rearrange NOTE blocks

2026-01-24 20:10:55 +01:00 · 2026-01-24 20:10:55 +01:00 · 9d1c8f4064
commit 9d1c8f4064
parent 1451b18083
9 changed files with 27 additions and 38 deletions
--- a/hosts/nixos/thinkpad/disk-config.nix
+++ b/hosts/nixos/thinkpad/disk-config.nix
@ -1,6 +1,3 @@
-# Disko configuration for ThinkPad P14s Gen 2
-# Reflects the actual installed system configuration
-# NOTE: This uses UUIDs from the existing installation
 {
  disko.devices = {
    disk = {
@ -37,4 +34,4 @@
      };
    };
  };
-}
+}
--- a/modules/borg/client.nix
+++ b/modules/borg/client.nix
@ -1,3 +1,6 @@
+# NOTE: Passphrase file at: `/etc/borg-passphrase` with mode 600
+# content: `BORG_PASSPHRASE=your-passphrase`
+
 { config, lib, pkgs, ... }:

 with lib;
@ -5,9 +8,6 @@ with lib;
 let
  cfg = config.services.borg-client-custom;
  sshCommand = "ssh -F /home/yanlin/.ssh/config -o StrictHostKeyChecking=accept-new -o ServerAliveInterval=60 -o ServerAliveCountMax=240";
-  # NOTE: Passphrase file: /etc/borg-passphrase
-  # Should contain: BORG_PASSPHRASE=your-passphrase
-  # Place on host with mode 0600
  passphraseFile = "/etc/borg-passphrase";
  excludePatterns = [
    "*.tmp" "*.temp" "*/.cache/*" "*/.local/share/Trash/*" "*/tmp/*" "*/temp/*"
--- a/modules/dufs.nix
+++ b/modules/dufs.nix
@ -1,3 +1,6 @@
+# NOTE: Authentication file at: `/etc/dufs-auth` with mode 600
+# content: `username:password`
+
 { config, pkgs, lib, ... }:

 let
@ -36,10 +39,6 @@ in
    # Install dufs package
    environment.systemPackages = [ pkgs.dufs ];

-    # Create systemd service
-    # NOTE: Authentication credentials must be manually created in /etc/dufs-auth
-    # The file should contain a single line in format: username:password
-    # Make sure to set permissions: chmod 600 /etc/dufs-auth
    systemd.services.dufs = {
      description = "Dufs WebDAV File Server";
      wantedBy = [ "multi-user.target" ];
--- a/modules/gemini-cli.nix
+++ b/modules/gemini-cli.nix
@ -1,3 +1,6 @@
+# NOTE: API key file at: `~/.gemini/.env` with mode 600
+# content: `GEMINI_API_KEY=your-api-key`
+
 { config, pkgs, lib, ... }:

 {
@ -61,10 +64,4 @@

    context."GEMINI" = "";
  };
-
-  # NOTE: API key must be manually created in ~/.gemini/.env
-  # The file should contain:
-  #   GEMINI_API_KEY=your-api-key
-  # Get your API key from https://aistudio.google.com/apikey
-  # Make sure to set permissions: chmod 600 ~/.gemini/.env
 }
--- a/modules/samba.nix
+++ b/modules/samba.nix
@ -1,3 +1,5 @@
+# NOTE: Samba user password manually set: `sudo smbpasswd -a ${cfg.user}`
+
 { config, pkgs, lib, ... }:

 let
@ -62,9 +64,5 @@ in
      "d ${cfg.sharedPath} 0755 ${cfg.user} users - -"
    ];

-    # NOTE: Samba user password must be manually set using:
-    # sudo smbpasswd -a ${cfg.user}
-    # This creates a Samba password for the specified user.
-    # The user must already exist as a Unix user on the system.
  };
 }
--- a/modules/tailscale.nix
+++ b/modules/tailscale.nix
@ -1,3 +1,6 @@
+# NOTE: Auth key file at: `/etc/tailscale/authkey` with mode 600
+# content: `tailscale-api-key`
+
 { config, pkgs, lib, ... }:

 with lib;
@ -8,10 +11,6 @@ let
 in

 {
-  # NOTE: Auth key file: /etc/tailscale/authkey
-  # Generate at https://login.tailscale.com/admin/settings/keys
-  # Place on host with mode 0600
-
  options.services.tailscale-custom = {
    exitNode = mkOption {
      type = types.bool;
--- a/modules/traefik.nix
+++ b/modules/traefik.nix
@ -1,3 +1,8 @@
+# NOTE: environment file at: `/etc/traefik-env` with mode 600
+# content (for Cloudflare API):
+#   CF_API_EMAIL=your-email@example.com
+#   CF_DNS_API_TOKEN=your-cloudflare-api-token
+
 { config, pkgs, lib, ... }:

 {
@ -79,10 +84,4 @@
    # Mount Docker/Podman socket for service discovery
    BindPaths = [ "/run/podman/podman.sock:/var/run/docker.sock" ];
  };
-
-  # NOTE: Cloudflare credentials must be manually created in /etc/traefik-env
-  # The file should contain:
-  #   CF_API_EMAIL=your-email@example.com
-  #   CF_DNS_API_TOKEN=your-cloudflare-api-token
-  # Make sure to set permissions: chmod 600 /etc/traefik-env
 }
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@ -1,3 +1,6 @@
+# NOTE: Private key file at: `/etc/wireguard/private.key` with mode 600
+# Generate with: `wg genkey > /etc/wireguard/private.key`
+
 { config, pkgs, lib, ... }:

 with lib;
@ -27,9 +30,6 @@ in
      description = "UDP port to listen on (server mode only)";
    };

-    # NOTE: Private key file: /etc/wireguard/private.key
-    # Generate with: wg genkey > /etc/wireguard/private.key
-    # Place on host with mode 0600 (auto-generated if missing)
    privateKeyFile = mkOption {
      type = types.str;
      default = "/etc/wireguard/private.key";
--- a/modules/yt-dlp.nix
+++ b/modules/yt-dlp.nix
@ -1,3 +1,7 @@
+# NOTE: Cookie files at:
+#   ~/.config/yt-dlp/cookies-youtube.txt
+#   ~/.config/yt-dlp/cookies-bilibili.txt
+
 { config, pkgs, lib, ... }:

 with lib;
@ -36,10 +40,6 @@ in
      python312Packages.bgutil-ytdlp-pot-provider  # PO token provider for YouTube
    ];

-    # NOTE: Cookie files must be manually placed at:
-    #   ~/.config/yt-dlp/cookies-youtube.txt
-    #   ~/.config/yt-dlp/cookies-bilibili.txt
-
    # Create yt-dlp configuration file
    home.file.".config/yt-dlp/config".text = ''
      # Quality settings