kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

miniserver: updates

Browse source
This commit is contained in:
Sophie Schiller 2024-12-01 21:06:47 +01:00
parent 94868e726f
commit 3ad6a0fed8
1 changed files with 185 additions and 180 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

365
nodes/sophie/miniserver.py
View file

@ -1,255 +1,260 @@
# sophie's miniserver # sophie's miniserver
nodes['htz-cloud.miniserver'] = { nodes["htz-cloud.miniserver"] = {
'bundles': { "bundles": {
'element-web', "element-web",
'hedgedoc', "hedgedoc",
'matrix-media-repo', "matrix-media-repo",
'matrix-synapse', "matrix-synapse",
"matrix-stickerpicker", "matrix-stickerpicker",
'nodejs', "nodejs",
'ntfy', "ntfy",
'mautrix-telegram', "mautrix-telegram",
'postgresql', "postgresql",
'zfs', "zfs",
}, },
'groups': { "groups": {
'debian-bookworm', "debian-bookworm",
'sophie', "sophie",
'webserver', "webserver",
}, },
'metadata': { "metadata": {
'interfaces': { "interfaces": {
'eth0': { "eth0": {
'ips': { "ips": {
'157.90.20.62', "157.90.20.62",
'2a01:4f8:c2c:840f::1/64', "2a01:4f8:c2c:840f::1/64",
}, },
'gateway4': '172.31.1.1', "gateway4": "172.31.1.1",
'gateway6': 'fe80::1', "gateway6": "fe80::1",
}, },
}, },
'apt': { "apt": {
'packages': { "packages": {
'mosh': {}, "mosh": {},
'weechat': {}, "weechat": {},
'weechat-core': {}, "weechat-core": {},
'weechat-curses': {}, "weechat-curses": {},
'weechat-perl': {}, "weechat-perl": {},
'weechat-plugins': {}, "weechat-plugins": {},
'weechat-python': {}, "weechat-python": {},
'weechat-ruby': {}, "weechat-ruby": {},
}, },
'repos': { "repos": {
'weechat': { "weechat": {
'items': { "items": {
'deb https://weechat.org/debian {os_release} main', "deb https://weechat.org/debian {os_release} main",
}, },
}, },
}, },
}, },
'backup-client': { "backup-client": {
'pre-hooks': { "pre-hooks": {
'sophie-weechat': \ "sophie-weechat": "echo 'core.weechat */layout store' >> /home/sophie/.weechat/weechat_fifo\n"
'echo \'core.weechat */layout store\' >> /home/sophie/.weechat/weechat_fifo\n' \ "echo 'core.weechat */save' >> /home/sophie/.weechat/weechat_fifo\n",
'echo \'core.weechat */save\' >> /home/sophie/.weechat/weechat_fifo\n',
}, },
}, },
'backups': { "backups": {
'paths': { "paths": {
'/home/sophie/.weechat', "/home/sophie/.weechat",
}, },
}, },
'element-web': { "element-web": {
'url': 'chat.sophies-kitchen.eu', "url": "chat.sophies-kitchen.eu",
'version': 'v1.11.83', "version": "v1.11.86",
'config': { "config": {
'default_server_config': { "default_server_config": {
'm.homeserver': { "m.homeserver": {
'base_url': 'https://matrix.sophies-kitchen.eu', "base_url": "https://matrix.sophies-kitchen.eu",
'server_name': 'sophies-kitchen.eu', "server_name": "sophies-kitchen.eu",
}, },
}, },
'brand': 'sophies-kitchen.eu', "brand": "sophies-kitchen.eu",
'showLabsSettings': True, "showLabsSettings": True,
'default_theme': 'dark', "default_theme": "dark",
'defaultCountryCode': 'DE', "defaultCountryCode": "DE",
'jitsi': { "jitsi": {
'preferredDomain': 'meet.ffmuc.net', "preferredDomain": "meet.ffmuc.net",
}, },
'map_style_url': "https://api.maptiler.com/maps/openstreetmap/style.json?key=fU3vlMsMn4Jb6dnEIFsx" "map_style_url": "https://api.maptiler.com/maps/openstreetmap/style.json?key=fU3vlMsMn4Jb6dnEIFsx",
}, },
}, },
'hedgedoc': { "hedgedoc": {
'version': '1.10.0', "version": "1.10.0",
'config': { "config": {
'production': { "production": {
'allowAnonymousEdits': True, "allowAnonymousEdits": True,
'domain': 'pad.sophies-kitchen.eu', "domain": "pad.sophies-kitchen.eu",
}, },
}, },
}, },
'letsencrypt': { "letsencrypt": {
'concat_and_deploy': { "concat_and_deploy": {
'sophie-weechat': { "sophie-weechat": {
'match_domain': 'i.sophies-kitchen.eu', "match_domain": "i.sophies-kitchen.eu",
'target': '/home/sophie/.weechat/ssl/relay.pem', "target": "/home/sophie/.weechat/ssl/relay.pem",
'chown': 'sophie:sophie', "chown": "sophie:sophie",
'chmod': '0440', "chmod": "0440",
'commands': [ "commands": [
'echo \'core.weechat */relay sslcertkey\' >> /home/sophie/.weechat/weechat_fifo' "echo 'core.weechat */relay sslcertkey' >> /home/sophie/.weechat/weechat_fifo"
], ],
}, },
}, },
'domains': { "domains": {
'i.sophies-kitchen.eu': set(), "i.sophies-kitchen.eu": set(),
'webdump.sophies-kitchen.eu': set(), "webdump.sophies-kitchen.eu": set(),
'matrix.sophies-kitchen.eu': { "matrix.sophies-kitchen.eu": {
'sophies-kitchen.eu', "sophies-kitchen.eu",
}, },
}, },
}, },
'matrix-media-repo': { "matrix-media-repo": {
'version': 'v1.3.7', "version": "v1.3.7",
'datastore_id': '99c09e24edc4e9be6c4c9486bc147e385bc87044', "datastore_id": "99c09e24edc4e9be6c4c9486bc147e385bc87044",
'sha1': '3e2bb7089b0898b86000243a82cc58ae998dc9d9', "sha1": "3e2bb7089b0898b86000243a82cc58ae998dc9d9",
'homeservers': { "homeservers": {
'sophies-kitchen.eu': { "sophies-kitchen.eu": {
'domain': 'http://[::1]:20080/', "domain": "http://[::1]:20080/",
'api': 'synapse', "api": "synapse",
'signing_key_path': "/etc/matrix-synapse/mmr.signing.key" "signing_key_path": "/etc/matrix-synapse/mmr.signing.key",
}, },
}, },
'admins': { "admins": {
'@sophie:sophies-kitchen.eu', "@sophie:sophies-kitchen.eu",
}, },
'upload_max_mb': 500, "upload_max_mb": 500,
}, },
'matrix-stickerpicker': { "matrix-stickerpicker": {
# use this bot token for telegram import: encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t # use this bot token for telegram import: encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t
'domain': "matrix-stickers.sophies-kitchen.eu", "domain": "matrix-stickers.sophies-kitchen.eu",
'config': { "config": {
'access_token': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), "access_token": vault.decrypt(
'homeserver': "https://matrix.sophies-kitchen.eu", "encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1"
'user_id': "@dimension:sophies-kitchen.eu", ),
"homeserver": "https://matrix.sophies-kitchen.eu",
"user_id": "@dimension:sophies-kitchen.eu",
}, },
}, },
'matrix-synapse': { "matrix-synapse": {
'server_name': 'sophies-kitchen.eu', "server_name": "sophies-kitchen.eu",
'baseurl': 'matrix.sophies-kitchen.eu', "baseurl": "matrix.sophies-kitchen.eu",
'admin_contact': 'mailto:foobar@sophies-kitchen.eu', "admin_contact": "mailto:foobar@sophies-kitchen.eu",
'trusted_key_servers': { "trusted_key_servers": {
'matrix.org', "matrix.org",
}, },
}, },
'mautrix-telegram': { "mautrix-telegram": {
'version': 'v0.15.2', "version": "v0.15.2",
'homeserver': { "homeserver": {
'domain': 'sophies-kitchen.eu', "domain": "sophies-kitchen.eu",
'url': 'https://matrix.sophies-kitchen.eu', "url": "https://matrix.sophies-kitchen.eu",
}, },
'provisioning': { "provisioning": {
'enabled': False, "enabled": False,
'shared_secret': '""', "shared_secret": '""',
}, },
'permissions': { "permissions": {
'sophies-kitchen.eu': 'full', "sophies-kitchen.eu": "full",
"'@sophie:sophies-kitchen.eu'": 'admin', "'@sophie:sophies-kitchen.eu'": "admin",
}, },
'telegram': { "telegram": {
'api_id': vault.decrypt('encrypt$gAAAAABgnqdXhCTwtCXJhSaCZsiNfHPtjwlYtV1sUAux7JZdejN3xItU9RJLeNu4gUniv36XbBoxKwVtqqyV3RcAs-PgumcfYQ=='), "api_id": vault.decrypt(
'api_token': vault.decrypt('encrypt$gAAAAABgnqd5IdpYRmW-C4ONBSXQfiJrpTVQX0rP0eKoDnLnVTLg-5olSjcw2gVvEKWLnsGEZIgVcG7yEs-sqYRxeiQLFFpSn-Z4We0mhj0CUeFoD-eXJsp-bAgLv9PJoMv5Gjb8r9i6'), "encrypt$gAAAAABgnqdXhCTwtCXJhSaCZsiNfHPtjwlYtV1sUAux7JZdejN3xItU9RJLeNu4gUniv36XbBoxKwVtqqyV3RcAs-PgumcfYQ=="
'bot_token': '""', ),
"api_token": vault.decrypt(
"encrypt$gAAAAABgnqd5IdpYRmW-C4ONBSXQfiJrpTVQX0rP0eKoDnLnVTLg-5olSjcw2gVvEKWLnsGEZIgVcG7yEs-sqYRxeiQLFFpSn-Z4We0mhj0CUeFoD-eXJsp-bAgLv9PJoMv5Gjb8r9i6"
),
"bot_token": '""',
}, },
}, },
'nameservers': { "nameservers": {
'213.133.98.98', "213.133.98.98",
'213.133.99.99', "213.133.99.99",
'213.133.100.100', "213.133.100.100",
'2a01:4f8:0:1::add:1010', "2a01:4f8:0:1::add:1010",
'2a01:4f8:0:1::add:9999', "2a01:4f8:0:1::add:9999",
'2a01:4f8:0:1::add:9898', "2a01:4f8:0:1::add:9898",
}, },
'nftables': { "nftables": {
'input': { "input": {
'50-sophie-weechat': [ "50-sophie-weechat": [
'udp dport { 60000-61000 } accept', "udp dport { 60000-61000 } accept",
'tcp dport 9001 accept', "tcp dport 9001 accept",
], ],
}, },
}, },
'nginx': { "nginx": {
'vhosts': { "vhosts": {
'sophies-kitchen.eu': { "sophies-kitchen.eu": {
'webroot': '/var/www/sophies-kitchen.eu/_site/', "webroot": "/var/www/sophies-kitchen.eu/_site/",
'extras': True, "extras": True,
}, },
'matrix-synapse': { "matrix-synapse": {
'domain': 'matrix.sophies-kitchen.eu', "domain": "matrix.sophies-kitchen.eu",
}, },
'webdump.sophies-kitchen.eu': { "webdump.sophies-kitchen.eu": {
'webroot_config': { "webroot_config": {
'owner': 'sophie', "owner": "sophie",
'group': 'sophie', "group": "sophie",
'mode': '0755', "mode": "0755",
}, },
'extras': True, "extras": True,
}, },
'recipes.sophies-kitchen.eu': { "recipes.sophies-kitchen.eu": {
'webroot_config': { "webroot_config": {
'owner': 'sophie', "owner": "sophie",
'group': 'sophie', "group": "sophie",
'mode': '0755', "mode": "0755",
}, },
}, },
}, },
}, },
'nodejs': { "nodejs": {
'version': 20, "version": 20,
}, },
'ntfy': { "ntfy": {
'domain': 'ntfy.sophies-kitchen.eu', "domain": "ntfy.sophies-kitchen.eu",
'allow_unauthorized_write': True, "allow_unauthorized_write": True,
}, },
'postgresql': { "postgresql": {
'version': '11', "version": "11",
}, },
'sysctl': { "sysctl": {
'options': { "options": {
# XXX find out if this is really needed # XXX find out if this is really needed
'net.ipv4.conf.all.forwarding': '1', "net.ipv4.conf.all.forwarding": "1",
'net.ipv6.conf.all.forwarding': '1', "net.ipv6.conf.all.forwarding": "1",
}, },
}, },
'vm': { "vm": {
'cpu': 2, "cpu": 2,
'ram': 4, "ram": 4,
}, },
'users': { "users": {
'sophie': { "sophie": {
'enable_linger': True, "enable_linger": True,
'ssh_pubkey': [ "ssh_pubkey": [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon"
], ],
}, },
}, },
'zfs': { "zfs": {
"datasets": { "datasets": {
"tank/webdump": { "tank/webdump": {
"mountpoint": "/var/www/webdump.sophies-kitchen.eu", "mountpoint": "/var/www/webdump.sophies-kitchen.eu",
"needed_by": [ "needed_by": ["directory:/var/www/webdump.sophies-kitchen.eu"],
"directory:/var/www/webdump.sophies-kitchen.eu" }
},
"pools": {
"tank": {
"when_creating": {
"config": [
{
"devices": {
"/dev/disk/by-id/scsi-0HC_Volume_23952298",
},
}
] ]
}
},
'pools': {
'tank': {
'when_creating': {
'config': [{
'devices': {
'/dev/disk/by-id/scsi-0HC_Volume_23952298',
},
}]
}, },
}, },
}, },