/* Name: https://en.wikipedia.org/wiki/Skynet_(Terminator) Why: Skynet is eternal Type: VM Hardware: - From: 2023 Role: Webserver and member linux box Notes: */ { pkgs, lib, nodes, inputs, ... }: let # name of the server, sets teh hostname and record for it name = "skynet"; # DMZ that ITD provided ip_pub = "193.1.96.165"; ip_priv = "193.1.99.79"; hostname = "${name}.skynet.ie"; hostname_int = "${name}.int.skynet.ie"; in { imports = [ ../applications/acme.nix ]; deployment = { targetHost = ip_priv; targetPort = 22; targetUser = "root"; tags = [ "active" ]; }; # it has two network devices so two skynet_dns.records = [ {record=name; r_type="A"; value=ip_pub; server=true;} {record="${name}.int"; r_type="A"; value=ip_priv; server=true;} # change to pub later {record="@"; r_type="A"; value=ip_priv;} {record=ip_pub; r_type="PTR"; value=hostname;} {record=ip_priv; r_type="PTR"; value=hostname_int;} ]; services.skynet_backup = { host = { ip = ip_pub; name = name; }; }; # allow more than admins access services.skynet_ldap_client = { groups = [ "skynet-admins-linux" "skynet-users-linux" ]; }; proxmoxLXC.manageNetwork = true; networking.hostName = name; networking.interfaces.eth0.ipv4.addresses = [ { address = ip_priv; prefixLength = 26; } ]; networking.firewall.allowedTCPPorts = [80 443]; services.httpd = { enable = true; group = "acme"; virtualHosts = { # main site "skynet.ie" = { forceSSL = true; useACMEHost = "skynet"; documentRoot = "${inputs.skynet_website.defaultPackage."x86_64-linux"}"; # skynet.ie/~username enableUserDir = true; }; }; }; }