kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity
bundlewrap/nodes/htz/ex42-1048908.py

238 lines
9.7 KiB
Python
Raw Blame History

nodes['htz.ex42-1048908'] = {
'bundles': {
'gitea',
'jenkins-ci',
'matrix-synapse',
'mx-puppet-discord',
'nodejs',
'riot-web',
'postgresql',
'travelynx',
'vmhost',
'voc-loudness-monitor',
},
'groups': {
'webserver',
},
'metadata': {
'apt': {
'packages': {
# No need to create a bundle just to install packages,
# configs will be managed by users nevertheless. Maybe
# this will be a FIXME once we start managing backups
# via bundlewrap.
'weechat': {},
'weechat-core': {},
'weechat-curses': {},
'weechat-perl': {},
'weechat-plugins': {},
'weechat-python': {},
'weechat-ruby': {},
},
'unattended-upgrades': {
'origins': {
'site=weechat.org',
# TODO move to bundles
'o=Rspamd,n=buster,l=Rspamd,c=main',
# FIXME We can't upgrade miniflux automatically,
# because the apt package doesn't (currently?) do
# database migrations by itself. This leads to
# miniflux not starting up after being upgraded.
#'site=apt.miniflux.app',
},
'reboot': False,
},
'repos': {
'backports': {
'install_gpg_key': False, # default debian signing key
'items': [
'deb http://deb.debian.org/debian buster-backports main',
],
},
'miniflux': {
'items': {
'deb https://apt.miniflux.app/ /',
},
},
'rspamd': {
'items': {
'deb [arch=amd64] http://rspamd.com/apt-stable/ buster main',
},
},
'weechat': {
'items': {
'deb https://weechat.org/debian buster main',
},
},
},
},
'gitea': {
'version': '1.12.3',
'sha256': '6bfda9a12dc248360d34954b087ca6319f7310c61dc32b34c5e0675fdd45e0f4',
'domain': 'git.kunsmann.eu',
# TODO find out if those secrets can be rotated without breaking stuff
'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='),
},
'letsencrypt': {
'concat_and_deploy': {
'kunsi-weechat': {
'match_domain': 'part.of.the.trans-agenda.eu',
'target': '/home/kunsi/.weechat/ssl/relay.pem',
'chown': 'kunsi:kunsi',
'chmod': '0440',
'commands': [
'echo \'core.weechat */relay sslcertkey\' >> /home/kunsi/.weechat/weechat_fifo'
],
},
},
'domains': {
'matrix.franzi.business': {
'franzi.business',
},
'mx0.kunbox.net': set(), # TODO move to bundle
'part.of.the.trans-agenda.eu': set(),
},
'reload_after': {
# TODO move to bundles
'dovecot',
'postfix',
},
},
'matrix-synapse': {
'server_name': 'franzi.business',
'baseurl': 'matrix.franzi.business',
'admin_contact': 'mailto:hostmaster@kunbox.net',
'appservice_configs': {
# TODO move to bundles
'/opt/matrix-bridges/mautrix-whatsapp/registration.yaml',
'/opt/matrix-bridges/mautrix-telegram/registration.yaml',
},
'trusted_key_servers': {
'matrix.org',
'finallycoffee.eu',
'nyantec.com',
},
},
'mx-puppet-discord': {
'homeserver': {
'domain': 'franzi.business',
'url': 'https://matrix.franzi.business',
},
'allowed-users': {
'@.*:franzi\\\\.business',
},
},
'nginx': {
'vhosts': {
# TODO maybe some of this can be moved to a bundle?
'dav.kunsmann.eu': {
'extras': True,
},
'dimension.franzi.business': {
'extras': True,
'do_not_set_content_security_headers': True,
'proxy': {
'/': 'http://127.0.0.1:8184',
},
},
'franzi.business': {
'webroot': '/var/www/franzi.business/_site/',
'extras': True,
},
'jenkins.kunsmann.eu': {
'proxy': {
'/': 'http://localhost:9000/',
},
},
'kunbox.net': {},
'kunsmann.eu': {
'extras': True,
},
'matrix.franzi.business': {
'extras': True,
},
'pad.franzi.business': {
'extras': True,
},
'paste.kunsmann.eu': {
'extras': True,
},
'postfixadmin.mx0.kunbox.net': {
'webroot': '/srv/postfixadmin/public/',
'index': 'index.php',
'php': True, # FIXME this assumes php 7.3 is installed and configured already
},
'rspamd.mx0.kunbox.net': {
'proxy': {
'/': 'http://localhost:11334/',
},
},
'rss.kunsmann.eu': {
'proxy': {
'/': 'http://localhost:8080/',
},
},
'travelynx.franzi.business': {
'proxy': {
'/': 'http://127.0.0.1:8093',
},
'extras': True,
},
'vliedel.random.franzi.business': {},
'webmail.mx0.kunbox.net': {
'index': 'index.php',
'php': True,
},
},
},
'riot-web': {
'url': 'chat.franzi.business',
'config': {
'default_server_name': 'franzi.business',
'brand': 'franzi.business',
'showLabsSettings': True,
'integrations_ui_url': 'https://dimension.franzi.business/riot',
'integrations_rest_url': 'https://dimension.franzi.business/api/v1/scalar',
'integrations_widgets_urls': ['https://dimension.franzi.business/widgets'],
'default_theme': 'dark',
'defaultCountryCode': 'DE',
'features': {
'feature_bridge_state': 'labs',
'feature_font_scaling': 'labs',
'feature_irc_ui': 'labs',
'feature_mjolnir': 'labs',
'feature_presence_in_room_list': 'labs',
},
},
},
'travelynx': {
'version': '1.16.1',
'mail_from': 'travelynx@franzi.business',
},
'users': {
'feli': {
'ssh_pubkey': [
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPTSLjSY/Be1XJ/klAwLiM1pKSvmbdcOgtgDB6nPcHkgX6JZu7g/Kejfuk4qIKL8GYYUQt7DlGY6n2u5rChWE/6KZJzXcUwS3pXk4LZ5KydWp7ihfvyRtUOBgKkRa1zQv+6KCH9WyR++ArwVTP8KSkrmDe6k7NWAjZqOuIJHG/AbEyTBapTJYjObZ0AM7wlwcB+oRM1BfZCP0Y+PIP2eGJS7Pyb32pITNKk3JuFXgAvbj5OeRrwtpZ9S+/7wIpaUVODPzrVmbC7vOXu/2KJ9aY2BmxUsxRbrvWMmWNiuE0YPt/7lUroK4pH3md3lWRcGUS/uYvhug7yG1yB81nyI15',
],
},
'kunsi': {
'groups': [
'www-data',
'libvirt',
],
},
'vliedel': {
'ssh_pubkey': [
'command="/usr/local/bin/rrsync /var/www/vliedel.random.franzi.business/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVOBnzs/QDzhvg70VK6xaV318Euaag1cWNjAJfsA266618UiZVx4xsHzNwYN960v0MhiVPMwnl3NoGWAT9/j/b5l3HAkihv4rEPYQkoGV0Mvtwee37dT5nCL8o54Kl+rhl4WPD4Ju5+iZ3AP84YMUJXUrETpZLRzQD1pKOWLaGxBSJolICjz5A7glDVNmvI8uH58EkzhA7q4lCPhzFLxfvFfJPRuEHdVViL2usvHpRnIDRQOCjLYF2fIpG3ULrvWGl4VZ+9cZCNqSN6ywjlH8U8e5Vc3Fi4sbqYh71LrBqs/lSJ+5BL9/rB3GZD1SVTbivyEDJGJu3HPDV4ahwYYKn minecraft@irc',
],
},
},
},
'os': 'debian',
'os_version': (10, 5),
}
Reference in a new issue View git blame Copy permalink