2020-12-25 14:26:23 +00:00
|
|
|
# Dell Local Node Manager running on <http://172.19.138.20:4679/>
|
|
|
|
|
2020-11-12 18:40:41 +00:00
|
|
|
nodes['home.nas'] = {
|
2020-11-13 17:47:24 +00:00
|
|
|
'hostname': '172.19.138.20',
|
2020-11-12 18:40:41 +00:00
|
|
|
'bundles': {
|
2020-11-13 11:58:23 +00:00
|
|
|
'backup-server',
|
2021-06-05 10:23:09 +00:00
|
|
|
'lm-sensors',
|
2021-04-03 07:36:47 +00:00
|
|
|
'mosquitto',
|
2020-11-12 18:59:02 +00:00
|
|
|
'nfs-server',
|
2021-04-21 15:58:16 +00:00
|
|
|
'scansnap',
|
2020-11-29 11:07:27 +00:00
|
|
|
'smartd',
|
2020-11-13 15:29:42 +00:00
|
|
|
'vmhost',
|
2020-11-12 18:40:41 +00:00
|
|
|
'zfs',
|
|
|
|
},
|
2020-11-21 09:55:09 +00:00
|
|
|
'groups': {
|
|
|
|
'debian-bullseye',
|
|
|
|
},
|
2020-11-12 18:40:41 +00:00
|
|
|
'metadata': {
|
|
|
|
'interfaces': {
|
2021-08-22 05:13:32 +00:00
|
|
|
'br42': {
|
2020-11-12 18:40:41 +00:00
|
|
|
'ips': {
|
|
|
|
'172.19.138.20/24',
|
|
|
|
},
|
|
|
|
'gateway4': '172.19.138.1',
|
|
|
|
},
|
|
|
|
},
|
2020-11-14 11:25:52 +00:00
|
|
|
'apt': {
|
|
|
|
'unattended_upgrades': {
|
|
|
|
'day': 6,
|
|
|
|
},
|
2021-05-01 13:18:21 +00:00
|
|
|
'packages': {
|
|
|
|
'mpv': {},
|
|
|
|
'youtube-dl': {},
|
|
|
|
},
|
2020-11-14 11:25:52 +00:00
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
'backups': {
|
|
|
|
# This *is* the backup server
|
|
|
|
'exclude_from_backups': True,
|
|
|
|
},
|
|
|
|
'backup-server': {
|
2020-11-27 02:10:11 +00:00
|
|
|
'clients': {
|
|
|
|
'kunsi-t470': {
|
|
|
|
'user': 'kunsi-t470',
|
|
|
|
},
|
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
'zfs-base': 'storage/backups',
|
|
|
|
},
|
2020-11-15 09:38:06 +00:00
|
|
|
'cron': {
|
|
|
|
# Ensure every user is able to read and write to the NAS dataset.
|
2021-03-28 14:44:01 +00:00
|
|
|
'nas_permissions': '0 3 * * * root '
|
|
|
|
'chown -R :nas /storage/nas/ && '
|
|
|
|
'find /storage/nas/ -type d -exec chmod 0775 {} \; && '
|
|
|
|
'find /storage/nas/ -type f -exec chmod 0664 {} \;',
|
2021-06-12 06:56:38 +00:00
|
|
|
'nas_mixcloud': vault.decrypt('encrypt$gAAAAABgxFkM0Zd8SOhk8aK_zsUY5S39FvyxvEq9TVnAK-ryn9qjrpziqUgNyPXFQBSUHPCV5DX6CW6iSQFGO54truPoaymdHFwchWh3u6bOar_h8x3er3I=').format_into(
|
|
|
|
'0 2 * * * kunsi '
|
|
|
|
'cd /storage/nas/Musik/Compilations && '
|
|
|
|
'wget --mirror --page-requisites --convert-links --domains {0} --execute robots=off https://{0}/'),
|
2020-11-15 09:38:06 +00:00
|
|
|
},
|
|
|
|
'groups': {
|
|
|
|
'nas': {},
|
|
|
|
},
|
2021-06-03 11:59:15 +00:00
|
|
|
'firewall': {
|
2021-03-26 17:55:20 +00:00
|
|
|
'port_rules': {
|
2021-04-03 07:36:47 +00:00
|
|
|
'4679': { # Dell ULNM
|
|
|
|
'172.19.136.0/25',
|
2021-03-26 17:55:20 +00:00
|
|
|
'172.19.138.0/24',
|
|
|
|
},
|
|
|
|
'5060': { # yate SIP
|
|
|
|
'home.snom-wohnzimmer',
|
|
|
|
'home.bubble01',
|
|
|
|
},
|
|
|
|
'5061': { # yate SIPS
|
|
|
|
'home.snom-wohnzimmer',
|
|
|
|
'home.bubble01',
|
|
|
|
},
|
|
|
|
# yate RTP uses some random UDP port. We cannot firewall
|
|
|
|
# it, because for incoming calls the other side decides
|
|
|
|
# which port to use. That's why we simply allow all UDP
|
|
|
|
# traffic from our SIP clients. It's fine to do so, because
|
|
|
|
# all sip clients are known to bundlewrap, so we won't have
|
|
|
|
# to deal with randomly changing IPs here.
|
|
|
|
'*/udp': {
|
|
|
|
'home.snom-wohnzimmer',
|
|
|
|
'home.bubble01',
|
|
|
|
},
|
|
|
|
},
|
2021-03-21 11:01:56 +00:00
|
|
|
},
|
2021-07-17 07:18:20 +00:00
|
|
|
'icinga_options': {
|
|
|
|
# override group default
|
|
|
|
'also_affected_by': atomic(set()),
|
|
|
|
},
|
2021-04-03 07:36:47 +00:00
|
|
|
'mosquitto': {
|
|
|
|
'bridges': {
|
|
|
|
'c3voc': {
|
|
|
|
'peer': 'mqtt.c3voc.de',
|
|
|
|
'client_id': 'kunsi-home',
|
|
|
|
'auth': {
|
|
|
|
'username': vault.decrypt('encrypt$gAAAAABgaBa5UZyZlsMM9TV5pa-VyOieFWYzAslxWVnXjOeXHvF4kMHHSHSMOrv-U9k7Ec3mMCDuJFO3ybpOsZSeFQDL7GgEfw=='),
|
|
|
|
'password': vault.decrypt('encrypt$gAAAAABgaBbfm65cYBuod0UehWNmY0NfeUH9xsrP2kENYNF_LWP2iV5a8db_cqMoITwyjjBsHpvjaeDq07Z5K5nQ_BLZG6zPqapL-Qvp20wyck49Dy2R4V4='),
|
|
|
|
},
|
|
|
|
'topics': [
|
|
|
|
{
|
|
|
|
'pattern': '#',
|
|
|
|
'remote_prefix': '/voc/',
|
|
|
|
},
|
|
|
|
],
|
|
|
|
},
|
|
|
|
},
|
|
|
|
'listeners': {
|
|
|
|
'8083': {
|
|
|
|
'protocol': 'websockets',
|
|
|
|
},
|
|
|
|
},
|
2021-05-15 06:52:37 +00:00
|
|
|
'tasmota-telegraf-topic': '/switch/#',
|
2021-04-03 07:36:47 +00:00
|
|
|
'restrict-to': {
|
|
|
|
'172.19.136.0/25',
|
2021-04-04 09:30:50 +00:00
|
|
|
'172.19.138.0/24',
|
2021-04-04 08:30:45 +00:00
|
|
|
},
|
|
|
|
},
|
2020-11-12 18:59:02 +00:00
|
|
|
'nfs-server': {
|
|
|
|
'shares': {
|
2021-04-21 15:58:16 +00:00
|
|
|
'/storage/download': {
|
2021-06-03 05:45:56 +00:00
|
|
|
'home.downloadhelper': 'rw,all_squash,anonuid=65534,anongid=1012,no_subtree_check',
|
2021-04-21 15:58:16 +00:00
|
|
|
},
|
2020-11-12 18:59:02 +00:00
|
|
|
'/storage/nas': {
|
2021-06-03 05:45:56 +00:00
|
|
|
'172.19.138.0/24': 'ro,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
|
2020-11-12 18:59:02 +00:00
|
|
|
},
|
2021-05-23 15:41:19 +00:00
|
|
|
'/srv/paperless': {
|
2021-06-03 05:45:56 +00:00
|
|
|
'home.paperless': 'rw,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
|
2021-05-23 15:41:19 +00:00
|
|
|
},
|
2021-04-21 15:58:16 +00:00
|
|
|
'/srv/scansnap': {
|
2021-06-03 05:45:56 +00:00
|
|
|
'172.19.138.0/24': 'rw,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
|
2021-01-07 21:15:14 +00:00
|
|
|
},
|
2020-11-12 18:59:02 +00:00
|
|
|
},
|
|
|
|
},
|
2020-11-29 11:07:27 +00:00
|
|
|
'smartd': {
|
|
|
|
'disks': {
|
|
|
|
'/dev/nvme0',
|
2020-12-18 17:00:32 +00:00
|
|
|
|
|
|
|
# ZFS cache disks
|
|
|
|
'/dev/disk/by-id/ata-TS64GSSD370_B807810503',
|
|
|
|
'/dev/disk/by-id/ata-TS64GSSD370_B807810527',
|
2020-11-29 11:07:27 +00:00
|
|
|
},
|
|
|
|
},
|
2021-06-04 05:27:49 +00:00
|
|
|
'sysctl': {
|
|
|
|
'options': {
|
|
|
|
# XXX find out if this is really needed
|
|
|
|
'net.ipv4.ip_forward': '1',
|
|
|
|
},
|
|
|
|
},
|
2020-11-12 18:40:41 +00:00
|
|
|
'systemd-networkd': {
|
|
|
|
'bonds': {
|
|
|
|
'bond0': {
|
|
|
|
'match': {
|
|
|
|
'enp8*',
|
|
|
|
'enp9*',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
'bridges': {
|
|
|
|
'br0': {
|
|
|
|
'match': {
|
|
|
|
'bond0',
|
|
|
|
},
|
|
|
|
},
|
2021-08-22 05:13:32 +00:00
|
|
|
'br42': {
|
|
|
|
'match': {
|
|
|
|
'br0.42',
|
|
|
|
},
|
|
|
|
},
|
2020-11-12 18:40:41 +00:00
|
|
|
},
|
|
|
|
},
|
2020-11-27 02:10:11 +00:00
|
|
|
'openssh': {
|
|
|
|
'allowed_users': {
|
|
|
|
'kunsi-t470', # backup user
|
|
|
|
},
|
2021-05-01 13:18:21 +00:00
|
|
|
'enable_x_forwarding_for_admins': True,
|
2020-11-27 02:10:11 +00:00
|
|
|
},
|
2020-11-13 15:29:42 +00:00
|
|
|
'users': {
|
2020-11-15 09:36:40 +00:00
|
|
|
'f2k1de': {
|
|
|
|
'ssh_pubkey': {
|
|
|
|
'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e',
|
|
|
|
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH5+j2vDW1FHSSEEI/Sf5qiKJq1uoxGO5BPv84mqohvol7GxDFObv69tn7g6HYfZY/SaS75C4ZXy+cKa0xy8UCpF0SBa2xHASkenS9v55oweDL4rYSPARzn2XKt3RFJG/d8V5NOWtcyq5DFSzewUF35E4hx1pUc/CIxgJEem5ZvzvN0hlIKXUN2djkVUx+mz6RryBysLTJEFBamjJxIkvDG/PZU73W4SHaKAYV4Ojz2NY7T5/NYKePfIU5F9pkE3RU0LRj58usvA1eP0PvEArWlGNCd8EJU+HQ5xr2dZ6MKPpEyG0KJkC88DuapeF5RwUV53ZhNpF+QgzpI72fH5up',
|
|
|
|
},
|
|
|
|
},
|
2020-11-13 15:29:42 +00:00
|
|
|
'kunsi': {
|
|
|
|
'groups': {
|
|
|
|
'libvirt',
|
2020-11-15 09:38:06 +00:00
|
|
|
'nas',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
'sophie': {
|
|
|
|
'groups': {
|
|
|
|
'libvirt',
|
|
|
|
'nas',
|
2020-11-13 15:29:42 +00:00
|
|
|
},
|
|
|
|
},
|
2021-07-24 10:10:54 +00:00
|
|
|
'qcn': {
|
|
|
|
'ssh_pubkey': {
|
|
|
|
#'command="/usr/share/rsync/scripts/rrsync -ro /storage/nas/movies/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ',
|
|
|
|
'command="/usr/share/rsync/scripts/rrsync -ro /storage/nas/movies/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILAwUA5t2cSy9YD+ilu5nklvokSRAoNOq/gUV73/KTsv lexi@aranea',
|
2021-07-25 07:40:49 +00:00
|
|
|
'command="/usr/share/rsync/scripts/rrsync -ro /storage/nas/movies/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC7cCmJ1+btuwpbGrGAuiK8R/hTMCK7CFK0aK2vPcSy+ lexi@kanaya',
|
|
|
|
'command="/usr/share/rsync/scripts/rrsync -ro /storage/nas/movies/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLx+8d429D1KjaqOaGRFK09j6j3/FuU4xQMsrNLdflg lexi@toriel',
|
2021-07-24 10:10:54 +00:00
|
|
|
},
|
|
|
|
},
|
2020-11-13 15:29:42 +00:00
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
'zfs': {
|
2021-06-25 16:39:06 +00:00
|
|
|
'module_options': {
|
|
|
|
'zfs_arc_max_gb': 8,
|
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
'pools': {
|
2021-08-17 16:09:51 +00:00
|
|
|
'storage': {
|
|
|
|
'when_creating': {
|
|
|
|
'config': [
|
|
|
|
{
|
|
|
|
'type': 'raidz2',
|
|
|
|
'devices': {
|
|
|
|
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8GE15GR',
|
|
|
|
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJ406R',
|
|
|
|
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJBTLR',
|
|
|
|
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJGN6R',
|
|
|
|
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8HJU4NR',
|
|
|
|
'/dev/disk/by-id/ata-WDC_WD6003FFBX-68MU3N0_V8J8ZKRR',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
'type': 'log',
|
|
|
|
'devices': {
|
|
|
|
'/dev/disk/by-id/ata-TS64GSSD370_B807810503-part1',
|
|
|
|
'/dev/disk/by-id/ata-TS64GSSD370_B807810527-part1',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
'type': 'cache',
|
|
|
|
'devices': {
|
|
|
|
'/dev/disk/by-id/ata-TS64GSSD370_B807810503-part2',
|
|
|
|
'/dev/disk/by-id/ata-TS64GSSD370_B807810527-part2',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
],
|
|
|
|
'ashift': 12,
|
2021-07-17 16:09:35 +00:00
|
|
|
},
|
2021-08-17 16:09:51 +00:00
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
},
|
|
|
|
'datasets': {
|
|
|
|
'storage/backups': {},
|
2020-11-16 14:28:16 +00:00
|
|
|
'storage/opt-yate': {
|
|
|
|
'mountpoint': '/opt/yate',
|
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
'storage/f2k1de': {
|
|
|
|
'mountpoint': '/storage/f2k1de',
|
|
|
|
},
|
2021-01-07 21:15:14 +00:00
|
|
|
'storage/download': {
|
|
|
|
'mountpoint': '/storage/download',
|
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
'storage/nas': {
|
|
|
|
'mountpoint': '/storage/nas',
|
|
|
|
},
|
2021-05-23 15:41:19 +00:00
|
|
|
'storage/paperless': {
|
|
|
|
'mountpoint': '/srv/paperless',
|
|
|
|
},
|
2021-04-21 15:58:16 +00:00
|
|
|
'storage/scan': {
|
|
|
|
'mountpoint': '/srv/scansnap',
|
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
},
|
2021-06-06 06:03:16 +00:00
|
|
|
'scrub': {
|
|
|
|
# running at 00:xx conflicts with backups
|
|
|
|
'cron': '54 4 * * sun',
|
|
|
|
},
|
2021-01-10 09:02:25 +00:00
|
|
|
'snapshots': {
|
|
|
|
'retain_per_dataset': {
|
|
|
|
'storage/download': {
|
|
|
|
'hourly': 48,
|
|
|
|
'daily': 0,
|
|
|
|
'weekly': 0,
|
|
|
|
'monthly': 0,
|
|
|
|
},
|
2021-05-08 09:07:12 +00:00
|
|
|
'storage/nas': {
|
|
|
|
# juuuuuuuust to be sure.
|
|
|
|
'daily': 14,
|
|
|
|
'weekly': 6,
|
|
|
|
'monthly': 12,
|
|
|
|
},
|
2021-05-23 15:41:19 +00:00
|
|
|
'storage/paperless': {
|
|
|
|
'daily': 14,
|
|
|
|
'weekly': 6,
|
|
|
|
'monthly': 24,
|
|
|
|
},
|
2021-04-21 16:26:10 +00:00
|
|
|
'storage/scan': {
|
|
|
|
'hourly': 6,
|
|
|
|
'daily': 0,
|
|
|
|
'weekly': 0,
|
|
|
|
'monthly': 0,
|
|
|
|
},
|
2021-01-10 09:02:25 +00:00
|
|
|
},
|
|
|
|
},
|
2020-11-13 11:58:23 +00:00
|
|
|
},
|
2020-11-12 18:40:41 +00:00
|
|
|
'vm': {
|
|
|
|
'cpu': 8,
|
2021-06-26 04:18:01 +00:00
|
|
|
'ram': 32,
|
2020-11-12 18:40:41 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|