rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(modules/secrets): set rafiq password from sops

Browse source
This commit is contained in:
Mohammad Rafiq 2025-05-18 23:04:00 +08:00
parent 7a18d65b0c
commit 391ed94ab4
No known key found for this signature in database
4 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/nixos/system/default.nix
View file

@ -10,7 +10,8 @@
options.system = {
hostname = lib.pantheon.mkStrOption;
mainUser = lib.pantheon.mkStrOption;
mainUser.name = lib.pantheon.mkStrOption;
mainUser.publicKey = lib.pantheon.mkStrOption;
bootloader = lib.pantheon.mkStrOption;
};

2
modules/nixos/system/secrets.nix
View file

@ -3,7 +3,7 @@
sops = {
defaultSopsFile = lib.snowfall.fs.get-file "secrets/secrets.yaml";
age.sshKeyPaths = ["/persist/home/rafiq/.ssh/id_ed25519"];
secrets ={
secrets = {
"rafiq/hashedPassword".neededForUsers = true;
};
};

12
modules/nixos/system/users.nix
View file

@ -5,19 +5,17 @@
users.mutableUsers = false;
users.groups.users = {
gid = 100;
members = [ "${config.system.mainUser}" ];
members = [ "${config.system.mainUser.name}" ];
};
users.users."${config.system.mainUser}" = {
users.users."${config.system.mainUser.name}" = {
linger = true;
uid = 1000;
isNormalUser = true;
initialPassword = "1";
hashedPasswordFile = config.sops.secrets."${config.system.mainUser.name}/hashedPassword".path;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n"
];
openssh.authorizedKeys.keys = [ config.system.mainUser.publicKey ];
};
services.getty.autologinUser = config.system.mainUser;
services.getty.autologinUser = config.system.mainUser.name;
}
];
}

3
systems/x86_64-linux/nemesis/default.nix
View file

@ -1,7 +1,8 @@
{ config, lib, pkgs, ... }:
{
system.hostname = "nemesis";
system.mainUser = "rafiq";
system.mainUser.name = "rafiq";
system.mainUser.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n";
system.bootloader = "systemd-boot";
hardware.drives.btrfs = {
enable = true;