2023-07-20 21:05:46 +00:00
|
|
|
/*
|
|
|
|
|
|
|
|
|
|
Name: https://en.wikipedia.org/wiki/Skynet_(Terminator)
|
|
|
|
|
Why: Skynet is eternal
|
|
|
|
|
Type: VM
|
|
|
|
|
Hardware: -
|
|
|
|
|
From: 2023
|
|
|
|
|
Role: Webserver and member linux box
|
|
|
|
|
Notes:
|
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
2023-07-21 20:27:01 +00:00
|
|
|
{ pkgs, lib, nodes, inputs, ... }:
|
2023-07-20 21:05:46 +00:00
|
|
|
let
|
|
|
|
|
# name of the server, sets teh hostname and record for it
|
|
|
|
|
name = "skynet";
|
|
|
|
|
# DMZ that ITD provided
|
|
|
|
|
ip_pub = "193.1.96.165";
|
|
|
|
|
ip_priv = "193.1.99.79";
|
|
|
|
|
hostname = "${name}.skynet.ie";
|
2023-07-21 01:03:04 +00:00
|
|
|
hostname_int = "${name}.int.skynet.ie";
|
2023-07-20 21:05:46 +00:00
|
|
|
|
|
|
|
|
in {
|
2023-07-21 01:03:04 +00:00
|
|
|
imports = [
|
2023-07-23 02:08:56 +00:00
|
|
|
../applications/skynet.ie.nix
|
2023-07-21 01:03:04 +00:00
|
|
|
];
|
2023-07-20 21:05:46 +00:00
|
|
|
|
|
|
|
|
deployment = {
|
2023-07-21 01:03:04 +00:00
|
|
|
targetHost = ip_priv;
|
2023-07-20 21:05:46 +00:00
|
|
|
targetPort = 22;
|
|
|
|
|
targetUser = "root";
|
|
|
|
|
|
2023-07-26 22:53:26 +00:00
|
|
|
tags = [ "active-core" ];
|
2023-07-20 21:05:46 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# it has two network devices so two
|
|
|
|
|
skynet_dns.records = [
|
2023-07-23 02:08:56 +00:00
|
|
|
#{record=name; r_type="A"; value=ip_pub; server=true;}
|
2023-09-04 17:03:48 +00:00
|
|
|
{record=name; r_type="A"; value=ip_priv; server=true; }
|
|
|
|
|
{record="ext"; r_type="A"; value=ip_pub; server=false;}
|
2023-07-21 01:03:04 +00:00
|
|
|
|
2023-09-04 17:03:48 +00:00
|
|
|
{record="${name}.int"; r_type="A"; value=ip_priv; server=true;}
|
2023-07-20 21:05:46 +00:00
|
|
|
{record=ip_priv; r_type="PTR"; value=hostname_int;}
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
services.skynet_backup = {
|
|
|
|
|
host = {
|
2023-09-04 17:40:49 +00:00
|
|
|
ip = ip_priv;
|
2023-07-20 21:05:46 +00:00
|
|
|
name = name;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# allow more than admins access
|
|
|
|
|
services.skynet_ldap_client = {
|
|
|
|
|
groups = [
|
|
|
|
|
"skynet-admins-linux"
|
|
|
|
|
"skynet-users-linux"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2023-07-21 01:03:04 +00:00
|
|
|
proxmoxLXC.manageNetwork = true;
|
|
|
|
|
networking.hostName = name;
|
2023-09-04 17:03:48 +00:00
|
|
|
networking.interfaces = {
|
|
|
|
|
eth0.ipv4.addresses = [
|
|
|
|
|
{
|
|
|
|
|
address = ip_priv;
|
|
|
|
|
prefixLength = 26;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
eth1.ipv4.addresses = [
|
|
|
|
|
{
|
|
|
|
|
address = ip_pub;
|
|
|
|
|
prefixLength = 28;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
2023-07-21 01:03:04 +00:00
|
|
|
|
2023-07-23 02:08:56 +00:00
|
|
|
services.skynet = {
|
|
|
|
|
host = {
|
|
|
|
|
ip = ip_priv;
|
|
|
|
|
name = name;
|
|
|
|
|
};
|
2023-07-21 01:03:04 +00:00
|
|
|
};
|
2023-09-04 17:51:17 +00:00
|
|
|
|
|
|
|
|
# from https://discourse.nixos.org/t/second-default-gateway/22220/5 and https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System
|
2023-09-04 17:49:33 +00:00
|
|
|
networking = {
|
|
|
|
|
iproute2 = {
|
|
|
|
|
enable = true;
|
|
|
|
|
rttablesExtraConfig =
|
|
|
|
|
''1 rt2'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.services.secondGateway = {
|
|
|
|
|
description = "External route.";
|
|
|
|
|
path = [pkgs.bash pkgs.iproute];
|
|
|
|
|
script = ''
|
|
|
|
|
ip route add 193.1.96.160/28 dev eth1 src 193.1.96.165 table rt2
|
2023-09-04 18:31:40 +00:00
|
|
|
ip route add default via 193.1.96.161 dev eth1 table rt2
|
2023-09-04 17:49:33 +00:00
|
|
|
ip rule add from 193.1.96.165/28 table rt2
|
|
|
|
|
ip rule add to 193.1.96.165/28 table rt2
|
|
|
|
|
'';
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type= "oneshot";
|
|
|
|
|
User = "root";
|
|
|
|
|
Restart = "no";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
}
|
