b6c9fa666d
This commit captures the infrastructure state immediately following the "Post-Tyranny Tech" workshop on January 23rd, 2026. Infrastructure Status: - 13 client servers deployed (white, valk, zwaan, specht, das, uil, vos, haas, wolf, ree, mees, mus, mol, kikker) - Services: Authentik SSO, Nextcloud, Collabora Office, Traefik - Private network architecture with edge NAT gateway - OIDC integration between Authentik and Nextcloud - Automated recovery flows and invitation system - Container update monitoring with Diun - Uptime monitoring with Uptime Kuma Changes include: - Multiple new client host configurations - Network architecture improvements (private IPs + NAT) - DNS management automation - Container update notifications - Email configuration via Mailgun - SSH key generation for all clients - Encrypted secrets for all deployments - Health check and diagnostic scripts Known Issues to Address: - Nextcloud version pinned to v30 (should use 'latest' or v32) - Zitadel references in templates (migrated to Authentik but templates not updated) - Traefik dynamic config has obsolete static routes 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
38 lines
4.7 KiB
YAML
38 lines
4.7 KiB
YAML
#ENC[AES256_GCM,data:RdqH+wYWCgAVstaIUfbRv96cH+RrxFHh,iv:0Q5HV6Q/bg/oS6KtUBGjIyQMw8Zgty6osDh0oc8ipMA=,tag:6CzBxe9kN7Bf0yCdQefALA==,type:comment]
|
|
#ENC[AES256_GCM,data:CqCuxZQYtcjnI6gptclKrAAeRUctw4NtHLydoyDdrqYuXTKwHZs=,iv:+EJcbrL4sW2u22VZ3jsetOnCimPpftQ07OLf19z6++8=,tag:+3Dprdl79C1BZtOEF0Ii1g==,type:comment]
|
|
#ENC[AES256_GCM,data:fDeInmn8uIqJlBMUEzM0jBHh3so25g==,iv:jHekZqvM7G/93Bg3+0SAURNVh1pTbLmjMvOh0CXmTFo=,tag:HnRSv6MYdfa1Pqbf9ywGTA==,type:comment]
|
|
client_name: ENC[AES256_GCM,data:W5+k,iv:fq1/jwCzgkqPPdBb0ZD8mKAtOGCSkfTb2H9xJaRpc8g=,tag:uL9WCnsfybaT9nUCZRWAGg==,type:str]
|
|
client_domain: ENC[AES256_GCM,data:1FlFZwI9RcCM5yNN8lKz,iv:j2+yQ/ipOHXv5a0mPeoXOYqZYpew3/cxyL6i2x3EtDQ=,tag:HdoJ19j+Tg9gGrGdi83GZA==,type:str]
|
|
#ENC[AES256_GCM,data:Qp0bKgcF/I3fmkzQLYVgmNFZGo7K4na8,iv:LLNsKjHmTnTvwVp8PRsWGx+kgVlP+KMX+1kUF+BEWWY=,tag:L/ON6Xd+2LwXxQ4N2rd0iQ==,type:comment]
|
|
authentik_domain: ENC[AES256_GCM,data:dxG+fMJkp6DWw0YyFcwy2ybrmg4=,iv:y/n6oXUwddMfrh9GelEfcpvz0w/L0oLS3OEDlurxkyk=,tag:FPn4NGstNO+/zxKIRujW+A==,type:str]
|
|
authentik_db_password: ENC[AES256_GCM,data:qZenOCjcUeZezRD5KbwMFgGd6Bp0pJs85NwUcZKr9ZCVIVz0sK6IBthR7w==,iv:IBe2wdaEa+5rBpV5tnViviPJnlSKn7WaAoPe7/y+xpE=,tag:dO1PV5Ipb61RITiyq54jxA==,type:str]
|
|
authentik_secret_key: ENC[AES256_GCM,data:2K0ZNdyI8SQ0xeEHOe5Rgmtko+bQwd46pYdxTD798r/ngtT+m536PMzuGw==,iv:ZlvopRCOjx+dQu7faD+qYhKqkT1zFcdPSD1c+CNQMoU=,tag:jF0KgAXwsdHZ3m2TQRt3SQ==,type:str]
|
|
#ENC[AES256_GCM,data:O0Mvr5fB5iJMxjr2HxRYEFN+ErzvHYH/t9OPmasX0uoH8zC8bdrn85q3S2QkuGE=,iv:bmut3zKKAMl01hHNj6bY3X6CtzeDjKxx9AquLOaZA88=,tag:KN3VH2f1Ndtq4MRqhFCGzw==,type:comment]
|
|
authentik_bootstrap_password: ENC[AES256_GCM,data:+hkED2QPS4DI9WrXICe05unKFa7t/vfwgWW7LZFU/qt4g6Td+JyIRiXMXQ==,iv:d7y1w4Znh5dqL5jDREd0HSoMBYjaCkpkjpUu2yMtVJU=,tag:cXK+yC+6sDWAmJrSiH4JKg==,type:str]
|
|
authentik_bootstrap_token: ENC[AES256_GCM,data:qKcmlg4yGocun5azL3psNUGvgdTSCY9qI4qcJAoRkbZiUoM4qtQ9sYLZNmFkew==,iv:Vq77p4d0Ts57McXm5T9hPt3INBRAToxNpT4jbv8ORzE=,tag:OzpbZvmwws7wyWXf/91W1g==,type:str]
|
|
authentik_bootstrap_email: ENC[AES256_GCM,data:tLFpuy2pC4QBPmLOo7HTep7YPi3t,iv:6Jz7ORj12kw24e3RvTZEQI6h4Fqj7cN7e5ucNvbMtvI=,tag:t6UI4RdNTtsfIdArzoZ5bg==,type:str]
|
|
#ENC[AES256_GCM,data:6GO38RYO9CeicXN+AqbMUNUAU+cxOdTF,iv:WuhMYR74Lk+V28wIKJVXigeH9kuu4IWAWXtsacLGDv0=,tag:1Ec6KJq5G2tzqzWwSrzLGA==,type:comment]
|
|
nextcloud_domain: ENC[AES256_GCM,data:0t9HBZO0c1Q5996vhRpcKOgaW99RXY0OBA==,iv:5UgZu2r3ng/wRmv0pQWom7C/2Yp0KsIdE2m6h8asIIU=,tag:QtmCdmmkS8ZkUPjEbkeXdw==,type:str]
|
|
nextcloud_admin_user: ENC[AES256_GCM,data:qavi4rQ=,iv:4vZNZSyPrKfgiEmhAvmS0g6+mkQhhXB7cIVu1UHYDWM=,tag:k7PcSi+cIV+OUrfQJ2zXGw==,type:str]
|
|
nextcloud_admin_password: ENC[AES256_GCM,data:ijbkHPbCFNKQzcKb5pKNhNwi3loqap4+hNCJXryQHvQp+ANLjDKgpJEmWQ==,iv:cK3hVTvzDIektLJGvZcG28pv/j1STWcHjZDW+2WDeXQ=,tag:yNeK7k/oWjp5n9c1SVXB7w==,type:str]
|
|
nextcloud_db_password: ENC[AES256_GCM,data:Z6d5EatnFo274B5p+Nvm6RJ+ZrFPXb4hcIa1w3Sds7KiruBUTO5gOaS6LQ==,iv:XfzBxp3Vx41imjj7r2b0qlp7bsNd8xzfMcFpTj+vhIM=,tag:b5ZYfiNnEiyMNHA7PKN9fA==,type:str]
|
|
nextcloud_db_root_password: ENC[AES256_GCM,data:f/XTZ2Qi1436d7sAlxTwblI7C+RDCXci2rEpOtjFkQ6AvzJh/Glnfah+6Q==,iv:VIvUU/Xg7hdHM2EL28L5J6dMNq4Ja3aAqz4AqYj5coA=,tag:S1wlmhruRnMeK1CcU3d1UA==,type:str]
|
|
#ENC[AES256_GCM,data:6nio7dp/aucjQ90gvMB2vtp3gaT0fGlpHo43JF4=,iv:X/J0/GVAc6r6iibkeF75+rUNho+QNrogCf8Z1ytZmVg=,tag:l2Z3qJHpa57uaH19Qam7aw==,type:comment]
|
|
redis_password: ENC[AES256_GCM,data:7Y5aJUlLRAflGnwfAvVmuRsMSFf1BuX4wqttSUBH2pd2Xo3ni/sUzwFwcw==,iv:0LAtF5Ok6DMXQs/OdPNClkX6KoKmgHBgDITzLJ/x8i8=,tag:AC4IdGdXQKtjj/TNXJk4Pw==,type:str]
|
|
#ENC[AES256_GCM,data:hmPRuxO2AUuutHtQFzCVIwZa89QefbPwoy8J2BCvyMcqwdnk,iv:ttxTseQfYHpC5HAnRbQ49kOXLrAURsB0S85+AK/sSWs=,tag:Bay5IyyPbc52Ei/Yt874Mg==,type:comment]
|
|
collabora_admin_password: ENC[AES256_GCM,data:/YRfkl8HNjzaWGsjKr8X4j6kQqQ4BisuvcSiCWkI0M4FnlrrS7mjsIfwmg==,iv:wRY623bkVdilZl1KO0NpNrW+1WVOGCQmFPuHKHQWUok=,tag:x1bIVqiiKNgbUbWnsTcSbg==,type:str]
|
|
sops:
|
|
age:
|
|
- recipient: age170jqy5pg6z62kevadqyxxekw8ryf3e394zaquw0nhs9ae3v9wd6qq2hxnk
|
|
enc: |
|
|
-----BEGIN AGE ENCRYPTED FILE-----
|
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSMWVIajJsR1Y2amY1aEhk
|
|
S2hzMXZxU1p3bXlSdmkrazlKU3ZMM1dGSVhBCnJST2QxaWhHOG4wV0NVVnp1VXNL
|
|
Q1RpWTUzWVFmOUdEcjVPcUFxa3hPcFkKLS0tIG0wRGVuVldoL09oMStnMWhnZ1gz
|
|
SHNhUjQxUkFUdVA4dGVvRHlKWFprSE0Ki4fdUq6+Qo94Agl/3/+BQC+Nv+TTNhzv
|
|
mZhzHk0eNJBbnbMpF7iGgupmSFb/i84KuE5G2d37d2WLAoyGXfvong==
|
|
-----END AGE ENCRYPTED FILE-----
|
|
lastmodified: "2026-01-22T07:17:12Z"
|
|
mac: ENC[AES256_GCM,data:JplSf3ioj3e7c/cSItAH3celI47WChGs4f+VyEPPoka5aYoBfFghg9pLAK/G4Kfp9xle7ePQiskf9kdQtchmT7AdO7KhzI6/5A4Sqd7nuErASE6WXFQNzUT6cepeUO8/bmkUajkiJLkNM27taVgL1JaK/yf85jU/NJa7q1DoUbo=,iv:oOQR85sm+7ZbXW6h7jhHtP3COYOH2HAVP0aauVualeY=,tag:p8ov1f+F5O3dhysrsjipBQ==,type:str]
|
|
unencrypted_suffix: _unencrypted
|
|
version: 3.11.0
|