forked from rarias/jungle
Rodrigo Arias Mallo
7f539d7e06
Instead of using multiple tunels to forward all our services to the VM that serves jungle.bsc.es, just use nginx to redirect the traffic from hut. This allows adding custom rules for paths that are not posible otherwise. Reviewed-by: Aleix Boné <abonerib@bsc.es>
54 lines
1.3 KiB
Nix
54 lines
1.3 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
../common/xeon.nix
|
|
|
|
../module/ceph.nix
|
|
../module/debuginfod.nix
|
|
../module/emulation.nix
|
|
../module/slurm-client.nix
|
|
./gitlab-runner.nix
|
|
./monitoring.nix
|
|
./nfs.nix
|
|
./slurm-server.nix
|
|
./nix-serve.nix
|
|
./public-inbox.nix
|
|
./gitea.nix
|
|
./msmtp.nix
|
|
./postgresql.nix
|
|
./nginx.nix
|
|
#./pxe.nix
|
|
];
|
|
|
|
# Select the this using the ID to avoid mismatches
|
|
boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2BB240G7_PHDV6462004Y240AGN";
|
|
|
|
fileSystems."/nvme" = {
|
|
fsType = "ext4";
|
|
device = "/dev/disk/by-label/nvme";
|
|
};
|
|
|
|
networking = {
|
|
hostName = "hut";
|
|
interfaces.eno1.ipv4.addresses = [ {
|
|
address = "10.0.40.7";
|
|
prefixLength = 24;
|
|
} ];
|
|
interfaces.ibp5s0.ipv4.addresses = [ {
|
|
address = "10.0.42.7";
|
|
prefixLength = 24;
|
|
} ];
|
|
firewall = {
|
|
extraCommands = ''
|
|
# Accept all proxy traffic from compute nodes but not the login
|
|
iptables -A nixos-fw -p tcp -s 10.0.40.30 --dport 23080 -j nixos-fw-log-refuse
|
|
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 23080 -j nixos-fw-accept
|
|
'';
|
|
};
|
|
};
|
|
|
|
# Allow proxy to bind to the ethernet interface
|
|
services.openssh.settings.GatewayPorts = "clientspecified";
|
|
}
|