feat: skynet user stuff is now segregated to a server that is untrusted

2023-09-16 00:04:39 +01:00 · 2023-09-16 00:04:39 +01:00 · ef6096e6e0
commit ef6096e6e0
parent 7d7f402b6d
2 changed files with 79 additions and 19 deletions
--- a/machines/skynet.nix
+++ b/machines/skynet.nix
@ -20,7 +20,7 @@ let

 in {
  imports = [
-    #../applications/skynet.ie.nix
+    ../applications/skynet_users.nix
  ];

  deployment = {
@ -31,7 +31,6 @@ in {
    tags = [ "active-core" ];
  };

-  # it has two network devices so two
  skynet_dns.records = [
    {record=name;   r_type="A";   value=ip_pub;  server=true;}
    {record=ip_pub; r_type="PTR"; value=hostname;}
@ -42,21 +41,12 @@ in {
    name = name;
  };

-  # allow more than admins access
-  services.skynet_ldap_client = {
-    groups = [
-      "skynet-admins-linux"
-      "skynet-users-linux"
-    ];
-  };
-
  proxmoxLXC.manageNetwork = true;
  networking = {
    hostName = name;
    # needed to use the dmz first
    defaultGateway = lib.mkForce "193.1.96.161";

-
    interfaces = {
      # need it for dns validation for letsencrypt
      eth0.ipv4 = {
@ -75,7 +65,6 @@ in {
        ];
      };

-
      # primary ip for logging in
      eth1.ipv4.addresses = [
        {
@ -86,11 +75,10 @@ in {
    };
  };

-#  services.skynet = {
-#    host = {
-#      # website is still hosted on the internal IP
-#      ip = ip_priv;
-#      name = name;
-#    };
-#  };
+  services.skynet_users = {
+    host = {
+      ip = ip_pub;
+      name = name;
+    };
+  };
 }