formatting

2021-11-22 00:41:17 +01:00 · 2021-11-22 00:41:17 +01:00 · 9cd3f738e3
commit 9cd3f738e3
parent 9ff2e78681
1 changed files with 119 additions and 118 deletions
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@ -2,140 +2,141 @@

 with import ./network.nix;
 let
-  pubkeys     = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"];
-  hostname    = "architect";
-in 
-  {
-    imports =
-      [ # Include the results of the hardware scan.
-      ./backup.nix
-      ./hardware.nix
-      ./firewall.nix
-      ./nginx.nix
-      ./gitea.nix
-      ./sonarr.nix
-      ./radarr.nix
-      ./bazarr.nix
-      ./nzbget.nix
-      ./nextcloud.nix
-      ./wireguard.nix
-      ./minio.nix
-      ./matrix.nix
-      ./fail2ban.nix
-      ./dns.nix
-      ./minecraft.nix
-      ./prowlarr.nix
-      ./plex.nix
-      ./transmission.nix
-      ./githubrunner.nix
-    ];
+  pubkeys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"
+  ];
+  hostname = "architect";
+in {
+  imports = [ # Include the results of the hardware scan.
+    ./backup.nix
+    ./hardware.nix
+    ./firewall.nix
+    ./nginx.nix
+    ./gitea.nix
+    ./sonarr.nix
+    ./radarr.nix
+    ./bazarr.nix
+    ./nzbget.nix
+    ./nextcloud.nix
+    ./wireguard.nix
+    ./minio.nix
+    ./matrix.nix
+    ./fail2ban.nix
+    ./dns.nix
+    ./minecraft.nix
+    ./prowlarr.nix
+    ./plex.nix
+    ./transmission.nix
+    ./githubrunner.nix
+  ];

-    time.timeZone                                  = "Europe/Rome";
-    system.stateVersion                            = "21.05"; # Did you read the comment?
-    users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
+  time.timeZone = "Europe/Rome";
+  system.stateVersion = "21.05"; # Did you read the comment?
+  users.users.giulio.openssh.authorizedKeys.keys = pubkeys;

-    fileSystems."/tmp" = {
-      device = "tmpfs";
-      fsType = "tmpfs";
-      options = ["size=20G"];
-    };
+  fileSystems."/tmp" = {
+    device = "tmpfs";
+    fsType = "tmpfs";
+    options = [ "size=20G" ];
+  };

-    boot = {
-      kernelParams = ["ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off"];
-      kernel.sysctl."net.ipv4.ip_forward" = 1;
+  boot = {
+    kernelParams =
+      [ "ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off" ];
+    kernel.sysctl."net.ipv4.ip_forward" = 1;

-      initrd = {
-        availableKernelModules = ["igc" "r8169"];
-        network = {
+    initrd = {
+      availableKernelModules = [ "igc" "r8169" ];
+      network = {
+        enable = true;
+        ssh = {
          enable = true;
-          ssh = {
-            enable         = true;
-            port           = 22;
-            hostKeys       = [/boot/ssh_host_rsa_key];
-            authorizedKeys = pubkeys;
-          };
-
-          postCommands = ''
-            zpool import backedpool
-            zpool import zpool
-
-            mkdir /mnt-root
-            echo "zfs load-key -ar; mount -t zfs zpool/nixos/root /mnt-root; zfs load-key -a; umount /mnt-root; rmdir /mnt-root; killall zfs" >> /root/.profile
-          '';
+          port = 22;
+          hostKeys = [ /boot/ssh_host_rsa_key ];
+          authorizedKeys = pubkeys;
        };
-      };

-      loader = {
-        systemd-boot.enable      = true;
-        efi.canTouchEfiVariables = true;
-      };
+        postCommands = ''
+          zpool import backedpool
+          zpool import zpool

-      supportedFilesystems             = ["zfs"];
-      zfs.enableUnstable = true;
-      zfs.requestEncryptionCredentials = true;
+          mkdir /mnt-root
+          echo "zfs load-key -ar; mount -t zfs zpool/nixos/root /mnt-root; zfs load-key -a; umount /mnt-root; rmdir /mnt-root; killall zfs" >> /root/.profile
+        '';
+      };
    };

-    networking = {
-      hostName       = hostname;
-      hostId         = "49350853";
-      useDHCP        = false;
-      defaultGateway = "10.0.0.1";
-      interfaces     = {
-        enp5s0.ipv4.addresses = [{ address = architect-lan; prefixLength = 24; }];
-        enp6s0.useDHCP = false;
-        wlp4s0.useDHCP = false;
-      };
-      extraHosts = ''
-        127.0.0.1      ${hostname}.devs.giugl.io localhost
-
-        # LAN
-        ${architect-lan} ${hostname}.devs.giugl.io
-
-        ${dvr-lan}      dvr.devs.giugl.io
-        ${nas-lan}      nas.devs.giugl.io
-        ${giupi-lan}    giupi.devs.giugl.io
-
-        # Blacklist
-        0.0.0.0                metrics.plex.tv
-        0.0.0.0                analytics.plex.tv
-        0.0.0.0                cdn.luckyorange.com
-        0.0.0.0                w1.luckyorange.com
-        0.0.0.0                browser.sentry-cdn.com
-        0.0.0.0                analytics.facebook.com
-        0.0.0.0                ads.facebook.com
-        0.0.0.0                extmaps-api.yandex.net
-        0.0.0.0                logservice.hicloud.com
-        0.0.0.0                logbak.hicloud.com
-        0.0.0.0                logservice1.hicloud.com
-        0.0.0.0                samsung-com.112.2o7.net
-        0.0.0.0                supportmetrics.apple.com
-        0.0.0.0                analytics.oneplus.cn
-        0.0.0.0                click.oneplus.cn
-        0.0.0.0        analytics-api.samsunghealthcn.com
-      '';
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
    };

-    environment.systemPackages = with pkgs; [ cudatoolkit ];
+    supportedFilesystems = [ "zfs" ];
+    zfs.enableUnstable = true;
+    zfs.requestEncryptionCredentials = true;
+  };

-    hardware = {
-      cpu.amd.updateMicrocode = true;
-      opengl.enable = true;
-      opengl.extraPackages= with pkgs; [vaapiVdpau];
-      opengl.driSupport = true;
+  networking = {
+    hostName = hostname;
+    hostId = "49350853";
+    useDHCP = false;
+    defaultGateway = "10.0.0.1";
+    interfaces = {
+      enp5s0.ipv4.addresses = [{
+        address = architect-lan;
+        prefixLength = 24;
+      }];
+      enp6s0.useDHCP = false;
+      wlp4s0.useDHCP = false;
    };
+    extraHosts = ''
+      127.0.0.1      ${hostname}.devs.giugl.io localhost
+
+      # LAN
+      ${architect-lan} ${hostname}.devs.giugl.io
+
+      ${dvr-lan}      dvr.devs.giugl.io
+      ${nas-lan}      nas.devs.giugl.io
+      ${giupi-lan}    giupi.devs.giugl.io
+
+      # Blacklist
+      0.0.0.0                metrics.plex.tv
+      0.0.0.0                analytics.plex.tv
+      0.0.0.0                cdn.luckyorange.com
+      0.0.0.0                w1.luckyorange.com
+      0.0.0.0                browser.sentry-cdn.com
+      0.0.0.0                analytics.facebook.com
+      0.0.0.0                ads.facebook.com
+      0.0.0.0                extmaps-api.yandex.net
+      0.0.0.0                logservice.hicloud.com
+      0.0.0.0                logbak.hicloud.com
+      0.0.0.0                logservice1.hicloud.com
+      0.0.0.0                samsung-com.112.2o7.net
+      0.0.0.0                supportmetrics.apple.com
+      0.0.0.0                analytics.oneplus.cn
+      0.0.0.0                click.oneplus.cn
+      0.0.0.0        analytics-api.samsunghealthcn.com
+    '';
+  };
+
+  environment.systemPackages = with pkgs; [ cudatoolkit ];
+
+  hardware = {
+    cpu.amd.updateMicrocode = true;
+    opengl.enable = true;
+    opengl.extraPackages = with pkgs; [ vaapiVdpau ];
+    opengl.driSupport = true;
+  };

  boot.crashDump.enable = true;
  services.das_watchdog.enable = true;

-    services = {
-      zfs.autoScrub.enable = true;
-      xserver.videoDrivers = [ "nvidia" ];
-      openssh.enable = true;
-      smartd.enable = true;
-    };
-
-    environment.variables = {
-      LIBVA_DRIVER_NAME="vdpau";
-    };
-  }
+  services = {
+    zfs.autoScrub.enable = true;
+    xserver.videoDrivers = [ "nvidia" ];
+    openssh.enable = true;
+    smartd.enable = true;
+  };

+  environment.variables = { LIBVA_DRIVER_NAME = "vdpau"; };
+}