diff --git a/flake.nix b/flake.nix index 220c457..2264488 100644 --- a/flake.nix +++ b/flake.nix @@ -98,27 +98,26 @@ users = { sezycei = { isNormalUser = true; - initialPassword = "bootMaster"; + passwordFile = config.age.secrets.sezycei.path; extraGroups = [ "wheel" ]; - packages = with pkgs; [ byobu tmux stack ]; + packages = with pkgs; [ + byobu + tmux + stack + ]; }; torrent = { isNormalUser = true; - initialPassword = "torrentUserTemp"; }; }; - }; - age.secrets.keys.file = ./secrets/keys.age; - - #sops = { - # age = { sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; - # defaultSopsFile = ./secrets/keys.yaml; - # secrets = { - # hostname = { }; - # }; - #}; + age = { + secrets = { + keys.file = ./secrets/keys.age; + sezycei.file = ./secrets/sezycei.age; + }; + }; system.stateVersion = "22.11"; }) diff --git a/secrets.nix b/secrets.nix index 7a5968f..240b67e 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,7 +1,9 @@ let james = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7R6FstqVDjVuyKGEUmWolYJ/I/DDxYOQV/zKPkiAth james@eversole.co"; eve-psr-nix0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMyaPYK0HcKAjrD1g+FPqPEU9FJ0I6+iKYmQlWKE0zHp root@matri.cx"; + all = [ james eve-psr-nix0 ]; in { - "secrets/keys.age".publicKeys = [ james eve-psr-nix0 ]; + "secrets/keys.age".publicKeys = all; + "secrets/sezycei.age".publicKeys = all; } diff --git a/secrets/sezycei.age b/secrets/sezycei.age new file mode 100644 index 0000000..532c4da --- /dev/null +++ b/secrets/sezycei.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 dQ70Fw 3IuGJg1Bmbdhx4+4WV+EaEpQ0795MDG2QKHnQA02M0Q +qQgBpM1lKO3LCogVfDpN+EoCjYN6xsAezcoEOR/RsXw +-> ssh-ed25519 ZIoeGg vF5+NjxMu0PjaRpTHYEQ8yodaV4JB7kVby8q9e53S3A +fnloGnvaQrBtJ+JTTczxqikpbhG2RrDNTTAyCgnTkLo +-> 46"=M-grease )Ek`P B?bmJPNj B^(u_8 TrBLv +6JtU+tKd6pFfvzg5svdM +--- PiP0DrBQUbngSItXfNh1FJVNFUXKlnVnN7nASKntfFg +.gK-Tk&>[Qì\ k \ No newline at end of file