rarias/bscpkgs
rarias/bscpkgs
Archived
2
0
Fork 3
Code Issues 2 Pull Requests 4 Actions Packages Projects Releases Wiki Activity

Remove extra SSH jump configuration

Browse Source 
We now have direct visibility among nodes so we don't need any extra
SSH configuration to reach them.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
This commit is contained in:
Rodrigo Arias 2025-09-25 15:15:43 +02:00
parent 1f0cb4ae76
commit f9632c37f8
8 changed files with 4 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
m/apex/configuration.nix
View File

@ -56,17 +56,6 @@
}; };
}; };
# Use SSH tunnel to reach internal hosts
programs.ssh.extraConfig = ''
Host bscpm04.bsc.es gitlab-internal.bsc.es knights3.bsc.es
ProxyCommand nc -X connect -x localhost:23080 %h %p
Host raccoon
HostName knights3.bsc.es
ProxyCommand nc -X connect -x localhost:23080 %h %p
Host tent
ProxyJump raccoon
'';
networking.firewall = { networking.firewall = {
extraCommands = '' extraCommands = ''
# Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our

2
m/common/base/net.nix
View File

@ -16,6 +16,8 @@
hosts = { hosts = {
"84.88.53.236" = [ "ssfhead.bsc.es" "ssfhead" ]; "84.88.53.236" = [ "ssfhead.bsc.es" "ssfhead" ];
"84.88.51.142" = [ "raccoon-ipmi" ]; "84.88.51.142" = [ "raccoon-ipmi" ];
"192.168.11.12" = [ "bscpm04.bsc.es" ];
"192.168.11.15" = [ "gitlab-internal.bsc.es" ];
}; };
}; };
} }

1
m/common/ssf.nix
View File

@ -6,6 +6,5 @@
./ssf/hosts.nix ./ssf/hosts.nix
./ssf/hosts-remote.nix ./ssf/hosts-remote.nix
./ssf/net.nix ./ssf/net.nix
./ssf/ssh.nix
]; ];
} }

16
m/common/ssf/ssh.nix
View File

@ -1,16 +0,0 @@
{
# Use SSH tunnel to apex to reach internal hosts
programs.ssh.extraConfig = ''
Host tent
ProxyJump raccoon
# Access raccoon via the HTTP proxy
Host raccoon knights3.bsc.es
HostName knights3.bsc.es
ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p'
# Make sure we can reach gitlab even if we don't have SSH access to raccoon
Host bscpm04.bsc.es gitlab-internal.bsc.es
ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p'
'';
}

10
m/fox/configuration.nix
View File

@ -45,16 +45,6 @@
services.fail2ban.enable = true; services.fail2ban.enable = true;
# Use SSH tunnel to reach internal hosts
programs.ssh.extraConfig = ''
Host bscpm04.bsc.es gitlab-internal.bsc.es tent
ProxyJump raccoon
Host raccoon
ProxyJump apex
HostName 127.0.0.1
Port 22022
'';
networking = { networking = {
timeServers = [ "ntp1.upc.edu" "ntp2.upc.edu" ]; timeServers = [ "ntp1.upc.edu" "ntp2.upc.edu" ];
hostName = "fox"; hostName = "fox";

8
m/module/ssh-hut-extern.nix
View File

@ -1,8 +0,0 @@
{
programs.ssh.extraConfig = ''
Host apex ssfhead
HostName ssflogin.bsc.es
Host hut
ProxyJump apex
'';
}

2
m/raccoon/configuration.nix
View File

@ -3,9 +3,9 @@
{ {
imports = [ imports = [
../common/base.nix ../common/base.nix
../common/ssf/hosts.nix
../module/emulation.nix ../module/emulation.nix
../module/debuginfod.nix ../module/debuginfod.nix
../module/ssh-hut-extern.nix
../module/nvidia.nix ../module/nvidia.nix
../eudy/kernel/perf.nix ../eudy/kernel/perf.nix
./wireguard.nix ./wireguard.nix

2
m/tent/configuration.nix
View File

@ -3,9 +3,9 @@
{ {
imports = [ imports = [
../common/xeon.nix ../common/xeon.nix
../common/ssf/hosts.nix
../module/emulation.nix ../module/emulation.nix
../module/debuginfod.nix ../module/debuginfod.nix
../module/ssh-hut-extern.nix
./monitoring.nix ./monitoring.nix
./nginx.nix ./nginx.nix
./nix-serve.nix ./nix-serve.nix