feat: splitting up the user side of skynet and the main websites

This commit is contained in:
silver 2023-09-15 20:36:07 +01:00
parent 6673ba28b1
commit efe1fbd140
4 changed files with 72 additions and 60 deletions

View file

@ -25,7 +25,6 @@
# the root one is already covered by teh certificate
"2016.skynet.ie"
"discord.skynet.ie"
"ext.skynet.ie"
];
skynet_dns.records = [
@ -48,15 +47,7 @@
documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
# only on skynet.ie
# skynet.ie/~username
enableUserDir = true;
};
"ext.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
# only on skynet.ie
# skynet.ie/~username
enableUserDir = true;
#enableUserDir = true;
};
# archive of teh site as it was ~2012 to 2016

View file

@ -87,9 +87,12 @@
# backup 1
neuromancer = import ./machines/neuromancer.nix;
# Skynet
# Skynet, user ssh access
skynet = import ./machines/skynet.nix;
# Main skynet sites
earth = import ./machines/earth.nix;
};
};

45
machines/earth.nix Normal file
View file

@ -0,0 +1,45 @@
/*
Name: https://hitchhikers.fandom.com/wiki/Earth
Why: Our home(page)
Type: VM
Hardware: -
From: 2023
Role: Webserver
Notes:
*/
{ pkgs, lib, nodes, inputs, ... }:
let
name = "earth";
ip_pub = "193.1.99.79";
hostname = "${name}.skynet.ie";
in {
imports = [
];
deployment = {
targetHost = ip_pub;
targetPort = 22;
targetUser = "root";
tags = [ "active-core" ];
};
# it has two network devices so two
skynet_dns.records = [
{record=name; r_type="A"; value=ip_pub; server=true;}
{record=ip_pub; r_type="PTR"; value=hostname;}
];
services.skynet_backup = {
host = {
ip = ip_pub;
name = name;
};
};
}

View file

@ -6,27 +6,24 @@
Hardware: -
From: 2023
Role: Webserver and member linux box
Notes:
Notes: Does not host offical sites
*/
{ pkgs, lib, nodes, inputs, ... }:
let
# name of the server, sets teh hostname and record for it
name = "skynet";
# DMZ that ITD provided
ip_pub = "193.1.96.165";
ip_priv = "193.1.99.79";
hostname = "${name}.skynet.ie";
hostname_int = "${name}.int.skynet.ie";
in {
imports = [
../applications/skynet.ie.nix
#../applications/skynet.ie.nix
];
deployment = {
targetHost = ip_priv;
targetHost = ip_pub;
targetPort = 22;
targetUser = "root";
@ -36,17 +33,13 @@ in {
# it has two network devices so two
skynet_dns.records = [
{record=name; r_type="A"; value=ip_pub; server=true;}
{record="${name}.int"; r_type="A"; value=ip_priv; server=true;}
{record=ip_pub; r_type="PTR"; value=hostname;}
{record=ip_priv; r_type="PTR"; value=hostname_int;}
];
services.skynet_backup = {
host = {
ip = ip_priv;
services.skynet_backup.host = {
ip = ip_pub;
name = name;
};
};
# allow more than admins access
services.skynet_ldap_client = {
@ -60,41 +53,21 @@ in {
networking = {
hostName = name;
# needed to use the dmz first
# defaultGateway = lib.mkForce "193.1.96.161";
defaultGateway = lib.mkForce "193.1.96.161";
interfaces = {
eth0.ipv4 = {
addresses = [
{
address = ip_priv;
prefixLength = 26;
}
];
# routes = [
# {
# address = "193.1.99.64";
# prefixLength = 26;
# via = "193.1.99.65";
# }
# ];
};
# primary ip for logging in
eth1.ipv4.addresses = [
interfaces.eth1.ipv4.addresses = [
{
address = ip_pub;
prefixLength = 28;
}
];
};
};
services.skynet = {
host = {
# website is still hosted on the internal IP
ip = ip_priv;
name = name;
};
};
# services.skynet = {
# host = {
# # website is still hosted on the internal IP
# ip = ip_priv;
# name = name;
# };
# };
}