nixos/machines/agentjones.nix

{ pkgs, lib, nodes, ... }:
let
  ip_pub    = "193.1.99.72";
  ip_priv   = "172.20.20.1";
  hostname  = "agentjones.skynet.ie";

in {
  imports = [
    # applications for this particular server
    ../applications/firewall.nix
  ];

  deployment = {
    targetHost = hostname;
    targetPort = 22;
    targetUser = "root";
  };

  # this has to be defined for any physical servers
  # vms are defined by teh vm host
  networking.interfaces = {
    eth0 = {
      ipv4.addresses = [
        {
          address = "${ip_pub}/32";
          prefixLength = 24;
        }
      ];
    };
    priv0 = {
      ipv4.addresses = [
        {
          address = "${ip_priv}/32";
          prefixLength = 24;
        }
      ];
    };
  };

  # this server is teh firewall
  skynet_firewall = {
    # always good to know oneself

    own = {
      ip = ip_pub;

      ports = {
        tcp = [
          # ssh in
          22
        ];
        udp = [];
      };
    };

    enable = true;

    # gonna have to get all the
    forward = builtins.concatLists (
      # using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
      lib.attrsets.mapAttrsToList (key: value:
        # make sure that anything running this firewall dosent count (recursion otherewise)
        # firewall may want to open ports in itself but can deal with that later
        if value.config.skynet_firewall.enable
        then []
        else value.config.skynet_firewall.forward
      ) nodes
    );
  };

}
feat: better handling if ip and networking 2023-01-17 17:20:22 +00:00			`{ pkgs, lib, nodes, ... }:`
			`let`
feat: finalise config 2023-01-17 20:50:17 +00:00			`ip_pub = "193.1.99.72";`
			`ip_priv = "172.20.20.1";`
			`hostname = "agentjones.skynet.ie";`
feat: better handling if ip and networking 2023-01-17 17:20:22 +00:00
			`in {`
test: lets see if the firewall can be set up and nmap installed 2023-01-13 17:23:15 +00:00			`imports = [`
			`# applications for this particular server`
feat: basic firewall using the previous 2023-01-13 18:34:19 +00:00			`../applications/firewall.nix`
test: lets see if the firewall can be set up and nmap installed 2023-01-13 17:23:15 +00:00			`];`

feat: basic setup for colmena 2023-01-15 17:45:21 +00:00			`deployment = {`
feat: better handling if ip and networking 2023-01-17 17:20:22 +00:00			`targetHost = hostname;`
feat: basic setup for colmena 2023-01-15 17:45:21 +00:00			`targetPort = 22;`
			`targetUser = "root";`
			`};`

feat: better handling if ip and networking 2023-01-17 17:20:22 +00:00			`# this has to be defined for any physical servers`
			`# vms are defined by teh vm host`
			`networking.interfaces = {`
			`eth0 = {`
			`ipv4.addresses = [`
			`{`
feat: finalise config 2023-01-17 20:50:17 +00:00			`address = "${ip_pub}/32";`
feat: better handling if ip and networking 2023-01-17 17:20:22 +00:00			`prefixLength = 24;`
			`}`
			`];`
			`};`
			`priv0 = {`
			`ipv4.addresses = [`
			`{`
			`address = "${ip_priv}/32";`
			`prefixLength = 24;`
			`}`
			`];`
			`};`
			`};`

tmnp: save current state 2023-01-15 15:10:40 +00:00			`# this server is teh firewall`
feat: generating firewall forwarding rules from individual machiene configs complete 2023-01-15 18:27:21 +00:00			`skynet_firewall = {`
feat: improved config a tad 2023-01-15 19:18:24 +00:00			`# always good to know oneself`

feat: added better options to teh firewall 2023-01-17 15:46:07 +00:00			`own = {`
feat: finalise config 2023-01-17 20:50:17 +00:00			`ip = ip_pub;`
feat: added better options to teh firewall 2023-01-17 15:46:07 +00:00
			`ports = {`
			`tcp = [`
			`# ssh in`
			`22`
			`];`
			`udp = [];`
			`};`
			`};`
feat: improved config a tad 2023-01-15 19:18:24 +00:00
feat: generating firewall forwarding rules from individual machiene configs complete 2023-01-15 18:27:21 +00:00			`enable = true;`

			`# gonna have to get all the`
feat: no more recusion, simplified the function 2023-01-15 18:42:01 +00:00			`forward = builtins.concatLists (`
			`# using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list`
			`lib.attrsets.mapAttrsToList (key: value:`
			`# make sure that anything running this firewall dosent count (recursion otherewise)`
			`# firewall may want to open ports in itself but can deal with that later`
			`if value.config.skynet_firewall.enable`
			`then []`
			`else value.config.skynet_firewall.forward`
			`) nodes`
			`);`
feat: generating firewall forwarding rules from individual machiene configs complete 2023-01-15 18:27:21 +00:00			`};`
tmnp: save current state 2023-01-15 15:10:40 +00:00
test: lets see if the firewall can be set up and nmap installed 2023-01-13 17:23:15 +00:00			`}`