blob: 269554978bbcf23da0f2d29e3542d3065a3613f2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
{ lib, config, pkgs, userDetails, ... }: let
cfg = config._archetypes.tjkeller.setPasswords;
hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
in {
options._archetypes.tjkeller.setPasswords = {
enable = lib.mkEnableOption "set users password. requires hashed root password from sops";
};
config = lib.mkIf cfg.enable {
# Load hashed root password secret
sops.secrets.hashed-root-password = {
sopsFile = ./resources/secrets/hashed-root-password.yaml;
neededForUsers = true;
};
# Apply password file
users.users = {
root = { inherit hashedPasswordFile; };
${userDetails.username} = lib.mkIf config._archetypes.users.primary.enable { inherit hashedPasswordFile; };
};
};
}
|
