cdombroski/nix-configs
1
0
Fork 0
Code Activity Actions

Common root user

Browse source
This commit is contained in:
Chris Dombroski 2024-05-04 13:41:47 -04:00
parent e888c4ec30
commit fe9b85a593
4 changed files with 23 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
modules/common/sshd.nix
View file

@ -1,8 +1,15 @@
{pkgs, ...}: { {pkgs, sops, config, ...}: {
sops.secrets."root/password" = {
neededForUsers = true;
};
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ users.mutableUsers = false;
users.users.root = {
hashedPasswordFile = config.sops.secrets."root/password".path;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc=" "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc="
]; ];
};
environment.systemPackages = [ pkgs.zellij ]; environment.systemPackages = [ pkgs.zellij ];
programs.starship.enable = true; programs.starship.enable = true;
} }

6
secrets/secret.yaml
View file

@ -1,3 +1,5 @@
root:
password: ENC[AES256_GCM,data:u8vkGrHjAq2tDIJEbEMNPrPe7GCQNixVRRPxYPyPLvTzEApiBwsgaHp8QbMeDYGSGGkzh7EOBVeFVjUsxUtwzuYXPFILeDniUw==,iv:AoRZB3GMrn/qXgu/CMghXuu0ReHDmLdRNHAcKPgirnQ=,tag:7jlaBeKHuCa1JfV7sHo05Q==,type:str]
gmail: gmail:
password: ENC[AES256_GCM,data:rCL2RzU1INRT5KOyl1JriQ==,iv:jhFDcNHgIJnZTBN9msECQWvy75IH1wO5IFAxqR4Ugng=,tag:cK+A4Os/9xchpNjpb2KAbQ==,type:str] password: ENC[AES256_GCM,data:rCL2RzU1INRT5KOyl1JriQ==,iv:jhFDcNHgIJnZTBN9msECQWvy75IH1wO5IFAxqR4Ugng=,tag:cK+A4Os/9xchpNjpb2KAbQ==,type:str]
sops: sops:
@ -42,8 +44,8 @@ sops:
OFd1RTNYcGJGSXJOaFpnbjR6YzhjQzAKUZxz47g2MKCVTS1gGJ7p6XCubBu+/CUM OFd1RTNYcGJGSXJOaFpnbjR6YzhjQzAKUZxz47g2MKCVTS1gGJ7p6XCubBu+/CUM
IPQ9uBaW99BB9W9JuIih34/qMVxd/1EHDVk3IDiNB3F3bM8f2LL1yA== IPQ9uBaW99BB9W9JuIih34/qMVxd/1EHDVk3IDiNB3F3bM8f2LL1yA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-26T17:48:10Z" lastmodified: "2024-05-04T17:38:46Z"
mac: ENC[AES256_GCM,data:H2ZvNgVmtUgeNOvXGWxLFC6t8sCzingICyD6Raj42FIYRVaFLbrVblhESVrCYM2LclehBlSS9ceCk6+B/zaYyd5iE8ENzgz287S6t6RfZR9kfWFrtOJ4RINyGDKIFQ4mlt7+QB83DeW7jONeIRbrdI2Imx7fhXes3uHDc51wjGQ=,iv:PDiijPXwGneoo/QQBovxpoT5b0EBpgAGpExnrQ8lfvQ=,tag:PveY9JhZxpMHIbFHLGoSgA==,type:str] mac: ENC[AES256_GCM,data:lN2Dk5GXInYbxuq1POt6DSoPDuxIHKeyA5lPwlVKZHRHTrFmatzIMEYVqHvMgSOML/fuKThhPFhlvC8iUGCy5/qja2P49cFi3EDOSrxR9e9SmEG6FHaoJpNGMjEWNER6J1b8GRmVCvIxFA3t6/LK5zbIodbqWwwzdyNeacr07ag=,iv:5j5gv4OOSPx2x7NugGMNg4dfBPAOEY4xbZNuMhrVRVg=,tag:BFABLQz9R6vM6MbA01ZYLQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

6
secrets/smolboi/users.yaml
View file

@ -1,5 +1,3 @@
root:
password: ENC[AES256_GCM,data:82Kb0rIShlbfK1Q4rISjzDcP7JZ7Z0AfIW2a3QbXm4nM+IZvKMp6yo3xknOSCDWLmLyDeCB+ZJ2b8DCEt4HESEGLgWFXTye0cg==,iv:sAczzEFpsR18Ze5jIpjLzIa6bgEschzP33pJhCp8CMU=,tag:272F/o7uQI5Pe1c5C8Sxgw==,type:str]
cdombroski: cdombroski:
password: ENC[AES256_GCM,data:y4WEliyhHI+M9GHkH40jnbjcsR6pcNOx0TNvGvGSjqy82589XyfjTWsuM63d6RApQAr67xp9rDK2e42/II+IBgmZhrCy4ZNfkw==,iv:YRroI8xD9OAoTZ2dvN7QgCX8bXCdjGwEnN/STbI8UcU=,tag:MGt22XEvxZegvEGA6xEGQw==,type:str] password: ENC[AES256_GCM,data:y4WEliyhHI+M9GHkH40jnbjcsR6pcNOx0TNvGvGSjqy82589XyfjTWsuM63d6RApQAr67xp9rDK2e42/II+IBgmZhrCy4ZNfkw==,iv:YRroI8xD9OAoTZ2dvN7QgCX8bXCdjGwEnN/STbI8UcU=,tag:MGt22XEvxZegvEGA6xEGQw==,type:str]
sops: sops:
@ -26,8 +24,8 @@ sops:
TGJhc2xmQ0dYdzBscDJac056dWx5ZDQK0cqHidbDzQ69Tg+HK/t52BN4+8Sjmbyh TGJhc2xmQ0dYdzBscDJac056dWx5ZDQK0cqHidbDzQ69Tg+HK/t52BN4+8Sjmbyh
McK8kBR738UH8DvrJOGTzNOVMGp07FF8hUKOw0KcpFULb7ir/foXLg== McK8kBR738UH8DvrJOGTzNOVMGp07FF8hUKOw0KcpFULb7ir/foXLg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-04T17:20:01Z" lastmodified: "2024-05-04T17:38:31Z"
mac: ENC[AES256_GCM,data:abnIPL8ULXltUg/E0S3q1qdDTpOApMKoT8kbZQAlBcVfmwV1IasidfyJV89gVO0yn4FX95cbZbfFTpYb36vfkn9Mjk0D6FZuhqcrneHrWvUhlmBoGaBgCUWiTQvCES/X9T5kLlve0K9afzFY46vN/K1R65Ndx+hqV+U/13TC81E=,iv:GOiqavfTbJev13X+IfyIRbgCjJ++C68ogc/70xHkWJk=,tag:hfjZSd5lfMKjXZDlFUQgQQ==,type:str] mac: ENC[AES256_GCM,data:oYfsHr8jA39eP78pujq4FQnGKzUDq/nDAHfeCxBvZFpbDR6kTDSUrmScd8yfAwqbX3I3T2hiRDG2+AT/OZWBWod5meOinOKoPDgcG73K1cMFLUKVDlmd7jut9JQv5asfUslDgWV8Vqs0f8LQDHMKN9Z4xRUaCY+kUCx8RvQPNf4=,iv:3Pji1pVoj8tYlM+10kH1oQNcjU9Ila8EAvIwdexVYF4=,tag:51SG2cvRd5KnIOnTGWIfNw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

12
systems/smolboi/configuration.nix
View file

@ -29,10 +29,6 @@
neededForUsers = true; neededForUsers = true;
sopsFile = ../../secrets/smolboi/users.yaml; sopsFile = ../../secrets/smolboi/users.yaml;
}; };
sops.secrets."root/password" = {
neededForUsers = true;
sopsFile = ../../secrets/smolboi/users.yaml;
};
networking = { networking = {
hostName = "smolboi"; # Define your hostname. hostName = "smolboi"; # Define your hostname.
@ -109,12 +105,7 @@
security = { security = {
rtkit.enable = true; rtkit.enable = true;
}; };
users = { users.users = {
mutableUsers = false;
users = {
root = {
hashedPasswordFile = config.sops.secrets."root/password".path;
};
cdombroski = { cdombroski = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
@ -122,7 +113,6 @@
hashedPasswordFile = config.sops.secrets."cdombroski/password".path; hashedPasswordFile = config.sops.secrets."cdombroski/password".path;
}; };
}; };
};
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [