bundlewrap/nodes/htz-cloud/miniserver.py

# sophie's miniserver
# mostly unmanaged

nodes['htz-cloud.miniserver'] = {
    'bundles': {
        'element-web',
        'matrix-media-repo',
        'matrix-synapse',
        'nodejs',
        'mautrix-telegram',
        'postgresql',
    },
    'groups': {
        'debian-buster',
        'webserver',
    },
    'metadata': {
        'interfaces': {
            'eth0': {
                'ips': {
                    '157.90.20.62',
                    '2a01:4f8:c2c:840f::1/64',
                },
                'gateway4': '172.31.1.1',
                'gateway6': 'fe80::1',
            },
        },
        'apt': {
            'packages': {
                'mosh': {},
                'weechat': {},
                'weechat-core': {},
                'weechat-curses': {},
                'weechat-perl': {},
                'weechat-plugins': {},
                'weechat-python': {},
                'weechat-ruby': {},
            },
            'repos': {
                'weechat': {
                    'items': {
                        'deb https://weechat.org/debian {os_release} main',
                    },
                },
            },
        },
        'backup-client': {
            'pre-hooks': {
                'sophie-weechat': \
                    'echo \'core.weechat */layout store\' >> /home/sophie/.weechat/weechat_fifo\n' \
                    'echo \'core.weechat */save\' >> /home/sophie/.weechat/weechat_fifo\n',
            },
        },
        'backups': {
            'paths': {
                '/home/sophie/.weechat',
            },
        },
        'element-web': {
            'url': 'chat.sophies-kitchen.eu',
            'version': 'v1.7.29',
            'config': {
                'default_server_config': {
                    'm.homeserver': {
                        'base_url': 'https://matrix.sophies-kitchen.eu',
                        'server_name': 'sophies-kitchen.eu',
                    },
                },
                'brand': 'sophies-kitchen.eu',
                'showLabsSettings': True,
                'integrations_ui_url': 'https://dimension.franzi.business/riot',
                'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar',
                'integrations_widgets_urls': {
                    'https://dimension.franzi.business/widgets'
                },
                'default_theme': 'dark',
                'defaultCountryCode': 'DE',
                'jitsi': {
                    'preferredDomain': 'meet.ffmuc.net',
                },
            },
        },
        'icinga_options': {
            'vars.notification.sms': False,
        },
        'letsencrypt': {
            'concat_and_deploy': {
                'sophie-weechat': {
                    'match_domain': 'i.sophies-kitchen.eu',
                    'target': '/home/sophie/.weechat/ssl/relay.pem',
                    'chown': 'sophie:sophie',
                    'chmod': '0440',
                    'commands': [
                        'echo \'core.weechat */relay sslcertkey\' >> /home/sophie/.weechat/weechat_fifo'
                    ],
                },
            },
            'domains': {
                'i.sophies-kitchen.eu': set(),
                'webdump.sophies-kitchen.eu': set(),
                'matrix.sophies-kitchen.eu': {
                    'sophies-kitchen.eu',
                },
            },
        },
        'matrix-media-repo': {
            'version': 'v1.2.8',
            'homeservers': {
                'sophies-kitchen.eu': {
                    'domain': 'http://[::1]:20080/',
                    'api': 'synapse',
                },
            },
            'admins': {
                '@sophie:sophies-kitchen.eu',
            },
            'upload_max_mb': 500,
        },
        'matrix-synapse': {
            'server_name': 'sophies-kitchen.eu',
            'baseurl': 'matrix.sophies-kitchen.eu',
            'admin_contact': 'mailto:foobar@sophies-kitchen.eu',
            'trusted_key_servers': {
                'matrix.org',
            },
        },
        'mautrix-telegram': {
            'version': 'v0.9.0',
            'homeserver': {
                'domain': 'sophies-kitchen.eu',
                'url': 'https://matrix.sophies-kitchen.eu',
            },
            'provisioning': {
                'enabled': False,
                'shared_secret': '""',
            },
            'permissions': {
                'sophies-kitchen.eu': 'full',
                "'@sophie:sophies-kitchen.eu'": 'admin',
            },
            'telegram': {
                'api_id': vault.decrypt('encrypt$gAAAAABgnqdXhCTwtCXJhSaCZsiNfHPtjwlYtV1sUAux7JZdejN3xItU9RJLeNu4gUniv36XbBoxKwVtqqyV3RcAs-PgumcfYQ=='),
                'api_token': vault.decrypt('encrypt$gAAAAABgnqd5IdpYRmW-C4ONBSXQfiJrpTVQX0rP0eKoDnLnVTLg-5olSjcw2gVvEKWLnsGEZIgVcG7yEs-sqYRxeiQLFFpSn-Z4We0mhj0CUeFoD-eXJsp-bAgLv9PJoMv5Gjb8r9i6'),
                'bot_token': '""',
            },
        },
        'nftables': {
            'rules': {
                'input': {
                    'sophie-weechat': [
                        'udp dport { 60000-61000 } accept',
                        'tcp dport 9001 accept',
                    ],
                },
            },
        },
        'nginx': {
            'vhosts': {
                #'dimension.sophies-kitchen.eu': {
                #    'extras': True,
                #    'do_not_set_content_security_headers': True,
                #    'max_body_size': '50M',
                #    'proxy': {
                #        '/': {
                #            'target': 'http://127.0.0.1:8184',
                #        },
                #    },
                #},
                'sophies-kitchen.eu': {
                    'webroot': '/var/www/sophies-kitchen.eu/_site/',
                    'extras': True,
                },
                'matrix.sophies-kitchen.eu': {
                    'extras': True,
                },
                'webdump.sophies-kitchen.eu': {
                    'webroot_config': {
                        'owner': 'sophie',
                        'group': 'sophie',
                        'mode': '0755',
                    },
                    'extras': True,
                },
            },
        },
        'sysctl': {
            'options': {
                # XXX find out if this is really needed
                'net.ipv4.ip_forward': '1',
                'net.ipv6.conf.all.forwarding': '1',
            },
        },
        'vm': {
            'cpu': 2,
            'ram': 4,
        },
        'users': {
            'sophie': {
                'ssh_pubkey': [
                    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon"
                ],
            },
        },
    },
}
bw/htz-miniserver initial nodefile 2021-02-20 14:56:54 +00:00			`# sophie's miniserver`
			`# mostly unmanaged`

			`nodes['htz-cloud.miniserver'] = {`
bw/htz-cloud.miniserver install matrix and other components 2021-05-14 18:07:55 +00:00			`'bundles': {`
			`'element-web',`
			`'matrix-media-repo',`
			`'matrix-synapse',`
			`'nodejs',`
			`'mautrix-telegram',`
			`'postgresql',`
			`},`
bw/htz-miniserver initial nodefile 2021-02-20 14:56:54 +00:00			`'groups': {`
			`'debian-buster',`
			`'webserver',`
			`},`
			`'metadata': {`
			`'interfaces': {`
			`'eth0': {`
			`'ips': {`
			`'157.90.20.62',`
			`'2a01:4f8:c2c:840f::1/64',`
			`},`
			`'gateway4': '172.31.1.1',`
			`'gateway6': 'fe80::1',`
			`},`
			`},`
			`'apt': {`
			`'packages': {`
add firewall 2021-02-20 17:12:17 +00:00			`'mosh': {},`
bw/htz-miniserver initial nodefile 2021-02-20 14:56:54 +00:00			`'weechat': {},`
			`'weechat-core': {},`
			`'weechat-curses': {},`
			`'weechat-perl': {},`
			`'weechat-plugins': {},`
			`'weechat-python': {},`
			`'weechat-ruby': {},`
			`},`
add firewall 2021-02-20 17:12:17 +00:00			`'repos': {`
			`'weechat': {`
			`'items': {`
			`'deb https://weechat.org/debian {os_release} main',`
			`},`
			`},`
			`},`
bw/htz-miniserver initial nodefile 2021-02-20 14:56:54 +00:00			`},`
bw/htz-cloud.miniserver enable backups 2021-05-16 17:54:18 +00:00			`'backup-client': {`
			`'pre-hooks': {`
			`'sophie-weechat': \`
			`'echo \'core.weechat */layout store\' >> /home/sophie/.weechat/weechat_fifo\n' \`
			`'echo \'core.weechat */save\' >> /home/sophie/.weechat/weechat_fifo\n',`
			`},`
			`},`
bw/htz-miniserver initial nodefile 2021-02-20 14:56:54 +00:00			`'backups': {`
bw/htz-cloud.miniserver enable backups 2021-05-16 17:54:18 +00:00			`'paths': {`
			`'/home/sophie/.weechat',`
			`},`
bw/htz-miniserver initial nodefile 2021-02-20 14:56:54 +00:00			`},`
bw/htz-cloud.miniserver install matrix and other components 2021-05-14 18:07:55 +00:00			`'element-web': {`
			`'url': 'chat.sophies-kitchen.eu',`
update element-web 2021-05-24 17:12:33 +00:00			`'version': 'v1.7.29',`
bw/htz-cloud.miniserver install matrix and other components 2021-05-14 18:07:55 +00:00			`'config': {`
			`'default_server_config': {`
			`'m.homeserver': {`
			`'base_url': 'https://matrix.sophies-kitchen.eu',`
			`'server_name': 'sophies-kitchen.eu',`
			`},`
			`},`
			`'brand': 'sophies-kitchen.eu',`
			`'showLabsSettings': True,`
add dimension 2021-05-21 21:37:11 +00:00			`'integrations_ui_url': 'https://dimension.franzi.business/riot',`
			`'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar',`
			`'integrations_widgets_urls': {`
			`'https://dimension.franzi.business/widgets'`
			`},`
bw/htz-cloud.miniserver install matrix and other components 2021-05-14 18:07:55 +00:00			`'default_theme': 'dark',`
			`'defaultCountryCode': 'DE',`
			`'jitsi': {`
			`'preferredDomain': 'meet.ffmuc.net',`
			`},`
			`},`
			`},`
update bashrc 2021-02-20 16:32:09 +00:00			`'icinga_options': {`
nodes/htz-cloud.miniserver: remove dummy metadata, add monitoring 2021-04-02 11:40:10 +00:00			`'vars.notification.sms': False,`
update bashrc 2021-02-20 16:32:09 +00:00			`},`
plagiarize weechat setup 2021-02-20 15:50:42 +00:00			`'letsencrypt': {`
			`'concat_and_deploy': {`
			`'sophie-weechat': {`
			`'match_domain': 'i.sophies-kitchen.eu',`
			`'target': '/home/sophie/.weechat/ssl/relay.pem',`
			`'chown': 'sophie:sophie',`
			`'chmod': '0440',`
			`'commands': [`
			`'echo \'core.weechat */relay sslcertkey\' >> /home/sophie/.weechat/weechat_fifo'`
			`],`
			`},`
			`},`
			`'domains': {`
			`'i.sophies-kitchen.eu': set(),`
bw/miniserver new vhost 2021-03-13 12:31:28 +00:00			`'webdump.sophies-kitchen.eu': set(),`
bw/htz-cloud.miniserver install matrix and other components 2021-05-14 18:07:55 +00:00			`'matrix.sophies-kitchen.eu': {`
			`'sophies-kitchen.eu',`
			`},`
			`},`
			`},`
			`'matrix-media-repo': {`
			`'version': 'v1.2.8',`
			`'homeservers': {`
			`'sophies-kitchen.eu': {`
			`'domain': 'http://[::1]:20080/',`
			`'api': 'synapse',`
			`},`
			`},`
			`'admins': {`
			`'@sophie:sophies-kitchen.eu',`
			`},`
			`'upload_max_mb': 500,`
			`},`
			`'matrix-synapse': {`
			`'server_name': 'sophies-kitchen.eu',`
			`'baseurl': 'matrix.sophies-kitchen.eu',`
			`'admin_contact': 'mailto:foobar@sophies-kitchen.eu',`
			`'trusted_key_servers': {`
			`'matrix.org',`
			`},`
			`},`
			`'mautrix-telegram': {`
			`'version': 'v0.9.0',`
			`'homeserver': {`
			`'domain': 'sophies-kitchen.eu',`
			`'url': 'https://matrix.sophies-kitchen.eu',`
			`},`
			`'provisioning': {`
			`'enabled': False,`
			`'shared_secret': '""',`
			`},`
			`'permissions': {`
			`'sophies-kitchen.eu': 'full',`
			`"'@sophie:sophies-kitchen.eu'": 'admin',`
			`},`
			`'telegram': {`
			`'api_id': vault.decrypt('encrypt$gAAAAABgnqdXhCTwtCXJhSaCZsiNfHPtjwlYtV1sUAux7JZdejN3xItU9RJLeNu4gUniv36XbBoxKwVtqqyV3RcAs-PgumcfYQ=='),`
			`'api_token': vault.decrypt('encrypt$gAAAAABgnqd5IdpYRmW-C4ONBSXQfiJrpTVQX0rP0eKoDnLnVTLg-5olSjcw2gVvEKWLnsGEZIgVcG7yEs-sqYRxeiQLFFpSn-Z4We0mhj0CUeFoD-eXJsp-bAgLv9PJoMv5Gjb8r9i6'),`
			`'bot_token': '""',`
plagiarize weechat setup 2021-02-20 15:50:42 +00:00			`},`
			`},`
modify nodes and bundles for new nftables syntax 2021-06-03 11:59:15 +00:00			`'nftables': {`
			`'rules': {`
			`'input': {`
			`'sophie-weechat': [`
			`'udp dport { 60000-61000 } accept',`
			`'tcp dport 9001 accept',`
			`],`
			`},`
			`},`
			`},`
bw/htz-miniserver initial nodefile 2021-02-20 14:56:54 +00:00			`'nginx': {`
			`'vhosts': {`
bw/htz-cloud.miniserver install matrix and other components 2021-05-14 18:07:55 +00:00			`#'dimension.sophies-kitchen.eu': {`
			`# 'extras': True,`
			`# 'do_not_set_content_security_headers': True,`
			`# 'max_body_size': '50M',`
			`# 'proxy': {`
			`# '/': {`
			`# 'target': 'http://127.0.0.1:8184',`
			`# },`
			`# },`
			`#},`
			`'sophies-kitchen.eu': {`
			`'webroot': '/var/www/sophies-kitchen.eu/_site/',`
			`'extras': True,`
			`},`
			`'matrix.sophies-kitchen.eu': {`
			`'extras': True,`
			`},`
bw/miniserver new vhost 2021-03-13 12:31:28 +00:00			`'webdump.sophies-kitchen.eu': {`
update bashrc 2021-02-20 16:32:09 +00:00			`'webroot_config': {`
			`'owner': 'sophie',`
			`'group': 'sophie',`
			`'mode': '0755',`
			`},`
bw/miniserver new vhost 2021-03-13 12:31:28 +00:00			`'extras': True,`
bw/htz-miniserver initial nodefile 2021-02-20 14:56:54 +00:00			`},`
			`},`
			`},`
add bundle:sysctl 2021-06-04 05:27:49 +00:00			`'sysctl': {`
			`'options': {`
			`# XXX find out if this is really needed`
			`'net.ipv4.ip_forward': '1',`
			`'net.ipv6.conf.all.forwarding': '1',`
			`},`
			`},`
bw/htz-miniserver initial nodefile 2021-02-20 14:56:54 +00:00			`'vm': {`
			`'cpu': 2,`
			`'ram': 4,`
add work ssh key 2021-03-11 21:27:30 +00:00			`},`
			`'users': {`
			`'sophie': {`
			`'ssh_pubkey': [`
			`"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon"`
			`],`
			`},`
			`},`
bw/htz-miniserver initial nodefile 2021-02-20 14:56:54 +00:00			`},`
			`}`