diff --git a/data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault b/data/gitea/files/ssh-keys/rx300.key.vault similarity index 100% rename from data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault rename to data/gitea/files/ssh-keys/rx300.key.vault diff --git a/data/gitea/files/ssh-keys/htz.ex42-1048908.pub b/data/gitea/files/ssh-keys/rx300.pub similarity index 100% rename from data/gitea/files/ssh-keys/htz.ex42-1048908.pub rename to data/gitea/files/ssh-keys/rx300.pub diff --git a/data/powerdns/files/bind-zones/franzi.business b/data/powerdns/files/bind-zones/franzi.business index 3fadfdb..dfcba6e 100644 --- a/data/powerdns/files/bind-zones/franzi.business +++ b/data/powerdns/files/bind-zones/franzi.business @@ -13,6 +13,8 @@ chat IN AAAA 2a01:4f8:10b:2a5f::2 dimension IN A 94.130.52.224 dimension IN AAAA 2a01:4f8:10b:2a5f::2 +git IN CNAME rx300.kunbox.net. + matrix IN A 94.130.52.224 matrix IN AAAA 2a01:4f8:10b:2a5f::2 @@ -24,7 +26,6 @@ sewfile IN CNAME sewfile.htz-cloud.kunbox.net. rss IN CNAME rx300.kunbox.net. status IN CNAME icinga2.ovh.kunbox.net. - travelynx IN CNAME rx300.kunbox.net. unicornsden IN CNAME rx300.kunbox.net. diff --git a/data/powerdns/files/bind-zones/kunsmann.eu b/data/powerdns/files/bind-zones/kunsmann.eu index b38fcf0..dde4e2c 100644 --- a/data/powerdns/files/bind-zones/kunsmann.eu +++ b/data/powerdns/files/bind-zones/kunsmann.eu @@ -10,9 +10,6 @@ $ORIGIN kunsmann.eu. dav IN A 94.130.52.224 dav IN AAAA 2a01:4f8:10b:2a5f::2 -git IN A 94.130.52.224 -git IN AAAA 2a01:4f8:10b:2a5f::2 - grafana IN CNAME influxdb.htz-cloud.kunbox.net. icinga IN CNAME icinga2.ovh.kunbox.net. influxdb IN CNAME influxdb.htz-cloud.kunbox.net. @@ -29,9 +26,6 @@ luther-ps IN CNAME luther.htz-cloud.kunbox.net. paste IN A 94.130.52.224 paste IN AAAA 2a01:4f8:10b:2a5f::2 -rss IN A 94.130.52.224 -rss IN AAAA 2a01:4f8:10b:2a5f::2 - _dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" _mta-sts IN TXT "v=STSv1;id=20201111;" _smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 4266dec..8744c04 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -2,7 +2,7 @@ nodes['htz.ex42-1048908'] = { 'bundles': { 'dovecot', 'element-web', - 'gitea', +# 'gitea', 'jenkins-ci', 'lm-sensors', 'matrix-media-repo', @@ -113,27 +113,27 @@ nodes['htz.ex42-1048908'] = { }, }, }, - 'gitea': { - 'version': '1.14.3', - 'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2', - 'domain': 'git.kunsmann.eu', - 'email_domain_blocklist': { - 'gmail.com', - 'yahoo.com', - 'aol.com', - 'comcast.net', - 'verizon.net', - 'hotmail.com', - 'cox.net', - 'msn.com', - }, - 'enable_git_hooks': True, - 'install_ssh_key': True, - 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='), - 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'), - 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'), - 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='), - }, +# 'gitea': { +# 'version': '1.14.3', +# 'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2', +# 'domain': 'git.kunsmann.eu', +# 'email_domain_blocklist': { +# 'gmail.com', +# 'yahoo.com', +# 'aol.com', +# 'comcast.net', +# 'verizon.net', +# 'hotmail.com', +# 'cox.net', +# 'msn.com', +# }, +# 'enable_git_hooks': True, +# 'install_ssh_key': True, +# 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='), +# 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'), +# 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'), +# 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='), +# }, 'icinga_options': { 'pretty_name': 'kunsmann.eu', }, diff --git a/nodes/rx300.py b/nodes/rx300.py index 636ed45..97aec1d 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -7,6 +7,7 @@ nodes['rx300'] = { 'hostname': '31.47.232.106', 'bundles': { + 'gitea', 'lm-sensors', 'miniflux', 'postgresql', @@ -33,6 +34,11 @@ nodes['rx300'] = { 'apt': { 'packages': { 'ipmitool': {}, + + # for franzi.business deployment + 'jekyll': {}, + 'ruby-jekyll-feed': {}, + 'ruby-jekyll-paginate-v2': {}, }, # XXX remove this once nginx.org has packages for debian bullseye 'repos': { @@ -43,6 +49,27 @@ nodes['rx300'] = { }, }, }, + 'gitea': { + 'version': '1.14.3', + 'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2', + 'domain': 'git.franzi.business', + 'email_domain_blocklist': { + 'gmail.com', + 'yahoo.com', + 'aol.com', + 'comcast.net', + 'verizon.net', + 'hotmail.com', + 'cox.net', + 'msn.com', + }, + 'enable_git_hooks': True, + 'install_ssh_key': True, + 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='), + 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'), + 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'), + 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='), + }, 'icinga_options': { 'pretty_name': 'franzi.business', }, @@ -51,9 +78,8 @@ nodes['rx300'] = { }, 'nginx': { 'vhosts': { - 'miniflux': { - 'ssl': '_.franzi.business', - }, + 'gitea': {'ssl': '_.franzi.business'}, + 'miniflux': {'ssl': '_.franzi.business'}, 'unicornsden': { 'domain': 'unicornsden.franzi.business', 'ssl': '_.franzi.business',