forked from DGNum/liminix
rotuer-secrets: remove root_password, add wifi ssid and domainName
this is step one towards getting rid of rotuer-secrets completely and turning rotuer into a "profile" module that can be less hackily customised for other people's networks
This commit is contained in:
parent
7c196bf9b4
commit
1206d02200
4 changed files with 13 additions and 9 deletions
|
@ -145,7 +145,7 @@ in rec {
|
||||||
};
|
};
|
||||||
|
|
||||||
users.root = {
|
users.root = {
|
||||||
passwd = lib.mkForce secrets.root_password;
|
passwd = lib.mkForce secrets.root.passwd;
|
||||||
# openssh.authorizedKeys.keys = [
|
# openssh.authorizedKeys.keys = [
|
||||||
# (builtins.readFile "/home/dan/.ssh/id_rsa.pub")
|
# (builtins.readFile "/home/dan/.ssh/id_rsa.pub")
|
||||||
# ];
|
# ];
|
||||||
|
|
|
@ -131,6 +131,6 @@ in rec {
|
||||||
dependencies = [services.dhcpc];
|
dependencies = [services.dhcpc];
|
||||||
};
|
};
|
||||||
|
|
||||||
users.root.passwd = lib.mkForce secrets.root_password;
|
users.root.passwd = lib.mkForce secrets.root.passwd;
|
||||||
defaultProfile.packages = with pkgs; [nftables strace tcpdump swconfig];
|
defaultProfile.packages = with pkgs; [nftables strace tcpdump swconfig];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
rec {
|
{
|
||||||
wpa_passphrase = "you bring light in";
|
wpa_passphrase = "you bring light in";
|
||||||
|
ssid = "liminix";
|
||||||
l2tp = {
|
l2tp = {
|
||||||
name = "abcde@a.1";
|
name = "abcde@a.1";
|
||||||
password = "NotMyIspPassword";
|
password = "NotMyIspPassword";
|
||||||
|
@ -10,9 +11,9 @@ rec {
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
root_password = root.passwd;
|
|
||||||
lan = {
|
lan = {
|
||||||
prefix = "10.8.0"; # "192.168.8";
|
prefix = "10.8.0";
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,10 @@
|
||||||
|
|
||||||
{ config, pkgs, lib, ... } :
|
{ config, pkgs, lib, ... } :
|
||||||
let
|
let
|
||||||
secrets = import ./rotuer-secrets.nix;
|
secrets = {
|
||||||
|
domainName = "fake.liminix.org";
|
||||||
|
firewallRules = {};
|
||||||
|
} // (import ./rotuer-secrets.nix);
|
||||||
inherit (pkgs.liminix.services) oneshot longrun bundle;
|
inherit (pkgs.liminix.services) oneshot longrun bundle;
|
||||||
inherit (pkgs) serviceFns;
|
inherit (pkgs) serviceFns;
|
||||||
svc = config.system.service;
|
svc = config.system.service;
|
||||||
|
@ -55,7 +58,7 @@ in rec {
|
||||||
services.hostap = svc.hostapd.build {
|
services.hostap = svc.hostapd.build {
|
||||||
interface = config.hardware.networkInterfaces.wlan;
|
interface = config.hardware.networkInterfaces.wlan;
|
||||||
params = {
|
params = {
|
||||||
ssid = "liminix";
|
ssid = secrets.ssid;
|
||||||
hw_mode="g";
|
hw_mode="g";
|
||||||
channel = "2";
|
channel = "2";
|
||||||
ieee80211n = 1;
|
ieee80211n = 1;
|
||||||
|
@ -65,7 +68,7 @@ in rec {
|
||||||
services.hostap5 = svc.hostapd.build {
|
services.hostap5 = svc.hostapd.build {
|
||||||
interface = config.hardware.networkInterfaces.wlan5;
|
interface = config.hardware.networkInterfaces.wlan5;
|
||||||
params = rec {
|
params = rec {
|
||||||
ssid = "liminix_5";
|
ssid = "${secrets.ssid}5";
|
||||||
hw_mode="a";
|
hw_mode="a";
|
||||||
channel = 36;
|
channel = 36;
|
||||||
ht_capab = "[HT40+]";
|
ht_capab = "[HT40+]";
|
||||||
|
@ -121,7 +124,7 @@ in rec {
|
||||||
# not putting my actual MAC addresses in a public git repo ...
|
# not putting my actual MAC addresses in a public git repo ...
|
||||||
hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
|
hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
|
||||||
|
|
||||||
domain = "fake.liminix.org";
|
domain = secrets.domainName;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.wan = svc.pppoe.build {
|
services.wan = svc.pppoe.build {
|
||||||
|
|
Loading…
Reference in a new issue