broken: Added initial support for authelia + lldap oidc for nextcloud

home/apps/orcaslicer.nix

@@ -1,9 +1,6 @@
 {pkgs, ...}: {
   home.packages = with pkgs;
     lib.optionals pkgs.stdenv.isLinux [
-      # (orca-slicer.overrideAttrs (oldAttrs: {
+      (pkgs.callPackage ./orcaslicer/package.nix {})
-      #   nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [pkgs.cudatoolkit];
-      #   buildInputs = oldAttrs.buildInputs ++ [pkgs.cudatoolkit];
-      # }))
     ];
 }

home/apps/orcaslicer/package.nix

@@ -0,0 +1,235 @@
+{
+  stdenv,
+  lib,
+  binutils,
+  fetchFromGitHub,
+  fetchpatch,
+  cmake,
+  pkg-config,
+  wrapGAppsHook3,
+  boost186,
+  cereal,
+  cgal,
+  curl,
+  dbus,
+  eigen,
+  expat,
+  ffmpeg,
+  gcc-unwrapped,
+  glew,
+  glfw,
+  glib,
+  glib-networking,
+  gmp,
+  gst_all_1,
+  gtest,
+  gtk3,
+  hicolor-icon-theme,
+  ilmbase,
+  libpng,
+  mpfr,
+  nlopt,
+  opencascade-occt_7_6,
+  openvdb,
+  opencv,
+  pcre,
+  systemd,
+  tbb_2021,
+  webkitgtk_4_1,
+  wxGTK32,
+  xorg,
+  libnoise,
+  withSystemd ? stdenv.hostPlatform.isLinux,
+}: let
+  wxGTK' =
+    (wxGTK32.override {
+      # withCurl = true;
+      # withPrivateFonts = true;
+      withWebKit = true;
+    }).overrideAttrs
+    (old: {
+      configureFlags =
+        old.configureFlags
+        ++ [
+          # Disable noisy debug dialogs
+          "--enable-debug=no"
+        ];
+    });
+in
+  stdenv.mkDerivation (finalAttrs: {
+    pname = "orca-slicer";
+    version = "v2.3.0";
+
+    src = fetchFromGitHub {
+      owner = "SoftFever";
+      repo = "OrcaSlicer";
+      tag = finalAttrs.version;
+      hash = "sha256-MEa57jFBJkqwoAkqI7wXOn1X1zxgLQt3SNeanfD88kU=";
+    };
+
+    nativeBuildInputs = [
+      cmake
+      pkg-config
+      wrapGAppsHook3
+      wxGTK'
+    ];
+
+    buildInputs =
+      [
+        binutils
+        (boost186.override {
+          enableShared = true;
+          enableStatic = false;
+          extraFeatures = [
+            "log"
+            "thread"
+            "filesystem"
+          ];
+        })
+        boost186.dev
+        cereal
+        cgal
+        curl
+        dbus
+        eigen
+        expat
+        ffmpeg
+        gcc-unwrapped
+        glew
+        glfw
+        glib
+        glib-networking
+        gmp
+        gst_all_1.gstreamer
+        gst_all_1.gst-plugins-base
+        gst_all_1.gst-plugins-bad
+        gst_all_1.gst-plugins-good
+        gtk3
+        hicolor-icon-theme
+        ilmbase
+        libpng
+        mpfr
+        nlopt
+        opencascade-occt_7_6
+        openvdb
+        pcre
+        tbb_2021
+        webkitgtk_4_1
+        wxGTK'
+        xorg.libX11
+        opencv.cxxdev
+        libnoise
+      ]
+      ++ lib.optionals withSystemd [systemd]
+      ++ finalAttrs.checkInputs;
+
+    patches = [
+      # Fix for webkitgtk linking
+      ./patches/0001-not-for-upstream-CMakeLists-Link-against-webkit2gtk-.patch
+      # Link opencv_core and opencv_imgproc instead of opencv_world
+      ./patches/dont-link-opencv-world-orca.patch
+      # Don't link osmesa
+      ./patches/no-osmesa.patch
+      # The changeset from https://github.com/SoftFever/OrcaSlicer/pull/7650, can be removed when that PR gets merged
+      # Allows disabling the update nag screen
+      (fetchpatch {
+        name = "pr-7650-configurable-update-check.patch";
+        url = "https://github.com/SoftFever/OrcaSlicer/commit/d10a06ae11089cd1f63705e87f558e9392f7a167.patch";
+        hash = "sha256-t4own5AwPsLYBsGA15id5IH1ngM0NSuWdFsrxMRXmTk=";
+      })
+      (fetchpatch {
+        url = "https://gitlab.archlinux.org/schiele/prusa-slicer/-/raw/8acd24c8e0c21b0753f33416e63f8b54b82609ff/allow_wayland.patch?inline=false";
+        hash = "sha256-C2eg7Z2ghegP0ZWLF4LxLemhMi5Mt7g5dLOtxcvlq+k=";
+      })
+    ];
+
+    doCheck = true;
+    checkInputs = [gtest];
+
+    separateDebugInfo = true;
+
+    NLOPT = nlopt;
+
+    NIX_CFLAGS_COMPILE = toString (
+      [
+        "-Wno-ignored-attributes"
+        "-I${opencv.out}/include/opencv4"
+        "-Wno-error=incompatible-pointer-types"
+        "-Wno-template-id-cdtor"
+        "-Wno-uninitialized"
+        "-Wno-unused-result"
+        "-Wno-deprecated-declarations"
+        "-Wno-use-after-free"
+        "-Wno-format-overflow"
+        "-Wno-stringop-overflow"
+        "-DBOOST_ALLOW_DEPRECATED_HEADERS"
+        "-DBOOST_MATH_DISABLE_STD_FPCLASSIFY"
+        "-DBOOST_MATH_NO_LONG_DOUBLE_MATH_FUNCTIONS"
+        "-DBOOST_MATH_DISABLE_FLOAT128"
+        "-DBOOST_MATH_NO_QUAD_SUPPORT"
+        "-DBOOST_MATH_MAX_FLOAT128_DIGITS=0"
+        "-DBOOST_CSTDFLOAT_NO_LIBQUADMATH_SUPPORT"
+        "-DBOOST_MATH_DISABLE_FLOAT128_BUILTIN_FPCLASSIFY"
+      ]
+      # Making it compatible with GCC 14+, see https://github.com/SoftFever/OrcaSlicer/pull/7710
+      ++ lib.optionals (stdenv.cc.isGNU && lib.versionAtLeast stdenv.cc.version "14") [
+        "-Wno-error=template-id-cdtor"
+      ]
+    );
+
+    NIX_LDFLAGS = toString [
+      (lib.optionalString withSystemd "-ludev")
+      "-L${boost186}/lib"
+      "-lboost_log"
+      "-lboost_log_setup"
+    ];
+
+    prePatch = ''
+      sed -i 's|nlopt_cxx|nlopt|g' cmake/modules/FindNLopt.cmake
+      sed -i 's|"libnoise/noise.h"|"noise/noise.h"|' src/libslic3r/PerimeterGenerator.cpp
+    '';
+
+    cmakeFlags = [
+      (lib.cmakeBool "SLIC3R_STATIC" false)
+      (lib.cmakeBool "SLIC3R_FHS" true)
+      (lib.cmakeFeature "SLIC3R_GTK" "3")
+      (lib.cmakeBool "BBL_RELEASE_TO_PUBLIC" true)
+      (lib.cmakeBool "BBL_INTERNAL_TESTING" false)
+      (lib.cmakeBool "SLIC3R_BUILD_TESTS" false)
+      (lib.cmakeFeature "CMAKE_CXX_FLAGS" "-DGL_SILENCE_DEPRECATION")
+      (lib.cmakeFeature "CMAKE_EXE_LINKER_FLAGS" "-Wl,--no-as-needed")
+      (lib.cmakeBool "ORCA_VERSION_CHECK_DEFAULT" false)
+      (lib.cmakeFeature "LIBNOISE_INCLUDE_DIR" "${libnoise}/include/noise")
+      (lib.cmakeFeature "LIBNOISE_LIBRARY" "${libnoise}/lib/libnoise-static.a")
+      "-Wno-dev"
+    ];
+
+    # Generate translation files
+    postBuild = "( cd .. && ./run_gettext.sh )";
+
+    preFixup = ''
+      gappsWrapperArgs+=(
+        --prefix LD_LIBRARY_PATH : "$out/lib:${
+        lib.makeLibraryPath [
+          glew
+        ]
+      }"
+        --set WEBKIT_DISABLE_COMPOSITING_MODE 1
+      )
+    '';
+
+    meta = {
+      description = "G-code generator for 3D printers (Bambu, Prusa, Voron, VzBot, RatRig, Creality, etc.)";
+      homepage = "https://github.com/SoftFever/OrcaSlicer";
+      changelog = "https://github.com/SoftFever/OrcaSlicer/releases/tag/v${finalAttrs.version}";
+      license = lib.licenses.agpl3Only;
+      maintainers = with lib.maintainers; [
+        zhaofengli
+        ovlach
+        pinpox
+        liberodark
+      ];
+      mainProgram = "orca-slicer";
+      platforms = lib.platforms.linux;
+    };
+  })

home/apps/orcaslicer/patches/0001-not-for-upstream-CMakeLists-Link-against-webkit2gtk-.patch

@@ -0,0 +1,34 @@
+From 7eed499898226222a949a792e0400ec10db4a1c9 Mon Sep 17 00:00:00 2001
+From: Zhaofeng Li <hello@zhaofeng.li>
+Date: Tue, 22 Nov 2022 13:00:39 -0700
+Subject: [PATCH] [not for upstream] CMakeLists: Link against webkit2gtk in
+ libslic3r_gui
+
+WebView.cpp uses symbols from webkitgtk directly. Upstream setup
+links wxGTK statically so webkitgtk is already pulled in.
+
+> /nix/store/039g378vc3pc3dvi9dzdlrd0i4q93qwf-binutils-2.39/bin/ld: slic3r/liblibslic3r_gui.a(WebView.cpp.o): undefined reference to symbol 'webkit_web_view_run_javascript_finish'
+> /nix/store/039g378vc3pc3dvi9dzdlrd0i4q93qwf-binutils-2.39/bin/ld: /nix/store/8yvy428jy2nwq4dhmrcs7gj5r27a2pv6-webkitgtk-2.38.2+abi=4.0/lib/libwebkit2gtk-4.0.so.37: error adding symbols: DSO missing from command line
+---
+ src/CMakeLists.txt | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index 9c5cb96..e92a0e3 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -175,6 +175,11 @@ if (WIN32)
+     target_link_libraries(BambuStudio_app_gui PRIVATE boost_headeronly)
+ endif ()
+ 
++# We link against webkit2gtk symbols in src/slic3r/GUI/Widgets/WebView.cpp
++if (CMAKE_SYSTEM_NAME STREQUAL "Linux")
++    target_link_libraries(libslic3r_gui "-lwebkit2gtk-4.0")
++endif ()
++
+ # Link the resources dir to where Slic3r GUI expects it
+ set(output_dlls_Release "")
+ set(output_dlls_Debug "")
+-- 
+2.38.1
+

home/apps/orcaslicer/patches/allow_wayland.patch

@@ -0,0 +1,54 @@
+commit c9282b73f3d09daff23a2603addd94605596ebe7
+Author: Robert Schiele <rschiele@gmail.com>
+Date:   Thu May 8 19:16:46 2025 +0200
+
+    remove forcing GDK_BACKEND to x11
+    
+    It seems the problems on Wayland from the past are removed meanwhile.
+
+diff --git a/src/CLI/GuiParams.cpp b/src/CLI/GuiParams.cpp
+index f44b91651f..41b42ff368 100644
+--- a/src/CLI/GuiParams.cpp
++++ b/src/CLI/GuiParams.cpp
+@@ -107,9 +107,8 @@ int start_gui_with_params(GUI::GUI_InitParams& params)
+ #if !defined(_WIN32) && !defined(__APPLE__)
+     // likely some linux / unix system
+     const char* display = boost::nowide::getenv("DISPLAY");
+-    // const char *wayland_display = boost::nowide::getenv("WAYLAND_DISPLAY");
+-    //if (! ((display && *display) || (wayland_display && *wayland_display))) {
+-    if (!(display && *display)) {
++    const char *wayland_display = boost::nowide::getenv("WAYLAND_DISPLAY");
++    if (! ((display && *display) || (wayland_display && *wayland_display))) {
+         // DISPLAY not set.
+         boost::nowide::cerr << "DISPLAY not set, GUI mode not available." << std::endl << std::endl;
+         print_help(false);
+@@ -141,4 +140,4 @@ int start_as_gcode_viewer(GUI::GUI_InitParams& gui_params)
+ }
+ #else // SLIC3R_GUI
+     // If there is no GUI, we shall ignore the parameters. Remove them from the list.
+-#endif // SLIC3R_GUI
+\ No newline at end of file
++#endif // SLIC3R_GUI
+diff --git a/src/CLI/Setup.cpp b/src/CLI/Setup.cpp
+index 82e03d466d..95acdf3477 100644
+--- a/src/CLI/Setup.cpp
++++ b/src/CLI/Setup.cpp
+@@ -212,11 +212,6 @@ static bool setup_common()
+     save_main_thread_id();
+ 
+ #ifdef __WXGTK__
+-    // On Linux, wxGTK has no support for Wayland, and the app crashes on
+-    // startup if gtk3 is used. This env var has to be set explicitly to
+-    // instruct the window manager to fall back to X server mode.
+-    ::setenv("GDK_BACKEND", "x11", /* replace */ true);
+-
+     // https://github.com/prusa3d/PrusaSlicer/issues/12969
+     ::setenv("WEBKIT_DISABLE_COMPOSITING_MODE", "1", /* replace */ false);
+     ::setenv("WEBKIT_DISABLE_DMABUF_RENDERER", "1", /* replace */ false);
+@@ -338,4 +333,4 @@ bool setup(Data& cli, int argc, char** argv)
+     return true;
+ }
+ 
+-}
+\ No newline at end of file
++}

home/apps/orcaslicer/patches/dont-link-opencv-world-orca.patch

@@ -0,0 +1,14 @@
+diff --git a/src/libslic3r/CMakeLists.txt b/src/libslic3r/CMakeLists.txt
+index 64e0a9e87..e14f29488 100644
+--- a/src/libslic3r/CMakeLists.txt
++++ b/src/libslic3r/CMakeLists.txt
+@@ -576,7 +576,8 @@ target_link_libraries(libslic3r
+     mcut
+     JPEG::JPEG
+     qoi
+-    opencv_world
++    opencv_core
++    opencv_imgproc
+     noise::noise
+     )
+ 

home/apps/orcaslicer/patches/no-osmesa.patch

@@ -0,0 +1,13 @@
+diff --git a/src/slic3r/CMakeLists.txt b/src/slic3r/CMakeLists.txt
+index e695acd48..174e233e6 100644
+--- a/src/slic3r/CMakeLists.txt
++++ b/src/slic3r/CMakeLists.txt
+@@ -587,7 +587,7 @@ elseif (CMAKE_SYSTEM_NAME STREQUAL "Linux")
+     FIND_LIBRARY(WAYLAND_EGL_LIBRARIES    NAMES wayland-egl)
+     FIND_LIBRARY(WAYLAND_CLIENT_LIBRARIES NAMES wayland-client)
+     find_package(CURL REQUIRED)
+-    target_link_libraries(libslic3r_gui ${DBUS_LIBRARIES} OSMesa)
++    target_link_libraries(libslic3r_gui ${DBUS_LIBRARIES})
+     target_link_libraries(libslic3r_gui
+         OpenGL::EGL
+         ${WAYLAND_SERVER_LIBRARIES}

nixos/mirai/services/immich.nix

@@ -42,7 +42,7 @@
                 "machineLearning": {
                     "enabled": true,
                     "urls": [
-                        "http://ryu:3003",
+                        "http://ryu.darksailor.dev:3003",
                         "http://localhost:3003"
                     ],
                 }
@@ -51,7 +51,7 @@
           '';
         mode = "0400";
         owner = "immich";
-        restartUnits = ["immich-server.service" "authelia-darksailor.service"];
+        restartUnits = ["immich-server.service"];
       };
     };
   };
@@ -73,6 +73,7 @@
     enable = true;
     mediaLocation = "/media/photos/immich";
     accelerationDevices = null;
+    machine-learning.enable = false;
     environment = {
       IMMICH_CONFIG_FILE = config.sops.templates."immich-config.json".path;
     };

nixos/mirai/services/nextcloud.nix

@@ -5,6 +5,8 @@
 }: {
   sops = {
     secrets."nextcloud/adminpass".owner = config.users.users.nextcloud.name;
+    secrets."authelia/oidc/nextcloud/client_id".owner = config.users.users.nextcloud.name;
+    secrets."authelia/oidc/nextcloud/client_secret".owner = config.users.users.nextcloud.name;
   };
   imports = [
     "${fetchTarball {
@@ -17,7 +19,7 @@
       enable = true;
       package = pkgs.nextcloud31;
       extraApps = {
-        inherit (config.services.nextcloud.package.packages.apps) contacts calendar bookmarks;
+        inherit (config.services.nextcloud.package.packages.apps) contacts calendar bookmarks user_oidc;
       };
       extraAppsEnable = true;
       hostName = "cloud.darksailor.dev";
@@ -32,6 +34,7 @@
         memcached = true;
       };
       webserver = "caddy";
+      settings = {};
     };
     # caddy = {
     #   virtualHosts."cloud.darksailor.dev".extraConfig = ''
@@ -44,5 +47,57 @@
     #     port = 8080; # NOT an exposed port
     #   }
     # ];
+    authelia.instances.darksailor = {
+      settings = {
+        definitions = {
+          user_attributes = {
+            is_nextcloud_admin = {
+              expression = ''"nextcloud-admins" in groups"'';
+            };
+          };
+        };
+        identity_providers = {
+          oidc = {
+            claims_policies = {
+              custom_claims = {
+                is_nextcloud_admin = {};
+              };
+            };
+            scopes = {
+              nextcloud_userinfo = {
+                claims = ["is_nextcloud_admin"];
+              };
+            };
+            clients = [
+              {
+                client_name = "Nextcloud";
+                client_id = "nextcloud";
+                client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/nextcloud/client_secret".path}" }}'';
+                public = false;
+                authorization_policy = "one_factor";
+                require_pkce = true;
+                pkce_challenge_method = "S256";
+                claims_policy = "nextcloud_userinfo";
+                redirect_uris = [
+                  "https://cloud.darksailor.dev/apps/oidc_login/oidc"
+                ];
+                scopes = [
+                  "openid"
+                  "profile"
+                  "email"
+                  "groups"
+                  "nextcloud_userinfo"
+                ];
+                response_types = ["code"];
+                grant_types = ["authorization_code"];
+                # access_token_signed_response_alg = "none";
+                userinfo_signed_response_alg = "none";
+                token_endpoint_auth_method = "client_secret_basic";
+              }
+            ];
+          };
+        };
+      };
+    };
   };
 }

nixos/ryu/configuration.nix

@@ -8,6 +8,7 @@
     ./ryu.nix
     ./services
     ./programs
+    ./containers
   ];
 
   sops = {

nixos/ryu/containers/default.nix

@@ -0,0 +1,12 @@
+{device, ...}: {
+  imports = [
+    ./immich-machine-learning.nix
+  ];
+  virtualisation = {
+    docker.enable = true;
+    oci-containers.backend = "docker";
+  };
+  users.extraUsers.${device.user}.extraGroups = [
+    "docker"
+  ];
+}

nixos/ryu/containers/immich-machine-learning.nix

@@ -0,0 +1,26 @@
+{pkgs, ...}: let
+  port = 3003;
+in {
+  virtualisation.oci-containers = {
+    backend = "docker";
+    containers = {
+      immich-machine-learning = {
+        image = "ghcr.io/immich-app/immich-machine-learning:v${pkgs.immich.version}-cuda";
+        ports = [
+          "0.0.0.0:${toString port}:3003"
+        ];
+        volumes = [
+          "model-cache:/cache"
+        ];
+      };
+    };
+  };
+  networking.firewall.allowedTCPPorts = [port];
+  environment.systemPackages = with pkgs; [
+    nvidia-docker
+    nvidia-container-toolkit
+  ];
+  # services.caddy.virtualHosts."ml.ryu.darksailor.dev".extraConfig = ''
+  #   reverse_proxy localhost:${toString port}
+  # '';
+}

secrets/secrets.yaml

@@ -29,6 +29,8 @@ authelia:
         immich:
             client_id: ENC[AES256_GCM,data:LpB+nR7SGI2EV4YK0VptF5zJ6Ai/LDfikUpoAnFWnT8krMOQ/voqjS6jhqaFz9IKhtPQL9TNZOONr5JjkDZR7sI63Ohv4Lnx,iv:J96CL8EHHj88YbQW7rdQK9C6MxXaHnMt+mgL3iL5Heg=,tag:aXD/HdWXO/e6aKGnay0W+g==,type:str]
             client_secret: ENC[AES256_GCM,data:aQylVYsqDExbavjGsVAXPlf/rxileM3xLM0EXCKHfiNYxwzXck/f/bvwZl7ChQZ/AHDvZ8mkMkZHyTdyap25Hg==,iv:swSrM8MvhLcq7Gw/lV36j//8fnTzBcs5wU8aj+n9obE=,tag:neaHG+UCVhmZ2HLqVa/jGA==,type:str]
+        nextcloud:
+            client_secret: ENC[AES256_GCM,data:5SZ0A0OVK3emOobuI4KYv4E3l0Q/LwVWExCg1gPoG8AKcf4Pd04SnZE7aDoFnWTv1YhEY4sRaYQW/dn2pl4zsg==,iv:p0qmeYXTqqqX0NI2YK4fpGOK8NArFCMzoSGb/lc3L4w=,tag:Ob6/FyJP1LOkvBcOh6GOJA==,type:str]
         jwks: ENC[AES256_GCM,data:1efhdlYmiD/y4kzK0hFfLAmY6rXK0hvZez/tu1cb2hfUhIM/DzNNthKQjH8Cu2TlZwDQpUIrCO7Tr0BbkiREC+VNK4vYgi+GWswnG7VCZS40xRAZhSArNO2uQ4dpf/KAHRSSJa3i7gGOqSG/Pnrl3TRhzkhkfWSRk+7koPWKpYJOKLem+ZLN75yssCsEbYIOHjcXyizNHt6SE2ylqqCjyWnlhlnRQStYaFPWAAABcm96MkSThSyRd6hTAifC/aZiM1IMlLw7wJJk01uwjJytlxBxDiFrdr4Grg0PzOsOAocex9Siw5fzcr7dFpVBoaS7e7nD/sccGSyEysw/t+wvkMou1Ewr5U2Pnew8lPjSrEiiGxuPwmK9kHxD3L6cADxF6xs4bn+Iqa/yy9FWbtGZfBYOxJiRvXgxBPiO7CH4tJyVIbnLfi8K/zCJC9u5vO+WFXiVIzXxAPVUL7VKQQZGxV7989LMdcjzck+B1zFHVQz25siwbpu0FxMxiJsVtBxu1U+QBRfQrwLacX2NAJvqYNZxr+9l43Fh0x8dS5CBheVEy39sXge9jLyS7kIW0FfvgJaHuLL2/GhDGsvfi7zFPOc8Thg+8LP58L8wzPT+LvVoidq/j3K2Ct6udn9JsOnbZT3Gs1RiY+E77H09GbdwIrP0sGVi4ZJe++w+sKNjyzLzceEYGkfa1EiMQhYPHzqUAwqtgmJZo9tY+2jOBJb9ZU+Kj0xtqZsjFpHaGWsRj8XGkPrAFEh6Z6/Ak9/BpYaapPeAO3Wa6tzNVlTCtaX786nSTjfGC7v9O4Uz8XQr0HV3A7wj36Fw3dqERZFKea7BJbiiAiEZtnOsbWVqQXpIUVfCvPhfwuFcOU/ClyM1fGyZXaCIeB62Tkqa+ZlqRQgzzf3bSFUK0PgxE3Ny5pIPzNEINqse+6DeFuF91uY1dLQB4Vizyzv1H+X/OecO9K8kECM1wUy3Fbbyh4tYYxt4VvqFQZ1o4A7Jd04WCIf3hdAHmwvOQW+/8dfnyLa8kqTcQYeI3jfjtRvD6TaZl21K9kFY2VJAexdno9bbozDOus1Ep92ublwonVjfvzbyDURHGF6Cw2OL7xcbHQIMz/ZmkVHMra49NHgWlI6X0slgYDxKKDszHhZ9SHkEXF8pJf+uogbwSwz1glRkEdn1oprbs8GsFoc7HGVvSHRgOWKHwvhZD2tMiSE4cEFZ9/2nSPISQMNGuS7wgnVkalKPW+gF1EWVXczanzKsrpcDtpMdFufMRVusaJBV5Jw62I++cx1AMW2dRTseQyWLchRWtOba6dd9gbNzGi39+njHClHIEUxaxXzxIQLhSgCA9loXRc26ZA6DpwHQR+gtH2OybeFEiH390YoSfFeZuU+f0E2awMdpiEsBL/AniUcboDaBEaDQYpwUawNL+II7rmSn4rTJM64n5z3B88U/vAQh9BQFhf7SDKb05n/ArCibkdy3gbo8rTVH1gGbmW53DTxzuW+AEpFcuueiP3yz1vGzEwKSX+LMkCwFwk6Y/VcqHXW+PdZ88SFUr5WELGPkZxT3AvmduBCifE0KDzKWrN3yy1xwEQDGrYiqeHqeqHpEuk/KpxeAwepqWayGMq6iT4BWUBojNo6quoXkPPodSsotbBFLjyRHoDGm0NZSbgluOUyERrN6M+ELdHqQjeNTS046KB6QnG5s+uTA+uxyonvmPCPBgFAd0q0qfq4T/SISHrPe13Y7nHnATxoMBszvIfKznqFthTBsc3V9C5+g/kcOzcEQpAC6baGe+eq23m/Go3uDa7O84Euxhj9C5NBcidvgmYmRZuY6l2ehnxf1oGoGwHBJEaYEuCk7sc3Wac6u2OvqCIKPxRdi2tUiZ9FwCGLqd8qcLEPtsSaBNk2CVlK9ZkgPzSYH794qpNQDWkyv5SJ4V9zy2LL+s9MHtHNQu6QxALZ8c0GfQetTI5ArkC3cBz/3mRdDMy9k7HpO7b6USoxqGAZ+H4kzJhus9QwjaqJnnB+fJI5O2ek5TVLY9RWXo+W2pCBDjt925BVoChkvkUEg4GtvR+8/yChgYEgYWUPqRV4vMEwQiRoaJamL/E+lRaUx+c0f9ga8+k0JdfxfzoIPUA3/rBGcfO8Y12RF8Ool4hreP409KjdPP0PeeOVKg58MPYNO5O0BdT62nyL+fSvJkw7uPGcOwtOtcxjcBsNhoFv0twrCp8S3cLX45GTNaTw+JHcxsTzG9ibL3bFtVkAAiZHZGMisEjTSGElSGIDk+MoPt68hq4BRioab,iv:gGKyTUigpnqg3Fgd76INrESRT27hJRzYQ3xk8heNkWk=,tag:fVc8rg1Or63X/14neG+8Cw==,type:str]
 lldap:
     jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str]
@@ -60,7 +62,7 @@ sops:
             VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
             ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-29T07:19:37Z"
+    lastmodified: "2025-07-31T19:58:41Z"
-    mac: ENC[AES256_GCM,data:bdLqeJPLiLLyeVjqYM3ec4HnLcrKN6dd5B8qYr49flEzi7+hRKHmhbZt/xTAMEx4YNN+6dPZMipX0+cn4c/LIozY9QlNiDV0mOfXmmM60xkkSd6Bo3Wge39E+oJ9n4Ne3RG2ynmW4sxsJDBd1d3bCj8RQVfvNeLmOh9fvW+5vug=,iv:H7JSEy5z5Dgvq8cbzL1/r5S6Nm0mx3uzWHaBzg0esXc=,tag:fP+Wu4mRQL8cAZ7KOh7+4g==,type:str]
+    mac: ENC[AES256_GCM,data:B6xCuuzH90mnnpVjRtYOMRuFACvAvEodPs/sYI0BCdrD05eHB/t3BB1y/kI65J41Tj1AY8+3zTBJU1VdhmN1dusu3G6dMqVEiG+09CfjfaSVk6k1zw9IkYCBn0CeovXAZfOjyTbOnVILHriIofsHS7l+F2F0Jo2Nx8OdY7Gy0fY=,iv:wi/1YJVU1OwvzooFHHxt/jSvBafGa9orAYLH66psmfc=,tag:umj/NOtqW/9jLmUZZX2hPA==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2