Secreted passwords
This commit is contained in:
parent
43337d46a4
commit
e888c4ec30
2 changed files with 55 additions and 6 deletions
33
secrets/smolboi/users.yaml
Normal file
33
secrets/smolboi/users.yaml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
root:
|
||||||
|
password: ENC[AES256_GCM,data:82Kb0rIShlbfK1Q4rISjzDcP7JZ7Z0AfIW2a3QbXm4nM+IZvKMp6yo3xknOSCDWLmLyDeCB+ZJ2b8DCEt4HESEGLgWFXTye0cg==,iv:sAczzEFpsR18Ze5jIpjLzIa6bgEschzP33pJhCp8CMU=,tag:272F/o7uQI5Pe1c5C8Sxgw==,type:str]
|
||||||
|
cdombroski:
|
||||||
|
password: ENC[AES256_GCM,data:y4WEliyhHI+M9GHkH40jnbjcsR6pcNOx0TNvGvGSjqy82589XyfjTWsuM63d6RApQAr67xp9rDK2e42/II+IBgmZhrCy4ZNfkw==,iv:YRroI8xD9OAoTZ2dvN7QgCX8bXCdjGwEnN/STbI8UcU=,tag:MGt22XEvxZegvEGA6xEGQw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age15va8dthvmn30ymex0kkrrk034aq25drmsx4mkmf480a8uq4tvcyqw5s4uk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDSXNFeWttQkxPT1oxV01V
|
||||||
|
ZlVHeHlQencrcVQyVzlpRDM1b3JOd0ZTK1Y0CndXQWg2dHB6L3BvS3IwYlBteU91
|
||||||
|
cmZSb1BnSFViVHNaUXNVOXNBOG8ySzAKLS0tIGxwYzlWSnpTT3VaM2RqbWFLc0or
|
||||||
|
alczZGxNR1VCZkFmY3JRNmlaWHI4U2cKjIRtFLGaSnD+qiNQu1vZmAW3Ct0Mt3vW
|
||||||
|
6fhU0J1X3pdv/dtmuhtc3Bc0SyrUsdqJwPimSdoVd+mtutPrUHWijQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1qmv6x6zwxhaks86nqtsvck56ucdyc9fakgp59a30afl95p6vp4aqyf22hp
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdVRZSDdwTGpGWjZQZmQy
|
||||||
|
WDJmS1IzeXMrZk5rUEJ5dXJKMXlKUCsyV0JrCjJkbDZyQTB2SU9IeUZtVkxUREtp
|
||||||
|
ZDlPZEhRWE9vT1hCS0s3bi9qNWNLVU0KLS0tIE9Bd09yZHgrdDg2RnlFbXArcEV1
|
||||||
|
TGJhc2xmQ0dYdzBscDJac056dWx5ZDQK0cqHidbDzQ69Tg+HK/t52BN4+8Sjmbyh
|
||||||
|
McK8kBR738UH8DvrJOGTzNOVMGp07FF8hUKOw0KcpFULb7ir/foXLg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-05-04T17:20:01Z"
|
||||||
|
mac: ENC[AES256_GCM,data:abnIPL8ULXltUg/E0S3q1qdDTpOApMKoT8kbZQAlBcVfmwV1IasidfyJV89gVO0yn4FX95cbZbfFTpYb36vfkn9Mjk0D6FZuhqcrneHrWvUhlmBoGaBgCUWiTQvCES/X9T5kLlve0K9afzFY46vN/K1R65Ndx+hqV+U/13TC81E=,iv:GOiqavfTbJev13X+IfyIRbgCjJ++C68ogc/70xHkWJk=,tag:hfjZSd5lfMKjXZDlFUQgQQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, sops, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
@ -25,7 +25,14 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
powerManagement.cpuFreqGovernor = "schedutil";
|
powerManagement.cpuFreqGovernor = "schedutil";
|
||||||
|
sops.secrets."cdombroski/password" = {
|
||||||
|
neededForUsers = true;
|
||||||
|
sopsFile = ../../secrets/smolboi/users.yaml;
|
||||||
|
};
|
||||||
|
sops.secrets."root/password" = {
|
||||||
|
neededForUsers = true;
|
||||||
|
sopsFile = ../../secrets/smolboi/users.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "smolboi"; # Define your hostname.
|
hostName = "smolboi"; # Define your hostname.
|
||||||
|
@ -102,10 +109,19 @@
|
||||||
security = {
|
security = {
|
||||||
rtkit.enable = true;
|
rtkit.enable = true;
|
||||||
};
|
};
|
||||||
users.users.cdombroski = {
|
users = {
|
||||||
|
mutableUsers = false;
|
||||||
|
users = {
|
||||||
|
root = {
|
||||||
|
hashedPasswordFile = config.sops.secrets."root/password".path;
|
||||||
|
};
|
||||||
|
cdombroski = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "wheel" ];
|
||||||
uid = 1000;
|
uid = 1000;
|
||||||
|
hashedPasswordFile = config.sops.secrets."cdombroski/password".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
|
|
Loading…
Reference in a new issue