feat: splitting up the user side of skynet and the main websites

This commit is contained in:
silver 2023-09-15 20:36:07 +01:00
parent 6673ba28b1
commit efe1fbd140
4 changed files with 72 additions and 60 deletions

View file

@ -25,7 +25,6 @@
# the root one is already covered by teh certificate # the root one is already covered by teh certificate
"2016.skynet.ie" "2016.skynet.ie"
"discord.skynet.ie" "discord.skynet.ie"
"ext.skynet.ie"
]; ];
skynet_dns.records = [ skynet_dns.records = [
@ -48,15 +47,7 @@
documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}"; documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
# only on skynet.ie # only on skynet.ie
# skynet.ie/~username # skynet.ie/~username
enableUserDir = true; #enableUserDir = true;
};
"ext.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
# only on skynet.ie
# skynet.ie/~username
enableUserDir = true;
}; };
# archive of teh site as it was ~2012 to 2016 # archive of teh site as it was ~2012 to 2016

View file

@ -87,9 +87,12 @@
# backup 1 # backup 1
neuromancer = import ./machines/neuromancer.nix; neuromancer = import ./machines/neuromancer.nix;
# Skynet # Skynet, user ssh access
skynet = import ./machines/skynet.nix; skynet = import ./machines/skynet.nix;
# Main skynet sites
earth = import ./machines/earth.nix;
}; };
}; };

45
machines/earth.nix Normal file
View file

@ -0,0 +1,45 @@
/*
Name: https://hitchhikers.fandom.com/wiki/Earth
Why: Our home(page)
Type: VM
Hardware: -
From: 2023
Role: Webserver
Notes:
*/
{ pkgs, lib, nodes, inputs, ... }:
let
name = "earth";
ip_pub = "193.1.99.79";
hostname = "${name}.skynet.ie";
in {
imports = [
];
deployment = {
targetHost = ip_pub;
targetPort = 22;
targetUser = "root";
tags = [ "active-core" ];
};
# it has two network devices so two
skynet_dns.records = [
{record=name; r_type="A"; value=ip_pub; server=true;}
{record=ip_pub; r_type="PTR"; value=hostname;}
];
services.skynet_backup = {
host = {
ip = ip_pub;
name = name;
};
};
}

View file

@ -6,27 +6,24 @@
Hardware: - Hardware: -
From: 2023 From: 2023
Role: Webserver and member linux box Role: Webserver and member linux box
Notes: Notes: Does not host offical sites
*/ */
{ pkgs, lib, nodes, inputs, ... }: { pkgs, lib, nodes, inputs, ... }:
let let
# name of the server, sets teh hostname and record for it
name = "skynet"; name = "skynet";
# DMZ that ITD provided # DMZ that ITD provided
ip_pub = "193.1.96.165"; ip_pub = "193.1.96.165";
ip_priv = "193.1.99.79";
hostname = "${name}.skynet.ie"; hostname = "${name}.skynet.ie";
hostname_int = "${name}.int.skynet.ie";
in { in {
imports = [ imports = [
../applications/skynet.ie.nix #../applications/skynet.ie.nix
]; ];
deployment = { deployment = {
targetHost = ip_priv; targetHost = ip_pub;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = "root";
@ -35,17 +32,13 @@ in {
# it has two network devices so two # it has two network devices so two
skynet_dns.records = [ skynet_dns.records = [
{record=name; r_type="A"; value=ip_pub; server=true;} {record=name; r_type="A"; value=ip_pub; server=true;}
{record="${name}.int"; r_type="A"; value=ip_priv; server=true;} {record=ip_pub; r_type="PTR"; value=hostname;}
{record=ip_pub; r_type="PTR"; value=hostname;}
{record=ip_priv; r_type="PTR"; value=hostname_int;}
]; ];
services.skynet_backup = { services.skynet_backup.host = {
host = { ip = ip_pub;
ip = ip_priv; name = name;
name = name;
};
}; };
# allow more than admins access # allow more than admins access
@ -60,41 +53,21 @@ in {
networking = { networking = {
hostName = name; hostName = name;
# needed to use the dmz first # needed to use the dmz first
# defaultGateway = lib.mkForce "193.1.96.161"; defaultGateway = lib.mkForce "193.1.96.161";
interfaces = { interfaces.eth1.ipv4.addresses = [
eth0.ipv4 = { {
addresses = [ address = ip_pub;
{ prefixLength = 28;
address = ip_priv; }
prefixLength = 26; ];
}
];
# routes = [
# {
# address = "193.1.99.64";
# prefixLength = 26;
# via = "193.1.99.65";
# }
# ];
};
# primary ip for logging in
eth1.ipv4.addresses = [
{
address = ip_pub;
prefixLength = 28;
}
];
};
}; };
services.skynet = { # services.skynet = {
host = { # host = {
# website is still hosted on the internal IP # # website is still hosted on the internal IP
ip = ip_priv; # ip = ip_priv;
name = name; # name = name;
}; # };
}; # };
} }