#hostname = "2a00:f820:528::4" hostname = "31.47.232.108" bundles = [ "elasticsearch", "ldap-frontend", "letsencrypt", "monit", "nginx", "nextcloud", "openldap", "postfix", "php", "postgresql", "redis", ] groups = [ "debian-bullseye", ] [metadata.hosts.entries] "127.0.0.1" = [ "ldap.qzwi.de", ] [metadata.interfaces.enp1s0] ips = [ "31.47.232.108/29", "2a00:f820:528::4", ] gateway4 = "31.47.232.105" gateway6 = "2a00:f820:528::1" [metadata.ldap-frontend.external_links] "NextCloud" = "https://cloud.qzwi.de/" [metadata.nextcloud] # for elasticsearch to work, please install 'ingest-attachment' plugin: # /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-attachment domain = "cloud.qzwi.de" sha1 = "0d496eb0808c292502479e93cd37fe2daf95786a" version = "23.0.0" [metadata.nginx.vhosts.nextcloud] ssl = "letsencrypt" [metadata.nginx.vhosts.openldap] domain = "ldap.qzwi.de" ssl = "letsencrypt" [metadata.nginx.vhosts.openldap.locations."/"] target = "http://127.0.0.1:23000" [metadata.openldap] my_hostname = "ldap.qzwi.de" ssl = "_.qzwi.de" backup = [ "dc=qzwi,dc=de", ] schemas = [ "openssh-lpk_openldap", ] [metadata.ldap-frontend.template] "group_admin" = "(&(objectclass=inetOrgPerson)(uid={})(memberOf=ou=qzwi-admins,ou=Groups,dc=qzwi,dc=de))" "group_members" = "(&(objectclass=inetOrgPerson)(memberOf=ou={},ou=Groups,dc=qzwi,dc=de))" "group_nonmembers" = "(&(objectclass=inetOrgPerson)(!(memberOf=ou={},ou=Groups,dc=qzwi,dc=de)))" "user_search" = "(&(objectclass=inetOrgPerson)(uid={}))" [metadata.openldap.access."ou=Users,dc=qzwi,dc=de"] manage = [ "uid=ldap-frontend,ou=Applications,dc=qzwi,dc=de", ] [metadata.openldap.access."ou=Groups,dc=qzwi,dc=de"] manage = [ "uid=ldap-frontend,ou=Applications,dc=qzwi,dc=de", ] [metadata.vm] cpu = 4 ram = 4 [metadata.monit] from_address = "monit@qzwi.de" alert_addresses = [ "rico@qzwi.de", ]