@${SECRET_DOMAIN}>"
AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true"
AUTHELIA_SERVER_PORT: 8888
AUTHELIA_SESSION_DOMAIN: "${SECRET_CLUSTER_DOMAIN}"
AUTHELIA_SESSION_REDIS_DATABASE_INDEX: 14
AUTHELIA_SESSION_REDIS_HOST: redis.default.svc.cluster.local.
AUTHELIA_STORAGE_POSTGRES_DATABASE: authelia
AUTHELIA_STORAGE_POSTGRES_HOST: ${POSTGRES_HOST}
AUTHELIA_TELEMETRY_METRICS_ADDRESS: "tcp://0.0.0.0:8080"
AUTHELIA_TELEMETRY_METRICS_ENABLED: "true"
AUTHELIA_THEME: grey
AUTHELIA_TOTP_ISSUER: authelia.com
AUTHELIA_WEBAUTHN_DISABLE: "true"

32
kubernetes/apps/default/authelia/app/patches/patches/postgres.yaml
View File

@@ -1,32 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: lychee
namespace: default
spec:
values:
initContainers:
init-db:
image: ghcr.io/onedr0p/postgres-initdb:14.8
env:
- name: POSTGRES_HOST
value: ${POSTGRES_HOST}
- name: POSTGRES_DB
value: lychee
- name: POSTGRES_SUPER_PASS
valueFrom:
secretKeyRef:
name: postgres-superuser
key: password
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: lychee
key: DB_USERNAME
- name: POSTGRES_PASS
valueFrom:
secretKeyRef:
name: lychee
key: DB_PASSWORD

32
kubernetes/apps/default/authelia/app/patches/postgres.yaml
View File

@@ -1,32 +0,0 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: authelia
namespace: default
spec:
values:
initContainers:
init-db:
image: ghcr.io/onedr0p/postgres-initdb:14.8
env:
- name: POSTGRES_HOST
value: ${POSTGRES_HOST}
- name: POSTGRES_DB
value: authelia
- name: POSTGRES_SUPER_PASS
valueFrom:
secretKeyRef:
name: postgres-superuser
key: password
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: authelia-secret
key: AUTHELIA_STORAGE_POSTGRES_USERNAME
- name: POSTGRES_PASS
valueFrom:
secretKeyRef:
name: authelia-secret
key: AUTHELIA_STORAGE_POSTGRES_PASSWORD

13
kubernetes/apps/default/authelia/app/secret.sops.yaml
View File

@@ -6,14 +6,21 @@ metadata:
namespace: default
type: Opaque
stringData:
#ENC[AES256_GCM,data:RzmXYg==,iv:/Nyi6ik2vfnVcSVUa+tZ8iwoSWy/eyFtDP0cwW4NjMw=,tag:ZggZ20DHnI1gQDN0GWNQjg==,type:comment]
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ENC[AES256_GCM,data:XQPgqGCOxig/ewQfyVVte6Op8cA=,iv:bIBc8YqgjdGlllQlXuWPP8VGOt4GBNBjrPNwsydYfGg=,tag:7c8xdEKvrZNaWajhUMtM3w==,type:str]
AUTHELIA_STORAGE_POSTGRES_USERNAME: ENC[AES256_GCM,data:popD58odXyQ=,iv:gw+Y2n/ZRRAudSZy6T6aYdLq504xEH6Ntk+nWY39zjE=,tag:okpCZIGgCzeooa+eSWhAbA==,type:str]
AUTHELIA_STORAGE_POSTGRES_PASSWORD: ENC[AES256_GCM,data:j/VlSpeqwTVKCDN+Law=,iv:k+PKPq1iF/bl0acff1DrbQzRKOb3cy37Sq5R+wuKOQc=,tag:ouhjcJuZJQ0Gc/T396WDrg==,type:str]
AUTHELIA_JWT_SECRET: ENC[AES256_GCM,data:/FH8Yi4olsLQgbAbTGh23wvZ+0bY5XZMxyXUcQ==,iv:BB18NV8++Uqh3TS9KeDAOV3WH8gvBa/vKRAoV48ddMU=,tag:jbNMXobzUIIEd/fQKrD17Q==,type:str]
AUTHELIA_SESSION_SECRET: ENC[AES256_GCM,data:oKlY7wYdJWyVyS9L0kEyE/FBaX8QguU7ZwN4wg==,iv:qn3DBkozHECvEvjfJaGwogGdNcEYfL9Mr4sZhkmRvUs=,tag:tmvKCTehK5APrJG/xRzdtg==,type:str]
AUTHELIA_STORAGE_ENCRYPTION_KEY: ENC[AES256_GCM,data:dhPWtO+l7X+9chnJczfL1qE0ckO58kRAvzjTiA==,iv:ac8mMxYENkUv7llxkHHdTiCxMaqP0/joJeAxDkc7vNE=,tag:HUZudNImGCxzlGXeYJZGtA==,type:str]
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ENC[AES256_GCM,data:iF/190/mZpbDwCd5Q+VOTQVyRbs=,iv:xKhvy4ufkiPqmiWUPKQjxRqUA3VH1Y/PTc8BVnLIaDA=,tag:KB3Bs71cARnYo3noOZs+Fw==,type:str]
AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET: ENC[AES256_GCM,data:GQ5FI3GP+dNfWapUXbkWRoUi4N8oHLn6Kotmmfaqxd0=,iv:iZMUl9vBZUdWElVV1iqPNhdTy0aQKw3H318UT/rTpWs=,tag:iuKMZal34P0zFy6v+Dvj7g==,type:str]
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY: ENC[AES256_GCM,data:IeAA9iN8w6vU5ZsJVAmLyaH4xuADYg0ESKdqIWSCQ6OJKd60E0UNhIQOIH25JCQnRo3cpAflkqDHRdMNnoUY4apsA5GBZtO9+kDnswMHFfMwhgP15V6RBLObvIFVFfjH5n2k7hObMeS2qm8+rVIaUpyNDu3elD8KrKHOiqN0dxbd4PVx1CmN3c9kJGqSWrYFhBo44fULjUzWYSaQbfMqxotkxodtfRDKYlwvXBh9fg1hWblBj2LEl8yPd2V3QiKDH2o6um8VWw33ryUzAeefJOelUUU/s8EynbGwTZwuPVy8LATSSiDtvramFpsk7XXshDLrwEir7hujaieP3P0T7XspF9i85wFVZrTqZDtlysYgziwTEqSbd2vL737p6S5l3QpAn5De+QkZyYDbPYJ2X/PTESeY1X4hJ8TI0OK15DXX5+YYkh3Vnvl21xseaAoT9QvTcXM9jjUug8cwt56UhG/grNFrYLjngq4cLPHI4vzE9JXLfXlax+Y+jj0t1Bv8EPA66RzXxJWYgbLP/SdHPFDpyMwRjSzm5zJ9ldG+ajJ1B6pVuWb53USVxtRu6aRnZsxWpJfkn7HqGkXjRPT0mSiU2tFpwaM/NDxMB66DiIZjCwjeTfbFSngDQc88fcwv8V6klASM0iCbsQCtXDGoAt1mG6wmA5UhMmoKkqdRVj+qov+ZeMz+dlafdoXJNXT8ncTo06RDQAZX/3kW+7uK5EbfSRUmDUdPnHHBL/fhEYEasZoF5nwegp9gGPOX6N+mHyYoB3tJNrATJkBa7bTDcPcKpRL5a472ApXva6WYyDgnO4FrvxlkC0wt9Dt8Tw/YakwxY+UtatmdEyYRprxRWQDPYHCqe+lK8S0LGHq+2HEcf109lzAszhkEHj4AKXVuwc2ooWlqVFoCMB4+1sJzawA4Ry5mXNFLN9eb+6xO8fg6DMxRZFbZTL+mdOUfIQxz+nCbEm48xakSj3NJzQ4Rd+31kuapmcnjCLoWdDItXfPrIV160v0GGGMQmrzL7PJVmBaFwmRfJ5YJz5UE0qi8z5RC1d//0ywEyb0EBNCouuWh47XHo2EDKTbhy3o0qpkQBHIQuxUZcIPM+3veF/SOT7pFYPGHMFPbif/71j1HgxuE/E1p+How0XfelOfP4Z8rUWZcDWLJp0wDrD7WRe9564/cqCTvqBRusPKYlCG/xJreqn42LV0bVN4JxJAiBXM68lasZJHunMJcd1E1DB/p1S0Wooezc7J67sPMiLAfiq4GdBSq8Z+8OJKcv88KDXu/PPCh8Ke4xVLdovK1KUncP/T8cppFhyE61CkDjcGvahGbuLkZl2mkR5oHoNerOXqFQ/tvIR34vXRRbb6Qo92r/yJmi6lsXGEu1dxMKBPKkOdCqWYXcSgGtDgyETm1+keoNjh67f7M0rl7eztHpFDl9CX9b4lYEBTiaaozWN+LYdPQps5IZfZDzTN4NScfx2CDve46xVLxNc/DpLhUih/a9i3/kHUB6aPNN/IxA6mhZqrya3gAUfAstxlkiBme8Wa902DFOh10YTn0VP9H+yRihK/OECDMhDDwrqSC1dn7BOF5iWFg9CMB6OzABstucmFDAgRxkqkaIPTSYF0mbZnD5KeZYRjeUV43m7BstHFXGSmb4R2CI9popqvDV1y/7ANpiepXlN2JFGCeCgW/SyyPAZw/xnQUH3ZGjK4lon1l45YA2YRvWnfurGZemaAtir499dbKNa1JK+1POmpAHvMw7tm7Jj2LjaHNKD40jGY782ucZkLFGwBm8P0KU44vjKinQNvjhNrct/USTEMxU+sHtuE9jFDsufKlNeOK/LkjCKfbOu6PNKF8MXoXw8bUsHSqMYHXRvBDiYNmuHp0zitet8JLvdKW1LVLTpuFR7/13y5L//9RvpvD66gjbO9LawIm4oX/RrkzzCEf/eMC4jCPvAe5KhcDGxW53LRYAowGLHmNlKDzWMWMAwe86dT9Y49cQYuznLYifu2ApeQ4nEFW4b0bktrzxSuZCVhWXPs+e0OnEWTUC3lzTd0MSfUgI1pSW+HmKs9+nr+YcEOBTmGd35oyjKGLq4SE4SecckslWnvYpXnHj2QOTqVD/Mn36B3NQgPIQOeh3uOiKhfOw4T0TiBc8ElBGbM0bsp5Cp2q41xByITXaVsgPo6IksI+dnoaqaDwzXVW2RABuuEDNAhC64gJW+t94obETP8X/ulGzxqibLVmOJgcdQ31TuEoE1z17TALTjm6GwZj8Jz80CfM2gHivh41xHjw23yHev3tJ4y5iOQ2fJRE9nM+Lwx3YjN0311PQ63ZfF453flkw7tzvHT+WMUyMHJBCwlQyrYVSVAd1NPdov4i/Ru/OSGGRQ2W3gdkDpTTbxB3rHzWaXS47mQHT9m60SfXDccT7JrZeDb6R8KhpS3aBL8k9paarynaFPrvjwRgJyjZAXzk38StzSRoRIUdS4teWlOm0aLjWA2N+FNxTnHif7fXLXQGnlHIhAU2U3KJ9mlqCq+pxqy2nmnDoXwBh0MjWYvEXwJhEQXv7PdXN6+74jlgx5xrmvyCqOJFuVIvIcRzj74mFIqMTMzXLL6eAjg9xLleTtCbY8jxjBrzfENYpYMQHPVRM1fwipu973WV33sEGmmtk6K79sQyI9Re2J5vneBJ5nT0/xqzA3EWQVEgXMXuOSthjO3PICYrPaH0ohlhiFEwlKpFWBAFKDwxilXeYMBN8epnm3tQjsnUoDyW4TTO/5j4e0Yb/k2z3T7IMYSme4AJq/ulf1Og+aIxHPfJ+QPfTqDnaF/zhkhYHh1iDEa9Dp4UEXyhgytbpr5f+tmcVuvGmtK4k6aOi1XkaLg6/CUa2O00MVqyLmqOeGDAw8z+UJcyFTk86kvNk8PMMrXsEzt6xDGkpSEjiPXL2vf1PrJIYi/99rcWrXR82zMCZg0EaM3zxhZvWzOFrWqHuE9u2ErgzgRt1GQ8iA3gFPw8uP7o8SCjE1Ig9kf56+OncA1fyJRFCPBe9Y36izZtEt901k9aMhZVmiuuCQAtptGFYslKFkLTeaQesnaSgSO2jq1wDEUtRHLHaTeBVWupB1AWvM9u661iC1dk32eVsclftyH5Auf0R58TohDLzhGT8e8NkOii9IJ2+N+ua8nPPiQqxfjbdXrKJFLFeyYimb/h6yfugQpxiDXWOfZFFkdKSZJqONaQ+aURqK3gyavzJeYUdRoiattdNNgGl+jTI/OEe3lt69oimYYExFQRzJ2R3uYYVbVyvaptW7+ppGxOxk4yfoQAcMZnOTGu9DKgBDClGOcdI2LeluieJrfXwoMq3o5wcoM6yvTmgfxzUMZ3DELWwP7Fqv0IJyRD0tXbIcQxGGyd1U3aGq6u0sGJaQy6+sb+s8hFPglL0CrzvCJPJERm8PHiJtiLHDa6WG1+b3V9fPnmJFD0AJEggE7fPolq5/j1dm1SRNmWNffHXcqGrCDcZ0qx6BE2pEzTY2VtyinsaNuigULK6kL55srFHh9xjwdgTD5F7czuqoIo2Phm8PoRW5X8I7dQZ0Psiur2d9tMAT+ChDWoytqmZH3edCN0a1kjWKN8+hDzIptbW68j+JuNLCtBc2ENtCo2mne4Kz15oYgbR7urht+CvagdKxauBiDGcp/KXuRUQKz7onCgnMmMkLP3lHXeyRqi2maG58K0Vngdsi2nFn7IzbeM8ieF2D7mo7FK5lyRlyIy3X2GwTQvEUTUyTUkv/cNCSet4O3zVeMY+hgegZzU1h8Cpzp+GF7v8wEVAe6DZTu+0aubwb27lqiweBUBBNJf9GuAMnuYGHODMsn1CNe3wNtgRlp0liGyT4YmoZlgO6rPcpUpjtxAdw+legYXdylGMwX/Cer2OLxe/VOsd1wjmMcZL1009guK7t6BjwGY9/g85y8MMPiHpWwo1MUOuKPQZFK2c2iu3IiQJtawqocNvmBeZ4/h9978Rod2aUbYXvTRFJbDbRqfqojEDgZv0JgIpBQKT/cIqQLPXoigyab45tMoKWKm2D7lSdwQIWpc2tx4qkECbLy5KEmd0UbCmCC8RDUk3I/Nkycwf1XrlZVYwNpKhQMIytDUyIf9TqTrU/XIJ/Q6Ib7kSyjZeK46GldMNuGnc05mPlJQoj75ZxxtWibfPG9kH7ImR4K1PgHoY2gHleca/paVyC9jNKpKiyB3m4WDnrxK5N+NpO+wlbNXAtGeqZJd6H/V8URnBuIv0NxFRhQ1seVZQKElkol1KCe9H/+n0Hs/fz5RdBwa/Oh9/lVNrJiVcnH1/5JGpR5/p/RLElE9Nl+GJGS2uWasvREyXjoLrB0aSwQK,iv:+H0Qz07NHU6fs7mJk9VnLZlYSoxTCnW59oPSHOmGr+s=,tag:w7NtwB7ks/Tb3eky5e/P/A==,type:str]
#ENC[AES256_GCM,data:C0B+sL2neQ9RssNtmkc=,iv:m2CKgHodIVggA8J/YJR/DJw0t/irZJwLvZCXUNmR6zc=,tag:GZoHTWx30yOwcS4hdvqSEg==,type:comment]
INIT_POSTGRES_DBNAME: ENC[AES256_GCM,data:lSN7RhVA/KE=,iv:6QvaJnVGUHLiEMo5qZffRHapFL1dtXiIzdhk9iLKZQs=,tag:KoLAgcCEPmCurE3cqzEETQ==,type:str]
INIT_POSTGRES_HOST: ENC[AES256_GCM,data:EUIrBuvpu5XQOE6HfO54Cxr//BwlKW9oPEKHmyQTuUIu1oMMSg==,iv:Ygjak8gez1OeEQ2X1F4HryB5glB3pzut7H7k7z/hwAI=,tag:s3Hd8GZ6enjGEp9uTfy41Q==,type:str]
INIT_POSTGRES_USER: ENC[AES256_GCM,data:gLyRrjvhbKQ=,iv:1SBPtSAq/c5Q90MSgxpBeOkrvqpsOMPitpDdzfG1oBc=,tag:5mi6e6+OnxElAOk3P20XaQ==,type:str]
INIT_POSTGRES_PASS: ENC[AES256_GCM,data:7BviKXdQ32upRD3gEwA=,iv:e6E8oHw2VkaT1y+QmomZmYF/Z8Dnx/nWJDaJWLaaXt0=,tag:soEnjX3zmC1rb1sKdYrT0w==,type:str]
INIT_POSTGRES_SUPER_PASS: ENC[AES256_GCM,data:yDvSJZuQC3F5sXIuqzYClg==,iv:7IBNox0wpkA9756iK55kPasF2wsBLn54VAnVt9v+2w0=,tag:IgVxbDU59iyLOHMUUchw3Q==,type:str]
sops:
kms: []
gcp_kms: []
@@ -29,8 +36,8 @@ sops:
Ny9OQ0l4ZXMrdW40NmRsbzgvZ0w5V3cKqTGvN5zk2TPgtxoVfwI7Wsz4N+lC9+Kq
DCXTgTU/QXm9dvo4ErPPzeWFqdk4JchExhvSJV2JfM32O+3z+EGhNg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-01T22:11:20Z"
mac: ENC[AES256_GCM,data:XESKuMlJEXGzkbW1CnAoXxRONq3BqQT/Y9fi7Los+ILtHjo1lEHmj3yCSDhn7uVDQJALLu9pz/Ra36/gine7VUqJwooDV2OeWs7VvBmGTxLOxeH/24AipiAPnRYjXWQY0Zfh0/h0H88jJSB3D+bCMW+WpEWfdmHWMQ/Y54pQ3mQ=,iv:q0ALv44alplmtt2NKbRyVzy/yxoIQ9FUN1zLjEMViCU=,tag:Zq9r4Eo2UsGYTIscEdAMVQ==,type:str]
lastmodified: "2023-07-08T16:58:03Z"
mac: ENC[AES256_GCM,data:E1U2G0xX5opwHgbye57uEyvypTjBd14HegNxc7yz68PGMwG3bkOhZGw2BYi6R2WRqimhfZk6hR4+xYo00BSNahrmjDWcW+vOOwSge1lNz3PehynmZO1dsakAJfaY2r7vHi4Fmd/9ZgCf8NChgBP9QJxSYBhVPg9otbdWOcMf1mE=,iv:zSkV6bumO3XQz7c4DiNNeP5HQu6fxaGL1pKuKBqYJiI=,tag:MiQRkIyQXZ0IAeKfRmUVxA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3