set user and root passwords from secret

author: Tim Keller <tjkeller.xyz> 2025-01-09 10:45:41 -0600
committer: Tim Keller <tjkeller.xyz> 2025-01-09 10:45:41 -0600
commit: 7a9236c929a34e92effbb98a6fd0e8d182698698 (patch)
tree: ace5fe93a5baa23ccff5df6547e140536ef2b3b4 /modules/root
parent: 7f7b84548461de85cb1e9b464c6bf8c69fa772a4 (diff)
download: nixos-7a9236c929a34e92effbb98a6fd0e8d182698698.tar.xz
nixos-7a9236c929a34e92effbb98a6fd0e8d182698698.zip
3 files changed, 9 insertions, 3 deletions
diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix
index 97e0a14..fc243ea 100644
--- a/modules/root/normaluser.nix
+++ b/modules/root/normaluser.nix
@@ -1,8 +1,12 @@
-{ userDetails, ... }: {
+{ config, userDetails, ... }: {
+	users.users.root = {
+		hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
+	};
 	users.users.${userDetails.username} = {
 		description = userDetails.fullname;
 		#home = userDetails.home.root;
 		isNormalUser = true;
+		hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
 		extraGroups = [ "wheel" "nixbld" ];
 	};
 }
diff --git a/modules/root/resources/secrets/secrets.yaml b/modules/root/resources/secrets/secrets.yaml
index 2f0742b..03f9517 100644
--- a/modules/root/resources/secrets/secrets.yaml
+++ b/modules/root/resources/secrets/secrets.yaml
@@ -1,4 +1,5 @@
 wpa_supplicant-conf: ENC[AES256_GCM,data:0FI1Re1PbiJmtsqb5Ddj1g/e22FkSOxHtbhchybFJAn1Q6PBYpMM/myMUQqZDqCNDhR8f+b2LYcrFx+c9g+yDsR9VcgVe/NK1U5jvep5go3JIibR0NmtfPVZNMvThmVnzO+6aGtggjN8PTx4nm+GKzf7YZPV/buYRdWExJRf0loXgNM8iLtjnu1QGZjWNBtFGbTRHeiax1QhvPrawp76PNrdpzD3EkY26HZ2TRfXFP8ta93T43sac9iVj+U3ggn9MTNvLDGiOF1lAN/W69EeCnyzw3sbxCsuSYFQ4GKkggaehje58VpsG7rZMIHYhI6PQcctO6WUupBi80KcBCnQQKy0Pir7GUPwhw1NPKuOgTX9Otz1dXxJgNk+gA4NTmyCWh2LO0utW0bjAAoqhn5sti5TssxqT2q+bw8KiAqRMZKyj8JDKg4cpMCVUbSH4fcIK1ADXa0OzItgVZnhEKJeD0SYqScXoRlExiDxHG/yrYuJYKtUQSrYJXjJJcTreTyMXWUh1E/nvS7egnXFMYYxDdTvJ5bQ/Zp94FI+twhNfMxKF5qo2gcGUHjQu/M=,iv:LKr6fcQ2emSjQmEt1HgyLpFLg4ZxDOVgJEfkm4nQzbY=,tag:M+oo8dpWclIRaPyW17Ldwg==,type:str]
+hashed-root-password: ENC[AES256_GCM,data:KUoB8Z0ifh7lE9ir9AqkiMRHfw6rusXw3KC1dLIRd4YpbTiNI+cAdC474LR721+LNWoj5ZytSdDsVyS+t3o076rV4sgWgL17jPPf+H2KE5FOmQKYTUiHfSBsLKyyhpie4tpFJWv/3cCW8Q==,iv:0sZPz3V7IqTGbF3Fnm+FbgBS3GTnHsRx0OzIoAE1H64=,tag:H6CQlANfiD6ZuQhONKyMAQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +15,8 @@ sops:
             UkJ1SGJrWXNtbmlmc2c4M1IxdUpVOWMKjaakq+n8ZijGjaNVM8/dQApaVFp9+q3K
             nhvon4p5KUFE+myABnEknaSZ5UcvW6ZLff9AB7l35NZhGXAhv+y6HA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-05T18:19:34Z"
-    mac: ENC[AES256_GCM,data:I3OlifI/TMO2Y1KZP7fku/00EN+Z9Rhu8LZmsihXK3DNVRhOQjUNOr9OkTCr+1DNVHHHMOsSXk5NyAXJA7Dv2o+8FLrgJrKBSzFetBktT6oHG0nm7l3jEt+1kPZUiXzcGvAUaxr9XdvH14iALf/zzoGHihod2j15ctx/mo5jTlg=,iv:ghPHZXdD/AUWE1kbkizZyLAUO5beOHhLIDRqDv2c33A=,tag:2J6ZTAzReSP0SYu2x2VtLQ==,type:str]
+    lastmodified: "2025-01-09T16:42:38Z"
+    mac: ENC[AES256_GCM,data:LUBRGB/NdT2Lvrecb4w3Xbq4ulMyhHwNjuGyH/fjFJOcNfOCNmwaxIRN59CBi65UxGe93mgYYKJtbCKUZA9JhEfC81e+wkD0ZpEaNBu2YAYetf6hE9LqlYO05QIf/qwXySkCXRKdDl5afcmBVXTj+6qDEljkGtWX7CPLlodvuSQ=,iv:EfYL215e52Ir3SSTba7WGFSTQHgtqzyfWUWTBS+lwrU=,tag:VjE1o7WCT/PWIxk2/b/eow==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.2
diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix
index 0385a0f..47262fd 100644
--- a/modules/root/secrets.nix
+++ b/modules/root/secrets.nix
@@ -8,6 +8,7 @@
 
 		secrets = {
 			wpa_supplicant-conf = { };
+			hashed-root-password = { };
 		};
 	};
author	Tim Keller <tjkeller.xyz>	2025-01-09 10:45:41 -0600
committer	Tim Keller <tjkeller.xyz>	2025-01-09 10:45:41 -0600
commit	7a9236c929a34e92effbb98a6fd0e8d182698698 (patch)
tree	ace5fe93a5baa23ccff5df6547e140536ef2b3b4 /modules/root
parent	7f7b84548461de85cb1e9b464c6bf8c69fa772a4 (diff)
download	nixos-7a9236c929a34e92effbb98a6fd0e8d182698698.tar.xz nixos-7a9236c929a34e92effbb98a6fd0e8d182698698.zip