bvm-radius: start serving as205479.net webpage

This commit is contained in:
Luke Granger-Brown 2021-09-25 20:51:24 +00:00
parent 932afbda74
commit 9c92e12742
8 changed files with 124 additions and 5 deletions

View file

@ -8,6 +8,7 @@ let
in { in {
imports = [ imports = [
../lib/bvm.nix ../lib/bvm.nix
../lib/as205479-web.nix
./radius.nix ./radius.nix
]; ];
@ -28,6 +29,8 @@ in {
defaultGateway6 = { address = "2a09:a441::1"; interface = "enp2s0"; }; defaultGateway6 = { address = "2a09:a441::1"; interface = "enp2s0"; };
firewall = { firewall = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 443 ];
extraCommands = '' extraCommands = ''
# Allow JANET inbound RADIUS traffic. # Allow JANET inbound RADIUS traffic.
# roaming0.ja.net # roaming0.ja.net
@ -52,12 +55,13 @@ in {
acceptTerms = true; acceptTerms = true;
email = "letsencrypt@lukegb.com"; email = "letsencrypt@lukegb.com";
certs."as205479.net" = { certs."as205479.net" = {
extraDomainNames = [ "www.as205479.net" ];
dnsProvider = "gcloud"; dnsProvider = "gcloud";
credentialsFile = secrets.gcpDNSCredentials; credentialsFile = secrets.gcpDNSCredentials;
dnsPropagationCheck = false; dnsPropagationCheck = false;
#postRun = '' postRun = ''
# systemctl restart freeradius systemctl restart freeradius
#''; '';
}; };
}; };

View file

@ -0,0 +1,21 @@
{ config, depot, lib, ... }:
{
security.acme = {
acceptTerms = true;
email = lib.mkDefault "letsencrypt@lukegb.com";
certs."as205479.net" = {
dnsProvider = "gcloud";
credentialsFile = depot.ops.secrets.gcpDNSCredentials;
dnsPropagationCheck = false;
};
};
services.nginx = {
enable = lib.mkDefault true;
virtualHosts."as205479.net" = {
useACMEHost = "as205479.net";
forceSSL = true;
locations."/".root = depot.web.as205479 config.networking.hostName;
};
};
}

View file

@ -3,7 +3,7 @@
; SPDX-License-Identifier: Apache-2.0 ; SPDX-License-Identifier: Apache-2.0
; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL ; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL
@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 34 600 450 3600 300 @ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 35 600 450 3600 300
; NB: this are also glue records in Google Domains. ; NB: this are also glue records in Google Domains.
$INCLUDE tmpl.ns $INCLUDE tmpl.ns
@ -14,6 +14,11 @@ $INCLUDE tmpl.ns
@ 3600 IN MX 10 alt3.aspmx.l.google.com. @ 3600 IN MX 10 alt3.aspmx.l.google.com.
@ 3600 IN MX 10 alt4.aspmx.l.google.com. @ 3600 IN MX 10 alt4.aspmx.l.google.com.
# bvm-radius serves HTTP(S) for root
@ 3600 IN A 92.118.28.9
@ 3600 IN AAAA 2a09:a441::9
www 3600 IN CNAME bvm-radius.as205479.net.
_acme-challenge 3600 IN NS ns-cloud-c1.googledomains.com. _acme-challenge 3600 IN NS ns-cloud-c1.googledomains.com.
_acme-challenge 3600 IN NS ns-cloud-c2.googledomains.com. _acme-challenge 3600 IN NS ns-cloud-c2.googledomains.com.
_acme-challenge 3600 IN NS ns-cloud-c3.googledomains.com. _acme-challenge 3600 IN NS ns-cloud-c3.googledomains.com.

View file

@ -0,0 +1,19 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>eduroam @ AS205479</title>
<link rel="stylesheet" type="text/css" href="/style.css">
</head>
<body>
<h1>eduroam @ AS205479</h1>
<a href="https://www.eduroam.org" class="eduroam-logo-link"><img src="logo.png" class="eduroam-logo" width="380" height="151"></a>
<p>AS205479 offers <a href="https://eduroam.org">eduroam</a>(UK) service to visiting members of institutions that are part of the eduroam confederation (aka "Visited" type service).</p>
<p>This service is offered as the <tt>eduroam</tt> SSID at AS205479 home locations. Devices should support the "WPA3 Enterprise" specification - legacy "WPA2"-only devices may experience difficulty connection to AS205479-hosted SSIDs.</p>
<p>Users of the service need to abide by the <a href="http://community.jisc.ac.uk/library/janet-services-documentation/eduroamuk-policy">eduroam(UK) Policy</a>. Violations of this policy will be reported to their home organisation.</p>
<div class="per-server">
<p>You've reached <span>{{NODENAME}}</span>, serving from <span>{{DEPOT_VERSION}}</span>.</p>
</div>
</body>
</html>

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.5 KiB

16
web/as205479/index.html Normal file
View file

@ -0,0 +1,16 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>AS205479</title>
<link rel="stylesheet" type="text/css" href="/style.css">
</head>
<body class="home">
<h1 class="home-title">AS205479</h1>
<p>...is a private autonomous system operated by <a href="https://lukegb.com">Luke Granger-Brown</a>.</p>
<div class="per-server">
<p>You've reached <span>{{NODENAME}}</span>, serving from <span>{{DEPOT_VERSION}}</span>.</p>
</div>
</body>
</html>

41
web/as205479/style.css Normal file
View file

@ -0,0 +1,41 @@
@import url('https://fonts.googleapis.com/css2?family=Overpass+Mono:wght@300&display=swap');
* { box-sizing: border-box; }
body {
background: #fafafa;
font-family: sans-serif;
padding: 20px 50px;
}
.home {
text-align: center;
}
h1 {
font-family: 'Overpass Mono', monospace;
}
.home-title {
font-size: 8rem;
}
.eduroam-logo-link {
float: right;
margin-left: 20px;
}
.eduroam-logo {
width: 140px;
height: auto;
}
.per-server {
position: absolute;
bottom: 0;
left: 0;
width: 100%;
font-size: small;
color: #606060;
text-align: center;
}

View file

@ -2,10 +2,23 @@
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
{ pkgs, ... }@args: { depot, pkgs, ... }@args:
{ {
int = pkgs.copyPathToStore ./int; int = pkgs.copyPathToStore ./int;
logged-out-int = pkgs.copyPathToStore ./logged-out-int; logged-out-int = pkgs.copyPathToStore ./logged-out-int;
quotes = import ./quotes args; quotes = import ./quotes args;
fup = import ./fup args; fup = import ./fup args;
as205479 = hostName: pkgs.runCommand "as205479-web" {
inherit hostName;
depotVersion = depot.version;
} ''
cp -Rv ${./as205479} $out
chmod -R +w $out
find $out -name '*.html' | while read filename; do
substituteInPlace "$filename" \
--replace "{{NODENAME}}" "$hostName" \
--replace "{{DEPOT_VERSION}}" "$depotVersion"
done
'';
} }