feat(users): use password files

2022-04-21 01:06:43 -04:00 · 2022-04-21 01:06:43 -04:00 · 91ce253aa3
commit 91ce253aa3
parent acc8fa2d71
5 changed files with 44 additions and 5 deletions
--- a/secrets/infinidoge-password.age
+++ b/secrets/infinidoge-password.age
@ -0,0 +1,18 @@
+age-encryption.org/v1
+-> ssh-ed25519 sQ/0YA c02kJQfYmd40OLtQSoEgbD5UK1CJYzaO580p5M3tgEE
+DtJzSeykrfhkguW4eY9VCuxbHbmG6r6DXm/z9Sv1zdc
+-> ssh-ed25519 i9xGKA yQAICj+MGdzyghsgkKuqK4qWRL5OuIheAlHvscNMJCo
+4ey8etW2CWuJcrIYRaNNxMLvL2fZ3cea7Zw6FGwbYyY
+-> ssh-ed25519 hjL/yw VbSsXF0/vxfadBVBC/xV4LZJ8+u9/sSQiAseLS42zXo
+DlW5vP8Nf9mSRocj+APnHpkZwturonw2RsEJmd+R2qY
+-> ssh-ed25519 GT2Stg lkEK0we7p518z3r1835txVkeImmmcE79JfF2HRfF5Ck
+UTBvgx3DcW92dz3b6O3cVgUS+nYvDQZ6v8LDsyHTn3A
+-> ssh-ed25519 oAMyvg a9lDRRjs1JiVoH42aI/wRcU6KkvrYHiByEQhVO0Q2yk
+y2V7u09HrO3hBw5FrPxN8r1hCB3Bz0rbjSdn8PpQdb8
+-> ssh-ed25519 VIHjXg Fl+hvzWxSVG380iVOc3vVpQ948lQnSQk4SPgEbGi/Fc
+VQwlq52GrwQf33kKX273fdSrbNRyrwHlrWl3gBzMClc
+-> bl~--grease h]= ? , Zg$oye
+pOIf54JDYVnfIbnOnFAarqD4qZ3CJqyyuBghZ7+wOLdLveZvSzX+ZnOJXflFssbH
+aHjQGQVUPQAkdN9WQl74JzyOpXuJzzZWK+5l+/shbaqctlg+sRldaA
+--- j1+AKUoaCAtYEQC+xQDHy1gF+5EMqxm69++KdSMOQ3g
+S2†`ÂòýÉqá„§ßD¢/^õ¤w, Š0Q©“#¨þ˜›°°ÉÆÚ´ÿ»¬†a’ËƒÁ<`4–<34>\,w·ªl(î¾ýôæœæú[<5B>ZR·½¯äŠDÛ+6J#X :CR|È¡ƒ"šºˆO²í<0B>A\ç1s,Ñ"0oB‹¢ÅÌ#L‘\NX	A
--- a/secrets/root-password.age
+++ b/secrets/root-password.age
@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 sQ/0YA zo2n26x9z+t64mw9e4cl5/TgioTVogj+6TRZ1yfHCxQ
+FV6nBV+bVGrR2Iu8Ot0IX4LO5doc6tpsTbLI9T50/PM
+-> ssh-ed25519 i9xGKA xx189w2ULIUuL/tsYb0gp4XyBJ7cjvoI8ROdlk5BHV8
+iTLqLBENG6785I6Li0DSP47X8aJVmKvE7+502AF4SOc
+-> ssh-ed25519 hjL/yw bIecDMhhC4naOx9wBOjsblLZIC7+aRjFWzB9axwm8z0
+3hGnbPUhuW/yxcWWAq+hXY11AI6XbrvBr0455N1YWu4
+-> ssh-ed25519 GT2Stg teywSwYE997tn7zk2y6pmD8BEVMnHkAswq79gNpsXXQ
+clLyN5/QSyXKYmuZs8m/+Q7dJdcplDbc9agsHvZ1zeg
+-> ssh-ed25519 oAMyvg qjCn0XPTSKV+TJiAkAuPJezcT73WaZ/5asqlcSWTERo
+Kn2VMvvP48N3zRhOErjyUNYNlYRo1fMUNAECTs+QiEs
+-> ssh-ed25519 VIHjXg cWBNZ9IPGFKefIYDM3ozp4h4zHV7oIJREpn8SQGo5DM
+vq46Ds0VdMzp2QyVP2VbZDDpBWCcJJeeuP8VQhTl3d4
+-> b-grease K[q& E"
+gT6EfmD+g2smtYNs7FK9Irv7YczDX32ngezx8iAwUtvyDA
+--- 4UIQiKupkgoRT1eN3v83cj4ELQTEFfG283HFfBylTDA
+¢0iåj…<17>¬KF^¤8âWI¥ˆ—/7`x3•wf|ŠžòvÊK›O¥—]*ZÑeðÆB8ö¢ã1B2“‰—_€Ê>3^¹ÝüRÉzÿ_¿†ª’ù rÜÊf£±T9ú7mÚíÃseÔ¥‚ç|Ì§h©YœÇB÷w2µGËåµ½ŸÉNÚ®¢Ò
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -17,4 +17,6 @@ let
 in
 {
  "wireless.age".publicKeys = allKeys;
+  "infinidoge-password.age".publicKeys = allKeys;
+  "root-password.age".publicKeys = allKeys;
 }
--- a/users/infinidoge/default.nix
+++ b/users/infinidoge/default.nix
@ -89,11 +89,12 @@ in
    software.minipro.enable = true;
  };

+  age.secrets.infinidoge-password.file = "${self}/secrets/infinidoge-password.age";
+
  user = {
    name = "infinidoge";
    uid = 1000;
-    hashedPassword =
-      "PASSWORD SET IN THE FUTURE";
+    passwordFile = config.age.secrets.infinidoge-password.path;
    description = "Infinidoge, primary user of the system";
    group = "users";
    isNormalUser = true;
--- a/users/root/default.nix
+++ b/users/root/default.nix
@ -1,6 +1,7 @@
-{ lib, ... }: {
-  users.users.root.hashedPassword =
-    "PASSWORD SET IN THE FUTURE";
+{ lib, config, self, ... }: {
+  age.secrets.root-password.file = "${self}/secrets/root-password.age";
+
+  users.users.root.passwordFile = config.age.secrets.root-password.path;

  home-manager.users.root = { suites, profiles, ... }: {
    imports = lib.lists.flatten [