mtworx: set real passwords

flake.nix

@@ -186,14 +186,14 @@
             nixos-hardware.nixosModules.lenovo-thinkpad-x1-11th-gen
             nix-index-database.nixosModules.nix-index
 
-            #agenix.nixosModules.default
-            #{
-            #  age.secrets = {
-            #    motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
-            #    root-passwd-hash.file = ./secrets/root_passwd_hash.age;
-            #    sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
-            #  };
-            #}
+            agenix.nixosModules.default
+            {
+              age.secrets = {
+                motiejus-work-passwd-hash.file = ./secrets/motiejus_work_passwd_hash.age;
+                root-work-passwd-hash.file = ./secrets/root_work_passwd_hash.age;
+                #sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
+              };
+            }
           ];
 
           specialArgs = {inherit myData;} // inputs;

hosts/mtworx/configuration.nix

@@ -1,6 +1,6 @@
 {
   pkgs,
-  #config,
+  config,
   myData,
   ...
 }: let
@@ -64,10 +64,8 @@ in {
     base.users = {
       enable = true;
       devTools = true;
-      root.initialPassword = "live";
-      user.initialPassword = "live";
-      #root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
-      #user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+      root.hashedPasswordFile = config.age.secrets.root-work-passwd-hash.path;
+      user.hashedPasswordFile = config.age.secrets.motiejus-work-passwd-hash.path;
     };
 
     services = {

secrets.nix

@@ -7,6 +7,7 @@ let
   };
 
   fwminex = (import ./data.nix).hosts."fwminex.motiejus.jakst".publicKey;
+  mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
   fra1-a = (import ./data.nix).hosts."fra1-a.servers.jakst".publicKey;
   vno1-oh2 = (import ./data.nix).hosts."vno1-oh2.servers.jakst".publicKey;
   vno1-op5p = (import ./data.nix).hosts."vno1-op5p.servers.jakst".publicKey;
@@ -44,6 +45,10 @@ in
   // mk ([vno3-rp3b] ++ motiejus) [
     "secrets/vno3-rp3b/datapool-passphrase.age"
   ]
+  // mk ([mtworx] ++ motiejus) [
+    "secrets/motiejus_work_passwd_hash.age"
+    "secrets/root_work_passwd_hash.age"
+  ]
   // mk (systems ++ motiejus) [
     "secrets/motiejus_passwd_hash.age"
     "secrets/root_passwd_hash.age"

secrets/motiejus_work_passwd_hash.age

@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 9Chcgw vg3W53xW09Vj/d3KxV7f1ON+a+FnmLMYzW+dC/zHkyg
+KtUcTwHa+WNt+g1cfB5qXT2SIBh1ysrXhlweHDnbJFU
+-> X25519 y50G92FjN3/2mw35luKw4jcKUGdUsF93wcROe4rArlE
+gobgcFB4lLDvG3CRBnoHcwOg8uy4eVW+H8OAgWY5PuU
+-> X25519 r+uUjbZ8KUiTy9v3wh1VimRcIgIPliLvSVAvn1WhXhg
+nEONILHeRRbYyolcZxa1xmX59/nRrr1VBHofHlv8fKo
+-> piv-p256 +y2G/w AzshVf1h1wwccMCaoA4ecA7DFCGpjvQzbSF3ba9BSyzf
+QG9joDdEaTwm1jOJcpPjOjF1hcbpWW6R1XauVqftwRo
+-> piv-p256 jNqd3A AmuFCf9f+HQD60WNmfgJKVXT75h03R3pV8sy2qJtfgWY
+kxwEeP6c/yuSiYIeI442lmJFh2ndiPhHgvtQ2jopOgw
+--- /WYmyrdPD9FPxGcnLEyB0v/6FF8z3gBluRUvuCHZ1Hg
+ç6<EFBFBD>G;Ü2øÎg°ZAP%\ŸÆ#ÛcXìw?Ëi—ùn³ùyÒ.|ÚÖ

secrets/root_work_passwd_hash.age

@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 9Chcgw xHFdtAcqXP8liBH6d0f4YMnJr40Dc28DEfHdaoc5URQ
+7zUFLDvPKLPps8m5QDAq6ihGOgNRWpUWUWsP3Qx36lE
+-> X25519 coQ3u77ihjGH6LzhA/xOzUQNDluPd6BohBKFvn/B9Sc
+QQEyxuBqQjvZpbqEZddw0diqxPKL7q9wNmnw0wm3mQw
+-> X25519 eW5/HibxGv+Sr6yu11M6DL+nj9K24Y11HBeeJ3bo6k0
+2OLw0jKufwZhG0qkmzhUPX9fhXjB7TiAm/bJ7yyHh/A
+-> piv-p256 +y2G/w A5hWirVdDPfSbl0X5gUF+ah2fvtLIg2Q6xQD471tWd74
+oMLINAjt68FQGoM8KIDkgXG5yeOoZF/BJ4LkOSc9Cgc
+-> piv-p256 jNqd3A AktamVhuado6Z/OVaiEwywK9UkBlTrwBY9kgtFi3bPtf
+kZ91Ztn5FtcfLwXjezGx+tT2NEgwBm8aiEZ+lYLaY/A
+--- ymPZJ07orh8AKprqAg7W7sFYrwz2siJRr9kcWdYrZOk
+Í*Ó«„ñµVY* 0u¦gmBÝØŸï$ƒ÷Òá_<>€m~רeÑY‹q‘“Ä<E2809C>·