migrate data from thecloud.dmz to lewis.dmz
install tcpdump
This commit is contained in:
parent
3981805a6b
commit
5884585b3a
20 changed files with 86 additions and 48 deletions
|
|
@ -3,3 +3,21 @@ git_ssh_port: 56287
|
|||
elasticsearch_port: 14653
|
||||
fluent_forward_port: 24224
|
||||
concourse_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBSVLcr617iJt+hqLFSsOQy1JeueLIAj1eRfuI+KeZAu pim@x260"
|
||||
|
||||
database_passwords:
|
||||
nextcloud: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
66326230303135303930363761316534313439383365376231623661316635393839336431313262
|
||||
3832626365376533646561653863316364313135343366330a356136343938666133356532613263
|
||||
39663037623232363266376335643834353735363431636535386566643763386463353962663930
|
||||
3466343563353162320a376437353933656166323364323166376663323531373338656563653463
|
||||
33346263626430616164613937363836343430383233393061643231346661656539623938333631
|
||||
3632373964346139316637663364646132636636373461613534
|
||||
hedgedoc: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
63363464666633663762393135333362613966636338623533393132376338343339653431396465
|
||||
6634643863623163366235393434343662313735363438610a373065363361326565633766633835
|
||||
38383637343230363031636634623930666365333739323162313937656239646166613738393965
|
||||
3533666462303563360a313233306335396234393932396331313238376464363964363839396164
|
||||
66366662356135343035363935616664613831626131376330643133313530636431613266636165
|
||||
6265613666616164373637356235396165383662333561393939
|
||||
|
|
|
|||
|
|
@ -9,17 +9,17 @@ volumes:
|
|||
ampache_mysql:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/ampache/mysql"
|
||||
ampache_config:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/ampache/config"
|
||||
music:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/nextcloud/data/data/pim/files/Music"
|
||||
|
||||
services:
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ volumes:
|
|||
forgejo:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/forgejo"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/nfs/forgejo"
|
||||
|
||||
services:
|
||||
forgejo:
|
||||
|
|
|
|||
|
|
@ -9,12 +9,12 @@ volumes:
|
|||
data:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/freshrss/data"
|
||||
extensions:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/freshrss/extensions"
|
||||
|
||||
services:
|
||||
|
|
|
|||
|
|
@ -9,14 +9,14 @@ volumes:
|
|||
uploads:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/hedgedoc/uploads"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/nfs/hedgedoc/uploads"
|
||||
|
||||
services:
|
||||
hedgedoc:
|
||||
image: quay.io/hedgedoc/hedgedoc:1.9.7
|
||||
environment:
|
||||
- CMD_DB_URL=postgres://hedgedoc:{{ database_passwords.hedgedoc }}@192.168.30.10:5432/hedgedoc
|
||||
- CMD_DB_URL=postgres://hedgedoc:{{ database_passwords.hedgedoc }}@lewis.dmz:5432/hedgedoc
|
||||
- CMD_DOMAIN=md.kun.is
|
||||
- CMD_PORT=3000
|
||||
- CMD_URL_ADDPORT=false
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ volumes:
|
|||
data:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/kitchenowl/data"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/nfs/kitchenowl/data"
|
||||
|
||||
services:
|
||||
kitchenowl-front:
|
||||
|
|
|
|||
|
|
@ -10,12 +10,12 @@ volumes:
|
|||
system:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/mastodon/system"
|
||||
redis:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/mastodon/redis"
|
||||
|
||||
services:
|
||||
|
|
@ -40,7 +40,7 @@ services:
|
|||
- 'OTP_SECRET={{ otp_secret }}'
|
||||
- 'SECRET_KEY_BASE={{ secret_key_base }}'
|
||||
- 'REDIS_HOST=redis'
|
||||
- 'DB_HOST=192.168.30.10'
|
||||
- 'DB_HOST=lewis.dmz'
|
||||
- 'DB_USER=mastodon'
|
||||
- 'DB_NAME=mastodon'
|
||||
- 'DB_PASS={{ database_passwords.mastodon }}'
|
||||
|
|
@ -83,7 +83,7 @@ services:
|
|||
environment:
|
||||
- 'REDIS_HOST=redis'
|
||||
- 'LOCAL_DOMAIN=social.pizzapim.nl'
|
||||
- 'DB_HOST=192.168.30.10'
|
||||
- 'DB_HOST=lewis.dmz'
|
||||
- 'DB_USER=mastodon'
|
||||
- 'DB_NAME=mastodon'
|
||||
- 'DB_PASS={{ database_passwords.mastodon }}'
|
||||
|
|
@ -113,7 +113,7 @@ services:
|
|||
- 'OTP_SECRET={{ otp_secret }}'
|
||||
- 'SECRET_KEY_BASE={{ secret_key_base }}'
|
||||
- 'REDIS_HOST=redis'
|
||||
- 'DB_HOST=192.168.30.10'
|
||||
- 'DB_HOST=lewis.dmz'
|
||||
- 'DB_USER=mastodon'
|
||||
- 'DB_NAME=mastodon'
|
||||
- 'DB_PASS={{ database_passwords.mastodon }}'
|
||||
|
|
|
|||
|
|
@ -18,17 +18,17 @@ volumes:
|
|||
escerts:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/elasticsearch/certs"
|
||||
esdata:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/elasticsearch/data"
|
||||
grafanadata:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/grafana/data"
|
||||
|
||||
services:
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ volumes:
|
|||
data:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/nextcloud/data"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/nfs/nextcloud/data"
|
||||
|
||||
services:
|
||||
nextcloud:
|
||||
|
|
@ -25,7 +25,7 @@ services:
|
|||
- POSTGRES_USER=nextcloud
|
||||
- POSTGRES_DB=nextcloud
|
||||
- POSTGRES_PASSWORD={{ database_passwords.nextcloud }}
|
||||
- POSTGRES_HOST=192.168.30.10
|
||||
- POSTGRES_HOST=lewis.dmz
|
||||
networks:
|
||||
- traefik
|
||||
deploy:
|
||||
|
|
|
|||
|
|
@ -9,17 +9,17 @@ volumes:
|
|||
data:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/overleaf/data"
|
||||
redis:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/overleaf/redis"
|
||||
mongodb:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/overleaf/mongodb"
|
||||
|
||||
services:
|
||||
|
|
|
|||
|
|
@ -10,13 +10,13 @@ volumes:
|
|||
data:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/pihole/data"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/nfs/pihole/data"
|
||||
dnsmasq:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/pihole/dnsmasq"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/nfs/pihole/dnsmasq"
|
||||
|
||||
services:
|
||||
pihole:
|
||||
|
|
|
|||
|
|
@ -17,8 +17,8 @@ volumes:
|
|||
data:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/radicale"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/nfs/radicale"
|
||||
|
||||
services:
|
||||
radicale:
|
||||
|
|
|
|||
|
|
@ -10,12 +10,12 @@ volumes:
|
|||
data:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/seafile/data"
|
||||
db:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/seafile/db"
|
||||
|
||||
services:
|
||||
|
|
|
|||
|
|
@ -9,13 +9,13 @@ volumes:
|
|||
config:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/syncthing/config"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/nfs/syncthing/config"
|
||||
nextcloud_data:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/nextcloud/data"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/nfs/nextcloud/data"
|
||||
|
||||
services:
|
||||
syncthing:
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ volumes:
|
|||
acme:
|
||||
driver_opts:
|
||||
type: "nfs"
|
||||
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||
device: ":/mnt/data/traefik/acme"
|
||||
o: "addr=lewis.dmz,nolock,soft,rw"
|
||||
device: ":/mnt/data/nfs/traefik/acme"
|
||||
|
||||
services:
|
||||
traefik:
|
||||
|
|
|
|||
|
|
@ -109,6 +109,7 @@
|
|||
dig
|
||||
tree
|
||||
file
|
||||
tcpdump
|
||||
];
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@
|
|||
disko.osDiskDevice = "/dev/sda";
|
||||
backups.enable = true;
|
||||
networking.allowDMZConnectivity = true;
|
||||
thecloud.enable = true;
|
||||
data-sharing.enable = true;
|
||||
|
||||
dataDisk = {
|
||||
enable = true;
|
||||
|
|
|
|||
|
|
@ -1,8 +1,18 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
cfg = config.lab.thecloud;
|
||||
cfg = config.lab.data-sharing;
|
||||
nfsShares = [
|
||||
"/ancient"
|
||||
"/nextcloud/data"
|
||||
"/radicale"
|
||||
"/freshrss/data"
|
||||
"/freshrss/extensions"
|
||||
"/pihole/data"
|
||||
"/pihole/dnsmasq"
|
||||
"/hedgedoc/uploads"
|
||||
"/traefik/acme"
|
||||
"/forgejo"
|
||||
"/kitchenowl/data"
|
||||
"/syncthing/config"
|
||||
];
|
||||
nfsExports = lib.strings.concatLines (
|
||||
builtins.map
|
||||
|
|
@ -13,17 +23,17 @@ let
|
|||
);
|
||||
in
|
||||
{
|
||||
options.lab.thecloud = {
|
||||
options.lab.data-sharing = {
|
||||
enable = lib.mkOption {
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Experimental: migrate thecloud.dmz to hypervisor.
|
||||
Configure this server to serve our data using NFS and PostgreSQL.
|
||||
'';
|
||||
};
|
||||
|
||||
nfsRoot = lib.mkOption {
|
||||
default = "/mnt/data";
|
||||
default = "/mnt/data/nfs";
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
Root directory of NFS data.
|
||||
|
|
@ -40,7 +50,12 @@ in
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
networking.firewall.allowedTCPPorts = [ 2049 5432 ];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
2049 # NFS
|
||||
5432 # PostgeSQL
|
||||
111 # NFS
|
||||
20048 # NFS
|
||||
];
|
||||
|
||||
services = {
|
||||
nfs.server = {
|
||||
|
|
@ -7,6 +7,6 @@
|
|||
./disko.nix
|
||||
./backups.nix
|
||||
./networking.nix
|
||||
./thecloud.nix
|
||||
./data-sharing.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,6 +33,10 @@ in {
|
|||
netdevConfig = {
|
||||
Kind = "bridge";
|
||||
Name = "bridgedmz";
|
||||
# TODO: This does not seem to work? Unsure what the problem is.
|
||||
# We don't necessary need this though: we simply use DNS as the host.
|
||||
# MACAddress = lib.mkIf cfg.allowDMZConnectivity "CA:FE:C0:FF:EE:0A";
|
||||
# MACAddress = "ca:fe:c0:ff:ee:0a";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in a new issue