bundlewrap/nodes/htz-cloud/miniserver.py

# sophie's miniserver
# mostly unmanaged

nodes['htz-cloud.miniserver'] = {
    'groups': {
        'debian-buster',
        'webserver',
    },
    'bundles': set(),
    'metadata': {
        'interfaces': {
            'eth0': {
                'ips': {
                    '157.90.20.62',
                    '2a01:4f8:c2c:840f::1/64',
                },
                'gateway4': '172.31.1.1',
                'gateway6': 'fe80::1',
            },
        },
        'apt': {
            'packages': {
                'mosh': {},
                'weechat': {},
                'weechat-core': {},
                'weechat-curses': {},
                'weechat-perl': {},
                'weechat-plugins': {},
                'weechat-python': {},
                'weechat-ruby': {},
            },
            'repos': {
                'weechat': {
                    'items': {
                        'deb https://weechat.org/debian {os_release} main',
                    },
                },
            },
        },
        'backups': {
            'exclude_from_backups': True,
        },
        'icinga_options': {
            'vars.notification.sms': False,
        },
        'iptables': {
            'custom_rules': [
                'iptables_both -A INPUT -p udp --dport 60000:61000 -j ACCEPT', # mosh
                'iptables_both -A INPUT -p tcp --dport 9001 -j ACCEPT', # weechat

            ],
        },
        'letsencrypt': {
            'concat_and_deploy': {
                'sophie-weechat': {
                    'match_domain': 'i.sophies-kitchen.eu',
                    'target': '/home/sophie/.weechat/ssl/relay.pem',
                    'chown': 'sophie:sophie',
                    'chmod': '0440',
                    'commands': [
                        'echo \'core.weechat */relay sslcertkey\' >> /home/sophie/.weechat/weechat_fifo'
                    ],
                },
            },
            'domains': {
                'i.sophies-kitchen.eu': set(),
                'webdump.sophies-kitchen.eu': set(),
            },
        },
        'nginx': {
            'vhosts': {
                'webdump.sophies-kitchen.eu': {
                    'webroot_config': {
                        'owner': 'sophie',
                        'group': 'sophie',
                        'mode': '0755',
                    },
                    'extras': True,
                },
            },
        },
        'vm': {
            'cpu': 2,
            'ram': 4,
        },
        'users': {
            'sophie': {
                'ssh_pubkey': [
                    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon"
                ],
            },
        },
    },
}