From f2998e7aebe2899d38e50aa5d53de1a7a90fc750 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Mon, 18 Mar 2024 17:46:17 +0200
Subject: [PATCH] mtworx: set real passwords

---
 flake.nix                             | 16 ++++++++--------
 hosts/mtworx/configuration.nix        |  8 +++-----
 secrets.nix                           |  5 +++++
 secrets/motiejus_work_passwd_hash.age | 13 +++++++++++++
 secrets/root_work_passwd_hash.age     | 13 +++++++++++++
 5 files changed, 42 insertions(+), 13 deletions(-)
 create mode 100644 secrets/motiejus_work_passwd_hash.age
 create mode 100644 secrets/root_work_passwd_hash.age

diff --git a/flake.nix b/flake.nix
index 0e247c3..69e12bd 100644
--- a/flake.nix
+++ b/flake.nix
@@ -186,14 +186,14 @@
             nixos-hardware.nixosModules.lenovo-thinkpad-x1-11th-gen
             nix-index-database.nixosModules.nix-index
 
-            #agenix.nixosModules.default
-            #{
-            #  age.secrets = {
-            #    motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
-            #    root-passwd-hash.file = ./secrets/root_passwd_hash.age;
-            #    sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
-            #  };
-            #}
+            agenix.nixosModules.default
+            {
+              age.secrets = {
+                motiejus-work-passwd-hash.file = ./secrets/motiejus_work_passwd_hash.age;
+                root-work-passwd-hash.file = ./secrets/root_work_passwd_hash.age;
+                #sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
+              };
+            }
           ];
 
           specialArgs = {inherit myData;} // inputs;
diff --git a/hosts/mtworx/configuration.nix b/hosts/mtworx/configuration.nix
index 6db596d..310de60 100644
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@@ -1,6 +1,6 @@
 {
   pkgs,
-  #config,
+  config,
   myData,
   ...
 }: let
@@ -64,10 +64,8 @@ in {
     base.users = {
       enable = true;
       devTools = true;
-      root.initialPassword = "live";
-      user.initialPassword = "live";
-      #root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
-      #user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+      root.hashedPasswordFile = config.age.secrets.root-work-passwd-hash.path;
+      user.hashedPasswordFile = config.age.secrets.motiejus-work-passwd-hash.path;
     };
 
     services = {
diff --git a/secrets.nix b/secrets.nix
index d519c9f..5813d99 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -7,6 +7,7 @@ let
   };
 
   fwminex = (import ./data.nix).hosts."fwminex.motiejus.jakst".publicKey;
+  mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
   fra1-a = (import ./data.nix).hosts."fra1-a.servers.jakst".publicKey;
   vno1-oh2 = (import ./data.nix).hosts."vno1-oh2.servers.jakst".publicKey;
   vno1-op5p = (import ./data.nix).hosts."vno1-op5p.servers.jakst".publicKey;
@@ -44,6 +45,10 @@ in
   // mk ([vno3-rp3b] ++ motiejus) [
     "secrets/vno3-rp3b/datapool-passphrase.age"
   ]
+  // mk ([mtworx] ++ motiejus) [
+    "secrets/motiejus_work_passwd_hash.age"
+    "secrets/root_work_passwd_hash.age"
+  ]
   // mk (systems ++ motiejus) [
     "secrets/motiejus_passwd_hash.age"
     "secrets/root_passwd_hash.age"
diff --git a/secrets/motiejus_work_passwd_hash.age b/secrets/motiejus_work_passwd_hash.age
new file mode 100644
index 0000000..ca211ec
--- /dev/null
+++ b/secrets/motiejus_work_passwd_hash.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 9Chcgw vg3W53xW09Vj/d3KxV7f1ON+a+FnmLMYzW+dC/zHkyg
+KtUcTwHa+WNt+g1cfB5qXT2SIBh1ysrXhlweHDnbJFU
+-> X25519 y50G92FjN3/2mw35luKw4jcKUGdUsF93wcROe4rArlE
+gobgcFB4lLDvG3CRBnoHcwOg8uy4eVW+H8OAgWY5PuU
+-> X25519 r+uUjbZ8KUiTy9v3wh1VimRcIgIPliLvSVAvn1WhXhg
+nEONILHeRRbYyolcZxa1xmX59/nRrr1VBHofHlv8fKo
+-> piv-p256 +y2G/w AzshVf1h1wwccMCaoA4ecA7DFCGpjvQzbSF3ba9BSyzf
+QG9joDdEaTwm1jOJcpPjOjF1hcbpWW6R1XauVqftwRo
+-> piv-p256 jNqd3A AmuFCf9f+HQD60WNmfgJKVXT75h03R3pV8sy2qJtfgWY
+kxwEeP6c/yuSiYIeI442lmJFh2ndiPhHgvtQ2jopOgw
+--- /WYmyrdPD9FPxGcnLEyB0v/6FF8z3gBluRUvuCHZ1Hg
+ç6G;Ü2øÎg°ZAP%\ŸÆ#ÛcXìw?ËiÂ—ùn³ùyÒ.|ÚÖ
\ No newline at end of file
diff --git a/secrets/root_work_passwd_hash.age b/secrets/root_work_passwd_hash.age
new file mode 100644
index 0000000..b8e67be
--- /dev/null
+++ b/secrets/root_work_passwd_hash.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 9Chcgw xHFdtAcqXP8liBH6d0f4YMnJr40Dc28DEfHdaoc5URQ
+7zUFLDvPKLPps8m5QDAq6ihGOgNRWpUWUWsP3Qx36lE
+-> X25519 coQ3u77ihjGH6LzhA/xOzUQNDluPd6BohBKFvn/B9Sc
+QQEyxuBqQjvZpbqEZddw0diqxPKL7q9wNmnw0wm3mQw
+-> X25519 eW5/HibxGv+Sr6yu11M6DL+nj9K24Y11HBeeJ3bo6k0
+2OLw0jKufwZhG0qkmzhUPX9fhXjB7TiAm/bJ7yyHh/A
+-> piv-p256 +y2G/w A5hWirVdDPfSbl0X5gUF+ah2fvtLIg2Q6xQD471tWd74
+oMLINAjt68FQGoM8KIDkgXG5yeOoZF/BJ4LkOSc9Cgc
+-> piv-p256 jNqd3A AktamVhuado6Z/OVaiEwywK9UkBlTrwBY9kgtFi3bPtf
+kZ91Ztn5FtcfLwXjezGx+tT2NEgwBm8aiEZ+lYLaY/A
+--- ymPZJ07orh8AKprqAg7W7sFYrwz2siJRr9kcWdYrZOk
+Í*Ó«„ñµVY* 0u¦gmBÝØŸï$ƒ÷Òá_€m~×¨eÑY‹q‘“Ä·
\ No newline at end of file