migrate data from thecloud.dmz to lewis.dmz

install tcpdump

legacy/projects/docker_swarm/ansible/inventory/group_vars/all.yml

@@ -3,3 +3,21 @@ git_ssh_port: 56287
 elasticsearch_port: 14653
 fluent_forward_port: 24224
 concourse_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBSVLcr617iJt+hqLFSsOQy1JeueLIAj1eRfuI+KeZAu pim@x260"
+
+database_passwords:
+  nextcloud: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    66326230303135303930363761316534313439383365376231623661316635393839336431313262
+    3832626365376533646561653863316364313135343366330a356136343938666133356532613263
+    39663037623232363266376335643834353735363431636535386566643763386463353962663930
+    3466343563353162320a376437353933656166323364323166376663323531373338656563653463
+    33346263626430616164613937363836343430383233393061643231346661656539623938333631
+    3632373964346139316637663364646132636636373461613534
+  hedgedoc: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    63363464666633663762393135333362613966636338623533393132376338343339653431396465
+    6634643863623163366235393434343662313735363438610a373065363361326565633766633835
+    38383637343230363031636634623930666365333739323162313937656239646166613738393965
+    3533666462303563360a313233306335396234393932396331313238376464363964363839396164
+    66366662356135343035363935616664613831626131376330643133313530636431613266636165
+    6265613666616164373637356235396165383662333561393939

legacy/projects/docker_swarm/ansible/roles/ampache/docker-stack.yml.j2

@@ -9,17 +9,17 @@ volumes:
   ampache_mysql:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/ampache/mysql"
   ampache_config:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/ampache/config"
   music:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/nextcloud/data/data/pim/files/Music"
 
 services:

legacy/projects/docker_swarm/ansible/roles/forgejo/docker-stack.yml.j2

@@ -14,8 +14,8 @@ volumes:
   forgejo:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
-      device: ":/mnt/data/forgejo"
+      device: ":/mnt/data/nfs/forgejo"
 
 services:
   forgejo:

legacy/projects/docker_swarm/ansible/roles/freshrss/docker-stack.yml.j2

@@ -9,12 +9,12 @@ volumes:
   data:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/freshrss/data"
   extensions:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/freshrss/extensions"
 
 services:

legacy/projects/docker_swarm/ansible/roles/hedgedoc/docker-stack.yml.j2

@@ -9,14 +9,14 @@ volumes:
   uploads:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
-      device: ":/mnt/data/hedgedoc/uploads"
+      device: ":/mnt/data/nfs/hedgedoc/uploads"
 
 services:
   hedgedoc:
     image: quay.io/hedgedoc/hedgedoc:1.9.7
     environment:
-      - CMD_DB_URL=postgres://hedgedoc:{{ database_passwords.hedgedoc }}@192.168.30.10:5432/hedgedoc
+      - CMD_DB_URL=postgres://hedgedoc:{{ database_passwords.hedgedoc }}@lewis.dmz:5432/hedgedoc
       - CMD_DOMAIN=md.kun.is
       - CMD_PORT=3000
       - CMD_URL_ADDPORT=false

legacy/projects/docker_swarm/ansible/roles/kitchenowl/docker-stack.yml.j2

@@ -10,8 +10,8 @@ volumes:
   data:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
-      device: ":/mnt/data/kitchenowl/data"
+      device: ":/mnt/data/nfs/kitchenowl/data"
 
 services:
   kitchenowl-front:

legacy/projects/docker_swarm/ansible/roles/mastodon/docker-stack.yml.j2

@@ -10,12 +10,12 @@ volumes:
   system:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/mastodon/system"
   redis:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/mastodon/redis"
 
 services:
@@ -40,7 +40,7 @@ services:
       - 'OTP_SECRET={{ otp_secret }}'
       - 'SECRET_KEY_BASE={{ secret_key_base }}'
       - 'REDIS_HOST=redis'
-      - 'DB_HOST=192.168.30.10'
+      - 'DB_HOST=lewis.dmz'
       - 'DB_USER=mastodon'
       - 'DB_NAME=mastodon'
       - 'DB_PASS={{ database_passwords.mastodon }}'
@@ -83,7 +83,7 @@ services:
     environment:
       - 'REDIS_HOST=redis'
       - 'LOCAL_DOMAIN=social.pizzapim.nl'
-      - 'DB_HOST=192.168.30.10'
+      - 'DB_HOST=lewis.dmz'
       - 'DB_USER=mastodon'
       - 'DB_NAME=mastodon'
       - 'DB_PASS={{ database_passwords.mastodon }}'
@@ -113,7 +113,7 @@ services:
       - 'OTP_SECRET={{ otp_secret }}'
       - 'SECRET_KEY_BASE={{ secret_key_base }}'
       - 'REDIS_HOST=redis'
-      - 'DB_HOST=192.168.30.10'
+      - 'DB_HOST=lewis.dmz'
       - 'DB_USER=mastodon'
       - 'DB_NAME=mastodon'
       - 'DB_PASS={{ database_passwords.mastodon }}'

legacy/projects/docker_swarm/ansible/roles/monitoring/docker-stack.yml.j2

@@ -18,17 +18,17 @@ volumes:
   escerts:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/elasticsearch/certs"
   esdata:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/elasticsearch/data"
   grafanadata:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/grafana/data"
 
 services:

legacy/projects/docker_swarm/ansible/roles/nextcloud/docker-stack.yml.j2

@@ -9,8 +9,8 @@ volumes:
   data:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
-      device: ":/mnt/data/nextcloud/data"
+      device: ":/mnt/data/nfs/nextcloud/data"
 
 services:
   nextcloud:
@@ -25,7 +25,7 @@ services:
       - POSTGRES_USER=nextcloud
       - POSTGRES_DB=nextcloud
       - POSTGRES_PASSWORD={{ database_passwords.nextcloud }}
-      - POSTGRES_HOST=192.168.30.10
+      - POSTGRES_HOST=lewis.dmz
     networks:
       - traefik
     deploy:

legacy/projects/docker_swarm/ansible/roles/overleaf/docker-stack.yml.j2

@@ -9,17 +9,17 @@ volumes:
   data:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/overleaf/data"
   redis:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/overleaf/redis"
   mongodb:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/overleaf/mongodb"
 
 services:

legacy/projects/docker_swarm/ansible/roles/pihole/docker-stack.yml.j2

@@ -10,13 +10,13 @@ volumes:
   data:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
-      device: ":/mnt/data/pihole/data"
+      device: ":/mnt/data/nfs/pihole/data"
   dnsmasq:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
-      device: ":/mnt/data/pihole/dnsmasq"
+      device: ":/mnt/data/nfs/pihole/dnsmasq"
 
 services:
   pihole:

legacy/projects/docker_swarm/ansible/roles/radicale/docker-stack.yml.j2

@@ -17,8 +17,8 @@ volumes:
   data:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
-      device: ":/mnt/data/radicale"
+      device: ":/mnt/data/nfs/radicale"
 
 services:
   radicale:

legacy/projects/docker_swarm/ansible/roles/seafile/docker-stack.yml.j2

@@ -10,12 +10,12 @@ volumes:
   data:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/seafile/data"
   db:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
       device: ":/mnt/data/seafile/db"
 
 services: 

legacy/projects/docker_swarm/ansible/roles/syncthing/docker-stack.yml.j2

@@ -9,13 +9,13 @@ volumes:
   config:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
-      device: ":/mnt/data/syncthing/config"
+      device: ":/mnt/data/nfs/syncthing/config"
   nextcloud_data:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
-      device: ":/mnt/data/nextcloud/data"
+      device: ":/mnt/data/nfs/nextcloud/data"
 
 services:
   syncthing:

legacy/projects/docker_swarm/ansible/roles/traefik/docker-stack.yml.j2

@@ -14,8 +14,8 @@ volumes:
   acme:
     driver_opts:
       type: "nfs"
-      o: "addr=192.168.30.10,nolock,soft,rw"
+      o: "addr=lewis.dmz,nolock,soft,rw"
-      device: ":/mnt/data/traefik/acme"
+      device: ":/mnt/data/nfs/traefik/acme"
 
 services:
   traefik:

nixos/default.nix

@@ -109,6 +109,7 @@
     dig
     tree
     file
+    tcpdump
   ];
 
 

nixos/machines/default.nix

@@ -40,7 +40,7 @@
       disko.osDiskDevice = "/dev/sda";
       backups.enable = true;
       networking.allowDMZConnectivity = true;
-      thecloud.enable = true;
+      data-sharing.enable = true;
 
       dataDisk = {
         enable = true;

nixos/modules/data-sharing.nix

@@ -1,8 +1,18 @@
 { pkgs, lib, config, ... }:
 let
-  cfg = config.lab.thecloud;
+  cfg = config.lab.data-sharing;
   nfsShares = [
-    "/ancient"
+    "/nextcloud/data"
+    "/radicale"
+    "/freshrss/data"
+    "/freshrss/extensions"
+    "/pihole/data"
+    "/pihole/dnsmasq"
+    "/hedgedoc/uploads"
+    "/traefik/acme"
+    "/forgejo"
+    "/kitchenowl/data"
+    "/syncthing/config"
   ];
   nfsExports = lib.strings.concatLines (
     builtins.map
@@ -13,17 +23,17 @@ let
   );
 in
 {
-  options.lab.thecloud = {
+  options.lab.data-sharing = {
     enable = lib.mkOption {
       default = false;
       type = lib.types.bool;
       description = ''
-        Experimental: migrate thecloud.dmz to hypervisor.
+        Configure this server to serve our data using NFS and PostgreSQL.
       '';
     };
 
     nfsRoot = lib.mkOption {
-      default = "/mnt/data";
+      default = "/mnt/data/nfs";
       type = lib.types.str;
       description = ''
         Root directory of NFS data.
@@ -40,7 +50,12 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = [ 2049 5432 ];
+    networking.firewall.allowedTCPPorts = [
+      2049 # NFS
+      5432 # PostgeSQL
+      111 # NFS
+      20048 # NFS
+    ];
 
     services = {
       nfs.server = {

nixos/modules/default.nix

@@ -7,6 +7,6 @@
     ./disko.nix
     ./backups.nix
     ./networking.nix
-    ./thecloud.nix
+    ./data-sharing.nix
   ];
 }

nixos/modules/networking.nix

@@ -33,6 +33,10 @@ in {
           netdevConfig = {
             Kind = "bridge";
             Name = "bridgedmz";
+            # TODO: This does not seem to work? Unsure what the problem is.
+            # We don't necessary need this though: we simply use DNS as the host.
+            # MACAddress = lib.mkIf cfg.allowDMZConnectivity "CA:FE:C0:FF:EE:0A";
+            # MACAddress = "ca:fe:c0:ff:ee:0a";
           };
         };
       };