nixos/machines/skynet.nix

/*

Name:     https://en.wikipedia.org/wiki/Skynet_(Terminator)
Why:      Skynet is eternal
Type:     VM
Hardware: -
From:     2023
Role:     Webserver and member linux box
Notes:    Does not host offical sites
*/
{
  pkgs,
  lib,
  nodes,
  inputs,
  ...
}: let
  name = "skynet";
  # DMZ that ITD provided
  ip_pub = "193.1.96.165";
  ip_int = "193.1.99.81";
  hostname = "${name}.skynet.ie";
in {
  imports = [
    ../applications/skynet_users.nix
  ];

  deployment = {
    targetHost = ip_pub;
    targetPort = 22;
    targetUser = null;

    # this one is manually deployed
    tags = ["active-ext"];
  };

  skynet_dns.records = [
    {
      record = name;
      r_type = "A";
      value = ip_pub;
      server = true;
    }
    {
      record = ip_pub;
      r_type = "PTR";
      value = hostname;
    }
  ];

  services.skynet_backup.host = {
    ip = ip_pub;
    name = name;
  };

  proxmoxLXC.manageNetwork = true;
  networking = {
    hostName = name;
    # needed to use the dmz first
    defaultGateway = lib.mkForce "193.1.96.161";

    interfaces = {
      # need it for dns validation for letsencrypt
      eth0.ipv4 = {
        addresses = [
          {
            address = ip_int;
            prefixLength = 26;
          }
        ];
        routes = [
          {
            # need to be able to get to the dns server
            address = "193.1.99.120";
            prefixLength = 26;
            via = "193.1.99.65";
          }
        ];
      };

      # primary ip for logging in
      eth1.ipv4.addresses = [
        {
          address = ip_pub;
          prefixLength = 28;
        }
      ];
    };
  };

  services.skynet_users = {
    host = {
      ip = ip_pub;
      name = name;
    };
  };
}
skynet: finally setting up skynet 2023-07-20 21:05:46 +00:00			`/*`

feat: added a formatter and some instructions 2023-09-17 19:51:08 +00:00			`Name: https://en.wikipedia.org/wiki/Skynet_(Terminator)`
			`Why: Skynet is eternal`
			`Type: VM`
			`Hardware: -`
			`From: 2023`
			`Role: Webserver and member linux box`
			`Notes: Does not host offical sites`
skynet: finally setting up skynet 2023-07-20 21:05:46 +00:00			`*/`
feat: added a formatter and some instructions 2023-09-17 19:51:08 +00:00			`{`
			`pkgs,`
			`lib,`
			`nodes,`
			`inputs,`
			`...`
			`}: let`
			`name = "skynet";`
skynet: finally setting up skynet 2023-07-20 21:05:46 +00:00			`# DMZ that ITD provided`
feat: added a formatter and some instructions 2023-09-17 19:51:08 +00:00			`ip_pub = "193.1.96.165";`
			`ip_int = "193.1.99.81";`
			`hostname = "${name}.skynet.ie";`
skynet: finally setting up skynet 2023-07-20 21:05:46 +00:00			`in {`
skynet: got the main site "working" 2023-07-21 01:03:04 +00:00			`imports = [`
feat: skynet user stuff is now segregated to a server that is untrusted 2023-09-15 23:04:39 +00:00			`../applications/skynet_users.nix`
skynet: got the main site "working" 2023-07-21 01:03:04 +00:00			`];`
skynet: finally setting up skynet 2023-07-20 21:05:46 +00:00
			`deployment = {`
feat: splitting up the user side of skynet and the main websites 2023-09-15 19:36:07 +00:00			`targetHost = ip_pub;`
skynet: finally setting up skynet 2023-07-20 21:05:46 +00:00			`targetPort = 22;`
feat: move off of using root for deployment 2023-09-30 22:18:14 +00:00			`targetUser = null;`
skynet: finally setting up skynet 2023-07-20 21:05:46 +00:00
fix: skynet is external so needs top be updated manually 2023-09-16 16:07:18 +00:00			`# this one is manually deployed`
feat: added a formatter and some instructions 2023-09-17 19:51:08 +00:00			`tags = ["active-ext"];`
skynet: finally setting up skynet 2023-07-20 21:05:46 +00:00			`};`

			`skynet_dns.records = [`
feat: added a formatter and some instructions 2023-09-17 19:51:08 +00:00			`{`
			`record = name;`
			`r_type = "A";`
			`value = ip_pub;`
			`server = true;`
			`}`
			`{`
			`record = ip_pub;`
			`r_type = "PTR";`
			`value = hostname;`
			`}`
skynet: finally setting up skynet 2023-07-20 21:05:46 +00:00			`];`

feat: splitting up the user side of skynet and the main websites 2023-09-15 19:36:07 +00:00			`services.skynet_backup.host = {`
			`ip = ip_pub;`
			`name = name;`
skynet: finally setting up skynet 2023-07-20 21:05:46 +00:00			`};`

skynet: got the main site "working" 2023-07-21 01:03:04 +00:00			`proxmoxLXC.manageNetwork = true;`
[no ci] feat: now got ssh access to skynet.skynet.ie 2023-09-05 14:02:02 +00:00			`networking = {`
			`hostName = name;`
			`# needed to use the dmz first`
feat: splitting up the user side of skynet and the main websites 2023-09-15 19:36:07 +00:00			`defaultGateway = lib.mkForce "193.1.96.161";`
[no ci] feat: now got ssh access to skynet.skynet.ie 2023-09-05 14:02:02 +00:00
fix: seems like we need to keep the two network addresses for the skynet server 2023-09-15 21:03:52 +00:00			`interfaces = {`
			`# need it for dns validation for letsencrypt`
			`eth0.ipv4 = {`
			`addresses = [`
			`{`
			`address = ip_int;`
			`prefixLength = 26;`
			`}`
			`];`
			`routes = [`
			`{`
fix: properly set up the routes 2023-09-15 23:30:45 +00:00			`# need to be able to get to the dns server`
			`address = "193.1.99.120";`
fix: seems like we need to keep the two network addresses for the skynet server 2023-09-15 21:03:52 +00:00			`prefixLength = 26;`
			`via = "193.1.99.65";`
			`}`
			`];`
			`};`

			`# primary ip for logging in`
			`eth1.ipv4.addresses = [`
			`{`
			`address = ip_pub;`
			`prefixLength = 28;`
			`}`
			`];`
			`};`
feat: networking for externally accessable IP set up. However its currently only accessable on vpn. ext.skynet.ie is a temp domain for testing 2023-09-04 17:03:48 +00:00			`};`
skynet: got the main site "working" 2023-07-21 01:03:04 +00:00
feat: skynet user stuff is now segregated to a server that is untrusted 2023-09-15 23:04:39 +00:00			`services.skynet_users = {`
			`host = {`
			`ip = ip_pub;`
			`name = name;`
			`};`
			`};`
feat: added a formatter and some instructions 2023-09-17 19:51:08 +00:00			`}`