From 9c92e1274226db40d5e219d13bdb60370e78d1f8 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sat, 25 Sep 2021 20:51:24 +0000 Subject: [PATCH] bvm-radius: start serving as205479.net webpage --- ops/nixos/bvm-radius/default.nix | 10 +++-- ops/nixos/lib/as205479-web.nix | 21 ++++++++++ ops/nixos/lib/coredns/zones/db.as205479.net | 7 +++- web/as205479/eduroam/index.html | 19 +++++++++ web/as205479/eduroam/logo.png | Bin 0 -> 1556 bytes web/as205479/index.html | 16 ++++++++ web/as205479/style.css | 41 ++++++++++++++++++++ web/default.nix | 15 ++++++- 8 files changed, 124 insertions(+), 5 deletions(-) create mode 100644 ops/nixos/lib/as205479-web.nix create mode 100644 web/as205479/eduroam/index.html create mode 100644 web/as205479/eduroam/logo.png create mode 100644 web/as205479/index.html create mode 100644 web/as205479/style.css diff --git a/ops/nixos/bvm-radius/default.nix b/ops/nixos/bvm-radius/default.nix index fcc007a78a..e8de9a61b3 100644 --- a/ops/nixos/bvm-radius/default.nix +++ b/ops/nixos/bvm-radius/default.nix @@ -8,6 +8,7 @@ let in { imports = [ ../lib/bvm.nix + ../lib/as205479-web.nix ./radius.nix ]; @@ -28,6 +29,8 @@ in { defaultGateway6 = { address = "2a09:a441::1"; interface = "enp2s0"; }; firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 443 ]; extraCommands = '' # Allow JANET inbound RADIUS traffic. # roaming0.ja.net @@ -52,12 +55,13 @@ in { acceptTerms = true; email = "letsencrypt@lukegb.com"; certs."as205479.net" = { + extraDomainNames = [ "www.as205479.net" ]; dnsProvider = "gcloud"; credentialsFile = secrets.gcpDNSCredentials; dnsPropagationCheck = false; - #postRun = '' - # systemctl restart freeradius - #''; + postRun = '' + systemctl restart freeradius + ''; }; }; diff --git a/ops/nixos/lib/as205479-web.nix b/ops/nixos/lib/as205479-web.nix new file mode 100644 index 0000000000..9ebd5bb339 --- /dev/null +++ b/ops/nixos/lib/as205479-web.nix @@ -0,0 +1,21 @@ +{ config, depot, lib, ... }: + +{ + security.acme = { + acceptTerms = true; + email = lib.mkDefault "letsencrypt@lukegb.com"; + certs."as205479.net" = { + dnsProvider = "gcloud"; + credentialsFile = depot.ops.secrets.gcpDNSCredentials; + dnsPropagationCheck = false; + }; + }; + services.nginx = { + enable = lib.mkDefault true; + virtualHosts."as205479.net" = { + useACMEHost = "as205479.net"; + forceSSL = true; + locations."/".root = depot.web.as205479 config.networking.hostName; + }; + }; +} diff --git a/ops/nixos/lib/coredns/zones/db.as205479.net b/ops/nixos/lib/coredns/zones/db.as205479.net index 6f98cf73d9..4cb246ef12 100644 --- a/ops/nixos/lib/coredns/zones/db.as205479.net +++ b/ops/nixos/lib/coredns/zones/db.as205479.net @@ -3,7 +3,7 @@ ; SPDX-License-Identifier: Apache-2.0 ; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL -@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 34 600 450 3600 300 +@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 35 600 450 3600 300 ; NB: this are also glue records in Google Domains. $INCLUDE tmpl.ns @@ -14,6 +14,11 @@ $INCLUDE tmpl.ns @ 3600 IN MX 10 alt3.aspmx.l.google.com. @ 3600 IN MX 10 alt4.aspmx.l.google.com. +# bvm-radius serves HTTP(S) for root +@ 3600 IN A 92.118.28.9 +@ 3600 IN AAAA 2a09:a441::9 +www 3600 IN CNAME bvm-radius.as205479.net. + _acme-challenge 3600 IN NS ns-cloud-c1.googledomains.com. _acme-challenge 3600 IN NS ns-cloud-c2.googledomains.com. _acme-challenge 3600 IN NS ns-cloud-c3.googledomains.com. diff --git a/web/as205479/eduroam/index.html b/web/as205479/eduroam/index.html new file mode 100644 index 0000000000..c26f111a65 --- /dev/null +++ b/web/as205479/eduroam/index.html @@ -0,0 +1,19 @@ + + + + +eduroam @ AS205479 + + + +

eduroam @ AS205479

+ +

AS205479 offers eduroam(UK) service to visiting members of institutions that are part of the eduroam confederation (aka "Visited" type service).

+

This service is offered as the eduroam SSID at AS205479 home locations. Devices should support the "WPA3 Enterprise" specification - legacy "WPA2"-only devices may experience difficulty connection to AS205479-hosted SSIDs.

+

Users of the service need to abide by the eduroam(UK) Policy. Violations of this policy will be reported to their home organisation.

+ +
+

You've reached {{NODENAME}}, serving from {{DEPOT_VERSION}}.

+
+ + diff --git a/web/as205479/eduroam/logo.png b/web/as205479/eduroam/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..8729b7613b7d2eeb4edce697818217029474f462 GIT binary patch literal 1556 zcmV+v2J88WP)Px#3{Xr|MF0Q*zt!9xN^}4K08eN=TL1t60d!JMQvg8b*k%9#1*u6yK~#9!?btnT z<3V!dSYH+Nq!M?{^R@cFK`suy1*(%<*2B>L1i32>8n1<0+578D^O`wW%dUB zuIjmfqWE?Jy%oQ7w`IB40?oM75&Vo%t{V3D!K0t;!*|gr3&8I5e*FYcSYUhD>%mw1 z@kxs1C$6Mmf&CvJCB-TD*-kr!@-8Lx6|9A!&-DZS!8bENA!Xm+sz@k-kZPEZqr$1; zxq?qJSgP0*`iVPLC00sdKC57Hu}o%XYAuy9JnYk#SIAk0)78d8t(J>a9912 zj=rJ``ANv1)^ogpgolDY_K$$Nu7&@iiNI9}`qRc&&Y;211Aei|*XnWO|24>$U*umk z{__?;+sVhLy1I!aWl0QQw*G5mzmDJ=X&l*~yj@?#@bj1wFSRdA znEp}#>i6L%1mzT$jsK}M0S~%KV9~MfbWEVn=I%cJhLf((WdQk>G(o>G13(`~35(k2 z!^lMjz8M(!`QZPT>}e3LUpRw=LV>0{e$Jz@{Twe+686ofOj?(NeeOg8ml|uvZVG&U zFWI*nWphWLi-zB7pQlj5rS{YeY!7zt6l=!k5pLa3LjP|k>jU8ZnH!`K2w_vaeBpcr zekZ~bggNmoF9gspVfw+xW(&)gEP&6uHY|6TD*hOK3iJttmF(#=tTeZaCHT}fR1fw! z!P^@LBRTloG%R)~A9(u30RM~Q;D1YgQgE>s>4d}eO>uR!nr-V4^zUFw(fA~zAY(>7Tn^1y|4PD)zw5JnENfW1( zFPf}H4ZfJp3IY#XtT|4=y$7=3)YlGmeM$L)wLd>h*L-R1pQf#o zkgxZAx(v^fa>@Ru%Qau{o#oc}r$PU!?&8VHA4Q+CPug8ctw^e$tP1*PWav?x2Yl=P zD^23{ae>X({EuFrogx0ndOkU3-?a7bnlG8O{QIqb-_fNI6YwwBeEa!oHq?J-$Oe#< z{6@Zhsy?%Qo}fPc5cbEKU-iXwO#Xz% + + + +AS205479 + + + +

AS205479

+

...is a private autonomous system operated by Luke Granger-Brown.

+ +
+

You've reached {{NODENAME}}, serving from {{DEPOT_VERSION}}.

+
+ + diff --git a/web/as205479/style.css b/web/as205479/style.css new file mode 100644 index 0000000000..65dddebad4 --- /dev/null +++ b/web/as205479/style.css @@ -0,0 +1,41 @@ +@import url('https://fonts.googleapis.com/css2?family=Overpass+Mono:wght@300&display=swap'); + +* { box-sizing: border-box; } + +body { + background: #fafafa; + font-family: sans-serif; + padding: 20px 50px; +} + +.home { + text-align: center; +} + +h1 { + font-family: 'Overpass Mono', monospace; +} + +.home-title { + font-size: 8rem; +} + +.eduroam-logo-link { + float: right; + margin-left: 20px; +} + +.eduroam-logo { + width: 140px; + height: auto; +} + +.per-server { + position: absolute; + bottom: 0; + left: 0; + width: 100%; + font-size: small; + color: #606060; + text-align: center; +} diff --git a/web/default.nix b/web/default.nix index dd743029cb..43d01fd366 100644 --- a/web/default.nix +++ b/web/default.nix @@ -2,10 +2,23 @@ # # SPDX-License-Identifier: Apache-2.0 -{ pkgs, ... }@args: +{ depot, pkgs, ... }@args: { int = pkgs.copyPathToStore ./int; logged-out-int = pkgs.copyPathToStore ./logged-out-int; quotes = import ./quotes args; fup = import ./fup args; + as205479 = hostName: pkgs.runCommand "as205479-web" { + inherit hostName; + depotVersion = depot.version; + } '' + cp -Rv ${./as205479} $out + chmod -R +w $out + + find $out -name '*.html' | while read filename; do + substituteInPlace "$filename" \ + --replace "{{NODENAME}}" "$hostName" \ + --replace "{{DEPOT_VERSION}}" "$depotVersion" + done + ''; }