michael_dileo/Keybard-Vagabond-Demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add source code and readme

Browse Source
This commit is contained in:
Michael DiLeo
2025-12-24 14:35:17 +01:00
parent 7c92e1e610
commit 74324d5a1b
331 changed files with 39272 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

259
manifests/applications/mastodon/README.md Normal file
View File

@@ -0,0 +1,259 @@
# Mastodon Application
This directory contains the Mastodon fediverse application deployment for the Keyboard Vagabond cluster.
## Overview
Mastodon is a free, open-source decentralized social media platform deployed using the official Helm chart via FluxCD GitOps.
**Deployment Status**: ✅ **Phase 1 - Core Deployment** (without Elasticsearch)
- **URL**: `https://mastodon.keyboardvagabond.com`
- **Federation Domain**: `keyboardvagabond.com` (CRITICAL: Never change this!)
- **Architecture**: Multi-container design with Web, Sidekiq, and Streaming deployments
- **Authentication**: Authentik OIDC integration + local accounts
- **Storage**: Backblaze B2 S3-compatible storage with Cloudflare CDN
- **Database**: Shared PostgreSQL cluster with CloudNativePG
- **Cache**: Shared Redis cluster
## Directory Structure
```
mastodon/
├── namespace.yaml # mastodon-application namespace
├── repository.yaml # Official Mastodon Helm chart repository
├── secret.yaml # SOPS-encrypted secrets (credentials, tokens)
├── helm-release.yaml # Main HelmRelease configuration
├── ingress.yaml # NGINX ingress with SSL and external-dns
├── monitoring.yaml # ServiceMonitor for OpenObserve integration
├── kustomization.yaml # Resource list
└── README.md # This documentation
```
## 🔑 Pre-Deployment Setup
### 1. Generate Mastodon Secrets
**Important**: Replace placeholder values in `secret.yaml` before deployment:
```bash
# Generate SECRET_KEY_BASE (using modern Rails command)
docker run --rm -it tootsuite/mastodon bundle exec rails secret
# Generate OTP_SECRET (using modern Rails command)
docker run --rm -it tootsuite/mastodon bundle exec rails secret
# Generate VAPID Keys (after setting SECRET_KEY_BASE and OTP_SECRET)
docker run --rm -it \
-e SECRET_KEY_BASE="your_secret_key_base" \
-e OTP_SECRET="your_otp_secret" \
tootsuite/mastodon bundle exec rake mastodon:webpush:generate_vapid_key
```
### 2. Database Setup
Create Mastodon database and user in the existing PostgreSQL cluster:
```bash
kubectl exec -it postgresql-shared-1 -n postgresql-system -- psql -U postgres
```
```sql
-- Create database and user
CREATE DATABASE mastodon_production;
CREATE USER mastodon_user WITH PASSWORD 'SECURE_PASSWORD_HERE';
GRANT ALL PRIVILEGES ON DATABASE mastodon_production TO mastodon_user;
ALTER DATABASE mastodon_production OWNER TO mastodon_user;
\q
```
### 3. Update Secret Values
Edit `secret.yaml` and replace:
- `REPLACE_WITH_GENERATED_SECRET_KEY_BASE`
- `REPLACE_WITH_GENERATED_OTP_SECRET`
- `REPLACE_WITH_GENERATED_VAPID_PRIVATE_KEY`
- `REPLACE_WITH_GENERATED_VAPID_PUBLIC_KEY`
- `REPLACE_WITH_POSTGRESQL_PASSWORD`
- `REPLACE_WITH_REDIS_PASSWORD`
### 4. Encrypt Secrets
```bash
sops --encrypt --in-place manifests/applications/mastodon/secret.yaml
```
## 🚀 Deployment
### Add to Applications Kustomization
Add mastodon to `manifests/applications/kustomization.yaml`:
```yaml
resources:
# ... existing apps
- mastodon/
```
### Commit and Deploy
```bash
git add manifests/applications/mastodon/
git commit -m "feat: Add Mastodon fediverse application"
git push origin k8s-fleet
```
Flux will automatically deploy within 5-10 minutes.
## 📋 Post-Deployment Configuration
### 1. Initial Admin Setup
Wait for pods to be ready, then create admin account:
```bash
# Check deployment status
kubectl get pods -n mastodon-application
# Create admin account (single-user mode enabled initially)
kubectl exec -n mastodon-application deployment/mastodon-web -- \
tootctl accounts create admin \
--email admin@keyboardvagabond.com \
--confirmed \
--role Admin
```
### 2. Disable Single-User Mode
After creating admin account, edit `helm-release.yaml`:
```yaml
mastodon:
single_user_mode: false # Change from true to false
```
Commit and push to apply changes.
### 3. Federation Testing
Test federation with other Mastodon instances:
1. Search for accounts from other instances
2. Follow accounts from other instances
3. Verify media attachments display correctly via CDN
## 🔧 Configuration Details
### Resource Allocation
**Starting Resources** (Phase 1):
- **Web**: 2 replicas, 1-2 CPU, 2-4Gi memory
- **Sidekiq**: 2 replicas, 0.5-1 CPU, 1-2Gi memory
- **Streaming**: 2 replicas, 0.25-0.5 CPU, 0.5-1Gi memory
- **Total**: ~5.5 CPU requests, ~9Gi memory requests
### External Dependencies
-**PostgreSQL**: `postgresql-shared-rw.postgresql-system.svc.cluster.local:5432`
-**Redis**: `redis-ha-haproxy.redis-system.svc.cluster.local:6379`
-**S3 Storage**: Backblaze B2 `mastodon-bucket`
-**CDN**: Cloudflare `mm.keyboardvagabond.com`
-**SMTP**: `<YOUR_SMTP_SERVER>` `<YOUR_EMAIL_ADDRESS>`
-**OIDC**: Authentik `auth.keyboardvagabond.com`
-**Elasticsearch**: Not configured (Phase 2)
### Security Features
- **HTTPS**: Enforced with Let's Encrypt certificates
- **Headers**: Security headers via NGINX ingress
- **OIDC**: Single Sign-On with Authentik
- **S3**: Media storage with CDN distribution
- **Secrets**: SOPS-encrypted in Git
## 📊 Monitoring
### OpenObserve Integration
Metrics automatically collected via ServiceMonitor:
- **URL**: `https://obs.keyboardvagabond.com`
- **Metrics**: Mastodon application metrics, HTTP requests, response times
- **Logs**: Application logs via OpenTelemetry collector
### Health Checks
```bash
# Check pod status
kubectl get pods -n mastodon-application
# Check ingress and certificates
kubectl get ingress,certificates -n mastodon-application
# Check logs
kubectl logs -n mastodon-application deployment/mastodon-web
kubectl logs -n mastodon-application deployment/mastodon-sidekiq
```
## 🔄 Phase 2: Elasticsearch Integration
### When to Add Elasticsearch
Add Elasticsearch when you need:
- Full-text search within Mastodon
- Better search performance for content discovery
- Enhanced user experience with search features
### Implementation Steps
1. **Add Elasticsearch infrastructure** to `manifests/infrastructure/elasticsearch/`
2. **Uncomment Elasticsearch configuration** in `helm-release.yaml`
3. **Update dependencies** to include Elasticsearch
4. **Enable search features** in Mastodon admin panel
## 🆘 Troubleshooting
### Common Issues
**Database Connection Errors**:
```bash
# Check PostgreSQL connectivity
kubectl exec -n mastodon-application deployment/mastodon-web -- \
pg_isready -h postgresql-shared-rw.postgresql-system.svc.cluster.local -p 5432
```
**Redis Connection Errors**:
```bash
# Check Redis connectivity
kubectl exec -n mastodon-application deployment/mastodon-web -- \
redis-cli -h redis-ha-haproxy.redis-system.svc.cluster.local -p 6379 ping
```
**S3 Upload Issues**:
- Verify Backblaze B2 credentials
- Check bucket permissions and CORS configuration
- Test CDN connectivity to `mm.keyboardvagabond.com`
**OIDC Authentication Issues**:
- Verify Authentik provider configuration
- Check client ID and secret
- Confirm issuer URL accessibility
### Support Commands
```bash
# Run Mastodon CLI commands
kubectl exec -n mastodon-application deployment/mastodon-web -- tootctl help
# Database migrations
kubectl exec -n mastodon-application deployment/mastodon-web -- \
rails db:migrate
# Clear cache
kubectl exec -n mastodon-application deployment/mastodon-web -- \
tootctl cache clear
```
## 📚 References
- **Official Documentation**: https://docs.joinmastodon.org/
- **Helm Chart**: https://github.com/mastodon/chart
- **Admin Guide**: https://docs.joinmastodon.org/admin/
- **Federation Guide**: https://docs.joinmastodon.org/spec/activitypub/

12
manifests/applications/mastodon/elasticsearch-secret.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Secret
metadata:
name: mastodon-elasticsearch-credentials
namespace: mastodon-application
type: Opaque
stringData:
# Elasticsearch password for Mastodon
# The Mastodon Helm chart expects a 'password' key in this secret
# Username is specified in helm-release.yaml as elasticsearch.user
password: <secret>

249
manifests/applications/mastodon/helm-release.yaml Normal file
View File

@@ -0,0 +1,249 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: mastodon
namespace: mastodon-application
spec:
interval: 5m
timeout: 15m
chart:
spec:
chart: .
sourceRef:
kind: GitRepository
name: mastodon-chart
namespace: mastodon-application
interval: 1m
dependsOn:
- name: cloudnative-pg
namespace: postgresql-system
- name: redis-ha
namespace: redis-system
- name: eck-operator
namespace: elasticsearch-system
values:
# Override Mastodon image version to 4.5.0
image:
repository: ghcr.io/mastodon/mastodon
tag: v4.5.3
pullPolicy: IfNotPresent
# Mastodon Configuration
mastodon:
# Domain Configuration - CRITICAL: Never change LOCAL_DOMAIN after federation starts
local_domain: "mastodon.keyboardvagabond.com"
web_domain: "mastodon.keyboardvagabond.com"
# Trust pod network and VLAN network for Rails host authorization
# - 10.244.0.0/16: Cilium CNI pod network (internal pod-to-pod communication)
# - 10.132.0.0/24: NetCup Cloud VLAN network (NGINX Ingress runs in hostNetwork mode)
# - 127.0.0.1: Localhost (for health checks and internal connections)
# Note: Cloudflare IPs not needed - NGINX Ingress handles Cloudflare connections
# and forwards with X-Forwarded-* headers. Mastodon sees NGINX Ingress source IPs (VLAN).
trusted_proxy_ip: "10.244.0.0/16,10.132.0.0/24,127.0.0.1"
# Single User Mode - Enable initially for setup
single_user_mode: false
# Secrets Configuration
secrets:
existingSecret: mastodon-secrets
# S3 Configuration (Backblaze B2)
s3:
enabled: true
existingSecret: mastodon-secrets
bucket: mastodon-bucket
region: eu-central-003
endpoint: <REPLACE_WITH_S3_ENDPOINT>
alias_host: mm.keyboardvagabond.com
# SMTP Configuration
smtp:
# Use separate secret to avoid key conflicts with database password
existingSecret: mastodon-smtp-secrets
server: <YOUR_SMTP_SERVER>
port: 587
from_address: mastodon@mail.keyboardvagabond.com
domain: mail.keyboardvagabond.com
delivery_method: smtp
auth_method: plain
enable_starttls: auto
# Monitoring Configuration
metrics:
statsd:
address: ""
bind: "0.0.0.0"
# OpenTelemetry Configuration - Enabled for span metrics
otel:
exporter_otlp_endpoint: http://openobserve-collector-agent-collector.openobserve-collector.svc.cluster.local:4318
service_name: mastodon
# Web Component Configuration
web:
replicas: "2"
maxThreads: "10"
workers: "4"
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 4
targetCPUUtilizationPercentage: 70
targetMemoryUtilizationPercentage: 80
resources:
requests:
cpu: 250m # Reduced from 1000m - actual usage is ~25m
memory: 1.5Gi # Reduced from 2Gi - actual usage is ~1.4Gi
limits:
cpu: 1000m # Reduced from 2000m but still plenty of headroom
memory: 3Gi # Reduced from 4Gi but still adequate
nodeSelector: {}
tolerations: []
affinity: {}
# Sidekiq Component Configuration
sidekiq:
replicas: 2
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 4
targetCPUUtilizationPercentage: 70
targetMemoryUtilizationPercentage: 80
resources:
requests:
cpu: 250m # Reduced from 500m for resource optimization
memory: 768Mi # Reduced from 1Gi but adequate for sidekiq
limits:
cpu: 750m # Reduced from 1000m but still adequate
memory: 1.5Gi # Reduced from 2Gi but still adequate
nodeSelector: {}
tolerations: []
affinity: {}
# Streaming Component Configuration
streaming:
replicaCount: 2
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 3
targetCPUUtilizationPercentage: 70
targetMemoryUtilizationPercentage: 80
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 500m
memory: 1Gi
nodeSelector: {}
tolerations: []
affinity: {}
# Storage Configuration
persistence:
assets:
# Use S3 for media storage instead of local persistence
enabled: false
system:
enabled: true
storageClassName: longhorn-retain
size: 10Gi
accessMode: ReadWriteMany
# Enable S3 backup for Mastodon system storage (daily + weekly)
labels:
recurring-job.longhorn.io/source: "enabled"
recurring-job-group.longhorn.io/longhorn-s3-backup: "enabled"
recurring-job-group.longhorn.io/longhorn-s3-backup-weekly: "enabled"
# External Authentication Configuration
externalAuth:
# OIDC Configuration (Authentik) - Correct location per official values.yaml
oidc:
enabled: true
display_name: "Keyboard Vagabond SSO"
issuer: https://auth.keyboardvagabond.com/application/o/mastodon/
redirect_uri: https://mastodon.keyboardvagabond.com/auth/openid_connect/callback
discovery: true
scope: "openid,profile,email"
uid_field: preferred_username
existingSecret: mastodon-secrets
assume_email_is_verified: true
# CronJob Configuration
cronjobs:
# Media removal CronJob configuration
media:
# Retain fewer completed jobs to reduce clutter
successfulJobsHistoryLimit: 1 # Reduced from default 3 to 1
failedJobsHistoryLimit: 1 # Keep at 1 for debugging failed runs
# PostgreSQL Configuration (External) - Correct structure per official values.yaml
postgresql:
enabled: false
# Required when postgresql.enabled is false
postgresqlHostname: postgresql-shared-rw.postgresql-system.svc.cluster.local
postgresqlPort: 5432
# If using a connection pooler such as pgbouncer, please specify a hostname/IP
# that serves as a "direct" connection to the database, rather than going
# through the connection pooler. This is required for migrations to work
# properly.
direct:
hostname: postgresql-shared-rw.postgresql-system.svc.cluster.local
port: 5432
database: mastodon_production
auth:
database: mastodon_production
username: mastodon
existingSecret: mastodon-secrets
# Options for a read-only replica.
# If enabled, mastodon uses existing defaults for postgres for these values as well.
# NOTE: This feature is only available on Mastodon v4.2+
# Documentation for more information on this feature:
# https://docs.joinmastodon.org/admin/scaling/#read-replicas
readReplica:
hostname: postgresql-shared-ro.postgresql-system.svc.cluster.local
port: 5432
auth:
database: mastodon_production
username: mastodon
existingSecret: mastodon-secrets
# Redis Configuration (External) - Correct structure per official values.yaml
redis:
enabled: false
hostname: redis-ha-haproxy.redis-system.svc.cluster.local
port: 6379
auth:
existingSecret: mastodon-secrets
# Elasticsearch Configuration - Disable internal deployment (using external)
elasticsearch:
enabled: false
# External Elasticsearch Configuration
hostname: elasticsearch-es-http.elasticsearch-system.svc.cluster.local
port: 9200
# HTTP scheme - TLS is disabled for internal cluster communication
tls: false
preset: single_node_cluster
# Elasticsearch authentication
user: mastodon
# Use separate secret to avoid conflict with PostgreSQL password key
existingSecret: mastodon-elasticsearch-credentials
# Ingress Configuration (Handled separately)
ingress:
enabled: false
# Service Configuration
service:
type: ClusterIP
web:
port: 3000
streaming:
port: 4000

66
manifests/applications/mastodon/ingress.yaml Normal file
View File

@@ -0,0 +1,66 @@
---
# Main Mastodon Web Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mastodon-web-ingress
namespace: mastodon-application
annotations:
# Basic NGINX Configuration only - no cert-manager or external-dns
kubernetes.io/ingress.class: nginx
# Basic NGINX Configuration
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
# ActivityPub rate limiting - compatible with Cloudflare tunnels
# Uses real client IPs from CF-Connecting-IP header (configured in nginx ingress controller)
nginx.ingress.kubernetes.io/limit-rps: "30"
nginx.ingress.kubernetes.io/limit-burst-multiplier: "5"
spec:
ingressClassName: nginx
tls: []
rules:
- host: mastodon.keyboardvagabond.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mastodon-web
port:
number: 3000
---
# Separate Streaming Ingress with WebSocket support
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mastodon-streaming-ingress
namespace: mastodon-application
annotations:
# Basic NGINX Configuration only - no cert-manager or external-dns
kubernetes.io/ingress.class: nginx
# WebSocket timeout configuration for long-lived streaming connections
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
ingressClassName: nginx
tls: []
rules:
- host: streamingmastodon.keyboardvagabond.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mastodon-streaming
port:
number: 4000

14
manifests/applications/mastodon/kustomization.yaml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- repository.yaml
- secret.yaml
- smtp-secret.yaml
- postgresql-secret.yaml
- elasticsearch-secret.yaml
- helm-release.yaml
- ingress.yaml
- monitoring.yaml

53
manifests/applications/mastodon/monitoring.yaml Normal file
View File

@@ -0,0 +1,53 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: mastodon-metrics
namespace: mastodon-application
labels:
app.kubernetes.io/name: mastodon
app.kubernetes.io/component: monitoring
spec:
selector:
matchLabels:
app.kubernetes.io/name: mastodon
app.kubernetes.io/component: web
endpoints:
- port: http
path: /metrics
interval: 30s
scrapeTimeout: 10s
scheme: http
honorLabels: true
relabelings:
- sourceLabels: [__meta_kubernetes_pod_name]
targetLabel: pod
- sourceLabels: [__meta_kubernetes_pod_node_name]
targetLabel: node
- sourceLabels: [__meta_kubernetes_namespace]
targetLabel: namespace
- sourceLabels: [__meta_kubernetes_service_name]
targetLabel: service
metricRelabelings:
- sourceLabels: [__name__]
regex: 'mastodon_.*'
action: keep
---
apiVersion: v1
kind: Service
metadata:
name: mastodon-web-metrics
namespace: mastodon-application
labels:
app.kubernetes.io/name: mastodon
app.kubernetes.io/component: web
spec:
type: ClusterIP
ports:
- name: http
port: 3000
protocol: TCP
targetPort: 3000
selector:
app.kubernetes.io/name: mastodon
app.kubernetes.io/component: web

9
manifests/applications/mastodon/namespace.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: mastodon-application
labels:
name: mastodon-application
app.kubernetes.io/name: mastodon
app.kubernetes.io/component: application

38
manifests/applications/mastodon/postgresql-secret.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: v1
kind: Secret
metadata:
name: mastodon
namespace: mastodon-application
type: Opaque
stringData:
password: ENC[AES256_GCM,data:VlXQeK0mpx+gqN3WdjQx/GiLY1AcNeVpFWdCQl/cMzHCnD13h85R6T55I+63s9cpC4w=,iv:T8f9/1szT2OrEw1kDzWBYaobSjv2/ATmf5Y8V6+QczI=,tag:89KDw4m+a6U7kmdxODTJqQ==,type:str]
sops:
lastmodified: "2025-08-09T16:59:08Z"
mac: ENC[AES256_GCM,data:NMjIC/IIuRzNR8Jd1VRArWGNJWMqgCuCgGLMwgkSEj6NCTE8RhPHBOHbd3IjpSfAA9Zl1Ofz5oubK5Zb1zUZsSOqIfQIg5Ry2fHYfTU++8bbBgflXg30M9w0Oy6E8SR5LyK17H3tzWIGipwmqw/JlLXkcfLFqEX5gNBa8qM1xkQ=,iv:PlPx5xrijzVNiiYsUbuEAagh9aTETnHAQE+Q925XE0I=,tag:KrlZc6OIq+fJPcSfCs4SUg==,type:str]
pgp:
- created_at: "2025-08-09T16:59:08Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DZT3mpHTS/JgSAQdAuy3Ik4l0Z0/SnttBDBKRSdVbCFaritLD+5LIhmaifGAw
GOxdgYC2drm+eGWic2Al2QyHtEcTAXRnNksn7EuNcuGVtvFFUFGT7y0agNtqGl3+
1GgBCQIQaBL52FyC+JfQ4/KdF9QFSwJOGZpcV18w98piaKSLqcq+PJAba+o5xatO
WdPuZnhw+ecBycCD7twlHFW1zUEg1jNux2imTzoc5oVMd7PmtmLNzAMgbbpqVqWw
EFOEI9O6iqulNg==
=EBTn
-----END PGP MESSAGE-----
fp: B120595CA9A643B051731B32E67FF350227BA4E8
- created_at: "2025-08-09T16:59:08Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DSXzd60P2RKISAQdA8KoSTxSYKz7eKBUp2qbG0ssYEeKcNewBGgMEE6zQaG0w
OKtlEFb7VlZBqw92FAez0krTZVlh4LvxOxYbDVcdSSi2oMG1f0HtRQbKOqjgzsBm
1GgBCQIQBALBr5iH7+ovy492RZWTuSn4AKFmHo/Epz7XOUegtc1C/UwdYjLNPWyn
/qVNp0//408M1/aBvtgVZrGCZvnCEBbFyM/ZeRlIP3a1m5RZIGdhT2eFA9Q6ImPa
f6zZuJWEOcscSw==
=vttz
-----END PGP MESSAGE-----
fp: 4A8AADB4EBAB9AF88EF7062373CECE06CC80D40C
encrypted_regex: ^(data|stringData)$
version: 3.10.2

16
manifests/applications/mastodon/repository.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: mastodon-chart
namespace: mastodon-application
spec:
interval: 5m
url: https://github.com/mastodon/chart
ref:
branch: main
ignore: |
/*
!/Chart.yaml
!/values.yaml
!/templates/**

120
manifests/applications/mastodon/secret.yaml Normal file
View File

@@ -0,0 +1,120 @@
apiVersion: v1
kind: Secret
metadata:
name: mastodon-secrets
namespace: mastodon-application
type: Opaque
stringData:
#ENC[AES256_GCM,data:K1eK1ZEDGWBFY5O2YsMKSkiAZU7CVUPXBtfVO3l7VDK0nJZUma8ZF1+Av8KyRBWrDrNlIYGj6WrhxZP9SxYotnKyMOoJD4HX+qS7O6Zs4iuIiUnHT9NTuXBKAE2Ukkx2X7A/ASdHsg==,iv:m8XLZlQSB/GsgssayJxG75nAVro1t4negelkoc0/J8k=,tag:vRvsTDJojcQs5O7p2TtvIA==,type:comment]
SECRET_KEY_BASE: ENC[AES256_GCM,data:pehfsGHLucBQqnnxYPCOA9htVi6IqfDf9kur/rfLmMYvg8T1L0DEhK1fUitZsvb15gidTDk+mFXaO/fDTPqR8k4BZu8C+viR7fcnCh4RbBtOB3HMEW9H6HnKquRjHgwnNJi5wUQKFOmupmirbLqzr3Z3w2XKrN/k8SURuGITqJ0=,iv:Cubi0wn6iLHD+VnztYy/Vy14so3RXlBfiInqnOs13Uc=,tag:98Te2SIYIlu+8pTzl5UjgA==,type:str]
OTP_SECRET: ENC[AES256_GCM,data:aeUDmqiJtn2rXtcKu0ACHmp/1KTcbT/EjbbuhuwZURoYyyVY8z503X7pZtnFeePXnAdX0M/Eb+96pleMAwV0qkyt2bh6omziFdnsQ9iOzIqsB+rtaxuW//Z9sVXn+Y5psnQcxP4Hb8lUM5zDbhFP0kvOcySAYZE61JyW5T9PzcQ=,iv:ZzZW1Aq2Mgk2rdGvcg54PZE7uSj63Se5Cw3nMTlfPZ0=,tag:XOwFhsgwTC2EbSFaDoC8SA==,type:str]
#ENC[AES256_GCM,data:fuHClSLUnzJj+2qmszYwXv8ulh+QSqiGAdao8E0iDrfdtX6CBwA/1zMPP/oy7OTV4K00JsdsvHU1yfDEvxh4GCHbVqa9Z0N/lqfL,iv:rOsg08N96aEmJ1v1tyA2OuQpHjBdo/2Q+APiXBNPUOI=,tag:4Y5Dob2ZtQMmxFE9V8IYww==,type:comment]
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: ENC[AES256_GCM,data:EogXZhDsGfEdlXoyp6lv4/ovRXB0W6D3xlQeRe1Rht8=,iv:woI2VsPcB3BRPzKr5Puyk2R5sI7v6sraPkkONbD/ltw=,tag:WBkxk7i5hSwKY4bgn1wkAw==,type:str]
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: ENC[AES256_GCM,data:Pbd0fAskzNF6KNoJAIFrBPY+p065KodOmk7RvYFRlnw=,iv:ktjpDpNeES3BX2PYUYG7vRehzuY7P1zlUc+fHmnK3Ss=,tag:tI01fyM3io3okw/64p1fJg==,type:str]
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: ENC[AES256_GCM,data:R7PUbtv2ItonCqOGPskCXGMGgW61GI+eTLLQ4g2FUTg=,iv:c1ZHgyZNgWkAIxp5BLQqJfL4f6233U0U8sGbItPaJSk=,tag:0uJ5z3+esI1V6Z12MxwBzg==,type:str]
#ENC[AES256_GCM,data:XeH3jWSnLKm7Wqq7oiQdRES/gtCWLRVlWXrys/9AdV7XRspSWS+PN25Q6CbeNZNcghQwoz+5BC8jUMAT/MR/NA==,iv:WPlDal5bMa5ly8TGi3//i8g+uvNFttJRuNIxL+mdW8E=,tag:1TZLe2vS6Rxm1MyQZmTHFA==,type:comment]
STREAMING_API_BASE_URL: ENC[AES256_GCM,data:cQ+1YFnL8HS/KQ30uoJ3ZhZoUPdnWYD6h549GMm2+mSYGYLv5r+oo45kRj4=,iv:/97YXCPB85nMZnJ6aPhExCX4nuz2jPFEuZictfNceBw=,tag:0dpvJBzAZzb1lp75zfC9Aw==,type:str]
#ENC[AES256_GCM,data:erIkNH4EhEzM3XcnEBTj5rC1ohdc6fK/8KDrzCGdmET+oSnc11cvhMrZSHl/fHUjDXUR/PEL/ZJJZdTHSIEvIahgW939ryOV3ayedPy1FD0Jl4jJyX94eBlkW6cuMZOk3TL1MSvJkq+GLYJH,iv:gEkAKQI34tRilhFJjPB5Au7rY3tor6gPMqQ+Sd7q3FI=,tag:Io8zHb64AcfHhyAUwsJZLg==,type:comment]
VAPID_PRIVATE_KEY: ENC[AES256_GCM,data:rdbTGB2VBGBn7Q6Sah9B57eRP+RzBV4CRycd/4wFTs9tym86EPbYpTVG2pg=,iv:hJQSgU/AjzI+165R/iFLg/yoOnpp1IcIy8amWw99Xps=,tag:MPPWZMslp1nHVSKdLMVo5g==,type:str]
VAPID_PUBLIC_KEY: ENC[AES256_GCM,data:ZDFKE/uDfSgc6ZURVj24JIW51zxUVfiiA+jgvJYqanvc+QzQgqGjs6+eg1l4MvOMKgxMCQk+cq84ay1rxR9v7mjxTU4cpknbXGfcR/D0YeSU/VOhIv31SA==,iv:OA5sFfuMlQ83PLDzRRkL6ZDngNeiLAA+M10I+SNJ6Ls=,tag:viJDNl2TkatY/BPzz/MvWg==,type:str]
#ENC[AES256_GCM,data:k/fwvBxe2zF7oaP2IYmB6apf6y4woA==,iv:+PZSm3ReaSRw5WflQdJbdkqtx7Iv5Oz/BI8aV1AFvZY=,tag:cCZjRnF27GRVKyo8ElwqYw==,type:comment]
DB_HOST: ENC[AES256_GCM,data:sNqvRfqnlPg6uK93XMP2a0iQm3an/q06zg/zGu7i+sdeY/7vpAlcXG5V3N7tXeL7d0k796nDTno=,iv:aQ3toqyt1nzv/Fx25b3zOtQvb8Y0Sako/wSnl7zX7DU=,tag:mnIEeVkU9Sq4C6iVj8pxMQ==,type:str]
DB_PORT: ENC[AES256_GCM,data:38RTEA==,iv:h13g6XopZa1Nuq1wJ7j7o89hDGDjQFESAp5kgLtVGGg=,tag:/K4bwe69MHRRhTQqsW5k4w==,type:str]
DB_NAME: ENC[AES256_GCM,data:l6y011h0g+vfdGE6U8i39IwpmA==,iv:46CNni4blsfaWlsUGIm8PTQs7QIhkAVfFfY4b6IISJM=,tag:059TMbY2nSoLYD3DVLWVSQ==,type:str]
DB_USER: ENC[AES256_GCM,data:SceZLAgp4O4=,iv:+TLaQ3NPRJ6S90CSOj8EHNzt4l0ELuY4G5JOPz3fzE4=,tag:mzuAmPmf9dPeHmh3kf83hw==,type:str]
DB_PASS: ENC[AES256_GCM,data:tQpZYR4rvA3Q0vuut3R3e01aARDyHLA9Ds2XDzbzCzevF5z7fIaquPMOZ7qYInSuESg=,iv:XXMiV6tWpT6P2vKik397Lu65tyC6HNONFnMOljdrqCA=,tag:4/kRb/RAn6/KDGoOwBouog==,type:str]
DB_POOL: ENC[AES256_GCM,data:A/I=,iv:GuhoDms2xp+5bpfC3lCNI+76ykbmTbz/vMPdRxKJBng=,tag:GwsSSw4l1Nu//IIMAfr4sw==,type:str]
MAX_THREADS: ENC[AES256_GCM,data:wGw=,iv:3w+RHiBVjgqm8jJ5JkADmtwJbJtTBtoMBJCS/PJjFAk=,tag:pLN+3wgt5HSTYmTR5UwNJw==,type:str]
MIN_THREADS: ENC[AES256_GCM,data:Yg==,iv:dq5LDSrIxHafo+HiLVY3HWuEZayEKWQGGMF44f0HCK4=,tag:IvsD4i26jNbJJtVotsZIRA==,type:str]
WEB_CONCURRENCY: ENC[AES256_GCM,data:lw==,iv:E0ZWtrHcF5f9qozEfbM2Io2ujlHNNMuqki/EiM4Xa8c=,tag:guicW6tv8LjSjRSie+oSVA==,type:str]
#ENC[AES256_GCM,data:IczuHTIR5xXqRaAMQEUxhSiPjqM5GrzORjAL,iv:IEMVsCm9BnOfy5kBIwXURAxnkE2CX8JZ34Uszbpi8zI=,tag:U3i1zk4IZw5zJ0KxzJNWPQ==,type:comment]
password: ENC[AES256_GCM,data:0Hn5+x6qQXPjfjX2v/TTv4xe/I12kbzEl1brCdSKf6TI50PvD8XTP/cKszU3KJuq/OU=,iv:q/+ZTdv6zme71ePysXvYRoM1DL+ORXOKEd+m9kHnqjk=,tag:wzPbpRCmbHkB1TzPVKwPQg==,type:str]
#ENC[AES256_GCM,data:hPVY5oeIyUSBQ3LGCzebPpQANA==,iv:612aWNHfEculxO2lqNzEKEcbM9ZUeV7Enec3RytutiA=,tag:ph1mowrV9GAFBqyRCnpC5Q==,type:comment]
REDIS_HOST: ENC[AES256_GCM,data:m9MEyvw/UA75J2Q0JYCqWREEnyHlJ57IttG3lYpnJZ2LbgYjWm3UwZ+UrVvDVtQ=,iv:xW+xA8KeoplQktklwLZpFZyyJiio0EkWo7IqnTqzoaE=,tag:I102oxpgTxTn0WoJ6XZKhA==,type:str]
REDIS_PORT: ENC[AES256_GCM,data:KAyvHw==,iv:gGf2r7raWF4lfJlODWncQnklM3YbxUDgMSjYZWvVwt4=,tag:xVyo5rM32YRPC9nsUsI6aw==,type:str]
REDIS_PASSWORD: ENC[AES256_GCM,data:d/tUZXp9PlKJIP93JPGgM3nP+6zB80ufD2pHciM2CxU=,iv:0CSsRgFi6Tikj8Sxy9Ckkf5k9HqXuNFrYfM3/a+st2s=,tag:mbdvf8EldC1Fh+u9srT0Lg==,type:str]
#ENC[AES256_GCM,data:IczuHTIR5xXqRaAMQEUxhSiPjqM5GrzORjAL,iv:IEMVsCm9BnOfy5kBIwXURAxnkE2CX8JZ34Uszbpi8zI=,tag:U3i1zk4IZw5zJ0KxzJNWPQ==,type:comment]
redis-password: ENC[AES256_GCM,data:fA0WFo1se7oOe4IXNtq/Bn/Lmkr+NVE2HY5SlMdUZW0=,iv:NiHF1dVpTt9DL3XVaPPgUPe+lNatWeMoEgFrKpQjQlM=,tag:FWUWvE4jqrzbefIipXrc6g==,type:str]
#ENC[AES256_GCM,data:8ry40OFqyGT9qJZOT99cN0HXfNPDfkf1g5nOdIuHumcsk5rLC9uj+v3SMRwMqbBF6/U=,iv:6DYmTb1r2OqA14GKK82lUFbKv66GWGYT2qfyO699asU=,tag:MwezgPaUfuhjcHniOb72UQ==,type:comment]
login: ENC[AES256_GCM,data:Wnn1dtPF3i7cMZmBBM737csQmWil3Mxye8OtjROlGj2lgA==,iv:tZdJSxSaoXY34cAk12Mf02zAzeBOEhq8bBhKhau7QKY=,tag:fGgL70xtRk/BZ3d/TwT2Og==,type:str]
smtp-password: ENC[AES256_GCM,data:ztmXSY/VvSadpvzE/uCFH9Kv7gB8SKCQ3V16WkK3s5lq4DELGDdAgR02I7aMsrFm4rI=,iv:VA7keStnsVVF7sw5npTIUubXvX2f/3jYDdbqgDyP/Bc=,tag:Di8fvhmnrbe/OppZkl1jwg==,type:str]
#ENC[AES256_GCM,data:zvIiq95DG5vRkWJpp/Z07mwwdkNpN3fqA2M=,iv:p5zbLfQqhsB6R4SUpqJl005hFdpN3n4jQTxmocRq1t4=,tag:IK8v9OxPdcZXvu1NH3wNYw==,type:comment]
S3_ENABLED: ENC[AES256_GCM,data:F6ofCA==,iv:0ENYXQ+coTRAk0CBsAbpsGiatKrNzMWwanNL2f3qk4k=,tag:AjSDQj8xxcJe3UfI6tlLjA==,type:str]
S3_BUCKET: ENC[AES256_GCM,data:sQdl3Qn+LOlYnq26BPm6,iv:97Vh6D2swi1W+zXI6T+84WtazSMR1lUvQ6Xw5kTqvxY=,tag:RP9/euwDN8b8Q3Q+6i1Ohg==,type:str]
S3_REGION: ENC[AES256_GCM,data:LmJ0Cop+lSUoa17Kp5Y=,iv:jX9goW3PCmtykRCELnpJdEUGO/RYYyNH+SHkw4nMQmw=,tag:hBUU9gSy6vyNP8A0N5Wk2g==,type:str]
S3_ENDPOINT: ENC[AES256_GCM,data:WdYKClZlBsJ8XTXQg5XydrWQHV1dffX6ecC+c/UnrNUzQRx87XIU/Gg=,iv:BR6mZw51B2kAJ7C+56Y9J1Dl7pvtJbo29fHOmB3HoXk=,tag:76m7XCyNHw6YCLPpLE+5kw==,type:str]
S3_ALIAS_HOST: ENC[AES256_GCM,data:NXYGc8DzNxyAr3owQnSjyDzh7puA7Bo=,iv:6yrrhl5JEeyISf6jGdMHkQKSIl1sKmpbBCiQm6nf7UY=,tag:uLmaKhd6+98tKwrTYchqYQ==,type:str]
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:bEGMFAKLTRQNzHggtrCnpdIvAh5eYKUHaw==,iv:oFh4B/uOcIYLw+UD5iGF5b4N0MzpVHD9mFyo8U1yDQY=,tag:MifkTezcnq4GffHGkJYymQ==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:weYaEKsWsAM218uvm0jaCV/pQZETyfHDefVvMJWvow==,iv:YkzR+bnajZQxye4NBd4LVxlOYMrt2EJKec3MpXkM7Yw=,tag:JbjrsennL/VkYqHnJq74sA==,type:str]
#ENC[AES256_GCM,data:9yMgWVAqIPoeo5Zy3ZPEle+/sytN/Ypyfp3wA6s=,iv:SJNgt6XWCl+1wrjhRSDMEp++dzEZWbmyeubTuVRxVCw=,tag:5A0GTlL5gPL9/OEe9ma+lw==,type:comment]
SMTP_SERVER: ENC[AES256_GCM,data:C4TNhMXhgq04ibK4c26Z7jrPEA==,iv:0MELVPm781uDIrtImE3b378uF7ehRgERLM2PmxV4bEA=,tag:aelteeYi7+6HH7Y1qzdw4w==,type:str]
SMTP_PORT: ENC[AES256_GCM,data:YV+i,iv:qb6EevBjKDd8Jw2FnHiy6h7TKXwl5Fazgw+AglTwuAs=,tag:FBIyBQAr8we56GDZHU804A==,type:str]
SMTP_LOGIN: ENC[AES256_GCM,data:dGXc4lOiygj0uhZQKMklriExQQr5SDyGEogctBO4H1TaAA==,iv:pQ2iAdwcFHJDkodTDLxmGceSxS2uxzENcWzEWprzmuI=,tag:Tiuqx4RPJ1KubAR3cdCMdw==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:V1MRZuvj330y80rwYfQb8prcOxDD6Ql/WQV0LAiH7yNBZrzo5b5NYN/PEPRkmjrmqBo=,iv:JQgawTWUbrVkd8Tg3toDwpk/vYrb1GCu4AI0UjsVpbM=,tag:F7GcRIN0Cx8RBTWJUIDGJw==,type:str]
SMTP_FROM_ADDRESS: ENC[AES256_GCM,data:B770l0xuG+8JrQhvpnlyYGXMRVtQ9PoxOzKXKkSMmdUEpA==,iv:Ivj10AM8Yn88fftwionj52FF48NqUVIpuvYS5T2+zCo=,tag:zNiGv64czqzm1Ts/gj3fpw==,type:str]
SMTP_DOMAIN: ENC[AES256_GCM,data:s0Aam/radylpPLAdpduZ9e/5OLJ+f+yYXg==,iv:KZyx7/v5PyXTvayx5mqhby2au/4ovhFblc4mIUL+5eY=,tag:kh/bnm5pcd96xzmbmXtzbw==,type:str]
SMTP_DELIVERY_METHOD: ENC[AES256_GCM,data:R2cQXQ==,iv:scVUfHlG/KyDYIAn1+Szr5JPslZRlUvUocr/XQ6cuBI=,tag:JBfOKRYGqDjUkf48eFqJXg==,type:str]
SMTP_AUTH_METHOD: ENC[AES256_GCM,data:/xyCeGY=,iv:mXkxR2MhlCOMhamb4dm/F6+0c3/XYLB6MvcyPSBSq1A=,tag:F19q8IedyVszN/lT6h3cEw==,type:str]
SMTP_ENABLE_STARTTLS: ENC[AES256_GCM,data:WZg70w==,iv:F6B0O1TDZQrW4560ihK9aYLgxOWTMCVWUg9zKx5Dza4=,tag:HZYDEPI+KCcgYMRGn4fDog==,type:str]
#ENC[AES256_GCM,data:KPCiCfb60s5vs8243qzcbEnRrefW6Xs=,iv:r4+CWR3lK1b/KUKai+8iZP0+ONMbHJuqB6rNNZ4gOaM=,tag:zQKvCRsvHZLWEz7tSYZY1A==,type:comment]
OIDC_ENABLED: ENC[AES256_GCM,data:CpDT0g==,iv:wFZGCATwRBDTmxi8su9HZo7MIRUSwjpETEceCvzOo+0=,tag:lRb5doXqYeFOj/RyHRj3jg==,type:str]
OIDC_DISPLAY_NAME: ENC[AES256_GCM,data:gDne0Iz0zF/JxrNvUEvEFt3so5B4,iv:Zbp8dXogp58BOixgzNHLzwavceMNeAatURSYLKrM3fU=,tag:bGMdF92bAedey0NzZG7pzg==,type:str]
OIDC_ISSUER: ENC[AES256_GCM,data:PDhUT81FT05lNxQQhBQ6AQT/moCsArbPEbVkTK5b9s8/bbmpcUtfnxXnufruPrNY55R1Hn+RfPWZ,iv:Zo2qUcmnLgbUSbnAyReCSTsfqoP0GI3/ZqVRibkHvcQ=,tag:0zapOY1rK8tK2mU1Nhyv2g==,type:str]
OIDC_DISCOVERY: ENC[AES256_GCM,data:GSwshw==,iv:g5vVEq7/CHRkBHlkfqSteMf2SCb61IEkRufDrvf88+I=,tag:inod3YRIppuHfkeOkAWM+w==,type:str]
OIDC_SCOPE: ENC[AES256_GCM,data:/ZhBRtd7KwJWbbiSg94vCotuxOM=,iv:DwA1AcRNagYjugQDyDESCojZYhHgnBza+6gbbsGMDFo=,tag:hvHx8Y0qLWcWbGEPPZKK6A==,type:str]
OIDC_UID_FIELD: ENC[AES256_GCM,data:tBCv8nUOTnHhz58vO8PQGshZ,iv:4nc7pBk2ImdiFtgYGiX41NkKq8PtHn9w+er4RbPjRTY=,tag:P/Os+fFJyA0YQgfJALxbPQ==,type:str]
OIDC_CLIENT_ID: ENC[AES256_GCM,data:/Lw9KbCGjXfgvFZqJNPTHoInt6AOt8zAXOOeQq/uWnXVHxw4YANIkg==,iv:sq/5/t+ASUFznmrKhcWjqVLvcckeAP3GXzALp7zJ0Vg=,tag:83bx6fWrJsqucK8/MSvbBw==,type:str]
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:y2n8VUZ8qbsddEKDvmbDT06WjSaZNUBN1pwxDXwpTf3tReoq/VKBkcBpvvQvorlr+S3O1XrI72bQwuY+QmsW33q+CITDC/ZE/bfdk7W2xvgWKR8EqlIeW3wltIBBX8daMJ3ttODCy3KDikcblcCjJP48K1da6yl1+NjuoaEukxU=,iv:RQ2nbtiR81T+x/2t4hKdWvJ1c7rIE2lTdIKzGxAG2ho=,tag:Xf5YkKOqS+6QD69MTX8xJg==,type:str]
#ENC[AES256_GCM,data:XjNkheL276Hj,iv:rot7kuWNX5+IOl1s1fKiBvYQYeWHSXZgk1+my2F9dxo=,tag:DVEU/A27rLHhXFl36YnwMQ==,type:comment]
HCAPTCHA_SITE_KEY: ENC[AES256_GCM,data:oYBdfELBkRr9rYZn76KGYn/9I2MXoaXMxyYwTuYF5BTSVbR7,iv:2CTVx1ndnmaJLtYjdA8afF80v3NuPYJzLwJPLsAX0wc=,tag:GGYW67ELSqetqjWrs2v9nw==,type:str]
HCAPTCHA_SECRET_KEY: ENC[AES256_GCM,data:2LuDzzM05FapO0dUqpXSdt6BhXwdyVwgdpUTZYTDXS6uLXA=,iv:akcBSFEZux/yrBnuBaACwWMoCVOsrlKqLoCvb4RQYzc=,tag:znJxBowqoXx9nzIHioPTLA==,type:str]
#ENC[AES256_GCM,data:2a6AjXvURAd3qo8o2mVNG9gCFMQ/Z9c/2+fSMWWOcZd258vFG6bR6J8HR07Bp9lpODiHK8h12LfLB2wESJGX1W8hwCW5PloPa03cCRU3gqKOFQqZ2POY,iv:laTp7AWf6W2k5vVrwBWKb1ZTFTE2mKkVyHXKNncpK+M=,tag:CJvNzIOOx1yPL0vzyOHY7g==,type:comment]
#ENC[AES256_GCM,data:dMB5b+9XIKiP6pUGAQDhn467bo/uRGNNkMxfEYc+Xr8FwUEj/bAOAs/srJFxU+xgKWSXK9aJ5uA7ubW7VQr2LE95BzG7uoSFJT5I,iv:akpFoWt8r8Y2WRFza1QKA2JXLm7mOmvlw+q2Uopq0dI=,tag:lxOi5mI2nwBfsPbDk6TYOw==,type:comment]
#ENC[AES256_GCM,data:X1+4Kvb2TjdhnqpDESAmsD2Dd7c/oNpTg5hw5iBLxikxGZ9JoPBKDWlMaCz0Y2DsaI8e+BBxjpVrGhpU8ACwTES4P0FILt/Lj5rQhUpAsUqUayYLbWczMxRfKe4rdg==,iv:LhDjTnX4HMMwwYTVCFfH8g8C24yD0JCXIYKseBwyoJs=,tag:9fxr2VQXoN99DeKbrKas9g==,type:comment]
#ENC[AES256_GCM,data:Bhv1rxAv6dXt+2C4z36Mr5Z8D+TGBI46kBwUujEjIRiAWlwfbD00EZw2Ce3y8ka7olIbMDBhTSYFanngZ/KTsrx72OdGMvI6YKWCvg==,iv:NLXDPmpKwH2ZEKweXlKWekbVFgWgUGfRtAph7OWpwRc=,tag:xeIPADANV6oMlOjSPZ0BpQ==,type:comment]
#ENC[AES256_GCM,data:Xu+yzsXvPJOqT2oup5StvrGvOwhgKX0c24e+XAmVBr9eWgwtiPluEl4z9cbrdJqcdJSEHnnzKfVZeUA91a7WqKDK6JAIUR6eHlNyQbhjnie96y9padryM3xmTQ/SX7jVFw==,iv:HLY/dBylXg3GgnyyG33Odq1/pDa3D+oG3LF22+xi5Wg=,tag:TStHtTnedreeiAxgXXlBXw==,type:comment]
#ENC[AES256_GCM,data:4bTFGDBXpIrtx8+g2Bqwe+LaJO7TiMNYY40TvxgZbNKWH8RfXMRMBE7WU5N8SlaKkWPPrXee0dsiFi+Jyncq8QXzCx0=,iv:qkhz3tDoZE010VA4Gy5jIR/AyCsZd5FudiPR7cmgXC0=,tag:fTLKkltUUKAc9Cv4Es9/uw==,type:comment]
ALLOWED_PRIVATE_ADDRESSES: ENC[AES256_GCM,data:d3hvmTw7m99Z4lV+YR4Hua7ducRId0b7ufua9J+8yruEMH+M4Q==,iv:4uzJwov0OeDcBmR13VZyWx0IvldQU7d2mT5Glpm2AlA=,tag:GE8ztjRVDmEyqKJtWnrE1Q==,type:str]
#ENC[AES256_GCM,data:u6R1KFws8udZGXjt1/Sz+KxrySnz+qHoMuaIqyn48kN9rAdZm/fnCbLm9xfwTyhFPQ0Ux1TzYC4OrS5oEQ==,iv:YurLq6O8cbukH9qxjlxNrfm2oYylPadzlT5f9mTiWUw=,tag:dvdqMDs6t90PI7nqks7nGA==,type:comment]
#ENC[AES256_GCM,data:9003BQ4N2LByOGQsAhBwV9AQT9eDUyV6/2iutB2mHQ5Dy8uFYryaDoXO11dJIdXBc26DJa2hwR9D1yL/I+UZ,iv:d+S9CgMALtk9Xxnpp3a5adjv6H/XwKoglwqiEsKDhZ0=,tag:V/Hck1nEYruV18LIm8H5aQ==,type:comment]
#ENC[AES256_GCM,data:0RxQZoy9Tnb7kilowmAAZ88SnzFZIymlo6heXimxs3qqyVrETbYQO49Iqlv3bO110hm5h/MdrbyrLQ2jsHo=,iv:8yqzrkxD2lDAMgs99iC11ltxGVbSSas3dJfYz/jIpLs=,tag:21AtWj7V+5uwmCzElVFfHQ==,type:comment]
#ENC[AES256_GCM,data:FUQAP3Zxh344JvytKFHrt0Q4V0aksak61AlM6l90H8qcHuhxdLZ65TU55oQGOmOlrrH9qROs/qKAK0y8fWQnadftwHBnByC3oxI=,iv:5tg75Bc+m5yrEMcCzNAKrMJI72C/ZWUjXzznb0XJiZ8=,tag:6SgtbCdHYPJUJSGa/Jn+QA==,type:comment]
DISABLE_HOST_CHECK: ENC[AES256_GCM,data:4StJXw==,iv:5XcnrPR4sJi1ntDG05/7HH8Rw/zgei3kWCosVikqNOQ=,tag:ZFUtZj63+42BJGqxfkas2Q==,type:str]
#ENC[AES256_GCM,data:9Son1ebV7HLqeyNVVe9YSFzH+QWYYBy91ELpQ5Exceg58C6OxovqgwkLdyblOog=,iv:Twj7akRs9mmYVU1/aAoPf0X6jgbLIuVe5A7T4StHKX0=,tag:FfkUQy9qChlzgHL/Hw0adw==,type:comment]
ALTERNATE_DOMAINS: ""
#ENC[AES256_GCM,data:p+1k0b44rOadx6JEgd8o9YirRBn3wJqfi+pKudId/83WLmmuQlmGYBBFFeomCzk=,iv:2yGGn0Oy9Z4dUx+TqY4Lm16HoK9Z/HZi7BRPxOnGTSc=,tag:ALmCufTv1KKt2/TA5bdlVA==,type:comment]
ES_ENABLED: ENC[AES256_GCM,data:bph5yQ==,iv:jFSzWht29m5/+RdcKI9ZhEhHckyR8bTd8r4KaT7aIgc=,tag:yoXHXx8gRlhlzKlQFklQhg==,type:str]
ES_HOST: ENC[AES256_GCM,data:s6gHEne9v5B+335+jhvPwMyN8U5ck5WgyTC2UoRy2HM8fwQNtd6FfLqHsabvMxWJQdbYr1Iwe4nYLO5J,iv:4MwAEfA83DHHdx/9iMNNmvk8zr5ThNOv+cMMKAczt1U=,tag:ktxjYZ3VoB5xe8D/P+Ffmg==,type:str]
ES_PORT: ENC[AES256_GCM,data:ys+NQQ==,iv:wJjDtw4t6P5nt8xaoJrirNjSkzN88gCkLpWphJHDf0c=,tag:hC7KN44OPao1jvtfxvkGIg==,type:str]
ES_USER: ENC[AES256_GCM,data:VXqUXYDTeI4=,iv:PJFd5CLwr9gSyw0JLWp81cgckuVNW0MxJrkErjtVAVg=,tag:GNy5AS/8p34+ZsvbOZrPfQ==,type:str]
ES_PRESET: ENC[AES256_GCM,data:uJv1RkkZb9Yy61+q+W0JumR2Tg==,iv:7zUyPC+dGSQitLziRukv25BOAD5LKjrP8Na9j1PAB3U=,tag:xYDxFzAh9tgrWng7EjsjaA==,type:str]
sops:
lastmodified: "2025-11-30T09:13:02Z"
mac: ENC[AES256_GCM,data:hyWbnNgjH47FQr2Rf873QMKU8iFIUF4TRqiDg+Ww3MNeypMecHo3UyooQUOsq1I4lrLADUI3SWmdBOWbXfctdSwh3r1TCe92RVoZ7tmMJNTrzZ3NwNfsjnaiYISTiQS+lrwOgUWwjQNwduMfQqPwplsVg++tQYzTVSV70fcdVdM=,iv:SjT0r8yxHNEzj494AvbirO6YpeCJCR/m4bVAiYF5crg=,tag:nV3lG8YhDyDNcMLzURNOJg==,type:str]
pgp:
- created_at: "2025-11-27T09:39:48Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DZT3mpHTS/JgSAQdALJcNk6RF6DAhL8JHda+V8NIObfAPI7sktYxlKgzSpiEw
Ib1btCNyOjlFmfvvKqK/UwjTyETBFCdyw1/XnCZlRP0kv4fXwzL2f5icwmJ4BzaG
1GgBCQIQRz7EcytV8Ghian9ix4535ftW0ntSkqwdk817EYaca/l8jFoek1TWfgDu
NND/QPGdbCguz3zUWeWTck8D9sdoaK0oWFcvkTbcfEAkDMeYgvOhT+5Yq8bflfxL
fqeu1Te/IFh1+Q==
=0aJZ
-----END PGP MESSAGE-----
fp: B120595CA9A643B051731B32E67FF350227BA4E8
- created_at: "2025-11-27T09:39:48Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DSXzd60P2RKISAQdAE16PcXlnES18RuZyfmO79ilb7ILYkNpUQaGvpIKTV1sw
1IavrBpJjSm3Mq2tNeclDMbCX08XraQYkCDscR7siIq6oyDltL+TKz0I1uvvB7Lo
1GgBCQIQ+UGu5WCus5a33BJUGn9BqxDdsugkLCHmVc4g28KYM4U5W/tJglNNeuvN
FOfkIB9Z4Yt4d7qVnmc6irFoq7+C5Jqi5eG50gzJhJa9NzV75OrAQALID/Ze45bA
7Y69zXK3mzToZA==
=MG71
-----END PGP MESSAGE-----
fp: 4A8AADB4EBAB9AF88EF7062373CECE06CC80D40C
encrypted_regex: ^(data|stringData)$
version: 3.10.2

40
manifests/applications/mastodon/smtp-secret.yaml Normal file
View File

@@ -0,0 +1,40 @@
apiVersion: v1
kind: Secret
metadata:
name: mastodon-smtp-secrets
namespace: mastodon-application
type: Opaque
stringData:
#ENC[AES256_GCM,data:obsI9Pwa0g4XgGIrc67Yes5ps5CPl1wWdLuZ3hCJk+v4uytCzpVQPS0SFUZRKzADRhL7BMlThqEOVzpiduWXM6+VUbg=,iv:j9uehp9LC3R2hW6Z5L1YsaxmOn2sxHqlxq9+VEy5hK4=,tag:+b7lUbB8D2LxVVqm25hvpw==,type:comment]
login: ENC[AES256_GCM,data:W5B/yV69gQQx+8vkCRDpgsK7aQVVcAJtFdoljTh8tNRtaw==,iv:G1+hZQRSW/HYWbBSdNcTWFzswFH24bwYahncbkUGqjY=,tag:NlYecZLOxlErq2loLZAz+g==,type:str]
password: ENC[AES256_GCM,data:qw3iPbch2StTRdw8TvwkYPt/rIPg+DWylGq0WfFEOazYnk4wiCuwMuHpTUivq/HvhCM=,iv:CzC18aeSsT9oVayepmK0l1sZvVJkDiYE0Y+ZBXnAF6o=,tag:5d8n3LGdDT/JtCPlaaxm5g==,type:str]
sops:
lastmodified: "2025-07-28T18:28:23Z"
mac: ENC[AES256_GCM,data:In3DAZ76XDoy4QlWJQOOFa+OGYdTfjqhwTFswLGNtzC0PzKCzzO+jurGX06aE0dh+4Qc8msQCe17yyxPOiueKWHu998U8G/zzbcR+FKYq05RSq4S8L141UYOrF47D41Wu5p++FAY/qbS9VBka0lA5UGdllgeVjLctsp7g/jmYmY=,iv:wbLk8i04v0zosUCZcoOwGV3embGCP2NtB+PwbeC1Qc0=,tag:3W0HnPoVF2B1vOuf2Uq15w==,type:str]
pgp:
- created_at: "2025-07-28T18:28:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DZT3mpHTS/JgSAQdAYBSL7+BpLNyR4wdpCDEfveE87sLpFN2lZH9mu3y6lW4w
9/6xNP+MBeLGksffwYU/TimQtEtmlJ79+GeMLWiVRRsVNp23jaP2Qn17rljmWYky
1GgBCQIQNVQdOjWJRyYjgoyPTx+1fhT0zK6myjf+gDldebhqqkFEtT8q/nGSPDCB
2Dw2uk11DhVSYRv3KHCuEH0VeASi9O/XZWS1+KXjq7uFUrAawd8SX5AsSj5supcF
nFsvkM9fEH3Y1A==
=Lsy0
-----END PGP MESSAGE-----
fp: B120595CA9A643B051731B32E67FF350227BA4E8
- created_at: "2025-07-28T18:28:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DSXzd60P2RKISAQdA3iWxrlNtaeOzc8FGvansU5LcYNjPx2zELQkNOmDuaVUw
xMyH6hE/Sv0pKQ+G381onDY3taC0OVHYM3hk6+Uuxl889JtZAgrMoFKesvn13nKv
1GgBCQIQaGBaCbDI78dMvaaKikztA33H2smcRx2nRW0/LSQojHXKsPMNFDWZsi5V
CnnNkVbeyp399XuiC4dfrgO/X6a2+97OQGpKg9dcNTA4f08xsmF8i8cYX87q7mxG
ujAc3AQtEquu6A==
=JIGP
-----END PGP MESSAGE-----
fp: 4A8AADB4EBAB9AF88EF7062373CECE06CC80D40C
encrypted_regex: ^(data|stringData)$
version: 3.10.2