feat: add a test server for trainees to use

2023-11-20 16:10:09 +00:00 · 2023-11-20 16:10:09 +00:00 · 0a028eaf53
commit 0a028eaf53
parent cbb4100b4e
5 changed files with 126 additions and 44 deletions
--- a/config/users.nix
+++ b/config/users.nix
@ -34,11 +34,6 @@ in {

  config.skynet = {
    users = {
-      admin = [
-        "silver"
-        "evanc"
-        "eoghanconlon73"
-      ];
      committee = [
        "leo"
        "silver"
@ -51,6 +46,16 @@ in {
        "sourabh1805"
        "kronsy"
      ];
+      admin = [
+        "silver"
+        "evanc"
+        "eoghanconlon73"
+      ];
+      trainee = [
+        "eliza"
+        "milan"
+        "esy"
+      ];
      lifetime = [];
      banned = [];
      restricted =
--- a/flake.nix
+++ b/flake.nix
@ -152,6 +152,9 @@

      # Nextcloud
      cadie = import ./machines/cadie.nix;
+
+      # trainee server
+      marvin = import ./machines/marvin.nix;
    };
  };
 }
--- a/machines/marvin.nix
+++ b/machines/marvin.nix
@ -0,0 +1,68 @@
+/*
+
+Name:     https://en.wikipedia.org/wiki/Marvin_the_Paranoid_Android
+Why:      Has terrible pain in all the diodes down its left side
+Type:     VM
+Hardware: -
+From:     2023
+Role:     For trainees.
+Notes:
+*/
+{
+  pkgs,
+  lib,
+  nodes,
+  ...
+}: let
+  name = "marvin";
+  ip_pub = "193.1.99.81";
+  hostname = "${name}.skynet.ie";
+in {
+  imports = [
+  ];
+
+  deployment = {
+    targetHost = hostname;
+    targetPort = 22;
+    targetUser = null;
+
+    # not deployed automatically as its a test server
+    tags = [];
+  };
+
+  # allow trainees to deploy
+  nix.settings.trusted-users = [
+    "root"
+    "@skynet-admins-linux"
+    "@skynet-trainees-linux"
+  ];
+
+  # allow trainees access
+  services.skynet_ldap_client.groups = [
+    "skynet-admins-linux"
+    "skynet-trainees-linux"
+  ];
+
+  skynet_dns.records = [
+    {
+      record = name;
+      r_type = "A";
+      value = ip_pub;
+      server = true;
+    }
+    {
+      record = ip_pub;
+      r_type = "PTR";
+      value = hostname;
+    }
+  ];
+
+  services.skynet_backup = {
+    host = {
+      ip = ip_pub;
+      name = name;
+    };
+  };
+
+  # Put test services below this
+}
--- a/secrets/backup/restic.age
+++ b/secrets/backup/restic.age
@ -1,40 +1,44 @@
 age-encryption.org/v1
-> ssh-ed25519 V1pwNA 4PVHo9zk7nF/HXASYtgADfzpMyFD38yVnGl6DUnJ2H4
-rsKe1DKMWTkPFY7zQ0S+713Jbj4N/sTc3tA8RfgqPnQ
-> ssh-ed25519 4PzZog fjzuDCOx7DR+nZdreeFWgdXjxntqT87sTBA8VsIG7R0
-fHOmuW/VRxV80b7ZYeov8jIY9YwlKPMuJZbsOCSCGmI
-> ssh-ed25519 5Nd93w bKiRT7OLQFK6YwXfcraAa+hEEEi4vFbkuaE+sIZr7Tw
-7SvNxSeCA4u3sukpgyJ1evindynHyYPyZ6LsGiYBxDU
-> ssh-ed25519 q8eJgg 7efgCjgA5BBrTbih+mSFsNCrIeCdjGCMrbVafTkwjgA
-ZOE6wXA0e7zVei53tRvyJZQuYqZHLO2w7UocxxcdKSY
-> ssh-ed25519 /Gb5gQ scN0tsEedQk5JS9B8io0Aw60ryaaLDPQ9QBLijCmY3I
-Q7z2+SDtQTXphvlGNJztpxOqLZg4ffWCLxq4XoAfj+4
-> ssh-ed25519 NtlN/A JgDHCYjQ4+Knk1/m2mOmEdWZ5I0oXMUOvWRV3JuhCAs
-4dggG3a1MSh/Zkp4o/gkmnlQLo3lFmH6KIlOimmQnlI
-> ssh-ed25519 v2Y09A YHaDoKUzQAQjBbzejfa4f1RCoiHRpaXFfQPQ0Sz4K2s
-Fm5/Q561X+vdMW2B3Zs1wmMJs/YCOXnYN6jtTzLa9Io
-> ssh-ed25519 XSrA6w hgcKUa48qv77vW+WkVT3UJaRuTxyGcx2NVufpAOE7lw
-QqmO9gDnPAXZPPjH3mQi+sUyvMPB4AyxfrRBJyI8Qv4
-> ssh-ed25519 DVzSig MAviXeP0uCTr1+Y/zzM8+K0KhMOFud/z75qDL4nRxCU
-JgWxSNWwWl4v9myVOJ5NQb8HW1jUTpGqxSgliM1c4ZM
-> ssh-ed25519 uZzB3g sgQxU0f1dIM/r2ukqjGwcIkDCY7hlPQ4V+1WmhJbPWA
-m/pwY6N5YosRJEe0gQXLaqCzPWu438iXFLqt9fbVrd4
-> ssh-ed25519 yvS9bw dTUghxA5+jLAEE9w6DiDHTy4IcVwCnTElpQL6BlUbXg
-YvpodcVYco4JcKr5ZONeBN3AuCPSk0zOMjeCNlE7xsc
-> ssh-ed25519 IzAMqA wvntN+N/Hy/EmSO90nTuABWZsP7snqQ39DAao95Rh1E
-ECWyatQlw90+udKtGK7J076AUSRnbtAEyILJXJNGNkg
-> ssh-ed25519 Hb0ipQ NuaKnDdMD7UOXQM3k0fg+DpAGsgqSpDgFMYvnJFcgBU
-slaJBlZxTgb7GGjNt9PNGPvMFVKKXdmsjckLYCTXlUk
-> ssh-ed25519 3pl/Kw XP9pMH5S0+87TqQ1XxKH3CkQQnyELcL2CgazfSnilGA
-s3Z2TP+YHyDJA2tt47eACI4L/73C+8bUHOXTDZuROFk
-> ssh-ed25519 SqDBmA ATvMxlxuUyOKNq0gMvYub2kLm5dMtgrIO6WyHU8dYAk
-AZ9nq0DTC+v/3W0oZj39A8IPIfwyIDDaUDgRCC5Kqd8
-> ssh-ed25519 UE6fcQ Zm0tgR6B83cRS9WoQ97WMVdWMfhIni8y+RG6JFbHXzg
-h010f/3pRBfDRTEZ3Gk9PJfP+FIVqLI2OgbeY2NTcvo
-> ssh-ed25519 YFaxCg wAL0IkLCWok++zzq+S35hltR1nhcwWjHa0fWXg2OpiI
-ofMYHtN6tqlN+SS0jyuCRJqtZ1h0+H8u5tAaCoV78T4
-> _QQW-grease > p!=fBv 'ac^ A13~BQ
-R0K5UQZB1yr3issSaFyKgSVNAXuvjfOb9xWbNHg
--- LEJYFpkOhuuMwE/Ud/RNKdy2r/U0nCWodB+3ioCRNQI
-cËô^õ	UÎ’ÈÑ
¨WÀm°,‰u¹“H<E2809C>)[Æ¡ÙmD,šÈ…ô€D<E282AC>¢*×¥!§Tø|JUÊ”îUÊ<55>vkÓ†<>«j`èÏr&eç<[œty!R™[F7e5«‰Š†‚“ƒ/”ŒmÔs´‡5\bc[WŸTi)
-|„M†¯†;€õãvÉ+„ØÃž8<04>PŽ¤FŸcgçÏI,IQ´wÇv
+-> ssh-ed25519 V1pwNA 3JbxhP1nIEgtCqaQp0QFoIqEMepv5hZYKUvH7/lvAT8
+by+oq0T2b24w9ILmtJj2FZqxWJNl4C0m8jmONTXfGT4
+-> ssh-ed25519 4PzZog 8Pe3Tq6Wp2ml5JtW/ikJ+Re3/JV5IAjm+dEcNwR4wlg
+iYsLanjZEtazwSELt0CLAyNHKHi4YqWamt9G5xeqAfY
+-> ssh-ed25519 5Nd93w UdmfLH2jXkL2/osGvhFcJGDNFnWPsc3NvPDmR/epZ1o
+ch6TPi4Jrmc+utO2SlkdRzu6Q5Jop3WzjkuY4EoNKr4
+-> ssh-ed25519 q8eJgg YlRTLx5zFiFZQlhwAZ1pUsBa8p7YGvO/kPGRn60MhFo
+RcJZvYELckKdWGnwzqd8FgEiBD2cv512c1UqKTUVek4
+-> ssh-ed25519 /Gb5gQ iUdSnWebiZQHKQSoXqr4lRWnRjm8V7P+wdqDrXofCUE
+Md1XAcZCQX7O11L/L8IZO8mm8jK5a2nON4LWh/N1ij4
+-> ssh-ed25519 NtlN/A DjECX99k1XrhbanjX+SDYquggoEGeOLCBALXJPvmtxQ
+FlYhgxFJDRIJI0Azw3EjTFVbbn0tnP9XOTkWGRMT7WY
+-> ssh-ed25519 v2Y09A 4QNfu0h2nLm6bL7JriQ3iWjaTzrZmnPw3/JMXErk5Q0
+uBk71I9dOOX5SrRn3BBtWLED9c/wfeTbSjo8v4FVrtU
+-> ssh-ed25519 XSrA6w pw/5qQgGM3QwGMS4aIt6/cLQMzxVBy8Y+P4fGC9qCmM
+89JXhqYOQV3AombZkvIfaaZcdIN0AedX5CMxI6ydGQY
+-> ssh-ed25519 DVzSig W6z3BDcuauiNgmbwngqilAejOWb4K3CAtC4UUB1NQzQ
+R/hX4brDwWiaqQoAHwZiWwzulqvxFdTzuqTqG/HCGVM
+-> ssh-ed25519 uZzB3g RLwSmWqf67qmbCVY/D38zLSmCt81LK8Lu2NioKW/nwM
+VG0lCU4SaHmShOUcyYaTYD/8/4N0CUcJYbJtvlySKzE
+-> ssh-ed25519 yvS9bw g7MOI8ROpnlk6FWMCMOyCeYarsz+qgMtS27KFcINog4
+m/z/NqZiCO+1MaOekgpbW0+V/pgABbOShBZ+uc3DmQQ
+-> ssh-ed25519 IzAMqA vL0NuJL0qb+L9IajxBNkUKX7nE0/Nrg2j3+VqCIUom0
+jfE9Pd12rM9TbW92ryfQ+TGUpZIEYynoWX0B+02r1aE
+-> ssh-ed25519 Hb0ipQ A7GhIVIPW0jlwvB30UHGc9jiSf6HhCY0euOKzilwHgg
+Wt4KcY1YbZFy/CFnND/FgCaLxIWgj36KQvwxOh8BKXY
+-> ssh-ed25519 3pl/Kw WKF1Z5MPtQpZBMvnLUJb5jVI/SreY3I1RvZEh4khgEQ
+vF6V0MXystoPQ9hbN09Es0HdAffa3fZSuQNvfxYj2qw
+-> ssh-ed25519 SqDBmA xSLJQzRetW52eJ/XE3Bfvc5wlL1mOJUUCz1vlNadoRE
+5K3RPmDq+XHuRXJ0gxMJODwqwnp8FfO40QHmScN6R4c
+-> ssh-ed25519 UE6fcQ t3QXv7Xol6BBV9NQTaM1ANI19/IGWK6mwWW/jxJs1Fo
+ZsuXpRilP9LHl+hslBh/PHbkYwSz/lFI9KjkEQJALFg
+-> ssh-ed25519 YFaxCg 693MPBIOr1M/fq5UevSXp34ZQabAdlLs9oKROyloTVY
+erQrhgVVrfn7ViCqhvru19faIgMwPvE3v7WkPZ4/NL4
+-> ssh-ed25519 elCEeg C55GXvjhHsGod2OoQGWPxDuzKEFcE7BrYKKtBGPiWzE
+MLCBn4FulA9M3mPnmMflqWaEcoMwvKPWRfwALceFNRU
+-> @b_F0-grease {VD GSb.
+LIaz9WQq+QPF7KAUifTlTNjA3gWfdxTJRugPL+6Yyvp8upBJ7fVXWlBVy4rzwA
+--- IWxpAEJY4zpLFtrWPRh7dlM9o0dw4iNmDDRvNm//fMw
+<EFBFBD>p˜ïÖœ±U3¿Ÿ¦QímÜ^Ó
+g«a
{@ë×…ø
+û(ôiøÈþf<C3BE>tŸó˜™æ5P!àýïŠuÅ<75>ŸŽÀ,aféí
+nè[ûÖÜe&`uÚDâ¦e¾À|€Dù(Z9œ§sÜ)'-âŒ²UPé íóŒ¿ÕˆZƒòŒÿ_kôJ•3£ºÿJ—oÖÊ,›<9ø[ß
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -24,6 +24,7 @@ let
  skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIFPXJswth8H1k8+zrg8vCnPkfG1hIIa3wR9DBmjpB5 root@skynet";
  earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth";
  cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie";
+  marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin";

  systems = [
    agentjones
@ -39,6 +40,7 @@ let
    skynet
    earth
    cadie
+    marvin
  ];

  dns = [