Format
This commit is contained in:
parent
27e567e82c
commit
d126fbc5be
212
modules/c3d2.nix
212
modules/c3d2.nix
|
@ -80,124 +80,124 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;
|
||||
config = {
|
||||
programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;
|
||||
|
||||
users =
|
||||
let
|
||||
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
|
||||
in
|
||||
{
|
||||
users = {
|
||||
k-ot = lib.mkIf cfg.k-ot.enable {
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"wheel"
|
||||
];
|
||||
password = "k-otk-ot";
|
||||
openssh.authorizedKeys.keys = adminKeys;
|
||||
};
|
||||
|
||||
root.openssh.authorizedKeys.keys = adminKeys;
|
||||
users =
|
||||
let
|
||||
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
|
||||
in
|
||||
{
|
||||
users = {
|
||||
k-ot = lib.mkIf cfg.k-ot.enable {
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"wheel"
|
||||
];
|
||||
password = "k-otk-ot";
|
||||
openssh.authorizedKeys.keys = adminKeys;
|
||||
};
|
||||
};
|
||||
|
||||
services.vector = lib.mkIf config.c3d2.hq.journalToMqtt {
|
||||
enable = true;
|
||||
journaldAccess = true;
|
||||
settings = {
|
||||
sources.journal = {
|
||||
type = "journald";
|
||||
current_boot_only = true;
|
||||
};
|
||||
sinks.mqtt = {
|
||||
inputs = [ "journal" ];
|
||||
type = "mqtt";
|
||||
host = "broker.serv.zentralwerk.org";
|
||||
# port = 8883;
|
||||
user = "SECRET[mqtt.user]";
|
||||
password = "SECRET[mqtt.password]";
|
||||
client_id = "vector-${config.networking.hostName}";
|
||||
encoding.codec = "json";
|
||||
topic = "journal/{{ host }}/{{ _SYSTEMD_UNIT }}/{{ PRIORITY }}";
|
||||
# tls.enabled = true;
|
||||
# tls.ca_file = "/etc/ssl/certs/ca-certificates.crt";
|
||||
};
|
||||
secret.mqtt =
|
||||
let
|
||||
catSecrets = pkgs.writeScript "cat-vector-secrets" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
echo '{'
|
||||
COMMA=n
|
||||
for F in $@; do
|
||||
if [ $COMMA = y ]; then
|
||||
echo ' ,'
|
||||
else
|
||||
COMMA=y
|
||||
fi
|
||||
|
||||
echo ' "'$(basename $F)'": {"value": "'$(cat $F)'", "error": null }'
|
||||
done
|
||||
echo '}'
|
||||
'';
|
||||
in
|
||||
{
|
||||
type = "exec";
|
||||
command = [
|
||||
catSecrets
|
||||
config.sops.secrets."mqtt/user".path
|
||||
config.sops.secrets."mqtt/password".path
|
||||
];
|
||||
};
|
||||
root.openssh.authorizedKeys.keys = adminKeys;
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets = lib.mkIf config.c3d2.hq.journalToMqtt {
|
||||
"mqtt/user" = {
|
||||
sopsFile = ../modules/mqtt.yaml;
|
||||
owner = config.systemd.services.vector.serviceConfig.User;
|
||||
services.vector = lib.mkIf config.c3d2.hq.journalToMqtt {
|
||||
enable = true;
|
||||
journaldAccess = true;
|
||||
settings = {
|
||||
sources.journal = {
|
||||
type = "journald";
|
||||
current_boot_only = true;
|
||||
};
|
||||
"mqtt/password" = {
|
||||
sopsFile = ../modules/mqtt.yaml;
|
||||
owner = config.systemd.services.vector.serviceConfig.User;
|
||||
sinks.mqtt = {
|
||||
inputs = [ "journal" ];
|
||||
type = "mqtt";
|
||||
host = "broker.serv.zentralwerk.org";
|
||||
# port = 8883;
|
||||
user = "SECRET[mqtt.user]";
|
||||
password = "SECRET[mqtt.password]";
|
||||
client_id = "vector-${config.networking.hostName}";
|
||||
encoding.codec = "json";
|
||||
topic = "journal/{{ host }}/{{ _SYSTEMD_UNIT }}/{{ PRIORITY }}";
|
||||
# tls.enabled = true;
|
||||
# tls.ca_file = "/etc/ssl/certs/ca-certificates.crt";
|
||||
};
|
||||
};
|
||||
secret.mqtt =
|
||||
let
|
||||
catSecrets = pkgs.writeScript "cat-vector-secrets" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
echo '{'
|
||||
COMMA=n
|
||||
for F in $@; do
|
||||
if [ $COMMA = y ]; then
|
||||
echo ' ,'
|
||||
else
|
||||
COMMA=y
|
||||
fi
|
||||
|
||||
systemd.network.networks = lib.mkIf (cfg.hq.interface != null && config.networking.useNetworkd) {
|
||||
"40-eth0".routes = [{
|
||||
routeConfig = {
|
||||
Gateway = "172.22.99.4";
|
||||
GatewayOnLink = true;
|
||||
echo ' "'$(basename $F)'": {"value": "'$(cat $F)'", "error": null }'
|
||||
done
|
||||
echo '}'
|
||||
'';
|
||||
in
|
||||
{
|
||||
type = "exec";
|
||||
command = [
|
||||
catSecrets
|
||||
config.sops.secrets."mqtt/user".path
|
||||
config.sops.secrets."mqtt/password".path
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets = lib.mkIf config.c3d2.hq.journalToMqtt {
|
||||
"mqtt/user" = {
|
||||
sopsFile = ../modules/mqtt.yaml;
|
||||
owner = config.systemd.services.vector.serviceConfig.User;
|
||||
};
|
||||
"mqtt/password" = {
|
||||
sopsFile = ../modules/mqtt.yaml;
|
||||
owner = config.systemd.services.vector.serviceConfig.User;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.network.networks = lib.mkIf (cfg.hq.interface != null && config.networking.useNetworkd) {
|
||||
"40-eth0".routes = [{
|
||||
routeConfig = {
|
||||
Gateway = "172.22.99.4";
|
||||
GatewayOnLink = true;
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
||||
networking = {
|
||||
interfaces = lib.mkIf (cfg.hq.interface != null) {
|
||||
"${cfg.hq.interface}".ipv6.addresses = [{
|
||||
address = toHqPrivateAddress config.networking.hostName;
|
||||
prefixLength = 64;
|
||||
}];
|
||||
};
|
||||
|
||||
networking = {
|
||||
interfaces = lib.mkIf (cfg.hq.interface != null) {
|
||||
"${cfg.hq.interface}".ipv6.addresses = [{
|
||||
address = toHqPrivateAddress config.networking.hostName;
|
||||
prefixLength = 64;
|
||||
}];
|
||||
};
|
||||
|
||||
nameservers = with hostRegistry.dnscache; [
|
||||
ip4
|
||||
ip6
|
||||
"9.9.9.9"
|
||||
];
|
||||
useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
|
||||
};
|
||||
|
||||
environment.etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) {
|
||||
text = lib.concatMapStrings
|
||||
(ns: ''
|
||||
nameserver ${ns}
|
||||
'')
|
||||
config.networking.nameservers;
|
||||
};
|
||||
nameservers = with hostRegistry.dnscache; [
|
||||
ip4
|
||||
ip6
|
||||
"9.9.9.9"
|
||||
];
|
||||
useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
|
||||
};
|
||||
|
||||
environment.etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) {
|
||||
text = lib.concatMapStrings
|
||||
(ns: ''
|
||||
nameserver ${ns}
|
||||
'')
|
||||
config.networking.nameservers;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue