mtworx: set real passwords

2024-03-18 17:46:17 +02:00 · 2024-03-18 17:46:17 +02:00 · f2998e7aeb
commit f2998e7aeb
parent c11edc3576
5 changed files with 42 additions and 13 deletions
--- a/flake.nix
+++ b/flake.nix
@ -186,14 +186,14 @@
            nixos-hardware.nixosModules.lenovo-thinkpad-x1-11th-gen
            nix-index-database.nixosModules.nix-index

-            #agenix.nixosModules.default
-            #{
-            #  age.secrets = {
-            #    motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
-            #    root-passwd-hash.file = ./secrets/root_passwd_hash.age;
-            #    sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
-            #  };
-            #}
+            agenix.nixosModules.default
+            {
+              age.secrets = {
+                motiejus-work-passwd-hash.file = ./secrets/motiejus_work_passwd_hash.age;
+                root-work-passwd-hash.file = ./secrets/root_work_passwd_hash.age;
+                #sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
+              };
+            }
          ];

          specialArgs = {inherit myData;} // inputs;
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@ -1,6 +1,6 @@
 {
  pkgs,
-  #config,
+  config,
  myData,
  ...
 }: let
@ -64,10 +64,8 @@ in {
    base.users = {
      enable = true;
      devTools = true;
-      root.initialPassword = "live";
-      user.initialPassword = "live";
-      #root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
-      #user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
+      root.hashedPasswordFile = config.age.secrets.root-work-passwd-hash.path;
+      user.hashedPasswordFile = config.age.secrets.motiejus-work-passwd-hash.path;
    };

    services = {
--- a/secrets.nix
+++ b/secrets.nix
@ -7,6 +7,7 @@ let
  };

  fwminex = (import ./data.nix).hosts."fwminex.motiejus.jakst".publicKey;
+  mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
  fra1-a = (import ./data.nix).hosts."fra1-a.servers.jakst".publicKey;
  vno1-oh2 = (import ./data.nix).hosts."vno1-oh2.servers.jakst".publicKey;
  vno1-op5p = (import ./data.nix).hosts."vno1-op5p.servers.jakst".publicKey;
@ -44,6 +45,10 @@ in
  // mk ([vno3-rp3b] ++ motiejus) [
    "secrets/vno3-rp3b/datapool-passphrase.age"
  ]
+  // mk ([mtworx] ++ motiejus) [
+    "secrets/motiejus_work_passwd_hash.age"
+    "secrets/root_work_passwd_hash.age"
+  ]
  // mk (systems ++ motiejus) [
    "secrets/motiejus_passwd_hash.age"
    "secrets/root_passwd_hash.age"
--- a/secrets/motiejus_work_passwd_hash.age
+++ b/secrets/motiejus_work_passwd_hash.age
@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 9Chcgw vg3W53xW09Vj/d3KxV7f1ON+a+FnmLMYzW+dC/zHkyg
+KtUcTwHa+WNt+g1cfB5qXT2SIBh1ysrXhlweHDnbJFU
+-> X25519 y50G92FjN3/2mw35luKw4jcKUGdUsF93wcROe4rArlE
+gobgcFB4lLDvG3CRBnoHcwOg8uy4eVW+H8OAgWY5PuU
+-> X25519 r+uUjbZ8KUiTy9v3wh1VimRcIgIPliLvSVAvn1WhXhg
+nEONILHeRRbYyolcZxa1xmX59/nRrr1VBHofHlv8fKo
+-> piv-p256 +y2G/w AzshVf1h1wwccMCaoA4ecA7DFCGpjvQzbSF3ba9BSyzf
+QG9joDdEaTwm1jOJcpPjOjF1hcbpWW6R1XauVqftwRo
+-> piv-p256 jNqd3A AmuFCf9f+HQD60WNmfgJKVXT75h03R3pV8sy2qJtfgWY
+kxwEeP6c/yuSiYIeI442lmJFh2ndiPhHgvtQ2jopOgw
+--- /WYmyrdPD9FPxGcnLEyB0v/6FF8z3gBluRUvuCHZ1Hg
+ç6<EFBFBD>G;Ü2øÎg°ZAP%\ŸÆ#ÛcXìw?ËiÂ—ùn³ùyÒ.|ÚÖ
--- a/secrets/root_work_passwd_hash.age
+++ b/secrets/root_work_passwd_hash.age
@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 9Chcgw xHFdtAcqXP8liBH6d0f4YMnJr40Dc28DEfHdaoc5URQ
+7zUFLDvPKLPps8m5QDAq6ihGOgNRWpUWUWsP3Qx36lE
+-> X25519 coQ3u77ihjGH6LzhA/xOzUQNDluPd6BohBKFvn/B9Sc
+QQEyxuBqQjvZpbqEZddw0diqxPKL7q9wNmnw0wm3mQw
+-> X25519 eW5/HibxGv+Sr6yu11M6DL+nj9K24Y11HBeeJ3bo6k0
+2OLw0jKufwZhG0qkmzhUPX9fhXjB7TiAm/bJ7yyHh/A
+-> piv-p256 +y2G/w A5hWirVdDPfSbl0X5gUF+ah2fvtLIg2Q6xQD471tWd74
+oMLINAjt68FQGoM8KIDkgXG5yeOoZF/BJ4LkOSc9Cgc
+-> piv-p256 jNqd3A AktamVhuado6Z/OVaiEwywK9UkBlTrwBY9kgtFi3bPtf
+kZ91Ztn5FtcfLwXjezGx+tT2NEgwBm8aiEZ+lYLaY/A
+--- ymPZJ07orh8AKprqAg7W7sFYrwz2siJRr9kcWdYrZOk
+Í*Ó«„ñµVY* 0u¦gmBÝØŸï$ƒ÷Òá_<>€m~×¨eÑY‹q‘“Ä<E2809C>·