akpella/config.yaml

---
variant: flatcar
version: 1.0.0

passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpw3cIAdtWOYUkb6UOAIcLuRzItoo4oZMzr/hzZYq4E openpgp:0xFAAA0172
    - name: matrixdotorg-synapse
      home_dir: /opt/matrixdotorg-synapse
    - name: caddy
      home_dir: /opt/caddy

storage:
  directories:
    - path: /opt/caddy/data
    - path: /opt/caddy/etc/caddy
    - path: /opt/caddy/var/www/html
    - path: /opt/matrixdotorg-synapse/data
  files:
    # hostname
    - path: /etc/hostname
      contents:
        inline: "akpella.fst.ee"
    # network
    - path: /etc/systemd/network/00-eth0.network
      contents:
        inline: |
          [Match]
          Name=eth0

          [Network]
          DNS=1.1.1.1
          Address=193.40.103.107/24
          Gateway=193.40.103.1
    - path: /etc/hosts
      overwrite: true
      contents:
        inline: |
          127.0.0.1       localhost akpella.fst.ee
          ::1             localhost akpella.fst.ee
    - path: /opt/caddy/etc/caddy/Caddyfile
      contents:
        inline: |
          {
            acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
            email akpall+akpella@fst.ee
          }

          fst.ee {
            root * /var/www/html
            file_server
          }

          matrix.fst.ee {
            reverse_proxy http://[::1]:8008
          }
    - path: /opt/caddy/var/www/html/index.html
      contents:
        inline: |
          <h1>no</h1>

systemd:
  units:
    - name: matrixdotorg-synapse.service
      enabled: true
      contents: |
        [Unit]
        Description=Synapse: Matrix homeserver written in Python/Twisted + Rust
        After=docker.service
        Requires=docker.service

        [Service]
        ExecStartPre=/usr/bin/docker run \
          --name=matrixdotorg-synapse \
          --rm \
          --mount type=bind,src=/opt/matrixdotorg-synapse/data,dst=/data \
          -e SYNAPSE_SERVER_NAME=matrix.fst.ee \
          -e SYNAPSE_REPORT_STATS=yes \
          matrixdotorg/synapse:latest generate
        ExecStart=docker run \
          --name=matrixdotorg-synapse \
          --mount type=bind,src=/opt/matrixdotorg-synapse/data,dst=/data \
          -p 127.0.0.1:8008:8008 \
          -p [::1]:8008:8008 \
          matrixdotorg/synapse:latest

        [Install]
        WantedBy=multi-user.target
    - name: caddy.service
      enabled: true
      contents: |
        [Unit]
        Description=Caddy 2 is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go.
        After=docker.service
        Requires=docker.service

        [Service]
        ExecStart=docker run \
          --name=caddy \
          --mount type=bind,src=/opt/caddy/etc/caddy,dst=/etc/caddy \
          --mount type=bind,src=/opt/caddy/var/www/html,dst=/var/www/html \
          --mount type=bind,src=/opt/caddy/data,dst=/data \
          -p 80:80 \
          -p 443:443 \
          caddy:latest

        [Install]
        WantedBy=multi-user.target