nodes['htz.ex42-1048908'] = { 'bundles': { 'gitea', 'jenkins-ci', 'matrix-synapse', 'mautrix-telegram', 'mx-puppet-discord', 'nodejs', 'riot-web', 'postgresql', 'travelynx', 'vmhost', 'voc-loudness-monitor', }, 'groups': { 'webserver', }, 'metadata': { 'interfaces': { 'enp0s31f6': { 'ipv4': { '94.130.52.224', }, 'ipv6': { '2a01:4f8:10b:2a5f::02', '2a01:4f8:10b:2a5f::1337', }, 'gateway4': '94.130.52.193', 'gateway6': 'fe80::1', }, }, 'apt': { 'packages': { # No need to create a bundle just to install packages, # configs will be managed by users nevertheless. Maybe # this will be a FIXME once we start managing backups # via bundlewrap. 'weechat': {}, 'weechat-core': {}, 'weechat-curses': {}, 'weechat-perl': {}, 'weechat-plugins': {}, 'weechat-python': {}, 'weechat-ruby': {}, }, 'unattended-upgrades': { 'origins': { 'site=weechat.org', # TODO move to bundles 'o=Rspamd,n=buster,l=Rspamd,c=main', # FIXME We can't upgrade miniflux automatically, # because the apt package doesn't (currently?) do # database migrations by itself. This leads to # miniflux not starting up after being upgraded. #'site=apt.miniflux.app', }, 'reboot': False, }, 'repos': { 'backports': { 'install_gpg_key': False, # default debian signing key 'items': [ 'deb http://deb.debian.org/debian {os_release}-backports main', ], }, 'miniflux': { 'items': { 'deb https://apt.miniflux.app/ /', }, }, 'rspamd': { 'items': { 'deb [arch=amd64] http://rspamd.com/apt-stable/ {os_release} main', }, }, 'weechat': { 'items': { 'deb https://weechat.org/debian {os_release} main', }, }, }, }, 'gitea': { 'version': '1.12.5', 'sha256': '8ed8bff1f34d8012cab92943214701c10764ffaca102e311a3297edbb8fce940', 'domain': 'git.kunsmann.eu', # TODO find out if those secrets can be rotated without breaking stuff 'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='), 'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'), 'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'), 'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='), }, 'letsencrypt': { 'concat_and_deploy': { 'kunsi-weechat': { 'match_domain': 'part.of.the.trans-agenda.eu', 'target': '/home/kunsi/.weechat/ssl/relay.pem', 'chown': 'kunsi:kunsi', 'chmod': '0440', 'commands': [ 'echo \'core.weechat */relay sslcertkey\' >> /home/kunsi/.weechat/weechat_fifo' ], }, }, 'domains': { 'matrix.franzi.business': { 'franzi.business', }, 'mx0.kunbox.net': set(), # TODO move to bundle 'part.of.the.trans-agenda.eu': set(), }, 'reload_after': { # TODO move to bundles 'dovecot', 'postfix', }, }, 'matrix-synapse': { 'server_name': 'franzi.business', 'baseurl': 'matrix.franzi.business', 'admin_contact': 'mailto:hostmaster@kunbox.net', 'appservice_configs': { # TODO move to bundles '/opt/matrix-bridges/mautrix-whatsapp/registration.yaml', }, 'trusted_key_servers': { 'matrix.org', 'finallycoffee.eu', 'nyantec.com', }, }, 'mautrix-telegram': { 'homeserver': { 'domain': 'franzi.business', 'url': 'https://matrix.franzi.business', }, 'provisioning': { 'enabled': True, 'shared_secret': vault.decrypt('encrypt$gAAAAABfVKflEMAi07C_QGP8cy97hF-4gGPym0oF6p4WSMdAveTpx-hFsZd2s7v9ubw99yIsyKx0dHOJI0UND7hV1rKZdvjy4Qa642abZ2wwW7SWTqvuP_qVtrf6-klc2QKTzeD9c_LVsyZ2dqz_JxRPq3MRXgkubZuWOZ6FmFlAlteTffoGfWE='), }, 'permissions': { "'*'": 'relaybot', 'nyantec.com': 'full', 'franzi.business': 'full', "'@kunsi:franzi.business'": 'admin', }, 'telegram': { 'api_id': vault.decrypt('encrypt$gAAAAABfVK5SmDDru-UQxitkE5VhPArnUBhaRbAqQPvAW2Fh3fd1XDrWxa3Qn4BSnJAPNWglH5wil_SXUMcIm95FMhPe8dVeMQ=='), 'api_token': vault.decrypt('encrypt$gAAAAABfVK5jHuUly1xr9Iku362k7oF4ZYRhLGzNJh3aJpiNrLfAy_DJpTwucx4FV_g45dyQF5boqG2rgdDfwsJN_Ab95es6T4SPGiXIxJOBlvIln1Torwh16pXKchhUTn_PQ077Ll1W'), 'bot_token': vault.decrypt('encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q'), }, }, 'mx-puppet-discord': { 'homeserver': { 'domain': 'franzi.business', 'url': 'https://matrix.franzi.business', }, 'allowed-users': { '@.*:franzi\\\\.business', }, }, 'nginx': { 'vhosts': { # TODO maybe some of this can be moved to a bundle? 'dav.kunsmann.eu': { 'extras': True, }, 'dimension.franzi.business': { 'extras': True, 'do_not_set_content_security_headers': True, 'proxy': { '/': { 'target': 'http://127.0.0.1:8184', }, }, }, 'franzi.business': { 'webroot': '/var/www/franzi.business/_site/', 'extras': True, }, 'jenkins.kunsmann.eu': { 'proxy': { '/': { 'target': 'http://localhost:22010/', }, }, }, 'kunbox.net': {}, 'kunsmann.eu': { 'extras': True, }, 'matrix.franzi.business': { 'extras': True, }, 'pad.franzi.business': { 'extras': True, }, 'paste.kunsmann.eu': { 'extras': True, }, 'postfixadmin.mx0.kunbox.net': { 'webroot': '/srv/postfixadmin/public/', 'index': 'index.php', 'php': True, # FIXME this assumes php 7.3 is installed and configured already }, 'rspamd.mx0.kunbox.net': { 'proxy': { '/': { 'target': 'http://localhost:11334/', }, }, }, 'rss.kunsmann.eu': { 'proxy': { '/': { 'target': 'http://localhost:8080/', }, }, }, 'travelynx.franzi.business': { 'proxy': { '/': { 'target': 'http://127.0.0.1:22020', }, }, 'extras': True, }, 'vliedel.random.franzi.business': {}, 'webmail.mx0.kunbox.net': { 'index': 'index.php', 'php': True, }, }, 'worker_processes': 4, }, 'riot-web': { 'url': 'chat.franzi.business', 'config': { 'default_server_name': 'franzi.business', 'brand': 'franzi.business', 'showLabsSettings': True, 'integrations_ui_url': 'https://dimension.franzi.business/riot', 'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar', 'integrations_widgets_urls': ['https://dimension.franzi.business/widgets'], 'default_theme': 'dark', 'defaultCountryCode': 'DE', 'features': { 'feature_bridge_state': 'labs', 'feature_font_scaling': 'labs', 'feature_irc_ui': 'labs', 'feature_mjolnir': 'labs', 'feature_presence_in_room_list': 'labs', }, }, }, 'travelynx': { 'version': '1.17.5', 'mail_from': 'travelynx@franzi.business', }, 'users': { 'feli': { 'ssh_pubkey': [ 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPTSLjSY/Be1XJ/klAwLiM1pKSvmbdcOgtgDB6nPcHkgX6JZu7g/Kejfuk4qIKL8GYYUQt7DlGY6n2u5rChWE/6KZJzXcUwS3pXk4LZ5KydWp7ihfvyRtUOBgKkRa1zQv+6KCH9WyR++ArwVTP8KSkrmDe6k7NWAjZqOuIJHG/AbEyTBapTJYjObZ0AM7wlwcB+oRM1BfZCP0Y+PIP2eGJS7Pyb32pITNKk3JuFXgAvbj5OeRrwtpZ9S+/7wIpaUVODPzrVmbC7vOXu/2KJ9aY2BmxUsxRbrvWMmWNiuE0YPt/7lUroK4pH3md3lWRcGUS/uYvhug7yG1yB81nyI15', ], }, 'kunsi': { 'groups': [ 'www-data', 'libvirt', ], }, 'vliedel': { 'ssh_pubkey': [ 'command="/usr/local/bin/rrsync /var/www/vliedel.random.franzi.business/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVOBnzs/QDzhvg70VK6xaV318Euaag1cWNjAJfsA266618UiZVx4xsHzNwYN960v0MhiVPMwnl3NoGWAT9/j/b5l3HAkihv4rEPYQkoGV0Mvtwee37dT5nCL8o54Kl+rhl4WPD4Ju5+iZ3AP84YMUJXUrETpZLRzQD1pKOWLaGxBSJolICjz5A7glDVNmvI8uH58EkzhA7q4lCPhzFLxfvFfJPRuEHdVViL2usvHpRnIDRQOCjLYF2fIpG3ULrvWGl4VZ+9cZCNqSN6ywjlH8U8e5Vc3Fi4sbqYh71LrBqs/lSJ+5BL9/rB3GZD1SVTbivyEDJGJu3HPDV4ahwYYKn minecraft@irc', ], }, }, 'vm': { 'cpu': 8, 'ram': 64, }, }, 'os': 'debian', 'os_version': (10, 5), }