nixos/machines/agentjones.nix

100 lines
2.1 KiB
Nix

/*
Name: https://matrix.fandom.com/wiki/Agent_Jones
Type: Physical
Hardware: PowerEdge r210
From: 2011 (?)
Role: Firewall
Notes: Used to have Agent Smith as a partner but it died (Ironically)
*/
{ pkgs, lib, nodes, ... }:
let
# name of the server, sets teh hostname and record for it
name = "agentjones";
ip_pub = "193.1.99.72";
ip_priv = "172.20.20.1";
# hostname = "${name}.skynet.ie";
hostname = ip_priv;
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
skynet_dns.records = {
external = [
"${name} A ${ip_pub}"
];
cname = [];
};
# this has to be defined for any physical servers
# vms are defined by teh vm host
networking.interfaces = {
en01 = {
ipv4.routes = [
{
address = "${ip_pub}";
prefixLength = 32;
# ITD skynet router
via = "193.1.99.65/32";
}
];
};
en02 = {
useDHCP = false;
ipv4.addresses = [
{
address = "${ip_priv}";
prefixLength = 32;
}
];
};
};
# this server is teh firewall
skynet_firewall = {
# always good to know oneself
own = {
ip = ip_pub;
ports = {
tcp = [
# ssh in
22
];
udp = [];
};
};
enable = true;
# gonna have to get all the
forward = builtins.concatLists (
# using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
lib.attrsets.mapAttrsToList (key: value:
# make sure that anything running this firewall dosent count (recursion otherewise)
# firewall may want to open ports in itself but can deal with that later
if builtins.hasAttr "skynet_firewall" value.config
then (
if value.config.skynet_firewall.enable
then []
else value.config.skynet_firewall.forward
)
else []
) nodes
);
};
}