add password to users

2025-11-23 21:52:13 +01:00 · 2025-11-23 21:52:13 +01:00 · 0fb755d91b
commit 0fb755d91b
parent 48bb58e1bc
5 changed files with 52 additions and 39 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -10,3 +10,4 @@ creation_rules:
        - *admin_fw
        - *server_desktop
        - *server_macmini
+        - *server_legacy
--- a/maskiner/legacy/configuration.nix
+++ b/maskiner/legacy/configuration.nix
@ -10,7 +10,7 @@
  ...
 }:
 let
-  theme = "latte";
+  theme = "mocha";
 in
 {
  imports = [
--- a/moduler/base.nix
+++ b/moduler/base.nix
@ -6,6 +6,9 @@
  ...
 }:
 {
+  sops.defaultSopsFile = ../secrets/sops.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
  nixpkgs = {
    config = {
      allowUnfree = true;
@ -49,11 +52,8 @@
      efi = {
        canTouchEfiVariables = true;
      };
-      systemd-boot.enable = true;
-      grub = {
-        efiSupport = true;
-        efiInstallAsRemovable = true;
-        device = "nodev";
+      systemd-boot = {
+        enable = true;
      };
    };
  };
@ -67,10 +67,19 @@
      		fi
      	  '';
  };
-  environment.etc = lib.mapAttrs' (name: value: {
-    name = "nix/path/${name}";
-    value.source = value.flake;
-  }) config.nix.registry;
+  environment = {
+    etc = lib.mapAttrs' (name: value: {
+      name = "nix/path/${name}";
+      value.source = value.flake;
+    }) config.nix.registry;
+
+    sessionVariables = {
+      EDITOR = "nvim";
+      VISUAL = "nvim";
+      TERM = "xterm-256color";
+    };
+
+  };

  virtualisation = {
    docker = {
@ -79,12 +88,6 @@
    };
  };

-  environment.sessionVariables = {
-    EDITOR = "nvim";
-    VISUAL = "nvim";
-    TERM = "xterm-256color";
-  };
-
  time.timeZone = "Europe/Stockholm";

  fonts.packages = with pkgs; [
@ -108,12 +111,9 @@

  console.keyMap = "sv-latin1";

-  programs.bat = {
-    enable = true;
-  };
-
  services.tailscale.enable = true;
  networking = {
+    nftables.enable = true;
    networkmanager.enable = true;
    firewall = {
      checkReversePath = "loose";
--- a/moduler/users.nix
+++ b/moduler/users.nix
@ -4,11 +4,13 @@
  ...
 }:
 {
+  sops.secrets.user-password = { };
  users = {
    defaultUserShell = pkgs.bash;
+    mutableUsers = false;
    users = {
      fw = {
-        initialPassword = "password";
+        hashedPasswordFile = config.sops.secrets.user-password.path;
        isNormalUser = true;
        description = "Fredrik Wastring";
        extraGroups = [
@ -20,7 +22,7 @@
        ];
        openssh.authorizedKeys = {
          keys = [
-			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFpJBGPIfPB1BwSG7aoKqwfccyZSaU7J3xpJ8behMp9N fw@core"
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFpJBGPIfPB1BwSG7aoKqwfccyZSaU7J3xpJ8behMp9N fw@core"
          ];
        };
      };
--- a/secrets/sops.yaml
+++ b/secrets/sops.yaml
@ -6,36 +6,46 @@ smtp_password: ENC[AES256_GCM,data:h1K973qeehIIATdoqFhrLiY7XiU=,iv:ltrsG9KZ8rQuS
 forgejo-admin-password: ENC[AES256_GCM,data:FuDfqjeQ2T5KcOO1BQ==,iv:ueX7XjbiChuwfYm1B/MJvJaYdWbCmoIs91lj9h9uFYE=,tag:qUszDTRZklwSKrS0PpJhTA==,type:str]
 forgejo-runner-token: ENC[AES256_GCM,data:1AUeTy5Sqoa4u5L/TGjt/v69p2xF/mp0oXVv08TA+squzRVW9/t40xfY2yD8HQ==,iv:uWf9jKIIsajh362vY2NBw8od+iOFGfIQ7NJVFgjWlBw=,tag:hCOzvSKoDbKCGceqNkRx7g==,type:str]
 gotify_password: ENC[AES256_GCM,data:Tl9T9yxKSyiemmc5B7kCdwYYHB9anenBg8epFNGqu7sa8YfaZNH9HfTdBtqELIcAkkyfoJUj9tOhxcfa1lDasahJC/8VF0jx6tjsgmTJORAwQa/8,iv:bEtG/ICTqqK3E+YXysDLV/uyawoeILKH+mQXTLOcWpk=,tag:dPqm74eH/Gt9Eg0lv2ptEw==,type:str]
+user-password: ENC[AES256_GCM,data:cngHqB2IQXVvSMwm5KJeq6wOQMQ4z/DWap3YMyahq2fz8R2CKHackaNY4K3dltXKSLv5zdelyHMf4u7gzuPTMO1yNRIG99C9Yg==,iv:6WZ/dUQwn6+TPXnSEvDVS0DZz0oz7vMvKAioqYzvf0c=,tag:xVoCF0L490nZi/xYTI0klw==,type:str]
 sops:
    age:
        - recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdUw2TU9XcEFlTkxnT0lj
-            S2lodU5BQ1U0QU11ZmcrZUNJWEVNSERPK2trCnZHVDZxR3FVckdsdGNTVTJ5aE9p
-            SlhuV2NldHN3c0xOR1prMlM3SEhJNEEKLS0tIC9YaS8zcEVqMW1jWUFBTXBVbGFG
-            bzMxUUY2ODZhaUtjSUJjM3BWVjU5cDQKx5PhabRSkrIvKhYnvkjc2chQeEXcb2xd
-            mta6liWOXfn2VRnWAeEKCIJq/x6wNSBsNeQK0IRWxPGNCfJdtoos4w==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudE1wcXlEU0VNTEUranB2
+            ZDV5Vm9kdmU1RXBVOWdpLzdRR0NPQTZsUG13CklMYlJ0RXo5VnBGMzc2MUh4bTlM
+            Ny8zQzlhVGZhQWRRUFlwOGhPS2ZjQ28KLS0tIGFmUnVQRXhDTlZ2WjZ2K2N2WlhQ
+            MmR4WVhJVUwvRHdYNTdyd2Y2cUZ6Z2MKVP+HttSFnJ/IlEk3/YBzlV7xDADa/MKr
+            xtQQH4tSMFASNuoRZvADJ7evauei9Az63qD9vawUuOHc1wwr7ZWc2A==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age106ml0ssx0p24dvfamp322myzka4wzeze9yhzyvtptp9c6fmmru6slswh2x
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjNkxwMksxV21tVDJSL0JI
-            dGc1UEJZS3VvNTh3WnZkTW9LeFpqSGwzVVdVCnIzOW1oTnFvSnZRUWhvdzIzdVlB
-            OUlBTU1DeHplS0RRTkc1MlNIZk9DVzAKLS0tIHZxcmVqbGlVMm9Bai9VRW9qc0xS
-            bEVJNU5NbXgvNTBzN202MTdQeHlUeEkKIV3jTYkl8/3C1TQA+AjYpmjLZc7TgFI6
-            ZkhP/CzYcPoRt4KHOrY/cROPAPDj4uki3RF+yyTxAsTKn8BBLSRjxQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMjJOM3NkUVdaZldnOVNa
+            MlBQUy9ZOUEvUXZxUzhodUZJM1l3MVBaKzBrClY5SUFFMHp0T1RJTzNXTHl1Qm1t
+            U01ZQ1lOVE1RTTFqMHhWcnA5MnVUR2MKLS0tIHREQzFZaFBJSFlvRzI5ZTU2RjJo
+            VGt2VmdYZlVpQWl2Rjh1NERXVzBXSWMKIT4CMDoEvT+vwZF2suMy3NCeLhSnLjdo
+            bQOMwNdTqnpAhYdNTRtyEe6SwGaPahLEbH1uX3cgBE8ULL4ylV0TZg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1dql5lwetk39a9y8ummfgjx3aym02yn205lxk389k6q0tu9y3ff4s94l66t
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsYktrK1BmZjhQY216MWxH
-            aHJBRGFHMWVXQWUrZS90dEpQeXZzU1grWm1VClhnTVYrR2tabU5LWFc1ZmgwY1dF
-            M0lFOU1hd1gxTFJPaDBGV2hIbW16WWsKLS0tIExCSGVPM1Jsb1R1VFNTTXRpalBK
-            OU8yT0cvcnZMMXphMFVHSXpHNjc4dEkKyXiwholsJthB9O7onb0buF6qHNVNZA3s
-            A2+HSl5P0HCyaZhDIDBFdaUL2r0CHKOPCN3Lrd5+Rirnx48RnDxwBA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMTZFOVV0Nk4xbzgzRFhn
+            R3VKN1IzL01HUmovNlJ3SVlvcmVQWWYyZlNVCmR2V1M0c1pDSnZubFBJZ2pvY2FN
+            ZG1iT0NFenBadHJyclVkcG1KcERiQ0EKLS0tIDlacDFzanNQVjdPTlFaNnhXa1VV
+            WnpRZmllcWcvOGNqOGwzbHl0aU5KUjgKM8EaFEIfmj1DT3p1SLHf4paww0jm06WI
+            lsiCx2/Udi1MDM541KkBvCV5riktxgU4Lu2vF5b4RnuS95g/8G58wA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-18T13:28:36Z"
-    mac: ENC[AES256_GCM,data:EaPrjK/m7g+8Vu6vDEzE5nObAWmMXwDEarFEiaoEXh4/tBcAjdhNaYPpGUhfh0NSppTFbkr2ZZKm+m9rTO1J8IeBZMC0FfcFu+34Mz1sL6mozBZX8nynIW3V9bbPKaq2mPd4To1HmphdIpRj72xzYzIzL5fJQxmT8Q4hI6qa5wk=,iv:PvMl479LK7v5hKJ5Ho/kPyajQ/49H+8UqVTre48NxqU=,tag:IE9QCsnhmzamkgX21OCLFA==,type:str]
+        - recipient: age1kf93dpuqhu0a90s49sszgw64mn32hwgrm8suv799ca4ngrkecpqs8ljzk8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOTF6NXAzcktDRjhTaGdW
+            S3dDakhxZzNPR1QyVnZ4dXU4cVJLaWk2S1drCjFLNmdtLzFxRkJWWmhmeVZOUjA3
+            VDhudVFOWjBkblRJSEhyMC93NUNHTEEKLS0tIGZBeENxallvTXB4VWcrdHhOeUpv
+            ay84Q2w0NFlVb0FaNkxKN2t1UDVhejgKx+0w5vbpNzCRRaT/wQRO3JGkIbmn+NvE
+            ZI78XtBJvAwAY6P0tm01rC1wRDGA86wCu52CaOH7cro2zDk/ipZe5g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-11-23T20:46:06Z"
+    mac: ENC[AES256_GCM,data:eI8l+uMRZgS4w/73TN6e4b1wrkyhpNj/HKl1+znEmNyybrwdHLBOxu5XZ9cBA9UbFuZm/U3UxhKLiZncu1bWuFT7eS3IcG/G3wVHyPJR1psJ1Gi+zp1455AUhclRXYc9lEqMe34m9LW+JnXcf3LNQAOJOkits45GS35WhFt/6bI=,iv:qmlB/ehisy4Sw9b1mAvstJ/jHZgUhiHDNr6xHp1z57E=,tag:utTSn3qdufYBQP20WQmiwg==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0