Secreted passwords

This commit is contained in:
Chris Dombroski 2024-05-04 13:21:11 -04:00
parent 43337d46a4
commit e888c4ec30
2 changed files with 55 additions and 6 deletions

View file

@ -0,0 +1,33 @@
root:
password: ENC[AES256_GCM,data:82Kb0rIShlbfK1Q4rISjzDcP7JZ7Z0AfIW2a3QbXm4nM+IZvKMp6yo3xknOSCDWLmLyDeCB+ZJ2b8DCEt4HESEGLgWFXTye0cg==,iv:sAczzEFpsR18Ze5jIpjLzIa6bgEschzP33pJhCp8CMU=,tag:272F/o7uQI5Pe1c5C8Sxgw==,type:str]
cdombroski:
password: ENC[AES256_GCM,data:y4WEliyhHI+M9GHkH40jnbjcsR6pcNOx0TNvGvGSjqy82589XyfjTWsuM63d6RApQAr67xp9rDK2e42/II+IBgmZhrCy4ZNfkw==,iv:YRroI8xD9OAoTZ2dvN7QgCX8bXCdjGwEnN/STbI8UcU=,tag:MGt22XEvxZegvEGA6xEGQw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age15va8dthvmn30ymex0kkrrk034aq25drmsx4mkmf480a8uq4tvcyqw5s4uk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDSXNFeWttQkxPT1oxV01V
ZlVHeHlQencrcVQyVzlpRDM1b3JOd0ZTK1Y0CndXQWg2dHB6L3BvS3IwYlBteU91
cmZSb1BnSFViVHNaUXNVOXNBOG8ySzAKLS0tIGxwYzlWSnpTT3VaM2RqbWFLc0or
alczZGxNR1VCZkFmY3JRNmlaWHI4U2cKjIRtFLGaSnD+qiNQu1vZmAW3Ct0Mt3vW
6fhU0J1X3pdv/dtmuhtc3Bc0SyrUsdqJwPimSdoVd+mtutPrUHWijQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qmv6x6zwxhaks86nqtsvck56ucdyc9fakgp59a30afl95p6vp4aqyf22hp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdVRZSDdwTGpGWjZQZmQy
WDJmS1IzeXMrZk5rUEJ5dXJKMXlKUCsyV0JrCjJkbDZyQTB2SU9IeUZtVkxUREtp
ZDlPZEhRWE9vT1hCS0s3bi9qNWNLVU0KLS0tIE9Bd09yZHgrdDg2RnlFbXArcEV1
TGJhc2xmQ0dYdzBscDJac056dWx5ZDQK0cqHidbDzQ69Tg+HK/t52BN4+8Sjmbyh
McK8kBR738UH8DvrJOGTzNOVMGp07FF8hUKOw0KcpFULb7ir/foXLg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-04T17:20:01Z"
mac: ENC[AES256_GCM,data:abnIPL8ULXltUg/E0S3q1qdDTpOApMKoT8kbZQAlBcVfmwV1IasidfyJV89gVO0yn4FX95cbZbfFTpYb36vfkn9Mjk0D6FZuhqcrneHrWvUhlmBoGaBgCUWiTQvCES/X9T5kLlve0K9afzFY46vN/K1R65Ndx+hqV+U/13TC81E=,iv:GOiqavfTbJev13X+IfyIRbgCjJ++C68ogc/70xHkWJk=,tag:hfjZSd5lfMKjXZDlFUQgQQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, sops, ... }:
{ {
imports = imports =
@ -25,7 +25,14 @@
}; };
}; };
powerManagement.cpuFreqGovernor = "schedutil"; powerManagement.cpuFreqGovernor = "schedutil";
sops.secrets."cdombroski/password" = {
neededForUsers = true;
sopsFile = ../../secrets/smolboi/users.yaml;
};
sops.secrets."root/password" = {
neededForUsers = true;
sopsFile = ../../secrets/smolboi/users.yaml;
};
networking = { networking = {
hostName = "smolboi"; # Define your hostname. hostName = "smolboi"; # Define your hostname.
@ -102,10 +109,19 @@
security = { security = {
rtkit.enable = true; rtkit.enable = true;
}; };
users.users.cdombroski = { users = {
mutableUsers = false;
users = {
root = {
hashedPasswordFile = config.sops.secrets."root/password".path;
};
cdombroski = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
uid = 1000; uid = 1000;
hashedPasswordFile = config.sops.secrets."cdombroski/password".path;
};
};
}; };
environment = { environment = {