bundlewrap/nodes/rx300.py

415 lines
14 KiB
Python
Raw Normal View History

# To use the serial console in iRMC, set up grub as follows:
# GRUB_TIMEOUT=30
# GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200 console=tty0"
# GRUB_TERMINAL=serial
# GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
2020-10-25 12:54:19 +00:00
nodes['rx300'] = {
'hostname': '31.47.232.106',
2020-10-25 15:46:45 +00:00
'bundles': {
2021-07-10 12:22:19 +00:00
'check-mail-received',
2021-08-21 05:34:18 +00:00
'dovecot',
'ipmitool',
2021-07-11 13:24:08 +00:00
'jenkins-ci',
2023-05-06 15:26:25 +00:00
'jugendhackt_tools',
'lm-sensors',
2021-07-23 18:02:57 +00:00
'matrix-dimension',
'miniflux',
2022-11-06 17:52:38 +00:00
'minecraft',
2021-07-15 16:41:27 +00:00
'nodejs',
2023-04-09 10:10:04 +00:00
'ntfy',
2021-07-23 08:07:35 +00:00
'oidentd',
2021-07-11 13:23:49 +00:00
'php',
2021-08-21 05:34:18 +00:00
'postfixadmin',
'postgresql',
2021-07-23 10:58:53 +00:00
'radicale',
2021-07-18 05:56:49 +00:00
'redis',
2021-08-21 05:34:18 +00:00
'rspamd',
2021-05-20 16:24:23 +00:00
'smartd',
2021-07-23 17:15:08 +00:00
'unbound',
2021-05-23 12:33:20 +00:00
'vmhost',
2020-10-25 15:46:45 +00:00
'zfs',
},
2020-11-21 09:55:09 +00:00
'groups': {
2021-07-01 16:23:30 +00:00
'debian-bullseye',
'webserver',
2020-11-21 09:55:09 +00:00
},
2020-10-25 15:46:45 +00:00
'metadata': {
2020-11-09 14:16:29 +00:00
'interfaces': {
2021-05-23 12:33:20 +00:00
'br0': {
2020-11-09 14:16:29 +00:00
'ips': {
'31.47.232.106/29',
'2a00:f820:528::2/64',
2020-11-09 14:16:29 +00:00
},
'gateway4': '31.47.232.105',
'gateway6': '2a00:f820:528::1',
},
},
'apt': {
'packages': {
2021-07-09 13:56:26 +00:00
# for franzi.business deployment
'ruby': {},
'ruby-dev': {},
'ruby-bundler': {},
2021-07-11 13:23:49 +00:00
2021-09-08 12:36:52 +00:00
# for `bw test` on jenkins
'bind9utils': {},
2021-07-01 16:23:30 +00:00
},
2020-11-09 14:16:29 +00:00
},
2021-07-10 12:22:19 +00:00
'check-mail-received': {
't-online': {
'email': 'franzi.kunsmann@t-online.de',
'imap_host': 'secureimap.t-online.de',
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
},
'icinga_options': {
'pretty_name': 'franzi.business',
},
'jenkins-ci': {
'install_ssh_key': True,
'domain': 'jenkins.franzi.business',
'writeable_paths': {
'/var/www/franzi.business', # for deployment task
},
},
2023-05-06 15:26:25 +00:00
'jugendhackt_tools': {
'allowed_hosts': ['jh.franzi.business'],
'timezone': 'Europe/Berlin',
},
2021-07-23 18:02:57 +00:00
'matrix-dimension': {
'url': 'dimension.franzi.business',
'version': 'c6d047c', # XXX master is broken as of 2021-11-27
2021-07-23 18:02:57 +00:00
'homeserver': {
'name': 'franzi.business',
'clientServerUrl': 'https://matrix.franzi.business',
'accessToken': vault.decrypt('encrypt$gAAAAABg-wBmGbAy-Ou1mkG2w5UyoqWmWYzDr4ZavyUQdmG_VtrUSmwHjx-qcBGIz_7NniD3zKm9GGvzRZItDu5zYiojcudYr74TkWJKhdDrgFbcWlfJJ_m3bWzrSORaTYzBGRckp2Vz_8xHgDk1W03vpT6mdIPMDzjuINssIcPs0YDth25W942tMfPA2csvLADY50qVRMJpdBOVIWba55o0g6-mAAQLOz6Ld4cCvYqZsqXsxjT8JUytJv_uSG4zgCS_aX20JlAyJWpJgT8FQF5HzIbsko_-Z9-TwtY7yllJp5Ri3n0WaDaWoMmUfhLvkMJeymmOc32A4WJBAePQ_2F-_oUDE7t97A-m3ZiMVAEefDnH5MkoiQEJTfHrJsXRkdBT_BnJlY1CoAuXpRYDdvbVDwN_qZHHHtqsno437l9S6GgDK_-sKBiojYkYsfHcJCdSEqeFGuxT'),
},
'admins': [
'@kunsi:franzi.business',
],
'telegram': {
# same as for mautrix-telegram
'botToken': vault.decrypt('encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q'),
},
},
'miniflux': {
'domain': 'rss.franzi.business',
},
2022-11-06 17:52:38 +00:00
'minecraft': {
'heap_mb': 16*1024,
'sha1': '82be5e1bbdfd1bcb001644780562282fd42ee5a9',
'version': ('1.19.2', '261'),
'allowlist': {
# use https://mcuuid.net/
'kunsi': 'a2b93640-9dff-4c3c-a6c7-bd75329d8997',
'sophie': '7e593cbb-9d61-4d46-a416-6edbcf8a2109',
},
'ops': {
'kunsi': 'a2b93640-9dff-4c3c-a6c7-bd75329d8997',
},
'restrict-to': {'*'},
},
2021-07-23 05:58:50 +00:00
'mx-puppet-discord': {
'homeserver': {
'domain': 'franzi.business',
'url': 'https://matrix.franzi.business',
},
'allowed-users': {
'@.*:franzi\\\\.business',
},
},
2021-08-21 10:33:05 +00:00
'netbox': {
'domain': 'netbox.franzi.business',
2023-07-11 03:55:11 +00:00
'version': 'v3.5.6',
2021-08-21 10:44:14 +00:00
'changelog_retention_days': 360,
'admins': {
'kunsi': 'hostmaster@kunbox.net',
},
2021-08-21 10:33:05 +00:00
},
'nginx': {
'security.txt': {
'contact': 'mailto:security@kunsmann.eu',
'Encryption': 'https://franzi.business/gpg_hi-kunsmann.eu.asc',
},
'vhosts': {
'jenkins-ci': {'ssl': '_.franzi.business'},
2021-07-23 18:02:57 +00:00
'matrix-dimension': {'ssl': '_.franzi.business'},
2021-07-09 13:56:26 +00:00
'miniflux': {'ssl': '_.franzi.business'},
2023-04-09 10:10:04 +00:00
'ntfy': {'ssl': '_.franzi.business'},
2021-07-23 10:58:53 +00:00
'radicale': {'ssl': '_.franzi.business'},
'daskritzelt-redirect': {
'domain': 'die-brontosaurier-waren-es.org',
'ssl': None,
'locations': {
'/': {
'redirect': 'https://twitter.com/daskritzelt/status/1259167444373028864',
'mode': 302,
},
},
},
2021-07-09 14:11:53 +00:00
'franzi.business': {
'webroot': '/var/www/franzi.business/_site/',
'ssl': '_.franzi.business',
'extras': True,
2023-07-23 13:48:07 +00:00
"locations": {
"/.well-known/matrix/client": {
"additional_config": [
"add_header Access-Control-Allow-Origin *",
"default_type application/json"
],
"content": "{\"im.vector.riot.jitsi\": {\"preferredDomain\": \"meet.ffmuc.net\"}, \"m.homeserver\": {\"base_url\": \"https://matrix.franzi.business\"}, \"m.identity_server\": {\"base_url\": \"https://matrix.org\"}}",
"return": 200
},
"/.well-known/matrix/server": {
"additional_config": [
"add_header Access-Control-Allow-Origin *",
"default_type application/json"
],
"content": "{\"m.server\": \"matrix.franzi.business:443\"}",
"return": 200
}
},
2021-07-09 14:11:53 +00:00
},
'git.kunsmann.eu': {
'locations': {
'/': {
'redirect': 'https://git.franzi.business$request_uri',
},
},
},
2023-05-06 15:26:25 +00:00
'jugendhackt_tools': {
'domain': 'jh.franzi.business',
'ssl': '_.franzi.business',
'locations': {
'/': {
'target': 'http://127.0.0.1:22090/',
},
'/static/': {
'alias': '/opt/jugendhackt_tools/src/static/',
2023-05-06 15:26:25 +00:00
},
},
},
'kunbox.net': {},
'kunsmann.eu': {
'locations': {
'/': {
'redirect': 'https://franzi.business$request_uri',
},
'/.well-known/openpgpkey': {
'alias': '/var/www/kunsmann.eu/.well-known/openpgpkey/',
'additional_config': {
'default_type application/octet-stream',
'add_header Access-Control-Allow-Origin *',
},
},
},
},
2021-08-21 05:34:18 +00:00
'mta-sts': {
'domain': 'mta-sts.kunbox.net',
'domain_aliases': {
'mta-sts.franzi.business',
'mta-sts.kunsmann.eu',
'mta-sts.trans-agenda.eu',
},
},
'paste.franzi.business': {
'ssl': '_.franzi.business',
'extras': True,
'webroot_config': {
'owner': 'kunsi',
},
},
2021-08-21 05:34:18 +00:00
'postfixadmin': {
'domain': 'postfixadmin.franzi.business',
'ssl': '_.franzi.business',
'webroot': '/opt/postfixadmin/public/',
'php': True,
'locations': {
'/rspamd/': {
'target': 'http://localhost:11334/',
'websockets': True,
},
}
2021-08-21 05:34:18 +00:00
},
2021-07-16 11:34:20 +00:00
'wiki.franzi.business': {
'ssl': '_.franzi.business',
'extras': True,
'php': True,
'webroot_config': {
'owner': 'www-data',
'group': 'www-data',
},
'website_check_path': '/start?do=login',
'website_check_string': 'Username',
},
},
2021-07-23 17:15:08 +00:00
'worker_processes': 8,
},
2023-04-09 10:10:04 +00:00
'ntfy': {
'domain': 'ntfy.franzi.business',
'ratelimit-exempt-hosts': {
'ovh.icinga2',
'rx300',
},
},
2021-07-23 08:07:35 +00:00
'oidentd': {
'allows': {
'kunsi': {
'spoof',
'spoof_all',
},
},
},
2021-07-11 13:23:49 +00:00
'php': {
'version': '8.0',
'packages': {
'gd',
2021-11-22 19:34:02 +00:00
'imagick',
2021-07-11 13:23:49 +00:00
'imap',
'intl',
'mbstring',
'opcache',
'pgsql',
'readline',
'xml',
2021-11-22 19:34:02 +00:00
'yaml',
2021-07-11 13:23:49 +00:00
},
},
2021-07-18 05:56:49 +00:00
'postfix': {
2023-03-29 08:48:06 +00:00
'message_size_limit_mb': 75,
2021-07-18 05:56:49 +00:00
'mynetworks': {
'gce',
2021-07-18 05:56:49 +00:00
'ovh',
},
},
'postfixadmin': {
2022-12-16 14:25:32 +00:00
'version': '3.3.13',
2021-07-18 05:56:49 +00:00
'setup_password': vault.decrypt('encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=='),
},
'postgresql': {
'version': '13',
'max_connections': 500,
2023-06-03 11:21:23 +00:00
'autovacuum_max_workers': 12,
'maintenance_work_mem': 2*1024,
'work_mem': 8*1024,
'cache_size': 32*1024,
},
2021-07-23 10:58:53 +00:00
'radicale': {
'domain': 'radicale.franzi.business',
'users': {
'kunsi': bwpass.password('radicale.franzi.business/kunsi'),
},
},
2021-07-18 05:56:49 +00:00
'rspamd': {
'ignore_spam_check_for_ips': {
# entropia
'45.140.180.32/27', # Entropia e. V.
'45.140.180.112/28', # MicroPOC
'2a0e:c5c0:0:201::/64', # Entropia e. V.
'2a0e:c5c0:0:307::/64', # MicroPOC
2022-05-14 07:22:19 +00:00
# c3kl
'116.202.19.236',
'2a01:4f8:1c17:cc52::/64',
2021-07-18 05:56:49 +00:00
# ccc
'212.12.55.65',
'212.12.55.67',
'2a00:14b0:4200:3000:23:55:0:65',
# IN-Berlin mailman
'130.133.8.35',
'192.109.42.28',
'192.109.42.122',
'193.29.188.9',
'217.197.80.23',
'217.197.80.134',
'2001:bf0:c000:a::2:134',
2021-08-21 05:48:31 +00:00
# c3voc
'185.106.84.32/26',
'2001:67c:20a0:e::/64',
2022-08-19 05:30:55 +00:00
# DENOG
'195.20.121.100',
'2001:1440:201:101::5',
2021-07-18 05:56:49 +00:00
},
2021-08-21 05:48:31 +00:00
'password': bwpass.password('bw/rx300/rspamd'),
2021-07-18 05:56:49 +00:00
'dkim': 'uO4aNejDvVdw8BKne3KJIqAvCQMJ0416',
},
2021-05-20 16:24:23 +00:00
'smartd': {
'disks': {
'/dev/nvme0',
},
},
2021-08-21 05:52:58 +00:00
'systemd': {
'journal': {
'maxuse': '4G',
},
},
'systemd-networkd': {
2021-05-23 12:33:20 +00:00
'bridges': {
'br0': {
'match': {
'eno1',
2021-05-23 12:33:20 +00:00
},
},
},
},
2022-02-06 12:41:09 +00:00
'systemd-timers': {
'timers': {
'cleanup-paste.franzi.business': {
'command': '/usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;',
'user': 'kunsi',
'when': 'daily',
},
},
},
2021-07-23 17:15:08 +00:00
'unbound': {
'threads': 8,
'cache_slabs': 8,
},
2020-10-25 15:46:45 +00:00
'zfs': {
2020-10-25 15:49:36 +00:00
'module_options': {
2023-06-03 11:21:23 +00:00
'zfs_arc_max_gb': 48,
2020-10-25 15:49:36 +00:00
},
2020-10-25 15:46:45 +00:00
'pools': {
2021-08-17 16:09:51 +00:00
'tank': {
'when_creating': {
'config': [{
'type': 'raidz',
'devices': {
'/dev/sda',
'/dev/sdb',
'/dev/sdc',
'/dev/sdd',
},
}],
'ashift': 12,
2020-10-25 15:46:45 +00:00
},
2021-08-17 16:09:51 +00:00
},
2020-10-25 15:46:45 +00:00
},
2021-05-23 12:33:20 +00:00
'datasets': {
'tank/libvirt': {
'mountpoint': '/var/lib/libvirt',
'compression': 'on',
'needed_by': {
'bundle:vmhost',
},
2021-05-23 12:33:20 +00:00
},
'tank/home-kunsi': {
'mountpoint': '/home/kunsi',
'needed_by': {
'directory:/home/kunsi',
},
},
2021-05-23 12:33:20 +00:00
},
2020-10-25 15:46:45 +00:00
},
'vm': {
'cpu': 32,
2021-05-20 15:51:50 +00:00
'ram': 256,
2020-10-25 15:46:45 +00:00
},
},
2020-10-25 12:54:19 +00:00
}