Compare commits
1 commit
main
...
#70-loggin
Author | SHA1 | Date | |
---|---|---|---|
152bc676fc |
81 changed files with 927 additions and 1952 deletions
|
@ -1,59 +0,0 @@
|
|||
name: Build_Deploy
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
workflows: [ "Update_Flake" ]
|
||||
types:
|
||||
- completed
|
||||
push:
|
||||
branches:
|
||||
- 'main'
|
||||
paths:
|
||||
- applications/**/*
|
||||
- machines/**/*
|
||||
- secrets/**/*
|
||||
- flake.*
|
||||
- config/**/*
|
||||
- .forgejo/**/*
|
||||
|
||||
jobs:
|
||||
linter:
|
||||
runs-on: nix
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- run: nix fmt -- --check .
|
||||
- run: nix --version
|
||||
|
||||
#if: github.repository == 'Skynet/nixos'
|
||||
build:
|
||||
runs-on: nix
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- run: nix develop
|
||||
# - name: Archive Test Results
|
||||
# if: always()
|
||||
# run: sleep 100m
|
||||
- run: colmena build -v --on @active-dns
|
||||
- run: colmena build -v --on @active-core
|
||||
- run: colmena build -v --on @active
|
||||
- run: colmena build -v --on @active-ext
|
||||
- run: colmena build -v --on @active-gitlab
|
||||
|
||||
deploy_dns:
|
||||
runs-on: nix
|
||||
needs: [ linter, build ]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- run: colmena apply -v --on @active-dns --show-trace
|
||||
shell: bash
|
||||
|
||||
deploy_active:
|
||||
strategy:
|
||||
matrix:
|
||||
batch: [ active-core, active, active-ext ]
|
||||
runs-on: nix
|
||||
needs: [ deploy_dns ]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- run: colmena apply -v --on @${{ matrix.batch }} --show-trace
|
||||
shell: bash
|
|
@ -1,12 +0,0 @@
|
|||
name: Update_Forgejo
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: nix
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- run: colmena apply -v --on @active-gitlab --show-trace
|
||||
shell: bash
|
|
@ -1,31 +0,0 @@
|
|||
name: Update_Flake
|
||||
|
||||
run-name: "[Update Flake] ${{ inputs.input_to_update }}"
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
input_to_update:
|
||||
description: 'Flake input to update'
|
||||
required: false
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
update:
|
||||
runs-on: nix
|
||||
|
||||
permissions:
|
||||
# Give the default GITHUB_TOKEN write permission to commit and push the
|
||||
# added or changed files to the repository.
|
||||
contents: write
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ github.head_ref }}
|
||||
token: ${{ secrets.PIPELINE_TOKEN }}
|
||||
- run: nix flake update ${{ inputs.input_to_update }}
|
||||
shell: bash
|
||||
- uses: https://github.com/stefanzweifel/git-auto-commit-action@v5
|
||||
with:
|
||||
commit_message: "Updated flake for ${{ inputs.input_to_update }}"
|
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -6,9 +6,6 @@
|
|||
*.tmp
|
||||
tmp
|
||||
|
||||
# open office tmp lockfiles
|
||||
.~lock.*
|
||||
|
||||
# Test files
|
||||
test.*
|
||||
*.test.*
|
||||
|
|
|
@ -30,7 +30,7 @@ update:
|
|||
# the part that updates the flake
|
||||
- nix --experimental-features 'nix-command flakes' flake lock --update-input $PACKAGE_NAME
|
||||
- git add flake.lock
|
||||
- git commit -m "Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit"
|
||||
- git commit -m "[skip ci] Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit"
|
||||
# we have a custom domain
|
||||
- git remote rm origin && git remote add origin ssh://git@gitlab.skynet.ie:2222/compsoc1/skynet/nixos.git
|
||||
- git push origin HEAD:$CI_COMMIT_REF_NAME
|
||||
|
@ -48,14 +48,12 @@ sync_repos:
|
|||
- chmod +x ./sync.sh
|
||||
- ./sync.sh
|
||||
rules:
|
||||
- if: $UPDATE_FLAKE == "yes"
|
||||
when: never
|
||||
- if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
||||
changes:
|
||||
- changes:
|
||||
- sync/repos.csv
|
||||
|
||||
.scripts_base: &scripts_base
|
||||
# load nix environment
|
||||
- git pull origin $CI_COMMIT_REF_NAME
|
||||
- . "$HOME/.nix-profile/etc/profile.d/nix.sh"
|
||||
- nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#colmena
|
||||
|
||||
|
@ -70,8 +68,6 @@ sync_repos:
|
|||
- nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#attic-client
|
||||
- attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY
|
||||
- attic use skynet-cache
|
||||
# add any new items to the cache
|
||||
- attic watch-store skynet-cache &
|
||||
|
||||
# every commit on main will build and deploy
|
||||
.build_template: &builder
|
||||
|
@ -81,8 +77,6 @@ sync_repos:
|
|||
- *scripts_base
|
||||
- *scripts_cache
|
||||
rules:
|
||||
- if: $UPDATE_FLAKE == "yes"
|
||||
when: never
|
||||
- changes:
|
||||
- applications/**/*
|
||||
- machines/**/*
|
||||
|
@ -98,8 +92,6 @@ sync_repos:
|
|||
- *scripts_base
|
||||
- *scripts_cache
|
||||
rules:
|
||||
- if: $UPDATE_FLAKE == "yes"
|
||||
when: never
|
||||
- if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
||||
changes:
|
||||
- flake.nix
|
||||
|
@ -119,7 +111,7 @@ build:
|
|||
<<: *builder
|
||||
stage: test
|
||||
script:
|
||||
- nix --extra-experimental-features 'nix-command flakes' develop
|
||||
- attic watch-store skynet-cache &
|
||||
- colmena build -v --on @active-dns
|
||||
- colmena build -v --on @active-core
|
||||
- colmena build -v --on @active
|
||||
|
@ -161,6 +153,7 @@ deploy_ext:
|
|||
- deploy_dns
|
||||
script:
|
||||
- colmena apply -v --on @active-ext
|
||||
allow_failure: true
|
||||
|
||||
deploy_gitlab:
|
||||
<<: *builder
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
Rule,Action,Ticket,Status,Source_IP,Source_Server,Destination_IP,Destination_Server,Port_TCP,Port_UDP,Notes
|
||||
SKYNET_FIREWALL_00000,Add,,Complete,VPN,-,93.1.99.71 - 193.1.99.126,All,22,-,sftp/ssh required from vpn to servers for admins
|
||||
SKYNET_FIREWALL_00001,Add,,Complete,All,-,193.1.99.109,SKYNET00004,-,53,Nameserver for skynet.ie
|
||||
SKYNET_FIREWALL_00002,Add,,Complete,All,-,193.1.99.111,SKYNET00005,"80, 443, 8000",-,"ULFM, http(s) for internet streaming, 8000 for connecting to the server."
|
||||
SKYNET_FIREWALL_00003,Add,,Complete,All,-,193.1.99.112,SKYNET00006,"80, 443, 25565",-,"Games host, Minecraft uses 25565 (will have more ports in the future)"
|
||||
SKYNET_FIREWALL_00004,Add,,Complete,All,-,193.1.99.120,SKYNET00002,-,53,Nameserver for skynet.ie
|
||||
SKYNET_FIREWALL_00005,Add,i23-01-19_681,Complete,193.1.99.72,SKYNET00001,All,-,-,-,Allow outbound access
|
||||
SKYNET_FIREWALL_00006,Add,i23-01-19_681,Complete,193.1.99.75,SKYNET00008,All,-,-,-,Allow outbound access
|
||||
SKYNET_FIREWALL_00007,Add,i23-01-19_681,Complete,193.1.99.109,SKYNET00004,All,-,-,-,Allow outbound access
|
||||
SKYNET_FIREWALL_00008,Add,i23-01-19_681,Complete,193.1.99.111,SKYNET00005,All,-,-,-,Allow outbound access
|
||||
SKYNET_FIREWALL_00009,Add,i23-01-19_681,Complete,193.1.99.112,SKYNET00006,All,-,-,-,Allow outbound access
|
||||
SKYNET_FIREWALL_00010,Add,i23-01-19_681,Complete,193.1.99.120,SKYNET00002,All,-,-,-,Allow outbound access
|
||||
SKYNET_FIREWALL_00011,Add,i23-05-18_249,Complete,All,-,193.1.99.75,SKYNET00008,"80, 443",-,For gitlab Access
|
||||
SKYNET_FIREWALL_00012,Add,i23-05-18_249,Complete,193.1.99.72 - 193.1.99.126,-,All,-,-,-,"I would also like to extend the outbound access to cover our entire range (193.1.99.72 to 193.1.99.126) to allow for setup for more servers on those ip's (need to download updates and packages).
|
||||
I have a few servers I plan to setup over the next two weeks, one after another as the later ones depend on earlier ones.
|
||||
In such a case asking for permission for each individual IP would induce several tickets and a few weeks of paperwork going through change control.
|
||||
Only a few of these sevices will need inbound ports opened on ITD's firewall, which can be requested when the systems are up, running and secured."
|
||||
SKYNET_FIREWALL_00013,Add,i23-05-18_249,Complete,All,-,193.1.99.76,SKYNET00009,"143, 993, 587, 465",-,Email Server
|
||||
SKYNET_FIREWALL_00014,Add,i23-06-19_525,Complete,All,-,193.1.99.76,SKYNET00009,"80, 443, 25",-,"Mailserver here, SPF, DKIM and DMARC are all set up"
|
||||
SKYNET_FIREWALL_00015,Add,i23-06-19_525,Complete,All,-,193.1.99.79,SKYNET00011,"80, 443",-,Main Skynet webserver
|
||||
SKYNET_FIREWALL_00016,Add,i23-06-30_024,Complete,All,-,193.1.96.165,SKYNET00012,22,-,"Skynet user's server
|
||||
Outlet is 131 or 132"
|
||||
SKYNET_FIREWALL_00017,Add,i23-06-30_024,Complete,193.1.96.165,SKYNET00012,193.1.99.120,SKYNET00002,-,53,Allow Skynet server to use our own internal DNS
|
||||
SKYNET_FIREWALL_00018,Add,i23-06-30_024,Complete,193.1.96.165,SKYNET00012,193.1.99.74,SKYNET00007,389/636,-,Allow Skynet server to access LDAP
|
||||
,Add,i23-07-28_010,Denied,All,-,193.1.99.74,SKYNET00007,"80, 443",-,Self Service site for Skynet accounts – Only 443 on account modification pages
|
||||
SKYNET_FIREWALL_00019,Add,i23-07-28_010,Complete,All,-,193.1.99.74,SKYNET00007,443,-,Self Service site for Skynet accounts
|
||||
SKYNET_FIREWALL_00020,Add,i23-09-05_639,Complete,All,-,193.1.96.165,SKYNET00012,"80, 443",-,Web hosting for user sites
|
||||
SKYNET_FIREWALL_00021,Add,i23-10-27_014,Complete,All,-,193.1.99.77,SKYNET00014,"80, 443",-,"Nextcloud, selfhosted google services, filestorage and documents"
|
||||
SKYNET_FIREWALL_00022,Add,i24-02-01_102,Complete,193.1.96.165,SKYNET00012,103.1.99.109,SKYNET00004,-,53,Give the Skynet server access to ur secondary DNS
|
||||
SKYNET_FIREWALL_00023,Add,i24-02-01_102,Complete,193.1.99.78,SKYNET00010,193.1.96.165,SKYNET00012,22,-,Allow our gitlab runner to access and deploy to teh external server
|
||||
SKYNET_FIREWALL_00024,Add,i24-02-16_065,Complete,All,-,193.1.99.90,SKYNET00016,"80, 443",-,Games Server Administrative panel
|
||||
SKYNET_FIREWALL_00025,Add,i24-02-16_065,Complete,All,-,193.1.99.91,SKYNET00017,25518-25525,"19132, 24418-24425",Minecraft Games server
|
||||
SKYNET_FIREWALL_00026,Add,i24-06-04_017,Complete,All,-,193.1.99.76,SKYNET00009,4190,-,"Email sieve to allow members to add email filters to their
|
||||
skynet mail."
|
||||
SKYNET_FIREWALL_00027,Add,i24-06-04_017,Complete,All,-,193.1.99.82,SKYNET00018,80/443,-,"Public services such as a binary cache, open governance and keyserver"
|
||||
,Add,i24-06-04_017,Denied,All,-,193.1.99.90,SKYNET00016,8080,-,"Websocket for admin panel on games management server
|
||||
Denied because more information on wat it was for was requested"
|
||||
,Add,i24-06-04_017,Denied,193.1.99.74,SKYNET00007,193.1.96.165,SKYNET00012,9000-9020,-,"Metrics collection, not done because not enough info provided"
|
||||
SKYNET_FIREWALL_00028,Remove,i24-06-04_017,Complete,-,-,193.1.99.112,SKYNET00019,25565,-,No longer the minecraft game host
|
||||
SKYNET_FIREWALL_00029,Add,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Websocket for admin panel on games management server
|
||||
SKYNET_FIREWALL_00030,Add,i24-06-04_017,Complete,193.1.99.83,SKYNET00020,193.1.96.165,SKYNET00012,9000-9010,-,Metrics Collection
|
||||
SKYNET_FIREWALL_00031,Add,i24-06-04_017,Complete,All,-,193.1.99.83,SKYNET00020,"80, 443",-,Web interface for Metrics server
|
||||
SKYNET_FIREWALL_00032,Remove,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Had incorrectly opened 8080 on the main panel
|
||||
SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server
|
||||
,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet'
|
|
|
@ -1,22 +0,0 @@
|
|||
Index,Name,Status,IP_Address,OS,Description
|
||||
SKYNET00001,agentjones,Active,193.1.99.72,Nixos-24.05,Firewall (currently not active)
|
||||
SKYNET00002,vendetta,Active,193.1.99.120,Nixos-24.05,DNS Nameserver 1
|
||||
SKYNET00003,jarvis,Active,193.1.99.73,Nixos-24.05,VM Host
|
||||
SKYNET00004,vigil,Active,193.1.99.109,Nixos-24.05,DNS Nameserver 2
|
||||
SKYNET00005,galatea,Active,193.1.99.111,Nixos-24.05,ULFM Radio
|
||||
SKYNET00006,optimus,Retired,193.1.99.112,Nixos-24.05,Retired Games server
|
||||
SKYNET00007,kitt,Active,193.1.99.74,Nixos-24.05,"LDAP and Self-Service Password/Account management, also hosts our Discord bot"
|
||||
SKYNET00008,glados,Active,193.1.99.75,Nixos-24.05,Gitlab server
|
||||
SKYNET00009,gir,Active,193.1.99.76,Nixos-24.05,Email and Webmail
|
||||
SKYNET00010,wheatly,Active,193.1.99.78,Nixos-24.05,Gitlab Runner
|
||||
SKYNET00011,earth,Active,193.1.99.79,Nixos-24.05,Offical website host
|
||||
SKYNET00012,skynet,Active,193.1.96.165,Nixos-24.05,Skynet server. (DMZ)
|
||||
SKYNET00013,neuromancer,Active,193.1.99.80,Nixos-24.05,Local Backup Server
|
||||
SKYNET00014,cadie,Active,193.1.99.77,Nixos-24.05,"Services VM, has nextcloud to start with"
|
||||
SKYNET00015,marvin,Active,193.1.99.81,Nixos-24.05,Trainee testing server
|
||||
SKYNET00016,optimus,Active,193.1.99.90,Debian-12,Games server manager (replacing SKYNET00006 soon)
|
||||
SKYNET00017,bumblebee,Active,193.1.99.91,Debian-12,Game server - Minecraft
|
||||
SKYNET00018,calculon,Active,193.1.99.82,Nixos-24.05,"Public Services such as binary cache, Open Governance and Keyserver"
|
||||
SKYNET00019,deepthought,Active,193.1.99.112,Nixos-24.05,Backup Test Server using restic
|
||||
SKYNET00020,ariia,Active,193.1.99.83,Nixos-24.05,"Metrics, Grafana and Prometheus"
|
||||
SKYNET00021,ash,Active,193.1.99.114,NA,Server Room Network access
|
|
|
@ -1,6 +0,0 @@
|
|||
Index,First Name,Surname,UL Student Email
|
||||
SKYNET_VPN_ADM_001,Brendan,Golden,12136891@studentmail.ul.ie
|
||||
SKYNET_VPN_ADM_002,Evan,Cassidy,External
|
||||
SKYNET_VPN_ADM_003,Eoghan,Conlon,21310262@studentmail.ul.ie
|
||||
SKYNET_VPN_ADM_004,Eliza,Macovei,23382619@studentmail.ul.ie
|
||||
SKYNET_VPN_ADM_005,Daragh,Downes,22351159@studentmail.ul.ie
|
|
|
@ -1,7 +0,0 @@
|
|||
Date,Date Modified,Action,Ticket,ID
|
||||
SKYNET_VPN_ADM_CHANGE_001,2023/04/04,Added,,SKYNET_VPN_ADM_001
|
||||
SKYNET_VPN_ADM_CHANGE_002,2023/04/04,Added,,SKYNET_VPN_ADM_002
|
||||
SKYNET_VPN_ADM_CHANGE_003,2023/04/04,Added,,SKYNET_VPN_ADM_003
|
||||
SKYNET_VPN_ADM_CHANGE_003,2024/07/21,Removed,i24-07-22_760,SKYNET_VPN_ADM_003
|
||||
SKYNET_VPN_ADM_CHANGE_004,2024/07/21,Added,i24-07-22_760,SKYNET_VPN_ADM_004
|
||||
SKYNET_VPN_ADM_CHANGE_005,2024/07/21,Added,i24-07-22_760,SKYNET_VPN_ADM_005
|
|
19
ITD_Firewall.csv
Normal file
19
ITD_Firewall.csv
Normal file
|
@ -0,0 +1,19 @@
|
|||
Index,Status,Name,IP_Address,DNS_Name,Ports TCP,Ports UDP,Tunnel,Ports_Requested,Related_Tickets,Description
|
||||
SKYNET00001,Active,agentjones,193.1.99.72,agentjones,,,,,,Firewall (currently not active)
|
||||
SKYNET00002,Active,vendetta,193.1.99.120,vendetta/ns1,,53,,,,DNS Nameserver 1
|
||||
SKYNET00003,Active,jarvis,193.1.99.73,jarvis,,,,,,VM Host
|
||||
SKYNET00004,Active,vigil,193.1.99.109,vigil/ns2,,53,,,,DNS Nameserver 2
|
||||
SKYNET00005,Active,galatea,193.1.99.111,galatea/stream,80/443 8000,,,,,ULFM Radio
|
||||
SKYNET00006,Retired,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,,,,,Retired Games server
|
||||
SKYNET00007,Active,kitt,193.1.99.74,kitt/account/api.account,443,,,-> skynet:9000-9020,i23-07-28_010,"LDAP and Self-Service Password/Account management, also hosts our Discord bot"
|
||||
SKYNET00008,Active,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,,,,i23-05-18_249,Gitlab server
|
||||
SKYNET00009,Active,gir,193.1.99.76,gir/mail/imap/pop3/smtp,80/443 25/143/993/587/465,,,4190,i23-06-19_525/i23-06-19_525,Email and Webmail
|
||||
SKYNET00010,Active,wheatly,193.1.99.78,wheatly,,,-> skynet:22,,,Gitlab Runner
|
||||
SKYNET00011,Active,earth,193.1.99.79,earth,80/443,,,,i23-06-19_525,Offical website host
|
||||
SKYNET00012,Active,skynet,193.1.96.165,skynet/*.users,22 80/443,,,,i23-06-30_024,Skynet server. (DMZ)
|
||||
SKYNET00013,Active,neuromancer,193.1.99.80,neuromancer,,,,,,Local Backup Server
|
||||
SKYNET00014,Active,cadie,193.1.99.77,cadie/nextcloud/onlyoffice.nextcloud,80/443,,,,i23-10-27_014,"Services VM, has nextcloud to start with"
|
||||
SKYNET00015,Active,marvin,193.1.99.81,marvin,,,,,,Trainee testing server
|
||||
SKYNET00016,Active,optimus,193.1.99.90,,80/443,,,8080,i24-02-16_065,Games server manager (replacing SKYNET00006 soon)
|
||||
SKYNET00017,Active,bumblebee,193.1.99.91,,25518-25525,19132 24418-24425,,,i24-02-16_065,Game server - Minecraft
|
||||
SKYNET00018,Active,calculon,193.1.99.82,,,,,80/443,,"Public Services such as binary cache, Open Governance and Keyserver"
|
|
9
LICENSE
9
LICENSE
|
@ -1,9 +0,0 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2024 Skynet
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
@ -1,6 +1,5 @@
|
|||
https://web.archive.org/web/20180815150202/https://wiki.skynet.ie/Admin/SkynetMachines
|
||||
https://en.m.wikipedia.org/wiki/Category:Fictional_artificial_intelligences
|
||||
https://en.wikipedia.org/wiki/List_of_artificial_intelligence_films
|
||||
|
||||
* agentsmith
|
||||
* skynet
|
||||
|
|
|
@ -9,24 +9,9 @@ with lib; let
|
|||
cfg = config.services.skynet;
|
||||
in {
|
||||
imports = [
|
||||
# every server needs to have a dns record
|
||||
./dns/dns.nix
|
||||
|
||||
# every server should have proper certs
|
||||
./acme.nix
|
||||
./dns.nix
|
||||
./nginx.nix
|
||||
|
||||
# every server may need the firewall config stuff
|
||||
./firewall.nix
|
||||
|
||||
# every server needs teh ldap client for admins
|
||||
./ldap/client.nix
|
||||
|
||||
# every server will need the config to backup to
|
||||
./restic.nix
|
||||
|
||||
# every server will be monitored for grafana
|
||||
./prometheus.nix
|
||||
];
|
||||
|
||||
options.services.skynet = {
|
||||
|
|
|
@ -10,6 +10,7 @@ with lib; let
|
|||
cfg = config.services.skynet."${name}";
|
||||
in {
|
||||
imports = [
|
||||
./dns.nix
|
||||
./nginx.nix
|
||||
./games/minecraft.nix
|
||||
];
|
||||
|
|
|
@ -13,6 +13,10 @@ with lib; let
|
|||
short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
|
||||
in {
|
||||
imports = [
|
||||
../acme.nix
|
||||
../dns.nix
|
||||
../firewall.nix
|
||||
../nginx.nix
|
||||
inputs.arion.nixosModules.arion
|
||||
];
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ in {
|
|||
certs = {
|
||||
"skynet" = {
|
||||
domain = "skynet.ie";
|
||||
extraDomainNames = lists.naturalSort cfg.domains;
|
||||
extraDomainNames = cfg.domains;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -13,6 +13,9 @@ with lib; let
|
|||
domain = "${domain_sub}.skynet.ie";
|
||||
in {
|
||||
imports = [
|
||||
../acme.nix
|
||||
../dns.nix
|
||||
../nginx.nix
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
|
|
|
@ -21,6 +21,7 @@ in {
|
|||
#backups = [ "/etc/silver_ul_ical/database.db" ];
|
||||
|
||||
age.secrets.discord_token.file = ../secrets/discord/token.age;
|
||||
age.secrets.discord_ldap.file = ../secrets/discord/ldap.age;
|
||||
age.secrets.discord_mail.file = ../secrets/email/details.age;
|
||||
age.secrets.discord_wolves.file = ../secrets/wolves/details.age;
|
||||
|
||||
|
@ -30,9 +31,12 @@ in {
|
|||
|
||||
env = {
|
||||
discord = config.age.secrets.discord_token.path;
|
||||
ldap = config.age.secrets.discord_ldap.path;
|
||||
mail = config.age.secrets.discord_mail.path;
|
||||
wolves = config.age.secrets.discord_wolves.path;
|
||||
};
|
||||
|
||||
discord.server = "689189992417067052";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -3,42 +3,19 @@
|
|||
pkgs,
|
||||
config,
|
||||
nodes,
|
||||
self,
|
||||
...
|
||||
}: let
|
||||
name = "dns";
|
||||
cfg = config.services.skynet."${name}";
|
||||
|
||||
# reads that date to a string (will need to be fixed in 2038)
|
||||
current_date = self.lastModified;
|
||||
|
||||
# this gets a list of all domains we have records for
|
||||
domains = lib.lists.naturalSort (lib.lists.unique (
|
||||
lib.lists.forEach records (x: x.domain)
|
||||
));
|
||||
|
||||
# get the ip's of our servers
|
||||
servers = lib.lists.naturalSort (lib.lists.unique (
|
||||
lib.lists.forEach (sort_records_a_server records) (x: x.value)
|
||||
));
|
||||
|
||||
domains_owned = [
|
||||
# for historic reasons we own this
|
||||
"csn.ul.ie"
|
||||
# the main one we use now
|
||||
"skynet.ie"
|
||||
# a backup
|
||||
"ulcompsoc.ie"
|
||||
];
|
||||
current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}";
|
||||
|
||||
# gets a list of records that match this type
|
||||
filter_records_type = records: r_type: builtins.filter (x: x.r_type == r_type) records;
|
||||
# Get all the A records that are for servers (base record for them)
|
||||
filter_records_a_server = records: builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type records "A");
|
||||
# Every other A record
|
||||
filter_records_a = records: builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type records "A");
|
||||
filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records;
|
||||
filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A");
|
||||
filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A");
|
||||
|
||||
# These functions are to get the final 3 digits of an IP address so we can use them for reverse pointer
|
||||
process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x);
|
||||
process_ptr_sub = record: {
|
||||
record = builtins.substring 9 3 record.record;
|
||||
|
@ -47,100 +24,87 @@
|
|||
};
|
||||
ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip);
|
||||
|
||||
# filter and sort records so we cna group them in the right place later
|
||||
sort_records_a_server = records: builtins.sort (a: b: a.record < b.record) (filter_records_a_server records);
|
||||
sort_records_a = records: builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) (filter_records_a records);
|
||||
sort_records_cname = records: builtins.sort (a: b: a.value < b.value) (filter_records_type records "CNAME");
|
||||
sort_records_ptr = records: builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type records "PTR"));
|
||||
sort_records_srv = records: builtins.sort (a: b: a.record < b.record) (filter_records_type records "SRV");
|
||||
sort_records_server = builtins.sort (a: b: a.record < b.record) filter_records_server;
|
||||
sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a;
|
||||
sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME");
|
||||
sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR"));
|
||||
sort_records_srv = builtins.sort (a: b: a.record < b.record) (filter_records_type "SRV");
|
||||
|
||||
# a tad overkill but type guarding is useful
|
||||
max = x: y:
|
||||
assert builtins.isInt x;
|
||||
assert builtins.isInt y;
|
||||
if x < y
|
||||
then y
|
||||
else x;
|
||||
format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records;
|
||||
|
||||
# get teh max length of a list of strings
|
||||
max_len = records: lib.lists.foldr (a: b: (max a b)) 0 (lib.lists.forEach records (record: lib.strings.stringLength record.record));
|
||||
|
||||
# Now that we can get teh max lenth of a list of strings
|
||||
# we can pad it out to the max len +1
|
||||
# this is so that teh generated file is easier for a human to read
|
||||
format_records = records: let
|
||||
offset = (max_len records) + 1;
|
||||
in
|
||||
lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records;
|
||||
|
||||
# small function to add spaces until it reaches teh required length
|
||||
# small function to trim it down a tad
|
||||
padString = text: length: fixedWidthString_post length " " text;
|
||||
|
||||
# like lib.strings.fixedWidthString but postfix
|
||||
# recursive function to extend a string up to a limit
|
||||
fixedWidthString_post = width: filler: str: let
|
||||
strw = lib.stringLength str;
|
||||
reqWidth = width - (lib.stringLength filler);
|
||||
in
|
||||
# this is here because we were manually setting teh length, now max_len does that for us
|
||||
assert lib.assertMsg (strw <= width) "fixedWidthString_post: requested string length (${toString width}) must not be shorter than actual length (${toString strw})";
|
||||
if strw == width
|
||||
then str
|
||||
else (fixedWidthString_post reqWidth filler str) + filler;
|
||||
|
||||
# base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
|
||||
# ";" are comments in this file
|
||||
get_config_file = (
|
||||
domain: records: ''
|
||||
domain: ''
|
||||
$TTL 60 ; 1 minute
|
||||
; hostmaster@skynet.ie is an email address that recieves stuff related to dns
|
||||
@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
|
||||
; hostmaster@${domain} is an email address that recieves stuff related to dns
|
||||
@ IN SOA ${nameserver}.${domain}. hostmaster.${domain}. (
|
||||
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
|
||||
${toString current_date}
|
||||
${current_date}
|
||||
600 ; Refresh (10 minutes)
|
||||
300 ; Retry (5 minutes)
|
||||
604800 ; Expire (1 week)
|
||||
3600 ; Minimum (1 hour)
|
||||
)
|
||||
|
||||
; @ stands for teh root domain so teh A record below is where ${domain} points to
|
||||
@ NS ns1.skynet.ie.
|
||||
@ NS ns2.skynet.ie.
|
||||
@ NS ns1.${domain}.
|
||||
@ NS ns2.${domain}.
|
||||
; @ stands for teh root domain so teh A record below is where ${domain} points to
|
||||
;@ A 193.1.99.76
|
||||
;@ MX 5 ${domain}.
|
||||
|
||||
; can have multiple mailserves
|
||||
@ MX 10 mail.${domain}.
|
||||
|
||||
|
||||
; ------------------------------------------
|
||||
; Server Names (A Records)
|
||||
; ------------------------------------------
|
||||
${format_records (sort_records_a_server records)}
|
||||
${format_records sort_records_server 31}
|
||||
|
||||
; ------------------------------------------
|
||||
; A (non server names
|
||||
; ------------------------------------------
|
||||
${format_records (sort_records_a records)}
|
||||
${format_records sort_records_a 31}
|
||||
|
||||
; ------------------------------------------
|
||||
; CNAMES
|
||||
; ------------------------------------------
|
||||
${format_records (sort_records_cname records)}
|
||||
${format_records sort_records_cname 31}
|
||||
|
||||
; ------------------------------------------
|
||||
; TXT
|
||||
; ------------------------------------------
|
||||
${format_records (filter_records_type records "TXT")}
|
||||
${format_records (filter_records_type "TXT") 31}
|
||||
|
||||
; ------------------------------------------
|
||||
; MX
|
||||
; ------------------------------------------
|
||||
${format_records (filter_records_type records "MX")}
|
||||
${format_records (filter_records_type "MX") 31}
|
||||
|
||||
; ------------------------------------------
|
||||
; SRV
|
||||
; ------------------------------------------
|
||||
${format_records (sort_records_srv records)}
|
||||
${format_records sort_records_srv 65}
|
||||
|
||||
|
||||
''
|
||||
);
|
||||
|
||||
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse
|
||||
# config for our reverse dns pointers (not properly working)
|
||||
# config for our reverse dnspointers (not properly working)
|
||||
get_config_file_rev = (
|
||||
domain: ''
|
||||
$ORIGIN 64-64.99.1.193.in-addr.arpa.
|
||||
|
@ -148,7 +112,7 @@
|
|||
; hostmaster@skynet.ie is an email address that recieves stuff related to dns
|
||||
@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
|
||||
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
|
||||
${toString current_date}
|
||||
${current_date}
|
||||
600 ; Refresh (10 minutes)
|
||||
300 ; Retry (5 minutes)
|
||||
604800 ; Expire (1 week)
|
||||
|
@ -161,37 +125,55 @@
|
|||
; ------------------------------------------
|
||||
; PTR
|
||||
; ------------------------------------------
|
||||
${format_records (sort_records_ptr records)}
|
||||
${format_records sort_records_ptr 3}
|
||||
''
|
||||
);
|
||||
|
||||
# arrays of teh two nameservers
|
||||
nameserver_1 = ["193.1.99.109"];
|
||||
nameserver_2 = ["193.1.99.120"];
|
||||
# domains we dont have proper ownship over, only here to ensure the logs dont get cluttered.
|
||||
get_config_file_old_domains = (
|
||||
domain: ''
|
||||
$TTL 60 ; 1 minute
|
||||
; hostmaster@skynet.ie is an email address that recieves stuff related to dns
|
||||
@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
|
||||
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
|
||||
${current_date}
|
||||
600 ; Refresh (10 minutes)
|
||||
300 ; Retry (5 minutes)
|
||||
604800 ; Expire (1 week)
|
||||
3600 ; Minimum (1 hour)
|
||||
)
|
||||
|
||||
@ NS ns1.skynet.ie.
|
||||
@ NS ns2.skynet.ie.
|
||||
|
||||
''
|
||||
);
|
||||
|
||||
# arrys of teh two nameservers
|
||||
tmp1 = ["193.1.99.109"];
|
||||
tmp2 = ["193.1.99.120"];
|
||||
|
||||
primaries = (
|
||||
if cfg.server.primary
|
||||
then
|
||||
# primary servers have no primaries (ones they listen to)
|
||||
[]
|
||||
else if builtins.elem cfg.server.ip nameserver_1
|
||||
then nameserver_2
|
||||
else nameserver_1
|
||||
else if builtins.elem cfg.server.ip tmp1
|
||||
then tmp2
|
||||
else tmp1
|
||||
);
|
||||
|
||||
secondaries = (
|
||||
if cfg.server.primary
|
||||
then
|
||||
if builtins.elem cfg.server.ip nameserver_1
|
||||
then nameserver_2
|
||||
else nameserver_1
|
||||
if builtins.elem cfg.server.ip tmp1
|
||||
then tmp2
|
||||
else tmp1
|
||||
else []
|
||||
);
|
||||
|
||||
# small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router
|
||||
# now limited explicitly to servers that we are administering
|
||||
# See i24-09-30_050 for more information
|
||||
create_cache_networks = map (x: "${toString x}/32") servers;
|
||||
create_cache_networks = map (x: "193.1.99.${toString x}/32") (lib.lists.range 71 126);
|
||||
|
||||
# standard function to create the etc file, pass in the text and domain and it makes it
|
||||
create_entry_etc_sub = domain: text: {
|
||||
|
@ -203,38 +185,27 @@
|
|||
# The UNIX file mode bits
|
||||
mode = "0664";
|
||||
|
||||
# content of the file
|
||||
text = text;
|
||||
};
|
||||
};
|
||||
# (text.owned "csn.ul.ie")
|
||||
|
||||
# standard function to create the etc file, pass in the text and domain and it makes it
|
||||
create_entry_etc = domain: type: let
|
||||
domain_records = lib.lists.filter (x: x.domain == domain) records;
|
||||
in
|
||||
# this is the main type of record that most folks are used to
|
||||
create_entry_etc = domain: type:
|
||||
if type == "owned"
|
||||
then create_entry_etc_sub domain (get_config_file domain domain_records)
|
||||
# reverse lookups allow for using an IP to find domains pointing to it
|
||||
then create_entry_etc_sub domain (text.owned domain)
|
||||
else if type == "reverse"
|
||||
then create_entry_etc_sub domain (get_config_file_rev domain)
|
||||
then create_entry_etc_sub domain (text.reverse domain)
|
||||
else if type == "old"
|
||||
then create_entry_etc_sub domain (text.old domain)
|
||||
else {};
|
||||
|
||||
create_entry_zone = domain: let
|
||||
if_primary_and_owned =
|
||||
if cfg.server.primary && (lib.lists.any (item: item == domain) domains_owned)
|
||||
then ''
|
||||
allow-update { key rfc2136key.skynet.ie.; };
|
||||
dnssec-policy default;
|
||||
inline-signing yes;
|
||||
''
|
||||
else "";
|
||||
in {
|
||||
create_entry_zone = domain: extraConfig: {
|
||||
"${domain}" = {
|
||||
extraConfig = ''
|
||||
${if_primary_and_owned}
|
||||
${extraConfig}
|
||||
// for bumping the config
|
||||
// ${toString current_date}
|
||||
// ${current_date}
|
||||
'';
|
||||
# really wish teh nixos config didnt use master/slave
|
||||
master = cfg.server.primary;
|
||||
|
@ -247,16 +218,69 @@
|
|||
};
|
||||
};
|
||||
|
||||
text = {
|
||||
owned = domain: get_config_file domain;
|
||||
reverse = domain: get_config_file_rev domain;
|
||||
old = domain: get_config_file_old_domains domain;
|
||||
};
|
||||
|
||||
extraConfig = {
|
||||
owned =
|
||||
if cfg.server.primary
|
||||
then ''
|
||||
allow-update { key rfc2136key.skynet.ie.; };
|
||||
|
||||
dnssec-policy default;
|
||||
inline-signing yes;
|
||||
''
|
||||
else "";
|
||||
|
||||
# no extra config for reverse
|
||||
reverse = "";
|
||||
|
||||
old = "";
|
||||
};
|
||||
|
||||
records =
|
||||
config.skynet.records
|
||||
/*
|
||||
Need to "manually" grab it from each server.
|
||||
Nix is laxy evalusted so if it does not need to open a file it wont.
|
||||
This is to iterate through each server (node) and evaluate the dns records for that server.
|
||||
*/
|
||||
++ builtins.concatLists (
|
||||
lib.attrsets.mapAttrsToList (
|
||||
key: value: value.config.services.skynet.dns.records
|
||||
key: value: let
|
||||
details_server = value.config.services.skynet."${name}".server;
|
||||
details_records = value.config.services.skynet."${name}".records;
|
||||
in
|
||||
if builtins.hasAttr "dns" value.config.services.skynet
|
||||
then
|
||||
(
|
||||
# got to handle habing a dns record for the dns serves themselves.
|
||||
if details_server.enable
|
||||
then
|
||||
(
|
||||
if details_server.primary
|
||||
then
|
||||
details_records
|
||||
++ [
|
||||
{
|
||||
record = "ns1";
|
||||
r_type = "A";
|
||||
value = details_server.ip;
|
||||
server = false;
|
||||
}
|
||||
]
|
||||
else
|
||||
details_records
|
||||
++ [
|
||||
{
|
||||
record = "ns2";
|
||||
r_type = "A";
|
||||
value = details_server.ip;
|
||||
server = false;
|
||||
}
|
||||
]
|
||||
)
|
||||
else details_records
|
||||
)
|
||||
else []
|
||||
)
|
||||
nodes
|
||||
);
|
||||
|
@ -267,7 +291,8 @@
|
|||
else "ns2";
|
||||
in {
|
||||
imports = [
|
||||
../../config/dns.nix
|
||||
./firewall.nix
|
||||
../config/dns.nix
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
|
@ -291,11 +316,28 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
# mirrorred in ../config/dns.nix
|
||||
records = lib.mkOption {
|
||||
description = "Records, sorted based on therir type";
|
||||
type = lib.types.listOf (lib.types.submodule (import ./options-records.nix {
|
||||
inherit lib;
|
||||
}));
|
||||
type = with lib.types;
|
||||
listOf (submodule {
|
||||
options = {
|
||||
record = lib.mkOption {
|
||||
type = str;
|
||||
};
|
||||
r_type = lib.mkOption {
|
||||
type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
|
||||
};
|
||||
value = lib.mkOption {
|
||||
type = str;
|
||||
};
|
||||
server = lib.mkOption {
|
||||
description = "Core record for a server";
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -314,40 +356,29 @@ in {
|
|||
"ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept"
|
||||
];
|
||||
|
||||
services.skynet.dns.records = [
|
||||
{
|
||||
record = nameserver;
|
||||
r_type = "A";
|
||||
value = config.services.skynet.host.ip;
|
||||
}
|
||||
];
|
||||
services.bind.zones =
|
||||
(create_entry_zone "csn.ul.ie" extraConfig.owned)
|
||||
// (create_entry_zone "skynet.ie" extraConfig.owned)
|
||||
// (create_entry_zone "ulcompsoc.ie" extraConfig.owned)
|
||||
// (create_entry_zone "64-64.99.1.193.in-addr.arpa" extraConfig.reverse)
|
||||
// (create_entry_zone "conradcollins.net" extraConfig.old)
|
||||
// (create_entry_zone "edelharty.net" extraConfig.old);
|
||||
|
||||
services.bind.zones = lib.attrsets.mergeAttrsList (
|
||||
# uses teh domains lsited in teh records
|
||||
(lib.lists.forEach domains (domain: (create_entry_zone domain)))
|
||||
# we have to do a reverse dns
|
||||
++ [
|
||||
(create_entry_zone "64-64.99.1.193.in-addr.arpa")
|
||||
]
|
||||
);
|
||||
|
||||
environment.etc = lib.attrsets.mergeAttrsList (
|
||||
# uses teh domains lsited in teh records
|
||||
(lib.lists.forEach domains (domain: (create_entry_etc domain "owned")))
|
||||
# we have to do a reverse dns
|
||||
++ [
|
||||
(create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse")
|
||||
]
|
||||
);
|
||||
environment.etc =
|
||||
(create_entry_etc "csn.ul.ie" "owned")
|
||||
// (create_entry_etc "skynet.ie" "owned")
|
||||
// (create_entry_etc "ulcompsoc.ie" "owned")
|
||||
// (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse")
|
||||
// (create_entry_etc "conradcollins.net" "old")
|
||||
// (create_entry_etc "edelharty.net" "old");
|
||||
|
||||
# secrets required
|
||||
age.secrets.dns_dnskeys = {
|
||||
file = ../../secrets/dns_dnskeys.conf.age;
|
||||
file = ../secrets/dns_dnskeys.conf.age;
|
||||
owner = "named";
|
||||
group = "named";
|
||||
};
|
||||
|
||||
# basic but ensure teh dns ports are open
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [53];
|
||||
allowedUDPPorts = [53];
|
|
@ -1,31 +0,0 @@
|
|||
/*
|
||||
Define the options for dns records here.
|
||||
They are imported into anything that needs to use them
|
||||
*/
|
||||
{lib, ...}:
|
||||
with lib; {
|
||||
options = {
|
||||
domain = lib.mkOption {
|
||||
description = "Domain this record is for";
|
||||
type = lib.types.str;
|
||||
default = "skynet.ie";
|
||||
};
|
||||
record = lib.mkOption {
|
||||
description = "What you want to name the subdomain.";
|
||||
type = lib.types.str;
|
||||
};
|
||||
r_type = lib.mkOption {
|
||||
description = "Type of record that this is.";
|
||||
type = lib.types.enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
|
||||
};
|
||||
value = lib.mkOption {
|
||||
description = "What the record points to, normally ip or another record.";
|
||||
type = lib.types.str;
|
||||
};
|
||||
server = lib.mkOption {
|
||||
description = "Core record for a server";
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -92,7 +92,7 @@ with lib; let
|
|||
}
|
||||
];
|
||||
|
||||
sieveConfigFile =
|
||||
configFile =
|
||||
# https://doc.dovecot.org/configuration_manual/sieve/examples/#plus-addressed-mail-filtering
|
||||
pkgs.writeText "basic_sieve"
|
||||
''
|
||||
|
@ -105,36 +105,24 @@ with lib; let
|
|||
|
||||
# this should be close to teh last step
|
||||
if allof (
|
||||
address :localpart ["To", "Cc"] ["${toString create_config_to}"],
|
||||
address :domain ["To", "Cc"] "skynet.ie"
|
||||
){
|
||||
if address :matches ["To", "Cc"] "*@skynet.ie" {
|
||||
if header :is "X-Spam" "Yes" {
|
||||
fileinto :create "''${1}.Junk";
|
||||
stop;
|
||||
} else {
|
||||
fileinto :create "''${1}";
|
||||
stop;
|
||||
address :localpart ["To"] ["${toString create_config_to}"],
|
||||
address :domain ["To"] "skynet.ie"
|
||||
){
|
||||
if address :matches ["To"] "*@skynet.ie" {
|
||||
if header :is "X-Spam" "Yes" {
|
||||
fileinto :create "''${1}.Junk";
|
||||
stop;
|
||||
} else {
|
||||
fileinto :create "''${1}";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if allof (
|
||||
address :localpart ["From"] ["${toString create_config_to}"],
|
||||
address :domain ["From"] "skynet.ie"
|
||||
){
|
||||
if address :matches ["From"] "*@skynet.ie" {
|
||||
if header :is "X-Spam" "Yes" {
|
||||
fileinto :create "''${1}.Junk";
|
||||
stop;
|
||||
} else {
|
||||
fileinto :create "''${1}";
|
||||
stop;
|
||||
}
|
||||
}
|
||||
}
|
||||
'';
|
||||
in {
|
||||
imports = [
|
||||
./dns.nix
|
||||
./acme.nix
|
||||
./nginx.nix
|
||||
inputs.simple-nixos-mailserver.nixosModule
|
||||
|
||||
# for teh config
|
||||
|
@ -282,109 +270,95 @@ in {
|
|||
};
|
||||
|
||||
# set up dns record for it
|
||||
services.skynet.dns.records =
|
||||
[
|
||||
# core record
|
||||
{
|
||||
record = "@";
|
||||
r_type = "MX";
|
||||
# the number is the priority in teh case of multiple mailservers
|
||||
value = "10 mail.${cfg.domain}.";
|
||||
}
|
||||
services.skynet.dns.records = [
|
||||
# basic one
|
||||
{
|
||||
record = "mail";
|
||||
r_type = "A";
|
||||
value = config.services.skynet.host.ip;
|
||||
}
|
||||
#DNS config for K-9 Mail
|
||||
{
|
||||
record = "imap";
|
||||
r_type = "CNAME";
|
||||
value = "mail";
|
||||
}
|
||||
{
|
||||
record = "pop3";
|
||||
r_type = "CNAME";
|
||||
value = "mail";
|
||||
}
|
||||
{
|
||||
record = "smtp";
|
||||
r_type = "CNAME";
|
||||
value = "mail";
|
||||
}
|
||||
|
||||
# basic one
|
||||
{
|
||||
record = "mail";
|
||||
r_type = "A";
|
||||
value = config.services.skynet.host.ip;
|
||||
}
|
||||
#DNS config for K-9 Mail
|
||||
{
|
||||
record = "imap";
|
||||
r_type = "CNAME";
|
||||
value = "mail";
|
||||
}
|
||||
{
|
||||
record = "pop3";
|
||||
r_type = "CNAME";
|
||||
value = "mail";
|
||||
}
|
||||
{
|
||||
record = "smtp";
|
||||
r_type = "CNAME";
|
||||
value = "mail";
|
||||
}
|
||||
|
||||
# TXT records, all tehse are inside escaped strings to allow using ""
|
||||
|
||||
# reverse pointer
|
||||
{
|
||||
record = config.services.skynet.host.ip;
|
||||
r_type = "PTR";
|
||||
value = "${cfg.sub}.${cfg.domain}.";
|
||||
}
|
||||
|
||||
# SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie
|
||||
# https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406
|
||||
# response should be:
|
||||
# _imap._tcp SRV 0 1 143 imap.example.com.
|
||||
{
|
||||
record = "_imaps._tcp";
|
||||
r_type = "SRV";
|
||||
value = "0 1 993 ${cfg.sub}.${cfg.domain}.";
|
||||
}
|
||||
{
|
||||
record = "_imap._tcp";
|
||||
r_type = "SRV";
|
||||
value = "0 1 143 ${cfg.sub}.${cfg.domain}.";
|
||||
}
|
||||
{
|
||||
record = "_submissions._tcp";
|
||||
r_type = "SRV";
|
||||
value = "0 1 465 ${cfg.sub}.${cfg.domain}.";
|
||||
}
|
||||
{
|
||||
record = "_submission._tcp";
|
||||
r_type = "SRV";
|
||||
value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
|
||||
}
|
||||
]
|
||||
# TXT records, all tehse are inside escaped strings to allow using ""
|
||||
# SPF record
|
||||
++ [
|
||||
{
|
||||
record = "${cfg.domain}.";
|
||||
r_type = "TXT";
|
||||
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"'';
|
||||
}
|
||||
]
|
||||
{
|
||||
record = "${cfg.domain}.";
|
||||
r_type = "TXT";
|
||||
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} -all"'';
|
||||
}
|
||||
|
||||
# DKIM keys
|
||||
++ [
|
||||
{
|
||||
record = "mail._domainkey.skynet.ie.";
|
||||
r_type = "TXT";
|
||||
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
|
||||
}
|
||||
{
|
||||
domain = "ulcompsoc.ie";
|
||||
record = "mail._domainkey.ulcompsoc.ie.";
|
||||
r_type = "TXT";
|
||||
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
|
||||
}
|
||||
]
|
||||
{
|
||||
record = "mail._domainkey.skynet.ie.";
|
||||
r_type = "TXT";
|
||||
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
|
||||
}
|
||||
{
|
||||
record = "mail._domainkey.ulcompsoc.ie.";
|
||||
r_type = "TXT";
|
||||
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
|
||||
}
|
||||
|
||||
# DMARC
|
||||
++ [
|
||||
{
|
||||
record = "_dmarc.${cfg.domain}.";
|
||||
r_type = "TXT";
|
||||
# p : quarantine => sends to spam, reject => never sent
|
||||
# rua : mail that receives reports about DMARC activity
|
||||
# pct : percentage of unathenticated messages that DMARC stops
|
||||
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
|
||||
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
|
||||
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
|
||||
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"'';
|
||||
}
|
||||
];
|
||||
{
|
||||
record = "_dmarc.${cfg.domain}.";
|
||||
r_type = "TXT";
|
||||
# p : quarantine => sends to spam, reject => never sent
|
||||
# rua : mail that receives reports about DMARC activity
|
||||
# pct : percentage of unathenticated messages that DMARC stops
|
||||
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
|
||||
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
|
||||
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
|
||||
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=none"'';
|
||||
}
|
||||
|
||||
# reverse pointer
|
||||
{
|
||||
record = config.services.skynet.host.ip;
|
||||
r_type = "PTR";
|
||||
value = "${cfg.sub}.${cfg.domain}.";
|
||||
}
|
||||
|
||||
# SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie
|
||||
# https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406
|
||||
# response should be:
|
||||
# _imap._tcp SRV 0 1 143 imap.example.com.
|
||||
{
|
||||
record = "_imaps._tcp";
|
||||
r_type = "SRV";
|
||||
value = "0 1 993 ${cfg.sub}.${cfg.domain}.";
|
||||
}
|
||||
{
|
||||
record = "_imap._tcp";
|
||||
r_type = "SRV";
|
||||
value = "0 1 143 ${cfg.sub}.${cfg.domain}.";
|
||||
}
|
||||
{
|
||||
record = "_submissions._tcp";
|
||||
r_type = "SRV";
|
||||
value = "0 1 465 ${cfg.sub}.${cfg.domain}.";
|
||||
}
|
||||
{
|
||||
record = "_submission._tcp";
|
||||
r_type = "SRV";
|
||||
value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
|
||||
}
|
||||
];
|
||||
|
||||
#https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html
|
||||
users.groups.nginx = {};
|
||||
|
@ -477,40 +451,7 @@ in {
|
|||
};
|
||||
|
||||
services.dovecot2.sieve.scripts = {
|
||||
before = sieveConfigFile;
|
||||
};
|
||||
|
||||
# This is to add a bcc to outgoing mail
|
||||
# this then interacts with teh filters to put it in the right folder
|
||||
# we can directly add to the postfix service here
|
||||
services.postfix = let
|
||||
# mostly copied from the upstream mailserver config/functions
|
||||
mappedFile = name: "hash:/var/lib/postfix/conf/${name}";
|
||||
|
||||
sender_bcc_maps_file = let
|
||||
content = lookupTableToString create_skynet_service_bcc;
|
||||
in
|
||||
builtins.toFile "sender_bcc_maps" content;
|
||||
|
||||
lookupTableToString = attrs: let
|
||||
valueToString = value: lib.concatStringsSep ", " value;
|
||||
in
|
||||
lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name} ${valueToString value}") attrs);
|
||||
|
||||
# convert the mailboxes config to something that can be used here
|
||||
create_skynet_email_bcc = mailbox: {
|
||||
name = "${mailbox}@skynet.ie";
|
||||
value = ["${mailbox}@skynet.ie"];
|
||||
};
|
||||
create_skynet_service_bcc = builtins.listToAttrs (map (mailbox: (create_skynet_email_bcc mailbox.account)) service_mailboxes);
|
||||
in {
|
||||
mapFiles."sender_bcc_maps" = sender_bcc_maps_file;
|
||||
|
||||
config = {
|
||||
sender_bcc_maps = [
|
||||
(mappedFile "sender_bcc_maps")
|
||||
];
|
||||
};
|
||||
before = configFile;
|
||||
};
|
||||
|
||||
# tune the spam filter
|
||||
|
|
|
@ -1,129 +0,0 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
name = "forgejo";
|
||||
cfg = config.services.skynet."${name}";
|
||||
|
||||
domain_base = "${cfg.domain.base}.${cfg.domain.tld}";
|
||||
domain_full = "${cfg.domain.sub}.${domain_base}";
|
||||
in {
|
||||
imports = [
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
enable = mkEnableOption "Skynet Forgejo";
|
||||
|
||||
domain = {
|
||||
tld = mkOption {
|
||||
type = types.str;
|
||||
default = "ie";
|
||||
};
|
||||
|
||||
base = mkOption {
|
||||
type = types.str;
|
||||
default = "skynet";
|
||||
};
|
||||
|
||||
sub = mkOption {
|
||||
type = types.str;
|
||||
default = name;
|
||||
};
|
||||
};
|
||||
|
||||
forgejo = {
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 3000;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# age.secrets.forgejo-mailer-password = {
|
||||
# file = ../../secrets/forgejo/mailer-password.age;
|
||||
# mode = "400";
|
||||
# owner = "forgejo";
|
||||
# };
|
||||
|
||||
services.skynet.acme.domains = [
|
||||
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
|
||||
];
|
||||
|
||||
# using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide
|
||||
services.skynet.dns.records = [
|
||||
{
|
||||
record = cfg.domain.sub;
|
||||
r_type = "CNAME";
|
||||
value = config.services.skynet.host.name;
|
||||
}
|
||||
];
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
# main site
|
||||
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "skynet";
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString cfg.forgejo.port}";
|
||||
extraConfig = ''
|
||||
client_max_body_size 1000M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# for signing reasons
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
package = pkgs.forgejo;
|
||||
database.type = "sqlite3";
|
||||
# Enable support for Git Large File Storage
|
||||
lfs.enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
|
||||
# You need to specify this to remove the port from URLs in the web UI.
|
||||
ROOT_URL = "https://${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}/";
|
||||
HTTP_PORT = cfg.forgejo.port;
|
||||
};
|
||||
|
||||
# You can temporarily allow registration to create an admin user.
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
|
||||
# Add support for actions, based on act: https://github.com/nektos/act
|
||||
actions = {
|
||||
ENABLED = true;
|
||||
DEFAULT_ACTIONS_URL = "github";
|
||||
};
|
||||
|
||||
# Allow for signing off merge requests
|
||||
# "repository.signing" = {
|
||||
# SIGNING_KEY = "5B2DED0FE9F8627A";
|
||||
# SIGNING_NAME = "Skynet";
|
||||
# SIGNING_EMAIL = "forgejo@glados.skynet.ie";
|
||||
# MERGES = "always";
|
||||
# };
|
||||
|
||||
# Sending emails is completely optional
|
||||
# You can send a test email from the web UI at:
|
||||
# Profile Picture > Site Administration > Configuration > Mailer Configuration
|
||||
# mailer = {
|
||||
# ENABLED = true;
|
||||
# SMTP_ADDR = "mail.${cfg.domain.base}.${cfg.domain.tld}";
|
||||
# FROM = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
|
||||
# USER = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
|
||||
# };
|
||||
};
|
||||
# mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,159 +0,0 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
name = "forgejo_runner";
|
||||
cfg = config.services.skynet."${name}";
|
||||
in {
|
||||
imports = [
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
enable = mkEnableOption "Skynet ForgeJo Runner";
|
||||
|
||||
runner = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = config.networking.hostName;
|
||||
};
|
||||
|
||||
website = mkOption {
|
||||
default = "https://forgejo.skynet.ie";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
default = "gitea-runner";
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner.
|
||||
environment.systemPackages = with pkgs; [
|
||||
forgejo-actions-runner
|
||||
];
|
||||
|
||||
age.secrets.forgejo_runner_token = {
|
||||
file = ../../secrets/forgejo/runners/token.age;
|
||||
owner = cfg.runner.user;
|
||||
group = cfg.runner.user;
|
||||
};
|
||||
|
||||
# make sure the ssh config stuff is in teh right palce
|
||||
systemd.tmpfiles.rules = [
|
||||
#"d /home/${cfg.runner.user} 0755 ${cfg.runner.user} ${cfg.runner.user}"
|
||||
"L+ /home/${cfg.runner.user}/.ssh/config 0755 ${cfg.runner.user} ${cfg.runner.user} - ${./ssh_config}"
|
||||
];
|
||||
age.secrets.forgejo_runner_ssh = {
|
||||
file = ../../secrets/forgejo/runners/ssh.age;
|
||||
mode = "600";
|
||||
owner = "${cfg.runner.user}";
|
||||
group = "${cfg.runner.user}";
|
||||
symlink = false;
|
||||
path = "/home/${cfg.runner.user}/.ssh/skynet/root";
|
||||
};
|
||||
|
||||
nix = {
|
||||
settings = {
|
||||
trusted-users = [
|
||||
# allow the runner to build nix stuff and to use the cache
|
||||
"gitea-runner"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"skynet-cache:zMFLzcRZPhUpjXUy8SF8Cf7KGAZwo98SKrzeXvdWABo="
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
];
|
||||
substituters = [
|
||||
"https://nix-cache.skynet.ie/skynet-cache/"
|
||||
"https://cache.nixos.org/"
|
||||
];
|
||||
trusted-substituters = [
|
||||
"https://nix-cache.skynet.ie/skynet-cache/"
|
||||
"https://cache.nixos.org/"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# very basic setup to always be watching for changes in teh cache
|
||||
systemd.services.attic-uploader = {
|
||||
enable = true;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.attic-client}/bin/attic watch-store skynet-cache";
|
||||
User = "root";
|
||||
Restart = "always";
|
||||
RestartSec = 1;
|
||||
};
|
||||
};
|
||||
|
||||
# give teh runner user a home to store teh ssh config stuff
|
||||
systemd.services.gitea-runner-default.serviceConfig = {
|
||||
DynamicUser = lib.mkForce false;
|
||||
User = lib.mkForce cfg.runner.user;
|
||||
};
|
||||
users = {
|
||||
groups."${cfg.runner.user}" = {};
|
||||
users."${cfg.runner.user}" = {
|
||||
#isSystemUser = true;
|
||||
isNormalUser = true;
|
||||
group = cfg.runner.user;
|
||||
createHome = true;
|
||||
shell = pkgs.bash;
|
||||
};
|
||||
};
|
||||
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
# taken from https://github.com/NixOS/nixpkgs/issues/245365#issuecomment-1663854128
|
||||
virtualisation.docker.listenOptions = ["/run/docker.sock" "127.0.0.1:2375"];
|
||||
|
||||
# the actual runner
|
||||
services.gitea-actions-runner = {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
instances.default = {
|
||||
enable = true;
|
||||
name = cfg.runner.name;
|
||||
url = cfg.runner.website;
|
||||
tokenFile = config.age.secrets.forgejo_runner_token.path;
|
||||
labels = [
|
||||
## optionally provide native execution on the host:
|
||||
"nix:host"
|
||||
"docker:docker://node:22-bookworm"
|
||||
"ubuntu-latest:docker://node:22-bookworm"
|
||||
];
|
||||
|
||||
hostPackages = with pkgs; [
|
||||
# default ones
|
||||
bash
|
||||
coreutils
|
||||
curl
|
||||
gawk
|
||||
git
|
||||
gnused
|
||||
nodejs
|
||||
wget
|
||||
|
||||
# useful to have in path
|
||||
jq
|
||||
which
|
||||
dpkg
|
||||
zip
|
||||
git-lfs
|
||||
|
||||
# used in deployments
|
||||
inputs.colmena.defaultPackage."x86_64-linux"
|
||||
attic-client
|
||||
nix
|
||||
openssh
|
||||
sudo
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
Host *.skynet.ie 193.1.99.* 193.1.96.165
|
||||
User root
|
||||
IdentityFile ~/.ssh/skynet/root
|
||||
IdentitiesOnly yes
|
||||
|
|
@ -12,6 +12,10 @@ with lib; let
|
|||
domain_full = "${cfg.domain.sub}.${domain_base}";
|
||||
in {
|
||||
imports = [
|
||||
./acme.nix
|
||||
./dns.nix
|
||||
./firewall.nix
|
||||
./nginx.nix
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
|
@ -56,32 +60,32 @@ in {
|
|||
# grep -r --exclude-dir={docker,containers,log,sys,nix,proc} gitlab /
|
||||
|
||||
age.secrets.gitlab_pw = {
|
||||
file = ../../secrets/gitlab/pw.age;
|
||||
file = ../secrets/gitlab/pw.age;
|
||||
owner = cfg.user;
|
||||
group = cfg.user;
|
||||
};
|
||||
age.secrets.gitlab_secrets_db = {
|
||||
file = ../../secrets/gitlab/secrets_db.age;
|
||||
file = ../secrets/gitlab/secrets_db.age;
|
||||
owner = cfg.user;
|
||||
group = cfg.user;
|
||||
};
|
||||
age.secrets.gitlab_secrets_secret = {
|
||||
file = ../../secrets/gitlab/secrets_secret.age;
|
||||
file = ../secrets/gitlab/secrets_secret.age;
|
||||
owner = cfg.user;
|
||||
group = cfg.user;
|
||||
};
|
||||
age.secrets.gitlab_secrets_otp = {
|
||||
file = ../../secrets/gitlab/secrets_otp.age;
|
||||
file = ../secrets/gitlab/secrets_otp.age;
|
||||
owner = cfg.user;
|
||||
group = cfg.user;
|
||||
};
|
||||
age.secrets.gitlab_secrets_jws = {
|
||||
file = ../../secrets/gitlab/secrets_jws.age;
|
||||
file = ../secrets/gitlab/secrets_jws.age;
|
||||
owner = cfg.user;
|
||||
group = cfg.user;
|
||||
};
|
||||
age.secrets.gitlab_db_pw = {
|
||||
file = ../../secrets/gitlab/db_pw.age;
|
||||
file = ../secrets/gitlab/db_pw.age;
|
||||
owner = cfg.user;
|
||||
group = cfg.user;
|
||||
};
|
|
@ -31,7 +31,7 @@ in {
|
|||
|
||||
docker = {
|
||||
image = mkOption {
|
||||
default = "alpine:latest";
|
||||
default = "alpine:3.18.4";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
|
@ -51,8 +51,8 @@ in {
|
|||
pkgs.gitlab-runner
|
||||
];
|
||||
|
||||
age.secrets.runner_01_nix.file = ../../secrets/gitlab/runners/runner01.age;
|
||||
age.secrets.runner_02_general.file = ../../secrets/gitlab/runners/runner02.age;
|
||||
age.secrets.runner_01_nix.file = ../secrets/gitlab/runners/runner01.age;
|
||||
age.secrets.runner_02_general.file = ../secrets/gitlab/runners/runner02.age;
|
||||
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1
|
||||
virtualisation.docker.enable = true;
|
||||
|
@ -95,10 +95,9 @@ in {
|
|||
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
|
||||
mkdir -p -m 0700 "$HOME/.nix-defexpr"
|
||||
. ${pkgs.nix}/etc/profile.d/nix-daemon.sh
|
||||
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-unstable nixpkgs
|
||||
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-unstable nixpkgs # 3
|
||||
${pkgs.nix}/bin/nix-channel --update nixpkgs
|
||||
${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [lix cacert git openssh])}
|
||||
nix --version
|
||||
${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [nix cacert git openssh])}
|
||||
'';
|
||||
environmentVariables = {
|
||||
ENV = "/etc/profile";
|
|
@ -9,6 +9,8 @@ with lib; let
|
|||
port = 4444;
|
||||
in {
|
||||
imports = [
|
||||
./acme.nix
|
||||
./dns.nix
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
|
|
|
@ -11,6 +11,9 @@ with lib; let
|
|||
port_backend = "8087";
|
||||
in {
|
||||
imports = [
|
||||
../acme.nix
|
||||
../dns.nix
|
||||
../nginx.nix
|
||||
inputs.skynet_ldap_backend.nixosModule."x86_64-linux"
|
||||
../../config/users.nix
|
||||
];
|
||||
|
|
|
@ -15,6 +15,9 @@ with lib; let
|
|||
in {
|
||||
# these are needed for teh program in question
|
||||
imports = [
|
||||
../acme.nix
|
||||
../dns.nix
|
||||
../nginx.nix
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
|
|
|
@ -10,6 +10,9 @@ with lib; let
|
|||
domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
|
||||
in {
|
||||
imports = [
|
||||
./acme.nix
|
||||
./dns.nix
|
||||
./nginx.nix
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
|
|
|
@ -24,6 +24,8 @@ with lib; let
|
|||
in {
|
||||
imports = [
|
||||
inputs.attic.nixosModules.atticd
|
||||
../acme.nix
|
||||
../dns.nix
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
|
|
|
@ -13,6 +13,8 @@ with lib; let
|
|||
port = 11371;
|
||||
in {
|
||||
imports = [
|
||||
../acme.nix
|
||||
../dns.nix
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
|
|
|
@ -15,6 +15,8 @@ with lib; let
|
|||
folder = "/var/skynet/${name}";
|
||||
in {
|
||||
imports = [
|
||||
../acme.nix
|
||||
../dns.nix
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
|
|
|
@ -21,7 +21,7 @@ with lib; let
|
|||
)
|
||||
nodes
|
||||
);
|
||||
node = lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString value.config.services.prometheus.exporters.node.port}") nodes;
|
||||
node = lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString config.services.prometheus.exporters.node.port}") nodes;
|
||||
};
|
||||
|
||||
# clears any invalid entries
|
||||
|
@ -37,10 +37,8 @@ in {
|
|||
type = types.port;
|
||||
default = 9001;
|
||||
};
|
||||
};
|
||||
|
||||
external = {
|
||||
node = mkOption {
|
||||
external.node = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
|
@ -48,23 +46,15 @@ in {
|
|||
'';
|
||||
};
|
||||
};
|
||||
|
||||
ports = {
|
||||
node = mkOption {
|
||||
type = types.port;
|
||||
default = 9100;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
{
|
||||
services.prometheus.exporters.node = {
|
||||
enable = true;
|
||||
port = cfg.ports.node;
|
||||
openFirewall = true;
|
||||
# most collectors are on by default see https://github.com/prometheus/node_exporter for more options
|
||||
enabledCollectors = ["systemd" "processes"];
|
||||
enabledCollectors = ["systemd"];
|
||||
};
|
||||
}
|
||||
(mkIf cfg.server.enable {
|
||||
|
@ -76,7 +66,7 @@ in {
|
|||
job_name = "node_exporter";
|
||||
static_configs = [
|
||||
{
|
||||
targets = filter_empty (exporters.node ++ cfg.external.node);
|
||||
targets = filter_empty (exporters.node ++ cfg.server.external.node);
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
|
@ -12,19 +12,19 @@ with lib; {
|
|||
enable = mkOption {
|
||||
default = true;
|
||||
type = types.bool;
|
||||
description = lib.mdDoc "Whether to enable the Proxmox VE LXC module.";
|
||||
description = lib.mdDoc "Whether to enable the ProxmoxLXC.";
|
||||
};
|
||||
privileged = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether to enable privileged mounts
|
||||
'';
|
||||
};
|
||||
manageNetwork = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether to manage network interfaces through nix options
|
||||
When false, systemd-networkd is enabled to accept network
|
||||
configuration from proxmox.
|
||||
|
@ -33,7 +33,7 @@ with lib; {
|
|||
manageHostName = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether to manage hostname through nix options
|
||||
When false, the hostname is picked up from /etc/hostname
|
||||
populated by proxmox.
|
||||
|
@ -68,8 +68,6 @@ with lib; {
|
|||
loader.initScript.enable = true;
|
||||
};
|
||||
|
||||
console.enable = true;
|
||||
|
||||
networking = mkIf (!cfg.manageNetwork) {
|
||||
useDHCP = false;
|
||||
useHostResolvConf = false;
|
||||
|
@ -83,14 +81,13 @@ with lib; {
|
|||
startWhenNeeded = mkDefault true;
|
||||
};
|
||||
|
||||
systemd = {
|
||||
mounts = mkIf (!cfg.privileged) [
|
||||
systemd.mounts =
|
||||
mkIf (!cfg.privileged)
|
||||
[
|
||||
{
|
||||
enable = false;
|
||||
where = "/sys/kernel/debug";
|
||||
enable = false;
|
||||
}
|
||||
];
|
||||
services."getty@".unitConfig.ConditionPathExists = ["" "/dev/%I"];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -144,15 +144,14 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
config =
|
||||
{
|
||||
# these values are anabled for every client
|
||||
environment.systemPackages = with pkgs; [
|
||||
restic
|
||||
];
|
||||
}
|
||||
|
||||
(mkIf cfg.server.enable {
|
||||
// mkIf cfg.server.enable {
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
cfg.server.port
|
||||
];
|
||||
|
@ -172,9 +171,8 @@ in {
|
|||
appendOnly = cfg.server.appendOnly;
|
||||
privateRepos = true;
|
||||
};
|
||||
})
|
||||
|
||||
(mkIf enable_client {
|
||||
}
|
||||
// mkIf enable_client {
|
||||
# client stuff here
|
||||
|
||||
# A list of all login accounts. To create the password hashes, use
|
||||
|
@ -183,17 +181,15 @@ in {
|
|||
|
||||
age.secrets.restic.file = ../secrets/backup/restic.age;
|
||||
|
||||
services.restic.backups = mkMerge [
|
||||
services.restic.backups =
|
||||
ownServers
|
||||
{
|
||||
// {
|
||||
# merge teh two configs together
|
||||
# backblaze = base // {
|
||||
# # backupos for each server are stored in a folder under their name
|
||||
# repository = "b2:NixOS-Main2:/${config.services.skynet.host.name}";
|
||||
# #environmentFile = config.age.secrets.backblaze.path;
|
||||
# };
|
||||
}
|
||||
];
|
||||
})
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,11 +10,8 @@ with lib; let
|
|||
cfg = config.services.skynet."${name}";
|
||||
in {
|
||||
imports = [
|
||||
# import in past website versions, available at $year.skynet.ie
|
||||
# at teh end of teh year add it here
|
||||
(import ./old_site.nix {year = "2023";})
|
||||
(import ./old_site.nix {year = "2017";})
|
||||
(import ./old_site.nix {year = "2009";})
|
||||
./acme.nix
|
||||
./dns.nix
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
|
@ -23,8 +20,11 @@ in {
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
services.skynet.acme.domains = [
|
||||
# the root one is already covered by teh certificate
|
||||
"2016.skynet.ie"
|
||||
"discord.skynet.ie"
|
||||
"public.skynet.ie"
|
||||
"renew.skynet.ie"
|
||||
];
|
||||
|
||||
services.skynet.dns.records = [
|
||||
|
@ -34,6 +34,11 @@ in {
|
|||
r_type = "A";
|
||||
value = config.services.skynet.host.ip;
|
||||
}
|
||||
{
|
||||
record = "2016";
|
||||
r_type = "CNAME";
|
||||
value = config.services.skynet.host.name;
|
||||
}
|
||||
{
|
||||
record = "discord";
|
||||
r_type = "CNAME";
|
||||
|
@ -44,6 +49,11 @@ in {
|
|||
r_type = "CNAME";
|
||||
value = config.services.skynet.host.name;
|
||||
}
|
||||
{
|
||||
record = "renew";
|
||||
r_type = "CNAME";
|
||||
value = config.services.skynet.host.name;
|
||||
}
|
||||
];
|
||||
|
||||
services.nginx = {
|
||||
|
@ -53,7 +63,9 @@ in {
|
|||
forceSSL = true;
|
||||
useACMEHost = "skynet";
|
||||
locations = {
|
||||
"/".root = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
|
||||
"/" = {
|
||||
root = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
|
||||
};
|
||||
|
||||
# this redirects old links to new format
|
||||
"~* ~(?<username>[a-z_0-9]*)(?<files>\\S*)$" = {
|
||||
|
@ -63,6 +75,13 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
# archive of teh site as it was ~2012 to 2016
|
||||
"2016.skynet.ie" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "skynet";
|
||||
root = "${inputs.skynet_website_2016.defaultPackage."x86_64-linux"}";
|
||||
};
|
||||
|
||||
# a custom discord url, because we are too cheap otehrwise
|
||||
"discord.skynet.ie" = {
|
||||
forceSSL = true;
|
||||
|
@ -76,6 +95,13 @@ in {
|
|||
root = "${inputs.compsoc_public.packages.x86_64-linux.default}";
|
||||
locations."/".extraConfig = "autoindex on;";
|
||||
};
|
||||
|
||||
# for alumni members to renew their account
|
||||
"renew.skynet.ie" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "skynet";
|
||||
root = "${inputs.skynet_website_renew.defaultPackage."x86_64-linux"}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
|
@ -1,34 +0,0 @@
|
|||
{year}: {
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
with lib; {
|
||||
imports = [];
|
||||
|
||||
config = {
|
||||
services.skynet.acme.domains = [
|
||||
"${year}.skynet.ie"
|
||||
];
|
||||
|
||||
services.skynet.dns.records = [
|
||||
{
|
||||
record = year;
|
||||
r_type = "CNAME";
|
||||
value = config.services.skynet.host.name;
|
||||
}
|
||||
];
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"${year}.skynet.ie" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "skynet";
|
||||
root = "${inputs."skynet_website_${year}".defaultPackage."x86_64-linux"}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,64 +0,0 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
name = "wiki";
|
||||
cfg = config.services.skynet."${name}";
|
||||
in {
|
||||
imports = [
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
enable = mkEnableOption "Skynet Wiki";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.skynet.acme.domains = [
|
||||
"renew.skynet.ie"
|
||||
"wiki.skynet.ie"
|
||||
];
|
||||
|
||||
services.skynet.dns.records = [
|
||||
{
|
||||
record = "renew";
|
||||
r_type = "CNAME";
|
||||
value = config.services.skynet.host.name;
|
||||
}
|
||||
{
|
||||
record = "wiki";
|
||||
r_type = "CNAME";
|
||||
value = config.services.skynet.host.name;
|
||||
}
|
||||
];
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"wiki.skynet.ie" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "skynet";
|
||||
root = "${inputs.skynet_website_wiki.defaultPackage."x86_64-linux"}";
|
||||
# https://stackoverflow.com/a/38238001/11964934
|
||||
extraConfig = ''
|
||||
location / {
|
||||
if ($request_uri ~ ^/(.*)\.html) {
|
||||
return 302 /$1;
|
||||
}
|
||||
try_files $uri $uri.html $uri/ =404;
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
# redirect old links to the new wiki
|
||||
"renew.skynet.ie" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "skynet";
|
||||
locations."/".return = "307 https://wiki.skynet.ie";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -11,6 +11,9 @@ with lib; let
|
|||
php_pool = name;
|
||||
in {
|
||||
imports = [
|
||||
./acme.nix
|
||||
./dns.nix
|
||||
./nginx.nix
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
|
@ -18,10 +21,7 @@ in {
|
|||
};
|
||||
|
||||
config = {
|
||||
# we havea more limited ports range on the skynet server
|
||||
services.skynet.prometheus.ports = {
|
||||
node = 9000;
|
||||
};
|
||||
# ssh access
|
||||
|
||||
# allow more than admins access
|
||||
services.skynet.ldap_client = {
|
||||
|
@ -85,20 +85,6 @@ in {
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"outinul.ie" = {
|
||||
forceSSL = false;
|
||||
useACMEHost = "skynet";
|
||||
locations = {
|
||||
"/" = {
|
||||
alias = "/home/outinul/public_html/";
|
||||
index = "index.html";
|
||||
extraConfig = ''
|
||||
autoindex on;
|
||||
'';
|
||||
tryFiles = "$uri$args $uri$args/ /index.html";
|
||||
};
|
||||
};
|
||||
};
|
||||
# main site
|
||||
"*.users.skynet.ie" = {
|
||||
forceSSL = true;
|
||||
|
|
|
@ -9,6 +9,10 @@ with lib; let
|
|||
cfg = config.services.skynet."${name}";
|
||||
in {
|
||||
imports = [
|
||||
./acme.nix
|
||||
./dns.nix
|
||||
./firewall.nix
|
||||
./nginx.nix
|
||||
];
|
||||
|
||||
options.services.skynet."${name}" = {
|
||||
|
|
183
config/dns.nix
183
config/dns.nix
|
@ -1,113 +1,92 @@
|
|||
{lib, ...}: {
|
||||
imports = [
|
||||
# Paths to other modules.
|
||||
# Compose this module out of smaller ones.
|
||||
];
|
||||
|
||||
# this needs to mirror ../applications/dns.nix
|
||||
options.skynet.records = lib.mkOption {
|
||||
description = "Records, sorted based on therir type";
|
||||
type = lib.types.listOf (lib.types.submodule (import ../applications/dns/options-records.nix {
|
||||
inherit lib;
|
||||
}));
|
||||
type = with lib.types;
|
||||
listOf (submodule {
|
||||
options = {
|
||||
record = lib.mkOption {
|
||||
type = str;
|
||||
};
|
||||
r_type = lib.mkOption {
|
||||
type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
|
||||
};
|
||||
value = lib.mkOption {
|
||||
type = str;
|
||||
};
|
||||
server = lib.mkOption {
|
||||
description = "Core record for a server";
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
config = {
|
||||
skynet.records =
|
||||
[
|
||||
# wifi in server room
|
||||
{
|
||||
record = "ash";
|
||||
r_type = "A";
|
||||
value = "193.1.99.114";
|
||||
server = true;
|
||||
}
|
||||
{
|
||||
record = "optimus";
|
||||
r_type = "A";
|
||||
value = "193.1.99.90";
|
||||
server = true;
|
||||
}
|
||||
{
|
||||
record = "panel.games";
|
||||
r_type = "CNAME";
|
||||
value = "optimus";
|
||||
}
|
||||
{
|
||||
record = "bumblebee";
|
||||
r_type = "A";
|
||||
value = "193.1.99.91";
|
||||
server = true;
|
||||
}
|
||||
{
|
||||
record = "minecraft.compsoc.games";
|
||||
r_type = "CNAME";
|
||||
value = "bumblebee";
|
||||
}
|
||||
{
|
||||
record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie.";
|
||||
r_type = "SRV";
|
||||
value = "0 10 25518 bumblebee.skynet.ie.";
|
||||
}
|
||||
{
|
||||
record = "minecraft-classic.compsoc.games";
|
||||
r_type = "CNAME";
|
||||
value = "bumblebee";
|
||||
}
|
||||
{
|
||||
record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie.";
|
||||
r_type = "SRV";
|
||||
value = "0 10 25518 bumblebee.skynet.ie.";
|
||||
}
|
||||
{
|
||||
record = "minecraft.gsoc.games";
|
||||
r_type = "CNAME";
|
||||
value = "bumblebee";
|
||||
}
|
||||
{
|
||||
record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie.";
|
||||
r_type = "SRV";
|
||||
value = "0 10 25521 bumblebee.skynet.ie.";
|
||||
}
|
||||
{
|
||||
record = "minecraft.phildeb.games";
|
||||
r_type = "CNAME";
|
||||
value = "bumblebee";
|
||||
}
|
||||
{
|
||||
record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie.";
|
||||
r_type = "SRV";
|
||||
value = "0 10 25522 bumblebee.skynet.ie.";
|
||||
}
|
||||
{
|
||||
record = "minecraft-aged.compsoc.games";
|
||||
r_type = "CNAME";
|
||||
value = "bumblebee";
|
||||
}
|
||||
{
|
||||
record = "_minecraft._tcp.minecraft-aged.compsoc.games.skynet.ie.";
|
||||
r_type = "SRV";
|
||||
value = "0 10 25519 bumblebee.skynet.ie.";
|
||||
}
|
||||
]
|
||||
# non skynet domains
|
||||
++ [
|
||||
{
|
||||
domain = "conradcollins.net";
|
||||
record = "www";
|
||||
r_type = "CNAME";
|
||||
value = "skynet.skynet.ie.";
|
||||
}
|
||||
|
||||
{
|
||||
domain = "edelharty.net";
|
||||
record = "www";
|
||||
r_type = "CNAME";
|
||||
value = "skynet.skynet.ie.";
|
||||
}
|
||||
{
|
||||
domain = "damienconroy.com";
|
||||
record = "www";
|
||||
r_type = "CNAME";
|
||||
value = "skynet.skynet.ie.";
|
||||
}
|
||||
];
|
||||
skynet.records = [
|
||||
{
|
||||
record = "optimus";
|
||||
r_type = "A";
|
||||
value = "193.1.99.90";
|
||||
server = true;
|
||||
}
|
||||
{
|
||||
record = "panel.games";
|
||||
r_type = "CNAME";
|
||||
value = "optimus";
|
||||
}
|
||||
{
|
||||
record = "bumblebee";
|
||||
r_type = "A";
|
||||
value = "193.1.99.91";
|
||||
server = true;
|
||||
}
|
||||
{
|
||||
record = "minecraft.compsoc.games";
|
||||
r_type = "CNAME";
|
||||
value = "bumblebee";
|
||||
}
|
||||
{
|
||||
record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie.";
|
||||
r_type = "SRV";
|
||||
value = "0 10 25518 minecraft.compsoc.games.skynet.ie.";
|
||||
}
|
||||
{
|
||||
record = "minecraft-classic.compsoc.games";
|
||||
r_type = "CNAME";
|
||||
value = "bumblebee";
|
||||
}
|
||||
{
|
||||
record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie.";
|
||||
r_type = "SRV";
|
||||
value = "0 10 25520 minecraft-classic.compsoc.games.skynet.ie.";
|
||||
}
|
||||
{
|
||||
record = "minecraft.gsoc.games";
|
||||
r_type = "CNAME";
|
||||
value = "bumblebee";
|
||||
}
|
||||
{
|
||||
record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie.";
|
||||
r_type = "SRV";
|
||||
value = "0 10 25521 minecraft.gsoc.games.skynet.ie.";
|
||||
}
|
||||
{
|
||||
record = "minecraft.phildeb.games";
|
||||
r_type = "CNAME";
|
||||
value = "bumblebee";
|
||||
}
|
||||
{
|
||||
record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie.";
|
||||
r_type = "SRV";
|
||||
value = "0 10 25522 minecraft.phildeb.games.skynet.ie.";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,11 +1,6 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
{lib, ...}:
|
||||
with lib; let
|
||||
port_backend = "8087";
|
||||
cfg = config.skynet.users;
|
||||
in {
|
||||
options.skynet = {
|
||||
users = {
|
||||
|
@ -49,33 +44,29 @@ in {
|
|||
|
||||
config.skynet = {
|
||||
users = {
|
||||
committee = lib.lists.unique (
|
||||
# Committee - Core
|
||||
[
|
||||
"silver"
|
||||
"eoghanconlon73"
|
||||
"nanda"
|
||||
"emily1999"
|
||||
"dgr"
|
||||
]
|
||||
# Committee - OCM
|
||||
++ [
|
||||
"sidhiel"
|
||||
"skyapples"
|
||||
"eliza"
|
||||
"amymucko"
|
||||
"archiedms"
|
||||
]
|
||||
# Admins are part of Committee as well
|
||||
++ cfg.admin
|
||||
);
|
||||
committee = [
|
||||
"silver"
|
||||
"eoghanconlon73"
|
||||
"sidhiel"
|
||||
"maksimsger1"
|
||||
"kaiden"
|
||||
"pine"
|
||||
"nanda"
|
||||
"sourabh1805"
|
||||
"kronsy"
|
||||
"skyapples"
|
||||
];
|
||||
admin = [
|
||||
"silver"
|
||||
"evanc"
|
||||
"eoghanconlon73"
|
||||
"eliza"
|
||||
"esy"
|
||||
];
|
||||
trainee = [];
|
||||
trainee = [
|
||||
"milan"
|
||||
"esy"
|
||||
"kronsy"
|
||||
];
|
||||
lifetime = [];
|
||||
banned = [];
|
||||
|
||||
|
|
763
flake.lock
763
flake.lock
File diff suppressed because it is too large
Load diff
105
flake.nix
105
flake.nix
|
@ -7,62 +7,76 @@
|
|||
# Return to using unstable once the current master is merged in
|
||||
# nixpkgs.url = "nixpkgs/nixos-unstable";
|
||||
|
||||
lix = {
|
||||
url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz";
|
||||
flake = false;
|
||||
};
|
||||
|
||||
lix-module = {
|
||||
url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.lix.follows = "lix";
|
||||
};
|
||||
|
||||
# utility stuff
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
agenix.url = "github:ryantm/agenix";
|
||||
arion.url = "github:hercules-ci/arion";
|
||||
alejandra = {
|
||||
url = "github:kamadorueda/alejandra";
|
||||
url = "github:kamadorueda/alejandra/3.0.0";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
colmena.url = "github:zhaofengli/colmena";
|
||||
attic.url = "github:zhaofengli/attic";
|
||||
attic.url = github:zhaofengli/attic;
|
||||
|
||||
# we host our own
|
||||
# email
|
||||
# simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
|
||||
simple-nixos-mailserver = {
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
url = "git+https://forgejo.skynet.ie/Skynet/misc_nixos-mailserver";
|
||||
type = "gitlab";
|
||||
host = "gitlab.skynet.ie";
|
||||
owner = "compsoc1%2Fskynet";
|
||||
repo = "misc%2Fnixos-mailserver";
|
||||
};
|
||||
|
||||
######################
|
||||
### skynet backend ###
|
||||
######################
|
||||
skynet_ldap_backend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_backend";
|
||||
skynet_ldap_frontend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_frontend";
|
||||
skynet_website_wiki.url = "git+https://forgejo.skynet.ie/Skynet/wiki";
|
||||
skynet_website_games.url = "git+https://forgejo.skynet.ie/Skynet/website_games";
|
||||
skynet_discord_bot.url = "git+https://forgejo.skynet.ie/Skynet/discord-bot";
|
||||
|
||||
#####################
|
||||
### compsoc stuff ###
|
||||
#####################
|
||||
compsoc_public.url = "git+https://forgejo.skynet.ie/Computer_Society/presentations_compsoc";
|
||||
|
||||
#################
|
||||
### skynet.ie ###
|
||||
#################
|
||||
|
||||
# this should always point to teh current website
|
||||
skynet_website.url = "git+https://forgejo.skynet.ie/Skynet/website_2017";
|
||||
|
||||
# these are past versions of teh website
|
||||
skynet_website_2023.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=c4d61c753292bf73ed41b47b1607cfc92a82a191";
|
||||
# this is not 100% right since this is from teh archive from 2022 or so
|
||||
skynet_website_2017.url = "git+https://forgejo.skynet.ie/Skynet/website_2017?rev=edd922c5b13fa1f520e8e265a3d6e4e189852b99";
|
||||
|
||||
# this is more of 2012 than 2009 but started in 2009
|
||||
skynet_website_2009.url = "git+https://forgejo.skynet.ie/Skynet/website_2009";
|
||||
# account.skynet.ie
|
||||
skynet_ldap_backend = {
|
||||
type = "gitlab";
|
||||
host = "gitlab.skynet.ie";
|
||||
owner = "compsoc1%2Fskynet";
|
||||
repo = "ldap%2Fbackend";
|
||||
};
|
||||
skynet_ldap_frontend = {
|
||||
type = "gitlab";
|
||||
host = "gitlab.skynet.ie";
|
||||
owner = "compsoc1%2Fskynet";
|
||||
repo = "ldap%2Ffrontend";
|
||||
};
|
||||
skynet_website = {
|
||||
type = "gitlab";
|
||||
host = "gitlab.skynet.ie";
|
||||
owner = "compsoc1%2Fskynet";
|
||||
repo = "website%2F2023";
|
||||
};
|
||||
skynet_website_2016 = {
|
||||
type = "gitlab";
|
||||
host = "gitlab.skynet.ie";
|
||||
owner = "compsoc1%2Fskynet";
|
||||
repo = "website%2F2016";
|
||||
};
|
||||
skynet_website_renew = {
|
||||
type = "gitlab";
|
||||
host = "gitlab.skynet.ie";
|
||||
owner = "compsoc1%2Fskynet";
|
||||
repo = "website%2Falumni-renew";
|
||||
};
|
||||
skynet_website_games = {
|
||||
type = "gitlab";
|
||||
host = "gitlab.skynet.ie";
|
||||
owner = "compsoc1%2Fskynet";
|
||||
repo = "website%2Fgames.skynet.ie";
|
||||
};
|
||||
skynet_discord_bot = {
|
||||
type = "gitlab";
|
||||
host = "gitlab.skynet.ie";
|
||||
owner = "compsoc1%2Fskynet";
|
||||
repo = "discord-bot";
|
||||
};
|
||||
compsoc_public = {
|
||||
type = "gitlab";
|
||||
host = "gitlab.skynet.ie";
|
||||
owner = "compsoc1%2Fcompsoc";
|
||||
repo = "presentations%2Fpresentations";
|
||||
};
|
||||
};
|
||||
|
||||
nixConfig = {
|
||||
|
@ -102,7 +116,7 @@
|
|||
overlays = [];
|
||||
};
|
||||
specialArgs = {
|
||||
inherit inputs self;
|
||||
inherit inputs;
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -150,9 +164,6 @@
|
|||
|
||||
# Public Services
|
||||
calculon = import ./machines/calculon.nix;
|
||||
|
||||
# metrics
|
||||
ariia = import ./machines/ariia.nix;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -18,11 +18,23 @@ in {
|
|||
# for the secrets
|
||||
inputs.agenix.nixosModules.default
|
||||
|
||||
# base application config for all servers
|
||||
# base config for all servers
|
||||
../applications/_base.nix
|
||||
|
||||
#
|
||||
inputs.lix-module.nixosModules.default
|
||||
# every sever may need the firewall config stuff
|
||||
../applications/firewall.nix
|
||||
|
||||
# every sever needs to have a dns record
|
||||
../applications/dns.nix
|
||||
|
||||
# every server needs teh ldap client for admins
|
||||
../applications/ldap/client.nix
|
||||
|
||||
# every server will need the config to backup to
|
||||
../applications/restic.nix
|
||||
|
||||
# every server will be monitored for grafana
|
||||
../applications/prometheus.nix
|
||||
];
|
||||
|
||||
options.skynet = {
|
||||
|
|
|
@ -1,47 +0,0 @@
|
|||
/*
|
||||
|
||||
Name: https://en.wikipedia.org/wiki/Eagle_Eye
|
||||
Why: ARIIA - Autonomous Reconnaissance Intelligence Integration Analyst
|
||||
Type: VM
|
||||
Hardware: -
|
||||
From: 2024
|
||||
Role: Metrics gathering and Analysis
|
||||
Notes:
|
||||
*/
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
nodes,
|
||||
...
|
||||
}: let
|
||||
# name of the server, sets teh hostname and record for it
|
||||
name = "ariia";
|
||||
ip_pub = "193.1.99.83";
|
||||
hostname = "${name}.skynet.ie";
|
||||
host = {
|
||||
ip = ip_pub;
|
||||
name = name;
|
||||
hostname = hostname;
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
../applications/grafana.nix
|
||||
];
|
||||
|
||||
deployment = {
|
||||
targetHost = hostname;
|
||||
targetPort = 22;
|
||||
targetUser = null;
|
||||
|
||||
tags = ["active-core"];
|
||||
};
|
||||
|
||||
services.skynet = {
|
||||
host = host;
|
||||
backup.enable = true;
|
||||
|
||||
prometheus.server.enable = true;
|
||||
grafana.enable = true;
|
||||
};
|
||||
}
|
|
@ -25,8 +25,7 @@ Notes:
|
|||
};
|
||||
in {
|
||||
imports = [
|
||||
../applications/skynet.ie/skynet.ie.nix
|
||||
../applications/skynet.ie/wiki.nix
|
||||
../applications/skynet.ie.nix
|
||||
];
|
||||
|
||||
deployment = {
|
||||
|
@ -41,6 +40,5 @@ in {
|
|||
host = host;
|
||||
backup.enable = true;
|
||||
website.enable = true;
|
||||
wiki.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -26,8 +26,7 @@ Notes: Each user has roughly 20gb os storage
|
|||
};
|
||||
in {
|
||||
imports = [
|
||||
../applications/git/gitlab.nix
|
||||
../applications/git/forgejo.nix
|
||||
../applications/gitlab.nix
|
||||
];
|
||||
|
||||
deployment = {
|
||||
|
@ -42,6 +41,5 @@ in {
|
|||
host = host;
|
||||
backup.enable = true;
|
||||
gitlab.enable = true;
|
||||
forgejo.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -31,6 +31,8 @@ in {
|
|||
../applications/discord.nix
|
||||
../applications/bitwarden/vaultwarden.nix
|
||||
../applications/bitwarden/bitwarden_sync.nix
|
||||
../applications/grafana.nix
|
||||
../applications/prometheus.nix
|
||||
];
|
||||
|
||||
deployment = {
|
||||
|
@ -54,5 +56,7 @@ in {
|
|||
|
||||
# committee/admin services
|
||||
vaultwarden.enable = true;
|
||||
prometheus.server.enable = true;
|
||||
grafana.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -22,6 +22,9 @@ Notes: Thius vpn is for admin use only, to give access to all the servers via
|
|||
hostname = ip_pub;
|
||||
in {
|
||||
imports = [
|
||||
# applications for this particular server
|
||||
../applications/firewall.nix
|
||||
../applications/dns.nix
|
||||
];
|
||||
|
||||
deployment = {
|
||||
|
|
|
@ -25,8 +25,7 @@ Notes:
|
|||
};
|
||||
in {
|
||||
imports = [
|
||||
# ../applications/git/gitlab_runner.nix
|
||||
../applications/git/forgejo_runner.nix
|
||||
../applications/gitlab_runner.nix
|
||||
];
|
||||
|
||||
deployment = {
|
||||
|
@ -41,11 +40,9 @@ in {
|
|||
host = host;
|
||||
backup.enable = true;
|
||||
|
||||
# gitlab_runner = {
|
||||
# enable = true;
|
||||
# runner.name = "runner01";
|
||||
# };
|
||||
|
||||
forgejo_runner.enable = true;
|
||||
gitlab_runner = {
|
||||
enable = true;
|
||||
runner.name = "runner01";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Binary file not shown.
|
@ -1,19 +1,13 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 V1pwNA W/NRXpp7PSEWuDgquA43V9tF8XNmwXh6rUaEWPQXjXE
|
||||
MEKDCw7L359DVwjQmwpmYoeSQ/bNReOWMuAkgM2uxDA
|
||||
-> ssh-ed25519 4PzZog 4zxB5pnt/iKnVAA8QH6UViM21g1SP4Saeh6RlclJzE4
|
||||
SsH/bxzMVJ7BPzOhkFLqALHAC96un25MyMECigwzcMs
|
||||
-> ssh-ed25519 dA0vRg 4R3DxlFcF9FYlzinRGeBL/Td0m1lnF8OVl6w0Q8AiXk
|
||||
45yZH1BIJc0VHFoRKZeQC8ksblwMUWt4BQOzkNX4JhE
|
||||
-> ssh-ed25519 5Nd93w 6WnC8Uy/rzUO/fKCVoWh4EIz07IxrUhBA2j9XB9z9V8
|
||||
rlw0sHOCmyj5seFWtiDNaAb82Yngky/YikwSp8aUO/s
|
||||
-> ssh-ed25519 q8eJgg QTonZgzGSCpZRtm+oS/BwiajPyObvZ696lqZTe4orSI
|
||||
WS1U6SKFrsZZZtturw1TimcF2ysXKgrof2j2/mnGmkc
|
||||
-> ssh-ed25519 KVr8rw N1DOzqYbFOPjrFQM8QsUli8acRcCkzv02JRq+izquyA
|
||||
iihL+JLrPdF92qS0ubeWKuExrGTUOJ0fw8yyMyOVnUs
|
||||
-> ssh-ed25519 fia1eQ +w48EzhCDoDP1PMB2DEOliYSbXV17DVbmILcDvVoVh0
|
||||
rUfEjSbcwWuwKEAlzJB+BBh0Rg+Mce+Vysgbig9nPfc
|
||||
-> ssh-ed25519 3pl/Kw aJihztg8o9SZ/R+ej59xMghwdIw4bny3M7QHU+0gMH0
|
||||
21Rfich2EYg4p12HZwk1UTSs2Atc+Hrq8KGE16vAUNk
|
||||
--- v/GsXL2prAvUyOgL8orGn2FMnB9qyaXqJlfinz2sZ3M
|
||||
·–\µï1ßÚž¾\kÙRËê. :ÒíÚ}+M?õcßÿ*¦øB¯½¯žb›á‘âã¨Yâ’¡Xm+d¯ÑBÎEfB$^kq$ë:uæîd.,^;”ì´R
|
||||
-> ssh-ed25519 V1pwNA olslO4c+ZlJtfdnTvlUz/JToxVa4mKVMc2eImIb3R34
|
||||
xVWXF6S38aPtZnhVdJBFcNMLZbsXyfGOyP4xvVmcqwg
|
||||
-> ssh-ed25519 4PzZog zmdNvTqZx9XNzXITLXZrIrtlKm1+r3BCthr5z3JNMDo
|
||||
hGyzFvvPf/OpNwBKml3R7nas8n3KihaMtZipnbB6Hx4
|
||||
-> ssh-ed25519 5Nd93w FB2Q42uQesjMDfE0WpVAp/0bob/37k1BDBBH13ul5QM
|
||||
tFrXKb372CcnEMaunjm9aJ6ZBEXLK/EvhAD0Lc5haqQ
|
||||
-> ssh-ed25519 q8eJgg yzncjdMSAILkSPzccY9uq4yULhbVi447IkC2mk+b5GY
|
||||
YdEh5Fbr4U1Jwr2r7tNDorzrxyRVy5n5Cb9hhQG+TPs
|
||||
-> ssh-ed25519 3pl/Kw sZ0skpiwJWPoqGMIhIUonQkJ5Pa1i37X9OyJHVwRngs
|
||||
FqHMytq+bYoQBI/BwQvmjR1hvInhltkcuV1H6mcolUY
|
||||
--- 0MouBOwGiCtj1xzuEZNiu0v/1vsqrHX349hRrTADwZs
|
||||
sÑÈå+7¾¸pëûÉ<C3BB>ÖõÀ`hâ*p¿¼Œ„B½N°îyb:4TÛ°,ù"yæÚ«˜Î“@N€R]Ñжb uk/1ê߆jDn®È]À'Æz¶
‡á¿éoG
|
Binary file not shown.
|
@ -1,19 +1,13 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 V1pwNA 6tVe3xNaSixJpjbdLEH+8qjYyiPrhW/zkHUw7PGA/H4
|
||||
ldA3wsf+IP3sThSl8biympvXXA8JhdmUFTRWsb3QkIs
|
||||
-> ssh-ed25519 4PzZog I48nrFVZDzCf1fh1MbyZlVRgslC2v8sH7NgQDMnP9Uc
|
||||
0OB4KjT8yb/ThKIWiBZVaFfHoRHpBbCt5cqFUzutIDM
|
||||
-> ssh-ed25519 dA0vRg 4Dd1x2Ei+6cV+h3s6jMFD3Btq6RXQAggvOt6LXQMalE
|
||||
lJ5cCt4lsqVy6K86rwsgZoqmMJlw9IbBtgIWFMAXm6U
|
||||
-> ssh-ed25519 5Nd93w 9mJtwmZeGSiYl9ICT6KaBufaFM5knv2qweHRI7gyojM
|
||||
9k6EfBRmOGduu3qkI26rB1BNy1F5Kd2iFBUKCh7GwUA
|
||||
-> ssh-ed25519 q8eJgg lBbdp6ys+jQhcdgF6WooCGVxHclhTTG+ayhWWHxK3QI
|
||||
/MvFVmTKRSAUceL0nzyUvfhnp7PjOyQZVLupu6vSToE
|
||||
-> ssh-ed25519 KVr8rw uPzjpOH1IBCrMbe7VaCfWrgHqzWubwPliBPnl4cwSyQ
|
||||
7bTP9jAvsJpt0qXO5klC3bphyWB6L6g39ra/dNnjsGk
|
||||
-> ssh-ed25519 fia1eQ Klz4SMU2+fKxVg+CRW9kgWN1/26dbcbVGcV6PByxZAM
|
||||
ZLjVMD/RSOUzIqvEkcWTp8hSpR87DVQ2FH5gcKhAhIc
|
||||
-> ssh-ed25519 IzAMqA n7rKJTg9SIhgFNEWTEWKBJ067AaavacyFxgF43LwH34
|
||||
GaxH14AKF8a+H2VAO3RH8DAEGnhQuP3lzPXktWJWudo
|
||||
--- v+2lxuXwMa8MWotaPS7ozEWQ6Dukh7IRSR/N4M+07DI
|
||||
ºÚ ìÞªOøÖ–ÌŠoºn¸sŸÖ;^Ž1h´ËMZ™(RÇJeØ+Ù*3‹Ëe¡În"TeÆ<65>sÈf¦½—<C2BD>Côø5wº ÌӪߣfX
|
||||
-> ssh-ed25519 V1pwNA 0/cU2Vgq/42KkZH/OdX+GkEMp//Ymhko0ve9DrEqJUA
|
||||
rXykR1ai6r6SWyw0D3u8IXb/dTTN2e+/ua4pZ1Jkk6g
|
||||
-> ssh-ed25519 4PzZog HiABbxUkRWcOjZDOwQHspZ8FSz02NplQaeiLtF8s5Ew
|
||||
MR5FLVLkFVgZhBUWZQxFhl8t2NEEmDlOaeoMzs1P1uk
|
||||
-> ssh-ed25519 5Nd93w +dB0KgoeMx+Sfo4jTO19xJzyHgTDHddOghcx4mQzHBk
|
||||
ntdc2r3If99wlMSmi43KL5hA5SkSoWpRkxiHxFeEt4o
|
||||
-> ssh-ed25519 q8eJgg MgW6ZgKhont3NfMn2n8b3ciHn4YpSH4iBLvfsVS6/W0
|
||||
a0L0EYlHJYBwjEa8jvo9HMZONe4oGj7f39zZfbVfz9M
|
||||
-> ssh-ed25519 IzAMqA 6V4Q49p/QtxquDW3zJHPUpKzb1mzuTc6vk8Az/G5FFU
|
||||
QTKkUwN9ikycTHd3hFBFCk3yyBl8k4IS16brmZSSCEE
|
||||
--- 8OJR8TzbavDcD31O+iiNL7Q4elIJ2vP9/EBDkoNKTUU
|
||||
õ¸G“SQ&g_@bVŽ¹w)<29>‚ò±‡J‹0ÂîÓp6µRædh[žët"ú/D:¦œÂl¾^Tú¸¦<C2B8>)…yâ=5ó"qTh:Ni™
|
|
@ -1,19 +1,13 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 V1pwNA YScTD2GeXDwg6pVitdF8G3dPpPg4xclLTtb2NYn6n2A
|
||||
Kv8RiNzEIELwiBnyq6S7BQlJJ3Y4tSf6qS9pvZLc2kg
|
||||
-> ssh-ed25519 4PzZog 8lnyXYhDxCMVgSb9fc+eylgh4PNyiyWbkyR5qYEQBU8
|
||||
mdFUq2z4nIw+ffhGFsQnO7JTqFfS51NqyFlq1nvYp8Y
|
||||
-> ssh-ed25519 dA0vRg laNNBfJdmv08S8DDiJRFMqJYJtRj/dLXqQ0yHGLhFCI
|
||||
NRqL9+8AqzwfgNeVIuCAQNxzWNRHK0SlJEW4k9JZv3A
|
||||
-> ssh-ed25519 5Nd93w FletvMID8uTwelny7qrjacrU4rLd2nM/CByUIZZ+Azc
|
||||
Mha4WZJ9N/O7RDFw33jXqp2y28MzqC/vCY6iTN6Qf7o
|
||||
-> ssh-ed25519 q8eJgg KNKT5k4Uaee2ggscZpmSnclWI+9gdBc4T+Lt2M4wzgM
|
||||
6xo5fCHgbhf3rE3lErsDMhEiZ8SGI1CizTFswLfjbJY
|
||||
-> ssh-ed25519 KVr8rw htxnJOvYzVzDuS0zdOCjN1HCGml6hc0M5pbA9JVo3Xg
|
||||
mJE5zOMtSKshRlwo/2YRzXnGO2On20dS1builMpXwFk
|
||||
-> ssh-ed25519 fia1eQ o/iDYcyxH13zQBQbxIglv+K84s3PV5aAIB4ln+4PHxY
|
||||
iA/1FWOIJj3qt/s4DcfM73fMXz0GPiqwDJ5nh1Sl7ag
|
||||
-> ssh-ed25519 IzAMqA P+/aiLPHi5tlibSilwOJ6FxROHjJpv2ncWYBruftaWc
|
||||
46KeZ7kOY/8vkryznVvpgEnWlXDkG14PfAlLWdzrm0E
|
||||
--- dQXX0WKOt6wXrNLkzBNLVipb2lZNJcRCX+nSRpy+2Tg
|
||||
ó2Ûöú„I
þHr
±Å}ÐI™â0œd&„«e§æÙ¹Ób]áBËÉùÙ×<C399>T]2’Z…N1‰Ò<E280B0>|lÿº1
|
||||
-> ssh-ed25519 V1pwNA GVmv4CgKJ4b8Hv52C+1f/g58CbBLacpZ1CuyMrH+P3c
|
||||
2JJ0TfpA4V+ZjbcbRxVN/NKPTm/KtKQ/A5fE33n0jAU
|
||||
-> ssh-ed25519 4PzZog 8ZoG98iY1oUChmdWuRzxwAY0Lk88FVwMH6M5+HctGjg
|
||||
TZ6bTswrAXji/YEaqUcZpxcqZnijvZBa3nq/rDorHkc
|
||||
-> ssh-ed25519 5Nd93w 1QLznyfI5HuZiFOKlDJW/tw0tRiz/VADYJTfQVxzrRg
|
||||
2n5f2UMzG7BFNV7zyPw4lleQdQJsRRG+0lcbuTvP1Pg
|
||||
-> ssh-ed25519 q8eJgg 1ihAcMOK6p+chq0ivA0JY5QJrjhkGc9b1AxzWHFa3Xc
|
||||
nfC3dXD6J4S18qjUO91hSNxOGnukFVFykq8HqntmKv8
|
||||
-> ssh-ed25519 IzAMqA wBM3jR8cmXa6yvNi1wTsdBX6qotosuBRu1rKYLJ/FCk
|
||||
MUtMJjn+8Fbx9CjpUaciJPd8NOXxsJHGT/x60OF6O1U
|
||||
--- d0tAB4cQva5jGPj8G8v5GrSFu0WfmjSYU+BmvDZsaLU
|
||||
wÀ’'”Dzޞšjǵ‘«Ø$d-–µÊ¢¯…ÓC󣘽5îÝŸWª, íFjÓê¬Yî9çÂ[[´8à ¾
|
|
@ -1,26 +1,20 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 V1pwNA 6NKUbOSUbwVjzW/ZUpl8qEiUTTegFlji4+tVJyqY3SE
|
||||
fRQvaKnLMkVBboTEriQpWlGY9VBAP3ppsEbAB2QTScs
|
||||
-> ssh-ed25519 4PzZog mp/+b5LpB+DvRduqAZiKWqkZq6+tlyQgVTZz7Oge2Us
|
||||
OycqmZyDr3levWSfRFxypJOkITLDix0Q15Todya6BNc
|
||||
-> ssh-ed25519 dA0vRg yp/4LvS9DbdatHFWFsP5qhH8CP8Bs0IjVSenUtG4+Xs
|
||||
hHiJEtl1ffYXltsJzuEMLGUl2i/i3pFzv4bjbx/cbOI
|
||||
-> ssh-ed25519 5Nd93w BTngmy4NGLGKhC8lPos63QEVBKoQT82KswQ22EypcQQ
|
||||
OCnJMkOwwXQVbtCitUizXM4nynC6a1tiPSkm7MxulWA
|
||||
-> ssh-ed25519 q8eJgg NaEjVcDBVICRgXuJchEdE4vg3qmkNmJAbDDxLq1fX0M
|
||||
YFwUmEPwJIik5YJ2SV5IAmqGlY+h24voJJlrBaoCBwA
|
||||
-> ssh-ed25519 KVr8rw ZnyVITZFkuozEs/rbTdxXDQNS3Nggo+JkBL1Icht2SM
|
||||
B4jVVts5lK1kIlOWMl0eiN7TpsTeJZWIu7NqildxeGE
|
||||
-> ssh-ed25519 fia1eQ kvzARRScl/eypC2a5cY66sXcH+TZqz4sYg4W/k9iJxQ
|
||||
Ga+4TVvXiQ6i5/+fgUQ3E5tJiLqdBsEsXjenXEpRV/A
|
||||
-> ssh-ed25519 IzAMqA 5sizvlhLhAhAR1bViHJtRJ8fAIO56TAuLVSOwE177QE
|
||||
b9oJ8BC2xiBjvc3D0H0EF7bSNDlpvIidyBCTf04ndJI
|
||||
-> ssh-ed25519 uZzB3g g9y66zNmQbqP6Rbhg2t06W3YOgy8DkRvJZbWVegT71s
|
||||
2dH7E76tDMrWQJbLPefyORP66iaPHQnSjwu8NCdSyJo
|
||||
-> ssh-ed25519 Hb0ipQ azOzBLXfshInlFVpV0PzIBidL/VzA/+kKRXFFVD6ZF4
|
||||
iXBF/Wcv4KWo5qUXUlyimuo0l6aClKxOCtkm3MxAIBc
|
||||
-> ssh-ed25519 IzAMqA EWitYyV8RsPIB6HEFE2OI/C1zcC6WfBEeDI62rGVmkk
|
||||
Bk9tdSqIjLjat21J2LM8RXAt9GwdQxYdfPzqDtCjunE
|
||||
--- waY7j+HMEOdqEZs/TcLEhUY9gJs6ZSc51VNfuCmCxJ4
|
||||
Ý;dÙ9A‡vÔé±nq<“ê;TèáƒB؇$ÐGÌvï¯h
|
||||
»\^Žé§lÖ¯`š¼ÄÎ?l¸<0C>au~üЧ×yâ[ךju²üvÂ;]!œ6Ëè±ãXIs4ÇŒ!Ù@ß϶û¬‘|›úïª">eÈÿ[VVŠž´,ÿ5˜ý8N§¹Œh<04><>[ƒ×´ZD,zý&âñíó¡”õIØ>ŠØù¡<C3B9>|ÎézÉm
|
||||
-> ssh-ed25519 V1pwNA f6xGNtufcGjWlCNkhlF1YMNhwMIjpW0ojqD7fDhPjBE
|
||||
fCVybFD61VIpm20zeVvKCsOclGhzN7RwRViw6EeWY8o
|
||||
-> ssh-ed25519 4PzZog nHWP3E5ZNvSwTjeNWL5qqmPsnXBWUEs/e7trIQuT2CI
|
||||
n9zztxz/XTIY5mPLSkFabYfsGugSrP7bdrXzf993MTo
|
||||
-> ssh-ed25519 5Nd93w 1Nxqu7Lgv+KBNSoWMem3dBou4xrafQcE4XFlGCgwpCk
|
||||
vZe2WYM+FfrNXog4iEKAwlAQsAuDEp2tdl/WzhRaju0
|
||||
-> ssh-ed25519 q8eJgg ywDORriWBqKl15CDZccFC0EbX8StgGYP3nbkOwKDbTU
|
||||
ULGvROpIUv8GG/WdRIxpfovjl/08knlgQxpipUJe5vk
|
||||
-> ssh-ed25519 IzAMqA RgipLXB0jBR4ghCrXXMx9/Pu03E4gBYow4gWYDPzHCc
|
||||
gVAHf9H0fZrPL/8+NWx5Jlr/7UrvQdpLSGXEMiNdmrQ
|
||||
-> ssh-ed25519 uZzB3g UbeXy7a4ZkdEjIIBCLD/zNKmlY2ooTO0CbGl1Y9lJRg
|
||||
aajwx+NrY7iwOkT9hkk9ocdUlNm1f4epqXNosPxJpr0
|
||||
-> ssh-ed25519 Hb0ipQ 8sdgjex0JqgckMibuS1jdiJgkjvWGO8tUvlpWoYmxiM
|
||||
CoUeJ+vEbBit9JZhvyz0dHX5IgNywGE4XfeCtVV94GI
|
||||
-> ssh-ed25519 IzAMqA 41gq5+Itn20lMFlS7AnJ5JLl6OEbJ9Q32M/1TUDl0is
|
||||
PFjQ3Gb4LajOxSjJgp6s2dkZrDFinniDGL8hXtlomqE
|
||||
--- vxbU9/Jgdf0fkUD3hrdHUgPV3ipn9MazV54zlh4s4Yc
|
||||
+I¾d®¤†/ìff£È›1˜/xOä®<C3A4>ã=÷"<›( £O‡ŸÇfsrh+=Eâ{Ø=è
²
|
||||
šÙïÝîCõ&ØQûës¹‹ÒùÙüVùu}4Åéìä4¿U‰ëÙ<>½USj%ËiƒHXÚšõÈÌã7ÂF«Ù݆¦º4ý>ѨføÕ0ŠãÇƶ)ìDXÊ)À“Ï—‡°$2<>YXå×Ù®<C399>šÿ£%¸sÛ
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,25 +1,19 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 V1pwNA OXq8Ez0V4LJUKYl+5ql1M45ZHLP0pRg1+wpROKw31EM
|
||||
VRu9/cu9HpKLzf+ChRYl+Q7CmLJotHsgtuONSiF7xI4
|
||||
-> ssh-ed25519 4PzZog wjZuT9yZn6m0pkIaEqZG8Lyhn0tDd7SWaG7CMe8axHs
|
||||
g1xgcY98I7PkOGr5U7wXW1+WmKkhw0IbIjEqkpJ9qVA
|
||||
-> ssh-ed25519 dA0vRg jNryFpGJIll+ShRBJfSeDxoregZChDjfML7T7GK5tQY
|
||||
EKwpPdl+lsxPUOwiZejGoDhW5AtnlPb5o6pP//QdNsY
|
||||
-> ssh-ed25519 5Nd93w bUK/vkl4JdDTiYjJ87y1W16Q3+UHYJydd4uurTt64lg
|
||||
i9ewXjr6156XlJfXlkexxzz0e3GgR9qiRd4xGD/ET1Q
|
||||
-> ssh-ed25519 q8eJgg PZgB71YUUBZR3f400P3eyr+XBxTfzzK3uW95jUkdEBE
|
||||
ZE4jDg/b7RsGthpdrY0EApD2gSNnRWCUysrooiEsTb8
|
||||
-> ssh-ed25519 KVr8rw NBamDqepGTVk+fRuSRh1fBcFi+SXt5E3SdeNOHu+eTs
|
||||
a99yadLXBDuyo6fVYTXW12HJRBKJe89QtAgTsw0CSjs
|
||||
-> ssh-ed25519 fia1eQ AxTNqh5CUr8sLDTCbAJyv4y8j0uys4+2u8IZcdh9mAQ
|
||||
ERVJjXxP1P8DGDZltLViSRUQpBVqgUPBG5rA0vX+QWo
|
||||
-> ssh-ed25519 IzAMqA mG2TOePS2xp2zfN6tm3df79MbQmahP0Zrz/Wv6m9VRE
|
||||
DHCR0kPJ+FYi/8cbNo1wYg9W+ibhNulhjC+4ZT+xQkE
|
||||
-> ssh-ed25519 uZzB3g JZiMYvKnSx0MDl7ajstoNqdogJi0oo0o0RWYiXYdLCU
|
||||
wdlxY9xLC2+CdhOq6XFCL27k6hoUIb2iB6uXVzoVjgE
|
||||
-> ssh-ed25519 Hb0ipQ q3pj0zGX6KYAQt92tWGcVnpzMztez5qMD42Mf8kq+D4
|
||||
jFCtS7SLEcA8hc6rxgnCojW66HMAqKiHzyqBVs5dAFA
|
||||
-> ssh-ed25519 IzAMqA 9zAaZRjN+SdSeBnn3ocISeDFcZTUFlAwIO1dzRb96lw
|
||||
7T2xjV4CTcCMwm2g3nGdVXCCXzQNrNGY5fG0I3f/y84
|
||||
--- Xry5yKvldlqJm4/4WINhgNr4zLuZncxJtZNJ/ruwZOE
|
||||
ºXntÊýYšyõB01îÆÈøEŸMÍ<4D>¸žâ€·ˆœ*1F–'‰$èÓ¿ÄÞkô½Lt¦ùGÅŽ‘Å«Ó³oŸÙ5å -X2a<Ú1îÞ_I°Ü;çKz¬GékèôΟFÑšrˆa¯œc[›gOBµ¾<>b¢‘Ö/ß…4o€U
|
||||
-> ssh-ed25519 V1pwNA mAJQEFu0p2nxajUh4C7FrKnnyTEFVagT6rtCsKqDz18
|
||||
a85pGwh2S35v+VwC8DnIL0TJobCk8EihiN7p7bwlxiI
|
||||
-> ssh-ed25519 4PzZog NbDMBIfNzmoG6jSRTrDpKbHm+5pd8tVLZhZbnzvGZRk
|
||||
VzXjnmCR17I7ZX5b356OCRHJF7W10aj3SBF0MCcnzwY
|
||||
-> ssh-ed25519 5Nd93w sNsptEu0kFqWKSTeEXvdsa38ka+h+LKXBqrTIqmE6jY
|
||||
RrPnod0YsfbXGcfwKz3BfYyVQa2+OFR18X6f5V9xqX4
|
||||
-> ssh-ed25519 q8eJgg 7YPlbAGSZPq1IvLqk2EB0S7WfemTLkUv6FC5GrZHWDE
|
||||
tTGgiNjuJl/3DLc/GKIczm5G38LZGekAXTF2TXUo+PU
|
||||
-> ssh-ed25519 IzAMqA PcRZNr3VHZuB9XD3sRASaY8JaL45c8pF9Am/7P+94iU
|
||||
Sml3WvRZ/wrUO5fqn02cJneCfjnZ5fJr9d3dTdqyCdg
|
||||
-> ssh-ed25519 uZzB3g bWlsuR71mtorLasEP7+2cuH2S2B8uM222D6nQC5Rgw4
|
||||
rUQ1sXbeaehQm1e3/JVR8cQqE2hkwmUFV/PQ9Se1H1M
|
||||
-> ssh-ed25519 Hb0ipQ kgBnX7+sd0rxcp88Hglenuf3qfoo1syJQceGxMbWDSQ
|
||||
rb5cvTxSjInGgJRZq33vCIa23LkeFHbLCy2s3hZXSzI
|
||||
-> ssh-ed25519 IzAMqA 0pLUe6dFlP9w2JPn53Mo6xXJNuJrLHH9mqerGYp4lFM
|
||||
IvjADrsuDTHI0Ljzr899pG5/bwi+V+KfCt3hn6Nf/UA
|
||||
--- jAsttyHTXJjcXYQym/QFfEvD8eMk+SK9IegD0p2bZ7Y
|
||||
5:¡-<2D>Éþl+5ņe<ëîS÷<53>¥YÆ£RKCÄä‰H<E280B0><éï1etõ¡Þ"¼ä‚Êaʉ?åQ&õÔ÷’PíÓ<C3AD>‰€´—ï8Cšw?NÄP‘¶Wìf|&‘¨BÈšßö†][WÓÁr¢ÁÃ|>»‡Ó«SKŒ‚<C592>“ŒÊ³³%-«&M"uпuöz
|
Binary file not shown.
|
@ -1,19 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 V1pwNA g2fcL863aQ9Fyd46ou1tLRUyk+lgmaq2ebrHtsGS/2w
|
||||
dnE1XFTUYBtF/JU5WKqt5hPC+uDGWS8kT/m3JBm1FqU
|
||||
-> ssh-ed25519 4PzZog DPgMcSEWU2eOVSEzznG/gRrkhJzhrZvFgJeI/nzjCVQ
|
||||
STlzeXPR6YRa6iQQVOuYKTtvSRmG8u7Ne/WdWtSJd9k
|
||||
-> ssh-ed25519 dA0vRg 91a3/mO9Mc8z9UXzPAHwUA+sZSvveNWMXHdKiy76jlI
|
||||
sOph7DsS4uQ9lDpGSJCxUP6zz6HDQ4CCXfa5XDHShpM
|
||||
-> ssh-ed25519 5Nd93w mP1uWGQiUgBPWHV6JuCif1CtR73z/nkiGEr+9WFmjDI
|
||||
KGoT0BxUxlE9f2BPPnw10Tya2+SHfAigtSYTQwGFqlE
|
||||
-> ssh-ed25519 q8eJgg e84g2UFFvCR0WL87MISDVeGyqS+2WJwSWx9Ei1f11gc
|
||||
PrlpA8SWBLskYxujLpOi/7yeUy6q0b71sFicHcS+otU
|
||||
-> ssh-ed25519 KVr8rw MEUHwxdpXsX5i5m7mcDLXK30Tmpznl18pE2U/ey3DVs
|
||||
mCKEB6ZeZQRFUzaGqH8BVBNDbgHa1UocNxPjThciMh8
|
||||
-> ssh-ed25519 fia1eQ 3fVdGpKBs3gsiHWQW0hj8Z7LzgvQ3CfR2d3zAczNzxQ
|
||||
xqMW2BNyTyDCT2qew5VLVi22toQ/SUnx8L3xCpWKtQM
|
||||
-> ssh-ed25519 yvS9bw 8hv9OFOBacjS03cT73lluCDfbQa4U4YY0Mhb/fzXhCs
|
||||
WoNTbQ72XUCtxxRjS+D7sBnShmmpoeQNvwqpNa1F7M0
|
||||
--- 1mryHIWXt0MNzqKgZlzikiIr8pfTWZxcwtZVvI0YSJY
|
||||
õ>§þT%©l殓;záä†<C3A4>²»ª/òL£–±bï<’V¥9«æç:}D6¾\0„’TuçÅØ<>ë‘í¦ã•óÚ…VÏòJ¯HmæFTÜyc
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,19 +1,13 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 V1pwNA kJHAcriJ+sFCzoV1VVboGB0/1xRlwl2mH1cV8Vy1mjc
|
||||
Ry1QA7YlBU/t5nfoi5s8I+wy1HTU3rVAFAr6rUabYpg
|
||||
-> ssh-ed25519 4PzZog 67l2OiK7ENJ+HsVrXSDCRe7XgIe/dFDj+Ms/Rm+ueUY
|
||||
EEIiyD0piXb+gj0gy0oW0X2kN9mdMZGN7Avi7oclSnA
|
||||
-> ssh-ed25519 dA0vRg hRHg9X0Gb92TYsY7eIZNPzt1DZQiKHiqOpaHK5nKPBY
|
||||
qp5dEMpv3WpFnSesd0Arq9aKDnMxdo+wDXi2fA/U/9k
|
||||
-> ssh-ed25519 5Nd93w awByDyEArWq75lcY/3uvlIlGx83boSnWLMQWcPSyuzU
|
||||
C4L9KT6Bo9kc1BJO2BgRzGCQK4PtsFXgkfgO4VO0W9M
|
||||
-> ssh-ed25519 q8eJgg 3JAmUOYLDgLChFBadKXfeFYSAYWraiizPw42XOziBUs
|
||||
KvATsOkmpg0R0umowi23ZRcATUYsUM4SMqU+OTP7dLw
|
||||
-> ssh-ed25519 KVr8rw CAh+Am4nDLqeGfZdWYgQbUOXrh0RRdCepxCbtNqoZl0
|
||||
uXuSAtx2osOXSSSnYzuXaNW9lvoKMQwcRgws4NP0kzw
|
||||
-> ssh-ed25519 fia1eQ NQsgR5u4GIzBUFJufkDFdSifZO2bUhuUMMxtgRLi0Fw
|
||||
jkOAECCGrTKuwu1etx2dfQXxaGOBs5RtY4IKHhebagU
|
||||
-> ssh-ed25519 uZzB3g WUh+ofw2E45Ch0GnLFkuXizAIUJ/MXGWJkt6BQTD5FI
|
||||
ScfYZzf4U1E105vqLEoRCpSbluyimcKXm3tlLHQNr4M
|
||||
--- cnStsCjzqGq07hOA4OlSZ9Zz2PE+WTyzmfZlDjost2U
|
||||
Ö…rL ŠrÄE—·W…ÿ¿æ½œVÎn¬ þÃß_ßOÉ<4F>BZ<42>“•öjÐp*ÙãØÊLŸØV ÙŽàÇÍÊÉŠ”Å7¥Ý«<C39D>ØhÀŒqŒdto
y]²;²%ˆsêæ‰.p+&8°ªëßÛ<1C>)æan©/À¨„Q&Dš¬Ãü¢È;xøŽÁ-½ÎF£'¦_q„Ù`×A[×ak¦.“„
|
||||
-> ssh-ed25519 V1pwNA M7d9xq/iqOTKhjcRLepOfroQ+5UbgAZPZGrMjO14ukM
|
||||
CxU+iAQv3PurTPR1LXNlUNginZ1vEfFUnBhjC5WN1q8
|
||||
-> ssh-ed25519 4PzZog 9Ei3SpxZwQzkP33IwsOaoLsbwKxd8Ob6LRem27BZQEQ
|
||||
V/caj04O8JKkWGva6PLTkNS0pnE0osucuG8zKCfjLso
|
||||
-> ssh-ed25519 5Nd93w jH02jnNcr1yc3ttGlzYNkG093IhOxJP+NbrPlw0GY2s
|
||||
hrhD689I36YyGTavMatKcduA2xfqNppIN2ugnose4eQ
|
||||
-> ssh-ed25519 q8eJgg 7COrAqJROsNYZ0A8pgQGzsmUmpzUqO6AM3w+fx8htUI
|
||||
bdEpEBZriRn+INDOxXf5IeOoWY1zE8S9VW5SojJdY6w
|
||||
-> ssh-ed25519 uZzB3g ozhGkaE/AWUWVM1VZr6/KcWBEZeg8NbwS3CoEpzefkA
|
||||
2VwlN7qFkZSHXahsVJEmHCp2L1urgh+QQNFHt4BNz3A
|
||||
--- RmDoTPYafhC/qhAiHu75+tkwV5lTocqeULhP+6cluS0
|
||||
U[F8õ6Œ ^¸<>rBdž)¯Oä¶UU¿Wßy<C39F>£‡%<25>~=‘)²ŒÎÐ{Á+sN|‚Obmö!Ø’ƒ¢ìZå»>‹.3š÷9›Fé*IË<49>Ðj¡ä’«w3TQ;˜ùñàP<C3A0>A«i©¾”ÎWm}$2û»2<¿âé*â¨ö'±°~°¤dܨk¹•]w*©Ôèðâ\
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,19 +1,13 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 V1pwNA kcb3u3/R79sZvwHPXxp1faFzYpnTUJjnDnyA3LCb7js
|
||||
KQaHb04I9t/ah32d09P3AW4y78EXxqlKMZegAMv0D/8
|
||||
-> ssh-ed25519 4PzZog Gc9EMmfVfQVsUDv/EGwiExDWzA263KxCc81TpnF/bHs
|
||||
2QGJpcxDqQYly8tpyyq9uSCfYW/FV1tYgv+Mf/8eCik
|
||||
-> ssh-ed25519 dA0vRg HTT5Awec53+Eg4itwGWrM8W9s3/fFdpQJbNHryN9qAo
|
||||
SXcqmaUfjBIfgJtkqafX75wgqWOfRPIYgwH66SHH9aA
|
||||
-> ssh-ed25519 5Nd93w VhDrPTSM+V9lTPpizEkonGM/r5vZWF3gPA/iov4kWjg
|
||||
Kv5UWwZr7/3r1TxFA897+OgkXkX/sSLPicBDOLhqEMU
|
||||
-> ssh-ed25519 q8eJgg /BpYqgnWdctlOj0NHxAASTuYRfp6cfc9OAUgNsKOykY
|
||||
ivH3zs9v8+yuzqQsLE08sAzAsd/izFH7b6ATVs5HI9w
|
||||
-> ssh-ed25519 KVr8rw gTcaaJC6XYsyLyxnoP5/HdWJCAPe4EtFk6YOOmqgtAU
|
||||
5VUHbnghG7lwbk5xCl+q0nJtS1S5mSv6vD37NgCJAgU
|
||||
-> ssh-ed25519 fia1eQ 3U/5b8+aOACexOOqS6+EztcitIiTG40ZtwjxM8RPTAI
|
||||
5An4KawPz4EcrAY0EGUS83lHFOGJXKOHGSd1Cj4Pa9Q
|
||||
-> ssh-ed25519 rmrvjw WMELHgVvy9er/V5N698UF9ZFiwaeedNsxFJ5Tlj3ZlQ
|
||||
lw+sHWr3uHV2b22xNxnD+vSPis/iq8Xbp7XaIWG5XDo
|
||||
--- +UH8vyepaxWHUviCyJ2rgJ6OcQRmBC22Z00VB7WndFE
|
||||
ùñ3fؿȘڪ…·‘‘¨ÇÑÐ_‰º'é¨ ƒ<C2A0>3<>'L¦Ü¨´beøG<€6餔)"†P„¢¨¨%?~žI£ùÕ\˜u¤
|
||||
-> ssh-ed25519 V1pwNA ly/9CnXtgQlXTbKcK+gD+v0Ck7rmGtNrA/S9XfBdg3s
|
||||
6skVNVJTgCf/EWlDbH6urfr4CUibVH/N+HcfIYPkzTo
|
||||
-> ssh-ed25519 4PzZog 7+Fc9ec8zvlKP6VGKJa3MRN6p9bUrA07/BlL8rSnp3w
|
||||
YgALG1b8QOmMqWuqr9iVxAal9cWFf8me0KT1Mg0onko
|
||||
-> ssh-ed25519 5Nd93w /lx/evI9jsXzHMxXYQMoavWucTMiGMXwxACpjXYFZlU
|
||||
nVWhQydOO8eaTYcR66u1MeH/glmwTDJnJM0I9tXUvV0
|
||||
-> ssh-ed25519 q8eJgg wYOxbUUXrTgY9XkUz02qtW8TaYJfNej9VBdwvfUWrT8
|
||||
/47DLKQGt1M3fJWDHo2Eg2ij4jCGd17ieYZ8gA/uYjY
|
||||
-> ssh-ed25519 IzAMqA FfUA/kyLBOFIHFUO+PSsdTwaRjGvfsq7OTMXYo7/WjM
|
||||
jEn8y+mncrOPmDzvsK90X2D/m8ZxmuIL8H0h27YP3hM
|
||||
--- ibLXLaT49j/Mb8CwbcL+Gjwy5GJ5YDX31JQFqfOIXRw
|
||||
ºôag9Òa“Yâ«Ò<C2AB>öä”<C3A4>GADóðgûÅi°^ýUaß±Fà YÏã@4><01>¬óÐàò£Ý*‚Š?úÉ„5»F-íã8Ã
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,20 +1,14 @@
|
|||
let
|
||||
admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin";
|
||||
silver_laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWfVKls31yK1aZeAu5mCE+xycI9Kt3Xoj+gfvEonDg silver@helios";
|
||||
silver_laptop_2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmm4CCnpT+tF7vecSrku0+7aDA1z3pQ+PDqZvoCynCR silver@aether";
|
||||
silver_laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWfVKls31yK1aZeAu5mCE+xycI9Kt3Xoj+gfvEonDg NixOS Laptop";
|
||||
silver_desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN34yTh0nk7HAz8id5Z/wiIX3H7ptleDyXy5bfbemico Desktop";
|
||||
thenobrainer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer";
|
||||
eliza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJaVEGPDxG/0gbYJovPB+tiODgBDUABlgc1OokmF3WA eliza-skynet";
|
||||
esy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINS2UR/o+nK8lNHHTj5I84ZAAp6P+ZhXqhedMfx0KHE4 <Skynet>";
|
||||
|
||||
users = [
|
||||
admin
|
||||
silver_laptop
|
||||
silver_laptop_2
|
||||
silver_desktop
|
||||
thenobrainer
|
||||
eliza
|
||||
esy
|
||||
];
|
||||
|
||||
agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHOxA3uYcqS5gTrG1hS8XXwehzQYAI2I4iULtU8cXft root@agentjones";
|
||||
|
@ -32,7 +26,6 @@ let
|
|||
cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie";
|
||||
marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin";
|
||||
calculon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsmeBfh4Jw2GOL7Iyswzn4TVNzalDbxDgh7WuQotFxR root@calculon";
|
||||
ariia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4kV6W1/tP/nf2ZWNhRoV1mK04R4pS+c5vdsA1n5gpN root@ariia";
|
||||
|
||||
systems = [
|
||||
agentjones
|
||||
|
@ -50,7 +43,6 @@ let
|
|||
cadie
|
||||
marvin
|
||||
calculon
|
||||
ariia
|
||||
];
|
||||
|
||||
dns = [
|
||||
|
@ -78,7 +70,7 @@ let
|
|||
];
|
||||
|
||||
grafana = [
|
||||
ariia
|
||||
kitt
|
||||
];
|
||||
|
||||
# these need dns stuff
|
||||
|
@ -136,9 +128,6 @@ in {
|
|||
"gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners;
|
||||
"gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners;
|
||||
|
||||
"forgejo/runners/token.age".publicKeys = users ++ gitlab_runners;
|
||||
"forgejo/runners/ssh.age".publicKeys = users ++ gitlab_runners;
|
||||
|
||||
# for ldap
|
||||
"ldap/pw.age".publicKeys = users ++ ldap ++ bitwarden;
|
||||
# for use connectring to teh ldap
|
||||
|
@ -149,6 +138,7 @@ in {
|
|||
"backup/restic_pw.age".publicKeys = users ++ restic;
|
||||
|
||||
# discord bot and discord
|
||||
"discord/ldap.age".publicKeys = users ++ ldap ++ discord;
|
||||
"discord/token.age".publicKeys = users ++ discord;
|
||||
|
||||
# email stuff
|
||||
|
|
Binary file not shown.
Binary file not shown.
Loading…
Reference in a new issue