From 0a028eaf53a65042050b91506232bff72236483b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Mon, 20 Nov 2023 16:10:09 +0000 Subject: [PATCH] feat: add a test server for trainees to use --- config/users.nix | 15 ++++--- flake.nix | 3 ++ machines/marvin.nix | 68 ++++++++++++++++++++++++++++++++ secrets/backup/restic.age | 82 ++++++++++++++++++++------------------- secrets/secrets.nix | 2 + 5 files changed, 126 insertions(+), 44 deletions(-) create mode 100644 machines/marvin.nix diff --git a/config/users.nix b/config/users.nix index 96fd572..ba8dffe 100644 --- a/config/users.nix +++ b/config/users.nix @@ -34,11 +34,6 @@ in { config.skynet = { users = { - admin = [ - "silver" - "evanc" - "eoghanconlon73" - ]; committee = [ "leo" "silver" @@ -51,6 +46,16 @@ in { "sourabh1805" "kronsy" ]; + admin = [ + "silver" + "evanc" + "eoghanconlon73" + ]; + trainee = [ + "eliza" + "milan" + "esy" + ]; lifetime = []; banned = []; restricted = diff --git a/flake.nix b/flake.nix index 9ee5d65..9fac61a 100644 --- a/flake.nix +++ b/flake.nix @@ -152,6 +152,9 @@ # Nextcloud cadie = import ./machines/cadie.nix; + + # trainee server + marvin = import ./machines/marvin.nix; }; }; } diff --git a/machines/marvin.nix b/machines/marvin.nix new file mode 100644 index 0000000..89e61df --- /dev/null +++ b/machines/marvin.nix @@ -0,0 +1,68 @@ +/* + +Name: https://en.wikipedia.org/wiki/Marvin_the_Paranoid_Android +Why: Has terrible pain in all the diodes down its left side +Type: VM +Hardware: - +From: 2023 +Role: For trainees. +Notes: +*/ +{ + pkgs, + lib, + nodes, + ... +}: let + name = "marvin"; + ip_pub = "193.1.99.81"; + hostname = "${name}.skynet.ie"; +in { + imports = [ + ]; + + deployment = { + targetHost = hostname; + targetPort = 22; + targetUser = null; + + # not deployed automatically as its a test server + tags = []; + }; + + # allow trainees to deploy + nix.settings.trusted-users = [ + "root" + "@skynet-admins-linux" + "@skynet-trainees-linux" + ]; + + # allow trainees access + services.skynet_ldap_client.groups = [ + "skynet-admins-linux" + "skynet-trainees-linux" + ]; + + skynet_dns.records = [ + { + record = name; + r_type = "A"; + value = ip_pub; + server = true; + } + { + record = ip_pub; + r_type = "PTR"; + value = hostname; + } + ]; + + services.skynet_backup = { + host = { + ip = ip_pub; + name = name; + }; + }; + + # Put test services below this +} diff --git a/secrets/backup/restic.age b/secrets/backup/restic.age index 5fffe79..34e6e64 100644 --- a/secrets/backup/restic.age +++ b/secrets/backup/restic.age @@ -1,40 +1,44 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 4PVHo9zk7nF/HXASYtgADfzpMyFD38yVnGl6DUnJ2H4 -rsKe1DKMWTkPFY7zQ0S+713Jbj4N/sTc3tA8RfgqPnQ --> ssh-ed25519 4PzZog fjzuDCOx7DR+nZdreeFWgdXjxntqT87sTBA8VsIG7R0 -fHOmuW/VRxV80b7ZYeov8jIY9YwlKPMuJZbsOCSCGmI --> ssh-ed25519 5Nd93w bKiRT7OLQFK6YwXfcraAa+hEEEi4vFbkuaE+sIZr7Tw -7SvNxSeCA4u3sukpgyJ1evindynHyYPyZ6LsGiYBxDU --> ssh-ed25519 q8eJgg 7efgCjgA5BBrTbih+mSFsNCrIeCdjGCMrbVafTkwjgA -ZOE6wXA0e7zVei53tRvyJZQuYqZHLO2w7UocxxcdKSY --> ssh-ed25519 /Gb5gQ scN0tsEedQk5JS9B8io0Aw60ryaaLDPQ9QBLijCmY3I -Q7z2+SDtQTXphvlGNJztpxOqLZg4ffWCLxq4XoAfj+4 --> ssh-ed25519 NtlN/A JgDHCYjQ4+Knk1/m2mOmEdWZ5I0oXMUOvWRV3JuhCAs -4dggG3a1MSh/Zkp4o/gkmnlQLo3lFmH6KIlOimmQnlI --> ssh-ed25519 v2Y09A YHaDoKUzQAQjBbzejfa4f1RCoiHRpaXFfQPQ0Sz4K2s -Fm5/Q561X+vdMW2B3Zs1wmMJs/YCOXnYN6jtTzLa9Io --> ssh-ed25519 XSrA6w hgcKUa48qv77vW+WkVT3UJaRuTxyGcx2NVufpAOE7lw -QqmO9gDnPAXZPPjH3mQi+sUyvMPB4AyxfrRBJyI8Qv4 --> ssh-ed25519 DVzSig MAviXeP0uCTr1+Y/zzM8+K0KhMOFud/z75qDL4nRxCU -JgWxSNWwWl4v9myVOJ5NQb8HW1jUTpGqxSgliM1c4ZM --> ssh-ed25519 uZzB3g sgQxU0f1dIM/r2ukqjGwcIkDCY7hlPQ4V+1WmhJbPWA -m/pwY6N5YosRJEe0gQXLaqCzPWu438iXFLqt9fbVrd4 --> ssh-ed25519 yvS9bw dTUghxA5+jLAEE9w6DiDHTy4IcVwCnTElpQL6BlUbXg -YvpodcVYco4JcKr5ZONeBN3AuCPSk0zOMjeCNlE7xsc --> ssh-ed25519 IzAMqA wvntN+N/Hy/EmSO90nTuABWZsP7snqQ39DAao95Rh1E -ECWyatQlw90+udKtGK7J076AUSRnbtAEyILJXJNGNkg --> ssh-ed25519 Hb0ipQ NuaKnDdMD7UOXQM3k0fg+DpAGsgqSpDgFMYvnJFcgBU -slaJBlZxTgb7GGjNt9PNGPvMFVKKXdmsjckLYCTXlUk --> ssh-ed25519 3pl/Kw XP9pMH5S0+87TqQ1XxKH3CkQQnyELcL2CgazfSnilGA -s3Z2TP+YHyDJA2tt47eACI4L/73C+8bUHOXTDZuROFk --> ssh-ed25519 SqDBmA ATvMxlxuUyOKNq0gMvYub2kLm5dMtgrIO6WyHU8dYAk -AZ9nq0DTC+v/3W0oZj39A8IPIfwyIDDaUDgRCC5Kqd8 --> ssh-ed25519 UE6fcQ Zm0tgR6B83cRS9WoQ97WMVdWMfhIni8y+RG6JFbHXzg -h010f/3pRBfDRTEZ3Gk9PJfP+FIVqLI2OgbeY2NTcvo --> ssh-ed25519 YFaxCg wAL0IkLCWok++zzq+S35hltR1nhcwWjHa0fWXg2OpiI -ofMYHtN6tqlN+SS0jyuCRJqtZ1h0+H8u5tAaCoV78T4 --> _QQW-grease > p!=fBv 'ac^ A13~BQ -R0K5UQZB1yr3issSaFyKgSVNAXuvjfOb9xWbNHg ---- LEJYFpkOhuuMwE/Ud/RNKdy2r/U0nCWodB+3ioCRNQI -c^ UΒ Wm,uH)[ơmD,ȅD*ץ!T|JUUʏvkj`r&e< [ty!R[F7e 5/ms5\bc[WTi) -|M;v+Þ8PFcgI,IQwv \ No newline at end of file +-> ssh-ed25519 V1pwNA 3JbxhP1nIEgtCqaQp0QFoIqEMepv5hZYKUvH7/lvAT8 +by+oq0T2b24w9ILmtJj2FZqxWJNl4C0m8jmONTXfGT4 +-> ssh-ed25519 4PzZog 8Pe3Tq6Wp2ml5JtW/ikJ+Re3/JV5IAjm+dEcNwR4wlg +iYsLanjZEtazwSELt0CLAyNHKHi4YqWamt9G5xeqAfY +-> ssh-ed25519 5Nd93w UdmfLH2jXkL2/osGvhFcJGDNFnWPsc3NvPDmR/epZ1o +ch6TPi4Jrmc+utO2SlkdRzu6Q5Jop3WzjkuY4EoNKr4 +-> ssh-ed25519 q8eJgg YlRTLx5zFiFZQlhwAZ1pUsBa8p7YGvO/kPGRn60MhFo +RcJZvYELckKdWGnwzqd8FgEiBD2cv512c1UqKTUVek4 +-> ssh-ed25519 /Gb5gQ iUdSnWebiZQHKQSoXqr4lRWnRjm8V7P+wdqDrXofCUE +Md1XAcZCQX7O11L/L8IZO8mm8jK5a2nON4LWh/N1ij4 +-> ssh-ed25519 NtlN/A DjECX99k1XrhbanjX+SDYquggoEGeOLCBALXJPvmtxQ +FlYhgxFJDRIJI0Azw3EjTFVbbn0tnP9XOTkWGRMT7WY +-> ssh-ed25519 v2Y09A 4QNfu0h2nLm6bL7JriQ3iWjaTzrZmnPw3/JMXErk5Q0 +uBk71I9dOOX5SrRn3BBtWLED9c/wfeTbSjo8v4FVrtU +-> ssh-ed25519 XSrA6w pw/5qQgGM3QwGMS4aIt6/cLQMzxVBy8Y+P4fGC9qCmM +89JXhqYOQV3AombZkvIfaaZcdIN0AedX5CMxI6ydGQY +-> ssh-ed25519 DVzSig W6z3BDcuauiNgmbwngqilAejOWb4K3CAtC4UUB1NQzQ +R/hX4brDwWiaqQoAHwZiWwzulqvxFdTzuqTqG/HCGVM +-> ssh-ed25519 uZzB3g RLwSmWqf67qmbCVY/D38zLSmCt81LK8Lu2NioKW/nwM +VG0lCU4SaHmShOUcyYaTYD/8/4N0CUcJYbJtvlySKzE +-> ssh-ed25519 yvS9bw g7MOI8ROpnlk6FWMCMOyCeYarsz+qgMtS27KFcINog4 +m/z/NqZiCO+1MaOekgpbW0+V/pgABbOShBZ+uc3DmQQ +-> ssh-ed25519 IzAMqA vL0NuJL0qb+L9IajxBNkUKX7nE0/Nrg2j3+VqCIUom0 +jfE9Pd12rM9TbW92ryfQ+TGUpZIEYynoWX0B+02r1aE +-> ssh-ed25519 Hb0ipQ A7GhIVIPW0jlwvB30UHGc9jiSf6HhCY0euOKzilwHgg +Wt4KcY1YbZFy/CFnND/FgCaLxIWgj36KQvwxOh8BKXY +-> ssh-ed25519 3pl/Kw WKF1Z5MPtQpZBMvnLUJb5jVI/SreY3I1RvZEh4khgEQ +vF6V0MXystoPQ9hbN09Es0HdAffa3fZSuQNvfxYj2qw +-> ssh-ed25519 SqDBmA xSLJQzRetW52eJ/XE3Bfvc5wlL1mOJUUCz1vlNadoRE +5K3RPmDq+XHuRXJ0gxMJODwqwnp8FfO40QHmScN6R4c +-> ssh-ed25519 UE6fcQ t3QXv7Xol6BBV9NQTaM1ANI19/IGWK6mwWW/jxJs1Fo +ZsuXpRilP9LHl+hslBh/PHbkYwSz/lFI9KjkEQJALFg +-> ssh-ed25519 YFaxCg 693MPBIOr1M/fq5UevSXp34ZQabAdlLs9oKROyloTVY +erQrhgVVrfn7ViCqhvru19faIgMwPvE3v7WkPZ4/NL4 +-> ssh-ed25519 elCEeg C55GXvjhHsGod2OoQGWPxDuzKEFcE7BrYKKtBGPiWzE +MLCBn4FulA9M3mPnmMflqWaEcoMwvKPWRfwALceFNRU +-> @b_F0-grease {VD GSb. +LIaz9WQq+QPF7KAUifTlTNjA3gWfdxTJRugPL+6Yyvp8upBJ7fVXWlBVy4rzwA +--- IWxpAEJY4zpLFtrWPRh7dlM9o0dw4iNmDDRvNm//fMw +pU3Qm^ +ga {@ׅ +(ift5P!uŁ,af +n[e&`uDe|D(Z9s)'-⌲UPՈZ_kJ3Jo,<9[ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3cdbeec..863ec5e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -24,6 +24,7 @@ let skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIFPXJswth8H1k8+zrg8vCnPkfG1hIIa3wR9DBmjpB5 root@skynet"; earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth"; cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie"; + marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin"; systems = [ agentjones @@ -39,6 +40,7 @@ let skynet earth cadie + marvin ]; dns = [