From 5d0e50b39b3de6643a84f78e83662977c1a27a8e Mon Sep 17 00:00:00 2001 From: Oleksandr Berezovskyi Date: Thu, 12 Mar 2026 12:08:06 +0200 Subject: [PATCH] feat(k8s/homepage): add homepage stack --- kubernetes/app/homepage/configmap.yaml | 111 ++++++++++++++++++++ kubernetes/app/homepage/deployment.yaml | 75 +++++++++++++ kubernetes/app/homepage/ingress.yaml | 24 +++++ kubernetes/app/homepage/namespace.yaml | 4 + kubernetes/app/homepage/networkpolicy.yaml | 26 +++++ kubernetes/app/homepage/secret.sops.yaml | 36 +++++++ kubernetes/app/homepage/service.yaml | 12 +++ kubernetes/app/homepage/serviceaccount.yaml | 39 +++++++ kubernetes/config/cluster-vars.sops.yaml | 61 +++++------ 9 files changed, 358 insertions(+), 30 deletions(-) create mode 100644 kubernetes/app/homepage/configmap.yaml create mode 100644 kubernetes/app/homepage/deployment.yaml create mode 100644 kubernetes/app/homepage/ingress.yaml create mode 100644 kubernetes/app/homepage/namespace.yaml create mode 100644 kubernetes/app/homepage/networkpolicy.yaml create mode 100644 kubernetes/app/homepage/secret.sops.yaml create mode 100644 kubernetes/app/homepage/service.yaml create mode 100644 kubernetes/app/homepage/serviceaccount.yaml diff --git a/kubernetes/app/homepage/configmap.yaml b/kubernetes/app/homepage/configmap.yaml new file mode 100644 index 0000000..46ad25f --- /dev/null +++ b/kubernetes/app/homepage/configmap.yaml @@ -0,0 +1,111 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: homepage-config + namespace: homepage +data: + settings.yaml: | + --- + title: Home + theme: light + color: slate + headerStyle: clean + layout: + # Define your layout sections here + + services.yaml: | + --- + - Media: + - Jellyfin: + icon: jellyfin.png + href: https://${JELLYFIN_HOST} + description: Media system + widget: + type: jellyfin + url: https://${JELLYFIN_HOST} + key: "{{HOMEPAGE_VAR_JELLYFIN_API_KEY}}" + enableBlocks: true + enableUser: true + enableMediaControl: false + showEpisodeNumber: true + expandOneStreamToTwoRows: false + - Sonarr: + icon: sonarr.png + href: https://${SONARR_HOST} + description: Series management + widget: + type: sonarr + url: https://${SONARR_HOST} + username: "{{HOMEPAGE_VAR_SONARR_USERNAME}}" + password: "{{HOMEPAGE_VAR_SONARR_PASSWORD}}" + key: "{{HOMEPAGE_VAR_SONARR_API_KEY}}" + - Radarr: + icon: radarr.png + href: https://${RADARR_HOST} + description: Movie management + widget: + type: radarr + url: https://${RADARR_HOST} + username: "{{HOMEPAGE_VAR_RADARR_USERNAME}}" + password: "{{HOMEPAGE_VAR_RADARR_PASSWORD}}" + key: "{{HOMEPAGE_VAR_RADARR_API_KEY}}" + - qBittorrent: + icon: qbittorrent.png + href: https://${QBITTORRENT_HOST} + description: Torrent download + + - Services: + - Home Assistant: + icon: home-assistant.png + href: "{{HOMEPAGE_VAR_HOMEASSISTANT_URL}}" + ping: "{{HOMEPAGE_VAR_HOMEASSISTANT_URL}}" + description: Home Automation server + widget: + type: homeassistant + url: "{{HOMEPAGE_VAR_HOMEASSISTANT_URL}}" + key: "{{HOMEPAGE_VAR_HOMEASSISTANT_API_KEY}}" + custom: + - state: sensor.system_monitor_processor_temperature + label: CPU + - state: sensor.system_monitor_processor_use + label: CPU + - state: sensor.system_monitor_memory_usage + label: MEM + - state: sensor.system_monitor_swap_usage + label: SWAP + - Immich: + icon: immich.png + href: https://${IMMICH_HOST} + description: Photo gallery + widget: + type: immich + url: https://${IMMICH_HOST} + key: "{{HOMEPAGE_VAR_IMMICH_API_KEY}}" + version: 2 + - Paperless-ngx: + icon: paperless-ngx.png + href: https://${PAPERLESS_HOST}/ + description: Documents storage + - Grocy: + icon: grocy.png + href: https://${GROCY_HOST}/ + description: Chores and inventory tracker + + widgets.yaml: | + --- + - resources: + cpu: true + memory: true + disk: / + - datetime: + text_size: xl + format: + timeStyle: short + + bookmarks.yaml: | + --- + # Define your bookmarks here + + kubernetes.yaml: | + --- + mode: cluster diff --git a/kubernetes/app/homepage/deployment.yaml b/kubernetes/app/homepage/deployment.yaml new file mode 100644 index 0000000..85ceeb4 --- /dev/null +++ b/kubernetes/app/homepage/deployment.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: homepage + namespace: homepage + labels: + app: homepage +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: homepage + template: + metadata: + labels: + app: homepage + spec: + serviceAccountName: homepage + securityContext: + # runAsNonRoot omitted — homepage image starts as root; non-root requires PUID/PGID entrypoint setup + seccompProfile: + type: RuntimeDefault + containers: + - name: homepage + image: ghcr.io/gethomepage/homepage:v1.10.1 + ports: + - containerPort: 3000 + name: http + protocol: TCP + envFrom: + - secretRef: + name: homepage-credentials + env: + - name: HOMEPAGE_ALLOWED_HOSTS + value: "${HOMEPAGE_HOST}" + volumeMounts: + - name: config + mountPath: /app/config/settings.yaml + subPath: settings.yaml + - name: config + mountPath: /app/config/services.yaml + subPath: services.yaml + - name: config + mountPath: /app/config/widgets.yaml + subPath: widgets.yaml + - name: config + mountPath: /app/config/bookmarks.yaml + subPath: bookmarks.yaml + - name: config + mountPath: /app/config/kubernetes.yaml + subPath: kubernetes.yaml + livenessProbe: + httpGet: + port: 3000 + path: / + initialDelaySeconds: 30 + periodSeconds: 30 + readinessProbe: + httpGet: + port: 3000 + path: / + initialDelaySeconds: 10 + periodSeconds: 10 + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + memory: 256Mi + volumes: + - name: config + configMap: + name: homepage-config diff --git a/kubernetes/app/homepage/ingress.yaml b/kubernetes/app/homepage/ingress.yaml new file mode 100644 index 0000000..1502773 --- /dev/null +++ b/kubernetes/app/homepage/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: homepage + namespace: homepage + annotations: + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/router.middlewares: authelia-chain-authelia-authelia-auth@kubernetescrd +spec: + tls: + - hosts: + - ${HOMEPAGE_HOST} + secretName: homepage-tls + rules: + - host: ${HOMEPAGE_HOST} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: homepage + port: + number: 3000 diff --git a/kubernetes/app/homepage/namespace.yaml b/kubernetes/app/homepage/namespace.yaml new file mode 100644 index 0000000..19d1b55 --- /dev/null +++ b/kubernetes/app/homepage/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: homepage diff --git a/kubernetes/app/homepage/networkpolicy.yaml b/kubernetes/app/homepage/networkpolicy.yaml new file mode 100644 index 0000000..e8ccacd --- /dev/null +++ b/kubernetes/app/homepage/networkpolicy.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-deny-ingress + namespace: homepage +spec: + podSelector: {} + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-ingress-controller + namespace: homepage +spec: + podSelector: + matchLabels: + app: homepage + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: traefik diff --git a/kubernetes/app/homepage/secret.sops.yaml b/kubernetes/app/homepage/secret.sops.yaml new file mode 100644 index 0000000..9f230f1 --- /dev/null +++ b/kubernetes/app/homepage/secret.sops.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Secret +metadata: + name: homepage-credentials + namespace: homepage +stringData: + #ENC[AES256_GCM,data:kRiN5JB/ca3N,iv:0sNhC4i6zxUf/0VMKt98ynvRqvwn87vRyNcq6RJTIHs=,tag:s/8/EvIBUaWXIg17r+Iaig==,type:comment] + HOMEPAGE_VAR_JELLYFIN_API_KEY: ENC[AES256_GCM,data:G0l+DMIr56w00qk/66v5SVl/hJnpvfwj6LU5wr73ExM=,iv:smVHXj9rGTxULO+iRcnYsu6pQCU0Uu8DJwwWXQyMzRI=,tag:zg3ggPUA9jBCbBmuIuys2g==,type:str] + #ENC[AES256_GCM,data:+2tpnodG4A==,iv:Jbi23B2V815IC2DHgdZ3JByGP8Pbq8Si4OzAdZg2tfE=,tag:FOKsVAq7MGMy5QbZdzv6Eg==,type:comment] + HOMEPAGE_VAR_SONARR_USERNAME: ENC[AES256_GCM,data:ZqKdBJH1gpQ=,iv:bPjBYxyBr25k58X5gFmQDsFcwRHnHsyJaD1toqFC9hM=,tag:CaxY829WQ4LTzQOG48Or/w==,type:str] + HOMEPAGE_VAR_SONARR_PASSWORD: ENC[AES256_GCM,data:tCFmcRaKylbP33O5VX3jRcsw5To8fPdZXpqmJ7aW5RI+EXr4SgPJCD5hcMY7g2qqGXL6ZUyAe4GPj+cyNkpj1g==,iv:LKeAbrS04u+Ip3IuTGfEc6Ee0SVLkLAcM5BCMP8JQuk=,tag:sQPSG5+SMI2buxG1WxYL3A==,type:str] + HOMEPAGE_VAR_SONARR_API_KEY: ENC[AES256_GCM,data:h1nmDPRl9APUaMBL7SMxJbudG/BAwxhNxmN8ux76ri4=,iv:ssekkf4tPCgmuUBHPugpuYxaCrXAbXjC1kkFZe/y+DI=,tag:l9f4iy1TCd/KyyTrHFeIwA==,type:str] + #ENC[AES256_GCM,data:T0sPU34UTw==,iv:x7slQXYqmrlc8LbXy3WK3435oKt8MPxg63F1Le9Q9Gc=,tag:OQJZgrSbVvQJYxIoADYiUQ==,type:comment] + HOMEPAGE_VAR_RADARR_USERNAME: ENC[AES256_GCM,data:0JO3+tYe73g=,iv:rwc8mN7BspHqQaK4jOamxxfmfCIz+LIOcXP6+ttf+EM=,tag:8xbi9cOv04ydi48/omcAxw==,type:str] + HOMEPAGE_VAR_RADARR_PASSWORD: ENC[AES256_GCM,data:GAQDMYTcmdjsDAKhc+lVMWgqiw/7QI4O4mRczrZTwBNleLIT1ypq2YL6iTSE8VNoMVhayEHWFfhlnW19jfE7Mw==,iv:mV+BFgvu0g56sexTVF39xOXZt0g2WXU6Bvfv5rMSjOo=,tag:ONo3c8WoRP1nkjKuZWbCsA==,type:str] + HOMEPAGE_VAR_RADARR_API_KEY: ENC[AES256_GCM,data:pSop8tQFKlqjubts1dYLmAuJykHgiKfN5AE3TiJ+/FA=,iv:vjkgcKV0fazgKAzwPVCnLnky8vi+C/5oX+kjYZooo1g=,tag:UxL6DV8Soac2kQtiKdjByA==,type:str] + #ENC[AES256_GCM,data:veoFUhGcVc9wxkHhEC+2,iv:NzvpUsCaUUplDgNTQYnZHnp9wp3eYDr3nSHS+KH1O+g=,tag:I4QnzFgNIsnTUqYa/pisqA==,type:comment] + HOMEPAGE_VAR_HOMEASSISTANT_URL: ENC[AES256_GCM,data:/wqyadZAZDLX9wvZBgb1JVWGR4Nx3LLZqasuun70yXLNnhDRfcriSLM+,iv:PE/vo49SP4ietb5MA3QQYNwUGGs9ssZ3HB5OKgCsEcA=,tag:EXutc1HIXAC7lHqHo8lPnw==,type:str] + HOMEPAGE_VAR_HOMEASSISTANT_API_KEY: ENC[AES256_GCM,data:UmYMhbs8uTCpnQavv07fSeEQi48sgaHKhZGUoMMOPY57EKw1TLoLl4Ew2xk7ISM2yzLIJ8ltYkjx3c6XGBhQcrmwibWLr0SqQbF8TTmzG3jNYnmYGmw+ocB+KsVn4dwH22XXBUcPPto9ca8/heCldWvinEb6hEy+/TzQH/J5+j9P91XmYlMkD6a17C4CxEorr5wQ/7mrF3o9YkXOmVl3iOTcLPLWGUBJ7GwerR5TObClwEXvp2di,iv:ueOKaNGs1Afmb51aQorO/NuNrvBF+0kn5t6sPMG5npU=,tag:HZSPBWqrJ3oIueFQieqTNw==,type:str] + #ENC[AES256_GCM,data:SdvlWse6XQ==,iv:qt3dXpJnCdtZRCvhw1WN8Ns5oeqXXJnCZGU/u+IqYs0=,tag:XRQ4NGgrQ1EQ6kgYDKBugg==,type:comment] + HOMEPAGE_VAR_IMMICH_API_KEY: ENC[AES256_GCM,data:U4Va0z9GmVwNUGtcpkopSdi7+tyT7Ar18TBq50014xuJc4btqbpf,iv:59VQPnPURUShRiWj3Ykgxkq0nwc9Ho8NPdP6ZEXbgJw=,tag:2Mb0rh+2zYuJuszOYcPysA==,type:str] +sops: + age: + - recipient: age1zffnskvuezntkk703a0pyxsd5m8vx2hm33dr47wdfy8mn4fdw4sqgw0jgc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjcFBqR2NVM2hIdW5sVDRt + MzB0TkFBMEFQYWM0UGhtZUdWYnd5VzhVemdnCm9TK3REanBiNmhyYTZCcVFSbG42 + R1d4Z29NUk1nUE5QbWNxNTMwbmliM2cKLS0tIGQ4NTNWQWpTeEovdmwwRmhBd1RR + SGRjZnczTEJuOTZCdk14VEV4M1M3alEKfPm69NHpOdZrWli/DhtAej8nSETSSsYW + SK8sg1oX9oA12J12FpI1XzFppYaKu8GrGv+r4SgbLN5FbXVoyGJ8ZQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-12T10:07:22Z" + mac: ENC[AES256_GCM,data:v742LFJuZoS1h8EuCVotY6iG1qxHxC3hiREbyqpllH0QXTf0k/tQ5FImqsM20N2Qc5aEXtS0dpfuTTgB3hZtHOaiBX4Kuzqewvc2gc1yQNrT/r3e2/iB8RNON+0erOwkqVECyPbgKsG/Y5p368rRgDQMbBwl8wjYrc3mLm2T9Yw=,iv:oI1PtCsJHRE6PjSrtG7vLtQQ+Ym5yBCGyqdLljlO0og=,tag:qPLi2beb2zsAkV5iP14Qiw==,type:str] + encrypted_regex: ^(data|stringData|email)$ + version: 3.12.1 diff --git a/kubernetes/app/homepage/service.yaml b/kubernetes/app/homepage/service.yaml new file mode 100644 index 0000000..75d494f --- /dev/null +++ b/kubernetes/app/homepage/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: homepage + namespace: homepage +spec: + selector: + app: homepage + ports: + - port: 3000 + targetPort: 3000 + name: http diff --git a/kubernetes/app/homepage/serviceaccount.yaml b/kubernetes/app/homepage/serviceaccount.yaml new file mode 100644 index 0000000..724de6a --- /dev/null +++ b/kubernetes/app/homepage/serviceaccount.yaml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: homepage + namespace: homepage +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: homepage +rules: + - apiGroups: [""] + resources: ["namespaces", "pods", "nodes"] + verbs: ["get", "list"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list"] + - apiGroups: ["traefik.io"] + resources: ["ingressroutes"] + verbs: ["get", "list"] + - apiGroups: ["metrics.k8s.io"] + resources: ["nodes", "pods"] + verbs: ["get", "list"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: homepage +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: homepage +subjects: + - kind: ServiceAccount + name: homepage + namespace: homepage diff --git a/kubernetes/config/cluster-vars.sops.yaml b/kubernetes/config/cluster-vars.sops.yaml index 9c0c306..85a7af1 100644 --- a/kubernetes/config/cluster-vars.sops.yaml +++ b/kubernetes/config/cluster-vars.sops.yaml @@ -4,41 +4,42 @@ metadata: name: cluster-vars namespace: flux-system stringData: - LUBELOGGER_HOST: ENC[AES256_GCM,data:HrDEsPVsHq11duKPoDAoE1joPbit19hG5WQSnXWy,iv:ev5942LVrGgCpoXQxQnn4PEfSdVkFtczqFXccrjA7NE=,tag:4nROFq9x677vedwDRy31Lg==,type:str] - AUTHELIA_DOMAIN: ENC[AES256_GCM,data:LsvZ4BILErmKx6PrIjh+,iv:4zx5TaNp4gJESYzXeNS3/rgUdWTJwI0io/Gor27+DoQ=,tag:Lb8vV9wAgCtjiGoWbrmcUA==,type:str] - QBITTORRENT_HOST: ENC[AES256_GCM,data:N33q1ZbT9cBmZoiWjU+qIrJspQv0cdqh31mc,iv:VbpFAytIWAFgfUsNzzkUkAbR1oK9itPQ8FXDtep56VE=,tag:ZSJNA+iV/VgirnarIxH4XA==,type:str] - SONARR_HOST: ENC[AES256_GCM,data:TA6Rg9C7GN5Ks2Uav039hxXNeAZPFw==,iv:HwliibyhhCp+tL21lpLraPmgIh5uaz5FYS8+pSu56U0=,tag:50OmAJnI3JZAifGOcJWBUw==,type:str] - RADARR_HOST: ENC[AES256_GCM,data:R1LqeTlMSKPmwROUmOhq/qv6Y87W1w==,iv:goiAYymGKAOXGwmVuBGFyR+fMJS2JaJQjys1sa1+aRE=,tag:aWkfuUQ2ZkBVT7FyroksFg==,type:str] - MEDIA_NFS_PATH: ENC[AES256_GCM,data:G6YG9daKWl6xhmGwTyU=,iv:xb36BVGukweHKnYgK3cVM0jxrEZ10VLpHpLtxxFhiMQ=,tag:Dt+W/wY4Je1a2lcBgQaSLQ==,type:str] - IMMICH_HOST: ENC[AES256_GCM,data:cRh5kj/PmchHM2Eq/13NSgyX8ttTJQ==,iv:04tFK3B333g0+U9JmxpssQitrig2A0KJYNvqWjIxhrY=,tag:UpSP8RLeFmzF2CJ/J5THXA==,type:str] - IMMICH_UPLOAD_NFS_PATH: ENC[AES256_GCM,data:JLzKt9Ftmd2wgRuMqecI,iv:5zwRZRcap4G9ULqD8OhDmNr5cj+Om7eOQMPVZXZf5aw=,tag:leX3nFtmTESQs7S94P6POA==,type:str] - JELLYFIN_HOST: ENC[AES256_GCM,data:zkVOPUcmML7n8kfLEtqhPpPW0DV8I+Ya,iv:kbmkFXiaZqBSrwgArEjw2OpbCUGME+avKZkmNrTARjU=,tag:SNZ9BrgZLCjdBrkYBVTnQw==,type:str] - JELLYFIN_INTERNAL_HOST: ENC[AES256_GCM,data:H2mIXWExMTNK/KGgZ23yJwU9UgrA,iv:fExcIONjgoZ4wXtg3m07dDpNC8HiwYpdI1xe/M2rbKI=,tag:qCHfqYz2XxOTbIHNmZ/zhA==,type:str] - ARCHMIRROR_HOST: ENC[AES256_GCM,data:0Zi3kKC93BzGx2q8rkgaZXXcG84aphc=,iv:znQil98xPn3I16M8cSLePAZS+yI3fcoAHCxgzRFtEqg=,tag:l4t4Fi5bxgw25mGEP534Yg==,type:str] - ARCHMIRROR_NFS_PATH: ENC[AES256_GCM,data:3+1W0DToTqCoqawe7yM1mFFOdQ==,iv:QEhlVpYkfvDn6JaklNc4Qcot1quXMZXQRhjsaQ2SCVM=,tag:ZD5+E7v4XbfR6V4CJ3dOuw==,type:str] - ARCHMIRROR_MIRROR_URL: ENC[AES256_GCM,data:9xkMcri7BtWKFXjLZQlsfPQ2xhNGB3K4ECCrz1QO4JnkjsAx5+IZSOWXZjmi,iv:fuQtuS45TGTQKXJhkvWlpgjLgdxWEfepMocQlbt/yRk=,tag:+s3/mB6sf+rU5iS1YWm4aQ==,type:str] - PODSYNC_HOST: ENC[AES256_GCM,data:ThdS4iciwg/+00f+Akx1AbF7KvNb478=,iv:VXIfWEexxS0cYbQNGVLZ50cQXjtpFsHQnU0TH3Il+Q0=,tag:9+KtDDgCB09mMt8H4w7PsA==,type:str] - PODSYNC_NFS_PATH: ENC[AES256_GCM,data:JxMLRc8xDGZu5FiOigcjRTkxtipV,iv:NFmcgi8e3dorqjl+aPJEOwUecj/IVdKU2IaxxSufkMc=,tag:Ym/SqUM6uzat7xhAknC5rg==,type:str] - PIHOLE_HOST: ENC[AES256_GCM,data:3iGSFW7p+HvSYcyihGrvdzGwmK1L0A==,iv:/RH+TQmOZv1P4mIPjYAcgycJnJCbTDPSSs3UA/c/Lxc=,tag:aOTSsQGi2eoG6pK613ZRXA==,type:str] - PAPERLESS_HOST: ENC[AES256_GCM,data:j/s9gPdiT8wfwQnHlrgJSK+tybTyNLCHGg==,iv:m0uyAlmJqaDAHLdiOHXmFHrYejLSdqBLXRdCowYJoSE=,tag:BKPjq0VMvCZKbshHaghyzg==,type:str] - PAPERLESS_MEDIA_NFS_PATH: ENC[AES256_GCM,data:SYkyeeRi6thDKAv3qrBgLZxy,iv:5V3yzW1XbbDBnFFlrYRmBh+GZsvKFifoFg44UDIAHrw=,tag:r1+l74lBPjEk+hpXgRpPZg==,type:str] - PAPERLESS_CONSUME_NFS_PATH: ENC[AES256_GCM,data:8HATBIPqLrhERNoL98GC8L8WewvLRYw=,iv:QMPMbNOuSMAbpIxmL70EkxyrrmUGFWENVYDS6gc1IYE=,tag:E4NmSUSod10/EiXU7Z9NoQ==,type:str] - PAPERLESS_DATA_NFS_PATH: ENC[AES256_GCM,data:kOP2lFrnB8s2ijdJKyKYRjMsOb6J0qe4BC7mnhkTbXtgh20=,iv:IOFdMHRtd4mrWs+YEaKQw2J0CNDP30fVYyRu1jRXuBU=,tag:knbRcx3ILjlkZ56xoEUj0A==,type:str] - GROCY_HOST: ENC[AES256_GCM,data:3HpFEEHZk4xF/dxEGAbMl6GdNOBO,iv:swKQ5b2BRd6b6PThVt3n5SuA2mRSQI5t1WgAhXEcosI=,tag:iIA8waTfhZvTxJpT1rAN4A==,type:str] - GROCY_NFS_PATH: ENC[AES256_GCM,data:C4aYF6rk0p4bj+CflrIxouGxXhXEWtrEFeA188g/PB0G,iv:p3LSCFp4AeL+TSENgF06ZYdnV/R7ISGpN/v317Qm0DE=,tag:SmUPCsvoqj6dZU+R6jxP3g==,type:str] - BACKUP_LOCAL_HOST: ENC[AES256_GCM,data:hjDPylUCm7KHbxy+VFNTqo+QYyXDeLCzBKQ=,iv:ca1FgSI9qSE6jEcxnmAM7ua3jc4RltPzeRuVoB8PebE=,tag:Kt5IQSlmf5WusPahLgJ3Jw==,type:str] + LUBELOGGER_HOST: ENC[AES256_GCM,data:S47mePYIuPOFXExqHCdbP5CcuPb/hqgA4/X8s1Js,iv:uHN/BO5eGr0hWTzUyOfza2KdUOrKlu52JNje2ePQe0Q=,tag:woezuFrJ4oR7JfXdo92+Iw==,type:str] + AUTHELIA_DOMAIN: ENC[AES256_GCM,data:nLkkZwSknfVmJsVidszT,iv:1S9cqc7rHiYldEiEVLTqO5zNX/VADIBxuFxGp1U8ih8=,tag:EpkltCVVDN4/l/nZvWan/w==,type:str] + QBITTORRENT_HOST: ENC[AES256_GCM,data:OZL6Z0WamN7MOlCwZCk6ktd9Unyi5ncUWrdj,iv:YUd1P6o3Dyp59Lh+YRTwf9rpcWGoFK3I96IwFCZVN6I=,tag:2pDJEqZdGLpFNscaDYRoTA==,type:str] + SONARR_HOST: ENC[AES256_GCM,data:9I2jPtwvQlDYAnEELWuPpJJIxAeFxA==,iv:H17CTaPRL/hsBcjTQNPHwrAcCe2m1vKhlon4XQwaf0o=,tag:v01S8QIh0a9wk1lct7ZsLw==,type:str] + RADARR_HOST: ENC[AES256_GCM,data:qzKq63cZcUeNLheT7w/07McfNz3duQ==,iv:/jKP9sr3SMv3jJAcMi9nBUuTNY/z4P+/3wSLwYPQvjI=,tag:E3jE9BhV8/Nqwzj8RooelA==,type:str] + MEDIA_NFS_PATH: ENC[AES256_GCM,data:jhl2aNhGVo2c9iSvEic=,iv:n2HQFKKpY07z7qNH2pENqhplMI712be/PVtLFAQzq+s=,tag:e6wUZ756DI+KN9mept1lLg==,type:str] + IMMICH_HOST: ENC[AES256_GCM,data:ZwNp4uIxaO+/53vxfy+1afRrMulXtw==,iv:FgU8lcqUi2PE1qinQ4oG7sm5hi0cVWHkBJRhGQkMivk=,tag:1YOpVOVzWBjFFN2QY3fTbw==,type:str] + IMMICH_UPLOAD_NFS_PATH: ENC[AES256_GCM,data:TewJWSY7OEHcUw2Q35Nk,iv:iVTIF/+bYW21hRmndStt57Z3H2EGZ2tf89xjLb/VZh4=,tag:hnaUsq3s3z8SLgwtYv5DIw==,type:str] + JELLYFIN_HOST: ENC[AES256_GCM,data:+k0dCgZbjVs+GcnIeGhNYX8AOO/Sm3wL,iv:u1Q8mFwKPNiYcS3c5K5W0/LCLIbB57T8Ee8bXf9NiRs=,tag:qJjxixgdHwTbU5Z8PFseQg==,type:str] + JELLYFIN_INTERNAL_HOST: ENC[AES256_GCM,data:yFCr78OQO984GoIWt77Fx5sriuI6,iv:LamCoNH08cofP/uMV6lvd6ADHts8g774ijIRc0cjb94=,tag:BeSv1jpxp8/TTZ8ps6QMZw==,type:str] + ARCHMIRROR_HOST: ENC[AES256_GCM,data:PWKJH9XA89tXVFzhNgMEyln3Dgq8agI=,iv:5bq+qCepbepOkF+9kY52ZVzk25tVQln/W7bvldTi3Lk=,tag:YTvADkDp+zT/ifBltdjc2g==,type:str] + ARCHMIRROR_NFS_PATH: ENC[AES256_GCM,data:m60wfmMqDLcS6scjjMNS2i33iA==,iv:P0QJBZRl+/spp5yVXDVIDLhuxohxahDzLntzHULdfWs=,tag:MmJ+DSjbJizV2lJBCes+fA==,type:str] + ARCHMIRROR_MIRROR_URL: ENC[AES256_GCM,data:qUj5h0dmAgngVSYILYJzt/iNkAZdW6hsjnFuo8USxQD7pY6bp1dXBjxUIJ7R,iv:9myGjoV0HHgselUzqWRgS2CMRgSTRI45AucRCe8juSU=,tag:13+FZ28pwRdtEszllTz88A==,type:str] + PODSYNC_HOST: ENC[AES256_GCM,data:8c0DPMUs1VzMoSnDPLjQMPLQpQhgMmA=,iv:L3t2HXlTMQgVf+uDkOm+RrjgqZ+twb7keC+Q2yUxlhs=,tag:vXuE+6HrQL1kbA9jKb5QVg==,type:str] + PODSYNC_NFS_PATH: ENC[AES256_GCM,data:LnQxZHtMBS80prhYTRJshdBAumGz,iv:Pkw7kzSKhoxNpJ6pfAcEndB27qcJFSzdFKAfFDxzcEo=,tag:GIM1twzbWMRKErkcaIPq0A==,type:str] + PIHOLE_HOST: ENC[AES256_GCM,data:RCiVe6zzaeC39lzhC2tjtQuaZrfeWQ==,iv:cu/oi8+zhFVyrX4FaQK5WWtakLSgwpat6YtZXgztoLg=,tag:0IAkYF+F2UHEtt7fWKB1SA==,type:str] + PAPERLESS_HOST: ENC[AES256_GCM,data:8W+Scg+ELDcCuPAqdZu/zMgf/S5zY+Oapw==,iv:eskXvzzwDi9S7P9OBq0proa/iJ5YzC7AYhUadO8u3OE=,tag:0XVEAXXS50elwNQHJIV8hA==,type:str] + PAPERLESS_MEDIA_NFS_PATH: ENC[AES256_GCM,data:IUmyWT6FU0EN+ObrDMuf6uvu,iv:KMR/S5JO/y8NYOgltF00OTXRC3Qs4Zr7AdrWSFRjrL0=,tag:2GO0y4ZVxsCP3jLhC2Rfkw==,type:str] + PAPERLESS_CONSUME_NFS_PATH: ENC[AES256_GCM,data:FPx9as/XJGcSRJPhiXo4t3xCIoLTPHI=,iv:vKiAJosUdPV7AhICIbQ24RiAZGwV9Wt/N1Qvhyfay4c=,tag:QyiyY+eMWHc+3U8LFrMI9Q==,type:str] + PAPERLESS_DATA_NFS_PATH: ENC[AES256_GCM,data:qe/r7iDGPf6S1clRUX6HzKCsulcfvtCVOCLHvypK5sjB4CU=,iv:iV3Zk062dU/6q4QBXLz+qLnG++0CgdXZA6hVsjosZa4=,tag:FDKG+cScSYyIwwUQ5Gpv3Q==,type:str] + HOMEPAGE_HOST: ENC[AES256_GCM,data:FHYDohLODCDpLg+8GD64jWKGctA=,iv:LaPvRdSkCpYLAoowsqxUGusueC4Fd0lb/uZnzjc9nTY=,tag:phpA1L9RUdtJl10ZLazFGA==,type:str] + GROCY_HOST: ENC[AES256_GCM,data:L1Npsukfk9DjRR28mKmK+hK/bKlV,iv:SmMlHZf+B1PGgQXyTzOQYmmQiNJEttq21M6uz8P67+o=,tag:sRYgVVyb5kmmRim8REHk4Q==,type:str] + GROCY_NFS_PATH: ENC[AES256_GCM,data:gvV2CMnOecOzWtsTQN5ANeFhGE/7odETESlqaE0H6IEt,iv:299FlAZ8Yy7Wcl7kCTmNaLvKM7jXxnY/Y4C6yuwyi/M=,tag:Ckf53XNcmxOO4HmeRD+Vtg==,type:str] + BACKUP_LOCAL_HOST: ENC[AES256_GCM,data:95np+hxVjRGlxhvFVVbXm++xiHWPIyVK63E=,iv:508QwvGGBUbzOUVOBzs6h0x8FKZue5Qt3tLMuALjZn8=,tag:vZVJGE/IMGzzZatGiz/WFw==,type:str] sops: age: - recipient: age1zffnskvuezntkk703a0pyxsd5m8vx2hm33dr47wdfy8mn4fdw4sqgw0jgc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4aXRVYkp5ZVJqUVVPSEtt - S0Q4bHlidVZweldGUHFVOGpGTThnbWNiaHpVCjBuUDVqdkZUNFM4ZjJDamtqSC9R - bnRqYlYrMjBVa3UxSE1aRU1DWFhhZVUKLS0tIHRqUWtRak9XeFZsbFJFVDI1VnNF - OFl5QUJ3WXBXRkpXMWR5QU1ySjRzQ0EKA/B+4ulXXMkXgZi6E1sud549vwTtdK2h - N5eoVgO66EOTHUPNzsq4uWGh1ra1Qfyla8jt0C56fq8m6OBGkhtWtw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxS3AzeW9JdFRTTXI2WmtT + WlltTTNxWnpnUHZaVzNsZ3RtU3pyekhITW5JCnpNdUpId25XU3lHYjFxcHBMSDZR + UFh6VjlvMC9md1l3bXNuTVM0Nk9lbTAKLS0tIEFWQ0tncUw4eXFNRWVMNVJGR2NS + SFVnVnl1S05zQlVIQXJHZ29qT29JNG8K9oFAYFu2S6vzm+6wYxRV8EFw6Rc4OH3S + TiV4znizHncrYZelEYiCdCU84DIR/jz82oMBLuIM7bQhISzYMBcMUA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-11T15:53:22Z" - mac: ENC[AES256_GCM,data:bxwYEmbk6iDUVvDLnmjp4Nv+t+Pprb8fvzSXH41q42j5FbDVtxH6BvB2bkspcAur39py1oaUu0uA2eJlBkN2pGCjjXFGI2SoN6gtgJeiB+MbkTpegn7Otqw5w3z1zwmxbLxuxaay8iXOHSmrM8mvKE8GYAzF5xm0UyxR6RJtkDw=,iv:ydhHsGZAN16B2OccObSC0zg5i6Wfi/1Xh74/ZLo/XlY=,tag:WO0zKwUjzU3JazGjO5PdEA==,type:str] + lastmodified: "2026-03-12T09:40:41Z" + mac: ENC[AES256_GCM,data:HhchguFiu4iHOa/Tyg4MvpECJ6aEAczdjMmtsM9qNTWS90YyYHXAq/OD0/iXV4LFMAhPFRZWE/vW+YOJuAjQmTGD7t9ADcgg/BFS0NSEq4/nKoBMEXqtATLGdX3m5eTFFeCbZZ6FI5wUvAfp6Ubwt8d7LilSg7fuTVEuivADXlU=,iv:JZayl8TrokOgYpY17J69GOP1GaFK6JmKmYoLEkuFBms=,tag:Gf6EEYZdtut+tfugYdau6Q==,type:str] encrypted_regex: ^(data|stringData|email)$ version: 3.12.1