bvm-radius: start serving as205479.net webpage
This commit is contained in:
parent
932afbda74
commit
9c92e12742
8 changed files with 124 additions and 5 deletions
|
@ -8,6 +8,7 @@ let
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../lib/bvm.nix
|
../lib/bvm.nix
|
||||||
|
../lib/as205479-web.nix
|
||||||
./radius.nix
|
./radius.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -28,6 +29,8 @@ in {
|
||||||
defaultGateway6 = { address = "2a09:a441::1"; interface = "enp2s0"; };
|
defaultGateway6 = { address = "2a09:a441::1"; interface = "enp2s0"; };
|
||||||
|
|
||||||
firewall = {
|
firewall = {
|
||||||
|
allowedTCPPorts = [ 80 443 ];
|
||||||
|
allowedUDPPorts = [ 443 ];
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
# Allow JANET inbound RADIUS traffic.
|
# Allow JANET inbound RADIUS traffic.
|
||||||
# roaming0.ja.net
|
# roaming0.ja.net
|
||||||
|
@ -52,12 +55,13 @@ in {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
email = "letsencrypt@lukegb.com";
|
email = "letsencrypt@lukegb.com";
|
||||||
certs."as205479.net" = {
|
certs."as205479.net" = {
|
||||||
|
extraDomainNames = [ "www.as205479.net" ];
|
||||||
dnsProvider = "gcloud";
|
dnsProvider = "gcloud";
|
||||||
credentialsFile = secrets.gcpDNSCredentials;
|
credentialsFile = secrets.gcpDNSCredentials;
|
||||||
dnsPropagationCheck = false;
|
dnsPropagationCheck = false;
|
||||||
#postRun = ''
|
postRun = ''
|
||||||
# systemctl restart freeradius
|
systemctl restart freeradius
|
||||||
#'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
21
ops/nixos/lib/as205479-web.nix
Normal file
21
ops/nixos/lib/as205479-web.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{ config, depot, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
email = lib.mkDefault "letsencrypt@lukegb.com";
|
||||||
|
certs."as205479.net" = {
|
||||||
|
dnsProvider = "gcloud";
|
||||||
|
credentialsFile = depot.ops.secrets.gcpDNSCredentials;
|
||||||
|
dnsPropagationCheck = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.nginx = {
|
||||||
|
enable = lib.mkDefault true;
|
||||||
|
virtualHosts."as205479.net" = {
|
||||||
|
useACMEHost = "as205479.net";
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/".root = depot.web.as205479 config.networking.hostName;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -3,7 +3,7 @@
|
||||||
; SPDX-License-Identifier: Apache-2.0
|
; SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL
|
; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL
|
||||||
@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 34 600 450 3600 300
|
@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 35 600 450 3600 300
|
||||||
|
|
||||||
; NB: this are also glue records in Google Domains.
|
; NB: this are also glue records in Google Domains.
|
||||||
$INCLUDE tmpl.ns
|
$INCLUDE tmpl.ns
|
||||||
|
@ -14,6 +14,11 @@ $INCLUDE tmpl.ns
|
||||||
@ 3600 IN MX 10 alt3.aspmx.l.google.com.
|
@ 3600 IN MX 10 alt3.aspmx.l.google.com.
|
||||||
@ 3600 IN MX 10 alt4.aspmx.l.google.com.
|
@ 3600 IN MX 10 alt4.aspmx.l.google.com.
|
||||||
|
|
||||||
|
# bvm-radius serves HTTP(S) for root
|
||||||
|
@ 3600 IN A 92.118.28.9
|
||||||
|
@ 3600 IN AAAA 2a09:a441::9
|
||||||
|
www 3600 IN CNAME bvm-radius.as205479.net.
|
||||||
|
|
||||||
_acme-challenge 3600 IN NS ns-cloud-c1.googledomains.com.
|
_acme-challenge 3600 IN NS ns-cloud-c1.googledomains.com.
|
||||||
_acme-challenge 3600 IN NS ns-cloud-c2.googledomains.com.
|
_acme-challenge 3600 IN NS ns-cloud-c2.googledomains.com.
|
||||||
_acme-challenge 3600 IN NS ns-cloud-c3.googledomains.com.
|
_acme-challenge 3600 IN NS ns-cloud-c3.googledomains.com.
|
||||||
|
|
19
web/as205479/eduroam/index.html
Normal file
19
web/as205479/eduroam/index.html
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<title>eduroam @ AS205479</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/style.css">
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>eduroam @ AS205479</h1>
|
||||||
|
<a href="https://www.eduroam.org" class="eduroam-logo-link"><img src="logo.png" class="eduroam-logo" width="380" height="151"></a>
|
||||||
|
<p>AS205479 offers <a href="https://eduroam.org">eduroam</a>(UK) service to visiting members of institutions that are part of the eduroam confederation (aka "Visited" type service).</p>
|
||||||
|
<p>This service is offered as the <tt>eduroam</tt> SSID at AS205479 home locations. Devices should support the "WPA3 Enterprise" specification - legacy "WPA2"-only devices may experience difficulty connection to AS205479-hosted SSIDs.</p>
|
||||||
|
<p>Users of the service need to abide by the <a href="http://community.jisc.ac.uk/library/janet-services-documentation/eduroamuk-policy">eduroam(UK) Policy</a>. Violations of this policy will be reported to their home organisation.</p>
|
||||||
|
|
||||||
|
<div class="per-server">
|
||||||
|
<p>You've reached <span>{{NODENAME}}</span>, serving from <span>{{DEPOT_VERSION}}</span>.</p>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
BIN
web/as205479/eduroam/logo.png
Normal file
BIN
web/as205479/eduroam/logo.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 1.5 KiB |
16
web/as205479/index.html
Normal file
16
web/as205479/index.html
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<title>AS205479</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/style.css">
|
||||||
|
</head>
|
||||||
|
<body class="home">
|
||||||
|
<h1 class="home-title">AS205479</h1>
|
||||||
|
<p>...is a private autonomous system operated by <a href="https://lukegb.com">Luke Granger-Brown</a>.</p>
|
||||||
|
|
||||||
|
<div class="per-server">
|
||||||
|
<p>You've reached <span>{{NODENAME}}</span>, serving from <span>{{DEPOT_VERSION}}</span>.</p>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
41
web/as205479/style.css
Normal file
41
web/as205479/style.css
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
@import url('https://fonts.googleapis.com/css2?family=Overpass+Mono:wght@300&display=swap');
|
||||||
|
|
||||||
|
* { box-sizing: border-box; }
|
||||||
|
|
||||||
|
body {
|
||||||
|
background: #fafafa;
|
||||||
|
font-family: sans-serif;
|
||||||
|
padding: 20px 50px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.home {
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
h1 {
|
||||||
|
font-family: 'Overpass Mono', monospace;
|
||||||
|
}
|
||||||
|
|
||||||
|
.home-title {
|
||||||
|
font-size: 8rem;
|
||||||
|
}
|
||||||
|
|
||||||
|
.eduroam-logo-link {
|
||||||
|
float: right;
|
||||||
|
margin-left: 20px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.eduroam-logo {
|
||||||
|
width: 140px;
|
||||||
|
height: auto;
|
||||||
|
}
|
||||||
|
|
||||||
|
.per-server {
|
||||||
|
position: absolute;
|
||||||
|
bottom: 0;
|
||||||
|
left: 0;
|
||||||
|
width: 100%;
|
||||||
|
font-size: small;
|
||||||
|
color: #606060;
|
||||||
|
text-align: center;
|
||||||
|
}
|
|
@ -2,10 +2,23 @@
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
{ pkgs, ... }@args:
|
{ depot, pkgs, ... }@args:
|
||||||
{
|
{
|
||||||
int = pkgs.copyPathToStore ./int;
|
int = pkgs.copyPathToStore ./int;
|
||||||
logged-out-int = pkgs.copyPathToStore ./logged-out-int;
|
logged-out-int = pkgs.copyPathToStore ./logged-out-int;
|
||||||
quotes = import ./quotes args;
|
quotes = import ./quotes args;
|
||||||
fup = import ./fup args;
|
fup = import ./fup args;
|
||||||
|
as205479 = hostName: pkgs.runCommand "as205479-web" {
|
||||||
|
inherit hostName;
|
||||||
|
depotVersion = depot.version;
|
||||||
|
} ''
|
||||||
|
cp -Rv ${./as205479} $out
|
||||||
|
chmod -R +w $out
|
||||||
|
|
||||||
|
find $out -name '*.html' | while read filename; do
|
||||||
|
substituteInPlace "$filename" \
|
||||||
|
--replace "{{NODENAME}}" "$hostName" \
|
||||||
|
--replace "{{DEPOT_VERSION}}" "$depotVersion"
|
||||||
|
done
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue