bundlewrap/nodes/qzwi.toml

#hostname = "2a00:f820:528::4"
hostname = "31.47.232.108"
bundles = [
  "elasticsearch",
  "ldap-frontend",
  "letsencrypt",
  "monit",
  "nginx",
  "nextcloud",
  "openldap",
  "postfix",
  "php",
  "postgresql",
  "redis",
]
groups = [
  "debian-bullseye",
]

[metadata.hosts.entries]
"127.0.0.1" = [
  "ldap.qzwi.de",
]

[metadata.interfaces.enp1s0]
ips = [
  "31.47.232.108/29",
  "2a00:f820:528::4",
]
gateway4 = "31.47.232.105"
gateway6 = "2a00:f820:528::1"

[metadata.ldap-frontend.external_links]
"NextCloud" = "https://cloud.qzwi.de/"

[metadata.nextcloud]
# for elasticsearch to work, please install 'ingest-attachment' plugin:
# /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-attachment
domain = "cloud.qzwi.de"
sha1 = "0d496eb0808c292502479e93cd37fe2daf95786a"
version = "23.0.0"

[metadata.nginx.vhosts.nextcloud]
ssl = "letsencrypt"

[metadata.nginx.vhosts.openldap]
domain = "ldap.qzwi.de"
ssl = "letsencrypt"
[metadata.nginx.vhosts.openldap.locations."/"]
target = "http://127.0.0.1:23000"

[metadata.openldap]
my_hostname = "ldap.qzwi.de"
ssl = "_.qzwi.de"
backup = [
  "dc=qzwi,dc=de",
]
schemas = [
  "openssh-lpk_openldap",
  "qzwiperson",
]

[metadata.ldap-frontend.template]
"group_admin" = "(&(objectclass=qzwiperson)(uid={})(memberOf=ou=qzwi-admins,ou=Groups,dc=qzwi,dc=de))"
"group_members" = "(&(objectclass=qzwiperson)(memberOf=ou={},ou=Groups,dc=qzwi,dc=de))"
"group_nonmembers" = "(&(objectclass=qzwiperson)(!(memberOf=ou={},ou=Groups,dc=qzwi,dc=de)))"
"user_search" = "(&(objectclass=qzwiperson)(uid={}))"

[metadata.openldap.access."ou=Users,dc=qzwi,dc=de"]
manage = [
  "uid=ldap-frontend,ou=Applications,dc=qzwi,dc=de",
]

[metadata.openldap.access."ou=Groups,dc=qzwi,dc=de"]
manage = [
  "uid=ldap-frontend,ou=Applications,dc=qzwi,dc=de",
]

[metadata.vm]
cpu = 4
ram = 4

[metadata.monit]
from_address = "monit@qzwi.de"
alert_addresses = [
  "rico@qzwi.de",
]