diff --git a/hosts/nixos/thinkpad/disk-config.nix b/hosts/nixos/thinkpad/disk-config.nix index 22ae116..e4933ee 100644 --- a/hosts/nixos/thinkpad/disk-config.nix +++ b/hosts/nixos/thinkpad/disk-config.nix @@ -1,6 +1,3 @@ -# Disko configuration for ThinkPad P14s Gen 2 -# Reflects the actual installed system configuration -# NOTE: This uses UUIDs from the existing installation { disko.devices = { disk = { @@ -37,4 +34,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/modules/borg/client.nix b/modules/borg/client.nix index c1d5bc0..caa3046 100644 --- a/modules/borg/client.nix +++ b/modules/borg/client.nix @@ -1,3 +1,6 @@ +# NOTE: Passphrase file at: `/etc/borg-passphrase` with mode 600 +# content: `BORG_PASSPHRASE=your-passphrase` + { config, lib, pkgs, ... }: with lib; @@ -5,9 +8,6 @@ with lib; let cfg = config.services.borg-client-custom; sshCommand = "ssh -F /home/yanlin/.ssh/config -o StrictHostKeyChecking=accept-new -o ServerAliveInterval=60 -o ServerAliveCountMax=240"; - # NOTE: Passphrase file: /etc/borg-passphrase - # Should contain: BORG_PASSPHRASE=your-passphrase - # Place on host with mode 0600 passphraseFile = "/etc/borg-passphrase"; excludePatterns = [ "*.tmp" "*.temp" "*/.cache/*" "*/.local/share/Trash/*" "*/tmp/*" "*/temp/*" diff --git a/modules/dufs.nix b/modules/dufs.nix index d24eb66..3601a09 100644 --- a/modules/dufs.nix +++ b/modules/dufs.nix @@ -1,3 +1,6 @@ +# NOTE: Authentication file at: `/etc/dufs-auth` with mode 600 +# content: `username:password` + { config, pkgs, lib, ... }: let @@ -36,10 +39,6 @@ in # Install dufs package environment.systemPackages = [ pkgs.dufs ]; - # Create systemd service - # NOTE: Authentication credentials must be manually created in /etc/dufs-auth - # The file should contain a single line in format: username:password - # Make sure to set permissions: chmod 600 /etc/dufs-auth systemd.services.dufs = { description = "Dufs WebDAV File Server"; wantedBy = [ "multi-user.target" ]; diff --git a/modules/gemini-cli.nix b/modules/gemini-cli.nix index e3a6bc7..dd5bbcf 100644 --- a/modules/gemini-cli.nix +++ b/modules/gemini-cli.nix @@ -1,3 +1,6 @@ +# NOTE: API key file at: `~/.gemini/.env` with mode 600 +# content: `GEMINI_API_KEY=your-api-key` + { config, pkgs, lib, ... }: { @@ -61,10 +64,4 @@ context."GEMINI" = ""; }; - - # NOTE: API key must be manually created in ~/.gemini/.env - # The file should contain: - # GEMINI_API_KEY=your-api-key - # Get your API key from https://aistudio.google.com/apikey - # Make sure to set permissions: chmod 600 ~/.gemini/.env } diff --git a/modules/samba.nix b/modules/samba.nix index 97d0947..8145943 100644 --- a/modules/samba.nix +++ b/modules/samba.nix @@ -1,3 +1,5 @@ +# NOTE: Samba user password manually set: `sudo smbpasswd -a ${cfg.user}` + { config, pkgs, lib, ... }: let @@ -62,9 +64,5 @@ in "d ${cfg.sharedPath} 0755 ${cfg.user} users - -" ]; - # NOTE: Samba user password must be manually set using: - # sudo smbpasswd -a ${cfg.user} - # This creates a Samba password for the specified user. - # The user must already exist as a Unix user on the system. }; } diff --git a/modules/tailscale.nix b/modules/tailscale.nix index 3ba58e4..64e3e51 100644 --- a/modules/tailscale.nix +++ b/modules/tailscale.nix @@ -1,3 +1,6 @@ +# NOTE: Auth key file at: `/etc/tailscale/authkey` with mode 600 +# content: `tailscale-api-key` + { config, pkgs, lib, ... }: with lib; @@ -8,10 +11,6 @@ let in { - # NOTE: Auth key file: /etc/tailscale/authkey - # Generate at https://login.tailscale.com/admin/settings/keys - # Place on host with mode 0600 - options.services.tailscale-custom = { exitNode = mkOption { type = types.bool; diff --git a/modules/traefik.nix b/modules/traefik.nix index 9c0a567..7c470a5 100644 --- a/modules/traefik.nix +++ b/modules/traefik.nix @@ -1,3 +1,8 @@ +# NOTE: environment file at: `/etc/traefik-env` with mode 600 +# content (for Cloudflare API): +# CF_API_EMAIL=your-email@example.com +# CF_DNS_API_TOKEN=your-cloudflare-api-token + { config, pkgs, lib, ... }: { @@ -79,10 +84,4 @@ # Mount Docker/Podman socket for service discovery BindPaths = [ "/run/podman/podman.sock:/var/run/docker.sock" ]; }; - - # NOTE: Cloudflare credentials must be manually created in /etc/traefik-env - # The file should contain: - # CF_API_EMAIL=your-email@example.com - # CF_DNS_API_TOKEN=your-cloudflare-api-token - # Make sure to set permissions: chmod 600 /etc/traefik-env } diff --git a/modules/wireguard.nix b/modules/wireguard.nix index 151c15b..0951726 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -1,3 +1,6 @@ +# NOTE: Private key file at: `/etc/wireguard/private.key` with mode 600 +# Generate with: `wg genkey > /etc/wireguard/private.key` + { config, pkgs, lib, ... }: with lib; @@ -27,9 +30,6 @@ in description = "UDP port to listen on (server mode only)"; }; - # NOTE: Private key file: /etc/wireguard/private.key - # Generate with: wg genkey > /etc/wireguard/private.key - # Place on host with mode 0600 (auto-generated if missing) privateKeyFile = mkOption { type = types.str; default = "/etc/wireguard/private.key"; diff --git a/modules/yt-dlp.nix b/modules/yt-dlp.nix index 125673d..8d44db1 100644 --- a/modules/yt-dlp.nix +++ b/modules/yt-dlp.nix @@ -1,3 +1,7 @@ +# NOTE: Cookie files at: +# ~/.config/yt-dlp/cookies-youtube.txt +# ~/.config/yt-dlp/cookies-bilibili.txt + { config, pkgs, lib, ... }: with lib; @@ -36,10 +40,6 @@ in python312Packages.bgutil-ytdlp-pot-provider # PO token provider for YouTube ]; - # NOTE: Cookie files must be manually placed at: - # ~/.config/yt-dlp/cookies-youtube.txt - # ~/.config/yt-dlp/cookies-bilibili.txt - # Create yt-dlp configuration file home.file.".config/yt-dlp/config".text = '' # Quality settings