bundlewrap/nodes/qzwi.toml

86 lines
1.9 KiB
TOML

#hostname = "2a00:f820:528::4"
hostname = "31.47.232.108"
bundles = [
"elasticsearch",
"ldap-frontend",
"letsencrypt",
"monit",
"nginx",
"nextcloud",
"openldap",
"postfix",
"php",
"postgresql",
"redis",
]
groups = [
"debian-bullseye",
]
[metadata.hosts.entries]
"127.0.0.1" = [
"ldap.qzwi.de",
]
[metadata.interfaces.enp1s0]
ips = [
"31.47.232.108/29",
"2a00:f820:528::4",
]
gateway4 = "31.47.232.105"
gateway6 = "2a00:f820:528::1"
[metadata.ldap-frontend.external_links]
"NextCloud" = "https://cloud.qzwi.de/"
[metadata.nextcloud]
# for elasticsearch to work, please install 'ingest-attachment' plugin:
# /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-attachment
domain = "cloud.qzwi.de"
sha1 = "0d496eb0808c292502479e93cd37fe2daf95786a"
version = "23.0.0"
[metadata.nginx.vhosts.nextcloud]
ssl = "letsencrypt"
[metadata.nginx.vhosts.openldap]
domain = "ldap.qzwi.de"
ssl = "letsencrypt"
[metadata.nginx.vhosts.openldap.locations."/"]
target = "http://127.0.0.1:23000"
[metadata.openldap]
my_hostname = "ldap.qzwi.de"
ssl = "_.qzwi.de"
backup = [
"dc=qzwi,dc=de",
]
schemas = [
"openssh-lpk_openldap",
]
[metadata.ldap-frontend.template]
"group_admin" = "(&(objectclass=inetOrgPerson)(uid={})(memberOf=ou=qzwi-admins,ou=Groups,dc=qzwi,dc=de))"
"group_members" = "(&(objectclass=inetOrgPerson)(memberOf=ou={},ou=Groups,dc=qzwi,dc=de))"
"group_nonmembers" = "(&(objectclass=inetOrgPerson)(!(memberOf=ou={},ou=Groups,dc=qzwi,dc=de)))"
"user_search" = "(&(objectclass=inetOrgPerson)(uid={}))"
[metadata.openldap.access."ou=Users,dc=qzwi,dc=de"]
manage = [
"uid=ldap-frontend,ou=Applications,dc=qzwi,dc=de",
]
[metadata.openldap.access."ou=Groups,dc=qzwi,dc=de"]
manage = [
"uid=ldap-frontend,ou=Applications,dc=qzwi,dc=de",
]
[metadata.vm]
cpu = 4
ram = 4
[metadata.monit]
from_address = "monit@qzwi.de"
alert_addresses = [
"rico@qzwi.de",
]