# To use the serial console in iRMC, set up grub as follows: # GRUB_TIMEOUT=30 # GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200 console=tty0" # GRUB_TERMINAL=serial # GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" nodes['rx300'] = { 'hostname': '31.47.232.106', 'bundles': { 'check-mail-received', 'element-web', 'gitea', 'jenkins-ci', 'lm-sensors', 'miniflux', 'nodejs', 'php', 'postgresql', 'smartd', 'travelynx', 'vmhost', 'zfs', }, 'groups': { 'debian-bullseye', 'webserver', }, 'metadata': { 'interfaces': { 'br0': { 'ips': { '31.47.232.106/29', '2a00:f820:528::2/64', }, 'gateway4': '31.47.232.105', 'gateway6': '2a00:f820:528::1', }, }, 'apt': { 'packages': { 'ipmitool': {}, # for franzi.business deployment 'ruby': {}, 'ruby-dev': {}, 'ruby-bundler': {}, # more php 'php-imagick': {}, 'php-yaml': {}, # used by user:kunsi 'mosh': {}, 'weechat': {}, 'weechat-core': {}, 'weechat-curses': {}, 'weechat-perl': {}, 'weechat-plugins': {}, 'weechat-python': {}, 'weechat-ruby': {}, }, 'repos': { # XXX remove this once nginx.org has packages for debian bullseye 'nginx': { 'items': atomic({ 'deb http://nginx.org/packages/debian buster nginx', }), }, 'weechat': { 'items': { 'deb https://weechat.org/debian {os_release} main', }, }, }, }, 'backup-client': { 'pre-hooks': { # 'kunsi-weechat': \ # 'echo \'core.weechat */layout store\' >> /home/kunsi/.weechat/weechat_fifo\n' \ # 'echo \'core.weechat */save\' >> /home/kunsi/.weechat/weechat_fifo\n', }, }, 'backups': { 'paths': { '/home/kunsi/.weechat', }, }, 'check-mail-received': { 't-online': { 'email': 'franzi.kunsmann@t-online.de', 'imap_host': 'secureimap.t-online.de', 'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'), }, }, 'element-web': { 'url': 'chat.franzi.business', 'version': 'v1.7.32', 'config': { 'default_server_config': { 'm.homeserver': { 'base_url': 'https://matrix.franzi.business', 'server_name': 'franzi.business', }, }, 'brand': 'franzi.business', 'showLabsSettings': True, 'integrations_ui_url': 'https://dimension.franzi.business/riot', 'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar', 'integrations_widgets_urls': { 'https://dimension.franzi.business/widgets' }, 'default_theme': 'dark', 'defaultCountryCode': 'DE', 'jitsi': { 'preferredDomain': 'meet.ffmuc.net', }, }, }, 'gitea': { 'version': '1.14.5', 'sha256': '8a6f7983bd47690e6087e14b7a32d6fb0b8868b137da0ea5edff28c32763ca6d', 'domain': 'git.franzi.business', 'email_domain_blocklist': { 'gmail.com', 'yahoo.com', 'aol.com', 'comcast.net', 'verizon.net', 'hotmail.com', 'cox.net', 'msn.com', }, 'enable_git_hooks': True, 'install_ssh_key': True, 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='), 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'), 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'), 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='), }, 'icinga_options': { 'pretty_name': 'franzi.business', }, 'jenkins-ci': { 'install_ssh_key': True, 'domain': 'jenkins.franzi.business', }, 'letsencrypt': { # 'concat_and_deploy': { # 'kunsi-weechat': { # 'match_domain': 'part.of.the.trans-agenda.eu', # 'target': '/home/kunsi/.weechat/ssl/relay.pem', # 'chown': 'kunsi:kunsi', # 'chmod': '0440', # 'commands': [ # 'echo \'core.weechat */relay sslcertkey\' >> /home/kunsi/.weechat/weechat_fifo' # ], # }, # }, # 'domains': { # 'part.of.the.trans-agenda.eu': set(), # }, }, 'miniflux': { 'domain': 'rss.franzi.business', }, 'nginx': { 'vhosts': { 'element-web': {'ssl': '_.franzi.business'}, 'gitea': {'ssl': '_.franzi.business'}, 'jenkins-ci': {'ssl': '_.franzi.business'}, 'miniflux': {'ssl': '_.franzi.business'}, 'travelynx': {'ssl': '_.franzi.business'}, 'daskritzelt-redirect': { 'domain': 'die-brontosaurier-waren-es.org', 'ssl': None, 'locations': { '/': { 'redirect': 'https://twitter.com/daskritzelt/status/1259167444373028864', }, }, }, 'franzi.business': { 'webroot': '/var/www/franzi.business/_site/', 'ssl': '_.franzi.business', 'locations': { '/.well-known/matrix/client': { 'return': json_dumps({ 'm.homeserver': { 'base_url': 'https://matrix.franzi.business', }, 'm.identity_server': { 'base_url': 'https://matrix.org', }, 'im.vector.riot.jitsi': { 'preferredDomain': 'meet.ffmuc.net', }, }, sort_keys=True), 'additional_config': { 'default_type application/json', 'add_header Access-Control-Allow-Origin *', }, }, '/.well-known/matrix/server': { 'return': json_dumps({ 'm.server': 'matrix.franzi.business:443', }, sort_keys=True), 'additional_config': { 'default_type application/json', 'add_header Access-Control-Allow-Origin *', }, }, }, }, 'kunbox.net': {}, 'kunsmann.eu': { 'locations': { '/': { 'redirect': 'https://franzi.business$request_uri', }, '/.well-known/openpgpkey': { 'alias': '/var/www/kunsmann.eu/.well-known/openpgpkey/', 'additional_config': { 'default_type application/octet-stream', 'add_header Access-Control-Allow-Origin *', }, }, }, }, 'paste.franzi.business': { 'webroot': '/home/kunsi/public_html', 'ssl': '_.franzi.business', 'extras': True, }, 'unicornsden-redirect': { 'domain': 'unicornsden.franzi.business', 'ssl': '_.franzi.business', 'locations': { '/': { 'redirect': 'https://map.unicornsden.com/', }, }, }, 'unicornsden': { 'domain': 'map.unicornsden.com', 'php': True, 'webroot_config': { 'owner': 'jenkins', 'group': 'jenkins', 'mode': '0755', }, }, 'wiki.franzi.business': { 'ssl': '_.franzi.business', 'extras': True, 'php': True, 'webroot_config': { 'owner': 'www-data', 'group': 'www-data', }, 'website_check_path': '/start?do=login', 'website_check_string': 'Username', }, }, }, 'php': { 'version': '8.0', 'packages': { 'gd', 'imap', 'intl', 'mbstring', 'opcache', 'pgsql', 'readline', 'xml', }, }, 'postgresql': { 'version': '13', }, 'smartd': { 'disks': { '/dev/nvme0', }, }, 'systemd-networkd': { 'bridges': { 'br0': { 'match': { 'eno1', }, }, }, }, 'travelynx': { 'version': '1.20.3', 'mail_from': 'travelynx@franzi.business', 'domain': 'travelynx.franzi.business', }, 'users': { 'kunsi': { 'enable_linger': True, 'groups': { 'libvirt', }, }, }, 'zfs': { 'module_options': { 'zfs_arc_max_gb': 16, }, 'pools': { 'tank': [{ 'type': 'raidz', 'devices': { '/dev/sda', '/dev/sdb', '/dev/sdc', '/dev/sdd', }, }], }, 'datasets': { 'tank/libvirt': { 'mountpoint': '/var/lib/libvirt', 'compression': 'on', 'needed_by': { 'bundle:vmhost', }, }, 'tank/home-kunsi': { 'mountpoint': '/home/kunsi', 'needed_by': { 'directory:/home/kunsi', }, }, }, }, 'vm': { 'cpu': 32, 'ram': 256, }, }, }