dan
/
liminix
1
0
Fork 5
Code Issues 3 Pull Requests 2 Projects Releases Wiki Activity

rotuer-secrets: remove root_password, add wifi ssid and domainName 

this is step one towards getting rid of rotuer-secrets completely and
turning rotuer into a "profile" module that can be less hackily
customised for other people's networks
tftpboot-append-dtb
Daniel Barlow 2024-02-11 09:10:03 +00:00
parent 7c196bf9b4
commit 1206d02200
4 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/arhcive.nix
View File

@ -145,7 +145,7 @@ in rec {
}; };
users.root = { users.root = {
passwd = lib.mkForce secrets.root_password; passwd = lib.mkForce secrets.root.passwd;
# openssh.authorizedKeys.keys = [ # openssh.authorizedKeys.keys = [
# (builtins.readFile "/home/dan/.ssh/id_rsa.pub") # (builtins.readFile "/home/dan/.ssh/id_rsa.pub")
# ]; # ];

2
examples/extneder.nix
View File

@ -131,6 +131,6 @@ in rec {
dependencies = [services.dhcpc]; dependencies = [services.dhcpc];
}; };
users.root.passwd = lib.mkForce secrets.root_password; users.root.passwd = lib.mkForce secrets.root.passwd;
defaultProfile.packages = with pkgs; [nftables strace tcpdump swconfig]; defaultProfile.packages = with pkgs; [nftables strace tcpdump swconfig];
} }

7
examples/rotuer-secrets.example.nix
View File

@ -1,5 +1,6 @@
rec { {
wpa_passphrase = "you bring light in"; wpa_passphrase = "you bring light in";
ssid = "liminix";
l2tp = { l2tp = {
name = "abcde@a.1"; name = "abcde@a.1";
password = "NotMyIspPassword"; password = "NotMyIspPassword";
@ -10,9 +11,9 @@ rec {
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
]; ];
}; };
root_password = root.passwd;
lan = { lan = {
prefix = "10.8.0"; # "192.168.8"; prefix = "10.8.0";
}; };
} }

11
examples/rotuer.nix
View File

@ -8,7 +8,10 @@
{ config, pkgs, lib, ... } : { config, pkgs, lib, ... } :
let let
secrets = import ./rotuer-secrets.nix; secrets = {
domainName = "fake.liminix.org";
firewallRules = {};
} // (import ./rotuer-secrets.nix);
inherit (pkgs.liminix.services) oneshot longrun bundle; inherit (pkgs.liminix.services) oneshot longrun bundle;
inherit (pkgs) serviceFns; inherit (pkgs) serviceFns;
svc = config.system.service; svc = config.system.service;
@ -55,7 +58,7 @@ in rec {
services.hostap = svc.hostapd.build { services.hostap = svc.hostapd.build {
interface = config.hardware.networkInterfaces.wlan; interface = config.hardware.networkInterfaces.wlan;
params = { params = {
ssid = "liminix"; ssid = secrets.ssid;
hw_mode="g"; hw_mode="g";
channel = "2"; channel = "2";
ieee80211n = 1; ieee80211n = 1;
@ -65,7 +68,7 @@ in rec {
services.hostap5 = svc.hostapd.build { services.hostap5 = svc.hostapd.build {
interface = config.hardware.networkInterfaces.wlan5; interface = config.hardware.networkInterfaces.wlan5;
params = rec { params = rec {
ssid = "liminix_5"; ssid = "${secrets.ssid}5";
hw_mode="a"; hw_mode="a";
channel = 36; channel = 36;
ht_capab = "[HT40+]"; ht_capab = "[HT40+]";
@ -121,7 +124,7 @@ in rec {
# not putting my actual MAC addresses in a public git repo ... # not putting my actual MAC addresses in a public git repo ...
hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix); hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
domain = "fake.liminix.org"; domain = secrets.domainName;
}; };
services.wan = svc.pppoe.build { services.wan = svc.pppoe.build {