From 1206d022008fd9d23e5d29aef12a2371f20b170d Mon Sep 17 00:00:00 2001 From: Daniel Barlow Date: Sun, 11 Feb 2024 09:10:03 +0000 Subject: [PATCH] rotuer-secrets: remove root_password, add wifi ssid and domainName this is step one towards getting rid of rotuer-secrets completely and turning rotuer into a "profile" module that can be less hackily customised for other people's networks --- examples/arhcive.nix | 2 +- examples/extneder.nix | 2 +- examples/rotuer-secrets.example.nix | 7 ++++--- examples/rotuer.nix | 11 +++++++---- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/examples/arhcive.nix b/examples/arhcive.nix index 360e8e8..5ed6ad1 100644 --- a/examples/arhcive.nix +++ b/examples/arhcive.nix @@ -145,7 +145,7 @@ in rec { }; users.root = { - passwd = lib.mkForce secrets.root_password; + passwd = lib.mkForce secrets.root.passwd; # openssh.authorizedKeys.keys = [ # (builtins.readFile "/home/dan/.ssh/id_rsa.pub") # ]; diff --git a/examples/extneder.nix b/examples/extneder.nix index f640f0e..1b2fab5 100644 --- a/examples/extneder.nix +++ b/examples/extneder.nix @@ -131,6 +131,6 @@ in rec { dependencies = [services.dhcpc]; }; - users.root.passwd = lib.mkForce secrets.root_password; + users.root.passwd = lib.mkForce secrets.root.passwd; defaultProfile.packages = with pkgs; [nftables strace tcpdump swconfig]; } diff --git a/examples/rotuer-secrets.example.nix b/examples/rotuer-secrets.example.nix index 368a930..acae8ca 100644 --- a/examples/rotuer-secrets.example.nix +++ b/examples/rotuer-secrets.example.nix @@ -1,5 +1,6 @@ -rec { +{ wpa_passphrase = "you bring light in"; + ssid = "liminix"; l2tp = { name = "abcde@a.1"; password = "NotMyIspPassword"; @@ -10,9 +11,9 @@ rec { openssh.authorizedKeys.keys = [ ]; }; - root_password = root.passwd; + lan = { - prefix = "10.8.0"; # "192.168.8"; + prefix = "10.8.0"; }; } diff --git a/examples/rotuer.nix b/examples/rotuer.nix index b90519c..c690c89 100644 --- a/examples/rotuer.nix +++ b/examples/rotuer.nix @@ -8,7 +8,10 @@ { config, pkgs, lib, ... } : let - secrets = import ./rotuer-secrets.nix; + secrets = { + domainName = "fake.liminix.org"; + firewallRules = {}; + } // (import ./rotuer-secrets.nix); inherit (pkgs.liminix.services) oneshot longrun bundle; inherit (pkgs) serviceFns; svc = config.system.service; @@ -55,7 +58,7 @@ in rec { services.hostap = svc.hostapd.build { interface = config.hardware.networkInterfaces.wlan; params = { - ssid = "liminix"; + ssid = secrets.ssid; hw_mode="g"; channel = "2"; ieee80211n = 1; @@ -65,7 +68,7 @@ in rec { services.hostap5 = svc.hostapd.build { interface = config.hardware.networkInterfaces.wlan5; params = rec { - ssid = "liminix_5"; + ssid = "${secrets.ssid}5"; hw_mode="a"; channel = 36; ht_capab = "[HT40+]"; @@ -121,7 +124,7 @@ in rec { # not putting my actual MAC addresses in a public git repo ... hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix); - domain = "fake.liminix.org"; + domain = secrets.domainName; }; services.wan = svc.pppoe.build {