Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into #3_update_packages

Browse source
This commit is contained in:
silver 2023-08-06 21:44:47 +01:00
commit 19b342b987
9 changed files with 68 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitlab-ci.yml
View file

@ -88,8 +88,6 @@ deploy:
deploy_gitlab:
stage: deploy
needs:
- deploy
tags:
- nix
before_script:

59
applications/acme.nix
View file

@ -1,29 +1,42 @@
{ config, ... }:{
# group that will own the certificates
users.groups.acme = {};
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.skynet_acme;
in {
imports = [];
age.secrets.acme.file = ../secrets/dns_certs.secret.age;
security.acme = {
preliminarySelfsigned = false;
acceptTerms = true;
defaults = {
email = "admin_acme@skynet.ie";
# we use our own dns authorative server for verifying we own the domain.
dnsProvider = "rfc2136";
credentialsFile = config.age.secrets.acme.path;
options.skynet_acme = {
domains = lib.mkOption {
default = [ ];
type = lib.types.listOf lib.types.str;
description = ''
A list of domains to use for this server.
'';
};
};
certs = {
"skynet" = {
domain = "skynet.ie";
extraDomainNames = [
"*.skynet.ie"
"*.minecraft.games.skynet.ie"
"*.pages.skynet.ie"
"api.account.skynet.ie"
];
config = {
# group that will own the certificates
users.groups.acme = {};
age.secrets.acme.file = ../secrets/dns_certs.secret.age;
security.acme = {
preliminarySelfsigned = false;
acceptTerms = true;
defaults = {
email = "admin_acme@skynet.ie";
# we use our own dns authorative server for verifying we own the domain.
dnsProvider = "rfc2136";
credentialsFile = config.age.secrets.acme.path;
};
certs = {
"skynet" = {
domain = "skynet.ie";
extraDomainNames = cfg.domains;
};
};
};
};

4
applications/email.nix
View file

@ -97,6 +97,10 @@
age.secrets.ldap_pw.file = ../secrets/ldap/pw.age;
skynet_acme.domains = [
"${cfg.sub}.${cfg.domain}"
];
# set up dns record for it
skynet_dns.records = [
# basic one

5
applications/games/minecraft.nix
View file

@ -53,6 +53,11 @@
"ip daddr ${cfg.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept"
];
skynet_acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
"*.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
];
skynet_dns.records = [
# the minecraft (web) config server
{record="config.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;}

6
applications/gitlab.nix
View file

@ -93,6 +93,12 @@
group = cfg.user;
};
skynet_acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
# Lets Encrypt seems to have a 4 levels limit for certs
"*.pages.${cfg.domain.base}.${cfg.domain.tld}"
];
# using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide
skynet_dns.records = [
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}

4
applications/ldap.nix
View file

@ -77,6 +77,10 @@ Gonna use a priper nixos module for this
group = "openldap";
};
skynet_acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
];
skynet_dns.records = [
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
];

4
applications/ldap/ldap_backend.nix
View file

@ -49,6 +49,10 @@
age.secrets.ldap_self_service.file = ../../secrets/ldap/self_service.age;
skynet_acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
];
skynet_dns.records = [
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
];

5
applications/skynet.ie.nix
View file

@ -21,6 +21,11 @@
};
config = {
skynet_acme.domains = [
# the root one is already covered by teh certificate
"2016.skynet.ie"
];
skynet_dns.records = [
# means root domain, so skynet.ie
{record="@"; r_type="A"; value=cfg.host.ip;}

4
applications/ulfm.nix
View file

@ -50,6 +50,10 @@
8000
];
skynet_acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
];
skynet_dns.records = [
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
];