diff --git a/ITD_Firewall.csv b/ITD_Firewall.csv index 510e7d7..9e8dbb3 100644 --- a/ITD_Firewall.csv +++ b/ITD_Firewall.csv @@ -7,9 +7,9 @@ SKYNET00005,galatea,193.1.99.111,galatea/stream,80/443 8000,"","",ULFM Radio SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,"","",Games server SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,"",80/443,i23-07-28_010,LDAP and Self-Service Password/Account management SKYNET00008,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,2222,i23-05-18_249,Gitlab server -SKYNET00009,gir,193.1.99.76,gir/mail,80/443 25/143/993/587/465,"",i23-06-19_525/i23-06-19_525,Email and Webmail +SKYNET00009,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,"",i23-06-19_525/i23-06-19_525,Email and Webmail SKYNET00010,wheatly,193.1.99.78,wheatly,"","","",Gitlab Runner -SKYNET00011,skynet_internal,193.1.99.79,skynet/skynet.int,80/443,"",i23-06-19_525,"Skynet server, Temp until I can get the DMZ setup properly on my end" -SKYNET00012,skynet_dmz,193.1.96.165,skynet,22 80/443,"",i23-06-30_024,Skynet server. +SKYNET00011,earth,193.1.99.79,earth,80/443,"",i23-06-19_525,Offical website host +SKYNET00012,skynet,193.1.96.165,skynet,22 80/443,"",i23-06-30_024,Skynet server. (DMZ) SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server SKYNET00014,cadie,193.1.99.77,cadie,"","80/443","","Services VM, has nextcloud to start with" \ No newline at end of file diff --git a/Possible_Server_Names.md b/Possible_Server_Names.md new file mode 100644 index 0000000..435cdec --- /dev/null +++ b/Possible_Server_Names.md @@ -0,0 +1,19 @@ +https://web.archive.org/web/20180815150202/https://wiki.skynet.ie/Admin/SkynetMachines +https://en.m.wikipedia.org/wiki/Category:Fictional_artificial_intelligences + +* agentsmith +* skynet +* caro +* Lowe - https://westworld.fandom.com/wiki/Bernard_Lowe +* ultron +* walle +* eve +* calculon +* deepthought +* earth +* flexo +* bender +* marvin +* kitt +* wopr +* wintermute diff --git a/applications/email.nix b/applications/email.nix index 5cf2aaf..05ee8d0 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -16,10 +16,110 @@ with lib; let # thought you could escape racket? create_filter = groups: create_filter_join (create_filter_array groups); - create_skynet_email = accounts: mailbox: (map (account: "${account}+${mailbox}@skynet.ie") accounts); + # using +mailbox puts the mail in a seperate folder + create_skynet_email_int = accounts: mailbox: (map (account: "${account}@skynet.ie") accounts); + groups_to_accounts = groups: builtins.concatMap (x: config.skynet.users.${x}) groups; + create_skynet_email_attribute = mailbox: groups: (create_skynet_email_int (groups_to_accounts groups) mailbox) ++ ["int_${mailbox}@skynet.ie"]; + create_skynet_email = mailbox: groups: { + name = "${mailbox}@skynet.ie"; + value = create_skynet_email_attribute mailbox groups; + }; + create_skynet_service_mailboxes = builtins.listToAttrs (map (mailbox: (create_skynet_email mailbox.account mailbox.members)) service_mailboxes); - create_skynet_email_admin = mailbox: (create_skynet_email config.skynet.users.admin mailbox) ++ ["${mailbox}_int@skynet.ie"]; - create_skynet_email_committee = mailbox: (create_skynet_email config.skynet.users.committee mailbox) ++ ["${mailbox}_int@skynet.ie"]; + create_config_to = concatStringsSep "\",\"" (map (mailbox: "${mailbox.account}") service_mailboxes); + + service_mailboxes = [ + { + account = "root"; + members = ["admin"]; + } + { + account = "abuse"; + members = ["admin"]; + } + { + account = "accounts"; + members = ["committee"]; + } + { + account = "compsoc"; + members = ["committee"]; + } + { + account = "contact"; + members = ["committee"]; + } + { + account = "dbadmin"; + members = ["admin"]; + } + { + account = "dnsadm"; + members = ["admin"]; + } + { + account = "hostmaster"; + members = ["admin"]; + } + { + account = "intersocsrep"; + members = ["committee"]; + } + { + account = "mailman"; + members = ["admin"]; + } + { + account = "security"; + members = ["admin"]; + } + { + account = "sysadm"; + members = ["admin"]; + } + { + account = "webadmin"; + members = ["admin"]; + } + { + account = "pycon2023"; + members = ["committee"]; + } + { + account = "skynet_topdesk"; + members = ["admin"]; + } + { + account = "topdesk"; + members = ["admin"]; + } + ]; + + configFile = + pkgs.writeText "basic_sieve" + '' + require "copy"; + require "mailbox"; + require "imap4flags"; + require ["fileinto", "reject"]; + require "variables"; + require "regex"; + + # this should be close to teh last step + if allof ( + address :localpart ["To"] ["${toString create_config_to}"], + address :domain ["To"] "skynet.ie" + ){ + if address :matches ["To"] "*@skynet.ie" { + if header :is "X-Spam" "Yes" { + fileinto :create "''${1}.Junk"; + stop; + } else { + fileinto :create "''${1}"; + } + } + } + ''; in { imports = [ ./dns.nix @@ -260,21 +360,7 @@ in { lmtpSaveToDetailMailbox = "yes"; - extraVirtualAliases = { - "abuse@skynet.ie" = create_skynet_email_admin "abuse"; - "accounts@skynet.ie" = create_skynet_email_committee "accounts"; - "compsoc@skynet.ie" = create_skynet_email_committee "compsoc"; - "contact@skynet.ie" = create_skynet_email_committee "contact"; - "dbadmin@skynet.ie" = create_skynet_email_admin "dbadmin"; - "dnsadm@skynet.ie" = create_skynet_email_admin "dnsadm"; - "hostmaster@skynet.ie" = create_skynet_email_admin "hostmaster"; - "intersocsrep@skynet.ie" = create_skynet_email_committee "intersocsrep"; - "mailman@skynet.ie" = create_skynet_email_admin "mailman"; - "security@skynet.ie" = create_skynet_email_admin "security"; - "sysadm@skynet.ie" = create_skynet_email_admin "sysadm"; - "webadmin@skynet.ie" = create_skynet_email_admin "webadmin"; - "pycon2023@skynet.ie" = create_skynet_email_committee "pycon2023"; - }; + extraVirtualAliases = create_skynet_service_mailboxes; # use the letsencrypt certs certificateScheme = "acme"; @@ -315,6 +401,10 @@ in { ]; }; + services.dovecot2.sieveScripts = { + before = configFile; + }; + # tune the spam filter /* services.rspamd.extraConfig = '' diff --git a/applications/ldap/server.nix b/applications/ldap/server.nix index 2090879..107c3f9 100644 --- a/applications/ldap/server.nix +++ b/applications/ldap/server.nix @@ -10,6 +10,7 @@ Gonna use a priper nixos module for this }: with lib; let cfg = config.services.skynet_ldap; + domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; in { # these are needed for teh program in question imports = [ @@ -79,7 +80,7 @@ in { }; skynet_acme.domains = [ - "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + domain ]; skynet_dns.records = [ @@ -97,7 +98,7 @@ in { ]; services.nginx.virtualHosts = { - "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { + ${domain} = { forceSSL = true; useACMEHost = "skynet"; locations."/" = { @@ -190,29 +191,33 @@ in { olcRootDN = "cn=admin,${cfg.base}"; olcRootPW.path = config.age.secrets.ldap_pw.path; - #olcOverlay = "memberof"; - olcAccess = [ /* custom access rules for userPassword attributes */ - '' {0}to attrs=userPassword - by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage - by self write - by anonymous auth - by * none'' + '' + {0}to attrs=userPassword + by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage + by self write + by anonymous auth + by * none + '' - '' {1}to attrs=mail,sshPublicKey,cn,sn,skDiscord - by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage - by self write - by * read'' + '' + {1}to attrs=mail,sshPublicKey,cn,sn + by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage + by self write + by * read + '' /* allow read on anything else */ - '' {2}to * - by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage - by * read'' + '' + {2}to * + by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage + by * read + '' ]; }; diff --git a/applications/ldap/skMemberOf.ldif b/applications/ldap/skMemberOf.ldif index af4385b..12b981e 100644 --- a/applications/ldap/skMemberOf.ldif +++ b/applications/ldap/skMemberOf.ldif @@ -24,24 +24,12 @@ olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.4.1 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.5.1 - NAME 'skDiscord' - DESC 'Discord username' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - ) olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.6.1 NAME 'skCreated' DESC 'When the account was created' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -#olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.7.1 -# NAME 'skEnabled' -# DESC 'TRUE/FALSE' -# EQUALITY booleanMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 -# ) # https://github.com/variablenix/ldap-mail-schema/blob/master/quota.schema olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.8.1 NAME 'quotaEmail' @@ -55,16 +43,10 @@ olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.9.1 EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} ) -olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.10.1 - NAME 'skSecure' - DESC '1 if secure' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - ) olcObjectClasses: ( 1.3.6.1.4.1.24441.1.1.1 NAME 'skPerson' DESC 'skynet person' SUP top AUXILIARY MUST ( skMail $ skCreated ) - MAY ( skMemberOf $ skID $ skDiscord $ quotaEmail $ quotaDisk $ skSecure ) + MAY ( skMemberOf $ skID $ quotaEmail $ quotaDisk ) ) diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 7a24b03..d90d7df 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -78,6 +78,7 @@ in { alias = "/home/$user/public_html/"; index = "index.html"; extraConfig = "autoindex on;"; + tryFiles = "$uri$args $uri$args/ /index.html"; }; }; }; diff --git a/flake.lock b/flake.lock index 986c112..03302db 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1697300433, - "narHash": "sha256-8UK1CHBeaADEwqW6T0gJu5F6ydKe3auqrsZAKy551+0=", + "lastModified": 1697993126, + "narHash": "sha256-GwuYt20MwyM5IMW5yurlTqpsw2AmGq7HfZH+oGMoYaM=", "owner": "compsoc1%2Fcompsoc", "repo": "presentations", - "rev": "64c7b24ff78637d9179d04f73189e76ad5d71beb", + "rev": "a49b85236858ff9ec26222b5b726226691dc7eac", "type": "gitlab" }, "original": { @@ -657,11 +657,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1696234972, - "narHash": "sha256-8Syf1OEUBmaaApKsjkp0bVX4AjVkm64aGZKzoRn7wGM=", + "lastModified": 1698165887, + "narHash": "sha256-eHmW39g6m+OlgAqPkRL4FKGKEkD/Ot/+OYGatDZxg3M=", "owner": "compsoc1%2Fskynet", "repo": "discord-bot", - "rev": "b0028959ff83c3fcc39410496fe2017b8772aff8", + "rev": "4125ad634f7b83a026784301c0088f09521330f5", "type": "gitlab" }, "original": { @@ -679,11 +679,11 @@ }, "locked": { "host": "gitlab.skynet.ie", - "lastModified": 1697743642, - "narHash": "sha256-c2CW9BLDzGRAHJGkbxQGYQI6MUKttOGAJrMbXT8eR5Y=", + "lastModified": 1698255058, + "narHash": "sha256-qtvTnfL0XXZWA+I14D9eRL9Ir2G6WhIkRSiRV7GOfdw=", "owner": "compsoc1%2Fskynet", "repo": "ldap%2Fbackend", - "rev": "6cc97eccb2057d9d2c42955726263fa900f7817a", + "rev": "20d79e427afa460b13ef7d986d5d351548a5c91e", "type": "gitlab" }, "original": { diff --git a/mailmap b/mailmap new file mode 100644 index 0000000..1aaf5b3 --- /dev/null +++ b/mailmap @@ -0,0 +1 @@ +Brendan Golden \ No newline at end of file