kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity
bundlewrap/nodes/sophie/vmhost.py
Sophie Schiller 6a57a26d3d sophie.vmhost: vpn credentials for smartphone
2025-04-17 22:25:32 +02:00

196 lines
6.7 KiB
Python
Raw Blame History

nodes['sophie.vmhost'] = {
'hostname': '172.19.164.2',
'bundles': {
'backup-client',
'hetzner-dyndns',
'lm-sensors',
'mosquitto',
'nfs-server',
'smartd',
'vmhost',
'wireguard',
'zfs',
},
'groups': {
'debian-bookworm',
},
'metadata': {
'apt': {
'packages': {
'irqbalance': {},
},
},
'groups': {
'nas': {},
},
'hetzner-dyndns': {
'zone': 'sophies-kitchen.eu',
'record': 'router.home',
'api_key': vault.decrypt('encrypt$gAAAAABoABHrRTTyOAAFIsHK_g-bubDoNJidbAQ6_0VXyqfal8-wpVMuPPlrw-OtbI1AjNU6Rd1_gKTvwYtNYO9X6RuvuW3TCCH_eitpsoylVEQ0X6SDFNQAFfjkRlOgEiFl85oyTazl'),
},
'interfaces': {
'br1': {
'ips': {
'172.19.164.2/24',
},
'gateway4': '172.19.164.1',
'ipv6_accept_ra': True,
},
},
'mosquitto': {
'bridges': {
'c3voc': {
'peer': 'mqtt.c3voc.de',
'client_id': 'sophie-vm-host',
'auth': {
'username': vault.decrypt('encrypt$gAAAAABgaBa5UZyZlsMM9TV5pa-VyOieFWYzAslxWVnXjOeXHvF4kMHHSHSMOrv-U9k7Ec3mMCDuJFO3ybpOsZSeFQDL7GgEfw=='),
'password': vault.decrypt('encrypt$gAAAAABgaBbfm65cYBuod0UehWNmY0NfeUH9xsrP2kENYNF_LWP2iV5a8db_cqMoITwyjjBsHpvjaeDq07Z5K5nQ_BLZG6zPqapL-Qvp20wyck49Dy2R4V4='),
},
'topics': [
{
'pattern': '#',
'remote_prefix': '/voc/',
'local_prefix': 'voc'
},
],
},
},
'listeners': {
'8083': {
'protocol': 'websockets',
},
},
'tasmota-telegraf-topic': '/switch/#',
'restrict-to': {
'172.19.164.0/24',
},
},
'nfs-server': {
'version': 4,
'shares': {
'/srv/nas': {
'172.19.164.0/24': 'ro,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
},
},
},
'nftables': {
'forward': {
'50-router': [
'ct state { related, established } accept',
'oifname br1 accept',
],
},
'input': {
'50-wireguard': [
'udp dport 1194 accept',
'udp dport 10348 accept',
'udp dport 10349 accept',
],
},
},
'smartd': {
'disks': {
'/dev/nvme0',
# nas disks
'/dev/disk/by-id/ata-ST20000NM007D-3DJ103_ZVT7BHBQ',
'/dev/disk/by-id/ata-ST20000NM007D-3DJ103_ZVT7D6JP',
},
},
'sysctl': {
'options': {
'net.ipv4.conf.all.forwarding': '1',
'net.ipv6.conf.all.forwarding': '1',
},
},
'systemd-networkd': {
'bridges': {
'br0': {
'match': {
'enp1s0',
},
},
'br1': {
'match': {
'br0.1',
},
},
},
},
'systemd-timers': {
'timers': {
# Ensure every user is able to read and write to the NAS dataset.
'nas_permissions': {
'command': [
'chown -R :nas /srv/nas/',
r'find /srv/nas/ -type d -exec chmod 0775 {} \;',
r'find /srv/nas/ -type f -exec chmod 0664 {} \;',
],
'when': '*-*-* 02:00:00',
},
},
},
'users': {
'sophie': {
'groups': {
'nas',
},
},
},
'wireguard': {
'snat_ip': '172.19.137.2',
'peers': {
'thinkpad': {
'endpoint': None,
'exclude_from_monitoring': True,
'my_ip': '172.19.165.64',
'my_port': 10348,
'their_ip': '172.19.165.65',
'psk': vault.decrypt('encrypt$gAAAAABoAUy3lAHfn7d9Jn4ppiPRr6LOReFGyGS4HzWC5ACHNipDFnGttnOHNji2DGIYVITzj3PosZs7PRn8BvXmwumEXNNP-G0nDucuiNNzUKuOCP4YWaF9-I1tnpmT_td3nqsCDajH'),
'pubkey': vault.decrypt('encrypt$gAAAAABoAUxlf048ovJebqo0MlLiLHcuuTCSmnCzhxSZPrFMjRaFLW0CvC3GnVed_4n7CjjZ6ygrORSl8xyBM5hvbN0-JM_56ZZFpn1UVkizctjHjb1u2XtpGAe2nMAnq2Cdg5swgH9S'),
},
'smartphone': {
'endpoint': None,
'exclude_from_monitoring': True,
'my_ip': '172.19.165.66',
'my_port': 10349,
'their_ip': '172.19.165.67',
'psk': vault.decrypt('encrypt$gAAAAABoAUy3lAHfn7d9Jn4ppiPRr6LOReFGyGS4HzWC5ACHNipDFnGttnOHNji2DGIYVITzj3PosZs7PRn8BvXmwumEXNNP-G0nDucuiNNzUKuOCP4YWaF9-I1tnpmT_td3nqsCDajH'),
'pubkey': vault.decrypt('encrypt$gAAAAABoAWD96YcEFsLzfOCzjS_4Hg7xX516OZ5RD_qFPSEZliaYSRMhY3uyNDtQ--e0dzEwdFHK_xGT3F7jQzYAvftH4iFtk9y3n3FNFVPxqsWckX4cJIX7ZZszbQCq8sfZZXGUR0C9'),
},
},
},
'zfs': {
'pools': {
'storage': {
'when_creating': {
'config': [{
'devices': {
'/dev/disk/by-id/nvme-SAMSUNG_MZVLB256HAHQ-000L7_S41GNX0M481966-part3',
},
}]
}
},
'nas': {
'when_creating': {
'config': [{
'type': 'mirror',
'devices': {
'/dev/disk/by-id/ata-ST20000NM007D-3DJ103_ZVT7BHBQ',
'/dev/disk/by-id/ata-ST20000NM007D-3DJ103_ZVT7D6JP',
},
}]
}
}
},
"datasets": {
"storage/libvirt": {
"mountpoint": "/var/lib/libvirt",
},
"nas": {
"mountpoint": "/srv/nas",
},
},
},
},
}
Reference in a new issue View git blame Copy permalink