alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

secrets: move hashed passwords to agenix

Browse source
This commit is contained in:
Antoine Martin 2022-01-18 11:41:37 +01:00
parent e5d6210912
commit a83c9a4644
4 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
base/users.nix
View file

@ -5,10 +5,10 @@ in
{ {
users.mutableUsers = false; users.mutableUsers = false;
users.users.root = { users.users.root = {
hashedPassword = secrets.shadow-hashed-password-root; passwordFile = config.age.secrets."users/root-hashed-password".path;
}; };
users.users.alarsyo = { users.users.alarsyo = {
hashedPassword = secrets.shadow-hashed-password-alarsyo; passwordFile = config.age.secrets."users/alarsyo-hashed-password".path;
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
"media" "media"

3
modules/secrets/secrets.nix
View file

@ -13,4 +13,7 @@ in
{ {
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
"users/root-hashed-password.age".publicKeys = machines;
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ];
} }

BIN
modules/secrets/users/alarsyo-hashed-password.age Normal file
View file

Binary file not shown.

BIN
modules/secrets/users/root-hashed-password.age Normal file
View file

Binary file not shown.