From f2f8ca71bb5484cf472df7ab7cd7dd6e9a9f37e9 Mon Sep 17 00:00:00 2001 From: oddlama Date: Wed, 15 Mar 2023 17:43:04 +0100 Subject: [PATCH] chore: put real MAC addresses in repo secrets --- flake.lock | 24 +++++++++--------- hosts/nom/net.nix | 6 ++--- .../{ => secrets}/initrd_host_ed25519_key.age | Bin hosts/nom/secrets/secrets.nix.age | Bin 0 -> 555 bytes hosts/ward/net.nix | 10 +++----- .../{ => secrets}/initrd_host_ed25519_key.age | Bin hosts/ward/secrets/secrets.nix.age | 10 ++++++++ hosts/zackbiene/default.nix | 1 + hosts/zackbiene/hostapd.nix | 6 +++++ hosts/zackbiene/net.nix | 15 +++++++---- hosts/zackbiene/secrets/secrets.nix.age | Bin 516 -> 496 bytes modules/initrd-ssh.nix | 2 +- secrets/secrets.nix.age | Bin 433 -> 477 bytes 13 files changed, 47 insertions(+), 27 deletions(-) rename hosts/nom/{ => secrets}/initrd_host_ed25519_key.age (100%) create mode 100644 hosts/nom/secrets/secrets.nix.age rename hosts/ward/{ => secrets}/initrd_host_ed25519_key.age (100%) create mode 100644 hosts/ward/secrets/secrets.nix.age create mode 100644 hosts/zackbiene/hostapd.nix diff --git a/flake.lock b/flake.lock index 70d274b..865fe2c 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1678494029, - "narHash": "sha256-2DV9aeUsFuczk4olt4WtlRVuQwIjF8OFK4EzfJ5JFJA=", + "lastModified": 1678898163, + "narHash": "sha256-Cn35A08nzi+S9+RfFyAD4yMBGFerlk9ESMhAm/CJqRE=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "7eaf151db39f62c9fbde5c19778e3cce3be243ad", + "rev": "653dcdbeba427b0c88137683055b8033c987b137", "type": "github" }, "original": { @@ -166,11 +166,11 @@ ] }, "locked": { - "lastModified": 1678464939, - "narHash": "sha256-pRMlwOUkO1OwSi7qF6XR/zcocWy/ZYxXgbYWvnZQO9k=", + "lastModified": 1678886248, + "narHash": "sha256-ff81NJtc+AgQhUlTCkx8t8hda0o72vSxDeHVGrfxH70=", "owner": "nix-community", "repo": "home-manager", - "rev": "7224d7c54c5fc74cdf60b208af6148ed3295aa32", + "rev": "2bd74d92bc7345f323ebcbfeb631d5cf4067ed8e", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1678380223, - "narHash": "sha256-HUxnK38iqrX84QdQxbFcosRKV3/koj1Zzp5b5aP4lIo=", + "lastModified": 1678819893, + "narHash": "sha256-lfA6WGdxPsPkBK5Y19ltr5Sn7v7MlT+jpZ4nUgco0Xs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e2590679d0ed2cee2736e8b80373178d085d263", + "rev": "7067edc68c035e21780259ed2d26e1f164addaa2", "type": "github" }, "original": { @@ -299,11 +299,11 @@ }, "templates": { "locked": { - "lastModified": 1676551231, - "narHash": "sha256-JS1o31ew90UiccpoQHxP84Wn0n7ClgyVpAsJV20Ep5E=", + "lastModified": 1678524284, + "narHash": "sha256-3tk4RHKrIbz2tNVyW2WOrgZBe26jhfBiz7bzb7b8p5I=", "owner": "NixOS", "repo": "templates", - "rev": "3ac7e8ba52feb2b89e943a6ce0f7a30d6faf81c6", + "rev": "0edaa0637331e9d8acca5c8ec67936a2c8b8749b", "type": "github" }, "original": { diff --git a/hosts/nom/net.nix b/hosts/nom/net.nix index 0b13f0e..18c51eb 100644 --- a/hosts/nom/net.nix +++ b/hosts/nom/net.nix @@ -1,4 +1,4 @@ -{ +{ nodeSecrets, ... }: { networking = { hostId = "4313abca"; wireless.iwd.enable = true; @@ -7,14 +7,14 @@ systemd.network.networks = { "10-lan1" = { DHCP = "yes"; - matchConfig.MACAddress = "00:00:00:00:00:00"; + matchConfig.MACAddress = nodeSecrets.networking.interfaces.lan1.mac; networkConfig.IPv6PrivacyExtensions = "kernel"; dhcpV4Config.RouteMetric = 10; dhcpV6Config.RouteMetric = 10; }; "10-wlan1" = { DHCP = "yes"; - matchConfig.MACAddress = "00:00:00:00:00:00"; + matchConfig.MACAddress = nodeSecrets.networking.interfaces.wlan1.mac; networkConfig.IPv6PrivacyExtensions = "kernel"; dhcpV4Config.RouteMetric = 40; dhcpV6Config.RouteMetric = 40; diff --git a/hosts/nom/initrd_host_ed25519_key.age b/hosts/nom/secrets/initrd_host_ed25519_key.age similarity index 100% rename from hosts/nom/initrd_host_ed25519_key.age rename to hosts/nom/secrets/initrd_host_ed25519_key.age diff --git a/hosts/nom/secrets/secrets.nix.age b/hosts/nom/secrets/secrets.nix.age new file mode 100644 index 0000000000000000000000000000000000000000..60cfac9272ff65f082c49b3cf16fcce2da933d00 GIT binary patch literal 555 zcmWm7O>5I&007{jC>Zph!gdfLco@zuO_Mcg18$h~BWcs7Nt1r0+rgyEvcxV)-!!o) zI}ALiOb|SInBY}*lnHZ}9R!hyf?h;X^dRo6Sf_&`d;Y+qnFeAwZ4h}q%XQ)|Fwqc$ zkU6-C69h)Vglt=NqCt^Ps-9YGCh#T8i3L%ss*|Ql#4>Woh!~eC_whDVjciY`JwETw zV9~&-O9NJJ1RWz+qBvE@^oH(XshVngx_LBsR)}~wLBjp6Y@{WaPBKn1#%Qi6c`_=1 zWbY==0>7*YT|UdJS%u{+6mv+6rxj>GCQ5{42DNNSNJ}7%%1mXM4hPtPw0)7T1fWq* zW-F?R(?{3p-1Ss_eg-jtq4@?JpSSvO9G-+{n+w?(ByheMlAeO&Wobo|qfBzKS!O-6 zT|^6lma@W98sI^bBhodsV)6r@&UAoYC{mHXoJbUGsMukHI-M7LLMPWzT-M@Ip2`w= zAc(Y|K&b>v)|Mm)K@eCjr;J=k5E+kAY9%Wu5Q^2Bp-MM+MsnM^a?a4JO}&c-H5K|j z_F?D8+TOco6C!tObU564jq|sI@#mv|!NeihU)$Yyv;g;3$%|h$4!B%*`|0M{Q&&Ep zAHG>v8oz#CSUI+{mAU&qy85tc9{(Hr_TX)W`4m1GGd}jJ&cV45d_Qxq810TWUszLn m&Pz?2ZM`~e7Qe0!PoB7T`7xNjG(FY6KmKQ1nY`oeL;nHKFvt%8 literal 0 HcmV?d00001 diff --git a/hosts/ward/net.nix b/hosts/ward/net.nix index 03c7a3d..d422661 100644 --- a/hosts/ward/net.nix +++ b/hosts/ward/net.nix @@ -1,19 +1,17 @@ -{ - networking = { - hostId = "49ce3b71"; - }; +{ nodeSecrets, ... }: { + networking.hostId = "49ce3b71"; systemd.network.networks = { "10-lan1" = { DHCP = "yes"; - matchConfig.MACAddress = "00:00:00:00:00:00"; + matchConfig.MACAddress = nodeSecrets.networking.interfaces.lan1.mac; networkConfig.IPv6PrivacyExtensions = "kernel"; dhcpV4Config.RouteMetric = 10; dhcpV6Config.RouteMetric = 10; }; "10-lan2" = { DHCP = "yes"; - matchConfig.MACAddress = "00:00:00:00:00:00"; + matchConfig.MACAddress = nodeSecrets.networking.interfaces.lan2.mac; networkConfig.IPv6PrivacyExtensions = "kernel"; dhcpV4Config.RouteMetric = 20; dhcpV6Config.RouteMetric = 20; diff --git a/hosts/ward/initrd_host_ed25519_key.age b/hosts/ward/secrets/initrd_host_ed25519_key.age similarity index 100% rename from hosts/ward/initrd_host_ed25519_key.age rename to hosts/ward/secrets/initrd_host_ed25519_key.age diff --git a/hosts/ward/secrets/secrets.nix.age b/hosts/ward/secrets/secrets.nix.age new file mode 100644 index 0000000..b9c83b3 --- /dev/null +++ b/hosts/ward/secrets/secrets.nix.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 fJutn5YCebczN3xQLTDNPKQlNj4p47h1sUgkyVfRARw +V61YLy8oXTJZUFhpxYCM7glt1u3LKtVgkp0XDdYwlaE +-> piv-p256 xqSe8Q AzOVI4DKP7g7Rzr7NbH6olY/T57R9BbO5gNpeXrCn+xZ +cmD4KdE3CIbKp36azm7fuL5V1EVvgcuaLE8/cEzE7x0 +-> @Zm-grease )8>fIDi YH{ Qp_) VJs.7 +jkMFKrAANRssnB6n0Cr6cxVc5g +--- eNSoD5B33WIgF5M26POfs5rUjqVNb6BqiMedIMS7/H8 +&^Ӕ3 s $m"ek٦~Bade^9/aI/yJF'I^ÍWP/0u;bn +TXr/,ۑ%SɃ}娵`ɃϞ {$O \ No newline at end of file diff --git a/hosts/zackbiene/default.nix b/hosts/zackbiene/default.nix index 3b5555f..603ed84 100644 --- a/hosts/zackbiene/default.nix +++ b/hosts/zackbiene/default.nix @@ -21,6 +21,7 @@ ./zigbee2mqtt.nix ./esphome.nix ./nginx.nix + ./hostapd.nix ]; boot.loader.grub.enable = false; diff --git a/hosts/zackbiene/hostapd.nix b/hosts/zackbiene/hostapd.nix new file mode 100644 index 0000000..b0615f8 --- /dev/null +++ b/hosts/zackbiene/hostapd.nix @@ -0,0 +1,6 @@ +{ + lib, + config, + ... +}: { +} diff --git a/hosts/zackbiene/net.nix b/hosts/zackbiene/net.nix index 0c8d422..f53a314 100644 --- a/hosts/zackbiene/net.nix +++ b/hosts/zackbiene/net.nix @@ -1,15 +1,20 @@ -{ - networking = { - hostId = "f7e6acdc"; - }; +{ nodeSecrets, ... }: { + networking.hostId = "f7e6acdc"; systemd.network.networks = { "10-lan1" = { DHCP = "yes"; - matchConfig.MACAddress = "00:00:00:00:00:00"; + matchConfig.MACAddress = nodeSecrets.networking.interfaces.lan1.mac; networkConfig.IPv6PrivacyExtensions = "kernel"; dhcpV4Config.RouteMetric = 10; dhcpV6Config.RouteMetric = 10; }; + #"10-wlan1" = { + # DHCP = "yes"; + # matchConfig.MACAddress = nodeSecrets.networking.interfaces.wlan1.mac; + # networkConfig.IPv6PrivacyExtensions = "kernel"; + # dhcpV4Config.RouteMetric = 40; + # dhcpV6Config.RouteMetric = 40; + #}; }; } diff --git a/hosts/zackbiene/secrets/secrets.nix.age b/hosts/zackbiene/secrets/secrets.nix.age index 25625ad941b0b3bfaf00fb4101d199f30ec08963..f966809e3c4d59cea0db47f210e20ecf05b073bb 100644 GIT binary patch delta 474 zcmV<00VV!~1n>ipAb)LcGeR*%FH=ixZdg+{M>$$rH*j=NV>n4jY&K3=V?=6ZD`9Fx zReDQjK?-^>SaxVHGBj#MS5;9~X>wU{cr`|GW^^}8Wl3>!P-ZVLc}FWbVOLmBK?*HC zAaH4REpRe5HXwL$Q)M_&AVD@xXjoZgI5$Z|Q*JLWY*<$|dVfV}LR4czaCc@eHeoVF zcVuxzGI~N$Y-$Q*aYIlscu#L}dRAvjcy~lHbx$`oSZi}PX?HMIFimDda#JfXS5;X~ zXGIDvJ|JKtH&Q+=XL4m>b7de|KOlWIXdpOKIB+c~EJzAyNoZ^eEiEk|O<_h?H!C$v zXlheNSTI$2Q-6A8GgLu!ZeuY`SX4uDNH%UyQEyC2F-&Y(3hO$R!{6MfDBTK}2fL{- zi{wk*pqT2D8YVa+S8tu>h*!XFyz>IaT^QFjfd+Xb&3l*QYqeX%P3C}F5OzNa6cM79 zZQ@WKLdu0QOS3(g6Rhch8v%Mlo?Fg;D3woYW$+S3%~Ru+!>)Gk_WqTtz}+w!yQJXQ zHY&K0V_jHVAj4qEhAgHu=|Ta0dl(;!6UcSq_(~Ri1+pvA|GKw|R%J6+?MN|DwUX7v QE~$R-FwL(=&%@WHJh67RkN^Mx delta 494 zcmWm7O>dK6003a)oQWhR#EFt&;EcVo_6r)&L&=syLvM|f8e>@dUx*}U0W{98->sYA(?u3H;e0C%68*` z!<+5HDf9p_0fxzC@VtsRkX~lev^EHPPTXUmT8{&Fp6aj$nh~4{HS<+ImL^KTD!E_+n4uyX#&^tAp5IvTns`xY}~$Hz_u0E|Icn z&~fDG&6Zvx8FlJuTA0lke8FtNc{h{lgd&T;0v*fypY1+9**U5l?_+jo^&<=AW~C}> zwM(ay6GVc_T<96&T3xR4ZkjEQBrZp`a3echlNn*y;Y?`;ia;19Y)U9$Rh0x71!T3|t!rsCfzVx8^(VE_MG?DBlXMX*JkJH&e`k7*H?|d+xurP Vx$=wODUx-^ov5v#ua#haxL&e--1I2|A2#z z#?{5a#pMP^2WL%;(Me;BgNehr8lOM#ygvSN{DeFRjJd{&q+}JGdWGOab`OS=eAG`W zKD7f7SYT6{&Qe_KMA46Z2BMM)6>T_68VCyx747&HUO5WdhDb$j3q`fozy$q}Orss0 z@{K0B&t|?fAwg?jw>cLEGESi$qCq$24%Jpo(qg9+cp*Qa0LKWnXmpkoVG1^tPz<^- z9K{_tv(UuWLhp6g(pxRFkbnF2%xl4E1`{>q;UOHy1OW9r)dmeTk>byjdr? zM}!SQx2r03P&k>(Pz$PXYIp*;&@j`^%EZ`g;5hGQ8`-xAnx@GDQsKVW$uIE+80)l+ zbq@^XsnoDd)APl_vaW*js7x2Ov?i$UXYS9xkK^%M12AE-s4CA9%jBUbG&e+nDn=1d-DmpL9$-1;ALE>_JE> zP}ZuFP*sW?NX*PC#R0;FhlX1eg=hx>4K1;B%U($Vf0vy|!PMOh@+=FZscvL7g6*Su zRAD(mb|sf*0y0+Ksi5y=ip6QT6{B9|;fdU_s#l=pi|^3P^*qDnEwy z5=4wi^jQ^-Yc?4Gq6YR#nkyt;9?4smlSeeCR#U}bW^oK_+-W;9lGpskkusQ?R5fy% zH7=_NhGD4LrZvD1h1hE5RzZ$^PgL5yuwLV<sps