luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-06-08 10:09:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: move to agenix secrets

Browse source
This commit is contained in:
Luj 2024-05-09 00:48:35 +02:00
parent e392ca9001
commit 8ee88f922c
Signed by: luj
GPG key ID: 6FC74C847011FD83
11 changed files with 214 additions and 253 deletions
Download patch file Download diff file Expand all files Collapse all files

19
users/default.nix
View file

@ -1,20 +1,27 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}:
{
users.mutableUsers = false;
users.defaultUserShell = pkgs.fish;
sops.secrets.user-root-password.neededForUsers = true;
programs.fish.enable = true;
age.secrets.user-root-password.file = ../secrets/user-root-password.age;
users.users.root = {
uid = config.ids.uids.root;
description = "System administrator";
home = "/root";
shell = lib.mkForce config.users.defaultUserShell;
group = "root";
hashedPasswordFile = config.sops.secrets.user-root-password.path;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower" ];
hashedPasswordFile = config.age.secrets.user-root-password.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower"
];
};
}

34
users/julien.nix
View file

@ -1,30 +1,26 @@
{ config, pkgs, ... }: {
sops.secrets.user-julien-password.neededForUsers = true;
{ config, pkgs, ... }:
{
users.users.julien = {
isNormalUser = true;
home = "/home/julien";
extraGroups = [ "wheel" config.users.groups.keys.name "networkmanager" "davfs2" "adbusers" "audio" "pipewire" "dialout" "video" ];
extraGroups = [
"wheel"
config.users.groups.keys.name
"networkmanager"
"davfs2"
"adbusers"
"audio"
"pipewire"
"dialout"
"video"
];
shell = pkgs.fish;
hashedPasswordFile = config.sops.secrets.user-julien-password.path;
hashedPasswordFile = config.age.secrets.julien-password.path;
};
nix.settings.allowed-users = [ "julien" ];
nix.settings.trusted-users = [ "julien" ];
sops.secrets.ens-mail-passwd = {
owner = "julien";
path = "/home/julien/.config/ens-mail-passwd";
};
sops.secrets.git-gpg-private-key = {
owner = "julien";
mode = "0440";
group = config.users.groups.keys.name;
sopsFile = ../secrets/git-gpg-private-key;
format = "binary";
};
age.secrets.julien-password.file = ../secrets/user-julien-password.age;
}