strip whitespace

2024-11-13 16:37:13 +01:00 · 2024-11-13 16:37:13 +01:00 · 6292453baa
parent 54f484ddd7
commit 6292453baa
1 changed files with 46 additions and 47 deletions
--- a/server/configuration.nix
+++ b/server/configuration.nix
@ -1,4 +1,3 @@
-
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
@ -7,7 +6,8 @@

 {
  imports =
-    [ # Include the results of the hardware scan.
+    [
+      # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

@ -32,21 +32,21 @@
    forceSSL = true;
    globalRedirect = "www.fediversity.eu";
    locations."/.well-known/matrix/client" = {
-       extraConfig = ''
-	return 200 '{"m.homeserver": {"base_url": "https://matrix.fediversity.eu", "public_baseurl": "https://matrix.fediversity.eu"}}';
-	default_type application/json;
-	add_header Access-Control-Allow-Origin "*";
-	add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
-	add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
+      extraConfig = ''
+        	return 200 '{"m.homeserver": {"base_url": "https://matrix.fediversity.eu", "public_baseurl": "https://matrix.fediversity.eu"}}';
+        	default_type application/json;
+        	add_header Access-Control-Allow-Origin "*";
+        	add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
+        	add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
      '';
    };
    locations."/.well-known/matrix/server" = {
-       extraConfig = ''
-	return 200 '{"m.server": "matrix.fediversity.eu:443"}';
-	default_type application/json;
-	add_header Access-Control-Allow-Origin "*";
-	add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
-	add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
+      extraConfig = ''
+        	return 200 '{"m.server": "matrix.fediversity.eu:443"}';
+        	default_type application/json;
+        	add_header Access-Control-Allow-Origin "*";
+        	add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
+        	add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
      '';
    };
  };
@ -55,21 +55,21 @@
    forceSSL = true;
    root = "/var/www/www.fediversity.eu/fediversity.eu/public";
    locations."/.well-known/matrix/client" = {
-       extraConfig = ''
-	return 200 '{"m.homeserver": {"base_url": "https://matrix.fediversity.eu", "public_baseurl": "https://matrix.fediversity.eu"}}';
-	default_type application/json;
-	add_header Access-Control-Allow-Origin "*";
-	add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
-	add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
+      extraConfig = ''
+        	return 200 '{"m.homeserver": {"base_url": "https://matrix.fediversity.eu", "public_baseurl": "https://matrix.fediversity.eu"}}';
+        	default_type application/json;
+        	add_header Access-Control-Allow-Origin "*";
+        	add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
+        	add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
      '';
    };
    locations."/.well-known/matrix/server" = {
-       extraConfig = ''
-	return 200 '{"m.server": "matrix.fediversity.eu:443"}';
-	default_type application/json;
-	add_header Access-Control-Allow-Origin "*";
-	add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
-	add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
+      extraConfig = ''
+        	return 200 '{"m.server": "matrix.fediversity.eu:443"}';
+        	default_type application/json;
+        	add_header Access-Control-Allow-Origin "*";
+        	add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
+        	add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
      '';
    };
  };
@ -80,7 +80,7 @@
    certs."oid.foundation".extraDomainNames = [ "www.oid.foundation" ];
  };

-  networking = {  
+  networking = {
    hostName = "vm02117";
    domain = "procolix.com";
    interfaces = {
@ -117,9 +117,9 @@
      enable = true;
      ruleset = ''
        #!/usr/sbin/nft -f
-      
+
        flush ruleset
-      
+
        ########### define usefull variables here #####################
        define wan        = eth0
        define ssh_allow  = {
@ -137,38 +137,38 @@
        define nrpe_allow = {
                    95.215.185.34/32,   # nagios2 ipv4
                }
-      
+
        ########### here starts the automated bit #####################
        table inet filter {
            chain input {
-                type filter hook input priority 0; 
+                type filter hook input priority 0;
                policy drop;
-      
+
                # established/related connections
                ct state established,related accept
                ct state invalid drop
-      
+
                # Limit ping requests.
                ip protocol icmp icmp type echo-request limit rate over 10/second burst 50 packets drop
                ip6 nexthdr icmpv6 icmpv6 type echo-request limit rate over 10/second burst 50 packets drop
-      
+
                # loopback interface
                iifname lo accept
-                
+
                # icmp
                ip protocol icmp icmp type { destination-unreachable, echo-reply, echo-request, source-quench, time-exceeded } accept
                # Without the nd-* ones ipv6 will not work.
                ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, echo-reply, echo-request, nd-neighbor-solicit,  nd-router-advert, nd-neighbor-advert, packet-too-big, parameter-problem, time-exceeded } accept
-      
+
                # open tcp ports: sshd (22)
                ip saddr $ssh_allow tcp dport {ssh} accept
-      
+
                # open tcp ports: snmp (161)
                ip saddr $snmp_allow udp dport {snmp} accept
-      
+
                # open tcp ports: nrpe (5666)
                ip saddr $nrpe_allow tcp dport {nrpe} accept
-      
+
                # open tcp ports: http (80,443)
                tcp dport {http,https} accept
            }
@ -179,13 +179,13 @@
                type filter hook output priority 0;
            }
        }
-      
+
        table ip nat {
            chain postrouting {
-            }   
+            }
            chain prerouting {
            }
-        }  
+        }
      '';
    };
  };
@ -202,8 +202,8 @@
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAotfCIjLoDlHOe+++kVS1xiBPaS8mC5FypgrxDrDVst6SHxMTca2+IScMajzUZajenvNAoZOwIsyAPacT8OHeyFvV5Y7G874Qa+cZVqJxLht9gdXxr1GNabU3RfhhCh272dUeIKIqfgsRsM2HzdnZCMDavS1Yo+f+RhhHhnJIua+NdVFo21vPrpsz+Cd0M1NhojARLajrTHvEXW0KskUnkbfgxT0vL9jeRZxdgMS+a9ZoR5dbzOxQHWfbP8N04Xc+7CweMlvKwlWuAE/xDb5XLNHorfGWFvZuVhptJN8jPaaVS25wsmsF5IbaAuSZfzCtBdFQhIloUhy0L6ZisubHjQ== procolix@sshnode1"
-    "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuT3C0f3nyQ7SwUvXcFmEYEgwL+crY6iK0Bhoi9yfn4soz3fhfMKyKSwc/0RIlRnrz3xnkyJiV0vFeU7AC1ixbGCS3T9uc0G1x0Yedd9n2yR8ZJmkdyfjZ5KE4YvqZ3f6UZn5Mtj+7tGmyp+ee+clLSHzsqeyDiX0FIgFmqiiAVJD6qeKPFAHeWz9b2MOXIBIw+fSLOpx0rosCgesOmPc8lgFvo+dMKpSlPkCuGLBPj2ObT4sLjc98NC5z8sNJMu3o5bMbiCDR9JWgx9nKj+NlALwk3Y/nzHSL/DNcnP5vz2zbX2CBKjx6ju0IXh6YKlJJVyMsH9QjwYkgDQVmy8amQ== procolix@sshnode2"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAotfCIjLoDlHOe+++kVS1xiBPaS8mC5FypgrxDrDVst6SHxMTca2+IScMajzUZajenvNAoZOwIsyAPacT8OHeyFvV5Y7G874Qa+cZVqJxLht9gdXxr1GNabU3RfhhCh272dUeIKIqfgsRsM2HzdnZCMDavS1Yo+f+RhhHhnJIua+NdVFo21vPrpsz+Cd0M1NhojARLajrTHvEXW0KskUnkbfgxT0vL9jeRZxdgMS+a9ZoR5dbzOxQHWfbP8N04Xc+7CweMlvKwlWuAE/xDb5XLNHorfGWFvZuVhptJN8jPaaVS25wsmsF5IbaAuSZfzCtBdFQhIloUhy0L6ZisubHjQ== procolix@sshnode1"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuT3C0f3nyQ7SwUvXcFmEYEgwL+crY6iK0Bhoi9yfn4soz3fhfMKyKSwc/0RIlRnrz3xnkyJiV0vFeU7AC1ixbGCS3T9uc0G1x0Yedd9n2yR8ZJmkdyfjZ5KE4YvqZ3f6UZn5Mtj+7tGmyp+ee+clLSHzsqeyDiX0FIgFmqiiAVJD6qeKPFAHeWz9b2MOXIBIw+fSLOpx0rosCgesOmPc8lgFvo+dMKpSlPkCuGLBPj2ObT4sLjc98NC5z8sNJMu3o5bMbiCDR9JWgx9nKj+NlALwk3Y/nzHSL/DNcnP5vz2zbX2CBKjx6ju0IXh6YKlJJVyMsH9QjwYkgDQVmy8amQ== procolix@sshnode2"
    ];
    packages = with pkgs; [
    ];
@ -212,7 +212,7 @@
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbK4ZB0Xnpf8yyK4QOI2HvjgQINI3GKi7/O2VEsYXUb laurenshof@Laurenss-MacBook-Air.local"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbK4ZB0Xnpf8yyK4QOI2HvjgQINI3GKi7/O2VEsYXUb laurenshof@Laurenss-MacBook-Air.local"
    ];
    packages = with pkgs; [
    ];
@ -221,7 +221,7 @@
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJg5TlS1NGCRZwMjDgBkXeFUXqooqRlM8fJdBAQ4buPg"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJg5TlS1NGCRZwMjDgBkXeFUXqooqRlM8fJdBAQ4buPg"
    ];
    packages = with pkgs; [
    ];
@ -272,4 +272,3 @@
  system.stateVersion = "23.11"; # Did you read the comment?

 }
-