Remove extra SSH jump configuration

We now have direct visibility among nodes so we don't need any extra SSH configuration to reach them. Reviewed-by: Aleix Boné <abonerib@bsc.es>
2025-09-25 15:15:43 +02:00 · 2025-09-25 15:15:43 +02:00 · 3f8e6b9fcd
commit 3f8e6b9fcd
parent 08e4dda6d2
8 changed files with 4 additions and 48 deletions
--- a/m/apex/configuration.nix
+++ b/m/apex/configuration.nix
@ -56,17 +56,6 @@
    };
  };

-  # Use SSH tunnel to reach internal hosts
-  programs.ssh.extraConfig = ''
-    Host bscpm04.bsc.es gitlab-internal.bsc.es knights3.bsc.es
-      ProxyCommand nc -X connect -x localhost:23080 %h %p
-    Host raccoon
-      HostName knights3.bsc.es
-      ProxyCommand nc -X connect -x localhost:23080 %h %p
-    Host tent
-      ProxyJump raccoon
-  '';
-
  networking.firewall = {
    extraCommands = ''
      # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our
--- a/m/common/base/net.nix
+++ b/m/common/base/net.nix
@ -16,6 +16,8 @@
    hosts = {
      "84.88.53.236" = [ "ssfhead.bsc.es" "ssfhead" ];
      "84.88.51.142" = [ "raccoon-ipmi" ];
+      "192.168.11.12" = [ "bscpm04.bsc.es" ];
+      "192.168.11.15" = [ "gitlab-internal.bsc.es" ];
    };
  };
 }
--- a/m/common/ssf.nix
+++ b/m/common/ssf.nix
@ -6,6 +6,5 @@
    ./ssf/hosts.nix
    ./ssf/hosts-remote.nix
    ./ssf/net.nix
-    ./ssf/ssh.nix
  ];
 }
--- a/m/common/ssf/ssh.nix
+++ b/m/common/ssf/ssh.nix
@ -1,16 +0,0 @@
-{
-  # Use SSH tunnel to apex to reach internal hosts
-  programs.ssh.extraConfig = ''
-    Host tent
-      ProxyJump raccoon
-
-    # Access raccoon via the HTTP proxy
-    Host raccoon knights3.bsc.es
-      HostName knights3.bsc.es
-      ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p'
-
-    # Make sure we can reach gitlab even if we don't have SSH access to raccoon
-    Host bscpm04.bsc.es gitlab-internal.bsc.es
-      ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p'
-  '';
-}
--- a/m/fox/configuration.nix
+++ b/m/fox/configuration.nix
@ -45,16 +45,6 @@

  services.fail2ban.enable = true;

-  # Use SSH tunnel to reach internal hosts
-  programs.ssh.extraConfig = ''
-    Host bscpm04.bsc.es gitlab-internal.bsc.es tent
-      ProxyJump raccoon
-    Host raccoon
-      ProxyJump apex
-      HostName 127.0.0.1
-      Port 22022
-  '';
-
  networking = {
    timeServers = [ "ntp1.upc.edu" "ntp2.upc.edu" ];
    hostName = "fox";
--- a/m/module/ssh-hut-extern.nix
+++ b/m/module/ssh-hut-extern.nix
@ -1,8 +0,0 @@
-{
-  programs.ssh.extraConfig = ''
-    Host apex ssfhead
-      HostName ssflogin.bsc.es
-    Host hut
-      ProxyJump apex
-  '';
-}
--- a/m/raccoon/configuration.nix
+++ b/m/raccoon/configuration.nix
@ -3,9 +3,9 @@
 {
  imports = [
    ../common/base.nix
+    ../common/ssf/hosts.nix
    ../module/emulation.nix
    ../module/debuginfod.nix
-    ../module/ssh-hut-extern.nix
    ../module/nvidia.nix
    ../eudy/kernel/perf.nix
    ./wireguard.nix
--- a/m/tent/configuration.nix
+++ b/m/tent/configuration.nix
@ -3,9 +3,9 @@
 {
  imports = [
    ../common/xeon.nix
+    ../common/ssf/hosts.nix
    ../module/emulation.nix
    ../module/debuginfod.nix
-    ../module/ssh-hut-extern.nix
    ./monitoring.nix
    ./nginx.nix
    ./nix-serve.nix