# sophie's miniserver nodes['htz-cloud.miniserver'] = { 'bundles': { 'element-web', 'hedgedoc', 'matrix-media-repo', 'matrix-synapse', "matrix-stickerpicker", 'nodejs', 'ntfy', 'mautrix-telegram', 'postgresql', 'zfs', }, 'groups': { 'debian-bookworm', 'sophie', 'webserver', }, 'metadata': { 'interfaces': { 'eth0': { 'ips': { '157.90.20.62', '2a01:4f8:c2c:840f::1/64', }, 'gateway4': '172.31.1.1', 'gateway6': 'fe80::1', }, }, 'apt': { 'packages': { 'mosh': {}, 'weechat': {}, 'weechat-core': {}, 'weechat-curses': {}, 'weechat-perl': {}, 'weechat-plugins': {}, 'weechat-python': {}, 'weechat-ruby': {}, }, 'repos': { 'weechat': { 'items': { 'deb https://weechat.org/debian {os_release} main', }, }, }, }, 'backup-client': { 'pre-hooks': { 'sophie-weechat': \ 'echo \'core.weechat */layout store\' >> /home/sophie/.weechat/weechat_fifo\n' \ 'echo \'core.weechat */save\' >> /home/sophie/.weechat/weechat_fifo\n', }, 'target': "htz-hel.backup-sophie", }, 'backups': { 'paths': { '/home/sophie/.weechat', }, }, 'element-web': { 'url': 'chat.sophies-kitchen.eu', 'version': 'v1.11.76', 'config': { 'default_server_config': { 'm.homeserver': { 'base_url': 'https://matrix.sophies-kitchen.eu', 'server_name': 'sophies-kitchen.eu', }, }, 'brand': 'sophies-kitchen.eu', 'showLabsSettings': True, 'default_theme': 'dark', 'defaultCountryCode': 'DE', 'jitsi': { 'preferredDomain': 'meet.ffmuc.net', }, 'map_style_url': "https://api.maptiler.com/maps/openstreetmap/style.json?key=fU3vlMsMn4Jb6dnEIFsx" }, }, 'hedgedoc': { 'version': '1.9.9', 'config': { 'production': { 'allowAnonymousEdits': True, 'domain': 'pad.sophies-kitchen.eu', }, }, }, 'letsencrypt': { 'concat_and_deploy': { 'sophie-weechat': { 'match_domain': 'i.sophies-kitchen.eu', 'target': '/home/sophie/.weechat/ssl/relay.pem', 'chown': 'sophie:sophie', 'chmod': '0440', 'commands': [ 'echo \'core.weechat */relay sslcertkey\' >> /home/sophie/.weechat/weechat_fifo' ], }, }, 'domains': { 'i.sophies-kitchen.eu': set(), 'webdump.sophies-kitchen.eu': set(), 'matrix.sophies-kitchen.eu': { 'sophies-kitchen.eu', }, }, }, 'matrix-media-repo': { 'version': 'v1.3.7', 'datastore_id': '99c09e24edc4e9be6c4c9486bc147e385bc87044', 'sha1': '3e2bb7089b0898b86000243a82cc58ae998dc9d9', 'homeservers': { 'sophies-kitchen.eu': { 'domain': 'http://[::1]:20080/', 'api': 'synapse', 'signing_key_path': "/etc/matrix-synapse/mmr.signing.key" }, }, 'admins': { '@sophie:sophies-kitchen.eu', }, 'upload_max_mb': 500, }, 'matrix-stickerpicker': { # use this bot token for telegram import: encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t 'domain': "matrix-stickers.sophies-kitchen.eu", 'config': { 'access_token': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'), 'homeserver': "https://matrix.sophies-kitchen.eu", 'user_id': "@dimension:sophies-kitchen.eu", }, }, 'matrix-synapse': { 'server_name': 'sophies-kitchen.eu', 'baseurl': 'matrix.sophies-kitchen.eu', 'admin_contact': 'mailto:foobar@sophies-kitchen.eu', 'trusted_key_servers': { 'matrix.org', }, }, 'mautrix-telegram': { 'version': 'v0.15.2', 'homeserver': { 'domain': 'sophies-kitchen.eu', 'url': 'https://matrix.sophies-kitchen.eu', }, 'provisioning': { 'enabled': False, 'shared_secret': '""', }, 'permissions': { 'sophies-kitchen.eu': 'full', "'@sophie:sophies-kitchen.eu'": 'admin', }, 'telegram': { 'api_id': vault.decrypt('encrypt$gAAAAABgnqdXhCTwtCXJhSaCZsiNfHPtjwlYtV1sUAux7JZdejN3xItU9RJLeNu4gUniv36XbBoxKwVtqqyV3RcAs-PgumcfYQ=='), 'api_token': vault.decrypt('encrypt$gAAAAABgnqd5IdpYRmW-C4ONBSXQfiJrpTVQX0rP0eKoDnLnVTLg-5olSjcw2gVvEKWLnsGEZIgVcG7yEs-sqYRxeiQLFFpSn-Z4We0mhj0CUeFoD-eXJsp-bAgLv9PJoMv5Gjb8r9i6'), 'bot_token': '""', }, }, 'nameservers': { '213.133.98.98', '213.133.99.99', '213.133.100.100', '2a01:4f8:0:1::add:1010', '2a01:4f8:0:1::add:9999', '2a01:4f8:0:1::add:9898', }, 'nftables': { 'input': { '50-sophie-weechat': [ 'udp dport { 60000-61000 } accept', 'tcp dport 9001 accept', ], }, }, 'nginx': { 'vhosts': { 'sophies-kitchen.eu': { 'webroot': '/var/www/sophies-kitchen.eu/_site/', 'extras': True, }, 'matrix-synapse': { 'domain': 'matrix.sophies-kitchen.eu', }, 'webdump.sophies-kitchen.eu': { 'webroot_config': { 'owner': 'sophie', 'group': 'sophie', 'mode': '0755', }, 'extras': True, }, 'recipes.sophies-kitchen.eu': { 'webroot_config': { 'owner': 'sophie', 'group': 'sophie', 'mode': '0755', }, }, }, }, 'nodejs': { 'version': 20, }, 'ntfy': { 'domain': 'ntfy.sophies-kitchen.eu', 'allow_unauthorized_write': True, }, 'postgresql': { 'version': '11', }, 'sysctl': { 'options': { # XXX find out if this is really needed 'net.ipv4.conf.all.forwarding': '1', 'net.ipv6.conf.all.forwarding': '1', }, }, 'vm': { 'cpu': 2, 'ram': 4, }, 'users': { 'sophie': { 'enable_linger': True, 'ssh_pubkey': [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon" ], }, }, 'zfs': { "datasets": { "tank/webdump": { "mountpoint": "/var/www/webdump.sophies-kitchen.eu", "needed_by": [ "directory:/var/www/webdump.sophies-kitchen.eu" ] } }, 'pools': { 'tank': { 'when_creating': { 'config': [{ 'devices': { '/dev/disk/by-id/scsi-0HC_Volume_23952298', }, }] }, }, }, }, }, }