luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-06-08 18:09:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: move to agenix secrets

Browse source
This commit is contained in:
Luj 2024-05-09 00:48:35 +02:00
parent e392ca9001
commit 8ee88f922c
Signed by: luj
GPG key ID: 6FC74C847011FD83
11 changed files with 214 additions and 253 deletions
Download patch file Download diff file Expand all files Collapse all files

19
users/default.nix
View file

@ -1,20 +1,27 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}:
{
users.mutableUsers = false;
users.defaultUserShell = pkgs.fish;
sops.secrets.user-root-password.neededForUsers = true;
programs.fish.enable = true;
age.secrets.user-root-password.file = ../secrets/user-root-password.age;
users.users.root = {
uid = config.ids.uids.root;
description = "System administrator";
home = "/root";
shell = lib.mkForce config.users.defaultUserShell;
group = "root";
hashedPasswordFile = config.sops.secrets.user-root-password.path;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower" ];
hashedPasswordFile = config.age.secrets.user-root-password.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower"
];
};
}