Franziska Kunsmann
32c0ad3bd6
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
403 lines
15 KiB
Python
403 lines
15 KiB
Python
nodes['htz.ex42-1048908'] = {
|
|
'bundles': {
|
|
# to be migrated to rx300
|
|
'dovecot',
|
|
'matrix-media-repo',
|
|
'matrix-synapse',
|
|
'mautrix-telegram',
|
|
'mautrix-whatsapp',
|
|
'mx-puppet-discord',
|
|
'oidentd',
|
|
'postfixadmin',
|
|
'redis',
|
|
'rspamd',
|
|
'radicale',
|
|
|
|
# no migration needed
|
|
'check-mail-received',
|
|
'lm-sensors',
|
|
'nodejs',
|
|
'php',
|
|
'postgresql',
|
|
'unbound',
|
|
'smartd',
|
|
'vmhost',
|
|
},
|
|
'groups': {
|
|
'debian-buster',
|
|
'webserver',
|
|
},
|
|
'metadata': {
|
|
'interfaces': {
|
|
'enp0s31f6': {
|
|
'ips': {
|
|
'94.130.52.224/26',
|
|
'2a01:4f8:10b:2a5f::02/64',
|
|
'2a01:4f8:10b:2a5f::1337/64',
|
|
},
|
|
'gateway4': '94.130.52.193',
|
|
'gateway6': 'fe80::1',
|
|
},
|
|
},
|
|
'apt': {
|
|
'packages': {
|
|
# TODO
|
|
'php-imagick': {},
|
|
|
|
# No need to create a bundle just to install packages,
|
|
# configs will be managed by users nevertheless.
|
|
'mosh': {},
|
|
'weechat': {},
|
|
'weechat-core': {},
|
|
'weechat-curses': {},
|
|
'weechat-perl': {},
|
|
'weechat-plugins': {},
|
|
'weechat-python': {},
|
|
'weechat-ruby': {},
|
|
},
|
|
'repos': {
|
|
'backports': {
|
|
'install_gpg_key': False, # default debian signing key
|
|
'items': {
|
|
'deb http://deb.debian.org/debian {os_release}-backports main',
|
|
},
|
|
},
|
|
'weechat': {
|
|
'items': {
|
|
'deb https://weechat.org/debian {os_release} main',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'backup-client': {
|
|
'pre-hooks': {
|
|
'kunsi-weechat': \
|
|
'echo \'core.weechat */layout store\' >> /home/kunsi/.weechat/weechat_fifo\n' \
|
|
'echo \'core.weechat */save\' >> /home/kunsi/.weechat/weechat_fifo\n',
|
|
},
|
|
},
|
|
'backups': {
|
|
'paths': {
|
|
'/home/kunsi/.weechat',
|
|
'/opt/matrix/matrix-dimension',
|
|
},
|
|
},
|
|
'check-mail-received': {
|
|
't-online': {
|
|
'email': 'franzi.kunsmann@t-online.de',
|
|
'imap_host': 'secureimap.t-online.de',
|
|
'imap_pass': bwpass.attr('t-online.de/franzi.kunsmann@t-online.de', 'imap'),
|
|
},
|
|
},
|
|
'icinga_options': {
|
|
'pretty_name': 'kunsmann.eu',
|
|
},
|
|
'letsencrypt': {
|
|
'concat_and_deploy': {
|
|
'kunsi-weechat': {
|
|
'match_domain': 'part.of.the.trans-agenda.eu',
|
|
'target': '/home/kunsi/.weechat/ssl/relay.pem',
|
|
'chown': 'kunsi:kunsi',
|
|
'chmod': '0440',
|
|
'commands': [
|
|
'echo \'core.weechat */relay sslcertkey\' >> /home/kunsi/.weechat/weechat_fifo'
|
|
],
|
|
},
|
|
},
|
|
'domains': {
|
|
'matrix.franzi.business': {
|
|
'franzi.business',
|
|
},
|
|
'part.of.the.trans-agenda.eu': set(),
|
|
},
|
|
},
|
|
'locale': {
|
|
'installed': {
|
|
# legacy
|
|
'en_DK.UTF-8',
|
|
},
|
|
},
|
|
'matrix-media-repo': {
|
|
'version': 'v1.2.8',
|
|
'homeservers': {
|
|
'franzi.business': {
|
|
'domain': 'http://[::1]:20080/',
|
|
'api': 'synapse',
|
|
},
|
|
},
|
|
'admins': {
|
|
'@kunsi:franzi.business',
|
|
},
|
|
'upload_max_mb': 500,
|
|
},
|
|
'matrix-synapse': {
|
|
'server_name': 'franzi.business',
|
|
'baseurl': 'matrix.franzi.business',
|
|
'admin_contact': 'mailto:hostmaster@kunbox.net',
|
|
'trusted_key_servers': {
|
|
'matrix.org',
|
|
'finallycoffee.eu',
|
|
'nyantec.com',
|
|
},
|
|
'additional_client_config': {
|
|
'im.vector.riot.jitsi': {
|
|
'preferredDomain': 'meet.ffmuc.net',
|
|
},
|
|
},
|
|
},
|
|
'mautrix-telegram': {
|
|
'version': 'v0.10.0',
|
|
'homeserver': {
|
|
'domain': 'franzi.business',
|
|
'url': 'https://matrix.franzi.business',
|
|
},
|
|
'provisioning': {
|
|
'enabled': True,
|
|
'shared_secret': vault.decrypt('encrypt$gAAAAABfVKflEMAi07C_QGP8cy97hF-4gGPym0oF6p4WSMdAveTpx-hFsZd2s7v9ubw99yIsyKx0dHOJI0UND7hV1rKZdvjy4Qa642abZ2wwW7SWTqvuP_qVtrf6-klc2QKTzeD9c_LVsyZ2dqz_JxRPq3MRXgkubZuWOZ6FmFlAlteTffoGfWE='),
|
|
},
|
|
'permissions': {
|
|
"'*'": 'relaybot',
|
|
'nyantec.com': 'full',
|
|
'franzi.business': 'full',
|
|
"'@kunsi:franzi.business'": 'admin',
|
|
},
|
|
'telegram': {
|
|
'api_id': vault.decrypt('encrypt$gAAAAABfVK5SmDDru-UQxitkE5VhPArnUBhaRbAqQPvAW2Fh3fd1XDrWxa3Qn4BSnJAPNWglH5wil_SXUMcIm95FMhPe8dVeMQ=='),
|
|
'api_token': vault.decrypt('encrypt$gAAAAABfVK5jHuUly1xr9Iku362k7oF4ZYRhLGzNJh3aJpiNrLfAy_DJpTwucx4FV_g45dyQF5boqG2rgdDfwsJN_Ab95es6T4SPGiXIxJOBlvIln1Torwh16pXKchhUTn_PQ077Ll1W'),
|
|
'bot_token': vault.decrypt('encrypt$gAAAAABfVK51ErJ6gfsOOkbRxSHDnVYmf7EihAQf7Uwj9og3TlAw64WRsA6ZVEgTSvOdLB3SMKZ-cTEhwkCOpbymq-_WLhes-hZALhN-H_oXHaxTQErJ0lARynKmjM-4ZhoGlUWlfh4Q'),
|
|
},
|
|
},
|
|
'mautrix-whatsapp': {
|
|
'version': 'v0.1.7',
|
|
'homeserver': {
|
|
'domain': 'franzi.business',
|
|
'url': 'https://matrix.franzi.business',
|
|
},
|
|
'permissions': {
|
|
"'@kunsi:franzi.business'": 100,
|
|
},
|
|
},
|
|
'mx-puppet-discord': {
|
|
'homeserver': {
|
|
'domain': 'franzi.business',
|
|
'url': 'https://matrix.franzi.business',
|
|
},
|
|
'allowed-users': {
|
|
'@.*:franzi\\\\.business',
|
|
},
|
|
},
|
|
'nftables': {
|
|
'rules': {
|
|
'input': {
|
|
'kunsi-weechat': [
|
|
'udp dport { 60000-61000 } accept',
|
|
'tcp dport 9001 accept',
|
|
],
|
|
'libvirt': [
|
|
'tcp dport 53 iif virbr0 accept',
|
|
'udp dport 53 iif virbr0 accept',
|
|
'udp dport { 67, 68 } iif virbr0 accept',
|
|
],
|
|
},
|
|
'forward': {
|
|
'libvirt': [
|
|
'iif virbr0 accept',
|
|
'oif virbr0 accept',
|
|
],
|
|
},
|
|
'nat_postrouting': {
|
|
'oif enp0s31f6 masquerade',
|
|
},
|
|
},
|
|
},
|
|
'nginx': {
|
|
'security.txt': {
|
|
'contact': 'mailto:security@kunsmann.eu',
|
|
'Encryption': 'https://franzi.business/gpg_hi-kunsmann.eu.asc',
|
|
},
|
|
'vhosts': {
|
|
# TODO maybe some of this can be moved to a bundle?
|
|
'dav.kunsmann.eu': {
|
|
'locations': {
|
|
'/': {
|
|
'target': 'http://[::1]:22050',
|
|
'auth': {
|
|
'file': '/etc/radicale/htpasswd',
|
|
},
|
|
'proxy_set_header': {
|
|
'X-Remote-User': '$remote_user',
|
|
},
|
|
},
|
|
'/.web/': {
|
|
'target': 'http://[::1]:22050',
|
|
}
|
|
},
|
|
},
|
|
'dimension.franzi.business': {
|
|
'ssl': '_.franzi.business',
|
|
'extras': True,
|
|
'do_not_set_content_security_headers': True,
|
|
'max_body_size': '50M',
|
|
'locations': {
|
|
'/': {
|
|
'target': 'http://127.0.0.1:8184',
|
|
},
|
|
},
|
|
},
|
|
'git.kunsmann.eu': {
|
|
'locations': {
|
|
'/': {
|
|
'redirect': 'https://git.franzi.business$request_uri',
|
|
},
|
|
},
|
|
},
|
|
'matrix-synapse': {
|
|
'ssl': '_.franzi.business',
|
|
},
|
|
'mta-sts': {
|
|
'domain': 'mta-sts.mx0.kunbox.net',
|
|
'domain_aliases': {
|
|
'mta-sts.franzi.business',
|
|
'mta-sts.kunbox.net',
|
|
'mta-sts.kunsmann.eu',
|
|
'mta-sts.trans-agenda.eu',
|
|
},
|
|
},
|
|
'paste.kunsmann.eu': {
|
|
'locations': {
|
|
'/': {
|
|
'redirect': 'https://paste.franzi.business$request_uri',
|
|
},
|
|
},
|
|
},
|
|
'postfixadmin.mx0.kunbox.net': {
|
|
'webroot': '/opt/postfixadmin/public/',
|
|
'php': True,
|
|
'website_check_path': '/login.php',
|
|
'website_check_string': 'login',
|
|
},
|
|
'rspamd.mx0.kunbox.net': {
|
|
'locations': {
|
|
'/': {
|
|
'target': 'http://localhost:11334/',
|
|
},
|
|
},
|
|
},
|
|
'vliedel.random.franzi.business': {
|
|
'webroot_config': {
|
|
'mode': '0775',
|
|
'owner': 'vliedel',
|
|
'group': 'vliedel',
|
|
},
|
|
},
|
|
'webmail.mx0.kunbox.net': {
|
|
'php': True,
|
|
'website_check_path': '/',
|
|
'website_check_string': 'roundcube',
|
|
},
|
|
},
|
|
'worker_processes': 4,
|
|
},
|
|
'oidentd': {
|
|
'allows': {
|
|
'kunsi': {
|
|
'spoof',
|
|
'spoof_all',
|
|
},
|
|
},
|
|
},
|
|
'php': {
|
|
'version': '7.4',
|
|
'packages': {
|
|
'gd',
|
|
'imap',
|
|
'intl',
|
|
'json',
|
|
'mbstring',
|
|
'opcache',
|
|
'pgsql',
|
|
'readline',
|
|
'xml',
|
|
},
|
|
},
|
|
'postfix': {
|
|
'myhostname': 'mx0.kunbox.net',
|
|
'message_size_limit_mb': 50,
|
|
'mynetworks': {
|
|
'ovh',
|
|
},
|
|
},
|
|
'postfixadmin': {
|
|
'version': '3.3.9',
|
|
'setup_password': vault.decrypt('encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=='),
|
|
},
|
|
'radicale': {
|
|
'users': {
|
|
'kunsi': bwpass.password('dav.kunsmann.eu/kunsi'),
|
|
},
|
|
},
|
|
'rspamd': {
|
|
'ignore_spam_check_for_ips': {
|
|
# entropia
|
|
## hetzner (legacy)
|
|
'188.40.158.213',
|
|
'188.40.158.214',
|
|
'188.40.158.218',
|
|
'2a01:4f8:221:2f83:2130::2',
|
|
'2a01:4f8:221:2f83:2140::2',
|
|
'2a01:4f8:221:2f83:2180::2',
|
|
# yolocolo
|
|
'45.140.180.32/27', # Entropia e. V.
|
|
'45.140.180.112/28', # MicroPOC
|
|
'2a0e:c5c0:0:201::/64', # Entropia e. V.
|
|
'2a0e:c5c0:0:307::/64', # MicroPOC
|
|
|
|
# ccc
|
|
'212.12.55.65',
|
|
'212.12.55.67',
|
|
'2a00:14b0:4200:3000:23:55:0:65',
|
|
|
|
# IN-Berlin mailman
|
|
'130.133.8.35',
|
|
'192.109.42.28',
|
|
'192.109.42.122',
|
|
'193.29.188.9',
|
|
'217.197.80.23',
|
|
'217.197.80.134',
|
|
'2001:bf0:c000:a::2:134',
|
|
},
|
|
'password': bwpass.password('rspamd.mx0.kunbox.net'),
|
|
},
|
|
'smartd': {
|
|
'disks': {
|
|
'/dev/nvme0',
|
|
'/dev/nvme1',
|
|
},
|
|
},
|
|
'systemd': {
|
|
'journal': {
|
|
# should last about 9 days
|
|
'maxuse': '2G',
|
|
},
|
|
},
|
|
'users': {
|
|
'kunsi': {
|
|
'enable_linger': True,
|
|
'groups': [
|
|
'www-data',
|
|
'libvirt',
|
|
],
|
|
},
|
|
'vliedel': {
|
|
'ssh_pubkey': [
|
|
'command="/usr/local/bin/rrsync /var/www/vliedel.random.franzi.business/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVOBnzs/QDzhvg70VK6xaV318Euaag1cWNjAJfsA266618UiZVx4xsHzNwYN960v0MhiVPMwnl3NoGWAT9/j/b5l3HAkihv4rEPYQkoGV0Mvtwee37dT5nCL8o54Kl+rhl4WPD4Ju5+iZ3AP84YMUJXUrETpZLRzQD1pKOWLaGxBSJolICjz5A7glDVNmvI8uH58EkzhA7q4lCPhzFLxfvFfJPRuEHdVViL2usvHpRnIDRQOCjLYF2fIpG3ULrvWGl4VZ+9cZCNqSN6ywjlH8U8e5Vc3Fi4sbqYh71LrBqs/lSJ+5BL9/rB3GZD1SVTbivyEDJGJu3HPDV4ahwYYKn minecraft@irc',
|
|
'command="/usr/local/bin/rrsync /var/www/vliedel.random.franzi.business/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVB179psVd1HMcqOvQm0BXzVELake6ZFCZeV6DnR2/6baLvRqne/PWtfMDQpT9joc0iZtjW7dhI96Wga89PccaG1OnjzBuHDU9xRQ9pKYn64czmJYiG3uDKCPAWUnzvuqzMU3Prq9JWdjURwkEIRkwE98dzaLcUvop3DdbWFluGgq6+btP4UBc0Dkkd/EjngQsbcs2bPE935ySEW7rHBfOm/1bMjmyNx/5tCqfJI6GblSLRvWRhXmJJmKJM1GjdoBOuFS68mhPgkvP6An+nTzlWBsiilYjokYlbL3avveqiQV/qySAKkwX2nsAnYhY+sjoohcWzlhTWX9yq7yk7N8dJAEKAhpHFaLAXTwhkKG6qeUma194Z/ADHnP4YaD645dq+FAjflKIl430JlKe4FxkT77mOIf90prLCFenYfrEl4f4/lazKBudcmauhX+8oa/FPfuw+Nhc4q5oIAZDoiKdOLRPYInT/2kPv2xkLioi124UDotkEMnS4FennCxaq3Rf13AXkyQfc945RClkjAzEp6dU+82B9Oy+civUnEOtWQZcbrWTAeNMo6sg7fJoS+md8PxhOZ5QWR+uc/388idpxeOlGJTRpFYGQDMTXcexey0caSJuK9r/Qee2shMOoIjUwn0Z8LOUtI3m5UCpF9jbAWcp/7KXRr4L/itgsVhN7Q== minecraft@asus-mini',
|
|
],
|
|
},
|
|
},
|
|
'vm': {
|
|
'cpu': 8,
|
|
'ram': 64,
|
|
},
|
|
},
|
|
}
|