feat: splitting up the user side of skynet and the main websites
This commit is contained in:
parent
6673ba28b1
commit
efe1fbd140
4 changed files with 72 additions and 60 deletions
|
@ -25,7 +25,6 @@
|
|||
# the root one is already covered by teh certificate
|
||||
"2016.skynet.ie"
|
||||
"discord.skynet.ie"
|
||||
"ext.skynet.ie"
|
||||
];
|
||||
|
||||
skynet_dns.records = [
|
||||
|
@ -48,15 +47,7 @@
|
|||
documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
|
||||
# only on skynet.ie
|
||||
# skynet.ie/~username
|
||||
enableUserDir = true;
|
||||
};
|
||||
"ext.skynet.ie" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "skynet";
|
||||
documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
|
||||
# only on skynet.ie
|
||||
# skynet.ie/~username
|
||||
enableUserDir = true;
|
||||
#enableUserDir = true;
|
||||
};
|
||||
|
||||
# archive of teh site as it was ~2012 to 2016
|
||||
|
|
|
@ -87,9 +87,12 @@
|
|||
# backup 1
|
||||
neuromancer = import ./machines/neuromancer.nix;
|
||||
|
||||
# Skynet
|
||||
# Skynet, user ssh access
|
||||
skynet = import ./machines/skynet.nix;
|
||||
|
||||
# Main skynet sites
|
||||
earth = import ./machines/earth.nix;
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
|
|
45
machines/earth.nix
Normal file
45
machines/earth.nix
Normal file
|
@ -0,0 +1,45 @@
|
|||
/*
|
||||
|
||||
Name: https://hitchhikers.fandom.com/wiki/Earth
|
||||
Why: Our home(page)
|
||||
Type: VM
|
||||
Hardware: -
|
||||
From: 2023
|
||||
Role: Webserver
|
||||
Notes:
|
||||
|
||||
*/
|
||||
|
||||
{ pkgs, lib, nodes, inputs, ... }:
|
||||
let
|
||||
name = "earth";
|
||||
ip_pub = "193.1.99.79";
|
||||
hostname = "${name}.skynet.ie";
|
||||
|
||||
in {
|
||||
imports = [
|
||||
|
||||
];
|
||||
|
||||
deployment = {
|
||||
targetHost = ip_pub;
|
||||
targetPort = 22;
|
||||
targetUser = "root";
|
||||
|
||||
tags = [ "active-core" ];
|
||||
};
|
||||
|
||||
# it has two network devices so two
|
||||
skynet_dns.records = [
|
||||
{record=name; r_type="A"; value=ip_pub; server=true;}
|
||||
{record=ip_pub; r_type="PTR"; value=hostname;}
|
||||
];
|
||||
|
||||
services.skynet_backup = {
|
||||
host = {
|
||||
ip = ip_pub;
|
||||
name = name;
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -6,27 +6,24 @@
|
|||
Hardware: -
|
||||
From: 2023
|
||||
Role: Webserver and member linux box
|
||||
Notes:
|
||||
Notes: Does not host offical sites
|
||||
|
||||
*/
|
||||
|
||||
{ pkgs, lib, nodes, inputs, ... }:
|
||||
let
|
||||
# name of the server, sets teh hostname and record for it
|
||||
name = "skynet";
|
||||
# DMZ that ITD provided
|
||||
ip_pub = "193.1.96.165";
|
||||
ip_priv = "193.1.99.79";
|
||||
hostname = "${name}.skynet.ie";
|
||||
hostname_int = "${name}.int.skynet.ie";
|
||||
|
||||
in {
|
||||
imports = [
|
||||
../applications/skynet.ie.nix
|
||||
#../applications/skynet.ie.nix
|
||||
];
|
||||
|
||||
deployment = {
|
||||
targetHost = ip_priv;
|
||||
targetHost = ip_pub;
|
||||
targetPort = 22;
|
||||
targetUser = "root";
|
||||
|
||||
|
@ -36,17 +33,13 @@ in {
|
|||
# it has two network devices so two
|
||||
skynet_dns.records = [
|
||||
{record=name; r_type="A"; value=ip_pub; server=true;}
|
||||
{record="${name}.int"; r_type="A"; value=ip_priv; server=true;}
|
||||
{record=ip_pub; r_type="PTR"; value=hostname;}
|
||||
{record=ip_priv; r_type="PTR"; value=hostname_int;}
|
||||
];
|
||||
|
||||
services.skynet_backup = {
|
||||
host = {
|
||||
ip = ip_priv;
|
||||
services.skynet_backup.host = {
|
||||
ip = ip_pub;
|
||||
name = name;
|
||||
};
|
||||
};
|
||||
|
||||
# allow more than admins access
|
||||
services.skynet_ldap_client = {
|
||||
|
@ -60,41 +53,21 @@ in {
|
|||
networking = {
|
||||
hostName = name;
|
||||
# needed to use the dmz first
|
||||
# defaultGateway = lib.mkForce "193.1.96.161";
|
||||
defaultGateway = lib.mkForce "193.1.96.161";
|
||||
|
||||
interfaces = {
|
||||
eth0.ipv4 = {
|
||||
addresses = [
|
||||
{
|
||||
address = ip_priv;
|
||||
prefixLength = 26;
|
||||
}
|
||||
];
|
||||
# routes = [
|
||||
# {
|
||||
# address = "193.1.99.64";
|
||||
# prefixLength = 26;
|
||||
# via = "193.1.99.65";
|
||||
# }
|
||||
# ];
|
||||
};
|
||||
|
||||
|
||||
# primary ip for logging in
|
||||
eth1.ipv4.addresses = [
|
||||
interfaces.eth1.ipv4.addresses = [
|
||||
{
|
||||
address = ip_pub;
|
||||
prefixLength = 28;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.skynet = {
|
||||
host = {
|
||||
# website is still hosted on the internal IP
|
||||
ip = ip_priv;
|
||||
name = name;
|
||||
};
|
||||
};
|
||||
# services.skynet = {
|
||||
# host = {
|
||||
# # website is still hosted on the internal IP
|
||||
# ip = ip_priv;
|
||||
# name = name;
|
||||
# };
|
||||
# };
|
||||
}
|
Loading…
Reference in a new issue