bundlewrap/nodes/htz/ex42-1048908.py

314 lines
12 KiB
Python
Raw Normal View History

2020-02-23 10:13:45 +00:00
nodes['htz.ex42-1048908'] = {
2020-08-18 13:27:55 +00:00
'bundles': {
'dovecot',
2020-08-20 13:34:27 +00:00
'gitea',
2020-05-09 11:08:34 +00:00
'jenkins-ci',
2020-04-05 09:38:31 +00:00
'matrix-synapse',
2020-09-06 10:05:42 +00:00
'mautrix-telegram',
2020-10-18 13:48:50 +00:00
'miniflux',
2020-04-04 15:54:48 +00:00
'mx-puppet-discord',
2020-04-04 14:31:08 +00:00
'nodejs',
2020-11-06 14:47:01 +00:00
'php',
'postfixadmin',
2020-02-29 14:43:18 +00:00
'riot-web',
'rspamd',
2020-04-04 15:54:48 +00:00
'postgresql',
2020-10-23 13:22:35 +00:00
'radicale',
2020-08-19 16:43:32 +00:00
'travelynx',
'vmhost',
'voc-loudness-monitor',
2020-08-18 13:27:55 +00:00
},
'groups': {
'webserver',
},
2020-02-29 14:43:18 +00:00
'metadata': {
'interfaces': {
'enp0s31f6': {
'ipv4': {
'94.130.52.224',
},
'ipv6': {
'2a01:4f8:10b:2a5f::02',
'2a01:4f8:10b:2a5f::1337',
},
'gateway4': '94.130.52.193',
'gateway6': 'fe80::1',
},
},
2020-02-29 14:43:18 +00:00
'apt': {
'packages': {
2020-11-06 14:47:01 +00:00
'php-imagick': {},
# No need to create a bundle just to install packages,
# configs will be managed by users nevertheless. Maybe
# this will be a FIXME once we start managing backups
# via bundlewrap.
'weechat': {},
'weechat-core': {},
'weechat-curses': {},
'weechat-perl': {},
'weechat-plugins': {},
'weechat-python': {},
'weechat-ruby': {},
},
'repos': {
'backports': {
2020-08-20 08:59:45 +00:00
'install_gpg_key': False, # default debian signing key
'items': [
'deb http://deb.debian.org/debian {os_release}-backports main',
],
},
2020-08-20 08:59:45 +00:00
'rspamd': {
'items': {
'deb [arch=amd64] http://rspamd.com/apt-stable/ {os_release} main',
2020-08-20 08:59:45 +00:00
},
},
'weechat': {
'items': {
'deb https://weechat.org/debian {os_release} main',
2020-08-20 08:59:45 +00:00
},
},
},
2020-02-29 14:43:18 +00:00
},
2020-08-20 13:34:27 +00:00
'gitea': {
'version': '1.12.5',
'sha256': '8ed8bff1f34d8012cab92943214701c10764ffaca102e311a3297edbb8fce940',
2020-08-20 13:34:27 +00:00
'domain': 'git.kunsmann.eu',
# TODO find out if those secrets can be rotated without breaking stuff
'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='),
},
'letsencrypt': {
'concat_and_deploy': {
'kunsi-weechat': {
'match_domain': 'part.of.the.trans-agenda.eu',
'target': '/home/kunsi/.weechat/ssl/relay.pem',
'chown': 'kunsi:kunsi',
'chmod': '0440',
'commands': [
'echo \'core.weechat */relay sslcertkey\' >> /home/kunsi/.weechat/weechat_fifo'
],
},
},
'domains': {
2020-07-19 09:26:12 +00:00
'matrix.franzi.business': {
'franzi.business',
},
'mx0.kunbox.net': set(), # TODO move to bundle
'part.of.the.trans-agenda.eu': set(),
},
'reload_after': {
# TODO move to bundles
'dovecot',
'postfix',
},
},
2020-04-05 09:38:31 +00:00
'matrix-synapse': {
'server_name': 'franzi.business',
'baseurl': 'matrix.franzi.business',
'admin_contact': 'mailto:hostmaster@kunbox.net',
'appservice_configs': {
2020-05-29 18:13:34 +00:00
# TODO move to bundles
2020-04-05 09:38:31 +00:00
'/opt/matrix-bridges/mautrix-whatsapp/registration.yaml',
},
'trusted_key_servers': {
'matrix.org',
'finallycoffee.eu',
'nyantec.com',
},
},
2020-09-06 10:05:42 +00:00
'mautrix-telegram': {
'homeserver': {
'domain': 'franzi.business',
'url': 'https://matrix.franzi.business',
},
'provisioning': {
'enabled': True,
'shared_secret': vault.decrypt('encrypt$gAAAAABfVKflEMAi07C_QGP8cy97hF-4gGPym0oF6p4WSMdAveTpx-hFsZd2s7v9ubw99yIsyKx0dHOJI0UND7hV1rKZdvjy4Qa642abZ2wwW7SWTqvuP_qVtrf6-klc2QKTzeD9c_LVsyZ2dqz_JxRPq3MRXgkubZuWOZ6FmFlAlteTffoGfWE='),
},
'permissions': {
"'*'": 'relaybot',
'nyantec.com': 'full',
'franzi.business': 'full',
"'@kunsi:franzi.business'": 'admin',
},
'telegram': {
'api_id': vault.decrypt('encrypt$gAAAAABfVK5SmDDru-UQxitkE5VhPArnUBhaRbAqQPvAW2Fh3fd1XDrWxa3Qn4BSnJAPNWglH5wil_SXUMcIm95FMhPe8dVeMQ=='),
'api_token': vault.decrypt('encrypt$gAAAAABfVK5jHuUly1xr9Iku362k7oF4ZYRhLGzNJh3aJpiNrLfAy_DJpTwucx4FV_g45dyQF5boqG2rgdDfwsJN_Ab95es6T4SPGiXIxJOBlvIln1Torwh16pXKchhUTn_PQ077Ll1W'),
'bot_token': vault.decrypt('encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q'),
},
},
2020-10-18 13:48:50 +00:00
'miniflux': {
'domain': 'rss.kunsmann.eu',
},
2020-04-04 15:54:48 +00:00
'mx-puppet-discord': {
'homeserver': {
'domain': 'franzi.business',
'url': 'https://matrix.franzi.business',
2020-04-04 15:54:48 +00:00
},
'allowed-users': {
'@.*:franzi\\\\.business',
},
},
2020-06-01 09:31:13 +00:00
'nginx': {
'vhosts': {
2020-07-19 09:26:12 +00:00
# TODO maybe some of this can be moved to a bundle?
'dav.kunsmann.eu': {
'extras': True,
},
'dimension.franzi.business': {
'extras': True,
'do_not_set_content_security_headers': True,
'proxy': {
'/': {
'target': 'http://127.0.0.1:8184',
},
2020-07-19 09:26:12 +00:00
},
},
'franzi.business': {
'webroot': '/var/www/franzi.business/_site/',
'extras': True,
},
2020-06-01 09:31:13 +00:00
'jenkins.kunsmann.eu': {
'proxy': {
'/': {
'target': 'http://localhost:22010/',
},
2020-06-01 09:31:13 +00:00
},
},
'kunbox.net': {},
'kunsmann.eu': {
'extras': True,
},
2020-07-19 09:26:12 +00:00
'matrix.franzi.business': {
'extras': True,
},
'pad.franzi.business': {
'extras': True,
},
'paste.kunsmann.eu': {
'webroot_config': {
'owner': 'kunsi',
'group': 'kunsi',
'mode': '0700',
},
'extras': True,
},
2020-07-19 09:26:12 +00:00
'postfixadmin.mx0.kunbox.net': {
'webroot': '/srv/postfixadmin/public/',
2020-11-06 14:47:01 +00:00
'php': True,
2020-07-19 09:26:12 +00:00
},
'rspamd.mx0.kunbox.net': {
'proxy': {
'/': {
'target': 'http://localhost:11334/',
},
2020-07-19 09:26:12 +00:00
},
},
2020-08-19 16:43:32 +00:00
'travelynx.franzi.business': {
'proxy': {
'/': {
'target': 'http://127.0.0.1:22020',
},
2020-08-19 16:43:32 +00:00
},
'extras': True,
2020-08-19 16:43:32 +00:00
},
'vliedel.random.franzi.business': {
'webroot_config': {
'owner': 'vliedel',
'group': 'vliedel',
},
},
2020-07-19 09:26:12 +00:00
'webmail.mx0.kunbox.net': {
'php': True,
},
'wiki.franzi.business': {
'extras': True,
'php': True,
'webroot_config': {
'owner': 'www-data',
'group': 'www-data',
},
},
2020-06-01 09:31:13 +00:00
},
'worker_processes': 4,
2020-06-01 09:31:13 +00:00
},
2020-11-06 14:47:01 +00:00
'php': {
'version': '7.3',
'packages': {
'gd',
'imap',
'intl',
'json',
'mbstring',
'opcache',
'pgsql',
'readline',
'xml',
},
},
'postfix': {
'myhostname': 'mx0.kunbox.net',
'message_size_limit_mb': 50,
},
'postfixadmin': {
'setup_password': vault.decrypt('encrypt$gAAAAABfpwn8NKxTztI39GzhGw66NNsWa72Wq7Sa_LoIG_L0ewCVPzhmw93xhWo3jfT8hCn9sqJgbArmPHtLMcLkSHdBPbQe0bLZMSib-mA9sEQD0wgKMyuRCPHIIMKSAoMaJaYnHSTO-mz1q7_tKzd6LkHF_AGsboS1vpQvg-CDth6e0msTwe8='),
},
2020-10-23 13:22:35 +00:00
'radicale': {
'users': {
'kunsi': vault.decrypt('encrypt$gAAAAABfktUcN5dAS1IP0bQr8Qe54F8UCKLWI3RXscI0xE5he1hx-faiR5grtW4p25mvgxJRw_kDs_dmpahpRztcAjnD8uNEOlFcQefqeVCxyJKsPYiVjN6WsRjAHFd7PoES9gcWln1O'),
},
},
2020-02-29 14:43:18 +00:00
'riot-web': {
'url': 'chat.franzi.business',
'config': {
'default_server_name': 'franzi.business',
'brand': 'franzi.business',
'showLabsSettings': True,
'integrations_ui_url': 'https://dimension.franzi.business/riot',
'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar',
'integrations_widgets_urls': ['https://dimension.franzi.business/widgets'],
'default_theme': 'dark',
'defaultCountryCode': 'DE',
2020-06-12 14:48:55 +00:00
'features': {
'feature_bridge_state': 'labs',
'feature_font_scaling': 'labs',
'feature_irc_ui': 'labs',
'feature_mjolnir': 'labs',
'feature_presence_in_room_list': 'labs',
},
},
2020-02-29 14:43:18 +00:00
},
'travelynx': {
'version': '1.18.7',
'mail_from': 'travelynx@franzi.business',
},
2020-02-29 14:43:18 +00:00
'users': {
'feli': {
2020-02-29 14:43:18 +00:00
'ssh_pubkey': [
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPTSLjSY/Be1XJ/klAwLiM1pKSvmbdcOgtgDB6nPcHkgX6JZu7g/Kejfuk4qIKL8GYYUQt7DlGY6n2u5rChWE/6KZJzXcUwS3pXk4LZ5KydWp7ihfvyRtUOBgKkRa1zQv+6KCH9WyR++ArwVTP8KSkrmDe6k7NWAjZqOuIJHG/AbEyTBapTJYjObZ0AM7wlwcB+oRM1BfZCP0Y+PIP2eGJS7Pyb32pITNKk3JuFXgAvbj5OeRrwtpZ9S+/7wIpaUVODPzrVmbC7vOXu/2KJ9aY2BmxUsxRbrvWMmWNiuE0YPt/7lUroK4pH3md3lWRcGUS/uYvhug7yG1yB81nyI15',
2020-02-29 14:43:18 +00:00
],
},
'kunsi': {
'groups': [
'www-data',
'libvirt',
],
},
'vliedel': {
'ssh_pubkey': [
'command="/usr/local/bin/rrsync /var/www/vliedel.random.franzi.business/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVOBnzs/QDzhvg70VK6xaV318Euaag1cWNjAJfsA266618UiZVx4xsHzNwYN960v0MhiVPMwnl3NoGWAT9/j/b5l3HAkihv4rEPYQkoGV0Mvtwee37dT5nCL8o54Kl+rhl4WPD4Ju5+iZ3AP84YMUJXUrETpZLRzQD1pKOWLaGxBSJolICjz5A7glDVNmvI8uH58EkzhA7q4lCPhzFLxfvFfJPRuEHdVViL2usvHpRnIDRQOCjLYF2fIpG3ULrvWGl4VZ+9cZCNqSN6ywjlH8U8e5Vc3Fi4sbqYh71LrBqs/lSJ+5BL9/rB3GZD1SVTbivyEDJGJu3HPDV4ahwYYKn minecraft@irc',
2020-02-29 14:43:18 +00:00
],
},
},
'vm': {
'cpu': 8,
'ram': 64,
},
2020-02-29 14:43:18 +00:00
},
'os': 'debian',
'os_version': (10,),
2020-02-23 10:13:45 +00:00
}