fix: eol conversion round 2

This commit is contained in:
silver 2023-01-25 11:48:44 +00:00
parent 180feb17ec
commit 3d7f99946a
17 changed files with 1324 additions and 1324 deletions

84
.gitattributes vendored
View file

@ -1,42 +1,42 @@
# Documents # Documents
*.pdf filter=lfs diff=lfs merge=lfs -text *.pdf filter=lfs diff=lfs merge=lfs -text
*.doc filter=lfs diff=lfs merge=lfs -text *.doc filter=lfs diff=lfs merge=lfs -text
*.docx filter=lfs diff=lfs merge=lfs -text *.docx filter=lfs diff=lfs merge=lfs -text
# Excel # Excel
*.xls filter=lfs diff=lfs merge=lfs -text *.xls filter=lfs diff=lfs merge=lfs -text
*.xlsx filter=lfs diff=lfs merge=lfs -text *.xlsx filter=lfs diff=lfs merge=lfs -text
*.xlsm filter=lfs diff=lfs merge=lfs -text *.xlsm filter=lfs diff=lfs merge=lfs -text
# Powerpoints # Powerpoints
*.ppt filter=lfs diff=lfs merge=lfs -text *.ppt filter=lfs diff=lfs merge=lfs -text
*.pptx filter=lfs diff=lfs merge=lfs -text *.pptx filter=lfs diff=lfs merge=lfs -text
# Images # Images
*.png filter=lfs diff=lfs merge=lfs -text *.png filter=lfs diff=lfs merge=lfs -text
*.jpg filter=lfs diff=lfs merge=lfs -text *.jpg filter=lfs diff=lfs merge=lfs -text
# Video # Video
*.mkv filter=lfs diff=lfs merge=lfs -text *.mkv filter=lfs diff=lfs merge=lfs -text
*.mp4 filter=lfs diff=lfs merge=lfs -text *.mp4 filter=lfs diff=lfs merge=lfs -text
# Misc # Misc
*.zip filter=lfs diff=lfs merge=lfs -text *.zip filter=lfs diff=lfs merge=lfs -text
# ET4011 # ET4011
*.cbe filter=lfs diff=lfs merge=lfs -text *.cbe filter=lfs diff=lfs merge=lfs -text
*.pbs filter=lfs diff=lfs merge=lfs -text *.pbs filter=lfs diff=lfs merge=lfs -text
# Open/Libre office # Open/Libre office
# from https://www.libreoffice.org/discover/what-is-opendocument/ # from https://www.libreoffice.org/discover/what-is-opendocument/
*.odt filter=lfs diff=lfs merge=lfs -text *.odt filter=lfs diff=lfs merge=lfs -text
*.ods filter=lfs diff=lfs merge=lfs -text *.ods filter=lfs diff=lfs merge=lfs -text
*.odp filter=lfs diff=lfs merge=lfs -text *.odp filter=lfs diff=lfs merge=lfs -text
*.odg filter=lfs diff=lfs merge=lfs -text *.odg filter=lfs diff=lfs merge=lfs -text

48
.gitignore vendored
View file

@ -1,24 +1,24 @@
# IDE folder # IDE folder
/.idea /.idea
# Microsoft office Lockfiles # Microsoft office Lockfiles
~$* ~$*
*.tmp *.tmp
# Test files # Test files
test.* test.*
*.test.* *.test.*
/test /test
# Output of compiling # Output of compiling
/out /out
/build /build
/target /target
# Dealing with BlueJ # Dealing with BlueJ
*.bluej *.bluej
*.out *.out
*.ctxt *.ctxt
# Dealing with Mac users # Dealing with Mac users
.DS_Store .DS_Store

View file

@ -1,148 +1,148 @@
{ lib, pkgs, config, ... }: { lib, pkgs, config, ... }:
let let
cfg = config.skynet_dns; cfg = config.skynet_dns;
in { in {
options = { options = {
skynet_dns = { skynet_dns = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
default = false; default = false;
example = true; example = true;
description = "Skynet DNS"; description = "Skynet DNS";
type = lib.types.bool; type = lib.types.bool;
}; };
own = { own = {
nameserver = lib.mkOption { nameserver = lib.mkOption {
default = "ns1"; default = "ns1";
type = lib.types.str; type = lib.types.str;
description = '' description = ''
the hostname of this nameserver, eg ns1, ns2 the hostname of this nameserver, eg ns1, ns2
''; '';
}; };
external = lib.mkOption { external = lib.mkOption {
default = [ ]; default = [ ];
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
description = '' description = ''
External records like: agentjones A 193.1.99.72 External records like: agentjones A 193.1.99.72
''; '';
}; };
cname = lib.mkOption { cname = lib.mkOption {
default = [ ]; default = [ ];
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
description = '' description = ''
External records like: ns1 CNAME ns1 External records like: ns1 CNAME ns1
''; '';
}; };
}; };
records = { records = {
external = lib.mkOption { external = lib.mkOption {
default = [ ]; default = [ ];
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
description = '' description = ''
External records like: agentjones A 193.1.99.72 External records like: agentjones A 193.1.99.72
''; '';
}; };
cname = lib.mkOption { cname = lib.mkOption {
default = [ ]; default = [ ];
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
description = '' description = ''
External records like: ns1 CNAME ns1 External records like: ns1 CNAME ns1
''; '';
}; };
}; };
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.bind = { services.bind = {
enable = true; enable = true;
forwarders = [ forwarders = [
# these were in old config file # these were in old config file
#"193.1.100.130" #"193.1.100.130"
#"193.1.100.131" #"193.1.100.131"
]; ];
zones = { zones = {
/* /*
put any other zones above skynet and link to their files like so: put any other zones above skynet and link to their files like so:
example.ie = { example.ie = {
extraConfig = ""; extraConfig = "";
file = ./dns/example; file = ./dns/example;
master = true; master = true;
masters = []; masters = [];
slaves = [ ]; slaves = [ ];
}; };
Skynet is handled a bit more dynamically since it is the key one we should focus on Skynet is handled a bit more dynamically since it is the key one we should focus on
*/ */
"skynet.ie" = { "skynet.ie" = {
extraConfig = ""; extraConfig = "";
# really wish teh nixos config didnt use master/slave # really wish teh nixos config didnt use master/slave
master = true; master = true;
slaves = [ ]; slaves = [ ];
# need to write this to a file # need to write this to a file
file = pkgs.writeText "dns_zone_skynet" file = pkgs.writeText "dns_zone_skynet"
# no leading whitespace for first line # no leading whitespace for first line
'' ''
$TTL 60 ; 1 minute $TTL 60 ; 1 minute
; hostmaster@skynet.ie is an email address that recieves stuff related to dns ; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. ( @ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. (
2023011701 ; Serial (YYYYMMDDCC) 2023011701 ; Serial (YYYYMMDDCC)
600 ; Refresh (10 minutes) 600 ; Refresh (10 minutes)
300 ; Retry (5 minutes) 300 ; Retry (5 minutes)
2419200 ; Expire (4 weeks) 2419200 ; Expire (4 weeks)
3600 ; Minimum (1 hour) 3600 ; Minimum (1 hour)
) )
NS ns1.skynet.ie. NS ns1.skynet.ie.
NS ns2.skynet.ie. NS ns2.skynet.ie.
; @ stands for teh root domain so teh A record below is where skynet.ie points to ; @ stands for teh root domain so teh A record below is where skynet.ie points to
A 193.1.99.76 A 193.1.99.76
MX 5 mail.skynet.ie. MX 5 mail.skynet.ie.
; can have multiple mailserves ; can have multiple mailserves
;MX 20 mail2.skynet.ie. ;MX 20 mail2.skynet.ie.
; ------------------------------------------ ; ------------------------------------------
; Server Names ; Server Names
; ------------------------------------------ ; ------------------------------------------
; External addresses ; External addresses
; ------------------------------------------ ; ------------------------------------------
${lib.strings.concatMapStrings (x: x + "\n") cfg.records.external} ${lib.strings.concatMapStrings (x: x + "\n") cfg.records.external}
; this is fixed for now ; this is fixed for now
wintermute A 193.1.101.148 wintermute A 193.1.101.148
; internal addresses ; internal addresses
; ------------------------------------------ ; ------------------------------------------
; May come back to this idea in teh future ; May come back to this idea in teh future
; agentjones.int A 172.20.20.1 ; agentjones.int A 172.20.20.1
; cname's ; cname's
; ------------------------------------------ ; ------------------------------------------
${lib.strings.concatMapStrings (x: x + "\n") cfg.records.cname} ${lib.strings.concatMapStrings (x: x + "\n") cfg.records.cname}
''; '';
}; };
}; };
}; };
}; };
} }

View file

@ -1,44 +1,44 @@
; use this file as an example of how to config zone files ; use this file as an example of how to config zone files
$TTL 60 ; 1 minute $TTL 60 ; 1 minute
@ IN SOA ns1.skynet.ie. hostmaster.skynet.ie. ( @ IN SOA ns1.skynet.ie. hostmaster.skynet.ie. (
2023011701 ; Serial (YYYYMMDDCC) 2023011701 ; Serial (YYYYMMDDCC)
600 ; Refresh (10 minutes) 600 ; Refresh (10 minutes)
300 ; Retry (5 minutes) 300 ; Retry (5 minutes)
2419200 ; Expire (4 weeks) 2419200 ; Expire (4 weeks)
3600 ; Minimum (1 hour) 3600 ; Minimum (1 hour)
) )
NS ns1.skynet.ie. NS ns1.skynet.ie.
NS ns2.skynet.ie. NS ns2.skynet.ie.
;A 193.1.99.76 ;A 193.1.99.76
MX 5 mail.skynet.ie. MX 5 mail.skynet.ie.
; can have multiple mailserves ; can have multiple mailserves
;MX 20 mail2.skynet.ie. ;MX 20 mail2.skynet.ie.
; ------------------------------------------ ; ------------------------------------------
; Server Names ; Server Names
; ------------------------------------------ ; ------------------------------------------
; External addresses ; External addresses
; ------------------------------------------ ; ------------------------------------------
agentjones A 193.1.99.72 agentjones A 193.1.99.72
; this is fixed for now ; this is fixed for now
wintermute A 193.1.101.148 wintermute A 193.1.101.148
; internal addresses ; internal addresses
; ------------------------------------------ ; ------------------------------------------
; May come back to this idea in teh future ; May come back to this idea in teh future
; agentjones.int A 172.20.20.1 ; agentjones.int A 172.20.20.1
; cname's ; cname's
; ------------------------------------------ ; ------------------------------------------
; ns1 CNAME ns1 ; ns1 CNAME ns1

View file

@ -1,134 +1,134 @@
{lib, pkgs, config, ...}: { {lib, pkgs, config, ...}: {
# using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base # using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base
options = { options = {
skynet_firewall = { skynet_firewall = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
default = false; default = false;
example = true; example = true;
description = "Skynet Firewall"; description = "Skynet Firewall";
type = lib.types.bool; type = lib.types.bool;
}; };
forward = lib.mkOption { forward = lib.mkOption {
default = [ ]; default = [ ];
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
description = '' description = ''
A list of routes to forward A list of routes to forward
''; '';
}; };
own = { own = {
ip = lib.mkOption { ip = lib.mkOption {
default = "127.0.0.1"; default = "127.0.0.1";
type = lib.types.str; type = lib.types.str;
description = '' description = ''
IP of the firewall IP of the firewall
''; '';
}; };
ports = { ports = {
tcp = lib.mkOption { tcp = lib.mkOption {
default = [ ]; default = [ ];
type = lib.types.listOf lib.types.int; type = lib.types.listOf lib.types.int;
description = '' description = ''
A list of TCP ports for the machiene running the firewall A list of TCP ports for the machiene running the firewall
''; '';
}; };
udp = lib.mkOption { udp = lib.mkOption {
default = [ ]; default = [ ];
type = lib.types.listOf lib.types.int; type = lib.types.listOf lib.types.int;
description = '' description = ''
A list of UDP ports for the machiene running the firewall A list of UDP ports for the machiene running the firewall
''; '';
}; };
}; };
}; };
}; };
}; };
config = lib.mkIf config.skynet_firewall.enable { config = lib.mkIf config.skynet_firewall.enable {
# disable default firewall to enable nftables # disable default firewall to enable nftables
networking.firewall.enable = false; networking.firewall.enable = false;
networking.nftables.enable = true; networking.nftables.enable = true;
# fules for the firewall # fules for the firewall
# beware of EOL conversion. # beware of EOL conversion.
networking.nftables.ruleset = networking.nftables.ruleset =
'' ''
# Check out https://wiki.nftables.org/ for better documentation. # Check out https://wiki.nftables.org/ for better documentation.
# Table for both IPv4 and IPv6. # Table for both IPv4 and IPv6.
table ip nat { table ip nat {
chain prerouting { chain prerouting {
type nat hook prerouting priority dstnat; policy accept; type nat hook prerouting priority dstnat; policy accept;
# forward anything with port 2222 to this specific ip # forward anything with port 2222 to this specific ip
# tcp dport 2222 counter packets 0 bytes 0 dnat to 193.1.99.76:22 # tcp dport 2222 counter packets 0 bytes 0 dnat to 193.1.99.76:22
# forward http/s traffic from 76 to 123 # forward http/s traffic from 76 to 123
# ip daddr 193.1.99.76 tcp dport 80 counter packets 0 bytes 0 dnat to 193.1.99.123:80 # ip daddr 193.1.99.76 tcp dport 80 counter packets 0 bytes 0 dnat to 193.1.99.123:80
# ip daddr 193.1.99.76 tcp dport 443 counter packets 0 bytes 0 dnat to 193.1.99.123:443 # ip daddr 193.1.99.76 tcp dport 443 counter packets 0 bytes 0 dnat to 193.1.99.123:443
} }
chain postrouting { chain postrouting {
type nat hook postrouting priority srcnat; policy accept; type nat hook postrouting priority srcnat; policy accept;
# the internal network # the internal network
ip saddr 172.20.20.0/23 counter packets 0 bytes 0 masquerade ip saddr 172.20.20.0/23 counter packets 0 bytes 0 masquerade
} }
chain output { chain output {
type nat hook output priority -100; policy accept; type nat hook output priority -100; policy accept;
} }
} }
table ip filter { table ip filter {
chain input { chain input {
type filter hook input priority filter; policy accept; type filter hook input priority filter; policy accept;
# for the host machiene # for the host machiene
# TCP # TCP
${lib.strings.concatMapStrings (x: x + "\n") (map (port: "tcp dport ${toString port} counter packets 0 bytes 0 accept") config.skynet_firewall.own.ports.tcp)} ${lib.strings.concatMapStrings (x: x + "\n") (map (port: "tcp dport ${toString port} counter packets 0 bytes 0 accept") config.skynet_firewall.own.ports.tcp)}
# UDP # UDP
${lib.strings.concatMapStrings (x: x + "\n") (map (port: "udp dport ${toString port} counter packets 0 bytes 0 accept") config.skynet_firewall.own.ports.udp)} ${lib.strings.concatMapStrings (x: x + "\n") (map (port: "udp dport ${toString port} counter packets 0 bytes 0 accept") config.skynet_firewall.own.ports.udp)}
} }
chain forward { chain forward {
type filter hook forward priority filter; policy drop; type filter hook forward priority filter; policy drop;
counter packets 0 bytes 0 jump rejects counter packets 0 bytes 0 jump rejects
# accept these ip/ports # accept these ip/ports
# ip saddr 193.1.99.123 tcp dport 443 counter packets 0 bytes 0 accept # ip saddr 193.1.99.123 tcp dport 443 counter packets 0 bytes 0 accept
# can basically make each machiene responsibile for their own forwarding (in config at least) # can basically make each machiene responsibile for their own forwarding (in config at least)
${lib.strings.concatMapStrings (x: x + "\n") config.skynet_firewall.forward} ${lib.strings.concatMapStrings (x: x + "\n") config.skynet_firewall.forward}
counter packets 0 bytes 0 reject with icmp type admin-prohibited counter packets 0 bytes 0 reject with icmp type admin-prohibited
} }
chain output { chain output {
type filter hook output priority filter; policy accept; type filter hook output priority filter; policy accept;
# no outgoing limits (for now) # no outgoing limits (for now)
} }
chain fail2ban-ssh { chain fail2ban-ssh {
# ban these # ban these
# ip saddr 104.236.151.120 counter packets 0 bytes 0 drop # ip saddr 104.236.151.120 counter packets 0 bytes 0 drop
counter packets 0 bytes 0 return counter packets 0 bytes 0 return
} }
chain rejects { chain rejects {
# Reject all these # Reject all these
# ip saddr 220.119.33.251 counter packets 0 bytes 0 reject with icmp type admin-prohibited # ip saddr 220.119.33.251 counter packets 0 bytes 0 reject with icmp type admin-prohibited
} }
} }
''; '';
}; };
} }

View file

@ -1,63 +1,63 @@
{ ... }: { { ... }: {
imports = []; imports = [];
/* /*
backups = [ backups = [
"/etc/silver_satisfactory/config/" "/etc/silver_satisfactory/config/"
"/etc/silver_valheim/config/" "/etc/silver_valheim/config/"
]; ];
*/ */
# since this is going to be pulled into a machiene that has skynet_dns we dont need to import it above # since this is going to be pulled into a machiene that has skynet_dns we dont need to import it above
# gonna use it to create sub-subdomains for each game server # gonna use it to create sub-subdomains for each game server
skynet_dns.records = { skynet_dns.records = {
external = []; external = [];
cname = [ cname = [
# create a sub-subdomain for each game # create a sub-subdomain for each game
"mc_compsoc.games CNAME games" "mc_compsoc.games CNAME games"
]; ];
}; };
# arion is one way to use docker on nixos # arion is one way to use docker on nixos
virtualisation.arion = { virtualisation.arion = {
backend = "docker"; backend = "docker";
projects = { projects = {
mc_compsoc.settings = { mc_compsoc.settings = {
docker-compose.raw.networks.default.name = "mc_compsoc"; docker-compose.raw.networks.default.name = "mc_compsoc";
services.mc_compsoc = { services.mc_compsoc = {
service.image = "nimmis/spigot:latest"; service.image = "nimmis/spigot:latest";
# setting these here as they arent special # setting these here as they arent special
service.environment = { service.environment = {
# this is what it last ran on # this is what it last ran on
SPIGOT_VER="1.18.2"; SPIGOT_VER="1.18.2";
}; };
service.volumes = [ service.volumes = [
# figure out what this needs and use itt o get up and running # figure out what this needs and use itt o get up and running
# /home/nimmis/mc-srv:/minecraft # /home/nimmis/mc-srv:/minecraft
#"/etc/games_satisfactory/config:/config" #"/etc/games_satisfactory/config:/config"
]; ];
service.ports = [ service.ports = [
"25565:25565/tcp" "25565:25565/tcp"
]; ];
}; };
}; };
}; };
}; };
/* /*
services = { services = {
nginx.virtualHosts = { nginx.virtualHosts = {
"valhiem.brendan.ie" = { "valhiem.brendan.ie" = {
forceSSL = true; forceSSL = true;
useACMEHost = "brendan"; useACMEHost = "brendan";
locations."/".proxyPass = "http://localhost:2456"; locations."/".proxyPass = "http://localhost:2456";
}; };
}; };
}; };
*/ */
} }

56
dev.nix
View file

@ -1,29 +1,29 @@
# run with nix dev.nix # run with nix dev.nix
# has everything installed for dev # has everything installed for dev
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> {} }:
with pkgs; with pkgs;
let let
imports = imports =
let agenixCommit = "42d371d861a227149dc9a7e03350c9ab8b8ddd68"; let agenixCommit = "42d371d861a227149dc9a7e03350c9ab8b8ddd68";
in in
{ {
agenix = import agenix = import
(builtins.fetchTarball { (builtins.fetchTarball {
url = "https://github.com/ryantm/agenix/archive/${agenixCommit}.tar.gz"; url = "https://github.com/ryantm/agenix/archive/${agenixCommit}.tar.gz";
sha256 = "14sszf5s85i4jd3lc8c167fbxvpj13da45wl1j7wpd20n0fic5c1"; sha256 = "14sszf5s85i4jd3lc8c167fbxvpj13da45wl1j7wpd20n0fic5c1";
}) })
{ inherit pkgs; }; { inherit pkgs; };
}; };
in mkShell { in mkShell {
# nativeBuildInputs is usually what you want -- tools you need to run # nativeBuildInputs is usually what you want -- tools you need to run
nativeBuildInputs = [ nativeBuildInputs = [
pkgs.buildPackages.git pkgs.buildPackages.git
pkgs.buildPackages.colmena pkgs.buildPackages.colmena
pkgs.buildPackages.nmap pkgs.buildPackages.nmap
]; ];
buildInputs = [ imports.agenix.agenix ]; buildInputs = [ imports.agenix.agenix ];
shellHook = ''export EDITOR="/usr/bin/nano"''; shellHook = ''export EDITOR="/usr/bin/nano"'';
} }

View file

@ -1,151 +1,151 @@
{ {
"nodes": { "nodes": {
"agenix": { "agenix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1673301561, "lastModified": 1673301561,
"narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=", "narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68", "rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"type": "github" "type": "github"
} }
}, },
"arion": { "arion": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"haskell-flake": "haskell-flake", "haskell-flake": "haskell-flake",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1673629654, "lastModified": 1673629654,
"narHash": "sha256-Ou4//mR6h3F6024ZOm925XkkFBbpEVniIKRGRMVboC8=", "narHash": "sha256-Ou4//mR6h3F6024ZOm925XkkFBbpEVniIKRGRMVboC8=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "arion", "repo": "arion",
"rev": "d1cc2b2a7dd0928ebd94a3f18336b5515e95c60c", "rev": "d1cc2b2a7dd0928ebd94a3f18336b5515e95c60c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "arion", "repo": "arion",
"rev": "d1cc2b2a7dd0928ebd94a3f18336b5515e95c60c", "rev": "d1cc2b2a7dd0928ebd94a3f18336b5515e95c60c",
"type": "github" "type": "github"
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"arion", "arion",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1672877861, "lastModified": 1672877861,
"narHash": "sha256-ROnSmsk5grROL6gnHBnSdqlPPBrBJMApCeB7xzY567M=", "narHash": "sha256-ROnSmsk5grROL6gnHBnSdqlPPBrBJMApCeB7xzY567M=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "7930f5b1c356270cec420d4f4cb43f4907206640", "rev": "7930f5b1c356270cec420d4f4cb43f4907206640",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"type": "github" "type": "github"
} }
}, },
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
}, },
"haskell-flake": { "haskell-flake": {
"locked": { "locked": {
"lastModified": 1668167720, "lastModified": 1668167720,
"narHash": "sha256-5wDTR6xt9BB3BjgKR+YOjOkZgMyDXKaX79g42sStzDU=", "narHash": "sha256-5wDTR6xt9BB3BjgKR+YOjOkZgMyDXKaX79g42sStzDU=",
"owner": "srid", "owner": "srid",
"repo": "haskell-flake", "repo": "haskell-flake",
"rev": "4fc511d93a55fedf815c1647ad146c26d7a2054e", "rev": "4fc511d93a55fedf815c1647ad146c26d7a2054e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "srid", "owner": "srid",
"repo": "haskell-flake", "repo": "haskell-flake",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1665732960, "lastModified": 1665732960,
"narHash": "sha256-WBZ+uSHKFyjvd0w4inbm0cNExYTn8lpYFcHEes8tmec=", "narHash": "sha256-WBZ+uSHKFyjvd0w4inbm0cNExYTn8lpYFcHEes8tmec=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4428e23312933a196724da2df7ab78eb5e67a88e", "rev": "4428e23312933a196724da2df7ab78eb5e67a88e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1673450908, "lastModified": 1673450908,
"narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=", "narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e", "rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1673527292, "lastModified": 1673527292,
"narHash": "sha256-903EpRSDCfUvic7Hsiqwy+h7zlMTLAUbCXkEGGriCfM=", "narHash": "sha256-903EpRSDCfUvic7Hsiqwy+h7zlMTLAUbCXkEGGriCfM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6a3f9996408c970b99b8b992b11bb249d1455b62", "rev": "6a3f9996408c970b99b8b992b11bb249d1455b62",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-22.11", "ref": "nixos-22.11",
"type": "indirect" "type": "indirect"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"arion": "arion", "arion": "arion",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
} }
} }
}, },
"root": "root", "root": "root",
"version": 7 "version": 7
} }

230
flake.nix
View file

@ -1,115 +1,115 @@
{ {
description = "Deployment for skynet"; description = "Deployment for skynet";
inputs = { inputs = {
# gonna start off with a fairly modern base # gonna start off with a fairly modern base
nixpkgs.url = "nixpkgs/nixos-22.11"; nixpkgs.url = "nixpkgs/nixos-22.11";
# utility stuff # utility stuff
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
# this is the last stable hash that works for 22.11 # this is the last stable hash that works for 22.11
arion.url = "github:hercules-ci/arion/d1cc2b2a7dd0928ebd94a3f18336b5515e95c60c"; arion.url = "github:hercules-ci/arion/d1cc2b2a7dd0928ebd94a3f18336b5515e95c60c";
}; };
outputs = { self, nixpkgs, agenix, arion, ... }: { outputs = { self, nixpkgs, agenix, arion, ... }: {
# https://github.com/zhaofengli/colmena # https://github.com/zhaofengli/colmena
colmena = { colmena = {
meta = { meta = {
nixpkgs = import nixpkgs { nixpkgs = import nixpkgs {
system = "x86_64-linux"; system = "x86_64-linux";
overlays = []; overlays = [];
}; };
}; };
# installed for each machine # installed for each machine
defaults = { defaults = {
imports = [ imports = [
./machines/_base.nix ./machines/_base.nix
# for the secrets # for the secrets
agenix.nixosModule agenix.nixosModule
]; ];
}; };
/* TODO: /* TODO:
vm host vm host
jarvis.skynet.ie jarvis.skynet.ie
193.1.99.73 193.1.99.73
172.20.20.2 172.20.20.2
ports ports
22, 80 22, 80
none none
DNS DNS
vendetta.skynet.ie vendetta.skynet.ie
ns1.skynet.ie ns1.skynet.ie
193.1.99.120 193.1.99.120
172.20.20.3 172.20.20.3
Ports Ports
22, 53 (UDP) 22, 53 (UDP)
53 (UDP) 53 (UDP)
vigil.skynet.ie vigil.skynet.ie
ns2.skynet.ie ns2.skynet.ie
193.1.99.121 193.1.99.121
172.20.20.4 172.20.20.4
Ports Ports
22, 53 (UDP) 22, 53 (UDP)
53 (UDP) 53 (UDP)
Wireguard Wireguard
ash.skynet.ie Ash is a robot spy from Alien https://en.wikipedia.org/wiki/Ash_(Alien) we need someone to get us into teh network ash.skynet.ie Ash is a robot spy from Alien https://en.wikipedia.org/wiki/Ash_(Alien) we need someone to get us into teh network
193.1.99.75 193.1.99.75
172.20.205.5 172.20.205.5
Ports Ports
22, 51820 (UDP) 22, 51820 (UDP)
51820 (UDP) 51820 (UDP)
Icecase Icecase
stream.skynet.ie stream.skynet.ie
193.1.99.111 193.1.99.111
172.20.20.6 172.20.20.6
Ports Ports
22, 80, 443, 8000 22, 80, 443, 8000
80, 443, 8000 80, 443, 8000
Minecraft Minecraft
minecraft.games.skynet.ie minecraft.games.skynet.ie
193.1.99.112 193.1.99.112
172.20.20.7 172.20.20.7
Ports Ports
22, 80, 443, 25564, 25565, 25575 22, 80, 443, 25564, 25565, 25575
80, 443, 25564, 25565, 25575 80, 443, 25564, 25565, 25575
*/ */
# firewall machiene # firewall machiene
agentjones = import ./machines/agentjones.nix; agentjones = import ./machines/agentjones.nix;
# ns1 # ns1
vendetta = import ./machines/vendetta.nix; vendetta = import ./machines/vendetta.nix;
# ns1 # ns1
vigil = import ./machines/vigil.nix; vigil = import ./machines/vigil.nix;
# wireguard # wireguard
ash = import ./machines/ash.nix; ash = import ./machines/ash.nix;
# icecast - ULFM # icecast - ULFM
galatea = import ./machines/galatea.nix; galatea = import ./machines/galatea.nix;
# Game host # Game host
optimus = { optimus = {
imports = [ imports = [
./machines/optimus.nix ./machines/optimus.nix
# for the docker # for the docker
arion.nixosModules.arion arion.nixosModules.arion
]; ];
}; };
}; };
}; };
} }

View file

@ -1,37 +1,37 @@
{ pkgs, modulesPath, ... }: { pkgs, modulesPath, ... }:
{ {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
]; ];
# flakes are essensial # flakes are essensial
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";
services.openssh = { services.openssh = {
enable = true; enable = true;
permitRootLogin = "prohibit-password"; permitRootLogin = "prohibit-password";
}; };
users.users.root = { users.users.root = {
initialHashedPassword = ""; initialHashedPassword = "";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"
]; ];
}; };
environment.systemPackages = [ environment.systemPackages = [
# for flakes # for flakes
pkgs.git pkgs.git
# useful tools # useful tools
pkgs.ncdu_2 pkgs.ncdu_2
pkgs.htop pkgs.htop
pkgs.nano pkgs.nano
pkgs.nmap pkgs.nmap
]; ];
} }

View file

@ -1,105 +1,105 @@
/* /*
Name: https://matrix.fandom.com/wiki/Agent_Jones Name: https://matrix.fandom.com/wiki/Agent_Jones
Type: Physical Type: Physical
Hardware: PowerEdge r210 Hardware: PowerEdge r210
From: 2011 (?) From: 2011 (?)
Role: Firewall Role: Firewall
Notes: Used to have Agent Smith as a partner but it died (Ironically) Notes: Used to have Agent Smith as a partner but it died (Ironically)
*/ */
{ pkgs, lib, nodes, ... }: { pkgs, lib, nodes, ... }:
let let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "agentjones"; name = "agentjones";
ip_pub = "193.1.99.72"; ip_pub = "193.1.99.72";
ip_priv = "172.20.20.1"; ip_priv = "172.20.20.1";
# hostname = "${name}.skynet.ie"; # hostname = "${name}.skynet.ie";
hostname = ip_pub; hostname = ip_pub;
in { in {
imports = [ imports = [
# applications for this particular server # applications for this particular server
../applications/firewall.nix ../applications/firewall.nix
../applications/dns.nix ../applications/dns.nix
./hardware/agentjones.nix ./hardware/agentjones.nix
]; ];
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = "root";
}; };
skynet_dns.records = { skynet_dns.records = {
external = [ external = [
"${name} A ${ip_pub}" "${name} A ${ip_pub}"
]; ];
cname = []; cname = [];
}; };
networking.hostName = name; networking.hostName = name;
# this has to be defined for any physical servers # this has to be defined for any physical servers
# vms are defined by teh vm host # vms are defined by teh vm host
networking.interfaces = { networking.interfaces = {
eno1 = { eno1 = {
ipv4.routes = [ ipv4.routes = [
# { # {
# address = "193.1.99.72"; # address = "193.1.99.72";
# prefixLength = 26; # prefixLength = 26;
# via = "193.1.99.65"; # via = "193.1.99.65";
# } # }
]; ];
}; };
eno2 = { eno2 = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [ ipv4.addresses = [
{ {
address = "193.1.99.72"; address = "193.1.99.72";
prefixLength = 26; prefixLength = 26;
} }
#{ #{
# address = "172.20.20.1"; # address = "172.20.20.1";
# prefixLength = 24; # prefixLength = 24;
#} #}
]; ];
}; };
}; };
# this server is teh firewall # this server is teh firewall
skynet_firewall = { skynet_firewall = {
# always good to know oneself # always good to know oneself
own = { own = {
ip = ip_pub; ip = ip_pub;
ports = { ports = {
tcp = [ tcp = [
# ssh in # ssh in
22 22
]; ];
udp = []; udp = [];
}; };
}; };
enable = true; enable = true;
# gonna have to get all the # gonna have to get all the
forward = builtins.concatLists ( forward = builtins.concatLists (
# using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list # using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
lib.attrsets.mapAttrsToList (key: value: lib.attrsets.mapAttrsToList (key: value:
# make sure that anything running this firewall dosent count (recursion otherewise) # make sure that anything running this firewall dosent count (recursion otherewise)
# firewall may want to open ports in itself but can deal with that later # firewall may want to open ports in itself but can deal with that later
if builtins.hasAttr "skynet_firewall" value.config if builtins.hasAttr "skynet_firewall" value.config
then ( then (
if value.config.skynet_firewall.enable if value.config.skynet_firewall.enable
then [] then []
else value.config.skynet_firewall.forward else value.config.skynet_firewall.forward
) )
else [] else []
) nodes ) nodes
); );
}; };
} }

View file

@ -1,91 +1,91 @@
/* /*
Name: https://en.wikipedia.org/wiki/Ash_(Alien) Name: https://en.wikipedia.org/wiki/Ash_(Alien)
Why: Infilitrate into the network Why: Infilitrate into the network
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: Wireguard (VPN) Server Role: Wireguard (VPN) Server
Notes: Thius vpn is for admin use only, to give access to all the servers via ssh Notes: Thius vpn is for admin use only, to give access to all the servers via ssh
*/ */
{ pkgs, lib, nodes, ... }: { pkgs, lib, nodes, ... }:
let let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "ash"; name = "ash";
ip_pub = "193.1.99.75"; ip_pub = "193.1.99.75";
ip_priv = "172.20.20.5"; ip_priv = "172.20.20.5";
# hostname = "${name}.skynet.ie"; # hostname = "${name}.skynet.ie";
hostname = ip_pub; hostname = ip_pub;
in { in {
imports = [ imports = [
# applications for this particular server # applications for this particular server
../applications/firewall.nix ../applications/firewall.nix
../applications/dns.nix ../applications/dns.nix
]; ];
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = "root";
}; };
# these two are to be able to add the rules for firewall and dns # these two are to be able to add the rules for firewall and dns
# open the firewall for this # open the firewall for this
skynet_firewall.forward = [ skynet_firewall.forward = [
"ip saddr ${ip_pub} udp dport 51820 counter packets 0 bytes 0 accept" "ip saddr ${ip_pub} udp dport 51820 counter packets 0 bytes 0 accept"
]; ];
skynet_dns.records = { skynet_dns.records = {
external = [ external = [
"${name} A ${ip_pub}" "${name} A ${ip_pub}"
]; ];
cname = [ cname = [
#may asw ell add a cname for this #may asw ell add a cname for this
"wg CNAME ${name}" "wg CNAME ${name}"
]; ];
}; };
age.secrets.wireguard.file = ../secrets/wireguard.age; age.secrets.wireguard.file = ../secrets/wireguard.age;
networking = { networking = {
nat = { nat = {
enable = true; enable = true;
externalInterface = "eth0"; externalInterface = "eth0";
internalInterfaces = ["wg0"]; internalInterfaces = ["wg0"];
}; };
firewall = { firewall = {
allowedTCPPorts = [22]; allowedTCPPorts = [22];
allowedUDPPorts = [8000]; allowedUDPPorts = [8000];
interfaces.wg0 = { interfaces.wg0 = {
allowedTCPPorts = [53]; allowedTCPPorts = [53];
allowedUDPPorts = [53]; allowedUDPPorts = [53];
}; };
}; };
wireguard.interfaces.wg0 = { wireguard.interfaces.wg0 = {
# may need to change this to the same base as the full network # may need to change this to the same base as the full network
ips = ["172.20.21.0/24"]; ips = ["172.20.21.0/24"];
listenPort = 8000; listenPort = 8000;
privateKeyFile = "/run/agenix/wireguard"; privateKeyFile = "/run/agenix/wireguard";
peers = [ peers = [
{ # silver - Brendan { # silver - Brendan
publicKey = "46jMR/DzJ4rQCR8MBqLMwcyr2tsSII/xeCjihb6EQgQ="; publicKey = "46jMR/DzJ4rQCR8MBqLMwcyr2tsSII/xeCjihb6EQgQ=";
allowedIPs = [ "172.20.21.2/32" ]; allowedIPs = [ "172.20.21.2/32" ];
} }
]; ];
}; };
}; };
environment.systemPackages = [ environment.systemPackages = [
# needed to generate keys # needed to generate keys
pkgs.wireguard-tools pkgs.wireguard-tools
]; ];
} }

View file

@ -1,74 +1,74 @@
/* /*
Name: https://en.wikipedia.org/wiki/Galatea_(mythology) Name: https://en.wikipedia.org/wiki/Galatea_(mythology)
Why: Created as a product of artistic expression Why: Created as a product of artistic expression
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: Icecast server for ULFM Role: Icecast server for ULFM
Notes: Notes:
*/ */
{ pkgs, lib, nodes, config, ... }: { pkgs, lib, nodes, config, ... }:
let let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "galatea"; name = "galatea";
ip_pub = "193.1.99.111"; ip_pub = "193.1.99.111";
ip_priv = "172.20.20.6"; ip_priv = "172.20.20.6";
# hostname = "${name}.skynet.ie"; # hostname = "${name}.skynet.ie";
hostname = ip_pub; hostname = ip_pub;
# dosent seem to be any otehr way to have it like read from a file # dosent seem to be any otehr way to have it like read from a file
feck = "d9J4jDsJPuMPUMAAE4J4tH37HsmxEDze"; feck = "d9J4jDsJPuMPUMAAE4J4tH37HsmxEDze";
in { in {
imports = [ imports = [
# applications for this particular server # applications for this particular server
../applications/firewall.nix ../applications/firewall.nix
../applications/dns.nix ../applications/dns.nix
]; ];
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = "root";
}; };
# these two are to be able to add the rules for firewall and dns # these two are to be able to add the rules for firewall and dns
# open the firewall for this # open the firewall for this
skynet_firewall.forward = [ skynet_firewall.forward = [
"ip saddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept" "ip saddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept" "ip saddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} tcp dport 8000 counter packets 0 bytes 0 accept" "ip saddr ${ip_pub} tcp dport 8000 counter packets 0 bytes 0 accept"
]; ];
skynet_dns.records = { skynet_dns.records = {
external = [ external = [
"${name} A ${ip_pub}" "${name} A ${ip_pub}"
]; ];
cname = [ cname = [
# this is also the stream server # this is also the stream server
"stream CNAME ${name}" "stream CNAME ${name}"
]; ];
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
22 22
80 80
443 443
8000 8000
]; ];
# config for icecast is smol so can have it in this # config for icecast is smol so can have it in this
services.icecast = { services.icecast = {
enable = true; enable = true;
hostname = hostname; hostname = hostname;
admin = { admin = {
user = "admin"; user = "admin";
password = feck; password = feck;
}; };
}; };
} }

View file

@ -1,61 +1,61 @@
/* /*
Name: https://en.wikipedia.org/wiki/Optimus_Prime Name: https://en.wikipedia.org/wiki/Optimus_Prime
Why: Created to sell toys so this vm is for games Why: Created to sell toys so this vm is for games
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: Game host Role: Game host
Notes: Notes:
*/ */
{ pkgs, lib, nodes, arion, ... }: { pkgs, lib, nodes, arion, ... }:
let let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "optimus"; name = "optimus";
ip_pub = "193.1.99.112"; ip_pub = "193.1.99.112";
ip_priv = "172.20.20.7"; ip_priv = "172.20.20.7";
# hostname = "${name}.skynet.ie"; # hostname = "${name}.skynet.ie";
hostname = ip_pub; hostname = ip_pub;
in { in {
imports = [ imports = [
# applications for this particular server # applications for this particular server
../applications/firewall.nix ../applications/firewall.nix
../applications/dns.nix ../applications/dns.nix
../applications/games.nix ../applications/games.nix
]; ];
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = "root";
}; };
# these two are to be able to add the rules for firewall and dns # these two are to be able to add the rules for firewall and dns
# open the firewall for this # open the firewall for this
skynet_firewall.forward = [ skynet_firewall.forward = [
"ip saddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept" "ip saddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept" "ip saddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} tcp dport 25565 counter packets 0 bytes 0 accept" "ip saddr ${ip_pub} tcp dport 25565 counter packets 0 bytes 0 accept"
]; ];
skynet_dns.records = { skynet_dns.records = {
external = [ external = [
"${name} A ${ip_pub}" "${name} A ${ip_pub}"
]; ];
cname = [ cname = [
# the games are each going to have a subdomain on this # the games are each going to have a subdomain on this
"games CNAME ${name}" "games CNAME ${name}"
]; ];
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
22 22
80 80
443 443
25565 25565
]; ];
} }

View file

@ -1,96 +1,96 @@
/* /*
Name: https://masseffect.fandom.com/wiki/Vendetta Name: https://masseffect.fandom.com/wiki/Vendetta
Why: Vendetta held troves of important data waiting for folks to request it. Why: Vendetta held troves of important data waiting for folks to request it.
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: DNS Server Role: DNS Server
Notes: Notes:
*/ */
{ pkgs, lib, nodes, ... }: { pkgs, lib, nodes, ... }:
let let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "vendetta"; name = "vendetta";
ip_pub = "193.1.99.120"; ip_pub = "193.1.99.120";
ip_priv = "172.20.20.3"; ip_priv = "172.20.20.3";
# hostname = "${name}.skynet.ie"; # hostname = "${name}.skynet.ie";
hostname = ip_pub; hostname = ip_pub;
# sets which nameserver it is # sets which nameserver it is
ns = "ns1"; ns = "ns1";
in { in {
imports = [ imports = [
# applications for this particular server # applications for this particular server
../applications/firewall.nix ../applications/firewall.nix
../applications/dns.nix ../applications/dns.nix
]; ];
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = "root";
}; };
networking = { networking = {
firewall = { firewall = {
allowedTCPPorts = [22 53]; allowedTCPPorts = [22 53];
allowedUDPPorts = [53]; allowedUDPPorts = [53];
}; };
}; };
# open the firewall for this # open the firewall for this
skynet_firewall.forward = [ skynet_firewall.forward = [
"ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept" "ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept" "ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
]; ];
skynet_dns = { skynet_dns = {
enable = true; enable = true;
# this server will have to have dns records # this server will have to have dns records
own = { own = {
nameserver = ns; nameserver = ns;
external = [ external = [
"${name} A ${ip_pub}" "${name} A ${ip_pub}"
"${ns} A ${ip_pub}" "${ns} A ${ip_pub}"
# needs this, temporally # needs this, temporally
"mail A ${ip_pub}" "mail A ${ip_pub}"
]; ];
cname = [ cname = [
#"misc CNAME vendetta" #"misc CNAME vendetta"
]; ];
}; };
records = { records = {
# using the same logic as the firewall, comments there # using the same logic as the firewall, comments there
external = builtins.concatLists ( external = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value: lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config if builtins.hasAttr "skynet_dns" value.config
then ( then (
if value.config.skynet_dns.enable if value.config.skynet_dns.enable
then value.config.skynet_dns.own.external then value.config.skynet_dns.own.external
else value.config.skynet_dns.records.external else value.config.skynet_dns.records.external
) )
else [] else []
) nodes ) nodes
); );
cname = builtins.concatLists ( cname = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value: lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config if builtins.hasAttr "skynet_dns" value.config
then ( then (
if value.config.skynet_dns.enable if value.config.skynet_dns.enable
then value.config.skynet_dns.own.cname then value.config.skynet_dns.own.cname
else value.config.skynet_dns.records.cname else value.config.skynet_dns.records.cname
) )
else [] else []
) nodes ) nodes
); );
}; };
}; };
} }

View file

@ -1,92 +1,92 @@
/* /*
Name: https://masseffect.fandom.com/wiki/Vigil Name: https://masseffect.fandom.com/wiki/Vigil
Why: Counterpart to Vendetta Why: Counterpart to Vendetta
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: DNS Server Role: DNS Server
Notes: Notes:
*/ */
{ pkgs, lib, nodes, ... }: { pkgs, lib, nodes, ... }:
let let
name = "vigil"; name = "vigil";
ip_pub = "193.1.99.109"; ip_pub = "193.1.99.109";
ip_priv = "172.20.20.4"; ip_priv = "172.20.20.4";
# hostname = "${name}.skynet.ie"; # hostname = "${name}.skynet.ie";
hostname = ip_pub; hostname = ip_pub;
# sets which nameserver it is # sets which nameserver it is
ns = "ns2"; ns = "ns2";
in { in {
imports = [ imports = [
# applications for this particular server # applications for this particular server
../applications/firewall.nix ../applications/firewall.nix
../applications/dns.nix ../applications/dns.nix
]; ];
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = "root";
}; };
networking = { networking = {
firewall = { firewall = {
allowedTCPPorts = [22 53]; allowedTCPPorts = [22 53];
allowedUDPPorts = [53]; allowedUDPPorts = [53];
}; };
}; };
# open the firewall for this # open the firewall for this
skynet_firewall.forward = [ skynet_firewall.forward = [
"ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept" "ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
"ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept" "ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
]; ];
skynet_dns = { skynet_dns = {
enable = true; enable = true;
# this server will have to have dns records # this server will have to have dns records
own = { own = {
nameserver = ns; nameserver = ns;
external = [ external = [
"${name} A ${ip_pub}" "${name} A ${ip_pub}"
"${ns} A ${ip_pub}" "${ns} A ${ip_pub}"
]; ];
cname = [ cname = [
#"misc CNAME vendetta" #"misc CNAME vendetta"
]; ];
}; };
records = { records = {
# using the same logic as the firewall, comments there # using the same logic as the firewall, comments there
external = builtins.concatLists ( external = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value: lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config if builtins.hasAttr "skynet_dns" value.config
then ( then (
if value.config.skynet_dns.enable if value.config.skynet_dns.enable
then value.config.skynet_dns.own.external then value.config.skynet_dns.own.external
else value.config.skynet_dns.records.external else value.config.skynet_dns.records.external
) )
else [] else []
) nodes ) nodes
); );
cname = builtins.concatLists ( cname = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value: lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config if builtins.hasAttr "skynet_dns" value.config
then ( then (
if value.config.skynet_dns.enable if value.config.skynet_dns.enable
then value.config.skynet_dns.own.cname then value.config.skynet_dns.own.cname
else value.config.skynet_dns.records.cname else value.config.skynet_dns.records.cname
) )
else [] else []
) nodes ) nodes
); );
}; };
}; };
} }

View file

@ -1,22 +1,22 @@
let let
admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"; admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin";
silver_laptop_wsl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"; silver_laptop_wsl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb";
users = [ users = [
admin admin
silver_laptop_wsl silver_laptop_wsl
]; ];
# change this when its properly set up # change this when its properly set up
agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbqYQrdVHmGgXZJoMWWRDGVEIj775Zrf4PxB5hoth+k root@agentjones"; agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbqYQrdVHmGgXZJoMWWRDGVEIj775Zrf4PxB5hoth+k root@agentjones";
ash = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJDVQGjIwMQmkElGshgKDAlChM2xdNN6iI5Ap2IbAs5"; ash = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJDVQGjIwMQmkElGshgKDAlChM2xdNN6iI5Ap2IbAs5";
systems = [ systems = [
agentjones agentjones
ash ash
]; ];
in in
{ {
# nix run github:ryantm/agenix -- -e secret1.age # nix run github:ryantm/agenix -- -e secret1.age
"wireguard.age".publicKeys = users ++ systems; "wireguard.age".publicKeys = users ++ systems;
} }