From c756a1d03e0e3ad4c880227f446ce996cd5bfad4 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Sat, 24 Jun 2023 15:41:31 +0100
Subject: [PATCH 1/6] fix: got jones back working again

---
 applications/ldap_client.nix | 48 +++++++++++++++++-------------------
 machines/agentjones.nix      |  4 +--
 2 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/applications/ldap_client.nix b/applications/ldap_client.nix
index 5d81926..395f5ae 100644
--- a/applications/ldap_client.nix
+++ b/applications/ldap_client.nix
@@ -77,41 +77,39 @@
       sshAuthorizedKeysIntegration = true;
 
       config = ''
-        [domain/skynet.ie]
-        #debug_level = 4
+[domain/skynet.ie]
+id_provider = ldap
+auth_provider = ldap
+sudo_provider = ldap
 
-        id_provider = ldap
-        auth_provider = ldap
-        sudo_provider = ldap
+ldap_uri = ldaps://${cfg.address}:636
 
-        ldap_uri = ldaps://${cfg.address}:636
+ldap_search_base = ${cfg.base}
+# thank ye https://medium.com/techish-cloud/linux-user-ssh-authentication-with-sssd-ldap-without-joining-domain-9151396d967d
+ldap_user_search_base = ou=users,${cfg.base}?sub?(|${create_filter cfg.groups})
+ldap_group_search_base = ou=groups,${cfg.base}
+ldap_sudo_search_base = cn=skynet-admins-linux,ou=groups,${cfg.base}
 
-        ldap_search_base = ${cfg.base}
-        # thank ye https://medium.com/techish-cloud/linux-user-ssh-authentication-with-sssd-ldap-without-joining-domain-9151396d967d
-        ldap_user_search_base = ou=users,${cfg.base}?sub?(|${create_filter cfg.groups})
-        ldap_group_search_base = ou=groups,${cfg.base}
-        ldap_sudo_search_base = cn=skynet-admins-linux,ou=groups,${cfg.base}
+ldap_group_nesting_level = 5
 
-        ldap_group_nesting_level = 5
+cache_credentials = false
+entry_cache_timeout = 1
 
-        cache_credentials = false
-        entry_cache_timeout = 1
+ldap_user_member_of = skMemberOf
 
-        ldap_user_member_of = skMemberOf
+[sssd]
+config_file_version = 2
+services = nss, pam, sudo, ssh
+domains = skynet.ie
 
-        [sssd]
-        config_file_version = 2
-        services = nss, pam, sudo, ssh
-        domains = skynet.ie
+[nss]
+# override_homedir = /home/%u
 
-        [nss]
-        # override_homedir = /home/%u
+[pam]
 
-        [pam]
+[sudo]
 
-        [sudo]
-
-        [autofs]
+[autofs]
       '';
     };
 
diff --git a/machines/agentjones.nix b/machines/agentjones.nix
index 9ea8494..8a6d46f 100644
--- a/machines/agentjones.nix
+++ b/machines/agentjones.nix
@@ -47,7 +47,7 @@ in {
   # this has to be defined for any physical servers
   # vms are defined by teh vm host
   networking.interfaces = {
-    eno1 = {
+    eno2 = {
       ipv4.addresses = [
         {
           address = "193.1.99.72";
@@ -55,7 +55,7 @@ in {
         }
       ];
     };
-    eno2 = {
+    eno1 = {
       #useDHCP = false;
       ipv4.addresses = [
         {

From 378973060acab60d84a1e5eb32c248cf122b0b46 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Fri, 7 Jul 2023 12:17:37 +0100
Subject: [PATCH 2/6] backup: got the first backup server running properly

---
 secrets/backup/restic.age    | Bin 1839 -> 1872 bytes
 secrets/backup/restic_pw.age | Bin 699 -> 651 bytes
 secrets/secrets.nix          |   2 +-
 3 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age
index d2ee7507f2dbc3471d596e4c3a8c891569891af3..ff1ec0b483b4a8931c34a515f7914dee10166143 100644
GIT binary patch
literal 1872
zcmZY9P3Yuy9mjEt+QZ;M)M}3r1cmXxd6=2ZL_|scljlh?d4AAKo+ioUIhj0qDe9@q
zBFHM(Lr)?F54(zW6>1T+xRjy?=^~<tx`Nn~h!*kU;_<)N-{r*{zMr2Pg;!zWH&b;<
z%HmepL|_juu098}ZG065$Yuj$fB{#7hy&LMzDm=ShV2@nEJ5e?Aif1DnwC!_=^k45
z!lB%b+qSc?Xo*OsdJQYjWB?B2(cSbRNHm_!ukv`qHE|}ZGr4qiw!Nt}?2z>XaM+$D
zNl}}=N=dC)%VNxSXjxErTT4USXgfk3Glt)$aJmpv+ccdqAY{(*b*qsOB))E=JR(L|
zBQHM49j2hD%9_+~YV|JUq6m;7Xgn;FV^^4zn$j#pnydYBeO@a$&VVrO7zHN!^0i5@
zi%r6d8+k6Ka~-sCP90h;M_95?3)-;lc&W=QwYI0NX!tiZ?|7=$5kQ@1N1esc3a2jZ
z?eoe2Jy;Xj6iMfxM~KQOaHVwvDNh%0Ec2;D8HkYar&%tAL16`@UmgX$>;uqBJ%ihu
z>yh?%H?<?2WSk6~4K%z&vn|%p*^QDuN0Zi>LhUSx7jxW|jW?$>x89r(dm(a+UZ;uV
zW1VCo<3(k=qcyAuMzS+yz8qP`4VZ1)4+wcvtB8Qh2cX9WW^+m|CM!6@{)BGv6JElW
z$=O;h@~u2a+B%2IL`-%IwAA`xCyzWf&ETQq)KjzCGikN9cF+Y<=fqhbD(O@z`=_)X
zu^|ixERewuY^RTj>Fwyr=_0BYguXTnX0zA1HOG=5UgmyO2#Xp!b77k%T}5t%j&~d6
zcxv_;Dl;i9h?8o?HJvebK|1BlHcM@AbO30#8bKJD7zDmH{0hhL7OWsKotq2`nb8WQ
z<6&(DlcCCss-Y8QISB~8Ya=jl7@|ick037DDWMD8(do#r%II+DpK9A1vzkNzCR($E
z;|-^c*NwXg9o}KuTx7&vmm6nU&1d0|p%;=hqD79MiSWb|`lyTQsMst;`@$wR7$?rd
zWbDr8X~i;deb%6xZJjd{s|bjULN$EdkkY;1r~clyH}t&Jc?kjgO<#FNKOC>E34_OB
z5nYaBs|Eq2$DYsITSwp~^R$yXNhT9ss})q`Rx4Q6CHbZ{^(y8KK-8c5Re~4})HS;I
zWa_3Ub+|FCd`)4NMW9MBu~9Q6!~F#$*BQ}jpqsmcUi<Puw>3LE9Cpm&C<<fS@+vT?
ztHb=%-q;xzY8=>8O*b13tgYKD=S*LKDh%HZZhrQ}9YqDIi7JO?-|ZlKp$%5ab5V^F
zK|W|>T8>p!Y`L09aa6&S$t|Qj<Db0hPqi@~lvFZc%+p{pprsd)a6xBNH`Y*pjFbMj
zBS4cI1WR=z$bqU^Ud+?d6j4yI)wJ=@WpP342%lt=VRG#fU@A&0u|QLZ%|CS|Ie%Uz
z0{|{-m4HrI7`wF+JKMIY$t+j#V#{LHCT7yeB<(S^N8MjUdW0I##z33%k}@q^P$Yx|
zt^LvL@O|xgq6Eeroy&*u|81X@f~3BRn$T@SfTVq(;y*pw)+cSCPTfx-77i`!!-ds_
zdXE#}I=Q~)ou;rTnAC&}X##lY);TkU#=Z*`lB?aE_s}&O;+I+E4?8S-@?%|H0p*j4
zQ_dWiz3or-F=+IbDzTU{BSBF)ChXGy9hWECr`8Ma{_kH{d?5Wu@XCk(`s`o2TlfC-
z&Wp^?-hSricmDRh$1M1z```WY*WUZ+<9~R41?|7{uMgd-ZvXJnSC=2OAOHKc+h4i&
z8}ak>gV()3zVzI~cirdj-udaPZyFEZe)%(>c=u!9{(A7EZ{8uk|G>Zdjc?%(qUV15
zngqV^>g`|s=hy$8fAaA07ykUqAD<5Yc+ZP({oti{-hAWl|2$tl`o8yLZ#??qGcVt|
P`rZBLmAm)CXMgcOcaVPP

literal 1839
zcmZY8$?Nn60mgBtw$Ql<Qmm+8pwi3mGkYevh?(sBHkl-IvDqfGWZxzUdU`J&yIn+4
z5s{u1dwDN~qNUK26v}JGi=qft?LpLwSg+H+;KP@PC(P1^w2a%i?$1^E^{UOl5nerf
z1L(TbLz*Bs4pYD$u5UUG?5NE4mHGl==}l5Reiwo#Da61i*t3o|W6|JONl3MhldZC~
zoD60is!kM!DY<soC69eOBXmsA>1$ELm~~j!OhiccS}Wc1@djk|;e0aGT-Y9C>zafe
zsi|d==yaL)gOsmvSsAk=%jM;^8UwWxCm~zZ`~dTfZkav^Vp=A21hhtig+r-y>mWAa
zeoAY|RL(MhWyai6lua+<*ZkPAo`B*I7kg1F4wYFoX$PH?A>LUzwi<Qj(i(oL&RXGa
zG%P<@V7f7_!?4Yfibcf<>}l5^$br6Zi_Bw#WkBT(0;X;7V5>6x#gK~-luX{Pt57iw
zY^e_5jKi>3Mvk_EI++hS3CHwKjLz_+XPUy=UQ6aPWs~HtBq7zOiO`U_d(DK;xoiRT
z4y&oGrc_=Vv_yuKvn)$pttzm+kg=Yb3fj)_Wj0Z3g)m~HS!y86`~`v<1C`_AXlJV1
zo7;}&H^Bw(r)x#XEOxKe+e9vI0Pa?>G$ZGm85_4vF}h9<VxcG7E=Shss9V>u)JP(y
zr|Sw{%DEY+I4WjKSKZTkk5`&>oVd-!$>P0nWIE9hZ2dx3_u7aA5JdyhXgJzl&eDoP
z*jQ2fo)RzKcxn+A9->*lQdqcK81D$*R^8xesu6Bx*rtsgSc<1@*}?2Yv~9j`NQpmL
ziO>}bsFU}a@3b^=14<|vS)_IBsVtq0ULdF6;Yi;KK?Ldpvng5;Z6X_&%5KH*PJHxz
zEsU9U32wq`Yx@4S(rRrfhd^<Oa(z5*LX_WsYBzSjIOhy7-Kpp<Q618Xs4H;XatVDn
zj)c$+ItRvQgXt`g%Lw#xT}@jI?8E9pZ7+RM6XV=qaeUS1T`3Qv<-1-!VhGt9BVygR
z4ToimW`L-bR6A@MAKXM4u~=w|8K#%@5_!dvd~H(Pp-D{MrFd;sNp?Q-SZrbgNcG9+
zH&OY?f_p*6ZNK1Vg>1<Sq|HWnz1QZ^p`sfQz_B+)=fw@N++$OXB@<{-oo*k4aJX++
z@f62V6NQAst$d;?5N<e;fhqKiYSM_~1(6Ihnr{Wsnv#U&xDREt)!lndT4=4IftV$#
zoKtX%7@4a<ZLI1jmDO?<X#%!Db7Q)*q>u`3BGpRr3l>t?MA2(Qwbv5twHHfYpB&s!
zxK<MV)@N%iizqF-*Te`q*A_r!&SYZDbl@N}8|}l|bxmbDS)8ox1qhw?I+)@UToI>W
zMPg?Q+X~*KrCPW~sVs{+3ehfWbrW_~y-zN_9>nm}Ro%T-XIkxN01_9t#4|k#?aN4U
zXNrRJX(!u(t{&$B^=fM~Vhl(arM0?RJQ8@w;Rc1rvmC6!U3oewSJrV5g4oVNflNJ$
zElgfP|JPo6$l5gQ($yAqLaL!@`(WaY0O$6skx?Tq$fY`Jp|Tuz@B!5`*kr_rk;zs`
z^nwpMboKD?0Gu>mxOooWUqbFg+FELA>#Q7E9_*YnM9TFrP-64RD+Orv>g(_`kG=(b
z^zxIxiQj(j$J>wJ`1hkXo_+a)KkW%l`1|9x-v6BT_DgU5>>0ZM;}4xDpRs@+y=nhL
zd;fXq?XPjnZ=Zd7{wDCRSD*Xq;ptaC`25e?(fIFIKQedqd!G5le}4H(PX}LlYWIsL
zKl$^!pG6=4<}c}szjJ@};YZZF&=dZ3Nche>U-*9UoOAy8_v5c$c>KzDe~JCnec{FL
Vz4_=rx94A*pGyA_|KOe1{s)0dVJ-jw

diff --git a/secrets/backup/restic_pw.age b/secrets/backup/restic_pw.age
index 09724783b3bc0d882fd984eb16aa8ffd00e4660a..cf3301bc4b456201a33f1eb5edb82f0fff70489d 100644
GIT binary patch
literal 651
zcmZ9|yNlCs003Y)IFQ_W;F?hkHSe}r#O9jj@k`P)>7~~wN-y~}ZC-7YG;MBhQ-tF<
zIBrsKIb7rxK~Q`kxaf(m$<bACa1tjKb-lmfgKyx&3QXLzoaW<6a&eOSctIkSOK6sj
zD$t`?mgG>IoG$bRDzpYbVP*?ERsmd2!uDLQ>dhP~*c{M$%`2z<61PM<q<us*1dbi_
z)o!+pDbSXxByR^$^2Zz?^>(Bf#GL4D@Qj*wPHU;Wh>8Uoivq9K04)qci85$HGqR4A
z8#7a9sWxwDCfBwA<}4v4BdSMHbj#Po;oOo6UhQRb$02(g4I_b}?vP;I=(jM&t|jtm
zZB~bh@1tS8WH`r&U>4KM25x}{VPpa9M`aa<Ubk)~8a*u7CfCgngH5`r4@OM4;h5}J
z6L*2)l49&J6u+Zj_zvD_=YA@cYIa(SL4b`HXtY>vb_0TTbU!SkabcQuvfyVR(lW_Y
zt*vFd=~7<NniCm<d&Q)bQmx0T@u<X-L;*tXE^~pDoqPmT(Qaz>8aJXN?Z2k)1irg9
ztN1A#WDvd4M<&zZOlF2dj1L4W=!51!;+=o%l?u8bfS2fLM{3MXd!$>gxlOdiX;{?>
z&JB{WD#%1j)VD*EK|XxCxBUM5=-Cg%d3t8Gb@=A-$>!d<Cr7V0R=!gE$jz8ufB*dM
zpTXMMhbQN6UA_JJqqbhNzx+DbopxSjZ+8!(J)WsD@uMrp*AMR>ukHWbt6W%pckRVx
LB);?V!MBya`hMO$

literal 699
zcmZY4yNlCs003Zdy9|dMs5qIu_R=K3w2gz1XPZaUq-k<#1ffmZ^pRK7JnJY3qJs!J
zx`@lcfg-2~E-rH5aKmlRiVkkh;<=uG!N)iDruAv)BvqU)qHsS-JS0b<`Ym{~nb)T-
zMi3|on`m4p6znQ<hE793Gb|Q~&7O#lq)uvu<UETUWQDC|)Z|??a4iZV8o6)kcILYr
zGjCxiF_AOP+EO)F*A1!Gt<j>g?K2+HUY*wxq44tpmi)Me42=LaVhI>amBzD$n>TPP
z^$)bQ7?M)8wlQI>bqvTPQ(R(4{I+T*a-ek92w+LXR@ByVA$VzKS{pxci*OA7)7I^&
z=y~v<mNI>fwpIt2sjF^4Dh;O_3fwp=@*a>4N8m(?a+b*1&F>bK6v?GSa_N${%~bGt
zwUGO0o`8(#ZcN+=FuqlwJUD-gy<Tj2a84sb)iyG`YsAz<8xAS4?Bzo-nP_WZI#!2Q
zhkmPR1Ui6Fpt|G&6~=jmXMhGoNP4k^*(TW@d8JsEo1Roe9VMAK|1>E#>s~S)Z>BH}
z&6<lDMh24#pYiN$#CL}?gb=w7u^q5cQ)yuQTyI)o86FU*sB%Wn)V%@;>@3TCmX$k@
z9)(d-l^91s^?Ds9r*!J}Z9y8i^9INV4SKa1#H63kmdH9?poy*YYz{0YXLIIh`lDMM
zzu)`14_<$1{ATWb<DtWAcfJ>Uw<Ybt{ax|8RC$NSiw{3nSKjq^o}awbqi5LFkJ?R>
pbe|mU9$!{hpDw<2UOi0i&heu^Cp)Kyk1k#K_4v)_Q}4!7{0nNI>tz4{

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 5d9de0f..af1cbd3 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -28,7 +28,7 @@ let
 
   gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir";
 
-  neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFozqR8f8DN7/DLUQV4o290n3UZ75fSEdgVlSwzyza/N root@neuromancer";
+  neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7NRDOGzSO4XVEezMS/9pI3chKbOH0fw2aikLRvea2P root@neuromancer";
 
   systems = [
     agentjones

From 8b09e7962be5bb16c9f1a8a377af959917b47ee8 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Sat, 8 Jul 2023 09:16:38 +0100
Subject: [PATCH 3/6] test: added a test for physical servers.

They wont be built/deployed now without an ip assigned.

See the "fun" over here https://discord.com/channels/689189992417067052/1118476661604765746/1125914392102445220
---
 machines/agentjones.nix     |  1 +
 machines/hardware/_base.nix | 17 +++++++++++++++++
 machines/neuromancer.nix    |  1 +
 machines/vendetta.nix       |  2 +-
 4 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 machines/hardware/_base.nix

diff --git a/machines/agentjones.nix b/machines/agentjones.nix
index c2e52eb..19cae98 100644
--- a/machines/agentjones.nix
+++ b/machines/agentjones.nix
@@ -19,6 +19,7 @@ let
 
 in {
   imports = [
+    ./hardware/_base.nix
     ./hardware/RM001.nix
   ];
 
diff --git a/machines/hardware/_base.nix b/machines/hardware/_base.nix
new file mode 100644
index 0000000..ed7ec20
--- /dev/null
+++ b/machines/hardware/_base.nix
@@ -0,0 +1,17 @@
+{ config, options, lib, ... }: with lib;
+let
+  # get a list of interfaces
+  interfaces = attrNames config.networking.interfaces;
+  # check if an IP has been assigned
+  has_ip = interface: (length config.networking.interfaces."${interface}".ipv4.addresses) != 0;
+in {
+  config = {
+    assertions = [
+      {
+        assertion = lists.any has_ip interfaces;
+        message = "Must have a ip address set";
+      }
+    ];
+  };
+
+}
\ No newline at end of file
diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix
index fa23d4d..69bffbd 100644
--- a/machines/neuromancer.nix
+++ b/machines/neuromancer.nix
@@ -20,6 +20,7 @@ let
 
 in {
   imports = [
+    ./hardware/_base.nix
     ./hardware/RM007.nix
     ../applications/restic.nix
   ];
diff --git a/machines/vendetta.nix b/machines/vendetta.nix
index b506e2b..f0afe73 100644
--- a/machines/vendetta.nix
+++ b/machines/vendetta.nix
@@ -22,7 +22,7 @@ let
   ns = "ns1";
 in {
   imports = [
-    # the physical hardware for this
+    ./hardware/_base.nix
     ./hardware/RM002.nix
   ];
 

From 60ec19284dd977a340e2d4374369048b98ee9ee9 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Sat, 8 Jul 2023 09:47:13 +0100
Subject: [PATCH 4/6] backup: put the backup on every machine

---
 machines/_base.nix       | 3 +++
 machines/neuromancer.nix | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/machines/_base.nix b/machines/_base.nix
index 75af035..7f63535 100644
--- a/machines/_base.nix
+++ b/machines/_base.nix
@@ -12,6 +12,9 @@
 
     # every server needs teh ldap client for admins
     ../applications/ldap_client.nix
+
+    # every server will need the config to backup to
+    ../applications/restic.nix
   ];
 
   # flakes are essensial
diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix
index 69bffbd..8c3dba8 100644
--- a/machines/neuromancer.nix
+++ b/machines/neuromancer.nix
@@ -22,7 +22,6 @@ in {
   imports = [
     ./hardware/_base.nix
     ./hardware/RM007.nix
-    ../applications/restic.nix
   ];
 
 

From 6cb3fcf409b29ffe6c926c4a19a7ed94139d68e3 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Sat, 8 Jul 2023 10:27:30 +0100
Subject: [PATCH 5/6] dns: remove leading spaces

---
 applications/dns.nix | 143 +++++++++++++++++++++----------------------
 1 file changed, 70 insertions(+), 73 deletions(-)

diff --git a/applications/dns.nix b/applications/dns.nix
index 52daaec..96fe4b5 100644
--- a/applications/dns.nix
+++ b/applications/dns.nix
@@ -7,96 +7,93 @@ let
 
   # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
   get_config_file = (domain:
-    ''
-    $TTL 60  ; 1 minute
-    ; hostmaster@${domain} is an email address that recieves stuff related to dns
-    @ IN SOA ${cfg.own.nameserver}.${domain}. hostmaster.${domain}. (
-       ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
-       ${current_date}
-       600        ; Refresh (10 minutes)
-       300        ; Retry   (5 minutes)
-       604800     ; Expire  (1 week)
-       3600       ; Minimum (1 hour)
-      )
+''$TTL 60  ; 1 minute
+; hostmaster@${domain} is an email address that recieves stuff related to dns
+@ IN SOA ${cfg.own.nameserver}.${domain}. hostmaster.${domain}. (
+   ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
+   ${current_date}
+   600        ; Refresh (10 minutes)
+   300        ; Retry   (5 minutes)
+   604800     ; Expire  (1 week)
+   3600       ; Minimum (1 hour)
+  )
 
-    @ NS  ns1.${domain}.
-    @ NS  ns2.${domain}.
-      ; @ stands for teh root domain so teh A record below is where ${domain} points to
-    ;@ A   193.1.99.76
-    ;@ MX  5 ${domain}.
+@ NS  ns1.${domain}.
+@ NS  ns2.${domain}.
+  ; @ stands for teh root domain so teh A record below is where ${domain} points to
+;@ A   193.1.99.76
+;@ MX  5 ${domain}.
 
-    ; can have multiple mailserves
-    @ MX  10 mail.${domain}.
+; can have multiple mailserves
+@ MX  10 mail.${domain}.
 
 
-    ; ------------------------------------------
-    ; Server Names
-    ; ------------------------------------------
+; ------------------------------------------
+; Server Names
+; ------------------------------------------
 
-    ; External addresses
-    ; ------------------------------------------
-    ${lib.strings.concatMapStrings (x: x + "\n") cfg.records.external}
+; External addresses
+; ------------------------------------------
+${lib.strings.concatMapStrings (x: x + "\n") cfg.records.external}
 
 
-    ; this is fixed for now
-    wintermute      A       193.1.101.148
+; this is fixed for now
+wintermute      A       193.1.101.148
 
 
-    ; internal addresses
-    ; ------------------------------------------
-    ; May come back to this idea in teh future
-    ; agentjones.int  A       172.20.20.1
+; internal addresses
+; ------------------------------------------
+; May come back to this idea in teh future
+; agentjones.int  A       172.20.20.1
 
 
-    ; cname's
-    ; ------------------------------------------
-    ${lib.strings.concatMapStrings (x: x + "\n") cfg.records.cname}
+; cname's
+; ------------------------------------------
+${lib.strings.concatMapStrings (x: x + "\n") cfg.records.cname}
 
-    ''
+''
   );
 
 
     # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse
     # config for our reverse dnspointers (not properly working)
     get_config_file_rev = (domain:
-      ''
-      $ORIGIN 99.1.193.in-addr.arpa.
-      $TTL 60  ; 1 minute
-      ; hostmaster@skynet.ie is an email address that recieves stuff related to dns
-      @ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. (
-         ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
-         ${current_date}
-         600        ; Refresh (10 minutes)
-         300        ; Retry   (5 minutes)
-         604800     ; Expire  (1 week)
-         3600       ; Minimum (1 hour)
-        )
+''$ORIGIN 99.1.193.in-addr.arpa.
+$TTL 60  ; 1 minute
+; hostmaster@skynet.ie is an email address that recieves stuff related to dns
+@ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. (
+   ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
+   ${current_date}
+   600        ; Refresh (10 minutes)
+   300        ; Retry   (5 minutes)
+   604800     ; Expire  (1 week)
+   3600       ; Minimum (1 hour)
+  )
 
-      @ NS  ns1.skynet.ie.
-      @ NS  ns2.skynet.ie.
+@ NS  ns1.skynet.ie.
+@ NS  ns2.skynet.ie.
 
-      ${lib.strings.concatMapStrings (x: x + "\n") cfg.records.reverse}
-      ''
+${lib.strings.concatMapStrings (x: x + "\n") cfg.records.reverse}
+''
     );
 
     # domains we dont have proper ownship over, only here to ensure the logs dont get cluttered.
     get_config_file_old_domains = (domain:
-      ''
-      $TTL 60  ; 1 minute
-      ; hostmaster@skynet.ie is an email address that recieves stuff related to dns
-      @ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. (
-         ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
-         ${current_date}
-         600        ; Refresh (10 minutes)
-         300        ; Retry   (5 minutes)
-         604800     ; Expire  (1 week)
-         3600       ; Minimum (1 hour)
-        )
+''$TTL 60  ; 1 minute
+; hostmaster@skynet.ie is an email address that recieves stuff related to dns
+@ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. (
+   ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
+   ${current_date}
+   600        ; Refresh (10 minutes)
+   300        ; Retry   (5 minutes)
+   604800     ; Expire  (1 week)
+   3600       ; Minimum (1 hour)
+  )
 
-      @ NS  ns1.skynet.ie.
-      @ NS  ns2.skynet.ie.
+@ NS  ns1.skynet.ie.
+@ NS  ns2.skynet.ie.
 
-      ''
+''
     );
 
   # arrys  of teh two nameservers
@@ -156,10 +153,10 @@ let
   create_entry_zone = (domain: extraConfig: {
      "${domain}" = {
        extraConfig = ''
-         ${extraConfig}
-         // for bumping the config
-         // ${current_date}
-         '';
+${extraConfig}
+// for bumping the config
+// ${current_date}
+'';
        # really wish teh nixos config didnt use master/slave
        master = cfg.primary;
        masters = primaries;
@@ -180,12 +177,12 @@ let
   extraConfig = {
     owned =
       if cfg.primary then
-        ''
-        allow-update { key rfc2136key.skynet.ie.; };
+''
+allow-update { key rfc2136key.skynet.ie.; };
 
-        dnssec-policy default;
-        inline-signing yes;
-        ''
+dnssec-policy default;
+inline-signing yes;
+''
       else
         "";
 

From 31d92455f91e6920adee8089708635b09dbb9bc8 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Sat, 8 Jul 2023 10:28:58 +0100
Subject: [PATCH 6/6] gitlab: give anything related to gitlab a different
 deployment tag.

These have to be manually updated using colmera
---
 machines/glados.nix  | 2 +-
 machines/wheatly.nix | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/machines/glados.nix b/machines/glados.nix
index e0ae46b..8016a99 100644
--- a/machines/glados.nix
+++ b/machines/glados.nix
@@ -29,7 +29,7 @@ in {
     targetPort = 22;
     targetUser = "root";
 
-    tags = [ "active" ];
+    tags = [ "active-gitlab" ];
   };
 
 
diff --git a/machines/wheatly.nix b/machines/wheatly.nix
index 7d0631e..45d41f6 100644
--- a/machines/wheatly.nix
+++ b/machines/wheatly.nix
@@ -28,7 +28,7 @@ in {
     targetPort = 22;
     targetUser = "root";
 
-    tags = [ "active" ];
+    tags = [ "active-gitlab" ];
   };