bad merge

.gitignore

@@ -1,6 +1,4 @@
 *~
 abra/catalogue
-abra/recipes/*
-!abra/recipes/rtm-astro-recipe
-!abra/recipes/mapbattle-recipe
+abra/recipes
 abra/logs

.gitmodules

@@ -1,6 +0,0 @@
-[submodule "abra/recipes/rtm-astro-recipe"]
-	path = abra/recipes/rtm-astro-recipe
-	url = https://git.coopcloud.tech/RTM/rtm-astro-recipe
-[submodule "abra/recipes/mapbattle-recipe"]
-	path = abra/recipes/mapbattle-recipe
-	url = ssh://git@git.coopcloud.tech:2222/RTM/mapbattle-recipe.git

README.md

@@ -1,34 +0,0 @@
-## Setup
-
-Members of RTM: check out the "RTM Reference" collective on our nextcloud for information on how to set up tailscale, ssh access, and user accounts on our servers. Without this, you won't be able to do operations.
-
-Once you have network access, install abra. Read the "Install" and "Quick start"/"New operators tutorial" sections of https://docs.coopcloud.tech/abra/, which will guide you through `wget`ting abra.
-
-Then, run:
-
-```
-$ git clone --recurse-submodules https://git.coopcloud.tech/RTM/rtm-config.git
-$ cd rtm-config
-$ abra server add laylotta.resisttechmonopolies.online
-$ abra server add mango.resisttechmonmopolies.online
-$ abra server add sootie.resisttechmonopolies.online
-$ abra server add hazel.resisttechmonopolies.online
-```
-
-If you skipped the `--recurse-submodules` flag, you can still do `git submodule update --init` later to get the rtm-astro-recipe recipe.
-
-## Usage
-
-Once you've got this repo cloned and abra installed, you can run abra commands. To test:
-
-```
-$ abra app logs resisttechmonopolies.online
-```
-
-Should give a list of logs for our website! Other abra commands will work here.
-
-From here, use `abra` to make changes (and reach out to a member of our infra/member-services working group for a tutorial if you would like!). Then, contribute your git changes back to this repository so everyone else sees what you've done and doesn't clobber your changes.
-
-## Dev environment
-
-Sootie is our dev server. If you would like to experiment with changes and fuck around there, use sootie! The implication here is that sootie has a greater chance of having uncommitted changes in its environment than other servers, and that these changes are safe to clobber over.

abra/servers/hazel.resisttechmonopolies.online/traefik.hazel.resisttechmonopolies.online.env

@@ -1,208 +0,0 @@
-TYPE=traefik:5.1.1+v3.6.15
-TIMEOUT=300
-ENABLE_AUTO_UPDATE=true
-ENABLE_BACKUPS=true
-
-DOMAIN=traefik.hazel.resisttechmonopolies.online
-LETS_ENCRYPT_ENV=production
-
-LETS_ENCRYPT_EMAIL=besties@resisttechmonopolies.online
-DASHBOARD_ENABLED=false
-# WARN, INFO etc.
-LOG_LEVEL=WARN
-LOG_MAX_AGE=1
-
-# This is here so later lines can extend it; you likely don't wanna edit
-COMPOSE_FILE="compose.yml"
-
-#####################################################################
-# General settings                                                  #
-#####################################################################
-
-## Ingress-mode port publishing for ports 80 and 443
-##
-## /!\ Using this prevents the use of any compose override adding
-##     published ports to the traefik_app service (almost all of them)
-##     and it prevents the use of IPv6 for ingress traffic.
-##     Do not uncomment unless you know exactly what you are doing
-##
-#COMPOSE_FILE="$COMPOSE_FILE:compose.no-host.yml"
-
-## "Headless mode" (no domain configured)
-#COMPOSE_FILE="$COMPOSE_FILE:compose.headless.yml"
-
-#####################################################################
-# Automatic DNS set-up for Letsencrypt                              #
-#####################################################################
-
-## Enable dns challenge (for wildcard domains)
-##   https://go-acme.github.io/lego/dns/#dns-providers
-#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
-## *Currently* one of ovh, gandi, gandiv5, digitalocean, azure, porkbun.
-## Uncomment the corresponding provider below to insert your secret token/key.
-#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh
-
-## OVH, https://ovh.com
-#COMPOSE_FILE="$COMPOSE_FILE:compose.ovh.yml"
-#OVH_ENABLED=1
-#OVH_APPLICATION_KEY=
-#OVH_ENDPOINT=
-#SECRET_OVH_APP_SECRET_VERSION=v1
-#SECRET_OVH_CONSUMER_KEY=v1
-
-## Gandi, https://gandi.net
-## note(3wc): only "V5" (new) API is supported, so far
-#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-api-key.yml"
-#GANDI_API_KEY_ENABLED=1
-#SECRET_GANDIV5_API_KEY_VERSION=v1
-
-## Gandi, https://gandi.net
-## note: uses GandiV5 Personal Access Token
-#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-personal-access-token.yml"
-#GANDI_PERSONAL_ACCESS_TOKEN_ENABLED=1
-#SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION=v1
-
-## DigitalOcean, https://digitalocean.com
-#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
-#DIGITALOCEAN_ENABLED=1
-#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
-
-## Azure, https://azure.com
-## To insert your Azure client secret:
-## abra app secret insert {myapp.example.coop} azure_secret v1 "<CLIENT_SECRET>"
-#COMPOSE_FILE="$COMPOSE_FILE:compose.azure.yml"
-#AZURE_ENABLED=1
-#AZURE_TENANT_ID=
-#AZURE_CLIENT_ID=
-#AZURE_SUBSCRIPTION_ID=
-#AZURE_RESOURCE_GROUP=
-#SECRET_AZURE_SECRET_VERSION=v1
-
-## Porkbun, https://porkbun.com
-## To insert your secrets:
-## abra app secret insert 1312.net pb_api_key v1 pk1_413
-## abra app secret insert 1312.net pb_s_api_key v1 sk1_612
-#COMPOSE_FILE="$COMPOSE_FILE:compose.porkbun.yml"
-#SECRET_PORKBUN_API_KEY_VERSION=v1
-#SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1
-
-#####################################################################
-# Manual wildcard certificate insertion                             #
-#####################################################################
-
-# Set wildcards = 1, and uncomment compose_file to enable.
-# Create your certs elsewhere and add them like:
-# abra app secret insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"
-# abra app secret insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"
-#WILDCARDS_ENABLED=1
-#SECRET_WILDCARD_CERT_VERSION=v1
-#SECRET_WILDCARD_KEY_VERSION=v1
-#COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"
-
-#####################################################################
-# Authentication                                                    #
-#####################################################################
-
-## Enable Keycloak
-#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
-#KEYCLOAK_MIDDLEWARE_ENABLED=1
-#KEYCLOAK_TFA_SERVICE=traefik-forward-auth_app
-#KEYCLOAK_MIDDLEWARE_2_ENABLED=1
-#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app
-
-## BASIC_AUTH
-## Use httpasswd to generate the secret
-#COMPOSE_FILE="$COMPOSE_FILE:compose.basicauth.yml"
-#BASIC_AUTH=1
-#SECRET_USERSFILE_VERSION=v1
-
-#####################################################################
-# Prometheus metrics                                                #
-#####################################################################
-
-## Enable prometheus metrics collection
-## used used by the coop-cloud monitoring stack
-## BASIC_AUTH should also be enabled
-#COMPOSE_FILE="$COMPOSE_FILE:compose.metrics.yml"
-#METRICS_ENABLED=1
-#METRICS_FQDN=metrics.traefik.hazel.resisttechmonopolies.online
-
-#####################################################################
-# File provider directory configuration                             #
-# (Route bare metal and non-docker services on the machine!)        #
-#####################################################################
-#FILE_PROVIDER_DIRECTORY_ENABLED=1
-
-#####################################################################
-# Additional services                                               #
-#####################################################################
-
-## SMTP port 587
-#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
-#SMTP_ENABLED=1
-
-## Compy
-#COMPOSE_FILE="$COMPOSE_FILE:compose.compy.yml"
-#COMPY_ENABLED=1
-
-## Gitea SSH
-# COMPOSE_FILE="$COMPOSE_FILE:compose.gitea.yml"
-# GITEA_SSH_ENABLED=1
-
-## P2Panda UDP
-# COMPOSE_FILE="$COMPOSE_FILE:compose.p2panda.yml"
-# P2PANDA_ENABLED=1
-
-## Foodsoft SMTP
-# COMPOSE_FILE="$COMPOSE_FILE:compose.foodsoft.yml"
-# FOODSOFT_SMTP_ENABLED=1
-
-## Peertube RTMP
-#COMPOSE_FILE="$COMPOSE_FILE:compose.peertube.yml"
-#PEERTUBE_RTMP_ENABLED=1
-
-## Secure Scuttlebutt MUXRPC
-#COMPOSE_FILE="$COMPOSE_FILE:compose.ssb.yml"
-#SSB_MUXRPC_ENABLED=1
-
-## MSSQL
-#COMPOSE_FILE="$COMPOSE_FILE:compose.mssql.yml"
-#MSSQL_ENABLED=1
-
-## Mumble
-#COMPOSE_FILE="$COMPOSE_FILE:compose.mumble.yml"
-#MUMBLE_ENABLED=1
-
-## Matrix
-#COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
-#MATRIX_FEDERATION_ENABLED=1
-
-## "Web alt", an alternative web port
-# NOTE(3wc): as of 2024-04-01 only the `icecast` recipe uses this
-#COMPOSE_FILE="$COMPOSE_FILE:compose.web-alt.yml"
-#WEB_ALT_ENABLED=1
-
-## Matrix
-#COMPOSE_FILE="$COMPOSE_FILE:compose.irc.yml"
-#IRC_ENABLED=1
-
-## Garage
-#COMPOSE_FILE="$COMPOSE_FILE:compose.garage.yml"
-#GARAGE_RPC_ENABLED=1
-
-## Nextcloud Talk HPB
-#COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud-talk-hpb.yml"
-#NEXTCLOUD_TALK_HPB_ENABLED=1
-
-## Anubis
-#COMPOSE_FILE="$COMPOSE_FILE:compose.anubis.yml"
-#ANUBIS_COOKIE_DOMAIN=example.com
-#ANUBIS_DOMAIN=anubis.example.com
-#ANUBIS_REDIRECT_DOMAINS=
-#ANUBIS_OG_PASSTHROUGH=true
-#ANUBIS_OG_EXPIRY_TIME=1h
-#ANUBIS_OG_CACHE_CONSIDER_HOST=true
-#ANUBIS_SERVE_ROBOTS_TXT=true
-
-## Enable onion service support
-#ONION_ENABLED=1

abra/servers/laylotta.resisttechmonopolies.online/headscale.laylotta.resisttechmonopolies.online.env

@@ -1,29 +0,0 @@
-TYPE=headscale:00a12a21
-
-DOMAIN=headscale.laylotta.resisttechmonopolies.online
-
-## Domain aliases
-#EXTRA_DOMAINS=', `www.headscale.laylotta.resisttechmonopolies.online`'
-
-LETS_ENCRYPT_ENV=production
-
-COMPOSE_FILE="compose.yml"
-
-# Defines the base domain to create the hostnames for MagicDNS.
-BASE_DOMAIN=rtm.online
-
-# set this to true to enable using the built-in DERP rather than tailscale's
-ENABLE_DERP=true
-
-# enable oidc
-OIDC_ENABLED=1
-OIDC_ISSUER=https://auth.resisttechmonopolies.online/application/o/headscale/
-SECRET_OIDC_CLIENT_KEY_VERSION=v1
-COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
-
-# See https://git.coopcloud.tech/coop-cloud/backup-bot-two
-ENABLE_BACKUPS=true
-
-## allow cron updater
-COMPOSE_FILE="$COMPOSE_FILE:compose.dns.yml"
-DNS_REPO=RTM/sootie-dynamic-dns

abra/servers/laylotta.resisttechmonopolies.online/loomio.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=loomio:5.2.0+v3.0.20
+TYPE=loomio:5.1.3+v3.0.0
 COMPOSE_FILE="compose.yml"
 
 DOMAIN=loomio.resisttechmonopolies.online

abra/servers/laylotta.resisttechmonopolies.online/m.laylotta.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=monitoring-ng:23b13cb8
+TYPE=monitoring-ng:1.6.0+v1.8.1
 LETS_ENCRYPT_ENV=production
 COMPOSE_FILE=compose.yml
 DOMAIN=m.laylotta.resisttechmonopolies.online
@@ -6,32 +6,33 @@ TIMEOUT=120
 ENABLE_BACKUPS=true
 
 ## Enable this secret for Promtail / Prometheus
-SECRET_BASIC_AUTH_VERSION=v1
-
-## Promtail (Gathering Logs)
-COMPOSE_FILE="$COMPOSE_FILE:compose.promtail.yml"
-LOKI_PUSH_URL=https://loki.${DOMAIN}/loki/api/v1/push
+# SECRET_BASIC_AUTH_VERSION=v1
+#
+# Promtail (Gathering Logs)
+# COMPOSE_FILE="$COMPOSE_FILE:compose.promtail.yml"
+# LOKI_PUSH_URL=https://loki.monitoring.example.org/loki/api/v1/push
 
 ## Expose node and cadvisor ports instead of traefik
-COMPOSE_FILE="$COMPOSE_FILE:compose.expose-ports.yml"
+# COMPOSE_FILE="$COMPOSE_FILE:compose.expose-ports.yml"
 
 # Monitoring Server
 #
 ## Prometheus
-COMPOSE_FILE="$COMPOSE_FILE:compose.prometheus.yml"
-PROMETHEUS_RETENTION_TIME=1y
-
+# COMPOSE_FILE="$COMPOSE_FILE:compose.prometheus.yml"
+# PROMETHEUS_RETENTION_TIME=1y
+#
 ## Prometheus Pushgateway
-COMPOSE_FILE="$COMPOSE_FILE:compose.pushgateway.yml"
-
+# COMPOSE_FILE="$COMPOSE_FILE:compose.pushgateway.yml"
+#
 ## Loki
 # Loki Server
-COMPOSE_FILE="$COMPOSE_FILE:compose.loki.yml"
-
+#
+# COMPOSE_FILE="$COMPOSE_FILE:compose.loki.yml"
+#
 # Set to 0 to disable retention
-LOKI_RETENTION_PERIOD=744h
-LOKI_STORAGE_FILESYSTEM=1
-
+# LOKI_RETENTION_PERIOD=744h
+# LOKI_STORAGE_FILESYSTEM=1
+#
 ## S3 Storage
 # LOKI_STORAGE_S3=1
 # LOKI_AWS_ENDPOINT=https://minio.autonomic.zone

abra/servers/laylotta.resisttechmonopolies.online/m.laylotta.resisttechmonopolies.online.scrape-config.yml

@@ -1,6 +0,0 @@
-# https://git.coopcloud.tech/coop-cloud/monitoring-ng/src/branch/main/scrape-config.example.yml
-# https://prometheus.io/docs/prometheus/latest/getting_started/#configure-prometheus-to-monitor-the-sample-targets
-- targets
-  - 'm.laylotta.resisttechmonopolies.online:8082'
-  - 'node.m.laylotta.resisttechmonopolies.online'
-  - 'cadvisor.m.laylotta.resisttechmonopolies.online'

abra/servers/laylotta.resisttechmonopolies.online/mail.resisttechmonopolies.online.env

@@ -4,7 +4,7 @@
 ###############################################################################
 # BOILERPLATE SETTINGS (shouldn't need to change these)                       #
 ###############################################################################
-TYPE=mailu:3.0.1+2024.06.37
+TYPE=mailu:23309a1a+U
 LETS_ENCRYPT_ENV=production
 COMPOSE_FILE="compose.yml"
 

abra/servers/laylotta.resisttechmonopolies.online/resisttechmonopolies.online.env

@@ -1,9 +0,0 @@
-TYPE=rtm-astro-recipe:6e6418fb
-
-DOMAIN=resisttechmonopolies.online
-
-## Domain aliases
-#EXTRA_DOMAINS=', `www.website.resisttechmonopolies.online`'
-
-LETS_ENCRYPT_ENV=production
-VERSION=0.0.21

abra/servers/laylotta.resisttechmonopolies.online/shlink.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=shlink:0.1.0+4.4
+TYPE=shlink:21d93464
 
 DOMAIN=shlink.resisttechmonopolies.online
 

abra/servers/mango.resisttechmonopolies.online/uk.mango.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=uptime-kuma:3.0.0+2.2.1
+TYPE=uptime-kuma:2.0.0+2.0.0-beta.1
 COMPOSE_FILE="compose.yml"
 LETS_ENCRYPT_ENV=production
 

abra/servers/mango.resisttechmonopolies.online/vw.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=vaultwarden:2.1.3+1.35.4
+TYPE=vaultwarden:2.1.1+1.34.3
 
 DOMAIN=vw.resisttechmonopolies.online
 LETS_ENCRYPT_ENV=production

abra/servers/resisttechmonopolies.online/auth.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=authentik:11.0.4+2026.2.1
+TYPE=authentik:7.4.0+2025.6.3
 TIMEOUT=900
 ENABLE_AUTO_UPDATE=true
 POST_DEPLOY_CMDS="worker set_admin_pass"
@@ -25,11 +25,11 @@ AUTHENTIK_LOG_LEVEL=info
 AUTHENTIK_BOOTSTRAP_EMAIL=ammar@ammaratef45.ddns.net
 
 ## EMAIL
-AUTHENTIK_EMAIL__HOST=mail.resisttechmonopolies.online
-AUTHENTIK_EMAIL__PORT=465
+AUTHENTIK_EMAIL__HOST=smtp.protonmail.ch
+AUTHENTIK_EMAIL__PORT=587
 AUTHENTIK_EMAIL__USERNAME="besties@resisttechmonopolies.online"
-AUTHENTIK_EMAIL__USE_TLS=false
-AUTHENTIK_EMAIL__USE_SSL=true
+AUTHENTIK_EMAIL__USE_TLS=true
+AUTHENTIK_EMAIL__USE_SSL=false
 AUTHENTIK_EMAIL__TIMEOUT=10
 AUTHENTIK_EMAIL__FROM=besties@resisttechmonopolies.online
 
@@ -38,7 +38,7 @@ SECRET_SECRET_KEY_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_ADMIN_TOKEN_VERSION=v1
 SECRET_ADMIN_PASS_VERSION=v1
-SECRET_EMAIL_PASS_VERSION=v5
+SECRET_EMAIL_PASS_VERSION=v2
 
 # X_FRAME_OPTIONS_ALLOW_FROM=dashboard.example.org
 

abra/servers/resisttechmonopolies.online/draupnir.resisttechmonopolies.online.env

@@ -0,0 +1,31 @@
+TYPE=draupnir:785815dd+U
+
+DOMAIN=draupnir.resisttechmonopolies.online
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.draupnir.resisttechmonopolies.online`'
+
+LETS_ENCRYPT_ENV=production
+
+HOME_SERVER_URL="https://matrix.resisttechmonopolies.online"
+RAW_HOMESERVER_URL="https://matrix.resisttechmonopolies.online"
+DRAUPNIR_LOG_LEVEL="DEBUG"
+
+# The room ID (or room alias) of the management room, anyone in this room can issue commands to Draupnir.
+#
+# Draupnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it!
+#
+# This should be a room alias or room ID - not a matrix.to URL.
+#
+# Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room.
+# (see verboseLogging to adjust this a bit.)
+MANAGEMENT_ROOM="!KTOGIJKnLqziezPzuO:matrix.org" 
+
+# If true (the default), Draupnir will only accept invites from users present in managementRoom.
+AUTO_JOIN_ONLY_IF_MANAGER=true
+
+# If `autojoinOnlyIfManager` is false, only the members in this space can invite
+# the bot to new rooms.
+# ACCEPT_INVITES_FROM_SPACE="!example:example.org"
+
+ACCESS_TOKEN_VERSION=v1

abra/servers/resisttechmonopolies.online/maubot.resisttechmonopolies.online.env

@@ -0,0 +1,18 @@
+TYPE=maubot:f5b93759+U
+
+DOMAIN=maubot.resisttechmonopolies.online
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.maubot.resisttechmonopolies.online`'
+
+LETS_ENCRYPT_ENV=production
+
+HOMESERVER_HOST=matrix.resisttechmonopolies.online
+# Client-server API URL
+HOMESERVER_URL=https://matrix.resisttechmonopolies.online
+
+ADMIN_USER_NAME=charlie
+
+## Secrets
+SECRET_ADMIN_PASSWORD_VERSION=v1
+SECRET_HOMESERVER_REGISTRATION_VERSION=v1

abra/servers/resisttechmonopolies.online/nextcloud.resisttechmonopolies.online.occ

@@ -19,5 +19,3 @@ abra app command nextcloud.resisttechmonopolies.online app run_occ "'db:add-miss
 #     Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add "default_phone_region" with the respective ISO 3166-1 code of the region to your config file.
 # Solution found at: https://help.nextcloud.com/t/your-installation-has-no-default-phone-region-set/153632/3
 abra app command nextcloud.resisttechmonopolies.online app run_occ "'config:system:set default_phone_region --value=\"us\"'"
-# move shared folder: "Node for share not found": https://github.com/nextcloud/server/issues/46467#issuecomment-2336672900
-abra app command nextcloud.resisttechmonopolies.online app run_occ "'sharing:delete-orphan-shares'"

abra/servers/resisttechmonopolies.online/resisttechmonopolies.online.env

@@ -0,0 +1,10 @@
+TYPE=rtm-astro-recipe:6e6418f
+
+DOMAIN=resisttechmonopolies.online
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.resisttechmonopolies.online`'
+
+LETS_ENCRYPT_ENV=production
+
+VERSION=0.0.10