# sophie's miniserver # mostly unmanaged nodes['htz-cloud.miniserver'] = { 'groups': { 'debian-buster', 'webserver', }, 'bundles': { 'iptables', }, 'metadata': { 'dummy': True, 'interfaces': { 'eth0': { 'ips': { '157.90.20.62', '2a01:4f8:c2c:840f::1/64', }, 'gateway4': '172.31.1.1', 'gateway6': 'fe80::1', }, }, 'apt': { 'packages': { 'mosh': {}, 'weechat': {}, 'weechat-core': {}, 'weechat-curses': {}, 'weechat-perl': {}, 'weechat-plugins': {}, 'weechat-python': {}, 'weechat-ruby': {}, }, 'repos': { 'weechat': { 'items': { 'deb https://weechat.org/debian {os_release} main', }, }, }, }, 'backups': { 'exclude_from_backups': True, }, 'icinga_options': { 'exclude_from_monitoring': True, }, 'iptables': { 'custom_rules': [ 'iptables_both -A INPUT -p udp --dport 60000:61000 -j ACCEPT', # mosh 'iptables_both -A INPUT -p tcp --dport 9001 -j ACCEPT', # weechat ], }, 'letsencrypt': { 'concat_and_deploy': { 'sophie-weechat': { 'match_domain': 'i.sophies-kitchen.eu', 'target': '/home/sophie/.weechat/ssl/relay.pem', 'chown': 'sophie:sophie', 'chmod': '0440', 'commands': [ 'echo \'core.weechat */relay sslcertkey\' >> /home/sophie/.weechat/weechat_fifo' ], }, }, 'domains': { 'i.sophies-kitchen.eu': set(), 'webdump.sophies-kitchen.eu': set(), }, }, 'nginx': { 'vhosts': { 'webdump.sophies-kitchen.eu': { 'webroot_config': { 'owner': 'sophie', 'group': 'sophie', 'mode': '0755', }, 'extras': True, }, }, }, 'vm': { 'cpu': 2, 'ram': 4, }, 'users': { 'sophie': { 'ssh_pubkey': [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon" ], }, }, }, }