Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat: enabled gitlab.skynet.ie

Browse source
This commit is contained in:
silver 2023-06-15 02:47:56 +01:00
parent 564fe272b1
commit 0411c8e18c
16 changed files with 104 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
flake.nix
View file

@ -66,6 +66,9 @@
# LDAP host # LDAP host
kitt.imports = [./machines/kitt.nix arion.nixosModules.arion]; kitt.imports = [./machines/kitt.nix arion.nixosModules.arion];
# Gitlab
glados = import ./machines/glados.nix;
}; };
}; };

58
machines/glados.nix Normal file
View file

@ -0,0 +1,58 @@
/*
Name: https://half-life.fandom.com/wiki/GLaDOS
Why: Glados has a vast experence of testing and deploying.
Type: VM
Hardware: -
From: 2023
Role: Git server
Notes: Each user has roughly 20gb os storage
20 * 100 = 2000gb
*/
{ pkgs, lib, nodes, ... }:
let
# name of the server, sets teh hostname and record for it
name = "glados";
ip_pub = "193.1.99.75";
ip_priv = "172.20.20.7";
hostname = "${name}.skynet.ie";
in {
imports = [
../applications/dns.nix
# applications for this particular server
../applications/gitlab.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
skynet_dns.records = {
external = [
"${name} A ${ip_pub}"
];
reverse = [
"${builtins.substring 9 3 ip_pub} IN PTR ${name}"
];
};
services.skynet_gitlab = {
enable = true;
host = {
# pass in teh ip (used for firewall)
ip = ip_pub;
# the name is used for dns
name = name;
};
};
}

17
machines/optimus.nix
View file

@ -23,9 +23,6 @@ in {
# applications for this particular server # applications for this particular server
../applications/dns.nix ../applications/dns.nix
../applications/games.nix ../applications/games.nix
# for testing
../applications/gitlab.nix
]; ];
deployment = { deployment = {
@ -34,7 +31,6 @@ in {
targetUser = "root"; targetUser = "root";
}; };
skynet_dns.records = { skynet_dns.records = {
external = [ external = [
"${name} A ${ip_pub}" "${name} A ${ip_pub}"
@ -55,17 +51,4 @@ in {
name = name; name = name;
}; };
}; };
services.skynet_gitlab = {
enable = true;
host = {
# pass in teh ip (used for firewall)
ip = ip_pub;
# the name is used for dns
name = name;
};
};
} }

BIN
secrets/dns_certs.secret.age
View file

Binary file not shown.

30
secrets/dns_dnskeys.conf.age
View file

@ -1,16 +1,16 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA +XdmsmDKDUcu4JbZa+GIB7bXNeijvcjPCX3cl8qtIko -> ssh-ed25519 V1pwNA NUORvEeaoQ+rWveIbqfs8Y/3mhmaxMjXkUC/aA+TNBI
ojl/wN8Z94wcnpjFqzWucxjb4Cj1aw/T72Sn6HImQRc PtgPedhHLhO+sNYRM8mHwlTK/YCoyRO1d4QBB91SEGE
-> ssh-ed25519 rIwlvw EhWuRFm8qmsI//N40Ak3qEBibsG6FtalDu7a2ByBRDs -> ssh-ed25519 rIwlvw a22DrOMKB55NKZ3CQ8YEuoPj3TH2y4JJoFQQSbIkBF0
+alf69rCF58siskxLsyH1j/TY5Abuzety737QxVea7Q Tu/lyVf9EcDL3BzlJeEOum4KslI9DRIXzONY8wUFJkM
-> ssh-ed25519 q8eJgg vpheYQurSMI6K0cFUzlRgTCgSh6XVXnfihC5TCpOTAk -> ssh-ed25519 q8eJgg MV25An5FwvmfqH+0oQQovt0ZKVUn7W2wjeRGD5a0rjQ
EdABzrQzke1aMRo8p8EwufS6hc1rEyyyQ/Z4qP4Vq/E B5JktKOqJtkD98Ee3iqCuJrFFLl7dSO0Z8J9kQ8UIHg
-> ssh-ed25519 pBdJmw tiQopXd0eWJmGG8w58DGjRgrAp8rKVzg1rWsS+MLkFA -> ssh-ed25519 pBdJmw vICdcqDgD6AOZC94XmJwuHYhj8OPjQKkeiNV64XOamA
CaZ+uAQy3s5P714hIlNlnJ4xLgD0qJtMf9575tyjDL0 mweydMBhcSFuxQsjgW3g1Xo7FzdBYGNI4sQVb8e2mpw
-> ssh-ed25519 v2Y09A 7AJTfw+VR9xfpDBNV1uSoBNVThyIjlF9UBHFcJksnm8 -> ssh-ed25519 v2Y09A bHc1tPTcOY5f3B+mhJv7zIyE401tO2FdrAaKLxUxICw
p0Q0xlexTBsnib54A2bWgn+0j9IZ9spHcrAXz6jsHRo /bIxdRktBizlzUQC8O3nzhYglS84k4lbyu1cN62UOwA
-> h-grease \ F&PIoI^Q -> 5/R-grease rNQ% ^EZWXoB~ #%<24w%Z fDKICIU5
JKo0JA uo4iflPflaTzY8ZUhvZZclZcXAAAeTqdEu7hJB6T7zOVJK6ezEJkDcxKUHl0Bd3l
--- lNEh0Ik3wmehWp/RGexGRY83HcDQ2/p7b0IS/oqozOs qzQ
<0C>×¼þæPÙZGÿÈ :><>÷”„‹‘Ó`U„/•o'òßøHÂÿ8;<ïÜÅåMfs ²ôO eYçÛ‘ª éd<>Ÿ<EFBFBD>D: Õ£‚Ǧ)¨áÕA«/ --- 0J6vMbE2Qp863uU8qqG0CKMazXAkTCigSL/GkF/FLUo
÷g‰CD/ƒÛNäVºJ<C2BA>YÝ9èÙL$QlFLžôàO~£?=Ô3ˆ½lÞ><3E>9kw r==“d®/¸x§U¶*Í”9 ¤¦™Ì4¤,ŸiV¾$dZ…Mà }›ž·¨{¡öD'1i~Ëz,âzg>µ8éïªKC>­Mˆs<CB86>¸ƒ/v“ÃÀ…¬<BÔÂ%«Š±[¡iFžÙ#äzúW«Ïõt<C3B5>ð<Úl§ÿÑ!CâóƬ.1'D·<44>/žAúËÕO

BIN
secrets/gitlab/db_pw.age
View file

Binary file not shown.

BIN
secrets/gitlab/ldap_pw.age Normal file
View file

Binary file not shown.

BIN
secrets/gitlab/pw.age
View file

Binary file not shown.

BIN
secrets/gitlab/secrets_db.age
View file

Binary file not shown.

BIN
secrets/gitlab/secrets_jws.age
View file

Binary file not shown.

BIN
secrets/gitlab/secrets_otp.age
View file

Binary file not shown.

28
secrets/gitlab/secrets_secret.age
View file

@ -1,15 +1,15 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA JGktU0gGovPnnYr9an6lueZnEKDLde9ES0Y6m06pLUc -> ssh-ed25519 V1pwNA RSEAjG9arHdJ25sten2nZu6BSfHUQWQNUc5CiNL0QzE
vPcPTDCVwgK72KnMN8t7C9AR7fV9EggTUC5F9EFyuoI IdgldV4EFXZJBH/NC2pZO+4cwkJYvb2KmolLqzmN0vQ
-> ssh-ed25519 rIwlvw FMYXiAcwxioJex74HfvM7Tnvp2VKAOKtHTRqTKgYVHA -> ssh-ed25519 rIwlvw OCljetp8dtOnLtEOtXV0cSueBIgD+SDLupHsd6byDC8
B/RdgW4nsMTD1sF12OxgJElFx6SfCL03WKWdeeTjeYg s15SV/7us1ZkecWzzJhmJvqKOnPH0EZG8UHFs1zic2s
-> ssh-ed25519 q8eJgg AxBdKkiZh7NOqpLMwBNsEo3dgTj+6NPtONYkLKENWRw -> ssh-ed25519 q8eJgg dxw6mkAUjign/aFf6y2nYBWD+hhVSVnryI5DTtOamHQ
qqvrwOFlE52/Sa15kplKXBq5jdTZ+dUn/2EjUBByQQs vVnbJvBbftvokYwX6Sj/kQmfTWp1VvdOM/2x2siNLMQ
-> ssh-ed25519 DVzSig I04tljSY9N+GyRWwO1ULPhojDOLDxXC5gOqw922Z3Xk -> ssh-ed25519 uZzB3g mM0QvRUpROqXcMweoEnXyXbdepmvVk/g/U+6CT51fF8
OiZe8nWcQaY6UCDGW5IkWpqTeMTpNRtUoDxOQ/ALwwg BvPpQ3OudwiXQotQ+dP6XHGW+Z0ryB70x0ZfhpXJV8Y
-> *=AwI,H2-grease -> Tk7;(;-grease
3Y9OngljfiuJCfOMrjB3Ze0+PKnNto4BcK2krTU8jVCVlxUXtFUFHsnuhQsuYejo /BFDPeDUWK4PSfa2tI3yJOT8YkbiL/v+vhQPPapgbXMmugjFTgdkrX4
J5SQjXliLn5r7SK2R7hw2OmWCVkbVuYsBFvGtrc6Kocr0yXGxaqImNsMBA+V5rWT --- JXNaMGLSaqkj2r/+sa9FXemmnKF6hbFHtNVy/OQ/bLg
Ng J^êB|kÐròp?ÊyáÀürÍr—(ÎøjéF³Ì¾¾}86öŒªØƒm-7°TõHºO,ãE]ö¶¬p¸±‰ïW­CBÛ-ñÃô÷³¯;Àâ˜Òsßn<07>øa_=œQ
--- E6/+09Fw8LXNmezYen3GZ1SQvTsnsxty4fgItWnMITc E0Uè¤$B˜¨ yˆR™òs¸tu»;]
­ßü.긗žý\Žä>ôÝðxY%r|ÓWÜff9ª¯¿èÙ"÷l:µ!'™+ê@Œt¬ì=J<15>QÌQ Õ<¥”¨<19>yIO,‰Û·ªžÈéÿ™ë£}6?yIðœü©]UAkì™8Åh¹µˆ§\‰\ËÞÀº¹òÄòvx3Cüˆ•]9‡ÞÔé¡!_½ É ‰ÅŠóÊÎAõŒ …/%þà‘R—_<E28094>

BIN
secrets/ldap/pw.age
View file

Binary file not shown.

BIN
secrets/ldap/self_service.age
View file

Binary file not shown.

26
secrets/secrets.nix
View file

@ -23,7 +23,7 @@ let
optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus"; optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus";
glados = ""; glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados";
kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt"; kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt";
@ -40,11 +40,13 @@ let
]; ];
ldap = [ ldap = [
# only here as a tmp basis
optimus
kitt kitt
]; ];
gitlab = [
glados
];
# these need dns stuff # these need dns stuff
webservers = [ webservers = [
# ULFM # ULFM
@ -53,9 +55,8 @@ let
optimus optimus
] ]
# ldap servers are web facing # ldap servers are web facing
++ ldap; ++ ldap
++ gitlab;
gitlab = optimus;
in in
{ {
@ -67,12 +68,13 @@ in
"stream_ulfm.age".publicKeys = users ++ [galatea]; "stream_ulfm.age".publicKeys = users ++ [galatea];
"gitlab/pw.age".publicKeys = users ++ [gitlab]; "gitlab/pw.age".publicKeys = users ++ gitlab;
"gitlab/db_pw.age".publicKeys = users ++ [gitlab]; "gitlab/db_pw.age".publicKeys = users ++ gitlab;
"gitlab/secrets_db.age".publicKeys = users ++ [gitlab]; "gitlab/secrets_db.age".publicKeys = users ++ gitlab;
"gitlab/secrets_secret.age".publicKeys = users ++ [gitlab]; "gitlab/secrets_secret.age".publicKeys = users ++ gitlab;
"gitlab/secrets_otp.age".publicKeys = users ++ [gitlab]; "gitlab/secrets_otp.age".publicKeys = users ++ gitlab;
"gitlab/secrets_jws.age".publicKeys = users ++ [gitlab]; "gitlab/secrets_jws.age".publicKeys = users ++ gitlab;
"gitlab/ldap_pw.age".publicKeys = users ++ gitlab;
# for ldap # for ldap
"ldap/pw.age".publicKeys = users ++ ldap; "ldap/pw.age".publicKeys = users ++ ldap;

BIN
secrets/stream_ulfm.age
View file

Binary file not shown.