flake: migrate to agenix-rekey

2025-02-18 21:47:38 -05:00 · 2025-02-18 21:47:38 -05:00 · b54be3998f
commit b54be3998f
parent 26734c2196
61 changed files with 306 additions and 190 deletions
--- a/users/root/default.nix
+++ b/users/root/default.nix
@ -2,14 +2,15 @@
  config,
  lib,
  pkgs,
+  secrets,
  ...
 }:
 {
  users.users.root = {
    shell = pkgs.zsh;
-    hashedPasswordFile = lib.mkIf config.modules.secrets.enable config.secrets.root-password;
+    hashedPasswordFile = lib.mkIf config.modules.secrets.enable secrets.password-root;
    openssh.authorizedKeys.keys = import ./ssh-keys.nix;
  };

-  home-manager.users.root = { ... }: { };
+  age.secrets.password-root.rekeyFile = ./password.age;
 }
--- a/users/root/password.age
+++ b/users/root/password.age
@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> piv-p256 CT7K2Q AooiXHg+vA2jBkxQ00aC81gCRIuo9Xe4c4uOaWCMU4X6
+4Aaaywj9vKAj/cv+yb6gFeiV+ROTeTxnPDrgAO29ODM
+-> piv-p256 5utyxg Apti8vz8VE2kLk8pvWIYk0f+AnuHItXpH3x2MDs3iv+0
+OhtPhXmsLZXimQuAIdB54OD1Qde18ZDVBUsGNafRR8
+-> M_nrH-grease hj"xH( *8 dX]
+Ld3SIuXFJqz/gbDEnDxroU188XFJjoRkqHnYWpRLauCpcSbG2kHuKdYKDQ
+--- Wp70IAXPdmf99j5ccFzGM8FDfcTl05nz01d5cc0tVgI
+Ô4µ«ôã,DXU»»›ª‘Ú›
+Gx(Í¹ÝE'(þgìK&h¡µÍ½È$ÈEÿ…<>/g¼¦{öBJö“ÃQ«³a¤öèNö,j'3î(ÝÝ4¡î„j¸ØQÚ¾Ä)
+<EFBFBD>[C…ø¯AJf&êœÍ°Üaf¥<66>™Í¸~Õ<>*öÝ¥Žx9*äI