From 7a9236c929a34e92effbb98a6fd0e8d182698698 Mon Sep 17 00:00:00 2001 From: Tim Keller Date: Thu, 9 Jan 2025 10:45:41 -0600 Subject: set user and root passwords from secret --- modules/root/normaluser.nix | 6 +++++- modules/root/resources/secrets/secrets.yaml | 5 +++-- modules/root/secrets.nix | 1 + 3 files changed, 9 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix index 97e0a14..fc243ea 100644 --- a/modules/root/normaluser.nix +++ b/modules/root/normaluser.nix @@ -1,8 +1,12 @@ -{ userDetails, ... }: { +{ config, userDetails, ... }: { + users.users.root = { + hashedPasswordFile = config.sops.secrets.hashed-root-password.path; + }; users.users.${userDetails.username} = { description = userDetails.fullname; #home = userDetails.home.root; isNormalUser = true; + hashedPasswordFile = config.sops.secrets.hashed-root-password.path; extraGroups = [ "wheel" "nixbld" ]; }; } diff --git a/modules/root/resources/secrets/secrets.yaml b/modules/root/resources/secrets/secrets.yaml index 2f0742b..03f9517 100644 --- a/modules/root/resources/secrets/secrets.yaml +++ b/modules/root/resources/secrets/secrets.yaml @@ -1,4 +1,5 @@ wpa_supplicant-conf: ENC[AES256_GCM,data:0FI1Re1PbiJmtsqb5Ddj1g/e22FkSOxHtbhchybFJAn1Q6PBYpMM/myMUQqZDqCNDhR8f+b2LYcrFx+c9g+yDsR9VcgVe/NK1U5jvep5go3JIibR0NmtfPVZNMvThmVnzO+6aGtggjN8PTx4nm+GKzf7YZPV/buYRdWExJRf0loXgNM8iLtjnu1QGZjWNBtFGbTRHeiax1QhvPrawp76PNrdpzD3EkY26HZ2TRfXFP8ta93T43sac9iVj+U3ggn9MTNvLDGiOF1lAN/W69EeCnyzw3sbxCsuSYFQ4GKkggaehje58VpsG7rZMIHYhI6PQcctO6WUupBi80KcBCnQQKy0Pir7GUPwhw1NPKuOgTX9Otz1dXxJgNk+gA4NTmyCWh2LO0utW0bjAAoqhn5sti5TssxqT2q+bw8KiAqRMZKyj8JDKg4cpMCVUbSH4fcIK1ADXa0OzItgVZnhEKJeD0SYqScXoRlExiDxHG/yrYuJYKtUQSrYJXjJJcTreTyMXWUh1E/nvS7egnXFMYYxDdTvJ5bQ/Zp94FI+twhNfMxKF5qo2gcGUHjQu/M=,iv:LKr6fcQ2emSjQmEt1HgyLpFLg4ZxDOVgJEfkm4nQzbY=,tag:M+oo8dpWclIRaPyW17Ldwg==,type:str] +hashed-root-password: ENC[AES256_GCM,data:KUoB8Z0ifh7lE9ir9AqkiMRHfw6rusXw3KC1dLIRd4YpbTiNI+cAdC474LR721+LNWoj5ZytSdDsVyS+t3o076rV4sgWgL17jPPf+H2KE5FOmQKYTUiHfSBsLKyyhpie4tpFJWv/3cCW8Q==,iv:0sZPz3V7IqTGbF3Fnm+FbgBS3GTnHsRx0OzIoAE1H64=,tag:H6CQlANfiD6ZuQhONKyMAQ==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: UkJ1SGJrWXNtbmlmc2c4M1IxdUpVOWMKjaakq+n8ZijGjaNVM8/dQApaVFp9+q3K nhvon4p5KUFE+myABnEknaSZ5UcvW6ZLff9AB7l35NZhGXAhv+y6HA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-05T18:19:34Z" - mac: ENC[AES256_GCM,data:I3OlifI/TMO2Y1KZP7fku/00EN+Z9Rhu8LZmsihXK3DNVRhOQjUNOr9OkTCr+1DNVHHHMOsSXk5NyAXJA7Dv2o+8FLrgJrKBSzFetBktT6oHG0nm7l3jEt+1kPZUiXzcGvAUaxr9XdvH14iALf/zzoGHihod2j15ctx/mo5jTlg=,iv:ghPHZXdD/AUWE1kbkizZyLAUO5beOHhLIDRqDv2c33A=,tag:2J6ZTAzReSP0SYu2x2VtLQ==,type:str] + lastmodified: "2025-01-09T16:42:38Z" + mac: ENC[AES256_GCM,data:LUBRGB/NdT2Lvrecb4w3Xbq4ulMyhHwNjuGyH/fjFJOcNfOCNmwaxIRN59CBi65UxGe93mgYYKJtbCKUZA9JhEfC81e+wkD0ZpEaNBu2YAYetf6hE9LqlYO05QIf/qwXySkCXRKdDl5afcmBVXTj+6qDEljkGtWX7CPLlodvuSQ=,iv:EfYL215e52Ir3SSTba7WGFSTQHgtqzyfWUWTBS+lwrU=,tag:VjE1o7WCT/PWIxk2/b/eow==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix index 0385a0f..47262fd 100644 --- a/modules/root/secrets.nix +++ b/modules/root/secrets.nix @@ -8,6 +8,7 @@ secrets = { wpa_supplicant-conf = { }; + hashed-root-password = { }; }; }; -- cgit v1.2.3