system: hostname: matrix domain: flauschekatze.space timezone: Europe/Berlin alpineVersion: v3.14 enableSudo: true useNTP: true extraPackages: - iftop - htop - rsync - tar - wget - curl - nginx fstab: - device: UUID=eeea7ae6-2dac-4969-a6bf-aa88f1799db9 path: / fstype: ext4 options: rw,relatime checks: 0 1 - device: UUID=18daa231-c7c9-4583-97de-fc2a93095a09 path: /boot fstype: ext4 options: rw,relatime checks: 0 2 nameservers: - 1.1.1.1 - 8.8.8.8 users: - name: root allowedSshKeys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829 - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local - name: isa groups: "wheel" password: !vault | $ANSIBLE_VAULT;1.1;AES256 32646436343430316239336133663933356637336239653637386638393766376133623335343338 3066636233353436326461336561616365613233643965340a383036663337313466316139313061 31353232373536646565336563633166366639353563303534633336646532316131363266306335 3063393532396238300a393835373462636662303665333035343066376666383637326132346336 3966 allowedSshKeys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829 - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local secrets: synapse: registration_shared_secret: !vault | $ANSIBLE_VAULT;1.1;AES256 30323431313734313633616137313161666664323131376432303866653030353763353061336363 6561643162353166643061623063643261373461613462390a653935613438376335633435353765 34313039666239333435396138313833306532383736613235323832633761386461656232396632 3232373435353731390a643732633063613335393163356338323861336530306466366637303533 66656635396465616665623063313335353331663062346665376266633034333462653565393831 65646438323564623966653436663034363139353665613838616139303538656431346631626630 306166303465306562636261626462323636 macaroon_secret_key: !vault | $ANSIBLE_VAULT;1.1;AES256 65643935663437343933636637336437666262616634663130306132366237616335663436646564 6333623132663235313330373266643864366638616466390a383634323261323261653935626233 64363665663863653332613333383565646633643037383365303637323263353932623738666130 3237373737306262300a326464643935666533306138613861353533383630383337363433313436 33363966343766633963613932343965313031646632396265346664353761393663616332636338 39653031663433343162393532333163383532326166396139613636343665626232316135326266 373236363232306534373564316461396162 form_secret: !vault | $ANSIBLE_VAULT;1.1;AES256 35373339343138313837383839333761666466663734626631646330666666386639383664306137 6636303535633766653839353164353862343435613362300a633866333962623331633231376564 39363665373737326334326134616638613265303561376338393834376339373434656565383462 3135333335656437310a623530376137656161663735653365333032313566346136623166636330 34626263316539306634383835363935386264306131383238613165653838633166396634303335 35373337633466336236363062636639626439353633303635326565373364366530623139386161 333937373064356461356662363235363036 network: nftables: enable: true interfaces: - name: lo loopback: true - name: eth0 ipv4: address: 5.45.103.213 gateway: 5.45.100.1 netmask: 255.255.252.0 ipv6: address: 2a03:4000:6:4c3::1 gateway: fe80::1 netmask: 64 services: openssh: enable: true port: 22 permitRootLogin: true passwordAuthentication: false prometheus_node_exporter: enable: true postgresql: enable: true vnstat: enable: true acme_redirect: enable: true email: hi@f2k1.de certs: matrix.flauschekatze.space: renewTasks: - sudo rc-service nginx restart nginx: enable: true user: nginx group: nginx sslOnly: true vhosts: localhost: defaultServer: true ssl: enable: true cert: "/var/lib/acme-redirect/live/matrix.flauschekatze.space/fullchain" privkey: "/var/lib/acme-redirect/live/matrix.flauschekatze.space/privkey" locations: - path: /node-exporter proxy: http://127.0.0.1:9100/metrics synapse: enable: true homeserverConfig: suppress_key_server_warning: true no_tls: false server_name: "flauschekatze.space" pid_file: "/run/matrix-synapse.pid" public_baseurl: "https://matrix.flauschekatze.space/" listeners: - port: 8008 bind_address: "127.0.0.1" type: http tls: false x_forwarded: true resources: - names: ["client", "metrics"] compress: true - names: ["federation"] compress: false database: name: "psycopg2" args: database: "synapse" event_cache_size: "10K" verbose: 0 rc_messages_per_second: 0.2 rc_message_burst_count: 10.0 federation_rc_window_size: 1000 federation_rc_sleep_limit: 10 federation_rc_sleep_delay: 500 federation_rc_reject_limit: 50 federation_rc_concurrent: 3 media_store_path: "/var/lib/synapse/media-store" uploads_path: "/var/lib/synapse/uploads" max_upload_size: "100M" max_image_pixels: "32M" dynamic_thumbnails: false url_preview_enabled: true url_preview_ip_range_blacklist: ["127.0.0.0/8","10.0.0.0/8","172.16.0.0/12","192.168.0.0/16","100.64.0.0/10","169.254.0.0/16","::1/128","fe80::/64","fc00::/7"] url_preview_ip_range_whitelist: [] url_preview_url_blacklist: [] enable_registration: false enable_registration_captcha: false recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" turn_uris: [] turn_shared_secret: "" turn_user_lifetime: "1h" enable_metrics: true user_creation_max_duration: 1209600000 bcrypt_rounds: 12 allow_guest_access: false room_invite_state_types: ["m.room.join_rules", "m.room.canonical_alias", "m.room.avatar", "m.room.name"] expire_access_token: false report_stats: false signing_key_path: "/var/lib/synapse/homeserver.signing.key" key_refresh_interval: "1d" redaction_retention_period: 7 registration_shared_secret: "{{ secrets.synapse.registration_shared_secret }}" macaroon_secret_key: "{{ secrets.synapse.macaroon_secret_key }}" form_secret: "{{ secrets.synapse.form_secret }}" perspectives: servers: "matrix.org": verify_keys: "ed25519:auto": key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" logConfig: version: 1 formatters: precise: format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' handlers: file: class: logging.handlers.TimedRotatingFileHandler formatter: precise filename: /var/log/synapse/homeserver.log when: midnight backupCount: 3 # Does not include the current log file. encoding: utf8 buffer: class: logging.handlers.MemoryHandler target: file capacity: 10 flushLevel: 30 # Flush for WARNING logs as well console: class: logging.StreamHandler formatter: precise loggers: synapse.storage.SQL: level: INFO twisted: handlers: [file] propagate: false root: level: INFO handlers: [buffer] disable_existing_loggers: false webClient: enable: false configFile: config-files/osterei/schildichat-web.json nginx: enable: true domain: "matrix.flauschekatze.space" sslOnly: true ssl: enable: true cert: "/var/lib/acme-redirect/live/matrix.flauschekatze.space/fullchain" privkey: "/var/lib/acme-redirect/live/matrix.flauschekatze.space/privkey" extraConfig: " location /node-exporter { proxy_pass http://127.0.0.1:9100/metrics; } "