/* Name: https://en.wikipedia.org/wiki/Skynet_(Terminator) Why: Skynet is eternal Type: VM Hardware: - From: 2023 Role: Webserver and member linux box Notes: */ { pkgs, lib, nodes, inputs, ... }: let # name of the server, sets teh hostname and record for it name = "skynet"; # DMZ that ITD provided ip_pub = "193.1.96.165"; ip_priv = "193.1.99.79"; hostname = "${name}.skynet.ie"; hostname_int = "${name}.int.skynet.ie"; in { imports = [ ../applications/skynet.ie.nix ]; deployment = { targetHost = ip_priv; targetPort = 22; targetUser = "root"; tags = [ "active-core" ]; }; # it has two network devices so two skynet_dns.records = [ #{record=name; r_type="A"; value=ip_pub; server=true;} {record=name; r_type="A"; value=ip_priv; server=true; } {record="ext"; r_type="A"; value=ip_pub; server=false;} {record="${name}.int"; r_type="A"; value=ip_priv; server=true;} {record=ip_priv; r_type="PTR"; value=hostname_int;} ]; services.skynet_backup = { host = { ip = ip_priv; name = name; }; }; # allow more than admins access services.skynet_ldap_client = { groups = [ "skynet-admins-linux" "skynet-users-linux" ]; }; proxmoxLXC.manageNetwork = true; networking.hostName = name; networking.interfaces = { eth0.ipv4.addresses = [ { address = ip_priv; prefixLength = 26; } ]; eth1.ipv4.addresses = [ { address = ip_pub; prefixLength = 28; } ]; }; services.skynet = { host = { ip = ip_priv; name = name; }; }; # from https://discourse.nixos.org/t/second-default-gateway/22220/5 and https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System networking = { iproute2 = { enable = true; rttablesExtraConfig = ''1 rt2''; }; }; systemd.services.secondGateway = { description = "External route."; path = [pkgs.bash pkgs.iproute]; script = '' ip route add 193.1.96.160/28 dev eth1 src 193.1.96.165 table rt2 ip route add default via 193.1.96.161 dev eth1 table rt2 ip rule add from 193.1.96.165/28 table rt2 ip rule add to 193.1.96.165/28 table rt2 ''; serviceConfig = { Type= "oneshot"; User = "root"; Restart = "no"; }; }; }