Compare commits

...

658 commits

Author SHA1 Message Date
sysadm
f92fea1224 Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 16s
Build_Deploy / deploy_dns (push) Successful in 54s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 2m47s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-11-18 16:26:58 +00:00
sysadm
2d9a3cbd11 Updated flake for skynet_ldap_backend
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 51s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-11-18 14:40:07 +00:00
70a83bd97b
fix: ldap has no need for discord stuff
All checks were successful
Build_Deploy / linter (push) Successful in 10s
Build_Deploy / build (push) Successful in 19s
Build_Deploy / deploy_dns (push) Successful in 1m13s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m43s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-11-18 12:20:02 +00:00
e012fdf3a7
fix: ensure ldap can access values 2024-11-18 12:20:02 +00:00
sysadm
e478af71a1 Updated flake for skynet_ldap_backend
Some checks failed
Build_Deploy / linter (push) Successful in 10s
Build_Deploy / build (push) Successful in 24s
Build_Deploy / deploy_dns (push) Failing after 11s
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-11-18 12:16:31 +00:00
a1c9125397
feat: pre-added more stuff for the new bot
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 17s
Build_Deploy / deploy_dns (push) Successful in 49s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-11-09 16:53:54 +00:00
67c3787d2e
feat: pre-added the api key needed to access more resources
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 17s
Build_Deploy / deploy_dns (push) Successful in 53s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m12s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-11-09 01:22:41 +00:00
7799bda982
feat: added Shay
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 53s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m26s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-11-08 18:24:13 +00:00
af1535b7dc
fix: backup of all teh email dirs was causing conjection issues 2024-11-08 18:23:16 +00:00
19a0b8044f
fix: force ssl
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 16s
Build_Deploy / deploy_dns (push) Successful in 52s
Build_Deploy / deploy_active (active) (push) Successful in 43s
Build_Deploy / deploy_active (active-ext) (push) Successful in 32s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m13s
2024-11-06 01:35:23 +00:00
2728487448
fix: this should get some items built and deployed
Some checks failed
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 13s
Build_Deploy / deploy_dns (push) Successful in 55s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
2024-11-06 01:25:57 +00:00
13eba34a56
feat: outinul.ie now has ssl
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 54s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Failing after 40s
Build_Deploy / deploy_active (active-ext) (push) Successful in 42s
2024-11-05 17:39:56 +00:00
1baeb24761
fix: errors in the secrets so just rekeyed
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 16s
Build_Deploy / deploy_dns (push) Successful in 55s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m18s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-11-02 21:06:06 +00:00
sysadm
b2297e2843 Updated flake for skynet_website_wiki
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 49s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
Build_Deploy / deploy_active (active-core) (push) Failing after 1m18s
2024-11-02 20:23:02 +00:00
sysadm
4f4431cd6d Updated flake for compsoc_public
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 49s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Failing after 32s
Build_Deploy / deploy_active (active-ext) (push) Successful in 27s
2024-11-02 20:14:25 +00:00
8c98281eff
fix: finally got items that have git-lfs working
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 47s
Build_Deploy / deploy_active (active-core) (push) Failing after 31s
Build_Deploy / deploy_active (active-ext) (push) Successful in 27s
Long story short it seems that ``git+`` does not handle lfs objects when hashing it

The reason we are using teh archives is as follows:
https://nixos-and-flakes.thiscute.world/other-usage-of-flakes/inputs
>     # Regular git input doesn't support LFS yet.
>     #    git-example-lfs.url = "https://codeberg.org/solver-orgz/treedome/archive/master.tar.gz";
2024-11-02 20:07:53 +00:00
45afc95d99
fix: back to old version of the websites
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 48s
Build_Deploy / deploy_active (active) (push) Successful in 47s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
Build_Deploy / deploy_active (active-core) (push) Failing after 46s
Dont fuck with them
2024-11-02 19:15:44 +00:00
49d69b1a10
fix: slight improvement in how packages are added to eachs erver
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 16s
Build_Deploy / deploy_dns (push) Successful in 1m14s
Build_Deploy / deploy_active (active) (push) Successful in 1m22s
Build_Deploy / deploy_active (active-core) (push) Failing after 25s
Build_Deploy / deploy_active (active-ext) (push) Successful in 48s
2024-11-02 18:55:40 +00:00
cb2fba3f81
fix: servers need to have git lfs installed as well 2024-11-02 18:54:27 +00:00
6d2a13cf03
feat: rebuilt wheatly
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 14s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 1m18s
Build_Deploy / deploy_active (active-core) (push) Failing after 26s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-11-02 17:10:25 +00:00
97a062180e
ci: make lix available in builds 2024-11-02 17:10:09 +00:00
be75fcb296
fix: stop using teh bleeding edge lix 2024-11-02 17:09:45 +00:00
50fc679172
cleanup: gettign rid of the gitlab runner config 2024-11-02 17:09:11 +00:00
45e9d60967
ci: test only building develop
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
Build_Deploy / build (push) Successful in 1m2s
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_dns (push) Has been cancelled
2024-11-02 15:27:34 +00:00
59855b06e3
ci: make verbose to see what is running on it
Some checks failed
Build_Deploy / deploy_dns (push) Blocked by required conditions
Build_Deploy / deploy_active (active) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-core) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Has been cancelled
2024-11-02 14:50:03 +00:00
6d4160fe65
fix: bump everythign after all
Some checks are pending
Build_Deploy / build (push) Waiting to run
Build_Deploy / deploy_dns (push) Blocked by required conditions
Build_Deploy / deploy_active (active) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-core) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Successful in 6s
2024-11-02 14:19:39 +00:00
ff6af9916d
fix: dont update lix yet, causes a pile of errors
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
2024-11-02 11:38:15 +00:00
2c196ae87e
fix: disable the document writer untl its fixed 2024-11-02 11:14:52 +00:00
c648bded74
testing: to see if we can get a whiteboard working 2024-11-02 11:14:52 +00:00
8a85846c0d
feat: using the upstreamed bitwarden directory conenctor 2024-11-02 11:14:52 +00:00
5448662230
fix: getattic working
Seems to have been mainstreamed
2024-11-02 11:14:41 +00:00
50459f7982
fix: solves i24-09-03_614 2024-11-01 13:12:14 +00:00
sysadm
c114f31d2e Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 12s
Build_Deploy / build (push) Successful in 4m44s
Build_Deploy / deploy_dns (push) Successful in 50s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 38s
2024-10-18 22:27:21 +00:00
sysadm
74a3f11f9b Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m48s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-10-09 16:51:49 +00:00
sysadm
87383ccaae Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m37s
Build_Deploy / deploy_dns (push) Successful in 51s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-10-09 16:10:43 +00:00
9a8b446497 Merge pull request '#134_limit-dns' (#135) from #134_limit-dns into main
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m26s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m12s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
Reviewed-on: #135
2024-10-09 14:16:47 +00:00
2fc07e49aa
fix: disable gpg signing on forgejo
Some checks failed
Build_Deploy / deploy_dns (push) Blocked by required conditions
Build_Deploy / deploy_active (active) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-core) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Has been cancelled
2024-10-09 15:16:07 +01:00
sysadm
cd10457035 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m32s
Build_Deploy / deploy_dns (push) Successful in 48s
Build_Deploy / deploy_active (active) (push) Successful in 53s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m33s
Build_Deploy / deploy_active (active-ext) (push) Successful in 39s
2024-10-07 19:54:10 +00:00
sysadm
8e48b61473 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m37s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-10-06 20:09:08 +00:00
86efe11f83
fmt: formatting 2024-10-05 12:41:25 +01:00
1fcfc78c6b
doc: add a pile of documentation to teh dns file 2024-10-05 12:35:22 +01:00
91d76c08f1
feat: limit the dns to explicitly servers we are using
Closes #134
2024-10-05 12:20:24 +01:00
0b0db08f01
feat: actually record our wifi network 2024-10-05 11:15:38 +01:00
5c5ea3678d
feat: switching over the committee
All checks were successful
Build_Deploy / linter (push) Successful in 14s
Build_Deploy / build (push) Successful in 3m19s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m45s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-10-04 13:34:11 +01:00
a4be5de575
feat: switching over the committee
Some checks failed
Build_Deploy / deploy_dns (push) Blocked by required conditions
Build_Deploy / deploy_active (active) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-core) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Has been cancelled
2024-10-04 12:37:56 +01:00
ad9e434a28
feat: forgejo runner needs docker enabled
All checks were successful
Build_Deploy / linter (push) Successful in 11s
Build_Deploy / build (push) Successful in 4m50s
Build_Deploy / deploy_dns (push) Successful in 38s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-10-04 12:01:17 +01:00
51d8a84432
feat: initial removal of the gitlab runner
For scream testing
2024-10-04 12:01:17 +01:00
259a6df8a7
feat: allow for the sserver instance to sign off merge commits 2024-10-04 12:01:17 +01:00
sysadm
c0aa5c138d Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m34s
Build_Deploy / deploy_dns (push) Successful in 42s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m12s
Build_Deploy / deploy_active (active-ext) (push) Successful in 37s
2024-09-29 23:22:29 +00:00
sysadm
e1a3a64a8d Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m37s
Build_Deploy / deploy_dns (push) Successful in 42s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 2m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-09-29 19:10:15 +00:00
sysadm
542ee2858e Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m44s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m13s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-09-29 09:37:14 +00:00
sysadm
df6825cb7e Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m57s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m12s
Build_Deploy / deploy_active (active-ext) (push) Successful in 33s
2024-09-27 19:23:52 +00:00
sysadm
335f2f08f1 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m49s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-25 19:46:01 +00:00
sysadm
d47abf2527 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m34s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-25 16:40:29 +00:00
sysadm
8275f3063b Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m40s
Build_Deploy / deploy_dns (push) Successful in 39s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-25 16:31:32 +00:00
sysadm
d76d5acbb7 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m43s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 55s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m19s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-25 15:23:37 +00:00
sysadm
be4f8dbe89 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m35s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m15s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-25 15:10:03 +00:00
sysadm
71d6d7555b Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m48s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m12s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-25 14:56:13 +00:00
sysadm
14334cbee4 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 9s
Build_Deploy / build (push) Successful in 3m45s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-25 14:31:56 +00:00
sysadm
181a78286e Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m33s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-24 18:24:08 +00:00
sysadm
a6a368457a Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m47s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-24 12:56:58 +00:00
sysadm
7eb83514ca Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 9s
Build_Deploy / build (push) Successful in 3m32s
Build_Deploy / deploy_dns (push) Successful in 39s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m12s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-24 10:07:51 +00:00
sysadm
743f6faa44 Updated flake for skynet_website_games
Some checks failed
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m29s
Build_Deploy / deploy_dns (push) Successful in 51s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Failing after 1s
Build_Deploy / deploy_active (active-ext) (push) Failing after 3s
2024-09-23 20:09:07 +00:00
esy
95e9b971b2 feat: add license 2024-09-23 20:07:43 +00:00
sysadm
13e9552799 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 11s
Build_Deploy / build (push) Successful in 3m38s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-23 14:01:41 +00:00
sysadm
6831976805 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m35s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-23 13:26:32 +00:00
sysadm
103bd93772 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m44s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-23 12:47:45 +00:00
sysadm
8725a9af9d Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m38s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-22 18:46:10 +00:00
sysadm
668dd90358 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m43s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-22 17:06:21 +00:00
sysadm
b215f10513 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m58s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-20 14:16:11 +00:00
sysadm
0907c36e18 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 10s
Build_Deploy / build (push) Successful in 3m33s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-09-18 15:51:32 +00:00
sysadm
fdebdb6cc5 Updated flake for skynet_website_wiki
Some checks failed
Build_Deploy / deploy_active (active-core) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m42s
Build_Deploy / deploy_dns (push) Successful in 39s
Build_Deploy / deploy_active (active) (push) Has been cancelled
2024-09-18 15:46:32 +00:00
sysadm
839009195a Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m48s
Build_Deploy / deploy_dns (push) Successful in 51s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-18 11:04:52 +00:00
sysadm
951a72d0a6 Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m34s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m17s
Build_Deploy / deploy_active (active-ext) (push) Successful in 32s
2024-09-18 06:17:25 +00:00
sysadm
5d72d1aa84 Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m57s
Build_Deploy / deploy_dns (push) Successful in 39s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m18s
Build_Deploy / deploy_active (active-ext) (push) Successful in 32s
2024-09-17 23:06:27 +00:00
sysadm
5eeda983eb Updated flake for skynet_discord_bot
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m47s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Failing after 1m14s
Build_Deploy / deploy_active (active-ext) (push) Successful in 36s
2024-09-17 22:23:02 +00:00
sysadm
5012dd992f Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 9s
Build_Deploy / build (push) Successful in 3m27s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 31s
2024-09-17 21:35:54 +00:00
sysadm
2e06a80dfc Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m59s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m14s
Build_Deploy / deploy_active (active-ext) (push) Successful in 27s
2024-09-17 11:40:09 +00:00
sysadm
65d4a91fa4 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m31s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 34s
2024-09-17 11:12:18 +00:00
2bcdfb0f83
fix: dont run earch seperately
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m35s
Build_Deploy / deploy_dns (push) Successful in 43s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-17 00:38:56 +01:00
8c828738ca
feat: updated the inputs for the discord bot 2024-09-17 00:38:56 +01:00
sysadm
7c8d9641b5 Updated flake for skynet_discord_bot
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 37s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-09-16 23:37:14 +00:00
sysadm
97ca87ec11 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m43s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-15 17:57:44 +00:00
sysadm
c692663e0e Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m59s
Build_Deploy / deploy_dns (push) Successful in 42s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-15 17:28:26 +00:00
sysadm
37c564be74 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m49s
Build_Deploy / deploy_dns (push) Successful in 42s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-15 00:02:53 +00:00
sysadm
fdd2c24bbd Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m46s
Build_Deploy / deploy_dns (push) Successful in 42s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-14 22:46:07 +00:00
sysadm
5d6aec46de Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 4m5s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-14 21:40:07 +00:00
sysadm
32d534be45 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m46s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-09-13 21:20:09 +00:00
31e7cca4ed
feat: now hosting Out in UL
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m52s
Build_Deploy / deploy_dns (push) Successful in 48s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-09-10 21:58:42 +01:00
7dcbf88fa4
feat: adding my second laptop to the secrets list
All checks were successful
Build_Deploy / linter (push) Successful in 20s
Build_Deploy / build (push) Successful in 4m49s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 33s
2024-09-09 19:45:13 +01:00
sysadm
4b2720df36 Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m56s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m19s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-09-02 12:54:32 +00:00
sysadm
5fa1bbd818 Updated flake for skynet_discord_bot
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m48s
Build_Deploy / deploy_dns (push) Successful in 41s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m15s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-31 18:33:57 +00:00
sysadm
a050b6ced7 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m54s
Build_Deploy / deploy_dns (push) Successful in 47s
Build_Deploy / deploy_active (active) (push) Successful in 44s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-29 21:26:11 +00:00
38e0322f67
feat: skynet admins are committee
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m56s
Build_Deploy / deploy_dns (push) Successful in 39s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 26s
2024-08-26 23:49:47 +01:00
sysadm
31dc474c84 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 10s
Build_Deploy / build (push) Successful in 3m45s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-26 22:39:52 +00:00
sysadm
3347ac8a89 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 8s
Build_Deploy / build (push) Successful in 3m47s
Build_Deploy / deploy_dns (push) Successful in 49s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-26 22:32:11 +00:00
sysadm
9143fdc77c Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m54s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-26 22:19:31 +00:00
sysadm
11d4c2269c Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m47s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m14s
Build_Deploy / deploy_active (active-ext) (push) Successful in 36s
2024-08-26 20:53:28 +00:00
sysadm
4196934565 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m51s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-26 19:44:20 +00:00
35b12b57aa
fix: bump alejandra to a newer version as the existing version didnt have an input quoted
All checks were successful
Build_Deploy / linter (push) Successful in 2m7s
Build_Deploy / build (push) Successful in 53m13s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 54s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m22s
Build_Deploy / deploy_active (active-ext) (push) Successful in 38s
2024-08-26 09:43:09 +01:00
6c9a852e78
fix: bump the wiki
Some checks failed
Build_Deploy / deploy_dns (push) Blocked by required conditions
Build_Deploy / deploy_active (active) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-core) (push) Blocked by required conditions
Build_Deploy / deploy_active (active-ext) (push) Blocked by required conditions
Build_Deploy / linter (push) Failing after 2s
Build_Deploy / build (push) Has been cancelled
See https://forgejo.skynet.ie/Skynet/nixos/actions/runs/192 for details on the issue
2024-08-26 09:15:44 +01:00
ddf5a22d8b
nix: switch over to using Lix
Related to #81
2024-08-26 09:14:42 +01:00
287b268161
fix: inputs have to be quoted 2024-08-26 09:13:25 +01:00
sysadm
31c94bc8d2 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m38s
Build_Deploy / deploy_dns (push) Successful in 36s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m11s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-22 17:03:12 +00:00
sysadm
34ffe6c37f Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m33s
Build_Deploy / deploy_dns (push) Successful in 40s
Build_Deploy / deploy_active (active) (push) Successful in 42s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-21 22:53:41 +00:00
sysadm
884617ddb7 Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m38s
Build_Deploy / deploy_dns (push) Successful in 36s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m10s
Build_Deploy / deploy_active (active-ext) (push) Successful in 27s
2024-08-21 22:46:27 +00:00
sysadm
39fd65d467 Updated flake for skynet_website
All checks were successful
Build_Deploy / linter (push) Successful in 2m40s
Build_Deploy / build (push) Successful in 54m7s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 2m37s
Build_Deploy / deploy_active (active-ext) (push) Successful in 32s
2024-08-21 08:34:33 +00:00
silver
ac7db8f099 Updated flake for
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 52m14s
Build_Deploy / deploy_dns (push) Successful in 2m13s
Build_Deploy / deploy_active (active) (push) Failing after 4m5s
Build_Deploy / deploy_active (active-core) (push) Failing after 4m25s
Build_Deploy / deploy_active (active-ext) (push) Successful in 1m39s
2024-08-21 02:22:02 +00:00
99b2ba1477
ci: update input now works on everything
Some checks failed
Build_Deploy / build (push) Has been cancelled
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / linter (push) Has been cancelled
2024-08-21 03:20:56 +01:00
36e9e6b76d
ci: update input now works on everything
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
2024-08-21 03:19:10 +01:00
sysadm
97d750ac66 Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
Build_Deploy / build (push) Failing after 1m46s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
2024-08-21 01:40:04 +00:00
fc78bb7287
ci: test with keep failed
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
2024-08-21 02:38:25 +01:00
5d93ffb71f
ci: test with keep failed
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Waiting to run
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
2024-08-21 02:21:40 +01:00
41dd05cd36
ci: test with keep failed
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 20s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 02:20:44 +01:00
350f4266ed
ci: test with keep failed
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
Build_Deploy / build (push) Failing after 28s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
2024-08-21 02:14:07 +01:00
aefd9bbdb0
ci: `nix flake update`
Some checks failed
Build_Deploy / linter (push) Successful in 2m42s
Build_Deploy / build (push) Failing after 3m13s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 01:56:25 +01:00
sysadm
598ae73b3e Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Failing after 1m25s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 00:48:28 +00:00
bf939cc941
ci: newer versions of nix have this format for updating flake inputs
Some checks failed
Build_Deploy / build (push) Has been cancelled
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / linter (push) Has been cancelled
2024-08-21 01:47:27 +01:00
sysadm
4688eec153 Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 1m26s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 00:35:11 +00:00
961a35b990
ci: more testing
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
2024-08-21 01:32:34 +01:00
987db0c6aa
ci: more testing 2024-08-21 01:31:53 +01:00
sysadm
6ce2a6337f Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 1m27s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 00:21:34 +00:00
deb43c0768
ci: more testing
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 1m28s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 01:12:04 +01:00
sysadm
6c9df12566 Updated flake for skynet_website_2009
Some checks failed
Build_Deploy / linter (push) Successful in 2m23s
Build_Deploy / build (push) Failing after 1m29s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 00:01:21 +00:00
sysadm
fb1ef7b66b Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
Build_Deploy / build (push) Failing after 3m28s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
2024-08-20 23:36:29 +00:00
75740f9bae
ci: more testing
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Failing after 1m21s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 00:17:57 +01:00
6376e910f1
ci: test using ref=main for the inputs
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 1m23s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-21 00:03:07 +01:00
sysadm
8e57469ee2 Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Failing after 1m28s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-20 22:45:23 +00:00
sysadm
1638e44caa Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 1m28s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-20 22:37:19 +00:00
58800bf7b2
fix: incorrect hashes
Some checks failed
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Failing after 1m27s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-20 23:07:50 +01:00
sysadm
68d5a91b0b Updated flake for skynet_website_wiki
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m25s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 47s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-19 22:38:29 +00:00
a7b559972b
feat : adjust nginx to point at root of new docs, update name of flake
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Failing after 1m29s
Build_Deploy / deploy_dns (push) Has been skipped
Build_Deploy / deploy_active (active) (push) Has been skipped
Build_Deploy / deploy_active (active-core) (push) Has been skipped
Build_Deploy / deploy_active (active-ext) (push) Has been skipped
2024-08-19 23:31:28 +01:00
sysadm
39be11301a Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m42s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 47s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m18s
Build_Deploy / deploy_active (active-ext) (push) Successful in 36s
2024-08-19 22:09:25 +00:00
esy
afa3515cd8 fix: not showing in preview
single quotes works double doesnt for some reason
2024-08-16 18:57:47 +00:00
esy
0e5990e563 Update ITD/Firewall_Rules.csv
add git ssh ticket
2024-08-16 18:55:18 +00:00
sysadm
8302b216e0 Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 7s
Build_Deploy / build (push) Successful in 3m58s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m23s
Build_Deploy / deploy_active (active-ext) (push) Successful in 32s
2024-08-16 14:38:20 +00:00
sysadm
9a67dfee37 Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m46s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m24s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-08-12 23:59:18 +00:00
sysadm
3997805406 Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / build (push) Successful in 3m43s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m21s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-12 23:49:28 +00:00
2d95094fbd
feat: allow having nice links without .html
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m46s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m25s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-08-13 00:09:32 +01:00
sysadm
692ed8e3f0 Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m44s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m21s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-12 22:38:47 +00:00
sysadm
04944584c6 Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m48s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-12 21:00:14 +00:00
fbff2a4ab2
fix: point teh wiki to teh right subfolder
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m44s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 47s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m19s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-08-12 19:32:59 +01:00
sysadm
de72894701 Updated flake for skynet_website_renew
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m44s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-08-12 18:25:36 +00:00
sysadm
5cdcd97f6b Updated flake for skynet_website_games
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m39s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m19s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
2024-08-11 20:57:59 +00:00
sysadm
25c4007e3e Updated flake for skynet_website
Some checks failed
Build_Deploy / linter (push) Successful in 5s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
2024-08-11 20:55:34 +00:00
sysadm
fea5ec177e Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m38s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 45s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-11 20:47:47 +00:00
sysadm
f49bf144ae Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m39s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-11 20:24:02 +00:00
sysadm
e76262aa43 Updated flake for compsoc_public
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
2024-08-11 20:23:18 +00:00
sysadm
20f0c16e2f Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m40s
Build_Deploy / deploy_dns (push) Successful in 50s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-11 20:14:50 +00:00
9c6844fed2
fix: should only deploy from main
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m39s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-11 20:38:20 +01:00
f61b9c8d6d
fix: should only deploy from main 2024-08-11 18:47:36 +01:00
sysadm
62115a3d93 Updated flake for compsoc_public
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m24s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 46s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-11 16:50:00 +00:00
0e7048be31
feat: add a few extra useful tools to teh runner
All checks were successful
Build_Deploy / linter (push) Successful in 13s
Build_Deploy / build (push) Successful in 3m40s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m17s
Build_Deploy / deploy_active (active-ext) (push) Successful in 33s
2024-08-11 04:13:25 +01:00
c2ace73a9b
ci: add workflow for updating forgejo 2024-08-10 23:08:35 +01:00
9120a81d6b
feat: switch over to using forjo for inputs
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m56s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 50s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m20s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
2024-08-10 21:32:51 +01:00
186833f70c
fix: use github as the default url for actions, will still be recommending to use the fully qualified link for it though 2024-08-10 20:41:48 +01:00
sysadm
31f54b1e92 Updated flake for simple-nixos-mailserver
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m36s
Build_Deploy / deploy_dns (push) Successful in 46s
Build_Deploy / deploy_active (active) (push) Successful in 49s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m17s
Build_Deploy / deploy_active (active-ext) (push) Successful in 28s
2024-08-09 19:56:31 +00:00
5a21783b63
ci: no need to run buiold and deploy on a workflow update 2024-08-08 14:55:29 +01:00
529b0e13ec
ci: give teh flake update workflow a better name
Some checks failed
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / deploy_dns (push) Has been cancelled
Build_Deploy / deploy_active (active) (push) Has been cancelled
Build_Deploy / deploy_active (active-core) (push) Has been cancelled
Build_Deploy / deploy_active (active-ext) (push) Has been cancelled
Build_Deploy / build (push) Has been cancelled
2024-08-08 14:53:13 +01:00
410017d86f Merge pull request 'Setup Forgejo' (#126) from #85-test-forgejo into main
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m35s
Build_Deploy / deploy_dns (push) Successful in 44s
Build_Deploy / deploy_active (active) (push) Successful in 51s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m16s
Build_Deploy / deploy_active (active-ext) (push) Successful in 29s
Reviewed-on: https://forgejo.skynet.ie///Skynet/nixos/pulls/126
2024-08-07 23:06:43 +00:00
1fb4318310
feat: got the pipelines configured now
All checks were successful
Build_Deploy / linter (push) Successful in 6s
Build_Deploy / build (push) Successful in 3m14s
Build_Deploy / deploy_dns (push) Successful in 45s
Build_Deploy / deploy_active (active) (push) Successful in 48s
Build_Deploy / deploy_active (active-core) (push) Successful in 1m13s
Build_Deploy / deploy_active (active-ext) (push) Successful in 30s
Update .mailmap

See if making it .mailmap fixes it

Signed-off-by: silver <silver@skynet.ie>

Add .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

Update .forgejo/workflows/testing.yaml

feat: initial test of flake update

Signed-off-by: silver <silver@skynet.ie>

test: seeing if I can push changes

testing

fix: set the url of the external plugin correctly

Signed-off-by: silver <silver@skynet.ie>

fix: go back to using nix

fix: update command

Signed-off-by: silver <silver@skynet.ie>

Apply automatic changes

revert 26c7781fad

revert Apply automatic changes

test: add teh cache and colmena build

Signed-off-by: silver <silver@skynet.ie>

test: see if this helps

Signed-off-by: silver <silver@skynet.ie>

test: see if using another plugin will work

Signed-off-by: silver <silver@skynet.ie>

test: the cache key

test: more testing

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

test: s[pplit up teh build and cache propegation

attic push --ignore-upstream-cache-filter mycache $(ls -d /nix/store/*/ | grep -v fake_nixpkgs)

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

revert 35887a8fba

revert Update .forgejo/workflows/update_input.yaml

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

fix: no need to upload in pipeline now,

Signed-off-by: silver <silver@skynet.ie>

ci: initial commit of the deploy pipeline

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/deploy.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/deploy.yaml

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

Signed-off-by: silver <silver@skynet.ie>

Updated flake for agenix

test: force pipeline

Signed-off-by: silver <silver@skynet.ie>

Update .forgejo/workflows/update_input.yaml

ci: testing if I can get this working right

Signed-off-by: silver <silver@skynet.ie>

Updated flake for arion

revert b6cd168c38

revert Updated flake for arion

ci: more changes to see if this will help

Signed-off-by: silver <silver@skynet.ie>

Updated flake for arion

revert da380ed0f4

revert Updated flake for arion

Update .forgejo/workflows/deploy.yaml

Signed-off-by: silver <silver@skynet.ie>

Updated flake for arion

revert f0ee4a9e69

revert Updated flake for arion

fix: reformatted flake

ci: testing out deploy

ci: testing out deploy, new ssh manager

ci: more testing

ci: see if going back to basics helps

ci: test a few things

ci: test a few things

ci: for testing

ci: more testing

ci: some bastardisation for thbe ssh

ci: more testing

ci: check if setting root as teh user helps

ci: check if setting root as teh user helps2

ci: check if setting root as teh user helps2

ci: check if setting root as teh user helps2

ci: more testing

ci: more testing

ci: more testing

ci: more testing2

ci: more testing2

ci: more testing2

ci: more testing2

ci: more testing2

ci: more testing2

ci: clean up testing

ci: final tests

ci:: final, fixing

ci: need logging

ci: more testing

ci: gahhhhhhhhhh

ci: AAAAAAAAAAAAAAAAAA

ci: lets go back

ci: lets go backaaaaaaaa

ci: lets go backaaaaaaaaqweadadsasdasdasdasd

ci: lets go backaaaaaaaaqweadadsasdasdasdasd

ci: add the final deploy config

Add .forgejo/workflows/testing.yaml

(cherry picked from commit f2cf71ef98)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit e156b61105)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit 80e1fcc545)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit 423f2dd5b3)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit f446ba5443)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit 44a7186a40)

Update .forgejo/workflows/testing.yaml

(cherry picked from commit ed0be4507a)
2024-08-07 22:10:16 +01:00
f00ae5bd2d
feat: basic forgejo setup 2024-08-07 21:52:50 +01:00
97d1783561
feat: basic config for ForgeJo 2024-08-06 20:52:19 +01:00
98136e802b
fix: git is important enough that it should have its own folder 2024-08-06 15:41:59 +01:00
86e0c091fb Merge branch '#84-improve-topdesk-organisation' into 'main'
Add a BCC to service account mails to enable threading

Closes #84

See merge request compsoc1/skynet/nixos!38
2024-07-25 08:21:33 +00:00
4f87e56d63
fix: include cc's for incoming mail 2024-07-24 20:47:58 +01:00
cd002aec03 fix : remove unneeded import
Prometheus is imported through base
2024-07-22 20:02:38 +00:00
9c7d08c153
fix: slight bit of formatting and a renaming
Closes #84
2024-07-22 18:57:31 +01:00
35920eda0c
feat: this should put an automatic bcc on outgoing mail as well as a corrosponding filter to put it in teh right inboxes
Relates to #84
2024-07-22 18:54:23 +01:00
ba527ead3b Update VPN_Admins.csv 2024-07-22 13:01:37 +00:00
1212ecc7a1
its: better handling of changes over time for teh vpn users 2024-07-22 13:18:12 +01:00
bbcc8fc1f6
itd: add the ticket to the rules 2024-07-22 13:04:24 +01:00
ba6d831f73
itd: vpn users has been updated 2024-07-22 13:02:31 +01:00
bd96a84fe8
committee: added Emilia 2024-07-21 21:18:06 +01:00
d64997991d
update: rebased the mailserver to pull in updates from upstream 2024-07-21 13:10:18 +01:00
537863c913
ci: improve teh pipeline 2024-07-20 14:16:55 +01:00
ed4dcbc756
ci: improve teh pipeline 2024-07-20 14:12:03 +01:00
5c6939bc83
Revert "ci: improve teh pipeline"
This reverts commit 2834fbba8d.
2024-07-20 14:07:47 +01:00
2834fbba8d
ci: improve teh pipeline 2024-07-20 13:38:35 +01:00
c5a651d98e
nix: bump nixpkgs to get the patched gitlab 2024-07-20 12:45:16 +01:00
648b437767
dns: use better date for teh serial 2024-07-20 12:28:53 +01:00
a4d83fde50
ci: test using lix on teh runner
Relates to #81

Also bump the base image to teh latest alpine
2024-07-20 12:28:36 +01:00
2a949f8e82
fix: test the new format 2024-07-20 01:00:53 +01:00
abdc5b6d50 Merge branch '#55-non-skynet-dns' into 'main'
Allow DNS for non skynet.ie domains

Closes #55

See merge request compsoc1/skynet/nixos!37
2024-07-17 19:08:52 +00:00
c5c44acc8b
fmt: prepping for #80 2024-07-17 04:20:48 +01:00
1287160cdf
feat: reduced some complexity 2024-07-17 04:08:04 +01:00
4c8ebb455e
feat: the actual bind files are now created directly from teh records 2024-07-17 03:50:20 +01:00
454e58b085
feat: generate the zones directly from teh dns records 2024-07-17 03:00:20 +01:00
2a8a7cc7f4
feat: simplify the zone creation 2024-07-17 01:38:31 +01:00
0b25b5ac54
fix: smol cleanup 2024-07-17 00:53:28 +01:00
356ac2e505
fix: move the mailserver dns config to the proper file 2024-07-17 00:52:55 +01:00
1a07781c4d
feat: the right width for records will now be auto calculated 2024-07-17 00:47:45 +01:00
15e534c222
feat: add new option for dns records 2024-07-16 23:17:38 +01:00
e9d5985adf
fmt: remove duplicate imports, now unified in applications/_base.nix 2024-07-16 23:09:22 +01:00
cb0cfbaf4a
fmt: move the dns into its own folder 2024-07-16 22:54:44 +01:00
b1bd6ca40a
feat: unify the record options 2024-07-16 22:31:28 +01:00
9fb45cba7e
feat: bump the nixpkgs version, specifically bringing in newer gitlab 2024-07-15 15:14:44 +01:00
3837ff2dd1
fix: sort the domains, prevents errors in cert renewal 2024-07-09 22:16:09 +01:00
b6b9ae0579
feat: new wiki domain 2024-07-09 22:12:41 +01:00
runner_nix
b7cb7eeade Updated flake for skynet_website_renew 2024-07-09 20:54:14 +00:00
2a45bc4f70
cve: bumped system to have the updated sshd package
relates to CVE-2024-6387
2024-07-02 14:13:08 +01:00
e6954d3448
git: merging in some upstream changes while still waiting for ther patch to be merged in 2024-06-27 13:19:12 +01:00
09e7f8f0d4 fix: what is old is new again 2024-06-18 22:50:28 +00:00
dac45073d6 Add entries for modded minecraft server 2024-06-18 19:22:29 +00:00
9583eaa9be
doc: update the firewall changes 2024-06-18 10:14:06 +01:00
a0215b2271
doc: added a new page for names ideas 2024-06-17 20:58:33 +01:00
cd13520aba
feat: new server for stats, ariia, danm I love this naming scheme 2024-06-17 20:58:33 +01:00
8009b7c8d1
fix: some small fixes for prometheus 2024-06-17 20:58:32 +01:00
runner_nix
07cb42dd65 Updated flake for skynet_website_renew 2024-06-17 01:39:31 +00:00
6229abcefa fix: put teh blockers for teh update of teh flakes first 2024-06-17 01:11:03 +00:00
runner_nix
c197f0df85 Updated flake for skynet_website_2009 2024-06-17 00:48:14 +00:00
435379e610
doc: imported in the VPN Admins 2024-06-17 01:24:53 +01:00
44c81b1f3e
doc: reorganised to encompass all teh tickets we have submitted over time.
May work on a tool that compiles this together into a unified output?
2024-06-17 01:20:29 +01:00
897c52cc3e
doc: added the new servers 2024-06-17 01:17:52 +01:00
7ea813667b
git: update the lockfile to deal with open office 2024-06-17 01:17:27 +01:00
d226e905a2
fix: cut don what we have to fit better in the original format 2024-06-16 15:21:23 +01:00
40ece2f683
fix: originally this was a spreadsheet, split out and emulate the form better 2024-06-16 15:10:14 +01:00
9b84ff8619 Merge branch 'dmarc-spf-changes' into 'main'
Change spf and dmarc config

See merge request compsoc1/skynet/nixos!36
2024-06-15 14:38:47 +00:00
daragh
5933cb5dfe
Revert "test"
This reverts commit e0a461bb0a.
2024-06-15 15:25:38 +01:00
daragh
c0ddc2d6a9
switch include to a, remove skynet.ie 2024-06-15 15:25:38 +01:00
9e90553a6b Merge branch nixos:main into dmarc-spf-changes 2024-06-15 14:17:17 +00:00
daragh
e0a461bb0a
test 2024-06-15 15:07:08 +01:00
ed331c3f08 Originally this was set up so updating teh flake and pushing out to servers would occur in a single pipeline.
Add 

Relates to #79
2024-06-15 14:02:01 +00:00
452f33baa8 Update .gitlab-ci.yml file 2024-06-15 13:51:51 +00:00
daragh
149b58ce09
use cfg variables 2024-06-15 14:42:36 +01:00
daragh
1b848029e2
fix host ip variable 2024-06-15 14:30:40 +01:00
daragh
d3030aa2d1
Changing spf and dmarc config 2024-06-15 13:26:24 +01:00
5c33399d97
feat: add teh snapshot at the end of the year 2024-06-14 22:03:21 +01:00
1d3549d541
feat: current version is always on top 2024-06-14 21:34:43 +01:00
5c8dcdef00
feat: really easy to import in old versions of the site 2024-06-14 21:28:52 +01:00
34f8f0eb8c
femt: move skynet into its own subfolder 2024-06-14 20:38:46 +01:00
fee1e34ca8
fix: move to a better naming scheme for previous versions of teh skynet sites 2024-06-14 20:36:16 +01:00
69bd2be07c
admin: add eliza and esy as admins to teh secrets
Actually add the keys this time....
2024-06-07 19:19:03 +01:00
4b9a743e40
admin: add eliza and esy as admins to teh secrets 2024-06-07 19:11:08 +01:00
runner_nix
8c96241b67 [skip ci] Updated flake for skynet_ldap_backend 2024-06-07 17:59:13 +00:00
672ad2b96e Merge branch '#77-sync-jobs' into 'main'
fix: this should fix up this job (hopefully)

Closes #77

See merge request compsoc1/skynet/nixos!35
2024-06-06 23:22:55 +00:00
ce820a5d3c fix: this should fix up this job (hopefully) 2024-06-06 23:22:55 +00:00
e94683c3d5
fmt: better formatting of the backup server file 2024-06-06 23:35:37 +01:00
3d6a1ba696 Merge branch 'esy-main-patch-15485' into 'main'
Add esy as admin

See merge request compsoc1/skynet/nixos!34
2024-06-06 18:12:47 +00:00
8c7f2b5454 feat : make esy admin 2024-06-06 18:01:46 +00:00
5ba92dcbc1
fix: seems like some of teh dashboards want processes
Closes #70
2024-06-06 18:46:40 +01:00
7d8833a451
feat: results f testing exporters for DNS last night
Relates to #70
2024-06-06 18:46:40 +01:00
runner_nix
37bfebec20 [skip ci] Updated flake for skynet_ldap_backend 2024-06-03 23:04:52 +00:00
runner_nix
62fe4a2ba5 [skip ci] Updated flake for skynet_discord_bot 2024-06-03 22:42:04 +00:00
runner_nix
b7a5042538 [skip ci] Updated flake for skynet_discord_bot 2024-06-03 20:19:50 +00:00
a156d1ba1e
fix: new cache key 2024-06-03 20:03:49 +01:00
runner_nix
b2ecb14f68 [skip ci] Updated flake for skynet_discord_bot 2024-06-03 17:25:15 +00:00
runner_nix
c4e3a41831 [skip ci] Updated flake for skynet_discord_bot 2024-06-03 04:17:55 +00:00
dbf7a4d5d1
fix: didnt set the server cname properly 2024-06-03 04:36:53 +01:00
runner_nix
991758ef46 [skip ci] Updated flake for skynet_discord_bot 2024-06-03 03:31:40 +00:00
8d60c67722
doc: added a status col 2024-06-02 21:29:06 +01:00
cbc5af9b53
feat: retiring Optimus and teh games server that was hosted on it.
Now fully using Pterodactyl
2024-06-02 21:27:27 +01:00
1fb2bba4ce REMOVED COMMENTS BECAUSE LINTER ERROR UGHH 2024-06-02 17:56:41 +00:00
62d28bab4e Add records for old compsoc server, gamesoc server and philosophy and debate server. 2024-06-02 17:51:37 +00:00
9316caa559
doc: up[dated csv of ports/services 2024-05-31 16:21:05 +01:00
be9f5084eb
fix: dont have an internal ip 2024-05-30 22:10:40 +01:00
689344e518
fix: all servers now require the dns secret for acme now 2024-05-30 19:42:26 +01:00
379cb84839
feat: simplified the config for running services, only one hosts config is required now in each server config file 2024-05-30 17:55:29 +01:00
f8c7860eb5
feat: standardise all services to using `services.skynet."${name}";` format 2024-05-30 14:59:20 +01:00
54b43c9962
feat: use a host attribute to make the config less verbose/complex 2024-05-30 14:11:45 +01:00
e156b4ecaf
feat: standardise restic (backups) to using `services.skynet."${name}";` format 2024-05-30 13:57:30 +01:00
73a9419798
fix: small nginx cleanup 2024-05-30 13:39:12 +01:00
449ada5cec
feat: standardise acme to using `services.skynet."${name}";` format 2024-05-30 13:34:59 +01:00
023b491d89
feat: standardise dns to using `services.skynet."${name}";` format 2024-05-30 13:25:52 +01:00
75f0a17fcb
feat: use calutron as the public services server 2024-05-30 13:15:28 +01:00
9eafd6f53e
feat: use hockeypuck instead of sks 2024-05-30 13:04:44 +01:00
runner_nix
c71b3571ce [skip ci] Updated flake for skynet_website_renew 2024-05-27 22:26:03 +00:00
a6b070a971
fix: nginx upload limit increased 2024-05-27 11:31:37 +01:00
e7e5d554b2
fix: regex was not quite working 2
Previous version had a + instead of *
+ means to match one or more
* means to match 0 or more
2024-05-24 16:13:49 +01:00
f55d23e821
fix: regex was not quite working 2024-05-24 15:55:12 +01:00
b545c623d2
fix: use teh hostnames for these (missed this one) 2024-05-24 00:30:25 +01:00
44750155f1
fix: use teh hostnames for these 2024-05-24 00:00:44 +01:00
694cbb2f0b Merge branch 'prometheus2' into 'main'
Add prometheus

See merge request compsoc1/skynet/nixos!33
2024-05-23 21:52:09 +00:00
daragh
c0816ccce4
remove todo 2024-05-23 22:35:31 +01:00
daragh
889bb0dab6
doc: added link to node exporter options 2024-05-23 22:34:12 +01:00
f7dd90e92b
fix: needed to open teh ports to be able to get the data 2024-05-23 22:04:15 +01:00
147bd86ad5
fix: get the attributes merging correctly 2024-05-23 21:48:33 +01:00
daragh
963a189bcb
Removed provision config away from kitt 2024-05-23 04:34:19 +01:00
9148963c1f
fix: final set of changes to get it working 2024-05-23 04:20:44 +01:00
b8c6e153a4
fix: set the type of protocol 2024-05-23 04:10:15 +01:00
15271c1d09
fix: this does need a default 2024-05-23 04:08:50 +01:00
62ead11aad
fix: have to actually enable it 2024-05-23 04:07:37 +01:00
aba1a41d4d
fix: file permissions 2024-05-23 04:07:19 +01:00
0f75f11918
fix: this was blocking teh web interface 2024-05-23 04:07:07 +01:00
daragh
03ae1c5101
Remove config from marvin 2024-05-23 02:57:10 +01:00
daragh
061453e5d1
remove dead code 2024-05-23 02:45:10 +01:00
23f77caef6
feat: setup the password for grafana 2024-05-23 02:39:36 +01:00
daragh
40e4fe5ac4
fmt 2024-05-23 02:13:14 +01:00
daragh
fd3beade9b
Added entry in secrets.nix for grafana 2024-05-23 02:13:06 +01:00
daragh
9aeb7313b4
Moved grafana / prometheus to kitt 2024-05-23 02:10:16 +01:00
daragh
1ea703bfa1
Removed redundant conf, rename portcollecter 2024-05-23 01:27:02 +01:00
daragh
113084148c
Make map clearer, more parentheses 2024-05-23 01:21:29 +01:00
daragh
ca87227571
remove redundant option 2024-05-23 01:21:02 +01:00
daragh
9b3e7265dd
Added new option to specify ip and port for other nodes, fixed server.name to go through deployment.hostname 2024-05-22 01:51:21 +01:00
daragh
82305d43ff
fmt 2024-05-21 18:33:52 +01:00
daragh
be56e6b9e9
Reorganise prometheus/marvin config 2024-05-21 18:32:37 +01:00
daragh
cf600e2dc1
Using nodes instead of hardcoded server names
Might not work probably did smnth wrong
2024-05-21 18:23:56 +01:00
daragh
7f5f21dc8a
Use port from cfg 2024-05-21 07:34:28 +01:00
daragh
4637777e5c
Fix servers list location 2024-05-21 07:32:25 +01:00
daragh
183f5a0e7d
Initial prometheus config
Also did provision config for grafana, could be done directly but went
through skynet.grafana config
2024-05-21 06:38:21 +01:00
50abdb90ab Merge branch 'grafana' into 'main'
Add grafana

See merge request compsoc1/skynet/nixos!32
2024-05-21 02:50:41 +00:00
daragh
4ce0f69fb3
remove redudnant options 2024-05-21 03:40:58 +01:00
daragh
2a605151f8
remove prometheus from base 2024-05-21 03:21:50 +01:00
daragh
739529caae
change grafana to {name} everywhere* 2024-05-21 03:05:14 +01:00
daragh
961509ddc8
fix: https to http 2024-05-21 03:05:14 +01:00
daragh
70b1d6324d
rename grafana-server, move some things around 2024-05-21 03:05:14 +01:00
daragh
115535c386
fix cfg variable 2024-05-21 03:05:14 +01:00
daragh
519e907278
Initial grafana setup 2024-05-21 03:05:14 +01:00
867e7a702f
ci: only run teh repo sync when repos are actually updated 2024-05-12 17:17:22 +01:00
runner_nix
1b31b6535d [skip ci] Updated flake for compsoc_public 2024-05-12 15:56:12 +00:00
runner_nix
eee9632878 [skip ci] Updated flake for compsoc_public 2024-05-12 15:41:51 +00:00
runner_nix
44a7fde53c [skip ci] Updated flake for skynet_discord_bot 2024-05-12 15:25:58 +00:00
63874105a8
fix: up the size limit for the cache 2024-05-12 05:31:01 +01:00
5bf1ddbebe
fix: slight improvements 2024-05-12 04:57:26 +01:00
7408873102
feat: new server to work as a nix cache 2024-05-12 04:03:21 +01:00
6ae584c895 feat: add a keyserver 2024-05-07 01:37:32 +01:00
cb6f9c2b8e fix: feckin typos 2024-05-07 01:37:32 +01:00
runner_nix
aec580a93e [skip ci] Updated flake for skynet_discord_bot 2024-05-06 01:33:12 +00:00
210845d2cd feat: create space for the open governance 2024-05-03 22:50:57 +01:00
ebefd81def fix: split out the php config so it can serve php and html together 2024-04-20 04:55:47 +01:00
48e48c43c7 feat: added a redirect for the old skynet format of user addresses 2024-04-20 04:55:07 +01:00
54606be0df feat: got php working for the user server 2024-04-20 03:18:13 +01:00
a4c52ea87c feat: use colmena repo 2024-04-20 02:08:57 +01:00
runner_nix
2b09716c4d [skip ci] Updated flake for compsoc_public 2024-04-17 16:27:11 +00:00
runner_nix
b1d7c15a4d [skip ci] Updated flake for compsoc_public 2024-04-13 22:14:57 +00:00
runner_nix
d48e68d3b3 [skip ci] Updated flake for compsoc_public 2024-04-03 09:14:15 +00:00
runner_nix
d73be0c8d3 [skip ci] Updated flake for compsoc_public 2024-04-03 07:31:44 +00:00
runner_nix
25f687cacf [skip ci] Updated flake for compsoc_public 2024-04-03 07:18:59 +00:00
runner_nix
05ab8b0238 [skip ci] Updated flake for compsoc_public 2024-04-02 22:40:27 +00:00
runner_nix
7cd4f9288b [skip ci] Updated flake for compsoc_public 2024-04-02 05:14:50 +00:00
runner_nix
57a16a2c8f [skip ci] Updated flake for skynet_discord_bot 2024-03-28 13:19:42 +00:00
runner_nix
b343009682 [skip ci] Updated flake for skynet_ldap_backend 2024-03-28 12:48:58 +00:00
da721924e4 soc: enable games dev 2024-03-12 15:30:53 +00:00
runner_nix
106485a754 [skip ci] Updated flake for skynet_ldap_backend 2024-03-11 22:49:14 +00:00
7e2abcae5b feat: enabled out in UL as a soc on wolves 2024-03-11 22:30:48 +00:00
1197c50962 fix: danm formatting 2024-03-11 22:09:04 +00:00
f0661ba00f fix: had forgotten to add the field ehre 2024-03-11 22:06:10 +00:00
runner_nix
9a4ea6b9fb [skip ci] Updated flake for skynet_ldap_backend 2024-03-11 21:37:36 +00:00
4575aabcb2 [skip ci] feat: added field to enable clubs/socs 2024-03-11 20:53:50 +00:00
54ef36023a committee: new HSO 2024-03-07 11:20:09 +00:00
runner_nix
04a0a21ac7 [skip ci] Updated flake for skynet_discord_bot 2024-03-05 20:11:57 +00:00
runner_nix
ac721c2540 [skip ci] Updated flake for skynet_discord_bot 2024-03-04 22:53:46 +00:00
runner_nix
7b3b3b290c [skip ci] Updated flake for skynet_discord_bot 2024-03-03 16:55:26 +00:00
runner_nix
fcff34e225 [skip ci] Updated flake for skynet_discord_bot 2024-03-03 15:15:04 +00:00
1790a12360 [skip ci] feat: added the minecraft server key for the discord bot
The key is tied to kitt
2024-03-03 12:48:48 +00:00
runner_nix
7031b49599 [skip ci] Updated flake for skynet_discord_bot 2024-03-02 21:59:34 +00:00
90d8a105f7 feat: backup client will now only run if there are items to backup.
Closes #54
2024-02-28 14:12:05 +00:00
a42ac52f9d feat: add php to the skynet users server 2024-02-28 09:10:57 +00:00
runner_nix
44f123289f [skip ci] Updated flake for compsoc_public 2024-02-27 19:11:09 +00:00
runner_nix
4314d00322 [skip ci] Updated flake for compsoc_public 2024-02-27 18:30:51 +00:00
runner_nix
90ac5f41ef [skip ci] Updated flake for compsoc_public 2024-02-27 18:17:42 +00:00
runner_nix
d971c2e855 [skip ci] Updated flake for compsoc_public 2024-02-27 18:05:08 +00:00
runner_nix
34156ba71f [skip ci] Updated flake for compsoc_public 2024-02-27 17:49:17 +00:00
runner_nix
2fcf1f19d8 [skip ci] Updated flake for compsoc_public 2024-02-27 17:32:15 +00:00
runner_nix
e77d9e51e8 [skip ci] Updated flake for compsoc_public 2024-02-27 15:38:56 +00:00
runner_nix
22cb1bcbd4 [skip ci] Updated flake for compsoc_public 2024-02-27 14:22:03 +00:00
d3e635f2c1 committee: Leo resigned from committee 2024-02-21 19:54:06 +00:00
runner_nix
b6ecd5255d [skip ci] Updated flake for skynet_ldap_frontend 2024-02-18 17:29:51 +00:00
19d94808ed fix: cors is now being handled by the backend 2024-02-18 14:52:34 +00:00
runner_nix
cde7f37455 [skip ci] Updated flake for skynet_ldap_backend 2024-02-18 14:35:33 +00:00
runner_nix
fa7cbd420e [skip ci] Updated flake for skynet_ldap_backend 2024-02-18 01:53:26 +00:00
runner_nix
ec254fd6fe [skip ci] Updated flake for skynet_website_games 2024-02-16 17:16:57 +00:00
runner_nix
b526150547 [skip ci] Updated flake for skynet_website_games 2024-02-16 17:04:36 +00:00
runner_nix
98886d724d [skip ci] Updated flake for skynet_website_games 2024-02-16 16:49:24 +00:00
138fd31a6e Update file dns.nix 2024-02-16 15:05:29 +00:00
5aca8874b3 Update Minecraft server DNS entry 2024-02-16 13:12:32 +00:00
93211d09cc Update dns.nix 2024-02-16 12:59:51 +00:00
9932efe593 Update Minecraft server DNS entry 2024-02-16 12:40:43 +00:00
a0bb8b479e Update file dns.nix 2024-02-16 12:33:26 +00:00
5ced7f4fe4 Update file dns.nix 2024-02-16 12:27:47 +00:00
8d94f0c965 Update file dns.nix 2024-02-16 11:00:16 +00:00
40f33f28aa Update file dns.nix 2024-02-16 00:08:57 +00:00
runner_nix
7ed840e204 [skip ci] Updated flake for compsoc_public 2024-02-10 20:06:07 +00:00
runner_nix
8f60f9dea0 [skip ci] Updated flake for compsoc_public 2024-02-10 18:26:11 +00:00
26e715b2f6 fix: some error warnings cleared 2024-02-09 12:47:20 +00:00
runner_nix
2c3e87b4d8 [skip ci] Updated flake for skynet_website 2024-02-05 17:30:53 +00:00
runner_nix
7ccc78c5bd [skip ci] Updated flake for skynet_website_renew 2024-02-05 17:10:14 +00:00
6de8f1e963 fix: email how the sive was handled changed slighty, this is a temp fix
Signed-off-by: Brendan Golden <git_laptop@brendan.ie>
2024-02-04 21:39:57 +00:00
ded0dc5394 Merge branch 'main' of https://gitlab.skynet.ie/compsoc1/skynet/nixos 2024-02-04 20:21:19 +00:00
2acaf29f63 [skip ci] fix: bump nixpkgs 2024-02-04 20:17:46 +00:00
runner_nix
3c6250f54b [skip ci] Updated flake for compsoc_public 2024-02-02 17:06:08 +00:00
runner_nix
e8637b1f39 [skip ci] Updated flake for compsoc_public 2024-02-02 14:40:41 +00:00
6b0507a647 fix: redirect root IP's in nginx to skynet.ie 2024-01-31 15:43:18 +00:00
39594e5973 fix: the network issues 2024-01-27 23:04:48 +00:00
46cae94f99 fmt: forgot to format 2024-01-27 21:38:30 +00:00
589ae332e6 Merge branch 'main' of https://gitlab.skynet.ie/compsoc1/skynet/nixos 2024-01-27 21:32:34 +00:00
6f9d30cb87 fix: going back to our own module for bitwarden cli 2024-01-27 21:32:26 +00:00
a7231e0d6d Fix error 2024-01-27 20:57:58 +00:00
16bae0bf8f Added config folder to changes 2024-01-27 20:49:18 +00:00
e7d47fa873 Update file dns.nix 2024-01-27 20:44:36 +00:00
215ba411fb Update file dns.nix 2024-01-27 20:43:02 +00:00
c8260ad05e Update file dns.nix 2024-01-27 20:42:19 +00:00
24018b5400 Merge branch '#52-dns-for-non-nixos' into 'main'
feat: Added functionality to have dns for non nixos servers

Closes #52

See merge request compsoc1/skynet/nixos!30
2024-01-27 19:05:55 +00:00
ccf090b841 feat: Added functionality to have dns for non nixos servers
Closes #52
2024-01-27 18:53:49 +00:00
80c6fac51a feat: make eliza admin 2024-01-25 21:55:04 +00:00
5a9ee7e106 feat: added another alias 2024-01-17 07:44:00 +00:00
a355bc81c6 feat: now using teh upstream nextcloud again 2024-01-12 21:37:06 +00:00
bb44a38bbb feat: now using teh upstream bitwarden connector 2024-01-12 21:33:09 +00:00
73330b3f6f fix: updated cadie to clear some networking issues 2024-01-12 21:23:45 +00:00
c9d7598827 Merge branch 'main' of https://gitlab.skynet.ie/compsoc1/skynet/nixos 2024-01-12 19:46:09 +00:00
2b6e629d30 feat: added phildeb minecraft server 2024-01-12 19:22:07 +00:00
c86556bff4 fix: final changes based on nixpkgs 2024-01-12 18:41:25 +00:00
runner_nix
0860c2fde2 [skip ci] Updated flake for skynet_ldap_backend 2024-01-10 11:26:59 +00:00
runner_nix
575d8dce3c [skip ci] Updated flake for skynet_discord_bot 2024-01-02 17:07:11 +00:00
runner_nix
dbfcd6d86a [skip ci] Updated flake for skynet_ldap_frontend 2024-01-01 10:11:40 +00:00
runner_nix
556f3fcd14 [skip ci] Updated flake for skynet_ldap_backend 2023-12-31 07:03:50 +00:00
e96ec3023f fix: formatting always gets me 2023-12-30 12:59:25 +00:00
fc78cfd83f feat: added former aliases to teh banned list of usernames 2023-12-30 12:58:52 +00:00
5900c41ab7 [skip ci] feat: some more changes based on https://github.com/NixOS/nixpkgs/pull/265783 2023-12-30 10:38:31 +00:00
a19d1cc915 fix: Using a temp local module until https://github.com/NixOS/nixpkgs/pull/277382 is complete 2023-12-29 14:23:51 +00:00
c84951252f doc: added instructions on how to force a new linking for teh sync 2023-12-27 23:04:26 +00:00
08144baa42 feat: will now only update teh links if they change, or if an override is passed 2023-12-27 22:52:01 +00:00
1057bae86e Merge branch '#50_mirror_using_gitlab.com' into 'main'
feat: setup script to sync repos

Closes #50

See merge request compsoc1/skynet/nixos!29
2023-12-27 22:22:17 +00:00
225033130c feat: finished listing the repos, should be all good now
Closes #50
2023-12-27 22:11:26 +00:00
e67595a7c4 fix: make the download meter silent 2023-12-27 21:57:16 +00:00
8fecc941c7 fix: this should now work (?) 2023-12-27 21:53:26 +00:00
f116c3fb25 feat: add backend to test 2023-12-27 21:43:51 +00:00
4bcaaa25d7 fic: should now be working properly 2023-12-27 21:42:14 +00:00
61adbabe78 doc: updated documentation 2023-12-27 21:41:45 +00:00
0fc2b7ee6a fix: had incorrect token parms 2023-12-27 21:20:36 +00:00
07601f708c feat: setup script to sync repos
Related to #50
2023-12-27 21:16:30 +00:00
runner_nix
f5dcdf7547 [skip ci] Updated flake for skynet_ldap_backend 2023-12-27 17:19:03 +00:00
54529e0d21 fix: hopefully this will stop it needing to rebuild so often 2023-12-27 16:52:54 +00:00
351f6b22da fix: feedback from https://github.com/NixOS/nixpkgs/pull/265783 2023-12-27 15:50:00 +00:00
runner_nix
f1782633cd [skip ci] Updated flake for skynet_ldap_frontend 2023-12-27 14:54:34 +00:00
runner_nix
9c85fbbc00 [skip ci] Updated flake for skynet_ldap_backend 2023-12-24 23:30:38 +00:00
runner_nix
bb2a014b29 [skip ci] Updated flake for skynet_ldap_backend 2023-12-24 22:29:04 +00:00
440ad7d209 fix: ensure networking remains good pat2 2023-12-22 18:19:27 +00:00
02dd11c8b4 fix: ensure networking remains good 2023-12-22 15:52:34 +00:00
7c4e83f60a feat: this should allow #40 to work 2023-12-21 06:15:11 +00:00
93c21d3093 [skip ci] feat/fix: networking.hostName must be set for physical servers 2023-12-20 16:29:39 +00:00
ca9e1871cc fix: making sure we are on unstable and not master helped 2023-12-20 16:10:41 +00:00
a8f6c1e80e Revert "This is going to fail but will "fix" the build"
This reverts commit 1e8b5a3930.
2023-12-20 16:08:44 +00:00
1e8b5a3930 This is going to fail but will "fix" the build 2023-12-20 15:20:28 +00:00
82c0c4ae42 fix: fmt 2023-12-20 14:41:55 +00:00
8e0ec53740 feat: bump nextcloud.
Had to update packages which involved setting a interface for teh default gateway
2023-12-20 14:37:08 +00:00
8d43055ddf doc: updated server lists 2023-12-20 13:17:51 +00:00
de69ca69c9 bitwarden: brought in line with the nixpkgs again. (again) 2023-11-25 22:42:02 +00:00
600d1f755f [skip ci] Removed unused network configuration, its fully set in proxmox 2023-11-25 22:40:36 +00:00
runner_nix
7877cef87c [skip ci] Updated flake for skynet_discord_bot 2023-11-25 21:36:51 +00:00
runner_nix
9c30567885 [skip ci] Updated flake for skynet_discord_bot 2023-11-23 22:29:57 +00:00
runner_nix
1db618bb80 [skip ci] Updated flake for skynet_discord_bot 2023-11-23 16:24:03 +00:00
a1be738883 feat: some slight improvements to control storage useage for teh runner 2023-11-20 20:55:03 +00:00
20f9a38aed [skip ci]: added trainee 2023-11-20 20:45:15 +00:00
03add8f999 [skip ci]: granted trainees permission to a server to test stuff out 2023-11-20 20:25:41 +00:00
21612fed13 ci: better output for logs 2023-11-20 17:33:51 +00:00
56bdcb3af8 todo: update ulfm 2023-11-20 16:52:24 +00:00
56fdff7571 fix: add the option for trainee users 2023-11-20 16:44:38 +00:00
runner_nix
fee6f37fb7 [skip ci] Updated flake for skynet_ldap_backend 2023-11-20 16:40:30 +00:00
0a028eaf53 feat: add a test server for trainees to use 2023-11-20 16:10:09 +00:00
cbb4100b4e bitwarden: brought in line with the nixpkgs again. 2023-11-18 03:03:35 +00:00
e42f718ba5 feat: reinstalled vendetta.
Now reboots perfectly
2023-11-17 11:41:22 +00:00
2989cb5b72 dns: fix pathing. 2023-11-17 09:19:05 +00:00
03ae753b90 issue: wait until server has been physically updated to re-enable 2023-11-16 01:20:28 +00:00
82b0b4aff4 bitwarden: final changes 2023-11-16 01:12:09 +00:00
4c0f3a1645 feat: enable better seperation of lxc dependencies 2023-11-16 01:09:35 +00:00
4a95e48179 feat: rebuit neuromancer to make it be able to be rebooted 2023-11-15 20:15:53 +00:00
6ea0240a3a feat: rebuit jones to make it be able to be rebooted 2023-11-15 16:41:30 +00:00
35f6d63c10 feat: Improved config further further 2023-11-13 00:54:23 +00:00
e810bca085 feat: Improved config further 2023-11-12 21:58:27 +00:00
09fb8cf56e feat: improved and unified config, now will be almost the same as what is in nixpkgs 2023-11-12 03:27:30 +00:00
c27f1749a2 Merge branch '#49_add_vaultwarden' into 'main'
#49 add vaultwarden

Closes #49

See merge request compsoc1/skynet/nixos!26
2023-11-07 13:51:05 +00:00
29dc2750ae feat: added bitwarden/vaultwarden support. 2023-11-07 13:38:59 +00:00
runner_nix
7673bb3fb2 [skip ci] Updated flake for skynet_ldap_frontend 2023-11-06 13:11:29 +00:00
c53e7ffcf2 fix: update teh metadata/package 2023-11-06 05:18:52 +00:00
54f54d31b1 feat: packaged up Bitwardens Directory Connector 2023-11-06 04:16:42 +00:00
8bb2c26a99 feat: added the ability for the admin to install store based 2023-11-03 23:50:17 +00:00
runner_nix
5877f1143c [skip ci] Updated flake for compsoc_public 2023-10-28 19:02:42 +00:00
runner_nix
a87c4adf2b [skip ci] Updated flake for compsoc_public 2023-10-28 18:50:44 +00:00
00d3783919 doc: add documentation line for future reference 2023-10-28 04:33:49 +01:00
ac375549d4 committee: added kronsy 2023-10-27 12:48:31 +01:00
runner_nix
4235084eab [skip ci] Updated flake for skynet_discord_bot 2023-10-27 11:07:14 +00:00
runner_nix
18086dfba2 [skip ci] Updated flake for skynet_ldap_backend 2023-10-27 10:44:26 +00:00
runner_nix
4554055518 [skip ci] Updated flake for skynet_ldap_backend 2023-10-27 10:26:15 +00:00
f42b5a6359 ITD: updated matrix 2023-10-27 08:59:09 +01:00
9c90aa856a ci: move the linter to be before the build so that if its wrong it will fail faster 2023-10-27 03:12:51 +01:00
8e1eb5c192 fix: using a slightly newer build that has a better db structure 2023-10-27 03:04:41 +01:00
2a6e63fcea feat: updated teh discord bot to teh new api 2023-10-27 03:01:23 +01:00
8a37a3c42e fix: little bit of a cleanup 2023-10-27 02:50:40 +01:00
a305a1f744 feat: enabled the new wolves api for the backend 2023-10-27 02:49:59 +01:00
feb492c0c7 feat: prep for wolves api 2023-10-27 02:25:21 +01:00
1dc8e1109d feat: added onlyoffice 2023-10-27 01:54:41 +01:00
b1c679c73f nextcloud: use redis for caching 2023-10-26 17:38:32 +01:00
011bc91795 nextcloud: switch over to using postgresql 2023-10-26 17:38:15 +01:00
eebf1845cb email: unfortunately undoes some of the work @esy did but I think this will work
#33
2023-10-26 02:30:42 +01:00
0a89ac4526 Merge branch '#33_k9_mail_certs' into 'main'
added certs for k9 mail related subdomains

See merge request compsoc1/skynet/nixos!25
2023-10-26 00:25:27 +00:00
daragh
64d1054067
fix : switched email ACMEHost to mail 2023-10-26 01:13:59 +01:00
daragh
f2811f2e04
fix : added certs for k9 mail related subdomains
related to #33
2023-10-26 01:02:39 +01:00
runner_nix
df46133fca [skip ci] Updated flake for skynet_ldap_backend 2023-10-25 23:51:13 +00:00
633f5b4525 Merge branch '#35_add_nextcloud' into 'main'
Add nextcloud

Closes #38 and #46

See merge request compsoc1/skynet/nixos!24
2023-10-25 18:53:32 +00:00
422ee6b2c8 Merge branch 'main' into '#35_add_nextcloud'
# Conflicts:
#   ITD_Firewall.csv
2023-10-25 18:43:45 +00:00
211050fc27 feat: updated the itd csv 2023-10-25 19:31:37 +01:00
a5bf6df79a feat: rekeyed with CADIE 2023-10-25 19:28:28 +01:00
b8b7f09b9f feat: created CADIE 2023-10-25 19:28:09 +01:00
7f64767991 fix: remove the nextcloud stuff that was here for testing 2023-10-25 19:27:34 +01:00
runner_nix
2dcae4df6d [skip ci] Updated flake for skynet_ldap_backend 2023-10-25 17:40:45 +00:00
587fb4053a Merge branch 'main' of https://gitlab.skynet.ie/compsoc1/skynet/nixos 2023-10-24 18:53:11 +01:00
bb346e294f email: handle junk mails better 2023-10-24 18:53:06 +01:00
runner_nix
91f7fec824 [skip ci] Updated flake for skynet_discord_bot 2023-10-24 16:52:46 +00:00
runner_nix
e7d1854de4 [skip ci] Updated flake for skynet_ldap_backend 2023-10-24 16:43:40 +00:00
d2ece41ace email: this will allow folks with permission to send mail as the service accounts 2023-10-23 18:30:44 +01:00
827b109a25 email: add two mailboxes for topdesk 2023-10-23 14:03:23 +01:00
53dd24bd1b email: improve how aliases are handled 2023-10-23 13:17:40 +01:00
13eeead354 email: really need to remove duplication 2023-10-23 11:55:07 +01:00
ec3451d2c7 email: internal inboxes are now prefixed with int 2023-10-23 11:46:52 +01:00
e1f8d580c7 email: add the root inbox 2023-10-23 11:43:00 +01:00
badcce6e38 feat: Seeing if mailmap works 2023-10-22 21:10:06 +00:00
52e4442226 Merge branch 'main' into 'main'
Added tryFiles to locations for angular routing

See merge request compsoc1/skynet/nixos!23
2023-10-22 20:44:53 +00:00
263570154f Added tryFiles to locations for angular routing 2023-10-22 20:38:24 +00:00
runner_nix
d87a7dcdfe [skip ci] Updated flake for compsoc_public 2023-10-22 16:45:44 +00:00
83b7a142bc ldap: fix, forgot to update teh may section 2023-10-22 15:00:48 +01:00
e03e27c894 ldap: small bit of a cleanup 2023-10-22 14:39:35 +01:00
9fd4613936 nextcloud: this is goood enough for now, will have to move server shortly 2023-10-22 14:27:42 +01:00
runner_nix
cc99fb92ec [skip ci] Updated flake for skynet_ldap_backend 2023-10-22 13:26:17 +00:00
15775a1b5d feat: added possible server names and updated the ITD csv 2023-10-21 23:10:39 +00:00
0472019016 Merge branch '#33_email_k9_dns' into 'main'
Added dns config for k-9 mail

See merge request compsoc1/skynet/nixos!22
2023-10-21 16:38:40 +00:00
daragh
7f22a9efa9
fixed formatting 2023-10-21 16:44:28 +01:00
daragh
bb050d57fd
Feat : added dns config for k-9 mail.
Related to #33
2023-10-21 16:33:40 +01:00
c97ce628ee Merge branch '#29_enable_email_sieve' into 'main'
Enables sieve filters for the email

Closes #29

See merge request compsoc1/skynet/nixos!20
2023-10-21 04:53:25 +00:00
daragh
7edd86046b
feat: Enables sieve filters for the email. Closes #29 2023-10-21 05:26:44 +01:00
ff0ba0ef3a Merge branch 'dmarc' into 'main'
added dmarc policy- relaxed for now but can be made more strict if needed

See merge request compsoc1/skynet/nixos!15
2023-10-19 23:41:15 +00:00
daragh
38d309a554 nix fmt 2023-10-20 00:32:56 +01:00
daragh
e375a6cbed changed DKIM and SPF to strict 2023-10-20 00:23:48 +01:00
daragh
0b03585a8e whitespace 2023-10-20 00:19:15 +01:00
daragh
d141771f23 changed comment location 2023-10-20 00:18:01 +01:00
daragh
4407d37636 consistency 2023-10-20 00:15:06 +01:00
daragh
97fb80a4fb Formatted comments 2023-10-20 00:12:46 +01:00
daragh
dd0e55c9d6 added dmarc policy- relaxed for now but can be made more strict if needed 2023-10-19 23:51:23 +01:00
c7faf7734c email: add pycon inbox 2023-10-19 22:13:22 +01:00
1f0cf38c52 committee: added souradbh 2023-10-19 20:50:00 +01:00
runner_nix
118e645b98 [skip ci] Updated flake for skynet_ldap_backend 2023-10-19 19:36:57 +00:00
runner_nix
75a886b461 [skip ci] Updated flake for compsoc_public 2023-10-14 16:20:52 +00:00
dd10b0f8cb fix: standardise the dns spacing a tad 2023-10-14 16:48:01 +01:00
abac7ef291 fix: ignore tmp files as well 2023-10-14 16:31:29 +01:00
1e0a567bc4 fix: add nixos related items 2023-10-14 16:14:10 +01:00
bea98fc9fc fix: better email config, now with dns records
Deals with #32
2023-10-13 11:21:26 +01:00
19a7476278 fix: better email config
Deals with #32
2023-10-13 09:54:47 +01:00
487fb3f0bf fix: enable better mail sorting
Deals with #32
2023-10-13 09:45:07 +01:00
runner_nix
e679f523fc [skip ci] Updated flake for compsoc_public 2023-10-11 17:12:59 +00:00
d46d42cc48 fix: new email for the signup process 2023-10-11 11:57:05 +01:00
fd1a70edc9 feat: improve the email 2023-10-11 10:49:25 +01:00
79fcefb378 fix: ensire library is properly unset 2023-10-11 09:17:43 +01:00
34fe15863f fix: seems that nix changed how gitlab links were handled.
Discussing it here https://github.com/NixOS/nix/pull/8773
2023-10-09 22:52:35 +01:00
runner_nix
6ce481fd2c [skip ci] Updated flake for skynet_website 2023-10-09 18:44:36 +00:00
runner_nix
c9b8f9b641 [skip ci] Updated flake for skynet_website 2023-10-09 18:36:50 +00:00
8ea737d57b fix: use a better namespace 2023-10-09 18:04:01 +01:00
9f94b5b551 fix: formatting 2023-10-09 17:57:33 +01:00
ff4f0a37b3 Merge branch 'main' of https://gitlab.skynet.ie/compsoc1/skynet/nixos 2023-10-09 17:55:09 +01:00
bece34b65e feat: roughly set up virtual aliases to use.
Will need to see if I cna get the idea merged in upstream.

Closes https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/issues/22
2023-10-09 17:54:36 +01:00
78ab6de860 feat: move users into their own file 2023-10-09 17:53:33 +01:00
a242b1afcd new committee 2023-10-09 17:11:56 +01:00
runner_nix
f2007c1985 [skip ci] Updated flake for compsoc_public 2023-10-08 23:18:42 +00:00
runner_nix
8d979dc7fc [skip ci] Updated flake for compsoc_public 2023-10-08 12:58:51 +00:00
runner_nix
fcfd87c005 [skip ci] Updated flake for compsoc_public 2023-10-08 12:51:09 +00:00
runner_nix
4c3df9ec96 [skip ci] Updated flake for compsoc_public 2023-10-08 12:42:47 +00:00
runner_nix
3f38cb643e [skip ci] Updated flake for skynet_website_renew 2023-10-04 21:10:54 +00:00
runner_nix
13a7534848 [skip ci] Updated flake for skynet_discord_bot 2023-10-02 08:30:45 +00:00
c85dfdd3b6 ci: split up the build command 2023-10-02 02:36:40 +00:00
f7d5a4ec6e ci: test 3 2023-10-02 02:25:24 +00:00
d309cf8b6f ci: test 2 2023-10-02 02:19:55 +00:00
6ce3dc060f ci: test using devshell inside pipeline 2023-10-02 02:15:54 +00:00
75c4695101 feat: bumped everythign.
This is mostly to push through a patch for gitlab.
The -unstable branch had the fix but also a new bug.
This is fixed in teh master branch
2023-10-02 02:44:35 +01:00
7e55b1210d Merge branch 'main' of https://gitlab.skynet.ie/compsoc1/skynet/nixos 2023-10-01 22:24:39 +01:00
667c335839 feat: added in some automatic garbage collection
Also merged all teh nix options together.
2023-10-01 22:06:05 +01:00
18155ec6e1 feat: got email working
Closes #1
2023-10-01 21:24:02 +01:00
runner_nix
01fe89db25 [skip ci] Updated flake for skynet_website_games 2023-10-01 03:09:44 +00:00
fa422ce69c feat: added the games.skynet.ie site 2023-10-01 03:53:53 +01:00
runner_nix
e347afcb39 [skip ci] Updated flake for skynet_website_renew 2023-10-01 00:47:29 +00:00
ec28365122 doc: added info that formatting is now mandatory 2023-10-01 00:08:28 +01:00
510066fa1a ci: now should error on incorrectly formatted files 2 2023-10-01 00:06:29 +01:00
c46e24bbfe ci: now should error on incorrectly formatted files 2023-10-01 00:03:55 +01:00
88195b4628 ci: for testing linter 2023-09-30 23:55:54 +01:00
a24f6ddb59 ci: only run deployment if the actual config files got updated 2023-09-30 23:53:03 +01:00
042c84c5cc ci: same as previous 2023-09-30 22:46:40 +00:00
3dca6add56 ci: had forgotten nix commands were "experimental" 2023-09-30 22:44:27 +00:00
09ccf41717 ci: add a formatter stage to teh test stage 2023-09-30 23:37:02 +01:00
2fc64d34b5 doc: updated documentation for how to manually push updates 2023-09-30 23:35:46 +01:00
165c4645bf feat: move off of using root for deployment 2023-09-30 23:18:14 +01:00
c87fec1a65 feat: will restart dns when the related files are changed 2023-09-30 22:06:18 +01:00
3860db8098 feat: added the renewal site for alumni 2023-09-30 19:22:58 +01:00
runner_nix
ad0462cb86 [skip ci] Updated flake for compsoc_public 2023-09-28 20:03:30 +00:00
runner_nix
919584ec58 [skip ci] Updated flake for skynet_discord_bot 2023-09-28 17:30:11 +00:00
runner_nix
1ac3e52d8a [skip ci] Updated flake for skynet_discord_bot 2023-09-28 17:03:53 +00:00
runner_nix
d0751fa594 [skip ci] Updated flake for compsoc_public 2023-09-28 16:16:11 +00:00
7ed6fdeb3b make "presentations" more general 2023-09-28 17:11:35 +01:00
bd58a6d169 ci: this job wont succeed, will need tot alk to ITD about it? 2023-09-28 14:13:31 +01:00
3e747c9408 ci: deploy to skynet as well 2023-09-28 14:06:44 +01:00
d9664c34fd Merge branch 'main' into 'main'
add vim

See merge request compsoc1/skynet/nixos!13
2023-09-28 10:59:51 +00:00
1c11038f48 add vim 2023-09-28 10:59:51 +00:00
4e244222ba ci: test (final?) 2023-09-28 10:20:57 +00:00
54273175c7 ci: testing 2023-09-28 10:19:59 +00:00
68b7afce1e ci: testing again - fix 2023-09-28 10:18:12 +00:00
dd27f13a08 ci: testing again 2023-09-28 10:17:39 +00:00
3c3a23b12e test: dummy patch 2023-09-28 10:15:42 +00:00
cdded657c0 ci: *fingers crossed* 2023-09-28 10:14:05 +00:00
344b70bf9f ci: try try again 2023-09-28 10:10:56 +00:00
b77c265a12 ci: more testing 2023-09-28 10:05:58 +00:00
70e867acd1 ci: hopefully this works 2023-09-28 09:56:14 +00:00
8c0d217b94 ci: no need to run these jobs on merge requests 2023-09-28 01:25:28 +01:00
runner_nix
41b707c810 [skip ci] Updated flake for skynet_ldap_frontend 2023-09-27 23:55:16 +00:00
385059e7b7 fix: make it easier to browse the slides 2023-09-28 00:47:33 +01:00
48c271cf3f feat: add the slides site 2023-09-28 00:26:32 +01:00
runner_nix
d8df11dcf1 [skip ci] Updated flake for skynet_ldap_backend 2023-09-27 22:59:16 +00:00
runner_nix
5c47f15ce6 [skip ci] Updated flake for skynet_ldap_frontend 2023-09-27 12:15:45 +00:00
runner_nix
94baa0ec12 [skip ci] Updated flake for skynet_ldap_frontend 2023-09-27 12:11:53 +00:00
adb04543da fix: ldap details were wrong 2023-09-27 11:49:10 +01:00
runner_nix
19e325d345 [skip ci] Updated flake for skynet_ldap_frontend 2023-09-27 01:24:36 +00:00
runner_nix
bf2b29a1e4 [skip ci] Updated flake for skynet_ldap_frontend 2023-09-26 21:49:33 +00:00
runner_nix
6de8c15b48 [skip ci] Updated flake for skynet_ldap_frontend 2023-09-26 20:23:01 +00:00
37fd34358c fix: cors testing again 2023-09-26 18:11:02 +01:00
de8382c7c9 Merge branch 'main' of https://gitlab.skynet.ie/compsoc1/skynet/nixos 2023-09-26 01:26:37 +01:00
f59370c821 feat: added laptop to list of keys 2023-09-26 01:26:24 +01:00
runner_nix
7c53f58df9 [skip ci] Updated flake for skynet_discord_bot 2023-09-26 00:25:53 +00:00
runner_nix
2fdef2ab47 [skip ci] Updated flake for skynet_ldap_backend 2023-09-25 23:09:19 +00:00
runner_nix
11d972e9b8 [skip ci] Updated flake for skynet_ldap_backend 2023-09-25 22:45:46 +00:00
6c0fe58147 testing cors 2023-09-25 22:11:23 +00:00
runner_nix
02bbdca372 [skip ci] Updated flake for skynet_ldap_frontend 2023-09-25 12:51:27 +00:00
runner_nix
d54c1551f5 [skip ci] Updated flake for skynet_ldap_frontend 2023-09-25 12:46:15 +00:00
runner_nix
2cbbd35eb6 [skip ci] Updated flake for skynet_ldap_frontend 2023-09-25 12:42:29 +00:00
runner_nix
726d41f4f8 [skip ci] Updated flake for skynet_ldap_backend 2023-09-23 20:05:13 +00:00
1de744dbee fix: set the proper redirect for discord 2023-09-18 20:13:56 +01:00
04e0712155 Merge branch 'discord_fix' into 'main'
Fix. Discord redirect

See merge request compsoc1/skynet/nixos!11
2023-09-18 18:53:24 +00:00
Eoghan Conlon
3599ea0e24 Something to test with the discord link 2023-09-18 19:47:55 +01:00
runner_nix
e7a6beffde [skip ci] Updated flake for skynet_ldap_frontend 2023-09-18 14:07:36 +00:00
runner_nix
0add8625b7 [skip ci] Updated flake for skynet_ldap_frontend 2023-09-18 14:01:24 +00:00
runner_nix
73ab341ad4 [skip ci] Updated flake for skynet_ldap_frontend 2023-09-18 13:45:05 +00:00
runner_nix
dbe7bc1511 [skip ci] Updated flake for skynet_ldap_frontend 2023-09-18 11:29:14 +00:00
runner_nix
22dd65b630 [skip ci] Updated flake for skynet_discord_bot 2023-09-18 09:01:52 +00:00
runner_nix
f37e0b6cdd [skip ci] Updated flake for skynet_discord_bot 2023-09-17 23:08:44 +00:00
runner_nix
deb13a31f9 [skip ci] Updated flake for skynet_discord_bot 2023-09-17 21:10:07 +00:00
6628eb89cd fix: had removed some things from the bot flake 2023-09-17 21:42:42 +01:00
runner_nix
b75e6c6132 [skip ci] Updated flake for skynet_discord_bot 2023-09-17 20:40:56 +00:00
7f3dc8946e feat: added a formatter and some instructions 2023-09-17 20:51:08 +01:00
runner_nix
14ae0a9065 [skip ci] Updated flake for skynet_discord_bot 2023-09-17 19:10:22 +00:00
runner_nix
238beb19b9 [skip ci] Updated flake for skynet_discord_bot 2023-09-17 18:53:16 +00:00
9c63dac494 fix: update discord role 2023-09-16 21:30:47 +01:00
2501979541 feat: added mail to the discord bot 2023-09-16 20:23:54 +01:00
runner_nix
4957e04786 [skip ci] Updated flake for skynet_discord_bot 2023-09-16 19:15:26 +00:00
a1b9ce3f2d fix: skynet is external so needs top be updated manually 2023-09-16 17:07:18 +01:00
runner_nix
7120cd09d1 [skip ci] Updated flake for skynet_ldap_backend 2023-09-16 15:33:50 +00:00
28253d3527 feat: added the restricted names for the signup 2023-09-16 15:52:23 +01:00
runner_nix
6392375f61 [skip ci] Updated flake for skynet_ldap_backend 2023-09-16 14:22:46 +00:00
22163528d9 feat: earth has been revived to calculate the Question of Life, the Universe and Everything. 2023-09-16 01:35:26 +01:00
9f42b60940 fix: properly set up the routes 2023-09-16 00:30:45 +01:00
ef6096e6e0 feat: skynet user stuff is now segregated to a server that is untrusted 2023-09-16 00:04:39 +01:00
7d7f402b6d fix: seems like we need to keep the two network addresses for the skynet server 2023-09-15 22:03:52 +01:00
5acbd12960 fix: allow the dmz skynet server access to the dns 2023-09-15 21:19:07 +01:00
efe1fbd140 feat: splitting up the user side of skynet and the main websites 2023-09-15 20:36:07 +01:00
6673ba28b1 fix: dns no longer fails to be updated 2023-09-15 20:30:37 +01:00
a5059e1c28 Merge branch 'main' of https://gitlab.skynet.ie/compsoc1/skynet/nixos 2023-09-12 12:05:49 +01:00
563d13e115 feat: updated whats fed into different modules 2023-09-12 12:05:38 +01:00
462164a82f [no ci] fix: updated the domain 2023-09-12 11:43:45 +01:00
runner_nix
61411c7845 [skip ci] Updated flake for skynet_ldap_backend 2023-09-11 00:14:56 +00:00
runner_nix
edb2a0f40e [skip ci] Updated flake for skynet_ldap_backend 2023-09-10 21:27:53 +00:00
runner_nix
c12f2920ac [skip ci] Updated flake for skynet_ldap_backend 2023-09-10 21:22:03 +00:00
73e7406b37 [no ci] fix: sites directly on skynet now relate to the root domain 2023-09-10 15:09:50 +01:00
4938aee412 [no ci] fix: ssh comes at teh cost of the http access 2023-09-05 15:55:52 +01:00
c5c0df3f5e [no ci] feat: now got ssh access to skynet.skynet.ie 2023-09-05 15:02:02 +01:00
112 changed files with 6140 additions and 2363 deletions

View file

@ -0,0 +1,59 @@
name: Build_Deploy
on:
workflow_run:
workflows: [ "Update_Flake" ]
types:
- completed
push:
branches:
- 'main'
paths:
- applications/**/*
- machines/**/*
- secrets/**/*
- flake.*
- config/**/*
- .forgejo/**/*
jobs:
linter:
runs-on: nix
steps:
- uses: actions/checkout@v4
- run: nix fmt -- --check .
- run: nix --version
#if: github.repository == 'Skynet/nixos'
build:
runs-on: nix
steps:
- uses: actions/checkout@v4
- run: nix develop -v
# - name: Archive Test Results
# if: always()
# run: sleep 100m
# - run: colmena build -v --on @active-dns
# - run: colmena build -v --on @active-core
# - run: colmena build -v --on @active
# - run: colmena build -v --on @active-ext
# - run: colmena build -v --on @active-gitlab
deploy_dns:
runs-on: nix
needs: [ linter, build ]
steps:
- uses: actions/checkout@v4
- run: colmena apply -v --on @active-dns --show-trace
shell: bash
deploy_active:
strategy:
matrix:
batch: [ active-core, active, active-ext ]
runs-on: nix
needs: [ deploy_dns ]
steps:
- uses: actions/checkout@v4
- run: colmena apply -v --on @${{ matrix.batch }} --show-trace
shell: bash

View file

@ -0,0 +1,12 @@
name: Update_Forgejo
on:
workflow_dispatch:
jobs:
deploy:
runs-on: nix
steps:
- uses: actions/checkout@v4
- run: colmena apply -v --on @active-gitlab --show-trace
shell: bash

View file

@ -0,0 +1,31 @@
name: Update_Flake
run-name: "[Update Flake] ${{ inputs.input_to_update }}"
on:
workflow_dispatch:
inputs:
input_to_update:
description: 'Flake input to update'
required: false
type: string
jobs:
update:
runs-on: nix
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
# added or changed files to the repository.
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
token: ${{ secrets.PIPELINE_TOKEN }}
- run: nix flake update ${{ inputs.input_to_update }}
shell: bash
- uses: https://github.com/stefanzweifel/git-auto-commit-action@v5
with:
commit_message: "Updated flake for ${{ inputs.input_to_update }}"

9
.gitignore vendored
View file

@ -4,6 +4,10 @@
# Microsoft office Lockfiles # Microsoft office Lockfiles
~$* ~$*
*.tmp *.tmp
tmp
# open office tmp lockfiles
.~lock.*
# Test files # Test files
test.* test.*
@ -22,3 +26,8 @@ test.*
# Dealing with Mac users # Dealing with Mac users
.DS_Store .DS_Store
# nixos stuff
result
/result
.gcroots

View file

@ -1,7 +1,7 @@
# borrowed from https://gitlab.com/nix17/nixos-config/-/blob/main/.gitlab-ci.yml # borrowed from https://gitlab.com/nix17/nixos-config/-/blob/main/.gitlab-ci.yml
stages: stages:
- flake - misc
- test - test
- deploy - deploy
- deploy_gitlab - deploy_gitlab
@ -11,7 +11,7 @@ stages:
# $PACKAGE_NAME = name of the flake that needs to be updated # $PACKAGE_NAME = name of the flake that needs to be updated
# $UPDATE_FLAKE = flag to update the flake # $UPDATE_FLAKE = flag to update the flake
update: update:
stage: flake stage: misc
tags: tags:
- nix - nix
# from https://forum.gitlab.com/t/git-push-from-inside-a-gitlab-runner/30554/5 # from https://forum.gitlab.com/t/git-push-from-inside-a-gitlab-runner/30554/5
@ -30,7 +30,7 @@ update:
# the part that updates the flake # the part that updates the flake
- nix --experimental-features 'nix-command flakes' flake lock --update-input $PACKAGE_NAME - nix --experimental-features 'nix-command flakes' flake lock --update-input $PACKAGE_NAME
- git add flake.lock - git add flake.lock
- git commit -m "[skip ci] Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit" - git commit -m "Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit"
# we have a custom domain # we have a custom domain
- git remote rm origin && git remote add origin ssh://git@gitlab.skynet.ie:2222/compsoc1/skynet/nixos.git - git remote rm origin && git remote add origin ssh://git@gitlab.skynet.ie:2222/compsoc1/skynet/nixos.git
- git push origin HEAD:$CI_COMMIT_REF_NAME - git push origin HEAD:$CI_COMMIT_REF_NAME
@ -40,11 +40,24 @@ update:
variables: variables:
- $UPDATE_FLAKE == "yes" - $UPDATE_FLAKE == "yes"
sync_repos:
stage: misc
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:2.0.0
script:
- cd sync
- chmod +x ./sync.sh
- ./sync.sh
rules:
- if: $UPDATE_FLAKE == "yes"
when: never
- if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
changes:
- sync/repos.csv
.scripts_base: &scripts_base .scripts_base: &scripts_base
# load nix environment # load nix environment
- git pull origin $CI_COMMIT_REF_NAME
- . "$HOME/.nix-profile/etc/profile.d/nix.sh" - . "$HOME/.nix-profile/etc/profile.d/nix.sh"
- nix-env -if https://github.com/zhaofengli/colmena/tarball/v0.4.0 - nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#colmena
.scripts_deploy: &scripts_deploy .scripts_deploy: &scripts_deploy
# setup ssh key # setup ssh key
@ -53,34 +66,65 @@ update:
- mkdir -p ~/.ssh - mkdir -p ~/.ssh
- chmod 700 ~/.ssh - chmod 700 ~/.ssh
.scripts_cache: &scripts_cache
- nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#attic-client
- attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY
- attic use skynet-cache
# add any new items to the cache
- attic watch-store skynet-cache &
# every commit on main will build and deploy # every commit on main will build and deploy
.build_template: &builder .build_template: &builder
tags: tags:
- nix - nix
before_script: before_script:
- *scripts_base - *scripts_base
only: - *scripts_cache
changes: rules:
- if: $UPDATE_FLAKE == "yes"
when: never
- changes:
- applications/**/* - applications/**/*
- machines/**/* - machines/**/*
- secrets/**/* - secrets/**/*
- flake.* - flake.*
- .gitlab-ci.yml - .gitlab-ci.yml
- config/**/*
# deploy items only run on main # deploy items only run on main
.deploy_template: &deployment .deploy_template: &deployment
before_script: before_script:
- *scripts_deploy - *scripts_deploy
- *scripts_base - *scripts_base
only: - *scripts_cache
refs: rules:
- main - if: $UPDATE_FLAKE == "yes"
when: never
- if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
changes:
- flake.nix
- flake.lock
- applications/**/*
- machines/**/*
- secrets/**/*
- config/**/*
linter:
<<: *builder
stage: test
script:
- nix --extra-experimental-features 'nix-command flakes' fmt -- --check .
build: build:
<<: *builder <<: *builder
stage: test stage: test
script: script:
- colmena build - nix --extra-experimental-features 'nix-command flakes' develop
- colmena build -v --on @active-dns
- colmena build -v --on @active-core
- colmena build -v --on @active
- colmena build -v --on @active-ext
- colmena build -v --on @active-gitlab
# dns always has to be deployed first # dns always has to be deployed first
deploy_dns: deploy_dns:
@ -88,7 +132,7 @@ deploy_dns:
<<: *deployment <<: *deployment
stage: deploy stage: deploy
script: script:
- colmena apply --on @active-dns - colmena apply -v --on @active-dns
deploy_core: deploy_core:
<<: *builder <<: *builder
@ -97,7 +141,7 @@ deploy_core:
needs: needs:
- deploy_dns - deploy_dns
script: script:
- colmena apply --on @active-core - colmena apply -v --on @active-core
deploy_active: deploy_active:
<<: *builder <<: *builder
@ -106,12 +150,22 @@ deploy_active:
needs: needs:
- deploy_dns - deploy_dns
script: script:
- colmena apply --on @active - colmena apply -v --on @active
# this is just skynet server
deploy_ext:
<<: *builder
<<: *deployment
stage: deploy
needs:
- deploy_dns
script:
- colmena apply -v --on @active-ext
deploy_gitlab: deploy_gitlab:
<<: *builder <<: *builder
<<: *deployment <<: *deployment
stage: deploy_gitlab stage: deploy_gitlab
script: script:
- colmena apply --on @active-gitlab - colmena apply -v --on @active-gitlab
when: manual when: manual

1
.mailmap Normal file
View file

@ -0,0 +1 @@
Brendan Golden <silver@skynet.ie> <git_laptop@brendan.ie> <git@brendan.ie>

45
ITD/Firewall_Rules.csv Normal file
View file

@ -0,0 +1,45 @@
Rule,Action,Ticket,Status,Source_IP,Source_Server,Destination_IP,Destination_Server,Port_TCP,Port_UDP,Notes
SKYNET_FIREWALL_00000,Add,,Complete,VPN,-,93.1.99.71 - 193.1.99.126,All,22,-,sftp/ssh required from vpn to servers for admins
SKYNET_FIREWALL_00001,Add,,Complete,All,-,193.1.99.109,SKYNET00004,-,53,Nameserver for skynet.ie
SKYNET_FIREWALL_00002,Add,,Complete,All,-,193.1.99.111,SKYNET00005,"80, 443, 8000",-,"ULFM, http(s) for internet streaming, 8000 for connecting to the server."
SKYNET_FIREWALL_00003,Add,,Complete,All,-,193.1.99.112,SKYNET00006,"80, 443, 25565",-,"Games host, Minecraft uses 25565 (will have more ports in the future)"
SKYNET_FIREWALL_00004,Add,,Complete,All,-,193.1.99.120,SKYNET00002,-,53,Nameserver for skynet.ie
SKYNET_FIREWALL_00005,Add,i23-01-19_681,Complete,193.1.99.72,SKYNET00001,All,-,-,-,Allow outbound access
SKYNET_FIREWALL_00006,Add,i23-01-19_681,Complete,193.1.99.75,SKYNET00008,All,-,-,-,Allow outbound access
SKYNET_FIREWALL_00007,Add,i23-01-19_681,Complete,193.1.99.109,SKYNET00004,All,-,-,-,Allow outbound access
SKYNET_FIREWALL_00008,Add,i23-01-19_681,Complete,193.1.99.111,SKYNET00005,All,-,-,-,Allow outbound access
SKYNET_FIREWALL_00009,Add,i23-01-19_681,Complete,193.1.99.112,SKYNET00006,All,-,-,-,Allow outbound access
SKYNET_FIREWALL_00010,Add,i23-01-19_681,Complete,193.1.99.120,SKYNET00002,All,-,-,-,Allow outbound access
SKYNET_FIREWALL_00011,Add,i23-05-18_249,Complete,All,-,193.1.99.75,SKYNET00008,"80, 443",-,For gitlab Access
SKYNET_FIREWALL_00012,Add,i23-05-18_249,Complete,193.1.99.72 - 193.1.99.126,-,All,-,-,-,"I would also like to extend the outbound access to cover our entire range (193.1.99.72 to 193.1.99.126) to allow for setup for more servers on those ip's (need to download updates and packages).
I have a few servers I plan to setup over the next two weeks, one after another as the later ones depend on earlier ones.
In such a case asking for permission for each individual IP would induce several tickets and a few weeks of paperwork going through change control.
Only a few of these sevices will need inbound ports opened on ITD's firewall, which can be requested when the systems are up, running and secured."
SKYNET_FIREWALL_00013,Add,i23-05-18_249,Complete,All,-,193.1.99.76,SKYNET00009,"143, 993, 587, 465",-,Email Server
SKYNET_FIREWALL_00014,Add,i23-06-19_525,Complete,All,-,193.1.99.76,SKYNET00009,"80, 443, 25",-,"Mailserver here, SPF, DKIM and DMARC are all set up"
SKYNET_FIREWALL_00015,Add,i23-06-19_525,Complete,All,-,193.1.99.79,SKYNET00011,"80, 443",-,Main Skynet webserver
SKYNET_FIREWALL_00016,Add,i23-06-30_024,Complete,All,-,193.1.96.165,SKYNET00012,22,-,"Skynet user's server
Outlet is 131 or 132"
SKYNET_FIREWALL_00017,Add,i23-06-30_024,Complete,193.1.96.165,SKYNET00012,193.1.99.120,SKYNET00002,-,53,Allow Skynet server to use our own internal DNS
SKYNET_FIREWALL_00018,Add,i23-06-30_024,Complete,193.1.96.165,SKYNET00012,193.1.99.74,SKYNET00007,389/636,-,Allow Skynet server to access LDAP
,Add,i23-07-28_010,Denied,All,-,193.1.99.74,SKYNET00007,"80, 443",-,Self Service site for Skynet accounts Only 443 on account modification pages
SKYNET_FIREWALL_00019,Add,i23-07-28_010,Complete,All,-,193.1.99.74,SKYNET00007,443,-,Self Service site for Skynet accounts
SKYNET_FIREWALL_00020,Add,i23-09-05_639,Complete,All,-,193.1.96.165,SKYNET00012,"80, 443",-,Web hosting for user sites
SKYNET_FIREWALL_00021,Add,i23-10-27_014,Complete,All,-,193.1.99.77,SKYNET00014,"80, 443",-,"Nextcloud, selfhosted google services, filestorage and documents"
SKYNET_FIREWALL_00022,Add,i24-02-01_102,Complete,193.1.96.165,SKYNET00012,103.1.99.109,SKYNET00004,-,53,Give the Skynet server access to ur secondary DNS
SKYNET_FIREWALL_00023,Add,i24-02-01_102,Complete,193.1.99.78,SKYNET00010,193.1.96.165,SKYNET00012,22,-,Allow our gitlab runner to access and deploy to teh external server
SKYNET_FIREWALL_00024,Add,i24-02-16_065,Complete,All,-,193.1.99.90,SKYNET00016,"80, 443",-,Games Server Administrative panel
SKYNET_FIREWALL_00025,Add,i24-02-16_065,Complete,All,-,193.1.99.91,SKYNET00017,25518-25525,"19132, 24418-24425",Minecraft Games server
SKYNET_FIREWALL_00026,Add,i24-06-04_017,Complete,All,-,193.1.99.76,SKYNET00009,4190,-,"Email sieve to allow members to add email filters to their
skynet mail."
SKYNET_FIREWALL_00027,Add,i24-06-04_017,Complete,All,-,193.1.99.82,SKYNET00018,80/443,-,"Public services such as a binary cache, open governance and keyserver"
,Add,i24-06-04_017,Denied,All,-,193.1.99.90,SKYNET00016,8080,-,"Websocket for admin panel on games management server
Denied because more information on wat it was for was requested"
,Add,i24-06-04_017,Denied,193.1.99.74,SKYNET00007,193.1.96.165,SKYNET00012,9000-9020,-,"Metrics collection, not done because not enough info provided"
SKYNET_FIREWALL_00028,Remove,i24-06-04_017,Complete,-,-,193.1.99.112,SKYNET00019,25565,-,No longer the minecraft game host
SKYNET_FIREWALL_00029,Add,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Websocket for admin panel on games management server
SKYNET_FIREWALL_00030,Add,i24-06-04_017,Complete,193.1.99.83,SKYNET00020,193.1.96.165,SKYNET00012,9000-9010,-,Metrics Collection
SKYNET_FIREWALL_00031,Add,i24-06-04_017,Complete,All,-,193.1.99.83,SKYNET00020,"80, 443",-,Web interface for Metrics server
SKYNET_FIREWALL_00032,Remove,i24-06-04_017,Complete,All,-,193.1.99.90,SKYNET00016,8080,-,Had incorrectly opened 8080 on the main panel
SKYNET_FIREWALL_00033,Add,i24-06-04_017,Complete,All,-,193.1.99.91,SKYNET00017,8080,-,Websocket for admin panel on games management server
,Add,i24-07-15_112,Denied,193.1.99.75,-,-,-,22,-,Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet'
1 Rule Action Ticket Status Source_IP Source_Server Destination_IP Destination_Server Port_TCP Port_UDP Notes
2 SKYNET_FIREWALL_00000 Add Complete VPN - 93.1.99.71 - 193.1.99.126 All 22 - sftp/ssh required from vpn to servers for admins
3 SKYNET_FIREWALL_00001 Add Complete All - 193.1.99.109 SKYNET00004 - 53 Nameserver for skynet.ie
4 SKYNET_FIREWALL_00002 Add Complete All - 193.1.99.111 SKYNET00005 80, 443, 8000 - ULFM, http(s) for internet streaming, 8000 for connecting to the server.
5 SKYNET_FIREWALL_00003 Add Complete All - 193.1.99.112 SKYNET00006 80, 443, 25565 - Games host, Minecraft uses 25565 (will have more ports in the future)
6 SKYNET_FIREWALL_00004 Add Complete All - 193.1.99.120 SKYNET00002 - 53 Nameserver for skynet.ie
7 SKYNET_FIREWALL_00005 Add i23-01-19_681 Complete 193.1.99.72 SKYNET00001 All - - - Allow outbound access
8 SKYNET_FIREWALL_00006 Add i23-01-19_681 Complete 193.1.99.75 SKYNET00008 All - - - Allow outbound access
9 SKYNET_FIREWALL_00007 Add i23-01-19_681 Complete 193.1.99.109 SKYNET00004 All - - - Allow outbound access
10 SKYNET_FIREWALL_00008 Add i23-01-19_681 Complete 193.1.99.111 SKYNET00005 All - - - Allow outbound access
11 SKYNET_FIREWALL_00009 Add i23-01-19_681 Complete 193.1.99.112 SKYNET00006 All - - - Allow outbound access
12 SKYNET_FIREWALL_00010 Add i23-01-19_681 Complete 193.1.99.120 SKYNET00002 All - - - Allow outbound access
13 SKYNET_FIREWALL_00011 Add i23-05-18_249 Complete All - 193.1.99.75 SKYNET00008 80, 443 - For gitlab Access
14 SKYNET_FIREWALL_00012 Add i23-05-18_249 Complete 193.1.99.72 - 193.1.99.126 - All - - - I would also like to extend the outbound access to cover our entire range (193.1.99.72 to 193.1.99.126) to allow for setup for more servers on those ip's (need to download updates and packages). I have a few servers I plan to setup over the next two weeks, one after another as the later ones depend on earlier ones. In such a case asking for permission for each individual IP would induce several tickets and a few weeks of paperwork going through change control. Only a few of these sevices will need inbound ports opened on ITD's firewall, which can be requested when the systems are up, running and secured.
15 SKYNET_FIREWALL_00013 Add i23-05-18_249 Complete All - 193.1.99.76 SKYNET00009 143, 993, 587, 465 - Email Server
16 SKYNET_FIREWALL_00014 Add i23-06-19_525 Complete All - 193.1.99.76 SKYNET00009 80, 443, 25 - Mailserver here, SPF, DKIM and DMARC are all set up
17 SKYNET_FIREWALL_00015 Add i23-06-19_525 Complete All - 193.1.99.79 SKYNET00011 80, 443 - Main Skynet webserver
18 SKYNET_FIREWALL_00016 Add i23-06-30_024 Complete All - 193.1.96.165 SKYNET00012 22 - Skynet user's server Outlet is 131 or 132
19 SKYNET_FIREWALL_00017 Add i23-06-30_024 Complete 193.1.96.165 SKYNET00012 193.1.99.120 SKYNET00002 - 53 Allow Skynet server to use our own internal DNS
20 SKYNET_FIREWALL_00018 Add i23-06-30_024 Complete 193.1.96.165 SKYNET00012 193.1.99.74 SKYNET00007 389/636 - Allow Skynet server to access LDAP
21 Add i23-07-28_010 Denied All - 193.1.99.74 SKYNET00007 80, 443 - Self Service site for Skynet accounts – Only 443 on account modification pages
22 SKYNET_FIREWALL_00019 Add i23-07-28_010 Complete All - 193.1.99.74 SKYNET00007 443 - Self Service site for Skynet accounts
23 SKYNET_FIREWALL_00020 Add i23-09-05_639 Complete All - 193.1.96.165 SKYNET00012 80, 443 - Web hosting for user sites
24 SKYNET_FIREWALL_00021 Add i23-10-27_014 Complete All - 193.1.99.77 SKYNET00014 80, 443 - Nextcloud, selfhosted google services, filestorage and documents
25 SKYNET_FIREWALL_00022 Add i24-02-01_102 Complete 193.1.96.165 SKYNET00012 103.1.99.109 SKYNET00004 - 53 Give the Skynet server access to ur secondary DNS
26 SKYNET_FIREWALL_00023 Add i24-02-01_102 Complete 193.1.99.78 SKYNET00010 193.1.96.165 SKYNET00012 22 - Allow our gitlab runner to access and deploy to teh external server
27 SKYNET_FIREWALL_00024 Add i24-02-16_065 Complete All - 193.1.99.90 SKYNET00016 80, 443 - Games Server Administrative panel
28 SKYNET_FIREWALL_00025 Add i24-02-16_065 Complete All - 193.1.99.91 SKYNET00017 25518-25525 19132, 24418-24425 Minecraft Games server
29 SKYNET_FIREWALL_00026 Add i24-06-04_017 Complete All - 193.1.99.76 SKYNET00009 4190 - Email sieve to allow members to add email filters to their skynet mail.
30 SKYNET_FIREWALL_00027 Add i24-06-04_017 Complete All - 193.1.99.82 SKYNET00018 80/443 - Public services such as a binary cache, open governance and keyserver
31 Add i24-06-04_017 Denied All - 193.1.99.90 SKYNET00016 8080 - Websocket for admin panel on games management server Denied because more information on wat it was for was requested
32 Add i24-06-04_017 Denied 193.1.99.74 SKYNET00007 193.1.96.165 SKYNET00012 9000-9020 - Metrics collection, not done because not enough info provided
33 SKYNET_FIREWALL_00028 Remove i24-06-04_017 Complete - - 193.1.99.112 SKYNET00019 25565 - No longer the minecraft game host
34 SKYNET_FIREWALL_00029 Add i24-06-04_017 Complete All - 193.1.99.90 SKYNET00016 8080 - Websocket for admin panel on games management server
35 SKYNET_FIREWALL_00030 Add i24-06-04_017 Complete 193.1.99.83 SKYNET00020 193.1.96.165 SKYNET00012 9000-9010 - Metrics Collection
36 SKYNET_FIREWALL_00031 Add i24-06-04_017 Complete All - 193.1.99.83 SKYNET00020 80, 443 - Web interface for Metrics server
37 SKYNET_FIREWALL_00032 Remove i24-06-04_017 Complete All - 193.1.99.90 SKYNET00016 8080 - Had incorrectly opened 8080 on the main panel
38 SKYNET_FIREWALL_00033 Add i24-06-04_017 Complete All - 193.1.99.91 SKYNET00017 8080 - Websocket for admin panel on games management server
39 Add i24-07-15_112 Denied 193.1.99.75 - - - 22 - Response from ITD - 'Our IT Security team have advised that port 22 and port 2222 are only to be allowed through the VPN and will not be opened to allow inbound ssh connections directly from the internet'

22
ITD/Server_Inventory.csv Normal file
View file

@ -0,0 +1,22 @@
Index,Name,Status,IP_Address,OS,Description
SKYNET00001,agentjones,Active,193.1.99.72,Nixos-24.05,Firewall (currently not active)
SKYNET00002,vendetta,Active,193.1.99.120,Nixos-24.05,DNS Nameserver 1
SKYNET00003,jarvis,Active,193.1.99.73,Nixos-24.05,VM Host
SKYNET00004,vigil,Active,193.1.99.109,Nixos-24.05,DNS Nameserver 2
SKYNET00005,galatea,Active,193.1.99.111,Nixos-24.05,ULFM Radio
SKYNET00006,optimus,Retired,193.1.99.112,Nixos-24.05,Retired Games server
SKYNET00007,kitt,Active,193.1.99.74,Nixos-24.05,"LDAP and Self-Service Password/Account management, also hosts our Discord bot"
SKYNET00008,glados,Active,193.1.99.75,Nixos-24.05,Gitlab server
SKYNET00009,gir,Active,193.1.99.76,Nixos-24.05,Email and Webmail
SKYNET00010,wheatly,Active,193.1.99.78,Nixos-24.05,Gitlab Runner
SKYNET00011,earth,Active,193.1.99.79,Nixos-24.05,Offical website host
SKYNET00012,skynet,Active,193.1.96.165,Nixos-24.05,Skynet server. (DMZ)
SKYNET00013,neuromancer,Active,193.1.99.80,Nixos-24.05,Local Backup Server
SKYNET00014,cadie,Active,193.1.99.77,Nixos-24.05,"Services VM, has nextcloud to start with"
SKYNET00015,marvin,Active,193.1.99.81,Nixos-24.05,Trainee testing server
SKYNET00016,optimus,Active,193.1.99.90,Debian-12,Games server manager (replacing SKYNET00006 soon)
SKYNET00017,bumblebee,Active,193.1.99.91,Debian-12,Game server - Minecraft
SKYNET00018,calculon,Active,193.1.99.82,Nixos-24.05,"Public Services such as binary cache, Open Governance and Keyserver"
SKYNET00019,deepthought,Active,193.1.99.112,Nixos-24.05,Backup Test Server using restic
SKYNET00020,ariia,Active,193.1.99.83,Nixos-24.05,"Metrics, Grafana and Prometheus"
SKYNET00021,ash,Active,193.1.99.114,NA,Server Room Network access
1 Index Name Status IP_Address OS Description
2 SKYNET00001 agentjones Active 193.1.99.72 Nixos-24.05 Firewall (currently not active)
3 SKYNET00002 vendetta Active 193.1.99.120 Nixos-24.05 DNS Nameserver 1
4 SKYNET00003 jarvis Active 193.1.99.73 Nixos-24.05 VM Host
5 SKYNET00004 vigil Active 193.1.99.109 Nixos-24.05 DNS Nameserver 2
6 SKYNET00005 galatea Active 193.1.99.111 Nixos-24.05 ULFM Radio
7 SKYNET00006 optimus Retired 193.1.99.112 Nixos-24.05 Retired Games server
8 SKYNET00007 kitt Active 193.1.99.74 Nixos-24.05 LDAP and Self-Service Password/Account management, also hosts our Discord bot
9 SKYNET00008 glados Active 193.1.99.75 Nixos-24.05 Gitlab server
10 SKYNET00009 gir Active 193.1.99.76 Nixos-24.05 Email and Webmail
11 SKYNET00010 wheatly Active 193.1.99.78 Nixos-24.05 Gitlab Runner
12 SKYNET00011 earth Active 193.1.99.79 Nixos-24.05 Offical website host
13 SKYNET00012 skynet Active 193.1.96.165 Nixos-24.05 Skynet server. (DMZ)
14 SKYNET00013 neuromancer Active 193.1.99.80 Nixos-24.05 Local Backup Server
15 SKYNET00014 cadie Active 193.1.99.77 Nixos-24.05 Services VM, has nextcloud to start with
16 SKYNET00015 marvin Active 193.1.99.81 Nixos-24.05 Trainee testing server
17 SKYNET00016 optimus Active 193.1.99.90 Debian-12 Games server manager (replacing SKYNET00006 soon)
18 SKYNET00017 bumblebee Active 193.1.99.91 Debian-12 Game server - Minecraft
19 SKYNET00018 calculon Active 193.1.99.82 Nixos-24.05 Public Services such as binary cache, Open Governance and Keyserver
20 SKYNET00019 deepthought Active 193.1.99.112 Nixos-24.05 Backup Test Server using restic
21 SKYNET00020 ariia Active 193.1.99.83 Nixos-24.05 Metrics, Grafana and Prometheus
22 SKYNET00021 ash Active 193.1.99.114 NA Server Room Network access

6
ITD/VPN_Admins.csv Normal file
View file

@ -0,0 +1,6 @@
Index,First Name,Surname,UL Student Email
SKYNET_VPN_ADM_001,Brendan,Golden,12136891@studentmail.ul.ie
SKYNET_VPN_ADM_002,Evan,Cassidy,External
SKYNET_VPN_ADM_003,Eoghan,Conlon,21310262@studentmail.ul.ie
SKYNET_VPN_ADM_004,Eliza,Macovei,23382619@studentmail.ul.ie
SKYNET_VPN_ADM_005,Daragh,Downes,22351159@studentmail.ul.ie
1 Index First Name Surname UL Student Email
2 SKYNET_VPN_ADM_001 Brendan Golden 12136891@studentmail.ul.ie
3 SKYNET_VPN_ADM_002 Evan Cassidy External
4 SKYNET_VPN_ADM_003 Eoghan Conlon 21310262@studentmail.ul.ie
5 SKYNET_VPN_ADM_004 Eliza Macovei 23382619@studentmail.ul.ie
6 SKYNET_VPN_ADM_005 Daragh Downes 22351159@studentmail.ul.ie

View file

@ -0,0 +1,7 @@
Date,Date Modified,Action,Ticket,ID
SKYNET_VPN_ADM_CHANGE_001,2023/04/04,Added,,SKYNET_VPN_ADM_001
SKYNET_VPN_ADM_CHANGE_002,2023/04/04,Added,,SKYNET_VPN_ADM_002
SKYNET_VPN_ADM_CHANGE_003,2023/04/04,Added,,SKYNET_VPN_ADM_003
SKYNET_VPN_ADM_CHANGE_003,2024/07/21,Removed,i24-07-22_760,SKYNET_VPN_ADM_003
SKYNET_VPN_ADM_CHANGE_004,2024/07/21,Added,i24-07-22_760,SKYNET_VPN_ADM_004
SKYNET_VPN_ADM_CHANGE_005,2024/07/21,Added,i24-07-22_760,SKYNET_VPN_ADM_005
1 Date Date Modified Action Ticket ID
2 SKYNET_VPN_ADM_CHANGE_001 2023/04/04 Added SKYNET_VPN_ADM_001
3 SKYNET_VPN_ADM_CHANGE_002 2023/04/04 Added SKYNET_VPN_ADM_002
4 SKYNET_VPN_ADM_CHANGE_003 2023/04/04 Added SKYNET_VPN_ADM_003
5 SKYNET_VPN_ADM_CHANGE_003 2024/07/21 Removed i24-07-22_760 SKYNET_VPN_ADM_003
6 SKYNET_VPN_ADM_CHANGE_004 2024/07/21 Added i24-07-22_760 SKYNET_VPN_ADM_004
7 SKYNET_VPN_ADM_CHANGE_005 2024/07/21 Added i24-07-22_760 SKYNET_VPN_ADM_005

View file

@ -1,14 +0,0 @@
Index,Name,IP_Address,DNS_Name,Ports_Current,Ports_Requested,Related_Tickets,Description
SKYNET00001,agentjones,193.1.99.72,agentjones,"","","",Firewall (currently not active)
SKYNET00002,vendetta,193.1.99.120,vendetta/ns1,53,"","",DNS Nameserver 1
SKYNET00003,jarvis,193.1.99.73,jarvis,"","","",VM Host
SKYNET00004,vigil,193.1.99.109,vigil/ns2,53,"","",DNS Nameserver 2
SKYNET00005,galatea,193.1.99.111,galatea/stream,80/443 8000,"","",ULFM Radio
SKYNET00006,optimus,193.1.99.112,optimus/games/*.games,80/443 25565,"","",Games server
SKYNET00007,kitt,193.1.99.74,kitt/account/api.account,"",80/443,i23-07-28_010,LDAP and Self-Service Password/Account management
SKYNET00008,glados,193.1.99.75,glados/gitlab/*.pages.gitlab,80/443,2222,i23-05-18_249,Gitlab server
SKYNET00009,gir,193.1.99.76,gir/mail,80/443 25/143/993/587/465,"",i23-06-19_525/i23-06-19_525,Email and Webmail
SKYNET00010,wheatly,193.1.99.78,wheatly,"","","",Gitlab Runner
SKYNET00011,skynet_internal,193.1.99.79,skynet/skynet.int,80/443,"",i23-06-19_525,"Skynet server, Temp until I can get the DMZ setup properly on my end"
SKYNET00012,skynet_dmz,193.1.96.165,skynet,22 80/443,"",i23-06-30_024,Skynet server.
SKYNET00013,neuromancer,193.1.99.80,neuromancer,"","","",Local Backup Server
1 Index Name IP_Address DNS_Name Ports_Current Ports_Requested Related_Tickets Description
2 SKYNET00001 agentjones 193.1.99.72 agentjones Firewall (currently not active)
3 SKYNET00002 vendetta 193.1.99.120 vendetta/ns1 53 DNS Nameserver 1
4 SKYNET00003 jarvis 193.1.99.73 jarvis VM Host
5 SKYNET00004 vigil 193.1.99.109 vigil/ns2 53 DNS Nameserver 2
6 SKYNET00005 galatea 193.1.99.111 galatea/stream 80/443 8000 ULFM Radio
7 SKYNET00006 optimus 193.1.99.112 optimus/games/*.games 80/443 25565 Games server
8 SKYNET00007 kitt 193.1.99.74 kitt/account/api.account 80/443 i23-07-28_010 LDAP and Self-Service Password/Account management
9 SKYNET00008 glados 193.1.99.75 glados/gitlab/*.pages.gitlab 80/443 2222 i23-05-18_249 Gitlab server
10 SKYNET00009 gir 193.1.99.76 gir/mail 80/443 25/143/993/587/465 i23-06-19_525/i23-06-19_525 Email and Webmail
11 SKYNET00010 wheatly 193.1.99.78 wheatly Gitlab Runner
12 SKYNET00011 skynet_internal 193.1.99.79 skynet/skynet.int 80/443 i23-06-19_525 Skynet server, Temp until I can get the DMZ setup properly on my end
13 SKYNET00012 skynet_dmz 193.1.96.165 skynet 22 80/443 i23-06-30_024 Skynet server.
14 SKYNET00013 neuromancer 193.1.99.80 neuromancer Local Backup Server

9
LICENSE Normal file
View file

@ -0,0 +1,9 @@
MIT License
Copyright (c) 2024 Skynet
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

20
Possible_Server_Names.md Normal file
View file

@ -0,0 +1,20 @@
https://web.archive.org/web/20180815150202/https://wiki.skynet.ie/Admin/SkynetMachines
https://en.m.wikipedia.org/wiki/Category:Fictional_artificial_intelligences
https://en.wikipedia.org/wiki/List_of_artificial_intelligence_films
* agentsmith
* skynet
* caro
* Lowe - https://westworld.fandom.com/wiki/Bernard_Lowe
* ultron
* walle
* eve
* calculon
* deepthought
* earth
* flexo
* bender
* marvin
* kitt
* wopr
* wintermute

View file

@ -46,7 +46,20 @@ While the ***recommended way of deploying is using the CI/CD process*** there ar
One such case is the ``@active-gitlab`` group if either Gitlab or Gitlab-runner got updated. One such case is the ``@active-gitlab`` group if either Gitlab or Gitlab-runner got updated.
Another is if ye have fecked up DNS. Another is if ye have fecked up DNS.
Your ``~/.ssh/config`` should be set up as follows and you should be a member of ``skynet-admins-linux``
```ini
Host *.skynet.ie 193.1.99.* 193.1.96.165
User username
IdentityFile ~/.ssh/skynet/username
IdentitiesOnly yes
```
Then you can run the following commands like so:
```shell ```shell
colmena apply
colmena apply --on @active-dns
colmena apply --on @active-gitlab colmena apply --on @active-gitlab
``` ```
@ -85,6 +98,16 @@ We should be updating ``nixpkgs`` at least once a semester, ideally to teh next
```shell ```shell
nix flake lock --update-input nixpkgs nix flake lock --update-input nixpkgs
# newser versions
nix flake update nixpkgs
```
### Formatting
Formatting helps keep everything nice and consistent.
The pipeline will only run if the file is correctly formatted.
```shell
nix fmt
``` ```

74
applications/_base.nix Normal file
View file

@ -0,0 +1,74 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
# root service
cfg = config.services.skynet;
in {
imports = [
# every server needs to have a dns record
./dns/dns.nix
# every server should have proper certs
./acme.nix
./nginx.nix
# every server may need the firewall config stuff
./firewall.nix
# every server needs teh ldap client for admins
./ldap/client.nix
# every server will need the config to backup to
./restic.nix
# every server will be monitored for grafana
./prometheus.nix
];
options.services.skynet = {
# since we use this basically everywhere provide a standard way to set it
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
hostname = mkOption {
type = types.str;
default = "${cfg.host.name}.skynet.ie";
};
};
};
config = {
services.skynet.dns.records = [
{
record = cfg.host.name;
r_type = "A";
value = cfg.host.ip;
server = true;
}
{
record = cfg.host.ip;
r_type = "PTR";
value = cfg.host.hostname;
}
];
services.nginx = {
virtualHosts = {
# for every server unless explisitly defined redirect the ip to skynet.ie
"${cfg.host.ip}" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/".return = "307 https://skynet.ie";
};
};
};
};
}

View file

@ -0,0 +1,69 @@
{
config,
pkgs,
lib,
inputs,
...
}:
with lib; let
name = "games";
cfg = config.services.skynet."${name}";
in {
imports = [
./nginx.nix
./games/minecraft.nix
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Games";
domain = {
tld = mkOption {
type = types.str;
default = "ie";
};
base = mkOption {
type = types.str;
default = "skynet";
};
sub = mkOption {
type = types.str;
default = "games";
};
};
};
config = mkIf cfg.enable {
services.skynet.dns.records = [
# need a base domain
{
record = cfg.domain.sub;
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.skynet.acme.domains = [
"${cfg.domain.sub}.skynet.ie"
];
services.nginx.virtualHosts = {
"${cfg.domain.sub}.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
root = "${inputs.skynet_website_games.defaultPackage.x86_64-linux}";
};
};
# the minecraft servers
services.skynet.games_minecraft = {
enable = true;
domain = {
sub = "minecraft.${cfg.domain.sub}";
};
};
};
}

View file

@ -1,33 +1,24 @@
{ config, pkgs, lib, inputs, ... }: {
with lib; config,
let pkgs,
cfg = config.services.skynet_games_minecraft; lib,
inputs,
# got tired of how long this is so I created a var for it. ...
short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; }:
in { with lib; let
name = "games_minecraft";
cfg = config.services.skynet."${name}";
# got tired of how long this is so I created a var for it.
short_domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
in {
imports = [ imports = [
../acme.nix
../dns.nix
../firewall.nix
../nginx.nix
inputs.arion.nixosModules.arion inputs.arion.nixosModules.arion
]; ];
options.services.skynet_games_minecraft = { options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Games Minecraft"; enable = mkEnableOption "Skynet Games Minecraft";
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
domain = { domain = {
tld = mkOption { tld = mkOption {
type = types.str; type = types.str;
@ -48,27 +39,54 @@
config = mkIf cfg.enable { config = mkIf cfg.enable {
skynet_firewall.forward = [ skynet_firewall.forward = [
"ip daddr ${cfg.host.ip} tcp dport 80 counter packets 0 bytes 0 accept" "ip daddr ${config.services.skynet.host.ip} tcp dport 80 counter packets 0 bytes 0 accept"
"ip daddr ${cfg.host.ip} tcp dport 443 counter packets 0 bytes 0 accept" "ip daddr ${config.services.skynet.host.ip} tcp dport 443 counter packets 0 bytes 0 accept"
"ip daddr ${cfg.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept" "ip daddr ${config.services.skynet.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept"
]; ];
skynet_acme.domains = [ services.skynet.acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
"*.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" "*.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
]; ];
skynet_dns.records = [ services.skynet.dns.records = [
# the minecraft (web) config server # the minecraft (web) config server
{record="config.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} {
record = "config.${cfg.domain.sub}";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
# our own minecraft hosts # our own minecraft hosts
{record="compsoc_classic.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} {
{record="compsoc.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} record = "compsoc_classic.${cfg.domain.sub}";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
{
record = "compsoc.${cfg.domain.sub}";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
# gsoc servers # gsoc servers
{record="gsoc.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} {
{record="gsoc_abridged.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} record = "gsoc.${cfg.domain.sub}";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
{
record = "gsoc_abridged.${cfg.domain.sub}";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
# phildeb
{
record = "phildeb.${cfg.domain.sub}";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
]; ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
@ -77,7 +95,6 @@
]; ];
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
# https://config.minecraft.games.skynet.ie # https://config.minecraft.games.skynet.ie
"config.${short_domain}" = { "config.${short_domain}" = {
forceSSL = true; forceSSL = true;
@ -94,7 +111,6 @@
useACMEHost = "skynet"; useACMEHost = "skynet";
locations."/map/".alias = "/etc/games/minecraft/craftycontrol/servers/f4c5eb33-c6d6-421c-81ab-ded31f6e8750/plugins/dynmap/web/"; locations."/map/".alias = "/etc/games/minecraft/craftycontrol/servers/f4c5eb33-c6d6-421c-81ab-ded31f6e8750/plugins/dynmap/web/";
}; };
}; };
# arion is one way to use docker on nixos # arion is one way to use docker on nixos
@ -103,14 +119,13 @@
virtualisation.arion = { virtualisation.arion = {
backend = "docker"; backend = "docker";
projects = { projects = {
minecraft.settings.services = { minecraft.settings.services = {
mc_proxy.service = { mc_proxy.service = {
image = "itzg/mc-router:1.18.0"; image = "itzg/mc-router:1.18.0";
ports = [ "25565:25565/tcp" ]; ports = ["25565:25565/tcp"];
expose = [ "25565" ]; expose = ["25565"];
command = [ command = [
"--mapping=compsoc_classic.${short_domain}=mc_config:20000,compsoc.${short_domain}=mc_config:20001,gsoc.${short_domain}=mc_config:20002,gsoc.${short_domain}=mc_config:20002,gsoc_abridged.${short_domain}=mc_config:20003" "--mapping=compsoc_classic.${short_domain}=mc_config:20000,compsoc.${short_domain}=mc_config:20001,gsoc.${short_domain}=mc_config:20002,gsoc.${short_domain}=mc_config:20002,gsoc_abridged.${short_domain}=mc_config:20003,phildeb.${short_domain}=mc_config:20004"
]; ];
}; };
@ -118,7 +133,7 @@
image = "registry.gitlab.com/crafty-controller/crafty-4:4.1.1"; image = "registry.gitlab.com/crafty-controller/crafty-4:4.1.1";
environment = { environment = {
TZ="Etc/UTC"; TZ = "Etc/UTC";
}; };
volumes = [ volumes = [
@ -138,10 +153,13 @@
"20001:20001/tcp" "20001:20001/tcp"
# games # games
"20002:20002/tcp" "20002:20002/tcp"
"20003:20003/tcp"
# phildeb
"20004:20004/tcp"
]; ];
}; };
}; };
}; };
}; };
}; };
} }

View file

@ -1,13 +1,18 @@
{ config, pkgs, lib, ... }: {
with lib; config,
let pkgs,
cfg = config.skynet_acme; lib,
in { ...
}:
with lib; let
name = "acme";
cfg = config.services.skynet."${name}";
in {
imports = []; imports = [];
options.skynet_acme = { options.services.skynet."${name}" = {
domains = lib.mkOption { domains = lib.mkOption {
default = [ ]; default = [];
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
description = '' description = ''
A list of domains to use for this server. A list of domains to use for this server.
@ -27,15 +32,15 @@
defaults = { defaults = {
email = "admin_acme@skynet.ie"; email = "admin_acme@skynet.ie";
credentialsFile = config.age.secrets.acme.path;
# we use our own dns authorative server for verifying we own the domain. # we use our own dns authorative server for verifying we own the domain.
dnsProvider = "rfc2136"; dnsProvider = "rfc2136";
credentialsFile = config.age.secrets.acme.path;
}; };
certs = { certs = {
"skynet" = { "skynet" = {
domain = "skynet.ie"; domain = "skynet.ie";
extraDomainNames = cfg.domains; extraDomainNames = lists.naturalSort cfg.domains;
}; };
}; };
}; };

View file

@ -0,0 +1,76 @@
{
pkgs,
config,
lib,
...
}: let
user = "bwdc";
in {
imports = [];
options = {};
config = {
age.secrets.bitwarden_sync_id = {
file = ../../secrets/bitwarden/id.age;
owner = user;
group = user;
};
age.secrets.bitwarden_sync_secret = {
file = ../../secrets/bitwarden/secret.age;
owner = user;
group = user;
};
age.secrets.bitwarden_sync_ldap = {
file = ../../secrets/ldap/pw.age;
owner = user;
group = user;
};
services.bitwarden-directory-connector-cli = {
enable = true;
user = user;
domain = "https://pw.skynet.ie";
ldap = {
ssl = false;
startTls = false;
sslAllowUnauthorized = false;
ad = false;
port = 389;
hostname = "account.skynet.ie";
rootPath = "dc=skynet,dc=ie";
username = "cn=admin,dc=skynet,dc=ie";
};
sync = {
removeDisabled = true;
overwriteExisting = false;
largeImport = false;
memberAttribute = "member";
creationDateAttribute = "skCreated";
users = true;
userPath = "ou=users";
userObjectClass = "inetOrgPerson";
userEmailAttribute = "skMail";
userFilter = "(|(memberOf=cn=skynet-committee,ou=groups,dc=skynet,dc=ie)(memberOf=cn=skynet-admins,ou=groups,dc=skynet,dc=ie))";
groups = true;
groupPath = "ou=groups";
groupObjectClass = "groupOfNames";
groupNameAttribute = "cn";
};
secrets = {
ldap = config.age.secrets.bitwarden_sync_ldap.path;
bitwarden = {
client_path_id = config.age.secrets.bitwarden_sync_id.path;
client_path_secret = config.age.secrets.bitwarden_sync_secret.path;
};
};
};
};
}

View file

@ -0,0 +1,83 @@
{
config,
pkgs,
lib,
inputs,
...
}:
with lib; let
name = "vaultwarden";
cfg = config.services.skynet."${name}";
domain_sub = "pw";
domain = "${domain_sub}.skynet.ie";
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet VaultWarden server";
};
config = mkIf cfg.enable {
#backups = [ "/etc/silver_ul_ical/database.db" ];
# Website config
services.skynet.acme.domains = [
domain
];
services.skynet.dns.records = [
{
record = domain_sub;
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.nginx.virtualHosts = {
"${domain}" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
};
# has ADMIN_TOKEN and SMTP_PASSWORD
age.secrets.bitwarden_details.file = ../../secrets/bitwarden/details.age;
services.vaultwarden = {
enable = true;
environmentFile = config.age.secrets.bitwarden_details.path;
config = {
DOMAIN = "https://${domain}";
SENDS_ALLOWED = true;
SIGNUPS_ALLOWED = false;
INVITATION_ORG_NAME = "Skyhold";
ORG_GROUPS_ENABLED = true;
USE_SENDMAIL = false;
SMTP_HOST = "mail.skynet.ie";
SMTP_FROM = "vaultwarden@skynet.ie";
SMTP_FROM_NAME = "Skynet Bitwarden server";
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
SMTP_USERNAME = "vaultwarden@skynet.ie";
SMTP_AUTH_MECHANISM = "Login";
SMTP_EMBED_IMAGES = true;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
};
};
};
}

View file

@ -1,38 +1,37 @@
{ config, pkgs, lib, inputs, ... }: {
with lib; config,
let pkgs,
cfg = config.services.discord_bot; lib,
in { inputs,
...
}:
with lib; let
name = "discord_bot";
cfg = config.services.skynet."${name}";
in {
imports = [ imports = [
inputs.skynet_discord_bot.nixosModule."x86_64-linux" inputs.skynet_discord_bot.nixosModule."x86_64-linux"
]; ];
options.services.discord_bot = { options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet LDAP backend server"; enable = mkEnableOption "Skynet LDAP backend server";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
#backups = [ "/etc/silver_ul_ical/database.db" ]; #backups = [ "/etc/silver_ul_ical/database.db" ];
age.secrets.discord_token.file = ../secrets/discord/token.age; age.secrets.discord_token.file = ../secrets/discord/token.age;
age.secrets.discord_ldap.file = ../secrets/discord/ldap.age; age.secrets.discord_mail.file = ../secrets/email/details.age;
age.secrets.discord_wolves.file = ../secrets/wolves/details.age;
# this is what was imported
services.skynet_discord_bot = { services.skynet_discord_bot = {
enable = true; enable = true;
env = { env = {
discord = config.age.secrets.discord_token.path; discord = config.age.secrets.discord_token.path;
ldap = config.age.secrets.discord_ldap.path; mail = config.age.secrets.discord_mail.path;
}; wolves = config.age.secrets.discord_wolves.path;
discord = {
server = "689189992417067052";
role = {
past = "689192357727436926";
current = "887072218004197418";
};
}; };
}; };
}; };

View file

@ -1,400 +0,0 @@
{ lib, pkgs, config, nodes, ... }:
let
cfg = config.skynet_dns;
# reads that date to a string (will need to be fixed in 2038)
current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}";
# gets a list of records that match this type
filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records;
filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A");
filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A");
process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x);
process_ptr_sub = record: {record=(builtins.substring 9 3 record.record); r_type="PTR"; value=record.value;};
ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip);
sort_records_server = builtins.sort (a: b: a.record < b.record) filter_records_server;
sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a;
sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME");
sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR"));
sort_records_srv = builtins.sort (a: b: a.record < b.record) (filter_records_type "SRV");
format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records;
# small function to trim it down a tad
padString = text: length: fixedWidthString_post length " " text;
# like lib.strings.fixedWidthString but postfix
fixedWidthString_post = width: filler: str:
let
strw = lib.stringLength str;
reqWidth = width - (lib.stringLength filler);
in
assert lib.assertMsg (strw <= width) "fixedWidthString_post: requested string length (${toString width}) must not be shorter than actual length (${toString strw})";
if strw == width
then str
else (fixedWidthString_post reqWidth filler str) + filler;
# base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
get_config_file = (domain:
''$TTL 60 ; 1 minute
; hostmaster@${domain} is an email address that recieves stuff related to dns
@ IN SOA ${nameserver}.${domain}. hostmaster.${domain}. (
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
${current_date}
600 ; Refresh (10 minutes)
300 ; Retry (5 minutes)
604800 ; Expire (1 week)
3600 ; Minimum (1 hour)
)
@ NS ns1.${domain}.
@ NS ns2.${domain}.
; @ stands for teh root domain so teh A record below is where ${domain} points to
;@ A 193.1.99.76
;@ MX 5 ${domain}.
; can have multiple mailserves
@ MX 10 mail.${domain}.
; ------------------------------------------
; Server Names (A Records)
; ------------------------------------------
${format_records sort_records_server 11}
; ------------------------------------------
; A (non server names
; ------------------------------------------
${format_records sort_records_a 18}
; ------------------------------------------
; CNAMES
; ------------------------------------------
${format_records sort_records_cname 31}
; ------------------------------------------
; TXT
; ------------------------------------------
${format_records (filter_records_type "TXT") 29}
; ------------------------------------------
; SRV
; ------------------------------------------
${format_records sort_records_srv 17}
''
);
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse
# config for our reverse dnspointers (not properly working)
get_config_file_rev = (domain:
''$ORIGIN 64-64.99.1.193.in-addr.arpa.
$TTL 60 ; 1 minute
; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
${current_date}
600 ; Refresh (10 minutes)
300 ; Retry (5 minutes)
604800 ; Expire (1 week)
3600 ; Minimum (1 hour)
)
@ NS ns1.skynet.ie.
@ NS ns2.skynet.ie.
; ------------------------------------------
; PTR
; ------------------------------------------
${format_records sort_records_ptr 3}
''
);
# domains we dont have proper ownship over, only here to ensure the logs dont get cluttered.
get_config_file_old_domains = (domain:
''$TTL 60 ; 1 minute
; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
${current_date}
600 ; Refresh (10 minutes)
300 ; Retry (5 minutes)
604800 ; Expire (1 week)
3600 ; Minimum (1 hour)
)
@ NS ns1.skynet.ie.
@ NS ns2.skynet.ie.
''
);
# arrys of teh two nameservers
tmp1 = ["193.1.99.109"];
tmp2 = ["193.1.99.120"];
primaries = (if cfg.server.primary then
# primary servers have no primaries (ones they listen to)
[]
else
if builtins.elem cfg.server.ip tmp1 then
tmp2
else
tmp1
);
secondaries = (if cfg.server.primary then
if builtins.elem cfg.server.ip tmp1 then
tmp2
else
tmp1
else
[]
);
# small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router
create_cache_networks = (map (x: "193.1.99.${toString x}/32" ) (lib.lists.range 71 126) );
# standard function to create the etc file, pass in the text and domain and it makes it
create_entry_etc_sub = domain: text: {
# Creates /etc/skynet/dns/domain
"skynet/dns/${domain}" = {
user = "named";
group = "named";
# The UNIX file mode bits
mode = "0664";
text = text;
};
};
# (text.owned "csn.ul.ie")
# standard function to create the etc file, pass in the text and domain and it makes it
create_entry_etc = domain: type:
if type == "owned" then
create_entry_etc_sub domain (text.owned domain)
else if type == "reverse" then
create_entry_etc_sub domain (text.reverse domain)
else if type == "old" then
create_entry_etc_sub domain (text.old domain)
else
{};
create_entry_zone = (domain: extraConfig: {
"${domain}" = {
extraConfig = ''
${extraConfig}
// for bumping the config
// ${current_date}
'';
# really wish teh nixos config didnt use master/slave
master = cfg.server.primary;
masters = primaries;
slaves = secondaries;
# need to write this to a file
# using the date in it so it will trigger a restart
file = "/etc/skynet/dns/${domain}";
# no leading whitespace for first line
};
});
text = {
owned = domain: get_config_file domain;
reverse = domain: get_config_file_rev domain;
old = domain: get_config_file_old_domains domain;
};
extraConfig = {
owned =
if cfg.server.primary then
''
allow-update { key rfc2136key.skynet.ie.; };
dnssec-policy default;
inline-signing yes;
''
else
"";
# no extra config for reverse
reverse = "";
old = "";
};
records = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
let
details_server = value.config.skynet_dns.server;
details_records = value.config.skynet_dns.records;
in
if builtins.hasAttr "skynet_dns" value.config
then (
# got to handle habing a dns record for the dns serves themselves.
if details_server.enable
then (
if details_server.primary
then details_records ++ [ {record="ns1"; r_type="A"; value=details_server.ip; server=false;} ]
else details_records ++ [ {record="ns2"; r_type="A"; value=details_server.ip; server=false;} ]
)
else details_records
)
else []
) nodes
);
nameserver = if cfg.server.primary then "ns1" else "ns2";
in {
imports = [
../applications/firewall.nix
];
options = {
skynet_dns = {
server = {
enable = lib.mkEnableOption {
default = false;
description = "Skynet DNS server";
type = lib.types.bool;
};
primary = lib.mkOption {
type = lib.types.bool;
default = false;
};
ip = lib.mkOption {
type = lib.types.str;
description = ''
ip of this server
'';
};
};
records = lib.mkOption {
description = "Records, sorted based on therir type";
type = with lib.types; listOf (submodule {
options = {
record = lib.mkOption {
type = str;
};
r_type = lib.mkOption {
type = enum ["A" "CNAME" "TXT" "PTR" "SRV"];
};
value = lib.mkOption {
type = str;
};
server = lib.mkOption {
description = "Core record for a server";
type = bool;
default = false;
};
};
});
};
};
};
config = lib.mkIf cfg.server.enable {
# open the firewall for this
skynet_firewall.forward = [
"ip daddr ${cfg.server.ip} tcp dport 53 counter packets 0 bytes 0 accept"
"ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept"
];
services.bind.zones =
(create_entry_zone "csn.ul.ie" extraConfig.owned ) //
(create_entry_zone "skynet.ie" extraConfig.owned ) //
(create_entry_zone "ulcompsoc.ie" extraConfig.owned ) //
(create_entry_zone "64-64.99.1.193.in-addr.arpa" extraConfig.reverse ) //
(create_entry_zone "conradcollins.net" extraConfig.old )//
(create_entry_zone "edelharty.net" extraConfig.old );
environment.etc =
(create_entry_etc "csn.ul.ie" "owned") //
(create_entry_etc "skynet.ie" "owned") //
(create_entry_etc "ulcompsoc.ie" "owned") //
(create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse") //
(create_entry_etc "conradcollins.net" "old") //
(create_entry_etc "edelharty.net" "old");
# secrets required
age.secrets.dns_dnskeys = {
file = ../secrets/dns_dnskeys.conf.age;
owner = "named";
group = "named";
};
networking.firewall = {
allowedTCPPorts = [53];
allowedUDPPorts = [53];
};
services.bind = {
enable = true;
ipv4Only = true;
# need to take a look at https://nixos.org/manual/nixos/unstable/#module-security-acme-config-dns
extraConfig = ''
include "/run/agenix/dns_dnskeys";
'';
# piles of no valid RRSIG resolving 'com/DS/IN' errors
extraOptions = ''
dnssec-validation yes;
'';
# set the upstream dns servers
# overrides the default dns servers
forwarders = [
# Cloudflare
"1.1.1.1"
# Google
"8.8.8.8"
# Quad9
"9.9.9.9"
];
cacheNetworks = [
# this server itself
"127.0.0.0/24"
# all of skynet can use this as a resolver
/*
Origianl idea, however all external traffic had the ip of the router
"193.1.99.64/26"
So to fix this we need to allow smaller ranges? - Didnt work
Fallback is explisitly listing each ip we have
Now have a function for it
*/
] ++ create_cache_networks;
};
# creates a folder in /etc for the dns to use
users.users.named = {
createHome = true;
home = "/etc/skynet/dns";
};
};
}

429
applications/dns/dns.nix Normal file
View file

@ -0,0 +1,429 @@
{
lib,
pkgs,
config,
nodes,
self,
...
}: let
name = "dns";
cfg = config.services.skynet."${name}";
# reads that date to a string (will need to be fixed in 2038)
current_date = self.lastModified;
# this gets a list of all domains we have records for
domains = lib.lists.naturalSort (lib.lists.unique (
lib.lists.forEach records (x: x.domain)
));
# get the ip's of our servers
servers = lib.lists.naturalSort (lib.lists.unique (
lib.lists.forEach (sort_records_a_server records) (x: x.value)
));
domains_owned = [
# for historic reasons we own this
"csn.ul.ie"
# the main one we use now
"skynet.ie"
# a backup
"ulcompsoc.ie"
];
# gets a list of records that match this type
filter_records_type = records: r_type: builtins.filter (x: x.r_type == r_type) records;
# Get all the A records that are for servers (base record for them)
filter_records_a_server = records: builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type records "A");
# Every other A record
filter_records_a = records: builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type records "A");
# These functions are to get the final 3 digits of an IP address so we can use them for reverse pointer
process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x);
process_ptr_sub = record: {
record = builtins.substring 9 3 record.record;
r_type = "PTR";
value = record.value;
};
ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip);
# filter and sort records so we cna group them in the right place later
sort_records_a_server = records: builtins.sort (a: b: a.record < b.record) (filter_records_a_server records);
sort_records_a = records: builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) (filter_records_a records);
sort_records_cname = records: builtins.sort (a: b: a.value < b.value) (filter_records_type records "CNAME");
sort_records_ptr = records: builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type records "PTR"));
sort_records_srv = records: builtins.sort (a: b: a.record < b.record) (filter_records_type records "SRV");
# a tad overkill but type guarding is useful
max = x: y:
assert builtins.isInt x;
assert builtins.isInt y;
if x < y
then y
else x;
# get teh max length of a list of strings
max_len = records: lib.lists.foldr (a: b: (max a b)) 0 (lib.lists.forEach records (record: lib.strings.stringLength record.record));
# Now that we can get teh max lenth of a list of strings
# we can pad it out to the max len +1
# this is so that teh generated file is easier for a human to read
format_records = records: let
offset = (max_len records) + 1;
in
lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records;
# small function to add spaces until it reaches teh required length
padString = text: length: fixedWidthString_post length " " text;
# like lib.strings.fixedWidthString but postfix
# recursive function to extend a string up to a limit
fixedWidthString_post = width: filler: str: let
strw = lib.stringLength str;
reqWidth = width - (lib.stringLength filler);
in
# this is here because we were manually setting teh length, now max_len does that for us
assert lib.assertMsg (strw <= width) "fixedWidthString_post: requested string length (${toString width}) must not be shorter than actual length (${toString strw})";
if strw == width
then str
else (fixedWidthString_post reqWidth filler str) + filler;
# base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
# ";" are comments in this file
get_config_file = (
domain: records: ''
$TTL 60 ; 1 minute
; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
${toString current_date}
600 ; Refresh (10 minutes)
300 ; Retry (5 minutes)
604800 ; Expire (1 week)
3600 ; Minimum (1 hour)
)
; @ stands for teh root domain so teh A record below is where ${domain} points to
@ NS ns1.skynet.ie.
@ NS ns2.skynet.ie.
; ------------------------------------------
; Server Names (A Records)
; ------------------------------------------
${format_records (sort_records_a_server records)}
; ------------------------------------------
; A (non server names
; ------------------------------------------
${format_records (sort_records_a records)}
; ------------------------------------------
; CNAMES
; ------------------------------------------
${format_records (sort_records_cname records)}
; ------------------------------------------
; TXT
; ------------------------------------------
${format_records (filter_records_type records "TXT")}
; ------------------------------------------
; MX
; ------------------------------------------
${format_records (filter_records_type records "MX")}
; ------------------------------------------
; SRV
; ------------------------------------------
${format_records (sort_records_srv records)}
''
);
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse
# config for our reverse dns pointers (not properly working)
get_config_file_rev = (
domain: ''
$ORIGIN 64-64.99.1.193.in-addr.arpa.
$TTL 60 ; 1 minute
; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
${toString current_date}
600 ; Refresh (10 minutes)
300 ; Retry (5 minutes)
604800 ; Expire (1 week)
3600 ; Minimum (1 hour)
)
@ NS ns1.skynet.ie.
@ NS ns2.skynet.ie.
; ------------------------------------------
; PTR
; ------------------------------------------
${format_records (sort_records_ptr records)}
''
);
# arrays of teh two nameservers
nameserver_1 = ["193.1.99.109"];
nameserver_2 = ["193.1.99.120"];
primaries = (
if cfg.server.primary
then
# primary servers have no primaries (ones they listen to)
[]
else if builtins.elem cfg.server.ip nameserver_1
then nameserver_2
else nameserver_1
);
secondaries = (
if cfg.server.primary
then
if builtins.elem cfg.server.ip nameserver_1
then nameserver_2
else nameserver_1
else []
);
# small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router
# now limited explicitly to servers that we are administering
# See i24-09-30_050 for more information
create_cache_networks = map (x: "${toString x}/32") servers;
# standard function to create the etc file, pass in the text and domain and it makes it
create_entry_etc_sub = domain: text: {
# Creates /etc/skynet/dns/domain
"skynet/dns/${domain}" = {
user = "named";
group = "named";
# The UNIX file mode bits
mode = "0664";
# content of the file
text = text;
};
};
# standard function to create the etc file, pass in the text and domain and it makes it
create_entry_etc = domain: type: let
domain_records = lib.lists.filter (x: x.domain == domain) records;
in
# this is the main type of record that most folks are used to
if type == "owned"
then create_entry_etc_sub domain (get_config_file domain domain_records)
# reverse lookups allow for using an IP to find domains pointing to it
else if type == "reverse"
then create_entry_etc_sub domain (get_config_file_rev domain)
else {};
create_entry_zone = domain: let
if_primary_and_owned =
if cfg.server.primary && (lib.lists.any (item: item == domain) domains_owned)
then ''
allow-update { key rfc2136key.skynet.ie.; };
dnssec-policy default;
inline-signing yes;
''
else "";
in {
"${domain}" = {
extraConfig = ''
${if_primary_and_owned}
// for bumping the config
// ${toString current_date}
'';
# really wish teh nixos config didnt use master/slave
master = cfg.server.primary;
masters = primaries;
slaves = secondaries;
# need to write this to a file
# using the date in it so it will trigger a restart
file = "/etc/skynet/dns/${domain}";
# no leading whitespace for first line
};
};
records =
config.skynet.records
/*
Need to "manually" grab it from each server.
Nix is laxy evalusted so if it does not need to open a file it wont.
This is to iterate through each server (node) and evaluate the dns records for that server.
*/
++ builtins.concatLists (
lib.attrsets.mapAttrsToList (
key: value: value.config.services.skynet.dns.records
)
nodes
);
nameserver =
if cfg.server.primary
then "ns1"
else "ns2";
in {
imports = [
../../config/dns.nix
];
options.services.skynet."${name}" = {
server = {
enable = lib.mkEnableOption {
default = false;
description = "Skynet DNS server";
type = lib.types.bool;
};
primary = lib.mkOption {
type = lib.types.bool;
default = false;
};
ip = lib.mkOption {
type = lib.types.str;
description = ''
ip of this server
'';
};
};
records = lib.mkOption {
description = "Records, sorted based on therir type";
type = lib.types.listOf (lib.types.submodule (import ./options-records.nix {
inherit lib;
}));
};
};
config = lib.mkIf cfg.server.enable {
# logging
services.prometheus.exporters.bind = {
enable = true;
openFirewall = true;
};
# services.skynet.backup.normal.backups = ["/etc/skynet/dns"];
# open the firewall for this
skynet_firewall.forward = [
"ip daddr ${cfg.server.ip} tcp dport 53 counter packets 0 bytes 0 accept"
"ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept"
];
services.skynet.dns.records = [
{
record = nameserver;
r_type = "A";
value = config.services.skynet.host.ip;
}
];
services.bind.zones = lib.attrsets.mergeAttrsList (
# uses teh domains lsited in teh records
(lib.lists.forEach domains (domain: (create_entry_zone domain)))
# we have to do a reverse dns
++ [
(create_entry_zone "64-64.99.1.193.in-addr.arpa")
]
);
environment.etc = lib.attrsets.mergeAttrsList (
# uses teh domains lsited in teh records
(lib.lists.forEach domains (domain: (create_entry_etc domain "owned")))
# we have to do a reverse dns
++ [
(create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse")
]
);
# secrets required
age.secrets.dns_dnskeys = {
file = ../../secrets/dns_dnskeys.conf.age;
owner = "named";
group = "named";
};
# basic but ensure teh dns ports are open
networking.firewall = {
allowedTCPPorts = [53];
allowedUDPPorts = [53];
};
services.bind = {
enable = true;
ipv4Only = true;
# need to take a look at https://nixos.org/manual/nixos/unstable/#module-security-acme-config-dns
extraConfig = ''
include "/run/agenix/dns_dnskeys";
statistics-channels {
inet 127.0.0.1 port 8053 allow { 127.0.0.1; };
};
'';
# piles of no valid RRSIG resolving 'com/DS/IN' errors
extraOptions = ''
dnssec-validation yes;
'';
# set the upstream dns servers
# overrides the default dns servers
forwarders = [
# Cloudflare
"1.1.1.1"
# Google
"8.8.8.8"
# Quad9
"9.9.9.9"
];
cacheNetworks =
[
# this server itself
"127.0.0.0/24"
# skynet server in the dmz
"193.1.96.165/32"
# all of skynet can use this as a resolver
/*
Origianl idea, however all external traffic had the ip of the router
"193.1.99.64/26"
So to fix this we need to allow smaller ranges? - Didnt work
Fallback is explisitly listing each ip we have
Now have a function for it
*/
]
++ create_cache_networks;
};
systemd.services.bind = {
# deletes teh journal files evey start so it no longer stalls out
preStart = ''
rm -vf /etc/skynet/dns/*.jnl
rm -vf /etc/skynet/dns/*.jbk
'';
restartTriggers = [
"${config.environment.etc."skynet/dns/skynet.ie".source}"
];
};
# creates a folder in /etc for the dns to use
users.groups.named = {};
users.users.named = {
createHome = true;
home = "/etc/skynet/dns";
group = "named";
# X11 is to ensure the directory can be traversed
homeMode = "711";
};
};
}

View file

@ -0,0 +1,31 @@
/*
Define the options for dns records here.
They are imported into anything that needs to use them
*/
{lib, ...}:
with lib; {
options = {
domain = lib.mkOption {
description = "Domain this record is for";
type = lib.types.str;
default = "skynet.ie";
};
record = lib.mkOption {
description = "What you want to name the subdomain.";
type = lib.types.str;
};
r_type = lib.mkOption {
description = "Type of record that this is.";
type = lib.types.enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
};
value = lib.mkOption {
description = "What the record points to, normally ip or another record.";
type = lib.types.str;
};
server = lib.mkOption {
description = "Core record for a server";
type = lib.types.bool;
default = false;
};
};
}

View file

@ -1,39 +1,151 @@
{ config, pkgs, lib, inputs, ...}: with lib; {
let config,
cfg = config.services.skynet_email; pkgs,
lib,
inputs,
...
}:
with lib; let
name = "email";
cfg = config.services.skynet."${name}";
# create teh new strings # create teh new strings
create_filter_array = map (x: "(memberOf=cn=${x},ou=groups,${cfg.ldap.base})"); create_filter_array = map (x: "(memberOf=cn=${x},ou=groups,${cfg.ldap.base})");
create_filter_join = (x: concatStringsSep "" x); create_filter_join = x: concatStringsSep "" x;
# thought you could escape racket? # thought you could escape racket?
create_filter = (groups: create_filter_join (create_filter_array groups) ); create_filter = groups: create_filter_join (create_filter_array groups);
in { # using +mailbox puts the mail in a seperate folder
create_skynet_email_int = accounts: mailbox: (map (account: "${account}@skynet.ie") accounts);
groups_to_accounts = groups: builtins.concatMap (x: config.skynet.users.${x}) groups;
create_skynet_email_attribute = mailbox: groups: (create_skynet_email_int (groups_to_accounts groups) mailbox) ++ ["int_${mailbox}@skynet.ie"];
create_skynet_email = mailbox: groups: {
name = "${mailbox}@skynet.ie";
value = create_skynet_email_attribute mailbox groups;
};
create_skynet_service_mailboxes = builtins.listToAttrs (map (mailbox: (create_skynet_email mailbox.account mailbox.members)) service_mailboxes);
imports = [ create_config_to = concatStringsSep "\",\"" (map (mailbox: "${mailbox.account}") service_mailboxes);
./dns.nix
./acme.nix service_mailboxes = [
./nginx.nix {
inputs.simple-nixos-mailserver.nixosModule account = "root";
members = ["admin"];
}
{
account = "abuse";
members = ["admin"];
}
{
account = "accounts";
members = ["committee"];
}
{
account = "compsoc";
members = ["committee"];
}
{
account = "contact";
members = ["committee"];
}
{
account = "dbadmin";
members = ["admin"];
}
{
account = "dnsadm";
members = ["admin"];
}
{
account = "hostmaster";
members = ["admin"];
}
{
account = "intersocsrep";
members = ["committee"];
}
{
account = "mailman";
members = ["admin"];
}
{
account = "security";
members = ["admin"];
}
{
account = "sysadm";
members = ["admin"];
}
{
account = "webadmin";
members = ["admin"];
}
{
account = "pycon2023";
members = ["committee"];
}
{
account = "skynet_topdesk";
members = ["admin" "trainee"];
}
]; ];
options.services.skynet_email = { sieveConfigFile =
# https://doc.dovecot.org/configuration_manual/sieve/examples/#plus-addressed-mail-filtering
pkgs.writeText "basic_sieve"
''
require "copy";
require "mailbox";
require "imap4flags";
require ["fileinto", "reject"];
require "variables";
require "regex";
# this should be close to teh last step
if allof (
address :localpart ["To", "Cc"] ["${toString create_config_to}"],
address :domain ["To", "Cc"] "skynet.ie"
){
if address :matches ["To", "Cc"] "*@skynet.ie" {
if header :is "X-Spam" "Yes" {
fileinto :create "''${1}.Junk";
stop;
} else {
fileinto :create "''${1}";
stop;
}
}
}
if allof (
address :localpart ["From"] ["${toString create_config_to}"],
address :domain ["From"] "skynet.ie"
){
if address :matches ["From"] "*@skynet.ie" {
if header :is "X-Spam" "Yes" {
fileinto :create "''${1}.Junk";
stop;
} else {
fileinto :create "''${1}";
stop;
}
}
}
'';
in {
imports = [
inputs.simple-nixos-mailserver.nixosModule
# for teh config
../config/users.nix
];
options.services.skynet."${name}" = {
# options that need to be passed in to make this work # options that need to be passed in to make this work
enable = mkEnableOption "Skynet Email"; enable = mkEnableOption "Skynet Email";
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
domain = mkOption { domain = mkOption {
type = types.str; type = types.str;
default = "skynet.ie"; default = "skynet.ie";
@ -85,71 +197,204 @@
default = "cn=admin,${cfg.ldap.base}"; default = "cn=admin,${cfg.ldap.base}";
description = lib.mdDoc "where to find users"; description = lib.mdDoc "where to find users";
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.skynet_backup.normal.backups = [ services.skynet.backup.normal.backups = [
"/var/vmail" #"/var/vmail"
"/var/dkim" "/var/dkim"
]; ];
age.secrets.ldap_pw.file = ../secrets/ldap/pw.age; age.secrets.ldap_pw.file = ../secrets/ldap/pw.age;
skynet_acme.domains = [ security.acme.certs = {
"${cfg.sub}.${cfg.domain}" "mail" = {
]; domain = "mail.skynet.ie";
extraDomainNames = [
"imap.skynet.ie"
"pop3.skynet.ie"
"smtp.skynet.ie"
];
};
# set up dns record for it "imap" = {
skynet_dns.records = [ domain = "imap.skynet.ie";
# basic one extraDomainNames = [
{record="mail"; r_type="A"; value=cfg.host.ip;} "mail.skynet.ie"
"pop3.skynet.ie"
"smtp.skynet.ie"
];
};
# TXT records, all tehse are inside escaped strings to allow using "" "pop3" = {
# SPF record domain = "pop3.skynet.ie";
{record="${cfg.domain}."; r_type="TXT"; value=''"v=spf1 a:${cfg.sub}.${cfg.domain} -all"'';} extraDomainNames = [
"imap.skynet.ie"
# DKIM keys "mail.skynet.ie"
{record="mail._domainkey.skynet.ie."; r_type="TXT"; value=''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';} "smtp.skynet.ie"
{record="mail._domainkey.ulcompsoc.ie."; r_type="TXT"; value=''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';} ];
};
# DMARC "smtp" = {
{record="_dmarc.${cfg.domain}."; r_type="TXT"; value=''"v=DMARC1; p=none"'';} domain = "smtp.skynet.ie";
extraDomainNames = [
# reverse pointer "imap.skynet.ie"
{record=cfg.host.ip; r_type="PTR"; value="${cfg.sub}.${cfg.domain}.";} "pop3.skynet.ie"
"mail.skynet.ie"
# SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie ];
# https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406 };
# response should be: };
# _imap._tcp SRV 0 1 143 imap.example.com.
{record="_imaps._tcp"; r_type="SRV"; value="0 1 993 ${cfg.sub}.${cfg.domain}.";}
{record="_imap._tcp"; r_type="SRV"; value="0 1 143 ${cfg.sub}.${cfg.domain}.";}
{record="_submissions._tcp"; r_type="SRV"; value="0 1 465 ${cfg.sub}.${cfg.domain}.";}
{record="_submission._tcp"; r_type="SRV"; value="0 1 587 ${cfg.sub}.${cfg.domain}.";}
];
# to provide the certs # to provide the certs
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"${cfg.sub}.${cfg.domain}" = { "mail.skynet.ie" = {
forceSSL = true; forceSSL = true;
useACMEHost = "skynet"; useACMEHost = "mail";
# override the inbuilt nginx config # override the inbuilt nginx config
enableACME = false; enableACME = false;
serverName = "${cfg.sub}.${cfg.domain}"; serverName = "mail.skynet.ie";
};
"imap.skynet.ie" = {
forceSSL = true;
useACMEHost = "imap";
# override the inbuilt nginx config
enableACME = false;
serverName = "imap.skynet.ie";
};
"pop3.skynet.ie" = {
forceSSL = true;
useACMEHost = "pop3";
# override the inbuilt nginx config
enableACME = false;
serverName = "pop3.skynet.ie";
};
"smtp.skynet.ie" = {
forceSSL = true;
useACMEHost = "smtp";
# override the inbuilt nginx config
enableACME = false;
serverName = "smtp.skynet.ie";
}; };
}; };
# set up dns record for it
services.skynet.dns.records =
[
# core record
{
record = "@";
r_type = "MX";
# the number is the priority in teh case of multiple mailservers
value = "10 mail.${cfg.domain}.";
}
# basic one
{
record = "mail";
r_type = "A";
value = config.services.skynet.host.ip;
}
#DNS config for K-9 Mail
{
record = "imap";
r_type = "CNAME";
value = "mail";
}
{
record = "pop3";
r_type = "CNAME";
value = "mail";
}
{
record = "smtp";
r_type = "CNAME";
value = "mail";
}
# TXT records, all tehse are inside escaped strings to allow using ""
# reverse pointer
{
record = config.services.skynet.host.ip;
r_type = "PTR";
value = "${cfg.sub}.${cfg.domain}.";
}
# SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie
# https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406
# response should be:
# _imap._tcp SRV 0 1 143 imap.example.com.
{
record = "_imaps._tcp";
r_type = "SRV";
value = "0 1 993 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_imap._tcp";
r_type = "SRV";
value = "0 1 143 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_submissions._tcp";
r_type = "SRV";
value = "0 1 465 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_submission._tcp";
r_type = "SRV";
value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
}
]
# SPF record
++ [
{
record = "${cfg.domain}.";
r_type = "TXT";
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"'';
}
]
# DKIM keys
++ [
{
record = "mail._domainkey.skynet.ie.";
r_type = "TXT";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
}
{
domain = "ulcompsoc.ie";
record = "mail._domainkey.ulcompsoc.ie.";
r_type = "TXT";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
}
]
# DMARC
++ [
{
record = "_dmarc.${cfg.domain}.";
r_type = "TXT";
# p : quarantine => sends to spam, reject => never sent
# rua : mail that receives reports about DMARC activity
# pct : percentage of unathenticated messages that DMARC stops
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"'';
}
];
#https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html #https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html
users.groups.nginx = {}; users.groups.nginx = {};
users.groups.roundcube = {}; users.groups.roundcube = {};
services.roundcube = { services.roundcube = {
enable = true; enable = true;
# this is the url of the vhost, not necessarily the same as the fqdn of # this is the url of the vhost, not necessarily the same as the fqdn of
# the mailserver # the mailserver
hostName = "${cfg.sub}.${cfg.domain}"; hostName = "${cfg.sub}.${cfg.domain}";
extraConfig = '' extraConfig = ''
# starttls needed for authentication, so the fqdn required to match # starttls needed for authentication, so the fqdn required to match
# the certificate # the certificate
$config['smtp_server'] = "ssl://${cfg.sub}.${cfg.domain}"; $config['smtp_server'] = "ssl://${cfg.sub}.${cfg.domain}";
@ -171,11 +416,14 @@
'name' => 'cn', 'name' => 'cn',
'surname' => 'sn', 'surname' => 'sn',
'email' => 'skMail:*', 'email' => 'skMail:*',
] ]
); );
''; '';
}; };
# for https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275
services.dovecot2.sieve.extensions = ["fileinto"];
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = "${cfg.sub}.${cfg.domain}"; fqdn = "${cfg.sub}.${cfg.domain}";
@ -183,6 +431,12 @@
cfg.domain cfg.domain
]; ];
enableManageSieve = true;
lmtpSaveToDetailMailbox = "yes";
extraVirtualAliases = create_skynet_service_mailboxes;
# use the letsencrypt certs # use the letsencrypt certs
certificateScheme = "acme"; certificateScheme = "acme";
@ -207,7 +461,7 @@
userAttrs = "quotaEmail=quota_rule=*:bytes=%$,=quota_rule2=Trash:storage=+100M"; userAttrs = "quotaEmail=quota_rule=*:bytes=%$,=quota_rule2=Trash:storage=+100M";
# accept emails in, but only allow access to paid up members # accept emails in, but only allow access to paid up members
passFilter = "(&(|${create_filter cfg.groups})(skMail=%u))"; passFilter = "(&(|${create_filter cfg.groups})(skMail=%u))";
}; };
postfix = { postfix = {
@ -215,14 +469,48 @@
uidAttribute = "skMail"; uidAttribute = "skMail";
mailAttribute = "skMail"; mailAttribute = "skMail";
}; };
}; };
# feckin spammers # feckin spammers
rejectRecipients = [ rejectRecipients = [
]; ];
};
services.dovecot2.sieve.scripts = {
before = sieveConfigFile;
};
# This is to add a bcc to outgoing mail
# this then interacts with teh filters to put it in the right folder
# we can directly add to the postfix service here
services.postfix = let
# mostly copied from the upstream mailserver config/functions
mappedFile = name: "hash:/var/lib/postfix/conf/${name}";
sender_bcc_maps_file = let
content = lookupTableToString create_skynet_service_bcc;
in
builtins.toFile "sender_bcc_maps" content;
lookupTableToString = attrs: let
valueToString = value: lib.concatStringsSep ", " value;
in
lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name} ${valueToString value}") attrs);
# convert the mailboxes config to something that can be used here
create_skynet_email_bcc = mailbox: {
name = "${mailbox}@skynet.ie";
value = ["${mailbox}@skynet.ie"];
};
create_skynet_service_bcc = builtins.listToAttrs (map (mailbox: (create_skynet_email_bcc mailbox.account)) service_mailboxes);
in {
mapFiles."sender_bcc_maps" = sender_bcc_maps_file;
config = {
sender_bcc_maps = [
(mappedFile "sender_bcc_maps")
];
};
}; };
# tune the spam filter # tune the spam filter

View file

@ -1,5 +1,9 @@
{lib, pkgs, config, ...}: { {
lib,
pkgs,
config,
...
}: {
# using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base # using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base
options = { options = {
skynet_firewall = { skynet_firewall = {
@ -10,7 +14,7 @@
type = lib.types.bool; type = lib.types.bool;
}; };
forward = lib.mkOption { forward = lib.mkOption {
default = [ ]; default = [];
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
description = '' description = ''
A list of routes to forward A list of routes to forward
@ -19,16 +23,16 @@
own = { own = {
ip = lib.mkOption { ip = lib.mkOption {
default = "127.0.0.1"; default = "127.0.0.1";
type = lib.types.str; type = lib.types.str;
description = '' description = ''
IP of the firewall IP of the firewall
''; '';
}; };
ports = { ports = {
tcp = lib.mkOption { tcp = lib.mkOption {
default = [ ]; default = [];
type = lib.types.listOf lib.types.int; type = lib.types.listOf lib.types.int;
description = '' description = ''
A list of TCP ports for the machiene running the firewall A list of TCP ports for the machiene running the firewall
@ -36,15 +40,13 @@
}; };
udp = lib.mkOption { udp = lib.mkOption {
default = [ ]; default = [];
type = lib.types.listOf lib.types.int; type = lib.types.listOf lib.types.int;
description = '' description = ''
A list of UDP ports for the machiene running the firewall A list of UDP ports for the machiene running the firewall
''; '';
}; };
}; };
}; };
}; };
}; };
@ -56,8 +58,7 @@
# fules for the firewall # fules for the firewall
# beware of EOL conversion. # beware of EOL conversion.
networking.nftables.ruleset = networking.nftables.ruleset = ''
''
# using https://oxcrag.net/2021/12/25/build-your-own-router-with-nftables-part-1/ as a guide # using https://oxcrag.net/2021/12/25/build-your-own-router-with-nftables-part-1/ as a guide
# Clear out any existing rules # Clear out any existing rules
@ -164,9 +165,6 @@
} }
} }
''; '';
}; };
} }

View file

@ -1,68 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.skynet_games;
in {
imports = [
./dns.nix
./games/minecraft.nix
];
options.services.skynet_games = {
enable = mkEnableOption "Skynet Games";
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
domain = {
tld = mkOption {
type = types.str;
default = "ie";
};
base = mkOption {
type = types.str;
default = "skynet";
};
sub = mkOption {
type = types.str;
default = "games";
};
};
};
config = mkIf cfg.enable {
skynet_dns.records = [
# need a base domain
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
];
# the minecraft servers
services.skynet_games_minecraft = {
enable = true;
host = {
ip = cfg.host.ip;
name = cfg.domain.sub;
};
domain = {
sub = "minecraft.${cfg.domain.sub}";
};
};
};
}

View file

@ -0,0 +1,129 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
name = "forgejo";
cfg = config.services.skynet."${name}";
domain_base = "${cfg.domain.base}.${cfg.domain.tld}";
domain_full = "${cfg.domain.sub}.${domain_base}";
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Forgejo";
domain = {
tld = mkOption {
type = types.str;
default = "ie";
};
base = mkOption {
type = types.str;
default = "skynet";
};
sub = mkOption {
type = types.str;
default = name;
};
};
forgejo = {
port = mkOption {
type = types.port;
default = 3000;
};
};
};
config = mkIf cfg.enable {
# age.secrets.forgejo-mailer-password = {
# file = ../../secrets/forgejo/mailer-password.age;
# mode = "400";
# owner = "forgejo";
# };
services.skynet.acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
];
# using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide
services.skynet.dns.records = [
{
record = cfg.domain.sub;
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.nginx.virtualHosts = {
# main site
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/" = {
proxyPass = "http://localhost:${toString cfg.forgejo.port}";
extraConfig = ''
client_max_body_size 1000M;
'';
};
};
};
# for signing reasons
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.forgejo = {
enable = true;
package = pkgs.forgejo;
database.type = "sqlite3";
# Enable support for Git Large File Storage
lfs.enable = true;
settings = {
server = {
DOMAIN = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}/";
HTTP_PORT = cfg.forgejo.port;
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = true;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
# Allow for signing off merge requests
# "repository.signing" = {
# SIGNING_KEY = "5B2DED0FE9F8627A";
# SIGNING_NAME = "Skynet";
# SIGNING_EMAIL = "forgejo@glados.skynet.ie";
# MERGES = "always";
# };
# Sending emails is completely optional
# You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration
# mailer = {
# ENABLED = true;
# SMTP_ADDR = "mail.${cfg.domain.base}.${cfg.domain.tld}";
# FROM = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
# USER = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
# };
};
# mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
};
};
}

View file

@ -0,0 +1,159 @@
{
config,
pkgs,
lib,
inputs,
...
}:
with lib; let
name = "forgejo_runner";
cfg = config.services.skynet."${name}";
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet ForgeJo Runner";
runner = {
name = mkOption {
type = types.str;
default = config.networking.hostName;
};
website = mkOption {
default = "https://forgejo.skynet.ie";
type = types.str;
};
user = mkOption {
default = "gitea-runner";
type = types.str;
};
};
};
config = mkIf cfg.enable {
# https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner.
environment.systemPackages = with pkgs; [
forgejo-actions-runner
];
age.secrets.forgejo_runner_token = {
file = ../../secrets/forgejo/runners/token.age;
owner = cfg.runner.user;
group = cfg.runner.user;
};
# make sure the ssh config stuff is in teh right palce
systemd.tmpfiles.rules = [
#"d /home/${cfg.runner.user} 0755 ${cfg.runner.user} ${cfg.runner.user}"
"L+ /home/${cfg.runner.user}/.ssh/config 0755 ${cfg.runner.user} ${cfg.runner.user} - ${./ssh_config}"
];
age.secrets.forgejo_runner_ssh = {
file = ../../secrets/forgejo/runners/ssh.age;
mode = "600";
owner = "${cfg.runner.user}";
group = "${cfg.runner.user}";
symlink = false;
path = "/home/${cfg.runner.user}/.ssh/skynet/root";
};
nix = {
settings = {
trusted-users = [
# allow the runner to build nix stuff and to use the cache
"gitea-runner"
];
trusted-public-keys = [
"skynet-cache:zMFLzcRZPhUpjXUy8SF8Cf7KGAZwo98SKrzeXvdWABo="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
];
substituters = [
"https://nix-cache.skynet.ie/skynet-cache/"
"https://cache.nixos.org/"
];
trusted-substituters = [
"https://nix-cache.skynet.ie/skynet-cache/"
"https://cache.nixos.org/"
];
};
};
# very basic setup to always be watching for changes in teh cache
systemd.services.attic-uploader = {
enable = true;
serviceConfig = {
ExecStart = "${pkgs.attic-client}/bin/attic watch-store skynet-cache";
User = "root";
Restart = "always";
RestartSec = 1;
};
};
# give teh runner user a home to store teh ssh config stuff
systemd.services.gitea-runner-default.serviceConfig = {
DynamicUser = lib.mkForce false;
User = lib.mkForce cfg.runner.user;
};
users = {
groups."${cfg.runner.user}" = {};
users."${cfg.runner.user}" = {
#isSystemUser = true;
isNormalUser = true;
group = cfg.runner.user;
createHome = true;
shell = pkgs.bash;
};
};
boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1
virtualisation.docker.enable = true;
# taken from https://github.com/NixOS/nixpkgs/issues/245365#issuecomment-1663854128
virtualisation.docker.listenOptions = ["/run/docker.sock" "127.0.0.1:2375"];
# the actual runner
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = cfg.runner.name;
url = cfg.runner.website;
tokenFile = config.age.secrets.forgejo_runner_token.path;
labels = [
## optionally provide native execution on the host:
"nix:host"
"docker:docker://node:22-bookworm"
"ubuntu-latest:docker://node:22-bookworm"
];
hostPackages = with pkgs; [
# default ones
bash
coreutils
curl
gawk
git
gnused
nodejs
wget
# useful to have in path
jq
which
dpkg
zip
git-lfs
# used in deployments
inputs.colmena.defaultPackage."x86_64-linux"
attic-client
lix
openssh
sudo
];
};
};
};
}

View file

@ -1,28 +1,22 @@
{ config, pkgs, lib, ... }: {
with lib; config,
let pkgs,
cfg = config.services.skynet_gitlab; lib,
in { ...
}:
with lib; let
name = "gitlab";
cfg = config.services.skynet."${name}";
domain_base = "${cfg.domain.base}.${cfg.domain.tld}";
domain_full = "${cfg.domain.sub}.${domain_base}";
in {
imports = [ imports = [
./acme.nix
./dns.nix
./firewall.nix
./nginx.nix
]; ];
options.services.skynet_gitlab = { options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Gitlab"; enable = mkEnableOption "Skynet Gitlab";
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
domain = { domain = {
tld = mkOption { tld = mkOption {
type = types.str; type = types.str;
@ -36,7 +30,7 @@
sub = mkOption { sub = mkOption {
type = types.str; type = types.str;
default = "gitlab"; default = name;
}; };
}; };
@ -52,9 +46,7 @@
default = "dc=skynet,dc=ie"; default = "dc=skynet,dc=ie";
description = lib.mdDoc "The base address in the ldap server"; description = lib.mdDoc "The base address in the ldap server";
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -64,47 +56,77 @@
# grep -r --exclude-dir={docker,containers,log,sys,nix,proc} gitlab / # grep -r --exclude-dir={docker,containers,log,sys,nix,proc} gitlab /
age.secrets.gitlab_pw = { age.secrets.gitlab_pw = {
file = ../secrets/gitlab/pw.age; file = ../../secrets/gitlab/pw.age;
owner = cfg.user; owner = cfg.user;
group = cfg.user; group = cfg.user;
}; };
age.secrets.gitlab_secrets_db = { age.secrets.gitlab_secrets_db = {
file = ../secrets/gitlab/secrets_db.age; file = ../../secrets/gitlab/secrets_db.age;
owner = cfg.user; owner = cfg.user;
group = cfg.user; group = cfg.user;
}; };
age.secrets.gitlab_secrets_secret = { age.secrets.gitlab_secrets_secret = {
file = ../secrets/gitlab/secrets_secret.age; file = ../../secrets/gitlab/secrets_secret.age;
owner = cfg.user; owner = cfg.user;
group = cfg.user; group = cfg.user;
}; };
age.secrets.gitlab_secrets_otp = { age.secrets.gitlab_secrets_otp = {
file = ../secrets/gitlab/secrets_otp.age; file = ../../secrets/gitlab/secrets_otp.age;
owner = cfg.user; owner = cfg.user;
group = cfg.user; group = cfg.user;
}; };
age.secrets.gitlab_secrets_jws = { age.secrets.gitlab_secrets_jws = {
file = ../secrets/gitlab/secrets_jws.age; file = ../../secrets/gitlab/secrets_jws.age;
owner = cfg.user; owner = cfg.user;
group = cfg.user; group = cfg.user;
}; };
age.secrets.gitlab_db_pw = { age.secrets.gitlab_db_pw = {
file = ../secrets/gitlab/db_pw.age; file = ../../secrets/gitlab/db_pw.age;
owner = cfg.user; owner = cfg.user;
group = cfg.user; group = cfg.user;
}; };
skynet_acme.domains = [ services.skynet.acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
# Lets Encrypt seems to have a 4 levels limit for certs # Lets Encrypt seems to have a 4 levels limit for certs
"*.pages.${cfg.domain.base}.${cfg.domain.tld}" "*.pages.${cfg.domain.base}.${cfg.domain.tld}"
]; ];
# using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide
skynet_dns.records = [ services.skynet.dns.records = [
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} {
record = cfg.domain.sub;
r_type = "A";
value = config.services.skynet.host.ip;
}
# for gitlab pages # for gitlab pages
{record="*.pages.${cfg.domain.base}.${cfg.domain.tld}."; r_type="A"; value=cfg.host.ip;} {
record = "*.pages.${cfg.domain.base}.${cfg.domain.tld}.";
r_type = "A";
value = config.services.skynet.host.ip;
}
# for email
{
record = "${cfg.domain.sub}";
r_type = "MX";
value = ''10 ${domain_full}.'';
}
{
record = config.services.skynet.host.ip;
r_type = "PTR";
value = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}.";
}
{
record = "${domain_full}.";
r_type = "TXT";
value = ''"v=spf1 a:gitlab.skynet.ie -all"'';
}
{
record = "_dmarc.${domain_full}.";
r_type = "TXT";
value = ''"v=DMARC1; p=none"'';
}
]; ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
@ -112,14 +134,19 @@
2222 2222
]; ];
services.openssh.ports = [ 22 2222 ]; services.openssh.ports = [22 2222];
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
# main site # main site
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
forceSSL = true; forceSSL = true;
useACMEHost = "skynet"; useACMEHost = "skynet";
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; locations."/" = {
proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
extraConfig = ''
client_max_body_size 1000M;
'';
};
}; };
# pages # pages
@ -130,6 +157,13 @@
}; };
}; };
# set a valid HELO address
services.postfix = {
hostname = lib.mkForce domain_full;
origin = lib.mkForce domain_full;
domain = lib.mkForce domain_base;
};
services.gitlab = { services.gitlab = {
enable = true; enable = true;
@ -163,13 +197,11 @@
auth-server = "https://gitlab.example.com"; auth-server = "https://gitlab.example.com";
*/ */
}; };
}; };
#smtp = {
# enable = true; # use the local email client
# address = "localhost"; smtp.enable = true;
# port = 25;
#};
secrets = { secrets = {
dbFile = config.age.secrets.gitlab_secrets_db.path; dbFile = config.age.secrets.gitlab_secrets_db.path;
secretFile = config.age.secrets.gitlab_secrets_secret.path; secretFile = config.age.secrets.gitlab_secrets_secret.path;
@ -200,7 +232,7 @@
name = "cn"; name = "cn";
}; };
group_base= "ou=groups,${cfg.ldap.base}"; group_base = "ou=groups,${cfg.ldap.base}";
admin_group = "skynet-admins"; admin_group = "skynet-admins";
sync_ssh_keys = "sshPublicKey"; sync_ssh_keys = "sshPublicKey";
@ -212,9 +244,9 @@
# default for pages is set to 8090 but that leaves an "ugly" port in the url, # default for pages is set to 8090 but that leaves an "ugly" port in the url,
# override it here to make it look good # override it here to make it look good
port = 80; port = 80;
#external_http = ["${cfg.host.ip}:80"]; #external_http = ["${config.services.skynet.host.ip}:80"];
}; };
}; };
}; };
}; };
} }

View file

@ -0,0 +1,5 @@
Host *.skynet.ie 193.1.99.* 193.1.96.165
User root
IdentityFile ~/.ssh/skynet/root
IdentitiesOnly yes

View file

@ -1,117 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.skynet_gitlab_runner;
in {
imports = [
];
options.services.skynet_gitlab_runner = {
enable = mkEnableOption "Skynet Gitlab Runner";
runner = {
name = mkOption {
type = types.str;
};
gitlab = mkOption {
default = "https://gitlab.skynet.ie";
type = types.str;
};
description = mkOption {
default = cfg.runner.name;
type = types.str;
};
docker = {
image = mkOption {
default = "alpine:latest";
type = types.str;
};
cleanup_dates = mkOption {
# https://man.archlinux.org/man/systemd.time.7#CALENDAR_EVENTS
# it will use a lot of storage so clear it daily, may change to hourly if required
default = "daily";
type = types.str;
};
};
};
};
config = mkIf cfg.enable {
# https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner.
environment.systemPackages = [
pkgs.gitlab-runner
];
age.secrets.runner_01_nix.file = ../secrets/gitlab/runners/runner01.age;
age.secrets.runner_02_general.file = ../secrets/gitlab/runners/runner02.age;
boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1
# taken from https://github.com/NixOS/nixpkgs/issues/245365#issuecomment-1663854128
virtualisation.docker.listenOptions = [ "/run/docker.sock" "127.0.0.1:2375" ];
services.gitlab-runner = {
enable = true;
clear-docker-cache = {
enable = true;
dates = cfg.runner.docker.cleanup_dates;
};
services = {
# might make a function later to have multiple runners, might never need it though
runner_nix = {
cloneUrl = cfg.runner.gitlab;
description = "For Nix only";
registrationFlags = [ "--docker-host" "tcp://127.0.0.1:2375" ];
registrationConfigFile = config.age.secrets.runner_01_nix.path;
dockerImage = cfg.runner.docker.image;
# from https://nixos.wiki/wiki/Gitlab_runner
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix-daemon.sh
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-unstable nixpkgs # 3
${pkgs.nix}/bin/nix-channel --update nixpkgs
${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
tagList = [ "nix" ];
};
runner_general = {
cloneUrl = cfg.runner.gitlab;
description = "General Runner";
registrationFlags = [ "--docker-host" "tcp://127.0.0.1:2375" ];
registrationConfigFile = config.age.secrets.runner_02_general.path;
dockerImage = cfg.runner.docker.image;
};
};
};
};
}

79
applications/grafana.nix Normal file
View file

@ -0,0 +1,79 @@
{
lib,
config,
...
}:
with lib; let
name = "grafana";
cfg = config.services.skynet."${name}";
port = 4444;
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Grafana Server";
datasource = {
name = mkOption {
type = types.str;
};
url = mkOption {
type = types.str;
};
};
};
config = mkIf cfg.enable {
services.skynet.dns.records = [
{
record = "${name}";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.skynet.acme.domains = [
"${name}.skynet.ie"
];
age.secrets.grafana_pw = {
file = ../secrets/grafana/pw.age;
owner = "grafana";
group = "grafana";
};
services.grafana = {
enable = true;
domain = "${name}.skynet.ie";
port = port;
settings.security.admin_password = "$__file{${config.age.secrets.grafana_pw.path}}";
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
url = "http://localhost:${toString config.services.skynet.prometheus.server.port}";
isDefault = true;
editable = true;
}
];
};
};
services.nginx.virtualHosts = {
"${name}.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/" = {
proxyPass = "http://localhost:${toString port}";
proxyWebsockets = true;
};
};
};
};
}

View file

@ -1,30 +1,23 @@
{ config, pkgs, lib, inputs, ... }: {
with lib; config,
let pkgs,
cfg = config.services.ldap_backend; lib,
port_backend = "8087"; inputs,
in { ...
}:
with lib; let
name = "ldap_backend";
cfg = config.services.skynet."${name}";
port_backend = "8087";
in {
imports = [ imports = [
../acme.nix
../dns.nix
../nginx.nix
inputs.skynet_ldap_backend.nixosModule."x86_64-linux" inputs.skynet_ldap_backend.nixosModule."x86_64-linux"
../../config/users.nix
]; ];
options.services.ldap_backend = { options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet LDAP backend server"; enable = mkEnableOption "Skynet LDAP backend server";
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
domain = { domain = {
tld = mkOption { tld = mkOption {
type = types.str; type = types.str;
@ -44,65 +37,43 @@
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
#backups = [ "/etc/silver_ul_ical/database.db" ]; #backups = [ "/etc/silver_ul_ical/database.db" ];
age.secrets.ldap_self_service.file = ../../secrets/ldap/self_service.age; age.secrets.ldap_details.file = ../../secrets/ldap/details.age;
age.secrets.ldap_discord.file = ../../secrets/discord/ldap.age; age.secrets.ldap_mail.file = ../../secrets/email/details.age;
age.secrets.ldap_wolves.file = ../../secrets/wolves/details.age;
skynet_acme.domains = [ services.skynet.acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
]; ];
skynet_dns.records = [ services.skynet.dns.records = [
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} {
record = cfg.domain.sub;
r_type = "CNAME";
value = config.services.skynet.host.name;
}
]; ];
services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
forceSSL = true; forceSSL = true;
useACMEHost = "skynet"; useACMEHost = "skynet";
locations."/".proxyPass = "http://localhost:${port_backend}"; locations."/".proxyPass = "http://localhost:${port_backend}";
# extraConfig = ''
# add_header Access-Control-Allow-Origin "https://account.${cfg.domain.base}.${cfg.domain.tld}";
# '';
extraConfig = ''
add_header Access-Control-Allow-Origin "*";
'';
}; };
# this got imported
services.skynet_ldap_backend = { services.skynet_ldap_backend = {
enable = true; enable = true;
# contains teh password in env form # contains teh password in env form
env = { env = {
ldap = config.age.secrets.ldap_self_service.path; ldap = config.age.secrets.ldap_details.path;
discord = config.age.secrets.ldap_discord.path; mail = config.age.secrets.ldap_mail.path;
}; wolves = config.age.secrets.ldap_wolves.path;
ldap = {
host = "ldaps://account.skynet.ie";
admin = "uid=ldap_api,ou=users,dc=skynet,dc=ie";
};
users = {
admin = [
"silver"
"evanc"
"eoghanconlon73"
];
committee = [
"grym"
"dawidk5"
"leo"
"silver"
"eoghanconlon73"
];
lifetime = [];
banned = [];
}; };
host_port = "127.0.0.1:${port_backend}"; host_port = "127.0.0.1:${port_backend}";
users = config.skynet.users;
}; };
}; };
} }

View file

@ -1,28 +1,36 @@
{ config, pkgs, lib, ... }: {
with lib; config,
let pkgs,
cfg = config.services.skynet_ldap_client; lib,
...
}:
with lib; let
name = "ldap_client";
cfg = config.services.skynet."${name}";
# always ensure the admin group has access # always ensure the admin group has access
create_filter_check_admin = (x: if !(builtins.elem "skynet-admins" x) then x ++ ["skynet-admins"] else x); create_filter_check_admin = x:
if !(builtins.elem "skynet-admins" x)
then x ++ ["skynet-admins"]
else x;
# create teh new strings # create teh new strings
create_filter_array = map (x: "(skMemberOf=cn=${x},ou=groups,${cfg.base})"); create_filter_array = map (x: "(skMemberOf=cn=${x},ou=groups,${cfg.base})");
create_filter_join = (x: concatStringsSep "" x); create_filter_join = x: concatStringsSep "" x;
# thought you could escape racket? # thought you could escape racket?
create_filter = (x: create_filter_join (create_filter_array (create_filter_check_admin x) ) ); create_filter = x: create_filter_join (create_filter_array (create_filter_check_admin x));
in {
sudo_create_filter = x: (concatStringsSep ", " (map (x: "cn=${x},ou=groups,${cfg.base}") x));
in {
# these are needed for teh program in question # these are needed for teh program in question
imports = []; imports = [];
# give users access to this server # give users access to this server
#services.skynet_ldap_client.groups = ["skynet-users-linux"]; #services.skynet.ldap_client.groups = ["skynet-users-linux"];
options.services.skynet_ldap_client = { options.services.skynet."${name}" = {
# options that need to be passed in to make this work # options that need to be passed in to make this work
enable = mkEnableOption "Skynet LDAP client"; enable = mkEnableOption "Skynet LDAP client";
@ -46,7 +54,13 @@
]; ];
description = lib.mdDoc "Groups we want to allow access to the server"; description = lib.mdDoc "Groups we want to allow access to the server";
}; };
sudo_groups = mkOption {
type = types.listOf types.str;
default = [
"skynet-admins-linux"
];
description = lib.mdDoc "Groups we want to allow access to the server";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -54,10 +68,17 @@
security.sudo.extraRules = [ security.sudo.extraRules = [
# admin group has sudo access # admin group has sudo access
{ groups = [ "skynet-admins-linux" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } {
groups = cfg.sudo_groups;
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
]; ];
# give users a home dir # give users a home dir
security.pam.services.sshd.makeHomeDir = true; security.pam.services.sshd.makeHomeDir = true;
@ -68,7 +89,7 @@
# tell users where tehy cna setup their ssh key # tell users where tehy cna setup their ssh key
banner = '' banner = ''
If you get 'Permission denied (publickey,keyboard-interactive)' you need to add an ssh key on https://${cfg.address} If you get 'Permission denied (publickey,keyboard-interactive)' you need to add an ssh key on https://${cfg.address}
''; '';
}; };
services.sssd = { services.sssd = {
@ -77,41 +98,41 @@
sshAuthorizedKeysIntegration = true; sshAuthorizedKeysIntegration = true;
config = '' config = ''
[domain/skynet.ie] [domain/skynet.ie]
id_provider = ldap id_provider = ldap
auth_provider = ldap auth_provider = ldap
sudo_provider = ldap sudo_provider = ldap
ldap_uri = ldaps://${cfg.address}:636 ldap_uri = ldaps://${cfg.address}:636
ldap_search_base = ${cfg.base} ldap_search_base = ${cfg.base}
# thank ye https://medium.com/techish-cloud/linux-user-ssh-authentication-with-sssd-ldap-without-joining-domain-9151396d967d # thank ye https://medium.com/techish-cloud/linux-user-ssh-authentication-with-sssd-ldap-without-joining-domain-9151396d967d
ldap_user_search_base = ou=users,${cfg.base}?sub?(|${create_filter cfg.groups}) ldap_user_search_base = ou=users,${cfg.base}?sub?(|${create_filter cfg.groups})
ldap_group_search_base = ou=groups,${cfg.base} ldap_group_search_base = ou=groups,${cfg.base}
ldap_sudo_search_base = cn=skynet-admins-linux,ou=groups,${cfg.base} # using commas from https://support.hpe.com/hpesc/public/docDisplay?docId=c02793175&docLocale=en_US
ldap_sudo_search_base, ${sudo_create_filter cfg.sudo_groups}
ldap_group_nesting_level = 5 ldap_group_nesting_level = 5
cache_credentials = false cache_credentials = false
entry_cache_timeout = 1 entry_cache_timeout = 1
ldap_user_member_of = skMemberOf ldap_user_member_of = skMemberOf
[sssd] [sssd]
config_file_version = 2 config_file_version = 2
services = nss, pam, sudo, ssh services = nss, pam, sudo, ssh
domains = skynet.ie domains = skynet.ie
[nss] [nss]
# override_homedir = /home/%u # override_homedir = /home/%u
[pam] [pam]
[sudo] [sudo]
[autofs] [autofs]
''; '';
}; };
}; };
} }

View file

@ -1,37 +1,27 @@
/* /*
Gonna use a priper nixos module for this Gonna use a priper nixos module for this
*/ */
{
{ config, pkgs, lib, inputs, ... }: config,
with lib; pkgs,
let lib,
cfg = config.services.skynet_ldap; inputs,
in { ...
}:
with lib; let
name = "ldap";
cfg = config.services.skynet."${name}";
domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
in {
# these are needed for teh program in question # these are needed for teh program in question
imports = [ imports = [
../acme.nix
../dns.nix
../nginx.nix
./backend.nix
]; ];
options.services.skynet."${name}" = {
options.services.skynet_ldap = {
# options that need to be passed in to make this work # options that need to be passed in to make this work
enable = mkEnableOption "Skynet LDAP service"; enable = mkEnableOption "Skynet LDAP service";
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
domain = { domain = {
tld = mkOption { tld = mkOption {
type = types.str; type = types.str;
@ -61,14 +51,6 @@ Gonna use a priper nixos module for this
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# passthrough to the backend
services.ldap_backend = {
enable = true;
host.ip = cfg.host.ip;
host.name = cfg.host.name;
};
# after changing teh password openldap.service has to be restarted # after changing teh password openldap.service has to be restarted
age.secrets.ldap_pw = { age.secrets.ldap_pw = {
file = ../../secrets/ldap/pw.age; file = ../../secrets/ldap/pw.age;
@ -77,12 +59,16 @@ Gonna use a priper nixos module for this
group = "openldap"; group = "openldap";
}; };
skynet_acme.domains = [ services.skynet.acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" domain
]; ];
skynet_dns.records = [ services.skynet.dns.records = [
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} {
record = cfg.domain.sub;
r_type = "CNAME";
value = config.services.skynet.host.name;
}
]; ];
# firewall on teh computer itself # firewall on teh computer itself
@ -92,7 +78,7 @@ Gonna use a priper nixos module for this
]; ];
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { ${domain} = {
forceSSL = true; forceSSL = true;
useACMEHost = "skynet"; useACMEHost = "skynet";
locations."/" = { locations."/" = {
@ -111,25 +97,29 @@ Gonna use a priper nixos module for this
# using https://nixos.wiki/wiki/OpenLDAP for base config # using https://nixos.wiki/wiki/OpenLDAP for base config
systemd.services.openldap = { systemd.services.openldap = {
wants = [ "acme-${cfg.domain.base}.service" ]; wants = ["acme-${cfg.domain.base}.service"];
after = [ "acme-${cfg.domain.base}.service" ]; after = ["acme-${cfg.domain.base}.service"];
}; };
users.groups.acme.members = [ "openldap" ]; users.groups.acme.members = ["openldap"];
services.openldap = { services.openldap = {
# backup /var/lib/openldap/slapd.d # backup /var/lib/openldap/slapd.d
enable = true; enable = true;
/* enable plain and secure connections */ /*
urlList = [ "ldap:///" "ldaps:///" ]; enable plain and secure connections
*/
urlList = ["ldap:///" "ldaps:///"];
settings = { settings = {
attrs = { attrs = {
olcLogLevel = "conns config"; olcLogLevel = "conns config";
/* settings for acme ssl */ /*
settings for acme ssl
*/
olcTLSCACertificateFile = "/var/lib/acme/${cfg.domain.base}/full.pem"; olcTLSCACertificateFile = "/var/lib/acme/${cfg.domain.base}/full.pem";
olcTLSCertificateFile = "/var/lib/acme/${cfg.domain.base}/cert.pem"; olcTLSCertificateFile = "/var/lib/acme/${cfg.domain.base}/cert.pem";
olcTLSCertificateKeyFile = "/var/lib/acme/${cfg.domain.base}/key.pem"; olcTLSCertificateKeyFile = "/var/lib/acme/${cfg.domain.base}/key.pem";
@ -154,67 +144,74 @@ Gonna use a priper nixos module for this
./skMemberOf.ldif ./skMemberOf.ldif
]; ];
"cn=modules".attrs = { "cn=modules".attrs = {
objectClass = [ "olcModuleList" ]; objectClass = ["olcModuleList"];
cn = "modules"; cn = "modules";
olcModuleLoad = ["dynlist" "memberof" "refint" "pw-sha2"]; olcModuleLoad = ["dynlist" "memberof" "refint" "pw-sha2"];
}; };
"olcDatabase={-1}frontend".attrs = { "olcDatabase={-1}frontend".attrs = {
objectClass = [ "olcDatabaseConfig" "olcFrontendConfig" ]; objectClass = ["olcDatabaseConfig" "olcFrontendConfig"];
olcPasswordHash = "{SSHA512}"; olcPasswordHash = "{SSHA512}";
}; };
"olcDatabase={1}mdb" = { "olcDatabase={1}mdb" = {
attrs = { attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{1}mdb"; olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/data"; olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = cfg.base; olcSuffix = cfg.base;
/* your admin account, do not use writeText on a production system */ /*
your admin account, do not use writeText on a production system
*/
olcRootDN = "cn=admin,${cfg.base}"; olcRootDN = "cn=admin,${cfg.base}";
olcRootPW.path = config.age.secrets.ldap_pw.path; olcRootPW.path = config.age.secrets.ldap_pw.path;
#olcOverlay = "memberof";
olcAccess = [ olcAccess = [
/* custom access rules for userPassword attributes */ /*
''{0}to attrs=userPassword custom access rules for userPassword attributes
*/
''
{0}to attrs=userPassword
by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
by self write by self write
by anonymous auth by anonymous auth
by * none'' by * none
''
''{1}to attrs=mail,sshPublicKey,cn,sn,skDiscord ''
{1}to attrs=mail,sshPublicKey,cn,sn
by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
by self write by self write
by * read'' by * read
''
/* allow read on anything else */ /*
''{2}to * allow read on anything else
*/
''
{2}to *
by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage by dn.exact="uid=ldap_api,ou=users,dc=skynet,dc=ie" manage
by * read'' by * read
''
]; ];
}; };
# https://blog.oddbit.com/post/2013-07-22-generating-a-membero/ # https://blog.oddbit.com/post/2013-07-22-generating-a-membero/
children = { children = {
"olcOverlay=dynlist".attrs = { "olcOverlay=dynlist".attrs = {
objectClass = [ "olcOverlayConfig" "olcDynamicList" ]; objectClass = ["olcOverlayConfig" "olcDynamicList"];
olcOverlay = "dynlist"; olcOverlay = "dynlist";
olcDlAttrSet = "skPerson labeledURI skMemberOf"; olcDlAttrSet = "skPerson labeledURI skMemberOf";
}; };
"olcOverlay=memberof".attrs = { "olcOverlay=memberof".attrs = {
objectClass = [ "olcOverlayConfig" "olcMemberOf" "olcConfig" "top" ]; objectClass = ["olcOverlayConfig" "olcMemberOf" "olcConfig" "top"];
olcOverlay = "memberof"; olcOverlay = "memberof";
olcMemberOfDangling = "ignore"; olcMemberOfDangling = "ignore";
olcMemberOfRefInt = "TRUE"; olcMemberOfRefInt = "TRUE";
@ -223,10 +220,7 @@ Gonna use a priper nixos module for this
olcMemberOfMemberOfAD = "memberOf"; olcMemberOfMemberOfAD = "memberOf";
}; };
}; };
}; };
}; };
}; };
}; };

View file

@ -24,24 +24,12 @@ olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.4.1
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
) )
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.5.1
NAME 'skDiscord'
DESC 'Discord username'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.6.1 olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.6.1
NAME 'skCreated' NAME 'skCreated'
DESC 'When the account was created' DESC 'When the account was created'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
) )
#olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.7.1
# NAME 'skEnabled'
# DESC 'TRUE/FALSE'
# EQUALITY booleanMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
# )
# https://github.com/variablenix/ldap-mail-schema/blob/master/quota.schema # https://github.com/variablenix/ldap-mail-schema/blob/master/quota.schema
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.8.1 olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.8.1
NAME 'quotaEmail' NAME 'quotaEmail'
@ -55,16 +43,10 @@ olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.9.1
EQUALITY caseIgnoreIA5Match EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255}
) )
olcAttributeTypes: ( 1.3.6.1.4.1.24441.1.10.1
NAME 'skSecure'
DESC '1 if secure'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
olcObjectClasses: ( 1.3.6.1.4.1.24441.1.1.1 olcObjectClasses: ( 1.3.6.1.4.1.24441.1.1.1
NAME 'skPerson' NAME 'skPerson'
DESC 'skynet person' DESC 'skynet person'
SUP top AUXILIARY SUP top AUXILIARY
MUST ( skMail $ skCreated ) MUST ( skMail $ skCreated )
MAY ( skMemberOf $ skID $ skDiscord $ quotaEmail $ quotaDisk $ skSecure ) MAY ( skMemberOf $ skID $ quotaEmail $ quotaDisk )
) )

135
applications/nextcloud.nix Normal file
View file

@ -0,0 +1,135 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
name = "nextcloud";
cfg = config.services.skynet."${name}";
domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}";
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Nextcloud";
domain = {
tld = mkOption {
type = types.str;
default = "ie";
};
base = mkOption {
type = types.str;
default = "skynet";
};
sub = mkOption {
type = types.str;
default = name;
};
};
};
config = mkIf cfg.enable {
# shove the entire config file into secrets
age.secrets.nextcloud_admin_pass = {
file = ../secrets/nextcloud/pw.age;
owner = "nextcloud";
group = "nextcloud";
};
services.skynet.acme.domains = [
domain
"onlyoffice.${domain}"
"whiteboard.${domain}"
];
services.skynet.dns.records = [
{
record = cfg.domain.sub;
r_type = "CNAME";
value = config.services.skynet.host.name;
}
{
record = "onlyoffice.${cfg.domain.sub}";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
# {
# record = "whiteboard.${cfg.domain.sub}";
# r_type = "CNAME";
# value = config.services.skynet.host.name;
# }
];
# /var/lib/nextcloud/data
services.nextcloud = {
enable = true;
package = pkgs.nextcloud30;
hostName = domain;
https = true;
configureRedis = true;
database.createLocally = true;
config = {
dbtype = "pgsql";
adminpassFile = config.age.secrets.nextcloud_admin_pass.path;
};
appstoreEnable = true;
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) richdocuments;
};
settings = {
trusted_proxies = ["193.1.99.65"];
default_phone_region = "IE";
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
};
};
# environment.etc."nextcloud-whiteboard-secret".text = ''
# JWT_SECRET_KEY=test123
# '';
#
# services.nextcloud-whiteboard-server = {
# enable = true;
# settings.NEXTCLOUD_URL = "https://nextcloud.skynet.ie";
# secrets = ["/etc/nextcloud-whiteboard-secret"];
# };
nixpkgs.config.allowUnfree = true;
# impacted by https://github.com/NixOS /nixpkgs/issues/352443
# services.onlyoffice = {
# enable = true;
# };
services.nginx.virtualHosts = {
${domain} = {
forceSSL = true;
useACMEHost = "skynet";
};
"onlyoffice.${domain}" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/".proxyPass = "http://127.0.0.1:8000";
};
# "whiteboard.${domain}" = {
# forceSSL = true;
# useACMEHost = "skynet";
# locations."/" = {
# proxyPass = "http://localhost:3002";
# proxyWebsockets = true;
# };
# };
};
};
}

View file

@ -1,5 +1,4 @@
# using K900's one https://gitlab.com/K900/nix/-/blob/a69502b8bf39fd99a85342b2f7989fe5896a6ae0/applications/base/nginx.nix # using K900's one https://gitlab.com/K900/nix/-/blob/a69502b8bf39fd99a85342b2f7989fe5896a6ae0/applications/base/nginx.nix
{pkgs, ...}: { {pkgs, ...}: {
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -10,8 +9,6 @@
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
statusPage = true;
# give Nginx access to our certs # give Nginx access to our certs
group = "acme"; group = "acme";
}; };

View file

@ -0,0 +1,98 @@
/*
A nix cache for our use
atticd-atticadm make-token --sub "admin_username" --validity "10y" --pull "*" --push "*" --create-cache "*" --delete "*" --configure-cache "*" --configure-cache-retention "*" --destroy-cache "*"
# for the gitlab runner, done eyarly
atticd-atticadm make-token --sub "wheatly-runner" --validity "1y" --pull "skynet-cache" --push "skynet-cache"
Documentation:
https://docs.attic.rs/introduction.html
*/
{
lib,
config,
pkgs,
...
}:
with lib; let
name = "nix-cache";
cfg = config.services.skynet."${name}";
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Nix Cache";
};
config = mkIf cfg.enable {
services.skynet.acme.domains = [
"${name}.skynet.ie"
];
services.skynet.dns.records = [
{
record = "${name}";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
users.groups."nix-serve" = {};
users.users."nix-serve" = {
isSystemUser = true;
group = "nix-serve";
};
services.atticd = {
enable = true;
# Replace with absolute path to your credentials file
environmentFile = "/etc/atticd.env";
settings = {
listen = "127.0.0.1:8080";
# Data chunking
#
# Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs
# since the cutpoints will be different. As a result, the
# deduplication ratio will suffer for a while after the change.
chunking = {
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 64 * 1024; # 64 KiB
# The preferred minimum size of a chunk, in bytes
min-size = 16 * 1024; # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 64 * 1024; # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 256 * 1024; # 256 KiB
};
};
};
networking.firewall.allowedTCPPorts = [80 443];
services.nginx = {
clientMaxBodySize = "500m";
virtualHosts = {
"${name}.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
};
};
};
};
};
}

View file

@ -0,0 +1,17 @@
# Open Governance
Started by DCU this is an initiative to make the running of (computer) societies more open and resilient.
The goal is to back these up in multiple locations.
| Uni | Tag | Repo | Notes |
|-----|----------|----------------------------------------------------------|-------|
| DCU | redbrick | https://github.com/redbrick/open-governance | |
| UL | skynet | https://gitlab.skynet.ie/compsoc1/compsoc/open-goverance | |
| | | | |
## Keys
We host our own keyserver: https://keyserver.skynet.ie
Use it in commands like so:
``gpg --keyserver hkp://keyserver.skynet.ie:80 --send-key KEY_ID``

View file

@ -0,0 +1,62 @@
/*
This file is for hosting teh open governance for other societies
*/
{
lib,
config,
pkgs,
...
}:
with lib; let
name = "keyserver";
cfg = config.services.skynet."${name}";
port = 11371;
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Public Keyserver";
};
config = mkIf cfg.enable {
services.skynet.acme.domains = [
"${name}.skynet.ie"
];
services.skynet.dns.records = [
{
record = "${name}";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.hockeypuck = {
enable = true;
port = port;
};
# hockeypuck needs a database backend
services.postgresql = {
enable = true;
ensureDatabases = ["hockeypuck"];
ensureUsers = [
{
name = "hockeypuck";
ensureDBOwnership = true;
}
];
};
services.nginx.virtualHosts = {
"${name}.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/" = {
proxyPass = "http://localhost:${toString port}";
};
};
};
};
}

View file

@ -0,0 +1,61 @@
/*
This file is for hosting teh open governance for other societies
*/
{
lib,
config,
pkgs,
...
}:
with lib; let
# - instead of _ for dns reasons
name = "open-governance";
cfg = config.services.skynet."${name}";
folder = "/var/skynet/${name}";
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Open Governance";
};
config = {
services.skynet.acme.domains = [
"${name}.skynet.ie"
];
services.skynet.dns.records = [
{
record = "${name}";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
# create a folder to store the archives
systemd.tmpfiles.rules = [
"d ${folder} 0755 ${config.services.nginx.user} ${config.services.nginx.group}"
"L+ ${folder}/README.md - - - - ${./README.md}"
];
services.nginx.virtualHosts = {
"${name}.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
root = folder;
locations = {
"/".extraConfig = "autoindex on;";
# show md files as plain text
"~ \.md".extraConfig = ''
types {
text/plain md;
}
'';
};
};
};
};
}

View file

@ -0,0 +1,95 @@
{
nodes,
lib,
config,
...
}:
with lib; let
name = "prometheus";
cfg = config.services.skynet."${name}";
# dont have to worry about any external addresses for this
# create a list of either "ip@port" or ""
# the ""s then get filtered out by filter_empty
exporters = {
dns = (
lib.attrsets.mapAttrsToList (
key: value:
if value.config.services.skynet.dns.server.enable
then "${value.config.deployment.targetHost}:${toString value.config.services.prometheus.exporters.bind.port}"
else ""
)
nodes
);
node = lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString value.config.services.prometheus.exporters.node.port}") nodes;
};
# clears any invalid entries
filter_empty = inputs: (builtins.filter (value: value != "") inputs);
in {
imports = [];
options.services.skynet."${name}" = {
server = {
enable = mkEnableOption "Prometheus Server";
port = mkOption {
type = types.port;
default = 9001;
};
};
external = {
node = mkOption {
type = types.listOf types.str;
default = [];
description = ''
To add other nodes outside of nix, specify ip and port that server should listen to here
'';
};
};
ports = {
node = mkOption {
type = types.port;
default = 9100;
};
};
};
config = mkMerge [
{
services.prometheus.exporters.node = {
enable = true;
port = cfg.ports.node;
openFirewall = true;
# most collectors are on by default see https://github.com/prometheus/node_exporter for more options
enabledCollectors = ["systemd" "processes"];
};
}
(mkIf cfg.server.enable {
services.prometheus = {
enable = true;
port = cfg.server.port;
scrapeConfigs = [
{
job_name = "node_exporter";
static_configs = [
{
targets = filter_empty (exporters.node ++ cfg.external.node);
}
];
}
{
job_name = "bind";
static_configs = [
{
targets = filter_empty exporters.dns;
}
];
}
];
};
})
];
}

View file

@ -0,0 +1,96 @@
/*
Once https://github.com/NixOS/nixpkgs/pull/267764 is merged this can be removed
*/
{
config,
pkgs,
lib,
...
}:
with lib; {
options.proxmoxLXC = {
enable = mkOption {
default = true;
type = types.bool;
description = lib.mdDoc "Whether to enable the Proxmox VE LXC module.";
};
privileged = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable privileged mounts
'';
};
manageNetwork = mkOption {
type = types.bool;
default = false;
description = ''
Whether to manage network interfaces through nix options
When false, systemd-networkd is enabled to accept network
configuration from proxmox.
'';
};
manageHostName = mkOption {
type = types.bool;
default = false;
description = ''
Whether to manage hostname through nix options
When false, the hostname is picked up from /etc/hostname
populated by proxmox.
'';
};
};
config = let
cfg = config.proxmoxLXC;
in
mkIf cfg.enable {
system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
storeContents = [
{
object = config.system.build.toplevel;
symlink = "none";
}
];
contents = [
{
source = config.system.build.toplevel + "/init";
target = "/sbin/init";
}
];
extraCommands = "mkdir -p root etc/systemd/network";
};
boot = {
isContainer = true;
loader.initScript.enable = true;
};
console.enable = true;
networking = mkIf (!cfg.manageNetwork) {
useDHCP = false;
useHostResolvConf = false;
useNetworkd = true;
# pick up hostname from /etc/hostname generated by proxmox
hostName = mkIf (!cfg.manageHostName) (mkForce "");
};
services.openssh = {
enable = mkDefault true;
startWhenNeeded = mkDefault true;
};
systemd = {
mounts = mkIf (!cfg.privileged) [
{
enable = false;
where = "/sys/kernel/debug";
}
];
services."getty@".unitConfig.ConditionPathExists = ["" "/dev/%I"];
};
};
}

View file

@ -1,199 +1,199 @@
# nodes is all the nodes # nodes is all the nodes
{ lib, config, nodes, pkgs, ...}: with lib; {
let lib,
cfg = config.services.skynet_backup; config,
nodes,
pkgs,
...
}:
with lib; let
name = "backup";
cfg = config.services.skynet."${name}";
enable_client = cfg.normal.backups != null && cfg.normal.backups != [];
# since they should all have the same config we can do this # since they should all have the same config we can do this
base = { base = {
paths = cfg.normal.backups; paths = cfg.normal.backups;
exclude = cfg.normal.exclude; exclude = cfg.normal.exclude;
initialize = true; initialize = true;
passwordFile = config.age.secrets.restic.path; passwordFile = config.age.secrets.restic.path;
pruneOpts = [ pruneOpts = [
#"--keep-within 0y2m0d0h" #"--keep-within 0y2m0d0h"
#"--keep-monthly 2" #"--keep-monthly 2"
]; ];
timerConfig = { timerConfig = {
OnCalendar = "daily"; OnCalendar = "daily";
Persistent = true; Persistent = true;
RandomizedDelaySec = "5h"; RandomizedDelaySec = "5h";
};
}; };
};
# takes nodes, # takes nodes,
# for each check if iut has teh abckup attribute, # for each check if iut has teh abckup attribute,
# then if the server is enabled, # then if the server is enabled,
# then pull relevant dtails # then pull relevant dtails
ownServers = builtins.listToAttrs (builtins.concatLists ( ownServers = builtins.listToAttrs (builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value: lib.attrsets.mapAttrsToList (
let key: value: let
backup = value.config.services.skynet_backup; backup = value.config.services.skynet.backup;
in backup_host = value.config.services.skynet.host;
if ( in
(builtins.hasAttr "skynet_backup" value.config.services) if
&& backup.server.enable (
&& backup.host.name != cfg.host.name (builtins.hasAttr "backup" value.config.services.skynet)
&& !backup.server.appendOnly && backup.server.enable
) # chgeck that its not itself
&& backup_host.name != config.services.skynet.host.name
&& !backup.server.appendOnly
)
then [ then [
{ {
name = backup.host.name; name = backup_host.name;
value = base // { value =
repositoryFile = "/etc/skynet/restic/${backup.host.name}"; base
// {
repositoryFile = "/etc/skynet/restic/${backup_host.name}";
backupPrepareCommand = '' backupPrepareCommand = ''
#!${pkgs.stdenv.shell} #!${pkgs.stdenv.shell}
set -euo pipefail set -euo pipefail
baseDir="/etc/skynet/restic" baseDir="/etc/skynet/restic"
mkdir -p $baseDir mkdir -p $baseDir
cd $baseDir cd $baseDir
echo -n "rest:http://root:password@${backup.host.ip}:${toString backup.server.port}/root/${cfg.host.name}" > ${backup.host.name} echo -n "rest:http://root:password@${backup_host.ip}:${toString backup.server.port}/root/${config.services.skynet.host.name}" > ${backup_host.name}
# read in teh password # read in teh password
#PW = `cat ${config.age.secrets.restic.path}` #PW = `cat ${config.age.secrets.restic.path}`
line=$(head -n 1 ${config.age.secrets.restic.path}) line=$(head -n 1 ${config.age.secrets.restic.path})
sed -i "s/password/$line/g" ${backup.host.name} sed -i "s/password/$line/g" ${backup_host.name}
''; '';
};
};
} }
] ]
else [ ] else []
) nodes )
)); nodes
));
in {
imports = [
];
# using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base
# https://git.hrnz.li/Ulli/nixos/src/commit/5edca2dfdab3ce52208e4dfd2b92951e500f8418/profiles/server/restic.nix
# will eb enabled on every server
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet backup";
# what folders to backup
in { normal = {
backups = lib.mkOption {
imports = [ default = [];
type = lib.types.listOf lib.types.str;
]; description = ''
A list of paths to backup.
# using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base '';
# https://git.hrnz.li/Ulli/nixos/src/commit/5edca2dfdab3ce52208e4dfd2b92951e500f8418/profiles/server/restic.nix
# will eb enabled on every server
options.services.skynet_backup = {
# backup is enabled by default
# enable = mkEnableOption "Skynet backup";
# what folders to backup
normal = {
backups = lib.mkOption {
default = [ ];
type = lib.types.listOf lib.types.str;
description = ''
A list of paths to backup.
'';
};
exclude = lib.mkOption {
default = [ ];
type = lib.types.listOf lib.types.str;
description = ''
A list of paths to exclide .
'';
};
}; };
# append only data so space limited exclude = lib.mkOption {
secure = { default = [];
backups = lib.mkOption { type = lib.types.listOf lib.types.str;
default = [ ]; description = ''
type = lib.types.listOf lib.types.str; A list of paths to exclide .
description = '' '';
A list of paths to backup. };
''; };
};
exclude = lib.mkOption { # append only data so space limited
default = [ ]; secure = {
type = lib.types.listOf lib.types.str; backups = lib.mkOption {
description = '' default = [];
A list of paths to exclide . type = lib.types.listOf lib.types.str;
''; description = ''
}; A list of paths to backup.
'';
}; };
host = { exclude = lib.mkOption {
ip = mkOption { default = [];
type = types.str; type = lib.types.listOf lib.types.str;
}; description = ''
A list of paths to exclide .
'';
};
};
name = mkOption { server = {
type = types.str; enable = mkEnableOption "Skynet backup Server";
};
port = mkOption {
type = types.port;
default = 8765;
}; };
server = { appendOnly = mkOption {
enable = mkEnableOption "Skynet backup Server"; type = types.bool;
default = false;
port = mkOption {
type = types.port;
default = 8765;
};
appendOnly = mkOption {
type = types.bool;
default = false;
};
}; };
}; };
config = {
# these values are anabled for every client
environment.systemPackages = [
# for flakes
pkgs.restic
];
# A list of all login accounts. To create the password hashes, use
# nix-shell -p apacheHttpd
# htpasswd -nbB "" "password" | cut -d: -f2
age.secrets.restic.file = ../secrets/backup/restic.age;
networking.firewall.allowedTCPPorts = [
cfg.server.port
];
services.restic.backups = ownServers // {
# merge teh two configs together
# backblaze = base // {
# # backupos for each server are stored in a folder under their name
# repository = "b2:NixOS-Main2:/${cfg.host.name}";
# #environmentFile = config.age.secrets.backblaze.path;
# };
};
age.secrets.restic_pw = mkIf cfg.server.enable {
file = ../secrets/backup/restic_pw.age;
path = "${config.services.restic.server.dataDir}/.htpasswd";
symlink = false;
mode = "770";
owner = "restic";
group = "restic";
};
services.restic.server = mkIf cfg.server.enable{
enable = true;
listenAddress = "${cfg.host.ip}:${toString cfg.server.port}";
appendOnly = cfg.server.appendOnly;
privateRepos = true;
};
}; };
config = mkMerge [
{
# these values are anabled for every client
environment.systemPackages = with pkgs; [
restic
];
}
(mkIf cfg.server.enable {
networking.firewall.allowedTCPPorts = [
cfg.server.port
];
age.secrets.restic_pw = {
file = ../secrets/backup/restic_pw.age;
path = "${config.services.restic.server.dataDir}/.htpasswd";
symlink = false;
mode = "770";
owner = "restic";
group = "restic";
};
services.restic.server = {
enable = true;
listenAddress = "${config.services.skynet.host.ip}:${toString cfg.server.port}";
appendOnly = cfg.server.appendOnly;
privateRepos = true;
};
})
(mkIf enable_client {
# client stuff here
# A list of all login accounts. To create the password hashes, use
# nix-shell -p apacheHttpd
# htpasswd -nbB "" "password" | cut -d: -f2
age.secrets.restic.file = ../secrets/backup/restic.age;
services.restic.backups = mkMerge [
ownServers
{
# merge teh two configs together
# backblaze = base // {
# # backupos for each server are stored in a folder under their name
# repository = "b2:NixOS-Main2:/${config.services.skynet.host.name}";
# #environmentFile = config.age.secrets.backblaze.path;
# };
}
];
})
];
} }

View file

@ -1,78 +0,0 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let
cfg = config.services.skynet;
in {
imports = [
./acme.nix
./dns.nix
];
options.services.skynet = {
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
};
config = {
skynet_acme.domains = [
# the root one is already covered by teh certificate
"2016.skynet.ie"
"discord.skynet.ie"
"ext.skynet.ie"
];
skynet_dns.records = [
# means root domain, so skynet.ie
{record="@"; r_type="A"; value=cfg.host.ip;}
{record="2016"; r_type="CNAME"; value="skynet";}
{record="discord"; r_type="CNAME"; value="skynet";}
];
networking.firewall.allowedTCPPorts = [80 443];
services.httpd = {
enable = true;
group = "acme";
virtualHosts = {
# main site
"skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
# only on skynet.ie
# skynet.ie/~username
enableUserDir = true;
};
"ext.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
# only on skynet.ie
# skynet.ie/~username
enableUserDir = true;
};
# archive of teh site as it was ~2012 to 2016
"2016.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
documentRoot = "${inputs.skynet_website_2016.defaultPackage."x86_64-linux"}";
};
# archive of teh site as it was ~2012 to 2016
"discord.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
globalRedirect = "https://discord.gg/mkuKJkCuyM";
};
};
};
};
}

View file

@ -0,0 +1,34 @@
{year}: {
config,
pkgs,
lib,
inputs,
...
}:
with lib; {
imports = [];
config = {
services.skynet.acme.domains = [
"${year}.skynet.ie"
];
services.skynet.dns.records = [
{
record = year;
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.nginx = {
virtualHosts = {
"${year}.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
root = "${inputs."skynet_website_${year}".defaultPackage."x86_64-linux"}";
};
};
};
};
}

View file

@ -0,0 +1,82 @@
{
config,
pkgs,
lib,
inputs,
...
}:
with lib; let
name = "website";
cfg = config.services.skynet."${name}";
in {
imports = [
# import in past website versions, available at $year.skynet.ie
# at teh end of teh year add it here
(import ./old_site.nix {year = "2023";})
(import ./old_site.nix {year = "2017";})
(import ./old_site.nix {year = "2009";})
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Main Website";
};
config = mkIf cfg.enable {
services.skynet.acme.domains = [
"discord.skynet.ie"
"public.skynet.ie"
];
services.skynet.dns.records = [
# means root domain, so skynet.ie
{
record = "@";
r_type = "A";
value = config.services.skynet.host.ip;
}
{
record = "discord";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
{
record = "public";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.nginx = {
virtualHosts = {
# main site
"skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
locations = {
"/".root = "${inputs.skynet_website.defaultPackage."x86_64-linux"}";
# this redirects old links to new format
"~* ~(?<username>[a-z_0-9]*)(?<files>\\S*)$" = {
priority = 1;
return = "307 https://$username.users.skynet.ie$files";
};
};
};
# a custom discord url, because we are too cheap otehrwise
"discord.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/".return = "307 https://discord.gg/mkuKJkCuyM";
};
"public.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
root = "${inputs.compsoc_public.packages.x86_64-linux.default}";
locations."/".extraConfig = "autoindex on;";
};
};
};
};
}

View file

@ -0,0 +1,64 @@
{
config,
pkgs,
lib,
inputs,
...
}:
with lib; let
name = "wiki";
cfg = config.services.skynet."${name}";
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet Wiki";
};
config = mkIf cfg.enable {
services.skynet.acme.domains = [
"renew.skynet.ie"
"wiki.skynet.ie"
];
services.skynet.dns.records = [
{
record = "renew";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
{
record = "wiki";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
services.nginx = {
virtualHosts = {
"wiki.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
root = "${inputs.skynet_website_wiki.defaultPackage."x86_64-linux"}";
# https://stackoverflow.com/a/38238001/11964934
extraConfig = ''
location / {
if ($request_uri ~ ^/(.*)\.html) {
return 302 /$1;
}
try_files $uri $uri.html $uri/ =404;
}
'';
};
# redirect old links to the new wiki
"renew.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/".return = "307 https://wiki.skynet.ie";
};
};
};
};
}

View file

@ -0,0 +1,138 @@
{
config,
pkgs,
lib,
inputs,
...
}:
with lib; let
name = "website_users";
cfg = config.services.skynet."${name}";
php_pool = name;
in {
imports = [
];
options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet User Linux Server";
};
config = {
# we havea more limited ports range on the skynet server
services.skynet.prometheus.ports = {
node = 9000;
};
# allow more than admins access
services.skynet.ldap_client = {
groups = [
"skynet-admins-linux"
"skynet-users-linux"
];
};
# Website config
services.skynet.acme.domains = [
"users.skynet.ie"
"*.users.skynet.ie"
];
services.skynet.dns.records = [
{
record = "users";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
{
record = "*.users";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
environment.systemPackages = with pkgs; [
vim
php
];
networking = {
defaultGateway = {
address = lib.mkDefault "193.1.96.161";
interface = lib.mkDefault "eth1";
};
};
# normally services cannot read home dirs
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
systemd.services."phpfpm-${php_pool}".serviceConfig.ProtectHome = lib.mkForce "read-only";
services.phpfpm.pools.${php_pool} = {
user = config.services.nginx.user;
group = config.services.nginx.group;
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
phpEnv."PATH" = lib.makeBinPath [pkgs.php];
};
services.nginx.virtualHosts = {
"outinul.ie" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
alias = "/home/outinul/public_html/";
index = "index.html";
extraConfig = ''
autoindex on;
'';
tryFiles = "$uri$args $uri$args/ /index.html";
};
};
};
# main site
"*.users.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
serverName = "~^(?<user>.+)\.users\.skynet\.ie";
# username.users.skynet.ie/
# user goes:
# chmod 711 ~
# chmod -R 755 ~/public_html
locations = {
"/" = {
alias = "/home/$user/public_html/";
index = "index.html";
extraConfig = ''
autoindex on;
'';
tryFiles = "$uri$args $uri$args/ /index.html";
};
"~ ^(.+\\.php)(.*)$" = {
root = "/home/$user/public_html/";
index = "index.php";
extraConfig = ''
autoindex on;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.${php_pool}.socket};
include ${pkgs.nginx}/conf/fastcgi.conf;
'';
tryFiles = "$uri$args $uri$args/ /index.php";
};
};
};
};
};
}

View file

@ -1,67 +1,61 @@
{ config, lib, pkgs, ... }: {
with lib; config,
let lib,
cfg = config.services.skynet_ulfm; pkgs,
in { ...
}:
with lib; let
name = "ulfm";
cfg = config.services.skynet."${name}";
in {
imports = [ imports = [
./acme.nix
./dns.nix
./firewall.nix
./nginx.nix
]; ];
options.services.skynet_ulfm = { options.services.skynet."${name}" = {
enable = mkEnableOption "ULFM service"; enable = mkEnableOption "ULFM service";
host = { domain = {
ip = mkOption { tld = mkOption {
type = types.str; type = types.str;
}; default = "ie";
};
name = mkOption { base = mkOption {
type = types.str; type = types.str;
}; default = "skynet";
}; };
domain = { sub = mkOption {
tld = mkOption { type = types.str;
type = types.str; default = "ulfm";
default = "ie"; };
}; };
base = mkOption {
type = types.str;
default = "skynet";
};
sub = mkOption {
type = types.str;
default = "ulfm";
};
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# shove the entire config file into secrets # TODO: extract this out into its own config
age.secrets.ulfm.file = ../secrets/stream_ulfm.age; age.secrets.ulfm.file = ../secrets/stream_ulfm.age;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
8000 8000
]; ];
skynet_acme.domains = [ services.skynet.acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
]; ];
skynet_dns.records = [ services.skynet.dns.records = [
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} {
record = cfg.domain.sub;
r_type = "CNAME";
value = config.services.skynet.host.name;
}
]; ];
skynet_firewall.forward = [ skynet_firewall.forward = [
"ip daddr ${cfg.host.ip} tcp dport 80 counter packets 0 bytes 0 accept" "ip daddr ${config.services.skynet.host.ip} tcp dport 80 counter packets 0 bytes 0 accept"
"ip daddr ${cfg.host.ip} tcp dport 443 counter packets 0 bytes 0 accept" "ip daddr ${config.services.skynet.host.ip} tcp dport 443 counter packets 0 bytes 0 accept"
"ip daddr ${cfg.host.ip} tcp dport 8000 counter packets 0 bytes 0 accept" "ip daddr ${config.services.skynet.host.ip} tcp dport 8000 counter packets 0 bytes 0 accept"
]; ];
users.groups."icecast" = {}; users.groups."icecast" = {};
@ -74,9 +68,9 @@
}; };
systemd.services.icecast = { systemd.services.icecast = {
after = [ "network.target" ]; after = ["network.target"];
description = "Icecast Network Audio Streaming Server"; description = "Icecast Network Audio Streaming Server";
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
preStart = "mkdir -p /var/log/icecast && chown nobody:nogroup /var/log/icecast"; preStart = "mkdir -p /var/log/icecast && chown nobody:nogroup /var/log/icecast";
serviceConfig = { serviceConfig = {
@ -86,12 +80,14 @@
}; };
}; };
services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { services.nginx = {
forceSSL = true; virtualHosts = {
useACMEHost = "skynet"; "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
locations."/".proxyPass = "http://localhost:8000"; forceSSL = true;
useACMEHost = "skynet";
locations."/".proxyPass = "http://localhost:8000";
};
};
}; };
}; };
}
}

113
config/dns.nix Normal file
View file

@ -0,0 +1,113 @@
{lib, ...}: {
imports = [
];
options.skynet.records = lib.mkOption {
description = "Records, sorted based on therir type";
type = lib.types.listOf (lib.types.submodule (import ../applications/dns/options-records.nix {
inherit lib;
}));
};
config = {
skynet.records =
[
# wifi in server room
{
record = "ash";
r_type = "A";
value = "193.1.99.114";
server = true;
}
{
record = "optimus";
r_type = "A";
value = "193.1.99.90";
server = true;
}
{
record = "panel.games";
r_type = "CNAME";
value = "optimus";
}
{
record = "bumblebee";
r_type = "A";
value = "193.1.99.91";
server = true;
}
{
record = "minecraft.compsoc.games";
r_type = "CNAME";
value = "bumblebee";
}
{
record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie.";
r_type = "SRV";
value = "0 10 25518 bumblebee.skynet.ie.";
}
{
record = "minecraft-classic.compsoc.games";
r_type = "CNAME";
value = "bumblebee";
}
{
record = "_minecraft._tcp.minecraft-classic.compsoc.games.skynet.ie.";
r_type = "SRV";
value = "0 10 25518 bumblebee.skynet.ie.";
}
{
record = "minecraft.gsoc.games";
r_type = "CNAME";
value = "bumblebee";
}
{
record = "_minecraft._tcp.minecraft.gsoc.games.skynet.ie.";
r_type = "SRV";
value = "0 10 25521 bumblebee.skynet.ie.";
}
{
record = "minecraft.phildeb.games";
r_type = "CNAME";
value = "bumblebee";
}
{
record = "_minecraft._tcp.minecraft.phildeb.games.skynet.ie.";
r_type = "SRV";
value = "0 10 25522 bumblebee.skynet.ie.";
}
{
record = "minecraft-aged.compsoc.games";
r_type = "CNAME";
value = "bumblebee";
}
{
record = "_minecraft._tcp.minecraft-aged.compsoc.games.skynet.ie.";
r_type = "SRV";
value = "0 10 25519 bumblebee.skynet.ie.";
}
]
# non skynet domains
++ [
{
domain = "conradcollins.net";
record = "www";
r_type = "CNAME";
value = "skynet.skynet.ie.";
}
{
domain = "edelharty.net";
record = "www";
r_type = "CNAME";
value = "skynet.skynet.ie.";
}
{
domain = "damienconroy.com";
record = "www";
r_type = "CNAME";
value = "skynet.skynet.ie.";
}
];
};
}

408
config/users.nix Normal file
View file

@ -0,0 +1,408 @@
{
lib,
config,
...
}:
with lib; let
port_backend = "8087";
cfg = config.skynet.users;
in {
options.skynet = {
users = {
committee = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of committee members";
};
admin = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of admins";
};
trainee = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of trainee admins";
};
lifetime = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of lifetime users";
};
banned = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of banned users";
};
restricted = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of restricted user accounts";
};
clubs_societies = mkOption rec {
type = types.listOf types.str;
default = [];
description = "array of accounts for Clubs and Societies";
};
};
};
config.skynet = {
users = {
committee = lib.lists.unique (
# Committee - Core
[
"silver"
"eoghanconlon73"
"nanda"
"emily1999"
"dgr"
]
# Committee - OCM
++ [
"sidhiel"
"skyapples"
"eliza"
"amymucko"
"archiedms"
]
# Committee - SISTEM
++ [
"peace"
]
# Admins are part of Committee as well
++ cfg.admin
);
admin = [
"silver"
"evanc"
"eliza"
"esy"
];
trainee = [];
lifetime = [];
banned = [];
clubs_societies = [
"outinul"
"gamesdev"
];
restricted =
[
# usernames folks arent allowed to use
"contact"
"dnsadm"
"president"
"treasurer"
"secretary"
"pro"
"sysadmin"
"root"
]
++ [
# basis comes from https://discord.com/channels/689189992417067052/1126084496710713414/1149072061466169444
# start off with compsoc stuff first
"competition_www"
"demo1"
"demouser"
"ftp"
"lost+found"
"postfix"
"skynews.old"
"system_backup"
"test"
"test12"
"test20202"
"test20203"
"tmp"
"webadm"
]
++ [
# clubs and socs (as far as I can tell
"aerosoc"
"aikido"
"anfocal"
"bics"
"boarding"
"cns"
"dev"
"filmsoc"
"gaa"
"german"
"golfsoc"
"handball"
"hispanic"
"history"
"hockey"
"home"
"legosoc"
"lifesave"
"mens_gfc"
"musicsoc"
"pagansoc"
"peacesoc"
"physics"
"poker"
"prolife"
"radio"
"ragweek"
"sinnfein"
"soccer"
"ulbs"
"ulcamogie"
"ulcc"
"ulgaa"
"ulils"
"ulladiesfootball"
"ullaughinsoc"
"ulrfc"
"ulriders"
"ulssc"
"ultennis"
"viking"
]
++ [
# remaining, most likely usernames
"_9thwonder"
"abc"
"activate"
"aiesec"
"air"
"aladdin"
"alaric"
"aldozzie"
"allenli"
"amg"
"amgl"
"annette"
"annlad"
"ards_backup"
"arisquez"
"arthur"
"austin"
"beta"
"bh"
"bigdave"
"bios"
"bizarroal"
"bmacaree"
"boardy"
"boddah"
"bogus.anime.fakh"
"bogus.bhudt.dacf"
"bogus.citoge.baym"
"bogus.electro.ba0a"
"bogus.fencing.baw5"
"bogus.harry.ba8f"
"bogus.hui.hong.baci"
"bogus.ironman.baqib"
"bogus.joe.bach"
"bogus.kenny.bas6"
"bogus.kerswin.baybb"
"bogus.kravmaga.ba0w"
"bogus.methi.baq5"
"bogus.nelsonmw.bauc"
"bogus.poshea.ba0m"
"bogus.redwolf.bawn"
"bogus.romanov.baat"
"bogus.ryan.bae-"
"bogus.rynnea.bask"
"bogus.sea.af"
"bogus.shane.c.ba8z"
"bogus.t1000.baggb"
"bogus.ullrugby.ba8p"
"brendan"
"bubba"
"c_material_removed"
"ca_worm"
"cactus"
"carticus"
"cathalc"
"cathald-broken"
"cdschedule"
"celtic"
"christine"
"cian"
"ciara"
"ciaran"
"colin"
"cosmo"
"counsel"
"creosote"
"crew"
"cues"
"cur"
"cwhelan"
"dac"
"daktulu"
"datacore"
"davec"
"daverus"
"deano"
"deccy"
"declanmu"
"deiji"
"dermotmc"
"derrick"
"deshocks"
"diarmuid"
"dippy"
"djraptor"
"dmackey"
"dmir"
"dom"
"dom_mckay"
"donie"
"donnacha"
"dos30"
"drazhar"
"duffman"
"eas"
"electal"
"emc"
"emilia"
"emma"
"emmag"
"ents"
"envcom"
"eoinh95"
"epgriffin"
"equest"
"fiacc"
"fint"
"flanno"
"fmannix"
"foodcoop"
"gamenet"
"ganainm"
"gar"
"ger88"
"ghama"
"ging"
"goborobo"
"gooner"
"greekweek"
"hawking"
"hb"
"homer"
"hoshi"
"ian"
"ianrice"
"ilug"
"infinity"
"ingenuus"
"internat"
"jamessy"
"jamiebarry"
"jbravo"
"jdonegan"
"joedredd"
"johann"
"jokill"
"jsoccer"
"jules"
"kate"
"katie"
"kellyj"
"kiely"
"koo"
"l_d_ablo"
"lakes"
"laura"
"lebowski"
"liabraid"
"lynn"
"mal"
"manuel"
"maraz"
"marieke"
"marky"
"mature"
"mbyrne"
"meanturtle"
"mickaful"
"mickasul"
"mikado"
"mikeh"
"mikkel"
"mixiezme"
"mmc"
"molly"
"moochie"
"moonser"
"mopic"
"mp"
"nastros"
"neutrino"
"new"
"nezzy"
"nkdc"
"nmcenroy"
"noelle"
"nugget"
"ob"
"omega"
"oneillbeano"
"pamela"
"peterj"
"photyl"
"plake"
"pmcg1986"
"pyro"
"qubeat"
"rachel"
"rachelg"
"ralmeida"
"raymond"
"razzlero"
"red"
"rmacm"
"rmorrissey"
"robson"
"selena"
"shark"
"shayscannell"
"shazlove"
"shelley"
"shelly"
"silver.old"
"sirhc"
"sithlord"
"sk"
"sligoer"
"slowey"
"smallp"
"smurfy"
"sordfish"
"soul98"
"soular"
"st"
"stefanovich"
"svp"
"szczerba"
"tangsoodo"
"tc"
"tenfor"
"teslacut"
"theematt"
"thomasl"
"tockman"
"ugm"
"vanzan"
"volleyb"
"warren"
"weather"
"wiles"
"yvonne"
"zrahman"
]
++ [
# former aliases
"david.dolphin"
"cc"
"mark.brennan"
];
};
};
}

1300
flake.lock

File diff suppressed because it is too large Load diff

109
flake.nix
View file

@ -1,46 +1,91 @@
{ {
description = "Deployment for skynet"; description = "Deployment for skynet";
inputs = { inputs = {
# gonna start off with a fairly modern base # gonna start off with a fairly modern base
nixpkgs.url = "nixpkgs/nixos-unstable"; nixpkgs.url = "nixpkgs/nixos-unstable";
# Return to using unstable once the current master is merged in
# nixpkgs.url = "nixpkgs/nixos-unstable";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
# utility stuff # utility stuff
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
arion.url = "github:hercules-ci/arion"; arion.url = "github:hercules-ci/arion";
alejandra = {
url = "github:kamadorueda/alejandra";
inputs.nixpkgs.follows = "nixpkgs";
};
colmena.url = "github:zhaofengli/colmena";
# email # we host our own
# simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; simple-nixos-mailserver = {
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; inputs.nixpkgs.follows = "nixpkgs";
url = "git+https://forgejo.skynet.ie/Skynet/misc_nixos-mailserver";
};
# account.skynet.ie ######################
skynet_ldap_backend.url = "gitlab:compsoc1%2Fskynet%2Fldap/backend?host=gitlab.skynet.ie"; ### skynet backend ###
skynet_ldap_frontend.url = "gitlab:compsoc1%2Fskynet%2Fldap/frontend?host=gitlab.skynet.ie"; ######################
skynet_ldap_backend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_backend";
skynet_ldap_frontend.url = "git+https://forgejo.skynet.ie/Skynet/ldap_frontend";
skynet_website_wiki.url = "git+https://forgejo.skynet.ie/Skynet/wiki";
skynet_website_games.url = "git+https://forgejo.skynet.ie/Skynet/website_games";
skynet_discord_bot.url = "git+https://forgejo.skynet.ie/Skynet/discord-bot";
skynet_website.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2023?host=gitlab.skynet.ie"; #####################
skynet_website_2016.url = "gitlab:compsoc1%2Fskynet%2Fwebsite/2016?host=gitlab.skynet.ie"; ### compsoc stuff ###
#####################
compsoc_public.url = "git+https://forgejo.skynet.ie/Computer_Society/presentations_compsoc";
skynet_discord_bot.url = "gitlab:compsoc1%2Fskynet/discord-bot?host=gitlab.skynet.ie"; #################
### skynet.ie ###
#################
# this should always point to teh current website
skynet_website.url = "https://forgejo.skynet.ie/Skynet/website_2017/archive/main.tar.gz";
# these are past versions of teh website
skynet_website_2023.url = "https://forgejo.skynet.ie/Skynet/website_2017/archive/c4d61c753292bf73ed41b47b1607cfc92a82a191.tar.gz";
# this is not 100% right since this is from teh archive from 2022 or so
skynet_website_2017.url = "https://forgejo.skynet.ie/Skynet/website_2017/archive/edd922c5b13fa1f520e8e265a3d6e4e189852b99.tar.gz";
# this is more of 2012 than 2009 but started in 2009
skynet_website_2009.url = "https://forgejo.skynet.ie/Skynet/website_2009/archive/main.tar.gz";
}; };
nixConfig.bash-prompt-suffix = "[Skynet Dev] "; nixConfig = {
bash-prompt-suffix = "[Skynet Dev] ";
extra-substituters = "https://nix-cache.skynet.ie/skynet-cache";
extra-trusted-public-keys = "skynet-cache:zMFLzcRZPhUpjXUy8SF8Cf7KGAZwo98SKrzeXvdWABo=";
};
outputs = { self, nixpkgs, agenix, ... } @inputs: outputs = {
let self,
pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs; nixpkgs,
in { agenix,
alejandra,
colmena,
...
} @ inputs: let
pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs;
in {
formatter.x86_64-linux = alejandra.defaultPackage."x86_64-linux";
devShells.x86_64-linux.default = pkgs.mkShell { devShells.x86_64-linux.default = pkgs.mkShell {
name = "Skynet build env"; name = "Skynet build env";
nativeBuildInputs = [ nativeBuildInputs = [
pkgs.buildPackages.git pkgs.buildPackages.git
pkgs.buildPackages.colmena colmena.defaultPackage."x86_64-linux"
pkgs.buildPackages.nmap pkgs.attic-client
pkgs.buildPackages.nmap
]; ];
buildInputs = [ agenix.packages.x86_64-linux.default ]; buildInputs = [agenix.packages.x86_64-linux.default];
shellHook = ''export EDITOR="${pkgs.nano}/bin/nano --nonewlines"''; shellHook = ''export EDITOR="${pkgs.nano}/bin/nano --nonewlines"; unset LD_LIBRARY_PATH;'';
}; };
colmena = { colmena = {
@ -50,12 +95,12 @@
overlays = []; overlays = [];
}; };
specialArgs = { specialArgs = {
inherit inputs; inherit inputs self;
}; };
}; };
# installed for each machine # installed for each machine
defaults = import ./machines/_base.nix ; defaults = import ./machines/_base.nix;
# firewall machiene # firewall machiene
agentjones = import ./machines/agentjones.nix; agentjones = import ./machines/agentjones.nix;
@ -69,9 +114,6 @@
# icecast - ULFM # icecast - ULFM
galatea = import ./machines/galatea.nix; galatea = import ./machines/galatea.nix;
# Game host
optimus = import ./machines/optimus.nix;
# LDAP host # LDAP host
kitt = import ./machines/kitt.nix; kitt = import ./machines/kitt.nix;
@ -87,10 +129,23 @@
# backup 1 # backup 1
neuromancer = import ./machines/neuromancer.nix; neuromancer = import ./machines/neuromancer.nix;
# Skynet # Skynet, user ssh access
skynet = import ./machines/skynet.nix; skynet = import ./machines/skynet.nix;
# Main skynet sites
earth = import ./machines/earth.nix;
# Nextcloud
cadie = import ./machines/cadie.nix;
# trainee server
marvin = import ./machines/marvin.nix;
# Public Services
calculon = import ./machines/calculon.nix;
# metrics
ariia = import ./machines/ariia.nix;
}; };
}; };
} }

View file

@ -1,92 +1,139 @@
{ pkgs, modulesPath, config, options, inputs, ... }:
{ {
pkgs,
modulesPath,
config,
options,
inputs,
lib,
...
}:
with lib; let
cfg = config.skynet;
in {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") # custom lxc mocule until the patch gets merged in
../applications/proxmox-lxc.nix
# (modulesPath + "/virtualisation/proxmox-lxc.nix")
# for the secrets # for the secrets
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
# every sever may need the firewall config stuff # base application config for all servers
../applications/firewall.nix ../applications/_base.nix
# every sever needs to have a dns record #
../applications/dns.nix inputs.lix-module.nixosModules.default
# every server needs teh ldap client for admins
../applications/ldap/client.nix
# every server will need the config to backup to
../applications/restic.nix
]; ];
# flakes are essensial options.skynet = {
nix.settings.experimental-features = [ "nix-command" "flakes" ]; lxc = mkOption {
type = types.bool;
system.stateVersion = "22.11"; # most of our servers are lxc so its true by default
default = true;
services.openssh = { description = mdDoc "Is this a Linux Container?";
enable = true; };
settings.PermitRootLogin = "prohibit-password";
}; };
users.users.root = { config = {
initialHashedPassword = ""; # if its a lxc enable
proxmoxLXC.enable = cfg.lxc;
openssh.authorizedKeys.keys = [ nix = {
# no obligation to have name attached to keys settings = {
# flakes are essensial
experimental-features = ["nix-command" "flakes"];
trusted-users = [
"root"
"@skynet-admins-linux"
];
};
# Root account # https://nixos.wiki/wiki/Storage_optimization
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin" # gc = {
# automatic = true;
# dates = "weekly";
# options = "--delete-older-than 30d";
# };
# CI/CD key # to free up to 10GiB whenever there is less than 1GiB left
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDvexq/JjsMqL0G5P38klzoOkHs3IRyXYO1luEJuB5R colmena_key" extraOptions = ''
min-free = ${toString (1024 * 1024 * 1024)}
max-free = ${toString (1024 * 1024 * 1024 * 10)}
'';
};
# Brendan Golden system.stateVersion = "22.11";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer" services.openssh = {
enable = true;
settings.PermitRootLogin = "prohibit-password";
};
users.users.root = {
initialHashedPassword = "";
openssh.authorizedKeys.keys = [
# no obligation to have name attached to keys
# Root account
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"
# CI/CD key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDvexq/JjsMqL0G5P38klzoOkHs3IRyXYO1luEJuB5R colmena_key"
# Brendan Golden
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"
];
};
# skynet-admin-linux will always be added, individual servers can override the groups option
services.skynet.ldap_client.enable = true;
networking = {
# every sever needs to be accessable over ssh for admin use at least
firewall.allowedTCPPorts = [22];
# explisitly stating this is good
defaultGateway = {
address = "193.1.99.65";
interface = "eth0";
};
# cannot use our own it seems?
nameservers = [
# ns1
"193.1.99.120"
# ns2
"193.1.99.109"
];
};
# time on vendetta is strangely out of sync
networking.timeServers = options.networking.timeServers.default ++ ["ie.pool.ntp.org"];
services.ntp.enable = true;
# use teh above nameservers as the fallback dns
services.resolved.fallbackDns = config.networking.nameservers;
# https://discourse.nixos.org/t/systemd-networkd-wait-online-934764-timeout-occurred-while-waiting-for-network-connectivity/33656/9
systemd.network.wait-online.enable = false;
environment.systemPackages = with pkgs; [
# for flakes
git
git-lfs
# useful tools
ncdu_2
htop
nano
nmap
bind
zip
traceroute
openldap
screen
]; ];
}; };
# skynet-admin-linux will always be added, individual servers can override the groups option
services.skynet_ldap_client.enable = true;
networking = {
# every sever needs to be accessable over ssh for admin use at least
firewall.allowedTCPPorts = [22];
# explisitly stating this is good
defaultGateway = "193.1.99.65";
# cannot use our own it seems?
nameservers = [
# ns1
"193.1.99.120"
# ns2
"193.1.99.109"
];
};
# time on vendetta is strangely out of sync
networking.timeServers = options.networking.timeServers.default ++ [ "ie.pool.ntp.org" ];
services.ntp.enable = true;
# use teh above nameservers as the fallback dns
services.resolved.fallbackDns = config.networking.nameservers;
environment.systemPackages = [
# for flakes
pkgs.git
# useful tools
pkgs.ncdu_2
pkgs.htop
pkgs.nano
pkgs.nmap
pkgs.bind
pkgs.zip
pkgs.traceroute
pkgs.openldap
pkgs.screen
];
} }

View file

@ -1,74 +1,60 @@
/* /*
Name: https://matrix.fandom.com/wiki/Agent_Jones Name: https://matrix.fandom.com/wiki/Agent_Jones
Type: Physical Type: Physical
Hardware: PowerEdge r210 Hardware: PowerEdge r210
From: 2011 (?) From: 2011 (?)
Role: Firewall Role: Firewall
Notes: Used to have Agent Smith as a partner but it died (Ironically) Notes: Used to have Agent Smith as a partner but it died (Ironically)
*/ */
{
{ pkgs, lib, nodes, ... }: pkgs,
let lib,
nodes,
...
}: let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "agentjones"; name = "agentjones";
ip_pub = "193.1.99.72"; ip_pub = "193.1.99.72";
ip_priv = "193.1.99.125"; hostname = "${name}.skynet.ie";
hostname = "${name}.skynet.ie"; host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in { in {
imports = [ imports = [
./hardware/_base.nix
./hardware/RM001.nix ./hardware/RM001.nix
]; ];
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = null;
# somehow ssh from runner to this fails # somehow ssh from runner to this fails
tags = [ "active-firewall" ]; tags = ["active-firewall"];
}; };
skynet_dns.records = [ services.skynet = {
{record=name; r_type="A"; value=ip_pub; server=true;} host = host;
{record=ip_pub; r_type="PTR"; value=hostname;} backup.enable = true;
];
services.skynet_backup = {
host = {
ip = ip_pub;
name = name;
};
}; };
# keep the wired usb connection alive (front panel) # keep the wired usb connection alive (front panel)
networking.interfaces.enp0s29u1u5u2.useDHCP = true; # networking.interfaces.enp0s29u1u5u2.useDHCP = true;
networking.hostName = name; networking.hostName = name;
# this has to be defined for any physical servers # this has to be defined for any physical servers
# vms are defined by teh vm host # vms are defined by teh vm host
networking.interfaces = { networking = {
eno2 = { defaultGateway.interface = lib.mkForce "eno1";
ipv4.addresses = [ interfaces.eno1.ipv4.addresses = [
{ {
address = ip_pub; address = ip_pub;
prefixLength = 26; prefixLength = 26;
} }
]; ];
};
eno1 = {
#useDHCP = false;
ipv4.addresses = [
{
# internal address
address = ip_priv;
prefixLength = 26;
}
];
};
}; };
# this server is teh firewall # this server is teh firewall
@ -87,23 +73,25 @@ in {
}; };
}; };
enable = true; enable = false;
# gonna have to get all the # gonna have to get all the
forward = builtins.concatLists ( forward = builtins.concatLists (
# using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list # using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
lib.attrsets.mapAttrsToList (key: value: lib.attrsets.mapAttrsToList (
key: value:
# make sure that anything running this firewall dosent count (recursion otherewise) # make sure that anything running this firewall dosent count (recursion otherewise)
# firewall may want to open ports in itself but can deal with that later # firewall may want to open ports in itself but can deal with that later
if builtins.hasAttr "skynet_firewall" value.config if builtins.hasAttr "skynet_firewall" value.config
then ( then
if value.config.skynet_firewall.enable (
then [] if value.config.skynet_firewall.enable
else value.config.skynet_firewall.forward then []
) else value.config.skynet_firewall.forward
else [] )
) nodes else []
)
nodes
); );
}; };
} }

47
machines/ariia.nix Normal file
View file

@ -0,0 +1,47 @@
/*
Name: https://en.wikipedia.org/wiki/Eagle_Eye
Why: ARIIA - Autonomous Reconnaissance Intelligence Integration Analyst
Type: VM
Hardware: -
From: 2024
Role: Metrics gathering and Analysis
Notes:
*/
{
config,
pkgs,
lib,
nodes,
...
}: let
# name of the server, sets teh hostname and record for it
name = "ariia";
ip_pub = "193.1.99.83";
hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in {
imports = [
../applications/grafana.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = null;
tags = ["active-core"];
};
services.skynet = {
host = host;
backup.enable = true;
prometheus.server.enable = true;
grafana.enable = true;
};
}

47
machines/cadie.nix Normal file
View file

@ -0,0 +1,47 @@
/*
Name: https://en.wikipedia.org/wiki/List_of_Google_April_Fools%27_Day_jokes#CADIE
Why: CADIE is what google could have been, but they chickened out.
Type: VM
Hardware: -
From: 2023
Role: Google but better
Notes:
*/
{
pkgs,
lib,
nodes,
...
}: let
# name of the server, sets teh hostname and record for it
name = "cadie";
ip_pub = "193.1.99.77";
hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in {
imports = [
../applications/nextcloud.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = null;
tags = ["active"];
};
services.skynet = {
host = host;
backup.enable = true;
nextcloud.enable = true;
};
# this was causing a conflict for some reason
systemd.network.enable = lib.mkForce false;
}

49
machines/calculon.nix Normal file
View file

@ -0,0 +1,49 @@
/*
Name: https://futurama.fandom.com/wiki/Calculon
Why: Public Service server
Type: VM
Hardware: -
From: 2024
Role: Public services such as Nix Cache, Open governance stuff.
Notes:
*/
{
pkgs,
lib,
nodes,
inputs,
...
}: let
name = "calculon";
ip_pub = "193.1.99.82";
hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in {
imports = [
../applications/nix_cache/nix_cache.nix
../applications/open_governance/open_governance.nix
../applications/open_governance/keyserver.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = null;
tags = ["active"];
};
services.skynet = {
host = host;
backup.enable = true;
nix-cache.enable = true;
open-governance.enable = true;
keyserver.enable = true;
};
}

46
machines/earth.nix Normal file
View file

@ -0,0 +1,46 @@
/*
Name: https://hitchhikers.fandom.com/wiki/Earth
Why: Our home(page)
Type: VM
Hardware: -
From: 2023
Role: Webserver
Notes:
*/
{
pkgs,
lib,
nodes,
inputs,
...
}: let
name = "earth";
ip_pub = "193.1.99.79";
hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in {
imports = [
../applications/skynet.ie/skynet.ie.nix
../applications/skynet.ie/wiki.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = null;
tags = ["active-core"];
};
services.skynet = {
host = host;
backup.enable = true;
website.enable = true;
wiki.enable = true;
};
}

View file

@ -1,21 +1,29 @@
/* /*
Name: https://en.wikipedia.org/wiki/Galatea_(mythology) Name: https://en.wikipedia.org/wiki/Galatea_(mythology)
Why: Created as a product of artistic expression Why: Created as a product of artistic expression
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: Icecast server for ULFM Role: Icecast server for ULFM
Notes: Notes:
*/ */
{
{ pkgs, lib, nodes, config, ... }: pkgs,
let lib,
nodes,
config,
...
}: let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "galatea"; name = "galatea";
ip_pub = "193.1.99.111"; ip_pub = "193.1.99.111";
hostname = "${name}.skynet.ie"; hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in { in {
imports = [ imports = [
../applications/ulfm.nix ../applications/ulfm.nix
@ -24,28 +32,14 @@ in {
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = null;
tags = [ "active" ]; tags = ["active"];
}; };
skynet_dns.records = [ services.skynet = {
{record=name; r_type="A"; value=ip_pub; server=true;} host = host;
{record=ip_pub; r_type="PTR"; value=hostname;} backup.enable = true;
]; ulfm.enable = true;
services.skynet_backup = {
host = {
ip = ip_pub;
name = name;
};
};
services.skynet_ulfm = {
enable = true;
host = {
ip = ip_pub;
name = name;
};
}; };
} }

View file

@ -1,23 +1,28 @@
/* /*
Name: https://zim.fandom.com/wiki/GIR Name: https://zim.fandom.com/wiki/GIR
Why: Gir used to have this role before, servers never die Why: Gir used to have this role before, servers never die
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: Email Server Role: Email Server
Notes: Notes:
*/ */
{
{ pkgs, lib, nodes, ... }: pkgs,
let lib,
nodes,
...
}: let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "gir"; name = "gir";
ip_pub = "193.1.99.76"; ip_pub = "193.1.99.76";
hostname = "${name}.skynet.ie"; hostname = "${name}.skynet.ie";
#hostname = ip_pub; host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in { in {
imports = [ imports = [
../applications/email.nix ../applications/email.nix
@ -26,31 +31,14 @@ in {
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = null;
tags = [ "active-core" ]; tags = ["active-core"];
}; };
# add this server to dns services.skynet = {
skynet_dns.records = [ host = host;
{record=name; r_type="A"; value=ip_pub; server=true;} backup.enable = true;
{record=ip_pub; r_type="PTR"; value=hostname;} email.enable = true;
];
services.skynet_backup = {
host = {
ip = ip_pub;
name = name;
};
};
# we use this to pass in teh relevent infomation to the
services.skynet_email = {
enable = true;
host = {
ip = ip_pub;
name = name;
};
domain = "skynet.ie";
}; };
} }

View file

@ -1,55 +1,47 @@
/* /*
Name: https://half-life.fandom.com/wiki/GLaDOS Name: https://half-life.fandom.com/wiki/GLaDOS
Why: Glados has a vast experence of testing and deploying. Why: Glados has a vast experence of testing and deploying.
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: Git server Role: Git server
Notes: Each user has roughly 20gb os storage Notes: Each user has roughly 20gb os storage
20 * 100 = 2000gb 20 * 100 = 2000gb
*/ */
{
{ pkgs, lib, nodes, ... }: pkgs,
let lib,
nodes,
...
}: let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "glados"; name = "glados";
ip_pub = "193.1.99.75"; ip_pub = "193.1.99.75";
hostname = "${name}.skynet.ie"; hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in { in {
imports = [ imports = [
../applications/gitlab.nix ../applications/git/gitlab.nix
../applications/git/forgejo.nix
]; ];
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = null;
tags = [ "active-gitlab" ]; tags = ["active-gitlab"];
}; };
services.skynet = {
skynet_dns.records = [ host = host;
{record=name; r_type="A"; value=ip_pub; server=true;} backup.enable = true;
{record=ip_pub; r_type="PTR"; value=hostname;} gitlab.enable = true;
]; forgejo.enable = true;
services.skynet_backup = {
host = {
ip = ip_pub;
name = name;
};
}; };
}
services.skynet_gitlab = {
enable = true;
host = {
ip = ip_pub;
name = name;
};
};
}

View file

@ -1,31 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./_base.nix
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; # Use the systemd-boot EFI boot loader.
boot.initrd.kernelModules = [ ]; boot.loader.systemd-boot.enable = true;
boot.kernelModules = [ ]; boot.loader.efi.canTouchEfiVariables = true;
boot.extraModulePackages = [ ];
fileSystems."/" = boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
{ device = "/dev/disk/by-uuid/9b177e4a-726e-4e68-a0e1-53837a8cae2e"; boot.initrd.kernelModules = [];
fsType = "ext4"; boot.kernelModules = [];
}; boot.extraModulePackages = [];
fileSystems."/boot" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/41AD-70AF"; device = "/dev/disk/by-uuid/f7b9d648-735f-44b7-b439-6af601b234a7";
fsType = "vfat"; fsType = "ext4";
}; };
swapDevices = fileSystems."/boot" = {
[ { device = "/dev/disk/by-uuid/c5990c64-077f-45b1-96b5-44ec93e6651f"; } device = "/dev/disk/by-uuid/679E-C352";
]; fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/b1da9f57-1ed0-4f10-a6c0-6536a0017b2a";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@ -34,7 +43,6 @@
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true; # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s29u1u1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

View file

@ -1,31 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./_base.nix
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; # Use the systemd-boot EFI boot loader.
boot.initrd.kernelModules = [ ]; boot.loader.systemd-boot.enable = true;
boot.kernelModules = [ ]; boot.loader.efi.canTouchEfiVariables = true;
boot.extraModulePackages = [ ];
fileSystems."/" = boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
{ device = "/dev/disk/by-uuid/34918a4f-ca27-4070-a309-94bc59bdd743"; boot.initrd.kernelModules = [];
fsType = "ext4"; boot.kernelModules = [];
}; boot.extraModulePackages = [];
fileSystems."/boot" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/8B03-4D11"; device = "/dev/disk/by-uuid/5c1a39c9-c458-4518-b75b-5a831bebc204";
fsType = "vfat"; fsType = "ext4";
}; };
swapDevices = fileSystems."/boot" = {
[ { device = "/dev/disk/by-uuid/c83e65ad-d252-4024-93a9-0253c5d8beac"; } device = "/dev/disk/by-uuid/8CBD-7032";
]; fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/515df5d9-abad-4068-bacc-559fb76e1fb1";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@ -34,7 +43,6 @@
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true; # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s29u1u2.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

View file

@ -1,31 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./_base.nix
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ ]; boot.kernelModules = [];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = boot.loader.grub.device = "/dev/sda";
{ device = "/dev/disk/by-uuid/c48817e1-036f-49a7-adae-f63fc6c03cd5";
fsType = "ext4";
};
fileSystems."/boot" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/76CE-C65E"; device = "/dev/disk/by-uuid/a6c96ea1-1e66-4ad3-aef6-dd7131c83530";
fsType = "vfat"; fsType = "ext4";
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/eced30bd-b785-43e0-a202-cdaee7e0f4f7"; } {device = "/dev/disk/by-uuid/5408b486-62ce-45d9-bca5-b458e68ef7f4";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

View file

@ -1,17 +1,27 @@
{ config, options, lib, ... }: with lib; {
let config,
options,
lib,
...
}:
with lib; let
# get a list of interfaces # get a list of interfaces
interfaces = attrNames config.networking.interfaces; interfaces = attrNames config.networking.interfaces;
# check if an IP has been assigned # check if an IP has been assigned
has_ip = interface: (length config.networking.interfaces."${interface}".ipv4.addresses) != 0; has_ip = interface: (length config.networking.interfaces."${interface}".ipv4.addresses) != 0;
in { in {
config = { config = {
skynet.lxc = false;
assertions = [ assertions = [
{ {
assertion = lists.any has_ip interfaces; assertion = lists.any has_ip interfaces;
message = "Must have a ip address set"; message = "Must have a ip address set";
} }
{
assertion = config.networking.hostName != "nixos";
message = "Must have networking.hostName set";
}
]; ];
}; };
}
}

View file

@ -1,59 +1,58 @@
/* /*
Name: https://en.wikipedia.org/wiki/KITT Name: https://en.wikipedia.org/wiki/KITT
Why: Kitt used to have this role before (as well as email and dns) Why: Kitt used to have this role before (as well as email and dns)
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: LDAP Server Role: LDAP Server
Notes: Notes:
*/ */
{
{ pkgs, lib, nodes, ... }: config,
let pkgs,
lib,
nodes,
...
}: let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "kitt"; name = "kitt";
ip_pub = "193.1.99.74"; ip_pub = "193.1.99.74";
hostname = "${name}.skynet.ie"; hostname = "${name}.skynet.ie";
#hostname = ip_pub; host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in { in {
imports = [ imports = [
../applications/ldap/server.nix ../applications/ldap/server.nix
../applications/ldap/backend.nix
../applications/discord.nix ../applications/discord.nix
../applications/bitwarden/vaultwarden.nix
../applications/bitwarden/bitwarden_sync.nix
]; ];
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = null;
tags = [ "active-core" ]; tags = ["active-core"];
}; };
# add this server to dns services.skynet = {
skynet_dns.records = [ host = host;
{record=name; r_type="A"; value=ip_pub; server=true;} backup.enable = true;
{record=ip_pub; r_type="PTR"; value=hostname;}
];
services.skynet_backup = { # ldap setup
host = { ldap.enable = true;
ip = ip_pub; ldap_backend.enable = true;
name = name;
};
};
services.skynet_ldap = { # private member services
enable = true; discord_bot.enable = true;
host = {
ip = ip_pub;
name = name;
};
};
services.discord_bot = { # committee/admin services
enable = true; vaultwarden.enable = true;
}; };
} }

61
machines/marvin.nix Normal file
View file

@ -0,0 +1,61 @@
/*
Name: https://en.wikipedia.org/wiki/Marvin_the_Paranoid_Android
Why: Has terrible pain in all the diodes down its left side
Type: VM
Hardware: -
From: 2023
Role: For trainees.
Notes:
*/
{
pkgs,
lib,
nodes,
...
}: let
name = "marvin";
ip_pub = "193.1.99.81";
hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
groups = [
"skynet-admins-linux"
"skynet-trainees-linux"
];
groups_trusted = map (x: "@${x}") groups;
in {
imports = [
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = null;
# not deployed automatically as its a test server
tags = [];
};
# allow trainees to deploy
nix.settings.trusted-users =
[
"root"
]
++ groups_trusted;
# allow trainees access
services.skynet.ldap_client = {
groups = groups;
sudo_groups = groups;
};
services.skynet = {
host = host;
backup.enable = true;
};
}

View file

@ -1,58 +1,56 @@
/* /*
Name: https://williamgibson.fandom.com/wiki/Neuromancer_(AI) Name: https://williamgibson.fandom.com/wiki/Neuromancer_(AI)
Why: A sibling to Wintermute, stores and archives memories. Why: A sibling to Wintermute, stores and archives memories.
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: Backup Server Role: Backup Server
Notes: Notes:
*/ */
{
{ pkgs, lib, nodes, ... }: pkgs,
let lib,
nodes,
...
}: let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "neuromancer"; name = "neuromancer";
ip_pub = "193.1.99.80"; ip_pub = "193.1.99.80";
hostname = "${name}.skynet.ie"; hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in { in {
imports = [ imports = [
./hardware/_base.nix
./hardware/RM007.nix ./hardware/RM007.nix
]; ];
networking.hostName = name; networking.hostName = name;
# this has to be defined for any physical servers # this has to be defined for any physical servers
# vms are defined by teh vm host # vms are defined by teh vm host
networking.interfaces.eno1.ipv4.addresses = [ networking = {
{ defaultGateway.interface = lib.mkForce "eno1";
address = ip_pub; interfaces.eno1.ipv4.addresses = [
prefixLength = 26; {
} address = ip_pub;
]; prefixLength = 26;
}
];
};
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = null;
tags = [ "active-core" ]; tags = ["active-core"];
}; };
skynet_dns.records = [ services.skynet = {
{record=name; r_type="A"; value=ip_pub; server=true;} host = host;
{record=ip_pub; r_type="PTR"; value=hostname;} backup.server.enable = true;
];
services.skynet_backup = {
server.enable = true;
host = {
ip = ip_pub;
name = name;
};
}; };
}
}

View file

@ -1,52 +0,0 @@
/*
Name: https://en.wikipedia.org/wiki/Optimus_Prime
Why: Created to sell toys so this vm is for games
Type: VM
Hardware: -
From: 2023
Role: Game host
Notes:
*/
{ pkgs, lib, nodes, arion, ... }:
let
# name of the server, sets teh hostname and record for it
name = "optimus";
ip_pub = "193.1.99.112";
hostname = "${name}.skynet.ie";
in {
imports = [
../applications/games.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
tags = [ "active" ];
};
skynet_dns.records = [
{record=name; r_type="A"; value=ip_pub; server=true;}
{record=ip_pub; r_type="PTR"; value=hostname;}
];
services.skynet_backup = {
host = {
ip = ip_pub;
name = name;
};
};
services.skynet_games = {
enable = true;
host = {
ip = ip_pub;
name = name;
};
};
}

View file

@ -1,35 +1,33 @@
/* /*
Name: https://en.wikipedia.org/wiki/Ash_(Alien) Name: https://en.wikipedia.org/wiki/Ash_(Alien)
Why: Infilitrate into the network Why: Infilitrate into the network
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: Wireguard (VPN) Server Role: Wireguard (VPN) Server
Notes: Thius vpn is for admin use only, to give access to all the servers via ssh Notes: Thius vpn is for admin use only, to give access to all the servers via ssh
*/ */
{
{ pkgs, lib, nodes, ... }: pkgs,
let lib,
nodes,
...
}: let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "ash"; name = "ash";
ip_pub = "193.1.99.75"; ip_pub = "193.1.99.75";
ip_priv = "172.20.20.5"; ip_priv = "172.20.20.5";
# hostname = "${name}.skynet.ie"; # hostname = "${name}.skynet.ie";
hostname = ip_pub; hostname = ip_pub;
in { in {
imports = [ imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
]; ];
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = null;
}; };
# these two are to be able to add the rules for firewall and dns # these two are to be able to add the rules for firewall and dns
@ -38,7 +36,7 @@ in {
"ip daddr ${ip_pub} udp dport 51820 counter packets 0 bytes 0 accept" "ip daddr ${ip_pub} udp dport 51820 counter packets 0 bytes 0 accept"
]; ];
skynet_dns.records = { services.skynet.dns.records = {
external = [ external = [
"${name} A ${ip_pub}" "${name} A ${ip_pub}"
]; ];
@ -48,7 +46,6 @@ in {
]; ];
}; };
age.secrets.wireguard.file = ../secrets/wireguard.age; age.secrets.wireguard.file = ../secrets/wireguard.age;
networking = { networking = {
@ -74,12 +71,12 @@ in {
privateKeyFile = "/run/agenix/wireguard"; privateKeyFile = "/run/agenix/wireguard";
peers = [ peers = [
{ # silver - Brendan {
# silver - Brendan
publicKey = "46jMR/DzJ4rQCR8MBqLMwcyr2tsSII/xeCjihb6EQgQ="; publicKey = "46jMR/DzJ4rQCR8MBqLMwcyr2tsSII/xeCjihb6EQgQ=";
allowedIPs = [ "172.20.21.2/32" ]; allowedIPs = ["172.20.21.2/32"];
} }
]; ];
}; };
}; };
@ -87,5 +84,4 @@ in {
# needed to generate keys # needed to generate keys
pkgs.wireguard-tools pkgs.wireguard-tools
]; ];
} }

View file

@ -0,0 +1,45 @@
/*
Name: https://en.wikipedia.org/wiki/Optimus_Prime
Why: Created to sell toys so this vm is for games
Type: VM
Hardware: -
From: 2023
Role: Game host
Notes:
*/
{
pkgs,
lib,
nodes,
arion,
...
}: let
# name of the server, sets teh hostname and record for it
name = "optimus";
ip_pub = "193.1.99.112";
hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in {
imports = [
../applications/games.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = null;
tags = ["active"];
};
services.skynet = {
host = host;
backup.enable = true;
games.enable = true;
};
}

View file

@ -1,84 +1,46 @@
/* /*
Name: https://en.wikipedia.org/wiki/Skynet_(Terminator) Name: https://en.wikipedia.org/wiki/Skynet_(Terminator)
Why: Skynet is eternal Why: Skynet is eternal
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: Webserver and member linux box Role: Webserver and member linux box
Notes: Notes: Does not host offical sites
*/ */
{
{ pkgs, lib, nodes, inputs, ... }: pkgs,
let lib,
# name of the server, sets teh hostname and record for it nodes,
name = "skynet"; inputs,
...
}: let
name = "skynet";
# DMZ that ITD provided # DMZ that ITD provided
ip_pub = "193.1.96.165"; ip_pub = "193.1.96.165";
ip_priv = "193.1.99.79"; hostname = "${name}.skynet.ie";
hostname = "${name}.skynet.ie"; host = {
hostname_int = "${name}.int.skynet.ie"; ip = ip_pub;
name = name;
hostname = hostname;
};
in { in {
imports = [ imports = [
../applications/skynet.ie.nix ../applications/skynet_users.nix
]; ];
deployment = { deployment = {
targetHost = ip_priv; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = null;
tags = [ "active-core" ]; # this one is manually deployed
}; tags = ["active-ext"];
# it has two network devices so two
skynet_dns.records = [
#{record=name; r_type="A"; value=ip_pub; server=true;}
{record=name; r_type="A"; value=ip_priv; server=true; }
{record="ext"; r_type="A"; value=ip_pub; server=false;}
{record="${name}.int"; r_type="A"; value=ip_priv; server=true;}
{record=ip_priv; r_type="PTR"; value=hostname_int;}
];
services.skynet_backup = {
host = {
ip = ip_priv;
name = name;
};
};
# allow more than admins access
services.skynet_ldap_client = {
groups = [
"skynet-admins-linux"
"skynet-users-linux"
];
};
proxmoxLXC.manageNetwork = true;
networking.hostName = name;
networking.interfaces = {
eth0.ipv4.addresses = [
{
address = ip_priv;
prefixLength = 26;
}
];
eth1.ipv4.addresses = [
{
address = ip_pub;
prefixLength = 28;
}
];
}; };
services.skynet = { services.skynet = {
host = { host = host;
ip = ip_priv; backup.enable = true;
name = name; website_users.enable = true;
};
}; };
} }

View file

@ -1,70 +1,65 @@
/* /*
Name: https://masseffect.fandom.com/wiki/Vendetta Name: https://masseffect.fandom.com/wiki/Vendetta
Why: Vendetta held troves of important data waiting for folks to request it. Why: Vendetta held troves of important data waiting for folks to request it.
Type: Physical Type: Physical
Hardware: PowerEdge r210 Hardware: PowerEdge r210
From: 2011 (?) From: 2011 (?)
Role: DNS Server Role: DNS Server
Notes: Using the server that used to be called Earth Notes: Using the server that used to be called Earth
*/ */
{
{ pkgs, lib, nodes, ... }: pkgs,
let lib,
nodes,
...
}: let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "vendetta"; name = "vendetta";
ip_pub = "193.1.99.120"; ip_pub = "193.1.99.120";
hostname = "${name}.skynet.ie"; hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in { in {
imports = [ imports = [
./hardware/_base.nix
./hardware/RM002.nix ./hardware/RM002.nix
]; ];
networking.hostName = name;
deployment = { deployment = {
targetHost = ip_pub; targetHost = ip_pub;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = null;
tags = [ "active-dns" "dns" ]; tags = ["active-dns" "dns"];
}; };
networking = { networking = {
# needs to have an address statically assigned # needs to have an address statically assigned
interfaces = {
eno1 = {
ipv4.addresses = [
{
address = "193.1.99.120";
prefixLength = 26;
}
];
};
};
};
services.skynet_backup = { defaultGateway.interface = lib.mkForce "eno1";
host = { interfaces.eno1.ipv4.addresses = [
ip = ip_pub; {
name = name; address = "193.1.99.120";
}; prefixLength = 26;
}; }
skynet_dns = {
server = {
enable = true;
# primary dns server (ns1)
primary = true;
ip = ip_pub;
};
records = [
# vendetta IN A 193.1.99.120
{record=name; r_type="A"; value=ip_pub; server=true;}
# 120 IN PTR vendetta.skynet.ie.
{record=ip_pub; r_type="PTR"; value=hostname;}
]; ];
}; };
services.skynet = {
host = host;
backup.enable = true;
dns = {
server = {
enable = true;
# primary dns server (ns1)
primary = true;
ip = ip_pub;
};
};
};
} }

View file

@ -1,55 +1,49 @@
/* /*
Name: https://masseffect.fandom.com/wiki/Vigil Name: https://masseffect.fandom.com/wiki/Vigil
Why: Counterpart to Vendetta Why: Counterpart to Vendetta
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: DNS Server Role: DNS Server
Notes: Notes:
*/ */
{
{ pkgs, lib, nodes, ... }: pkgs,
let lib,
name = "vigil"; nodes,
ip_pub = "193.1.99.109"; ...
hostname = "${name}.skynet.ie"; }: let
name = "vigil";
ip_pub = "193.1.99.109";
hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in { in {
imports = [ imports = [
]; ];
deployment = { deployment = {
targetHost = ip_pub; targetHost = ip_pub;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = null;
tags = [ "active-dns" "dns" ]; tags = ["active-dns" "dns"];
}; };
services.skynet_backup = { services.skynet = {
host = { host = host;
ip = ip_pub; backup.enable = true;
name = name; dns = {
server = {
enable = true;
# secondary dns server (ns2)
primary = false;
ip = ip_pub;
};
}; };
}; };
skynet_dns = {
server = {
enable = true;
# secondary dns server (ns2)
primary = false;
ip = ip_pub;
};
# this server will have to have dns records
records = [
# vigil IN A 193.1.99.109
{record=name; r_type="A"; value=ip_pub; server=true;}
# 109 IN PTR vigil.skynet.ie.
{record=ip_pub; r_type="PTR"; value=hostname;}
];
};
} }

View file

@ -1,51 +1,44 @@
/* /*
Name: https://theportalwiki.com/wiki/Wheatley Name: https://theportalwiki.com/wiki/Wheatley
Why: Whereever GLaDOS is Wheatly is not too far away Why: Whereever GLaDOS is Wheatly is not too far away
Type: VM Type: VM
Hardware: - Hardware: -
From: 2023 From: 2023
Role: Gitlab Runner Role: Gitlab Runner
Notes: Notes:
*/ */
{
{ pkgs, lib, nodes, ... }: pkgs,
let lib,
nodes,
...
}: let
# name of the server, sets teh hostname and record for it # name of the server, sets teh hostname and record for it
name = "wheatly"; name = "wheatly";
ip_pub = "193.1.99.78"; ip_pub = "193.1.99.78";
hostname = "${name}.skynet.ie"; hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in { in {
imports = [ imports = [
../applications/gitlab_runner.nix ../applications/git/forgejo_runner.nix
]; ];
deployment = { deployment = {
targetHost = hostname; targetHost = hostname;
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = null;
tags = [ "active-gitlab" ]; tags = ["active-gitlab"];
}; };
services.skynet = {
skynet_dns.records = [ host = host;
{record=name; r_type="A"; value=ip_pub; server=true;} backup.enable = true;
{record=ip_pub; r_type="PTR"; value=hostname;} forgejo_runner.enable = true;
];
services.skynet_backup = {
host = {
ip = ip_pub;
name = name;
};
}; };
}
services.skynet_gitlab_runner = {
enable = true;
runner.name = "runner01";
};
}

Binary file not shown.

View file

@ -1,13 +1,19 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA 5icNZy9IB42T2Xnph6z0VGznaxiB0MHtC4yBUEOM534 -> ssh-ed25519 V1pwNA d/AgQuQidsB5+UMBxg3/YIA/4EVMF9+BeZrEMzgU52Y
avacsmljAR4DA0pdHq42o2YunyLweTjaX91QiuO7/0U gPmTDd4oeIwwJ5ZdnWp/s6cEupsYPY08TBvmL5fe3NE
-> ssh-ed25519 rIwlvw r7IUmFs46NLNgITxj2hNMv2neldFI/OXlzpQOOZ/XD0 -> ssh-ed25519 4PzZog iR02KGER5WMrs4djPPpMRc3v5qN5FpcpjTkB+O4GyV0
MkBLRr4uXWXW/xTo0EtkX2y5nbSwEfc6ChkaiIu8VoM ibvzSePq1ruF03QBsHRr40VCZ6ZcnWjvcJzybB5vt4g
-> ssh-ed25519 q8eJgg jetnUDWCkX8P4fcvb3hA12TJolDKO2ZqcdmxUmx5myA -> ssh-ed25519 dA0vRg pVsTTA9yknN8gl6K/CkY/HnUc8eW1F/pSqXq/Upq3SE
Ru2q2Y8+iIe7imaXeb9MTZyOoCv4P45SNgxGGxQlVRI 3ymQH0jBAk9ktwBUvth8G9ZdDzr9Ozqi9YNVB8fyvGE
-> ssh-ed25519 mKj+iw wwsRXk+Wn3u+y+b/b3Fg6hSmJiV38tmYgRJqsStMnU0 -> ssh-ed25519 5Nd93w fSPTiW3c4va0F5IYoFF+QoN4u1tFGRBrMO9lypICiXo
avS7XgN/GYVi+2pjNTG+CZOLcKo+cPpCEPCVZV3DHF4 8MgZPPUXJGGOdmGknXhaV0xgJl76dg9B1e5r0Ud/iW8
-> '$-grease y' -> ssh-ed25519 q8eJgg UFiK3B6YB3YR8fVOWOPLlpGuo5pWpK6b7zteIngC2Cc
VGZ3E4+qHDVztqvY45Bo65M K+e9B1V7AdimOMdy7YCJ7tJnHsHoQChAmWmOJDIdwMU
--- u6b8TLW9fI2nKMvP1HCIRk8vIHWLrY3U1K8wse/s72s -> ssh-ed25519 KVr8rw FeMibaL1ITDNByDL26VRXVz6d2FP13SpKoN87RgTYDo
üvÌTK&|lÿ4.àóo C§&ñ£0̤Úì¹ÀúIƈúûïöwÚ<77>^–„ sªÚ÷„H=<3D>­3Ã|E-C˜óøÌo×Ó×þCÂõ8Mç¸pø 6Ùk oM e0LPmpAe9wRRvgKTYq96Qk+WiUhfixiatuWPPi72Nlk
-> ssh-ed25519 fia1eQ i5+7lIZDOm48wywy6CRMOLVhHWnmV71WM0QLSbyhqV4
S5nAEPHEmAn3AGxN04FpVKwVHrWtZS2s/dPeVv4ryCE
-> ssh-ed25519 3pl/Kw Mhc4y4szabQQaeBWtZ7mVdDnZYRwtninrBhcyHoUm24
lQpLgpgU0ak9WDQIJxd5Yz/DUe14szLvsUGxAil+5dk
--- eUzkrzEEXETs3FXa2YqSW4yqQiRLFC8Umr1D+Bq334c
ڙءm“ }ïÁý9Ž.û”I^éY%Kcö¨SšÒÈ®¤hVó„Á{þ7Z'i ¸<¡Z#s<E28093>íÆ<C3AD>šs. Þ<>„zÒIW=†WÀuþ±ÚàX

Binary file not shown.

19
secrets/bitwarden/id.age Normal file
View file

@ -0,0 +1,19 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA xqavLiNuEoc7Gn7MchvoSEC2RrsFDrf9MEGFYVf5vEs
ZwOkERtRi8yxlZ6sUl+mzJ+YFw/h82vV0WzhRjQOTo0
-> ssh-ed25519 4PzZog eiC4yLeOytE1jTUaQDOxtVHsM2jJAvGLrI75XJXRCSA
HJg+GqSKlXld1uB2WPTM28XEygsm3+4iObC7SCMWl8c
-> ssh-ed25519 dA0vRg rStUstoZRf0i7Ot/0Gn6zd1cQMQjDlLQ8ScEIM3XMXE
PR2UGWuO5VOBVee3bndRxipU/m2ZRXMo0HQkX8pvTyk
-> ssh-ed25519 5Nd93w hn5Oo+ZoIG+UwAb/DUUJmkDcey35fG5WDBgbe494T2s
TxUgeQb8UdxlowGV1/j2Tr7DTNqc6d56NGaFGZfeidQ
-> ssh-ed25519 q8eJgg vcWProg0hXGuIRVWXpFSzyS4Ei4YHSdq17A08avwCmI
4iKGWyyGfCKEliEa/9r8y+D5LsyLglFvcUeXyzO+FCg
-> ssh-ed25519 KVr8rw 2kNscJDgyfKH6WrfSKWnX5dgRM0Kk7FztGhoJ89VUWw
/biNgciz7/fDOyY6GfwEI57ESdUyRwmKaI4OG5pJs20
-> ssh-ed25519 fia1eQ lv06SnwwoBlmG4AVAeNpeIFgISkt6FktNuRq+P0eJgs
VX8O0FYWrEyBVR13t8AkvIq1VpwFdkMX+wBUQHBzXPI
-> ssh-ed25519 IzAMqA b0DnkDgWeERguN/u9wgiBB1sbxHaMXmMZdPOJ14/UDg
tmKw26Fs6iKbVq7BBK60UoQSjykp4BzLW59/ZbbD0hw
--- rR+hloCeC8YmoV34TBL7hLk/4CSfmYKwtAbmtUjHvKE
<EFBFBD>7ü¶RHSIΔC# ‡Ä/ù:öH•ôImId÷ëójkõlàa˜Ñlõb\ƒL¶ ²¬6Ø¥†/ôPÜ¢+cº÷U‰MÅ Yt©

View file

@ -0,0 +1,19 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA LbYb1XP9bLe1lcsAfGwPkK2/r2+TnkkEgfS9fi1YKRo
Z20C/zQluu+Qanf4d9GSj4pLirCyqJpa60H9hodMt5k
-> ssh-ed25519 4PzZog IFlhg/gbQpiMugcQZUHwfAnSvhxCwW67XmfSNmYOSQE
nOp4xPFMvIhUH9OUVz8B3L8GI+Um2egjHV0FgmdNwwM
-> ssh-ed25519 dA0vRg OAmV1KiprjoIgOPHCYcme2uLiU1xEdohTWA5CiN0yG8
4/LHk5LCGrpMISvpjfo7QuhnRrE3ycFGwGTQ1i6VaZE
-> ssh-ed25519 5Nd93w jv27aiNze8Nxp2ohY7NIRtZv5lBxAdKYGWdqWD12zU0
E5Rk0r8To4B39UsaZavEkAZlIPiaXswsShMgsyNPMoY
-> ssh-ed25519 q8eJgg /o798N6b1KlQfMM9gQf48TF9V7nXORxW4SOpcpYCuhI
RVYXWwZLFL6ZUjGbmXBzEj0+Pe2wpZFPIj5yH9kRIwY
-> ssh-ed25519 KVr8rw +N2w/8vvD7/uG3TMYb+9vml/vZhLkoS+03KEDlQWNhs
Hne+3S6vVc5Sx7QJ+OCrPCt4s5usZ7B7WwusnFQLmSo
-> ssh-ed25519 fia1eQ PJYYKfL1GolRt90KC52dvUyZ/HjWRJm9vMTjBvrCOkQ
Xc7SpT5TZLTOORLO3uE8tPXKx7thUwaJi3ixngLRljM
-> ssh-ed25519 IzAMqA AtoNahZ3dTQasdfP3wf7U1RJyx//Kt82e1TMSIkW6QA
neLAeCvnsl4RDq2H1slZJ+5i3JErqy4aRGoscpRUi/0
--- W8B6kla08fEkl4Kpp+0eAHj7B1j3WYCDcuwJvAIEW58
)8ýG(ž¶ ìò<C3AC><C3B2>žÛær_št¤Ö©zµ¥|>¢od…ð×ù6µø*0j»…r´ñTü«\*v^#

Binary file not shown.

Binary file not shown.

View file

@ -1,27 +1,49 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA 8GOIUD9Kw0Rgk9f0y4X/DAU1CJkIElC+ncXKTZqiI0M -> ssh-ed25519 V1pwNA 5xvtgxFvEOX/bVAOdBBF2Fyb0euGt95YjhOcfpGgHk4
fUaEgN+etR6cCO9RZYlS39sIL+3HoN4vbrNx3frV2MQ 6oN4Xba0W5g/d3EX2aC4N6UFVf/oHGgdTxBcMbjIdHo
-> ssh-ed25519 rIwlvw oRJq+SnMgO14Vn9mas+cA7PxRsCTCH7nN1R1UnteXGQ -> ssh-ed25519 4PzZog SjAcOftaZBEAAZ/P+Z9OTira4/QLSMRefC+JkQcf0G8
id5gxG2xpSMFRtv0fuW/4gqYzNVWMnUnZQrHywO0cSo zG0R3/r+PBjWj7WBABmHPXpqx18uLyuFMJKB2az9i2E
-> ssh-ed25519 q8eJgg 3YWRSNOeGqbxfZ5j41DHCjnnH1o7KLZpOZmPgiDTmBE -> ssh-ed25519 dA0vRg k8fekPA7w/QFMVnDfCrpOlfv531/nw9tO7B0d+mWHiA
HFL0tvUPf7ZPgH2e4KOXjQIhDsfU5h1Y/SjCGvnSvU8 jp+DndebWEdk9+wt/nvS0LfRsFf8T7+dMffWmx3tPw8
-> ssh-ed25519 XSrA6w y8Gqm8ATfOiWaafVP4a0Ah+KwXZFa767gw79UpFvyFo -> ssh-ed25519 5Nd93w dYe/tZ5qHoacI1IBa7yvDL/grZU7Lc40gU8boQY8Wj0
fGmxf6g/VN/A+fzy+eSkk+H+0nBRPwot1Vev5AU+Otc eBs8fYre18RGW8+RH4J4AleG3kNpCZ0agAfcojSCy2Y
-> ssh-ed25519 DVzSig 9oSFqSbP8NIve7/Li5MO0qoXY/j0mz1LoIi22nzNTmU -> ssh-ed25519 q8eJgg 9UZdBq2oZ29U/kzeNOGn+q8RbkLbJwM0eSJHqSLV6Ek
btg877VtFr/q6rq7KXVRoCIrZig4qYR8CaUCBKEhfWQ vqa610t5XxHiKBSf7veOc09ZFYW7EF1KpIbCpdCsegw
-> ssh-ed25519 SqDBmA PdB0Fa4Lv4tQn2Cw9ClOHRrCNR3igGsSVdMnunDmGBs -> ssh-ed25519 KVr8rw 1CkykLAC3c615TDRlOeI4GHmqu0VT2kclWkr+DT9dSM
7dW8yReE/Ti/9x6OE9xfP5jkm2QLV66lm/kG91AqE0k 0MyPNEmkHICQZxpKt0jBZpce13c+jn4WC7IJL4uWZHo
-> ssh-ed25519 IzAMqA yLOTmqlrQ5VB6gCIjfvkCbuejVDRWCGPsJklZExfdnM -> ssh-ed25519 fia1eQ OtFYStmc1y+yqYNaNgHxEheIIVykYAa/uR0dKS4xX3Y
5E4F45VkETQqQWT9cJx4Owl9QxqbfliU4JtV6gj9C3s c2HYDyrD6Db3FNLP8tebLngtS2S8LHsmHovbofsUk3U
-> ssh-ed25519 uZzB3g F0KPMYgCSJMgbh4DBewNHsfT8HtpF/eaces8AV/quF0 -> ssh-ed25519 /Gb5gQ rAc4CqbqdkIAFystL0rLqGNH56GrKxOBamqhiIFAY3c
32i2UGD2jRrba5oz9jO2P8uSstTi+FrdTreJh0wyv8c RR+NsZe0HQdQv6SgeIqy9IcIChXdvrsspNDBngW6Byw
-> ssh-ed25519 Hb0ipQ MhOrRdOrE3HF1wlvea6jgcF2H+EvFy0VpwP2UcfA32k -> ssh-ed25519 NtlN/A 93citgkp9Aj1LDK5UdzJqYVVYaWgt/Cc6yMJka+ccyY
JpOvrHJaqP75uzEGuhbuAYrhaQ3mtoZmz1wf5KpfI0Q KTcyd/SygOLp4mPI1zGDTKCNT7LfVUw12Bw/qnTnMpE
-> ssh-ed25519 uZzB3g 2Hv1za/ZTu/pL4F6ER0Q7nOEjfbbtTEyUM5wm/L0lCk -> ssh-ed25519 v2Y09A +fWNE2zU+lz5KGu2Ed2MHb9UXzJPUAUuBWilF/AS1Qo
Fl7UfjUzkPEngUIq700EENUHdsU1cZBwGQVuaBOzl6M UVJWnAjRcD7X6iA/heoWdZTcsUS+1VMG5leIHxWZGNA
-> qY.@U-grease J -> ssh-ed25519 XSrA6w fft3i85PNprS9QqQo2yKr3lx3qHuSVFeVYuT5Gtfyng
zK/SyCeVwFefcB2JLa2au8egE7eHU8oEKKY54WUYfx3oSQqYdZdMTxMjY+97+lYj lNOo2jQXvaMElQawI9x8vnQN5bnnNefEyYXD3YqwOwM
yjGCjir8pM4IQWDC -> ssh-ed25519 DVzSig a5q+imjqWqTzyM3aU+UvvGv3wH3RLTPl+kva+qVSSFs
--- xxKgKXQD88mrgIvmzV50SZw3xDKwEvRkQdaW14FdWOM Pobzi/5ZVyfGhVK4cMqvMqaAol9X4+P3hEaUeHdiacY
(V”xí<C3AD>§†þ¿pj<08>Ý͆Fj0¢\'¹,Aæíößaë(ùâON€_<16>†e5Ì¿Tq<>§\JªÙGTÀò¦³ãâNá>»dDÝ¢-Ì®t0Öü$—Xò³×ê¢ywØÕnü¶S„•¬¹Y§ù¬:Ôƒ‚>‰î<`·¨‘zÎ(¶äW#†ùo÷a»Yú M(oÅ<¥Ή¿\®M¬|Vœp¥·Â'zÒçXê÷ -> ssh-ed25519 uZzB3g B1D2S87+yPr66EikAqLw7s5pazfQeQUxAj4FFnk0nAE
ý54f³þ©·Òò=Í¢D]M .L$í“<cD@ 3lEw0t99aSGqkZdi+ILl3+s+JWRKpY4BHLXdrHfFxng
-> ssh-ed25519 CqOTGQ urZpNzMYvDnGR1UgjgrRYp06gKWcTEWUDjyb4fdDTD0
7jeFeoMBitwGFQLSynYVyIYsEhHe7A8mdl65goiX5c8
-> ssh-ed25519 IzAMqA QmtcH5afcef4NMRX4AMrUHW1tCPGOlJ+gIhhDFkUCSY
I4Yg8vgoYGcsV43qq04+nrhzMJ20eaQjOD4EJM0z2xw
-> ssh-ed25519 Hb0ipQ CO7nQSSKrmkQ/C6DuJxesIMJmm99eQytLzJ+3/Q38AI
/kBnqeivoQLMaAA7nX0t4/UAvcOIchEu9bJWxIuUOV0
-> ssh-ed25519 3pl/Kw qUD++i8FGbEAuqa+/v6f664tlVTwHGYF3AmTo0cuZyA
vjImiKQm0SHiuO7jZTKRg/3MKzDExfE+p9ZT2nHZr4M
-> ssh-ed25519 SqDBmA BGwTqAeEptBFRbwwVkHZWX+OKQpALqrPvA2+Cl356D4
Gg69WAtr+AAfYT1G+WcTSIlCbNqS5DyxsZw81DaBSkk
-> ssh-ed25519 UE6fcQ 4JZzLWThfgJQSNDDtDp8ayM7N9o5tQ6PVwKMj28inC8
RyEWRmMbuXezYZntsTdVIbjy/YEbrflqMpirdg08UVQ
-> ssh-ed25519 YFaxCg LTsikBkuBwOuc2qrnTAMVtRawZyBosZScefH8qWIqzQ
aLiVK7XFI8iDRTCGH2yJnUpydjTp7NF1Ygok6D2Fo44
-> ssh-ed25519 elCEeg TKQKeAvY3kn5IuvHoS0SWtX647nEn1txDftt7pPQEG8
OPAFqPGdSS3Ud+gFtMXG0shrXSmVrIBzvwc19Ac1NJQ
-> ssh-ed25519 8vZ9CQ NGLF9epPqcfbQWcbtMeYIcH0jAZMvO4P7UbKtl8lGRY
ZJ5afGOI32OYBpWs6pe15z2IB+5xgO04/OsKp6ixT5o
-> ssh-ed25519 rmrvjw tfgMxvtTE2vv2qQJtQk1J+YV2UC/2iZSs0nvbVzV1Hc
HW86DML/9MXoTs0WWn/zNi4Rh9SBhaHl2WC2bkiLbmw
--- Q4amxZgWmdHcf7aqav2TpKA8KX8B8ZHuBhzIcKwbFTs
E¾ã™r<0F><\Å?ë @î}ËkRÕ(ƒù­;È^3PÐJäO“ãSÜØ â`¶¦ sb?9ø¢¯Âÿx$ñû/<2F>ø~4ÊF v_¨þp4{5 GZ²f"<<3C>x×"q‹ºbj¯:cTuWå>BͶ'<27>ã)/¥×]«ôÁÈëöà•wžÉK%þo B*&Þ׫{\ZŒ•pë£KöŒƒ³Î¯k}Ïåíß Ô}P=Œ¸û·?<õ¬ºyB…‡sbŠ„<C5A0>ÿѪ%â$¢#"

Binary file not shown.

BIN
secrets/email/details.age Normal file

Binary file not shown.

Binary file not shown.

View file

@ -0,0 +1,19 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA 8acWnck16a9QK194orAzlQgQKINum/cyUzJqO6i0rkg
In2UpSbBR6QoTMTZR/GpZJN3x+5CK3hZcEvr5fORoOI
-> ssh-ed25519 4PzZog /YeuXUmWrWFohgOSEmUygaTax668bLZpYO2T7KXl8n8
mgnBBIsPycR6RMhLk4HQei5xQLzVHiBHaooOzZdb4YA
-> ssh-ed25519 dA0vRg DidrxIBYvAfPkwNzQXy2+f6inafUafoX8cfUChA7l2Q
/wfxyJAyrQ3Uycxwov+0b9pKKOxPP9mySRK5g4BzMnY
-> ssh-ed25519 5Nd93w i+oP7x/eHY/Roj4mdpOFHrBe5rxUL7/4617F4O3jPh8
yTVD0dR3ljoUSv1qyuKcOvr1fMRm9C8YAZKKjURtCPk
-> ssh-ed25519 q8eJgg Y0yxgrLm9/E8nYBg6Yvd0GPbY7PwCJCumQ9CtgWFxxo
9BfGPSP7pTTM8Dm9qXagKaw95hbqvvp7qsFkhQgQco4
-> ssh-ed25519 KVr8rw pXha2ebkoIFX9dMX3uRz+0rcbwcQ1mwPnLWp/wCzx10
BQQ77pXJl75c6myecmKlEpqHtWB/rSdG6Pwpbxzcfbk
-> ssh-ed25519 fia1eQ gCgas1CqGNZ7n09J7iXOvh2xeGgoszn36ABZwiskBBw
3a7WMN9aB6ZvwFyP98At9V9K99hD1vkvSJgnY16/JKY
-> ssh-ed25519 CqOTGQ DU1oon3RPo4MCdzigrM2+b3KnTzzTSG/WDSvtBaF1VE
zwKaQnXT004dMojYFXPz9UERL4ULe7mPZ+vwlZMxFvY
--- FWICxx8MWe7awI8P5t0XsbA4Ye0zbxCdMbapTs325HI
wûùÿŒ­-”¥d!Ñ×=gŸ&ÜžH¬©ó?÷IçÛÚᕪªêÏ<C3AA>Ò¢Ù„öLÒLË-<08>Ù¸ÏñU¿? )ûVýJæb®éÄÎC

View file

@ -1,15 +1,19 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA TjC5DbimRqNNh0UQsk2YMgxoVZOQkWsNB10TmlPZLUM -> ssh-ed25519 V1pwNA To9tGfYsutlmjqXZbFJ+TttdFAnbwY9odSMEOvItmgw
H2H0Jpztcbn15L1Ff1teeWgZaoeKszVWG2GJKkBFuWA Q8cWN1VF4bVisWVMOEA6IXqhe2JzPl/9M9UUXWWV0Bc
-> ssh-ed25519 rIwlvw 9wk9lmhZBsiM5ifMGxlo+8YAKy325ru7u/MZA6gEzng -> ssh-ed25519 4PzZog e3OTx6aEjhNCwyiysZkbwSC8ecVvVaVNfZV/3iNpZCE
cAZ0/OqScj9x6vt4gvsrtqi36iIbT+n+iTySssKh3Fg o8jHkyg0lptJh2Iew9ZtVi3AUOSAtmDzBIz2nE4mj8k
-> ssh-ed25519 q8eJgg Jn7hc5D6m/P7qxdpfQ2hRKKQPchrwtKhV6crxW05RTs -> ssh-ed25519 dA0vRg 7smMdyMEq1stuvSBUsBZXJoeap4Aru6AsljjFPPpfiM
jM16eEteWG2ezgVnBB5t5JrhwnsAKr4cz8srqiWKzR8 Ip5qA83bAGtYIeqv1w0yo5obRh+FWYJICgOU5+JoeYQ
-> ssh-ed25519 uZzB3g qC7Mr+9evdjoSka/x5criNYkuha4SuAp/yrCK6dcUWQ -> ssh-ed25519 5Nd93w z16A2vTVGdxgKmgHoSySJ9K8cwrQglflrWDhBvZ7ME0
JPHRq5iV9aP2/tBPAuq8wI3eQN2JHH6jNZfK2Fckshk ILd92pWzyVGnTOXwovlZ3EX7LsFX06hqedW7Ov2CYII
-> ):,9TlwC-grease d?Jj?5>< -> ssh-ed25519 q8eJgg Rf7U0SdZsP4NEgiDl8Z99tCoOkIwrrl5s0aYpXOG6yQ
I0u2aN62wlBng0jlPPGRwXz5zJbcxW7PLOwHkRkLuHcNNtimd5QpRcr984eBa2hD tg+Y2WHuokaCVI4CCxuv9UW3GIa8CMuX0JJEWTTkwjU
HF7n -> ssh-ed25519 KVr8rw YUN5VlTaxW7Niwtm9+FTGOILOklbEGL5EVw1BucGvXA
--- 09T0lHOZiky+5dFYWvhtP6iEHrhHaub8bymCKwzOJmY zXYcis5ANsDGPeFoV1aRzTJiOQY2P1ZLHsJDkE9RFT4
`–„¯Äú÷>Äb_x…+{®1ÌìÙd%g5li ]yû½ÜŠ­!$ºh6AGäïn ¨3¸SwNLRõ1Çòí¾LЊt -> ssh-ed25519 fia1eQ TnSlOXGQ0BuVk25Yj9YpWWtYmonlM5h+uC9hUq3MM3E
q]A arÇÈŽD¦Ôד;MnæÔï§k þ41Wþ¤ÜØŸ•ÖŒc2YÇwoî>}Õ7PW(Ç)M„WʺMʯ€l³s< )øÒE{$jÄ] 8KrW7R5AgumY9wLVQyUmKlHD3zcUNIc+VU/X+vvY2LY
-> ssh-ed25519 uZzB3g 9ms4lu4KjQED/2AHQwr9oLd/6ws01IxuK7Z05CY6N3U
H/4AnWwt5fnZMvWjmXdoe/Os5ttJFYsMmjaHHqBdAxo
--- zI2RSKtND2Ep69vshrRkM1KOiReF/m5vdY4jIH7NSvA
ûì‹ën൷ÞÒÜ I¯ ü$¨¬Í<C2AC>P…Uó¯"ÕκZX„ñN<C3B1>nNg<19>† àú¶dP}¥GZ?< /—!«÷c „=  üïhnZ`ß0²Âˆª1•nl±Üç»vÄÕfw<66>ÄjÓE@2<>1{ßù…ÐúEØØg“|èñQ\2Ðóe¹~ÇšÁ=Ó¬¾]fdRnó¶á¸

View file

@ -1,14 +1,19 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA D1opPiqtt5raCD0PE2+On/Zgw+lavSHgYKbtJF+1xhc -> ssh-ed25519 V1pwNA aYjPUkjZHoQm86XHx3VbGswLy6VdKNaaHe3f3CGa1ls
jIN+eavLzY3UB8qCBWOOr/r6IZX1MZ0RTlKfJTtSbcE HMuWoZj4tY/nWj1nrgOxob1hJJD/mPD3kQnDgJJafeI
-> ssh-ed25519 rIwlvw z1zGn7NX5x9n75SM8oXOkvRwoAwyCXvzqZhWMXOGImE -> ssh-ed25519 4PzZog GojGaXIg5RK7WjJSCZxJksXvsm9TZTlbHITuksMivBY
NWsqkm+nDv2dQDCnhfaWpKaBaF9nrQA5PKFl3FthtI8 4oAuKXtJ4ksvusFX3OM3VpdzfArrglxJTN8kCdhIjrU
-> ssh-ed25519 q8eJgg icVubOVJOSB3Wd7vnvEShwy7CsAMJchY/vuIMt0+p2E -> ssh-ed25519 dA0vRg AzGx90D7iz93gHtSvV5oIbBkwgQEpVY7DTRQIZ16IiQ
OBz5wsfT3STCzzgmBgPdSQWr+xc91Dfo+ulleLK9l1k GlMsor4NxuhHs1HJg62O3ZtPF6CHHFc46din6fm89G8
-> ssh-ed25519 uZzB3g gkyX8KZKJ6NL4OpsxKVKVK37ikAp9yAGxUjd0iLWzXQ -> ssh-ed25519 5Nd93w oAyaZjUSGC9moA7pLR4+dzoKAggFuKUNMnRbn/fm2FQ
Nuk8JFO6wrjmDKiLnDaqBqW+AY7+DHYLSeV9gf5H5Aw eHa/2iLWrqv/pPXjgfxtk68MgBX6EYW1YWfs1kXkazU
-> V8-grease #% :0txQ > -> ssh-ed25519 q8eJgg xBdXNLjZqKi2o+cbCXGdOOSFnlfPgaxjQb+IK60MYHw
CP/AZC0nCj41Lly+GryRa2gmYFG8lsY30DtG7NgqY6AVj0bVHbwwOzx9oGA3xtu1 dxV3kTuaJ1ANFgRaYchwAa0kjGZHZ3POc/Wrw/per+w
+KsWhWAcvxc -> ssh-ed25519 KVr8rw TR3AjhWy5K1ntzMx3mZZZWGYi7EvcWiFpTHyU/+pV3Q
--- LL4fxXc9VX5VeGj5epHEIkLmpab/t7x8YMyNgkYsFLQ Y/xu0hrhaFZdO9YY8vINp3796HZ+LAL+QvBmIWmoS7A
Õbëïþ^NX¶q½•ÿƒ´8 Ï*:Ñ¥Ë QYb£Ï~ %¨ñc?ÓbÏ[1EŒÐHå؈ÈCÞÈÿö}+œ0~avž Pîrj#”KP<>Å÷‘®; PÉ13±°íˆƒ¯´_mÒ=L­ù#dµr†*vúp"ßÕ8Ûë<<3C>]—thî,D•¿¸ ‡Ø[`á-ˆ -> ssh-ed25519 fia1eQ zF6CArF4sVXzIRenfDq7WHz06WXFdo7vMgD15NI/sR4
m3sGJNMtAeY/yIq+D2nNncGNxX+KKXt0wCO1WMZmSTI
-> ssh-ed25519 uZzB3g pTocgT3gT7VHD7BWt+rGRIqUZYuh2G+1VeTJxyb7Xxs
q5UYfrUVbgaqJCxWKegc0q0PvPR6AZ7AlI5ff4ePfjM
--- 9KS9xFBleYVsxyktikZ+TX9++1wqXmDBZxU3g7vwwLU
<{r<>U/˜½Œ°ßR¦*°Jd)¥<>“»,#ø9ns!LsÈW#_ÙwÒ<77> ¤äÃéÐMÃM‰Ãýð8sÏØ]ß•üƒ—8ð3ˆ¤7@·YNØçXlÿ¸æÜåº š¾Il^0p"aºMf«¬çG SÂdBŸ/»sêéÌ×,¡4!ãÌ<C3A3>rPÖ¢Ñ-Cáòky<H˜ƒÆ ÞZì'

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show more