be4ab47ad8
feat: added discord bot
2023-08-28 18:01:34 +01:00
bd35b240be
fmt: moving all ldap files into their folder.
2023-08-27 22:47:36 +01:00
bfc0d81cf1
feat: ldap backend updated to accomodate multiple env files
2023-08-27 22:31:08 +01:00
7cfd4e22f5
gitlab: seems the user here is also the ssh user
2023-08-11 07:58:19 +01:00
a395f94aa3
feat: added in a vanity discord link
2023-08-11 01:44:04 +01:00
b7e8718f70
fix: go back to using default user
2023-08-11 00:47:13 +01:00
12e25162ee
ci: switch over to unstable
2023-08-09 21:12:08 +01:00
b0d7c51736
gitlab: updated teh runners to have a token each as they should
2023-08-09 20:20:07 +01:00
834ec7cf94
dns: set teh right paths for the rDNS
...
Closes #9
Related to 646a21f0
2023-08-09 18:34:24 +01:00
Brendan Golden
53abdb700b
Committee: added mroe committee members
2023-08-07 15:54:41 +00:00
d4ce54e1eb
nixos: updated the gitlab runner to fix an issue it had with docker
2023-08-07 02:07:35 +01:00
3239516270
fix: gitlab domain cert
2023-08-06 21:08:50 +01:00
4251032e03
fix: use a wildcard for the minecraft servers
2023-08-06 20:53:04 +01:00
89dcf295b3
fix: hopefully this works for acme
2023-08-06 20:50:01 +01:00
62689132d3
fix: wasnt compiling
2023-08-06 20:29:24 +01:00
ea81827375
fix: formatting
2023-08-06 20:16:09 +01:00
2ae70acf56
acme: each server is now responsible for the certs tehy request
...
Closes #4
2023-08-06 20:09:15 +01:00
abc355d1b6
acme: going to be a tad mroe selective
2023-08-06 19:56:22 +01:00
acb49a2eb1
account: update the address used for authentication
2023-08-06 19:00:02 +01:00
646a21f098
dns: disable rdns
2023-08-06 02:48:15 +01:00
37f1f8c5d7
dns: narrow the range
2023-08-06 02:38:10 +01:00
2ccadb9ae3
Revert "dns: test rdns 2"
...
This reverts commit d4e8f11cf9
.
2023-08-06 02:26:36 +01:00
d4e8f11cf9
dns: test rdns 2
2023-08-06 02:21:49 +01:00
9cb9d242ed
dns: test reverse dns
2023-08-06 02:08:35 +01:00
599f403149
Merge branch 'main' of https://gitlab.skynet.ie/compsoc1/skynet/nixos
2023-08-02 16:44:15 +01:00
396a5e914b
ldap: updated account used for teh api
2023-07-30 23:08:11 +01:00
90deec3940
[ldap] Add ldap_api access to manage ldap
2023-07-30 20:19:38 +00:00
759643b8db
ldap: strip the html from the links
2023-07-30 06:34:55 +01:00
dd4d8e3b00
ci: testing a second runner for general use
2023-07-30 04:57:06 +01:00
Brendan Golden
f2d648a2d4
org: added Eve to teh committee
2023-07-30 02:13:49 +00:00
2ebbb2b649
cors: add in header for cors
2023-07-28 00:05:11 +01:00
206f59d0fd
ldap: add the api address to the cert generator
2023-07-27 22:20:53 +01:00
3f2cbee15a
ldap: actually serve the site
2023-07-27 19:33:28 +01:00
808fc9a2d9
fix: "load bearing `)
`"
2023-07-26 23:21:08 +01:00
a45759a086
dns: fix autoconfig for email
2023-07-25 23:26:44 +01:00
9dfb22092e
dns: fix skynet past domains to skynet server.
2023-07-25 23:24:05 +01:00
cd5161645c
[fmt] webmail
2023-07-25 18:29:51 +00:00
6ab06dd36a
[email] add working webmail config
2023-07-25 08:53:01 +00:00
0a1508007a
Revert "fix: remove roundcube config"
...
Added some extra tidying up
This reverts commit e01c469319
.
2023-07-25 09:06:48 +01:00
9fc349abc2
ci: one commit for all last nights changes
2023-07-25 08:30:35 +01:00
a06d27208f
fix: incorrect width
2023-07-24 21:15:54 +01:00
e01c469319
fix: remove roundcube config
2023-07-24 21:11:09 +01:00
9ad8c96558
might fix things
...
fixed up a few issues
2023-07-24 21:07:07 +01:00
Brendan Golden
dbbbd7a882
Merge branch 'main-patch-b4a2' into 'main'
...
SRV record for email
See merge request compsoc/skynet/nixos!2
2023-07-24 18:31:26 +00:00
8159883f83
[fmt]
2023-07-24 17:49:43 +00:00
b893b62b0a
[fmt] email
2023-07-24 16:07:33 +00:00
177bd78184
[fmt] dns
2023-07-24 16:06:42 +00:00
e9581aad39
weight doesn't seem to matter
2023-07-24 15:41:11 +00:00
5f4444927b
nvm
2023-07-24 15:37:14 +00:00
8a5ebf6d37
[email][fmt] added dot to the end of record to make it correct
2023-07-24 15:28:19 +00:00
e6380cf034
[dns] added new sort for SRV
2023-07-24 15:27:05 +00:00
905dd7264e
[fmt] spacing
2023-07-24 15:25:18 +00:00
7912b4a8cf
[fmt]
2023-07-24 15:17:41 +00:00
b5d7fd292d
remove pop3
2023-07-24 15:15:21 +00:00
206aa2d42f
had two imaps rather than 1 imaps and 1 imap
2023-07-24 15:13:01 +00:00
39ed923a4e
added both just in case
2023-07-24 15:09:30 +00:00
584eb8eb53
Update file dns.nix
2023-07-24 15:08:09 +00:00
b60b85ddd0
added correct length for format record
2023-07-24 15:01:05 +00:00
4217361e01
added SRV to enum and part at the top, not sure about number at the end of the format_records
2023-07-24 14:52:05 +00:00
c5c967db43
accidentally removed a line
2023-07-24 14:45:38 +00:00
26bd8d83cc
[email] added remaining records
2023-07-24 14:23:46 +00:00
d3e7e2697f
[email][dns] srv record for email
2023-07-24 14:19:00 +00:00
2e3fedc93e
[fmt] add source
2023-07-24 13:51:37 +00:00
26746f212e
[webmail] typo
2023-07-24 13:50:33 +00:00
b1ca6e1914
[webmail] add webmail config
2023-07-24 13:49:27 +00:00
1c33c78c50
feat: skynet 2016 is live!
2023-07-23 03:08:56 +01:00
cfddc32424
fmt: directly access the inputs inside each machine.
...
This allows us to move the inputs to teh individual applications, making them more server agnostic.
2023-07-21 21:56:19 +01:00
83e46a95fe
ldap: optional field to mark it as secure
2023-07-20 21:22:53 +01:00
b918c04f13
email: may not have to restart daily now that permissions are fixed
2023-07-16 21:30:54 +01:00
6bf5088bb5
ldap: raise response limit
2023-07-16 21:28:03 +01:00
3e8037153f
email: quota buffer
2023-07-16 15:18:23 +01:00
bdf6c699e0
email: quota setup
2023-07-16 15:06:06 +01:00
0c26f37507
email: properly set teh DKIM keys
2023-07-16 12:32:18 +01:00
dbc7aa8690
email: restart daily, shhould minimise permission issues
2023-07-16 03:23:47 +01:00
ad6280189b
email: use the nginx generated certs.
2023-07-16 02:44:22 +01:00
bc2e781586
dns: cleaned up teh implmentation of the dns, partly to make it easier toa dd records and partly to make it really neat config files.
2023-07-16 01:53:21 +01:00
d683598060
dns: abstracted away much of the dns logic into teh dns config file
2023-07-15 15:54:42 +01:00
6412a53070
fmt: a bit of a cleanup
2023-07-15 15:05:57 +01:00
3a28291933
backup: got it working for email + some improvements
2023-07-15 14:51:11 +01:00
6cb3fcf409
dns: remove leading spaces
2023-07-08 10:27:30 +01:00
0d13f47f80
Merge branch 'main' of gitlab.com:c2842/computer_society/nixos
2023-07-05 18:32:09 +01:00
66b59d42a9
email: thunderbird, users can jsut accept defaults
2023-07-04 23:14:58 +01:00
0e9a44f67c
backups: got the backup configed, but fecked up the networking
2023-07-04 22:26:47 +01:00
ccf78c06a4
email: updated email config
2023-07-04 21:53:24 +01:00
ad1f5a8678
games: added second gsoc server
2023-06-25 21:29:27 +01:00
c756a1d03e
fix: got jones back working again
2023-06-24 15:41:31 +01:00
7dcda8021c
backup: more robust handling of credentials
2023-06-24 01:34:45 +01:00
88353f3727
feat: added backup config
...
(currently temp server, will be using hardware soon)
2023-06-23 23:52:31 +01:00
eb173944dc
feat: new ldap backend api is up and running, with ci as well
2023-06-18 22:49:31 +01:00
bb505ce3c7
fix: Got the mailserver "working"
...
Used https://gitlab.com/-/snippets/2481362
Need to get port 25 opened though
2023-06-18 12:50:23 +01:00
46742c1a2a
fix: no custom domains for pages :(
2023-06-18 01:14:10 +01:00
33ebd7150f
feat: enable custom domains for pages
2023-06-17 23:36:01 +01:00
67661e3431
feat: added gitlab pages
2023-06-17 22:51:13 +01:00
e990626c7a
feat: updated to nginx 23.05
2023-06-17 22:08:31 +01:00
704222fcb9
gitlab: runner up and running
...
heh
2023-06-17 19:37:06 +01:00
f24b450b36
dns: fixed some records related to email
2023-06-17 01:28:55 +01:00
9b1a936f03
dns: got reverse dns working
2023-06-17 00:59:22 +01:00
6585a3c88a
email: email is semi functional, can send but it doesnot save to sent items
...
Unsure about recieve
2023-06-16 23:18:53 +01:00
524d014cb1
fix: just use a groupOfNames
2023-06-16 18:51:24 +01:00
1939f4648f
dns: now using the server for our other domain
2023-06-15 22:50:29 +01:00
6e25003b5c
fmt: removed some duplicates
2023-06-15 22:02:30 +01:00
775d6412af
fix: formatting and tidying up
2023-06-15 21:38:42 +01:00
144b572b1b
fix: set the alternatate port used for the ssh
2023-06-15 21:36:10 +01:00
1c03644912
fix: no need to have the enabled tag now that it is definitely going to be groups
2023-06-15 14:32:35 +01:00
61bd023737
fix: now using two sets of ldap groups, one for linux, one for everything else
2023-06-15 14:29:06 +01:00
564fe272b1
fix: gonna need an extra field that is stable
2023-06-15 02:45:13 +01:00
f5b1cb33ef
feat: add the ldap client to all servers
2023-06-14 21:04:29 +01:00
883a6b239c
feat: setup minecraft for both us and gsoc
2023-06-11 22:11:57 +01:00
378b4d0b8f
ldap: dir to back up
2023-05-27 00:30:39 +01:00
60d3025d88
gitlab: added useful commands
2023-05-26 22:21:47 +01:00
894837494c
ldap: set password hash back to SSH512
2023-05-26 10:21:14 +01:00
eb34303c7b
ldap: set fields the user can change on their own
2023-05-25 22:23:25 +01:00
d1b79da77c
ldap: only allow ssh key login on linux servers
2023-05-25 16:53:59 +01:00
e748eb306a
ldap: add an attribute for the created date
2023-05-25 12:12:30 +01:00
1cbe71db12
gitlab: limit to only active members
2023-05-24 22:01:01 +01:00
d1cf49bb83
gitlab: would like to use ee, but sadly too expensive
2023-05-24 21:37:16 +01:00
3dc27bcf77
gitlab: properly use the username
2023-05-24 21:08:42 +01:00
59f4057698
gitlab: basic setup
2023-05-24 20:57:49 +01:00
e0e1b83e12
gitlab: I think this is the right config
2023-05-24 16:56:59 +01:00
02fb3e28cd
fix: needed the right imports
2023-05-24 16:52:18 +01:00
3df29a42d4
fix: need the dns imported
2023-05-24 16:51:15 +01:00
95cdbf2b4e
feat: properly modularised games
2023-05-24 16:39:02 +01:00
920f6ab86e
feat: dns fully modularised now
2023-05-24 16:12:48 +01:00
34de735720
feat: turned ulfm into a proper module
2023-05-24 15:59:22 +01:00
91a3eb6a1a
ldap: use the home given in the ldap, will allow for custom homes
2023-05-24 15:54:00 +01:00
d63ebabc85
ldap: able to deal with up to ssha512 passwords
2023-05-24 15:31:58 +01:00
d056929a18
ldap: extended class
2023-05-24 00:35:17 +01:00
934b1ff1c4
ldap: using ladps seems to work
2023-05-23 23:47:57 +01:00
41449dd28c
ldap: fixced the encryption key required
2023-05-23 23:30:27 +01:00
44921afecd
acme: may as well be patient
2023-05-21 22:45:40 +01:00
de76e8eee6
ldap: now got secure mode
2023-05-21 22:45:20 +01:00
a660a60346
fix: group should be able to write to it as well
2023-05-21 21:51:17 +01:00
693043b081
dns: new functions work well
...
Will try to figure out if the two functions can be merged so its a single function called
2023-05-21 21:48:30 +01:00
f8f2f6fa15
dns: better function for the etc files (basically using a nice wrapper)
2023-05-21 21:30:14 +01:00
c6b766bd65
dns: function to handle opn domains
2023-05-21 21:25:21 +01:00
e47f2c85f2
dns: a function to give thw whitelist for the cache networks
2023-05-21 20:22:54 +01:00
126db6e3cb
dns: now have a proper primary and secondary
2023-05-21 19:38:13 +01:00
1e9b63e13d
dns: added more otehr domains, will tidy up config better later
2023-05-21 19:06:30 +01:00
d3e1e3e67f
dns: added csn.ul.ie
2023-05-21 16:18:53 +01:00
9618d87c67
dns: parametrised the config
2023-05-21 16:18:39 +01:00
c42b13b990
fix: ports are numbers not strings
2023-05-21 12:23:57 +01:00
81b41087fe
feat: added ldaps
2023-05-21 12:17:06 +01:00
ad2c9dad6b
fix: better handling of domain
2023-05-21 12:08:26 +01:00
6e58eac8c1
fix: properly use the port
2023-05-21 12:05:19 +01:00
b15b07ae36
fix: move base into teh config
2023-05-21 12:02:52 +01:00
48a23519e9
fix: got permissions "working" for teh password reset, not ideal though
2023-05-21 03:09:24 +01:00
60e33e2abb
ldap: give users a home dir
2023-05-21 01:39:01 +01:00
e73e15f524
ldap: client is properly working now
2023-05-21 01:38:19 +01:00
67a0d1b8bf
fix: had to give the file the right permissions
...
Also need to restart openlpad.service on password change
2023-05-21 00:19:20 +01:00
32577ecebc
fix: typo in name
2023-05-20 22:20:06 +01:00
4e664ce1bc
feat: ldap now has secrets properly stored
2023-05-20 21:33:04 +01:00
144f3bce54
ldap: got a tool to manage the password resets and ssh key
2023-05-20 19:33:08 +01:00
c17a28d7a9
ldap: now got skMemberOf to replace memberof (memberof does not work on unixgroups)
2023-05-20 15:26:03 +01:00
0c57b35778
ldap: is working as intended, working on scripting to add and manage users
2023-05-20 03:08:30 +01:00
f6183c1b10
podman: was working, now it isnt AGHHHHHHHHH
2023-05-19 19:15:22 +01:00
614d905dfd
docker: now using podman
...
had to reboot to make ti come into effect
2023-05-19 18:18:41 +01:00
7e380d6932
ldap: a mostly working ldaish setup
2023-05-18 21:59:23 +01:00
baa226cacf
ldap: cant have uppercase letters in username
2023-05-16 23:58:34 +01:00
53696c927e
ldap: first attempt at ldap
2023-05-16 22:23:04 +01:00
4ef6c14a32
feat: basic gitlab setup
2023-05-16 16:40:49 +01:00
5579de7e7c
dns: fixed issue that could cause a DOS attach (via DNS amplification)
...
ITD's router was setting teh IP of all external traffic as 193.1.99.65, which was part of the 193.1.99.64/26 subnet.
The fix is to explisitly list all our IP's
2023-05-05 14:40:27 +01:00
d750b046d1
dns: go back to basically an earlier config
2023-04-29 02:35:58 +01:00
ec8b458d75
dns: use a hash to make a unique config file
2023-04-29 01:54:17 +01:00
e8254a0d65
minecraft: got the classic server and maps up and running
2023-04-27 01:47:17 +01:00
81afc614a3
minecraft: fix up the paths
2023-04-27 00:49:55 +01:00
b85410e895
minecraft: use a better proxy
2023-04-26 02:18:21 +01:00
de87d97fbc
fmt: reduced nesting to make it easier to read/understand
2023-04-26 02:01:29 +01:00
3eac87bbd8
games: split it up into 3 different services for easier management
2023-04-26 01:52:47 +01:00
733b867f47
games: split minecraft out into its own folder for manageability
2023-04-26 00:24:54 +01:00
2603cf9584
games: turns out I wasnt treating it properly like a docker-compose file
2023-04-26 00:09:31 +01:00
4052aeac6b
dns: setup dnssec (need to backup the required folders later)
...
Also it cleared out the spam of errors
2023-04-25 15:11:02 +01:00
c0f160faa3
dns: use epoch for the serial instead of YYYYMMDDSS.
...
Lacking hours/min could mean that the YYYYMMDD could remain the same but the SS would decrece, which is not what we want
2023-04-25 14:31:19 +01:00
612ba70bbf
games: it is possible to have multiple minecraft servers running
2023-04-25 00:44:17 +01:00
d762001cb6
dns: some light reorganisation for clarity
2023-04-24 20:40:48 +01:00
695f9a5763
dns: no mailserver yet
2023-04-24 20:38:36 +01:00
e5e5350b90
dns: added a comment on teh indentation
2023-04-24 20:24:17 +01:00
78fcafc566
ssl: got the ssl certs riunning and live
2023-04-24 20:21:36 +01:00
8de2b27099
dns: reduce te time that the record is alive for
2023-04-24 20:19:16 +01:00
94784ee6d2
dns: this is supposted to cut down spam logs but it dosent
2023-04-24 20:17:24 +01:00
70f3e03b74
dns: turns out this spacing is really really important
2023-04-24 20:14:24 +01:00
3d15446d63
dns: serial of therecord is now updated dynamically
2023-04-23 13:37:42 +01:00
6119c9a88a
dns: got a working letsencrypt setup
2023-04-23 04:22:01 +01:00
ef37392f07
ulfm: initial test run
2023-04-21 01:44:11 +01:00
c2842fb766
acme: temp disable this for a bit
2023-04-21 01:20:23 +01:00
c38a2cfd7a
nginx: basic setup complete (copied from my own stuff)
2023-04-21 01:10:30 +01:00
fe93f796a6
fix: centralise the ports
2023-04-21 00:53:25 +01:00
f63aa7f245
dns: still some kinks with the dns but its easing out
2023-04-20 23:46:43 +01:00
8e3b4d0243
dns: set upstream dns resolvers
2023-04-20 23:15:08 +01:00
74c00e743c
fix: set teh user for the unlocked file
2023-04-20 23:10:47 +01:00
dae38b854b
fix: had the secret declation in teh wrong location
2023-04-20 19:22:17 +01:00
e01b0eddb6
acme: frontend with acme itself
2023-04-20 19:03:11 +01:00
e5040278ba
acme: config required for the dns side of things
2023-04-20 18:50:00 +01:00
bd9af1b0ee
fix: disable this option
2023-04-20 09:34:06 +01:00
bb0fd16903
fix: only serving ipv4 at the current time
2023-04-20 08:56:52 +01:00
b29daa0ea1
feat: I think this is a better firewall setup, still need to properly test it
2023-01-28 15:31:46 +00:00
3d7f99946a
fix: eol conversion round 2
2023-01-25 11:48:44 +00:00
180feb17ec
fix: eol conversion
2023-01-25 11:37:49 +00:00
75a63212b1
feat: games host configured
2023-01-18 20:41:10 +00:00
654d45a842
feat: can now handle two (or more) nameservers
2023-01-18 02:32:01 +00:00
8db9529449
feat: first nameserver set up
2023-01-18 02:06:08 +00:00
f3a3768f92
fix: small vanity thing to get teh records in a line
2023-01-18 00:20:18 +00:00
ea493b434b
fix: had to be in bind.zones
2023-01-17 23:37:07 +00:00
15c5005b37
feat: dns should work well with this
2023-01-17 23:21:35 +00:00
696e8a404f
fix: gonna use this as an example file
2023-01-17 23:15:36 +00:00
4177b63c4f
doc: a little bit of documentation
2023-01-17 23:02:12 +00:00
2b497b497c
feat: setting it up better
2023-01-17 22:56:05 +00:00
2d0079daa4
feat: base setup for dns
2023-01-17 22:40:04 +00:00
c2e4fde98d
feat: added better options to teh firewall
2023-01-17 15:46:07 +00:00
6ef12f03de
feat: improved config a tad
2023-01-15 19:18:24 +00:00
8f373ada01
feat: no more recusion, simplified the function
2023-01-15 18:42:01 +00:00
badcfe1ada
feat: generating firewall forwarding rules from individual machiene configs complete
2023-01-15 18:27:21 +00:00
53aff5987f
tmnp: save current state
2023-01-15 15:10:40 +00:00
c819214902
feat: can let each machiene add teh forwards it needs
2023-01-15 13:32:18 +00:00
f1a484eaff
feat: basic firewall using the previous
2023-01-13 18:34:19 +00:00
94676e929e
feat: basic firewall config to test it out
2023-01-13 17:22:29 +00:00