Merge branch 'main' into '#35_add_nextcloud'
# Conflicts: # ITD_Firewall.csv
This commit is contained in:
commit
422ee6b2c8
8 changed files with 163 additions and 65 deletions
|
@ -7,9 +7,9 @@ SKYNET00005,galatea,193.1.99.111,galatea/stream,80/443 8000,"","",ULFM Radio
|
||||||
SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,"","",Games server
|
SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,"","",Games server
|
||||||
SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,"",80/443,i23-07-28_010,LDAP and Self-Service Password/Account management
|
SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,"",80/443,i23-07-28_010,LDAP and Self-Service Password/Account management
|
||||||
SKYNET00008,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,2222,i23-05-18_249,Gitlab server
|
SKYNET00008,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,2222,i23-05-18_249,Gitlab server
|
||||||
SKYNET00009,gir,193.1.99.76,gir/mail,80/443 25/143/993/587/465,"",i23-06-19_525/i23-06-19_525,Email and Webmail
|
SKYNET00009,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,"",i23-06-19_525/i23-06-19_525,Email and Webmail
|
||||||
SKYNET00010,wheatly,193.1.99.78,wheatly,"","","",Gitlab Runner
|
SKYNET00010,wheatly,193.1.99.78,wheatly,"","","",Gitlab Runner
|
||||||
SKYNET00011,skynet_internal,193.1.99.79,skynet/skynet.int,80/443,"",i23-06-19_525,"Skynet server, Temp until I can get the DMZ setup properly on my end"
|
SKYNET00011,earth,193.1.99.79,earth,80/443,"",i23-06-19_525,Offical website host
|
||||||
SKYNET00012,skynet_dmz,193.1.96.165,skynet,22 80/443,"",i23-06-30_024,Skynet server.
|
SKYNET00012,skynet,193.1.96.165,skynet,22 80/443,"",i23-06-30_024,Skynet server. (DMZ)
|
||||||
SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server
|
SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server
|
||||||
SKYNET00014,cadie,193.1.99.77,cadie,"","80/443","","Services VM, has nextcloud to start with"
|
SKYNET00014,cadie,193.1.99.77,cadie,"","80/443","","Services VM, has nextcloud to start with"
|
|
19
Possible_Server_Names.md
Normal file
19
Possible_Server_Names.md
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
https://web.archive.org/web/20180815150202/https://wiki.skynet.ie/Admin/SkynetMachines
|
||||||
|
https://en.m.wikipedia.org/wiki/Category:Fictional_artificial_intelligences
|
||||||
|
|
||||||
|
* agentsmith
|
||||||
|
* skynet
|
||||||
|
* caro
|
||||||
|
* Lowe - https://westworld.fandom.com/wiki/Bernard_Lowe
|
||||||
|
* ultron
|
||||||
|
* walle
|
||||||
|
* eve
|
||||||
|
* calculon
|
||||||
|
* deepthought
|
||||||
|
* earth
|
||||||
|
* flexo
|
||||||
|
* bender
|
||||||
|
* marvin
|
||||||
|
* kitt
|
||||||
|
* wopr
|
||||||
|
* wintermute
|
|
@ -16,10 +16,110 @@ with lib; let
|
||||||
# thought you could escape racket?
|
# thought you could escape racket?
|
||||||
create_filter = groups: create_filter_join (create_filter_array groups);
|
create_filter = groups: create_filter_join (create_filter_array groups);
|
||||||
|
|
||||||
create_skynet_email = accounts: mailbox: (map (account: "${account}+${mailbox}@skynet.ie") accounts);
|
# using +mailbox puts the mail in a seperate folder
|
||||||
|
create_skynet_email_int = accounts: mailbox: (map (account: "${account}@skynet.ie") accounts);
|
||||||
|
groups_to_accounts = groups: builtins.concatMap (x: config.skynet.users.${x}) groups;
|
||||||
|
create_skynet_email_attribute = mailbox: groups: (create_skynet_email_int (groups_to_accounts groups) mailbox) ++ ["int_${mailbox}@skynet.ie"];
|
||||||
|
create_skynet_email = mailbox: groups: {
|
||||||
|
name = "${mailbox}@skynet.ie";
|
||||||
|
value = create_skynet_email_attribute mailbox groups;
|
||||||
|
};
|
||||||
|
create_skynet_service_mailboxes = builtins.listToAttrs (map (mailbox: (create_skynet_email mailbox.account mailbox.members)) service_mailboxes);
|
||||||
|
|
||||||
create_skynet_email_admin = mailbox: (create_skynet_email config.skynet.users.admin mailbox) ++ ["${mailbox}_int@skynet.ie"];
|
create_config_to = concatStringsSep "\",\"" (map (mailbox: "${mailbox.account}") service_mailboxes);
|
||||||
create_skynet_email_committee = mailbox: (create_skynet_email config.skynet.users.committee mailbox) ++ ["${mailbox}_int@skynet.ie"];
|
|
||||||
|
service_mailboxes = [
|
||||||
|
{
|
||||||
|
account = "root";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "abuse";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "accounts";
|
||||||
|
members = ["committee"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "compsoc";
|
||||||
|
members = ["committee"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "contact";
|
||||||
|
members = ["committee"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "dbadmin";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "dnsadm";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "hostmaster";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "intersocsrep";
|
||||||
|
members = ["committee"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "mailman";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "security";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "sysadm";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "webadmin";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "pycon2023";
|
||||||
|
members = ["committee"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "skynet_topdesk";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
account = "topdesk";
|
||||||
|
members = ["admin"];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
configFile =
|
||||||
|
pkgs.writeText "basic_sieve"
|
||||||
|
''
|
||||||
|
require "copy";
|
||||||
|
require "mailbox";
|
||||||
|
require "imap4flags";
|
||||||
|
require ["fileinto", "reject"];
|
||||||
|
require "variables";
|
||||||
|
require "regex";
|
||||||
|
|
||||||
|
# this should be close to teh last step
|
||||||
|
if allof (
|
||||||
|
address :localpart ["To"] ["${toString create_config_to}"],
|
||||||
|
address :domain ["To"] "skynet.ie"
|
||||||
|
){
|
||||||
|
if address :matches ["To"] "*@skynet.ie" {
|
||||||
|
if header :is "X-Spam" "Yes" {
|
||||||
|
fileinto :create "''${1}.Junk";
|
||||||
|
stop;
|
||||||
|
} else {
|
||||||
|
fileinto :create "''${1}";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'';
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./dns.nix
|
./dns.nix
|
||||||
|
@ -260,21 +360,7 @@ in {
|
||||||
|
|
||||||
lmtpSaveToDetailMailbox = "yes";
|
lmtpSaveToDetailMailbox = "yes";
|
||||||
|
|
||||||
extraVirtualAliases = {
|
extraVirtualAliases = create_skynet_service_mailboxes;
|
||||||
"abuse@skynet.ie" = create_skynet_email_admin "abuse";
|
|
||||||
"accounts@skynet.ie" = create_skynet_email_committee "accounts";
|
|
||||||
"compsoc@skynet.ie" = create_skynet_email_committee "compsoc";
|
|
||||||
"contact@skynet.ie" = create_skynet_email_committee "contact";
|
|
||||||
"dbadmin@skynet.ie" = create_skynet_email_admin "dbadmin";
|
|
||||||
"dnsadm@skynet.ie" = create_skynet_email_admin "dnsadm";
|
|
||||||
"hostmaster@skynet.ie" = create_skynet_email_admin "hostmaster";
|
|
||||||
"intersocsrep@skynet.ie" = create_skynet_email_committee "intersocsrep";
|
|
||||||
"mailman@skynet.ie" = create_skynet_email_admin "mailman";
|
|
||||||
"security@skynet.ie" = create_skynet_email_admin "security";
|
|
||||||
"sysadm@skynet.ie" = create_skynet_email_admin "sysadm";
|
|
||||||
"webadmin@skynet.ie" = create_skynet_email_admin "webadmin";
|
|
||||||
"pycon2023@skynet.ie" = create_skynet_email_committee "pycon2023";
|
|
||||||
};
|
|
||||||
|
|
||||||
# use the letsencrypt certs
|
# use the letsencrypt certs
|
||||||
certificateScheme = "acme";
|
certificateScheme = "acme";
|
||||||
|
@ -315,6 +401,10 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.dovecot2.sieveScripts = {
|
||||||
|
before = configFile;
|
||||||
|
};
|
||||||
|
|
||||||
# tune the spam filter
|
# tune the spam filter
|
||||||
/*
|
/*
|
||||||
services.rspamd.extraConfig = ''
|
services.rspamd.extraConfig = ''
|
||||||
|
|
|
@ -10,6 +10,7 @@ Gonna use a priper nixos module for this
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.services.skynet_ldap;
|
cfg = config.services.skynet_ldap;
|
||||||
|
domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
|
||||||
in {
|
in {
|
||||||
# these are needed for teh program in question
|
# these are needed for teh program in question
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -79,7 +80,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
skynet_acme.domains = [
|
skynet_acme.domains = [
|
||||||
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
|
domain
|
||||||
];
|
];
|
||||||
|
|
||||||
skynet_dns.records = [
|
skynet_dns.records = [
|
||||||
|
@ -97,7 +98,7 @@ in {
|
||||||
];
|
];
|
||||||
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
|
${domain} = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "skynet";
|
useACMEHost = "skynet";
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
|
@ -190,29 +191,33 @@ in {
|
||||||
olcRootDN = "cn=admin,${cfg.base}";
|
olcRootDN = "cn=admin,${cfg.base}";
|
||||||
olcRootPW.path = config.age.secrets.ldap_pw.path;
|
olcRootPW.path = config.age.secrets.ldap_pw.path;
|
||||||
|
|
||||||
#olcOverlay = "memberof";
|
|
||||||
|
|
||||||
olcAccess = [
|
olcAccess = [
|
||||||
/*
|
/*
|
||||||
custom access rules for userPassword attributes
|
custom access rules for userPassword attributes
|
||||||
*/
|
*/
|
||||||
'' {0}to attrs=userPassword
|
''
|
||||||
by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
|
{0}to attrs=userPassword
|
||||||
by self write
|
by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
|
||||||
by anonymous auth
|
by self write
|
||||||
by * none''
|
by anonymous auth
|
||||||
|
by * none
|
||||||
|
''
|
||||||
|
|
||||||
'' {1}to attrs=mail,sshPublicKey,cn,sn,skDiscord
|
''
|
||||||
by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
|
{1}to attrs=mail,sshPublicKey,cn,sn
|
||||||
by self write
|
by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
|
||||||
by * read''
|
by self write
|
||||||
|
by * read
|
||||||
|
''
|
||||||
|
|
||||||
/*
|
/*
|
||||||
allow read on anything else
|
allow read on anything else
|
||||||
*/
|
*/
|
||||||
'' {2}to *
|
''
|
||||||
by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
|
{2}to *
|
||||||
by * read''
|
by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
|
||||||
|
by * read
|
||||||
|
''
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -24,24 +24,12 @@ olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.4.1
|
||||||
EQUALITY caseIgnoreMatch
|
EQUALITY caseIgnoreMatch
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
||||||
)
|
)
|
||||||
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.5.1
|
|
||||||
NAME 'skDiscord'
|
|
||||||
DESC 'Discord username'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
||||||
)
|
|
||||||
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.6.1
|
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.6.1
|
||||||
NAME 'skCreated'
|
NAME 'skCreated'
|
||||||
DESC 'When the account was created'
|
DESC 'When the account was created'
|
||||||
EQUALITY caseIgnoreMatch
|
EQUALITY caseIgnoreMatch
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
||||||
)
|
)
|
||||||
#olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.7.1
|
|
||||||
# NAME 'skEnabled'
|
|
||||||
# DESC 'TRUE/FALSE'
|
|
||||||
# EQUALITY booleanMatch
|
|
||||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
|
||||||
# )
|
|
||||||
# https://github.com/variablenix/ldap-mail-schema/blob/master/quota.schema
|
# https://github.com/variablenix/ldap-mail-schema/blob/master/quota.schema
|
||||||
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.8.1
|
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.8.1
|
||||||
NAME 'quotaEmail'
|
NAME 'quotaEmail'
|
||||||
|
@ -55,16 +43,10 @@ olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.9.1
|
||||||
EQUALITY caseIgnoreIA5Match
|
EQUALITY caseIgnoreIA5Match
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255}
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255}
|
||||||
)
|
)
|
||||||
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.10.1
|
|
||||||
NAME 'skSecure'
|
|
||||||
DESC '1 if secure'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
||||||
)
|
|
||||||
olcObjectClasses: ( 1.3.6.1.4.1.24441.1.1.1
|
olcObjectClasses: ( 1.3.6.1.4.1.24441.1.1.1
|
||||||
NAME 'skPerson'
|
NAME 'skPerson'
|
||||||
DESC 'skynet person'
|
DESC 'skynet person'
|
||||||
SUP top AUXILIARY
|
SUP top AUXILIARY
|
||||||
MUST ( skMail $ skCreated )
|
MUST ( skMail $ skCreated )
|
||||||
MAY ( skMemberOf $ skID $ skDiscord $ quotaEmail $ quotaDisk $ skSecure )
|
MAY ( skMemberOf $ skID $ quotaEmail $ quotaDisk )
|
||||||
)
|
)
|
||||||
|
|
|
@ -78,6 +78,7 @@ in {
|
||||||
alias = "/home/$user/public_html/";
|
alias = "/home/$user/public_html/";
|
||||||
index = "index.html";
|
index = "index.html";
|
||||||
extraConfig = "autoindex on;";
|
extraConfig = "autoindex on;";
|
||||||
|
tryFiles = "$uri$args $uri$args/ /index.html";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
18
flake.lock
18
flake.lock
|
@ -107,11 +107,11 @@
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"host": "gitlab.skynet.ie",
|
"host": "gitlab.skynet.ie",
|
||||||
"lastModified": 1697300433,
|
"lastModified": 1697993126,
|
||||||
"narHash": "sha256-8UK1CHBeaADEwqW6T0gJu5F6ydKe3auqrsZAKy551+0=",
|
"narHash": "sha256-GwuYt20MwyM5IMW5yurlTqpsw2AmGq7HfZH+oGMoYaM=",
|
||||||
"owner": "compsoc1%2Fcompsoc",
|
"owner": "compsoc1%2Fcompsoc",
|
||||||
"repo": "presentations",
|
"repo": "presentations",
|
||||||
"rev": "64c7b24ff78637d9179d04f73189e76ad5d71beb",
|
"rev": "a49b85236858ff9ec26222b5b726226691dc7eac",
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -657,11 +657,11 @@
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"host": "gitlab.skynet.ie",
|
"host": "gitlab.skynet.ie",
|
||||||
"lastModified": 1696234972,
|
"lastModified": 1698165887,
|
||||||
"narHash": "sha256-8Syf1OEUBmaaApKsjkp0bVX4AjVkm64aGZKzoRn7wGM=",
|
"narHash": "sha256-eHmW39g6m+OlgAqPkRL4FKGKEkD/Ot/+OYGatDZxg3M=",
|
||||||
"owner": "compsoc1%2Fskynet",
|
"owner": "compsoc1%2Fskynet",
|
||||||
"repo": "discord-bot",
|
"repo": "discord-bot",
|
||||||
"rev": "b0028959ff83c3fcc39410496fe2017b8772aff8",
|
"rev": "4125ad634f7b83a026784301c0088f09521330f5",
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -679,11 +679,11 @@
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"host": "gitlab.skynet.ie",
|
"host": "gitlab.skynet.ie",
|
||||||
"lastModified": 1697743642,
|
"lastModified": 1698255058,
|
||||||
"narHash": "sha256-c2CW9BLDzGRAHJGkbxQGYQI6MUKttOGAJrMbXT8eR5Y=",
|
"narHash": "sha256-qtvTnfL0XXZWA+I14D9eRL9Ir2G6WhIkRSiRV7GOfdw=",
|
||||||
"owner": "compsoc1%2Fskynet",
|
"owner": "compsoc1%2Fskynet",
|
||||||
"repo": "ldap%2Fbackend",
|
"repo": "ldap%2Fbackend",
|
||||||
"rev": "6cc97eccb2057d9d2c42955726263fa900f7817a",
|
"rev": "20d79e427afa460b13ef7d986d5d351548a5c91e",
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
1
mailmap
Normal file
1
mailmap
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Brendan Golden <silver@skynet.ie> <git_laptop@brendan.ie> <git@brendan.ie>
|
Loading…
Reference in a new issue