2023-01-17 21:57:39 +00:00
|
|
|
/*
|
|
|
|
|
|
|
|
Name: https://masseffect.fandom.com/wiki/Vendetta
|
|
|
|
Why: Vendetta held troves of important data waiting for folks to request it.
|
|
|
|
Type: VM
|
|
|
|
Hardware: -
|
|
|
|
From: 2023
|
|
|
|
Role: DNS Server
|
|
|
|
Notes:
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
{ pkgs, lib, nodes, ... }:
|
|
|
|
let
|
2023-01-18 02:37:16 +00:00
|
|
|
# name of the server, sets teh hostname and record for it
|
|
|
|
name = "vendetta";
|
|
|
|
|
2023-01-18 02:32:01 +00:00
|
|
|
ip_pub = "193.1.99.120";
|
2023-01-17 21:57:39 +00:00
|
|
|
ip_priv = "172.20.20.3";
|
2023-01-18 02:37:16 +00:00
|
|
|
# hostname = "${name}.skynet.ie";
|
2023-01-18 02:32:01 +00:00
|
|
|
hostname = ip_pub;
|
2023-01-17 21:57:39 +00:00
|
|
|
|
2023-01-18 02:32:01 +00:00
|
|
|
# sets which nameserver it is
|
|
|
|
ns = "ns1";
|
2023-01-17 21:57:39 +00:00
|
|
|
in {
|
|
|
|
imports = [
|
|
|
|
# applications for this particular server
|
2023-01-18 02:42:16 +00:00
|
|
|
../applications/firewall.nix
|
2023-01-17 23:31:47 +00:00
|
|
|
../applications/dns.nix
|
2023-01-17 21:57:39 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
deployment = {
|
|
|
|
targetHost = hostname;
|
|
|
|
targetPort = 22;
|
|
|
|
targetUser = "root";
|
|
|
|
};
|
|
|
|
|
2023-01-18 02:06:08 +00:00
|
|
|
networking = {
|
|
|
|
firewall = {
|
|
|
|
allowedTCPPorts = [22 53];
|
|
|
|
allowedUDPPorts = [53];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-01-18 02:42:16 +00:00
|
|
|
# open the firewall for this
|
|
|
|
skynet_firewall.forward = [
|
|
|
|
"ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
|
|
|
|
"ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
|
|
|
|
];
|
|
|
|
|
2023-01-17 23:31:47 +00:00
|
|
|
skynet_dns = {
|
|
|
|
enable = true;
|
2023-01-17 21:57:39 +00:00
|
|
|
|
2023-01-18 02:32:01 +00:00
|
|
|
# this server will have to have dns records
|
|
|
|
own = {
|
|
|
|
nameserver = ns;
|
|
|
|
external = [
|
2023-01-18 02:37:16 +00:00
|
|
|
"${name} A ${ip_pub}"
|
2023-01-18 02:32:01 +00:00
|
|
|
"${ns} A ${ip_pub}"
|
|
|
|
|
|
|
|
# needs this, temporally
|
|
|
|
"mail A ${ip_pub}"
|
|
|
|
];
|
|
|
|
cname = [
|
|
|
|
#"misc CNAME vendetta"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2023-01-17 23:31:47 +00:00
|
|
|
records = {
|
|
|
|
# using the same logic as the firewall, comments there
|
|
|
|
external = builtins.concatLists (
|
|
|
|
lib.attrsets.mapAttrsToList (key: value:
|
2023-01-18 00:19:45 +00:00
|
|
|
if builtins.hasAttr "skynet_dns" value.config
|
|
|
|
then (
|
2023-01-18 02:32:01 +00:00
|
|
|
if value.config.skynet_dns.enable
|
|
|
|
then value.config.skynet_dns.own.external
|
2023-01-18 00:19:45 +00:00
|
|
|
else value.config.skynet_dns.records.external
|
|
|
|
)
|
|
|
|
else []
|
2023-01-17 23:31:47 +00:00
|
|
|
) nodes
|
|
|
|
);
|
|
|
|
|
|
|
|
cname = builtins.concatLists (
|
|
|
|
lib.attrsets.mapAttrsToList (key: value:
|
2023-01-18 00:19:45 +00:00
|
|
|
if builtins.hasAttr "skynet_dns" value.config
|
|
|
|
then (
|
2023-01-18 02:32:01 +00:00
|
|
|
if value.config.skynet_dns.enable
|
|
|
|
then value.config.skynet_dns.own.cname
|
2023-01-18 00:19:45 +00:00
|
|
|
else value.config.skynet_dns.records.cname
|
|
|
|
)
|
|
|
|
else []
|
2023-01-17 23:31:47 +00:00
|
|
|
) nodes
|
|
|
|
);
|
|
|
|
};
|
|
|
|
};
|
2023-01-17 21:57:39 +00:00
|
|
|
|
|
|
|
}
|