feat: enabled gitlab.skynet.ie

2023-06-15 02:47:56 +01:00 · 2023-06-15 02:47:56 +01:00 · 0411c8e18c
commit 0411c8e18c
parent 564fe272b1
16 changed files with 104 additions and 58 deletions
--- a/flake.nix
+++ b/flake.nix
@ -66,6 +66,9 @@
      # LDAP host
      kitt.imports = [./machines/kitt.nix arion.nixosModules.arion];

+      # Gitlab
+      glados = import ./machines/glados.nix;
+
    };
  };

--- a/machines/glados.nix
+++ b/machines/glados.nix
@ -0,0 +1,58 @@
+/*
+
+  Name:     https://half-life.fandom.com/wiki/GLaDOS
+  Why:      Glados has a vast experence of testing and deploying.
+  Type:     VM
+  Hardware: -
+  From:     2023
+  Role:     Git server
+  Notes:    Each user has roughly 20gb os storage
+            20 * 100 = 2000gb
+
+*/
+
+{ pkgs, lib, nodes, ... }:
+let
+  # name of the server, sets teh hostname and record for it
+  name      = "glados";
+  ip_pub    = "193.1.99.75";
+  ip_priv   = "172.20.20.7";
+  hostname  = "${name}.skynet.ie";
+
+in {
+  imports = [
+    ../applications/dns.nix
+
+    # applications for this particular server
+    ../applications/gitlab.nix
+  ];
+
+  deployment = {
+    targetHost = hostname;
+    targetPort = 22;
+    targetUser = "root";
+  };
+
+
+  skynet_dns.records = {
+    external = [
+      "${name}       A       ${ip_pub}"
+    ];
+    reverse = [
+      "${builtins.substring 9 3 ip_pub}    IN     PTR    ${name}"
+    ];
+  };
+
+  services.skynet_gitlab = {
+      enable = true;
+
+      host = {
+        # pass in teh ip (used for firewall)
+        ip = ip_pub;
+
+        # the name is used for dns
+        name = name;
+      };
+    };
+
+}
--- a/machines/optimus.nix
+++ b/machines/optimus.nix
@ -23,9 +23,6 @@ in {
    # applications for this particular server
    ../applications/dns.nix
    ../applications/games.nix
-
-    # for testing
-    ../applications/gitlab.nix
  ];

  deployment = {
@ -34,7 +31,6 @@ in {
    targetUser = "root";
  };

-
  skynet_dns.records = {
    external = [
      "${name}       A       ${ip_pub}"
@ -55,17 +51,4 @@ in {
      name = name;
    };
  };
-
-  services.skynet_gitlab = {
-      enable = true;
-
-      host = {
-        # pass in teh ip (used for firewall)
-        ip = ip_pub;
-
-        # the name is used for dns
-        name = name;
-      };
-    };
-
 }
--- a/secrets/dns_certs.secret.age
+++ b/secrets/dns_certs.secret.age
--- a/secrets/dns_dnskeys.conf.age
+++ b/secrets/dns_dnskeys.conf.age
@ -1,16 +1,16 @@
 age-encryption.org/v1
-> ssh-ed25519 V1pwNA +XdmsmDKDUcu4JbZa+GIB7bXNeijvcjPCX3cl8qtIko
-ojl/wN8Z94wcnpjFqzWucxjb4Cj1aw/T72Sn6HImQRc
-> ssh-ed25519 rIwlvw EhWuRFm8qmsI//N40Ak3qEBibsG6FtalDu7a2ByBRDs
-+alf69rCF58siskxLsyH1j/TY5Abuzety737QxVea7Q
-> ssh-ed25519 q8eJgg vpheYQurSMI6K0cFUzlRgTCgSh6XVXnfihC5TCpOTAk
-EdABzrQzke1aMRo8p8EwufS6hc1rEyyyQ/Z4qP4Vq/E
-> ssh-ed25519 pBdJmw tiQopXd0eWJmGG8w58DGjRgrAp8rKVzg1rWsS+MLkFA
-CaZ+uAQy3s5P714hIlNlnJ4xLgD0qJtMf9575tyjDL0
-> ssh-ed25519 v2Y09A 7AJTfw+VR9xfpDBNV1uSoBNVThyIjlF9UBHFcJksnm8
-p0Q0xlexTBsnib54A2bWgn+0j9IZ9spHcrAXz6jsHRo
-> h-grease \ F&PIoI^Q
-JKo0JA
--- lNEh0Ik3wmehWp/RGexGRY83HcDQ2/p7b0IS/oqozOs
-<0C>×¼þæPÙZ‘GÿÈ	:>—<>÷”„‹‘Ó`U„/•o'òßøHÂÿ8;<ïÜÅåMfs²’ôO eYçÛ‘ª
éd<>Ÿ<EFBFBD>D: Õ£‚Ç¦)¨áÕA«/
-÷g‰CD/ƒÛNäVºJ<C2BA>YÝ9èÙL$QlFLžôàO~£?=›‹Ô3ˆ½lÞ><3E>9kw
+-> ssh-ed25519 V1pwNA NUORvEeaoQ+rWveIbqfs8Y/3mhmaxMjXkUC/aA+TNBI
+PtgPedhHLhO+sNYRM8mHwlTK/YCoyRO1d4QBB91SEGE
+-> ssh-ed25519 rIwlvw a22DrOMKB55NKZ3CQ8YEuoPj3TH2y4JJoFQQSbIkBF0
+Tu/lyVf9EcDL3BzlJeEOum4KslI9DRIXzONY8wUFJkM
+-> ssh-ed25519 q8eJgg MV25An5FwvmfqH+0oQQovt0ZKVUn7W2wjeRGD5a0rjQ
+B5JktKOqJtkD98Ee3iqCuJrFFLl7dSO0Z8J9kQ8UIHg
+-> ssh-ed25519 pBdJmw vICdcqDgD6AOZC94XmJwuHYhj8OPjQKkeiNV64XOamA
+mweydMBhcSFuxQsjgW3g1Xo7FzdBYGNI4sQVb8e2mpw
+-> ssh-ed25519 v2Y09A bHc1tPTcOY5f3B+mhJv7zIyE401tO2FdrAaKLxUxICw
+/bIxdRktBizlzUQC8O3nzhYglS84k4lbyu1cN62UOwA
+-> 5/R-grease rNQ% ^EZWXoB~ #%<24w%Z fDKICIU5
+uo4iflPflaTzY8ZUhvZZclZcXAAAeTqdEu7hJB6T7zOVJK6ezEJkDcxKUHl0Bd3l
+qzQ
+--- 0J6vMbE2Qp863uU8qqG0CKMazXAkTCigSL/GkF/FLUo
+r==“d‹®/¸x§U¶*Í”9 –¤¦™Ì4¤,ŸiV¾$dZ…Mà –}›ž·¨{¡öD'1i~–Ëz,âzg>µ8éïªKC>Mˆs<CB86>¸‘ƒ/v¶“ÃÀ…¬<BÔÂ%«Š±[¡iFžÙ#äzúW«Ïõt<C3B5>ð<Úl§ÿÑ!CâóÆ¬.1'D·<44>/žAúËÕO
--- a/secrets/gitlab/db_pw.age
+++ b/secrets/gitlab/db_pw.age
--- a/secrets/gitlab/ldap_pw.age
+++ b/secrets/gitlab/ldap_pw.age
--- a/secrets/gitlab/pw.age
+++ b/secrets/gitlab/pw.age
--- a/secrets/gitlab/secrets_db.age
+++ b/secrets/gitlab/secrets_db.age
--- a/secrets/gitlab/secrets_jws.age
+++ b/secrets/gitlab/secrets_jws.age
--- a/secrets/gitlab/secrets_otp.age
+++ b/secrets/gitlab/secrets_otp.age
--- a/secrets/gitlab/secrets_secret.age
+++ b/secrets/gitlab/secrets_secret.age
@ -1,15 +1,15 @@
 age-encryption.org/v1
-> ssh-ed25519 V1pwNA JGktU0gGovPnnYr9an6lueZnEKDLde9ES0Y6m06pLUc
-vPcPTDCVwgK72KnMN8t7C9AR7fV9EggTUC5F9EFyuoI
-> ssh-ed25519 rIwlvw FMYXiAcwxioJex74HfvM7Tnvp2VKAOKtHTRqTKgYVHA
-B/RdgW4nsMTD1sF12OxgJElFx6SfCL03WKWdeeTjeYg
-> ssh-ed25519 q8eJgg AxBdKkiZh7NOqpLMwBNsEo3dgTj+6NPtONYkLKENWRw
-qqvrwOFlE52/Sa15kplKXBq5jdTZ+dUn/2EjUBByQQs
-> ssh-ed25519 DVzSig I04tljSY9N+GyRWwO1ULPhojDOLDxXC5gOqw922Z3Xk
-OiZe8nWcQaY6UCDGW5IkWpqTeMTpNRtUoDxOQ/ALwwg
-> *=AwI,H2-grease
-3Y9OngljfiuJCfOMrjB3Ze0+PKnNto4BcK2krTU8jVCVlxUXtFUFHsnuhQsuYejo
-J5SQjXliLn5r7SK2R7hw2OmWCVkbVuYsBFvGtrc6Kocr0yXGxaqImNsMBA+V5rWT
-Ng
--- E6/+09Fw8LXNmezYen3GZ1SQvTsnsxty4fgItWnMITc
-UÅßü.ê¸—žý\c¥Žä>ôÝðxY%r|ÓWÜf‹f9ª¯¿èÙ"÷l:µ!‹'™+ê@Œt¬ì=J<15>QÌQÕ<¥”¨<19>yIO,‰Û·ªžÈéÿ™ë£}6?yI’ðœü©]UAkì™8Åh¹µˆ§\‰\ËÞÀº¹òÄòvx3Cüˆ•]9‡ÞÔé¡!_½‹ É
+-> ssh-ed25519 V1pwNA RSEAjG9arHdJ25sten2nZu6BSfHUQWQNUc5CiNL0QzE
+IdgldV4EFXZJBH/NC2pZO+4cwkJYvb2KmolLqzmN0vQ
+-> ssh-ed25519 rIwlvw OCljetp8dtOnLtEOtXV0cSueBIgD+SDLupHsd6byDC8
+s15SV/7us1ZkecWzzJhmJvqKOnPH0EZG8UHFs1zic2s
+-> ssh-ed25519 q8eJgg dxw6mkAUjign/aFf6y2nYBWD+hhVSVnryI5DTtOamHQ
+vVnbJvBbftvokYwX6Sj/kQmfTWp1VvdOM/2x2siNLMQ
+-> ssh-ed25519 uZzB3g mM0QvRUpROqXcMweoEnXyXbdepmvVk/g/U+6CT51fF8
+BvPpQ3OudwiXQotQ+dP6XHGW+Z0ryB70x0ZfhpXJV8Y
+-> Tk7;(;-grease
+/BFDPeDUWK4PSfa2tI3yJOT8YkbiL/v+vhQPPapgbXMmugjFTgdkrX4
+--- JXNaMGLSaqkj2r/+sa9FXemmnKF6hbFHtNVy/OQ/bLg
+J^êB|kÐròp?ÊyáÀürÍr—(ÎøjéF³Ì¾¾}86öŒª‹Øƒm-7°TõHºO,ãE]ö¶¬p¸±‰ï›WCBÛ-ñÃô÷³¯VÄ;Àâ˜Òsßn_¦<07>øa_=œQ
+E0Uè¤$B˜¨ yˆR™òs¸tu»;]
+‰ÅŠóÊÎAõŒ…/%þà‘R—_<E28094>
--- a/secrets/ldap/pw.age
+++ b/secrets/ldap/pw.age
--- a/secrets/ldap/self_service.age
+++ b/secrets/ldap/self_service.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -23,7 +23,7 @@ let

  optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus";

-  glados = "";
+  glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados";

  kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt";

@ -40,11 +40,13 @@ let
  ];

  ldap = [
-    # only here as a tmp basis
-    optimus
    kitt
  ];

+  gitlab = [
+    glados
+  ];
+
  # these need dns stuff
  webservers = [
    # ULFM
@ -53,9 +55,8 @@ let
    optimus
  ]
  # ldap servers are web facing
-  ++ ldap;
-
-  gitlab = optimus;
+  ++ ldap
+  ++ gitlab;

 in
 {
@ -67,12 +68,13 @@ in
  "stream_ulfm.age".publicKeys = users ++ [galatea];


-  "gitlab/pw.age".publicKeys = users ++ [gitlab];
-  "gitlab/db_pw.age".publicKeys = users ++ [gitlab];
-  "gitlab/secrets_db.age".publicKeys = users ++ [gitlab];
-  "gitlab/secrets_secret.age".publicKeys = users ++ [gitlab];
-  "gitlab/secrets_otp.age".publicKeys = users ++ [gitlab];
-  "gitlab/secrets_jws.age".publicKeys = users ++ [gitlab];
+  "gitlab/pw.age".publicKeys = users ++ gitlab;
+  "gitlab/db_pw.age".publicKeys = users ++ gitlab;
+  "gitlab/secrets_db.age".publicKeys = users ++ gitlab;
+  "gitlab/secrets_secret.age".publicKeys = users ++ gitlab;
+  "gitlab/secrets_otp.age".publicKeys = users ++ gitlab;
+  "gitlab/secrets_jws.age".publicKeys = users ++ gitlab;
+  "gitlab/ldap_pw.age".publicKeys = users ++ gitlab;

  # for ldap
  "ldap/pw.age".publicKeys = users ++ ldap;
--- a/secrets/stream_ulfm.age
+++ b/secrets/stream_ulfm.age