diff --git a/ops/nixos/totoro/default.nix b/ops/nixos/totoro/default.nix index 913fd4f6ad..0cc2538297 100644 --- a/ops/nixos/totoro/default.nix +++ b/ops/nixos/totoro/default.nix @@ -82,85 +82,7 @@ in { extraGroups = lib.mkAfter [ "libvirtd" ]; }; - # NFS - services.nfs.server = { - enable = true; - exports = '' - /export 192.168.1.0/24(rw,sync,nohide,no_subtree_check,no_root_squash,wdelay,fsid=0,insecure,crossmnt) - /export/openshift 192.168.1.0/24(rw,sync,nohide,no_subtree_check,no_root_squash,no_wdelay,insecure,crossmnt) - ''; - }; - - networking.firewall.allowedTCPPorts = [ 111 2049 80 443 6443 22623 ]; - networking.firewall.allowedUDPPorts = [ 111 2049 ]; - - # LB - services.haproxy = { - enable = true; - config = '' - global - maxconn 50000 - nbthread 4 - - defaults - log global - mode tcp - option tcplog - maxconn 3000 - timeout connect 10s - timeout client 1m - timeout server 1m - - frontend k8sapi - bind 192.168.1.40:6443 - default_backend k8sapi-backend - - backend k8sapi-backend - balance roundrobin - mode tcp - server okd1 192.168.1.41:6443 check - server okd2 192.168.1.42:6443 check - server okd3 192.168.1.43:6443 check - - frontend machineconfig - bind 192.168.1.40:22623 - default_backend machineconfig-backend - - backend machineconfig-backend - balance roundrobin - mode tcp - server okd1 192.168.1.41:22623 check - server okd2 192.168.1.42:22623 check - server okd3 192.168.1.43:22623 check - - frontend https - bind 192.168.1.40:443 - default_backend https-backend - - backend https-backend - balance roundrobin - mode tcp - server okd1 192.168.1.41:443 check - server okd2 192.168.1.42:443 check - server okd3 192.168.1.43:443 check - - frontend http - bind 192.168.1.40:80 - default_backend http-backend - - backend http-backend - balance roundrobin - mode tcp - server okd1 192.168.1.41:80 check - server okd2 192.168.1.42:80 check - server okd3 192.168.1.43:80 check - ''; - }; - - # Expose subnet 192.168.1.0/24 via Tailscale. - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; system.stateVersion = "20.03"; }