diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index dd4b993..b17122d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,18 +1,18 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v5.0.0 hooks: - id: end-of-file-fixer - id: trailing-whitespace - repo: https://github.com/adrienverge/yamllint.git - rev: v1.33.0 + rev: v1.37.1 hooks: - id: yamllint args: ['--strict'] exclude: ".enc.yaml" - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.86.0 + rev: v1.99.0 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/stacks/ax41-1/README.md b/stacks/ax41-1/README.md index 3c40672..4451618 100644 --- a/stacks/ax41-1/README.md +++ b/stacks/ax41-1/README.md @@ -1,4 +1,4 @@ - + ## Requirements | Name | Version | @@ -45,4 +45,4 @@ No inputs. ## Outputs No outputs. - + diff --git a/stacks/ax41-1/provider.tf b/stacks/ax41-1/provider.tf index 4210c03..af2cbc7 100644 --- a/stacks/ax41-1/provider.tf +++ b/stacks/ax41-1/provider.tf @@ -10,5 +10,6 @@ provider "hetznerdns" { } provider "authentik" { - url = "https://authentik.montage2.de" -} \ No newline at end of file + url = "https://authentik.montage2.de" + token = data.sops_file.secrets.data["swarm.authentik.apitoken"] +} diff --git a/stacks/ax41-1/secrets.enc.yaml b/stacks/ax41-1/secrets.enc.yaml index b35e7aa..3da8f1e 100644 --- a/stacks/ax41-1/secrets.enc.yaml +++ b/stacks/ax41-1/secrets.enc.yaml @@ -1,24 +1,26 @@ -hetzner_dns_api_token: ENC[AES256_GCM,data:6m0svnZBgwLeMu12tSz1oUHHaA69dU/dHi7oWgvbrNE=,iv:Iwre9h80vPZRZ3qu43gohDOaE88Aea5T2vc+3hVmM5I=,tag:9aad0ekU962w9acNXpe94w==,type:str] +hetzner_dns_api_token: ENC[AES256_GCM,data:SRPaDt8tJI4akhNgkGtg3Jessyyt61ILHGUdknmopLQ=,iv:xJu3PePEUQkGi2gwYykV4ytpgyCU4rtPYPDDP24E0g8=,tag:tMv8LP/QBJkTgEwY9Nxfjw==,type:str] swarm: grafana: - gf_security_secret_key: ENC[AES256_GCM,data:o6iR/KCnM1Ru56i0ANylmZFqiERuNfwx8sHeM4wE/k7aHI8l0Lg2oifrTx38m5puCBw79U4qqFQqe9QJjZMROhRblBK/RWi+3vSv+rwYv2W8wcvMeqcjJgZV0erOMyFkuZpapbfTnbDvidWg4kKbS0k2OmdRHVYc89IETU7hdow=,iv:B5EC8gwEK0g8T2I/EgoLFGCzR0Uhtaot01xeoWU0mp0=,tag:vlYNnn+fI5m6Dw+IpTPfuw==,type:str] - gf_security_admin_password: ENC[AES256_GCM,data:BJbUVen8wlU2QxJ99dD0ZrmHMKoC3En4qKkv6JFzqXxZm10elP1EtY6dscnVAaGWOPOv3O+OZ1+bJ24jVvXjVg==,iv:6g+KWKFv14ZAifRqWG01GfCyGhLa0f3hk896rsFR6to=,tag:WVDDaeloZycEERhzuSYwag==,type:str] - gf_auth_generic_oauth_client_id: ENC[AES256_GCM,data:XLp880bI5ANkbk1t49839gs8EwI1LlfZwJgtlVPd21jmhXkpRSuKLw==,iv:u+wkKImGyNo0t7nXg7MdbRBBDEC08tWfE1sMo5fbIcY=,tag:CXl/6P9U6kANNFrmDlLvnA==,type:str] - gf_auth_generic_oauth_client_secret: ENC[AES256_GCM,data:AHWpqQbHVyL6rliQeOsf+hVEwDI0mFOuOtllz3Aqfm/FWQTai4sgdQ9F+AkuiqCsKtdvOyCYdsBNv6BolR1Ef8vNBECKpkt1N97hPvlEuStBzbt0Hcu9uHxo0h1+L10SaM7VzUfVcYJ2gNY/HdU01C7av1NUHsYBMlIb8vE+Eww=,iv:ax6nnqrvYrxa5m08Hby6hCkawJZoJYBVA4JiPur10AU=,tag:ilSrpwsp3GC/AT9CgrfsGw==,type:str] + gf_security_secret_key: ENC[AES256_GCM,data:vXsK18XTM4EgEgd7YGTP7ypdSG9gpT7jFHGODD0Yn3hCnc4Lqhs63hMAg5Ky6VW400mpw/RV5ea8HQAYMoHcUcTGtgbWUQoA1xc96jovjtfpZ7UfqazY1On8qyUNyZYSq0oCA91dZ50DL0dUrhqdOqpf2idLoSmeDwkIr4siX0o=,iv:xOwXk9EZgTLlFRk6dzCdvzzPmoUN6phaoYmUz4AS32c=,tag:mpSYZS/gl758/VdOH5Z1+Q==,type:str] + gf_security_admin_password: ENC[AES256_GCM,data:IJdtLUDMyVpw+xfEIHasVAOH5pBbHHVBqyWjjn4i+H/lxiSqANJiJZwTP+nCt2ZhlMr1yM173HCwv5o5XtAIJg==,iv:oURnR1NzSsagusMSmxqHeMc8MKTHL+Bmmgm/fmQN+iI=,tag:UQ4QR1AePAjj/dbPl7Ozcg==,type:str] + gf_auth_generic_oauth_client_id: ENC[AES256_GCM,data:jaI5tGX5VwsYivn/S9ILmob/AaoYSggUhMw89awvzvpdDXMIinV48A==,iv:2etNyR1uo+9zNWw3YjijVAsFR8XEsiyUtc/YgiOgcn8=,tag:Lft24b1iN30LHvV+3LeqzA==,type:str] + gf_auth_generic_oauth_client_secret: ENC[AES256_GCM,data:Nec/ckNuWSjqNU8Pa29nj1D0pkxik3PYvfBbSdbhNQdshrPFcYM3oDPWGqQqvwj5QkD2fPll2lX6Ms37cB+35y+xETo4gg/Sd9u5zi1Jh/zY9qUIh7nIOD8leovAvuuGTRtentfAdlUl9Kg/f4Cec8RoB0j9hUtCbuKxKMAidTc=,iv:BIxkHKyJ76dKVkjVAHCtYYUtp0G43jjC/SJwswvjRzo=,tag:7N4KFoqMG8kI99T+ZC1xcQ==,type:str] jitsi: - jibri_recorder_password: ENC[AES256_GCM,data:RS64hUpIZCF5a8XMhoSk5X+ICe3+1YXzfu5xY13VpIQ=,iv:lwWwxDHZLbQ0ITuBUFAyybYdlvbM9T5b/cPqBnW5oa8=,tag:now385b+72CSU595I4m96Q==,type:str] - jibri_xmpp_password: ENC[AES256_GCM,data:XxOmZuUCyNxfIgk3FAp4mbBDtwOxus6x2Qe/kPSHFQo=,iv:xHMZxNyZo+eJfh8DqDxoRDzYOP0Xc918KEXujwDaqfQ=,tag:m/fRIDcU/Y9ifu/82YoIuQ==,type:str] - jigasi_xmpp_password: ENC[AES256_GCM,data:Bvhm2/alyR1K9BxTOibgioUKLjJ83C6m/humfxjMw9g=,iv:qXNpDYW5E19g9da9eHyGJGxw6wqLZvGHZyo1cvRXxFs=,tag:Css7lGS2WuzcRk3TQGO8ZA==,type:str] - jicofo_auth_password: ENC[AES256_GCM,data:g2o4JBlKePPFSI6JKCQnVEtKv9XgKINc0rOHJ9qzguE=,iv:+L3gNJji/nOiImQ1cFLfT7KeGOdk1AcK6hXQdGCDkV4=,tag:LXZmoXTPxLq80xNTsDWQUA==,type:str] - jvb_auth_password: ENC[AES256_GCM,data:w0snMcVCm8wSzxzSTPNO8IuPhS6LvrLAv2t7s3fzUHI=,iv:R0unYAzJXAwDTO2mE3nD/bjJy9aGlHlOR2122gc/HFg=,tag:kE8WDsrpGFwMqPFYTRCz4A==,type:str] + jibri_recorder_password: ENC[AES256_GCM,data:1nFz2qTSwx5Ajb1q1fNCNq3n+BzRfTrf1V4Z7TSxBWQ=,iv:0PbTHAIig2IF4DOYK+Am0rFGaTzWD3ea2rjd1AaM2YM=,tag:Wfnl+cuX0EUOfKlOv1wjhg==,type:str] + jibri_xmpp_password: ENC[AES256_GCM,data:Tb12DJfzycUP6ECJmyIJDlMYPd7/lZrVSV6W8Zmg+vk=,iv:nyE2wWxfbCMMggy9bIZyYWJ4zOrkOXf/Bkk4hpuRAVg=,tag:hfcQUeCBy4agPT9KcNQniQ==,type:str] + jigasi_xmpp_password: ENC[AES256_GCM,data:olVYxWuJC2nyVJkIVPCK/DJGj7sxbjJIsi6ZXMXSPg8=,iv:w9sec/8476Wt5C+wUpCqqCh5NaVe4WxhdfWwkPDxhCQ=,tag:kZinjzjsSOyWevxKE5HL6A==,type:str] + jicofo_auth_password: ENC[AES256_GCM,data:4nEkdjGcM4ELupsCRZbUupGGFqKhr2fcH+JC/MRTbzE=,iv:G+6gHU2XxWNJGruNkASOjEoaLvJa8PlnQp6p7fnBPnQ=,tag:z944hNrZYTHXquykYlpKxg==,type:str] + jvb_auth_password: ENC[AES256_GCM,data:FDn+W5dZDup4SsXJb9arYCV7tzVS03d1sBH9EhxAhRg=,iv:cXqHHJCX1su7Cyd+v7CrPWfa09LuAujiZbX5GHvwEyQ=,tag:rCIC4qoUGSKDndHbbQ7Nhg==,type:str] hedgedoc: - CMD_GITLAB_CLIENTID: ENC[AES256_GCM,data:kZvl37vR+/+fHFGCgq3Lj29N1UY6GHfjUeC9jl5kwqqVrKcW2U4Rpocp4oR7FmcByUe1KmmDje0ebrq7rq6kkQ==,iv:037nPII9Tz/VXbemgONHtw6rf7YhywwkucpQP0I+vHA=,tag:qeNYqDBbBgyEIbtz69sZmg==,type:str] - CMD_GITLAB_CLIENTSECRET: ENC[AES256_GCM,data:htsR1iVbrGzvvy895ovDxGUemWLxbhHSkJEGcsXk5nwtOoLt1I4N6XNLlPSQ94EzZLJ65bF8Ay3l8nK11B/waw==,iv:aOyhuicriQB2gQJSzKzFvlEK6ZI6zeF5gz4Jjy3anDE=,tag:ldyjLIswF+0Uh8STV0Jmpw==,type:str] - CMD_OAUTH2_CLIENT_ID: ENC[AES256_GCM,data:rwt7C+jxcXZRgAHq5D0iIsPCjBjDiBoUb8bYVQtA6qejqDmfXGHAzg==,iv:HL6N9f6gysDJwUYJKV18fdqy+2zAUOiL9HK+k5DvieU=,tag:CqZb/U5LSDBo4K1X79rOTQ==,type:str] - CMD_OAUTH2_CLIENT_SECRET: ENC[AES256_GCM,data:F3lebEE0hnwopmKEAD3ySrMEnnjMBy0hgaKcLkZwelIR+j5kR8fUtD2ITndKgQLFhPQXvC5PAkTW93I3tu9Z91/TseIcgZsivxXmRdScMucY0Wmrt/8+yAHKPZxhDsaZbvRnVhwL6v22/eqnmTNDbn62r9I6QfZUqwrogV2wY1I=,iv:vibJn1HyaQ/xgsQvSp7e+cgGhZmsDrsUz/b78XG63oU=,tag:7rKcELyRIkKu2SByXwSTNQ==,type:str] + CMD_GITLAB_CLIENTID: ENC[AES256_GCM,data:7n2hswLCtwXIaEx5UNH/39tE0WMJOVx03iqy9cQOFeGYnDyS+0o1pKFv9nx+eZKFc/+Nw1i/V0T2xk9T/SsURA==,iv:H2bl8BRDCi2BzJsMMHYUt3jImpZxKTmq4J8N+N/XY88=,tag:/coJuNsqiTtElWWk01YhsA==,type:str] + CMD_GITLAB_CLIENTSECRET: ENC[AES256_GCM,data:hTComMl8PUqPcwvGkGK0bDCDF6hDdqxd2dX9jvlYq++/Fv5aOO05bE9GPHuYFi082gjQcR1zJphyHQLN+bw5Qg==,iv:I39c9Ah5QhoVU9wthnCcK2mSA4f3Kf52Q0IdqYLc9rk=,tag:x2LArO99R+A4wcD1fxm1GA==,type:str] + CMD_OAUTH2_CLIENT_ID: ENC[AES256_GCM,data:wK4/iPtzQkgRiae//FzbFWLFXnsK/kAf9Mp5TMyIYp80fs1cPwh7LQ==,iv:YWhZfZ4BobrHvgVUlP8PGiwtESH9nuxrHX3UuJ582L8=,tag:8mXO4ZZYUC1WebLC3IcbEQ==,type:str] + CMD_OAUTH2_CLIENT_SECRET: ENC[AES256_GCM,data:+/c+nFHcnTDx51G91jdLLJlW6CRc/Vf6/EtOD8vtYInDsC4mUfTdBKS2HducS8Aqa37I67waH2wX31p76sKsjn585D4AJ+XULkSIffkhWJn/+4RnBIbD2H+qesiQmMAcevEO6rIYGbWPbTM6+boayjFoVKPeHQF8Ez5GkJwjXYI=,iv:aRnkJUmNWHo8rasA3b1P3qPojIIoTQfmDsxLxJ2uXhw=,tag:GKevzD5DIOUIbxSyFumy6w==,type:str] wekan: - authentik_client_id: ENC[AES256_GCM,data:OBS8HEY=,iv:XpIhSFM6jVRIcTkXmiIdgLNxrDltE7lxIz5OVvkKnQs=,tag:OpwLMCUOyTt9HxenS+4HXg==,type:str] - authentik_client_secret: ENC[AES256_GCM,data:xUpYD1TB9AEo2yCcmgw4Zv7TaFb+zhOgArd5lCd3SmaezQAdoshK+rFoSgxPPfC9AGmA9T40B4S+sZCejNmxZA==,iv:DFlHS0HUVCNaIzXCkveVMeUFuOsC4YFbsse+lLiYzsY=,tag:SAxX2mFQ4yrL/epaq2A/rA==,type:str] + authentik_client_id: ENC[AES256_GCM,data:+zJOuTs=,iv:BeWB61LkuHfTMISKrujw+f/u2Z5n9rgfFFLh5EFAd+U=,tag:JV8PJQYG6dB9ocgTZhbNuw==,type:str] + authentik_client_secret: ENC[AES256_GCM,data:Kh8rI2PCbbKz37uFViI24GtAs1QvSa0MdeAn3kuIl+ntGCL0ywRt3gJkiXmV9RouK7hURdMCkFDK6WX53HCCmg==,iv:FmFeRWeCDh2nW+Wnq41T/yBGyQ2m+jP3FswLsngfrEA=,tag:BOBT740MMz/nTx2pPMsb/A==,type:str] + authentik: + apitoken: ENC[AES256_GCM,data:u8kN0MdBrCqu1kqMzZHHl7l80DyFyNSYepVcsp/SuvdK4qtmq4hAmKjvYGb1XCC2gZRklxe0pxd8n6HL,iv:gNXez0L3BzF6CWdF8AASNPlwSY+26C/yG+T3jVYGwk0=,tag:xAJXfwxMzGrdxR8JzKQ6EA==,type:str] sops: kms: [] gcp_kms: [] @@ -28,14 +30,14 @@ sops: - recipient: age1zwv4tl8ws6ke8wseenq4lrwcck3el2wandlgztefz9v4qdlnwu7saw7g8z enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnK0FEdDBxN0JjVXRyUFZO - Qk1KQVlWMlF5RFlpeHNtL2VjRFpmcU8vc0VNCmtkcDBVTFBiaW5PUVhrTExWVjFa - SU1UdlhrN21IUlZVejljcW5kZEx5b2sKLS0tIHhWdjdpTitrbUhNRzZucGpzeDZz - WmlRUnowa2lMNWpDT0xEU0htV0w3U00K1f/SO/FBvC9lIBzveBEwhopj5ryMVCmD - jw8AdxvmMwsCSfIROKkzMqiUs2zsj6FOMlYFI1Rb07mItSO2Yd7TsA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIQWRtK2NnbUprdWx0M1Jn + MFRWb2lMWHVVU3lPL1QyNWQrd1hBT29zR1I0CktlK05IcGFPenArbFdzVVl2ZVRJ + RFBNajV5Yk1NUVpXUis5ZkdhaFk5bkEKLS0tIGdHSCtyeWdLdzErVlF0UWZCSjJI + ZDZtWHNqZ3JjcXJDb1ZUd3pCQU5PTWMK0E2F5s2dgMKLkTxVEQ/VpUwOlYmBuriL + pnoUzPtaLZrwuhZ64l2WirPbPM8zofG5hr0+3Nf0jXgim0bsy9/1nQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-07T08:01:01Z" - mac: ENC[AES256_GCM,data:PcBpNRbCuv8/wkrI+zP/VkqBNkKG1coENkhgSy/Z3L1PQ4y6atqbQhQLdfzw+FDHqAn1IVCJirIzI4EGzT2iychn4gZlE7hcK6n0y4eeVRlWzI3pc8QgrD0CoYsa+YsM3fWDLSaY5vOVqa8puQDkNQIC796cOyePNfCnqX6wZWQ=,iv:g2JNSNLqt3ryk8KRU6WKc9V7Gb2KJqtxFsDb6ba17+c=,tag:3gZFQqYypdJAZ/vxinE3Wg==,type:str] + lastmodified: "2025-05-29T08:50:09Z" + mac: ENC[AES256_GCM,data:EiZ0zYKg3aLYjKzS0aJg9ydCwERc/TfYeI/mfKN9b8O9pMloMKaRM8FA+bipLl8NjHDG5r8S2WdqTVUnt5Pej7FBLwSTo1wapL7dZJOJYy56EK5/W5qApn2KsP6kyLy/UhMezEL1T1WHc2kHNaQC3AQ8gNysBAXQWp0uS+5fQ24=,iv:XBUvZxx0nI+0tqrs/NPr2Kzslkn2woBizajNdDn9zxc=,tag:wklPu7aqaSwLj+PX+EDYUQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1