Format

2023-05-19 21:40:18 +02:00 · 2023-05-19 21:40:18 +02:00 · d126fbc5be
parent 27e567e82c
commit d126fbc5be
1 changed files with 106 additions and 106 deletions
--- a/modules/c3d2.nix
+++ b/modules/c3d2.nix
@ -80,124 +80,124 @@ in
    };
  };

-  config =    {
-      programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;
+  config = {
+    programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;

-      users =
-        let
-          adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
-        in
-        {
-          users = {
-            k-ot = lib.mkIf cfg.k-ot.enable {
-              createHome = true;
-              isNormalUser = true;
-              uid = 1000;
-              extraGroups = [
-                "audio"
-                "video"
-                "wheel"
-              ];
-              password = "k-otk-ot";
-              openssh.authorizedKeys.keys = adminKeys;
-            };
-
-            root.openssh.authorizedKeys.keys = adminKeys;
+    users =
+      let
+        adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
+      in
+      {
+        users = {
+          k-ot = lib.mkIf cfg.k-ot.enable {
+            createHome = true;
+            isNormalUser = true;
+            uid = 1000;
+            extraGroups = [
+              "audio"
+              "video"
+              "wheel"
+            ];
+            password = "k-otk-ot";
+            openssh.authorizedKeys.keys = adminKeys;
          };
-        };

-      services.vector = lib.mkIf config.c3d2.hq.journalToMqtt {
-        enable = true;
-        journaldAccess = true;
-        settings = {
-          sources.journal = {
-            type = "journald";
-            current_boot_only = true;
-          };
-          sinks.mqtt = {
-            inputs = [ "journal" ];
-            type = "mqtt";
-            host = "broker.serv.zentralwerk.org";
-            # port = 8883;
-            user = "SECRET[mqtt.user]";
-            password = "SECRET[mqtt.password]";
-            client_id = "vector-${config.networking.hostName}";
-            encoding.codec = "json";
-            topic = "journal/{{ host }}/{{ _SYSTEMD_UNIT }}/{{ PRIORITY }}";
-            # tls.enabled = true;
-            # tls.ca_file = "/etc/ssl/certs/ca-certificates.crt";
-          };
-          secret.mqtt =
-            let
-              catSecrets = pkgs.writeScript "cat-vector-secrets" ''
-                #!${pkgs.runtimeShell} -e
-                echo '{'
-                COMMA=n
-                for F in $@; do
-                  if [ $COMMA = y ]; then
-                    echo '  ,'
-                  else
-                    COMMA=y
-                  fi
-
-                  echo '  "'$(basename $F)'": {"value": "'$(cat $F)'", "error": null }'
-                done
-                echo '}'
-              '';
-            in
-            {
-              type = "exec";
-              command = [
-                catSecrets
-                config.sops.secrets."mqtt/user".path
-                config.sops.secrets."mqtt/password".path
-              ];
-            };
+          root.openssh.authorizedKeys.keys = adminKeys;
        };
      };

-      sops.secrets = lib.mkIf config.c3d2.hq.journalToMqtt {
-        "mqtt/user" = {
-          sopsFile = ../modules/mqtt.yaml;
-          owner = config.systemd.services.vector.serviceConfig.User;
+    services.vector = lib.mkIf config.c3d2.hq.journalToMqtt {
+      enable = true;
+      journaldAccess = true;
+      settings = {
+        sources.journal = {
+          type = "journald";
+          current_boot_only = true;
        };
-        "mqtt/password" = {
-          sopsFile = ../modules/mqtt.yaml;
-          owner = config.systemd.services.vector.serviceConfig.User;
+        sinks.mqtt = {
+          inputs = [ "journal" ];
+          type = "mqtt";
+          host = "broker.serv.zentralwerk.org";
+          # port = 8883;
+          user = "SECRET[mqtt.user]";
+          password = "SECRET[mqtt.password]";
+          client_id = "vector-${config.networking.hostName}";
+          encoding.codec = "json";
+          topic = "journal/{{ host }}/{{ _SYSTEMD_UNIT }}/{{ PRIORITY }}";
+          # tls.enabled = true;
+          # tls.ca_file = "/etc/ssl/certs/ca-certificates.crt";
        };
-      };
+        secret.mqtt =
+          let
+            catSecrets = pkgs.writeScript "cat-vector-secrets" ''
+              #!${pkgs.runtimeShell} -e
+              echo '{'
+              COMMA=n
+              for F in $@; do
+                if [ $COMMA = y ]; then
+                  echo '  ,'
+                else
+                  COMMA=y
+                fi

-      systemd.network.networks = lib.mkIf (cfg.hq.interface != null && config.networking.useNetworkd) {
-        "40-eth0".routes = [{
-          routeConfig = {
-            Gateway = "172.22.99.4";
-            GatewayOnLink = true;
+                echo '  "'$(basename $F)'": {"value": "'$(cat $F)'", "error": null }'
+              done
+              echo '}'
+            '';
+          in
+          {
+            type = "exec";
+            command = [
+              catSecrets
+              config.sops.secrets."mqtt/user".path
+              config.sops.secrets."mqtt/password".path
+            ];
          };
+      };
+    };
+
+    sops.secrets = lib.mkIf config.c3d2.hq.journalToMqtt {
+      "mqtt/user" = {
+        sopsFile = ../modules/mqtt.yaml;
+        owner = config.systemd.services.vector.serviceConfig.User;
+      };
+      "mqtt/password" = {
+        sopsFile = ../modules/mqtt.yaml;
+        owner = config.systemd.services.vector.serviceConfig.User;
+      };
+    };
+
+    systemd.network.networks = lib.mkIf (cfg.hq.interface != null && config.networking.useNetworkd) {
+      "40-eth0".routes = [{
+        routeConfig = {
+          Gateway = "172.22.99.4";
+          GatewayOnLink = true;
+        };
+      }];
+    };
+
+    networking = {
+      interfaces = lib.mkIf (cfg.hq.interface != null) {
+        "${cfg.hq.interface}".ipv6.addresses = [{
+          address = toHqPrivateAddress config.networking.hostName;
+          prefixLength = 64;
        }];
      };

-      networking = {
-        interfaces = lib.mkIf (cfg.hq.interface != null) {
-          "${cfg.hq.interface}".ipv6.addresses = [{
-            address = toHqPrivateAddress config.networking.hostName;
-            prefixLength = 64;
-          }];
-        };
-
-        nameservers = with hostRegistry.dnscache; [
-          ip4
-          ip6
-          "9.9.9.9"
-        ];
-        useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
-      };
-
-      environment.etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) {
-        text = lib.concatMapStrings
-          (ns: ''
-            nameserver ${ns}
-          '')
-          config.networking.nameservers;
-      };
+      nameservers = with hostRegistry.dnscache; [
+        ip4
+        ip6
+        "9.9.9.9"
+      ];
+      useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
    };
+
+    environment.etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) {
+      text = lib.concatMapStrings
+        (ns: ''
+          nameserver ${ns}
+        '')
+        config.networking.nameservers;
+    };
+  };
 }