bundlewrap/nodes/home/nas.py

191 lines
6.3 KiB
Python
Raw Normal View History

# Dell Local Node Manager running on <http://172.19.138.20:4679/>
2020-11-12 18:40:41 +00:00
nodes['home.nas'] = {
2020-11-13 17:47:24 +00:00
'hostname': '172.19.138.20',
2020-11-12 18:40:41 +00:00
'bundles': {
2020-11-13 11:58:23 +00:00
'backup-server',
'netdata',
2020-11-12 18:59:02 +00:00
'nfs-server',
'smartd',
2020-11-13 15:29:42 +00:00
'vmhost',
2020-11-12 18:40:41 +00:00
'zfs',
},
2020-11-21 09:55:09 +00:00
'groups': {
'debian-bullseye',
},
2020-11-12 18:40:41 +00:00
'metadata': {
'interfaces': {
2020-11-13 17:47:24 +00:00
'br0.42': {
2020-11-12 18:40:41 +00:00
'ips': {
'172.19.138.20/24',
},
'gateway4': '172.19.138.1',
},
},
'apt': {
'unattended_upgrades': {
'day': 6,
},
},
2020-11-13 11:58:23 +00:00
'backups': {
# This *is* the backup server
'exclude_from_backups': True,
},
'backup-server': {
'clients': {
'kunsi-t470': {
'user': 'kunsi-t470',
},
},
2020-11-13 11:58:23 +00:00
'zfs-base': 'storage/backups',
},
'cron': {
# Ensure every user is able to read and write to the NAS dataset.
'chown_nas': '0 3 * * * root chown -R :nas /storage/nas/',
'chmod_nas_directories': '0 4 * * * root find /storage/nas/ -type d -exec chmod 0775 {} \;',
'chmod_nas_files': '0 4 * * * root find /storage/nas/ -type f -exec chmod 0664 {} \;',
},
'groups': {
'nas': {},
},
2021-03-21 11:01:56 +00:00
'iptables': {
'custom_rules': [
# Dell ULNM
'iptables -A INPUT -p tcp --dport 4679 -j ACCEPT',
],
'port_rules': {
'1883': { # mosquitto
'172.19.136.0/25', # wireguard clients, because remote access
'172.19.138.0/24',
},
'5060': { # yate SIP
'home.snom-wohnzimmer',
'home.bubble01',
},
'5061': { # yate SIPS
'home.snom-wohnzimmer',
'home.bubble01',
},
'8083': { # mosquitto Websocket
'172.19.138.0/24',
},
# yate RTP uses some random UDP port. We cannot firewall
# it, because for incoming calls the other side decides
# which port to use. That's why we simply allow all UDP
# traffic from our SIP clients. It's fine to do so, because
# all sip clients are known to bundlewrap, so we won't have
# to deal with randomly changing IPs here.
'*/udp': {
'home.snom-wohnzimmer',
'home.bubble01',
},
},
2021-03-21 11:01:56 +00:00
},
2020-11-12 18:59:02 +00:00
'nfs-server': {
'shares': {
'/storage/nas': {
'172.19.138.0/24(ro,all_squash,anonuid=65534,anongid=65534,no_subtree_check)',
2020-11-12 18:59:02 +00:00
},
'/storage/download': {
'172.19.138.27/32(rw,all_squash,anonuid=65534,anongid=1012,no_subtree_check)',
},
2020-11-12 18:59:02 +00:00
},
},
'smartd': {
'disks': {
'/dev/nvme0',
# ZFS cache disks
'/dev/disk/by-id/ata-TS64GSSD370_B807810503',
'/dev/disk/by-id/ata-TS64GSSD370_B807810527',
},
},
2020-11-12 18:40:41 +00:00
'systemd-networkd': {
'bonds': {
'bond0': {
'match': {
'enp8*',
'enp9*',
},
},
},
'bridges': {
'br0': {
'match': {
'bond0',
},
},
},
},
'openssh': {
'allowed_users': {
'kunsi-t470', # backup user
},
},
2020-11-13 15:29:42 +00:00
'users': {
2020-11-15 09:36:40 +00:00
'f2k1de': {
'ssh_pubkey': {
'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e',
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH5+j2vDW1FHSSEEI/Sf5qiKJq1uoxGO5BPv84mqohvol7GxDFObv69tn7g6HYfZY/SaS75C4ZXy+cKa0xy8UCpF0SBa2xHASkenS9v55oweDL4rYSPARzn2XKt3RFJG/d8V5NOWtcyq5DFSzewUF35E4hx1pUc/CIxgJEem5ZvzvN0hlIKXUN2djkVUx+mz6RryBysLTJEFBamjJxIkvDG/PZU73W4SHaKAYV4Ojz2NY7T5/NYKePfIU5F9pkE3RU0LRj58usvA1eP0PvEArWlGNCd8EJU+HQ5xr2dZ6MKPpEyG0KJkC88DuapeF5RwUV53ZhNpF+QgzpI72fH5up',
},
},
2020-11-13 15:29:42 +00:00
'kunsi': {
'groups': {
'libvirt',
'nas',
},
},
'sophie': {
'groups': {
'libvirt',
'nas',
2020-11-13 15:29:42 +00:00
},
},
},
2020-11-13 11:58:23 +00:00
'zfs': {
'pools': {
# Configured manually. Don't touch!
'storage': {
'raidz2': {
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8GE15GR',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJ406R',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJBTLR',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJGN6R',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJU4NR',
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR',
},
},
},
'datasets': {
'storage/backups': {},
'storage/opt-yate': {
'mountpoint': '/opt/yate',
},
2020-11-13 11:58:23 +00:00
'storage/f2k1de': {
'mountpoint': '/storage/f2k1de',
},
'storage/download': {
'mountpoint': '/storage/download',
},
2020-11-13 11:58:23 +00:00
'storage/nas': {
'mountpoint': '/storage/nas',
},
},
'snapshots': {
'retain_per_dataset': {
'storage/download': {
'hourly': 48,
'daily': 0,
'weekly': 0,
'monthly': 0,
},
},
},
2020-11-13 11:58:23 +00:00
},
2020-11-12 18:40:41 +00:00
'vm': {
'cpu': 8,
'ram': 16,
},
},
}