From 773a6aaa63ea86e8bb1da57209005c2150d9ce77 Mon Sep 17 00:00:00 2001 From: uttarayan21 Date: Fri, 1 Aug 2025 15:18:56 +0530 Subject: [PATCH] broken: Added initial support for authelia + lldap oidc for nextcloud --- home/apps/orcaslicer.nix | 5 +- home/apps/orcaslicer/package.nix | 235 ++++++++++++++++++ ...-CMakeLists-Link-against-webkit2gtk-.patch | 34 +++ .../orcaslicer/patches/allow_wayland.patch | 54 ++++ .../patches/dont-link-opencv-world-orca.patch | 14 ++ home/apps/orcaslicer/patches/no-osmesa.patch | 13 + nixos/mirai/services/immich.nix | 5 +- nixos/mirai/services/nextcloud.nix | 57 ++++- nixos/ryu/configuration.nix | 1 + nixos/ryu/containers/default.nix | 12 + .../containers/immich-machine-learning.nix | 26 ++ secrets/secrets.yaml | 6 +- 12 files changed, 453 insertions(+), 9 deletions(-) create mode 100644 home/apps/orcaslicer/package.nix create mode 100644 home/apps/orcaslicer/patches/0001-not-for-upstream-CMakeLists-Link-against-webkit2gtk-.patch create mode 100644 home/apps/orcaslicer/patches/allow_wayland.patch create mode 100644 home/apps/orcaslicer/patches/dont-link-opencv-world-orca.patch create mode 100644 home/apps/orcaslicer/patches/no-osmesa.patch create mode 100644 nixos/ryu/containers/default.nix create mode 100644 nixos/ryu/containers/immich-machine-learning.nix diff --git a/home/apps/orcaslicer.nix b/home/apps/orcaslicer.nix index 521eaf07..04227929 100644 --- a/home/apps/orcaslicer.nix +++ b/home/apps/orcaslicer.nix @@ -1,9 +1,6 @@ {pkgs, ...}: { home.packages = with pkgs; lib.optionals pkgs.stdenv.isLinux [ - # (orca-slicer.overrideAttrs (oldAttrs: { - # nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [pkgs.cudatoolkit]; - # buildInputs = oldAttrs.buildInputs ++ [pkgs.cudatoolkit]; - # })) + (pkgs.callPackage ./orcaslicer/package.nix {}) ]; } diff --git a/home/apps/orcaslicer/package.nix b/home/apps/orcaslicer/package.nix new file mode 100644 index 00000000..b4a302ee --- /dev/null +++ b/home/apps/orcaslicer/package.nix @@ -0,0 +1,235 @@ +{ + stdenv, + lib, + binutils, + fetchFromGitHub, + fetchpatch, + cmake, + pkg-config, + wrapGAppsHook3, + boost186, + cereal, + cgal, + curl, + dbus, + eigen, + expat, + ffmpeg, + gcc-unwrapped, + glew, + glfw, + glib, + glib-networking, + gmp, + gst_all_1, + gtest, + gtk3, + hicolor-icon-theme, + ilmbase, + libpng, + mpfr, + nlopt, + opencascade-occt_7_6, + openvdb, + opencv, + pcre, + systemd, + tbb_2021, + webkitgtk_4_1, + wxGTK32, + xorg, + libnoise, + withSystemd ? stdenv.hostPlatform.isLinux, +}: let + wxGTK' = + (wxGTK32.override { + # withCurl = true; + # withPrivateFonts = true; + withWebKit = true; + }).overrideAttrs + (old: { + configureFlags = + old.configureFlags + ++ [ + # Disable noisy debug dialogs + "--enable-debug=no" + ]; + }); +in + stdenv.mkDerivation (finalAttrs: { + pname = "orca-slicer"; + version = "v2.3.0"; + + src = fetchFromGitHub { + owner = "SoftFever"; + repo = "OrcaSlicer"; + tag = finalAttrs.version; + hash = "sha256-MEa57jFBJkqwoAkqI7wXOn1X1zxgLQt3SNeanfD88kU="; + }; + + nativeBuildInputs = [ + cmake + pkg-config + wrapGAppsHook3 + wxGTK' + ]; + + buildInputs = + [ + binutils + (boost186.override { + enableShared = true; + enableStatic = false; + extraFeatures = [ + "log" + "thread" + "filesystem" + ]; + }) + boost186.dev + cereal + cgal + curl + dbus + eigen + expat + ffmpeg + gcc-unwrapped + glew + glfw + glib + glib-networking + gmp + gst_all_1.gstreamer + gst_all_1.gst-plugins-base + gst_all_1.gst-plugins-bad + gst_all_1.gst-plugins-good + gtk3 + hicolor-icon-theme + ilmbase + libpng + mpfr + nlopt + opencascade-occt_7_6 + openvdb + pcre + tbb_2021 + webkitgtk_4_1 + wxGTK' + xorg.libX11 + opencv.cxxdev + libnoise + ] + ++ lib.optionals withSystemd [systemd] + ++ finalAttrs.checkInputs; + + patches = [ + # Fix for webkitgtk linking + ./patches/0001-not-for-upstream-CMakeLists-Link-against-webkit2gtk-.patch + # Link opencv_core and opencv_imgproc instead of opencv_world + ./patches/dont-link-opencv-world-orca.patch + # Don't link osmesa + ./patches/no-osmesa.patch + # The changeset from https://github.com/SoftFever/OrcaSlicer/pull/7650, can be removed when that PR gets merged + # Allows disabling the update nag screen + (fetchpatch { + name = "pr-7650-configurable-update-check.patch"; + url = "https://github.com/SoftFever/OrcaSlicer/commit/d10a06ae11089cd1f63705e87f558e9392f7a167.patch"; + hash = "sha256-t4own5AwPsLYBsGA15id5IH1ngM0NSuWdFsrxMRXmTk="; + }) + (fetchpatch { + url = "https://gitlab.archlinux.org/schiele/prusa-slicer/-/raw/8acd24c8e0c21b0753f33416e63f8b54b82609ff/allow_wayland.patch?inline=false"; + hash = "sha256-C2eg7Z2ghegP0ZWLF4LxLemhMi5Mt7g5dLOtxcvlq+k="; + }) + ]; + + doCheck = true; + checkInputs = [gtest]; + + separateDebugInfo = true; + + NLOPT = nlopt; + + NIX_CFLAGS_COMPILE = toString ( + [ + "-Wno-ignored-attributes" + "-I${opencv.out}/include/opencv4" + "-Wno-error=incompatible-pointer-types" + "-Wno-template-id-cdtor" + "-Wno-uninitialized" + "-Wno-unused-result" + "-Wno-deprecated-declarations" + "-Wno-use-after-free" + "-Wno-format-overflow" + "-Wno-stringop-overflow" + "-DBOOST_ALLOW_DEPRECATED_HEADERS" + "-DBOOST_MATH_DISABLE_STD_FPCLASSIFY" + "-DBOOST_MATH_NO_LONG_DOUBLE_MATH_FUNCTIONS" + "-DBOOST_MATH_DISABLE_FLOAT128" + "-DBOOST_MATH_NO_QUAD_SUPPORT" + "-DBOOST_MATH_MAX_FLOAT128_DIGITS=0" + "-DBOOST_CSTDFLOAT_NO_LIBQUADMATH_SUPPORT" + "-DBOOST_MATH_DISABLE_FLOAT128_BUILTIN_FPCLASSIFY" + ] + # Making it compatible with GCC 14+, see https://github.com/SoftFever/OrcaSlicer/pull/7710 + ++ lib.optionals (stdenv.cc.isGNU && lib.versionAtLeast stdenv.cc.version "14") [ + "-Wno-error=template-id-cdtor" + ] + ); + + NIX_LDFLAGS = toString [ + (lib.optionalString withSystemd "-ludev") + "-L${boost186}/lib" + "-lboost_log" + "-lboost_log_setup" + ]; + + prePatch = '' + sed -i 's|nlopt_cxx|nlopt|g' cmake/modules/FindNLopt.cmake + sed -i 's|"libnoise/noise.h"|"noise/noise.h"|' src/libslic3r/PerimeterGenerator.cpp + ''; + + cmakeFlags = [ + (lib.cmakeBool "SLIC3R_STATIC" false) + (lib.cmakeBool "SLIC3R_FHS" true) + (lib.cmakeFeature "SLIC3R_GTK" "3") + (lib.cmakeBool "BBL_RELEASE_TO_PUBLIC" true) + (lib.cmakeBool "BBL_INTERNAL_TESTING" false) + (lib.cmakeBool "SLIC3R_BUILD_TESTS" false) + (lib.cmakeFeature "CMAKE_CXX_FLAGS" "-DGL_SILENCE_DEPRECATION") + (lib.cmakeFeature "CMAKE_EXE_LINKER_FLAGS" "-Wl,--no-as-needed") + (lib.cmakeBool "ORCA_VERSION_CHECK_DEFAULT" false) + (lib.cmakeFeature "LIBNOISE_INCLUDE_DIR" "${libnoise}/include/noise") + (lib.cmakeFeature "LIBNOISE_LIBRARY" "${libnoise}/lib/libnoise-static.a") + "-Wno-dev" + ]; + + # Generate translation files + postBuild = "( cd .. && ./run_gettext.sh )"; + + preFixup = '' + gappsWrapperArgs+=( + --prefix LD_LIBRARY_PATH : "$out/lib:${ + lib.makeLibraryPath [ + glew + ] + }" + --set WEBKIT_DISABLE_COMPOSITING_MODE 1 + ) + ''; + + meta = { + description = "G-code generator for 3D printers (Bambu, Prusa, Voron, VzBot, RatRig, Creality, etc.)"; + homepage = "https://github.com/SoftFever/OrcaSlicer"; + changelog = "https://github.com/SoftFever/OrcaSlicer/releases/tag/v${finalAttrs.version}"; + license = lib.licenses.agpl3Only; + maintainers = with lib.maintainers; [ + zhaofengli + ovlach + pinpox + liberodark + ]; + mainProgram = "orca-slicer"; + platforms = lib.platforms.linux; + }; + }) diff --git a/home/apps/orcaslicer/patches/0001-not-for-upstream-CMakeLists-Link-against-webkit2gtk-.patch b/home/apps/orcaslicer/patches/0001-not-for-upstream-CMakeLists-Link-against-webkit2gtk-.patch new file mode 100644 index 00000000..15f1bf8f --- /dev/null +++ b/home/apps/orcaslicer/patches/0001-not-for-upstream-CMakeLists-Link-against-webkit2gtk-.patch @@ -0,0 +1,34 @@ +From 7eed499898226222a949a792e0400ec10db4a1c9 Mon Sep 17 00:00:00 2001 +From: Zhaofeng Li +Date: Tue, 22 Nov 2022 13:00:39 -0700 +Subject: [PATCH] [not for upstream] CMakeLists: Link against webkit2gtk in + libslic3r_gui + +WebView.cpp uses symbols from webkitgtk directly. Upstream setup +links wxGTK statically so webkitgtk is already pulled in. + +> /nix/store/039g378vc3pc3dvi9dzdlrd0i4q93qwf-binutils-2.39/bin/ld: slic3r/liblibslic3r_gui.a(WebView.cpp.o): undefined reference to symbol 'webkit_web_view_run_javascript_finish' +> /nix/store/039g378vc3pc3dvi9dzdlrd0i4q93qwf-binutils-2.39/bin/ld: /nix/store/8yvy428jy2nwq4dhmrcs7gj5r27a2pv6-webkitgtk-2.38.2+abi=4.0/lib/libwebkit2gtk-4.0.so.37: error adding symbols: DSO missing from command line +--- + src/CMakeLists.txt | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index 9c5cb96..e92a0e3 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -175,6 +175,11 @@ if (WIN32) + target_link_libraries(BambuStudio_app_gui PRIVATE boost_headeronly) + endif () + ++# We link against webkit2gtk symbols in src/slic3r/GUI/Widgets/WebView.cpp ++if (CMAKE_SYSTEM_NAME STREQUAL "Linux") ++ target_link_libraries(libslic3r_gui "-lwebkit2gtk-4.0") ++endif () ++ + # Link the resources dir to where Slic3r GUI expects it + set(output_dlls_Release "") + set(output_dlls_Debug "") +-- +2.38.1 + diff --git a/home/apps/orcaslicer/patches/allow_wayland.patch b/home/apps/orcaslicer/patches/allow_wayland.patch new file mode 100644 index 00000000..e780335d --- /dev/null +++ b/home/apps/orcaslicer/patches/allow_wayland.patch @@ -0,0 +1,54 @@ +commit c9282b73f3d09daff23a2603addd94605596ebe7 +Author: Robert Schiele +Date: Thu May 8 19:16:46 2025 +0200 + + remove forcing GDK_BACKEND to x11 + + It seems the problems on Wayland from the past are removed meanwhile. + +diff --git a/src/CLI/GuiParams.cpp b/src/CLI/GuiParams.cpp +index f44b91651f..41b42ff368 100644 +--- a/src/CLI/GuiParams.cpp ++++ b/src/CLI/GuiParams.cpp +@@ -107,9 +107,8 @@ int start_gui_with_params(GUI::GUI_InitParams& params) + #if !defined(_WIN32) && !defined(__APPLE__) + // likely some linux / unix system + const char* display = boost::nowide::getenv("DISPLAY"); +- // const char *wayland_display = boost::nowide::getenv("WAYLAND_DISPLAY"); +- //if (! ((display && *display) || (wayland_display && *wayland_display))) { +- if (!(display && *display)) { ++ const char *wayland_display = boost::nowide::getenv("WAYLAND_DISPLAY"); ++ if (! ((display && *display) || (wayland_display && *wayland_display))) { + // DISPLAY not set. + boost::nowide::cerr << "DISPLAY not set, GUI mode not available." << std::endl << std::endl; + print_help(false); +@@ -141,4 +140,4 @@ int start_as_gcode_viewer(GUI::GUI_InitParams& gui_params) + } + #else // SLIC3R_GUI + // If there is no GUI, we shall ignore the parameters. Remove them from the list. +-#endif // SLIC3R_GUI +\ No newline at end of file ++#endif // SLIC3R_GUI +diff --git a/src/CLI/Setup.cpp b/src/CLI/Setup.cpp +index 82e03d466d..95acdf3477 100644 +--- a/src/CLI/Setup.cpp ++++ b/src/CLI/Setup.cpp +@@ -212,11 +212,6 @@ static bool setup_common() + save_main_thread_id(); + + #ifdef __WXGTK__ +- // On Linux, wxGTK has no support for Wayland, and the app crashes on +- // startup if gtk3 is used. This env var has to be set explicitly to +- // instruct the window manager to fall back to X server mode. +- ::setenv("GDK_BACKEND", "x11", /* replace */ true); +- + // https://github.com/prusa3d/PrusaSlicer/issues/12969 + ::setenv("WEBKIT_DISABLE_COMPOSITING_MODE", "1", /* replace */ false); + ::setenv("WEBKIT_DISABLE_DMABUF_RENDERER", "1", /* replace */ false); +@@ -338,4 +333,4 @@ bool setup(Data& cli, int argc, char** argv) + return true; + } + +-} +\ No newline at end of file ++} diff --git a/home/apps/orcaslicer/patches/dont-link-opencv-world-orca.patch b/home/apps/orcaslicer/patches/dont-link-opencv-world-orca.patch new file mode 100644 index 00000000..426fd029 --- /dev/null +++ b/home/apps/orcaslicer/patches/dont-link-opencv-world-orca.patch @@ -0,0 +1,14 @@ +diff --git a/src/libslic3r/CMakeLists.txt b/src/libslic3r/CMakeLists.txt +index 64e0a9e87..e14f29488 100644 +--- a/src/libslic3r/CMakeLists.txt ++++ b/src/libslic3r/CMakeLists.txt +@@ -576,7 +576,8 @@ target_link_libraries(libslic3r + mcut + JPEG::JPEG + qoi +- opencv_world ++ opencv_core ++ opencv_imgproc + noise::noise + ) + diff --git a/home/apps/orcaslicer/patches/no-osmesa.patch b/home/apps/orcaslicer/patches/no-osmesa.patch new file mode 100644 index 00000000..09298b3e --- /dev/null +++ b/home/apps/orcaslicer/patches/no-osmesa.patch @@ -0,0 +1,13 @@ +diff --git a/src/slic3r/CMakeLists.txt b/src/slic3r/CMakeLists.txt +index e695acd48..174e233e6 100644 +--- a/src/slic3r/CMakeLists.txt ++++ b/src/slic3r/CMakeLists.txt +@@ -587,7 +587,7 @@ elseif (CMAKE_SYSTEM_NAME STREQUAL "Linux") + FIND_LIBRARY(WAYLAND_EGL_LIBRARIES NAMES wayland-egl) + FIND_LIBRARY(WAYLAND_CLIENT_LIBRARIES NAMES wayland-client) + find_package(CURL REQUIRED) +- target_link_libraries(libslic3r_gui ${DBUS_LIBRARIES} OSMesa) ++ target_link_libraries(libslic3r_gui ${DBUS_LIBRARIES}) + target_link_libraries(libslic3r_gui + OpenGL::EGL + ${WAYLAND_SERVER_LIBRARIES} diff --git a/nixos/mirai/services/immich.nix b/nixos/mirai/services/immich.nix index 8e4e473a..b8516b94 100644 --- a/nixos/mirai/services/immich.nix +++ b/nixos/mirai/services/immich.nix @@ -42,7 +42,7 @@ "machineLearning": { "enabled": true, "urls": [ - "http://ryu:3003", + "http://ryu.darksailor.dev:3003", "http://localhost:3003" ], } @@ -51,7 +51,7 @@ ''; mode = "0400"; owner = "immich"; - restartUnits = ["immich-server.service" "authelia-darksailor.service"]; + restartUnits = ["immich-server.service"]; }; }; }; @@ -73,6 +73,7 @@ enable = true; mediaLocation = "/media/photos/immich"; accelerationDevices = null; + machine-learning.enable = false; environment = { IMMICH_CONFIG_FILE = config.sops.templates."immich-config.json".path; }; diff --git a/nixos/mirai/services/nextcloud.nix b/nixos/mirai/services/nextcloud.nix index 67f9d916..e0cefadc 100644 --- a/nixos/mirai/services/nextcloud.nix +++ b/nixos/mirai/services/nextcloud.nix @@ -5,6 +5,8 @@ }: { sops = { secrets."nextcloud/adminpass".owner = config.users.users.nextcloud.name; + secrets."authelia/oidc/nextcloud/client_id".owner = config.users.users.nextcloud.name; + secrets."authelia/oidc/nextcloud/client_secret".owner = config.users.users.nextcloud.name; }; imports = [ "${fetchTarball { @@ -17,7 +19,7 @@ enable = true; package = pkgs.nextcloud31; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) contacts calendar bookmarks; + inherit (config.services.nextcloud.package.packages.apps) contacts calendar bookmarks user_oidc; }; extraAppsEnable = true; hostName = "cloud.darksailor.dev"; @@ -32,6 +34,7 @@ memcached = true; }; webserver = "caddy"; + settings = {}; }; # caddy = { # virtualHosts."cloud.darksailor.dev".extraConfig = '' @@ -44,5 +47,57 @@ # port = 8080; # NOT an exposed port # } # ]; + authelia.instances.darksailor = { + settings = { + definitions = { + user_attributes = { + is_nextcloud_admin = { + expression = ''"nextcloud-admins" in groups"''; + }; + }; + }; + identity_providers = { + oidc = { + claims_policies = { + custom_claims = { + is_nextcloud_admin = {}; + }; + }; + scopes = { + nextcloud_userinfo = { + claims = ["is_nextcloud_admin"]; + }; + }; + clients = [ + { + client_name = "Nextcloud"; + client_id = "nextcloud"; + client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/nextcloud/client_secret".path}" }}''; + public = false; + authorization_policy = "one_factor"; + require_pkce = true; + pkce_challenge_method = "S256"; + claims_policy = "nextcloud_userinfo"; + redirect_uris = [ + "https://cloud.darksailor.dev/apps/oidc_login/oidc" + ]; + scopes = [ + "openid" + "profile" + "email" + "groups" + "nextcloud_userinfo" + ]; + response_types = ["code"]; + grant_types = ["authorization_code"]; + # access_token_signed_response_alg = "none"; + userinfo_signed_response_alg = "none"; + token_endpoint_auth_method = "client_secret_basic"; + } + ]; + }; + }; + }; + }; }; } diff --git a/nixos/ryu/configuration.nix b/nixos/ryu/configuration.nix index df8cbd2a..48f970d2 100644 --- a/nixos/ryu/configuration.nix +++ b/nixos/ryu/configuration.nix @@ -8,6 +8,7 @@ ./ryu.nix ./services ./programs + ./containers ]; sops = { diff --git a/nixos/ryu/containers/default.nix b/nixos/ryu/containers/default.nix new file mode 100644 index 00000000..d01fe771 --- /dev/null +++ b/nixos/ryu/containers/default.nix @@ -0,0 +1,12 @@ +{device, ...}: { + imports = [ + ./immich-machine-learning.nix + ]; + virtualisation = { + docker.enable = true; + oci-containers.backend = "docker"; + }; + users.extraUsers.${device.user}.extraGroups = [ + "docker" + ]; +} diff --git a/nixos/ryu/containers/immich-machine-learning.nix b/nixos/ryu/containers/immich-machine-learning.nix new file mode 100644 index 00000000..43e66266 --- /dev/null +++ b/nixos/ryu/containers/immich-machine-learning.nix @@ -0,0 +1,26 @@ +{pkgs, ...}: let + port = 3003; +in { + virtualisation.oci-containers = { + backend = "docker"; + containers = { + immich-machine-learning = { + image = "ghcr.io/immich-app/immich-machine-learning:v${pkgs.immich.version}-cuda"; + ports = [ + "0.0.0.0:${toString port}:3003" + ]; + volumes = [ + "model-cache:/cache" + ]; + }; + }; + }; + networking.firewall.allowedTCPPorts = [port]; + environment.systemPackages = with pkgs; [ + nvidia-docker + nvidia-container-toolkit + ]; + # services.caddy.virtualHosts."ml.ryu.darksailor.dev".extraConfig = '' + # reverse_proxy localhost:${toString port} + # ''; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 55ac2bf7..59a8066a 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -29,6 +29,8 @@ authelia: immich: client_id: ENC[AES256_GCM,data:LpB+nR7SGI2EV4YK0VptF5zJ6Ai/LDfikUpoAnFWnT8krMOQ/voqjS6jhqaFz9IKhtPQL9TNZOONr5JjkDZR7sI63Ohv4Lnx,iv:J96CL8EHHj88YbQW7rdQK9C6MxXaHnMt+mgL3iL5Heg=,tag:aXD/HdWXO/e6aKGnay0W+g==,type:str] client_secret: ENC[AES256_GCM,data:aQylVYsqDExbavjGsVAXPlf/rxileM3xLM0EXCKHfiNYxwzXck/f/bvwZl7ChQZ/AHDvZ8mkMkZHyTdyap25Hg==,iv:swSrM8MvhLcq7Gw/lV36j//8fnTzBcs5wU8aj+n9obE=,tag:neaHG+UCVhmZ2HLqVa/jGA==,type:str] + nextcloud: + client_secret: ENC[AES256_GCM,data:5SZ0A0OVK3emOobuI4KYv4E3l0Q/LwVWExCg1gPoG8AKcf4Pd04SnZE7aDoFnWTv1YhEY4sRaYQW/dn2pl4zsg==,iv:p0qmeYXTqqqX0NI2YK4fpGOK8NArFCMzoSGb/lc3L4w=,tag:Ob6/FyJP1LOkvBcOh6GOJA==,type:str] jwks: ENC[AES256_GCM,data:1efhdlYmiD/y4kzK0hFfLAmY6rXK0hvZez/tu1cb2hfUhIM/DzNNthKQjH8Cu2TlZwDQpUIrCO7Tr0BbkiREC+VNK4vYgi+GWswnG7VCZS40xRAZhSArNO2uQ4dpf/KAHRSSJa3i7gGOqSG/Pnrl3TRhzkhkfWSRk+7koPWKpYJOKLem+ZLN75yssCsEbYIOHjcXyizNHt6SE2ylqqCjyWnlhlnRQStYaFPWAAABcm96MkSThSyRd6hTAifC/aZiM1IMlLw7wJJk01uwjJytlxBxDiFrdr4Grg0PzOsOAocex9Siw5fzcr7dFpVBoaS7e7nD/sccGSyEysw/t+wvkMou1Ewr5U2Pnew8lPjSrEiiGxuPwmK9kHxD3L6cADxF6xs4bn+Iqa/yy9FWbtGZfBYOxJiRvXgxBPiO7CH4tJyVIbnLfi8K/zCJC9u5vO+WFXiVIzXxAPVUL7VKQQZGxV7989LMdcjzck+B1zFHVQz25siwbpu0FxMxiJsVtBxu1U+QBRfQrwLacX2NAJvqYNZxr+9l43Fh0x8dS5CBheVEy39sXge9jLyS7kIW0FfvgJaHuLL2/GhDGsvfi7zFPOc8Thg+8LP58L8wzPT+LvVoidq/j3K2Ct6udn9JsOnbZT3Gs1RiY+E77H09GbdwIrP0sGVi4ZJe++w+sKNjyzLzceEYGkfa1EiMQhYPHzqUAwqtgmJZo9tY+2jOBJb9ZU+Kj0xtqZsjFpHaGWsRj8XGkPrAFEh6Z6/Ak9/BpYaapPeAO3Wa6tzNVlTCtaX786nSTjfGC7v9O4Uz8XQr0HV3A7wj36Fw3dqERZFKea7BJbiiAiEZtnOsbWVqQXpIUVfCvPhfwuFcOU/ClyM1fGyZXaCIeB62Tkqa+ZlqRQgzzf3bSFUK0PgxE3Ny5pIPzNEINqse+6DeFuF91uY1dLQB4Vizyzv1H+X/OecO9K8kECM1wUy3Fbbyh4tYYxt4VvqFQZ1o4A7Jd04WCIf3hdAHmwvOQW+/8dfnyLa8kqTcQYeI3jfjtRvD6TaZl21K9kFY2VJAexdno9bbozDOus1Ep92ublwonVjfvzbyDURHGF6Cw2OL7xcbHQIMz/ZmkVHMra49NHgWlI6X0slgYDxKKDszHhZ9SHkEXF8pJf+uogbwSwz1glRkEdn1oprbs8GsFoc7HGVvSHRgOWKHwvhZD2tMiSE4cEFZ9/2nSPISQMNGuS7wgnVkalKPW+gF1EWVXczanzKsrpcDtpMdFufMRVusaJBV5Jw62I++cx1AMW2dRTseQyWLchRWtOba6dd9gbNzGi39+njHClHIEUxaxXzxIQLhSgCA9loXRc26ZA6DpwHQR+gtH2OybeFEiH390YoSfFeZuU+f0E2awMdpiEsBL/AniUcboDaBEaDQYpwUawNL+II7rmSn4rTJM64n5z3B88U/vAQh9BQFhf7SDKb05n/ArCibkdy3gbo8rTVH1gGbmW53DTxzuW+AEpFcuueiP3yz1vGzEwKSX+LMkCwFwk6Y/VcqHXW+PdZ88SFUr5WELGPkZxT3AvmduBCifE0KDzKWrN3yy1xwEQDGrYiqeHqeqHpEuk/KpxeAwepqWayGMq6iT4BWUBojNo6quoXkPPodSsotbBFLjyRHoDGm0NZSbgluOUyERrN6M+ELdHqQjeNTS046KB6QnG5s+uTA+uxyonvmPCPBgFAd0q0qfq4T/SISHrPe13Y7nHnATxoMBszvIfKznqFthTBsc3V9C5+g/kcOzcEQpAC6baGe+eq23m/Go3uDa7O84Euxhj9C5NBcidvgmYmRZuY6l2ehnxf1oGoGwHBJEaYEuCk7sc3Wac6u2OvqCIKPxRdi2tUiZ9FwCGLqd8qcLEPtsSaBNk2CVlK9ZkgPzSYH794qpNQDWkyv5SJ4V9zy2LL+s9MHtHNQu6QxALZ8c0GfQetTI5ArkC3cBz/3mRdDMy9k7HpO7b6USoxqGAZ+H4kzJhus9QwjaqJnnB+fJI5O2ek5TVLY9RWXo+W2pCBDjt925BVoChkvkUEg4GtvR+8/yChgYEgYWUPqRV4vMEwQiRoaJamL/E+lRaUx+c0f9ga8+k0JdfxfzoIPUA3/rBGcfO8Y12RF8Ool4hreP409KjdPP0PeeOVKg58MPYNO5O0BdT62nyL+fSvJkw7uPGcOwtOtcxjcBsNhoFv0twrCp8S3cLX45GTNaTw+JHcxsTzG9ibL3bFtVkAAiZHZGMisEjTSGElSGIDk+MoPt68hq4BRioab,iv:gGKyTUigpnqg3Fgd76INrESRT27hJRzYQ3xk8heNkWk=,tag:fVc8rg1Or63X/14neG+8Cw==,type:str] lldap: jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str] @@ -60,7 +62,7 @@ sops: VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-29T07:19:37Z" - mac: ENC[AES256_GCM,data:bdLqeJPLiLLyeVjqYM3ec4HnLcrKN6dd5B8qYr49flEzi7+hRKHmhbZt/xTAMEx4YNN+6dPZMipX0+cn4c/LIozY9QlNiDV0mOfXmmM60xkkSd6Bo3Wge39E+oJ9n4Ne3RG2ynmW4sxsJDBd1d3bCj8RQVfvNeLmOh9fvW+5vug=,iv:H7JSEy5z5Dgvq8cbzL1/r5S6Nm0mx3uzWHaBzg0esXc=,tag:fP+Wu4mRQL8cAZ7KOh7+4g==,type:str] + lastmodified: "2025-07-31T19:58:41Z" + mac: ENC[AES256_GCM,data:B6xCuuzH90mnnpVjRtYOMRuFACvAvEodPs/sYI0BCdrD05eHB/t3BB1y/kI65J41Tj1AY8+3zTBJU1VdhmN1dusu3G6dMqVEiG+09CfjfaSVk6k1zw9IkYCBn0CeovXAZfOjyTbOnVILHriIofsHS7l+F2F0Jo2Nx8OdY7Gy0fY=,iv:wi/1YJVU1OwvzooFHHxt/jSvBafGa9orAYLH66psmfc=,tag:umj/NOtqW/9jLmUZZX2hPA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2