9571782382
Fixes three critical regressions from previous deployment: 1. **Mailgun SMTP Credentials** - Added mailgun_api_key to secrets/shared.sops.yaml - Updated deploy.yml to load and merge shared secrets - Mailgun credentials now created automatically per client 2. **Nextcloud OIDC Integration** - OIDC provider creation now works (was timing issue) - "Login with Authentik" button restored on Nextcloud login 3. **Infrastructure Deployment** - Fixed deploy-client.sh to create full infrastructure (DNS + server) - Removed -target flag that caused incomplete deployments Changes: - ansible/playbooks/deploy.yml: Load shared secrets and merge into client_secrets - secrets/shared.sops.yaml: Add Mailgun API key for all clients - secrets/clients/dev.sops.yaml: Add dev client configuration - scripts/deploy-client.sh: Apply full infrastructure without -target flag All services now functional: ✅ Traefik reverse proxy with auto SSL ✅ Authentik SSO with email configuration ✅ Nextcloud with OIDC login and email ✅ Mailgun SMTP credentials (dev@mg.vrije.cloud) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
38 lines
4.8 KiB
YAML
38 lines
4.8 KiB
YAML
#ENC[AES256_GCM,data:Z5yDXg28JTSIUtpFsI6k71ToslPeU4TM,iv:CzLHfKk2rwbuTK73ucm8vg19SEbYkHGsxao8Fxj0smk=,tag:JNSvnD7tmngOTiccRlTrHA==,type:comment]
|
|
#ENC[AES256_GCM,data:SkLXnxlTpEUo4RUP6EU5h2hMUjHYpOkl8Ndjv+jyncXVgMXxfYw=,iv:7aoaONvTIOE4Pu+MulBR7mhJnIjVRNrlMV+d8G+sGG0=,tag:hShCDFAKrW6cWnJd2vL+Og==,type:comment]
|
|
#ENC[AES256_GCM,data:Rv664eaZjj1MfU6HcZWilrz5577Agg==,iv:EMZwUCMQXrdewyLY5aZPcshMGkx6+k/jBalJ1ByAj/A=,tag:ODdGpf0id/w8aDYNrdWEFg==,type:comment]
|
|
client_name: ENC[AES256_GCM,data:sLox,iv:iC2so9WyM58BYmMrmfcWXodj4a5wSvzyWsCVe5WbnX4=,tag:AfwOoFQpjpHqbXWxXO8Eeg==,type:str]
|
|
client_domain: ENC[AES256_GCM,data:7F76Vt9k0TIQGiuoPW3O,iv:OpYEYhEKCGkRMUgFhGi+Y/uM9P6XLFv+WMmYHLKeQ0U=,tag:HbpOb/J8hpSdNDVv9A07TA==,type:str]
|
|
#ENC[AES256_GCM,data:XBQwOaBVIkcfKXOYKA/CYe3XWDG+Ojre,iv:sMzd/BIOtDuQo+RsoO393DmPlZhY/X/jxSdI3j+T2aQ=,tag:iPf1+jfQE9n0KkZjHWvXUA==,type:comment]
|
|
authentik_domain: ENC[AES256_GCM,data:d5ZVFyfPSJj2DcFQwEB00uh4flo=,iv:dMbMQTo3Vx35FE1471TPGP5iYvYDdWO43Ic7Z6GAEB8=,tag:W4CSgVpxt/eclakj5qtu3g==,type:str]
|
|
authentik_db_password: ENC[AES256_GCM,data:kQ629SlJW4WgWu5nUOxBs5p48EJb478Q0qrbZfvgbBQTrfPQnaneFJQyrA==,iv:9puxfMZM2t+qkZjjlmaUCsvlqA9oXzxLLJ9oZ+HkSec=,tag:UDsVLqWDaAjR+sQS6/OBow==,type:str]
|
|
authentik_secret_key: ENC[AES256_GCM,data:h+R7rHTRikUooMeQ0z0La3qZ7bknHTerHVJBTs9mFhoOQC8uO2DBaG3FGsZRTqWy5sBidegjp4r+6oa+aubF7r0Gkg==,iv:UNpawp0bf4koib7DwgFxdRpOFV28Ktwjdh2Pa0h/Qmo=,tag:cqvWwYzdSzaGBaMOEXTszQ==,type:str]
|
|
#ENC[AES256_GCM,data:YJzCkx97cHc9lczEzpVaVytMEK2cahn9PJ4luS4mzBAhQnmLkWKRoUg8wfjCyIc=,iv:tWj6FMYXd88CUohJ8GdZI17JVFuEk+07yBHm4kAk2yI=,tag:WwV1C7GmvevyNiSzco82Eg==,type:comment]
|
|
authentik_bootstrap_password: ENC[AES256_GCM,data:Y1yMVyRi8Ce+TVZwj4RU6NHN4SvSD3GYfk7Fi3IsQmdCAKgBEDZYI8Mw/A==,iv:npBA1hpbe7ttD7lIDTD2ZxpRsFzohGCiLISNKeNsY18=,tag:jDCVHp8ATO0TyOSn8J0frg==,type:str]
|
|
authentik_bootstrap_token: ENC[AES256_GCM,data:IGEwNd4ZDoyLILJ8NEw2Qp6CyfCXrmvHlnjygUl6qIj6vKoHys9zkk2ZiFYAolYcZXcHq3569q9yXQMvYelb,iv:h9p3JNDZgr4gz2PHHnesrVPtwTVbSn48YW5u4iy163E=,tag:Lu6z+K+LhVt9LFyOgmmUWA==,type:str]
|
|
authentik_bootstrap_email: ENC[AES256_GCM,data:P7Bb+RruJlV9OKW8U5yXZGRMKTjJ,iv:paFh41RaJO1Nu0ejrxgYXpKlZMdDLCVt810hiSgHxUg=,tag:8zw/0N+pJdeLVm5flY6O4Q==,type:str]
|
|
#ENC[AES256_GCM,data:/5TakPAsaXrgkk0qvexe1kkG6ltsWQOQ,iv:TWhQrknF38g3hVTwJ7RIuSbHJ8Np07BhhN0MtfSyQLY=,tag:gdwRtBhXDsHeDkt8AWYk7w==,type:comment]
|
|
nextcloud_domain: ENC[AES256_GCM,data:XCnxio1Yk5xqhF1GpQmZ4BhvVNnweZWBDg==,iv:bBGbn9AmrgmeGJRToXb/ujl3eInltaFV/7lmazFRM7U=,tag:B/WbLePFK+uRMwIIOPItaA==,type:str]
|
|
nextcloud_admin_user: ENC[AES256_GCM,data:Xvw+QHU=,iv:IFGiGOv+ZI7R308nNrQ4SJPZtVP0dU5IwH7lFpOhBu4=,tag:Sb5SvUBYNg6Oj0PKl9+2Ig==,type:str]
|
|
nextcloud_admin_password: ENC[AES256_GCM,data:uTLqkEPoq17bTkBxGpMak7zkqc6h2fhx7VJIEzZ9RGU13vRbgcIoO4d7jQ==,iv:Hub/66fCYFdK7j4Yc+5IBFbAM4WafgUzFpnnWbDbQVg=,tag:Awq398GYFRwreYGmqLP+cw==,type:str]
|
|
nextcloud_db_password: ENC[AES256_GCM,data:1gT5rj8buyyvyCfv79BWuZPmAEH++4jIMBbVsdkqWMq3YiQSFAtQDpCEVw==,iv:qHvP/Tf1d+zHMHMnCQ5FK9tU+bQtFJbDxCtB5JAlZhg=,tag:qrvMW5rnlCt+dFCNvAso3A==,type:str]
|
|
nextcloud_db_root_password: ENC[AES256_GCM,data:IvfUibOFhW5agn7rxRtM4W6SN4WbwOmc/UzDC+u8NBBK9ZV5/yAQbd+3oQ==,iv:yEW/41M+YJnEyCne3DzIZ4+h+p0xzO3b8ZC6ai5MquE=,tag:Gu+xADBxeQnLPwAiQ6BFsA==,type:str]
|
|
#ENC[AES256_GCM,data:mC4JlJLFFT6OuCHt8DH/uKuXtX2x2zHu2y0+MKQ=,iv:yOrqx+5ZR95b7Bn8BeKexwsT/crpX7kOMom0bdGBTCY=,tag:ErSgI32zshgW3MPT4MZLlA==,type:comment]
|
|
redis_password: ENC[AES256_GCM,data:VBAJRe3cO5rt9TJ1N+YUXg6pDL27UrTtJ6rXQtzBxWToF1E1/4DWxr90xw==,iv:nowHNAqbD1qlTZYaGxD0KCFS4PfBpP9e5XQbiBRRGzU=,tag:4vVp1CLOpaXw3i21BrQiaw==,type:str]
|
|
#ENC[AES256_GCM,data:ZsI7f5v762m7M3g9AZQILU8EFokmKGAKFvPPyJj1uLu+aYJw,iv:HVvYS0XgTUUHNUVuYRXTzeXJYBHhi0XXCMy1zRlVfAw=,tag:huhPxsQl9W23KhM4RZs22A==,type:comment]
|
|
collabora_admin_password: ENC[AES256_GCM,data:74+2efnEZFRStWaE7Moxu2m89H1EMhNhsvBw4eJu50HY+8ltmSqagYLrsA==,iv:IWDpO6MfTwH4HJrIWti+CVRtGfe5q8bRkemB46jLYPM=,tag:DKEiE84OZ6RVClz4L3oITw==,type:str]
|
|
sops:
|
|
age:
|
|
- recipient: age170jqy5pg6z62kevadqyxxekw8ryf3e394zaquw0nhs9ae3v9wd6qq2hxnk
|
|
enc: |
|
|
-----BEGIN AGE ENCRYPTED FILE-----
|
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWUXloeEZMcEt4M3kxL3U5
|
|
MXpiU1c4Vy9uTkVDL0R3Rng5N25DZFhPTUhjCllyeU0rbEp0SVFTLzFNUVJscHhv
|
|
L1htaUt3S2pJN3NZQ0UwTXpReG9NcnMKLS0tIGpQbnU4SnRyb3RzeCswL2t1d1Vt
|
|
aTR0SGowcmdBdE9GV0pDV2hUajR2QzAKZupaPPPAgagGrj88sVZF9/SbmLpZIBJC
|
|
EyKmyzi4HR2cb541LVTFY2FCBX3oy6xWbt6omCqnmnymAqD1s8IaTw==
|
|
-----END AGE ENCRYPTED FILE-----
|
|
lastmodified: "2026-01-14T13:32:54Z"
|
|
mac: ENC[AES256_GCM,data:q0NindbnNfVCnzr7fgvWUPZlk5Dw7rIMhDqCCaOSdYJaJ+gLTbmO1eaG2rA/Q2u7ATYge4AV7rxuAAMk5kws7btzLLJjnZ1pVpmoOGuKV8Py1+6d3Ah7Lzvn4Rgdi3b4VHL5N2e967yodqFRz7WPGoqeHGnjlijYh3/gOYOfmNQ=,iv:UCi3Ar6Vq79RFcY36giDX79fQnq0wPnT1hoBB/JyVhI=,tag:MlqjepPQDl4i1ddYG9o7oA==,type:str]
|
|
unencrypted_suffix: _unencrypted
|
|
version: 3.11.0
|