Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of gitlab.com:c2842/computer_society/nixos

Browse source
This commit is contained in:
silver 2023-07-05 18:32:09 +01:00
commit 0d13f47f80
8 changed files with 94 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
applications/email.nix
View file

@ -1,6 +1,15 @@
{ config, pkgs, lib, ...}: with lib; { config, pkgs, lib, ...}: with lib;
let let
cfg = config.services.skynet_email; cfg = config.services.skynet_email;
# create teh new strings
create_filter_array = map (x: "(memberOf=cn=${x},ou=groups,${cfg.ldap.base})");
create_filter_join = (x: concatStringsSep "" x);
# thought you could escape racket?
create_filter = (groups: create_filter_join (create_filter_array groups) );
in { in {
imports = [ imports = [
@ -31,7 +40,7 @@
domain = mkOption { domain = mkOption {
type = types.str; type = types.str;
default = "ulcompsoc.ie"; default = "skynet.ie";
description = lib.mdDoc "domaino"; description = lib.mdDoc "domaino";
}; };
@ -41,6 +50,19 @@
description = lib.mdDoc "mailserver subdomain"; description = lib.mdDoc "mailserver subdomain";
}; };
groups = mkOption {
type = types.listOf types.str;
default = [
# general skynet users
"skynet-users"
# C&S folsk get access
"skynet-cns"
# skynet service accounts
"skynet-service"
];
description = lib.mdDoc "Groups we want to allow access to the email";
};
ldap = { ldap = {
hosts = mkOption { hosts = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
@ -69,7 +91,6 @@
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -102,12 +123,8 @@
cfg.domain cfg.domain
]; ];
#hierarchySeparator = "/"; # 20MB max size
messageSizeLimit = 20000000;
# 100MB max size
messageSizeLimit = 100000000;
#localDnsResolver = false;
ldap = { ldap = {
enable = true; enable = true;
@ -116,37 +133,25 @@
dn = cfg.ldap.bind_dn; dn = cfg.ldap.bind_dn;
passwordFile = config.age.secrets.ldap_pw.path; passwordFile = config.age.secrets.ldap_pw.path;
}; };
searchBase = cfg.ldap.searchBase; searchBase = cfg.ldap.searchBase;
searchScope = "sub"; searchScope = "sub";
dovecot = { dovecot = {
#userAttrs = "uidNumber=uid,gidNumber=gid,skMail=mail";
# use the set email account
#userFilter = "(&(memberOf=cn=skynet-users,ou=groups,${cfg.ldap.base}))(uid=%n))";
#userFilter = "(&(objectClass=posixAccount)(uid=%u))";
userFilter = "(skMail=%u)"; userFilter = "(skMail=%u)";
# "fix" until userAttrs is fixed # accept emails in, but only allow access to paid up members
#passAttrs = ''uid=user,userPassword=password passFilter = "(&(|${create_filter cfg.groups})(skMail=%u))";
#user_attrs = uidNumber=uid,gidNumber=gid,mail=/var/vmail/%u/%d
#'';
passFilter = "(skMail=%u)";
}; };
postfix = { postfix = {
filter = "(skMail=%s)"; filter = "(|(skMail=%s)(uid=%s))";
# these may be reversed???
# https://gist.github.com/calbrecht/bca39174f39a74e52a6d05bf630ad495
uidAttribute = "skMail"; uidAttribute = "skMail";
mailAttribute = "skMail"; mailAttribute = "skMail";
}; };
}; };
# feckin spammers # feckin spammers
rejectRecipients = [ rejectRecipients = [

3
applications/games/minecraft.nix
View file

@ -64,6 +64,7 @@
# gsoc.minecraft.games.skynet.ie # gsoc.minecraft.games.skynet.ie
"gsoc.${cfg.domain.sub} CNAME ${cfg.host.name}" "gsoc.${cfg.domain.sub} CNAME ${cfg.host.name}"
"gsoc_abridged.${cfg.domain.sub} CNAME ${cfg.host.name}"
]; ];
}; };
@ -107,7 +108,7 @@
ports = [ "25565:25565/tcp" ]; ports = [ "25565:25565/tcp" ];
expose = [ "25565" ]; expose = [ "25565" ];
command = [ command = [
"--mapping=compsoc_classic.${short_domain}=mc_config:20000,compsoc.${short_domain}=mc_config:20001,gsoc.${short_domain}=mc_config:20002" "--mapping=compsoc_classic.${short_domain}=mc_config:20000,compsoc.${short_domain}=mc_config:20001,gsoc.${short_domain}=mc_config:20002,gsoc.${short_domain}=mc_config:20002,gsoc_abridged.${short_domain}=mc_config:20003"
]; ];
}; };

2
applications/restic.nix
View file

@ -39,7 +39,7 @@
{ {
name = value.config.services.skynet_backup.host.name; name = value.config.services.skynet_backup.host.name;
value = base // { value = base // {
repositoryFile = "${destination}/${value.config.services.skynet_backup.host.name}"; repositoryFile = "/etc/skynet/restic/${value.config.services.skynet_backup.host.name}";
backupPrepareCommand = '' backupPrepareCommand = ''
#!${pkgs.stdenv.shell} #!${pkgs.stdenv.shell}

6
flake.lock
View file

@ -280,11 +280,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1684569145, "lastModified": 1688416558,
"narHash": "sha256-Dr8KAgjiGuigTgEp7zFO08zPA5o0RxzoPad+oDtg/G0=", "narHash": "sha256-v9UudcBYAHssB+e6Mip+5dOClFlPwy80wJjbpUMomJk=",
"owner": "mweinelt", "owner": "mweinelt",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "5d13cf0550bd5b201b28f116acc5f4b19dd5d753", "rev": "a1c985f325300fc8bca3e8dfe5a9676c10ab1055",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {

4
machines/agentjones.nix
View file

@ -50,7 +50,7 @@ in {
eno2 = { eno2 = {
ipv4.addresses = [ ipv4.addresses = [
{ {
address = "193.1.99.72"; address = ip_pub;
prefixLength = 26; prefixLength = 26;
} }
]; ];
@ -60,7 +60,7 @@ in {
ipv4.addresses = [ ipv4.addresses = [
{ {
# internal address # internal address
address = "193.1.99.125"; address = ip_priv;
prefixLength = 26; prefixLength = 26;
} }
]; ];

2
machines/gir.nix
View file

@ -53,5 +53,7 @@ in {
# the name is used for dns # the name is used for dns
name = name; name = name;
}; };
domain = "ulcompsoc.ie";
}; };
} }

40
machines/hardware/RM007.nix Normal file
View file

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/c48817e1-036f-49a7-adae-f63fc6c03cd5";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/76CE-C65E";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/eced30bd-b785-43e0-a202-cdaee7e0f4f7"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

16
machines/neuromancer.nix
View file

@ -20,9 +20,21 @@ let
in { in {
imports = [ imports = [
./hardware/RM007.nix
../applications/restic.nix ../applications/restic.nix
]; ];
networking.hostName = name;
# this has to be defined for any physical servers
# vms are defined by teh vm host
networking.interfaces.eno1.ipv4.addresses = [
{
address = ip_pub;
prefixLength = 26;
}
];
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
@ -42,7 +54,9 @@ in {
}; };
services.skynet_backup = { services.skynet_backup = {
normal.backups = ["/etc/skynet"]; normal.backups = [
#"/etc/skynet"
];
host = { host = {