Gabe/nix-config
1
0
Fork 0
Code Issues 15 Pull requests Packages Projects Releases Wiki Activity

password hash is now plain file in private repo.

Browse source
This commit is contained in:
Gabe Venberg 2024-06-05 19:10:12 -05:00
parent 04783f1580
commit 7642191e98
10 changed files with 11 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
configs/nixos/common.nix
View file

@ -40,12 +40,15 @@
programs.zsh.enable = lib.mkDefault true; programs.zsh.enable = lib.mkDefault true;
environment.shells = lib.mkDefault [pkgs.zsh]; environment.shells = lib.mkDefault [pkgs.zsh];
users.mutableUsers = false;
users.users.${config.host.user} = { users.users.${config.host.user} = {
isNormalUser = true; isNormalUser = true;
hashedPassword = lib.removeSuffix "\n" (builtins.readFile "${inputs.nix-secrets}/password-hash");
description = config.host.fullName; description = config.host.fullName;
shell = pkgs.zsh; shell = pkgs.zsh;
extraGroups = ["wheel"]; extraGroups = ["wheel"];
}; };
# users.users.root.password = lib.removeSuffix "\n" (builtins.readFile "${inputs.nix-secrets}/password-hash");
imports = [ imports = [
../../modules/hostopts.nix ../../modules/hostopts.nix

1
configs/nixos/secrets.nix
View file

@ -11,7 +11,6 @@ in {
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
]; ];
sops = { sops = {
defaultSopsFile = "${secretsDirectory}/common.yaml";
validateSopsFiles = false; validateSopsFiles = false;
age = { age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];

6
flake.lock
View file

@ -240,10 +240,10 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1717523958, "lastModified": 1717631148,
"narHash": "sha256-fZzlvFG7fIGA4GIpMai8fdxeUU/bBxMacdDmDWN+Emk=", "narHash": "sha256-smVpy+sIKFUwBcRHjdLWVlrYqUqpfg2TJXuGqZJBXJM=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "23bdde0f479cdd6039555aee0680878249185715", "rev": "631c6dbe7d5ea9589a7d20734a8b81a0bb872818",
"shallow": true, "shallow": true,
"type": "git", "type": "git",
"url": "ssh://git@git.venberg.xyz:7920/Gabe/nix-secrets.git" "url": "ssh://git@git.venberg.xyz:7920/Gabe/nix-secrets.git"

4
hosts/archlaptop-vm/default.nix
View file

@ -18,7 +18,7 @@ inputs.nixpkgs.lib.nixosSystem {
../../configs/nixos/interactive-networking.nix ../../configs/nixos/interactive-networking.nix
../../configs/nixos/i3 ../../configs/nixos/i3
../../configs/nixos/sshd.nix ../../configs/nixos/sshd.nix
./secrets.nix ../../configs/nixos/secrets.nix
({ ({
config, config,
pkgs, pkgs,
@ -33,10 +33,8 @@ inputs.nixpkgs.lib.nixosSystem {
}; };
networking.hostName = "archlaptop-vm"; # Define your hostname. networking.hostName = "archlaptop-vm"; # Define your hostname.
users.mutableUsers = false;
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.${config.host.user} = { users.users.${config.host.user} = {
hashedPasswordFile = config.sops.secrets.gv-password.path;
packages = with pkgs; [firefox]; packages = with pkgs; [firefox];
}; };

14
hosts/archlaptop-vm/secrets.nix
View file

@ -1,14 +0,0 @@
{
inputs,
config,
lib,
pkgs,
...
}: {
imports = [
../../configs/nixos/secrets.nix
];
sops.secrets.gv-password = {
neededForUsers = true;
};
}

4
hosts/workstation-vm/default.nix
View file

@ -22,7 +22,7 @@ inputs.nixpkgs.lib.nixosSystem {
../../configs/nixos/i3 ../../configs/nixos/i3
../../configs/nixos/common.nix ../../configs/nixos/common.nix
../../configs/nixos/sshd.nix ../../configs/nixos/sshd.nix
./secrets.nix ../../configs/nixos/secrets.nix
({ ({
config, config,
pkgs, pkgs,
@ -39,9 +39,7 @@ inputs.nixpkgs.lib.nixosSystem {
}; };
networking.hostName = "workstation-vm"; # Define your hostname. networking.hostName = "workstation-vm"; # Define your hostname.
users.mutableUsers = false;
users.users.${config.host.user} = { users.users.${config.host.user} = {
hashedPasswordFile = config.sops.secrets.gv-password.path;
packages = with pkgs; [ packages = with pkgs; [
firefox firefox
]; ];

14
hosts/workstation-vm/secrets.nix
View file

@ -1,14 +0,0 @@
{
inputs,
config,
lib,
pkgs,
...
}: {
imports = [
../../configs/nixos/secrets.nix
];
sops.secrets.gv-password = {
neededForUsers = true;
};
}

6
justfile
View file

@ -3,17 +3,14 @@ default:
nixos target=`hostname`: nixos target=`hostname`:
git add -AN git add -AN
nix flake update nix-secrets
sudo nixos-rebuild --flake .#{{target}} switch sudo nixos-rebuild --flake .#{{target}} switch
home-manager target=(`whoami`+"@"+`hostname`): home-manager target=(`whoami`+"@"+`hostname`):
git add -AN git add -AN
nix flake update nix-secrets
home-manager --flake .#{{target}} switch home-manager --flake .#{{target}} switch
check: check:
git add -AN git add -AN
nix flake update nix-secrets
nix flake check --keep-going nix flake check --keep-going
bootstrap-home-manager target=(`whoami`+"@"+`hostname`): bootstrap-home-manager target=(`whoami`+"@"+`hostname`):
@ -28,3 +25,6 @@ home-gc:
nixos-gc: nixos-gc:
sudo nix-collect-garbage --delete-older-than 7d sudo nix-collect-garbage --delete-older-than 7d
update-secrets:
nix flake update nix-secrets

5
packages/proxmox.nix
View file

@ -24,11 +24,6 @@ inputs.nixos-generators.nixosGenerate {
host.user = "gabe"; host.user = "gabe";
host.fullName = "Gabe Venberg"; host.fullName = "Gabe Venberg";
users.users.root.password = "nixos";
users.users.${config.host.user} = {
password = "nixos";
};
home-manager.users.${config.host.user} = { home-manager.users.${config.host.user} = {
inputs, inputs,
osConfig, osConfig,

5
packages/vm.nix
View file

@ -24,11 +24,6 @@ inputs.nixos-generators.nixosGenerate {
host.user = "gabe"; host.user = "gabe";
host.fullName = "Gabe Venberg"; host.fullName = "Gabe Venberg";
users.users.root.password = "nixos";
users.users.${config.host.user} = {
password = "nixos";
};
home-manager.users.${config.host.user} = { home-manager.users.${config.host.user} = {
inputs, inputs,
osConfig, osConfig,