2020-12-25 14:26:23 +00:00
|
|
|
# Dell Local Node Manager running on <http://172.19.138.20:4679/>
|
|
|
|
|
2020-11-12 18:40:41 +00:00
|
|
|
nodes['home.nas'] = {
|
2020-11-13 17:47:24 +00:00
|
|
|
'hostname': '172.19.138.20',
|
2020-11-12 18:40:41 +00:00
|
|
|
'bundles': {
|
2020-11-13 11:58:23 +00:00
|
|
|
'backup-server',
|
2020-11-14 13:05:28 +00:00
|
|
|
'netdata',
|
2020-11-12 18:59:02 +00:00
|
|
|
'nfs-server',
|
2020-11-29 11:07:27 +00:00
|
|
|
'smartd',
|
2020-11-13 15:29:42 +00:00
|
|
|
'vmhost',
|
2020-11-12 18:40:41 +00:00
|
|
|
'zfs',
|
|
|
|
},
|
2020-11-21 09:55:09 +00:00
|
|
|
'groups': {
|
|
|
|
'debian-bullseye',
|
|
|
|
},
|
2020-11-12 18:40:41 +00:00
|
|
|
'metadata': {
|
|
|
|
'interfaces': {
|
2020-11-13 17:47:24 +00:00
|
|
|
'br0.42': {
|
2020-11-12 18:40:41 +00:00
|
|
|
'ips': {
|
|
|
|
'172.19.138.20/24',
|
|
|
|
},
|
|
|
|
'gateway4': '172.19.138.1',
|
|
|
|
},
|
|
|
|
},
|
2020-11-14 11:25:52 +00:00
|
|
|
'apt': {
|
|
|
|
'unattended_upgrades': {
|
|
|
|
'day': 6,
|
|
|
|
},
|
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
'backups': {
|
|
|
|
# This *is* the backup server
|
|
|
|
'exclude_from_backups': True,
|
|
|
|
},
|
|
|
|
'backup-server': {
|
2020-11-27 02:10:11 +00:00
|
|
|
'clients': {
|
|
|
|
'kunsi-t470': {
|
|
|
|
'user': 'kunsi-t470',
|
|
|
|
},
|
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
'zfs-base': 'storage/backups',
|
|
|
|
},
|
2020-11-15 09:38:06 +00:00
|
|
|
'cron': {
|
|
|
|
# Ensure every user is able to read and write to the NAS dataset.
|
|
|
|
'chown_nas': '0 3 * * * root chown -R :nas /storage/nas/',
|
2020-11-15 16:33:25 +00:00
|
|
|
'chmod_nas_directories': '0 4 * * * root find /storage/nas/ -type d -exec chmod 0775 {} \;',
|
|
|
|
'chmod_nas_files': '0 4 * * * root find /storage/nas/ -type f -exec chmod 0664 {} \;',
|
2020-11-15 09:38:06 +00:00
|
|
|
},
|
|
|
|
'groups': {
|
|
|
|
'nas': {},
|
|
|
|
},
|
2021-03-21 11:01:56 +00:00
|
|
|
'iptables': {
|
|
|
|
'custom_rules': [
|
|
|
|
# Dell ULNM
|
|
|
|
'iptables -A INPUT -p tcp --dport 4679 -j ACCEPT',
|
|
|
|
],
|
2021-03-26 17:55:20 +00:00
|
|
|
'port_rules': {
|
|
|
|
'1883': { # mosquitto
|
|
|
|
'172.19.136.0/25', # wireguard clients, because remote access
|
|
|
|
'172.19.138.0/24',
|
|
|
|
},
|
|
|
|
'5060': { # yate SIP
|
|
|
|
'home.snom-wohnzimmer',
|
|
|
|
'home.bubble01',
|
|
|
|
},
|
|
|
|
'5061': { # yate SIPS
|
|
|
|
'home.snom-wohnzimmer',
|
|
|
|
'home.bubble01',
|
|
|
|
},
|
|
|
|
'8083': { # mosquitto Websocket
|
|
|
|
'172.19.138.0/24',
|
|
|
|
},
|
|
|
|
# yate RTP uses some random UDP port. We cannot firewall
|
|
|
|
# it, because for incoming calls the other side decides
|
|
|
|
# which port to use. That's why we simply allow all UDP
|
|
|
|
# traffic from our SIP clients. It's fine to do so, because
|
|
|
|
# all sip clients are known to bundlewrap, so we won't have
|
|
|
|
# to deal with randomly changing IPs here.
|
|
|
|
'*/udp': {
|
|
|
|
'home.snom-wohnzimmer',
|
|
|
|
'home.bubble01',
|
|
|
|
},
|
|
|
|
},
|
2021-03-21 11:01:56 +00:00
|
|
|
},
|
2020-11-12 18:59:02 +00:00
|
|
|
'nfs-server': {
|
|
|
|
'shares': {
|
|
|
|
'/storage/nas': {
|
2020-11-28 14:48:52 +00:00
|
|
|
'172.19.138.0/24(ro,all_squash,anonuid=65534,anongid=65534,no_subtree_check)',
|
2020-11-12 18:59:02 +00:00
|
|
|
},
|
2021-01-07 21:15:14 +00:00
|
|
|
'/storage/download': {
|
|
|
|
'172.19.138.27/32(rw,all_squash,anonuid=65534,anongid=1012,no_subtree_check)',
|
|
|
|
},
|
2020-11-12 18:59:02 +00:00
|
|
|
},
|
|
|
|
},
|
2020-11-29 11:07:27 +00:00
|
|
|
'smartd': {
|
|
|
|
'disks': {
|
|
|
|
'/dev/nvme0',
|
2020-12-18 17:00:32 +00:00
|
|
|
|
|
|
|
# ZFS cache disks
|
|
|
|
'/dev/disk/by-id/ata-TS64GSSD370_B807810503',
|
|
|
|
'/dev/disk/by-id/ata-TS64GSSD370_B807810527',
|
2020-11-29 11:07:27 +00:00
|
|
|
},
|
|
|
|
},
|
2020-11-12 18:40:41 +00:00
|
|
|
'systemd-networkd': {
|
|
|
|
'bonds': {
|
|
|
|
'bond0': {
|
|
|
|
'match': {
|
|
|
|
'enp8*',
|
|
|
|
'enp9*',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
'bridges': {
|
|
|
|
'br0': {
|
|
|
|
'match': {
|
|
|
|
'bond0',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2020-11-27 02:10:11 +00:00
|
|
|
'openssh': {
|
|
|
|
'allowed_users': {
|
|
|
|
'kunsi-t470', # backup user
|
|
|
|
},
|
|
|
|
},
|
2020-11-13 15:29:42 +00:00
|
|
|
'users': {
|
2020-11-15 09:36:40 +00:00
|
|
|
'f2k1de': {
|
|
|
|
'ssh_pubkey': {
|
|
|
|
'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e',
|
|
|
|
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH5+j2vDW1FHSSEEI/Sf5qiKJq1uoxGO5BPv84mqohvol7GxDFObv69tn7g6HYfZY/SaS75C4ZXy+cKa0xy8UCpF0SBa2xHASkenS9v55oweDL4rYSPARzn2XKt3RFJG/d8V5NOWtcyq5DFSzewUF35E4hx1pUc/CIxgJEem5ZvzvN0hlIKXUN2djkVUx+mz6RryBysLTJEFBamjJxIkvDG/PZU73W4SHaKAYV4Ojz2NY7T5/NYKePfIU5F9pkE3RU0LRj58usvA1eP0PvEArWlGNCd8EJU+HQ5xr2dZ6MKPpEyG0KJkC88DuapeF5RwUV53ZhNpF+QgzpI72fH5up',
|
|
|
|
},
|
|
|
|
},
|
2020-11-13 15:29:42 +00:00
|
|
|
'kunsi': {
|
|
|
|
'groups': {
|
|
|
|
'libvirt',
|
2020-11-15 09:38:06 +00:00
|
|
|
'nas',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
'sophie': {
|
|
|
|
'groups': {
|
|
|
|
'libvirt',
|
|
|
|
'nas',
|
2020-11-13 15:29:42 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
'zfs': {
|
|
|
|
'pools': {
|
|
|
|
# Configured manually. Don't touch!
|
|
|
|
'storage': {
|
|
|
|
'raidz2': {
|
|
|
|
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8GE15GR',
|
|
|
|
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJ406R',
|
|
|
|
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJBTLR',
|
|
|
|
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJGN6R',
|
|
|
|
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJU4NR',
|
|
|
|
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
'datasets': {
|
|
|
|
'storage/backups': {},
|
2020-11-16 14:28:16 +00:00
|
|
|
'storage/opt-yate': {
|
|
|
|
'mountpoint': '/opt/yate',
|
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
'storage/f2k1de': {
|
|
|
|
'mountpoint': '/storage/f2k1de',
|
|
|
|
},
|
2021-01-07 21:15:14 +00:00
|
|
|
'storage/download': {
|
|
|
|
'mountpoint': '/storage/download',
|
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
'storage/nas': {
|
|
|
|
'mountpoint': '/storage/nas',
|
|
|
|
},
|
|
|
|
},
|
2021-01-10 09:02:25 +00:00
|
|
|
'snapshots': {
|
|
|
|
'retain_per_dataset': {
|
|
|
|
'storage/download': {
|
|
|
|
'hourly': 48,
|
|
|
|
'daily': 0,
|
|
|
|
'weekly': 0,
|
|
|
|
'monthly': 0,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
},
|
2020-11-12 18:40:41 +00:00
|
|
|
'vm': {
|
|
|
|
'cpu': 8,
|
|
|
|
'ram': 16,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|