287 lines
9.4 KiB
TOML
287 lines
9.4 KiB
TOML
hostname = "193.135.9.29"
|
|
groups = [
|
|
"debian-bookworm",
|
|
"webserver",
|
|
]
|
|
bundles = [
|
|
"check-mail-received",
|
|
"dovecot",
|
|
"element-web",
|
|
"forgejo",
|
|
"matrix-media-repo",
|
|
"matrix-stickerpicker",
|
|
"matrix-synapse",
|
|
"mautrix-telegram",
|
|
"mautrix-whatsapp",
|
|
"miniflux",
|
|
"netbox",
|
|
"nextcloud",
|
|
"nodejs",
|
|
"ntfy",
|
|
"oidentd",
|
|
"php",
|
|
"postfixadmin",
|
|
"postgresql",
|
|
"redis",
|
|
"rspamd",
|
|
"smartd",
|
|
"travelynx",
|
|
"weechat",
|
|
"zfs",
|
|
]
|
|
|
|
# for auto-deployment of salonkatrin.de
|
|
[metadata.apt.packages.jekyll]
|
|
|
|
[metadata.check-mail-received.t-online]
|
|
email = "franzi.kunsmann@t-online.de"
|
|
imap_host = "secureimap.t-online.de"
|
|
imap_pass = "!bwpass_attr:t-online.de/franzi.kunsmann@t-online.de:imap"
|
|
|
|
[metadata.element-web]
|
|
url = "chat.franzi.business"
|
|
version = "v1.11.78"
|
|
[metadata.element-web.config]
|
|
default_server_config.'m.homeserver'.base_url = "https://matrix.franzi.business"
|
|
default_server_config.'m.homeserver'.server_name = "franzi.business"
|
|
brand = "franzi.business"
|
|
defaultCountryCode = "DE"
|
|
jitsi.preferredDomain = "meet.ffmuc.net"
|
|
|
|
[metadata.forgejo]
|
|
version = "8.0.3"
|
|
sha1 = "a19aa24f26c1ff5a38cf12619b6a6064242d0cf2"
|
|
domain = "git.franzi.business"
|
|
enable_git_hooks = true
|
|
install_ssh_key = true
|
|
internal_token = "!decrypt:encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=="
|
|
lfs_secret_key = "!decrypt:encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr"
|
|
oauth_secret_key = "!decrypt:encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz"
|
|
security_secret_key = "!decrypt:encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4="
|
|
|
|
[metadata.interfaces.'eno*']
|
|
ips = [
|
|
"193.135.9.29/24",
|
|
"2a0a:51c0:0:225::2/64",
|
|
]
|
|
gateway4 = "193.135.9.1"
|
|
gateway6 = "2a0a:51c0:0:225::1"
|
|
|
|
[metadata.matrix-media-repo]
|
|
admins = ["@kunsi:franzi.business"]
|
|
datastore_id = "3fff5da324ed784c771d638bb6be5917"
|
|
sha1 = "3e2bb7089b0898b86000243a82cc58ae998dc9d9"
|
|
upload_max_mb = 500
|
|
version = "v1.3.7"
|
|
[metadata.matrix-media-repo.homeservers.'franzi.business']
|
|
api = "synapse"
|
|
domain = "http://[::1]:20080/"
|
|
signing_key_path = "/etc/matrix-synapse/mmr.signing.key"
|
|
|
|
[metadata.matrix-stickerpicker]
|
|
# use this bot token: encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q
|
|
domain = "matrix-stickers.franzi.business"
|
|
[metadata.matrix-stickerpicker.config]
|
|
access_token = "!decrypt:encrypt$gAAAAABg-wBmGbAy-Ou1mkG2w5UyoqWmWYzDr4ZavyUQdmG_VtrUSmwHjx-qcBGIz_7NniD3zKm9GGvzRZItDu5zYiojcudYr74TkWJKhdDrgFbcWlfJJ_m3bWzrSORaTYzBGRckp2Vz_8xHgDk1W03vpT6mdIPMDzjuINssIcPs0YDth25W942tMfPA2csvLADY50qVRMJpdBOVIWba55o0g6-mAAQLOz6Ld4cCvYqZsqXsxjT8JUytJv_uSG4zgCS_aX20JlAyJWpJgT8FQF5HzIbsko_-Z9-TwtY7yllJp5Ri3n0WaDaWoMmUfhLvkMJeymmOc32A4WJBAePQ_2F-_oUDE7t97A-m3ZiMVAEefDnH5MkoiQEJTfHrJsXRkdBT_BnJlY1CoAuXpRYDdvbVDwN_qZHHHtqsno437l9S6GgDK_-sKBiojYkYsfHcJCdSEqeFGuxT"
|
|
homeserver = "https://matrix.franzi.business"
|
|
user_id = "@dimension:franzi.business"
|
|
|
|
[metadata.matrix-synapse]
|
|
admin_contact = "mailto:hostmaster@kunbox.net"
|
|
baseurl = "matrix.franzi.business"
|
|
server_name = "franzi.business"
|
|
trusted_key_servers = ["matrix.org", "finallycoffee.eu"]
|
|
additional_client_config.'im.vector.riot.jitsi'.preferredDomain = "meet.ffmuc.net"
|
|
wellknown_also_on_vhosts = ["franzi.business"]
|
|
[metadata.matrix-synapse.sliding_sync]
|
|
version = "v0.99.15"
|
|
sha1 = "cecb371ff5f1dd528cfc490484a0967dcc28cd82"
|
|
secret = "!decrypt:encrypt$gAAAAABl9yJlbEZafJ2mumtg03rW0-440NIgFcgdWGMo3Axrypugwctacy9Cq7MYtCBGjnDyNvVLI5B2QMJ9ssCD46NCsFRN3-X4u9rDtxPhRZV7rls_LQ_Csc_GsffJfvpmHbn_wsljd3I74h4ouWlYhhEQUIKwb3eErSZ_VTZhu_bC4jTa0FY="
|
|
|
|
[metadata.mautrix-telegram]
|
|
version = "v0.15.2"
|
|
homeserver.domain = "franzi.business"
|
|
homeserver.url = "https://matrix.franzi.business"
|
|
telegram.api_id = "!decrypt:encrypt$gAAAAABfVK5SmDDru-UQxitkE5VhPArnUBhaRbAqQPvAW2Fh3fd1XDrWxa3Qn4BSnJAPNWglH5wil_SXUMcIm95FMhPe8dVeMQ=="
|
|
telegram.api_token = "!decrypt:encrypt$gAAAAABfVK5jHuUly1xr9Iku362k7oF4ZYRhLGzNJh3aJpiNrLfAy_DJpTwucx4FV_g45dyQF5boqG2rgdDfwsJN_Ab95es6T4SPGiXIxJOBlvIln1Torwh16pXKchhUTn_PQ077Ll1W"
|
|
# same as for matrix-dimension
|
|
telegram.bot_token = "!decrypt:encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q"
|
|
provisioning.enabled = true
|
|
provisioning.shared_secret = "!decrypt:encrypt$gAAAAABfVKflEMAi07C_QGP8cy97hF-4gGPym0oF6p4WSMdAveTpx-hFsZd2s7v9ubw99yIsyKx0dHOJI0UND7hV1rKZdvjy4Qa642abZ2wwW7SWTqvuP_qVtrf6-klc2QKTzeD9c_LVsyZ2dqz_JxRPq3MRXgkubZuWOZ6FmFlAlteTffoGfWE="
|
|
[metadata.mautrix-telegram.permissions]
|
|
"'*'" = "relaybot"
|
|
'franzi.business' = "full"
|
|
"'@kunsi:franzi.business'" = "admin"
|
|
|
|
[metadata.mautrix-whatsapp]
|
|
version = "v0.10.9"
|
|
sha1 = "1619579ec6b9fca84fec085a94842d309d3f730c"
|
|
permissions."'@kunsi:franzi.business'" = "admin"
|
|
[metadata.mautrix-whatsapp.homeserver]
|
|
domain = "franzi.business"
|
|
url = "https://matrix.franzi.business"
|
|
|
|
[metadata.miniflux]
|
|
domain = "rss.franzi.business"
|
|
|
|
[metadata.netbox]
|
|
domain = "netbox.franzi.business"
|
|
version = "v4.1.2"
|
|
admins.kunsi = "hostmaster@kunbox.net"
|
|
|
|
[metadata.nextcloud]
|
|
domain = "warnochwas.de"
|
|
|
|
[metadata.nginx.'security.txt']
|
|
contact = "mailto:security@kunsmann.eu"
|
|
Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc"
|
|
|
|
[metadata.nginx.vhosts.forgejo]
|
|
domain_aliases = ["git.kunsmann.eu"]
|
|
|
|
[metadata.nginx.vhosts.'franzi.business']
|
|
domain = "franzi.business"
|
|
webroot_config.owner = "kunsi"
|
|
|
|
[metadata.nginx.vhosts.'gaenseblum.eu'.webroot_config]
|
|
owner = "skye"
|
|
|
|
[metadata.nginx.vhosts.kunsitracker]
|
|
domain = "kunsitracker.de"
|
|
locations.'/'.redirect = "https://travelynx.franzi.business/p/Kunsi"
|
|
locations.'/'.mode = 302
|
|
|
|
[metadata.nginx.vhosts.mta-sts]
|
|
domain = "mta-sts.kunbox.net"
|
|
domain_aliases = [
|
|
"mta-sts.franzi.business",
|
|
"mta-sts.kunsmann.eu",
|
|
]
|
|
force_domain = false
|
|
|
|
[metadata.nginx.vhosts.redirector]
|
|
domain = "kunbox.net"
|
|
domain_aliases = [
|
|
"carlene.kunbox.net",
|
|
"kunsmann.eu",
|
|
]
|
|
[metadata.nginx.vhosts.redirector.locations.'/']
|
|
redirect = "https://franzi.business/"
|
|
[metadata.nginx.vhosts.redirector.locations.'/.well-known/openpgpkey/']
|
|
alias = "/var/www/franzi.business/.well-known/openpgpkey"
|
|
additional_config = [
|
|
"add_header Access-Control-Allow-Origin *",
|
|
"default_type application/octet-stream",
|
|
]
|
|
|
|
[metadata.ntfy]
|
|
domain = "ntfy.franzi.business"
|
|
ratelimit-exempt-hosts = [
|
|
"carlene",
|
|
"icinga2",
|
|
]
|
|
|
|
[metadata.php]
|
|
version = "8.2"
|
|
packages = [
|
|
'gd',
|
|
'imagick',
|
|
'imap',
|
|
'intl',
|
|
'mbstring',
|
|
'opcache',
|
|
'pgsql',
|
|
'readline',
|
|
'xml',
|
|
'yaml',
|
|
]
|
|
|
|
[metadata.postfix]
|
|
message_size_limit_mb = 100
|
|
myhostname = "mail.franzi.business"
|
|
blocked_recipients = [
|
|
"!decrypt:encrypt$gAAAAABlrPHMqx7o9pscfSx4Elayrzwun9jcTYOM4XrcAoUWaHJ9vP_7P5G7V3nwdB8pWfObNew-2IOihn5EPS-0ej2gn9rI4iDnMG_6S2IBCDYMqZMn1W0=", # deadname
|
|
"tectu@kunsmann.eu",
|
|
]
|
|
|
|
[metadata.postfixadmin]
|
|
domain = "postfixadmin.franzi.business"
|
|
setup_password = "!decrypt:encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=="
|
|
version = "3.3.13"
|
|
|
|
[metadata.postgresql]
|
|
version = 15
|
|
|
|
[metadata.rspamd]
|
|
ignore_spam_check_for_ips = [
|
|
# entropia
|
|
'45.140.180.32/27', # Entropia e. V.
|
|
'45.140.180.112/28', # MicroPOC
|
|
'2a0e:c5c0:0:201::/64', # Entropia e. V.
|
|
'2a0e:c5c0:0:307::/64', # MicroPOC
|
|
|
|
# c3kl
|
|
'116.202.19.236',
|
|
'2a01:4f8:1c17:cc52::/64',
|
|
|
|
# ccc
|
|
'212.12.55.65',
|
|
'212.12.55.67',
|
|
'2a00:14b0:4200:3000:23:55:0:65',
|
|
|
|
# IN-Berlin mailman
|
|
'130.133.8.35',
|
|
'192.109.42.28',
|
|
'192.109.42.122',
|
|
'193.29.188.9',
|
|
'217.197.80.23',
|
|
'217.197.80.134',
|
|
'2001:bf0:c000:a::2:134',
|
|
|
|
# c3voc
|
|
'185.106.84.32/26',
|
|
'2001:67c:20a0:e::/64',
|
|
|
|
# DENOG
|
|
'195.20.121.100',
|
|
'2001:1440:201:101::5',
|
|
]
|
|
password = "!bwpass:bw/rx300/rspamd"
|
|
dkim = "uO4aNejDvVdw8BKne3KJIqAvCQMJ0416"
|
|
|
|
[metadata.smartd]
|
|
disks = [
|
|
"/dev/nvme0",
|
|
"/dev/nvme1",
|
|
]
|
|
|
|
[metadata.travelynx]
|
|
version = "2.8.39"
|
|
mail_from = "travelynx@franzi.business"
|
|
domain = "travelynx.franzi.business"
|
|
|
|
[metadata.users.skye]
|
|
ssh_pubkey = [
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCO0KG3/hnMO6UsReyEHvV4y7fYmJGQeCVnmw2xUoM4so2ZacWDi27aQbMq6wWb/JsUh4j3OOvEfNvf27LU6wpqcxM/QO22YjLsOtVzVnGjupsKAnN/nKy+X7KhspaF9qKFpmseBpuEAAnaxnreEFNC2tHarzJzgj+Y+Bmkg4tnMWsVc6EoBp1R2xmsdeRtgcQwms3xX9COeAjkFNgniGfqigO2AxPgC68h3GqSlcPzgpJ7ukvtCRCs/g3R+9GCnxsamd3AYhaRCIKauIyA44WqtH8lAH5+g16tU8WYcK1KySuwLt418kXDDJrZXaOLbxRl+jrShIdPoGhqs1y6KlOVTbj9TBVGt8CtV8JsLwzH2GCdLjImcXWUob2j2sxgBGTWiTfWf98XBLmBQwbAlBJ01gsHhJxDx0E2ttxueSjyg4hTzWCH0TlRmbpUDdIlqLgwHxmh97YFF5oqkgWGjSt7jxrW8Q9+FeMi5L2qHzKez5Z3quOhDIXWjEcpxqQQ2Lc=",
|
|
]
|
|
|
|
[metadata.weechat]
|
|
user = "kunsi"
|
|
relay_domain = "irc.franzi.business"
|
|
|
|
[[metadata.zfs.pools.tank.when_creating.config]]
|
|
devices = [
|
|
"/dev/nvme0n1p3",
|
|
"/dev/nvme1n1p3",
|
|
]
|
|
type = "mirror"
|
|
|
|
[metadata.zfs.datasets.tank]
|
|
primarycache = "metadata"
|
|
|
|
[metadata.zfs.datasets.'tank/sewfile']
|
|
mountpoint = "/mnt/sewfile/"
|
|
|
|
[metadata.vm]
|
|
cpu = 24
|
|
ram = 64
|