From 775d6412af4446f5a792989208fcdd54285a1ec3 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git@brendan.ie>
Date: Thu, 15 Jun 2023 21:38:42 +0100
Subject: [PATCH] fix: formatting and tidying up

---
 applications/acme.nix            | 15 +++--------
 applications/dns/example         | 44 --------------------------------
 applications/games/minecraft.nix |  1 +
 applications/gitlab.nix          | 10 +-------
 applications/ldap.nix            |  2 --
 applications/ldap_client.nix     |  1 -
 flake.nix                        | 14 ----------
 machines/_base.nix               | 18 +++----------
 machines/agentjones.nix          |  1 -
 9 files changed, 8 insertions(+), 98 deletions(-)
 delete mode 100644 applications/dns/example

diff --git a/applications/acme.nix b/applications/acme.nix
index 4177f1b..d31b6ab 100644
--- a/applications/acme.nix
+++ b/applications/acme.nix
@@ -1,4 +1,4 @@
-{
+{ config, ... }:{
   # group that will own the certificates
   users.groups.acme = {};
 
@@ -10,11 +10,9 @@
 
     defaults = {
       email = "admin_acme@skynet.ie";
+      # we use our own dns authorative server for verifying we own the domain.
       dnsProvider = "rfc2136";
-      credentialsFile = "/run/agenix/acme";
-
-      # We don't need to wait for propagation since this is a local DNS server
-      dnsPropagationCheck = true;
+      credentialsFile = config.age.secrets.acme.path;
     };
 
     certs = {
@@ -25,13 +23,6 @@
           "*.minecraft.games.skynet.ie"
         ];
       };
-
-
-      # temp basis
-      #"ulcompsoc.ie" = {
-      #  domain = "ulcompsoc.ie";
-      #  extraDomainNames = ["*.ulcompsoc.ie" ];
-      #};
     };
   };
 }
diff --git a/applications/dns/example b/applications/dns/example
deleted file mode 100644
index 7a60345..0000000
--- a/applications/dns/example
+++ /dev/null
@@ -1,44 +0,0 @@
-; use this file as an example of how to config zone files
-
-$TTL 60  ; 1 minute
-@   IN SOA  ns1.skynet.ie. hostmaster.skynet.ie. (
-      2023011701 ; Serial (YYYYMMDDCC)
-      600        ; Refresh (10 minutes)
-      300        ; Retry (5 minutes)
-      2419200    ; Expire (4 weeks)
-      3600       ; Minimum (1 hour)
-    )
-    NS  ns1.skynet.ie.
-    NS  ns2.skynet.ie.
-    ;A  193.1.99.76
-    MX  5 mail.skynet.ie.
-
-    ; can have multiple mailserves
-    ;MX  20 mail2.skynet.ie.
-
-
-; ------------------------------------------
-; Server Names
-; ------------------------------------------
-
-; External addresses
-; ------------------------------------------
-agentjones      A       193.1.99.72
-
-
-; this is fixed for now
-wintermute      A       193.1.101.148
-
-
-; internal addresses
-; ------------------------------------------
-; May come back to this idea in teh future
-; agentjones.int  A       172.20.20.1
-
-
-; cname's
-; ------------------------------------------
-; ns1                      CNAME   ns1
-
-
-
diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix
index 8793be5..4458b0b 100644
--- a/applications/games/minecraft.nix
+++ b/applications/games/minecraft.nix
@@ -3,6 +3,7 @@
   let
     cfg = config.services.skynet_games_minecraft;
 
+    # got tired of how long this is so I created a var for it.
     short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
   in {
 
diff --git a/applications/gitlab.nix b/applications/gitlab.nix
index 5e9dff0..0e6ea4a 100644
--- a/applications/gitlab.nix
+++ b/applications/gitlab.nix
@@ -109,21 +109,15 @@
 
     services.openssh.ports = [ 22 2222 ];
 
-    services.nginx. virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
+    services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
       forceSSL = true;
       useACMEHost = "skynet";
       locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
     };
 
-    nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
-     # "gitlab-ee"
-    ];
-
     services.gitlab = {
       enable = true;
 
-      #packages.gitlab = pkgs.gitlab-ee;
-
       databasePasswordFile = config.age.secrets.gitlab_db_pw.path;
       initialRootPasswordFile = config.age.secrets.gitlab_pw.path;
       https = true;
@@ -139,7 +133,6 @@
       #};
       secrets = {
         dbFile = config.age.secrets.gitlab_secrets_db.path;
-        # these must be backed up for future
         secretFile = config.age.secrets.gitlab_secrets_secret.path;
         otpFile = config.age.secrets.gitlab_secrets_otp.path;
         jwsFile = config.age.secrets.gitlab_secrets_jws.path;
@@ -159,7 +152,6 @@
               uid = "uid";
               encryption = "simple_tls";
               active_directory = false;
-              #base = "ou=users,${cfg.ldap.base}?sub?(|(skMemberOf=cn=skynet-users,ou=groups,${cfg.ldap.base}))";
               base = "ou=users,${cfg.ldap.base}";
               user_filter = "(memberOf=cn=skynet-users,ou=groups,${cfg.ldap.base}))";
 
diff --git a/applications/ldap.nix b/applications/ldap.nix
index 18ee1b1..4b35d7f 100644
--- a/applications/ldap.nix
+++ b/applications/ldap.nix
@@ -103,13 +103,11 @@ Gonna use a priper nixos module for this
     services.openldap = {
       # backup /var/lib/openldap/slapd.d
 
-
       enable = true;
 
       /* enable plain and secure connections */
       urlList = [ "ldap:///" "ldaps:///" ];
 
-
       settings = {
         attrs = {
           olcLogLevel = "conns config";
diff --git a/applications/ldap_client.nix b/applications/ldap_client.nix
index 354bcac..1073834 100644
--- a/applications/ldap_client.nix
+++ b/applications/ldap_client.nix
@@ -3,7 +3,6 @@
   let
     cfg = config.services.skynet_ldap_client;
 
-
     # always ensure the admin group has access
     create_filter_check_admin = (x: if !(builtins.elem "skynet-admins" x) then x ++ ["skynet-admins"] else x);
 
diff --git a/flake.nix b/flake.nix
index 2418bcc..d07df68 100644
--- a/flake.nix
+++ b/flake.nix
@@ -9,7 +9,6 @@
     # utility stuff
     flake-utils.url = "github:numtide/flake-utils";
     agenix.url = "github:ryantm/agenix";
-    # this is the last stable hash that works for 22.11
     arion.url = "github:hercules-ci/arion";
 
   };
@@ -35,16 +34,6 @@
         ];
       };
 
-      /* TODO:
-      vm host
-        jarvis.skynet.ie
-        193.1.99.73
-        172.20.20.2
-        ports
-          22, 80
-          none
-      */
-
       # firewall machiene
       agentjones = import ./machines/agentjones.nix;
 
@@ -54,9 +43,6 @@
       # ns1
       vigil = import ./machines/vigil.nix;
 
-      # wireguard
-      #ash = import ./machines/ash.nix;
-
       # icecast - ULFM
       galatea = import ./machines/galatea.nix;
 
diff --git a/machines/_base.nix b/machines/_base.nix
index 09b7bf2..4a7be77 100644
--- a/machines/_base.nix
+++ b/machines/_base.nix
@@ -34,7 +34,7 @@
     ];
   };
 
-  # skynet-admin will always be added, individual servers can override the grpoups option
+  # skynet-admin-linux will always be added, individual servers can override the groups option
   services.skynet_ldap_client.enable = true;
 
   networking = {
@@ -50,23 +50,11 @@
       "193.1.99.120"
       # ns2
       "193.1.99.109"
-
-      # Cloudflare
-      #"1.1.1.1"
-      # Google
-      #"8.8.8.8"
-      # Quad9
-      #"9.9.9.9"
     ];
   };
 
-  # make sure resolved uses our dns servers
-  services.resolved = {
-    #enable = true;
-    # use teh above nameservers as the fallback dns
-    fallbackDns = config.networking.nameservers;
-  };
-
+  # use teh above nameservers as the fallback dns
+  services.resolved.fallbackDns = config.networking.nameservers;
 
   environment.systemPackages = [
     # for flakes
diff --git a/machines/agentjones.nix b/machines/agentjones.nix
index 843789a..68617e1 100644
--- a/machines/agentjones.nix
+++ b/machines/agentjones.nix
@@ -43,7 +43,6 @@ in {
     ];
   };
 
-
   # keep the wired usb connection alive (front panel)
   networking.interfaces.enp0s29u1u5u2.useDHCP = true;