hostname = "193.135.9.29" groups = [ "debian-bookworm", "webserver", ] bundles = [ "check-mail-received", "dovecot", "element-web", "forgejo", "matrix-media-repo", "matrix-stickerpicker", "matrix-synapse", "mautrix-telegram", "mautrix-whatsapp", "miniflux", "netbox", "nextcloud", "nodejs", "ntfy", "oidentd", "php", "postfixadmin", "postgresql", "redis", "rspamd", "smartd", "travelynx", "weechat", "zfs", ] # for auto-deployment of salonkatrin.de [metadata.apt.packages.jekyll] [metadata.check-mail-received.t-online] email = "franzi.kunsmann@t-online.de" imap_host = "secureimap.t-online.de" imap_pass = "!bwpass_attr:t-online.de/franzi.kunsmann@t-online.de:imap" [metadata.element-web] url = "chat.franzi.business" version = "v1.11.45" [metadata.element-web.config] default_server_config.'m.homeserver'.base_url = "https://matrix.franzi.business" default_server_config.'m.homeserver'.server_name = "franzi.business" brand = "franzi.business" defaultCountryCode = "DE" jitsi.preferredDomain = "meet.ffmuc.net" [metadata.forgejo] version = "1.20.5-1" sha1 = "9650694ec7969643ebb4dbdf2f27462af57284e6" domain = "git.franzi.business" enable_git_hooks = true install_ssh_key = true internal_token = "!decrypt:encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg==" lfs_secret_key = "!decrypt:encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr" oauth_secret_key = "!decrypt:encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz" security_secret_key = "!decrypt:encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4=" [metadata.interfaces.eno2] ips = [ "193.135.9.29/24", "2a0a:51c0:0:225::2/64", ] gateway4 = "193.135.9.1" gateway6 = "2a0a:51c0:0:225::1" [metadata.matrix-media-repo] admins = ["@kunsi:franzi.business"] datastore_id = "3fff5da324ed784c771d638bb6be5917" sha1 = "7a9976b09f6835171c610624f51b3cbf429bc0cf" upload_max_mb = 500 version = "v1.3.2" [metadata.matrix-media-repo.homeservers.'franzi.business'] api = "synapse" domain = "http://[::1]:20080/" [metadata.matrix-stickerpicker] # use this bot token: encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q domain = "matrix-stickers.franzi.business" [metadata.matrix-stickerpicker.config] access_token = "!decrypt:encrypt$gAAAAABg-wBmGbAy-Ou1mkG2w5UyoqWmWYzDr4ZavyUQdmG_VtrUSmwHjx-qcBGIz_7NniD3zKm9GGvzRZItDu5zYiojcudYr74TkWJKhdDrgFbcWlfJJ_m3bWzrSORaTYzBGRckp2Vz_8xHgDk1W03vpT6mdIPMDzjuINssIcPs0YDth25W942tMfPA2csvLADY50qVRMJpdBOVIWba55o0g6-mAAQLOz6Ld4cCvYqZsqXsxjT8JUytJv_uSG4zgCS_aX20JlAyJWpJgT8FQF5HzIbsko_-Z9-TwtY7yllJp5Ri3n0WaDaWoMmUfhLvkMJeymmOc32A4WJBAePQ_2F-_oUDE7t97A-m3ZiMVAEefDnH5MkoiQEJTfHrJsXRkdBT_BnJlY1CoAuXpRYDdvbVDwN_qZHHHtqsno437l9S6GgDK_-sKBiojYkYsfHcJCdSEqeFGuxT" homeserver = "https://matrix.franzi.business" user_id = "@dimension:franzi.business" [metadata.matrix-synapse] admin_contact = "mailto:hostmaster@kunbox.net" baseurl = "matrix.franzi.business" server_name = "franzi.business" trusted_key_servers = ["matrix.org", "finallycoffee.eu"] additional_client_config.'im.vector.riot.jitsi'.preferredDomain = "meet.ffmuc.net" wellknown_also_on_vhosts = ["franzi.business"] [metadata.mautrix-telegram] version = "v0.14.2" homeserver.domain = "franzi.business" homeserver.url = "https://matrix.franzi.business" telegram.api_id = "!decrypt:encrypt$gAAAAABfVK5SmDDru-UQxitkE5VhPArnUBhaRbAqQPvAW2Fh3fd1XDrWxa3Qn4BSnJAPNWglH5wil_SXUMcIm95FMhPe8dVeMQ==" telegram.api_token = "!decrypt:encrypt$gAAAAABfVK5jHuUly1xr9Iku362k7oF4ZYRhLGzNJh3aJpiNrLfAy_DJpTwucx4FV_g45dyQF5boqG2rgdDfwsJN_Ab95es6T4SPGiXIxJOBlvIln1Torwh16pXKchhUTn_PQ077Ll1W" # same as for matrix-dimension telegram.bot_token = "!decrypt:encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q" provisioning.enabled = true provisioning.shared_secret = "!decrypt:encrypt$gAAAAABfVKflEMAi07C_QGP8cy97hF-4gGPym0oF6p4WSMdAveTpx-hFsZd2s7v9ubw99yIsyKx0dHOJI0UND7hV1rKZdvjy4Qa642abZ2wwW7SWTqvuP_qVtrf6-klc2QKTzeD9c_LVsyZ2dqz_JxRPq3MRXgkubZuWOZ6FmFlAlteTffoGfWE=" [metadata.mautrix-telegram.permissions] "'*'" = "relaybot" 'franzi.business' = "full" "'@kunsi:franzi.business'" = "admin" [metadata.mautrix-whatsapp] version = "v0.10.2" sha1 = "938c970ff522e067aac0b753f5def94aacd11d81" permissions."'@kunsi:franzi.business'" = "admin" [metadata.mautrix-whatsapp.homeserver] domain = "franzi.business" url = "https://matrix.franzi.business" [metadata.miniflux] domain = "rss.franzi.business" [metadata.netbox] domain = "netbox.franzi.business" version = "v3.6.3" admins.kunsi = "hostmaster@kunbox.net" [metadata.nextcloud] domain = "warnochwas.de" [metadata.nginx.'security.txt'] contact = "mailto:security@kunsmann.eu" Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc" [metadata.nginx.vhosts.daskritzelt-redirect] domain = "die-brontosaurier-waren-es.org" ssl = false locations.'/'.redirect = "https://twitter.com/daskritzelt/status/1259167444373028864" locations.'/'.mode = 302 [metadata.nginx.vhosts.'franzi.business'] domain = "franzi.business" [metadata.nginx.vhosts.'gaenseblum.eu'.webroot_config] owner = "skye" [metadata.nginx.vhosts.mta-sts] domain = "mta-sts.kunbox.net" domain_aliases = [ "mta-sts.franzi.business", "mta-sts.kunsmann.eu", ] [metadata.nginx.vhosts.redirector] domain = "kunbox.net" domain_aliases = [ "carlene.kunbox.net", "kunsmann.eu", ] [metadata.nginx.vhosts.redirector.locations.'/'] redirect = "https://franzi.business/" [metadata.nginx.vhosts.redirector.locations.'/.well-known/openpgpkey/'] alias = "/var/www/franzi.business/.well-known/openpgpkey" additional_config = [ "add_header Access-Control-Allow-Origin *", "default_type application/octet-stream", ] [metadata.ntfy] domain = "ntfy.franzi.business" ratelimit-exempt-hosts = [ "carlene", "icinga2", ] [metadata.php] version = "8.2" packages = [ 'gd', 'imagick', 'imap', 'intl', 'mbstring', 'opcache', 'pgsql', 'readline', 'xml', 'yaml', ] [metadata.postfix] message_size_limit_mb = 100 myhostname = "mail.franzi.business" mynetworks = ["gce"] [metadata.postfixadmin] domain = "postfixadmin.franzi.business" setup_password = "!decrypt:encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ==" version = "3.3.13" [metadata.postgresql] version = 15 [metadata.rspamd] ignore_spam_check_for_ips = [ # entropia '45.140.180.32/27', # Entropia e. V. '45.140.180.112/28', # MicroPOC '2a0e:c5c0:0:201::/64', # Entropia e. V. '2a0e:c5c0:0:307::/64', # MicroPOC # c3kl '116.202.19.236', '2a01:4f8:1c17:cc52::/64', # ccc '212.12.55.65', '212.12.55.67', '2a00:14b0:4200:3000:23:55:0:65', # IN-Berlin mailman '130.133.8.35', '192.109.42.28', '192.109.42.122', '193.29.188.9', '217.197.80.23', '217.197.80.134', '2001:bf0:c000:a::2:134', # c3voc '185.106.84.32/26', '2001:67c:20a0:e::/64', # DENOG '195.20.121.100', '2001:1440:201:101::5', ] password = "!bwpass:bw/rx300/rspamd" dkim = "uO4aNejDvVdw8BKne3KJIqAvCQMJ0416" [metadata.smartd] disks = [ "/dev/nvme0", "/dev/nvme1", ] [metadata.travelynx] version = "2.4.0" mail_from = "travelynx@franzi.business" domain = "travelynx.franzi.business" # the old one from rx300, XXX remove 2024-01-01 additional_cookie_secrets = ["!decrypt:encrypt$gAAAAABkyVq1Eena0FVcAW1V456-QrEtKL_fU7RSGr9mZTSBG28bk5bHJdqkvxrr4rOXNCnreJY7AsJSw-h7yrbzTNa9CUzOtt_a0caQIi7Qnen5k_TI_hTa08jViYLu3WrRxLPknpU_"] [metadata.users.skye] ssh_pubkey = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCO0KG3/hnMO6UsReyEHvV4y7fYmJGQeCVnmw2xUoM4so2ZacWDi27aQbMq6wWb/JsUh4j3OOvEfNvf27LU6wpqcxM/QO22YjLsOtVzVnGjupsKAnN/nKy+X7KhspaF9qKFpmseBpuEAAnaxnreEFNC2tHarzJzgj+Y+Bmkg4tnMWsVc6EoBp1R2xmsdeRtgcQwms3xX9COeAjkFNgniGfqigO2AxPgC68h3GqSlcPzgpJ7ukvtCRCs/g3R+9GCnxsamd3AYhaRCIKauIyA44WqtH8lAH5+g16tU8WYcK1KySuwLt418kXDDJrZXaOLbxRl+jrShIdPoGhqs1y6KlOVTbj9TBVGt8CtV8JsLwzH2GCdLjImcXWUob2j2sxgBGTWiTfWf98XBLmBQwbAlBJ01gsHhJxDx0E2ttxueSjyg4hTzWCH0TlRmbpUDdIlqLgwHxmh97YFF5oqkgWGjSt7jxrW8Q9+FeMi5L2qHzKez5Z3quOhDIXWjEcpxqQQ2Lc=", ] [metadata.weechat] user = "kunsi" relay_domain = "irc.franzi.business" [[metadata.zfs.pools.tank.when_creating.config]] devices = [ "/dev/nvme0n1p3", "/dev/nvme1n1p3", ] type = "mirror" [metadata.zfs.datasets.tank] primarycache = "metadata" [metadata.vm] cpu = 24 ram = 64