From 2d3d0ca02ae0daf2cc4d09028b2f532d36b70001 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 24 Sep 2023 10:34:54 +0200 Subject: [PATCH] EOL OVH, EOL rx300 --- groups/locations.py | 17 ---- nodes/carlene.toml | 3 +- nodes/ns-ghirahim.toml | 2 +- nodes/rx300.py | 214 ----------------------------------------- 4 files changed, 2 insertions(+), 234 deletions(-) delete mode 100644 nodes/rx300.py diff --git a/groups/locations.py b/groups/locations.py index 63447d6..d60eccc 100644 --- a/groups/locations.py +++ b/groups/locations.py @@ -95,23 +95,6 @@ groups['home'] = { }, } -groups['ovh'] = { - 'member_patterns': { - r"ovh\..*", - }, - 'metadata': { - 'location': 'ovh', - 'postfix': { - 'relayhost': '[mail.franzi.business]:2525', - }, - 'users': { - 'debian': { - 'delete': True, - }, - }, - }, -} - groups['voc'] = { 'member_patterns': { r"voc\..*", diff --git a/nodes/carlene.toml b/nodes/carlene.toml index 0fadfeb..78e439b 100644 --- a/nodes/carlene.toml +++ b/nodes/carlene.toml @@ -169,7 +169,6 @@ domain = "ntfy.franzi.business" ratelimit-exempt-hosts = [ "carlene", "icinga2", - "rx300", ] [metadata.php] @@ -190,7 +189,7 @@ packages = [ [metadata.postfix] message_size_limit_mb = 100 myhostname = "mail.franzi.business" -mynetworks = ["gce", "ovh"] +mynetworks = ["gce"] [metadata.postfixadmin] domain = "postfixadmin.franzi.business" diff --git a/nodes/ns-ghirahim.toml b/nodes/ns-ghirahim.toml index ea835a0..a8581c6 100644 --- a/nodes/ns-ghirahim.toml +++ b/nodes/ns-ghirahim.toml @@ -16,7 +16,7 @@ gateway6 = "2a03:b0c0:1:d0::1" # It's fine to do this without authentificating to the relayhost. # These Systems are not supposed to send mail anywhere else # than our own domains. -relayhost = "[rx300.kunbox.net]:2525" +relayhost = "[mail.franzi.business]:2525" [metadata.postgresql] version = "15" diff --git a/nodes/rx300.py b/nodes/rx300.py deleted file mode 100644 index fa5523e..0000000 --- a/nodes/rx300.py +++ /dev/null @@ -1,214 +0,0 @@ -# To use the serial console in iRMC, set up grub as follows: -# GRUB_TIMEOUT=30 -# GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200 console=tty0" -# GRUB_TERMINAL=serial -# GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" - -nodes['rx300'] = { - 'hostname': '31.47.232.106', - 'bundles': { - 'check-mail-received', - 'ipmitool', - 'jenkins-ci', - 'jugendhackt_tools', - 'lm-sensors', - 'minecraft', - 'nodejs', - 'oidentd', - 'php', - 'postgresql', - 'redis', - 'smartd', - 'unbound', - 'vmhost', - 'zfs', - }, - 'groups': { - 'debian-bullseye', - 'webserver', - }, - 'metadata': { - 'interfaces': { - 'br0': { - 'ips': { - '31.47.232.106/29', - '2a00:f820:528::2/64', - }, - 'gateway4': '31.47.232.105', - 'gateway6': '2a00:f820:528::1', - }, - }, - 'apt': { - 'packages': { - # for franzi.business deployment - 'ruby': {}, - 'ruby-dev': {}, - 'ruby-bundler': {}, - - # for `bw test` on jenkins - 'bind9utils': {}, - }, - }, - 'check-mail-received': { - 't-online': { - 'email': 'franzi.kunsmann@t-online.de', - 'imap_host': 'secureimap.t-online.de', - 'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'), - }, - }, - 'icinga_options': { - 'pretty_name': 'franzi.business', - 'vars.notification.sms': False, - }, - 'jenkins-ci': { - 'install_ssh_key': True, - 'domain': 'jenkins.franzi.business', - 'writeable_paths': { - '/var/www/franzi.business', # for deployment task - }, - }, - 'jugendhackt_tools': { - 'allowed_hosts': ['jh.franzi.business'], - 'timezone': 'Europe/Berlin', - }, - 'minecraft': { - 'heap_mb': 16*1024, - 'sha1': '82be5e1bbdfd1bcb001644780562282fd42ee5a9', - 'version': ('1.19.2', '261'), - 'allowlist': { - # use https://mcuuid.net/ - 'kunsi': 'a2b93640-9dff-4c3c-a6c7-bd75329d8997', - 'sophie': '7e593cbb-9d61-4d46-a416-6edbcf8a2109', - }, - 'ops': { - 'kunsi': 'a2b93640-9dff-4c3c-a6c7-bd75329d8997', - }, - 'restrict-to': {'*'}, - }, - 'nginx': { - 'security.txt': { - 'contact': 'mailto:security@kunsmann.eu', - 'Encryption': 'https://franzi.business/gpg_hi-kunsmann.eu.asc', - }, - 'vhosts': { - 'jenkins-ci': {'ssl': '_.franzi.business'}, - 'jugendhackt_tools': { - 'domain': 'jh.franzi.business', - 'ssl': '_.franzi.business', - 'locations': { - '/': { - 'target': 'http://127.0.0.1:22090/', - }, - '/static/': { - 'alias': '/opt/jugendhackt_tools/src/static/', - }, - }, - }, - }, - 'worker_processes': 8, - }, - 'oidentd': { - 'allows': { - 'kunsi': { - 'spoof', - 'spoof_all', - }, - }, - }, - 'php': { - 'version': '8.0', - 'packages': { - 'gd', - 'imagick', - 'imap', - 'intl', - 'mbstring', - 'opcache', - 'pgsql', - 'readline', - 'xml', - 'yaml', - }, - }, - 'postgresql': { - 'version': '13', - 'max_connections': 500, - 'autovacuum_max_workers': 12, - 'maintenance_work_mem': 2*1024, - 'work_mem': 8*1024, - 'cache_size': 32*1024, - }, - 'smartd': { - 'disks': { - '/dev/nvme0', - }, - }, - 'systemd': { - 'journal': { - 'maxuse': '4G', - }, - }, - 'systemd-networkd': { - 'bridges': { - 'br0': { - 'match': { - 'eno1', - }, - }, - }, - }, - 'systemd-timers': { - 'timers': { - 'cleanup-paste.franzi.business': { - 'command': '/usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;', - 'user': 'kunsi', - 'when': 'daily', - }, - }, - }, - 'unbound': { - 'threads': 8, - 'cache_slabs': 8, - }, - 'zfs': { - 'module_options': { - 'zfs_arc_max_gb': 48, - }, - 'pools': { - 'tank': { - 'when_creating': { - 'config': [{ - 'type': 'raidz', - 'devices': { - '/dev/sda', - '/dev/sdb', - '/dev/sdc', - '/dev/sdd', - }, - }], - 'ashift': 12, - }, - }, - }, - 'datasets': { - 'tank/libvirt': { - 'mountpoint': '/var/lib/libvirt', - 'compression': 'on', - 'needed_by': { - 'bundle:vmhost', - }, - }, - 'tank/home-kunsi': { - 'mountpoint': '/home/kunsi', - 'needed_by': { - 'directory:/home/kunsi', - }, - }, - }, - }, - 'vm': { - 'cpu': 32, - 'ram': 256, - }, - }, -}