zaphyra's git: nixfiles

zaphyra and void's nixfiles

commit 7f236ea1f7dbe4a64f1aaf3b69637bb8d71ad1d9
parent d001e1e5c86de8f6a64911ab0200ac8452df6d88
Author: Katja (ctucx) <git@ctu.cx>
Date: Fri, 16 May 2025 11:41:14 +0200

nixosModules/users/katja: move hashedPassword to sops secrets

2 files changed, 47 insertions(+), 1 deletion(-)
M
nixosModules/sapphicCfg/users/katja.nix
|
7
++++++-
A
secrets/common.yaml
|
41
+++++++++++++++++++++++++++++++++++++++++
diff --git a/nixosModules/sapphicCfg/users/katja.nix b/nixosModules/sapphicCfg/users/katja.nix
@@ -19,10 +19,15 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    sops.secrets.katjaPassword = {
+      neededForUsers = true;
+      sopsFile = ../../../secrets/common.yaml;
+    };
+
     users.users.katja = {
       uid = 1001;
       description = "Katja";
-      hashedPassword = "$2b$17$lEBNemC7U5ng8asEgje2/.TfeMjzaaZ7jyCfaYtvfoiW0sSSI9jNy";
+      hashedPasswordFile = config.sops.secrets.katjaPassword.path;
       isNormalUser = true;
       extraGroups = [
         "wheel"

diff --git a/secrets/common.yaml b/secrets/common.yaml
@@ -0,0 +1,41 @@
+katjaPassword: ENC[AES256_GCM,data:JrW2Pyd3rkvc3qz59m9ftHFOTX0GM9uNEkfRIoIdyJv3xLLG2JNRoL+mUm2/fzhaAyfHCX6xxt7yXuy0,iv:Qir8r6omlkeG22z2AoO4p4XwLPMGAhXrB2IOrcMkoUM=,tag:9jlRV6Xj4GjvyY4dZ6KNhA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age12dxnl4upy7agngqztrnp6wnz5jcq4fp06nxngah9n7umr4v90cvs677azg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLK1EydFhjc05HaG9FWjQ3
+            dFp3cDlvWFAxN2lJbXI0NGhFcEN6dVZLd24wCkFnQUJKSFdiejVKVEl2S2dpN1RM
+            bGFvU2tBdUlVTXNHWFFlSUlxKy8zWjAKLS0tIEtQZkk2WjhNazN5a3ViVUV5OEZ3
+            b284Wm5yaTVFeUEzem1GMzFJdVJEWFkK4kXzLEaiIjCDQv/FmDF2PcptIGf0FDtv
+            8xcxsSVRqWiiPWVNGaZvle3kJzc7p4kWJHriaMlCGiSfVC+j08eOXQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-05-16T09:38:14Z"
+    mac: ENC[AES256_GCM,data:YvXjEXsAfapf0B19Zp2uwO/clb75alcSMXJeQGEWs+XfJYmUOb0dKOonNtQPkFg5adBzKixj3xolhJNSLqXFWk8RRd9tymPCRYDZn+4AcuwRtDld52NBnDTSSg2rBOZpHO9Cq7CI7LlUGMHMNIJWKs6ddwm/ATPpTQU/jj9kIU8=,iv:eLPc5pKUiY/5eTImRsrp4YVIcwqePxNj8Kd1o3stssU=,tag:RfnKY87oJg0aLLQBUhIitA==,type:str]
+    pgp:
+        - created_at: "2025-05-16T08:51:23Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAzmqVs6bjEjqAQ//QIQaXIj1eLEmCNIA9opj4ZTYvifstOF7KrHT5DLTY3W/
+            QPvzluc8cNoCukv6DWI0m1PMvJVWBgKJRjXsVuPxxqdKY/EKgu0RUmTC/2B3liK7
+            XQlwta0sZsBmP+BlWi/bz8FThumM9sIlGx6xNdruwPr1JYDT8wBFf4OH04OqO4/5
+            onQhdwuvlRQGzbBOao0iLV2DOuDniM/0dWkLKlX02ytkaLz7+yHkhBdMQy11SAJ6
+            lUmLcYIC2TzFumEn4RzDVoFj/qJopprhENbq2lF+Q/OCZfpgiA3PK2JGZ9ZJUkXJ
+            94YhT9t/Tvu6r66bfMzDfUK9h7M6fY03+opHdmAak5QfTcw8uOVgY3Z16Za4dmOM
+            vwWeqb/bgSTt+Y8Sch63mG9l+Dp3aRbnejU+YhWAguHBnRNPVt/EaWta6KTxoVIw
+            ATNGSyMIAMqNYTwDOFcXo5xg8x5KRetzYO3F95xy13/6ymxwhpbb53JdEMq6DUQZ
+            qtmETCgCBL6kBOWwTqcgQ5BEYmhWuBlhOcUlyJDAQGgD6+UkW3sdBGaeJnMmYK92
+            DKn7R1VtQM/9Ay6sIKDNL8Z3dkZMrAB57sKUAq1Xio1kLCtYHnhHRwxtDOJ8Gr2Y
+            l8jaM0j7rsDS0yh2XoHw7Cng3KPj4vUbRkmrwwoTZetBN1XURTASRGF8iU8qE2rS
+            XgGl+l52tahjcAHCVWhmy5XqoA7dowTo8FtbksJtP7+FN2fWkv35Qh5RxcrQ5Yny
+            MBk7AZloW0dNRaKDeNL9UyMMEHNM+Mj6qGSrL+mIE1RBtefLulFsT3wq6mdlWFw=
+            =pNqk
+            -----END PGP MESSAGE-----
+          fp: 9D7CACD7039E5AD616FD25879F935DB630A167E7
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4