kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

EOL OVH, EOL rx300

Browse source
This commit is contained in:
Franzi 2023-09-24 10:34:54 +02:00
parent 6f31d6c0e4
commit 2d3d0ca02a
Signed by: kunsi
GPG key ID: 12E3D2136B818350
4 changed files with 2 additions and 234 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
groups/locations.py
View file

@ -95,23 +95,6 @@ groups['home'] = {
}, },
} }
groups['ovh'] = {
'member_patterns': {
r"ovh\..*",
},
'metadata': {
'location': 'ovh',
'postfix': {
'relayhost': '[mail.franzi.business]:2525',
},
'users': {
'debian': {
'delete': True,
},
},
},
}
groups['voc'] = { groups['voc'] = {
'member_patterns': { 'member_patterns': {
r"voc\..*", r"voc\..*",

3
nodes/carlene.toml
View file

@ -169,7 +169,6 @@ domain = "ntfy.franzi.business"
ratelimit-exempt-hosts = [ ratelimit-exempt-hosts = [
"carlene", "carlene",
"icinga2", "icinga2",
"rx300",
] ]
[metadata.php] [metadata.php]
@ -190,7 +189,7 @@ packages = [
[metadata.postfix] [metadata.postfix]
message_size_limit_mb = 100 message_size_limit_mb = 100
myhostname = "mail.franzi.business" myhostname = "mail.franzi.business"
mynetworks = ["gce", "ovh"] mynetworks = ["gce"]
[metadata.postfixadmin] [metadata.postfixadmin]
domain = "postfixadmin.franzi.business" domain = "postfixadmin.franzi.business"

2
nodes/ns-ghirahim.toml
View file

@ -16,7 +16,7 @@ gateway6 = "2a03:b0c0:1:d0::1"
# It's fine to do this without authentificating to the relayhost. # It's fine to do this without authentificating to the relayhost.
# These Systems are not supposed to send mail anywhere else # These Systems are not supposed to send mail anywhere else
# than our own domains. # than our own domains.
relayhost = "[rx300.kunbox.net]:2525" relayhost = "[mail.franzi.business]:2525"
[metadata.postgresql] [metadata.postgresql]
version = "15" version = "15"

214
nodes/rx300.py
View file

@ -1,214 +0,0 @@
# To use the serial console in iRMC, set up grub as follows:
# GRUB_TIMEOUT=30
# GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200 console=tty0"
# GRUB_TERMINAL=serial
# GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
nodes['rx300'] = {
'hostname': '31.47.232.106',
'bundles': {
'check-mail-received',
'ipmitool',
'jenkins-ci',
'jugendhackt_tools',
'lm-sensors',
'minecraft',
'nodejs',
'oidentd',
'php',
'postgresql',
'redis',
'smartd',
'unbound',
'vmhost',
'zfs',
},
'groups': {
'debian-bullseye',
'webserver',
},
'metadata': {
'interfaces': {
'br0': {
'ips': {
'31.47.232.106/29',
'2a00:f820:528::2/64',
},
'gateway4': '31.47.232.105',
'gateway6': '2a00:f820:528::1',
},
},
'apt': {
'packages': {
# for franzi.business deployment
'ruby': {},
'ruby-dev': {},
'ruby-bundler': {},
# for `bw test` on jenkins
'bind9utils': {},
},
},
'check-mail-received': {
't-online': {
'email': 'franzi.kunsmann@t-online.de',
'imap_host': 'secureimap.t-online.de',
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
},
'icinga_options': {
'pretty_name': 'franzi.business',
'vars.notification.sms': False,
},
'jenkins-ci': {
'install_ssh_key': True,
'domain': 'jenkins.franzi.business',
'writeable_paths': {
'/var/www/franzi.business', # for deployment task
},
},
'jugendhackt_tools': {
'allowed_hosts': ['jh.franzi.business'],
'timezone': 'Europe/Berlin',
},
'minecraft': {
'heap_mb': 16*1024,
'sha1': '82be5e1bbdfd1bcb001644780562282fd42ee5a9',
'version': ('1.19.2', '261'),
'allowlist': {
# use https://mcuuid.net/
'kunsi': 'a2b93640-9dff-4c3c-a6c7-bd75329d8997',
'sophie': '7e593cbb-9d61-4d46-a416-6edbcf8a2109',
},
'ops': {
'kunsi': 'a2b93640-9dff-4c3c-a6c7-bd75329d8997',
},
'restrict-to': {'*'},
},
'nginx': {
'security.txt': {
'contact': 'mailto:security@kunsmann.eu',
'Encryption': 'https://franzi.business/gpg_hi-kunsmann.eu.asc',
},
'vhosts': {
'jenkins-ci': {'ssl': '_.franzi.business'},
'jugendhackt_tools': {
'domain': 'jh.franzi.business',
'ssl': '_.franzi.business',
'locations': {
'/': {
'target': 'http://127.0.0.1:22090/',
},
'/static/': {
'alias': '/opt/jugendhackt_tools/src/static/',
},
},
},
},
'worker_processes': 8,
},
'oidentd': {
'allows': {
'kunsi': {
'spoof',
'spoof_all',
},
},
},
'php': {
'version': '8.0',
'packages': {
'gd',
'imagick',
'imap',
'intl',
'mbstring',
'opcache',
'pgsql',
'readline',
'xml',
'yaml',
},
},
'postgresql': {
'version': '13',
'max_connections': 500,
'autovacuum_max_workers': 12,
'maintenance_work_mem': 2*1024,
'work_mem': 8*1024,
'cache_size': 32*1024,
},
'smartd': {
'disks': {
'/dev/nvme0',
},
},
'systemd': {
'journal': {
'maxuse': '4G',
},
},
'systemd-networkd': {
'bridges': {
'br0': {
'match': {
'eno1',
},
},
},
},
'systemd-timers': {
'timers': {
'cleanup-paste.franzi.business': {
'command': '/usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;',
'user': 'kunsi',
'when': 'daily',
},
},
},
'unbound': {
'threads': 8,
'cache_slabs': 8,
},
'zfs': {
'module_options': {
'zfs_arc_max_gb': 48,
},
'pools': {
'tank': {
'when_creating': {
'config': [{
'type': 'raidz',
'devices': {
'/dev/sda',
'/dev/sdb',
'/dev/sdc',
'/dev/sdd',
},
}],
'ashift': 12,
},
},
},
'datasets': {
'tank/libvirt': {
'mountpoint': '/var/lib/libvirt',
'compression': 'on',
'needed_by': {
'bundle:vmhost',
},
},
'tank/home-kunsi': {
'mountpoint': '/home/kunsi',
'needed_by': {
'directory:/home/kunsi',
},
},
},
},
'vm': {
'cpu': 32,
'ram': 256,
},
},
}