Merge branch 'main' of https://gitlab.skynet.ie/compsoc/skynet/nixos

applications/dns.nix

@@ -7,8 +7,7 @@ let
 
   # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
   get_config_file = (domain:
-    ''
-    $TTL 60  ; 1 minute
+''$TTL 60  ; 1 minute
 ; hostmaster@${domain} is an email address that recieves stuff related to dns
 @ IN SOA ${cfg.own.nameserver}.${domain}. hostmaster.${domain}. (
    ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
@@ -59,8 +58,7 @@ let
     # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse
     # config for our reverse dnspointers (not properly working)
     get_config_file_rev = (domain:
-      ''
-      $ORIGIN 99.1.193.in-addr.arpa.
+''$ORIGIN 99.1.193.in-addr.arpa.
 $TTL 60  ; 1 minute
 ; hostmaster@skynet.ie is an email address that recieves stuff related to dns
 @ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. (
@@ -81,8 +79,7 @@ let
 
     # domains we dont have proper ownship over, only here to ensure the logs dont get cluttered.
     get_config_file_old_domains = (domain:
-      ''
-      $TTL 60  ; 1 minute
+''$TTL 60  ; 1 minute
 ; hostmaster@skynet.ie is an email address that recieves stuff related to dns
 @ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. (
    ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated

applications/ldap_client.nix

@@ -78,8 +78,6 @@
 
       config = ''
 [domain/skynet.ie]
-        #debug_level = 4
-
 id_provider = ldap
 auth_provider = ldap
 sudo_provider = ldap

machines/_base.nix

@@ -12,6 +12,9 @@
 
     # every server needs teh ldap client for admins
     ../applications/ldap_client.nix
+
+    # every server will need the config to backup to
+    ../applications/restic.nix
   ];
 
   # flakes are essensial

machines/agentjones.nix

@@ -19,6 +19,7 @@ let
 
 in {
   imports = [
+    ./hardware/_base.nix
     ./hardware/RM001.nix
   ];
 
@@ -47,7 +48,7 @@ in {
   # this has to be defined for any physical servers
   # vms are defined by teh vm host
   networking.interfaces = {
-    eno1 = {
+    eno2 = {
       ipv4.addresses = [
         {
           address = ip_pub;
@@ -55,7 +56,7 @@ in {
         }
       ];
     };
-    eno2 = {
+    eno1 = {
       #useDHCP = false;
       ipv4.addresses = [
         {

machines/glados.nix

@@ -29,7 +29,7 @@ in {
     targetPort = 22;
     targetUser = "root";
 
-    tags = [ "active" ];
+    tags = [ "active-gitlab" ];
   };
 
 

machines/hardware/_base.nix

@@ -0,0 +1,17 @@
+{ config, options, lib, ... }: with lib;
+let
+  # get a list of interfaces
+  interfaces = attrNames config.networking.interfaces;
+  # check if an IP has been assigned
+  has_ip = interface: (length config.networking.interfaces."${interface}".ipv4.addresses) != 0;
+in {
+  config = {
+    assertions = [
+      {
+        assertion = lists.any has_ip interfaces;
+        message = "Must have a ip address set";
+      }
+    ];
+  };
+
+}

machines/neuromancer.nix

@@ -20,8 +20,8 @@ let
 
 in {
   imports = [
+    ./hardware/_base.nix
     ./hardware/RM007.nix
-    ../applications/restic.nix
   ];
 
 

machines/vendetta.nix

@@ -22,7 +22,7 @@ let
   ns = "ns1";
 in {
   imports = [
-    # the physical hardware for this
+    ./hardware/_base.nix
     ./hardware/RM002.nix
   ];
 

machines/wheatly.nix

@@ -28,7 +28,7 @@ in {
     targetPort = 22;
     targetUser = "root";
 
-    tags = [ "active" ];
+    tags = [ "active-gitlab" ];
   };
 
 

secrets/secrets.nix

@@ -28,7 +28,7 @@ let
 
   gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir";
 
-  neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFozqR8f8DN7/DLUQV4o290n3UZ75fSEdgVlSwzyza/N root@neuromancer";
+  neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7NRDOGzSO4XVEezMS/9pI3chKbOH0fw2aikLRvea2P root@neuromancer";
 
   systems = [
     agentjones