commit 108c4ddb625d0e845fc51779db4efd0e091b4550
parent 88ba72fe278d306e89ec68de4eb797984141b472
Author: breadcat <breadcat@users.noreply.github.com>
Date: Tue, 5 Aug 2025 14:29:46 +0100
Move secret-ish variables to another file
Diffstat:
10 files changed, 56 insertions(+), 32 deletions(-)
diff --git a/.gitignore b/.gitignore
@@ -1 +1,4 @@
-research
-\ No newline at end of file
+research
+
+# see variables.sample.nix
+variables.nix
+\ No newline at end of file
diff --git a/common/locale.nix b/common/locale.nix
@@ -1,11 +1,10 @@
-{ config, ... }:
+{ timezone, ... }:
let
- timezone = "Europe/London";
locale = "en_GB.UTF-8";
in
{
- time.timeZone = timezone;
+ time.timeZone = "${timezone}";
i18n.defaultLocale = locale;
i18n.extraLocaleSettings = {
LC_ADDRESS = locale;
@@ -20,4 +19,4 @@ in
};
services.xserver.xkb.layout = "gb";
console.keyMap = "uk";
-}
-\ No newline at end of file
+}
diff --git a/common/ssh.nix b/common/ssh.nix
@@ -1,9 +1,10 @@
-{ username, sshkey, ... }:
+{ username, sshkey, sshport, ... }:
{
# SSH service
services.openssh = {
enable = true;
+ ports = [ sshport ];
settings.PasswordAuthentication = false;
};
# Fail2ban service
diff --git a/entrypoint.nix b/entrypoint.nix
@@ -4,21 +4,18 @@
lib,
...
}: let
- fullname = "Peter";
- username = lib.strings.toLower fullname;
- domain = "minskio.co.uk";
- email = "${username}@${domain}";
- sshkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXdHG4d/CoCbS1mp7cg+/3qS8nI4bvp7nvU5BZdkzseOt1NerZ4rgdQLBiFGiEi4LPMOQxBGXe7uuskn3TCc2C/DkZH/+AdYQ5MDXRbRqta/0oS8XVTzWcBtluaHc6qsuF6MkSU853ZWVgzlYimfSkjkwvrMT38WkkauC9U4VoqODVLQe5sivR/2INHctNfj0dYuyvPRUhAiuTrha0cKrS7xkOIf4a9gQgunU4+cmyb1HPt6KmNMzuZ/nhsqVWf6h/v0oBTg8p+aestfpg2fTAlY8Za8t/ZOqpF1TeWqUB+1AXEoQHNw2bezzKwCyX39cvjTeE5EWKl7oXalq91J39 ssh-key-2022-02-16";
+ vars = import ./variables.nix { inherit lib; };
+ inherit (vars) fullname username domain email sshkey sshport timezone vpnusername vpnpassword todosecret;
+
hostname =
if builtins.pathExists "/etc/hostname"
then lib.strings.removeSuffix "\n" (builtins.readFile "/etc/hostname")
else throw "Error: /etc/hostname not found. Please ensure the hostname is set before rebuild.";
+
machine = lib.strings.removeSuffix "\n" hostname;
osConfigPath = ./machines + "/${machine}.nix";
in {
imports = [
- (import osConfigPath {inherit config pkgs lib fullname machine username domain email sshkey;})
+ (import osConfigPath { inherit config pkgs lib fullname username domain email sshkey sshport timezone vpnusername vpnpassword todosecret machine ; })
];
-
- networking.hostName = machine;
-}
+}
+\ No newline at end of file
diff --git a/home/ssh.nix b/home/ssh.nix
@@ -1,4 +1,4 @@
-{ domain, username, ... }:
+{ domain, username, sshport, ... }:
{
programs.ssh = {
@@ -8,13 +8,13 @@
"minskio" = {
hostname = "${domain}";
user = "${username}";
- port = 55012;
+ port = sshport;
identityFile = "~/vault/docs/secure/ssh-key-2022-02-16.key";
};
"tunnel" = {
hostname = "${domain}";
user = "${username}";
- port = 55012;
+ port = sshport;
identityFile = "~/vault/docs/secure/ssh-key-2022-02-16.key";
extraOptions = {
RemoteCommand = "ssh -p 55013 ${username}@localhost -i ~/vault/docs/secure/ssh-key-2022-02-16.key";
diff --git a/machines/arcadia.nix b/machines/arcadia.nix
@@ -1,6 +1,6 @@
# HTPC
-{ config, pkgs, domain, machine, username, fullname, sshkey, ... }:
+{ config, pkgs, domain, machine, username, fullname, sshkey, sshport, timezone, ... }:
let
home-manager = builtins.fetchTarball https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz; # stable
@@ -15,13 +15,13 @@ in
../common/audio.nix
../common/flakes.nix
../common/garbage.nix
- ../common/locale.nix
+ (import ../common/locale.nix {inherit config pkgs timezone;})
../common/nfs.nix
# ../common/kodi-module.nix
../common/packages.nix
(import ../common/syncthing.nix {inherit config pkgs username;})
(import ../common/user.nix {inherit config pkgs username fullname;})
- (import ../common/ssh.nix {inherit username sshkey;})
+ (import ../common/ssh.nix {inherit username sshkey sshport;})
../scripts/htpc-launcher.nix
(import "${home-manager}/nixos")
];
@@ -34,7 +34,7 @@ in
../home/hyprland.nix
../home/ghostty.nix
(import ../home/kodi.nix {inherit username;})
- (import ../home/ssh.nix {inherit domain username;})
+ (import ../home/ssh.nix {inherit domain username sshport;})
];
# The state version is required and should stay at the version you
diff --git a/machines/artemis.nix b/machines/artemis.nix
@@ -8,6 +8,8 @@
fullname,
domain,
sshkey,
+ sshport,
+ timezone,
...
}: let
home-manager = builtins.fetchTarball https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz; # Stable
@@ -18,12 +20,13 @@ in {
[
./${machine}-hardware.nix # Include the results of the hardware scan.
(import "${home-manager}/nixos") # Home-Manager
+ (import ../common/docker.nix {inherit config pkgs username domain;})
../common/flakes.nix
../common/garbage.nix
- ../common/locale.nix
+ (import ../common/locale.nix {inherit pkgs timezone;})
../common/packages.nix
(import ../common/restic.nix {inherit pkgs username;})
- (import ../common/ssh.nix {inherit username sshkey;})
+ (import ../common/ssh.nix {inherit username sshkey sshport;})
(import ../common/syncthing.nix {inherit config pkgs username;})
(import ../common/user.nix {inherit config pkgs username fullname;})
../scripts/stagit-generate.nix
@@ -38,7 +41,7 @@ in {
../home/htop.nix
../home/neovim.nix
(import ../home/rbw.nix {inherit pkgs domain email;})
- (import ../home/ssh.nix {inherit domain username;})
+ (import ../home/ssh.nix {inherit domain username sshport;})
];
home.stateVersion = "25.05";
};
diff --git a/machines/ilias.nix b/machines/ilias.nix
@@ -8,6 +8,8 @@
fullname,
domain,
sshkey,
+ sshport,
+ timezone,
...
}: let
media-sort = import ../common/media-sort.nix {inherit pkgs;};
@@ -21,12 +23,12 @@ in {
(import ../common/cron-duolingo-rank.nix {inherit username;})
../common/flakes.nix
../common/garbage.nix
- ../common/locale.nix
+ (import ../common/locale.nix {inherit pkgs timezone;})
(import ../common/magnets.nix {inherit pkgs username;})
../common/packages.nix
(import ../common/restic.nix {inherit pkgs username;})
(import ../common/ssh-tunnel.nix {inherit config pkgs username domain;})
- (import ../common/ssh.nix {inherit username sshkey;})
+ (import ../common/ssh.nix {inherit username sshkey sshport;})
(import ../common/syncthing.nix {inherit config pkgs username;})
(import ../common/tank-log.nix {inherit pkgs username;})
(import ../common/tank-sort.nix {inherit pkgs username;})
@@ -60,7 +62,7 @@ in {
../home/htop.nix
../home/neovim.nix
(import ../home/rbw.nix {inherit pkgs domain email;})
- (import ../home/ssh.nix {inherit domain username;})
+ (import ../home/ssh.nix {inherit domain username sshport;})
];
# The state version is required and should stay at the version you
# originally installed.
diff --git a/machines/minerva.nix b/machines/minerva.nix
@@ -8,6 +8,7 @@
domain,
email,
sshkey,
+ sshport,
...
}: let
media-sort = import ../common/media-sort.nix {inherit pkgs;};
@@ -26,7 +27,7 @@ in {
../common/nfs.nix
../common/packages.nix
(import ../common/restic.nix {inherit pkgs username;})
- (import ../common/ssh.nix {inherit username sshkey;})
+ (import ../common/ssh.nix {inherit username sshkey sshport;})
(import ../common/syncthing.nix {inherit config pkgs username;})
(import ../common/user.nix {inherit config pkgs username fullname;})
(import ../common/ydotool.nix {inherit pkgs username;})
@@ -52,7 +53,7 @@ in {
../home/tofi.nix
(import ../home/git.nix {inherit fullname email;})
(import ../home/rbw.nix {inherit pkgs domain email;})
- (import ../home/ssh.nix {inherit domain username;})
+ (import ../home/ssh.nix {inherit domain username sshport;})
(import ../home/newsboat.nix {inherit pkgs domain username;})
];
# The state version is required and should stay at the version you
diff --git a/variables.sample.nix b/variables.sample.nix
@@ -0,0 +1,17 @@
+{ lib }:
+
+let
+ fullname = "Peter";
+ username = lib.strings.toLower fullname;
+ domain = "domain.com";
+ email = "${username}@${domain}";
+ sshkey = "ssh-rsa yourkeyhere";
+ sshport = 2222;
+ timezone = "Europe/London";
+ htpasswd = "";
+ vpnusername = "";
+ vpnpassword = "";
+ todosecret = "";
+in {
+ inherit fullname username domain email sshkey sshport timezone vpnusername vpnpassword todosecret;
+}
+\ No newline at end of file
