kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

bundles/mosquitto: introduce, add to node home.nas
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details

Browse source
This commit is contained in:
Franzi 2021-04-03 09:36:47 +02:00
parent f8bbe00d47
commit 9cbf866de7
Signed by: kunsi
GPG key ID: 12E3D2136B818350
4 changed files with 119 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

39
nodes/home/nas.py
View file

@ -4,6 +4,7 @@ nodes['home.nas'] = {
'hostname': '172.19.138.20',
'bundles': {
'backup-server',
'mosquitto',
'netdata',
'nfs-server',
'smartd',
@ -50,13 +51,9 @@ nodes['home.nas'] = {
'nas': {},
},
'iptables': {
'custom_rules': [
# Dell ULNM
'iptables -A INPUT -p tcp --dport 4679 -j ACCEPT',
],
'port_rules': {
'1883': { # mosquitto
'172.19.136.0/25', # wireguard clients, because remote access
'4679': { # Dell ULNM
'172.19.136.0/25',
'172.19.138.0/24',
},
'5060': { # yate SIP
@ -67,9 +64,6 @@ nodes['home.nas'] = {
'home.snom-wohnzimmer',
'home.bubble01',
},
'8083': { # mosquitto Websocket
'172.19.138.0/24',
},
# yate RTP uses some random UDP port. We cannot firewall
# it, because for incoming calls the other side decides
# which port to use. That's why we simply allow all UDP
@ -82,6 +76,33 @@ nodes['home.nas'] = {
},
},
},
'mosquitto': {
'bridges': {
'c3voc': {
'peer': 'mqtt.c3voc.de',
'client_id': 'kunsi-home',
'auth': {
'username': vault.decrypt('encrypt$gAAAAABgaBa5UZyZlsMM9TV5pa-VyOieFWYzAslxWVnXjOeXHvF4kMHHSHSMOrv-U9k7Ec3mMCDuJFO3ybpOsZSeFQDL7GgEfw=='),
'password': vault.decrypt('encrypt$gAAAAABgaBbfm65cYBuod0UehWNmY0NfeUH9xsrP2kENYNF_LWP2iV5a8db_cqMoITwyjjBsHpvjaeDq07Z5K5nQ_BLZG6zPqapL-Qvp20wyck49Dy2R4V4='),
},
'topics': [
{
'pattern': '#',
'remote_prefix': '/voc/',
},
],
},
},
'listeners': {
'8083': {
'protocol': 'websockets',
},
},
'restrict-to': {
'172.19.136.0/25',
'172.19.138.0/24',
},
},
'nfs-server': {
'shares': {
'/storage/nas': {