b6c9fa666d
This commit captures the infrastructure state immediately following the "Post-Tyranny Tech" workshop on January 23rd, 2026. Infrastructure Status: - 13 client servers deployed (white, valk, zwaan, specht, das, uil, vos, haas, wolf, ree, mees, mus, mol, kikker) - Services: Authentik SSO, Nextcloud, Collabora Office, Traefik - Private network architecture with edge NAT gateway - OIDC integration between Authentik and Nextcloud - Automated recovery flows and invitation system - Container update monitoring with Diun - Uptime monitoring with Uptime Kuma Changes include: - Multiple new client host configurations - Network architecture improvements (private IPs + NAT) - DNS management automation - Container update notifications - Email configuration via Mailgun - SSH key generation for all clients - Encrypted secrets for all deployments - Health check and diagnostic scripts Known Issues to Address: - Nextcloud version pinned to v30 (should use 'latest' or v32) - Zitadel references in templates (migrated to Authentik but templates not updated) - Traefik dynamic config has obsolete static routes 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
38 lines
4.7 KiB
YAML
38 lines
4.7 KiB
YAML
#ENC[AES256_GCM,data:X8JxD4BECdQWMJOyftwbTW7pBJEHehWH7Q==,iv:VK4F7UbVeopcguqEwLI7cBdICcytulUoxKEqECHcZ54=,tag:WQ8SQL0xqH2+eJGUz+1lDQ==,type:comment]
|
|
#ENC[AES256_GCM,data:WAzAQ435o5E0Fj+lgpo5gAkheXyzK3Omp0EMFVR8RZZhQm0GwZw=,iv:HzcAidUAkkUJP5EIS0O2YeKgqOG+R154VgsLp1dNsdY=,tag:+FZcAlcn/QT7+aIn7zUitA==,type:comment]
|
|
#ENC[AES256_GCM,data:616IuQI+u1ctI0ZjZGXkBConJChApA==,iv:hY4NIGMVPYcbK0/vydVUOU/1bZVnS9aHlRQJie9Kz6U=,tag:/ZzPoERMGTn2IlnX9BTClw==,type:comment]
|
|
client_name: ENC[AES256_GCM,data:V8A2Gw==,iv:v5bJbo5ysVSQsAtvfb8fDcAYfH3agvcDgRp0DvZOS38=,tag:BG1XTCTa4Y6l2GlTuz5skg==,type:str]
|
|
client_domain: ENC[AES256_GCM,data:MUdO7f/2ztG2dIGtATQLHQ==,iv:IQ1xqLjWNnLQYvGi/+TfPkfQREasTiRQQVigouXXCVs=,tag:YwH+/6OMHTGu2ahEPlax4A==,type:str]
|
|
#ENC[AES256_GCM,data:ZUq99t7RcJlDCdpTYhb4K+wHndvNW1H3,iv:J2e5O2MJELpBpCc2bpYZ+HsEhcntAUadzXnyWq/UX9k=,tag:Us+MGcPbKnnCs75INrSU4A==,type:comment]
|
|
authentik_domain: ENC[AES256_GCM,data:Sx7o6OyxPnG1v7Icj19nwGdpVsWO,iv:jqV5WvIMzPxr3AcSOuxAa42pfAzmopNTxBh7jRKwHRI=,tag:QTwm1CXFAbXeuwR10HMO7A==,type:str]
|
|
authentik_db_password: ENC[AES256_GCM,data:o5rhEeBS5+Ek+QvGjOOgFJDQ7Yfucrt/JmZzXlgVX3FIjfwO3Skxlievmg==,iv:JXkgThh+ZxRJBSy4YOEj4DjwiyqBrhQvt3ZFUEaDKCU=,tag:cZ1zpLEE8/6dXFOVvEnHmg==,type:str]
|
|
authentik_secret_key: ENC[AES256_GCM,data:ssWAhp/pg4XfABAJL1gPMgyE9+Mo71zoPXRx7YmoPJ/aEdFNi1TrIB0Bzg==,iv:goQh+6G4hdnUpEKSbNtjP+XObhPNfG2traUCQsiJH04=,tag:ShvaYphpi4AIBJJOPzPWww==,type:str]
|
|
#ENC[AES256_GCM,data:SKCv5gSPF1ysKfQ+QGzjQ2NO1GZKfDMleKjqIg0u4SlaXWtT+E+sLcy2PVu6diU=,iv:81vttO11NXLK2y8puLbCUsJ0xIpdHF9+lj6A13gaQMU=,tag:TywoZTCgTXXRcRLQk4DB1A==,type:comment]
|
|
authentik_bootstrap_password: ENC[AES256_GCM,data:fvX2aNQJBdOWvE4QQyga8mxyrcu4OZu1c89+50SUZVzmYDLdBcfyQwkxFw==,iv:3CFgyMuJ2RFAHQ6dmtrNXWer0H3E9zN1p09JvxKpc54=,tag:W/zOxs3vApM+ZRfub6t0Vg==,type:str]
|
|
authentik_bootstrap_token: ENC[AES256_GCM,data:8tLCJ6Z+2qMUlRNg+AWw+VzRDHu87zughBoGhlTBKfRou4uidVytuj1isdkDig==,iv:y5kxepewo/2ztPwqlZkXsswG/8vGUR6MGaor9RT2nQw=,tag:hKQVnH7yHpHfkKwmHa7ISA==,type:str]
|
|
authentik_bootstrap_email: ENC[AES256_GCM,data:UQNBlZx7C3nu100NetfILGF3IBxg+Q==,iv:Xal8Bt4uRo+SIVbnJVEcB8etzfb1iu1D+84hrxzgRU0=,tag:v2EdR2odSljwEQ8e8zLo+g==,type:str]
|
|
#ENC[AES256_GCM,data:g4pOBP6xgObrVV1k0raT09Nhj2JeTWOY,iv:Qg3gUFdStMo8f9td6wtCMeB0Fv8Ubnn89qpxxKhCgBs=,tag:aEnb089WYAVlFR5y5Klwgg==,type:comment]
|
|
nextcloud_domain: ENC[AES256_GCM,data:lkPMXA/txIq0gsqxpzvD7ludBrEN54FZ3+o=,iv:YwrMdtFwRvzyutZNZxsjQHUxE8Sutgf9wmkXTDVIr4U=,tag:9xn11iq36DNzx9+h/6rwrg==,type:str]
|
|
nextcloud_admin_user: ENC[AES256_GCM,data:rp89lXA=,iv:6aAgoa64CMZ6vH5t/b6Szq4v6tZezwi4GptozGOsVQg=,tag:4Ju7uFSkSGWHzEUE0dPqxQ==,type:str]
|
|
nextcloud_admin_password: ENC[AES256_GCM,data:jGsQKNfActchwAMWWIBBLIW/c4k2WOr4IYWbnojOrbWJQdl19KKLrll0pg==,iv:zjfQc5Q6aDY2nwNVMbsVQWy4avKYM8CcY/13PN+XCZA=,tag:piJV2/Zd023MdS0/fYD31w==,type:str]
|
|
nextcloud_db_password: ENC[AES256_GCM,data:EBc95vFsEjz/HliVhMqM1U1KTKgUisbeq+95lv+Dr2rpD566+d4awJ75jA==,iv:/n9IzxphJ2Aa1N+nGEjVeEPdFHyIRyonqHokkDILxcc=,tag:UzWYPqZxx7uGc+PaDHje1A==,type:str]
|
|
nextcloud_db_root_password: ENC[AES256_GCM,data:QVHxkAfqgPDumApqaHxq4yyiH2XPRKcb///mgze/h5z9AGxTuiBK3IH9BA==,iv:UBzZQkq76BjmEGJYOV4qwEI8k2RDp8MMPDtQflsRUg4=,tag:iIBaM2JTf7GNene07YSGoA==,type:str]
|
|
#ENC[AES256_GCM,data:o9j52wW0iZ7JeaI3JIk2/fSVSvZfuROHdINsnCY=,iv:VErcoWYwmZmMj+3SYoaxt5+Rh5IY2SQoely7CgQDQ/E=,tag:/2wit+v7QN3UIJlcyhvLqw==,type:comment]
|
|
redis_password: ENC[AES256_GCM,data:hmk0W2v4NkaWtBeX7UyoCB2jybvCMELG43YVQkfhV3p56RrDZN8l8R903w==,iv:tAPVgNHCyium1zpd+SmZLjwv5a2X4yCPI9tS3dNUcXA=,tag:ddwibQhE+srBNz5WXS1jZg==,type:str]
|
|
#ENC[AES256_GCM,data:gSdSguHeDnzgAN0RqsgA4XYgSrrdFHAtZRSTdOucoxJOPFjW,iv:POe4KMzLrzHMeeX5lk6mrMUQNc41MqbVjw9iIetnFqg=,tag:L6yj9NpMbEYWzK4x38aLKQ==,type:comment]
|
|
collabora_admin_password: ENC[AES256_GCM,data:TkZZxjmLtKK1pdjq4KYIDbDv4zVhubi3NDDESzn6UY9jmcoGee6Jn0PgBw==,iv:nYtxWCejET8PvjiFIXgaPkt2CKgwRMekDI3zFH6Qpnk=,tag:NLKQqtIhjYcthIqt+unGaQ==,type:str]
|
|
sops:
|
|
age:
|
|
- recipient: age170jqy5pg6z62kevadqyxxekw8ryf3e394zaquw0nhs9ae3v9wd6qq2hxnk
|
|
enc: |
|
|
-----BEGIN AGE ENCRYPTED FILE-----
|
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpN2hTWS9pVVJtOVB5Q0hy
|
|
cTZnOWxMcXkxZ3A3S0VxTDd4WkVJNXZ6eGlFCnFqem5MRWlsWnowTEI1amJUU1Rw
|
|
Mm9XcVo0WHZQQmVVYTV0Z0lNc0l4c1UKLS0tIGJjNldSd2xhcWxpL3ptb2MxbGky
|
|
bnRCZ0JncVNQUlgra2k4aU5OODlidTgKZzrZKcXDtkz60fkDdSqWLc4/Amp715Lt
|
|
jWlD4nBRPP4EE9lx2k6Nzasms3Kd7jY6XSxM9kdyYMJnw079FhO7oQ==
|
|
-----END AGE ENCRYPTED FILE-----
|
|
lastmodified: "2026-01-21T10:19:33Z"
|
|
mac: ENC[AES256_GCM,data:Gx+21yPz2TVWBGtn8kAI9pqPU/90o/E/PTSqGJD3aUx+vdmPP2rflV1HBX6Nz8zr3A9a7UDMpzLejGb98B72pOnU31xAKlq22b0MaIlQdg33TL3OKxwwEewPtvhDQDWCf2IrTQtC2SW+Hn1DaV0CxSb58GZWj/NXtVAyq1Fd/zk=,iv:PI18voGa40uB4pJt1PHGBTHAcTfFXLIqzO/z2tHjiPY=,tag:szewwRMLvC05K7fXKbOxrg==,type:str]
|
|
unencrypted_suffix: _unencrypted
|
|
version: 3.11.0
|