hostname = "193.135.9.29"
groups = [
    "debian-bookworm",
    "webserver",
]
bundles = [
    "check-mail-received",
    "dovecot",
    "forgejo",
    "matrix-media-repo",
    "matrix-stickerpicker",
    "matrix-synapse",
    "mautrix-telegram",
    "mautrix-whatsapp",
    "miniflux",
    "netbox",
    "nextcloud",
    "ntfy",
    "oidentd",
    "php",
    "postfixadmin",
    "postgresql",
    "redis",
    "rspamd",
    "smartd",
    "travelynx",
    "weechat",
    "zfs",
]

# for auto-deployment of salonkatrin.de
[metadata.apt.packages.jekyll]

[metadata.check-mail-received.t-online]
email = "franzi.kunsmann@t-online.de"
imap_host = "secureimap.t-online.de"
imap_pass = "!bwpass_attr:t-online.de/franzi.kunsmann@t-online.de:imap"

[metadata.forgejo]
version = "10.0.1"
sha1 = "4bfe8cbe979ef8896e294ca662f4cf62af01531c"
domain = "git.franzi.business"
enable_git_hooks = true
install_ssh_key = true
internal_token = "!decrypt:encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=="
lfs_secret_key = "!decrypt:encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr"
oauth_secret_key = "!decrypt:encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz"
security_secret_key = "!decrypt:encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4="

[metadata.interfaces.'eno*']
ips = [
    "193.135.9.29/24",
    "2a0a:51c0:0:225::2/64",
]
gateway4 = "193.135.9.1"
gateway6 = "2a0a:51c0:0:225::1"

[metadata.matrix-media-repo]
admins = ["@kunsi:franzi.business"]
datastore_id = "3fff5da324ed784c771d638bb6be5917"
sha1 = "453c12cfb9f2c44c509620b63f94f8a9e2d048ef"
upload_max_mb = 500
version = "v1.3.8"
[metadata.matrix-media-repo.homeservers.'franzi.business']
api = "synapse"
domain = "http://[::1]:20080/"
signing_key_path = "/etc/matrix-synapse/mmr.signing.key"

[metadata.matrix-stickerpicker]
# use this bot token: encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q
domain = "matrix-stickers.franzi.business"
[metadata.matrix-stickerpicker.config]
access_token = "!decrypt:encrypt$gAAAAABg-wBmGbAy-Ou1mkG2w5UyoqWmWYzDr4ZavyUQdmG_VtrUSmwHjx-qcBGIz_7NniD3zKm9GGvzRZItDu5zYiojcudYr74TkWJKhdDrgFbcWlfJJ_m3bWzrSORaTYzBGRckp2Vz_8xHgDk1W03vpT6mdIPMDzjuINssIcPs0YDth25W942tMfPA2csvLADY50qVRMJpdBOVIWba55o0g6-mAAQLOz6Ld4cCvYqZsqXsxjT8JUytJv_uSG4zgCS_aX20JlAyJWpJgT8FQF5HzIbsko_-Z9-TwtY7yllJp5Ri3n0WaDaWoMmUfhLvkMJeymmOc32A4WJBAePQ_2F-_oUDE7t97A-m3ZiMVAEefDnH5MkoiQEJTfHrJsXRkdBT_BnJlY1CoAuXpRYDdvbVDwN_qZHHHtqsno437l9S6GgDK_-sKBiojYkYsfHcJCdSEqeFGuxT"
homeserver = "https://matrix.franzi.business"
user_id = "@dimension:franzi.business"

[metadata.matrix-synapse]
admin_contact = "mailto:hostmaster@kunbox.net"
baseurl = "matrix.franzi.business"
server_name = "franzi.business"
trusted_key_servers = ["matrix.org", "161.rocks"]
additional_client_config.'im.vector.riot.jitsi'.preferredDomain = "meet.ffmuc.net"
wellknown_also_on_vhosts = ["franzi.business"]
[metadata.matrix-synapse.sliding_sync]
version = "v0.99.15"
sha1 = "cecb371ff5f1dd528cfc490484a0967dcc28cd82"
secret = "!decrypt:encrypt$gAAAAABl9yJlbEZafJ2mumtg03rW0-440NIgFcgdWGMo3Axrypugwctacy9Cq7MYtCBGjnDyNvVLI5B2QMJ9ssCD46NCsFRN3-X4u9rDtxPhRZV7rls_LQ_Csc_GsffJfvpmHbn_wsljd3I74h4ouWlYhhEQUIKwb3eErSZ_VTZhu_bC4jTa0FY="

[metadata.mautrix-telegram]
version = "v0.15.2"
homeserver.domain = "franzi.business"
homeserver.url = "https://matrix.franzi.business"
telegram.api_id = "!decrypt:encrypt$gAAAAABfVK5SmDDru-UQxitkE5VhPArnUBhaRbAqQPvAW2Fh3fd1XDrWxa3Qn4BSnJAPNWglH5wil_SXUMcIm95FMhPe8dVeMQ=="
telegram.api_token = "!decrypt:encrypt$gAAAAABfVK5jHuUly1xr9Iku362k7oF4ZYRhLGzNJh3aJpiNrLfAy_DJpTwucx4FV_g45dyQF5boqG2rgdDfwsJN_Ab95es6T4SPGiXIxJOBlvIln1Torwh16pXKchhUTn_PQ077Ll1W"
# same as for matrix-dimension
telegram.bot_token = "!decrypt:encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q"
provisioning.enabled = true
provisioning.shared_secret = "!decrypt:encrypt$gAAAAABfVKflEMAi07C_QGP8cy97hF-4gGPym0oF6p4WSMdAveTpx-hFsZd2s7v9ubw99yIsyKx0dHOJI0UND7hV1rKZdvjy4Qa642abZ2wwW7SWTqvuP_qVtrf6-klc2QKTzeD9c_LVsyZ2dqz_JxRPq3MRXgkubZuWOZ6FmFlAlteTffoGfWE="
[metadata.mautrix-telegram.permissions]
"'*'" = "relaybot"
'franzi.business' = "full"
"'@kunsi:franzi.business'" = "admin"

[metadata.mautrix-whatsapp]
version = "v0.11.3"
sha1 = "f1daba15750313fe205f6d3af2594f11992f0a35"
permissions."'@kunsi:franzi.business'" = "admin"
[metadata.mautrix-whatsapp.homeserver]
domain = "franzi.business"
url = "https://matrix.franzi.business"

[metadata.miniflux]
domain = "rss.franzi.business"

[metadata.netbox]
domain = "netbox.franzi.business"
version = "v4.2.4"
admins.kunsi = "hostmaster@kunbox.net"

[metadata.nextcloud]
domain = "warnochwas.de"

[metadata.nginx.'security.txt']
contact = "mailto:security@kunsmann.eu"
Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc"

[metadata.nginx.vhosts.'afra.berlin'.locations.'/']
redirect = "https://afra-berlin.de"
mode = 302

[metadata.nginx.vhosts.forgejo]
domain_aliases = ["git.kunsmann.eu"]

[metadata.nginx.vhosts.'franzi.business']
domain = "franzi.business"
webroot_config.owner = "kunsi"

[metadata.nginx.vhosts.'gaenseblum.eu'.webroot_config]
owner = "skye"

[metadata.nginx.vhosts.kunsitracker]
domain = "kunsitracker.de"
locations.'/'.target = "https://travelynx.franzi.business/"
locations.'/'.proxy_pass_host = "travelynx.franzi.business"
locations.'= /'.target = "https://travelynx.franzi.business/p/Kunsi"
locations.'= /'.proxy_pass_host = "travelynx.franzi.business"

[metadata.nginx.vhosts.mta-sts]
domain = "mta-sts.kunbox.net"
domain_aliases = [
    "mta-sts.franzi.business",
    "mta-sts.kunsmann.eu",
]
force_domain = false

[metadata.nginx.vhosts.redirector]
domain = "kunbox.net"
domain_aliases = [
    "carlene.kunbox.net",
    "kunsmann.eu",
]
[metadata.nginx.vhosts.redirector.locations.'/']
redirect = "https://franzi.business/"
[metadata.nginx.vhosts.redirector.locations.'/.well-known/openpgpkey/']
alias = "/var/www/franzi.business/.well-known/openpgpkey"
additional_config = [
    "add_header Access-Control-Allow-Origin *",
    "default_type application/octet-stream",
]

[metadata.ntfy]
domain = "ntfy.franzi.business"
ratelimit-exempt-hosts = [
    "carlene",
    "icinga2",
]

[metadata.php]
packages = [
    'gd',
    'imagick',
    'imap',
    'intl',
    'mbstring',
    'opcache',
    'pgsql',
    'readline',
    'xml',
    'yaml',
]

[metadata.postfix]
message_size_limit_mb = 100
myhostname = "mail.franzi.business"
blocked_recipients = [
    "!decrypt:encrypt$gAAAAABlrPHMqx7o9pscfSx4Elayrzwun9jcTYOM4XrcAoUWaHJ9vP_7P5G7V3nwdB8pWfObNew-2IOihn5EPS-0ej2gn9rI4iDnMG_6S2IBCDYMqZMn1W0=", # deadname
    "tectu@kunsmann.eu",
]

[metadata.postfixadmin]
domain = "postfixadmin.franzi.business"
setup_password = "!decrypt:encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=="
version = "3.3.15"

[metadata.postgresql]
version = 15

[metadata.rspamd]
ignore_spam_check_for_ips = [
    # entropia
    '45.140.180.32/27', # Entropia e. V.
    '45.140.180.112/28', # MicroPOC
    '2a0e:c5c0:0:201::/64', # Entropia e. V.
    '2a0e:c5c0:0:307::/64', # MicroPOC

    # c3kl
    '116.202.19.236',
    '2a01:4f8:1c17:cc52::/64',

    # ccc
    '212.12.55.65',
    '212.12.55.67',
    '2a00:14b0:4200:3000:23:55:0:65',

    # IN-Berlin mailman
    '130.133.8.35',
    '192.109.42.28',
    '192.109.42.122',
    '193.29.188.9',
    '217.197.80.23',
    '217.197.80.134',
    '2001:bf0:c000:a::2:134',

    # c3voc
    '185.106.84.32/26',
    '2001:67c:20a0:e::/64',

    # DENOG
    '195.20.121.100',
    '2001:1440:201:101::5',
]
password = "!bwpass:bw/rx300/rspamd"
dkim = "uO4aNejDvVdw8BKne3KJIqAvCQMJ0416"

[metadata.smartd]
disks = [
    "/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00B00_S677NF0W503350",
    "/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00B00_S677NX0W114380",
]

[metadata.travelynx]
version = "2.10.2"
mail_from = "travelynx@franzi.business"
domain = "travelynx.franzi.business"

[metadata.users.skye]
ssh_pubkey = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCO0KG3/hnMO6UsReyEHvV4y7fYmJGQeCVnmw2xUoM4so2ZacWDi27aQbMq6wWb/JsUh4j3OOvEfNvf27LU6wpqcxM/QO22YjLsOtVzVnGjupsKAnN/nKy+X7KhspaF9qKFpmseBpuEAAnaxnreEFNC2tHarzJzgj+Y+Bmkg4tnMWsVc6EoBp1R2xmsdeRtgcQwms3xX9COeAjkFNgniGfqigO2AxPgC68h3GqSlcPzgpJ7ukvtCRCs/g3R+9GCnxsamd3AYhaRCIKauIyA44WqtH8lAH5+g16tU8WYcK1KySuwLt418kXDDJrZXaOLbxRl+jrShIdPoGhqs1y6KlOVTbj9TBVGt8CtV8JsLwzH2GCdLjImcXWUob2j2sxgBGTWiTfWf98XBLmBQwbAlBJ01gsHhJxDx0E2ttxueSjyg4hTzWCH0TlRmbpUDdIlqLgwHxmh97YFF5oqkgWGjSt7jxrW8Q9+FeMi5L2qHzKez5Z3quOhDIXWjEcpxqQQ2Lc=",
]

[metadata.weechat]
user = "kunsi"
relay_domain = "irc.franzi.business"

[[metadata.zfs.pools.tank.when_creating.config]]
devices = [
    "/dev/nvme0n1p3",
    "/dev/nvme1n1p3",
]
type = "mirror"

[metadata.zfs.datasets.tank]
primarycache = "metadata"

[metadata.zfs.datasets.'tank/sewfile']
mountpoint = "/mnt/sewfile/"

[metadata.vm]
cpu = 24
ram = 64