commit 669227d5079bee83b79713fd3e1efe808fb9089f
parent 16b489a261d56a4edc1edf2b2f5a1ca4d4328218
Author: Leah (ctucx) <leah@ctu.cx>
Date: Fri, 11 Jun 2021 15:17:28 +0200
parent 16b489a261d56a4edc1edf2b2f5a1ca4d4328218
Author: Leah (ctucx) <leah@ctu.cx>
Date: Fri, 11 Jun 2021 15:17:28 +0200
add new host: f2k1de's matrix
4 files changed, 255 insertions(+), 7 deletions(-)
A
|
242
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/configuration/f2k1de/matrix.yml b/configuration/f2k1de/matrix.yml @@ -0,0 +1,242 @@ +system: + hostname: matrix + domain: flauschekatze.space + timezone: Europe/Berlin + alpineVersion: v3.13 + enableSudo: true + useNTP: true + extraPackages: + - iftop + - htop + - rsync + - tar + - wget + - curl + - nginx + fstab: + - device: UUID=eeea7ae6-2dac-4969-a6bf-aa88f1799db9 + path: / + fstype: ext4 + options: rw,relatime + checks: 0 1 + - device: UUID=18daa231-c7c9-4583-97de-fc2a93095a09 + path: /boot + fstype: ext4 + options: rw,relatime + checks: 0 2 + nameservers: + - 1.1.1.1 + - 8.8.8.8 + users: + - name: root + allowedSshKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161 + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local + - name: isa + groups: "wheel" + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32646436343430316239336133663933356637336239653637386638393766376133623335343338 + 3066636233353436326461336561616365613233643965340a383036663337313466316139313061 + 31353232373536646565336563633166366639353563303534633336646532316131363266306335 + 3063393532396238300a393835373462636662303665333035343066376666383637326132346336 + 3966 + allowedSshKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161 + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local + +network: + nftables: + enable: true + interfaces: + - name: lo + loopback: true + - name: eth0 + ipv4: + address: 5.45.103.213 + gateway: 5.45.100.1 + netmask: 255.255.252.0 + ipv6: + address: 2a03:4000:6:4c3::1 + gateway: fe80::1 + netmask: 64 + +services: + openssh: + enable: true + port: 22 + permitRootLogin: true + passwordAuthentication: false + + prometheus_node_exporter: + enable: true + + postgresql: + enable: true + + vnstat: + enable: true + + acme_redirect: + enable: true + email: hi@f2k1.de + certs: + matrix.flauschekatze.space: + renewTasks: + - sudo rc-service nginx restart + + nginx: + enable: true + user: nginx + group: nginx + sslOnly: true + vhosts: + localhost: + defaultServer: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/matrix.flauschekatze.space/fullchain" + privkey: "/var/lib/acme-redirect/live/matrix.flauschekatze.space/privkey" + locations: + - path: /node-exporter + proxy: http://127.0.0.1:9100/metrics + + synapse: + enable: true + homeserverConfig: + suppress_key_server_warning: true + no_tls: false + server_name: "flauschekatze.space" + pid_file: "/run/matrix-synapse.pid" + public_baseurl: "https://matrix.flauschekatze.space/" + listeners: + - port: 8008 + bind_address: "127.0.0.1" + type: http + tls: false + x_forwarded: true + resources: + - names: ["client", "metrics"] + compress: true + - names: ["federation"] + compress: false + database: + name: "psycopg2" + args: + database: "synapse" + event_cache_size: "10K" + verbose: 0 + rc_messages_per_second: 0.2 + rc_message_burst_count: 10.0 + federation_rc_window_size: 1000 + federation_rc_sleep_limit: 10 + federation_rc_sleep_delay: 500 + federation_rc_reject_limit: 50 + federation_rc_concurrent: 3 + media_store_path: "/var/lib/synapse/media-store" + uploads_path: "/var/lib/synapse/uploads" + max_upload_size: "100M" + max_image_pixels: "32M" + dynamic_thumbnails: false + url_preview_enabled: true + url_preview_ip_range_blacklist: ["127.0.0.0/8","10.0.0.0/8","172.16.0.0/12","192.168.0.0/16","100.64.0.0/10","169.254.0.0/16","::1/128","fe80::/64","fc00::/7"] + url_preview_ip_range_whitelist: [] + url_preview_url_blacklist: [] + enable_registration: false + enable_registration_captcha: false + recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" + turn_uris: [] + turn_shared_secret: "" + turn_user_lifetime: "1h" + enable_metrics: true + user_creation_max_duration: 1209600000 + bcrypt_rounds: 12 + allow_guest_access: false + room_invite_state_types: ["m.room.join_rules", "m.room.canonical_alias", "m.room.avatar", "m.room.name"] + expire_access_token: false + report_stats: false + signing_key_path: "/var/lib/synapse/homeserver.signing.key" + key_refresh_interval: "1d" + redaction_retention_period: 7 + registration_shared_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30323431313734313633616137313161666664323131376432303866653030353763353061336363 + 6561643162353166643061623063643261373461613462390a653935613438376335633435353765 + 34313039666239333435396138313833306532383736613235323832633761386461656232396632 + 3232373435353731390a643732633063613335393163356338323861336530306466366637303533 + 66656635396465616665623063313335353331663062346665376266633034333462653565393831 + 65646438323564623966653436663034363139353665613838616139303538656431346631626630 + 306166303465306562636261626462323636 + macaroon_secret_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65643935663437343933636637336437666262616634663130306132366237616335663436646564 + 6333623132663235313330373266643864366638616466390a383634323261323261653935626233 + 64363665663863653332613333383565646633643037383365303637323263353932623738666130 + 3237373737306262300a326464643935666533306138613861353533383630383337363433313436 + 33363966343766633963613932343965313031646632396265346664353761393663616332636338 + 39653031663433343162393532333163383532326166396139613636343665626232316135326266 + 373236363232306534373564316461396162 + form_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35373339343138313837383839333761666466663734626631646330666666386639383664306137 + 6636303535633766653839353164353862343435613362300a633866333962623331633231376564 + 39363665373737326334326134616638613265303561376338393834376339373434656565383462 + 3135333335656437310a623530376137656161663735653365333032313566346136623166636330 + 34626263316539306634383835363935386264306131383238613165653838633166396634303335 + 35373337633466336236363062636639626439353633303635326565373364366530623139386161 + 333937373064356461356662363235363036 + perspectives: + servers: + "matrix.org": + verify_keys: + "ed25519:auto": + key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" + logConfig: + version: 1 + formatters: + precise: + format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' + handlers: + file: + class: logging.handlers.TimedRotatingFileHandler + formatter: precise + filename: /var/log/synapse/homeserver.log + when: midnight + backupCount: 3 # Does not include the current log file. + encoding: utf8 + buffer: + class: logging.handlers.MemoryHandler + target: file + capacity: 10 + flushLevel: 30 # Flush for WARNING logs as well + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.storage.SQL: + level: INFO + twisted: + handlers: [file] + propagate: false + root: + level: INFO + handlers: [buffer] + disable_existing_loggers: false + webClient: + enable: false + configFile: config-files/osterei/schildichat-web.json + nginx: + enable: true + domain: "matrix.flauschekatze.space" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/matrix.flauschekatze.space/fullchain" + privkey: "/var/lib/acme-redirect/live/matrix.flauschekatze.space/privkey" + extraConfig: " + location /node-exporter { + proxy_pass http://127.0.0.1:9100/metrics; + } + "
diff --git a/configuration/osterei.yml b/configuration/osterei.yml @@ -292,7 +292,8 @@ services: 'toaster.frp.ctu.cx', 'repo.f2k1.de', 'luna.f2k1.de', - 'isa-nuc.home.ctu.cx' + 'isa-nuc.home.ctu.cx', + 'matrix.flauschekatze.space' ] - job_name: 'fritzbox-exporter'
diff --git a/inventory b/inventory @@ -35,4 +35,7 @@ ansible_ssh_port=24 185.232.70.80 [isanuc] -195.39.246.41- \ No newline at end of file +195.39.246.41 + +[matrix] +matrix.flauschekatze.space+ \ No newline at end of file
diff --git a/playbook-f2k1de.yml b/playbook-f2k1de.yml @@ -70,7 +70,9 @@ tags: files - role: vnstat tags: vnstat -# - role: nginx -# tags: nginx -# - role: synapse -# tags: synapse + - role: postgresql + tags: postgresql + - role: nginx + tags: nginx + - role: synapse + tags: synapse