luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-06-08 18:09:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: move to agenix secrets

Browse source
This commit is contained in:
Luj 2024-05-09 00:48:35 +02:00
parent e392ca9001
commit 8ee88f922c
Signed by: luj
GPG key ID: 6FC74C847011FD83
11 changed files with 214 additions and 253 deletions
Download patch file Download diff file Expand all files Collapse all files

34
users/julien.nix
View file

@ -1,30 +1,26 @@
{ config, pkgs, ... }: {
sops.secrets.user-julien-password.neededForUsers = true;
{ config, pkgs, ... }:
{
users.users.julien = {
isNormalUser = true;
home = "/home/julien";
extraGroups = [ "wheel" config.users.groups.keys.name "networkmanager" "davfs2" "adbusers" "audio" "pipewire" "dialout" "video" ];
extraGroups = [
"wheel"
config.users.groups.keys.name
"networkmanager"
"davfs2"
"adbusers"
"audio"
"pipewire"
"dialout"
"video"
];
shell = pkgs.fish;
hashedPasswordFile = config.sops.secrets.user-julien-password.path;
hashedPasswordFile = config.age.secrets.julien-password.path;
};
nix.settings.allowed-users = [ "julien" ];
nix.settings.trusted-users = [ "julien" ];
sops.secrets.ens-mail-passwd = {
owner = "julien";
path = "/home/julien/.config/ens-mail-passwd";
};
sops.secrets.git-gpg-private-key = {
owner = "julien";
mode = "0440";
group = config.users.groups.keys.name;
sopsFile = ../secrets/git-gpg-private-key;
format = "binary";
};
age.secrets.julien-password.file = ../secrets/user-julien-password.age;
}