diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml deleted file mode 100644 index b3f6453..0000000 --- a/.forgejo/workflows/deploy.yaml +++ /dev/null @@ -1,59 +0,0 @@ -name: Build_Deploy - -on: - workflow_run: - workflows: [ "Update_Flake" ] - types: - - completed - push: - branches: - - 'main' - paths: - - applications/**/* - - machines/**/* - - secrets/**/* - - flake.* - - config/**/* - - .forgejo/**/* - -jobs: - linter: - runs-on: nix - steps: - - uses: actions/checkout@v4 - - run: nix fmt -- --check . - - run: nix --version - - #if: github.repository == 'Skynet/nixos' - build: - runs-on: nix - steps: - - uses: actions/checkout@v4 - - run: nix develop -v -# - name: Archive Test Results -# if: always() -# run: sleep 100m -# - run: colmena build -v --on @active-dns -# - run: colmena build -v --on @active-core -# - run: colmena build -v --on @active -# - run: colmena build -v --on @active-ext -# - run: colmena build -v --on @active-git - - deploy_dns: - runs-on: nix - needs: [ linter, build ] - steps: - - uses: actions/checkout@v4 - - run: colmena apply -v --on @active-dns --show-trace - shell: bash - - deploy_active: - strategy: - matrix: - batch: [ active-core, active, active-ext ] - runs-on: nix - needs: [ deploy_dns ] - steps: - - uses: actions/checkout@v4 - - run: colmena apply -v --on @${{ matrix.batch }} --show-trace - shell: bash \ No newline at end of file diff --git a/.forgejo/workflows/deploy_forgejo.yaml b/.forgejo/workflows/deploy_forgejo.yaml deleted file mode 100644 index 0fee7f9..0000000 --- a/.forgejo/workflows/deploy_forgejo.yaml +++ /dev/null @@ -1,12 +0,0 @@ -name: Update_Forgejo - -on: - workflow_dispatch: - -jobs: - deploy: - runs-on: nix - steps: - - uses: actions/checkout@v4 - - run: colmena apply -v --on @active-git --show-trace - shell: bash \ No newline at end of file diff --git a/.forgejo/workflows/update_input.yaml b/.forgejo/workflows/update_input.yaml deleted file mode 100644 index 8e13da6..0000000 --- a/.forgejo/workflows/update_input.yaml +++ /dev/null @@ -1,31 +0,0 @@ -name: Update_Flake - -run-name: "[Update Flake] ${{ inputs.input_to_update }}" - -on: - workflow_dispatch: - inputs: - input_to_update: - description: 'Flake input to update' - required: false - type: string - -jobs: - update: - runs-on: nix - - permissions: - # Give the default GITHUB_TOKEN write permission to commit and push the - # added or changed files to the repository. - contents: write - - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ github.head_ref }} - token: ${{ secrets.PIPELINE_TOKEN }} - - run: nix flake update ${{ inputs.input_to_update }} - shell: bash - - uses: https://github.com/stefanzweifel/git-auto-commit-action@v5 - with: - commit_message: "Updated flake for ${{ inputs.input_to_update }}" \ No newline at end of file diff --git a/.forgejo/workflows/update_websites.yaml b/.forgejo/workflows/update_websites.yaml deleted file mode 100644 index c27629e..0000000 --- a/.forgejo/workflows/update_websites.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# The websites can sometimes cause issues when being built and deployed -# This pipeline is to update the inputs from the server - -name: Update_Flake_Websites - -run-name: "[Update Flake Websites]" - -on: - workflow_dispatch: - -jobs: - update: - runs-on: nix - - permissions: - # Give the default GITHUB_TOKEN write permission to commit and push the - # added or changed files to the repository. - contents: write - - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ github.head_ref }} - token: ${{ secrets.PIPELINE_TOKEN }} - - run: nix flake update skynet_website_2003 - shell: bash - - run: nix flake update skynet_website_2006 - shell: bash - - run: nix flake update skynet_website_2016 - shell: bash - - run: nix flake update skynet_website_2021 - shell: bash - - run: nix flake update skynet_website_2023 - shell: bash - - run: nix flake update skynet_website_2024 - shell: bash - - run: nix flake update skynet_website - shell: bash - - uses: https://github.com/stefanzweifel/git-auto-commit-action@v5 - with: - commit_message: "Updated flake for Websites" \ No newline at end of file diff --git a/.gitignore b/.gitignore index 3e54b4d..0d38c4e 100644 --- a/.gitignore +++ b/.gitignore @@ -6,9 +6,6 @@ *.tmp tmp -# open office tmp lockfiles -.~lock.* - # Test files test.* *.test.* diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8b6254c..4e56b1d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -30,7 +30,7 @@ update: # the part that updates the flake - nix --experimental-features 'nix-command flakes' flake lock --update-input $PACKAGE_NAME - git add flake.lock - - git commit -m "Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit" + - git commit -m "[skip ci] Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit" # we have a custom domain - git remote rm origin && git remote add origin ssh://git@gitlab.skynet.ie:2222/compsoc1/skynet/nixos.git - git push origin HEAD:$CI_COMMIT_REF_NAME @@ -48,14 +48,13 @@ sync_repos: - chmod +x ./sync.sh - ./sync.sh rules: - - if: $UPDATE_FLAKE == "yes" - when: never - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' changes: - sync/repos.csv .scripts_base: &scripts_base # load nix environment + - git pull origin $CI_COMMIT_REF_NAME - . "$HOME/.nix-profile/etc/profile.d/nix.sh" - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#colmena @@ -70,8 +69,6 @@ sync_repos: - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#attic-client - attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY - attic use skynet-cache - # add any new items to the cache - - attic watch-store skynet-cache & # every commit on main will build and deploy .build_template: &builder @@ -81,8 +78,6 @@ sync_repos: - *scripts_base - *scripts_cache rules: - - if: $UPDATE_FLAKE == "yes" - when: never - changes: - applications/**/* - machines/**/* @@ -98,8 +93,6 @@ sync_repos: - *scripts_base - *scripts_cache rules: - - if: $UPDATE_FLAKE == "yes" - when: never - if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' changes: - flake.nix @@ -119,12 +112,12 @@ build: <<: *builder stage: test script: - - nix --extra-experimental-features 'nix-command flakes' develop + - attic watch-store skynet-cache & - colmena build -v --on @active-dns - colmena build -v --on @active-core - colmena build -v --on @active - colmena build -v --on @active-ext - - colmena build -v --on @active-git + - colmena build -v --on @active-gitlab # dns always has to be deployed first deploy_dns: @@ -161,11 +154,12 @@ deploy_ext: - deploy_dns script: - colmena apply -v --on @active-ext + allow_failure: true deploy_gitlab: <<: *builder <<: *deployment stage: deploy_gitlab script: - - colmena apply -v --on @active-git + - colmena apply -v --on @active-gitlab when: manual diff --git a/ITD/Firewall_Rules.csv b/ITD/Firewall_Rules.csv deleted file mode 100644 index ebc5333..0000000 --- a/ITD/Firewall_Rules.csv +++ /dev/null @@ -1,49 +0,0 @@ -Rule,Action,Ticket,Status,Source_IP,Source_Server,Destination_IP,Destination_Server,Port_TCP,Port_UDP,Notes -SKYNET_FIREWALL_00000,Add,,Complete,VPN,-,93.1.99.71 - 193.1.99.126,All,22,-,sftp/ssh required from vpn to servers for admins -SKYNET_FIREWALL_00001,Add,,Complete,All,-,193.1.99.109,SKYNET00004,-,53,Nameserver for skynet.ie -SKYNET_FIREWALL_00002,Add,,Complete,All,-,193.1.99.111,SKYNET00005,"80, 443, 8000",-,"ULFM, http(s) for internet streaming, 8000 for connecting to the server." -SKYNET_FIREWALL_00003,Add,,Complete,All,-,193.1.99.112,SKYNET00006,"80, 443, 25565",-,"Games host, Minecraft uses 25565 (will have more ports in the future)" -SKYNET_FIREWALL_00004,Add,,Complete,All,-,193.1.99.120,SKYNET00002,-,53,Nameserver for skynet.ie -SKYNET_FIREWALL_00005,Add,i23-01-19_681,Complete,193.1.99.72,SKYNET00001,All,-,-,-,Allow outbound access -SKYNET_FIREWALL_00006,Add,i23-01-19_681,Complete,193.1.99.75,SKYNET00008,All,-,-,-,Allow outbound access -SKYNET_FIREWALL_00007,Add,i23-01-19_681,Complete,193.1.99.109,SKYNET00004,All,-,-,-,Allow outbound access -SKYNET_FIREWALL_00008,Add,i23-01-19_681,Complete,193.1.99.111,SKYNET00005,All,-,-,-,Allow outbound access -SKYNET_FIREWALL_00009,Add,i23-01-19_681,Complete,193.1.99.112,SKYNET00006,All,-,-,-,Allow outbound access -SKYNET_FIREWALL_00010,Add,i23-01-19_681,Complete,193.1.99.120,SKYNET00002,All,-,-,-,Allow outbound access -SKYNET_FIREWALL_00011,Add,i23-05-18_249,Complete,All,-,193.1.99.75,SKYNET00008,"80, 443",-,For gitlab Access -SKYNET_FIREWALL_00012,Add,i23-05-18_249,Complete,193.1.99.72 - 193.1.99.126,-,All,-,-,-,"I would also like to extend the outbound access to cover our entire range (193.1.99.72 to 193.1.99.126) to allow for setup for more servers on those ip's (need to download updates and packages). -I have a few servers I plan to setup over the next two weeks, one after another as the later ones depend on earlier ones. -In such a case asking for permission for each individual IP would induce several tickets and a few weeks of paperwork going through change control. -Only a few of these sevices will need inbound ports opened on ITD's firewall, which can be requested when the systems are up, running and secured." -SKYNET_FIREWALL_00013,Add,i23-05-18_249,Complete,All,-,193.1.99.76,SKYNET00009,"143, 993, 587, 465",-,Email Server -SKYNET_FIREWALL_00014,Add,i23-06-19_525,Complete,All,-,193.1.99.76,SKYNET00009,"80, 443, 25",-,"Mailserver here, SPF, DKIM and DMARC are all set up" -SKYNET_FIREWALL_00015,Add,i23-06-19_525,Complete,All,-,193.1.99.79,SKYNET00011,"80, 443",-,Main Skynet webserver -SKYNET_FIREWALL_00016,Add,i23-06-30_024,Complete,All,-,193.1.96.165,SKYNET00012,22,-,"Skynet user's server -Outlet is 131 or 132" -SKYNET_FIREWALL_00017,Add,i23-06-30_024,Complete,193.1.96.165,SKYNET00012,193.1.99.120,SKYNET00002,-,53,Allow Skynet server to use our own internal DNS -SKYNET_FIREWALL_00018,Add,i23-06-30_024,Complete,193.1.96.165,SKYNET00012,193.1.99.74,SKYNET00007,389/636,-,Allow Skynet server to access LDAP -,Add,i23-07-28_010,Denied,All,-,193.1.99.74,SKYNET00007,"80, 443",-,Self Service site for Skynet accounts – Only 443 on account modification pages -SKYNET_FIREWALL_00019,Add,i23-07-28_010,Complete,All,-,193.1.99.74,SKYNET00007,443,-,Self Service site for Skynet accounts -SKYNET_FIREWALL_00020,Add,i23-09-05_639,Complete,All,-,193.1.96.165,SKYNET00012,"80, 443",-,Web hosting for user sites -SKYNET_FIREWALL_00021,Add,i23-10-27_014,Complete,All,-,193.1.99.77,SKYNET00014,"80, 443",-,"Nextcloud, selfhosted google services, filestorage and documents" -SKYNET_FIREWALL_00022,Add,i24-02-01_102,Complete,193.1.96.165,SKYNET00012,103.1.99.109,SKYNET00004,-,53,Give the Skynet server access to ur secondary DNS -SKYNET_FIREWALL_00023,Add,i24-02-01_102,Complete,193.1.99.78,SKYNET00010,193.1.96.165,SKYNET00012,22,-,Allow our gitlab runner to access and deploy to teh external server -SKYNET_FIREWALL_00024,Add,i24-02-16_065,Complete,All,-,193.1.99.90,SKYNET00016,"80, 443",-,Games Server Administrative panel -SKYNET_FIREWALL_00025,Add,i24-02-16_065,Complete,All,-,193.1.99.91,SKYNET00017,25518-25525,"19132, 24418-24425",Minecraft Games server -SKYNET_FIREWALL_00026,Add,i24-06-04_017,Complete,All,-,193.1.99.76,SKYNET00009,4190,-,"Email sieve to allow members to add email filters to their -skynet mail." -SKYNET_FIREWALL_00027,Add,i24-06-04_017,Complete,All,-,193.1.99.82,SKYNET00018,80/443,-,"Public services such as a binary cache, open governance and keyserver" -,Add,i24-06-04_017,Denied,All,-,193.1.99.90,SKYNET00016,8080,-,"Websocket for admin panel on games management server -Denied because more information on wat it was for was requested" -,Add,i24-06-04_017,Denied,193.1.99.74,SKYNET00007,193.1.96.165,SKYNET00012,9000-9020,-,"Metrics collection, not done because not enough info provided" -SKYNET_FIREWALL_00028,Remove,i24-06-04_017,Complete,-,-,193.1.99.112,SKYNET00019,25565,-,No longer the minecraft game host -SKYNET_FIREWALL_00029,Add,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Websocket for admin panel on games management server -SKYNET_FIREWALL_00030,Add,i24-06-04_017,Complete,193.1.99.83,SKYNET00020,193.1.96.165,SKYNET00012,9000-9010,-,Metrics Collection -SKYNET_FIREWALL_00031,Add,i24-06-04_017,Complete,All,-,193.1.99.83,SKYNET00020,"80, 443",-,Web interface for Metrics server -SKYNET_FIREWALL_00032,Remove,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Had incorrectly opened 8080 on the main panel -SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server -,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet' -SKYNET_FIREWALL_00034,Add,i25-01-26_075,Complete,All,-,193.1.99.91,SKYNET00017,-,23318-23325,Ports for Minecraft Bedrock on the main games server. -SKYNET_FIREWALL_00035,Add,i25-02-14_114,Complete,193.1.99.75,SKYNET00008,193.1.96.165,SKYNET00012,22,-,Allow our forgejo runner to access and deploy to teh external server -SKYNET_FIREWALL_00036,Add,i25-03-11_125,Complete,All,-,193.1.99.86,SKYNET00027,25,-,Email Filter -SKYNET_FIREWALL_00037,Add,i25-03-30_018,Complete,All,-,193.1.99.91,SKYNET00017,27015/27016/27020,27015/27020,CSGO/TF2 Ports \ No newline at end of file diff --git a/ITD/Server_Inventory.csv b/ITD/Server_Inventory.csv deleted file mode 100644 index c7a57f1..0000000 --- a/ITD/Server_Inventory.csv +++ /dev/null @@ -1,28 +0,0 @@ -Index,Name,Status,IP_Address,OS,Description -SKYNET00001,agentjones,Active,193.1.99.072,Nixos-24.05,Firewall (currently not active) -SKYNET00002,vendetta,Active,193.1.99.120,Nixos-24.05,DNS Nameserver 1 -SKYNET00003,jarvis,Active,193.1.99.073,Proxmox,VM Host -SKYNET00004,vigil,Active,193.1.99.109,Nixos-24.05,DNS Nameserver 2 -SKYNET00005,galatea,Active,193.1.99.111,Nixos-24.05,ULFM Radio -SKYNET00006,optimus,Retired,193.1.99.112,Nixos-24.05,Retired Games server -SKYNET00007,kitt,Active,193.1.99.074,Nixos-24.05,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" -SKYNET00008,glados,Active,193.1.99.075,Nixos-24.05,Gitlab server -SKYNET00009,gir,Active,193.1.99.076,Nixos-24.05,Email and Webmail -SKYNET00010,wheatly,Active,193.1.99.078,Nixos-24.05,Gitlab Runner -SKYNET00011,earth,Active,193.1.99.079,Nixos-24.05,Offical website host -SKYNET00012,skynet,Active,193.1.96.165,Nixos-24.05,Skynet server. (DMZ) -SKYNET00013,neuromancer,Active,193.1.99.080,Nixos-24.05,Local Backup Server -SKYNET00014,cadie,Active,193.1.99.077,Nixos-24.05,"Services VM, has nextcloud to start with" -SKYNET00015,marvin,Active,193.1.99.081,Nixos-24.05,Trainee testing server -SKYNET00016,optimus,Retired,193.1.99.090,Debian-12,Games server manager (replacing SKYNET00006 soon) -SKYNET00017,bumblebee,Retired,193.1.99.091,Debian-12,Game server - Minecraft -SKYNET00018,calculon,Active,193.1.99.082,Nixos-24.05,"Public Services such as binary cache, Open Governance and Keyserver" -SKYNET00019,deepthought,Active,193.1.99.112,Nixos-24.05,Backup Test Server using restic -SKYNET00020,ariia,Active,193.1.99.083,Nixos-24.05,"Metrics, Grafana and Prometheus" -SKYNET00021,ash,Active,193.1.99.114,NA,Server Room Network access -SKYNET00022,ultron,Active,193.1.99.084,Proxmox,VM Host -SKYNET00023,optimus-test,Retired,193.1.99.085,Nixos,Testing flake for Pelecian -SKYNET00024,optimus,Active,193.1.99.090,Nixos,Games server manager (replaced SKYNET00016) -SKYNET00025,bumblebee,Active,193.1.99.091,Nixos,Game server - Minecraft (replaced SKYNET00017) -SKYNET00026,vision,Active,193.1.99.085,Raspbian,Proxmox Qurom server -SKYNET00027,mimi,Active,193.1.99.086,Proxmox-Mail-Gateway,Proxmox Mail Gateway \ No newline at end of file diff --git a/ITD/VPN_Admins.csv b/ITD/VPN_Admins.csv deleted file mode 100644 index 6e3860a..0000000 --- a/ITD/VPN_Admins.csv +++ /dev/null @@ -1,6 +0,0 @@ -Index,First Name,Surname,UL Student Email -SKYNET_VPN_ADM_001,Brendan,Golden,12136891@studentmail.ul.ie -SKYNET_VPN_ADM_002,Evan,Cassidy,External -SKYNET_VPN_ADM_003,Eoghan,Conlon,21310262@studentmail.ul.ie -SKYNET_VPN_ADM_004,Eliza,Macovei,23382619@studentmail.ul.ie -SKYNET_VPN_ADM_005,Daragh,Downes,22351159@studentmail.ul.ie diff --git a/ITD/VPN_Admins_changes.csv b/ITD/VPN_Admins_changes.csv deleted file mode 100644 index f9e4a0e..0000000 --- a/ITD/VPN_Admins_changes.csv +++ /dev/null @@ -1,7 +0,0 @@ -Date,Date Modified,Action,Ticket,ID -SKYNET_VPN_ADM_CHANGE_001,2023/04/04,Added,,SKYNET_VPN_ADM_001 -SKYNET_VPN_ADM_CHANGE_002,2023/04/04,Added,,SKYNET_VPN_ADM_002 -SKYNET_VPN_ADM_CHANGE_003,2023/04/04,Added,,SKYNET_VPN_ADM_003 -SKYNET_VPN_ADM_CHANGE_003,2024/07/21,Removed,i24-07-22_760,SKYNET_VPN_ADM_003 -SKYNET_VPN_ADM_CHANGE_004,2024/07/21,Added,i24-07-22_760,SKYNET_VPN_ADM_004 -SKYNET_VPN_ADM_CHANGE_005,2024/07/21,Added,i24-07-22_760,SKYNET_VPN_ADM_005 diff --git a/ITD_Firewall.csv b/ITD_Firewall.csv new file mode 100644 index 0000000..7978336 --- /dev/null +++ b/ITD_Firewall.csv @@ -0,0 +1,19 @@ +Index,Status,Name,IP_Address,DNS_Name,Ports TCP,Ports UDP,Tunnel,Ports_Requested,Related_Tickets,Description +SKYNET00001,Active,agentjones,193.1.99.72,agentjones,,,,,,Firewall (currently not active) +SKYNET00002,Active,vendetta,193.1.99.120,vendetta/ns1,,53,,,,DNS Nameserver 1 +SKYNET00003,Active,jarvis,193.1.99.73,jarvis,,,,,,VM Host +SKYNET00004,Active,vigil,193.1.99.109,vigil/ns2,,53,,,,DNS Nameserver 2 +SKYNET00005,Active,galatea,193.1.99.111,galatea/stream,80/443 8000,,,,,ULFM Radio +SKYNET00006,Retired,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,,,,,Retired Games server +SKYNET00007,Active,kitt,193.1.99.74,kitt/account/api.account,443,,,-> skynet:9000-9020,i23-07-28_010,"LDAP and Self-Service Password/Account management, also hosts our Discord bot" +SKYNET00008,Active,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,,,,i23-05-18_249,Gitlab server +SKYNET00009,Active,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,,,4190,i23-06-19_525/i23-06-19_525,Email and Webmail +SKYNET00010,Active,wheatly,193.1.99.78,wheatly,,,-> skynet:22,,,Gitlab Runner +SKYNET00011,Active,earth,193.1.99.79,earth,80/443,,,,i23-06-19_525,Offical website host +SKYNET00012,Active,skynet,193.1.96.165,skynet/*.users,22 80/443,,,,i23-06-30_024,Skynet server. (DMZ) +SKYNET00013,Active,neuromancer,193.1.99.80,neuromancer,,,,,,Local Backup Server +SKYNET00014,Active,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,80/443,,,,i23-10-27_014,"Services VM, has nextcloud to start with" +SKYNET00015,Active,marvin,193.1.99.81,marvin,,,,,,Trainee testing server +SKYNET00016,Active,optimus,193.1.99.90,,80/443,,,8080,i24-02-16_065,Games server manager (replacing SKYNET00006 soon) +SKYNET00017,Active,bumblebee,193.1.99.91,,25518-25525,19132 24418-24425,,,i24-02-16_065,Game server - Minecraft +SKYNET00018,Active,calculon,193.1.99.82,,,,,80/443,,"Public Services such as binary cache, Open Governance and Keyserver" diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 3283b25..0000000 --- a/LICENSE +++ /dev/null @@ -1,9 +0,0 @@ -MIT License - -Copyright (c) 2024 Skynet - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/Possible_Server_Names.md b/Possible_Server_Names.md index 27c5d1d..435cdec 100644 --- a/Possible_Server_Names.md +++ b/Possible_Server_Names.md @@ -1,6 +1,5 @@ https://web.archive.org/web/20180815150202/https://wiki.skynet.ie/Admin/SkynetMachines https://en.m.wikipedia.org/wiki/Category:Fictional_artificial_intelligences -https://en.wikipedia.org/wiki/List_of_artificial_intelligence_films * agentsmith * skynet diff --git a/README.md b/README.md index 1990b82..f98fd97 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ colmena build --on @active-dns Deploying is putting (apply-ing) the config tat was built onto the server, there is no need to build first, it will automatically do so. While the ***recommended way of deploying is using the CI/CD process*** there are times when you will have to manually deploy the config. -One such case is the ``@active-git`` group if either Gitlab or Gitlab-runner got updated. +One such case is the ``@active-gitlab`` group if either Gitlab or Gitlab-runner got updated. Another is if ye have fecked up DNS. Your ``~/.ssh/config`` should be set up as follows and you should be a member of ``skynet-admins-linux`` @@ -60,10 +60,10 @@ Then you can run the following commands like so: ```shell colmena apply colmena apply --on @active-dns -colmena apply --on @active-git +colmena apply --on @active-gitlab ``` -The CI/CD pipeline has a manual job that can be triggered to update ``@active-git`` if you know it wont cause issues. +The CI/CD pipeline has a manual job that can be triggered to update ``@active-gitlab`` if you know it wont cause issues. ### Agenix diff --git a/applications/_base.nix b/applications/_base.nix index 79a83df..bd1f017 100644 --- a/applications/_base.nix +++ b/applications/_base.nix @@ -9,24 +9,9 @@ with lib; let cfg = config.services.skynet; in { imports = [ - # every server needs to have a dns record - ./dns/dns.nix - - # every server should have proper certs ./acme.nix + ./dns.nix ./nginx.nix - - # every server may need the firewall config stuff - ./firewall.nix - - # every server needs teh ldap client for admins - ./ldap/client.nix - - # every server will need the config to backup to - ./restic.nix - - # every server will be monitored for grafana - ./prometheus.nix ]; options.services.skynet = { @@ -42,16 +27,6 @@ in { type = types.str; default = "${cfg.host.name}.skynet.ie"; }; - interface = mkOption { - type = types.str; - description = "Will most likely be ``eno1`` for physical servers."; - default = "eth0"; - }; - cidr = mkOption { - type = types.int; - description = "Most of our servers are /26, "; - default = 26; - }; }; }; @@ -70,23 +45,6 @@ in { } ]; - # use lix instead of nix - nix.package = pkgs.lixPackageSets.stable.lix; - - # set - networking = { - hostName = cfg.host.name; - defaultGateway.interface = lib.mkForce cfg.host.interface; - - # needs to have an address statically assigned - interfaces."${cfg.host.interface}".ipv4.addresses = [ - { - address = cfg.host.ip; - prefixLength = cfg.host.cidr; - } - ]; - }; - services.nginx = { virtualHosts = { # for every server unless explisitly defined redirect the ip to skynet.ie diff --git a/applications/_retired/games.nix b/applications/_retired/games.nix index 2f48ae0..7ffd9f7 100644 --- a/applications/_retired/games.nix +++ b/applications/_retired/games.nix @@ -10,6 +10,7 @@ with lib; let cfg = config.services.skynet."${name}"; in { imports = [ + ./dns.nix ./nginx.nix ./games/minecraft.nix ]; diff --git a/applications/_retired/games/minecraft.nix b/applications/_retired/games/minecraft.nix index a71121c..8953efe 100644 --- a/applications/_retired/games/minecraft.nix +++ b/applications/_retired/games/minecraft.nix @@ -13,6 +13,10 @@ with lib; let short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; in { imports = [ + ../acme.nix + ../dns.nix + ../firewall.nix + ../nginx.nix inputs.arion.nixosModules.arion ]; diff --git a/applications/acme.nix b/applications/acme.nix index 97aff51..e4aec7a 100644 --- a/applications/acme.nix +++ b/applications/acme.nix @@ -27,19 +27,20 @@ in { age.secrets.acme.file = ../secrets/dns_certs.secret.age; security.acme = { + preliminarySelfsigned = false; acceptTerms = true; defaults = { email = "admin_acme@skynet.ie"; - credentialsFile = config.age.secrets.acme.path; # we use our own dns authorative server for verifying we own the domain. dnsProvider = "rfc2136"; + credentialsFile = config.age.secrets.acme.path; }; certs = { "skynet" = { domain = "skynet.ie"; - extraDomainNames = lists.naturalSort cfg.domains; + extraDomainNames = cfg.domains; }; }; }; diff --git a/applications/bitwarden/bitwarden-directory-connector-cli.nix b/applications/bitwarden/bitwarden-directory-connector-cli.nix new file mode 100644 index 0000000..85ed64f --- /dev/null +++ b/applications/bitwarden/bitwarden-directory-connector-cli.nix @@ -0,0 +1,324 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.services.bitwarden-directory-connector-cli; +in { + disabledModules = ["services/security/bitwarden-directory-connector-cli.nix"]; + + options.services.bitwarden-directory-connector-cli = { + enable = mkEnableOption "Bitwarden Directory Connector"; + + package = mkPackageOption pkgs "bitwarden-directory-connector-cli" {}; + + domain = mkOption { + type = types.str; + description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessible on."; + example = "https://vaultwarden.example.com"; + }; + + user = mkOption { + type = types.str; + description = lib.mdDoc "User to run the program."; + default = "bwdc"; + }; + + interval = mkOption { + type = types.str; + default = "*:0,15,30,45"; + description = lib.mdDoc "The interval when to run the connector. This uses systemd's OnCalendar syntax."; + }; + + ldap = mkOption { + description = lib.mdDoc '' + Options to configure the LDAP connection. + If you used the desktop application to test the configuration you can find the settings by searching for `ldap` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. + ''; + default = {}; + type = types.submodule ({ + config, + options, + ... + }: { + freeformType = types.attrsOf (pkgs.formats.json {}).type; + + config.finalJSON = builtins.toJSON (removeAttrs config (filter (x: x == "finalJSON" || ! options.${x}.isDefined or false) (attrNames options))); + + options = { + finalJSON = mkOption { + type = (pkgs.formats.json {}).type; + internal = true; + readOnly = true; + visible = false; + }; + + ssl = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether to use TLS."; + }; + startTls = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether to use STARTTLS."; + }; + + hostname = mkOption { + type = types.str; + description = lib.mdDoc "The host the LDAP is accessible on."; + example = "ldap.example.com"; + }; + + port = mkOption { + type = types.port; + default = 389; + description = lib.mdDoc "Port LDAP is accessible on."; + }; + + ad = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether the LDAP Server is an Active Directory."; + }; + + pagedSearch = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether the LDAP server paginates search results."; + }; + + rootPath = mkOption { + type = types.str; + description = lib.mdDoc "Root path for LDAP."; + example = "dc=example,dc=com"; + }; + + username = mkOption { + type = types.str; + description = lib.mdDoc "The user to authenticate as."; + example = "cn=admin,dc=example,dc=com"; + }; + }; + }); + }; + + sync = mkOption { + description = lib.mdDoc '' + Options to configure what gets synced. + If you used the desktop application to test the configuration you can find the settings by searching for `sync` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. + ''; + default = {}; + type = types.submodule ({ + config, + options, + ... + }: { + freeformType = types.attrsOf (pkgs.formats.json {}).type; + + config.finalJSON = builtins.toJSON (removeAttrs config (filter (x: x == "finalJSON" || ! options.${x}.isDefined or false) (attrNames options))); + + options = { + finalJSON = mkOption { + type = (pkgs.formats.json {}).type; + internal = true; + readOnly = true; + visible = false; + }; + + removeDisabled = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc "Remove users from bitwarden groups if no longer in the ldap group."; + }; + + overwriteExisting = mkOption { + type = types.bool; + default = false; + description = + lib.mdDoc "Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details."; + }; + + largeImport = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Enable if you are syncing more than 2000 users/groups."; + }; + + memberAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute that lists members in a LDAP group."; + example = "uniqueMember"; + }; + + creationDateAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute that lists a user's creation date."; + example = "whenCreated"; + }; + + useEmailPrefixSuffix = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "If a user has no email address, combine a username prefix with a suffix value to form an email."; + }; + emailPrefixAttribute = mkOption { + type = types.str; + description = lib.mdDoc "The attribute that contains the users username."; + example = "accountName"; + }; + emailSuffix = mkOption { + type = types.str; + description = lib.mdDoc "Suffix for the email, normally @example.com."; + example = "@example.com"; + }; + + users = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Sync users."; + }; + userPath = mkOption { + type = types.str; + description = lib.mdDoc "User directory, relative to root."; + default = "ou=users"; + }; + userObjectClass = mkOption { + type = types.str; + description = lib.mdDoc "Class that users must have."; + default = "inetOrgPerson"; + }; + userEmailAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute for a users email."; + default = "mail"; + }; + userFilter = mkOption { + type = types.str; + description = lib.mdDoc "LDAP filter for users."; + example = "(memberOf=cn=sales,ou=groups,dc=example,dc=com)"; + default = ""; + }; + + groups = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether to sync ldap groups into BitWarden."; + }; + groupPath = mkOption { + type = types.str; + description = lib.mdDoc "Group directory, relative to root."; + default = "ou=groups"; + }; + groupObjectClass = mkOption { + type = types.str; + description = lib.mdDoc "A class that groups will have."; + default = "groupOfNames"; + }; + groupNameAttribute = mkOption { + type = types.str; + description = lib.mdDoc "Attribute for a name of group."; + default = "cn"; + }; + groupFilter = mkOption { + type = types.str; + description = lib.mdDoc "LDAP filter for groups."; + example = "(cn=sales)"; + default = ""; + }; + }; + }); + }; + + secrets = { + ldap = mkOption { + type = types.str; + description = "Path to file that contains LDAP password for user in {option}`ldap.username"; + }; + + bitwarden = { + client_path_id = mkOption { + type = types.str; + description = "Path to file that contains Client ID."; + }; + client_path_secret = mkOption { + type = types.str; + description = "Path to file that contains Client Secret."; + }; + }; + }; + }; + + config = mkIf cfg.enable { + users.groups."${cfg.user}" = {}; + users.users."${cfg.user}" = { + isSystemUser = true; + group = cfg.user; + }; + + systemd = { + timers.bitwarden-directory-connector-cli = { + description = "Sync timer for Bitwarden Directory Connector"; + wantedBy = ["timers.target"]; + after = ["network-online.target"]; + timerConfig = { + OnCalendar = cfg.interval; + Unit = "bitwarden-directory-connector-cli.service"; + Persistent = true; + }; + }; + + services.bitwarden-directory-connector-cli = { + description = "Main process for Bitwarden Directory Connector"; + + environment = { + BITWARDENCLI_CONNECTOR_APPDATA_DIR = "/tmp"; + BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS = "true"; + }; + + serviceConfig = { + Type = "oneshot"; + User = "${cfg.user}"; + PrivateTmp = true; + ExecStartPre = pkgs.writeShellScript "bitwarden_directory_connector-config" '' + set -eo pipefail + + # create the config file + ${lib.getExe cfg.package} data-file + touch /tmp/data.json.tmp + chmod 600 /tmp/data.json{,.tmp} + + ${lib.getExe cfg.package} config server ${cfg.domain} + + # now login to set credentials + export BW_CLIENTID="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_id})" + export BW_CLIENTSECRET="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_secret})" + ${lib.getExe cfg.package} login + + ${lib.getExe pkgs.jq} '.authenticatedAccounts[0] as $account + | .[$account].directoryConfigurations.ldap |= $ldap_data + | .[$account].directorySettings.organizationId |= $orgID + | .[$account].directorySettings.sync |= $sync_data' \ + --argjson ldap_data ${escapeShellArg cfg.ldap.finalJSON} \ + --arg orgID "''${BW_CLIENTID//organization.}" \ + --argjson sync_data ${escapeShellArg cfg.sync.finalJSON} \ + /tmp/data.json \ + > /tmp/data.json.tmp + + mv -f /tmp/data.json.tmp /tmp/data.json + + # final config + ${lib.getExe cfg.package} config directory 0 + ${lib.getExe cfg.package} config ldap.password --secretfile ${cfg.secrets.ldap} + ''; + + ExecStart = "${lib.getExe cfg.package} sync"; + }; + }; + }; + }; + + meta.maintainers = with maintainers; [Silver-Golden]; +} diff --git a/applications/bitwarden/bitwarden_sync.nix b/applications/bitwarden/bitwarden_sync.nix index db8b970..88104d0 100644 --- a/applications/bitwarden/bitwarden_sync.nix +++ b/applications/bitwarden/bitwarden_sync.nix @@ -6,7 +6,9 @@ }: let user = "bwdc"; in { - imports = []; + imports = [ + ./bitwarden-directory-connector-cli.nix + ]; options = {}; diff --git a/applications/bitwarden/vaultwarden.nix b/applications/bitwarden/vaultwarden.nix index fad00f4..52e0422 100644 --- a/applications/bitwarden/vaultwarden.nix +++ b/applications/bitwarden/vaultwarden.nix @@ -13,6 +13,9 @@ with lib; let domain = "${domain_sub}.skynet.ie"; in { imports = [ + ../acme.nix + ../dns.nix + ../nginx.nix ]; options.services.skynet."${name}" = { diff --git a/applications/discord.nix b/applications/discord.nix index 27c1bc9..df8f934 100644 --- a/applications/discord.nix +++ b/applications/discord.nix @@ -21,6 +21,7 @@ in { #backups = [ "/etc/silver_ul_ical/database.db" ]; age.secrets.discord_token.file = ../secrets/discord/token.age; + age.secrets.discord_ldap.file = ../secrets/discord/ldap.age; age.secrets.discord_mail.file = ../secrets/email/details.age; age.secrets.discord_wolves.file = ../secrets/wolves/details.age; @@ -30,9 +31,12 @@ in { env = { discord = config.age.secrets.discord_token.path; + ldap = config.age.secrets.discord_ldap.path; mail = config.age.secrets.discord_mail.path; wolves = config.age.secrets.discord_wolves.path; }; + + discord.server = "689189992417067052"; }; }; } diff --git a/applications/discord_t-800.nix b/applications/discord_t-800.nix deleted file mode 100644 index cad630a..0000000 --- a/applications/discord_t-800.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - pkgs, - lib, - inputs, - ... -}: -with lib; let - name = "discord_bot_t-800"; - cfg = config.services.skynet."${name}"; -in { - imports = [ - inputs.skynet_discord_bot_t-800.nixosModule."x86_64-linux" - ]; - - options.services.skynet."${name}" = { - enable = mkEnableOption "Logging Bot"; - }; - - config = mkIf cfg.enable { - #backups = [ "/etc/silver_ul_ical/database.db" ]; - - age.secrets.discord_t-800_details.file = ../secrets/discord/t-800.age; - - # this is what was imported - services.skynet_discord_bot_t-800 = { - enable = true; - - env = config.age.secrets.discord_t-800_details.path; - }; - }; -} diff --git a/applications/dns/dns.nix b/applications/dns.nix similarity index 56% rename from applications/dns/dns.nix rename to applications/dns.nix index 3286a98..deec46d 100644 --- a/applications/dns/dns.nix +++ b/applications/dns.nix @@ -3,42 +3,19 @@ pkgs, config, nodes, - self, ... }: let name = "dns"; cfg = config.services.skynet."${name}"; # reads that date to a string (will need to be fixed in 2038) - current_date = self.lastModified; - - # this gets a list of all domains we have records for - domains = lib.lists.naturalSort (lib.lists.unique ( - lib.lists.forEach records (x: x.domain) - )); - - # get the ip's of our servers - servers = lib.lists.naturalSort (lib.lists.unique ( - lib.lists.forEach (sort_records_a_server records) (x: x.value) - )); - - domains_owned = [ - # for historic reasons we own this - "csn.ul.ie" - # the main one we use now - "skynet.ie" - # a backup - "ulcompsoc.ie" - ]; + current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}"; # gets a list of records that match this type - filter_records_type = records: r_type: builtins.filter (x: x.r_type == r_type) records; - # Get all the A records that are for servers (base record for them) - filter_records_a_server = records: builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type records "A"); - # Every other A record - filter_records_a = records: builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type records "A"); + filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records; + filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A"); + filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A"); - # These functions are to get the final 3 digits of an IP address so we can use them for reverse pointer process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x); process_ptr_sub = record: { record = builtins.substring 9 3 record.record; @@ -47,100 +24,87 @@ }; ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip); - # filter and sort records so we cna group them in the right place later - sort_records_a_server = records: builtins.sort (a: b: a.record < b.record) (filter_records_a_server records); - sort_records_a = records: builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) (filter_records_a records); - sort_records_cname = records: builtins.sort (a: b: a.value < b.value) (filter_records_type records "CNAME"); - sort_records_ptr = records: builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type records "PTR")); - sort_records_srv = records: builtins.sort (a: b: a.record < b.record) (filter_records_type records "SRV"); + sort_records_server = builtins.sort (a: b: a.record < b.record) filter_records_server; + sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a; + sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME"); + sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR")); + sort_records_srv = builtins.sort (a: b: a.record < b.record) (filter_records_type "SRV"); - # a tad overkill but type guarding is useful - max = x: y: - assert builtins.isInt x; - assert builtins.isInt y; - if x < y - then y - else x; + format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records; - # get teh max length of a list of strings - max_len = records: lib.lists.foldr (a: b: (max a b)) 0 (lib.lists.forEach records (record: lib.strings.stringLength record.record)); - - # Now that we can get teh max lenth of a list of strings - # we can pad it out to the max len +1 - # this is so that teh generated file is easier for a human to read - format_records = records: let - offset = (max_len records) + 1; - in - lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records; - - # small function to add spaces until it reaches teh required length + # small function to trim it down a tad padString = text: length: fixedWidthString_post length " " text; # like lib.strings.fixedWidthString but postfix - # recursive function to extend a string up to a limit fixedWidthString_post = width: filler: str: let strw = lib.stringLength str; reqWidth = width - (lib.stringLength filler); in - # this is here because we were manually setting teh length, now max_len does that for us assert lib.assertMsg (strw <= width) "fixedWidthString_post: requested string length (${toString width}) must not be shorter than actual length (${toString strw})"; if strw == width then str else (fixedWidthString_post reqWidth filler str) + filler; # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie) - # ";" are comments in this file get_config_file = ( - domain: records: '' + domain: '' $TTL 60 ; 1 minute - ; hostmaster@skynet.ie is an email address that recieves stuff related to dns - @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( + ; hostmaster@${domain} is an email address that recieves stuff related to dns + @ IN SOA ${nameserver}.${domain}. hostmaster.${domain}. ( ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated - ${toString current_date} + ${current_date} 600 ; Refresh (10 minutes) 300 ; Retry (5 minutes) 604800 ; Expire (1 week) 3600 ; Minimum (1 hour) ) - ; @ stands for teh root domain so teh A record below is where ${domain} points to - @ NS ns1.skynet.ie. - @ NS ns2.skynet.ie. + @ NS ns1.${domain}. + @ NS ns2.${domain}. + ; @ stands for teh root domain so teh A record below is where ${domain} points to + ;@ A 193.1.99.76 + ;@ MX 5 ${domain}. + + ; can have multiple mailserves + @ MX 10 mail.${domain}. + ; ------------------------------------------ ; Server Names (A Records) ; ------------------------------------------ - ${format_records (sort_records_a_server records)} + ${format_records sort_records_server 31} ; ------------------------------------------ ; A (non server names ; ------------------------------------------ - ${format_records (sort_records_a records)} + ${format_records sort_records_a 31} ; ------------------------------------------ ; CNAMES ; ------------------------------------------ - ${format_records (sort_records_cname records)} + ${format_records sort_records_cname 31} ; ------------------------------------------ ; TXT ; ------------------------------------------ - ${format_records (filter_records_type records "TXT")} + ${format_records (filter_records_type "TXT") 31} ; ------------------------------------------ ; MX ; ------------------------------------------ - ${format_records (filter_records_type records "MX")} + ${format_records (filter_records_type "MX") 31} ; ------------------------------------------ ; SRV ; ------------------------------------------ - ${format_records (sort_records_srv records)} + ${format_records sort_records_srv 65} + + '' ); # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse - # config for our reverse dns pointers (not properly working) + # config for our reverse dnspointers (not properly working) get_config_file_rev = ( domain: '' $ORIGIN 64-64.99.1.193.in-addr.arpa. @@ -148,7 +112,7 @@ ; hostmaster@skynet.ie is an email address that recieves stuff related to dns @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated - ${toString current_date} + ${current_date} 600 ; Refresh (10 minutes) 300 ; Retry (5 minutes) 604800 ; Expire (1 week) @@ -161,37 +125,55 @@ ; ------------------------------------------ ; PTR ; ------------------------------------------ - ${format_records (sort_records_ptr records)} + ${format_records sort_records_ptr 3} '' ); - # arrays of teh two nameservers - nameserver_1 = ["193.1.99.109"]; - nameserver_2 = ["193.1.99.120"]; + # domains we dont have proper ownship over, only here to ensure the logs dont get cluttered. + get_config_file_old_domains = ( + domain: '' + $TTL 60 ; 1 minute + ; hostmaster@skynet.ie is an email address that recieves stuff related to dns + @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( + ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated + ${current_date} + 600 ; Refresh (10 minutes) + 300 ; Retry (5 minutes) + 604800 ; Expire (1 week) + 3600 ; Minimum (1 hour) + ) + + @ NS ns1.skynet.ie. + @ NS ns2.skynet.ie. + + '' + ); + + # arrys of teh two nameservers + tmp1 = ["193.1.99.109"]; + tmp2 = ["193.1.99.120"]; primaries = ( if cfg.server.primary then # primary servers have no primaries (ones they listen to) [] - else if builtins.elem cfg.server.ip nameserver_1 - then nameserver_2 - else nameserver_1 + else if builtins.elem cfg.server.ip tmp1 + then tmp2 + else tmp1 ); secondaries = ( if cfg.server.primary then - if builtins.elem cfg.server.ip nameserver_1 - then nameserver_2 - else nameserver_1 + if builtins.elem cfg.server.ip tmp1 + then tmp2 + else tmp1 else [] ); # small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router - # now limited explicitly to servers that we are administering - # See i24-09-30_050 for more information - create_cache_networks = map (x: "${toString x}/32") servers; + create_cache_networks = map (x: "193.1.99.${toString x}/32") (lib.lists.range 71 126); # standard function to create the etc file, pass in the text and domain and it makes it create_entry_etc_sub = domain: text: { @@ -203,38 +185,27 @@ # The UNIX file mode bits mode = "0664"; - # content of the file text = text; }; }; + # (text.owned "csn.ul.ie") # standard function to create the etc file, pass in the text and domain and it makes it - create_entry_etc = domain: type: let - domain_records = lib.lists.filter (x: x.domain == domain) records; - in - # this is the main type of record that most folks are used to + create_entry_etc = domain: type: if type == "owned" - then create_entry_etc_sub domain (get_config_file domain domain_records) - # reverse lookups allow for using an IP to find domains pointing to it + then create_entry_etc_sub domain (text.owned domain) else if type == "reverse" - then create_entry_etc_sub domain (get_config_file_rev domain) + then create_entry_etc_sub domain (text.reverse domain) + else if type == "old" + then create_entry_etc_sub domain (text.old domain) else {}; - create_entry_zone = domain: let - if_primary_and_owned = - if cfg.server.primary && (lib.lists.any (item: item == domain) domains_owned) - then '' - allow-update { key rfc2136key.skynet.ie.; }; - dnssec-policy default; - inline-signing yes; - '' - else ""; - in { + create_entry_zone = domain: extraConfig: { "${domain}" = { extraConfig = '' - ${if_primary_and_owned} + ${extraConfig} // for bumping the config - // ${toString current_date} + // ${current_date} ''; # really wish teh nixos config didnt use master/slave master = cfg.server.primary; @@ -247,16 +218,69 @@ }; }; + text = { + owned = domain: get_config_file domain; + reverse = domain: get_config_file_rev domain; + old = domain: get_config_file_old_domains domain; + }; + + extraConfig = { + owned = + if cfg.server.primary + then '' + allow-update { key rfc2136key.skynet.ie.; }; + + dnssec-policy default; + inline-signing yes; + '' + else ""; + + # no extra config for reverse + reverse = ""; + + old = ""; + }; + records = config.skynet.records - /* - Need to "manually" grab it from each server. - Nix is laxy evalusted so if it does not need to open a file it wont. - This is to iterate through each server (node) and evaluate the dns records for that server. - */ ++ builtins.concatLists ( lib.attrsets.mapAttrsToList ( - key: value: value.config.services.skynet.dns.records + key: value: let + details_server = value.config.services.skynet."${name}".server; + details_records = value.config.services.skynet."${name}".records; + in + if builtins.hasAttr "dns" value.config.services.skynet + then + ( + # got to handle habing a dns record for the dns serves themselves. + if details_server.enable + then + ( + if details_server.primary + then + details_records + ++ [ + { + record = "ns1"; + r_type = "A"; + value = details_server.ip; + server = false; + } + ] + else + details_records + ++ [ + { + record = "ns2"; + r_type = "A"; + value = details_server.ip; + server = false; + } + ] + ) + else details_records + ) + else [] ) nodes ); @@ -267,7 +291,8 @@ else "ns2"; in { imports = [ - ../../config/dns.nix + ./firewall.nix + ../config/dns.nix ]; options.services.skynet."${name}" = { @@ -291,11 +316,28 @@ in { }; }; + # mirrorred in ../config/dns.nix records = lib.mkOption { description = "Records, sorted based on therir type"; - type = lib.types.listOf (lib.types.submodule (import ./options-records.nix { - inherit lib; - })); + type = with lib.types; + listOf (submodule { + options = { + record = lib.mkOption { + type = str; + }; + r_type = lib.mkOption { + type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; + }; + value = lib.mkOption { + type = str; + }; + server = lib.mkOption { + description = "Core record for a server"; + type = bool; + default = false; + }; + }; + }); }; }; @@ -314,40 +356,29 @@ in { "ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept" ]; - services.skynet.dns.records = [ - { - record = nameserver; - r_type = "A"; - value = config.services.skynet.host.ip; - } - ]; + services.bind.zones = + (create_entry_zone "csn.ul.ie" extraConfig.owned) + // (create_entry_zone "skynet.ie" extraConfig.owned) + // (create_entry_zone "ulcompsoc.ie" extraConfig.owned) + // (create_entry_zone "64-64.99.1.193.in-addr.arpa" extraConfig.reverse) + // (create_entry_zone "conradcollins.net" extraConfig.old) + // (create_entry_zone "edelharty.net" extraConfig.old); - services.bind.zones = lib.attrsets.mergeAttrsList ( - # uses teh domains lsited in teh records - (lib.lists.forEach domains (domain: (create_entry_zone domain))) - # we have to do a reverse dns - ++ [ - (create_entry_zone "64-64.99.1.193.in-addr.arpa") - ] - ); - - environment.etc = lib.attrsets.mergeAttrsList ( - # uses teh domains lsited in teh records - (lib.lists.forEach domains (domain: (create_entry_etc domain "owned"))) - # we have to do a reverse dns - ++ [ - (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse") - ] - ); + environment.etc = + (create_entry_etc "csn.ul.ie" "owned") + // (create_entry_etc "skynet.ie" "owned") + // (create_entry_etc "ulcompsoc.ie" "owned") + // (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse") + // (create_entry_etc "conradcollins.net" "old") + // (create_entry_etc "edelharty.net" "old"); # secrets required age.secrets.dns_dnskeys = { - file = ../../secrets/dns_dnskeys.conf.age; + file = ../secrets/dns_dnskeys.conf.age; owner = "named"; group = "named"; }; - # basic but ensure teh dns ports are open networking.firewall = { allowedTCPPorts = [53]; allowedUDPPorts = [53]; @@ -369,7 +400,7 @@ in { # piles of no valid RRSIG resolving 'com/DS/IN' errors extraOptions = '' - dnssec-validation auto; + dnssec-validation yes; ''; # set the upstream dns servers diff --git a/applications/dns/options-records.nix b/applications/dns/options-records.nix deleted file mode 100644 index 53e443f..0000000 --- a/applications/dns/options-records.nix +++ /dev/null @@ -1,31 +0,0 @@ -/* -Define the options for dns records here. -They are imported into anything that needs to use them -*/ -{lib, ...}: -with lib; { - options = { - domain = lib.mkOption { - description = "Domain this record is for"; - type = lib.types.str; - default = "skynet.ie"; - }; - record = lib.mkOption { - description = "What you want to name the subdomain."; - type = lib.types.str; - }; - r_type = lib.mkOption { - description = "Type of record that this is."; - type = lib.types.enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; - }; - value = lib.mkOption { - description = "What the record points to, normally ip or another record."; - type = lib.types.str; - }; - server = lib.mkOption { - description = "Core record for a server"; - type = lib.types.bool; - default = false; - }; - }; -} diff --git a/applications/email.nix b/applications/email.nix index 97b2362..ade5e0f 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -50,10 +50,6 @@ with lib; let account = "contact"; members = ["committee"]; } - { - account = "committee"; - members = ["committee"]; - } { account = "dbadmin"; members = ["admin"]; @@ -96,7 +92,7 @@ with lib; let } ]; - sieveConfigFile = + configFile = # https://doc.dovecot.org/configuration_manual/sieve/examples/#plus-addressed-mail-filtering pkgs.writeText "basic_sieve" '' @@ -106,60 +102,27 @@ with lib; let require ["fileinto", "reject"]; require "variables"; require "regex"; - require "subaddress"; # this should be close to teh last step if allof ( - address :user ["To", "Cc"] ["${toString create_config_to}"], - address :domain ["To", "Cc"] "skynet.ie" - ){ - if address :matches ["To", "Cc"] "*@skynet.ie" { - # handle spam reports specifically for teh service accounts in each users inbox - if address :matches ["From"] "postmaster@mimi.skynet.ie" { - fileinto :create "''${1}.Spam_Report"; - stop; + address :localpart ["To"] ["${toString create_config_to}"], + address :domain ["To"] "skynet.ie" + ){ + if address :matches ["To"] "*@skynet.ie" { + if header :is "X-Spam" "Yes" { + fileinto :create "''${1}.Junk"; + stop; + } else { + fileinto :create "''${1}"; + } } - - # user+subdir - if address :matches ["To", "Cc"] "*+*@skynet.ie" { - fileinto :create "''${1}.''${2}"; - stop; - } - - # no detail, proceed normally - if header :is "X-Spam" "Yes" { - fileinto :create "''${1}.Junk"; - stop; - } else { - fileinto :create "''${1}"; - stop; - } - } - } - - # handle spam Reports for general users - if address :matches ["From"] "postmaster@mimi.skynet.ie" { - fileinto :create "INBOX.Spam_Report"; - stop; - } - - if allof ( - address :localpart ["From"] ["${toString create_config_to}"], - address :domain ["From"] "skynet.ie" - ){ - if address :matches ["From"] "*@skynet.ie" { - if header :is "X-Spam" "Yes" { - fileinto :create "''${1}.Junk"; - stop; - } else { - fileinto :create "''${1}"; - stop; - } - } } ''; in { imports = [ + ./dns.nix + ./acme.nix + ./nginx.nix inputs.simple-nixos-mailserver.nixosModule # for teh config @@ -227,7 +190,7 @@ in { config = mkIf cfg.enable { services.skynet.backup.normal.backups = [ - #"/var/vmail" + "/var/vmail" "/var/dkim" ]; @@ -307,128 +270,95 @@ in { }; # set up dns record for it - services.skynet.dns.records = - [ - { - # This is the mail gateway, try to send all mail to it first - # Lower number = higher priority - record = "@"; - r_type = "MX"; - # the number is the priority in teh case of multiple mailservers - value = "5 mimi.${cfg.domain}."; - } - { - # this is the main email server - record = "@"; - r_type = "MX"; - # the number is the priority in teh case of multiple mailservers - value = "10 mail.${cfg.domain}."; - } - { - record = "@"; - r_type = "MX"; - # the number is the priority in teh case of multiple mailservers - value = "10 lists.${cfg.domain}."; - } + services.skynet.dns.records = [ + # basic one + { + record = "mail"; + r_type = "A"; + value = config.services.skynet.host.ip; + } + #DNS config for K-9 Mail + { + record = "imap"; + r_type = "CNAME"; + value = "mail"; + } + { + record = "pop3"; + r_type = "CNAME"; + value = "mail"; + } + { + record = "smtp"; + r_type = "CNAME"; + value = "mail"; + } - # basic one - { - record = "mail"; - r_type = "A"; - value = config.services.skynet.host.ip; - } - { - record = "lists"; - r_type = "A"; - value = config.services.skynet.host.ip; - } - #DNS config for K-9 Mail - { - record = "imap"; - r_type = "CNAME"; - value = "mail"; - } - { - record = "pop3"; - r_type = "CNAME"; - value = "mail"; - } - { - record = "smtp"; - r_type = "CNAME"; - value = "mail"; - } - - # TXT records, all tehse are inside escaped strings to allow using "" - - # reverse pointer - { - record = config.services.skynet.host.ip; - r_type = "PTR"; - value = "${cfg.sub}.${cfg.domain}."; - } - - # SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie - # https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406 - # response should be: - # _imap._tcp SRV 0 1 143 imap.example.com. - { - record = "_imaps._tcp"; - r_type = "SRV"; - value = "0 1 993 ${cfg.sub}.${cfg.domain}."; - } - { - record = "_imap._tcp"; - r_type = "SRV"; - value = "0 1 143 ${cfg.sub}.${cfg.domain}."; - } - { - record = "_submissions._tcp"; - r_type = "SRV"; - value = "0 1 465 ${cfg.sub}.${cfg.domain}."; - } - { - record = "_submission._tcp"; - r_type = "SRV"; - value = "0 1 587 ${cfg.sub}.${cfg.domain}."; - } - ] + # TXT records, all tehse are inside escaped strings to allow using "" # SPF record - ++ [ - { - record = "${cfg.domain}."; - r_type = "TXT"; - value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"''; - } - ] + { + record = "${cfg.domain}."; + r_type = "TXT"; + value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} -all"''; + } + # DKIM keys - ++ [ - { - record = "mail._domainkey.skynet.ie."; - r_type = "TXT"; - value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"''; - } - { - domain = "ulcompsoc.ie"; - record = "mail._domainkey.ulcompsoc.ie."; - r_type = "TXT"; - value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"''; - } - ] + { + record = "mail._domainkey.skynet.ie."; + r_type = "TXT"; + value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"''; + } + { + record = "mail._domainkey.ulcompsoc.ie."; + r_type = "TXT"; + value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"''; + } + # DMARC - ++ [ - { - record = "_dmarc.${cfg.domain}."; - r_type = "TXT"; - # p : quarantine => sends to spam, reject => never sent - # rua : mail that receives reports about DMARC activity - # pct : percentage of unathenticated messages that DMARC stops - # adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed - # aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed - # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent - value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"''; - } - ]; + { + record = "_dmarc.${cfg.domain}."; + r_type = "TXT"; + # p : quarantine => sends to spam, reject => never sent + # rua : mail that receives reports about DMARC activity + # pct : percentage of unathenticated messages that DMARC stops + # adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed + # aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed + # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent + value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=none"''; + } + + # reverse pointer + { + record = config.services.skynet.host.ip; + r_type = "PTR"; + value = "${cfg.sub}.${cfg.domain}."; + } + + # SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie + # https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406 + # response should be: + # _imap._tcp SRV 0 1 143 imap.example.com. + { + record = "_imaps._tcp"; + r_type = "SRV"; + value = "0 1 993 ${cfg.sub}.${cfg.domain}."; + } + { + record = "_imap._tcp"; + r_type = "SRV"; + value = "0 1 143 ${cfg.sub}.${cfg.domain}."; + } + { + record = "_submissions._tcp"; + r_type = "SRV"; + value = "0 1 465 ${cfg.sub}.${cfg.domain}."; + } + { + record = "_submission._tcp"; + r_type = "SRV"; + value = "0 1 587 ${cfg.sub}.${cfg.domain}."; + } + ]; #https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html users.groups.nginx = {}; @@ -470,12 +400,9 @@ in { mailserver = { enable = true; - stateVersion = 3; - fqdn = "${cfg.sub}.${cfg.domain}"; domains = [ cfg.domain - "lists.skynet.ie" ]; enableManageSieve = true; @@ -490,10 +417,6 @@ in { # 20MB max size messageSizeLimit = 20000000; - # policydSPFExtraConfig = '' - # skip_addresses = 193.1.99.86/32 - # ''; - ldap = { enable = true; uris = cfg.ldap.hosts; @@ -506,13 +429,13 @@ in { searchScope = "sub"; dovecot = { - userFilter = "(skMail=%{user})"; + userFilter = "(skMail=%u)"; # can lock down how much space each user has access to from ldap userAttrs = "quotaEmail=quota_rule=*:bytes=%$,=quota_rule2=Trash:storage=+100M"; # accept emails in, but only allow access to paid up members - passFilter = "(&(|${create_filter cfg.groups})(skMail=%{user}))"; + passFilter = "(&(|${create_filter cfg.groups})(skMail=%u))"; }; postfix = { @@ -528,60 +451,18 @@ in { }; services.dovecot2.sieve.scripts = { - before = sieveConfigFile; - }; - - # This is to add a bcc to outgoing mail - # this then interacts with teh filters to put it in the right folder - # we can directly add to the postfix service here - services.postfix = let - # mostly copied from the upstream mailserver config/functions - mappedFile = name: "hash:/var/lib/postfix/conf/${name}"; - - sender_bcc_maps_file = let - content = lookupTableToString create_skynet_service_bcc; - in - builtins.toFile "sender_bcc_maps" content; - - lookupTableToString = attrs: let - valueToString = value: lib.concatStringsSep ", " value; - in - lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name} ${valueToString value}") attrs); - - # convert the mailboxes config to something that can be used here - create_skynet_email_bcc = mailbox: { - name = "${mailbox}@skynet.ie"; - value = ["${mailbox}@skynet.ie"]; - }; - create_skynet_service_bcc = builtins.listToAttrs (map (mailbox: (create_skynet_email_bcc mailbox.account)) service_mailboxes); - in { - mapFiles."sender_bcc_maps" = sender_bcc_maps_file; - - config = { - sender_bcc_maps = [ - (mappedFile "sender_bcc_maps") - ]; - }; + before = configFile; }; # tune the spam filter - services.rspamd.locals = { - "multimap.conf" = { - text = '' - IP_WHITELIST { - type = "ip"; - prefilter = true; - map = "/etc/rspamd/local.d/ip_whitelist.map"; - action = "accept"; - } - ''; - }; - - "ip_whitelist.map" = { - text = '' - 193.1.99.86 - ''; - }; - }; + /* + services.rspamd.extraConfig = '' + actions { + reject = null; # Disable rejects, default is 15 + add_header = 7; # Add header when reaching this score + greylist = 4; # Apply greylisting when reaching this score + } + ''; + */ }; } diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix deleted file mode 100644 index 9dce4bb..0000000 --- a/applications/games/minecraft.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - config, - pkgs, - lib, - inputs, - ... -}: let - # function to create the cname record for eachs erver - create_cname = configs: - lib.lists.forEach configs ( - c: { - record = "${c.address}.games"; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } - ); - - # function to create the srv record - # this allows us to change the port without impacting (java) users - create_srv = configs: - lib.lists.forEach configs (c: { - record = "_minecraft._tcp.${c.address}.games.skynet.ie."; - r_type = "SRV"; - value = "0 10 ${c.port} ${config.services.skynet.host.name}.skynet.ie."; - }); - - servers = [ - { - address = "minecraft.compsoc"; - port = "25518"; - } - { - address = "minecraft-classic.compsoc"; - port = "25518"; - } - { - address = "minecraft-aged.compsoc"; - port = "25519"; - } - { - address = "minecraft.gsoc"; - port = "25521"; - } - { - address = "minecraft.phildeb"; - port = "25522"; - } - { - address = "minecraft.anime"; - port = "25523"; - } - ]; -in { - imports = [ - ]; - - config = { - services.skynet.dns.records = (create_cname servers) ++ (create_srv servers); - }; -} diff --git a/applications/git/forgejo.nix b/applications/git/forgejo.nix deleted file mode 100644 index cfe0a60..0000000 --- a/applications/git/forgejo.nix +++ /dev/null @@ -1,139 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; let - name = "forgejo"; - cfg = config.services.skynet."${name}"; - - domain_base = "${cfg.domain.base}.${cfg.domain.tld}"; - domain_full = "${cfg.domain.sub}.${domain_base}"; -in { - imports = [ - ]; - - options.services.skynet."${name}" = { - enable = mkEnableOption "Skynet Forgejo"; - - domain = { - tld = mkOption { - type = types.str; - default = "ie"; - }; - - base = mkOption { - type = types.str; - default = "skynet"; - }; - - sub = mkOption { - type = types.str; - default = name; - }; - }; - - forgejo = { - port = mkOption { - type = types.port; - default = 3000; - }; - }; - }; - - config = mkIf cfg.enable { - # age.secrets.forgejo-mailer-password = { - # file = ../../secrets/forgejo/mailer-password.age; - # mode = "400"; - # owner = "forgejo"; - # }; - - services.skynet.acme.domains = [ - "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" - ]; - - # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide - services.skynet.dns.records = [ - { - record = cfg.domain.sub; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } - ]; - - services.nginx.virtualHosts = { - # main site - "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/" = { - proxyPass = "http://localhost:${toString cfg.forgejo.port}"; - extraConfig = '' - add_header Content-Security-Policy "frame-ancestors 'self' https://silver.users.skynet.ie"; - client_max_body_size 1000M; - ''; - }; - }; - }; - - # for signing reasons - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - services.forgejo = { - enable = true; - package = pkgs.forgejo; - database.type = "sqlite3"; - # Enable support for Git Large File Storage - lfs.enable = true; - settings = { - server = { - DOMAIN = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; - # You need to specify this to remove the port from URLs in the web UI. - ROOT_URL = "https://${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}/"; - HTTP_PORT = cfg.forgejo.port; - }; - - # You can temporarily allow registration to create an admin user. - service.DISABLE_REGISTRATION = true; - - # Add support for actions, based on act: https://github.com/nektos/act - actions = { - ENABLED = true; - DEFAULT_ACTIONS_URL = "github"; - }; - - indexer = { - # Will consume more disk space, but we have plenty of that - REPO_INDEXER_ENABLED = true; - }; - - database = { - SQLITE_JOURNAL_MODE = "WAL"; - }; - - # Allow for signing off merge requests - # "repository.signing" = { - # SIGNING_KEY = "5B2DED0FE9F8627A"; - # SIGNING_NAME = "Skynet"; - # SIGNING_EMAIL = "forgejo@glados.skynet.ie"; - # MERGES = "always"; - # }; - - # Sending emails is completely optional - # You can send a test email from the web UI at: - # Profile Picture > Site Administration > Configuration > Mailer Configuration - # mailer = { - # ENABLED = true; - # SMTP_ADDR = "mail.${cfg.domain.base}.${cfg.domain.tld}"; - # FROM = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; - # USER = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; - # }; - }; - # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; - }; - }; -} diff --git a/applications/git/forgejo_runner.nix b/applications/git/forgejo_runner.nix deleted file mode 100644 index c43ecec..0000000 --- a/applications/git/forgejo_runner.nix +++ /dev/null @@ -1,161 +0,0 @@ -{ - config, - pkgs, - lib, - inputs, - ... -}: -with lib; let - name = "forgejo_runner"; - cfg = config.services.skynet."${name}"; -in { - imports = [ - ]; - - options.services.skynet."${name}" = { - enable = mkEnableOption "Skynet ForgeJo Runner"; - - name = mkOption { - type = types.str; - default = config.networking.hostName; - }; - - website = mkOption { - default = "https://forgejo.skynet.ie"; - type = types.str; - }; - - user = mkOption { - default = "gitea-runner"; - type = types.str; - }; - - secret = mkOption { - type = types.path; - }; - }; - - config = mkIf cfg.enable { - # https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner. - environment.systemPackages = with pkgs; [ - forgejo-actions-runner - ]; - - age.secrets.forgejo_runner_token = { - file = cfg.secret; - owner = cfg.user; - group = cfg.user; - }; - - # make sure the ssh config stuff is in teh right palce - systemd.tmpfiles.rules = [ - #"d /home/${cfg.user} 0755 ${cfg.user} ${cfg.user}" - "L+ /home/${cfg.user}/.ssh/config 0755 ${cfg.user} ${cfg.user} - ${./ssh_config}" - ]; - age.secrets.forgejo_runner_ssh = { - file = ../../secrets/forgejo/runners/ssh.age; - mode = "600"; - owner = "${cfg.user}"; - group = "${cfg.user}"; - symlink = false; - path = "/home/${cfg.user}/.ssh/skynet/root"; - }; - - nix = { - settings = { - trusted-users = [ - # allow the runner to build nix stuff and to use the cache - "gitea-runner" - ]; - trusted-public-keys = [ - "skynet-cache:zMFLzcRZPhUpjXUy8SF8Cf7KGAZwo98SKrzeXvdWABo=" - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - ]; - substituters = [ - "https://nix-cache.skynet.ie/skynet-cache/" - "https://cache.nixos.org/" - ]; - trusted-substituters = [ - "https://nix-cache.skynet.ie/skynet-cache/" - "https://cache.nixos.org/" - ]; - }; - }; - - # very basic setup to always be watching for changes in teh cache - systemd.services.attic-uploader = { - enable = true; - serviceConfig = { - ExecStart = "${pkgs.attic-client}/bin/attic watch-store skynet-cache"; - User = "root"; - Restart = "always"; - RestartSec = 1; - }; - }; - - # give teh runner user a home to store teh ssh config stuff - systemd.services.gitea-runner-default.serviceConfig = { - DynamicUser = lib.mkForce false; - User = lib.mkForce cfg.user; - }; - users = { - groups."${cfg.user}" = {}; - users."${cfg.user}" = { - #isSystemUser = true; - isNormalUser = true; - group = cfg.user; - createHome = true; - shell = pkgs.bash; - }; - }; - - boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1 - virtualisation.docker.enable = true; - - # taken from https://github.com/NixOS/nixpkgs/issues/245365#issuecomment-1663854128 - virtualisation.docker.listenOptions = ["/run/docker.sock" "127.0.0.1:2375"]; - - # the actual runner - services.gitea-actions-runner = { - package = pkgs.forgejo-actions-runner; - instances.default = { - enable = true; - name = cfg.name; - url = cfg.website; - tokenFile = config.age.secrets.forgejo_runner_token.path; - labels = [ - ## optionally provide native execution on the host: - "nix:host" - "docker:docker://node:22-bookworm" - "ubuntu-latest:docker://node:22-bookworm" - ]; - - hostPackages = with pkgs; [ - # default ones - bash - coreutils - curl - gawk - git - gnused - nodejs - wget - - # useful to have in path - jq - which - dpkg - zip - git-lfs - - # used in deployments - inputs.colmena.defaultPackage."x86_64-linux" - attic-client - lix - openssh - sudo - ]; - }; - }; - }; -} diff --git a/applications/git/ssh_config b/applications/git/ssh_config deleted file mode 100644 index 70bbef0..0000000 --- a/applications/git/ssh_config +++ /dev/null @@ -1,5 +0,0 @@ -Host *.skynet.ie 193.1.99.* 193.1.96.165 - User root - IdentityFile ~/.ssh/skynet/root - IdentitiesOnly yes - diff --git a/applications/git/gitlab.nix b/applications/gitlab.nix similarity index 95% rename from applications/git/gitlab.nix rename to applications/gitlab.nix index 0d90b7b..80664af 100644 --- a/applications/git/gitlab.nix +++ b/applications/gitlab.nix @@ -12,6 +12,10 @@ with lib; let domain_full = "${cfg.domain.sub}.${domain_base}"; in { imports = [ + ./acme.nix + ./dns.nix + ./firewall.nix + ./nginx.nix ]; options.services.skynet."${name}" = { @@ -56,32 +60,32 @@ in { # grep -r --exclude-dir={docker,containers,log,sys,nix,proc} gitlab / age.secrets.gitlab_pw = { - file = ../../secrets/gitlab/pw.age; + file = ../secrets/gitlab/pw.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_secrets_db = { - file = ../../secrets/gitlab/secrets_db.age; + file = ../secrets/gitlab/secrets_db.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_secrets_secret = { - file = ../../secrets/gitlab/secrets_secret.age; + file = ../secrets/gitlab/secrets_secret.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_secrets_otp = { - file = ../../secrets/gitlab/secrets_otp.age; + file = ../secrets/gitlab/secrets_otp.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_secrets_jws = { - file = ../../secrets/gitlab/secrets_jws.age; + file = ../secrets/gitlab/secrets_jws.age; owner = cfg.user; group = cfg.user; }; age.secrets.gitlab_db_pw = { - file = ../../secrets/gitlab/db_pw.age; + file = ../secrets/gitlab/db_pw.age; owner = cfg.user; group = cfg.user; }; diff --git a/applications/gitlab_runner.nix b/applications/gitlab_runner.nix new file mode 100644 index 0000000..dc642cf --- /dev/null +++ b/applications/gitlab_runner.nix @@ -0,0 +1,122 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; let + name = "gitlab_runner"; + cfg = config.services.skynet."${name}"; +in { + imports = [ + ]; + + options.services.skynet."${name}" = { + enable = mkEnableOption "Skynet Gitlab Runner"; + + runner = { + name = mkOption { + type = types.str; + }; + + gitlab = mkOption { + default = "https://gitlab.skynet.ie"; + type = types.str; + }; + + description = mkOption { + default = cfg.runner.name; + type = types.str; + }; + + docker = { + image = mkOption { + default = "alpine:3.18.4"; + type = types.str; + }; + + cleanup_dates = mkOption { + # https://man.archlinux.org/man/systemd.time.7#CALENDAR_EVENTS + # it will use a lot of storage so clear it daily, may change to hourly if required + default = "daily"; + type = types.str; + }; + }; + }; + }; + + config = mkIf cfg.enable { + # https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner. + environment.systemPackages = [ + pkgs.gitlab-runner + ]; + + age.secrets.runner_01_nix.file = ../secrets/gitlab/runners/runner01.age; + age.secrets.runner_02_general.file = ../secrets/gitlab/runners/runner02.age; + + boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1 + virtualisation.docker.enable = true; + + # taken from https://github.com/NixOS/nixpkgs/issues/245365#issuecomment-1663854128 + virtualisation.docker.listenOptions = ["/run/docker.sock" "127.0.0.1:2375"]; + + services.gitlab-runner = { + enable = true; + + # clear-docker-cache = { + # enable = true; + # dates = cfg.runner.docker.cleanup_dates; + # }; + + services = { + # might make a function later to have multiple runners, might never need it though + runner_nix = { + cloneUrl = cfg.runner.gitlab; + description = "For Nix only"; + registrationFlags = ["--docker-host" "tcp://127.0.0.1:2375"]; + registrationConfigFile = config.age.secrets.runner_01_nix.path; + dockerImage = cfg.runner.docker.image; + + # from https://nixos.wiki/wiki/Gitlab_runner + dockerVolumes = [ + "/nix/store:/nix/store:ro" + "/nix/var/nix/db:/nix/var/nix/db:ro" + "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" + ]; + dockerDisableCache = true; + preBuildScript = pkgs.writeScript "setup-container" '' + mkdir -p -m 0755 /nix/var/log/nix/drvs + mkdir -p -m 0755 /nix/var/nix/gcroots + mkdir -p -m 0755 /nix/var/nix/profiles + mkdir -p -m 0755 /nix/var/nix/temproots + mkdir -p -m 0755 /nix/var/nix/userpool + mkdir -p -m 1777 /nix/var/nix/gcroots/per-user + mkdir -p -m 1777 /nix/var/nix/profiles/per-user + mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root + mkdir -p -m 0700 "$HOME/.nix-defexpr" + . ${pkgs.nix}/etc/profile.d/nix-daemon.sh + ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-unstable nixpkgs # 3 + ${pkgs.nix}/bin/nix-channel --update nixpkgs + ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [nix cacert git openssh])} + ''; + environmentVariables = { + ENV = "/etc/profile"; + USER = "root"; + NIX_REMOTE = "daemon"; + PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; + NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; + }; + tagList = ["nix"]; + }; + + runner_general = { + cloneUrl = cfg.runner.gitlab; + description = "General Runner"; + registrationFlags = ["--docker-host" "tcp://127.0.0.1:2375"]; + registrationConfigFile = config.age.secrets.runner_02_general.path; + dockerImage = cfg.runner.docker.image; + }; + }; + }; + }; +} diff --git a/applications/grafana.nix b/applications/grafana.nix index 953b02e..15c076f 100644 --- a/applications/grafana.nix +++ b/applications/grafana.nix @@ -9,6 +9,8 @@ with lib; let port = 4444; in { imports = [ + ./acme.nix + ./dns.nix ]; options.services.skynet."${name}" = { @@ -49,8 +51,6 @@ in { domain = "${name}.skynet.ie"; port = port; - settings.server.root_url = "https://${name}.skynet.ie"; - settings.security.admin_password = "$__file{${config.age.secrets.grafana_pw.path}}"; provision = { diff --git a/applications/ldap/backend.nix b/applications/ldap/backend.nix index a24f259..b4b0e13 100644 --- a/applications/ldap/backend.nix +++ b/applications/ldap/backend.nix @@ -11,6 +11,9 @@ with lib; let port_backend = "8087"; in { imports = [ + ../acme.nix + ../dns.nix + ../nginx.nix inputs.skynet_ldap_backend.nixosModule."x86_64-linux" ../../config/users.nix ]; @@ -40,6 +43,7 @@ in { #backups = [ "/etc/silver_ul_ical/database.db" ]; age.secrets.ldap_details.file = ../../secrets/ldap/details.age; + age.secrets.ldap_discord.file = ../../secrets/discord/ldap.age; age.secrets.ldap_mail.file = ../../secrets/email/details.age; age.secrets.ldap_wolves.file = ../../secrets/wolves/details.age; @@ -68,6 +72,7 @@ in { # contains teh password in env form env = { ldap = config.age.secrets.ldap_details.path; + discord = config.age.secrets.ldap_discord.path; mail = config.age.secrets.ldap_mail.path; wolves = config.age.secrets.ldap_wolves.path; }; diff --git a/applications/ldap/server.nix b/applications/ldap/server.nix index ee55600..67bd1fc 100644 --- a/applications/ldap/server.nix +++ b/applications/ldap/server.nix @@ -15,6 +15,9 @@ with lib; let in { # these are needed for teh program in question imports = [ + ../acme.nix + ../dns.nix + ../nginx.nix ]; options.services.skynet."${name}" = { diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix index bc7b1ae..02bc5f6 100644 --- a/applications/nextcloud.nix +++ b/applications/nextcloud.nix @@ -10,6 +10,9 @@ with lib; let domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; in { imports = [ + ./acme.nix + ./dns.nix + ./nginx.nix ]; options.services.skynet."${name}" = { @@ -45,7 +48,6 @@ in { services.skynet.acme.domains = [ domain "onlyoffice.${domain}" - "whiteboard.${domain}" ]; services.skynet.dns.records = [ @@ -59,18 +61,13 @@ in { r_type = "CNAME"; value = config.services.skynet.host.name; } - { - record = "whiteboard.${cfg.domain.sub}"; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } ]; # /var/lib/nextcloud/data services.nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud28; hostName = domain; https = true; @@ -84,10 +81,9 @@ in { appstoreEnable = true; - extraApps = { - inherit (config.services.nextcloud.package.packages.apps) richdocuments; + extraApps = with config.services.nextcloud.package.packages.apps; { + inherit forms groupfolders maps notes onlyoffice polls; }; - extraAppsEnable = true; settings = { trusted_proxies = ["193.1.99.65"]; @@ -97,21 +93,10 @@ in { }; }; - environment.etc."nextcloud-whiteboard-secret".text = '' - JWT_SECRET_KEY=test123 - ''; - - services.nextcloud-whiteboard-server = { - enable = true; - settings.NEXTCLOUD_URL = "https://nextcloud.skynet.ie"; - secrets = ["/etc/nextcloud-whiteboard-secret"]; - }; - nixpkgs.config.allowUnfree = true; - # impacted by https://github.com/NixOS /nixpkgs/issues/352443 - # services.onlyoffice = { - # enable = true; - # }; + services.onlyoffice = { + enable = true; + }; services.nginx.virtualHosts = { ${domain} = { @@ -123,14 +108,6 @@ in { useACMEHost = "skynet"; locations."/".proxyPass = "http://127.0.0.1:8000"; }; - "whiteboard.${domain}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/" = { - proxyPass = "http://localhost:3002"; - proxyWebsockets = true; - }; - }; }; }; } diff --git a/applications/nginx.nix b/applications/nginx.nix index 5970a20..254de6c 100644 --- a/applications/nginx.nix +++ b/applications/nginx.nix @@ -9,6 +9,8 @@ recommendedGzipSettings = true; recommendedProxySettings = true; + statusPage = true; + # give Nginx access to our certs group = "acme"; }; diff --git a/applications/nix_cache/nix_cache.nix b/applications/nix_cache/nix_cache.nix index aead693..6716146 100644 --- a/applications/nix_cache/nix_cache.nix +++ b/applications/nix_cache/nix_cache.nix @@ -15,6 +15,7 @@ https://docs.attic.rs/introduction.html lib, config, pkgs, + inputs, ... }: with lib; let @@ -22,6 +23,9 @@ with lib; let cfg = config.services.skynet."${name}"; in { imports = [ + inputs.attic.nixosModules.atticd + ../acme.nix + ../dns.nix ]; options.services.skynet."${name}" = { @@ -51,7 +55,7 @@ in { enable = true; # Replace with absolute path to your credentials file - environmentFile = "/etc/atticd.env"; + credentialsFile = "/etc/atticd.env"; settings = { listen = "127.0.0.1:8080"; diff --git a/applications/open_governance/keyserver.nix b/applications/open_governance/keyserver.nix index 7e239a7..c507a50 100644 --- a/applications/open_governance/keyserver.nix +++ b/applications/open_governance/keyserver.nix @@ -13,6 +13,8 @@ with lib; let port = 11371; in { imports = [ + ../acme.nix + ../dns.nix ]; options.services.skynet."${name}" = { diff --git a/applications/open_governance/open_governance.nix b/applications/open_governance/open_governance.nix index 1b02248..93d2974 100644 --- a/applications/open_governance/open_governance.nix +++ b/applications/open_governance/open_governance.nix @@ -15,6 +15,8 @@ with lib; let folder = "/var/skynet/${name}"; in { imports = [ + ../acme.nix + ../dns.nix ]; options.services.skynet."${name}" = { diff --git a/applications/pelican/Notes.md b/applications/pelican/Notes.md deleted file mode 100644 index d5cc785..0000000 --- a/applications/pelican/Notes.md +++ /dev/null @@ -1,6 +0,0 @@ -# Notes on Pelican - -## Panel - -* ``pelican-install`` is in env that can be used to isntall -* then go to ``panel-address.skynet.ie/installer`` to finish the setup diff --git a/applications/pelican/pelican-panel-install.nix b/applications/pelican/pelican-panel-install.nix deleted file mode 100644 index da372e4..0000000 --- a/applications/pelican/pelican-panel-install.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - pkgs, - dir, -}: -pkgs.writeShellScriptBin "pelican-install" '' - DIR=${dir} - - echo "Installing Pelican panel to $DIR ..." - if [ -d $DIR ]; then - echo "Directory $DIR already exists, exiting" - exit 1 - fi - echo "Creating directory ..." - mkdir -p $DIR - cd $DIR - - echo "Downloading Pelican panel ..." - curl -L https://github.com/pelican-dev/panel/releases/latest/download/panel.tar.gz | tar -xzv - echo "Installing Pelican panel using composer ..." - yes | composer install --no-dev --optimize-autoloader - - echo "Setting up the environment ..." - yes "" | php artisan p:environment:setup - - echo "Setting permissions ..." - chmod -R 755 storage/* bootstrap/cache/ - chown -R nginx:acme $DIR - - echo "Pelican panel installed successfully" -'' diff --git a/applications/pelican/pelican-panel-update.nix b/applications/pelican/pelican-panel-update.nix deleted file mode 100644 index a159659..0000000 --- a/applications/pelican/pelican-panel-update.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - pkgs, - dir, -}: -pkgs.writeShellScriptBin "pelican-update" '' - DIR=${dir} - - echo "Updateing Pelican panel in $DIR ..." - if [ -d $DIR ]; then - echo "Directory $DIR found, entering maintenance mode ..." - else - echo "Directory $DIR does not exist, exiting" - exit 1 - fi - - cd $DIR - php artisan down - - echo "Downloading Pelican panel update ..." - curl -L https://github.com/pelican-dev/panel/releases/latest/download/panel.tar.gz | tar -xzv - - echo "Setting permissions ..." - chmod -R 755 storage/* bootstrap/cache - - echo "Updating Pelican panel using composer ..." - yes | composer install --no-dev --optimize-autoloader - - echo "Clearing compiled template cache ..." - php artisan view:clear - php artisan config:clear - - echo "Optimizing Pelican panel ..." - php artisan filament:optimize - - echo "Updating the database ..." - php artisan migrate --seed --force - - echo "Setting permissions ..." - chown -R nginx:acme $DIR - - echo "Restart Pelican queue service ..." - systemctl restart pelican-queue.service - - echo "Exiting maintenance mode ..." - php artisan up - - echo "Pelican panel updated successfully" -'' diff --git a/applications/pelican/pelican-wing-package.nix b/applications/pelican/pelican-wing-package.nix deleted file mode 100644 index 8b0aa7b..0000000 --- a/applications/pelican/pelican-wing-package.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - stdenv, - lib, - fetchurl, - docker, - gnutar, -}: -stdenv.mkDerivation rec { - pname = "pelican-wings"; - version = "v1.0.0-beta9"; - - src = fetchurl { - url = "https://github.com/pelican-dev/wings/releases/download/${version}/wings_linux_amd64"; - hash = "sha256-YaS1bthNSeWXH5drc2yensRqsRAOa2VXvivJOaPybqc="; - }; - - buildInputs = [docker gnutar]; - - phases = ["installPhase"]; - - installPhase = '' - install -D $src $out/bin/wings - ''; -} diff --git a/applications/pelican/pelican.nix b/applications/pelican/pelican.nix deleted file mode 100644 index a03980d..0000000 --- a/applications/pelican/pelican.nix +++ /dev/null @@ -1,323 +0,0 @@ -{ - inputs, - pkgs, - lib, - config, - ... -}: -with lib; let - name = "pelican"; - cfg = config.services.skynet."${name}"; - php_pool = name; - domain_panel = "${cfg.panel.domain.sub}.${cfg.panel.domain.base}.${cfg.panel.domain.tld}"; - - packages = let - dir = cfg.panel.dir; - in [ - pkgs.curl - pkgs.gnutar - pkgs.unzip - pkgs.gzip - pkgs.php83 - pkgs.php83Packages.composer - pkgs.php83Extensions.gd - pkgs.php83Extensions.mysqli - pkgs.php83Extensions.mbstring - pkgs.php83Extensions.bcmath - pkgs.php83Extensions.xml - pkgs.php83Extensions.curl - pkgs.php83Extensions.zip - pkgs.php83Extensions.intl - pkgs.php83Extensions.sqlite3 - (import ./pelican-panel-update.nix { - inherit pkgs; - inherit dir; - }) - ]; -in { - imports = [ - ]; - - options.services.skynet."${name}" = { - panel = { - enable = mkEnableOption "Pelican Panel"; - - dir = mkOption { - type = types.str; - default = "/var/lib/pelican_panel"; - }; - - domain = { - tld = mkOption { - type = types.str; - default = "ie"; - }; - - base = mkOption { - type = types.str; - default = "skynet"; - }; - - sub = mkOption { - type = types.str; - #default = name; - default = "panel.games"; - }; - }; - }; - - wing = { - enable = mkEnableOption "Pelican Wing"; - - node_name = mkOption { - type = types.str; - }; - }; - }; - - config = mkMerge [ - (mkIf cfg.panel.enable { - services.skynet.acme.domains = [ - domain_panel - ]; - - # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide - services.skynet.dns.records = [ - { - record = cfg.panel.domain.sub; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } - ]; - - environment.systemPackages = packages; - - systemd.timers."pelican-cron" = { - wantedBy = ["timers.target"]; - timerConfig = { - OnBootSec = "5m"; - OnUnitActiveSec = "1m"; - Unit = "pelican-cron.service"; - }; - }; - - systemd.services."pelican-cron" = { - script = '' - ${pkgs.php83}/bin/php ${cfg.panel.dir}/artisan schedule:run >> /dev/null 2>&1 - ''; - serviceConfig = { - Type = "oneshot"; - }; - }; - - systemd.services.pelican-queue = { - wantedBy = ["multi-user.target"]; - serviceConfig = { - User = config.services.nginx.user; - Group = config.services.nginx.group; - Restart = "always"; - ExecStart = "${pkgs.php83}/bin/php -q ${cfg.panel.dir}/artisan queue:work --tries=3"; - startLimitInterval = 180; - startLimitBurst = 30; - RestartSec = "5"; - }; - }; - - systemd.services.pelican-panel-setup = { - wantedBy = ["pelican-queue.target" "pelican-cron.target"]; - partOf = []; - path = packages; - serviceConfig = { - Type = "oneshot"; - User = "root"; - Group = "root"; - TimeoutSec = "infinity"; - Restart = "on-failure"; - RemainAfterExit = true; - ExecStart = pkgs.writeShellScript "pelican-panel-install" '' - DIR=${cfg.panel.dir} - - echo "Installing Pelican panel to $DIR ..." - if [ -d $DIR ]; then - echo "Directory $DIR already exists, exiting" - exit 1 - fi - echo "Creating directory ..." - mkdir -p $DIR - cd $DIR - - echo "Downloading Pelican panel ..." - curl -L https://github.com/pelican-dev/panel/releases/latest/download/panel.tar.gz | tar -xzv - echo "Installing Pelican panel using composer ..." - yes | composer install --no-dev --optimize-autoloader - - echo "Setting up the environment ..." - yes "" | php artisan p:environment:setup - - echo "Setting permissions ..." - chmod -R 755 storage/* bootstrap/cache/ - chown -R ${config.services.nginx.user}:${config.services.nginx.group} $DIR - - echo "Pelican panel installed successfully" - ''; - }; - }; - - services.phpfpm.pools.${php_pool} = { - user = config.services.nginx.user; - group = config.services.nginx.group; - settings = { - "listen.owner" = config.services.nginx.user; - "listen.group" = config.services.nginx.group; - "listen.mode" = "0600"; - "pm" = "dynamic"; - "pm.max_children" = 75; - "pm.start_servers" = 10; - "pm.min_spare_servers" = 5; - "pm.max_spare_servers" = 20; - "pm.max_requests" = 500; - "catch_workers_output" = 1; - }; - }; - - services.nginx.virtualHosts."${domain_panel}" = { - root = "${cfg.panel.dir}/public"; - - forceSSL = true; - useACMEHost = "skynet"; - - extraConfig = '' - index index.html index.htm index.php; - charset utf-8; - - access_log off; - error_log /var/log/nginx/pelican.app-error.log error; - - client_max_body_size 100m; - client_body_timeout 120s; - - sendfile off; - - ssl_session_cache shared:SSL:10m; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; - ssl_prefer_server_ciphers on; - - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header Content-Security-Policy "frame-ancestors 'self'"; - add_header X-Frame-Options DENY; - add_header Referrer-Policy same-origin; - ''; - - locations = { - "/" = { - extraConfig = '' - try_files $uri $uri/ /index.php?$query_string; - ''; - }; - - "/favicon.ico".extraConfig = '' - access_log off; - log_not_found off; - ''; - - "/robots.txt".extraConfig = '' - access_log off; - log_not_found off; - ''; - - "~ \\.php$" = { - extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools.${php_pool}.socket}; - fastcgi_index index.php; - include ${config.services.nginx.package}/conf/fastcgi_params; - fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param HTTP_PROXY ""; - fastcgi_intercept_errors off; - fastcgi_buffer_size 16k; - fastcgi_buffers 4 16k; - fastcgi_connect_timeout 300; - fastcgi_send_timeout 300; - fastcgi_read_timeout 300; - ''; - }; - - "~ /\\.ht".extraConfig = '' - deny all; - ''; - }; - }; - }) - - (mkIf cfg.wing.enable { - services.skynet.acme.domains = [ - "${cfg.wing.node_name}.${domain_panel}" - ]; - - # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide - services.skynet.dns.records = [ - { - record = "${cfg.wing.node_name}.${cfg.panel.domain.sub}"; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } - ]; - services.nginx.virtualHosts = { - "${cfg.wing.node_name}.${domain_panel}" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".proxyPass = "http://127.0.0.1:8080"; - }; - }; - - networking.firewall.allowedTCPPorts = [8080 8443]; - - virtualisation.docker.enable = true; - - environment.systemPackages = [ - (pkgs.callPackage ./pelican-wing-package.nix {}) - ]; - - users.groups.pelican = {}; - users.users.pelican = { - #createHome = true; - isSystemUser = true; - #home = "/etc/pelican"; - group = "pelican"; - extraGroups = ["docker" "acme"]; - # X11 is to ensure the directory can be traversed - #homeMode = "711"; - }; - - systemd.services.pelican-wings = { - description = "Wings Daemon"; - after = ["docker.service"]; - requires = ["docker.service"]; - partOf = ["docker.service"]; - - serviceConfig = { - User = "root"; - WorkingDirectory = "/etc/pelican"; - LimitNOFILE = 4096; - PIDFile = "/var/run/wings/daemon.pid"; - ExecStart = "/run/current-system/sw/bin/wings"; - Restart = "on-failure"; - startLimitInterval = 180; - startLimitBurst = 30; - RestartSec = "5"; - }; - - wantedBy = ["multi-user.target"]; - }; - - systemd.tmpfiles.rules = [ - "L+ /etc/letsencrypt/live/${cfg.wing.node_name}.${domain_panel}/fullchain.pem - pelican acme - /var/lib/acme/skynet/fullchain.pem" - "L+ /etc/letsencrypt/live/${cfg.wing.node_name}.${domain_panel}/privkey.pem - pelican acme - /var/lib/acme/skynet/key.pem" - ]; - }) - ]; -} diff --git a/applications/prometheus.nix b/applications/prometheus.nix index a342a76..674d161 100644 --- a/applications/prometheus.nix +++ b/applications/prometheus.nix @@ -21,7 +21,7 @@ with lib; let ) nodes ); - node = lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString value.config.services.prometheus.exporters.node.port}") nodes; + node = lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString config.services.prometheus.exporters.node.port}") nodes; }; # clears any invalid entries @@ -37,10 +37,8 @@ in { type = types.port; default = 9001; }; - }; - external = { - node = mkOption { + external.node = mkOption { type = types.listOf types.str; default = []; description = '' @@ -48,20 +46,12 @@ in { ''; }; }; - - ports = { - node = mkOption { - type = types.port; - default = 9100; - }; - }; }; config = mkMerge [ { services.prometheus.exporters.node = { enable = true; - port = cfg.ports.node; openFirewall = true; # most collectors are on by default see https://github.com/prometheus/node_exporter for more options enabledCollectors = ["systemd" "processes"]; @@ -76,7 +66,7 @@ in { job_name = "node_exporter"; static_configs = [ { - targets = filter_empty (exporters.node ++ cfg.external.node); + targets = filter_empty (exporters.node ++ cfg.server.external.node); } ]; } diff --git a/applications/proxmox-lxc.nix b/applications/proxmox-lxc.nix new file mode 100644 index 0000000..964454e --- /dev/null +++ b/applications/proxmox-lxc.nix @@ -0,0 +1,93 @@ +/* +Once https://github.com/NixOS/nixpkgs/pull/267764 is merged this can be removed +*/ +{ + config, + pkgs, + lib, + ... +}: +with lib; { + options.proxmoxLXC = { + enable = mkOption { + default = true; + type = types.bool; + description = lib.mdDoc "Whether to enable the ProxmoxLXC."; + }; + privileged = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to enable privileged mounts + ''; + }; + manageNetwork = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to manage network interfaces through nix options + When false, systemd-networkd is enabled to accept network + configuration from proxmox. + ''; + }; + manageHostName = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to manage hostname through nix options + When false, the hostname is picked up from /etc/hostname + populated by proxmox. + ''; + }; + }; + + config = let + cfg = config.proxmoxLXC; + in + mkIf cfg.enable { + system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix { + storeContents = [ + { + object = config.system.build.toplevel; + symlink = "none"; + } + ]; + + contents = [ + { + source = config.system.build.toplevel + "/init"; + target = "/sbin/init"; + } + ]; + + extraCommands = "mkdir -p root etc/systemd/network"; + }; + + boot = { + isContainer = true; + loader.initScript.enable = true; + }; + + networking = mkIf (!cfg.manageNetwork) { + useDHCP = false; + useHostResolvConf = false; + useNetworkd = true; + # pick up hostname from /etc/hostname generated by proxmox + hostName = mkIf (!cfg.manageHostName) (mkForce ""); + }; + + services.openssh = { + enable = mkDefault true; + startWhenNeeded = mkDefault true; + }; + + systemd.mounts = + mkIf (!cfg.privileged) + [ + { + where = "/sys/kernel/debug"; + enable = false; + } + ]; + }; +} diff --git a/applications/restic.nix b/applications/restic.nix index e410a5f..15a8d19 100644 --- a/applications/restic.nix +++ b/applications/restic.nix @@ -83,6 +83,9 @@ with lib; let )); in { imports = [ + ./dns.nix + ./nginx.nix + ./acme.nix ]; # using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base @@ -142,6 +145,20 @@ in { default = false; }; }; + + nuked = { + enable = mkEnableOption "Nuked Backup server"; + + port = mkOption { + type = types.port; + default = 8765; + }; + + appendOnly = mkOption { + type = types.bool; + default = false; + }; + }; }; config = mkMerge [ @@ -195,5 +212,58 @@ in { } ]; }) + + # restic -r rest:https://skynet:testing@nuked.skynet.ie/ init + (mkIf cfg.nuked.enable { + assertions = [ + { + assertion = !cfg.server.enable; + message = "Our backup and Nuked backup cannot co-exist"; + } + ]; + + services.skynet.acme.domains = [ + "nuked.skynet.ie" + ]; + + services.skynet.dns.records = [ + { + record = "nuked"; + r_type = "CNAME"; + value = config.services.skynet.host.name; + } + ]; + + services.nginx.virtualHosts = { + "nuked.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + locations."/" = { + proxyPass = "http://${config.services.restic.server.listenAddress}"; + proxyWebsockets = true; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + cfg.nuked.port + ]; + + age.secrets.restic_pw = { + file = ../secrets/backup/nuked.age; + path = "${config.services.restic.server.dataDir}/.htpasswd"; + symlink = false; + mode = "770"; + owner = "restic"; + group = "restic"; + }; + + services.restic.server = { + enable = true; + listenAddress = "${config.services.skynet.host.ip}:${toString cfg.server.port}"; + appendOnly = cfg.nuked.appendOnly; + privateRepos = true; + }; + }) ]; } diff --git a/applications/skynet.ie/skynet.ie.nix b/applications/skynet.ie.nix similarity index 54% rename from applications/skynet.ie/skynet.ie.nix rename to applications/skynet.ie.nix index 99cc46d..fe83fc4 100644 --- a/applications/skynet.ie/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -10,15 +10,8 @@ with lib; let cfg = config.services.skynet."${name}"; in { imports = [ - # import in past website versions, available at $year.skynet.ie - # at teh end of teh year add it here - (import ./old_site.nix {year = "2024";}) - (import ./old_site.nix {year = "2023";}) - (import ./old_site.nix {year = "2022";}) - (import ./old_site.nix {year = "2016";}) - (import ./old_site.nix {year = "2006";}) - (import ./old_site.nix {year = "2003";}) - (import ./old_site.nix {year = "1996";}) + ./acme.nix + ./dns.nix ]; options.services.skynet."${name}" = { @@ -27,8 +20,11 @@ in { config = mkIf cfg.enable { services.skynet.acme.domains = [ - "*.skynet.ie" - "*.discord.skynet.ie" + # the root one is already covered by teh certificate + "2016.skynet.ie" + "discord.skynet.ie" + "public.skynet.ie" + "renew.skynet.ie" ]; services.skynet.dns.records = [ @@ -39,7 +35,7 @@ in { value = config.services.skynet.host.ip; } { - record = "www"; + record = "2016"; r_type = "CNAME"; value = config.services.skynet.host.name; } @@ -48,30 +44,28 @@ in { r_type = "CNAME"; value = config.services.skynet.host.name; } - { - record = "wolves"; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } { record = "public"; r_type = "CNAME"; value = config.services.skynet.host.name; } { - record = "*.discord"; + record = "renew"; r_type = "CNAME"; value = config.services.skynet.host.name; } ]; services.nginx = { - virtualHosts = let - main_site = { + virtualHosts = { + # main site + "skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; locations = { - "/".root = "${inputs.skynet_website.defaultPackage."x86_64-linux"}"; + "/" = { + root = "${inputs.skynet_website.defaultPackage."x86_64-linux"}"; + }; # this redirects old links to new format "~* ~(?[a-z_0-9]*)(?\\S*)$" = { @@ -80,15 +74,12 @@ in { }; }; }; - in { - # main site - "www.skynet.ie" = main_site; - "skynet.ie" = main_site; - "wolves.skynet.ie" = { + # archive of teh site as it was ~2012 to 2016 + "2016.skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; - locations."/".return = "307 https://ulwolves.ie/society/computer"; + root = "${inputs.skynet_website_2016.defaultPackage."x86_64-linux"}"; }; # a custom discord url, because we are too cheap otehrwise @@ -97,16 +88,6 @@ in { useACMEHost = "skynet"; locations."/".return = "307 https://discord.gg/mkuKJkCuyM"; }; - "compsoc.discord.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://discord.gg/mkuKJkCuyM"; - }; - "committee.discord.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://discord.gg/D6mbASJKxU"; - }; "public.skynet.ie" = { forceSSL = true; @@ -114,20 +95,13 @@ in { root = "${inputs.compsoc_public.packages.x86_64-linux.default}"; locations."/".extraConfig = "autoindex on;"; }; - }; - }; - # Some old sites need a php pool running - services.phpfpm.pools.old_sites = { - user = "nobody"; - settings = { - "pm" = "dynamic"; - "listen.owner" = config.services.nginx.user; - "pm.max_children" = 5; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 1; - "pm.max_spare_servers" = 3; - "pm.max_requests" = 500; + # for alumni members to renew their account + "renew.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + root = "${inputs.skynet_website_renew.defaultPackage."x86_64-linux"}"; + }; }; }; }; diff --git a/applications/skynet.ie/old_site.nix b/applications/skynet.ie/old_site.nix deleted file mode 100644 index 18f80df..0000000 --- a/applications/skynet.ie/old_site.nix +++ /dev/null @@ -1,52 +0,0 @@ -{year}: { - config, - pkgs, - lib, - inputs, - ... -}: -with lib; { - imports = []; - - config = { - services.skynet.dns.records = [ - { - record = year; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } - ]; - - services.nginx = { - virtualHosts = { - "${year}.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - root = "${inputs."skynet_website_${year}".defaultPackage."x86_64-linux"}"; - # Handle any of the old php sites - # https://stackoverflow.com/a/21911610 - locations = { - "/" = { - index = "index.html index.htm index.php"; - tryFiles = "$uri $uri.html $uri/ @extensionless-php"; - }; - - "~ \\.php$" = { - extraConfig = '' - fastcgi_pass unix:${config.services.phpfpm.pools.old_sites.socket}; - fastcgi_index index.php; - ''; - tryFiles = "$uri =404"; - }; - - "@extensionless-php" = { - extraConfig = '' - rewrite ^(.*)$ $1.php last; - ''; - }; - }; - }; - }; - }; - }; -} diff --git a/applications/skynet.ie/wiki.nix b/applications/skynet.ie/wiki.nix deleted file mode 100644 index 19250b3..0000000 --- a/applications/skynet.ie/wiki.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - config, - pkgs, - lib, - inputs, - ... -}: -with lib; let - name = "wiki"; - cfg = config.services.skynet."${name}"; -in { - imports = [ - ]; - - options.services.skynet."${name}" = { - enable = mkEnableOption "Skynet Wiki"; - }; - - config = mkIf cfg.enable { - services.skynet.dns.records = [ - { - record = "renew"; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } - { - record = "wiki"; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } - ]; - - services.nginx = { - virtualHosts = { - "wiki.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - root = "${inputs.skynet_website_wiki.defaultPackage."x86_64-linux"}"; - # https://stackoverflow.com/a/38238001/11964934 - extraConfig = '' - location / { - if ($request_uri ~ ^/(.*)\.html) { - return 302 /$1; - } - try_files $uri $uri.html $uri/ =404; - } - ''; - }; - - # redirect old links to the new wiki - "renew.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - locations."/".return = "307 https://wiki.skynet.ie"; - }; - }; - }; - }; -} diff --git a/applications/skynet_users.nix b/applications/skynet_users.nix index 88347a2..0ff76e1 100644 --- a/applications/skynet_users.nix +++ b/applications/skynet_users.nix @@ -9,25 +9,11 @@ with lib; let name = "website_users"; cfg = config.services.skynet."${name}"; php_pool = name; - - custom = domain: user: { - "${domain}" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - alias = "/home/${user}/public_html/"; - index = "index.html"; - extraConfig = '' - autoindex on; - ''; - tryFiles = "$uri$args $uri$args/ /index.html"; - }; - }; - }; - }; in { imports = [ + ./acme.nix + ./dns.nix + ./nginx.nix ]; options.services.skynet."${name}" = { @@ -35,10 +21,7 @@ in { }; config = { - # we havea more limited ports range on the skynet server - services.skynet.prometheus.ports = { - node = 9000; - }; + # ssh access # allow more than admins access services.skynet.ldap_client = { @@ -101,46 +84,41 @@ in { phpEnv."PATH" = lib.makeBinPath [pkgs.php]; }; - services.nginx.virtualHosts = lib.mkMerge [ + services.nginx.virtualHosts = { # main site - { - "*.users.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - serverName = "~^(?.+)\.users\.skynet\.ie"; + "*.users.skynet.ie" = { + forceSSL = true; + useACMEHost = "skynet"; + serverName = "~^(?.+)\.users\.skynet\.ie"; - # username.users.skynet.ie/ - # user goes: - # chmod 711 ~ - # chmod -R 755 ~/public_html + # username.users.skynet.ie/ + # user goes: + # chmod 711 ~ + # chmod -R 755 ~/public_html - locations = { - "/" = { - alias = "/home/$user/public_html/"; - index = "index.html"; - extraConfig = '' - autoindex on; - ''; - tryFiles = "$uri$args $uri$args/ /index.html"; - }; + locations = { + "/" = { + alias = "/home/$user/public_html/"; + index = "index.html"; + extraConfig = '' + autoindex on; + ''; + tryFiles = "$uri$args $uri$args/ /index.html"; + }; - "~ ^(.+\\.php)(.*)$" = { - root = "/home/$user/public_html/"; - index = "index.php"; - extraConfig = '' - autoindex on; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools.${php_pool}.socket}; - include ${pkgs.nginx}/conf/fastcgi.conf; - ''; - tryFiles = "$uri$args $uri$args/ /index.php"; - }; + "~ ^(.+\\.php)(.*)$" = { + root = "/home/$user/public_html/"; + index = "index.php"; + extraConfig = '' + autoindex on; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools.${php_pool}.socket}; + include ${pkgs.nginx}/conf/fastcgi.conf; + ''; + tryFiles = "$uri$args $uri$args/ /index.php"; }; }; - } - - (custom "outinul.ie" "outinul") - (custom "www.outinul.ie" "outinul") - ]; + }; + }; }; } diff --git a/applications/sso.nix b/applications/sso.nix deleted file mode 100644 index 3bae2c2..0000000 --- a/applications/sso.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ - lib, - config, - ... -}: -with lib; let - name = "sso"; - cfg = config.services.skynet."${name}"; -in { - imports = [ - ]; - - options.services.skynet."${name}" = { - enable = mkEnableOption "Keycloak server"; - - datasource = { - name = mkOption { - type = types.str; - }; - - url = mkOption { - type = types.str; - }; - }; - }; - - config = mkIf cfg.enable { - services.skynet.dns.records = [ - { - record = "${name}"; - r_type = "CNAME"; - value = config.services.skynet.host.name; - } - ]; - - services.skynet.acme.domains = [ - "${name}.skynet.ie" - ]; - - age.secrets.keycloak_pw.file = ../secrets/keycloak/pw.age; - - services.nginx.virtualHosts = { - "${name}.skynet.ie" = { - forceSSL = true; - useACMEHost = "skynet"; - locations = { - "/" = { - proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}/"; - }; - }; - }; - }; - - services.postgresql.enable = true; - - services.keycloak = { - enable = true; - - initialAdminPassword = "sharky_loves_sso"; - - database = { - type = "postgresql"; - createLocally = true; - - username = "keycloak"; - passwordFile = config.age.secrets.keycloak_pw.path; - }; - - settings = { - hostname = "${name}.skynet.ie"; - http-port = 38080; - proxy-headers = "xforwarded"; - http-enabled = true; - }; - }; - }; -} diff --git a/applications/ulfm.nix b/applications/ulfm.nix index d7bd97b..b1013f3 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -9,6 +9,10 @@ with lib; let cfg = config.services.skynet."${name}"; in { imports = [ + ./acme.nix + ./dns.nix + ./firewall.nix + ./nginx.nix ]; options.services.skynet."${name}" = { diff --git a/config/dns.nix b/config/dns.nix index ccb1df3..0dd6133 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -1,70 +1,92 @@ {lib, ...}: { imports = [ + # Paths to other modules. + # Compose this module out of smaller ones. ]; + # this needs to mirror ../applications/dns.nix options.skynet.records = lib.mkOption { description = "Records, sorted based on therir type"; - type = lib.types.listOf (lib.types.submodule (import ../applications/dns/options-records.nix { - inherit lib; - })); + type = with lib.types; + listOf (submodule { + options = { + record = lib.mkOption { + type = str; + }; + r_type = lib.mkOption { + type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; + }; + value = lib.mkOption { + type = str; + }; + server = lib.mkOption { + description = "Core record for a server"; + type = bool; + default = false; + }; + }; + }); }; config = { - skynet.records = - [ - # Proxmox hosts - { - record = "jarvis"; - r_type = "A"; - value = "193.1.99.73"; - server = true; - } - { - record = "ultron"; - r_type = "A"; - value = "193.1.99.84"; - server = true; - } - # wifi in server room - { - record = "ash"; - r_type = "A"; - value = "193.1.99.114"; - server = true; - } - { - record = "mimi"; - r_type = "A"; - value = "193.1.99.86"; - server = true; - } - { - record = "nuked"; - r_type = "CNAME"; - value = "neuromancer.skynet.ie."; - } - ] - # non skynet domains - ++ [ - { - domain = "conradcollins.net"; - record = "www"; - r_type = "CNAME"; - value = "skynet.skynet.ie."; - } - - { - domain = "edelharty.net"; - record = "www"; - r_type = "CNAME"; - value = "skynet.skynet.ie."; - } - { - domain = "damienconroy.com"; - record = "www"; - r_type = "CNAME"; - value = "skynet.skynet.ie."; - } - ]; + skynet.records = [ + { + record = "optimus"; + r_type = "A"; + value = "193.1.99.90"; + server = true; + } + { + record = "panel.games"; + r_type = "CNAME"; + value = "optimus"; + } + { + record = "bumblebee"; + r_type = "A"; + value = "193.1.99.91"; + server = true; + } + { + record = "minecraft.compsoc.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; + } + { + record = "minecraft-classic.compsoc.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25520 minecraft-classic.compsoc.games.skynet.ie."; + } + { + record = "minecraft.gsoc.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25521 minecraft.gsoc.games.skynet.ie."; + } + { + record = "minecraft.phildeb.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25522 minecraft.phildeb.games.skynet.ie."; + } + ]; }; } diff --git a/config/users.nix b/config/users.nix index d49d998..eafa6ba 100644 --- a/config/users.nix +++ b/config/users.nix @@ -1,11 +1,6 @@ -{ - lib, - config, - ... -}: +{lib, ...}: with lib; let port_backend = "8087"; - cfg = config.skynet.users; in { options.skynet = { users = { @@ -49,49 +44,29 @@ in { config.skynet = { users = { - committee = lib.lists.unique ( - # Committee - Core - [ - # President - "silver" - # Secretary - "kaiden" - # Treasurer - "peace" - # PRO - "amymucko" - # HSO - "skyapples" - ] - # Committee - OCM - ++ [ - "connormc" - "cordlesscoder" - "dca_" - "eliza" - "emilyrutai" - "generically" - "mysticwolf" - "nanda" - "rituk_0817" - "sania_m" - "shourjyo24_" - "sunny" - "tatabbyi" - "wormyworm5" - ] - # Committee - SISTEM - ++ [] - # Admins are part of Committee as well - ++ cfg.admin - ); + committee = [ + "silver" + "eoghanconlon73" + "sidhiel" + "maksimsger1" + "kaiden" + "pine" + "nanda" + "sourabh1805" + "kronsy" + "skyapples" + ]; admin = [ "silver" "evanc" + "eoghanconlon73" "eliza" "esy" ]; - trainee = []; + trainee = [ + "milan" + "kronsy" + ]; lifetime = []; banned = []; diff --git a/flake.lock b/flake.lock index 6f89ba0..874f430 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1715290355, + "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", "type": "github" }, "original": { @@ -30,35 +30,16 @@ ] }, "locked": { - "lastModified": 1733729059, - "narHash": "sha256-5xYai0KZirUX2EQpNMMCWoC27932n/i1E4KeVRIss7s=", + "lastModified": 1660592437, + "narHash": "sha256-xFumnivtVwu5fFBOrTxrv6fv3geHKF04RGP23EsDVaI=", "owner": "kamadorueda", "repo": "alejandra", - "rev": "6db88764334bd6a8b7a33cb312c318baad1d5e93", - "type": "github" - }, - "original": { - "owner": "kamadorueda", - "repo": "alejandra", - "type": "github" - } - }, - "alejandra_2": { - "inputs": { - "fenix": "fenix_2", - "flakeCompat": "flakeCompat_2", - "nixpkgs": "nixpkgs_24" - }, - "locked": { - "lastModified": 1719514321, - "narHash": "sha256-ys1nJdZ8zB8JlpUbQmnj0hZalg03bEPgQdZN30DhETE=", - "owner": "kamadorueda", - "repo": "alejandra", - "rev": "d7552fef2ccf1bbf0d36b27f6fddb19073f205b7", + "rev": "e7eac49074b70814b542fee987af2987dd0520b5", "type": "github" }, "original": { "owner": "kamadorueda", + "ref": "3.0.0", "repo": "alejandra", "type": "github" } @@ -67,14 +48,15 @@ "inputs": { "flake-parts": "flake-parts", "haskell-flake": "haskell-flake", + "hercules-ci-effects": "hercules-ci-effects", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1733918465, - "narHash": "sha256-hSuGa8Hh67EHr2x812Ay6WFyFT2BGKn+zk+FJWeKXPg=", + "lastModified": 1714877287, + "narHash": "sha256-mf1/RfkyhzwLLeqU8AdosbBfRQuQzuVMX7XL7GejoRI=", "owner": "hercules-ci", "repo": "arion", - "rev": "f01c95c10f9d4f04bb08d97b3233b530b180f12e", + "rev": "e9945eb6cdaf5c946bacd5a330e7b5ac7b3b2fdd", "type": "github" }, "original": { @@ -83,18 +65,40 @@ "type": "github" } }, + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1711742460, + "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, "bfom": { "inputs": { "naersk": "naersk", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "utils": "utils" }, "locked": { - "lastModified": 1723500950, - "narHash": "sha256-t1eApFGI+JzLIW2YToLlDV20n+Nevk1q4fZBYU1m93I=", + "lastModified": 1714337293, + "narHash": "sha256-QjAnpRT/LqcjNo/ofoAjylG4VyfWMIIMVc+KuQaJOZQ=", "owner": "silver_rust", "repo": "bfom", - "rev": "7f339f28442758ecc3f1697e3f70d441973664b9", + "rev": "664e5377329f8052fa7446c312ba29ca1025de4e", "type": "gitlab" }, "original": { @@ -121,18 +125,17 @@ }, "colmena": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_3", + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_4", "stable": "stable" }, "locked": { - "lastModified": 1734897875, - "narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=", + "lastModified": 1711386353, + "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", "owner": "zhaofengli", "repo": "colmena", - "rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e", + "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", "type": "github" }, "original": { @@ -144,21 +147,44 @@ "compsoc_public": { "inputs": { "bfom": "bfom", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "utils": "utils_2" }, "locked": { - "lastModified": 1758582048, - "narHash": "sha256-SIt6rPXx7O3YMrEw8YrwHNMjOrrJLu/Tf1sMll1Qp9A=", - "ref": "refs/heads/main", - "rev": "4d825caf25cb966ddb5ce33a0e9b2aa73b0262c6", - "revCount": 130, - "type": "git", - "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" + "host": "gitlab.skynet.ie", + "lastModified": 1715528953, + "narHash": "sha256-NWoCV1SauW8H/MibwAC+JWoomjpkIruGqfV/JTM1D4Q=", + "owner": "compsoc1%2Fcompsoc", + "repo": "presentations%2Fpresentations", + "rev": "4855b0468e1e5118d11130b164b1d57a42251add", + "type": "gitlab" }, "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Computer_Society/presentations_compsoc" + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fcompsoc", + "repo": "presentations%2Fpresentations", + "type": "gitlab" + } + }, + "crane": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702918879, + "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", + "owner": "ipetkov", + "repo": "crane", + "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" } }, "darwin": { @@ -192,34 +218,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1730615655, - "narHash": "sha256-2HBR3zLn57LXKNRtxBb+O+uDqHM4n0pz51rPayMl4cg=", + "lastModified": 1657607339, + "narHash": "sha256-HaqoAwlbVVZH2n4P3jN2FFPMpVuhxDy1poNOR7kzODc=", "owner": "nix-community", "repo": "fenix", - "rev": "efeb50e2535b17ffd4a135e6e3e5fd60a525180c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, - "fenix_2": { - "inputs": { - "nixpkgs": [ - "skynet_website_wiki", - "alejandra", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src_2" - }, - "locked": { - "lastModified": 1668234453, - "narHash": "sha256-FmuZThToBvRsqCauYJ3l8HJoGLAY5cMULeYEKIaGrRw=", - "owner": "nix-community", - "repo": "fenix", - "rev": "8f219f6b36e8d0d56afa7f67e6e3df63ef013cdb", + "rev": "b814c83d9e6aa5a28d0cf356ecfdafb2505ad37d", "type": "github" }, "original": { @@ -229,6 +232,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1650374568, @@ -244,14 +263,14 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", "type": "github" }, "original": { @@ -268,11 +287,11 @@ ] }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1714641030, + "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", "type": "github" }, "original": { @@ -281,7 +300,43 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "arion", + "hercules-ci-effects", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -296,16 +351,16 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { "systems": "systems_4" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -315,22 +370,6 @@ } }, "flakeCompat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flakeCompat_2": { "flake": false, "locked": { "lastModified": 1650374568, @@ -346,54 +385,6 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": [ - "simple-nixos-mailserver", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "simple-nixos-mailserver", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "simple-nixos-mailserver", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "haskell-flake": { "locked": { "lastModified": 1675296942, @@ -410,6 +401,28 @@ "type": "github" } }, + "hercules-ci-effects": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "arion", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1713898448, + "narHash": "sha256-6q6ojsp/Z9P2goqnxyfCSzFOD92T3Uobmj8oVAicUOs=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "c0302ec12d569532a6b6bd218f698bc402e93adc", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -433,7 +446,7 @@ }, "naersk": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1713520724, @@ -451,14 +464,14 @@ }, "naersk_2": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1721727458, - "narHash": "sha256-r/xppY958gmZ4oTfLiHN0ZGuQ+RSTijDblVgVLFi1mw=", + "lastModified": 1692351612, + "narHash": "sha256-KTGonidcdaLadRnv9KFgwSMh1ZbXoR/OBmPjeNMhFwU=", "owner": "nix-community", "repo": "naersk", - "rev": "3fb418eaf352498f6b6c30592e3beb63df42ef11", + "rev": "78789c30d64dea2396c9da516bbcc8db3a475207", "type": "github" }, "original": { @@ -469,14 +482,14 @@ }, "naersk_3": { "inputs": { - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1745925850, - "narHash": "sha256-cyAAMal0aPrlb1NgzMxZqeN1mAJ2pJseDhm2m6Um8T0=", + "lastModified": 1686572087, + "narHash": "sha256-jXTut7ZSYqLEgm/nTk7TuVL2ExahTip605bLINklAnQ=", "owner": "nix-community", "repo": "naersk", - "rev": "38bc60bbc157ae266d4a0c96671c6c742ee17a5f", + "rev": "8507af04eb40c5520bd35d9ce6f9d2342cea5ad1", "type": "github" }, "original": { @@ -485,45 +498,6 @@ "type": "github" } }, - "naersk_4": { - "inputs": { - "nixpkgs": "nixpkgs_12" - }, - "locked": { - "lastModified": 1739824009, - "narHash": "sha256-fcNrCMUWVLMG3gKC5M9CBqVOAnJtyRvGPxptQFl5mVg=", - "owner": "nix-community", - "repo": "naersk", - "rev": "e5130d37369bfa600144c2424270c96f0ef0e11d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "naersk", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "colmena", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729742964, - "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1703013332, @@ -540,131 +514,97 @@ "type": "github" } }, - "nixpkgs-25_05": { + "nixpkgs-22_11": { "locked": { - "lastModified": 1753749649, - "narHash": "sha256-+jkEZxs7bfOKfBIk430K+tK9IvXlwzqQQnppC2ZKFj4=", + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs-23_05": { + "locked": { + "lastModified": 1684782344, + "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1711460390, + "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-mozilla": { - "flake": false, - "locked": { - "lastModified": 1744624473, - "narHash": "sha256-S6zT/w5SyAkJ//dYdjbrXgm+6Vkd/k7qqUl4WgZ6jjk=", - "owner": "mozilla", - "repo": "nixpkgs-mozilla", - "rev": "2292d4b35aa854e312ad2e95c4bb5c293656f21a", - "type": "github" - }, - "original": { - "owner": "mozilla", - "repo": "nixpkgs-mozilla", - "type": "github" - } - }, - "nixpkgs-mozilla_2": { - "flake": false, - "locked": { - "lastModified": 1744624473, - "narHash": "sha256-S6zT/w5SyAkJ//dYdjbrXgm+6Vkd/k7qqUl4WgZ6jjk=", - "owner": "mozilla", - "repo": "nixpkgs-mozilla", - "rev": "2292d4b35aa854e312ad2e95c4bb5c293656f21a", - "type": "github" - }, - "original": { - "owner": "mozilla", - "repo": "nixpkgs-mozilla", - "type": "github" - } - }, - "nixpkgs-mozilla_3": { - "flake": false, - "locked": { - "lastModified": 1740762144, - "narHash": "sha256-I7a6e3IYJAp9u3PwUSW1+oilO1tAfnbeN3/YJQ+ObCo=", - "owner": "mozilla", - "repo": "nixpkgs-mozilla", - "rev": "e35b0e071cae97469d80222be988fdd972b22c3b", - "type": "github" - }, - "original": { - "owner": "mozilla", - "repo": "nixpkgs-mozilla", - "type": "github" - } - }, "nixpkgs_10": { "locked": { - "lastModified": 1750731501, - "narHash": "sha256-Ah4qq+SbwMaGkuXCibyg+Fwn00el4KmI3XFX6htfDuk=", + "lastModified": 1693087214, + "narHash": "sha256-Kn1SSqRfPpqcI1MDy82JXrPT1WI8c03TA2F0xu6kS+4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "69dfebb3d175bde602f612915c5576a41b18486b", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1750506804, - "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "rev": "f155f0cf4ea43c4e3c8918d2d327d44777b6cad4", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs_11": { + "locked": { + "lastModified": 1687011986, + "narHash": "sha256-ZNSi/wBw12d7LO8YcZ4aehIlPp4lgSkKbrHaoF80IKI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2c09e8eb8717e240ef9c5727c1cc9186db9fb309", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-unstable", "type": "indirect" } }, "nixpkgs_12": { "locked": { - "lastModified": 1741462378, - "narHash": "sha256-ZF3YOjq+vTcH51S+qWa1oGA9FgmdJ67nTNPG2OIlXDc=", + "lastModified": 1686921029, + "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2d9e4457f8e83120c9fdf6f1707ed0bc603e5ac9", + "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", "type": "github" }, "original": { "id": "nixpkgs", + "ref": "nixos-23.05", "type": "indirect" } }, "nixpkgs_13": { - "locked": { - "lastModified": 1741513245, - "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, - "nixpkgs_14": { "locked": { "lastModified": 1687274257, "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=", @@ -678,107 +618,7 @@ "type": "indirect" } }, - "nixpkgs_15": { - "locked": { - "lastModified": 1724114134, - "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f02fa2f654c7bcc45f0e815c29d093da7f1245b4", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_16": { - "locked": { - "lastModified": 1741037377, - "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "02032da4af073d0f6110540c8677f16d4be0117f", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_17": { - "locked": { - "lastModified": 1741037377, - "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "02032da4af073d0f6110540c8677f16d4be0117f", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_18": { - "locked": { - "lastModified": 1741037377, - "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "02032da4af073d0f6110540c8677f16d4be0117f", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_19": { - "locked": { - "lastModified": 1690026219, - "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_20": { - "locked": { - "lastModified": 1724114134, - "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f02fa2f654c7bcc45f0e815c29d093da7f1245b4", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_21": { + "nixpkgs_14": { "locked": { "lastModified": 1689935543, "narHash": "sha256-6GQ9ib4dA/r1leC5VUpsBo0BmDvNxLjKrX1iyL+h8mc=", @@ -792,13 +632,13 @@ "type": "indirect" } }, - "nixpkgs_22": { + "nixpkgs_15": { "locked": { - "lastModified": 1724114134, - "narHash": "sha256-V/w5MIQy4jTG/L7/V/AL2BF5gSEWCfxHVDQdzLBCV18=", + "lastModified": 1690026219, + "narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f02fa2f654c7bcc45f0e815c29d093da7f1245b4", + "rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73", "type": "github" }, "original": { @@ -806,7 +646,7 @@ "type": "indirect" } }, - "nixpkgs_23": { + "nixpkgs_16": { "locked": { "lastModified": 1695978539, "narHash": "sha256-lta5HToBZMWZ2hl5CautNSUgIZViR41QxN7JKbMAjgQ=", @@ -820,29 +660,13 @@ "type": "indirect" } }, - "nixpkgs_24": { + "nixpkgs_17": { "locked": { - "lastModified": 1668226844, - "narHash": "sha256-G/S4FBWDAqHeBS/hfXwUCJbnaKnrQFoeeKwzvZEOgxM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "dd4767bf613bf9553eee6ff37c0996b9c876e7d8", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_25": { - "locked": { - "lastModified": 1724395761, - "narHash": "sha256-zRkDV/nbrnp3Y8oCADf5ETl1sDrdmAW6/bBVJ8EbIdQ=", + "lastModified": 1695837737, + "narHash": "sha256-KcqmJ5hNacLuE7fkz5586kp/vt4NLo6+Prq3DMgrxpQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ae815cee91b417be55d43781eb4b73ae1ecc396c", + "rev": "517501bcf14ae6ec47efd6a17dda0ca8e6d866f9", "type": "github" }, "original": { @@ -850,13 +674,13 @@ "type": "indirect" } }, - "nixpkgs_3": { + "nixpkgs_2": { "locked": { - "lastModified": 1734119587, - "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", + "lastModified": 1714635257, + "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", + "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", "type": "github" }, "original": { @@ -866,18 +690,36 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { - "lastModified": 1714091391, - "narHash": "sha256-68n3GBvlm1MIeJXadPzQ3v8Y9sIW3zmv8gI5w5sliC8=", + "lastModified": 1711401922, + "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4c86138ce486d601d956a165e2f7a0fc029a03c1", + "rev": "07262b18b97000d16a4bdb003418bd2fb067a932", "type": "github" }, "original": { - "id": "nixpkgs", - "type": "indirect" + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1696019113, + "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_5": { @@ -896,55 +738,39 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1756787288, - "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", + "lastModified": 1714091391, + "narHash": "sha256-68n3GBvlm1MIeJXadPzQ3v8Y9sIW3zmv8gI5w5sliC8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", + "rev": "4c86138ce486d601d956a165e2f7a0fc029a03c1", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-unstable", "type": "indirect" } }, "nixpkgs_7": { "locked": { - "lastModified": 1751271578, - "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "lastModified": 1715413075, + "narHash": "sha256-FCi3R1MeS5bVp0M0xTheveP6hhcCYfW/aghSTPebYL4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "rev": "e4e7a43a9db7e22613accfeb1005cca1b2b1ee0d", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-unstable", "type": "indirect" } }, "nixpkgs_8": { "locked": { - "lastModified": 1723151389, - "narHash": "sha256-9AVY0ReCmSGXHrlx78+1RrqcDgVSRhHUKDVV1LLBy28=", + "lastModified": 1715266358, + "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13fe00cb6c75461901f072ae62b5805baef9f8b2", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_9": { - "locked": { - "lastModified": 1722995383, - "narHash": "sha256-UzuXo7ZM8ZK0SkWFhHocKkLSGQPHS4JxaE1jvVR4fUo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "957d95fc8b9bf1eb60d43f8d2eba352b71bbf2be", + "rev": "f1010e0469db743d14519a1efd37e23f8513d714", "type": "github" }, "original": { @@ -953,57 +779,48 @@ "type": "indirect" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1693060755, + "narHash": "sha256-KNsbfqewEziFJEpPR0qvVz4rx0x6QXxw1CcunRhlFdk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c66ccfa00c643751da2fd9290e096ceaa30493fc", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "root": { "inputs": { "agenix": "agenix", "alejandra": "alejandra", "arion": "arion", + "attic": "attic", "colmena": "colmena", "compsoc_public": "compsoc_public", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_7", + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_8", "simple-nixos-mailserver": "simple-nixos-mailserver", "skynet_discord_bot": "skynet_discord_bot", - "skynet_discord_bot_t-800": "skynet_discord_bot_t-800", "skynet_ldap_backend": "skynet_ldap_backend", "skynet_ldap_frontend": "skynet_ldap_frontend", "skynet_website": "skynet_website", - "skynet_website_1996": "skynet_website_1996", - "skynet_website_2003": "skynet_website_2003", - "skynet_website_2006": "skynet_website_2006", "skynet_website_2016": "skynet_website_2016", - "skynet_website_2022": "skynet_website_2022", - "skynet_website_2023": "skynet_website_2023", - "skynet_website_2024": "skynet_website_2024", "skynet_website_games": "skynet_website_games", - "skynet_website_wiki": "skynet_website_wiki" + "skynet_website_renew": "skynet_website_renew" } }, "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1730555913, - "narHash": "sha256-KNHZUlqsEibg3YtfUyOFQSofP8hp1HKoY+laoesBxRM=", + "lastModified": 1657557289, + "narHash": "sha256-PRW+nUwuqNTRAEa83SfX+7g+g8nQ+2MMbasQ9nt6+UM=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "f17a5bbfd0969ba2e63a74505a80e55ecb174ed9", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, - "rust-analyzer-src_2": { - "flake": false, - "locked": { - "lastModified": 1668182250, - "narHash": "sha256-PYGaOCiFvnJdVz+ZCaKF8geGdffXjJUNcMwaBHv0FT4=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "45ec315e01dc8dd1146dfeb65f0ef6e5c2efed78", + "rev": "caf23f29144b371035b864a1017dbc32573ad56d", "type": "github" }, "original": { @@ -1016,318 +833,191 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_2", - "git-hooks": "git-hooks", + "flake-compat": "flake-compat_3", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-25_05": "nixpkgs-25_05" + "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-23_05": "nixpkgs-23_05", + "utils": "utils_3" }, "locked": { - "lastModified": 1758367587, - "narHash": "sha256-crj6Ps1BwNbmsk7I7v6K2Dw55vczuQRtTklYiFiQ0Jw=", - "ref": "refs/heads/master", - "rev": "8bca7ebf09d3eb2bfcafe41b9133ee262f09558d", - "revCount": 794, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/misc_nixos-mailserver" + "host": "gitlab.skynet.ie", + "lastModified": 1696865182, + "narHash": "sha256-zyUUOA+RiwRjLP6+zi80p5pqftYK3+9yIN5wQ9VlGkw=", + "owner": "compsoc1%2Fskynet", + "repo": "misc%2Fnixos-mailserver", + "rev": "14007ae0eaeba4cc0235135f872122e398f09040", + "type": "gitlab" }, "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/misc_nixos-mailserver" + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "misc%2Fnixos-mailserver", + "type": "gitlab" } }, "skynet_discord_bot": { "inputs": { "naersk": "naersk_2", - "nixpkgs": "nixpkgs_9", - "nixpkgs-mozilla": "nixpkgs-mozilla", - "utils": "utils_3" - }, - "locked": { - "lastModified": 1758295049, - "narHash": "sha256-h14Vl/OVguj5jD54xf+3w3DBIloQkoFBH86/xJ35jV8=", - "ref": "refs/heads/main", - "rev": "313be247d96131fbea418b826d7b68521c48bd8a", - "revCount": 326, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/discord-bot" - }, - "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/discord-bot" - } - }, - "skynet_discord_bot_t-800": { - "inputs": { - "naersk": "naersk_3", - "nixpkgs": "nixpkgs_11", - "nixpkgs-mozilla": "nixpkgs-mozilla_2", + "nixpkgs": "nixpkgs_10", "utils": "utils_4" }, "locked": { - "lastModified": 1752232947, - "narHash": "sha256-WW6gL8JSoJu6p+3Xnea9J8+epWtSOs3O9Sk/+Uz+ZnM=", - "ref": "refs/heads/main", - "rev": "379cc1d431ec8395c368dae773d7c4120bee57d7", - "revCount": 28, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/discord-bot-t-800" + "host": "gitlab.skynet.ie", + "lastModified": 1717453955, + "narHash": "sha256-axbeauP+9PP4qiwCiMvvGd6XTnjv12+QkZP3K2yFCeU=", + "owner": "compsoc1%2Fskynet", + "repo": "discord-bot", + "rev": "48b52f3c0905af7341e45e2b950aba43af68c80e", + "type": "gitlab" }, "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/discord-bot-t-800" + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "discord-bot", + "type": "gitlab" } }, "skynet_ldap_backend": { "inputs": { - "naersk": "naersk_4", - "nixpkgs": "nixpkgs_13", - "nixpkgs-mozilla": "nixpkgs-mozilla_3", + "naersk": "naersk_3", + "nixpkgs": "nixpkgs_12", "utils": "utils_5" }, "locked": { - "lastModified": 1757267915, - "narHash": "sha256-cJA/dTc+VCjODKu5WEycBrEZRxd4STzxhpfUK2kIS4g=", - "ref": "refs/heads/main", - "rev": "3d882056bc78707ff57321862522ca8d1fc2a3c1", - "revCount": 252, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" + "host": "gitlab.skynet.ie", + "lastModified": 1717782746, + "narHash": "sha256-LZovqXjhDIUe/T+bU5wtwN1RbcPjkZK6yQNhPa9Nrwc=", + "owner": "compsoc1%2Fskynet", + "repo": "ldap%2Fbackend", + "rev": "5b94811276d70b00cc292081f623b6f52a710b84", + "type": "gitlab" }, "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/ldap_backend" + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "ldap%2Fbackend", + "type": "gitlab" } }, "skynet_ldap_frontend": { "inputs": { - "nixpkgs": "nixpkgs_14", + "nixpkgs": "nixpkgs_13", "utils": "utils_6" }, "locked": { - "lastModified": 1727122070, - "narHash": "sha256-X6g3kBASjv8NZxea2cdkBQ9YAIZdPWdAButM+LjeYm0=", - "ref": "refs/heads/main", - "rev": "e09818ca6b27bf98cf63c3427a7253309c39a816", - "revCount": 229, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/ldap_frontend" + "host": "gitlab.skynet.ie", + "lastModified": 1708277300, + "narHash": "sha256-Y8wKzGJQ69w375faAYGukvuTFez6YGeV+w4TOD4XosA=", + "owner": "compsoc1%2Fskynet", + "repo": "ldap%2Ffrontend", + "rev": "36c5e5bbae7adcc404bec6d643cae5fd8a6c87bb", + "type": "gitlab" }, "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/ldap_frontend" + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "ldap%2Ffrontend", + "type": "gitlab" } }, "skynet_website": { "inputs": { - "nixpkgs": "nixpkgs_15", + "nixpkgs": "nixpkgs_14", "utils": "utils_7" }, "locked": { - "lastModified": 1758195787, - "narHash": "sha256-YK5rEiaPqH19PPwMO/smF3SJDdEosGyqUQ8pDEmnfK8=", - "ref": "refs/heads/main", - "rev": "afd55717913278d4541ae0d21ca915a045423574", - "revCount": 31, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2023" + "host": "gitlab.skynet.ie", + "lastModified": 1707154174, + "narHash": "sha256-oUOD6aIy8KvIsiAWxLApPgAkigDZwp3xZ8bmhKoWszY=", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2023", + "rev": "c81db388fac570a8cb646391ea461b9e60282043", + "type": "gitlab" }, "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2023" - } - }, - "skynet_website_1996": { - "inputs": { - "nixpkgs": "nixpkgs_16", - "utils": "utils_8" - }, - "locked": { - "lastModified": 1744118392, - "narHash": "sha256-0W+9obJUFjArArqULQ8pqJuFN5cY5ir0yRZPfhReh8I=", - "ref": "refs/heads/main", - "rev": "19ec9fa4c4dafc68ce8b24653782598834a5405d", - "revCount": 13, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_1996" - }, - "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_1996" - } - }, - "skynet_website_2003": { - "inputs": { - "nixpkgs": "nixpkgs_17", - "utils": "utils_9" - }, - "locked": { - "lastModified": 1743721206, - "narHash": "sha256-n9JGscEsckoasfmvpWKJ0kifQp1KPw8MbWPHhmmkLCU=", - "ref": "refs/heads/main", - "rev": "855b4c7139caeb3c520d75c9a02393f74fdb3be1", - "revCount": 14, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2003" - }, - "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2003" - } - }, - "skynet_website_2006": { - "inputs": { - "nixpkgs": "nixpkgs_18", - "utils": "utils_10" - }, - "locked": { - "lastModified": 1743715699, - "narHash": "sha256-BgXlk7bT9q+cOE9u74ZfmqxxW0zIHZ/ebLyldO682Zg=", - "ref": "refs/heads/main", - "rev": "616040e0e7636c1e33a06262cc20fb1bf1fb61b6", - "revCount": 15, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2006" - }, - "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2006" + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2023", + "type": "gitlab" } }, "skynet_website_2016": { "inputs": { - "nixpkgs": "nixpkgs_19", - "utils": "utils_11" + "nixpkgs": "nixpkgs_15", + "utils": "utils_8" }, "locked": { - "lastModified": 1743722645, - "narHash": "sha256-uelPrPuv/Z3i4NZ01BlbAqmpB4IlA6zaFL4DlaDWHuo=", - "ref": "refs/heads/main", - "rev": "316da6b20fe26a6c4c751e74ee214a23265a8205", - "revCount": 18, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2016" + "host": "gitlab.skynet.ie", + "lastModified": 1690726067, + "narHash": "sha256-/BrljRmgR65bdqWgGBBWlTFiBzr0EBh1OeMlLj+xTg4=", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2016", + "rev": "63e0b33c5a48cbd4e68f23dde4987959b6c8e97e", + "type": "gitlab" }, "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2016" - } - }, - "skynet_website_2022": { - "inputs": { - "nixpkgs": "nixpkgs_20", - "utils": "utils_12" - }, - "locked": { - "lastModified": 1743727062, - "narHash": "sha256-myrgO0BU23zCD+mZnLfjmr/txjCWQizqlR72Hjv+E3s=", - "ref": "2022", - "rev": "687a0b1811987cfc27c2e6f5a625c4d59ef577c2", - "revCount": 30, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2023" - }, - "original": { - "ref": "2022", - "rev": "687a0b1811987cfc27c2e6f5a625c4d59ef577c2", - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2023" - } - }, - "skynet_website_2023": { - "inputs": { - "nixpkgs": "nixpkgs_21", - "utils": "utils_13" - }, - "locked": { - "lastModified": 1696876711, - "narHash": "sha256-WdZQBLTX6WK8iT7FwvD6sNEefGwtAWmzxZzCvvmDxGo=", - "ref": "main", - "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", - "revCount": 12, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2023" - }, - "original": { - "ref": "main", - "rev": "c4d61c753292bf73ed41b47b1607cfc92a82a191", - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2023" - } - }, - "skynet_website_2024": { - "inputs": { - "nixpkgs": "nixpkgs_22", - "utils": "utils_14" - }, - "locked": { - "lastModified": 1732375016, - "narHash": "sha256-Y+bJw85TNOp8N369OV0VrDdm3oDy8CXG+GUuG6pZjbo=", - "ref": "main", - "rev": "8987e33cb709e7f2c30017e77edf9161b87d9885", - "revCount": 29, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2023" - }, - "original": { - "ref": "main", - "rev": "8987e33cb709e7f2c30017e77edf9161b87d9885", - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_2023" + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "website%2F2016", + "type": "gitlab" } }, "skynet_website_games": { "inputs": { - "nixpkgs": "nixpkgs_23", - "utils": "utils_15" + "nixpkgs": "nixpkgs_16", + "utils": "utils_9" }, "locked": { - "lastModified": 1727122069, - "narHash": "sha256-GOPYcXDc+KN6LmxMqobFUOn6e9e0khBW3SrFLj6+2i4=", - "ref": "refs/heads/main", - "rev": "e6d9056653610ca12839ac6c6d699bb36e5fa6db", - "revCount": 12, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_games" + "host": "gitlab.skynet.ie", + "lastModified": 1708103254, + "narHash": "sha256-/1ElBw+oc1dzwgr7VVLkQFRITteckH1IwbZpgpz8Qvg=", + "owner": "compsoc1%2Fskynet", + "repo": "website%2Fgames.skynet.ie", + "rev": "f43a01ef62494cef3e7f1e86d8169867e2df136b", + "type": "gitlab" }, "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/website_games" + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "website%2Fgames.skynet.ie", + "type": "gitlab" } }, - "skynet_website_wiki": { + "skynet_website_renew": { "inputs": { - "alejandra": "alejandra_2", - "nixpkgs": "nixpkgs_25", - "utils": "utils_16" + "nixpkgs": "nixpkgs_17", + "utils": "utils_10" }, "locked": { - "lastModified": 1758635905, - "narHash": "sha256-PPqhD2RHUOwJrbey72H1wnmdpeELilwKlND4TR5qo2k=", - "ref": "refs/heads/main", - "rev": "eb1fc042b5d410b17dd63c492c03be78443ed07f", - "revCount": 167, - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/wiki" + "host": "gitlab.skynet.ie", + "lastModified": 1716848712, + "narHash": "sha256-0QOzHlYyuCxrsL4A+u5zW9BoV0pvmqDB681BVTxoD3c=", + "owner": "compsoc1%2Fskynet", + "repo": "website%2Falumni-renew", + "rev": "054b04f46285ef80a3d059253f1ed9e607b6fd46", + "type": "gitlab" }, "original": { - "type": "git", - "url": "https://forgejo.skynet.ie/Skynet/wiki" + "host": "gitlab.skynet.ie", + "owner": "compsoc1%2Fskynet", + "repo": "website%2Falumni-renew", + "type": "gitlab" } }, "stable": { "locked": { - "lastModified": 1730883749, - "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", + "lastModified": 1696039360, + "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", + "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-23.05", "repo": "nixpkgs", "type": "github" } @@ -1377,111 +1067,6 @@ "type": "github" } }, - "systems_12": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_13": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_14": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_15": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_16": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_17": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_18": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1622,97 +1207,7 @@ }, "utils_10": { "inputs": { - "systems": "systems_12" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_11": { - "inputs": { - "systems": "systems_13" - }, - "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_12": { - "inputs": { - "systems": "systems_14" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_13": { - "inputs": { - "systems": "systems_15" - }, - "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_14": { - "inputs": { - "systems": "systems_16" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_15": { - "inputs": { - "systems": "systems_17" + "systems": "systems_11" }, "locked": { "lastModified": 1694529238, @@ -1728,24 +1223,6 @@ "type": "github" } }, - "utils_16": { - "inputs": { - "systems": "systems_18" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "utils_2": { "inputs": { "systems": "systems_3" @@ -1765,15 +1242,12 @@ } }, "utils_3": { - "inputs": { - "systems": "systems_5" - }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", "type": "github" }, "original": { @@ -1784,14 +1258,14 @@ }, "utils_4": { "inputs": { - "systems": "systems_6" + "systems": "systems_5" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", "type": "github" }, "original": { @@ -1802,14 +1276,14 @@ }, "utils_5": { "inputs": { - "systems": "systems_7" + "systems": "systems_6" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1685518550, + "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", "type": "github" }, "original": { @@ -1820,7 +1294,7 @@ }, "utils_6": { "inputs": { - "systems": "systems_8" + "systems": "systems_7" }, "locked": { "lastModified": 1687171271, @@ -1838,14 +1312,14 @@ }, "utils_7": { "inputs": { - "systems": "systems_9" + "systems": "systems_8" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "type": "github" }, "original": { @@ -1856,14 +1330,14 @@ }, "utils_8": { "inputs": { - "systems": "systems_10" + "systems": "systems_9" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "type": "github" }, "original": { @@ -1874,14 +1348,14 @@ }, "utils_9": { "inputs": { - "systems": "systems_11" + "systems": "systems_10" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 3053145..d28548c 100644 --- a/flake.nix +++ b/flake.nix @@ -12,54 +12,75 @@ agenix.url = "github:ryantm/agenix"; arion.url = "github:hercules-ci/arion"; alejandra = { - url = "github:kamadorueda/alejandra"; + url = "github:kamadorueda/alejandra/3.0.0"; inputs.nixpkgs.follows = "nixpkgs"; }; colmena.url = "github:zhaofengli/colmena"; + attic.url = github:zhaofengli/attic; - # we host our own + # email + # simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; simple-nixos-mailserver = { inputs.nixpkgs.follows = "nixpkgs"; - url = "git+https://forgejo.skynet.ie/Skynet/misc_nixos-mailserver"; + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "misc%2Fnixos-mailserver"; }; - ###################### - ### skynet backend ### - ###################### - skynet_ldap_backend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_backend"; - # skynet_ldap_backend.url = "git+file:/_college/CompSoc/Skynet/ldap_backend?shallow=1"; - skynet_ldap_frontend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_frontend"; - skynet_website_wiki.url = "git+https://forgejo.skynet.ie/Skynet/wiki"; - skynet_website_games.url = "git+https://forgejo.skynet.ie/Skynet/website_games"; - skynet_discord_bot.url = "git+https://forgejo.skynet.ie/Skynet/discord-bot"; - skynet_discord_bot_t-800.url = "git+https://forgejo.skynet.ie/Skynet/discord-bot-t-800"; - # for testing a local build - # skynet_discord_bot.url = "git+file:/_college/CompSoc/Skynet/discord_bot?shallow=1"; - - ##################### - ### compsoc stuff ### - ##################### - compsoc_public.url = "git+https://forgejo.skynet.ie/Computer_Society/presentations_compsoc"; - - ################# - ### skynet.ie ### - ################# - - # this should always point to teh current website - skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2023"; - - # past versions of the current website - skynet_website_2024.url = "git+https://forgejo.skynet.ie/Skynet/website_2023?ref=main&rev=8987e33cb709e7f2c30017e77edf9161b87d9885"; - skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2023?ref=main&rev=c4d61c753292bf73ed41b47b1607cfc92a82a191"; - skynet_website_2022.url = "git+https://forgejo.skynet.ie/Skynet/website_2023?ref=2022&rev=687a0b1811987cfc27c2e6f5a625c4d59ef577c2"; - - skynet_website_2016.url = "git+https://forgejo.skynet.ie/Skynet/website_2016"; - skynet_website_2006.url = "git+https://forgejo.skynet.ie/Skynet/website_2006"; - skynet_website_2003.url = "git+https://forgejo.skynet.ie/Skynet/website_2003"; - skynet_website_1996.url = "git+https://forgejo.skynet.ie/Skynet/website_1996"; + # account.skynet.ie + skynet_ldap_backend = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "ldap%2Fbackend"; + }; + skynet_ldap_frontend = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "ldap%2Ffrontend"; + }; + skynet_website = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "website%2F2023"; + }; + skynet_website_2016 = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "website%2F2016"; + }; + skynet_website_renew = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "website%2Falumni-renew"; + }; + skynet_website_games = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "website%2Fgames.skynet.ie"; + }; + skynet_discord_bot = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fskynet"; + repo = "discord-bot"; + }; + compsoc_public = { + type = "gitlab"; + host = "gitlab.skynet.ie"; + owner = "compsoc1%2Fcompsoc"; + repo = "presentations%2Fpresentations"; + }; }; nixConfig = { + bash-prompt-suffix = "[Skynet Dev] "; extra-substituters = "https://nix-cache.skynet.ie/skynet-cache"; extra-trusted-public-keys = "skynet-cache:zMFLzcRZPhUpjXUy8SF8Cf7KGAZwo98SKrzeXvdWABo="; }; @@ -77,7 +98,7 @@ formatter.x86_64-linux = alejandra.defaultPackage."x86_64-linux"; devShells.x86_64-linux.default = pkgs.mkShell { - name = "Skynet"; + name = "Skynet build env"; nativeBuildInputs = [ pkgs.buildPackages.git colmena.defaultPackage."x86_64-linux" @@ -85,28 +106,17 @@ pkgs.buildPackages.nmap ]; buildInputs = [agenix.packages.x86_64-linux.default]; - shellHook = ''export PROMPT_DIRTRIM=3; export PS1="[Skynet] \w:\$ "''; + shellHook = ''export EDITOR="${pkgs.nano}/bin/nano --nonewlines"; unset LD_LIBRARY_PATH;''; }; colmena = { meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; - overlays = [ - (final: prev: { - inherit - (final.lixPackageSets.stable) - nixpkgs-review - nix-direnv - nix-eval-jobs - nix-fast-build - colmena - ; - }) - ]; + overlays = []; }; specialArgs = { - inherit inputs self; + inherit inputs; }; }; @@ -155,14 +165,7 @@ # Public Services calculon = import ./machines/calculon.nix; - # metrics - ariia = import ./machines/ariia.nix; - - # games server - panel - optimus = import ./machines/optimus.nix; - - # games server - host - bumblebee = import ./machines/bumblebee.nix; + deepthought = import ./machines/deepthought.nix; }; }; } diff --git a/machines/_base.nix b/machines/_base.nix index a8f53ff..5972e49 100644 --- a/machines/_base.nix +++ b/machines/_base.nix @@ -11,14 +11,30 @@ with lib; let cfg = config.skynet; in { imports = [ - # This is required for LXC to function properly - (modulesPath + "/virtualisation/proxmox-lxc.nix") + # custom lxc mocule until the patch gets merged in + ../applications/proxmox-lxc.nix + # (modulesPath + "/virtualisation/proxmox-lxc.nix") # for the secrets inputs.agenix.nixosModules.default - # base application config for all servers + # base config for all servers ../applications/_base.nix + + # every sever may need the firewall config stuff + ../applications/firewall.nix + + # every sever needs to have a dns record + ../applications/dns.nix + + # every server needs teh ldap client for admins + ../applications/ldap/client.nix + + # every server will need the config to backup to + ../applications/restic.nix + + # every server will be monitored for grafana + ../applications/prometheus.nix ]; options.skynet = { @@ -32,13 +48,7 @@ in { config = { # if its a lxc enable - proxmoxLXC = { - enable = cfg.lxc; - manageNetwork = true; - manageHostName = true; - }; - - age.secrets.root_pw.file = ../secrets/base/root_pass.age; + proxmoxLXC.enable = cfg.lxc; nix = { settings = { @@ -57,10 +67,10 @@ in { # options = "--delete-older-than 30d"; # }; - # to free up to 100GiB whenever there is less than 1GiB left + # to free up to 10GiB whenever there is less than 1GiB left extraOptions = '' - min-free = ${toString (1024 * 1024 * 1024 * 1)} - max-free = ${toString (1024 * 1024 * 1024 * 100)} + min-free = ${toString (1024 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024 * 10)} ''; }; @@ -71,29 +81,23 @@ in { settings.PermitRootLogin = "prohibit-password"; }; - users = { - mutableUsers = false; + users.users.root = { + initialHashedPassword = ""; - users.root = { - hashedPasswordFile = config.age.secrets.root_pw.path; + openssh.authorizedKeys.keys = [ + # no obligation to have name attached to keys - openssh.authorizedKeys.keys = [ - # no obligation to have name attached to keys + # Root account + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin" - # Root account - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin" + # CI/CD key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDvexq/JjsMqL0G5P38klzoOkHs3IRyXYO1luEJuB5R colmena_key" - # CI/CD key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDvexq/JjsMqL0G5P38klzoOkHs3IRyXYO1luEJuB5R colmena_key" + # Brendan Golden + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb" - # Brendan Golden - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDxHpsApRyCvuP2ToGm46G308Og8lO7BYPuz+EqHVU5w esy root" - ]; - }; + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer" + ]; }; # skynet-admin-linux will always be added, individual servers can override the groups option @@ -103,8 +107,6 @@ in { # every sever needs to be accessable over ssh for admin use at least firewall.allowedTCPPorts = [22]; - resolvconf.useLocalResolver = false; - resolvconf.extraConfig = "name_servers='193.1.99.120 193.1.99.109'"; # explisitly stating this is good defaultGateway = { address = "193.1.99.65"; @@ -130,21 +132,19 @@ in { # https://discourse.nixos.org/t/systemd-networkd-wait-online-934764-timeout-occurred-while-waiting-for-network-connectivity/33656/9 systemd.network.wait-online.enable = false; - environment.systemPackages = with pkgs; [ + environment.systemPackages = [ # for flakes - git - git-lfs + pkgs.git # useful tools - ncdu_2 - htop - nano - nmap - bind - zip - traceroute - openldap - screen - inetutils + pkgs.ncdu_2 + pkgs.htop + pkgs.nano + pkgs.nmap + pkgs.bind + pkgs.zip + pkgs.traceroute + pkgs.openldap + pkgs.screen ]; }; } diff --git a/machines/_template.nix b/machines/_template.nix deleted file mode 100644 index 36a1189..0000000 --- a/machines/_template.nix +++ /dev/null @@ -1,56 +0,0 @@ -/* -Name: Link to where information on the name can be found -Why: Why is it named this -Type: VM/Physical -Hardware: - if its a VM, the hardware (PowerEdge r210) if its physical -From: 2023/2024/2025/... -Role: What role does it have in teh cluster -Notes: -*/ -{ - pkgs, - lib, - nodes, - ... -}: let - # name of the server, sets teh hostname and record for it - name = "name"; - # Assigned IP address - ip_pub = "193.1.99.000"; - - # dont need to change these - hostname = "${name}.skynet.ie"; - host = { - ip = ip_pub; - name = name; - hostname = hostname; - }; -in { - # what configurrations to import, email in this example - imports = [ - ../applications/email.nix - ]; - - deployment = { - # dont need to change these - targetHost = hostname; - targetPort = 22; - targetUser = null; - - # deployment option: active-dns/active-core/active-ext/active - tags = [ - "active" - ]; - }; - - services.skynet = { - # pass in the details of the host server - host = host; - - # enable the backup service - backup.enable = true; - - # enable the imported service - email.enable = true; - }; -} diff --git a/machines/agentjones.nix b/machines/agentjones.nix index f661104..1fb3c4e 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -21,7 +21,6 @@ Notes: Used to have Agent Smith as a partner but it died (Ironically) ip = ip_pub; name = name; hostname = hostname; - interface = "eno1"; }; in { imports = [ @@ -45,6 +44,19 @@ in { # keep the wired usb connection alive (front panel) # networking.interfaces.enp0s29u1u5u2.useDHCP = true; + networking.hostName = name; + # this has to be defined for any physical servers + # vms are defined by teh vm host + networking = { + defaultGateway.interface = lib.mkForce "eno1"; + interfaces.eno1.ipv4.addresses = [ + { + address = ip_pub; + prefixLength = 26; + } + ]; + }; + # this server is teh firewall skynet_firewall = { # always good to know oneself diff --git a/machines/ariia.nix b/machines/ariia.nix deleted file mode 100644 index 724d115..0000000 --- a/machines/ariia.nix +++ /dev/null @@ -1,49 +0,0 @@ -/* - -Name: https://en.wikipedia.org/wiki/Eagle_Eye -Why: ARIIA - Autonomous Reconnaissance Intelligence Integration Analyst -Type: VM -Hardware: - -From: 2024 -Role: Metrics gathering and Analysis -Notes: -*/ -{ - config, - pkgs, - lib, - nodes, - ... -}: let - # name of the server, sets teh hostname and record for it - name = "ariia"; - ip_pub = "193.1.99.83"; - hostname = "${name}.skynet.ie"; - host = { - ip = ip_pub; - name = name; - hostname = hostname; - }; -in { - imports = [ - ../applications/grafana.nix - ]; - - deployment = { - targetHost = hostname; - targetPort = 22; - targetUser = null; - - tags = [ - # "active-core" - ]; - }; - - services.skynet = { - host = host; - backup.enable = true; - - prometheus.server.enable = true; - grafana.enable = true; - }; -} diff --git a/machines/bumblebee.nix b/machines/bumblebee.nix deleted file mode 100644 index e8e7a40..0000000 --- a/machines/bumblebee.nix +++ /dev/null @@ -1,51 +0,0 @@ -/* - -Name: https://en.wikipedia.org/wiki/Bumblebee_(Transformers) -Why: Created to sell toys so this vm is for games -Type: VM -Hardware: - -From: 2024 -Role: Game host -Notes: -*/ -{ - pkgs, - lib, - nodes, - arion, - ... -}: let - # name of the server, sets teh hostname and record for it - name = "bumblebee"; - ip_pub = "193.1.99.91"; - hostname = "${name}.skynet.ie"; - host = { - ip = ip_pub; - name = name; - hostname = hostname; - }; -in { - imports = [ - ../applications/pelican/pelican.nix - ../applications/games/minecraft.nix - ]; - - deployment = { - targetHost = hostname; - targetPort = 22; - targetUser = null; - - tags = ["active"]; - }; - - services.skynet = { - host = host; - backup.enable = true; - pelican = { - wing = { - enable = true; - node_name = "node01"; - }; - }; - }; -} diff --git a/machines/deepthought.nix b/machines/deepthought.nix new file mode 100644 index 0000000..fb2cfc5 --- /dev/null +++ b/machines/deepthought.nix @@ -0,0 +1,42 @@ +/* + +Name: https://hitchhikers.fandom.com/wiki/Deep_Thought +Why: Our home(page) +Type: VM +Hardware: - +From: 2023 +Role: Public Backup +Notes: +*/ +{ + pkgs, + lib, + nodes, + inputs, + ... +}: let + name = "deepthought"; + ip_pub = "193.1.99.112"; + hostname = "${name}.skynet.ie"; + host = { + ip = ip_pub; + name = name; + hostname = hostname; + }; +in { + imports = [ + ]; + + deployment = { + targetHost = ip_pub; + targetPort = 22; + targetUser = null; + + tags = ["active-core"]; + }; + + services.skynet = { + host = host; + backup.nuked.enable = true; + }; +} diff --git a/machines/earth.nix b/machines/earth.nix index fadcef1..9106027 100644 --- a/machines/earth.nix +++ b/machines/earth.nix @@ -25,8 +25,7 @@ Notes: }; in { imports = [ - ../applications/skynet.ie/skynet.ie.nix - ../applications/skynet.ie/wiki.nix + ../applications/skynet.ie.nix ]; deployment = { @@ -41,6 +40,5 @@ in { host = host; backup.enable = true; website.enable = true; - wiki.enable = true; }; } diff --git a/machines/glados.nix b/machines/glados.nix index c5be714..a745ee6 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -26,8 +26,7 @@ Notes: Each user has roughly 20gb os storage }; in { imports = [ - ../applications/git/forgejo.nix - ../applications/git/forgejo_runner.nix + ../applications/gitlab.nix ]; deployment = { @@ -35,16 +34,12 @@ in { targetPort = 22; targetUser = null; - tags = ["active-git"]; + tags = ["active-gitlab"]; }; services.skynet = { host = host; backup.enable = true; - forgejo.enable = true; - forgejo_runner = { - enable = true; - secret = ../secrets/forgejo/runners/token2.age; - }; + gitlab.enable = true; }; } diff --git a/machines/kitt.nix b/machines/kitt.nix index 35600c8..54474c9 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -29,10 +29,10 @@ in { ../applications/ldap/server.nix ../applications/ldap/backend.nix ../applications/discord.nix - ../applications/discord_t-800.nix ../applications/bitwarden/vaultwarden.nix ../applications/bitwarden/bitwarden_sync.nix - ../applications/sso.nix + ../applications/grafana.nix + ../applications/prometheus.nix ]; deployment = { @@ -54,12 +54,9 @@ in { # private member services discord_bot.enable = true; - # for logging on our own discord - discord_bot_t-800.enable = true; - # committee/admin services vaultwarden.enable = true; - - sso.enable = true; + prometheus.server.enable = true; + grafana.enable = true; }; } diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index ed49d06..6e2cbd9 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -22,13 +22,25 @@ Notes: ip = ip_pub; name = name; hostname = hostname; - interface = "eno1"; }; in { imports = [ ./hardware/RM007.nix ]; + networking.hostName = name; + # this has to be defined for any physical servers + # vms are defined by teh vm host + networking = { + defaultGateway.interface = lib.mkForce "eno1"; + interfaces.eno1.ipv4.addresses = [ + { + address = ip_pub; + prefixLength = 26; + } + ]; + }; + deployment = { targetHost = hostname; targetPort = 22; diff --git a/machines/retired/ash.nix b/machines/retired/ash.nix index a350975..b16fc39 100644 --- a/machines/retired/ash.nix +++ b/machines/retired/ash.nix @@ -22,6 +22,9 @@ Notes: Thius vpn is for admin use only, to give access to all the servers via hostname = ip_pub; in { imports = [ + # applications for this particular server + ../applications/firewall.nix + ../applications/dns.nix ]; deployment = { diff --git a/machines/optimus.nix b/machines/retired/optimus.nix similarity index 84% rename from machines/optimus.nix rename to machines/retired/optimus.nix index 40c6e85..6f36726 100644 --- a/machines/optimus.nix +++ b/machines/retired/optimus.nix @@ -17,7 +17,7 @@ Notes: }: let # name of the server, sets teh hostname and record for it name = "optimus"; - ip_pub = "193.1.99.90"; + ip_pub = "193.1.99.112"; hostname = "${name}.skynet.ie"; host = { ip = ip_pub; @@ -26,7 +26,7 @@ Notes: }; in { imports = [ - ../applications/pelican/pelican.nix + ../applications/games.nix ]; deployment = { @@ -40,8 +40,6 @@ in { services.skynet = { host = host; backup.enable = true; - pelican = { - panel.enable = true; - }; + games.enable = true; }; } diff --git a/machines/skynet.nix b/machines/skynet.nix index 546596e..720e9a3 100644 --- a/machines/skynet.nix +++ b/machines/skynet.nix @@ -23,8 +23,6 @@ Notes: Does not host offical sites ip = ip_pub; name = name; hostname = hostname; - interface = "eth1"; - cidr = 28; }; in { imports = [ diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 3244ba6..3cff501 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -22,14 +22,14 @@ Notes: Using the server that used to be called Earth ip = ip_pub; name = name; hostname = hostname; - # only required for physical servers - interface = "eno1"; }; in { imports = [ ./hardware/RM002.nix ]; + networking.hostName = name; + deployment = { targetHost = ip_pub; targetPort = 22; @@ -38,6 +38,18 @@ in { tags = ["active-dns" "dns"]; }; + networking = { + # needs to have an address statically assigned + + defaultGateway.interface = lib.mkForce "eno1"; + interfaces.eno1.ipv4.addresses = [ + { + address = "193.1.99.120"; + prefixLength = 26; + } + ]; + }; + services.skynet = { host = host; backup.enable = true; diff --git a/machines/wheatly.nix b/machines/wheatly.nix index cb9cdb6..308bef9 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -25,7 +25,7 @@ Notes: }; in { imports = [ - ../applications/git/forgejo_runner.nix + ../applications/gitlab_runner.nix ]; deployment = { @@ -33,15 +33,16 @@ in { targetPort = 22; targetUser = null; - tags = ["active-git"]; + tags = ["active-gitlab"]; }; services.skynet = { host = host; backup.enable = true; - forgejo_runner = { + + gitlab_runner = { enable = true; - secret = ../secrets/forgejo/runners/token1.age; + runner.name = "runner01"; }; }; } diff --git a/.mailmap b/mailmap similarity index 100% rename from .mailmap rename to mailmap diff --git a/secrets/backup/nuked.age b/secrets/backup/nuked.age new file mode 100644 index 0000000..3a88865 --- /dev/null +++ b/secrets/backup/nuked.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA dgJJTGIzBXLeK17bfgeYeXXN5YrByBOTbhyIkx+Z2TI +zgujS6RYpXEzbUYZc1DRz0RlWAGurFNzAJnE4j4zhjY +-> ssh-ed25519 4PzZog U7EUVcL+2Acv3mBpz88t2ZwVJm4YyNlwXzXpSkZfjk8 +LKQqiFcJ3pIWJG5DSbBbcEzg0dIPFOfiwcKCuR2zfhA +-> ssh-ed25519 5Nd93w Rsjby+9wJr4PnaixDgUk32319SnfJCxgnC8fQ9Gc0yM +7jmxPtgrIZ9ZF5c04bMzgYBLLPoqKFfwmU/qG6hF+9s +-> ssh-ed25519 q8eJgg p5+dL0VBijPOTihOZuDQdE/yLQA+BHlEVSq12gRaizw +MzQcGLTaUhgarzvJ7h/XfHIyPUb+i6YkbgkbvhOONEo +-> ssh-ed25519 KVr8rw W9+d0ot3036q0YPNYaY1MS/4EiTU0MnLmq56dvUamE0 +wuIORoGvEG8lqrirf07ycIHawiw/DsjvTUwZrIEjSjk +-> ssh-ed25519 fia1eQ c5cadKGZlONyUKivzegA+swGqgpb8oLDe5bk7Sb8XBI +NNrb+ezMjYuKkaDUGumflNYrKPzxnPULoMslxH5/bFI +-> ssh-ed25519 DVzSig 6uvtkJC55iEwnCPZGAqMrLzW+IuHX9YDhtCX3eHtxkA +JNmstGPHqh2if+C4j1S19v2bCpbib+Wthp/OCusCSc8 +--- teGaaxnvHxEkKCtyNsBV/yhl3Ohn9BD3nfjl6jq3OcM +b_^aX&6LFo8˘C.~k3;1 Id* Vσj?Dd%bu^a"Q2 ssh-ed25519 V1pwNA kWC0Tr0nlHEelEzS9xAzZ5UwI1vTgeaBS+zQJCxHe1A -dcVKgK28SA4abje/xfC2bqlDzrkThJh0hpsyCtfGPDM --> ssh-ed25519 4PzZog H/hrMeDv4EmuSvR79vX7spZyF6t506ZKVHWHl4HN1wQ -E4+skv4K1fTqG1cIbRqRr89Ti6D78wxEzap3Sl0UZU8 --> ssh-ed25519 dA0vRg SgmoRqftGwIG34Py02bfdEv2HlI6fPBiKmcBmz2VaiI -DKzlODXbQf9xzUzJHlwtIZbGw3qG2ApfssEF1/nZe+Q --> ssh-ed25519 5Nd93w Q8fxVcYwxbeXJzpKCOWH4/D3t8bWSUm9E4spASzIKnQ -80fe2FiI+5OTojxu32OfFJwS3l/cMPr+5tErOr5wmcM --> ssh-ed25519 q8eJgg zgw/JH1HOdTE38Cr/61gcGo6OruuFUCAUJ4wmNHSXWs -l7ta9JGOwCZCjnfui2Zo3PVF+Ge/UoPL0xm5lZ0GGF8 --> ssh-ed25519 KVr8rw CcJymhaWM76X91C0ECPlZqaN2IARwxo1WMZRmlevnzA -syAw8YySWxtDonZ5txKVNynCdziInCzy4u5kv6mH8PU --> ssh-ed25519 fia1eQ 0ocrOjhQ+CEJK8Li3rDegYkMXkBpjAAStjgvVHGQx3Q -YORVM3sEbE6PLVuwfMkxe9gYqTVVT7DGoG+kQcxaPiQ --> ssh-ed25519 Km71ZA 9W2stpyr/9osFppfqBDjeDzZ6ltU+spmBoeWJ+I8sys -C6DGgwvbwW0r1E3L6o7LUOnPo/n8Sl8tGzm3NlsXGcw --> ssh-ed25519 3pl/Kw pm1noozCEdPbd4f8rkSD/gicvfWTEN1kvYp7TLb68Uo -VH2XUbhIf4nYTmp6rkGt99RcI2xxa7F9QXmDp88r1CY ---- lNlQ5pwix455easITfJ8dztlPYg8Pi77sbAsOQF19dI -#@3|K%kxL,5x/QTbz j.7-]2b_>NJam^ C]Vvh|D̀" \ No newline at end of file +-> ssh-ed25519 V1pwNA Q6fzzE0ZuVtBGR3fFnmw45hrQU/vKj2y2aEzYA2cvAs +c0A5Ieu188qIE3QKvC+6DqjDxAC4HqfBUbPu3m72NTA +-> ssh-ed25519 4PzZog AzQaulqa+X3fxgk/sP5jjFfPGAPMzGlbacGIQdKpSxs +d5OgkPftJ8wqrMlfGcxLld+DWVQ58/SvXGOmPj79SUQ +-> ssh-ed25519 5Nd93w u+Fu4cNNKnHht6Gj8NgCK96U8SL4h+hFv9SZ+DSMrGg +zy6Jf8ZBInhOVDuFuFAZso6KJl8gLlklqWCayPqb14w +-> ssh-ed25519 q8eJgg s6jAIb95QqWDKGEx2lbnJruSfp6mgERcI2SzTip+Gnw +IHPOcqeagr79owKNqyk9dLjz5Qz1fQ1A/vOxt+NPlu4 +-> ssh-ed25519 KVr8rw VO/YREcq6mknjN2JdAr3GWg91Hml4k1Ojx1tUMXAXks +1BhUi7kRCZV+c9TROQIFeNt2WSL9Xa14J40vo/qyJ70 +-> ssh-ed25519 fia1eQ w6T0/iajXe7pgvX75tm/94HueS6OlKlXAo3IgIIlcm0 +Cun2Xmb7fbXCg18lLmsdhqViEG8lqOAGGoghJlvunu0 +-> ssh-ed25519 3pl/Kw cpVAh+pifXN3ohww8TqmyCrCRWU06OAPPdLX/5DBUwo ++GQ7xCXSJp6nwGymXD+9AqeZC7ScJl4a/A/2XWQzKbA +--- GhvvZMgI8VzeGNtLQ+EUIPYpR6EgLpxiuxn9Upu6o7g +KihPSd~p{%Pbc'tk?[e0b +銐{ &$tW."Xf\-vIL{]1;U \ No newline at end of file diff --git a/secrets/base/root_pass.age b/secrets/base/root_pass.age deleted file mode 100644 index 9269768..0000000 Binary files a/secrets/base/root_pass.age and /dev/null differ diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age index 173c7e3..9cf7d05 100644 Binary files a/secrets/bitwarden/details.age and b/secrets/bitwarden/details.age differ diff --git a/secrets/bitwarden/id.age b/secrets/bitwarden/id.age index a2c3bc7..80ce23a 100644 --- a/secrets/bitwarden/id.age +++ b/secrets/bitwarden/id.age @@ -1,21 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 79HhvqifubFk4bhlUPgKbgSplC41o8/uZV27eaeM0SA -mSJ2rkmOlgXyQAXj6pbFoajxCwPzKDBUWRPXqvHrW+8 --> ssh-ed25519 4PzZog w+6c3JxUfEkgvDz7pq+451XSGC64TCNWau9zOGajpjQ -mEdXqG+GpaYVj6ICYPkCyA9ZRNmMtNsxWNeOpYOhkF0 --> ssh-ed25519 dA0vRg Iy3bkGWSkMvk3wH05ETCFqZzUIc835XyJGHXlfmG2VI -ShexjmkSwsEgHR3uj+sftcB49zbp2z40Mi7NN7VYcII --> ssh-ed25519 5Nd93w TM6CtcmxkTqQTP5UVD/1HPijQhMQsYdPrknDREwxtFw -+ld4GvbKQSKAUwMYzDSxtZqiN3OdnWlszYVzOrMbU0Q --> ssh-ed25519 q8eJgg UgE7W6Lf/jdlSs2TpZNX2wRTY3iwQ1MzZE7zAN5Abz0 -oYf9iiAeoVg4RLYWEvw5xyGevxYQiiqELw/NLiBCZWI --> ssh-ed25519 KVr8rw ZtAdKYXNsNCo7MzfBlQrax/sWItsFQtEo/tESJaviXs -Njql6s/+QtIbBmsbMYllDxodpIaBnRaMoojap4jUVwQ --> ssh-ed25519 fia1eQ nIgFm64i5MPK/GvKl35nnXOO4hoD6+mFzJsFeB/6ICw -bJoDOMX3ek/5lVLeI1v99C24l4EwFcXIFAAlTMJb+Co --> ssh-ed25519 Km71ZA sTHVMQlRs5/xewuUa6yFjuqCEqmWlekSwab0z4OWJRc -ExJw8np5XfBSSLo4cwwYoDoi/GxSGKkTn5rcKdMmI34 --> ssh-ed25519 IzAMqA N6d6EYxr2LUzuHrH83h06JE5MGPcqdAMixJH3GZed0Q -+dE0EBX7jPvMv2qMI3mIuiM9TrhFYQwwC/+Ta+DiCNY ---- g8A4+bzRE56xnD8tVagvXopX6VlcS5iJcOcKTxC0ZGk -K!'_*VEJɇ?{&\AurAXwgzƠXÚzؤeN0&ɵ$$&Ɉ: \ No newline at end of file +-> ssh-ed25519 V1pwNA abYqfp05DkkiK7wdTOn+E9+FU9iX8y/UcoVNUJQ1wwQ +BLIH6HkjumaaeKntAMm5BXC4ADfqLRh3vsq26gVB470 +-> ssh-ed25519 4PzZog gNCidb7IlrQLJah7iqpLKLFzlhe/4RLk5hexSq96My0 +ynnNvbbit8U8CNel3cBEeel006ftNPArV+oAFNdmv/4 +-> ssh-ed25519 5Nd93w YnGe4yzhVDQD1z7Mq58KgnF2GJjkBLyiOZBmCygazRU +dZg81Rb+XSoeho2Xbth+pIza+6F4TbAuN6s5BbP1OLM +-> ssh-ed25519 q8eJgg H9L5QhInkMWBndRYQHIQTmuMVBrMtaXqCrpEXV/hpBE +QL24qbdGbfdmv2bgS1uYjRHB5fKPrfmbmMidjI9dEIg +-> ssh-ed25519 KVr8rw GqmHdNfgOFKcZ6+zxKDWg/ImAVEXHTSpzDmBe8f/vmo +4u2ek5DHeDuBizYx0nRee02Gf6492fjWM8U7/HL2XwQ +-> ssh-ed25519 fia1eQ zYA2FI8k6675UAQn1AlwWzPV5e52dAmv/ESDFMmSQlA +rup+vtydMspXXeQQ9In4s0HQnBNY4IvqRIlIdKPVaZk +-> ssh-ed25519 IzAMqA QOiOSUOx76IICb8rSo0OxTtyZnyyA8nZ/pvuDZcVfUI +vDUSgB6dfzKNIpA4/0PbvJ/KzcVgW9l5KqqV6rKbyhM +--- 7Lo9nyTOtFbzsGyr/5Kanvj+yoszus8bUMWquX2rG90 +4+ Q͖BFY2$8sфq.Uȏ5QyKog8^h.=柳E \ No newline at end of file diff --git a/secrets/bitwarden/secret.age b/secrets/bitwarden/secret.age index 2b24b47..cfdd6e4 100644 Binary files a/secrets/bitwarden/secret.age and b/secrets/bitwarden/secret.age differ diff --git a/secrets/discord/ldap.age b/secrets/discord/ldap.age index fff7875..a72d82c 100644 --- a/secrets/discord/ldap.age +++ b/secrets/discord/ldap.age @@ -1,26 +1,23 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA 6NKUbOSUbwVjzW/ZUpl8qEiUTTegFlji4+tVJyqY3SE -fRQvaKnLMkVBboTEriQpWlGY9VBAP3ppsEbAB2QTScs --> ssh-ed25519 4PzZog mp/+b5LpB+DvRduqAZiKWqkZq6+tlyQgVTZz7Oge2Us -OycqmZyDr3levWSfRFxypJOkITLDix0Q15Todya6BNc --> ssh-ed25519 dA0vRg yp/4LvS9DbdatHFWFsP5qhH8CP8Bs0IjVSenUtG4+Xs -hHiJEtl1ffYXltsJzuEMLGUl2i/i3pFzv4bjbx/cbOI --> ssh-ed25519 5Nd93w BTngmy4NGLGKhC8lPos63QEVBKoQT82KswQ22EypcQQ -OCnJMkOwwXQVbtCitUizXM4nynC6a1tiPSkm7MxulWA --> ssh-ed25519 q8eJgg NaEjVcDBVICRgXuJchEdE4vg3qmkNmJAbDDxLq1fX0M -YFwUmEPwJIik5YJ2SV5IAmqGlY+h24voJJlrBaoCBwA --> ssh-ed25519 KVr8rw ZnyVITZFkuozEs/rbTdxXDQNS3Nggo+JkBL1Icht2SM -B4jVVts5lK1kIlOWMl0eiN7TpsTeJZWIu7NqildxeGE --> ssh-ed25519 fia1eQ kvzARRScl/eypC2a5cY66sXcH+TZqz4sYg4W/k9iJxQ -Ga+4TVvXiQ6i5/+fgUQ3E5tJiLqdBsEsXjenXEpRV/A --> ssh-ed25519 IzAMqA 5sizvlhLhAhAR1bViHJtRJ8fAIO56TAuLVSOwE177QE -b9oJ8BC2xiBjvc3D0H0EF7bSNDlpvIidyBCTf04ndJI --> ssh-ed25519 uZzB3g g9y66zNmQbqP6Rbhg2t06W3YOgy8DkRvJZbWVegT71s -2dH7E76tDMrWQJbLPefyORP66iaPHQnSjwu8NCdSyJo --> ssh-ed25519 Hb0ipQ azOzBLXfshInlFVpV0PzIBidL/VzA/+kKRXFFVD6ZF4 -iXBF/Wcv4KWo5qUXUlyimuo0l6aClKxOCtkm3MxAIBc --> ssh-ed25519 IzAMqA EWitYyV8RsPIB6HEFE2OI/C1zcC6WfBEeDI62rGVmkk -Bk9tdSqIjLjat21J2LM8RXAt9GwdQxYdfPzqDtCjunE ---- waY7j+HMEOdqEZs/TcLEhUY9gJs6ZSc51VNfuCmCxJ4 -;d9Avnq<;TB؇$Gvh -\^l֯`?l au~Чy[juv;]!6XIs4nj!@|">e[VV,58Nh[״ZD,z&I>|zm \ No newline at end of file +-> ssh-ed25519 V1pwNA FJbuXA9iZkVimh/bRdl2MnswKZpHkF6HmIqG/cmE62s +2vP3FNg2f1ijAMwWGcLa7aZQD7/Tq8iXwf6+/bMEgb8 +-> ssh-ed25519 4PzZog 75e7m7A1i4/XjB+b9OozGjKttQ3VzJuoNwKV6z1xYB4 +9/czRQ3V/Kb/8p9h3cdiXXbNBECeZfLLEWg8gR+WBE4 +-> ssh-ed25519 5Nd93w Kier0iAHycxtmgq9n5Mq/eLR2akqKB2Z/JBA2ACjaE8 +HokkZ2jHa7DV6KqODEH5rF+YprwNwBIjLLFGbfXdkrc +-> ssh-ed25519 q8eJgg cFNBrJQ1R4tDi4HTI/1lGEy44cjCDpnUXGYsXQ4daA4 +GPJ3fX/AxxhUjvfnAJNREQDEGp/Bz4zvfiTWHD5bwMI +-> ssh-ed25519 KVr8rw hzHh/c9qM7v7eFFpvD/uvCcDD12kSaTabVVA8CKosgI +3bwDd/aWeYWmYf8b2ko4N37XXgTP5LeP98qYXSlaxwM +-> ssh-ed25519 fia1eQ gol262stWS/VMaXgAJNC/VK5QkNb/UHN8X2khm3PHFQ +3eBj1/cUkTSNBGANSYp6S7IvMU+8dKKEtZxqo7kMzxY +-> ssh-ed25519 IzAMqA Z70Jqsw7IR9vk4uLef56F1+YCQtK2YvDC950d+WVNHk +nXqGHPrbh3VS2DMToRKs9FxBsn8PftR6HTkeA2KXRLU +-> ssh-ed25519 uZzB3g Zrc8idjRB+ZPHq9ScsCnXDqipGM83pio/V8mO6YYa0I +JFVQ8V3Jkn8vxklAZzwGpmOcaKUd8QBDFO/+gAyb3Ug +-> ssh-ed25519 Hb0ipQ Yhn/pwNTNmMdW3L2RV2MJECEYRlAzNTYztcA5MfRCjk +S3rkfwU9Nln8WFPSr102lX+H96wnHWVZa6z8upTRgvk +-> ssh-ed25519 IzAMqA 8SVaC/2C2+xmeCP07Mu+/xGFSB1UXrIlVJ/i8YfQXUU +y4mt/hZRuc0+5OXFs3VjYH/Q/nEACAd30YlyUyNzSqw +--- M8Emn3XUVeSu5qTgSbR7/93DjFawmR5iZ2qxQEJ9gd0 +zg*Fx?7,a1'ܥtmR t[VFl=+Mm᜴j;ĔFy6O\ӬҪo=UG#%{o ssh-ed25519 V1pwNA sW9NG3ZnVZ7XN4iMceA+WNwEmGp5mB8fYRML4JMxTx4 -Ugwsmg4yXfq9YH99RoV2MymOyhHn+WEFbhSq3jOS+Jk --> ssh-ed25519 4PzZog ncbPVDYkLeBV89U+YKVSGRyNDIdLDuN/YV9AiGcYfkY -rifseFii9IZI6t2cDfhi1GXQQRngI8IM+3H8znbMA/0 --> ssh-ed25519 dA0vRg ZU44BDl8VU2ri+qNYEEj8GF4x4gGUQPnr6YlFA5itGk -zV29wfmrtyxEU1JFEm5P7pfkWwzmNpXflfLRsyZ3vCA --> ssh-ed25519 5Nd93w BCqKxqNscTU2iEm4h/78KCzMjRWtHlO3rwZZjq2lJFQ -Y9yLQ33RvcO1g3a1q3w47Y0kgg1NZpdlYk34LrZ69mw --> ssh-ed25519 q8eJgg lWbDTedbgvxvGpMPDWdrghAKO3duh85kaOR+7xsPd3E -MzwcVM+gzJ/IApGVZNNM+RuYp7EKZyxCDjRkipL3aYU --> ssh-ed25519 KVr8rw 8vJTA9ABfwuZyFwhFZD4n187b6gmq7zCLALqp56mFyw -iQ4MtJ1YtYycFi8qCs4N0/nIXccaw2swi9yIvOLmVmA --> ssh-ed25519 fia1eQ hZzB90WDGom3oaOlWlcBg8iAMAfbZGyosgFIa8AiTWI -HekDEc26Y121KRtKLavDD1xKcaClVgn2tGPrgQYWQBo --> ssh-ed25519 Km71ZA uunwnxdg7A6ZGTbV51r5XL/2hJN/VFIUas0TVxid0Xc -zGx6iHfu+rZ9WbtIITtzDk0nzkFCeIRQpdRVoj7dj0E --> ssh-ed25519 IzAMqA 17lTeNgkOhX6iOPix/YeKZyztDHYLu6OIjZOctANpmQ -fu8VIba1ZNy3QvnVk3bPmCA1n6/dcB02epAs0GLb6zE --> ssh-ed25519 uZzB3g I0QOJAnUor5hnoKDlFeSuW82o94zcWcs6VvKTq37lVo -S6o+cem4L12E8V/DzbvL75azwrhLgZJXkxWXuCd4+Z4 --> ssh-ed25519 Hb0ipQ cEsppH2jMi71R0513L/vq7MaFYYWiRrWZKricdhW/H8 -IvRQejJ2AOQAeWUumh4an0LUSBJYMMnOIr9PU8FjYiA --> ssh-ed25519 IzAMqA cL7V3gfdSkpHtkcDhaH0ATTWUzBir09Xhe91wlaGJ14 -GU8IQvHlwyBBONJKufQRwEr7nZy6y36XszV+E97VA94 ---- Nq7IuDZY4GM8UBq0wdEnn/kZEJRdUlmqR75SlX75Q7w -oTjo(RZlmђ&f7;a8B|ӔB/l -g#L"/* ,a.f.Q -ՓoEMV=2q;IawkF\" Q7$.`MRX۰ \ No newline at end of file +-> ssh-ed25519 V1pwNA 69RgNRqfd9pSNuJMr88rzFViy/xYScupvNucY4jOARE +KeTB7nbTiKxS7Bl1UPZ7IoL6XlTKxuEDIaUiZyjrsx4 +-> ssh-ed25519 4PzZog R4dDARo9QpqRG9qKjr2ytkpJYGq/822XdiLEBDFOMk8 +N8WWraxJ0HLAgeFM0b5BPeRB1VIP5paWO12Pgruh9x4 +-> ssh-ed25519 5Nd93w VboljaSRjajrkCp1ilMC6qvDv3+ROE670Hs1iNFKRXo +zUXXzywu/SwRrqmQtNeiq0hoayNDuW18EJuRZY07Z6A +-> ssh-ed25519 q8eJgg VqbE/b/ddDfl4ShxeW3Id3vjXVJBP1KZKnJVUJsElws +y7uUlFXj1UlKnQxs0Xkixv4uLU9xRZXktmY2nID/AFE +-> ssh-ed25519 KVr8rw dCG//gX7lz0frI48guiFNm9TvuoAJ1B9/Q/o4FQiWGo +wZ+QWN+0YK6DXHCtmdxtBDmtkHtNfOBrKac3ADIxK/U +-> ssh-ed25519 fia1eQ 1s5iHrqZ/7TdhC1vU7qwO2Cgr9W1EQRdBwXEm7U+XmU +O8HYon1a/hcQyjEQkjL+uVIvD2aR90k+Ro830hy7QfI +-> ssh-ed25519 IzAMqA IY4TEBaim4AtxO4N+YJApvUlDifcJkcIrH02bUP20yU +lQzfhUpnEuQdBep1ZKxdzZ6kIyP2g/BlJG1WxL8SiJw +-> ssh-ed25519 uZzB3g z/mf484FBG7MNOnAV0iGksnv+NnuEzzfcCRl7UFosjM +a6fCYyU/6Rq3eKXecch64GJQ/a6bVNd5TJYu4SmUgf4 +-> ssh-ed25519 Hb0ipQ rTavA3BBHDOm1oBTOAeB/E/ZfOumL82FFHbqk1c3rlM +VBPFpsqo+j6uhTwaXZtuPvzG/JNo0cS90Av1GfAsYnI +-> ssh-ed25519 IzAMqA xGKLZbl6ErNlp9zH56mnN4cL/YlNakt1qFWqKhOJaxY +iju55ngxSk4IptEnRZ5435ocDloskNIENnkYGbR151I +--- ypGNmAjP0+RusrsXWCdDwWXJiqO6b1gnnzSyLGcQHLo +OMhIt^=Խ5!1 Žo-4+ ^7-{mPK{T"jd/.  MbT{ӈy(*yB˃Uo1æ \ No newline at end of file diff --git a/secrets/forgejo/runners/ssh.age b/secrets/forgejo/runners/ssh.age deleted file mode 100644 index ec1e6ff..0000000 Binary files a/secrets/forgejo/runners/ssh.age and /dev/null differ diff --git a/secrets/forgejo/runners/token1.age b/secrets/forgejo/runners/token1.age deleted file mode 100644 index 723b2c9..0000000 --- a/secrets/forgejo/runners/token1.age +++ /dev/null @@ -1,23 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 V1pwNA ZZzPHXiieqnKeatxqOpOyJJdPCSrpU151rNY3PgewCc -usq82uQE6qxnwb5EYHlfXSl1A+oqV/DZcKlHmheNrLs --> ssh-ed25519 4PzZog GPaAefwdrHHdkDJT4OHYFdmjUbXEQz3lLkGfu2M/c30 -hoWO80LE9PEMkqlQLD4WXIDc9rgX0uMbNzHkiXcVWRM --> ssh-ed25519 dA0vRg 1WCuZ91cuKBZi7gFFVArvvAvMh6aU0AufX2vDHiXvTI -yUUbM5kXyyiNlvV7UWXNNhBe3JZ+ZxdoXf1FRwQiHt4 --> ssh-ed25519 5Nd93w 8HkcjdSrVbg3TQFn/ldlqYEU3aPHFBIcXnzovwMv2Vc -+2kX+X1uYoUnyUyLYLLWeRw99OC3St30ky6Xsf7ls+Y --> ssh-ed25519 q8eJgg moUF6G0Qsz6+vJTMFoKIusiCfapHvaRBdOoB9r2uP00 -limKEFL+4G28+jc5pOiNt1OkpQRzSXKq+3If8/Dfe+E --> ssh-ed25519 KVr8rw /G4TpEFysiCx/eF25IA9gjmX4w1yGM6m2Lx1mTmf0mU -nXIuYPbV3S+0+3Ce45iPeAzZlIr1i0RnGWSLg3KBH5I --> ssh-ed25519 fia1eQ tXV4gH4gIjFYWNxLV0AQVOvahTtvFWK5W6tNZTjA9ig -pxpIIZ4+/ItpG6nolOS7lxGwSkhwq1XvdxePxWsJYCE --> ssh-ed25519 Km71ZA QRM3tBeZJGVMwZ51ZBlxGIzwGOyMB9ppGNq4pUyRsHo -+0QO4JlKaOUH5MY+w02Rq0DDNk76eSD2EVIAvQeiZ9Y --> ssh-ed25519 CqOTGQ Ystm+4YnAlTTYPiHBXVa8lM/MGEfZ3OcmxiT8QcdKSY -F2b5grk6m2sVnhhWF68WxUemgtZHYSIJZ9e7eBKtIjA --> ssh-ed25519 uZzB3g PepFlWAg+221m5eOVoNl1TIRVrS6lpkrQ9Dgce+Grwc -6/8sTiO+P/HgNbB8YyRVylAPPp3lwF4D6FbWWaPSxtE ---- 0PQ3rJZdbEfye9mLMrQJ0jGvJSiZ+9dh9Bv6bpGEBNs -^;Yh=p3>F:2b6+CE63TE.[,['3P 6_| *AQ*jc \ No newline at end of file diff --git a/secrets/forgejo/runners/token2.age b/secrets/forgejo/runners/token2.age deleted file mode 100644 index 5360a17..0000000 --- a/secrets/forgejo/runners/token2.age +++ /dev/null @@ -1,23 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 V1pwNA Lw89KnIDDurZQ0UaqDS1utTrKCGXR+Uxs3od/5n09io -1JECYcXRBNWwzoagvEKeoWoW2d8da15eWPfTD8nKqX0 --> ssh-ed25519 4PzZog LB5CnkEPX2RH8vWdD15KMs/qgNbw3e7G8qCV1CMf8kE -pO77W91WR/8MRPLIuJrLk5ib9CPp7xHuUmTS8fmQ3KM --> ssh-ed25519 dA0vRg QhtuGTY1MEpEjRahnU3WtON6Xda7y3HvGXpB3HcDfBk -6sCAQhU4K2nQ5pMbGYY75TKUXxZ4BKHCb6sOHMAuNEA --> ssh-ed25519 5Nd93w 2QcbhnmxOkTrRUMrHR4X3spMUnsLXN9DDnh49qFAYx0 -SD47vo7tOPWmvXR2wTj+BSsxJUqnlXOu8HlTEOExeC4 --> ssh-ed25519 q8eJgg 9TqmbSDG4KOl14FNZmZKFZ5Q/60K657phquz+qpIgyU -odOvsccHqgXoC7WgKcFjJDm5it9ZGm5ifjU2pt5hQZ4 --> ssh-ed25519 KVr8rw w0fZq3VUrN8wi4UrhMUfrviUiaWl4Ol+tbTXN/urISs -TY+dO2Z6TmN9DBPuo1vyxgeXbDcqZlRoP+Q1IN6O/ks --> ssh-ed25519 fia1eQ 5Aqk1jkUQkomeBioV7LAPMzurJ1dHdYHbzLHXH7mrRQ -j+7aPUOeJAI10FL4DjXKlYEkC25gM7TNy/X5vFk68+8 --> ssh-ed25519 Km71ZA S9le6/bZxnkPVuCLqiYc8VMk8LXlk0BVJUtJYc/CmB4 -DTjvS3wBo+RHy0klprrgKS1wYAMAkfzPkpw/ip7KwpE --> ssh-ed25519 CqOTGQ xba3GuenbljaFEcgaX5UknPWjJSyQOMBaJSGk4VHZg4 -uzGnhgquJHT4+0zop9wNg6Fm8ka/9Ri1yPjw65VnGtA --> ssh-ed25519 uZzB3g WaU+50ui82IQHobA1QB62WX7bnjgxSVy9LAGjYifuHI -H0O4GIRchLil79zqim5v46RT8Xbu5zi0dKSRPiT6kHc ---- vg0SOy4LbcYEcxJMe6lbREFPPcxrRI/dJM7Lx3VC1rQ -bxmV^h0l@^RyS\rյ;@t~UYM)A?ƲW˹m,1I \ No newline at end of file diff --git a/secrets/gitlab/db_pw.age b/secrets/gitlab/db_pw.age index 2c4ae22..cd1ad00 100644 --- a/secrets/gitlab/db_pw.age +++ b/secrets/gitlab/db_pw.age @@ -1,22 +1,18 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA eBmTDM8WFdWOVP2Le1Y4+CZOeSg7e4xcxz0eYuxUWkQ -kXjJVAipfCM1Dp8bsbGK8oul9M0P6BLfR6uAC/MQEQI --> ssh-ed25519 4PzZog Q8DfBkyfVx6p5mrG4yrg7KGJCDoNzWdK7p9p/01OsTM -xEf80sJAlQXlIVngSZJWI/TNG+EXonJoR32duCOXByI --> ssh-ed25519 dA0vRg 5BeYWRbucBHgT2idvjbvffbsx+74xbVRk05f2Qg0Cl4 -56nJgkCp46o0XbBCwcrF5pyEHnlbvZ37tfYbKVjxTOQ --> ssh-ed25519 5Nd93w gL9Qox74O8yoM/a111CKQLaZDXkfwhrjth1PzaGrnTs -F9uyWwr0VO+87bejL4vBsuLko9bHNS626IH5hyPBkoQ --> ssh-ed25519 q8eJgg ql4rSMWPNB+MXNl4cUNC5TuJFYjRv6G6RvXqRLDdtHw -vmJbCOvWOM31FScQQgZXSBNEYh7O08RD8ZO4TZtgu5U --> ssh-ed25519 KVr8rw oE4h+ZaE+/VDLAuvBDsMmXSHDM89vgnFiomODKRGGU0 -j7Xh0YMOhNGhYnl8K1L+mhkuZqHV3oi0noVirHIV6sc --> ssh-ed25519 fia1eQ guH1BFGIkSyaKjP5QTOLIYgtdMdrHTChZdv2uXD6qgY -SHlvS6Xdzsld//ANiSDHbGMrBp4oUztRqRJyVaUw+no --> ssh-ed25519 Km71ZA xP0F1MFUkOZ1yNdBbHj1+qA/E6xM6YJjcBccVkV3rlg -A4JFqXV27j0yju5irMf3lBBQE3fIj7WHK9bzvxZhJxU --> ssh-ed25519 uZzB3g Aikhv5OldExETFRpxoeTx5NoHsZJAm2TAzne9KBr8wM -2BSDOfseGgPiHtAHWUIA/rp9uWAPdCvMsvWHRkkFPro ---- gYotGSlSz4Z/ZrzBWpDlP5Pv+Br8WKNrbibDsvAk1uo -;Ko"C -sOs E&&JGʋm">riӦNlQs.bj 8K4@hAֵʵ(߳YمǝqwU Z$L\Z:K'"ۀ_\'^Th;{ܵ. ssh-ed25519 V1pwNA a2hqKI7aO4y8QLvINHmeFrAeUthzoE3gcsNiJS87yTk +iy7zvTi6gh3/t42Pe+f5ylDx4eq1hINSAFhI3S1wOks +-> ssh-ed25519 4PzZog S4zRlO88rWpco1NY/7yJDQvCtPnRvYjWosE8VNtYkWU +iX+b3W2Pa3kw+ErHo/Qk+ZTH5B8svQTfMcXdN4IWVZY +-> ssh-ed25519 5Nd93w WDwhO/1jtbE+DbLq8BkReY/Vdyhdc35win+n3HMqclM +v2lqyU6RwTm6KX1z99FE78jv1KlyuoAWRG2x/Wq/X6U +-> ssh-ed25519 q8eJgg J7F4QM4iT3+8HbJo4ARh7iLn5/GBptn1wGM7amyr8ms +9DuYiyXOOWzXdlUAO7/rUYuPy9MyyxB88w814aM3XE0 +-> ssh-ed25519 KVr8rw BEBn1R3n2JYWqcjgfO5IIRWnrcPnMtI2E/hQGktypVk +ErzCxi8fht4tWQxzMAvkDnbNUtcbiyBiC9pNdp1vbaY +-> ssh-ed25519 fia1eQ G6EtgOxK54K97LCUNZ8h87WwWwXrn8cKtkCXa75pKGc +M86xqkKJ/DtjB7mIE1gPhoXTYzHp2393w0cZMOHQNQQ +-> ssh-ed25519 uZzB3g /sd3xL4WAKbPxvdqq/fihyAhxkn0FAiBCYydIXB1/VY +/hdi7E2cEU8U82/CVB+OpGacC+OfVpXXYEu6B8bQnB0 +--- HGKIhGq5mH/k6m63FdnLdO2R1fs7o7K/wlP6zBwopL0 +w71׻ }5-g-+GXVpD)Iorңm!]7Z)Ő"tu$zUyJg_Y'94Th_*d%I ssh-ed25519 V1pwNA sIoha/7vcAIuauOaV8gQA1spz0NZWfcc4rr2zgUP2k8 -+XELN1EFpMnDsVYgPnSaRm4qduSY+80RCfEFnBPCj/0 --> ssh-ed25519 4PzZog ffub2ZpZEkysUNemtue5UroJj+/Oxi+nIstX7/txi2w -MsvvInOvekc27UTViomCZbeikTKm1vqTKsanOpeSQ8c --> ssh-ed25519 dA0vRg ymDF91ZONYNjDV5Gktf0at2kUkfYbPSja9iWOqcBxVk -gw7IgyRSVKfxeebADqYH7z+TZJcWIMS3g14U3FrDS7c --> ssh-ed25519 5Nd93w n17TARvCsIOmSp0WjZQEczLCFsAVYf9lDlJDdZeqzFU -gRRE87qCSiKevHShj1k0bw+kwOVblwhMGh94WRYdqIM --> ssh-ed25519 q8eJgg 7ZJM3hSRIaQSpMnE594tD3qsufP0IwI5ngmitx/SW34 -Yibvj3cTOT6TOHSFBgeBwpXbGNFjeYs+oNjbfP3GRgc --> ssh-ed25519 KVr8rw O8njcmXqC4uurmzk0MLECH/pVlVqA0dqM9uL00vKlls -h1dhNulCkCc3O8GmNSt67dxK2XhibTJHxx2loo2Y26s --> ssh-ed25519 fia1eQ NE6qJvq6AK7bIlbq7QSJqQwpGv6cgQFv/L/6MXOQUzI -uk1G8a1cECFkjbt7bjcXOYQDHcTBCQwhyqcTg3pIC0o --> ssh-ed25519 Km71ZA wQh+XFb10AF8fdeDGM3mMJG6N43ej48QML69Xa+xFHQ -eDuMG3MT8EuzS+QCAHLUi1NhRWp67jJamSL5iUQKi9c --> ssh-ed25519 IpLDOw wTE9a1YrhG1NqYTOBoihrNH3xt2fKOmGHvx5liEfeHM -Rv9+kBZamBTDS8XGRaTsuUW/t6p5kYnbfNyyZY5n590 ---- 2HVyulzZ1Z3kQSSDH6HN/mu8uT+u8yohmt0bpe/VNQw -M\$0giSmlgJJ_yJ<.l< c~84vGP$ ˉN{5c \ No newline at end of file +-> ssh-ed25519 V1pwNA LAEKkf1x39PdLIH97OJtIJfTZX1M6gT8No8qqTYPA3c +2iOWDr+BbDIaTz58B7AzN4NWT7RwSb7XkuiVJ57B1j0 +-> ssh-ed25519 4PzZog Cw8kkkTDezUXzQ2gphOAv2jSDKVoERI99A6tytjwv3c +hYNdr4UWSlrn2PwFCBlI0IW3tQClDWcbuNjdAwoteho +-> ssh-ed25519 5Nd93w Pe1qtfWj87qtN6DWuBiB5NoBLI+aSfSgHoq421na720 +7kb4ChNHhvfp7hM9wd4OZWUlm51cE7/RR3IFdomw12g +-> ssh-ed25519 q8eJgg p9LYkhCE37NkSDxV/as4eM7UiiITWcK0GIsXitD0Vi0 +T0m6EuQ5oa7EU4X4Dx+BWyGKH+zm8A28QQUvwiaNPmc +-> ssh-ed25519 KVr8rw XuxmoWmw07yr9Tqi61RMvuwf6oYIVbJUhfT+FgBwgEg +Hzym4T2/f/6A/UYTdIbBavj3hrq3sGCNO7mwewS/mg8 +-> ssh-ed25519 fia1eQ f2XQkWEUmk0n9DtS7vhZt9o3+aPtgiwro8Eu9mcnvmk +/43wuhInhHfSPcFziObogHjyZy6qXr7X1jAPTMzulJI +-> ssh-ed25519 IzAMqA eqAgjVRof9nHZiYzY0m5MRlEzy0LBXxb/yi11K29kkQ +wS86BxKIoT9ZOW1n8Xo6GomhOlRztBp7DpQNv/s9PRs +--- axgiJ8IqNurtt+4iAL6j3mRLi73NnjoG5+TMeIKwjI0 + 9ӊFۄXX_(݊.c{~g}S"92KJ4s4u#1 ~RX/@K8~B \ No newline at end of file diff --git a/secrets/keycloak/pw.age b/secrets/keycloak/pw.age deleted file mode 100644 index 6165130..0000000 --- a/secrets/keycloak/pw.age +++ /dev/null @@ -1,22 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 V1pwNA lV3ABJKTunaYK+s7681CNJBvp0JM/OhSSnkQ2pF5lGk -VokFm+m3stF3HjebxOBmIiWTQqmBaSR+RiWQE6dMQJw --> ssh-ed25519 4PzZog EDXgO1cHPd8xxDbmL/lunkG3McC4a/wzBlFe16ByHS0 -eTNXJMKNSCesEXT0XAuZEhhCyX7eumglnIJ/00y+WTk --> ssh-ed25519 dA0vRg sKq17tK9/rB+VNTYQ/aoTzEcfzeMJTkN+a/Oz0+g9ks -TNrHE3fFaAEMrrJ1264rh3UbJ8jBTxGSaeVPWzX3y3o --> ssh-ed25519 5Nd93w UkQintKS9V/5QH4arHtPKPe33ktNhE4Jl7illmlNuXQ -u0t1110eebk8SYm5e4jI+d1vOSvUCZRJGIqNZ/WmdPs --> ssh-ed25519 q8eJgg uBJUJaR7prW8b/jjhXBjax5lVsnGYpifqZVqExVivyo -hp2Y6RPzNaPZaX4sgOWVStdVWHe8taocUhToaojni4I --> ssh-ed25519 KVr8rw /j1ASDGc0GM7/Rt6RgBj2u2rlARs+iJixYR2gGFvshU -JRPezd9xI6o89hX74agVVLAtX1Lp7dgjkr5ndQfDjSw --> ssh-ed25519 fia1eQ +NO/LIWFudIdovclnaX55jr/x52Rs4sHbP4jxepYHEk -0ykDlD2um8a9gUea1JXrGfP6QsPV+DWIPqfD5cbvCCo --> ssh-ed25519 Km71ZA lAJq3SkNxUWZcmwMWyWrCaCrzyjnJK2A4G2kysZdvGU -wmxgYru5pzJkfkTP8CmI9z8GeqpJdgGO4BmbLWPJ4Jw --> ssh-ed25519 IzAMqA 0yLa+jpL+6w8TvvbFM5IUUrpUncc8HLxuDjKM4t7mC8 -QeeibbBquSOjVimgtszMPTxzgsVUNui1euB4knkzwL0 ---- K9L+f43VUTIuWWMG8Zuzw+27zIPe6l/ortS4i+XhdHc -$sey^$"+ӂM;x?a23/ k'NXiV ",V - @`G% \ No newline at end of file diff --git a/secrets/ldap/details.age b/secrets/ldap/details.age index da4439d..f4e91c8 100644 Binary files a/secrets/ldap/details.age and b/secrets/ldap/details.age differ diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age index 565793e..c5f5459 100644 --- a/secrets/ldap/pw.age +++ b/secrets/ldap/pw.age @@ -1,27 +1,23 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA qDFD8i1k1rzDBYBtXj6sYiQdmfGhDfXS5vMcYRF32Gs -7zO8QwPzrrqH6JPBRuasWwUw2/O1siBySFvHSp5j0n0 --> ssh-ed25519 4PzZog u2Eg6RB/AmN5GtU/d/WfaJPew8reKZnC8C8AZWVnYRY -5tGVoNyuPKbCQSHnEy61rfuG59t1aEY1XQRJNmuj21E --> ssh-ed25519 dA0vRg wkxiozefM16DTQAF7Ts74MP6R7jZ0FormDqg4SJkjzs -ee9kJkSDUwm3feZhBcsUeWvG90Cy6X+qwuL/PpLSKHI --> ssh-ed25519 5Nd93w LwnaKhjUgCrVDxj0G5WTwHuzjN+nWLApK8LBgXeJAxI -WNicDBw71xFfnSn1R9f0XeAnGPHAfc0QCj9yjHk2Ra0 --> ssh-ed25519 q8eJgg fgH9K/UiFJaCiV/NPDu1RbkMMH6tumir0qhO0gfKGTs -bycdxFG/VHcSbd1g9Ou36sZeTdUarIG5Hyn+Nji6MHk --> ssh-ed25519 KVr8rw 1we04j3ymB7zbOJnarg67KzI/yMiQHr1ytBS8PxVywM -Jjq2uJtOAn62PeTJX021zHgCd6yPkxRnSt4IFc/T6Xc --> ssh-ed25519 fia1eQ 3ywHsF86PLUY5Vr4hE4DI62bsGgA3iU4QFEk9SvHWHU -TvkQ/+gQJ3DXnvpD6U+jKS4EG6kIJa+nX08nUJFs1Wg --> ssh-ed25519 Km71ZA IG4kxxGPSU/CvwDfTjlp1hUgmnzRqK+YCYTfd1qLgxA -B3cTR3mZkipgVe9tdU4re/GYuSlSDdI6Bok7yHPhhOQ --> ssh-ed25519 IzAMqA /eXLqE1/nW5vpiaCC+NH3ytm1XrjQPgKo2rR7igOyBE -EUsEQWWTaS3uhOu/ayZNlwYw3vY7Rb2IeYl6QOelmY8 --> ssh-ed25519 uZzB3g 5SrR6ZP2zqFHCLeykkmpeR+Km4/4ml2AcPnOAxgpq1k -BD5IXtf2/S+ME5mPHPu/yQVqQ02+aivLLV84fBSeq+Y --> ssh-ed25519 Hb0ipQ 5z6PimjHhHU2bXtloaoYqcJk0/S/mrmXqs4u8TJjPnE -2I+d+g8Xivns+fT9W9Ws6rYCcMXJamuZ+uBnXcukcFY --> ssh-ed25519 IzAMqA ZwdALhB/2dqaFC4bSqgXNYPbN0hgUKdEmyNyDpDg3F8 -ukgzLa7A0bVryf4GEXtqbAU6uMlEiZC6ZYnNgIdbPAg ---- XF4TF6aDYrTOXdaLTJgns3ZMeVVCO4OO+LSIczz8vag -nX~' #WY!&XsRBȻgiGʶ7}[myzug]_~:9u(y.v?r4e:0?7,ϻK5dP?40S3a G]I)RN! \ No newline at end of file +-> ssh-ed25519 V1pwNA 87SmLeH/I1VzLSj65xOuPZsPDnVl9xliQ5/CVijnYmM +2RNAdkwpR7AHsYrh4/NnANF5oNa6NnKF2TvqiuMrxAA +-> ssh-ed25519 4PzZog BUlnW06UQsJzwcQ3Jtca5Mzgj+iFUunwhisvtIYlv2g +8zGP78Pcw7Sx2mCWAEBf/v8vH3PXqqQ5GmBXvLQN0jk +-> ssh-ed25519 5Nd93w 985aPULvm7eHx4VACN0MU9tkZvuhEGfTse5rCILxCWE +kX2GxHAC1XJe837p6kJtaqnESrNQZgBOnw47zE7enf4 +-> ssh-ed25519 q8eJgg J4Gdo5cacvP19ZyUFSsIQdy6imX6oJDrBIH2nLUC4D4 +d4VhUAvqAyIAYKJjNPg5rsM7GifGQo+nl1+Oyvk7tsQ +-> ssh-ed25519 KVr8rw cmAn4m7om7xJ8ByH1mWE9sG4NZVOOENZYuqh8yly7CM +qgZjhu1fvNbDgbF3xFMqVI0klgZOZ0gEuXU/dq7ZziA +-> ssh-ed25519 fia1eQ xTLCJGaocQf99+Fl6FHXu6hOXLmq2i8aFDoS7RevYV4 +K4JxlKPHjUfQZj9LnVXAryWln2c10lZhrpt4ALCF6k4 +-> ssh-ed25519 IzAMqA VCMeNgMAgywehKU6Fvh9O0nXHWSFD2PkNM8++ZqWYB8 +uCnmYYPiuKt22eplH3Ms0LzBynU1JqMjWDDx9Zep2Q0 +-> ssh-ed25519 uZzB3g OIeb65JzQmV+GPw1RxBYEKrWBovyqD+yUNkvD5ey7Ds +7RlSzUGmwcuV+NwwOIJ1dAsiBk48lD3vbsnq7U/xJks +-> ssh-ed25519 Hb0ipQ s5bT1+VXT8ySjSTCoD6dDqc+cU49SDv1AgUIKmaKcno +oa+M7RQq31nzSccRUdEw1NuHQo4xHaSva6CaIBgz9V8 +-> ssh-ed25519 IzAMqA hvFsxUBn484Uga9+JGPDxsjhZBhmNGlLXn/jX2BxwA4 +pSdMVOfWttPbioa0Pkl2eSjE+TpocHu5+/l0f8IoOFA +--- B28xN6XA1WfkiAYzDCfdKMxbosPv9ad0V/NFX3KeJNw +X1*Hk,2><ÄfiP# ّ3h<MRDASe!2`?0F='ŧCr@XvƘ{"+s[E65Cxxr]d3_1J7ڔ \ No newline at end of file diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age index 047db6e..2a15d74 100644 --- a/secrets/nextcloud/pw.age +++ b/secrets/nextcloud/pw.age @@ -1,21 +1,18 @@ age-encryption.org/v1 --> ssh-ed25519 V1pwNA enzHbYyPDDgq9WliLne6mFBxUJcIGl2lO0EOob+smn0 -+p8zsbFpe5NkZ6ly3mzmwFzLPT6VPCOxCUCMbPzgZeM --> ssh-ed25519 4PzZog hufrzwSjVHi5fI8vhFdqzuJOnabcVkP08RhocQcy2F8 -rkW1//bKw7PDEAsUqHR1RKmB8WJUmb64Tp7XpRgueJs --> ssh-ed25519 dA0vRg u+TEdkFb1kcboFRD2lseVIgwxRPA2UHKKEuY0UAj9G8 -m5RFvFSrr8wJP/3FuUEY4unRHCdcGeNZGy0yd7TmAB4 --> ssh-ed25519 5Nd93w YZGOEyMxBYfiUzSbq+TL6IaZXlrclAFqwJ2ui0AeqQM -L1cQpnMWh/1bI608iNQBQqAWtHuw0oAvew4kFaffM4E --> ssh-ed25519 q8eJgg lGpgxRy5zmacWvhZFJMPArG9xrUaW2pWFDj9i9k68AA -voaccSRi7JRvslMQb184V+GGhLGndfK0MyVy5WdXDVs --> ssh-ed25519 KVr8rw +cDqGXb/EWa3u04LL7SvXUh/bCkkoql0RGNXiqhbVSk -KxgfXCYOuUbUeuGW+bt/+VFC3vLZnKjaZte7tKVlai8 --> ssh-ed25519 fia1eQ AVGkBzg031Pye0QDxoQnw/D2bfaCPTJCTG4vtfZU0DY -3ag9Cg7zlxLcNG0sN9VQfFQNrHnVOrEz4ayYApzy3Iw --> ssh-ed25519 Km71ZA 60en2Z9LvPiEKb6CWbY8V/XO53ABXKOdC/wfk6aSiHI -9E+Pt5I0nRzA7TRXwtEaHR6BsBP15xcQ8mr9kd66PrA --> ssh-ed25519 YFaxCg L2D66ArXKuoZUdYRr5kycmRgs6EG1h1Z/fg+/TjZam8 -DJF4mVbgSqjJxHkhVUv+7e9vTnPtSa4zAa6N18z+CoE ---- fbOoRpYqRSR88ma5/QLdnhzDq91VJfGMapg6BTBl6tw -VQdʾqԥøgϦU)?b;v$V,oxZ67TȚm:X< \ No newline at end of file +-> ssh-ed25519 V1pwNA gR4aFo/u2ow8mMgTInSPElO6gBhgig2s9Wzp+IkGjlY +mVWoBrKH7AihCbdrspCIzPjF8N0kQGDML6pkybH5Y4U +-> ssh-ed25519 4PzZog BhiSfpYVlUgTLX6rHisiyzLOmzrqcZ8JKDqwY1lg+D4 +nSxNNHRYPy0C0ufqa2QMIylMr5IPlPUiDcg+d79KkDA +-> ssh-ed25519 5Nd93w +bZMaaPc0jTIQ/eu/uWWgA41UQnKveaaVjgqoIaAGyw +elodhm0K17eQQInvae1tkkhFY1aPrbTdaRsviYDEBEg +-> ssh-ed25519 q8eJgg LlaIdTPw3c2H8R5mDIIam4Ygvvk5gpgPahNJvf9UnB8 +BN901oRUt0j75RnQZnn4uFiLKEtRhCvFtKHug7Ikg8U +-> ssh-ed25519 KVr8rw Bv9wfs5KP7lvH3Bpnsbzpgzduq1xiQlwVcWndWFL7Qo +LgGA4X5MOelYhpXWfsX95J+YGjcPzL6ISlPKr9ZNv/w +-> ssh-ed25519 fia1eQ WaxlI+aHWQdJs2YtttcQ4TzI3aIlkmdbm21mhv71VRE +yI6QKxZ/TwXRDdaHxt6+ZVldnB7sZRGQFABnd7zeXtE +-> ssh-ed25519 YFaxCg /V6Ab/BqFQ13K0qN1DOfaw8LLGR049s0S/FuK6dL6WA +fZbxvQWiPh/MH4/fOzV5trPL+B4H2o2WtVBIPuFsdLE +--- kUKnoRQARSlp+lGUNu5Zu7KztkK36VZeK9xozWZwmyY +϶tT)Q*12wcvѶ^E~]!TB3? +R}D> u-.9D \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 08d748a..b3aac1b 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,30 +1,27 @@ let admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"; - silver_laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWfVKls31yK1aZeAu5mCE+xycI9Kt3Xoj+gfvEonDg silver@helios"; - silver_laptop_2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmm4CCnpT+tF7vecSrku0+7aDA1z3pQ+PDqZvoCynCR silver@aether"; + silver_laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWfVKls31yK1aZeAu5mCE+xycI9Kt3Xoj+gfvEonDg NixOS Laptop"; silver_desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN34yTh0nk7HAz8id5Z/wiIX3H7ptleDyXy5bfbemico Desktop"; thenobrainer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"; eliza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJaVEGPDxG/0gbYJovPB+tiODgBDUABlgc1OokmF3WA eliza-skynet"; esy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINS2UR/o+nK8lNHHTj5I84ZAAp6P+ZhXqhedMfx0KHE4 "; - esy_root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDxHpsApRyCvuP2ToGm46G308Og8lO7BYPuz+EqHVU5w esy root"; users = [ admin silver_laptop - silver_laptop_2 silver_desktop thenobrainer eliza esy - esy_root ]; agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHOxA3uYcqS5gTrG1hS8XXwehzQYAI2I4iULtU8cXft root@agentjones"; vendetta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvcxiSYE38V1IopHj7Z7ZWP1IqnskYCdhj8yCQohVUM root@vendetta"; vigil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDsz1bjNAThqwF48dKIJGOECsCKHTj/Gn5Gh9XyzoSO root@vigil"; galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea"; + optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus"; glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados"; - wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPlgCGtyvd3xwYg9ZNyjTJNB/LvUSJO01SzN8PGcDLP root@wheatly"; + wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEehcrWqZbTr4+do1ONE9Il/SayP0xXMvhozm845tonN root@wheatly"; kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt"; gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir"; neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFAs6lBJSUBRhtZO3zGKhEIlWvqnHFGAQuQ//9FdAn6 root@neuromancer"; @@ -33,9 +30,6 @@ let cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie"; marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin"; calculon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsmeBfh4Jw2GOL7Iyswzn4TVNzalDbxDgh7WuQotFxR root@calculon"; - ariia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF/x7Zsp9jqxXxxRGLq7ng4HaiZ9o043Bwy4TFPXSs5S root@ariia"; - optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFv0Hb4qfzXUll+Hct1NQOE0bCf0MpE24Cqskd8vAFyj root@optimus"; - bumblebee = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINF31tsOZTEpPFCu4wZvJjxxvgFhRpxvo9SKyDMNWHZu root@bumblebee"; systems = [ agentjones @@ -43,7 +37,6 @@ let vigil galatea optimus - bumblebee glados wheatly kitt @@ -54,7 +47,6 @@ let cadie marvin calculon - ariia ]; dns = [ @@ -79,13 +71,33 @@ let gitlab_runners = [ wheatly - glados ]; grafana = [ - ariia + kitt ]; + # these need dns stuff + webservers = + [ + # ULFM + galatea + # Games + optimus + # skynet is a webserver for users + skynet + # our offical server + earth + + # nix + + calculon + ] + # ldap servers are web facing + ++ ldap + ++ gitlab + ++ nextcloud; + restic = [ neuromancer ]; @@ -102,12 +114,11 @@ let kitt ]; - sso = [ - kitt + nuked = [ + optimus ]; in { # nix run github:ryantm/agenix -- -e secret1.age - "base/root_pass.age".publicKeys = users ++ systems; "dns_certs.secret.age".publicKeys = users ++ systems; "dns_dnskeys.conf.age".publicKeys = users ++ dns; @@ -125,10 +136,6 @@ in { "gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners; "gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners; - "forgejo/runners/token1.age".publicKeys = users ++ gitlab_runners; - "forgejo/runners/token2.age".publicKeys = users ++ gitlab_runners; - "forgejo/runners/ssh.age".publicKeys = users ++ gitlab_runners; - # for ldap "ldap/pw.age".publicKeys = users ++ ldap ++ bitwarden; # for use connectring to teh ldap @@ -137,10 +144,11 @@ in { # everyone has access to this "backup/restic.age".publicKeys = users ++ systems; "backup/restic_pw.age".publicKeys = users ++ restic; + "backup/nuked.age".publicKeys = users ++ nuked; # discord bot and discord + "discord/ldap.age".publicKeys = users ++ ldap ++ discord; "discord/token.age".publicKeys = users ++ discord; - "discord/t-800.age".publicKeys = users ++ discord; # email stuff "email/details.age".publicKeys = users ++ ldap ++ discord; @@ -156,9 +164,6 @@ in { "bitwarden/secret.age".publicKeys = users ++ bitwarden; "bitwarden/details.age".publicKeys = users ++ bitwarden; - # Keycloak/sso - "keycloak/pw.age".publicKeys = users ++ sso; - # grafana "grafana/pw.age".publicKeys = users ++ grafana; } diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age index b014d5f..85b35f3 100644 Binary files a/secrets/stream_ulfm.age and b/secrets/stream_ulfm.age differ diff --git a/secrets/wolves/details.age b/secrets/wolves/details.age index 857f7e5..ef6a233 100644 Binary files a/secrets/wolves/details.age and b/secrets/wolves/details.age differ