use sops secrets
This commit is contained in:
parent
a448c9071b
commit
efea526d87
5 changed files with 24 additions and 31 deletions
|
@ -1,3 +1,3 @@
|
||||||
{ ... }: {
|
{ ... }: {
|
||||||
imports = [ ./nix.nix ./users ./secrets.nix ];
|
imports = [ ./nix.nix ./secrets.nix ./users.nix ];
|
||||||
}
|
}
|
||||||
|
|
20
common/users.nix
Normal file
20
common/users.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
users.mutableUsers = false;
|
||||||
|
users.users = {
|
||||||
|
root = {
|
||||||
|
hashedPasswordFile = config.sops.secrets."passwd/root".path;
|
||||||
|
};
|
||||||
|
adtya = {
|
||||||
|
uid = 1000;
|
||||||
|
hashedPasswordFile = config.sops.secrets."passwd/adtya".path;
|
||||||
|
description = "Adithya";
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "docker" "libvirtd" "networkmanager" "tss" "wheel" ];
|
||||||
|
shell = pkgs.zsh;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPxDgoV9yf+yPnp4pt5EWgo7uC25W66ehoL/rlshVW+8 Skipper"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPodFFNUK16y9bjHVMhr+Ykro3v1FVLbmqKg7mjMv3Wz Kowalski"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,27 +0,0 @@
|
||||||
{ pkgs
|
|
||||||
, secrets
|
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
let
|
|
||||||
inherit (secrets) users;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
users.mutableUsers = false;
|
|
||||||
users.users = {
|
|
||||||
root = {
|
|
||||||
inherit (users.root) hashedPassword;
|
|
||||||
};
|
|
||||||
"${users.primary.userName}" = {
|
|
||||||
uid = 1000;
|
|
||||||
inherit (users.primary) hashedPassword;
|
|
||||||
description = users.primary.realName;
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "docker" "libvirtd" "networkmanager" "tss" "wheel" ];
|
|
||||||
shell = pkgs.zsh;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
users.primary.sshPublicKey
|
|
||||||
secrets.phone.sshPublicKey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -72,7 +72,7 @@
|
||||||
useUserPackages = true;
|
useUserPackages = true;
|
||||||
useGlobalPkgs = true;
|
useGlobalPkgs = true;
|
||||||
extraSpecialArgs = inputs // { inherit secrets; extra-packages = (extra-packages system); };
|
extraSpecialArgs = inputs // { inherit secrets; extra-packages = (extra-packages system); };
|
||||||
users.${secrets.users.primary.userName} = _: {
|
users.adtya = _: {
|
||||||
imports = [
|
imports = [
|
||||||
impermanence.nixosModules.home-manager.impermanence
|
impermanence.nixosModules.home-manager.impermanence
|
||||||
./home
|
./home
|
||||||
|
|
|
@ -25,8 +25,8 @@ sops:
|
||||||
MTdMRzR6anF4RzVBbnI5cnFPQmRpWmcKCiFOU74esinQsdc55Zwny5/VVNN2r3rq
|
MTdMRzR6anF4RzVBbnI5cnFPQmRpWmcKCiFOU74esinQsdc55Zwny5/VVNN2r3rq
|
||||||
19ZYyCVNuyTeOXxuvUvjPJeW2X+v9H6bvbg1sXMxb761Pm0VGYor+g==
|
19ZYyCVNuyTeOXxuvUvjPJeW2X+v9H6bvbg1sXMxb761Pm0VGYor+g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-16T15:30:46Z"
|
lastmodified: "2024-06-16T16:15:25Z"
|
||||||
mac: ENC[AES256_GCM,data:/D317rlcTmlmRA23umgXQzdNi5ZN0BEvyZX9YgmJBRUOMI5wredwqOiH3pqfcy1Aj4EeD9LqNP2BtQy7iRevD4A5/1W5K0rynbBpWknpr6w+VNUdB5b8NVgYBVbDsc/OogaV/33oN9wIe5crnD/UlvG+uv1zNCRr3BXai0yX+Ns=,iv:qf+8SHnt28nNbA1wB6fzkLvzN7JGaRvTlYiCT8Yt9AQ=,tag:N0t1umV+VkOXH2cKilQ75A==,type:str]
|
mac: ENC[AES256_GCM,data:oV4M6ZIMuPwjUk9AfkrbGO6bSaLOSqSS8BhT1GzjZujaZou8+McBgvvuman6I3DeF0ZDaX7cDUU/CV3V3Pm/bfNUispamGW/kKaeZmYMKcUOkUKts7736F0BpaytZa8gdQYGvnS1uSgT41TisIJlVdqPgHDkkug5DR3s6EM/vj8=,iv:sPRORyWQU/p7vaRthmgA8/yBiYrcasOrdAP6vkaMWL8=,tag:sgeDQDpeUMHjOX0Yf9MnJw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in a new issue