diff --git a/data/matrix-synapse/htz-cloud.miniserver/homeserver_signing.key.vault b/data/matrix-synapse/htz-cloud.miniserver/homeserver_signing.key.vault new file mode 100644 index 0000000..dd45e96 --- /dev/null +++ b/data/matrix-synapse/htz-cloud.miniserver/homeserver_signing.key.vault @@ -0,0 +1 @@ +encrypt$gAAAAABgnpPCtotoGnJ5XK2ZrCBPGUOE7KxxpjaayiJ3kQZ9Xi6F_NuBAmFwTCGOsdzd_9HCaHxMjXGpf-X4TVIdcABquUH9ZMQ6QsBjGNtLAeVz64E9aNF8R4OgKeCn5cd_XT87awFR6budL7gOp7hzFvwtkJVs4w== \ No newline at end of file diff --git a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu new file mode 100644 index 0000000..aa5cff2 --- /dev/null +++ b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu @@ -0,0 +1,6 @@ + add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu"; + + location /.well-known/matrix/ { + alias /etc/matrix-synapse/wellknown/; + add_header Access-Control-Allow-Origin *; + } diff --git a/data/nginx/files/extras/htz-cloud.miniserver/matrix.sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/matrix.sophies-kitchen.eu new file mode 100644 index 0000000..fce62ac --- /dev/null +++ b/data/nginx/files/extras/htz-cloud.miniserver/matrix.sophies-kitchen.eu @@ -0,0 +1,22 @@ + location /.well-known/matrix/ { + types { } default_type "application/json"; + alias /etc/matrix-synapse/wellknown/; + add_header Access-Control-Allow-Origin *; + } + + location /_matrix { + proxy_pass http://[::1]:20080; + proxy_set_header Host "sophies-kitchen.eu"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + } + + location /_matrix/media { + client_max_body_size 500M; + + proxy_read_timeout 600s; + proxy_set_header Host "sophies-kitchen.eu"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://localhost:20090; + } diff --git a/data/nginx/files/extras/htz-cloud.miniserver/sophies-kitchen.eu b/data/nginx/files/extras/htz-cloud.miniserver/sophies-kitchen.eu new file mode 100644 index 0000000..cc5c4e3 --- /dev/null +++ b/data/nginx/files/extras/htz-cloud.miniserver/sophies-kitchen.eu @@ -0,0 +1,10 @@ +location /.well-known/matrix/client { + return 200 '{"m.homeserver": {"base_url": "https://matrix.sophies-kitchen.eu"},"m.identity_server": {"base_url": "https://matrix.org"}}'; + default_type application/json; + add_header Access-Control-Allow-Origin *; +} +location /.well-known/matrix/server { + return 200 '{"m.server": "matrix.sophies-kitchen.eu:443"}'; + default_type application/json; + add_header Access-Control-Allow-Origin *; +} diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 3a892f8..a895c5a 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -2,11 +2,18 @@ # mostly unmanaged nodes['htz-cloud.miniserver'] = { + 'bundles': { + 'element-web', + 'matrix-media-repo', + 'matrix-synapse', + 'nodejs', + 'mautrix-telegram', + 'postgresql', + }, 'groups': { 'debian-buster', 'webserver', }, - 'bundles': set(), 'metadata': { 'interfaces': { 'eth0': { @@ -40,8 +47,31 @@ nodes['htz-cloud.miniserver'] = { 'backups': { 'exclude_from_backups': True, }, + 'element-web': { + 'url': 'chat.sophies-kitchen.eu', + 'version': 'v1.7.27', + 'config': { + 'default_server_config': { + 'm.homeserver': { + 'base_url': 'https://matrix.sophies-kitchen.eu', + 'server_name': 'sophies-kitchen.eu', + }, + }, + 'brand': 'sophies-kitchen.eu', + 'showLabsSettings': True, + #'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot', + #'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar', + #'integrations_widgets_urls': { + # 'https://dimension.sophies-kitchen.eu/widgets' + #}, + 'default_theme': 'dark', + 'defaultCountryCode': 'DE', + 'jitsi': { + 'preferredDomain': 'meet.ffmuc.net', + }, + }, + }, 'icinga_options': { - 'exclude_from_monitoring': True, 'vars.notification.sms': False, }, 'iptables': { @@ -66,10 +96,71 @@ nodes['htz-cloud.miniserver'] = { 'domains': { 'i.sophies-kitchen.eu': set(), 'webdump.sophies-kitchen.eu': set(), + 'matrix.sophies-kitchen.eu': { + 'sophies-kitchen.eu', + }, + }, + }, + 'matrix-media-repo': { + 'version': 'v1.2.8', + 'homeservers': { + 'sophies-kitchen.eu': { + 'domain': 'http://[::1]:20080/', + 'api': 'synapse', + }, + }, + 'admins': { + '@sophie:sophies-kitchen.eu', + }, + 'upload_max_mb': 500, + }, + 'matrix-synapse': { + 'server_name': 'sophies-kitchen.eu', + 'baseurl': 'matrix.sophies-kitchen.eu', + 'admin_contact': 'mailto:foobar@sophies-kitchen.eu', + 'trusted_key_servers': { + 'matrix.org', + }, + }, + 'mautrix-telegram': { + 'version': 'v0.9.0', + 'homeserver': { + 'domain': 'sophies-kitchen.eu', + 'url': 'https://matrix.sophies-kitchen.eu', + }, + 'provisioning': { + 'enabled': False, + 'shared_secret': '""', + }, + 'permissions': { + 'sophies-kitchen.eu': 'full', + "'@sophie:sophies-kitchen.eu'": 'admin', + }, + 'telegram': { + 'api_id': vault.decrypt('encrypt$gAAAAABgnqdXhCTwtCXJhSaCZsiNfHPtjwlYtV1sUAux7JZdejN3xItU9RJLeNu4gUniv36XbBoxKwVtqqyV3RcAs-PgumcfYQ=='), + 'api_token': vault.decrypt('encrypt$gAAAAABgnqd5IdpYRmW-C4ONBSXQfiJrpTVQX0rP0eKoDnLnVTLg-5olSjcw2gVvEKWLnsGEZIgVcG7yEs-sqYRxeiQLFFpSn-Z4We0mhj0CUeFoD-eXJsp-bAgLv9PJoMv5Gjb8r9i6'), + 'bot_token': '""', }, }, 'nginx': { 'vhosts': { + #'dimension.sophies-kitchen.eu': { + # 'extras': True, + # 'do_not_set_content_security_headers': True, + # 'max_body_size': '50M', + # 'proxy': { + # '/': { + # 'target': 'http://127.0.0.1:8184', + # }, + # }, + #}, + 'sophies-kitchen.eu': { + 'webroot': '/var/www/sophies-kitchen.eu/_site/', + 'extras': True, + }, + 'matrix.sophies-kitchen.eu': { + 'extras': True, + }, 'webdump.sophies-kitchen.eu': { 'webroot_config': { 'owner': 'sophie',