bundlewrap/nodes/carlene.toml

281 lines
9.2 KiB
TOML

hostname = "193.135.9.29"
groups = [
"debian-bookworm",
"webserver",
]
bundles = [
"check-mail-received",
"dovecot",
"element-web",
"forgejo",
"matrix-media-repo",
"matrix-stickerpicker",
"matrix-synapse",
"mautrix-telegram",
"mautrix-whatsapp",
"miniflux",
"netbox",
"nextcloud",
"nodejs",
"ntfy",
"oidentd",
"php",
"postfixadmin",
"postgresql",
"redis",
"rspamd",
"smartd",
"travelynx",
"weechat",
"zfs",
]
# for auto-deployment of salonkatrin.de
[metadata.apt.packages.jekyll]
[metadata.check-mail-received.t-online]
email = "franzi.kunsmann@t-online.de"
imap_host = "secureimap.t-online.de"
imap_pass = "!bwpass_attr:t-online.de/franzi.kunsmann@t-online.de:imap"
[metadata.element-web]
url = "chat.franzi.business"
version = "v1.11.64"
[metadata.element-web.config]
default_server_config.'m.homeserver'.base_url = "https://matrix.franzi.business"
default_server_config.'m.homeserver'.server_name = "franzi.business"
brand = "franzi.business"
defaultCountryCode = "DE"
jitsi.preferredDomain = "meet.ffmuc.net"
[metadata.forgejo]
version = "1.21.11-1"
sha1 = "232db6b4e5432bf718597758d13591af58adaa47"
domain = "git.franzi.business"
enable_git_hooks = true
install_ssh_key = true
internal_token = "!decrypt:encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=="
lfs_secret_key = "!decrypt:encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr"
oauth_secret_key = "!decrypt:encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz"
security_secret_key = "!decrypt:encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4="
[metadata.interfaces.eno2]
ips = [
"193.135.9.29/24",
"2a0a:51c0:0:225::2/64",
]
gateway4 = "193.135.9.1"
gateway6 = "2a0a:51c0:0:225::1"
[metadata.matrix-media-repo]
admins = ["@kunsi:franzi.business"]
datastore_id = "3fff5da324ed784c771d638bb6be5917"
sha1 = "55d353b472894547c61b11567089eb2cf40ce5ba"
upload_max_mb = 500
version = "v1.3.4"
[metadata.matrix-media-repo.homeservers.'franzi.business']
api = "synapse"
domain = "http://[::1]:20080/"
[metadata.matrix-stickerpicker]
# use this bot token: encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q
domain = "matrix-stickers.franzi.business"
[metadata.matrix-stickerpicker.config]
access_token = "!decrypt:encrypt$gAAAAABg-wBmGbAy-Ou1mkG2w5UyoqWmWYzDr4ZavyUQdmG_VtrUSmwHjx-qcBGIz_7NniD3zKm9GGvzRZItDu5zYiojcudYr74TkWJKhdDrgFbcWlfJJ_m3bWzrSORaTYzBGRckp2Vz_8xHgDk1W03vpT6mdIPMDzjuINssIcPs0YDth25W942tMfPA2csvLADY50qVRMJpdBOVIWba55o0g6-mAAQLOz6Ld4cCvYqZsqXsxjT8JUytJv_uSG4zgCS_aX20JlAyJWpJgT8FQF5HzIbsko_-Z9-TwtY7yllJp5Ri3n0WaDaWoMmUfhLvkMJeymmOc32A4WJBAePQ_2F-_oUDE7t97A-m3ZiMVAEefDnH5MkoiQEJTfHrJsXRkdBT_BnJlY1CoAuXpRYDdvbVDwN_qZHHHtqsno437l9S6GgDK_-sKBiojYkYsfHcJCdSEqeFGuxT"
homeserver = "https://matrix.franzi.business"
user_id = "@dimension:franzi.business"
[metadata.matrix-synapse]
admin_contact = "mailto:hostmaster@kunbox.net"
baseurl = "matrix.franzi.business"
server_name = "franzi.business"
trusted_key_servers = ["matrix.org", "finallycoffee.eu"]
additional_client_config.'im.vector.riot.jitsi'.preferredDomain = "meet.ffmuc.net"
wellknown_also_on_vhosts = ["franzi.business"]
[metadata.matrix-synapse.sliding_sync]
version = "v0.99.15"
sha1 = "cecb371ff5f1dd528cfc490484a0967dcc28cd82"
secret = "!decrypt:encrypt$gAAAAABl9yJlbEZafJ2mumtg03rW0-440NIgFcgdWGMo3Axrypugwctacy9Cq7MYtCBGjnDyNvVLI5B2QMJ9ssCD46NCsFRN3-X4u9rDtxPhRZV7rls_LQ_Csc_GsffJfvpmHbn_wsljd3I74h4ouWlYhhEQUIKwb3eErSZ_VTZhu_bC4jTa0FY="
[metadata.mautrix-telegram]
version = "v0.15.1"
homeserver.domain = "franzi.business"
homeserver.url = "https://matrix.franzi.business"
telegram.api_id = "!decrypt:encrypt$gAAAAABfVK5SmDDru-UQxitkE5VhPArnUBhaRbAqQPvAW2Fh3fd1XDrWxa3Qn4BSnJAPNWglH5wil_SXUMcIm95FMhPe8dVeMQ=="
telegram.api_token = "!decrypt:encrypt$gAAAAABfVK5jHuUly1xr9Iku362k7oF4ZYRhLGzNJh3aJpiNrLfAy_DJpTwucx4FV_g45dyQF5boqG2rgdDfwsJN_Ab95es6T4SPGiXIxJOBlvIln1Torwh16pXKchhUTn_PQ077Ll1W"
# same as for matrix-dimension
telegram.bot_token = "!decrypt:encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q"
provisioning.enabled = true
provisioning.shared_secret = "!decrypt:encrypt$gAAAAABfVKflEMAi07C_QGP8cy97hF-4gGPym0oF6p4WSMdAveTpx-hFsZd2s7v9ubw99yIsyKx0dHOJI0UND7hV1rKZdvjy4Qa642abZ2wwW7SWTqvuP_qVtrf6-klc2QKTzeD9c_LVsyZ2dqz_JxRPq3MRXgkubZuWOZ6FmFlAlteTffoGfWE="
[metadata.mautrix-telegram.permissions]
"'*'" = "relaybot"
'franzi.business' = "full"
"'@kunsi:franzi.business'" = "admin"
[metadata.mautrix-whatsapp]
version = "v0.10.7"
sha1 = "7ebfadc247c3fb4c6c9503f7c48234fcc976cadf"
permissions."'@kunsi:franzi.business'" = "admin"
[metadata.mautrix-whatsapp.homeserver]
domain = "franzi.business"
url = "https://matrix.franzi.business"
[metadata.miniflux]
domain = "rss.franzi.business"
[metadata.netbox]
domain = "netbox.franzi.business"
version = "v3.7.5"
admins.kunsi = "hostmaster@kunbox.net"
[metadata.nextcloud]
domain = "warnochwas.de"
[metadata.nginx.'security.txt']
contact = "mailto:security@kunsmann.eu"
Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc"
[metadata.nginx.vhosts.forgejo]
domain_aliases = ["git.kunsmann.eu"]
[metadata.nginx.vhosts.'franzi.business']
domain = "franzi.business"
webroot_config.owner = "kunsi"
[metadata.nginx.vhosts.'gaenseblum.eu'.webroot_config]
owner = "skye"
[metadata.nginx.vhosts.mta-sts]
domain = "mta-sts.kunbox.net"
domain_aliases = [
"mta-sts.franzi.business",
"mta-sts.kunsmann.eu",
]
force_domain = false
[metadata.nginx.vhosts.redirector]
domain = "kunbox.net"
domain_aliases = [
"carlene.kunbox.net",
"kunsmann.eu",
]
[metadata.nginx.vhosts.redirector.locations.'/']
redirect = "https://franzi.business/"
[metadata.nginx.vhosts.redirector.locations.'/.well-known/openpgpkey/']
alias = "/var/www/franzi.business/.well-known/openpgpkey"
additional_config = [
"add_header Access-Control-Allow-Origin *",
"default_type application/octet-stream",
]
[metadata.ntfy]
domain = "ntfy.franzi.business"
ratelimit-exempt-hosts = [
"carlene",
"icinga2",
]
[metadata.php]
version = "8.2"
packages = [
'gd',
'imagick',
'imap',
'intl',
'mbstring',
'opcache',
'pgsql',
'readline',
'xml',
'yaml',
]
[metadata.postfix]
message_size_limit_mb = 100
myhostname = "mail.franzi.business"
blocked_recipients = [
"!decrypt:encrypt$gAAAAABlrPHMqx7o9pscfSx4Elayrzwun9jcTYOM4XrcAoUWaHJ9vP_7P5G7V3nwdB8pWfObNew-2IOihn5EPS-0ej2gn9rI4iDnMG_6S2IBCDYMqZMn1W0=", # deadname
"tectu@kunsmann.eu",
]
[metadata.postfixadmin]
domain = "postfixadmin.franzi.business"
setup_password = "!decrypt:encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=="
version = "3.3.13"
[metadata.postgresql]
version = 15
[metadata.rspamd]
ignore_spam_check_for_ips = [
# entropia
'45.140.180.32/27', # Entropia e. V.
'45.140.180.112/28', # MicroPOC
'2a0e:c5c0:0:201::/64', # Entropia e. V.
'2a0e:c5c0:0:307::/64', # MicroPOC
# c3kl
'116.202.19.236',
'2a01:4f8:1c17:cc52::/64',
# ccc
'212.12.55.65',
'212.12.55.67',
'2a00:14b0:4200:3000:23:55:0:65',
# IN-Berlin mailman
'130.133.8.35',
'192.109.42.28',
'192.109.42.122',
'193.29.188.9',
'217.197.80.23',
'217.197.80.134',
'2001:bf0:c000:a::2:134',
# c3voc
'185.106.84.32/26',
'2001:67c:20a0:e::/64',
# DENOG
'195.20.121.100',
'2001:1440:201:101::5',
]
password = "!bwpass:bw/rx300/rspamd"
dkim = "uO4aNejDvVdw8BKne3KJIqAvCQMJ0416"
[metadata.smartd]
disks = [
"/dev/nvme0",
"/dev/nvme1",
]
[metadata.travelynx]
version = "2.6.7"
mail_from = "travelynx@franzi.business"
domain = "travelynx.franzi.business"
[metadata.users.skye]
ssh_pubkey = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCO0KG3/hnMO6UsReyEHvV4y7fYmJGQeCVnmw2xUoM4so2ZacWDi27aQbMq6wWb/JsUh4j3OOvEfNvf27LU6wpqcxM/QO22YjLsOtVzVnGjupsKAnN/nKy+X7KhspaF9qKFpmseBpuEAAnaxnreEFNC2tHarzJzgj+Y+Bmkg4tnMWsVc6EoBp1R2xmsdeRtgcQwms3xX9COeAjkFNgniGfqigO2AxPgC68h3GqSlcPzgpJ7ukvtCRCs/g3R+9GCnxsamd3AYhaRCIKauIyA44WqtH8lAH5+g16tU8WYcK1KySuwLt418kXDDJrZXaOLbxRl+jrShIdPoGhqs1y6KlOVTbj9TBVGt8CtV8JsLwzH2GCdLjImcXWUob2j2sxgBGTWiTfWf98XBLmBQwbAlBJ01gsHhJxDx0E2ttxueSjyg4hTzWCH0TlRmbpUDdIlqLgwHxmh97YFF5oqkgWGjSt7jxrW8Q9+FeMi5L2qHzKez5Z3quOhDIXWjEcpxqQQ2Lc=",
]
[metadata.weechat]
user = "kunsi"
relay_domain = "irc.franzi.business"
[[metadata.zfs.pools.tank.when_creating.config]]
devices = [
"/dev/nvme0n1p3",
"/dev/nvme1n1p3",
]
type = "mirror"
[metadata.zfs.datasets.tank]
primarycache = "metadata"
[metadata.zfs.datasets.'tank/sewfile']
mountpoint = "/mnt/sewfile/"
[metadata.vm]
cpu = 24
ram = 64