Remove extra SSH jump configuration
We now have direct visibility among nodes so we don't need any extra SSH configuration to reach them. Reviewed-by: Aleix Boné <abonerib@bsc.es>
This commit is contained in:
		
							parent
							
								
									08e4dda6d2
								
							
						
					
					
						commit
						3f8e6b9fcd
					
				| @ -56,17 +56,6 @@ | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   # Use SSH tunnel to reach internal hosts | ||||
|   programs.ssh.extraConfig = '' | ||||
|     Host bscpm04.bsc.es gitlab-internal.bsc.es knights3.bsc.es | ||||
|       ProxyCommand nc -X connect -x localhost:23080 %h %p | ||||
|     Host raccoon | ||||
|       HostName knights3.bsc.es | ||||
|       ProxyCommand nc -X connect -x localhost:23080 %h %p | ||||
|     Host tent | ||||
|       ProxyJump raccoon | ||||
|   ''; | ||||
| 
 | ||||
|   networking.firewall = { | ||||
|     extraCommands = '' | ||||
|       # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our | ||||
|  | ||||
| @ -16,6 +16,8 @@ | ||||
|     hosts = { | ||||
|       "84.88.53.236" = [ "ssfhead.bsc.es" "ssfhead" ]; | ||||
|       "84.88.51.142" = [ "raccoon-ipmi" ]; | ||||
|       "192.168.11.12" = [ "bscpm04.bsc.es" ]; | ||||
|       "192.168.11.15" = [ "gitlab-internal.bsc.es" ]; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|  | ||||
| @ -6,6 +6,5 @@ | ||||
|     ./ssf/hosts.nix | ||||
|     ./ssf/hosts-remote.nix | ||||
|     ./ssf/net.nix | ||||
|     ./ssf/ssh.nix | ||||
|   ]; | ||||
| } | ||||
|  | ||||
| @ -1,16 +0,0 @@ | ||||
| { | ||||
|   # Use SSH tunnel to apex to reach internal hosts | ||||
|   programs.ssh.extraConfig = '' | ||||
|     Host tent | ||||
|       ProxyJump raccoon | ||||
| 
 | ||||
|     # Access raccoon via the HTTP proxy | ||||
|     Host raccoon knights3.bsc.es | ||||
|       HostName knights3.bsc.es | ||||
|       ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p' | ||||
| 
 | ||||
|     # Make sure we can reach gitlab even if we don't have SSH access to raccoon | ||||
|     Host bscpm04.bsc.es gitlab-internal.bsc.es | ||||
|       ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p' | ||||
|   ''; | ||||
| } | ||||
| @ -45,16 +45,6 @@ | ||||
| 
 | ||||
|   services.fail2ban.enable = true; | ||||
| 
 | ||||
|   # Use SSH tunnel to reach internal hosts | ||||
|   programs.ssh.extraConfig = '' | ||||
|     Host bscpm04.bsc.es gitlab-internal.bsc.es tent | ||||
|       ProxyJump raccoon | ||||
|     Host raccoon | ||||
|       ProxyJump apex | ||||
|       HostName 127.0.0.1 | ||||
|       Port 22022 | ||||
|   ''; | ||||
| 
 | ||||
|   networking = { | ||||
|     timeServers = [ "ntp1.upc.edu" "ntp2.upc.edu" ]; | ||||
|     hostName = "fox"; | ||||
|  | ||||
| @ -1,8 +0,0 @@ | ||||
| { | ||||
|   programs.ssh.extraConfig = '' | ||||
|     Host apex ssfhead | ||||
|       HostName ssflogin.bsc.es | ||||
|     Host hut | ||||
|       ProxyJump apex | ||||
|   ''; | ||||
| } | ||||
| @ -3,9 +3,9 @@ | ||||
| { | ||||
|   imports = [ | ||||
|     ../common/base.nix | ||||
|     ../common/ssf/hosts.nix | ||||
|     ../module/emulation.nix | ||||
|     ../module/debuginfod.nix | ||||
|     ../module/ssh-hut-extern.nix | ||||
|     ../module/nvidia.nix | ||||
|     ../eudy/kernel/perf.nix | ||||
|     ./wireguard.nix | ||||
|  | ||||
| @ -3,9 +3,9 @@ | ||||
| { | ||||
|   imports = [ | ||||
|     ../common/xeon.nix | ||||
|     ../common/ssf/hosts.nix | ||||
|     ../module/emulation.nix | ||||
|     ../module/debuginfod.nix | ||||
|     ../module/ssh-hut-extern.nix | ||||
|     ./monitoring.nix | ||||
|     ./nginx.nix | ||||
|     ./nix-serve.nix | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user