rotuer-secrets: remove root_password, add wifi ssid and domainName
this is step one towards getting rid of rotuer-secrets completely and turning rotuer into a "profile" module that can be less hackily customised for other people's networks
This commit is contained in:
parent
7c196bf9b4
commit
1206d02200
4 changed files with 13 additions and 9 deletions
|
@ -145,7 +145,7 @@ in rec {
|
|||
};
|
||||
|
||||
users.root = {
|
||||
passwd = lib.mkForce secrets.root_password;
|
||||
passwd = lib.mkForce secrets.root.passwd;
|
||||
# openssh.authorizedKeys.keys = [
|
||||
# (builtins.readFile "/home/dan/.ssh/id_rsa.pub")
|
||||
# ];
|
||||
|
|
|
@ -131,6 +131,6 @@ in rec {
|
|||
dependencies = [services.dhcpc];
|
||||
};
|
||||
|
||||
users.root.passwd = lib.mkForce secrets.root_password;
|
||||
users.root.passwd = lib.mkForce secrets.root.passwd;
|
||||
defaultProfile.packages = with pkgs; [nftables strace tcpdump swconfig];
|
||||
}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
rec {
|
||||
{
|
||||
wpa_passphrase = "you bring light in";
|
||||
ssid = "liminix";
|
||||
l2tp = {
|
||||
name = "abcde@a.1";
|
||||
password = "NotMyIspPassword";
|
||||
|
@ -10,9 +11,9 @@ rec {
|
|||
openssh.authorizedKeys.keys = [
|
||||
];
|
||||
};
|
||||
root_password = root.passwd;
|
||||
|
||||
lan = {
|
||||
prefix = "10.8.0"; # "192.168.8";
|
||||
prefix = "10.8.0";
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -8,7 +8,10 @@
|
|||
|
||||
{ config, pkgs, lib, ... } :
|
||||
let
|
||||
secrets = import ./rotuer-secrets.nix;
|
||||
secrets = {
|
||||
domainName = "fake.liminix.org";
|
||||
firewallRules = {};
|
||||
} // (import ./rotuer-secrets.nix);
|
||||
inherit (pkgs.liminix.services) oneshot longrun bundle;
|
||||
inherit (pkgs) serviceFns;
|
||||
svc = config.system.service;
|
||||
|
@ -55,7 +58,7 @@ in rec {
|
|||
services.hostap = svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan;
|
||||
params = {
|
||||
ssid = "liminix";
|
||||
ssid = secrets.ssid;
|
||||
hw_mode="g";
|
||||
channel = "2";
|
||||
ieee80211n = 1;
|
||||
|
@ -65,7 +68,7 @@ in rec {
|
|||
services.hostap5 = svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan5;
|
||||
params = rec {
|
||||
ssid = "liminix_5";
|
||||
ssid = "${secrets.ssid}5";
|
||||
hw_mode="a";
|
||||
channel = 36;
|
||||
ht_capab = "[HT40+]";
|
||||
|
@ -121,7 +124,7 @@ in rec {
|
|||
# not putting my actual MAC addresses in a public git repo ...
|
||||
hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
|
||||
|
||||
domain = "fake.liminix.org";
|
||||
domain = secrets.domainName;
|
||||
};
|
||||
|
||||
services.wan = svc.pppoe.build {
|
||||
|
|
Loading…
Reference in a new issue