Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: formatting and tidying up

Browse source
This commit is contained in:
silver 2023-06-15 21:38:42 +01:00
parent 144b572b1b
commit 775d6412af
9 changed files with 8 additions and 98 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
applications/acme.nix
View file

@ -1,4 +1,4 @@
{ { config, ... }:{
# group that will own the certificates # group that will own the certificates
users.groups.acme = {}; users.groups.acme = {};
@ -10,11 +10,9 @@
defaults = { defaults = {
email = "admin_acme@skynet.ie"; email = "admin_acme@skynet.ie";
# we use our own dns authorative server for verifying we own the domain.
dnsProvider = "rfc2136"; dnsProvider = "rfc2136";
credentialsFile = "/run/agenix/acme"; credentialsFile = config.age.secrets.acme.path;
# We don't need to wait for propagation since this is a local DNS server
dnsPropagationCheck = true;
}; };
certs = { certs = {
@ -25,13 +23,6 @@
"*.minecraft.games.skynet.ie" "*.minecraft.games.skynet.ie"
]; ];
}; };
# temp basis
#"ulcompsoc.ie" = {
# domain = "ulcompsoc.ie";
# extraDomainNames = ["*.ulcompsoc.ie" ];
#};
}; };
}; };
} }

44
applications/dns/example
View file

@ -1,44 +0,0 @@
; use this file as an example of how to config zone files
$TTL 60 ; 1 minute
@ IN SOA ns1.skynet.ie. hostmaster.skynet.ie. (
2023011701 ; Serial (YYYYMMDDCC)
600 ; Refresh (10 minutes)
300 ; Retry (5 minutes)
2419200 ; Expire (4 weeks)
3600 ; Minimum (1 hour)
)
NS ns1.skynet.ie.
NS ns2.skynet.ie.
;A 193.1.99.76
MX 5 mail.skynet.ie.
; can have multiple mailserves
;MX 20 mail2.skynet.ie.
; ------------------------------------------
; Server Names
; ------------------------------------------
; External addresses
; ------------------------------------------
agentjones A 193.1.99.72
; this is fixed for now
wintermute A 193.1.101.148
; internal addresses
; ------------------------------------------
; May come back to this idea in teh future
; agentjones.int A 172.20.20.1
; cname's
; ------------------------------------------
; ns1 CNAME ns1

1
applications/games/minecraft.nix
View file

@ -3,6 +3,7 @@
let let
cfg = config.services.skynet_games_minecraft; cfg = config.services.skynet_games_minecraft;
# got tired of how long this is so I created a var for it.
short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
in { in {

10
applications/gitlab.nix
View file

@ -109,21 +109,15 @@
services.openssh.ports = [ 22 2222 ]; services.openssh.ports = [ 22 2222 ];
services.nginx. virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
forceSSL = true; forceSSL = true;
useACMEHost = "skynet"; useACMEHost = "skynet";
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
}; };
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
# "gitlab-ee"
];
services.gitlab = { services.gitlab = {
enable = true; enable = true;
#packages.gitlab = pkgs.gitlab-ee;
databasePasswordFile = config.age.secrets.gitlab_db_pw.path; databasePasswordFile = config.age.secrets.gitlab_db_pw.path;
initialRootPasswordFile = config.age.secrets.gitlab_pw.path; initialRootPasswordFile = config.age.secrets.gitlab_pw.path;
https = true; https = true;
@ -139,7 +133,6 @@
#}; #};
secrets = { secrets = {
dbFile = config.age.secrets.gitlab_secrets_db.path; dbFile = config.age.secrets.gitlab_secrets_db.path;
# these must be backed up for future
secretFile = config.age.secrets.gitlab_secrets_secret.path; secretFile = config.age.secrets.gitlab_secrets_secret.path;
otpFile = config.age.secrets.gitlab_secrets_otp.path; otpFile = config.age.secrets.gitlab_secrets_otp.path;
jwsFile = config.age.secrets.gitlab_secrets_jws.path; jwsFile = config.age.secrets.gitlab_secrets_jws.path;
@ -159,7 +152,6 @@
uid = "uid"; uid = "uid";
encryption = "simple_tls"; encryption = "simple_tls";
active_directory = false; active_directory = false;
#base = "ou=users,${cfg.ldap.base}?sub?(|(skMemberOf=cn=skynet-users,ou=groups,${cfg.ldap.base}))";
base = "ou=users,${cfg.ldap.base}"; base = "ou=users,${cfg.ldap.base}";
user_filter = "(memberOf=cn=skynet-users,ou=groups,${cfg.ldap.base}))"; user_filter = "(memberOf=cn=skynet-users,ou=groups,${cfg.ldap.base}))";

2
applications/ldap.nix
View file

@ -103,13 +103,11 @@ Gonna use a priper nixos module for this
services.openldap = { services.openldap = {
# backup /var/lib/openldap/slapd.d # backup /var/lib/openldap/slapd.d
enable = true; enable = true;
/* enable plain and secure connections */ /* enable plain and secure connections */
urlList = [ "ldap:///" "ldaps:///" ]; urlList = [ "ldap:///" "ldaps:///" ];
settings = { settings = {
attrs = { attrs = {
olcLogLevel = "conns config"; olcLogLevel = "conns config";

1
applications/ldap_client.nix
View file

@ -3,7 +3,6 @@
let let
cfg = config.services.skynet_ldap_client; cfg = config.services.skynet_ldap_client;
# always ensure the admin group has access # always ensure the admin group has access
create_filter_check_admin = (x: if !(builtins.elem "skynet-admins" x) then x ++ ["skynet-admins"] else x); create_filter_check_admin = (x: if !(builtins.elem "skynet-admins" x) then x ++ ["skynet-admins"] else x);

14
flake.nix
View file

@ -9,7 +9,6 @@
# utility stuff # utility stuff
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
# this is the last stable hash that works for 22.11
arion.url = "github:hercules-ci/arion"; arion.url = "github:hercules-ci/arion";
}; };
@ -35,16 +34,6 @@
]; ];
}; };
/* TODO:
vm host
jarvis.skynet.ie
193.1.99.73
172.20.20.2
ports
22, 80
none
*/
# firewall machiene # firewall machiene
agentjones = import ./machines/agentjones.nix; agentjones = import ./machines/agentjones.nix;
@ -54,9 +43,6 @@
# ns1 # ns1
vigil = import ./machines/vigil.nix; vigil = import ./machines/vigil.nix;
# wireguard
#ash = import ./machines/ash.nix;
# icecast - ULFM # icecast - ULFM
galatea = import ./machines/galatea.nix; galatea = import ./machines/galatea.nix;

18
machines/_base.nix
View file

@ -34,7 +34,7 @@
]; ];
}; };
# skynet-admin will always be added, individual servers can override the grpoups option # skynet-admin-linux will always be added, individual servers can override the groups option
services.skynet_ldap_client.enable = true; services.skynet_ldap_client.enable = true;
networking = { networking = {
@ -50,23 +50,11 @@
"193.1.99.120" "193.1.99.120"
# ns2 # ns2
"193.1.99.109" "193.1.99.109"
# Cloudflare
#"1.1.1.1"
# Google
#"8.8.8.8"
# Quad9
#"9.9.9.9"
]; ];
}; };
# make sure resolved uses our dns servers # use teh above nameservers as the fallback dns
services.resolved = { services.resolved.fallbackDns = config.networking.nameservers;
#enable = true;
# use teh above nameservers as the fallback dns
fallbackDns = config.networking.nameservers;
};
environment.systemPackages = [ environment.systemPackages = [
# for flakes # for flakes

1
machines/agentjones.nix
View file

@ -43,7 +43,6 @@ in {
]; ];
}; };
# keep the wired usb connection alive (front panel) # keep the wired usb connection alive (front panel)
networking.interfaces.enp0s29u1u5u2.useDHCP = true; networking.interfaces.enp0s29u1u5u2.useDHCP = true;