nixos/machines/agentjones.nix

122 lines
2.4 KiB
Nix
Raw Normal View History

2023-01-25 11:48:44 +00:00
/*
Name: https://matrix.fandom.com/wiki/Agent_Jones
Type: Physical
Hardware: PowerEdge r210
From: 2011 (?)
Role: Firewall
Notes: Used to have Agent Smith as a partner but it died (Ironically)
2023-01-25 11:48:44 +00:00
*/
{
pkgs,
lib,
nodes,
...
}: let
2023-01-25 11:48:44 +00:00
# name of the server, sets teh hostname and record for it
name = "agentjones";
ip_pub = "193.1.99.72";
ip_priv = "193.1.99.125";
hostname = "${name}.skynet.ie";
2023-01-25 11:48:44 +00:00
in {
imports = [
./hardware/_base.nix
./hardware/RM001.nix
2023-01-25 11:48:44 +00:00
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = null;
2023-04-20 13:09:36 +00:00
# somehow ssh from runner to this fails
tags = ["active-firewall"];
2023-01-25 11:48:44 +00:00
};
skynet_dns.records = [
{
record = name;
r_type = "A";
value = ip_pub;
server = true;
}
{
record = ip_pub;
r_type = "PTR";
value = hostname;
}
];
2023-01-25 11:48:44 +00:00
2023-07-15 14:05:57 +00:00
services.skynet_backup = {
host = {
ip = ip_pub;
name = name;
};
};
2023-01-25 13:14:11 +00:00
# keep the wired usb connection alive (front panel)
networking.interfaces.enp0s29u1u5u2.useDHCP = true;
2023-01-25 11:48:44 +00:00
networking.hostName = name;
# this has to be defined for any physical servers
# vms are defined by teh vm host
networking.interfaces = {
2023-06-24 14:41:31 +00:00
eno2 = {
2023-01-25 11:48:44 +00:00
ipv4.addresses = [
{
address = ip_pub;
2023-01-25 11:48:44 +00:00
prefixLength = 26;
}
];
};
2023-06-24 14:41:31 +00:00
eno1 = {
#useDHCP = false;
ipv4.addresses = [
2023-01-25 13:14:11 +00:00
{
# internal address
address = ip_priv;
prefixLength = 26;
2023-01-25 13:14:11 +00:00
}
2023-01-25 11:48:44 +00:00
];
};
};
# this server is teh firewall
skynet_firewall = {
# always good to know oneself
own = {
ip = ip_pub;
ports = {
tcp = [
# ssh in
22
];
udp = [];
};
};
enable = true;
# gonna have to get all the
forward = builtins.concatLists (
# using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
lib.attrsets.mapAttrsToList (
key: value:
2023-01-25 11:48:44 +00:00
# make sure that anything running this firewall dosent count (recursion otherewise)
# firewall may want to open ports in itself but can deal with that later
if builtins.hasAttr "skynet_firewall" value.config
then
(
if value.config.skynet_firewall.enable
then []
else value.config.skynet_firewall.forward
)
else []
)
nodes
2023-01-25 11:48:44 +00:00
);
};
}