add password to users
This commit is contained in:
fwastring
parent
48bb58e1bc
commit
0fb755d91b
5 changed files with 52 additions and 39 deletions
|
|
@ -10,3 +10,4 @@ creation_rules:
|
||||||
- *admin_fw
|
- *admin_fw
|
||||||
- *server_desktop
|
- *server_desktop
|
||||||
- *server_macmini
|
- *server_macmini
|
||||||
|
- *server_legacy
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
theme = "latte";
|
theme = "mocha";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,9 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
|
sops.defaultSopsFile = ../secrets/sops.yaml;
|
||||||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
config = {
|
config = {
|
||||||
allowUnfree = true;
|
allowUnfree = true;
|
||||||
|
|
@ -49,11 +52,8 @@
|
||||||
efi = {
|
efi = {
|
||||||
canTouchEfiVariables = true;
|
canTouchEfiVariables = true;
|
||||||
};
|
};
|
||||||
systemd-boot.enable = true;
|
systemd-boot = {
|
||||||
grub = {
|
enable = true;
|
||||||
efiSupport = true;
|
|
||||||
efiInstallAsRemovable = true;
|
|
||||||
device = "nodev";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -67,11 +67,20 @@
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
environment.etc = lib.mapAttrs' (name: value: {
|
environment = {
|
||||||
|
etc = lib.mapAttrs' (name: value: {
|
||||||
name = "nix/path/${name}";
|
name = "nix/path/${name}";
|
||||||
value.source = value.flake;
|
value.source = value.flake;
|
||||||
}) config.nix.registry;
|
}) config.nix.registry;
|
||||||
|
|
||||||
|
sessionVariables = {
|
||||||
|
EDITOR = "nvim";
|
||||||
|
VISUAL = "nvim";
|
||||||
|
TERM = "xterm-256color";
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
docker = {
|
docker = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -79,12 +88,6 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.sessionVariables = {
|
|
||||||
EDITOR = "nvim";
|
|
||||||
VISUAL = "nvim";
|
|
||||||
TERM = "xterm-256color";
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Stockholm";
|
time.timeZone = "Europe/Stockholm";
|
||||||
|
|
||||||
fonts.packages = with pkgs; [
|
fonts.packages = with pkgs; [
|
||||||
|
|
@ -108,12 +111,9 @@
|
||||||
|
|
||||||
console.keyMap = "sv-latin1";
|
console.keyMap = "sv-latin1";
|
||||||
|
|
||||||
programs.bat = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.tailscale.enable = true;
|
services.tailscale.enable = true;
|
||||||
networking = {
|
networking = {
|
||||||
|
nftables.enable = true;
|
||||||
networkmanager.enable = true;
|
networkmanager.enable = true;
|
||||||
firewall = {
|
firewall = {
|
||||||
checkReversePath = "loose";
|
checkReversePath = "loose";
|
||||||
|
|
|
||||||
|
|
@ -4,11 +4,13 @@
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
|
sops.secrets.user-password = { };
|
||||||
users = {
|
users = {
|
||||||
defaultUserShell = pkgs.bash;
|
defaultUserShell = pkgs.bash;
|
||||||
|
mutableUsers = false;
|
||||||
users = {
|
users = {
|
||||||
fw = {
|
fw = {
|
||||||
initialPassword = "password";
|
hashedPasswordFile = config.sops.secrets.user-password.path;
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "Fredrik Wastring";
|
description = "Fredrik Wastring";
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
|
|
|
||||||
|
|
@ -6,36 +6,46 @@ smtp_password: ENC[AES256_GCM,data:h1K973qeehIIATdoqFhrLiY7XiU=,iv:ltrsG9KZ8rQuS
|
||||||
forgejo-admin-password: ENC[AES256_GCM,data:FuDfqjeQ2T5KcOO1BQ==,iv:ueX7XjbiChuwfYm1B/MJvJaYdWbCmoIs91lj9h9uFYE=,tag:qUszDTRZklwSKrS0PpJhTA==,type:str]
|
forgejo-admin-password: ENC[AES256_GCM,data:FuDfqjeQ2T5KcOO1BQ==,iv:ueX7XjbiChuwfYm1B/MJvJaYdWbCmoIs91lj9h9uFYE=,tag:qUszDTRZklwSKrS0PpJhTA==,type:str]
|
||||||
forgejo-runner-token: ENC[AES256_GCM,data:1AUeTy5Sqoa4u5L/TGjt/v69p2xF/mp0oXVv08TA+squzRVW9/t40xfY2yD8HQ==,iv:uWf9jKIIsajh362vY2NBw8od+iOFGfIQ7NJVFgjWlBw=,tag:hCOzvSKoDbKCGceqNkRx7g==,type:str]
|
forgejo-runner-token: ENC[AES256_GCM,data:1AUeTy5Sqoa4u5L/TGjt/v69p2xF/mp0oXVv08TA+squzRVW9/t40xfY2yD8HQ==,iv:uWf9jKIIsajh362vY2NBw8od+iOFGfIQ7NJVFgjWlBw=,tag:hCOzvSKoDbKCGceqNkRx7g==,type:str]
|
||||||
gotify_password: ENC[AES256_GCM,data:Tl9T9yxKSyiemmc5B7kCdwYYHB9anenBg8epFNGqu7sa8YfaZNH9HfTdBtqELIcAkkyfoJUj9tOhxcfa1lDasahJC/8VF0jx6tjsgmTJORAwQa/8,iv:bEtG/ICTqqK3E+YXysDLV/uyawoeILKH+mQXTLOcWpk=,tag:dPqm74eH/Gt9Eg0lv2ptEw==,type:str]
|
gotify_password: ENC[AES256_GCM,data:Tl9T9yxKSyiemmc5B7kCdwYYHB9anenBg8epFNGqu7sa8YfaZNH9HfTdBtqELIcAkkyfoJUj9tOhxcfa1lDasahJC/8VF0jx6tjsgmTJORAwQa/8,iv:bEtG/ICTqqK3E+YXysDLV/uyawoeILKH+mQXTLOcWpk=,tag:dPqm74eH/Gt9Eg0lv2ptEw==,type:str]
|
||||||
|
user-password: ENC[AES256_GCM,data:cngHqB2IQXVvSMwm5KJeq6wOQMQ4z/DWap3YMyahq2fz8R2CKHackaNY4K3dltXKSLv5zdelyHMf4u7gzuPTMO1yNRIG99C9Yg==,iv:6WZ/dUQwn6+TPXnSEvDVS0DZz0oz7vMvKAioqYzvf0c=,tag:xVoCF0L490nZi/xYTI0klw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
age:
|
age:
|
||||||
- recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
|
- recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdUw2TU9XcEFlTkxnT0lj
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudE1wcXlEU0VNTEUranB2
|
||||||
S2lodU5BQ1U0QU11ZmcrZUNJWEVNSERPK2trCnZHVDZxR3FVckdsdGNTVTJ5aE9p
|
ZDV5Vm9kdmU1RXBVOWdpLzdRR0NPQTZsUG13CklMYlJ0RXo5VnBGMzc2MUh4bTlM
|
||||||
SlhuV2NldHN3c0xOR1prMlM3SEhJNEEKLS0tIC9YaS8zcEVqMW1jWUFBTXBVbGFG
|
Ny8zQzlhVGZhQWRRUFlwOGhPS2ZjQ28KLS0tIGFmUnVQRXhDTlZ2WjZ2K2N2WlhQ
|
||||||
bzMxUUY2ODZhaUtjSUJjM3BWVjU5cDQKx5PhabRSkrIvKhYnvkjc2chQeEXcb2xd
|
MmR4WVhJVUwvRHdYNTdyd2Y2cUZ6Z2MKVP+HttSFnJ/IlEk3/YBzlV7xDADa/MKr
|
||||||
mta6liWOXfn2VRnWAeEKCIJq/x6wNSBsNeQK0IRWxPGNCfJdtoos4w==
|
xtQQH4tSMFASNuoRZvADJ7evauei9Az63qD9vawUuOHc1wwr7ZWc2A==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age106ml0ssx0p24dvfamp322myzka4wzeze9yhzyvtptp9c6fmmru6slswh2x
|
- recipient: age106ml0ssx0p24dvfamp322myzka4wzeze9yhzyvtptp9c6fmmru6slswh2x
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjNkxwMksxV21tVDJSL0JI
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMjJOM3NkUVdaZldnOVNa
|
||||||
dGc1UEJZS3VvNTh3WnZkTW9LeFpqSGwzVVdVCnIzOW1oTnFvSnZRUWhvdzIzdVlB
|
MlBQUy9ZOUEvUXZxUzhodUZJM1l3MVBaKzBrClY5SUFFMHp0T1RJTzNXTHl1Qm1t
|
||||||
OUlBTU1DeHplS0RRTkc1MlNIZk9DVzAKLS0tIHZxcmVqbGlVMm9Bai9VRW9qc0xS
|
U01ZQ1lOVE1RTTFqMHhWcnA5MnVUR2MKLS0tIHREQzFZaFBJSFlvRzI5ZTU2RjJo
|
||||||
bEVJNU5NbXgvNTBzN202MTdQeHlUeEkKIV3jTYkl8/3C1TQA+AjYpmjLZc7TgFI6
|
VGt2VmdYZlVpQWl2Rjh1NERXVzBXSWMKIT4CMDoEvT+vwZF2suMy3NCeLhSnLjdo
|
||||||
ZkhP/CzYcPoRt4KHOrY/cROPAPDj4uki3RF+yyTxAsTKn8BBLSRjxQ==
|
bQOMwNdTqnpAhYdNTRtyEe6SwGaPahLEbH1uX3cgBE8ULL4ylV0TZg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1dql5lwetk39a9y8ummfgjx3aym02yn205lxk389k6q0tu9y3ff4s94l66t
|
- recipient: age1dql5lwetk39a9y8ummfgjx3aym02yn205lxk389k6q0tu9y3ff4s94l66t
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsYktrK1BmZjhQY216MWxH
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMTZFOVV0Nk4xbzgzRFhn
|
||||||
aHJBRGFHMWVXQWUrZS90dEpQeXZzU1grWm1VClhnTVYrR2tabU5LWFc1ZmgwY1dF
|
R3VKN1IzL01HUmovNlJ3SVlvcmVQWWYyZlNVCmR2V1M0c1pDSnZubFBJZ2pvY2FN
|
||||||
M0lFOU1hd1gxTFJPaDBGV2hIbW16WWsKLS0tIExCSGVPM1Jsb1R1VFNTTXRpalBK
|
ZG1iT0NFenBadHJyclVkcG1KcERiQ0EKLS0tIDlacDFzanNQVjdPTlFaNnhXa1VV
|
||||||
OU8yT0cvcnZMMXphMFVHSXpHNjc4dEkKyXiwholsJthB9O7onb0buF6qHNVNZA3s
|
WnpRZmllcWcvOGNqOGwzbHl0aU5KUjgKM8EaFEIfmj1DT3p1SLHf4paww0jm06WI
|
||||||
A2+HSl5P0HCyaZhDIDBFdaUL2r0CHKOPCN3Lrd5+Rirnx48RnDxwBA==
|
lsiCx2/Udi1MDM541KkBvCV5riktxgU4Lu2vF5b4RnuS95g/8G58wA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-10-18T13:28:36Z"
|
- recipient: age1kf93dpuqhu0a90s49sszgw64mn32hwgrm8suv799ca4ngrkecpqs8ljzk8
|
||||||
mac: ENC[AES256_GCM,data:EaPrjK/m7g+8Vu6vDEzE5nObAWmMXwDEarFEiaoEXh4/tBcAjdhNaYPpGUhfh0NSppTFbkr2ZZKm+m9rTO1J8IeBZMC0FfcFu+34Mz1sL6mozBZX8nynIW3V9bbPKaq2mPd4To1HmphdIpRj72xzYzIzL5fJQxmT8Q4hI6qa5wk=,iv:PvMl479LK7v5hKJ5Ho/kPyajQ/49H+8UqVTre48NxqU=,tag:IE9QCsnhmzamkgX21OCLFA==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOTF6NXAzcktDRjhTaGdW
|
||||||
|
S3dDakhxZzNPR1QyVnZ4dXU4cVJLaWk2S1drCjFLNmdtLzFxRkJWWmhmeVZOUjA3
|
||||||
|
VDhudVFOWjBkblRJSEhyMC93NUNHTEEKLS0tIGZBeENxallvTXB4VWcrdHhOeUpv
|
||||||
|
ay84Q2w0NFlVb0FaNkxKN2t1UDVhejgKx+0w5vbpNzCRRaT/wQRO3JGkIbmn+NvE
|
||||||
|
ZI78XtBJvAwAY6P0tm01rC1wRDGA86wCu52CaOH7cro2zDk/ipZe5g==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-11-23T20:46:06Z"
|
||||||
|
mac: ENC[AES256_GCM,data:eI8l+uMRZgS4w/73TN6e4b1wrkyhpNj/HKl1+znEmNyybrwdHLBOxu5XZ9cBA9UbFuZm/U3UxhKLiZncu1bWuFT7eS3IcG/G3wVHyPJR1psJ1Gi+zp1455AUhclRXYc9lEqMe34m9LW+JnXcf3LNQAOJOkits45GS35WhFt/6bI=,iv:qmlB/ehisy4Sw9b1mAvstJ/jHZgUhiHDNr6xHp1z57E=,tag:utTSn3qdufYBQP20WQmiwg==,type:str]
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.11.0
|
version: 3.11.0
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue