Skynet/nixos
7
1
Fork 0
Code Issues 45 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: eol conversion round 2

Browse source
This commit is contained in:
silver 2023-01-25 11:48:44 +00:00
parent 180feb17ec
commit 3d7f99946a
17 changed files with 1324 additions and 1324 deletions
Download patch file Download diff file Expand all files Collapse all files

74
machines/_base.nix
View file

@ -1,37 +1,37 @@
{ pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
];
# flakes are essensial
nix.settings.experimental-features = [ "nix-command" "flakes" ];
system.stateVersion = "22.11";
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
};
users.users.root = {
initialHashedPassword = "";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"
];
};
environment.systemPackages = [
# for flakes
pkgs.git
# useful tools
pkgs.ncdu_2
pkgs.htop
pkgs.nano
pkgs.nmap
];
}
{ pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
];
# flakes are essensial
nix.settings.experimental-features = [ "nix-command" "flakes" ];
system.stateVersion = "22.11";
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
};
users.users.root = {
initialHashedPassword = "";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"
];
};
environment.systemPackages = [
# for flakes
pkgs.git
# useful tools
pkgs.ncdu_2
pkgs.htop
pkgs.nano
pkgs.nmap
];
}

210
machines/agentjones.nix
View file

@ -1,105 +1,105 @@
/*
Name: https://matrix.fandom.com/wiki/Agent_Jones
Type: Physical
Hardware: PowerEdge r210
From: 2011 (?)
Role: Firewall
Notes: Used to have Agent Smith as a partner but it died (Ironically)
*/
{ pkgs, lib, nodes, ... }:
let
# name of the server, sets teh hostname and record for it
name = "agentjones";
ip_pub = "193.1.99.72";
ip_priv = "172.20.20.1";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
./hardware/agentjones.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
skynet_dns.records = {
external = [
"${name} A ${ip_pub}"
];
cname = [];
};
networking.hostName = name;
# this has to be defined for any physical servers
# vms are defined by teh vm host
networking.interfaces = {
eno1 = {
ipv4.routes = [
# {
# address = "193.1.99.72";
# prefixLength = 26;
# via = "193.1.99.65";
# }
];
};
eno2 = {
useDHCP = false;
ipv4.addresses = [
{
address = "193.1.99.72";
prefixLength = 26;
}
#{
# address = "172.20.20.1";
# prefixLength = 24;
#}
];
};
};
# this server is teh firewall
skynet_firewall = {
# always good to know oneself
own = {
ip = ip_pub;
ports = {
tcp = [
# ssh in
22
];
udp = [];
};
};
enable = true;
# gonna have to get all the
forward = builtins.concatLists (
# using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
lib.attrsets.mapAttrsToList (key: value:
# make sure that anything running this firewall dosent count (recursion otherewise)
# firewall may want to open ports in itself but can deal with that later
if builtins.hasAttr "skynet_firewall" value.config
then (
if value.config.skynet_firewall.enable
then []
else value.config.skynet_firewall.forward
)
else []
) nodes
);
};
}
/*
Name: https://matrix.fandom.com/wiki/Agent_Jones
Type: Physical
Hardware: PowerEdge r210
From: 2011 (?)
Role: Firewall
Notes: Used to have Agent Smith as a partner but it died (Ironically)
*/
{ pkgs, lib, nodes, ... }:
let
# name of the server, sets teh hostname and record for it
name = "agentjones";
ip_pub = "193.1.99.72";
ip_priv = "172.20.20.1";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
./hardware/agentjones.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
skynet_dns.records = {
external = [
"${name} A ${ip_pub}"
];
cname = [];
};
networking.hostName = name;
# this has to be defined for any physical servers
# vms are defined by teh vm host
networking.interfaces = {
eno1 = {
ipv4.routes = [
# {
# address = "193.1.99.72";
# prefixLength = 26;
# via = "193.1.99.65";
# }
];
};
eno2 = {
useDHCP = false;
ipv4.addresses = [
{
address = "193.1.99.72";
prefixLength = 26;
}
#{
# address = "172.20.20.1";
# prefixLength = 24;
#}
];
};
};
# this server is teh firewall
skynet_firewall = {
# always good to know oneself
own = {
ip = ip_pub;
ports = {
tcp = [
# ssh in
22
];
udp = [];
};
};
enable = true;
# gonna have to get all the
forward = builtins.concatLists (
# using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
lib.attrsets.mapAttrsToList (key: value:
# make sure that anything running this firewall dosent count (recursion otherewise)
# firewall may want to open ports in itself but can deal with that later
if builtins.hasAttr "skynet_firewall" value.config
then (
if value.config.skynet_firewall.enable
then []
else value.config.skynet_firewall.forward
)
else []
) nodes
);
};
}

182
machines/ash.nix
View file

@ -1,91 +1,91 @@
/*
Name: https://en.wikipedia.org/wiki/Ash_(Alien)
Why: Infilitrate into the network
Type: VM
Hardware: -
From: 2023
Role: Wireguard (VPN) Server
Notes: Thius vpn is for admin use only, to give access to all the servers via ssh
*/
{ pkgs, lib, nodes, ... }:
let
# name of the server, sets teh hostname and record for it
name = "ash";
ip_pub = "193.1.99.75";
ip_priv = "172.20.20.5";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
# these two are to be able to add the rules for firewall and dns
# open the firewall for this
skynet_firewall.forward = [
"ip saddr ${ip_pub} udp dport 51820 counter packets 0 bytes 0 accept"
];
skynet_dns.records = {
external = [
"${name} A ${ip_pub}"
];
cname = [
#may asw ell add a cname for this
"wg CNAME ${name}"
];
};
age.secrets.wireguard.file = ../secrets/wireguard.age;
networking = {
nat = {
enable = true;
externalInterface = "eth0";
internalInterfaces = ["wg0"];
};
firewall = {
allowedTCPPorts = [22];
allowedUDPPorts = [8000];
interfaces.wg0 = {
allowedTCPPorts = [53];
allowedUDPPorts = [53];
};
};
wireguard.interfaces.wg0 = {
# may need to change this to the same base as the full network
ips = ["172.20.21.0/24"];
listenPort = 8000;
privateKeyFile = "/run/agenix/wireguard";
peers = [
{ # silver - Brendan
publicKey = "46jMR/DzJ4rQCR8MBqLMwcyr2tsSII/xeCjihb6EQgQ=";
allowedIPs = [ "172.20.21.2/32" ];
}
];
};
};
environment.systemPackages = [
# needed to generate keys
pkgs.wireguard-tools
];
}
/*
Name: https://en.wikipedia.org/wiki/Ash_(Alien)
Why: Infilitrate into the network
Type: VM
Hardware: -
From: 2023
Role: Wireguard (VPN) Server
Notes: Thius vpn is for admin use only, to give access to all the servers via ssh
*/
{ pkgs, lib, nodes, ... }:
let
# name of the server, sets teh hostname and record for it
name = "ash";
ip_pub = "193.1.99.75";
ip_priv = "172.20.20.5";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
# these two are to be able to add the rules for firewall and dns
# open the firewall for this
skynet_firewall.forward = [
"ip saddr ${ip_pub} udp dport 51820 counter packets 0 bytes 0 accept"
];
skynet_dns.records = {
external = [
"${name} A ${ip_pub}"
];
cname = [
#may asw ell add a cname for this
"wg CNAME ${name}"
];
};
age.secrets.wireguard.file = ../secrets/wireguard.age;
networking = {
nat = {
enable = true;
externalInterface = "eth0";
internalInterfaces = ["wg0"];
};
firewall = {
allowedTCPPorts = [22];
allowedUDPPorts = [8000];
interfaces.wg0 = {
allowedTCPPorts = [53];
allowedUDPPorts = [53];
};
};
wireguard.interfaces.wg0 = {
# may need to change this to the same base as the full network
ips = ["172.20.21.0/24"];
listenPort = 8000;
privateKeyFile = "/run/agenix/wireguard";
peers = [
{ # silver - Brendan
publicKey = "46jMR/DzJ4rQCR8MBqLMwcyr2tsSII/xeCjihb6EQgQ=";
allowedIPs = [ "172.20.21.2/32" ];
}
];
};
};
environment.systemPackages = [
# needed to generate keys
pkgs.wireguard-tools
];
}

148
machines/galatea.nix
View file

@ -1,74 +1,74 @@
/*
Name: https://en.wikipedia.org/wiki/Galatea_(mythology)
Why: Created as a product of artistic expression
Type: VM
Hardware: -
From: 2023
Role: Icecast server for ULFM
Notes:
*/
{ pkgs, lib, nodes, config, ... }:
let
# name of the server, sets teh hostname and record for it
name = "galatea";
ip_pub = "193.1.99.111";
ip_priv = "172.20.20.6";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
# dosent seem to be any otehr way to have it like read from a file
feck = "d9J4jDsJPuMPUMAAE4J4tH37HsmxEDze";
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
# these two are to be able to add the rules for firewall and dns
# open the firewall for this
skynet_firewall.forward = [
"ip saddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} tcp dport 8000 counter packets 0 bytes 0 accept"
];
skynet_dns.records = {
external = [
"${name} A ${ip_pub}"
];
cname = [
# this is also the stream server
"stream CNAME ${name}"
];
};
networking.firewall.allowedTCPPorts = [
22
80
443
8000
];
# config for icecast is smol so can have it in this
services.icecast = {
enable = true;
hostname = hostname;
admin = {
user = "admin";
password = feck;
};
};
}
/*
Name: https://en.wikipedia.org/wiki/Galatea_(mythology)
Why: Created as a product of artistic expression
Type: VM
Hardware: -
From: 2023
Role: Icecast server for ULFM
Notes:
*/
{ pkgs, lib, nodes, config, ... }:
let
# name of the server, sets teh hostname and record for it
name = "galatea";
ip_pub = "193.1.99.111";
ip_priv = "172.20.20.6";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
# dosent seem to be any otehr way to have it like read from a file
feck = "d9J4jDsJPuMPUMAAE4J4tH37HsmxEDze";
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
# these two are to be able to add the rules for firewall and dns
# open the firewall for this
skynet_firewall.forward = [
"ip saddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} tcp dport 8000 counter packets 0 bytes 0 accept"
];
skynet_dns.records = {
external = [
"${name} A ${ip_pub}"
];
cname = [
# this is also the stream server
"stream CNAME ${name}"
];
};
networking.firewall.allowedTCPPorts = [
22
80
443
8000
];
# config for icecast is smol so can have it in this
services.icecast = {
enable = true;
hostname = hostname;
admin = {
user = "admin";
password = feck;
};
};
}

122
machines/optimus.nix
View file

@ -1,61 +1,61 @@
/*
Name: https://en.wikipedia.org/wiki/Optimus_Prime
Why: Created to sell toys so this vm is for games
Type: VM
Hardware: -
From: 2023
Role: Game host
Notes:
*/
{ pkgs, lib, nodes, arion, ... }:
let
# name of the server, sets teh hostname and record for it
name = "optimus";
ip_pub = "193.1.99.112";
ip_priv = "172.20.20.7";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
../applications/games.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
# these two are to be able to add the rules for firewall and dns
# open the firewall for this
skynet_firewall.forward = [
"ip saddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} tcp dport 25565 counter packets 0 bytes 0 accept"
];
skynet_dns.records = {
external = [
"${name} A ${ip_pub}"
];
cname = [
# the games are each going to have a subdomain on this
"games CNAME ${name}"
];
};
networking.firewall.allowedTCPPorts = [
22
80
443
25565
];
}
/*
Name: https://en.wikipedia.org/wiki/Optimus_Prime
Why: Created to sell toys so this vm is for games
Type: VM
Hardware: -
From: 2023
Role: Game host
Notes:
*/
{ pkgs, lib, nodes, arion, ... }:
let
# name of the server, sets teh hostname and record for it
name = "optimus";
ip_pub = "193.1.99.112";
ip_priv = "172.20.20.7";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
../applications/games.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
# these two are to be able to add the rules for firewall and dns
# open the firewall for this
skynet_firewall.forward = [
"ip saddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} tcp dport 25565 counter packets 0 bytes 0 accept"
];
skynet_dns.records = {
external = [
"${name} A ${ip_pub}"
];
cname = [
# the games are each going to have a subdomain on this
"games CNAME ${name}"
];
};
networking.firewall.allowedTCPPorts = [
22
80
443
25565
];
}

192
machines/vendetta.nix
View file

@ -1,96 +1,96 @@
/*
Name: https://masseffect.fandom.com/wiki/Vendetta
Why: Vendetta held troves of important data waiting for folks to request it.
Type: VM
Hardware: -
From: 2023
Role: DNS Server
Notes:
*/
{ pkgs, lib, nodes, ... }:
let
# name of the server, sets teh hostname and record for it
name = "vendetta";
ip_pub = "193.1.99.120";
ip_priv = "172.20.20.3";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
# sets which nameserver it is
ns = "ns1";
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
networking = {
firewall = {
allowedTCPPorts = [22 53];
allowedUDPPorts = [53];
};
};
# open the firewall for this
skynet_firewall.forward = [
"ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
];
skynet_dns = {
enable = true;
# this server will have to have dns records
own = {
nameserver = ns;
external = [
"${name} A ${ip_pub}"
"${ns} A ${ip_pub}"
# needs this, temporally
"mail A ${ip_pub}"
];
cname = [
#"misc CNAME vendetta"
];
};
records = {
# using the same logic as the firewall, comments there
external = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config
then (
if value.config.skynet_dns.enable
then value.config.skynet_dns.own.external
else value.config.skynet_dns.records.external
)
else []
) nodes
);
cname = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config
then (
if value.config.skynet_dns.enable
then value.config.skynet_dns.own.cname
else value.config.skynet_dns.records.cname
)
else []
) nodes
);
};
};
}
/*
Name: https://masseffect.fandom.com/wiki/Vendetta
Why: Vendetta held troves of important data waiting for folks to request it.
Type: VM
Hardware: -
From: 2023
Role: DNS Server
Notes:
*/
{ pkgs, lib, nodes, ... }:
let
# name of the server, sets teh hostname and record for it
name = "vendetta";
ip_pub = "193.1.99.120";
ip_priv = "172.20.20.3";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
# sets which nameserver it is
ns = "ns1";
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
networking = {
firewall = {
allowedTCPPorts = [22 53];
allowedUDPPorts = [53];
};
};
# open the firewall for this
skynet_firewall.forward = [
"ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
];
skynet_dns = {
enable = true;
# this server will have to have dns records
own = {
nameserver = ns;
external = [
"${name} A ${ip_pub}"
"${ns} A ${ip_pub}"
# needs this, temporally
"mail A ${ip_pub}"
];
cname = [
#"misc CNAME vendetta"
];
};
records = {
# using the same logic as the firewall, comments there
external = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config
then (
if value.config.skynet_dns.enable
then value.config.skynet_dns.own.external
else value.config.skynet_dns.records.external
)
else []
) nodes
);
cname = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config
then (
if value.config.skynet_dns.enable
then value.config.skynet_dns.own.cname
else value.config.skynet_dns.records.cname
)
else []
) nodes
);
};
};
}

184
machines/vigil.nix
View file

@ -1,92 +1,92 @@
/*
Name: https://masseffect.fandom.com/wiki/Vigil
Why: Counterpart to Vendetta
Type: VM
Hardware: -
From: 2023
Role: DNS Server
Notes:
*/
{ pkgs, lib, nodes, ... }:
let
name = "vigil";
ip_pub = "193.1.99.109";
ip_priv = "172.20.20.4";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
# sets which nameserver it is
ns = "ns2";
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
networking = {
firewall = {
allowedTCPPorts = [22 53];
allowedUDPPorts = [53];
};
};
# open the firewall for this
skynet_firewall.forward = [
"ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
];
skynet_dns = {
enable = true;
# this server will have to have dns records
own = {
nameserver = ns;
external = [
"${name} A ${ip_pub}"
"${ns} A ${ip_pub}"
];
cname = [
#"misc CNAME vendetta"
];
};
records = {
# using the same logic as the firewall, comments there
external = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config
then (
if value.config.skynet_dns.enable
then value.config.skynet_dns.own.external
else value.config.skynet_dns.records.external
)
else []
) nodes
);
cname = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config
then (
if value.config.skynet_dns.enable
then value.config.skynet_dns.own.cname
else value.config.skynet_dns.records.cname
)
else []
) nodes
);
};
};
}
/*
Name: https://masseffect.fandom.com/wiki/Vigil
Why: Counterpart to Vendetta
Type: VM
Hardware: -
From: 2023
Role: DNS Server
Notes:
*/
{ pkgs, lib, nodes, ... }:
let
name = "vigil";
ip_pub = "193.1.99.109";
ip_priv = "172.20.20.4";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
# sets which nameserver it is
ns = "ns2";
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
networking = {
firewall = {
allowedTCPPorts = [22 53];
allowedUDPPorts = [53];
};
};
# open the firewall for this
skynet_firewall.forward = [
"ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
];
skynet_dns = {
enable = true;
# this server will have to have dns records
own = {
nameserver = ns;
external = [
"${name} A ${ip_pub}"
"${ns} A ${ip_pub}"
];
cname = [
#"misc CNAME vendetta"
];
};
records = {
# using the same logic as the firewall, comments there
external = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config
then (
if value.config.skynet_dns.enable
then value.config.skynet_dns.own.external
else value.config.skynet_dns.records.external
)
else []
) nodes
);
cname = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config
then (
if value.config.skynet_dns.enable
then value.config.skynet_dns.own.cname
else value.config.skynet_dns.records.cname
)
else []
) nodes
);
};
};
}