Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge branch '#55-non-skynet-dns' into 'main'

Browse source 
Allow DNS for non skynet.ie domains

Closes #55

See merge request compsoc1/skynet/nixos!37
This commit is contained in:
silver 2024-07-17 19:08:52 +00:00
commit abdc5b6d50
20 changed files with 342 additions and 386 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
applications/_base.nix
View file

@ -9,9 +9,24 @@ with lib; let
cfg = config.services.skynet; cfg = config.services.skynet;
in { in {
imports = [ imports = [
# every server needs to have a dns record
./dns/dns.nix
# every server should have proper certs
./acme.nix ./acme.nix
./dns.nix
./nginx.nix ./nginx.nix
# every server may need the firewall config stuff
./firewall.nix
# every server needs teh ldap client for admins
./ldap/client.nix
# every server will need the config to backup to
./restic.nix
# every server will be monitored for grafana
./prometheus.nix
]; ];
options.services.skynet = { options.services.skynet = {

1
applications/_retired/games.nix
View file

@ -10,7 +10,6 @@ with lib; let
cfg = config.services.skynet."${name}"; cfg = config.services.skynet."${name}";
in { in {
imports = [ imports = [
./dns.nix
./nginx.nix ./nginx.nix
./games/minecraft.nix ./games/minecraft.nix
]; ];

4
applications/_retired/games/minecraft.nix
View file

@ -13,10 +13,6 @@ with lib; let
short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
in { in {
imports = [ imports = [
../acme.nix
../dns.nix
../firewall.nix
../nginx.nix
inputs.arion.nixosModules.arion inputs.arion.nixosModules.arion
]; ];

3
applications/bitwarden/vaultwarden.nix
View file

@ -13,9 +13,6 @@ with lib; let
domain = "${domain_sub}.skynet.ie"; domain = "${domain_sub}.skynet.ie";
in { in {
imports = [ imports = [
../acme.nix
../dns.nix
../nginx.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

251
applications/dns.nix → applications/dns/dns.nix
View file

@ -11,10 +11,26 @@
# reads that date to a string (will need to be fixed in 2038) # reads that date to a string (will need to be fixed in 2038)
current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}"; current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}";
# this gets a list of all domains we have records for
domains = lib.lists.naturalSort (
lib.lists.unique (
lib.lists.forEach records (x: x.domain)
)
);
domains_owned = [
# for historic reasons we own this
"csn.ul.ie"
# the main one we use now
"skynet.ie"
# a backup
"ulcompsoc.ie"
];
# gets a list of records that match this type # gets a list of records that match this type
filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records; filter_records_type = records: r_type: builtins.filter (x: x.r_type == r_type) records;
filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A"); filter_records_server = records: builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type records "A");
filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A"); filter_records_a = records: builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type records "A");
process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x); process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x);
process_ptr_sub = record: { process_ptr_sub = record: {
@ -24,13 +40,24 @@
}; };
ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip); ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip);
sort_records_server = builtins.sort (a: b: a.record < b.record) filter_records_server; sort_records_server = records: builtins.sort (a: b: a.record < b.record) (filter_records_server records);
sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a; sort_records_a = records: builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) (filter_records_a records);
sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME"); sort_records_cname = records: builtins.sort (a: b: a.value < b.value) (filter_records_type records "CNAME");
sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR")); sort_records_ptr = records: builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type records "PTR"));
sort_records_srv = builtins.sort (a: b: a.record < b.record) (filter_records_type "SRV"); sort_records_srv = records: builtins.sort (a: b: a.record < b.record) (filter_records_type records "SRV");
format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records; max = x: y:
assert builtins.isInt x;
assert builtins.isInt y;
if x < y
then y
else x;
max_len = records: lib.lists.foldr (a: b: (max a b)) 0 (lib.lists.forEach records (record: lib.strings.stringLength record.record));
format_records = records: let
offset = (max_len records) + 1;
in
lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records;
# small function to trim it down a tad # small function to trim it down a tad
padString = text: length: fixedWidthString_post length " " text; padString = text: length: fixedWidthString_post length " " text;
@ -47,10 +74,10 @@
# base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie) # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
get_config_file = ( get_config_file = (
domain: '' domain: records: ''
$TTL 60 ; 1 minute $TTL 60 ; 1 minute
; hostmaster@${domain} is an email address that recieves stuff related to dns ; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${nameserver}.${domain}. hostmaster.${domain}. ( @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
${current_date} ${current_date}
600 ; Refresh (10 minutes) 600 ; Refresh (10 minutes)
@ -59,45 +86,39 @@
3600 ; Minimum (1 hour) 3600 ; Minimum (1 hour)
) )
@ NS ns1.${domain}. ; @ stands for teh root domain so teh A record below is where ${domain} points to
@ NS ns2.${domain}. @ NS ns1.skynet.ie.
; @ stands for teh root domain so teh A record below is where ${domain} points to @ NS ns2.skynet.ie.
;@ A 193.1.99.76
;@ MX 5 ${domain}.
; can have multiple mailserves
@ MX 10 mail.${domain}.
; ------------------------------------------ ; ------------------------------------------
; Server Names (A Records) ; Server Names (A Records)
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_server 31} ${format_records (sort_records_server records)}
; ------------------------------------------ ; ------------------------------------------
; A (non server names ; A (non server names
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_a 31} ${format_records (sort_records_a records)}
; ------------------------------------------ ; ------------------------------------------
; CNAMES ; CNAMES
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_cname 31} ${format_records (sort_records_cname records)}
; ------------------------------------------ ; ------------------------------------------
; TXT ; TXT
; ------------------------------------------ ; ------------------------------------------
${format_records (filter_records_type "TXT") 31} ${format_records (filter_records_type records "TXT")}
; ------------------------------------------ ; ------------------------------------------
; MX ; MX
; ------------------------------------------ ; ------------------------------------------
${format_records (filter_records_type "MX") 31} ${format_records (filter_records_type records "MX")}
; ------------------------------------------ ; ------------------------------------------
; SRV ; SRV
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_srv 65} ${format_records (sort_records_srv records)}
'' ''
@ -125,27 +146,7 @@
; ------------------------------------------ ; ------------------------------------------
; PTR ; PTR
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_ptr 3} ${format_records (sort_records_ptr records)}
''
);
# domains we dont have proper ownship over, only here to ensure the logs dont get cluttered.
get_config_file_old_domains = (
domain: ''
$TTL 60 ; 1 minute
; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
${current_date}
600 ; Refresh (10 minutes)
300 ; Retry (5 minutes)
604800 ; Expire (1 week)
3600 ; Minimum (1 hour)
)
@ NS ns1.skynet.ie.
@ NS ns2.skynet.ie.
'' ''
); );
@ -191,19 +192,28 @@
# (text.owned "csn.ul.ie") # (text.owned "csn.ul.ie")
# standard function to create the etc file, pass in the text and domain and it makes it # standard function to create the etc file, pass in the text and domain and it makes it
create_entry_etc = domain: type: create_entry_etc = domain: type: let
domain_records = lib.lists.filter (x: x.domain == domain) records;
in
if type == "owned" if type == "owned"
then create_entry_etc_sub domain (text.owned domain) then create_entry_etc_sub domain (get_config_file domain domain_records)
else if type == "reverse" else if type == "reverse"
then create_entry_etc_sub domain (text.reverse domain) then create_entry_etc_sub domain (get_config_file_rev domain)
else if type == "old"
then create_entry_etc_sub domain (text.old domain)
else {}; else {};
create_entry_zone = domain: extraConfig: { create_entry_zone = domain: let
if_primary_and_owned =
if cfg.server.primary && (lib.lists.any (item: item == domain) domains_owned)
then ''
allow-update { key rfc2136key.skynet.ie.; };
dnssec-policy default;
inline-signing yes;
''
else "";
in {
"${domain}" = { "${domain}" = {
extraConfig = '' extraConfig = ''
${extraConfig} ${if_primary_and_owned}
// for bumping the config // for bumping the config
// ${current_date} // ${current_date}
''; '';
@ -218,69 +228,16 @@
}; };
}; };
text = {
owned = domain: get_config_file domain;
reverse = domain: get_config_file_rev domain;
old = domain: get_config_file_old_domains domain;
};
extraConfig = {
owned =
if cfg.server.primary
then ''
allow-update { key rfc2136key.skynet.ie.; };
dnssec-policy default;
inline-signing yes;
''
else "";
# no extra config for reverse
reverse = "";
old = "";
};
records = records =
config.skynet.records config.skynet.records
/*
Need to "manually" grab it from each server.
Nix is laxy evalusted so if it does not need to open a file it wont.
This is to iterate through each server (node) and evaluate the dns records for that server.
*/
++ builtins.concatLists ( ++ builtins.concatLists (
lib.attrsets.mapAttrsToList ( lib.attrsets.mapAttrsToList (
key: value: let key: value: value.config.services.skynet."${name}".records
details_server = value.config.services.skynet."${name}".server;
details_records = value.config.services.skynet."${name}".records;
in
if builtins.hasAttr "dns" value.config.services.skynet
then
(
# got to handle habing a dns record for the dns serves themselves.
if details_server.enable
then
(
if details_server.primary
then
details_records
++ [
{
record = "ns1";
r_type = "A";
value = details_server.ip;
server = false;
}
]
else
details_records
++ [
{
record = "ns2";
r_type = "A";
value = details_server.ip;
server = false;
}
]
)
else details_records
)
else []
) )
nodes nodes
); );
@ -291,8 +248,7 @@
else "ns2"; else "ns2";
in { in {
imports = [ imports = [
./firewall.nix ../../config/dns.nix
../config/dns.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {
@ -316,28 +272,11 @@ in {
}; };
}; };
# mirrorred in ../config/dns.nix
records = lib.mkOption { records = lib.mkOption {
description = "Records, sorted based on therir type"; description = "Records, sorted based on therir type";
type = with lib.types; type = lib.types.listOf (lib.types.submodule (import ./options-records.nix {
listOf (submodule { inherit lib;
options = { }));
record = lib.mkOption {
type = str;
};
r_type = lib.mkOption {
type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
};
value = lib.mkOption {
type = str;
};
server = lib.mkOption {
description = "Core record for a server";
type = bool;
default = false;
};
};
});
}; };
}; };
@ -356,25 +295,35 @@ in {
"ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept" "ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept"
]; ];
services.bind.zones = services.skynet.dns.records = [
(create_entry_zone "csn.ul.ie" extraConfig.owned) {
// (create_entry_zone "skynet.ie" extraConfig.owned) record = nameserver;
// (create_entry_zone "ulcompsoc.ie" extraConfig.owned) r_type = "A";
// (create_entry_zone "64-64.99.1.193.in-addr.arpa" extraConfig.reverse) value = config.services.skynet.host.ip;
// (create_entry_zone "conradcollins.net" extraConfig.old) }
// (create_entry_zone "edelharty.net" extraConfig.old); ];
environment.etc = services.bind.zones = lib.attrsets.mergeAttrsList (
(create_entry_etc "csn.ul.ie" "owned") # uses teh domains lsited in teh records
// (create_entry_etc "skynet.ie" "owned") (lib.lists.forEach domains (domain: (create_entry_zone domain)))
// (create_entry_etc "ulcompsoc.ie" "owned") # we have to do a reverse dns
// (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse") ++ [
// (create_entry_etc "conradcollins.net" "old") (create_entry_zone "64-64.99.1.193.in-addr.arpa")
// (create_entry_etc "edelharty.net" "old"); ]
);
environment.etc = lib.attrsets.mergeAttrsList (
# uses teh domains lsited in teh records
(lib.lists.forEach domains (domain: (create_entry_etc domain "owned")))
# we have to do a reverse dns
++ [
(create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse")
]
);
# secrets required # secrets required
age.secrets.dns_dnskeys = { age.secrets.dns_dnskeys = {
file = ../secrets/dns_dnskeys.conf.age; file = ../../secrets/dns_dnskeys.conf.age;
owner = "named"; owner = "named";
group = "named"; group = "named";
}; };

31
applications/dns/options-records.nix Normal file
View file

@ -0,0 +1,31 @@
/*
Define the options for dns records here.
They are imported into anything that needs to use them
*/
{lib, ...}:
with lib; {
options = {
domain = lib.mkOption {
description = "Domain this record is for";
type = lib.types.str;
default = "skynet.ie";
};
record = lib.mkOption {
description = "What you want to name the subdomain.";
type = lib.types.str;
};
r_type = lib.mkOption {
description = "Type of record that this is.";
type = lib.types.enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
};
value = lib.mkOption {
description = "What the record points to, normally ip or another record.";
type = lib.types.str;
};
server = lib.mkOption {
description = "Core record for a server";
type = lib.types.bool;
default = false;
};
};
}

187
applications/email.nix
View file

@ -120,9 +120,6 @@ with lib; let
''; '';
in { in {
imports = [ imports = [
./dns.nix
./acme.nix
./nginx.nix
inputs.simple-nixos-mailserver.nixosModule inputs.simple-nixos-mailserver.nixosModule
# for teh config # for teh config
@ -270,95 +267,109 @@ in {
}; };
# set up dns record for it # set up dns record for it
services.skynet.dns.records = [ services.skynet.dns.records =
# basic one [
{ # core record
record = "mail"; {
r_type = "A"; record = "@";
value = config.services.skynet.host.ip; r_type = "MX";
} # the number is the priority in teh case of multiple mailservers
#DNS config for K-9 Mail value = "10 mail.${cfg.domain}.";
{ }
record = "imap";
r_type = "CNAME";
value = "mail";
}
{
record = "pop3";
r_type = "CNAME";
value = "mail";
}
{
record = "smtp";
r_type = "CNAME";
value = "mail";
}
# TXT records, all tehse are inside escaped strings to allow using "" # basic one
{
record = "mail";
r_type = "A";
value = config.services.skynet.host.ip;
}
#DNS config for K-9 Mail
{
record = "imap";
r_type = "CNAME";
value = "mail";
}
{
record = "pop3";
r_type = "CNAME";
value = "mail";
}
{
record = "smtp";
r_type = "CNAME";
value = "mail";
}
# TXT records, all tehse are inside escaped strings to allow using ""
# reverse pointer
{
record = config.services.skynet.host.ip;
r_type = "PTR";
value = "${cfg.sub}.${cfg.domain}.";
}
# SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie
# https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406
# response should be:
# _imap._tcp SRV 0 1 143 imap.example.com.
{
record = "_imaps._tcp";
r_type = "SRV";
value = "0 1 993 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_imap._tcp";
r_type = "SRV";
value = "0 1 143 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_submissions._tcp";
r_type = "SRV";
value = "0 1 465 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_submission._tcp";
r_type = "SRV";
value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
}
]
# SPF record # SPF record
{ ++ [
record = "${cfg.domain}."; {
r_type = "TXT"; record = "${cfg.domain}.";
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"''; r_type = "TXT";
} value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"'';
}
]
# DKIM keys # DKIM keys
{ ++ [
record = "mail._domainkey.skynet.ie."; {
r_type = "TXT"; record = "mail._domainkey.skynet.ie.";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"''; r_type = "TXT";
} value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
{ }
record = "mail._domainkey.ulcompsoc.ie."; {
r_type = "TXT"; domain = "ulcompsoc.ie";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"''; record = "mail._domainkey.ulcompsoc.ie.";
} r_type = "TXT";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
}
]
# DMARC # DMARC
{ ++ [
record = "_dmarc.${cfg.domain}."; {
r_type = "TXT"; record = "_dmarc.${cfg.domain}.";
# p : quarantine => sends to spam, reject => never sent r_type = "TXT";
# rua : mail that receives reports about DMARC activity # p : quarantine => sends to spam, reject => never sent
# pct : percentage of unathenticated messages that DMARC stops # rua : mail that receives reports about DMARC activity
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed # pct : percentage of unathenticated messages that DMARC stops
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed # adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent # aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"''; # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
} value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"'';
}
# reverse pointer ];
{
record = config.services.skynet.host.ip;
r_type = "PTR";
value = "${cfg.sub}.${cfg.domain}.";
}
# SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie
# https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406
# response should be:
# _imap._tcp SRV 0 1 143 imap.example.com.
{
record = "_imaps._tcp";
r_type = "SRV";
value = "0 1 993 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_imap._tcp";
r_type = "SRV";
value = "0 1 143 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_submissions._tcp";
r_type = "SRV";
value = "0 1 465 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_submission._tcp";
r_type = "SRV";
value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
}
];
#https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html #https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html
users.groups.nginx = {}; users.groups.nginx = {};

4
applications/gitlab.nix
View file

@ -12,10 +12,6 @@ with lib; let
domain_full = "${cfg.domain.sub}.${domain_base}"; domain_full = "${cfg.domain.sub}.${domain_base}";
in { in {
imports = [ imports = [
./acme.nix
./dns.nix
./firewall.nix
./nginx.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

2
applications/grafana.nix
View file

@ -9,8 +9,6 @@ with lib; let
port = 4444; port = 4444;
in { in {
imports = [ imports = [
./acme.nix
./dns.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

3
applications/ldap/backend.nix
View file

@ -11,9 +11,6 @@ with lib; let
port_backend = "8087"; port_backend = "8087";
in { in {
imports = [ imports = [
../acme.nix
../dns.nix
../nginx.nix
inputs.skynet_ldap_backend.nixosModule."x86_64-linux" inputs.skynet_ldap_backend.nixosModule."x86_64-linux"
../../config/users.nix ../../config/users.nix
]; ];

3
applications/ldap/server.nix
View file

@ -15,9 +15,6 @@ with lib; let
in { in {
# these are needed for teh program in question # these are needed for teh program in question
imports = [ imports = [
../acme.nix
../dns.nix
../nginx.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

3
applications/nextcloud.nix
View file

@ -10,9 +10,6 @@ with lib; let
domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
in { in {
imports = [ imports = [
./acme.nix
./dns.nix
./nginx.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

2
applications/nix_cache/nix_cache.nix
View file

@ -24,8 +24,6 @@ with lib; let
in { in {
imports = [ imports = [
inputs.attic.nixosModules.atticd inputs.attic.nixosModules.atticd
../acme.nix
../dns.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

2
applications/open_governance/keyserver.nix
View file

@ -13,8 +13,6 @@ with lib; let
port = 11371; port = 11371;
in { in {
imports = [ imports = [
../acme.nix
../dns.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

2
applications/open_governance/open_governance.nix
View file

@ -15,8 +15,6 @@ with lib; let
folder = "/var/skynet/${name}"; folder = "/var/skynet/${name}";
in { in {
imports = [ imports = [
../acme.nix
../dns.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

3
applications/skynet_users.nix
View file

@ -11,9 +11,6 @@ with lib; let
php_pool = name; php_pool = name;
in { in {
imports = [ imports = [
./acme.nix
./dns.nix
./nginx.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

4
applications/ulfm.nix
View file

@ -9,10 +9,6 @@ with lib; let
cfg = config.services.skynet."${name}"; cfg = config.services.skynet."${name}";
in { in {
imports = [ imports = [
./acme.nix
./dns.nix
./firewall.nix
./nginx.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

186
config/dns.nix
View file

@ -1,102 +1,106 @@
{lib, ...}: { {lib, ...}: {
imports = [ imports = [
# Paths to other modules.
# Compose this module out of smaller ones.
]; ];
# this needs to mirror ../applications/dns.nix
options.skynet.records = lib.mkOption { options.skynet.records = lib.mkOption {
description = "Records, sorted based on therir type"; description = "Records, sorted based on therir type";
type = with lib.types; type = lib.types.listOf (lib.types.submodule (import ../applications/dns/options-records.nix {
listOf (submodule { inherit lib;
options = { }));
record = lib.mkOption {
type = str;
};
r_type = lib.mkOption {
type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
};
value = lib.mkOption {
type = str;
};
server = lib.mkOption {
description = "Core record for a server";
type = bool;
default = false;
};
};
});
}; };
config = { config = {
skynet.records = [ skynet.records =
{ [
record = "optimus"; {
r_type = "A"; record = "optimus";
value = "193.1.99.90"; r_type = "A";
server = true; value = "193.1.99.90";
} server = true;
{ }
record = "panel.games"; {
r_type = "CNAME"; record = "panel.games";
value = "optimus"; r_type = "CNAME";
} value = "optimus";
{ }
record = "bumblebee"; {
r_type = "A"; record = "bumblebee";
value = "193.1.99.91"; r_type = "A";
server = true; value = "193.1.99.91";
} server = true;
{ }
record = "minecraft.compsoc.games"; {
r_type = "CNAME"; record = "minecraft.compsoc.games";
value = "bumblebee"; r_type = "CNAME";
} value = "bumblebee";
{ }
record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie."; {
r_type = "SRV"; record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie.";
value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; r_type = "SRV";
} value = "0 10 25518 minecraft.compsoc.games.skynet.ie.";
{ }
record = "minecraft-classic.compsoc.games"; {
r_type = "CNAME"; record = "minecraft-classic.compsoc.games";
value = "bumblebee"; r_type = "CNAME";
} value = "bumblebee";
{ }
record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie."; {
r_type = "SRV"; record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie.";
value = "0 10 25518 minecraft-classic.compsoc.games.skynet.ie."; r_type = "SRV";
} value = "0 10 25518 minecraft-classic.compsoc.games.skynet.ie.";
{ }
record = "minecraft.gsoc.games"; {
r_type = "CNAME"; record = "minecraft.gsoc.games";
value = "bumblebee"; r_type = "CNAME";
} value = "bumblebee";
{ }
record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie."; {
r_type = "SRV"; record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie.";
value = "0 10 25521 minecraft.gsoc.games.skynet.ie."; r_type = "SRV";
} value = "0 10 25521 minecraft.gsoc.games.skynet.ie.";
{ }
record = "minecraft.phildeb.games"; {
r_type = "CNAME"; record = "minecraft.phildeb.games";
value = "bumblebee"; r_type = "CNAME";
} value = "bumblebee";
{ }
record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie."; {
r_type = "SRV"; record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie.";
value = "0 10 25522 minecraft.phildeb.games.skynet.ie."; r_type = "SRV";
} value = "0 10 25522 minecraft.phildeb.games.skynet.ie.";
{ }
record = "minecraft-aged.compsoc.games"; {
r_type = "CNAME"; record = "minecraft-aged.compsoc.games";
value = "bumblebee"; r_type = "CNAME";
} value = "bumblebee";
{ }
record = "_minecraft._tcp.minecraft-aged.compsoc.games.skynet.ie."; {
r_type = "SRV"; record = "_minecraft._tcp.minecraft-aged.compsoc.games.skynet.ie.";
value = "0 10 25519 minecraft.phildeb.games.skynet.ie."; r_type = "SRV";
} value = "0 10 25519 minecraft.phildeb.games.skynet.ie.";
]; }
]
# non skynet domains
++ [
{
domain = "conradcollins.net";
record = "www";
r_type = "CNAME";
value = "skynet.skynet.ie.";
}
{
domain = "edelharty.net";
record = "www";
r_type = "CNAME";
value = "skynet.skynet.ie.";
}
{
domain = "damienconroy.com";
record = "www";
r_type = "CNAME";
value = "skynet.skynet.ie.";
}
];
}; };
} }

17
machines/_base.nix
View file

@ -18,23 +18,8 @@ in {
# for the secrets # for the secrets
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
# base config for all servers # base application config for all servers
../applications/_base.nix ../applications/_base.nix
# every sever may need the firewall config stuff
../applications/firewall.nix
# every sever needs to have a dns record
../applications/dns.nix
# every server needs teh ldap client for admins
../applications/ldap/client.nix
# every server will need the config to backup to
../applications/restic.nix
# every server will be monitored for grafana
../applications/prometheus.nix
]; ];
options.skynet = { options.skynet = {

3
machines/retired/ash.nix
View file

@ -22,9 +22,6 @@ Notes: Thius vpn is for admin use only, to give access to all the servers via
hostname = ip_pub; hostname = ip_pub;
in { in {
imports = [ imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
]; ];
deployment = { deployment = {