kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

sophie gets her own group

Browse source
This commit is contained in:
Franzi 2024-06-08 18:46:51 +02:00
parent 1c2127437c
commit d1e28c3f0c
Signed by: kunsi
GPG key ID: 12E3D2136B818350
9 changed files with 15 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

76
nodes/sophie/backupserver.py Normal file
View file

@ -0,0 +1,76 @@
nodes['htz-hel.backup-sophie'] = {
'hostname': 'backup.sophies-kitchen.eu',
'bundles': {
'backup-server',
'zfs',
},
'groups': {
'debian-bullseye',
'sophie',
},
'metadata': {
'apt': {
'packages': {
'mosh': {},
'borgbackup': {},
},
'unattended-upgrades': {
# requires manual apply after reboot to unlock dm-crypt
# devices
'reboot_enabled': False,
},
},
'backups': {
'exclude_from_backups': True,
},
'interfaces': {
'ens18': {
'ips': {
'2a01:4f9:6b:2d99::c0c0:a/64',
},
'gateway6': '2a01:4f9:6b:2d99::2',
},
},
'vm': {
'cpu': 4,
'ram': 8,
},
'backup-server': {
'zfs-base': 'tank/backups',
},
'nftables': {
'input': {
'50-sophie-misc': [
'udp dport { 60000-61000 } accept',
'tcp dport 5201 accept',
],
},
},
'users': {
'sophie': {},
},
'zfs': {
'datasets': {
'tank/ejgwthink': {
'mountpoint': '/mnt/backups/ejgwthink',
},
'tank/ejgwdesk': {
'mountpoint': '/mnt/backups/ejgwdesk',
},
'tank/moto-sophie': {
'mountpoint': '/mnt/backups/moto-sophie',
},
'tank/backups': {},
},
'pools': {
'tank': {
'when_creating': {
'config': [{
'devices': {'/dev/sdb'},
}],
},
},
},
},
},
}

258
nodes/sophie/miniserver.py Normal file
View file

@ -0,0 +1,258 @@
# sophie's miniserver
nodes['htz-cloud.miniserver'] = {
'bundles': {
'element-web',
'hedgedoc',
'matrix-media-repo',
'matrix-synapse',
"matrix-stickerpicker",
'nodejs',
'ntfy',
'mautrix-telegram',
'postgresql',
'zfs',
},
'groups': {
'debian-bookworm',
'sophie',
'webserver',
},
'metadata': {
'interfaces': {
'eth0': {
'ips': {
'157.90.20.62',
'2a01:4f8:c2c:840f::1/64',
},
'gateway4': '172.31.1.1',
'gateway6': 'fe80::1',
},
},
'apt': {
'packages': {
'mosh': {},
'weechat': {},
'weechat-core': {},
'weechat-curses': {},
'weechat-perl': {},
'weechat-plugins': {},
'weechat-python': {},
'weechat-ruby': {},
},
'repos': {
'weechat': {
'items': {
'deb https://weechat.org/debian {os_release} main',
},
},
},
},
'backup-client': {
'pre-hooks': {
'sophie-weechat': \
'echo \'core.weechat */layout store\' >> /home/sophie/.weechat/weechat_fifo\n' \
'echo \'core.weechat */save\' >> /home/sophie/.weechat/weechat_fifo\n',
},
'target': "htz-hel.backup-sophie",
},
'backups': {
'paths': {
'/home/sophie/.weechat',
},
},
'element-web': {
'url': 'chat.sophies-kitchen.eu',
'version': 'v1.11.67',
'config': {
'default_server_config': {
'm.homeserver': {
'base_url': 'https://matrix.sophies-kitchen.eu',
'server_name': 'sophies-kitchen.eu',
},
},
'brand': 'sophies-kitchen.eu',
'showLabsSettings': True,
'default_theme': 'dark',
'defaultCountryCode': 'DE',
'jitsi': {
'preferredDomain': 'meet.ffmuc.net',
},
'map_style_url': "https://api.maptiler.com/maps/openstreetmap/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
},
},
'hedgedoc': {
'version': '1.9.9',
'config': {
'production': {
'allowAnonymousEdits': True,
'domain': 'pad.sophies-kitchen.eu',
},
},
},
'letsencrypt': {
'concat_and_deploy': {
'sophie-weechat': {
'match_domain': 'i.sophies-kitchen.eu',
'target': '/home/sophie/.weechat/ssl/relay.pem',
'chown': 'sophie:sophie',
'chmod': '0440',
'commands': [
'echo \'core.weechat */relay sslcertkey\' >> /home/sophie/.weechat/weechat_fifo'
],
},
},
'domains': {
'i.sophies-kitchen.eu': set(),
'webdump.sophies-kitchen.eu': set(),
'matrix.sophies-kitchen.eu': {
'sophies-kitchen.eu',
},
},
},
'matrix-media-repo': {
'version': 'v1.3.4',
'datastore_id': '99c09e24edc4e9be6c4c9486bc147e385bc87044',
'sha1': '55d353b472894547c61b11567089eb2cf40ce5ba',
'homeservers': {
'sophies-kitchen.eu': {
'domain': 'http://[::1]:20080/',
'api': 'synapse',
},
},
'admins': {
'@sophie:sophies-kitchen.eu',
},
'upload_max_mb': 500,
},
'matrix-stickerpicker': {
# use this bot token for telegram import: encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t
'domain': "matrix-stickers.sophies-kitchen.eu",
'config': {
'access_token': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'),
'homeserver': "https://matrix.sophies-kitchen.eu",
'user_id': "@dimension:sophies-kitchen.eu",
},
},
'matrix-synapse': {
'server_name': 'sophies-kitchen.eu',
'baseurl': 'matrix.sophies-kitchen.eu',
'admin_contact': 'mailto:foobar@sophies-kitchen.eu',
'trusted_key_servers': {
'matrix.org',
},
},
'mautrix-telegram': {
'version': 'v0.15.1',
'homeserver': {
'domain': 'sophies-kitchen.eu',
'url': 'https://matrix.sophies-kitchen.eu',
},
'provisioning': {
'enabled': False,
'shared_secret': '""',
},
'permissions': {
'sophies-kitchen.eu': 'full',
"'@sophie:sophies-kitchen.eu'": 'admin',
},
'telegram': {
'api_id': vault.decrypt('encrypt$gAAAAABgnqdXhCTwtCXJhSaCZsiNfHPtjwlYtV1sUAux7JZdejN3xItU9RJLeNu4gUniv36XbBoxKwVtqqyV3RcAs-PgumcfYQ=='),
'api_token': vault.decrypt('encrypt$gAAAAABgnqd5IdpYRmW-C4ONBSXQfiJrpTVQX0rP0eKoDnLnVTLg-5olSjcw2gVvEKWLnsGEZIgVcG7yEs-sqYRxeiQLFFpSn-Z4We0mhj0CUeFoD-eXJsp-bAgLv9PJoMv5Gjb8r9i6'),
'bot_token': '""',
},
},
'nameservers': {
'213.133.98.98',
'213.133.99.99',
'213.133.100.100',
'2a01:4f8:0:1::add:1010',
'2a01:4f8:0:1::add:9999',
'2a01:4f8:0:1::add:9898',
},
'nftables': {
'input': {
'50-sophie-weechat': [
'udp dport { 60000-61000 } accept',
'tcp dport 9001 accept',
],
},
},
'nginx': {
'vhosts': {
'sophies-kitchen.eu': {
'webroot': '/var/www/sophies-kitchen.eu/_site/',
'extras': True,
},
'matrix-synapse': {
'domain': 'matrix.sophies-kitchen.eu',
},
'webdump.sophies-kitchen.eu': {
'webroot_config': {
'owner': 'sophie',
'group': 'sophie',
'mode': '0755',
},
'extras': True,
},
'recipes.sophies-kitchen.eu': {
'webroot_config': {
'owner': 'sophie',
'group': 'sophie',
'mode': '0755',
},
},
},
},
'nodejs': {
'version': 18,
},
'ntfy': {
'domain': 'ntfy.sophies-kitchen.eu',
'allow_unauthorized_write': True,
},
'postgresql': {
'version': '11',
},
'sysctl': {
'options': {
# XXX find out if this is really needed
'net.ipv4.conf.all.forwarding': '1',
'net.ipv6.conf.all.forwarding': '1',
},
},
'vm': {
'cpu': 2,
'ram': 4,
},
'users': {
'sophie': {
'enable_linger': True,
'ssh_pubkey': [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon"
],
},
},
'zfs': {
"datasets": {
"tank/webdump": {
"mountpoint": "/var/www/webdump.sophies-kitchen.eu",
"needed_by": [
"directory:/var/www/webdump.sophies-kitchen.eu"
]
}
},
'pools': {
'tank': {
'when_creating': {
'config': [{
'devices': {
'/dev/disk/by-id/scsi-0HC_Volume_23952298',
},
}]
},
},
},
},
},
}

76
nodes/sophie/paperless.py Normal file
View file

@ -0,0 +1,76 @@
nodes['sophie.paperless'] = {
'hostname': '172.19.138.30',
'bundles': {
'nfs-client',
'nodejs',
'redis',
'postgresql',
'paperless-ng',
},
'groups': {
'debian-buster',
'webserver',
},
'metadata': {
'backups': {
'exclude_from_backups': True,
},
'icinga_options': {
'exclude_from_monitoring': True,
},
'interfaces': {
'enp1s0': {
'ips': {
'172.19.138.30/24',
},
'gateway4': '172.19.138.1',
},
},
'nfs-client': {
'mounts': {
'nas_paperless': {
'mountpoint': '/mnt/paperless',
'serverpath': '172.19.138.98:/mnt/paperless',
'mount_options': {
'retry=0',
'rw',
},
},
'nas_scansnap': {
'mountpoint': '/mnt/scansnap',
'serverpath': '172.19.138.20:/srv/scansnap',
'mount_options': {
'retry=0',
'rw',
},
},
},
},
'nginx': {
'vhosts': {
'paperless': {
'ssl': '_.home.kunbox.net',
},
},
},
'paperless': {
'domain': 'paperless-sophie.home.kunbox.net',
'version': 'ng-1.4.4',
'timezone': 'Europe/Berlin',
},
'postgresql': {
'version': '11',
},
'users': {
'sophie': {
'sudo_commands': {
'ALL',
},
},
},
'vm': {
'cpu': 2,
'ram': 2,
},
},
}

97
nodes/sophie/rechenmonster.py Normal file
View file

@ -0,0 +1,97 @@
nodes['sophie.rechenmonster'] = {
'hostname': '172.19.138.98',
'bundles': {
'basic',
'ipmitool',
'nfs-server',
'smartd',
'systemd',
'systemd-networkd',
'systemd-timers',
'telegraf',
'users',
'zfs',
},
'metadata': {
'interfaces': {
'br0': {
'ips': {
'172.19.138.98/24',
},
'gateway4': '172.19.138.1',
'ipv6_accept_ra': True,
},
},
'icinga_options': {
'exclude_from_monitoring': True,
},
'nfs-server': {
'shares': {
'/video': {
'172.19.138.0/24': 'ro,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
},
},
},
'smartd': {
'disks': {
'/dev/disk/by-id/wwn-0x50025385a01e0795',
},
},
'systemd-networkd': {
'bonds': {
'bond0': {
'match': {
'enp5*',
},
},
},
'bridges': {
'br0': {
'match': {
'bond0',
},
},
},
},
'users': {
'kunsi': {
'password': vault.decrypt('encrypt$gAAAAABgLmmuQGRUStrQawoPee-758emIYn2u8-8ebrgzNAFSp7ifeFDdXXvs-zL3QogwNYlCtBHboH2xfy1rSj6OF5bbNO-tg=='),
},
'sophie': {
'password': vault.decrypt('encrypt$gAAAAABiEAyiedXL6ZnvelOMumhcB73X72SXZhjS_G0EDYVK5-NQ3_J_0h1W1HkFBNe5tShGNmg88jUiULRBn5u2IoiRGiDrYg=='),
},
},
'zfs': {
'module_options': {
'zfs_arc_max_gb': 16,
},
'pools': {
'storage': {
'when_creating': {
'config': [
{
'type': 'raidz2',
'devices': {
'/dev/disk/by-id/scsi-35000c50057a2d787', # sda
'/dev/disk/by-id/scsi-35000c500579053bf', # sdb
'/dev/disk/by-id/scsi-35000c5005796c697', # sdc
'/dev/disk/by-id/scsi-35000c50057a1c55b', # sdd
'/dev/disk/by-id/scsi-35000c5005781a2e7', # sde
'/dev/disk/by-id/scsi-35000c5005795ce2b', # sdf
'/dev/disk/by-id/scsi-35000c50057a12fa3', # sdg
'/dev/disk/by-id/scsi-35000c50057a19aa3', # sdh
},
},
],
'ashift': 12,
},
},
},
'datasets': {
'storage/video': {
'mountpoint': '/video',
},
},
},
},
}