abonerib/bscpkgs
1
0
Fork 0
forked from rarias/bscpkgs
Code Pull Requests 1 Activity

Remove extra SSH jump configuration

Browse Source 
We now have direct visibility among nodes so we don't need any extra
SSH configuration to reach them.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
This commit is contained in:
Rodrigo Arias 2025-09-25 15:15:43 +02:00
parent 1f0cb4ae76
commit f9632c37f8
8 changed files with 4 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
m/apex/configuration.nix
View File

@ -56,17 +56,6 @@
}; };
}; };
# Use SSH tunnel to reach internal hosts
programs.ssh.extraConfig = ''
Host bscpm04.bsc.es gitlab-internal.bsc.es knights3.bsc.es
ProxyCommand nc -X connect -x localhost:23080 %h %p
Host raccoon
HostName knights3.bsc.es
ProxyCommand nc -X connect -x localhost:23080 %h %p
Host tent
ProxyJump raccoon
'';
networking.firewall = { networking.firewall = {
extraCommands = '' extraCommands = ''
# Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our

2
m/common/base/net.nix
View File

@ -16,6 +16,8 @@
hosts = { hosts = {
"84.88.53.236" = [ "ssfhead.bsc.es" "ssfhead" ]; "84.88.53.236" = [ "ssfhead.bsc.es" "ssfhead" ];
"84.88.51.142" = [ "raccoon-ipmi" ]; "84.88.51.142" = [ "raccoon-ipmi" ];
"192.168.11.12" = [ "bscpm04.bsc.es" ];
"192.168.11.15" = [ "gitlab-internal.bsc.es" ];
}; };
}; };
} }

1
m/common/ssf.nix
View File

@ -6,6 +6,5 @@
./ssf/hosts.nix ./ssf/hosts.nix
./ssf/hosts-remote.nix ./ssf/hosts-remote.nix
./ssf/net.nix ./ssf/net.nix
./ssf/ssh.nix
]; ];
} }

16
m/common/ssf/ssh.nix
View File

@ -1,16 +0,0 @@
{
# Use SSH tunnel to apex to reach internal hosts
programs.ssh.extraConfig = ''
Host tent
ProxyJump raccoon
# Access raccoon via the HTTP proxy
Host raccoon knights3.bsc.es
HostName knights3.bsc.es
ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p'
# Make sure we can reach gitlab even if we don't have SSH access to raccoon
Host bscpm04.bsc.es gitlab-internal.bsc.es
ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p'
'';
}

10
m/fox/configuration.nix
View File

@ -45,16 +45,6 @@
services.fail2ban.enable = true; services.fail2ban.enable = true;
# Use SSH tunnel to reach internal hosts
programs.ssh.extraConfig = ''
Host bscpm04.bsc.es gitlab-internal.bsc.es tent
ProxyJump raccoon
Host raccoon
ProxyJump apex
HostName 127.0.0.1
Port 22022
'';
networking = { networking = {
timeServers = [ "ntp1.upc.edu" "ntp2.upc.edu" ]; timeServers = [ "ntp1.upc.edu" "ntp2.upc.edu" ];
hostName = "fox"; hostName = "fox";

8
m/module/ssh-hut-extern.nix
View File

@ -1,8 +0,0 @@
{
programs.ssh.extraConfig = ''
Host apex ssfhead
HostName ssflogin.bsc.es
Host hut
ProxyJump apex
'';
}

2
m/raccoon/configuration.nix
View File

@ -3,9 +3,9 @@
{ {
imports = [ imports = [
../common/base.nix ../common/base.nix
../common/ssf/hosts.nix
../module/emulation.nix ../module/emulation.nix
../module/debuginfod.nix ../module/debuginfod.nix
../module/ssh-hut-extern.nix
../module/nvidia.nix ../module/nvidia.nix
../eudy/kernel/perf.nix ../eudy/kernel/perf.nix
./wireguard.nix ./wireguard.nix

2
m/tent/configuration.nix
View File

@ -3,9 +3,9 @@
{ {
imports = [ imports = [
../common/xeon.nix ../common/xeon.nix
../common/ssf/hosts.nix
../module/emulation.nix ../module/emulation.nix
../module/debuginfod.nix ../module/debuginfod.nix
../module/ssh-hut-extern.nix
./monitoring.nix ./monitoring.nix
./nginx.nix ./nginx.nix
./nix-serve.nix ./nix-serve.nix