timtinkers.online
My Nix flake for both my desktop and homelab
PDS SMTP support + slight refactor/cleanup
+2
-6
.sops.yaml
+2
-6
.sops.yaml
···
9
9
- &nucbox age1t069rtmyfy3qvvpq2evnrtyhjx8ylc985cfagh97972x9y0uzqqsauagfl
10
10
11
11
creation_rules:
12
-
- path_regex: secrets/desktop.ya?ml$
12
+
- path_regex: secrets/common.ya?ml$
13
13
key_groups:
14
14
- age:
15
15
- *desktop
16
-
17
-
- path_regex: secrets/nucbox.ya?ml$
18
-
key_groups:
19
-
- age:
20
16
- *nucbox
21
17
22
-
- path_regex: secrets/common.ya?ml$
18
+
- path_regex: secrets/pds.ya?ml$
23
19
key_groups:
24
20
- age:
25
21
- *desktop
+29
-33
modules/atproto-pds.nix
+29
-33
modules/atproto-pds.nix
···
4
4
5
5
let
6
6
cfg = config.services.homelab.pds;
7
+
getSecret = path: config.sops.placeholder.${path};
8
+
sopsConfig = {
9
+
sopsFile = ../secrets/pds.yaml;
10
+
owner = "pds";
11
+
group = "pds";
12
+
};
7
13
in
8
14
{
9
15
options.services.homelab.pds = {
···
19
25
type = types.str;
20
26
default = "pds.timtinkers.online";
21
27
description = "Domain for PDS";
22
-
};
23
-
24
-
enableReverseProxy = mkOption {
25
-
type = types.bool;
26
-
default = true;
27
-
description = "Enable reverse proxy for this service";
28
28
};
29
29
30
30
enableDashboard = mkOption {
···
59
59
];
60
60
61
61
sops.secrets = {
62
-
"pds_jwt_secret" = {
63
-
sopsFile = ../secrets/common.yaml;
64
-
owner = "pds";
65
-
group = "pds";
66
-
key = "pds/PDS_JWT_SECRET";
67
-
};
68
-
"pds_admin_password" = {
69
-
sopsFile = ../secrets/common.yaml;
70
-
owner = "pds";
71
-
group = "pds";
72
-
key = "pds/PDS_ADMIN_PASSWORD";
73
-
};
74
-
"pds_plc_rotation_key" = {
75
-
sopsFile = ../secrets/common.yaml;
76
-
owner = "pds";
77
-
group = "pds";
78
-
key = "pds/PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX";
79
-
};
62
+
"PDS_JWT_SECRET" = sopsConfig;
63
+
"PDS_ADMIN_PASSWORD" = sopsConfig;
64
+
"PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX" = sopsConfig;
65
+
"PDS_EMAIL_SMTP_URL" = sopsConfig;
66
+
"PDS_EMAIL_FROM_ADDRESS" = sopsConfig;
80
67
};
81
68
82
69
sops.templates."pds-env" = {
83
70
content = ''
84
-
PDS_JWT_SECRET=${config.sops.placeholder."pds_jwt_secret"}
85
-
PDS_ADMIN_PASSWORD=${config.sops.placeholder."pds_admin_password"}
86
-
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${config.sops.placeholder."pds_plc_rotation_key"}
71
+
PDS_JWT_SECRET=${getSecret "PDS_JWT_SECRET"}
72
+
PDS_ADMIN_PASSWORD=${getSecret "PDS_ADMIN_PASSWORD"}
73
+
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${getSecret "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX"}
74
+
PDS_EMAIL_SMTP_URL=${getSecret "PDS_EMAIL_SMTP_URL"}
75
+
PDS_EMAIL_FROM_ADDRESS=${getSecret "PDS_EMAIL_FROM_ADDRESS"}
87
76
'';
88
77
owner = "pds";
89
78
group = "pds";
···
97
86
settings = {
98
87
PDS_PORT = cfg.port;
99
88
PDS_DATA_DIRECTORY = "/var/lib/pds";
100
-
PDS_CRAWLERS = "https://bsky.network";
89
+
90
+
# crawlers taken from the following post
91
+
# <https://bsky.app/profile/billy.wales/post/3lxpd67hnks2e>
92
+
PDS_CRAWLERS = concatStringsSep "," [
93
+
"https://bsky.network"
94
+
"https://relay.cerulea.blue"
95
+
"https://relay.fire.hose.cam"
96
+
"https://relay2.fire.hose.cam"
97
+
"https://relay3.fr.hose.cam"
98
+
"https://relay.hayescmd.net"
99
+
];
100
+
101
101
LOG_ENABLED = "true";
102
102
PDS_HOSTNAME = "pds.timtinkers.online";
103
103
PDS_DID_PLC_URL = "https://plc.directory";
104
-
PDS_CONTACT_EMAIL_ADDRESS = "git@timtinkers.online";
105
-
PDS_PRIVACY_POLICY_URL = "https://timtinkers.online";
106
-
PDS_TERMS_OF_SERVICE_URL = "https://timtinkers.online";
107
-
PDS_ACCEPTING_REPO_IMPORTS = "true";
108
104
};
109
105
};
110
106
···
133
129
};
134
130
135
131
# Fallback to reverse proxy system if dashboard is disabled
136
-
services.homelab.nginx.reverseProxies = mkIf (cfg.enableReverseProxy && !cfg.enableDashboard) {
132
+
services.homelab.nginx.reverseProxies = mkIf (!cfg.enableDashboard) {
137
133
pds = {
138
134
subdomain = "pds";
139
135
target = "http://127.0.0.1:${toString cfg.port}";
+22
-26
secrets/common.yaml
+22
-26
secrets/common.yaml
···
1
1
auth:
2
-
authelia-jwt-secret: ENC[AES256_GCM,data:6UtOyRCE3DQql1qaZJedvM9G1LuJR0SayAd1crsbBhHp5BrWtnQNAG/9ZYo=,iv:Hha/7ZDgkoyA+sLeseoDZtViVN0WYhBJpvoPRO1nvnQ=,tag:kG7tXKo0fP0PWW/2sVzxvg==,type:str]
3
-
authelia-session-secret: ENC[AES256_GCM,data:LMVazoUoqOckqUsvB5Uko4kBB1ZY+90uO9lbV0nFahQTEIOkhoXDB/Vls7g=,iv:bljHcnjyY4QOylKdLv934E3Tq51V0RxJfR7k+YbH3n4=,tag:zmuqoYnyq5fK0i21rGDmNA==,type:str]
4
-
authelia-storage-encryption-key: ENC[AES256_GCM,data:vsCIjdBN5EHHYOsgZXICoJBLKz+7YEYzvTfuZ2Q0YEM0ikza42tu7T9IHeo=,iv:E+YLeNXarwRoUrvxiFLCpnKwyd0Tb+Jme/99+jmaY80=,tag:UzCLa0BR3vNSs0WkRs1bWg==,type:str]
5
-
lldap-jwt-secret: ENC[AES256_GCM,data:Lij9DlRCf7EWZcxLiRfNDTxDit2ykvWR4Wom+T1Ym5t9b95irGW80CiiRrA=,iv:prUcK8ckwgQghGFbqENxg06AqnNlrt1caq46davAA0M=,tag:QaCZwVgR7XlnBN8RKIb4cw==,type:str]
6
-
lldap-ldap-user-password: ENC[AES256_GCM,data:EU0sRxZWMUKPPml/tfNMXDE8qCn0HWCI,iv:2BTPQC4fm8xXnvfcEXN9DHAUbP8WpYyCWTCEbnCruz4=,tag:Bib6pE6S72zF5vGuzGypUg==,type:str]
7
-
authelia-oidc-hmac-secret: ENC[AES256_GCM,data:k19W69Ie6h3Z6eOwOr7UrOwdQlvi+694dilNjjC3NEM3ph/rj/6f/EAehKv0cODGREA7Rh3iYi+K34K6EuNEjNz9QyiC60KWf5KYaTyUDc/2MS6Az6ZzvVfFABIeE3qbR1Z0DZgoXLzv3uwm+GcCzLvLtlAdah/I9OJCDNhqgfo=,iv:arnNnzbBcacrmA87geTfMSCc9txToLulfV7IEQF9ECo=,tag:720iQxt6IvoQmV3JJO1R8A==,type:str]
8
-
authelia-oidc-issuer-private-key: ENC[AES256_GCM,data:DMJ7PJM1qNPaf2LKo7LiaLDqKKqSN8S49ZVlN6CFKtvzow0yAMXp+m6yfUvBdWxnAox5PZTYn7WU6MPIO524ok1b5auk9OFOQbqzWHuU2zK+UpJqC8iqpnOUZCcb6l6NYkbAO3lSGsD9s9mCcHkj1po5aJYiMO8daqIJjW7NAy1apptZkxMyUbjQ+9p633XYWr70/hCaKYu/xWq0xWU3z+YpkxReut47B6mr/gRx7d1MIC1XmnzErixNboyf7OTGrlFp6hSxRkD2vejSHwhlhpDrkPbRc35bnYyooVDu4Z7/iT2MN8wTSr6+yMCtyhEuzD9V9LlIL/Ddh3dUnxePL+l8T8636Bt4PK7+InxVjCSRyOsOVVUo7yv76EJmgQJCfKhrX5N934qeDbyE2fOJA8fRwweFOGAK2uglAze9pIU/4ma3vwePvIhCmt2CH01t9GAiE5/57Ffn22MXWy+ucx01SYbP7EbqVoFzh2PcZBClUtAs8NHOG1yvXSZz8woJ/2EIpBrJVXWhimqny/j/x2O0OkanFBdp+ja0oiOBjEvYoPXoyO1OADnO0HdLITrWkaCIeN8gBYCrdTIGadlyXEKd/mem1gihrOhogSPCbDZl3p3a7XwjdyLgZNaLOJFtbEtHfs0SzvXfzgMF0JuwzYyC00OJM2Utmk+NCsdPu00lHCv3gg5o6CdYYRlf/g+5S4+CgfYY2yAHHQ3Ayk6EYuSNkzSF804qe1lMg9Bbt0hyWlsELCUCmYoYNJ/uYPeexLhcLIs94j7rsRaZg1EyDyd+vZssVaQYbHDJ8/DVB98SRkVzzjxfot8Ie4ZsngxiUgTuRbebYc3UYit5ECsVmS5S0aR92FH3F/6t8hujpzeaFIoBGpKzXaWmQGxs5NZv/OLg2TbuceQpT8KAT/rgvuodm6yukBlIuWjZQETZkWlje3x4wivKLY41P5FaFP06swJiybPn4yBB4jw+nt9UH6FaN7cgEiemdiv9zhYwT/YyxIj69MCtpoy+xG/LHIzfJeE+BBVeMofTKe/RdFDvkcXgcBz1aN8GAARMYapK7//R+fOYZbrHMKfY0ZL5LPhc/vUtQr/ub7LZmknonJ12b9kcyk64SFzIRwtdE7sqzkPRCudStQTbtdjXoTThr8u6fp7gd5lDU8SwdYVDphSVMIpzuCqZ6eChc2BFMmQ6Ive+Lm5vOcdUpRJcEKWbYIHdS9JZfvmOE52yGBGe7j0IT2psHnF0duTkokOWh9GVVtEep8JPf7Kmhf9Nc6uG4Gt4i96LX9fTrd4doqnWnnhZWoC2eUnU7o/gkaMgi0/DVlcz1nj2cL8JM133XFBCY+Yoq4Fzofb1csIcexrsTCoWJgrGmgVGJMQLHrCly06ogbAybIjwF7d8OFRb8gUQSquTiSeGbCy6wF+BC8wG9cTUdiQJd9VmgOolNlaMqRMTh+nmfnI3C/uvlxWEIBZKzSaPiBLw9PTp3od45+MxT8Zr7gZZFFcrcbC0CSA6MfjP+NmZZJsr9XPGPYQh+Wil/fX5n5XZTPin8qHJCe0yQIB1IHh0fOeKVMSWELckxeDgaplEY/+PsYj9tNlMo77qd/5pwYfpAz+L4ExaPi15mYdxoGUyO2zWKcyg9D/dw+l++ltmRV5MFs0Oe5ZSuVkvYlIqlJwyhoRwmEg6xu/Hr/K8xw5ey7o1it2+hqjkAhotNE0mk4oWpHIbGZtOlTV1Mob3i4ScbU8ENxSxV2VUuJ1PjiRzFyhzv9y+k7yF2gEQrb8/Z2a3bYqW71wPw7fW2n47ZvVncsX4n7hQ25Rhiojyp3WycU+2IqMigZQpfHbMGm7qkn41AxYCm2Cg1RCiaRF8OGTeJ3OoQYvh8z+1v+Ba/88EbNZzlInkXYCxWCLz06OhbbhBv+RblrQBcIn9fGWZHsI7Gj1XCp30zzUyEYyCGkkm3bgW7SfYsnNnuGyqytQmkbaM/jQSeQ0NBsLnavwzRHhQBEscMYiSwnaSi2BN0rkXgaIs33xURhVcD0K69PXpJNpx7NyCwjFZRf86O2nYvDY5OBNeeFoHplCzuCup76VN0KXWLNDkaMmNIMtVpYCkWWQwpVo5i6WM7gRsS+hhWnoMDt2O9ZPBbYKCrTJ/2HLe5LPL78q5upStTt4v4WaU6kbGhz4eziR+YEdkClfDX/aAkXpUYcbUWOwxYsMkVoAxriMEMa+7ZRApVHJFWlPsdyxwRDkKtzgOw+KoIByr74UGIdp8lATspro+J4H/xUp1NVdZp0Mj,iv:GX7ptCfJT4CW8ZNguB9rrkJnB3pL8WwNNZeIoNTrBBI=,tag:RO7/+wS9Tu5BxzDZnBDiOw==,type:str]
2
+
authelia-jwt-secret: ENC[AES256_GCM,data:ybMUB4JlQN4G82UU/U+2xQqgEh0BF8PptpidudxpPLikwIRuogJxa9+oPO8=,iv:6Il3lGKNaNbGyeImA2n8bthm35hJ5QaIZ0xrMIweDhs=,tag:VDu8REMh7wEmNtMKzIYpdw==,type:str]
3
+
authelia-session-secret: ENC[AES256_GCM,data:HHC0okPTAxGoRH5I/KZexacGafJO7PNseScti4e6Dqb/5buLtcCvwFupQBQ=,iv:YrRBZ/1ctzWabDxVb5bHIjUA3TAvx+CHvM/SZQzzrC0=,tag:fX5jaXknhzbot/z3YudYeA==,type:str]
4
+
authelia-storage-encryption-key: ENC[AES256_GCM,data:VKNvUZfjeWHijMqx3C6/hTQA8TLjSapcKeo5tS6h8OI1H+9zDWIRiVOrxDc=,iv:cH3MQYciKVSy5+Wb2jGXQnKUX1vYY1f0TftUiNsJJb8=,tag:XW0hJO5B5p+B6egkSo2lMA==,type:str]
5
+
lldap-jwt-secret: ENC[AES256_GCM,data:UsoUOdX8EVVFBpzG2IdgTeRFSaGpUAOq+i1I1rg3Mv4lHmGfOMmOG1dJGSg=,iv:j4EccDPDk2K86KOIwN+fpkKsxbAam5C/FcohmFULTA8=,tag:D2lW+FQ9x5zXdJHZELnT/Q==,type:str]
6
+
lldap-ldap-user-password: ENC[AES256_GCM,data:ssrIrB0lGZA3AAmgRrcuozpq3Ba0SCN8,iv:4mGO7HHqYX3pEfnV9jmc9GMtjyMFojfPeeh1fkaM4/Q=,tag:r0iBfhFQcaezsRktxj2eCQ==,type:str]
7
+
authelia-oidc-hmac-secret: ENC[AES256_GCM,data:aK7LdvxXAT9/Jg65rf5c4vsspf89ub+P6EMA6jLBd/fCjWEKf86QhknfVF2CviZUfh9T0Hg9RRzufQnE1rTWMR3TtgqN1fASL35K5uqdQpxMpsPfY/gfcaYNrjOB0EX4zD/vS/9webw1CwTehOCHbFNLCTIW76IxXZEHIm1rPbA=,iv:rUpN04KQmcV1Q7wwGIacwGVLB36wCCbqKtFOF60u+AU=,tag:lYnrzVrY8fjWB3/1OYpTqA==,type:str]
8
+
authelia-oidc-issuer-private-key: ENC[AES256_GCM,data:X0eA8smTAMMm/+1PM8JhW0E/aRTAG5J8qAArHQn7s8zISoMr6WzmbBcOPuQQvFZ/ZFG5NrlA3GesylK4EO3IzWeUpF5L8wnZqg0vbJguBXqpU4fRozo7tsnqtPaKLo9J4hd62Zed90FhJ+Qv0MrsP5jRXQVJcWmDsif5B/VOjUyceT9jL9O+XmNStHMEC0rvAne9Y4tdcmJ0jkCOwjakRt9vm9VBEFzL3Xb7C8LUwZCVRdlFVup0zSsURIR1OdRKjysR2+hCgjlzukPlIrkr59HRR7P0CjuunD02ga6CoRgVZq+yI6jPWSaRy9fU/jIOeHyxbDHme6zFB27kNBIz1Kc2ilgTPnLcPbQk46QL+rtlUK44qsazh8L/unPf7VLPxkpz/QhUiMUGrq2VrWHVbcXdoda6lGi3OBVF3Z5wIDPDUSFxNHkMtHoRHAZNPBhkT/D7flhpJ6LgUIdf2XAu6FxfW5DEnOURH2qcwMOTmnoEiqrv92lmX1iLGPLU2HvhfKRNPjp0ndJPGq3Aot1Ghi8+lNSinq4U25uJzqZpOYAKfWPY+qthHaTR1WmcT1c5otDwVaUQFgcrOAzbGktC16ih7MOFu/xhvvfy5GqCOKPxGIZImf2lhxSKyDf4Pm0+dwrriGPLLyfPB/g/54MgRjKtQB+k1O/6Jx3Q3azX8Vzca/TOKw13K/oUDr7uxTMimSeadnG6fBjQDsXTvY00/5sNYPNrFok+BkrtFmccCDR25ZsHC+6uMW4GrRQ0aav1b7562ue+9D3RZ8tE5/EeTDCjGWtjbDMwDDF6iDXKBaW6RzIa2vvQahRyjEWuL9KoD8dMgnHPvdf8HGRdIh37kfz5qSvmJuEmmm7OFAStKOGSF4HDli003/dkXsQA+6A/v1flQhD0PGeiP9FbYFim6DwR5Sj1lJ++c5ta/F23HmwtrXCbbksau7rY9FTAWyXd6yNjHoUdkvrc7xGLg5TCpQfNo80Omnad34TZWNYj3hPLNP1rdEAXg1KQwNBVe2bPPD3XwCrQuxmHiv5ot39Nj/ZZ1xszl8KK4V/hlmNg/Hm919RK2ZBAA7PtGyAudl2z0DLH7mD1KcT4xiyAC/sUEBuBiZ0Utc9N4Fk5fGJ7Tw70sZzXlm5hxiK/3vH9JdROHOCSbcWt/Gsb0OpPThwN96ONSP8sF3dAKaju7762zjiJ0xdb4wXSWYR3Pn1POkyNWB4wzG3BTzoAJ9hp7QOJsVEi6X2sXLTLEs4EE+C2BZh/vHHflBWe5XS4frynXfSrvd6rFcUL3y0rv9s0OjR1KqjcgoKIZl69ygVMmzfvhx7x4IR5r1rGMwu+G1idXtKTALyhDI0vFsqtj+krYZ5EmTOGsG7qTJrtW4Q/bx6+qdbSu6zxQRMlVMKfal2AhHfASj+0LjYvWPEYDl/xbt4q7W6WepSRMsL9Pf8somDaz2RQQ3yX1z5482mK4q0Nf+wOUkBx2sZ8ccLTebpB882AjDi5tgRYvU9r6njMFCrEb9l8J5xy6M0g2EI1+LSQCQuuTUJP/7yhMlqmMfD5O0J2efrVXKS/wbEkStFeaURoCPvYB2vKhteo0EL4EwpfppmVW7Sbh+pax4lfEtWmgKRtMYbZEQKnvBjt8xQGPZ65yEDt2vTnXIfo4s1aPrtDMX4xTuN4F1VPN5Uqi0eXnLcBOvizQihRyUVlJ7oFE6jQrJ08w56+izw5bAi408cCj3IvZPxwyTmYR/3/iHLH2mFwtDPLjZQU2EeBj0Xt48Yln2OQYeHwKf0Z7fdOSsoOxWtubQA3iX8szSP/bpH+6GtidMDKUnhCDeUeJiKKx5djtwM7VoPzrEZ6a+fZOn85qwFee58DR1tmWO0/vYu2UdYwhhhoS2ZcOPaK9/bd4tOFCLHUzX7Wa3XDvTUH8Bte0JLfh1kP6AF8Km/rAn42TSGcOZWbvyZsoqxAK2TyoI9aiDhTXRUckwanYPUEj4dPiB9Kdn7K0HwOdWjQRCSbZVPwJj36mBBNcfshVT0MhHO4+DE9GXwgpFdbTutQpMgmUnnkkNuk9AkMuVHfgy0b/fNRI2g6xgsBa3qvSy7lGhw95txdGe1FxZ9cbkXYVWQr1iiMlaBvsOCKB0suStUQuGNJXOsCoB6nyP4LmqYH2pwPhn5B+88P4FITg9S2E1HbO20GTjX1wVMQMJHoRYG9O2cCikjBoH2lVrCCdK1VQe5j3FodpUXyQP90Hgnui86cErOpmpWVZ+c5Ylm+twililGg1BCzkIwPxy3Z,iv:aFDUWquDEfVSY/D637AVHMXQ0/mxlB5ILzUsUPObE7A=,tag:1RInYXKFJdGrzYGvN1acTQ==,type:str]
9
9
oidc-clients:
10
-
audiobookshelf-secret: ENC[AES256_GCM,data:GDgISj3Gk33FEjXPxLS3+dZL60EdGp0WTSaBKouMvmDa7mZLz4XBldKkP0WaAbHNHi7uhKFiYTjvxhPrVUdlSnmMQIcLJ4p6yV0KnsKXf2wgM/plbKS1ZmXlOqk907SzObdflRhLlS8884wOlhzzLcwa8KFFG9P3R/tL+ZFhV4CPVtQ=,iv:WBcpufyT20Nq1GjMNv6FEbsrPHzRvpPNOTNoSb70lQQ=,tag:SaQPKD81A+Qdq5AlUR1n1g==,type:str]
11
-
audiobookshelf-secret-plaintext: ENC[AES256_GCM,data:961W6NRsViJec4AmFEeTjVdWdv5U+vmSI5DjxZVm2K+Nw1oZAp0RkYL+JU9ePvhCpJWG4v2JjUkRQGZ1u0kX2TpzTLg2M1HM,iv:hXdaC+hrIKZnMZuAKNhu0m4G4/kBCqCrdZajhnvLwTM=,tag:3rYx3jkqyOAP+3ECOyq/6w==,type:str]
12
-
pds:
13
-
PDS_JWT_SECRET: ENC[AES256_GCM,data:m+5QXKDAcz0ISdnzZVHXb8b/dLaagP7My3yyVDYZ2xo=,iv:RZ6nao5RdQEvarLltBtayev6kvMZnj7YTyzSGjgYi6s=,tag:qR3zSu8RjKHLor2agrB/DQ==,type:str]
14
-
PDS_ADMIN_PASSWORD: ENC[AES256_GCM,data:A2V9iIRkDxTgEFgMjn4YZpytQ6Bpuy2nGGD39OeHLC0=,iv:n4CMjrVChlWYC06WrEWMTkKxqWbJrbhH1Co3xC1H/6Q=,tag:UdnB2syuec0prVTx0dklYQ==,type:str]
15
-
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:oLWp/qcImi1goDTju+DyF50pmO0OkTgvcjT/UruO7B3wolWLvQUCe5O2cm7DxId6t4qJHHwey9sOvVVRoQAv5g==,iv:vF/2QT4J9ruIcwEsA+JGKjwVIs37hahtKpXopzkJ/eU=,tag:j6ddYADoeVpXNe3zWKSAgw==,type:str]
10
+
audiobookshelf-secret: ENC[AES256_GCM,data:mN+owS4ff53MwPEJ043plqGr0uJp7MEjunJ0yF552pgBahz8T4xiX04dlRHL29wQPJN4sPhUXlbwDzJf/6ezzzqgne8jTfHX6T1rLQ6TneAl/ig2dLP2zmdQQGYF8HL2lGmhKjIHkkmJn4oVWvlb8etv1PbLV8A+jbD1mMxzuTktaLI=,iv:YHBhAKq+ZMP1XQ0V2kYACkSfJn70nFLHc+TW7QLMPQ4=,tag:xt9wZ+U7Y1aHhq8U8GWOCg==,type:str]
11
+
audiobookshelf-secret-plaintext: ENC[AES256_GCM,data:jSRd7DsaE24WNDgcmlKqMbIy7Y0Hq2DxOPsbnmGP4FqU2ktBbWnQ8QLgm9FuCt/eP8e0I0Qm6G5mY6fM3AaktI3XOffWCXLe,iv:K2eYEkV984iwoZ7HM0YXpeLt1Hr5vX7ju79xJgujwCM=,tag:pxMmB+2dYieQ5vmOdBoTTg==,type:str]
16
12
ssh:
17
-
tangled: ENC[AES256_GCM,data:LI65IgI7y7/mbi3fV3ikSRoUgFES6KiRN9hjzAYRTD6c+I3GjeGDpOXnndFtbxfYgLDTN9lJn6eH+XmA4XpKzn9dcvJe4YC3mNumUiYtod7VR4DzomJ9M8uS/7llgYp42Bes3WbnIHh4T8o/Oer4372oMW/ysO0BPDwNIZ2Xk0lmGHOPiOGdtRe4G0d09QXfKc+RkHt2eJ+4pDvxsUUOWtdSafFmcUiTicS0Dp84Ot4maHn3FDVBHJwnSAKr5w0uyNr7IF3ap2SX36HCWKyiwrxyZzbMmNhuEm6pIB295JuaqMygyjv4hatQog9TpG9v1awr5Y35xRkZj8S/lYbeuKm9FTDRYw0VvySJEykqdDX29Qq4VKKsHSIWM5y/xoW2pE7FKcHYdE4JWP5mlekpXohOSgOfACLn6G1uj3mG1PzTZYDjRtpYjiat3E6i6GwVWXcondZC1KvvXuM/6MlDHu63FHvDMroVkYv5E7MtL9DgNq+sH5pMdhd956TTXdbGd8359MwxQxkBPKjoevOoBGTiLQye5DUi+z9r,iv:U2aXXyHjVjl23aDCTwtTVgOFVj+uruaf7We1fTMiLhk=,tag:PgHi0+5Ok/f0NeA4+uK4VA==,type:str]
13
+
tangled: ENC[AES256_GCM,data:jaBvuOuBvLHEVUml2LG2KW5o4iOkBtGI8JWhrQuaWtUXOYxeF4nZ5xSXgrH4dny3bXkNZQ1qRKuJT3vZHF7k4xcIc+bQFbuTEE6E8C+gGuaM7PBww13mnaXEELLTk/FOmDZiHgLc/DGh7tYq+O8/NR3ntu49+01pLBgWpi+6BBNjox6HHWGbpuZ67uyKLpcwh/3SEPQKQCFABfvmWfYVB9Z31tPkHhPGZFTdVN2OJHlWd+mjzQd7HS0bO7h22a+xQT3upXhSPbed9jcRpWMyEYzDbB+MnMana/JYHq9uslI6SaN8hU+EtYoemFD/EVPwzMMGY+uNhIuSy4XSQbR/JYZZKf+xyDVxQWeYrevPGvKRSlSgHWi3om3iDla+1wMuNgG7ZKsXubnFoxRDaEhYRpGcmx5miHwcDGLRAkdyjrpvkr/Ad7UMSRd0wHWii16RGH/nWnTLHz++YWw2QWBmGvtTBbb2ZP4O0vbhXpilyDbjfaFGcRjR0Z5CPaPMyahue1rRjmRHqhA/jvxkJHHQpsgeQv0T0D8Td2Ws,iv:PegzOix0J94F+2QjsEHx3MHXaVzCCQOpjDO92QdPkLQ=,tag:S6I35SBx5iDxUMZfmodYbg==,type:str]
18
14
sops:
19
15
age:
20
16
- recipient: age13d6egar7w7hq4cagemfu766p9g7l9j60z5afc6l4lt8w59kh5cfsh6ceal
21
17
enc: |
22
18
-----BEGIN AGE ENCRYPTED FILE-----
23
-
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMGFUY3J5blFFL0Q0UXRC
24
-
NlQ4c0ljN0hZNll6aXdhRFJORCtXcUt2VGhJCkd6cElFanJucGxPSEZ0bWMrMkRT
25
-
UEtWcWl0T2FWREVXOEREM2ZwenIrOGsKLS0tIGVXUWF4cW81SE5TYktFYUNzUTM0
26
-
d081ck5FTXIvOXBvcHNpdWZVNlU2MjQKySxx6O45J5aSalaOBtu6rUGdqwtOAwA5
27
-
LcQZ0cGaFOX3tjnxdCDQRya0P63FLuDrQaSlijJgDLRRLmC0j15Vlw==
19
+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaWFZdlVTSFNOL1JaVW95
20
+
UURpWTR0L2RZS0lxdk1aTHVsbStMeEJzWjJZCnRDZ2s4RzM0dkQwcGJ3SzhDTkR1
21
+
QlFVcXFlTHB3NS9YVkxuak1wbzZ6SmsKLS0tIHQ0MFg1T1F5L01QWlRrNkV1dWdF
22
+
NHczVzI3ejhtaDIrNmlVK1Vwckl6TTgKgq9Rdbv7gFe1qnWiM/gf/T4KUPZypYIj
23
+
UH3QeoCY1KF/b6ZpQc6emw1AWWTR774H2McHsalXlc/CpcQCCtDRlg==
28
24
-----END AGE ENCRYPTED FILE-----
29
25
- recipient: age1t069rtmyfy3qvvpq2evnrtyhjx8ylc985cfagh97972x9y0uzqqsauagfl
30
26
enc: |
31
27
-----BEGIN AGE ENCRYPTED FILE-----
32
-
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQld6MjdhZG9ZSHRvQXhR
33
-
UElEVm16KzZhSElmeXRDelJEUENKOW9sd2tjCnhtelRxNmJSemZPQjJKL3lOaENX
34
-
QW1GbzErOTlWem12RCtCRk1wK1paYmcKLS0tIGRrWmE4S2NUOHBvVnVqSXFodXJH
35
-
WEhTYWVxUXFncWNaRi84SmcxdU93RFUKJWw6Ih/O2DMdLGbTvoJx3F7hTKNVIgr5
36
-
4kswSBbZWgwcSI1l/etpq75ylStTrXz85tPf4fePkojVwXrhmSnf0g==
28
+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkM214Y3M0Qm1hcjNEeXho
29
+
M084ck1wQ3ZtUWdCMnNDL2lZUU5aQmR5U3hvCmI3TEZHU0hIUUZsM2VtZXhkaVVC
30
+
aDU5aUptWFZKT1ZoRk9ib1VHaUYwU0UKLS0tIEQ1dHdtZWNVS1Iwc1U3YTREek84
31
+
dFFlT3IyWlgveWVwbjVHOFh0dkVPM1UK1hBQ0eDeQ9mxcu07FZVs2uT+IWE9Tlmp
32
+
7MD5HVJ3Ybk648wBPQzvv58xPv882y+XC54qcw19WQpMW5KUxdCrxw==
37
33
-----END AGE ENCRYPTED FILE-----
38
-
lastmodified: "2025-08-27T10:56:50Z"
39
-
mac: ENC[AES256_GCM,data:7YknNMLmFkUJZHzhs9NcYlAHCXwvwr+Lf1wLDoyjGNV9fjaMCokh9mlJFhLr9LkVIqNeX+xAJQPo4Ndo1UJVYJDUin3RuzgzW6l8TC+3VI+zmhF1XzzzXqLKZv9nKlz4a7ofrC45X0Clnt5UU76+Gvteaj8rJOMRVOSLLv+KWig=,iv:t8qEnvF3+8ggcDH7k+daJS9Yn9yK0lz/Mf+BDy6iq/Y=,tag:AjCdwtiPynwKlINfkyNwHw==,type:str]
34
+
lastmodified: "2025-09-04T14:28:03Z"
35
+
mac: ENC[AES256_GCM,data:wpV15qkNSpLoow2423ep+V6CSmDY1bxECgNEbNSxhIqHmmdjb8SRweMeaAhAAw+1Cu4sSQOTeSlSf0j+u7Yyg1XznNLU9s/FymyHiyvV2XmJSqEKBMF1eccO2Jne2CGpQqchN9ECXwwvFSCvTDEi7yH8XTbmMbEmOy1Z7fovA2g=,iv:yVpCX0M1LERB8B7Hp2mzfMF3ut3y3ikykqcmYZ+tZs8=,tag:3j8Xe2RM+9cW/LxVl17cLQ==,type:str]
40
36
unencrypted_suffix: _unencrypted
41
37
version: 3.10.2
+29
secrets/pds.yaml
+29
secrets/pds.yaml
···
1
+
PDS_JWT_SECRET: ENC[AES256_GCM,data:qx23JQuU4uK2u4ae6gbcmDew6H+Cah2Kpy0ejItMfUc=,iv:5RPh/hl3Dfzdqd1B2HXbxO13qYwD+VEY3+BKijR+BYQ=,tag:KMimYhnjft0IV+TchVxCvQ==,type:str]
2
+
PDS_ADMIN_PASSWORD: ENC[AES256_GCM,data:PSsFPZ/fGB5LsiWfBG1/Ts/MgM1vh+lw1XRoir8FZfQ=,iv:JjrKZOiVmDwi+fGUgQ+t/e+15rktdDMmMiOJfBH5KZY=,tag:Gcgrp+ooMhYYJ17jgB2sRQ==,type:str]
3
+
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:722P+jlVHm7B/YXTX2S7ooELuxbL7zY7axaUTaJU1S8beYi3PvamHRSwK6ThcMyl+24z6lVCkMOZaJNzAi2jtA==,iv:1zYGtTbk8Au9wqhZw1Y+p9GIwR1qu7ZdZ9pMVzxP/Nc=,tag:SGJzXE+BW4uWkaSq5A9l4Q==,type:str]
4
+
PDS_EMAIL_SMTP_URL: ENC[AES256_GCM,data:WE8k6cWorMFNfGW4CCTyZH85KImLwF5qvA9M9E0iGOMNO5sMMK6H6YIV5NvC8gLLCmmL+Knr8sxyHMgNc+apmxxy,iv:zhQ+whvT4VSqoi0iVh6MTlgRiMWBNM3d5k7lSbXTnOE=,tag:q3LurqNukAK0tmqNBGklkw==,type:str]
5
+
PDS_EMAIL_FROM_ADDRESS: ENC[AES256_GCM,data:wJ6gmuuv8wiBewknmXNlVk8jriFoGg==,iv:8cU3N5ZcvkJraTxp5H/UncMIlhEl0HNWuxyz3GHfN2g=,tag:ZmuVQstf5GFQQ0bJSvxR3A==,type:str]
6
+
sops:
7
+
age:
8
+
- recipient: age13d6egar7w7hq4cagemfu766p9g7l9j60z5afc6l4lt8w59kh5cfsh6ceal
9
+
enc: |
10
+
-----BEGIN AGE ENCRYPTED FILE-----
11
+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZXVaRXFNcGlPUW9LYXBD
12
+
L0ErZ21hUGdoRVg1VUYySEV0bDVSaGxzQ1ZjCkJjN3E4RXFyRi9pSFBYQWNrNjl5
13
+
NGRJRjBNbDRDQlBQc2FGQ0ozK1hiRUEKLS0tIFozempZdWhtZjZxS0dCcjZ1WG96
14
+
WXNXK1BUOWNuem5YSVZ3WmxJSHJHN0kKzYnLiL00eK5olyI64SnhimuU0FkZB0rl
15
+
0qf/aTHm4q78HTmZdPTqWrchpySnJ59CnvSGYDF9o9Le4ZaBbknjIw==
16
+
-----END AGE ENCRYPTED FILE-----
17
+
- recipient: age1t069rtmyfy3qvvpq2evnrtyhjx8ylc985cfagh97972x9y0uzqqsauagfl
18
+
enc: |
19
+
-----BEGIN AGE ENCRYPTED FILE-----
20
+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdG56QitXTndIT1BZOEhM
21
+
c1MwQzNFUFJKNDlOcUNudDU0K1VpRG53bkQ0CkJmaXQ4UXRDYitINTUwWEphYWVB
22
+
Z0JCZW0ybE5lTHFMOG5OVy96RUhmYWcKLS0tIExscE84dm8xNzhTdnVaakxhdWJs
23
+
NVUxUWFjZ0wxRzNQazdCQVVwTDdFL00KOkl8TdbzbjelOEAwCC5rssdCmVzhesa2
24
+
U2fs9AgFgrym38GXiHyGrqMfXBRl7VghjRr8L65/lU0ffdl1uX1B9A==
25
+
-----END AGE ENCRYPTED FILE-----
26
+
lastmodified: "2025-09-04T18:50:12Z"
27
+
mac: ENC[AES256_GCM,data:1UEotqTy+a7nR2otZR3IaX2fR5xBOTM21idsOIlJrwaMp76E078aGKWf9eMr7sQ/x6YhsGlTnfRIPOXsXvPRSMUCBTu3Yl1HC9xPlaM1lpjqXWVi50q8RdWaQSAO/xBV1BHDDXD7nx4m7HX4i9KCUB9UPtlfpkuKBABLoq/G6CM=,iv:CX1EV55wroPl34RubIeB0g/d6nmmY3BzpRLfazisMWg=,tag:GrPskrkqi73dCB1ObLT0Ag==,type:str]
28
+
unencrypted_suffix: _unencrypted
29
+
version: 3.10.2