Setup Commit

flake.lock

@@ -0,0 +1,108 @@
+{
+  "nodes": {
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nur",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733312601,
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1778737229,
+        "narHash": "sha256-6xWoytx8jFW4PF1GjRm/i/53trbpKGfz6zjzQGBr4cI=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "d7a713c0b7e47c908258e71cba7a2d77cc8d71d5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nur": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1779047312,
+        "narHash": "sha256-Q4CSXZehRX3CKnXXaHc2nCMjK9lgZR2Leu5DTwe1Vnw=",
+        "owner": "nix-community",
+        "repo": "NUR",
+        "rev": "8070eab81003118a0d3cde9c316aca3b2c21533e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "NUR",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "nur": "nur",
+        "secrets": "secrets",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "secrets": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1778724910,
+        "narHash": "sha256-V7G1u4RFoRgIy0ERbnPVGj1EcNQcLzP7pZ2t+H+t9zk=",
+        "ref": "refs/heads/master",
+        "rev": "7f2f5e303a3651e28b1ef021794f49ae3446639b",
+        "revCount": 1,
+        "type": "git",
+        "url": "ssh://git@git.nyxerinys.dev:222/nyxerinys/nix-secrets"
+      },
+      "original": {
+        "type": "git",
+        "url": "ssh://git@git.nyxerinys.dev:222/nyxerinys/nix-secrets"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1777944972,
+        "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,48 @@
+{
+  description = "Nyx's Nix/Nixos configs";
+
+  inputs = {
+    nixpkgs = { url = "github:nixos/nixpkgs/nixos-25.11"; };
+    nur = { 
+      url = "github:nix-community/NUR";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    secrets ={
+      url = "git+ssh://git@git.nyxerinys.dev:222/nyxerinys/nix-secrets";
+      flake = false;
+    };
+  };
+
+  outputs = { self, nixpkgs, ... } @ inputs:
+  let
+    blades = import ./hosts/servers/blades/systems.nix { inherit inputs; };
+  in
+  {
+    nixosConfigurations = {
+      Apollo = nixpkgs.lib.nixosSystem {
+        modules = [
+          ./hosts/base.nix
+        ];
+        specialArgs = { inherit inputs; };
+      };
+      iris = nixpkgs.lib.nixosSystem {
+        modules = [
+          ./hosts/base.nix
+          ./hosts/servers/iris
+        ];
+      };
+      nixos = nixpkgs.lib.nixosSystem {
+        modules = [
+          ./hosts/base.nix
+          /etc/nixos/hardware-configuration.nix
+        ];
+        specialArgs = { inherit inputs; };
+      };
+    } // 
+    blades;
+  };
+}

hosts/base.nix

@@ -0,0 +1,91 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, lib, ... }:
+
+{
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  boot = {
+    loader = lib.mkDefault {
+      efi.canTouchEfiVariables = false;
+      grub = {
+        enable = true;
+        efiSupport = true;
+        efiInstallAsRemovable = true;
+        devices = ["nodev"];
+      };
+    };
+    kernelParams = [ "ipv6.disable=1" ];
+  };
+
+  # system.autoUpgrade = mkDefault {
+  #   enable = true;
+  #   flake = "https://git.nyxerinys.dev/nyxerinys/nix-config";
+  #   flags = [
+  #     "--update-input" "nixpkgs"
+  #     "--update-input" "secrets"
+  #     "--commit-lock-file"
+  #   ];
+  #   dates = "04:00"; # Runs every day at 4 AM
+  #   randomizedDelaySec = "1h"; # Prevents all your machines from hitting the repo at once
+  # };
+
+  networking.hostName = lib.mkDefault "nixos";
+
+  # Enable networking
+  networking.networkmanager = { enable = true; };
+  networking.enableIPv6 = false;
+  # Set your time zone.
+  time.timeZone = "America/Chicago";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_US.UTF-8";
+    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MONETARY = "en_US.UTF-8";
+    LC_NAME = "en_US.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "en_US.UTF-8";
+    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TIME = "en_US.UTF-8";
+  };
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "";
+  };
+
+  users.users.nyxerinys = {
+    isNormalUser = true;
+    description = "Nyx";
+    extraGroups = [ "networkmanager" "wheel"];
+    packages = with pkgs; [];
+    openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7wPByAa6fsn7deoMRbnveEVXgwP8CTs3A1yCGCe+YRSDjS64MMcr5zoHjvlpKfRdsFCaiEXCnNiMSC9sZfmvZOFO3ptecNFnmt6gAZ7X67bYdTQedwiy7mK6JXAiRmv83YSblL5DaQY+jswIeTTyVk5A76tnCOzFVfFyRd0QOmjmF1vu0ii2zhVvODsfrB3wi7+fbPYONIA7nUVL13UFvavOKtEupSdN3LGhiYKNItrTzmCCSOPpttrkj/Bvqspt6kPJE82n+ryoWpOmzAsz+YdHCsZN16CDwkOOWzD2HrHzDUEt50kImlpTFthhGfysp7zO9dalZApMH5yPH7kRjztwBmttLh9b2+j08j/Z48WsHCyZaQws7xLW/08bh/4xGL5yoQeZ00UHWrJbH/WEnfKWpsQ9YJmA3xD3FVOvGjslmVHzBqCes9XRbTkLJTcOhTsBOYsZ0Eq6oZQ2AyFqWnn2RT604HtVmDqjtVMd2DEPkAmhCj2OW9ygjBFTnF8G55O2Pd2g9Y7zSv3i6F97ztQeqbNUfuAgEQ+9QYbEgxXVXMLnKIAZG+TBScl5Nk+mm/4oeKlESCfjgi5HIeda8IENEE48XJknb9MDpL1XP2s4fbnBRQS9f+OsDj5i86PAgLeEbVaq9OgifdxZKSTi6jZg4m3ZBGhK8kFjnbrKgMQ==" ];
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [
+    git
+    pciutils
+    sysstat
+    xivlauncher
+  ];
+
+  services.openssh.enable = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
+
+}

hosts/servers/blades/1-alpha/default.nix

@@ -0,0 +1,33 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    ../../../../modules/vrrp.nix
+    ../../../../modules/nginx.nix
+  ];
+
+  networking.hostName = "alpha";
+
+  nyxs-nix.services.vrrp = {
+    enable = true;
+    priority = 200;
+    peers = [
+      "10.5.0.102"
+    ];
+  };
+
+  systemd.network.links."10-eth0" = {
+    matchConfig.PermanentMACAddress = "00:25:90:e6:e1:0e";
+    linkConfig.Name = "eth0";
+  };
+  
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/29a440ba-305c-4041-b45d-502b5cf3a514";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/A579-28EC";
+    fsType = "vfat";
+    options = [ "fmask=0077" "dmask=0077" ];
+  };
+}

hosts/servers/blades/2-beta/default.nix

@@ -0,0 +1,33 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    ../../../../modules/vrrp.nix
+    ../../../../modules/nginx.nix
+  ];
+
+  networking.hostName = "beta";
+
+  nyxs-nix.services.vrrp = {
+    enable = true;
+    priority = 150;
+    peers = [
+      "10.5.0.101"
+    ];
+  };
+
+  systemd.network.links."10-eth0" = {
+    matchConfig.PermanentMACAddress = "00:25:90:e6:e1:10";
+    linkConfig.Name = "eth0";
+  };
+
+  fileSystems."/" = { 
+    device = "/dev/disk/by-uuid/7422bf7a-0760-41f2-aad3-28eff66c4b4d";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = { 
+    device = "/dev/disk/by-uuid/0DED-C0F5";
+    fsType = "vfat";
+    options = [ "fmask=0077" "dmask=0077" ];
+  };
+}

hosts/servers/blades/3-gamma/default.nix

@@ -0,0 +1,29 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    ../../../../modules/k3s
+  ];
+
+  networking.hostName = "gamma";
+
+  nyxs-nix.services.k3s = {
+    enable = true;
+    initServer = true;
+  };
+
+  systemd.network.links."10-eth0" = {
+    matchConfig.PermanentMACAddress = "00:25:90:e6:e1:09";
+    linkConfig.Name = "eth0";
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/8d8325bb-b5ba-469b-8054-b295bbbc70c2";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/0954-3305";
+    fsType = "vfat";
+    options = [ "fmask=0077" "dmask=0077" ];
+  };
+}

hosts/servers/blades/4-delta/default.nix

@@ -0,0 +1,28 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    ../../../../modules/k3s
+  ];
+
+  networking.hostName = "delta";
+
+  nyxs-nix.services.k3s = {
+    enable = true;
+  };
+
+  systemd.network.links."10-eth0" = {
+    matchConfig.PermanentMACAddress = "00:25:90:e6:e1:63";
+    linkConfig.Name = "eth0";
+  };
+
+  fileSystems."/" = { 
+    device = "/dev/disk/by-uuid/103ed8d1-3681-4d67-938c-e7349447fcbb";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = { 
+    device = "/dev/disk/by-uuid/4EB3-06A1";
+    fsType = "vfat";
+    options = [ "fmask=0077" "dmask=0077" ];
+  };
+}

hosts/servers/blades/5-epsilon/default.nix

@@ -0,0 +1,28 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    ../../../../modules/k3s
+  ];
+
+  networking.hostName = "epsilon";
+
+  nyxs-nix.services.k3s = {
+    enable = true;
+  };
+
+  systemd.network.links."10-eth0" = {
+    matchConfig.PermanentMACAddress = "00:25:90:e6:e1:21";
+    linkConfig.Name = "eth0";
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/a0c8475c-cda8-4ceb-bbad-50d9537924be";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/8D63-DF1F";
+    fsType = "vfat";
+    options = [ "fmask=0077" "dmask=0077" ];
+  };
+}

hosts/servers/blades/default.nix

@@ -0,0 +1,8 @@
+{ config, lib, pkgs, modulesPath, ... }: 
+{
+  imports = [ 
+    ./hardware.nix
+    ../../../modules/sops.nix
+  ];
+
+}

hosts/servers/blades/hardware.nix

@@ -0,0 +1,16 @@
+{ config, lib, pkgs, modulesPath, ... }: 
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+  
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/servers/blades/systems.nix

@@ -0,0 +1,43 @@
+{ inputs }:
+{
+  alpha = inputs.nixpkgs.lib.nixosSystem {
+    modules = [
+      ../../base.nix
+      ../blades
+      ./1-alpha
+    ];
+    specialArgs = { inherit inputs; };
+  };
+  beta = inputs.nixpkgs.lib.nixosSystem {
+    modules = [
+      ../../base.nix
+      ../blades
+      ./2-beta
+    ];
+    specialArgs = { inherit inputs; };
+  };
+  gamma = inputs.nixpkgs.lib.nixosSystem {
+    modules = [
+      ../../base.nix
+      ../blades
+      ./3-gamma
+    ];
+    specialArgs = { inherit inputs; };
+  };
+  delta = inputs.nixpkgs.lib.nixosSystem {
+    modules = [
+      ../../base.nix
+      ../blades
+      ./4-delta
+    ];
+    specialArgs = { inherit inputs; };
+  };
+  epsilon = inputs.nixpkgs.lib.nixosSystem {
+    modules = [
+      ../../base.nix
+      ../blades
+      ./5-epsilon
+    ];
+    specialArgs = { inherit inputs; };
+  };
+}

hosts/servers/iris/default.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    ../../modules/sops.nix
+  ];
+
+  networking.hostName = "iris";
+
+  boot.loader.grub.enable = false;
+  boot.loader.generic-extlinux-compatible.enable = true;
+
+  boot.initrd.availableKernelModules = [ "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

modules/k3s/default.nix

@@ -0,0 +1,41 @@
+{ config, lib, pkgs, inputs, ... }:
+with lib;
+let
+  cfg = config.nyxs-nix.services.k3s;
+in
+{
+  options.nyxs-nix.services.k3s = with types; {
+    enable = mkEnableOption "Enable the vrrp quotes service";
+
+    initServer = mkOption {
+      type = bool;
+      default = false;
+      description = "Whether or not the node is the main one or sub node";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [
+      6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
+      2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
+      2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
+    ];
+    networking.firewall.allowedUDPPorts = [
+      8472 # k3s, flannel: required if using multi-node for inter-node networking
+    ];
+    
+    sops.secrets.k3s_token = {
+      format = "json";
+      key = "token";
+      sopsFile = "${inputs.secrets}/k3s.json";
+    };
+    
+    services.k3s = {
+      enable = true;
+      token = config.sops.secrets.k3s_token.path;
+      clusterInit = mkIf cfg.initServer true;
+      serverAddr = mkIf (!cfg.initServer) "https://10.5.0.103:6443";
+      # manifests = import ./manifests.nix { inherit lib cfg }
+    };
+  };
+}

modules/k3s/deployments/default.nix

@@ -0,0 +1,8 @@
+{ cfg, lib, ... }:
+let
+  manifests = [
+
+  ];
+  imported = map ( n: import ${n} { inherit cfg, lib } ) manifests;
+in
+  lib.foldl' lib.recursiveUpdate {} imported

modules/k3s/manifests.nix

@@ -0,0 +1,9 @@
+{ cfg, lib, ... }:
+let
+  manifests = [
+    ./deployments
+    ./services
+  ];
+  imported = map ( n: import ${n} { inherit cfg lib } ) manifests;
+in
+  lib.foldl' lib.recursiveUpdate {} imported

modules/k3s/services/default.nix

@@ -0,0 +1,8 @@
+{ cfg, lib, ... }:
+let
+  manifests = [
+    
+  ];
+  imported = map ( n: import ${n} { inherit cfg, lib } ) manifests;
+in
+  lib.foldl' lib.recursiveUpdate {} imported

modules/nginx.nix

@@ -0,0 +1,55 @@
+{inputs, pkgs, config, ...}:
+
+{
+  sops.secrets."CF_DNS_API_TOKEN" = {
+    format = "json";
+    sopsFile = "${inputs.secrets}/nginx.json";
+  };
+
+  sops.secrets."CF_ZONE_API_TOKEN" = {
+    format = "json";
+    sopsFile = "${inputs.secrets}/nginx.json";
+  };
+
+  sops.templates."ACME.env".content = ''
+    CF_DNS_API_TOKEN="${config.sops.placeholder."CF_DNS_API_TOKEN"}"
+    CF_ZONE_API_TOKEN="${config.sops.placeholder."CF_ZONE_API_TOKEN"}"
+  '';
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      dnsProvider = "cloudflare";
+      environmentFile = config.sops.templates."ACME.env".path;
+      email = "nyxerinys5@gmail.com";
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "vault.nyxerinys.dev" = {
+        addSSL = true;
+        enableACME = true;
+        acmeRoot = null;
+
+        locations."/" = {
+          proxyPass = "http://10.5.0.2:83";
+          proxyWebsockets = true;
+        };
+      };
+      "git.nyxerinys.dev" = {
+        addSSL = true;
+        enableACME = true;
+        acmeRoot = null;
+
+        locations."/" = {
+          proxyPass = "http://10.5.0.2:3000";
+          proxyWebsockets = true;
+        };
+      };
+    };
+  };
+}

modules/sops.nix

@@ -0,0 +1,10 @@
+{inputs, pkgs, ...}:
+
+{
+  imports = [ inputs.sops-nix.nixosModules.sops ];
+
+  sops = {
+    defaultSopsFile = "${inputs.secrets}/main.json";
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  };
+}

modules/vrrp.nix

@@ -0,0 +1,105 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.nyxs-nix.services.vrrp;
+in
+{
+  options.nyxs-nix.services.vrrp = with types; {
+    enable = mkEnableOption "Enable the vrrp quotes service";
+
+    ip = mkOption {
+      type = str;
+      default = "10.5.0.5/24";
+      description = "Virtual IP address";
+    };
+
+    priority = mkOption {
+      type = int;
+      default = 0;
+      description = "Priority of the system in the vrrp pool";
+    };
+
+    interface = mkOption {
+      type = str;
+      default = "eth0";
+      description = "interface for vrrp communication";
+    };
+
+    id = mkOption {
+      type = int;
+      default = 1;
+      description = "virtual router config id";
+    };
+
+    peers = mkOption {
+      type = nullOr (listOf str);
+      default = null;
+      description = "List of ips for the other vrrp instancess";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # networking.firewall.extraCommands = ''
+    #   iptables -I INPUT 1 -i vrrp.6 -p tcp --dport 22 -j ACCEPT
+    #   iptables -I INPUT 2 -i vrrp.6 -p tcp -j DROP
+    # '';
+
+    # networking.vlans."eth0.6" = {
+    #   id = 6;
+    #   interface = "eth0";
+    # };
+
+    # networking.interfaces."eth0.6" = {
+    #   ipv4.routes = [
+    #      {
+    #       address = "10.5.1.0";
+    #       prefixLength = 24;
+    #       via = "10.5.1.1";
+    #     }
+    #     {
+    #       address = "0.0.0.0";
+    #       prefixLength = 0;
+    #       via = "10.5.1.1";
+    #     }
+    #   ];
+    # };
+
+    services.keepalived = {
+      enable = true;
+
+      openFirewall = true;
+
+      extraGlobalDefs = ''
+        use_symlink_paths true
+      '';
+      
+      vrrpInstances.VIP_1 = {
+        state = "BACKUP";
+        interface = cfg.interface;
+        virtualRouterId = cfg.id;
+        priority = cfg.priority;
+        virtualIps = [
+          {
+            addr = cfg.ip;
+            scope = "global";
+          }
+        ];
+        unicastPeers = mkIf (cfg.peers != null) cfg.peers;
+        # useVmac = true;
+        # vmacXmitBase = true;
+        trackScripts = ["track_nginx"];
+      };
+      vrrpScripts = {
+        track_nginx = {
+          script = "${pkgs.systemd}/bin/systemctl is-active nginx";
+          interval = 1;
+          timeout = 2;
+          rise = 2;
+          fall = 2;
+          weight = 0;
+          user = "root";
+        };
+      };
+    };
+  };
+}