# sophie's miniserver

nodes['htz-cloud.miniserver'] = {
    'bundles': {
        'element-web',
        'hedgedoc',
        'matrix-dimension',
        'matrix-media-repo',
        'matrix-synapse',
        'nodejs',
        'mautrix-telegram',
        'postgresql',
    },
    'groups': {
        'debian-bullseye',
        'webserver',
    },
    'metadata': {
        'interfaces': {
            'eth0': {
                'ips': {
                    '157.90.20.62',
                    '2a01:4f8:c2c:840f::1/64',
                },
                'gateway4': '172.31.1.1',
                'gateway6': 'fe80::1',
            },
        },
        'apt': {
            'packages': {
                'mosh': {},
                'weechat': {},
                'weechat-core': {},
                'weechat-curses': {},
                'weechat-perl': {},
                'weechat-plugins': {},
                'weechat-python': {},
                'weechat-ruby': {},
            },
            'repos': {
                'weechat': {
                    'items': {
                        'deb https://weechat.org/debian {os_release} main',
                    },
                },
            },
        },
        'backup-client': {
            'pre-hooks': {
                'sophie-weechat': \
                    'echo \'core.weechat */layout store\' >> /home/sophie/.weechat/weechat_fifo\n' \
                    'echo \'core.weechat */save\' >> /home/sophie/.weechat/weechat_fifo\n',
            },
            'target': "htz-hel.backup-sophie",
        },
        'backups': {
            'paths': {
                '/home/sophie/.weechat',
            },
        },
        'element-web': {
            'url': 'chat.sophies-kitchen.eu',
            'version': 'v1.10.4',
            'config': {
                'default_server_config': {
                    'm.homeserver': {
                        'base_url': 'https://matrix.sophies-kitchen.eu',
                        'server_name': 'sophies-kitchen.eu',
                    },
                },
                'brand': 'sophies-kitchen.eu',
                'showLabsSettings': True,
                'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot',
                'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar',
                'integrations_widgets_urls': {
                    'https://dimension.sophies-kitchen.eu/widgets'
                },
                'default_theme': 'dark',
                'defaultCountryCode': 'DE',
                'jitsi': {
                    'preferredDomain': 'meet.ffmuc.net',
                },
            },
        },
        'hedgedoc': {
            'version': '1.9.2',
            'config': {
                'production': {
                    'allowAnonymousEdits': True,
                    'domain': 'pad.sophies-kitchen.eu',
                },
            },
        },
        'icinga_options': {
            'pretty_name': 'sophies-kitchen.eu',
            'vars.notification.sms': False,
        },
        'letsencrypt': {
            'concat_and_deploy': {
                'sophie-weechat': {
                    'match_domain': 'i.sophies-kitchen.eu',
                    'target': '/home/sophie/.weechat/ssl/relay.pem',
                    'chown': 'sophie:sophie',
                    'chmod': '0440',
                    'commands': [
                        'echo \'core.weechat */relay sslcertkey\' >> /home/sophie/.weechat/weechat_fifo'
                    ],
                },
            },
            'domains': {
                'i.sophies-kitchen.eu': set(),
                'webdump.sophies-kitchen.eu': set(),
                'matrix.sophies-kitchen.eu': {
                    'sophies-kitchen.eu',
                },
            },
        },
        'matrix-dimension': {
            'url': 'dimension.sophies-kitchen.eu',
            'version': 'c6d047c', # XXX master is broken as of 2021-11-27
            'homeserver': {
                'name': 'sophies-kitchen.eu',
                'clientServerUrl': 'https://matrix.sophies-kitchen.eu',
                'accessToken': vault.decrypt('encrypt$gAAAAABg4btB0KGk068ahGZzR0w_Lm1bj1wUbB2WfNNs2bp3PwM4Ftp6MjQnrF-CejZfrF0NjPJw9Z4MrgileHP0sVw04mvgKSHfTf8gv4kTB6WuCIxHeMWHUDx00LTWL73fSlhCK0o1'),
            },
            'admins': [
                '@sophie:sophies-kitchen.eu',
            ],
            'telegram': {
                'botToken': vault.decrypt('encrypt$gAAAAABg4bcQVzBF_iXdDtjRQD-O37GHdbHwWXyhCLPOuJLbv3ezUeXKR203hkCXkjfItSHi4NiTEgQPadDZTRkavaRpvAoaQV1a4srCS_Y-NU4RiOmkrVFJ_Xhw6UZvwjQUQ0QPOx9t'),
            },
        },
        'matrix-media-repo': {
            'version': 'v1.2.10',
            'homeservers': {
                'sophies-kitchen.eu': {
                    'domain': 'http://[::1]:20080/',
                    'api': 'synapse',
                },
            },
            'admins': {
                '@sophie:sophies-kitchen.eu',
            },
            'upload_max_mb': 500,
        },
        'matrix-synapse': {
            'server_name': 'sophies-kitchen.eu',
            'baseurl': 'matrix.sophies-kitchen.eu',
            'admin_contact': 'mailto:foobar@sophies-kitchen.eu',
            'trusted_key_servers': {
                'matrix.org',
            },
        },
        'mautrix-telegram': {
            'version': 'v0.11.2',
            'homeserver': {
                'domain': 'sophies-kitchen.eu',
                'url': 'https://matrix.sophies-kitchen.eu',
            },
            'provisioning': {
                'enabled': False,
                'shared_secret': '""',
            },
            'permissions': {
                'sophies-kitchen.eu': 'full',
                "'@sophie:sophies-kitchen.eu'": 'admin',
            },
            'telegram': {
                'api_id': vault.decrypt('encrypt$gAAAAABgnqdXhCTwtCXJhSaCZsiNfHPtjwlYtV1sUAux7JZdejN3xItU9RJLeNu4gUniv36XbBoxKwVtqqyV3RcAs-PgumcfYQ=='),
                'api_token': vault.decrypt('encrypt$gAAAAABgnqd5IdpYRmW-C4ONBSXQfiJrpTVQX0rP0eKoDnLnVTLg-5olSjcw2gVvEKWLnsGEZIgVcG7yEs-sqYRxeiQLFFpSn-Z4We0mhj0CUeFoD-eXJsp-bAgLv9PJoMv5Gjb8r9i6'),
                'bot_token': '""',
            },
        },
        'nameservers': {
                '213.133.98.98',
                '213.133.99.99',
                '213.133.100.100',
                '2a01:4f8:0:1::add:1010',
                '2a01:4f8:0:1::add:9999',
                '2a01:4f8:0:1::add:9898',
        },
        'nftables': {
            'rules': {
                '50-sophie-weechat': [
                    'inet filter input udp dport { 60000-61000 } accept',
                    'inet filter input tcp dport 9001 accept',
                ],
            },
        },
        'nginx': {
            'vhosts': {
                'matrix-dimension': {
                    'extras': True,
                },
                'sophies-kitchen.eu': {
                    'webroot': '/var/www/sophies-kitchen.eu/_site/',
                    'extras': True,
                },
                'matrix-synapse': {
                    'domain': 'matrix.sophies-kitchen.eu',
                },
                'webdump.sophies-kitchen.eu': {
                    'webroot_config': {
                        'owner': 'sophie',
                        'group': 'sophie',
                        'mode': '0755',
                    },
                    'extras': True,
                },
                'recipes.sophies-kitchen.eu': {
                    'webroot_config': {
                        'owner': 'sophie',
                        'group': 'sophie',
                        'mode': '0755',
                    },
                },
            },
        },
        'postgresql': {
            'version': '11',
        },
        'sysctl': {
            'options': {
                # XXX find out if this is really needed
                'net.ipv4.ip_forward': '1',
                'net.ipv6.conf.all.forwarding': '1',
            },
        },
        'vm': {
            'cpu': 2,
            'ram': 4,
        },
        'users': {
            'sophie': {
                'enable_linger': True,
                'ssh_pubkey': [
                    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon"
                ],
            },
        },
    },
}