From d126fbc5be514dfcbd4ca262232a6b5342f27522 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 19 May 2023 21:40:18 +0200 Subject: [PATCH] Format --- modules/c3d2.nix | 212 +++++++++++++++++++++++------------------------ 1 file changed, 106 insertions(+), 106 deletions(-) diff --git a/modules/c3d2.nix b/modules/c3d2.nix index 3f0d4dc6..72b1d1ef 100644 --- a/modules/c3d2.nix +++ b/modules/c3d2.nix @@ -80,124 +80,124 @@ in }; }; - config = { - programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp; + config = { + programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp; - users = - let - adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys); - in - { - users = { - k-ot = lib.mkIf cfg.k-ot.enable { - createHome = true; - isNormalUser = true; - uid = 1000; - extraGroups = [ - "audio" - "video" - "wheel" - ]; - password = "k-otk-ot"; - openssh.authorizedKeys.keys = adminKeys; - }; - - root.openssh.authorizedKeys.keys = adminKeys; + users = + let + adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys); + in + { + users = { + k-ot = lib.mkIf cfg.k-ot.enable { + createHome = true; + isNormalUser = true; + uid = 1000; + extraGroups = [ + "audio" + "video" + "wheel" + ]; + password = "k-otk-ot"; + openssh.authorizedKeys.keys = adminKeys; }; - }; - services.vector = lib.mkIf config.c3d2.hq.journalToMqtt { - enable = true; - journaldAccess = true; - settings = { - sources.journal = { - type = "journald"; - current_boot_only = true; - }; - sinks.mqtt = { - inputs = [ "journal" ]; - type = "mqtt"; - host = "broker.serv.zentralwerk.org"; - # port = 8883; - user = "SECRET[mqtt.user]"; - password = "SECRET[mqtt.password]"; - client_id = "vector-${config.networking.hostName}"; - encoding.codec = "json"; - topic = "journal/{{ host }}/{{ _SYSTEMD_UNIT }}/{{ PRIORITY }}"; - # tls.enabled = true; - # tls.ca_file = "/etc/ssl/certs/ca-certificates.crt"; - }; - secret.mqtt = - let - catSecrets = pkgs.writeScript "cat-vector-secrets" '' - #!${pkgs.runtimeShell} -e - echo '{' - COMMA=n - for F in $@; do - if [ $COMMA = y ]; then - echo ' ,' - else - COMMA=y - fi - - echo ' "'$(basename $F)'": {"value": "'$(cat $F)'", "error": null }' - done - echo '}' - ''; - in - { - type = "exec"; - command = [ - catSecrets - config.sops.secrets."mqtt/user".path - config.sops.secrets."mqtt/password".path - ]; - }; + root.openssh.authorizedKeys.keys = adminKeys; }; }; - sops.secrets = lib.mkIf config.c3d2.hq.journalToMqtt { - "mqtt/user" = { - sopsFile = ../modules/mqtt.yaml; - owner = config.systemd.services.vector.serviceConfig.User; + services.vector = lib.mkIf config.c3d2.hq.journalToMqtt { + enable = true; + journaldAccess = true; + settings = { + sources.journal = { + type = "journald"; + current_boot_only = true; }; - "mqtt/password" = { - sopsFile = ../modules/mqtt.yaml; - owner = config.systemd.services.vector.serviceConfig.User; + sinks.mqtt = { + inputs = [ "journal" ]; + type = "mqtt"; + host = "broker.serv.zentralwerk.org"; + # port = 8883; + user = "SECRET[mqtt.user]"; + password = "SECRET[mqtt.password]"; + client_id = "vector-${config.networking.hostName}"; + encoding.codec = "json"; + topic = "journal/{{ host }}/{{ _SYSTEMD_UNIT }}/{{ PRIORITY }}"; + # tls.enabled = true; + # tls.ca_file = "/etc/ssl/certs/ca-certificates.crt"; }; - }; + secret.mqtt = + let + catSecrets = pkgs.writeScript "cat-vector-secrets" '' + #!${pkgs.runtimeShell} -e + echo '{' + COMMA=n + for F in $@; do + if [ $COMMA = y ]; then + echo ' ,' + else + COMMA=y + fi - systemd.network.networks = lib.mkIf (cfg.hq.interface != null && config.networking.useNetworkd) { - "40-eth0".routes = [{ - routeConfig = { - Gateway = "172.22.99.4"; - GatewayOnLink = true; + echo ' "'$(basename $F)'": {"value": "'$(cat $F)'", "error": null }' + done + echo '}' + ''; + in + { + type = "exec"; + command = [ + catSecrets + config.sops.secrets."mqtt/user".path + config.sops.secrets."mqtt/password".path + ]; }; + }; + }; + + sops.secrets = lib.mkIf config.c3d2.hq.journalToMqtt { + "mqtt/user" = { + sopsFile = ../modules/mqtt.yaml; + owner = config.systemd.services.vector.serviceConfig.User; + }; + "mqtt/password" = { + sopsFile = ../modules/mqtt.yaml; + owner = config.systemd.services.vector.serviceConfig.User; + }; + }; + + systemd.network.networks = lib.mkIf (cfg.hq.interface != null && config.networking.useNetworkd) { + "40-eth0".routes = [{ + routeConfig = { + Gateway = "172.22.99.4"; + GatewayOnLink = true; + }; + }]; + }; + + networking = { + interfaces = lib.mkIf (cfg.hq.interface != null) { + "${cfg.hq.interface}".ipv6.addresses = [{ + address = toHqPrivateAddress config.networking.hostName; + prefixLength = 64; }]; }; - networking = { - interfaces = lib.mkIf (cfg.hq.interface != null) { - "${cfg.hq.interface}".ipv6.addresses = [{ - address = toHqPrivateAddress config.networking.hostName; - prefixLength = 64; - }]; - }; - - nameservers = with hostRegistry.dnscache; [ - ip4 - ip6 - "9.9.9.9" - ]; - useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true; - }; - - environment.etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) { - text = lib.concatMapStrings - (ns: '' - nameserver ${ns} - '') - config.networking.nameservers; - }; + nameservers = with hostRegistry.dnscache; [ + ip4 + ip6 + "9.9.9.9" + ]; + useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true; }; + + environment.etc."resolv.conf" = lib.mkIf (!config.services.resolved.enable) { + text = lib.concatMapStrings + (ns: '' + nameserver ${ns} + '') + config.networking.nameservers; + }; + }; }