Merge pull request 'Add www domain for the website' (#19) from linnealovespie/www into main

Reviewed-on: RTM/rtm-config#19

.gitignore

@@ -1 +1,6 @@
-.*~
+*~
+abra/catalogue
+abra/recipes/*
+!abra/recipes/rtm-astro-recipe
+!abra/recipes/mapbattle-recipe
+abra/logs

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "abra/recipes/rtm-astro-recipe"]
+	path = abra/recipes/rtm-astro-recipe
+	url = https://git.coopcloud.tech/RTM/rtm-astro-recipe
+[submodule "abra/recipes/mapbattle-recipe"]
+	path = abra/recipes/mapbattle-recipe
+	url = ssh://git@git.coopcloud.tech:2222/RTM/mapbattle-recipe.git

README.md

@@ -0,0 +1,33 @@
+## Setup
+
+Members of RTM: check out the "RTM Reference" collective on our nextcloud for information on how to set up tailscale, ssh access, and user accounts on our servers. Without this, you won't be able to do operations.
+
+Once you have network access, install abra. Read the "Install" and "Quick start"/"New operators tutorial" sections of https://docs.coopcloud.tech/abra/, which will guide you through `wget`ting abra.
+
+Then, run:
+
+```
+$ git clone --recurse-submodules https://git.coopcloud.tech/RTM/rtm-config.git
+$ cd rtm-config
+$ abra server add laylotta.resisttechmonopolies.online
+$ abra server add mango.resisttechmonmopolies.online
+$ abra server add sootie.resisttechmonopolies.online
+```
+
+If you skipped the `--recurse-submodules` flag, you can still do `git submodule update --init` later to get the rtm-astro-recipe recipe.
+
+## Usage
+
+Once you've got this repo cloned and abra installed, you can run abra commands. To test:
+
+```
+$ abra app logs resisttechmonopolies.online
+```
+
+Should give a list of logs for our website! Other abra commands will work here.
+
+From here, use `abra` to make changes (and reach out to a member of our infra/member-services working group for a tutorial if you would like!). Then, contribute your git changes back to this repository so everyone else sees what you've done and doesn't clobber your changes.
+
+## Dev environment
+
+Sootie is our dev server. If you would like to experiment with changes and fuck around there, use sootie! The implication here is that sootie has a greater chance of having uncommitted changes in its environment than other servers, and that these changes are safe to clobber over.

abra/servers/laylotta.resisttechmonopolies.online/auth.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=authentik:7.4.0+2025.6.3
+TYPE=authentik:11.0.4+2026.2.1
 TIMEOUT=900
 ENABLE_AUTO_UPDATE=true
 POST_DEPLOY_CMDS="worker set_admin_pass"
@@ -25,11 +25,11 @@ AUTHENTIK_LOG_LEVEL=info
 AUTHENTIK_BOOTSTRAP_EMAIL=ammar@ammaratef45.ddns.net
 
 ## EMAIL
-AUTHENTIK_EMAIL__HOST=smtp.protonmail.ch
-AUTHENTIK_EMAIL__PORT=587
+AUTHENTIK_EMAIL__HOST=mail.resisttechmonopolies.online
+AUTHENTIK_EMAIL__PORT=465
 AUTHENTIK_EMAIL__USERNAME="besties@resisttechmonopolies.online"
-AUTHENTIK_EMAIL__USE_TLS=true
-AUTHENTIK_EMAIL__USE_SSL=false
+AUTHENTIK_EMAIL__USE_TLS=false
+AUTHENTIK_EMAIL__USE_SSL=true
 AUTHENTIK_EMAIL__TIMEOUT=10
 AUTHENTIK_EMAIL__FROM=besties@resisttechmonopolies.online
 
@@ -38,7 +38,7 @@ SECRET_SECRET_KEY_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_ADMIN_TOKEN_VERSION=v1
 SECRET_ADMIN_PASS_VERSION=v1
-SECRET_EMAIL_PASS_VERSION=v2
+SECRET_EMAIL_PASS_VERSION=v5
 
 # X_FRAME_OPTIONS_ALLOW_FROM=dashboard.example.org
 

abra/servers/laylotta.resisttechmonopolies.online/collabora.resisttechmonopolies.online.env

@@ -1,7 +0,0 @@
-TYPE=collabora
-DOMAIN=collabora.resisttechmonopolies.online
-LETS_ENCRYPT_ENV=production
-NEXTCLOUD_DOMAIN=nextcloud.resisttechmonopolies.online
-ADMIN_USERNAME=admin
-SECRET_ADMIN_PASSWORD_VERSION=v1
-FRAME_ANCESTORS=

abra/servers/laylotta.resisttechmonopolies.online/headscale.laylotta.resisttechmonopolies.online.env

@@ -0,0 +1,29 @@
+TYPE=headscale:00a12a21
+
+DOMAIN=headscale.laylotta.resisttechmonopolies.online
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.headscale.laylotta.resisttechmonopolies.online`'
+
+LETS_ENCRYPT_ENV=production
+
+COMPOSE_FILE="compose.yml"
+
+# Defines the base domain to create the hostnames for MagicDNS.
+BASE_DOMAIN=rtm.online
+
+# set this to true to enable using the built-in DERP rather than tailscale's
+ENABLE_DERP=true
+
+# enable oidc
+OIDC_ENABLED=1
+OIDC_ISSUER=https://auth.resisttechmonopolies.online/application/o/headscale/
+SECRET_OIDC_CLIENT_KEY_VERSION=v1
+COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
+
+# See https://git.coopcloud.tech/coop-cloud/backup-bot-two
+ENABLE_BACKUPS=true
+
+## allow cron updater
+COMPOSE_FILE="$COMPOSE_FILE:compose.dns.yml"
+DNS_REPO=RTM/sootie-dynamic-dns

abra/servers/laylotta.resisttechmonopolies.online/loomio.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=loomio:5.1.2+v3.0.0
+TYPE=loomio:5.2.0+v3.0.20
 COMPOSE_FILE="compose.yml"
 
 DOMAIN=loomio.resisttechmonopolies.online
@@ -10,13 +10,13 @@ LETS_ENCRYPT_ENV=production
 COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 SUPPORT_EMAIL=besties@resisttechmonopolies.online
 SMTP_AUTH=plain
-SMTP_DOMAIN=smtp.protonmail.ch
-SMTP_SERVER=smtp.protonmail.ch
-SMTP_PORT=587
+SMTP_DOMAIN=mail.resisttechmonopolies.online
+SMTP_SERVER=mail.resisttechmonopolies.online
+SMTP_PORT=465
 SMTP_USERNAME=besties@resisttechmonopolies.online
-# SMTP_USE_SSL=1
+SMTP_USE_SSL=1
 # to disable SSL comment out line rather than changing to 0
-SECRET_SMTP_PASSWORD_VERSION=v2
+SECRET_SMTP_PASSWORD_VERSION=v4
 
 
 # From field for notification e-mails
@@ -104,4 +104,4 @@ OAUTH_ATTR_UID=email
 OAUTH_ATTR_NAME=name
 OAUTH_ATTR_EMAIL=email
 OAUTH_LOGIN_PROVIDER_NAME="loomio SSO"
-SECRET_OAUTH_APP_SECRET_VERSION=v2
+SECRET_OAUTH_APP_SECRET_VERSION=v2

abra/servers/laylotta.resisttechmonopolies.online/m.laylotta.resisttechmonopolies.online.env

@@ -0,0 +1,84 @@
+TYPE=monitoring-ng:23b13cb8
+LETS_ENCRYPT_ENV=production
+COMPOSE_FILE=compose.yml
+DOMAIN=m.laylotta.resisttechmonopolies.online
+TIMEOUT=120
+ENABLE_BACKUPS=true
+
+## Enable this secret for Promtail / Prometheus
+SECRET_BASIC_AUTH_VERSION=v1
+
+## Promtail (Gathering Logs)
+COMPOSE_FILE="$COMPOSE_FILE:compose.promtail.yml"
+LOKI_PUSH_URL=https://loki.${DOMAIN}/loki/api/v1/push
+
+## Expose node and cadvisor ports instead of traefik
+COMPOSE_FILE="$COMPOSE_FILE:compose.expose-ports.yml"
+
+# Monitoring Server
+#
+## Prometheus
+COMPOSE_FILE="$COMPOSE_FILE:compose.prometheus.yml"
+PROMETHEUS_RETENTION_TIME=1y
+
+## Prometheus Pushgateway
+COMPOSE_FILE="$COMPOSE_FILE:compose.pushgateway.yml"
+
+## Loki
+# Loki Server
+COMPOSE_FILE="$COMPOSE_FILE:compose.loki.yml"
+
+# Set to 0 to disable retention
+LOKI_RETENTION_PERIOD=744h
+LOKI_STORAGE_FILESYSTEM=1
+
+## S3 Storage
+# LOKI_STORAGE_S3=1
+# LOKI_AWS_ENDPOINT=https://minio.autonomic.zone
+# LOKI_AWS_REGION=eu-west-1
+# LOKI_ACCESS_KEY_ID=bush-debrief-approval-robust-scraggly-molecule
+# LOKI_BUCKET_NAMES=loki
+# SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION=v1
+#
+## Grafana
+#
+# COMPOSE_FILE="$COMPOSE_FILE:compose.grafana.yml"
+# GF_SERVER_ROOT_URL=https://monitoring.example.com
+# SECRET_GRAFANA_ADMIN_PASSWORD_VERSION=v1
+## Seperate domain for Grafana
+#GRAFANA_DOMAIN=grafana.example.com
+#
+## Single-Sign-On with OIDC
+# OIDC_ENABLED=1
+# SECRET_GRAFANA_OIDC_CLIENT_SECRET_VERSION=v1
+# OIDC_CLIENT_ID=grafana
+# OIDC_AUTH_URL="https://authentik.example.com/application/o/authorize/"
+# OIDC_API_URL="https://authentik.example.com/application/o/userinfo/"
+# OIDC_TOKEN_URL="https://authentik.example.com/application/o/token/"
+#
+## Additional grafana settings (unlikely to require editing)
+# GF_SECURITY_ALLOW_EMBEDDING=1
+# GF_INSTALL_PLUGINS=grafana-piechart-panel
+#
+## grafana SMTP configuration (optional)
+# GF_SMTP_HOST=changeme
+# GF_SMTP_USER=changme
+# GF_SMTP_ENABLED=true
+# GF_SMTP_FROM_ADDRESS=grafana@example.com
+# GF_SMTP_SKIP_VERIFY=false
+# SECRET_GRAFANA_SMTP_PASSWORD_VERSION=v1
+#
+
+## Grafana Matrix Contact Point (optional)
+#COMPOSE_FILE="$COMPOSE_FILE:compose.matrix-alertmanager-receiver.yml"
+#SECRET_MATRIX_ACCESS_TOKEN_VERSION=v1
+#GF_MATRIX_USER_ID="<user-id>"
+#GF_MATRIX_ROOM_ID="<room-id>"
+#GF_MATRIX_HOMESERVER_URL="<homeserver-url>"
+
+# ALerts
+#ALERT_BACKUP_FAILED_ENABLED=true
+#ALERT_BACKUP_MISSING_ENABLED=true
+#ALERT_BACKUP_NOT_SUCCESSFULL_ENABLED=true
+#ALERT_NODE_DISK_SPACE_ENABLED=true
+#ALERT_NODE_MEMORY_USAGE_ENABLED=true

abra/servers/laylotta.resisttechmonopolies.online/m.laylotta.resisttechmonopolies.online.scrape-config.yml

@@ -0,0 +1,6 @@
+# https://git.coopcloud.tech/coop-cloud/monitoring-ng/src/branch/main/scrape-config.example.yml
+# https://prometheus.io/docs/prometheus/latest/getting_started/#configure-prometheus-to-monitor-the-sample-targets
+- targets
+  - 'm.laylotta.resisttechmonopolies.online:8082'
+  - 'node.m.laylotta.resisttechmonopolies.online'
+  - 'cadvisor.m.laylotta.resisttechmonopolies.online'

abra/servers/laylotta.resisttechmonopolies.online/mail.resisttechmonopolies.online.env

@@ -4,7 +4,7 @@
 ###############################################################################
 # BOILERPLATE SETTINGS (shouldn't need to change these)                       #
 ###############################################################################
-TYPE=mailu:23309a1a+U
+TYPE=mailu:3.0.1+2024.06.37
 LETS_ENCRYPT_ENV=production
 COMPOSE_FILE="compose.yml"
 

abra/servers/laylotta.resisttechmonopolies.online/nextcloud.resisttechmonopolies.online.occ

@@ -19,3 +19,5 @@ abra app command nextcloud.resisttechmonopolies.online app run_occ "'db:add-miss
 #     Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add "default_phone_region" with the respective ISO 3166-1 code of the region to your config file.
 # Solution found at: https://help.nextcloud.com/t/your-installation-has-no-default-phone-region-set/153632/3
 abra app command nextcloud.resisttechmonopolies.online app run_occ "'config:system:set default_phone_region --value=\"us\"'"
+# move shared folder: "Node for share not found": https://github.com/nextcloud/server/issues/46467#issuecomment-2336672900
+abra app command nextcloud.resisttechmonopolies.online app run_occ "'sharing:delete-orphan-shares'"

abra/servers/laylotta.resisttechmonopolies.online/resisttechmonopolies.online.env

@@ -0,0 +1,10 @@
+TYPE=rtm-astro-recipe:6e6418fb
+
+DOMAIN=resisttechmonopolies.online
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.website.resisttechmonopolies.online`'
+EXTRA_DOMAINS=", `www.resisttechmonopolies.online`"
+
+LETS_ENCRYPT_ENV=production
+VERSION=0.0.21

abra/servers/laylotta.resisttechmonopolies.online/scj.laylotta.resisttechmonopolies.online.env

@@ -0,0 +1,5 @@
+RECIPE=swarm-cronjob:1.11.0+1.15.0
+
+TZ=UTC
+LOG_LEVEL=info
+LOG_JSON=false

abra/servers/laylotta.resisttechmonopolies.online/shlink.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=shlink:21d93464
+TYPE=shlink:0.1.0+4.4
 
 DOMAIN=shlink.resisttechmonopolies.online
 

abra/servers/laylotta.resisttechmonopolies.online/t.laylotta.resisttechmonopolies.online.env

@@ -96,9 +96,9 @@ COMPOSE_FILE="compose.yml"
 
 ## BASIC_AUTH
 ## Use httpasswd to generate the secret
-#COMPOSE_FILE="$COMPOSE_FILE:compose.basicauth.yml"
-#BASIC_AUTH=1
-#SECRET_USERSFILE_VERSION=v1
+COMPOSE_FILE="$COMPOSE_FILE:compose.basicauth.yml"
+BASIC_AUTH=1
+SECRET_USERSFILE_VERSION=v1
 
 #####################################################################
 # Prometheus metrics                                                #

abra/servers/mango.resisttechmonopolies.online/bbt.mango.resisttechmonopolies.online.env

@@ -0,0 +1,34 @@
+TYPE=backup-bot-two:2.3.0+2.3.0-beta
+
+SECRET_RESTIC_PASSWORD_VERSION=v1
+
+COMPOSE_FILE=compose.yml
+
+RESTIC_REPOSITORY=/backups/restic
+
+CRON_SCHEDULE='30 3 * * *'
+
+# Push Notifiactions
+#PUSH_URL_START=https://status.example.com/api/push/xxxxxxxxxx?status=up&msg=start
+#PUSH_URL_SUCCESS=https://status.example.com/api/push/xxxxxxxxxx?status=up&msg=OK
+#PUSH_URL_FAIL=https://status.example.com/api/push/xxxxxxxxxx?status=down&msg=fail
+
+# swarm-cronjob, instead of built-in cron
+#COMPOSE_FILE="$COMPOSE_FILE:compose.swarm-cronjob.yml"
+
+# SSH storage
+#SECRET_SSH_KEY_VERSION=v1
+#SSH_HOST_KEY="hostname ssh-rsa AAAAB3...
+#COMPOSE_FILE="$COMPOSE_FILE:compose.ssh.yml"
+
+# S3 storage
+#SECRET_AWS_SECRET_ACCESS_KEY_VERSION=v1
+#AWS_ACCESS_KEY_ID=something-secret
+#COMPOSE_FILE="$COMPOSE_FILE:compose.s3.yml"
+
+# Secret restic repository
+# use a secret to store the RESTIC_REPOSITORY if the repository location contains a secret value
+# i.E rest:https://user:SECRET_PASSWORD@host:8000/
+# it overwrites the RESTIC_REPOSITORY variable
+SECRET_RESTIC_REPO_VERSION=v2
+COMPOSE_FILE="$COMPOSE_FILE:compose.secret.yml"

abra/servers/mango.resisttechmonopolies.online/uk.mango.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=uptime-kuma:2.0.0+2.0.0-beta.1
+TYPE=uptime-kuma:3.0.0+2.2.1
 COMPOSE_FILE="compose.yml"
 LETS_ENCRYPT_ENV=production
 

abra/servers/mango.resisttechmonopolies.online/vw.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=vaultwarden:2.1.1+1.34.3
+TYPE=vaultwarden:2.1.3+1.35.4
 
 DOMAIN=vw.resisttechmonopolies.online
 LETS_ENCRYPT_ENV=production

abra/servers/resisttechmonopolies.online/calibre.resisttechmonopolies.online.env

@@ -1,13 +0,0 @@
-TYPE=calibre-web
-
-DOMAIN=calibre.resisttechmonopolies.online
-LETS_ENCRYPT_ENV=production
-
-DOCKER_MODS="linuxserver/calibre-web:calibre"
-OAUTHLIB_RELAX_TOKEN_SCOPE=1
-TZ="America/Los_Angeles"
-
-DEBUG=False
-
-# oauth2 support
-COMPOSE_FILE="compose.yml:compose.oauth2.yml"

abra/servers/resisttechmonopolies.online/draupnir.resisttechmonopolies.online.env

@@ -1,31 +0,0 @@
-TYPE=draupnir:785815dd+U
-
-DOMAIN=draupnir.resisttechmonopolies.online
-
-## Domain aliases
-#EXTRA_DOMAINS=', `www.draupnir.resisttechmonopolies.online`'
-
-LETS_ENCRYPT_ENV=production
-
-HOME_SERVER_URL="https://matrix.resisttechmonopolies.online"
-RAW_HOMESERVER_URL="https://matrix.resisttechmonopolies.online"
-DRAUPNIR_LOG_LEVEL="DEBUG"
-
-# The room ID (or room alias) of the management room, anyone in this room can issue commands to Draupnir.
-#
-# Draupnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it!
-#
-# This should be a room alias or room ID - not a matrix.to URL.
-#
-# Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room.
-# (see verboseLogging to adjust this a bit.)
-MANAGEMENT_ROOM="!KTOGIJKnLqziezPzuO:matrix.org" 
-
-# If true (the default), Draupnir will only accept invites from users present in managementRoom.
-AUTO_JOIN_ONLY_IF_MANAGER=true
-
-# If `autojoinOnlyIfManager` is false, only the members in this space can invite
-# the bot to new rooms.
-# ACCEPT_INVITES_FROM_SPACE="!example:example.org"
-
-ACCESS_TOKEN_VERSION=v1

abra/servers/resisttechmonopolies.online/focalboard.resisttechmonopolies.online.env

@@ -1,7 +0,0 @@
-TYPE=focalboard
-
-DOMAIN=focalboard.resisttechmonopolies.online
-
-## Domain aliases
-#EXTRA_DOMAINS=', `www.focalboard.resisttechmonopolies.online`'
-LETS_ENCRYPT_ENV=production

abra/servers/resisttechmonopolies.online/resisttechmonopolies.online.env

@@ -1,10 +0,0 @@
-TYPE=rtm-astro-recipe:6e6418f
-
-DOMAIN=resisttechmonopolies.online
-
-## Domain aliases
-#EXTRA_DOMAINS=', `www.resisttechmonopolies.online`'
-
-LETS_ENCRYPT_ENV=production
-
-VERSION=0.0.10

abra/servers/sootie.resisttechmonopolies.online/hedgedoc.resisttechmonopolies.online.env

@@ -0,0 +1,59 @@
+TYPE=hedgedoc:3.0.8+1.10.7
+TIMEOUT=300
+ENABLE_AUTO_UPDATE=true
+ENABLE_BACKUPS=true
+
+DOMAIN=hedgedoc.resisttechmonopolies.online
+## Domain aliases
+#EXTRA_DOMAINS=', `www.hedgedoc.resisttechmonopolies.online`'
+LETS_ENCRYPT_ENV=production
+
+SECRET_SESSION_SECRET_VERSION=v1
+
+COMPOSE_FILE="compose.yml"
+
+# Anubis
+#COMPOSE_FILE="$COMPOSE_FILE:compose.anubis.yml"
+
+# PostgreSQL
+
+#COMPOSE_FILE="$COMPOSE_FILE:compose.postgresql.yml"
+#SECRET_DB_PASSWORD_VERSION=v1
+
+# OAuth, see https://docs.hedgedoc.org/guides/auth/keycloak/
+
+#COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
+#CMD_OAUTH2_PROVIDERNAME="Keycloak"
+#CMD_OAUTH2_CLIENT_ID="hedgedoc"
+#CMD_OAUTH2_AUTHORIZATION_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/auth"
+#CMD_OAUTH2_TOKEN_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/token"
+#CMD_OAUTH2_USER_PROFILE_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/userinfo"
+#CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=ocs.data.id
+#CMD_OAUTH2_USER_PROFILE_ID_ATTR=
+#CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=ocs.data.display-name
+#CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=ocs.data.email
+#CMD_OAUTH2_PROVIDERNAME=Keycloak
+#CMD_OAUTH2_SCOPE="openid email profile"
+#
+#SECRET_OAUTH_KEY_VERSION=v1
+
+# Options, see https://docs.hedgedoc.org/configuration/
+
+# CMD_ALLOW_ANONYMOUS=true
+# CMD_ALLOW_ANONYMOUS_EDITS=false
+# CMD_ALLOW_EMAIL_REGISTER=true
+# CMD_ALLOW_FREEURL=false
+# CMD_REQUIRE_FREEURL_AUTHENTICATION=true
+# CMD_ALLOW_GRAVATAR=true
+# CMD_ALLOW_ORIGIN=localhost
+# CMD_COOKIE_POLICY=lax
+# CMD_CSP_ADD_DISQUS=false
+# CMD_CSP_ADD_GOOGLE_ANALYTICS=false
+# CMD_CSP_ENABLE=true
+# CMD_CSP_REPORTURI=undefined
+# CMD_DEFAULT_PERMISSION=editable
+# CMD_EMAIL=true
+# CMD_SESSION_LIFE=1209600000
+# Only present in config.json (no equivalent env var):
+# DOCUMENT_MAX_LENGTH=100000
+# CMD_ENABLE_UPLOADS=registered

abra/servers/sootie.resisttechmonopolies.online/mb.sootie.resisttechmonopolies.online.env

@@ -0,0 +1,18 @@
+TYPE=maubot:1.3.0+v0.6.0
+
+DOMAIN=mb.sootie.resisttechmonopolies.online
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.maubot.resisttechmonopolies.online`'
+
+LETS_ENCRYPT_ENV=production
+
+HOMESERVER_HOST=matrix.resisttechmonopolies.online
+# Client-server API URL
+HOMESERVER_URL=https://matrix.resisttechmonopolies.online
+
+ADMIN_USER_NAME=charlie
+
+## Secrets
+SECRET_ADMIN_PASSWORD_VERSION=v1
+SECRET_HOMESERVER_REGISTRATION_VERSION=v1

abra/servers/sootie.resisttechmonopolies.online/radicale.resisttechmonopolies.online.env

@@ -1,6 +1,6 @@
-TYPE=radicale
+TYPE=radicale:0.1.0+3.0.6.0
 
 DOMAIN=radicale.resisttechmonopolies.online
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.radicale.resisttechmonopolies.online`'
-LETS_ENCRYPT_ENV=production
+LETS_ENCRYPT_ENV=production

abra/servers/sootie.resisttechmonopolies.online/scj.sootie.resisttechmonopolies.online.env

@@ -0,0 +1,5 @@
+RECIPE=swarm-cronjob:1.11.0+1.15.0
+
+TZ=UTC
+LOG_LEVEL=info
+LOG_JSON=false

abra/servers/sootie.resisttechmonopolies.online/t.sootie.resisttechmonopolies.online.env

@@ -1,14 +1,16 @@
-TYPE=traefik:3.7.0+v3.6.2
-TIMEOUT=300
+TYPE=traefik:5.1.1+v3.6.15
+#TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
 ENABLE_BACKUPS=true
 
-DOMAIN=traefik.resisttechmonopolies.online
+DOMAIN=t.sootie.resisttechmonopolies.online
 LETS_ENCRYPT_ENV=production
+
 LETS_ENCRYPT_EMAIL=linnealovespie@proton.me
-DASHBOARD_ENABLED=false
+DASHBOARD_ENABLED=true
 # WARN, INFO etc.
 LOG_LEVEL=WARN
+LOG_MAX_AGE=1
 
 # This is here so later lines can extend it; you likely don't wanna edit
 COMPOSE_FILE="compose.yml"
@@ -17,8 +19,14 @@ COMPOSE_FILE="compose.yml"
 # General settings                                                  #
 #####################################################################
 
-## Host-mode networking
-COMPOSE_FILE="$COMPOSE_FILE:compose.host.yml"
+## Ingress-mode port publishing for ports 80 and 443
+##
+## /!\ Using this prevents the use of any compose override adding
+##     published ports to the traefik_app service (almost all of them)
+##     and it prevents the use of IPv6 for ingress traffic.
+##     Do not uncomment unless you know exactly what you are doing
+##
+#COMPOSE_FILE="$COMPOSE_FILE:compose.no-host.yml"
 
 ## "Headless mode" (no domain configured)
 #COMPOSE_FILE="$COMPOSE_FILE:compose.headless.yml"
@@ -28,8 +36,10 @@ COMPOSE_FILE="$COMPOSE_FILE:compose.host.yml"
 #####################################################################
 
 ## Enable dns challenge (for wildcard domains)
-##   https://doc.traefik.io/traefik/https/acme/#dnschallenge
+##   https://go-acme.github.io/lego/dns/#dns-providers
 #LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
+## *Currently* one of ovh, gandi, gandiv5, digitalocean, azure, porkbun.
+## Uncomment the corresponding provider below to insert your secret token/key.
 #LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh
 
 ## OVH, https://ovh.com
@@ -57,6 +67,25 @@ COMPOSE_FILE="$COMPOSE_FILE:compose.host.yml"
 #DIGITALOCEAN_ENABLED=1
 #SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
 
+## Azure, https://azure.com
+## To insert your Azure client secret:
+## abra app secret insert {myapp.example.coop} azure_secret v1 "<CLIENT_SECRET>"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.azure.yml"
+#AZURE_ENABLED=1
+#AZURE_TENANT_ID=
+#AZURE_CLIENT_ID=
+#AZURE_SUBSCRIPTION_ID=
+#AZURE_RESOURCE_GROUP=
+#SECRET_AZURE_SECRET_VERSION=v1
+
+## Porkbun, https://porkbun.com
+## To insert your secrets:
+## abra app secret insert 1312.net pb_api_key v1 pk1_413
+## abra app secret insert 1312.net pb_s_api_key v1 sk1_612
+#COMPOSE_FILE="$COMPOSE_FILE:compose.porkbun.yml"
+#SECRET_PORKBUN_API_KEY_VERSION=v1
+#SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1
+
 #####################################################################
 # Manual wildcard certificate insertion                             #
 #####################################################################
@@ -93,14 +122,16 @@ COMPOSE_FILE="$COMPOSE_FILE:compose.host.yml"
 
 ## Enable prometheus metrics collection
 ## used used by the coop-cloud monitoring stack
+## BASIC_AUTH should also be enabled
 #COMPOSE_FILE="$COMPOSE_FILE:compose.metrics.yml"
 #METRICS_ENABLED=1
+#METRICS_FQDN=metrics.t.sootie.resisttechmonopolies.online
 
 #####################################################################
 # File provider directory configuration                             #
 # (Route bare metal and non-docker services on the machine!)        #
 #####################################################################
-FILE_PROVIDER_DIRECTORY_ENABLED=1
+#FILE_PROVIDER_DIRECTORY_ENABLED=1
 
 #####################################################################
 # Additional services                                               #
@@ -118,6 +149,10 @@ FILE_PROVIDER_DIRECTORY_ENABLED=1
 # COMPOSE_FILE="$COMPOSE_FILE:compose.gitea.yml"
 # GITEA_SSH_ENABLED=1
 
+## P2Panda UDP
+# COMPOSE_FILE="$COMPOSE_FILE:compose.p2panda.yml"
+# P2PANDA_ENABLED=1
+
 ## Foodsoft SMTP
 # COMPOSE_FILE="$COMPOSE_FILE:compose.foodsoft.yml"
 # FOODSOFT_SMTP_ENABLED=1
@@ -145,4 +180,29 @@ FILE_PROVIDER_DIRECTORY_ENABLED=1
 ## "Web alt", an alternative web port
 # NOTE(3wc): as of 2024-04-01 only the `icecast` recipe uses this
 #COMPOSE_FILE="$COMPOSE_FILE:compose.web-alt.yml"
-#WEB_ALT_ENABLED=1
+#WEB_ALT_ENABLED=1
+
+## Matrix
+#COMPOSE_FILE="$COMPOSE_FILE:compose.irc.yml"
+#IRC_ENABLED=1
+
+## Garage
+#COMPOSE_FILE="$COMPOSE_FILE:compose.garage.yml"
+#GARAGE_RPC_ENABLED=1
+
+## Nextcloud Talk HPB
+#COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud-talk-hpb.yml"
+#NEXTCLOUD_TALK_HPB_ENABLED=1
+
+## Anubis
+#COMPOSE_FILE="$COMPOSE_FILE:compose.anubis.yml"
+#ANUBIS_COOKIE_DOMAIN=example.com
+#ANUBIS_DOMAIN=anubis.example.com
+#ANUBIS_REDIRECT_DOMAINS=
+#ANUBIS_OG_PASSTHROUGH=true
+#ANUBIS_OG_EXPIRY_TIME=1h
+#ANUBIS_OG_CACHE_CONSIDER_HOST=true
+#ANUBIS_SERVE_ROBOTS_TXT=true
+
+## Enable onion service support
+#ONION_ENABLED=1