bundles/rspamd: change dmarc reporting sender to working address

bundles/powerdns/items.py

@@ -24,7 +24,7 @@ $TTL 60
     )
 """
 for rnode in sorted(repo.nodes_in_group('dns')):
-    ZONE_HEADER += '@       IN  NS {}.\n'.format(rnode.metadata.get('powerdns/my_hostname', rnode.metadata['hostname']))
+    ZONE_HEADER += '@       IN  NS {}.\n'.format(rnode.metadata.get('powerdns/my_hostname', rnode.metadata.get('hostname')))
 
 directories = {
     '/etc/powerdns/pdns.d': {
@@ -51,10 +51,10 @@ files = {
         'content_type': 'mako',
         'context': {
             'api_key': node.metadata['powerdns']['api_key'],
-            'my_hostname': node.metadata['powerdns'].get('my_hostname', node.name),
+            'my_hostname': node.metadata['powerdns'].get('my_hostname', node.metadata.get('hostname')),
             'is_secondary': node.metadata['powerdns'].get('is_secondary', False),
-            'my_primary_servers': node.metadata['powerdns'].get('my_primary_servers', {}),
-            'my_secondary_servers': node.metadata['powerdns'].get('my_secondary_servers', {}),
+            'my_primary_servers': node.metadata['powerdns'].get('my_primary_servers', set()),
+            'my_secondary_servers': node.metadata['powerdns'].get('my_secondary_servers', set()),
         },
         'needs': {
             'pkg_apt:pdns-server',
@@ -99,13 +99,16 @@ if node.metadata.get('powerdns/features/bind', False):
 
         primary_zones.add(zone)
 
-        files["/var/lib/powerdns/zones/{}".format(zone)] = {
+        files[f'/var/lib/powerdns/zones/{zone}'] = {
             'content_type': 'mako',
             'context': {
                 'header': ZONE_HEADER.format(serial=serial),
-                'metadata_records': node.metadata.get('powerdns/bind-zones/{}/records'.format(zone), []),
+                'metadata_records': node.metadata.get(f'powerdns/bind-zones/{zone}/records', []),
             },
-            'source': 'bind-zones/{}'.format(zone),
+            'source': f'bind-zones/{zone}',
+            # TODO enable this once bundlewrap has test_with
+            # was introduced in https://github.com/bundlewrap/bundlewrap/commit/cb7e9c161719acd70d132a7b24f0d231a8cb3fa3
+            #'test_with': f'named-checkzone {zone} {{}}',
             'triggers': {
                 'action:powerdns_reload_zones',
             },

bundles/rspamd/files/local.d/dmarc.conf

@@ -1,10 +1,9 @@
 reporting {
-    # Required attributes
-    enabled = true; # Enable reports in general
-    email = 'dmarc@${node.metadata.get('hostname')}'; # Source of DMARC reports
-    domain = '${node.metadata.get('hostname')}'; # Domain to serve
-    org_name = 'kunbox.net'; # Organisation
-    smtp = '127.0.0.1'; # SMTP server IP
-    smtp_port = 25; # SMTP server port
-    from_name = 'rspamd @ ${node.metadata.get('hostname')}'; # SMTP FROM
+    enabled = true;
+    email = 'dmarc+${node.name.replace('.', '-')}@kunbox.net';
+    domain = '${node.metadata.get('hostname')}';
+    org_name = 'kunbox.net';
+    smtp = '127.0.0.1';
+    smtp_port = 25;
+    from_name = 'rspamd @ ${node.metadata.get('hostname')}';
 }

data/nginx/files/extras/htz.ex42-1048908/dimension.franzi.business

@@ -1 +0,0 @@
-    add_header Content-Security-Policy "frame-ancestors 'self' chat.franzi.business";

data/nginx/files/extras/htz.ex42-1048908/wiki.franzi.business

@@ -1,12 +0,0 @@
-    location ~ /(data|conf|bin|inc|vendor)/ {
-        deny all;
-    }
-
-    location / { try_files $uri $uri/ @dokuwiki; }
-
-    location @dokuwiki {
-        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
-        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
-        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
-        rewrite ^/(.*) /doku.php?id=$1&$args last;
-    }

data/powerdns/files/bind-zones/flauschehorn.sexy

@@ -8,4 +8,8 @@ $ORIGIN flauschehorn.sexy.
                 IN  TXT     "v=spf1 mx ~all"
 
 _dmarc          IN  TXT     "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
-uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
+
+uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
+    "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
+    "oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
+) ;

data/powerdns/files/bind-zones/franzi.business

@@ -16,7 +16,6 @@ matrix          IN  CNAME   rx300.kunbox.net.
 mta-sts         IN  CNAME   rx300.kunbox.net.
 netbox          IN  CNAME   rx300.kunbox.net.
 sewfile         IN  CNAME   sewfile.htz-cloud.kunbox.net.
-                IN  TXT     "v=spf1 a mx ~all"
 paste           IN  CNAME   rx300.kunbox.net.
 postfixadmin    IN  CNAME   rx300.kunbox.net.
 radicale        IN  CNAME   rx300.kunbox.net.
@@ -32,5 +31,12 @@ _dmarc          IN  TXT     "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbo
 _mta-sts        IN  TXT     "v=STSv1;id=20201111;"
 _smtp._tls      IN  TXT     "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
 _token._dnswl   IN  TXT     "gg3mbwjx9bbuo5osvh7oz6bc881wcmc"
-2019._domainkey IN  TXT     "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
-uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
+
+2019._domainkey IN  TXT     ( "v=DKIM1; k=rsa; "
+    "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440"
+    "vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
+) ;
+uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
+    "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
+    "oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
+) ;

data/powerdns/files/bind-zones/kunbox.net

@@ -11,14 +11,7 @@ $ORIGIN kunbox.net.
                     IN  TXT     "v=spf1 mx ~all"
 
 ; Mail servers
-mx0                 IN  A       94.130.52.224
-                    IN  AAAA    2a01:4f8:10b:2a5f::2
-                    IN  AAAA    2a01:4f8:10b:2a5f::1337
 mta-sts             IN  CNAME   rx300
-mta-sts.mx0         IN  CNAME   rx300
-postfixadmin.mx0    IN  CNAME   mx0
-rspamd.mx0          IN  CNAME   mx0
-webmail.mx0         IN  CNAME   mx0
 
 ; Nameservers
 ns-1                IN  A       34.89.208.78
@@ -36,11 +29,18 @@ ${record}
 _mta-sts            IN  TXT     "v=STSv1;id=20201111;"
 _smtp._tls          IN  TXT     "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
 _token._dnswl       IN  TXT     "6akc10htbgmg56e072w0w2n0wql4oezu"
-2019._domainkey     IN  TXT     "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
-uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
+
+2019._domainkey     IN  TXT     ( "v=DKIM1; k=rsa; "
+    "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440"
+    "vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
+) ;
+uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
+    "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
+    "oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
+) ;
 
 f2k1.de._report._dmarc          IN  TXT "v=DMARC1"
 franzi.business._report._dmarc  IN  TXT "v=DMARC1"
 kunsmann.eu._report._dmarc      IN  TXT "v=DMARC1"
-kunsmann.info._report._dmarc    IN  TXT "v=DMARC"
-salonkatrin.de._report._dmarc   IN  TXT "v=DMARC"
+kunsmann.info._report._dmarc    IN  TXT "v=DMARC1"
+salonkatrin.de._report._dmarc   IN  TXT "v=DMARC1"

data/powerdns/files/bind-zones/kunsmann.eu

@@ -8,9 +8,6 @@ $ORIGIN kunsmann.eu.
                 IN  MX      10 rx300.kunbox.net.
                 IN  TXT     "v=spf1 mx ~all"
 
-dav             IN  A       94.130.52.224
-dav             IN  AAAA    2a01:4f8:10b:2a5f::2
-
 grafana                 IN  CNAME   influxdb.htz-cloud.kunbox.net.
 icinga                  IN  CNAME   icinga2.ovh.kunbox.net.
 influxdb                IN  CNAME   influxdb.htz-cloud.kunbox.net.
@@ -21,12 +18,19 @@ mta-sts                 IN  CNAME   rx300.kunbox.net.
 luther-ps               IN  CNAME   luther.htz-cloud.kunbox.net.
 
 ; legacy, for redirect
-git                     IN  CNAME   ex42-1048908.htz.kunbox.net.
-paste                   IN  CNAME   ex42-1048908.htz.kunbox.net.
+git                     IN  CNAME   rx300.kunbox.net.
+paste                   IN  CNAME   rx300.kunbox.net.
 
 _dmarc                  IN  TXT     "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
 _mta-sts                IN  TXT     "v=STSv1;id=20201111;"
 _smtp._tls              IN  TXT     "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
 _token._dnswl           IN  TXT     "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
-2019._domainkey         IN  TXT     "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
-uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
+
+2019._domainkey         IN  TXT     ( "v=DKIM1; k=rsa; "
+    "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440"
+    "vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
+) ;
+uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
+    "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
+    "oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
+) ;

data/powerdns/files/bind-zones/trans-agenda.eu

@@ -2,17 +2,21 @@ ${header}
 
 $ORIGIN trans-agenda.eu.
 
-@               IN  MX      10 mx0.kunbox.net.
+@               IN  MX      10 rx300.kunbox.net.
                 IN  TXT     "v=spf1 a mx ~all"
 
 mta-sts         IN  CNAME   rx300.kunbox.net.
 
-part.of.the     IN  A       94.130.52.224
-part.of.the     IN  AAAA    2a01:4f8:10b:2a5f::1337
-
 _dmarc          IN  TXT     "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r"
 _mta-sts        IN  TXT     "v=STSv1;id=20201111;"
 _smtp._tls      IN  TXT     "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
 _token._dnswl   IN  TXT     "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
-2019._domainkey IN  TXT     "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
-uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
+
+2019._domainkey IN  TXT     ( "v=DKIM1; k=rsa; "
+    "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440"
+    "vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
+) ;
+uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT ( "v=DKIM1; k=rsa; "
+    "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp"
+    "oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
+) ;

groups/locations.py

@@ -27,18 +27,6 @@ groups['gce'] = {
     },
 }
 
-groups['htz'] = {
-    'member_patterns': {
-        r"htz\..*",
-    },
-    'subgroups': {
-        'htz-cloud',
-    },
-    'metadata': {
-        'location': 'htz',
-    },
-}
-
 groups['htz-cloud'] = {
     'member_patterns': {
         r"htz\-cloud\..*",
@@ -57,6 +45,7 @@ groups['htz-cloud'] = {
                 },
             },
         },
+        'location': 'htz-cloud',
     },
 }
 

nodes/htz/README

@@ -1 +0,0 @@
-Hetzner Hardware Servers

nodes/htz/ex42-1048908.py

@@ -1,80 +0,0 @@
-nodes['htz.ex42-1048908'] = {
-    'bundles': {
-        'check-mail-received',
-        'lm-sensors',
-        'smartd',
-    },
-    'groups': {
-        'debian-buster',
-        'webserver',
-    },
-    'metadata': {
-        'interfaces': {
-            'enp0s31f6': {
-                'ips': {
-                    '94.130.52.224/26',
-                    '2a01:4f8:10b:2a5f::02/64',
-                    '2a01:4f8:10b:2a5f::1337/64',
-                },
-                'gateway4': '94.130.52.193',
-                'gateway6': 'fe80::1',
-            },
-        },
-        'check-mail-received': {
-            't-online': {
-                'email': 'franzi.kunsmann@t-online.de',
-                'imap_host': 'secureimap.t-online.de',
-                'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
-            },
-        },
-        'icinga_options': {
-            'pretty_name': 'kunsmann.eu',
-        },
-        'locale': {
-            'installed': {
-                # legacy
-                'en_DK.UTF-8',
-            },
-        },
-        'nginx': {
-            'security.txt': {
-                'contact': 'mailto:security@kunsmann.eu',
-                'Encryption': 'https://franzi.business/gpg_hi-kunsmann.eu.asc',
-            },
-            'vhosts': {
-                'dav.kunsmann.eu': {
-                    'locations': {
-                        '/': {
-                            'redirect': 'https://radicale.franzi.business$request_uri',
-                        },
-                    },
-                },
-                'git.kunsmann.eu': {
-                    'locations': {
-                        '/': {
-                            'redirect': 'https://git.franzi.business$request_uri',
-                        },
-                    },
-                },
-                'paste.kunsmann.eu': {
-                    'locations': {
-                        '/': {
-                            'redirect': 'https://paste.franzi.business$request_uri',
-                        },
-                    },
-                },
-            },
-            'worker_processes': 4,
-        },
-        'smartd': {
-            'disks': {
-                '/dev/nvme0',
-                '/dev/nvme1',
-            },
-        },
-        'vm': {
-            'cpu': 8,
-            'ram': 64,
-        },
-    },
-}

nodes/rx300.py

@@ -59,6 +59,9 @@ nodes['rx300'] = {
                 'ruby-dev': {},
                 'ruby-bundler': {},
 
+                # for `bw test` on jenkins
+                'bind9utils': {},
+
                 # more php
                 'php-imagick': {},
                 'php-yaml': {},
@@ -332,7 +335,6 @@ nodes['rx300'] = {
                     'domain': 'mta-sts.kunbox.net',
                     'domain_aliases': {
                         'mta-sts.franzi.business',
-                        'mta-sts.mx0.kunbox.net',
                         'mta-sts.kunsmann.eu',
                         'mta-sts.trans-agenda.eu',
                     },
@@ -379,6 +381,22 @@ nodes['rx300'] = {
                     'website_check_path': '/start?do=login',
                     'website_check_string': 'Username',
                 },
+
+                # legacy domains
+                'git.kunsmann.eu': {
+                    'locations': {
+                        '/': {
+                            'redirect': 'https://git.franzi.business$request_uri',
+                        },
+                    },
+                },
+                'paste.kunsmann.eu': {
+                    'locations': {
+                        '/': {
+                            'redirect': 'https://paste.franzi.business$request_uri',
+                        },
+                    },
+                },
             },
             'worker_processes': 8,
         },