# To use the serial console in iRMC, set up grub as follows: # GRUB_TIMEOUT=30 # GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200 console=tty0" # GRUB_TERMINAL=serial # GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" nodes['rx300'] = { 'hostname': '31.47.232.106', 'bundles': { 'check-mail-received', 'ipmitool', 'jenkins-ci', 'jugendhackt_tools', 'lm-sensors', 'minecraft', 'nodejs', 'oidentd', 'php', 'postgresql', 'redis', 'smartd', 'unbound', 'vmhost', 'zfs', }, 'groups': { 'debian-bullseye', 'webserver', }, 'metadata': { 'interfaces': { 'br0': { 'ips': { '31.47.232.106/29', '2a00:f820:528::2/64', }, 'gateway4': '31.47.232.105', 'gateway6': '2a00:f820:528::1', }, }, 'apt': { 'packages': { # for franzi.business deployment 'ruby': {}, 'ruby-dev': {}, 'ruby-bundler': {}, # for `bw test` on jenkins 'bind9utils': {}, }, }, 'check-mail-received': { 't-online': { 'email': 'franzi.kunsmann@t-online.de', 'imap_host': 'secureimap.t-online.de', 'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'), }, }, 'icinga_options': { 'pretty_name': 'franzi.business', 'vars.notification.sms': False, }, 'jenkins-ci': { 'install_ssh_key': True, 'domain': 'jenkins.franzi.business', 'writeable_paths': { '/var/www/franzi.business', # for deployment task }, }, 'jugendhackt_tools': { 'allowed_hosts': ['jh.franzi.business'], 'timezone': 'Europe/Berlin', }, 'minecraft': { 'heap_mb': 16*1024, 'sha1': '82be5e1bbdfd1bcb001644780562282fd42ee5a9', 'version': ('1.19.2', '261'), 'allowlist': { # use https://mcuuid.net/ 'kunsi': 'a2b93640-9dff-4c3c-a6c7-bd75329d8997', 'sophie': '7e593cbb-9d61-4d46-a416-6edbcf8a2109', }, 'ops': { 'kunsi': 'a2b93640-9dff-4c3c-a6c7-bd75329d8997', }, 'restrict-to': {'*'}, }, 'nginx': { 'security.txt': { 'contact': 'mailto:security@kunsmann.eu', 'Encryption': 'https://franzi.business/gpg_hi-kunsmann.eu.asc', }, 'vhosts': { 'jenkins-ci': {'ssl': '_.franzi.business'}, 'jugendhackt_tools': { 'domain': 'jh.franzi.business', 'ssl': '_.franzi.business', 'locations': { '/': { 'target': 'http://127.0.0.1:22090/', }, '/static/': { 'alias': '/opt/jugendhackt_tools/src/static/', }, }, }, }, 'worker_processes': 8, }, 'oidentd': { 'allows': { 'kunsi': { 'spoof', 'spoof_all', }, }, }, 'php': { 'version': '8.0', 'packages': { 'gd', 'imagick', 'imap', 'intl', 'mbstring', 'opcache', 'pgsql', 'readline', 'xml', 'yaml', }, }, 'postgresql': { 'version': '13', 'max_connections': 500, 'autovacuum_max_workers': 12, 'maintenance_work_mem': 2*1024, 'work_mem': 8*1024, 'cache_size': 32*1024, }, 'smartd': { 'disks': { '/dev/nvme0', }, }, 'systemd': { 'journal': { 'maxuse': '4G', }, }, 'systemd-networkd': { 'bridges': { 'br0': { 'match': { 'eno1', }, }, }, }, 'systemd-timers': { 'timers': { 'cleanup-paste.franzi.business': { 'command': '/usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;', 'user': 'kunsi', 'when': 'daily', }, }, }, 'unbound': { 'threads': 8, 'cache_slabs': 8, }, 'zfs': { 'module_options': { 'zfs_arc_max_gb': 48, }, 'pools': { 'tank': { 'when_creating': { 'config': [{ 'type': 'raidz', 'devices': { '/dev/sda', '/dev/sdb', '/dev/sdc', '/dev/sdd', }, }], 'ashift': 12, }, }, }, 'datasets': { 'tank/libvirt': { 'mountpoint': '/var/lib/libvirt', 'compression': 'on', 'needed_by': { 'bundle:vmhost', }, }, 'tank/home-kunsi': { 'mountpoint': '/home/kunsi', 'needed_by': { 'directory:/home/kunsi', }, }, }, }, 'vm': { 'cpu': 32, 'ram': 256, }, }, }