bundlewrap/nodes/rx300.py

242 lines
8.4 KiB
Python

# To use the serial console in iRMC, set up grub as follows:
# GRUB_TIMEOUT=30
# GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200 console=tty0"
# GRUB_TERMINAL=serial
# GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
nodes['rx300'] = {
'hostname': '31.47.232.106',
'bundles': {
'check-mail-received',
'gitea',
'jenkins-ci',
'lm-sensors',
'miniflux',
'php',
'postgresql',
'smartd',
'travelynx',
'vmhost',
'zfs',
},
'groups': {
'debian-bullseye',
'webserver',
},
'metadata': {
'interfaces': {
'br0': {
'ips': {
'31.47.232.106/29',
'2a00:f820:528::2/64',
},
'gateway4': '31.47.232.105',
'gateway6': '2a00:f820:528::1',
},
},
'apt': {
'packages': {
'ipmitool': {},
# for franzi.business deployment
'ruby': {},
'ruby-dev': {},
'ruby-bundler': {},
# more php
'php-imagick': {},
'php-yaml': {},
},
# XXX remove this once nginx.org has packages for debian bullseye
'repos': {
'nginx': {
'items': atomic({
'deb http://nginx.org/packages/debian buster nginx',
}),
},
},
},
'check-mail-received': {
't-online': {
'email': 'franzi.kunsmann@t-online.de',
'imap_host': 'secureimap.t-online.de',
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
},
},
'gitea': {
'version': '1.14.4',
'sha256': 'e1ce2fadcf6561cb2543b44b9f1382d6ce4be29ed8edd6d9d7080a218aa114b0',
'domain': 'git.franzi.business',
'email_domain_blocklist': {
'gmail.com',
'yahoo.com',
'aol.com',
'comcast.net',
'verizon.net',
'hotmail.com',
'cox.net',
'msn.com',
},
'enable_git_hooks': True,
'install_ssh_key': True,
'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='),
},
'icinga_options': {
'pretty_name': 'franzi.business',
},
'miniflux': {
'domain': 'rss.franzi.business',
},
'nginx': {
'vhosts': {
'gitea': {'ssl': '_.franzi.business'},
'miniflux': {'ssl': '_.franzi.business'},
'franzi.business': {
'webroot': '/var/www/franzi.business/_site/',
'ssl': '_.franzi.business',
'locations': {
'/.well-known/matrix/client': {
'return': json_dumps({
'm.homeserver': {
'base_url': 'https://matrix.franzi.business',
},
'm.identity_server': {
'base_url': 'https://matrix.org',
},
'im.vector.riot.jitsi': {
'preferredDomain': 'meet.ffmuc.net',
},
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
'/.well-known/matrix/server': {
'return': json_dumps({
'm.server': 'matrix.franzi.business:443',
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
},
},
'jenkins': {
'domain': 'jenkins.franzi.business',
'ssl': '_.franzi.business',
'locations': {
'/': {
'target': 'http://localhost:22010/',
},
},
'website_check_path': '/login',
'website_check_string': 'Welcome to Jenkins',
},
'unicornsden-redirect': {
'domain': 'unicornsden.franzi.business',
'ssl': '_.franzi.business',
'locations': {
'/': {
'redirect': 'https://map.unicornsden.com/',
},
},
},
'unicornsden': {
'domain': 'map.unicornsden.com',
'php': True,
'webroot_config': {
'owner': 'git',
'group': 'git',
'mode': '0755',
},
},
'travelynx': {
'domain': 'travelynx.franzi.business',
'ssl': '_.franzi.business',
'locations': {
'/': {
'target': 'http://127.0.0.1:22020',
},
'/static': {
'root': '/opt/travelynx/public',
},
'/service-worker.js': {
'root': '/opt/travelynx/public',
},
},
},
},
},
'php': {
'version': '8.0',
'packages': {
'gd',
'imap',
'intl',
'mbstring',
'opcache',
'pgsql',
'readline',
'xml',
},
},
'postgresql': {
'version': '13',
},
'smartd': {
'disks': {
'/dev/nvme0',
},
},
'systemd-networkd': {
'bridges': {
'br0': {
'match': {
'eno1',
},
},
},
},
'travelynx': {
'version': '1.20.2',
'mail_from': 'travelynx@franzi.business',
},
'users': {
'kunsi': {
'groups': {
'libvirt',
},
},
},
'zfs': {
'module_options': {
'zfs_arc_max_gb': 16,
},
'pools': {
'tank': {
'raidz': {
'/dev/sda',
'/dev/sdb',
'/dev/sdc',
'/dev/sdd',
},
},
},
'datasets': {
'tank/libvirt': {
'mountpoint': '/var/lib/libvirt',
'compression': 'on',
},
},
},
'vm': {
'cpu': 32,
'ram': 256,
},
},
}