Merge pull request 'Simplify network configuration' (#11) from simplify-network-config into main

Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/11
author: Alex <alex@adnab.me> 2023-05-16 13:19:33 +0000
committer: Alex <alex@adnab.me> 2023-05-16 13:19:33 +0000
commit: aee3a0947112f3eb37f662dd97831954075184fd (patch)
tree: 9c3a8eebb53dd16d500b2e54341a8a9e50af5225 /cluster/staging
parent: 2488ad0ac296732eb7c3c9c3bc28e1e73f5b06bc (diff)
parent: 76b7f86d228ae0bb236050e6381723136de2250e (diff)
download: nixcfg-aee3a0947112f3eb37f662dd97831954075184fd.tar.gz
nixcfg-aee3a0947112f3eb37f662dd97831954075184fd.zip
17 files changed, 160 insertions, 189 deletions
diff --git a/cluster/staging/app/core/deploy/core-service.hcl b/cluster/staging/app/core/deploy/d53.hcl
index 6799e01..fb1c1bf 100644
--- a/cluster/staging/app/core/deploy/core-service.hcl
+++ b/cluster/staging/app/core/deploy/d53.hcl
@@ -1,4 +1,4 @@
-job "core-service" {
+job "core:d53" {
   datacenters = ["neptune", "jupiter", "corrin", "bespin"]
   type = "service"
   priority = 90
@@ -11,7 +11,7 @@ job "core-service" {
 
       config {
         packages = [
-          "git+https://git.deuxfleurs.fr/lx/D53.git?ref=main&rev=86c255dfeabc60b0ef46ff78bc487c61c9548c79"
+          "git+https://git.deuxfleurs.fr/lx/D53.git?ref=diplonat-autodiscovery&rev=49d94dae1d753c1f3349be7ea9bc7e7978c0af15"
         ]
         command = "d53"
       }
@@ -52,7 +52,7 @@ D53_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
 D53_PROVIDERS=deuxfleurs.org:gandi
 D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }}
 D53_ALLOWED_DOMAINS=staging.deuxfleurs.org
-RUST_LOG=d53=info
+RUST_LOG=d53=debug
 EOH
         destination = "secrets/env"
         env = true
diff --git a/cluster/staging/app/core/deploy/diplonat.hcl b/cluster/staging/app/core/deploy/diplonat.hcl
new file mode 100644
index 0000000..ba1e4b5
--- /dev/null
+++ b/cluster/staging/app/core/deploy/diplonat.hcl
@@ -0,0 +1,75 @@
+job "core:diplonat" {
+  datacenters = ["neptune", "jupiter", "corrin", "bespin"]
+  type = "system"
+  priority = 90
+
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
+  }
+
+  update {
+    max_parallel     = 3
+    stagger = "20s"
+  }
+
+  group "diplonat" {
+    task "diplonat" {
+      driver = "nix2"
+
+      config {
+        packages = [
+          "#iptables",
+		  "#bash",
+		  "#coreutils",
+          "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=stun&rev=f5fc635b75dfa17b83a8db4893a7be206b4f9892"
+        ]
+        command = "diplonat"
+      }
+      user = "root"
+
+      restart {
+        interval = "30m"
+        attempts = 2
+        delay    = "15s"
+        mode     = "delay"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
+        destination = "etc/diplonat/consul-ca.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
+        destination = "etc/diplonat/consul-client.crt"
+      }
+
+      template {
+        data = "{{ key \"secrets/consul/consul-client.key\" }}"
+        destination = "etc/diplonat/consul-client.key"
+      }
+
+      template {
+        data = <<EOH
+DIPLONAT_REFRESH_TIME=60
+DIPLONAT_EXPIRATION_TIME=300
+DIPLONAT_IPV6_ONLY=true
+DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
+DIPLONAT_CONSUL_URL=https://localhost:8501
+DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt
+DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
+DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
+RUST_LOG=debug
+RUST_BACKTRACE=1
+EOH
+        destination = "secrets/env"
+        env = true
+      }
+
+      resources {
+        memory = 100
+      }
+    }
+  }
+}
diff --git a/cluster/staging/app/core/deploy/core-system.hcl b/cluster/staging/app/core/deploy/tricot.hcl
index 05fa0f2..7547a53 100644
--- a/cluster/staging/app/core/deploy/core-system.hcl
+++ b/cluster/staging/app/core/deploy/tricot.hcl
@@ -1,4 +1,4 @@
-job "core-system" {
+job "core:tricot" {
   datacenters = ["neptune", "jupiter", "corrin", "bespin"]
   type = "system"
   priority = 90
@@ -13,64 +13,6 @@ job "core-system" {
     stagger = "1m"
   }
 
-/*
-  group "diplonat" {
-    task "diplonat" {
-      driver = "nix2"
-
-      config {
-        packages = [
-          "#iptables",
-          "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=f306e8dc8d0e93478353ce39b6064e8c06a8bca6"
-        ]
-        command = "diplonat"
-      }
-      user = "root"
-
-      restart {
-        interval = "30m"
-        attempts = 2
-        delay    = "15s"
-        mode     = "delay"
-      }
-
-      template {
-        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
-        destination = "etc/diplonat/consul-ca.crt"
-      }
-
-      template {
-        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
-        destination = "etc/diplonat/consul-client.crt"
-      }
-
-      template {
-        data = "{{ key \"secrets/consul/consul-client.key\" }}"
-        destination = "etc/diplonat/consul-client.key"
-      }
-
-      template {
-        data = <<EOH
-DIPLONAT_REFRESH_TIME=60
-DIPLONAT_EXPIRATION_TIME=300
-DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
-DIPLONAT_CONSUL_URL=https://localhost:8501
-DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt
-DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
-DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
-RUST_LOG=debug
-EOH
-        destination = "secrets/env"
-        env = true
-      }
-
-      resources {
-        memory = 40
-      }
-    }
-  }
-  */
-
   group "tricot" {
     network {
       port "http_port" { static = 80 }
@@ -130,6 +72,7 @@ TRICOT_HTTP_BIND_ADDR=[::]:80
 TRICOT_HTTPS_BIND_ADDR=[::]:443
 TRICOT_METRICS_BIND_ADDR=[::]:9334
 RUST_LOG=tricot=debug
+RUST_BACKTRACE=1
 EOH
         destination = "secrets/env"
         env = true
@@ -141,7 +84,7 @@ EOH
         tags = [
           "d53-aaaa ${meta.site}.site.staging.deuxfleurs.org",
           "d53-aaaa staging.deuxfleurs.org",
-          # "(diplonat (tcp_port 80))"
+          "(diplonat (tcp_port 80))"
         ]
         address_mode = "host"
       }
@@ -150,7 +93,7 @@ EOH
         name = "tricot-https"
         port = "https_port"
         tags = [
-          # "(diplonat (tcp_port 443))"
+          "(diplonat (tcp_port 443))"
         ]
         address_mode = "host"
       }
diff --git a/cluster/staging/app/garage/config/garage.toml b/cluster/staging/app/garage/config/garage.toml
index f14a602..26e0361 100644
--- a/cluster/staging/app/garage/config/garage.toml
+++ b/cluster/staging/app/garage/config/garage.toml
@@ -6,8 +6,10 @@ db_engine = "lmdb"
 
 replication_mode = "3"
 
-rpc_bind_addr = "[{{ env "meta.public_ipv6" }}]:3991"
-rpc_public_addr = "[{{ env "meta.public_ipv6" }}]:3991"
+{{ with $a := env "attr.unique.hostname" | printf "diplonat/autodiscovery/ipv6/%s" | key | parseJSON }}
+rpc_bind_addr = "[{{ $a.address }}]:3991"
+rpc_public_addr = "[{{ $a.address }}]:3991"
+{{ end }}
 rpc_secret = "{{ key "secrets/garage-staging/rpc_secret" | trimSpace }}"
 
 bootstrap_peers = []
diff --git a/cluster/staging/app/garage/deploy/garage.hcl b/cluster/staging/app/garage/deploy/garage.hcl
index 6e37d82..1fc969b 100644
--- a/cluster/staging/app/garage/deploy/garage.hcl
+++ b/cluster/staging/app/garage/deploy/garage.hcl
@@ -25,6 +25,7 @@ job "garage-staging" {
       config {
         packages = [
           "#bash", # so that we can enter a shell inside container
+          "#coreutils",
           "git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=0d0906b066eb76111f3b427dce1c50eac083366c",
         ]
         command = "garage"
diff --git a/cluster/staging/cluster.nix b/cluster/staging/cluster.nix
index cf30d6e..362724b 100644
--- a/cluster/staging/cluster.nix
+++ b/cluster/staging/cluster.nix
@@ -1,60 +1,56 @@
 { config, pkgs, ... } @ args:
 
 {
-  deuxfleurs.cluster_name = "staging";
+  deuxfleurs.clusterName = "staging";
 
   # The IP range to use for the Wireguard overlay of this cluster
-  deuxfleurs.cluster_prefix = "10.14.0.0";
-  deuxfleurs.cluster_prefix_length = 16;
+  deuxfleurs.clusterPrefix = "10.14.0.0/16";
 
-  deuxfleurs.cluster_nodes = [
-    {
-      hostname = "carcajou";
-      site_name = "neptune";
+  deuxfleurs.clusterNodes = {
+    "carcajou" = {
+      siteName = "neptune";
       publicKey = "7Nm7pMmyS7Nts1MB+loyD8u84ODxHPTkDu+uqQR6yDk=";
-      IP = "10.14.1.2";
+      address = "10.14.1.2";
       endpoint = "77.207.15.215:33722";
-    }
-    {
-      hostname = "caribou";
-      site_name = "neptune";
+    };
+    "caribou" = {
+      siteName = "neptune";
       publicKey = "lABn/axzD1jkFulX8c+K3B3CbKXORlIMDDoe8sQVxhs=";
-      IP = "10.14.1.3";
+      address = "10.14.1.3";
       endpoint = "77.207.15.215:33723";
-    }
-    {
-      hostname = "origan";
-      site_name = "jupiter";
+    };
+    "origan" = {
+      siteName = "jupiter";
       publicKey = "smBQYUS60JDkNoqkTT7TgbpqFiM43005fcrT6472llI=";
-      IP = "10.14.2.33";
+      address = "10.14.2.33";
       endpoint = "82.64.238.84:33733";
-    }
-    {
-      hostname = "piranha";
-      site_name = "corrin";
+    };
+    "piranha" = {
+      siteName = "corrin";
       publicKey = "m9rLf+233X1VColmeVrM/xfDGro5W6Gk5N0zqcf32WY=";
-      IP = "10.14.3.1";
+      address = "10.14.3.1";
       #endpoint = "82.120.233.78:33721";
-    }
-    {
-      hostname = "df-pw5";
-      site_name = "bespin";
+    };
+    "df-pw5" = {
+      siteName = "bespin";
       publicKey = "XLOYoMXF+PO4jcgfSVAk+thh4VmWx0wzWnb0xs08G1s=";
-      IP = "10.14.4.1";
+      address = "10.14.4.1";
       endpoint = "bitfrost.fiber.shirokumo.net:33734";
-    }
-  ];
+    };
+  };
+
+  deuxfleurs.wgautomeshPort = 1667;
   services.wgautomesh.logLevel = "debug";
 
   # Bootstrap IPs for Consul cluster,
   # these are IPs on the Wireguard overlay
   services.consul.extraConfig.retry_join = [
-    "10.14.1.1"  # cariacou
-    "10.14.1.2" # carcajou
     "10.14.1.3"  # caribou
+    "10.14.2.33" # origan
+    "10.14.3.1"  # piranha
   ];
 
-  deuxfleurs.admin_accounts = {
+  deuxfleurs.adminAccounts = {
     lx = [
       # Keys for accessing nodes from outside
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy"
@@ -142,16 +138,16 @@
           enable = true;
           port = substituter_port;
           openFirewall = false;
-          bindAddress = config.deuxfleurs.cluster_ip;
+          bindAddress = "0.0.0.0";
           package = pkgs.haskellPackages.nix-serve-ng;
         };
         nix.settings.substituters = map
-            ({ IP, ... }: "http://${IP}:${builtins.toString substituter_port}")
-            (builtins.filter
-              ({ site_name, IP, ...}:
-                (IP != config.deuxfleurs.cluster_ip
-                && site_name == config.deuxfleurs.site_name))
-              config.deuxfleurs.cluster_nodes);
+            ({ address, ... }: "http://${address}:${builtins.toString substituter_port}")
+            (builtins.attrValues (pkgs.lib.filterAttrs
+              (hostname: { siteName, ...}:
+                (hostname != config.deuxfleurs.hostName
+                && siteName == config.deuxfleurs.siteName))
+              config.deuxfleurs.clusterNodes));
       })
   ];
 }
diff --git a/cluster/staging/known_hosts b/cluster/staging/known_hosts
index 0cb04f2..d721c27 100644
--- a/cluster/staging/known_hosts
+++ b/cluster/staging/known_hosts
@@ -9,3 +9,4 @@ piranha.polyno.me,2a01:cb05:8984:3c00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1
 2a01:e0a:5e4:1d0:223:24ff:feaf:fdec ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsZas74RT6lCZwuUOPR23nPdbSdpWORyAmRgjoiMVHK
 df-pw5.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeehxeGiZR7qquYGoqEH/YrRJ/ukEcaLH
 10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
+192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
diff --git a/cluster/staging/node/carcajou.nix b/cluster/staging/node/carcajou.nix
index e1bd3a6..d5211f1 100644
--- a/cluster/staging/node/carcajou.nix
+++ b/cluster/staging/node/carcajou.nix
@@ -8,18 +8,19 @@
       ./remote-unlock.nix
     ];
 
+  deuxfleurs.remoteUnlock = {
+    networkInterface = "eno1";
+    staticIP = "192.168.1.22/24";
+    defaultGateway = "192.168.1.1";
+  };
+
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.timeout = 20;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.hostName = "carcajou";
-
-  deuxfleurs.network_interface = "eno1";
-  deuxfleurs.lan_ip = "192.168.1.22";
-  deuxfleurs.ipv6 = "2001:910:1204:1::22";
-
-  deuxfleurs.cluster_ip = "10.14.1.2";
+  deuxfleurs.hostName = "carcajou";
+  deuxfleurs.staticIPv6.address = "2001:910:1204:1::22";
 
   system.stateVersion = "21.05";
 }
diff --git a/cluster/staging/node/caribou.nix b/cluster/staging/node/caribou.nix
index 02cb16d..80293e9 100644
--- a/cluster/staging/node/caribou.nix
+++ b/cluster/staging/node/caribou.nix
@@ -8,14 +8,9 @@
   boot.loader.timeout = 20;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.hostName = "caribou";
-
-  deuxfleurs.network_interface = "eno1";
-  deuxfleurs.lan_ip = "192.168.1.23";
-  deuxfleurs.ipv6 = "2001:910:1204:1::23";
-
-  deuxfleurs.cluster_ip = "10.14.1.3";
-  deuxfleurs.is_raft_server = true;
+  deuxfleurs.hostName = "caribou";
+  deuxfleurs.staticIPv6.address = "2001:910:1204:1::23";
+  deuxfleurs.isRaftServer = true;
 
   system.stateVersion = "21.05";
 }
diff --git a/cluster/staging/node/df-pw5.nix b/cluster/staging/node/df-pw5.nix
index 33888d6..2f20f1c 100644
--- a/cluster/staging/node/df-pw5.nix
+++ b/cluster/staging/node/df-pw5.nix
@@ -9,12 +9,9 @@
   boot.loader.efi.efiSysMountPoint = "/boot";
   boot.loader.timeout = 20;
 
-  networking.hostName = "df-pw5";
+  deuxfleurs.hostName = "df-pw5";
+  deuxfleurs.staticIPv4.address = "192.168.5.130";
+  deuxfleurs.staticIPv6.address = "2a02:a03f:6510:5102:223:24ff:feb0:e8a7";
 
-  deuxfleurs.network_interface = "eno1";
-  deuxfleurs.lan_ip = "192.168.5.130";
-  deuxfleurs.ipv6 = "2a02:a03f:6510:5102:223:24ff:feb0:e8a7";
-
-  deuxfleurs.cluster_ip = "10.14.4.1";
-  deuxfleurs.is_raft_server = false;
+  system.stateVersion = "22.11";
 }
diff --git a/cluster/staging/node/origan.nix b/cluster/staging/node/origan.nix
index 50bce58..49ecbbf 100644
--- a/cluster/staging/node/origan.nix
+++ b/cluster/staging/node/origan.nix
@@ -8,14 +8,10 @@
   boot.loader.timeout = 20;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.hostName = "origan";
-
-  deuxfleurs.network_interface = "eno1";
-  deuxfleurs.lan_ip = "192.168.1.33";
-  deuxfleurs.ipv6 = "2a01:e0a:5e4:1d0:223:24ff:feaf:fdec";
-
-  deuxfleurs.cluster_ip = "10.14.2.33";
-  deuxfleurs.is_raft_server = true;
+  deuxfleurs.hostName = "origan";
+  deuxfleurs.staticIPv4.address = "192.168.1.33";
+  deuxfleurs.staticIPv6.address = "2a01:e0a:5e4:1d0:223:24ff:feaf:fdec";
+  deuxfleurs.isRaftServer = true;
 
   system.stateVersion = "22.11";
 }
diff --git a/cluster/staging/node/piranha.nix b/cluster/staging/node/piranha.nix
index 1832b6a..896f169 100644
--- a/cluster/staging/node/piranha.nix
+++ b/cluster/staging/node/piranha.nix
@@ -8,14 +8,10 @@
   boot.loader.timeout = 20;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.hostName = "piranha";
-
-  deuxfleurs.network_interface = "eno1";
-  deuxfleurs.lan_ip = "192.168.1.25";
-  deuxfleurs.ipv6 = "2a01:cb05:9142:7400:223:24ff:feb0:ea82";
-
-  deuxfleurs.cluster_ip = "10.14.3.1";
-  deuxfleurs.is_raft_server = true;
+  deuxfleurs.hostName = "piranha";
+  deuxfleurs.staticIPv4.address = "192.168.1.25";
+  deuxfleurs.staticIPv6.address = "2a01:cb05:9142:7400:223:24ff:feb0:ea82";
+  deuxfleurs.isRaftServer = true;
 
   system.stateVersion = "22.11";
 }
diff --git a/cluster/staging/site/bespin.nix b/cluster/staging/site/bespin.nix
index 9401f74..2dbfbad 100644
--- a/cluster/staging/site/bespin.nix
+++ b/cluster/staging/site/bespin.nix
@@ -1,13 +1,7 @@
 { config, pkgs, ... }:
 
 {
-  deuxfleurs.site_name = "bespin";
-  deuxfleurs.lan_default_gateway = "192.168.5.254";
-  deuxfleurs.ipv6_default_gateway = "2a02:a03f:6510:5102::1";
-  deuxfleurs.lan_ip_prefix_length = 24;
-  deuxfleurs.ipv6_prefix_length = 64;
-  deuxfleurs.nameservers = [ "192.168.5.254" ];
-  deuxfleurs.cname_target = "bespin.site.staging.deuxfleurs.org.";
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  deuxfleurs.siteName = "bespin";
+  deuxfleurs.staticIPv4.defaultGateway = "192.168.5.254";
+  deuxfleurs.cnameTarget = "bespin.site.staging.deuxfleurs.org.";
 }
diff --git a/cluster/staging/site/corrin.nix b/cluster/staging/site/corrin.nix
index 32b43ca..027f6b3 100644
--- a/cluster/staging/site/corrin.nix
+++ b/cluster/staging/site/corrin.nix
@@ -1,14 +1,8 @@
 { config, pkgs, ... }:
 
 {
-  deuxfleurs.site_name = "corrin";
-  deuxfleurs.lan_default_gateway = "192.168.1.1";
-  deuxfleurs.ipv6_default_gateway = "fe80::7ec1:77ff:fe3e:bb90";
-  deuxfleurs.lan_ip_prefix_length = 24;
-  deuxfleurs.ipv6_prefix_length = 64;
-  deuxfleurs.nameservers = [ "192.168.1.1" ];
-  deuxfleurs.cname_target = "corrin.site.staging.deuxfleurs.org.";
-  deuxfleurs.public_ipv4 = "2.13.96.213";
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  deuxfleurs.siteName = "corrin";
+  deuxfleurs.staticIPv4.defaultGateway = "192.168.1.1";
+  deuxfleurs.cnameTarget = "corrin.site.staging.deuxfleurs.org.";
+  deuxfleurs.publicIPv4 = "2.13.96.213";
 }
diff --git a/cluster/staging/site/jupiter.nix b/cluster/staging/site/jupiter.nix
index 31b9f47..28ba297 100644
--- a/cluster/staging/site/jupiter.nix
+++ b/cluster/staging/site/jupiter.nix
@@ -1,16 +1,7 @@
 { config, pkgs, ... }:
 
 {
-  deuxfleurs.site_name = "jupiter";
-  deuxfleurs.lan_default_gateway = "192.168.1.1";
-  deuxfleurs.ipv6_default_gateway = "fe80::9038:202a:73a0:e73b";
-  deuxfleurs.lan_ip_prefix_length = 24;
-  deuxfleurs.ipv6_prefix_length = 64;
-  deuxfleurs.nameservers = [ "192.168.1.1" ];
-  deuxfleurs.cname_target = "jupiter.site.staging.deuxfleurs.org.";
-
-  # no public ipv4 is used for the staging cluster on Jupiter
-  # deuxfleurs.public_ipv4 = "???";
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  deuxfleurs.siteName = "jupiter";
+  deuxfleurs.staticIPv4.defaultGateway = "192.168.1.1";
+  deuxfleurs.cnameTarget = "jupiter.site.staging.deuxfleurs.org.";
 }
diff --git a/cluster/staging/site/neptune.nix b/cluster/staging/site/neptune.nix
index 5399826..86148f4 100644
--- a/cluster/staging/site/neptune.nix
+++ b/cluster/staging/site/neptune.nix
@@ -1,17 +1,6 @@
 { config, pkgs, ... }:
 
 {
-  deuxfleurs.site_name = "neptune";
-  deuxfleurs.lan_default_gateway = "192.168.1.1";
-  deuxfleurs.ipv6_default_gateway = "2001:910:1204:1::1";
-  deuxfleurs.lan_ip_prefix_length = 24;
-  deuxfleurs.ipv6_prefix_length = 64;
-  deuxfleurs.nameservers = [ "192.168.1.1" ];
-  deuxfleurs.cname_target = "neptune.site.staging.deuxfleurs.org.";
-
-  # no public ipv4 is used for the staging cluster on Neptune,
-  # because the Internet connection is already used for the prod cluster
-  # deuxfleurs.public_ipv4 = "77.207.15.215";
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  deuxfleurs.siteName = "neptune";
+  deuxfleurs.cnameTarget = "neptune.site.staging.deuxfleurs.org.";
 }
diff --git a/cluster/staging/ssh_config b/cluster/staging/ssh_config
index 3043207..08cac54 100644
--- a/cluster/staging/ssh_config
+++ b/cluster/staging/ssh_config
@@ -10,7 +10,7 @@ Host origan
 	HostName origan.df.trinity.fr.eu.org
 
 Host piranha
-	ProxyJump caribou.machine.deuxfleurs.fr
+	ProxyJump carcajou.machine.deuxfleurs.fr
 	HostName 10.14.3.1
 	#HostName piranha.polyno.me
author	Alex <alex@adnab.me>	2023-05-16 13:19:33 +0000
committer	Alex <alex@adnab.me>	2023-05-16 13:19:33 +0000
commit	aee3a0947112f3eb37f662dd97831954075184fd (patch)
tree	9c3a8eebb53dd16d500b2e54341a8a9e50af5225 /cluster/staging
parent	2488ad0ac296732eb7c3c9c3bc28e1e73f5b06bc (diff)
parent	76b7f86d228ae0bb236050e6381723136de2250e (diff)
download	nixcfg-aee3a0947112f3eb37f662dd97831954075184fd.tar.gz nixcfg-aee3a0947112f3eb37f662dd97831954075184fd.zip