Compare commits

...

24 commits

Author SHA1 Message Date
Sophie Schiller
07dbcb51f4 bw/htz-cloud.miniserver bump element-web version
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
kunsi/bundlewrap/pipeline/pr-main This commit looks good
2021-07-17 01:09:33 +02:00
Sophie Schiller
58691904fc bw/matrix-dimension repair syntax errors 2021-07-17 01:09:33 +02:00
Sophie Schiller
d076384ead bw/matrix-dimension remove unneeded metadata 2021-07-17 01:09:33 +02:00
Sophie Schiller
6ceb47a92e bw/matrix-dimension get all the things 2021-07-17 01:09:33 +02:00
Sophie Schiller
2b1c53e47a bw/matrix-dimension disable logfile 2021-07-17 01:09:33 +02:00
Sophie Schiller
aa639dc913 bw/matrix-dimension switch to generic vhost name 2021-07-17 01:09:33 +02:00
Sophie Schiller
71a1a4d59b bw/matrix-dimension enable process monitoring 2021-07-17 01:09:33 +02:00
Sophie Schiller
f40036422f bw/matrix-dimensions fix typos 2021-07-17 01:09:33 +02:00
Sophie Schiller
568a73efaf bw/matrix-dimension switch listening port 2021-07-17 01:09:33 +02:00
Sophie Schiller
9fb5293c80 bw/matrix-dimension switch to dedicated user 2021-07-17 01:09:33 +02:00
Sophie Schiller
2a78fa95a1 bw/htz-cloud.miniserver cleanup extras 2021-07-17 01:09:33 +02:00
Sophie Schiller
ebee3b3de5 bw/matrix-dimension witespaaaaaaaace 2021-07-17 01:09:33 +02:00
Sophie Schiller
8ee59cd036 bundle/matrix-dimension enable backups 2021-07-17 01:09:33 +02:00
Sophie Schiller
fd6f42cef7 bw/htz-cloud.miniserver set differend recursors 2021-07-17 01:09:33 +02:00
Sophie Schiller
a5b6250c86 bw/bundle matrix-dimension this might actually work 2021-07-17 01:09:33 +02:00
Sophie Schiller
c52482e98b bw/bundle matrix-dimension add first draft 2021-07-17 01:09:33 +02:00
9e305fc854
bundles/element-web: fix nginx webroot path
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
2021-07-15 18:44:02 +02:00
8aac46206a
remove obsolete metadata from htz.ex42-1048908 2021-07-15 18:41:43 +02:00
7d73c29ccd
move element-web to rx300 2021-07-15 18:41:27 +02:00
f7098b0d35
bundles/element-web: move to /opt (and zfs, if we have that) 2021-07-15 18:40:48 +02:00
afdfc0f8f2
data/ssl: bump _.home.kunbox.net
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
2021-07-15 18:23:45 +02:00
1d2ff1744f
nodes/rx300: update travelynx to 1.20.3
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
2021-07-13 21:12:40 +02:00
133627ace2
bundles/unbound: prefer ipv4 if using pppoe
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
2021-07-13 20:51:58 +02:00
3c2f245b71
bundles/mx-puppet-discord: remove "Discord" in room name for now
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
2021-07-11 16:38:59 +02:00
18 changed files with 424 additions and 192 deletions

View file

@ -26,11 +26,11 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
| 6667 | | bitlbee |
| 8010 | | matrix-media-repo |
| 8086 | influxdb2 | influx |
| 8184 | | matrix-dimension |
| 11332-11334 | rspamd | rspamd |
| 20000 | mx-puppet-discord | Bridge |
| 20010 | mautrix-telegram | Bridge |
| 20020 | mautrix-whatsapp | Bridge |
| 20030 | matrix-dimension | Matrix Integrations Manager|
| 20080 | matrix-synapse | client, federation |
| 20081 | matrix-synapse | prometheus metrics |
| 20090 | matrix-media-repo | media_repo |

View file

@ -2,14 +2,12 @@ from bundlewrap.metadata import metadata_to_json
repo.libs.tools.require_bundle(node, 'nodejs')
element_web_root = '/var/www/{}'.format(node.metadata['element-web']['url'])
directories = {
element_web_root: {}
'/opt/element-web': {}
}
git_deploy = {
element_web_root: {
'/opt/element-web': {
'rev': node.metadata['element-web']['version'],
'repo': 'https://github.com/vector-im/element-web.git',
'triggers': {
@ -19,7 +17,7 @@ git_deploy = {
}
files = {
element_web_root + '/webapp/config.json': {
'/opt/element-web/webapp/config.json': {
'content': metadata_to_json(node.metadata['element-web']['config']),
'needs': {
'action:element-web_yarn',
@ -29,7 +27,7 @@ files = {
actions = {
'element-web_yarn': {
'command': 'cd ' + element_web_root + ' && npm install yarn && node_modules/yarn/bin/yarn install && node_modules/yarn/bin/yarn build',
'command': 'cd /opt/element-web && npm install yarn && node_modules/yarn/bin/yarn install && node_modules/yarn/bin/yarn build',
'needs': {
'pkg_apt:nodejs',
},

View file

@ -1,3 +1,16 @@
defaults = {
'zfs': {
'datasets': {
'tank/element-web': {
'mountpoint': '/opt/element-web',
'needed_by': {
'directory:/opt/element-web',
},
},
},
},
}
@metadata_reactor.provides(
'nginx/vhosts',
)
@ -5,8 +18,9 @@ def nginx_config(metadata):
return {
'nginx': {
'vhosts': {
metadata.get('element-web/url'): {
'webroot': '/var/www/{}/webapp/'.format(metadata.get('element-web/url')),
'element-web': {
'domain': metadata.get('element-web/url'),
'webroot': '/opt/element-web/webapp/',
},
},
},

View file

@ -0,0 +1,14 @@
[Unit]
Description=Matrix Dimension
After=network.target
[Service]
User=matrix-dimension
Group=matrix-dimension
Environment="NODE_ENV=production"
ExecStart=/usr/bin/node ${config['install_dir']}/build/app/index.js
WorkingDirectory=${config['install_dir']}
Restart=on-failure
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,93 @@
# The web settings for the service (API and UI).
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
web:
port: 20030
address: '127.0.0.1'
# Homeserver configuration
homeserver:
# The domain name of the homeserver. This is used in many places, such as with go-neb
# setups, to identify the homeserver.
name: "${config['homeserver']['name']}"
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
# use to access the homeserver with.
clientServerUrl: "${config['homeserver']['clientServerUrl']}"
# The URL that Dimension should use when trying to communicate with federated APIs on
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
# through the normal federation process.
#federationUrl: "https://t2bot.io:8448"
# The URL that Dimension will redirect media requests to for downloading media such as
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
#mediaUrl: "https://t2bot.io"
# The access token Dimension should use for miscellaneous access to the homeserver, and
# for tracking custom sticker pack updates. This should be a user configured on the homeserver
# and be dedicated to Dimension (create a user named "dimension" on your homeserver). For
# information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens
accessToken: "${config['homeserver']['accessToken']}"
# These users can modify the integrations this Dimension supports.
# To access the admin interface, open Dimension in Riot and click the settings icon.
admins:
% for i in config['admins']:
- "${i}"
% endfor
# IPs and CIDR ranges listed here will be blocked from being widgets.
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
widgetBlacklist:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 127.0.0.0/8
database:
# Where the database for Dimension is
uri: "postgres://${node.metadata['matrix-dimension']['database']['user']}:${node.metadata['matrix-dimension']['database']['password']}@${node.metadata['matrix-dimension']['database'].get('host', 'localhost')}/${node.metadata['matrix-dimension']['database']['database']}"
# Where to store misc information for the utility bot account.
botData: "${config['data_dir']}/dimension.bot.json"
# Display settings that apply to self-hosted go-neb instances
goneb:
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
# make the bot's avatar an empty string.
avatars:
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
# Settings for interacting with Telegram. Currently only applies for importing
# sticker packs from Telegram.
telegram:
# Talk to @BotFather on Telegram to get a token
botToken: "${config['telegram']['botToken']}"
# Custom sticker pack options.
# Largely based on https://github.com/turt2live/matrix-sticker-manager
stickers:
# Whether or not to allow people to add custom sticker packs
enabled: true
# The sticker manager bot to promote
stickerBot: "@stickers:t2bot.io"
# The sticker manager URL to promote
managerUrl: "https://stickers.t2bot.io"
# Settings for controlling how logging works
logging:
console: true
consoleLevel: info

View file

@ -0,0 +1,74 @@
repo.libs.tools.require_bundle(node, 'nodejs')
directories = {
node.metadata['matrix-dimension']['install_dir']: {
'owner': 'matrix-dimension',
'group': 'matrix-dimension',
},
}
git_deploy = {
node.metadata['matrix-dimension']['install_dir']: {
'rev': node.metadata.get('matrix-dimension/version', 'master'), # doesn't have releases yet
'repo': 'https://github.com/turt2live/matrix-dimension.git',
'triggers': {
'action:matrix_dimension_build',
},
'needs': {
'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')),
'directory:{}'.format(node.metadata.get('matrix-dimension/data_dir')),
},
},
}
files = {
'{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')): {
'owner': 'matrix-dimension',
'group': 'matrix-dimension',
'content_type': 'mako',
'context': {
'config': node.metadata.get('matrix-dimension', {}),
},
'needs': {
'directory:{}'.format(node.metadata.get('matrix-dimension/install_dir')),
},
'triggers': {
'svc_systemd:matrix-dimension:restart',
},
},
'/etc/systemd/system/matrix-dimension.service': {
'content_type': 'mako',
'context': {
'config': node.metadata.get('matrix-dimension', {}),
},
'triggers': {
'action:systemd-reload',
'svc_systemd:matrix-dimension:restart',
},
},
}
actions = {
'matrix_dimension_build': {
'command': 'cd ' + node.metadata.get('matrix-dimension/install_dir') + ' && sudo -u matrix-dimension npm install && sudo -u matrix-dimension npm run build',
'needs': {
'pkg_apt:nodejs',
},
'triggered': True,
'triggers': {
'svc_systemd:matrix-dimension:restart',
},
},
}
svc_systemd = {
'matrix-dimension': {
'needs': {
'action:matrix_dimension_build',
'file:{}/config/production.yaml'.format(node.metadata.get('matrix-dimension/install_dir')),
'postgres_db:matrix-dimension',
'postgres_role:matrix-dimension',
},
},
}

View file

@ -0,0 +1,77 @@
defaults = {
'backups': {
'paths': {
'/opt/matrix-dimension',
'/var/opt/matrix-dimension',
},
},
'matrix-dimension': {
'install_dir': '/opt/matrix-dimension',
'data_dir': '/var/opt/matrix-dimension',
'database': {
'user': 'matrix-dimension',
'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
'database': 'matrix-dimension',
},
},
'postgresql': {
'roles': {
'matrix-dimension': {
'password': repo.vault.password_for('{} postgresql matrix-dimension'.format(node.name)),
},
},
'databases': {
'matrix-dimension': {
'owner': 'matrix-dimension',
},
},
},
'users': {
'matrix-dimension': {
'home': '/var/opt/matrix-dimension',
},
},
}
@metadata_reactor.provides(
'nginx/vhosts/matrix-dimension',
)
def nginx_config(metadata):
return {
'nginx': {
'vhosts': {
'matrix-dimension': {
'domain': metadata.get('matrix-dimension/url'),
'do_not_set_content_security_headers': True,
'max_body_size': '50M',
'locations': {
'/': {
'target': 'http://127.0.0.1:20030',
},
},
},
},
},
}
@metadata_reactor.provides(
'icinga2_api/matrix-dimension/services',
)
def icinga_check_for_new_release(metadata):
return {
'icinga2_api': {
'matrix-dimension': {
'services': {
'MATRIX-DIMENSION UPDATE': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release turt2live/matrix-dimension {}'.format(metadata.get('matrix-dimension/version')),
'vars.notification.mail': True,
'check_interval': '60m',
},
'MATRIX-DIMENSION PROCESS': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a matrix-dimension -c 1:',
},
},
},
},
}

View file

@ -19,7 +19,7 @@ provisioning:
namePatterns:
user: ":name (Discord)"
userOverride: ":displayname (Discord)"
room: "#:name (Discord - :guild)"
room: "#:name (:guild)"
group: ":name"
database:

View file

@ -23,6 +23,10 @@ server:
access-control: ::1 allow
% endif
% if node.has_bundle('pppd'):
prefer-ip4: yes
% endif
msg-cache-size: ${cache_size}
msg-cache-slabs: ${cache_slabs}
rrset-cache-size: ${cache_size}

View file

@ -1,6 +0,0 @@
add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu";
location /.well-known/matrix/ {
alias /etc/matrix-synapse/wellknown/;
add_header Access-Control-Allow-Origin *;
}

View file

@ -0,0 +1 @@
add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu";

View file

@ -8,8 +8,7 @@ $ORIGIN franzi.business.
IN MX 10 mx0.kunbox.net.
IN TXT "v=spf1 mx ~all"
chat IN A 94.130.52.224
chat IN AAAA 2a01:4f8:10b:2a5f::2
chat IN CNAME rx300.kunbox.net.
dimension IN A 94.130.52.224
dimension IN AAAA 2a01:4f8:10b:2a5f::2

View file

@ -1,27 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEiDCCA3CgAwIBAgISBBs1tXfwOmn7KkgoBobxBZB5MA0GCSqGSIb3DQEBCwUA
MIIEiTCCA3GgAwIBAgISBK7LyZgSsIGYVyvtZegOm/EYMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTA0MjUwNTM4MzVaFw0yMTA3MjQwNTM4MzVaMBoxGDAWBgNVBAMT
D2hvbWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABK1au63mFbRf
yIdtADRlTonFn78I9BO7dbcCroupIGSVAHrcK4TeSvwdEzfRgFurGKBwuG/q69aM
zmGNlZT7V7XriV9ugYugiryG5BXU65WVMktdIsor3zdb52MRtBkIeKOCAlwwggJY
EwJSMzAeFw0yMTA3MTUxNTIzMzFaFw0yMTEwMTMxNTIzMzBaMBoxGDAWBgNVBAMT
D2hvbWUua3VuYm94Lm5ldDB2MBAGByqGSM49AgEGBSuBBAAiA2IABLNBvsnDsPhe
+NADf9B8VSCCqTb4Qno914E480Of42j85E3YK+iFN6qJhn5SWwhejnyucqpa/UhH
+PI5GQnbIsk+P8OwexFyHKJiph7WXS1icf0Tdxk/Aeudcp5gNkDWkaOCAl0wggJZ
MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQULT1Xhf+4vDvCaX+c3TTnZo3ew9gwHwYD
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzCC4AfStIjmj9DiVKTMHSBS6uX8wHwYD
VR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEG
CCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0
dHA6Ly9yMy5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIRKi5ob21lLmt1bmJveC5u
ZXSCD2hvbWUua3VuYm94Lm5ldDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEE
AYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9y
ZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AJQgvB6O1Y1siHMfgosiLA3R2k1e
bE+UPWHbTi9YTaLCAAABeQfAUowAAAQDAEcwRQIgBB+xeDqOU8y7t2WY+BdG13T/
SI0MH66aZ/9NLeVJIM8CIQCrR6cT8lsYXHYGJ4QthxfaDuS4e/aNq0TW6z84WQod
YAB1AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAABeQfAUyMAAAQD
AEYwRAIgBWcJFwzDbdRTC0NUMCyU7kUd9zr3Dlja1Olkyu3cZN0CIBxvYC1I5tuz
iBlnrFYxeDC8muxbJcffqGfNlR8regRsMA0GCSqGSIb3DQEBCwUAA4IBAQBqJGqV
RRjcmWj9wbgb6ysn3arUR4bYnRanid5sKTLpoUgeBNHViyrsKhWmAFk93PBfgYxq
rLcCAOCIeFl1DPvtYYBCu2H3szeHgjf7yq85pZFFTl9iwPNJ3QIJv1XNNSi0lR31
67kZPqrwXjYUAqT94dNsDbvw5IobhFXvTzWzi1iY8rB19GIXeAZdxmfRHj4sYDDO
mWDGU1lsXvKNzFqff99O0UtbFVJAtfDcX3KHZK0Lw9MfyOg8MBO73gLLD0sGRow5
jsi7Dcg0MUig0N1gQ20QoH5pU/blpFS9mTtbn3aF1XSa7+wi9sUpT7D5zGbWGUcD
/vzvyvzSD4THVy/T
ZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AJQgvB6O1Y1siHMfgosiLA3R2k1e
bE+UPWHbTi9YTaLCAAABeqr69dMAAAQDAEYwRAIgZlJNlWSNhIwF4rMYWoZz2ipv
r/KERY361jwWbrXkYi8CIB7wDYerS3Gp7uojHSfZ6LCQjm/TrQpWPxGa2rDEEr6L
AHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF6qvr1xAAABAMA
SDBGAiEAj0dvzU4wFLbcyuvtodJk0DJU9tLyd0zsnpb4DyZrObUCIQC7nRaJ4Jpj
mnXrNNRdyG16j3Y9snEfP0WNG8W8U7TjgDANBgkqhkiG9w0BAQsFAAOCAQEAY7Wa
Jj/agc7bLBjr6cRugq/7l/MeYwIZ7ubHsyDlh7kSb6dlBxDFjepRrz88cBGdmEfn
kA0Cqcgdbafl+/EcQuXsVF9/G/1UdxP1QTEpWbii9Xf6bcJvzFZ1wAHkavlBRbHI
V0UgRpaE6G3i66AKQGp3jKdrpV7VKKcF3o7gD7tXC2eM6+TJKoaqCmTdrO7Qd2f9
eZ0mqgChhwRn4hOXJX3Wu60UgmIkvAujKEItXEpDWleqC+tZCf82p9aEA4B6P/1L
ZHWXHomhgJ9kkYSAmucDUvD8Bq7od7rlwms9vYv8q5RQYZ26O45FTtZXZ8/Pb9W8
JjFyznrcZSyIR+McNA==
-----END CERTIFICATE-----

View file

@ -1,27 +1,63 @@
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----

View file

@ -1 +1 @@
encrypt$gAAAAABghQ5uRvwa78y-BVzSKONUlH2ATUDOR6kQzM46pCLqld3o48H2HCW13q8IIFTUIHWHCICW6O9_Gw6B_j2sqZwnZlGFqsyQTUl6nSLcR5oJky6pMRpQat3fEUxrJqDL-6d5KyitC7UWgiAkjaZbbpVshy7RIztS9ocXVrGcqNNM4u_-F7dKTo1ZMnhx5FuUZBrybNMX_sF7gHJxhVbJzpk-JKLgzWH9AchR3BJ4tPb03JANForaIsa219UjWtxtGCeiKLZoLQ-1LtJkWKKAEG_BjG_8JIQGiC6_x7jiI-h5HHPoahVXnkMP3J46CWCxt0gUYnX05iNrgI-UxoOWyDMqGDTXA5cyblfsG-LqJvo0Cjvr2V0wl0cxObaP5P9JFDUiIiH-VgI2g3esLRFFMw_Qm0fvlb9C8n8LA3mQxljVU3bdlWv1MNAAwgzBJrSTWPqnBb4F49JwQSM70VgFD5ukF42oYdMxSZkKR4zlgJ8q9pMD7R0mWrq4A6ZE4fQ4s9rPSwMXmPGzcu1KWCrU9FsL0e86UK0YfKXv85i5qdhqh1FXOAA=
encrypt$gAAAAABg8GEGSkxHqfC9tZmqfKE0f0pNZYXedHKriXaGeo2DJwoUArTI3j6rY5l5jX01KP9mpslYPLewjmlUtExYDqzVg1yJ21oiJciri8mFoYqJe4uWgkpwVC-M8O9AJCklSi2Iq1JPztz4x5H0m9hKUjJ_hrZzOtu1bMtX8A_vqGCElcVUJGVtrkEkBqvditwi7uQ__WKTEOfzVhOALcYyc4elyQvxrEUHlyLI9_8ws8iYEKUTzSfcf63AgZ9nmK1VK0miwk1zguIIJ73LnDiF3wVCvre_6nzgadD_mS07bheqUvdeTbwVgiwHsVczxn9H8q8BBx8GXBOHJEwU_S6rfroqZftWyARPlU1uEa1WxpSOwdi0C_ntLA3nQn52ipBhrgdzdA_4TrlLMr1seUPo3Slt2i4YbuCl3x1tSJRY19uwIpr9pDxUKNKg4nuCcHt5ttj-C6D1QcjRRvXRETbKhw45-7zF97UPa7-b_NVB9NdGBJ7Xv4aD2p7ILfPnM0Zt5eL-gN3j7WKWq1YSdDzuDDc4SLhy63t4gkq0N0YgaPBp1i06VQs=

View file

@ -4,6 +4,7 @@
nodes['htz-cloud.miniserver'] = {
'bundles': {
'element-web',
'matrix-dimension',
'matrix-media-repo',
'matrix-synapse',
'nodejs',
@ -58,7 +59,7 @@ nodes['htz-cloud.miniserver'] = {
},
'element-web': {
'url': 'chat.sophies-kitchen.eu',
'version': 'v1.7.31',
'version': 'v1.7.32',
'config': {
'default_server_config': {
'm.homeserver': {
@ -68,10 +69,10 @@ nodes['htz-cloud.miniserver'] = {
},
'brand': 'sophies-kitchen.eu',
'showLabsSettings': True,
'integrations_ui_url': 'https://dimension.franzi.business/riot',
'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar',
'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot',
'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar',
'integrations_widgets_urls': {
'https://dimension.franzi.business/widgets'
'https://dimension.sophies-kitchen.eu/widgets'
},
'default_theme': 'dark',
'defaultCountryCode': 'DE',
@ -103,6 +104,21 @@ nodes['htz-cloud.miniserver'] = {
},
},
},
'matrix-dimension': {
'url': 'dimension.sophies-kitchen.eu',
'version': 'master', # doesn't have releases yet
'homeserver': {
'name': 'sophies-kitchen.eu',
'clientServerUrl': 'https://matrix.sophies-kitchen.eu',
'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'),
},
'admins': [
'@sophie:sophies-kitchen.eu',
],
'telegram': {
'botToken': vault.decrypt('encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t'),
},
},
'matrix-media-repo': {
'version': 'v1.2.8',
'homeservers': {
@ -144,6 +160,14 @@ nodes['htz-cloud.miniserver'] = {
'bot_token': '""',
},
},
'nameservers': {
'213.133.98.98',
'213.133.99.99',
'213.133.100.100',
'2a01:4f8:0:1::add:1010',
'2a01:4f8:0:1::add:9999',
'2a01:4f8:0:1::add:9898',
},
'nftables': {
'rules': {
'input': {
@ -156,16 +180,9 @@ nodes['htz-cloud.miniserver'] = {
},
'nginx': {
'vhosts': {
#'dimension.sophies-kitchen.eu': {
# 'extras': True,
# 'do_not_set_content_security_headers': True,
# 'max_body_size': '50M',
# 'locations': {
# '/': {
# 'target': 'http://127.0.0.1:8184',
# },
# },
#},
'matrix-dimension': {
'extras': True,
},
'sophies-kitchen.eu': {
'webroot': '/var/www/sophies-kitchen.eu/_site/',
'extras': True,

View file

@ -2,15 +2,11 @@ nodes['htz.ex42-1048908'] = {
'bundles': {
'check-mail-received',
'dovecot',
'element-web',
# 'gitea',
# 'jenkins-ci',
'lm-sensors',
'matrix-media-repo',
'matrix-synapse',
'mautrix-telegram',
'mautrix-whatsapp',
# 'miniflux',
'mx-puppet-discord',
'nodejs',
'oidentd',
@ -22,7 +18,6 @@ nodes['htz.ex42-1048908'] = {
'radicale',
'unbound',
'smartd',
# 'travelynx',
'vmhost',
},
'groups': {
@ -46,9 +41,6 @@ nodes['htz.ex42-1048908'] = {
# TODO
'php-imagick': {},
# Jenkins build dependencies
'rustc': {},
# No need to create a bundle just to install packages,
# configs will be managed by users nevertheless.
'mosh': {},
@ -94,51 +86,6 @@ nodes['htz.ex42-1048908'] = {
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
},
'element-web': {
'url': 'chat.franzi.business',
'version': 'v1.7.30',
'config': {
'default_server_config': {
'm.homeserver': {
'base_url': 'https://matrix.franzi.business',
'server_name': 'franzi.business',
},
},
'brand': 'franzi.business',
'showLabsSettings': True,
'integrations_ui_url': 'https://dimension.franzi.business/riot',
'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar',
'integrations_widgets_urls': {
'https://dimension.franzi.business/widgets'
},
'default_theme': 'dark',
'defaultCountryCode': 'DE',
'jitsi': {
'preferredDomain': 'meet.ffmuc.net',
},
},
},
# 'gitea': {
# 'version': '1.14.3',
# 'sha256': '50c25c094ae109f49e276cd00ddc48a0a240b7670e487ae1286cc116d4cdbcf2',
# 'domain': 'git.kunsmann.eu',
# 'email_domain_blocklist': {
# 'gmail.com',
# 'yahoo.com',
# 'aol.com',
# 'comcast.net',
# 'verizon.net',
# 'hotmail.com',
# 'cox.net',
# 'msn.com',
# },
# 'enable_git_hooks': True,
# 'install_ssh_key': True,
# 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
# 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
# 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
# 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='),
# },
'icinga_options': {
'pretty_name': 'kunsmann.eu',
},
@ -222,9 +169,6 @@ nodes['htz.ex42-1048908'] = {
"'@kunsi:franzi.business'": 100,
},
},
# 'miniflux': {
# 'domain': 'rss.kunsmann.eu',
# },
'mx-puppet-discord': {
'homeserver': {
'domain': 'franzi.business',
@ -300,37 +244,6 @@ nodes['htz.ex42-1048908'] = {
},
},
},
# 'franzi.business': {
# 'webroot': '/var/www/franzi.business/_site/',
# 'locations': {
# '/.well-known/matrix/client': {
# 'return': json_dumps({
# 'm.homeserver': {
# 'base_url': 'https://matrix.franzi.business',
# },
# 'm.identity_server': {
# 'base_url': 'https://matrix.org',
# },
# 'im.vector.riot.jitsi': {
# 'preferredDomain': 'meet.ffmuc.net',
# },
# }, sort_keys=True),
# 'additional_config': {
# 'default_type application/json',
# 'add_header Access-Control-Allow-Origin *',
# },
# },
# '/.well-known/matrix/server': {
# 'return': json_dumps({
# 'm.server': 'matrix.franzi.business:443',
# }, sort_keys=True),
# 'additional_config': {
# 'default_type application/json',
# 'add_header Access-Control-Allow-Origin *',
# },
# },
# },
# },
'git.kunsmann.eu': {
'locations': {
'/': {
@ -338,15 +251,6 @@ nodes['htz.ex42-1048908'] = {
},
},
},
# 'jenkins.kunsmann.eu': {
# 'locations': {
# '/': {
# 'target': 'http://localhost:22010/',
# },
# },
# 'website_check_path': '/login',
# 'website_check_string': 'Welcome to Jenkins',
# },
'kunbox.net': {},
'kunsmann.eu': {
'locations': {
@ -435,22 +339,6 @@ nodes['htz.ex42-1048908'] = {
},
},
},
# 'travelynx.franzi.business': {
# 'locations': {
# '/': {
# 'target': 'http://127.0.0.1:22020',
# },
# },
# 'extras': True,
# },
# 'unicornsden': {
# 'domain': 'unicornsden.franzi.business',
# 'webroot_config': {
# 'owner': 'kunsi',
# 'group': 'kunsi',
# 'mode': '0755',
# },
# },
'vliedel.random.franzi.business': {
'webroot_config': {
'mode': '0775',
@ -558,10 +446,6 @@ nodes['htz.ex42-1048908'] = {
'maxuse': '2G',
},
},
# 'travelynx': {
# 'version': '1.20.1',
# 'mail_from': 'travelynx@franzi.business',
# },
'users': {
'kunsi': {
'groups': [

View file

@ -8,10 +8,12 @@ nodes['rx300'] = {
'hostname': '31.47.232.106',
'bundles': {
'check-mail-received',
'element-web',
'gitea',
'jenkins-ci',
'lm-sensors',
'miniflux',
'nodejs',
'php',
'postgresql',
'smartd',
@ -63,6 +65,30 @@ nodes['rx300'] = {
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
},
'element-web': {
'url': 'chat.franzi.business',
'version': 'v1.7.32',
'config': {
'default_server_config': {
'm.homeserver': {
'base_url': 'https://matrix.franzi.business',
'server_name': 'franzi.business',
},
},
'brand': 'franzi.business',
'showLabsSettings': True,
'integrations_ui_url': 'https://dimension.franzi.business/riot',
'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar',
'integrations_widgets_urls': {
'https://dimension.franzi.business/widgets'
},
'default_theme': 'dark',
'defaultCountryCode': 'DE',
'jitsi': {
'preferredDomain': 'meet.ffmuc.net',
},
},
},
'gitea': {
'version': '1.14.4',
'sha256': 'e1ce2fadcf6561cb2543b44b9f1382d6ce4be29ed8edd6d9d7080a218aa114b0',
@ -95,6 +121,7 @@ nodes['rx300'] = {
},
'nginx': {
'vhosts': {
'element-web': {'ssl': '_.franzi.business'},
'gitea': {'ssl': '_.franzi.business'},
'miniflux': {'ssl': '_.franzi.business'},
'franzi.business': {
@ -206,7 +233,7 @@ nodes['rx300'] = {
},
},
'travelynx': {
'version': '1.20.2',
'version': '1.20.3',
'mail_from': 'travelynx@franzi.business',
},
'users': {