Use agenix for initial user credential

2023-06-26 12:53:48 -05:00 · 2023-06-26 12:53:48 -05:00 · 55c1521df0
commit 55c1521df0
parent a1f59f6507
3 changed files with 24 additions and 14 deletions
--- a/flake.nix
+++ b/flake.nix
@ -98,27 +98,26 @@
                users = {
                  sezycei = {
                    isNormalUser = true;
-                    initialPassword = "bootMaster";
+                    passwordFile = config.age.secrets.sezycei.path;
                    extraGroups = [ "wheel" ];
-                    packages = with pkgs; [ byobu tmux stack ];
+                    packages = with pkgs; [ 
                      byobu 
                      tmux 
                      stack 
                    ];
                  };
                  torrent = {
                    isNormalUser = true;
                    initialPassword = "torrentUserTemp";
                  };
                };
              };
-              age.secrets.keys.file = ./secrets/keys.age;
+              age = {
-
+                secrets = {
-              #sops = {
+                  keys.file = ./secrets/keys.age;
-              #  age = { sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; };
+                  sezycei.file = ./secrets/sezycei.age;
-              #  defaultSopsFile = ./secrets/keys.yaml;
+                };
-              #  secrets = {
+              };
              #    hostname = { };
              #  };
              #};
              system.stateVersion = "22.11";
            })
--- a/secrets.nix
+++ b/secrets.nix
@ -1,7 +1,9 @@
 let
  james = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7R6FstqVDjVuyKGEUmWolYJ/I/DDxYOQV/zKPkiAth james@eversole.co";
  eve-psr-nix0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMyaPYK0HcKAjrD1g+FPqPEU9FJ0I6+iKYmQlWKE0zHp root@matri.cx";
  all = [ james eve-psr-nix0 ];
 in
 {
-  "secrets/keys.age".publicKeys = [ james eve-psr-nix0 ];
+  "secrets/keys.age".publicKeys = all;
  "secrets/sezycei.age".publicKeys = all;
 }
--- a/secrets/sezycei.age
+++ b/secrets/sezycei.age
@ -0,0 +1,9 @@
 age-encryption.org/v1
 -> ssh-ed25519 dQ70Fw 3IuGJg1Bmbdhx4+4WV+EaEpQ0795MDG2QKHnQA02M0Q
 qQgBpM1lKO3LCogVfDpN+EoCjYN6xsAezcoEOR/RsXw
 -> ssh-ed25519 ZIoeGg vF5+NjxMu0PjaRpTHYEQ8yodaV4JB7kVby8q9e53S3A
 fnloGnvaQrBtJ+JTTczxqikpbhG2RrDNTTAyCgnTkLo
 -> 46"=M-grease )Ek`P B?bmJPNj B^(u_8 TrBLv
 6JtU+tKd6pFfvzg5svdM
 --- PiP0DrBQUbngSItXfNh1FJVNFUXKlnVnN7nASKntfFg
 .´™g‡<67>K…í‘-þT¸ôküˆ&Š<>×>[Qû<51>Ã¬€Å\‘Ž Ö©k¢