From 029152408200508d0bad1c8f0ecb1eaada604137 Mon Sep 17 00:00:00 2001 From: cswimr Date: Mon, 2 Dec 2024 22:13:35 -0500 Subject: [PATCH] set the initial user password --- secrets/secrets.yaml => .sops-secrets.yaml | 7 +++++-- .sops.yaml | 2 +- nixos/configuration.nix | 3 ++- nixos/sops.nix | 7 ++++++- 4 files changed, 14 insertions(+), 5 deletions(-) rename secrets/secrets.yaml => .sops-secrets.yaml (71%) diff --git a/secrets/secrets.yaml b/.sops-secrets.yaml similarity index 71% rename from secrets/secrets.yaml rename to .sops-secrets.yaml index ec1042b..f6a08be 100644 --- a/secrets/secrets.yaml +++ b/.sops-secrets.yaml @@ -1,4 +1,7 @@ zipline: ENC[AES256_GCM,data:YQMdw1cJy9wFnJsX6fPWBXK0rPEnuJJwJysVh0vggcnySFjl5Dmolaqxhw==,iv:RKB+rNz76ZxqzmyATLcpHmaap1f6aWWm7smBTieMZ8M=,tag:GN967VhwqZwMA6uzshKBmQ==,type:str] +users: + cswimr: + password: ENC[AES256_GCM,data:KPB3C8z1vBB6M6hcuLQyIzoID23v/syTui3eFfrVKwzDwL4X7BdYbnYfuJSXedce+KHmvZv+AE6w3PTD9c7CPpLUlUQmteAY6w==,iv:a393VckzNy+vRqb9vDr9QRBQe27bHOUJR3JwrHAP5g4=,tag:UDl+3dWV+GrJ7Wva3y9VsQ==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +26,8 @@ sops: b1JvNi9YODZPN1FObWpOVHN3aU85NFEK1dN5pV8g3nG3D2l482z1JCRzmJ/9m495 YEobjXbEqQDhvA47ueWojoMjvQ3CgrPyiL6v+DLj7VfI5cyuo+89IQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-03T01:29:28Z" - mac: ENC[AES256_GCM,data:NzE6V3kb9hiA9WAs7GFK5GqFoOUP5U/EOskWq0qdCo6GMewkK8TqrY+lFgjkEhY39PobgVTICBT8MGhY9eiEINYdBl7DuQGb3cR/puV+iCPEgUemzVcmcGkd24ktzUO2DsWet1EFC84oOu50XzYfR9VqW3z7+7UbpzWuOxIdvAA=,iv:pxNCxKPevqg8QxsIfL6+2pEB5cUmKhmLhmdiO+nB/Ac=,tag:uFA84z0XjzNgp3NLBu8AfQ==,type:str] + lastmodified: "2024-12-03T02:52:14Z" + mac: ENC[AES256_GCM,data:ai0BsmImgvbL7KI+ioxUEq0XhiMAziIoDYenLCXjaEEtX9gcvdlmzhuI7k8/MGJjtdAzKxnPWHwQeG1B59ub4Vv+jTOts5ERizbIxscSMhTYogW1CUWzfkunf2y2gViwcCogt2Qzf+v/lN0vQFlkPqJAK6Sd0R/b+vjIyOXMxO0=,iv:vRssoy2PJ8CXehsNoj/QoNesG2sMHNXgBlYtmlfaDzU=,tag:xQ/IsI0Bdzyqydw1blDfCA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/.sops.yaml b/.sops.yaml index 25db5dd..b05dbf3 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,7 +2,7 @@ - &cswimr age1q9f9zhkfjn2c3a8qtmfqh0rtls3542jukqpt7t93jca6hc947f3sm9ujhx - &eclipse age184ude6fyak8z4nnndq4nzcpe2d89zxf3r4paty7j2tenkwa6zgtqrz60lq creation_rules: - - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + - path_regex: \.sops-secrets\.yaml$ key_groups: - age: - *cswimr diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 30bf2a0..5c18c92 100755 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -1,7 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ pkgs, hostname, ... }: +{ pkgs, config, hostname, ... }: { nix = { settings = { @@ -95,6 +95,7 @@ # Define a user account. Don't forget to set a password with ‘passwd’. users.users.cswimr = { isNormalUser = true; + hashedPasswordFile = config.sops.secrets."users/cswimr/password".path; description = "Seaswimmer"; extraGroups = [ "networkmanager" diff --git a/nixos/sops.nix b/nixos/sops.nix index fd2b726..e911719 100644 --- a/nixos/sops.nix +++ b/nixos/sops.nix @@ -1,13 +1,18 @@ { user, ... }: { sops = { - defaultSopsFile = ../secrets/secrets.yaml; + defaultSopsFile = ../.sops-secrets.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; secrets = { "zipline" = { owner = user; path = "/home/${user}/.secrets/zipline"; }; + "users/cswimr/password" = { + neededForUsers = true; + owner = user; + path = "/home/${user}/.secrets/password"; + }; }; }; }