2020-02-23 10:13:45 +00:00
nodes [ ' htz.ex42-1048908 ' ] = {
2020-08-18 13:27:55 +00:00
' bundles ' : {
2020-11-07 21:32:47 +00:00
' dovecot ' ,
2020-08-20 13:34:27 +00:00
' gitea ' ,
2020-05-09 11:08:34 +00:00
' jenkins-ci ' ,
2020-04-05 09:38:31 +00:00
' matrix-synapse ' ,
2020-09-06 10:05:42 +00:00
' mautrix-telegram ' ,
2020-10-18 13:48:50 +00:00
' miniflux ' ,
2020-04-04 15:54:48 +00:00
' mx-puppet-discord ' ,
2020-04-04 14:31:08 +00:00
' nodejs ' ,
2020-11-06 14:47:01 +00:00
' php ' ,
2020-11-07 21:32:47 +00:00
' postfixadmin ' ,
2020-02-29 14:43:18 +00:00
' riot-web ' ,
2020-11-07 21:32:47 +00:00
' rspamd ' ,
2020-04-04 15:54:48 +00:00
' postgresql ' ,
2020-10-23 13:22:35 +00:00
' radicale ' ,
2020-08-19 16:43:32 +00:00
' travelynx ' ,
2020-02-29 12:31:14 +00:00
' vmhost ' ,
2020-03-21 11:32:32 +00:00
' voc-loudness-monitor ' ,
2020-08-18 13:27:55 +00:00
} ,
2020-06-01 09:04:51 +00:00
' groups ' : {
' webserver ' ,
} ,
2020-02-29 14:43:18 +00:00
' metadata ' : {
2020-09-20 16:35:35 +00:00
' interfaces ' : {
' enp0s31f6 ' : {
2020-11-09 14:16:29 +00:00
' ips ' : {
' 94.130.52.224/26 ' ,
' 2a01:4f8:10b:2a5f::02/64 ' ,
' 2a01:4f8:10b:2a5f::1337/64 ' ,
2020-09-20 16:35:35 +00:00
} ,
' gateway4 ' : ' 94.130.52.193 ' ,
' gateway6 ' : ' fe80::1 ' ,
} ,
} ,
2020-02-29 14:43:18 +00:00
' apt ' : {
2020-05-29 18:12:06 +00:00
' packages ' : {
2020-11-06 14:47:01 +00:00
' php-imagick ' : { } ,
2020-05-29 18:12:06 +00:00
# No need to create a bundle just to install packages,
# configs will be managed by users nevertheless. Maybe
# this will be a FIXME once we start managing backups
# via bundlewrap.
2020-05-29 18:15:04 +00:00
' weechat ' : { } ,
' weechat-core ' : { } ,
' weechat-curses ' : { } ,
' weechat-perl ' : { } ,
' weechat-plugins ' : { } ,
' weechat-python ' : { } ,
' weechat-ruby ' : { } ,
2020-05-29 18:12:06 +00:00
} ,
2020-07-30 13:51:10 +00:00
' repos ' : {
2020-08-29 19:09:42 +00:00
' backports ' : {
2020-08-20 08:59:45 +00:00
' install_gpg_key ' : False , # default debian signing key
2020-07-30 13:51:10 +00:00
' items ' : [
2020-08-30 10:06:19 +00:00
' deb http://deb.debian.org/debian {os_release} -backports main ' ,
2020-07-30 13:51:10 +00:00
] ,
} ,
2020-08-20 08:59:45 +00:00
' rspamd ' : {
' items ' : {
2020-08-30 10:06:19 +00:00
' deb [arch=amd64] http://rspamd.com/apt-stable/ {os_release} main ' ,
2020-08-20 08:59:45 +00:00
} ,
} ,
' weechat ' : {
' items ' : {
2020-08-30 10:06:19 +00:00
' deb https://weechat.org/debian {os_release} main ' ,
2020-08-20 08:59:45 +00:00
} ,
} ,
2020-07-30 13:51:10 +00:00
} ,
2020-02-29 14:43:18 +00:00
} ,
2020-11-09 17:22:41 +00:00
' cron ' : {
# TODO move to a proper bundle
' backup ' : ' 0 1 * * * root /root/backup.sh ' ,
' restart_mautrix_whatsapp ' : ' 0 3 * * * root systemctl restart matrix-bridge-whatsapp.service ' ,
' telekom_nervkram ' : vault . decrypt ( ' encrypt$gAAAAABfqXi23M96wrSLhqlbhqgePYX06LjPXfyQU2y_07kqYYLztj_PhS1-dk4r5FiiL2Ofmx5iCKW1sZNqiQSuHj2uKaitH0GnwHqj5CI2JwkAS9HrFxw= ' ) . format_into ( ' 0 0 * * * root date | mail -s \' daily test mail \' -r postmaster@mx0.kunbox.net {} ' ) ,
} ,
2020-08-20 13:34:27 +00:00
' gitea ' : {
2020-10-03 14:18:50 +00:00
' version ' : ' 1.12.5 ' ,
' sha256 ' : ' 8ed8bff1f34d8012cab92943214701c10764ffaca102e311a3297edbb8fce940 ' ,
2020-08-20 13:34:27 +00:00
' domain ' : ' git.kunsmann.eu ' ,
# TODO find out if those secrets can be rotated without breaking stuff
' internal_token ' : vault . decrypt ( ' encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg== ' ) ,
' lfs_secret_key ' : vault . decrypt ( ' encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr ' ) ,
' oauth_secret_key ' : vault . decrypt ( ' encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz ' ) ,
' security_secret_key ' : vault . decrypt ( ' encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4= ' ) ,
} ,
2020-06-01 10:29:16 +00:00
' letsencrypt ' : {
' concat_and_deploy ' : {
' kunsi-weechat ' : {
' match_domain ' : ' part.of.the.trans-agenda.eu ' ,
' target ' : ' /home/kunsi/.weechat/ssl/relay.pem ' ,
' chown ' : ' kunsi:kunsi ' ,
' chmod ' : ' 0440 ' ,
' commands ' : [
' echo \' core.weechat */relay sslcertkey \' >> /home/kunsi/.weechat/weechat_fifo '
] ,
} ,
} ,
' domains ' : {
2020-07-19 09:26:12 +00:00
' matrix.franzi.business ' : {
' franzi.business ' ,
} ,
2020-07-26 16:46:08 +00:00
' part.of.the.trans-agenda.eu ' : set ( ) ,
2020-06-01 10:29:16 +00:00
} ,
} ,
2020-04-05 09:38:31 +00:00
' matrix-synapse ' : {
' server_name ' : ' franzi.business ' ,
' baseurl ' : ' matrix.franzi.business ' ,
' admin_contact ' : ' mailto:hostmaster@kunbox.net ' ,
' appservice_configs ' : {
2020-05-29 18:13:34 +00:00
# TODO move to bundles
2020-04-05 09:38:31 +00:00
' /opt/matrix-bridges/mautrix-whatsapp/registration.yaml ' ,
} ,
' trusted_key_servers ' : {
' matrix.org ' ,
' finallycoffee.eu ' ,
' nyantec.com ' ,
} ,
} ,
2020-09-06 10:05:42 +00:00
' mautrix-telegram ' : {
2020-11-09 11:16:06 +00:00
' version ' : ' v0.9.0-rc2 ' ,
2020-09-06 10:05:42 +00:00
' homeserver ' : {
' domain ' : ' franzi.business ' ,
' url ' : ' https://matrix.franzi.business ' ,
} ,
' provisioning ' : {
' enabled ' : True ,
' shared_secret ' : vault . decrypt ( ' encrypt$gAAAAABfVKflEMAi07C_QGP8cy97hF-4gGPym0oF6p4WSMdAveTpx-hFsZd2s7v9ubw99yIsyKx0dHOJI0UND7hV1rKZdvjy4Qa642abZ2wwW7SWTqvuP_qVtrf6-klc2QKTzeD9c_LVsyZ2dqz_JxRPq3MRXgkubZuWOZ6FmFlAlteTffoGfWE= ' ) ,
} ,
' permissions ' : {
" ' * ' " : ' relaybot ' ,
' nyantec.com ' : ' full ' ,
' franzi.business ' : ' full ' ,
" ' @kunsi:franzi.business ' " : ' admin ' ,
} ,
' telegram ' : {
' api_id ' : vault . decrypt ( ' encrypt$gAAAAABfVK5SmDDru-UQxitkE5VhPArnUBhaRbAqQPvAW2Fh3fd1XDrWxa3Qn4BSnJAPNWglH5wil_SXUMcIm95FMhPe8dVeMQ== ' ) ,
' api_token ' : vault . decrypt ( ' encrypt$gAAAAABfVK5jHuUly1xr9Iku362k7oF4ZYRhLGzNJh3aJpiNrLfAy_DJpTwucx4FV_g45dyQF5boqG2rgdDfwsJN_Ab95es6T4SPGiXIxJOBlvIln1Torwh16pXKchhUTn_PQ077Ll1W ' ) ,
' bot_token ' : vault . decrypt ( ' encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q ' ) ,
} ,
} ,
2020-10-18 13:48:50 +00:00
' miniflux ' : {
' domain ' : ' rss.kunsmann.eu ' ,
} ,
2020-04-04 15:54:48 +00:00
' mx-puppet-discord ' : {
' homeserver ' : {
' domain ' : ' franzi.business ' ,
2020-04-05 14:35:51 +00:00
' url ' : ' https://matrix.franzi.business ' ,
2020-04-04 15:54:48 +00:00
} ,
' allowed-users ' : {
' @.*:franzi \\ \\ .business ' ,
} ,
} ,
2020-06-01 09:31:13 +00:00
' nginx ' : {
' vhosts ' : {
2020-07-19 09:26:12 +00:00
# TODO maybe some of this can be moved to a bundle?
' dav.kunsmann.eu ' : {
' extras ' : True ,
} ,
' dimension.franzi.business ' : {
' extras ' : True ,
' do_not_set_content_security_headers ' : True ,
' proxy ' : {
2020-09-22 16:36:10 +00:00
' / ' : {
' target ' : ' http://127.0.0.1:8184 ' ,
} ,
2020-07-19 09:26:12 +00:00
} ,
} ,
2020-06-01 11:33:33 +00:00
' franzi.business ' : {
' webroot ' : ' /var/www/franzi.business/_site/ ' ,
' extras ' : True ,
} ,
2020-06-01 09:31:13 +00:00
' jenkins.kunsmann.eu ' : {
' proxy ' : {
2020-09-22 16:36:10 +00:00
' / ' : {
' target ' : ' http://localhost:22010/ ' ,
} ,
2020-06-01 09:31:13 +00:00
} ,
} ,
2020-06-01 11:33:33 +00:00
' kunbox.net ' : { } ,
' kunsmann.eu ' : {
' extras ' : True ,
} ,
2020-07-19 09:26:12 +00:00
' matrix.franzi.business ' : {
' extras ' : True ,
} ,
2020-06-01 11:33:33 +00:00
' paste.kunsmann.eu ' : {
2020-10-27 17:03:52 +00:00
' webroot_config ' : {
' owner ' : ' kunsi ' ,
' group ' : ' kunsi ' ,
2020-11-09 12:06:03 +00:00
' mode ' : ' 0755 ' ,
2020-10-27 17:03:52 +00:00
} ,
2020-06-01 11:33:33 +00:00
' extras ' : True ,
} ,
2020-07-19 09:26:12 +00:00
' postfixadmin.mx0.kunbox.net ' : {
2020-11-08 09:43:51 +00:00
' webroot ' : ' /opt/postfixadmin/public/ ' ,
2020-11-06 14:47:01 +00:00
' php ' : True ,
2020-07-19 09:26:12 +00:00
} ,
' rspamd.mx0.kunbox.net ' : {
' proxy ' : {
2020-09-22 16:36:10 +00:00
' / ' : {
' target ' : ' http://localhost:11334/ ' ,
} ,
2020-07-19 09:26:12 +00:00
} ,
} ,
2020-08-19 16:43:32 +00:00
' travelynx.franzi.business ' : {
' proxy ' : {
2020-09-22 16:36:10 +00:00
' / ' : {
' target ' : ' http://127.0.0.1:22020 ' ,
} ,
2020-08-19 16:43:32 +00:00
} ,
2020-08-19 19:46:01 +00:00
' extras ' : True ,
2020-08-19 16:43:32 +00:00
} ,
2020-10-18 16:55:00 +00:00
' vliedel.random.franzi.business ' : {
' webroot_config ' : {
' owner ' : ' vliedel ' ,
' group ' : ' vliedel ' ,
} ,
} ,
2020-07-19 09:26:12 +00:00
' webmail.mx0.kunbox.net ' : {
' php ' : True ,
} ,
2020-10-18 16:46:19 +00:00
' wiki.franzi.business ' : {
2020-10-18 17:30:23 +00:00
' extras ' : True ,
2020-10-18 16:46:19 +00:00
' php ' : True ,
2020-10-18 17:30:23 +00:00
' webroot_config ' : {
' owner ' : ' www-data ' ,
' group ' : ' www-data ' ,
} ,
2020-10-18 16:46:19 +00:00
} ,
2020-06-01 09:31:13 +00:00
} ,
2020-08-30 08:34:16 +00:00
' worker_processes ' : 4 ,
2020-06-01 09:31:13 +00:00
} ,
2020-11-06 14:47:01 +00:00
' php ' : {
2020-11-08 09:57:01 +00:00
' version ' : ' 7.4 ' ,
2020-11-06 14:47:01 +00:00
' packages ' : {
' gd ' ,
' imap ' ,
' intl ' ,
' json ' ,
' mbstring ' ,
' opcache ' ,
' pgsql ' ,
' readline ' ,
' xml ' ,
} ,
} ,
2020-11-07 21:32:47 +00:00
' postfix ' : {
' myhostname ' : ' mx0.kunbox.net ' ,
' message_size_limit_mb ' : 50 ,
} ,
' postfixadmin ' : {
' setup_password ' : vault . decrypt ( ' encrypt$gAAAAABfpwn8NKxTztI39GzhGw66NNsWa72Wq7Sa_LoIG_L0ewCVPzhmw93xhWo3jfT8hCn9sqJgbArmPHtLMcLkSHdBPbQe0bLZMSib-mA9sEQD0wgKMyuRCPHIIMKSAoMaJaYnHSTO-mz1q7_tKzd6LkHF_AGsboS1vpQvg-CDth6e0msTwe8= ' ) ,
} ,
2020-10-23 13:22:35 +00:00
' radicale ' : {
' users ' : {
' kunsi ' : vault . decrypt ( ' encrypt$gAAAAABfktUcN5dAS1IP0bQr8Qe54F8UCKLWI3RXscI0xE5he1hx-faiR5grtW4p25mvgxJRw_kDs_dmpahpRztcAjnD8uNEOlFcQefqeVCxyJKsPYiVjN6WsRjAHFd7PoES9gcWln1O ' ) ,
} ,
} ,
2020-02-29 14:43:18 +00:00
' riot-web ' : {
' url ' : ' chat.franzi.business ' ,
2020-03-14 09:38:51 +00:00
' config ' : {
' default_server_name ' : ' franzi.business ' ,
' brand ' : ' franzi.business ' ,
' showLabsSettings ' : True ,
' integrations_ui_url ' : ' https://dimension.franzi.business/riot ' ,
' integrations_rest_url ' : ' https://dimension.franzi.business/api/v1/scalar ' ,
' integrations_widgets_urls ' : [ ' https://dimension.franzi.business/widgets ' ] ,
' default_theme ' : ' dark ' ,
' defaultCountryCode ' : ' DE ' ,
2020-06-12 14:48:55 +00:00
' features ' : {
' feature_bridge_state ' : ' labs ' ,
' feature_font_scaling ' : ' labs ' ,
' feature_irc_ui ' : ' labs ' ,
' feature_mjolnir ' : ' labs ' ,
' feature_presence_in_room_list ' : ' labs ' ,
} ,
2020-03-14 09:38:51 +00:00
} ,
2020-02-29 14:43:18 +00:00
} ,
2020-11-08 09:43:51 +00:00
' rspamd ' : {
' dkim ' : True ,
' ignore_spam_check_for_ips ' : {
# entropia
' 188.40.158.213 ' ,
' 188.40.158.214 ' ,
' 188.40.158.218 ' ,
' 2a01:4f8:221:2f83:2130::2 ' ,
' 2a01:4f8:221:2f83:2140::2 ' ,
' 2a01:4f8:221:2f83:2180::2 ' ,
# ccc
' 212.12.55.65 ' ,
' 212.12.55.67 ' ,
' 2a00:14b0:4200:3000:23:55:0:65 ' ,
# IN-Berlin mailman
' 130.133.8.35 ' ,
' 192.109.42.28 ' ,
2020-11-08 10:06:30 +00:00
' 192.109.42.122 ' ,
2020-11-08 09:43:51 +00:00
' 193.29.188.9 ' ,
' 217.197.80.23 ' ,
' 217.197.80.134 ' ,
' 2001:bf0:c000:a::2:134 ' ,
} ,
' password ' : vault . decrypt ( ' encrypt$gAAAAABfp7qzym32R6Go1A6oax0NGQM7EBMckbEbnZC6-RSKx-klSJsL57XbSUTD-AJM-gBIPzlmor-3bfVxPWLRYXtO8uTVw6jNQ1yt15ReHkOTijVqV2ACk-LTDBG3p4YKBn0pQgNvvjXhWV_J1-Pgjywbl4sHXc0zqjCGZ6xtEn6ywj0Pd599JJjREF4QCIFVZVWuKvo1 ' ) ,
} ,
2020-08-19 16:44:44 +00:00
' travelynx ' : {
2020-11-09 16:03:13 +00:00
' version ' : ' 1.18.8 ' ,
2020-08-19 16:44:44 +00:00
' mail_from ' : ' travelynx@franzi.business ' ,
} ,
2020-02-29 14:43:18 +00:00
' users ' : {
2020-03-27 11:29:35 +00:00
' feli ' : {
2020-02-29 14:43:18 +00:00
' ssh_pubkey ' : [
2020-03-27 11:29:35 +00:00
' ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPTSLjSY/Be1XJ/klAwLiM1pKSvmbdcOgtgDB6nPcHkgX6JZu7g/Kejfuk4qIKL8GYYUQt7DlGY6n2u5rChWE/6KZJzXcUwS3pXk4LZ5KydWp7ihfvyRtUOBgKkRa1zQv+6KCH9WyR++ArwVTP8KSkrmDe6k7NWAjZqOuIJHG/AbEyTBapTJYjObZ0AM7wlwcB+oRM1BfZCP0Y+PIP2eGJS7Pyb32pITNKk3JuFXgAvbj5OeRrwtpZ9S+/7wIpaUVODPzrVmbC7vOXu/2KJ9aY2BmxUsxRbrvWMmWNiuE0YPt/7lUroK4pH3md3lWRcGUS/uYvhug7yG1yB81nyI15 ' ,
2020-02-29 14:43:18 +00:00
] ,
} ,
2020-03-27 11:29:35 +00:00
' kunsi ' : {
' groups ' : [
' www-data ' ,
' libvirt ' ,
] ,
} ,
' vliedel ' : {
' ssh_pubkey ' : [
' command= " /usr/local/bin/rrsync /var/www/vliedel.random.franzi.business/ " ,no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVOBnzs/QDzhvg70VK6xaV318Euaag1cWNjAJfsA266618UiZVx4xsHzNwYN960v0MhiVPMwnl3NoGWAT9/j/b5l3HAkihv4rEPYQkoGV0Mvtwee37dT5nCL8o54Kl+rhl4WPD4Ju5+iZ3AP84YMUJXUrETpZLRzQD1pKOWLaGxBSJolICjz5A7glDVNmvI8uH58EkzhA7q4lCPhzFLxfvFfJPRuEHdVViL2usvHpRnIDRQOCjLYF2fIpG3ULrvWGl4VZ+9cZCNqSN6ywjlH8U8e5Vc3Fi4sbqYh71LrBqs/lSJ+5BL9/rB3GZD1SVTbivyEDJGJu3HPDV4ahwYYKn minecraft@irc ' ,
2020-02-29 14:43:18 +00:00
] ,
} ,
} ,
2020-08-30 08:32:54 +00:00
' vm ' : {
' cpu ' : 8 ,
' ram ' : 64 ,
} ,
2020-02-29 14:43:18 +00:00
} ,
2020-08-29 19:09:42 +00:00
' os ' : ' debian ' ,
2020-10-09 16:28:30 +00:00
' os_version ' : ( 10 , ) ,
2020-02-23 10:13:45 +00:00
}