system: hostname: luna domain: f2k1.de timezone: Europe/Berlin enableOwnRepos: true enableSudo: true useNTP: true extraPackages: - iftop - iotop - htop - rsync - mtr - traceroute - dnsutils - tar - unzip - wget - curl - screen - zsh users: - name: root allowedSshKeys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829 - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local - name: isa groups: "wheel" shell: /usr/bin/zsh password: !vault | $ANSIBLE_VAULT;1.1;AES256 32646436343430316239336133663933356637336239653637386638393766376133623335343338 3066636233353436326461336561616365613233643965340a383036663337313466316139313061 31353232373536646565336563633166366639353563303534633336646532316131363266306335 3063393532396238300a393835373462636662303665333035343066376666383637326132346336 3966 allowedSshKeys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829 - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local network: nftables: enable: true networkd: networkd_resolv_conf_content: - nameserver 1.1.1.1 - nameserver 8.8.8.8 networkd_apply_action: "restart" network: - name: ens18 priority: 10 content: - Match: - Name: ens18 - Network: - DNS: 2a02:c205::1:53 - Address: 2a02:c207:3002:8320:0000:0000:0000:0001/64 - Address: 2a02:c207:3002:8320:feed:f2c1:c0ff:ee/128 - Gateway: fe80::1 - DNS: 1.1.1.1:53 - Address: 5.189.140.103/24 - Gateway: 5.189.140.1 files: /home/isa/photos.f2k1.de: state: "directory" mode: "0755" owner: "isa" group: "isa" /var/lib/websites: state: "directory" mode: "0755" owner: "isa" group: "http" /var/lib/websites/f2k1.de: state: "directory" mode: "0755" owner: "isa" group: "http" /var/lib/websites/www.f2k1.de: state: "directory" mode: "0755" owner: "isa" group: "http" /var/lib/websites/cloud.f2k1.de: state: "directory" mode: "0755" owner: "isa" group: "http" /var/lib/websites/photos.f2k1.de: state: "directory" mode: "0755" owner: "isa" group: "http" /var/lib/websites/windows.f2k1.de: state: "directory" mode: "0755" owner: "isa" group: "http" /var/lib/websites/pma.f2k1.de: state: "directory" mode: "0755" owner: "isa" group: "http" /var/lib/websites/moodle.toolsnbots.de: state: "directory" mode: "0755" owner: "isa" group: "http" /var/lib/websites/wiki.flauschekatze.space: state: "directory" mode: "0755" owner: "isa" group: "http" /var/lib/websites/c3fridge.de: state: "directory" mode: "0755" owner: "isa" group: "http" /var/lib/websites/flauschehorn.sexy: state: "directory" mode: "0755" owner: "isa" group: "http" /var/lib/websites/keinsexmitnazis.de: state: "directory" mode: "0755" owner: "isa" group: "http" /etc/nginx/passwd/windows.f2k1.de: state: "file" content: !vault | $ANSIBLE_VAULT;1.1;AES256 36623463386561353136643330353931393735383765343630386566633538376636656231306466 3735336663366461653661373539366131666231363765330a653538626464633730376631323864 66313463393764613035666233373466303735356139663065626433616134396337323632393233 3330346235656137390a656633366134393265393564666262626231363565343739393166653864 33653233653432666665363962666562363134373962356434636463336132336132613266303265 3737643633343133303039663738313437323531306235336133 mode: "0600" owner: "http" group: "http" timers: blahajstats: timer_command: /home/isa/blahaj_stats/blahajstats.sh timer_user: isa timer_OnCalendar: "hourly" timer_AccuracySec: 5s unistats: timer_command: /home/isa/unistats/unistats.sh timer_user: isa timer_OnCalendar: "minutely" timer_AccuracySec: 5s LarusBot: timer_command: /home/isa/LarusBot/LarusBot.sh timer_user: isa timer_OnCalendar: "*-*-* 19:00:00" timer_AccuracySec: 5s services: openssh: enable: true port: 24 permitRootLogin: true passwordAuthentication: false prometheus_node_exporter: enable: true vnstat: enable: true mariadb: enable: true databases: - name: etherpad - name: flauschehorn - name: flauschekatzewiki - name: grafana_blahaj - name: moodle - name: wuecampusstats users: - username: isa password: !vault | $ANSIBLE_VAULT;1.1;AES256 62323831653137326430383361343132643265386230346339326363333636373232366137326635 3966636264386263333262323561303838653066316632630a333166616430653461316430393438 34373664373536313032343666633239393034393763663266626364323338373932306463346236 3239356361333061640a306631666364306464376466326437363935323364343965666434633664 33373032386235336162373934306536383761616665626530643565666634613633 state: present privileges: "*.*": "ALL,GRANT" - username: etherpad password: !vault | $ANSIBLE_VAULT;1.1;AES256 64396439646132303237323661326438373264383263393435396662303938666435323436373466 3266663665383031303766323461643665653664616564340a383830313863323832353138333630 30663636623530303164653863323466356565346131336332303666303635393063326262386137 3734653234616433360a383036663362623735396233396636316231363231313065643631366633 39393430363565353439353436323265623435363738313364616637663832333262 state: present privileges: "etherpad.*": "ALL,GRANT" - username: flauschehorn password: !vault | $ANSIBLE_VAULT;1.1;AES256 33663635343635306239613230663235333933393632623166353265376230313632373434376439 6262643462643963333432303461313065303065333435620a623064353061613962633761363530 63393735316466393039373838323166373238656437326130386432663137383762613263373961 6635346235393436650a346630306462386435316162343164613665316333626462646563653463 34376538663634616337313130326638386466373035353532663734363663396664 state: present privileges: "flauschehorn.*": "ALL,GRANT" - username: flauschekatzewiki password: !vault | $ANSIBLE_VAULT;1.1;AES256 32306166663630323030333461646162393538633433353536373330376535333263353466336236 6531663239613765353936613936313434303262383238660a316538313061623734383939323464 30353764636436643163623038623436373135653562653134616437636537323730653238666634 3930303434303665630a346536303865343534376364386563643332623437353266333835623637 66353132633363613933393937643231646335613134656238376436306162643336 state: present privileges: "flauschekatzewiki.*": "ALL,GRANT" - username: grafana password: !vault | $ANSIBLE_VAULT;1.1;AES256 35383865653363363531356139646361306236346533623463636166636463646535616137653034 6334613065656632376666616266656464386631346336630a626265336431623763386161326362 65626663613066303461623635376335323731393737383966323264663737376137633739366231 6337376138633637650a643138656662663932346139666162326562396338366236366630303863 38393861323361646333363733353764373938303961643134663234653438636637 state: present privileges: "grafana_blahaj.*": "ALL,GRANT" - username: moodle password: !vault | $ANSIBLE_VAULT;1.1;AES256 35353861363133343936326532626564303837383131663061373565656263396366653564373265 3833396539393362336165643032623939376433623132650a623634366331633466353466363462 64396534613861363166333634393862393237663337366663386438643335303462303935653461 3564353132623062340a653934336630353637656164663065323837343461633238326662636533 36316439356539333433313861316633326338323934306435313737663638633834 state: present privileges: "moodle.*": "ALL,GRANT" - username: wuecampusstats password: !vault | $ANSIBLE_VAULT;1.1;AES256 38323163343562663735616263626162326461383062663461636235633831653764666136613535 6462316631663732306239653734663738336637646335320a343032643436613264333231303937 39333462653063633663383632383164333166346462323831323865653535343061343135356638 3434306632376337330a636334356562666365633362303965633531333665663636303635613839 34623638653631663739643431303938653238306633643635313965383632336636 state: present privileges: "wuecampusstats.*": "ALL,GRANT" acme_redirect: enable: true email: hi@f2k1.de certs: f2k1.de: extraDnsNames: - www.f2k1.de renew_tasks: - sudo systemctl restart nginx luna.f2k1.de: renewTasks: - sudo systemctl restart nginx photos.f2k1.de: renewTasks: - sudo systemctl restart nginx windows.f2k1.de: renewTasks: - sudo systemctl restart nginx grafana.f2k1.de: renewTasks: - sudo systemctl restart nginx prometheus.f2k1.de: renewTasks: - sudo systemctl restart nginx fbexporter.f2k1.de: renewTasks: - sudo systemctl restart nginx cloud.f2k1.de: renewTasks: - sudo systemctl restart nginx pma.f2k1.de: renewTasks: - sudo systemctl restart nginx moodle.toolsnbots.de: renewTasks: - sudo systemctl restart nginx systemusagestats.toolsnbots.de: renewTasks: - sudo systemctl restart nginx isapad.de: renewTasks: - sudo systemctl restart nginx c3fridge.de: renewTasks: - sudo systemctl restart nginx free-spee.ch: renewTasks: - sudo systemctl restart nginx flauschekatze.space: renewTasks: - sudo systemctl restart nginx wiki.flauschekatze.space: renewTasks: - sudo systemctl restart nginx flauschehorn.sexy: renewTasks: - sudo systemctl restart nginx php_fpm: enable: true version: 7 extraModules: - gd - intl listeners: www: user: isa group: http listenerPath: /run/php-fpm7/php-fpm.sock listenerOwner: http listenerGroup: http extraConfig: " php_admin_value[post_max_size] = 128M\n php_admin_value[upload_max_filesize] = 100M " nginx: enable: true sslOnly: true vhosts: f2k1.de: ssl: enable: true cert: "/var/lib/acme-redirect/live/f2k1.de/fullchain" privkey: "/var/lib/acme-redirect/live/f2k1.de/privkey" root: /var/lib/websites/f2k1.de enablePhpSupport: true phpSocket: /run/php-fpm7/php-fpm.sock www.f2k1.de: ssl: enable: true cert: "/var/lib/acme-redirect/live/f2k1.de/fullchain" privkey: "/var/lib/acme-redirect/live/f2k1.de/privkey" root: /var/lib/websites/www.f2k1.de enablePhpSupport: true phpSocket: /run/php-fpm7/php-fpm.sock luna.f2k1.de: defaultServer: true ssl: enable: true cert: "/var/lib/acme-redirect/live/luna.f2k1.de/fullchain" privkey: "/var/lib/acme-redirect/live/luna.f2k1.de/privkey" locations: - path: /node-exporter proxy: http://127.0.0.1:9100/metrics windows.f2k1.de: ssl: enable: true cert: "/var/lib/acme-redirect/live/windows.f2k1.de/fullchain" privkey: "/var/lib/acme-redirect/live/windows.f2k1.de/privkey" root: /var/lib/websites/windows.f2k1.de locations: - path: / directoryListing: true basicAuth: /etc/nginx/passwd/windows.f2k1.de pma.f2k1.de: ssl: enable: true cert: "/var/lib/acme-redirect/live/pma.f2k1.de/fullchain" privkey: "/var/lib/acme-redirect/live/pma.f2k1.de/privkey" root: /var/lib/websites/pma.f2k1.de enablePhpSupport: true phpSocket: /run/php-fpm7/php-fpm.sock cloud.f2k1.de: ssl: enable: true cert: "/var/lib/acme-redirect/live/cloud.f2k1.de/fullchain" privkey: "/var/lib/acme-redirect/live/cloud.f2k1.de/privkey" root: /var/lib/websites/cloud.f2k1.de enablePhpSupport: true phpSocket: /run/php-fpm7/php-fpm.sock moodle.toolsnbots.de: ssl: enable: true cert: "/var/lib/acme-redirect/live/moodle.toolsnbots.de/fullchain" privkey: "/var/lib/acme-redirect/live/moodle.toolsnbots.de/privkey" root: /var/lib/websites/moodle.toolsnbots.de enablePhpSupport: true phpSocket: /run/php-fpm7/php-fpm.sock systemusagestats.toolsnbots.de: ssl: enable: true cert: "/var/lib/acme-redirect/live/systemusagestats.toolsnbots.de/fullchain" privkey: "/var/lib/acme-redirect/live/systemusagestats.toolsnbots.de/privkey" locations: - path: "/" extraConfig: 'return 301 systemusagestats:/$request_uri;' isapad.de: ssl: enable: true cert: "/var/lib/acme-redirect/live/isapad.de/fullchain" privkey: "/var/lib/acme-redirect/live/isapad.de/privkey" locations: - path: "/" extraConfig: 'return 200 "todo";' c3fridge.de: ssl: enable: true cert: "/var/lib/acme-redirect/live/c3fridge.de/fullchain" privkey: "/var/lib/acme-redirect/live/c3fridge.de/privkey" root: /var/lib/websites/c3fridge.de free-spee.ch: ssl: enable: true cert: "/var/lib/acme-redirect/live/free-spee.ch/fullchain" privkey: "/var/lib/acme-redirect/live/free-spee.ch/privkey" locations: - path: "/" extraConfig: 'return 301 "https://skrt.social/@kumitterer/104392956272864310";' flauschekatze.space: ssl: enable: true cert: "/var/lib/acme-redirect/live/flauschekatze.space/fullchain" privkey: "/var/lib/acme-redirect/live/flauschekatze.space/privkey" locations: - path: "/.well-known/matrix/client" extraConfig: ' add_header Content-Type application/json; return 200 "{\"m.homeserver\": {\"base_url\": \"https://matrix.flauschekatze.space\"}}"; ' - path: "/.well-known/matrix/server" extraConfig: ' add_header Content-Type application/json; return 200 "{\"m.server\": \"matrix.flauschekatze.space:443\"}"; ' wiki.flauschekatze.space: ssl: enable: true cert: "/var/lib/acme-redirect/live/wiki.flauschekatze.space/fullchain" privkey: "/var/lib/acme-redirect/live/wiki.flauschekatze.space/privkey" root: /var/lib/websites/wiki.flauschekatze.space enablePhpSupport: true phpSocket: /run/php-fpm7/php-fpm.sock flauschehorn.sexy: ssl: enable: true cert: "/var/lib/acme-redirect/live/flauschehorn.sexy/fullchain" privkey: "/var/lib/acme-redirect/live/flauschehorn.sexy/privkey" root: /var/lib/websites/flauschehorn.sexy enablePhpSupport: true phpSocket: /run/php-fpm7/php-fpm.sock keinsexmitnazis.de: ssl: enable: true cert: "/var/lib/acme-redirect/live/f2k1.de/fullchain" privkey: "/var/lib/acme-redirect/live/f2k1.de/privkey" root: /var/lib/websites/keinsexmitnazis.de prometheus: enable: true config: global: scrape_interval: 20s evaluation_interval: 1m scrape_configs: - job_name: 'prometheus' static_configs: - targets: ['127.0.0.1:9090'] - job_name: 'node-exporter' metrics_path: '/node-exporter' scheme: 'https' scrape_interval: 30s static_configs: - targets: [ 'luna.f2k1.de', 'wanderduene.ctu.cx', 'taurus.ctu.cx', 'quitschi.ctu.cx', 'desastro.ctu.cx', 'lollo.ctu.cx', 'joguhrtbecher.ctu.cx', 'repo.f2k1.de', 'toaster.frp.ctu.cx', 'stasicontainer-mac.frp.ctu.cx' ] - job_name: 'fritzbox-exporter' metrics_path: '/metrics' scheme: 'https' scrape_interval: 30s static_configs: - targets: [ 'fbexporter.ctu.cx', 'fbexporter.f2k1.de' ] - job_name: 'parkplatz-exporter' metrics_path: '/parkplaetze.php' scheme: 'https' scrape_interval: 5m static_configs: - targets: [ 'f2k1.de' ] nginx: enable: true domain: "prometheus.f2k1.de" sslOnly: true ssl: enable: true cert: "/var/lib/acme-redirect/live/prometheus.f2k1.de/fullchain" privkey: "/var/lib/acme-redirect/live/prometheus.f2k1.de/privkey" grafana: enable: true configFile: config-files/luna/grafana.ini nginx: enable: true domain: "grafana.f2k1.de" sslOnly: true ssl: enable: true cert: "/var/lib/acme-redirect/live/grafana.f2k1.de/fullchain" privkey: "/var/lib/acme-redirect/live/grafana.f2k1.de/privkey" fritzboxExporter: enable: true nginx: enable: true domain: "fbexporter.f2k1.de" sslOnly: true ssl: enable: true cert: "/var/lib/acme-redirect/live/fbexporter.f2k1.de/fullchain" privkey: "/var/lib/acme-redirect/live/fbexporter.f2k1.de/privkey" mumble: enable: true ctucxGallery: enable: true user: isa sourceDir: /home/isa/photos.f2k1.de targetDir: /var/lib/websites/photos.f2k1.de site: name: isas photos author: f2k1de description: ein paar bilder tags: "" nginx: enable: true domain: "photos.f2k1.de" sslOnly: true ssl: enable: true cert: "/var/lib/acme-redirect/live/photos.f2k1.de/fullchain" privkey: "/var/lib/acme-redirect/live/photos.f2k1.de/privkey"