Compare commits

..

241 commits

Author SHA1 Message Date
sysadm
b1dc47c5cb Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 54s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m30s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-11-25 18:19:35 +00:00
sysadm
3c5a3dc84a Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 10s
Build_Deploy / build (push) Successful in 24s
Build_Deploy / deploy_dns (push) Successful in 1m13s
Build_Deploy / deploy_active (active) (push) Successful in 54s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m43s
Build_Deploy / deploy_active (active-ext) (push) Successful in 35s
2024-11-25 17:57:38 +00:00
sysadm
f34d3c10cb Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 16s
Build_Deploy / deploy_dns (push) Successful in 55s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m29s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-11-24 00:26:50 +00:00
sysadm
8b86b74dc6 Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 1m2s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 3m22s
Build_Deploy / deploy_active (active-ext) (push) Successful in 31s
2024-11-24 00:02:36 +00:00
sysadm
cd346bb6be Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 15s
Build_Deploy / deploy_dns (push) Successful in 55s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m23s
Build_Deploy / deploy_active (active-ext) (push) Successful in 31s
2024-11-23 22:39:40 +00:00
sysadm
32ed44a559 Updated flake for skynet_website_2009
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 53s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m21s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-11-23 15:22:04 +00:00
sysadm
872ccfe62d Updated flake for skynet_website
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 56s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m22s
Build_Deploy / deploy_active (active-ext) (push) Successful in 40s
2024-11-23 15:17:26 +00:00
249addc5be
fix: seems we really have to use this format for lfs enabled repos
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 15s
Build_Deploy / deploy_dns (push) Successful in 55s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Failing after 26s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-11-23 15:10:45 +00:00
sysadm
111c77aa61 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 11s
Build_Deploy / build (push) Successful in 23s
Build_Deploy / deploy_dns (push) Successful in 58s
Build_Deploy / deploy_active (active) (push) Successful in 54s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m36s
Build_Deploy / deploy_active (active-ext) (push) Successful in 35s
2024-11-23 14:49:58 +00:00
sysadm
f92fea1224 Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 16s
Build_Deploy / deploy_dns (push) Successful in 54s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 2m47s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-11-18 16:26:58 +00:00
sysadm
2d9a3cbd11 Updated flake for skynet_ldap_backend
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 51s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-11-18 14:40:07 +00:00
70a83bd97b
fix: ldap has no need for discord stuff
All checks were successful
Build_Deploy / linter (push) Successful in 10s
Build_Deploy / build (push) Successful in 19s
Build_Deploy / deploy_dns (push) Successful in 1m13s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m43s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-11-18 12:20:02 +00:00
e012fdf3a7
fix: ensure ldap can access values 2024-11-18 12:20:02 +00:00
sysadm
e478af71a1 Updated flake for skynet_ldap_backend
Some checks failed
Build_Deploy / linter (push) Successful in 10s
Build_Deploy / build (push) Successful in 24s
Build_Deploy / deploy_dns (push) Failing after 11s
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-11-18 12:16:31 +00:00
a1c9125397
feat: pre-added more stuff for the new bot
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 17s
Build_Deploy / deploy_dns (push) Successful in 49s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-11-09 16:53:54 +00:00
67c3787d2e
feat: pre-added the api key needed to access more resources
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 17s
Build_Deploy / deploy_dns (push) Successful in 53s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m12s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-11-09 01:22:41 +00:00
7799bda982
feat: added Shay
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 53s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m26s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-11-08 18:24:13 +00:00
af1535b7dc
fix: backup of all teh email dirs was causing conjection issues 2024-11-08 18:23:16 +00:00
19a0b8044f
fix: force ssl
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 16s
Build_Deploy / deploy_dns (push) Successful in 52s
Build_Deploy / deploy_active (active) (push) Successful in 43s
Build_Deploy / deploy_active (active-ext) (push) Successful in 32s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m13s
2024-11-06 01:35:23 +00:00
2728487448
fix: this should get some items built and deployed
Some checks failed
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 13s
Build_Deploy / deploy_dns (push) Successful in 55s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
2024-11-06 01:25:57 +00:00
13eba34a56
feat: outinul.ie now has ssl
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 54s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Failing after 40s
Build_Deploy / deploy_active (active-ext) (push) Successful in 42s
2024-11-05 17:39:56 +00:00
1baeb24761
fix: errors in the secrets so just rekeyed
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 16s
Build_Deploy / deploy_dns (push) Successful in 55s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m18s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-11-02 21:06:06 +00:00
sysadm
b2297e2843 Updated flake for skynet_website_wiki
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 49s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
Build_Deploy / deploy_active (active-core) (push) Failing after 1m18s
2024-11-02 20:23:02 +00:00
sysadm
4f4431cd6d Updated flake for compsoc_public
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 49s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Failing after 32s
Build_Deploy / deploy_active (active-ext) (push) Successful in 27s
2024-11-02 20:14:25 +00:00
8c98281eff
fix: finally got items that have git-lfs working
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 47s
Build_Deploy / deploy_active (active-core) (push) Failing after 31s
Build_Deploy / deploy_active (active-ext) (push) Successful in 27s
Long story short it seems that ``git+`` does not handle lfs objects when hashing it

The reason we are using teh archives is as follows:
https://nixos-and-flakes.thiscute.world/other-usage-of-flakes/inputs
>     # Regular git input doesn't support LFS yet.
>     #    git-example-lfs.url = "https://codeberg.org/solver-orgz/treedome/archive/master.tar.gz";
2024-11-02 20:07:53 +00:00
45afc95d99
fix: back to old version of the websites
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 48s
Build_Deploy / deploy_active (active) (push) Successful in 47s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
Build_Deploy / deploy_active (active-core) (push) Failing after 46s
Dont fuck with them
2024-11-02 19:15:44 +00:00
49d69b1a10
fix: slight improvement in how packages are added to eachs erver
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 16s
Build_Deploy / deploy_dns (push) Successful in 1m14s
Build_Deploy / deploy_active (active) (push) Successful in 1m22s
Build_Deploy / deploy_active (active-core) (push) Failing after 25s
Build_Deploy / deploy_active (active-ext) (push) Successful in 48s
2024-11-02 18:55:40 +00:00
cb2fba3f81
fix: servers need to have git lfs installed as well 2024-11-02 18:54:27 +00:00
6d2a13cf03
feat: rebuilt wheatly
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 1m18s
Build_Deploy / deploy_active (active-core) (push) Failing after 26s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-11-02 17:10:25 +00:00
97a062180e
ci: make lix available in builds 2024-11-02 17:10:09 +00:00
be75fcb296
fix: stop using teh bleeding edge lix 2024-11-02 17:09:45 +00:00
50fc679172
cleanup: gettign rid of the gitlab runner config 2024-11-02 17:09:11 +00:00
45e9d60967
ci: test only building develop
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
Build_Deploy / build (push) Successful in 1m2s
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_dns (push) Has been cancelled
2024-11-02 15:27:34 +00:00
59855b06e3
ci: make verbose to see what is running on it
Some checks failed
Build_Deploy / deploy_dns (push) Blocked by required conditions
Build_Deploy / deploy_active (active) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-core) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Has been cancelled
2024-11-02 14:50:03 +00:00
6d4160fe65
fix: bump everythign after all
Some checks are pending
Build_Deploy / build (push) Waiting to run
Build_Deploy / deploy_dns (push) Blocked by required conditions
Build_Deploy / deploy_active (active) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-core) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Successful in 6s
2024-11-02 14:19:39 +00:00
ff6af9916d
fix: dont update lix yet, causes a pile of errors
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
2024-11-02 11:38:15 +00:00
2c196ae87e
fix: disable the document writer untl its fixed 2024-11-02 11:14:52 +00:00
c648bded74
testing: to see if we can get a whiteboard working 2024-11-02 11:14:52 +00:00
8a85846c0d
feat: using the upstreamed bitwarden directory conenctor 2024-11-02 11:14:52 +00:00
5448662230
fix: getattic working
Seems to have been mainstreamed
2024-11-02 11:14:41 +00:00
50459f7982
fix: solves i24-09-03_614 2024-11-01 13:12:14 +00:00
sysadm
c114f31d2e Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 12s
Build_Deploy / build (push) Successful in 4m44s
Build_Deploy / deploy_dns (push) Successful in 50s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 38s
2024-10-18 22:27:21 +00:00
sysadm
74a3f11f9b Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m48s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-10-09 16:51:49 +00:00
sysadm
87383ccaae Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m37s
Build_Deploy / deploy_dns (push) Successful in 51s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-10-09 16:10:43 +00:00
9a8b446497 Merge pull request '#134_limit-dns' (#135) from #134_limit-dns into main
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m26s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m12s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
Reviewed-on: #135
2024-10-09 14:16:47 +00:00
2fc07e49aa
fix: disable gpg signing on forgejo
Some checks failed
Build_Deploy / deploy_dns (push) Blocked by required conditions
Build_Deploy / deploy_active (active) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-core) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Has been cancelled
2024-10-09 15:16:07 +01:00
sysadm
cd10457035 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m32s
Build_Deploy / deploy_dns (push) Successful in 48s
Build_Deploy / deploy_active (active) (push) Successful in 53s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m33s
Build_Deploy / deploy_active (active-ext) (push) Successful in 39s
2024-10-07 19:54:10 +00:00
sysadm
8e48b61473 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m37s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-10-06 20:09:08 +00:00
86efe11f83
fmt: formatting 2024-10-05 12:41:25 +01:00
1fcfc78c6b
doc: add a pile of documentation to teh dns file 2024-10-05 12:35:22 +01:00
91d76c08f1
feat: limit the dns to explicitly servers we are using
Closes #134
2024-10-05 12:20:24 +01:00
0b0db08f01
feat: actually record our wifi network 2024-10-05 11:15:38 +01:00
5c5ea3678d
feat: switching over the committee
All checks were successful
Build_Deploy / linter (push) Successful in 14s
Build_Deploy / build (push) Successful in 3m19s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m45s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-10-04 13:34:11 +01:00
a4be5de575
feat: switching over the committee
Some checks failed
Build_Deploy / deploy_dns (push) Blocked by required conditions
Build_Deploy / deploy_active (active) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-core) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Has been cancelled
2024-10-04 12:37:56 +01:00
ad9e434a28
feat: forgejo runner needs docker enabled
All checks were successful
Build_Deploy / linter (push) Successful in 11s
Build_Deploy / build (push) Successful in 4m50s
Build_Deploy / deploy_dns (push) Successful in 38s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-10-04 12:01:17 +01:00
51d8a84432
feat: initial removal of the gitlab runner
For scream testing
2024-10-04 12:01:17 +01:00
259a6df8a7
feat: allow for the sserver instance to sign off merge commits 2024-10-04 12:01:17 +01:00
sysadm
c0aa5c138d Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m34s
Build_Deploy / deploy_dns (push) Successful in 42s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m12s
Build_Deploy / deploy_active (active-ext) (push) Successful in 37s
2024-09-29 23:22:29 +00:00
sysadm
e1a3a64a8d Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m37s
Build_Deploy / deploy_dns (push) Successful in 42s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 2m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-09-29 19:10:15 +00:00
sysadm
542ee2858e Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m44s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m13s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-09-29 09:37:14 +00:00
sysadm
df6825cb7e Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m57s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m12s
Build_Deploy / deploy_active (active-ext) (push) Successful in 33s
2024-09-27 19:23:52 +00:00
sysadm
335f2f08f1 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m49s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-25 19:46:01 +00:00
sysadm
d47abf2527 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m34s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-25 16:40:29 +00:00
sysadm
8275f3063b Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m40s
Build_Deploy / deploy_dns (push) Successful in 39s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-25 16:31:32 +00:00
sysadm
d76d5acbb7 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m43s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 55s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m19s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-25 15:23:37 +00:00
sysadm
be4f8dbe89 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m35s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m15s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-25 15:10:03 +00:00
sysadm
71d6d7555b Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m48s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m12s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-25 14:56:13 +00:00
sysadm
14334cbee4 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 9s
Build_Deploy / build (push) Successful in 3m45s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-25 14:31:56 +00:00
sysadm
181a78286e Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m33s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-24 18:24:08 +00:00
sysadm
a6a368457a Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m47s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-24 12:56:58 +00:00
sysadm
7eb83514ca Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 9s
Build_Deploy / build (push) Successful in 3m32s
Build_Deploy / deploy_dns (push) Successful in 39s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m12s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-24 10:07:51 +00:00
sysadm
743f6faa44 Updated flake for skynet_website_games
Some checks failed
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m29s
Build_Deploy / deploy_dns (push) Successful in 51s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Failing after 1s
Build_Deploy / deploy_active (active-ext) (push) Failing after 3s
2024-09-23 20:09:07 +00:00
esy
95e9b971b2 feat: add license 2024-09-23 20:07:43 +00:00
sysadm
13e9552799 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 11s
Build_Deploy / build (push) Successful in 3m38s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-23 14:01:41 +00:00
sysadm
6831976805 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m35s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-23 13:26:32 +00:00
sysadm
103bd93772 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m44s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-23 12:47:45 +00:00
sysadm
8725a9af9d Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m38s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-22 18:46:10 +00:00
sysadm
668dd90358 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m43s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-22 17:06:21 +00:00
sysadm
b215f10513 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m58s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-20 14:16:11 +00:00
sysadm
0907c36e18 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 10s
Build_Deploy / build (push) Successful in 3m33s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-09-18 15:51:32 +00:00
sysadm
fdebdb6cc5 Updated flake for skynet_website_wiki
Some checks failed
Build_Deploy / deploy_active (active-core) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m42s
Build_Deploy / deploy_dns (push) Successful in 39s
Build_Deploy / deploy_active (active) (push) Has been cancelled
2024-09-18 15:46:32 +00:00
sysadm
839009195a Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m48s
Build_Deploy / deploy_dns (push) Successful in 51s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-18 11:04:52 +00:00
sysadm
951a72d0a6 Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m34s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m17s
Build_Deploy / deploy_active (active-ext) (push) Successful in 32s
2024-09-18 06:17:25 +00:00
sysadm
5d72d1aa84 Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m57s
Build_Deploy / deploy_dns (push) Successful in 39s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m18s
Build_Deploy / deploy_active (active-ext) (push) Successful in 32s
2024-09-17 23:06:27 +00:00
sysadm
5eeda983eb Updated flake for skynet_discord_bot
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m47s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Failing after 1m14s
Build_Deploy / deploy_active (active-ext) (push) Successful in 36s
2024-09-17 22:23:02 +00:00
sysadm
5012dd992f Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 9s
Build_Deploy / build (push) Successful in 3m27s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 31s
2024-09-17 21:35:54 +00:00
sysadm
2e06a80dfc Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m59s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m14s
Build_Deploy / deploy_active (active-ext) (push) Successful in 27s
2024-09-17 11:40:09 +00:00
sysadm
65d4a91fa4 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m31s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-09-17 11:12:18 +00:00
2bcdfb0f83
fix: dont run earch seperately
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m35s
Build_Deploy / deploy_dns (push) Successful in 43s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-17 00:38:56 +01:00
8c828738ca
feat: updated the inputs for the discord bot 2024-09-17 00:38:56 +01:00
sysadm
7c8d9641b5 Updated flake for skynet_discord_bot
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 37s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-09-16 23:37:14 +00:00
sysadm
97ca87ec11 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m43s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-15 17:57:44 +00:00
sysadm
c692663e0e Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m59s
Build_Deploy / deploy_dns (push) Successful in 42s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-15 17:28:26 +00:00
sysadm
37c564be74 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m49s
Build_Deploy / deploy_dns (push) Successful in 42s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-15 00:02:53 +00:00
sysadm
fdd2c24bbd Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m46s
Build_Deploy / deploy_dns (push) Successful in 42s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-14 22:46:07 +00:00
sysadm
5d6aec46de Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 4m5s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-14 21:40:07 +00:00
sysadm
32d534be45 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m46s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-13 21:20:09 +00:00
31e7cca4ed
feat: now hosting Out in UL
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m52s
Build_Deploy / deploy_dns (push) Successful in 48s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-10 21:58:42 +01:00
7dcbf88fa4
feat: adding my second laptop to the secrets list
All checks were successful
Build_Deploy / linter (push) Successful in 20s
Build_Deploy / build (push) Successful in 4m49s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 33s
2024-09-09 19:45:13 +01:00
sysadm
4b2720df36 Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m56s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m19s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-09-02 12:54:32 +00:00
sysadm
5fa1bbd818 Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m48s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m15s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-31 18:33:57 +00:00
sysadm
a050b6ced7 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m54s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-29 21:26:11 +00:00
38e0322f67
feat: skynet admins are committee
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m56s
Build_Deploy / deploy_dns (push) Successful in 39s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 26s
2024-08-26 23:49:47 +01:00
sysadm
31dc474c84 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 10s
Build_Deploy / build (push) Successful in 3m45s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-26 22:39:52 +00:00
sysadm
3347ac8a89 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m47s
Build_Deploy / deploy_dns (push) Successful in 49s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-26 22:32:11 +00:00
sysadm
9143fdc77c Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m54s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-26 22:19:31 +00:00
sysadm
11d4c2269c Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m47s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m14s
Build_Deploy / deploy_active (active-ext) (push) Successful in 36s
2024-08-26 20:53:28 +00:00
sysadm
4196934565 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m51s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-26 19:44:20 +00:00
35b12b57aa
fix: bump alejandra to a newer version as the existing version didnt have an input quoted
All checks were successful
Build_Deploy / linter (push) Successful in 2m7s
Build_Deploy / build (push) Successful in 53m13s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 54s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m22s
Build_Deploy / deploy_active (active-ext) (push) Successful in 38s
2024-08-26 09:43:09 +01:00
6c9a852e78
fix: bump the wiki
Some checks failed
Build_Deploy / deploy_dns (push) Blocked by required conditions
Build_Deploy / deploy_active (active) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-core) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Failing after 2s
Build_Deploy / build (push) Has been cancelled
See https://forgejo.skynet.ie/Skynet/nixos/actions/runs/192 for details on the issue
2024-08-26 09:15:44 +01:00
ddf5a22d8b
nix: switch over to using Lix
Related to #81
2024-08-26 09:14:42 +01:00
287b268161
fix: inputs have to be quoted 2024-08-26 09:13:25 +01:00
sysadm
31c94bc8d2 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m38s
Build_Deploy / deploy_dns (push) Successful in 36s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-22 17:03:12 +00:00
sysadm
34ffe6c37f Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m33s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 42s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-21 22:53:41 +00:00
sysadm
884617ddb7 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m38s
Build_Deploy / deploy_dns (push) Successful in 36s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 27s
2024-08-21 22:46:27 +00:00
sysadm
39fd65d467 Updated flake for skynet_website
All checks were successful
Build_Deploy / linter (push) Successful in 2m40s
Build_Deploy / build (push) Successful in 54m7s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 2m37s
Build_Deploy / deploy_active (active-ext) (push) Successful in 32s
2024-08-21 08:34:33 +00:00
silver
ac7db8f099 Updated flake for
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 52m14s
Build_Deploy / deploy_dns (push) Successful in 2m13s
Build_Deploy / deploy_active (active) (push) Failing after 4m5s
Build_Deploy / deploy_active (active-core) (push) Failing after 4m25s
Build_Deploy / deploy_active (active-ext) (push) Successful in 1m39s
2024-08-21 02:22:02 +00:00
99b2ba1477
ci: update input now works on everything
Some checks failed
Build_Deploy / build (push) Has been cancelled
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / linter (push) Has been cancelled
2024-08-21 03:20:56 +01:00
36e9e6b76d
ci: update input now works on everything
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
2024-08-21 03:19:10 +01:00
sysadm
97d750ac66 Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
Build_Deploy / build (push) Failing after 1m46s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
2024-08-21 01:40:04 +00:00
fc78bb7287
ci: test with keep failed
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
2024-08-21 02:38:25 +01:00
5d93ffb71f
ci: test with keep failed
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Waiting to run
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
2024-08-21 02:21:40 +01:00
41dd05cd36
ci: test with keep failed
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 20s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 02:20:44 +01:00
350f4266ed
ci: test with keep failed
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
Build_Deploy / build (push) Failing after 28s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
2024-08-21 02:14:07 +01:00
aefd9bbdb0
ci: `nix flake update`
Some checks failed
Build_Deploy / linter (push) Successful in 2m42s
Build_Deploy / build (push) Failing after 3m13s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 01:56:25 +01:00
sysadm
598ae73b3e Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Failing after 1m25s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 00:48:28 +00:00
bf939cc941
ci: newer versions of nix have this format for updating flake inputs
Some checks failed
Build_Deploy / build (push) Has been cancelled
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / linter (push) Has been cancelled
2024-08-21 01:47:27 +01:00
sysadm
4688eec153 Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 1m26s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 00:35:11 +00:00
961a35b990
ci: more testing
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
2024-08-21 01:32:34 +01:00
987db0c6aa
ci: more testing 2024-08-21 01:31:53 +01:00
sysadm
6ce2a6337f Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 1m27s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 00:21:34 +00:00
deb43c0768
ci: more testing
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 1m28s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 01:12:04 +01:00
sysadm
6c9df12566 Updated flake for skynet_website_2009
Some checks failed
Build_Deploy / linter (push) Successful in 2m23s
Build_Deploy / build (push) Failing after 1m29s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 00:01:21 +00:00
sysadm
fb1ef7b66b Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
Build_Deploy / build (push) Failing after 3m28s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
2024-08-20 23:36:29 +00:00
75740f9bae
ci: more testing
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Failing after 1m21s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 00:17:57 +01:00
6376e910f1
ci: test using ref=main for the inputs
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 1m23s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 00:03:07 +01:00
sysadm
8e57469ee2 Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Failing after 1m28s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-20 22:45:23 +00:00
sysadm
1638e44caa Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 1m28s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-20 22:37:19 +00:00
58800bf7b2
fix: incorrect hashes
Some checks failed
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Failing after 1m27s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-20 23:07:50 +01:00
sysadm
68d5a91b0b Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m25s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 47s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-19 22:38:29 +00:00
a7b559972b
feat : adjust nginx to point at root of new docs, update name of flake
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 1m29s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-19 23:31:28 +01:00
sysadm
39be11301a Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m42s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 47s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m18s
Build_Deploy / deploy_active (active-ext) (push) Successful in 36s
2024-08-19 22:09:25 +00:00
esy
afa3515cd8 fix: not showing in preview
single quotes works double doesnt for some reason
2024-08-16 18:57:47 +00:00
esy
0e5990e563 Update ITD/Firewall_Rules.csv
add git ssh ticket
2024-08-16 18:55:18 +00:00
sysadm
8302b216e0 Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m58s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m23s
Build_Deploy / deploy_active (active-ext) (push) Successful in 32s
2024-08-16 14:38:20 +00:00
sysadm
9a67dfee37 Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m46s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m24s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-08-12 23:59:18 +00:00
sysadm
3997805406 Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m43s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m21s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-12 23:49:28 +00:00
2d95094fbd
feat: allow having nice links without .html
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m46s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m25s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-08-13 00:09:32 +01:00
sysadm
692ed8e3f0 Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m44s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m21s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-12 22:38:47 +00:00
sysadm
04944584c6 Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m48s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-12 21:00:14 +00:00
fbff2a4ab2
fix: point teh wiki to teh right subfolder
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m44s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 47s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m19s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-08-12 19:32:59 +01:00
sysadm
de72894701 Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m44s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-08-12 18:25:36 +00:00
sysadm
5cdcd97f6b Updated flake for skynet_website_games
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m39s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m19s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-08-11 20:57:59 +00:00
sysadm
25c4007e3e Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
2024-08-11 20:55:34 +00:00
sysadm
fea5ec177e Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m38s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-11 20:47:47 +00:00
sysadm
f49bf144ae Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m39s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-11 20:24:02 +00:00
sysadm
e76262aa43 Updated flake for compsoc_public
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
2024-08-11 20:23:18 +00:00
sysadm
20f0c16e2f Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m40s
Build_Deploy / deploy_dns (push) Successful in 50s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-11 20:14:50 +00:00
9c6844fed2
fix: should only deploy from main
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m39s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-11 20:38:20 +01:00
f61b9c8d6d
fix: should only deploy from main 2024-08-11 18:47:36 +01:00
sysadm
62115a3d93 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m24s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-11 16:50:00 +00:00
0e7048be31
feat: add a few extra useful tools to teh runner
All checks were successful
Build_Deploy / linter (push) Successful in 13s
Build_Deploy / build (push) Successful in 3m40s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m17s
Build_Deploy / deploy_active (active-ext) (push) Successful in 33s
2024-08-11 04:13:25 +01:00
c2ace73a9b
ci: add workflow for updating forgejo 2024-08-10 23:08:35 +01:00
9120a81d6b
feat: switch over to using forjo for inputs
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m56s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-10 21:32:51 +01:00
186833f70c
fix: use github as the default url for actions, will still be recommending to use the fully qualified link for it though 2024-08-10 20:41:48 +01:00
sysadm
31f54b1e92 Updated flake for simple-nixos-mailserver
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m36s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m17s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-09 19:56:31 +00:00
5a21783b63
ci: no need to run buiold and deploy on a workflow update 2024-08-08 14:55:29 +01:00
529b0e13ec
ci: give teh flake update workflow a better name
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
2024-08-08 14:53:13 +01:00
410017d86f Merge pull request 'Setup Forgejo' (#126) from #85-test-forgejo into main
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m35s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
Reviewed-on: https://forgejo.skynet.ie///Skynet/nixos/pulls/126
2024-08-07 23:06:43 +00:00
1fb4318310
feat: got the pipelines configured now
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m14s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m13s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
Update .mailmap

See if making it .mailmap fixes it

Signed-off-by: silver <silver@skynet.ie>

Add .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

feat: initial test of flake update

Signed-off-by: silver <silver@skynet.ie>

test: seeing if I can push changes

testing

fix: set the url of the external plugin correctly

Signed-off-by: silver <silver@skynet.ie>

fix: go back to using nix

fix: update command

Signed-off-by: silver <silver@skynet.ie>

Apply automatic changes

revert 26c7781fad

revert Apply automatic changes

test: add teh cache and colmena build

Signed-off-by: silver <silver@skynet.ie>

test: see if this helps

Signed-off-by: silver <silver@skynet.ie>

test: see if using another plugin will work

Signed-off-by: silver <silver@skynet.ie>

test: the cache key

test: more testing

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

test: s[pplit up teh build and cache propegation

attic push --ignore-upstream-cache-filter mycache $(ls -d /nix/store/*/ | grep -v fake_nixpkgs)

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

revert 35887a8fba

revert Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

fix: no need to upload in pipeline now,

Signed-off-by: silver <silver@skynet.ie>

ci: initial commit of the deploy pipeline

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/deploy.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/deploy.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

Updated flake for agenix

test: force pipeline

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

ci: testing if I can get this working right

Signed-off-by: silver <silver@skynet.ie>

Updated flake for arion

revert b6cd168c38

revert Updated flake for arion

ci: more changes to see if this will help

Signed-off-by: silver <silver@skynet.ie>

Updated flake for arion

revert da380ed0f4

revert Updated flake for arion

Update .forgejo/workflows/deploy.yaml

Signed-off-by: silver <silver@skynet.ie>

Updated flake for arion

revert f0ee4a9e69

revert Updated flake for arion

fix: reformatted flake

ci: testing out deploy

ci: testing out deploy, new ssh manager

ci: more testing

ci: see if going back to basics helps

ci: test a few things

ci: test a few things

ci: for testing

ci: more testing

ci: some bastardisation for thbe ssh

ci: more testing

ci: check if setting root as teh user helps

ci: check if setting root as teh user helps2

ci: check if setting root as teh user helps2

ci: check if setting root as teh user helps2

ci: more testing

ci: more testing

ci: more testing

ci: more testing2

ci: more testing2

ci: more testing2

ci: more testing2

ci: more testing2

ci: more testing2

ci: clean up testing

ci: final tests

ci:: final, fixing

ci: need logging

ci: more testing

ci: gahhhhhhhhhh

ci: AAAAAAAAAAAAAAAAAA

ci: lets go back

ci: lets go backaaaaaaaa

ci: lets go backaaaaaaaaqweadadsasdasdasdasd

ci: lets go backaaaaaaaaqweadadsasdasdasdasd

ci: add the final deploy config

Add .forgejo/workflows/testing.yaml

(cherry picked from commit f2cf71ef98)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit e156b61105)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit 80e1fcc545)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit 423f2dd5b3)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit f446ba5443)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit 44a7186a40)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit ed0be4507a)
2024-08-07 22:10:16 +01:00
f00ae5bd2d
feat: basic forgejo setup 2024-08-07 21:52:50 +01:00
97d1783561
feat: basic config for ForgeJo 2024-08-06 20:52:19 +01:00
98136e802b
fix: git is important enough that it should have its own folder 2024-08-06 15:41:59 +01:00
86e0c091fb Merge branch '#84-improve-topdesk-organisation' into 'main'
Add a BCC to service account mails to enable threading

Closes #84

See merge request compsoc1/skynet/nixos!38
2024-07-25 08:21:33 +00:00
4f87e56d63
fix: include cc's for incoming mail 2024-07-24 20:47:58 +01:00
cd002aec03 fix : remove unneeded import
Prometheus is imported through base
2024-07-22 20:02:38 +00:00
9c7d08c153
fix: slight bit of formatting and a renaming
Closes #84
2024-07-22 18:57:31 +01:00
35920eda0c
feat: this should put an automatic bcc on outgoing mail as well as a corrosponding filter to put it in teh right inboxes
Relates to #84
2024-07-22 18:54:23 +01:00
ba527ead3b Update VPN_Admins.csv 2024-07-22 13:01:37 +00:00
1212ecc7a1
its: better handling of changes over time for teh vpn users 2024-07-22 13:18:12 +01:00
bbcc8fc1f6
itd: add the ticket to the rules 2024-07-22 13:04:24 +01:00
ba6d831f73
itd: vpn users has been updated 2024-07-22 13:02:31 +01:00
bd96a84fe8
committee: added Emilia 2024-07-21 21:18:06 +01:00
d64997991d
update: rebased the mailserver to pull in updates from upstream 2024-07-21 13:10:18 +01:00
537863c913
ci: improve teh pipeline 2024-07-20 14:16:55 +01:00
ed4dcbc756
ci: improve teh pipeline 2024-07-20 14:12:03 +01:00
5c6939bc83
Revert "ci: improve teh pipeline"
This reverts commit 2834fbba8d.
2024-07-20 14:07:47 +01:00
2834fbba8d
ci: improve teh pipeline 2024-07-20 13:38:35 +01:00
c5a651d98e
nix: bump nixpkgs to get the patched gitlab 2024-07-20 12:45:16 +01:00
648b437767
dns: use better date for teh serial 2024-07-20 12:28:53 +01:00
a4d83fde50
ci: test using lix on teh runner
Relates to #81

Also bump the base image to teh latest alpine
2024-07-20 12:28:36 +01:00
2a949f8e82
fix: test the new format 2024-07-20 01:00:53 +01:00
abdc5b6d50 Merge branch '#55-non-skynet-dns' into 'main'
Allow DNS for non skynet.ie domains

Closes #55

See merge request compsoc1/skynet/nixos!37
2024-07-17 19:08:52 +00:00
c5c44acc8b
fmt: prepping for #80 2024-07-17 04:20:48 +01:00
1287160cdf
feat: reduced some complexity 2024-07-17 04:08:04 +01:00
4c8ebb455e
feat: the actual bind files are now created directly from teh records 2024-07-17 03:50:20 +01:00
454e58b085
feat: generate the zones directly from teh dns records 2024-07-17 03:00:20 +01:00
2a8a7cc7f4
feat: simplify the zone creation 2024-07-17 01:38:31 +01:00
0b25b5ac54
fix: smol cleanup 2024-07-17 00:53:28 +01:00
356ac2e505
fix: move the mailserver dns config to the proper file 2024-07-17 00:52:55 +01:00
1a07781c4d
feat: the right width for records will now be auto calculated 2024-07-17 00:47:45 +01:00
15e534c222
feat: add new option for dns records 2024-07-16 23:17:38 +01:00
e9d5985adf
fmt: remove duplicate imports, now unified in applications/_base.nix 2024-07-16 23:09:22 +01:00
cb0cfbaf4a
fmt: move the dns into its own folder 2024-07-16 22:54:44 +01:00
b1bd6ca40a
feat: unify the record options 2024-07-16 22:31:28 +01:00
9fb45cba7e
feat: bump the nixpkgs version, specifically bringing in newer gitlab 2024-07-15 15:14:44 +01:00
3837ff2dd1
fix: sort the domains, prevents errors in cert renewal 2024-07-09 22:16:09 +01:00
b6b9ae0579
feat: new wiki domain 2024-07-09 22:12:41 +01:00
runner_nix
b7cb7eeade Updated flake for skynet_website_renew 2024-07-09 20:54:14 +00:00
2a45bc4f70
cve: bumped system to have the updated sshd package
relates to CVE-2024-6387
2024-07-02 14:13:08 +01:00
e6954d3448
git: merging in some upstream changes while still waiting for ther patch to be merged in 2024-06-27 13:19:12 +01:00
09e7f8f0d4 fix: what is old is new again 2024-06-18 22:50:28 +00:00
dac45073d6 Add entries for modded minecraft server 2024-06-18 19:22:29 +00:00
9583eaa9be
doc: update the firewall changes 2024-06-18 10:14:06 +01:00
a0215b2271
doc: added a new page for names ideas 2024-06-17 20:58:33 +01:00
cd13520aba
feat: new server for stats, ariia, danm I love this naming scheme 2024-06-17 20:58:33 +01:00
8009b7c8d1
fix: some small fixes for prometheus 2024-06-17 20:58:32 +01:00
runner_nix
07cb42dd65 Updated flake for skynet_website_renew 2024-06-17 01:39:31 +00:00
6229abcefa fix: put teh blockers for teh update of teh flakes first 2024-06-17 01:11:03 +00:00
runner_nix
c197f0df85 Updated flake for skynet_website_2009 2024-06-17 00:48:14 +00:00
435379e610
doc: imported in the VPN Admins 2024-06-17 01:24:53 +01:00
44c81b1f3e
doc: reorganised to encompass all teh tickets we have submitted over time.
May work on a tool that compiles this together into a unified output?
2024-06-17 01:20:29 +01:00
897c52cc3e
doc: added the new servers 2024-06-17 01:17:52 +01:00
7ea813667b
git: update the lockfile to deal with open office 2024-06-17 01:17:27 +01:00
d226e905a2
fix: cut don what we have to fit better in the original format 2024-06-16 15:21:23 +01:00
40ece2f683
fix: originally this was a spreadsheet, split out and emulate the form better 2024-06-16 15:10:14 +01:00
9b84ff8619 Merge branch 'dmarc-spf-changes' into 'main'
Change spf and dmarc config

See merge request compsoc1/skynet/nixos!36
2024-06-15 14:38:47 +00:00
daragh
5933cb5dfe
Revert "test"
This reverts commit e0a461bb0a.
2024-06-15 15:25:38 +01:00
daragh
c0ddc2d6a9
switch include to a, remove skynet.ie 2024-06-15 15:25:38 +01:00
9e90553a6b Merge branch nixos:main into dmarc-spf-changes 2024-06-15 14:17:17 +00:00
daragh
e0a461bb0a
test 2024-06-15 15:07:08 +01:00
ed331c3f08 Originally this was set up so updating teh flake and pushing out to servers would occur in a single pipeline.
Add 

Relates to #79
2024-06-15 14:02:01 +00:00
452f33baa8 Update .gitlab-ci.yml file 2024-06-15 13:51:51 +00:00
daragh
149b58ce09
use cfg variables 2024-06-15 14:42:36 +01:00
daragh
1b848029e2
fix host ip variable 2024-06-15 14:30:40 +01:00
daragh
d3030aa2d1
Changing spf and dmarc config 2024-06-15 13:26:24 +01:00
5c33399d97
feat: add teh snapshot at the end of the year 2024-06-14 22:03:21 +01:00
1d3549d541
feat: current version is always on top 2024-06-14 21:34:43 +01:00
5c8dcdef00
feat: really easy to import in old versions of the site 2024-06-14 21:28:52 +01:00
34f8f0eb8c
femt: move skynet into its own subfolder 2024-06-14 20:38:46 +01:00
fee1e34ca8
fix: move to a better naming scheme for previous versions of teh skynet sites 2024-06-14 20:36:16 +01:00
86 changed files with 2002 additions and 1717 deletions

View file

@ -0,0 +1,59 @@
name: Build_Deploy
on:
workflow_run:
workflows: [ "Update_Flake" ]
types:
- completed
push:
branches:
- 'main'
paths:
- applications/**/*
- machines/**/*
- secrets/**/*
- flake.*
- config/**/*
- .forgejo/**/*
jobs:
linter:
runs-on: nix
steps:
- uses: actions/checkout@v4
- run: nix fmt -- --check .
- run: nix --version
#if: github.repository == 'Skynet/nixos'
build:
runs-on: nix
steps:
- uses: actions/checkout@v4
- run: nix develop -v
# - name: Archive Test Results
# if: always()
# run: sleep 100m
# - run: colmena build -v --on @active-dns
# - run: colmena build -v --on @active-core
# - run: colmena build -v --on @active
# - run: colmena build -v --on @active-ext
# - run: colmena build -v --on @active-gitlab
deploy_dns:
runs-on: nix
needs: [ linter, build ]
steps:
- uses: actions/checkout@v4
- run: colmena apply -v --on @active-dns --show-trace
shell: bash
deploy_active:
strategy:
matrix:
batch: [ active-core, active, active-ext ]
runs-on: nix
needs: [ deploy_dns ]
steps:
- uses: actions/checkout@v4
- run: colmena apply -v --on @${{ matrix.batch }} --show-trace
shell: bash

View file

@ -0,0 +1,12 @@
name: Update_Forgejo
on:
workflow_dispatch:
jobs:
deploy:
runs-on: nix
steps:
- uses: actions/checkout@v4
- run: colmena apply -v --on @active-gitlab --show-trace
shell: bash

View file

@ -0,0 +1,31 @@
name: Update_Flake
run-name: "[Update Flake] ${{ inputs.input_to_update }}"
on:
workflow_dispatch:
inputs:
input_to_update:
description: 'Flake input to update'
required: false
type: string
jobs:
update:
runs-on: nix
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
# added or changed files to the repository.
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
token: ${{ secrets.PIPELINE_TOKEN }}
- run: nix flake update ${{ inputs.input_to_update }}
shell: bash
- uses: https://github.com/stefanzweifel/git-auto-commit-action@v5
with:
commit_message: "Updated flake for ${{ inputs.input_to_update }}"

3
.gitignore vendored
View file

@ -6,6 +6,9 @@
*.tmp *.tmp
tmp tmp
# open office tmp lockfiles
.~lock.*
# Test files # Test files
test.* test.*
*.test.* *.test.*

View file

@ -30,7 +30,7 @@ update:
# the part that updates the flake # the part that updates the flake
- nix --experimental-features 'nix-command flakes' flake lock --update-input $PACKAGE_NAME - nix --experimental-features 'nix-command flakes' flake lock --update-input $PACKAGE_NAME
- git add flake.lock - git add flake.lock
- git commit -m "[skip ci] Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit" - git commit -m "Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit"
# we have a custom domain # we have a custom domain
- git remote rm origin && git remote add origin ssh://git@gitlab.skynet.ie:2222/compsoc1/skynet/nixos.git - git remote rm origin && git remote add origin ssh://git@gitlab.skynet.ie:2222/compsoc1/skynet/nixos.git
- git push origin HEAD:$CI_COMMIT_REF_NAME - git push origin HEAD:$CI_COMMIT_REF_NAME
@ -48,13 +48,14 @@ sync_repos:
- chmod +x ./sync.sh - chmod +x ./sync.sh
- ./sync.sh - ./sync.sh
rules: rules:
- if: $UPDATE_FLAKE == "yes"
when: never
- if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
changes: changes:
- sync/repos.csv - sync/repos.csv
.scripts_base: &scripts_base .scripts_base: &scripts_base
# load nix environment # load nix environment
- git pull origin $CI_COMMIT_REF_NAME
- . "$HOME/.nix-profile/etc/profile.d/nix.sh" - . "$HOME/.nix-profile/etc/profile.d/nix.sh"
- nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#colmena - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#colmena
@ -69,6 +70,8 @@ sync_repos:
- nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#attic-client - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#attic-client
- attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY - attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY
- attic use skynet-cache - attic use skynet-cache
# add any new items to the cache
- attic watch-store skynet-cache &
# every commit on main will build and deploy # every commit on main will build and deploy
.build_template: &builder .build_template: &builder
@ -78,6 +81,8 @@ sync_repos:
- *scripts_base - *scripts_base
- *scripts_cache - *scripts_cache
rules: rules:
- if: $UPDATE_FLAKE == "yes"
when: never
- changes: - changes:
- applications/**/* - applications/**/*
- machines/**/* - machines/**/*
@ -93,6 +98,8 @@ sync_repos:
- *scripts_base - *scripts_base
- *scripts_cache - *scripts_cache
rules: rules:
- if: $UPDATE_FLAKE == "yes"
when: never
- if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
changes: changes:
- flake.nix - flake.nix
@ -112,7 +119,7 @@ build:
<<: *builder <<: *builder
stage: test stage: test
script: script:
- attic watch-store skynet-cache & - nix --extra-experimental-features 'nix-command flakes' develop
- colmena build -v --on @active-dns - colmena build -v --on @active-dns
- colmena build -v --on @active-core - colmena build -v --on @active-core
- colmena build -v --on @active - colmena build -v --on @active
@ -154,7 +161,6 @@ deploy_ext:
- deploy_dns - deploy_dns
script: script:
- colmena apply -v --on @active-ext - colmena apply -v --on @active-ext
allow_failure: true
deploy_gitlab: deploy_gitlab:
<<: *builder <<: *builder

View file

45
ITD/Firewall_Rules.csv Normal file
View file

@ -0,0 +1,45 @@
Rule,Action,Ticket,Status,Source_IP,Source_Server,Destination_IP,Destination_Server,Port_TCP,Port_UDP,Notes
SKYNET_FIREWALL_00000,Add,,Complete,VPN,-,93.1.99.71 - 193.1.99.126,All,22,-,sftp/ssh required from vpn to servers for admins
SKYNET_FIREWALL_00001,Add,,Complete,All,-,193.1.99.109,SKYNET00004,-,53,Nameserver for skynet.ie
SKYNET_FIREWALL_00002,Add,,Complete,All,-,193.1.99.111,SKYNET00005,"80, 443, 8000",-,"ULFM, http(s) for internet streaming, 8000 for connecting to the server."
SKYNET_FIREWALL_00003,Add,,Complete,All,-,193.1.99.112,SKYNET00006,"80, 443, 25565",-,"Games host, Minecraft uses 25565 (will have more ports in the future)"
SKYNET_FIREWALL_00004,Add,,Complete,All,-,193.1.99.120,SKYNET00002,-,53,Nameserver for skynet.ie
SKYNET_FIREWALL_00005,Add,i23-01-19_681,Complete,193.1.99.72,SKYNET00001,All,-,-,-,Allow outbound access
SKYNET_FIREWALL_00006,Add,i23-01-19_681,Complete,193.1.99.75,SKYNET00008,All,-,-,-,Allow outbound access
SKYNET_FIREWALL_00007,Add,i23-01-19_681,Complete,193.1.99.109,SKYNET00004,All,-,-,-,Allow outbound access
SKYNET_FIREWALL_00008,Add,i23-01-19_681,Complete,193.1.99.111,SKYNET00005,All,-,-,-,Allow outbound access
SKYNET_FIREWALL_00009,Add,i23-01-19_681,Complete,193.1.99.112,SKYNET00006,All,-,-,-,Allow outbound access
SKYNET_FIREWALL_00010,Add,i23-01-19_681,Complete,193.1.99.120,SKYNET00002,All,-,-,-,Allow outbound access
SKYNET_FIREWALL_00011,Add,i23-05-18_249,Complete,All,-,193.1.99.75,SKYNET00008,"80, 443",-,For gitlab Access
SKYNET_FIREWALL_00012,Add,i23-05-18_249,Complete,193.1.99.72 - 193.1.99.126,-,All,-,-,-,"I would also like to extend the outbound access to cover our entire range (193.1.99.72 to 193.1.99.126) to allow for setup for more servers on those ip's (need to download updates and packages).
I have a few servers I plan to setup over the next two weeks, one after another as the later ones depend on earlier ones.
In such a case asking for permission for each individual IP would induce several tickets and a few weeks of paperwork going through change control.
Only a few of these sevices will need inbound ports opened on ITD's firewall, which can be requested when the systems are up, running and secured."
SKYNET_FIREWALL_00013,Add,i23-05-18_249,Complete,All,-,193.1.99.76,SKYNET00009,"143, 993, 587, 465",-,Email Server
SKYNET_FIREWALL_00014,Add,i23-06-19_525,Complete,All,-,193.1.99.76,SKYNET00009,"80, 443, 25",-,"Mailserver here, SPF, DKIM and DMARC are all set up"
SKYNET_FIREWALL_00015,Add,i23-06-19_525,Complete,All,-,193.1.99.79,SKYNET00011,"80, 443",-,Main Skynet webserver
SKYNET_FIREWALL_00016,Add,i23-06-30_024,Complete,All,-,193.1.96.165,SKYNET00012,22,-,"Skynet user's server
Outlet is 131 or 132"
SKYNET_FIREWALL_00017,Add,i23-06-30_024,Complete,193.1.96.165,SKYNET00012,193.1.99.120,SKYNET00002,-,53,Allow Skynet server to use our own internal DNS
SKYNET_FIREWALL_00018,Add,i23-06-30_024,Complete,193.1.96.165,SKYNET00012,193.1.99.74,SKYNET00007,389/636,-,Allow Skynet server to access LDAP
,Add,i23-07-28_010,Denied,All,-,193.1.99.74,SKYNET00007,"80, 443",-,Self Service site for Skynet accounts Only 443 on account modification pages
SKYNET_FIREWALL_00019,Add,i23-07-28_010,Complete,All,-,193.1.99.74,SKYNET00007,443,-,Self Service site for Skynet accounts
SKYNET_FIREWALL_00020,Add,i23-09-05_639,Complete,All,-,193.1.96.165,SKYNET00012,"80, 443",-,Web hosting for user sites
SKYNET_FIREWALL_00021,Add,i23-10-27_014,Complete,All,-,193.1.99.77,SKYNET00014,"80, 443",-,"Nextcloud, selfhosted google services, filestorage and documents"
SKYNET_FIREWALL_00022,Add,i24-02-01_102,Complete,193.1.96.165,SKYNET00012,103.1.99.109,SKYNET00004,-,53,Give the Skynet server access to ur secondary DNS
SKYNET_FIREWALL_00023,Add,i24-02-01_102,Complete,193.1.99.78,SKYNET00010,193.1.96.165,SKYNET00012,22,-,Allow our gitlab runner to access and deploy to teh external server
SKYNET_FIREWALL_00024,Add,i24-02-16_065,Complete,All,-,193.1.99.90,SKYNET00016,"80, 443",-,Games Server Administrative panel
SKYNET_FIREWALL_00025,Add,i24-02-16_065,Complete,All,-,193.1.99.91,SKYNET00017,25518-25525,"19132, 24418-24425",Minecraft Games server
SKYNET_FIREWALL_00026,Add,i24-06-04_017,Complete,All,-,193.1.99.76,SKYNET00009,4190,-,"Email sieve to allow members to add email filters to their
skynet mail."
SKYNET_FIREWALL_00027,Add,i24-06-04_017,Complete,All,-,193.1.99.82,SKYNET00018,80/443,-,"Public services such as a binary cache, open governance and keyserver"
,Add,i24-06-04_017,Denied,All,-,193.1.99.90,SKYNET00016,8080,-,"Websocket for admin panel on games management server
Denied because more information on wat it was for was requested"
,Add,i24-06-04_017,Denied,193.1.99.74,SKYNET00007,193.1.96.165,SKYNET00012,9000-9020,-,"Metrics collection, not done because not enough info provided"
SKYNET_FIREWALL_00028,Remove,i24-06-04_017,Complete,-,-,193.1.99.112,SKYNET00019,25565,-,No longer the minecraft game host
SKYNET_FIREWALL_00029,Add,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Websocket for admin panel on games management server
SKYNET_FIREWALL_00030,Add,i24-06-04_017,Complete,193.1.99.83,SKYNET00020,193.1.96.165,SKYNET00012,9000-9010,-,Metrics Collection
SKYNET_FIREWALL_00031,Add,i24-06-04_017,Complete,All,-,193.1.99.83,SKYNET00020,"80, 443",-,Web interface for Metrics server
SKYNET_FIREWALL_00032,Remove,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Had incorrectly opened 8080 on the main panel
SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server
,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet'
1 Rule Action Ticket Status Source_IP Source_Server Destination_IP Destination_Server Port_TCP Port_UDP Notes
2 SKYNET_FIREWALL_00000 Add Complete VPN - 93.1.99.71 - 193.1.99.126 All 22 - sftp/ssh required from vpn to servers for admins
3 SKYNET_FIREWALL_00001 Add Complete All - 193.1.99.109 SKYNET00004 - 53 Nameserver for skynet.ie
4 SKYNET_FIREWALL_00002 Add Complete All - 193.1.99.111 SKYNET00005 80, 443, 8000 - ULFM, http(s) for internet streaming, 8000 for connecting to the server.
5 SKYNET_FIREWALL_00003 Add Complete All - 193.1.99.112 SKYNET00006 80, 443, 25565 - Games host, Minecraft uses 25565 (will have more ports in the future)
6 SKYNET_FIREWALL_00004 Add Complete All - 193.1.99.120 SKYNET00002 - 53 Nameserver for skynet.ie
7 SKYNET_FIREWALL_00005 Add i23-01-19_681 Complete 193.1.99.72 SKYNET00001 All - - - Allow outbound access
8 SKYNET_FIREWALL_00006 Add i23-01-19_681 Complete 193.1.99.75 SKYNET00008 All - - - Allow outbound access
9 SKYNET_FIREWALL_00007 Add i23-01-19_681 Complete 193.1.99.109 SKYNET00004 All - - - Allow outbound access
10 SKYNET_FIREWALL_00008 Add i23-01-19_681 Complete 193.1.99.111 SKYNET00005 All - - - Allow outbound access
11 SKYNET_FIREWALL_00009 Add i23-01-19_681 Complete 193.1.99.112 SKYNET00006 All - - - Allow outbound access
12 SKYNET_FIREWALL_00010 Add i23-01-19_681 Complete 193.1.99.120 SKYNET00002 All - - - Allow outbound access
13 SKYNET_FIREWALL_00011 Add i23-05-18_249 Complete All - 193.1.99.75 SKYNET00008 80, 443 - For gitlab Access
14 SKYNET_FIREWALL_00012 Add i23-05-18_249 Complete 193.1.99.72 - 193.1.99.126 - All - - - I would also like to extend the outbound access to cover our entire range (193.1.99.72 to 193.1.99.126) to allow for setup for more servers on those ip's (need to download updates and packages). I have a few servers I plan to setup over the next two weeks, one after another as the later ones depend on earlier ones. In such a case asking for permission for each individual IP would induce several tickets and a few weeks of paperwork going through change control. Only a few of these sevices will need inbound ports opened on ITD's firewall, which can be requested when the systems are up, running and secured.
15 SKYNET_FIREWALL_00013 Add i23-05-18_249 Complete All - 193.1.99.76 SKYNET00009 143, 993, 587, 465 - Email Server
16 SKYNET_FIREWALL_00014 Add i23-06-19_525 Complete All - 193.1.99.76 SKYNET00009 80, 443, 25 - Mailserver here, SPF, DKIM and DMARC are all set up
17 SKYNET_FIREWALL_00015 Add i23-06-19_525 Complete All - 193.1.99.79 SKYNET00011 80, 443 - Main Skynet webserver
18 SKYNET_FIREWALL_00016 Add i23-06-30_024 Complete All - 193.1.96.165 SKYNET00012 22 - Skynet user's server Outlet is 131 or 132
19 SKYNET_FIREWALL_00017 Add i23-06-30_024 Complete 193.1.96.165 SKYNET00012 193.1.99.120 SKYNET00002 - 53 Allow Skynet server to use our own internal DNS
20 SKYNET_FIREWALL_00018 Add i23-06-30_024 Complete 193.1.96.165 SKYNET00012 193.1.99.74 SKYNET00007 389/636 - Allow Skynet server to access LDAP
21 Add i23-07-28_010 Denied All - 193.1.99.74 SKYNET00007 80, 443 - Self Service site for Skynet accounts – Only 443 on account modification pages
22 SKYNET_FIREWALL_00019 Add i23-07-28_010 Complete All - 193.1.99.74 SKYNET00007 443 - Self Service site for Skynet accounts
23 SKYNET_FIREWALL_00020 Add i23-09-05_639 Complete All - 193.1.96.165 SKYNET00012 80, 443 - Web hosting for user sites
24 SKYNET_FIREWALL_00021 Add i23-10-27_014 Complete All - 193.1.99.77 SKYNET00014 80, 443 - Nextcloud, selfhosted google services, filestorage and documents
25 SKYNET_FIREWALL_00022 Add i24-02-01_102 Complete 193.1.96.165 SKYNET00012 103.1.99.109 SKYNET00004 - 53 Give the Skynet server access to ur secondary DNS
26 SKYNET_FIREWALL_00023 Add i24-02-01_102 Complete 193.1.99.78 SKYNET00010 193.1.96.165 SKYNET00012 22 - Allow our gitlab runner to access and deploy to teh external server
27 SKYNET_FIREWALL_00024 Add i24-02-16_065 Complete All - 193.1.99.90 SKYNET00016 80, 443 - Games Server Administrative panel
28 SKYNET_FIREWALL_00025 Add i24-02-16_065 Complete All - 193.1.99.91 SKYNET00017 25518-25525 19132, 24418-24425 Minecraft Games server
29 SKYNET_FIREWALL_00026 Add i24-06-04_017 Complete All - 193.1.99.76 SKYNET00009 4190 - Email sieve to allow members to add email filters to their skynet mail.
30 SKYNET_FIREWALL_00027 Add i24-06-04_017 Complete All - 193.1.99.82 SKYNET00018 80/443 - Public services such as a binary cache, open governance and keyserver
31 Add i24-06-04_017 Denied All - 193.1.99.90 SKYNET00016 8080 - Websocket for admin panel on games management server Denied because more information on wat it was for was requested
32 Add i24-06-04_017 Denied 193.1.99.74 SKYNET00007 193.1.96.165 SKYNET00012 9000-9020 - Metrics collection, not done because not enough info provided
33 SKYNET_FIREWALL_00028 Remove i24-06-04_017 Complete - - 193.1.99.112 SKYNET00019 25565 - No longer the minecraft game host
34 SKYNET_FIREWALL_00029 Add i24-06-04_017 Complete All - 193.1.99.90 SKYNET00016 8080 - Websocket for admin panel on games management server
35 SKYNET_FIREWALL_00030 Add i24-06-04_017 Complete 193.1.99.83 SKYNET00020 193.1.96.165 SKYNET00012 9000-9010 - Metrics Collection
36 SKYNET_FIREWALL_00031 Add i24-06-04_017 Complete All - 193.1.99.83 SKYNET00020 80, 443 - Web interface for Metrics server
37 SKYNET_FIREWALL_00032 Remove i24-06-04_017 Complete All - 193.1.99.90 SKYNET00016 8080 - Had incorrectly opened 8080 on the main panel
38 SKYNET_FIREWALL_00033 Add i24-06-04_017 Complete All - 193.1.99.91 SKYNET00017 8080 - Websocket for admin panel on games management server
39 Add i24-07-15_112 Denied 193.1.99.75 - - - 22 - Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet'

22
ITD/Server_Inventory.csv Normal file
View file

@ -0,0 +1,22 @@
Index,Name,Status,IP_Address,OS,Description
SKYNET00001,agentjones,Active,193.1.99.72,Nixos-24.05,Firewall (currently not active)
SKYNET00002,vendetta,Active,193.1.99.120,Nixos-24.05,DNS Nameserver 1
SKYNET00003,jarvis,Active,193.1.99.73,Nixos-24.05,VM Host
SKYNET00004,vigil,Active,193.1.99.109,Nixos-24.05,DNS Nameserver 2
SKYNET00005,galatea,Active,193.1.99.111,Nixos-24.05,ULFM Radio
SKYNET00006,optimus,Retired,193.1.99.112,Nixos-24.05,Retired Games server
SKYNET00007,kitt,Active,193.1.99.74,Nixos-24.05,"LDAP and Self-Service Password/Account management, also hosts our Discord bot"
SKYNET00008,glados,Active,193.1.99.75,Nixos-24.05,Gitlab server
SKYNET00009,gir,Active,193.1.99.76,Nixos-24.05,Email and Webmail
SKYNET00010,wheatly,Active,193.1.99.78,Nixos-24.05,Gitlab Runner
SKYNET00011,earth,Active,193.1.99.79,Nixos-24.05,Offical website host
SKYNET00012,skynet,Active,193.1.96.165,Nixos-24.05,Skynet server. (DMZ)
SKYNET00013,neuromancer,Active,193.1.99.80,Nixos-24.05,Local Backup Server
SKYNET00014,cadie,Active,193.1.99.77,Nixos-24.05,"Services VM, has nextcloud to start with"
SKYNET00015,marvin,Active,193.1.99.81,Nixos-24.05,Trainee testing server
SKYNET00016,optimus,Active,193.1.99.90,Debian-12,Games server manager (replacing SKYNET00006 soon)
SKYNET00017,bumblebee,Active,193.1.99.91,Debian-12,Game server - Minecraft
SKYNET00018,calculon,Active,193.1.99.82,Nixos-24.05,"Public Services such as binary cache, Open Governance and Keyserver"
SKYNET00019,deepthought,Active,193.1.99.112,Nixos-24.05,Backup Test Server using restic
SKYNET00020,ariia,Active,193.1.99.83,Nixos-24.05,"Metrics, Grafana and Prometheus"
SKYNET00021,ash,Active,193.1.99.114,NA,Server Room Network access
1 Index Name Status IP_Address OS Description
2 SKYNET00001 agentjones Active 193.1.99.72 Nixos-24.05 Firewall (currently not active)
3 SKYNET00002 vendetta Active 193.1.99.120 Nixos-24.05 DNS Nameserver 1
4 SKYNET00003 jarvis Active 193.1.99.73 Nixos-24.05 VM Host
5 SKYNET00004 vigil Active 193.1.99.109 Nixos-24.05 DNS Nameserver 2
6 SKYNET00005 galatea Active 193.1.99.111 Nixos-24.05 ULFM Radio
7 SKYNET00006 optimus Retired 193.1.99.112 Nixos-24.05 Retired Games server
8 SKYNET00007 kitt Active 193.1.99.74 Nixos-24.05 LDAP and Self-Service Password/Account management, also hosts our Discord bot
9 SKYNET00008 glados Active 193.1.99.75 Nixos-24.05 Gitlab server
10 SKYNET00009 gir Active 193.1.99.76 Nixos-24.05 Email and Webmail
11 SKYNET00010 wheatly Active 193.1.99.78 Nixos-24.05 Gitlab Runner
12 SKYNET00011 earth Active 193.1.99.79 Nixos-24.05 Offical website host
13 SKYNET00012 skynet Active 193.1.96.165 Nixos-24.05 Skynet server. (DMZ)
14 SKYNET00013 neuromancer Active 193.1.99.80 Nixos-24.05 Local Backup Server
15 SKYNET00014 cadie Active 193.1.99.77 Nixos-24.05 Services VM, has nextcloud to start with
16 SKYNET00015 marvin Active 193.1.99.81 Nixos-24.05 Trainee testing server
17 SKYNET00016 optimus Active 193.1.99.90 Debian-12 Games server manager (replacing SKYNET00006 soon)
18 SKYNET00017 bumblebee Active 193.1.99.91 Debian-12 Game server - Minecraft
19 SKYNET00018 calculon Active 193.1.99.82 Nixos-24.05 Public Services such as binary cache, Open Governance and Keyserver
20 SKYNET00019 deepthought Active 193.1.99.112 Nixos-24.05 Backup Test Server using restic
21 SKYNET00020 ariia Active 193.1.99.83 Nixos-24.05 Metrics, Grafana and Prometheus
22 SKYNET00021 ash Active 193.1.99.114 NA Server Room Network access

6
ITD/VPN_Admins.csv Normal file
View file

@ -0,0 +1,6 @@
Index,First Name,Surname,UL Student Email
SKYNET_VPN_ADM_001,Brendan,Golden,12136891@studentmail.ul.ie
SKYNET_VPN_ADM_002,Evan,Cassidy,External
SKYNET_VPN_ADM_003,Eoghan,Conlon,21310262@studentmail.ul.ie
SKYNET_VPN_ADM_004,Eliza,Macovei,23382619@studentmail.ul.ie
SKYNET_VPN_ADM_005,Daragh,Downes,22351159@studentmail.ul.ie
1 Index First Name Surname UL Student Email
2 SKYNET_VPN_ADM_001 Brendan Golden 12136891@studentmail.ul.ie
3 SKYNET_VPN_ADM_002 Evan Cassidy External
4 SKYNET_VPN_ADM_003 Eoghan Conlon 21310262@studentmail.ul.ie
5 SKYNET_VPN_ADM_004 Eliza Macovei 23382619@studentmail.ul.ie
6 SKYNET_VPN_ADM_005 Daragh Downes 22351159@studentmail.ul.ie

View file

@ -0,0 +1,7 @@
Date,Date Modified,Action,Ticket,ID
SKYNET_VPN_ADM_CHANGE_001,2023/04/04,Added,,SKYNET_VPN_ADM_001
SKYNET_VPN_ADM_CHANGE_002,2023/04/04,Added,,SKYNET_VPN_ADM_002
SKYNET_VPN_ADM_CHANGE_003,2023/04/04,Added,,SKYNET_VPN_ADM_003
SKYNET_VPN_ADM_CHANGE_003,2024/07/21,Removed,i24-07-22_760,SKYNET_VPN_ADM_003
SKYNET_VPN_ADM_CHANGE_004,2024/07/21,Added,i24-07-22_760,SKYNET_VPN_ADM_004
SKYNET_VPN_ADM_CHANGE_005,2024/07/21,Added,i24-07-22_760,SKYNET_VPN_ADM_005
1 Date Date Modified Action Ticket ID
2 SKYNET_VPN_ADM_CHANGE_001 2023/04/04 Added SKYNET_VPN_ADM_001
3 SKYNET_VPN_ADM_CHANGE_002 2023/04/04 Added SKYNET_VPN_ADM_002
4 SKYNET_VPN_ADM_CHANGE_003 2023/04/04 Added SKYNET_VPN_ADM_003
5 SKYNET_VPN_ADM_CHANGE_003 2024/07/21 Removed i24-07-22_760 SKYNET_VPN_ADM_003
6 SKYNET_VPN_ADM_CHANGE_004 2024/07/21 Added i24-07-22_760 SKYNET_VPN_ADM_004
7 SKYNET_VPN_ADM_CHANGE_005 2024/07/21 Added i24-07-22_760 SKYNET_VPN_ADM_005

View file

@ -1,19 +0,0 @@
Index,Status,Name,IP_Address,DNS_Name,Ports TCP,Ports UDP,Tunnel,Ports_Requested,Related_Tickets,Description
SKYNET00001,Active,agentjones,193.1.99.72,agentjones,,,,,,Firewall (currently not active)
SKYNET00002,Active,vendetta,193.1.99.120,vendetta/ns1,,53,,,,DNS Nameserver 1
SKYNET00003,Active,jarvis,193.1.99.73,jarvis,,,,,,VM Host
SKYNET00004,Active,vigil,193.1.99.109,vigil/ns2,,53,,,,DNS Nameserver 2
SKYNET00005,Active,galatea,193.1.99.111,galatea/stream,80/443 8000,,,,,ULFM Radio
SKYNET00006,Retired,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,,,,,Retired Games server
SKYNET00007,Active,kitt,193.1.99.74,kitt/account/api.account,443,,,-> skynet:9000-9020,i23-07-28_010,"LDAP and Self-Service Password/Account management, also hosts our Discord bot"
SKYNET00008,Active,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,,,,i23-05-18_249,Gitlab server
SKYNET00009,Active,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,,,4190,i23-06-19_525/i23-06-19_525,Email and Webmail
SKYNET00010,Active,wheatly,193.1.99.78,wheatly,,,-> skynet:22,,,Gitlab Runner
SKYNET00011,Active,earth,193.1.99.79,earth,80/443,,,,i23-06-19_525,Offical website host
SKYNET00012,Active,skynet,193.1.96.165,skynet/*.users,22 80/443,,,,i23-06-30_024,Skynet server. (DMZ)
SKYNET00013,Active,neuromancer,193.1.99.80,neuromancer,,,,,,Local Backup Server
SKYNET00014,Active,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,80/443,,,,i23-10-27_014,"Services VM, has nextcloud to start with"
SKYNET00015,Active,marvin,193.1.99.81,marvin,,,,,,Trainee testing server
SKYNET00016,Active,optimus,193.1.99.90,,80/443,,,8080,i24-02-16_065,Games server manager (replacing SKYNET00006 soon)
SKYNET00017,Active,bumblebee,193.1.99.91,,25518-25525,19132 24418-24425,,,i24-02-16_065,Game server - Minecraft
SKYNET00018,Active,calculon,193.1.99.82,,,,,80/443,,"Public Services such as binary cache, Open Governance and Keyserver"
1 Index Status Name IP_Address DNS_Name Ports TCP Ports UDP Tunnel Ports_Requested Related_Tickets Description
2 SKYNET00001 Active agentjones 193.1.99.72 agentjones Firewall (currently not active)
3 SKYNET00002 Active vendetta 193.1.99.120 vendetta/ns1 53 DNS Nameserver 1
4 SKYNET00003 Active jarvis 193.1.99.73 jarvis VM Host
5 SKYNET00004 Active vigil 193.1.99.109 vigil/ns2 53 DNS Nameserver 2
6 SKYNET00005 Active galatea 193.1.99.111 galatea/stream 80/443 8000 ULFM Radio
7 SKYNET00006 Retired optimus 193.1.99.112 optimus/games/*.games 80/443 25565 Retired Games server
8 SKYNET00007 Active kitt 193.1.99.74 kitt/account/api.account 443 -> skynet:9000-9020 i23-07-28_010 LDAP and Self-Service Password/Account management, also hosts our Discord bot
9 SKYNET00008 Active glados 193.1.99.75 glados/gitlab/*.pages.gitlab 80/443 i23-05-18_249 Gitlab server
10 SKYNET00009 Active gir 193.1.99.76 gir/mail/imap/pop3/smtp 80/443 25/143/993/587/465 4190 i23-06-19_525/i23-06-19_525 Email and Webmail
11 SKYNET00010 Active wheatly 193.1.99.78 wheatly -> skynet:22 Gitlab Runner
12 SKYNET00011 Active earth 193.1.99.79 earth 80/443 i23-06-19_525 Offical website host
13 SKYNET00012 Active skynet 193.1.96.165 skynet/*.users 22 80/443 i23-06-30_024 Skynet server. (DMZ)
14 SKYNET00013 Active neuromancer 193.1.99.80 neuromancer Local Backup Server
15 SKYNET00014 Active cadie 193.1.99.77 cadie/nextcloud/onlyoffice.nextcloud 80/443 i23-10-27_014 Services VM, has nextcloud to start with
16 SKYNET00015 Active marvin 193.1.99.81 marvin Trainee testing server
17 SKYNET00016 Active optimus 193.1.99.90 80/443 8080 i24-02-16_065 Games server manager (replacing SKYNET00006 soon)
18 SKYNET00017 Active bumblebee 193.1.99.91 25518-25525 19132 24418-24425 i24-02-16_065 Game server - Minecraft
19 SKYNET00018 Active calculon 193.1.99.82 80/443 Public Services such as binary cache, Open Governance and Keyserver

9
LICENSE Normal file
View file

@ -0,0 +1,9 @@
MIT License
Copyright (c) 2024 Skynet
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

View file

@ -1,5 +1,6 @@
https://web.archive.org/web/20180815150202/https://wiki.skynet.ie/Admin/SkynetMachines https://web.archive.org/web/20180815150202/https://wiki.skynet.ie/Admin/SkynetMachines
https://en.m.wikipedia.org/wiki/Category:Fictional_artificial_intelligences https://en.m.wikipedia.org/wiki/Category:Fictional_artificial_intelligences
https://en.wikipedia.org/wiki/List_of_artificial_intelligence_films
* agentsmith * agentsmith
* skynet * skynet

View file

@ -9,9 +9,24 @@ with lib; let
cfg = config.services.skynet; cfg = config.services.skynet;
in { in {
imports = [ imports = [
# every server needs to have a dns record
./dns/dns.nix
# every server should have proper certs
./acme.nix ./acme.nix
./dns.nix
./nginx.nix ./nginx.nix
# every server may need the firewall config stuff
./firewall.nix
# every server needs teh ldap client for admins
./ldap/client.nix
# every server will need the config to backup to
./restic.nix
# every server will be monitored for grafana
./prometheus.nix
]; ];
options.services.skynet = { options.services.skynet = {

View file

@ -10,7 +10,6 @@ with lib; let
cfg = config.services.skynet."${name}"; cfg = config.services.skynet."${name}";
in { in {
imports = [ imports = [
./dns.nix
./nginx.nix ./nginx.nix
./games/minecraft.nix ./games/minecraft.nix
]; ];

View file

@ -13,10 +13,6 @@ with lib; let
short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
in { in {
imports = [ imports = [
../acme.nix
../dns.nix
../firewall.nix
../nginx.nix
inputs.arion.nixosModules.arion inputs.arion.nixosModules.arion
]; ];

View file

@ -32,15 +32,15 @@ in {
defaults = { defaults = {
email = "admin_acme@skynet.ie"; email = "admin_acme@skynet.ie";
credentialsFile = config.age.secrets.acme.path;
# we use our own dns authorative server for verifying we own the domain. # we use our own dns authorative server for verifying we own the domain.
dnsProvider = "rfc2136"; dnsProvider = "rfc2136";
credentialsFile = config.age.secrets.acme.path;
}; };
certs = { certs = {
"skynet" = { "skynet" = {
domain = "skynet.ie"; domain = "skynet.ie";
extraDomainNames = cfg.domains; extraDomainNames = lists.naturalSort cfg.domains;
}; };
}; };
}; };

View file

@ -1,324 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.bitwarden-directory-connector-cli;
in {
disabledModules = ["services/security/bitwarden-directory-connector-cli.nix"];
options.services.bitwarden-directory-connector-cli = {
enable = mkEnableOption "Bitwarden Directory Connector";
package = mkPackageOption pkgs "bitwarden-directory-connector-cli" {};
domain = mkOption {
type = types.str;
description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessible on.";
example = "https://vaultwarden.example.com";
};
user = mkOption {
type = types.str;
description = lib.mdDoc "User to run the program.";
default = "bwdc";
};
interval = mkOption {
type = types.str;
default = "*:0,15,30,45";
description = lib.mdDoc "The interval when to run the connector. This uses systemd's OnCalendar syntax.";
};
ldap = mkOption {
description = lib.mdDoc ''
Options to configure the LDAP connection.
If you used the desktop application to test the configuration you can find the settings by searching for `ldap` in `~/.config/Bitwarden\ Directory\ Connector/data.json`.
'';
default = {};
type = types.submodule ({
config,
options,
...
}: {
freeformType = types.attrsOf (pkgs.formats.json {}).type;
config.finalJSON = builtins.toJSON (removeAttrs config (filter (x: x == "finalJSON" || ! options.${x}.isDefined or false) (attrNames options)));
options = {
finalJSON = mkOption {
type = (pkgs.formats.json {}).type;
internal = true;
readOnly = true;
visible = false;
};
ssl = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether to use TLS.";
};
startTls = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether to use STARTTLS.";
};
hostname = mkOption {
type = types.str;
description = lib.mdDoc "The host the LDAP is accessible on.";
example = "ldap.example.com";
};
port = mkOption {
type = types.port;
default = 389;
description = lib.mdDoc "Port LDAP is accessible on.";
};
ad = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether the LDAP Server is an Active Directory.";
};
pagedSearch = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether the LDAP server paginates search results.";
};
rootPath = mkOption {
type = types.str;
description = lib.mdDoc "Root path for LDAP.";
example = "dc=example,dc=com";
};
username = mkOption {
type = types.str;
description = lib.mdDoc "The user to authenticate as.";
example = "cn=admin,dc=example,dc=com";
};
};
});
};
sync = mkOption {
description = lib.mdDoc ''
Options to configure what gets synced.
If you used the desktop application to test the configuration you can find the settings by searching for `sync` in `~/.config/Bitwarden\ Directory\ Connector/data.json`.
'';
default = {};
type = types.submodule ({
config,
options,
...
}: {
freeformType = types.attrsOf (pkgs.formats.json {}).type;
config.finalJSON = builtins.toJSON (removeAttrs config (filter (x: x == "finalJSON" || ! options.${x}.isDefined or false) (attrNames options)));
options = {
finalJSON = mkOption {
type = (pkgs.formats.json {}).type;
internal = true;
readOnly = true;
visible = false;
};
removeDisabled = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc "Remove users from bitwarden groups if no longer in the ldap group.";
};
overwriteExisting = mkOption {
type = types.bool;
default = false;
description =
lib.mdDoc "Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details.";
};
largeImport = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Enable if you are syncing more than 2000 users/groups.";
};
memberAttribute = mkOption {
type = types.str;
description = lib.mdDoc "Attribute that lists members in a LDAP group.";
example = "uniqueMember";
};
creationDateAttribute = mkOption {
type = types.str;
description = lib.mdDoc "Attribute that lists a user's creation date.";
example = "whenCreated";
};
useEmailPrefixSuffix = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "If a user has no email address, combine a username prefix with a suffix value to form an email.";
};
emailPrefixAttribute = mkOption {
type = types.str;
description = lib.mdDoc "The attribute that contains the users username.";
example = "accountName";
};
emailSuffix = mkOption {
type = types.str;
description = lib.mdDoc "Suffix for the email, normally @example.com.";
example = "@example.com";
};
users = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Sync users.";
};
userPath = mkOption {
type = types.str;
description = lib.mdDoc "User directory, relative to root.";
default = "ou=users";
};
userObjectClass = mkOption {
type = types.str;
description = lib.mdDoc "Class that users must have.";
default = "inetOrgPerson";
};
userEmailAttribute = mkOption {
type = types.str;
description = lib.mdDoc "Attribute for a users email.";
default = "mail";
};
userFilter = mkOption {
type = types.str;
description = lib.mdDoc "LDAP filter for users.";
example = "(memberOf=cn=sales,ou=groups,dc=example,dc=com)";
default = "";
};
groups = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether to sync ldap groups into BitWarden.";
};
groupPath = mkOption {
type = types.str;
description = lib.mdDoc "Group directory, relative to root.";
default = "ou=groups";
};
groupObjectClass = mkOption {
type = types.str;
description = lib.mdDoc "A class that groups will have.";
default = "groupOfNames";
};
groupNameAttribute = mkOption {
type = types.str;
description = lib.mdDoc "Attribute for a name of group.";
default = "cn";
};
groupFilter = mkOption {
type = types.str;
description = lib.mdDoc "LDAP filter for groups.";
example = "(cn=sales)";
default = "";
};
};
});
};
secrets = {
ldap = mkOption {
type = types.str;
description = "Path to file that contains LDAP password for user in {option}`ldap.username";
};
bitwarden = {
client_path_id = mkOption {
type = types.str;
description = "Path to file that contains Client ID.";
};
client_path_secret = mkOption {
type = types.str;
description = "Path to file that contains Client Secret.";
};
};
};
};
config = mkIf cfg.enable {
users.groups."${cfg.user}" = {};
users.users."${cfg.user}" = {
isSystemUser = true;
group = cfg.user;
};
systemd = {
timers.bitwarden-directory-connector-cli = {
description = "Sync timer for Bitwarden Directory Connector";
wantedBy = ["timers.target"];
after = ["network-online.target"];
timerConfig = {
OnCalendar = cfg.interval;
Unit = "bitwarden-directory-connector-cli.service";
Persistent = true;
};
};
services.bitwarden-directory-connector-cli = {
description = "Main process for Bitwarden Directory Connector";
environment = {
BITWARDENCLI_CONNECTOR_APPDATA_DIR = "/tmp";
BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS = "true";
};
serviceConfig = {
Type = "oneshot";
User = "${cfg.user}";
PrivateTmp = true;
ExecStartPre = pkgs.writeShellScript "bitwarden_directory_connector-config" ''
set -eo pipefail
# create the config file
${lib.getExe cfg.package} data-file
touch /tmp/data.json.tmp
chmod 600 /tmp/data.json{,.tmp}
${lib.getExe cfg.package} config server ${cfg.domain}
# now login to set credentials
export BW_CLIENTID="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_id})"
export BW_CLIENTSECRET="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_secret})"
${lib.getExe cfg.package} login
${lib.getExe pkgs.jq} '.authenticatedAccounts[0] as $account
| .[$account].directoryConfigurations.ldap |= $ldap_data
| .[$account].directorySettings.organizationId |= $orgID
| .[$account].directorySettings.sync |= $sync_data' \
--argjson ldap_data ${escapeShellArg cfg.ldap.finalJSON} \
--arg orgID "''${BW_CLIENTID//organization.}" \
--argjson sync_data ${escapeShellArg cfg.sync.finalJSON} \
/tmp/data.json \
> /tmp/data.json.tmp
mv -f /tmp/data.json.tmp /tmp/data.json
# final config
${lib.getExe cfg.package} config directory 0
${lib.getExe cfg.package} config ldap.password --secretfile ${cfg.secrets.ldap}
'';
ExecStart = "${lib.getExe cfg.package} sync";
};
};
};
};
meta.maintainers = with maintainers; [Silver-Golden];
}

View file

@ -6,9 +6,7 @@
}: let }: let
user = "bwdc"; user = "bwdc";
in { in {
imports = [ imports = [];
./bitwarden-directory-connector-cli.nix
];
options = {}; options = {};

View file

@ -13,9 +13,6 @@ with lib; let
domain = "${domain_sub}.skynet.ie"; domain = "${domain_sub}.skynet.ie";
in { in {
imports = [ imports = [
../acme.nix
../dns.nix
../nginx.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

View file

@ -21,7 +21,6 @@ in {
#backups = [ "/etc/silver_ul_ical/database.db" ]; #backups = [ "/etc/silver_ul_ical/database.db" ];
age.secrets.discord_token.file = ../secrets/discord/token.age; age.secrets.discord_token.file = ../secrets/discord/token.age;
age.secrets.discord_ldap.file = ../secrets/discord/ldap.age;
age.secrets.discord_mail.file = ../secrets/email/details.age; age.secrets.discord_mail.file = ../secrets/email/details.age;
age.secrets.discord_wolves.file = ../secrets/wolves/details.age; age.secrets.discord_wolves.file = ../secrets/wolves/details.age;
@ -31,12 +30,9 @@ in {
env = { env = {
discord = config.age.secrets.discord_token.path; discord = config.age.secrets.discord_token.path;
ldap = config.age.secrets.discord_ldap.path;
mail = config.age.secrets.discord_mail.path; mail = config.age.secrets.discord_mail.path;
wolves = config.age.secrets.discord_wolves.path; wolves = config.age.secrets.discord_wolves.path;
}; };
discord.server = "689189992417067052";
}; };
}; };
} }

View file

@ -3,19 +3,42 @@
pkgs, pkgs,
config, config,
nodes, nodes,
self,
... ...
}: let }: let
name = "dns"; name = "dns";
cfg = config.services.skynet."${name}"; cfg = config.services.skynet."${name}";
# reads that date to a string (will need to be fixed in 2038) # reads that date to a string (will need to be fixed in 2038)
current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}"; current_date = self.lastModified;
# this gets a list of all domains we have records for
domains = lib.lists.naturalSort (lib.lists.unique (
lib.lists.forEach records (x: x.domain)
));
# get the ip's of our servers
servers = lib.lists.naturalSort (lib.lists.unique (
lib.lists.forEach (sort_records_a_server records) (x: x.value)
));
domains_owned = [
# for historic reasons we own this
"csn.ul.ie"
# the main one we use now
"skynet.ie"
# a backup
"ulcompsoc.ie"
];
# gets a list of records that match this type # gets a list of records that match this type
filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records; filter_records_type = records: r_type: builtins.filter (x: x.r_type == r_type) records;
filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A"); # Get all the A records that are for servers (base record for them)
filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A"); filter_records_a_server = records: builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type records "A");
# Every other A record
filter_records_a = records: builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type records "A");
# These functions are to get the final 3 digits of an IP address so we can use them for reverse pointer
process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x); process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x);
process_ptr_sub = record: { process_ptr_sub = record: {
record = builtins.substring 9 3 record.record; record = builtins.substring 9 3 record.record;
@ -24,82 +47,95 @@
}; };
ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip); ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip);
sort_records_server = builtins.sort (a: b: a.record < b.record) filter_records_server; # filter and sort records so we cna group them in the right place later
sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a; sort_records_a_server = records: builtins.sort (a: b: a.record < b.record) (filter_records_a_server records);
sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME"); sort_records_a = records: builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) (filter_records_a records);
sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR")); sort_records_cname = records: builtins.sort (a: b: a.value < b.value) (filter_records_type records "CNAME");
sort_records_srv = builtins.sort (a: b: a.record < b.record) (filter_records_type "SRV"); sort_records_ptr = records: builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type records "PTR"));
sort_records_srv = records: builtins.sort (a: b: a.record < b.record) (filter_records_type records "SRV");
format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records; # a tad overkill but type guarding is useful
max = x: y:
assert builtins.isInt x;
assert builtins.isInt y;
if x < y
then y
else x;
# small function to trim it down a tad # get teh max length of a list of strings
max_len = records: lib.lists.foldr (a: b: (max a b)) 0 (lib.lists.forEach records (record: lib.strings.stringLength record.record));
# Now that we can get teh max lenth of a list of strings
# we can pad it out to the max len +1
# this is so that teh generated file is easier for a human to read
format_records = records: let
offset = (max_len records) + 1;
in
lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records;
# small function to add spaces until it reaches teh required length
padString = text: length: fixedWidthString_post length " " text; padString = text: length: fixedWidthString_post length " " text;
# like lib.strings.fixedWidthString but postfix # like lib.strings.fixedWidthString but postfix
# recursive function to extend a string up to a limit
fixedWidthString_post = width: filler: str: let fixedWidthString_post = width: filler: str: let
strw = lib.stringLength str; strw = lib.stringLength str;
reqWidth = width - (lib.stringLength filler); reqWidth = width - (lib.stringLength filler);
in in
# this is here because we were manually setting teh length, now max_len does that for us
assert lib.assertMsg (strw <= width) "fixedWidthString_post: requested string length (${toString width}) must not be shorter than actual length (${toString strw})"; assert lib.assertMsg (strw <= width) "fixedWidthString_post: requested string length (${toString width}) must not be shorter than actual length (${toString strw})";
if strw == width if strw == width
then str then str
else (fixedWidthString_post reqWidth filler str) + filler; else (fixedWidthString_post reqWidth filler str) + filler;
# base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie) # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
# ";" are comments in this file
get_config_file = ( get_config_file = (
domain: '' domain: records: ''
$TTL 60 ; 1 minute $TTL 60 ; 1 minute
; hostmaster@${domain} is an email address that recieves stuff related to dns ; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${nameserver}.${domain}. hostmaster.${domain}. ( @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
${current_date} ${toString current_date}
600 ; Refresh (10 minutes) 600 ; Refresh (10 minutes)
300 ; Retry (5 minutes) 300 ; Retry (5 minutes)
604800 ; Expire (1 week) 604800 ; Expire (1 week)
3600 ; Minimum (1 hour) 3600 ; Minimum (1 hour)
) )
@ NS ns1.${domain}.
@ NS ns2.${domain}.
; @ stands for teh root domain so teh A record below is where ${domain} points to ; @ stands for teh root domain so teh A record below is where ${domain} points to
;@ A 193.1.99.76 @ NS ns1.skynet.ie.
;@ MX 5 ${domain}. @ NS ns2.skynet.ie.
; can have multiple mailserves
@ MX 10 mail.${domain}.
; ------------------------------------------ ; ------------------------------------------
; Server Names (A Records) ; Server Names (A Records)
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_server 31} ${format_records (sort_records_a_server records)}
; ------------------------------------------ ; ------------------------------------------
; A (non server names ; A (non server names
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_a 31} ${format_records (sort_records_a records)}
; ------------------------------------------ ; ------------------------------------------
; CNAMES ; CNAMES
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_cname 31} ${format_records (sort_records_cname records)}
; ------------------------------------------ ; ------------------------------------------
; TXT ; TXT
; ------------------------------------------ ; ------------------------------------------
${format_records (filter_records_type "TXT") 31} ${format_records (filter_records_type records "TXT")}
; ------------------------------------------ ; ------------------------------------------
; MX ; MX
; ------------------------------------------ ; ------------------------------------------
${format_records (filter_records_type "MX") 31} ${format_records (filter_records_type records "MX")}
; ------------------------------------------ ; ------------------------------------------
; SRV ; SRV
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_srv 65} ${format_records (sort_records_srv records)}
'' ''
); );
@ -112,7 +148,7 @@
; hostmaster@skynet.ie is an email address that recieves stuff related to dns ; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
${current_date} ${toString current_date}
600 ; Refresh (10 minutes) 600 ; Refresh (10 minutes)
300 ; Retry (5 minutes) 300 ; Retry (5 minutes)
604800 ; Expire (1 week) 604800 ; Expire (1 week)
@ -125,55 +161,37 @@
; ------------------------------------------ ; ------------------------------------------
; PTR ; PTR
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_ptr 3} ${format_records (sort_records_ptr records)}
'' ''
); );
# domains we dont have proper ownship over, only here to ensure the logs dont get cluttered. # arrays of teh two nameservers
get_config_file_old_domains = ( nameserver_1 = ["193.1.99.109"];
domain: '' nameserver_2 = ["193.1.99.120"];
$TTL 60 ; 1 minute
; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
${current_date}
600 ; Refresh (10 minutes)
300 ; Retry (5 minutes)
604800 ; Expire (1 week)
3600 ; Minimum (1 hour)
)
@ NS ns1.skynet.ie.
@ NS ns2.skynet.ie.
''
);
# arrys of teh two nameservers
tmp1 = ["193.1.99.109"];
tmp2 = ["193.1.99.120"];
primaries = ( primaries = (
if cfg.server.primary if cfg.server.primary
then then
# primary servers have no primaries (ones they listen to) # primary servers have no primaries (ones they listen to)
[] []
else if builtins.elem cfg.server.ip tmp1 else if builtins.elem cfg.server.ip nameserver_1
then tmp2 then nameserver_2
else tmp1 else nameserver_1
); );
secondaries = ( secondaries = (
if cfg.server.primary if cfg.server.primary
then then
if builtins.elem cfg.server.ip tmp1 if builtins.elem cfg.server.ip nameserver_1
then tmp2 then nameserver_2
else tmp1 else nameserver_1
else [] else []
); );
# small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router # small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router
create_cache_networks = map (x: "193.1.99.${toString x}/32") (lib.lists.range 71 126); # now limited explicitly to servers that we are administering
# See i24-09-30_050 for more information
create_cache_networks = map (x: "${toString x}/32") servers;
# standard function to create the etc file, pass in the text and domain and it makes it # standard function to create the etc file, pass in the text and domain and it makes it
create_entry_etc_sub = domain: text: { create_entry_etc_sub = domain: text: {
@ -185,27 +203,38 @@
# The UNIX file mode bits # The UNIX file mode bits
mode = "0664"; mode = "0664";
# content of the file
text = text; text = text;
}; };
}; };
# (text.owned "csn.ul.ie")
# standard function to create the etc file, pass in the text and domain and it makes it # standard function to create the etc file, pass in the text and domain and it makes it
create_entry_etc = domain: type: create_entry_etc = domain: type: let
domain_records = lib.lists.filter (x: x.domain == domain) records;
in
# this is the main type of record that most folks are used to
if type == "owned" if type == "owned"
then create_entry_etc_sub domain (text.owned domain) then create_entry_etc_sub domain (get_config_file domain domain_records)
# reverse lookups allow for using an IP to find domains pointing to it
else if type == "reverse" else if type == "reverse"
then create_entry_etc_sub domain (text.reverse domain) then create_entry_etc_sub domain (get_config_file_rev domain)
else if type == "old"
then create_entry_etc_sub domain (text.old domain)
else {}; else {};
create_entry_zone = domain: extraConfig: { create_entry_zone = domain: let
if_primary_and_owned =
if cfg.server.primary && (lib.lists.any (item: item == domain) domains_owned)
then ''
allow-update { key rfc2136key.skynet.ie.; };
dnssec-policy default;
inline-signing yes;
''
else "";
in {
"${domain}" = { "${domain}" = {
extraConfig = '' extraConfig = ''
${extraConfig} ${if_primary_and_owned}
// for bumping the config // for bumping the config
// ${current_date} // ${toString current_date}
''; '';
# really wish teh nixos config didnt use master/slave # really wish teh nixos config didnt use master/slave
master = cfg.server.primary; master = cfg.server.primary;
@ -218,69 +247,16 @@
}; };
}; };
text = {
owned = domain: get_config_file domain;
reverse = domain: get_config_file_rev domain;
old = domain: get_config_file_old_domains domain;
};
extraConfig = {
owned =
if cfg.server.primary
then ''
allow-update { key rfc2136key.skynet.ie.; };
dnssec-policy default;
inline-signing yes;
''
else "";
# no extra config for reverse
reverse = "";
old = "";
};
records = records =
config.skynet.records config.skynet.records
/*
Need to "manually" grab it from each server.
Nix is laxy evalusted so if it does not need to open a file it wont.
This is to iterate through each server (node) and evaluate the dns records for that server.
*/
++ builtins.concatLists ( ++ builtins.concatLists (
lib.attrsets.mapAttrsToList ( lib.attrsets.mapAttrsToList (
key: value: let key: value: value.config.services.skynet.dns.records
details_server = value.config.services.skynet."${name}".server;
details_records = value.config.services.skynet."${name}".records;
in
if builtins.hasAttr "dns" value.config.services.skynet
then
(
# got to handle habing a dns record for the dns serves themselves.
if details_server.enable
then
(
if details_server.primary
then
details_records
++ [
{
record = "ns1";
r_type = "A";
value = details_server.ip;
server = false;
}
]
else
details_records
++ [
{
record = "ns2";
r_type = "A";
value = details_server.ip;
server = false;
}
]
)
else details_records
)
else []
) )
nodes nodes
); );
@ -291,8 +267,7 @@
else "ns2"; else "ns2";
in { in {
imports = [ imports = [
./firewall.nix ../../config/dns.nix
../config/dns.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {
@ -316,28 +291,11 @@ in {
}; };
}; };
# mirrorred in ../config/dns.nix
records = lib.mkOption { records = lib.mkOption {
description = "Records, sorted based on therir type"; description = "Records, sorted based on therir type";
type = with lib.types; type = lib.types.listOf (lib.types.submodule (import ./options-records.nix {
listOf (submodule { inherit lib;
options = { }));
record = lib.mkOption {
type = str;
};
r_type = lib.mkOption {
type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
};
value = lib.mkOption {
type = str;
};
server = lib.mkOption {
description = "Core record for a server";
type = bool;
default = false;
};
};
});
}; };
}; };
@ -356,29 +314,40 @@ in {
"ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept" "ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept"
]; ];
services.bind.zones = services.skynet.dns.records = [
(create_entry_zone "csn.ul.ie" extraConfig.owned) {
// (create_entry_zone "skynet.ie" extraConfig.owned) record = nameserver;
// (create_entry_zone "ulcompsoc.ie" extraConfig.owned) r_type = "A";
// (create_entry_zone "64-64.99.1.193.in-addr.arpa" extraConfig.reverse) value = config.services.skynet.host.ip;
// (create_entry_zone "conradcollins.net" extraConfig.old) }
// (create_entry_zone "edelharty.net" extraConfig.old); ];
environment.etc = services.bind.zones = lib.attrsets.mergeAttrsList (
(create_entry_etc "csn.ul.ie" "owned") # uses teh domains lsited in teh records
// (create_entry_etc "skynet.ie" "owned") (lib.lists.forEach domains (domain: (create_entry_zone domain)))
// (create_entry_etc "ulcompsoc.ie" "owned") # we have to do a reverse dns
// (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse") ++ [
// (create_entry_etc "conradcollins.net" "old") (create_entry_zone "64-64.99.1.193.in-addr.arpa")
// (create_entry_etc "edelharty.net" "old"); ]
);
environment.etc = lib.attrsets.mergeAttrsList (
# uses teh domains lsited in teh records
(lib.lists.forEach domains (domain: (create_entry_etc domain "owned")))
# we have to do a reverse dns
++ [
(create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse")
]
);
# secrets required # secrets required
age.secrets.dns_dnskeys = { age.secrets.dns_dnskeys = {
file = ../secrets/dns_dnskeys.conf.age; file = ../../secrets/dns_dnskeys.conf.age;
owner = "named"; owner = "named";
group = "named"; group = "named";
}; };
# basic but ensure teh dns ports are open
networking.firewall = { networking.firewall = {
allowedTCPPorts = [53]; allowedTCPPorts = [53];
allowedUDPPorts = [53]; allowedUDPPorts = [53];

View file

@ -0,0 +1,31 @@
/*
Define the options for dns records here.
They are imported into anything that needs to use them
*/
{lib, ...}:
with lib; {
options = {
domain = lib.mkOption {
description = "Domain this record is for";
type = lib.types.str;
default = "skynet.ie";
};
record = lib.mkOption {
description = "What you want to name the subdomain.";
type = lib.types.str;
};
r_type = lib.mkOption {
description = "Type of record that this is.";
type = lib.types.enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
};
value = lib.mkOption {
description = "What the record points to, normally ip or another record.";
type = lib.types.str;
};
server = lib.mkOption {
description = "Core record for a server";
type = lib.types.bool;
default = false;
};
};
}

View file

@ -92,7 +92,7 @@ with lib; let
} }
]; ];
configFile = sieveConfigFile =
# https://doc.dovecot.org/configuration_manual/sieve/examples/#plus-addressed-mail-filtering # https://doc.dovecot.org/configuration_manual/sieve/examples/#plus-addressed-mail-filtering
pkgs.writeText "basic_sieve" pkgs.writeText "basic_sieve"
'' ''
@ -105,24 +105,36 @@ with lib; let
# this should be close to teh last step # this should be close to teh last step
if allof ( if allof (
address :localpart ["To"] ["${toString create_config_to}"], address :localpart ["To", "Cc"] ["${toString create_config_to}"],
address :domain ["To"] "skynet.ie" address :domain ["To", "Cc"] "skynet.ie"
){ ){
if address :matches ["To"] "*@skynet.ie" { if address :matches ["To", "Cc"] "*@skynet.ie" {
if header :is "X-Spam" "Yes" { if header :is "X-Spam" "Yes" {
fileinto :create "''${1}.Junk"; fileinto :create "''${1}.Junk";
stop; stop;
} else { } else {
fileinto :create "''${1}"; fileinto :create "''${1}";
stop;
}
}
}
if allof (
address :localpart ["From"] ["${toString create_config_to}"],
address :domain ["From"] "skynet.ie"
){
if address :matches ["From"] "*@skynet.ie" {
if header :is "X-Spam" "Yes" {
fileinto :create "''${1}.Junk";
stop;
} else {
fileinto :create "''${1}";
stop;
} }
} }
} }
''; '';
in { in {
imports = [ imports = [
./dns.nix
./acme.nix
./nginx.nix
inputs.simple-nixos-mailserver.nixosModule inputs.simple-nixos-mailserver.nixosModule
# for teh config # for teh config
@ -190,7 +202,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.skynet.backup.normal.backups = [ services.skynet.backup.normal.backups = [
"/var/vmail" #"/var/vmail"
"/var/dkim" "/var/dkim"
]; ];
@ -270,7 +282,16 @@ in {
}; };
# set up dns record for it # set up dns record for it
services.skynet.dns.records = [ services.skynet.dns.records =
[
# core record
{
record = "@";
r_type = "MX";
# the number is the priority in teh case of multiple mailservers
value = "10 mail.${cfg.domain}.";
}
# basic one # basic one
{ {
record = "mail"; record = "mail";
@ -295,37 +316,6 @@ in {
} }
# TXT records, all tehse are inside escaped strings to allow using "" # TXT records, all tehse are inside escaped strings to allow using ""
# SPF record
{
record = "${cfg.domain}.";
r_type = "TXT";
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} -all"'';
}
# DKIM keys
{
record = "mail._domainkey.skynet.ie.";
r_type = "TXT";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
}
{
record = "mail._domainkey.ulcompsoc.ie.";
r_type = "TXT";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
}
# DMARC
{
record = "_dmarc.${cfg.domain}.";
r_type = "TXT";
# p : quarantine => sends to spam, reject => never sent
# rua : mail that receives reports about DMARC activity
# pct : percentage of unathenticated messages that DMARC stops
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=none"'';
}
# reverse pointer # reverse pointer
{ {
@ -358,6 +348,42 @@ in {
r_type = "SRV"; r_type = "SRV";
value = "0 1 587 ${cfg.sub}.${cfg.domain}."; value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
} }
]
# SPF record
++ [
{
record = "${cfg.domain}.";
r_type = "TXT";
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"'';
}
]
# DKIM keys
++ [
{
record = "mail._domainkey.skynet.ie.";
r_type = "TXT";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
}
{
domain = "ulcompsoc.ie";
record = "mail._domainkey.ulcompsoc.ie.";
r_type = "TXT";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
}
]
# DMARC
++ [
{
record = "_dmarc.${cfg.domain}.";
r_type = "TXT";
# p : quarantine => sends to spam, reject => never sent
# rua : mail that receives reports about DMARC activity
# pct : percentage of unathenticated messages that DMARC stops
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"'';
}
]; ];
#https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html #https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html
@ -451,7 +477,40 @@ in {
}; };
services.dovecot2.sieve.scripts = { services.dovecot2.sieve.scripts = {
before = configFile; before = sieveConfigFile;
};
# This is to add a bcc to outgoing mail
# this then interacts with teh filters to put it in the right folder
# we can directly add to the postfix service here
services.postfix = let
# mostly copied from the upstream mailserver config/functions
mappedFile = name: "hash:/var/lib/postfix/conf/${name}";
sender_bcc_maps_file = let
content = lookupTableToString create_skynet_service_bcc;
in
builtins.toFile "sender_bcc_maps" content;
lookupTableToString = attrs: let
valueToString = value: lib.concatStringsSep ", " value;
in
lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name} ${valueToString value}") attrs);
# convert the mailboxes config to something that can be used here
create_skynet_email_bcc = mailbox: {
name = "${mailbox}@skynet.ie";
value = ["${mailbox}@skynet.ie"];
};
create_skynet_service_bcc = builtins.listToAttrs (map (mailbox: (create_skynet_email_bcc mailbox.account)) service_mailboxes);
in {
mapFiles."sender_bcc_maps" = sender_bcc_maps_file;
config = {
sender_bcc_maps = [
(mappedFile "sender_bcc_maps")
];
};
}; };
# tune the spam filter # tune the spam filter

View file

@ -0,0 +1,129 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
name = "forgejo";
cfg = config.services.skynet."${name}";
domain_base = "${cfg.domain.base}.${cfg.domain.tld}";
domain_full = "${cfg.domain.sub}.${domain_base}";
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Forgejo";
domain = {
tld = mkOption {
type = types.str;
default = "ie";
};
base = mkOption {
type = types.str;
default = "skynet";
};
sub = mkOption {
type = types.str;
default = name;
};
};
forgejo = {
port = mkOption {
type = types.port;
default = 3000;
};
};
};
config = mkIf cfg.enable {
# age.secrets.forgejo-mailer-password = {
# file = ../../secrets/forgejo/mailer-password.age;
# mode = "400";
# owner = "forgejo";
# };
services.skynet.acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
];
# using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide
services.skynet.dns.records = [
{
record = cfg.domain.sub;
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.nginx.virtualHosts = {
# main site
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/" = {
proxyPass = "http://localhost:${toString cfg.forgejo.port}";
extraConfig = ''
client_max_body_size 1000M;
'';
};
};
};
# for signing reasons
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.forgejo = {
enable = true;
package = pkgs.forgejo;
database.type = "sqlite3";
# Enable support for Git Large File Storage
lfs.enable = true;
settings = {
server = {
DOMAIN = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}/";
HTTP_PORT = cfg.forgejo.port;
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = true;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
# Allow for signing off merge requests
# "repository.signing" = {
# SIGNING_KEY = "5B2DED0FE9F8627A";
# SIGNING_NAME = "Skynet";
# SIGNING_EMAIL = "forgejo@glados.skynet.ie";
# MERGES = "always";
# };
# Sending emails is completely optional
# You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration
# mailer = {
# ENABLED = true;
# SMTP_ADDR = "mail.${cfg.domain.base}.${cfg.domain.tld}";
# FROM = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
# USER = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
# };
};
# mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
};
};
}

View file

@ -0,0 +1,159 @@
{
config,
pkgs,
lib,
inputs,
...
}:
with lib; let
name = "forgejo_runner";
cfg = config.services.skynet."${name}";
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet ForgeJo Runner";
runner = {
name = mkOption {
type = types.str;
default = config.networking.hostName;
};
website = mkOption {
default = "https://forgejo.skynet.ie";
type = types.str;
};
user = mkOption {
default = "gitea-runner";
type = types.str;
};
};
};
config = mkIf cfg.enable {
# https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner.
environment.systemPackages = with pkgs; [
forgejo-actions-runner
];
age.secrets.forgejo_runner_token = {
file = ../../secrets/forgejo/runners/token.age;
owner = cfg.runner.user;
group = cfg.runner.user;
};
# make sure the ssh config stuff is in teh right palce
systemd.tmpfiles.rules = [
#"d /home/${cfg.runner.user} 0755 ${cfg.runner.user} ${cfg.runner.user}"
"L+ /home/${cfg.runner.user}/.ssh/config 0755 ${cfg.runner.user} ${cfg.runner.user} - ${./ssh_config}"
];
age.secrets.forgejo_runner_ssh = {
file = ../../secrets/forgejo/runners/ssh.age;
mode = "600";
owner = "${cfg.runner.user}";
group = "${cfg.runner.user}";
symlink = false;
path = "/home/${cfg.runner.user}/.ssh/skynet/root";
};
nix = {
settings = {
trusted-users = [
# allow the runner to build nix stuff and to use the cache
"gitea-runner"
];
trusted-public-keys = [
"skynet-cache:zMFLzcRZPhUpjXUy8SF8Cf7KGAZwo98SKrzeXvdWABo="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
];
substituters = [
"https://nix-cache.skynet.ie/skynet-cache/"
"https://cache.nixos.org/"
];
trusted-substituters = [
"https://nix-cache.skynet.ie/skynet-cache/"
"https://cache.nixos.org/"
];
};
};
# very basic setup to always be watching for changes in teh cache
systemd.services.attic-uploader = {
enable = true;
serviceConfig = {
ExecStart = "${pkgs.attic-client}/bin/attic watch-store skynet-cache";
User = "root";
Restart = "always";
RestartSec = 1;
};
};
# give teh runner user a home to store teh ssh config stuff
systemd.services.gitea-runner-default.serviceConfig = {
DynamicUser = lib.mkForce false;
User = lib.mkForce cfg.runner.user;
};
users = {
groups."${cfg.runner.user}" = {};
users."${cfg.runner.user}" = {
#isSystemUser = true;
isNormalUser = true;
group = cfg.runner.user;
createHome = true;
shell = pkgs.bash;
};
};
boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1
virtualisation.docker.enable = true;
# taken from https://github.com/NixOS/nixpkgs/issues/245365#issuecomment-1663854128
virtualisation.docker.listenOptions = ["/run/docker.sock" "127.0.0.1:2375"];
# the actual runner
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = cfg.runner.name;
url = cfg.runner.website;
tokenFile = config.age.secrets.forgejo_runner_token.path;
labels = [
## optionally provide native execution on the host:
"nix:host"
"docker:docker://node:22-bookworm"
"ubuntu-latest:docker://node:22-bookworm"
];
hostPackages = with pkgs; [
# default ones
bash
coreutils
curl
gawk
git
gnused
nodejs
wget
# useful to have in path
jq
which
dpkg
zip
git-lfs
# used in deployments
inputs.colmena.defaultPackage."x86_64-linux"
attic-client
lix
openssh
sudo
];
};
};
};
}

View file

@ -12,10 +12,6 @@ with lib; let
domain_full = "${cfg.domain.sub}.${domain_base}"; domain_full = "${cfg.domain.sub}.${domain_base}";
in { in {
imports = [ imports = [
./acme.nix
./dns.nix
./firewall.nix
./nginx.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {
@ -60,32 +56,32 @@ in {
# grep -r --exclude-dir={docker,containers,log,sys,nix,proc} gitlab / # grep -r --exclude-dir={docker,containers,log,sys,nix,proc} gitlab /
age.secrets.gitlab_pw = { age.secrets.gitlab_pw = {
file = ../secrets/gitlab/pw.age; file = ../../secrets/gitlab/pw.age;
owner = cfg.user; owner = cfg.user;
group = cfg.user; group = cfg.user;
}; };
age.secrets.gitlab_secrets_db = { age.secrets.gitlab_secrets_db = {
file = ../secrets/gitlab/secrets_db.age; file = ../../secrets/gitlab/secrets_db.age;
owner = cfg.user; owner = cfg.user;
group = cfg.user; group = cfg.user;
}; };
age.secrets.gitlab_secrets_secret = { age.secrets.gitlab_secrets_secret = {
file = ../secrets/gitlab/secrets_secret.age; file = ../../secrets/gitlab/secrets_secret.age;
owner = cfg.user; owner = cfg.user;
group = cfg.user; group = cfg.user;
}; };
age.secrets.gitlab_secrets_otp = { age.secrets.gitlab_secrets_otp = {
file = ../secrets/gitlab/secrets_otp.age; file = ../../secrets/gitlab/secrets_otp.age;
owner = cfg.user; owner = cfg.user;
group = cfg.user; group = cfg.user;
}; };
age.secrets.gitlab_secrets_jws = { age.secrets.gitlab_secrets_jws = {
file = ../secrets/gitlab/secrets_jws.age; file = ../../secrets/gitlab/secrets_jws.age;
owner = cfg.user; owner = cfg.user;
group = cfg.user; group = cfg.user;
}; };
age.secrets.gitlab_db_pw = { age.secrets.gitlab_db_pw = {
file = ../secrets/gitlab/db_pw.age; file = ../../secrets/gitlab/db_pw.age;
owner = cfg.user; owner = cfg.user;
group = cfg.user; group = cfg.user;
}; };

View file

@ -0,0 +1,5 @@
Host *.skynet.ie 193.1.99.* 193.1.96.165
User root
IdentityFile ~/.ssh/skynet/root
IdentitiesOnly yes

View file

@ -1,122 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
name = "gitlab_runner";
cfg = config.services.skynet."${name}";
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Gitlab Runner";
runner = {
name = mkOption {
type = types.str;
};
gitlab = mkOption {
default = "https://gitlab.skynet.ie";
type = types.str;
};
description = mkOption {
default = cfg.runner.name;
type = types.str;
};
docker = {
image = mkOption {
default = "alpine:3.18.4";
type = types.str;
};
cleanup_dates = mkOption {
# https://man.archlinux.org/man/systemd.time.7#CALENDAR_EVENTS
# it will use a lot of storage so clear it daily, may change to hourly if required
default = "daily";
type = types.str;
};
};
};
};
config = mkIf cfg.enable {
# https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner.
environment.systemPackages = [
pkgs.gitlab-runner
];
age.secrets.runner_01_nix.file = ../secrets/gitlab/runners/runner01.age;
age.secrets.runner_02_general.file = ../secrets/gitlab/runners/runner02.age;
boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1
virtualisation.docker.enable = true;
# taken from https://github.com/NixOS/nixpkgs/issues/245365#issuecomment-1663854128
virtualisation.docker.listenOptions = ["/run/docker.sock" "127.0.0.1:2375"];
services.gitlab-runner = {
enable = true;
# clear-docker-cache = {
# enable = true;
# dates = cfg.runner.docker.cleanup_dates;
# };
services = {
# might make a function later to have multiple runners, might never need it though
runner_nix = {
cloneUrl = cfg.runner.gitlab;
description = "For Nix only";
registrationFlags = ["--docker-host" "tcp://127.0.0.1:2375"];
registrationConfigFile = config.age.secrets.runner_01_nix.path;
dockerImage = cfg.runner.docker.image;
# from https://nixos.wiki/wiki/Gitlab_runner
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix-daemon.sh
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-unstable nixpkgs # 3
${pkgs.nix}/bin/nix-channel --update nixpkgs
${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [nix cacert git openssh])}
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
tagList = ["nix"];
};
runner_general = {
cloneUrl = cfg.runner.gitlab;
description = "General Runner";
registrationFlags = ["--docker-host" "tcp://127.0.0.1:2375"];
registrationConfigFile = config.age.secrets.runner_02_general.path;
dockerImage = cfg.runner.docker.image;
};
};
};
};
}

View file

@ -9,8 +9,6 @@ with lib; let
port = 4444; port = 4444;
in { in {
imports = [ imports = [
./acme.nix
./dns.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

View file

@ -11,9 +11,6 @@ with lib; let
port_backend = "8087"; port_backend = "8087";
in { in {
imports = [ imports = [
../acme.nix
../dns.nix
../nginx.nix
inputs.skynet_ldap_backend.nixosModule."x86_64-linux" inputs.skynet_ldap_backend.nixosModule."x86_64-linux"
../../config/users.nix ../../config/users.nix
]; ];
@ -43,7 +40,6 @@ in {
#backups = [ "/etc/silver_ul_ical/database.db" ]; #backups = [ "/etc/silver_ul_ical/database.db" ];
age.secrets.ldap_details.file = ../../secrets/ldap/details.age; age.secrets.ldap_details.file = ../../secrets/ldap/details.age;
age.secrets.ldap_discord.file = ../../secrets/discord/ldap.age;
age.secrets.ldap_mail.file = ../../secrets/email/details.age; age.secrets.ldap_mail.file = ../../secrets/email/details.age;
age.secrets.ldap_wolves.file = ../../secrets/wolves/details.age; age.secrets.ldap_wolves.file = ../../secrets/wolves/details.age;
@ -72,7 +68,6 @@ in {
# contains teh password in env form # contains teh password in env form
env = { env = {
ldap = config.age.secrets.ldap_details.path; ldap = config.age.secrets.ldap_details.path;
discord = config.age.secrets.ldap_discord.path;
mail = config.age.secrets.ldap_mail.path; mail = config.age.secrets.ldap_mail.path;
wolves = config.age.secrets.ldap_wolves.path; wolves = config.age.secrets.ldap_wolves.path;
}; };

View file

@ -15,9 +15,6 @@ with lib; let
in { in {
# these are needed for teh program in question # these are needed for teh program in question
imports = [ imports = [
../acme.nix
../dns.nix
../nginx.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

View file

@ -10,9 +10,6 @@ with lib; let
domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
in { in {
imports = [ imports = [
./acme.nix
./dns.nix
./nginx.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {
@ -48,6 +45,7 @@ in {
services.skynet.acme.domains = [ services.skynet.acme.domains = [
domain domain
"onlyoffice.${domain}" "onlyoffice.${domain}"
"whiteboard.${domain}"
]; ];
services.skynet.dns.records = [ services.skynet.dns.records = [
@ -61,13 +59,18 @@ in {
r_type = "CNAME"; r_type = "CNAME";
value = config.services.skynet.host.name; value = config.services.skynet.host.name;
} }
# {
# record = "whiteboard.${cfg.domain.sub}";
# r_type = "CNAME";
# value = config.services.skynet.host.name;
# }
]; ];
# /var/lib/nextcloud/data # /var/lib/nextcloud/data
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud28; package = pkgs.nextcloud30;
hostName = domain; hostName = domain;
https = true; https = true;
@ -81,8 +84,8 @@ in {
appstoreEnable = true; appstoreEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; { extraApps = {
inherit forms groupfolders maps notes onlyoffice polls; inherit (config.services.nextcloud.package.packages.apps) richdocuments;
}; };
settings = { settings = {
@ -93,10 +96,21 @@ in {
}; };
}; };
# environment.etc."nextcloud-whiteboard-secret".text = ''
# JWT_SECRET_KEY=test123
# '';
#
# services.nextcloud-whiteboard-server = {
# enable = true;
# settings.NEXTCLOUD_URL = "https://nextcloud.skynet.ie";
# secrets = ["/etc/nextcloud-whiteboard-secret"];
# };
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
services.onlyoffice = { # impacted by https://github.com/NixOS /nixpkgs/issues/352443
enable = true; # services.onlyoffice = {
}; # enable = true;
# };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
${domain} = { ${domain} = {
@ -108,6 +122,14 @@ in {
useACMEHost = "skynet"; useACMEHost = "skynet";
locations."/".proxyPass = "http://127.0.0.1:8000"; locations."/".proxyPass = "http://127.0.0.1:8000";
}; };
# "whiteboard.${domain}" = {
# forceSSL = true;
# useACMEHost = "skynet";
# locations."/" = {
# proxyPass = "http://localhost:3002";
# proxyWebsockets = true;
# };
# };
}; };
}; };
} }

View file

@ -9,8 +9,6 @@
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
statusPage = true;
# give Nginx access to our certs # give Nginx access to our certs
group = "acme"; group = "acme";
}; };

View file

@ -15,7 +15,6 @@ https://docs.attic.rs/introduction.html
lib, lib,
config, config,
pkgs, pkgs,
inputs,
... ...
}: }:
with lib; let with lib; let
@ -23,9 +22,6 @@ with lib; let
cfg = config.services.skynet."${name}"; cfg = config.services.skynet."${name}";
in { in {
imports = [ imports = [
inputs.attic.nixosModules.atticd
../acme.nix
../dns.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {
@ -55,7 +51,7 @@ in {
enable = true; enable = true;
# Replace with absolute path to your credentials file # Replace with absolute path to your credentials file
credentialsFile = "/etc/atticd.env"; environmentFile = "/etc/atticd.env";
settings = { settings = {
listen = "127.0.0.1:8080"; listen = "127.0.0.1:8080";

View file

@ -13,8 +13,6 @@ with lib; let
port = 11371; port = 11371;
in { in {
imports = [ imports = [
../acme.nix
../dns.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

View file

@ -15,8 +15,6 @@ with lib; let
folder = "/var/skynet/${name}"; folder = "/var/skynet/${name}";
in { in {
imports = [ imports = [
../acme.nix
../dns.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

View file

@ -21,7 +21,7 @@ with lib; let
) )
nodes nodes
); );
node = lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString config.services.prometheus.exporters.node.port}") nodes; node = lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString value.config.services.prometheus.exporters.node.port}") nodes;
}; };
# clears any invalid entries # clears any invalid entries
@ -37,8 +37,10 @@ in {
type = types.port; type = types.port;
default = 9001; default = 9001;
}; };
};
external.node = mkOption { external = {
node = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
description = '' description = ''
@ -46,12 +48,20 @@ in {
''; '';
}; };
}; };
ports = {
node = mkOption {
type = types.port;
default = 9100;
};
};
}; };
config = mkMerge [ config = mkMerge [
{ {
services.prometheus.exporters.node = { services.prometheus.exporters.node = {
enable = true; enable = true;
port = cfg.ports.node;
openFirewall = true; openFirewall = true;
# most collectors are on by default see https://github.com/prometheus/node_exporter for more options # most collectors are on by default see https://github.com/prometheus/node_exporter for more options
enabledCollectors = ["systemd" "processes"]; enabledCollectors = ["systemd" "processes"];
@ -66,7 +76,7 @@ in {
job_name = "node_exporter"; job_name = "node_exporter";
static_configs = [ static_configs = [
{ {
targets = filter_empty (exporters.node ++ cfg.server.external.node); targets = filter_empty (exporters.node ++ cfg.external.node);
} }
]; ];
} }

View file

@ -12,19 +12,19 @@ with lib; {
enable = mkOption { enable = mkOption {
default = true; default = true;
type = types.bool; type = types.bool;
description = lib.mdDoc "Whether to enable the ProxmoxLXC."; description = lib.mdDoc "Whether to enable the Proxmox VE LXC module.";
}; };
privileged = mkOption { privileged = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = lib.mdDoc '' description = ''
Whether to enable privileged mounts Whether to enable privileged mounts
''; '';
}; };
manageNetwork = mkOption { manageNetwork = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = lib.mdDoc '' description = ''
Whether to manage network interfaces through nix options Whether to manage network interfaces through nix options
When false, systemd-networkd is enabled to accept network When false, systemd-networkd is enabled to accept network
configuration from proxmox. configuration from proxmox.
@ -33,7 +33,7 @@ with lib; {
manageHostName = mkOption { manageHostName = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = lib.mdDoc '' description = ''
Whether to manage hostname through nix options Whether to manage hostname through nix options
When false, the hostname is picked up from /etc/hostname When false, the hostname is picked up from /etc/hostname
populated by proxmox. populated by proxmox.
@ -68,6 +68,8 @@ with lib; {
loader.initScript.enable = true; loader.initScript.enable = true;
}; };
console.enable = true;
networking = mkIf (!cfg.manageNetwork) { networking = mkIf (!cfg.manageNetwork) {
useDHCP = false; useDHCP = false;
useHostResolvConf = false; useHostResolvConf = false;
@ -81,13 +83,14 @@ with lib; {
startWhenNeeded = mkDefault true; startWhenNeeded = mkDefault true;
}; };
systemd.mounts = systemd = {
mkIf (!cfg.privileged) mounts = mkIf (!cfg.privileged) [
[
{ {
where = "/sys/kernel/debug";
enable = false; enable = false;
where = "/sys/kernel/debug";
} }
]; ];
services."getty@".unitConfig.ConditionPathExists = ["" "/dev/%I"];
};
}; };
} }

View file

@ -83,9 +83,6 @@ with lib; let
)); ));
in { in {
imports = [ imports = [
./dns.nix
./nginx.nix
./acme.nix
]; ];
# using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base # using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base
@ -145,20 +142,6 @@ in {
default = false; default = false;
}; };
}; };
nuked = {
enable = mkEnableOption "Nuked Backup server";
port = mkOption {
type = types.port;
default = 8765;
};
appendOnly = mkOption {
type = types.bool;
default = false;
};
};
}; };
config = mkMerge [ config = mkMerge [
@ -212,58 +195,5 @@ in {
} }
]; ];
}) })
# restic -r rest:https://skynet:testing@nuked.skynet.ie/ init
(mkIf cfg.nuked.enable {
assertions = [
{
assertion = !cfg.server.enable;
message = "Our backup and Nuked backup cannot co-exist";
}
];
services.skynet.acme.domains = [
"nuked.skynet.ie"
];
services.skynet.dns.records = [
{
record = "nuked";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.nginx.virtualHosts = {
"nuked.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/" = {
proxyPass = "http://${config.services.restic.server.listenAddress}";
proxyWebsockets = true;
};
};
};
networking.firewall.allowedTCPPorts = [
cfg.nuked.port
];
age.secrets.restic_pw = {
file = ../secrets/backup/nuked.age;
path = "${config.services.restic.server.dataDir}/.htpasswd";
symlink = false;
mode = "770";
owner = "restic";
group = "restic";
};
services.restic.server = {
enable = true;
listenAddress = "${config.services.skynet.host.ip}:${toString cfg.server.port}";
appendOnly = cfg.nuked.appendOnly;
privateRepos = true;
};
})
]; ];
} }

View file

@ -0,0 +1,34 @@
{year}: {
config,
pkgs,
lib,
inputs,
...
}:
with lib; {
imports = [];
config = {
services.skynet.acme.domains = [
"${year}.skynet.ie"
];
services.skynet.dns.records = [
{
record = year;
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.nginx = {
virtualHosts = {
"${year}.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
root = "${inputs."skynet_website_${year}".defaultPackage."x86_64-linux"}";
};
};
};
};
}

View file

@ -10,8 +10,11 @@ with lib; let
cfg = config.services.skynet."${name}"; cfg = config.services.skynet."${name}";
in { in {
imports = [ imports = [
./acme.nix # import in past website versions, available at $year.skynet.ie
./dns.nix # at teh end of teh year add it here
(import ./old_site.nix {year = "2023";})
(import ./old_site.nix {year = "2017";})
(import ./old_site.nix {year = "2009";})
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {
@ -20,11 +23,8 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.skynet.acme.domains = [ services.skynet.acme.domains = [
# the root one is already covered by teh certificate
"2016.skynet.ie"
"discord.skynet.ie" "discord.skynet.ie"
"public.skynet.ie" "public.skynet.ie"
"renew.skynet.ie"
]; ];
services.skynet.dns.records = [ services.skynet.dns.records = [
@ -34,11 +34,6 @@ in {
r_type = "A"; r_type = "A";
value = config.services.skynet.host.ip; value = config.services.skynet.host.ip;
} }
{
record = "2016";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
{ {
record = "discord"; record = "discord";
r_type = "CNAME"; r_type = "CNAME";
@ -49,11 +44,6 @@ in {
r_type = "CNAME"; r_type = "CNAME";
value = config.services.skynet.host.name; value = config.services.skynet.host.name;
} }
{
record = "renew";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
]; ];
services.nginx = { services.nginx = {
@ -63,9 +53,7 @@ in {
forceSSL = true; forceSSL = true;
useACMEHost = "skynet"; useACMEHost = "skynet";
locations = { locations = {
"/" = { "/".root = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
root = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
};
# this redirects old links to new format # this redirects old links to new format
"~* ~(?<username>[a-z_0-9]*)(?<files>\\S*)$" = { "~* ~(?<username>[a-z_0-9]*)(?<files>\\S*)$" = {
@ -75,13 +63,6 @@ in {
}; };
}; };
# archive of teh site as it was ~2012 to 2016
"2016.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
root = "${inputs.skynet_website_2016.defaultPackage."x86_64-linux"}";
};
# a custom discord url, because we are too cheap otehrwise # a custom discord url, because we are too cheap otehrwise
"discord.skynet.ie" = { "discord.skynet.ie" = {
forceSSL = true; forceSSL = true;
@ -95,13 +76,6 @@ in {
root = "${inputs.compsoc_public.packages.x86_64-linux.default}"; root = "${inputs.compsoc_public.packages.x86_64-linux.default}";
locations."/".extraConfig = "autoindex on;"; locations."/".extraConfig = "autoindex on;";
}; };
# for alumni members to renew their account
"renew.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
root = "${inputs.skynet_website_renew.defaultPackage."x86_64-linux"}";
};
}; };
}; };
}; };

View file

@ -0,0 +1,64 @@
{
config,
pkgs,
lib,
inputs,
...
}:
with lib; let
name = "wiki";
cfg = config.services.skynet."${name}";
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Wiki";
};
config = mkIf cfg.enable {
services.skynet.acme.domains = [
"renew.skynet.ie"
"wiki.skynet.ie"
];
services.skynet.dns.records = [
{
record = "renew";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
{
record = "wiki";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.nginx = {
virtualHosts = {
"wiki.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
root = "${inputs.skynet_website_wiki.defaultPackage."x86_64-linux"}";
# https://stackoverflow.com/a/38238001/11964934
extraConfig = ''
location / {
if ($request_uri ~ ^/(.*)\.html) {
return 302 /$1;
}
try_files $uri $uri.html $uri/ =404;
}
'';
};
# redirect old links to the new wiki
"renew.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/".return = "307 https://wiki.skynet.ie";
};
};
};
};
}

View file

@ -11,9 +11,6 @@ with lib; let
php_pool = name; php_pool = name;
in { in {
imports = [ imports = [
./acme.nix
./dns.nix
./nginx.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {
@ -21,7 +18,10 @@ in {
}; };
config = { config = {
# ssh access # we havea more limited ports range on the skynet server
services.skynet.prometheus.ports = {
node = 9000;
};
# allow more than admins access # allow more than admins access
services.skynet.ldap_client = { services.skynet.ldap_client = {
@ -85,6 +85,20 @@ in {
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"outinul.ie" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
alias = "/home/outinul/public_html/";
index = "index.html";
extraConfig = ''
autoindex on;
'';
tryFiles = "$uri$args $uri$args/ /index.html";
};
};
};
# main site # main site
"*.users.skynet.ie" = { "*.users.skynet.ie" = {
forceSSL = true; forceSSL = true;

View file

@ -9,10 +9,6 @@ with lib; let
cfg = config.services.skynet."${name}"; cfg = config.services.skynet."${name}";
in { in {
imports = [ imports = [
./acme.nix
./dns.nix
./firewall.nix
./nginx.nix
]; ];
options.services.skynet."${name}" = { options.services.skynet."${name}" = {

View file

@ -1,35 +1,24 @@
{lib, ...}: { {lib, ...}: {
imports = [ imports = [
# Paths to other modules.
# Compose this module out of smaller ones.
]; ];
# this needs to mirror ../applications/dns.nix
options.skynet.records = lib.mkOption { options.skynet.records = lib.mkOption {
description = "Records, sorted based on therir type"; description = "Records, sorted based on therir type";
type = with lib.types; type = lib.types.listOf (lib.types.submodule (import ../applications/dns/options-records.nix {
listOf (submodule { inherit lib;
options = { }));
record = lib.mkOption {
type = str;
};
r_type = lib.mkOption {
type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
};
value = lib.mkOption {
type = str;
};
server = lib.mkOption {
description = "Core record for a server";
type = bool;
default = false;
};
};
});
}; };
config = { config = {
skynet.records = [ skynet.records =
[
# wifi in server room
{
record = "ash";
r_type = "A";
value = "193.1.99.114";
server = true;
}
{ {
record = "optimus"; record = "optimus";
r_type = "A"; r_type = "A";
@ -55,7 +44,7 @@
{ {
record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie."; record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie.";
r_type = "SRV"; r_type = "SRV";
value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; value = "0 10 25518 bumblebee.skynet.ie.";
} }
{ {
record = "minecraft-classic.compsoc.games"; record = "minecraft-classic.compsoc.games";
@ -65,7 +54,7 @@
{ {
record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie."; record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie.";
r_type = "SRV"; r_type = "SRV";
value = "0 10 25520 minecraft-classic.compsoc.games.skynet.ie."; value = "0 10 25518 bumblebee.skynet.ie.";
} }
{ {
record = "minecraft.gsoc.games"; record = "minecraft.gsoc.games";
@ -75,7 +64,7 @@
{ {
record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie."; record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie.";
r_type = "SRV"; r_type = "SRV";
value = "0 10 25521 minecraft.gsoc.games.skynet.ie."; value = "0 10 25521 bumblebee.skynet.ie.";
} }
{ {
record = "minecraft.phildeb.games"; record = "minecraft.phildeb.games";
@ -85,7 +74,39 @@
{ {
record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie."; record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie.";
r_type = "SRV"; r_type = "SRV";
value = "0 10 25522 minecraft.phildeb.games.skynet.ie."; value = "0 10 25522 bumblebee.skynet.ie.";
}
{
record = "minecraft-aged.compsoc.games";
r_type = "CNAME";
value = "bumblebee";
}
{
record = "_minecraft._tcp.minecraft-aged.compsoc.games.skynet.ie.";
r_type = "SRV";
value = "0 10 25519 bumblebee.skynet.ie.";
}
]
# non skynet domains
++ [
{
domain = "conradcollins.net";
record = "www";
r_type = "CNAME";
value = "skynet.skynet.ie.";
}
{
domain = "edelharty.net";
record = "www";
r_type = "CNAME";
value = "skynet.skynet.ie.";
}
{
domain = "damienconroy.com";
record = "www";
r_type = "CNAME";
value = "skynet.skynet.ie.";
} }
]; ];
}; };

View file

@ -1,6 +1,11 @@
{lib, ...}: {
lib,
config,
...
}:
with lib; let with lib; let
port_backend = "8087"; port_backend = "8087";
cfg = config.skynet.users;
in { in {
options.skynet = { options.skynet = {
users = { users = {
@ -44,29 +49,37 @@ in {
config.skynet = { config.skynet = {
users = { users = {
committee = [ committee = lib.lists.unique (
# Committee - Core
[
"silver" "silver"
"eoghanconlon73" "eoghanconlon73"
"sidhiel"
"maksimsger1"
"kaiden"
"pine"
"nanda" "nanda"
"sourabh1805" "emily1999"
"kronsy" "dgr"
]
# Committee - OCM
++ [
"sidhiel"
"skyapples" "skyapples"
]; "eliza"
"amymucko"
"archiedms"
]
# Committee - SISTEM
++ [
"peace"
]
# Admins are part of Committee as well
++ cfg.admin
);
admin = [ admin = [
"silver" "silver"
"evanc" "evanc"
"eoghanconlon73"
"eliza" "eliza"
"esy" "esy"
]; ];
trainee = [ trainee = [];
"milan"
"kronsy"
];
lifetime = []; lifetime = [];
banned = []; banned = [];

File diff suppressed because it is too large Load diff

View file

@ -7,76 +7,55 @@
# Return to using unstable once the current master is merged in # Return to using unstable once the current master is merged in
# nixpkgs.url = "nixpkgs/nixos-unstable"; # nixpkgs.url = "nixpkgs/nixos-unstable";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
# utility stuff # utility stuff
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
arion.url = "github:hercules-ci/arion"; arion.url = "github:hercules-ci/arion";
alejandra = { alejandra = {
url = "github:kamadorueda/alejandra/3.0.0"; url = "github:kamadorueda/alejandra";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
colmena.url = "github:zhaofengli/colmena"; colmena.url = "github:zhaofengli/colmena";
attic.url = github:zhaofengli/attic;
# email # we host our own
# simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
simple-nixos-mailserver = { simple-nixos-mailserver = {
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
type = "gitlab"; url = "git+https://forgejo.skynet.ie/Skynet/misc_nixos-mailserver";
host = "gitlab.skynet.ie";
owner = "compsoc1%2Fskynet";
repo = "misc%2Fnixos-mailserver";
}; };
# account.skynet.ie ######################
skynet_ldap_backend = { ### skynet backend ###
type = "gitlab"; ######################
host = "gitlab.skynet.ie"; skynet_ldap_backend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_backend";
owner = "compsoc1%2Fskynet"; skynet_ldap_frontend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_frontend";
repo = "ldap%2Fbackend"; skynet_website_wiki.url = "git+https://forgejo.skynet.ie/Skynet/wiki";
}; skynet_website_games.url = "git+https://forgejo.skynet.ie/Skynet/website_games";
skynet_ldap_frontend = { skynet_discord_bot.url = "git+https://forgejo.skynet.ie/Skynet/discord-bot";
type = "gitlab";
host = "gitlab.skynet.ie"; #####################
owner = "compsoc1%2Fskynet"; ### compsoc stuff ###
repo = "ldap%2Ffrontend"; #####################
}; compsoc_public.url = "git+https://forgejo.skynet.ie/Computer_Society/presentations_compsoc";
skynet_website = {
type = "gitlab"; #################
host = "gitlab.skynet.ie"; ### skynet.ie ###
owner = "compsoc1%2Fskynet"; #################
repo = "website%2F2023";
}; # this should always point to teh current website
skynet_website_2016 = { skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2017";
type = "gitlab";
host = "gitlab.skynet.ie"; # these are past versions of teh website
owner = "compsoc1%2Fskynet"; skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191";
repo = "website%2F2016"; # this is not 100% right since this is from teh archive from 2022 or so
}; skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99";
skynet_website_renew = {
type = "gitlab"; # this is more of 2012 than 2009 but started in 2009
host = "gitlab.skynet.ie"; skynet_website_2009.url = "git+https://forgejo.skynet.ie/Skynet/website_2009";
owner = "compsoc1%2Fskynet";
repo = "website%2Falumni-renew";
};
skynet_website_games = {
type = "gitlab";
host = "gitlab.skynet.ie";
owner = "compsoc1%2Fskynet";
repo = "website%2Fgames.skynet.ie";
};
skynet_discord_bot = {
type = "gitlab";
host = "gitlab.skynet.ie";
owner = "compsoc1%2Fskynet";
repo = "discord-bot";
};
compsoc_public = {
type = "gitlab";
host = "gitlab.skynet.ie";
owner = "compsoc1%2Fcompsoc";
repo = "presentations%2Fpresentations";
};
}; };
nixConfig = { nixConfig = {
@ -116,7 +95,7 @@
overlays = []; overlays = [];
}; };
specialArgs = { specialArgs = {
inherit inputs; inherit inputs self;
}; };
}; };
@ -165,7 +144,8 @@
# Public Services # Public Services
calculon = import ./machines/calculon.nix; calculon = import ./machines/calculon.nix;
deepthought = import ./machines/deepthought.nix; # metrics
ariia = import ./machines/ariia.nix;
}; };
}; };
} }

View file

@ -18,23 +18,11 @@ in {
# for the secrets # for the secrets
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
# base config for all servers # base application config for all servers
../applications/_base.nix ../applications/_base.nix
# every sever may need the firewall config stuff #
../applications/firewall.nix inputs.lix-module.nixosModules.default
# every sever needs to have a dns record
../applications/dns.nix
# every server needs teh ldap client for admins
../applications/ldap/client.nix
# every server will need the config to backup to
../applications/restic.nix
# every server will be monitored for grafana
../applications/prometheus.nix
]; ];
options.skynet = { options.skynet = {
@ -132,19 +120,20 @@ in {
# https://discourse.nixos.org/t/systemd-networkd-wait-online-934764-timeout-occurred-while-waiting-for-network-connectivity/33656/9 # https://discourse.nixos.org/t/systemd-networkd-wait-online-934764-timeout-occurred-while-waiting-for-network-connectivity/33656/9
systemd.network.wait-online.enable = false; systemd.network.wait-online.enable = false;
environment.systemPackages = [ environment.systemPackages = with pkgs; [
# for flakes # for flakes
pkgs.git git
git-lfs
# useful tools # useful tools
pkgs.ncdu_2 ncdu_2
pkgs.htop htop
pkgs.nano nano
pkgs.nmap nmap
pkgs.bind bind
pkgs.zip zip
pkgs.traceroute traceroute
pkgs.openldap openldap
pkgs.screen screen
]; ];
}; };
} }

47
machines/ariia.nix Normal file
View file

@ -0,0 +1,47 @@
/*
Name: https://en.wikipedia.org/wiki/Eagle_Eye
Why: ARIIA - Autonomous Reconnaissance Intelligence Integration Analyst
Type: VM
Hardware: -
From: 2024
Role: Metrics gathering and Analysis
Notes:
*/
{
config,
pkgs,
lib,
nodes,
...
}: let
# name of the server, sets teh hostname and record for it
name = "ariia";
ip_pub = "193.1.99.83";
hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in {
imports = [
../applications/grafana.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = null;
tags = ["active-core"];
};
services.skynet = {
host = host;
backup.enable = true;
prometheus.server.enable = true;
grafana.enable = true;
};
}

View file

@ -1,42 +0,0 @@
/*
Name: https://hitchhikers.fandom.com/wiki/Deep_Thought
Why: Our home(page)
Type: VM
Hardware: -
From: 2023
Role: Public Backup
Notes:
*/
{
pkgs,
lib,
nodes,
inputs,
...
}: let
name = "deepthought";
ip_pub = "193.1.99.112";
hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in {
imports = [
];
deployment = {
targetHost = ip_pub;
targetPort = 22;
targetUser = null;
tags = ["active-core"];
};
services.skynet = {
host = host;
backup.nuked.enable = true;
};
}

View file

@ -25,7 +25,8 @@ Notes:
}; };
in { in {
imports = [ imports = [
../applications/skynet.ie.nix ../applications/skynet.ie/skynet.ie.nix
../applications/skynet.ie/wiki.nix
]; ];
deployment = { deployment = {
@ -40,5 +41,6 @@ in {
host = host; host = host;
backup.enable = true; backup.enable = true;
website.enable = true; website.enable = true;
wiki.enable = true;
}; };
} }

View file

@ -26,7 +26,8 @@ Notes: Each user has roughly 20gb os storage
}; };
in { in {
imports = [ imports = [
../applications/gitlab.nix ../applications/git/gitlab.nix
../applications/git/forgejo.nix
]; ];
deployment = { deployment = {
@ -41,5 +42,6 @@ in {
host = host; host = host;
backup.enable = true; backup.enable = true;
gitlab.enable = true; gitlab.enable = true;
forgejo.enable = true;
}; };
} }

View file

@ -31,8 +31,6 @@ in {
../applications/discord.nix ../applications/discord.nix
../applications/bitwarden/vaultwarden.nix ../applications/bitwarden/vaultwarden.nix
../applications/bitwarden/bitwarden_sync.nix ../applications/bitwarden/bitwarden_sync.nix
../applications/grafana.nix
../applications/prometheus.nix
]; ];
deployment = { deployment = {
@ -56,7 +54,5 @@ in {
# committee/admin services # committee/admin services
vaultwarden.enable = true; vaultwarden.enable = true;
prometheus.server.enable = true;
grafana.enable = true;
}; };
} }

View file

@ -22,9 +22,6 @@ Notes: Thius vpn is for admin use only, to give access to all the servers via
hostname = ip_pub; hostname = ip_pub;
in { in {
imports = [ imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
]; ];
deployment = { deployment = {

View file

@ -25,7 +25,7 @@ Notes:
}; };
in { in {
imports = [ imports = [
../applications/gitlab_runner.nix ../applications/git/forgejo_runner.nix
]; ];
deployment = { deployment = {
@ -39,10 +39,6 @@ in {
services.skynet = { services.skynet = {
host = host; host = host;
backup.enable = true; backup.enable = true;
forgejo_runner.enable = true;
gitlab_runner = {
enable = true;
runner.name = "runner01";
};
}; };
} }

View file

@ -1,17 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA dgJJTGIzBXLeK17bfgeYeXXN5YrByBOTbhyIkx+Z2TI
zgujS6RYpXEzbUYZc1DRz0RlWAGurFNzAJnE4j4zhjY
-> ssh-ed25519 4PzZog U7EUVcL+2Acv3mBpz88t2ZwVJm4YyNlwXzXpSkZfjk8
LKQqiFcJ3pIWJG5DSbBbcEzg0dIPFOfiwcKCuR2zfhA
-> ssh-ed25519 5Nd93w Rsjby+9wJr4PnaixDgUk32319SnfJCxgnC8fQ9Gc0yM
7jmxPtgrIZ9ZF5c04bMzgYBLLPoqKFfwmU/qG6hF+9s
-> ssh-ed25519 q8eJgg p5+dL0VBijPOTihOZuDQdE/yLQA+BHlEVSq12gRaizw
MzQcGLTaUhgarzvJ7h/XfHIyPUb+i6YkbgkbvhOONEo
-> ssh-ed25519 KVr8rw W9+d0ot3036q0YPNYaY1MS/4EiTU0MnLmq56dvUamE0
wuIORoGvEG8lqrirf07ycIHawiw/DsjvTUwZrIEjSjk
-> ssh-ed25519 fia1eQ c5cadKGZlONyUKivzegA+swGqgpb8oLDe5bk7Sb8XBI
NNrb+ezMjYuKkaDUGumflNYrKPzxnPULoMslxH5/bFI
-> ssh-ed25519 DVzSig 6uvtkJC55iEwnCPZGAqMrLzW+IuHX9YDhtCX3eHtxkA
JNmstGPHqh2if+C4j1S19v2bCpbib+Wthp/OCusCSc8
--- teGaaxnvHxEkKCtyNsBV/yhl3Ohn9BD3nfjl6jq3OcM
³Êb_ÂòõŠ<C3B5>aX¹&6LFÀo8˘¯œC.ƒ ~ÿˆŽœž—k3âÃî;¯1Ž² ”Iôd* ÚûV®Ïƒj¦áÖùñÅí?D©´Õd%buš^Øa"Q2„<m<>oãm©œc6Ò¹5!…HÂé8Žj9Ä <C384>1º»þàT@½ÎoíâvÂœ¦ß<>&E„áÅË(èˆH©n®}³ÞQÉhe5JãfàåÓ\.,~X<isÅpŽpÆkøb ÿp8aÒfÞ†½0ˆ*»0ù;Øy:hl

Binary file not shown.

View file

@ -1,18 +1,19 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA Q6fzzE0ZuVtBGR3fFnmw45hrQU/vKj2y2aEzYA2cvAs -> ssh-ed25519 V1pwNA d/AgQuQidsB5+UMBxg3/YIA/4EVMF9+BeZrEMzgU52Y
c0A5Ieu188qIE3QKvC+6DqjDxAC4HqfBUbPu3m72NTA gPmTDd4oeIwwJ5ZdnWp/s6cEupsYPY08TBvmL5fe3NE
-> ssh-ed25519 4PzZog AzQaulqa+X3fxgk/sP5jjFfPGAPMzGlbacGIQdKpSxs -> ssh-ed25519 4PzZog iR02KGER5WMrs4djPPpMRc3v5qN5FpcpjTkB+O4GyV0
d5OgkPftJ8wqrMlfGcxLld+DWVQ58/SvXGOmPj79SUQ ibvzSePq1ruF03QBsHRr40VCZ6ZcnWjvcJzybB5vt4g
-> ssh-ed25519 5Nd93w u+Fu4cNNKnHht6Gj8NgCK96U8SL4h+hFv9SZ+DSMrGg -> ssh-ed25519 dA0vRg pVsTTA9yknN8gl6K/CkY/HnUc8eW1F/pSqXq/Upq3SE
zy6Jf8ZBInhOVDuFuFAZso6KJl8gLlklqWCayPqb14w 3ymQH0jBAk9ktwBUvth8G9ZdDzr9Ozqi9YNVB8fyvGE
-> ssh-ed25519 q8eJgg s6jAIb95QqWDKGEx2lbnJruSfp6mgERcI2SzTip+Gnw -> ssh-ed25519 5Nd93w fSPTiW3c4va0F5IYoFF+QoN4u1tFGRBrMO9lypICiXo
IHPOcqeagr79owKNqyk9dLjz5Qz1fQ1A/vOxt+NPlu4 8MgZPPUXJGGOdmGknXhaV0xgJl76dg9B1e5r0Ud/iW8
-> ssh-ed25519 KVr8rw VO/YREcq6mknjN2JdAr3GWg91Hml4k1Ojx1tUMXAXks -> ssh-ed25519 q8eJgg UFiK3B6YB3YR8fVOWOPLlpGuo5pWpK6b7zteIngC2Cc
1BhUi7kRCZV+c9TROQIFeNt2WSL9Xa14J40vo/qyJ70 K+e9B1V7AdimOMdy7YCJ7tJnHsHoQChAmWmOJDIdwMU
-> ssh-ed25519 fia1eQ w6T0/iajXe7pgvX75tm/94HueS6OlKlXAo3IgIIlcm0 -> ssh-ed25519 KVr8rw FeMibaL1ITDNByDL26VRXVz6d2FP13SpKoN87RgTYDo
Cun2Xmb7fbXCg18lLmsdhqViEG8lqOAGGoghJlvunu0 e0LPmpAe9wRRvgKTYq96Qk+WiUhfixiatuWPPi72Nlk
-> ssh-ed25519 3pl/Kw cpVAh+pifXN3ohww8TqmyCrCRWU06OAPPdLX/5DBUwo -> ssh-ed25519 fia1eQ i5+7lIZDOm48wywy6CRMOLVhHWnmV71WM0QLSbyhqV4
+GQ7xCXSJp6nwGymXD+9AqeZC7ScJl4a/A/2XWQzKbA S5nAEPHEmAn3AGxN04FpVKwVHrWtZS2s/dPeVv4ryCE
--- GhvvZMgI8VzeGNtLQ+EUIPYpR6EgLpxiuxn9Upu6o7g -> ssh-ed25519 3pl/Kw Mhc4y4szabQQaeBWtZ7mVdDnZYRwtninrBhcyHoUm24
ðKihãPSëÔd~p{%<25>Pàbªc•£„ã't«kÀÙ?[e0¤þbþë lQpLgpgU0ak9WDQIJxd5Yz/DUe14szLvsUGxAil+5dk
éŠ<EFBFBD>{<7B>Ú Æ&$tWŠë.<2E>œ"ûÆX˜f¥\-vIýL{]”óõš¡Õ1;ûúüU¦<55> --- eUzkrzEEXETs3FXa2YqSW4yqQiRLFC8Umr1D+Bq334c
ڙءm“ }ïÁý9Ž.û”I^éY%Kcö¨SšÒÈ®¤hVó„Á{þ7Z'i ¸<¡Z#s<E28093>íÆ<C3AD>šs. Þ<>„zÒIW=†WÀuþ±ÚàX

Binary file not shown.

View file

@ -1,17 +1,19 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA abYqfp05DkkiK7wdTOn+E9+FU9iX8y/UcoVNUJQ1wwQ -> ssh-ed25519 V1pwNA xqavLiNuEoc7Gn7MchvoSEC2RrsFDrf9MEGFYVf5vEs
BLIH6HkjumaaeKntAMm5BXC4ADfqLRh3vsq26gVB470 ZwOkERtRi8yxlZ6sUl+mzJ+YFw/h82vV0WzhRjQOTo0
-> ssh-ed25519 4PzZog gNCidb7IlrQLJah7iqpLKLFzlhe/4RLk5hexSq96My0 -> ssh-ed25519 4PzZog eiC4yLeOytE1jTUaQDOxtVHsM2jJAvGLrI75XJXRCSA
ynnNvbbit8U8CNel3cBEeel006ftNPArV+oAFNdmv/4 HJg+GqSKlXld1uB2WPTM28XEygsm3+4iObC7SCMWl8c
-> ssh-ed25519 5Nd93w YnGe4yzhVDQD1z7Mq58KgnF2GJjkBLyiOZBmCygazRU -> ssh-ed25519 dA0vRg rStUstoZRf0i7Ot/0Gn6zd1cQMQjDlLQ8ScEIM3XMXE
dZg81Rb+XSoeho2Xbth+pIza+6F4TbAuN6s5BbP1OLM PR2UGWuO5VOBVee3bndRxipU/m2ZRXMo0HQkX8pvTyk
-> ssh-ed25519 q8eJgg H9L5QhInkMWBndRYQHIQTmuMVBrMtaXqCrpEXV/hpBE -> ssh-ed25519 5Nd93w hn5Oo+ZoIG+UwAb/DUUJmkDcey35fG5WDBgbe494T2s
QL24qbdGbfdmv2bgS1uYjRHB5fKPrfmbmMidjI9dEIg TxUgeQb8UdxlowGV1/j2Tr7DTNqc6d56NGaFGZfeidQ
-> ssh-ed25519 KVr8rw GqmHdNfgOFKcZ6+zxKDWg/ImAVEXHTSpzDmBe8f/vmo -> ssh-ed25519 q8eJgg vcWProg0hXGuIRVWXpFSzyS4Ei4YHSdq17A08avwCmI
4u2ek5DHeDuBizYx0nRee02Gf6492fjWM8U7/HL2XwQ 4iKGWyyGfCKEliEa/9r8y+D5LsyLglFvcUeXyzO+FCg
-> ssh-ed25519 fia1eQ zYA2FI8k6675UAQn1AlwWzPV5e52dAmv/ESDFMmSQlA -> ssh-ed25519 KVr8rw 2kNscJDgyfKH6WrfSKWnX5dgRM0Kk7FztGhoJ89VUWw
rup+vtydMspXXeQQ9In4s0HQnBNY4IvqRIlIdKPVaZk /biNgciz7/fDOyY6GfwEI57ESdUyRwmKaI4OG5pJs20
-> ssh-ed25519 IzAMqA QOiOSUOx76IICb8rSo0OxTtyZnyyA8nZ/pvuDZcVfUI -> ssh-ed25519 fia1eQ lv06SnwwoBlmG4AVAeNpeIFgISkt6FktNuRq+P0eJgs
vDUSgB6dfzKNIpA4/0PbvJ/KzcVgW9l5KqqV6rKbyhM VX8O0FYWrEyBVR13t8AkvIq1VpwFdkMX+wBUQHBzXPI
--- 7Lo9nyTOtFbzsGyr/5Kanvj+yoszus8bUMWquX2rG90 -> ssh-ed25519 IzAMqA b0DnkDgWeERguN/u9wgiBB1sbxHaMXmMZdPOJ14/UDg
¡Çä4†ª+¡ ¦ÂÐQÍBFY2°“$žÄ8sñ¼Ñ„qš.U¾È<C2BE>ª5õ<35>†âQ·yKëog§ ­8^ÏËhîú.±=<3D>Î柳ŒÉE tmKw26Fs6iKbVq7BBK60UoQSjykp4BzLW59/ZbbD0hw
--- rR+hloCeC8YmoV34TBL7hLk/4CSfmYKwtAbmtUjHvKE
<EFBFBD>7ü¶RHSIΔC# ‡Ä/ù:öH•ôImId÷ëójkõlàa˜Ñlõb\ƒL¶ ²¬6Ø¥†/ôPÜ¢+cº÷U‰MÅ Yt©

Binary file not shown.

View file

@ -1,23 +1,26 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA FJbuXA9iZkVimh/bRdl2MnswKZpHkF6HmIqG/cmE62s -> ssh-ed25519 V1pwNA 6NKUbOSUbwVjzW/ZUpl8qEiUTTegFlji4+tVJyqY3SE
2vP3FNg2f1ijAMwWGcLa7aZQD7/Tq8iXwf6+/bMEgb8 fRQvaKnLMkVBboTEriQpWlGY9VBAP3ppsEbAB2QTScs
-> ssh-ed25519 4PzZog 75e7m7A1i4/XjB+b9OozGjKttQ3VzJuoNwKV6z1xYB4 -> ssh-ed25519 4PzZog mp/+b5LpB+DvRduqAZiKWqkZq6+tlyQgVTZz7Oge2Us
9/czRQ3V/Kb/8p9h3cdiXXbNBECeZfLLEWg8gR+WBE4 OycqmZyDr3levWSfRFxypJOkITLDix0Q15Todya6BNc
-> ssh-ed25519 5Nd93w Kier0iAHycxtmgq9n5Mq/eLR2akqKB2Z/JBA2ACjaE8 -> ssh-ed25519 dA0vRg yp/4LvS9DbdatHFWFsP5qhH8CP8Bs0IjVSenUtG4+Xs
HokkZ2jHa7DV6KqODEH5rF+YprwNwBIjLLFGbfXdkrc hHiJEtl1ffYXltsJzuEMLGUl2i/i3pFzv4bjbx/cbOI
-> ssh-ed25519 q8eJgg cFNBrJQ1R4tDi4HTI/1lGEy44cjCDpnUXGYsXQ4daA4 -> ssh-ed25519 5Nd93w BTngmy4NGLGKhC8lPos63QEVBKoQT82KswQ22EypcQQ
GPJ3fX/AxxhUjvfnAJNREQDEGp/Bz4zvfiTWHD5bwMI OCnJMkOwwXQVbtCitUizXM4nynC6a1tiPSkm7MxulWA
-> ssh-ed25519 KVr8rw hzHh/c9qM7v7eFFpvD/uvCcDD12kSaTabVVA8CKosgI -> ssh-ed25519 q8eJgg NaEjVcDBVICRgXuJchEdE4vg3qmkNmJAbDDxLq1fX0M
3bwDd/aWeYWmYf8b2ko4N37XXgTP5LeP98qYXSlaxwM YFwUmEPwJIik5YJ2SV5IAmqGlY+h24voJJlrBaoCBwA
-> ssh-ed25519 fia1eQ gol262stWS/VMaXgAJNC/VK5QkNb/UHN8X2khm3PHFQ -> ssh-ed25519 KVr8rw ZnyVITZFkuozEs/rbTdxXDQNS3Nggo+JkBL1Icht2SM
3eBj1/cUkTSNBGANSYp6S7IvMU+8dKKEtZxqo7kMzxY B4jVVts5lK1kIlOWMl0eiN7TpsTeJZWIu7NqildxeGE
-> ssh-ed25519 IzAMqA Z70Jqsw7IR9vk4uLef56F1+YCQtK2YvDC950d+WVNHk -> ssh-ed25519 fia1eQ kvzARRScl/eypC2a5cY66sXcH+TZqz4sYg4W/k9iJxQ
nXqGHPrbh3VS2DMToRKs9FxBsn8PftR6HTkeA2KXRLU Ga+4TVvXiQ6i5/+fgUQ3E5tJiLqdBsEsXjenXEpRV/A
-> ssh-ed25519 uZzB3g Zrc8idjRB+ZPHq9ScsCnXDqipGM83pio/V8mO6YYa0I -> ssh-ed25519 IzAMqA 5sizvlhLhAhAR1bViHJtRJ8fAIO56TAuLVSOwE177QE
JFVQ8V3Jkn8vxklAZzwGpmOcaKUd8QBDFO/+gAyb3Ug b9oJ8BC2xiBjvc3D0H0EF7bSNDlpvIidyBCTf04ndJI
-> ssh-ed25519 Hb0ipQ Yhn/pwNTNmMdW3L2RV2MJECEYRlAzNTYztcA5MfRCjk -> ssh-ed25519 uZzB3g g9y66zNmQbqP6Rbhg2t06W3YOgy8DkRvJZbWVegT71s
S3rkfwU9Nln8WFPSr102lX+H96wnHWVZa6z8upTRgvk 2dH7E76tDMrWQJbLPefyORP66iaPHQnSjwu8NCdSyJo
-> ssh-ed25519 IzAMqA 8SVaC/2C2+xmeCP07Mu+/xGFSB1UXrIlVJ/i8YfQXUU -> ssh-ed25519 Hb0ipQ azOzBLXfshInlFVpV0PzIBidL/VzA/+kKRXFFVD6ZF4
y4mt/hZRuc0+5OXFs3VjYH/Q/nEACAd30YlyUyNzSqw iXBF/Wcv4KWo5qUXUlyimuo0l6aClKxOCtkm3MxAIBc
--- M8Emn3XUVeSu5qTgSbR7/93DjFawmR5iZ2qxQEJ9gd0 -> ssh-ed25519 IzAMqA EWitYyV8RsPIB6HEFE2OI/C1zcC6WfBEeDI62rGVmkk
zg*õFŒô·ç½xÍ?¬7,¬ò”ïaƒ1'Ü¥ôtmR t[øVFÝl=ç+Mç¸îm᜴ÙÑj;¿Ä”Fy6—O\î<>™Ó¬µ²Òªo=¹UG#%{®ÇÛoæÛ<²Àèi*à,RO;L2Oy¤ðŠð×NŠ”¡`g‰*î$yÄÜR]-õo¼böÑ05Q/ÂXˆýk[dEÕ_…i é’ å­ï+KP8Kÿ Bk9tdSqIjLjat21J2LM8RXAt9GwdQxYdfPzqDtCjunE
--- waY7j+HMEOdqEZs/TcLEhUY9gJs6ZSc51VNfuCmCxJ4
Ý;dÙ9A‡vÔé±nq<“ê;TèáƒB؇$ÐGÌvï¯h
»\^Žé§lÖ¯`š¼ÄÎ?l¸ <0C>au~üЧ×yâ[ךju²ü;]!œ6Ëè±ãXIs4ÇŒ!Ù@ß϶û¬‘|›úïª">eÈÿ[Vž´,ÿ5˜ý8N§¹Œh<04><>[ƒ×´ZD,&âñíó¡”õIØ>ŠØù¡<C3B9>|ÎézÉm

Binary file not shown.

Binary file not shown.

View file

@ -1,19 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA QUveqW1V2eyNUoLz3VlbU1eoeKqpMhKhM3xidvLzmAc -> ssh-ed25519 V1pwNA +Ug8WtIQLZK1chInj0113Okqae8ImSdTvQYYDD558ig
ONNE8H73iwIqsGOugXQdeH12oro0eAU2qBgIMc6/OS0 ao7w/Uow6sCtoqRDr3Y8NjuF6f9P62sKfx5+5+3yV8k
-> ssh-ed25519 4PzZog oYUJKbA2TI8onEnEDLBLpRDqXBZlX4Wa5qk/vT165iY -> ssh-ed25519 4PzZog KZwHoIkqMTVHcHma22+hG19oBgCNZ3zZ9fgs0i3NMx8
J9LPEQfwudit3Fa7Po4tR+ZGMGJEVAL6QWD8S2pVeXk hxgtsHVx2KATvEQM790y7foAaWVBFnqXz72CovkbcyU
-> ssh-ed25519 5Nd93w r3fH+siDMDiuo7MAYUzxpcCk+SM/kY/cL/ndRWn4OhA -> ssh-ed25519 dA0vRg QORz3gYpB5PiM5Dgm4s2JNyJSBFTzY15tlC0JNMtoTE
zPQrQS9E7narD++03B1ECfz3w7Wtckbk3nC002GkjD0 1AuUbuw4YSoyly/iHY2DGBOhRijWoXjsFfFM1pKKlUY
-> ssh-ed25519 q8eJgg l4ZcaUycpCI4o4NDfsQlsnl/BzS4UKhxSEYKbIclmik -> ssh-ed25519 5Nd93w glPMyqAhDvJSOgief6VEWflVervhftUbNgnDOVtKX1I
lqT4jCsxhtK2tNNzRIiiZmB5iHFfzMR9w2TayZlTuvs xDSl0Oe0UPiWRnFythx/6ErNSy04paTWWKrlheEEzLo
-> ssh-ed25519 KVr8rw CRuDx3JbAfKvRQ1SyD5whrlw2MpFnlP33YMiClgXvC4 -> ssh-ed25519 q8eJgg 4Xs8DKl5BV5E8oGE9MrhBanGuTltQZz3JsCI57UYwiU
LKZIzgEEjLvKQgDJOZUi6tP9hi/lXehYQyodLOiNrYg c99NCU+f8vbvFq9T+P4Gi51ae5xygzuyLMFGf8px9CQ
-> ssh-ed25519 fia1eQ uOoglDTy0OlQm+aUqsg3KfPFXynHnJi7d7WStsw7hmQ -> ssh-ed25519 KVr8rw mPvw8t8On+jnc97m5f8x79Kcx9ZhHWyL/YW2zVllqUU
Vt214X0k+A+BWzDwbk3JHX9/lOY74bUPVt0CdYUxHHg X8CuzLbLfT6sDhZp4rGif9RDD0zHQzjEp+v5PHX2BAk
-> ssh-ed25519 NtlN/A yAVmup2BnnPIyRVQD4+e3Fh0RTfc6mJZRLKTPV69AHw -> ssh-ed25519 fia1eQ CRUdnRPTZQtB/YlTqGcghTUjUlN7avoJ3iip5rNgcEo
dEAj8GqDaIMq84hU5DHEQsba5d7Fvp71xaMVQfMD6CQ IX1fAfmdteXLwXF7S4aFidVmzr7ClQE5Dlh5siyQZPM
-> ssh-ed25519 v2Y09A 5rxrWgwLfUKqbWIyPzODXJiFSCPYB+Xlchj+9wF2RTg -> ssh-ed25519 NtlN/A BRTimkF1zqBp4N1cep8+Mzet7cX45ZHTz9NekWNaNTw
x9qWFO8KJ6R2EUqbdkFVFYMs7nHelnqZ9XF4bZ6bx8k //1gIudKHmPM5A/1fJNPaQO5TqbZzV7FDFM8EhEFzIk
--- XvVzqiGGv9j443pVSwh9lZYRjgSuUn98bICJichEzhY -> ssh-ed25519 v2Y09A U0jsaGMHVO2LpKActT5oYiJrbw6oLeSwzgzR7ufQpF8
åõ×/—"cÅR"_`QSÚÂéy­p)öê<C3B6>¯¼» z¼ÔeNÆîójúÉTéõc:9%I™ùƒ÷ }$~Û¢<C39B>RW`0Qä'©XÕÍûVJƒ[@VÛ]$,‚¢ÁžˆËÀѱô[?òuwK½»!à¼Ì¹÷ÔÿáÌuBâç:) ·æÁ‡Ý<E280A1>Ñâi CfB7xVWpyMHsRZbfwhtlBdZyUwAuLic9R0LBm6vXNUo
--- wiRWKVnnLoriKkk//al7FuIGYKru0nO1/XGhpz6yWls
§$r¶£üþlÁk=n†CxªgA3Ö•^%ÛõøÚÚ8ùs€±öúJº&<26><>  -×&Yõ(Íe(jðv€“ù¦Ž¥!¢ä€ ¤?å9^çU·¿ñ>fA¼ê(ŸÝò­„Ó1Ûìæ#<23>\³0c"Zš†Íû³‰^œ4_ÌÜÙ&Zø»•ÏX°¯6+Fÿ<C383>

Binary file not shown.

Binary file not shown.

View file

@ -0,0 +1,19 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA 8acWnck16a9QK194orAzlQgQKINum/cyUzJqO6i0rkg
In2UpSbBR6QoTMTZR/GpZJN3x+5CK3hZcEvr5fORoOI
-> ssh-ed25519 4PzZog /YeuXUmWrWFohgOSEmUygaTax668bLZpYO2T7KXl8n8
mgnBBIsPycR6RMhLk4HQei5xQLzVHiBHaooOzZdb4YA
-> ssh-ed25519 dA0vRg DidrxIBYvAfPkwNzQXy2+f6inafUafoX8cfUChA7l2Q
/wfxyJAyrQ3Uycxwov+0b9pKKOxPP9mySRK5g4BzMnY
-> ssh-ed25519 5Nd93w i+oP7x/eHY/Roj4mdpOFHrBe5rxUL7/4617F4O3jPh8
yTVD0dR3ljoUSv1qyuKcOvr1fMRm9C8YAZKKjURtCPk
-> ssh-ed25519 q8eJgg Y0yxgrLm9/E8nYBg6Yvd0GPbY7PwCJCumQ9CtgWFxxo
9BfGPSP7pTTM8Dm9qXagKaw95hbqvvp7qsFkhQgQco4
-> ssh-ed25519 KVr8rw pXha2ebkoIFX9dMX3uRz+0rcbwcQ1mwPnLWp/wCzx10
BQQ77pXJl75c6myecmKlEpqHtWB/rSdG6Pwpbxzcfbk
-> ssh-ed25519 fia1eQ gCgas1CqGNZ7n09J7iXOvh2xeGgoszn36ABZwiskBBw
3a7WMN9aB6ZvwFyP98At9V9K99hD1vkvSJgnY16/JKY
-> ssh-ed25519 CqOTGQ DU1oon3RPo4MCdzigrM2+b3KnTzzTSG/WDSvtBaF1VE
zwKaQnXT004dMojYFXPz9UERL4ULe7mPZ+vwlZMxFvY
--- FWICxx8MWe7awI8P5t0XsbA4Ye0zbxCdMbapTs325HI
wûùÿŒ­-”¥d!Ñ×=gŸ&ÜžH¬©ó?÷IçÛÚᕪªêÏ<C3AA>Ò¢Ù„öLÒLË-<08>Ù¸ÏñU¿? )ûVýJæb®éÄÎC

View file

@ -1,18 +1,19 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA a2hqKI7aO4y8QLvINHmeFrAeUthzoE3gcsNiJS87yTk -> ssh-ed25519 V1pwNA To9tGfYsutlmjqXZbFJ+TttdFAnbwY9odSMEOvItmgw
iy7zvTi6gh3/t42Pe+f5ylDx4eq1hINSAFhI3S1wOks Q8cWN1VF4bVisWVMOEA6IXqhe2JzPl/9M9UUXWWV0Bc
-> ssh-ed25519 4PzZog S4zRlO88rWpco1NY/7yJDQvCtPnRvYjWosE8VNtYkWU -> ssh-ed25519 4PzZog e3OTx6aEjhNCwyiysZkbwSC8ecVvVaVNfZV/3iNpZCE
iX+b3W2Pa3kw+ErHo/Qk+ZTH5B8svQTfMcXdN4IWVZY o8jHkyg0lptJh2Iew9ZtVi3AUOSAtmDzBIz2nE4mj8k
-> ssh-ed25519 5Nd93w WDwhO/1jtbE+DbLq8BkReY/Vdyhdc35win+n3HMqclM -> ssh-ed25519 dA0vRg 7smMdyMEq1stuvSBUsBZXJoeap4Aru6AsljjFPPpfiM
v2lqyU6RwTm6KX1z99FE78jv1KlyuoAWRG2x/Wq/X6U Ip5qA83bAGtYIeqv1w0yo5obRh+FWYJICgOU5+JoeYQ
-> ssh-ed25519 q8eJgg J7F4QM4iT3+8HbJo4ARh7iLn5/GBptn1wGM7amyr8ms -> ssh-ed25519 5Nd93w z16A2vTVGdxgKmgHoSySJ9K8cwrQglflrWDhBvZ7ME0
9DuYiyXOOWzXdlUAO7/rUYuPy9MyyxB88w814aM3XE0 ILd92pWzyVGnTOXwovlZ3EX7LsFX06hqedW7Ov2CYII
-> ssh-ed25519 KVr8rw BEBn1R3n2JYWqcjgfO5IIRWnrcPnMtI2E/hQGktypVk -> ssh-ed25519 q8eJgg Rf7U0SdZsP4NEgiDl8Z99tCoOkIwrrl5s0aYpXOG6yQ
ErzCxi8fht4tWQxzMAvkDnbNUtcbiyBiC9pNdp1vbaY tg+Y2WHuokaCVI4CCxuv9UW3GIa8CMuX0JJEWTTkwjU
-> ssh-ed25519 fia1eQ G6EtgOxK54K97LCUNZ8h87WwWwXrn8cKtkCXa75pKGc -> ssh-ed25519 KVr8rw YUN5VlTaxW7Niwtm9+FTGOILOklbEGL5EVw1BucGvXA
M86xqkKJ/DtjB7mIE1gPhoXTYzHp2393w0cZMOHQNQQ zXYcis5ANsDGPeFoV1aRzTJiOQY2P1ZLHsJDkE9RFT4
-> ssh-ed25519 uZzB3g /sd3xL4WAKbPxvdqq/fihyAhxkn0FAiBCYydIXB1/VY -> ssh-ed25519 fia1eQ TnSlOXGQ0BuVk25Yj9YpWWtYmonlM5h+uC9hUq3MM3E
/hdi7E2cEU8U82/CVB+OpGacC+OfVpXXYEu6B8bQnB0 8KrW7R5AgumY9wLVQyUmKlHD3zcUNIc+VU/X+vvY2LY
--- HGKIhGq5mH/k6m63FdnLdO2R1fs7o7K/wlP6zBwopL0 -> ssh-ed25519 uZzB3g 9ms4lu4KjQED/2AHQwr9oLd/6ws01IxuK7Z05CY6N3U
Ťw×7°Ą1ńµ“×»Áě }5¨-<2D>g-+GXVŘpŞDĺł)IëoŇŁmŹ´!ňąç®]7ďZ)»Ĺ<C2BB>±Śý"˙…±šétŻÖu$zâUŢyJ‡g_ż‰<C5BC>Yř'94<39>ThÂ_*„dĽ%I<c$ć!žĆŞF{aBY8.$ H/4AnWwt5fnZMvWjmXdoe/Os5ttJFYsMmjaHHqBdAxo
îžú»Jśi† üűŇÉ*ŞČâçČ --- zI2RSKtND2Ep69vshrRkM1KOiReF/m5vdY4jIH7NSvA
ûì‹ën൷ÞÒÜ I¯ ü$¨¬Í<C2AC>P…Uó¯"ÕκZX„ñN<C3B1>nNg<19>† àú¶dP}¥GZ?< /—!«÷c „=  üïhnZ`ß0²Âˆª1•nl±Üç»vÄÕfw<66>ÄjÓE@2<>1{ßù…ÐúEØØg“|èñQ\2Ðóe¹~ÇšÁ=Ó¬¾]fdRnó¶á¸

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -1,17 +1,20 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA nvvDGnr/WMta+0XVEnUlmg8KV3mO+5zX9ZlFQZQS1Bg -> ssh-ed25519 V1pwNA rEsQ/q9FmFkVdXfXfYG3zHN4KvXTfRmZBLEibdzbQBo
YyVLxI+TxfXXsncaIyi9Su6tzh5KLTbHxHxbWhplXXw fJSlFRK0Oi4OpGBf7Z65U5+OFu4+Ts8MqKe7B2G+gYM
-> ssh-ed25519 4PzZog zuxuhtcAiEhrr28adZrFPK5Z4399/8gbf8aWoAtI7HU -> ssh-ed25519 4PzZog aOPnUpH7F3AS6IauahbpQYYYSX7hSJcix2C1CgUsoi8
vR/0DkXhUQmbfdzMBVAFDd1S/87DDpg9v0gyZDVv2UY h83ikYOIqng/YKfo2RJc9MwbdaKV0V3DFLj5socRi6A
-> ssh-ed25519 5Nd93w CUTmUrZomxIY6wwemYIwaIBO9CFSPrcQaIWs1tUdMm8 -> ssh-ed25519 dA0vRg oK+zniCPQd3Hw/Bm1/cG6d0If6Wq7VVdxR1nrH/MHAQ
btVGPdTgvyxqd4rYiuIXLGJcQoF45g1hx5OnTHQgCrg c9Q6gyqil1XvTsl/QB9dpvYHa9Bi8bbfWNNfEx2wwo8
-> ssh-ed25519 q8eJgg wKjpIAXn+5FAC09yengwsJmAgPVY4BSNOkzC6bdZUBM -> ssh-ed25519 5Nd93w B1mA5u9RHQ28ZopDLlJh8Z5Q530tJ9wjOzhMzsJSTUE
LUifpX/UNLC0ge/ApqC0VZ6NWwug865Gtp5t2/Fbijw KbCpkJ666a/dnnatT5QIcPbEOMP+dUkiMERcc9tRMvc
-> ssh-ed25519 KVr8rw 0YwXdULrmM1CaWqe4ppSvn3rI4qaHpjVFxZLtE/jFiY -> ssh-ed25519 q8eJgg ps+fnslUfJUthZB+bLXZdvwXgaM/Jsec5YVJiTZy6AU
GXxdfK6NU0M0tBf9Txl9M7SzUEkAoDJ6VhGQuQtDRCg vpwxjfgKkieWlxSjWz+b6U0p16zJq4Q+NqO2zXISWbg
-> ssh-ed25519 fia1eQ BoAjwSD4dQG+35NLGjPwYcENbtkukIoEVxo23A3mukE -> ssh-ed25519 KVr8rw sIxHbaWSfSZVoMIchJnvEPH0S1ZrSa0sS+Pa++yUZ1o
1YAgdZedWip4daImkXA1UnHJNGu5LBF5g8t4FotjiTg 3pn9e3IzOF0JxohMP424AFWw6IrCPm+fnS70cfnKZ1U
-> ssh-ed25519 uZzB3g g/yGqYocU7fg27BOj75yUgFYHfYhLg5iOA490U7xpUY -> ssh-ed25519 fia1eQ XPBMusFIRQ2mqQgnYPpbn40heCrqiqa2P5tiq5H9fgY
huOnWVaBT71Li8CO/NialjSzBC0jscJIE7Vddc34Aes 7T2S+TJ5jd7cfnCa9iWLaf2zUHG3YIUZFnt/ek3pHUk
--- 9iDIOye0Eass4rxrC2ZcfxXu09TG0F5SQoMAi7VOsfg -> ssh-ed25519 uZzB3g NxRK4Dsc4U7a3MPQoApPTNdybonx2RdXUGc61WB8l0I
õm§Od¹åŒ½xõà·o#Ï5i‰¯¢;ËYóÔÜ:>†,n,³¤}K{½)œi¨XêÜU”jvS?jú(ªr@'ó†<C3B3>sç@ö çáLQ…ç<E280A6>ÅÞC^ý¯w<77>€XœólqŠcÑOÀ«ÆP¾Ñ<C2BE>Mnç_<C3A7>jÚÁÅÍ<L<…C+¦œå\Yü ëÜû$Ì3<C38C>|r”ÿN€x<E282AC>2A¹¿~ YHoL+K85aXdCTAm33Oc9d1/BD6xFXCHZ8uJCqqn8pQ0
--- BHDuf9Sxnh49jes8mUA6Rq2cTNqBxpsz51UZgL2np4c
þC <<3C>\ã2fkÛ×L+\¶‰éÿزµp&®6~<7E>Ø<àÌv¯sé<73>ærx§.ùO¢Y
jÚEA-ý­ûyã&N2&M•<4D>ïn  4!c²™^$¬^;¿XJÁ@éFÿÍûf*²BIÉ<49>`g†e{„ÍGžËm<C38B>ý…ñ?U¨i«toažìŠ<!” 3ä— <E28094>Ó›l1~2W7óC

Binary file not shown.

Binary file not shown.

View file

@ -1,19 +1,19 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA 9M7GmhZKBWIG3aKDhybPf3j9L4lhTrGG9aGpV7dRKy8 -> ssh-ed25519 V1pwNA J3U7/2AXc6au88y6cZ1ottq7ZY/dU/N6xDg0LRPbXxo
BfUZCdKn6rZGgHMf3475lgPqJamnm2W0tPkPctZHqyk 0haZ3EvhpeeeT0cISY6tjxcE6VpDJqGLX+68m071gn8
-> ssh-ed25519 4PzZog ijLfuYQCg2bofPXdcj+2wo4yar/Rcocw4e69nO/Kuyk -> ssh-ed25519 4PzZog oXXG203aCEltjB9FZx/H4W/QMPG1MiixW3a4nV1kPyg
H8/Un3MCa/u+WvWUIl1L0W6agAC7qMm6XyRslDy/4SE WxUvEWcDF3XFP4YkXceRx00SWY7adxCZ2nmGsytBDEU
-> ssh-ed25519 5Nd93w ti92GZohdr4Yr2ezaLt4iJJaBeu6xfe3cU8YUvW0vH0 -> ssh-ed25519 dA0vRg MTQucbTSFClxM1NM/LS0128AESkGjkVPOdpTsGbEEFM
NFm7YCcsy+X3OykCrBcO5/83qVojV2JacoSSdR1ctaw X1xEivyUoxu/Par6uBXD37f0/GeXodHuagFqguuHQco
-> ssh-ed25519 q8eJgg PvJPouqT8s+EeBv+SZUsfVXk6VY4R+o8SktSyDdxvHE -> ssh-ed25519 5Nd93w rZzdZrjSce5JhPTPPCzHJxKIUFcDJY9mccA6/QnCa3A
kGVDmEqA2kKGwmtK6Ue/rq8rmOUIdrF7tvZI4qjCuoc Wo+eoxbZZ3m82w5bywcvrpHxnyn8in6TDUb0oaglADo
-> ssh-ed25519 KVr8rw iQOHwjOQgTHEnn63/GBv9mRS5DZMouNK6ssawJIomGU -> ssh-ed25519 q8eJgg Xs7oARCYw4wmA9p1L36jRwp1r0KRZ9+XePaYIoQITRI
5wrSu/IlWpOWQ5WW0Ii0JhgWfY2qDRTT2dIayJWfPPQ AWpIl5i7TjgJK2WPz3VZR0UVEeK0u77V6pTTRSgvGas
-> ssh-ed25519 fia1eQ ORWzCW6WqJttUok3KIJOJuR2a3mvJRD6EqJMDhaTHi4 -> ssh-ed25519 KVr8rw 7viimD+3AhhCl+ORBApuvtnrjY2bNsEbUqGoM0R9q1g
cO4hefRRmCNJT/5ShZ5G68JR5nNqsjIuCsMm9ymWW84 vylA7Zx4eVkI4kg+lKx/D+Ro5Bbn2wWP36Hnxas7Z4I
-> ssh-ed25519 uZzB3g tlXiwBwJtKqA8xIJpUtS3/3R0loyD2uYI57P7HzcwXs -> ssh-ed25519 fia1eQ LYO7HMLlyXRpJJJgJ1uyrYrsfdCbRYqxXgeBtTyrn2w
8Y1cOMDwGTPIUOKSZpx8ngab7dgtTRzvTb3r87x6Um8 5oNtkzAoPWg1JY9aoXVYWByCMqEuQ1QDs7Jw6/VEEiw
--- KZjYtWrcPBYnbBRRzKuyOr1IUvEdd+XggCg3rzPLKX8 -> ssh-ed25519 uZzB3g GKbJ3OU6hN4u0hS+601Hau09sq6q5ZCNwlFJhVeEEiM
l˜M ¯Ô0Æ4a¨Ÿ”À'h^<03>³žš®°<C2AE>ž/ðìé!©óÖ<C3B3>{D#]Ô”îõ¶û Ž ø;úqax×&¼ÉÑ1®(zwí"6<>YÕa±¿Ôìv:©Àوʲß<C2B2>ÔÙOvc• LcN5eHSOgEFxR2rmC10RkHMllbQW9ZDARUG+9XeX24E
Ë8<EFBFBD>¦ÉdjbA€º¢µ --- siGgnCjaHw6TOAYR4mjwfLjtQRxFjnjGN2/MRAkIdeY
\·øOž>ðä=Gÿò¾œYQçóñ¬ÅÙ  <EFBFBD>}+3'ýY †[/*û†ÒÉo¿Ìãcbyê<79>û RÃ!¤ŽS\ÿ‡@N4‰®æPŒ=`N7<µ‚àaãbšÑ²ÛUN7Ã9­ dµ%~òæ{Çý éñºJ¾›ú`ÉH|™È,îë[·»4Êb¿=œ“ÿûÒFÁI¹ímÀëbM„Û¥4Ùšnz-<2D>9£OIu„µFó

View file

@ -1,17 +1,19 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA LAEKkf1x39PdLIH97OJtIJfTZX1M6gT8No8qqTYPA3c -> ssh-ed25519 V1pwNA Je94T4psgEbYV6YBZ2BSQ4JZbKubHtPEKNuVjL9CaSk
2iOWDr+BbDIaTz58B7AzN4NWT7RwSb7XkuiVJ57B1j0 Fp8uHwymTnjkFQBfezrFj2ycXsYrnqqW2+KeKfsjONY
-> ssh-ed25519 4PzZog Cw8kkkTDezUXzQ2gphOAv2jSDKVoERI99A6tytjwv3c -> ssh-ed25519 4PzZog paDltxaTs3odGMIkWFMuTfe+LnO2RqvRTqAi7pK8EB0
hYNdr4UWSlrn2PwFCBlI0IW3tQClDWcbuNjdAwoteho +ZtGVOK71gSGzgY6nSlDT32Q6IQFFvZd8xMp42GD/xg
-> ssh-ed25519 5Nd93w Pe1qtfWj87qtN6DWuBiB5NoBLI+aSfSgHoq421na720 -> ssh-ed25519 dA0vRg 2ZGLw9dW0qbzkJb+M1DhhEaW19VaPdgy9YvzxeEuZzw
7kb4ChNHhvfp7hM9wd4OZWUlm51cE7/RR3IFdomw12g Gycx9hEatq1jOQpE7EqF4G8y3+XvRnIC8oNK3hJmOzw
-> ssh-ed25519 q8eJgg p9LYkhCE37NkSDxV/as4eM7UiiITWcK0GIsXitD0Vi0 -> ssh-ed25519 5Nd93w uyUnDy48bjq4cfG/HfIF57bnCxNGSFze18MTW2XmDmc
T0m6EuQ5oa7EU4X4Dx+BWyGKH+zm8A28QQUvwiaNPmc TWCJRIC3J9KyjbCaM/WmCoD0x2MtrGGKVgHCA/TBe0I
-> ssh-ed25519 KVr8rw XuxmoWmw07yr9Tqi61RMvuwf6oYIVbJUhfT+FgBwgEg -> ssh-ed25519 q8eJgg qPb7JIMkwOWIWw4yIhQku0u6d09QqFKtOXx1gC3XowA
Hzym4T2/f/6A/UYTdIbBavj3hrq3sGCNO7mwewS/mg8 8+YLpW8xzEzq02zKFhlbjOggEWfMZ6j2G5RGIq/TE/o
-> ssh-ed25519 fia1eQ f2XQkWEUmk0n9DtS7vhZt9o3+aPtgiwro8Eu9mcnvmk -> ssh-ed25519 KVr8rw zcZRh0qTa55ENUWXRIPk/kAv3tKB0+anEQ+IuEhsFjY
/43wuhInhHfSPcFziObogHjyZy6qXr7X1jAPTMzulJI 8oN0U8jD1BA07XOS4idvHgu8LA7/E5aciLZOshsZJJY
-> ssh-ed25519 IzAMqA eqAgjVRof9nHZiYzY0m5MRlEzy0LBXxb/yi11K29kkQ -> ssh-ed25519 fia1eQ gkdxv6Uda41PT9GhALDwPCfzzSiCDWluZG5m3WRwKAQ
wS86BxKIoT9ZOW1n8Xo6GomhOlRztBp7DpQNv/s9PRs 5YSmnIYFXmBgTur0Z7PcLOT9ANvLJgIech5gp4Pqwjk
--- axgiJ8IqNurtt+4iAL6j3mRLi73NnjoG5+TMeIKwjI0 -> ssh-ed25519 rmrvjw H0ZmvmeUIpb4ZAUvh+7k47mUmZidcsKxDHC2oC/100A
Ô 9ÓŠö†âF­Û„XþX_î(ÝŠ.Œc{<02>¼~™ègÍ}<7D>S¬<>à"92K¬J4„s4×u#1 Äæ~ÚëRX/@°K8~áBö IjYufbdJxMMANqicCHQQAU0Vh/NvROfCfaxJBM3rai8
--- TrZyyHaK0o4ot71wVxZzBT+3mVrVUQ3jKv6FuWNO4Mc
R3±g ”GÛVðgñX3cÅœëñÕPÌ\ÚygûqÐqÒ·"KO(ôÜ.ý© ÷8Í·&Ò3Äpëù)‡‹4:MRS¦³pK

Binary file not shown.

Binary file not shown.

View file

@ -1,18 +1,20 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA gR4aFo/u2ow8mMgTInSPElO6gBhgig2s9Wzp+IkGjlY -> ssh-ed25519 V1pwNA wC7Nch41YKEjrwpf/sDR+SUWKm1porqP2DyQhz/MLh0
mVWoBrKH7AihCbdrspCIzPjF8N0kQGDML6pkybH5Y4U Mu8NGcxWphZZLgb0F7h10EJGCPiontn6y2lWNSldNGw
-> ssh-ed25519 4PzZog BhiSfpYVlUgTLX6rHisiyzLOmzrqcZ8JKDqwY1lg+D4 -> ssh-ed25519 4PzZog 6H6fsEDq6xiIkmIy6gUUGL+Mm03HSEaSGnjel3EO8EU
nSxNNHRYPy0C0ufqa2QMIylMr5IPlPUiDcg+d79KkDA xzqv1RZijhQqeiWIFq7ReVzh2JLtBoo9HmZJ1VXrMPU
-> ssh-ed25519 5Nd93w +bZMaaPc0jTIQ/eu/uWWgA41UQnKveaaVjgqoIaAGyw -> ssh-ed25519 dA0vRg UC9Vm0pLH8N9XGxKAZ/3Efe/9SRvx/rlxCYx0u5oljg
elodhm0K17eQQInvae1tkkhFY1aPrbTdaRsviYDEBEg gF4IFYdCIXfvPPrOsJFvGMf1PzrSyureKpOP66ZHB1Q
-> ssh-ed25519 q8eJgg LlaIdTPw3c2H8R5mDIIam4Ygvvk5gpgPahNJvf9UnB8 -> ssh-ed25519 5Nd93w 338ts/scFEwjZ+3f4Vcd8C9Q//E/ZGoSxIutAxKgpAo
BN901oRUt0j75RnQZnn4uFiLKEtRhCvFtKHug7Ikg8U C0vs3fiisD9FsZ8gYJZj/I81mT3Psw3g1jN5ztyuDQ4
-> ssh-ed25519 KVr8rw Bv9wfs5KP7lvH3Bpnsbzpgzduq1xiQlwVcWndWFL7Qo -> ssh-ed25519 q8eJgg eIHEYfE/50IRNy+gnNmqQD4jtVgJRla4ilAQp2gYfjE
LgGA4X5MOelYhpXWfsX95J+YGjcPzL6ISlPKr9ZNv/w bFNJA6KPlBiZWrB5vjyTilXC+rkW+xqVSWcvHln9H/8
-> ssh-ed25519 fia1eQ WaxlI+aHWQdJs2YtttcQ4TzI3aIlkmdbm21mhv71VRE -> ssh-ed25519 KVr8rw Kq/0pxm2r136ezrKRugC1So2cIIx2VTShPv6WTc6m1E
yI6QKxZ/TwXRDdaHxt6+ZVldnB7sZRGQFABnd7zeXtE W7VrsPf9jkkxqndVjrFuGBwqJR3v4hwig7Fed9xJSAI
-> ssh-ed25519 YFaxCg /V6Ab/BqFQ13K0qN1DOfaw8LLGR049s0S/FuK6dL6WA -> ssh-ed25519 fia1eQ 1sA1YfEKVatTzHV5Wd/tzqwRiIPUBQlfoKZkJpxRYig
fZbxvQWiPh/MH4/fOzV5trPL+B4H2o2WtVBIPuFsdLE lLtPzvg8H0y+FpfGfF/Q5g1nCap1TgW2wipIKU+Q+WA
--- kUKnoRQARSlp+lGUNu5Zu7KztkK36VZeK9xozWZwmyY -> ssh-ed25519 YFaxCg zUYYpsC6BXvPRcIignITwUmvBhfhy9EnxFeCFg1niQk
¼‚‚϶ÞãtT€)<29>ÊãQ*12wc¹ÍÛvѶ^<5E>ÁE~]ïÀ!³TÎÎB‰3?³ QcmAhpDajw2lJyttDX9kn+0bdugmYYifSl1esaa3xpU
§R™}ˆDÚ><3E><>º uðÃ-.¿¹<C2BF>9DóŒ --- 0sQ4g4YxMBe/VBe39F9ZfwVh9XEOHYHqgiX5oakBzPU
¦cò±hðWÚp@å "L·<4C>åÒ[)ØtŠ¼/<2F>+”MyÍä¾ò'
8K¼ƒ[©m}·qÿÈ1«{²µ¯]·OS%ᙯ>»

View file

@ -1,6 +1,7 @@
let let
admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"; admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin";
silver_laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWfVKls31yK1aZeAu5mCE+xycI9Kt3Xoj+gfvEonDg NixOS Laptop"; silver_laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWfVKls31yK1aZeAu5mCE+xycI9Kt3Xoj+gfvEonDg silver@helios";
silver_laptop_2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmm4CCnpT+tF7vecSrku0+7aDA1z3pQ+PDqZvoCynCR silver@aether";
silver_desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN34yTh0nk7HAz8id5Z/wiIX3H7ptleDyXy5bfbemico Desktop"; silver_desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN34yTh0nk7HAz8id5Z/wiIX3H7ptleDyXy5bfbemico Desktop";
thenobrainer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"; thenobrainer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer";
eliza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJaVEGPDxG/0gbYJovPB+tiODgBDUABlgc1OokmF3WA eliza-skynet"; eliza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJaVEGPDxG/0gbYJovPB+tiODgBDUABlgc1OokmF3WA eliza-skynet";
@ -9,6 +10,7 @@ let
users = [ users = [
admin admin
silver_laptop silver_laptop
silver_laptop_2
silver_desktop silver_desktop
thenobrainer thenobrainer
eliza eliza
@ -21,7 +23,7 @@ let
galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea"; galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea";
optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus"; optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus";
glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados"; glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados";
wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEehcrWqZbTr4+do1ONE9Il/SayP0xXMvhozm845tonN root@wheatly"; wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPlgCGtyvd3xwYg9ZNyjTJNB/LvUSJO01SzN8PGcDLP root@wheatly";
kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt"; kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt";
gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir"; gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir";
neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFAs6lBJSUBRhtZO3zGKhEIlWvqnHFGAQuQ//9FdAn6 root@neuromancer"; neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFAs6lBJSUBRhtZO3zGKhEIlWvqnHFGAQuQ//9FdAn6 root@neuromancer";
@ -30,6 +32,7 @@ let
cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie"; cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie";
marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin"; marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin";
calculon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsmeBfh4Jw2GOL7Iyswzn4TVNzalDbxDgh7WuQotFxR root@calculon"; calculon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsmeBfh4Jw2GOL7Iyswzn4TVNzalDbxDgh7WuQotFxR root@calculon";
ariia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4kV6W1/tP/nf2ZWNhRoV1mK04R4pS+c5vdsA1n5gpN root@ariia";
systems = [ systems = [
agentjones agentjones
@ -47,6 +50,7 @@ let
cadie cadie
marvin marvin
calculon calculon
ariia
]; ];
dns = [ dns = [
@ -74,7 +78,7 @@ let
]; ];
grafana = [ grafana = [
kitt ariia
]; ];
# these need dns stuff # these need dns stuff
@ -113,10 +117,6 @@ let
bitwarden = [ bitwarden = [
kitt kitt
]; ];
nuked = [
optimus
];
in { in {
# nix run github:ryantm/agenix -- -e secret1.age # nix run github:ryantm/agenix -- -e secret1.age
@ -136,6 +136,9 @@ in {
"gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners; "gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners;
"gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners; "gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners;
"forgejo/runners/token.age".publicKeys = users ++ gitlab_runners;
"forgejo/runners/ssh.age".publicKeys = users ++ gitlab_runners;
# for ldap # for ldap
"ldap/pw.age".publicKeys = users ++ ldap ++ bitwarden; "ldap/pw.age".publicKeys = users ++ ldap ++ bitwarden;
# for use connectring to teh ldap # for use connectring to teh ldap
@ -144,10 +147,8 @@ in {
# everyone has access to this # everyone has access to this
"backup/restic.age".publicKeys = users ++ systems; "backup/restic.age".publicKeys = users ++ systems;
"backup/restic_pw.age".publicKeys = users ++ restic; "backup/restic_pw.age".publicKeys = users ++ restic;
"backup/nuked.age".publicKeys = users ++ nuked;
# discord bot and discord # discord bot and discord
"discord/ldap.age".publicKeys = users ++ ldap ++ discord;
"discord/token.age".publicKeys = users ++ discord; "discord/token.age".publicKeys = users ++ discord;
# email stuff # email stuff

Binary file not shown.

Binary file not shown.