feat: add a test server for trainees to use

2023-11-20 16:10:09 +00:00 · 2023-11-20 16:10:09 +00:00 · 0a028eaf53
commit 0a028eaf53
parent cbb4100b4e
5 changed files with 126 additions and 44 deletions
--- a/config/users.nix
+++ b/config/users.nix
@ -34,11 +34,6 @@ in {
  config.skynet = {
    users = {
      admin = [
        "silver"
        "evanc"
        "eoghanconlon73"
      ];
      committee = [
        "leo"
        "silver"
@ -51,6 +46,16 @@ in {
        "sourabh1805"
        "kronsy"
      ];
      admin = [
        "silver"
        "evanc"
        "eoghanconlon73"
      ];
      trainee = [
        "eliza"
        "milan"
        "esy"
      ];
      lifetime = [];
      banned = [];
      restricted =
--- a/flake.nix
+++ b/flake.nix
@ -152,6 +152,9 @@
      # Nextcloud
      cadie = import ./machines/cadie.nix;
      # trainee server
      marvin = import ./machines/marvin.nix;
    };
  };
 }
--- a/machines/marvin.nix
+++ b/machines/marvin.nix
@ -0,0 +1,68 @@
 /*
 Name:     https://en.wikipedia.org/wiki/Marvin_the_Paranoid_Android
 Why:      Has terrible pain in all the diodes down its left side
 Type:     VM
 Hardware: -
 From:     2023
 Role:     For trainees.
 Notes:
 */
 {
  pkgs,
  lib,
  nodes,
  ...
 }: let
  name = "marvin";
  ip_pub = "193.1.99.81";
  hostname = "${name}.skynet.ie";
 in {
  imports = [
  ];
  deployment = {
    targetHost = hostname;
    targetPort = 22;
    targetUser = null;
    # not deployed automatically as its a test server
    tags = [];
  };
  # allow trainees to deploy
  nix.settings.trusted-users = [
    "root"
    "@skynet-admins-linux"
    "@skynet-trainees-linux"
  ];
  # allow trainees access
  services.skynet_ldap_client.groups = [
    "skynet-admins-linux"
    "skynet-trainees-linux"
  ];
  skynet_dns.records = [
    {
      record = name;
      r_type = "A";
      value = ip_pub;
      server = true;
    }
    {
      record = ip_pub;
      r_type = "PTR";
      value = hostname;
    }
  ];
  services.skynet_backup = {
    host = {
      ip = ip_pub;
      name = name;
    };
  };
  # Put test services below this
 }
--- a/secrets/backup/restic.age
+++ b/secrets/backup/restic.age
@ -1,40 +1,44 @@
 age-encryption.org/v1
-> ssh-ed25519 V1pwNA 4PVHo9zk7nF/HXASYtgADfzpMyFD38yVnGl6DUnJ2H4
+-> ssh-ed25519 V1pwNA 3JbxhP1nIEgtCqaQp0QFoIqEMepv5hZYKUvH7/lvAT8
-rsKe1DKMWTkPFY7zQ0S+713Jbj4N/sTc3tA8RfgqPnQ
+by+oq0T2b24w9ILmtJj2FZqxWJNl4C0m8jmONTXfGT4
-> ssh-ed25519 4PzZog fjzuDCOx7DR+nZdreeFWgdXjxntqT87sTBA8VsIG7R0
+-> ssh-ed25519 4PzZog 8Pe3Tq6Wp2ml5JtW/ikJ+Re3/JV5IAjm+dEcNwR4wlg
-fHOmuW/VRxV80b7ZYeov8jIY9YwlKPMuJZbsOCSCGmI
+iYsLanjZEtazwSELt0CLAyNHKHi4YqWamt9G5xeqAfY
-> ssh-ed25519 5Nd93w bKiRT7OLQFK6YwXfcraAa+hEEEi4vFbkuaE+sIZr7Tw
+-> ssh-ed25519 5Nd93w UdmfLH2jXkL2/osGvhFcJGDNFnWPsc3NvPDmR/epZ1o
-7SvNxSeCA4u3sukpgyJ1evindynHyYPyZ6LsGiYBxDU
+ch6TPi4Jrmc+utO2SlkdRzu6Q5Jop3WzjkuY4EoNKr4
-> ssh-ed25519 q8eJgg 7efgCjgA5BBrTbih+mSFsNCrIeCdjGCMrbVafTkwjgA
+-> ssh-ed25519 q8eJgg YlRTLx5zFiFZQlhwAZ1pUsBa8p7YGvO/kPGRn60MhFo
-ZOE6wXA0e7zVei53tRvyJZQuYqZHLO2w7UocxxcdKSY
+RcJZvYELckKdWGnwzqd8FgEiBD2cv512c1UqKTUVek4
-> ssh-ed25519 /Gb5gQ scN0tsEedQk5JS9B8io0Aw60ryaaLDPQ9QBLijCmY3I
+-> ssh-ed25519 /Gb5gQ iUdSnWebiZQHKQSoXqr4lRWnRjm8V7P+wdqDrXofCUE
-Q7z2+SDtQTXphvlGNJztpxOqLZg4ffWCLxq4XoAfj+4
+Md1XAcZCQX7O11L/L8IZO8mm8jK5a2nON4LWh/N1ij4
-> ssh-ed25519 NtlN/A JgDHCYjQ4+Knk1/m2mOmEdWZ5I0oXMUOvWRV3JuhCAs
+-> ssh-ed25519 NtlN/A DjECX99k1XrhbanjX+SDYquggoEGeOLCBALXJPvmtxQ
-4dggG3a1MSh/Zkp4o/gkmnlQLo3lFmH6KIlOimmQnlI
+FlYhgxFJDRIJI0Azw3EjTFVbbn0tnP9XOTkWGRMT7WY
-> ssh-ed25519 v2Y09A YHaDoKUzQAQjBbzejfa4f1RCoiHRpaXFfQPQ0Sz4K2s
+-> ssh-ed25519 v2Y09A 4QNfu0h2nLm6bL7JriQ3iWjaTzrZmnPw3/JMXErk5Q0
-Fm5/Q561X+vdMW2B3Zs1wmMJs/YCOXnYN6jtTzLa9Io
+uBk71I9dOOX5SrRn3BBtWLED9c/wfeTbSjo8v4FVrtU
-> ssh-ed25519 XSrA6w hgcKUa48qv77vW+WkVT3UJaRuTxyGcx2NVufpAOE7lw
+-> ssh-ed25519 XSrA6w pw/5qQgGM3QwGMS4aIt6/cLQMzxVBy8Y+P4fGC9qCmM
-QqmO9gDnPAXZPPjH3mQi+sUyvMPB4AyxfrRBJyI8Qv4
+89JXhqYOQV3AombZkvIfaaZcdIN0AedX5CMxI6ydGQY
-> ssh-ed25519 DVzSig MAviXeP0uCTr1+Y/zzM8+K0KhMOFud/z75qDL4nRxCU
+-> ssh-ed25519 DVzSig W6z3BDcuauiNgmbwngqilAejOWb4K3CAtC4UUB1NQzQ
-JgWxSNWwWl4v9myVOJ5NQb8HW1jUTpGqxSgliM1c4ZM
+R/hX4brDwWiaqQoAHwZiWwzulqvxFdTzuqTqG/HCGVM
-> ssh-ed25519 uZzB3g sgQxU0f1dIM/r2ukqjGwcIkDCY7hlPQ4V+1WmhJbPWA
+-> ssh-ed25519 uZzB3g RLwSmWqf67qmbCVY/D38zLSmCt81LK8Lu2NioKW/nwM
-m/pwY6N5YosRJEe0gQXLaqCzPWu438iXFLqt9fbVrd4
+VG0lCU4SaHmShOUcyYaTYD/8/4N0CUcJYbJtvlySKzE
-> ssh-ed25519 yvS9bw dTUghxA5+jLAEE9w6DiDHTy4IcVwCnTElpQL6BlUbXg
+-> ssh-ed25519 yvS9bw g7MOI8ROpnlk6FWMCMOyCeYarsz+qgMtS27KFcINog4
-YvpodcVYco4JcKr5ZONeBN3AuCPSk0zOMjeCNlE7xsc
+m/z/NqZiCO+1MaOekgpbW0+V/pgABbOShBZ+uc3DmQQ
-> ssh-ed25519 IzAMqA wvntN+N/Hy/EmSO90nTuABWZsP7snqQ39DAao95Rh1E
+-> ssh-ed25519 IzAMqA vL0NuJL0qb+L9IajxBNkUKX7nE0/Nrg2j3+VqCIUom0
-ECWyatQlw90+udKtGK7J076AUSRnbtAEyILJXJNGNkg
+jfE9Pd12rM9TbW92ryfQ+TGUpZIEYynoWX0B+02r1aE
-> ssh-ed25519 Hb0ipQ NuaKnDdMD7UOXQM3k0fg+DpAGsgqSpDgFMYvnJFcgBU
+-> ssh-ed25519 Hb0ipQ A7GhIVIPW0jlwvB30UHGc9jiSf6HhCY0euOKzilwHgg
-slaJBlZxTgb7GGjNt9PNGPvMFVKKXdmsjckLYCTXlUk
+Wt4KcY1YbZFy/CFnND/FgCaLxIWgj36KQvwxOh8BKXY
-> ssh-ed25519 3pl/Kw XP9pMH5S0+87TqQ1XxKH3CkQQnyELcL2CgazfSnilGA
+-> ssh-ed25519 3pl/Kw WKF1Z5MPtQpZBMvnLUJb5jVI/SreY3I1RvZEh4khgEQ
-s3Z2TP+YHyDJA2tt47eACI4L/73C+8bUHOXTDZuROFk
+vF6V0MXystoPQ9hbN09Es0HdAffa3fZSuQNvfxYj2qw
-> ssh-ed25519 SqDBmA ATvMxlxuUyOKNq0gMvYub2kLm5dMtgrIO6WyHU8dYAk
+-> ssh-ed25519 SqDBmA xSLJQzRetW52eJ/XE3Bfvc5wlL1mOJUUCz1vlNadoRE
-AZ9nq0DTC+v/3W0oZj39A8IPIfwyIDDaUDgRCC5Kqd8
+5K3RPmDq+XHuRXJ0gxMJODwqwnp8FfO40QHmScN6R4c
-> ssh-ed25519 UE6fcQ Zm0tgR6B83cRS9WoQ97WMVdWMfhIni8y+RG6JFbHXzg
+-> ssh-ed25519 UE6fcQ t3QXv7Xol6BBV9NQTaM1ANI19/IGWK6mwWW/jxJs1Fo
-h010f/3pRBfDRTEZ3Gk9PJfP+FIVqLI2OgbeY2NTcvo
+ZsuXpRilP9LHl+hslBh/PHbkYwSz/lFI9KjkEQJALFg
-> ssh-ed25519 YFaxCg wAL0IkLCWok++zzq+S35hltR1nhcwWjHa0fWXg2OpiI
+-> ssh-ed25519 YFaxCg 693MPBIOr1M/fq5UevSXp34ZQabAdlLs9oKROyloTVY
-ofMYHtN6tqlN+SS0jyuCRJqtZ1h0+H8u5tAaCoV78T4
+erQrhgVVrfn7ViCqhvru19faIgMwPvE3v7WkPZ4/NL4
-> _QQW-grease > p!=fBv 'ac^ A13~BQ
+-> ssh-ed25519 elCEeg C55GXvjhHsGod2OoQGWPxDuzKEFcE7BrYKKtBGPiWzE
-R0K5UQZB1yr3issSaFyKgSVNAXuvjfOb9xWbNHg
+MLCBn4FulA9M3mPnmMflqWaEcoMwvKPWRfwALceFNRU
--- LEJYFpkOhuuMwE/Ud/RNKdy2r/U0nCWodB+3ioCRNQI
+-> @b_F0-grease {VD GSb.
-cËô^õ	UÎ’ÈÑ
¨WÀm°,‰u¹“H<E2809C>)[Æ¡ÙmD,šÈ…ô€D<E282AC>¢*×¥!§Tø|JUÊ”îUÊ<55>vkÓ†<>«j`èÏr&eç<[œty!R™[F7e5«‰Š†‚“ƒ/”ŒmÔs´‡5\bc[WŸTi)
+LIaz9WQq+QPF7KAUifTlTNjA3gWfdxTJRugPL+6Yyvp8upBJ7fVXWlBVy4rzwA
-|„M†¯†;€õãvÉ+„ØÃž8<04>PŽ¤FŸcgçÏI,IQ´wÇv
+--- IWxpAEJY4zpLFtrWPRh7dlM9o0dw4iNmDDRvNm//fMw
 <EFBFBD>p˜ïÖœ±U3¿Ÿ¦QímÜ^Ó
 g«a
{@ë×…ø
 û(ôiøÈþf<C3BE>tŸó˜™æ5P!àýïŠuÅ<75>ŸŽÀ,aféí
 nè[ûÖÜe&`uÚDâ¦e¾À|€Dù(Z9œ§sÜ)'-âŒ²UPé íóŒ¿ÕˆZƒòŒÿ_kôJ•3£ºÿJ—oÖÊ,›<9ø[ß
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -24,6 +24,7 @@ let
  skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIFPXJswth8H1k8+zrg8vCnPkfG1hIIa3wR9DBmjpB5 root@skynet";
  earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth";
  cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie";
  marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin";
  systems = [
    agentjones
@ -39,6 +40,7 @@ let
    skynet
    earth
    cadie
    marvin
  ];
  dns = [