2022-02-12 13:06:53 +00:00
|
|
|
nodes['kunsi-p14s'] = {
|
2022-02-12 17:07:47 +00:00
|
|
|
'hostname': 'localhost',
|
2022-02-12 13:06:53 +00:00
|
|
|
'bundles': {
|
|
|
|
'arch-with-gui',
|
2022-02-12 17:56:54 +00:00
|
|
|
'backup-client',
|
2022-02-12 13:06:53 +00:00
|
|
|
'lldp',
|
|
|
|
'lm-sensors',
|
2022-02-13 08:54:06 +00:00
|
|
|
'nfs-client',
|
2022-11-21 18:31:49 +00:00
|
|
|
'openvpn-client',
|
2022-02-13 08:24:11 +00:00
|
|
|
'systemd-boot',
|
2022-02-12 13:06:53 +00:00
|
|
|
'telegraf-battery-usage',
|
2022-03-11 12:58:38 +00:00
|
|
|
'vmhost',
|
2023-09-24 16:58:03 +00:00
|
|
|
'wireguard',
|
2022-02-12 13:06:53 +00:00
|
|
|
'zfs',
|
|
|
|
},
|
|
|
|
'groups': {
|
|
|
|
'arch',
|
|
|
|
},
|
|
|
|
'metadata': {
|
|
|
|
'arch-with-gui': {
|
2022-03-10 19:59:55 +00:00
|
|
|
'autologin_as': 'kunsi',
|
2022-02-12 13:06:53 +00:00
|
|
|
},
|
2022-02-12 18:04:15 +00:00
|
|
|
'backup-client': {
|
2024-02-13 13:24:27 +00:00
|
|
|
'exclude_from_monitoring': False,
|
2022-02-12 18:04:15 +00:00
|
|
|
# only alert people if we're missing more than a week of backups
|
|
|
|
'one_backup_every_hours': 7 * 24,
|
|
|
|
},
|
2022-02-12 13:06:53 +00:00
|
|
|
'firewall': {
|
|
|
|
'port_rules': {
|
|
|
|
# obs websocket thingie - just allow all RFC1918 ips here
|
|
|
|
#'4444': {
|
|
|
|
# '10.0.0.0/8',
|
|
|
|
# '172.16.0.0/12',
|
|
|
|
# '192.168.0.0/16',
|
|
|
|
#},
|
|
|
|
# For the occasional file-share using `python -m http.server`
|
2023-09-24 18:59:58 +00:00
|
|
|
'8000/tcp': {'*'},
|
2022-02-12 13:06:53 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
'interfaces': {
|
2022-04-30 07:10:14 +00:00
|
|
|
'br0': {
|
2023-10-15 14:09:15 +00:00
|
|
|
'ips': {'10.73.100.103/16'},
|
|
|
|
'gateway4': '10.73.0.254',
|
2022-04-15 04:35:50 +00:00
|
|
|
'dhcp': True,
|
|
|
|
},
|
2022-02-12 13:06:53 +00:00
|
|
|
# there is also wlp3s0, but that's managed by netctl
|
|
|
|
},
|
2022-02-13 08:54:06 +00:00
|
|
|
'nfs-client': {
|
|
|
|
'mounts': {
|
|
|
|
'nas-scansnap': {
|
|
|
|
'mountpoint': '/mnt/scansnap',
|
|
|
|
'serverpath': '172.19.138.20:/srv/scansnap',
|
|
|
|
'mount_options': {
|
|
|
|
'retry=0',
|
|
|
|
'rw',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
'nas-storage': {
|
|
|
|
'mountpoint': '/mnt/nas',
|
|
|
|
'serverpath': '172.19.138.20:/storage/nas',
|
|
|
|
'mount_options': {
|
|
|
|
'retry=0',
|
|
|
|
'ro',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2023-10-15 14:09:15 +00:00
|
|
|
'nftables': {
|
|
|
|
'forward': {
|
2023-12-09 12:42:31 +00:00
|
|
|
'50-routing': [
|
2023-10-15 14:09:15 +00:00
|
|
|
'ct state { related, established } accept',
|
2023-12-16 09:41:26 +00:00
|
|
|
'oifname wlan0 accept',
|
2023-12-09 12:42:31 +00:00
|
|
|
],
|
2023-10-15 14:09:15 +00:00
|
|
|
},
|
|
|
|
'postrouting': {
|
2023-12-09 12:42:31 +00:00
|
|
|
'50-routing': [
|
2023-12-16 09:41:26 +00:00
|
|
|
'oifname wlan0 masquerade',
|
2023-12-09 12:42:31 +00:00
|
|
|
],
|
2023-10-15 14:09:15 +00:00
|
|
|
},
|
|
|
|
},
|
2022-02-12 13:06:53 +00:00
|
|
|
'openssh': {
|
|
|
|
'restrict-to': {
|
|
|
|
'rfc1918',
|
|
|
|
},
|
|
|
|
},
|
2022-11-21 18:31:49 +00:00
|
|
|
'openvpn-client': {
|
|
|
|
'configs': {
|
|
|
|
'c3voc': {
|
|
|
|
'running': None,
|
|
|
|
'enabled': False,
|
|
|
|
},
|
2022-11-22 17:45:37 +00:00
|
|
|
'smedia-priv': {
|
|
|
|
'running': None,
|
|
|
|
'enabled': False,
|
|
|
|
},
|
2022-11-21 18:31:49 +00:00
|
|
|
},
|
|
|
|
},
|
2022-02-12 13:06:53 +00:00
|
|
|
'pacman': {
|
2022-04-22 13:47:47 +00:00
|
|
|
'no_extract': {
|
|
|
|
'etc/sudoers.d/ctdb', # samba junk
|
|
|
|
},
|
2022-02-12 13:06:53 +00:00
|
|
|
'packages': {
|
|
|
|
# for hardware support
|
|
|
|
'amd-ucode': {},
|
|
|
|
'mesa': {},
|
|
|
|
|
|
|
|
# various video drivers
|
|
|
|
'libva-mesa-driver': {},
|
|
|
|
'mesa-vdpau': {},
|
|
|
|
'xf86-video-amdgpu': {},
|
|
|
|
|
|
|
|
# all that other random stuff one needs
|
2022-03-05 13:20:29 +00:00
|
|
|
'abcde': {},
|
2022-02-17 17:03:54 +00:00
|
|
|
'apachedirectorystudio': {},
|
2022-02-12 13:06:53 +00:00
|
|
|
'claws-mail': {},
|
|
|
|
'claws-mail-themes': {},
|
|
|
|
'ferdi-bin': {},
|
2022-02-13 16:05:51 +00:00
|
|
|
'gumbo-parser': {}, # for claws litehtml
|
2023-04-03 16:39:42 +00:00
|
|
|
'inkstitch': {}, # for RZL embroidery machine
|
|
|
|
'obs-studio': {},
|
2022-03-05 13:20:29 +00:00
|
|
|
'perl-musicbrainz-discid': {}, # for abcde
|
|
|
|
'perl-webservice-musicbrainz': {}, # for abcde
|
2023-03-14 08:24:12 +00:00
|
|
|
'sdl_ttf': {}, # for compiling testcard
|
2023-04-03 16:39:42 +00:00
|
|
|
'x32edit': {},
|
2022-02-12 13:06:53 +00:00
|
|
|
},
|
|
|
|
},
|
2022-02-13 08:24:11 +00:00
|
|
|
'systemd-boot': {
|
2022-04-30 10:31:35 +00:00
|
|
|
'default': 'arch',
|
2022-02-13 08:24:11 +00:00
|
|
|
'entries': {
|
2022-04-30 10:31:35 +00:00
|
|
|
'arch': {
|
|
|
|
'title': 'Arch Linux',
|
|
|
|
'linux': '/vmlinuz-linux',
|
2022-02-13 08:24:11 +00:00
|
|
|
'initrd': [
|
|
|
|
'/amd-ucode.img',
|
2022-04-30 10:31:35 +00:00
|
|
|
'/initramfs-linux.img',
|
2022-02-13 08:24:11 +00:00
|
|
|
],
|
|
|
|
'options': {
|
2023-12-16 09:41:26 +00:00
|
|
|
'net.ifnames=0',
|
2022-02-13 08:24:11 +00:00
|
|
|
'rw',
|
2023-12-16 09:41:26 +00:00
|
|
|
'zfs=zroot/system/root',
|
2022-02-13 08:24:11 +00:00
|
|
|
},
|
|
|
|
},
|
2022-04-30 10:31:35 +00:00
|
|
|
'arch-fallback': {
|
|
|
|
'title': 'Arch Linux (no ucode, fallback initramfs)',
|
|
|
|
'linux': '/vmlinuz-linux',
|
2022-02-13 08:24:11 +00:00
|
|
|
'initrd': [
|
2022-04-30 10:31:35 +00:00
|
|
|
'/initramfs-linux-fallback.img',
|
2022-02-13 08:24:11 +00:00
|
|
|
],
|
|
|
|
'options': {
|
2023-12-16 09:41:26 +00:00
|
|
|
'net.ifnames=0',
|
2022-02-13 08:24:11 +00:00
|
|
|
'rw',
|
2023-12-16 09:41:26 +00:00
|
|
|
'zfs=zroot/system/root',
|
2022-02-13 08:24:11 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2023-10-15 14:09:15 +00:00
|
|
|
'sysctl': {
|
|
|
|
'options': {
|
2024-03-03 14:44:31 +00:00
|
|
|
'net.ipv4.conf.all.forwarding': '1',
|
2023-10-15 14:09:15 +00:00
|
|
|
},
|
|
|
|
},
|
2022-04-30 07:10:14 +00:00
|
|
|
'systemd-networkd': {
|
|
|
|
'bridges': {
|
|
|
|
'br0': {
|
|
|
|
'match': {
|
2023-03-31 14:47:43 +00:00
|
|
|
'en*',
|
|
|
|
'eth*',
|
2022-04-30 07:10:14 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2022-02-12 13:06:53 +00:00
|
|
|
'timezone': 'Europe/Berlin',
|
|
|
|
'users': {
|
|
|
|
'kunsi': {
|
|
|
|
'password': vault.decrypt('encrypt$gAAAAABgLmmuQGRUStrQawoPee-758emIYn2u8-8ebrgzNAFSp7ifeFDdXXvs-zL3QogwNYlCtBHboH2xfy1rSj6OF5bbNO-tg=='),
|
|
|
|
'shell': '/usr/bin/fish',
|
|
|
|
},
|
|
|
|
'sophie': {
|
|
|
|
'delete': True,
|
|
|
|
},
|
|
|
|
},
|
2023-09-24 16:58:03 +00:00
|
|
|
'wireguard': {
|
|
|
|
'peers': {
|
|
|
|
'htz-cloud.wireguard': {
|
|
|
|
'auto_connection': False,
|
2023-09-25 08:44:09 +00:00
|
|
|
'endpoint': 'wireguard.htz-cloud.kunbox.net:1194',
|
2023-09-24 16:58:03 +00:00
|
|
|
'my_ip': '172.19.136.65',
|
|
|
|
'my_port': 51819,
|
|
|
|
'their_ip': '172.19.136.64',
|
|
|
|
'routes': {
|
|
|
|
'172.19.128.0/20',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2022-02-12 13:06:53 +00:00
|
|
|
'zfs': {
|
2022-04-03 07:48:50 +00:00
|
|
|
'pools': {
|
|
|
|
'zroot': {
|
|
|
|
'when_creating': {
|
|
|
|
'config': [{
|
|
|
|
'devices': [
|
|
|
|
'/dev/disk/by-id/nvme-UMIS_RPETJ1T24MGE2QDQ_SS0L25218X3RC1BG1182-part2',
|
|
|
|
],
|
|
|
|
}],
|
|
|
|
'ashift': 12,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2022-02-12 17:56:54 +00:00
|
|
|
'datasets': {
|
|
|
|
# this is not a complete list, but we can't create that
|
|
|
|
# structure using bundlewrap anyway, so there's no point
|
|
|
|
# in adding it here.
|
2022-03-11 12:58:38 +00:00
|
|
|
'zroot': {
|
|
|
|
'compression': 'lz4',
|
|
|
|
'relatime': 'on',
|
|
|
|
'xattr': 'sa',
|
2022-04-03 15:41:27 +00:00
|
|
|
'primarycache': 'metadata'
|
2022-03-11 12:58:38 +00:00
|
|
|
# encryption is enabled, too.
|
|
|
|
},
|
2022-03-23 19:30:25 +00:00
|
|
|
'zroot/movies': {
|
|
|
|
'mountpoint': '/media/movies',
|
|
|
|
},
|
2024-03-03 12:16:53 +00:00
|
|
|
'zroot/nextcloud': {
|
|
|
|
'mountpoint': '/home/kunsi/nextcloud',
|
|
|
|
},
|
2022-02-13 07:56:52 +00:00
|
|
|
'zroot/system/journal': {
|
|
|
|
'mountpoint': '/var/log/journal',
|
|
|
|
'acltype': 'posix',
|
|
|
|
},
|
2022-03-11 12:58:38 +00:00
|
|
|
'zroot/system/libvirt': {
|
|
|
|
'mountpoint': '/var/lib/libvirt',
|
|
|
|
'needed_by': {
|
|
|
|
'bundle:vmhost',
|
|
|
|
},
|
|
|
|
},
|
2022-04-27 03:42:11 +00:00
|
|
|
'zroot/system/video': {
|
|
|
|
'mountpoint': '/video',
|
|
|
|
'needed_by': {
|
|
|
|
'bundle:voc-tracker-worker',
|
|
|
|
},
|
|
|
|
},
|
2022-02-12 17:56:54 +00:00
|
|
|
'zroot/system/root': {
|
|
|
|
'canmount': 'noauto',
|
2023-03-27 12:09:00 +00:00
|
|
|
'mountpoint': 'legacy',
|
2022-02-12 17:56:54 +00:00
|
|
|
},
|
|
|
|
'zroot/user/kunsi': {
|
|
|
|
'mountpoint': '/home/kunsi',
|
|
|
|
},
|
|
|
|
},
|
2022-02-12 13:06:53 +00:00
|
|
|
'snapshots': {
|
|
|
|
'retain_per_dataset': {
|
|
|
|
'zroot/user/kunsi': {
|
|
|
|
# juuuuuuuust to be sure
|
|
|
|
'hourly': 100,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
'snapshot_never': {
|
2022-03-23 19:30:25 +00:00
|
|
|
'zroot/movies',
|
2024-03-03 12:16:53 +00:00
|
|
|
'zroot/nextcloud',
|
2022-02-12 13:06:53 +00:00
|
|
|
'zroot/system/journal',
|
2022-04-27 03:42:11 +00:00
|
|
|
'zroot/system/video',
|
2022-02-12 13:06:53 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
'os': 'arch',
|
|
|
|
}
|