rebmit/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

users/root: add password

Browse source
This commit is contained in:
Lu Wang 2024-12-12 19:26:20 +08:00
parent 923751e902
commit 86b5571f75
Signed by: rebmit
SSH key fingerprint: SHA256:3px8QV1zEerIrEWHaqtH5rR9kjetyRST5EipOPrd+bU
3 changed files with 53 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -13,6 +13,12 @@ creation_rules:
- age: - age:
- *marisa - *marisa
- *flandre - *flandre
- path_regex: secrets/common.*
key_groups:
- age:
- *marisa
- *flandre
- *reisen
- path_regex: secrets/hosts/(opentofu/)?marisa-.* - path_regex: secrets/hosts/(opentofu/)?marisa-.*
key_groups: key_groups:
- age: - age:

8
nixos/profiles/users/root/default.nix
View file

@ -1,9 +1,15 @@
{ ... }: { config, ... }:
{ {
users.users.root = { users.users.root = {
hashedPasswordFile = config.sops.secrets."user-password/root".path;
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = [
./_ssh/marisa-7d76 ./_ssh/marisa-7d76
./_ssh/marisa-a7s ./_ssh/marisa-a7s
]; ];
}; };
sops.secrets."user-password/root" = {
neededForUsers = true;
sopsFile = config.sops.secretFiles.get "common.yaml";
};
} }

40
secrets/common.yaml Normal file
View file

@ -0,0 +1,40 @@
user-password:
root: ENC[AES256_GCM,data:kRmWP8njGn+oMdV6PQSxeV9tdTrAGjcJGAYM522nxz5gtr6b0XDoTxmhrNLPDZqcI9l8Xhh8ER3OShZMzvVKcwXfpBgqcS4csQ==,iv:RlNTT7L5DRkQ2Nq7te4fUZYspmZYMEDK1UVzTVE5WPw=,tag:gVokqSdkfYNySo9+of5R8Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sfnct03u4cvfj98x4yjrcrrnu5gg8qgxrwk4uqq8w4e6wveeaedq97rn44
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1K3h4aW1HU2FPZDFDSzc5
Ri8ycE5VR0ZpZ3R1QTlWY1VIZ1plazZoZVFJClcvcFV3ZE1lZ1ZnT1JacUYxV29B
dEtrZTNKdEZ6bTJ4VnVWb0REbDRRMXcKLS0tIHpMYWREWG4reWoreFYyMG95WEk0
ZkUray9HY3gwV3hmbEdIVVY1VElQVHcKWMYjkiqNVq8MMOxZ83kN1XL1Orlg78ww
QCoKw3xD25lStf5CIGOgHZBmtvhgnImj+7NiCz/Pa+LtUz0SQSp+/Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age166kxtrcx99fxlgtvz5mvyt5ctvk3dt09f42gvm94ngnkyztmmelsyzdn77
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVlcrN1dySmtCSWY5VTJa
WHFETXZoOGRIZWhOTGphK3gzUERxSkpKUGpjCjJTNE1EZFg1M2xPRU9XOGtqTzZj
S21HWmlGRGdMcHJBNzZwUW9aU3JsUlEKLS0tIGlxcWFqQ1psdWVabTFURVhsaUF2
bTVZdTRnVkhKa2x2T0lGUU9jaTFJcmcKtDjAosAhPWIPNfp2wsB7/2ADF051dTCA
PmPY15/snA+bT8Ihbt61lZ+8YoS8InnzoxZMPPwSZOSQEQ+ASH5HZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1uf2h3hlv373ppdstjlngyuu7q5mee3u3ww3674lsj9rlt9ax7vqsv7wpe8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVndwNlg3QzJaYWRQeldn
RW9LdXRIaEFtWVBWSnRXNW5pZzVzNHl5Sm5rClNhVU0xbjZmQXpqUEZYa0lmTG1a
THhOaUhrbFZxM2xnM1d4Yi9DNGVydWMKLS0tIHpMUVJHQ0NxSjQ1YWdOb1dGbW8v
SEtlY1ZoZEkrSU04VmRRTVYrTS9mbUEKt+7p4KMFFj9+4lRhRhUOFUl9EPljV8Co
HPaO9E3PrsUtnPObwzHUhIOdugOWCzhUSUklCI2k7u6TkCnzqTzTyg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-12T11:23:56Z"
mac: ENC[AES256_GCM,data:ZiGNQCdn26oArPFDw5S8NFKgM/SPP5H0rPWWqqtrfDK3nE5zZ3txrZrF+8ZEUqs0WdV/P5FZm5WL/ek2LUD5OFCzwtbGnFkATeFqt+kr0vUZ5M0gUT+fiKQ49WuntviZng9S3iIH59/rgRwe+cOpakpWh4RgQkdKDTsthekv1Pw=,iv:vfwGjyIRppw6pXVLtmeMd6zbnht8fpLSZFHhu5F4swk=,tag:6T9dthM3uKDDQxFH+ieaRQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1