secrets: move hashed passwords to agenix

This commit is contained in:
Antoine Martin 2022-01-18 11:41:37 +01:00
parent e5d6210912
commit a83c9a4644
4 changed files with 5 additions and 2 deletions

View file

@ -5,10 +5,10 @@ in
{
users.mutableUsers = false;
users.users.root = {
hashedPassword = secrets.shadow-hashed-password-root;
passwordFile = config.age.secrets."users/root-hashed-password".path;
};
users.users.alarsyo = {
hashedPassword = secrets.shadow-hashed-password-alarsyo;
passwordFile = config.age.secrets."users/alarsyo-hashed-password".path;
isNormalUser = true;
extraGroups = [
"media"

View file

@ -13,4 +13,7 @@ in
{
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
"users/root-hashed-password.age".publicKeys = machines;
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ];
}

Binary file not shown.

Binary file not shown.