diff --git a/applications/_base.nix b/applications/_base.nix new file mode 100644 index 0000000..bd1f017 --- /dev/null +++ b/applications/_base.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + # root service + cfg = config.services.skynet; +in { + imports = [ + ./acme.nix + ./dns.nix + ./nginx.nix + ]; + + options.services.skynet = { + # since we use this basically everywhere provide a standard way to set it + host = { + ip = mkOption { + type = types.str; + }; + name = mkOption { + type = types.str; + }; + hostname = mkOption { + type = types.str; + default = "${cfg.host.name}.skynet.ie"; + }; + }; + }; + + config = { + services.skynet.dns.records = [ + { + record = cfg.host.name; + r_type = "A"; + value = cfg.host.ip; + server = true; + } + { + record = cfg.host.ip; + r_type = "PTR"; + value = cfg.host.hostname; + } + ]; + + services.nginx = { + virtualHosts = { + # for every server unless explisitly defined redirect the ip to skynet.ie + "${cfg.host.ip}" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/".return = "307 https://skynet.ie"; + }; + }; + }; + }; +} diff --git a/applications/bitwarden/vaultwarden.nix b/applications/bitwarden/vaultwarden.nix index 68698dd..52e0422 100644 --- a/applications/bitwarden/vaultwarden.nix +++ b/applications/bitwarden/vaultwarden.nix @@ -19,17 +19,7 @@ in { ]; options.services.skynet."${name}" = { - enable = mkEnableOption "Skynet vaultwarden server"; - - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; + enable = mkEnableOption "Skynet VaultWarden server"; }; config = mkIf cfg.enable { @@ -44,16 +34,11 @@ in { { record = domain_sub; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; "${domain}" = { forceSSL = true; useACMEHost = "skynet"; diff --git a/applications/email.nix b/applications/email.nix index 8ab3c72..ade5e0f 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -134,16 +134,6 @@ in { enable = mkEnableOption "Skynet Email"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = mkOption { type = types.str; default = "skynet.ie"; @@ -246,12 +236,6 @@ in { # to provide the certs services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; - "mail.skynet.ie" = { forceSSL = true; useACMEHost = "mail"; @@ -291,7 +275,7 @@ in { { record = "mail"; r_type = "A"; - value = cfg.host.ip; + value = config.services.skynet.host.ip; } #DNS config for K-9 Mail { @@ -345,7 +329,7 @@ in { # reverse pointer { - record = cfg.host.ip; + record = config.services.skynet.host.ip; r_type = "PTR"; value = "${cfg.sub}.${cfg.domain}."; } diff --git a/applications/games.nix b/applications/games.nix index b6dd735..7ffd9f7 100644 --- a/applications/games.nix +++ b/applications/games.nix @@ -18,16 +18,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Games"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -52,7 +42,7 @@ in { { record = cfg.domain.sub; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; @@ -61,12 +51,6 @@ in { ]; services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; - "${cfg.domain.sub}.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; @@ -78,11 +62,6 @@ in { services.skynet.games_minecraft = { enable = true; - host = { - ip = cfg.host.ip; - name = cfg.domain.sub; - }; - domain = { sub = "minecraft.${cfg.domain.sub}"; }; diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix index 4c20a69..8953efe 100644 --- a/applications/games/minecraft.nix +++ b/applications/games/minecraft.nix @@ -23,16 +23,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Games Minecraft"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -53,9 +43,9 @@ in { config = mkIf cfg.enable { skynet_firewall.forward = [ - "ip daddr ${cfg.host.ip} tcp dport 80 counter packets 0 bytes 0 accept" - "ip daddr ${cfg.host.ip} tcp dport 443 counter packets 0 bytes 0 accept" - "ip daddr ${cfg.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept" + "ip daddr ${config.services.skynet.host.ip} tcp dport 80 counter packets 0 bytes 0 accept" + "ip daddr ${config.services.skynet.host.ip} tcp dport 443 counter packets 0 bytes 0 accept" + "ip daddr ${config.services.skynet.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept" ]; services.skynet.acme.domains = [ @@ -68,38 +58,38 @@ in { { record = "config.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } # our own minecraft hosts { record = "compsoc_classic.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "compsoc.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } # gsoc servers { record = "gsoc.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "gsoc_abridged.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } # phildeb { record = "phildeb.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; @@ -109,12 +99,6 @@ in { ]; services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; - # https://config.minecraft.games.skynet.ie "config.${short_domain}" = { forceSSL = true; diff --git a/applications/gitlab.nix b/applications/gitlab.nix index 32f0ddc..80664af 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -21,16 +21,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Gitlab"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -111,13 +101,13 @@ in { { record = cfg.domain.sub; r_type = "A"; - value = cfg.host.ip; + value = config.services.skynet.host.ip; } # for gitlab pages { record = "*.pages.${cfg.domain.base}.${cfg.domain.tld}."; r_type = "A"; - value = cfg.host.ip; + value = config.services.skynet.host.ip; } # for email @@ -127,7 +117,7 @@ in { value = ''10 ${domain_full}.''; } { - record = cfg.host.ip; + record = config.services.skynet.host.ip; r_type = "PTR"; value = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}."; } @@ -151,12 +141,6 @@ in { services.openssh.ports = [22 2222]; services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; - # main site "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { forceSSL = true; @@ -264,7 +248,7 @@ in { # default for pages is set to 8090 but that leaves an "ugly" port in the url, # override it here to make it look good port = 80; - #external_http = ["${cfg.host.ip}:80"]; + #external_http = ["${config.services.skynet.host.ip}:80"]; }; }; }; diff --git a/applications/grafana.nix b/applications/grafana.nix index a7f4e00..15c076f 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -16,15 +16,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Grafana Server"; - host = { - ip = mkOption { - type = types.str; - }; - name = mkOption { - type = types.str; - }; - }; - datasource = { name = mkOption { type = types.str; @@ -41,7 +32,7 @@ in { { record = "${name}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index 177add3..b4b0e13 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -21,16 +21,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Skynet LDAP backend server"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -65,7 +55,7 @@ in { { record = cfg.domain.sub; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/ldap/server.nix b/applications/ldap/server.nix index 9f041f0..67bd1fc 100644 --- a/applications/ldap/server.nix +++ b/applications/ldap/server.nix @@ -18,7 +18,6 @@ in { ../acme.nix ../dns.nix ../nginx.nix - ./backend.nix ]; options.services.skynet."${name}" = { @@ -26,16 +25,6 @@ in { enable = mkEnableOption "Skynet LDAP service"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -65,13 +54,6 @@ in { }; config = mkIf cfg.enable { - # passthrough to the backend - services.skynet.ldap_backend = { - enable = true; - host.ip = cfg.host.ip; - host.name = cfg.host.name; - }; - # after changing teh password openldap.service has to be restarted age.secrets.ldap_pw = { file = ../../secrets/ldap/pw.age; @@ -88,7 +70,7 @@ in { { record = cfg.domain.sub; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index 2b5bad6..02bc5f6 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -18,16 +18,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Nextcloud"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -64,12 +54,12 @@ in { { record = cfg.domain.sub; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "onlyoffice.${cfg.domain.sub}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; @@ -109,11 +99,6 @@ in { }; services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; ${domain} = { forceSSL = true; useACMEHost = "skynet"; diff --git a/applications/nix_cache/nix_cache.nix b/applications/nix_cache/nix_cache.nix index 88fe408..6716146 100644 --- a/applications/nix_cache/nix_cache.nix +++ b/applications/nix_cache/nix_cache.nix @@ -29,17 +29,10 @@ in { ]; options.services.skynet."${name}" = { - host = { - ip = mkOption { - type = types.str; - }; - name = mkOption { - type = types.str; - }; - }; + enable = mkEnableOption "Skynet Nix Cache"; }; - config = { + config = mkIf cfg.enable { services.skynet.acme.domains = [ "${name}.skynet.ie" ]; @@ -48,7 +41,7 @@ in { { record = "${name}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/open_governance/keyserver.nix b/applications/open_governance/keyserver.nix index 56c9441..c507a50 100644 --- a/applications/open_governance/keyserver.nix +++ b/applications/open_governance/keyserver.nix @@ -18,17 +18,10 @@ in { ]; options.services.skynet."${name}" = { - host = { - ip = mkOption { - type = types.str; - }; - name = mkOption { - type = types.str; - }; - }; + enable = mkEnableOption "Skynet Public Keyserver"; }; - config = { + config = mkIf cfg.enable { services.skynet.acme.domains = [ "${name}.skynet.ie" ]; @@ -37,7 +30,7 @@ in { { record = "${name}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/open_governance/open_governance.nix b/applications/open_governance/open_governance.nix index c855f30..93d2974 100644 --- a/applications/open_governance/open_governance.nix +++ b/applications/open_governance/open_governance.nix @@ -20,14 +20,7 @@ in { ]; options.services.skynet."${name}" = { - host = { - ip = mkOption { - type = types.str; - }; - name = mkOption { - type = types.str; - }; - }; + enable = mkEnableOption "Skynet Open Governance"; }; config = { @@ -39,7 +32,7 @@ in { { record = "${name}"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/prometheus.nix b/applications/prometheus.nix index eb15c48..556a16e 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -13,15 +13,6 @@ in { options.services.skynet."${name}" = { server = { enable = mkEnableOption "Prometheus Server"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; port = mkOption { type = types.port; diff --git a/applications/restic.nix b/applications/restic.nix index 09365c6..df273e6 100644 --- a/applications/restic.nix +++ b/applications/restic.nix @@ -39,21 +39,23 @@ with lib; let lib.attrsets.mapAttrsToList ( key: value: let backup = value.config.services.skynet.backup; + backup_host = value.config.services.skynet.host; in if ( (builtins.hasAttr "backup" value.config.services.skynet) && backup.server.enable - && backup.host.name != cfg.host.name + # chgeck that its not itself + && backup_host.name != config.services.skynet.host.name && !backup.server.appendOnly ) then [ { - name = backup.host.name; + name = backup_host.name; value = base // { - repositoryFile = "/etc/skynet/restic/${backup.host.name}"; + repositoryFile = "/etc/skynet/restic/${backup_host.name}"; backupPrepareCommand = '' #!${pkgs.stdenv.shell} @@ -64,13 +66,13 @@ with lib; let mkdir -p $baseDir cd $baseDir - echo -n "rest:http://root:password@${backup.host.ip}:${toString backup.server.port}/root/${cfg.host.name}" > ${backup.host.name} + echo -n "rest:http://root:password@${backup_host.ip}:${toString backup.server.port}/root/${config.services.skynet.host.name}" > ${backup_host.name} # read in teh password #PW = `cat ${config.age.secrets.restic.path}` line=$(head -n 1 ${config.age.secrets.restic.path}) - sed -i "s/password/$line/g" ${backup.host.name} + sed -i "s/password/$line/g" ${backup_host.name} ''; }; } @@ -87,8 +89,7 @@ in { # https://git.hrnz.li/Ulli/nixos/src/commit/5edca2dfdab3ce52208e4dfd2b92951e500f8418/profiles/server/restic.nix # will eb enabled on every server options.services.skynet."${name}" = { - # backup is enabled by default - # enable = mkEnableOption "Skynet backup"; + enable = mkEnableOption "Skynet backup"; # what folders to backup normal = { @@ -128,16 +129,6 @@ in { }; }; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - server = { enable = mkEnableOption "Skynet backup Server"; @@ -176,7 +167,7 @@ in { services.restic.server = { enable = true; - listenAddress = "${cfg.host.ip}:${toString cfg.server.port}"; + listenAddress = "${config.services.skynet.host.ip}:${toString cfg.server.port}"; appendOnly = cfg.server.appendOnly; privateRepos = true; }; @@ -196,7 +187,7 @@ in { # merge teh two configs together # backblaze = base // { # # backupos for each server are stored in a folder under their name - # repository = "b2:NixOS-Main2:/${cfg.host.name}"; + # repository = "b2:NixOS-Main2:/${config.services.skynet.host.name}"; # #environmentFile = config.age.secrets.backblaze.path; # }; }; diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 107dc89..fe83fc4 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -15,17 +15,10 @@ in { ]; options.services.skynet."${name}" = { - host = { - ip = mkOption { - type = types.str; - }; - name = mkOption { - type = types.str; - }; - }; + enable = mkEnableOption "Skynet Main Website"; }; - config = { + config = mkIf cfg.enable { services.skynet.acme.domains = [ # the root one is already covered by teh certificate "2016.skynet.ie" @@ -39,27 +32,27 @@ in { { record = "@"; r_type = "A"; - value = cfg.host.ip; + value = config.services.skynet.host.ip; } { record = "2016"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "discord"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "public"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "renew"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 341822d..0ff76e1 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -17,14 +17,7 @@ in { ]; options.services.skynet."${name}" = { - host = { - ip = mkOption { - type = types.str; - }; - name = mkOption { - type = types.str; - }; - }; + enable = mkEnableOption "Skynet User Linux Server"; }; config = { @@ -48,12 +41,12 @@ in { { record = "users"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } { record = "*.users"; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; @@ -92,12 +85,6 @@ in { }; services.nginx.virtualHosts = { - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; - # main site "*.users.skynet.ie" = { forceSSL = true; diff --git a/applications/ulfm.nix b/applications/ulfm.nix index 77c4401..b1013f3 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -18,16 +18,6 @@ in { options.services.skynet."${name}" = { enable = mkEnableOption "ULFM service"; - host = { - ip = mkOption { - type = types.str; - }; - - name = mkOption { - type = types.str; - }; - }; - domain = { tld = mkOption { type = types.str; @@ -62,14 +52,14 @@ in { { record = cfg.domain.sub; r_type = "CNAME"; - value = cfg.host.name; + value = config.services.skynet.host.name; } ]; skynet_firewall.forward = [ - "ip daddr ${cfg.host.ip} tcp dport 80 counter packets 0 bytes 0 accept" - "ip daddr ${cfg.host.ip} tcp dport 443 counter packets 0 bytes 0 accept" - "ip daddr ${cfg.host.ip} tcp dport 8000 counter packets 0 bytes 0 accept" + "ip daddr ${config.services.skynet.host.ip} tcp dport 80 counter packets 0 bytes 0 accept" + "ip daddr ${config.services.skynet.host.ip} tcp dport 443 counter packets 0 bytes 0 accept" + "ip daddr ${config.services.skynet.host.ip} tcp dport 8000 counter packets 0 bytes 0 accept" ]; users.groups."icecast" = {}; @@ -101,11 +91,6 @@ in { useACMEHost = "skynet"; locations."/".proxyPass = "http://localhost:8000"; }; - "${cfg.host.ip}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://skynet.ie"; - }; }; }; }; diff --git a/machines/_base.nix b/machines/_base.nix index 80a8f5e..5972e49 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -18,6 +18,9 @@ in { # for the secrets inputs.agenix.nixosModules.default + # base config for all servers + ../applications/_base.nix + # every sever may need the firewall config stuff ../applications/firewall.nix diff --git a/machines/agentjones.nix b/machines/agentjones.nix index ee05feb..1fb3c4e 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -20,6 +20,7 @@ Notes: Used to have Agent Smith as a partner but it died (Ironically) host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -35,22 +36,9 @@ in { tags = ["active-firewall"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { + services.skynet = { host = host; + backup.enable = true; }; # keep the wired usb connection alive (front panel) diff --git a/machines/cadie.nix b/machines/cadie.nix index d180703..96a6bed 100644 --- a/machines/cadie.nix +++ b/machines/cadie.nix @@ -21,6 +21,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -35,27 +36,10 @@ in { tags = ["active"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { - host = host; - }; - - services.skynet.nextcloud = { - enable = true; + services.skynet = { host = host; + backup.enable = true; + nextcloud.enable = true; }; # this was causing a conflict for some reason diff --git a/machines/calculon.nix b/machines/calculon.nix index 556b605..30ad6bd 100644 --- a/machines/calculon.nix +++ b/machines/calculon.nix @@ -22,6 +22,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -38,24 +39,11 @@ in { tags = ["active"]; }; - # it has two network devices so two - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - services.skynet = { - nix-cache.host = host; - open-governance.host = host; - keyserver.host = host; + host = host; + backup.enable = true; + nix-cache.enable = true; + open-governance.enable = true; + keyserver.enable = true; }; } diff --git a/machines/earth.nix b/machines/earth.nix index 9854f34..9106027 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -21,6 +21,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -35,26 +36,9 @@ in { tags = ["active-core"]; }; - # it has two network devices so two - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { - host = host; - }; - - services.skynet.website = { + services.skynet = { host = host; + backup.enable = true; + website.enable = true; }; } diff --git a/machines/galatea.nix b/machines/galatea.nix index c32d38b..62af7e3 100644 --- a/machines/galatea.nix +++ b/machines/galatea.nix @@ -22,6 +22,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -36,26 +37,9 @@ in { tags = ["active"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { - host = host; - }; - - services.skynet.ulfm = { - enable = true; + services.skynet = { host = host; + backup.enable = true; + ulfm.enable = true; }; } diff --git a/machines/gir.nix b/machines/gir.nix index 07c5893..0f6dde4 100644 --- a/machines/gir.nix +++ b/machines/gir.nix @@ -21,6 +21,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -35,29 +36,9 @@ in { tags = ["active-core"]; }; - # add this server to dns - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { + services.skynet = { host = host; - }; - - # we use this to pass in teh relevent infomation to the - services.skynet.email = { - enable = true; - host = host; - domain = "skynet.ie"; + backup.enable = true; + email.enable = true; }; } diff --git a/machines/glados.nix b/machines/glados.nix index 7b0a277..a745ee6 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -22,6 +22,7 @@ Notes: Each user has roughly 20gb os storage host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -36,26 +37,9 @@ in { tags = ["active-gitlab"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { - host = host; - }; - - services.skynet.gitlab = { - enable = true; + services.skynet = { host = host; + backup.enable = true; + gitlab.enable = true; }; } diff --git a/machines/kitt.nix b/machines/kitt.nix index 29fae63..54474c9 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -22,10 +22,12 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ ../applications/ldap/server.nix + ../applications/ldap/backend.nix ../applications/discord.nix ../applications/bitwarden/vaultwarden.nix ../applications/bitwarden/bitwarden_sync.nix @@ -41,49 +43,20 @@ in { tags = ["active-core"]; }; - # add this server to dns - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { + services.skynet = { host = host; - }; + backup.enable = true; - services.skynet.ldap = { - enable = true; - host = host; - }; + # ldap setup + ldap.enable = true; + ldap_backend.enable = true; - services.skynet.discord_bot = { - enable = true; - }; + # private member services + discord_bot.enable = true; - services.skynet.vaultwarden = { - enable = true; - - host = host; - }; - services.skynet.prometheus = { - server = { - enable = true; - host = host; - }; - }; - - services.skynet.grafana = { - enable = true; - - host = host; + # committee/admin services + vaultwarden.enable = true; + prometheus.server.enable = true; + grafana.enable = true; }; } diff --git a/machines/marvin.nix b/machines/marvin.nix index df99a32..175d61d 100644 --- a/machines/marvin.nix +++ b/machines/marvin.nix @@ -20,6 +20,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; groups = [ @@ -53,23 +54,8 @@ in { sudo_groups = groups; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { + services.skynet = { host = host; + backup.enable = true; }; - - # Put test services below this } diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index 255c503..6e2cbd9 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -21,6 +21,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -48,22 +49,8 @@ in { tags = ["active-core"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { - server.enable = true; + services.skynet = { host = host; + backup.server.enable = true; }; } diff --git a/machines/optimus.nix b/machines/optimus.nix index 111cadf..6f36726 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -22,6 +22,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -36,26 +37,9 @@ in { tags = ["active"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { - host = host; - }; - - services.skynet.games = { - enable = true; + services.skynet = { host = host; + backup.enable = true; + games.enable = true; }; } diff --git a/machines/skynet.nix b/machines/skynet.nix index 0d1442c..360896b 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -24,6 +24,7 @@ Notes: Does not host offical sites host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -39,23 +40,9 @@ in { tags = ["active-ext"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup.host = host; - - services.skynet.website_users = { + services.skynet = { host = host; + backup.enable = true; + website_users.enable = true; }; } diff --git a/machines/vendetta.nix b/machines/vendetta.nix index c46c988..3cff501 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -21,6 +21,7 @@ Notes: Using the server that used to be called Earth host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -49,32 +50,16 @@ in { ]; }; - services.skynet.backup = { + services.skynet = { host = host; - }; - - services.skynet.dns = { - server = { - enable = true; - # primary dns server (ns1) - primary = true; - ip = ip_pub; + backup.enable = true; + dns = { + server = { + enable = true; + # primary dns server (ns1) + primary = true; + ip = ip_pub; + }; }; - - records = [ - # vendetta IN A 193.1.99.120 - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - # 120 IN PTR vendetta.skynet.ie. - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; }; } diff --git a/machines/vigil.nix b/machines/vigil.nix index 7885aa4..421ebaa 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -20,6 +20,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -33,33 +34,16 @@ in { tags = ["active-dns" "dns"]; }; - services.skynet.backup = { + services.skynet = { host = host; - }; - - services.skynet.dns = { - server = { - enable = true; - # secondary dns server (ns2) - primary = false; - ip = ip_pub; + backup.enable = true; + dns = { + server = { + enable = true; + # secondary dns server (ns2) + primary = false; + ip = ip_pub; + }; }; - - # this server will have to have dns records - records = [ - # vigil IN A 193.1.99.109 - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - # 109 IN PTR vigil.skynet.ie. - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; }; } diff --git a/machines/wheatly.nix b/machines/wheatly.nix index b285ce9..308bef9 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -21,6 +21,7 @@ Notes: host = { ip = ip_pub; name = name; + hostname = hostname; }; in { imports = [ @@ -35,26 +36,13 @@ in { tags = ["active-gitlab"]; }; - services.skynet.dns.records = [ - { - record = name; - r_type = "A"; - value = ip_pub; - server = true; - } - { - record = ip_pub; - r_type = "PTR"; - value = hostname; - } - ]; - - services.skynet.backup = { + services.skynet = { host = host; - }; + backup.enable = true; - services.skynet.gitlab_runner = { - enable = true; - runner.name = "runner01"; + gitlab_runner = { + enable = true; + runner.name = "runner01"; + }; }; }