feat(users): use password files

2022-04-21 01:06:43 -04:00 · 2022-04-21 01:06:43 -04:00 · 91ce253aa3
commit 91ce253aa3
parent acc8fa2d71
5 changed files with 44 additions and 5 deletions
--- a/secrets/infinidoge-password.age
+++ b/secrets/infinidoge-password.age
@ -0,0 +1,18 @@
 age-encryption.org/v1
 -> ssh-ed25519 sQ/0YA c02kJQfYmd40OLtQSoEgbD5UK1CJYzaO580p5M3tgEE
 DtJzSeykrfhkguW4eY9VCuxbHbmG6r6DXm/z9Sv1zdc
 -> ssh-ed25519 i9xGKA yQAICj+MGdzyghsgkKuqK4qWRL5OuIheAlHvscNMJCo
 4ey8etW2CWuJcrIYRaNNxMLvL2fZ3cea7Zw6FGwbYyY
 -> ssh-ed25519 hjL/yw VbSsXF0/vxfadBVBC/xV4LZJ8+u9/sSQiAseLS42zXo
 DlW5vP8Nf9mSRocj+APnHpkZwturonw2RsEJmd+R2qY
 -> ssh-ed25519 GT2Stg lkEK0we7p518z3r1835txVkeImmmcE79JfF2HRfF5Ck
 UTBvgx3DcW92dz3b6O3cVgUS+nYvDQZ6v8LDsyHTn3A
 -> ssh-ed25519 oAMyvg a9lDRRjs1JiVoH42aI/wRcU6KkvrYHiByEQhVO0Q2yk
 y2V7u09HrO3hBw5FrPxN8r1hCB3Bz0rbjSdn8PpQdb8
 -> ssh-ed25519 VIHjXg Fl+hvzWxSVG380iVOc3vVpQ948lQnSQk4SPgEbGi/Fc
 VQwlq52GrwQf33kKX273fdSrbNRyrwHlrWl3gBzMClc
 -> bl~--grease h]= ? , Zg$oye
 pOIf54JDYVnfIbnOnFAarqD4qZ3CJqyyuBghZ7+wOLdLveZvSzX+ZnOJXflFssbH
 aHjQGQVUPQAkdN9WQl74JzyOpXuJzzZWK+5l+/shbaqctlg+sRldaA
 --- j1+AKUoaCAtYEQC+xQDHy1gF+5EMqxm69++KdSMOQ3g
 S2†`ÂòýÉqá„§ßD¢/^õ¤w, Š0Q©“#¨þ˜›°°ÉÆÚ´ÿ»¬†a’ËƒÁ<`4–<34>\,w·ªl(î¾ýôæœæú[<5B>ZR·½¯äŠDÛ+6J#X :CR|È¡ƒ"šºˆO²í<0B>A\ç1s,Ñ"0oB‹¢ÅÌ#L‘\NX	A
--- a/secrets/root-password.age
+++ b/secrets/root-password.age
@ -0,0 +1,17 @@
 age-encryption.org/v1
 -> ssh-ed25519 sQ/0YA zo2n26x9z+t64mw9e4cl5/TgioTVogj+6TRZ1yfHCxQ
 FV6nBV+bVGrR2Iu8Ot0IX4LO5doc6tpsTbLI9T50/PM
 -> ssh-ed25519 i9xGKA xx189w2ULIUuL/tsYb0gp4XyBJ7cjvoI8ROdlk5BHV8
 iTLqLBENG6785I6Li0DSP47X8aJVmKvE7+502AF4SOc
 -> ssh-ed25519 hjL/yw bIecDMhhC4naOx9wBOjsblLZIC7+aRjFWzB9axwm8z0
 3hGnbPUhuW/yxcWWAq+hXY11AI6XbrvBr0455N1YWu4
 -> ssh-ed25519 GT2Stg teywSwYE997tn7zk2y6pmD8BEVMnHkAswq79gNpsXXQ
 clLyN5/QSyXKYmuZs8m/+Q7dJdcplDbc9agsHvZ1zeg
 -> ssh-ed25519 oAMyvg qjCn0XPTSKV+TJiAkAuPJezcT73WaZ/5asqlcSWTERo
 Kn2VMvvP48N3zRhOErjyUNYNlYRo1fMUNAECTs+QiEs
 -> ssh-ed25519 VIHjXg cWBNZ9IPGFKefIYDM3ozp4h4zHV7oIJREpn8SQGo5DM
 vq46Ds0VdMzp2QyVP2VbZDDpBWCcJJeeuP8VQhTl3d4
 -> b-grease K[q& E"
 gT6EfmD+g2smtYNs7FK9Irv7YczDX32ngezx8iAwUtvyDA
 --- 4UIQiKupkgoRT1eN3v83cj4ELQTEFfG283HFfBylTDA
 ¢0iåj…<17>¬KF^¤8âWI¥ˆ—/7`x3•wf|ŠžòvÊK›O¥—]*ZÑeðÆB8ö¢ã1B2“‰—_€Ê>3^¹ÝüRÉzÿ_¿†ª’ù rÜÊf£±T9ú7mÚíÃseÔ¥‚ç|Ì§h©YœÇB÷w2µGËåµ½ŸÉNÚ®¢Ò
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -17,4 +17,6 @@ let
 in
 {
  "wireless.age".publicKeys = allKeys;
  "infinidoge-password.age".publicKeys = allKeys;
  "root-password.age".publicKeys = allKeys;
 }
--- a/users/infinidoge/default.nix
+++ b/users/infinidoge/default.nix
@ -89,11 +89,12 @@ in
    software.minipro.enable = true;
  };
  age.secrets.infinidoge-password.file = "${self}/secrets/infinidoge-password.age";
  user = {
    name = "infinidoge";
    uid = 1000;
-    hashedPassword =
+    passwordFile = config.age.secrets.infinidoge-password.path;
      "PASSWORD SET IN THE FUTURE";
    description = "Infinidoge, primary user of the system";
    group = "users";
    isNormalUser = true;
--- a/users/root/default.nix
+++ b/users/root/default.nix
@ -1,6 +1,7 @@
-{ lib, ... }: {
+{ lib, config, self, ... }: {
-  users.users.root.hashedPassword =
+  age.secrets.root-password.file = "${self}/secrets/root-password.age";
-    "PASSWORD SET IN THE FUTURE";
+
  users.users.root.passwordFile = config.age.secrets.root-password.path;
  home-manager.users.root = { suites, profiles, ... }: {
    imports = lib.lists.flatten [