b6c9fa666d
This commit captures the infrastructure state immediately following the "Post-Tyranny Tech" workshop on January 23rd, 2026. Infrastructure Status: - 13 client servers deployed (white, valk, zwaan, specht, das, uil, vos, haas, wolf, ree, mees, mus, mol, kikker) - Services: Authentik SSO, Nextcloud, Collabora Office, Traefik - Private network architecture with edge NAT gateway - OIDC integration between Authentik and Nextcloud - Automated recovery flows and invitation system - Container update monitoring with Diun - Uptime monitoring with Uptime Kuma Changes include: - Multiple new client host configurations - Network architecture improvements (private IPs + NAT) - DNS management automation - Container update notifications - Email configuration via Mailgun - SSH key generation for all clients - Encrypted secrets for all deployments - Health check and diagnostic scripts Known Issues to Address: - Nextcloud version pinned to v30 (should use 'latest' or v32) - Zitadel references in templates (migrated to Authentik but templates not updated) - Traefik dynamic config has obsolete static routes 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
38 lines
4.7 KiB
YAML
38 lines
4.7 KiB
YAML
#ENC[AES256_GCM,data:cFXXRzZN0YJo3753ddtm6Vmwd7dohnNB,iv:5wcry5rmrnt6T/XvWyur+9OjtldCG5Uh2TzsrkCrrUw=,tag:hCJyYykGD022Ma8Tgg5DEQ==,type:comment]
|
|
#ENC[AES256_GCM,data:tYAvFjb9UaNfUHna2TUSbToTWoCWeSMqRsOg/BKVXsYGXHsw26c=,iv:/Zq4X+tLG5JUW0lKKgKGG8LGIZyUm41qNBt0z+rlLkM=,tag:xp6hu1SP5XcvywbBiSUNBA==,type:comment]
|
|
#ENC[AES256_GCM,data:C9PD0hxLSYziPKFtMF0iPBwKmRvRaA==,iv:SXZM73Ji58Elofp3VZaQn8M4UtJwP/tKWwIrz7gC9d0=,tag:jmi/H++J8k1Ye+MoiaZiIg==,type:comment]
|
|
client_name: ENC[AES256_GCM,data:J2hy,iv:4NLXMybg9pLYE0FdmY2rA95HHqp0hQpzTKQamVU/iGI=,tag:zvWyNEYWLawkofC/6LkwLQ==,type:str]
|
|
client_domain: ENC[AES256_GCM,data:llq6A/+Ec2U+wfNlIbwo,iv:c3Adz8n/zZyRjI5hvfvna03O9jows90nLIUachXlYRg=,tag:rTVpYHnfcJ3KVbXhhjZ0lg==,type:str]
|
|
#ENC[AES256_GCM,data:UdcsUJJ6sp6mgH/jKLpOMYzGbFT98Iup,iv:AB5gxNZA9XZMXMb4xIdgIuYtrP8ofHe2LS/9XLtR/Ns=,tag:N7AAMIQSC0R5vUaA57eJWg==,type:comment]
|
|
authentik_domain: ENC[AES256_GCM,data:ZY6Da25kkibJknyKWZ8ZdxAwWKM=,iv:s8eHMs03B9vaJVCAdwmjxI0QVCAu6i+T+EhjfrNnzSk=,tag:dn69p7W+8vSiZjQLWgV1bg==,type:str]
|
|
authentik_db_password: ENC[AES256_GCM,data:pwmuizt3MYFA73LBJt1Wbdf+HP9EFf0aEtn50Dlq2JSFOiZ8Qv9nVqxwCw==,iv:CyrBEcwmzEl8e+YuA+mn0APr92vmOB98/26lA0/IHcw=,tag:3GkNlrId9oO6BqZfOvwqrg==,type:str]
|
|
authentik_secret_key: ENC[AES256_GCM,data:Yx4GJ/hxR0gmCWJ81gocm16bJ0/fXjAvohTFiDgEa7jvC1ljdyMoQqLrhA==,iv:B+OX3CRwnrLwJyz5aiavAyPtJ16E6q6yxEd799SMd2A=,tag:9uz6r4GIkzenhKNR3FQErg==,type:str]
|
|
#ENC[AES256_GCM,data:B0WMvhOYmRksSGi1OepBzSB4mqtMLMlct8Vyvw8qRBCPEfpEt2W5VCZiH+jeZMM=,iv:gkAPY6y/3elb9sy9mRDSHrmTheUzpJyX1rmoiPxewMo=,tag:VYQLsobXMAJEW0gXIXkhXg==,type:comment]
|
|
authentik_bootstrap_password: ENC[AES256_GCM,data:coX1Hnrc+F+3T3Sy1B51KHP4k4SMW3ZkgZf1SpNtZ+dIc15Q71zot37oMw==,iv:3JM+zkLPw/6KAF6tc7i4m56DceoEdARNHUr6yC/WENk=,tag:t+MDE/MMQaW4NO9QR5OQiA==,type:str]
|
|
authentik_bootstrap_token: ENC[AES256_GCM,data:fhu1YN6m/uEzfG3o7BOKsT9VTaBtCeKuyNuXM0PeSoHyU6k0qNuSYw/6WR5d0g==,iv:xCYycjjcHP3twPXl4XhKW1bHTCXPftequJVKCFsCiKA=,tag:aZO2Z6vE5sk/gEHzgCUlbQ==,type:str]
|
|
authentik_bootstrap_email: ENC[AES256_GCM,data:pg62YN9Cxonx2CKqIW5NcGg0KBeY,iv:cjJEvktvIxK3/JWIag6bjvwRrjNhDPdyNiPVeX3VSBM=,tag:XVi1D580alFObJ6BFV9RPQ==,type:str]
|
|
#ENC[AES256_GCM,data:8UpgvcLkQVNgswP5iWwXcQcW9HwZu2Z3,iv:12Cw/oFng9axBRbIRFaM42GD/A1P6AclpTgIBPzcl/Y=,tag:en697guyZFldZksLUJIJHA==,type:comment]
|
|
nextcloud_domain: ENC[AES256_GCM,data:Qa19+SbFFhsoDNIYU/ACbjDRRNgy+6FOVQ==,iv:Q1HNTN5ZH3ONVutQOd/hyD6atygWQHuY5/koBBLOXuc=,tag:YunsxVm/xzzyQ5rx7Txzdw==,type:str]
|
|
nextcloud_admin_user: ENC[AES256_GCM,data:VPYQtRs=,iv:YispewRIBRrK6YhcZaHZTwFdhxKttSH3DAK+hgN2A6s=,tag:ixvRfNGyp4Y9cSQGzFn46g==,type:str]
|
|
nextcloud_admin_password: ENC[AES256_GCM,data:ODbwiXHjY0hmsXntw5vJij+nbRermqzpa6JpGnWj/UoVKAUQ4du775B6lw==,iv:ekg7/uatEVVeNHKhHOO7oHyEcCNUFKlq6rI/McS4p2Q=,tag:x9K7k/p26OFlsviAz4ry7Q==,type:str]
|
|
nextcloud_db_password: ENC[AES256_GCM,data:eJ1F04RtCyvUiQCvTieO4vw2z9NfOM6xu1S+0PgiYiWlXs64dQTApmUffw==,iv:Zyd34+tO/fTxGvh3KSooJnRdRjiphWpEvq1rKbFWX9g=,tag:Cg1sAq4MEkdsmdPnVjtmdg==,type:str]
|
|
nextcloud_db_root_password: ENC[AES256_GCM,data:z8pwAs1zAiXMzRhPLBKN3A7+f3gjUE/r81RibYHjURW19a1wojCDRTWzsA==,iv:cTSBi/GQfdNelrMdx9Kk/1fHw6hAYkbHwr7d+RxeP6g=,tag:P0gEvkLPD2dgsQ4WeChIoQ==,type:str]
|
|
#ENC[AES256_GCM,data:bYmqsHYv0hR6QiitGEvco8hdJucVswww4k99bzM=,iv:v4wc2jKZX2AkBGtrJt+U/qO4se6ofywEtMaK31KoolI=,tag:bD+m6Zq6+tMzdsT2F2hUNQ==,type:comment]
|
|
redis_password: ENC[AES256_GCM,data:5Z0VjXCe3xuj+e3BJYF8CbTtIhzmR9xg8KzH8ex5YgBdCybeaOnChHTZDA==,iv:L32kh4eRibIwfXVUKKSGrDp3pRU1SqTijdCPptE1zdo=,tag:lih8faQbuU+s0vRlDr0Jvg==,type:str]
|
|
#ENC[AES256_GCM,data:wqtWuZbTZK8R2J6ZwpjtTm9t6qS94CXs6jaeCsKRE4xZHYyH,iv:fqmSzKH6FZExCTXcAeUI3Tm6bGi4YIHTPf4xudiXQkc=,tag:M/2xo3pg0H88qH/1KrdOGA==,type:comment]
|
|
collabora_admin_password: ENC[AES256_GCM,data:5qyQ6XynQuq+v5u8FPXf06BsktISFYU8KNiXFmzQDJVmFFVDXkvzDGV4Ww==,iv:UJoESZc44w86WXmBjBn7H/s4hIIyH82uxVglzyS2QaE=,tag:uGxoDrQm4Svoa16qcb36FA==,type:str]
|
|
sops:
|
|
age:
|
|
- recipient: age170jqy5pg6z62kevadqyxxekw8ryf3e394zaquw0nhs9ae3v9wd6qq2hxnk
|
|
enc: |
|
|
-----BEGIN AGE ENCRYPTED FILE-----
|
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMVZLbGMrU0tQYXlDWGVl
|
|
QTRCK24xeUVBSDdCbngzVnBZWDRwNHM4dlRFCnJGWHZVdVhvaDNsK2RnbWllSE83
|
|
QkZiQ1JNZDdTN01CdkptSEVQZXp3cDgKLS0tIHJYZHJDNE1RM2tMUkNNQzZkM0d4
|
|
NlRmUTJqeTZ1WXh3YjlpdjNtUUh1SE0KJiBOBEpS9fCSKfVCBm67SEKXXdB28MYR
|
|
muE/oTBKiF29OvrqcqnLadYcUOH25E3x8OhAdUmrTBWXjvx7dpU9Vg==
|
|
-----END AGE ENCRYPTED FILE-----
|
|
lastmodified: "2026-01-20T20:37:31Z"
|
|
mac: ENC[AES256_GCM,data:9HyYYcQ3TqiI/CH156jGSmby1edRy92Jj2Uq6aLzAP9hpX7SIo5GGN2wnxg4s2+r+W5lNSnq1EC2UZU9fwwr+y1qGu9ObwCAuQ/W88/Jb2hyXcgvpaIhnhH7DmVVV43gMjaypWgBe511lK7lI/C4Tn4nlYf3ui4denK6HYzUCX8=,iv:mtIiYTSA9DjEwfEfLYznmMJ+1wugx2UmcVuwOtQ2XLk=,tag:6R+u0GVGbm0T0bt9TqVo6A==,type:str]
|
|
unencrypted_suffix: _unencrypted
|
|
version: 3.11.0
|