reformat

author: Kjetil Orbekk <kj@orbekk.com> 2023-12-09 13:53:08 -0500
committer: Kjetil Orbekk <kj@orbekk.com> 2023-12-09 13:53:08 -0500
commit: 5b006b278e8ebbcd08a089c28e754c8618d67f50 (patch)
tree: 29412d53eb6c4d470f7369a8b3fd77ab573092fd
parent: 1460664fb273c603e66e618e812176d421f34b25 (diff)
2 files changed, 109 insertions, 107 deletions
diff --git a/machines/dragon.nix b/machines/dragon.nix
index 5ad2ada..409cf5f 100644
--- a/machines/dragon.nix
+++ b/machines/dragon.nix
@@ -35,124 +35,127 @@ in {
   orbekk.hledger-web.journalFile =
     "/var/lib/hledger-web/hledger/anniekj.journal";
 
-  services.samba = {
-    enable = true;
-    extraConfig = ''
-    guest account = readonly
-    map to guest = bad user
-  '';
-    shares = {
-      public = {
-        path = "/storage/upload";
-        browseable = "yes";
-        "read only" = "no";
-        "guest ok" = "yes";
-        "create mask" = "0666";
-        "directory mask" = "0777";
-        "force user" = "readonly";
-        "force group" = "readonly";
+    services.samba = {
+      enable = true;
+      extraConfig = ''
+        guest account = readonly
+        map to guest = bad user
+      '';
+      shares = {
+        public = {
+          path = "/storage/upload";
+          browseable = "yes";
+          "read only" = "no";
+          "guest ok" = "yes";
+          "create mask" = "0666";
+          "directory mask" = "0777";
+          "force user" = "readonly";
+          "force group" = "readonly";
+        };
       };
     };
-  };
 
-  services.transmission = {
-    enable = true;
-    home = "/storage/upload";
-    settings.peer-port = 56732;
-    settings.rpc-bind-address = "0.0.0.0";
-    settings.rpc-whitelist = "172.20.*.*";
-    settings.alt-speed-time-enabled = true;
-    settings.alt-speed-time-begin = 6 * 60;  # 06:00
-    settings.alt-speed-time-end = 23 * 60 + 59; # 23:59
-    settings.alt-speed-up = 0;
-    settings.alt-speed-down = 0;
-  };
-  systemd.services.transmission.serviceConfig.NetworkNamespacePath = "/var/run/netns/vpn";
-  users.users.transmission.extraGroups = ["readonly"];
+    services.transmission = {
+      enable = true;
+      home = "/storage/upload";
+      settings.peer-port = 56732;
+      settings.rpc-bind-address = "0.0.0.0";
+      settings.rpc-whitelist = "172.20.*.*";
+      settings.alt-speed-time-enabled = true;
+      settings.alt-speed-time-begin = 6 * 60;  # 06:00
+      settings.alt-speed-time-end = 23 * 60 + 59; # 23:59
+      settings.alt-speed-up = 0;
+      settings.alt-speed-down = 0;
+    };
+    systemd.services.transmission.serviceConfig.NetworkNamespacePath = "/var/run/netns/vpn";
+    users.users.transmission.extraGroups = ["readonly"];
 
-  boot = {
-    kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ];
+    boot = {
+      kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ];
 
-    loader.grub.extraConfig = ''
-      GRUB_TERMINAL="serial"
-      GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
-      serial --speed 115200 --unit=0
-      terminal_input serial
-      terminal_output serial
-    '';
-    loader.grub.enable = true;
-    loader.grub.device = "/dev/disk/by-id/usb-Kingston_DataTraveler_2.0_5B751B9A49E4-0:0";
-  };
+      loader.grub.extraConfig = ''
+        GRUB_TERMINAL="serial"
+        GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
+        serial --speed 115200 --unit=0
+        terminal_input serial
+        terminal_output serial
+      '';
+      loader.grub.enable = true;
+      loader.grub.device = "/dev/disk/by-id/usb-Kingston_DataTraveler_2.0_5B751B9A49E4-0:0";
+    };
 
-  networking = { hostName = lib.mkForce "dragon"; };
-  networking.firewall.enable = false;
-  networking.interfaces.router-vport.useDHCP = true;
-  networking.interfaces.wg-vpn-vport = {
-    useDHCP = true;
-    ipv6.addresses = [{address = "2001:470:8e2e:1000::d"; prefixLength = 127; }];
-    ipv6.routes = [
-      {address = "${vpnPrefix}::"; prefixLength = 64; via = "${vpnPrefix}::c"; }
-    ];
-  };
-  networking.resolvconf.useLocalResolver = false;
-  networking.dhcpcd.enable = true;
-  networking.dhcpcd.extraConfig = ''
-    clientid dragon
-  '';
+    networking = { hostName = lib.mkForce "dragon"; };
+    networking.firewall.enable = false;
+    networking.interfaces.router-vport = {
+      useDHCP = true;
+      ipv4.addresses = [{address = "172.20.20.2"; prefixLength = 24;}];
+    };
+    networking.interfaces.wg-vpn-vport = {
+      useDHCP = true;
+      ipv6.addresses = [{address = "2001:470:8e2e:1000::d"; prefixLength = 127; }];
+      ipv6.routes = [
+        {address = "${vpnPrefix}::"; prefixLength = 64; via = "${vpnPrefix}::c"; }
+      ];
+    };
+    networking.resolvconf.useLocalResolver = false;
+    networking.dhcpcd.enable = true;
+    networking.dhcpcd.extraConfig = ''
+      clientid dragon
+    '';
 
-  # Required to enable password authentication for one user.
-  security.pam.services.sshd.unixAuth = lib.mkForce true;
-  services.openssh = {
-    enable = lib.mkDefault true;
-    settings.PasswordAuthentication = false;
-    extraConfig = ''
-      Match User readonly
+    # Required to enable password authentication for one user.
+    security.pam.services.sshd.unixAuth = lib.mkForce true;
+    services.openssh = {
+      enable = lib.mkDefault true;
+      settings.PasswordAuthentication = false;
+      extraConfig = ''
+        Match User readonly
         PasswordAuthentication yes
-    '';
-  };
+      '';
+    };
 
 
-  users.users.breakds = {
-    uid = 1101;
-    shell = pkgs.bashInteractive;
-    home = "/home/breakds";
-    createHome = false;
-    isNormalUser = true;
-    description = "Break Yang";
-    openssh.authorizedKeys.keyFiles = [ ../data/break_rsa.pub ];
-  };
+    users.users.breakds = {
+      uid = 1101;
+      shell = pkgs.bashInteractive;
+      home = "/home/breakds";
+      createHome = false;
+      isNormalUser = true;
+      description = "Break Yang";
+      openssh.authorizedKeys.keyFiles = [ ../data/break_rsa.pub ];
+    };
 
-  system.stateVersion = lib.mkForce "17.09";
+    system.stateVersion = lib.mkForce "17.09";
 
-  # hardware-configuration.nix
-  boot.initrd.availableKernelModules =
-    [ "ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "usb_storage" "sd_mod" ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-  boot.tmp.useTmpfs = true;
+    # hardware-configuration.nix
+    boot.initrd.availableKernelModules =
+      [ "ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "usb_storage" "sd_mod" ];
+      boot.kernelModules = [ "kvm-intel" ];
+      boot.extraModulePackages = [ ];
+      boot.tmp.useTmpfs = true;
 
-  fileSystems."/" = {
-    device = "/dev/disk/by-label/nixos-ssd";
-    fsType = "ext4";
-    options = [
-      "noatime,discard"
-    ];
-  };
-  # fileSystems."/mnt/storage-old" = {
-  #   device = "/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3";
-  #   fsType = "btrfs";
-  #   options = [
-  #     "subvol=storage,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKHV0LS-part3,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3,noatime,discard"
-  #   ];
-  # };
-  fileSystems."/storage" = {
-    device = "/dev/disk/by-label/storage-ssd";
-    fsType = "btrfs";
-    options = ["discard=async"];
-  };
-  swapDevices = [ { label = "swap"; } ];
+      fileSystems."/" = {
+        device = "/dev/disk/by-label/nixos-ssd";
+        fsType = "ext4";
+        options = [
+          "noatime,discard"
+        ];
+      };
+      # fileSystems."/mnt/storage-old" = {
+        #   device = "/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3";
+        #   fsType = "btrfs";
+        #   options = [
+          #     "subvol=storage,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKHV0LS-part3,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3,noatime,discard"
+          #   ];
+          # };
+          fileSystems."/storage" = {
+            device = "/dev/disk/by-label/storage-ssd";
+            fsType = "btrfs";
+            options = ["discard=async"];
+          };
+          swapDevices = [ { label = "swap"; } ];
 
-  nix.settings.trusted-users = [ "builder" ];
-  nix.settings.max-jobs = lib.mkDefault 8;
-  hardware.enableRedistributableFirmware = lib.mkDefault true;
+          nix.settings.trusted-users = [ "builder" ];
+          nix.settings.max-jobs = lib.mkDefault 8;
+          hardware.enableRedistributableFirmware = lib.mkDefault true;
 }
diff --git a/modules/router.nix b/modules/router.nix
index 3197efa..4d1b045 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -153,7 +153,6 @@ let
         dhcp-option=tag:servers-vport,option:dns-server,172.20.20.1
         dhcp-range=tag:servers-vport,::,static,constructor:servers-vport,5m
         dhcp-host=id:dragon,tag:servers-vport,172.20.20.2
-        dhcp-host=e2:27:e6:d7:f2:25,tag:servers-vport,172.20.20.2
         dhcp-host=id:00:01:00:01:21:a2:4e:a8:d0:bf:9c:45:a6:ec,tag:servers-vport,[::d]
         # dhcp-host=id:dragon,::d
author	Kjetil Orbekk <kj@orbekk.com>	2023-12-09 13:53:08 -0500
committer	Kjetil Orbekk <kj@orbekk.com>	2023-12-09 13:53:08 -0500
commit	5b006b278e8ebbcd08a089c28e754c8618d67f50 (patch)
tree	29412d53eb6c4d470f7369a8b3fd77ab573092fd
parent	1460664fb273c603e66e618e812176d421f34b25 (diff)