2023-01-25 11:48:44 +00:00
|
|
|
/*
|
|
|
|
|
2023-09-17 19:51:08 +00:00
|
|
|
Name: https://matrix.fandom.com/wiki/Agent_Jones
|
|
|
|
Type: Physical
|
|
|
|
Hardware: PowerEdge r210
|
|
|
|
From: 2011 (?)
|
|
|
|
Role: Firewall
|
|
|
|
Notes: Used to have Agent Smith as a partner but it died (Ironically)
|
2023-01-25 11:48:44 +00:00
|
|
|
*/
|
2023-09-17 19:51:08 +00:00
|
|
|
{
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
nodes,
|
|
|
|
...
|
|
|
|
}: let
|
2023-01-25 11:48:44 +00:00
|
|
|
# name of the server, sets teh hostname and record for it
|
2023-09-17 19:51:08 +00:00
|
|
|
name = "agentjones";
|
|
|
|
ip_pub = "193.1.99.72";
|
|
|
|
ip_priv = "193.1.99.125";
|
|
|
|
hostname = "${name}.skynet.ie";
|
2023-01-25 11:48:44 +00:00
|
|
|
in {
|
|
|
|
imports = [
|
2023-07-08 08:16:38 +00:00
|
|
|
./hardware/_base.nix
|
2023-02-24 11:30:08 +00:00
|
|
|
./hardware/RM001.nix
|
2023-01-25 11:48:44 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
deployment = {
|
|
|
|
targetHost = hostname;
|
|
|
|
targetPort = 22;
|
2023-09-30 22:18:14 +00:00
|
|
|
targetUser = null;
|
2023-04-20 13:09:36 +00:00
|
|
|
|
2023-07-26 23:17:47 +00:00
|
|
|
# somehow ssh from runner to this fails
|
2023-09-17 19:51:08 +00:00
|
|
|
tags = ["active-firewall"];
|
2023-01-25 11:48:44 +00:00
|
|
|
};
|
|
|
|
|
2023-07-16 00:53:21 +00:00
|
|
|
skynet_dns.records = [
|
2023-09-17 19:51:08 +00:00
|
|
|
{
|
|
|
|
record = name;
|
|
|
|
r_type = "A";
|
|
|
|
value = ip_pub;
|
|
|
|
server = true;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
record = ip_pub;
|
|
|
|
r_type = "PTR";
|
|
|
|
value = hostname;
|
|
|
|
}
|
2023-07-16 00:53:21 +00:00
|
|
|
];
|
2023-01-25 11:48:44 +00:00
|
|
|
|
2023-07-15 14:05:57 +00:00
|
|
|
services.skynet_backup = {
|
|
|
|
host = {
|
|
|
|
ip = ip_pub;
|
|
|
|
name = name;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-01-25 13:14:11 +00:00
|
|
|
# keep the wired usb connection alive (front panel)
|
|
|
|
networking.interfaces.enp0s29u1u5u2.useDHCP = true;
|
|
|
|
|
2023-01-25 11:48:44 +00:00
|
|
|
networking.hostName = name;
|
|
|
|
# this has to be defined for any physical servers
|
|
|
|
# vms are defined by teh vm host
|
|
|
|
networking.interfaces = {
|
2023-06-24 14:41:31 +00:00
|
|
|
eno2 = {
|
2023-01-25 11:48:44 +00:00
|
|
|
ipv4.addresses = [
|
|
|
|
{
|
2023-07-04 21:26:47 +00:00
|
|
|
address = ip_pub;
|
2023-01-25 11:48:44 +00:00
|
|
|
prefixLength = 26;
|
|
|
|
}
|
2023-05-10 10:40:28 +00:00
|
|
|
];
|
|
|
|
};
|
2023-06-24 14:41:31 +00:00
|
|
|
eno1 = {
|
2023-05-10 10:40:28 +00:00
|
|
|
#useDHCP = false;
|
|
|
|
ipv4.addresses = [
|
2023-01-25 13:14:11 +00:00
|
|
|
{
|
2023-03-15 12:34:17 +00:00
|
|
|
# internal address
|
2023-07-04 21:26:47 +00:00
|
|
|
address = ip_priv;
|
2023-05-10 10:40:28 +00:00
|
|
|
prefixLength = 26;
|
2023-01-25 13:14:11 +00:00
|
|
|
}
|
2023-01-25 11:48:44 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# this server is teh firewall
|
|
|
|
skynet_firewall = {
|
|
|
|
# always good to know oneself
|
|
|
|
|
|
|
|
own = {
|
|
|
|
ip = ip_pub;
|
|
|
|
|
|
|
|
ports = {
|
|
|
|
tcp = [
|
|
|
|
# ssh in
|
|
|
|
22
|
|
|
|
];
|
|
|
|
udp = [];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
# gonna have to get all the
|
|
|
|
forward = builtins.concatLists (
|
|
|
|
# using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
|
2023-09-17 19:51:08 +00:00
|
|
|
lib.attrsets.mapAttrsToList (
|
|
|
|
key: value:
|
2023-01-25 11:48:44 +00:00
|
|
|
# make sure that anything running this firewall dosent count (recursion otherewise)
|
|
|
|
# firewall may want to open ports in itself but can deal with that later
|
2023-09-17 19:51:08 +00:00
|
|
|
if builtins.hasAttr "skynet_firewall" value.config
|
|
|
|
then
|
|
|
|
(
|
|
|
|
if value.config.skynet_firewall.enable
|
|
|
|
then []
|
|
|
|
else value.config.skynet_firewall.forward
|
|
|
|
)
|
|
|
|
else []
|
|
|
|
)
|
|
|
|
nodes
|
2023-01-25 11:48:44 +00:00
|
|
|
);
|
|
|
|
};
|
|
|
|
}
|