Merge branch 'main' into '#35_add_nextcloud'

# Conflicts:
#   ITD_Firewall.csv
This commit is contained in:
silver 2023-10-25 18:43:45 +00:00
commit 422ee6b2c8
8 changed files with 163 additions and 65 deletions

View file

@ -7,9 +7,9 @@ SKYNET00005,galatea,193.1.99.111,galatea/stream,80/443 8000,"","",ULFM Radio
SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,"","",Games server SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,"","",Games server
SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,"",80/443,i23-07-28_010,LDAP and Self-Service Password/Account management SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,"",80/443,i23-07-28_010,LDAP and Self-Service Password/Account management
SKYNET00008,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,2222,i23-05-18_249,Gitlab server SKYNET00008,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,2222,i23-05-18_249,Gitlab server
SKYNET00009,gir,193.1.99.76,gir/mail,80/443 25/143/993/587/465,"",i23-06-19_525/i23-06-19_525,Email and Webmail SKYNET00009,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,"",i23-06-19_525/i23-06-19_525,Email and Webmail
SKYNET00010,wheatly,193.1.99.78,wheatly,"","","",Gitlab Runner SKYNET00010,wheatly,193.1.99.78,wheatly,"","","",Gitlab Runner
SKYNET00011,skynet_internal,193.1.99.79,skynet/skynet.int,80/443,"",i23-06-19_525,"Skynet server, Temp until I can get the DMZ setup properly on my end" SKYNET00011,earth,193.1.99.79,earth,80/443,"",i23-06-19_525,Offical website host
SKYNET00012,skynet_dmz,193.1.96.165,skynet,22 80/443,"",i23-06-30_024,Skynet server. SKYNET00012,skynet,193.1.96.165,skynet,22 80/443,"",i23-06-30_024,Skynet server. (DMZ)
SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server
SKYNET00014,cadie,193.1.99.77,cadie,"","80/443","","Services VM, has nextcloud to start with" SKYNET00014,cadie,193.1.99.77,cadie,"","80/443","","Services VM, has nextcloud to start with"
1 Index Name IP_Address DNS_Name Ports_Current Ports_Requested Related_Tickets Description
7 SKYNET00006 optimus 193.1.99.112 optimus/games/*.games 80/443 25565 Games server
8 SKYNET00007 kitt 193.1.99.74 kitt/account/api.account 80/443 i23-07-28_010 LDAP and Self-Service Password/Account management
9 SKYNET00008 glados 193.1.99.75 glados/gitlab/*.pages.gitlab 80/443 2222 i23-05-18_249 Gitlab server
10 SKYNET00009 gir 193.1.99.76 gir/mail gir/mail/imap/pop3/smtp 80/443 25/143/993/587/465 i23-06-19_525/i23-06-19_525 Email and Webmail
11 SKYNET00010 wheatly 193.1.99.78 wheatly Gitlab Runner
12 SKYNET00011 skynet_internal earth 193.1.99.79 skynet/skynet.int earth 80/443 i23-06-19_525 Skynet server, Temp until I can get the DMZ setup properly on my end Offical website host
13 SKYNET00012 skynet_dmz skynet 193.1.96.165 skynet 22 80/443 i23-06-30_024 Skynet server. Skynet server. (DMZ)
14 SKYNET00013 neuromancer 193.1.99.80 neuromancer Local Backup Server
15 SKYNET00014 cadie 193.1.99.77 cadie 80/443 Services VM, has nextcloud to start with

19
Possible_Server_Names.md Normal file
View file

@ -0,0 +1,19 @@
https://web.archive.org/web/20180815150202/https://wiki.skynet.ie/Admin/SkynetMachines
https://en.m.wikipedia.org/wiki/Category:Fictional_artificial_intelligences
* agentsmith
* skynet
* caro
* Lowe - https://westworld.fandom.com/wiki/Bernard_Lowe
* ultron
* walle
* eve
* calculon
* deepthought
* earth
* flexo
* bender
* marvin
* kitt
* wopr
* wintermute

View file

@ -16,10 +16,110 @@ with lib; let
# thought you could escape racket? # thought you could escape racket?
create_filter = groups: create_filter_join (create_filter_array groups); create_filter = groups: create_filter_join (create_filter_array groups);
create_skynet_email = accounts: mailbox: (map (account: "${account}+${mailbox}@skynet.ie") accounts); # using +mailbox puts the mail in a seperate folder
create_skynet_email_int = accounts: mailbox: (map (account: "${account}@skynet.ie") accounts);
groups_to_accounts = groups: builtins.concatMap (x: config.skynet.users.${x}) groups;
create_skynet_email_attribute = mailbox: groups: (create_skynet_email_int (groups_to_accounts groups) mailbox) ++ ["int_${mailbox}@skynet.ie"];
create_skynet_email = mailbox: groups: {
name = "${mailbox}@skynet.ie";
value = create_skynet_email_attribute mailbox groups;
};
create_skynet_service_mailboxes = builtins.listToAttrs (map (mailbox: (create_skynet_email mailbox.account mailbox.members)) service_mailboxes);
create_skynet_email_admin = mailbox: (create_skynet_email config.skynet.users.admin mailbox) ++ ["${mailbox}_int@skynet.ie"]; create_config_to = concatStringsSep "\",\"" (map (mailbox: "${mailbox.account}") service_mailboxes);
create_skynet_email_committee = mailbox: (create_skynet_email config.skynet.users.committee mailbox) ++ ["${mailbox}_int@skynet.ie"];
service_mailboxes = [
{
account = "root";
members = ["admin"];
}
{
account = "abuse";
members = ["admin"];
}
{
account = "accounts";
members = ["committee"];
}
{
account = "compsoc";
members = ["committee"];
}
{
account = "contact";
members = ["committee"];
}
{
account = "dbadmin";
members = ["admin"];
}
{
account = "dnsadm";
members = ["admin"];
}
{
account = "hostmaster";
members = ["admin"];
}
{
account = "intersocsrep";
members = ["committee"];
}
{
account = "mailman";
members = ["admin"];
}
{
account = "security";
members = ["admin"];
}
{
account = "sysadm";
members = ["admin"];
}
{
account = "webadmin";
members = ["admin"];
}
{
account = "pycon2023";
members = ["committee"];
}
{
account = "skynet_topdesk";
members = ["admin"];
}
{
account = "topdesk";
members = ["admin"];
}
];
configFile =
pkgs.writeText "basic_sieve"
''
require "copy";
require "mailbox";
require "imap4flags";
require ["fileinto", "reject"];
require "variables";
require "regex";
# this should be close to teh last step
if allof (
address :localpart ["To"] ["${toString create_config_to}"],
address :domain ["To"] "skynet.ie"
){
if address :matches ["To"] "*@skynet.ie" {
if header :is "X-Spam" "Yes" {
fileinto :create "''${1}.Junk";
stop;
} else {
fileinto :create "''${1}";
}
}
}
'';
in { in {
imports = [ imports = [
./dns.nix ./dns.nix
@ -260,21 +360,7 @@ in {
lmtpSaveToDetailMailbox = "yes"; lmtpSaveToDetailMailbox = "yes";
extraVirtualAliases = { extraVirtualAliases = create_skynet_service_mailboxes;
"abuse@skynet.ie" = create_skynet_email_admin "abuse";
"accounts@skynet.ie" = create_skynet_email_committee "accounts";
"compsoc@skynet.ie" = create_skynet_email_committee "compsoc";
"contact@skynet.ie" = create_skynet_email_committee "contact";
"dbadmin@skynet.ie" = create_skynet_email_admin "dbadmin";
"dnsadm@skynet.ie" = create_skynet_email_admin "dnsadm";
"hostmaster@skynet.ie" = create_skynet_email_admin "hostmaster";
"intersocsrep@skynet.ie" = create_skynet_email_committee "intersocsrep";
"mailman@skynet.ie" = create_skynet_email_admin "mailman";
"security@skynet.ie" = create_skynet_email_admin "security";
"sysadm@skynet.ie" = create_skynet_email_admin "sysadm";
"webadmin@skynet.ie" = create_skynet_email_admin "webadmin";
"pycon2023@skynet.ie" = create_skynet_email_committee "pycon2023";
};
# use the letsencrypt certs # use the letsencrypt certs
certificateScheme = "acme"; certificateScheme = "acme";
@ -315,6 +401,10 @@ in {
]; ];
}; };
services.dovecot2.sieveScripts = {
before = configFile;
};
# tune the spam filter # tune the spam filter
/* /*
services.rspamd.extraConfig = '' services.rspamd.extraConfig = ''

View file

@ -10,6 +10,7 @@ Gonna use a priper nixos module for this
}: }:
with lib; let with lib; let
cfg = config.services.skynet_ldap; cfg = config.services.skynet_ldap;
domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
in { in {
# these are needed for teh program in question # these are needed for teh program in question
imports = [ imports = [
@ -79,7 +80,7 @@ in {
}; };
skynet_acme.domains = [ skynet_acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" domain
]; ];
skynet_dns.records = [ skynet_dns.records = [
@ -97,7 +98,7 @@ in {
]; ];
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { ${domain} = {
forceSSL = true; forceSSL = true;
useACMEHost = "skynet"; useACMEHost = "skynet";
locations."/" = { locations."/" = {
@ -190,29 +191,33 @@ in {
olcRootDN = "cn=admin,${cfg.base}"; olcRootDN = "cn=admin,${cfg.base}";
olcRootPW.path = config.age.secrets.ldap_pw.path; olcRootPW.path = config.age.secrets.ldap_pw.path;
#olcOverlay = "memberof";
olcAccess = [ olcAccess = [
/* /*
custom access rules for userPassword attributes custom access rules for userPassword attributes
*/ */
'' {0}to attrs=userPassword ''
by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage {0}to attrs=userPassword
by self write by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
by anonymous auth by self write
by * none'' by anonymous auth
by * none
''
'' {1}to attrs=mail,sshPublicKey,cn,sn,skDiscord ''
by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage {1}to attrs=mail,sshPublicKey,cn,sn
by self write by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
by * read'' by self write
by * read
''
/* /*
allow read on anything else allow read on anything else
*/ */
'' {2}to * ''
by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage {2}to *
by * read'' by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
by * read
''
]; ];
}; };

View file

@ -24,24 +24,12 @@ olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.4.1
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
) )
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.5.1
NAME 'skDiscord'
DESC 'Discord username'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.6.1 olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.6.1
NAME 'skCreated' NAME 'skCreated'
DESC 'When the account was created' DESC 'When the account was created'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
) )
#olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.7.1
# NAME 'skEnabled'
# DESC 'TRUE/FALSE'
# EQUALITY booleanMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
# )
# https://github.com/variablenix/ldap-mail-schema/blob/master/quota.schema # https://github.com/variablenix/ldap-mail-schema/blob/master/quota.schema
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.8.1 olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.8.1
NAME 'quotaEmail' NAME 'quotaEmail'
@ -55,16 +43,10 @@ olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.9.1
EQUALITY caseIgnoreIA5Match EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255}
) )
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.10.1
NAME 'skSecure'
DESC '1 if secure'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
olcObjectClasses: ( 1.3.6.1.4.1.24441.1.1.1 olcObjectClasses: ( 1.3.6.1.4.1.24441.1.1.1
NAME 'skPerson' NAME 'skPerson'
DESC 'skynet person' DESC 'skynet person'
SUP top AUXILIARY SUP top AUXILIARY
MUST ( skMail $ skCreated ) MUST ( skMail $ skCreated )
MAY ( skMemberOf $ skID $ skDiscord $ quotaEmail $ quotaDisk $ skSecure ) MAY ( skMemberOf $ skID $ quotaEmail $ quotaDisk )
) )

View file

@ -78,6 +78,7 @@ in {
alias = "/home/$user/public_html/"; alias = "/home/$user/public_html/";
index = "index.html"; index = "index.html";
extraConfig = "autoindex on;"; extraConfig = "autoindex on;";
tryFiles = "$uri$args $uri$args/ /index.html";
}; };
}; };
}; };

View file

@ -107,11 +107,11 @@
}, },
"locked": { "locked": {
"host": "gitlab.skynet.ie", "host": "gitlab.skynet.ie",
"lastModified": 1697300433, "lastModified": 1697993126,
"narHash": "sha256-8UK1CHBeaADEwqW6T0gJu5F6ydKe3auqrsZAKy551+0=", "narHash": "sha256-GwuYt20MwyM5IMW5yurlTqpsw2AmGq7HfZH+oGMoYaM=",
"owner": "compsoc1%2Fcompsoc", "owner": "compsoc1%2Fcompsoc",
"repo": "presentations", "repo": "presentations",
"rev": "64c7b24ff78637d9179d04f73189e76ad5d71beb", "rev": "a49b85236858ff9ec26222b5b726226691dc7eac",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -657,11 +657,11 @@
}, },
"locked": { "locked": {
"host": "gitlab.skynet.ie", "host": "gitlab.skynet.ie",
"lastModified": 1696234972, "lastModified": 1698165887,
"narHash": "sha256-8Syf1OEUBmaaApKsjkp0bVX4AjVkm64aGZKzoRn7wGM=", "narHash": "sha256-eHmW39g6m+OlgAqPkRL4FKGKEkD/Ot/+OYGatDZxg3M=",
"owner": "compsoc1%2Fskynet", "owner": "compsoc1%2Fskynet",
"repo": "discord-bot", "repo": "discord-bot",
"rev": "b0028959ff83c3fcc39410496fe2017b8772aff8", "rev": "4125ad634f7b83a026784301c0088f09521330f5",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -679,11 +679,11 @@
}, },
"locked": { "locked": {
"host": "gitlab.skynet.ie", "host": "gitlab.skynet.ie",
"lastModified": 1697743642, "lastModified": 1698255058,
"narHash": "sha256-c2CW9BLDzGRAHJGkbxQGYQI6MUKttOGAJrMbXT8eR5Y=", "narHash": "sha256-qtvTnfL0XXZWA+I14D9eRL9Ir2G6WhIkRSiRV7GOfdw=",
"owner": "compsoc1%2Fskynet", "owner": "compsoc1%2Fskynet",
"repo": "ldap%2Fbackend", "repo": "ldap%2Fbackend",
"rev": "6cc97eccb2057d9d2c42955726263fa900f7817a", "rev": "20d79e427afa460b13ef7d986d5d351548a5c91e",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {

1
mailmap Normal file
View file

@ -0,0 +1 @@
Brendan Golden <silver@skynet.ie> <git_laptop@brendan.ie> <git@brendan.ie>