use sops secrets

2024-06-16 21:30:10 +05:30 · 2024-06-16 21:30:10 +05:30 · efea526d87
commit efea526d87
parent a448c9071b
5 changed files with 24 additions and 31 deletions
--- a/common/default.nix
+++ b/common/default.nix
@ -1,3 +1,3 @@
 { ... }: {
-  imports = [ ./nix.nix ./users ./secrets.nix ];
+  imports = [ ./nix.nix ./secrets.nix ./users.nix ];
 }
--- a/common/users.nix
+++ b/common/users.nix
@ -0,0 +1,20 @@
+{ config, pkgs, ... }: {
+  users.mutableUsers = false;
+  users.users = {
+    root = {
+      hashedPasswordFile = config.sops.secrets."passwd/root".path;
+    };
+    adtya = {
+      uid = 1000;
+      hashedPasswordFile = config.sops.secrets."passwd/adtya".path;
+      description = "Adithya";
+      isNormalUser = true;
+      extraGroups = [ "docker" "libvirtd" "networkmanager" "tss" "wheel" ];
+      shell = pkgs.zsh;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPxDgoV9yf+yPnp4pt5EWgo7uC25W66ehoL/rlshVW+8 Skipper"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPodFFNUK16y9bjHVMhr+Ykro3v1FVLbmqKg7mjMv3Wz Kowalski"
+      ];
+    };
+  };
+}
--- a/common/users/default.nix
+++ b/common/users/default.nix
@ -1,27 +0,0 @@
-{ pkgs
-, secrets
-, ...
-}:
-let
-  inherit (secrets) users;
-in
-{
-  users.mutableUsers = false;
-  users.users = {
-    root = {
-      inherit (users.root) hashedPassword;
-    };
-    "${users.primary.userName}" = {
-      uid = 1000;
-      inherit (users.primary) hashedPassword;
-      description = users.primary.realName;
-      isNormalUser = true;
-      extraGroups = [ "docker" "libvirtd" "networkmanager" "tss" "wheel" ];
-      shell = pkgs.zsh;
-      openssh.authorizedKeys.keys = [
-        users.primary.sshPublicKey
-        secrets.phone.sshPublicKey
-      ];
-    };
-  };
-}
--- a/flake.nix
+++ b/flake.nix
@ -72,7 +72,7 @@
                useUserPackages = true;
                useGlobalPkgs = true;
                extraSpecialArgs = inputs // { inherit secrets; extra-packages = (extra-packages system); };
-                users.${secrets.users.primary.userName} = _: {
+                users.adtya = _: {
                  imports = [
                    impermanence.nixosModules.home-manager.impermanence
                    ./home
--- a/secrets.yaml
+++ b/secrets.yaml
@ -25,8 +25,8 @@ sops:
            MTdMRzR6anF4RzVBbnI5cnFPQmRpWmcKCiFOU74esinQsdc55Zwny5/VVNN2r3rq
            19ZYyCVNuyTeOXxuvUvjPJeW2X+v9H6bvbg1sXMxb761Pm0VGYor+g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-16T15:30:46Z"
-    mac: ENC[AES256_GCM,data:/D317rlcTmlmRA23umgXQzdNi5ZN0BEvyZX9YgmJBRUOMI5wredwqOiH3pqfcy1Aj4EeD9LqNP2BtQy7iRevD4A5/1W5K0rynbBpWknpr6w+VNUdB5b8NVgYBVbDsc/OogaV/33oN9wIe5crnD/UlvG+uv1zNCRr3BXai0yX+Ns=,iv:qf+8SHnt28nNbA1wB6fzkLvzN7JGaRvTlYiCT8Yt9AQ=,tag:N0t1umV+VkOXH2cKilQ75A==,type:str]
+    lastmodified: "2024-06-16T16:15:25Z"
+    mac: ENC[AES256_GCM,data:oV4M6ZIMuPwjUk9AfkrbGO6bSaLOSqSS8BhT1GzjZujaZou8+McBgvvuman6I3DeF0ZDaX7cDUU/CV3V3Pm/bfNUispamGW/kKaeZmYMKcUOkUKts7736F0BpaytZa8gdQYGvnS1uSgT41TisIJlVdqPgHDkkug5DR3s6EM/vj8=,iv:sPRORyWQU/p7vaRthmgA8/yBiYrcasOrdAP6vkaMWL8=,tag:sgeDQDpeUMHjOX0Yf9MnJw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1