Commit f774799
Changed files (10)
modules
users
os-modules
nixos
base
modules/users/hpcesia.nix → modules/users/hpcesia/default.nix
@@ -1,8 +1,9 @@
{
- flake.modules.nixos.user-hpcesia = _: {
+ flake.modules.nixos.user-hpcesia = {config, ...}: {
users.users.hpcesia = {
description = "HPCesia";
home = "/home/hpcesia";
+ hashedPasswordFile = config.vaultix.secrets.user-hpcesia-hashed-password.path;
isNormalUser = true;
extraGroups = [
"hpcesia"
@@ -17,6 +18,8 @@
users.groups.hpcesia = {};
users.groups.nix-secrets-ssh-hosts = {};
+
+ vaultix.secrets.user-hpcesia-hashed-password.file = ./hashed-password.age;
};
flake.modules.homeManager.user-hpcesia = _: {
modules/users/hpcesia/hashed-password.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> X25519 AGSuzeQqVsHbgncJoygoYcHwQo1W9krUTvlk7w2lvVU
+wbG3jORd7H590hr17OYhX3M0lcVozqDS+44KSnrYbs4
+-> "WZcA-grease ZGT)JU
+yTA
+--- 0qRPVb0zJGk3b+o4MxHvnxTVK1a0ldV0I5Ke4CdAYMA
+�V���Pk����r�A��?FA�a._��1H�,�NaK�60�F=w�H��cB�+I�[ɛC\�!��J��S;�wI0��kӤ�8��h�ݕ��$�X�N;�����BGiy��
\ No newline at end of file
modules/users/root/default.nix
@@ -0,0 +1,10 @@
+{
+ flake.modules.nixos.user-root = {config, ...}: {
+ users.users.root = {
+ hashedPasswordFile = config.vaultix.secrets.user-root-hashed-password.path;
+ openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyxd+nyK9cnULmzXIMhE1/rIB3VMsJ6SuWV4Ha8oE0F hpcesia@kevin"];
+ };
+
+ vaultix.secrets.user-root-hashed-password.file = ./hashed-password.age;
+ };
+}
modules/users/root/hashed-password.age
Binary file
modules/users/root.nix
@@ -1,7 +0,0 @@
-{
- flake.modules.nixos.user-root = _: {
- users.users.root = {
- openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyxd+nyK9cnULmzXIMhE1/rIB3VMsJ6SuWV4Ha8oE0F hpcesia@kevin"];
- };
- };
-}
os-modules/nixos/base/user-group.nix
@@ -1,20 +0,0 @@
-{myvars, ...}: {
- users.groups = {
- ssh-secrets-users = {};
- };
-
- users.users."${myvars.username}" = {
- # generated by `mkpasswd -m scrypt`
- # we have to use initialHashedPassword here when using tmpfs for /
- inherit (myvars) initialHashedPassword;
- extraGroups = [
- "aria2"
- "ssh-secrets-users"
- ];
- };
-
- # root's ssh key are mainly used for remote deployment
- users.users.root = {
- inherit (myvars) initialHashedPassword;
- };
-}
secrets/cache/kevin/10869e289adfacf42e7b6e77cf32a4a8cc185bff1231c2353e2df057f7f5d28d
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 WM7kiQ 3KCEWMDaXuvgmYZ2GmrSDI4uD48ntEqhMqZ2A4E6oUE
+ztXal/DUcureswG4+5cZ7KyZZL8k8dByU+DG47b/QA0
+-> o7Z7m%-grease .OeqX [z9ug<DJ
+qVlDmufYwoBLfjUBTEt6Altrj/7LyKMFwalDSmflKBw
+--- K1E2JiwwK4TD8mkW9TX166QEW0yqia1aW30RYS71t+M
+��6�i𠩔(�=�l���9 �%�h���jx���azZ��Uǻz�&���ПYS�_Ox˯ǔP+�['�����%�Q9o��Om�rv�tEW�[�F �����I]��
\ No newline at end of file
secrets/cache/kevin/54834018daabcf789add5dd98cd3353b37ede12098dca292b39236af86543b4e
Binary file
secrets/cache/pardofelis/04a968d1e8ad16977989bf5eacce24d48bcf69677cbae6f21b05576e545070c0
Binary file
secrets/cache/pardofelis/25f0d7cedc32deb310fc0279df14e0ed74f8bf29aa01b938b55f9f054a1cabbc
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw yWo1I5DPVSFLMMJSf2TGsrxPdbX4CuzEb1JSMXUTyXM
+XdG+8O+uR1afBbEi3E3Phbl1jDcs7M4553TXOOAUEII
+-> hiHi-grease &z#U "X=>!]{r
+NQ
+--- C7owaUL0zLaxRwqIEc+rJWK9KSmcP1uXl8cjN5V4Nxg
+�=�K��A�����#��mq�3x�
2%�t����10�X�I���������~�������A��
+��~�lDQ�TJ�>�@������p�"�#�.d��2m"B�
\ No newline at end of file